From a54cccbc40a838c74bfaaafedeef10b014cfc300 Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 9 Apr 2023 11:32:58 +0300 Subject: [PATCH 001/124] update --- .../Integrations/EWSv2/EWSv2.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index d7a3a5ac5634..c127cbb6d488 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -7,7 +7,7 @@ import dateparser # type: ignore import exchangelib from CommonServerPython import * -from cStringIO import StringIO +from io import StringIO #python3 change from exchangelib import (BASIC, DELEGATE, DIGEST, IMPERSONATION, NTLM, Account, Body, Build, Configuration, Credentials, EWSDateTime, EWSTimeZone, FileAttachment, Folder, HTMLBody, @@ -22,7 +22,7 @@ ResponseMessageError, TransportError) from exchangelib.items import Contact, Item, Message from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter -from exchangelib.services import EWSAccountService, EWSService +from exchangelib.services import EWSAccountService, EWSService #exchangelib change - from exchangelib.services.common import EWSAccountService from exchangelib.util import add_xml_child, create_element from exchangelib.version import (EXCHANGE_2007, EXCHANGE_2010, EXCHANGE_2010_SP2, EXCHANGE_2013, @@ -30,12 +30,13 @@ from future import utils as future_utils from requests.exceptions import ConnectionError -# Define utf8 as default encoding -reload(sys) -sys.setdefaultencoding('utf8') # pylint: disable=E1101 +#python3 change +# # Define utf8 as default encoding +# reload(sys) +# sys.setdefaultencoding('utf8') # pylint: disable=E1101 -# Ignore warnings print to stdout -warnings.filterwarnings("ignore") +# # Ignore warnings print to stdout +# warnings.filterwarnings("ignore") # Docker BC MNS = None @@ -43,7 +44,7 @@ if exchangelib.__version__ == "1.12.0": MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS else: - MNS, TNS = exchangelib.transport.MNS, exchangelib.transport.TNS # pylint: disable=E1101 + MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS # pylint: disable=E1101 #exchangelib change # consts VERSIONS = { From e495ecdc32765e5acf20ce30e268a568483c25c1 Mon Sep 17 00:00:00 2001 From: ostolero Date: Thu, 27 Apr 2023 12:33:29 +0300 Subject: [PATCH 002/124] test --- .../Integrations/EWSv2/EWSv2.py | 43 +++++++++++++------ .../Integrations/EWSv2/EWSv2.yml | 8 ++-- 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index c127cbb6d488..c3efcb562d68 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -7,7 +7,7 @@ import dateparser # type: ignore import exchangelib from CommonServerPython import * -from io import StringIO #python3 change +from io import StringIO #python3 change from exchangelib import (BASIC, DELEGATE, DIGEST, IMPERSONATION, NTLM, Account, Body, Build, Configuration, Credentials, EWSDateTime, EWSTimeZone, FileAttachment, Folder, HTMLBody, @@ -21,13 +21,14 @@ ErrorNameResolutionNoResults, RateLimitError, ResponseMessageError, TransportError) from exchangelib.items import Contact, Item, Message -from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter -from exchangelib.services import EWSAccountService, EWSService #exchangelib change - from exchangelib.services.common import EWSAccountService +from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter, Protocol +from exchangelib.services import EWSService +from exchangelib.services.common import EWSAccountService from exchangelib.util import add_xml_child, create_element from exchangelib.version import (EXCHANGE_2007, EXCHANGE_2010, EXCHANGE_2010_SP2, EXCHANGE_2013, - EXCHANGE_2016) -from future import utils as future_utils + EXCHANGE_2016, EXCHANGE_2019) +# from future import utils as future_utils # removed for new docker, revert from requests.exceptions import ConnectionError #python3 change @@ -35,8 +36,8 @@ # reload(sys) # sys.setdefaultencoding('utf8') # pylint: disable=E1101 -# # Ignore warnings print to stdout -# warnings.filterwarnings("ignore") +# Ignore warnings print to stdout +warnings.filterwarnings("ignore") # Docker BC MNS = None @@ -52,7 +53,8 @@ '2010': EXCHANGE_2010, '2010_SP2': EXCHANGE_2010_SP2, '2013': EXCHANGE_2013, - '2016': EXCHANGE_2016 + '2016': EXCHANGE_2016, + '2019': EXCHANGE_2019 } ATTACHMENT_ID = "attachmentId" @@ -586,6 +588,15 @@ def filter_dict_null(d): # pragma: no cover return d +def is_empty_object(obj): + size = 0 + if isinstance(obj, map): + size = obj.__sizeof__ + else: + size = len(obj) + return size == 0 + + def get_attachment_name(attachment_name): # pragma: no cover if attachment_name is None or attachment_name == "": return 'demisto_untitled_attachment' @@ -593,7 +604,7 @@ def get_attachment_name(attachment_name): # pragma: no cover def get_entry_for_object(title, context_key, obj, headers=None): # pragma: no cover - if len(obj) == 0: + if is_empty_object(obj): return "There is no output results" obj = filter_dict_null(obj) if isinstance(obj, list): @@ -785,7 +796,10 @@ def call(self): if self.protocol.version.build < EXCHANGE_2013: raise NotImplementedError('%s is only supported for Exchange 2013 servers and later' % self.SERVICE_NAME) elements = self._get_elements(payload=self.get_payload()) - return map(lambda x: self.parse_element(x), elements) + res = [] + for e in elements: + res.append(self.parse_element(e)) + return res def get_payload(self): element = create_element( @@ -997,9 +1011,10 @@ def fetch_last_emails(account, folder_name='Inbox', since_datetime=None, exclude if len(result) >= MAX_FETCH: break except ValueError as exc: - future_utils.raise_from(ValueError( - 'Got an error when pulling incidents. You might be using the wrong exchange version.' - ), exc) + # future_utils.raise_from(ValueError( + # 'Got an error when pulling incidents. You might be using the wrong exchange version.' + # ), exc) + raise exc demisto.debug('EWS V2 - Got total of {} from ews query. '.format(len(result))) return result @@ -2284,7 +2299,7 @@ def get_protocol(): # pragma: no cover if AUTO_DISCOVERY: protocol = get_account_autodiscover(ACCOUNT_EMAIL).protocol else: - protocol = config.protocol # type: ignore + protocol = Protocol(config=config) # type: ignore return protocol diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index e88bc82d503b..b60b1bf34cd6 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -3,7 +3,7 @@ sectionorder: - Connect - Collect commonfields: - id: EWS v2 + id: EWS_v2_2019_version version: -1 configuration: - display: Email address @@ -122,8 +122,8 @@ configuration: section: Connect advanced: true description: Exchange Web Services and Office 365 (mail) -display: EWS v2 -name: EWS v2 +display: EWS_v2_2019_version +name: EWS_v2_2019_version script: commands: - arguments: @@ -1285,7 +1285,7 @@ script: description: Replies to an email using EWS. execution: false name: reply-mail - dockerimage: demisto/py-ews:1.0.0.49868 + dockerimage: demisto/py3ews:1.0.0.55239 feed: false isfetch: true longRunning: false From ee9a5c5a44e8f47063ce9bf1ad0ad6ddc8a29a31 Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 21 May 2023 16:50:26 +0300 Subject: [PATCH 003/124] changes --- .../Integrations/EWSv2/EWSv2.py | 159 +++++++++--------- .../Integrations/EWSv2/EWSv2.yml | 4 +- 2 files changed, 85 insertions(+), 78 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index c3efcb562d68..9ec82bf6ec83 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -28,13 +28,21 @@ from exchangelib.version import (EXCHANGE_2007, EXCHANGE_2010, EXCHANGE_2010_SP2, EXCHANGE_2013, EXCHANGE_2016, EXCHANGE_2019) + +#remove! +from exchangelib import Folder +Folder.FIELDS = [f for f in Folder.FIELDS if f.name != 'permission_set'] + # from future import utils as future_utils # removed for new docker, revert from requests.exceptions import ConnectionError -#python3 change -# # Define utf8 as default encoding -# reload(sys) -# sys.setdefaultencoding('utf8') # pylint: disable=E1101 + +class exchangelibSSLAdapter(SSLAdapter): + def cert_verify(self, conn, url, verify, cert): + # pylint: disable=unused-argument + # We're overriding a method, so we have to keep the signature + super().cert_verify(conn=conn, url=url, verify=False, cert=cert) + # Ignore warnings print to stdout warnings.filterwarnings("ignore") @@ -335,7 +343,7 @@ # NOTE: Same method used in EWSMailSender # If you are modifying this probably also need to modify in the other file def exchangelib_cleanup(): # pragma: no cover - key_protocols = exchangelib.protocol.CachingProtocol._protocol_cache.items() + key_protocols = list(exchangelib.protocol.CachingProtocol._protocol_cache.items()) try: exchangelib.close_connections() except Exception as ex: @@ -367,7 +375,7 @@ def get_auth_method(auth_method): # pragma: no cover def get_build(version_str): # pragma: no cover if version_str not in VERSIONS: - raise Exception("%s is unsupported version: %s. Choose one of" % (version_str, "\\".join(VERSIONS.keys()))) + raise Exception("%s is unsupported version: %s. Choose one of" % (version_str, "\\".join(list(VERSIONS.keys())))) return VERSIONS[version_str] @@ -382,7 +390,7 @@ def get_endpoint_autodiscover(context_dict): # pragma: no cover def get_version(version_str): if version_str not in VERSIONS: - raise Exception("%s is unsupported version: %s. Choose one of" % (version_str, "\\".join(VERSIONS.keys()))) + raise Exception("%s is unsupported version: %s. Choose one of" % (version_str, "\\".join(list(VERSIONS.keys())))) return Version(VERSIONS[version_str]) @@ -410,7 +418,7 @@ def prepare_context(credentials): # pragma: no cover except AutoDiscoverFailed: return_error("Auto discovery failed. Check credentials or configure manually") except Exception as e: - return_error(e.message) + return_error(str(e)) else: SERVER_BUILD = get_build_autodiscover(context_dict) EWS_SERVER = get_endpoint_autodiscover(context_dict) @@ -418,7 +426,7 @@ def prepare_context(credentials): # pragma: no cover def prepare(): # pragma: no cover if NON_SECURE: - BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter + BaseProtocol.HTTP_ADAPTER_CLS = exchangelibSSLAdapter else: BaseProtocol.HTTP_ADAPTER_CLS = requests.adapters.HTTPAdapter @@ -574,17 +582,17 @@ def repr3(self): def str_to_unicode(obj): # pragma: no cover if isinstance(obj, dict): - obj = {k: str_to_unicode(v) for k, v in obj.iteritems()} + obj = {k: str_to_unicode(v) for k, v in list(obj.items())} elif isinstance(obj, list): - obj = map(str_to_unicode, obj) + obj = [str_to_unicode(k) for k in obj] elif isinstance(obj, str): - obj = unicode(obj, "utf-8") + obj = obj.encode("utf-8") return obj def filter_dict_null(d): # pragma: no cover if isinstance(d, dict): - return dict((k, v) for k, v in d.items() if v is not None) + return dict((k, v) for k, v in list(d.items()) if v is not None) return d @@ -608,7 +616,7 @@ def get_entry_for_object(title, context_key, obj, headers=None): # pragma: return "There is no output results" obj = filter_dict_null(obj) if isinstance(obj, list): - obj = map(filter_dict_null, obj) + obj = [filter_dict_null(k) for k in obj] if headers and isinstance(obj, dict): headers = list(set(headers).intersection(set(obj.keys()))) @@ -627,14 +635,14 @@ def get_entry_for_object(title, context_key, obj, headers=None): # pragma: def get_items_from_mailbox(account, item_ids): # pragma: no cover if type(item_ids) is not list: item_ids = [item_ids] - items = map(lambda x: Item(item_id=x), item_ids) + items = [Item(id=x) for x in item_ids] result = list(account.fetch(ids=items)) result = [x for x in result if not (isinstance(x, ErrorItemNotFound) or isinstance(x, ErrorInvalidIdMalformed))] if len(result) != len(item_ids): raise Exception("One or more items were not found/malformed. Check the input item ids") - if exchangelib.__version__ != "1.12.0": # Docker BC - for item in result: - item.folder = Folder(account=account) + # if exchangelib.__version__ != "1.12.0": # Docker BC + # for item in result: + # item.folder = Folder(account=account) return result @@ -660,6 +668,7 @@ def is_default_folder(folder_path, is_public): # pragma: no cover def get_folder_by_path(account, path, is_public=False): # pragma: no cover # handle exchange folder id + demisto.debug(f'args: {account=}, {path=}, {is_public=}') if len(path) == 120: folders_map = account.root._folders_map if path in folders_map: @@ -667,7 +676,7 @@ def get_folder_by_path(account, path, is_public=False): # pragma: no cover if is_public: folder_result = account.public_folders_root - elif path == u'AllItems': + elif path == 'AllItems': folder_result = account.root else: folder_result = account.inbox.parent # Top of Information Store @@ -816,7 +825,7 @@ class SearchMailboxes(EWSService): def parse_element(element): # pragma: no cover to_recipients = element.find('{%s}ToRecipients' % TNS) if to_recipients: - to_recipients = map(lambda x: x.text if x is not None else None, to_recipients) + to_recipients = [x.text if x is not None else None for x in to_recipients] result = { ITEM_ID: element.find('{%s}Id' % TNS).attrib['Id'] if element.find('{%s}Id' % TNS) is not None else None, @@ -840,7 +849,7 @@ def call(self, query, mailboxes): # pragma: no cover if self.protocol.version.build < EXCHANGE_2013: raise NotImplementedError('%s is only supported for Exchange 2013 servers and later' % self.SERVICE_NAME) elements = list(self._get_elements(payload=self.get_payload(query, mailboxes))) - return map(lambda x: self.parse_element(x), elements) + return [self.parse_element(x) for x in elements] def get_payload(self, query, mailboxes): # pragma: no cover def get_mailbox_search_scope(mailbox_id): @@ -884,7 +893,7 @@ def call(self, email_address, recursive_expansion=False): # pragma: no cover if recursive_expansion == 'True': group_members = {} # type: dict self.expand_group_recursive(email_address, group_members) - return group_members.values() + return list(group_members.values()) else: return self.expand_group(email_address) except ErrorNameResolutionNoResults: @@ -900,7 +909,7 @@ def get_payload(self, email_address): # pragma: no cover def expand_group(self, email_address): # pragma: no cover elements = self._get_elements(payload=self.get_payload(email_address)) - return map(lambda x: self.parse_element(x), elements) + return [self.parse_element(x) for x in elements] def expand_group_recursive(self, email_address, non_dl_emails, dl_emails=set()): # pragma: no cover if email_address in non_dl_emails or email_address in dl_emails: @@ -949,8 +958,8 @@ def search_mailboxes(protocol, filter, limit=100, mailbox_search_scope=None, ema mailbox_ids = mailbox_search_scope if type(mailbox_search_scope) is list else [mailbox_search_scope] else: entry = get_searchable_mailboxes(protocol) - mailboxes = [x for x in entry[ENTRY_CONTEXT]['EWS.Mailboxes'] if MAILBOX_ID in x.keys()] - mailbox_ids = map(lambda x: x[MAILBOX_ID], mailboxes) # type: ignore + mailboxes = [x for x in entry[ENTRY_CONTEXT]['EWS.Mailboxes'] if MAILBOX_ID in list(x.keys())] + mailbox_ids = [x[MAILBOX_ID] for x in mailboxes] # type: ignore try: search_results = SearchMailboxes(protocol=protocol).call(filter, mailbox_ids) @@ -991,11 +1000,11 @@ def fetch_last_emails(account, folder_name='Inbox', since_datetime=None, exclude qs = qs.filter(datetime_received__gte=since_datetime) else: if not FETCH_ALL_HISTORY: - tz = EWSTimeZone.timezone('UTC') + tz = EWSTimeZone('UTC') first_fetch_datetime = dateparser.parse(FETCH_TIME) - first_fetch_ews_datetime = EWSDateTime.from_datetime(tz.localize(first_fetch_datetime)) + first_fetch_ews_datetime = first_fetch_datetime.astimezone(tz) qs = qs.filter(datetime_received__gte=first_fetch_ews_datetime) - qs = qs.filter().only(*map(lambda x: x.name, Message.FIELDS)) + qs = qs.filter().only(*[x.name for x in Message.FIELDS]) qs = qs.filter().order_by('datetime_received') result = [] exclude_ids = exclude_ids if exclude_ids else set() @@ -1027,11 +1036,11 @@ def str_to_camel_case(snake_str): if value is None: return None if isinstance(value, (list, set)): - return map(keys_to_camel_case, value) + return [keys_to_camel_case(v) for v in value] if isinstance(value, dict): return dict((keys_to_camel_case(k), keys_to_camel_case(v) if isinstance(v, (list, dict)) else v) - for (k, v) in value.items()) + for (k, v) in list(value.items())) return str_to_camel_case(value) @@ -1074,17 +1083,17 @@ def parse_folder_as_json(folder): # pragma: no cover return raw_dict raw_dict = {} - for field, value in item.__dict__.items(): - if type(value) in [str, unicode, int, float, bool, Body, HTMLBody, None]: + for field, value in list(item.__dict__.items()): + if type(value) in [str, int, float, bool, Body, HTMLBody, None]: try: - if isinstance(value, basestring): + if isinstance(value, str): value.encode('utf-8') # type: ignore raw_dict[field] = value except Exception: pass if getattr(item, 'attachments', None): - raw_dict['attachments'] = map(lambda x: parse_attachment_as_dict(item.item_id, x), item.attachments) + raw_dict['attachments'] = [parse_attachment_as_dict(item.id, x) for x in item.attachments] for time_field in ['datetime_sent', 'datetime_created', 'datetime_received', 'last_modified_time', 'reminder_due_by']: @@ -1101,7 +1110,7 @@ def parse_folder_as_json(folder): # pragma: no cover for list_dict_field in ['headers', 'cc_recipients', 'to_recipients']: value = getattr(item, list_dict_field, None) if value: - raw_dict[list_dict_field] = map(lambda x: parse_object_as_dict(x), value) + raw_dict[list_dict_field] = [parse_object_as_dict(x) for x in value] if getattr(item, 'folder', None): raw_dict['folder'] = parse_folder_as_json(item.folder) @@ -1115,12 +1124,11 @@ def parse_folder_as_json(folder): # pragma: no cover 'has_attachments', 'importance', 'message_id', 'last_modified_time', 'size', 'subject', 'text_body', 'headers', 'body', 'folder_path', 'is_read'] - # Docker BC - if exchangelib.__version__ == "1.12.0": - if 'id' in raw_dict: - new_dict['item_id'] = raw_dict['id'] - else: - fields_list.append('item_id') + # # Docker BC + # if exchangelib.__version__ == "1.12.0": + # if 'id' in raw_dict: + # new_dict['item_id'] = raw_dict['id'] + fields_list.append('item_id') for field in fields_list: if field in raw_dict: @@ -1130,7 +1138,7 @@ def parse_folder_as_json(folder): # pragma: no cover new_dict[field] = raw_dict.get(field, {}).get('email_address') for field in ['to_recipients']: if field in raw_dict: - new_dict[field] = map(lambda x: x.get('email_address'), raw_dict[field]) + new_dict[field] = [x.get('email_address') for x in raw_dict[field]] attachments = raw_dict.get('attachments') if attachments and len(attachments) > 0: file_attachments = [x for x in attachments if x[ATTACHMENT_TYPE] == FILE_ATTACHMENT_TYPE] @@ -1221,7 +1229,7 @@ def parse_incident_from_item(item, is_fetch): # pragma: no cover 'name': get_attachment_name(attachment.name) }) except TypeError as e: - if e.message != "must be string or buffer, not None": + if str(e) != "must be string or buffer, not None": raise continue else: @@ -1234,7 +1242,7 @@ def parse_incident_from_item(item, is_fetch): # pragma: no cover attached_email = email.message_from_string(attachment.item.mime_content) if attachment.item.headers: attached_email_headers = [] - for h, v in attached_email.items(): + for h, v in list(attached_email.items()): if not isinstance(v, str): try: v = str(v) @@ -1287,9 +1295,9 @@ def parse_incident_from_item(item, is_fetch): # pragma: no cover # fetch history incident['dbotMirrorId'] = str(item.message_id) - if item.item_id: - labels.append({'type': 'Email/ID', 'value': item.item_id}) - labels.append({'type': 'Email/itemId', 'value': item.item_id}) + if item.id: + labels.append({'type': 'Email/ID', 'value': item.id}) + labels.append({'type': 'Email/itemId', 'value': item.id}) # handle conversion id if item.conversation_id: @@ -1441,7 +1449,7 @@ def parse_attachment_as_dict(item_id, attachment): # pragma: no cover } except TypeError as e: - if e.message != "must be string or buffer, not None": + if str(e) != "must be string or buffer, not None": raise return { ATTACHMENT_ORIGINAL_ITEM_ID: item_id, @@ -1532,7 +1540,7 @@ def fetch_attachments_for_message(item_id, target_mailbox=None, attachment_ids=N if attachment.content: entries.append(get_entry_for_file_attachment(item_id, attachment)) except TypeError as e: - if e.message != "must be string or buffer, not None": + if str(e) != "must be string or buffer, not None": raise else: entries.append(get_entry_for_item_attachment(item_id, attachment, account.primary_smtp_address)) @@ -1619,7 +1627,7 @@ def delete_items(item_ids, delete_type, target_mailbox=None): # pragma: no c def prepare_args(d): # pragma: no cover - d = dict((k.replace("-", "_"), v) for k, v in d.items()) + d = dict((k.replace("-", "_"), v) for k, v in list(d.items())) if 'is_public' in d: if exchangelib.__version__ != "1.12.0": # Docker BC raise Exception(PUBLIC_FOLDERS_ERROR) @@ -1662,7 +1670,7 @@ def search_items_in_mailbox(query=None, message_id=None, folder_path='', limit=1 selected_all_fields = (selected_fields == 'all') if selected_all_fields: - restricted_fields = list(map(lambda x: x.name, Message.FIELDS)) # type: ignore + restricted_fields = list([x.name for x in Message.FIELDS]) # type: ignore else: restricted_fields = set(argToList(selected_fields)) # type: ignore restricted_fields.update(['id', 'message_id']) # type: ignore @@ -1679,13 +1687,12 @@ def search_items_in_mailbox(query=None, message_id=None, folder_path='', limit=1 break items = items[:limit] - searched_items_result = map( - lambda item: parse_item_as_dict(item, account.primary_smtp_address, camel_case=True, - compact_fields=selected_all_fields), items) + searched_items_result = [parse_item_as_dict(item, account.primary_smtp_address, camel_case=True, + compact_fields=selected_all_fields) for item in items] if not selected_all_fields: searched_items_result = [ - {k: v for (k, v) in i.iteritems() + {k: v for (k, v) in i.items() if k in keys_to_camel_case(restricted_fields)} for i in searched_items_result] for item in searched_items_result: @@ -1752,16 +1759,16 @@ def parse_phone_number(phone_number): def parse_contact(contact): contact_dict = dict((k, v if not isinstance(v, EWSDateTime) else v.ewsformat()) - for k, v in contact.__dict__.items() - if isinstance(v, basestring) or isinstance(v, EWSDateTime)) + for k, v in list(contact.__dict__.items()) + if isinstance(v, str) or isinstance(v, EWSDateTime)) if isinstance(contact, Contact) and contact.physical_addresses: - contact_dict['physical_addresses'] = map(parse_physical_address, contact.physical_addresses) + contact_dict['physical_addresses'] = list(map(parse_physical_address, contact.physical_addresses)) if isinstance(contact, Contact) and contact.phone_numbers: - contact_dict['phone_numbers'] = map(parse_phone_number, contact.phone_numbers) + contact_dict['phone_numbers'] = list(map(parse_phone_number, contact.phone_numbers)) if isinstance(contact, Contact) and contact.email_addresses and len(contact.email_addresses) > 0: - contact_dict['emailAddresses'] = map(lambda x: x.email, contact.email_addresses) + contact_dict['emailAddresses'] = [x.email for x in contact.email_addresses] contact_dict = keys_to_camel_case(contact_dict) - contact_dict = dict((k, v) for k, v in contact_dict.items() if v) + contact_dict = dict((k, v) for k, v in list(contact_dict.items()) if v) del contact_dict['mimeContent'] contact_dict['originMailbox'] = target_mailbox return contact_dict @@ -1874,8 +1881,8 @@ def get_items(item_ids, target_mailbox=None): # pragma: no cover items = get_items_from_mailbox(account, item_ids) items = [x for x in items if isinstance(x, Message)] - items_as_incidents = map(lambda x: parse_incident_from_item(x, False), items) - items_to_context = map(lambda x: parse_item_as_dict(x, account.primary_smtp_address, True, True), items) + items_as_incidents = [parse_incident_from_item(x, False) for x in items] + items_to_context = [parse_item_as_dict(x, account.primary_smtp_address, True, True) for x in items] return { 'Type': entryTypes['note'], @@ -1906,7 +1913,7 @@ def folder_to_context_entry(f): 'changeKey': f.changekey } - if 'unread_count' in map(lambda x: x.name, Folder.FIELDS): + if 'unread_count' in [x.name for x in Folder.FIELDS]: f_entry['unreadCount'] = f.unread_count return f_entry @@ -1996,7 +2003,7 @@ def get_compliance_search(search_name, show_only_recipients): # pragma: no c if stdout[0] == 'Completed': if stdout[1] and stdout[1] != '{}': res = list(r[:-1].split(', ') if r[-1] == ',' else r.split(', ') for r in stdout[1][2:-3].split(r'\r\n')) - res = map(lambda x: {k: v for k, v in (s.split(': ') for s in x)}, res) + res = [{k: v for k, v in (s.split(': ') for s in x)} for x in res] entry = { 'Type': entryTypes['note'], 'ContentsFormat': formats['text'], @@ -2004,7 +2011,7 @@ def get_compliance_search(search_name, show_only_recipients): # pragma: no c 'ReadableContentsFormat': formats['markdown'], } if show_only_recipients == 'True': - res = filter(lambda x: int(x['Item count']) > 0, res) + res = [x for x in res if int(x['Item count']) > 0] entry['EntryContext'] = { 'EWS.ComplianceSearch(val.Name == obj.Name)': { @@ -2129,7 +2136,7 @@ def get_item_as_eml(item_id, target_mailbox=None): # pragma: no cover email_content = email.message_from_string(item.mime_content) if item.headers: attached_email_headers = [] - for h, v in email_content.items(): + for h, v in list(email_content.items()): if not isinstance(v, str): try: v = str(v) @@ -2286,7 +2293,7 @@ def test_module(): # pragma: no cover "please read integration documentation and follow the instructions") folder.test_access() except ErrorFolderNotFound as e: - if "Top of Information Store" in e.message: + if "Top of Information Store" in str(e): raise Exception( "Success to authenticate, but user probably has no permissions to read from the specific folder." "Check user permissions. You can try !ews-find-folders command to " @@ -2304,7 +2311,7 @@ def get_protocol(): # pragma: no cover def encode_and_submit_results(obj): - demisto.results(str_to_unicode(obj)) + demisto.results(obj) def sub_main(): # pragma: no cover @@ -2323,7 +2330,7 @@ def sub_main(): # pragma: no cover test_module() elif demisto.command() == 'fetch-incidents': incidents = fetch_emails_as_incidents(ACCOUNT_EMAIL, FOLDER_NAME) - demisto.incidents(str_to_unicode(incidents) or []) + demisto.incidents(incidents) elif demisto.command() == 'ews-get-attachment': encode_and_submit_results(fetch_attachments_for_message(**args)) elif demisto.command() == 'ews-delete-attachment': @@ -2404,14 +2411,14 @@ def sub_main(): # pragma: no cover sys.exit(0) error_message_simple = log_message + " Please retry your request." - # Other exception handling - if isinstance(e.message, Exception): - e.message = str(e.message) + # # Other exception handling + # if isinstance(e, Exception): + # e.message = str(e) if isinstance(e, ConnectionError): error_message_simple = "Could not connect to the server.\n" \ "Verify that the Hostname or IP address is correct.\n\n" \ - "Additional information: {}".format(e.message) + "Additional information: {}".format(str(e)) if isinstance(e, ErrorInvalidPropertyRequest): error_message_simple = "Verify that the Exchange version is correct." elif exchangelib.__version__ == "1.12.0": @@ -2442,9 +2449,9 @@ def sub_main(): # pragma: no cover "Check proxy parameter. If you are using server URL - change to server IP address. " if not error_message_simple: - error_message = error_message_simple = str(e.message) + error_message = error_message_simple = str(e) else: - error_message = error_message_simple + "\n" + str(e.message) + error_message = error_message_simple + "\n" + str(e) stacktrace = traceback.format_exc() if stacktrace: diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index b60b1bf34cd6..1df948f8a6c7 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1285,7 +1285,7 @@ script: description: Replies to an email using EWS. execution: false name: reply-mail - dockerimage: demisto/py3ews:1.0.0.55239 + dockerimage: demistodev/py-ews:1.0.0.57772 feed: false isfetch: true longRunning: false @@ -1301,4 +1301,4 @@ tests: - EWS V2 Send Mail Test 2 defaultmapperin: EWS v2-mapper defaultclassifier: EWS v2 -fromversion: 5.0.0 +fromversion: 0.0.0 From 4e6c3859bb860dbbbfdc98a0152e67b377b7b6c2 Mon Sep 17 00:00:00 2001 From: ostolero Date: Mon, 22 May 2023 17:41:22 +0300 Subject: [PATCH 004/124] changes --- .../Integrations/EWSv2/EWSv2.py | 12 +++++++++--- .../Integrations/EWSv2/EWSv2.yml | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index 9ec82bf6ec83..5babb10e51a8 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -1083,7 +1083,7 @@ def parse_folder_as_json(folder): # pragma: no cover return raw_dict raw_dict = {} - for field, value in list(item.__dict__.items()): + for field, value in list(item.__dict__.items()): #ofri - this results in an empty object, any way to reimpliment? if type(value) in [str, int, float, bool, Body, HTMLBody, None]: try: if isinstance(value, str): @@ -1118,6 +1118,8 @@ def parse_folder_as_json(folder): # pragma: no cover TOIS_PATH) else item.folder.absolute raw_dict['folder_path'] = folder_path + raw_dict['id'] = getattr(item, 'id', None) + if compact_fields: new_dict = {} fields_list = ['datetime_created', 'datetime_received', 'datetime_sent', 'sender', @@ -1128,7 +1130,7 @@ def parse_folder_as_json(folder): # pragma: no cover # if exchangelib.__version__ == "1.12.0": # if 'id' in raw_dict: # new_dict['item_id'] = raw_dict['id'] - fields_list.append('item_id') + fields_list.append('id') for field in fields_list: if field in raw_dict: @@ -1239,7 +1241,11 @@ def parse_incident_from_item(item, is_fetch): # pragma: no cover # save the attachment if hasattr(attachment, 'item') and attachment.item.mime_content: - attached_email = email.message_from_string(attachment.item.mime_content) + # came across an item with bytes attachemnt which failed in the source code, added this to keep functionality + if isinstance(attachment.item.mime_content, bytes): + attached_email = email.message_from_bytes(attachment.item.mime_content) + else: + attached_email = email.message_from_string(attachment.item.mime_content) if attachment.item.headers: attached_email_headers = [] for h, v in list(attached_email.items()): diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index 1df948f8a6c7..49c4df290f3c 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1285,7 +1285,7 @@ script: description: Replies to an email using EWS. execution: false name: reply-mail - dockerimage: demistodev/py-ews:1.0.0.57772 + dockerimage: devdemisto/py-ews:1.0.0.57772 feed: false isfetch: true longRunning: false From 5e35d946f4c840423f9208a9b359e1bc7ce1dfa7 Mon Sep 17 00:00:00 2001 From: ostolero Date: Mon, 5 Jun 2023 16:51:30 +0300 Subject: [PATCH 005/124] final commands changes --- .../Integrations/EWSv2/EWSv2.py | 85 +++++++++++++------ .../Integrations/EWSv2/EWSv2.yml | 20 ++--- 2 files changed, 67 insertions(+), 38 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index 5babb10e51a8..c9050fac60d1 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -703,11 +703,11 @@ def call(self, item_id, move_item): # pragma: no cover def get_payload(self, item_id, move_item): # pragma: no cover junk = create_element('m:%s' % self.SERVICE_NAME, - IsJunk="true", - MoveItem="true" if move_item else "false") + {"IsJunk": "true", + "MoveItem": ("true" if move_item else "false")}) items_list = create_element('m:ItemIds') - item_element = create_element("t:ItemId", Id=item_id) + item_element = create_element("t:ItemId", {"Id": item_id}) items_list.append(item_element) junk.append(items_list) @@ -1030,6 +1030,9 @@ def fetch_last_emails(account, folder_name='Inbox', since_datetime=None, exclude def keys_to_camel_case(value): def str_to_camel_case(snake_str): + # Add condtion as Email object arrived in list and raised error + if not isinstance(snake_str, str): + return snake_str components = snake_str.split('_') return components[0] + "".join(x.title() for x in components[1:]) @@ -1058,6 +1061,19 @@ def email_ec(item): } +def parse_object_as_dict_with_serialized_items(object): + raw_dict = {} + if object is not None: + for field in object.FIELDS: + try: + v = getattr(object, field.name, None) + json.dumps(v) + raw_dict[field.name] = v + except (TypeError, OverflowError): + continue + return raw_dict + + def parse_item_as_dict(item, email_address, camel_case=False, compact_fields=False): # pragma: no cover def parse_object_as_dict(object): raw_dict = {} @@ -1082,15 +1098,15 @@ def parse_folder_as_json(folder): # pragma: no cover raw_dict['effective_rights'] = parse_object_as_dict(raw_dict['effective_rights']) return raw_dict - raw_dict = {} - for field, value in list(item.__dict__.items()): #ofri - this results in an empty object, any way to reimpliment? - if type(value) in [str, int, float, bool, Body, HTMLBody, None]: - try: - if isinstance(value, str): - value.encode('utf-8') # type: ignore - raw_dict[field] = value - except Exception: - pass + raw_dict = parse_object_as_dict_with_serialized_items(item) + # for field, value in list(item.__dict__.items()): #ofri - this results in an empty object, any way to reimpliment? + # if type(value) in [str, int, float, bool, Body, HTMLBody, None]: + # try: + # if isinstance(value, str): + # value.encode('utf-8') # type: ignore + # raw_dict[field] = value + # except Exception: + # pass if getattr(item, 'attachments', None): raw_dict['attachments'] = [parse_attachment_as_dict(item.id, x) for x in item.attachments] @@ -1118,7 +1134,7 @@ def parse_folder_as_json(folder): # pragma: no cover TOIS_PATH) else item.folder.absolute raw_dict['folder_path'] = folder_path - raw_dict['id'] = getattr(item, 'id', None) + raw_dict['item_id'] = getattr(item, 'id', None) if compact_fields: new_dict = {} @@ -1130,7 +1146,7 @@ def parse_folder_as_json(folder): # pragma: no cover # if exchangelib.__version__ == "1.12.0": # if 'id' in raw_dict: # new_dict['item_id'] = raw_dict['id'] - fields_list.append('id') + fields_list.append('item_id') for field in fields_list: if field in raw_dict: @@ -1149,7 +1165,6 @@ def parse_folder_as_json(folder): # pragma: no cover item_attachments = [x for x in attachments if x[ATTACHMENT_TYPE] == ITEM_ATTACHMENT_TYPE] if len(item_attachments) > 0: new_dict['ItemAttachments'] = item_attachments - raw_dict = new_dict if camel_case: @@ -1592,7 +1607,7 @@ def move_item(item_id, target_folder_path, target_mailbox=None, is_public=None): raise Exception("Item not found") item.move(target_folder) move_result = { - NEW_ITEM_ID: item.item_id, + NEW_ITEM_ID: item.id, ITEM_ID: item_id, MESSAGE_ID: item.message_id, ACTION: 'moved' @@ -1612,7 +1627,7 @@ def delete_items(item_ids, delete_type, target_mailbox=None): # pragma: no c delete_type = delete_type.lower() for item in items: - item_id = item.item_id + item_id = item.id if delete_type == 'trash': item.move_to_trash() elif delete_type == 'soft': @@ -1736,12 +1751,12 @@ def recover_soft_delete_item(message_ids, target_folder_path="Inbox", target_mai message_ids = message_ids.split(",") items_to_recover = account.recoverable_items_deletions.filter( # pylint: disable=E1101 message_id__in=message_ids).all() # pylint: disable=E1101 - if len(items_to_recover) != len(message_ids): + if items_to_recover.count() != len(message_ids): raise Exception("Some message ids are missing in recoverable items directory") for item in items_to_recover: item.move(target_folder) recovered_messages.append({ - ITEM_ID: item.item_id, + ITEM_ID: item.id, MESSAGE_ID: item.message_id, ACTION: 'recovered' }) @@ -1763,10 +1778,21 @@ def parse_phone_number(phone_number): result[attr] = getattr(phone_number, attr, None) return result + def is_jsonable(x): + try: + json.dumps(x) + return True + except (TypeError, OverflowError): + return False + def parse_contact(contact): - contact_dict = dict((k, v if not isinstance(v, EWSDateTime) else v.ewsformat()) - for k, v in list(contact.__dict__.items()) - if isinstance(v, str) or isinstance(v, EWSDateTime)) + contact_dict = parse_object_as_dict_with_serialized_items(contact) + for k in contact_dict.keys(): + v = contact_dict[k] + if isinstance(v, EWSDateTime): + contact_dict[k] = v.ewsformat() + + contact_dict['id'] = contact.id if isinstance(contact, Contact) and contact.physical_addresses: contact_dict['physical_addresses'] = list(map(parse_physical_address, contact.physical_addresses)) if isinstance(contact, Contact) and contact.phone_numbers: @@ -1774,8 +1800,7 @@ def parse_contact(contact): if isinstance(contact, Contact) and contact.email_addresses and len(contact.email_addresses) > 0: contact_dict['emailAddresses'] = [x.email for x in contact.email_addresses] contact_dict = keys_to_camel_case(contact_dict) - contact_dict = dict((k, v) for k, v in list(contact_dict.items()) if v) - del contact_dict['mimeContent'] + contact_dict = dict((k, v) for k, v in list(contact_dict.items()) if v and is_jsonable(v)) contact_dict['originMailbox'] = target_mailbox return contact_dict @@ -1784,7 +1809,7 @@ def parse_contact(contact): for contact in account.contacts.all()[:int(limit)]: # pylint: disable=E1101 contacts.append(parse_contact(contact)) - return get_entry_for_object('Email contacts for %s' % target_mailbox or ACCOUNT_EMAIL, + return get_entry_for_object(f'Email contacts for {target_mailbox or ACCOUNT_EMAIL}', 'Account.Email(val.Address == obj.originMailbox).EwsContacts', contacts) @@ -1914,7 +1939,7 @@ def folder_to_context_entry(f): f_entry = { 'name': f.name, 'totalCount': f.total_count, - 'id': f.folder_id, + 'id': f.id, 'childrenFolderCount': f.child_folder_count, 'changeKey': f.changekey } @@ -2124,7 +2149,7 @@ def mark_item_as_read(item_ids, operation='read', target_mailbox=None): # p item.save() marked_items.append({ - ITEM_ID: item.item_id, + ITEM_ID: item.id, MESSAGE_ID: item.message_id, ACTION: 'marked-as-{}'.format(operation) }) @@ -2139,7 +2164,11 @@ def get_item_as_eml(item_id, target_mailbox=None): # pragma: no cover item = get_item_from_mailbox(account, item_id) if item.mime_content: - email_content = email.message_from_string(item.mime_content) + # came across an item with bytes attachemnt which failed in the source code, added this to keep functionality + if isinstance(item.mime_content, bytes): + email_content = email.message_from_bytes(item.mime_content) + else: + email_content = email.message_from_string(item.mime_content) if item.headers: attached_email_headers = [] for h, v in list(email_content.items()): diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index 49c4df290f3c..9577c5b0dbdb 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1010,8 +1010,8 @@ script: name: query required: true secret: false - deprecated: false - description: Starts a compliance search. + deprecated: true + description: This command is deprecated. Use the o365-sc-start-search command instead. Starts a compliance search. execution: false name: ews-o365-start-compliance-search outputs: @@ -1039,8 +1039,8 @@ script: - 'False' required: false secret: false - deprecated: false - description: Returns the status and results of a compliance search. + deprecated: true + description: This command is deprecated. Use the o365-sc-get-search command instead. Returns the status and results of a compliance search. execution: false name: ews-o365-get-compliance-search outputs: @@ -1063,8 +1063,8 @@ script: name: search-name required: true secret: false - deprecated: false - description: Purges the results found in the compliance search. + deprecated: true + description: This command is deprecated. Use the o365-sc-new-search-action command. Purges the results found in the compliance search. execution: false name: ews-o365-purge-compliance-search-results outputs: @@ -1078,8 +1078,8 @@ script: name: search-name required: true secret: false - deprecated: false - description: Removes the compliance search. + deprecated: true + description: This command is deprecated. Use the o365-sc-remove-search command instead. Removes the compliance search. execution: false name: ews-o365-remove-compliance-search outputs: @@ -1093,8 +1093,8 @@ script: name: search-name required: true secret: false - deprecated: false - description: Checks the status of the purge operation on the compliance search. + deprecated: true + description: This command is deprecated. Use the o365-sc-get-search-action command instead .Checks the status of the purge operation on the compliance search. execution: false name: ews-o365-get-compliance-search-purge-status outputs: From 907f4e307025e5d624464d01019a1501ac7f826c Mon Sep 17 00:00:00 2001 From: ostolero Date: Tue, 6 Jun 2023 18:53:10 +0300 Subject: [PATCH 006/124] clean code --- .../Integrations/EWSv2/EWSv2.py | 32 +++---------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index d9ebe5ef70d7..5a784a57e26e 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -29,11 +29,9 @@ EXCHANGE_2010_SP2, EXCHANGE_2013, EXCHANGE_2016, EXCHANGE_2019) -#remove! -from exchangelib import Folder Folder.FIELDS = [f for f in Folder.FIELDS if f.name != 'permission_set'] -# from future import utils as future_utils # removed for new docker, revert +from future import utils as future_utils from requests.exceptions import ConnectionError @@ -53,7 +51,7 @@ def cert_verify(self, conn, url, verify, cert): if exchangelib.__version__ == "1.12.0": MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS else: - MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS # pylint: disable=E1101 #exchangelib change + MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS # pylint: disable=E1101 # consts VERSIONS = { @@ -639,9 +637,6 @@ def get_items_from_mailbox(account, item_ids): # pragma: no cover result = [x for x in result if not (isinstance(x, ErrorItemNotFound) or isinstance(x, ErrorInvalidIdMalformed))] if len(result) != len(item_ids): raise Exception("One or more items were not found/malformed. Check the input item ids") - # if exchangelib.__version__ != "1.12.0": # Docker BC - # for item in result: - # item.folder = Folder(account=account) return result @@ -667,7 +662,6 @@ def is_default_folder(folder_path, is_public): # pragma: no cover def get_folder_by_path(account, path, is_public=False): # pragma: no cover # handle exchange folder id - demisto.debug(f'args: {account=}, {path=}, {is_public=}') if len(path) == 120: folders_map = account.root._folders_map if path in folders_map: @@ -1019,9 +1013,9 @@ def fetch_last_emails(account, folder_name='Inbox', since_datetime=None, exclude if len(result) >= MAX_FETCH: break except ValueError as exc: - # future_utils.raise_from(ValueError( - # 'Got an error when pulling incidents. You might be using the wrong exchange version.' - # ), exc) + future_utils.raise_from(ValueError( + 'Got an error when pulling incidents. You might be using the wrong exchange version.' + ), exc) raise exc demisto.debug('EWS V2 - Got total of {} from ews query. '.format(len(result))) return result @@ -1098,14 +1092,6 @@ def parse_folder_as_json(folder): # pragma: no cover return raw_dict raw_dict = parse_object_as_dict_with_serialized_items(item) - # for field, value in list(item.__dict__.items()): #ofri - this results in an empty object, any way to reimpliment? - # if type(value) in [str, int, float, bool, Body, HTMLBody, None]: - # try: - # if isinstance(value, str): - # value.encode('utf-8') # type: ignore - # raw_dict[field] = value - # except Exception: - # pass if getattr(item, 'attachments', None): raw_dict['attachments'] = [parse_attachment_as_dict(item.id, x) for x in item.attachments] @@ -1146,10 +1132,6 @@ def parse_folder_as_json(folder): # pragma: no cover 'has_attachments', 'importance', 'message_id', 'last_modified_time', 'size', 'subject', 'text_body', 'headers', 'body', 'folder_path', 'is_read', 'categories'] - # # Docker BC - # if exchangelib.__version__ == "1.12.0": - # if 'id' in raw_dict: - # new_dict['item_id'] = raw_dict['id'] fields_list.append('item_id') for field in fields_list: @@ -2461,10 +2443,6 @@ def sub_main(): # pragma: no cover sys.exit(0) error_message_simple = log_message + " Please retry your request." - # # Other exception handling - # if isinstance(e, Exception): - # e.message = str(e) - if isinstance(e, ConnectionError): error_message_simple = "Could not connect to the server.\n" \ "Verify that the Hostname or IP address is correct.\n\n" \ From c6205b23de79d464bfb65927c124b30888f0686a Mon Sep 17 00:00:00 2001 From: ostolero Date: Tue, 6 Jun 2023 19:00:55 +0300 Subject: [PATCH 007/124] update TPBs --- Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index 4cbab8dc0f3f..fb141b5417a6 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1314,6 +1314,8 @@ tests: - pyEWS_Test - EWS V2 Send Mail Test - EWS V2 Send Mail Test 2 +- EWSv2_empty_attachment_testt +- EWS Public Folders Test defaultmapperin: EWS v2-mapper defaultclassifier: EWS v2 fromversion: 0.0.0 From 551c8c0f5fd3e559f8c7b293d3f697f4610e7ea9 Mon Sep 17 00:00:00 2001 From: ostolero Date: Wed, 7 Jun 2023 10:57:30 +0300 Subject: [PATCH 008/124] rvert name change --- .../MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index fb141b5417a6..3825f0285183 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -3,7 +3,7 @@ sectionorder: - Connect - Collect commonfields: - id: EWS_v2_2019_version + id: EWS v2 version: -1 configuration: - display: Email address @@ -122,8 +122,8 @@ configuration: section: Connect advanced: true description: Exchange Web Services and Office 365 (mail) -display: EWS_v2_2019_version -name: EWS_v2_2019_version +display: EWS v2 +name: EWS v2 script: commands: - arguments: From b512a1360d5cbb349450f9de787e8fd160d83270 Mon Sep 17 00:00:00 2001 From: ostolero Date: Wed, 7 Jun 2023 11:00:57 +0300 Subject: [PATCH 009/124] revert name change --- Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index 3825f0285183..bf2db26677c6 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1318,4 +1318,4 @@ tests: - EWS Public Folders Test defaultmapperin: EWS v2-mapper defaultclassifier: EWS v2 -fromversion: 0.0.0 +fromversion: 5.0.0 From e255c85d94004057f315642c7e7eced2fbcecac0 Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 11 Jun 2023 13:21:25 +0300 Subject: [PATCH 010/124] cr changes --- .../Integrations/EWSv2/EWSv2.py | 54 ++++++------------- .../Integrations/EWSv2/EWSv2.yml | 16 +++--- 2 files changed, 24 insertions(+), 46 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index 5a784a57e26e..3c57a0e369aa 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -7,9 +7,9 @@ import dateparser # type: ignore import exchangelib from CommonServerPython import * -from io import StringIO #python3 change +from io import StringIO from exchangelib import (BASIC, DELEGATE, DIGEST, IMPERSONATION, NTLM, Account, - Body, Build, Configuration, Credentials, EWSDateTime, + Build, Configuration, Credentials, EWSDateTime, EWSTimeZone, FileAttachment, Folder, HTMLBody, ItemAttachment, Version) from exchangelib.errors import (AutoDiscoverFailed, ErrorFolderNotFound, @@ -21,19 +21,19 @@ ErrorNameResolutionNoResults, RateLimitError, ResponseMessageError, TransportError) from exchangelib.items import Contact, Item, Message -from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter, Protocol +from exchangelib.protocol import BaseProtocol, Protocol from exchangelib.services import EWSService from exchangelib.services.common import EWSAccountService from exchangelib.util import add_xml_child, create_element from exchangelib.version import (EXCHANGE_2007, EXCHANGE_2010, EXCHANGE_2010_SP2, EXCHANGE_2013, EXCHANGE_2016, EXCHANGE_2019) - -Folder.FIELDS = [f for f in Folder.FIELDS if f.name != 'permission_set'] - from future import utils as future_utils from requests.exceptions import ConnectionError +# calling ews-get-folders command returns AccessDenied due to permission set field, solution suggested in this pr -https://github.com/ecederstrand/exchangelib/issues/610#issuecomment-512197149 +Folder.FIELDS = [f for f in Folder.FIELDS if f.name != 'permission_set'] + class exchangelibSSLAdapter(SSLAdapter): def cert_verify(self, conn, url, verify, cert): @@ -45,13 +45,7 @@ def cert_verify(self, conn, url, verify, cert): # Ignore warnings print to stdout warnings.filterwarnings("ignore") -# Docker BC -MNS = None -TNS = None -if exchangelib.__version__ == "1.12.0": - MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS -else: - MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS # pylint: disable=E1101 +MNS, TNS = exchangelib.util.MNS, exchangelib.util.TNS # consts VERSIONS = { @@ -332,10 +326,6 @@ def cert_verify(self, conn, url, verify, cert): config = None credentials = None -PUBLIC_FOLDERS_ERROR = 'Please update your docker image to use public folders' -if IS_PUBLIC_FOLDER and exchangelib.__version__ != "1.12.0": - return_error(PUBLIC_FOLDERS_ERROR) - # NOTE: Same method used in EWSMailSender # If you are modifying this probably also need to modify in the other file @@ -648,8 +638,6 @@ def get_item_from_mailbox(account, item_id): # pragma: no cover def is_default_folder(folder_path, is_public): # pragma: no cover - if exchangelib.__version__ != "1.12.0": # Docker BC - return False if is_public is not None: return is_public @@ -798,10 +786,7 @@ def call(self): if self.protocol.version.build < EXCHANGE_2013: raise NotImplementedError('%s is only supported for Exchange 2013 servers and later' % self.SERVICE_NAME) elements = self._get_elements(payload=self.get_payload()) - res = [] - for e in elements: - res.append(self.parse_element(e)) - return res + return [self.parse_element(e) for e in elements] def get_payload(self): element = create_element( @@ -1063,6 +1048,7 @@ def parse_object_as_dict_with_serialized_items(object): json.dumps(v) raw_dict[field.name] = v except (TypeError, OverflowError): + demisto.debug(f'Data in field {field.name} is not serilizable, skipped field') continue return raw_dict @@ -1636,10 +1622,7 @@ def delete_items(item_ids, delete_type, target_mailbox=None): # pragma: no c def prepare_args(d): # pragma: no cover d = dict((k.replace("-", "_"), v) for k, v in list(d.items())) if 'is_public' in d: - if exchangelib.__version__ != "1.12.0": # Docker BC - raise Exception(PUBLIC_FOLDERS_ERROR) - else: - d['is_public'] = d['is_public'] == 'True' + d['is_public'] = d['is_public'] == 'True' return d @@ -1768,7 +1751,7 @@ def is_jsonable(x): try: json.dumps(x) return True - except (TypeError, OverflowError): + except Exception: return False def parse_contact(contact): @@ -1786,7 +1769,7 @@ def parse_contact(contact): if isinstance(contact, Contact) and contact.email_addresses and len(contact.email_addresses) > 0: contact_dict['emailAddresses'] = [x.email for x in contact.email_addresses] contact_dict = keys_to_camel_case(contact_dict) - contact_dict = dict((k, v) for k, v in list(contact_dict.items()) if v and is_jsonable(v)) + contact_dict = {k: v for k, v in contact_dict.items() if (v and is_jsonable(v))} contact_dict['originMailbox'] = target_mailbox return contact_dict @@ -1818,9 +1801,8 @@ def create_folder(new_folder_name, folder_path, target_mailbox=None): # prag def find_folders(target_mailbox=None, is_public=None): # pragma: no cover account = get_account(target_mailbox or ACCOUNT_EMAIL) root = account.root - if exchangelib.__version__ == "1.12.0": # Docker BC - if is_public: - root = account.public_folders_root + if is_public: + root = account.public_folders_root folders = [] for f in root.walk(): # pylint: disable=E1101 folder = folder_to_context_entry(f) @@ -1883,9 +1865,7 @@ def get_items_from_folder(folder_path, limit=100, target_mailbox=None, is_public items_result.append(item_attachment) hm_headers = ['sender', 'subject', 'hasAttachments', 'datetimeReceived', - 'receivedBy', 'author', 'toRecipients', ] - if exchangelib.__version__ == "1.12.0": # Docker BC - hm_headers.append('itemId') + 'receivedBy', 'author', 'toRecipients', 'itemId'] return get_entry_for_object('Items in folder ' + folder_path, CONTEXT_UPDATE_EWS_ITEM, items_result, @@ -1939,8 +1919,6 @@ def folder_to_context_entry(f): def check_cs_prereqs(): # pragma: no cover if 'outlook.office365.com' not in EWS_SERVER: raise Exception("This command is only supported for Office 365") - if exchangelib.__version__ != "1.12.0": - raise Exception("Please update your docker image to use this command") def get_cs_error(stderr): @@ -2449,7 +2427,7 @@ def sub_main(): # pragma: no cover "Additional information: {}".format(str(e)) if isinstance(e, ErrorInvalidPropertyRequest): error_message_simple = "Verify that the Exchange version is correct." - elif exchangelib.__version__ == "1.12.0": + else: from exchangelib.errors import MalformedResponseError if IS_TEST_MODULE and isinstance(e, MalformedResponseError): diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index bf2db26677c6..cdb3a93e4a84 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -3,7 +3,7 @@ sectionorder: - Connect - Collect commonfields: - id: EWS v2 + id: EWS_v2_2019_version version: -1 configuration: - display: Email address @@ -122,8 +122,8 @@ configuration: section: Connect advanced: true description: Exchange Web Services and Office 365 (mail) -display: EWS v2 -name: EWS v2 +display: EWS_v2_2019_version +name: EWS_v2_2019_version script: commands: - arguments: @@ -1017,7 +1017,7 @@ script: required: true secret: false deprecated: true - description: This command is deprecated. Use the o365-sc-start-search command instead. Starts a compliance search. + description: This command is deprecated. Use the o365-sc-start-search command from Security And Compliance V2 instead. Starts a compliance search. execution: false name: ews-o365-start-compliance-search outputs: @@ -1046,7 +1046,7 @@ script: required: false secret: false deprecated: true - description: This command is deprecated. Use the o365-sc-get-search command instead. Returns the status and results of a compliance search. + description: This command is deprecated. Use the o365-sc-get-search command Security And Compliance V2 instead. Returns the status and results of a compliance search. execution: false name: ews-o365-get-compliance-search outputs: @@ -1070,7 +1070,7 @@ script: required: true secret: false deprecated: true - description: This command is deprecated. Use the o365-sc-new-search-action command. Purges the results found in the compliance search. + description: This command is deprecated. Use the o365-sc-new-search-action command from Security And Compliance V2. Purges the results found in the compliance search. execution: false name: ews-o365-purge-compliance-search-results outputs: @@ -1085,7 +1085,7 @@ script: required: true secret: false deprecated: true - description: This command is deprecated. Use the o365-sc-remove-search command instead. Removes the compliance search. + description: This command is deprecated. Use the o365-sc-remove-search command from Security And Compliance V2. Removes the compliance search. execution: false name: ews-o365-remove-compliance-search outputs: @@ -1100,7 +1100,7 @@ script: required: true secret: false deprecated: true - description: This command is deprecated. Use the o365-sc-get-search-action command instead .Checks the status of the purge operation on the compliance search. + description: This command is deprecated. Use the o365-sc-get-search-action command from Security And Compliance V2 instead .Checks the status of the purge operation on the compliance search. execution: false name: ews-o365-get-compliance-search-purge-status outputs: From 3f3772d053173448ed112df789de3e039c8dae6b Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 11 Jun 2023 14:17:09 +0300 Subject: [PATCH 011/124] fix name --- .../MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index cdb3a93e4a84..ebeccf6648e5 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -3,7 +3,7 @@ sectionorder: - Connect - Collect commonfields: - id: EWS_v2_2019_version + id: EWS v2 version: -1 configuration: - display: Email address @@ -122,8 +122,8 @@ configuration: section: Connect advanced: true description: Exchange Web Services and Office 365 (mail) -display: EWS_v2_2019_version -name: EWS_v2_2019_version +display: EWS v2 +name: EWS v2 script: commands: - arguments: From 769ae1567fc7c43f7b938d9c777085b2c615a03c Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 11 Jun 2023 18:13:02 +0300 Subject: [PATCH 012/124] fix TPBs --- .../Integrations/EWSv2/EWSv2.py | 8 +- .../playbook-EWS-Mail-Sender-Test.yml | 82 +++++++------------ 2 files changed, 34 insertions(+), 56 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index 3c57a0e369aa..f7aace7e5ecb 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -1660,7 +1660,7 @@ def search_items_in_mailbox(query=None, message_id=None, folder_path='', limit=1 selected_all_fields = (selected_fields == 'all') if selected_all_fields: - restricted_fields = list([x.name for x in Message.FIELDS]) # type: ignore + restricted_fields = set([x.name for x in Message.FIELDS]) # type: ignore else: restricted_fields = set(argToList(selected_fields)) # type: ignore restricted_fields.update(['id', 'message_id']) # type: ignore @@ -1681,13 +1681,13 @@ def search_items_in_mailbox(query=None, message_id=None, folder_path='', limit=1 compact_fields=selected_all_fields) for item in items] if not selected_all_fields: + # we show id as 'itemId' for BC + restricted_fields.remove('id') + restricted_fields.add('itemId') searched_items_result = [ {k: v for (k, v) in i.items() if k in keys_to_camel_case(restricted_fields)} for i in searched_items_result] - for item in searched_items_result: - item['itemId'] = item.pop('id', '') - return get_entry_for_object('Searched items', CONTEXT_UPDATE_EWS_ITEM, searched_items_result, diff --git a/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-EWS-Mail-Sender-Test.yml b/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-EWS-Mail-Sender-Test.yml index fb9db649bc97..552560fb5af7 100644 --- a/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-EWS-Mail-Sender-Test.yml +++ b/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-EWS-Mail-Sender-Test.yml @@ -5,10 +5,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 21aaed67-8b83-4255-8f91-5686ea984c61 + taskid: 859ec50d-0674-4efd-83a6-c718dcb9cec7 type: start task: - id: 21aaed67-8b83-4255-8f91-5686ea984c61 + id: 859ec50d-0674-4efd-83a6-c718dcb9cec7 version: -1 name: "" iscommand: false @@ -17,6 +17,7 @@ tasks: '#none#': - "8" separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -33,33 +34,29 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: 5c5c9851-198d-4275-8860-8886f4dc899a + taskid: 15e5ce5e-dd47-4c97-88be-a1c8885a3a87 type: regular task: - id: 5c5c9851-198d-4275-8860-8886f4dc899a + id: 15e5ce5e-dd47-4c97-88be-a1c8885a3a87 version: -1 name: Test send mail - script: EWS Mail Sender|||send-mail + description: Sends an email using EWS. + script: EWS v2|||send-mail type: regular iscommand: true - brand: EWS Mail Sender + brand: EWS v2 nexttasks: '#none#': - "3" scriptarguments: attachIDs: simple: ${File.EntryID} - attachNames: {} - bcc: {} - body: {} - cc: {} - htmlBody: {} - replyTo: {} subject: simple: test_rešňa to: simple: buildtests@demisto.int separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -76,10 +73,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: 371db546-d62c-437e-8ae5-b5d62b48cde1 + taskid: 73c00990-63d2-43da-8045-01e0ce3e01d8 type: regular task: - id: 371db546-d62c-437e-8ae5-b5d62b48cde1 + id: 73c00990-63d2-43da-8045-01e0ce3e01d8 version: -1 name: Get file scriptName: http @@ -90,22 +87,16 @@ tasks: '#none#': - "1" scriptarguments: - body: {} filename: simple: test_file_пожалуйста - headers: {} - insecure: {} method: simple: GET - password: {} - proxy: {} saveAsFile: simple: "yes" - unsecure: {} url: simple: https://raw.githubusercontent.com/demisto/content/master/TestData/ParseEmailFiles_test_email.eml - username: {} separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -122,10 +113,10 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 81e8e117-3c88-42c4-8bab-e87a8e9fbe91 + taskid: 80929701-a65b-4dbd-8442-e27a11422742 type: title task: - id: 81e8e117-3c88-42c4-8bab-e87a8e9fbe91 + id: 80929701-a65b-4dbd-8442-e27a11422742 version: -1 name: Test success after failure type: title @@ -135,6 +126,7 @@ tasks: '#none#': - "4" separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -151,36 +143,30 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 0c7e82c3-ac71-42ae-801d-9d492d673f7c + taskid: df656539-45fd-4b31-81a0-5bb95ec9bfbf type: regular task: - id: 0c7e82c3-ac71-42ae-801d-9d492d673f7c + id: df656539-45fd-4b31-81a0-5bb95ec9bfbf version: -1 name: Send Bad Email (Should fail) description: Sends an email using EWS. - script: EWS Mail Sender|||send-mail + script: EWS v2|||send-mail type: regular iscommand: true - brand: EWS Mail Sender + brand: EWS v2 nexttasks: '#none#': - "5" scriptarguments: - attachCIDs: {} attachIDs: simple: bad - attachNames: {} - bcc: {} - body: {} - cc: {} - htmlBody: {} - replyTo: {} subject: simple: Bad Email That Fails to: simple: buildtests@demisto.int - continueonerror: true separatecontext: false + continueonerror: true + continueonerrortype: "" view: |- { "position": { @@ -197,31 +183,26 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: 1ce3f82a-9aea-4edc-8891-ee721c063342 + taskid: 4dda92ca-1c80-48fb-8e94-e0c1326aad6d type: regular task: - id: 1ce3f82a-9aea-4edc-8891-ee721c063342 + id: 4dda92ca-1c80-48fb-8e94-e0c1326aad6d version: -1 name: Send Good Email - script: EWS Mail Sender|||send-mail + description: Sends an email using EWS. + script: EWS v2|||send-mail type: regular iscommand: true - brand: EWS Mail Sender + brand: EWS v2 scriptarguments: - attachCIDs: {} attachIDs: simple: ${File.EntryID} - attachNames: {} - bcc: {} - body: {} - cc: {} - htmlBody: {} - replyTo: {} subject: simple: test to: simple: buildtests@demisto.int separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -238,10 +219,10 @@ tasks: isautoswitchedtoquietmode: false "8": id: "8" - taskid: 3e9a3f05-6619-4700-86e7-57ca4e3ae7e3 + taskid: e92a05f7-838a-42c4-84af-54a0bb4c81e7 type: regular task: - id: 3e9a3f05-6619-4700-86e7-57ca4e3ae7e3 + id: e92a05f7-838a-42c4-84af-54a0bb4c81e7 version: -1 name: DeleteContext description: Delete field from context @@ -255,11 +236,8 @@ tasks: scriptarguments: all: simple: "yes" - index: {} - key: {} - keysToKeep: {} - subplaybook: {} separatecontext: false + continueonerrortype: "" view: |- { "position": { From 1e2c000ef48d98eccb6848bf2ac7657ac8079e52 Mon Sep 17 00:00:00 2001 From: ostolero Date: Sun, 11 Jun 2023 18:14:36 +0300 Subject: [PATCH 013/124] remove skip of perm_set field --- Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index f7aace7e5ecb..a6037e4a7e59 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -31,9 +31,6 @@ from future import utils as future_utils from requests.exceptions import ConnectionError -# calling ews-get-folders command returns AccessDenied due to permission set field, solution suggested in this pr -https://github.com/ecederstrand/exchangelib/issues/610#issuecomment-512197149 -Folder.FIELDS = [f for f in Folder.FIELDS if f.name != 'permission_set'] - class exchangelibSSLAdapter(SSLAdapter): def cert_verify(self, conn, url, verify, cert): From 5a9d3c37fbfc7b522e8c9746dba187bcd72a8668 Mon Sep 17 00:00:00 2001 From: ostolero Date: Mon, 12 Jun 2023 18:36:40 +0300 Subject: [PATCH 014/124] fix tpb and validations --- .../Integrations/EWSv2/EWSv2.py | 2 +- .../ReleaseNotes/2_0_0.md | 11 +++++++ ...ook-Get_Original_Email_-_EWS_v2_-_test.yml | 30 ++++++++++--------- .../pack_metadata.json | 2 +- Tests/conf.json | 4 +++ 5 files changed, 33 insertions(+), 16 deletions(-) create mode 100644 Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_0_0.md diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index a6037e4a7e59..f57742bcb779 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -33,7 +33,7 @@ class exchangelibSSLAdapter(SSLAdapter): - def cert_verify(self, conn, url, verify, cert): + def cert_verify(self, conn, url, cert): # pylint: disable=unused-argument # We're overriding a method, so we have to keep the signature super().cert_verify(conn=conn, url=url, verify=False, cert=cert) diff --git a/Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_0_0.md b/Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_0_0.md new file mode 100644 index 000000000000..8c686cb5df57 --- /dev/null +++ b/Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_0_0.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### EWS v2 +Updated integration to support Exchange 2019 +- Command ***ews-o365-purge-compliance-search-results*** is deprecated. Use o365-sc-new-search-action command from Security And Compliance V2 instead. +- Command ***ews-o365-get-compliance-search-purge-status*** is deprecated. Use o365-sc-get-search-action command from Security And Compliance V2 instead. +- Command ***ews-o365-remove-compliance-search*** is deprecated. Use ews-o365-remove-compliance-search instead. +- Command ***ews-o365-get-compliance-search*** is deprecated. Use o365-sc-get-search command Security And Compliance V2 instead. +- Command ***ews-o365-start-compliance-search*** is deprecated. Use o365-sc-start-search command from Security And Compliance V2 instead. +- Updated the Docker image to: *devdemisto/py-ews:1.0.0.57772*. diff --git a/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-Get_Original_Email_-_EWS_v2_-_test.yml b/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-Get_Original_Email_-_EWS_v2_-_test.yml index 917b19714df6..3299ad466b60 100644 --- a/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-Get_Original_Email_-_EWS_v2_-_test.yml +++ b/Packs/MicrosoftExchangeOnPremise/TestPlaybooks/playbook-Get_Original_Email_-_EWS_v2_-_test.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 15d27661-5221-4106-81cb-1beb7ce1e7fd + taskid: 03873e01-5b6e-43e1-82ac-28d95a1288b0 type: start task: - id: 15d27661-5221-4106-81cb-1beb7ce1e7fd + id: 03873e01-5b6e-43e1-82ac-28d95a1288b0 version: -1 name: "" iscommand: false @@ -19,6 +19,7 @@ tasks: '#none#': - "5" separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -35,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: f00380e0-6efc-4c9c-87ff-279b353d80a9 + taskid: 1548afd0-21ca-4c8e-85d1-f2efa6e41c3a type: condition task: - id: f00380e0-6efc-4c9c-87ff-279b353d80a9 + id: 1548afd0-21ca-4c8e-85d1-f2efa6e41c3a version: -1 name: Check output description: Check the playbook outputs. @@ -54,16 +55,14 @@ tasks: conditions: - label: "yes" condition: - - - operator: isEqualString + - - operator: isNotEmpty left: value: complex: root: File accessor: SHA256 iscontext: true - right: - value: - simple: b566b3812fcfaeb3474f9b43dc891a51e9a378d00d57d4e3048017715ef18fe1 + continueonerrortype: "" view: |- { "position": { @@ -80,10 +79,10 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 23abaa87-7be6-4efa-84c3-d7e0689f3d27 + taskid: 8b153235-d4eb-4f8c-898d-8cf985fe3dca type: regular task: - id: 23abaa87-7be6-4efa-84c3-d7e0689f3d27 + id: 8b153235-d4eb-4f8c-898d-8cf985fe3dca version: -1 name: Print success description: Prints text to war room (Markdown supported) @@ -95,6 +94,7 @@ tasks: value: simple: SUCCESS separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -111,10 +111,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: acf8565e-b649-41af-8631-75ddd75af037 + taskid: 2634bc10-1180-4987-872e-80b1506eae70 type: regular task: - id: acf8565e-b649-41af-8631-75ddd75af037 + id: 2634bc10-1180-4987-872e-80b1506eae70 version: -1 name: Print Error description: Prints an error entry with a given message @@ -126,6 +126,7 @@ tasks: message: simple: ERROR separatecontext: false + continueonerrortype: "" view: |- { "position": { @@ -142,10 +143,10 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: eee8500a-b9c6-4e6e-8565-6b15a55d1ef2 + taskid: c82679a1-c7e3-4716-8444-e12f787602d6 type: playbook task: - id: eee8500a-b9c6-4e6e-8565-6b15a55d1ef2 + id: c82679a1-c7e3-4716-8444-e12f787602d6 version: -1 name: Get Original Email - EWS v2 description: |- @@ -165,6 +166,7 @@ tasks: TargetMailbox: simple: ${inputs.UserID} separatecontext: true + continueonerrortype: "" loop: iscommand: false exitCondition: "" diff --git a/Packs/MicrosoftExchangeOnPremise/pack_metadata.json b/Packs/MicrosoftExchangeOnPremise/pack_metadata.json index 4da4ba220616..78f2bc5a198f 100644 --- a/Packs/MicrosoftExchangeOnPremise/pack_metadata.json +++ b/Packs/MicrosoftExchangeOnPremise/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Exchange On-Premise", "description": "Exchange Web Services", "support": "xsoar", - "currentVersion": "1.0.12", + "currentVersion": "2.0.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Tests/conf.json b/Tests/conf.json index baf093b5eeab..f934df042c68 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -1750,6 +1750,10 @@ "playbookID": "EWS V2 Send Mail Test", "instance_names": "ews_mail_sender_labdemisto" }, + { + "integrations": "EWS v2", + "playbookID": "EWSv2_empty_attachment_testt" + }, { "integrations": "Symantec Endpoint Protection V2", "playbookID": "SymantecEndpointProtection_Test" From b015c945104f337a6e5c81143194a3aed94a4395 Mon Sep 17 00:00:00 2001 From: ostolero Date: Tue, 13 Jun 2023 11:44:06 +0300 Subject: [PATCH 015/124] revert arg removal --- Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py index f57742bcb779..a6037e4a7e59 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.py @@ -33,7 +33,7 @@ class exchangelibSSLAdapter(SSLAdapter): - def cert_verify(self, conn, url, cert): + def cert_verify(self, conn, url, verify, cert): # pylint: disable=unused-argument # We're overriding a method, so we have to keep the signature super().cert_verify(conn=conn, url=url, verify=False, cert=cert) From 8bbbd038e7094e6100fdd7083613463debd976b0 Mon Sep 17 00:00:00 2001 From: ostolero Date: Tue, 13 Jun 2023 21:06:50 +0300 Subject: [PATCH 016/124] remove added tpb --- Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml | 1 - Tests/conf.json | 4 ---- 2 files changed, 5 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml index ebeccf6648e5..de1273d0a2ce 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2.yml @@ -1314,7 +1314,6 @@ tests: - pyEWS_Test - EWS V2 Send Mail Test - EWS V2 Send Mail Test 2 -- EWSv2_empty_attachment_testt - EWS Public Folders Test defaultmapperin: EWS v2-mapper defaultclassifier: EWS v2 diff --git a/Tests/conf.json b/Tests/conf.json index f934df042c68..baf093b5eeab 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -1750,10 +1750,6 @@ "playbookID": "EWS V2 Send Mail Test", "instance_names": "ews_mail_sender_labdemisto" }, - { - "integrations": "EWS v2", - "playbookID": "EWSv2_empty_attachment_testt" - }, { "integrations": "Symantec Endpoint Protection V2", "playbookID": "SymantecEndpointProtection_Test" From 1cfd29df0056c09f6af580ae4bef99b9e51d41df Mon Sep 17 00:00:00 2001 From: ostolero Date: Wed, 14 Jun 2023 09:42:38 +0300 Subject: [PATCH 017/124] update memory threshold --- Tests/conf.json | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/conf.json b/Tests/conf.json index baf093b5eeab..208c21ce30aa 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -3148,6 +3148,7 @@ "playbookID": "Get EWS Folder Test", "fromversion": "4.5.0", "instance_names": "ewv2_regular", + "memory_threshold": 100, "timeout": 1200 }, { From c17f36b60e293b2bc96739f7e18ceb39756f3504 Mon Sep 17 00:00:00 2001 From: ostolero Date: Wed, 14 Jun 2023 11:43:13 +0300 Subject: [PATCH 018/124] fix ut --- .../Integrations/EWSv2/EWSv2_test.py | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py index 15eda6f1c54f..da4685f7333c 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py @@ -206,33 +206,33 @@ def test_dateparser(): message_id='message1', text_body='Hello World', body='message1', - datetime_received=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_sent=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_created=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone.timezone('UTC')) + datetime_received=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone('UTC')), + datetime_sent=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone('UTC')), + datetime_created=EWSDateTime(2021, 7, 14, 13, 00, 00, tzinfo=EWSTimeZone('UTC')) ), Message(subject='message2', message_id='message2', text_body='Hello World', body='message2', - datetime_received=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_created=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')) + datetime_received=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')), + datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')), + datetime_created=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')) ), Message(subject='message3', message_id='message3', text_body='Hello World', body='message3', - datetime_received=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_created=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')) + datetime_received=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')), + datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')), + datetime_created=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')) ), Message(subject='message4', message_id='message4', text_body='Hello World', body='message4', - datetime_received=EWSDateTime(2021, 7, 14, 13, 10, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone.timezone('UTC')), - datetime_created=EWSDateTime(2021, 7, 14, 13, 11, 00, tzinfo=EWSTimeZone.timezone('UTC')) + datetime_received=EWSDateTime(2021, 7, 14, 13, 10, 00, tzinfo=EWSTimeZone('UTC')), + datetime_sent=EWSDateTime(2021, 7, 14, 13, 9, 00, tzinfo=EWSTimeZone('UTC')), + datetime_created=EWSDateTime(2021, 7, 14, 13, 11, 00, tzinfo=EWSTimeZone('UTC')) ), ] CASE_FIRST_RUN_NO_INCIDENT = ( From 2c21d8b4e27f905f1b17d962c46dbaeb2246187f Mon Sep 17 00:00:00 2001 From: ostolero Date: Wed, 14 Jun 2023 12:19:48 +0300 Subject: [PATCH 019/124] fix ut --- .../Integrations/EWSv2/EWSv2_test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py index da4685f7333c..91717e8bef25 100644 --- a/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py +++ b/Packs/MicrosoftExchangeOnPremise/Integrations/EWSv2/EWSv2_test.py @@ -107,7 +107,8 @@ def order_by(self, *args): return [Message(), Message(), Message(), Message(), Message()] client = TestNormalCommands.MockClient() - mocker.patch.object(dateparser, 'parse', return_value=datetime.datetime(2021, 5, 23, 13, 18, 14, 901293)) + mocker.patch.object(dateparser, 'parse', return_value=datetime.datetime(2021, 5, 23, 13, 18, 14, 901293, + datetime.timezone.utc)) mocker.patch.object(EWSv2, 'get_folder_by_path', return_value=MockObject()) mocker.patch.object(MockObject, 'filter') From 9355872455ec17121e619456b0a0f81cace3ae0c Mon Sep 17 00:00:00 2001 From: tkatzir Date: Tue, 6 Jun 2023 23:02:47 +0300 Subject: [PATCH 020/124] Fix urllib.parse import in CommonServerPython (#27252) --- Packs/Base/ReleaseNotes/1_32_9.md | 6 ++++++ Packs/Base/Scripts/CommonServerPython/CommonServerPython.py | 3 ++- Packs/Base/pack_metadata.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Packs/Base/ReleaseNotes/1_32_9.md diff --git a/Packs/Base/ReleaseNotes/1_32_9.md b/Packs/Base/ReleaseNotes/1_32_9.md new file mode 100644 index 000000000000..3da6f3715d43 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_32_9.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Fixed an issue where importing urllib.parse failed. diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index cbf9a0790858..e779c77f604c 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -1591,7 +1591,8 @@ def add_replace_strs(self, *args): js = js[:-1] to_add.append(js) if IS_PY3: - to_add.append(urllib.parse.quote_plus(a)) # type: ignore[attr-defined] + from urllib import parse as urllib_parse + to_add.append(urllib_parse.quote_plus(a)) # type: ignore[attr-defined] else: to_add.append(urllib.quote_plus(a)) # type: ignore[attr-defined] diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index b566631d0390..670fd189e84c 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.32.8", + "currentVersion": "1.32.9", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From fa038a7a8c9397c57a243c6fd4d40949e930689f Mon Sep 17 00:00:00 2001 From: rshunim <102469772+rshunim@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:29:39 +0300 Subject: [PATCH 021/124] Allow applying a new profile over an existing one in ***pan-os-apply-security-profile*** command (#27237) * Add XSOAR support for updating existing profile types * RN * fix UT * Update Packs/PAN-OS/ReleaseNotes/1_17_5.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix CR * RN * UT was added * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix * flake8 * UT stability --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> --- .../PAN-OS/Integrations/Panorama/Panorama.py | 44 ++++++++++++--- .../Integrations/Panorama/Panorama_test.py | 53 +++++++++++++++++-- Packs/PAN-OS/ReleaseNotes/1_17_5.md | 6 +++ Packs/PAN-OS/pack_metadata.json | 2 +- 4 files changed, 93 insertions(+), 12 deletions(-) create mode 100644 Packs/PAN-OS/ReleaseNotes/1_17_5.md diff --git a/Packs/PAN-OS/Integrations/Panorama/Panorama.py b/Packs/PAN-OS/Integrations/Panorama/Panorama.py index d07907d793f4..a98a73013b50 100644 --- a/Packs/PAN-OS/Integrations/Panorama/Panorama.py +++ b/Packs/PAN-OS/Integrations/Panorama/Panorama.py @@ -6916,14 +6916,44 @@ def get_security_profiles_command(security_profile: str = None): @logger -def apply_security_profile(xpath: str, profile_name: str) -> Dict: +def apply_security_profile(xpath: str, profile_name: str, profile_type: str) -> Dict: + # get the rule state + params = { + 'action': 'get', + 'type': 'config', + 'xpath': xpath, + 'key': API_KEY, + } + result = http_request(URL, 'GET', params=params) + + # Get all profile types already existing, so we don't override them when updating + profile_types_result = dict_safe_get(result, ['response', 'result', 'entry', 'profile-setting', 'profiles'], + default_return_value={}) + + # align the response for both committed and un-committed profiles + parse_pan_os_un_committed_data(profile_types_result, ['@admin', '@dirtyId', '@time']) + + # remove from the types the given profile type, since we update it anyway + profile_types = {'data-filtering', 'file-blocking', 'spyware', 'url-filtering', + 'virus', 'vulnerability', 'wildfire-analysis'} - {profile_type} + + # first we update the given profile type with the given profile name + rule_profiles = f"<{profile_type}>{profile_name}" + + # Keeping the existing profile types + for p_type in profile_types: + if p_type in profile_types_result: + p_name = profile_types_result.get(p_type, {}).get('member') + rule_profiles += f"<{p_type}>{p_name}" + params = { 'action': 'set', 'type': 'config', 'xpath': xpath, 'key': API_KEY, - 'element': f'{profile_name}' + 'element': f'{rule_profiles}' } + result = http_request(URL, 'POST', params=params) return result @@ -6933,20 +6963,18 @@ def apply_security_profile_command(args): profile_name = args.get('profile_name') profile_type = args.get('profile_type') rule_name = args.get('rule_name') - pre_post = args.get('rule_name') + pre_post = args.get('pre_post') if DEVICE_GROUP: # Panorama instance if not pre_post: raise Exception('Please provide the pre_post argument when applying profiles to rules in ' 'Panorama instance.') - xpath = f"{XPATH_RULEBASE}{pre_post}/security/rules/entry[@name='{rule_name}']/profile-setting/" \ - f"profiles/{profile_type}" + xpath = f"{XPATH_RULEBASE}{pre_post}/security/rules/entry[@name='{rule_name}']" else: # firewall instance - xpath = f"{XPATH_RULEBASE}rulebase/security/rules/entry[@name='{rule_name}']/profile-setting/" \ - f"profiles/{profile_type}" + xpath = f"{XPATH_RULEBASE}rulebase/security/rules/entry[@name='{rule_name}']" - apply_security_profile(xpath, profile_name) + apply_security_profile(xpath, profile_name, profile_type) return_results(f'The profile {profile_name} has been applied to the rule {rule_name}') diff --git a/Packs/PAN-OS/Integrations/Panorama/Panorama_test.py b/Packs/PAN-OS/Integrations/Panorama/Panorama_test.py index d973115c5d4a..1974e571efdf 100644 --- a/Packs/PAN-OS/Integrations/Panorama/Panorama_test.py +++ b/Packs/PAN-OS/Integrations/Panorama/Panorama_test.py @@ -1168,7 +1168,8 @@ def test_apply_security_profiles_command_main_flow(mocker): 'device-group': 'new-device-group', 'profile_type': 'data-filtering', 'profile_name': 'test-profile', - 'rule_name': 'rule-test' + 'rule_name': 'rule-test', + 'pre_post': 'rule-test' } ) mocker.patch.object(demisto, 'command', return_value='pan-os-apply-security-profile') @@ -1181,11 +1182,57 @@ def test_apply_security_profiles_command_main_flow(mocker): assert request_mock.call_args.kwargs['params'] == { 'action': 'set', 'type': 'config', 'xpath': "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='new-device-group']" - "/rule-test/security/rules/entry[@name='rule-test']/profile-setting/profiles/data-filtering", - 'key': 'thisisabogusAPIKEY!', 'element': 'test-profile'} + "/rule-test/security/rules/entry[@name='rule-test']", + 'key': 'thisisabogusAPIKEY!', 'element': '' + 'test-profile' + ''} assert res.call_args.args[0] == 'The profile test-profile has been applied to the rule rule-test' +def test_apply_security_profiles_command_when_one_already_exists(mocker): + """ + Given + - integrations parameters. + - pan-os-apply-security-profile command arguments including device_group + - same profile as already exists in the rule + + When - + running the pan-os-apply-security-profile command through the main flow + + Then + - Ensure the request is what's already in the API (the 'element' parameter contains all profiles in the XML) + """ + from Panorama import main + + mocker.patch.object(demisto, 'params', return_value=integration_panorama_params) + mocker.patch.object( + demisto, + 'args', + return_value={ + 'device-group': 'new-device-group', + 'profile_type': 'spyware', + 'profile_name': 'strict', + 'rule_name': 'rule-test', + 'pre_post': 'rule-test' + } + ) + mocker.patch('Panorama.dict_safe_get', return_value={'virus': {'member': 'Tap'}, 'spyware': {'member': 'strict'}}) + mocker.patch.object(demisto, 'command', return_value='pan-os-apply-security-profile') + request_mock = mocker.patch('Panorama.http_request') + + res = mocker.patch('demistomock.results') + main() + + assert request_mock.call_args.kwargs['params'] == { + 'action': 'set', 'type': 'config', + 'xpath': "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='new-device-group']" + "/rule-test/security/rules/entry[@name='rule-test']", + 'key': 'thisisabogusAPIKEY!', + 'element': 'strict' + 'Tap'} + assert res.call_args.args[0] == 'The profile strict has been applied to the rule rule-test' + + class TestPanoramaEditRuleCommand: EDIT_SUCCESS_RESPONSE = {'response': {'@status': 'success', '@code': '20', 'msg': 'command succeeded'}} EDIT_AUDIT_COMMENT_SUCCESS_RESPONSE = { diff --git a/Packs/PAN-OS/ReleaseNotes/1_17_5.md b/Packs/PAN-OS/ReleaseNotes/1_17_5.md new file mode 100644 index 000000000000..5b41162d0139 --- /dev/null +++ b/Packs/PAN-OS/ReleaseNotes/1_17_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Palo Alto Networks PAN-OS + +- Fixed an issue where the ***pan-os-apply-security-profile*** command didn't work for panorama instances. diff --git a/Packs/PAN-OS/pack_metadata.json b/Packs/PAN-OS/pack_metadata.json index 95670278cae5..4c8669ec6783 100644 --- a/Packs/PAN-OS/pack_metadata.json +++ b/Packs/PAN-OS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PAN-OS by Palo Alto Networks", "description": "Manage Palo Alto Networks Firewall and Panorama. For more information see Panorama documentation.", "support": "xsoar", - "currentVersion": "1.17.4", + "currentVersion": "1.17.5", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 18a195d2eec44c3833f9f71498e1650961dbd9b1 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 09:37:38 +0300 Subject: [PATCH 022/124] Update Docker Image To demisto/splunksdk-py3 (#27263) * Updated Metadata Of Pack SplunkPy * Added release notes to pack SplunkPy * Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Docker image update --- Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml | 2 +- Packs/SplunkPy/ReleaseNotes/3_0_19.md | 3 +++ Packs/SplunkPy/pack_metadata.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Packs/SplunkPy/ReleaseNotes/3_0_19.md diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml index d92e73d7b354..e77351df535c 100644 --- a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml +++ b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml @@ -626,7 +626,7 @@ script: - contextPath: Splunk.UserMapping.SplunkUser description: Splunk user mapping. type: String - dockerimage: demisto/splunksdk-py3:1.0.0.60414 + dockerimage: demisto/splunksdk-py3:1.0.0.61535 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/SplunkPy/ReleaseNotes/3_0_19.md b/Packs/SplunkPy/ReleaseNotes/3_0_19.md new file mode 100644 index 000000000000..c12a9331fa1d --- /dev/null +++ b/Packs/SplunkPy/ReleaseNotes/3_0_19.md @@ -0,0 +1,3 @@ +#### Integrations +##### SplunkPy +- Updated the Docker image to: *demisto/splunksdk-py3:1.0.0.61535*. diff --git a/Packs/SplunkPy/pack_metadata.json b/Packs/SplunkPy/pack_metadata.json index eb1a356c5277..c10c9032feb3 100644 --- a/Packs/SplunkPy/pack_metadata.json +++ b/Packs/SplunkPy/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Splunk", "description": "Run queries on Splunk servers.", "support": "xsoar", - "currentVersion": "3.0.18", + "currentVersion": "3.0.19", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 231515341368ecd55109aa9d53d3f7a6142b5fa8 Mon Sep 17 00:00:00 2001 From: Dror Avrahami Date: Wed, 7 Jun 2023 11:08:35 +0300 Subject: [PATCH 023/124] Updated domain extraction playbook - changing .zip to a valid TLD (#27264) * Updated domain extraction playbook * some formatting. * Update playbook-Domain_extraction_test.yml * Update playbook-Domain_extraction_test.yml --- .../playbook-Domain_extraction_test.yml | 112 +++++++++--------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/Packs/Base/TestPlaybooks/playbook-Domain_extraction_test.yml b/Packs/Base/TestPlaybooks/playbook-Domain_extraction_test.yml index a626a91853cd..bf34e9efd155 100644 --- a/Packs/Base/TestPlaybooks/playbook-Domain_extraction_test.yml +++ b/Packs/Base/TestPlaybooks/playbook-Domain_extraction_test.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: def7640e-da15-498b-8e70-6498f009d81c + taskid: c1380b27-e019-49bc-8aae-8bf8570e50c9 type: start task: - id: def7640e-da15-498b-8e70-6498f009d81c + id: c1380b27-e019-49bc-8aae-8bf8570e50c9 version: -1 name: "" iscommand: false @@ -23,7 +23,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 50 } } @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "9": id: "9" - taskid: fb706760-78dc-492f-8275-13c5f2a76ed7 + taskid: 6418521e-4b72-4f8e-85f2-2cea269e66cb type: regular task: - id: fb706760-78dc-492f-8275-13c5f2a76ed7 + id: 6418521e-4b72-4f8e-85f2-2cea269e66cb version: -1 name: DeleteContext description: Delete field from context @@ -58,7 +58,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 195 } } @@ -71,10 +71,10 @@ tasks: isautoswitchedtoquietmode: false "19": id: "19" - taskid: 4f1d3aea-f2e4-4e0e-8f9d-f8562cb5ada0 + taskid: 3204f3dc-398a-49f5-8dda-99d8b8bd3de5 type: title task: - id: 4f1d3aea-f2e4-4e0e-8f9d-f8562cb5ada0 + id: 3204f3dc-398a-49f5-8dda-99d8b8bd3de5 version: -1 name: Domain type: title @@ -89,7 +89,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 370 } } @@ -102,10 +102,10 @@ tasks: isautoswitchedtoquietmode: false "20": id: "20" - taskid: 13b20615-803e-421a-8575-d090e3d15e85 + taskid: 808e5d0f-e4f7-4613-80e0-44a281d88de6 type: regular task: - id: 13b20615-803e-421a-8575-d090e3d15e85 + id: 808e5d0f-e4f7-4613-80e0-44a281d88de6 version: -1 name: Set vaild domains description: Sets a value into the context with the given context key @@ -120,13 +120,13 @@ tasks: key: simple: valid_domains value: - simple: "\"www.test.com\", \n\"test.com\", \n\"www.xn--t1e2s3t4.com\", \n\"ötest.com\", \n\"defang[.]com\", \n\"見.香港\"" + simple: "\"none.zip\",\n\"www.test.com\", \n\"test.com\", \n\"www.xn--t1e2s3t4.com\", \n\"ötest.com\", \n\"defang[.]com\", \n\"見.香港\"" separatecontext: false continueonerrortype: "" view: |- { "position": { - "x": 1125, + "x": 1340, "y": 515 } } @@ -139,10 +139,10 @@ tasks: isautoswitchedtoquietmode: false "21": id: "21" - taskid: b722a29e-e670-459c-8fdb-176cb5945002 + taskid: 0b944dcb-d179-4ed2-8699-052237417f6f type: regular task: - id: b722a29e-e670-459c-8fdb-176cb5945002 + id: 0b944dcb-d179-4ed2-8699-052237417f6f version: -1 name: Print valid domains description: Prints text to war room (Markdown supported) @@ -158,6 +158,7 @@ tasks: - "82" - "81" - "80" + - "25" scriptarguments: execution-timeout: simple: "30" @@ -169,7 +170,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 690 } } @@ -182,10 +183,10 @@ tasks: isautoswitchedtoquietmode: false "22": id: "22" - taskid: 6ee40ea5-55ce-47cb-8b5b-3f36f05687d2 + taskid: 3cbb2bbc-9d51-43f8-8bcb-dd26826fb951 type: condition task: - id: 6ee40ea5-55ce-47cb-8b5b-3f36f05687d2 + id: 3cbb2bbc-9d51-43f8-8bcb-dd26826fb951 version: -1 name: check auto extract - 見.香港 type: condition @@ -223,10 +224,10 @@ tasks: isautoswitchedtoquietmode: false "23": id: "23" - taskid: ed708de6-624e-427b-805e-e3db7a91271c + taskid: 511c713a-9852-4916-8234-354c09a1d647 type: regular task: - id: ed708de6-624e-427b-805e-e3db7a91271c + id: 511c713a-9852-4916-8234-354c09a1d647 version: -1 name: Set invalid domains description: Sets a value into the context with the given context key @@ -241,13 +242,13 @@ tasks: key: simple: invalid_domains value: - simple: "\"none.zip\", \n\"test.notexist\", \n\"test[.com\"" + simple: "\"test.notexist\", \n\"test[.com\"" separatecontext: false continueonerrortype: "" view: |- { "position": { - "x": 1125, + "x": 1340, "y": 1040 } } @@ -260,10 +261,10 @@ tasks: isautoswitchedtoquietmode: false "24": id: "24" - taskid: 7ba77b7b-7b6c-4a10-8f60-3fe4615d1683 + taskid: ec66e848-fe7c-453d-8784-0d4740a7368f type: regular task: - id: 7ba77b7b-7b6c-4a10-8f60-3fe4615d1683 + id: ec66e848-fe7c-453d-8784-0d4740a7368f version: -1 name: Print invalid domains description: Prints text to war room (Markdown supported) @@ -273,7 +274,6 @@ tasks: brand: "" nexttasks: '#none#': - - "25" - "84" - "83" scriptarguments: @@ -285,7 +285,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 1215 } } @@ -298,23 +298,23 @@ tasks: isautoswitchedtoquietmode: false "25": id: "25" - taskid: 5b3998d2-077c-48d9-8a42-c6e4568cf5a9 + taskid: 086a81ca-0d63-4684-8b54-d05bd4f99f40 type: condition task: - id: 5b3998d2-077c-48d9-8a42-c6e4568cf5a9 + id: 086a81ca-0d63-4684-8b54-d05bd4f99f40 version: -1 - name: non extraction - none.zip + name: check auto extract - none.zip type: condition iscommand: false brand: "" nexttasks: "yes": - - "77" + - "23" separatecontext: false conditions: - label: "yes" condition: - - - operator: notContainsGeneral + - - operator: containsGeneral left: value: simple: ${Domain.Name} @@ -326,8 +326,8 @@ tasks: view: |- { "position": { - "x": 695, - "y": 1390 + "x": 480, + "y": 865 } } note: false @@ -339,10 +339,10 @@ tasks: isautoswitchedtoquietmode: false "77": id: "77" - taskid: 39d3cbb3-dc56-423b-889c-a43f951ca4e5 + taskid: acec90ce-9367-43fd-86fe-9af543c40fa1 type: regular task: - id: 39d3cbb3-dc56-423b-889c-a43f951ca4e5 + id: acec90ce-9367-43fd-86fe-9af543c40fa1 version: -1 name: DeleteContext description: Delete field from context @@ -358,7 +358,7 @@ tasks: view: |- { "position": { - "x": 1125, + "x": 1340, "y": 1565 } } @@ -371,10 +371,10 @@ tasks: isautoswitchedtoquietmode: false "78": id: "78" - taskid: b872edd1-d008-40f1-8791-c2dc6aa0f254 + taskid: b90a47a4-4614-4548-870a-71a1a6865d43 type: condition task: - id: b872edd1-d008-40f1-8791-c2dc6aa0f254 + id: b90a47a4-4614-4548-870a-71a1a6865d43 version: -1 name: check auto extract - ötest.com type: condition @@ -399,7 +399,7 @@ tasks: view: |- { "position": { - "x": 480, + "x": 910, "y": 865 } } @@ -412,10 +412,10 @@ tasks: isautoswitchedtoquietmode: false "79": id: "79" - taskid: d2fcc6d1-a251-45d6-80fe-20a82b86dc35 + taskid: 992549a0-1722-44bd-8092-eb7ae1aa2450 type: condition task: - id: d2fcc6d1-a251-45d6-80fe-20a82b86dc35 + id: 992549a0-1722-44bd-8092-eb7ae1aa2450 version: -1 name: check auto extract - defang.com type: condition @@ -440,7 +440,7 @@ tasks: view: |- { "position": { - "x": 910, + "x": 1340, "y": 865 } } @@ -453,10 +453,10 @@ tasks: isautoswitchedtoquietmode: false "80": id: "80" - taskid: 1c8ced05-7c6b-4749-8b76-99f9eebe2a94 + taskid: f66a49fd-494b-4ad4-83e5-8c08de3bf4e6 type: condition task: - id: 1c8ced05-7c6b-4749-8b76-99f9eebe2a94 + id: f66a49fd-494b-4ad4-83e5-8c08de3bf4e6 version: -1 name: check auto extract - www.test.com type: condition @@ -481,7 +481,7 @@ tasks: view: |- { "position": { - "x": 1340, + "x": 1770, "y": 865 } } @@ -494,10 +494,10 @@ tasks: isautoswitchedtoquietmode: false "81": id: "81" - taskid: 308ed8c1-989f-4193-829f-70dd13a46e87 + taskid: 5b51e207-4f37-4049-8a33-e7ca11f06b4a type: condition task: - id: 308ed8c1-989f-4193-829f-70dd13a46e87 + id: 5b51e207-4f37-4049-8a33-e7ca11f06b4a version: -1 name: check auto extract - test.com type: condition @@ -522,7 +522,7 @@ tasks: view: |- { "position": { - "x": 1770, + "x": 2200, "y": 865 } } @@ -535,10 +535,10 @@ tasks: isautoswitchedtoquietmode: false "82": id: "82" - taskid: 5d661594-6536-4cc1-87ac-02a06569faac + taskid: 34f766e8-dc90-48da-801a-5017a14d6ffb type: condition task: - id: 5d661594-6536-4cc1-87ac-02a06569faac + id: 34f766e8-dc90-48da-801a-5017a14d6ffb version: -1 name: check auto extract - www.xn--t1e2s3t4.com type: condition @@ -563,7 +563,7 @@ tasks: view: |- { "position": { - "x": 2200, + "x": 2630, "y": 865 } } @@ -576,10 +576,10 @@ tasks: isautoswitchedtoquietmode: false "83": id: "83" - taskid: 25316fe8-208a-421e-891b-1fd9ddfbce65 + taskid: 3e232c8e-00c5-435f-8c67-32c3b7748b77 type: condition task: - id: 25316fe8-208a-421e-891b-1fd9ddfbce65 + id: 3e232c8e-00c5-435f-8c67-32c3b7748b77 version: -1 name: non extraction - test[.com type: condition @@ -617,10 +617,10 @@ tasks: isautoswitchedtoquietmode: false "84": id: "84" - taskid: e4a7e02a-09fe-476c-820e-fed762d09cb4 + taskid: 1b4cf1c5-633e-496e-8fcf-5e576d72e0fd type: condition task: - id: e4a7e02a-09fe-476c-820e-fed762d09cb4 + id: 1b4cf1c5-633e-496e-8fcf-5e576d72e0fd version: -1 name: non extraction - test.notexist type: condition @@ -662,7 +662,7 @@ view: |- "paper": { "dimensions": { "height": 1610, - "width": 2530, + "width": 2960, "x": 50, "y": 50 } From 27bb7c7f675563d50caf54d8c9119eeaf7f91453 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:19:59 +0300 Subject: [PATCH 024/124] Update Docker Image To demisto/duoadmin3 (#27268) * Updated Metadata Of Pack DuoAdminApi * Added release notes to pack DuoAdminApi * Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml Docker image update * Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml Docker image update --- Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml | 2 +- .../Integrations/DuoEventCollector/DuoEventCollector.yml | 2 +- Packs/DuoAdminApi/ReleaseNotes/4_0_1.md | 5 +++++ Packs/DuoAdminApi/pack_metadata.json | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 Packs/DuoAdminApi/ReleaseNotes/4_0_1.md diff --git a/Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml b/Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml index 1eb8ada4e754..6fa03ada97bf 100644 --- a/Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml +++ b/Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml @@ -333,7 +333,7 @@ script: outputs: [] description: Modify the user account. name: duoadmin-modify-user - dockerimage: demisto/duoadmin3:1.0.0.51401 + dockerimage: demisto/duoadmin3:1.0.0.61875 runonce: false script: '' type: python diff --git a/Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml b/Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml index 1228b78f5d88..242a86dcc92d 100644 --- a/Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml +++ b/Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml @@ -62,7 +62,7 @@ script: description: Manual command to fetch events and display them. execution: false name: duo-get-events - dockerimage: demisto/duoadmin3:1.0.0.61106 + dockerimage: demisto/duoadmin3:1.0.0.61875 runonce: false isfetchevents: true subtype: python3 diff --git a/Packs/DuoAdminApi/ReleaseNotes/4_0_1.md b/Packs/DuoAdminApi/ReleaseNotes/4_0_1.md new file mode 100644 index 000000000000..481dec09ef35 --- /dev/null +++ b/Packs/DuoAdminApi/ReleaseNotes/4_0_1.md @@ -0,0 +1,5 @@ +#### Integrations +##### Duo Event Collector +- Updated the Docker image to: *demisto/duoadmin3:1.0.0.61875*. +##### DUO Admin +- Updated the Docker image to: *demisto/duoadmin3:1.0.0.61875*. diff --git a/Packs/DuoAdminApi/pack_metadata.json b/Packs/DuoAdminApi/pack_metadata.json index 65774d13b19b..2fbd74061cea 100644 --- a/Packs/DuoAdminApi/pack_metadata.json +++ b/Packs/DuoAdminApi/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DUO Admin", "description": "DUO for admins.\nMust have access to the admin api in order to use this", "support": "xsoar", - "currentVersion": "4.0.0", + "currentVersion": "4.0.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 35d5b02c21a341386ebdfb8780d84153e4e17b7e Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:21:18 +0300 Subject: [PATCH 025/124] Update Docker Image To demisto/googleapi-python3 (#27267) * Updated Metadata Of Pack GoogleDrive * Added release notes to pack GoogleDrive * Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml Docker image update --- Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml | 2 +- Packs/GoogleDrive/ReleaseNotes/1_2_32.md | 3 +++ Packs/GoogleDrive/pack_metadata.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Packs/GoogleDrive/ReleaseNotes/1_2_32.md diff --git a/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml b/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml index 1725ecd18469..f4e892bc3051 100644 --- a/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml +++ b/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml @@ -3244,7 +3244,7 @@ script: - "false" required: false secret: false - dockerimage: demisto/googleapi-python3:1.0.0.61820 + dockerimage: demisto/googleapi-python3:1.0.0.62140 feed: false isfetch: true longRunning: false diff --git a/Packs/GoogleDrive/ReleaseNotes/1_2_32.md b/Packs/GoogleDrive/ReleaseNotes/1_2_32.md new file mode 100644 index 000000000000..08c3894c9f48 --- /dev/null +++ b/Packs/GoogleDrive/ReleaseNotes/1_2_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Drive +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.62140*. diff --git a/Packs/GoogleDrive/pack_metadata.json b/Packs/GoogleDrive/pack_metadata.json index b635651f5c5b..5dfc7f6b44f8 100644 --- a/Packs/GoogleDrive/pack_metadata.json +++ b/Packs/GoogleDrive/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Drive", "description": "Google Drive allows users to store files on their servers, synchronize files across devices, and share files. This integration helps you to create a new drive, query past activity and view change logs performed by the users, as well as list drives and files, and manage their permissions.", "support": "xsoar", - "currentVersion": "1.2.31", + "currentVersion": "1.2.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 962afc51e7b0e51d1aa876242df3facb9ae6fc0e Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:22:25 +0300 Subject: [PATCH 026/124] Update Docker Image To demisto/python3 (#27266) * Updated Metadata Of Pack Darktrace * Added release notes to pack Darktrace * Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml Docker image update * Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml Docker image update * Updated Metadata Of Pack CybleEvents * Added release notes to pack CybleEvents * Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml Docker image update * Updated Metadata Of Pack Censys * Added release notes to pack Censys * Packs/Censys/Integrations/CensysV2/CensysV2.yml Docker image update * Updated Metadata Of Pack VirusTotal * Added release notes to pack VirusTotal * Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml Docker image update * Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml Docker image update * Updated Metadata Of Pack CofenseIntelligenceV2 * Added release notes to pack CofenseIntelligenceV2 * Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml Docker image update * Updated Metadata Of Pack CheckPointDome9 * Added release notes to pack CheckPointDome9 * Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml Docker image update * Updated Metadata Of Pack Reco * Added release notes to pack Reco * Packs/Reco/Integrations/Reco/Reco.yml Docker image update * Updated Metadata Of Pack CimTrak-SystemIntegrityAssurance * Added release notes to pack CimTrak-SystemIntegrityAssurance * Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml Docker image update --- Packs/Censys/Integrations/CensysV2/CensysV2.yml | 2 +- Packs/Censys/ReleaseNotes/2_0_23.md | 3 +++ Packs/Censys/pack_metadata.json | 2 +- .../Integrations/CheckPointDome9/CheckPointDome9.yml | 2 +- Packs/CheckPointDome9/ReleaseNotes/1_0_11.md | 3 +++ Packs/CheckPointDome9/pack_metadata.json | 2 +- .../Integrations/CimTrak/CimTrak.yml | 2 +- .../CimTrak-SystemIntegrityAssurance/ReleaseNotes/1_0_11.md | 3 +++ Packs/CimTrak-SystemIntegrityAssurance/pack_metadata.json | 2 +- .../CofenseIntelligenceV2/CofenseIntelligenceV2.yml | 2 +- Packs/CofenseIntelligenceV2/ReleaseNotes/1_1_10.md | 3 +++ Packs/CofenseIntelligenceV2/pack_metadata.json | 2 +- Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml | 2 +- Packs/CybleEvents/ReleaseNotes/1_0_10.md | 3 +++ Packs/CybleEvents/pack_metadata.json | 2 +- Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml | 2 +- Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml | 2 +- Packs/Darktrace/ReleaseNotes/2_0_6.md | 5 +++++ Packs/Darktrace/pack_metadata.json | 2 +- Packs/Reco/Integrations/Reco/Reco.yml | 2 +- Packs/Reco/ReleaseNotes/1_1_2.md | 3 +++ Packs/Reco/pack_metadata.json | 2 +- Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml | 2 +- .../VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml | 2 +- Packs/VirusTotal/ReleaseNotes/2_6_2.md | 5 +++++ Packs/VirusTotal/pack_metadata.json | 2 +- 26 files changed, 46 insertions(+), 18 deletions(-) create mode 100644 Packs/Censys/ReleaseNotes/2_0_23.md create mode 100644 Packs/CheckPointDome9/ReleaseNotes/1_0_11.md create mode 100644 Packs/CimTrak-SystemIntegrityAssurance/ReleaseNotes/1_0_11.md create mode 100644 Packs/CofenseIntelligenceV2/ReleaseNotes/1_1_10.md create mode 100644 Packs/CybleEvents/ReleaseNotes/1_0_10.md create mode 100644 Packs/Darktrace/ReleaseNotes/2_0_6.md create mode 100644 Packs/Reco/ReleaseNotes/1_1_2.md create mode 100644 Packs/VirusTotal/ReleaseNotes/2_6_2.md diff --git a/Packs/Censys/Integrations/CensysV2/CensysV2.yml b/Packs/Censys/Integrations/CensysV2/CensysV2.yml index 0435aed90ffe..8ed45c262031 100644 --- a/Packs/Censys/Integrations/CensysV2/CensysV2.yml +++ b/Packs/Censys/Integrations/CensysV2/CensysV2.yml @@ -413,7 +413,7 @@ script: - contextPath: Censys.Search.parsed.issuer_dn description: Distinguished name of the entity that has signed and issued the certificate. type: String - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/Censys/ReleaseNotes/2_0_23.md b/Packs/Censys/ReleaseNotes/2_0_23.md new file mode 100644 index 000000000000..19162ac3333c --- /dev/null +++ b/Packs/Censys/ReleaseNotes/2_0_23.md @@ -0,0 +1,3 @@ +#### Integrations +##### Censys v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Censys/pack_metadata.json b/Packs/Censys/pack_metadata.json index 1f69a7ec3f45..65b4bf7f7a93 100644 --- a/Packs/Censys/pack_metadata.json +++ b/Packs/Censys/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Censys", "description": "Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.", "support": "xsoar", - "currentVersion": "2.0.22", + "currentVersion": "2.0.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml b/Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml index 80f4cac1a01a..851d3a1fe41b 100644 --- a/Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml +++ b/Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml @@ -1612,7 +1612,7 @@ script: - contextPath: CheckPointDome9.FindingsBundle.region description: The CloudTrail account ID. type: String - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/CheckPointDome9/ReleaseNotes/1_0_11.md b/Packs/CheckPointDome9/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..dbdd2f89636b --- /dev/null +++ b/Packs/CheckPointDome9/ReleaseNotes/1_0_11.md @@ -0,0 +1,3 @@ +#### Integrations +##### Check Point Dome9 (CloudGuard) +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CheckPointDome9/pack_metadata.json b/Packs/CheckPointDome9/pack_metadata.json index 4daea675da4b..785e4230ae6b 100644 --- a/Packs/CheckPointDome9/pack_metadata.json +++ b/Packs/CheckPointDome9/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Check Point Dome9 (CloudGuard)", "description": "Dome9 integration allows to easily manage the security and compliance of the public cloud.", "support": "xsoar", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml b/Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml index ca562fbd6e12..ab5bd71682c1 100644 --- a/Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml +++ b/Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml @@ -2331,7 +2331,7 @@ script: - contextPath: CimTrak.Object.agentObjectId description: Agent Object Id type: number - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true longRunning: true runonce: false diff --git a/Packs/CimTrak-SystemIntegrityAssurance/ReleaseNotes/1_0_11.md b/Packs/CimTrak-SystemIntegrityAssurance/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..90f87ed94d17 --- /dev/null +++ b/Packs/CimTrak-SystemIntegrityAssurance/ReleaseNotes/1_0_11.md @@ -0,0 +1,3 @@ +#### Integrations +##### CimTrak - System Integrity Assurance +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CimTrak-SystemIntegrityAssurance/pack_metadata.json b/Packs/CimTrak-SystemIntegrityAssurance/pack_metadata.json index d284feb6a029..c5a3ab971918 100644 --- a/Packs/CimTrak-SystemIntegrityAssurance/pack_metadata.json +++ b/Packs/CimTrak-SystemIntegrityAssurance/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CimTrak - System Integrity Assurance", "description": "The CimTrak integration helps you detect unexpected system/device/config modifications and automatically respond/react to threats", "support": "partner", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Cimcor", "url": "www.cimcor.com", "email": "support@cimcor.com", diff --git a/Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml b/Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml index 73b51dc9951a..677b26875209 100644 --- a/Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml +++ b/Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml @@ -1540,7 +1540,7 @@ script: - contextPath: File.Extension description: The file extension. type: String - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/CofenseIntelligenceV2/ReleaseNotes/1_1_10.md b/Packs/CofenseIntelligenceV2/ReleaseNotes/1_1_10.md new file mode 100644 index 000000000000..9a6646872a14 --- /dev/null +++ b/Packs/CofenseIntelligenceV2/ReleaseNotes/1_1_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cofense Intelligence v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CofenseIntelligenceV2/pack_metadata.json b/Packs/CofenseIntelligenceV2/pack_metadata.json index 594a3351a4b6..c0a698ab9a86 100644 --- a/Packs/CofenseIntelligenceV2/pack_metadata.json +++ b/Packs/CofenseIntelligenceV2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cofense Intelligence v2", "description": "Cofense Intelligence allows users to search for threat intelligence reports based on domains, IPs, email address, file hashes, URLs and extracted strings.", "support": "partner", - "currentVersion": "1.1.9", + "currentVersion": "1.1.10", "author": "Cofense", "url": "https://cofense.com/contact-support/", "email": "support@cofense.com", diff --git a/Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml b/Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml index 26806f8d1615..ef7359e5763f 100644 --- a/Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml +++ b/Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml @@ -220,7 +220,7 @@ script: - contextPath: CybleEvents.Events.Details description: Returns details for given event of specific type type: String - dockerimage: demisto/python3:3.10.11.59581 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/CybleEvents/ReleaseNotes/1_0_10.md b/Packs/CybleEvents/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..428bd6265bc2 --- /dev/null +++ b/Packs/CybleEvents/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cyble Events +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CybleEvents/pack_metadata.json b/Packs/CybleEvents/pack_metadata.json index a29412be0bf1..ab39521a439f 100644 --- a/Packs/CybleEvents/pack_metadata.json +++ b/Packs/CybleEvents/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cyble Events", "description": "Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence.", "support": "partner", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cyble Infosec", "url": "https://cyble.com/", "email": "", diff --git a/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml b/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml index c954820472b0..969d07cbc7f6 100644 --- a/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml +++ b/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml @@ -226,7 +226,7 @@ script: - contextPath: Darktrace.AIAnalyst.groupCategory description: Group category type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml b/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml index c8cbe5547898..f5c62605551e 100644 --- a/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml +++ b/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml @@ -266,7 +266,7 @@ script: - contextPath: Darktrace.Model.Component description: A dictionary of the details of the model. Each model might have different keys. It is recommended to run the command once to check the relevant outputs in context type: Unknown - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Darktrace/ReleaseNotes/2_0_6.md b/Packs/Darktrace/ReleaseNotes/2_0_6.md new file mode 100644 index 000000000000..7f41ccfcff2d --- /dev/null +++ b/Packs/Darktrace/ReleaseNotes/2_0_6.md @@ -0,0 +1,5 @@ +#### Integrations +##### Darktrace Model Breaches +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +##### Darktrace AI Analyst +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Darktrace/pack_metadata.json b/Packs/Darktrace/pack_metadata.json index ca60338764ee..b96677bcc937 100644 --- a/Packs/Darktrace/pack_metadata.json +++ b/Packs/Darktrace/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Darktrace", "description": "Populates Darktrace Model Breaches and AI Analyst Events in Cortex XSOAR, allowing for cross-platform automated investigation and response.", "support": "partner", - "currentVersion": "2.0.5", + "currentVersion": "2.0.6", "fromVersion": "5.0.0", "author": "Darktrace", "githubUser": "", diff --git a/Packs/Reco/Integrations/Reco/Reco.yml b/Packs/Reco/Integrations/Reco/Reco.yml index 83940ee2b082..0e34ceef0c0b 100644 --- a/Packs/Reco/Integrations/Reco/Reco.yml +++ b/Packs/Reco/Integrations/Reco/Reco.yml @@ -65,7 +65,7 @@ description: Reco is a Saas data security solution that protects your data from display: Reco name: Reco script: - dockerimage: demisto/python3:3.10.11.59581 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Reco/ReleaseNotes/1_1_2.md b/Packs/Reco/ReleaseNotes/1_1_2.md new file mode 100644 index 000000000000..f2763d826a2f --- /dev/null +++ b/Packs/Reco/ReleaseNotes/1_1_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Reco +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Reco/pack_metadata.json b/Packs/Reco/pack_metadata.json index 4f985c3d7013..35f3844834cb 100644 --- a/Packs/Reco/pack_metadata.json +++ b/Packs/Reco/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Reco", "description": "Reco - detects and protects against sensitive data leakage", "support": "partner", - "currentVersion": "1.1.1", + "currentVersion": "1.1.2", "author": "Reco", "url": "https://reco.ai", "email": "support@reco.ai", diff --git a/Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml b/Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml index be8159ce921e..8a920080b4a2 100644 --- a/Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml +++ b/Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml @@ -116,7 +116,7 @@ script: description: 'This command will reset your fetch history.' execution: false name: vt-reset-fetch-indicators - dockerimage: demisto/python3:3.10.11.59581 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml b/Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml index 01f00987acf7..1bb6880b4e55 100644 --- a/Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml +++ b/Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml @@ -112,7 +112,7 @@ script: description: "This command will reset your fetch history." execution: false name: vt-retrohunt-reset-fetch-indicators - dockerimage: demisto/python3:3.10.11.59581 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/VirusTotal/ReleaseNotes/2_6_2.md b/Packs/VirusTotal/ReleaseNotes/2_6_2.md new file mode 100644 index 000000000000..bacbe29b7192 --- /dev/null +++ b/Packs/VirusTotal/ReleaseNotes/2_6_2.md @@ -0,0 +1,5 @@ +#### Integrations +##### VirusTotal Livehunt Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +##### VirusTotal Retrohunt Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/VirusTotal/pack_metadata.json b/Packs/VirusTotal/pack_metadata.json index e110f18d7580..5f192f8de351 100644 --- a/Packs/VirusTotal/pack_metadata.json +++ b/Packs/VirusTotal/pack_metadata.json @@ -2,7 +2,7 @@ "name": "VirusTotal", "description": "Analyze suspicious hashes, URLs, domains and IP addresses", "support": "partner", - "currentVersion": "2.6.1", + "currentVersion": "2.6.2", "author": "VirusTotal", "url": "https://www.virustotal.com", "email": "contact@virustotal.com", From 9249c6106aee988797e693326c0924483a03f31a Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 12:48:12 +0300 Subject: [PATCH 027/124] Update Docker Image To demisto/python3 (#27272) * Updated Metadata Of Pack FeedProofpoint * Added release notes to pack FeedProofpoint * Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml Docker image update * Updated Metadata Of Pack Ipstack * Added release notes to pack Ipstack * Packs/Ipstack/Integrations/Ipstack/Ipstack.yml Docker image update * Updated Metadata Of Pack SafeBreach * Added release notes to pack SafeBreach * Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml Docker image update * Updated Metadata Of Pack RedCanary * Added release notes to pack RedCanary * Packs/RedCanary/Integrations/RedCanary/RedCanary.yml Docker image update * Updated Metadata Of Pack PiHole * Added release notes to pack PiHole * Packs/PiHole/Integrations/PiHole/PiHole.yml Docker image update * Updated Metadata Of Pack FeedDShield * Added release notes to pack FeedDShield * Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml Docker image update * Updated Metadata Of Pack OpenPhish * Added release notes to pack OpenPhish * Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml Docker image update * Updated Metadata Of Pack NistNVD * Added release notes to pack NistNVD * Packs/NistNVD/Integrations/NistNVD/NistNVD.yml Docker image update * Updated Metadata Of Pack Cognni * Added release notes to pack Cognni * Packs/Cognni/Integrations/Cognni/Cognni.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml Docker image update * Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml Docker image update * Updated Metadata Of Pack NozomiNetworks * Added release notes to pack NozomiNetworks * Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml Docker image update * Updated Metadata Of Pack ANYRUN * Added release notes to pack ANYRUN * Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml Docker image update * Updated Metadata Of Pack Carbon_Black_Enterprise_Response * Added release notes to pack Carbon_Black_Enterprise_Response * Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml Docker image update * Updated Metadata Of Pack Absolute * Added release notes to pack Absolute * Packs/Absolute/Integrations/Absolute/Absolute.yml Docker image update * Updated Metadata Of Pack Ironscales * Added release notes to pack Ironscales * Packs/Ironscales/Integrations/Ironscales/Ironscales.yml Docker image update * Updated Metadata Of Pack FeedURLhaus * Added release notes to pack FeedURLhaus * Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml Docker image update * Updated Metadata Of Pack Lokpath_Keylight * Added release notes to pack Lokpath_Keylight * Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml Docker image update * Updated Metadata Of Pack FeedMISP * Added release notes to pack FeedMISP * Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml Docker image update * Updated Metadata Of Pack FraudWatch * Added release notes to pack FraudWatch * Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml Docker image update * Updated Metadata Of Pack CovalenceManagedSecurity * Added release notes to pack CovalenceManagedSecurity * Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml Docker image update * Updated Metadata Of Pack IllusiveNetworks * Added release notes to pack IllusiveNetworks * Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml Docker image update * Updated Metadata Of Pack Edgescan * Added release notes to pack Edgescan * Packs/Edgescan/Integrations/Edgescan/Edgescan.yml Docker image update * Updated Metadata Of Pack PerceptionPoint * Added release notes to pack PerceptionPoint * Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml Docker image update * Updated Metadata Of Pack Druva * Added release notes to pack Druva * Packs/Druva/Integrations/Druva/Druva.yml Docker image update * Updated Metadata Of Pack APIVoid * Added release notes to pack APIVoid * Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update * Updated Metadata Of Pack PingIdentity * Added release notes to pack PingIdentity * Packs/PingIdentity/Integrations/PingOne/PingOne.yml Docker image update * Updated Metadata Of Pack cisco-ise * Added release notes to pack cisco-ise * Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml Docker image update * Updated Metadata Of Pack SailPointIdentityIQ * Added release notes to pack SailPointIdentityIQ * Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml Docker image update * Updated Metadata Of Pack Cymulate * Added release notes to pack Cymulate * Packs/Cymulate/Integrations/Cymulate/Cymulate.yml Docker image update * Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml Docker image update * Updated Metadata Of Pack XSOARmirroring * Added release notes to pack XSOARmirroring * Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml Docker image update * Updated Metadata Of Pack XMatters * Added release notes to pack XMatters * Packs/XMatters/Integrations/xMatters/xMatters.yml Docker image update * Updated Metadata Of Pack Zimperium * Added release notes to pack Zimperium * Packs/Zimperium/Integrations/Zimperium/Zimperium.yml Docker image update * Updated Metadata Of Pack RSANetWitnessEndpoint * Added release notes to pack RSANetWitnessEndpoint * Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml Docker image update * Updated Metadata Of Pack SymantecBlueCoatMalwareAnalysis * Added release notes to pack SymantecBlueCoatMalwareAnalysis * Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml Docker image update * Updated Metadata Of Pack InfoArmor_VigilanteATI * Added release notes to pack InfoArmor_VigilanteATI * Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml Docker image update * Updated Metadata Of Pack PingCastle * Added release notes to pack PingCastle * Packs/PingCastle/Integrations/PingCastle/PingCastle.yml Docker image update * Updated Metadata Of Pack MaxMind_GeoIP2 * Added release notes to pack MaxMind_GeoIP2 * Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml Docker image update * Updated Metadata Of Pack Maltiverse * Added release notes to pack Maltiverse * Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml Docker image update * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml Docker image update * Updated Metadata Of Pack AlienVault_USM_Anywhere * Added release notes to pack AlienVault_USM_Anywhere * Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml Docker image update * Updated Metadata Of Pack ProofpointServerProtection * Added release notes to pack ProofpointServerProtection * Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml Docker image update * Updated Metadata Of Pack OpsGenie * Added release notes to pack OpsGenie * Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml Docker image update * Fixed lint and validate --------- Co-authored-by: sberman --- Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml | 2 +- Packs/ANYRUN/ReleaseNotes/1_0_16.md | 3 + Packs/ANYRUN/pack_metadata.json | 2 +- .../APIVoid/Integrations/APIVoid/APIVoid.yml | 2 +- Packs/APIVoid/ReleaseNotes/1_0_32.md | 3 + Packs/APIVoid/pack_metadata.json | 2 +- .../AbnormalSecurityEventCollector.yml | 2 +- Packs/AbnormalSecurity/ReleaseNotes/2_0_18.md | 3 + Packs/AbnormalSecurity/pack_metadata.json | 2 +- .../Integrations/Absolute/Absolute.yml | 2 +- Packs/Absolute/ReleaseNotes/1_0_18.md | 3 + Packs/Absolute/pack_metadata.json | 2 +- .../ACTIVulnerabilityQuery.yml | 2 +- Packs/AccentureCTI/ReleaseNotes/2_2_15.md | 3 + Packs/AccentureCTI/pack_metadata.json | 2 +- .../AlienVault_USM_Anywhere.yml | 2 +- .../ReleaseNotes/1_0_17.md | 3 + .../pack_metadata.json | 2 +- .../CarbonBlackEndpointStandard.yml | 2 +- .../CarbonBlackDefense/ReleaseNotes/3_0_27.md | 3 + Packs/CarbonBlackDefense/pack_metadata.json | 2 +- .../CarbonBlackResponseV2.yml | 2 +- .../ReleaseNotes/2_1_34.md | 3 + .../pack_metadata.json | 2 +- Packs/Cognni/Integrations/Cognni/Cognni.yml | 2 +- Packs/Cognni/ReleaseNotes/1_1_3.md | 3 + Packs/Cognni/pack_metadata.json | 2 +- .../CovalenceManagedSecurity.yml | 2 +- .../ReleaseNotes/1_1_5.md | 3 + .../pack_metadata.json | 2 +- .../Integrations/Cymulate/Cymulate.yml | 2 +- .../Integrations/Cymulate_v2/Cymulate_v2.yml | 2 +- Packs/Cymulate/ReleaseNotes/2_0_19.md | 5 + Packs/Cymulate/pack_metadata.json | 2 +- .../APIMetricsValidation.yml | 2 +- .../CreateIncidents/CreateIncidents.yml | 2 +- .../CustomIndicatorDemo.yml | 2 +- Packs/DeveloperTools/ReleaseNotes/1_2_44.md | 7 + Packs/DeveloperTools/pack_metadata.json | 2 +- Packs/Druva/Integrations/Druva/Druva.yml | 2 +- Packs/Druva/ReleaseNotes/1_1_7.md | 3 + Packs/Druva/pack_metadata.json | 2 +- .../Integrations/Edgescan/Edgescan.yml | 2 +- Packs/Edgescan/ReleaseNotes/1_0_7.md | 3 + Packs/Edgescan/pack_metadata.json | 2 +- .../Integrations/FeedDShield/FeedDShield.yml | 2 +- Packs/FeedDShield/ReleaseNotes/1_1_24.md | 3 + Packs/FeedDShield/pack_metadata.json | 2 +- .../Integrations/FeedMISP/FeedMISP.yml | 2 +- Packs/FeedMISP/ReleaseNotes/1_0_22.md | 3 + Packs/FeedMISP/pack_metadata.json | 2 +- .../FeedProofpoint/FeedProofpoint.yml | 2 +- Packs/FeedProofpoint/ReleaseNotes/1_0_9.md | 3 + Packs/FeedProofpoint/pack_metadata.json | 2 +- .../Integrations/FeedURLhaus/FeedURLhaus.yml | 2 +- Packs/FeedURLhaus/ReleaseNotes/1_0_5.md | 3 + Packs/FeedURLhaus/pack_metadata.json | 2 +- .../Integrations/FortiSIEM/FortiSIEM.py | 5 +- .../Integrations/FortiSIEM/FortiSIEM.yml | 2 +- Packs/FortiSIEM/ReleaseNotes/2_0_12.md | 3 + Packs/FortiSIEM/pack_metadata.json | 2 +- .../Integrations/FraudWatch/FraudWatch.yml | 2 +- Packs/FraudWatch/ReleaseNotes/1_0_8.md | 3 + Packs/FraudWatch/pack_metadata.json | 2 +- .../IllusiveNetworks/IllusiveNetworks.yml | 2 +- Packs/IllusiveNetworks/ReleaseNotes/1_0_25.md | 3 + Packs/IllusiveNetworks/pack_metadata.json | 2 +- .../InfoArmorVigilanteATI.py | 3 +- .../InfoArmorVigilanteATI.yml | 2 +- .../ReleaseNotes/1_0_7.md | 3 + .../InfoArmor_VigilanteATI/pack_metadata.json | 2 +- .../Ipstack/Integrations/Ipstack/Ipstack.yml | 2 +- Packs/Ipstack/ReleaseNotes/1_0_10.md | 3 + Packs/Ipstack/pack_metadata.json | 2 +- .../Integrations/Ironscales/Ironscales.yml | 2 +- Packs/Ironscales/ReleaseNotes/1_1_6.md | 3 + Packs/Ironscales/pack_metadata.json | 2 +- .../Lockpath_KeyLight_v2.yml | 2 +- Packs/Lokpath_Keylight/ReleaseNotes/1_1_17.md | 3 + Packs/Lokpath_Keylight/pack_metadata.json | 2 +- .../Integrations/Maltiverse/Maltiverse.yml | 2 +- Packs/Maltiverse/ReleaseNotes/1_0_21.md | 3 + Packs/Maltiverse/pack_metadata.json | 2 +- .../MaxMind_GeoIP2/MaxMind_GeoIP2.py | 3 +- .../MaxMind_GeoIP2/MaxMind_GeoIP2.yml | 2 +- Packs/MaxMind_GeoIP2/ReleaseNotes/1_0_9.md | 3 + Packs/MaxMind_GeoIP2/pack_metadata.json | 2 +- .../NistNVD/Integrations/NistNVD/NistNVD.yml | 2 +- Packs/NistNVD/Integrations/NistNVD/README.md | 146 ++++++++++++++++++ Packs/NistNVD/ReleaseNotes/1_0_3.md | 3 + Packs/NistNVD/pack_metadata.json | 2 +- .../NozomiNetworks/NozomiNetworks.py | 4 +- .../NozomiNetworks/NozomiNetworks.yml | 2 +- Packs/NozomiNetworks/ReleaseNotes/1_0_6.md | 3 + Packs/NozomiNetworks/pack_metadata.json | 2 +- .../Integrations/OpenPhish_v2/OpenPhish_v2.py | 4 +- .../OpenPhish_v2/OpenPhish_v2.yml | 2 +- Packs/OpenPhish/ReleaseNotes/2_0_12.md | 3 + Packs/OpenPhish/pack_metadata.json | 2 +- .../Integrations/OpsGenieV3/OpsGenieV3.yml | 2 +- Packs/OpsGenie/ReleaseNotes/2_0_15.md | 3 + Packs/OpsGenie/pack_metadata.json | 2 +- .../PANOSPolicyOptimizer.yml | 2 +- .../ReleaseNotes/1_1_6.md | 3 + Packs/PANOSPolicyOptimizer/pack_metadata.json | 2 +- .../PerceptionPoint/PerceptionPoint.yml | 2 +- Packs/PerceptionPoint/ReleaseNotes/1_0_6.md | 3 + Packs/PerceptionPoint/pack_metadata.json | 2 +- Packs/PiHole/Integrations/PiHole/PiHole.py | 4 +- Packs/PiHole/Integrations/PiHole/PiHole.yml | 2 +- Packs/PiHole/ReleaseNotes/1_0_3.md | 3 + Packs/PiHole/pack_metadata.json | 2 +- .../Integrations/PingCastle/PingCastle.yml | 2 +- Packs/PingCastle/ReleaseNotes/1_0_3.md | 3 + Packs/PingCastle/pack_metadata.json | 2 +- .../Integrations/PingOne/PingOne.yml | 2 +- Packs/PingIdentity/ReleaseNotes/1_0_3.md | 3 + Packs/PingIdentity/pack_metadata.json | 2 +- .../ProofpointProtectionServerV2.yml | 2 +- .../ReleaseNotes/2_1_2.md | 3 + .../pack_metadata.json | 2 +- .../RSANetWitnessEndpoint.py | 3 +- .../RSANetWitnessEndpoint.yml | 2 +- .../ReleaseNotes/1_0_8.md | 3 + .../RSANetWitnessEndpoint/pack_metadata.json | 2 +- .../Integrations/RedCanary/RedCanary.yml | 2 +- Packs/RedCanary/ReleaseNotes/1_1_13.md | 3 + Packs/RedCanary/pack_metadata.json | 2 +- .../SafeBreach_v2/SafeBreach_v2.yml | 2 +- Packs/SafeBreach/ReleaseNotes/1_2_1.md | 3 + Packs/SafeBreach/pack_metadata.json | 2 +- .../SafeNetTrustedAccess.yml | 2 +- .../ReleaseNotes/2_0_15.md | 3 + .../SafeNet_Trusted_Access/pack_metadata.json | 2 +- .../SailPointIdentityIQ.yml | 2 +- .../ReleaseNotes/1_0_10.md | 3 + Packs/SailPointIdentityIQ/pack_metadata.json | 2 +- .../SymantecBlueCoatMalwareAnalysis.yml | 2 +- .../ReleaseNotes/1_0_6.md | 3 + .../pack_metadata.json | 2 +- .../Integrations/xMatters/xMatters.py | 4 +- .../Integrations/xMatters/xMatters.yml | 2 +- Packs/XMatters/ReleaseNotes/1_0_7.md | 3 + Packs/XMatters/pack_metadata.json | 2 +- .../XSOARmirroring/XSOARmirroring.yml | 2 +- Packs/XSOARmirroring/ReleaseNotes/2_0_14.md | 3 + Packs/XSOARmirroring/pack_metadata.json | 2 +- .../Integrations/Zimperium/Zimperium.yml | 2 +- Packs/Zimperium/ReleaseNotes/1_1_8.md | 3 + Packs/Zimperium/pack_metadata.json | 2 +- .../Integrations/cisco-ise/README.md | 104 ++++++++++++- .../Integrations/cisco-ise/cisco-ise.py | 3 +- .../Integrations/cisco-ise/cisco-ise.yml | 2 +- Packs/cisco-ise/ReleaseNotes/1_0_10.md | 3 + Packs/cisco-ise/pack_metadata.json | 2 +- 155 files changed, 512 insertions(+), 112 deletions(-) create mode 100644 Packs/ANYRUN/ReleaseNotes/1_0_16.md create mode 100644 Packs/APIVoid/ReleaseNotes/1_0_32.md create mode 100644 Packs/AbnormalSecurity/ReleaseNotes/2_0_18.md create mode 100644 Packs/Absolute/ReleaseNotes/1_0_18.md create mode 100644 Packs/AccentureCTI/ReleaseNotes/2_2_15.md create mode 100644 Packs/AlienVault_USM_Anywhere/ReleaseNotes/1_0_17.md create mode 100644 Packs/CarbonBlackDefense/ReleaseNotes/3_0_27.md create mode 100644 Packs/Carbon_Black_Enterprise_Response/ReleaseNotes/2_1_34.md create mode 100644 Packs/Cognni/ReleaseNotes/1_1_3.md create mode 100644 Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_5.md create mode 100644 Packs/Cymulate/ReleaseNotes/2_0_19.md create mode 100644 Packs/DeveloperTools/ReleaseNotes/1_2_44.md create mode 100644 Packs/Druva/ReleaseNotes/1_1_7.md create mode 100644 Packs/Edgescan/ReleaseNotes/1_0_7.md create mode 100644 Packs/FeedDShield/ReleaseNotes/1_1_24.md create mode 100644 Packs/FeedMISP/ReleaseNotes/1_0_22.md create mode 100644 Packs/FeedProofpoint/ReleaseNotes/1_0_9.md create mode 100644 Packs/FeedURLhaus/ReleaseNotes/1_0_5.md create mode 100644 Packs/FortiSIEM/ReleaseNotes/2_0_12.md create mode 100644 Packs/FraudWatch/ReleaseNotes/1_0_8.md create mode 100644 Packs/IllusiveNetworks/ReleaseNotes/1_0_25.md create mode 100644 Packs/InfoArmor_VigilanteATI/ReleaseNotes/1_0_7.md create mode 100644 Packs/Ipstack/ReleaseNotes/1_0_10.md create mode 100644 Packs/Ironscales/ReleaseNotes/1_1_6.md create mode 100644 Packs/Lokpath_Keylight/ReleaseNotes/1_1_17.md create mode 100644 Packs/Maltiverse/ReleaseNotes/1_0_21.md create mode 100644 Packs/MaxMind_GeoIP2/ReleaseNotes/1_0_9.md create mode 100644 Packs/NistNVD/ReleaseNotes/1_0_3.md create mode 100644 Packs/NozomiNetworks/ReleaseNotes/1_0_6.md create mode 100644 Packs/OpenPhish/ReleaseNotes/2_0_12.md create mode 100644 Packs/OpsGenie/ReleaseNotes/2_0_15.md create mode 100644 Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_6.md create mode 100644 Packs/PerceptionPoint/ReleaseNotes/1_0_6.md create mode 100644 Packs/PiHole/ReleaseNotes/1_0_3.md create mode 100644 Packs/PingCastle/ReleaseNotes/1_0_3.md create mode 100644 Packs/PingIdentity/ReleaseNotes/1_0_3.md create mode 100644 Packs/ProofpointServerProtection/ReleaseNotes/2_1_2.md create mode 100644 Packs/RSANetWitnessEndpoint/ReleaseNotes/1_0_8.md create mode 100644 Packs/RedCanary/ReleaseNotes/1_1_13.md create mode 100644 Packs/SafeBreach/ReleaseNotes/1_2_1.md create mode 100644 Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_15.md create mode 100644 Packs/SailPointIdentityIQ/ReleaseNotes/1_0_10.md create mode 100644 Packs/SymantecBlueCoatMalwareAnalysis/ReleaseNotes/1_0_6.md create mode 100644 Packs/XMatters/ReleaseNotes/1_0_7.md create mode 100644 Packs/XSOARmirroring/ReleaseNotes/2_0_14.md create mode 100644 Packs/Zimperium/ReleaseNotes/1_1_8.md create mode 100644 Packs/cisco-ise/ReleaseNotes/1_0_10.md diff --git a/Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml b/Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml index 98403b1434fd..dd516782ff45 100644 --- a/Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml +++ b/Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml @@ -434,7 +434,7 @@ script: - contextPath: ANYRUN.Task.ID description: ID of the task created to analyze the submission. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 subtype: python3 isfetch: false runonce: false diff --git a/Packs/ANYRUN/ReleaseNotes/1_0_16.md b/Packs/ANYRUN/ReleaseNotes/1_0_16.md new file mode 100644 index 000000000000..9d5361f05cad --- /dev/null +++ b/Packs/ANYRUN/ReleaseNotes/1_0_16.md @@ -0,0 +1,3 @@ +#### Integrations +##### ANY.RUN +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/ANYRUN/pack_metadata.json b/Packs/ANYRUN/pack_metadata.json index 1272f7f9934f..b7f0bafd8729 100644 --- a/Packs/ANYRUN/pack_metadata.json +++ b/Packs/ANYRUN/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ANY.RUN", "description": "ANY.RUN is a cloud-based sandbox with interactive access.", "support": "xsoar", - "currentVersion": "1.0.15", + "currentVersion": "1.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml b/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml index eb42a74e6fef..6e00f5be7ca4 100644 --- a/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml +++ b/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml @@ -1639,7 +1639,7 @@ script: description: '' type: boolean description: A smart API that accurately checks a website's trustworthiness. - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 fromversion: 5.0.0 diff --git a/Packs/APIVoid/ReleaseNotes/1_0_32.md b/Packs/APIVoid/ReleaseNotes/1_0_32.md new file mode 100644 index 000000000000..984dc9d68bd3 --- /dev/null +++ b/Packs/APIVoid/ReleaseNotes/1_0_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### APIVoid +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/APIVoid/pack_metadata.json b/Packs/APIVoid/pack_metadata.json index f356fa2960c9..56ab326e26c4 100644 --- a/Packs/APIVoid/pack_metadata.json +++ b/Packs/APIVoid/pack_metadata.json @@ -2,7 +2,7 @@ "name": "APIVoid", "description": "APIVoid wraps up a number of services such as ipvoid & urlvoid", "support": "xsoar", - "currentVersion": "1.0.31", + "currentVersion": "1.0.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml b/Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml index cb2d04b93d29..2501e84b7b32 100644 --- a/Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml +++ b/Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml @@ -41,7 +41,7 @@ script: - 'True' - 'False' required: true - dockerimage: demisto/python3:3.10.11.56082 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/AbnormalSecurity/ReleaseNotes/2_0_18.md b/Packs/AbnormalSecurity/ReleaseNotes/2_0_18.md new file mode 100644 index 000000000000..d4d8936c274b --- /dev/null +++ b/Packs/AbnormalSecurity/ReleaseNotes/2_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### Abnormal Security Event Collector +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/AbnormalSecurity/pack_metadata.json b/Packs/AbnormalSecurity/pack_metadata.json index aa13ae7004d7..4c5a1d61496f 100644 --- a/Packs/AbnormalSecurity/pack_metadata.json +++ b/Packs/AbnormalSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Abnormal Security", "description": "Abnormal Security detects and protects against the whole spectrum of email attacks", "support": "partner", - "currentVersion": "2.0.17", + "currentVersion": "2.0.18", "author": "Abnormal Security", "url": "", "email": "support@abnormalsecurity.com", diff --git a/Packs/Absolute/Integrations/Absolute/Absolute.yml b/Packs/Absolute/Integrations/Absolute/Absolute.yml index e15860d34b4d..c512f92a34f8 100644 --- a/Packs/Absolute/Integrations/Absolute/Absolute.yml +++ b/Packs/Absolute/Integrations/Absolute/Absolute.yml @@ -915,7 +915,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 fromversion: 6.0.0 tests: - Absolute_TestPlaybook diff --git a/Packs/Absolute/ReleaseNotes/1_0_18.md b/Packs/Absolute/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..8e8012d67644 --- /dev/null +++ b/Packs/Absolute/ReleaseNotes/1_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### Absolute +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Absolute/pack_metadata.json b/Packs/Absolute/pack_metadata.json index 56c54770b04b..10b800a7e42b 100644 --- a/Packs/Absolute/pack_metadata.json +++ b/Packs/Absolute/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Absolute", "description": "Absolute is an adaptive endpoint security solution that delivers device security, data security and asset management of endpoints", "support": "xsoar", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml b/Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml index 636f05bd0a33..f4afd8133a43 100644 --- a/Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml +++ b/Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml @@ -88,7 +88,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false longRunning: false longRunningPort: false diff --git a/Packs/AccentureCTI/ReleaseNotes/2_2_15.md b/Packs/AccentureCTI/ReleaseNotes/2_2_15.md new file mode 100644 index 000000000000..778041e0cd5f --- /dev/null +++ b/Packs/AccentureCTI/ReleaseNotes/2_2_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### ACTI Vulnerability Query +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/AccentureCTI/pack_metadata.json b/Packs/AccentureCTI/pack_metadata.json index 8d58172e9a5d..8450cb832711 100644 --- a/Packs/AccentureCTI/pack_metadata.json +++ b/Packs/AccentureCTI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Accenture CTI v2", "description": "Accenture CTI provides intelligence regarding security threats and vulnerabilities.", "support": "partner", - "currentVersion": "2.2.14", + "currentVersion": "2.2.15", "author": "Accenture", "url": "https://www.accenture.com/us-en/services/security/cyber-defense", "email": "CTI.AcctManagement@accenture.com", diff --git a/Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml b/Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml index f251d561832d..f46afe0b1e82 100644 --- a/Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml +++ b/Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml @@ -412,7 +412,7 @@ script: - contextPath: AlienVault.Event.Subcategory description: The event subcategory. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true longRunning: false longRunningPort: false diff --git a/Packs/AlienVault_USM_Anywhere/ReleaseNotes/1_0_17.md b/Packs/AlienVault_USM_Anywhere/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..8ec0d733b182 --- /dev/null +++ b/Packs/AlienVault_USM_Anywhere/ReleaseNotes/1_0_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### AlienVault USM Anywhere +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/AlienVault_USM_Anywhere/pack_metadata.json b/Packs/AlienVault_USM_Anywhere/pack_metadata.json index 2583192f82a7..e84eb7f73fa8 100644 --- a/Packs/AlienVault_USM_Anywhere/pack_metadata.json +++ b/Packs/AlienVault_USM_Anywhere/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AlienVault USM Anywhere", "description": "Searches for and monitors alarms and events from AlienVault USM Anywhere.", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml b/Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml index 03b98c3f7635..b4f60c30a15d 100644 --- a/Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml +++ b/Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml @@ -2024,7 +2024,7 @@ script: - contextPath: CarbonBlackDefense.Alert.policy_applied description: Whether a policy was applied. (APPLIED, NOT_APPLIED). type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/CarbonBlackDefense/ReleaseNotes/3_0_27.md b/Packs/CarbonBlackDefense/ReleaseNotes/3_0_27.md new file mode 100644 index 000000000000..76ecb7a7003a --- /dev/null +++ b/Packs/CarbonBlackDefense/ReleaseNotes/3_0_27.md @@ -0,0 +1,3 @@ +#### Integrations +##### Carbon Black Endpoint Standard v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CarbonBlackDefense/pack_metadata.json b/Packs/CarbonBlackDefense/pack_metadata.json index 16300bcbbf6c..e9b072071784 100644 --- a/Packs/CarbonBlackDefense/pack_metadata.json +++ b/Packs/CarbonBlackDefense/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Carbon Black Endpoint Standard", "description": "Next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware.", "support": "xsoar", - "currentVersion": "3.0.26", + "currentVersion": "3.0.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml b/Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml index 608c2bcaa236..b9065ba3919a 100644 --- a/Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml +++ b/Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml @@ -2066,7 +2066,7 @@ script: - contextPath: Endpoint.Processor description: The model of the processor. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Carbon_Black_Enterprise_Response/ReleaseNotes/2_1_34.md b/Packs/Carbon_Black_Enterprise_Response/ReleaseNotes/2_1_34.md new file mode 100644 index 000000000000..f68289ba84be --- /dev/null +++ b/Packs/Carbon_Black_Enterprise_Response/ReleaseNotes/2_1_34.md @@ -0,0 +1,3 @@ +#### Integrations +##### VMware Carbon Black EDR v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Carbon_Black_Enterprise_Response/pack_metadata.json b/Packs/Carbon_Black_Enterprise_Response/pack_metadata.json index 027816ef3e11..c3523c85c728 100644 --- a/Packs/Carbon_Black_Enterprise_Response/pack_metadata.json +++ b/Packs/Carbon_Black_Enterprise_Response/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Carbon Black Enterprise Response", "description": "Query and respond with Carbon Black endpoint detection and response.", "support": "xsoar", - "currentVersion": "2.1.33", + "currentVersion": "2.1.34", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Cognni/Integrations/Cognni/Cognni.yml b/Packs/Cognni/Integrations/Cognni/Cognni.yml index 33ae9a3b07fa..f4c1fc6f7071 100644 --- a/Packs/Cognni/Integrations/Cognni/Cognni.yml +++ b/Packs/Cognni/Integrations/Cognni/Cognni.yml @@ -129,7 +129,7 @@ script: - contextPath: Cognni.insights.severity description: List of insight severities. type: Number - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Cognni/ReleaseNotes/1_1_3.md b/Packs/Cognni/ReleaseNotes/1_1_3.md new file mode 100644 index 000000000000..68177864b78b --- /dev/null +++ b/Packs/Cognni/ReleaseNotes/1_1_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cognni +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Cognni/pack_metadata.json b/Packs/Cognni/pack_metadata.json index 1dc1bc7d4c3a..c28d58cb8323 100644 --- a/Packs/Cognni/pack_metadata.json +++ b/Packs/Cognni/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cognni", "description": "Autonomous detection and investigation of information security incidents and other potential threats.", "support": "partner", - "currentVersion": "1.1.2", + "currentVersion": "1.1.3", "author": "Cognni", "certification": "certified", "url": "https://cognni.ai/contact-support", diff --git a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml index 3eb202ad1239..931d43ae2d41 100644 --- a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml +++ b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml @@ -163,7 +163,7 @@ script: - contextPath: FESPortal.Org.name description: Name type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_5.md b/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_5.md new file mode 100644 index 000000000000..3197e6d443d8 --- /dev/null +++ b/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_5.md @@ -0,0 +1,3 @@ +#### Integrations +##### Covalence Managed Security +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/CovalenceManagedSecurity/pack_metadata.json b/Packs/CovalenceManagedSecurity/pack_metadata.json index 0e3f052bdae2..4ef7333ad1fd 100644 --- a/Packs/CovalenceManagedSecurity/pack_metadata.json +++ b/Packs/CovalenceManagedSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Covalence Managed Security", "description": "Triggers by triaged alerts from endpoint, cloud, and network security monitoring. Contains event details and easy-to-follow mitigation steps.", "support": "partner", - "currentVersion": "1.1.4", + "currentVersion": "1.1.5", "author": "Field Effect Security", "url": "https://fieldeffect.com/products/covalence-cyber-security/", "email": "support@fieldeffect.com", diff --git a/Packs/Cymulate/Integrations/Cymulate/Cymulate.yml b/Packs/Cymulate/Integrations/Cymulate/Cymulate.yml index d65a4489664e..b74d1ede346e 100644 --- a/Packs/Cymulate/Integrations/Cymulate/Cymulate.yml +++ b/Packs/Cymulate/Integrations/Cymulate/Cymulate.yml @@ -92,7 +92,7 @@ script: - contextPath: Cymulate.Incident.Attack_ID description: The cymulate's Attack ID of the incident type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml b/Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml index 09b4d986c7cb..dc9ec669b121 100644 --- a/Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml +++ b/Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml @@ -816,7 +816,7 @@ script: - contextPath: Cymulate.Simulations.Template description: Attack template. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Cymulate/ReleaseNotes/2_0_19.md b/Packs/Cymulate/ReleaseNotes/2_0_19.md new file mode 100644 index 000000000000..f13c6272de59 --- /dev/null +++ b/Packs/Cymulate/ReleaseNotes/2_0_19.md @@ -0,0 +1,5 @@ +#### Integrations +##### Cymulate +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +##### Cymulate v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Cymulate/pack_metadata.json b/Packs/Cymulate/pack_metadata.json index b6e0b6b5d06b..402e42ede863 100644 --- a/Packs/Cymulate/pack_metadata.json +++ b/Packs/Cymulate/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cymulate", "description": "You can now verify your security posture on-demand using the Cymulate integration, which allows you to launch simulations of cyberattacks, breach, and attacks against yourself", "support": "partner", - "currentVersion": "2.0.18", + "currentVersion": "2.0.19", "author": "Cymulate", "url": "", "email": "support@cymulate.com", diff --git a/Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml b/Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml index 8a6f35da7323..d5d2db5e1e22 100644 --- a/Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml +++ b/Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml @@ -57,7 +57,7 @@ script: - name: test-scenario-ten arguments: [] description: This command is executed five times in the PB - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 fromversion: 6.8.0 diff --git a/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml b/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml index ae6ae98f63ec..91fcb9e7b7ef 100644 --- a/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml +++ b/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml @@ -60,7 +60,7 @@ script: description: Creates incidents from json files provided, and stores it in the instance context. execution: false name: create-test-incident-from-file - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml b/Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml index c2fc3cfd9cb6..4c87a07a03f4 100644 --- a/Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml +++ b/Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml @@ -24,7 +24,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 fromversion: 5.5.0 tests: - playbook-CustomIndicatorDemo-test diff --git a/Packs/DeveloperTools/ReleaseNotes/1_2_44.md b/Packs/DeveloperTools/ReleaseNotes/1_2_44.md new file mode 100644 index 000000000000..851ec706e1f8 --- /dev/null +++ b/Packs/DeveloperTools/ReleaseNotes/1_2_44.md @@ -0,0 +1,7 @@ +#### Integrations +##### Create Test Incidents +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +##### CustomIndicatorDemo +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +##### APIMetricsValidation +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/DeveloperTools/pack_metadata.json b/Packs/DeveloperTools/pack_metadata.json index bd8d08a86f8a..d46ada024c44 100644 --- a/Packs/DeveloperTools/pack_metadata.json +++ b/Packs/DeveloperTools/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Developer Tools", "description": "Basic tools for content development.", "support": "xsoar", - "currentVersion": "1.2.43", + "currentVersion": "1.2.44", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Druva/Integrations/Druva/Druva.yml b/Packs/Druva/Integrations/Druva/Druva.yml index a62713a3a67a..185f2de76913 100644 --- a/Packs/Druva/Integrations/Druva/Druva.yml +++ b/Packs/Druva/Integrations/Druva/Druva.yml @@ -246,7 +246,7 @@ script: - contextPath: Druva.Resource.resourceType description: The type of the Resource. description: Finds shared drives resources specific to share drive name - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 longRunningPort: true diff --git a/Packs/Druva/ReleaseNotes/1_1_7.md b/Packs/Druva/ReleaseNotes/1_1_7.md new file mode 100644 index 000000000000..f04bd9d6094b --- /dev/null +++ b/Packs/Druva/ReleaseNotes/1_1_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Druva Ransomware Response +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Druva/pack_metadata.json b/Packs/Druva/pack_metadata.json index e42c221d4ad2..b03fc2a61f6d 100644 --- a/Packs/Druva/pack_metadata.json +++ b/Packs/Druva/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Druva", "description": "Centrally orchestrate ransomware response and recovery via API integrations and automated playbooks. This content pack will empower you to get back to normal faster after security incidents such as insider threats and ransomware attacks.", "support": "partner", - "currentVersion": "1.1.6", + "currentVersion": "1.1.7", "author": "Druva", "url": "", "email": "techpartners@druva.com", diff --git a/Packs/Edgescan/Integrations/Edgescan/Edgescan.yml b/Packs/Edgescan/Integrations/Edgescan/Edgescan.yml index 717dd10ef123..b25937eac30e 100644 --- a/Packs/Edgescan/Integrations/Edgescan/Edgescan.yml +++ b/Packs/Edgescan/Integrations/Edgescan/Edgescan.yml @@ -1057,7 +1057,7 @@ script: - contextPath: Edgescan.AnnotationAdd.created_at description: The date when the annoation was added type: Date - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Edgescan/ReleaseNotes/1_0_7.md b/Packs/Edgescan/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..79904ef366da --- /dev/null +++ b/Packs/Edgescan/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Edgescan +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Edgescan/pack_metadata.json b/Packs/Edgescan/pack_metadata.json index e371618deec6..f1ac592188da 100644 --- a/Packs/Edgescan/pack_metadata.json +++ b/Packs/Edgescan/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Edgescan", "description": "Cloud-based continuous vulnerability management and penetration testing solution.", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Maciej Drobniuch", "url": "", "email": "", diff --git a/Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml b/Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml index bb05a7df5c57..609a114752b8 100644 --- a/Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml +++ b/Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml @@ -101,7 +101,7 @@ script: description: Gets the feed indicators. execution: false name: dshield-get-indicators - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/FeedDShield/ReleaseNotes/1_1_24.md b/Packs/FeedDShield/ReleaseNotes/1_1_24.md new file mode 100644 index 000000000000..5dcbcb69d4e8 --- /dev/null +++ b/Packs/FeedDShield/ReleaseNotes/1_1_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### DShield Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FeedDShield/pack_metadata.json b/Packs/FeedDShield/pack_metadata.json index 7500f7746502..49bdfd4bcecd 100644 --- a/Packs/FeedDShield/pack_metadata.json +++ b/Packs/FeedDShield/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DShield Feed", "description": "Indicators feed from DShield", "support": "xsoar", - "currentVersion": "1.1.23", + "currentVersion": "1.1.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml index 94cb192613f8..ebec0449ad90 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml @@ -159,7 +159,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.56082 + dockerimage: demisto/python3:3.10.11.61265 fromversion: 5.5.0 tests: - MISPfeed Test diff --git a/Packs/FeedMISP/ReleaseNotes/1_0_22.md b/Packs/FeedMISP/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..9bba127bd8f9 --- /dev/null +++ b/Packs/FeedMISP/ReleaseNotes/1_0_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### MISP Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FeedMISP/pack_metadata.json b/Packs/FeedMISP/pack_metadata.json index ea6f487bc253..2f4fe0f3fa71 100644 --- a/Packs/FeedMISP/pack_metadata.json +++ b/Packs/FeedMISP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MISP Feed", "description": "Indicators feed from MISP", "support": "xsoar", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml b/Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml index 45f8b2bf5563..4a45f7b5a34a 100644 --- a/Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml +++ b/Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml @@ -123,7 +123,7 @@ script: description: Gets indicators from the feed. execution: false name: proofpoint-get-indicators - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/FeedProofpoint/ReleaseNotes/1_0_9.md b/Packs/FeedProofpoint/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..acf58f5b6cc0 --- /dev/null +++ b/Packs/FeedProofpoint/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### Proofpoint Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FeedProofpoint/pack_metadata.json b/Packs/FeedProofpoint/pack_metadata.json index 853d3594e36d..8458bedc23b5 100644 --- a/Packs/FeedProofpoint/pack_metadata.json +++ b/Packs/FeedProofpoint/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Proofpoint Feed", "description": "Detailed feed of domains and ips classified in different categories. You need a valid authorization code from Proofpoint ET to access this feed", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml b/Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml index b757ec2c96b3..52df1a81d304 100644 --- a/Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml +++ b/Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml @@ -95,7 +95,7 @@ script: - name: limit description: Limit of the api request. outputs: [] - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/FeedURLhaus/ReleaseNotes/1_0_5.md b/Packs/FeedURLhaus/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..6d76ec92887e --- /dev/null +++ b/Packs/FeedURLhaus/ReleaseNotes/1_0_5.md @@ -0,0 +1,3 @@ +#### Integrations +##### URLhaus Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FeedURLhaus/pack_metadata.json b/Packs/FeedURLhaus/pack_metadata.json index b7ab04b3c7c3..19b2f16da069 100644 --- a/Packs/FeedURLhaus/pack_metadata.json +++ b/Packs/FeedURLhaus/pack_metadata.json @@ -2,7 +2,7 @@ "name": "URLhaus Feed", "description": "Indicators feed from URLhaus", "support": "xsoar", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.py b/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.py index 3f946b1cd7c4..8a10b38fb39d 100644 --- a/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.py +++ b/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.py @@ -6,9 +6,10 @@ import time import re from xml.dom.minidom import Node, Document, parseString +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() USERNAME = demisto.params()['credentials']['identifier'] PASSWORD = demisto.params()['credentials']['password'] @@ -77,7 +78,7 @@ def login(): # get the VIEW_STATE from the xml returned in the UI login page. p = re.compile('(value=".{1046}==")') - viewState = p.findall(response.text.encode('utf-8')) + viewState = p.findall(response.text.encode('utf-8')) # type:ignore[arg-type] VIEW_STATE = viewState[0][len('value="'):][:-1] data = { diff --git a/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml b/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml index 2af773f3ae92..1eece3449975 100644 --- a/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml +++ b/Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml @@ -373,7 +373,7 @@ script: description: Lists all elements in a resource list. isfetch: true runonce: false - dockerimage: demisto/python3:3.10.6.33415 + dockerimage: demisto/python3:3.10.11.61265 tests: - No Test fromversion: 5.0.0 diff --git a/Packs/FortiSIEM/ReleaseNotes/2_0_12.md b/Packs/FortiSIEM/ReleaseNotes/2_0_12.md new file mode 100644 index 000000000000..b753fa261ecc --- /dev/null +++ b/Packs/FortiSIEM/ReleaseNotes/2_0_12.md @@ -0,0 +1,3 @@ +#### Integrations +##### FortiSIEM +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FortiSIEM/pack_metadata.json b/Packs/FortiSIEM/pack_metadata.json index 15aacd03c949..8c8a13f2e632 100644 --- a/Packs/FortiSIEM/pack_metadata.json +++ b/Packs/FortiSIEM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FortiSIEM", "description": "Search and update events of FortiSIEM and manage resource lists.", "support": "xsoar", - "currentVersion": "2.0.11", + "currentVersion": "2.0.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml b/Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml index 88bea65cd890..3b750ec08154 100644 --- a/Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml +++ b/Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml @@ -503,7 +503,7 @@ script: - contextPath: FraudWatch.Brand.services.action description: Brand service action. type: String - dockerimage: demisto/python3:3.10.4.30607 + dockerimage: demisto/python3:3.10.11.61265 isFetchSamples: true isfetch: true runonce: false diff --git a/Packs/FraudWatch/ReleaseNotes/1_0_8.md b/Packs/FraudWatch/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..1b6c125f0ed5 --- /dev/null +++ b/Packs/FraudWatch/ReleaseNotes/1_0_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### FraudWatch +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/FraudWatch/pack_metadata.json b/Packs/FraudWatch/pack_metadata.json index 02e6b40b4ed1..0a70fbb2d659 100644 --- a/Packs/FraudWatch/pack_metadata.json +++ b/Packs/FraudWatch/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FraudWatch PhishPortal", "description": "FraudWatch International provides anti-phishing and online brand protection solutions.", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml b/Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml index 776d60e82289..ecfe7fb63484 100755 --- a/Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml +++ b/Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml @@ -647,7 +647,7 @@ script: description: Retrieve forensics artifacts from Illusive's forensics execution: false name: illusive-get-forensics-artifacts - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/IllusiveNetworks/ReleaseNotes/1_0_25.md b/Packs/IllusiveNetworks/ReleaseNotes/1_0_25.md new file mode 100644 index 000000000000..c5a2d1e884ab --- /dev/null +++ b/Packs/IllusiveNetworks/ReleaseNotes/1_0_25.md @@ -0,0 +1,3 @@ +#### Integrations +##### IllusiveNetworks +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/IllusiveNetworks/pack_metadata.json b/Packs/IllusiveNetworks/pack_metadata.json index a6e94adec025..bb3f178f6ab0 100755 --- a/Packs/IllusiveNetworks/pack_metadata.json +++ b/Packs/IllusiveNetworks/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Illusive Networks", "description": "Enrich SOC incident triage and investigation data with valuable Illusive information and forensics, and manage the way Illusive deploys deceptions across the network.", "support": "partner", - "currentVersion": "1.0.24", + "currentVersion": "1.0.25", "author": "Illusive Networks", "url": "https://www.illusivenetworks.com", "email": "support@illusivenetworks.com", diff --git a/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.py b/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.py index 8a7fa59481b0..f5b2908281d2 100644 --- a/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.py +++ b/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.py @@ -7,9 +7,10 @@ import demistomock as demisto # noqa: F401 import requests from CommonServerPython import * # noqa: F401 +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() BASE_URL = None API_KEY = None diff --git a/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml b/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml index 9c4771ddd8b0..1b85f4151e9e 100644 --- a/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml +++ b/Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml @@ -585,7 +585,7 @@ script: description: Returns the usage data for your account. execution: false name: vigilante-account-usage-info - dockerimage: demisto/python3:3.10.6.33415 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/InfoArmor_VigilanteATI/ReleaseNotes/1_0_7.md b/Packs/InfoArmor_VigilanteATI/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..0a95cd7aaac1 --- /dev/null +++ b/Packs/InfoArmor_VigilanteATI/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### InfoArmor VigilanteATI +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/InfoArmor_VigilanteATI/pack_metadata.json b/Packs/InfoArmor_VigilanteATI/pack_metadata.json index aed9c8dd19ee..6b84455fe696 100644 --- a/Packs/InfoArmor_VigilanteATI/pack_metadata.json +++ b/Packs/InfoArmor_VigilanteATI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "InfoArmor VigilanteATI", "description": "VigilanteATI redefines Advanced Threat Intelligence. InfoArmor's VigilanteATI platform and cyber threat services act as an extension of your IT security team.", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Ipstack/Integrations/Ipstack/Ipstack.yml b/Packs/Ipstack/Integrations/Ipstack/Ipstack.yml index 2cfca10991fd..857e0aa58bb7 100644 --- a/Packs/Ipstack/Integrations/Ipstack/Ipstack.yml +++ b/Packs/Ipstack/Integrations/Ipstack/Ipstack.yml @@ -89,7 +89,7 @@ script: type: String description: Queries an IP address in ipstack. runonce: false - dockerimage: demisto/python3:3.10.8.36650 + dockerimage: demisto/python3:3.10.11.61265 tests: - Ipstack_Test fromversion: 5.0.0 diff --git a/Packs/Ipstack/ReleaseNotes/1_0_10.md b/Packs/Ipstack/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..2dce9d3fef96 --- /dev/null +++ b/Packs/Ipstack/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### ipstack +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Ipstack/pack_metadata.json b/Packs/Ipstack/pack_metadata.json index fa05bffe6948..a4d3eb29f3b8 100644 --- a/Packs/Ipstack/pack_metadata.json +++ b/Packs/Ipstack/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Ipstack", "description": "One of the leading IP to geolocation APIs and global IP database services.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Ironscales/Integrations/Ironscales/Ironscales.yml b/Packs/Ironscales/Integrations/Ironscales/Ironscales.yml index 713d6037ed51..8116cbc79b97 100644 --- a/Packs/Ironscales/Integrations/Ironscales/Ironscales.yml +++ b/Packs/Ironscales/Integrations/Ironscales/Ironscales.yml @@ -169,7 +169,7 @@ script: outputs: - contextPath: Ironscales.OpenIncidents.incident_ids description: List of open incidents IDs. - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 isFetchSamples: true isfetch: true runonce: false diff --git a/Packs/Ironscales/ReleaseNotes/1_1_6.md b/Packs/Ironscales/ReleaseNotes/1_1_6.md new file mode 100644 index 000000000000..25522c10b4ad --- /dev/null +++ b/Packs/Ironscales/ReleaseNotes/1_1_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### Ironscales +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Ironscales/pack_metadata.json b/Packs/Ironscales/pack_metadata.json index d8a7114a3172..7c4274c63a00 100644 --- a/Packs/Ironscales/pack_metadata.json +++ b/Packs/Ironscales/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Ironscales", "description": "IRONSCALES is a self-learning email security platform, automatically responding to malicious emails.", "support": "partner", - "currentVersion": "1.1.5", + "currentVersion": "1.1.6", "author": "Ironscales", "url": "", "email": "support@ironscales.com", diff --git a/Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml b/Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml index aafd14d9581f..6296e01e3101 100644 --- a/Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml +++ b/Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml @@ -587,7 +587,7 @@ script: - contextPath: Keylight.User.MobilePhone description: The user's mobile phone. type: String - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false script: '-' diff --git a/Packs/Lokpath_Keylight/ReleaseNotes/1_1_17.md b/Packs/Lokpath_Keylight/ReleaseNotes/1_1_17.md new file mode 100644 index 000000000000..df8d0e61a6ad --- /dev/null +++ b/Packs/Lokpath_Keylight/ReleaseNotes/1_1_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### Lockpath KeyLight v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Lokpath_Keylight/pack_metadata.json b/Packs/Lokpath_Keylight/pack_metadata.json index b1f6d6c548fa..e22dd66f7293 100644 --- a/Packs/Lokpath_Keylight/pack_metadata.json +++ b/Packs/Lokpath_Keylight/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Lockpath Keylight", "description": "Use the LockPath KeyLight integration to manage GRC tickets in the Keylight platform.", "support": "xsoar", - "currentVersion": "1.1.16", + "currentVersion": "1.1.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml b/Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml index 814338e4557b..d14891515d5f 100644 --- a/Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml +++ b/Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml @@ -388,7 +388,7 @@ script: - contextPath: File.Tags description: Attribute to label an IoC. type: String - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/Maltiverse/ReleaseNotes/1_0_21.md b/Packs/Maltiverse/ReleaseNotes/1_0_21.md new file mode 100644 index 000000000000..5f39d9bdd764 --- /dev/null +++ b/Packs/Maltiverse/ReleaseNotes/1_0_21.md @@ -0,0 +1,3 @@ +#### Integrations +##### Maltiverse +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Maltiverse/pack_metadata.json b/Packs/Maltiverse/pack_metadata.json index ef7dcf412ee3..1ab17764807f 100644 --- a/Packs/Maltiverse/pack_metadata.json +++ b/Packs/Maltiverse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Maltiverse", "description": "Maltiverse helps you to analyze suspicious hashes, URLs, domains, and IP addresses.", "support": "xsoar", - "currentVersion": "1.0.20", + "currentVersion": "1.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.py b/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.py index 94570216ccd1..f3efe66c67d1 100644 --- a/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.py +++ b/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.py @@ -4,9 +4,10 @@ import requests from collections import defaultdict from requests.auth import HTTPBasicAuth +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() '''GLOBAL VARS''' BASE_URL = demisto.params().get('url') diff --git a/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml b/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml index c3fda8001736..0e6d58c7fdb9 100644 --- a/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml +++ b/Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml @@ -149,7 +149,7 @@ script: type: String description: Check IP reputation (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds runonce: false - dockerimage: demisto/python3:3.10.6.33415 + dockerimage: demisto/python3:3.10.11.61265 tests: - MaxMind Test fromversion: 5.0.0 diff --git a/Packs/MaxMind_GeoIP2/ReleaseNotes/1_0_9.md b/Packs/MaxMind_GeoIP2/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..1c3b8e76653d --- /dev/null +++ b/Packs/MaxMind_GeoIP2/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### MaxMind GeoIP2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/MaxMind_GeoIP2/pack_metadata.json b/Packs/MaxMind_GeoIP2/pack_metadata.json index f89e4e0ac7f6..be0026d2dd02 100644 --- a/Packs/MaxMind_GeoIP2/pack_metadata.json +++ b/Packs/MaxMind_GeoIP2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MaxMind GeoIP2", "description": "Enriches IP addresses", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/NistNVD/Integrations/NistNVD/NistNVD.yml b/Packs/NistNVD/Integrations/NistNVD/NistNVD.yml index 5b5be22ecd3a..c5a07f5d4f17 100644 --- a/Packs/NistNVD/Integrations/NistNVD/NistNVD.yml +++ b/Packs/NistNVD/Integrations/NistNVD/NistNVD.yml @@ -151,7 +151,7 @@ script: required: true description: Search specific CVE name: nvd-search-cve - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 runonce: false script: '' subtype: python3 diff --git a/Packs/NistNVD/Integrations/NistNVD/README.md b/Packs/NistNVD/Integrations/NistNVD/README.md index e69de29bb2d1..55fef1bed6e4 100644 --- a/Packs/NistNVD/Integrations/NistNVD/README.md +++ b/Packs/NistNVD/Integrations/NistNVD/README.md @@ -0,0 +1,146 @@ +National Vulnerability Database + +## Configure Nist NVD on Cortex XSOAR + +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for Nist NVD. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Required** | + | --- | --- | + | Nist NVD CVES URL | False | + | Trust any certificate (not secure) | False | + | Use system proxy settings | False | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### nvd-get-vulnerability + +*** +You can get latest vulnerabilities with given time from National Vulnerability Database. + +#### Base Command + +`nvd-get-vulnerability` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| time | Get vulnerability last time that given parameter Example: time=24. Default is 12. | Required | +| resultsPerPage | Default: 20. Default is 20. | Optional | +| startIndex | Using for paging. Default: 0. Default is 0. | Optional | + +#### Context Output + +There is no context output for this command. +### nvd-search-keyword + +*** +The keyword parameter allows your application to retrieve records where a word or phrase is found in the vulnerability description or reference links. + +#### Base Command + +`nvd-search-keyword` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| keyword | Example: keyword=apple. | Required | +| isExactMatch | If the keyword is a phrase, i.e., contains more than one term, then the isExactMatch parameter may be used to influence the response. Use isExactMatch=true to retrieve records matching the exact phrase. Otherwise, the results contain any record having any of the terms. Possible values are: true, false. Default is true. | Required | +| time | Get vulnerability last time that given parameter Example: time=24. Default is 24. | Optional | +| resultsPerPage | Default: 20. Default is 20. | Optional | +| startIndex | Using for paging. Default: 0. Default is 0. | Optional | + +#### Context Output + +There is no context output for this command. +### nvd-search-cvss + +*** +CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, https://www.first.org/cvss/. NVD provides base scores using the CVSS version 2 and, more recently, version 3.x. + +#### Base Command + +`nvd-search-cvss` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| cvssType | cvssV3 or cvssV2. Possible values are: cvssV3, cvssV2. Default is cvssV3. | Required | +| key | Search parameter that use with CVSS. Example: cvssV2Severity \| cvssV3Metrics. Possible values are: Severity, Metrics. Default is Severity. | Required | +| value | Two pairs of parameters allow you to filter vulnerabilities based on CVSS base scores. Use either the cvssV2Severity or cvssV3Severity parameter to find vulnerabilities having a LOW, MEDIUM, or HIGH version 2 or 3.x score, respectively. For CVSS V3.x, cvssV3Severity=CRITICAL is also supported. Example: cvssV2Severity=HIGH \| cvssV3Metrics=C:H/A:N \| cvssV3Metrics=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | Required | +| time | Get vulnerability last time that given parameter Example: time=24. Default is 24. | Optional | +| resultsPerPage | Default: 20. Default is 20. | Optional | +| startIndex | Using for paging. Default: 0. Default is 0. | Optional | + +#### Context Output + +There is no context output for this command. +### nvd-search-cwe + +*** +CWE refers to the classification of vulnerabilities at https://cwe.mitre.org/. NIST staff associate one or more CWE to each vulnerability during the analysis process. In the following example, CWE-20 means vulnerabilities caused by Improper Input Validation. To filter search results based on CWE, use the cweId parameter. Example: cweId=CWE-20 + +#### Base Command + +`nvd-search-cwe` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| cweId | Example: cweId=CWE-20. | Required | +| time | Get vulnerability last time that given parameter Example: time=24. Default is 24. | Optional | +| resultsPerPage | Default: 20. Default is 20. | Optional | +| startIndex | Using for paging. Default: 0. Default is 0. | Optional | + +#### Context Output + +There is no context output for this command. +### nvd-search-cpe + +*** +NVD analysts identify which product or products are affected by each vulnerability. The set of associated products is known as the applicability statement of the CVE. NVD uses the Common Platform Enumeration (CPE), version 2.3, to convey product vendors, names, versions, etc. For more information, see https://cpe.mitre.org/. + +#### Base Command + +`nvd-search-cpe` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| cpe | Example: cpe:2.3:o:microsoft:windows_10 \| cpe:2.3:o:microsoft:windows_10:1511 \| cpe:2.3:*:microsoft. | Required | +| time | Get vulnerability last time that given parameter Example: time=24. Default is 24. | Optional | +| resultsPerPage | Default: 20. Default is 20. | Optional | +| startIndex | Using for paging. Default: 0. Default is 0. | Optional | + +#### Context Output + +There is no context output for this command. +### nvd-search-cve + +*** +Search specific CVE + +#### Base Command + +`nvd-search-cve` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| cve | CVEID. Example: CVE-2020-1000. | Required | + +#### Context Output + +There is no context output for this command. diff --git a/Packs/NistNVD/ReleaseNotes/1_0_3.md b/Packs/NistNVD/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..ba3be2c4984a --- /dev/null +++ b/Packs/NistNVD/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### Nist NVD +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/NistNVD/pack_metadata.json b/Packs/NistNVD/pack_metadata.json index 7c89a3008113..a64b78ad9102 100644 --- a/Packs/NistNVD/pack_metadata.json +++ b/Packs/NistNVD/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Nist NVD", "description": "This integration can be used for daily routine vulnerability checks.(and used with several playbook)\nThe National Vulnerability Database (NVD), https://nvd.nist.gov, allows government agencies, software\nvendors, and researchers to search and view information about vulnerabilities and vulnerable products. In\nthe Fall of 2019, NVD began offering web services to allow computer applications to better access the\nNVD data", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Murat Ozfidan", "url": "", "email": "", diff --git a/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.py b/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.py index 40c81b05f498..e7b83f2588f9 100644 --- a/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.py +++ b/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.py @@ -5,10 +5,10 @@ ''' IMPORTS ''' -import requests +import urllib3 import json -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() class Client(BaseClient): diff --git a/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml b/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml index 163de7df4acb..913af83dd0d2 100644 --- a/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml +++ b/Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml @@ -194,7 +194,7 @@ script: - contextPath: Nozomi.IpByMac.mac description: Mac found the ips. type: String - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/NozomiNetworks/ReleaseNotes/1_0_6.md b/Packs/NozomiNetworks/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..c083eaf48414 --- /dev/null +++ b/Packs/NozomiNetworks/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### Nozomi Networks +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/NozomiNetworks/pack_metadata.json b/Packs/NozomiNetworks/pack_metadata.json index 30c877fb0c1e..d7939b3d1359 100644 --- a/Packs/NozomiNetworks/pack_metadata.json +++ b/Packs/NozomiNetworks/pack_metadata.json @@ -4,7 +4,7 @@ "support": "partner", "author": "Nozomi Networks", "url": "https://www.nozominetworks.com", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "email": "support@nozominetworks.com", "categories": [ "Network Security" diff --git a/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.py b/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.py index 7fa5d66ff834..65e2004a70d3 100644 --- a/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.py +++ b/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.py @@ -3,12 +3,12 @@ ''' IMPORTS ''' -import requests +import urllib3 import traceback from typing import Dict # Disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() ''' CONSTANTS ''' diff --git a/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml b/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml index 535d916a9dfb..39cfe2202749 100644 --- a/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml +++ b/Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml @@ -54,7 +54,7 @@ description: OpenPhish uses proprietary Artificial Intelligence algorithms to au name: OpenPhish_v2 display: OpenPhish v2 script: - dockerimage: demisto/python3:3.10.5.31928 + dockerimage: demisto/python3:3.10.11.61265 commands: - name: url arguments: diff --git a/Packs/OpenPhish/ReleaseNotes/2_0_12.md b/Packs/OpenPhish/ReleaseNotes/2_0_12.md new file mode 100644 index 000000000000..6c1d37703a7b --- /dev/null +++ b/Packs/OpenPhish/ReleaseNotes/2_0_12.md @@ -0,0 +1,3 @@ +#### Integrations +##### OpenPhish v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/OpenPhish/pack_metadata.json b/Packs/OpenPhish/pack_metadata.json index eef08a1da00a..b74c5a6ea6d6 100644 --- a/Packs/OpenPhish/pack_metadata.json +++ b/Packs/OpenPhish/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OpenPhish", "description": "OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence.", "support": "xsoar", - "currentVersion": "2.0.11", + "currentVersion": "2.0.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml b/Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml index d50ac7a2c55f..6a326e08d3a5 100644 --- a/Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml +++ b/Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml @@ -1591,7 +1591,7 @@ script: description: Whether the request was successful. type: Boolean - dockerimage: demisto/python3:3.10.10.47713 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false script: '-' diff --git a/Packs/OpsGenie/ReleaseNotes/2_0_15.md b/Packs/OpsGenie/ReleaseNotes/2_0_15.md new file mode 100644 index 000000000000..7661f58752d9 --- /dev/null +++ b/Packs/OpsGenie/ReleaseNotes/2_0_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### OpsGenie v3 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/OpsGenie/pack_metadata.json b/Packs/OpsGenie/pack_metadata.json index d344d0b5c41c..f2a1586e0324 100644 --- a/Packs/OpsGenie/pack_metadata.json +++ b/Packs/OpsGenie/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OpsGenie", "description": "Get current on-call assignments, schedules, and users info", "support": "xsoar", - "currentVersion": "2.0.14", + "currentVersion": "2.0.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml b/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml index ccb612f02940..748b2d1e8f1a 100644 --- a/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml +++ b/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml @@ -172,7 +172,7 @@ script: description: Gets a specific dynamic address group. execution: false name: pan-os-get-dag - dockerimage: demisto/python3:3.10.11.58677 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: false diff --git a/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_6.md b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_6.md new file mode 100644 index 000000000000..679a0633ec76 --- /dev/null +++ b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### PAN-OS Policy Optimizer (Beta) +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/PANOSPolicyOptimizer/pack_metadata.json b/Packs/PANOSPolicyOptimizer/pack_metadata.json index 7258c4a0d754..ee44910ed82b 100644 --- a/Packs/PANOSPolicyOptimizer/pack_metadata.json +++ b/Packs/PANOSPolicyOptimizer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PAN-OS Policy Optimizer (beta)", "description": "This integration introduces Policy Optimizer and DAG features that are not available through the regular PAN API", "support": "community", - "currentVersion": "1.1.5", + "currentVersion": "1.1.6", "author": "Maciej Drobniuch and Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml b/Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml index 922d9c641b7d..86a8797269c5 100644 --- a/Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml +++ b/Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml @@ -59,7 +59,7 @@ script: description: The scan ID of the released email. type: number description: Re-sends an email that was falsely quarantined, using the scan ID. - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false tests: diff --git a/Packs/PerceptionPoint/ReleaseNotes/1_0_6.md b/Packs/PerceptionPoint/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..84bba6533e6c --- /dev/null +++ b/Packs/PerceptionPoint/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### PerceptionPoint +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/PerceptionPoint/pack_metadata.json b/Packs/PerceptionPoint/pack_metadata.json index cdac649c8102..4692138a14db 100644 --- a/Packs/PerceptionPoint/pack_metadata.json +++ b/Packs/PerceptionPoint/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Perception Point", "description": "Loads incidents from Perception Point and releases falsely quarantined emails.", "support": "partner", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Perception Point", "url": "", "email": "support@perception-point.io", diff --git a/Packs/PiHole/Integrations/PiHole/PiHole.py b/Packs/PiHole/Integrations/PiHole/PiHole.py index 0227a9bcef18..6c5101ffac00 100644 --- a/Packs/PiHole/Integrations/PiHole/PiHole.py +++ b/Packs/PiHole/Integrations/PiHole/PiHole.py @@ -3,10 +3,10 @@ ''' IMPORTS ''' -import requests +import urllib3 # Disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() def results_return(command, thingtoreturn): diff --git a/Packs/PiHole/Integrations/PiHole/PiHole.yml b/Packs/PiHole/Integrations/PiHole/PiHole.yml index 52e5e240b714..7bd87d906b05 100644 --- a/Packs/PiHole/Integrations/PiHole/PiHole.yml +++ b/Packs/PiHole/Integrations/PiHole/PiHole.yml @@ -212,7 +212,7 @@ script: description: get a list data type: string description: Get all available lists from Pihole - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 tests: diff --git a/Packs/PiHole/ReleaseNotes/1_0_3.md b/Packs/PiHole/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..5aac0579d565 --- /dev/null +++ b/Packs/PiHole/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### PiHole +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/PiHole/pack_metadata.json b/Packs/PiHole/pack_metadata.json index 9acfc4b9b6a8..b50fb691ea79 100644 --- a/Packs/PiHole/pack_metadata.json +++ b/Packs/PiHole/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PiHole", "description": "Integration with PiHole", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Harri Ruuttila", "url": "", "email": "harri@ruuttila.com", diff --git a/Packs/PingCastle/Integrations/PingCastle/PingCastle.yml b/Packs/PingCastle/Integrations/PingCastle/PingCastle.yml index 547339a06c99..bb3286287610 100644 --- a/Packs/PingCastle/Integrations/PingCastle/PingCastle.yml +++ b/Packs/PingCastle/Integrations/PingCastle/PingCastle.yml @@ -50,7 +50,7 @@ script: - contextPath: PingCastle.Report.report description: The XML report sent by Ping Castle type: String - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: false longRunning: true diff --git a/Packs/PingCastle/ReleaseNotes/1_0_3.md b/Packs/PingCastle/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..70889f4d2013 --- /dev/null +++ b/Packs/PingCastle/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### PingCastle +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/PingCastle/pack_metadata.json b/Packs/PingCastle/pack_metadata.json index 719a19f4877f..6049971386fd 100644 --- a/Packs/PingCastle/pack_metadata.json +++ b/Packs/PingCastle/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PingCastle", "description": "Active directory is quickly becoming a critical failure point in any big sized company, as it is both complex and costly to secure. PingCastle is a Windows-based utility to audit the risk level of your AD infrastructure and check for vulnerable practices. The Integrations and Playbooks in this allows you to listen for PingCastle reports, create an incident based on that report, upload the XML Report to the War Room as a file, and so on", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "soarxperts", "url": "www.soarxperts.com", "email": "support@soarxperts.com", diff --git a/Packs/PingIdentity/Integrations/PingOne/PingOne.yml b/Packs/PingIdentity/Integrations/PingOne/PingOne.yml index d54a2cf72e2a..6998a84f78d9 100644 --- a/Packs/PingIdentity/Integrations/PingOne/PingOne.yml +++ b/Packs/PingIdentity/Integrations/PingOne/PingOne.yml @@ -220,7 +220,7 @@ script: - name: userId description: User id. description: Delete a PingOne user. One of the following has to be given username or userId. - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 fromversion: 6.0.0 diff --git a/Packs/PingIdentity/ReleaseNotes/1_0_3.md b/Packs/PingIdentity/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..2963df27b1e0 --- /dev/null +++ b/Packs/PingIdentity/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### PingOne +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/PingIdentity/pack_metadata.json b/Packs/PingIdentity/pack_metadata.json index 162cdf6e8049..71be74d992d6 100644 --- a/Packs/PingIdentity/pack_metadata.json +++ b/Packs/PingIdentity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PingIdentity", "description": "Integration with PingIdentity's PingOne identity platform", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Ping Identity", "url": "https://docs.pingidentity.com/bundle/p14c/page/als1564020488261.html", "email": "tap-global@pingidentity.com", diff --git a/Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml b/Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml index 355913c089e7..afc44fe61629 100644 --- a/Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml +++ b/Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml @@ -480,7 +480,7 @@ script: name: uid description: Delete a user profile. name: proofpoint-pps-delete-user - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.11.61265 runonce: false script: '' subtype: python3 diff --git a/Packs/ProofpointServerProtection/ReleaseNotes/2_1_2.md b/Packs/ProofpointServerProtection/ReleaseNotes/2_1_2.md new file mode 100644 index 000000000000..f1244117a181 --- /dev/null +++ b/Packs/ProofpointServerProtection/ReleaseNotes/2_1_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Proofpoint Protection Server v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/ProofpointServerProtection/pack_metadata.json b/Packs/ProofpointServerProtection/pack_metadata.json index ef7980ee55c5..f397c8cce4dd 100644 --- a/Packs/ProofpointServerProtection/pack_metadata.json +++ b/Packs/ProofpointServerProtection/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Proofpoint Protection Server", "description": "Proofpoint email security appliance.", "support": "xsoar", - "currentVersion": "2.1.1", + "currentVersion": "2.1.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.py b/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.py index ad15976ded5a..b490258ab336 100644 --- a/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.py +++ b/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.py @@ -10,9 +10,10 @@ import os import requests +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() """ diff --git a/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml b/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml index f6d20b049ec2..53c185d3f88c 100644 --- a/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml +++ b/Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml @@ -390,7 +390,7 @@ script: - contextPath: NetWitness.Blacklist.Domains description: Domains block listed successfully description: 'Add a list of domains to block list ' - dockerimage: demisto/python3:3.10.7.33922 + dockerimage: demisto/python3:3.10.11.61265 tests: - NetWitness Endpoint Test fromversion: 5.0.0 diff --git a/Packs/RSANetWitnessEndpoint/ReleaseNotes/1_0_8.md b/Packs/RSANetWitnessEndpoint/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..3a2897362992 --- /dev/null +++ b/Packs/RSANetWitnessEndpoint/ReleaseNotes/1_0_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### RSA NetWitness Endpoint +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/RSANetWitnessEndpoint/pack_metadata.json b/Packs/RSANetWitnessEndpoint/pack_metadata.json index 9d721adf0544..3ea0faed58d4 100644 --- a/Packs/RSANetWitnessEndpoint/pack_metadata.json +++ b/Packs/RSANetWitnessEndpoint/pack_metadata.json @@ -2,7 +2,7 @@ "name": "RSA NetWitness Endpoint", "description": "RSA NetWitness Endpoint provides deep visibility beyond basic endpoint security solutions by monitoring and collecting activity across all of your endpoints on and off your network. The RSA Demisto integration provides access to information about endpoints, modules and indicators. ", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/RedCanary/Integrations/RedCanary/RedCanary.yml b/Packs/RedCanary/Integrations/RedCanary/RedCanary.yml index fa7d0426c6a3..599d29037120 100644 --- a/Packs/RedCanary/Integrations/RedCanary/RedCanary.yml +++ b/Packs/RedCanary/Integrations/RedCanary/RedCanary.yml @@ -43,7 +43,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 commands: - name: redcanary-acknowledge-detection arguments: diff --git a/Packs/RedCanary/ReleaseNotes/1_1_13.md b/Packs/RedCanary/ReleaseNotes/1_1_13.md new file mode 100644 index 000000000000..efbed8aca8f8 --- /dev/null +++ b/Packs/RedCanary/ReleaseNotes/1_1_13.md @@ -0,0 +1,3 @@ +#### Integrations +##### Red Canary +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/RedCanary/pack_metadata.json b/Packs/RedCanary/pack_metadata.json index 4affb19223fd..46ada08873cc 100644 --- a/Packs/RedCanary/pack_metadata.json +++ b/Packs/RedCanary/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Red Canary", "description": "Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon. The collected data is standardized into a common schema which allows teams to detect, analyze and respond to security incidents.", "support": "xsoar", - "currentVersion": "1.1.12", + "currentVersion": "1.1.13", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml b/Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml index c44513153754..4d323418653b 100644 --- a/Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml +++ b/Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml @@ -555,7 +555,7 @@ script: - contextPath: SafeBreach.Test.ScheduledTime description: Time when the test was triggered. type: Datetime - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/SafeBreach/ReleaseNotes/1_2_1.md b/Packs/SafeBreach/ReleaseNotes/1_2_1.md new file mode 100644 index 000000000000..d09a8e5aceaf --- /dev/null +++ b/Packs/SafeBreach/ReleaseNotes/1_2_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### SafeBreach v2 +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/SafeBreach/pack_metadata.json b/Packs/SafeBreach/pack_metadata.json index 5fad97ace3d7..0e21207d11a3 100644 --- a/Packs/SafeBreach/pack_metadata.json +++ b/Packs/SafeBreach/pack_metadata.json @@ -5,7 +5,7 @@ "videos": [ "https://www.youtube.com/watch?v=Wb7q5Gbd2qo" ], - "currentVersion": "1.2.0", + "currentVersion": "1.2.1", "author": "SafeBreach", "url": "https://www.safebreach.com", "email": "support@safebreach.com", diff --git a/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml b/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml index c6c5c5a94a4e..2f09fce3b823 100644 --- a/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml +++ b/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml @@ -915,7 +915,7 @@ script: - contextPath: STA.USER.SESSION.DELETED description: Returns true, if all the user SSO sessions deleted successfully. type: boolean - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 runonce: false script: '' subtype: python3 diff --git a/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_15.md b/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_15.md new file mode 100644 index 000000000000..019f440c2c81 --- /dev/null +++ b/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### Thales SafeNet Trusted Access +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/SafeNet_Trusted_Access/pack_metadata.json b/Packs/SafeNet_Trusted_Access/pack_metadata.json index 8c3804137a3f..2ee30ebc2504 100644 --- a/Packs/SafeNet_Trusted_Access/pack_metadata.json +++ b/Packs/SafeNet_Trusted_Access/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Thales SafeNet Trusted Access", "description": "SafeNet Trusted Access by Thales is an access management solution that allows organizations to centrally manage and secure access to business applications.", "support": "partner", - "currentVersion": "2.0.14", + "currentVersion": "2.0.15", "author": "Thales", "url": "https://supportportal.gemalto.com/csm/?id=portal_home_page", "email": "", diff --git a/Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml b/Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml index eab4f19bc29b..53bcdafc121e 100644 --- a/Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml +++ b/Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml @@ -470,7 +470,7 @@ script: - contextPath: IdentityIQ.Alert.application description: List of applications that are related to this alert. type: String - dockerimage: demisto/python3:3.10.9.42476 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false script: '' diff --git a/Packs/SailPointIdentityIQ/ReleaseNotes/1_0_10.md b/Packs/SailPointIdentityIQ/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..c9939313e86c --- /dev/null +++ b/Packs/SailPointIdentityIQ/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### SailPoint IdentityIQ +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/SailPointIdentityIQ/pack_metadata.json b/Packs/SailPointIdentityIQ/pack_metadata.json index 641d491f947b..42ccb5ee5ccd 100644 --- a/Packs/SailPointIdentityIQ/pack_metadata.json +++ b/Packs/SailPointIdentityIQ/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SailPoint IdentityIQ", "description": "SailPoint IdentityIQ context pack enables XSOAR customers to utilize the deep, enriched contextual data in the SailPoint predictive identity platform to better drive identity-aware security practices.", "support": "partner", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "SailPoint", "url": "https://support.sailpoint.com/hc/en-us/requests/new", "email": "support.idplusa@sailpoint.com", diff --git a/Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml b/Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml index 3b501043142a..321f3bb03527 100644 --- a/Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml +++ b/Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml @@ -62,7 +62,7 @@ script: description: Retrieves an analysis report. execution: false name: symantec-cma-get-report - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 isfetch: false longRunning: false longRunningPort: false diff --git a/Packs/SymantecBlueCoatMalwareAnalysis/ReleaseNotes/1_0_6.md b/Packs/SymantecBlueCoatMalwareAnalysis/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..ed78523cdc8c --- /dev/null +++ b/Packs/SymantecBlueCoatMalwareAnalysis/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### Symantec Blue Coat Content and Malware Analysis (Beta) +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/SymantecBlueCoatMalwareAnalysis/pack_metadata.json b/Packs/SymantecBlueCoatMalwareAnalysis/pack_metadata.json index 8cd2ce6bbd6d..3f5e4943019d 100644 --- a/Packs/SymantecBlueCoatMalwareAnalysis/pack_metadata.json +++ b/Packs/SymantecBlueCoatMalwareAnalysis/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Symantec Blue Coat Content and Malware Analysis (Beta)", "description": "Symantec Blue Coat Content and Malware Analysis integration.", "support": "xsoar", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/XMatters/Integrations/xMatters/xMatters.py b/Packs/XMatters/Integrations/xMatters/xMatters.py index b35f5672b99e..41e9de479e59 100644 --- a/Packs/XMatters/Integrations/xMatters/xMatters.py +++ b/Packs/XMatters/Integrations/xMatters/xMatters.py @@ -1,6 +1,6 @@ import demistomock as demisto from CommonServerPython import * -import requests +import urllib3 import json import dateparser import traceback @@ -11,7 +11,7 @@ DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' # Disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() ''' CLIENT CLASS ''' diff --git a/Packs/XMatters/Integrations/xMatters/xMatters.yml b/Packs/XMatters/Integrations/xMatters/xMatters.yml index 471a54351682..81d3e6e0aa26 100644 --- a/Packs/XMatters/Integrations/xMatters/xMatters.yml +++ b/Packs/XMatters/Integrations/xMatters/xMatters.yml @@ -198,7 +198,7 @@ script: - contextPath: xMatters.GetEvent.SubmitterName description: The user or integration that created the event description: Get a single event from xMatters. - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false script: '-' diff --git a/Packs/XMatters/ReleaseNotes/1_0_7.md b/Packs/XMatters/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..eca454c7667e --- /dev/null +++ b/Packs/XMatters/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### xMatters +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/XMatters/pack_metadata.json b/Packs/XMatters/pack_metadata.json index 1de1984e50b4..254b4176ff05 100644 --- a/Packs/XMatters/pack_metadata.json +++ b/Packs/XMatters/pack_metadata.json @@ -2,7 +2,7 @@ "name": "xMatters", "description": "Use the xMatters pack to trigger events to on-call groups or users and wait for their response. Use their response to branch and take action in XSOAR.", "support": "partner", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "xMatters", "url": "https://support.xmatters.com/hc/en-us/requests/new", "email": "support@xmatters.com", diff --git a/Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml b/Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml index 1e1c2a620410..b570308514bc 100644 --- a/Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml +++ b/Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml @@ -144,7 +144,7 @@ script: - name: get-mapping-fields arguments: [] description: Retrieves the mapping schema from a remote incident. - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.11.61265 isfetch: true runonce: false subtype: python3 diff --git a/Packs/XSOARmirroring/ReleaseNotes/2_0_14.md b/Packs/XSOARmirroring/ReleaseNotes/2_0_14.md new file mode 100644 index 000000000000..223267fc422f --- /dev/null +++ b/Packs/XSOARmirroring/ReleaseNotes/2_0_14.md @@ -0,0 +1,3 @@ +#### Integrations +##### XSOAR Mirroring +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/XSOARmirroring/pack_metadata.json b/Packs/XSOARmirroring/pack_metadata.json index 7376ffe22c82..67a84a93ef5e 100644 --- a/Packs/XSOARmirroring/pack_metadata.json +++ b/Packs/XSOARmirroring/pack_metadata.json @@ -2,7 +2,7 @@ "name": "XSOAR Mirroring", "description": "Allows mirroring of XSOAR incidents between different instances.", "support": "xsoar", - "currentVersion": "2.0.13", + "currentVersion": "2.0.14", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Zimperium/Integrations/Zimperium/Zimperium.yml b/Packs/Zimperium/Integrations/Zimperium/Zimperium.yml index abcc7ee32899..4c3b96dbcd26 100644 --- a/Packs/Zimperium/Integrations/Zimperium/Zimperium.yml +++ b/Packs/Zimperium/Integrations/Zimperium/Zimperium.yml @@ -1088,7 +1088,7 @@ script: description: Checks the reputation of an app in Zimperium. execution: false name: file - dockerimage: demisto/python3:3.10.5.31928 + dockerimage: demisto/python3:3.10.11.61265 feed: false isfetch: true longRunning: false diff --git a/Packs/Zimperium/ReleaseNotes/1_1_8.md b/Packs/Zimperium/ReleaseNotes/1_1_8.md new file mode 100644 index 000000000000..8e579a4641d2 --- /dev/null +++ b/Packs/Zimperium/ReleaseNotes/1_1_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### Zimperium +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/Zimperium/pack_metadata.json b/Packs/Zimperium/pack_metadata.json index 55f6371e0c08..ae55bb374122 100644 --- a/Packs/Zimperium/pack_metadata.json +++ b/Packs/Zimperium/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Zimperium", "description": "Streamline investigation and remediation of mobile alerts, generated alerts based on anomalous or unauthorized activities using the Zimperium pack.", "support": "xsoar", - "currentVersion": "1.1.7", + "currentVersion": "1.1.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/cisco-ise/Integrations/cisco-ise/README.md b/Packs/cisco-ise/Integrations/cisco-ise/README.md index 455af3c6895c..43d4e27876a9 100644 --- a/Packs/cisco-ise/Integrations/cisco-ise/README.md +++ b/Packs/cisco-ise/Integrations/cisco-ise/README.md @@ -1193,4 +1193,106 @@ 00:0E:35:D4:D8:51 - \ No newline at end of file + + + +### cisco-ise-create-endpoint + +*** +Creates a new endpoint on Cisco ISE according to the passed MAC address and custom attribute list. + +#### Base Command + +`cisco-ise-create-endpoint` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| mac_address | MAC address of the endpoint (format: 11:22:33:44:55:66). | Required | +| attributes_map | A list of custom attributes. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CiscoISE.Endpoint.MACAddress | string | MAC address of the new endpoint. | +### cisco-ise-get-nodes + +*** +Returns data for all Cisco ISE nodes in the deployment. + +#### Base Command + +`cisco-ise-get-nodes` + +#### Input + +There are no input arguments for this command. + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CiscoISE.NodesData | unknown | Details of all deployment ISE nodes. | +### cisco-ise-get-endpoint-id-by-name + +*** +Returns an EndpointID using its name (Available on ISE 2.3 and later versions). + +#### Base Command + +`cisco-ise-get-endpoint-id-by-name` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| mac_address | MAC address of the endpoint (format: 11:22:33:44:55:66). | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Endpoint.ID | string | Endpoint ID. | +| Endpoint.MACAddress | string | Endpoint MAC address. | +### cisco-ise-remove-policy + +*** +Removes an Adapative Network Control policy from an endpoint. + +#### Base Command + +`cisco-ise-remove-policy` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| mac_address | The MAC address from which to remove the policy. | Required | +| policy_name | The name of the policy to remove from the endpoint. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CiscoISE.Endpoint.MACAddress | string | The MAC address of the endpoint. | +| CiscoISE.Endpoint.PolicyName | string | The policy name that was removed from the endpoint. | +### cisco-ise-get-session-data-by-ip + +*** +Queries an IP address and returns its session data from an active endpoint. + +#### Base Command + +`cisco-ise-get-session-data-by-ip` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| ip_address | IP address to query in the ISE platform. | Required | + +#### Context Output + +There is no context output for this command. \ No newline at end of file diff --git a/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.py b/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.py index 84bd6368653d..cffefdf1caad 100644 --- a/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.py +++ b/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.py @@ -4,9 +4,10 @@ ''' IMPORTS ''' import requests from urllib.parse import urlparse +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() ''' GLOBAL VARS ''' diff --git a/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml b/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml index 1333b9b97397..6aa4997c774c 100644 --- a/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml +++ b/Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml @@ -381,7 +381,7 @@ script: description: Queries an IP address and returns its session data from an active endpoint. name: cisco-ise-get-session-data-by-ip - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.11.61265 isfetch: false runonce: false script: '-' diff --git a/Packs/cisco-ise/ReleaseNotes/1_0_10.md b/Packs/cisco-ise/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..53e2add2c9a2 --- /dev/null +++ b/Packs/cisco-ise/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cisco ISE +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/cisco-ise/pack_metadata.json b/Packs/cisco-ise/pack_metadata.json index 00ca896d402c..a0a0994cf2a1 100644 --- a/Packs/cisco-ise/pack_metadata.json +++ b/Packs/cisco-ise/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco ISE", "description": "Next-generation secure network access.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 4e121703faf68a323df9b462a584606cb83c7a99 Mon Sep 17 00:00:00 2001 From: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Date: Wed, 7 Jun 2023 13:03:03 +0300 Subject: [PATCH 028/124] Ignore modeling/parsing rules suffix error (#27274) --- Packs/AWS-GuardDuty/.pack-ignore | 23 ++++++++++++------- Packs/AWS-SecurityHub/.pack-ignore | 6 ++++- Packs/AbnormalSecurity/.pack-ignore | 9 +++++++- Packs/AlibabaActionTrail/.pack-ignore | 9 ++++++++ Packs/ApacheTomcat/.pack-ignore | 9 ++++++++ Packs/ApacheWebServer/.pack-ignore | 8 +++++++ Packs/AristaSwitch/.pack-ignore | 3 +++ Packs/Auditd/.pack-ignore | 6 +++++ Packs/AzureEventsHub/.pack-ignore | 6 +++++ Packs/AzureSecurityCenter/.pack-ignore | 7 ++++-- Packs/BarracudaEmailProtection/.pack-ignore | 3 +++ Packs/BarracudaWAF/.pack-ignore | 6 +++++ .../Barracuda_Cloudgen_Firewall/.pack-ignore | 6 +++++ Packs/BluecatAddressManager/.pack-ignore | 3 +++ Packs/Box/.pack-ignore | 12 +++++++++- Packs/BrocadeSwitch/.pack-ignore | 6 +++++ Packs/CheckpointFirewall/.pack-ignore | 6 +++++ Packs/CiscoASA/.pack-ignore | 12 +++++++++- Packs/CiscoASR/.pack-ignore | 3 +++ Packs/CiscoCatalyst/.pack-ignore | 6 +++++ Packs/CiscoFirepower/.pack-ignore | 6 ++++- Packs/CiscoNexus/.pack-ignore | 6 +++++ Packs/CiscoSMA/.pack-ignore | 10 ++++++++ Packs/CiscoStealthwatch/.pack-ignore | 6 ++++- Packs/CitrixADC/.pack-ignore | 3 +++ Packs/ClearswiftDLP/.pack-ignore | 3 +++ Packs/CloudflareWAF/.pack-ignore | 6 ++++- Packs/CorelightZeek/.pack-ignore | 3 +++ Packs/CyberArkIdentity/.pack-ignore | 12 +++++++++- Packs/DelineaALM/.pack-ignore | 3 +++ Packs/DelineaSS/.pack-ignore | 6 ++++- Packs/Dropbox/.pack-ignore | 9 ++++++++ Packs/DuoAdminApi/.pack-ignore | 9 +++++++- Packs/F5ASM/.pack-ignore | 6 +++++ Packs/F5LTM/.pack-ignore | 9 +++++++- Packs/FireEyeHX/.pack-ignore | 8 +++++-- Packs/FireEyeNX/.pack-ignore | 9 +++++++- Packs/Forcepoint/.pack-ignore | 6 ++++- Packs/ForcepointDLP/.pack-ignore | 3 +++ Packs/ForcepointEmailSecurity/.pack-ignore | 3 +++ Packs/FortiGate/.pack-ignore | 6 ++++- Packs/GitHub/.pack-ignore | 9 ++++++++ Packs/GitLab/.pack-ignore | 12 +++++++++- Packs/GoogleDrive/.pack-ignore | 8 +++++-- Packs/IllusiveNetworks/.pack-ignore | 9 +++++--- Packs/Imperva_WAF/.pack-ignore | 3 +++ Packs/Infoblox/.pack-ignore | 9 ++++++++ Packs/InfobloxBloxOne/.pack-ignore | 3 +++ Packs/IronscalesEventCollector/.pack-ignore | 6 ++++- Packs/IvantiConnectSecure/.pack-ignore | 3 +++ Packs/Jira/.pack-ignore | 16 ++++++++++--- Packs/JuniperSRX/.pack-ignore | 9 ++++++++ Packs/KnowBe4_KMSAT/.pack-ignore | 6 +++++ Packs/Kubernetes/.pack-ignore | 3 +++ Packs/LinuxEventsCollection/.pack-ignore | 9 ++++++++ Packs/MacOS/.pack-ignore | 3 +++ Packs/ManageEngine-ADAudit/.pack-ignore | 3 +++ Packs/ManageEngine-ADManager/.pack-ignore | 6 +++++ Packs/MicrosoftADFS/.pack-ignore | 9 ++++++++ .../.pack-ignore | 6 ++++- Packs/MicrosoftCloudAppSecurity/.pack-ignore | 9 ++++++++ Packs/MicrosoftCore/.pack-ignore | 3 +++ Packs/MicrosoftDHCP/.pack-ignore | 6 +++++ Packs/MicrosoftDNS/.pack-ignore | 6 +++++ .../.pack-ignore | 13 ++++++++--- .../MicrosoftDefenderforIdentity/.pack-ignore | 3 +++ Packs/MicrosoftECM/.pack-ignore | 9 +++++++- Packs/MicrosoftExchangeServer/.pack-ignore | 9 ++++++++ Packs/MicrosoftGraphSecurity/.pack-ignore | 3 ++- Packs/MicrosoftIISWebServer/.pack-ignore | 9 ++++++++ Packs/MicrosoftIntune/.pack-ignore | 6 +++++ Packs/MicrosoftNPS/.pack-ignore | 9 ++++++++ Packs/MicrosoftWSUS/.pack-ignore | 9 ++++++++ Packs/MicrosoftWindowsEvents/.pack-ignore | 3 +++ Packs/Mimecast/.pack-ignore | 11 +++++++++ Packs/MySQLEnterprise/.pack-ignore | 9 ++++++++ Packs/NGINXWebServer/.pack-ignore | 9 ++++++++ Packs/NetBox/.pack-ignore | 3 +++ Packs/Netskope/.pack-ignore | 6 +++++ Packs/Okta/.pack-ignore | 9 ++++++++ Packs/OktaOAG/.pack-ignore | 9 ++++++++ Packs/OneLogin/.pack-ignore | 6 +++++ Packs/OnemodelDev/.pack-ignore | 6 +++++ Packs/Oracle/.pack-ignore | 9 ++++++++ Packs/OracleCloudInfrastructure/.pack-ignore | 3 +++ Packs/Orca/.pack-ignore | 6 ++++- Packs/PrismaCloud/.pack-ignore | 18 +++++++++------ Packs/PrismaSaasSecurity/.pack-ignore | 16 ++++++++++--- Packs/ProofpointObserveIT/.pack-ignore | 3 +++ Packs/ProofpointTAP/.pack-ignore | 9 ++++++++ Packs/ProofpointThreatResponse/.pack-ignore | 13 ++++++++--- Packs/RunZero/.pack-ignore | 6 ++++- Packs/SafeNet_Trusted_Access/.pack-ignore | 11 +++++++++ Packs/Salesforce/.pack-ignore | 9 ++++++++ Packs/SentinelOne/.pack-ignore | 6 ++++- Packs/Slack/.pack-ignore | 14 +++++++++-- Packs/SonicWallNSv/.pack-ignore | 6 +++++ Packs/Squid/.pack-ignore | 3 +++ Packs/SymantecBlueCoatProxySG/.pack-ignore | 3 +++ Packs/SymantecEndpointProtection/.pack-ignore | 10 +++++++- Packs/Tableau/.pack-ignore | 6 +++++ Packs/TaniumThreatResponse/.pack-ignore | 5 ++-- Packs/TeamViewer/.pack-ignore | 3 +++ Packs/Tenable_io/.pack-ignore | 10 ++++++++ Packs/ThinkstCanary/.pack-ignore | 8 +++++-- Packs/TrendMicroDeepSecurity/.pack-ignore | 3 ++- Packs/TrendMicroTippingPoint/.pack-ignore | 3 +++ Packs/VMwareESXi/.pack-ignore | 9 ++++++++ Packs/VMwareVCenter/.pack-ignore | 8 +++++++ Packs/Vectra_AI/.pack-ignore | 12 ++++++---- Packs/WatchguardFirebox/.pack-ignore | 3 +++ Packs/WithSecure/.pack-ignore | 3 +++ Packs/Workday/.pack-ignore | 3 +++ Packs/Zoom/.pack-ignore | 6 ++++- Packs/Zscaler/.pack-ignore | 9 +++++++- Packs/ZscalerZPA/.pack-ignore | 6 +++++ Packs/cisco-ise/.pack-ignore | 2 +- Packs/cisco-meraki/.pack-ignore | 9 ++++++++ Packs/epo/.pack-ignore | 14 +++++++++-- Packs/jamf/.pack-ignore | 12 +++++++++- 120 files changed, 781 insertions(+), 76 deletions(-) diff --git a/Packs/AWS-GuardDuty/.pack-ignore b/Packs/AWS-GuardDuty/.pack-ignore index 995a7cc6e4f6..d7374cc4f288 100644 --- a/Packs/AWS-GuardDuty/.pack-ignore +++ b/Packs/AWS-GuardDuty/.pack-ignore @@ -4,12 +4,19 @@ ignore=IN126,BA108,BA109,IN145,IN124 [known_words] gd threatintel -enableKubernetesLogs -ebsVolumesMalwareProtection -findingFrequency -Eks -Ebs -Ecs -returnRawResponse +enablekuberneteslogs +ebsvolumesmalwareprotection +findingfrequency +eks +ebs +ecs +returnrawresponse aws-gd-get-findings -AWS \ No newline at end of file +aws + +[file:AWSGuardDutyModelingRules.yml] +ignore=MR108 + +[file:AWSGuardDutyModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/AWS-SecurityHub/.pack-ignore b/Packs/AWS-SecurityHub/.pack-ignore index b605a59d2292..9236472c3d84 100644 --- a/Packs/AWS-SecurityHub/.pack-ignore +++ b/Packs/AWS-SecurityHub/.pack-ignore @@ -3,4 +3,8 @@ ignore=IN126,IN136,BA108,BA109,IN145,IN124 [known_words] datetime -securityhub \ No newline at end of file +securityhub + +[file:AWSSecurityHubModelingRules.yml] +ignore=MR108 + diff --git a/Packs/AbnormalSecurity/.pack-ignore b/Packs/AbnormalSecurity/.pack-ignore index ec15843b8b53..413c7cdfb2ba 100644 --- a/Packs/AbnormalSecurity/.pack-ignore +++ b/Packs/AbnormalSecurity/.pack-ignore @@ -1,2 +1,9 @@ [file:AbnormalSecurity_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:AbnormalSecurityEventCollector_1_3.yml] +ignore=MR108 + +[file:AbnormalSecurityEventCollector.yml] +ignore=MR108 + diff --git a/Packs/AlibabaActionTrail/.pack-ignore b/Packs/AlibabaActionTrail/.pack-ignore index 445a22e9506e..7f6c6227bd70 100644 --- a/Packs/AlibabaActionTrail/.pack-ignore +++ b/Packs/AlibabaActionTrail/.pack-ignore @@ -1,3 +1,12 @@ [file:AlibabaActionTrailEventCollector.yml] ignore=BA124 +[file:AlibabaModelingRules.yml] +ignore=MR108 + +[file:AlibabaParsingRules.yml] +ignore=PR101 + +[file:AlibabaModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/ApacheTomcat/.pack-ignore b/Packs/ApacheTomcat/.pack-ignore index e69de29bb2d1..4c449818c9cf 100644 --- a/Packs/ApacheTomcat/.pack-ignore +++ b/Packs/ApacheTomcat/.pack-ignore @@ -0,0 +1,9 @@ +[file:ApacheTomcatParsingRules.yml] +ignore=PR101 + +[file:ApacheTomcatModelingRules_1_3.yml] +ignore=MR108 + +[file:ApacheTomcatModelingRules.yml] +ignore=MR108 + diff --git a/Packs/ApacheWebServer/.pack-ignore b/Packs/ApacheWebServer/.pack-ignore index 8b137891791f..ddf3ccf54048 100644 --- a/Packs/ApacheWebServer/.pack-ignore +++ b/Packs/ApacheWebServer/.pack-ignore @@ -1 +1,9 @@ +[file:ApacheWebServerParsingRules.yml] +ignore=PR101 + +[file:ApacheWebServerModelingRules_1_3.yml] +ignore=MR108 + +[file:ApacheWebServerModelingRules.yml] +ignore=MR108 diff --git a/Packs/AristaSwitch/.pack-ignore b/Packs/AristaSwitch/.pack-ignore index e69de29bb2d1..b7643c70d210 100644 --- a/Packs/AristaSwitch/.pack-ignore +++ b/Packs/AristaSwitch/.pack-ignore @@ -0,0 +1,3 @@ +[file:AristaSwitch.yml] +ignore=MR108,PR101 + diff --git a/Packs/Auditd/.pack-ignore b/Packs/Auditd/.pack-ignore index e69de29bb2d1..94ed729460e9 100644 --- a/Packs/Auditd/.pack-ignore +++ b/Packs/Auditd/.pack-ignore @@ -0,0 +1,6 @@ +[file:Auditd.yml] +ignore=PR101 + +[file:Auditd_1_3.yml] +ignore=MR108 + diff --git a/Packs/AzureEventsHub/.pack-ignore b/Packs/AzureEventsHub/.pack-ignore index e69de29bb2d1..75313cb57fe0 100644 --- a/Packs/AzureEventsHub/.pack-ignore +++ b/Packs/AzureEventsHub/.pack-ignore @@ -0,0 +1,6 @@ +[file:AzureEventsHub.yml] +ignore=MR108,PR101 + +[file:AzureEventsHub_1_3.yml] +ignore=MR108 + diff --git a/Packs/AzureSecurityCenter/.pack-ignore b/Packs/AzureSecurityCenter/.pack-ignore index 17839d90ce2c..fbe6f0020b64 100644 --- a/Packs/AzureSecurityCenter/.pack-ignore +++ b/Packs/AzureSecurityCenter/.pack-ignore @@ -7,6 +7,9 @@ ignore=RM106 [file:classifier-Mandiant_Automated_Defense_Incoming_mapper.json] ignore=BA101 - [file:AzureSecurityCenter_v2_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:MicrosoftDefenderForCloudModelingRules.yml] +ignore=MR108 + diff --git a/Packs/BarracudaEmailProtection/.pack-ignore b/Packs/BarracudaEmailProtection/.pack-ignore index e69de29bb2d1..04428bf20092 100644 --- a/Packs/BarracudaEmailProtection/.pack-ignore +++ b/Packs/BarracudaEmailProtection/.pack-ignore @@ -0,0 +1,3 @@ +[file:BarracudaEmailProtection_1_3.yml] +ignore=MR108 + diff --git a/Packs/BarracudaWAF/.pack-ignore b/Packs/BarracudaWAF/.pack-ignore index e69de29bb2d1..1a0faa20d1b3 100644 --- a/Packs/BarracudaWAF/.pack-ignore +++ b/Packs/BarracudaWAF/.pack-ignore @@ -0,0 +1,6 @@ +[file:BarracudaWAFParsingRules.yml] +ignore=PR101 + +[file:BarracudaWAFModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/Barracuda_Cloudgen_Firewall/.pack-ignore b/Packs/Barracuda_Cloudgen_Firewall/.pack-ignore index e69de29bb2d1..e82d09b3b21b 100644 --- a/Packs/Barracuda_Cloudgen_Firewall/.pack-ignore +++ b/Packs/Barracuda_Cloudgen_Firewall/.pack-ignore @@ -0,0 +1,6 @@ +[file:Barracuda_CGFWModelingRules_1_3.yml] +ignore=MR108 + +[file:Barracuda_Cloudgen_FirewallParsingRules.yml] +ignore=PR101 + diff --git a/Packs/BluecatAddressManager/.pack-ignore b/Packs/BluecatAddressManager/.pack-ignore index 5acdfa88d23e..0d383885a92f 100644 --- a/Packs/BluecatAddressManager/.pack-ignore +++ b/Packs/BluecatAddressManager/.pack-ignore @@ -4,3 +4,6 @@ ignore=RM106 [file:BluecatAddressManager.yml] ignore=BA124 +[file:BluecatAddressManager_1_3.yml] +ignore=MR108,PR101 + diff --git a/Packs/Box/.pack-ignore b/Packs/Box/.pack-ignore index 3fc7ae05dd7a..7f1d3b288842 100644 --- a/Packs/Box/.pack-ignore +++ b/Packs/Box/.pack-ignore @@ -8,4 +8,14 @@ ignore=BA101 ignore=IM111 [file:Box_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:BoxEventsCollector_1_3.yml] +ignore=MR108 + +[file:BoxEventsCollector.yml] +ignore=MR108 + +[file:BoxEventCollectorParsingRules.yml] +ignore=PR101 + diff --git a/Packs/BrocadeSwitch/.pack-ignore b/Packs/BrocadeSwitch/.pack-ignore index e69de29bb2d1..197164193f10 100644 --- a/Packs/BrocadeSwitch/.pack-ignore +++ b/Packs/BrocadeSwitch/.pack-ignore @@ -0,0 +1,6 @@ +[file:BrocadeSwitch.yml] +ignore=MR108,PR101 + +[file:BrocadeSwitch_1_3.yml] +ignore=MR108 + diff --git a/Packs/CheckpointFirewall/.pack-ignore b/Packs/CheckpointFirewall/.pack-ignore index 01ec060217f9..1414dc172290 100644 --- a/Packs/CheckpointFirewall/.pack-ignore +++ b/Packs/CheckpointFirewall/.pack-ignore @@ -13,3 +13,9 @@ ignore=IM111 [file:CheckPointDownloadBackup.yml] ignore=BA124 +[file:CheckpointFirewall.yml] +ignore=MR108 + +[file:CheckpointFirewall_1_3.yml] +ignore=MR108 + diff --git a/Packs/CiscoASA/.pack-ignore b/Packs/CiscoASA/.pack-ignore index e1066e1f1bd9..bd8d55f80345 100644 --- a/Packs/CiscoASA/.pack-ignore +++ b/Packs/CiscoASA/.pack-ignore @@ -1,2 +1,12 @@ [file:CiscoASA_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:CiscoASA.yml] +ignore=PR101,MR108 + +[file:CiscoASA_1_3.yml] +ignore=MR108 + +[file:CiscoASA_1_4.yml] +ignore=MR108 + diff --git a/Packs/CiscoASR/.pack-ignore b/Packs/CiscoASR/.pack-ignore index e69de29bb2d1..8f591c0e26ae 100644 --- a/Packs/CiscoASR/.pack-ignore +++ b/Packs/CiscoASR/.pack-ignore @@ -0,0 +1,3 @@ +[file:CiscoASR.yml] +ignore=MR108,PR101 + diff --git a/Packs/CiscoCatalyst/.pack-ignore b/Packs/CiscoCatalyst/.pack-ignore index e69de29bb2d1..53e62102dc4e 100644 --- a/Packs/CiscoCatalyst/.pack-ignore +++ b/Packs/CiscoCatalyst/.pack-ignore @@ -0,0 +1,6 @@ +[file:CiscoCatalyst_1_3.yml] +ignore=MR108 + +[file:CiscoCatalyst.yml] +ignore=PR101 + diff --git a/Packs/CiscoFirepower/.pack-ignore b/Packs/CiscoFirepower/.pack-ignore index 71de79ac58b5..0a3efa47f711 100644 --- a/Packs/CiscoFirepower/.pack-ignore +++ b/Packs/CiscoFirepower/.pack-ignore @@ -1,2 +1,6 @@ [file:CiscoFirepower_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:CiscoFirepower_1_3.yml] +ignore=MR108 + diff --git a/Packs/CiscoNexus/.pack-ignore b/Packs/CiscoNexus/.pack-ignore index e69de29bb2d1..edfa677e7993 100644 --- a/Packs/CiscoNexus/.pack-ignore +++ b/Packs/CiscoNexus/.pack-ignore @@ -0,0 +1,6 @@ +[file:CiscoNexus_1_3.yml] +ignore=PR101 + +[file:CiscoNexusModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/CiscoSMA/.pack-ignore b/Packs/CiscoSMA/.pack-ignore index a10529ade490..95c9a4257f02 100644 --- a/Packs/CiscoSMA/.pack-ignore +++ b/Packs/CiscoSMA/.pack-ignore @@ -1,2 +1,12 @@ [file:README.md] ignore=RM102 + +[file:CiscoSMA.yml] +ignore=PR101 + +[file:CiscoSMAModelingRules.yml] +ignore=MR108 + +[file:CiscoSMAModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/CiscoStealthwatch/.pack-ignore b/Packs/CiscoStealthwatch/.pack-ignore index 9a37698dbf24..ee2283e2e000 100644 --- a/Packs/CiscoStealthwatch/.pack-ignore +++ b/Packs/CiscoStealthwatch/.pack-ignore @@ -2,4 +2,8 @@ ignore=BA109 [known_words] -Stealthwatch \ No newline at end of file +stealthwatch + +[file:CiscoStealthwatch.yml] +ignore=MR108 + diff --git a/Packs/CitrixADC/.pack-ignore b/Packs/CitrixADC/.pack-ignore index e69de29bb2d1..570f721caaad 100644 --- a/Packs/CitrixADC/.pack-ignore +++ b/Packs/CitrixADC/.pack-ignore @@ -0,0 +1,3 @@ +[file:CitrixADC_1_3.yml] +ignore=MR108,PR101 + diff --git a/Packs/ClearswiftDLP/.pack-ignore b/Packs/ClearswiftDLP/.pack-ignore index e69de29bb2d1..533e8458dbc0 100644 --- a/Packs/ClearswiftDLP/.pack-ignore +++ b/Packs/ClearswiftDLP/.pack-ignore @@ -0,0 +1,3 @@ +[file:ClearswiftDLP.yml] +ignore=MR108,PR101 + diff --git a/Packs/CloudflareWAF/.pack-ignore b/Packs/CloudflareWAF/.pack-ignore index 236dc4b58b11..71e280e8048e 100644 --- a/Packs/CloudflareWAF/.pack-ignore +++ b/Packs/CloudflareWAF/.pack-ignore @@ -2,4 +2,8 @@ ignore=auto-test [known_words] -WAF \ No newline at end of file +waf + +[file:CloudflareWAF.yml] +ignore=PR101,MR108 + diff --git a/Packs/CorelightZeek/.pack-ignore b/Packs/CorelightZeek/.pack-ignore index e69de29bb2d1..a4345287f16e 100644 --- a/Packs/CorelightZeek/.pack-ignore +++ b/Packs/CorelightZeek/.pack-ignore @@ -0,0 +1,3 @@ +[file:CorelightZeek.yml] +ignore=MR108,PR101 + diff --git a/Packs/CyberArkIdentity/.pack-ignore b/Packs/CyberArkIdentity/.pack-ignore index 3ecb7a3c9b40..7bfe602a428b 100644 --- a/Packs/CyberArkIdentity/.pack-ignore +++ b/Packs/CyberArkIdentity/.pack-ignore @@ -1,2 +1,12 @@ [known_words] -CyberArk +cyberark + +[file:CyberArkIdentityParsingRules.yml] +ignore=PR101 + +[file:CyberArkIdentityEventCollector.yml] +ignore=MR108 + +[file:CyberArkIdentityEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/DelineaALM/.pack-ignore b/Packs/DelineaALM/.pack-ignore index e69de29bb2d1..2040862368a7 100644 --- a/Packs/DelineaALM/.pack-ignore +++ b/Packs/DelineaALM/.pack-ignore @@ -0,0 +1,3 @@ +[file:DelineaALM.yml] +ignore=MR108 + diff --git a/Packs/DelineaSS/.pack-ignore b/Packs/DelineaSS/.pack-ignore index 8e148599df05..26b31a4ef436 100644 --- a/Packs/DelineaSS/.pack-ignore +++ b/Packs/DelineaSS/.pack-ignore @@ -1,2 +1,6 @@ [file:Delinea_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:DelineaSS_1_3.yml] +ignore=MR108 + diff --git a/Packs/Dropbox/.pack-ignore b/Packs/Dropbox/.pack-ignore index e69de29bb2d1..8427f84be650 100644 --- a/Packs/Dropbox/.pack-ignore +++ b/Packs/Dropbox/.pack-ignore @@ -0,0 +1,9 @@ +[file:DropboxEventCollector.yml] +ignore=MR108 + +[file:DropboxParsingRules.yml] +ignore=PR101 + +[file:DropboxEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/DuoAdminApi/.pack-ignore b/Packs/DuoAdminApi/.pack-ignore index 2506740783a2..66a819091f02 100644 --- a/Packs/DuoAdminApi/.pack-ignore +++ b/Packs/DuoAdminApi/.pack-ignore @@ -5,4 +5,11 @@ ignore=IN145 ignore=IM111 [known_words] -duoadmin \ No newline at end of file +duoadmin + +[file:DuoModelingRule.yml] +ignore=MR108 + +[file:DuoModelingRule_1_3.yml] +ignore=MR108 + diff --git a/Packs/F5ASM/.pack-ignore b/Packs/F5ASM/.pack-ignore index e69de29bb2d1..75a1c4685a6b 100644 --- a/Packs/F5ASM/.pack-ignore +++ b/Packs/F5ASM/.pack-ignore @@ -0,0 +1,6 @@ +[file:F5ASMModelingRules.yml] +ignore=MR108 + +[file:F5ASMModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/F5LTM/.pack-ignore b/Packs/F5LTM/.pack-ignore index db1638293346..e6e8f2aeff01 100644 --- a/Packs/F5LTM/.pack-ignore +++ b/Packs/F5LTM/.pack-ignore @@ -1,2 +1,9 @@ [file:F5LTM_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:F5LTMParsingRules.yml] +ignore=PR101 + +[file:F5LTMModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/FireEyeHX/.pack-ignore b/Packs/FireEyeHX/.pack-ignore index c1efaf935016..47d4714e297b 100644 --- a/Packs/FireEyeHX/.pack-ignore +++ b/Packs/FireEyeHX/.pack-ignore @@ -1,8 +1,12 @@ [file:FireEyeHX.yml] -ignore=IN126 +ignore=IN126,PR101 [file:README.md] ignore=RM104,RM106 [known_words] -README \ No newline at end of file +readme + +[file:FireEyeHXModelingRules.yml] +ignore=MR108 + diff --git a/Packs/FireEyeNX/.pack-ignore b/Packs/FireEyeNX/.pack-ignore index a3854dcc175a..f703bfbfabd8 100644 --- a/Packs/FireEyeNX/.pack-ignore +++ b/Packs/FireEyeNX/.pack-ignore @@ -74,4 +74,11 @@ ignore=BA101 ignore=BA101 [known_words] -NX \ No newline at end of file +nx + +[file:FireEyeNX.yml] +ignore=MR108,PR101 + +[file:FireEyeNX_1_3.yml] +ignore=MR108 + diff --git a/Packs/Forcepoint/.pack-ignore b/Packs/Forcepoint/.pack-ignore index b9d9cf54f8aa..ebd5c765dc3f 100644 --- a/Packs/Forcepoint/.pack-ignore +++ b/Packs/Forcepoint/.pack-ignore @@ -1,2 +1,6 @@ [file:Forcepoint_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:Forcepoint.yml] +ignore=MR108 + diff --git a/Packs/ForcepointDLP/.pack-ignore b/Packs/ForcepointDLP/.pack-ignore index e69de29bb2d1..03241f486432 100644 --- a/Packs/ForcepointDLP/.pack-ignore +++ b/Packs/ForcepointDLP/.pack-ignore @@ -0,0 +1,3 @@ +[file:ForcepointDLP_1_4.yml] +ignore=MR108 + diff --git a/Packs/ForcepointEmailSecurity/.pack-ignore b/Packs/ForcepointEmailSecurity/.pack-ignore index e69de29bb2d1..7108b9b10cc5 100644 --- a/Packs/ForcepointEmailSecurity/.pack-ignore +++ b/Packs/ForcepointEmailSecurity/.pack-ignore @@ -0,0 +1,3 @@ +[file:ForcepointEmailSecurity.yml] +ignore=MR108 + diff --git a/Packs/FortiGate/.pack-ignore b/Packs/FortiGate/.pack-ignore index 14a40f15c0fc..9474f1fee372 100644 --- a/Packs/FortiGate/.pack-ignore +++ b/Packs/FortiGate/.pack-ignore @@ -1,5 +1,9 @@ [file:FortiGate.yml] -ignore=BA124 +ignore=BA124,PR101,MR108 [known_words] ccsrftoken + +[file:FortiGate_1_3.yml] +ignore=MR108 + diff --git a/Packs/GitHub/.pack-ignore b/Packs/GitHub/.pack-ignore index ef031c28132d..b04df748b423 100644 --- a/Packs/GitHub/.pack-ignore +++ b/Packs/GitHub/.pack-ignore @@ -14,3 +14,12 @@ assignees [file:GitHubEventCollector.yml] ignore=BA124 +[file:GithubModelingRules.yml] +ignore=MR108 + +[file:GitHub_ParsingRules.yml] +ignore=PR101 + +[file:GithubModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/GitLab/.pack-ignore b/Packs/GitLab/.pack-ignore index 52a08804c45f..fb1c59f10462 100644 --- a/Packs/GitLab/.pack-ignore +++ b/Packs/GitLab/.pack-ignore @@ -1,2 +1,12 @@ [file:README.md] -ignore=RM104 \ No newline at end of file +ignore=RM104 + +[file:GitLab.yml] +ignore=PR101 + +[file:GitlabModelingRules.yml] +ignore=MR108 + +[file:GitlabModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/GoogleDrive/.pack-ignore b/Packs/GoogleDrive/.pack-ignore index dde83fc81a0c..b57565acd9dc 100644 --- a/Packs/GoogleDrive/.pack-ignore +++ b/Packs/GoogleDrive/.pack-ignore @@ -5,10 +5,14 @@ ignore=RM104 ignore=BA101 [file:GoogleDrive.yml] -ignore=IN145 +ignore=IN145,PR101 [file:GoogleDrive_image.png] ignore=IM111 [file:classifier-Google_Drive.json] -ignore=BA101 \ No newline at end of file +ignore=BA101 + +[file:GoogleDrive_1_3.yml] +ignore=MR108 + diff --git a/Packs/IllusiveNetworks/.pack-ignore b/Packs/IllusiveNetworks/.pack-ignore index 858e84587741..21e328d4a37a 100755 --- a/Packs/IllusiveNetworks/.pack-ignore +++ b/Packs/IllusiveNetworks/.pack-ignore @@ -1,12 +1,15 @@ [file:IllusiveNetworks.yml] -ignore=IN126,IN145 +ignore=IN126,IN145,MR108 [file:classifier-mapper-incoming-IllusiveNetworks.json] ignore=BA101 - [file:incidentfield-Illusive_Networks_Events_Number.json] ignore=IF100 [file:classifier-IllusiveNetworks.json] -ignore=BA101 \ No newline at end of file +ignore=BA101 + +[file:IllusiveNetworks_1_3.yml] +ignore=MR108 + diff --git a/Packs/Imperva_WAF/.pack-ignore b/Packs/Imperva_WAF/.pack-ignore index 1b327a5b3977..2cb4437a5b9e 100644 --- a/Packs/Imperva_WAF/.pack-ignore +++ b/Packs/Imperva_WAF/.pack-ignore @@ -4,3 +4,6 @@ ignore=RM102 [file:ImpervaWAF.yml] ignore=IN136,BA124 +[file:Imperva_WAF.yml] +ignore=MR108 + diff --git a/Packs/Infoblox/.pack-ignore b/Packs/Infoblox/.pack-ignore index e69de29bb2d1..0333b47377b6 100644 --- a/Packs/Infoblox/.pack-ignore +++ b/Packs/Infoblox/.pack-ignore @@ -0,0 +1,9 @@ +[file:Infoblox_1_3.yml] +ignore=MR108 + +[file:InfobloxParsingRules.yml] +ignore=PR101 + +[file:Infoblox.yml] +ignore=MR108 + diff --git a/Packs/InfobloxBloxOne/.pack-ignore b/Packs/InfobloxBloxOne/.pack-ignore index e69de29bb2d1..e9d8ffbf6c5c 100644 --- a/Packs/InfobloxBloxOne/.pack-ignore +++ b/Packs/InfobloxBloxOne/.pack-ignore @@ -0,0 +1,3 @@ +[file:InfobloxBloxOneThreatDefense.yml] +ignore=MR108 + diff --git a/Packs/IronscalesEventCollector/.pack-ignore b/Packs/IronscalesEventCollector/.pack-ignore index 36d593897fb8..23af800ccd95 100644 --- a/Packs/IronscalesEventCollector/.pack-ignore +++ b/Packs/IronscalesEventCollector/.pack-ignore @@ -1,2 +1,6 @@ [file:IronscalesEventCollector_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[file:IronscalesModelingRules.yml] +ignore=MR108 + diff --git a/Packs/IvantiConnectSecure/.pack-ignore b/Packs/IvantiConnectSecure/.pack-ignore index e69de29bb2d1..9b261b61e4bc 100644 --- a/Packs/IvantiConnectSecure/.pack-ignore +++ b/Packs/IvantiConnectSecure/.pack-ignore @@ -0,0 +1,3 @@ +[file:IvantiConnectSecure.yml] +ignore=MR108,PR101 + diff --git a/Packs/Jira/.pack-ignore b/Packs/Jira/.pack-ignore index a4d6aaad6f35..0620414e07f5 100644 --- a/Packs/Jira/.pack-ignore +++ b/Packs/Jira/.pack-ignore @@ -24,7 +24,17 @@ jiracreateissue jiracreateissueexample customfields ssl -Subtask -OnPrem +subtask +onprem subtasks -issueJson \ No newline at end of file +issuejson + +[file:JiraParsingRules.yml] +ignore=PR101 + +[file:JiraEventCollector.yml] +ignore=MR108 + +[file:JiraEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/JuniperSRX/.pack-ignore b/Packs/JuniperSRX/.pack-ignore index e69de29bb2d1..7dbf355fdd8c 100644 --- a/Packs/JuniperSRX/.pack-ignore +++ b/Packs/JuniperSRX/.pack-ignore @@ -0,0 +1,9 @@ +[file:JuniperSRXModelingRules.yml] +ignore=MR108 + +[file:JuniperSRX_1_3.yml] +ignore=MR108 + +[file:JuniperSRX.yml] +ignore=PR101 + diff --git a/Packs/KnowBe4_KMSAT/.pack-ignore b/Packs/KnowBe4_KMSAT/.pack-ignore index e69de29bb2d1..97df0ee71c7f 100644 --- a/Packs/KnowBe4_KMSAT/.pack-ignore +++ b/Packs/KnowBe4_KMSAT/.pack-ignore @@ -0,0 +1,6 @@ +[file:KnowBe4KMSATEventCollector.yml] +ignore=MR108 + +[file:KnowBe4KMSATEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/Kubernetes/.pack-ignore b/Packs/Kubernetes/.pack-ignore index e69de29bb2d1..32b5aaa74718 100644 --- a/Packs/Kubernetes/.pack-ignore +++ b/Packs/Kubernetes/.pack-ignore @@ -0,0 +1,3 @@ +[file:Kubernetes.yml] +ignore=MR108,PR101 + diff --git a/Packs/LinuxEventsCollection/.pack-ignore b/Packs/LinuxEventsCollection/.pack-ignore index e69de29bb2d1..67798f426e31 100644 --- a/Packs/LinuxEventsCollection/.pack-ignore +++ b/Packs/LinuxEventsCollection/.pack-ignore @@ -0,0 +1,9 @@ +[file:LinuxEventsCollection_1_3.yml] +ignore=MR108 + +[file:LinuxEventsCollection.yml] +ignore=MR108 + +[file:LinuxEventsCollectionParsingRules.yml] +ignore=PR101 + diff --git a/Packs/MacOS/.pack-ignore b/Packs/MacOS/.pack-ignore index e69de29bb2d1..1150dc83ed3f 100644 --- a/Packs/MacOS/.pack-ignore +++ b/Packs/MacOS/.pack-ignore @@ -0,0 +1,3 @@ +[file:MacOS.yml] +ignore=MR108 + diff --git a/Packs/ManageEngine-ADAudit/.pack-ignore b/Packs/ManageEngine-ADAudit/.pack-ignore index e69de29bb2d1..dfcda425f10b 100644 --- a/Packs/ManageEngine-ADAudit/.pack-ignore +++ b/Packs/ManageEngine-ADAudit/.pack-ignore @@ -0,0 +1,3 @@ +[file:ManageEngine-ADAudit_1_3.yml] +ignore=MR108 + diff --git a/Packs/ManageEngine-ADManager/.pack-ignore b/Packs/ManageEngine-ADManager/.pack-ignore index e69de29bb2d1..4f294e922b5d 100644 --- a/Packs/ManageEngine-ADManager/.pack-ignore +++ b/Packs/ManageEngine-ADManager/.pack-ignore @@ -0,0 +1,6 @@ +[file:ManageEngine-ADManager.yml] +ignore=PR101 + +[file:ManageEngine-ADManager_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftADFS/.pack-ignore b/Packs/MicrosoftADFS/.pack-ignore index e69de29bb2d1..e54317854d1a 100644 --- a/Packs/MicrosoftADFS/.pack-ignore +++ b/Packs/MicrosoftADFS/.pack-ignore @@ -0,0 +1,9 @@ +[file:MicrosoftADFSParsingRules.yml] +ignore=PR101 + +[file:MicrosoftADFS_1_3.yml] +ignore=MR108 + +[file:MicrosoftADFS.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftAdvancedThreatAnalytics/.pack-ignore b/Packs/MicrosoftAdvancedThreatAnalytics/.pack-ignore index 6ddac14b4a9a..80045a3e7f85 100644 --- a/Packs/MicrosoftAdvancedThreatAnalytics/.pack-ignore +++ b/Packs/MicrosoftAdvancedThreatAnalytics/.pack-ignore @@ -5,4 +5,8 @@ ignore=RM104 ignore=BA101,BA113 [file:classifier-MicrosoftAdvancedThreatAnalytics.json] -ignore=BA113,BA101 \ No newline at end of file +ignore=BA113,BA101 + +[file:MicrosoftAdvancedThreatAnalytics.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftCloudAppSecurity/.pack-ignore b/Packs/MicrosoftCloudAppSecurity/.pack-ignore index 8b739720fab1..39c9f30e24d8 100644 --- a/Packs/MicrosoftCloudAppSecurity/.pack-ignore +++ b/Packs/MicrosoftCloudAppSecurity/.pack-ignore @@ -13,3 +13,12 @@ ignore=BA101 [file:MicrosoftDefenderEventCollector.yml] ignore=BA124 +[file:MicrosoftCloudAppSecurity_1_3.yml] +ignore=MR108 + +[file:MicrosoftDefenderModelingRules.yml] +ignore=MR108 + +[file:MicrosoftCloudAppSecurity.yml] +ignore=PR101 + diff --git a/Packs/MicrosoftCore/.pack-ignore b/Packs/MicrosoftCore/.pack-ignore index e69de29bb2d1..2dc49c9d940e 100644 --- a/Packs/MicrosoftCore/.pack-ignore +++ b/Packs/MicrosoftCore/.pack-ignore @@ -0,0 +1,3 @@ +[file:MicrosoftCommonParsingRules.yml] +ignore=PR101 + diff --git a/Packs/MicrosoftDHCP/.pack-ignore b/Packs/MicrosoftDHCP/.pack-ignore index e69de29bb2d1..ec19347f2219 100644 --- a/Packs/MicrosoftDHCP/.pack-ignore +++ b/Packs/MicrosoftDHCP/.pack-ignore @@ -0,0 +1,6 @@ +[file:MicrosoftDHCP.yml] +ignore=PR101 + +[file:MicrosoftDHCP_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftDNS/.pack-ignore b/Packs/MicrosoftDNS/.pack-ignore index e69de29bb2d1..1407739aa451 100644 --- a/Packs/MicrosoftDNS/.pack-ignore +++ b/Packs/MicrosoftDNS/.pack-ignore @@ -0,0 +1,6 @@ +[file:MicrosoftDNS.yml] +ignore=MR108,PR101 + +[file:MicrosoftDNS_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/.pack-ignore b/Packs/MicrosoftDefenderAdvancedThreatProtection/.pack-ignore index 5f8ee9f5a9d8..8a9da566a075 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/.pack-ignore +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/.pack-ignore @@ -1,5 +1,5 @@ [file:MicrosoftDefenderAdvancedThreatProtection.yml] -ignore=IN126,IN136,DS107,IN124 +ignore=IN126,IN136,DS107,IN124,PR101 [file:README.md] ignore=RM102,RM104,RM106 @@ -9,6 +9,13 @@ ignore=auto-test [known_words] sc -MS +ms offboarding -offboard \ No newline at end of file +offboard + +[file:Microsoft365DefenderEventCollector_1_3.yml] +ignore=MR108 + +[file:Microsoft365DefenderEventCollector.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftDefenderforIdentity/.pack-ignore b/Packs/MicrosoftDefenderforIdentity/.pack-ignore index e69de29bb2d1..069a2e51c4df 100644 --- a/Packs/MicrosoftDefenderforIdentity/.pack-ignore +++ b/Packs/MicrosoftDefenderforIdentity/.pack-ignore @@ -0,0 +1,3 @@ +[file:MicrosoftDefenderforIdentity.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftECM/.pack-ignore b/Packs/MicrosoftECM/.pack-ignore index 0637e45e94af..5cdb832e14ad 100644 --- a/Packs/MicrosoftECM/.pack-ignore +++ b/Packs/MicrosoftECM/.pack-ignore @@ -1,2 +1,9 @@ [file:README.md] -ignore=RM106 \ No newline at end of file +ignore=RM106 + +[file:MicrosoftECM.yml] +ignore=MR108 + +[file:MicrosoftECM_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftExchangeServer/.pack-ignore b/Packs/MicrosoftExchangeServer/.pack-ignore index e69de29bb2d1..08a7ad0b2efe 100644 --- a/Packs/MicrosoftExchangeServer/.pack-ignore +++ b/Packs/MicrosoftExchangeServer/.pack-ignore @@ -0,0 +1,9 @@ +[file:MicrosoftExchangeServerModeling_1_3.yml] +ignore=MR108 + +[file:MicrosoftExchangeServerModeling.yml] +ignore=MR108 + +[file:MicrosoftExchangeServerParsingRules.yml] +ignore=PR101 + diff --git a/Packs/MicrosoftGraphSecurity/.pack-ignore b/Packs/MicrosoftGraphSecurity/.pack-ignore index 55ccc4eebfa1..bfb543141488 100644 --- a/Packs/MicrosoftGraphSecurity/.pack-ignore +++ b/Packs/MicrosoftGraphSecurity/.pack-ignore @@ -1,8 +1,9 @@ [file:MicrosoftGraphSecurity.yml] -ignore=IN126,IN135,DS107 +ignore=IN126,IN135,DS107,PR101,MR108 [file:playbook-Microsoft_Graph_Test.yml] ignore=auto-test [known_words] msg-search-alerts + diff --git a/Packs/MicrosoftIISWebServer/.pack-ignore b/Packs/MicrosoftIISWebServer/.pack-ignore index e69de29bb2d1..006fa3abee51 100644 --- a/Packs/MicrosoftIISWebServer/.pack-ignore +++ b/Packs/MicrosoftIISWebServer/.pack-ignore @@ -0,0 +1,9 @@ +[file:MicrosoftIISWebServerModelingRules.yml] +ignore=MR108 + +[file:MicrosoftIISWebServerModelingRules_1_3.yml] +ignore=MR108 + +[file:MicrosoftIISWebServer.yml] +ignore=PR101 + diff --git a/Packs/MicrosoftIntune/.pack-ignore b/Packs/MicrosoftIntune/.pack-ignore index e69de29bb2d1..b059dd9aebf4 100644 --- a/Packs/MicrosoftIntune/.pack-ignore +++ b/Packs/MicrosoftIntune/.pack-ignore @@ -0,0 +1,6 @@ +[file:MicrosoftIntuneParsingRules.yml] +ignore=PR101 + +[file:MicrosoftIntune_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftNPS/.pack-ignore b/Packs/MicrosoftNPS/.pack-ignore index e69de29bb2d1..05056a486bf1 100644 --- a/Packs/MicrosoftNPS/.pack-ignore +++ b/Packs/MicrosoftNPS/.pack-ignore @@ -0,0 +1,9 @@ +[file:MicrosoftNPS.yml] +ignore=MR108 + +[file:MicrosoftNPSParsingRules.yml] +ignore=PR101 + +[file:MicrosoftNPS_1_3.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftWSUS/.pack-ignore b/Packs/MicrosoftWSUS/.pack-ignore index e69de29bb2d1..33d44b5355f9 100644 --- a/Packs/MicrosoftWSUS/.pack-ignore +++ b/Packs/MicrosoftWSUS/.pack-ignore @@ -0,0 +1,9 @@ +[file:MicrosoftWSUS.yml] +ignore=PR101 + +[file:MicrosoftWSUSModelingRules_1_3.yml] +ignore=MR108 + +[file:MicrosoftWSUSModelingRules.yml] +ignore=MR108 + diff --git a/Packs/MicrosoftWindowsEvents/.pack-ignore b/Packs/MicrosoftWindowsEvents/.pack-ignore index e69de29bb2d1..fab8559d85eb 100644 --- a/Packs/MicrosoftWindowsEvents/.pack-ignore +++ b/Packs/MicrosoftWindowsEvents/.pack-ignore @@ -0,0 +1,3 @@ +[file:MicrosoftWindowsEvents_1_3.yml] +ignore=MR108 + diff --git a/Packs/Mimecast/.pack-ignore b/Packs/Mimecast/.pack-ignore index e8718cc9893c..caaf3c08373d 100644 --- a/Packs/Mimecast/.pack-ignore +++ b/Packs/Mimecast/.pack-ignore @@ -1,5 +1,6 @@ [file:MimecastV2.yml] ignore=IN126,IN145,IN124 + [file:README.md] ignore=RM104 @@ -8,3 +9,13 @@ ignore=IM111 [file:MimecastEventCollector_image.png] ignore=IM111 + +[file:MimecastModelingRules.yml] +ignore=MR108 + +[file:MimecastModelingRules_1_3.yml] +ignore=MR108 + +[file:MimecastParsingRules.yml] +ignore=PR101 + diff --git a/Packs/MySQLEnterprise/.pack-ignore b/Packs/MySQLEnterprise/.pack-ignore index e69de29bb2d1..f75fdc3b6ff6 100644 --- a/Packs/MySQLEnterprise/.pack-ignore +++ b/Packs/MySQLEnterprise/.pack-ignore @@ -0,0 +1,9 @@ +[file:MySQLEnterpriseEventCollector.yml] +ignore=MR108 + +[file:MySQLEnterprise_1_3.yml] +ignore=MR108 + +[file:MySQLEnterprise.yml] +ignore=PR101 + diff --git a/Packs/NGINXWebServer/.pack-ignore b/Packs/NGINXWebServer/.pack-ignore index e69de29bb2d1..bfa9953dcb59 100644 --- a/Packs/NGINXWebServer/.pack-ignore +++ b/Packs/NGINXWebServer/.pack-ignore @@ -0,0 +1,9 @@ +[file:NGINXWebServerModelingRules_1_3.yml] +ignore=MR108 + +[file:NGINXWebServerModelingRules.yml] +ignore=MR108 + +[file:NGINXWebServerParsingRules.yml] +ignore=PR101 + diff --git a/Packs/NetBox/.pack-ignore b/Packs/NetBox/.pack-ignore index e69de29bb2d1..62750b45b26c 100644 --- a/Packs/NetBox/.pack-ignore +++ b/Packs/NetBox/.pack-ignore @@ -0,0 +1,3 @@ +[file:NetBoxModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/Netskope/.pack-ignore b/Packs/Netskope/.pack-ignore index e69de29bb2d1..817fc3f5e00d 100644 --- a/Packs/Netskope/.pack-ignore +++ b/Packs/Netskope/.pack-ignore @@ -0,0 +1,6 @@ +[file:NetskopeEventCollector.yml] +ignore=MR108 + +[file:NetskopeEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/Okta/.pack-ignore b/Packs/Okta/.pack-ignore index cbce01879e2d..a4bde517ebef 100644 --- a/Packs/Okta/.pack-ignore +++ b/Packs/Okta/.pack-ignore @@ -29,3 +29,12 @@ zipprotectwithpassword [file:IAMInitOktaUser.yml] ignore=BA124 +[file:OktaModelingRules.yml] +ignore=MR108 + +[file:Okta.yml] +ignore=PR101 + +[file:OktaModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/OktaOAG/.pack-ignore b/Packs/OktaOAG/.pack-ignore index e69de29bb2d1..8784bdc68487 100644 --- a/Packs/OktaOAG/.pack-ignore +++ b/Packs/OktaOAG/.pack-ignore @@ -0,0 +1,9 @@ +[file:OktaOAG.yml] +ignore=MR108 + +[file:OktaOAG_1_3.yml] +ignore=MR108 + +[file:OktaOAGParsingRules.yml] +ignore=PR101 + diff --git a/Packs/OneLogin/.pack-ignore b/Packs/OneLogin/.pack-ignore index e69de29bb2d1..761c1c5561d3 100644 --- a/Packs/OneLogin/.pack-ignore +++ b/Packs/OneLogin/.pack-ignore @@ -0,0 +1,6 @@ +[file:OneLoginModelingRules.yml] +ignore=MR108 + +[file:OneLoginModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/OnemodelDev/.pack-ignore b/Packs/OnemodelDev/.pack-ignore index e69de29bb2d1..671710580e8e 100644 --- a/Packs/OnemodelDev/.pack-ignore +++ b/Packs/OnemodelDev/.pack-ignore @@ -0,0 +1,6 @@ +[file:OneModelDevModelingRules_1_3.yml] +ignore=MR108 + +[file:OneModelDevModelingRules.yml] +ignore=MR108 + diff --git a/Packs/Oracle/.pack-ignore b/Packs/Oracle/.pack-ignore index e69de29bb2d1..86b8c8ca6b04 100644 --- a/Packs/Oracle/.pack-ignore +++ b/Packs/Oracle/.pack-ignore @@ -0,0 +1,9 @@ +[file:Oracle.yml] +ignore=PR101 + +[file:OracleDBEventCollector.yml] +ignore=MR108 + +[file:OracleDBEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/OracleCloudInfrastructure/.pack-ignore b/Packs/OracleCloudInfrastructure/.pack-ignore index e69de29bb2d1..749577a74aa0 100644 --- a/Packs/OracleCloudInfrastructure/.pack-ignore +++ b/Packs/OracleCloudInfrastructure/.pack-ignore @@ -0,0 +1,3 @@ +[file:OracleCloudInfrastructureModelingRules.yml] +ignore=MR108 + diff --git a/Packs/Orca/.pack-ignore b/Packs/Orca/.pack-ignore index 4a4677d886a2..f0099af9ab05 100644 --- a/Packs/Orca/.pack-ignore +++ b/Packs/Orca/.pack-ignore @@ -8,4 +8,8 @@ ignore=IN145 ignore=IM111 [file:classifier-OrcaAlert.json] -ignore=BA101 \ No newline at end of file +ignore=BA101 + +[file:OrcaModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/PrismaCloud/.pack-ignore b/Packs/PrismaCloud/.pack-ignore index f1605b3fb722..3d345cf1da27 100644 --- a/Packs/PrismaCloud/.pack-ignore +++ b/Packs/PrismaCloud/.pack-ignore @@ -41,15 +41,19 @@ ignore=BA101 ignore=IM111 [known_words] -SSH -Misconfiguration -RRN -FQDN -VPC -CloudTrail +ssh +misconfiguration +rrn +fqdn +vpc +cloudtrail [file:classifier-Prisma_Cloud.json] ignore=BA101 [file:classifier-prismaCloud_app.json] -ignore=BA101 \ No newline at end of file +ignore=BA101 + +[file:PrismaCloud.yml] +ignore=PR101,MR108 + diff --git a/Packs/PrismaSaasSecurity/.pack-ignore b/Packs/PrismaSaasSecurity/.pack-ignore index 828bc3595115..87908b033897 100644 --- a/Packs/PrismaSaasSecurity/.pack-ignore +++ b/Packs/PrismaSaasSecurity/.pack-ignore @@ -1,4 +1,14 @@ [known_words] -SaaS -XDM -SaasSecurityModelingRules \ No newline at end of file +saas +xdm +saassecuritymodelingrules + +[file:SaasSecurityEventCollector.yml] +ignore=MR108 + +[file:SaasSecurityEventCollector_1_3.yml] +ignore=MR108 + +[file:PrismaSaasSecurity.yml] +ignore=PR101 + diff --git a/Packs/ProofpointObserveIT/.pack-ignore b/Packs/ProofpointObserveIT/.pack-ignore index e69de29bb2d1..3b5a5617e952 100644 --- a/Packs/ProofpointObserveIT/.pack-ignore +++ b/Packs/ProofpointObserveIT/.pack-ignore @@ -0,0 +1,3 @@ +[file:ProofpointObserveIT.yml] +ignore=MR108 + diff --git a/Packs/ProofpointTAP/.pack-ignore b/Packs/ProofpointTAP/.pack-ignore index df7d18c14f5f..064d4c5625d9 100644 --- a/Packs/ProofpointTAP/.pack-ignore +++ b/Packs/ProofpointTAP/.pack-ignore @@ -13,3 +13,12 @@ ignore=BA124 [file:ProofpointTAPMostAttackedUsers.yml] ignore=BA124 +[file:ProofpointTAP.yml] +ignore=PR101 + +[file:ProofpointTAPModelingRules.yml] +ignore=MR108 + +[file:ProofpointTAPModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/ProofpointThreatResponse/.pack-ignore b/Packs/ProofpointThreatResponse/.pack-ignore index c4df083df491..dd0f62ef9945 100644 --- a/Packs/ProofpointThreatResponse/.pack-ignore +++ b/Packs/ProofpointThreatResponse/.pack-ignore @@ -1,9 +1,16 @@ [file:ProofpointThreatResponse.yml] -ignore=IN126 +ignore=IN126,PR101 [file:README.md] ignore=RM104 [known_words] -Proofpoint -tr \ No newline at end of file +proofpoint +tr + +[file:ProofpointThreatResponseModelingRules_1_3.yml] +ignore=MR108 + +[file:ProofpointThreatResponseModelingRules.yml] +ignore=MR108 + diff --git a/Packs/RunZero/.pack-ignore b/Packs/RunZero/.pack-ignore index 405b2f08f602..40b2904085a5 100644 --- a/Packs/RunZero/.pack-ignore +++ b/Packs/RunZero/.pack-ignore @@ -1,2 +1,6 @@ [known-words] -RunZero \ No newline at end of file +runzero + +[file:RunZeroModelingRules.yml] +ignore=MR108 + diff --git a/Packs/SafeNet_Trusted_Access/.pack-ignore b/Packs/SafeNet_Trusted_Access/.pack-ignore index b34aea4a926a..eebac8aa85be 100644 --- a/Packs/SafeNet_Trusted_Access/.pack-ignore +++ b/Packs/SafeNet_Trusted_Access/.pack-ignore @@ -1,4 +1,15 @@ [file:playbook-SafeNet_Trusted_Access_-_Add_to_Unusual_Activity_Group.yml] ignore=PB106 + [file:playbook-SafeNet_Trusted_Access_-_Terminate_User_SSO_Sessions.yml] ignore=PB106 + +[file:SafeNetTrustedAccessModelingRules_1_3.yml] +ignore=MR108 + +[file:SafeNetTrustedAccessParsingRules.yml] +ignore=PR101 + +[file:SafeNetTrustedAccessModelingRules.yml] +ignore=MR108 + diff --git a/Packs/Salesforce/.pack-ignore b/Packs/Salesforce/.pack-ignore index e75d608cd3df..5390cd9babc3 100644 --- a/Packs/Salesforce/.pack-ignore +++ b/Packs/Salesforce/.pack-ignore @@ -25,3 +25,12 @@ ignore=BA124 [file:GenerateTimeZone.yml] ignore=BA124 +[file:Salesforce_1_3.yml] +ignore=MR108 + +[file:SalesforceParsingRules.yml] +ignore=PR101 + +[file:SalesforceModelingRule.yml] +ignore=MR108 + diff --git a/Packs/SentinelOne/.pack-ignore b/Packs/SentinelOne/.pack-ignore index 5143af09b718..f5b4fab93619 100644 --- a/Packs/SentinelOne/.pack-ignore +++ b/Packs/SentinelOne/.pack-ignore @@ -11,4 +11,8 @@ ignore=IN145 ignore=IM111 [known_words] -whitelist \ No newline at end of file +whitelist + +[file:SentinelOneModelingRules.yml] +ignore=MR108 + diff --git a/Packs/Slack/.pack-ignore b/Packs/Slack/.pack-ignore index 30d40947f6b1..0f1de3b7ce41 100644 --- a/Packs/Slack/.pack-ignore +++ b/Packs/Slack/.pack-ignore @@ -5,7 +5,17 @@ ignore=RM104,RM106 ignore=BA108,BA109 [known_words] -externalAskSubmit +externalasksubmit [tests_require_network] -SlackV2 \ No newline at end of file +slackv2 + +[file:SlackParsingRules.yml] +ignore=PR101 + +[file:SlackModelingRules_1_3.yml] +ignore=MR108 + +[file:SlackModelingRules.yml] +ignore=MR108 + diff --git a/Packs/SonicWallNSv/.pack-ignore b/Packs/SonicWallNSv/.pack-ignore index e69de29bb2d1..c22f13b3c123 100644 --- a/Packs/SonicWallNSv/.pack-ignore +++ b/Packs/SonicWallNSv/.pack-ignore @@ -0,0 +1,6 @@ +[file:SonicWallNSvParsingRules.yml] +ignore=PR101 + +[file:SonicWallNSv_1_3.yml] +ignore=MR108 + diff --git a/Packs/Squid/.pack-ignore b/Packs/Squid/.pack-ignore index e69de29bb2d1..2150ac440b32 100644 --- a/Packs/Squid/.pack-ignore +++ b/Packs/Squid/.pack-ignore @@ -0,0 +1,3 @@ +[file:Squid.yml] +ignore=MR108,PR101 + diff --git a/Packs/SymantecBlueCoatProxySG/.pack-ignore b/Packs/SymantecBlueCoatProxySG/.pack-ignore index e69de29bb2d1..59cb88321435 100644 --- a/Packs/SymantecBlueCoatProxySG/.pack-ignore +++ b/Packs/SymantecBlueCoatProxySG/.pack-ignore @@ -0,0 +1,3 @@ +[file:SymantecBlueCoatProxySG.yml] +ignore=PR101,MR108 + diff --git a/Packs/SymantecEndpointProtection/.pack-ignore b/Packs/SymantecEndpointProtection/.pack-ignore index 90cfb554fffc..2229c9bd918f 100644 --- a/Packs/SymantecEndpointProtection/.pack-ignore +++ b/Packs/SymantecEndpointProtection/.pack-ignore @@ -1,4 +1,12 @@ [file:SymantecEndpointProtection_V2.yml] ignore=BA108,BA109 + [known_words] -Symantec \ No newline at end of file +symantec + +[file:SymantecEndpointProtection.yml] +ignore=PR101 + +[file:SymantecEndpointProtection_1_3.yml] +ignore=MR108 + diff --git a/Packs/Tableau/.pack-ignore b/Packs/Tableau/.pack-ignore index e69de29bb2d1..03fea8bdcbbd 100644 --- a/Packs/Tableau/.pack-ignore +++ b/Packs/Tableau/.pack-ignore @@ -0,0 +1,6 @@ +[file:Tableau_1_3.yml] +ignore=MR108 + +[file:Tableau.yml] +ignore=MR108,PR101 + diff --git a/Packs/TaniumThreatResponse/.pack-ignore b/Packs/TaniumThreatResponse/.pack-ignore index 5ab630add330..713efe7f5ad2 100644 --- a/Packs/TaniumThreatResponse/.pack-ignore +++ b/Packs/TaniumThreatResponse/.pack-ignore @@ -1,5 +1,5 @@ [file:TaniumThreatResponse.yml] -ignore=IN126,IN136 +ignore=IN126,IN136,PR101,MR108 [file:README.md] ignore=RM104 @@ -11,4 +11,5 @@ ignore=IM111 ignore=IM111 [known_words] -Tanium \ No newline at end of file +tanium + diff --git a/Packs/TeamViewer/.pack-ignore b/Packs/TeamViewer/.pack-ignore index e69de29bb2d1..97802fbf1e7b 100644 --- a/Packs/TeamViewer/.pack-ignore +++ b/Packs/TeamViewer/.pack-ignore @@ -0,0 +1,3 @@ +[file:TeamViewer.yml] +ignore=MR108 + diff --git a/Packs/Tenable_io/.pack-ignore b/Packs/Tenable_io/.pack-ignore index 211c98220b3c..82f1921a880a 100644 --- a/Packs/Tenable_io/.pack-ignore +++ b/Packs/Tenable_io/.pack-ignore @@ -3,3 +3,13 @@ ignore=RM104 [file:Tenable_io.yml] ignore=BA108,BA109,IN145 + +[file:TenableioEventCollector_1_3.yml] +ignore=MR108 + +[file:Tenable_ioParsingRules.yml] +ignore=PR101 + +[file:TenableioEventCollector.yml] +ignore=MR108 + diff --git a/Packs/ThinkstCanary/.pack-ignore b/Packs/ThinkstCanary/.pack-ignore index 968985b985ed..9a73cc6bc682 100644 --- a/Packs/ThinkstCanary/.pack-ignore +++ b/Packs/ThinkstCanary/.pack-ignore @@ -1,5 +1,9 @@ [file:ThinkstCanary.yml] -ignore=IN126,IN124 +ignore=IN126,IN124,MR108 [known_words] -Thinkst \ No newline at end of file +thinkst + +[file:ThinkstCanary_1_3.yml] +ignore=MR108 + diff --git a/Packs/TrendMicroDeepSecurity/.pack-ignore b/Packs/TrendMicroDeepSecurity/.pack-ignore index fcc2fd9d71f2..0b3974a3ef93 100644 --- a/Packs/TrendMicroDeepSecurity/.pack-ignore +++ b/Packs/TrendMicroDeepSecurity/.pack-ignore @@ -2,4 +2,5 @@ ignore=CJ105 [file:TrendMicroDeepSecurity.yml] -ignore=IN145 \ No newline at end of file +ignore=IN145,MR108 + diff --git a/Packs/TrendMicroTippingPoint/.pack-ignore b/Packs/TrendMicroTippingPoint/.pack-ignore index e69de29bb2d1..822e08253b73 100644 --- a/Packs/TrendMicroTippingPoint/.pack-ignore +++ b/Packs/TrendMicroTippingPoint/.pack-ignore @@ -0,0 +1,3 @@ +[file:TrendMicroTippingPoint.yml] +ignore=MR108 + diff --git a/Packs/VMwareESXi/.pack-ignore b/Packs/VMwareESXi/.pack-ignore index e69de29bb2d1..f5154de6d671 100644 --- a/Packs/VMwareESXi/.pack-ignore +++ b/Packs/VMwareESXi/.pack-ignore @@ -0,0 +1,9 @@ +[file:VMwareESXiParsingRules.yml] +ignore=PR101 + +[file:VMwareESXI_1_3.yml] +ignore=MR108 + +[file:VMwareESXiModelingRules.yml] +ignore=MR108 + diff --git a/Packs/VMwareVCenter/.pack-ignore b/Packs/VMwareVCenter/.pack-ignore index 8b137891791f..373038ace481 100644 --- a/Packs/VMwareVCenter/.pack-ignore +++ b/Packs/VMwareVCenter/.pack-ignore @@ -1 +1,9 @@ +[file:VMwareVcenterParsingRules.yml] +ignore=PR101 + +[file:VMwareVCenterModelingRules.yml] +ignore=MR108 + +[file:VMwareVcenter_1_3.yml] +ignore=MR108 diff --git a/Packs/Vectra_AI/.pack-ignore b/Packs/Vectra_AI/.pack-ignore index d88b7e46ec58..61cec30c7fd7 100644 --- a/Packs/Vectra_AI/.pack-ignore +++ b/Packs/Vectra_AI/.pack-ignore @@ -1,5 +1,9 @@ [known_words] -Vectra -DestinationIPs -DestinationPorts -sAMAccountName \ No newline at end of file +vectra +destinationips +destinationports +samaccountname + +[file:Vectra_AIEventCollector_1_3.yml] +ignore=MR108 + diff --git a/Packs/WatchguardFirebox/.pack-ignore b/Packs/WatchguardFirebox/.pack-ignore index e69de29bb2d1..f71cadf5b0ea 100644 --- a/Packs/WatchguardFirebox/.pack-ignore +++ b/Packs/WatchguardFirebox/.pack-ignore @@ -0,0 +1,3 @@ +[file:WatchguardFirebox_1_3.yml] +ignore=MR108 + diff --git a/Packs/WithSecure/.pack-ignore b/Packs/WithSecure/.pack-ignore index e69de29bb2d1..3d986ead983e 100644 --- a/Packs/WithSecure/.pack-ignore +++ b/Packs/WithSecure/.pack-ignore @@ -0,0 +1,3 @@ +[file:WithSecure.yml] +ignore=MR108 + diff --git a/Packs/Workday/.pack-ignore b/Packs/Workday/.pack-ignore index ee2a32869492..0534618aee2f 100644 --- a/Packs/Workday/.pack-ignore +++ b/Packs/Workday/.pack-ignore @@ -16,3 +16,6 @@ ignore=IM111 [file:WorkdayIAMEventsGenerator.yml] ignore=BA124 +[file:WorkdayEventCollector.yml] +ignore=MR108 + diff --git a/Packs/Zoom/.pack-ignore b/Packs/Zoom/.pack-ignore index 5e024028d0eb..c23acbe2730c 100644 --- a/Packs/Zoom/.pack-ignore +++ b/Packs/Zoom/.pack-ignore @@ -5,4 +5,8 @@ ignore=BA108,BA109 ignore=IM111 [known_words] -ZoomApiModule \ No newline at end of file +zoomapimodule + +[file:Zoom.yml] +ignore=MR108 + diff --git a/Packs/Zscaler/.pack-ignore b/Packs/Zscaler/.pack-ignore index ea10bc21d56e..8c8a5f34c7b3 100644 --- a/Packs/Zscaler/.pack-ignore +++ b/Packs/Zscaler/.pack-ignore @@ -2,4 +2,11 @@ ignore=RM104,RM106 [known_words] -requestTimeout \ No newline at end of file +requesttimeout + +[file:ZscalerModelingRule.yml] +ignore=MR108 + +[file:ZscalerModelingRule_1_3.yml] +ignore=MR108 + diff --git a/Packs/ZscalerZPA/.pack-ignore b/Packs/ZscalerZPA/.pack-ignore index e69de29bb2d1..b991db8826da 100644 --- a/Packs/ZscalerZPA/.pack-ignore +++ b/Packs/ZscalerZPA/.pack-ignore @@ -0,0 +1,6 @@ +[file:ZscalerZPA_1_3.yml] +ignore=MR108 + +[file:ZscalerZPA.yml] +ignore=MR108 + diff --git a/Packs/cisco-ise/.pack-ignore b/Packs/cisco-ise/.pack-ignore index fd391c744baa..1fe6d1cd0a7f 100644 --- a/Packs/cisco-ise/.pack-ignore +++ b/Packs/cisco-ise/.pack-ignore @@ -1,5 +1,5 @@ [file:cisco-ise.yml] -ignore=BA108,BA109,BA124 +ignore=BA108,BA109,BA124,MR108,PR101 [file:cisco-ise_image.png] ignore=IM111 diff --git a/Packs/cisco-meraki/.pack-ignore b/Packs/cisco-meraki/.pack-ignore index e69de29bb2d1..0d6fbcecb172 100644 --- a/Packs/cisco-meraki/.pack-ignore +++ b/Packs/cisco-meraki/.pack-ignore @@ -0,0 +1,9 @@ +[file:CiscoMerakiParsingRules.yml] +ignore=PR101 + +[file:CiscoMerakiModelingRules.yml] +ignore=MR108 + +[file:CiscoMerakiModelingRules_1_3.yml] +ignore=MR108 + diff --git a/Packs/epo/.pack-ignore b/Packs/epo/.pack-ignore index 59ba0142ea68..52938522c63e 100644 --- a/Packs/epo/.pack-ignore +++ b/Packs/epo/.pack-ignore @@ -23,5 +23,15 @@ ignore=IM111 ignore=IM111 [known_words] -ePO -resetInheritance \ No newline at end of file +epo +resetinheritance + +[file:McafeeEpoModelingRules_1_3.yml] +ignore=MR108 + +[file:McAfeeEpo.yml] +ignore=PR101 + +[file:McafeeEpoModelingRules.yml] +ignore=MR108 + diff --git a/Packs/jamf/.pack-ignore b/Packs/jamf/.pack-ignore index d150a6d6ba59..10ad2a3b6c18 100644 --- a/Packs/jamf/.pack-ignore +++ b/Packs/jamf/.pack-ignore @@ -5,4 +5,14 @@ ignore=IM111 ignore=IM111 [known_words] -JAMF \ No newline at end of file +jamf + +[file:Jamf.yml] +ignore=MR108 + +[file:Jamf_1_3.yml] +ignore=MR108 + +[file:jamf.yml] +ignore=PR101 + From 17e8697b508bfdcfe20a6269f3fbefbc5630e856 Mon Sep 17 00:00:00 2001 From: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com> Date: Wed, 7 Jun 2023 13:49:06 +0300 Subject: [PATCH 029/124] [EDL] Fixed a typo in the description (#27269) * Fixed a typo in the description * Update the docker image --- Packs/EDL/Integrations/EDL/EDL.yml | 2 +- Packs/EDL/Integrations/EDL/EDL_description.md | 6 +++--- Packs/EDL/ReleaseNotes/3_1_27.md | 9 +++++++++ Packs/EDL/pack_metadata.json | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 Packs/EDL/ReleaseNotes/3_1_27.md diff --git a/Packs/EDL/Integrations/EDL/EDL.yml b/Packs/EDL/Integrations/EDL/EDL.yml index 52dfc15aa7b2..263a5e431fb5 100644 --- a/Packs/EDL/Integrations/EDL/EDL.yml +++ b/Packs/EDL/Integrations/EDL/EDL.yml @@ -519,7 +519,7 @@ script: deprecated: false description: Updates values stored in the List (only available On-Demand). execution: false - dockerimage: demisto/flask-nginx:1.0.0.61723 + dockerimage: demisto/flask-nginx:1.0.0.62466 feed: false isfetch: false longRunning: true diff --git a/Packs/EDL/Integrations/EDL/EDL_description.md b/Packs/EDL/Integrations/EDL/EDL_description.md index 9dc9a0aea39a..ff15aa70408c 100644 --- a/Packs/EDL/Integrations/EDL/EDL_description.md +++ b/Packs/EDL/Integrations/EDL/EDL_description.md @@ -15,7 +15,7 @@ In a web browser, go to **http://:**. ### Access the Generic Export Indicators Service by Instance Name (HTTPS) <~XSIAM> -**Note**: Do not set `username` and `password` in the integration instance if you are running the integration via the hosted instance. The `username and `password` fields are for usage when running the integration via an on-prem engine. +**Note**: Do not set `username` and `password` in the integration instance if you are running the integration via the hosted instance. The `username` and `password` fields are for usage when running the integration via an on-prem engine. **Note**: If no `Listen Port` param was given and the test button was clicked, the test will run with the default port 1111. After pressing `save & exit` a new free port will be assigned to the `Listen Port` parameter automatically. @@ -23,10 +23,10 @@ In a web browser, go to **http://:**. 2. You can access the External Dynamic List at the following url: `https://edl-/xsoar/instance/execute/`. 3. For example to test via curl with an instance with instance name: `EDL_instance_1`, XSIAM address `my-xsiam-subdomain.us.paloaltonetworks.com` and credentials test/password: ``` -curl -v -u test:password https://edl-my-xsiam-subdomain.us.paloaltonetworks.com/xsoar/instance/execute/ELD_instance_1 +curl -v -u test:password https://edl-my-xsiam-subdomain.us.paloaltonetworks.com/xsoar/instance/execute/EDL_instance_1 ``` -**Note**: The External Dynamic List is not be accessible via web browsers and you will receive a unauthorized error if accessing the External Dynamic List via a browser. +**Note**: The External Dynamic List is not accessible via web browsers and you will receive an unauthorized error if accessing the External Dynamic List via a browser. diff --git a/Packs/EDL/ReleaseNotes/3_1_27.md b/Packs/EDL/ReleaseNotes/3_1_27.md new file mode 100644 index 000000000000..82d06e6dacbb --- /dev/null +++ b/Packs/EDL/ReleaseNotes/3_1_27.md @@ -0,0 +1,9 @@ + +#### Integrations + +##### Generic Export Indicators Service +<~XSIAM> +- Fixed a typo in the description. + + +- Updated the Docker image to: *demisto/flask-nginx:1.0.0.62466*. diff --git a/Packs/EDL/pack_metadata.json b/Packs/EDL/pack_metadata.json index 61a971a1183d..6abaffc4ee38 100644 --- a/Packs/EDL/pack_metadata.json +++ b/Packs/EDL/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Generic Export Indicators Service", "description": "Use this pack to generate a list based on your Threat Intel Library, and export it to ANY other product in your network, such as your firewall, agent or SIEM. This pack is built for ongoing distribution of indicators from XSOAR to other products in the network, by creating an endpoint with a list of indicators that can be pulled by external vendors.", "support": "xsoar", - "currentVersion": "3.1.26", + "currentVersion": "3.1.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From e2ec5966e203f8e605ff1c2a1e8ec5565603386a Mon Sep 17 00:00:00 2001 From: eepstain <116078117+eepstain@users.noreply.github.com> Date: Wed, 7 Jun 2023 13:52:02 +0300 Subject: [PATCH 030/124] Macos Regex Fix (#27270) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules --- Packs/MacOS/ModelingRules/MacOS/MacOS.xif | 12 ++++++------ Packs/MacOS/ReleaseNotes/1_0_1.md | 6 ++++++ Packs/MacOS/pack_metadata.json | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 Packs/MacOS/ReleaseNotes/1_0_1.md diff --git a/Packs/MacOS/ModelingRules/MacOS/MacOS.xif b/Packs/MacOS/ModelingRules/MacOS/MacOS.xif index 6145d3e22d2a..f1be855374f1 100644 --- a/Packs/MacOS/ModelingRules/MacOS/MacOS.xif +++ b/Packs/MacOS/ModelingRules/MacOS/MacOS.xif @@ -1,10 +1,10 @@ [MODEL: dataset = macos_ventura_raw] alter - get_hostname = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s\d+\s\d{2}:\d{2}:\d{2}\s([^\s]+)"), ""), - get_process = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s\d+\s\d{2}:\d{2}:\d{2}\s[^\s]+\s([^\[]+)"), ""), - get_pid = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s\d+\s\d{2}:\d{2}:\d{2}\s[^\s]+\s[^\[]+\[([^\]]+)"), ""), - get_description = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s\d+\s\d{2}:\d{2}:\d{2}\s[^\s]+\s[^\[]+\[[^\]]+\]:(.*)"), ""), - get_des_pid = arraystring(regextract(_raw_log, "pid[\s|=]+\d+"), ""), + get_hostname = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s+\d+\s+\d{2}:\d{2}:\d{2}\s([^\s]+)"), ""), + get_process = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s+\d+\s+\d{2}:\d{2}:\d{2}\s[^\s]+\s([^\[]+)"), ""), + get_pid = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s+\d+\s+\d{2}:\d{2}:\d{2}\s[^\s]+\s[^\[]+\[([^\]]+)"), ""), + get_description = arraystring(regextract(_raw_log, "<\d+>[^\s]+\s+\d+\s+\d{2}:\d{2}:\d{2}\s[^\s]+\s[^\[]+\[[^\]]+\]:(.*)"), ""), + get_des_pid = arraystring(regextract(_raw_log, "pid[\s|=]+(\d+)"), ""), get_des_uid = arraystring(regextract(_raw_log, "uid[\s|=]+(\d+)"), ""), get_des_path = arraystring(regextract(_raw_log, "path[\s|=]+([^,]+)"), ""), get_des_macos_error_code = arraystring(regextract(_raw_log, "[C|c]ode[\s|=](\d+)"), ""), @@ -12,7 +12,7 @@ alter get_pkinstallpackageidentifier = arraystring(regextract(_raw_log, "PKInstallPackageIdentifier[\s|=]([^,]+)"), ""), get_nslocalizeddescription = arraystring(regextract(_raw_log, "NSLocalizedDescription[\s|=]([^,}]+)"), "") | alter - xdm.source.host.os_family=XDM_CONST.OS_FAMILY_MACOS, + xdm.source.host.os_family = XDM_CONST.OS_FAMILY_MACOS, xdm.source.host.hostname = get_hostname, xdm.source.process.name = get_process, xdm.source.process.parent_id = get_pid, diff --git a/Packs/MacOS/ReleaseNotes/1_0_1.md b/Packs/MacOS/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..82b0c57074f2 --- /dev/null +++ b/Packs/MacOS/ReleaseNotes/1_0_1.md @@ -0,0 +1,6 @@ + +#### Modeling Rules + +##### MacOS + +- Updated the Modeling Rule Regex logic diff --git a/Packs/MacOS/pack_metadata.json b/Packs/MacOS/pack_metadata.json index f8d5f9d33d79..633f332c0da8 100644 --- a/Packs/MacOS/pack_metadata.json +++ b/Packs/MacOS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MacOS", "description": "The operating system the powers every Mac device. A Unix operating system developed and marketed by Apple.", "support": "xsoar", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 822cbbfda935b7d04cc97d2ef34b11fb324a1705 Mon Sep 17 00:00:00 2001 From: darkushin <61732335+darkushin@users.noreply.github.com> Date: Wed, 7 Jun 2023 14:05:17 +0300 Subject: [PATCH 031/124] Cs falcon add tags to cs-falcon-upload-custom-ioc command (#27234) * CS Flacon add tags to upload-custom-ioc command * added RNs --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 3 +++ Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_20.md | 6 ++++++ Packs/CrowdStrikeFalcon/pack_metadata.json | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_20.md diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 9258b560337b..7fa4e4667863 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -1394,6 +1394,9 @@ script: - description: List of host group IDs that the indicator applies to. Can be retrieved by running the cs-falcon-list-host-groups command. Either applied_globally or host_groups must be provided. isArray: true name: host_groups + - description: List of tags to apply to the indicator. + isArray: true + name: tags description: Uploads an indicator for CrowdStrike to monitor. name: cs-falcon-upload-custom-ioc outputs: diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_20.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_20.md new file mode 100644 index 000000000000..0e4685be2c84 --- /dev/null +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_20.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CrowdStrike Falcon + +- Fixed an issue in the ***cs-falcon-upload-custom-ioc*** command where the *tags* variable did not appear. diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json index 6fcae5c4d746..5d7f3020c48f 100644 --- a/Packs/CrowdStrikeFalcon/pack_metadata.json +++ b/Packs/CrowdStrikeFalcon/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon", "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.", "support": "xsoar", - "currentVersion": "1.10.19", + "currentVersion": "1.10.20", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From eb91a9fa58b8ddb33e59327ed3c397d984e75d3c Mon Sep 17 00:00:00 2001 From: Mai Morag <81917647+maimorag@users.noreply.github.com> Date: Wed, 7 Jun 2023 15:04:31 +0300 Subject: [PATCH 032/124] Align credentials stores part 11 (#27253) * Align credentials part 11 * Trend Micro Apex * ignore * adding tests to hostlo * Trend Micro Apex tests * trend more test * change test --- Packs/HostIo/.pack-ignore | 3 - Packs/HostIo/Integrations/HostIo/HostIo.py | 4 +- Packs/HostIo/Integrations/HostIo/HostIo.yml | 10 +- .../HostIo/Integrations/HostIo/HostIo_test.py | 49 ++++++++ Packs/HostIo/ReleaseNotes/1_0_16.md | 6 + Packs/HostIo/pack_metadata.json | 2 +- Packs/TrendMicroApex/.pack-ignore | 2 +- .../TrendMicroApex/TrendMicroApex.py | 5 +- .../TrendMicroApex/TrendMicroApex.yml | 10 +- .../TrendMicroApex/TrendMicroApex_test.py | 110 ++++++++++++++++++ Packs/TrendMicroApex/ReleaseNotes/2_0_4.md | 6 + Packs/TrendMicroApex/pack_metadata.json | 2 +- 12 files changed, 196 insertions(+), 13 deletions(-) create mode 100644 Packs/HostIo/ReleaseNotes/1_0_16.md create mode 100644 Packs/TrendMicroApex/ReleaseNotes/2_0_4.md diff --git a/Packs/HostIo/.pack-ignore b/Packs/HostIo/.pack-ignore index efe2688008f9..c91486b194dc 100644 --- a/Packs/HostIo/.pack-ignore +++ b/Packs/HostIo/.pack-ignore @@ -1,5 +1,2 @@ -[file:HostIo.yml] -ignore=IN145 - [file:HostIo_image.png] ignore=IM111 diff --git a/Packs/HostIo/Integrations/HostIo/HostIo.py b/Packs/HostIo/Integrations/HostIo/HostIo.py index a95ffe0039aa..1a0b995502d0 100644 --- a/Packs/HostIo/Integrations/HostIo/HostIo.py +++ b/Packs/HostIo/Integrations/HostIo/HostIo.py @@ -177,7 +177,9 @@ def main() -> None: :rtype: """ params = demisto.params() - api_key = params.get('token') + api_key = params.get('credentials_token', {}).get('password') or params.get('token') + if not api_key: + return_error('API Key must be provided.') base_url = urljoin(params['url'], '/api') verify_certificate = not params.get('insecure', False) diff --git a/Packs/HostIo/Integrations/HostIo/HostIo.yml b/Packs/HostIo/Integrations/HostIo/HostIo.yml index 51339007feff..157234144734 100644 --- a/Packs/HostIo/Integrations/HostIo/HostIo.yml +++ b/Packs/HostIo/Integrations/HostIo/HostIo.yml @@ -14,7 +14,13 @@ configuration: - display: API Key name: token type: 4 - required: true + required: false + hidden: true +- displaypassword: API Key + name: credentials_token + required: false + hiddenusername: true + type: 9 - display: Trust any certificate (not secure) name: insecure type: 8 @@ -141,7 +147,7 @@ script: description: Name of the server where the domain exists. type: String description: Returns domain information. - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.11.61265 runonce: false subtype: python3 fromversion: 5.0.0 diff --git a/Packs/HostIo/Integrations/HostIo/HostIo_test.py b/Packs/HostIo/Integrations/HostIo/HostIo_test.py index 628373a9109b..afa5d59bfa8d 100644 --- a/Packs/HostIo/Integrations/HostIo/HostIo_test.py +++ b/Packs/HostIo/Integrations/HostIo/HostIo_test.py @@ -2,6 +2,7 @@ import json import io +import pytest def util_load_json(path): @@ -91,3 +92,51 @@ def test_search(requests_mock): assert response.outputs_prefix == 'HostIo.Search' assert response.outputs_key_field == ['Field', 'Value'] assert response.raw_response == mock_response + + +ARGS_CASES = [('test-module', 'test_module', 'ok'), + ('domain', 'get_domain_data', { + 'web': { + 'date': '2022-01-01', + 'server': 'test_server', + 'title': 'test_title', + 'country': 'test_country', + 'email': 'test_email', + 'phone': 'test_phone' + }, + 'dns': { + 'ns': ['test_ns']}}), + ('hostio-domain-search', 'get_search_data', { + 'domains': [ + {'domain': 'test_domain1'}, + {'domain': 'test_domain2'} + ], + 'total': 2 + })] + + +@pytest.mark.parametrize('function, client_function_to_mock, result_client', ARGS_CASES) +def test_main(mocker, function, client_function_to_mock, result_client): + """ + Given: + - Valid parameters and commands. + + When: + - Calling the main function. + + Then: + - Ensure the function runs successfully and returns CommandResults objects for all valid commands. + """ + from HostIo import main, Client + import demistomock as demisto + mocker.patch.object(demisto, 'params', return_value={ + 'credentials_token': {'password': 'test_api_key'}, + 'url': 'https://test.com', + 'insecure': False, + 'proxy': False, + 'integrationReliability': 'A - High' + }) + is_function_called = mocker.patch.object(demisto, 'command', return_value=function) + mocker.patch.object(Client, client_function_to_mock, return_value=result_client) + main() + assert is_function_called.call_count diff --git a/Packs/HostIo/ReleaseNotes/1_0_16.md b/Packs/HostIo/ReleaseNotes/1_0_16.md new file mode 100644 index 000000000000..7f9df5a16d0c --- /dev/null +++ b/Packs/HostIo/ReleaseNotes/1_0_16.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### HostIo +- Added the *API Key* integration parameters to support credentials fetching object. +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/HostIo/pack_metadata.json b/Packs/HostIo/pack_metadata.json index f428cc454986..e9a88c2eb1a9 100644 --- a/Packs/HostIo/pack_metadata.json +++ b/Packs/HostIo/pack_metadata.json @@ -2,7 +2,7 @@ "name": "HostIo", "description": "Enrich domains using the host.io API.", "support": "xsoar", - "currentVersion": "1.0.15", + "currentVersion": "1.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/TrendMicroApex/.pack-ignore b/Packs/TrendMicroApex/.pack-ignore index 215daed0b2a5..c792a103862c 100644 --- a/Packs/TrendMicroApex/.pack-ignore +++ b/Packs/TrendMicroApex/.pack-ignore @@ -2,4 +2,4 @@ ignore=RM104 [file:TrendMicroApex.yml] -ignore=IN145 \ No newline at end of file +ignore=IN124 diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py index 32baf0c90837..352e7dccf961 100644 --- a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py +++ b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py @@ -186,7 +186,6 @@ def create_jwt_token(self, http_method, api_path, headers, request_body, iat=tim 'iat': iat, 'version': version, 'checksum': checksum} - token = jwt.encode(payload, self.api_key, algorithm=algorithm) return token @@ -928,7 +927,9 @@ def main(): params = demisto.params() - api_key = params.get('token') + api_key = params.get('credentials_api_token', {}).get('password') or params.get('token') + if not api_key: + return_error('API Key must be provided.') app_id = params.get('application_id') base_url = urljoin(params.get('url'), '') diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml index 54dc2bb041b2..46f33978a085 100644 --- a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml +++ b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml @@ -13,8 +13,14 @@ configuration: type: 0 - display: API Key name: token - required: true + required: false type: 4 + hidden: true +- displaypassword: API Token + name: credentials_api_token + required: false + hiddenusername: true + type: 9 - display: Trust any certificate (not secure) name: insecure required: false @@ -982,7 +988,7 @@ script: - contextPath: TrendMicroApex.InvestigationResult.errorServers description: Error response if server communication is unsuccessful. type: String - dockerimage: demisto/pycef:1.0.0.23290 + dockerimage: demisto/pycef:1.0.0.61516 feed: false isfetch: false longRunning: false diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex_test.py b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex_test.py index 114b8f97ec84..165994cfbedf 100644 --- a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex_test.py +++ b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex_test.py @@ -331,3 +331,113 @@ def test_convert_timestamps_and_scan_type_to_readable(): ] result_list = Client.convert_timestamps_and_scan_type_to_readable(test_list) assert expected_list == result_list + + +def test_udso_list_command(mocker): + """ + Given: + - Valid input parameters. + + When: + - Calling udso_list_command function. + + Then: + - Ensure the function returns a valid response. + """ + from TrendMicroApex import udso_list_command + args = {'type': 'file', 'content_filter': 'test'} + + expected_response = { + 'Data': [ + {'content': 'test1', 'type': 'file'}, + {'content': 'test2', 'type': 'file'} + ] + } + + mocker.patch.object(client, 'udso_list', return_value=expected_response) + + result = udso_list_command(client, args) + + assert result.outputs == { + 'TrendMicroApex.UDSO(val.content == obj.content)': expected_response['Data'], + 'TrendMicroApex.USDO(val.content == obj.content)': expected_response['Data'] + } + assert result.readable_output == '### Apex One UDSO List\n|content|type|\n|---|---|\n| test1 | file |\n| test2 | file |\n' + assert result.raw_response == expected_response + + +def test_udso_delete_command(mocker): + """ + Given: + - A client object + - A dictionary containing the UDSO type and content to delete + + When: + - Calling the udso_delete_command function + + Then: + - Ensure the function successfully deletes the UDSO of the specified type and content + - Ensure the CommandResults object contains the expected readable output and raw response + """ + from TrendMicroApex import udso_delete_command + expected_output = '### UDSO "test_content" of type "test_type" was deleted successfully' + expected_response = {'success': True} + + mocker.patch.object(Client, 'udso_delete', return_value=expected_response) + + args = {'type': 'test_type', 'content': 'test_content'} + + result = udso_delete_command(client, args) + + assert result.readable_output == expected_output + assert result.raw_response == expected_response + + +def test_udso_add_command(mocker): + """ + Given: + - All required arguments are provided. + + When: + - Calling udso_add_command function. + + Then: + - Ensure the function returns a CommandResults object with the expected readable output and raw response. + """ + from TrendMicroApex import udso_add_command + args = { + 'type': 'hash', + 'content': '1234567890abcdef', + 'scan_action': 'clean' + } + expected_output = '### UDSO "1234567890abcdef" of type "hash" was added successfully with scan action "clean"' + + mocker.patch.object(client, 'udso_add', return_value={'success': True}) + + result = udso_add_command(client, args) + + assert result.readable_output == expected_output + assert result.raw_response == {'success': True} + + +def test_prodagent_isolate_command(mocker): + """ + Given: + - The entity_id argument is provided. + + When: + - Calling the prodagent_isolate_command function. + + Then: + - Ensure the function returns a CommandResults object with the expected outputs. + """ + from TrendMicroApex import prodagent_isolate_command + args = {'entity_id': '12345'} + + mocker.patch.object(client, 'prodagent_isolate', return_value={'result_content': [{'agentGuid': '12345'}]}) + + result = prodagent_isolate_command(client, args) + + assert result.outputs_prefix == 'TrendMicroApex.ProductAgent' + assert result.outputs == [{'agentGuid': '12345'}] + assert result.readable_output == '### Apex One ProductAgent Isolate\n|agentGuid|\n|---|\n| 12345 |\n' diff --git a/Packs/TrendMicroApex/ReleaseNotes/2_0_4.md b/Packs/TrendMicroApex/ReleaseNotes/2_0_4.md new file mode 100644 index 000000000000..8a4fd4cf8b8d --- /dev/null +++ b/Packs/TrendMicroApex/ReleaseNotes/2_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Trend Micro Apex One +- Added the *API Key* integration parameters to support credentials fetching object. +- Updated the Docker image to: *demisto/pycef:1.0.0.61516*. diff --git a/Packs/TrendMicroApex/pack_metadata.json b/Packs/TrendMicroApex/pack_metadata.json index 495f950dfb4b..85897cfe4f5b 100644 --- a/Packs/TrendMicroApex/pack_metadata.json +++ b/Packs/TrendMicroApex/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Apex One", "description": "Trend Micro Apex One central automation to manage agents and User-Defined Suspicious Objects", "support": "xsoar", - "currentVersion": "2.0.3", + "currentVersion": "2.0.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From f0d7c35ae1b77acd16e42cbdcfaca1f3c9d6ae93 Mon Sep 17 00:00:00 2001 From: rshunim <102469772+rshunim@users.noreply.github.com> Date: Wed, 7 Jun 2023 15:57:46 +0300 Subject: [PATCH 033/124] Syslogv2 was removed from xsiam marketplace (#27278) * remove Syslogv2 from xsiam marketplace * RN * known_words * Update Packs/Syslog/ReleaseNotes/2_0_16.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * DO --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --- Packs/Syslog/.pack-ignore | 3 ++- Packs/Syslog/Integrations/Syslogv2/Syslogv2.yml | 4 +++- Packs/Syslog/ReleaseNotes/2_0_16.md | 8 ++++++++ Packs/Syslog/pack_metadata.json | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 Packs/Syslog/ReleaseNotes/2_0_16.md diff --git a/Packs/Syslog/.pack-ignore b/Packs/Syslog/.pack-ignore index d7d35b7df5f4..79b75bd84aec 100644 --- a/Packs/Syslog/.pack-ignore +++ b/Packs/Syslog/.pack-ignore @@ -1,4 +1,5 @@ [known_words] RFC TLS -Syslog \ No newline at end of file +Syslog +BrokerVM \ No newline at end of file diff --git a/Packs/Syslog/Integrations/Syslogv2/Syslogv2.yml b/Packs/Syslog/Integrations/Syslogv2/Syslogv2.yml index e34c768119a7..a5133a9bc39f 100644 --- a/Packs/Syslog/Integrations/Syslogv2/Syslogv2.yml +++ b/Packs/Syslog/Integrations/Syslogv2/Syslogv2.yml @@ -60,7 +60,7 @@ script: script: "-" type: python subtype: python3 - dockerimage: demisto/syslog:1.0.0.48738 + dockerimage: demisto/syslog:1.0.0.61542 feed: false longRunning: true longRunningPort: true @@ -69,3 +69,5 @@ script: fromversion: 6.0.0 tests: - No tests (auto formatted) +marketplaces: +- xsoar diff --git a/Packs/Syslog/ReleaseNotes/2_0_16.md b/Packs/Syslog/ReleaseNotes/2_0_16.md new file mode 100644 index 000000000000..78b28de36c53 --- /dev/null +++ b/Packs/Syslog/ReleaseNotes/2_0_16.md @@ -0,0 +1,8 @@ + +#### Integrations + +##### Syslog v2 +<~XSIAM> +- Removed from the XSIAM marketplace. In XSIAM, use the `BrokerVM` module instead. + +- Updated the Docker image to: *demisto/syslog:1.0.0.61542*. diff --git a/Packs/Syslog/pack_metadata.json b/Packs/Syslog/pack_metadata.json index 745041823b16..43a25e320ecf 100644 --- a/Packs/Syslog/pack_metadata.json +++ b/Packs/Syslog/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Syslog", "description": "Use the Syslog pack to send messages and mirror incident War Room entries to Syslog, or listen to incoming Syslog messages.", "support": "xsoar", - "currentVersion": "2.0.15", + "currentVersion": "2.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From bae90108e2cd539607dc3fbc17196501c63fd738 Mon Sep 17 00:00:00 2001 From: rshunim <102469772+rshunim@users.noreply.github.com> Date: Wed, 7 Jun 2023 16:24:02 +0300 Subject: [PATCH 034/124] Microsoft Graph Single User - Edit documentation (#27275) * edit documentation * edit documentation * RN and DO * fix doc * mistake --- .../MicrosoftGraphListener/MicrosoftGraphListener.yml | 3 ++- Packs/MicrosoftGraphMail/ReleaseNotes/1_5_4.md | 7 +++++++ Packs/MicrosoftGraphMail/pack_metadata.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 Packs/MicrosoftGraphMail/ReleaseNotes/1_5_4.md diff --git a/Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.yml b/Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.yml index b51209f4a587..9afe51da7303 100644 --- a/Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.yml +++ b/Packs/MicrosoftGraphMail/Integrations/MicrosoftGraphListener/MicrosoftGraphListener.yml @@ -111,6 +111,7 @@ configuration: required: true type: 0 section: Collect + additionalinfo: During authentication, ensure you are logged in to this email address. - display: Name of the folder from which to fetch incidents (supports Folder ID and sub-folders e.g., Inbox/Phishing) name: folder_to_fetch required: true @@ -755,7 +756,7 @@ script: execution: false name: msgraph-mail-generate-login-url arguments: [] - dockerimage: demisto/crypto:1.0.0.58768 + dockerimage: demisto/crypto:1.0.0.62404 isfetch: true runonce: false script: '' diff --git a/Packs/MicrosoftGraphMail/ReleaseNotes/1_5_4.md b/Packs/MicrosoftGraphMail/ReleaseNotes/1_5_4.md new file mode 100644 index 000000000000..892c33f1a246 --- /dev/null +++ b/Packs/MicrosoftGraphMail/ReleaseNotes/1_5_4.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Microsoft Graph Mail Single User + +- Documentation and metadata improvements. +- Updated the Docker image to: *demisto/crypto:1.0.0.62404*. diff --git a/Packs/MicrosoftGraphMail/pack_metadata.json b/Packs/MicrosoftGraphMail/pack_metadata.json index 57e9dd01abdd..9a2f28a5fb66 100644 --- a/Packs/MicrosoftGraphMail/pack_metadata.json +++ b/Packs/MicrosoftGraphMail/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph Mail", "description": "Microsoft Graph lets your app get authorized access to a user's Outlook mail data in a personal or organization account.", "support": "xsoar", - "currentVersion": "1.5.3", + "currentVersion": "1.5.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 4f14d587d0d9313783d9359532479cc5389523ff Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 16:58:25 +0300 Subject: [PATCH 035/124] ExtraHop release v2.1.0 (#27056) (#27279) * Update .devcontainer.json name * added changes related to ExtrHop 2.1.0 release --------- Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems --- Packs/ExtraHop/.pack-ignore | 136 ++++++++++++++- .../Integrations/ExtraHop_v2/ExtraHop_v2.py | 65 ++++--- .../Integrations/ExtraHop_v2/ExtraHop_v2.yml | 16 +- .../ExtraHop_v2/ExtraHop_v2_test.py | 161 ++++++++++++++---- .../Integrations/ExtraHop_v2/README.md | 4 +- .../fetch_detections_empty_participants.json | 2 +- .../test_data/fetch_detections_success.json | 2 +- .../test_data/list_detections_success.json | 4 +- .../test_data/list_detections_success_hr.md | 4 +- ...ections_with_complete_description_url.json | 2 +- ...etections_with_complete_description_url.md | 2 +- .../list_detections_with_description_url.json | 2 +- .../list_detections_with_description_url.md | 2 +- .../ExtraHop_v2/test_data/mock_incidents.json | 2 +- .../mock_incidents_no_participants.json | 2 +- Packs/ExtraHop/ReleaseNotes/2_1_0.md | 13 ++ .../ExtraHopTrackIncidents.yml | 2 +- Packs/ExtraHop/pack_metadata.json | 2 +- 18 files changed, 346 insertions(+), 77 deletions(-) create mode 100644 Packs/ExtraHop/ReleaseNotes/2_1_0.md diff --git a/Packs/ExtraHop/.pack-ignore b/Packs/ExtraHop/.pack-ignore index e827041081d1..0c423c2cd5cf 100644 --- a/Packs/ExtraHop/.pack-ignore +++ b/Packs/ExtraHop/.pack-ignore @@ -53,7 +53,140 @@ ignore=IF115 extrahop mappers mapper -reveal(x +x +unselected +utc +N +pv +VLAN +DHCP +suffixes +s +m +h +d +w +operand +SNMP +wireshark +BPF +SS +vlans +devicegroups +activitygroups +ipaddr +CGP +RTO +DSCP +Dups +SDP +HASSH +Pipelined +Recursion +Rsp +SQ +suboperation +XSS +KEX +MTU +Opcode +R +Referer +PDU +SASL +Redelivery +SSRC +TCP +Msg +v +Vx +VNI +hr +workflows +Mware +CBC +br +Macaddr +Vlanid +Cdp +Netbios +AAA +amf +CIFS +DB +DICOM +IBMMQ +IMAP +Psec +T +IRC +MQ +AJP +IPFIX +SCSI +Kerberos +LDAP +lync +memcache +Modbus +MSMQ +MSN +MSRPC +NFS +NTP +VPN +P +RDP +Redis +RFB +RTCP +RTP +SMPP +SMTP +UDP +Meraki +pc +lucent +alcatel +arista +linksys +citrix +dellemc +emc +hp +htc +huawei +kyocera +netapp +netgear +nokia +nortel +paloalto +samsung +toshiba +virtualbox +zte +icmp +gt +lt +startswith +f +g +px +ft +jg +k +qs +b +wgo +wz +xx +nx +xc +j +odk +untagged +assignee cve-2019-0708 extrahop-detections-list extrahop-metrics-list @@ -72,4 +205,3 @@ extrahop-watchlist-edit [file:ExtraHopTrackIncidents.yml] ignore=BA124 - diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.py b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.py index 27d3880683e3..57593e7f0888 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.py +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.py @@ -93,7 +93,7 @@ VALID_DETECTION_KEYS = ["filter", "limit", "offset", "from", "until", "sort", "mod_time"] -VALID_FILTER_KEYS = ["assignee", "category", "resolution", "risk_score_min", "status", "ticket_id", "types"] +VALID_FILTER_KEYS = ["assignee", "categories", "category", "resolution", "risk_score_min", "status", "ticket_id", "types"] DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' @@ -836,6 +836,25 @@ def validate_detections_list_arguments(body: Dict) -> None: body["offset"] = 0 +def add_default_category_for_filter_of_detection_list(_filter: Dict) -> None: + """Set a default category for filter argument. + + Args: + _filter: Filter argument for detection list command. + """ + if "category" not in _filter: + if "categories" not in _filter: + _filter["categories"] = ["sec.attack"] + elif isinstance(_filter.get("categories"), list): + valid_categories = [] + for category in _filter.get("categories", []): + if isinstance(category, str): + category = category.strip() + if category: + valid_categories.append(category) + _filter["categories"] = valid_categories if valid_categories else ["sec.attack"] + + def format_protocol_stack(protocol_list: List) -> str: """Formats the protocol stack. @@ -1471,23 +1490,23 @@ def fetch_incidents(client: ExtraHopClient, params: Dict, last_run: Dict, on_clo if last_run.get("version_recheck_time", 1581852287000) < int(now.timestamp() * 1000): version = get_extrahop_server_version(client) last_run["version_recheck_time"] = int(next_day.timestamp() * 1000) - if version < "9.1.2": + if version < "9.3.0": raise DemistoException( - "This integration works with ExtraHop firmware version greater than or equal to 9.1.2") + "This integration works with ExtraHop firmware version greater than or equal to 9.3.0") - advanced_filter = params.get('advanced_filter', '{}') - try: - filter = json.loads(advanced_filter) - except json.JSONDecodeError as error: - raise ValueError("Invalid JSON string provided for advanced filter.") from error + advanced_filter = params.get("advanced_filter") + if advanced_filter and advanced_filter.strip(): + try: + _filter = json.loads(advanced_filter) + add_default_category_for_filter_of_detection_list(_filter) + except json.JSONDecodeError as error: + raise ValueError("Invalid JSON string provided for advanced filter.") from error + else: + _filter = {"categories": ["sec.attack"]} - advanced_filter = {} - advanced_filter["filter"] = filter - advanced_filter["mod_time"] = fetch_params["detection_start_time"] - advanced_filter["until"] = 0 - advanced_filter["limit"] = MAX_FETCH - advanced_filter["offset"] = fetch_params["offset"] - advanced_filter["sort"] = [{"direction": "asc", "field": "mod_time"}] + advanced_filter = {"filter": _filter, "mod_time": fetch_params["detection_start_time"], "until": 0, + "limit": MAX_FETCH, "offset": fetch_params["offset"], + "sort": [{"direction": "asc", "field": "mod_time"}]} incidents, next_run = fetch_extrahop_detections(client, advanced_filter, last_run, on_cloud) demisto.info(f"Extrahop next_run is {next_run}") @@ -1995,13 +2014,12 @@ def detections_list_command(client: ExtraHopClient, args: Dict[str, Any], on_clo CommandResults object. """ version = get_extrahop_server_version(client) - if version < "9.1.2": + if version < "9.3.0": raise DemistoException( - "This integration works with ExtraHop firmware version greater than or equal to 9.1.2") + "This integration works with ExtraHop firmware version greater than or equal to 9.3.0") body = {} if advanced_filter: - validate_detections_list_arguments(advanced_filter) body = advanced_filter else: @@ -2012,12 +2030,15 @@ def detections_list_command(client: ExtraHopClient, args: Dict[str, Any], on_clo sort = args.get("sort") until_time = arg_to_number(args.get("until")) mod_time = arg_to_number(args.get("mod_time")) - if filter_query: + if filter_query and filter_query.strip(): try: filter_query = json.loads(filter_query) + add_default_category_for_filter_of_detection_list(filter_query) body["filter"] = filter_query except json.JSONDecodeError: raise ValueError("Invalid json string provided for filter.") + else: + body["filter"] = {"categories": ["sec.attack"]} if isinstance(from_time, int): body["from"] = from_time @@ -2054,7 +2075,7 @@ def detections_list_command(client: ExtraHopClient, args: Dict[str, Any], on_clo if isinstance(mod_time, int): body["mod_time"] = mod_time - validate_detections_list_arguments(body) + validate_detections_list_arguments(body) detections = client.detections_list(body) @@ -2191,8 +2212,8 @@ def test_module(client: ExtraHopClient) -> str: """ response = client.test_connection() version = get_extrahop_server_version(client) - if version < "9.1.2": - raise DemistoException("This integration works with ExtraHop firmware version greater than or equal to 9.1.2") + if version < "9.3.0": + raise DemistoException("This integration works with ExtraHop firmware version greater than or equal to 9.3.0") if response: return "ok" raise ValueError("Failed to establish connection with provided credentials.") diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.yml b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.yml index 1cd2faf1c1b7..daaa33dd7c64 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.yml +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.yml @@ -64,15 +64,16 @@ configuration: required: false type: 0 - additionalinfo: |- - Applies a filter to the list of detections or metrics based on a JSON-specific query. + Applies a filter to the list of detections based on a JSON-specific query. Example for detections: { - "category": "sec", + "categories": ["sec.attack"], "risk_score_min": 51 } - For a complete reference to the Extrahop detections filter fields , please refer to the ExtraHop REST API documentation at + If the categories and category are not specified, then categories will be set to ["sec.attack"]. The category field is deprecated by the API, so please use the categories field instead. + For a complete reference to the Extrahop detections filter fields, please refer to the ExtraHop REST API documentation at https://docs.extrahop.com/current/rest-api-guide/ display: Advanced Filter name: advanced_filter @@ -1676,11 +1677,12 @@ script: description: |- Detection-specific filters. For eg: - filter={ - "category": "sec", - "risk_score_min": 51 - } + { + "categories": ["sec.attack"], + "risk_score_min": 51 + } + If the categories and category are not specified, then categories will be set to ["sec.attack"]. The category field is deprecated by the API, so please use the categories field instead. Refer to the ExtraHop REST API guide at https://docs.extrahop.com/current/rest-api-guide/ isArray: false name: filter diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2_test.py b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2_test.py index ac0acb749700..7507aeda3966 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2_test.py +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2_test.py @@ -573,7 +573,7 @@ def test_metrics_list_command_error_code_401(requests_mock): ( {"filter": '{"invalid_arg": 1}'}, "invalid_arg is an invalid value for key. Possible values are: ['assignee', " - "'category', 'resolution', 'risk_score_min', 'status', 'ticket_id', 'types']", + "'categories', 'category', 'resolution', 'risk_score_min', 'status', 'ticket_id', 'types']", ), ], ) @@ -588,7 +588,7 @@ def test_detections_list_command_invalid_args(requests_mock, args, error_msg): - Ensure appropriate error is raised. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) with pytest.raises(Exception) as error: @@ -596,9 +596,109 @@ def test_detections_list_command_invalid_args(requests_mock, args, error_msg): assert str(error.value) == error_msg +def test_detections_list_command_failure_when_firmware_version_is_outdated(requests_mock): + """Test case scenario for execution of detections list command when ExtraHop firmware version is less than 9.3.0. + + Given: + - Arguments for detections list command. + When: + - detections_list_command is called. + Then: + - Returns a valid error message. + """ + client = init_mock_client(requests_mock, on_cloud=False) + requests_mock.get( + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.1943"} + ) + with pytest.raises(DemistoException) as err: + ExtraHop_v2.detections_list_command(client, {}, True, '{}') + assert ( + str(err.value) + == "This integration works with ExtraHop firmware version greater than or equal to 9.3.0" + ) + + +@pytest.mark.parametrize("on_cloud", [False, True]) +def test_list_detections_command_successful_execution_with_categories(on_cloud, requests_mock): + """Test case scenario for successful execution of detections-list command with categories. + + Given: + - User has provided valid credentials. + When: + - detections_list_command is called. + Then: + - Ensure human-readable output is correct. + - Ensure outputs prefix is correct. + """ + requests_mock.get( + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} + ) + client = init_mock_client(requests_mock, on_cloud) + args = { + "limit": "2", + "filter": """{ + \"categories\": [\"sec.attack\"], + \"risk_score_min\": 51 + }""", + "from": "1573500360001", + "offset": "2", + "sort": "end_time asc,id desc", + "until": "1673569370001", + } + response = load_mock_response(LIST_DETECTIONS_SUCCESS) + + expected_hr = load_file("list_detections_success_hr.md") + + requests_mock.post(f"{BASE_URL}/api/v1/detections/search", json=response) + + results = ExtraHop_v2.detections_list_command(client, args) + + assert results.readable_output == expected_hr + assert results.outputs_prefix == "ExtraHop.Detections" + + +@pytest.mark.parametrize("on_cloud", [False, True]) +def test_list_detections_command_successful_execution_with_category(on_cloud, requests_mock): + """Test case scenario for successful execution of detections-list command with category. + + Given: + - User has provided valid credentials. + When: + - detections_list_command is called. + Then: + - Ensure human-readable output is correct. + - Ensure outputs prefix is correct. + """ + requests_mock.get( + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} + ) + client = init_mock_client(requests_mock, on_cloud) + args = { + "limit": "2", + "filter": """{ + \"category\": \"sec.attack\", + \"risk_score_min\": 51 + }""", + "from": "1573500360001", + "offset": "2", + "sort": "end_time asc,id desc", + "until": "1673569370001", + } + response = load_mock_response(LIST_DETECTIONS_SUCCESS) + + expected_hr = load_file("list_detections_success_hr.md") + + requests_mock.post(f"{BASE_URL}/api/v1/detections/search", json=response) + + results = ExtraHop_v2.detections_list_command(client, args) + + assert results.readable_output == expected_hr + assert results.outputs_prefix == "ExtraHop.Detections" + + @pytest.mark.parametrize("on_cloud", [False, True]) -def test_list_detections_command_successful_execution(on_cloud, requests_mock): - """Test case scenario for successful execution of detections-list command. +def test_list_detections_command_successful_execution_without_category(on_cloud, requests_mock): + """Test case scenario for successful execution of detections-list command without categories. Given: - User has provided valid credentials. @@ -609,13 +709,12 @@ def test_list_detections_command_successful_execution(on_cloud, requests_mock): - Ensure outputs prefix is correct. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud) args = { "limit": "2", "filter": """{ - \"category\": \"sec\", \"risk_score_min\": 51 }""", "from": "1573500360001", @@ -648,13 +747,13 @@ def test_list_detections_command_when_description_has_metric_link(on_cloud, requ - Ensure outputs prefix is correct. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud) args = { "limit": "1", "filter": """{ - \"category\": \"sec\", + \"categories\": [\"sec.attack\"], \"risk_score_min\": 30 }""", "from": "1573500360001", @@ -688,13 +787,13 @@ def test_list_detections_command_when_description_has_complete_metric_link(on_cl - Ensure outputs prefix is correct. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud) args = { "limit": "1", "filter": """{ - \"category\": \"sec\", + \"categories\": [\"sec.attack\"], \"risk_score_min\": 30 }""", "from": "1573500360001", @@ -726,11 +825,11 @@ def test_list_detections_command_using_advanced_filter(requests_mock): - Ensure outputs prefix is correct. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) args = {} - advanced_filter = """{\"filter\": {\"category\": \"sec\",\"risk_score_min\": 51}, + advanced_filter = """{\"filter\": {\"categories\": [\"sec.attack\"],\"risk_score_min\": 51}, \"limit\": 1,\"offset\": 0, \"sort\": [ { @@ -763,11 +862,11 @@ def test_list_detections_command_using_advanced_filter_invalid_arg(requests_mock - Ensure appropriate error is raised. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) args = {} - advanced_filter = """{\"filter\": {\"category\": \"sec\",\"risk_score_min\": 51}, + advanced_filter = """{\"filter\": {\"categories\": [\"sec.attack\"],\"risk_score_min\": 51}, \"limit\": 1,\"offset\": 0,\"invalid_arg\": 0, \"sort\": [ { @@ -798,7 +897,7 @@ def test_list_detections_command_error_code_400(requests_mock): - Ensure error is raised with error code. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) args = { @@ -831,7 +930,7 @@ def test_list_detections_command_error_code_502(requests_mock): - Ensure error is raised with error code. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) args = {} @@ -852,7 +951,7 @@ def test_list_detections_command_error_code_401(requests_mock): - Ensure error is raised with error code. """ requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) client = init_mock_client(requests_mock, on_cloud=False) args = {"limit": "2"} @@ -2361,7 +2460,7 @@ def test_fetch_detection_when_invalid_arguments_provided( """ client = init_mock_client(requests_mock, on_cloud=False) requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.1943"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) with pytest.raises(ValueError) as err: ExtraHop_v2.fetch_incidents(client, parameters, last_run, False) @@ -2369,7 +2468,7 @@ def test_fetch_detection_when_invalid_arguments_provided( def test_fetch_detections_failure_when_firmware_version_is_outdated(requests_mock): - """Test case scenario for execution of fetch_detections when ExtraHop firmware version is less than 9.1.2. + """Test case scenario for execution of fetch_detections when ExtraHop firmware version is less than 9.3.0. Given: - Parameters for fetch_incident @@ -2380,17 +2479,18 @@ def test_fetch_detections_failure_when_firmware_version_is_outdated(requests_moc """ client = init_mock_client(requests_mock, on_cloud=False) requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.0.1943"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.1943"} ) with pytest.raises(DemistoException) as err: ExtraHop_v2.fetch_incidents(client, {}, {}, False) assert ( str(err.value) - == "This integration works with ExtraHop firmware version greater than or equal to 9.1.2" + == "This integration works with ExtraHop firmware version greater than or equal to 9.3.0" ) -def test_fetch_detection_success_with_last_run(requests_mock): +@pytest.mark.parametrize("advanced_filter", ["{}", '{"categories":["sec.attack"]}']) +def test_fetch_detection_success_with_last_run(requests_mock, advanced_filter): """Test case scenario for execution of fetch_detections when last_run is present. Given: @@ -2403,7 +2503,7 @@ def test_fetch_detection_success_with_last_run(requests_mock): incidents = load_mock_response("mock_incidents.json") requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) mock_response = load_mock_response("fetch_detections_success.json") @@ -2422,7 +2522,8 @@ def test_fetch_detection_success_with_last_run(requests_mock): "offset": 0, "version_recheck_time": mock_time, } - actual_incidents, next_run = ExtraHop_v2.fetch_incidents(client, {}, last_run, False) + actual_incidents, next_run = ExtraHop_v2.fetch_incidents( + client, {"advanced_filter": advanced_filter}, last_run, False) assert next_run == { "detection_start_time": 1673518450001, @@ -2448,7 +2549,7 @@ def test_fetch_detection_participants_is_empty(requests_mock): incidents = load_mock_response("mock_incidents_no_participants.json") requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) mock_response = load_mock_response("fetch_detections_empty_participants.json") @@ -2491,7 +2592,7 @@ def test_fetch_detections_success_when_detections_equal_to_max_fetch(requests_mo incidents = load_mock_response("mock_incidents.json") requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) mock_response = load_mock_response("fetch_detections_success.json") @@ -2523,7 +2624,7 @@ def test_fetch_incident_empty_response(requests_mock): last_run = {"update_or_mod_time": "update_time"} parameters = {"first_fetch": "1 Jan"} requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.64150"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) requests_mock.post(f"{BASE_URL}/api/v1/detections/search", json=[], status_code=200) actual_incidents, next_run = ExtraHop_v2.fetch_incidents( @@ -2546,13 +2647,13 @@ def test_test_module_failure_extrahop_version_is_outdated(requests_mock): client = init_mock_client(requests_mock, on_cloud=False) requests_mock.get(f"{BASE_URL}/api/v1/extrahop", json={}) requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.0.1943"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.1943"} ) with pytest.raises(DemistoException) as err: ExtraHop_v2.test_module(client) assert ( str(err.value) - == "This integration works with ExtraHop firmware version greater than or equal to 9.1.2" + == "This integration works with ExtraHop firmware version greater than or equal to 9.3.0" ) @@ -2569,7 +2670,7 @@ def test_test_module_failure(requests_mock): client = init_mock_client(requests_mock, on_cloud=False) requests_mock.get(f"{BASE_URL}/api/v1/extrahop", json={}) requests_mock.get( - f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.1.2.1943"} + f"{BASE_URL}/api/v1/extrahop/version", json={"version": "9.3.0.1319"} ) with pytest.raises(ValueError) as err: ExtraHop_v2.test_module(client) diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/README.md b/Packs/ExtraHop/Integrations/ExtraHop_v2/README.md index 3b2498e055d3..c4babf6f8ce7 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/README.md +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/README.md @@ -21,7 +21,7 @@ ExtraHop Reveal(x) for Cortex XSOAR is a network detection and response solution | Use system proxy settings | Specifies whether to use XSOAR system proxy settings to connect to the API. | False | | First fetch time | Specifies the beginning timestamp from which to start fetching detection events. | False | | Incidents Fetch Interval | Specifies how often the instance fetches detection events. Because each API call fetches a maximum of 200 detection events, we recommend specifying one minute intervals to fetch all detection events. | False | -| Advanced Filter | Applies a filter to the list of detections or metrics based on a JSON-specific query. | False | +| Advanced Filter | Applies a filter to the list of detections based on a JSON-specific query.

Example for detections:
\{
"categories": \["sec.attack"\],
"risk_score_min": 51
\}

If the categories and category are not specified, then categories will be set to \["sec.attack"\]. The category field is deprecated by the API, so please use the categories field instead.
For a complete reference to the Extrahop detections filter fields, please refer to the ExtraHop REST API documentation at
https://docs.extrahop.com/current/rest-api-guide/ | False | | Do not use by default | Select to disable running commands through the Cortex XSOAR CLI on this instance of the integration. | False | | Log Level | Specifies the level of logging to enable for this instance of the integration. | False | | Run on | Specifies whether to run the instance of the integration on a single engine. | False | @@ -996,7 +996,7 @@ Get detections from ExtraHop Reveal(x). | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| filter | Detection-specific filters.
For eg:
filter={
"category": "sec",
"risk_score_min": 51
}

Refer to the ExtraHop REST API Guide at https://docs.extrahop.com/current/rest-api-guide/. | Optional | +| filter | Detection-specific filters.
For eg:
\{
"categories": ["sec.attack"],
"risk_score_min": 51
\}

If the categories and category are not specified, then categories will be set to ["sec.attack"]. The category field is deprecated by the API, so please use the categories field instead.
Refer to the ExtraHop REST API guide at https://docs.extrahop.com/current/rest-api-guide/. | Optional | | from | Returns detections that occurred after the specified date, expressed in milliseconds since the epoch. Detections that started before the specified date are returned if the detection was ongoing at that time.

For eg:
from=1673508360001. | Optional | | limit | Returns no more than the specified number of detections.

For eg:
limit=10. Default is 200. | Optional | | offset | The number of detections to skip for pagination.

For eg:
offset=100. | Optional | diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_empty_participants.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_empty_participants.json index c2aa63c37d09..ca9a524f4e78 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_empty_participants.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_empty_participants.json @@ -9,7 +9,7 @@ "description": "[VMware A5F9B5](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.005056a5f9b50000/overview?from=1673508360&interval_type=DT&until=1673508450) sent data on the following non-standard SSH port, SSH:7234. Devices across the network rarely establish SSH sessions on this port.", "categories": [ "sec.command", - "sec" + "sec.attack" ], "risk_score": 60, "type": "rare_ssh_port", diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_success.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_success.json index 518661d856eb..3d5ccde14392 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_success.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/fetch_detections_success.json @@ -9,7 +9,7 @@ "description": "[VMware A5F9B5](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.005056a5f9b50000/overview?from=1673508360&interval_type=DT&until=1673508450) sent data on the following non-standard SSH port, SSH:7234. Devices across the network rarely establish SSH sessions on this port.", "categories": [ "sec.command", - "sec" + "sec.attack" ], "risk_score": 60, "type": "rare_ssh_port", diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success.json index 5623986bbd9f..2f90dd04b9f2 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success.json @@ -7,7 +7,7 @@ "title": "Daily Summary: Credentials Received over HTTP", "description": "Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers.", "categories": [ - "sec", + "sec.attack", "sec.caution" ], "risk_score": 60, @@ -39,7 +39,7 @@ "title": "Daily Summary: Credentials Received over HTTP", "description": "Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers.", "categories": [ - "sec", + "sec.attack", "sec.caution" ], "risk_score": 60, diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success_hr.md b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success_hr.md index 471b5c52af89..cb45d79e96d3 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success_hr.md +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_success_hr.md @@ -1,5 +1,5 @@ ### Found 2 Detection(s) |Detection ID|Risk Score|Description|Categories|Start Time| |---|---|---|---|---| -| 4 | 60 | Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers. | sec,
sec.caution | 1636720227485 | -| 5 | 60 | Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers. | sec,
sec.caution | 1637130390376 | +| 4 | 60 | Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers. | sec.attack,
sec.caution | 1636720227485 | +| 5 | 60 | Over the past day, servers received HTTP data with passwords or basic authentication headers. If the unencrypted HTTP data is accessible to an attacker, they can collect sensitive information. Confirm that the SSL/TLS protocol or HTTP Strict Transport Security (HSTS) policy is enabled for these servers. | sec.attack,
sec.caution | 1637130390376 | diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.json index 6a9e9d9982d7..8607836d77d6 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.json @@ -8,7 +8,7 @@ "title": "Weak Cipher Suite", "description": "[VMware 835092](#/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites.", "categories": [ - "sec", + "sec.attack", "sec.hardening" ], "risk_score": 30, diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.md b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.md index 836c29f7a0ea..466fbd45735a 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.md +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_complete_description_url.md @@ -1,4 +1,4 @@ ### Found 1 Detection(s) |Detection ID|Risk Score|Description|Categories|Start Time| |---|---|---|---|---| -| 1032336 | 30 | [VMware 835092](https://dummy-base-url.com/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites. | sec,
sec.hardening | 1674561853793 | +| 1032336 | 30 | [VMware 835092](https://dummy-base-url.com/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites. | sec.attack,
sec.hardening | 1674561853793 | diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.json index f8e4689eaede..b73e6626c1ea 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.json @@ -8,7 +8,7 @@ "title": "Weak Cipher Suite", "description": "[VMware 835092](#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites.", "categories": [ - "sec", + "sec.attack", "sec.hardening" ], "risk_score": 30, diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.md b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.md index dd497d5b2f09..448587158bb9 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.md +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/list_detections_with_description_url.md @@ -1,4 +1,4 @@ ### Found 1 Detection(s) |Detection ID|Risk Score|Description|Categories|Start Time| |---|---|---|---|---| -| 1032336 | 30 | [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites. | sec,
sec.hardening | 1674561853793 | +| 1032336 | 30 | [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.1111111111111111/overview?from=1674561853&interval_type=DT&until=1674561854) negotiated an SSL/TLS session with a cipher suite that includes a weak encryption algorithm such as CBC, 3DES, RC4, null, anonymous, or export. Remove this cipher suite from [VMware 835092](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.0050568350920000/overview?from=1674561853&interval_type=DT&until=1674561854) and replace with stronger cipher suites. | sec.attack,
sec.hardening | 1674561853793 | diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents.json index d2c25abb43ec..801eced283ae 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents.json @@ -12,7 +12,7 @@ "description": "[VMware A5F9B5](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.005056a5f9b50000/overview?from=1673508360&interval_type=DT&until=1673508450) sent data on the following non-standard SSH port, SSH:7234. Devices across the network rarely establish SSH sessions on this port.", "categories": [ "sec.command", - "sec" + "sec.attack" ], "risk_score": 60, "type": "rare_ssh_port", diff --git a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents_no_participants.json b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents_no_participants.json index f9bb5c1c599c..fae9aa60416f 100644 --- a/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents_no_participants.json +++ b/Packs/ExtraHop/Integrations/ExtraHop_v2/test_data/mock_incidents_no_participants.json @@ -12,7 +12,7 @@ "description": "[VMware A5F9B5](https://dummy-base-url.com/extrahop/#/metrics/devices/6c078a2ea98c42378048f72636c371c8.005056a5f9b50000/overview?from=1673508360&interval_type=DT&until=1673508450) sent data on the following non-standard SSH port, SSH:7234. Devices across the network rarely establish SSH sessions on this port.", "categories": [ "sec.command", - "sec" + "sec.attack" ], "risk_score": 60, "type": "rare_ssh_port", diff --git a/Packs/ExtraHop/ReleaseNotes/2_1_0.md b/Packs/ExtraHop/ReleaseNotes/2_1_0.md new file mode 100644 index 000000000000..f5e7209064dd --- /dev/null +++ b/Packs/ExtraHop/ReleaseNotes/2_1_0.md @@ -0,0 +1,13 @@ + +#### Integrations + +##### ExtraHop Reveal(x) + +- Added the 'sec.attack' as the default category in the *extrahop-detections-list command* for the filter argument and in the *Integration Configuration* for the advanced filter parameter. +- Added the support for categories in the *extrahop-detections-list command* for the filter argument and in the *Integration Configuration* for the advanced filter parameter. +- Updated the minimum required ExtraHop firmware version to 9.3.0 from 9.1.2. + +#### Scripts + +##### ExtraHopTrackIncidents +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. diff --git a/Packs/ExtraHop/Scripts/ExtraHopTrackIncidents/ExtraHopTrackIncidents.yml b/Packs/ExtraHop/Scripts/ExtraHopTrackIncidents/ExtraHopTrackIncidents.yml index 94081b31c46b..f42467c66779 100644 --- a/Packs/ExtraHop/Scripts/ExtraHopTrackIncidents/ExtraHopTrackIncidents.yml +++ b/Packs/ExtraHop/Scripts/ExtraHopTrackIncidents/ExtraHopTrackIncidents.yml @@ -17,7 +17,7 @@ dependson: must: - 'ExtraHop v2|||extrahop-ticket-track' runonce: false -dockerimage: demisto/python3:3.10.10.49934 +dockerimage: demisto/python3:3.10.11.61265 runas: DBotWeakRole tests: - ExtraHop_v2-Test diff --git a/Packs/ExtraHop/pack_metadata.json b/Packs/ExtraHop/pack_metadata.json index fe57701b1398..2e1fbe72df16 100644 --- a/Packs/ExtraHop/pack_metadata.json +++ b/Packs/ExtraHop/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ExtraHop Reveal(x)", "description": "Network detection and response. Complete visibility of network communications at enterprise scale, real-time threat detections backed by machine learning, and guided investigation workflows that simplify response.", "support": "partner", - "currentVersion": "2.0.4", + "currentVersion": "2.1.0", "author": "ExtraHop", "url": "", "email": "support@extrahop.com", From efcf177a96bb28602c94765a62de95102d5bfff1 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 17:58:57 +0300 Subject: [PATCH 036/124] Recordedfuture listapi v1.0.0 (#26996) (#27281) * First version/implementation of new List Integration * Added new List integration * Updated validation step requirements and fixed tests to be working as expected * Updated test Coverage * Version bump and fixed frombersion for list app * Added custom content, incident type and classifier for coderepo leakage * Updated some documentation and fixed dockerimages * Bumped version of playbook alert app * Fixed changelog for 1.6.0 to not include an old change * fixed type0 in changelog * removed base64 import * Updated release notes * Update based on review * Removed references to old playbook alerts documentation from creation of integration --------- Co-authored-by: recordedfuture-simonhornestedt <109588368+recordedfuture-simonhornestedt@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> --- ...ssifier-Recorded_Future_PA_classifier.json | 1 + .../classifier-Recorded_Future_PA_mapper.json | 20 + ...ncidenttype-Recorded_Future_Code_Repo.json | 30 + .../RecordedFuture/RecordedFuture.py | 65 +- .../RecordedFuture/RecordedFuture.yml | 2 +- .../RecordedFuture/RecordedFuture_test.py | 501 +++++++-------- .../RecordedFutureLists/README.md | 83 +++ .../RecordedFutureLists.py | 236 +++++++ .../RecordedFutureLists.yml | 142 ++++ .../RecordedFutureLists_description.md | 24 + .../RecordedFutureLists_image.png | Bin 0 -> 3049 bytes .../RecordedFutureLists_test.py | 605 ++++++++++++++++++ .../RecordedFutureLists/command_examples.txt | 2 + .../RecordedFuturePlaybookAlerts/README.md | 2 +- .../RecordedFuturePlaybookAlerts.py | 2 +- .../RecordedFuturePlaybookAlerts.yml | 4 +- .../RecordedFuturePlaybookAlerts_test.py | 47 ++ Packs/RecordedFuture/README.md | 66 +- Packs/RecordedFuture/ReleaseNotes/1_6_0.md | 40 ++ Packs/RecordedFuture/pack_metadata.json | 2 +- 20 files changed, 1542 insertions(+), 332 deletions(-) create mode 100644 Packs/RecordedFuture/IncidentTypes/incidenttype-Recorded_Future_Code_Repo.json create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/README.md create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.py create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_description.md create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_image.png create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_test.py create mode 100644 Packs/RecordedFuture/Integrations/RecordedFutureLists/command_examples.txt create mode 100644 Packs/RecordedFuture/ReleaseNotes/1_6_0.md diff --git a/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_classifier.json b/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_classifier.json index 9ef71729373c..64e303fb8c28 100644 --- a/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_classifier.json +++ b/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_classifier.json @@ -4,6 +4,7 @@ "id": "Recorded Future Playbook Alert Classifier", "defaultIncidentType": "Recorded Future Playbook Alert", "keyTypeMap": { + "code_repo_leakage": "Recorded Future Code Repo Leakage", "cyber_vulnerability": "Recorded Future Vulnerability", "domain_abuse": "Recorded Future Domain Abuse" }, diff --git a/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_mapper.json b/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_mapper.json index c3cf79c915db..3348caa33e51 100644 --- a/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_mapper.json +++ b/Packs/RecordedFuture/Classifiers/classifier-Recorded_Future_PA_mapper.json @@ -3,6 +3,26 @@ "feed": false, "id": "Recorded Future Playbook Alert Mapper", "mapping": { + "Recorded Future Code Repo Leakage": { + "dontMapEventToLabels": false, + "internalMapping": { + "Alert Category": { + "simple": "panel_status.case_rule_label" + }, + "Alert ID": { + "simple": "playbook_alert_id" + }, + "Alert Name": { + "simple": "title" + }, + "Description": { + "simple": "panel_evidence_summary.evidence.content" + }, + "Source Priority": { + "simple": "priority" + } + } + }, "Recorded Future Vulnerability": { "dontMapEventToLabels": false, "internalMapping": { diff --git a/Packs/RecordedFuture/IncidentTypes/incidenttype-Recorded_Future_Code_Repo.json b/Packs/RecordedFuture/IncidentTypes/incidenttype-Recorded_Future_Code_Repo.json new file mode 100644 index 000000000000..3afab860a3bf --- /dev/null +++ b/Packs/RecordedFuture/IncidentTypes/incidenttype-Recorded_Future_Code_Repo.json @@ -0,0 +1,30 @@ +{ + "id": "Recorded Future Code Repo Leakage", + "version": -1, + "vcShouldIgnore": false, + "locked": false, + "name": "Recorded Future Code Repo Leakage", + "prevName": "Recorded Future Code Repo Leakage", + "color": "#92F4EF", + "playbookId": "Recorded Future Playbook Alert Details", + "hours": 0, + "days": 0, + "weeks": 0, + "hoursR": 0, + "daysR": 0, + "weeksR": 0, + "system": false, + "readonly": false, + "default": false, + "autorun": false, + "disabled": false, + "reputationCalc": 1, + "onChangeRepAlg": 1, + "layout": "Recorded Future Playbook Alert Layout", + "detached": false, + "extractSettings": { + "mode": "All", + "fieldCliNameToExtractSettings": {} + }, + "fromVersion": "6.5.0" +} \ No newline at end of file diff --git a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.py b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.py index 3e9d6e0143af..8ebdcd19cb3f 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.py +++ b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.py @@ -50,11 +50,11 @@ def determine_hash(hash_value: str) -> str: def create_indicator( - entity: str, - entity_type: str, - score: int, - description: str = '', - location: Dict[str, Any] = None, + entity: str, + entity_type: str, + score: int, + description: str = '', + location: Dict[str, Any] = None, ) -> Common.Indicator: """Create an Indicator object.""" demisto_params = demisto.params() @@ -85,7 +85,7 @@ def create_indicator( dbot_vendor, dbot_score, dbot_description, - reliability=demisto.params().get('integrationReliability') + reliability=demisto.params().get('integrationReliability'), ), asn=location.get('asn', None), geo_country=location.get('location', dict()).get('country', None), @@ -99,7 +99,7 @@ def create_indicator( dbot_vendor, dbot_score, dbot_description, - reliability=demisto.params().get('integrationReliability') + reliability=demisto.params().get('integrationReliability'), ), ) elif entity_type == 'file': @@ -109,7 +109,7 @@ def create_indicator( dbot_vendor, dbot_score, dbot_description, - reliability=demisto.params().get('integrationReliability') + reliability=demisto.params().get('integrationReliability'), ) hash_type = determine_hash(entity) if hash_type == 'MD5': @@ -133,7 +133,7 @@ def create_indicator( dbot_vendor, dbot_score, dbot_description, - reliability=demisto.params().get('integrationReliability') + reliability=demisto.params().get('integrationReliability'), ), ) else: @@ -146,6 +146,7 @@ def create_indicator( # === === === === Recorded Future API Client === === === ==== # === === === === === === === === === === === === === === === + class Client(BaseClient): def whoami(self) -> Dict[str, Any]: @@ -157,7 +158,10 @@ def whoami(self) -> Dict[str, Any]: def _get_writeback_data(self): - if demisto.params().get('collective_insights') == "On" and demisto.callingContext: + if ( + demisto.params().get('collective_insights') == "On" + and demisto.callingContext + ): calling_context = copy.deepcopy(demisto.callingContext) calling_context.get('context', dict()).pop('ExecutionContext', None) return calling_context @@ -177,7 +181,7 @@ def _call(self, url_suffix, **kwargs): 'json_data': json_data, 'timeout': 90, 'retries': 3, - 'status_list_to_retry': STATUS_TO_RETRY + 'status_list_to_retry': STATUS_TO_RETRY, } request_kwargs.update(kwargs) @@ -218,7 +222,7 @@ def fetch_incidents(self) -> Dict[str, Any]: 'demisto_params': demisto.params(), 'demisto_last_run': demisto.getLastRun(), }, - timeout=120 + timeout=120, ) def entity_search(self) -> Dict[str, Any]: @@ -241,7 +245,9 @@ def get_single_alert(self) -> dict: """Get a single alert""" return self._call(url_suffix='/v2/alert/lookup') - def get_alerts(self, ) -> Dict[str, Any]: + def get_alerts( + self, + ) -> Dict[str, Any]: """Get alerts.""" return self._call(url_suffix='/v2/alert/search') @@ -257,7 +263,7 @@ def alert_set_status(self, data=None): json_data={ 'demisto_command': demisto.command(), 'demisto_args': demisto.args(), - 'alerts_update_data': data + 'alerts_update_data': data, }, ) @@ -269,7 +275,7 @@ def alert_set_note(self, data=None): json_data={ 'demisto_command': demisto.command(), 'demisto_args': demisto.args(), - 'alerts_update_data': data + 'alerts_update_data': data, }, ) @@ -282,12 +288,14 @@ def get_triage(self) -> Dict[str, Any]: # === === === === === === ACTIONS === === === === === === === # === === === === === === === === === === === === === === === -class Actions: +class Actions: def __init__(self, rf_client: Client): self.client = rf_client - def _process_result_actions(self, response: Union[dict, CommandResults]) -> List[CommandResults]: + def _process_result_actions( + self, response: Union[dict, CommandResults] + ) -> List[CommandResults]: if isinstance(response, CommandResults): # Case when we got 404 on response, and it was processed in self.client._call() method. @@ -309,24 +317,19 @@ def _process_result_actions(self, response: Union[dict, CommandResults]) -> List # Custom CommandResults. command_results_kwargs = action['CommandResults'] command_results_kwargs['indicator'] = indicator - command_results.append( - CommandResults(**command_results_kwargs) - ) + command_results.append(CommandResults(**command_results_kwargs)) else: # Default CommandResults after indicator creation. command_results.append( CommandResults( readable_output=tableToMarkdown( - 'New indicator was created.', - indicator.to_context() + 'New indicator was created.', indicator.to_context() ), - indicator=indicator + indicator=indicator, ) ) elif 'CommandResults' in action: - command_results.append( - CommandResults(**action['CommandResults']) - ) + command_results.append(CommandResults(**action['CommandResults'])) return command_results @@ -406,6 +409,7 @@ def triage_command(self) -> List[CommandResults]: # === === === === === === === MAIN === === === === === === == # === === === === === === === === === === === === === === === + def main() -> None: """Main method used to run actions.""" try: @@ -416,10 +420,11 @@ def main() -> None: headers = { 'X-RFToken': demisto_params['token'], - - 'X-RF-User-Agent': (f'RecordedFuture.py/{__version__} ({platform.platform()}) ' - f'XSOAR/{__version__} ' - f'RFClient/{__version__} (Cortex_XSOAR_{demisto.demistoVersion()["version"]})'), + 'X-RF-User-Agent': ( + f'RecordedFuture.py/{__version__} ({platform.platform()}) ' + f'XSOAR/{__version__} ' + f'RFClient/{__version__} (Cortex_XSOAR_{demisto.demistoVersion()["version"]})' + ), } client = Client( base_url=base_url, verify=verify_ssl, headers=headers, proxy=proxy diff --git a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml index a3930dba3054..44f32215136a 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml @@ -147,7 +147,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.59070 + dockerimage: demisto/python3:3.10.11.61265 commands: - name: domain description: Gets a quick indicator of the risk associated with a domain. diff --git a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture_test.py b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture_test.py index 53b22160be49..04eb1428ec76 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture_test.py +++ b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture_test.py @@ -8,16 +8,13 @@ def create_client(): headers = { 'X-RFToken': token, 'X-RF-User-Agent': "RecordedFuture.py/2.4 (Linux-5.13.0-1031-aws-x86_64-with) " - "XSOAR/2.4 RFClient/2.4 (Cortex_XSOAR_6.5.0)", + "XSOAR/2.4 RFClient/2.4 (Cortex_XSOAR_6.5.0)", } - return Client( - base_url=base_url, verify=verify_ssl, headers=headers, proxy=False - ) + return Client(base_url=base_url, verify=verify_ssl, headers=headers, proxy=False) class TestHelpers: - def test_translate_score(self): from RecordedFuture import translate_score from CommonServerPython import Common @@ -68,7 +65,7 @@ def test_create_indicator_ip(self, mocker): entity_type=entity_type, score=score, description=description, - location=location + location=location, ) assert result == mock_return_value @@ -80,7 +77,7 @@ def test_create_indicator_ip(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.IP.mock_calls[0] @@ -124,7 +121,7 @@ def test_create_indicator_domain(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.Domain.mock_calls[0] @@ -160,7 +157,7 @@ def test_create_indicator_url(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.URL.mock_calls[0] @@ -225,7 +222,7 @@ def test_create_indicator_file(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.File.mock_calls[0] @@ -250,7 +247,7 @@ def test_create_indicator_file(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.File.mock_calls[-1] @@ -275,7 +272,7 @@ def test_create_indicator_file(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.File.mock_calls[-1] @@ -300,7 +297,7 @@ def test_create_indicator_file(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.File.mock_calls[-1] @@ -325,7 +322,7 @@ def test_create_indicator_file(self, mocker): Common.DBotScore.SUSPICIOUS, '', # reliability=DBotScoreReliability.B - reliability=None + reliability=None, ) mock_call = Common.File.mock_calls[-1] @@ -334,7 +331,6 @@ def test_create_indicator_file(self, mocker): class TestRFClient: - def test_whoami(self, mocker): client = create_client() @@ -368,21 +364,18 @@ def test_get_writeback_data_writeback_on(self, mocker): client = create_client() - mocker.patch.object(demisto, 'params', return_value={'collective_insights': 'On'}) + mocker.patch.object( + demisto, 'params', return_value={'collective_insights': 'On'} + ) demisto.callingContext = { - 'context': { - 'ExecutionContext': 'to be removed', - 'other': 'data' - }, - 'other': 'data' + 'context': {'ExecutionContext': 'to be removed', 'other': 'data'}, + 'other': 'data', } assert client._get_writeback_data() == { - 'context': { - 'other': 'data' - }, - 'other': 'data' + 'context': {'other': 'data'}, + 'other': 'data', } # @@ -412,15 +405,12 @@ def test_call_writeback_on(self, mocker): 'params', return_value={ 'collective_insights': "On", - } + }, ) mock_calling_context = { - 'context': { - 'ExecutionContext': 'to be removed', - 'other': 'data' - }, - 'other': 'data' + 'context': {'ExecutionContext': 'to be removed', 'other': 'data'}, + 'other': 'data', } demisto.callingContext = mock_calling_context @@ -436,11 +426,9 @@ def test_call_writeback_on(self, mocker): 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, 'callingContext': { - 'context': { - 'other': 'data' - }, + 'context': {'other': 'data'}, 'other': 'data', - } + }, } mock_http_request.assert_called_once_with( @@ -449,7 +437,7 @@ def test_call_writeback_on(self, mocker): json_data=json_data, timeout=90, retries=3, - status_list_to_retry=STATUS_TO_RETRY + status_list_to_retry=STATUS_TO_RETRY, ) def test_call_writeback_off(self, mocker): @@ -478,15 +466,12 @@ def test_call_writeback_off(self, mocker): 'params', return_value={ 'collective_insights': "Off", - } + }, ) mock_calling_context = { - 'context': { - 'ExecutionContext': 'to be removed', - 'other': 'data' - }, - 'other': 'data' + 'context': {'ExecutionContext': 'to be removed', 'other': 'data'}, + 'other': 'data', } demisto.callingContext = mock_calling_context @@ -509,7 +494,7 @@ def test_call_writeback_off(self, mocker): json_data=json_data, timeout=90, retries=3, - status_list_to_retry=STATUS_TO_RETRY + status_list_to_retry=STATUS_TO_RETRY, ) def test_call_with_kwargs(self, mocker): @@ -575,17 +560,9 @@ def test_call_returns_response(self, mocker): client = create_client() - mock_response = { - 'response': { - 'data': 'mock data' - } - } + mock_response = {'response': {'data': 'mock data'}} - mocker.patch.object( - client, - '_http_request', - return_value=mock_response - ) + mocker.patch.object(client, '_http_request', return_value=mock_response) mock_url_suffix = 'mock_url_suffix' @@ -619,11 +596,7 @@ def test_call_response_processing_return_error(self, mocker): mock_http_request = mocker.patch.object( client, '_http_request', - return_value={ - 'return_error': { - 'message': 'mock error' - } - } + return_value={'return_error': {'message': 'mock error'}}, ) mock_url_suffix = 'mock_url_suffix' @@ -644,9 +617,7 @@ def test_call_response_processing_return_error(self, mocker): status_list_to_retry=STATUS_TO_RETRY, ) - mock_return_error.assert_called_once_with( - message='mock error' - ) + mock_return_error.assert_called_once_with(message='mock error') def test_call_response_processing_404(self, mocker): """ @@ -678,11 +649,7 @@ def mock_http_request_method(*args, **kwargs): # or if ok_codes=None - it uses requests.Response.ok to check whether response is good). raise DemistoException('404') - mocker.patch.object( - client, - '_http_request', - mock_http_request_method - ) + mocker.patch.object(client, '_http_request', mock_http_request_method) spy_http_request = mocker.spy(client, '_http_request') @@ -733,12 +700,10 @@ def test_fetch_incidents(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.fetch_incidents() @@ -747,10 +712,10 @@ def test_fetch_incidents(self, mocker): 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, 'demisto_last_run': mock_last_run_dict, - 'demisto_params': mock_params + 'demisto_params': mock_params, }, timeout=120, - url_suffix='/v2/alert/fetch_incidents' + url_suffix='/v2/alert/fetch_incidents', ) assert response == mock_call_response @@ -771,18 +736,14 @@ def test_entity_search(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.entity_search() - mock_call.assert_called_once_with( - url_suffix='/v2/search' - ) + mock_call.assert_called_once_with(url_suffix='/v2/search') assert response == mock_call_response @@ -802,18 +763,14 @@ def test_get_intelligence(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_intelligence() - mock_call.assert_called_once_with( - url_suffix='/v2/lookup/intelligence' - ) + mock_call.assert_called_once_with(url_suffix='/v2/lookup/intelligence') assert response == mock_call_response @@ -833,18 +790,14 @@ def test_get_links(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_links() - mock_call.assert_called_once_with( - url_suffix='/v2/lookup/links' - ) + mock_call.assert_called_once_with(url_suffix='/v2/lookup/links') assert response == mock_call_response @@ -864,18 +817,14 @@ def test_get_single_alert(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_single_alert() - mock_call.assert_called_once_with( - url_suffix='/v2/alert/lookup' - ) + mock_call.assert_called_once_with(url_suffix='/v2/alert/lookup') assert response == mock_call_response @@ -895,18 +844,14 @@ def test_get_alerts(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_alerts() - mock_call.assert_called_once_with( - url_suffix='/v2/alert/search' - ) + mock_call.assert_called_once_with(url_suffix='/v2/alert/search') assert response == mock_call_response @@ -926,18 +871,14 @@ def test_get_alert_rules(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_alert_rules() - mock_call.assert_called_once_with( - url_suffix='/v2/alert/rule' - ) + mock_call.assert_called_once_with(url_suffix='/v2/alert/rule') assert response == mock_call_response @@ -957,16 +898,12 @@ def test_alert_set_status(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) - alert_data = { - 'mock': 'data' - } + alert_data = {'mock': 'data'} response = client.alert_set_status(alert_data) mock_call.assert_called_once_with( @@ -974,7 +911,7 @@ def test_alert_set_status(self, mocker): json_data={ 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, - 'alerts_update_data': alert_data + 'alerts_update_data': alert_data, }, ) @@ -987,7 +924,7 @@ def test_alert_set_status(self, mocker): json_data={ 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, - 'alerts_update_data': None + 'alerts_update_data': None, }, ) @@ -1009,16 +946,12 @@ def test_alert_set_note(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) - alert_data = { - 'mock': 'data' - } + alert_data = {'mock': 'data'} response = client.alert_set_note(alert_data) mock_call.assert_called_once_with( @@ -1026,7 +959,7 @@ def test_alert_set_note(self, mocker): json_data={ 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, - 'alerts_update_data': alert_data + 'alerts_update_data': alert_data, }, ) @@ -1039,7 +972,7 @@ def test_alert_set_note(self, mocker): json_data={ 'demisto_command': mock_command_name, 'demisto_args': mock_command_args, - 'alerts_update_data': None + 'alerts_update_data': None, }, ) @@ -1061,24 +994,19 @@ def test_get_triage(self, mocker): client = create_client() - mock_call_response = { - 'response': { - 'data': 'mock response' - } - } - mock_call = mocker.patch.object(client, '_call', return_value=mock_call_response) + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) response = client.get_triage() - mock_call.assert_called_once_with( - url_suffix='/v2/lookup/triage' - ) + mock_call.assert_called_once_with(url_suffix='/v2/lookup/triage') assert response == mock_call_response class TestActions: - def test_init(self, mocker): from RecordedFuture import Actions @@ -1110,38 +1038,29 @@ def test_process_result_actions_response_is_not_dict(self, mocker): result_actions = actions._process_result_actions(response=response) # type: ignore assert result_actions is None - def test_process_result_actions_no_or_empty_result_actions_in_response(self, mocker): + def test_process_result_actions_no_or_empty_result_actions_in_response( + self, mocker + ): from RecordedFuture import Actions mock_client = mocker.Mock() actions = Actions(mock_client) # Test no results_actions in response. - response = { - 'data': 'mock' - } + response = {'data': 'mock'} result_actions = actions._process_result_actions(response=response) assert result_actions is None # Test case when bool(results_actions) in response is False. - response = { - 'data': 'mock', - 'result_actions': None - } + response = {'data': 'mock', 'result_actions': None} result_actions = actions._process_result_actions(response=response) assert result_actions is None - response = { - 'data': 'mock', - 'result_actions': list() - } + response = {'data': 'mock', 'result_actions': list()} result_actions = actions._process_result_actions(response=response) assert result_actions is None - response = { - 'data': 'mock', - 'result_actions': dict() - } + response = {'data': 'mock', 'result_actions': dict()} result_actions = actions._process_result_actions(response=response) assert result_actions is None @@ -1153,15 +1072,17 @@ def test_process_result_actions_command_results_only(self, mocker): response = { 'data': 'mock', - 'result_actions': [{ - 'CommandResults': { - 'outputs_prefix': 'mock_outputs_prefix', - 'outputs': 'mock_outputs', - 'raw_response': 'mock_raw_response', - 'readable_output': 'mock_readable_output', - 'outputs_key_field': 'mock_outputs_key_field' - }, - }] + 'result_actions': [ + { + 'CommandResults': { + 'outputs_prefix': 'mock_outputs_prefix', + 'outputs': 'mock_outputs', + 'raw_response': 'mock_raw_response', + 'readable_output': 'mock_readable_output', + 'outputs_key_field': 'mock_outputs_key_field', + }, + } + ], } result_actions = actions._process_result_actions(response=response) @@ -1177,11 +1098,14 @@ def test_process_result_actions_command_results_only(self, mocker): assert r_a.readable_output == 'mock_readable_output' assert r_a.outputs_key_field == 'mock_outputs_key_field' - def test_process_result_actions_create_indicator_and_default_command_results(self, mocker): + def test_process_result_actions_create_indicator_and_default_command_results( + self, mocker + ): import RecordedFuture spy_create_indicator = mocker.spy( - RecordedFuture, 'create_indicator', + RecordedFuture, + 'create_indicator', ) mock_client = mocker.Mock() @@ -1189,15 +1113,17 @@ def test_process_result_actions_create_indicator_and_default_command_results(sel response = { 'data': 'mock', - 'result_actions': [{ - 'create_indicator': { - 'entity': 'mock_entity', - 'entity_type': 'ip', - 'score': 15, - 'description': 'mock_description', - 'location': {'country': 'mock_country', 'ans': 'mock_asn'}, - }, - }] + 'result_actions': [ + { + 'create_indicator': { + 'entity': 'mock_entity', + 'entity_type': 'ip', + 'score': 15, + 'description': 'mock_description', + 'location': {'country': 'mock_country', 'ans': 'mock_asn'}, + }, + } + ], } result_actions = actions._process_result_actions(response=response) @@ -1229,7 +1155,8 @@ def test_process_result_actions_create_indicator_and_command_results(self, mocke import RecordedFuture spy_create_indicator = mocker.spy( - RecordedFuture, 'create_indicator', + RecordedFuture, + 'create_indicator', ) mock_client = mocker.Mock() @@ -1237,23 +1164,24 @@ def test_process_result_actions_create_indicator_and_command_results(self, mocke response = { 'data': 'mock', - 'result_actions': [{ - 'create_indicator': { - 'entity': 'mock_entity', - 'entity_type': 'ip', - 'score': 15, - 'description': 'mock_indicator_description', - }, - - 'CommandResults': { - 'outputs_prefix': 'mock_outputs_prefix', - 'outputs': 'mock_outputs', - 'raw_response': 'mock_raw_response', - 'readable_output': 'mock_readable_output', - 'outputs_key_field': 'mock_outputs_key_field', - 'indicator': 'indicator' + 'result_actions': [ + { + 'create_indicator': { + 'entity': 'mock_entity', + 'entity_type': 'ip', + 'score': 15, + 'description': 'mock_indicator_description', + }, + 'CommandResults': { + 'outputs_prefix': 'mock_outputs_prefix', + 'outputs': 'mock_outputs', + 'raw_response': 'mock_raw_response', + 'readable_output': 'mock_readable_output', + 'outputs_key_field': 'mock_outputs_key_field', + 'indicator': 'indicator', + }, } - }] + ], } result_actions = actions._process_result_actions(response=response) @@ -1281,9 +1209,9 @@ def test_process_result_actions_create_indicator_and_command_results(self, mocke 'Indicator': 'mock_entity', 'Score': 0, 'Type': 'ip', - 'Vendor': 'Recorded Future v2' + 'Vendor': 'Recorded Future v2', }, - 'IP(val.Address && val.Address == obj.Address)': {'Address': 'mock_entity'} + 'IP(val.Address && val.Address == obj.Address)': {'Address': 'mock_entity'}, } def test_fetch_incidents_with_incidents_present(self, mocker): @@ -1305,12 +1233,10 @@ def test_fetch_incidents_with_incidents_present(self, mocker): 'incidents': mock_incidents_value, 'demisto_last_run': mock_demisto_last_run_value, 'data': 'mock', - 'alerts_update_data': mock_alerts_update_data_value + 'alerts_update_data': mock_alerts_update_data_value, } mock_client_fetch_incidents = mocker.patch.object( - client, - 'fetch_incidents', - return_value=mock_client_fetch_incidents_response + client, 'fetch_incidents', return_value=mock_client_fetch_incidents_response ) mock_client_alert_set_status = mocker.patch.object( @@ -1331,7 +1257,9 @@ def test_fetch_incidents_with_incidents_present(self, mocker): mock_demisto_set_last_run.assert_called_once_with(mock_demisto_last_run_value) # Verify that we update alert status. - mock_client_alert_set_status.assert_called_once_with(mock_alerts_update_data_value) + mock_client_alert_set_status.assert_called_once_with( + mock_alerts_update_data_value + ) def test_malware_search_command(self, mocker): from RecordedFuture import Actions @@ -1341,14 +1269,14 @@ def test_malware_search_command(self, mocker): mock_response = 'mock_response' mock_client_entity_search = mocker.patch.object( - client, - 'entity_search', - return_value=mock_response + client, 'entity_search', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', @@ -1371,14 +1299,14 @@ def test_lookup_command(self, mocker): mock_response = 'mock_response' mock_client_entity_lookup = mocker.patch.object( - client, - 'entity_lookup', - return_value=mock_response + client, 'entity_lookup', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', @@ -1401,18 +1329,18 @@ def test_intelligence_command(self, mocker): mock_response = 'mock_response' mock_client_get_intelligence = mocker.patch.object( - client, - 'get_intelligence', - return_value=mock_response + client, 'get_intelligence', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.intelligence_command() @@ -1431,18 +1359,18 @@ def test_get_links_command(self, mocker): mock_response = 'mock_response' mock_client_get_links = mocker.patch.object( - client, - 'get_links', - return_value=mock_response + client, 'get_links', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.get_links_command() @@ -1461,18 +1389,18 @@ def test_get_single_alert_command_with_result_actions(self, mocker): mock_response = 'mock_response' mock_client_get_single_alert = mocker.patch.object( - client, - 'get_single_alert', - return_value=mock_response + client, 'get_single_alert', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.get_single_alert_command() @@ -1492,9 +1420,7 @@ def test_get_single_alert_command_without_result_actions(self, mocker): mock_response = 'mock_response' mock_client_get_single_alert = mocker.patch.object( - client, - 'get_single_alert', - return_value=mock_response + client, 'get_single_alert', return_value=mock_response ) actions = Actions(client) @@ -1503,7 +1429,7 @@ def test_get_single_alert_command_without_result_actions(self, mocker): mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.get_single_alert_command() @@ -1523,9 +1449,7 @@ def test_get_alerts_command(self, mocker): mock_response = 'mock_response' mock_client_get_alerts = mocker.patch.object( - client, - 'get_alerts', - return_value=mock_response + client, 'get_alerts', return_value=mock_response ) actions = Actions(client) @@ -1544,9 +1468,7 @@ def test_get_alert_rules_command(self, mocker): mock_response = 'mock_response' mock_client_get_alert_rules = mocker.patch.object( - client, - 'get_alert_rules', - return_value=mock_response + client, 'get_alert_rules', return_value=mock_response ) actions = Actions(client) @@ -1565,18 +1487,18 @@ def test_alert_set_status_command(self, mocker): mock_response = 'mock_response' mock_client_alert_set_status = mocker.patch.object( - client, - 'alert_set_status', - return_value=mock_response + client, 'alert_set_status', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.alert_set_status_command() @@ -1595,18 +1517,18 @@ def test_alert_set_note_command(self, mocker): mock_response = 'mock_response' mock_client_alert_set_note = mocker.patch.object( - client, - 'alert_set_note', - return_value=mock_response + client, 'alert_set_note', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.alert_set_note_command() @@ -1625,18 +1547,18 @@ def test_triage_command(self, mocker): mock_response = 'mock_response' mock_client_get_triage = mocker.patch.object( - client, - 'get_triage', - return_value=mock_response + client, 'get_triage', return_value=mock_response ) actions = Actions(client) - mock_process_result_actions_return_value = 'mock_process_result_actions_return_value' + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) mock_process_result_actions = mocker.patch.object( actions, '_process_result_actions', - return_value=mock_process_result_actions_return_value + return_value=mock_process_result_actions_return_value, ) result = actions.triage_command() @@ -1646,3 +1568,46 @@ def test_triage_command(self, mocker): mock_process_result_actions.assert_called_once_with(response=mock_response) assert result == mock_process_result_actions_return_value + + def test_test_module(self, mocker): + import RecordedFuture + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mocker.patch.object(RecordedFuture.Client, "whoami") + mocked_return_res = mocker.patch.object(RecordedFuture, "return_results") + RecordedFuture.main() + mocked_return_res.assert_called_with('ok') + + def test_test_module_with_boom(self, mocker): + import RecordedFuture + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mock_whoami = mocker.patch.object(RecordedFuture.Client, "whoami") + mock_whoami.side_effect = Exception("Side effect triggered") + mocked_return_err = mocker.patch.object(RecordedFuture, "return_error") + RecordedFuture.main() + mocked_return_err.assert_called_with( + message=( + f'Failed to execute {demisto.command()} command: Failed due to - ' + 'Unknown error. Please verify that the API URL and Token are correctly configured. ' + 'RAW Error: Side effect triggered' + ) + ) diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/README.md b/Packs/RecordedFuture/Integrations/RecordedFutureLists/README.md new file mode 100644 index 000000000000..bf6ff1964ef0 --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/README.md @@ -0,0 +1,83 @@ +Search and manage watchlists in Recorded Future +This integration was integrated and tested with version 1.0 of RecordedFutureLists + +## Configure Recorded Future - Lists on Cortex XSOAR + +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for Recorded Future - Lists. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Description** | **Required** | + | --- | --- | --- | + | API URL | Default URL: https://api.recordedfuture.com/gw/xsoar/ | True | + | API Token | | True | + | Trust any certificate (not secure) | | False | + | Use system proxy settings | | False | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### recordedfuture-lists-search + +*** +Search for lists in Recorded Future + +#### Base Command + +`recordedfuture-lists-search` +`recordedftuure-lists-search list_names="ip,domain" contains="entity"` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| list_names | Freetext name to search for. | Optional | +| contains | Filter lists based on entity types, will only include lists with the entity types specified. Default value "" includes all types. Possible values are: entity, source, text, custom, ip, domain, tech_stack, industry, brand, partner, industry_peer, location, supplier, vulnerability, company, hash, operation, attacker, target, method. | Optional | +| limit | Limits the amount of returned results. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| RecordedFuture.List.id | String | Unique id of the list in Recorded Future | +| RecordedFuture.List.name | String | Name of the list in Recorded Future | +| RecordedFuture.List.type | String | Recorded future entity type | +| RecordedFuture.List.created | String | Timestamp of creation | +| RecordedFuture.List.updated | String | Timestamp of last update to the list | +| RecordedFuture.List.owner_id | String | Unique id of the owner in Recorded Future | +| RecordedFuture.List.owner_name | String | Readable name of list in Recorded Future | + +### recordedfuture-lists-add-entities + +*** +Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action. + +#### Base Command + +`recordedfuture-lists-add-entities list_id="Some list id" entity_ids="ip:1.1.1.1,idn:some.com"` +`recordedfuture-lists-add-entities list_id="Some list id" freetext_names="1.1.1.1" entity_type="ip"` +`recordedfuture-lists-add-entities list_id="Some list id" freetext_names="1.1.1.1,8.8.8.8" entity_type="ip"` +`recordedfuture-lists-add-entities list_id="Some list id" freetext_names="some.com" entity_type="domain"` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| list_id | Id of the list that should be added, can be found by running !recordedfuture-lists-search with the corresponding filters or in the Recorded Future portal. | Required | +| entity_ids | Specific ids from Recorded Future separated by comma, For urls containing commas: replace comma with %2C. | Optional | +| freetext_names | Freetext names will be matched to Recorded Future ids separated by comma, this alernative will add the best match in the Recorded Future data. For urls containing commas: escape with %2C. | Optional | +| entity_type | Type of the entities that should be added, only used together with freetext_names to improve entity resolving. Possible values are: ip, domain, malware, url, hash, cve, company, person, product, industry, country, attack-vector, operation, mitre-identifier, malware-category. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| RecordedFuture.List.Entities.name | String | Name of the entity in the list | +| RecordedFuture.List.Entities.type | String | The Recorded Future entity type resolved during the action | +| RecordedFuture.List.Entities.id | String | Unique id of the entity in Recorded Future | +| RecordedFuture.List.Entities.input_value | String | The value inputted to the command | +| RecordedFuture.List.Entities.action_result | String | Entity specific result for the action | diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.py b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.py new file mode 100644 index 000000000000..26fce0df440a --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.py @@ -0,0 +1,236 @@ +"""Recorded Future Lists Integration for Demisto.""" + +import platform +import json + +# flake8: noqa: F402,F405 lgtm +import demistomock as demisto +from CommonServerPython import * + +STATUS_TO_RETRY = [500, 501, 502, 503, 504] + +# disable insecure warnings +requests.packages.urllib3.disable_warnings() # type: ignore + +__version__ = '1.0.0' + + +# === === === === === === === === === === === === === === === +# === === === === Recorded Future API Client === === === ==== +# === === === === === === === === === === === === === === === + + +class Client(BaseClient): + def whoami(self) -> Dict[str, Any]: + + return self._http_request( + method='get', + url_suffix='info/whoami', + timeout=60, + ) + + def _call(self, url_suffix, **kwargs): + + json_data = { + 'demisto_command': demisto.command(), + 'demisto_args': demisto.args(), + } + if 'demisto_args' in kwargs.keys(): + if args := kwargs.get('demisto_args'): + json_data.update({'demisto_args': args}) + kwargs.pop('demisto_args') + + method = kwargs.get('method', 'post') + + request_kwargs = { + 'method': method, + 'url_suffix': url_suffix, + 'json_data': json_data, + 'timeout': 90, + 'retries': 3, + 'status_list_to_retry': STATUS_TO_RETRY, + } + + request_kwargs.update(kwargs) + + try: + response = self._http_request(**request_kwargs) + + if isinstance(response, dict) and response.get('return_error'): + # This will raise the Exception or call "demisto.results()" for the error and sys.exit(0). + return_error(**response['return_error']) + + except DemistoException as err: + if '404' in str(err): + return CommandResults( + outputs_prefix='', + outputs=dict(), + raw_response=dict(), + readable_output='No results found.', + outputs_key_field='', + ) + else: + raise err + + return response + + #################################################### + ################## List operations ################# + #################################################### + + def list_search(self) -> Dict[str, Any]: + parsed_args = demisto.args() + if list_names := parsed_args.get('list_names'): + parsed_args['list_names'] = list_names.split(",") + if types := parsed_args.get('contains'): + parsed_args["contains"] = types.split(",") + """Search for lists in Recorded Future""" + return self._call(url_suffix='/v2/lists/search', demisto_args=parsed_args) + + #################################################### + ################ Entity operations ################# + #################################################### + + def entity_add(self) -> Dict[str, Any]: + parsed_args = demisto.args() + + list_id = parsed_args.pop("list_id") + + if entity_ids := parsed_args.get('entity_ids'): + parsed_args["entity_ids"] = entity_ids.split(",") + + if freetext_names := parsed_args.get('freetext_names'): + parsed_args["freetext_names"] = freetext_names.split(",") + + if not ( + (entity_ids and not freetext_names) or (not entity_ids and freetext_names) + ): # XOR entity_ids and freetext_names + raise ValueError( + "Command expected 1 of parmeters: entity_ids or freetext_names, to be specified." + f" Got {len([x for x in [entity_ids, freetext_names] if x])} specified." + ) + + return self._call( + url_suffix=f'/v2/lists/{list_id}/entities/add', demisto_args=parsed_args + ) + + +# === === === === === === === === === === === === === === === +# === === === === === === ACTIONS === === === === === === === +# === === === === === === === === === === === === === === === + + +class Actions: + def __init__(self, rf_client: Client): + self.client = rf_client + + def _process_result_actions( + self, response: Union[dict, CommandResults] + ) -> List[CommandResults]: + + if isinstance(response, CommandResults): + # Case when we got 404 on response, and it was processed in self.client._call() method. + return [response] + elif not isinstance(response, dict): + # In case API returned a str - we don't want to call "response.get()" on a str object. + return None # type: ignore + + result_actions: Union[List[dict], None] = response.get('result_actions') + + if not result_actions: + return None # type: ignore + + command_results: List[CommandResults] = list() + for action in result_actions: + if 'CommandResults' in action: + command_results.append(CommandResults(**action['CommandResults'])) + + return command_results + + ####################################################### + #################### List actions ##################### + ####################################################### + + def list_search_command(self) -> List[CommandResults]: + response = self.client.list_search() + return self._process_result_actions(response=response) + + ####################################################### + ################### Entity actions #################### + ####################################################### + + def entity_add_command(self) -> List[CommandResults]: + response = self.client.entity_add() + return self._process_result_actions(response=response) + + +# === === === === === === === === === === === === === === === +# === === === === === === === MAIN === === === === === === == +# === === === === === === === === === === === === === === === + + +def main() -> None: + """Main method used to run actions.""" + try: + demisto_params = demisto.params() + base_url = demisto_params.get('server_url', '').rstrip('/') + verify_ssl = not demisto_params.get('unsecure', False) + proxy = demisto_params.get('proxy', False) + + headers = { + 'X-RFToken': demisto_params['token'].get('password'), + 'X-RF-User-Agent': ( + f'RecordedFutureLists.py/{__version__} ({platform.platform()}) ' + f'XSOAR/{__version__} ' + f'RFClient/{__version__} (Cortex_XSOAR_{demisto.demistoVersion()["version"]})' + ), + } + client = Client( + base_url=base_url, verify=verify_ssl, headers=headers, proxy=proxy + ) + command = demisto.command() + actions = Actions(client) + + if command == 'test-module': + # This is the call made when pressing the integration Test button. + # Returning 'ok' indicates that the integration works like it suppose to and + # connection to the service is successful. + # Returning 'ok' will make the test result be green. + # Any other response will make the test result be red. + + try: + client.whoami() + return_results('ok') + except Exception as err: + message = str(err) + try: + error = json.loads(str(err).split('\n')[1]) + if 'fail' in error.get('result', dict()).get('status', ''): + message = error.get('result', dict())['message'] + except Exception: + message = ( + 'Unknown error. Please verify that the API' + f' URL and Token are correctly configured. RAW Error: {err}' + ) + raise DemistoException(f'Failed due to - {message}') + + ####################################################### + ################### List commands ##################### + ####################################################### + + elif command == 'recordedfuture-lists-search': + return_results(actions.list_search_command()) + + ####################################################### + ################## Entity commands #################### + ####################################################### + + elif command == 'recordedfuture-lists-add-entities': + return_results(actions.entity_add_command()) + + except Exception as e: + return_error(message=f'Failed to execute {demisto.command()} command: {str(e)}') + + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml new file mode 100644 index 000000000000..e1848b9fed04 --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml @@ -0,0 +1,142 @@ +commonfields: + id: RecordedFutureLists + version: -1 +name: RecordedFutureLists +display: 'Recorded Future - Lists' +category: Data Enrichment & Threat Intelligence +image: +description: 'Search and manage watchlists in Recorded Future' +configuration: +- display: API URL + name: server_url + additionalinfo: "Default URL: https://api.recordedfuture.com/gw/xsoar/" + defaultvalue: https://api.recordedfuture.com/gw/xsoar/ + type: 0 + required: true +- displaypassword: API Token + name: token + defaultvalue: "" + type: 9 + hiddenusername: true + required: true +- display: Trust any certificate (not secure) + name: insecure + required: false + type: 8 +- display: Use system proxy settings + name: proxy + required: false + type: 8 +script: + script: '-' + type: python + subtype: python3 + dockerimage: demisto/python3:3.10.11.61265 + commands: + - name: recordedfuture-lists-search + description: Search for lists in Recorded Future + arguments: + - name: list_names + required: false + description: Freetext name to search for + - name: contains + required: false + description: Filter lists based on entity types, will only include lists with the entity types specified. Default value "" includes all types + auto: PREDEFINED + predefined: + - entity + - source + - text + - custom + - ip + - domain + - tech_stack + - industry + - brand + - partner + - industry_peer + - location + - supplier + - vulnerability + - company + - hash + - operation + - attacker + - target + - method + - name: limit + required: false + description: Limits the amount of returned results + outputs: + - contextPath: RecordedFuture.List.id + description: Unique id of the list in Recorded Future + type: String + - contextPath: RecordedFuture.List.name + description: Name of the list in Recorded Future + type: String + - contextPath: RecordedFuture.List.type + description: Recorded future entity type + type: String + - contextPath: RecordedFuture.List.created + description: Timestamp of creation + type: String + - contextPath: RecordedFuture.List.updated + description: Timestamp of last update to the list + type: String + - contextPath: RecordedFuture.List.owner_id + description: Unique id of the owner in Recorded Future + type: String + - contextPath: RecordedFuture.List.owner_name + description: Readable name of list in Recorded Future + type: String + - name: recordedfuture-lists-add-entities + description: Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action. + arguments: + - name: list_id + required: true + description: Id of the list that should be added, can be found by running !recordedfuture-lists-search with the corresponding filters or in the Recorded Future portal + - name: entity_ids + description: 'Specific ids from Recorded Future separated by comma, For urls containing commas: replace comma with %2C' + required: false + - name: freetext_names + description: 'Freetext names will be matched to Recorded Future ids separated by comma, this alernative will add the best match in the Recorded Future data. For urls containing commas: escape with %2C' + required: false + - name: entity_type + required: false + description: Type of the entities that should be added, only used together with freetext_names to improve entity resolving + auto: PREDEFINED + predefined: + - ip + - domain + - malware + - url + - hash + - cve + - company + - person + - product + - industry + - country + - attack-vector + - operation + - mitre-identifier + - malware-category + outputs: + - contextPath: RecordedFuture.List.Entities.name + description: Name of the entity in the list + type: String + - contextPath: RecordedFuture.List.Entities.type + description: The Recorded Future entity type resolved during the action + type: String + - contextPath: RecordedFuture.List.Entities.id + description: Unique id of the entity in Recorded Future + type: String + - contextPath: RecordedFuture.List.Entities.input_value + description: The value inputted to the command + type: String + - contextPath: RecordedFuture.List.Entities.action_result + description: Entity specific result for the action + type: String +fromversion: 6.5.0 +tests: +- No tests (auto formatted) diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_description.md b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_description.md new file mode 100644 index 000000000000..57d60183beb0 --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_description.md @@ -0,0 +1,24 @@ +## Information +A valid API Token for XSOAR from Recorded Future needed to fetch information. +[Get help with Recorded Future for Cortex XSOAR](https://www.recordedfuture.com/support/demisto-integration/). + +**Version:** 1.0.0 + +--- + +## Configuration +| Parameter | Description | +|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Server URL | The URL to the Recorded Future ConnectAPI. | +| API Token | Valid API Token from Recorded Future. | +| Trust any certificate (not secure) | - +| Use system proxy settings | - | +--- + +## Available Actions +* Search action + * Search and filter available list in Recorded Future +* Add entity to list action + * Add entities to lists using Recorded Future entity ids, or base your addition on freetext name and relevant entity type + +Copyright 2020-2023 Recorded Future, Inc. diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_image.png b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_image.png new file mode 100644 index 0000000000000000000000000000000000000000..1fcdbc426c6f2cb5313aa86e4f13214dac88af30 GIT binary patch literal 3049 zcmb7`X*d&r1I9=0GgMQ<+)I}TnR7&1uCj??xuYB_a)b;K!q_DDRb!{QLO-`2T-+-{12-&-?X#o;UT1ot3!AF%bX&AP&D|;qZ@<|D-J>@XvEe z;IV(;33aeC2h=OLO6M^QlOZuaJ?<;I0cEk6E?oWPJ&7;AT_(oU^2rH} z!8O{ssjCmm+2{+lSA*_k>aA5`e^jY)ACNkugYI78OXpD&!RmhQ`FIb$)gR2cwB&ee zh;UBKcjZcDRcH{W2sWi4FDY;x8B81QEvZB1fb6i_BBG+n5=XUFFGQlzXuGqrfweU? zxD5!`mM$V9a>D~MOE15$Z^RRA@)iAKb?cabEoJ~iL{@stt}{| zj#1BC8#_k#pqonX1^R-t=D^U)M=Pt{TKwRT*95#tplh!?Q@et`u$@fPmt)s_CmLEc zq*HD905gTf#l=f9>Nd^@C#S{|>f~TS_T~Ch0a_**?L9dVkK;ZCKaI&wCv?tL*BPv?{s3$pTxYilsGTvA>Rs$Vy|8Kn~r`Ga*|64zAxhG3D?w z0W~OFvtQN{6+m(cpL60BK1lO`)-&v%$6&s9rmhNyoLNQSJv63d44`Z_n@HfIFF43c zyL1Fk;Zrd0Bv3;#6^b-@(=yhmPwY)W;NjE43Lt56K}4+>X<LyLz6k$vrugSwd^i3MaF&nK|psjTqMJo|;cj zPap4pzzSDiG5zX;PzB^3gn=!WcEy@IAEVb6@dpN!@#8w<52ZlM;*X!Q!&5(S<3b2WY;3#aCycK4|$@9Ctlb{^`?INX$6I-+SFkm%v z+j-IN`>(m#?o7<~k8Jw}AP|^2mxrczmfqu zAFPilgwEHcynHm0<*mDGZO=lT?D}#n9&)hP(UP-w1v=H*Tl*#DW#bW>@!7<$)PV?) zqwlA%TiIbo(=&!%Z53d*J7eG~eYpnaDUI5;>Smg1ft!T>RyM@m1YMO2t4S~^+0*46 zY^PH6Q8r8qEYOT;MYo^(^{X^_N`Uu`Gm~dUCjo5{XLWOMxC@qP-Z-=>BjRmHZYe8< zOW3Y`ki`m&{W5pAG<>vs&A($IA`QbjW456bvvp|eRAk?4?#TA`wn3z%V#w)@!mRxS zz4&mW8&~P8y%nyVDz6@|f4A2arXG$~`PkQ2TLGOf71_Oa_w=EoE@y<@)0ZwT>UeXd zkgayE8YeUoLh)F+V&F5b>(pw*>&m2c=vn|v%bdqJl@S~TG>(9|rZamH4xd>H%e&Oy zavf}JVKU-{$krfIkAq<14JCuek7viagzJsMc6 z)^F*XPTDuU0**cDG&VOBkDY)_n`iN9`s^HUzNQFC@-q`<1+=$x zO>dR)%d}37h<9>~V`v4%F4lohT^SHYx0{}O9OGS^WNUWng0D2zBtXG?X_sYM`Mht8 z8j6oDP1ri%)caaN+!#9&aocb8##}loxS&n0dvizJPKq$!di3#$bUx&bKLOXQrWs8Y z5-+<741ALYzlSUjA+O!sdRFInBBcL^YIL^*Z4dQ6D?U`fR7Ig;yQBk8DsP+~vwkm_ zDD7g{UYZ2AS^8~eQICj?G$;Lf*`1iN z@l5QWg2KWM_M2?|v@-dFZ;$qY6mfea@Q@?cIQ5K5NYjlRXSe)%7l+uGx zQ&db?O}%pU@58RAb!orX9^0mEHamUFahe^>{usT^`|cOg#TZr%pyl3Xdxf8}B&sgQ zBs9q#1>-KyIc2@t&Ckyd(E*!U9;}?W4>+BKfBNRkz?535!saWyMO5jctN?q`FpO+o zkDC39*F_nMPB_=uXGbqW=lRL{u@$gfYU6w#mM^)dA!rh(hI05kA40YM2D~0=wzDqw zR3!L8US8vYio8?)jfv*v9dIzw-u^bmj#(G* z;dA~;w)i=>FE^;%FM__gS6wucw;yqeXX6B85eS4@Z}s~bL;MS3?_gr<&WI;`MVEct zGb3ZY6Pj>1+?}3Py&tBMbz?#cFE)ZZ z)yC~TvDtJ2cmvoDim#FL4@#eV{!wZjo^NvhV?SWRcKcls|-i>KtA-@(-Mb&KS9HT~LqP{)Ku zy5@tnB;wa+T-~^;>AYMYh4#Ie9}#ggM|MOyqInHL3&7XG2DFT|7n(fHZlIgaUcW4T zfXYorT2|}w+-!)It)i6bwtS|}frH+T=Kgsim?%Z$N2c>le!LUZy>u^z zAMN|Dv9kgGp1a?qq72|bc=yg~m=PLgc2=G{r2U;_)wGZQ?Z;;HSCHk6qP%*Hl*Jk5 z2~DYO;?t6ZJU=}3FvEz~l}}dk4wwnquA}5%)9~IZ>sv+%1c~mh>re$E{qor0N`0$6 z`TkKaE|)w1dg;L{cilxab0bT;x`OCuh&?r)JE{-|Xvpht#`IFZqHU6pWOZ`>z5q2% zrs=Q>N3YiwZOIbc!q_qDv!F4b?-#KfynirWG#3p1%*mL&QT&HIfLyH+%iDXE^D!eR zRKX-V@K$uoXEwDcoK}QzR`NAbd5^TFmqE(~KWKR?--_g-=owYJ5-vzayrGGY=XWhJO19T~pCu;fsuY3DnWql2y9YO!@%`hPK&g#GK4uD(QS=5+& GB>V@i(B+Q+ literal 0 HcmV?d00001 diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_test.py b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_test.py new file mode 100644 index 000000000000..e219dd91b1d7 --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists_test.py @@ -0,0 +1,605 @@ +def create_client(): + import os + from RecordedFutureLists import Client, __version__ + + base_url = 'https://api.recordedfuture.com/gw/xsoar/' + verify_ssl = True + token = os.environ.get('RF_TOKEN') + headers = { + 'X-RFToken': token, + 'X-RF-User-Agent': f"RecordedFutureLists.py/{__version__} (Linux-5.13.0-1031-aws-x86_64-with) " + f"XSOAR/{__version__} RFClient/{__version__} (Cortex_XSOAR_6.5.0)", + } + + return Client(base_url=base_url, verify=verify_ssl, headers=headers, proxy=False) + + +class TestRFClient: + def test_whoami(self, mocker): + client = create_client() + + mock_http_request = mocker.patch.object(client, '_http_request') + + client.whoami() + + mock_http_request.assert_called_once_with( + method='get', + url_suffix='info/whoami', + timeout=60, + ) + + def test_call_with_kwargs(self, mocker): + """ + Test _call() with kwargs. + """ + + import os + import demistomock as demisto + + STATUS_TO_RETRY = [500, 501, 502, 503, 504] + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + # Mock demisto command and args. + mock_command_name = 'command_name' + mock_command_args = {'arg1': 'arg1_value', 'arg2': 'arg2_value'} + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_http_request = mocker.patch.object(client, '_http_request') + + mock_url_suffix = 'mock_url_suffix' + + client._call(url_suffix=mock_url_suffix, timeout=120, any_other_kwarg=True) + + json_data = { + 'demisto_command': mock_command_name, + 'demisto_args': mock_command_args, + } + + mock_http_request.assert_called_once_with( + method='post', + url_suffix=mock_url_suffix, + json_data=json_data, + timeout=120, + retries=3, + status_list_to_retry=STATUS_TO_RETRY, + any_other_kwarg=True, + ) + + def test_call_returns_response(self, mocker): + """ + Test _call() returns response. + """ + + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + # Mock demisto command and args. + mock_command_name = 'command_name' + mock_command_args = {'arg1': 'arg1_value', 'arg2': 'arg2_value'} + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_response = {'response': {'data': 'mock data'}} + + mocker.patch.object(client, '_http_request', return_value=mock_response) + + mock_url_suffix = 'mock_url_suffix' + + response = client._call(url_suffix=mock_url_suffix) + assert response == mock_response + + def test_call_response_processing_return_error(self, mocker): + """ + Test _call() return_error response processing. + """ + + import os + import demistomock as demisto + + STATUS_TO_RETRY = [500, 501, 502, 503, 504] + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + # Mock demisto command and args. + mock_command_name = 'command_name' + mock_command_args = {'arg1': 'arg1_value', 'arg2': 'arg2_value'} + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + mock_return_error = mocker.patch('RecordedFutureLists.return_error') + + client = create_client() + + mock_http_request = mocker.patch.object( + client, + '_http_request', + return_value={'return_error': {'message': 'mock error'}}, + ) + + mock_url_suffix = 'mock_url_suffix' + + client._call(url_suffix=mock_url_suffix) + + json_data = { + 'demisto_command': mock_command_name, + 'demisto_args': mock_command_args, + } + + mock_http_request.assert_called_once_with( + method='post', + url_suffix=mock_url_suffix, + json_data=json_data, + timeout=90, + retries=3, + status_list_to_retry=STATUS_TO_RETRY, + ) + + mock_return_error.assert_called_once_with(message='mock error') + + def test_call_response_processing_404(self, mocker): + """ + Test _call() response processing. + """ + + import os + import demistomock as demisto + from CommonServerPython import DemistoException, CommandResults + + STATUS_TO_RETRY = [500, 501, 502, 503, 504] + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + # Mock demisto command and args. + mock_command_name = 'command_name' + mock_command_args = {'arg1': 'arg1_value', 'arg2': 'arg2_value'} + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + mocker.patch('RecordedFutureLists.return_error') + + client = create_client() + + def mock_http_request_method(*args, **kwargs): + # Imitate how CommonServerPython handles bad responses (when status code not in ok_codes, + # or if ok_codes=None - it uses requests.Response.ok to check whether response is good). + raise DemistoException('404') + + mocker.patch.object(client, '_http_request', mock_http_request_method) + + spy_http_request = mocker.spy(client, '_http_request') + + mock_url_suffix = 'mock_url_suffix' + + result = client._call(url_suffix=mock_url_suffix) + + json_data = { + 'demisto_command': mock_command_name, + 'demisto_args': mock_command_args, + } + + spy_http_request.assert_called_once_with( + method='post', + url_suffix=mock_url_suffix, + json_data=json_data, + timeout=90, + retries=3, + status_list_to_retry=STATUS_TO_RETRY, + ) + + assert isinstance(result, CommandResults) + + assert result.outputs_prefix == '' + assert result.outputs_key_field == '' + assert result.outputs == dict() + assert result.raw_response == dict() + assert result.readable_output == 'No results found.' + + def test_list_search(self, mocker): + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + # Mock demisto command and args. + mock_command_name = 'command_name' + mock_command_args = {'list_name': 'arg1_value', 'entity_types': 'arg2_value'} + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) + + response = client.list_search() + + mock_call.assert_called_once_with( + demisto_args=mock_command_args, url_suffix='/v2/lists/search' + ) + + assert response == mock_call_response + + def test_entity_add_freetext(self, mocker): + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + mocked_list_id = "mockvalue" + mocked_entity_type = "mock" + mocked_entity_ids = "" + mocked_freetext_names = "mockedmalwarename" + mock_command_args = { + 'list_id': mocked_list_id, + 'entity_types': mocked_entity_type, + 'entity_ids': mocked_entity_ids, + 'freetext_names': mocked_freetext_names, + } + # Mock demisto command and args. + mock_command_name = 'command_name' + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) + + response = client.entity_add() + mock_call.assert_called_once_with( + demisto_args=mock_command_args, + url_suffix=f'/v2/lists/{mocked_list_id}/entities/add', + ) + + assert response == mock_call_response + + def test_entity_add_ids(self, mocker): + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + mocked_list_id = "mockvalue" + mocked_entity_type = "mock" + mocked_entity_ids = "mockedmalwarename" + mocked_freetext_names = "" + mock_command_args = { + 'list_id': mocked_list_id, + 'entity_type': mocked_entity_type, + 'entity_ids': mocked_entity_ids, + 'freetext_names': mocked_freetext_names, + } + # Mock demisto command and args. + mock_command_name = 'command_name' + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_call_response = {'response': {'data': 'mock response'}} + mock_call = mocker.patch.object( + client, '_call', return_value=mock_call_response + ) + + response = client.entity_add() + mock_call.assert_called_once_with( + demisto_args=mock_command_args, + url_suffix=f'/v2/lists/{mocked_list_id}/entities/add', + ) + + assert response == mock_call_response + + def test_entity_add_invalid_both(self, mocker): + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + mocked_list_id = "mockvalue" + mocked_entity_type = "mock" + mocked_entity_ids = "mockedmalwarename" + mocked_freetext_names = "mockedmalwarename" + mock_command_args = { + 'list_id': mocked_list_id, + 'entity_type': mocked_entity_type, + 'entity_ids': mocked_entity_ids, + 'freetext_names': mocked_freetext_names, + } + # Mock demisto command and args. + mock_command_name = 'command_name' + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_call_response = {'response': {'data': 'mock response'}} + mocker.patch.object(client, '_call', return_value=mock_call_response) + raised = False + try: + client.entity_add() + except ValueError: + raised = True + assert raised + + def test_entity_add_invalid_none(self, mocker): + import os + import demistomock as demisto + + # This is needed for CommonServerPython module to not add demisto.params() into callingContext. + os.environ['COMMON_SERVER_NO_AUTO_PARAMS_REMOVE_NULLS'] = 'True' + + mocked_list_id = "mockvalue" + mocked_entity_type = "mock" + mocked_entity_ids = "" + mocked_freetext_names = "" + mock_command_args = { + 'list_id': mocked_list_id, + 'entity_types': mocked_entity_type, + 'entity_ids': mocked_entity_ids, + 'freetext_names': mocked_freetext_names, + } + # Mock demisto command and args. + mock_command_name = 'command_name' + + mocker.patch.object(demisto, 'command', return_value=mock_command_name) + mocker.patch.object(demisto, 'args', return_value=mock_command_args) + + client = create_client() + + mock_call_response = {'response': {'data': 'mock response'}} + mocker.patch.object(client, '_call', return_value=mock_call_response) + + raised = False + try: + client.entity_add() + except ValueError: + raised = True + assert raised + + +class TestActions: + def test_init(self, mocker): + from RecordedFutureLists import Actions + + mock_client = mocker.Mock() + actions = Actions(mock_client) + assert actions.client == mock_client + + def test_process_result_actions_404(self, mocker): + from RecordedFutureLists import Actions + from CommonServerPython import CommandResults + + mock_client = mocker.Mock() + actions = Actions(mock_client) + + # Test if response is CommandResults + # (case when we got 404 on response, and it was processed in self.client._call() method). + response = CommandResults(readable_output='Mock') + result_actions = actions._process_result_actions(response=response) + assert result_actions == [response] + + def test_process_result_actions_response_is_not_dict(self, mocker): + from RecordedFutureLists import Actions + + mock_client = mocker.Mock() + actions = Actions(mock_client) + + # Test if response is not CommandResults and not Dict. + response = 'Mock string - not CommandResults and not dict' + result_actions = actions._process_result_actions(response=response) # type: ignore + assert result_actions is None + + def test_process_result_actions_no_or_empty_result_actions_in_response( + self, mocker + ): + from RecordedFutureLists import Actions + + mock_client = mocker.Mock() + actions = Actions(mock_client) + + # Test no results_actions in response. + response = {'data': 'mock'} + result_actions = actions._process_result_actions(response=response) + assert result_actions is None + + # Test case when bool(results_actions) in response is False. + response = {'data': 'mock', 'result_actions': None} + result_actions = actions._process_result_actions(response=response) + assert result_actions is None + + response = {'data': 'mock', 'result_actions': list()} + result_actions = actions._process_result_actions(response=response) + assert result_actions is None + + response = {'data': 'mock', 'result_actions': dict()} + result_actions = actions._process_result_actions(response=response) + assert result_actions is None + + def test_process_result_actions_command_results_only(self, mocker): + from RecordedFutureLists import Actions, CommandResults + + mock_client = mocker.Mock() + actions = Actions(mock_client) + + response = { + 'data': 'mock', + 'result_actions': [ + { + 'CommandResults': { + 'outputs_prefix': 'mock_outputs_prefix', + 'outputs': 'mock_outputs', + 'raw_response': 'mock_raw_response', + 'readable_output': 'mock_readable_output', + 'outputs_key_field': 'mock_outputs_key_field', + }, + } + ], + } + result_actions = actions._process_result_actions(response=response) + + assert len(result_actions) == 1 + + r_a = result_actions[0] + + assert isinstance(r_a, CommandResults) + + assert r_a.outputs_prefix == 'mock_outputs_prefix' + assert r_a.outputs == 'mock_outputs' + assert r_a.raw_response == 'mock_raw_response' + assert r_a.readable_output == 'mock_readable_output' + assert r_a.outputs_key_field == 'mock_outputs_key_field' + + def test_list_search_command_without_result_actions(self, mocker): + from RecordedFutureLists import Actions + + client = create_client() + + mock_response = 'mock_response' + + mock_client_lists_list_search = mocker.patch.object( + client, 'list_search', return_value=mock_response + ) + + actions = Actions(client) + + mock_process_result_actions_return_value = None + mock_process_result_actions = mocker.patch.object( + actions, + '_process_result_actions', + return_value=mock_process_result_actions_return_value, + ) + + actions.list_search_command() + + mock_client_lists_list_search.assert_called_once_with() + + mock_process_result_actions.assert_called_once_with(response=mock_response) + + def test_list_search_command_with_result_actions(self, mocker): + from RecordedFutureLists import Actions + + client = create_client() + + mock_response = 'mock_response' + + mock_client_lists_list_search = mocker.patch.object( + client, 'list_search', return_value=mock_response + ) + + actions = Actions(client) + + mock_process_result_actions_return_value = 'mocked_process_return_value' + mock_process_result_actions = mocker.patch.object( + actions, + '_process_result_actions', + return_value=mock_process_result_actions_return_value, + ) + + result = actions.list_search_command() + + mock_client_lists_list_search.assert_called_once_with() + + mock_process_result_actions.assert_called_once_with(response=mock_response) + + assert result == mock_process_result_actions_return_value + + def test_entity_add_command_with_result_action(self, mocker): + from RecordedFutureLists import Actions + + client = create_client() + + mock_response = 'mock_response' + + mock_client_entity_add = mocker.patch.object( + client, 'entity_add', return_value=mock_response + ) + + actions = Actions(client) + + mock_process_result_actions_return_value = ( + 'mock_process_result_actions_return_value' + ) + mock_process_result_actions = mocker.patch.object( + actions, + '_process_result_actions', + return_value=mock_process_result_actions_return_value, + ) + + result = actions.entity_add_command() + + mock_client_entity_add.assert_called_once_with() + + mock_process_result_actions.assert_called_once_with(response=mock_response) + + assert result == mock_process_result_actions_return_value + + def test_test_module(self, mocker): + import RecordedFutureLists + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mocker.patch.object(RecordedFutureLists.Client, "whoami") + mocked_return_res = mocker.patch.object(RecordedFutureLists, "return_results") + RecordedFutureLists.main() + mocked_return_res.assert_called_with('ok') + + def test_test_module_with_boom(self, mocker): + import RecordedFutureLists + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mock_whoami = mocker.patch.object(RecordedFutureLists.Client, "whoami") + mock_whoami.side_effect = Exception("Side effect triggered") + mocked_return_err = mocker.patch.object(RecordedFutureLists, "return_error") + RecordedFutureLists.main() + mocked_return_err.assert_called_with( + message=( + f'Failed to execute {demisto.command()} command: Failed due to - ' + 'Unknown error. Please verify that the API URL and Token are correctly configured. ' + 'RAW Error: Side effect triggered' + ) + ) diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/command_examples.txt b/Packs/RecordedFuture/Integrations/RecordedFutureLists/command_examples.txt new file mode 100644 index 000000000000..da50af753962 --- /dev/null +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/command_examples.txt @@ -0,0 +1,2 @@ +!recordedfuture-lists-search +!recordedfuture-lists-add-entities \ No newline at end of file diff --git a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/README.md b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/README.md index 379895def5c6..13104a0fffbd 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/README.md +++ b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/README.md @@ -243,7 +243,7 @@ Search playbook alerts based on filters | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| category | filter what playbook alert categories that is wanted. (default = all available). Possible values are: all_available, domain_abuse, vulnerability. | Optional | +| category | filter what playbook alert categories that is wanted. (default = all available). Possible values are: all_available, domain_abuse, vulnerability, code_repo_leakage. | Optional | | limit | Limits the number of alerts to fetch. | Optional | | time_since_update | Time between now and e.g. "2 hours" or "7 days" ago. | Optional | | playbook_alert_status | Filter what statuses are fetched, defaults to only new status if not specified. Possible values are: new, in-progress, dismissed, resolved. | Optional | diff --git a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.py b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.py index 4da79211ed6e..92ca76265ce2 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.py +++ b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.py @@ -13,7 +13,7 @@ # disable insecure warnings requests.packages.urllib3.disable_warnings() # type: ignore -__version__ = '1.0.0' +__version__ = '1.0.1' # === === === === === === === === === === === === === === === diff --git a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml index a6630f5953b4..7e04b95e72bb 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml @@ -48,6 +48,7 @@ configuration: - All Available - Domain Abuse - Vulnerability + - Code Repo Leakage - display: Maximum number of incidents per fetch name: max_fetch defaultvalue: "50" @@ -82,7 +83,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.10.49934 + dockerimage: demisto/python3:3.10.11.61265 commands: - name: recordedfuture-playbook-alerts-details description: Get Playbook alert details by id. @@ -537,6 +538,7 @@ script: - all_available - domain_abuse - vulnerability + - code_repo_leakage - name: limit required: false description: Limits the number of alerts to fetch. diff --git a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts_test.py b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts_test.py index 24af2af45f21..6a99058efb4c 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts_test.py +++ b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts_test.py @@ -736,3 +736,50 @@ def test_playbook_alert_update_command(self, mocker): mock_process_result_actions.assert_called_once_with(response=mock_response) assert result == mock_process_result_actions_return_value + + def test_test_module(self, mocker): + import RecordedFuturePlaybookAlerts + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mocker.patch.object(RecordedFuturePlaybookAlerts.Client, "whoami") + mocked_return_res = mocker.patch.object( + RecordedFuturePlaybookAlerts, "return_results" + ) + RecordedFuturePlaybookAlerts.main() + mocked_return_res.assert_called_with('ok') + + def test_test_module_with_boom(self, mocker): + import RecordedFuturePlaybookAlerts + import demistomock as demisto + import platform + + mocker.patch.object(demisto, "command", return_value="test-module") + mocker.patch.object( + demisto, "demistoVersion", return_value={"version": "mock_version"} + ) + mocker.patch.object( + demisto, "params", return_value={"token": {"password": "mocktoken"}} + ) + mocker.patch.object(platform, "platform", return_value="mock_platform") + mock_whoami = mocker.patch.object(RecordedFuturePlaybookAlerts.Client, "whoami") + mock_whoami.side_effect = Exception("Side effect triggered") + mocked_return_err = mocker.patch.object( + RecordedFuturePlaybookAlerts, "return_error" + ) + RecordedFuturePlaybookAlerts.main() + mocked_return_err.assert_called_with( + message=( + f'Failed to execute {demisto.command()} command: Failed due to - ' + 'Unknown error. Please verify that the API URL and Token are correctly configured. ' + 'RAW Error: Side effect triggered' + ) + ) diff --git a/Packs/RecordedFuture/README.md b/Packs/RecordedFuture/README.md index 38a981da0bbd..83596c68d310 100644 --- a/Packs/RecordedFuture/README.md +++ b/Packs/RecordedFuture/README.md @@ -1,13 +1,13 @@ # "Recorded Future Intelligence" Pack Documentation - +​ ## Integrations - +​ ### Recorded Future v2 Access Recorded Future data to enrich IPs, domains, URLs, CVEs, Files, and Malwares and assess threats in regards to a specific context. Use this integration to fetch Recorded Future non-playbook alerts - +​ #### Available Actions - +​ * Reputation actions: * Gets a reputaion lookup based on Recorded Future's risk assessment for IPs, Domains, Files (hashes), URLs and CVEs * Using the new Recorded Future SOAR Enrichment API. @@ -26,9 +26,10 @@ threats in regards to a specific context. Use this integration to fetch Recorded * Threat assessment action * Takes a context, such as phishing or malware and one or more IOC as input. * Outputs a verdict (true/false) and related evidence (risk rules) for this context. - +​ +​ #### Relevant Playbooks - +​ All the playbooks are meant to be used as sub-playbooks to get reputation, intelligence or assess the threat level in regards to a context. * Available Reputation sub-playbooks @@ -38,19 +39,19 @@ regards to a context. * File * URL * One combined playbook that returns the reputation for all of the above types - +​ * Available Intelligence/Enrichment sub-playbooks * IP * Domain * CVE * File * URL - +​ * Threat assessment sub-playbooks for the following contexts * Malware * Phishing * Command and Control (C2) - +​ * Available template playbooks * Recorded Future Entity Enrichment * Recorded Future Sandbox (Hatching) @@ -60,28 +61,28 @@ regards to a context. #### Relevant Classifiers Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types. - +​ * Recorded Future - Classifier * Recorded Future - Incoming Mapper #### Relevant Incident Types - +​ * Recorded Future Alert * Recorded Future Leaked Credential Monitoring * Recorded Future New Critical or Pre NVD Vulnerabilities * Recorded Future Potential Typosquat #### Relevant Layouts - +​ * Custom layout for Recorded Future incident type --- - +​ ### Recorded Future - Playbook Alerts Fetch & triage Recorded Future Playbook Alerts - +​ #### Available Actions - +​ * recordedfuture-playbook-alerts-details * View details of a specific Recorded Future playbook alert * Get Playbook alert details by id @@ -90,44 +91,51 @@ Fetch & triage Recorded Future Playbook Alerts * recordedfuture-playbook-alerts-search * View which Recorded Future playbook alerts are set up in Recorded Future enterprise to be brought into XSOAR * Search playbook alerts based on filters - +​ #### Relevant Playbooks The template playbooks included help you save time and keep your incidents in sync. They also aid with automating repetitive tasks associated with playbook alerts. Template playbooks should be used as launching points to build playbooks for specific use cases supported by Recorded Future. Certain playbook steps in a template playbook need to be configured to function. - +​ * Recorded Future Playbook Alert Details * A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future * Recorded Future Domain Abuse * This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts. * Recorded Future Vulnerability * This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts. - +​ #### Relevant Classifiers Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types. - +​ * Recorded Future Playbook Alert Classifier * Recorded Future Playbook Alert Mapper #### Relevant Incident Types - +​ * Recorded Future Playbook Alert * Recorded Future Domain Abuse * Recorded Future Vulnerability - +* Recorded Future Code Repo Leakage +​ #### Relevant Layouts - +​ * Recorded Future Playbook Alert Domain Abuse * Recorded Future Playbook Alert Vulnerability * Recorded Future Alert Layout - +​ --- +### Recorded Future - Lists +Search and manage watchlists and lists in Recorded Future +​ +#### Available Actions +* recordedfuture-lists-add-entities + * Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action. +* recordedfuture-lists-search + * Search for a Recorded Future list. Returns list entities -## Dashboards and indicators - +--- +#### Dashboards and indicators +​ Includes a dashboard that details various metrics related to indicators that was generated from Recorded Future data and -incidents that was created from Recorded Future data. +incidents that was created from Recorded Future data. There are two indicator fields added to record which risk rules indicators have triggered as well as whether an indicator is a malware, c2, or phishing when it has gone through the playbook for threat assessment. - - ---- \ No newline at end of file diff --git a/Packs/RecordedFuture/ReleaseNotes/1_6_0.md b/Packs/RecordedFuture/ReleaseNotes/1_6_0.md new file mode 100644 index 000000000000..ae54b9b33f86 --- /dev/null +++ b/Packs/RecordedFuture/ReleaseNotes/1_6_0.md @@ -0,0 +1,40 @@ + +#### Classifiers + +##### Recorded Future Playbook Alert Classifier + +- Added `Recorded Code Repo Leakage` to the Recorded Future Playbook Alert Classifier + +#### Incident Types + +- New: **Recorded Future Code Repo Leakage** + + +#### Integrations +##### Recorded Future - Playbook Alerts + +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. +- Added `Code Repo Leakage` as option to Playbook Alerts: Fetched Category +- Added hinted type `code_repo_leakage` to category param for recordedfuture-playbookalerts-search command + +##### Recorded Future v2 + +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. + +##### New: Recorded Future - Lists + + +- Search and manage watchlists in Recorded Future (Available from Cortex XSOAR 6.5.0). + +- Search command added to search for available lists in Recorded Future +- Command to add entities to a list based on id or freetext name/type, to manage Recorded Future lists. + + +#### Mappers + +##### Recorded Future Playbook Alert Mapper + +- Added `Recorded Code Repo Leakage` to the Recorded Future Playbook Alert Mapper + + + diff --git a/Packs/RecordedFuture/pack_metadata.json b/Packs/RecordedFuture/pack_metadata.json index c093b780bb82..07a19b61155e 100644 --- a/Packs/RecordedFuture/pack_metadata.json +++ b/Packs/RecordedFuture/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Recorded Future Intelligence", "description": "Recorded Future App, this pack is previously known as 'RecordedFuture v2'", "support": "partner", - "currentVersion": "1.5.4", + "currentVersion": "1.6.0", "author": "Recorded Future", "url": "https://www.recordedfuture.com/support/demisto-integration/", "email": "support@recordedfuture.com", From b9dd936adf49b853e8f014f1be43228bcd9eae98 Mon Sep 17 00:00:00 2001 From: israelpoli <72099621+israelpoli@users.noreply.github.com> Date: Wed, 7 Jun 2023 20:42:56 +0300 Subject: [PATCH 037/124] fix bug by convert the password to bytes (#27283) * fix bug by convert the password to bytes * commit * update RN and Docker * comment corrections * commit --- Packs/CommonScripts/ReleaseNotes/1_11_85.md | 7 ++ .../Scripts/UnzipFile/UnzipFile.py | 7 +- .../Scripts/UnzipFile/UnzipFile.yml | 2 +- .../Scripts/UnzipFile/UnzipFile_test.py | 66 ++++++++----------- Packs/CommonScripts/pack_metadata.json | 2 +- 5 files changed, 41 insertions(+), 43 deletions(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_11_85.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_11_85.md b/Packs/CommonScripts/ReleaseNotes/1_11_85.md new file mode 100644 index 000000000000..0b36fb80212b --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_11_85.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### UnzipFile + +- Fixed an issue where the script failed running on password-protected files, when using the `zipfile` tool. +- Updated the Docker image to: *demisto/unzip:1.0.0.61858*. \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.py b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.py index bf35667b038d..ae8aed9af1dd 100644 --- a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.py +++ b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.py @@ -28,10 +28,7 @@ def get_zip_path(args): fn = demisto.get(entry, 'File') # We check the python version to prevent encoding issues. Effects Demisto 4.5+ - if sys.version_info > (3, 0): - is_text = type(fn) is str - else: - is_text = type(fn) in [unicode, str] # pylint: disable=E0602 + is_text = type(fn) is str # pylint: disable=E0602 is_correct_file = args.get('fileName', '').lower() == fn.lower() is_zip = fn.lower().endswith('.zip') @@ -105,6 +102,8 @@ def extract(file_info, dir_path, zip_tool='7z', password=None): if zip_tool == '7z': stdout = extract_using_7z(file_path, dir_path, password=password) elif zip_tool == 'zipfile': + if password: + password = bytes(password, 'utf-8') extract_using_zipfile(file_path, dir_path, password=password) else: return_error(f'There is no zipTool named: {zip_tool}') diff --git a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.yml b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.yml index 769658f34e34..9a6f39287749 100644 --- a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.yml +++ b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.yml @@ -60,7 +60,7 @@ tags: - file timeout: '0' type: python -dockerimage: demisto/unzip:1.0.0.44723 +dockerimage: demisto/unzip:1.0.0.61858 runonce: false tests: - ZipFile-Test diff --git a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile_test.py b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile_test.py index c7c5be88bfb1..78324433f081 100644 --- a/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile_test.py +++ b/Packs/CommonScripts/Scripts/UnzipFile/UnzipFile_test.py @@ -1,7 +1,6 @@ from tempfile import mkdtemp from UnzipFile import * import os -import sys import pytest data_test_unzip_no_password = ['testZip.yml', 'ScanSummary.txt', 'item.png'] @@ -45,17 +44,13 @@ def test_unzip_no_password(file_name): assert expected_data == actual_file_data, 'failed extracting ' + zipped_file_path -data_test_unzip_with_password = [ - ('fix_unzip.png', 'demisto'), -] - - -@pytest.mark.parametrize('file_name, password', data_test_unzip_with_password) -def test_unzip_with_password(file_name, password): +@pytest.mark.parametrize('zip_tool', ('7z', 'zipfile')) +def test_unzip_with_password(zip_tool: str): """ Given - valid zip file - with password required - empty folder _dir + - the tool to extract files When - run extract on that zip file and export the internal files to _dir Then @@ -64,6 +59,8 @@ def test_unzip_with_password(file_name, password): """ # Given # - valid zip file - no password required + file_name = 'fix_unzip.png' + password = 'demisto' main_dir = '/'.join(__file__.split('/')[0:-1]) expected_file_unzipped = os.path.join(main_dir + '/data_test', file_name) zipped_file_path = expected_file_unzipped + '.zip' @@ -76,7 +73,7 @@ def test_unzip_with_password(file_name, password): _dir = mkdtemp() # When # - run extract on that zip file and export the internal files to _dir - extract(zipped_file_object, _dir, password=password) + extract(zipped_file_object, _dir, password=password, zip_tool=zip_tool) # Then # - ensure zip file content have been saved at _dir directory with the original filename with open(_dir + '/' + file_name, 'rb') as f: @@ -139,34 +136,29 @@ def test_unrar_no_password(): - ensure rar file content has been saved at _dir directory with the original filename - ensure that the saved file has expected content """ - if sys.version_info > (3, 0): - # Given - # - valid rar file - no password required - file_name = 'Untitled_document.pdf' - main_dir = '/'.join(__file__.split('/')[0:-1]) - expected_file_unzipped = os.path.join(main_dir + '/data_test', file_name) - zipped_file_path = expected_file_unzipped + '.rar' - # Creation of file object - zipped_file_object = { - 'name': 'Untitled_document.pdf.rar', - 'path': zipped_file_path - } - # - empty folder _di - _dir = mkdtemp() - # When - # - run extract on that zip file and export the internal files to _dir - extract(zipped_file_object, _dir) - # Then - # - ensure rar file content have been saved at _dir directory with the original filename - with open(_dir + '/' + file_name, 'rb') as f: - actual_file_data = f.read() - with open(expected_file_unzipped, 'rb') as f: - expected_data = f.read() - shutil.rmtree(_dir) - # - ensure that the saved file has expected content data - assert expected_data == actual_file_data, 'failed extracting ' + zipped_file_path - else: - assert len("This doesn't work on the old docker image") > 1 + file_name = 'Untitled_document.pdf' + main_dir = '/'.join(__file__.split('/')[0:-1]) + expected_file_unzipped = os.path.join(main_dir + '/data_test', file_name) + zipped_file_path = expected_file_unzipped + '.rar' + # Creation of file object + zipped_file_object = { + 'name': 'Untitled_document.pdf.rar', + 'path': zipped_file_path + } + # - empty folder _di + _dir = mkdtemp() + # When + # - run extract on that zip file and export the internal files to _dir + extract(zipped_file_object, _dir) + # Then + # - ensure rar file content have been saved at _dir directory with the original filename + with open(_dir + '/' + file_name, 'rb') as f: + actual_file_data = f.read() + with open(expected_file_unzipped, 'rb') as f: + expected_data = f.read() + shutil.rmtree(_dir) + # - ensure that the saved file has expected content data + assert expected_data == actual_file_data, 'failed extracting ' + zipped_file_path def test_extract_tarfile(): diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 951e164faf21..d7c21fb0842c 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.11.84", + "currentVersion": "1.11.85", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 2ae439ff3b712290a93768b5331ff95e27870766 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 20:50:00 +0300 Subject: [PATCH 038/124] [greynoise-266] - Add greynoise-similar and greynoise-timeline commands (#27067) (#27291) * add sim and timeline updates * fix test file prints * update readme fix tests * updates to readme for pre-commit * updates from pre-commit run * more linting updates * update secrets * fix url in timeline Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> --- Packs/GreyNoise/.secrets-ignore | 7 + .../Integrations/GreyNoise/GreyNoise.py | 209 ++++++- .../Integrations/GreyNoise/GreyNoise.yml | 79 ++- .../GreyNoise/GreyNoise_description.md | 5 +- .../Integrations/GreyNoise/GreyNoise_test.py | 67 ++- .../Integrations/GreyNoise/README.md | 539 ++++++++++++------ .../GreyNoise/test_data/input_data.py | 133 ++++- .../{quick_check.md => quick_check.txt} | 0 .../GreyNoise_Community.py | 2 +- .../GreyNoise_Community_description.md | 5 +- .../GreyNoise_Community/README.md | 12 +- .../Calculate_Severity_-_GreyNoise_README.md | 16 +- ...ress_Network_Traffic_-_GreyNoise_README.md | 8 + ...ress_Network_Traffic_-_GreyNoise_README.md | 8 + .../IP_Reputation-GreyNoise_README.md | 8 + Packs/GreyNoise/README.md | 3 + Packs/GreyNoise/ReleaseNotes/1_0_1.md | 2 + Packs/GreyNoise/ReleaseNotes/1_0_2.md | 2 + Packs/GreyNoise/ReleaseNotes/1_0_3.md | 2 + Packs/GreyNoise/ReleaseNotes/1_0_4.md | 4 + Packs/GreyNoise/ReleaseNotes/1_0_5.md | 4 + Packs/GreyNoise/ReleaseNotes/1_1_0.md | 4 + Packs/GreyNoise/ReleaseNotes/1_1_1.md | 4 + Packs/GreyNoise/ReleaseNotes/1_1_2.md | 4 + Packs/GreyNoise/ReleaseNotes/1_2_0.md | 4 + Packs/GreyNoise/ReleaseNotes/1_2_1.md | 4 + Packs/GreyNoise/ReleaseNotes/1_2_10.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_2.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_3.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_4.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_5.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_6.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_7.md | 2 + Packs/GreyNoise/ReleaseNotes/1_2_9.md | 1 + Packs/GreyNoise/ReleaseNotes/1_3_0.md | 12 + Packs/GreyNoise/pack_metadata.json | 2 +- 36 files changed, 948 insertions(+), 216 deletions(-) rename Packs/GreyNoise/Integrations/GreyNoise/test_data/{quick_check.md => quick_check.txt} (100%) create mode 100644 Packs/GreyNoise/ReleaseNotes/1_3_0.md diff --git a/Packs/GreyNoise/.secrets-ignore b/Packs/GreyNoise/.secrets-ignore index 99ef47c3bcab..0bf564c623cc 100644 --- a/Packs/GreyNoise/.secrets-ignore +++ b/Packs/GreyNoise/.secrets-ignore @@ -23,3 +23,10 @@ https://greynoise.io https://www.greynoise.io 66.249.68.82 103.21.244.0 +121.239.23.85 +1.145.159.157 +45.95.147.229 +61.30.129.190 +59.88.225.2 +1.1.2.2 +45.164.214.212 diff --git a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.py b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.py index 50ab0f1839db..2270975b4843 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.py +++ b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.py @@ -9,7 +9,6 @@ import copy from typing import Tuple, Dict, Any from greynoise import GreyNoise, exceptions, util # type: ignore -from greynoise.exceptions import RequestFailure, RateLimitError # type: ignore # Disable insecure warnings urllib3.disable_warnings() @@ -17,7 +16,7 @@ """ CONSTANTS """ -TIMEOUT = 10 +TIMEOUT = 30 PRETTY_KEY = { "ip": "IP", "first_seen": "First Seen", @@ -33,24 +32,30 @@ "city": "City", "country": "Country", "country_code": "Country Code", + "destination_countries": "Destination Countries", + "destination_country_codes": "Destination Country Codes", "organization": "Organization", "category": "Category", + "sensor_count": "Sensor Count", + "sensor_hits": "Sensor Hits", + "source_country": "Source Country", + "source_country_code": "Source Country Code", "tor": "Tor", - "rdns": "RDNS", + "rdns": "rDNS", "os": "OS", "region": "Region", "vpn": "VPN", "vpn_service": "VPN Service", - "raw_data": "raw_data", - "scan": "scan", - "port": "port", - "protocol": "protocol", - "web": "web", - "paths": "paths", - "useragents": "useragents", + "raw_data": "Raw Data", + "scan": "Scan", + "port": "Port", + "protocol": "Protocol", + "web": "Web", + "paths": "Paths", + "useragents": "User-Agents", "ja3": "ja3", "fingerprint": "fingerprint", - "hassh": "hassh", + "hassh": "HASSH", "bot": "BOT", } IP_CONTEXT_HEADERS = [ @@ -66,6 +71,27 @@ "First Seen", "Last Seen", ] +SIMILAR_HEADERS = [ + "IP", + "Score", + "Classification", + "Actor", + "Organization", + "Source Country", + "Last Seen", + "Similarity Features" +] +TIMELINE_HEADERS = [ + "Date", + "Classification", + "Tags", + "rDNS", + "Organization", + "ASN", + "Ports", + "Web Paths", + "User Agents", +] RIOT_HEADERS = ["IP", "Category", "Name", "Trust Level", "Description", "Last Updated"] API_SERVER = util.DEFAULT_CONFIG.get("api_server") IP_QUICK_CHECK_HEADERS = ["IP", "Noise", "RIOT", "Code", "Code Description"] @@ -74,7 +100,8 @@ "spoofable": "Spoofable", "organizations": "Organizations", "actors": "Actors", - "countries": "Countries", + "source_countries": "Source Countries", + "destination_countries": "Destination Countries", "tags": "Tags", "operating_systems": "Operating Systems", "categories": "Categories", @@ -102,14 +129,12 @@ "COMMAND_FAIL": "Failed to execute {} command.\n Error: {}", "SERVER_ERROR": "The server encountered an internal error for GreyNoise and was unable to complete your request.", "CONNECTION_TIMEOUT": "Connection timed out. Check your network connectivity.", - "PROXY": "Proxy Error - cannot connect to proxy. Either try clearing the " - "'Use system proxy' check-box or check the host, " - "authentication details and connection details for the proxy.", + "PROXY": "Proxy Error - cannot connect to proxy. Either try clearing the 'Use system proxy' check-box or check " + "the host, authentication details and connection details for the proxy.", "INVALID_RESPONSE": "Invalid response from GreyNoise. Response: {}", "QUERY_STATS_RESPONSE": "GreyNoise request failed. Reason: {}", } - """ CLIENT CLASS """ @@ -131,10 +156,10 @@ def authenticate(self): f"Invalid API Offering ({response['offering']})or Expiration Date ({expiration_date})" ) - except RateLimitError: + except exceptions.RateLimitError: raise DemistoException(EXCEPTION_MESSAGES["API_RATE_LIMIT"]) - except RequestFailure as err: + except exceptions.RequestFailure as err: status_code = err.args[0] body = str(err.args[1]) @@ -245,7 +270,7 @@ def get_ip_context_data(responses: list) -> list: def get_ip_reputation_score(classification: str) -> Tuple[int, str]: - """Get DBot score and human readable of score. + """Get DBot score and human-readable of score. :type classification: ``str`` :param classification: classification of ip provided from GreyNoise. @@ -746,6 +771,8 @@ def stats_command(client: Client, args: dict) -> Any: hr_list: list = [] if value is None: continue + if key == "countries": + continue for rec in value: hr_rec: dict = {} header = [] @@ -767,6 +794,140 @@ def stats_command(client: Client, args: dict) -> Any: ) +@exception_handler +@logger +def similarity_command(client: Client, args: dict) -> Any: + """Get similarity information for a specified IP. + + :type client: ``Client`` + :param client: Client object for interaction with GreyNoise. + + :type args: ``dict`` + :param args: All command arguments, usually passed from ``demisto.args()``. + + :return: A ``CommandResults`` object that is then passed to ``return_results``, + that contains the IP information. + :rtype: ``CommandResults`` + """ + ip = args.get("ip", "") + min_score = args.get("minimum_score", 90) + limit = args.get("maximum_results", 50) + if isinstance(min_score, str): + min_score = int(min_score) + if isinstance(limit, str): + limit = int(limit) + response = client.similar(ip, min_score=min_score, limit=limit) + original_response = copy.deepcopy(response) + response = remove_empty_elements(response) + if not isinstance(response, dict): + raise DemistoException(EXCEPTION_MESSAGES["INVALID_RESPONSE"].format(response)) + + if response.get("similar_ips"): + tmp_response = [] + for sim_ip in response.get("similar_ips", []): + modified_sim_ip = copy.deepcopy(sim_ip) + modified_sim_ip["IP"] = sim_ip.get("ip") + modified_sim_ip["Score"] = sim_ip.get("score", "0") * 100 + modified_sim_ip["Classification"] = sim_ip.get("classification") + modified_sim_ip["Actor"] = sim_ip.get("actor") + modified_sim_ip["Organization"] = sim_ip.get("organization") + modified_sim_ip["Source Country"] = sim_ip.get("source_country") + modified_sim_ip["Last Seen"] = sim_ip.get("last_seen") + modified_sim_ip["Similarity Features"] = sim_ip.get("features") + tmp_response.append(modified_sim_ip) + + human_readable = f"### IP: {ip} - Similar Internet Scanners found in GreyNoise\n" + human_readable += f'#### Total Similar IPs with Score above {min_score}%: {response.get("total")}\n' + if response.get('total', 0) > limit: + human_readable += f'##### Displaying {limit} results below. To see all results, visit the GreyNoise ' \ + f'Visualizer.\n ' + + human_readable += tableToMarkdown( + name="GreyNoise Similar IPs", t=tmp_response, headers=SIMILAR_HEADERS, removeNull=True + ) + + similarity_link = f"https://viz.greynoise.io/ip-similarity/{ip}" + human_readable += f"\n*To view the detailed similarity result please click [here]({similarity_link}).*" + + elif response["message"] == "ip not found": + human_readable = "### GreyNoise Similarity Lookup returned No Results." + viz_link = f"https://viz.greynoise.io/ip/{ip}" + human_readable += f"\n*To view this IP on the GreyNoise Visualizer please click [here]({viz_link}).*" + + return CommandResults( + outputs_prefix="GreyNoise.Similar", + outputs_key_field="ip", + readable_output=human_readable, outputs=remove_empty_elements(response), raw_response=original_response + ) + + +@exception_handler +@logger +def timeline_command(client: Client, args: dict) -> Any: + """Get timeline information for a specified IP. + + :type client: ``Client`` + :param client: Client object for interaction with GreyNoise. + + :type args: ``dict`` + :param args: All command arguments, usually passed from ``demisto.args()``. + + :return: A ``CommandResults`` object that is then passed to ``return_results``, + that contains the IP information. + :rtype: ``CommandResults`` + """ + ip = args.get("ip", "") + days = args.get("days", 30) + limit = args.get("maximum_results", 50) + if isinstance(days, str): + days = int(days) + if isinstance(limit, str): + limit = int(limit) + response = client.timelinedaily(ip, days=days, limit=limit) + original_response = copy.deepcopy(response) + response = remove_empty_elements(response) + if not isinstance(response, dict): + raise DemistoException(EXCEPTION_MESSAGES["INVALID_RESPONSE"].format(response)) + + if response.get("activity"): + tmp_response = [] + for activity in response.get("activity", []): + modified_activity = copy.deepcopy(activity) + modified_activity["Date"] = activity.get("timestamp").split("T")[0] + modified_activity["Classification"] = activity.get("classification") + tag_names = [tag["name"] for tag in activity.get("tags", [])] + modified_activity["Tags"] = tag_names + modified_activity["rDNS"] = activity.get("rdns") + modified_activity["Organization"] = activity.get("organization") + modified_activity["ASN"] = activity.get("asn") + ports = [str(item["port"]) + "/" + str(item["transport_protocol"]) for item in activity.get("protocols", [])] + modified_activity["Ports"] = ports + modified_activity["Web Paths"] = activity.get("http_paths") + modified_activity["User Agents"] = activity.get("http_user_agents") + tmp_response.append(modified_activity) + + human_readable = f"### IP: {ip} - GreyNoise IP Timeline\n" + + human_readable += tableToMarkdown( + name="Internet Scanner Timeline Details - Daily Activity Summary", t=tmp_response, headers=TIMELINE_HEADERS, + removeNull=True + ) + + timeline_link = f"https://viz.greynoise.io/ip/{ip}?view=timeline" + human_readable += f"\n*To view the detailed timeline result please click [here]({timeline_link}).*" + + else: + human_readable = "### GreyNoise IP Timeline Returned No Results." + viz_link = f"https://viz.greynoise.io/ip/{ip}" + human_readable += f"\n*To view this IP on the GreyNoise Visualizer please click [here]({viz_link}).*" + + return CommandResults( + outputs_prefix="GreyNoise.Timeline", + outputs_key_field="ip", + readable_output=human_readable, outputs=remove_empty_elements(response), raw_response=original_response + ) + + @exception_handler @logger def riot_command(client: Client, args: Dict, reliability: str) -> CommandResults: @@ -963,7 +1124,7 @@ def main() -> None: else: packs = [] - pack_version = "1.2.0" + pack_version = "1.3.0" if isinstance(packs, list): for pack in packs: if pack["name"] == "GreyNoise": @@ -1010,6 +1171,14 @@ def main() -> None: result = stats_command(client, demisto.args()) return_results(result) + elif demisto.command() == "greynoise-similarity": + result = similarity_command(client, demisto.args()) + return_results(result) + + elif demisto.command() == "greynoise-timeline": + result = timeline_command(client, demisto.args()) + return_results(result) + elif demisto.command() == "greynoise-query": result = query_command(client, demisto.args()) return_results(result) diff --git a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml index f7f501f30e41..8748e1d5d8ac 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml +++ b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml @@ -432,6 +432,18 @@ script: - contextPath: GreyNoise.Stats.stats.countries.count description: Country count. type: number + - contextPath: GreyNoise.Stats.stats.source_countries.country + description: Country name. + type: string + - contextPath: GreyNoise.Stats.stats.source_countries.count + description: Country count. + type: number + - contextPath: GreyNoise.Stats.stats.destination_countries.country + description: Country name. + type: string + - contextPath: GreyNoise.Stats.stats.destination_countries.count + description: Country count. + type: number - contextPath: GreyNoise.Stats.stats.tags.tag description: Tag name. type: string @@ -606,7 +618,72 @@ script: - contextPath: GreyNoise.IP.bot description: Whether the IP is associated with known bot activity or not. Common examples include credential stuffing, content scraping, or brute force attacks. type: Boolean - dockerimage: demisto/greynoise:1.0.0.30638 + - name: greynoise-similarity + deprecated: false + description: >- + Search for similar internet scanner IPs found in the GreyNoise Noise + (internet scanner) dataset. + execution: false + arguments: + - name: ip + default: true + description: IP address to find similar IPs to + isArray: false + required: true + secret: false + - name: minimum_score + default: false + description: >- + The minimum similarity score to match to. Value between 80 and 100. + Default value is 90. + isArray: false + required: false + secret: false + defaultValue: '90' + - name: maximum_results + default: false + description: The maximum number of results to return. Default value is 50. + isArray: false + required: false + secret: false + defaultValue: '50' + outputs: + - contextPath: GreyNoise.Similar.ip_address + description: Similar IP address. + type: string + - name: greynoise-timeline + deprecated: false + description: >- + Retrieve daily scanner timeline information for an Internet Scanner. + execution: false + arguments: + - name: ip + default: true + description: IP address to find similar IPs to + isArray: false + required: true + secret: false + - name: days + default: false + description: >- + The number of days to retrieve daily summaries for. Value between 1 and 90. + Default value is 30. + isArray: false + required: false + secret: false + defaultValue: '30' + - name: maximum_results + default: false + description: The maximum number of results to return. Default value is 50. + isArray: false + required: false + secret: false + defaultValue: '50' + outputs: + - contextPath: GreyNoise.Timeline.ip_address + description: Timeline IP address. + type: string + dockerimage: demisto/greynoise:1.0.0.61972 feed: false isfetch: false longRunning: false diff --git a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_description.md b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_description.md index 1fa6fc11d78d..4c8ec7ac5264 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_description.md +++ b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_description.md @@ -3,5 +3,6 @@ To use GreyNoise on Cortex XSOAR, retrieve your user account's API key and enter it in the integration's configuration. #### Configure an API account on GreyNoise - - [Login](https://viz.greynoise.io/login) / [Register](https://viz.greynoise.io/signup) at GreyNoise - - Once signed in, go to [Account Settings](https://viz.greynoise.io/account/) to get the API Key. + +- [Login](https://viz.greynoise.io/login) / [Register](https://viz.greynoise.io/signup) at GreyNoise +- Once signed in, go to [Account Settings](https://viz.greynoise.io/account/) to get the API Key. diff --git a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_test.py b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_test.py index 15250a5b0665..102992c9248e 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_test.py +++ b/Packs/GreyNoise/Integrations/GreyNoise/GreyNoise_test.py @@ -13,6 +13,8 @@ stats_command_data, riot_command_response_data, context_command_response_data, + similar_command_response_data, + timeline_command_response_data, ) @@ -72,7 +74,7 @@ def test_test_module(api_key, api_response, status_code, expected_output, mocker @pytest.mark.parametrize("args, test_scenario, api_response, status_code, expected_output", ip_reputation_command_data) def test_ip_reputation_command(args, test_scenario, api_response, status_code, expected_output, mocker): """ - Tests various combinations of vald and invalid responses for IPReputation command. + Tests various combinations of valid and invalid responses for IPReputation command. """ client = GreyNoise.Client("true_api_key", "dummy_server", 10, "proxy", False, "dummy_integration") reliability = "B - Usually reliable" @@ -96,19 +98,19 @@ def test_ip_quick_check_command(args, test_scenario, api_response, status_code, client = GreyNoise.Client("true_api_key", "dummy_server", 10, "proxy", False, "dummy_integration") dummy_response = DummyResponse({"Content-Type": "application/json"}, json.dumps(api_response), status_code) if test_scenario == "positive": - mocker.patch("requests.Session.get", return_value=dummy_response) + mocker.patch("requests.Session.post", return_value=dummy_response) response = GreyNoise.ip_quick_check_command(client, args) assert response.outputs == expected_output elif test_scenario == "negative" and status_code == 200: - mocker.patch("requests.Session.get", return_value=dummy_response) + mocker.patch("requests.Session.post", return_value=dummy_response) response = GreyNoise.ip_quick_check_command(client, args) - with open("test_data/quick_check.md") as f: + with open("test_data/quick_check.txt") as f: expected_hr = f.read() assert response.readable_output == expected_hr elif test_scenario == "negative": - mocker.patch("requests.Session.get", return_value=dummy_response) + mocker.patch("requests.Session.post", return_value=dummy_response) with pytest.raises(Exception) as err: _ = GreyNoise.ip_quick_check_command(client, args) assert str(err.value) == expected_output @@ -223,5 +225,58 @@ def test_context_command(mocker, args, test_scenario, api_response, status_code, mocker.patch("requests.Session.get", return_value=dummy_response) with pytest.raises(Exception) as err: _ = GreyNoise.ip_reputation_command(client, args, reliability) - print("this is err: " + str(err)) + assert str(err.value) == expected_output + + +@pytest.mark.parametrize( + "args, test_scenario, api_response, status_code, expected_output", similar_command_response_data +) +def test_similar_command(mocker, args, test_scenario, api_response, status_code, expected_output): + """ + Test various inputs for context command + """ + client = GreyNoise.Client( + api_key="true_api_key", + api_server="dummy_server", + timeout=10, + proxy="proxy", + use_cache=False, + integration_name="dummy_integration", + ) + dummy_response = DummyResponse({"Content-Type": "application/json"}, json.dumps(expected_output), status_code) + mocker.patch("requests.Session.get", return_value=dummy_response) + if test_scenario == "positive": + response = GreyNoise.similarity_command(client, args) + assert response.outputs == expected_output + else: + mocker.patch("requests.Session.get", return_value=dummy_response) + with pytest.raises(Exception) as err: + _ = GreyNoise.similarity_command(client, args) + assert str(err.value) == expected_output + + +@pytest.mark.parametrize( + "args, test_scenario, api_response, status_code, expected_output", timeline_command_response_data +) +def test_timeline_command(mocker, args, test_scenario, api_response, status_code, expected_output): + """ + Test various inputs for context command + """ + client = GreyNoise.Client( + api_key="true_api_key", + api_server="dummy_server", + timeout=10, + proxy="proxy", + use_cache=False, + integration_name="dummy_integration", + ) + dummy_response = DummyResponse({"Content-Type": "application/json"}, json.dumps(expected_output), status_code) + mocker.patch("requests.Session.get", return_value=dummy_response) + if test_scenario == "positive": + response = GreyNoise.timeline_command(client, args) + assert response.outputs == expected_output + else: + mocker.patch("requests.Session.get", return_value=dummy_response) + with pytest.raises(Exception) as err: + _ = GreyNoise.timeline_command(client, args) assert str(err.value) == expected_output diff --git a/Packs/GreyNoise/Integrations/GreyNoise/README.md b/Packs/GreyNoise/Integrations/GreyNoise/README.md index 6d4dd72b6f85..ffcc7bf576b2 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/README.md +++ b/Packs/GreyNoise/Integrations/GreyNoise/README.md @@ -1,6 +1,6 @@ GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats. -This integration was integrated and tested with version 0.7.0 of GreyNoise. -Supported Cortex XSOAR versions: 5.0.0 and later. +This integration was integrated and tested with version 2.0.1 of the GreyNoise SDK. +Supported Cortex XSOAR versions: 5.5.0 and later. ## Configure GreyNoise on Cortex XSOAR @@ -15,10 +15,14 @@ Supported Cortex XSOAR versions: 5.0.0 and later. | proxy | Use system proxy settings | False | 4. Click **Test** to validate the URLs, token, and connection. + ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. + ### ip + *** Runs reputation on IPs. @@ -26,6 +30,7 @@ Runs reputation on IPs. #### Base Command `ip` + #### Input | **Argument Name** | **Description** | **Required** | @@ -35,72 +40,83 @@ Runs reputation on IPs. #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| DBotScore.Indicator | String | The indicator that was tested. | -| DBotScore.Score | Number | The actual score. | -| DBotScore.Type | String | The indicator type. | -| DBotScore.Vendor | String | The vendor used to calculate the score. | -| IP.Address | string | IP address. | -| IP.ASN | string | The autonomous system name for the IP address. | -| IP.Hostname | string | The hostname that is mapped to IP address. | -| IP.Geo.Country | string | The country in which the IP address is located. | -| IP.Geo.Description | string | Additional information about the location such as city and region. | -| IP.Malicious.Vendor | string | The vendor reporting the IP address as malicious. | -| IP.Malicious.Description | string | A description explaining why the IP address was reported as malicious. | -| GreyNoise.IP.address | string | The IP address of the scanning device IP. | -| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | -| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | -| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | -| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | -| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | -| GreyNoise.IP.cve | array | CVEs associated with IP. | -| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | -| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | -| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | -| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | -| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | -| GreyNoise.IP.metadata.country | string | The full name of the country. | -| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | -| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | -| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | -| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | -| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | -| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | -| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | -| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | -| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | -| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | -| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | -| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | -| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | -| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | +| **Path** | **Type** | **Description** | +|-------------------------------------------------|----------|---------------------------------------------------------------------------------------| +| DBotScore.Indicator | String | The indicator that was tested. | +| DBotScore.Score | Number | The actual score. | +| DBotScore.Type | String | The indicator type. | +| DBotScore.Vendor | String | The vendor used to calculate the score. | +| IP.Address | string | IP address. | +| IP.ASN | string | The autonomous system name for the IP address. | +| IP.Hostname | string | The hostname that is mapped to IP address. | +| IP.Geo.Country | string | The country in which the IP address is located. | +| IP.Geo.Description | string | Additional information about the location such as city and region. | +| IP.Malicious.Vendor | string | The vendor reporting the IP address as malicious. | +| IP.Malicious.Description | string | A description explaining why the IP address was reported as malicious. | +| GreyNoise.IP.address | string | The IP address of the scanning device IP. | +| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | +| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | +| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | +| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | +| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | +| GreyNoise.IP.cve | array | CVEs associated with IP. | +| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | +| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | +| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | +| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | +| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | +| GreyNoise.IP.metadata.country | string | The full name of the country. | +| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.source_country | string | The full name of the country. | +| GreyNoise.IP.metadata.source_country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.destination_countries | string | The list of countries with observed scanning, by country name. | +| GreyNoise.IP.metadata.destination_country_codes | string | The list of countries with observed scanning, by two-character country code. | +| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | +| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | +| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | +| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | +| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | +| GreyNoise.IP.metadata.sensor_hits | string | The number of GreyNoise sensors that observed scanning. | +| GreyNoise.IP.metadata.sensor_count | string | The number of scanning events observed. | +| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | +| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | +| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | +| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | +| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | +| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | +| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | +| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | #### Command Example + ``` !ip "66.249.68.82" ``` #### Human Readable Output -###IP: 66.249.68.82 found with Noise Reputation: Good -###GreyNoise Context IP Lookup +### IP: 66.249.68.82 found with Noise Reputation: Good + +### GreyNoise Context IP Lookup |IP|Classification|Actor|Tags|Spoofable|VPN|BOT|Tor|First Seen|Last Seen| |---|---|---|---|---|---|---|---|---|---| -| [66.249.68.82](https://www.greynoise.io/viz/ip/66.249.68.82) | benign | GoogleBot | TLS/SSL Crawler, Web Crawler | false | false | false | false | 2021-05-30 | 2021-09-16 | +| 66.249.68.82| benign | GoogleBot | TLS/SSL Crawler, Web Crawler | false | false | false | false | 2021-05-30 | 2021-09-16 | + +### IP: 66.249.68.82 found with RIOT Reputation: Good -###IP: 66.249.68.82 found with RIOT Reputation: Good -###Belongs to Common Business Service: Google -###GreyNoise RIOT IP Lookup +### Belongs to Common Business Service: Google + +### GreyNoise RIOT IP Lookup |IP|Category|Name|Trust Level|Description|Last Updated| |---|---|---|---|---|---| -| [66.249.68.82](https://www.greynoise.io/viz/riot/66.249.68.82) | software | Google | 1 - Reasonably Ignore | Google LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, a search engine, cloud computing, software, and hardware. | 2021-09-16T17:53:00Z| +| 66.249.68.82 | software | Google | 1 - Reasonably Ignore | Google LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, a search engine, cloud computing, software, and hardware. | 2021-09-16T17:53:00Z| ### greynoise-ip-quick-check + *** Check whether a given IP address is "Internet background noise", or has been observed scanning or attacking devices across the Internet. Note: It checks against the last 60 days of Internet scanner data. @@ -108,6 +124,7 @@ Check whether a given IP address is "Internet background noise", or has been obs #### Base Command `greynoise-ip-quick-check` + #### Input | **Argument Name** | **Description** | **Required** | @@ -127,16 +144,20 @@ Check whether a given IP address is "Internet background noise", or has been obs #### Command Example + ``` !greynoise-ip-quick-check ip="45.83.65.120,45.83.66.18" ``` #### Human Readable Output + ### IP Quick Check Details + |IP|Noise|Code|Code Description| |---|---|---|---| -| [45.83.66.18](https://viz.greynoise.io/ip/45.83.66.18) | true | 0x01 | IP has been observed by the GreyNoise sensor network | -| [45.83.65.120](https://viz.greynoise.io/ip/45.83.65.120) | true | 0x01 | IP has been observed by the GreyNoise sensor network | +| 45.83.66.18 | true | 0x01 | IP has been observed by the GreyNoise sensor network | +| 45.83.65.120| true | 0x01 | IP has been observed by the GreyNoise sensor network | ### greynoise-query + *** Get the information of IP based on the providence filters. @@ -144,79 +165,93 @@ Get the information of IP based on the providence filters. #### Base Command `greynoise-query` + #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| classification | Classification of the device like unknown, benign, malicious. Possible values are: unknown, benign, malicious. | Optional | -| spoofable | Whether the IP is spoofable or not. Possible values are: true, false. | Optional | -| actor | The benign actor the device has been associated with. | Optional | -| size | Maximum amount of results to grab. Default is 10. | Optional | -| advanced_query | GNQL query to filter records.
Note: It merges other arguments and takes higher precedence over the same argument if supplied.
Example:
malicious,
spoofable:false SSH Scanner,
spoofable:false classification:benign tags:POP3 Scanner cve:CVE-2010-0103. | Optional | -| next_token | Scroll token to paginate through results. | Optional | -| last_seen | The date the device was most recently observed by GreyNoise. Example: 1d, 2d, 12h, or 1m. | Optional | -| organization | The organization that owns the network that the IP address belongs to. | Optional | +| **Argument Name** | **Description** | **Required** | +| --- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- | +| classification | Classification of the device like unknown, benign, malicious. Possible values are: unknown, benign, malicious. | Optional | +| spoofable | Whether the IP is spoofable or not. Possible values are: true, false. | Optional | +| actor | The benign actor the device has been associated with. | Optional | +| size | Maximum amount of results to grab. Default is 10. | Optional | +| advanced_query | GNQL query to filter records. Note: It merges other arguments and takes higher precedence over the same argument if supplied. Example: malicious, spoofable:false SSH Scanner, spoofable:false classification:benign tags:POP3 Scanner cve:CVE-2010-0103. | Optional | +| next_token | Scroll token to paginate through results. | Optional | +| last_seen | The date the device was most recently observed by GreyNoise. Example: 1d, 2d, 12h, or 1m. | Optional | +| organization | The organization that owns the network that the IP address belongs to. | Optional | #### Advance Query + GNQL (GreyNoise Query Language) is a domain-specific query language that uses Lucene deep under the hood. -For more information on the syntax to write GNQL of argument `advanced_query`, click [here](https://developer.greynoise.io/reference#gnql-1). +For more information on the syntax to write GNQL of argument `advanced_query`, visit . #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| GreyNoise.IP.address | string | The IP address of the scanning device IP. | -| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | -| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | -| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | -| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | -| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | -| GreyNoise.IP.cve | array | CVEs associated with IP. | -| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | -| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | -| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | -| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | -| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | -| GreyNoise.IP.metadata.country | string | The full name of the country. | -| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | -| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | -| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | -| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | -| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | -| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | -| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | -| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | -| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | -| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | -| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | -| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | -| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | -| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | -| GreyNoise.Query.complete | boolean | Whether all results have been fetched or not. | -| GreyNoise.Query.count | number | Count of the total matching records. | -| GreyNoise.Query.message | string | Message from the API response. | -| GreyNoise.Query.query | string | Query which was used to filter the records. | -| GreyNoise.Query.scroll | string | Scroll token to paginate through results. | -| GreyNoise.IP.bot | boolean | Whether the IP is associated with known bot activity or not. Common examples include credential stuffing, content scraping, or brute force attacks. | +| **Path** | **Type** | **Description** | +|-------------------------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------| +| GreyNoise.IP.address | string | The IP address of the scanning device IP. | +| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | +| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | +| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | +| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | +| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | +| GreyNoise.IP.cve | array | CVEs associated with IP. | +| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | +| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | +| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | +| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | +| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | +| GreyNoise.IP.metadata.country | string | The full name of the country. | +| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.source_country | string | The full name of the country. | +| GreyNoise.IP.metadata.source_country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.destination_countries | string | The list of countries with observed scanning, by country name. | +| GreyNoise.IP.metadata.destination_country_codes | string | The list of countries with observed scanning, by two-character country code. | +| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | +| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | +| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | +| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | +| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | +| GreyNoise.IP.metadata.sensor_hits | string | The number of GreyNoise sensors that observed scanning. | +| GreyNoise.IP.metadata.sensor_count | string | The number of scanning events observed. | +| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | +| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | +| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | +| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | +| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | +| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | +| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | +| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | +| GreyNoise.Query.complete | boolean | Whether all results have been fetched or not. | +| GreyNoise.Query.count | number | Count of the total matching records. | +| GreyNoise.Query.message | string | Message from the API response. | +| GreyNoise.Query.query | string | Query which was used to filter the records. | +| GreyNoise.Query.scroll | string | Scroll token to paginate through results. | +| GreyNoise.IP.bot | boolean | Whether the IP is associated with known bot activity or not. Common examples include credential stuffing, content scraping, or brute force attacks. | #### Command Example + ``` !greynoise-query spoofable=true size=1 advanced_query="spoofable:false" ``` #### Human Readable Output + ### Total findings: 2846548 + ### IP Context -|IP|Classification|Actor|CVE|Spoofable|VPN|First Seen|Last Seen| -|---|---|---|---|---|---|---|---| -| [71.6.135.131](https://viz.greynoise.io/ip/71.6.135.131) | benign | Shodan.io | CVE-1999-0526,
CVE-2013-6117,
CVE-2019-0708 | false | false | 2017-09-20 | 2021-02-03 | + +| IP |Classification|Actor| CVE |Spoofable|VPN|First Seen|Last Seen| +|---------------|---|---|---------------------------------------------|---|---|---|---| +| 71.6.135.131 | benign | Shodan.io | CVE-1999-0526 ,CVE-2013-6117, CVE-2019-0708 | false | false | 2017-09-20 | 2021-02-03 | ### Next Page Token: + DnF1ZXJ5VGhlbkZldGNoBQAAAAAcV1_HFkFKSExEdUc4VEtta2 -*To view the detailed query result please click [here](https://viz.greynoise.io/query/?gnql=spoofable:false).* +*To view the detailed query result please click here.* ### greynoise-stats + *** Get aggregate statistics for the top organizations, actors, tags, ASNs, countries, classifications, and operating systems of all the results of a given GNQL query. @@ -224,6 +259,7 @@ Get aggregate statistics for the top organizations, actors, tags, ASNs, countrie #### Base Command `greynoise-stats` + #### Input | **Argument Name** | **Description** | **Required** | @@ -232,90 +268,114 @@ Get aggregate statistics for the top organizations, actors, tags, ASNs, countrie | spoofable | Whether the IP is spoofable or not. Possible values are: true, false. | Optional | | actor | The benign actor the device has been associated with. | Optional | | size | Maximum amount of results to grab. Default is 10. | Optional | -| advanced_query | GNQL query to filter records.
Note: It merges other arguments and takes higher precedence over the same argument if supplied.
Example:
malicious,
spoofable:false SSH Scanner,
spoofable:false classification:benign tags:POP3 Scanner cve:CVE-2010-0103. | Optional | +| advanced_query | GNQL query to filter records. Note: It merges other arguments and takes higher precedence over the same argument if supplied. Example: malicious, spoofable:false SSH Scanner, spoofable:false classification:benign tags:POP3 Scanner cve:CVE-2010-0103. | Optional | | last_seen | The date the device was most recently observed by GreyNoise. Example: 1d, 2d, 12h, or 1m. | Optional | | organization | The organization that owns the network that the IP address belongs to. | Optional | #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| GreyNoise.Stats.query | string | The query which was used to filter the records. | -| GreyNoise.Stats.count | number | Count of total aggregated records. | -| GreyNoise.Stats.stats.classifications.classification | string | Classification name. | -| GreyNoise.Stats.stats.classifications.count | number | Classification count. | -| GreyNoise.Stats.stats.spoofable.spoofable | boolean | Whether records are spoofable or not. | -| GreyNoise.Stats.stats.spoofable.count | number | Spoofable count. | -| GreyNoise.Stats.stats.organizations.organization | string | Organization name. | -| GreyNoise.Stats.stats.organizations.count | number | Organization count. | -| GreyNoise.Stats.stats.actors.actor | string | Actor name. | -| GreyNoise.Stats.stats.actors.count | number | Actor count. | -| GreyNoise.Stats.stats.countries.country | string | Country name. | -| GreyNoise.Stats.stats.countries.count | number | Country count. | -| GreyNoise.Stats.stats.tags.tag | string | Tag name. | -| GreyNoise.Stats.stats.tags.count | number | Tag count. | +| **Path** | **Type** | **Description** | +|----------------------------------------------------------| --- | --- | +| GreyNoise.Stats.query | string | The query which was used to filter the records. | +| GreyNoise.Stats.count | number | Count of total aggregated records. | +| GreyNoise.Stats.stats.classifications.classification | string | Classification name. | +| GreyNoise.Stats.stats.classifications.count | number | Classification count. | +| GreyNoise.Stats.stats.spoofable.spoofable | boolean | Whether records are spoofable or not. | +| GreyNoise.Stats.stats.spoofable.count | number | Spoofable count. | +| GreyNoise.Stats.stats.organizations.organization | string | Organization name. | +| GreyNoise.Stats.stats.organizations.count | number | Organization count. | +| GreyNoise.Stats.stats.actors.actor | string | Actor name. | +| GreyNoise.Stats.stats.actors.count | number | Actor count. | +| GreyNoise.Stats.stats.countries.country | string | Country name. | +| GreyNoise.Stats.stats.countries.count | number | Country count. | +| GreyNoise.Stats.stats.source_countries.country | string | Country name. | +| GreyNoise.Stats.stats.source_countries.count | number | Country count. | +| GreyNoise.Stats.stats.destination_countries.country | string | Country name. | +| GreyNoise.Stats.stats.destination_countries.count | number | Country count. | +| GreyNoise.Stats.stats.tags.tag | string | Tag name. | +| GreyNoise.Stats.stats.tags.count | number | Tag count. | | GreyNoise.Stats.stats.operating_systems.operating_system | string | Operating system name. | -| GreyNoise.Stats.stats.operating_systems.count | number | Operating system count. | -| GreyNoise.Stats.stats.categories.category | string | Category name. | -| GreyNoise.Stats.stats.categories.count | number | Category count. | -| GreyNoise.Stats.stats.asns.asn | string | Asn name. | -| GreyNoise.Stats.stats.asns.count | number | Asn count. | +| GreyNoise.Stats.stats.operating_systems.count | number | Operating system count. | +| GreyNoise.Stats.stats.categories.category | string | Category name. | +| GreyNoise.Stats.stats.categories.count | number | Category count. | +| GreyNoise.Stats.stats.asns.asn | string | Asn name. | +| GreyNoise.Stats.stats.asns.count | number | Asn count. | #### Command Example + ``` !greynoise-stats spoofable=true size=2 advanced_query="spoofable:false ``` #### Human Readable Output + ### Stats + ### Query: spoofable:false Count: 2846548 + ### Classifications + |Classification|Count| |---|---| | unknown | 1838719 | | malicious | 998758 | ### Spoofable + |Spoofable|Count| |---|---| | False | 2846548 | ### Organizations + |Organization|Count| |---|---| | CHINA UNICOM China169 Backbone | 252542 | | CHINANET-BACKBONE | 244599 | ### Actors + |Actor|Count| |---|---| | GoogleBot | 2202 | -### Countries +### Source Countries + +|Country|Count| +|---|---| +| China | 562209 | +| Iran | 376353 | + +### Destination Countries + |Country|Count| |---|---| | China | 562209 | | Iran | 376353 | ### Tags + |Tag|Count| |---|---| | SMB Scanner | 592090 | | Web Scanner | 578058 | ### Operating Systems + |Operating System|Count| |---|---| | Linux 2.2-3.x | 1202422 | | Windows 7/8 | 727215 | ### Categories + |Category|Count| |---|---| | isp | 2263259 | | mobile | 348306 | ### ASNs + |ASN|Count| |---|---| | AS4837 | 252542 | @@ -324,57 +384,67 @@ Get aggregate statistics for the top organizations, actors, tags, ASNs, countrie ### greynoise-riot + *** Identify IPs from known benign services and organizations that commonly cause false positives in network security and threat intelligence products. The collection of IPs in RIOT is continually curated and verified to provide accurate results. These IPs are extremely unlikely to pose a threat to your network. #### Base Command `greynoise-riot` + #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| ip | The IP address to be checked if it is potentially harmful or not. | Required | +| **Argument Name** | **Description** | **Required** | +|-------------------|-------------------------------------------------------------------|--------------| +| ip | The IP address to be checked if it is potentially harmful or not. | Required | #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| GreyNoise.Riot.ip | string | The IP given to check riot information about. | -| GreyNoise.Riot.riot | string | The riot of the IP. "True" or "False" | -| GreyNoise.Riot.category | string | The category of the IP if riot is "True". | -| GreyNoise.Riot.name | string | The name of the IP if the riot is "True". | -| GreyNoise.Riot.description | string | The description of the IP if riot is "True". | -| GreyNoise.Riot.explanation | date | The explanation of the IP if riot is "True". | -| GreyNoise.Riot.last_updated | string | The last updated time of the IP if the riot is "True". | -| GreyNoise.Riot.reference | string | The reference of the IP if riot is "True". | +| **Path** | **Type** | **Description** | +|-----------------------------|----------|--------------------------------------------------------| +| GreyNoise.Riot.ip | string | The IP given to check riot information about. | +| GreyNoise.Riot.riot | string | The riot of the IP. "True" or "False" | +| GreyNoise.Riot.category | string | The category of the IP if riot is "True". | +| GreyNoise.Riot.name | string | The name of the IP if the riot is "True". | +| GreyNoise.Riot.description | string | The description of the IP if riot is "True". | +| GreyNoise.Riot.explanation | date | The explanation of the IP if riot is "True". | +| GreyNoise.Riot.last_updated | string | The last updated time of the IP if the riot is "True". | +| GreyNoise.Riot.reference | string | The reference of the IP if riot is "True". | +| GreyNoise.Riot.trust_level | string | The trust_level of the IP if riot is "True". | #### Command Example + ``` !greynoise-riot ip="8.8.8.8" ``` #### Human Readable Output + ### GreyNoise: IP Belongs to Common Business Service + |IP|Category|Name|Trust Level|Description|Last Updated| |---|---|---|---|---|---| -| [8.8.8.8](https://viz.greynoise.io/riot/8.8.8.8) | public_dns | Google Public DNS | 1 - Reasonably Ignore | Google's global domain name system (DNS) resolution service.|2021-04-12T05:55:35Z| +| 8.8.8.8 | public_dns | Google Public DNS | 1 - Reasonably Ignore | Google's global domain name system (DNS) resolution service.|2021-04-12T05:55:35Z| ``` !greynoise-riot ip="114.119.130.178" ``` #### Human Readable Output + ### GreyNoise: IP Not Found in RIOT + |IP|RIOT| |---|---| | 114.119.130.178| false | ### greynoise-context + *** Identify IPs that are mass-scanning the internet and identify what they are scanning for. #### Base Command `greynoise-context` + #### Input | **Argument Name** | **Description** | **Required** | @@ -384,56 +454,173 @@ Identify IPs that are mass-scanning the internet and identify what they are scan #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| GreyNoise.IP.address | string | The IP address of the scanning device IP. | -| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | -| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | -| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | -| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | -| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | -| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | -| GreyNoise.IP.cve | array | CVEs associated with IP. | -| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | -| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | -| GreyNoise.IP.bot | boolean | Whether belongs to common bot activity. | -| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | -| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | -| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | -| GreyNoise.IP.metadata.country | string | The full name of the country. | -| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | -| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | -| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | -| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | -| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | -| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | -| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | -| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | -| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | -| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | -| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | -| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | -| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | -| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | +| **Path** | **Type** | **Description** | +|-------------------------------------------------|----------|---------------------------------------------------------------------------------------| +| GreyNoise.IP.address | string | The IP address of the scanning device IP. | +| GreyNoise.IP.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | +| GreyNoise.IP.seen | boolean | IP is in record with GreyNoise. | +| GreyNoise.IP.tags | array | A list of the tags the device has been assigned over the past 90 days. | +| GreyNoise.IP.actor | string | The overt actor the device has been associated with. | +| GreyNoise.IP.spoofable | boolean | Boolean indicates if IP is spoofable. | +| GreyNoise.IP.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | +| GreyNoise.IP.cve | array | CVEs associated with IP. | +| GreyNoise.IP.vpn | boolean | Whether the device is VPN endpoint or not. | +| GreyNoise.IP.vpn_service | string | The name of the VPN service provider of the device. | +| GreyNoise.IP.bot | boolean | Whether belongs to common bot activity. | +| GreyNoise.IP.metadata.asn | string | The autonomous system identification number. | +| GreyNoise.IP.metadata.city | string | The city the device is geographically located in. | +| GreyNoise.IP.metadata.region | string | The full name of the region the device is geographically located in. | +| GreyNoise.IP.metadata.country | string | The full name of the country. | +| GreyNoise.IP.metadata.country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.source_country | string | The full name of the country. | +| GreyNoise.IP.metadata.source_country_code | string | The two-character country code of the country. | +| GreyNoise.IP.metadata.destination_countries | string | The list of countries with observed scanning, by country name. | +| GreyNoise.IP.metadata.destination_country_codes | string | The list of countries with observed scanning, by two-character country code. | +| GreyNoise.IP.metadata.organization | string | The organization that owns the network that the IP address belongs to. | +| GreyNoise.IP.metadata.category | string | Whether the device belongs to a business, isp, hosting, education, or mobile network. | +| GreyNoise.IP.metadata.tor | boolean | Whether or not the device is a known Tor exit node. | +| GreyNoise.IP.metadata.rdns | string | Reverse DNS lookup of the IP address. | +| GreyNoise.IP.metadata.os | string | The name of the operating system of the device. | +| GreyNoise.IP.metadata.sensor_hits | string | The number of GreyNoise sensors that observed scanning. | +| GreyNoise.IP.metadata.sensor_count | string | The number of scanning events observed. | +| GreyNoise.IP.raw_data.scan.port | number | The port number\(s\) the devices has been observed scanning. | +| GreyNoise.IP.raw_data.scan.protocol | string | The protocol of the port the device has been observed scanning. | +| GreyNoise.IP.raw_data.web.paths | array | Any HTTP paths the device has been observed crawling the Internet for. | +| GreyNoise.IP.raw_data.web.useragents | array | Any HTTP user-agents the device has been observed using while crawling the Internet. | +| GreyNoise.IP.raw_data.ja3.fingerprint | string | The JA3 TLS/SSL fingerprint. | +| GreyNoise.IP.raw_data.ja3.port | number | The corresponding TCP port for the given JA3 fingerprint. | +| GreyNoise.IP.raw_data.hassh.fingerprint | string | HASSH hash fingerprint string. | +| GreyNoise.IP.raw_data.hassh.port | number | TCP port connection where the HASSH hash was identified. | #### Command Example + ``` !greynoise-context ip="66.249.68.82" ``` #### Human Readable Output + ### Benign IP + IP: 66.249.68.82 found with Noise Reputation: Good |IP|Classification|Actor|Tags|Spoofable|VPN|BOT|Tor|First Seen|Last Seen| |---|---|---|---|---|---|---|---|---|---| -| [66.249.68.82](https://www.greynoise.io/viz/ip/66.249.68.82) | 66.249.68.82 | GoogleBot | TLS/SSL Crawler, Web Crawler | false | false | false | false | 2021-05-30 | 2021-09-16 | +| 66.249.68.82 | 66.249.68.82 | GoogleBot | TLS/SSL Crawler, Web Crawler | false | false | false | false | 2021-05-30 | 2021-09-16 | ``` !greynoise-context ip="114.119.130.178" ``` #### Human Readable Output + ### Unidentified IP + IP: 103.21.244.0 No Mass-Internet Scanning Noise Found |IP|Seen| |---|---| -| 103.21.244.0 | false | \ No newline at end of file +| 103.21.244.0 | false | + + +### greynoise-similarity + +*** +Identify IPs with a similar internet scanning profile. + +#### Base Command + +`greynoise-similarity ` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- |----------------------------------------| --- | +| ip | The IP address to find similar IPs for | Required | +| minimum_score | The similar score to return results above. Valid from 85 to 100. Default is 90. | Optional | +| maximum_results | The maximum number of similar results to return. Default is 50. | Optional | + + + +#### Context Output + +| **Path** | **Type** | **Description** | +|------------------------------------| --- | --- | +| GreyNoise.Similar.ip | string | The IP address of the scanning device IP. | +| GreyNoise.Similar.first_seen | date | The date the device was first observed by GreyNoise. Format is ISO8601. | +| GreyNoise.Similar.last_seen | date | The date the device was last observed by GreyNoise. Format is ISO8601. | +| GreyNoise.Similar.actor | string | The overt actor the device has been associated with. | +| GreyNoise.Similar.classification | string | Whether the device has been categorized as unknown, benign, or malicious. | +| GreyNoise.Similar.asn | string | The autonomous system identification number. | +| GreyNoise.Similar.city | string | The city the device is geographically located in. | +| GreyNoise.Similar.country | string | The full name of the country. | +| GreyNoise.Similar.country_code | string | The two-character country code of the country. | +| GreyNoise.Similar.organization | string | The organization that owns the network that the IP address belongs to. | +| GreyNoise.Similar.similar_ips | array | Details of similar IPs | + +#### Command Example + +``` !greynoise-similarity ip="1.2.3.4" minimum_score="90" maximum_results="50"``` + +#### Human Readable Output + +IP: 59.88.225.2 - Similar Internet Scanners found in GreyNoise +Total Similar IPs with Score above 90%: 100 +Displaying 50 results below. To see all results, visit the GreyNoise Visualizer. +GreyNoise Similar IPs + +| IP | Score | Classification | Actor | Organization | Last Seen | Similarity Features | +|---------|-------|----------------|---------|--------------|------------|-----------------------| +| 1.2.3.4 | 100 | malicious | unknown | GoogleBot | 2023-04-05 | ports,spoofable_bool | + +``` !greynoise-similarity ip="114.119.130.178" ``` + +#### Human Readable Output + +GreyNoise Similarity Lookup returned No Results. + +### greynoise-similarity + +*** +Identify IPs with a similar internet scanning profile. + +#### Base Command + +`greynoise-similarity ` + +#### Input + +| **Argument Name** | **Description** | **Required** | +|-------------------|------------------------------------------------------------------------------------|--------------| +| ip | The IP address to find similar IPs for | Required | +| days | The number of days from today to get activity. Valid from 1 to 90. Default is 30. | Optional | +| maximum_results | The maximum number of similar results to return. Default is 50. | Optional | + + + +#### Context Output + +| **Path** | **Type** | **Description** | +|-----------------------------------------|----------|-------------------------------------------| +| GreyNoise.Timeline.ip | string | The IP address of the scanning device IP. | +| GreyNoise.Timeline.metadata.start_time | date | The start time of the activity period | +| GreyNoise.Timeline.metadata.end_time | date | The end time of the activity period | +| GreyNoise.Timeline.metadata.limit | string | Limit of activity events returned | +| GreyNoise.Timeline.metadata.next_cursor | string | Cursor value to pull next page of results | +| GreyNoise.Timeline.activity | array | Daily activity summaries | + +#### Command Example + +``` !greynoise-timeline ip="1.1.2.2" days="30" maximum_results="30"``` + +#### Human Readable Output + +IP: 45.164.214.212 - GreyNoise IP Timeline +Internet Scanner Timeline Details - Daily Activity Summary + +| Date | Classification | Tags | rDNS | Organization | ASN | Ports | Web Paths | User Agents | +|---------|----------------|-------------|-------------|--------------|---------|----------------------|------------|-----------------| +| 1.2.3.4 | malicious | BruteForcer | me.acme.lcl | Acme, Inc | AS12345 | ports,spoofable_bool | /root/home | MozillaFirefox | + +``` !greynoise-timeline ip="1.1.2.2" days="30" maximum_results="30" ``` + +#### Human Readable Output + +GreyNoise IP Timeline Returned No Results. diff --git a/Packs/GreyNoise/Integrations/GreyNoise/test_data/input_data.py b/Packs/GreyNoise/Integrations/GreyNoise/test_data/input_data.py index 3d3ce4ec46b0..86934d4c12be 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise/test_data/input_data.py +++ b/Packs/GreyNoise/Integrations/GreyNoise/test_data/input_data.py @@ -68,7 +68,6 @@ ), ] - ip_reputation_command_data = [ ({"ip": "71.6.135.131"}, "positive", valid_ip_response, 200, valid_ip_response_expected), # NOSONAR ( @@ -450,6 +449,136 @@ 200, # NOSONAR {"address": "71.6.135.131", "seen": False}, ), # NOSONAR - ({"ip": "123"}, "negative", "Invalid IP address: '123'", 200, "Invalid IP address: '123'"), # NOSONAR # NOSONAR + ({"ip": "123"}, "negative", "Invalid IP address: '123'", 200, "Invalid IP address: '123'"), # NOSONAR ({"ip": "abc"}, "negative", "forbidden", 200, "Invalid IP address: 'abc'"), # NOSONAR ] + +valid_similar_response = { + "ip": { + "actor": "unknown", + "asn": "AS4134", + "city": "Beijing", + "classification": "malicious", + "country": "China", + "country_code": "CN", + "first_seen": "2023-05-29", + "ip": "121.239.23.85", + "last_seen": "2023-05-30", + "organization": "CHINANET-BACKBONE" + }, + "similar_ips": [ + { + "actor": "unknown", + "asn": "AS1221", + "city": "Melbourne", + "classification": "unknown", + "country": "Australia", + "country_code": "AU", + "features": [ + "ports", + "spoofable_bool" + ], + "first_seen": "2023-05-22", + "ip": "1.145.159.157", + "last_seen": "2023-05-23", + "organization": "Telstra Corporation Ltd", + "score": 1 + } + ], + "total": 32368 +} + +valid_similar_response_expected = copy.deepcopy(valid_similar_response) + +similar_command_response_data = [ + ({"ip": "71.6.135.131"}, "positive", valid_similar_response, 200, valid_similar_response_expected), # NOSONAR + ({"ip": "45.95.147.229"}, "positive", { + "ip": { + "actor": "unknown", + "asn": "AS49870", + "city": "Amsterdam", + "classification": "malicious", + "country": "Netherlands", + "country_code": "NL", + "first_seen": "2023-05-11", + "ip": "45.95.147.229", + "last_seen": "2023-05-30", + "organization": "Alsycon B.V." + }, + "similar_ips": [], + "total": 0 + }, 200, valid_similar_response_expected), # NOSONAR + ({"ip": "192.168.1.1"}, "negative", "Non-Routable IP address: '192.168.1.1'", 404, "Non-Routable IP address: " + "'192.168.1.1'"), # NOSONAR + ({"ip": "abc"}, "negative", "forbidden", 404, "Invalid IP address: 'abc'"), # NOSONAR +] + +valid_timeline_response = { + "activity": [ + { + "asn": "AS49870", + "category": "hosting", + "city": "Amsterdam", + "classification": "unknown", + "country": "Netherlands", + "country_code": "NL", + "destinations": [ + { + "country": "Albania", + "country_code": "AL" + } + ], + "organization": "Alsycon B.V.", + "protocols": [ + { + "app_protocol": "TELNET", + "port": 23, + "transport_protocol": "TCP" + } + ], + "rdns": "tittle.life", + "region": "North Holland", + "spoofable": "true", + "tags": [ + { + "category": "tool", + "description": "IP addresses with this tag have been observed using the ZMap Internet scanner.", + "intention": "unknown", + "name": "ZMap Client" + } + ], + "timestamp": "2023-05-29T00:00:00Z", + "tor": "false", + "vpn": "false", + "vpn_service": "" + } + ], + "ip": "45.95.147.229", + "metadata": { + "end_time": "2023-05-30T18:43:30.604457229Z", + "ip": "45.95.147.229", + "limit": 50, + "next_cursor": "", + "start_time": "2023-05-29T00:00:00Z" + } +} + +valid_timeline_response_expected = copy.deepcopy(valid_timeline_response) + +timeline_command_response_data = [ + ({"ip": "45.95.147.229"}, "positive", valid_timeline_response, 200, valid_timeline_response_expected), # NOSONAR + ({"ip": "61.30.129.190"}, "positive", { + "activity": [], + "ip": "61.30.129.190", + "metadata": { + "end_time": "2023-05-30T18:46:34.662311004Z", + "ip": "61.30.129.190", + "limit": 50, + "next_cursor": "", + "start_time": "2023-05-29T00:00:00Z" + } + }, 200, valid_timeline_response_expected), # NOSONAR + ({"ip": "192.168.1.1"}, "negative", "Non-Routable IP address: '192.168.1.1'", 404, "Non-Routable IP address: " + "'192.168.1.1'"), # NOSONAR + ({"ip": "abc"}, "negative", "forbidden", 404, "Invalid IP address: 'abc'"), # NOSONAR +] diff --git a/Packs/GreyNoise/Integrations/GreyNoise/test_data/quick_check.md b/Packs/GreyNoise/Integrations/GreyNoise/test_data/quick_check.txt similarity index 100% rename from Packs/GreyNoise/Integrations/GreyNoise/test_data/quick_check.md rename to Packs/GreyNoise/Integrations/GreyNoise/test_data/quick_check.txt diff --git a/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.py b/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.py index 9ba1447cb333..b1132e941f43 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.py +++ b/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.py @@ -298,7 +298,7 @@ def main() -> None: # pragma: no cover else: packs = [] - pack_version = "1.2.0" + pack_version = "1.3.0" if isinstance(packs, list): for pack in packs: if pack["name"] == "GreyNoise": diff --git a/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community_description.md b/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community_description.md index 806730124234..13cc31825f5e 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community_description.md +++ b/Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community_description.md @@ -1,5 +1,6 @@ To use GreyNoise on Cortex XSOAR, retrieve your user account's API key and enter it in the integration's configuration. #### Configure an API account on GreyNoise - - [Login](https://viz.greynoise.io/login) / [Register](https://viz.greynoise.io/signup) at GreyNoise - - Once signed in, go to [Account Settings](https://viz.greynoise.io/account/) to get the API Key. \ No newline at end of file + +- [Login](https://viz.greynoise.io/login) / [Register](https://viz.greynoise.io/signup) at GreyNoise +- Once signed in, go to [Account Settings](https://viz.greynoise.io/account/) to get the API Key. \ No newline at end of file diff --git a/Packs/GreyNoise/Integrations/GreyNoise_Community/README.md b/Packs/GreyNoise/Integrations/GreyNoise_Community/README.md index ffe25189c4bc..444b926563f8 100644 --- a/Packs/GreyNoise/Integrations/GreyNoise_Community/README.md +++ b/Packs/GreyNoise/Integrations/GreyNoise_Community/README.md @@ -22,10 +22,14 @@ Supported Cortex XSOAR versions: 5.5.0 and later. | proxy | Use system proxy settings | False | 4. Click **Test** to validate the URLs, token, and connection. + ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. + ### greynoise-community-lookup + *** Queries IPs in the GreyNoise Community API. @@ -33,6 +37,7 @@ Queries IPs in the GreyNoise Community API. #### Base Command `ip` + #### Input | **Argument Name** | **Description** | **Required** | @@ -63,10 +68,15 @@ Queries IPs in the GreyNoise Community API. #### Command Example + ``` !greynoise-community-lookup ips=1.2.3.4 ``` + #### Human Readable Output + ### IP: 71.6.135.131 found with Reputation: Good + ### GreyNoise Community IP Response + |IP|Noise|RIOT|Classification|Name|Link|Last Seen |---|---|---|---|---|---|---| -| 71.6.135.131 | true | false | benign | Shodan.io | https://viz.greynoise.io/ip/71.6.135.131 | 2021-02-03 | \ No newline at end of file +| 71.6.135.131 | true | false | benign | Shodan.io | | 2021-02-03 | \ No newline at end of file diff --git a/Packs/GreyNoise/Playbooks/Calculate_Severity_-_GreyNoise_README.md b/Packs/GreyNoise/Playbooks/Calculate_Severity_-_GreyNoise_README.md index ebef4bcb60cc..d8448c3a5ffd 100644 --- a/Packs/GreyNoise/Playbooks/Calculate_Severity_-_GreyNoise_README.md +++ b/Packs/GreyNoise/Playbooks/Calculate_Severity_-_GreyNoise_README.md @@ -4,22 +4,28 @@ Calculate and assign the incident severity based on the highest returned severit - Current incident severity ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise -* Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise + +- Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise +- Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise ### Integrations + This playbook does not use any integrations. ### Scripts -* Set + +- Set ### Commands -* setIncident + +- setIncident ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -28,6 +34,7 @@ This playbook does not use any integrations. | NetworkTrafficDirection | The direction of network traffic event associated with the Incident\(Egress/Ingress\). If not supplied, Ingress is considered. | Egress | Optional | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | @@ -39,5 +46,6 @@ This playbook does not use any integrations. | CriticalAssets.CriticalUserGroups | Critical user-groups involved in the incident. | unknown | ## Playbook Image + --- ![Calculate Severity - GreyNoise](./../doc_files/Calculate_Severity_-_GreyNoise.png) \ No newline at end of file diff --git a/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Egress_Network_Traffic_-_GreyNoise_README.md b/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Egress_Network_Traffic_-_GreyNoise_README.md index a3cfa5000b67..58de0e9969b8 100644 --- a/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Egress_Network_Traffic_-_GreyNoise_README.md +++ b/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Egress_Network_Traffic_-_GreyNoise_README.md @@ -1,22 +1,28 @@ Playbook to calculate the severity based on GreyNoise ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks + This playbook does not use any sub-playbooks. ### Integrations + * GreyNoise ### Scripts + * Set * IsIntegrationAvailable ### Commands + * ip ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -24,6 +30,7 @@ This playbook does not use any sub-playbooks. | DBotScore | Array of all indicators associated with the incident. | DBotScore | Optional | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | @@ -31,5 +38,6 @@ This playbook does not use any sub-playbooks. | Severities.DBotScoreSeverity | The severity level of the incident identified and set in the Calculate Severity By GreyNoise Highest DBotScore playbook. | unknown | ## Playbook Image + --- ![Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise](./../doc_files/Calculate_Severity_Highest_DBotScore_For_Egress_Network_Traffic_-_GreyNoise.png) \ No newline at end of file diff --git a/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Ingress_Network_Traffic_-_GreyNoise_README.md b/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Ingress_Network_Traffic_-_GreyNoise_README.md index 3a044e74a3f0..f39ab9d16a17 100644 --- a/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Ingress_Network_Traffic_-_GreyNoise_README.md +++ b/Packs/GreyNoise/Playbooks/Calculate_Severity_Highest_DBotScore_For_Ingress_Network_Traffic_-_GreyNoise_README.md @@ -1,22 +1,28 @@ Playbook to calculate the severity based on GreyNoise ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks + This playbook does not use any sub-playbooks. ### Integrations + * GreyNoise ### Scripts + * IsIntegrationAvailable * Set ### Commands + * ip ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -24,6 +30,7 @@ This playbook does not use any sub-playbooks. | DBotScore | Array of all indicators associated with the incident. | DBotScore | Optional | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | @@ -31,5 +38,6 @@ This playbook does not use any sub-playbooks. | Severities.DBotScoreSeverity | The severity level of the incident identified and set in the Calculate Severity By GreyNoise Highest DBotScore playbook. | unknown | ## Playbook Image + --- ![Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise](./../doc_files/Calculate_Severity_Highest_DBotScore_For_Ingress_Network_Traffic_-_GreyNoise.png) \ No newline at end of file diff --git a/Packs/GreyNoise/Playbooks/IP_Reputation-GreyNoise_README.md b/Packs/GreyNoise/Playbooks/IP_Reputation-GreyNoise_README.md index 9c7c4fba1b44..f0923eb35b8c 100644 --- a/Packs/GreyNoise/Playbooks/IP_Reputation-GreyNoise_README.md +++ b/Packs/GreyNoise/Playbooks/IP_Reputation-GreyNoise_README.md @@ -3,21 +3,27 @@ Supported Cortex XSOAR versions: 5.0.0 and later. ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks + This playbook does not use any sub-playbooks. ### Integrations + * GreyNoise ### Scripts + This playbook does not use any scripts. ### Commands + * ip ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -25,6 +31,7 @@ This playbook does not use any scripts. | IP | The IP address to get reputation of. | IP.Address | Required | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | @@ -32,5 +39,6 @@ This playbook does not use any scripts. | GreyNoise.IP.address | The IP address of the scanning device IP. | unknown | ## Playbook Image + --- ![IP Reputation-GreyNoise](./../doc_files/IP_Reputation-GreyNoise.png) \ No newline at end of file diff --git a/Packs/GreyNoise/README.md b/Packs/GreyNoise/README.md index 91e57d2a36ca..b2a0d10fbae5 100644 --- a/Packs/GreyNoise/README.md +++ b/Packs/GreyNoise/README.md @@ -4,9 +4,11 @@ more time to uncover and investigate true threats. Includes Actions to allow IP the GreyNoise API. ##### What does this pack do? + The playbooks and actions in this pack help you to reduce Internet-Background noise and benign services from your Incident Response work. They also help automate repetitive tasks associated with routable IPv4 addresses: + - Query an IP to determine if it is Internet-Background Noise - Query an IP to determine if it is a Benign Service - Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints @@ -14,6 +16,7 @@ They also help automate repetitive tasks associated with routable IPv4 addresses - Calculate the severity of the incident using GreyNoise IP reputation data This Pack Contains two Integrations: GreyNoise and GreyNoise Community + - GreyNoise: is intended for those users that have a Paid GreyNoise subscription - GreyNoise Community: is intended for those users that use the free GreyNoise Community API diff --git a/Packs/GreyNoise/ReleaseNotes/1_0_1.md b/Packs/GreyNoise/ReleaseNotes/1_0_1.md index fb12010a71a7..2dcbb4afa981 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_0_1.md +++ b/Packs/GreyNoise/ReleaseNotes/1_0_1.md @@ -1,5 +1,7 @@ #### Integrations + ##### GreyNoise + - Added the ***greynoise-riot*** command. - Updated the Docker image to: *demisto/greynoise:1.0.0.19143*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_0_2.md b/Packs/GreyNoise/ReleaseNotes/1_0_2.md index 6e6f2cfdf01f..0be1cd0420eb 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_0_2.md +++ b/Packs/GreyNoise/ReleaseNotes/1_0_2.md @@ -1,4 +1,6 @@ #### Integrations + ##### GreyNoise + - Added GreyNoise Community Integration diff --git a/Packs/GreyNoise/ReleaseNotes/1_0_3.md b/Packs/GreyNoise/ReleaseNotes/1_0_3.md index c47d3437529f..6da136dbf9d1 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_0_3.md +++ b/Packs/GreyNoise/ReleaseNotes/1_0_3.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise + - Maintenance and stability enhancements. \ No newline at end of file diff --git a/Packs/GreyNoise/ReleaseNotes/1_0_4.md b/Packs/GreyNoise/ReleaseNotes/1_0_4.md index f40261323cdd..8674133f91fe 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_0_4.md +++ b/Packs/GreyNoise/ReleaseNotes/1_0_4.md @@ -1,5 +1,9 @@ #### Integrations + ##### GreyNoise + - Upgraded the Docker image to: *demisto/greynoise:1.0.0.23290*. + ##### GreyNoise Community + - Upgraded the Docker image to: *demisto/greynoise:1.0.0.23290*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_0_5.md b/Packs/GreyNoise/ReleaseNotes/1_0_5.md index 2cd6603ebc5c..61d236c0432a 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_0_5.md +++ b/Packs/GreyNoise/ReleaseNotes/1_0_5.md @@ -1,5 +1,9 @@ #### Integrations + ##### GreyNoise + - Updated the Docker image to: *demisto/greynoise:1.0.0.24037*. + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.24037*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_1_0.md b/Packs/GreyNoise/ReleaseNotes/1_1_0.md index 5819cdc54c4b..818fdf6e40ca 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_1_0.md +++ b/Packs/GreyNoise/ReleaseNotes/1_1_0.md @@ -1,5 +1,7 @@ #### Integrations + ##### GreyNoise + - Fixed an issue where the ***test configuration*** command would constantly fail. - Updated the ***ip*** command to perform both NOISE and RIOT lookups. - Added the ***greynoise-context*** command to only perform NOISE lookup. @@ -7,5 +9,7 @@ - Updated URL Hyperlink URLs to new Visualizer base URL. - Update IP Context Table to include additional elements. - Added a CVE lookup option to the ***query*** command. + ##### GreyNoise Community + - Maintenance and stability enhancements diff --git a/Packs/GreyNoise/ReleaseNotes/1_1_1.md b/Packs/GreyNoise/ReleaseNotes/1_1_1.md index fc01eef1baa1..1d546b047804 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_1_1.md +++ b/Packs/GreyNoise/ReleaseNotes/1_1_1.md @@ -1,5 +1,9 @@ #### Integrations + ##### GreyNoise + - Fixed a bug to allow backward compatibility. + ##### GreyNoise Community + - Fixed a bug to allow backward compatibility. \ No newline at end of file diff --git a/Packs/GreyNoise/ReleaseNotes/1_1_2.md b/Packs/GreyNoise/ReleaseNotes/1_1_2.md index 443a4ff585a2..7435813bd0e0 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_1_2.md +++ b/Packs/GreyNoise/ReleaseNotes/1_1_2.md @@ -1,5 +1,9 @@ #### Integrations + ##### GreyNoise + - Updated the Docker image to: *demisto/greynoise:1.0.0.25543*. + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.25543*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_0.md b/Packs/GreyNoise/ReleaseNotes/1_2_0.md index e88553dadb04..cc23702e0eb5 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_0.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_0.md @@ -1,6 +1,10 @@ #### Integrations + ##### GreyNoise + - Added support for IP enrichment commands to use Reliability option. - Improved implementation ***greynoise-riot*** command output to match the RIOT section of the ***ip*** command output. + ##### GreyNoise Community + - Added support for IP enrichment commands to use Reliability option. \ No newline at end of file diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_1.md b/Packs/GreyNoise/ReleaseNotes/1_2_1.md index 7f1032fd1790..0f14b4d66204 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_1.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_1.md @@ -1,5 +1,9 @@ #### Integrations + ##### GreyNoise + - Added support for the *feedExpirationPolicy* and *feedExpirationInterval* integration parameters. + ##### GreyNoise Community + - Added support for the *feedExpirationPolicy* and *feedExpirationInterval* integration parameters. \ No newline at end of file diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_10.md b/Packs/GreyNoise/ReleaseNotes/1_2_10.md index 411b360f8799..20364df9bf52 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_10.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_10.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.58795*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_2.md b/Packs/GreyNoise/ReleaseNotes/1_2_2.md index 2f7ba81d3978..9ac70fd35189 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_2.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_2.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.40774*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_3.md b/Packs/GreyNoise/ReleaseNotes/1_2_3.md index 733c7930fbfa..3105dd7d03e3 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_3.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_3.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.44806*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_4.md b/Packs/GreyNoise/ReleaseNotes/1_2_4.md index 72a1b1b33509..57dfe64302d0 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_4.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_4.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.47299*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_5.md b/Packs/GreyNoise/ReleaseNotes/1_2_5.md index 3e1b8c35de72..aab035a84315 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_5.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_5.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.48836*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_6.md b/Packs/GreyNoise/ReleaseNotes/1_2_6.md index cbc5cc2fa426..5257e813be32 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_6.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_6.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.51072*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_7.md b/Packs/GreyNoise/ReleaseNotes/1_2_7.md index 7afd1b2798d1..c7f7ede0b866 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_7.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_7.md @@ -1,3 +1,5 @@ #### Integrations + ##### GreyNoise Community + - Updated the Docker image to: *demisto/greynoise:1.0.0.54455*. diff --git a/Packs/GreyNoise/ReleaseNotes/1_2_9.md b/Packs/GreyNoise/ReleaseNotes/1_2_9.md index 9fa4ab0269f9..5cab5c7265df 100644 --- a/Packs/GreyNoise/ReleaseNotes/1_2_9.md +++ b/Packs/GreyNoise/ReleaseNotes/1_2_9.md @@ -1,4 +1,5 @@ #### Integrations ##### GreyNoise + - Fixed an issue where ***test module*** command throws exception on XSOAR8 and XSIAM envs. diff --git a/Packs/GreyNoise/ReleaseNotes/1_3_0.md b/Packs/GreyNoise/ReleaseNotes/1_3_0.md new file mode 100644 index 000000000000..72a9d3cb26ec --- /dev/null +++ b/Packs/GreyNoise/ReleaseNotes/1_3_0.md @@ -0,0 +1,12 @@ +#### Integrations + +##### GreyNoise + +- Added greynoise-similarity command +- Added greynoise-timeline command +- Updated schema for GNQL and IP Context responses to include new fields +- Updated the Docker image to: *demisto/greynoise:1.0.0.61972*. + +##### GreyNoise Community + +- Updated the Docker image to: *demisto/greynoise:1.0.0.61972*. diff --git a/Packs/GreyNoise/pack_metadata.json b/Packs/GreyNoise/pack_metadata.json index 4fae17df44df..5e4f0ebcda74 100644 --- a/Packs/GreyNoise/pack_metadata.json +++ b/Packs/GreyNoise/pack_metadata.json @@ -2,7 +2,7 @@ "name": "GreyNoise", "description": "GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats. The full integration code can be found here: https://github.com/demisto/content/tree/master/Packs/GreyNoise", "support": "partner", - "currentVersion": "1.2.11", + "currentVersion": "1.3.0", "author": "GreyNoise", "url": "https://greynoise.io", "email": "support@greynoise.io", From 74880ccedba4447a48a99bfd43d7ddb9bdc01e56 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 20:59:32 +0300 Subject: [PATCH 039/124] [ASM] - Expandr 4075 (#27258) (#27287) * init * RN * fix RN * Apply suggestions from code review --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- .../Playbooks/Cortex_ASM_-_ASM_Alert.yml | 288 ++++++++++- .../Cortex_ASM_-_ASM_Alert_README.md | 18 +- .../Playbooks/Cortex_ASM_-_AWS_Enrichment.yml | 10 +- .../Cortex_ASM_-_AWS_Enrichment_README.md | 12 +- .../Playbooks/Cortex_ASM_-_GCP_Enrichment.yml | 478 ++++++++++++++++-- .../Cortex_ASM_-_GCP_Enrichment_README.md | 5 +- .../ReleaseNotes/1_6_18.md | 13 + .../doc_files/Cortex_ASM_-_ASM_Alert.png | Bin 996628 -> 1242255 bytes .../doc_files/Cortex_ASM_-_GCP_Enrichment.png | Bin 358561 -> 414919 bytes .../pack_metadata.json | 2 +- 10 files changed, 735 insertions(+), 91 deletions(-) create mode 100644 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_18.md diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml index 00303890d68a..d6efa5c312c6 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml @@ -14,7 +14,7 @@ tasks: name: "" iscommand: false brand: "" - description: "" + description: '' nexttasks: '#none#': - "5" @@ -23,7 +23,7 @@ tasks: { "position": { "x": 50, - "y": -960 + "y": -1330 } } note: false @@ -45,7 +45,7 @@ tasks: type: title iscommand: false brand: "" - description: "" + description: '' separatecontext: false view: |- { @@ -70,10 +70,10 @@ tasks: id: cf841205-1bc1-4490-89f8-027e330c91d2 version: -1 name: Triage and Qualifier Stage - description: '' type: title iscommand: false brand: "" + description: '' nexttasks: '#none#': - "138" @@ -82,7 +82,7 @@ tasks: { "position": { "x": 50, - "y": -830 + "y": -1200 } } note: false @@ -114,7 +114,7 @@ tasks: { "position": { "x": 50, - "y": 0 + "y": -370 } } note: false @@ -315,7 +315,7 @@ tasks: { "position": { "x": 50, - "y": -220 + "y": -590 } } note: false @@ -345,8 +345,8 @@ tasks: view: |- { "position": { - "x": -1740, - "y": 2340 + "x": -1890, + "y": 975 } } note: false @@ -382,8 +382,8 @@ tasks: view: |- { "position": { - "x": -910, - "y": 5800 + "x": -1890, + "y": 5840 } } note: false @@ -2044,7 +2044,7 @@ tasks: { "position": { "x": 50, - "y": 130 + "y": -240 } } note: false @@ -2096,7 +2096,7 @@ tasks: { "position": { "x": 50, - "y": -380 + "y": -750 } } note: false @@ -2954,7 +2954,7 @@ tasks: { "position": { "x": 50, - "y": 455 + "y": 85 } } note: false @@ -3061,7 +3061,7 @@ tasks: { "position": { "x": 50, - "y": 590 + "y": 220 } } note: false @@ -3104,7 +3104,7 @@ tasks: { "position": { "x": 50, - "y": -540 + "y": -910 } } note: false @@ -3147,7 +3147,7 @@ tasks: { "position": { "x": 50, - "y": 295 + "y": -75 } } note: false @@ -3174,7 +3174,7 @@ tasks: brand: "" nexttasks: '#none#': - - "8" + - "144" scriptarguments: gridfield: simple: asmplaybookstage @@ -3190,7 +3190,7 @@ tasks: { "position": { "x": 50, - "y": 750 + "y": 380 } } note: false @@ -3698,7 +3698,232 @@ tasks: { "position": { "x": 50, - "y": -700 + "y": -1070 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "141": + id: "141" + taskid: 647f21f4-9ace-4053-87de-bb6750288224 + type: title + task: + id: 647f21f4-9ace-4053-87de-bb6750288224 + version: -1 + name: continue + type: title + iscommand: false + brand: "" + description: '' + nexttasks: + '#none#': + - "142" + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": -1480, + "y": 975 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "142": + id: "142" + taskid: bc868ae2-0037-4f9f-8efd-425d9aac0c4b + type: regular + task: + id: bc868ae2-0037-4f9f-8efd-425d9aac0c4b + version: -1 + name: Close alert (accepted risk) + description: Close the current alert because service is no longer observed. + script: Builtin|||closeInvestigation + type: regular + iscommand: true + brand: Builtin + nexttasks: + '#none#': + - "4" + scriptarguments: + closeNotes: + simple: Alert status set to 'Resolved - Risk Accepted' by Active Response Module + closeReason: + simple: Resolved - Risk Accepted + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": -1480, + "y": 5840 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "144": + id: "144" + taskid: fec944af-ecb2-4e84-8904-6a1455797be3 + type: condition + task: + id: fec944af-ecb2-4e84-8904-6a1455797be3 + version: -1 + name: Are there any matches from accepted risk lists? + description: Checks if the system ids, folders and projects are present in the accepted risk lists. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "8" + "yes": + - "141" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: inList + left: + value: + complex: + root: alert.asmsystemids + filters: + - - operator: isEqualString + left: + value: + simple: alert.asmsystemids.Type + iscontext: true + right: + value: + simple: AWS-EC2 + - operator: isEqualString + left: + value: + simple: alert.asmsystemids.Type + iscontext: true + right: + value: + simple: GCP-VM + - operator: isEqualString + left: + value: + simple: alert.asmsystemids.Type + iscontext: true + right: + value: + simple: Azure-Compute-ID + accessor: ID + iscontext: true + right: + value: + complex: + root: inputs.AcceptedRiskDs + iscontext: true + - operator: inList + left: + value: + complex: + root: alert.asmsystemids + filters: + - - operator: isEqualString + left: + value: + simple: alert.asmsystemids.Type + iscontext: true + right: + value: + simple: GCP-Project-Number + accessor: ID + iscontext: true + right: + value: + complex: + root: inputs.AcceptedRiskProjects + iscontext: true + - operator: inList + left: + value: + complex: + root: alert.asmcloud + filters: + - - operator: isEqualString + left: + value: + simple: alert.asmcloud.Provider + iscontext: true + right: + value: + simple: AWS + accessor: Project + iscontext: true + right: + value: + complex: + root: inputs.AcceptedRiskProjects + iscontext: true + - operator: inList + left: + value: + complex: + root: alert.asmsystemids + filters: + - - operator: isEqualString + left: + value: + simple: alert.asmsystemids.Type + iscontext: true + right: + value: + simple: GCP-Folder-Number + accessor: ID + iscontext: true + right: + value: + complex: + root: inputs.AcceptedRiskOther + iscontext: true + - operator: inList + left: + value: + complex: + root: alert.asmcloud + filters: + - - operator: isEqualString + left: + value: + simple: alert.asmcloud.Provider + iscontext: true + right: + value: + simple: Azure + accessor: Organization + iscontext: true + right: + value: + complex: + root: inputs.AcceptedRiskOther + iscontext: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 50, + "y": 540 } } note: false @@ -3723,10 +3948,10 @@ view: |- }, "paper": { "dimensions": { - "height": 7475, - "width": 3490, - "x": -1740, - "y": -960 + "height": 7845, + "width": 3640, + "x": -1890, + "y": -1330 } } } @@ -3784,6 +4009,21 @@ inputs: Set to "True" if you want to bypass. Default is "False". playbookInputQuery: +- key: AcceptedRiskDs + value: {} + required: false + description: Comma separated list of instance/VM IDs that are considered accepted risk and that should be closed. + playbookInputQuery: +- key: AcceptedRiskProjects + value: {} + required: false + description: Comma separated list of projects numbers that are considered accepted risk and that should be closed. For example, the could be list of GCP projects and AWS accounts. + playbookInputQuery: +- key: AcceptedRiskOther + value: {} + required: false + description: Comma separated list of other items that are considered accepted risk and that should be closed. For example, the could be list of folders numbers in GCP and subscription IDs in Azure. + playbookInputQuery: outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md index d4aefb35b6d0..ec0959c7855f 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md @@ -6,11 +6,11 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cortex ASM - Remediation Path Rules * Cortex ASM - Detect Service -* Cortex ASM - Enrichment -* Cortex ASM - Remediation * Cortex ASM - Remediation Guidance +* Cortex ASM - Remediation Path Rules +* Cortex ASM - Remediation +* Cortex ASM - Enrichment ### Integrations @@ -19,14 +19,15 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Scripts * GridFieldSetup -* GenerateASMReport * GetTime +* GenerateASMReport ### Commands +* setAlert * send-mail -* closeInvestigation * servicenow-create-ticket +* closeInvestigation ## Playbook Inputs @@ -35,10 +36,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | | OwnerNotificationSubject | Subject of the notification \(email or ticket\) sent to potential service owner. | A new security risk was identified on an external service owned by your team | Required | -| OwnerNotificationBody | Body of the notification \(email or ticket\) sent to a potential service owner. | Infosec identified a security risk on an external service potentially owned by your team: ${alert.name}<br><br>

Description: ${alert.details}
<br><br>

| Required | +| OwnerNotificationBody | Body of the notification \(email or ticket\) sent to potential service owner. | Infosec identified a security risk on an external service potentially owned by your team: ${alert.name}<br><br>

Description: ${alert.details}
<br><br>

| Required | | RemediationNotificationSubject | Subject of the notification \(email or ticket\) sent to the service owner after remediation. | A new security risk was addressed on an external service owned by your team | Required | | RemediationNotificationHTMLBody | Body of the notification \(email or ticket\) sent to the service owner after remediation. | <!DOCTYPE html>
<html lang="en">
<body>
<p>
Infosec identified a security risk on an external service potentially owned by your
team:<br><b>${alert.name}</b>
</p>
<p>
<b>Alert Details:</b> ${alert.details}<br>
<b>Action Taken:</b> ${alert.asmremediation.[0].Action}<br>
<b>Action Outcome:</b> ${alert.asmremediation.[0].Outcome}<br>
</p>
</body>
</html> | Required | | BypassDevCheck | Determine whether to bypass the Dev Check in automated remediation criteria: https://docs-cortex.paloaltonetworks.com/r/Cortex-XPANSE/Cortex-Xpanse-Expander-User-Guide/Automated-Remediation-Capabilities-Matrix

Set to "True" if you want to bypass. Default is "False". | False | Optional | +| AcceptedRiskDs | Comma-separated list of instance/VM IDs that are considered accepted risk and should be closed. | | Optional | +| AcceptedRiskProjects | Comma-separated list of projects numbers that are considered accepted risk and should be closed. For example, a list of GCP projects and AWS accounts. | | Optional | +| AcceptedRiskOther | Comma-separated list of other items that are considered accepted risk and should be closed. For example, a list of folders numbers in GCP and subscription IDs in Azure. | | Optional | ## Playbook Outputs @@ -49,4 +53,4 @@ There are no outputs for this playbook. --- -![Cortex ASM - ASM Alert](../doc_files/Cortex_ASM_-_ASM_Alert.png) \ No newline at end of file +![Cortex ASM - ASM Alert](../doc_files/Cortex_ASM_-_ASM_Alert.png) diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml index f81803fbfe3a..d24114fc814a 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml @@ -536,10 +536,10 @@ tasks: isautoswitchedtoquietmode: false "16": id: "16" - taskid: 1c72f18b-885b-4405-842b-cb0214445f59 + taskid: 9338a30d-d587-4213-86f2-881555dd5995 type: regular task: - id: 1c72f18b-885b-4405-842b-cb0214445f59 + id: 9338a30d-d587-4213-86f2-881555dd5995 version: -1 name: Set cloud grid field description: |- @@ -562,7 +562,11 @@ tasks: val2: simple: n/a val3: - simple: n/a + complex: + root: AWS.EC2.Instances.NetworkInterfaces.Association + accessor: IpOwnerId + transformers: + - operator: FirstArrayElement val4: complex: root: AWS.EC2.Instances diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md index 6f9969f0f19e..4a3cb5c8901c 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md @@ -1,22 +1,27 @@ Given the IP address this playbook enriches AWS information relevant to ASM alerts. ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks + * AWS - Enrichment ### Integrations + This playbook does not use any integrations. ### Scripts + * GridFieldSetup -* GetTime ### Commands + This playbook does not use any commands. ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -24,9 +29,12 @@ This playbook does not use any commands. | RemoteIP | IP address of service | alert.remoteip | Optional | ## Playbook Outputs + --- There are no outputs for this playbook. ## Playbook Image + --- -![Cortex ASM - AWS Enrichment](../doc_files/Cortex_ASM_-_AWS_Enrichment.png) \ No newline at end of file + +![Cortex ASM - AWS Enrichment](../doc_files/Cortex_ASM_-_AWS_Enrichment.png) diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment.yml index 6edccc2c67c6..628805ac461a 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment.yml @@ -100,7 +100,7 @@ tasks: { "position": { "x": 450, - "y": 370 + "y": 420 } } note: false @@ -146,8 +146,8 @@ tasks: view: |- { "position": { - "x": 1370, - "y": 590 + "x": 1210, + "y": 580 } } note: false @@ -200,8 +200,8 @@ tasks: view: |- { "position": { - "x": -160, - "y": 575 + "x": -450, + "y": 580 } } note: false @@ -252,8 +252,8 @@ tasks: view: |- { "position": { - "x": 290, - "y": 575 + "x": 20, + "y": 580 } } note: false @@ -280,8 +280,8 @@ tasks: view: |- { "position": { - "x": 290, - "y": 2190 + "x": 460, + "y": 3160 } } note: false @@ -349,7 +349,7 @@ tasks: view: |- { "position": { - "x": -150, + "x": -440, "y": 1140 } } @@ -380,8 +380,8 @@ tasks: view: |- { "position": { - "x": -150, - "y": 855 + "x": -440, + "y": 865 } } note: false @@ -413,8 +413,8 @@ tasks: view: |- { "position": { - "x": -150, - "y": 980 + "x": -440, + "y": 990 } } note: false @@ -460,8 +460,8 @@ tasks: view: |- { "position": { - "x": 950, - "y": 1045 + "x": 790, + "y": 1035 } } note: false @@ -491,8 +491,8 @@ tasks: view: |- { "position": { - "x": 950, - "y": 925 + "x": 790, + "y": 915 } } note: false @@ -516,14 +516,14 @@ tasks: description: '' nexttasks: '#none#': - - "16" + - "31" separatecontext: false continueonerrortype: "" view: |- { "position": { - "x": 1370, - "y": 925 + "x": 1210, + "y": 915 } } note: false @@ -535,10 +535,10 @@ tasks: isautoswitchedtoquietmode: false "16": id: "16" - taskid: f7ee4b2f-ac30-4ba1-8255-6f24b48fa7f0 + taskid: 21387b0e-6514-4fea-8d52-07bd460ea4c0 type: regular task: - id: f7ee4b2f-ac30-4ba1-8255-6f24b48fa7f0 + id: 21387b0e-6514-4fea-8d52-07bd460ea4c0 version: -1 name: Set cloud grid field description: |- @@ -583,14 +583,17 @@ tasks: transformers: - operator: uniq val5: - simple: n/a + complex: + root: folder-ids + transformers: + - operator: uniq separatecontext: false continueonerrortype: "" view: |- { "position": { - "x": 1370, - "y": 1045 + "x": 1210, + "y": 1590 } } note: false @@ -620,8 +623,8 @@ tasks: view: |- { "position": { - "x": 1810, - "y": 925 + "x": 1650, + "y": 915 } } note: false @@ -681,8 +684,8 @@ tasks: view: |- { "position": { - "x": 1810, - "y": 1265 + "x": 1650, + "y": 1370 } } note: false @@ -712,8 +715,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 875 + "x": 0, + "y": 885 } } note: false @@ -761,8 +764,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1000 + "x": 0, + "y": 1010 } } note: false @@ -810,8 +813,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1150 + "x": 0, + "y": 1160 } } note: false @@ -859,8 +862,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1300 + "x": 0, + "y": 1310 } } note: false @@ -908,8 +911,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1460 + "x": 0, + "y": 1470 } } note: false @@ -957,8 +960,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1610 + "x": 0, + "y": 1620 } } note: false @@ -1016,8 +1019,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1770 + "x": 0, + "y": 1780 } } note: false @@ -1044,7 +1047,7 @@ tasks: brand: Builtin nexttasks: '#none#': - - "9" + - "34" scriptarguments: gridfield: simple: asmsystemids @@ -1065,8 +1068,8 @@ tasks: view: |- { "position": { - "x": 500, - "y": 1920 + "x": 0, + "y": 1930 } } note: false @@ -1110,8 +1113,379 @@ tasks: view: |- { "position": { - "x": 1810, - "y": 1045 + "x": 1650, + "y": 1085 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "31": + id: "31" + taskid: 0690c6c8-103e-4bd0-86f3-9d84e872d94d + type: condition + task: + id: 0690c6c8-103e-4bd0-86f3-9d84e872d94d + version: -1 + name: Are there any folders? + description: Determines if there is GCP folder information to set in the cloud field. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "33" + "yes": + - "32" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isNotEmpty + left: + value: + complex: + root: GCPHierarchy.id + filters: + - - operator: startWith + left: + value: + simple: GCPHierarchy.id + iscontext: true + right: + value: + simple: folders/ + iscontext: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 1210, + "y": 1085 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "32": + id: "32" + taskid: b933f5bd-5202-40ed-8fdf-0e1f879085d9 + type: regular + task: + id: b933f5bd-5202-40ed-8fdf-0e1f879085d9 + version: -1 + name: Set Folders + description: Set a value in context under the key you entered. + scriptName: Set + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "16" + scriptarguments: + key: + simple: folder-ids + value: + complex: + root: GCPHierarchy.id + filters: + - - operator: startWith + left: + value: + simple: GCPHierarchy.id + iscontext: true + right: + value: + simple: folders/ + transformers: + - operator: join + args: + separator: + value: + simple: ',' + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": 1210, + "y": 1370 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "33": + id: "33" + taskid: 47e7e955-9a1a-4f87-8f15-416094aa383f + type: regular + task: + id: 47e7e955-9a1a-4f87-8f15-416094aa383f + version: -1 + name: Set Folders to n/a + description: Set a value in context under the key you entered. + scriptName: Set + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "16" + scriptarguments: + key: + simple: folder-ids + value: + simple: n/a + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": 800, + "y": 1370 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "34": + id: "34" + taskid: 3253a943-89a8-45f6-8015-82c684102aed + type: condition + task: + id: 3253a943-89a8-45f6-8015-82c684102aed + version: -1 + name: Is there GCP project hierarchy information? + description: Determines if there is GCP hierarchy information to set in the system IDs field. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "9" + "yes": + - "35" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isExists + left: + value: + complex: + root: GCPHierarchy + filters: + - - operator: isEqualString + left: + value: + simple: GCPHierarchy.level + iscontext: true + right: + value: + simple: project + accessor: number + iscontext: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 0, + "y": 2095 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "35": + id: "35" + taskid: 8532ca2f-e3b6-4f72-8d66-59d5e712d114 + type: regular + task: + id: 8532ca2f-e3b6-4f72-8d66-59d5e712d114 + version: -1 + name: Set system IDs grid field (Project-Number) + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + scriptName: GridFieldSetup + type: regular + iscommand: false + brand: Builtin + nexttasks: + '#none#': + - "37" + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: Type,ID,Link + val1: + simple: GCP-Project-Number + val2: + complex: + root: GCPHierarchy + filters: + - - operator: isEqualString + left: + value: + simple: GCPHierarchy.level + iscontext: true + right: + value: + simple: project + accessor: number + transformers: + - operator: replace + args: + limit: {} + replaceWith: {} + toReplace: + value: + simple: projects/ + val3: + simple: n/a + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": 0, + "y": 2280 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "36": + id: "36" + taskid: 4b6724d2-8a9c-47fc-8408-01c3fb3f90be + type: regular + task: + id: 4b6724d2-8a9c-47fc-8408-01c3fb3f90be + version: -1 + name: Set system IDs grid field (Folder-Number) + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + scriptName: GridFieldSetup + type: regular + iscommand: false + brand: Builtin + nexttasks: + '#none#': + - "9" + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: Type,ID,Link + val1: + simple: GCP-Folder-Number + val2: + complex: + root: GCPHierarchy.number + filters: + - - operator: containsGeneral + left: + value: + simple: GCPHierarchy.number + iscontext: true + right: + value: + simple: folders/ + transformers: + - operator: replace + args: + limit: {} + replaceWith: {} + toReplace: + value: + simple: folders/ + val3: + simple: n/a + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": 0, + "y": 2595 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "37": + id: "37" + taskid: 5f61a43b-6264-4720-8e06-525acafb45ed + type: condition + task: + id: 5f61a43b-6264-4720-8e06-525acafb45ed + version: -1 + name: Is there GCP folder hierarchy information? + description: Determines if there is GCP folder hierarchy information to set in the system IDs field. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "9" + "yes": + - "36" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isExists + left: + value: + complex: + root: GCPHierarchy.number + filters: + - - operator: containsGeneral + left: + value: + simple: GCPHierarchy.number + iscontext: true + right: + value: + simple: folders/ + iscontext: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 0, + "y": 2430 } } note: false @@ -1131,9 +1505,9 @@ view: |- }, "paper": { "dimensions": { - "height": 2205, - "width": 2350, - "x": -160, + "height": 3175, + "width": 2480, + "x": -450, "y": 50 } } diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment_README.md index a4e93428be4e..ed4de7862cb7 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_GCP_Enrichment_README.md @@ -1,4 +1,4 @@ -Given the IP address this playbook enriches GCP information relevant to ASM alerts. +Given the IP address this playbook enriches GCP and Firewall information. ## Dependencies @@ -15,6 +15,7 @@ This playbook does not use any integrations. ### Scripts * GridFieldSetup +* Set * GetTime ### Commands @@ -38,4 +39,4 @@ There are no outputs for this playbook. --- -![Cortex ASM - GCP Enrichment](../doc_files/Cortex_ASM_-_GCP_Enrichment.png) \ No newline at end of file +![Cortex ASM - GCP Enrichment](../doc_files/Cortex_ASM_-_GCP_Enrichment.png) diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_18.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_18.md new file mode 100644 index 000000000000..f24c5b5b4579 --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_18.md @@ -0,0 +1,13 @@ +#### Playbooks + +##### Cortex ASM - AWS Enrichment + +Added support for accepted risk exceptions through playbook inputs where users can determine to automatically close the alert based on instance ID, project, or folder. + +##### Cortex ASM - GCP Enrichment + +Updated the playbook to store project and folder numbers in "ASM - System IDs" grid field as well as storing folder names in "ASM - Cloud" grid field. + +##### Cortex ASM - ASM Alert + +Updated the playbook to now keep track of AWS account ID. diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png index de98f2054e81abc6f0b5bfd3dc90fd27a38aa776..a4fbd36445e349048fbd9629475ee26e22f17a94 100644 GIT binary patch literal 1242255 zcmeFaWmuH!+AyprqNrF1NLqk&3DRJqGK8R{goL1!bc3S{Q7ILHp|J=NkS;0dM!FH{ z9O;Jdyxn^VZf9gY&-)$6`{Uie#JT6b;_RL$veFWJi7APzPTdrI9l>`b}Pk5iw zjPgFAJU?30>2c`|LqKG+LG0`JlV>OmKFyNxQpUf!_+e|-~Vp`)BbB>!jN;5f>uJV9@< z<IjEwl;Fl%+$AMoyYN_xGM2ZRLZ-Qf6I6*dfTDjX(y6mE4uV4laI&2-=A&xBy4#*<+c}l_wN0&95FF>r#M5(SEFO} zF`%#OWDUh*!#!86Mw__;)=sa69LGtVWm4jr3GK{UV*jQ9oL}0xKXO01NLI(u(eZ8Q z5uV!xy-e}}87PGkE<e9Bun~*kG}{Ow0t@(FE3w58d86!w&55KmI!O#zMY{w z=J+fwfUc7rns~oHtuN|q=`Ib21BV!;-8-}F3jGd$bXGkHi=urA!=*xLztrqk%dqkY z@T7TT&=mXS9h~9oTWN1LD$29Cu+@fOD<-vJ6KowOVB&0PzG1ff*RC(ej@!)+-#Dyi zzVio#DQnigy|Q59R7^ti+J0_afWM{Lh}#3M>VfmBH<7EpJ2;E$G#jsaK!23oUr@5K zv9V}=qDT8xwj+zqT*?*X4pYZDZ&zRjugf12v73Ip&>t8VRri+Nd+PNN4KC)mN)MdF ztUR>|)m$Z%(@c2v>e%q`u$kth+ml1uuUyF9*VYM=A^1OuesYMhXnLs5+^;l5#QsvM zamQ=(fvPX@+7dJjY6o!bTXqS^$nff|6Pu9H9yBTDLtI>SoR%T< z`HaB3E?mm((cTVMBQXgE!f+>~?eG!P~r}%5}6|ub@k9#b=0d@xet9j;w-F zyLRC`(ccs&n?>M(F0H?nz{Tl*j+?-{LDih`g!p~&gC*$FDET+Wi_?R35i-+*UruCL zjZsGB>nyHqMPHfwYn>o|?u|Cv4?DUtH*fp-5zarDFNE1@CZweBF-V03orgUS%ZaxE zpX3S?pWeX`Arsh0ib2sZ5HbuLs5iicp_dl`eJ4LK(Boj(zwZTCumlED&{GS33TI{8 z1Q#JYiSi&F{rb9J7dm6BM8#?O_-uK=4%e!eS* z3ltkDF#?vbY;1^vk7{1P-;(D<8F9cnj2e*|uZU-HJln84nizoc;n}$s27uU8R$zM_ z**efI8@}={P|6+zD8Kj^@bc$@asJW31WN>4S~9~el1?7wYcBI|{7diZw^l(6h8R5tOlHPw1>i8)~x1uoybHvNY#4mf9tn(qh#%*c`7-YyLftNCNDSZ?)y@EE$8o zs)h$167BQUpt05YGO!xH%eq6?kAhQEJjkJpi7+m+!B_PXu}#YKXjZl8L}KWQVM_jN zi#>L*Bh&h(#Y7>Sl>GD1P>XL*Ch~~r3V55;Ri7`V-XSOi<;t28xv(z1*17$Z3&<{} z>y5{ZdsEtssU+F5EEHtysh5T#xU>o$+l<7dYE_HOxj%GXom%$K z?OoHTP&G-X2Q%l3g(RK*XuQqJOp~^snzaXEe`wCo+%^R@UIkU7raegsi97%WGjE zRLrXVPK46ksCUFFQ;F50Zu`WR?|I(peZX*sZ_wxY3GL?>$vv_im#W61&3V-|&0^E` zFl;2We_!#d>OnA}e7~|u{+TSVl19GG)tMBTsh98hB0>8k&^UvMOhfBQ%MJz&hl#@Z zVr{QNv9*P2j7j!_)(mgsV-LR8Qwkc6GdEuw#AXX#%AUL$WLC!XC0dy=z0{kr_)bKy zZ}C`ilX`p~nQFn;yocHzyiM*o%Y7UZc}v)V@7?P5Sel1B_69_?M@{t|_R|Q-6hyoj z1!Y|y{@$AN+E3_xF(am#;|Y>`C^(Nwi}t+?w>HU`D6;7;B-c&_x=AJ?F`RhsD6cuW z&w2j5=p0bb;WM50&Myy$tvz`)5Om0S8N22=K2=FBWllZJ+4;QP;~NF^BZab9>dSJC882uGFbn z`A0}aEGQGZXKi~IELX=E@Tn^h|y*D$_ta=_BkasgWmloimmFm9dG_AP@W zXW6XXxy#XX^w}{sPd1%gEN}#0t4$AuQm%E@vxWZCmoyW2?K*K8a$zwbhT5*S3T`0h zb+-N~xFQMASBX)GFXAaQx?es*+M|1)CS?N7T;#kq;U(}GBUlz}UnOAr?FnO%uc}eQ^+H!VyHi#CJ?{JyZ@sn3*-|UOHon7d z>D6YKSovBJ+c{Ct<5diTt!J92>aoxtXCb+Uu(dwQdca3fy%gQ%vNYqS z7i!NQE)(dRS#10^dwGOCCe|H3Lh|93vu)06X*0g6TEUi$Pe?nR=CbC@j@q;trB+&V ziZK24X|~m%_$f;)W=+U(A9i^}qeqX3hBS2r_;ffrt{>aHI1)!UV)F5<@Y?d!L=Hzb zW^L9%uasUp(+%ahKgM4Kyb) z+MZ7uvWIv2Kkjnq@vxcib~Tq}b~z#+$tA*cvnl?(Yxwt0f4!jR52aE&oa{-ihcjAY zmKO4e2CAMB(OAg7eO5!#W)hljk+U*p63A>b%oNdkuP+$D@KBwJ(_gS{Wp$r(N$~zU z?{klq#uH^oc+{Np_byly(cTkBg#ac$O_nV$O~1XTp<@1Ib*1NpBzq}3?p)D3>p&s~ zleF$fY0C-aT5}?^kI$0`y#3nND5uG7`4?(yGNR(bKPpY->a=24m&VAw8Kj;@uMRlB zmI)QL9U~Q$q&cdna_3#z=w$g+I`I*|PO0p*`C_pIRqcVwUW@N%i3-bD;;09L?2YB6 z^ip%qb;`^MG%&hw%ZHhR!(L|IXhOY(}qn^5D80Er38P8s%IrkFw@lGPU}i8XszcZG+SAgo*-KikG}i9CO*eVEqNb~)g|O{O zokJj@bK*qoXDfoK^eQk1#OAyAnXkw-f3#0E=DJrCW-~CB+Vfn3wsbBn{=CiJM1% zP`2){>?w^1c}gDQEJ`Hkr*X?=KCWw(j|iQ!_K@yEPPXGz*4j5Wj&F(*wEjXhArFZ zSG`5)eaN==!GW+IW{T_$j+r^Vym{MU$0Z1Qyg3} z$yu?YHl6P_ZSHn0X3re0O_I(SupiB~w-~Cu2u6i*?I=+-JEuQ^*U*xGhy*K$x~ofAFKsW8lqi;OBKeOBm#{gZnLpR|g$N5&9T7b3N-eKgYC?<(&(X-q`Tn_CzsJK| zucG^%u)dAtq+b=i^HpKC#z?+;RixLLtF!1h+>2Opy)|mYlG#&LLf2GPsf0#9o|o6; zb_uQGUzu*d#ci1-+0iR4-2E5-RBDcg6kp3pnNR|65XWjHUA)eenXKyfx?R$HbcPxH zGHO=75{Y5%v{#<#qV`)Jl9`B*WPkGIjRg5=c1s^gbZJr-sr%LHYNy%6X8Tab{^6oz zQcTb_ML!`4KIZ@;2KoD3gmqQ4f~WZ~^cc(f=MqIPndHq7x?rlGEkEH|63pbMeB0l@ zQEKLjn)n*nO<>V*gl_Xr9FMD+lfTRnEMl35LMQiEPZZOTYZtj6zyw7Ho?gmJ+>Hts z*U;W_#!?j(Oy_Jq{Y8Ltp@OHnAkKLzFuYVQmy__AJcX$-f%lyU_Smd5A&&k2N}$`c zTn;Nd#yVo{;SOFc#um*VZ>1;d^jK#sge9$FyhO|LzP5-|3$Iv^sHW84GLuG^8l`lk zMDZ8}h`AhN0!&L7Mz0;0KZhZO%Zs`xl zc$U_Y(pJO}XiUi%Vxtvg*{J-(%t16xmsE8Sfp`9Rwvcu3@(SJRez2Nv-*otL(R4`H zukWkE)W9PurUW|3Dt(l`z?eF z^899KLb4K$YDx^MgHqm+DwOoTlp2E!|3pC?Ap@c(B0{ZHMpM^TxeQ!Or=1o9eLmMP zS@;W*@zT=Da&L&!-yC**WSa8HUqhPfszW7^OkC&Hpu%P4ERNLyL-+ZsP zjG3mOrA<(BzD|Z-*UGrHHlVx1s!PNdGHv0u9G|{EXg|zt86TXS-<#9rz!RIjILzNu z!DD{(ldWs%={)j73?rZw zAoFpk3-RQg*FlK2riE~5$zGO9uF#inQ_c`j^JcTcx|w0(UEld zjxp=@147s&`SE3|&$}2;JB9#p7z#`Wncrrft4XZ(TpG{hFwXAtrEb1@HaFjk|2PqK zpcrGYg`DuJmvis_+r-v~x!DP;Y$@7!(qc-<18HY+$6B z5Z}{(034{M2g+^By^JmVgbcfB&fKk!5CBO)dll2&HXaN!*)wX zsTYSG1Tq;dU03q4&U9e)OYKq73-*76TK?w74~C=m2;CZgqndTc<*n8B*mOouli9iM z(Zs5!XCLmU4^Ht?@$(CutI`QCvKpiKRW$VId!6y}BT< zrC}aC=%!e;o{TsG<)OJ!gKCl461A_fS>qY)Xk)JqYprT{@yCqzglh8RP8*QC3m%^#6?7^SwcJ4@8g zO_Z_3maGX8h6IZ3BcY?E5wvorTm9~8E-baE{>~U9wmRXZ?Xz_ol3jcLz&FbLF7eHX zSWMKC&f;pgbb`>>C-V;}t#>DS!Kg$mS%^j4Awgx&4o91UqUp_I>@9Hh}o@#D0&JiJ+r3{6f&ej-g%qO$a^nsB0nsdARj@}q%_kVB=j7&>fL5sl} z>c@hEUmt3_v89wu0f$*W&!7phS{#apG~&Np=qRBMb^Gxn5HBmamEW0VpK4R5LWMDO ziWQOHV)`}L#<4y!Z8c*g;R-P=kbb*+=1>t;Ppu?J<<DZPQJABR8iV4vD$#I~YRk z$I}NJv+Uieg!mx-cYq}hZnIn$+K*Kort~Lxs9o$?i7rGx+)=o;id`#`78-jggj!wd zTJsDvfgse)dwKJPw_N+SbblwJeXO2k*OxArT2~*;oz=E{rQ-x*V=hbyhzw!7w7oI)4iHCdCaKHndaoeS)l?Pj*^$06#l&3j15d5GSxH`Dh) z<$>W zNYDV-@1qcPup!ZS=Xr1F%B?7GX;A@Mr}^%7A2t_i`R4eEg$}F}Ibvwcw%TL)2g4rT zey>lA8V7VVmzay#jeT{TV3u z43$W3t=N43O2Msj+3idm1-g`!TdHG8&N`QLr{t}C$GMI(v=pMkM5XL$Umtw(0!yQ& zr9n}Hrb*4-h$QSCqf4ROQS;OetMaW$(-lmJz>yC}Js}NPE*4w;(wl@hF-fhhHbd|H zwlk=H5-Fs4CYYWLVII?xSFZi+Pp2x+XjqIijv2VU71zwz7xkv+gA6fQc$nsJ6(-~g zWU8G-msrV^b)L6W@uo6fwq_yZlYeaYqMIbj>VUn@bfy3>BlC)1MFs`(a=l*V9MJr{thtKwLEy-S>F=eao*knWefJillc z6-<_M&`ni~Ilro-Qq)2Bqf3v=sHN2L?qE<`OH`Hhwo@KwIv+pWCwNMl zzx%Idv*;MJX9>?t#|SEq>9KroH?J;?j?1Q88cWs4JaCmpFSX5SNy(~3w|udJz*|?1 zHV~5OzoFtQ3*^uh(Z7BE>o1))td7HcFaKZxbWx*CAb{oEo(gh*N&rF#?s8}LWM`?4X<-@mo}y#hSDD>e|za4lqCL_&^Dmy2L%61Xg}HS zS3*M<^hkdXs>n~{Qe0 z`rh1l#~VpMb}1T$0b4B&T>LB^_84T+#e&m^H*AAL^t3({Czc8)@rFz)5^{xdKl3Io zHHNnHGr`Y6QJ?x=_}4D3H`$^LQbCyf7m)FAH}1%|I8YV*CO%)s-oo_uZzdn?S0)28 zaQUv51da{=7SizOlmQewqQrP^SLhFO`#(4x)uRLT$*%!-x>?RYtQhoXLI&v|jL;Qn z2!7Nz_UOwtVUnj4j5qkayMMcR+T(TIY*voVKLWld2 zFVBh`cw--U-i{ta9qs6Yy;FyxmgcZs;UmiK;s)F0_9tk&l5p8h_O@T+CZw;EA(n;u zUS3|_&o5%O&f;`!|6zIL3W0|j1J!x&s7xJV>2PQH$J{H~P>O2(8U-<>29BP;d>Fou zCRSfkQ&S5x6e6rZVnck&<;SORbr> zkUb_S&d>C;`zJbwf;@!ak zIo|li;po&-6|!SBD(IpbonlWKbMb@;Mt~2t*6X8=flrpq`m#Tjw0JxyGdH%oqPU1@ zonVqqAT`$7_Yx+$`fmXtw0&`j%zcv$X6FPXR8mW;z+Np?a$4wX(_wSluOA~m#qRB~ zwY2~2m0J+tw#OOZmO~iyTtg5p;H-;#eF=~SB}LEPR=pUDoWF6eUPg4`q?})AijACg z=|wW-w`{%%JJ7Fpo!%$S_voYxy<3sNaa?!#QyJpAP7cc=K8-yY6|G~RMd)Ka4vBUO zF0BhF4Ckx2fmkSw-9ydK3F7o>hG*$6Qq?e9emU8M<_w%T3~NR#6Ea@9KTCm~6(^4h z51o6NnVX5trh;5K^AMlnP18apyPd$qMg)*lNTvR|A4|T z2l=tl_4wSRJ9XcX0xyIwioEDFYOX+3XH`k(`9-bxLNYhNFWI!`S$tp+p8!MGP45l^ zE}r@2ieY8jhet-tBT7jFg7{6fR->Y$%OghH)6J)c8(7xfe$*LeRfhHoT>?*>W(IHp zvjj*yv%9(x_zv?EcH&2N3V+YtW=jsGbvKTT7LomOk_}KnUjpCSdNbb|-sU6+ZZt>h zp2EY8`scwy=PO7d#q)ffMr9XZB_ECRjO!n5BwO?_DfmZK8G@T=e>juuaoF=U-Y8`Gi7ViU5s~{aSx=Eci;N{ddI1~4&2W-F7 z+K*4rh*_0EwkZa;pwq!m4BE|l9*?Q_Kj5P>r15K+QV?f)Z2QjZ8;aLAV&Zp9q7Om{ z(|2cM5}xCS`2cETwoeQG{_1~xQj?9;t0`s$DoM zssf5%dv9tU`C*acxM3?2KG_@3_79{A;_mk~)$GE}c42~u1DqHuz4=Nnk@VGtkKwp# z{tyz50cJ6z4{O3hBtHcL*u&60)RH|sh6i`D0ti>ivk2kaX&oSC;&7%tPc?V1fAq^e zHThtvSi)ami<28P*?|ZK2+C#g$j+Kau#nMXBPKl0*NHW35+KTw^GJIAqhA<&V*>=v zqx}4K*ag^={sAu=p5yDk1Jtr?&65842EIR%I6xB2-Y|*44N-I%5@ifhX<@>%(>le< z?tnAt%5GO(|LE6yCc;t{Y`-7@_o>W}9pw}tS9*k7%xyvQA>?%4Q1Z_)BV=tKB-XaT zYe9e;H<8kC`QZ=I@|&+j4}m|{10U|-Az^VAK&|SoK}*~lZ2(D_Ba&c=vlGIDyX&3^ zSJszFJaA|7|*GDC)vANI_?V$+E)S;^Xd=QUR`5Fl4?%1~}72Fr!P0&@ZD`$PB$#os0 zznti$D-eQheIENS*Tuy#Xl^o$ydU^$A*C?g)_$Gw{D1T1z~;~ddC#wz54YNg# z)^@c6Uk!N}C-C&=Aa}fG_c}N)40A64z3V=KLXScq_RB7KP_h5iA;ex{`pXE{6@NXf z&oMA*_w{-hCpReg#NW!?m==jJ*%tVBEx^XD#*k*KVA58u&5@H%9vL0&hSbAx-TM3& z=JXx8RewGs6-c!oLz;Dvidive2zlZ{rgBQqdR%zU&F108t=3@)R^U^huxk`jxB_dx zzH{AMocOBe5grE7#lbh!zO21hUX>P-sj`x3IGE;@p38N|)y{&D>O~~`!W}uZ4s<*a zM3<4xBQ-tw`^4PiwTr9j&MwZ3kR!cEF68PqA)Rvv@sS#*36RfJe?Qx%OczE>C?`7^ zY~A?;LV!ub7D!qbX?hXhAHsM3?X5^#u~AUW<}iAh4t>5ztORMuc|Dp0;X|ZTV7C<6 z#X5ZMYnU$3m9K~U=9K^brY2JL)oKuzoRQf30Tor(JC{9|HQ1JF;bD-rA=jUqUr=P&V`G-E^-vc46%p8h8+(Sc~ zKu{-K{rCLL{cho{MV5;>FI5+x9*+_(M z>yK#vYTf+Og;#AlLK*uHTh&{f33Zq(#efV89Q_25>G&^~sFHsKI4RLZ;yT*02|$iN zW=q5<=i>~q?*E7VfL2FqD4s&=zt=Pml$&9Mb+5|%m0F2^eSDbx+4y&;1#SwDK;m(2 z79ws3^gYCz*wq3uB&~+)nQCQV5`esoTtsQ(pq<~ZqVWfTqyJfyGtvy*f2)-AWzhFR zaxT+v1%n;YiVn(sde*`qyOPM!cj_V}PM^Nu7pwLrT)X(Pnp`GSx|0Ug-$}@7-#)NW zll=P(|IiT>|f{P|7W`bj6$WLU$x*fYtTlt}a>5)PLsK1Jr?aCgj%0tYLnvm^9 z?ne#h55^)9I)P)P1mERg1`(XhGM|Eo>oH;_ zT#@t*=R17z+2j=WwK)L)3BcrJ)Q1gX~@K_2hO3;?nJCEy%Z! zo&Q3O6COX!DzMtS6n^x^cyPUuIKz~KWac5TCc@XM|3*pI=SF~2mr1t^Qf`ki;+0dH z^oM5owZ*tK=Cn+$WS``kTpi+h8s~P?bo*~#LzhqPAfcvkW6RKYST1Fp0MDto!+A-S zWG&dV-#@I^w80_C^jpq> zec5X()Nhv?o=f=t{|YBFg-#+m2TmvZet*;YYZ8UCLZda()2hxD=eBw0@K4v+zyyeI zpS#vX8X2=tAtEg?n9cOpVN>u*i2%yoIW(%PL0v7c?Z zd@HO$K|`cb-F^%@rk(laFBW^z(J89i>V8@*W0?qsv~=Z}HdectahiNOo1>nh{g^@E z3|b8h4LW2#h49j7B9g{N=C>^C1RC9@5)7ItBTeuV8c#cMX>~*c8T(+m(C1gYyIL$X z;)=Z}jKc_=eeUGTg-y%wjsRbNP6K+bk{dEI6mtaw=naMH z)^x^k5 zFa+YYNmus5ip45Y^##2Whk)7jKBU!Nm9n>imA^p?g~wc{WmjMVtif(#Lbh2*ISc3=DPcnQOdq44zl{twlU51jZmQB3F6Vb#V~ zo3$|Iqj-t?a(C@JUv)v~7D;j_I=6=sTMyk;p;!x;W2Xh9WxSBSC8T$=S+_||8(Nat z=7Yw1t6ysS{vnYT772uNvG4Se->tfhpS)KMJ4oP-bmW>shgDH7dYgF|yUTQJ`fTfb z58WDtb%(9q^2&3G*Wuv|MIJO%M6@=VNW(H;i$$H11(XvMfETu+~$`ctU=7e*ooHmeH* zJ6>KkPr!4 z%j@mX>|;8stXD|Kk#Pzc*Aw0}o;lY^A!wn0)2Z+<5<%(z-hUu!cTdjhVS^9pw?*@z z5=XZV7>lDyV6J_69J*>r?S#kb0HZ3?1-=dg(5ZwAuHhJmk52 zA@nBp>kWk`=yG3jAVMNKHap|i@!nBUY-*R2kX5tO(xa02 zR?P(NR}=PKOX~j5lmtA5zdhzQ>hlNcfe?FRe+AoBLh_f76DB_dEn^OyH@DNdlx!|&CfNVcTZVl?FP1ka z{+K|p#aMFr^)E%mPzj_}C&l-K#=4!0WHoPJS=@VGq6UDWe_ihTEx!6okl1HMf-vJ2n}Kwe1R%YWSWTN{?rAaJ%hMJX@8aG`I4ht`2|-w z)7xS*eVJZ1b=}KH-RcExKp7EY2E&<#qv9bhTs^xj>NcD0tv(tj^FAN?VOZ0$(_yMo zmrY=d`$VPtpwrw^S9Ox_fz%E%7;P13!09i40>IUm)jxevCWt>CrBV?Us25_X&~S)> zC!?&??MT$^FeQQ7Q!zi9o1nEakRG!f3UhwMmb>?v<`I$?lszOmBRm53+o@ZlXL1%Q z`M=tC8Q3%;W5Zn61|@E+&{ut*PEj>sdp=Okk#jTKM;K`WZw3KC$#AoZ9rK~_>-T&T zH^xv0?$!ASF{E;rs?i7g605L_A=mizvkN<=L+Zc33DPNp9IEx zKQ+D}SLp1ndVWHW_!!dXK3@sa&N*!;e7=BD^jf3vSNTw8c`hotYT+r=XlAvj`CbMY z7#NWT6D4}epl1}Cgey$5j_8c17t_Yi@U;~jkf6S1$*G)vE1(NHa=C6#5B`w%kOuBk ztUQ8R{rdG`52(*jrl1(%HE88LRd+;&mhZzcjPMYQYs&ZF3&7?W3CwUssNNP|s5!sS zXXs^);My{GpM_PPPV$b-(NE^n;~hfmY2QElH%>RhBrtT>n$vksM z?Y+tptEANs6x1A)*Grp;RXnCbZ5OGOoER zUGgB_$zWj7!y5RzBoPnZwUc4QFh2`t{q{P{$u5MQAoR{0%P{a~_P^B&dY~>hq1rlI zomTBOtG^qj*ffDW&$4n20f$g#6Il ztrZ=Ua+e395-B`3<) zs+hc7Y3%foL3Qz~=!VcP36ew+~u+zBGwAdx)Ar`ffjDcG{V*u*mH? zUM(;XG+#k!;4s?Wq~R=L#tl;sjmV*vcK!#xWxE;y}&!z^rOym zYLeodLsaVmX+1I$Mh40v`J-gxCNm?gj@Mj!Q0iW7M%<$(I_1wlGMY$b!Lwz#s40iG zoITTU7sJ%Nv(OkRjL>HF-pBGqMS5pDOdmM0?e$g8g@+IKc}mdQo{Y`uel*w=r;#rb zm-g*x+Wc#`Z<8#skDE? zm?$4u>jU#QXeRUNiXeqdjm(SEcBQe>=f}eA7k4U?v}1@xh|E*dhM{_HCTm^2l@4>K zOKeP|V^Z0hdV4F8@dN6%eLjzNdD~)<#(U%Rna07!7*zoiFjeERqDx>Ii**cR#4 zBk}H(he1{i7Af;>wDtd$RYwaRf@dv{?A87p!)JXgF0qTj{Jkc9jnHhfwsu2lh4}i%gVbL)>g32 z#aoxKbOtfW3Zu|wA3w+_df-S?UvB}}UZXGN`!8#Zsl4CIpkY6jOp(!MJP{@1$V?(K z`VpBJ`K?L_>mD8ZDFO93NRe{^x^RlTNW_GTJgCSumcNl}XK^?jLjn`tj8aeC8H(MH z$bb719hc4^3d0P2=gO9hQ^!)kn0kyU2Bl4Lgz>ii4S!B$|C8x$HLoTb;+&ETUN))Q z8wtbMFWuJz=>x%v$E$-Lwb%@6%QK+*S9_C+gSG_J(Gs!cI3V7x?p0kVra(sDT!ipV zKMSTJXPZFbQr+aG~0j&J(iZf{U{wirJws+>*?7EN3=Z35<%K zFd$~61RE_XERpnn1d%{~7%7ymZgA1cuc_ct|G0ypL^i@PJv6pl?HXYoLTHJxF zEFzL{Yn~3<=nGyv5n!V~f&u}U!duNSsD{9v{c6+qUDG$O?A?voB= zxW{CsSf_(IBFDL$mgkYV-@E!?*0|c|(l%_`n_H8;B6IDBkf}MlwojFCng<%CFnLo< zWeCvxU^(v4DUdi>D8Y(nTwd;CUIP6XWS~p`5mf&IGB=`IY)QG@y33IZ5~`2hStHd~ zFcjtBo>`bJE)5EtLfGcsf@9IUh+r!fRIp(3^7w9z`EyU$WJLO2KGNhia9KcyOf)XM`phOt}v( zY6+MA%xg)9(6a|oe2fy({L3&wMGGP(COhf6U{C>uTlXp}%vItMVeZM_LqEmeGhO#% zge7=C`r+o28SYJ;p`5Q!r*CRKp?|MFzWm``K;Z2#KZ6Pi3m8$QZiPBo(WZOl?(`BKls6va1Y^gtN_OC3E#f%-~z z@_0EYNXH=+es3VeHI-PA9uk3?pD1tJ+GUE~_7wHIuJBEFA28TA0-3NBA zU9&EB6J>Jy;NauD-cS0TAfe{J=kEi*P{!o(JaVVwDE*)+Arr&+s;#9?E7vUPB5elCQsst5reVVE0Z2Rn_(>Ts*jb z1KE6n848rT^;ohgGJWeAjI;rplv#d1mQsKl1au6d?~t%)bT>`%^epRlEMutqHZZ7t zRqjSL>v&6P#b-PA(Cri6KiB2#Ol>|I-&ak&T?Mpmi%M+>u7l-1*twH|{6cl|x;2FB zh><*KyFCo%ZW5l<%EyzD@{KQ>Kg|&v884sB^b_XCwcukAS5_=Q>nzltD!D z0@=lkVP-aw;Cm53J;r_kU_fI^o(|PF`_mh@`Wx*xfKsEw&2ayG%HLnw4pifa^u9;R zz*3ImnW;D?F3TDq?q(a;2#z|7b<6KZ_Y*_g{;oFw+Kuqr0M>tf`#sryl!8>>g+G%A zxLH3`oop!VzSwSUg5xJ}!Wt24Gex@**HD^ulpwX=(3h1h0bmc?0KavH{r5GlL$vBc zK-rT`2o3!5y$H>U0xD+Gv7I<5Lp%mt76YT=54Z|{HlWMs6vW5QJ9q)uk*=4&;kN;- z|GGw`3eYsK&!In)t@yvqa&bpkYQ(%Ni+96T|GpGj1u^_uJ(W3rf41=xXbItLc{EQ8 zVBZM8-{L#6$w1S0nHm2~w)gLA)}Db|p%(!ajRV>C1~{;v%mCm|rb$%C@oWQ1HZtS} z_^spn-`5Dc3pCwuUHZ>ak}crrn;^HEVS?SO9p@T1Z1p$o-jxFI8wlOb!trdKmwsW$ z4e;9t)*s&%ZvdKp9~Jaxy|xvxCy-kW%ZD9ANv{mPK|1$dE5@mRNz|(ztbHeG0VU?k z{2LCiPSG`uutiGe)@odl*L5U{@7;Bpgdqaue-P{Z{p=GRa9ZTgo7{>*?#Y=$K#vI$ z76|7hX0V?gJcbFmjcSU;TwEBY#@02qCd+r1|s2ON5lY)FY? z*a-QCCIfn+r&yxu*|NT`W&-?b4+CmZVg1#=@c=UK4D4l}CZ z<;wA;0&2K=f~~tez`4&@;pikrm?*5207?WsV%0KUIeufELNker# z59hi#;&rf{S#R{JL%zhQrbePLA0)`JPz1JN*ME_m_!6*fN{&eU@lBY+0KJD{O0PBP z&R%&2p0}k>ypbQbf{{&0BQvVh$gU!L}wFELe*< zaCL5Sr;{&Qv)Qy zrcgcCAo6EbB`ZPTb2Q=Ll>k;{iNLO{>NAksa1Y{cp_GtD<^|BJ_FM}&8`iR&($(AN zvK(uR;V0t@xY&XR%$&d@^<%hX#X4!q#u0chUI}1Uj?*{`0ZI6cupY!$hgo=W7s+!5 zU%M4SjXaH7hQ*yP18D;2elmS(31a#{)ut6(>*^bWVlj8i_y_I#A=77*tkFn9IK;N! zpG>VE8H^4;CvekEG{17!>4^LM2?D$wZol*U7IY&x`zgLj1M9MH{XV~P;h3Bz@Y)12 zu^fJfO;yLyjU(IU1B{nNTJ6cwa{}?|<~6Xar|CD}!IFa$^84JnlMp5|RB(flg%_p$ zM!|nd>};yU1tR3AXfMExSUGjeUQ+PfMj^qp z3Gl}hX2L@usiK993P5Ic!^pjB4ZPC$_mTlC&cSya7w`N^bQYXwL~LL2J_5u1SC{(q zKoa(`Wx^DA=uBY}J0jVyQ_2n;!nrjLmjj9{c2@$dBq4j+l4;%PJO=6%Wa*p~d;ZmC%3E;w%cz*A%+%Iv!T}AFvWM9C;__xOU>86y)TB z;cz?c@#swqFXXE#mjTV^J{se52+6>!Nxy%e{m)i0veGa_Ta-1H#_%97%nETm6BQNk z5!^a=Cv5|DA=JEG5}*8r9%s}d>-r10sR<4>b?hi6Xdi0?9(j&dK>Xa}DH5A^CMR=% zv$G;Hy#qJt)o=kuXv{UTHlI{ca}F{7A6Tm5A%l)Rmc#xNT z0?r(qm9WVV76SCbXut+(%VSXbLzA;+t=>Ora^AN!uh&6S0Qu!jT%byN4WxNEUIh7R zNnFp@QTeApC!#Dp!TlV?EDgtON(X2%#4_0bp$#7y5CR#n9}O$tTo^3EN{vlU_IQvN zNduHSHtOSpXQvH!9)s9J3khG|K|IILH3WVU-MtBrfJ1T}0Cxl1%73_^>+1HWXb3wD zq#5&g?Ao8f4J(O{f&F3Nye|t+AEN~dZdcr{XtKFZNO}fncG2v>Gty%xYZz#sty|SL zADvL|2PlFC&&HwzP z|LAupQj=IcEefrPE|X%&U|s*!Pf!E-T#N)C#=?vMp+-I9`0(@-VfV%N?nHiSi3{qh zpkuF9STVCoa0GB1)w>Jp(ShtO#P;0>@KE0$l0d({ zp-D?%9>{$s<83vrhD?O9l0fw6EHx8F|0lYB=djlJ+@Nq&0DFt)nabMVA0wZHjRU$Y zQ~T60n@TGEr@5m)RwKRAgok?2zM!&F+@mu$7YsBg%|<5ga7n9=duQ>q-^)$`N&>ph zajfHYoqB#fZj!Hf53*W{Zw5Zc2t5opZ4eN^9uUlB%jsF}>L!f4H61|5Ws-|fme#aEA!z*#gTaqpLI&0Q+?dQ_Fxk31R zf&gXMp(4x}*DnzNirV^=T;%uk;0G4nOnZuWhb}J8Vd;=Dbo9PTudg&^;u>WB1E2ax zPUntsEM6z*Cr1c|i9dS5ku@!cf-z<2PGcxA_k=MHKKE+zngU6PWo;QGf_KWpPmt;l z5FC*doohFrfFJMREx!s=R%xN${Dppk^63tIlSV64#W@8`PUzv`vkml0b5j#KVkhe5 zW!S#!lq&n1)%G$+e>jM^`b6Z@c6f*=Yz(xeQ4W#9KVYp_xiFuvr)zE18XVi$iwa+I zoY#~r8*U)cNj5X*|Bt;l52tc%!^Zb6Nu?r13MoZ0FGFTZQjyA#Ir9{fIhk4w8cfNw z%o;?6LdZ-qFGG=9naUg@WS+k3w)c+S{m}b6zVEN!@&2<9yTy9$=N_*68qV{)4r1lH z7Iy2L8U$&}dbf)s>($h&k3Ta6iVYd@g{Xn%=K?&}6y?F?Eb%C$_7cW<3Z}7=&P!hi zFG@=gbvQ2$kf9Wyud_hww-} zgX@x025YT2${ceQ8d)&VD{v>j*^)T4zlIsq10d0=`PtmqH3a$;Kb zn7ON;+m#t*;DmAWjT3Rc6glU8Hi%DrzP2!X6zWZ~|Z`{z~Bo1!MS+{EdB1=+@?$#%xRf#e6W9p=( zS9JXLNf5f?oqbU5&Bnpkc~!D#6!U$}xZ&cqJD#<9$?3)T#olAgGO6DCP?>Ia&$LoVSSmW$6cw%Uv}hGQ6wcn5fP z;$Y0^%10(9Xw8ATeRfZcjtW@&GVbI^d}YA#{B=8;o|rT;aCf#ohmK7@dRin^(c0<>?U zo}WC0G$WxAj>d!X2%PzAqqQxUo@2-p#gxF76HM0+UM5)ld&2SQv}Jm>P}M?4IY>Rl z1ql2Z)~)I1f)^@T(i_(2%#Jk<%|RDw47a9~OxCb3udL0U7`Hs_|Zo(|H~eNg6WY#=i+~%q(E8v<9!B-Lzsv zM2vpV4#{e4;n zzHP@RPWfg1nFV_#tpyvU@$y=6M7_0wP}*{*(BE*bEWee}=yiI>0!Q?M%Q zL%&!r0E%CVVg@~7_XJ>ujEFxMRD1=Umlrr$JFRp0$SJp3EbPg;IW0KL3P zywGzNL%16oi{1w6;U1<^vVvN^=D9B~iZ*fRe*q@A+T3_Te)I>I>KzKzgQFu^9?Bj( zgb0m+O5HizeqanG1MpZd=w;P&pdGp_VD8#|#V+_-P%ETQ3Z?a|0`gTwUl-QG2n4{E z3T1BgTzW?T{fnc_wMvCXpNuVoq(($hE5fqqbjh$S3e{O%8rRAv-Qv)HbMs=W=@hCt z8>z3BpU>M?Xe4+d&BYgr3gguk7#5=*Jvz#<@iz$oy+7Az;t0gp_eugH7Q7;WyPSa6 z-h#SgwkJTdM1UM0fQ>>0t#&;UGP}ZLCF2acu9s6vo`S5-1dx;%5RLwn$5h>r)clCl z5Ugg_mvQGgBy644m*j=|P@V&6`3a(_Bn|X7b$12^d-`+3Z; zpiZd5pnbQ{7Y}j05U1i5lnD*tJClL>9=tBHk~3AINN}I#GEws?y z$w##T$({@@R7h?W zw2nLI0IlN!0rKnmRbKZFu%`pFoEP20m6TK?`8wH- ziMDqJu=AOurEFgYmCXA@% zPpQi6%>w>;&K8xBBs=q8$6mvQdtaez<+5d`xCv@MRtgUFr!3~V>9n(Ex@ zL5}?9Q?6|^onloi^VZ-m%|5G7soAEGp71;y!+l_e2>WVzmyJE$Z%ptFX!wCl@Jlek zt8>8w_Y!n?C%trM_P9^gMVEkW)d~($-m)2bo^C1XR4FMrWH={Tly)0bzK~t6jvgI% z=}(rs{oQttG1J%Rw_iXzU~;1TlsoQ&p6%HX?>=0K*pFHn`Ld9@%|P0C9(30lgeW$~ znR13u>nWy3H2a@v1EJRw{RCy2kuquSK^tJ@7xzAUE~(5r33-UXD|~FqU0EY#RD3>) zqF*0vSr-NEb@!1~-S(mvQjC_A$QurN9_Vy3AmTisrt)?G{bc8v(4^2jAi$_)dUz5h zqk`Cd;1)Z4d%qv#HYQ3A=AC&j5~PQ_Ryy+)G#n8Jf&ZktW&gcHMv7~5VPhCT;*Tr8 z!rX`c(Amc-?vs_ezTQXeBAtyaC!jZpP`}F@X&qa{>8tNwDnwIK+qK#$88eA&#Lf2y z0MB6^Yj}#svl#;LfRmuhF*I;Ouueyuv?N|im_XBB*vA5?*boB$nRk`*0uYOiveylH?&M4D3opB zeibuA>?_lIwuPp;uc>QpwjU_OeW*hx!ah1{E9w%NzXvKSvj6#chCCoh(BsEjxqV8m zU7@BGxj>NP3F1xNveD$&s}jU;bZU>0yCvRb`7S&I&J*Rlx6|@)H^QH&9z{F-KWDswA!R2(sh#_oT z+d6l2$Kg84&1*L^X~Wp24k%M{j5k8=sVy~n)-nQm%Fvz{yjfyd z4{y<1$^|wJZkBI#d4>O(PLQtAxmy0XUssZY?d)0Bz_SBdx6OC14aj7h9H3Y2dMiwr zDS}qrsG0XVZMz3Xon>wngSxz=ruk1V{ifHkHkL}NV^;d@=%6Bf7|T#EvCIfx+u`xV zgigWa)dU=!%rB23)&uD`9GOD~`td4j-cXySZED)oAhN+3@JEQ&g-o0|Z+p)9Yvtbb z(AV`t&--U;h-HNEtSNaXeh9@?)!g<4|8VN#bAAHx7+-r?iQG}VNG5J|12`#^LrFQq z6}UruhVR~=)#8H2!O0NJ4hGO{;I|}BcfBm59K7)Ai|6ny%Ao~WPvCV4*6{=1_A`>a zogB##Vmmwlv=;uz0FMTMMr~25?u(!lf+uaafzBSj0GA43_ZJbdxgh5mNzZ3;mr%#W zp?nC?Ta&h=ghC_Fm(C{#3X$!7tZot*s&7diFv$oJwd~LbXgCeRxlP}DB94T41lOFe zn3I5uzqlKSYKY?{(3F8&muABo8gOc-T(Zx#a&5V!-5=gflsTAouoDudqU*y%&+uv} zHyS7Z+kYeLJqv+NhSp#)h9kD*Eb-2-N~Bge%i3LK;ebeX5zx?jL^QG3T`F5|7=TG$ z-qi<6uaX6bxbd>QjusRm0Mr6JbV>nlu%0ww<3H=gAMR>v$cp9Yj~21>Yv@ zw0e0alRLV3;-h716-of^$D1!47k_g_;VKKHhkzsD9+qS>PAZB74e@wP%HO8vweI|693Wp^dD31+7drXcq z7MHt@)K>WGpFf)W9u_jP+r4uyF+xaF1jk)frp8M$nD2l2)n`qBRmI>Jj76bPL3r^k z73Nrt`rj9<6rbtkBGPpe*exsfj}1rVW)O zfk=c@<=5*VGvTsMa-{4E7_0FJ^Vc2FA6n~bMbRcPPDQENAFl?o`c7;QlS}FZhMrqy z=>sor%{k8YM5Mn047fqmjQdOr5d6wJvnu>)_V9leM;G9J^(v9c*^LasFBF1_efdK^ z)<=$p01NK5rBs^t&Q_>PO|*>XefT~dkwTabsM`|)G^S9Q5gw5rG^XxVZJ zFnE=M^vWhZVF5yRhs~Lsb&?SKuQ-o=Iz*Y}V9TX;+vpN~^E``BK(+4L`d*;wwBUG* zZO7L45k?0Hmd`wbG{-WbEeljBRdZX}M& zuZx0}|Fz5a!nG_#B?uyZ#1=uOVdBJEfO_{4-mYD%b?U6^cy=o=G%vA$){yRzlJoQm zsEN2;B(F2L$HDPjY*HqiAX#zy9&){JZ$va!;SnOg{KpU)YCA6aAI3)xX0u!?hxNKY zVfvXs{T@)x=M2iAfb;4|Ffs|HyKgcm?I{CSj5i9@ZH1w(Ezdyc{)X;jzw*1*&_l_1 zi%B~(|Fv=u2*?<^!Q*;ANBQWrOt5^n1HCv?j)giB0(RP+H#vF_Sls%z8Th-1SNLS| z&R3f=D0IC(&}x(gL6_(*7H7EFE5e3#a0wBh=q~YQ$xxuMK1~WK@Z#>DME^t{NZj9}1Xm`=co|M9kGg#)|&hhCYIO;$+WWtyESNiB&KL*N(3PtloCi5Ua)&qys8v z?L0Do#lPi`vyTr|Uv~3!MUh($00M@<#s}+mtCZ(-+g5U^%{jG08X!MnN2oH5omJ)> z3c=olPF5o`v~GMj-gPy-UYFegInNuY5V?+pzqit*3zF-jlH-{*L3Os@M11&*Ub}`+ zQbSui-D(Z1wD(UXO&dUCfRqeM$NqJD`L|fQc4*=#s>b`^#zG9)gl{0S=Lgx1{D`n= zJMaO6zVi+GQ=5}N7YW6En2qIeV~0k|H<4t3*B5jlBS$~N{@wAR=N_{hsHWllj@$6P zH^+!s#hmf6urBC&t;JVy*A9@%oUJN(GI_e~v(IuY6xUS^^3{~L17n$|wH)H@a}R1! zaBh6rc;MN(0LGDdIto^?uDr_}7zdOQE$Lgw`spRcanbAhnFNhlvqtj(fvCqLljh90 zB{HGCs(tJ(2Fzvu)p#O8CqFNk8qUB4<~ z&R0~X;pcj^#Pw_FU;v-4a&>6;hAP{`nnvP;zUnltm$iraBas;MmdgN(6(62=pZXdn z@2cti0jYb~=G(0|?krOmx>oM$7d_L#);SgNfHXmfo_(erqP%CMv9gSRb!miVXaIM2 zcUd3k-;sv7Hi323*X{0Rs!m)1bro+4iA{;Yy#Gktua#Bs{s#;2pHpApy8fjKZ)md7 z(SQ+ATrg3+=B?u@us2=WvgFsH=;U;Jqg}7D#4d1%d?Ot{vHJ?Q-J0lC%h%j*`@mFj zy96lsRSHx*WAV4*4h7SZ`I8*fi z<4PevSalEMvn9K>_UtMy$j-gbzI36EYz}lJL$2@`W_O83fppyVgBP?d!3lkvX7Qmb z%c`oCjqRi)Od(>zsKZ${0Npa(81E{2}%LAKEj6_ih&c8GVq{X%9n-*$?KM(ESKbYNv#~!!j zUb%Ag3p?>|X6%yL{mUktKLpFPA=}93-?3g`9Ms-&@VNY#jpRDSwW@4nL!f? zXsTd?)GJVG4$>~ZC>@NPlUJaS_O#_KlHzcLAOr*sB)TtEL4Jx6vaq(msiIYF{csx| zup*O(3((e<>r}^=191H{K}D-rpqI z+7ftup_V`VFe+2hF$Z9iswyb1e187G1HN}|Tuk`Ob(%eK3g-Z#b8=1?*6Fd`ZfKkK z|7NGnw7N+FDy|KHp?)Y~2ANNKsj0VqZBOE&7Lv(|BA~|Mw~!bCU<&T2&yH;fpyE0b z-s%maQW;;yA@Kmted+%(5LZ^XsYQN^)O+T zL>b5p(_pE>FR?!hO#FFyhrYy&60oq0aC0c4Oja^vIEztMHAKfzqX{mp&Im|D>;vEK z)pnfGF-wrqT5y7(9h62}X_Zi8LPVYLfu|bkFbH-@oSm(({QpW5Fp~4+TZ}3 zdaiviV0Mjh%wn1d)HSP~d_A|q4u+2a2ynH0{=#=i$We(<4@20%?tx;YgJc1SHu~J{ zn?*86t`&oGvV*(gc%X9?Osm>lf(`E^WS2MxAQ6nTCK2FoQ5k2^J6q`i_Qs7f%- z^bG?b>?QIQTv`|{FpUnN4}UDz$?>1lzQ9wSSE}M7AQ#vWmHoaH-7JO5OXJ12AYpn! zI&}Wqhv%&dg&mMVXM_~Ajgg9m2nw5UK1#eAqinsv@?VLQA)N{onDC&wWl3az4W$-Z z5eLjSw`Q&h@R%st)dp0zi1yO&jjeM+MF+yxd|K@#iY)-Gm?X|GI;IwL6QGkpn(ZTl_=cJD_;ho&0(| zhb!@5oIJpT(smP?4E+|sOSd9$laN$>^koK-|MDPYCcu2qEzHLWFt|!716arv09(O) zDA(ow`s}4+MZ2oDaA7_^!+e0<(eBR~skVWdQI!CnE#wLO`8q-I_958ZjfEXiE(7$a z2%r#(+vh$%-Fi^G1IkE#`bD1WSj8q(m$NN;81O9W8ehn@dRit?*TYVzc77BR_WjP4I zeF5il^94xeiOV*k8H{Pd#buDi*rMLFvE;)c$Ov4qgHq)&@4rC+Msu`{mJI!J3gsco%#F zs#<%dU}8mq8w^$JZT8r(xSyM;7ol3@!oR74>rx9pf3^FUcLPIQaYHQ5GTsqvh$Y)j zeR|jlX2xJ_IIg)YP|TOS=E5SJ1e%G^?JC)yI|lQIr5Ys5Z98c$#E;MqN%)Q83N%OK zB`FHM#-YPf0dsSfd|VhKKp_hQSHf~jxYy4q!u;VE5t6_4BL4Fo{y!)~TC54EE0x+x zGoMmZ+H(2JMjmf&ujkE*0t@K!QABf!&K-OFpAUdDcpiK;jmm7(Zy28~8Mv7-zF|G< zyp+p0Bde*#z~&i6A=1g+fdUksEnB}HQ+;!d;lV1}JMXB4DS8W6Q_!lMKBPkBeN67m zkwb^1lbQF&Q0ymvB>Q#M?%j{61Eeb+Ph<~#XiW&GDz|hrH8JfP(f**lmw#|Nux57q z{M0!o&wcy?nf=>`^VU9dHK;_+w>0#@&RUB##` zu7$Oo@JaAc$7bSAtcNacaWhT)c`{bIQ~6R|b8{bKy&Xa75=A4{ zz&;B?3mqLQtSz}@A@^&=?7)|=@zdGy%}+PIK1x&9L;Gd!mxnH`fvez`2arG<;cjGUOmosL*}Az=9d?B$eMT%z z`%S?noP+P_i&YvszBr}-m;z*;S;MpE6tVOG{`n2DY%i7%zx~ybPj3BvEwrG1LN_yO*OWh!a%+u9dmtoy8VwISPJQ<;p zQ9DPtFZRO@mvNQHLRp+nhm|L(Fs&Tk{(;woM%J*6{%mc`lAkkgdPNWdro|j^?t(LN z_JO=z)JLOsA490Nafu#A(LbNZ+{`8Ywl@##jJgXtibJ%wG+Jd_As4lnWKtETO2#AQ z3ZmmcFL>kJ9lZ;>9Vk=B6Oqv5tAVM$cJI1Ve!;=CbjTvBqVDdZnQO2Pzxq0`u0hfx z%Tl)fI+9_kF`w||{hXnUtad*h58Olh5a>n4GBANiQ}s)c=Qc*xc^80Bb%a@zl z*abRz4DKKGt1gd5go73iTptau{s_j}88MtN`V@lr%IT;-SFxXd2FJ6HTO(_uA=KT3 zdt$B`0C{2vy2ZYszPW4esaHx)fzj9dz}guf>T8{0rRCC8xz2(r6>V|-3X?t?xc7^m z>MBdRhx%n0CJKJAr-s=)jat)&z0ks9nc}&@tT|E>+p%{0qNOu4!Jl8tnwo9o7}|fb zd0*-rN#C|QLd526F_ znKu)6zGdYEfpoxn6|sfO=ix!ekeLBhwc68f#0_sM_w z%qBH!?hQRPK0<8d#oKPGD8@B4_HFv97VLtKkZMV>O;ZJHMOXPxzPmxEv$ZcNRS`<* zLP)2!c-{PTKBC|nq?WwTU)x$*knAZvA)&+elv6P+r?gVr3mTik~jOUm;q_pH-XUi(Cat1iwEhS zy4JX~&@@^?IpPAz1)lZ)#5qImfGVHNJ^pi-*+0>7-a=WJD}Sy&CpZ})Vz;L#l;x=R zt@QNtD6J+1^vDPB`*elk81V8d(kH=>vv_^s%*s2jJ`TRZt)VIjj76;u7>j}Rmoa-# zok!k?3~9lc{+AQ;(&?LpCD(uQdUSFGvj*e_ggLmc{@1ZOjmk ztqK^`IGBxO6P>{M%;xC9QX(aL3VT;$qp`)J*;@RP#nHwbf;rjw=&mm+BCKTn>QT#W z)_z*7tlyHm9@G~V8cdt}kuGF2G>-32iW$dxp?FW2WWm71Wyz-t!^V@toLJsHEQ*r# zS^H0~SKzj^_ES~U5hUNt#DEC0!NI{uqj`vLiRD;)&(jt#_nK-2Q!Cr^couv$gc=)Y z-$aDy`ldHDpcXick+099k;gn+C94PKUA>;2m(eK zN~;o8|pD zA@Gpe_`5qpyuK4-@T>cJ_NFheJvg?g57&5<5JUOBUKo+HAylC&LdS!k)L;*9<^$&$ ztP}kQ{=Ynf%y>$LF4MOUWM$28s|8{QyQ-ph(I?%WZ@ry@_x-ki#}FBh*@n+TRurAMK|AF*6BDSYxc8#%yW171RRvOy;Z;A zVX{(}-PQ2z$A#W69~&D}f1!71sQeFOceVAWyX<1S!>^a}^(lM?=q1O1mEcjw_D1u# z$fwDHf)w^zFdKET1vDn6fpP*m`|m_DQQ%So`ksX&BF1zLQvV*~OiT zH=*9YW{>>+a?0afrr;SA$Js%18-<8e$u&&w6JH1-b|$Jq`2Z(ft%ar4^i<<~2WU4JQpbrO5n;cP_R6Zj1;G)y7J&J1@gAl7f--bqL5-kDdZ zgsni}y?-E19gr=C0Vjo?R6tYjS{=L+(n~B?$|!&5^!i@2>X;;)x;##rqyJz5{xu8< zF4(Je54tce&P988MVe-vkuXk+~90o^uRH_nH_c`0PQr4iwGX zPFi19hP76)XAGc;zb@UacrWY3*~1?ruuj~MK(MN(j$^hRUuu-j?PC`Is#Jfi0IGv@ z2+}K?kwr2IFNW;6?pr|x#hAD?*I8UNv0Id@pk{sVu$%QQ-UMiCT}~^wx@Lm`AW!%} zNbOF)9T1tI0I79EOG`_(>md8mAuY}c74vtVKk>&8Vzr?8^)JjWLkIB3+jLlUL5Yqj z4QY8BIhBI~#gCpG)@7IZ9PERyXIH)!7v5u!LED?#vSzkmHYD2Kg0TA@P7xpmGlkad z#hQHdjRhc*u8_5RxsR8ew|Sns_sgMHo75NyZZ4`z@Nj-L!OBFy=ENU>YxOL3qtb7` zSbC5SwT6cyv-|O>=scxx#)ZZw16h1PKnl9tD!<$}6jVU!At@p}W9dRHITuTYPEL!= z73zWa7{qhup{`LO`W0%>Oel)*-XVD4)2B}rmrG@qdz5qyJZdZ=HuS%E6peb$C7ZYA zIGF&uE+V@mgs_~7BoJpn1ynmK1=b}SOnO8$9Ekzm2HvTez7&?k3 z06Z3RLy%dw!O?KTvg1DvsUe+3F9UOy&`z~K1Se&KI@5AKlj>IR`1Yj7{xXbTkI-Kq z;iphGV19=vw!i{~z+*V~h7IqZ{QjHP!`z>xXn48I%f*C)d)Z9(12a4I%iq*$!*5op zTE}6(9exVAv(cKQWl#CfX{+4;KB&tfYRlzLJf|E?c-sFa{C^Yvza9QRlkz{4^8afa zKC>1d0;!(iI%i;h@fYhJgjU_LdAlGY?^r&sbspXFJDr|ELJ#ZyT;eu5Fn>oy5a>*{ z%L@|5UoJo!vbFf~Z3mo}`$H8)xW#SLO;#4yK>pDVX{1wy;I1FU%b}5Qd!n_Q#p;L# z>SeBF=~k6 zvv&P*X=Ba~ej7#3*^uMS`*e0K<0RFJp&MF`vH$9#8@Oanmp-DWc-8!q%0~nDa$lLH zV~E$FSw6`Ik(m8HC%t7Jw>U~YW3u26#!61*LH<8BE%U^9Z*YE$wX0TEjX-}aKqyGj zVTB6Ri&bLFd|Q1kd|7iy?Vrm`>f-z3&#$u|z&*(}N~=#?F4nK0p(1eBlq)ZtAnYBA zhY%B`Q+Fo=U+E2SA)hQ8pyZ-VT*%hfLcbs46cy@%?&af4&;M9b$TDP^al{;lx)s~{*O~(ucP<9S!`N(bq&g9qfD0SS&i5URQlkv{P+T4VL#9f zVWQ*FNNQQYp^GbdttSZE7$}4bS;cO`LAw(t@h z-CY2S`ptU8{J92R0=UQ}&_F)hAq&*^ia}`MG#T5*<^DEC6u$huP5N&NeP}K#*WfrO zp&%#g;^N}h|1vF2P>5tibHAMFt-!iv#;%@xrJ&=Ek2q#(@0Y(3cvXP<20)Rg&(XBp zI5efMV`s~EPt;WN+6Ga~(iF@_JUUC?Ec7tZFu$yr^u{$^HPO2~pa-uZ$hd4H6$8T3 zV5I7xACNFrjNAj3wd?a+s0j8nznOUmpdZsN^jC*!@$>jXkkXh!tce3zp5<7{X*ieyDzTDdUb1-V(tU`rV5K!PXsgBS%b3?E}oh2Qhw`lvze&Ab9{MpO|Qeq}a zd8t^rva8>>8_KkwIa-!koi_mF*-iP?iS6E1@QRT_|*2U*&Im07=Qs&B{@S< zDyNgn`e%NTIb~}gO0;&w#m083ekmVF>cmX=QvA2W*n4`ttcf(P=pHy8chtJ7zrhZp zzVWajS-Pbi#DwymvZ;H_j{co})|1xK;*%w3n;z|>gCsc5;Q;z5&KvC6*`Ap76y{oG zWK8#&GyP_r{iVsPaGaSJzr2Pjzar!rIXsh+k5Wf16i@)~gQJv!6ur7}km>`Ee0Tpy zC72ek??#@ib`u%-Hof1lQeV9Yh1SAhHjlMPiw8YEMH;S4#~>nARp1k4!vLRyNyFTn z3*3wMTToq8Awq!tlcpBx#m9H?bHRf;c&tNc!r5&JSQo6c2)uFUe&^pv0FjB3i8_U7 zL&oZ@zHQ{&hwBzldaE}mfCvTc%M3Z_2hMlt`{(VvdeYQkMD74l1)+;y7%|{Ss1>t9 zgGQm{Z~B_0(Uui-v=w_j%+1ZEkWU{Q+y$WQ#L@JG1&G+Tt%%TNP+iGWDiy+c8`u(C zb)c=H*2CD?Sansil&ceuu^i19ORyFxPs9O|gLU$LPCR`urvrf#TpSClZ3KHkbTfeH z9)Wmw=E02(hVNC?xUv+|)6yL530n!4-#2`|^z$zlf9ORHhT?kT@Wp?^GO#@xSH%`U zeVz#a*-1m_-x!p<7B-*CS?1LNsU|hPH@-k&)-VHLM(c)_}|T_gDRw zUJ}(A`w-$Oa@KCRDR}aSp(YiMik7TY``55G(sA}sC~Vr!%M6Z8%!Dt-G{yLWlhYTk z{#U&TV;Fx846lixD_N@=0JkWh zE29xPOfp8nG{QGqwzY|2B>q4%6rTFffOKHRtw(kq66+d$>(x=QJPl?4e6kVPdhss% z`^i0F;1_(z5&w-I;A1qR-eECND?G^wbN!~+$sS`N9QMLf<%&}<7in>`)uXCK!?qWw zOtez8SSttzEy>v#qp{)AlXnsolj=L2F0CR9Q-^Q9?KRkgu@C?{2dTh2#?LT5TO1oz zd>YJ1B8MKjU+Ry-p9l?{#Y(HjSb)jX85zdxdb#+BF!ZiZDhIzq$OAr}5e;4ITa1OM z_lM6Iw^c5bxfgfE($_@adD;Shf{YdDOv7b0cS>$b{$Ed_LX>MheST@6&m=$9&EvvUx)VM?QKASQNKTA9HK+pXq`X1KKfb1>JK_jI;f`> zpJ{c3?>>;h8WHXcR7MTw54h|c>8|lZGHgPSV%RQVcA7NEHT{`Qa_BZe%;|zQXoPV{ z$aT{V0^6ue1PN!{xyi~eF#Sw-_P_;@rD7tvC?Y27o`Q@*@|{0EM!b(QLo(GMBEp+D zo;xVplGy13s!BDo1mRf_W6NtYUC?F<0f8QLzwYU~{CXYR*20pJYO&`DEPzpyx|3{J zTCxk;qt8#c?mMsE&?T<24YuP`UM(yUZTtmDA2`y~_ARdbl0EhF+?lcBPpo0(=Y&f0 zHXllP6SI_q-q{0L9Ey^Y9Si-H+8GCLEhsMlhj)+47%+$5puoy81DI;AxJ@D*cPGX& z@)@V1kD)-zo0xo^yPMlXf)v8Veny_EZveHSstzXP2D{S#lAF+N-JlJPmx zv8w_yNBR{*qPO|%s=%w zG zUx~4g4-7wp&i!`8I&TM+0t?G@l8Jv|I_Q?nK7ZN*OGSmmBXdR*t$lXQd|o>Q3J9fu z-D09&&meeSWoRaak(G{1b1T~WKt7aMU?2u-UC`+N3L1V+oEj;QC~B-gn9ZicU(PWh zWP18XoK$o2%?SPvNEc8eA=IV1;QUw1$+nrvk#^A8+}{w&Z>rcqLdt{>`b^AoK*w(= z?YSEl6Yx7xm@_n2Dmj*n1k=6b06xgA{(>2)P{|_nXwt33#Kh;gP>{-{R-dhc4&#%q zj?A-AHDr30ka7Z%rG~OwXOo0Y9aT`T4CMXYu*(~P4&}+}Vy(`t(=Bv>qr6Z$gBYc* zK;!ZQ(Au_X*T%+{voo{a{MEN0NZeX;5=x%jAbYt-Abbv*_;ni?RB8W%1+eXFaIT|a zQ{-eof&&i%%pAAnf__395~@7!T*~OQ_5NELMdABBkHWfzLDb7@+CS~UH@@ufbKsEk zL0-UM9_i*8T{+ka_0$O^Md!7{zD*wUvnb7RseNbbcGGA#M?Q~+-D0PbdVISED>o>( z54yB^0gx{Bl2j2v;~JbEL1Z=7&-58qEb%e^)7nbMFu;ko4HU=NdcWA{8`80>12Ri& zN*U=kgT&1GV*c+z`pKF;&)r9#$(nIxA7i>$@Mm&4YxveLd7VC>eZt{BmKwe7epX`o zrvuOlF1YLueb3I}$X!stm5mt&RIN8`y@wP9Tw>KC-4T1d8yXtUk})Cmb@~T@+2&bw zo}OG=h*!k1|D(ZxQ*NJ*>@mBhS2o3xdEamFya9PfM$(!Q)LKw?rj3r#rH1zl9SD0( zd_Co{13?VSdBe{ca*3>_UJG#mwy32SC$SIvZnaAzX zn?j<26sxL%#O)3Wm$bACI+uv%2wXIYu~v`yJ!GJ1^MTf`JG*ix{RN@~q=i!Ahrnjg zA(6VF3*^V^gk)}i%>snXR{bXXDk`fi6Jb7?Ao^8R7mWsZ20fzqy9p95W45aU=(ktB z=yuAVZZ=4w^f2MVC4}v+*A^?aXnvc}n1V0Q(V~BJveCZGC75NNlUD(rGkyrwhWhMJrjvHe99l^~z zkR}XWH07UNWuNsN9}<&%==&@E59LyRGCsz=`Zhf!@xnFqD_+&tU;+rl3;y&MD{HlU zO{1JyH%a`cohXx&R7yy;1c5$B(r!Mn!(C-l#-}gB(c;V!GWmmdwY!>*gDUkcqRqSG zY}>vRQ1%#?7De!jF$HIxHu=K_j^%9-7!u~r>Ur=WyFE^F^vOg6LPg{3j6U)dMbit< z42R@1&~sPa?E&$t$~}8EKDm&O4>wcp2o_c7qPMF8*;2aJL=fDp9KF>0B<{|D7ew|K zWY-kz-eykA??gh*&h z>gZu0aCZAT0*7aUUnbl6`3c4Ypt{!C=589JqL*@Z{(!2Z4!*o%DhwlT_yZpWj&?u2 zTq=g2y}10+G3;bdsX8_=0JpIQ5H~v)nVHxZ00n#n)aB_W+{3peG%;o?Xw4CXmhhbmRsh`cvN*}%~v0_Er@tE{{>OCQUL%^=O|01E)^c8M(L@c*&Y?Tg36Uug1P+l@A_zsWu0VyYw zC%N5DR#sLv&^pHPx)J|Yf{R-LSA{0uZ8?S2WDPcO35%PpQ=R+=-MgxwjFtAu*XV-8|?E)bwKHN(fpMNt#g{9YLTXq%nc`&<2%pQ!z4=k@X2LuK-YWOiq)8X^ zCi}XRvX}T*2Oyl5=&`w)`I%EjAIgkN@9vga-)$^cJznjU$FC?cTJIapsz9IuZDCy! z9LIZ14)tej8Z=C09lJSw5_B9l>5#xVcY0~3Hw?bv1!`Lz$J~DLu-#w?x1A$pxx&hE zSDMsetXvqX)_y%PP=N8-l2uiAM$A?IKL|gAB3c$1JNiIkttO-%Sjn`hfoR0#Hx?gkfmXwM_US$ZPzh0efN zq#n>u5qc;WJU6u96qNQF+gxDt$-bv)w$7>Bp6g`afA2$PmJzxb*$URwa zv0mZqpQJ5VOJuJF>(_W4yO{CQS(YB5P!Z(~J(OOppFY1g{7}J6y{*w{UYWZn9`d?) zj+`QOqyucDt}A#Fr?wSlBl&%bS5^>u$=>CWxiUHJls6Ljz(SwA8i`oZ*%`$Z^=pEG zG?sIeAaeWCYZC{2RSK#4Dg3(G^xvZZM$`xaJKC z?KWpBzoj=O^&Ghb_gZP3)a=(idqY`C)ci7$C~e?%SEswcXy94BxxlrU%y}5uHR6?) zwUXcQZQk^b#DZ>+Oi)V52hmwt3)Ho0;sUz2SNUe1^W2+iXyRB-Osxs!kK-kd7>^T? z(~bKP)WB_#Q&(sTccvq`{)p?>u#tp+7C4laKCFtl4^ksq_PxZ`5yhMVhvzhegia}iZQ5FT zDOX=%C$mctoWT3t5v&cc=*XD4;!lvX_OWw@233DH^z6VfhcL3qvlMxfPV#0;2A3eM z_vlHY>77ltNE>Y+Y_uWrm2!>}=Vx2zVaX}$B0;3`d6okG-D!aFtCRi7UmL>t6z~^0TD!LI^fHAz zu*-=g!Y6abJSQi~2lk;cpS3U0f$5rA_>Z~NpOM?v8f!`}$S)pdT7FvJ^JFw+VGMTd zw0v=B$Ynrqb!_HYU*v64_;yLA%9}WDIhmS0n3qkl&Lo##AZ&MK1l#KC;1SJ2J|U}e z_9pYj6k7UpqMH$gphd`_(JOo8fgiq^spzREk0bzP_h;1K7ig`z(g8Q6n(*_KiUYEz z1#A3Ws+oI+OHd+Yk6sw#5j!K{gEjXUMeP!Le7UnTC|!Z1O}VaHa`>EyQ#GZhNw>no zAy~tm&mSvd&^TkLQHmt_X*I@YOJZ33`gJM?cr|)iUp=sbeBGGr#pefo`V}W;Mruld z2x8b#<}VxansSg!45u;<{lJbm9&G~ol;B2LTzA<8FM1;_N29xZk+@gEg|V)V4}F9* zcNe3K1#pJ7EFsip98nAxN~Eyr(iAzt$StqK5^~VoliO~d9!DGquJoOm1wE$&uk9i~ z^v-B|&f?4tf={|folxWGgla<|9+QcvMadZv*&}7OhDnW+(-7sS3(tcdl!ka%S~+hY z*gdgxRfEILh$8aGC7=hqf#wJ8v0c@okE}e6Dxb)H?W7FunxbJI>m7gFT7f`H$s|^$6-Ju3X(8i+A2;+e40Q7N+|I@FW z7@sY<;NoAP%owSVx9AE)e8I$8BYt0SSfeE8*U)KG<(lzp3a3R%XwrO+6XUmNj|0o^klg)o69 zJ?BI9-$PQ(B({5W58!nG`7HlQ6l>n>0b!gXcDV&B>AtvQr32Qf?BOLDUFUFX0%7qz zxEC)$&@15wLuH;Y1QHW<(Q{kjaJnQwu2VwDI`@}kX%jJ#WnKC)-&FE=fNXZw3}_$WZ>_d6@|qpxFv zuj{*iVhp1adF4vMBe8!LWa&&TT~K2v%>|$AJOpnhfLJ{;L3R2|j`u%*CV=EJih>&o zF+N+eF0~`D1`^iikHXijs6zv2nzbu`mGnX>T1~ksQtY5fP1J%;Ey*|S(u>?&iN`0y zX`j0^_nlA95rj@ucCc|od1Ag{gu!M=AcmFwr6Ja)TAUjonUS&TCN4Ng$QND9bV-j0 zSvuBJQAk6t*ur)Y)X!{?C@Lh`-_jVfTlfM;na*V)lMLMpc={MO!&Z-hBH>r=B@^=V z5vMo9%#5Di=d!XEgftHrGwm!YXhv}iH8&VSI&_*^TJ4~$=!2>@aGj2aZ4+zv<~IOY zGH<~DBt8v74Rsitnr!5>!DCm|`CtIEpAQQ*`=NFn#w-gUg&=+v68rVI>OUdFwH zWfyza@h%U$z@3Et`?mJZVTjg=LJY|I`#=~6B|sPaANVfd;aawQ62m|u;V+}oZrphi z$I3_LJQQFj2Um$hi`NC!Ns!~CgIH95sFhMdF+!LR1;xTpf-`_S+XlK&l(0!nmOt3g ziG&~_fj@pHDR9uWTMUf&*nZXsASfA)mjcoK;5mrY+h%jeK5-zCX5Te-EvV_v5CX{| zRlS=Gw#T$Vh|C5)EQSilIq`$gY2elO*BiVXG&MC1x+9&q$N2OLuJ}4Df|v$kwj%97 z!Mu~8JP{Lxj^Go`F$`d6j5D0*@Qg7E-(j=|;#-xrWvV?r&R z#-TWf*jTUNcia5sm~MlZv?Rp7k*JR=-zjole&}B0HeS4eCx;5ELY!Cq(4CTewwfRA zn2+En8I;}KT|6zKOU{9?IceNbnSBKzTsyQ~@rKUF4wIWMp;ZTRk!5w3nBc!x7JnIV zsR}%ncH0Iom5Q~&%KD<>Bcud(6`y~Wcvd{1 zuyn>q4_6c_1??Bw0Gf9h)DSi%L&s;XH23ORs66IQa2FBie?b2W4nrv1KK){q0tN6< zRQEsiK1B_~_E({+Bqz;1AyR;?CNST%?bXG;4PobkVg$RWyj+oQVFBd!arx=v&Z%D&z>w zgt~jkzaNFCi|n z1Xc}1aC_f-rWiKt7c2vo!TsCvBJe>+zLx{iutn;$blMjWm4cxTf+dT;TL zyE3R1#x2mHc>|$#*971obzSp8HSvvD>twa?XuYynLm03AVd_hqYgkc+Zo7zWhmy{I z`OO(=X{Z^|xtUSue&ypTBxZ;-Lmlj=0bqmIM5ueE)=x_&@aI4SVdrQh1$JY-**|wK z{4&6d=H1pQLOt{nwB1m0Wxyit7a(??OH!BLm%i#5O^hI@TRA zfGKwhae_XM)>vXF^tqt+Y|^{7@y=%>UnFP@Dmw4q7UJ^5A#q8$Lm-~QcmSHG*q~;3 zz&sFZC~u7h7sudRzb)zAyLUrcp8Ln)7)<~`MYA6%`blSk1JZfI*>~}#{CRDxc)ETb zGpcxgc=gx~!8*HB4cp-qyi(y!j;p*3*C5DKNo<9}k=2jE)_j8GhpJ718BMnGq{>;q zCfu&%$rpDA8C*wpqQ=-N5b#>bH~;C=SIjp${DTF+@b8x#9()BDhrCbYG|>}B7CKZy z*7PjpJRo7bk@|nn_e>Nr@qhVBjY%TsR1njC=2_YQQE@ZChH#3Tsk9Azt0 zm#oy!m#;?(5od=ReiLjmqLE~oA=xO95`V)QZmIP4PI^WLoepcM->zMtP^}13I}Loc z9c3vWh~v9FW`;h(jauPeih{uX5bb7RQkYlt{}*jstvt9-F2{FUUV~LuMYu!Ut4=Ii zqK>p3f(%BMrAYi`@xzqitws6<>S1upMHwrGnm=83>6j1-(6h|EG&RdNK3xIgfaWQaObB)Ju@A|_-x7B0ah6#yHMVwBgL?6nkixU zHrE1D87}LuOh1=$$q)a1AQ5j2g*SPVo5#`2l0D@CEAD2;ffWeVI>6K>g*z|&;*!xV zuF}G!oa8v2SkMs>p6(W8gA_^4(XgaP!GJuozJS$#nk)FxGRfqb73s%&(#GhRYDCCoVJCAAxEd%LlUVJoXWRtS>QoR9Dx1tFalFV zBjzxy$+oM4T>qY~rT?A+)8@2 zRIH=0_$D#Ck?3ZGU0wPOEyugWx7Kgw4F~gz`Z+6S@U2GoLbu+#yJ@%mVX{MkSD2aC zABazg&wg<1cGCX+LKjuF@bUjnQAtwSBc&VJGqR!~m1C3!m62Hy z*_%#7WftMsN})1BlASWLlE@x~jEHQqe%DKPQTO|Be;&W@U*GTNpB^5abKc`MuGcl6 z7xk)jN~&^sng#NDUOc+{TnYLQ`8K(4I!LmXU5+HkcWrL3OMOt--z$SGI;$%zHM_2a z4(F&$Hf{KnIAA@%qU1O3oiH$*IX&DR=n}>6%z_eBKfrit#QP@+V7-)A#I(7n9 zQ1a{vOv<7e479W55CWZIt&pE0WPiTuY7WPJ{Rjxx?|Tx`pOVJ=>V@owI$nGMoAR!o ziq-%4U`gzBNKe`iPmAV#4FT>6yqmA7^4~jh}tdRPHA1V;)Y!hk&ZkQWP zrZ=Z8PYMnp;}^U`TV0%IMiEb)7GIQL-U}KHxUHE4>dkWNfOOv0QsB{UBs-;%1%{~) zUyM?(3x8K;cbf;)6S7W1_Ufx^Yu7tXF^BzyKMa$0f{2kYava7z5nB^oyuIA5AbI4g z2l?cMUjE50h)mq0;c4@h_h>`OcHlnQX4s!)38@79@-c7HExP~}Y21{nf2h(q*$7UE z1J6ap=e=6aPx!OC?-O!9oEU^unVhLiC(|!?xr7D+bEyd7`wlD@cxvK^aFt8Ks}ZV<^&5P*5m~kd-xsCeNsUBrY7B>4KAwPv!_mD~HfZ z4LnmDw=P!pRf#*5ss)dF*qcd8j6*q8T{;a~0qp7>j_^S~9ZJ`)#vTK-{AcJrfa z6=~Wph73iU=Ig_6Wo5l3 zzr@->N~`W%uT98k2h zw2jF>DrH~`1T+mGh7NlIG4#XZ6^gCL>37tG?F1_Zav-NszpjOZ$6i zNpRtKWD~ylcx}#($4QwTpP^G)X`q0>l_=Dzg!lAwUhwUnaB6YtxYO%DUQgmDJ69mk zhPt>SnC0O6z#P%w;9&RhWVO#eu0wuyEpZwJ5sgxkZ2i?S=Z)dFTfDpS$nT2$b1;Hb=o6m)1m@!Di|Gb^P^W7CHodDb zH{8Vm>>!ivZ7rb7xq~@2uzN6{08Q{52J|No*QvQRH8rhh09c#5zFl6a+gTP=fFJ{M zi0WNRq-c_iZL6RJ)y{zhIfgmvdq_)I2qsg#1@bz{j0$dlcQMOAYGf$Bc$;)#WDIH}2ASOgo<7iU8~MJXabb)|N@{gA3kn9gMa-5N-G?%< zs4nfNFqjafjvvo{*%4W40F1fADC$D8Ukz&j1Uq1{?Nc`S_f!7%Kh-|4nP#frAA+6s zjum#@>^b`Yqz(VE^YDjJ(C%i~;Ik(q}b@yn3T8PVM3-LFSl?EhVgD$C)wks;Uh0Evk2{quc`7(W z4_IwGt;kO!qZ&U;P7R{$iS9+8m->o|P%!PfO$JNJczGL6c}lKCVpZV(tVmUD5=cC= z?yZq0>S-DoSy@?8vv4T*Y++#_FpHTGDE&;= z{k~9tth?h#&)xa(>BfJp_usyKELV<RoSqmjvjyiHA zleR$YRCxZ3+I7wcqUF$v>iDY85Rk;gh@BUZKIX<PSsx63atM(xDb; zU-K-EGX&bzXw;_A1eO6PV+YF)OEc_``a8 zv@EZa>^ENLIb&m<-3*as0~sWDC(qOluYc7}*vWATJXy5k&zZMp4t|B0&1dxz##Ll| z?`W>UVo(>|xs&Dxuak#2D0i(QWpKkPtPOA%@j9;&qL>| zgFOrc6Y9-faZ30QvmA*N31>6{%2l8wW(;D1$#Di7Ngh&llPekO2+J~jFHi8D9MC*_ z2=X}(hG6*?@JB)H1{{9BOls^oL45eVVhUv&XDeW;c&N4)WkblT4N*%=xex*YVM8@) zlGniGSdngXvZnTUuTJ+d9A`vaPoG zNT7iBmU@F^7#-mpq(FY@t0j#p5A+z_FYo*W+@_P4b^Gx=FdEHhS>8*X}Z zc|xbyCaQ2Nt_yoUqU?Nm58CxTCydI2X;59`?S!)yBoAq+ym?b&C;vDv=QlO|1-QpO zS~1zBw>bP%^#ch?=thoTNT-(mdny#FwEAHFD&M~s{(CqCi;+KnQ9CHld#|+gDT;(A zqt-|8i*je+P;wJ{Dk?VwLMOO0?^o&V@wKLV)s`%kl;X*xvTH#>&H6c&lg-m3#!}v16vXGeJ?!t{D`_B7uw3wC?X>o=?SW& zLH_gQd?>Jyrr?{Y+WRO>(mE#VPz}Vg!EG18^f@-P6m} zd_z(iYF^clcyIIXGx~D`P@i4k&})V*ez`@qS!n5Yv)4D3^$l zruUl^TS4N5(l^ydZHNe`SQfM?ANhx2OPs}XcO3Z;NadfB5)m5jJm8o%UY<-w)qMlj zrR-B_VwEs= z1%CkZ-;uT0a$=EG!52b^%OuW0ib$-b+8b@k>JsJUuf&b)zAJ2Xn4RWe47%n2BV$?G z<0YUS7$IJAqdZ;-O zSbs|WHc%S8kR#S~(Lt8mvL5Iq{!Row2%jqh3U?q@gRX!M>PYMOGFZ~$B*!AR^(5}v-Vq&me5Bi>gjGio9h1ge*^WQ#OjB;Qb8XFapt6(m`O%nZ1|B$E> zF|$+*XjAFux2r6Facll>-(GJhLWP=pYy+BZb4e+oj5ZX{m87$hCMMkMVQ5NfUs5hV z`sC!#o)6j-ihXUp9l7D-*v;<^m17liq)fQk%)ylil=fA*MxrDuDASoPEtOCIN;_sc>#wb zo)A+%xCE(FA4ccEvZPL(HKZuJaa(9}^{T_$pF)I@4U%N<;ENxr#RTYa8B@_edubSQ zQLI}6_s81#G3s~=5NH9Xn;fv;^XG41afW|7xTjc>_Yw>1d5B@5o=(Z3mmm|_0|IUS z2-LabpmZk6|`b`pfkf`JS8OpWT<0HhPcYpiii zj*C?I@A_ds%XP{DL^z#yQNr6X-%etC|HliS1kZRms925S95+_Cln9iqw>4e&nz|mFUg>(ML=j>^6 zo-6vz#|~&ZuLniK&|d1bpXS+;yo68KtkC~B6f4*2zvF%F%fiAkm=9rM1bE6{yV?Dl z=e$Ndy8ZUq2`KVLGF&hJ+b5uOhJ=LtL+Q-Sb-|`|UO<%2nq?`SJ5uCMLY$gAXj|}S zo)h_=@oCybvS%KMY?%he) zKRMXxqKjt=T&K|fRPNWss{pL=Lx|^V(Rxl%k3eluwZ?CJp+*J;GnY4zlq?_57P|hCystE9!L(N zC*rkOR1#0q0fPd-nPTGN3TkR0%5d!hMVGoZ5&6nX3lmF=UZ~`Py`e`<^ zpAHTo<FF2b64dCTdpY>;<-Df)CMf@2)Fom| zE554hQShoyFbMt;qaxjqe`$HZ>0wx+C;kDP8o*C@hyYH%BTB#Q zvVhZj=!t#+PFKQ}#V%n3PS?Xc)Tk~CIQ2(~##TQ7r$4%VV*^e{RA4c>E(rJdIUIqi48d2 zi3*+eEeklEZ_74L4&mZL1a(nQF;qg;NvOH>;lK+AYqir%HF>pjq))`DZv--udrwtN z5mb`6S(P6M2{n&8p7p(gM^IyCXYxL*!;=lFX^A*Se(lQc6maZ)KZYVoWA#Qw6~IA( zioAhY)Unxf9s+gy($n^_Ml+vcKh7c`nXi`mz|mUqJ!f__(Z`@Ppa4N61)M&u6L&D0 zot{KIm;$J=tDQOB{}q7?na%SzHn(OY>>*O0QM%Uz;Nr3>rEOd6jhKN&STH^}J21Be zaiBQH$4xdosDvJ|HB;&7=@QU>n+D-#m?2GG$Z6u6OL;_B>DE3dn0S{s9^U&2j?-8A zF=00Dl~D?^y;06P`RfbC2;D1LC*%-*(R_BYYr}_4o$-q@P5!h_&dGrgA>+;1zO*Av zCz8Y;I)I*e@wAq&B3#BXQh{N_v0h2|s$IRt5a4w@DGu3KS>*%0gcX%Rm_P-NIe?pG zj06(|LJ*y>9du(4+pKmLXL~2r3dGzQL|7dNLAJ5Z4YIaF7XVGOoW31UXr@pI`B&=G zIdGu@KuW4#`3iYd z1))B&vvy5D>@sh*u9a``1D<4>cIunkU4Yr7fqb;QNStF%6V0Y<$YVs6N`2NXv-E)` zdQ3R00-BT5qYZ-BB#-q5rHLWo6s3%1*hW?&5i&!zYng!M_id`Tpu~_}U2W1U9dF1&hE}MMs}sV`Vc~X45IW3Px_7ZGlN5=0s@_V5-ro6 z;tCKyn+9s97s?zHg3fd+q^zw8WvLsW{ARQh6%f)QtYSOD4Necs&RIs(#sbStw$ORE z=jye0k+XT#&FEhnXVD)zZ(uBLgw|p0!9|BmEXtWOx)4N}==7OK4=r0o{&f8)lCA-U z2Tf1}!gdue5da=2#O7*)>Q%lg*BFwg5ls<_%y?Yp;Mp}-QH$sY?Rf{_-a^#l8`UO4 z>kB^Ex)Hme^Nxqn0F2Z`Lv7B9YwIn&niOj#Cz~g`BD7c0r?l&O1OMRunoEW+M(RmI z>sdqq%Cg4-m4#7IbTXoSHaI7v zNN*cP3wV@=<DV{%uH_Mj8s@0_QYfz#1U==1xBirXuE!}bEigOzT|1<0Q2yPTjF z&J#+!Z3M#ZeSp$EI$KdGS7>I7fT4g93}cZ*Ef5Q1k3_kP%v8zFs3H8#J?l5u9Fgnz!t`I>{nlbql52Q@s_1k0#$ZU2`Z@DP$aoFt8*u! zDi$C}p3(`ER^uwPHEB1I9|RU055Npl*t-W){IL0;7Y<-dYBWb3G{siCFQv^uiU zs_d_hUaj$r34lDEusYlXp>`vUG|QAl*om%?3YLY2#Gb%cBA6e$MduM%!I zx`oUF&{ZufVgOYl$*&QSjhM*i%wU~?5?~rwm8be3`&xc0|5bB_*}jWV<-77KL+}(B z;0%b0mdRS`?N|R$_^K0dhKFvi<`Bs2OJ*ZX!X}l5&XUQ8UQ^H^9H%$M9iY$wjgx!K z1&&sj$G))4wOIb&JAQ$Abd zuEU#cH>kJOtyggMOmQ@G4 zl}p`m?PpAHrOWP?9|ZVc@|rZrqPdzj+3M6%AZ=SCI-p-8ToEzOe>G|zMkHsLFnNV8 zEArCY%a<}b!o^PP9bv+WOBkxwB7kC!=X@Ued%>vz?S_sh(`<*laMlbxVrI2+JR zo)Xm#r@p( zpX#}-$UKnX*K06d&=*Hok=_?zpTAMT%C@x3NaRc!R0I^k+8LXtxkl>P7?&a7HX9&> z>2hE2!XY#4{6#Io9ToQ%xJ>C1K2`R`*+KOjwc}fU@A_@RSHm^8y-bkPtr@3Dw3B!0 zw~XK+@nG;Q`)KUlM;|nB1~9zx=LVsa)|=vz;hVww1KOS`Ax3V@BDj!V8?U%_NWnS1 zO4|_(sOh>7<)X&^n)@wVC7{38vFaTa!8;*2s_c6NIA`QPKI8cqq{)ZGeWCwJEsa$? zDdG0o8Ir-BEy86}$${B%FKiDugR81Wfh7zh-Y1t08fA^+^)R2`z2ARMA3KD2oXCbj z*%8>Q8vz|$JQ5s27|rZnGoe$4@0F!Y5pcx6u$fE%A|gvla57?UGNK?wGs;LOIVB~< zZuivyhAVxH^)mwSM`)??Rf*(vIySRRvMx@jSIU|!gBS5>cUT0_iNm%kxS7XNU!jB| z&)}xW_&ZDeqB4qdzB4Zb5pej;*5hzmg#ymU{N0|_G(I+@9K)FuW1lrzhr`G7ky2nK zku~yOQE&9ihYA=c?_2dpQjGgR_REi#u2(oIlboU(uJ>BVtR-s#XsWfZ{+2QwE4cLf zWyf01P*tnhGVcf(g>Xy6*4}%)-b*<10wO0h`$$8^4{}Yh@dg|9DC!7nx7;;v=wjJ5 z)t9neGvh$`&VfC%BAGrQNC9uSeTdS=i{gNxpjf7cA-&jK=)L!SZb93c!hwgok0E#( z)W6ypmsy!_wYjsY-4B9>ouF8l+XV64`;CM>gRG0c#U4Si?$IL(F^i7VpDLQ_0QyYp zY!`;V;HP5^ekQjTPTz>UvdGp_I5+N>YS~-@v1MCGQTN%B;a#a<8_*nbTcRd4$=2tN zr6$tgixHZu`%9hW2nFituAlv}(XH3U`bpV9$_WHQalfp4(x|{FlN@Ps`gMX*R5sRr zWtR-e`h}^2^WGUTO`dV%OldSs2-=oKVK_#CGgKV`&Bb{hbB&Y>^U2SFbj^b3gxL*6 zA^U76m22&uU;YwJ;y16UQ3mFM_N)hCEN9^+$lMOwe=<(JlIQgktT78M=)!q?7Ef~Eh|Z>k^PsgpsRZuA8fGTooAPBeu;^w7% zY1GXemMuuBE;v)qW$}6tl!fdyA7(l@WpD98{V^oJgBzL_&|-}q-}D^%Kn0f{FF~gm z>=~!FTb%AswQB3oxp}$AO-~IZ-fBZTfy{klAJ9$#$_Im5j51#a-gK9RN_twHWsOXx z2CR5K;HvfI*ulAD1|E}>?Lbyc6)Y3{f@mg{;T%fA)ChW>h%a{9C8gQ_ywOxXELrb7 z+2NFRhTgC@)RZM2cHa&PQ*rc;D+dLn4NBO#`cK&em-XM3Q6Mv_DvL$=2;XC)u#)v- zZQ(PA#HYhcN3pM{xqAG4yvKO%yRurb~0D6*r#hRlHH`G>K@H036@`R(5W>KRsDbhm1|6 z0~o4}H1}RoOk^W4>fVt086nwvcJtTBgruI@1tO)Lpy#bI(ACErq`5l9?~}3CaPTXc zOkP7f)7O{Ika6S=hYjSTjf2YM96)-A-(YpItGp<3F*(Yx{~}CG4(;c30Hak3?{hW^ zH9uf$RGdR^N>7*ufb}Ni;f4%WepJd5Zy+f4`VOSmelvF4n=*ASJju9&CH>3eC+__L z8Zi{yT0p8z0><>1Lskx>5xww$k{i>oi?tU@QCm@qz?kZZX_S7Gedw5}=E+n9;kMET z33%a^c_+`9%XefkyegYdB^}Rf)m)`N*X26PiLm)J!v=q)80&jgJxaTDQM>m``WNJ$ zNN}iIkL7Yg2T}&Z(h3Ar7s6D}MSbb+-a%r_;3SQBwE%nIcbSGL7b`SBuC&bt6YhLQ_o&z;Kv0GUJ)dxcJKabmnWNpF}lRzRB zLhyZc$i%b_%yk+oWHR$aEY1QchEu1XojbCzqg2^LM!~IRXr`&it@*EE&qRk0Puf6( zIcpwphUc}_YUWFF`gS{|Dq*UpWeHX@^ z`~qg+ei2-7J0kcw%_AoE6jR`AymIIborSjsi2=9Ir_VR2nN?&5VMPH2uNJUa?%aDX zT?@95W+;!b6ClEAS5&64H6;Da1whD6`7rIVloqCJ*JP^8}W?DcifA}jO00U`>P+}7 z`(zzvy6?hqr@9w!v5JF^|BU*zK{DawVND4Iw_@QncEG{16#(2h(3k4kC|=*#AdsVy z1}vLcP##qUUwf%V<8BE6@?#JHE4g-^^^!Qy(^`42*h5_JA~4&j^ng44Akfm<#)kH6 zImMgLBDvo`B(^=PQugS(IT4VS^^h<%J2fCME3?vz;n@!pxrp|($&qVVWojQGzFDyQn^cR87-VR2B^+sxNb93di3JOkwWM&7ps%-(XMA)PWQPqGeoT}Ig zY7Zi(c$kK01STYLy>{Zi>R~^Il3KedgN)`rZE#humfD9$b|J9-qA$I@WK#Qv(I`HJ zACj{LUiq?qe|N(@@|<^HU65srV@_jZ_me?jOdMOaXE-+~Yn^??d-2Qw?=3RlC7_>z zsZB~25LLyC`O#_9?|{ zmcHwhhDVlKRkRY*ruZz^`s0@H`n)7}n7k=&wty=r$zk*hO7d4~xv>rZBc=b6uTZ|Rzs|xCPpOSoE3a_Aa})Etg&9u%<+p7 zd}Fu6Pb9gcqyALY(XI5*XZ#6K%bbMOB>NZ$0R7pl2Tf3!E>2$CtbB8NM2tVZ!}m>v z8&Y1(fy^BEeWDZeOu5&PgDPgy!-CP>S567J!;ht#5KDsm=OO)R=u2L9Ko)v)@27B{ z=?N16zMg}2h5iM}s8QEH?WKBlV2J-Os4bPZNAEd|&lXvmJ5cMXNAl$Wx4<``95FA+ zdiH;xGx!6*HZ&Pw`Z&GxwP)+t+ zM17p@M6?uMAzgRa*$HVa|G-~HD6zsJ(a7WY_>9;x#d#&<6b3pLFrV35Okn~m?7Lf9 z8mp!Jk3T~rd;!H7#x58ZVZ1gY%K6{;q`wT~vqd9JANf+1jAQi+_C&P0CX-thWq{3HEV}gBFz>=lBS+2PB+n&S0B?{v*)xZf38HFqhr_+L+6-kSxh6o(<=Uc+N zaigq3-@WrpmlBAOXc%59#oD2QTj8E7lI)i$SMWlhHNp?j8t6^s zDF{ScDTS#7=8U3L(5+$uSdYDEK!o5DOey`!s3jf|*em`N+MU$fl7APe*OQ>;Bk z8DfXY&oaU5?SP1keo)>Ia?KyF`|>hO!s`4^cC5!xDfq8nln~eg1g+g;h2` znz0B+%FT7{B8*~W8N7`FSsEsJYbB`S%v2#ni*$a>%{u~I!b`(82Kp}&gT2b}AurQj zBE;W?NjVPX<{IqRpU!jl5WJ}D<9sH@pQ`|hK}q~pE{kDeL>MNaWiU*nFdCj(}If=-_5(vcMW=3Y35@XQH)q=75|YIxh{I!%$)c2(>?^=!YQrU!nGg zK>c5#ws=7PSEwyWZmRzkYKw(Y?Ee))t)uXIH^88BOn$+j_WK_z6@yt{s%8@pb#eq| z$@u3b_|;7ctE7qHvYdt6Sz~>7ixjG*E`UWM^{c=mey? zBkLebx9ublu3x*Y_mC)JsePGN0sV7hp%74?eKa1cZLyp-C~#BUpD}g7MO$(Wc;PZv zxrWQiZaJ02*0267wtLnNT0G^Kh1q%|94|^!L4FcQM|t5|?0bJozv5*F%}Ff=1cw#R z`Lw>^TF>`l6=!Zr+39a~gS)4w=fZQpLLpAUz<8^x>lwRB`N4Z?%3PhoXi1pDId0)` z8Y@T9+0z64-C+39|GJWAr%)QUVT+0u~E32!i1?-Cz+k6%IZ}~*b2M&^_V6BhD zv_IXq!3(7$DFLugt{&<9%BFi3^t6RFO$Lgx#9yL`KQ;12^Z#?PBQ^5~sTIK~dT22T zYR{h}C|emZa6>^#R}kx*9kb;~<-Ch-s{TnrjwEuaW$qrZA1pU>=6NgK?ul0N_y9up zw6Q{PXtd>gwPSY^)TX0K!s*TvSfIhkIZ(A`#D@_!6Z<*m7Xl-Y=7xgaYr7QCBsonE zz4_J-?!Aqr0el|ktD4G_!4hj=>10lo62)am990*l{LMbu#z? zI>xq)w~QB#^i+AYRzd653QslV-4X!vZ+bdjkq28W6t>vszId!^Be_uk3|(g&ciLo48oU7^qlvKN{xLFij7V|z9!hXCX&A+lN4;Cizi;T0c0 z8_ABRqo{?6jI+bwz+@u?F*T-LAgQQGoIhK1_v9^=k&FYcwQ+wzrBgcG;`Zj#KZA>l z#M58+O|Y#3{;I@^_AeUWbJVb{=AKw#V4Dqmd4kXZqGW{TG zea_U>8v*usH8Vt8M&H`fy5<0;52c=)msKi=mmIfLhH6&894D8M>tgQh5kM98=q|lB zFUv*1U`O0@Ac~1%aa@P%ylM$~GA{-TnLOn5-L{E1NkEi9*Bg4_Ow@c1EP|vWcW++^ zdwJPzadkosQ!7%3w!%6)j5haSB}*)uSnwFE$9?R^T1(GzHDpBSpZCZ>X)I0>&{41s zt*~Gxz|j=gLUqE9udfV|3r-fTnYEqfSXbjlhSf$J4-EI>;%zDhmoQE-wE?jY7!#10 zC*DnAZI!zy&x5(7X3=jk7KmIJvic5fV?o%J88Be`I0;2qxjwNdyIa1Fk62ynkHv&< zfJ?-cXVfFgKN+ygCDiu}Uvx1xXn8$p(0gw7VM138in zritck8nL?ae+J_Xh9=x%E(of_n}CjmICJL_JKGKw!gtF;9=9 zMbw=r2SnUd?wYYRxaZHFL2fzS`(do*K=B9(iJ@Q&=kMZskFvjm_K%R7tFJS3>-dxV zkg3YC7FTofUYHwvjcE<9MuupOwao!2T&g^40nOE+o(Ph5djxx)V{Kv8oiH!Q)ySEa zDYY402gz6pzzuqqmR1zJ)3~kDpGOZ`ZWKWf`SILeHuGI;W@z8!_KFBfBtLvOG35$v z(F$5883<+-Jyxjchjy@pMP%pKqmfXWF`ncH^G?&hjVB_p2UJU2$Zi*DH@T z+;kT*t&NAz^oZu5#^9UwF?`9HVTiYuMIR z>bw746%!xN=PF6&H>#@}mdf=Fbx(k#OdjD$)EX7~r=7TyM6oxLn&kR9VN$;yzx%CL zkM+L~?B(Sm@Lqprg!v5I@C=XsmYJ_7T66|4JmvfWZq4ydC>Zxi|5LkFv83b13r^`s zIfXuSF>FteMW71`D-A>G)>Rois%y4Mg^OzJx|sY;BuU@a-x;g)5QVaUW%b2=nbo)* zPpuIBgzAu_MzXh9ZXmBUgd*-J2gT+4D+e+|;VHYDFd5#L+=}9FDYv`qEcvf7UjblN zFwj&o7%6MNi5q^^HJpC?islk*>3S1g@G$#!(Cbila_F-`SRcUuQ9fYhyLYNJ=F*|S zYLg8AyXRQ3#TrMBMTf+%7kapf3Q@u=F`sBbEBbhxr0tM^Jl~qKa2Y8$v5(h0>WA2| zkZIG4WbaR(RvqTsida@%So#2%FnRjv*JZFq`1ePOy?}?(K!oMegCM;@P!~uGU4Q~s zHZ`3I=yD`_Qhjs3tn)rZ?y}M4mu)|D0TvJ0ueV+FM|JkgwgQh~EO3{AoMP5vt0V9T3Lk|;(CnsOS!E^KC4(yvQdX>oU zq_hHB%#aFy3);1q)aaw6`9_lzCD8jUQgQ}}MvY!}u3f_+UQwR5%p!t^(c*pg{{1Gz zqQ1V4t}xl4)csTsY6=#m;NuNv#C}Ul%OkDkn~97Na**Wd_wdRr6D5M-?KVJIw8;m> z)Jh3w(uG}X5;Q|j*4Ne1LmT+w2x>(bHzr0#hoH-!e@)r%f8ZN7QsHXeY6Wo-dzfFl zLzR>SwK@zh=qUDkq9Ydl>w`c4pkB4guZ0*cWzm=A=-`W*FD;05^ootV42@aq+?IC6 zqjd%Z8UUg=o+HIvaa-R>k*@N~w$zSaM!3VTclg0QaZk4p3&mz|Z6)+^ME(Z?%_#d; zLR{j^bK(S=JpHeI{y|GC^++)X0u2CBlmv+l>APF7qy7_t<_f&rI(1WG<)$>$RJapV zjjGtAxOnEi!iiz*x*;CJZb0+l5Cb=|?SFEd$ZlP<)(ntjUR$GwWm&+kl@o`lYhE>C zz5Kq;fz>pc+IoV>)TM5RQ4Gr#R$Kl`oi7Q#j9o_vdf_kkj4K zFm)l9b1?E0{+R6QK=@|PSmOoksY4JkztohIhD+Op=rI5y223llJZd6CD#uB3hzHk;r52gK5M*eW%(E~kkjmUNPB#!7J5^Ra05@PJstoyg-L5JfEQhx0#m z(V@BM$G@!`t37gp^`yLMM10xVboHW%qA4Rb5GnHdVN+s{{&_P9@QND0K zGh#4OH-AVeNE3s!BC%Jf6W_uGup}6y5u(ngL;E>Z!p|^m7E>fPzi|E(OV*z&#fnS( ze&G!MrvQVqgYr;hsSdVz2z07|(*oiMoRF%o`|V@iqzE)`NA1tb>UTiy0yr+;0#wVGw_SEpf}-WW!jaUTZp}vF5KbP z9vQ48y5Cn^>_t4FoeRL&L%h3?)Z56(RhOivR~>sKWYk%ksERJ8A}5$`Z<@3GIXSWy zPknedwCzp0@Zqs(yy?f6ctiwXR?Z+ck9fc?029K5n#k)dOnzhu=~3QEs5X~}+~Grp z4G=p6*E^L`!2YUzM6Uia8V;loF^lB|#Jf_`0A7tvD$;}d(^L@1Dok_|TFnX_@T9LS zCFR2kX`;b}?%+DfUE?n)h&;f;4#RJuMvR2{GH!(RF`z{rWM~p2@qK(i`@eV$7OwUC zwEkQ{)u}IsD`Z(!c2DYSte@?Pn4M>$&$~RZpDwZmMrU-EOnsR`c$Bb=Pc^PBL_tl( zKz_a_uOP6c3spoug@uL5-tC_jMB{IFiVR0L$eOBIS`WnwlSBRU+>Z7tnP9o|tDubX z?$zSMXSfK=5MiA6N13jJy%*D1@$E0nRRSyuL5=g~?bxFD=eR}Ekz09gzwVoT>8j(P zFN%Cu$j&**p8!Z>V)KEzSVMPJZ@q_S*Q4_HRbO3`-7RBAT16#svpfxP@EZ#u|t^&|@eL?Ch7 zz!cEVFn>IaY{65%P6VJ7*@i95UNhh2CAm@`J>n|z;|j(Fx=uM(xSU@5@6Cljh0e?G zl)=mF6K-DBU7EsS+(B%?*Fnx+W3h?-#!E5Z#?gP1dbWdgS(vy$a7eH&l8QPnFFU>0 zcjpKb)_9~ThVtQju5T~S-pP!di!IQ`V50Im?W$FAS&e5((nA- zt-qhhzr@N>UX5L6lP_iHTdMi#ynlkSe6;v)Un!<8PCT6{_8dwgol5j!olmXxyHcz* zOQOC7V?G&?yX?(@AWSdw!oWP<6G?@O-prvU7^KX!8F%9KTLQ{_FX4gvAy!#KO%1)I z)j3D_n1D-qpp%?68;&LE{cjKg0@yMaP4iq3O2-Mnya}a^|R$WbU zT_-v9;X@fhAIu?Wl{&+G7{df{L~!SvOTiJdoBxp(GJN3t>R}N?)H;U)V33LQAHcGW zB8}mx6YSHmx&<#9Q){?fT<_O3I|NUI^-~mL*0V5#zvk`2LHKN6h{0ow&whOgT%qSd znNbr)id3uz9O$5mNtJoD?x69B{U-6f-vPs$q@8 z!a|f&0f(8R!)i~c0>X#G8XEJ=Jc4C0bq9l1V64>->DY_s_m5|l(}c_QI!y6}|Ap#P za5aOSr!nkVJkX+WHSY|AmNEPsPDQ@Y>)7Br@j9!+2NES@vaQgLj7)%yWt}}ki&451 zX$Ysw&XnUEOPdw=aJpE1!64mY@4N@+K-*~rZ6{V6Ms}t@+aGQEKVCAH9X{jx8jw!J zq43Y@iM&C|O@p)XWM8MKj4pgb`!C?3siwhPWHdXh!B3OA&#NCWfYmtOjNFQEj>ccizb5{$l=b)y7WoSf>z$?5DabR1tg)naG z5HBZjwOCiTn8YM?zn?gy9L|^M0}k`~z$CzIm}4Sb9QuH?YT&wI4EovsELG;3QYY&U zehC<=`=AX#lfQ^uJE)Y-2l`bzluTB*wn9f2#85Sdz*P|{!h8WBr8fNPE!_=U`#Dti zz|4^*t;dp7FAZV2iifnR!>{T}@|m0?bCV)%wWDNk7UV#-qry#u;DTE>y3#$Q@`uL?jRqUM4D8LxlAM**NK06cy(?neNKbNq#S-o7E4&s!X14%>)TKXkpn(k!n$P7zke`h-c=D1(KXv8J14=&#FWyEfJ+Ey z&@hk=zi)>ZRGRKlaV@bqzhU;X_AL9{EZ_({My3=6vaPa>v@Ye5)}IIP(?InkaIsrD zX06=(YW#KUUFXJKeNbQ)fE|nxQ%zk%EzXmr+TN`*{k90HRRn-Cdc=P~z-V(INXZW! z4%A5woQ_ggCLmTMGcp^Mw5%%Sg&?~P9@T(O#&3gAJ;kT}e8ha?ZEy@l|GAyK8&hbfuFcohho zp_lf?sVA`k(_o+=(RHR5C0x3gxQ|c*37Ppww5-}OyP;yvu1lAI%4Z-@XU zJzA}14ntFv2`}x`U;t_wE=ZUi`l1rLr1jt2mY$>5j<$#XU>9qe<^WKU50sIJ^>3wz z%a|{20f?J<-Ps$Tb7Sa5XM)&@QM0KV9$XHH?9ul4NkYll9tcIZ-`wu~hW5NEz^2OZ zJumSqha*6ZFLmMCj}wC=mg0&qXp`nr7}7El&HQK&$`u1<&mxPo=VYdwGzCNO;Fy?XV$0VWldGK`~a(xPP4kAFPUf2l4WnN)T3Xz zS8x)_(RW3>R9AOpv<553twh?ox0 zN^j`aZQ1XYK5f>Cj+)-xM-SRT1$h3)ysM4l0`ga26KGq0RA0kk23<{=H_|3p1?z&c z?`Sn%>Ej~$yv3pSpt*hqr1SLr{Td*%MeKoR-p|fZTSr%Iu!Vhwgx^pP05a@9I}E6j z&!J{@PUN56P6}D7v>q~6UZF2ZBjTI`;=bs?A-|z^@;rUXwZdTu8ZVBT5MEVSHRwxv zB~z)`guaHOEVLGwAud9YNN)C7eP}!DX4%RVs_Y52$7DqQ==@1LLkK6za70%Sj zOf7Pk^Y;~9aB^{?Z9 zv30CY&&R1m_Y?Ojzw=?|v#&q7)MntWROO%ymFfra=Zbh{cuAvrs!OOHqf=XkJ#wuWF$U(d zi&8%A(P7=r@SJDhq;MK)hx+oN^L{=1%TYmwY$6q|#bxR%LS2suy_fn1*e>q(6;(}D zkM00jsMEo6*T>5%EiMykv|k+EHHqN+&>X@q7x-CIhV5^a2|qQi(irFH$Rv?2-P(y$ zbM57j3Kbz3Tr&hKz5r045h}UVxUp{8<75I?Velwow_tUEkShk;ft_1Zkv)0V~uKu@%4O&gE@z zp@M^3)0?&eL@~laASwMd4;^%rylUry+Va;YqVcr^B53~3+B1Ipijm;6{|YLGO4OrA zk7NiqPJ@16=6u~3>NHe*=Srp3VLizpp|D7MD2{nH=K?s`!SL}cPGERe6x;yp5&}7e zsw7HxM_z3hkbuCNrF77%YHIFzULewUd>RK?8r20g<|V3-pK(L&-c=#Gl>q(_&E3E? z3xnO_y1Lie;7YMWvwbgyVW@f<41D+0A$?7g?D z#S%!;QBsnmy#+Mgo3unk+|{57I=yN?dxM1*0%>JJn(ow918Qd`0EDu0_2oqCSNe=R zVah@MimknN7JA<`i*$z4a%V1jvsFm;#@T`9$AY+&(6^cY&7C&b$aE+p^}%hC>+W2t zIL__Sw=Y2=w8Swd5Xy6pZJ!X*0e#0KI{@Uw67#MIz`X7P?oS&;3w;ncN`~On+^ZG1 z@-^&tF+_@c(c!CT@o@rbp=1(;!kmISBiM>XO@kdBY7qMBD%tvyBZlO%Rk!ZIW-{Uh zyxi`wB%jY~MwwbC4&;buue-r)ad37LabXdVb*MO$X&r}$M!TCJ7f$KUdCAn_H`{&6 zVl1QOL<=Ig9w0Sqcv>wo*d?IG&Tx(tx5qux$H$C6+nn4zD`Qf{Qk=<_zw8q%K@8Me51rrpQShy_s`eEx67t zm71evAnF3q+8FU&WpKy(~df<((VH}Q_mJXMxjy$y9u;D!yX z&4A7j%y>$A!L70!*WJ@v9E^8c3x`qLgL=?8^`7hYdDG%<5F-_5^)lW&`gewPMkqJq zDp;TqJmogqdV@eGm1HTTH*5KM7%qoVYb}}4ToHPPn`C!cEXoA_B+uIE6>1yIMHbd=O`S3yWPWXI%RgXuHZI4wU^$yc7U*0yU z@e-~SgIGnqR@=b*^a!(QcvNMsW;Z!frBZ|%Fo42k|6y9~AhJLZ(-ykgY?L50UGnN- zIIkipC1k1B+Z4Jp+Wvu`{eB<7=3alYNZbY%%cDSk@M}Q2g+|DfVGYJLz9_+GW>Tiv z7@sX#`Q2{F4>9>riyq^hB~a=(s>r1d_~{mhH(DYH_f~MgX0OH? zP{4cu7Q&{OdFhJ+X4fAk&sR+}D1jO`A2N;X0*8i-k(oZ$4seIK1g+U;D8X7ZWxs^g z&p)cO{;qsFanY1Kn7MGGlgN7O9a>C*yFFy z=rNuk`vmxwjnisgEqy&z2e@31k__@_18o72Bbver7?*=#X!&Ke5&2^WiUW%JGr=go zdjdbmz97Yi>RSF79=Sw#&#{L1RKY(#`Te_#{CJ3-!C`zhunfcT{@04U2eu13`R~{G zxn$hIfk3O|ZwC0WTM+H)ZcH<)%~5B!4RoAEG8Gcz>4o(V`p4Bl!h;@n_HkK-0bLc^}#dt%z*bo6|Zkil&Op!NGk z;W@Uz#|7k~^v0gB1}J=J15MEj@QCr-q(MVX z=4J@`nspGgy>eE%+t}qm>p+A%!AX!Qbf*ynXxc+owFgW>O?bFj~JDK-^ zQRS~4w{b01-2*tP{PtsJQAIA7Z~9{!;7`E@OvqJ}ovN?U{XWuzIJZu^ZAGBl*mX&@ z2AOfMx(Q|5T_mSNK;L6iY&@6g#d^L-eDrz!N znP%2HJ*Dpg@I3|c^@04Fj7Z(KJhRKDuWouubPOTNclE}lAUylLM-Ox#=eA!>BSIkz~^S74Q>Nxn!FzszV#%Djb6AY%R{ffMfx!{-`-@yOv)$T3DkKEl+Z=hR}OwN#hVm{dD zO%2|{{pz-Vl7h}p%DQg(v5?&Dk$rgIQz zzQUAHmCSq=`8<96?w8o+PBqJyyS|1%Ug}QJHs@=@QO^L0zrw^Wp7Iv0a)Q3qlFsK5 z>9BL_NN0$dH>3(2pDhrBNI?kf98=#n>;I5r^O9z{wA+8gktz?ImM3j4AXg#y_X>b< zc3bv(ZyD4?qsBuKkuN|^tV38%fZjWLZ(hfFINEUwRM0aYh?e^X<>|#qAE91nSZ|(n z4)KL~&p2Y!nU@I_3y0Od5>%r_9iU zeA2P!ZV5QXlE^5T3HvIj&%1z`QIV_S7*aD*F*jXd4&MIf5NQdS1OBsX0ixL=ZPHsJ z5&WeuP>na>K7sh1K|Y+>ecvOw$gNfdi2u@w15RC1_9hVN{{RX8ac`Z4c(7ze4V;<| z+m}9-=1;i}o@2-l(C(o8G)C1 zP7gWc>AMS@Ow?kTcWmi7O}u9H2B(0CLL^J#GdBG7G5(w%%ht04RR$nN8VKn(P9nfacYyFtY0ttT?+CvAJK6;R`% zy9fEq>=mbExHjR;_1(!im4ff8+{MMnMyv5u75iLQV?{tnW`pQmDJjN~MlgA|WUrvc zuFpxA2EbL-cDnWZiQPwp!w%a6OuwUw6{1N4PNjY-yBT_{ijZ!OI!waRA>oS~G%V7w z&>Ll4ye1VO(-6u*P8pC`DPq+5^_M!AP=RS~mRS%Y3?Wl5dTJB5j>S{gdhG^h}o>ZZZ; zOVbjZytl!5M+MjQa3-yuXQkBYHd*f<1)lE%0(w-p?K>~XU-N|VFlzF`3INO1f(oTM zY$5(H1?o2y=L;xZlOdh1dfREPkNH& zL#dEvAs!NADx1rt2?Cr$G3{%S_(0uw)^Vs! z5R~h2F(;xYA3g!;`xdqav)LBtM`JxR=Topb)&O(@zJc&`EVni*d^XdU>c5P=--v|k znyR&4i2m%oF&E|}zq>N39is93LZJ`9e6$txi8`0PAPe*;si1d3S`p&(&-3ZS^6dZ+ zTnH7g^eAN222#09=qwoeyPF4LVoUdYhJ@&La4dU3Jh0Q~!Neu-@tBW(IN9aLvq7>u z(hD5kRwY*2-?hHKg*bt4SA=qebjR&|7JVo{RD@z;MYiCXWIhMJVEM4pK!J+9uENgT zvvEP4Vai^(3h7RQo-WWR5$Ak|!h@cXasc0t_GVu_Z;GteBab}(!hZn`_Qd!sfdy+h zB!YUJyS@~QVm|COwr>+&`46H-2EwOyUPsjI93 zh+ISm{dK0psI{W2IFYjk(I`+JA{<2RNM8W}3{PtWTfWs^(cUO1kgi5yb$40R$C63^X|>Nzz6{8bLq-ktA7?NRn); zm=HuzB#5+%Eh0H8*?BZ4DB{d*nEzV85ATO(ty!~L`u4rIs!p9c zb!wlzYx_c_9Zw#2>rQ=NULK%wUKUc>Mvx3Z6FFaDXa5a!mX(#1KlWsN@sa zEIg2mLVsb9_Ya3VFEfEMxCYXV&0xHIW2_Dkh|57uQr8CO2Us>zCJqMlA*&9H#OL=c zB4$9}#^p|OFDHO2-{K4lG&%~E_K+|4;1+<2M&p$%5?x1zp*onewK(kd`Fu$9?_9ca zeL{m=drKjsIS}~zpq#0@K6f0@?Y@H4X4tp8R3#4lplzxU0v_q)<`e1zji&_AW&>1a zd6wM;)hc^>5%7tXY2X9WhD*CJ;;l*__)gF1qcp~Ma~$N{a$s>TSbLu6^*(wg=Z2Pb72z8r^@I~E|qHY+s`>_?iyB(gkzy=rukc70U_Ff0ij;Di7 zgypFULdfsl|7Fj3R`{;-R0TiAcXO`}gG0x<<5G=?@WUFF(78>&yF2%Szr!?qHq41m zlSi?E|Nd_7UpQb(2MjJKAW=OJeq>{vm^xN|_!4|4UFV>L@!g#DDX*1AgD2QZr(ZQD zqxY4jvi)Zn^8S~X6~kma&;?#>K3?A+HtFRgkQtaaZrI*KL5GeZuF$Wa;y z4#cQzbB4~Paa$^#`4Id(3jNyG=8grHBNc`3!mXcv#hN6)U!NpHB?o5#fgBYp0wI9~ z_eA*W{?`3iIUZ6c^hjLTC}t|-?=e6P>^MqNd)`tM=InLL?kb16SUZBb6N_Nrcx`R= zVp!FZ3;~$X86mcF4E*;i&TjNcHq<<82xV(@8&eVi~~J{*R~-$O3Klx!}zei!%V`{K^rneCL;P+ z5f^D0%6px)Ie;}lzdc1|H2&H7LWd+{X~U#o%Qxd}+^rJB=+XEU@OuvY;Bu_r7r_AY z$s{iNeV;jRJ3G{6ZcB<-32Cx+CMi2d&nusk(*3#j$19>^v9E)e>7%0UaBqf~f&~m+ zlIEsNFyWCBSsf?o2zOTB?TJu@yve)cZuju?mu+(;+nww-vTqE}tlpAFdFTZw zR@hM<8U`Z6m}aYtUb`8rN^rhWNY~5ly2#{dB4E+vQ-Q++D%)9neSJ;V=Whd(DNBY4 zeD{YWCaC5=Ru%2t3y&@FmsuKEbta=lB`#Y62a1hIVE$>(SZ8zc^zd|C`Za`L(u0~i zqyAmXVuuG%rg_gQ`5F2ERKf<^jOyU0Zv`4eq5T>tIn0xuABklhHL#Sl-@-E3S-&u| zMR0|bGYqb|h;EfrhA|vW9(U-=w;KY5$w^Vuy<=`$u1$b`6%!&Cn11^0ZVgJf)fo9% zIO~Ddy!&(!uhH#r=aPFZ6Qcu0V*nO<95G>xD6QHiPodNw4=PK)nPP|aifw-I{xYsP z6e_5HPJW^^L)#UD(_f1-&Ay(L(e1wu6$(xJe3}ZilaW$~-v&|BR{&tY3<(fnr;iqo z5Ht=cF;7|c)VYrt!%-oEV?Bhk@S6{=+jyP7>(TS9=ENI+_jq)UQ-y=~OJfzrthJK{ z=&q|E)~nCySCTpL;IhDW<3fiQ#u?GzpitZg@lUfnWGm7>o_w-CvFhmPg~G+FcChdF zWn)Ezf0^yYl8u{qkH#Gr44&}%aGXKrQ1I&WmsVc+cGp7!<DzO&Jx2(Aa!&a+>>sH!WY&0L*2FoC|Mzx^?f%25ZS%E z$sO;?D@}_Nd^T8aZe?{1ZRMN*m%;!$SY>79zII?%ESOp8G{WFrK03W}$Lg0h0Oq%6 z&*_~x#`Y_EK^s#ZICQMw0E~YXOvD!lISJ&NJ~z$dYs~I=y4E><&=p2SYnJiZr$=h~ zI{1QRr_a&$dzjs|+b~ebWzxGA@Hsx>IVn# zLba@NjSG08@D&=;!N*+&dJg+OQku%OjJpDa8t5F;>e<&IVXvu)^}stbwQ1_!s@UP9 z4on2k&H$wo1uGbu%J!_X&K>@iJF<^n_|Ya0hw$tpK}u);4|4Gc&U`3{z)3jzsXc%? zMhAA|>yv*}_mL&Dxz+x1>G=j$Ha_HW%f#$?%Mnd|)?yf|8`s?${f%@ScfE5S>&}h9BaF|Ab`0C(L$+^OoGv9Qb^CyQJH-l?O1;;xK zrYDUWJ%(djO~P2!5Uov>t*g;e$O` z)vlyR;1uMt7r(~9rq6~AXp=Fg5(AX^2tlhW9{j86&>384(p#mlVewC*(Dm=%5F0ol z9`$fLxexsWDmJvQ1-N0|Zf^0!oY(n%r@wDGx7q#rX)~dQfqNuh)#=srxS-;y;=?|T9QR1xz*e56q z?G}2LmMV@4d)AAYs}4f$2cXFJRU&qdHe-$W*||j;a~t#f0W(GpRTXXP5vATMRH@WT zCa>S=euggg1$ru;^n^+(7@%F%j>~bN97G+c>+OJ9`(*+Li9xqMyqte3m1QoWdEW9? zFn1Go@Np$`=mMM@N;Pb&OJtDsGX|d zHnOaaDU7%!m=oL_LR`GGvh3jB6-p8u-}~jK)&QElIMJAfa~a*noAQ(6!>FWmhyf@0 zV^c2XEW>j^V1G+hVu4+s>kT{{&zsd}I7)>Q7Ab!*d-5UX3L~)Y-Pv2~6J*Vut;(LA zKG0hHq^;<+AFIy$zLon)nN*X2atC}0aCqI>R!CgDtX00EJpdt_A1T2GBeN(6qlo4| zS4UpKUwv18>re>cJqiec*{?-~hO45KW|2uo{3);S?^>q5D`Y`$do(*1$k>`c0TzNs z_@?l32OZMt-Cz!qVECumLw0iC;d>R(?tG%qM&0e7b9-jm&*yS}kCdt)l{b6RYGv{P z5f4bC_dhZc(iX&3Yll%?-#KOugs&-E12;=pX>~!MH&ZcsaEt0?R13G0drbM!LGrY~ ztAKNbY6sjfN8-P6wW*p>u|6ndJjApUcF)Po_g>!~2Lx(9~{y% zD$nJ0)g~Lkv5`qQQh8)Vdfc7s*$$B^shZxX`M6?~M=qlJ3hBrootgox9{z1W&}3pX zlQ{qy3O0MmLiM~_kc;1X;jO@5y1ux$*u*905>^9ddg?#ri(w_Lr{#kTW`xKnM5ebY zPn3~%-2j?GNQf#%bQ)3`-@GTVs5Q`FdCosq0sP)~;WCm6fpFfa9FnjEv`183iAGTfRxqBl^)1on7}dRv+$(Wsagr*&Cx^&VP}_*ur$+;O@Xv zD-N*_D~f!P?YtFo=m5^Xwzpy2V|Xg7G&uq^Xg`d_mfBKJ*OY$vsx@cJL&=9P-2z0{ z%lYXs8~v!TS@121JTySrLo#y$Nw3{uSmXxi2`hoC`t)*hJ*<7@ zpXr=X6$4}54zw1j&kZ9bHV1#X1Txsx%iQ^BXvA>?v`6PC#Y}?xejuix^Na3P6 zU;Oc8SdAva&h?m(CtCrN79Q-cI7F1WDh`USKhXUs%{ z^x(lZM1e!sORq%sVhY|A1p%F^&}wwpi`^~%FzP|(Ai~QfI96r~?NLP%k|&1t9ii~*zi)^4rCz!= z2u-8vr^1-3c<9>2;CnZ*-=r9x&YCB_nP#OJUkKO+%kZX}4cLQtQwML5R5z(EhyC^3 zF}{~)@FKv1n^;KmJR6IL1U)z!`AH6~3W|~WY$xP1ueZ_?={{hPG~#h&3-;5+9)Sn4 zAF7YTw);6fS3$dygD<2EromL(U)T~~uog_J4R%JnYX)Q1dF+xbEyc!jhxf_Nzq_JyLmDQ>h5o9!S&&xFb7{2r^VQs81+mso71VBf!gMS4o*;>}S(PmS~W zWOfVt?eO-XcqQRH-Hich`19#vS@^q#g%>!4YQHPIUW#o2q(~GqSl>y){(4S(h*Q-4 z;PBQ_6l?*iW#wRtFxXp_Q;nZAw8+%k0nSxP*ceT8h^3F6BSfcz<85i~=yE zw>g74#;P$^!Qb!qk9o2fsj3AB9-h4qr4MlU4Sp)i_R9;zfrTdCvRyRFX{Ety6iPw@ z3mjViapT|j(L-*P5`*vWZX{k@-6qHvaxMTQuK3>Rsh>Jsazo*w4kvBJT5s&vN2R1V zr3U=h`IE_L5Z9Q{Dh>72LK3J>qJ1@m>xrAdZQA3-7UmOHl_!c^;>fJJfa`SjjG>Tf z_uU3--j3`PhK1%(nFH0NH-~1N)*4hv$9;U~>F3lBqtr2LxS=OVQD77My01~BKb)P< z#CjUEPzgRtFs4xs`eOIicteJkXffL_EI{Ob>{sJT0vCKE^MM5R*Kf*X-|k)xtGp#5T@h#Uynb_5;6p6euY z)D@kVT^C%mi94y6ZVVzY+!Pj)g7S#q_YFNuu&oNLWe>;{Z=wp-T==dZX;%-`Gr9JeVUqsV z#edxWw-3ZeKyTA8%zLS-MZ5>&chQMCShnp){PpzgZfm>JdglTFqdu*ey1uhDcn2J1 zH*dDd7C#!JwZ<%adJ-WGcZPd<_GaHWsjTAW=C)}#DE$@Gyw{2X2>eIl_iysop{T$i zy_zb}Tka|i_PX`AbQwwU;DXM)m`hbrOT^`e^UD?)6)6r#RyU1x#`%<#l(021I=DB2 z&>E_~d>-y>nyW%AR1TBKhdQRjw?}1@Pactla>82QfcAPnKfg00nz>hxJUN;_0*A|} zI{4hp^vUm+60K^Jc7Ea(s=dZpe;3;f*aczOvbGn)dClyM#s1KOQ?<|%Sy!%aaJs*x z(5}PcQGPreFL#j(d%mI4ig)I=*I8_zZjrF6@t>5Y#vxY%Sn>}x!$=wBb)v1Oech?a zABc2z=o-jE_^v96i16mf+!LG`dcZ&=eVg%C?3r%98(tA-mBCNJW6r)VaVu@hnjpe> zr=U>C>rM9Wg!?Xn)L@ux1~;mRjrZubY>o_6@$-VxosnU{4zrPoOL1PkZ4VFv`K?VX z$Vb)Fze7lFMEs|XPmWhGNP5GmPGMP8b%6J}?|i_6!i<>hQPPzq{WMCrB;pdBg5RbM zk0R{$$LM8C+vIkq?dZ<#El!!9>YWluvu$kHCSR7<60?~8GQ*)ATLA765<3l$>Ajko zAI{2f2}v37EXE$ivw4TmtoRRW#&V+U%K(c#i&qfHcJXfYohN#LE(?t6#^eBhIXy{D0r9KPDyA;0&gu*W~*;F5? zjK+1rR*~w~g4iRZY6$~)3|rRo&v&iaMcN1+FwcN0us)sO*$cpZn+xtgU~kN;8B=2t zoRsT?sEvl|ZF3PnQ)s=k%a0Ga4c~Y{6VhUg5U-Te?|KZ?hRZJ97%cl$xA*EgAZ{$}&31ky)!ATf!F9dV=y5%cOYWwap@t* zHNDrT(!mDv5bGd*v*#42uo3)io$LuR#A6pYD#l!v;ehk1>{}XY?ueKCsN&GKWt-hk zZTjJs%M2t@?HeL&ZXVA%V^=p>5%C%(%h(+SgYrgJ3M~~vZsgu4mj%$&V8ZJo@v$!g z9>;(kEPLkbc_}?D?KRN(Z1v`ov~JjBDJ^|JIXSs;7?c`0L}s1OKRygX4y66moL2qb zME!B4_?jpaEfMReyYO!3XbAL2N+tQ0Vsc>N-Sa7Ian5;Qu0+G-o8bUgXH6n+Z_uJX_Au9y}6{RUwLA1b+iI06vv; zsk3iI;RA8$8m`@1B8SN=xC-S!lQYl>3K@pw6j$<<%8;lvw`o{-b3V43>!6m%E$7A; z-iaVWtv1Nx&7p4oe{pB0Evk_T#?CG#%au!@=ELufXh8_Y_W>P{;F!NkpDbhyXY;&P zFbeb4>ehd~t$VcQ=tCWjitYeRs16D$Ng`kkMH5-`m#!ca-Mjb3%Yetbz{g+q9>Uy(LupRw)g&KKmK5hv$1HXC)YK`AEVVy0PvmiOp+jejL4-IfYb|f!$B#>YoE*Qlp>_npUtzJ_ zm2F88I#!kou6cU@{)L{kh$?e6m!(!xxhbj=4m;6P_w3f8uO1ZUAf8!&a>q*aTE ziV9f71hYLm^I?4gKKT*{!_B;wv)6rylx{|bSWNtD+WJ3#``gR?G6b&pvk5J>uAD;J z4WcopvHQ*33VQ8zPkcRgQtNl?iN}{*;F$I~Y#?%bo5@=2o3Z<6!qE0a;uhSQ_;RrG zJu{N0#<6s|f1<-~h?pPTta-5f5Js>6VLSL9suuw=fi#3x&vyh0x%nlhAwl!b`~7wb zojSWXf#<)#;asl{y&}`;L;)1w3kRFE>pfCvDfGjy5n%U!f`(v+jI?x;O0O9Zbk*iU zWxM^Q#&n=K8#_a(WyCS0K3q`00O>RMngnS2bX6#5`MrXG+2~W6_2iHx6eL1m$g^Sg zHU9A-niGs$PDgaX4UgK2$S}r=?knwP8Qj9uf61*`B|mWrxZ6&rGeRJ81(D8RgWaHE zs%Sn+H|bD1*P9(e#(nJdk-;wl+SdftCGr-URz)941hsPAG+u8GkSJfBuEg|J=m~|% z6AFUoNftV`%?pj|XGyB;mjS5CT07bFp3AMg9-9z{%*bX+`Gl)5#M;+(MlHCeSMI}W zoi^z5s26E>DkP3>pyYo}q8rkhSkAVa!Uy8H6@&B#$>pY{cUfT@OZ_BC>uXm>kRo)$ z69o#Vfy7oO2(f#nJ}q?EAqMC^MKUr(xy-vj00)f1Pp&Xt%&F3BM6Z8O$CZLVT&{sK z$Qz?u7o6ITjBRagZ;tj(Jp-kPyIws4N~)*L={h{#Mt4;D8lTJ;&(h?i_b; zazg6AP{|^K$T~a_l_V;XzqVfZel^E2N-8U>p)%i~{4l$!2~l$y2SA@fVs`+llqcTG zmBKLm@)YZ%@iYhHj-~RTqGLWjDSu9H+#}^MCSY@9zO!k0Fr^5Z-3)s8&MsvIlFrZb z*viEL=K^*Ilq`@^yDIn{Dw7Lfn|T5Nw|jV;Iw~K(Z)jkHn&S`t4Z~~ajL08TT}TWb zc<-5uPo536YaPt^Bv~qME~JK&|Js*@m&XHI%!sgCi+OOW-gBZfM!EpRZ2;Nx>382s_ks~OEv_DrzuADrmqHYGpI$xmM)_hol*j*4gIViiv z6;0r8y)$13Wf*lU4`qOW_94FGG~(*%0@{irx-VP) z82w-73M*kP^kCTJk{YjkSQ6JUgwC$$*dH7jYBC%x5nE6q_^Ie>A>h_V30ot81s>5Y zp!k>&^q6PkLwbp46O8jO;Qk$U&Hlyw6cMNepFMXrcQau=Gd21xInS8?E@N;VR1%#` zyeYn1V><}ts=XiA!%Upuvtgsw$zfYxPP<$wD92mkcVqw6B>!Z5@2NKl`K{_YAAt^KbF*LZNA8`@S;t8 z@jOA{N;Q(qrV!7esg_ofw2 zF;2Q~(Zc)g3zCGS(mh3t>7wf?KS8J{V3}3|0NTH*s-s2O_LLrR87rWpT3!u{z2;E^r+$ z{SsIs;w_#-jgh|chvfB8(YxPwQ>}ew3os#W^MC>aw-_s;!;3IRN$d%P;>k`8Im`GH0NvUZ{u2-pk^F4DJXgve$&PM$=xr+%Wdg1=& zXNV}l_Z^gIByEmgW0gt!MpjHGNVs=e&lGt4*(#*tgj1>#$gkeRPR*fiAR-4WYq1I| z<~>hWiE(ihTs@-#xscORJ~Bwq`25SSl4ev6uVS`?Lmb- zEI4XhXX7?Zncvl0gxVQb*ZATU6ci#^aO$dnNt44elwZads!Ng)3b6_9q9>63uYvhS ztQ_aWlipJ&<+YHN6CK|MK@25_NRWh2Rz@9=B#@_BA&4GiFz~{-Z4rvz{dPW1Iz%;t zTC=$wqrR9T$O^1SbqBG5SXdk;SujS&l7wF1%dv;-5OuZil(7camDkoX04WavHmyZg zB3QxLFC?lj?`NmN*WIz<^G$eNNWHZ=H9&BVM+?;3I=NJg&7CL}Dx8?5s+1K8a&=M-udQP^?i$ zYzPd0aTGs=1PGcTs$1bD)`}}VhJU;{46C>TK^@CRRmI`D==Y&dyP$C^KSrbc&j&|^!gW>V%E$jh&bA8W zp)W>DA;;(rebqF4z#GE_E#C_;QR*dQaJ9p{>aJaU&@CFs^rTR*n%wJzk&1>2Ul@(f zU{_0&=@dOli#2pVn|1R5^vm92HMCJa4aW0sO@#*53u?d#K+?$+oB&D#*2+YAV)?bd zduukzg8Ojgz~y~zk-M=j-?{`BPDSN`5Y|9IjM39S``!uMg98s-P<96zR$S|xi4jz* zNT?K{Q{Zow$QAd|d@HKI=~FEO~hT)P)JDf6u&Mf5D5=REi3XIs+jCVkNYxEx5LU z!C64dU&(T6r?)zIR4?SUz;11`TW+g(ro(z+_cM3;3cT+4ynlFGZzK0v7vQF( zKa(S}6c?W}*73COB1==+C)-l0`yO)bM+;Zo^>Bg!Wy{V}L$!&GIpeR%%3)1?pqGR2 zDiBydZL*z~K#aUrSBWJu2FC%X5QSn=-BErlz;51OVED_Hn`jMyJCo2a?WTZDMGYc( z5y8d;Gbj3Y43_N~7fhqywoyuGv>4bH02d&TY1r@Vx8uaJdi{we=DsV}y<`tbeZ4vI zhML*f3r?UfEjCxAI)aKuw#Gfi@>FkNPKZbzWDrLV;elhN=RBR*znV+kpg(@9BmM;9 zsRQQyd~x9HmmO<+AnelLG9&)X8SZ|1RRJPN?5ckC%>LW!V##_&;GBzZrbTR5ii>gL+2$3e*9`|sJj6g|<8501)(KE%ol6p?daPkg4&+Og~=P<9@IbuKvmliLN z4W4d(#o*Sen2Pvk`>NA(#E~w?t35!lmpl0>m$lb*I1@6z8~Re?J^0y1z6vJ)XzT|J z)8j{XGxm(@xwb#FQb9RltHvBTdYP_-9Y0bkTssb&UzRkTG91z9W(xoio`#Xvk~1I;O#jwBQh08pvHLtAR{f!0^D(cK=AHYblhn4W4B9Zm%~BD1@WM@z>RC%$R!3OkQa zM(Et}6$xG#PUb7PR6d0W4eezxJ*7!H0so%Dzy3n{PGv$vAb)QHHG=z4a9|36iInv8 z0uNf|*P^Ae3=yMUX2}UBT-83?ow2lJy6KL#{f%B76%l@eQ?ITtG}{6}Da&mtPiEaS zhAGN-Hx&Rq2UH63d4kxM>44tk-vo%s&JxZ}ug4ralSsxiTN<1jJraRtc4VN`Lx6TW znbQ~Y{5p|;snO{8u}BK2`3q%>niSnUgV?E^8wbf}084YCs_2&8`+R1zdv6CL#{@^- zD4YNS4DH~gCr@}mwk7&{r-T&^D$arAh;;7|B#Y<=L zo5B6~VHQjOTo8!i)K^yr6BcDC2I9Jt83%o;?V=ql{vq`n@hCmv%BjVzbvJ7ws7ACi2D`BdCYtMq4ExKxT|(VA5;k z(hPmBJ&4+Ea_dTzv-E6Yh`8*0$3acP6lyQ~{1{ZO$&WpdFFJQI+j6`@ezM|j7-t2Y zFQTh#21S<{H_dl8I-v;pR6|_DSOE zQT^lcBfFfMjfMvrKs`}zs4m&8SWJMLd-}_GWABDxkjvhoMoMtLERyY29b)zxihr9s zHTA=(xm0$xN1mw&YhctLX<~L38hM*L;)9T3O_zYK7|1*~f1g^mF__?E4ZC@@@aZwZ z>45sn&wy(>=HlT8`%UhZTt9wl*R>6zxbgb9R%OGtl|DT>LKROLhh)1!1SB%>(ADc6 z6U}{X&tz&$yRbU3ogu!D0g3$(6y$lNs3qi2c}osC0^trTRk_Hl}w}+2f4_wHVcp6=fPMTez}-2nw$JWQm_g?9pu%oU1Y6EEHvcjm+{`@ zwhWg$00dS@^sV^EYss9%Qe337Q)+7*RbV{Z2i9Q3In8MAIqd9K-NqW61qs<^QQ#j& zN!dii%beu5D%{Nm77-|tAa;4N6AK-ZTLiuOe1auBTtOjar%Y_v?rX?zK(c5pgo3NL z?Y~xIV$cs{-q$*TxGhsy)LU;Duz~LeRHna8cdZ~axW47@Luy5|fryG+Cgw*X$h=8d zf4n(kV~x4uM>)&ZgN^yVSIGSL=H>VC01JTRTm0LzD4nW9FjJOCRlE_hEZ@R`&ED># zTjQsSFO1u>Kpm(#??bi#{gmx=Y^nbVJz`&IAl7^Ru_or`QZURjK*oIh zM_vm$GHD4sR77<}vhGYXz4FAX0(mwSxgQ!#S|}MEM=VS!n^@&36eb@l1EQC#)rWQ! zCzr^Is*yU7FB>w8&w19bxk?U5&%a-4Uc7k(f5)X-Tdo%oIQy1*wu;J065@_M6KNQ4 z7=C?Nfpwi%-)%1tr$);$EwDtRh#zK}0pCTZkJ%4{BYzj`x2RESRt_xq{>jKz$)m z=_6ta+3EV68iDTLeLf4Oh|~<;2J!pkPLJnaM^WQ9chFY=l~6&q>8b%F+GY^cGiCCes0WHO0nnm6(46z#Tkuu*^q@*#PKC<#T7^w(t_$jIl59A& z$LV}4v@CFDl6}uTTC`1-2As88iXv8-OQ;^~mfNrYbv6gm58<$bq`Whbp=I16RI9J= z`TgbQ*HAAY^*Qe|esLf`Z+(>npKYJ&+dM5Cu*VezqsNhUDxC3lHICD8w{Dn8KqKO2 zZ7tDBdsnr~!rruCdzHXGQftlcb-KYN5tcAS`Iu~1DmQMGb_vvh%yj z1gcz5zk|lWUtcBTa-@?Fr5=I}2GUB^`u$FcfATmcd=Gbp(*(sp! z_9Lr391dCePz{B6yo++F4ENrUA%B}6U7qDNzATbMUES9zR7!2`qj=L2%->>NN9(9ZO(QD&?ySl-K1 zB}7HGZ|@yZFVExdeffQt?7uOkx;w5h*MiG0TF3fg&l zVJDR^?0NRPQSdaa&E}XSU4Oq2@ikB#SjBiUIZB2}+WH}J5>LD7$vzYXLX_2ng6dUw zJe;nvNXA8(Jn_NrK^r^=H*3Ftdp7(_c$@@**LpknzQU}1#q;>~vgK%5EZgS>)|B@d zhHsf|E9TrhiLxVZ_Pjx;zID5=8tzvH2jlt5a39MeYhjq3nzACXhTtapID;Gsptop3cP=A8QFi)3IfORs~Qo5SUWtzDVA7$-46 z0ts1WX>vm-B>AeZecX-VaDLs81Dpxp;pCeT(GWMmWVC-Jwhqh4j-Wl&#@H)w1)%Xm z^wAOjp3J}gLfQz9qDobq6Yg^r`GN_y#~4S)e-R;x@#w!LF(3>;u$cMC0dArcyA`Xt zZ83DB<$miea6N^jIB_jH%ZbuH2(TQyAH1y8iBPPwCt@^QchtA~l?mj6`P`OOsmzH9 z|ItaRbTA$#qe2l%Fdtp+d0hi*Z-Bp$7pab481|f30`GMQ)s=;+!*T61IF$|FVRr(Y z`b@MI8ykxRCp<9GDyyTQzR5US#$fUVm@!kDIE8x2nI=R%!1v}Eo0*x#=;ZFCEreY2 zJ-;K`GlxOZ{QlH9SYoWRsRAGD_XYY4iL6nqP4)Vluo)sfU1@`ZPB86A%bw@BZKVck z4shYN(Gy<36)d=Lg<+Yrw;dWR;O0b`sB+c-9ldqIumuQa!70_KaA26YxduFGe|L<> z5jfJ(7QVNF(pW$Ez<0>kus&09k!X9|NrJlPmsOmJF%}nJ$M$*QFAV@}#l^klE zc6jm~RJcyGytx6JhXBmT1HT3=%%_Z6oDmL-ll-j@GycOCe&u*j*tKYhnz=|lj9+JU z4J2i(K4wW}I=asm#N^nT}T_ z!uy#>D#qz#N&xupwnuq)Kzr_wmzP$RPGv^y#D>2y0{>9ba$VIuTflG7)-vtG2&#T< zp&9Y)Koc=D1~?fR86(KJu6cPee+V|VooUvIa=tDm#}^$uN=4MAiA>Hq{k15x1NQwN z9OQh~MD1m#-f}55`-t9B=JD3p8HPz9pGBM869WnK}HtCxRr*hgxG#?}NV$3eI_4)v8I z^^8JcfR{d7z;b}3M^&G`pB%x>7*b*b0AeVBDRoFTcGiLp{LvBMi1ltYx8S_le%F8S z0X@`e%SF7mRy>l~Q45Hx=?2#5mII_WROna&Sa--cjzghh-1KsTWuY-9Yd}8K;S%l= z9ZL}P_Dp$ht`N`LJ6{Cc;&H?B)x<0qv;ih@{l6o?9(k>Izpwzj*7Jx-kgg&`SI=kT z;nD^}fLTttr3`V0bi*B(W9W;D4h6?u-d+LmoPm50B$aSy2nc%nkO=no9hAEZ&L z&fZ7!%OvJHX9H&Nc7D|VVF6ss&_=)4>C*OkJ}Du|2UoXzhb-|vU>;yn$Uy6ZTso5=gW}sGBHqp`DmCyslE`&T zSS9i7oZuzzuq#)bfoJ-DP?y2{YC9-c z9=SEDOfl;*0ik=jB74~-Fzg3dJJs1o0LEes+FCljZGq{0x_n>_257T##)AIn4kHDTXhUSSP%dR};<3BgHzdPt(YdU_4Do3THvGN+F4uMj( zLRrS*_x@BlpHKep_5L)Q|MlK)7Xn81Kii`)i)MO>^2{BX?y7gYscYgQ|D7|0fZKlI z_<`lOgK3%j&QY)EyBc%yYcwhCzQ&R@YqETfQm5|L*~c42eYj`qL`?O`b(X0aH}7xN z*m8wbynEZ;fc1IDw`(3S#W8qx)}MK;hzlgNc6q>mJKbWn-@I!m^=vF1D3W*c`0#gK zHw}0Tz6(d*^DH09JK`z+pZU9-l$ZKCtN;-03)oN;z!iO1ana_dJhex| z=3kld^;9{WAC#m1c*L9u#)VRCtB>w`!v1-&=DG~?1+#*j<*H{N3WPJ9wzow@)?ZYBR`x6}0(Xed0CxEq#BTEinLG*mlJ z9l7T-G-vaM(c8ocYIj%!G!T#$>yG{q0vWSiJ*lCVw=C{pS```ds@Z3#rl0LCbY$R} z{lh;#{LkpHI(ep({(o(BT|s#duJ7E~{-`(gOkY!%K9W?m_LPT1@&ocSDuh@urokC7 z#Y+YCI!f%2(>RCI##B@OZFe+Ga9Xnr6$T}mybaRLu>c+bs=!Q*)0A8j*CFr{J9KU- zp&VZS(qlX4%;Dd+oweB0YZ0lLEMWg+V$2HMmKMZ>I=I|jwi6~~$k9Hftuhsp%fiXz7E8!*KcHP5Bmbur>xdlEE+-Ck*wB8AD zDQhK5%PF|mpEK7#Ij@9F2o(qsO*@UzK=crU%W%g%7Y4Luuse-LGL(Gc-@nf@pk5j( zVv*5eKwVGitmG<6|25RG9OQv+E`P1P0R0lp+M4$_6)QMsUmV3i$j-FnC(|>V1xhkj zwvAzi1e=Rv3w2lmtE+{82pr6XfSLR$43CdPR zyp)olPU=uPA^E(nK^l5Aw!%_|V$tKw;6hK9-$cjvoK~!YUY@ON8P-u*_xoXTJJT4AqU7|22{~|*6l|Wxy ztj-U9tCmVRjnd-yb0S-D`kxCxDJ~l# ze1;W#So)-MoSEZts53_LVY<4yjvAu_51kb7Cw@n1lW7g%^-(VN=(;fs5WN*NjJ@(b#p!oOcH-; z3EPHE!}ZSkXjI;aI}LqC!tEPM&+Lb@Ub6q#Rf?`a1#?pFEdA@;^U@o0d}TT!9zRGsF+g`b5ME@XMUMu zg)wch}zK5aOfqco}%^=F4&_L9DwO_(P-4UpTGP36m#H zZ(bn2!7%m7FK-4*bL2Di3mKMNR4@R7KvbN4G0VL?Qc)OcoGxa)Ra)M{?Y}#~!%NNj zd7-R#71oa8C+TF><2$fIe?4|`52YCggDgcmNOxdpaPSor$|gsA?5*e|guUCK`|LP% z`DoTaiOhrKWYG^9i`R7mB^(4h8C!b$*HZnUsieA*N`m8)ZQCZH5b_7DO7*xvDaHv7 zJO2OaWoRmQ-{58sc@Y5A0apsxys{*PLYkl4+^QOkmo5O~<&T;2qbUW%_PyQ#5qOPj z?QL%kMt*LAQx3#tNUKc#Zp=^6?v;_nT)&_m8`9wc8jnuHu-vkIOox>;{^`G3xctwV z0@qW0J!_|=)nzz2$!}2%O!|He>69*s-sb<}I|63N4cCc&RPenj#_c%R_Fnsph&Qg{ zYwl!KdpcIKnd|S$AoEFYum`67PbiW^!QQcu`Xp#_Y7{cw*9J0Xg8b*Rs9^J8j_6y& z6HR1YVf8VEJ4k*|)!`Z&Dc(5QUcETLZ_xg6rjNJi#(g@U{LvR7`_80w<>?Q_!aR1~w@2VLKsy9gP%J zTe5i!zOPBJGm=eov_$-fVIoo>E(GO@Z-WHIv@Z%ALn^obnEk{Ka4|=73!HZB1qZO@ zg$uSQ*UZmIIIl%WGQSg?W!Ya) zBYZsF)5F2pG5^8}2G_-b7B7rxfCf^6v_cOn{hlX)mNvzfi$~GYR#oyz^51>&>o0jF zOU9PMsc*w3md$PigYp|NxOm#-l~jSc;o;fDLKxKxdB(J2jZ7GR`)55|Qsrw{d?czr zefmd-|9S|TC`Er44r_D3=YFVBd#9rz_pcFx@2;X6l-);)4?@o!z3(f5)j)JVc+}5R zogy#^5(0{ISll$hSRc*pV6>U!|4NfjfMbPuc|b`($p!}xVBXaz>0CT-ZD{o;A-M6y z!){2ol0wVzSI`nu$)^O1!cXi050(kw4dMO0-}C$|lPsIBHuPr?DZ@j>5QW^p@SAyR zLsvqSHh*ns8#)b{DU%cjyV04yO!9{Wstq-))LXb9_AL@K@ki$&e!&N^9IR?Ed}o+K z^AlNrLz1k!{ESRU}hwPKx?7rh-E9rpn%)KK$QRcg2kkHdR53=`Er zAf++6w3l080@JT4F~WM|pIe(-Flp=3vVl>=uKnTd*TaApKCtN7M@JwQDOk4iJCW~z zR<9$7_U7N@RzCriQIFFr1tL@?J@R?=X6VxDPQ9c!)J(cn~%?evgs^AyxeRUDGxZ-9sVcrpM&=Ms9u86Qk?r#m!rHv$LjcYzO* zWpozV9*x-##%Ey2kXP8*;#}uGP;58(;{y~))Cosz6g=~swkaGKbhlqJ%~G3ID{}_U zo#LmmmM8zFy1vSRHK1iGa4dL_UFhsW$D5?wyi+rRKnX9MKv~?Z=HpGWVotlVZ4plC zE^s5?*c||oa3888LF#ukP~g-IddsH~%SN1d&PcwXpJ>UBZ3qOO(Xq1ii(7BDWC_$I zTJbdLPyf&_pk_XvP;6vzzXhraH!fp4V=y$l?YgW8px@<J4Jyb+3tLJJ<~s7($gJaGYyKdPIIV?mqbZwTjnRMW3&&`!>M1zaJkL(-oy&tFF}_ zpd?V}89^1;-Q9fyXWZaWp{!k;^TASYAQZURE<;tdSy(D>$2nm<;AG#G8UER6@63x}7ul&<>T9 zfq43dRXme&)ZD`W;XUv?&*7nJe51A+8vxkbNJU>~dn=Hy_ zOd{+mg9R8d8a6}H;R>(;=GQ&5Z{D_f^ng<@97;FYM~ok5k|6XRuzZ}&IoWfSH|`D9 zH47T!jOuv(2H^R8hoS>iVtq+1N?ftvzLX6{%DbA(u&ab zY#0LfZ!(F9Am+yt{cuDq4}12{R=x$B>`M(sH+YNPBjT8wTHyJf8|X+Wj5yL4qjvEE>X~vY`rJqLx^N@CsTF~%HoC1bMJ19bY{i$InZ3oB% zIM-G=Ok3)Ye?;6LO#Yt|4EHd}Zjy1b8Y+d-xO_CyX1lVXIMd`y2BTG1SJySmxMw(8 zY4Tq!fT-C7l^nfIVAMuTW8-1DqhVUfrpglcgsIo5zY*5$bt!c_F*PwdQ*lgN_wa1p zDzA~3e8EqFv#s}3HcD0{f2$A$AP%1C1wkIwto2SJi4i6~+5R`%nu|df0O3}&N9+|e zX$YVfBLk>7Hu;g~tD1Cxzr5GlqRBW^&E+{1bT4|5631w;sUuZ}0jGY-9>nCdpNe`j zsGAGLa#F92&*+G@TCsT~Z&^}8NBKjgWVx(iVAnqv_d(yw18TKdYvq9M%cVLqrPTNi zAgrcRZl`<$s(X1)cZ6ru8%nyJpXD-;bayaZIo9-bv2;3{|W0`HGz3DQ_=&_6J71J7+sR**IMbf)Co$yUkSD`M{xB_0dOjkl|K zNxLb820VpyTTDrE#AH`jEo`R+X%~^(Z!Fer@3rVRqM3Nud4BVR!9C&4bT*qW^hWWSp=*X6m|=dWBhW=sL4-$D?;V$J(`@3Mq>cJ^-d8#G5~2;Lf*} zjlp+>3}4W5a*)q{lb>pqH|;%S_yXwSWN0sz1PgB)*QGf~_5cJ+cWo}Gk67OT6oH;$ z(ooh6-LDO0gsMg~8_BAjIt~3nUA=(Uc)L5Ly|H2{K#}GUS;&$`n%sHEzNGM4`Q8GD zsvgDOL)jBBV_A^6K@-e>UsU{1D`&xKA!m_|7Aq$Sr>g1aUBcc*6@zb&9dNjPsfLap zg>L-{fBg*Le}+yo0R~YG)|#OE%1lz5V6j}qNc7Dbp#W1p?#+Q1aZG4QwrPC9o zwT!QIb^rD?4QBG=wbnLrUoJ2tmDTNI)~#d-hE!K>ElZ1%XJBAL+as*Z#B z$#_v=&Z1ng_kBj2$F(9?e}R(iwVL`Kj=({6;*ydwgCMMjBYaCj$(m$dWii6NLdGV7 zWt-c>D|8rN7C*gF#qDE-YbTNb*S;*K zd?)5ddws8`b8n-1o`iDr#Mp=2yORR-fn*u7_(Mxn{2XvQYkLVKF1k2%Ev6r*w|7NO zt|CvLuYHi$5;vva+4~6v$qZQI@c*{_qq)U$^PH#G=xwhJ+$(S6c0e3Zu|X2*Fzavc zw&A`uLYB<72-B(PRV({Gv!n$hg_`8Yejf4A#IJ8}E70iEJ5-U6kaHjDg}e6`YUBH$ z>hm3L7rjIM>9_od-@~|Km1V_t^&R%bq2k)?V$^$oYfzW+bbi#r#-_0{-kjM|f2+>!!0ZDPY z>gx6Qg}`cM`UX27b+FDNz%U~&vnQh~BDLMkzV+RPGzkcY?d*^`%q>m5T3b5Elh?j_ z{Y`#)w6?N9%u!hR2w_)Njwa1ElvU|lHT`|ndEj=)Q*-TwXp|w|wd%=Owljh%Lv2&n za4Pp@i>5Cq4$+_bs=qYl;9c%bqY#+8hPio8G;c0IYBg3LjicQF$7YsV9{Hv_zSL`K zpf6w0Q+S3&1Jookl?_CcEoD1nl9Rq0_3r@o$>jE1+@}ySdxq0v2iWj<6@h_Sy)DH_ z`OXfzON;XB>7d`+(1PBOkqJW?$f5pJe1l53bZUADVqiwp9aZ;|LO@L+2w{T~@NPlCfjlR=^7Q&fY!^;Curd4OkJq?A4H0@%?O$$ZwQ%&sn91=1+soC4V-_@qG<(Ub>tKhm zjXLZQ)GVGUvA-MWEusEbyzTP%-V>W$T5eeJ7|{p}g0Z$QqdD>aw~_1mBXaabaT5gkw=9_w%9j_aF+hLDYM# z`iLm?dT>F0oZ${?Ogze8%C=GkK5jJ_6BLrF32e@puWN*kBNxumo2`ue{UCo59;1_g zx)q`!Bzz`BU7eksnP>=x*)#f4m4_8fye44j+{jG`d0`D*kWs$Cq2q9|`Q3q3b)?m3(vXC)Nudc_BDs*CQrDjAU zLU!u~XAQh7IXC12ak~YMrEt;m9=a>*5*8Rp-cA1h*n97IuJ`|M{6wVEP$VRc6SDUV z?}nT*PqH#IGa`G_yP+Z)vS-7{rtI0UX9 zJzmfCcs|Dcald!h3L)_2#RcC<#2r#ZCb8$k$8)RE4^DmCUxwUpki z?RUgNiG+W)4#rP<-H}SuGm$4a^{o3JcpKDq9uD?@X??g^01&(x11aTg;9Be3RO5Ei zo8^oYWqfv{N!hM}wyRDceZb2bPZeclWp~xj)!Yz$@X->KK8k>(cQ*?5+JQLdqT=jS z{-X0_zI-?*5$mi*qJ58e;)1-g2QLR^{#D_p)UWo4h|J{ez-zKF2 zxnfRWopxhR01|7U`e@bjK44HC`jO^Av&;V8Jn|$-`MvTPoJ51fmJxSXGM$2)P9gZ)?e`@1mcH~gtOhcU>UfucO%WR(AO1CnAjvalw8wSR zP$YNe{JS?NhhAlu0o|}lsD{enpA(dLMMNXmIrL#x1~wDz_SFyQIs(*pyws5O9PvXK zW2?0;H)K6)af6BDyWQl0b(bw0O++aMt#>NldDP@FVO^Ub?Z$Fj@pB6JA-=g+>oIFN z-^M0)4F?GW0Iq@5Kaxf=AdGE6L=gn$=yiKjRLW8bdM#JG%5l29g=Z%&bjMl(iZ4i(UKGgKaGTR|is;eG#H0r}u zV&cZ8jERUslJU(xck|QZV13KeT8c1o04qyvb3jg4YsV3^wRjTYF%j3yag!<4aT4`$Z{ocuW z77MqDe+k=c^J9e-(#Z*o9lzqrkfRdKwV0&?;sR^ZHGGc(%k%k0LHkb}QgB(9NGFXU zy_}}MCh27VMN|!V6`gw%BRE`1h@XIYIb`G;0Z+9obK`?m_YOyenU@zRmiZSi%wwJ1 z<+WbM=b*0jK$H!ianxOdbn@@v72^O0`^LW*2oD>-CjVlE0}b5PjT}boSfg0Zo-Q+O z>is}38i8e78Bt+|eah>QrCPI3`Tvd^ z0`?bKj1e--GsrOKODJMB&ES?=cKhK94!&}1oVgb&Ok19TQ_r_7dXlUCL`G6o0601prsRaM&L08bMd>7 zuaBqy&{hMFb)%~bGl2Xy9J~?4kES15fj@b=1E34nDb=>yHrpFKaTQz0Xh+FHL^~?XN@Y)7nN;miA#z=+1k%KZqy-$qj4rCw1 zg+G7+N0hO@{5idW+^H5$z2V$v8@-ER(UYs68;(GYiv_5WcShxXt;@a1-(sip+>@HZOkk|y zqLxzpIf@1~$BQ{*w8J-V?PL(LL8CtnqmMN4z+{w2LUjEHkNz`%tn{KZTYj6nz~J-R zHUJOkpz2K3k@njIZisEq#ic=gq-83HVY3X%!?5KJq(GasQO>OTa8qOnCFqw&$^`5{ zbu3yz6#2!&?NXao^b+GxZ0|uzP6GcZ&4$w&J>|`F-r|+pmXVp*1ox@@Vdr~!>@v_m zpz-AjGR7$aU3cBU60{-62oVLX|=T|tQO?M-d%PDE6AgU&?&xW|3xbGqKi zKXZg;Ztc&YQfuB`gfxxj+Cm*uI67}J1lMeKEN4xB-DKV0=4lYpnSro)|Gl)wLSu(2 zFzGEZp+5_qh?^ca5Zy_)P;&z@wlr?>pk(*jLc?D~c7v{EwxClHNdQN9jjl3Me^^^aS!I4?j1|o(j)K zDIs0hq0;r+%dyfuS~uX2TZ#YS_WeIUIr;y(pNc=Hm69FHjFS0FI#WOo4GfanpfT5Y zX9-9DlZ|}^QcHr(v|kn?5s0~|UU?0f-vW+J<6ER`Y;1}^a_q6rcn?TIj&dZF#iA5n z_ys%*N9OtCCcQiT2YPzoQl!?v6i>DR)i;aujOOOku=nEMU3A21Yt|DS<_Vyeiae|X%@0*Bd?wBQ*A0p` zN%I}O!Gbt-XEvHRx7|Vrrd_^LFG}Iw&=W&axlnp++2}o!`}-jb|6)A}DRdfvfKzB( z224jGjfvwLnY-h=VDiVGL1~YLCxCz_we=#fZJo)WU*NfAQNlj54^K?;#Bvs(DZHPg zU0n*tduwUFin1S+ODu>^OHsRO_`>6*el_G@W5#Bd+I4Dlp@JC}8X7tfWv0c|${%}jpC%rGQ&5kQlgC!M zi>T-{{rLuehq}hGecSNoE&wHat?Z`x$fx&vT^nBB2QGu(VzGevI1M;D_NQXx*N7)p z9^PVC4^1F!jix)j_XUqLD@7Ne7Czu5W*(H0|NdKU&3 zmBf^8tmOT&gyIAfDtiSeHm%V^hQkva-V=~;?zgwPr3A@7Y$vo(-7`{(ukCd0A<%cN zUuq*$Bl=4G>n!nMOXpkKnA2JUm_e=$Cl19RNvq1dCQL5HZ|}r$5~P08jcJ*3r5xi^ z*x12P1D+Ptita!|QKypC1|NDU|LqdA)@PBP9BPvz-(O>U|H;$);v}(HoN)iiRJ$F; z*;(wa$+bu)@?}xk0oox=gWWdWc<5f^fi+JRzLViskhGaZVyok3mSqd~r@e;%2<;FE z9h;7{$ot2eWU%J{kGEX7hzC(U)J`6!k(;&s=3)8B*9gK3YOdGcDXj{uw1Y?!c%}Xx zc#Zlq$dpr!6!`Q;fwZ{Xx)wDcK?gLnux8dPVEMyKnW*JXhrh2}fOBoU5$ULGmNson zIppVghnkmZv!qOzsED6~`^paf>CO^Hx&LD%f8TNex6%YK1zG^I(pokUkSu`fJH*oH zAW`ClJ+WH5A@sUI)*2fGGNCD%vpRpnE5&$P3(1E=7y))y! zSFN$^26di}n&u;Q1aOd9YjjoDXwib@1|&4}11xb7Bf(-oYhJYo1l~%iAU;+An&boO zdiOhSQ_TAYr6@+B;8jt5Cc+(R#)?1z{f&F&r+HmId-(k%D0$(HNTnc{YLo@ch~iUd z_d`<9^G}j=16dmD>-nyw+pXICTmqC|T-(HXnb3hP{aa3{zFl8LGEI+Rw~@jo*$=aH zJ&EZY5zxBCeB(;S%)Bg{0HBm&=r)U4jp*U~!vU?!p$|s#m^SB+Qx>fXv@Tg2F>eKQ zh_8buvFl~b1&a01^nQ$T5R2-5=~#UG#2KJ<3C@4&zRH*G`^I-w7ySfiU3|XD{b8Ak z6C%dYh=yVk$#T0ir=P!}UoC9>c6W08igFTm9rq-F zE}8WfWC-W9sreWiW(l=;w0 zqwc#%5Po`4EVAlbNkKZ?;^w8jv3U@DOgNg{SZ(0nX5hVs*34*UvTo^p)Tz+-l8WC{ z4ON7psZ&FVb{j@P`dgTH6>=1Na(skU5nQm4+BAF3uX&z>+a!s)BtUZSzDFU@>!4mg ziognSd9qb5;v{2O4|ST%$KsH(P<=j^rW#zE39bmcR?uP6M^ z7KA7j$fWc|s#z={DM$_HhiLgn?;a4_Jv3hA4@}&=lwWBP?P5JQzSx*O#+Y5kNx^krMg}!bIr-7_S(niA06rD2EQ^TE%{Ct{qO{=K z{)DHWKE1e#8uo|0Q(2CMrxW<#bPq8KUiwr}A}c9bZuGgdC85(EbMYP^jd$NCLR+9W zvGEeC^{TY-2&hiP^st2VH+^Lbuva55ABocfm#5zucU;~2(fJT)l&|YceEOv;$gCx* zU*$H=jL7YID#al#0l^D3;U%BU+~~QFsBDyNv=m}bcg*6Y4dz|v73Is|mN32@|#|pPm{Tcp&h)CEG z#xb;fSg%?>qH@OxLZT$uR8pS!bIgp6v>RWzk+x(N^fp%jAEz&iI`v4kYtfg_uXIZ8 z?iatn6(tqOp^}#7fOU4q&%()$vIsS{LvwDHOt?x~4o&O0+&)6Y$AM_`4zM%|*Anr(Q~GD(|^-=iCQ3OV=N#9K>LT#wF5AdP;n%f>z4I?4e6As+%PRx^5kQ?5e17lqFIs zEj86z%AeeS+!xDO$!&%&O06Msj7F_PfhHc(YwWY}XShQg0XylrIRa{n0CSgl*cYhU zaC9WPS{4geh>}fu-zvM#PY8n))p@R0P)>8MSuct8tx1aTWvM$dAF6=G2}&KSTJ25* z1N-F+K?tEYg2Z%d+8xz;%M7~#Prp5SJ-r{B%3Cu3JzToK!K57>qs5v~TC|sbe`bP<`hfxaQ$%Mao=l|l>nhN(?`Wjfo%LRR~Vl6-Fh&{#lz;{SI zE!VojWfu8E)zPeLSyc)6MC*4fs))?%7W{rl8=K6l4$foj$=FLPreQ6Pr*GG z&@HPnE0S^?CgG>u04lS&MC-F4l{{|r(;t6$xiVDH->M=Cvo1toR+T5ri;m%+--365 zn=3BetI;eB)_syH_4;34@Z($heuJ6u3e<~*PhkWnHRXg9W&=tz)Q)uPE>I-c!lrc? z4xeAu2VGCHvNcdM#w6@G<9rDltn@h!U`FYeaY!#nW6chfSTG0<%rJ_YV0dk1qiqz1 z_a$crf19Z1oE_wbM-+XWw*AL({&@;;D<=Z!10I6@CEuG*F%?LbrSe`*AhwZV+UKr6 z&GsK(f;S>Ldyr!WNMuDupQZI5r~4|`5mlc6O0z}svLY0lcd^{`7YHZHQ&B`6$|%{S`@$(g&HG@sUnVPnU2xr>YuzM)S=A;A93gU1PCk zy+#DaJ0zGHyAj!uq+YKzs8Es=@kSsF_y#Em4?(MbYJ%%br(dyY_F!85?AJawkb-Ap z%N>7<%Dct)p~&YPZ1wh3GVpa-JJKNYgP?bPr8K54X8M))S2N9yg!Drrc4goS5G7}^{n{EAsZtl|t^Uv2Q zkv!|0&iT5Y^XYuuk)i;L9oVVw@#h2aZHa0mVVX1u9CFNInrPC~WtQ%!zaF0D*IMF@ zi0HXl0v?v8s#Ez^)abIRq26I9V2rtq7@J#wbEMc;)szav&zO(tvFCg_rUrWNA4BNYCDmtJn%e;%y#t>R-wG1f&PtWWmoE0ZHtwXS0h#6y%4m4rbl}4n0qT)Fl9|bl9sUEi&gqC8 z)K2J#VG)9M5CuqQVo(x>ILI(~Vo|rsZUyCcV?=TM#AV?H>u;=Zj`n7+L ze_XK64O*L<4SAEPg{pT=5tmCdaD>ZRJUn7?KNTH8a7j5AT)WG*D@E8V-yBvc9X^_R{3sY z)5sBE%j$Wg9Ri##Cqw67@04YUG*wK93Uy!tI5m4A1Phc`H*8}IU3_0Gy5y*ss_=4T zLewt++!@*hm)8}ZeO+H)Undm`j6esHz9NpPdsE%(-^x1o$tSls^cPYBKi)L(z$gWC zGcajf0wHjd_en1W!)9v37S6_nROi6Sx(!uGB zf#f{JTaDmEl*1B}F)78trVfaqkGuMa{DA8nk;$8+U%H+FLQcK(a4X(P0+H!}g1S^r z8%5&HXVs$F(P7RdrQXJl5@S=wo1|R2g$7Pxi~>eK7c#1S6-jEMW3T8Il1R?x^{WrN!{?-v z6vR7(Kzp?KZqV|KCpof}R)~k|L?&{I!+p;eC=hxh{jc907w4zgj|GAf+u_NPnQB+j ztbPY1FEdy0O{9- zsr-C_>NgT}>H`Ojb?<%w&tK*fap#_CH#y6}9F0EO%Di}L z{|Z~?tIrLCw$6lh`Yf`8i2Ndxf~`8R!F`RvqCLk6f~(Le5cBpj{M_>Xti-Aq7ElyT z#c8hp<0{xyeo4hu9hrO1iNqa46?au-jGbQ5w8%Met@l?V-e5_sCv&kvOH+gDU3s{= zTL;%&{}%I31&u8{^;Pzpj9ES{(=*#rJU~$~v{}6c^wibPycjFz$N&s*JphbYI>?yqRZw zdW#U4#6*f(T3Nx)2Z#gZ_iJ2ZWl5TDV%(SPfOztRnh3~ z=Cje;zDUgykX41%e63Dnybed^zPu_NFGO4m3&4w(o54W%a7Jo~`PF6nG;xnzg@^pq z&diBc2h~!TW%Wkx7Im^4c}A+z)lt%{DPvIK-2J+QR9)XcH8(d`U@^qDMMX+}4}^Vh zrh?M~&X<*0y&)wJbzPVd4+-wb==15<-_1Q-e%C<5=T?kQXxH%Q5vui-yrZ2_hh9&+E|H@fI%OL_4L?zCHc}Rl-ez908xJNe8Z6VcE1Yew`XFmtG=Yt~_e2iqAXzgDpn$3&7WL3-R+IPJHr*S-~g$@oA*nO<{5hRq}u>su;2L z9FS7X*A?jM#Rngo8LyS4+<9;;kJM-Z z2s3RtLq?^|9OTJ%%mEG9nQNOZH|a095_2-+OVJrb;<8@3-MVF@3@zvmyw2|QaN5j` zjQR7698SUjq%^>p$$30b@DSJWn<0t(`7@Q`;bYHhWtfAxa{M0_ke=5s;k*hg-&8GS zr2&Ghqtoqo?lk0d@iNbJS;i963pbQ?hk;X|&7~X4J{7R8Fis_)KqXV`YG`ILsg(XF z?y2Axg;g(F8lM?Z9xWz48QB}7B%@t{yIB8JZAMDws~Rsy0RC0k*~%(>>AiyzyL@Mc zbQ#kvI^Q8qx5WW-trX$m3*7~}GIW)B24NPDbUVxBhQX>Zfco;hPHnX{tYGFk6kRXp zIlliAt_mmjqqc=SHzKFjX$VNxT`5X&W;bz#=Rn4syu&%0%ytu53EqfqE+d_}{ z2)7pSF}iTHEG|qXKA)OXfffzKW<$Hbk(8)QLla1F3snq4ChmWtItwniq{rbsNlVjp-XPiaEwp80hbD2 zS5=7WwJ!_Zt_x8lDeAzt!z`^;af9oEe=Q?$g;jhxFEiEe)cN2QDSxPW5fxBjDa9$1 zA(}$qTA~-7Ouj?mO=Bt422?H-s-~HGh+k1WfV8_)1v!HUp8LyhvlPsNPJ8VuD)m{+mn$M)q&TW=gx@3Vm@;$T#wa1$|8z<*iDakymxTNF8 zZ#g*ZJnUH5guvfw;EgTud1}B>O-wDWjgn=Lbc(D5jwp?5Gil(x)qy-g=}pMbYm;60 z2oaLUt((2xvlX~DAWhX+uRb>A(;pdR%Jedb%3lovMb4w6gwP?@@vcN65juRxt70`& zhFQ(*C4=FN(&h(3wsntH&C!orrS$KP`|Eh!0xyi)Ldc-AtfjM~CX|>yd&~>%0k}rR zORVcAEJiQ5SrO4Ud@ZZ*+yc3eMm{V8ml`WLJ<<&p8-@}f17I7`jKz1ed_HTW2%O3M zD}K>(qi?X$Q|3DEJ#Vgef$i#js&lbYMguu_NTs$?^F))Z)0g97An7_=G??C+*Pcci zoC+G&8=>E95R8FD#o@bx*Etj6wxQUM$VZ*UFDH&&D@AKlc;Z#?cm^=cQBHNActtwY z8I>|j`WZgO1(kd#@P)xzcEE(UYf6d0n@XdiMyC^KcUvfsU$18MM!c{)yLH}_EVNnc z>K37)(#subA52w)MWRH(Rkw?f>x4L6VZD&p#8X*{{e{oVwDjEuEo2cl>j8#i`f`bo zLrmrC79NGDAwN2-_RyFEG-bA5G;>rnPg8TPgDy!rS0~-OJPk2wK3_E5RH5mB0*GT} z_gIwdXTC1XP2%5O4yX7)tr;A_+bA@owcZPD9n%o?s>KOHk)m!goBryNesHNi4ilYwBz!(`>)tvc2pW29l{qW|>o@cN7zx?znBEW8-L~TV$Mg5eUh~%O)GK z4xR&~@*0hg5m76^mG`@FzuHQ;i`MPvkoA(b%M)gQITo-{lG~552KmHlw^%eIFw(^(X z%>5v}&j${gyACm>r9(T)fA{(b?&oq9g)7~Mz#Ez*J)lP*p9E%_qhT6xfm7L(7ifyA zW-`@o^kY#ub8Q#%i{jH-T-Cmgm8A~^BRH?(RgB@*y-g~LVmR?j+^?=s5mfGLM?T89 z1;lTx^kkvnx-U@#lbnh?CG)yMt{bsSAJA<8`!^dSMP0e?!jNknbJS6N+%V$PG%q3* z*8ep2R+62yzEwZyqC0P-RKS@zlUiwhRsyd~4Yyw{we@96E1t2dWh8M_jCGDzAm-_N z4;!9WUGAe$Qv3ay09?;bqEkU4r>+K@1{mw^vzGQgVL1$hjMW}bLk)fK??C?PNzaQb zM4Pi{{VNJCh8~{1Z)~ugui7s`B`OMXIXRCZ*=u<3VIye@q8cxJQZ?tCx0Btmu^iI3 zV|0;B39K9{;%X6?K8-XiFwg1h)ad6Mp}r$)EVLfUS#Ay$+4H5(D?aIfv%1f3Cj+yR z+ZM|}Eg9!HHP_h>t!?k*Wm)O>b@9ALRSO`=T<{s1nJyO7SU=1qWjk8RkXWBUS~3r8 zeoR*`Q}vWHGf)BJo}dQI38m}Mk@H-O!AJ9h7yOTwkaFz>VrTK)W3XLrBfr<8GKZ;_ zk^8rR{<8_BUGojD^GY4>s)Kt1461}?)MPFXIB62kShVSdvWrpeuDqnHG1JoVq@46t z*BBK`#bpDxL5&f2CGsicIEQt1ye2&yIT9Gj=hCm*%GB4zYxm`owu3IQ;T^#)|2Bi( zfTNY9ce+%#&ibFP1*UC^+4tHWtnRJd8r*V$#+}wcO-cFUO|t>4?5RhFHnW52l>1){ z*t(tM)(x=c!ufwLY#xT)kXDp$WOx_C551v-$D&{G0=Zp5kcT5s4wetKr63Ef6U|>=e8&P|3}5j79JvcVcSpMnr3KwQR-JVRvwZmW>U|4P{PM@8 z!c}8<#kjrcV){q-Pa3T1f+3fnje99=;znbtEOofzOG}KBTOT3`Eh)VTF|b-Yd1>6e z+FjfwX?;FNi>%5%og?-eZHb5MUpzTV1%iwq3%bU13M}0ov!N9M(A)m@QWRIC&h>|*T=|!?k(T(l#jjQ zou5g4yS}0%#?`GtjF5)Wj87X*&Fm2N^WHzEey(;lEv>s@d=^etY?CM?f(li*Y63+r z@uEAeeX_pv&*|Z%>x}0<{OzE1t;%W0y|Vbob7Gm*Z|}nslSM0PaWU-H-+k$#lG`C} zp2pis;Mg{H=l4AFXoD=-MKThWgRhk*7rv&n042d5;lbzf$PFn>fr#g+4{A$qui&m8 z7*QN;L`ne(nO%Wimvv;`SCsnYL*~Ijt>NnWuczTiCq9YCss!T9V6Qkn?rwBL)PFsb zLVJG9lKgpixNSr+Wd4XUc<+qL2Om4TgPAK>fQPAbJpBru1s$+YcA=z2$LmtW@0vWE zH_OLtR-9>;H`8@scR=ki21u%HJMsm`d6e^278JXClV!p8*SfSo+XQs@?Lc|X5_wKv z*&3)*hs@Qt?dV~K^lRSzw5?drm5cJWo}mUbs8jmkhkjJT`-W)w`4IR)`biynE*yAQf3o!?aZo1c zjYkzK%2^e zNKECCv&h^VJ>S%Tw5M`yYZkEXhUF=ZK_$K|3W&N-ZWe}?+IkREDs$g4C^q53Hv_v} z;#xo!d>z=LTnc#R3o@|CT?5(j7zq@yk-3=3#x95$0! z!6fz8t+ol#`XptcDkY-*t3;rsU}sw+3==VdBw@^GpS6lYd^Esqw0Vuv^1FL5Gqk+r zifCmX!SAZasO<#R6&=%;94g(Ntt8E$G+n@#q z;Q90COXes z&%dCdXF3$ifU$cIQD?jQu!EAq2m3k&CCDVJk%8Clm|kxWG|4n5=6khGEJt-}YC;-W zap)vox}YP(rZTGw!AV{U=QPaMjFr%h+MQ)MfKLtXZ{y_D5`lhS9xy%6Vdo-i_H;?y|O%o_`R?I2^Eu2 zd=RjKxTa*WzDWTZ(8q;=8Q0w~B(+Dycs`Ymz!~}U4Q=&Ua%|xYFn*EW$E4)JXz_^$ z(cZ^+sAW^EMGKR*NW=&FpaLCtkGDaR-h(y0Ii;O)xhf#A7u1R0>v~Hs30UlL=y^z+ zk8UxgpkBi|RI1?w$!gX}RW_hMX##i7T0cvXY zW1dvO6|)3h6uIRGC5Nm#h~j-ZMIB5rDiJ6im=(dfrsOhz3dNK$qGaktm5bH%Q& zk=n&HIQn~0yrF${3*Swp{I7L|)m@cAl`I2I((-u4!tb20k0x zJwQZ1f-)izmm~8%;5;A!v&E@`tyov4GF((0O`gqfp1_<+H`x_ql=N5feRc?z<2s_7 z!5PKX0xD3nVij8LNHq&YT4jYJ1rV9^&9Q3WqutxJzLZp|#lAbFP`3=#z3ljm^=d{S z&Szc-#+Ry^Y?tWK#W3K}vlzFFKBMDTb9$+pzbZ|;O;E75-6*n%h zmYsS38?}BA@VJGvyHJw97}}Zp&A`9lMVI>V$|MRb8;}Laj&Y0aJ;wm*f!T+@a*(yG z(X0f-QBND2nXwbxL}>w!!?%2lK?e)z0oYul1B}wq7iLcFG_+G4Q{GT`G@66Jnu%Ui zA7>7}&k~yxa=x2UIQ+Rh*mMTcE$nH4Tl5k_N>QAwTnsXblcP|N%4wf62sS^-`E>Ma ze?<}fLB3PF^L?@ojI|&S7LXVt0>}=FVWJIaj1y31pihSp2)Pz7AymF1 z-6O!^ww3nWwfzjTp?d(;VOKod00;x8>LviLRi?yo+fevdeC@S;xshR-`M1lsEy!t= z<2Jdzvi*KY%HxqHW$vDT2w)o3q(?bV6!<}DgwA^I5(vwAB2l+I@X)R1SQvO*Q0bnO z1X#2lJ}BrwmFq`UFxBeocSA`_N9Otwq$mU&Y6*}II_|F*Vh-4Z;FwG>`H5C+uG?VB zk-BA3P=5VnA*L=yBw(z4@-8DO^^A;u&iy^&E165yxk!(r! zTpnM98PIUN$T^>Ud!skAVjLsAL|2yPTpQ)%h=>T~Za|CNLg<9#M*ScK$lugcp;9k0 z#>vCM?*jP1;QY1+uKPkNh_IRe>-(ky&^{hIUV`)}=dEp_tAWTkB2Q^Rs#^SJGW6No zz$#2b6zSDwKt)9U z8aYx3;BE1iXPQDsf$Y9Nx((z<3#*ifJ-9Ap zydb7I>wKmSp|JpV;RUoc6TQr;MO2ofU66~@24&yE7H(xB-IBWpeghhv@HAwpV(DzK z;_ZS!wB@P(;g+}1^G4PM`6b%gIx-KeCe%K`&2X4rMFR;~fL6_9&RquBwkVmSpiF@U zVhGoTEq(u}kMSP(S=1ZhjkUFxZ_Eb(-OkMFL?Y(z!Th$N9JPIowDRGrQIAi0x^Hv& za#h;SL4y9j7yc>nt0ZY1tpMRMdYRxJpWf>QC@uOPfMv*|rc^j``Z6vR<}>zCEZfgZ zyN*B)f$*L_RXmPjkF&zGZWtS2`F-KPqKVk&1O7h_2|3iOyfX3o`QoGUTCWs0thzZHsGajhtd$<3s|$}T7)Xs9*+*a>eG za-4chi$PAgvP@bb>%TH_WPXWMSNyP)Fk7On!skI4Kj3J|j0HJQ8iGmhH|@Gb56L2v z`zM7_Adlr)!gCe~Z5$WZN^u@iPwttbQ!~_zluVEhY6f5={wV1t!p{SB~Q&f}$QSi56+n|)ObZ-Tp;1pxHfmY#OqA|Ep=MbI+JU4b`m zym=a90Q=;SryH|VHCzK0uRqmtat)-soHPP?`5n2W!s7g8G?TkE{fM|7aVZlBrM)NuHP6+y)-U)`q8KRK0I!vv#YMl~`^Gy*9pTjvnBkoXQJB#B zvj}G*ln}!Qse9J%v;SlaAd zZ}(KIt1FTw^l&{grFMIdAlKx3=PA_NWnPU$%hCbBc6w?X;P1A+cU>F}e7XZhTn`vQ z3)-Y+NGAR~{(P|flQg;4jR9JpQZKCQy6VD%R?hw!I@r8y01M7Bx|r30^m;tN35=TS zb}brooj%?X#{8lL1%?Q)nK1!Mk&s8>@)8;?@$&u1Z*9~JqP5B0#u_^jvRW#P^PtPZ zSXgmKskctMC!ag`k_-z@-66?S8jjXSyuFzjWP;z*T}(%Y4pOm_E8*~u78@smJf`D* z1Ie0jIn7@G_-Kvi=Ve3Bf1Q8uO!T`Zt5V@8sat~8M|N(L3EH)!^aw?j`)=+=mSbxz*K@R)*ZLYg7#>bm~!f&v#ntKaDlQe(huc)R~%nI04;6UAL z)?$`V?RwDU4k)%DL+vXg%<$8!|APMtyEkrlq0yNFj&$tJSe~C>v+_T_pi8h z|DeR}n{OUVP)@M|>sQrG*y1e^vEfBKB%`azSSNR)-eX+j`Gwz20F0GfJd|BrfG6yq z{Fn?4n0<(nD{t0d3S(LW(MeDd8Vv4d0e7oPckho2^Ovo5fdId-Nva-Z{d6q*T$$2R zuF4?HnGd1x1xB5RRR>v><+W1Aq$Pb>ZqWc;G4h?K-*=QIgWLLAi9JsMC14Vp4WsN9 zu2Z%_qU1cH#de@P1P1HC*HoGvJUkn0X6s)YQ>U;+Y0}Vp06>}yo6KVr?Svfs2GYB5(5S%dI zRY*G(P~AZ&nWzuJDl~)*TGx2WI`STXf5`Y&Z1hg$Q%`A|eN49~z}INkzLXrF1Hm(S zz}oK?xb(?r4#3cm$qHt%pEEBm1Q1ZxTW+e;S;(L)+O^YoJoT}!4B}_65*f}B=qov> z1DuX^Cdp0k<;ss?fhn;T_>TgYPCg81a&xx$8rQUuT6iL%x8&Z89I!5JKKn}#woc{w z&sT7pLrZCq;~fEQ&kt(yTB9G7G^n7--=ksvLw@|Y)Pl+Mm(S*tg59s{RWDLV>@h!q zNV+YkJE5YxmjOWQoKTiO*OA0Pu%22CX6yycfE~t+Q6t^oqtv~-JHg%bU7b@6&Kqui z^SGW?if?LHbr_wWnuDQJ*8}-BXgKvUr!n2_nAgQ?+&mfsvWIgo0}P7V3O$svU84Yf z^J=Rw3o0KjwkEnz0Ek45MKz7(AN4ObfI(ml?+&>PqSnrG80LR0j=f23K z2i&IlNvf-ID?&U`1ZLDY=V%(Bv+zvtk%}7?Rj?jsxtN`N66v2kF%{ap#zU)s8=-e9 z2DKV~MgCEuOC#&gFURX64&VAJ;i+@*3=O9{h_Sx++W_(OsBP_Kq%aqJ&H=d7jQeTh9WQcFO6bGECPb1}5=ousiQcSs!c4mkoFsjFv_63@v=*J46iYJW+0n zaaed_;cw4uS~45JxMnII;Ky>tmIui55MH~J@8doAob6;j1sy37k~+Y1&gnG$Wj8c$ zLM`s~<#mMas}Ls7qf$>RZIVkR?6rCmW0O^BFkvsy5eb0@3|yd_Aw}7AP8B$l-^^z) zOD?q{rxLjrbO70V4qP_z@zPo;O<(%HS8ItbYBsK50lwd6Nirz(dfnNjk9JL@sW2!I zth&{0iJ0)E&?R$%n4XeF4Ru6tLcKow8j?tW@*!%1R({j67p0#-X`Y6Ug^L5)(m`ah zKjkqNEdzTX zmbmtFa|k|(kDs1$1&(S?tDc$z9IbEPo>@L8{6nKoZLvM zc0f*Q$RF~84t<#WD4ZV_A@|Lg$#F1>d{&OMUO!%!e}3?AN&+h2-W=^L_o&e&zQ82r zXg<=(vr+1V9lnY^&u+M` z#c^C>GkcX@-k%XZU#cO`jA=-g`*`b=Vd^~VWTUW3#>+tgqf+>en{n5`mk9`i$fvDV zkV9ptEQX9x=@Td)-kKTf_EUZCVbq_P?*h`OY|bgZ;v^6D%Waf~HZ?KS#T9wFYY`p? zOy(-|$;;-n_7XhImWDG++i{h1#HbQ(d4cPyw-3-K9|HPh1w87z)UOIwspDlT;#p#g|Nd?8tNhznKmtn^D;U=($Q^f0xcf(IN!-%Vxd+gg>oc(>@ zt9$ke$L`ZhDw3)8#*jcG)Y8ST7%>?m4uHgNViFz;K+COF=&yz`y1duwu()jh6Z(kptCzp%iiN9Mgb<-3>o(|L5)w;i+hziN zD99hMwttU<>baav>?ibL8k zAQWW#o>N*C(uPWlr_6}(Y%r4CwICia4;R?*D$n!_0lu*Z4m4}$CuH%>+g_u>^Wh2d zRgatoV7=bb9Q%8C5gLaq7*$k|Ok|Mm(k*38dw)zhWkzE^19s6E?*eYdfP|A|LmC*Q zi&MozYZxT>lN>AFAk>~7Xi1=dZZ9h*RLKr7W`1^~ne4IOwklpn1Oa*if}#RJygg-O z;J{6+P4WGh^&Hb`Owk(wJZ)jEtQaj+numRBp_WRA(CH@7FNAirsYpBhYFBIc5jeV| zEDA44g}rqif_y&j_l1iQ?lRK9z-^>2sk zZo4glg>yigblC?AaYJn#8NNbmbkn1kpCrp1^;HhBwQZ$E}uB-`Qsz~@C4r(bUtlP_#4_9Sj2Ghb*&73FQG32b1t?s zqSTbt86q0-0!lT{x2L+XmizlWL25crmaRda7yHxp{cu~eXHc)rHH18-GwYqg)HXdn z@WTLq+n9xX*3a82fYGWvJp z{b|7*~Zr6!C|B2DcyyUZuwyha(Z~^q52g$>gB-I(SI63 z#2W=2=X{#~I=YoN#Q-8gMMTx7AEh0uXfDkD$*%tNF2++@2p`wsEt{vC`tbOTq87(t z^|$V2De^_1)@tLk0Wp@eu|GDRO^k&~e@_^|doMBgt6jFbvw zQ#oX!x5|>^wm}f$c)9Cd7pls8i3%V3!I{AL^epD2J~ZxZ=5EndJfIqsN^x#C@ezVJ zA?{UVBT7fEGVN%RV_0hJ%bxV!S13}%X2pa8`F|Ar{emCb)bXHHg3kGQhBKl`f$Eg) z)bCTP#u^H!T*j3&I)SRp`MJ+5*L+@*v-05Y*1c0ed50RnbU2D6PBg^O5>#*ioLXIt*B8i0{u- z5JT`xztSBs3T(H-;}z%f2TZh|cXPn&J0re?de+u%IQR zFU=Sv6Wsm0>A9DnrIA+F7clo5EG0trIzPP_pM@$3u{Mn?*gJD&3=S+wz=MPoT!Fzd zy_i>{?*#$|Y!x2Z4(qP)G;vi-!xvZhrk3^p0Nn{swTED-EniY`tn9FNkXfERub1RDjyw;F5}O+qB4(3-m3;KuhtC!C2)Q zbOr*%yC$euMDqJa{B9TUE+~z`@36T6+L?6YZA%ug2ekBFBk6EUfirR`^;tS%>Kl;| z6kNe?7$A8sb@P-r{Y2@xUHj#Haot~@?9)?;!OUaJvBF(rR2ri?1p~BhJ+@&DC${Gx z{ppT;h6EEVqM{hNHsc>}_{|+yMx0(}!AyL_a1jJ;X?7wp}=(s)OMoP_;NJ=<5=1!%4n$fK_v`0(MwK`}VQ zcPMwU_W5(E6h`>a%emv+oFGr7ayou!S0i*oWIM*rl8k5LRE>>`tx5syF75)GOz5RI zz4WA`hY9AQE1<;Qj(>n&?Ku~2smyit{um|8O`tI=Dj_@A7WN5kk?{S%imgtatS$aL zEmgc6#$I2)3vz$7FJLFoJgVG^p&=Ol5WbftCSlv79>35bqIhD8(%c`UzIV$Fmq&tDI z)#EaK=foz5gsT#=D(I%YuZl3%orvtSget|ghz*BRKE<4kU{XJd z3;c~j&RtUeEC>0~?c2pSs^7kUc_RsaylZ$O_@l7!{*BxLg0}iYxx-@)mCO|(mU*4? zP7Dj?a~;WR5ht@9kn3d&2tnF#6lVGJHl$QS&pqO*xRz#?ngG_$UC&|s=ED4}M83;> zppbMQm&%rlI#>=`4dRhaE3;1+0^8A__nHrjYjgR)*PO(YN}+BmM5(f#zSVx}BdR{q zNPHvNeRriGdpM5<^>b%QZQaeW@9TK)P7%k++e06-`#DrL6FtXbb=iWb*Y;gctBgRG zhy%Cm8m5uQ4OX?gI!trD0T)X^0|0GkbjECeh#OB#QBu$WR!rx`+)QEXj1QZ)h{HJJ ziImzWScKW@2trUvw2^|t)emuFrbHxjtZppvGUO#mx)HB*i49sp_~Mm43v?NF6~2Sx z*YgWZNL4T|b60f;4XSeycsJ^$ygh$LD}~Tq3lYrzG?;U!hJCMO%QrehpL8><7kzsh zerhLB^ger~3yi`0sqm+|ks~p|Dz}~e|ucq780IqQm7jyQaViInl3;C!tH!vTi|U- z&JuWA>Q|d?lG49%3SVjy?tq0VSWegSYULtyndG6tHFA34Qt&)nyq=)ShHru>C@$oj z%Hf}%4Sy0`Sd)&v53{pS!WPBm4PFSN>bA;b6L#3Lps{|$JI4xUqbSA_5Attk# zr&hsS6fy#D=!-@$BB3>FDgTEJTT?-IY6T1M({}u}LI0;u!N0>^IYIv~Z2143s~zVl z4^5SG2ccVLH{5eKeNKAae)!6*uIOd_{a^5G5au`PN$Q-(vXVUD#aQhjVF6V0+c#@? z&-;?1aY`Gd@}N67dDb+$5JLC1V9Tmo()=Id`Z}qFZA`3&>si@y2U5;-f4$>8c?(>} zLUBsX<{@)UprxCJmcpIwVfOkDllhu2JQe`f6rB+3dc&`C!0UL66z92{^FWsEaLZ8U z7KommQBum*c@QJjgj=~p9)GJ8ZCS%Vk=sC^eu%@qoHhOR_10Mpvhfe#;kUmwb9&sD zRR;vI&@S$o=R8~F2L!q{gZr~j@3s1b=LA&?flmd5I;jduo&nqjMV8fKbPXDo(iLH1 zVr&ZwQ#!yH!`_wI=FZ&q6?)r+hqGcyOtRp9`Qie1NEK#dQ0hLo2{tRF6h-XHSX`KG z2f(dzUw5F`7odisXhr-i7x#9z(=FPK3_!Dc(-F4~Yg`p1R)_EjJN%D)DIk2@%~k#y zkX~)TLnYtrQcU|MN;WL!i~_J!)<1HErf+k^nMzB~-=gb%-OU*omfD#m=x7lJ#%ZSH zphwt7D14gjA@Br#ipJg6X^5x)uP#a|Vk_^bc)mc7mzM$dN5%k6^^vj~U6&9b^Hw*v zug4%1`eXBlD-fvf=LlGw?!|-Z{G$E4-`_;p4kJe5wre|OZ$k`Z`cMS+ksu;IKuGbn zGP=2apwdfs+>P|s5;Ji*u!vg?qdvQBqF-=FfI#?7qGtYktyf!gU}bM_;d>w6o7aUe zHBQJAT9~Wg9zpb|Jw3{qh>C(C%*kS;8G#(lOR&8b6zP zCa>S>GT#<{bt{vbVI{W*bG>0yC^h2IRkMbEx*}?07HCHqoTb#b zaN((Z)UE~K!3om=+OA|k1{6_FHghYgnHMUC2=bHdt3l)<*(Yh^FdG-Az%RBsW~8z2 z>iwCQ$%+Z5FPv#8J@?e#8q1wucKvuLdp6-qJ=k(MT)x(Z6)E))_Xc5Y-H1?Er!uwP-A747&}Hhq&Iq(z7xK#r9Y&4ZZ3}Y)Kn8gD${ni6 zV18GZIbgf+L448Ap4g!n`2yzRNLlJf++{v-WEVyQ?4|ps2#8;W-xOW=4SLKqB4rBiOWRPu>Q# zT6XB{;YFd|!Rskf7^mVJ^Tvko`gBd>^QB!aRHN@Mrqs)ZPke_z{?(dN%Z5KA^rp)A z;GF(Z`y=RM-R7=h+;piqxwr_58`SA7HmWQ@av?2Vx=-6i3~}eSTZSzCThIbzv7b|F)#N8 zJ0KP0ue5*5pRaNanksh6gKbxPY7Yb7!ZlX!8PTg|Td z^V&_%4M$!9ULNupl+`UZ{qf@6W!Cj73~bqRqixT|OYZheh<*J%?)lr(g$7iQ_Beid z!D;j^TA+X68O^XC=$XHZhB)4HS5*pz@#FD_zg?xs2~AU-V~+b^B44XY4LW8$JSw$^ zp4(w8&~otdYNHj<4`%P&>)LE?K6*HcCzlH0nl_5`*qeL8T=1u_YCxB@9C8?odj)L0aiXLPF}D3uWux`-XFVW1J7~ z_>X-)?1S*cy4RX(uDRyC=5=*CY4yiy6r3V+EQ`_cR!N@CwpNc%s$>}WTn@52qrf0P zTMlgh$kCxRqRB{GhE?^2iBi$SWcKsZjDkwa>hYW;aE8+C6qu?yH4Nr4xqR@C@^QBF zz8ZDIY`#FXI_&$h2JlRj75qby54`LOQ*tPPZX>4C6{xI$k%yyo?AeZe;UaLwQH=EC z#4uHT1PdyRux=YZmFG_87uiFP{%@sS^XH}iAD7AS{kV#q5~#m>yb3n+=`9q*SvE6F zpHMwbPR&BbuK(;2M|x-yrYRw!)IBgZzkJX+a^Z9A*8#jUaQR-%bb*2QM>v8 znHY-QYCtMVS(l3BBUo9ip_9DeZP<&;=02^4Ls4BTL^{_O#&0wagcUU?nW{K1BAN-4 ztR64Qr)h}Bp60b^kt}o!7)8bvo*63J=|-wzcOxRmpxnB6LzkMW1CIkR)D|ITl2;kM zCj`fzoEm_>^deGH0J$o~e+=##2n!(5dtt3>H>`C;NuN&ih{e@Qz%~lJ%(oeMRdtJs zfza0e<$Miy#x2Bu8rQ36l%&fydQ3Rj1Cl0uX&XYZnj+yS1fexx8J61@{%F*Ff33$w zK^`gIfj80TjMuC?ph+j8uY$EDnixqQihia->}{??cr&S9mfit4ND$GARi)7Fmn|I! zeKME64|VxP#JH+v*%WL(XuLZjI$05s*0{thHQvrLRcFKZTsG|s&>C{P%`bK8%l%n! z-zw&o3u7&&%!TiiD}`p1TNe|8fO}n#JSJz!W_)~S(452}vohA|D5aDKyb{UNzB8jj zk`Bw=9;}+(ALVsCWk|jh@9rAS7$Jc?&l6jiRB%asn)n`3aj7E>N?muM6GfaUi{qRN zc~X_K=pyvCmHDy*UoZYH{@oo5h1{AWNsX@iW#u*EsQJ3Z)zG=qWO@*sFAACPMdG0s z=^r5pYG6ASegS9G&!m6@65(Ph{c4O?{dgbl;r{-zTy5%b?|>cLZRWKP48H<3HPELV z+6Ux#R)_d4jmHxjAh9yknKKqAirN69vwQt0&jSTJk=5)}m=^F5IW6-KhIb}F)!^I= zoD$HiX5=@I*evfpMSgoYZhmw;4hWr3L3rX6r1z)@Aimr#zCnn3`3CSo76k=5q!aGf zoheY(gUpdpkoDNc7XXbm&S|q0`8>(ju{f$(sb~41Z1ibb1DsS$dwsyKhIsUPyYWL; zqL$l(-sXXXAVvl=(@LRbJ7F%c4vodx^pGZ_iZb=4<6-`nX}>~W$91q*=r*E$wWL^L|FyrecY)X40x z;1R@OVPgCivS6fcr#c@46%f8=$KtdR`Q+04n43rTT=~ohi!Zm(#MitVKv`4(xMwoN zdh)`y-5PO?Yra6OjZ*wzh3IZ@&@}!+?I$wDvag-M0kO~DB)RDfuDC%kAvM8WFeY6-A1s4{d!w**(ZiK6V=}u+Bznw9hZgdF9Fr7FB zC!N_lq0(Y)H}+w>lay1`01FTBe11YP0cv+@9WN>Z`gPJAh|y<(vrC>}357MMzy`EH z!^3HWg~w{Nm6G@r@N0E8DVby?(QTLoDu{ei!R0x$A3KfImTiE<<;Y`iRXf%Sftl7@ z&|=pWdSp43@Fdq5OH;ER$(FA`4PSKou(dW~ZrKSp33-qhaul@xp05T(3#mXM(TU>N zI1sQvoFh&}kX4?Zt+4LfPr);JB&u8>xuFvnCY^1e<#e{Q-L|M-lIuxd;O%TeHC-0= z8Gl@Hrb*_PhpC8oTzCM6cL=5YTTC(-VTGfB< za>BY8_}gMbvWb<~vb#}sWJH)zYw8VFI9Y6(-Lw9FQTfdS)V&qf+eDLdd%R#AZdD+h zGTVt{)JP+g2CmOGRXQXS(k9ce_~I`DS+esHRcoEh>1LyXRFHRb-j_4(k_rTsoee;- z0yM7b}W;v%J+0B zVj>ecAq~QWNytDCTEvTC7_SSWY3M%@ym^M1Md6-Ef;Pr$e$F2*eNTU6u6EK!Gc}NP zG1m5h9VTb&$8`4j;`|IV?`fuil2I3L)teVuZ`Deo9Vuc`Dy(7o5uTe{tH0{yIMC9^ z_Aksj$SDQBb@o;{4AFf~QAA8Od0Gtk`IkNkqHc$s0&YUnEdnW1_WLx}$aiP4>z2_v zPoUV#Df$I8D9oNQ(@~!SKnnw&JFt#e)-KjZM~rXXO$&(icz$sztYVKe60aI;B2N>; z3)tf`4BI*~`}<%VX!;Z&Q4x_P&W33dnMcLb+icc?UVu>rza|*uWNDJknfkc%S(E2P zWJ0CM5DVuw<;}-;f$q<23S)|L`0HM%x$o8j#wb_d`ub!tKVoEfkwpBCa4DSfj0e-O za@@EIxVjB5kjuZnye(4=$c9{iYfi1*Dj)TAA9k4i0u(;%D;Jj~&pNFkaLJG;5BC^LZd)>pq(NlM#{e`8TBa$Ma_!QnHgi1#OpL>N$3u@Ap*O zUw4*p7{HyEjx5drd-=Fq)Y7O`juY_09Y1G3n-?JK?HV|n+U4rh0WGV>Y4x&k#f1lp z;2wJzUFw_<@US7;nf}HYHBshbJ7|(qfYm6;eTW(G5W{L*KCq+a8D7*@iKXrnLUgKP zOrro!_jmO6f?th-dIS;>$OkF21Kh3G&mvK0Bx%;UsRL>`PRkCEYH>1vmM)!==bh~Z zDxf)G+6la8O2d^9XH5|Ju5*k93&27whs}hX-TCCOfK9%hWh<*C97NNx4Xp_XHvtU% z^nrGrPj2=4>S=~}$~q$0$wr_I1T&9GTa*W>Rz}D}B^!5R!pnIP>*u7A`X+I@D!<(B zjga1u18J3c*H-u!BD{rL+YN|7$yq_{A#|Jz+H7u3Rf~2#h4H|a&z$AQ_ee_ywlga_ zE8=4;X?5#%eD@=o8mYV7sAZBD&AG>RbsMZbtO$CmO($u%EvRv>AgkeB0%3nXGzR2I ztFsA63C?v>a#%x$DltEvhswZn`Sm(Be=zJADZ|&8UxTlYRyh)ZQA-m3d>hgg0r&m( z^+U}KHtZqL)RI>QgGCpp6}-(H-mM$nx!UCv)Y~y?FRM2SeJH7GAFSdBzz>cW;8~IP zD4X&AX~($D2)cELvay9kX`j!E*MWvkP#sevG6ZY`zWdH|wiVVWvMNQGr3SGyEc_F$0(Fr{*qfzX2tCFDmC)z`SS z5%6knYyjmD2s(u*fL_o7^$S&}n0BBBEn|rJ$4lsAh*Nab5!W!= zdc36Q`?J3tf`1=%07TSHTl+%+RU}M`8shOpVhJ#9=x0q*MG_4af9I*A(dmQlW>mh{ z0GwpkbCnaoo3VTfr1QEUeTO(Qvu1AqvClQnonGQyG%RTxilbPZQ$Le}{iwuOQOC`V zOc^=z$>DO~()q_i3lG6%O3AdRf{C)~60VrDL7ob_90O-d2Qn~T(rH@Y4 z?6$YwDq;ByUz2Q|hnImWVC2b|_mEns(t!`oFg9SoYJ0`$g4=LCTfWu&s(QR!j4G0{ z29C3Xnh*df<wM=mWT^OlqF@@3iUxp+^dCxpPYNNk*#Ljr zA>D1$q6rp&OabM7oZ7y}fRxIufe>$$C|a@Sok9y=p`o(<%uF^ArQU!8w+J*|_M?~$ z5q>)xMW=-lis*_KLqmGxz>vE*6J20=kfa|69a_MG3eb3m7-uEd|qW z@kg*s;Kz~ivs2rqc?YbHA}S*&(qY01t9;=R0^XXAa&1kdVVQHlA4_Ufz0u{u&9#Y! z)M^Y`Lc2ia?E2Jb8=sWW;?${$k5p8AQnJx>S3>iF;*Fv&(AK0@50ptDfb}}{4PvRo zk3i@`^EQZ4guecKY@H!WAxkDOzk&*<+o39IiKCRq@EYLEp;DZDzWZS`%~uBi4MkZr z>3F-qF!>(tI7kA)nKSCz0@U7>W^+7`kW1w2F-jxNbeYXu{4g!)C}~B?=&XYkki@m94f#<=g z%rB00`u_ZuaBJ9Ye#|d-puk2FhJ8(Q60`e?0%%8?-hU3I7Y$ZQG3gQMJL@mNcobD8d*drp}2$GK$HgtI)*>oZ53;&2?Z#8}aH% z^bh;I5U{n()$#!2}&R&4I)wbKG5Q_hfyApd;+}!-E9wS3^R5}J+!#BmI&FyjzX^sFv zx8?RsxV#q}fFngWqv$(?Du>~@4Q5Vl{>NteZJ$-`CtzdoRRj4Qqd_*`(|*IJnjmr5 z4;L{x`A|;uLgB4=aJe>t#C97LegTn2s@9~!wj8ad>#O6KGc#F==^Aj+D0bQZPJM^U z<pv#kfLbo0E_#v|e#bEYVwlnf9rmAHD+{`510?W2) zdQr8R1d4kKeVzRnU?J7|3wef+lUbg&AZXY{ilwS~7aY0@K%0?KY$bZyX<&Z~C=f45jyBel-Vy`y@nkw7HUD@T1wVXJuW zjHk4Yg)a9=+)V;RfP{e5Jol1VN&s-C1;Q$WPtzpM1ZUxSR%y?SwmIF=?xBa;q=Lg% z@npHCNvys6Qwx54@EnZEM9hE+>qS59Y6ZJW|Gu~+s65X-U0gP9!$XslTtvr#B!!v< zq>MJByq9KFQiEZ6)abFQ0le}I30XY%@_X(d+yhi8w_{nXIxDP_>!$w#NTmo4=MUL4 z?!4m373C@_XVoXVi^m@cExbHSl7MQrU%%w>X)}53rWFsiz8=5Vo!E;(yzvy)1N~o~ zn&Nm>rpKFTcZ&NaewNz-w$6=a{uXEnwForK?}!EFfO;85>;WP_v4~6|sYBLHA+Y{n{J96iYGP8BikjVbM6l5Aw&1?Tvv48z9z{ z2l3Dr_WOEU&BO0p*M4-+zbCx;1PIcWQ*!XYb*__M2zX(h;cq6Q&1PfZ(f+vmbTQWf+xveH5`LP| z&;I)xgHrHiqhf~ZU9n*t&?`IN4Oy?X+LnH>1JvF5M)`S@T-MbZ!F6ZqC^Tu$6!+MW z{|9ye7+vo6=ydwGJFu=HzcvK01B`iyYjFGrb^!bar#qy|-!5O6Uo{Kt<%ICF{e<_B z0mm9PwR)j>%eRp^buju3*P2VZ^7+6Hka>~mLG@aA-k(j{JLH-1RIk^sk0eHprDxl% zAm!+=>NTeLCp!Rn*eF5f=XV+I&6pRXU$zCb6oP5Q=hkAo`3>iM>%9!KXX36kW@Xi| z=s(-vOba}R<*(7`f6!7Gyhz{o^=`z!hW8f>{MYbSuQFgv{~F$Jld&3FuX^);J>DXpV)c$tZ|G#zACaQb}J$1cqxyd2OEi+{=g2q#7RUg#h?7F?z zEF$(Fg3!6*2Di};)VL)4jN#d;Q^EE(G9)NluleErR#wyYOcFhE0h`2JZ6`64-{$o% z@2p2Hgn?1dj8F%C;dcGGU$F*O$U=MJGg5(-cyVgnUUaA>#nc%1x2VhY53Chu1T(^R zzXrN(XW;?3{_wrFj&2(o7~?i=?_vaL28b4^t?5JRMkP~$Hfp8k=J&xl?ZSNbqa1@zYMMWX7)mlcV`<6u6 z&si!okerEnF^{#hXl{z&BQ2d16buoO#%3qo;@{qn;jhBug(sOjAR$85@^y_@s?$N5 z(|d2(hzk|W>8YgTD{EQGkL661J(?kr4RGp$5k#>9TO~WmEgh?zxnd6Ch@jsSw?i!h z7C%XekA9sx1bRTuO_>*?L!;x?SWw{>7;TG5UokH!1iTg7jcwO>te>{0{{Y=0yUMvc zoB>f^m}pSz7=x&~0ml6bRqoVt?{pe{{rsL4GLu+h#zc{$&ijJ;W>7FsOiK~2c%^BN7aFvfnw{^@#yOMC}pvK!Q^ z8GP4wk0ZN3#&)B;9h6WFifET-^kY=BP}**=nCQ<3 ztkPX!sf4no7ND4}9qw8@e2B|f9udStrud5I_>MK%Iu{`O`o=?8eJebT>v}r4U~A-O z)!{5bvf45h3D7bl6$w>bnSi{{zYOFrz9hIBHqgOEf=|mx<(2{yw({!@bvY~B=WSS^ zBQ$PAyz^HvN$b&sbgpBdfUT^>;d^UM*8idRw)w?kQ*5>41P7+T9uhCTwgba49j)R&L`U1SX`ANO zD3V)%y48Z|i^|Rs;6~-|IDq)2=n+=#?I*_dez|bEM2Ze~0c)N0K}1iR{$*>!Em$KL zIWxX>EKc5Lg;c_LDQSwz`mS&vA?i;W2Uxnr$8JEEC_5h(NI%=lwiU;=iS2mP0(}w5 z3x+G7d<8V5kubsYQtB^9EIx%CJtQ$-95uDW|PnLvPw~B z``F2#@-;QkmT`dco<}J|g2WWG=@Uxo-iqHFYCLublW+L;jk>{r?UsWgBlgK3^Couy+;5*t!Naj(3KHyhbB`~?2A(FKr#~{f;;AiEH zYF*VD6ZrHotq)}N>CmT2C+DIzqJ+M(Cr~wgg=hkxRgjXy7orj$2Bnr;SYMrpgeanJ z21eMz5Yn0BcB~N%p?OWbbQIqMDW39}^%4V#wt#KnL@9GeVKx6s{W4whYD(fNLUg zSzZa*bn)rYdU5sm=m--t`2FLLpwZdgSN?;OAsyAHGv4OC$$fJLD@iLXhY%&(WMUsO zAti3=Qq4sQpF zW~(dzKO=%bb$Fp2%b&GXpa3UnJVwq90%q^F?4Oc zVskT0MWhR_0%A!kf%*Z1QXQtDTt&Jn9ngmV zTl}{=N<)bCWzW|8z`y&y!{@8yoRh^^tUJQ@!Ak#&XyM<-{{Q!CU!`KPp6l@zbx1OI zq2S}1h@e*;m_T9u)IhBk^k_TlcqxR^GbIcf`LSx9TUZ>s?Y3z3i?QPZzD zXFDPc137e)R_L%tZvqcn1URhDA!tS+qTn@uTNv@pAEDg~$BT~SeB=U&ipvCsP+6}0 z1l=wfWn4vWN7U-{p#vr)(g5yNaX>nTxQaSKE?fp+gBj0nbntyd&3e$KY_GYzIAc09 zJ7;T$T2W0MCjBklWMc5)7Gk6`f|1SQ^gdd-soCs7c~YXs0hn2z|fueMpLP1K=BwgFl#}V&DhD(Yd0uX zx}0t=%@rK>>Me=wzUVOFff|w=pK32JEq1~4y8+~v1!-ItAnjC2;U-!+peaBq?jN5~ z`6mb9>g-4t;qWXHAypwp`pn)(LFV_GX8<)#c)E>%iwjsscG>UzXn%$@XL==8q2a^N*d9W z&?s(>oQMc98vYdbOfA4(=S2E2<(%5`H#L!>+}=h|=ko4MAbO>v9w{50yqShQb=q`! z+Vlpx-Q#)Utv)SN7iRC`%h~WfWE9i`cAR8U(A$)RM0Nh|Vl6;FMGE7{!}`nm6GBT}La2iofx;P*Z8a^Gp^Q)31+9W^a6{Su zNCRL4B6{yp<27`z?LqW@)d~p!Q7EX)naLU}040fo2rQ-j>3V1WlND$In8-n(F)-kj zMo1OM8-e!IO{m0O{hm2PSvGq3gKyVu*idxoe53I0aof zC`60+ur@+N6(9?eX89YFfUr`eVd3FHlgDa{gL3GqQ2_rq(8P12$5W0e)St&p7a_$( zHn7YzFO)F(Bi+4WXtXFe1metct zQ#Kj^Kod1(n}LvV*ulIAN58x@wyYW{5M!6)f2;rrUd3l*IK4Qjd@?DQ`3Wx-rz`qj0TM!>E zfpE^^h-ndu857-5>+jOnM?(1k_*Rk+Dd@!W81S9HP?S(9m~ktcx(l%JoQPlnVdNM3 zMTHyzKpah|>F_N=jd8G}m91~NHfRZ9V;H7yc0Us(Nvfb9Spknjzn8MPp=4j=4C=F{ zkBmJ7H#FYtaTn9XA?E1B$_|&|=IRK zR!E{`T+LBA2K*tYL+=36AHShGIo!iD2Yy@4E@-GMR$p~4fnU_qZ>6tntOT074T>r&tZt*+qOTmncQ& zx+!%2k3V3xI|k8yOm;eh8|$omDqEWe{rhTDOUXOBWKxK_EquW7>Sk6QLerN(AHn;W+pUex0xb=UV|Lr5TD`F zP+QzMbk3y_rt0{x-814Fjy=0aqU@{YLoxPKKDT>6A^KQJ?zTk2@OJ0|iEB2DC_pzJ z@X=a(h8M=bekobz5W|EIbS_jf=wq7BFHJ)i5~0lmx-nNzw) z*@ooPCYB_*n%>-+UgVYNZK_~zx1(Sr(|gR^p#eCz3_`Q%k(Lxf%3j}+uexwnAsNZ> zxysww;TNKZpeus$ZuDHjf|;+57ad;soNWTMq3u6R#v)Nm^s0C4vSoJJbtBtoIOk$M z-465+g6?vW)M?;|W-?SrQ#7kkdMD{BvsI#3ux9!7kwtyGA*BvOzdrwt1>HTH%O?Xg z+K6%v15Q)qBS+qAvghT(It|>F(t!i~%huBq61~=9rTi_{fengAQIu6J;m~~ZTDCnK zD-uR(OV{d44f#;k89z>Py`zyGj{0F}y zoH_9kUjPv2RB@+Cf%Tq=XRrqKQ!4d^s1HuWwDy7WY5cXJ^@)A^>OR>`J7HFI&2$xi-u2Lmo&S}l`op^kk9E-B17cHn0t%q`3!VtvdoL=^L)uvBkq4X zc{pl^gzf>hdv{RV$hf}c#bE;s6)q*y7?=59ZSEm*p>&Rs`BP!3w2?FGW;Gx z)}T+?$=5L_Rqe|fLnNg8cmi527_uv)J)0iffWxq0#yXo_!tZ72KB-e0FLS#$kt$c! zy=65L1Szo4ugbhS2e`(Hk6r^0qLC44uS(`nZlg!bo}t&9&Q|t`ybEx}z8^=Qk!hE& zl&0o*a<_ER~lY($Z(AEkR>W@a1=0 zi#!OHeASQhV{>=l+TQyFBUnF81=2^K$M2gK0Ob6xbdiwxuLeDX;^ww5f#L+?~`cO^;<#^e|4@B$O7i zolj_k46ZVry+AK!U;=;^Jq8m$p4<|JHewUv~v6VMjd+Baf z%goX{Y7alhi)-|hM0=9mjUYJA{?R9ZjD5Fn8%c+)&R1vyeV)dZc?jaiWP8=mdZ=;rkh_zO1IV z<8YWd^#wscw2JNljtolK!58n-iP~kNVd~w#WD=dw4d-O6Vav1egv^ArS%)WmhA<$y zQ~HyAzEylyF>(fNN6wFnoH2Tvg%j@SNAom#A8VPh6fRRY2=pCJmWPzXfuy}3%ae3y zzb@i=C^QZeD5jwnLwSP`PZAzEH~xw9m)wS%ecH}XmRvV%_yXPcbi7Kv^))pk7_{{!SPL3U6M2Gvvy1q549YLAqJ>g{u-p6XE)Xd5`N#l)yPo~3d znAfjOK4&U~d4CtD(6Y{w%4Kn_tr88FlOhoj;&1DXOhLE{^{AMPjAVk|-38ILz;)=Q zxd>vptmUpkl3>;ioV*7?>N8){O>Fa)UC{58+U+i`2^|e08;k&#=#<6H_eH0l@t!tW zYU$`bPkQ{@WOvGP6)IZzQ)k-WpWIlHDRj@9>~MrK8Gos?+QVKph9>Brd)1<8c}n>* zwA@-Y#a+K4_pq7mKNV3NWLxa8?OB?9q3c~M7R!G2 z1N42kC03dQTPK-UB-rY~-oLTZgicfydUok>x8D(i(+%6V#?6tNKx6Q$QVrxMMc)KRrF-27Nsisy$xCYqg&mP(eh6n?b$x-=BRj-Dl33db z{n01y>LL%nhqjalsAVc3=FX?2pkY5SGa0nZf0LQVYLXuRMp_Wj7F~7b3{9>vBA*$s zyNoypYl)32)IYR9n{)>a8F&H53H5}xn~x;(3vN2cCG z`3J&gj=yd7-#0%eb=4ji22LmVZO9N@YMh89EgL+Kr4tpa-1_nW6tR^U5}k($d^Z*k z$0IN1T`;`Yr;W&Vs{c}JkjjyZKuYro$l07+?HM-}vjzJeivy1&gy_~nd6pq~CvKaJ z@A~{MB0BvOc+N?-<32A7N<5F{5&1F#6$$m!T)WhhIf>C@dHSArj5ZUo2RAH~>{b~y zf;&5ssUy)yP@aJX$g2crCriF{%ZYBGxxGB!L26VI+XpHDmm_uH&ho(2AxrI1app|n zK~sjnHpn+PjyjPsMBNwbU}o{HG=UxaOofh}wizAXx>i-dB9qep&_}LW_W)<#^73$- z^>Y;&U+yIe_p3Tb@0Z=taIa=5eiM9DY~Hbk%k?Os<9WX1OT-4J?O)1VH)eTNc9Qb$ zwrzKl;}2cO+qm)c`Fk75_U>ajzWe-9?RT?EmD5&}vNZ25TU12ZRxG|q8om6k!g{(r zsPF1h+E7Lyp<3Zo-mS6d)J{hkM*aKj&?%B{UUy0K8xKp9e@>jwALK7TjoJ0_S(EF} z0MAyXl((vl!FM1_bH@)9$m)YW_`x{tOSjl}s7K@yf5OYiE^QXZYHk2(^;CAV6?cvC{p!_Xm?$!M3PY4yRrK z?=E>andl!!#GiH}970gCQ-bS*nZV0Gsu%_Ftwlbuo_PjMMB+zgbGOvM*7QH;b~pfN zKc1a+*RX)S6|+sE-J(%tAYjZ+FYx4nFUda2q{rU-96Inmx=&!tT3~ZAB@5ZHqU(;k zRR}n>zNY>Y@Hi63-Uk=Ir%w*O9;(t6E9!o*<~H z9oxc16??0MF06aN`4TtH#fR2Y_Rx_wv_qnBanDWX8Jc#NY~^w8-5bkcvlvDdLA59F zY{HT6RgZ4wCWNhYyxR;*GQ@-8sKazGcMgvLP|O&>5z7=TZ=}@ZF?%v_%6Ha!zYL?IGXpbx3=qJ)wB|=mz3Ueg9e=h8= zA8^S~NicTe;?q_GCo=!4mkh&Xe)<($`u68!K9QH@e&s&Q<{LaB&yp&9Q&pu?fE*75{v)$${;&W|oqQ}}#o1jOt zL`zOiF7WArp=*#CNvlZ5^MK2Eg+>OUd7&AQ(p=m5DZp-`n1=!7DR>_ZQ}Q3!w?z4d z6qiV7Q%GFq6H8h<4Qk%c5YxvYJ0s;i((@lkv!CWYY>V+3wfeC2L?o};3!XD~_mnvs z0r$cAqC;j9I}Nz_SjdJ%SvY8pFsY<-_#Xm7AD&^&!&z@^O@?@1hXD46>o)E;!I^r0#g<|;Q95gv`E|9HsO z>8&%I2F365+B5qEzR`T}9@-|swM6kGCt`NqNO^qeTsR;!eCH@!w+2)vBvkOyUjxSt zi{ItTvb8c5IP(3LRlAIVexUW?L|rd5Q#U8pVD+}tfhcEu!-z%d5>z{;MJp55IXEo# z)6%n8L)IybFzB242qa7ffI6&yAUSkdkmfi_Yw{SAp3VnW*(j@Bd+Hnwoc9Pi4_NLo z8G_1gh&=lleGqR@i4jM<4m>PekV9UOAYh`BAlWxZE=O>>$mO8-%%{{o2&>MsS~H(< zy-{JIvgd_!tPa5$s{6_1TrH84*&s>K`_`RR#w<7nlw!1t2rDhj&AUhP=kjPn*#sN+ z?>m&oe#UVz>(#CycGq0(1(!cQvwqK3e}DJeG{3PHTQ6wVm~Du!&I_C-9n-mwNAt8RQ`e6I> zJwBOVKWx8ZXOrH(IBFF(n@UKOmV{i`nJ>VZ;OP+1Z0~q;mq3gp6=?Bl zA$wnQ*mn5RgxE5J5LiF4M$+O;M-JVP%#CNDpc4kVDj`5g$Fc(ia~(zX=LEJ(B-=R| zKmFyx{ye{M&)q@#<4&#(c(V2NY#U&`rexuc6D$B#$(DpMDal`mtJO~qHiQFGX2@re zOA?;XppImn-tTbW6VQI(rxO8>NsAIT!V)1^#z2ccibL^11mf=fwzFC2&%yuWhaZ~C z;qQ=YLIdy<8804g!X%!j+bUtRoiGv>p(bKIbeuYH#em!|d{Hx0F5?B}N0Btb>P=wv zhZS!8B-bX>T9`%ubJvcoa~^Di08}Oz8l7#QDEI)p2AY6{JYc`3y7BVf4tOW6tBHju>i2t|1SH# zJABn${BR(+e|Px5&ity^eki=#e|a4)-E=A6bI9F zX3#+`yb(_AO-D~+g%-jC@VAhCO2O~Y$v*PJe!Y{Oj^!z?*oT2^AB_q+wyF??Pp`ic zR__jO2TWY+b@q#iPvGhNIht89DrBqn#&tee0aq*{HUVM1VAHwQ4g+DQ_337*7@5C!7lqfVW zCOm7IbMDZsONy*xK|)6N=_CV;$Gr=t0j%i>Qy$ekz=9E57$RZPmIhw=+c1Ii^!?WB z1c$uaIH*|C`UeGUMN*>QdSuyDNup1TeGjH`P@)%W(g-#KO~K6#Rg4NNT_01$OzSMW zAH6gX$kT`y-Y;%fe%*du)YQam7y49UbPd_?YA?q437@05n>TLLJA_54uV_MCcfT#g z@2e#2i>I@N#=G6tL2=r9yAA){0e6ADX*jg*P(dLnc?&`W|9mesgv4G15yszOf+9N3 zp7{L};jO>FfmStmI9FT3+nLToKqXXs`gr#Y{F(NDchTBHL#mRc*KQ{9)Y<6cefyfv z!B(5H#IVbw|3|xm+0shaCZNnv8&B}zZ%U_w+sjP+P@pJ8N=Y^L}BIqGt4qRb`)1E`+{k1M4VZ2emKjDT*$#LeR!g@_R+;t8cA9R|28mwBJlj9%t4um#RaIl zT|l@S8_oB36N_p5-`LMIoq#HZ)LfuWsaHtHLNB+$^a~z?{KtC+06O5%4CRg*kVSMf z3KfIFf7$?BZb$A-`oAvekJZKpc`+XKDH0P4c#-Vb)5Ucle?<3lg$dBS-KXg?Od4?C zV+>*jIX+TLpNeXBaJT#1b9GVg2H1r6VJH)sFUH&sz;`RkUL1)~w49k57yzWA)cjbA znjbJ{+T7|bn*w+ZhhzXR=QS>a%intoNW(l;R16@=E>6YWermCkH0NV2{c_jh*pbJ{ zN*-X47u0LSv09>p_k-h#sG_z#v>P5`qejY_N~~}~IBh5TL;YrTy{)dNtUuFSk&>z8 zT#btHCi+5l2hWge6OPi#&E-Pfs+%w$GtUd9_xeq#g#~zR-a%g1Y5HVj z&rxYn7$dJ`y)VXAu0!}s2LX#$cj1Ay-@Uq~$S))VWbw*(N)&1r`>>G7(Mx(e8@K_8 z(kOkh^0pKZv59vTxs>jsS+1m4^QDpUd!F23k|AU7cENo+DWf7I3)wzuZZgi32u0eF zqFLZLl~#FM5IFQz2h?^6a9CJagn;};Uq?Y*$#&*++H1Tv=DfW=T87^Qc_0H{kJ`?p zVumqf`h@uqT+VDJV37xWO4eHKSS$I929g8ex!Mtu-o_s#=1b&io{1jzJ&ZDzD1Vod zGjh%7WfVP2(_(0dxOZp-=<)y>#(v-)~FmkWaw3+rpfeX1?1fSAK`Fu`- z12p#zoMt--Gcfn+C&ZGsgTTyo9$u7uF(v@x8CE@C@XX2#n-}}AHHp*c1pSRtC|7)0RJ6!2xN^Ub^V4q5Mpb_xgY-^33g>o`z4lc)1*o?Mrjn)-xZql!1GmYRR1SAB-q+xbP< zq9J4XCM?LoCh2Rp7UZ%FYD0UrdLgi#!ibDFOw14vpibTVANb#Lq93-~WLQgmknwvp zXXBf4?iL0l)KrPGTN+_npFCrQKD;sOi_Mx&jIy>My2CS&Iazrz zY^h^8!%(rOv%smg54h{i^Y@6pX|rrgD(KkTLM0sR3g@@Q@H=)4rxqRrp~Irh;2)dd z6eJ;dyIyH2iolNoWJJd{K|#z>?*4JD&aT#?!{S!$)_T0X{jVF-$}Kk0FfTQv)I8op zRkIPw9EO$om4Nm1$o^Wu97>wiFEY@xh2l9S1Av#8*xGLN1q|f7*&TNw=X|%HXZXnm zoFD9)hRpY_7?E)>4Lk&=!5b}NW;kFn-#Y$&F8}Swt|!&kRgd>fLNs6IpvV+*MM{uI z1wgU}AM&3VECc&&pI0N11oSRR2?;PN#A`>*TXkGZF$Z{Ks8EN6oMT_7BFN{G3)cZ6NQ6pdPyMKL;Oq^V$2k#p8was=yOXt=`pm&oBSBgEOjzT=8< zEA?U&N2R%YkBBaSrxHg1*Y-|XNLuES!_%s6#rlX9h`z$0Zn<$c1;%IE6Dr$;1dXOAP($U=^6D zmZZswHiU_G`(w?%eHfYkS(rI4<8&(6*hfQ-vkY+lWww5v*TLK1i)H%V1$I8ZliPhK zR%tz_RRG_vlzBQC3<>vxK}`mO{B;BF47_f8&(%mN_-u>8&;+bK{qw9P1~zbo=Wlpn zz~Kn!m-JmH1;YlLQJmgs{JvZ+<`~uF*=R!=FpF)%fGa+o1`<)T-3CBmpv0}b#<)LsJiTe-xD5skn zC{9h)zD;;d1;?J{1}hx{^d4HJqY!#BiqWTUqT%D?+eB0PP%dco2>30}4p%F< zPC-%=d=@PVSmyL|`E2N`2qmJG)7V7RZ+>|t^7b`+=RTid#+RsVU-|;B$*lJcigi$J z@k2NGjLUGvYu2aQM?>Fq$seOrRQe(qip_NW+ih?;X4r5EbASAt+vcr*sIx`G{}PRx z;-{coA9{j>;XI#lj{Qi*pfFmvuNQH%DS~(&dAxj+Im;jeFP8UcS0!!^o%y+Iv}#Ae zMWtz*O6(&qv~b1 zyIftfs$Dp^JL(lU?&skk+vrzV8K@F}TqKodaoK}*KF(Qm>vN{vVLy7-ot-M;6l=EB zL+ExCN9bFy{|XHiM;a_qqWM70!jla;3z2(*o#)ACNE0*J2)6A{?eS8Yux)Xs4;{~% zEnqe&yxefK$`p5Q_f6=o76Y7e#m3^Dwz`y*zk z65t?vUt9?C@poT((#s%r+lv4+Icec?ZagZv`Q%7!-cCt{Qc8mFu-DF525~g`a5c^P z#%ka86u=_K7OqC#+v%O$LD)%al$uw4pcwJv>)OgLPu~=~Q)|+zIHDH!D-yoOh5Ku% zPe}UJIfq1^4wlA^ZY&->U2=x>5*B^sM!ZdM)REi?{{vO+hMMHU)~U$RiUva&d9ZEy zHc!M`vEWlU*uCaZiVg`2w0W2MYABooxWC_m4Jey>(_94MxoDu<4%dqFKvw^%~gO(N8^ zjXzS2QnP%<`|u3E9q-`k3a!o+ayshx@QB>I%SJ{JLx^CO<>j@#F<5D{lKMbRhyjos z7=UPEh%n;p9D&02+k}LK=ieQ%DrhT1Uj|#AqS-Bv$PeVOEbO-(Fha!w>^b~86TW(Z zbW>FT-j!fgxe1;84;o~!mkV5%yb_cpl}@W8(GS%f>plZvqIWK!d(HH3f`fT*$nN9Q zV>}Ez))U=l2I;W+fmcoxekcOI;lBT0)O;Z{5W*2k3Ic`yVju^Z2X#u5?m>;>Y1;=c zd@v3tc<{|o=DE3HoUyGL1|QXS1WT~}Hv<3;FBE^ljuHb@$5`!Nz%gG`x|Ss42V|{) zJ6e;(u!}-qSHD_N zfILn#2Y~1~pi6AwNvyVn*C9yn9FZMgi@frv^nKVfdmIhxE<-%ybI zlsi+rNON`d-1%*iS4R3A>3?pEcxAEs>n1sh^!|0p-XR`Qg^w%nf4A1OI-&sJ%q17a zZL@bH{vF+4HtD}}_vbc%de*;oCmcs4Yy1lffaNa!-M@cvr~i7Fzq{{Wan8Tq9Ue(GI%&=mfFT87PKUhj?mBVcWa?aKJ|jdl+Mt znt$_P)Y})n#oU%;*Q=1AmyPVd5dw7=Q123@UQ2-lHvwNznjn+b2?64M)8LVHlF2Y0 zxTGRPBk=I>>m@-aO_+Dqu+FBa@HNw}{%yR!+0M$A!X4hE zS<(&aTkfc#-J%_$TNSIedMFH2x2?4YOHh8XQSRF|xc$qfS|>}b{|$FH1savS8F1gE zMZZ>_;5(v;6a|_{RDfR+usrjZc;X*-ohey$`zth(-osJBYZ5Td!SwbVRCqBVdG^ARpq<`4xZua!@~qYeOH~`}{&J zwJm+0;2JNiLTKFHQ%WIs(IAce82`f{wQ-~9u^Gse)+(aM;^31G6826{BfXL!RX)1^ zG|1goRwQEV=22%xp({m8i)hN+Hm58--2_Rg^34453rHFLuM@ZA@V-gQTvm^J|TH;(HNClPE!FQ}by(xOr#&N(Qj5LK!148L28zVHanJ_MP#!42SMJYkdiJoA z#n}C=`)az2J!NnZkDvfRNMab?#N@Hm4I}c8C5e= z)wrn6IiFwYpO9KpZ41|n$_7PEC-*}NAX2^77^B1NcZ*ou{W!K8kl8_Aj7kk|Czr>n zU0q!hp)rq8lH}FfwQhd>NZUq_$|~_K%$PqwTh=h2AK#=ejstn_Fx0oz;X&P)?{vX~ z`PTdGHNfZCQd9qOjrR((gX#Idy%r^gDhTgXxG*XRzj-yB;C2Ru_~UKRR&4-HW%kkI z%DbeXZAa3Vje5sHuE_scy5txObZbm`=PZQO<&8qOqrp&A3X{c-g0&ta1J!xw4}M-) zyCV3@iw7^^m3lK@v}(N}in54rA5j3ELo+;6Ez(U<5xud-7O1KKr!vxNuXkGt(BRB# ztsC-txTUSouD{%`w(;UV{kyrqG2w;pQJzZ4!gHfDUzb5=2i_vd0SV@ylv-^(QE^)$!g#$J%O-;KM^u}rm4c5YR~g~R*md9dvg=KMUs`HS1x3X$=$m{i zM9nX*E)1_bv59WWn@uDb@?pZk-tc%?_irlAgDoVhRR*k)+Ce)9P+;U=KF)TG2JMLH z-in7$bsZKc6!PaBI^$3d2Si9)3Z0R{ec@+#d)$YYo;2U}5ZM-iMZ>UK#=3&!^qQ0E zaKAR@KaP@ZB>jh<4i65B(aS}b1r=6m@zm06KPMM0jk_ge3QiBDuFnib$H?pH>G6Vg zyI;JQ2;r1m@SexU1k_N_cugDx3Co!Mfx}~pYj86DEUNuiqaoJ6Pf2wYV1N7RW#8zL zFsttOVYp5gLin6!_t-cvB8o@kM1O$(b;&D@2?uaX+lYpS%cv<&fjG-k_T@oA=k4`|g-23+YP_5|+i~@%=!r;8Ks#+3afx};EpiK2lUJT=XdhB2svYJryR0WFN)B8>sGbXH#FrPY&}4CAodb#P z;PU7#@>CVYzz2pjYp`Rz>Zg4$9 zfro_SX7@)9&>x3cr}LnZAc=}Pj1>~t!-+l|@uJTV6}RU}_>N+|=*M7$k8Gl3X##{6 zcy+HlcZ#!*LZKUXI?k^MnJ`pIk-{0O@eLfImkR|U<{ml^3JMAXU~jgbKLZuiR{|Kh z6Rk-fN6)Re`AqK*yP`;x&o})Q8 zfzVmqbRGc#0TDD3+azqnu{M`JfjT$N*Xu0I?Tv#WWo6G0}umDAc8TcJR+K?K&%5 zNnIttl7>)EQ|y(55;i(8z^cu7P^XO#5trLU1N6~eDEm8ymHiDqgMvy!uP81#u%)zi zSq#X)st*oF!4T(nZEqM1Eo$`Bzw`}jGH4MsB#{iK5$d>c;^HOveO3PY24RHR+;s0G zDu6pe*dY7nQZmL>B)A+7;+BO?*B8El=eObe>xcXvOb`%8GJ-Z(6bi*{p|qW>*Ad|N z*B79T0W`G$LTg~1zlLZbYr`4WV}m>f7O;)8R2Gg`>0o#{&PNQZ8YYcC${=x@9O8`~ zq)5EIjzeHW*E?w$gp-Scz0~wwApR`Y%P;TsnIicwiYU3LkkF1eFcZUI6t>fCZ!v;_ ztEflJkRqWY6wWX%m*z9;Sk->0phrq47$c&OO$e6y_$_7;IRrk+>s-WjB(E9KetI5* z+-lW+R_y{tR)rWaqdKVgu=Z{7 zlZ_Q@0LN4F;lcJ=Ao}y7k$UmTP-%G5K{i_1*Na&#ke82dUODex&-SV0i{sIPz%gxr zm~nKjK(&`n5Iki_ot(KkO!}6FjzO$-oRWgYwvrk({0+9UhNmQ)qLn_U&PHNiY1{5$ z0+`OjjX9t1Zm$87wze+&^7Jo`^wH;mvQJepQNQ{fb(n;&yWsa~w@{=5-q<1^uYDmM zNW*FY2ouVHcu;R_`4Z(atTMYO23k6nEFGT7Bm0|C6hmV0}f0kd*JlD0P@x6 zZGet0AaHr1FAM_BZs{gqIr7M!ZyTGoX zSit47chjJx`h-P{tqN~{@V%QKQ<#B_Os#J4n=>%Wd>_Cf6B$IP`Nj%fxf~eZykz)4 zJ@%i!5#F&0ST8rrd7kk=1Ua=p5a>^NzCi%gE{YI^gX)C4cX!IsR;HYVi76+w1xiNw z*rQorA23Ud*)(QMMJSsGTqbC71=_l#_P`^+KxhDs@B=!`whD+L zwFZ$~a_E#iCw`d=suTPjIlcE+0$L!Op=<+wf`KoOj!1#sDz(>YJfiSIyEo6wb~H_o z7q}JVqDbfYdY)gA9XV!LXoJWbC;j632qU>FNOm#7O)&tHY1RQEP9!0x=C_`B@ifeY zD;k(1jxWyKUbadHdKz@)nw&hc@Oeuu!dsatu(PB=6mMQgruPQ=;(Ojc21j7z%MV7t z6Z;*Z6$=(waZ~yGE=mA0`o{M%JwXo#FsNR$!aoX7TffTzR!Y7icEk{=$`@#zcd-3w zGSKG9d|L+U#W#pHWB}9wO6Kigegc>00ktj;NT1S~az9Rb`w=6x(w9wNZv#h8T1B=+ z2cmIL=mKt)=O>;NUafXwN~fhTD`QRbZdAK%ztaVHv^Xzbb}>6-QFm!>@v$oB^nqGQ zB(yvANz1KgaSV76=iwEY<*78pULo@oR~4F-S<%{cmq{o`T}fvnf# z^MKhzY>{E8nS5@JQ0v^T&Wvf`xp?<*`8yA^>{?;@Hrz=RQ@j+PK6Ml}H~t5cOIU~O zkNtupA*BWWhN9blIzej6ulqIPaOv4#Jl$1_63^@={X1S*LSy}*QKd!;NGydNS)MK8 zxtan?6&AEOtVf4;e~*`w9#Fg<=@#w*(+J!NJO+pEC{2C`fV@whKE#?lUr*W1ekDFu z0^I;TcNFh$1c;}UKNn-8An+KNou33kpz`@yV50L}`lhzbSwLI{kY4u1%H@U1cUhu7 zUjc`24nTFI8c^-HSxz`AQpI%U24a)CEWtsv3;=lgN2lF@w!$tDxlrpPm#FUE@0f3& zsX=TRz2*Mi?Gs)pZ=zD#d2L0)*(wgs6fW;1W7AFoSYJ=6*;iH?({oSbZGGat>^+@J z=;aDrnT^gY1~2|U_TDnA%5Cf8Ruo0BkOoB*r9`>~!NOo6C@tL}B}j>cOGTwoLON6y zDkULZqO^n{T@s44fONfMBAo3$d&zmubv^Hw_kBK{eFWCJ?-^r`IpX(coZs7BCDb4D zR3qe>;?~0ud1GY=871&7ip`AZ*`|koTpdi$wG<7KZa69$wAR$Yg(edLM?N64cGYY;M zGG3rfC%v?@3GU2&T;`dQj|9{h!>FSxh_I4EJV0D<3FE!au9kTt99vH0DcL-!+BL73 zNYP#M{oH*8#{0A;rBiBSMnBB}b(5<~`eIkxjYl)=iL)!P5~h-_W&r{ta41d$pL1Fa z%Z9S|<)vLr-^gTm@m%tC|x@z@gl`xDz8;%fWP{j*o45#^(P6OrY{?X$NrfJ6 zVT__8+wrv8S@Ehvx0d8R^uP$(Qs-`tF4XHcR&piE*PGoJqzd9I9y>3qquj)?B?2_{L& z?>t5EsA6pqp-CtCiqX|Czcj6iNKOFfAsO`pP>UaJbe{BvD8|VacM|Ldxfn`mV`-M<=m^!*LNSw z5^ygpIzK@l2$74Vkzi+B$^8nbm=`JNB4wcn+W*oeph6w;Flw3&c)aDkEa=drKCf^c zE@LY1aU%QhEtOxcmqY~*Z`>LkN=T24@Q)z~+;%vB7dfoSSg9qTpJUJ!6MZcjQq{*v8Co#{*|GEogs9F))cjUj~< zH%;%y${03_jzOnyypiQAblM*z?YYc7CBA|47S1dvd4U&qR+1=rVQNsRKxDfJgv>t= zlXn*r5lRyAp7tgkR_mhZP6!I4sXvU22o4sK1%H>lIXu$Lwedx$$ehqC6Ve>!C2+rz z%8gC6blEDV>jOhkXgDl<*Q4WJ-p&5%s#B#zk`D$#lrTD;5@w%`)y6THc{N@x8tnTL z`6`$lK&~E9Ey*E^ZZDyb6BnOO{y8MywO$M0vr4wIOS`SbgY%K>dM?9#CB^dG%b9PX z7L-BkLkB}QCm!PxF5LA7uc}ENf>l!Zg|;Fwi32&KAMyFhYYvkb++|K?$YR1hzo=tq zMS(ygx3%mr0~Iz0$T6oq-)LBD@guzoC)hEiV-(Sa2p&_|9Rip6yVQP%8D**b_UT^h z1{eNmsxxZ@LA%>3GUI&k*izE@%4g3ZfeV zI3WQ6JCLvGFApI7;d!S!r*kUNdU3ooDSc*E1>$w{txfsqY)9y#3!8_42<}@g)a%*5 z)hBB3R)6@@SbIrjUM97Y7ghEGiTv=0d%f;lzrS*rT^J4;(|tAPyO7zR$^7=BhN!4S zuY?HmK=VFjlN~>kf$fUZV#jd7%5t2vo@ZB*a`NHrVmaHHVx>a^QM-wP52ApPmo}fD zaf`C-MawF8EdO%QaMg)cF)o@sBpg=1OR)V7?R&w3xvIs{Ag-4Bf)@>oc@QXAFlfRv z)~)Cc+95KUn}@`y`2*W{SuWgyO@U5@_I)}) zzse+02B~FP>5B}%d0&TEG1~z*Dw@TOV+3eS@@i|I2(;~41rzlbt2ocTKlrUy2P5V= z5CrB3qX8X$#*4G#ae-a~cMDdQ#%?xGG9H|}5CSqR**)&Z6x)tLJq(BFnK!ae=0k=m0$7W>N8 z1skpa@qK8o_+ddTOF; zWvNRJESd#faK72n?UF3?ySTt4Gg`PZzA+ZB$*zyfUtmGn<>7SN*judt5+V#%m8OAFTm>H z2KMsA4(Q>f*<45@J#7u@0jK@8Se`TDxch|knhECmaJ~<8h0*XFdANy@g@$aaE?X~X zp(%DyVpAbP9SiJrr#xt){?fVCvzl>DA-c>t*8=!z`^^gr8W z1VR@U6$SvE!pvC-E4cht8~VKRkqTs2IW9j3AJHe#@5USvbjDqq;@wB0w&IA@t6dNg z&8a*{U%hSJKURi%-iDwiIumtR{zPp2In(6j5HhA!OG@;l9WU-Ayi?h0T+!} zw29(ePcRZu_j?pV!|Qtss78>|oU2e$Y(R|AddT^F&HV;0VqT+jlm1>q@HxfXh6?*2 z@h5j5qg$ju{K}Glx~XaX*y{pED$62yhR8=C(cTC8HCVZX_pY$;Yr}<&i9z-5ziw53 z{Rh?=LTuBave;~h`ZT^xt;Uy^So`(bgIECflj;r88>n_^z+*>Za}TpnA1Xtxr*Ih6 z=As}`AWkZMtASF|uzPk0aJM@Xl@AM-Q5`CrT|!4-ET!a^VIY{@P9*i)t$SVj{zPN0 z&Y(8N(({WB#$rE;hHKD}9q#Q%hx>6Z@LyzbaOvRNeu$BU+QboV+|s1B9)+5sZJD(7 zJDzf=hn(^7`l1WV%g`gQM6V*Kj{05U%eN4rh$T9iKOk*U@ve%9M3RW_t|u_$%}2ii z{X2k}6m?+@_{&``KUB`;<`zUcxQLjEXKXvR_$4Qmy!b?Pw`92~SBF+_>rdoC_whOM7TcNj{TGek%GZlMwf(kGs7!Q4lAtMj3<)fDD)Ab8bDzpwFLgy1!m zy7iUamI4HRP-wpo zVxpEiNC%OejsVcYeWy3Y*5ga<#|C9g5N^z1JqU)0OeAWA+i-;pfV#+-)KGU{+ze}*sSL^4A)6Yp$JVi(uJb&m6 z+r=fMU+a&&Mtzp^uqn;LqrKOEazwb@81T^e`E0+4r_JH5ZJ9X4Wz6#05i@SO^@v5* z*T7-O&e8QpT@PcN-hZmrMm_0v$B=nPT1KZqFg3Jsfh-u-p*K} z#B(=TM>_z4>+k}F1s#yhLI>FE(cD{;Rz|#y?s44RDct;4>gO1(X%>8ZwJ{lLlkQzz zE-OpIqD@W-qci84Iq%x)mU>scE6U6$XadQTdXSq~?Jt|5e4C?5>fmXUv$7cdkiMcn zlF#^RK0omG8d0FkfzO$;#ugfZHhlpd(+G46k5@b~zc-!q$%r&3?Vj^*_!=W2(&*4j z*A?WvJQDh4&+uQqy1kAiB8F@RK;PBy0KS5Eks zL;ShlE#Qja-Czy^1ytd8`spy<3P0?{u}%Nq$y5AaO6vbNDXFbYO^WK^HebuUq1|el zT2;YdkrlGu=M4eS$!q2o0%z|?+yZm*wdFPDZ>DU`L|DSlidA0A^TOd0!vEQF-C4k6 z1c|}&sD+M$`j9k=m5aa?hlG37?D4%lCxwvTE``E^76(l}kN7kr1tu=ol|W!!O6>RRXB5n?*Xm*>#LvT6(*Zszq*rDQ!5ezck?;w^*W%1+6`2!R~Nd?X?R??>f47E~T z-HwDiE7F>AM;c|Q$qRRK6od@f5Q>l>)S&X;M;XTbHToHG=xCW2)V`R8`Q`lEMEpKA zucaikCQ_Y!fL;P}yh)iLf1?X>L^cH%{HPAXP1_zs@^nEG+8qUf0C-KWo?}}zngx*s zT|hT`K$@c%GB5iNI{rB22w_Kexy!;w9YE~%yGTr--uxH@K&X&yN96ujx0iwBZPI?@ z{Vq#5D$lQrubn^W#J3DN6~To`paD}OY_P4%y!yQNPXG>=EsL5o#)D6@J>}+$n~*`u zwuHb7r)@O^a`+)|LWO*Fo28>St`R7pV?M^q&h#HEZ!-Y}pm|iZccpeTq9GA8IkrI> zQ6A{NeTI3Lx>%9G)Hrl~OG-;iPkX@Sj?)t0(jVZ0cc5#wM6d^-$R0@f3b;HLr800c z7>YlVUqt-!58yk|IxS3lkq_<{bFij-*{*eOSIU=fNZCS0e93xxQN=Kv0y2_nltq{Y zsTzbHCsAl@Y&4ir196a+mIy#+e+TsO*W3@bm+nZULNP;V@wY>GMrG?YRHhm5?zoaL zSc`!AV<+&{)~zjVBQe-0HSuzp<3N`wCvb}ys*~b`e6js=j@h7-D=jt7fzqM5aA!+t z16>bk7mOckld`VYaH{+e_?SM>e#^FSQ+Lpxz;F9O#~X_f&~#rID-aJQ3NG@16Wz5DGlevaFk72OPjCvKuc zyr&wRk>neC0~y9_y&%<=vcnJA!jIsAL-E)#LhAaPC}Xak{Bx-fa+Z`nC+CeoBjx$% zWKEo$I2VdkAfY)m5coox3wqd(&%H(1pxmIV81AJ{3EAY7tpKC%1FoYmuo}ogq4A}v zVfhX}0QhK9zCkHOT?p~JophRKpPF8V^2{9Bx(d3pYSXOXb2iTs^!XbFSB23JQG1 zaA%+-!QfbZsWcreJ8q(iu`uhpi!C22K%w#+$UN`C;7-GaH8F)tlqG=iKX8KJ&T)IV=q4J1azT$C@8AvzuMs!6V(rc$LK1sefNH9bSAxE&}TJ5 ztoHa4$bg1Ozp@7UlPN4notdTqJm!rYLB?3Zt-ag9uHIx;z=w@qGlNl^R^QhW=v3~` zOY_BWInkKuM!VS_tW@vMdKn)tfmRlH(=Kty8e75=)t`yk;rI6KTT75AXb{WLgZQ6K z;7$x~;0aPGnfAk7K;U;vs375(ZjAZT2kK4KNY~T03j&ICAVai#61hQe`^ zz5_q3X+30{g-qKnk#f+A; z8ouHQi1j`?p5A;I>Vl|OwML<5-Ll)2ii2N!!uQN>H&D{!M@0)rX<8K2?JS|;z_4b| z!IPqKx51hEz~7`s23cVH;4YD`JN6pwffYCsO)|ZH-CwT@S*?XbYR9{F%sDl{O;^!u z=)ea38eeWAbM=01p=*VH)yTrt$`iheccB=mE5gEa#z5NtNdu4w$l!24A7)j-%B@v+ z2LUo@DS}Kf;ZR&6cZYi^%)ZAh8ScKH&1|93U*(G>=M!z-9h2PQ&!Mlm={^bnh;dajyb-ckx}T%OQs zbvA^)r8!R6h8`}#?4M^LCj2=;{Tioqt|P2mqzu?{5*<^yYMn@B%wQ&V1?Ltp5W7qR zB&vQSBN-Ilb?%PDIM@%5E?s6km2k3K!Tub!{zOxO+JhZSRq%2yM0`gJGXKvWh<;Oc@jrM~KUZQxBjg$=qe_^{)jMNEMB1cQ9hVjK1=Y}AcQ z1KAsWfAQOY z)u7s-J@tngR8%^tc&&6e0~MpH{)ci*guFUcm7)NLZy)5NgBfvG@mVK-lwLE1BGhac z#u%th-ypqKaj5nhw%k=tyG)>mjiE&g}rf1=;(3;H}yr+|H6?VVFG(z zna7psX>Rt&_|+3sDPr*Pk`r9AOiuKh9TbdyG_C zmovRBuY!jugH6O^ca;#|)Un)yd8LsJU`Mss-1Fbb|M2kWTjq$;BV{@K(5Qd%V0*RVMU02B}>EWwB7G`w!xQ;s73J; z_!(#G5ua%+$ToK}V-H$%i3}+6$6ZdJT*d#g_`@Sd|q5^XXX}bDMd7d z`WvHwuPH^fW6Swec%*|&KQ@^8Jf*!EdK*0i!*=+F{d)t}PmbTMRn#ynGJWQBi5Rr` zulEm!Zm`J02)^#dR6C8l4w{*7*hT-&x_p~kJ6dOI$glh=kB@(Yc6Hq(Fjj$9FbXT^U_{ zeCoHB>HU1Cc+?Llb@5$yFr$sBsW%*`QP0R1m|24XSN<6WyaR?S0D!QjWH6=z8v|ia zP_fv-q52eqEt^-GXP1s(S7&9<>Ju|7PruP!WI7iT5)vft;%q(m`PK0ZT{BqU{>V{h zkHn3y&<7HhJ;zi{NdfxkmfTxX49)~OQoC}DmWi|<8p-H|h>3eb{(OV7;g2u&12Ioi zZhUoPJYPb5EWVa9Ap;H)1w_XF%6X?3Pv7!Ol$jzn_BTtOGpT$0Z=i(B$fQjT0Y1{+y zaWfsCveE^Rh-5ZyW%_m8GtI92WGFf<{#vkXW6EQyjFQP!&XMgaJYY9|I2SQ1ykS|oh&(;4cA8LLeRTT3Nl}NXK?)GE*H#-3 z?fNhe5rt&XYSVw)31Q4cD6*xttX*AbIR2^*bYw&LgJ=8MqyKh3t*%^_9C)b~x8t&} zkezE4Uci@)UmIJNSP7HuOopDVLakt9Le2Aq(FG8KS09-qaK5^cC!JCv$42vJbdD=) zXiapVr+0&D6@mQx4%=jCW<8Ihi0$C>_AWvxIEfUlR&U^v9CJbXRO5I6=rFgFPO-X>u}N z6pG5)uXb}BLaxH16}NNYSSC1~3J3&VXD%*0{*7;bWu0JjGWcNjP+H#f#`%Mv6U2nt(hZBPM~Dh<{nx4vxN z{^7$#za9w5c#n+~tng%H#TUXIrGp%z&|V3FL6pHKhdT3aw?lq)c!a&>>+7(hiFP#x=W_#KJ=&ZmT_4HqnfxDA6W6D$Fq zcWn4t@Ff!AakH%06px@~VpFezZyT^v%@%53_k6^bBB4U2tT_%l6zASwV*OQrrTgF|CI)U!FlxP zs+QGq?yckswzvTo(<|pvVEc}{l30=ZVp#I`Pd5#!!Ig*?4x{1m2Sg6F_(XraC zN>07VVnowTD%hSBN-#)U7*4q?Qw7pwH z15fNz{yFASnr2*|@qWN>-N5%tYkzip?*(l6&r}fIWakSe;ESm-s0k)xRU=z**{4quIL?AiA$c(~4XI?7 z1(7ML?_C8hafyc91ji}9E6b6As;Z^+XuB}UMca{9{soH=juvP`H_d*r!|%AlG~SBw zTX4DhcJ$TdZWt<(rmNdGh&_~DWN`gh7l6ayYWpBrp#vUIiwvAHZ6BoAYEJz76@|EMY^;a^+i z_x})v8T;~0bWlB-xkJw$A~WOJi4+A%3~X7;g)18Dw>NI4{}| zBj9IdpvXp<=W2qfGk&Z>D)XTFX=wDdg6#){^GhHXq14EKsTig3l%WLrn*MPQ2+vEf z5~;Y<=^3}`4e)B02eRFc_cn+hz|IKLA5fRCxZ_Yj%%Fbmw+&tSazS7dyA2Lx0MYnWYw(T^k z06=ig4IOanAQ6){M zDYYRsJcW6`4qy}mhA8YC;AdS-+V@&U&Y7@k~UfUbD{oFMLES~WjX7! z+whRlfwOLnc zGTr_(W@X?R@`y_X5TkO5HxESc7ApSrupx)ups-Gz9R5ON| z!C>l@gOgzp-$RP`oB=Dqum=uZQSt^B#P2xNHYoeor{g)8_8KMM8S_)c{ILU>#REP@ zMVaFG-8-C_?zQI(@j23eIe-v;%a^I{l0Wx{$Mby%A4l(go&0Jcm71$*+?oF{&&BX@ z=G@VL_%w+qcH}H-E2I$-EP;Nx()*Gl!pk>&{`DLMRQCa~{ zYHW4s--3_(7X4E45TWBc1&F`k1yuYs-PhRR<0#44{@ONw%@bO$>sdArhA$+EDDC#= zaYG;KTL3F%QcwYJWhi=jh*JbVd`9a^4lL>aTX=sT_5WLVzir|FTX=suF5qhSe-`hz z6Z!uv-fx5Pmt|iy)c@N@?L`7WO%xnn`drZIyf8BC1N{rrI*~KqKQY$%porhUef_V0 zF+z$Z>6RJS36b;spUJ@bl=i>|)PdrcWVqmNQ$oeqTbbzOt+xE(3s{g6+MKCE;tlvB z;{QknW?;qwJ>dh?>io!RP=xBhS!hHJtaq>Y`^o&+`wQezFG1#4b!to^#etSnR3gu2j-K9JB{ZG_gS!Z~-2|xoQ z?X6>Jmg&-ecNYH5H-MBZ`zpU!zeo|Egctg9KEy?%F`|F98$NpQd#W6s@Y}z}6)aye zfz)M08&0+w#TQjZ&y#>OTtuoBUm>YP;{VJB{zxztiwWUSF))Ryu;0GxuXmFmgZB*u zHt--y7DfC=HZbimUmPYMumCM1h!BBFQj>kM|Hv0&K^fOzY(SD4JaENGc=*P19~B1v zE=O!4l66IoOETVhf4vsqxA|QCY1AC}zEv5Mdhd`s_+#4%ya>a;Rx|A(L_iFJK5{5$ zX6A-m;jkgxUOq*idH6CR!3!$zg%?yHOZ42ZCgKy^IV3mY1fwandih#~2>$nU+NVSR zwmkmrS!>y`Ih2GzbPr*JC~OHYrq3C>RqF$=X&bIstNn@!j-n4Fv26cUBtRf`8= z{QmHJYhM?|N`OiW0h(0`4Z@)l${l&oC+_fbtV`ShGS2b+Vt>Tm@u95BE%S)i1n@#^ zMk$ONuT`xb@IsD|qR?%OS2>-i=4lDM>S?+tgcgaR=JSiMjx_m)y7P;DQlbjV`e(|qzghpE?>lpg*mZ@q^97|(P==jDJ=;Gf{~5mVLhn_$0 zB9PaN$I$w#6~%=yR1~iZMlh>UT_d?V{6wjus#yaYLKRCvGNkOPtd%Q;;-jB(a&oEi z_9-zYx9~-0Hxv9fA@nOzY~CP|x5fVxp+7#ZwyNe^^!k`;*>>PB77Q>ZyV~ z)CnYHM-&sK$wx``SF5;@hoKTqDDz<@k;eVdW5u-8{RtGD3lXkKP_nxLL*%-#l3gE* z?_C2{c42fboYa*>=fbDww`bVbK*2pkFSro$MhB1v-j@%YkPPv^rm7n1$}DHZqrN=C zdAT4QPq0uT1}%Aq?IQ)I@C5qL6*eG8M->r5RJvZiocvj^knz=cUL#r8$ckySnY3;Z zpyclOLC3w}kconH6RJ)z@MDrQs`I}%whP~O9YJEMVn7OR4S-ddbNyk}`u4?RFVh&Y z^Yup|!xkzXw5YSPJYw`PeN`Rp774P7->O5Y#v#|UmfI^o?Ppv8S(IBQarlG)B+&K_ zJ=UL91TRmSU%Y#R2Dw@cmOKb8$d93doFr0>wu9tQ;9_LJ?}OYu$QUmUX|A}_@EVpB zP#t%N#t?luCKDI}NSw6g*XkX${zQ+*+K?lah*>e)qIKW!Pev8Yp)2JD?ee<&<#m7x ze)|@d$!PX__-=;7P`7%)`Q73i%4+J#F`cj*RTI>{3c7RnWaA`mqsqcPAiHUcP6UoN z9k~s@(~MmfdbM`=v2q3DymnyHE#=rDV~JHn*)AEJjL+QUx8m1viPxxtFl10YdsQoi zB18+Xlql_5in;-{rzM2jnd3Ky$bZ7tki9$@6b9M6kBdL$AS{j)LS9Qmkq3nd+L^0s zrAR&HIK-twSY?M#7Jy={2)UsVm5Zxe#Qnh?M@v!ux9Un?6vXa)Hi+-nW&aD$$qITd zKGMhwqmKu5T|HO63IRMbFAqH^dI1HSybD$X^cx*y*cfyQQNT341ZsWx;Bbx{9*6WL zAN=gnP|#93Lj1;EQQb%{6iI|1d#RFs2}XNAeEQ7~^6q#}Tx<%e;q+4MzJv;|e(r7+ z$G3rhtseEsw`^u8&)k7AlItXqV4pFGiQ&&BJ(~ zxg&8722fEx#}vDvYiqmI_Qi!Z$Dlv22Mp@JG_U zauo3Wl@VHE^||fp=isnV_-uN9qlU>eiL5PtkyL@~W><|SQf-gJf&Q%~@*p&hp<9gP z%qOp}6c@xUDgkPxBB$2sbq(ZDP>Ge;?P*iLspHqy>k;tH4r(MYI$#sgj%Me%{6}o=yKGqjTj+96J?COz_2>5S_r#Pjg?;SaI&sn_1rkmM6I6(6o|KPHy1=NV8_Cm9m5BvoO2V_!3 zrQ#I6qVZWK5IXtKeeW2 z89JQL&o7{inB+*4^j2DQN2flD_fA*a2ybE5v3V#%6&9*(8!g?RZu+ncjm}`L;7}zC zWG78~Sljp9=OisODP0p#nSk7`2l;h1$f8%&9mSTXyb(}NyGr0k#(dcm0XdwZtX2Qr zMJlW)*rUnM^7x`xSSw_Yq!c^ckv*EF6j|SUzum#sM_Phr>%?wM`Vn>&5e?OcOg=!= z4HCX-pl1E)Tr%jkd^olJ0J->L_nx7j;=s@o0<>8Vw77etW?TfqM!jGuT|Q8H>zd_n%P66WKWQ;w;RHwq5eD}pz?;~ zme$>U)d~I7l$-^NR_MOk;{0%}0p0u`4d~_Hr8MWSrW@2mi1h-eOM1G6(|O#Zm>r?` zW_?y>eV`kUF_7m{*EsISAnLM5aj;xi*1`IN#Xtll%jj~x?Fg;qs8X{OS``mMt%Bah~w|4)=$SPP)MrPzCA%&8ABB`mOb883cEB3C8%qxa#(^A4au?2ywq3z+v)AK!lfLjrrU4U z*h33(svToOutVkmF0{mzN+W10-J&ZWwI7y3rB~&TBrkyNfa%Dy`QVJltn5{WqPrI} zcMGk+tmM(+Gp_4~Gmx^3mn-kO&x; zVN!D?2Z|I0e5e(a?L^0 zt>K}!y0ZDo$v9kKay8`c;ibGv_>KlXCp(k(8c0cTe##K-9 zS*e;1=nq%1=Wv~al@Kmnxd`CF`aUt7*veNErZvOaZdxUe?EU<31gVk{eUhd^~ef2hk9eq)9FwL z|LN=oMb%=!75ll`!<9%{O1cT4!!+Q`KZ3x<2WZld%yNX4qEhuU;zcTaHxWOfrOEZ{ zi+(C7ntfNWc^uD@AxE`h3|`iri^zKYIo}HFCTfCkf*A9SCXoGA`Z;(2Cn&Y3-~J0Bfhej3AN~{cl5HMlCXYjA>U>mLc;p3WqjOkmdT4z&mze_Ty|ylRjmowc2!Il zaVBt7L17`V+Fz1ngVGi!N#)Y_^WyGsKyacck*Sqdhg@Tn6s5^EwlJ68qaG&*T z@Vq}kQh6WH0re?UFiOOPxG!47!8l*TY}nX2?8>*w4n5R6RMzKz`W~xZ$lc(9OADCD z82Z@Bn2XN_oS+(8b9w=x0$b+loN4P<_~uX#de!`sMj0jIDqO*d^62z*Th@DSWXuNd zYJV<}8>yigk7Np-9&9j4rjOBh@wP69>&BNtcIf5y#fillhrNm&aJu9tTQC3F8hy#q z#TuNUS}{2A?6xl9-v2yYB(8u#@Tj}kzft!ay28LAM9koOUMpq4cKJRtlZQ-ufFZ}8 zYgbI6q^EkpkGOtoIr&Q|G9oDXN(gtJA86?-u+E$9@vwwVTnhA1U&6LaO7jssge>(g z^`Fa*CVfShJZ@=X=p^zC#z{v&$FfQx2cb~?&vy_5&Kiv%-{%N0<5XEqRxTBnXSz3M zl&>*JdxZgeOh9|$i4=z$2uc~qanuJ8xB^qilgx@K=ynjeM}vikJnf#vxoROBSRUAiW=P&;Hf z7ng$X#<*O@euhul6zo~QwX`l^ zFjhP^&p#1L>=9EzfSX&oF#gpmHz2UDcp?uZ3tMj8HB+#%WE!GR9K$hm>CpS5HBZCj z#OrQdWl7~;a`_f)m{RUc&|7JRNAVqwGC_wt&GDfc8X?1T_zXUP$35Y&>hni=zA{ezkHotBPEcN-2 z&-M`JDnZ0i{cTJ@{uN*KEKGScLoQ_Y1>mG`g&j|tCJ6lCF;#cci)M~a&tuD>l}Vh$ z0wqjUz9%jROoKZ=27ex!Q%YWo92`bzehfAj)?L5jaB}IYYZ54fErKQ-Qv$t#Ydl=R z1P-g9hZogIFX8d@XJ7*8=g-3g&p#&cjfsmc>;pd%frHKugY=yW7niGiz23(p@Nq30 zRSfkbW8;?Zmy>I(`sPslc#E=!T^%u~Pe-%v&yJsL0A@(7j@-OB80QP!<>ZT)dRDoD z?Yn5x{Lg@7Q&PdQgX7rkE)PEKpLAWblImVpXOsCYF@sUR_*e%6~JLJw1*>yAitmO9Z2&vd9%rP^3%+SE}gf++>TADrpu4b?iVTe=Q+(A#Gj|bHC zT6Bqb;%;b*)PpL4MusABXH2c;(hk2}u({qdp7;KE`q988KT)|di(5)J3H%Vx??wOB zpk(q7i@&s+FIKiI18$@41ioy> zf7va@h{1Mhc zdzO$h1G~-}T{wJ=m%B#e)Heq zAOZtCt}C>>+B{}Q2x;nX)!P6hq8Odt?FEObcC2#35E@D^`U8?~0Iamj2jTuOKi3m- zK{v+oW~v+8z+&p=O*K}Y9Dhp|63_`vK<7{!PQO0!!t&>zhYs>_to)jy9 zh%6rL6=;qq)T4`1#n;7zWr7>GK=8*c4d{e89&USi12cpp>N^mGG08Z>*Fp(vzn^b_ zOIiw3&rsj@{%8`^hYON)symJse@fCU02{(A6A>mI1^=Ha^`cL?fb^b47z8!JksIaN zD9g#{Ep!<0L3!-H&0ur3ZSi|0No*fs+iLuni5yp`6N0n<9{sQc!PAc?=N9V0T%3Lc ze!0!y=V1(zAp~}g+8FF97nKI}z?Dwwp=3d7X+~EBiYEZ* zfgJL)8Ri{5p1jp%jckO(1=DYn^tGGd_~&SZn)VB1Ck(4X0;F}3p-WkE9QV*%y^QAr zE!@z>90N$7bmNYzcaou+_3?CQ=N#YWn<`4WTl@e!RZ|rHO3Ap+koc21pkZ5XcR;U8 zd|IKN+_HYW_iaL^xaT#O@t_5w>cB%jmUnMjQveQwluv9Mq*P_!5qu@WFnNEw&(y}o z9&EQz=U+~)htbXj02JSAN8+}r;TB#Jae--s2+Rd5^q7eX_v#Vr{^sVmSGO_m^5J?b zMzSxk@!}9}lU_(-v%d)(1eK5#IINqM2p5#I#H5LdQ<$Km^D<2JFj00 z|8+xP%6_M~UJC&K_+R!evVhe+ki!~X{_OtIwp%%Ej<*q zX}_W;uFiRby9H6U79e*z5TWt_*pO0bbodjA6UbTU-?hr)`2D+9-E1C|1}69)l((}V zuLVVpw80egZJifj$ESsZ@7UI&ick6%TY^kPXGORIssY#EWv8}*iICiprl`eZhI2N$ zs+@9V#F7l${|fYX0@qyexj|(RROUI4iE)Q+Hmo~zota;$rK#0+$f2=`Vs+aPx{w|G#IpJBHFFD|6gM%6M0*K1C zL)mLm*bS1GQG4N= zT#cTe@kdo%`(Iz*U_j(iTf4sPj|L@8FGQ|`xSFc<9i(Ch&e`KkAR5xD1K;XbR2+h% zIsp6Hb5T;I zGje9%potSnr0t~UVnD(gB@nghg_a>7B2Yqi4co%f13L4dj{4fM zda+l_P!zL(N_*k~eTWchh>jN_wt^b_kh>rRO*yG6CjknFQV>FeFQ4nwOAC6bq#6{1 z$lPAm+NUSGAWyOCw?sIB?+6!##7E%qAD^Edp<4|tgQnrAj&uPm#U5x``*^YqBq|R} zD`C1~5Lm2oacGrM3$wfrp+MA}rW%sL-7bYdGaZ6fru*i(X4YVQB=|Hz|OSW-Q-yVRs$9D#C>!wU0 zU54+_+zK)+yDfnyUkU{nfyVW<%U5N2!pA2nIg@zpQQ;Z9h&Q@@-n1rVc?Q!>nlp%5 zvzx!KWp~uDm>VH-1+m+OPqEuU38b({JHRE6`tZy}We6kNLb8Z9sU(xu{1l z#^;7#^WsVTvjA^WZ`@(cK@ZCa^mkcpmgNciLHyvtb zcyZ>YWk86Hh6?6(@9I9s>2O7;`##y}oeRZpw0CZ!2VKLKhaiM^K?t&3sVm;y#pVS*8DjY$ z+EH`Yn;8;Mvmdw_Xztw^x2;Sr)Z4j&)Dc@wjDP!J->Z{bWjRdw0Yz83VRjA_M00me z+k^a!p>{FMuYOnYn_l3M(n5+!^Zut#pN5$}W@ex(&cYJP`+<0#pnis=EeQs(cw3|c zEWH6*Zzw2wc_*gihtAGmZ$jSQs?dY;wGUHPys;I@bWFN0xtG~N%OPjSO{mnSTgv%- zoQr15W0XOpGzb&4(3oCAl1an1RX(81*5Z<6!P_$5sCjnhU6elDWf*bGK=Jk-tUNeD zatZNHc&79MI-?UDTBW_w*3zNHSN5>B6&Yw?YweN}=HYqL;hSmNlJWzRdMA+(Rm*XA zZu?n~Ug076j#7HP2N96BMcQpVz0ACz0Fqp(KfXW=fqWXaWjH z?L+$}L8NNjPREG*!PZ_g_witAVo&Wd>Yt8nZJmK$;?waUaYZ6hlH5Duiv%0rTR2aK z4oj9NGbet9qc)fih9rRd4NW9OI>t*%zg9kd2*WLs>Ykx{*|8@?hlRKELzdOoiXR}j z!2U7(L`H8{v^loClCwaRL?^%RDCdrc2W*uM_&|cdrsNu6d0Xb0oEJfEk3Z)X?}IbX zV;@RXz~HbdHFd5pw%^v_3&<1)Up_u^#1KX&?9?uNg;i^|$@e~xDhn#8EsQ)fNHlC) z^jo|4WCpSQa8s+f>rSP1<5c>zo6Jsw5>?im4z61e z$$N;>OpB>#plnMs(;-jACJHcfZLmBa&Fef*6(gQEi6u%kYC~oC4sJeLi@TnJsfqDQ2sRY!Rm>Hh9>DKNV$0sOy<{rI|ru}p9x z3q)UPRCWVHa&(vpk2kn}iF%2kwDpAUrwW?#Ms2j=q}_RNws3n9aAG4|$9Ib_{$SrU zi}Wl=28(}a*f)` z&LymvMBTo)H0BbSb#?`bveDhY$n4!_>_pZj3`yve)`Jju;$I0hxwUm0T=4d{*8<@8 zpY9Pkke*a>lWAz7ZmgxYNJZfHbMo)MFA)u^R%Q}~opz4hs=1v)cLa9g*l-OpKR?`+ zat|-KohqOv@YJqAY;6*jl77IN?Ltx6Gdo+6;FG$`L5tUp5K)WBy9v2@uO|L!9!NQ8 zK16vpHRrjn;37h5au)=5S7uM3c(|=XpndLZWpSfY_%* z1h`+qrY2q@F}Oj%59zFUOG|dIe>#Pmu$HiLA7Ukd6L|4Fz6HEK*o6L1;W6PXwIItCDGq0iljJEBx&cFGiOxpa6dSJ2<8u{>4&Em zP;Jb9&`Z*uoA|2Y%l%-XC*hH$C-ogqY!OQBK^hb7!q_mYOO$+`f=Vbdrb5m0fTNep z;{9qk*A88Skj}K8pioKeS0qNq-cD2M6=&*nFM0-b`IYTDMgY)?X*nrA@z_T%f^3VQ<%nhYICG)}NU^nik%a>b@P4iuf}9N)c?!{D0>dwk+(`YAlV z^+m7)OjjgBSx~s4aQ2B5WdKLU!5AA{dkDA(VAfsjn1JHf% z;G$M0B;w!0$wQ^{lJmi2#6o-j1G~H-_3nTqM}2`>y#g1Ar4%uP>eUSZ$Qs@}yMlDi zRfulD+1iUOx8L%0HPuMa59L@$8SVi%%T|ubsK%m5Fn`=@@0lR(y;;B{VZVP1u+9d( zC1X9(!QA(0y4+;cZic~?aJ0OU{=L`s{Wl~iTT!Gl_tW$JX96r&5cObo%mS$YKR`V9 zL>QDP9oojEE5zH`BP1#sHqs3S!H|;2OVG09#sFkw9zT9O99TY^lQ~V@6E#(1a6-o!1{*kxJ|8o6!DB+| zpx_nr+}rlb9hjfZFCRd08=kGOy3&nc3j4B;I`+6R7XgT$-WKB9;|!WRg-aN|z@{zH z%m;(=9xxI`&(3)WIBa8DaLU!6K&2~1o*q=3^apj}e6QrlVGmsaz!eb)@s*$U9TMjb zqTX`9#=eBN#D!vutmP87URM3(6J|f8b1f&J_Mm*4%p$2BWPhxL-=mv|fW@L=t}*X2 z`5a0x!ZO@;t@k7hcHxGnD6;Hy$<}Baz5leB5PU%8{g1Ot%n`Wed8Oevo>5sh zorK^cenb0eQjyTp@b>RMO>1gj9k_3GC&8ax}Z9Ks7ss@Le~aHkiP?9sZya?DQl1M@`pC={Ap$rIefRYm4%3 ztHx)bCt>(SC*Fmxi%J3uqfXdEo81EcTa_5uu)%PUGs;4c^TAPFBdaCDQMwiRk0qW^ zKD?Pg9cJUeUOZ#HH3XHX-e*(MJqjNm@Fvv%&x|xDYrBU0!^{??8@sKZ|FEClQy-b}oXX0o6ZsdvI zzFUZ5@+(+u%!T(0VC>k58sAi*bcXY;k-uApzb#+}m(@40Ew``i)AMON%1kzahO-X< z)WJ!ypZ@l{YajDV2VChn6YRNQ2~x8Sm?{i*=+oan9S%+q?qr~e9Ps#mczf<}Ecf?I zG)Sq8HVu2rNQ$={l@KK>dxnh6jL=(YiXxl5orI9R2@NC}$;d8bWR$)6-5=`IIp=wt zzSq_D`{$eMd!F}s?$7Yy)(}luEJ96t8*^T zC_cV`;KRO#jQ*^i=aMnX?w8l>Kljjm5nFRRU^*E1f>(D$Mq>MW1{v$q385rHPab|n@V#+N`8ZHP9wJwI~( zxy4DWD_{5_F^KBax`3^@2IaDkEYf9W^B&2(SO$7H*q@t<*QHzL1#JDGv#)dPOn@Zw zRc0B#D>A%K1@}WR_GAC2lH>+f5&8hs@A(2nD`#DMo`ALLAcew&HKI#_X`j$@Q_hX4 zwlyB|g)oVU-G*06#~ZIFijq0EMvRl;mP&wHB#2-yla#pqXz|*uEwn zWY#8t8}PMri^WR7tf4AYeAiL?%*{rtxIdxiT_g4-<(krr+TY|dH%$}=pIUkYbI~!E$xUajNUjmxy??kua>w$mYsH2usE{qgeS-;*#EJn7`m;2|n8~|E|8cz>M%6<6a$GtuZX{IJl z0~f6C!U$XG&Wpd~4;s$1^nhP6Aaj$F-UllOhrJg@Vw01C8TH+)V1Bo5-pnW!tRc}@ zVWCefzU4OjFrh9Y_-buVhfrNMI9+N1gR#la^B5g;9LoB$uR%QsmF#56QCKF2tOfsk zGAu&vLh5YA?)VgBCWhLjpIwAd`^f;tYrJ)Ps(|;uTo}vNEx1XiYilcL2Fs^DLS%p% zZ1ytO=1ITw*vlENFsk?(V;Pw@TC@}(s(*O2zqG{99c4DM&8=gkZatTu8(I| zw?!>mxDlj)Zm~DBu2<&)-dz{&@}fw~&!P@cc0>+B!ZyUi1P6TnaDI zl;E3yc-S@6M;$sAH~E6``I-hxM*BLu+JwI3`*eQX>cX>ALc4Z-goMgUUYBB-=RDcH z-ZKt>Z3R?JS=ZWum9y93fLl>KF(k){%%T%U!C02fH(k`F2)x!Fl;^@t1#kh?-assEi*t7hEQH<)3s$x~Jz$LpXqHNQWzjZgGc>Ps8++^x z7}o_no<@3=hEcuAv=ms0{H8G#>Yb)Cjk0(t!q*;ikXjTr&g6=avni2=c5 zFbE@*PfQgwWMAJ{0q8Kis^q@QTW^0pqjZ0r|_# zSd8`MP%+Hug4lG_3|Sc^hvoEqGZQPA;F0BYB_|Ok9|9&l1Fm9CQC(O;ZcN=czcxjs zVseqoxe3N8*P-eFI7U=nzN(IO->aj@T6h7$gXge?YxC8sSD&Ml**v@bTQ?}A0vy$J zd~W7|w6p4)sjxWl819MQqz3lx<;?+o1g3=&l8pD(cN;)}{3e()dxrf%}VGEuJGqRykeyqV6plo3!#8=PdUbf$8K07_}k%HIZAiGWA6__lk|DYJ*ntynUrLV`FIK3Zjz#GZ> zjhN6Z%r3X`1{ow97Y>_=zhBtD{NRc3^Z-{1s%s%sMJ4z!hP;#{KDgq z8DM~Png7WSfmOtV6or@WY_JU43T8-e`4#3BN~35w&Ud-^*B_4HJ$G=M<`{s|@nL^- z`(LE~;}^7SG%xNBY@(9RQcEJ3NiytA&?~q}V;RWRb|YPeM=K`--3Q##jitpm4!+i4 zf_2B=BPirSAdI-B2qLs3C2>Snn^{(vQWI6>@dy`6w3y zCQ!}T`I!p|2F2b9PzW(LbmRQ0Q#?#t)f`uG{p+q!5J?ULGkQj`(Z)$ zHjx2)trBUnRdj$-5Go>?tnAP{bf3YfG)U>y_;M^~asIRS!A7uMztR@8h^^p{+rqlY zitUiPb70Cg9E6lpiQPMpGpm4;VG#VMeR0q5eoLf=gM?C&ZG&@c!whEr_+^TW4ocD( z!+4RfH->HV1;5@#)A8Y&Lg>y@e88;nQJb*1Ha4~ zR{b&fnYFA-(#N1}Ao3_wEO+RFVy!y-+dPuE5Bst2Rt+ulS19JX0@X*H`yo-F7^L^{ zxw|gd_Ebz=Rj!Uc&P`N28B%+;)oJtC*G`y*}-;QESqnd0am+>Wc>iJDN&gY-2 zW1Ow)p>OedYr(A-Xh$;Kdi6UIE!^)7g1mTBUU~Eem~1S{3Jr@C7{cN5X~_>mMk<&E z;;>*aPpM_wn+sQ>ltg2uO>)>qNEphjp{AD8r4Pf!|H6PqV~^cH4L)2ka*G&;@D3fF zr8DisRn$MO?(aN;7WQymsV1?nG(Pu8LCX324PbvB1|UurPXuqq3cVt!_H7_7zc+2g zhhs^x!v8VMmq;<}vw}qsPtvlXwoDr3%MnbZXTFE%`WA_bp+ikjb+L9@nqrL=L1OmK z!W`tnqbCWMIg69(|6`Qza{3DS?Ew{-stb@qLTjZCsZs}By0~10QYmG{;so8!O9~6g zd%O-y76Qt@O+ntgOL{4F-0l+7#iqKzSvIN?Bph`PEyKQ~CB#D@A*ghPj48=BYp|bs zyZwh;!1@JD8FsavjW~?w6aFAL!3^*JZ-UDui&1_;2{U6#mmh%a`{1@lWX#U5g z{sosI7)gGQ&EpP(m=})LpkJgF1DPC$DD+eXmNSn*bqN?wi~xA??*hDu!U9^b&NY~) z8>Y(?=7+l`ZNRgfKf{bDwel=gC2DfP3{wSi8NAai9FtH$rmtI^;Q?Ccf%HuK&0Bg- zIQLfp@vq9aOz_X;lDGfy(rgOlC#UIvgoAc?xHGrq^{}QxN#mF z0Smu-UT zl}}Ao;AR(V`WKD&{6DkA53#>67uGK6H6>622SJ1x`?2rZfrGY-nQN1OWSEBTU0J+& zmRTUa_H8HM2Zn>_qEj{?y5L2K*DYrIGpzBxjc(*$O!c=vD$vF#qv{e<8L%BV)-{~^ z+kgF+`4Xi-3QI81h;X%bFAxyIIZhXJ2zEPwK}&k}=|2owCKsaX3-1$uNQlnZ=w8GA z_QIO#n$l<)8US%=-C~<@;SCVu;Q)Tpm}#fHWn_xSO0YY$a^TlkDT_>zTITS&nReT9 z_fTxJ@2}hiuL9w63_(M3k(vM`vJVjtKKHh&n=GcIFR#KrHGu^CD8kzgk}h9d?*9<0 zhxUhJBo31=UjT8q%zYaUh?{{AO{(7VP$DcYss4}Y&ru3YUU1R5aM4nNzvH5}5p$l; zUv#LAE-Utt?;!njdL$)yD~KWMmxBLcDss@i+QYRe{Qg0=rDx=;CCU zzK4%vwgN|669h3^s(ze~gO+V4fcOwVJn>sVj3b;_0I|_V_tTH>{17={aHE7o{YYx| zQUGyz{?H=D3y6XML;(Qt5rAm*TR^-|c)I{%j*V^sHi#8yG@yM|9Zw{P2q6kVe6MT% z_rNX!z%I^+UFv=ZyL7C)N9X6UbF#QpltFpE9_Qb1_Cb8iOyy}`+FI}p#1nFG9{ct~ zA|=J^)iQrkx0bl-Q5`P%lx47-Qh3 z-~Nu9j*2HJ&EK>}i;b?~zcGmZp9%|f)3q)A*+^e)$A0L$mWhfa_%6J#+(uUk=UI^3 zn|@7h&yYv2nU~v>p;VlBkp$=}trY#W_dO;5Ofye4Bl{SX@r=Jh@Bu?9AXp@rvGqTK zMO8;gJPXGSv(aV7Ij#l*W}+n`5bh!@T!|1YZEnj&a{3P0VaO2$_8ONd$!q;mEh)an5; zJgs8AWsysbV%qUjdg z05AF>U@^j-d0(I1hVQiiyL=J2g}(z_J&GXky#U;T`&18c3^(Fq@I;R*m7Oo9GCs$w zt+xd)YV-ZlBd#*<3Pd0l{T2|(gSIY!7((?BCmaAd4|0|jbi*!5;13o1)fD~%PgrN500l^fI_!y8#{2fTt;Um({%QMFWn~!)^Itr*# z`$STqc@Bg?+hmNF;Ruz5fXykkJEp1v-e8wFB>WDaG9ZZXdR}SmPqq1oRYZZHQ9w2H zZ=V-h#sY}?GG{*i7l=-(0+k5F{NDj$mpqAj9>m6$%&&N@Pi)ZAn8al=BzPPgHY?_2 z9UPKf&~zNM#xkk`>w5siir)gF97%2g#D>hT^nd5fzXCgKC~0G6H6(NxK;(avr0`!L zs;df|L?C|nEgGOO<(<1&r-Jc3`2Q_hND_t@&T+WATAO=5 za>vuHb|_W3@|R4q{oG7knf=lg^1tnxKLLbW{0I`6gZd^*ajr$@AzaIv<-ZaXG-sgk zYaCxyA#X9&vU&>J)*@zscCJYks8PxUf%AzuVacMm%t1@z*Xt1vQv2C&2yIj-FV!vX z_pOz;=m7w+EiGae)EU$~JyfF-2ml%mvtU2=O%RX{!5fPQMtoRB2Js@MQK%`7(#}Ts z5YY8H!z47D2ZtQst=8zo)QS?BBCM8pRGkFoLkYczwmukSn-w{z7B$G2Rse|2>qdN> z(+AP;daQ4=p>k7Ma~q*!0OE;HNvhb7eUo>~X#m8v@)DU6yq0)ISQ5~6iMOzP8v;>9 zfND`J>QDk9&OGd99kcA9!uhlU>L%Iry2Cgeu4Pw=(Ob-ee3!_>JD9lYR@7Wk8S#ni z==eR#Z#*(`P()Yp9w)oO0z(!<}>w)^A-%EI^>Ht1Jo|$z7)nNS^g{a$RrI?r?n(HOaq$RamXM_SD-r{?|Mrjv^H12z+MsKV!~< zgTe|g5IPd4o6UWJXkuQQCoje*n?XOTSxgN3l#B@Djc)2v0zs?7{v{RJvUberx;P)6 zr$Wf9`*G!&fpd=C%7>0I3<;dNTi)kSvy+}xzfNipTi51 zt|6}`~t^ok6Uzp+nh|Zh*D=|vK zHgsMEce`3rm_}ZZ>N*?@qVYmyOMm6WN>o5Bn#9}XV9r6#oet-P5K>(JD3j*Ue z6+sd!!D^CW<-Krdrv3R1xrG4Kzd?wA4kS@#Va8Ob28y9pN;|UH?G(W6(D$fUcTE;6 z6$ktO*m3_$V- z4kj*9rA(s>kztJ<`_ynMWm3@cS{I@8w(XF6ak?^y+W7yCn(zNl4;T^=ZcM{I@8T0N zx2l2DvImr5u$o8=4?-ikf#PDUeN>j9Dv)@|{=KKGHGcbH1=@_(QT^to%z7xaSXD2$ z2!!P8!BvwDzjMG$QX&&NG;zL8qy!@8B#0R90YnC!V2xQU`=Eea^L?it_asH4*D8rP2GR&TS&|~;LsZnSt z-ppA8ce+)^=ak4TPcL@g)PPL0qYo%mp*(4knKj=A8eA6y8mfdoDjYE|Pg<`e;mX$* zba*}pYiz7n6UC;taMXWf@6u;PwuH0&9s~Prj#;0I5HK25ZbMJ(X z09}fvCN0ujzLd-mOmIJD%`c8%_-Qi6U^l=KN5T0`OCPltzX4XuF04J5f60aXKbGoB zck0R#Bn7FT*Rsi9$xufgU|2A;=|1A6&<^SS34@VLtb!V<1Jm1Jf^s z&ksj6JwbygX4WkMm*H|r9UgAb(V_G~7fK)U8u~|kLh(ug6y!lzIMozHn?faw(&e41 zWY`q8z%w_&0OGu4`6^|yn40~bA+{q*=mBA&4oTmBB_JJe3m2pBqcT9>Pn_rzx6HKf zJarq-SN=Y1?gk}fKToSR;F+=W=awR7TQA9*v5+vH@lWZl6 zNwho2{5gJyd*fk=O#I#wh~dG0W{BY#g30UqzzlN&$9L5*0^z6FBin+KC}-LuPQBiT zo$Du=gOz3;1FJf~=Bxsfn^O4P>#dVbTcPANT2Z6CVPHnynp^e7!GdB7QsOZ z+pi?rfK}2rW*e`=;7^5%o0c(fv61aZRbr9l0cv0g5aMX7x&;$?2-`vkUt9Eh-;MFF?O?juLW32_P-eDs`5aecR{dAh_02=$42QA z;=)QYA-$c*tfZ|J#=-skA*Q_$ypY^>wT6aIJhyuS#U6W1Qm!B;f+OMy&X*BZQnY}S zMvgG4ESYK75T(ZPLdmUB6V&ZW!eh{lkDzZI@5^vY#xcM`>YUn*xg$Qel7$3taQ~yB z7F@i=8)`|+ATPPuZHpVK*5c;gHsv4AYob3zorh559^qaTdadx#aV#3ie8d%^5Ab4Yse`w30~k+<@kU!VQy| zWtY+@n@pFrUTnSg=f#zkl`VO6Z|Tjt4qI)f2{fQJr>kFTeum}p;RovsC~0;Ckn=4S z@IJ+{s--^iX|=C{Z)0@Ui%s{FYczdNg(hF?Y&xg>xv`}Q`&0=qlr5a@Ac+Acf5_lv zN74NftWX40J=@4*dPCUwA2q#dXF{tzI#yH}aSJ-4F_23>U1Zb53vwOOsocp_fy#g% z;pt06mZSi)}X`|J02 zq#GUDZljexg5gi>g$7}zPFl>_8Eoyggb0;rvh-=T%bU%BvW%$ChT#j6i-b0ipj*zU zUG+PuD&Wp?>%x1(q*v8@aN>Z*^ONJ+M}nQ<&5i!AmMlW6D-8hY^oPz91$ueZg1suj zQ}HU0C!sa6PK5W23WQIR4iyMv&WTtMFX(JCa5lLu4x8-#V?RREi+P|i&Q|$jph(mz zp9j_CgRov<5k;|>Xr`9HTuho z*%LH?=Yy7HBFzr^;oDeBY~g?29ml6YogRQ#UBvpZ6ug`Bw8Ohal7z2NiYKn*-RLt| z)BcovIhJ-s)CDZSSEuY6+6hLvKzTL4Fb>w>_e2i3LgmEIF2OcpWIivht@VP@|3YZp zlLPF>)Q9=QE?b6`%hFyLNQw&K2zF*P566)x7e5C_nMt=<)Q>t00Z`%7DItC4XjR^A zx5;;5X?q8jt=Y@e@g{Hsj2pEGfnACGX73ZadV70Ef)tO7GMB-K`;8K=7ivXKp1?eQ zMh|EpOYL!{qUX8}V-3dY%ZkKD6UWotrqZ{&@$jjYrJ5>ZONffCKqeg-rm5rrDKp!j z?29P1dnh$RYiL%y`|~PUw1LYL&A>h2*{R+#shlQhaDZ5hrm+vej8-Nzy|)l{2yKAT zp_aX{Uw5Fc+*P>Hb6fC?BeW!|NwD)}LL+)_<9$!s5>A-Oq1FqhkFv?d#|t0Nh&Vo9qTE{c{DO+b;cm zg07^BbMl#TPc(fZd6vh-F$ zoAzL<_l3ReN_#r|Pz&T0HJmn#1uk#`iIKuLxvS!Jemfeei)JRbJ*VRJpyJ73g4u6z z4zOv`d23p}fm?Lgdiluu<3ICX8$no|;7q-(ZEN)9Nk4T>HetoI~bd!*nZbv2#Tm7VFCWxzyIDH(JZU z)T)+Jt)_SxVlgZ>Ev$Sb6ZTFSMiRdX5lvQULy|AX>pAUn0uBj)*$op5$m1KP(Qt^o z!-w%A&2Wth;^5>BR;T#xiDu<bUV-2$d5cz))or%!-ghmi+1%fM=d1)BO z8I?kU!inN`o(Z5=?qM}vZ{GwO zISlLIcwfRi4F*f6cfm=FkuYgf-F!t!?i)p&B;M0y*t(n;jmX%ABET&kprBuYO?&f# zfmj29inOwIw$e}j7c_c(F0;U(+^|XRg zEOP}B(&|nU!=~n_SP&tGGM26CV0SkL-3h}E?Jt-k8#68@wC7W&e$68rA!mt))qrS8 zw3k`lWOaNi%pkuB>sCaLOUw-K1xnYSnH&iYnS#~TMQBX*cvYl09oq2F>Jv6?pkY-& zr^Y7G$2KuLmY3IK2a6#MY9qq9wQ}~t5VEB0Q%_-xLMx0!?jATJ(s)i%(yc3&IKZqVH_+Ikxni3%7$1l_%5K&ElT5618YjgAkr>4V1OcN}b2g;jpA1LZ)X zMN`&QJ666rzGKwbo-Tm`nW+i}ioIcQw{wjeIE*&0{dCTP$)~7X2Gaag7yJiN}_T&W2b{4CsSvjQ_6s%^%<#q@JvD^L#Ba$ zJK|Xkx1FdX^8we)Oijj63)?gxkUj#O)U4GyYJh-}lhQ+Y2ZP@mr^97tb1FQUT`Sst z2W{Du;qQjMoO>(R;9GhmaZoOkAt6c!;a^JnrhC{#H6Li$%mYr$xs%iuQXh~bhSuaf zI(KYn@6ek)GW-lac%VH&gLB=J#3@lr_p78$ixff-Ji*nlIpuMa+OUFj@KJzOy{15) zKsVl-$v=Y-i7hWyqeEd-owss}q$x?dKzP&-s}v;2Uni7=H!)A0aPY^Lc!W>L>dhlx zG7Mgai8=N|3lgd;3~&x4U#&{qd5z^=oVUq&XY8$lk~CoGb4Ny!tq~y(P(e8Zn+C*;kCe8HrSGP0g1st)u-1v(jxNMMZx;6 zHir@X-S|5LIK15qs2I}P(RMZ%c)Ov?4$sX-YMcOSoQ(d7o@5;C40o_56~S&;Um%{@G@;|$Sg3_;&y@C-e? zGim=K*j#A_krWdtnsLUZaR^t!l0V}wog8a7SL(~k$xk6~=I zsL;v$q4vY3rt@n^|9vwnp#w!H$;$6EMF3_d;_JRcmb3m7hT zV>1Q80wj@*`sQV4)8UYGo_(QOkX%EIKH0$g%>>WmRVD zd3Xn8FkO<_a=btv+-(KQy^HIJ`oemvavyHI=~Vv{kHdIYKeNqGu5vQLom1R2yNNB_ z6wm;oLw=VGEK)y@gF0~3k0DY&ibAE29w7B|Pf;KH z)AK?{6p13~9jhN!z&jbTE-c5%@GyfJ%VlLHXRZV9q<&Lgy~sN!;OK9(FCs;~{!R!5W2J5$bG#d+r=^iG!>atV3pohoH^ zi@@oK;8d6Li0ne|e0r%6=j?`H?r@zoEIpf#&K{t!SnHlBDv&?8ZuJ9Oc&C3{I1A2b zOlCAmPI`yj!vT1wQ1huzue!uooefBdD$#Bc zuc+c2kkVBj(>nxz;7s~uIDGjErQ*eV^iGM=e7(rILW&Ph{lOg(AuAy>pOyGb|8;++ z1qUmRu}Sm;ah!Hf{fyN5uNPyERtqTOurPXQ5aj4m38V?YrbvtGTI`b(ND?6BW=`11 zF@qM0{v%Khe`SUO2b}z*?>hr)F2JVeEq$CO0R3O&h28MRok}ID zw~%;$%V|7~4W$BjmBmTQH95<fWwSc4Un9re4H!!JJ9zbMpbQUR&{R3j)F+VXFwlzT zRC?LS>lVY7v!Z@)U-eBaIDP~OfdC`~SVaI?ne6Vw@9)I;oEZyPg3>g`PxJlk15>gM zdU_t<)$c*=XMVWdf9D#Ryg=tV#@^&tI!H>_Wa;BkbN?K?3!5EjVfs-Lo3B8bAB2O_ zLNss&FU^ycI>_~uKUSuwkRs7r>zaeQa3?pw9j0ub?;bEQS>*KX(h%vDujccMrZme% z{%lOv`ZqYMV+JAh5?K3sqe=sqG!0s0%P=g>n?6RDzSjbLXN7S{c!xhCFiDU#oktjU z{j9een?ndpK!T@N{C7+YvQ}IuYqg9xM|U(^wk%9SVyZA!Em`mRl~rgH!1qu8?GIuI z#M(Q;X|CRt0A8A|et8}5$)#jUphjX(7nG*6AvN;oWFb!e44w;^f6fAooX-)~JF#yW zK}6U9hEwpxXlb$;8p!{6u!da_@Z;6q4$~c9Yi--Mjo-L}1nZhrVHPTjvpGz9<+o~m zxpAMZv4oS=D!kWLtc0T+W;18B>YZL8}yG)7oJuo zqP3fe=RQ7HO)`+qi`WY>!2n_N(`K+-V!}ekIR4@)^{oSAjf%!eJAyXjnYik}j*VG&_i&&@@!RLY zc&+f@>r#X4FelV96HCd_)JqVrEf>%GHEtE|6P%dtl#pPN3wnt&h7WA+B)A$MqL8)* zoU65_>=m{Hf#PsdsPOz`sz+)p87wcl4Pj&vKQ6V(d+f*W?-xabtT*!O{h?T2%Z5jK zUy*)RCi~BzD$xj~Mb%ZOAkLIJncY*{CKt?>(uIbf+ZQ`|^EQBn^6<#B9?7=+lExJ9oDXEBR*T ziUa%EkJhm%^fV6MH}r?@4{{~)a(4!3-I zCoj>oJ{avlMKhtjb8QciPLQ$huAA|#rwcK=7l&E!Z;S>|Jd{dRL9AAJuksJPtA_1k zG;mG<_uV2EjTyx;^dYk2_Q7uo)(c+WPF`6b0y!I7TicYEXU4yNw8~$)A|;$RlxE{~ z0ym8s)v-0(_wUWhGi_l!${2^48zbxiLJEEmU3wA(ir=3eEciazD|bTO3-2w$X4i*L z=efGXx^@J{X|mW5EosQpnC`&bRC+Gs$8SMQpRNxpTevOn^-etVFE(h1lTWCs5W8;cw|l-#*KGF>6s>pQn#4)o<^>oRIEm(K;i9eTguZk zo0cF9lGc%J>#314Yuxza>RPWImscFAXSRbZxaKoyF*)HwYS_#4(C(MJLG>KIa3_yn zn+RZ1CQ_PE6Mj#KE0FJ9*@aY1W`Az&?U#4zy?LK#ZdEfs#7fiSe%mFUY~ka zzb?s;->NcvIhE=BQi;Lc31AGqH+pqv;{hjIkIh2SXCtMvp_lkrA(rn9CYuo9Kg+`) z-DS8&hQ){0uQ9_)-`3vVh*(U=sZ#jz#)heqPxG_d*)Hb4_T|)X%Cf8D@quj^H`eVs z{IcSKr2f|r&mgNqm|2Z66C9!?us#N&CB4aj@~~nJe4)Zbv(9j>OvKK}{PwHVTarG= zQp!Z=_r6d3Jnz9W(;p=kdwP1l&(M_|otv)b@c~LJHVU;5vc+O{G{v9H2Zft#(9*qz z%8l475D+ObrIRVGlBux|kbM^D8>4JE0>*P+k{}ujBKQXr1xszL=9Vq{#Pk6(YC4ce zQESjWsgtzh4W_o!L7H?Kxvirk2<#Gd^*ui_aupUtDJq6Sa28GrdxYB8v-g~hGDjnemo>W=_w1sM_Ttf=hwcHCcS;d5lWqrvuTMzTLk0X7dp^>gpX ze4rxK?k|V#3F1}o?1gaxPJ+;_n>C_5h@%|@=^}+aCDEL3~gcaixk+^Y8Nn;WKA96yknNNxJJmQH56D45IStE7_@eybq` z4wpcO>Rqwwl!!Y)!O=fBR`{MC6mD8V&yU0kft|dv%-iHz@y>1N>U#yvPv5<27W>nI z(9oZR_PIM$vS}B(yHQv<6S5U=q&BU_nqf$M0-rj)^WW}TS3F_eG9Ofp*8T+YhcRU24dg4;PLlrMbyuuhWP*DNqT2*Jod)>zW?lN9-j zJrz)4tETMnXc#7GKo?_C_5=HycUAP~w@00Ls0WfZF)n$JGMD!Dp4#}9&o6r+aI^F0 zz>NYw@!EDLHY%A2Nmc82tyHqgy%Njc!N>Ep;p5zx1*kWn)Kl#W$0mJsz(vFJIK?0I z_lV{_)I7z5d!aQHRQs}2q=^<*o_E@GIOh{r6rwHl|D>BInxMBk@!1n^E`*I)-G6R9PkqlD!-b7uv+b;PV~X=j#|B`z%JAOW zB6?oWB1X6U%c(chTDq2~>kW6kwd!P?rSaN7cy#r)eS${)sVcny=s*jsQ->ur-PJNW z0{$|^q#rQR7(pVqGQyaTQyCEA7Hhb9+iT25bcyFNS=ukBMz&>5zk!}cJb3d&4F)V;sxeCAzWV!GG5z1(j zNZdrB2=co;q54jAjYRA9j87fGZEM}eCHD!vcNs8+cguI_U+sES(q*$Hu&|8p9qvz;lty|`>zjc zP6df)M2vRU+mbW)@Ww*Fq;eU2kq`(RS8__u1|vS8pao)ju%_nCa@f}{`YpLmP$V}E za|qikZ}~ZTTX0@x414I=c{%=>-T@XGwG}^-Nq3qZx<8iV(DdM%k=UUK3GJz-FNLtP zM+#0V0ik~hEBJ#buu3+7ZwFLOi-{c@O^kw;0`jv%-DrOts+qjHdeeHb zz6^cYp#7PpyDFi8KniJ6(@!24K}13-pdm)dGP&d?Z(?6B8Gr5tmZw&OT&%0~t7VlEp za((E)pZ3dH@|?no^(9@pPmY(Px7u}5@X-($C`;MCqE)|()CVJPUVo(Zp*Hd<(?CG2c}KyKgPljR&d zcdq5Pt2a;99G&ZsD*~UZ?d=i9Qt?x4?vBTupw>9*p{MCFU-7w#@}gIFceS~Ean^3? z8|w_p+VbVo%aoXQ=a!-SNGEI^yFd2QL(~2Stj&8lGt^PwtD>^BYYqi>86o-(>)`dpCWML_0(n`d=QQrJ%C`!)VyAQec#Ov?(v#C)@BSCNh ziD42G8I;cUCwAVqdarw};C${(pTqP(QP`drz`!fE+bYP0@a@PQd-~--Oh|*E2cJT3zm|B)uz8qO|ynIN%`&W44Ns$Yi`{5ge2LXvc0?dv&Wh<+P!6V&ID&i z7uCW_=(vp5n`YOF{rmIgSXM(_yz}%slSsn{m1{$sOh@++i=*RchgiNBYhiH165=SB zPiaM(@f2v!4&m-<s0h$+5^V{hBwYPIB$G(4=3Hzs^ z=sT&2!+9UX#1aMno*1KE_v);UfLy=V`6jx^5bI;%Yw7nvU1(NE_JxVTjA3t?*8c1- zp1?bW5U66X6r1bp6_V2#GDXw70T`oI6zOs6AWhuLowyK=W9x zNOs)Ahr4pEMyjn|P>Z}wGAz-nFB2;|t36e}xApq2too+upyA6CL!CthP<=nL$KmS- zhi6n;G+)GkDL~d|#Z3)IN^Db%JboMPg5EOqbgX#`NF5KfRoTiRebkxbbKTrz`~a97 zJ9)CF2j82gHwlX}SAU6tx_8C%jr^XlaBsYoA#WqHKJ-u&+uJ{9x7NgK75h}TqHX8r zZI`^cnJ@Y%{QJdqssI|+Xr|!IEaqj|bFzzxqXQ4Bn1$mN^u|1u{Y+;H<#N!$DL zPh-mMj9(q9hS6r!5Uw@b`*`_J2IXJmX^c$L4GKbPXmGxD)mttgL51DK;j2E8_nkPl zBqbQ!A{+XPdTx1VQ`R{YTqEwj5iN%7~L>TQ(#cJn?&ki}altc_e48Pzp z<2V7VP!_F`Xq5tp9q5&Xh@x!5`0yF=cO%d2y3eODip~rN@LB0?b;w^j@M@RWOSic( zw<1_p+1e_@Gat#AbL^aV@dtc|%FF9#({0LbY_ZJYU*lLEqgVOzhSgB1NKx3_bm!iW zFE_Mp`{HoKzO17*Tv&eY>otAYeOLbc#@U*<+rbuD?8;9x0#ma)wa*vI);@A;h;*BZ zY!Z04xAM!@$_wHUOdI&Dl9yHM?b5cT<@zn296qh#KN$)n+`1(1ipxGu-{mrX^0S2d zUf5_nCp_EniMRYv;Ny6(A71d=_rCA_(j#Ja9n`Z(qHVGFc%^^d)~ViP`I`2=^d@@L zkU$@W;>)|-6~91VM1Y{lNu!ZeD&AhjZJ#x-L3J=`1SHB6ky^}boC{ogZ+0Lj2h7}3 zyL%`Y$p!133Jq%3kXC{XGcI<>Gl53J&D#QGEoFQAjsnKM#%LQ#9RK+0@>cc$5jHd3$$w$|>)xR@#_~%Z zDsF9CG{yEtRD4`j#K;H{`STY(=L{ujvU)j>Whc9dX-|&CpP%s@b)K6D8-P{R;$`BU zA$wsbnD8ozIL&O~HLz3NOr*eVw$rVj<3*A9K~~mgk~z>e9Vts9V_VNxMdF z$6MIgNa{Ji++^$(LvEK;-I}|>b8#PAL1e_lXK}bX%#3L2AIm<~4B_^HrnB+4A4py^ z>I>K0^=_{h&{i9)ye)5Ro{2kO5Umu`+T*WDkG3(|H`~=}1@~!W)@nHyfYiO`5`TYR ziW7H_7kC1wC9<@n?q>{s=fjjEpb-xAJ8@qGc3gVX;5t0Sc7wpp6&SJSYz-G|Hm|CN z%C)F8f;O4YZNFpL`r#t15i0c)x)Vu;b;0!M_A6yA}`Ns0(4<5hw#MhF`zPo`Ta^JuoyhRLwar_mdw= zbLfqHuC9B`{zs6#_jLZ_$U@N3$zMij17vkes=jP@?tNP=MQOi%CM~@HHpFjd+~1cH zRoXej8n)GP=4{lS(2z^_*xv_=SFu9~izjfTO7~3w|E%OL0#gz2iYSlggP)A?zf8jl z7#C&2PXn_BbSf*+r4W@@hKt;ohQ^5UtYcy__HJ#`oRhWl^$dbXNTI~y*)j;l(IJ$K|u#)lZ~+wofG4(5EI;C*$;kDU-O+dOmhSsATsPU~yV9<2-P`Qwoj zLv1Q~lS<*8B$LS3Do;NvS#_wLF*F|r%(iGJ>Pby^9g(=XqNB9L{+XI&B?T5U=Skyt$cYH1nD3l*XKv6~iDC<+XYdg9^6J0OeQZC5^aSnh>1!gn z{75er=3SU>vw9~dQcyJaNgHL0_zhp*+rCZyLd#TZji^oQ^ia81x!Xr7q)Ee7zLYNW z>3-=r*1{+;IpC$=Z|SzhOJdf+zE9U}?EJvTwQhUCSq9t42Q}KYO~+qg&b9yOJ^Gztkj!wJ zwqVcw0ySXVOH6djqeR_-iQ`IQv2S%A81Dl=>Ec*5G2+d(n?3H;p{qwsjXo&k)u*B!hPL2;db`}&z zhOD=Agjhmzj-%D{fuf=lN4C*1?j5O;>j<;gY=lNd`i-#^lVDAa6}+`{bFOt{zYtI# zGLh41=f1J%_7(g61GyQl1xnUB?28+E*!i@l3= zRQeifH4?=ANsD#4QKNN{Oc4>UK}4vM_Ch8XzBIo4#i?!v4h$@;cBP{K6 zw)G|hUtg>}^WYh?jNi+*md@&<+4b_F=e24bB_`i`wdTmXaLkVMCMRohW?y5p%>3jx z{{D!>=CG;8&elg$Us~+sD0fB>S|cT9x*h6z>w-0gkV)0xCB9EXPqA#W<%Y^=c6Hcp)ZmJHt% zwdr^X(a6?I@h;qGn|B<$8N5Oxpb!L%FeD&BR%>dU?@QGbI}za{F%?+; z5?N~w<<89;koVOHUAtD*zAA+Yx-X#9k=G0A#4OgkYJdRE>3d?i;F5v$mk7;jMUrd9 zH-=5TInz2&#OP%?Q{-mw@kRfRlB#l6iHYLzVz(KUt!~d(4FuKZuqelCZBx+%Bo8v= zT~CG%&Ash+B$E=??&fm@hzca`JDJjNmK&-YaxA}vQgyq$_OEZ5tV!2vo*64z#d?3^ z7l$ITq}*Ka6^c5=r|QgPAJ6gY7rsP-D6PeHYW&rvGX^`VT1rE=AZAGZ+SUSgfYoGo zg62WQ1M~HB*cz^6HPm4)?%26@de+=R$93XRC zDQnMorr!4}SS7B#d2_Q?Uw2%4X#okcVnK+hZS>c6b)_DgQR--pn%>+IKPDfOx{Lsi}^SMd}v0qGb?VIr_1<{;unn zsgLjEz49i4^STFuz{NNC_%dv!_l#z3xI)JYc`@$U*)MasJ}zt`{#wY zOJ_6su*iENwL9RKp7W@uL4NF?7>c`rT$hU zi8Z?NFJqDpSR_^3f=fF?j|_6eUzt0Yb^H7fyw2G zO1+?N=iW@SNMA=rs(!aO^8g4O_Oxvh;`U8;wOktSyLR;rLO^a#l%7W;z?~2&8|Z!8 z^3|Ok2kcX!yZ$}c)Y*mJahae6lh)2PfXAK{C%xl!yT5%!?6&U4Gxr@MN=8D9w)*t_ z;Rpdj%Sx4}cE&00qd-I%FeMtgU;m~0kSj9;!QWuZ*lU*{=1#v*fK9x#63PJI@%SVg zmA-B^Zk@O7tSM=A{fq08&lHsymGhig`sOBJ?}u3)v{Ruf-$0R%quH49XzpCNPwSl6 zhl_h>$J??6w>x|w?)^C4*5+ zobq6vFE?>qEmyBrne{h|k2s6+9V&4lwNJo>ivuenVvi`V(sle@Z|;& zn7>V>kre4q&;xYbIVKp{CARN5($WnX5b{7HF4TK<+F#v8z3xJmG^bJZ6tR*rqx@c4 z3JZuPVipBGx5h>rx3TP_+6|83Bm<{5y?V{ce-y_|?t(lRqfjllC-Xc@|Xh&Lw3VyqmC_KPnX* zHTNY8M)ly&`t*Y+9EzUeU+)DXmqM|*L%tq~hGb9sW)065`}q=%AR0@(I3@eIgy}I3?;J?Da59wQrhm%hdOV1;8$V}Lw+pb&$9m9ZvN4$xvz`Q_%qNJ&? znkIiFm#x7@cB|7&`ZSGFDuiwXGj^A_f+@g!(!aJHkWdi=0{BW%NumJ$hfMfedGXuiCIfp< zKG{`!EUPy4ky|J-stB2Ih}W9h$ykUtfpfR93W~FQDGn{CdJFGaQZ<)z;v&{d^PLoFYR|b+WrbGb!*$ zy`goX$EMQWLk;Lg?kED~htL-$U{Ss?*e?bzq=i6)6Az)%mOo{&hFOsY;ZA+E$*Pw? zut2gA>?Oo`5yu^%03Z=k8%1|^NCwq=6(YWY5{~{o6Vcb+{!4NL02Qcox?|E5byhf{ z;x4h;C%3HH3Jbd4KGc7C{r}ke?s%-*_wQ0Fv_qvbDr7}wnOE9eMrO9`5M`IuRcRq^ zds7+N85bcVg>2bmR7Tk)TX>H1Qup`1^YJ{-?|J>6|9*emua`R?pU*jt^Ei+3KHkTU zHpjyd0P)M;k0GI8_GjZx0h>4>=ngJ|JOXGoX5KI?*7-1vLV^f|T>>Uzc9E^yaisnY z`*bitshya-{aWM|pfz~JA|E}Ee{b%&f)N^EbE72a-=!Q=Wm=!TkY~%gAM1(^u*p*# zZIEW3V6#0Hek+4G5PCf94?*Jp=S>FjBI_;umMBum#x;wwn^G!+?ez4Z}4a5NtZ z#TZb6V3;S^i;S+MnY{i^`#A<@n;}-gZ-93;;(s9^v%@5%=-cHtxpsjaMxj>^<^uwt zo+iS4O4fIjuR1xkIh6aOc!QI^7_~-J=X9{%&`MGP#zHb;_gLJQGNKlXqBqOJ2{8?X z;&j<)X@JgD9V@|~L)A#+LW*YE!LwfU;rW1999Wthn6=`N@W_^1Xa7$$%ipKapSo2~ zH{J08v)EU408B^g+e=z`BG| zW&RL_voy^{PVzcHG%mRysNK%z9z2HK=BG=tlLvhXE9u z@r=oRXWVJGB>g3>Eq1j%Q(XI#4cW-9^R?~>C{0QR`r%KOPe|4JHNdRiID{@Ry&4J4 zk65wU@aZE@i&WP65;tmA25@_w+;PlkxbrC-#;YpIA1s> z_vGC~g7bMj$n`90JJQ#My#MM3^+Kbse$+TXbY|ZEIzwtZgg^A4u5zSDS(deqp3rXn z`8DjA;0N=DNvX9J6ZsRSr5nexjI(Z{Ywn*10^LDToMalC@v-;S2NbCRFIH0Fk7}{f zt3HU5e!Gz*ppkQ7cES7kjPM?Njvbtjt}_z-nvhQ@b}m&w2C?mW^&64#j}wAdtWP_) zJk^ixgpKor z{N)y`i@$C&feRv%tS+&CgT|}(KvEE0b*yA;@9N*b-?2}~{M}-t&IdzYXGs%by4fO* z{A0z=EUa!q2(p%W9u_>9R_21x-%I`X53XNaNlIr%d5WckNvszNEl*vgDT+_ zqlU}Bfm@WEMY@n4@4W_qzy>D+1k9dVcjlhoW`53#{s34?we;=H;sTjFP7{mZ{yxM{ z1iygrc@qp(asQ4(D}+nw9L^zKn0Ry$&v2vnFLVnl-j{&eH|UuDS;hIfG zvfZS~Ire~c11r`{OK8tCumD!mz6_Z8LV5rCWdiy-Uy8?a|46Sei2#G_hdB{yZwbW| zne6ZCo$p^DloxaDS_kF^aHgaHkjTVN_eG3;u4n<}@P|tgFa`2w82N>?4+50y-c zPGP~0>Jm8lzHZEMGNH}hQ~X$UBBXbi1FL8~B{G@`M+qwAY5=80wI51~QOeW7rh_3E zegfdtc7l6_0M$hzGO^*z##KQ~oNdpGP5uqC`j6N)GJ(^v(MJ*fMV@B)D~ah(t5A3; zloABz4R%rQI-1`uRvP5yT?7QK)JF%2JKw}di00_DeOK7$OxzukyHG%>q?AJja zwTeD{1$ekM0hc(+r*Yr`b{#e#FM+C2bgEVV``cY|2<C8jta!oKLnwQ9gW5#d`;0EHSCbIx1IMp} zzT97X8W9i7xDIzxWHuS*ODt|<+<1D!-t{Mso_%z@vE*TuLZ#GIo3FyR;-~w~;|r7a zk4K)W(XTo2q|NpSk@E|0br|2UoYG!ig)4@-cZWeSpAOCvdMePYk*XfD56yoj| zwbS#PQ){gqn)QB&Z~Jq1qTZ9c06C`NdX%+$rWhpg=L5g4rRVH0lZ0hn#i(?$8%QWQ zG>r3+QKLY1V}#E?B+>=TdN4tRu%+?Dl{XMc6meI;?cjk@F<^P62TPn92P2;EWK z{-08!f142p05Clq6dH%lc;ND;4Oz_wQN#ME9D&8nC?>qbZh;XF;~hR6Rfe^tNCT3f z#Oo8)U|5Y$mseL^^FS%m#x+#E#9AAdXmyO$gEd2a9!QZ0tksndht+LT+x-lk)icYh zs}lVRAufSTZM@x>UHl?e!9Ol)6ka=o9b-izEPzU$pII($V*iZ=aN{$F!TX(JOl5R0 zGB}YCCjk|H!;ifg+n=k#Cf-a=x&cU)sCCQBEh4|)3nm)1 zbv+Dz@KyyimQX#nfrwK`wA4IClfgGUR0 zj=$_5Ozdg?U{NXQGk{>6dO&3Rc-=P97y9WDXs5PN_R<(!$t;R?j@?kWcXRL>Li#2U z0zboVr1;H>wZu_DXtxqu@?aAXHOxLj`5_TG8(A5;j0zhwQl29kE>a2EOt;vFkFDR zP8TQM9fI7ts5^+Q-SnhZm*yRixiR3AP zD^73<1Ciu9#|I;v!wMm50#v`6r}DAYI*@L^XuC{}yzQ|tJJkV;oD$ma6&$H=d%Ps* z5oLKLEB--*n4^)a_#nXHq105Z==vxCOTf1&0lw=pfXq=pJL_3tn%5HHXmq&(AXKc) z^aAW=J+)rqbPy4B*Y^@RN`h|JrsT3a3X<~_B5Gk^-VvoziZz~}8VMz;nrjRcblPKw9SBbmbs{P#`)zOlb1d>;Z%kZ`wkr?#C5JgW7%Dx>BR zu|@mC9CCX`k;Jg?4a%%-HMUwRt%uWGjm`l!5yAiY97H8RG|jIhALwr1$!Y_2?;ajq zoM2-2&$*WCH7CBjeaIS4tzn*aW;kQI>-!?WUV%l2voR=z8Yil|w4m?#=}iv+6l=Pq zpOm2hcy{5!NULpjXZkdX7v~MXvUd6|t@8+=0lbc5(CNa<4A7Dm;4<`2sZ-%;8&uK= z$l-RgP`MJkb*pRPf*$Zodo|P^f2L0}iIlo9leemOi~`}pyoYn_u5NmI zW?a;IG;!uV2`npw0*T2Bh%;WGTICLflZaC$XIYxcE-cC3Dtx5Wi-7@QDKc7L-T3ht zk|KIg82moZehi^M^~%ES9syOe`Q9dk=NyGxcK=6xN--d=_7v(03g=gQIn|->^|doj z&iX}qYmvdRt2DcU@T}USnLUrwX8S|SuEa$aRPC1)>+_pg7;|OF?zm|ts0tw^xIE!T zREP)l!cr{m`^Da`08FMRbS>V%kagtA{hzMI=Lto? z518P?q>b8}bQXJ~P@b)FHFs!vqbxyZy!`sq{d1UgttTw{OXW1+HfK7T`>pt8Z@siW zfFU&cBcLio@Mzvd{c!KQ$t7-{6W2Z#CFKXGo@VoZy##gjxfL)b z2r>?_YxVFiYd6yG0hN$iqpYt4Y9|>k{{Sg+mJvSbz!c|Li$YHs51cYG0h9!8zs9=I zYiMOB0>SLtAII7>)9&u zHcospo|9)50EcCZP<()@cJ^C+eNtHka9!p!sOtaPmG5}qsF318TvR(bT&POyJXazg zzNl52w}0||$8$?$=*_9{W3qxLpiU}u3A&qCDq+&Ue0)QuOcUe;IClM?FRvpo`SAr0 zzL0Z{D9*e$E|Q)#%t0?HqeeJw9#RJASg^%Kv^&XB?j244QIj^9kXY(3v2bO|g_+Fv zKE2g>e5fFo1ptFX%j~{{+m~K}hxZ4Cfk!_K#|pvkU(SV?1;kg_Zxi9vcA4#)X_65- z1103i$aL#v|A!p1v{+d0V&FSe z=ZeiG=bC!#Kfx>Fmd@8QG0^Y~(wN~Ete%%)kB%AFgaOabTdVsMP$5&=Tke}N>j^;_ z6*WWu8vJYIvwijZ$8cqxeI0^eqbQK0Vd_o4A|HfY3)~J+GiMlc+>qIap;DD_QKsvB zX~4NU4I8_ z6{3vD+l3A52YduH6xLyT_i#@F66wv;kex6uVWh~<=%zoT8AmvLQw_#c=h!TNj|dFm zCz#TjjQCxMlUA`V@%R_N!+&N;hd>yq?V$Y1ifw0LADR-CEl>EK5QJ zU@3H*2yE#GLLXulZOkLBO!-Zn3;m!o3C+keox#eD;G#On07*KQeiV`dc~h9H-81A#yHARwLx7jvbr%-xSRYW z8OfQup>Z2x)}syJ?3a2{j*vzGxL(idzSeq0?D3aUI+6yTdw5a+t)M#XvR0`~eA@~V zQg>}t>MT6=%p`zCQfdR2e#r@Np`(+VDZ+$MkeB^C&obU)v%7GNL+9zBG*5u(1yXt?^+gkGrbdg4#WORk<{}z!3>Kzn{aQ(`OD>iT`IdxP9??r z1uUmM0;Ya-1{X+hpWov9uLG_EojY>$4%s6)y1cA61*?2`QJ;3sLvV2KV8`?i>_CYh zQ7B;y7grm<;~eM9(gF*M;MwQy^`YDtma_eS71cUz!VM_OMxhfxXIYLtJJVU%Zkkv! zHQ4(Ys)v+TCxA0g2!KNlbXIODYN zDXZ5T$$TMr##Kq-I~A<1!Bi>@)2Ja?YZiVHE3LJ!&vBL40QGy0Mog80@Fmh!JQjfG z(k&#r7VN-4#PR1x#`VVcwqJ~2)4!m(zlRw^Yr@A9EUf;@;W}+dFtGGhK`j_6*@_v} zaYOI3Sq*T>fgm8Eznr(>hq%3PfAGy?cx^FF4pl#{ke+} zT%=y?lvrpVSC-)8_r1A0==gO#=pn`zcx7s=TLN{XlhzStl9wV-` z+dzqb1@t@UZ!t<%e1O&4sbGcWHUdrD-qYfW3kO$rCVRe(5U{p<;?B+nvN=j`Dk;$iwwiSg;pl00kUr?jbvS@QQDuYaHX>4gz%o4YsxP+{PjgT7)m4rjf z1>bO*see(L{r*f0HJXO4(u^+00)GiOV`ptf=%k_g$PMbEd|Vee4xCY|_-^73_|bYw zXXn92pX|I>8}4soh%j>%K2*1tF!4#b1)`7()7`bQ%g~y&6~!C1`etr%IM0|z4&eJl zHMq#8f=%P^URO%Q#lTOKJV#dum>5O0>kx2DlPHcLt_t<^dbp*-x<8si1i9Z-N;C1vNre3Mri!TIMgl2T^IzYYp7N#jUU3sN$wNHxS9T z9}09$XFsXjEW9QcCv4Vpc^-d4i5Q%H%bCUU`a;tqoWL+2QEz4LjG#_^Dsm#{+bj;G()=hVUoUmKk+$>hpVx2$^lz^oKit1-LQ+6C1_9C4VhX;5GDU!Orfr#kKVrL0Jo zqERp;fEYq?di0oX(Jl1|pEPvk6j82+@K|`zLYL$BRA%X?a*^U~Y`$PK{^i1GnL9q` zr1k`J0xv`fPsx1a36hNI+fA>hN4qIYlUe3Zs)$1Sx}427P|^ahPG1mK611IRRLnOf zl`aOOHe)GenGq$)B5_3uTjypUlEh$PB~5pm%--2f6(>DqV!AUZX{vZHf=CLp0re@{ z;X;#7#a};UTiR6^c+rc6$OTo+^YzQhmSK|WHpb)L12W{NM#SL(rE*~{8r$Q^=z#5# z6Wsw+5)zfddCIC<0)p)(&rsw~ZT|gnf&x|M&yNZ940OZ}kswxq0py!%a`L&`dc{r{Sz9tKl6Z*H+MljuJvX>MZd^No|4{25|Ao2>HM@gwkCvYWcORt1;TV;GRJ?Q_!@pIuuMB#BeeJjeGtaD}3G*k*o<08u&5q z{B510IMGhx%$O0tc4)wO(MHYeqDM?gjhIZOL8LS$dDZ_^s>nhXMlF|*3CW>!Vl!ll z&9GZ?L>&X?Zr`&Sqc%z1!Nzz}>pvNM9WdEeM6KOcBY2W zhTAWJVe<+Sp~nD%8YEz*a#3tzsD=C9)&q2i?+nb|-IE@nNJ^uQkq`5Es@Z3(v<(^M z5edPh_T^t5FqBMSwgn<0T0tsh-qLicXj~=u!QpN!-9TP4?B6A=N_l2#v{S?}1{!b@ z){!$;YVSC(z0aLY_BR#)Mo<9Ce^Oa410#xC_Z3FqSwL152@(tCU*?S!p+YMU2%#O- zbSB^2d-d_Muiu4y{r!$jH0W9WN4EgY&VDrlW61{PV96FuP0zybj-Y7X9_DEbp@Mi6 zB}6@zOyAry7+ql|-YJf}fADU^;B_%k?z4=_WMVeBv=)G}=4xV)_J=tr#z+ zL)3qhx!lml6lE%cMC>gPsC8~~NVSCu%1@cU_lH`RB99-X+yO<8@)$!mYx=@8$2CFJ zfHm=1SZAZb2UPzEojwh@RSn^+a}1?|$o`=WVM`t%Ho=;5tu03w-__qbBV-5<^&SB| zze7V6Zw~uIJ7Lq*IUI-M$;1k2wF4+q{`x^ks%j z^0!%~?gMtMOkF4{!gE>D{N<;63^$EF1Ch}nFr*}=7PS8)@@D~(f(O-l_fMk?E8q|x zqe>5mnlEf4{(uh4Zy_okk-vo4sG7AMM`#|WCht@5HUr4kLS3Naa!3b~XXNHkwn8G@2feiR3S{E+rVty=IjGPEJGe6ae2R^(h`TzZI~V;3|a zR_#G-kGwsAv^MTvOty69fNFL*YJvMUiW)yqRr|qY*8k=OjZz?#1K5)&>?I@E79IV= zOiq7*A2n8C6;T_%wQlPJY9D;udQx-QA)O`Ro71BQfS~89^{r&FtJ$yY;R<*R)Pa1c zI`y&O#R+RU@mT}Jli7B~1r^Kp09S@)f1AzIUg(RvlVRcOxr|gxP)KT*j=FI$0PE** z2nX~uL@wG);hA`Xi~SIP8toeM8(I*3zYe)uV@rQ%OI$7Z!QkZU;z@w-mPIa3#5q9w z#|)g_P34}+*G0XxE>js*iLEd6nVfEx(5SwJ%PO6X-X7A((BhdXtHY`?UG@Yy%f`)n zyp!E+VhRr_d=zw(XlQ?l*wZEzs+!tG6~xF{+~0F7iIMsC2{mIz-@_3p)T<}7gGxB> z7+ESab&$~KJK+ZMr!L0itc4OF$Phy9IN8HwEjAm~_&NhhqSm$7aG0TNDH%f6ZoyS5u#d2u`RC>(Sv+84FG zn^UmvwDnS87|dE$^m@yVX~3C4J+SA!E$41hDr^Oul>!fs78}m4SonjX4ps zYh43HNPKrd3-Hhdxa|bh^JN$jusV(qGmcq6)U)z#fBj5D>sH~fQ7>mcyGz>@8<;^N z7RYRc*-_aN$hq7P??B@q3n|<4`c5Onmh{}{U8fMw3vi`f2?MqDmuwGy1K|I!{ruv( zX#9R8cHbC+o51ybD7-b;)W_5jnvxqYfXQ_v(N*|z`n7}okjCo?Ec|IG`t#eHzhtZN zwb662U+U+M141lacMw&o-9KRWu36G_Od2o+PNUY59Ht8~wMR+C_|OkM!&g$V6FNpm zG?{=LnEx2_&LZX(zLGr7o)v|CQol%R@HOnrh2-%Vub)5+90`Miv5KC!R*;qw(s9Sx< zITKLoU+jM%KfoURmi8D%6UyC-Gi4GrxkpNQ$R{^|$|6_IhC0)ifNDdx!#N{g(@gk( z!?A@QkxNzP4Hv>nG93W~2JCDTPL!LGb*Z*R@i}oju=v*kLDlOPn-OqbzE6FyEQ3O~ zJ&DO#>dj-&!6V%5Xv4GtrDCkDUvUZ>V{m^+X=Jh2z}+&vW*y;UlR!&x#ct3z!BL$x zzSAI7yyg7XWUZ^viFbxK`3+PG2<)b zRUW1~^>L_u6G$FW2vG4 zLrCjtNxy-1Sf-33O{SpW0#ssiM)-Z&wPJ0E7-ZDe%%Kd8oz-PiV-&QA5c_y*9m%>N zv%RV{FvOM_Q0zW1hj0U^@R-)l+|<<6g>%w(PMUR7>~<|-tz&LKNTx&sZ$mX3&nyaw z0TJIKE8@g5AQV8GYgRK>w;6@jan$zu0(hhRRRM8KvH&ANg+H814)4$GHte~edhFg6 zS+iNqOUBuj0Kwk&>FeexQ)cFF-n+)giFtDs-y2D|0+L5 zPQ`HZ>ysoGw(V`a=u%}f2yK=hmr|v)h>g+{&OxM_dOunbZ|NQ=Te6d@1Sr@LG=^^o zdMvRxlQd$p0M}2AW#Z;#UJw%~zabXQPY8WQ02Xs)fj{JnVtlEh4H4 z41B{4%}yhfo6;LCMm!MuoXDsf84peqCP!m3B#;(0`htxk$|YS9j>V3y`%#L`)2;_Q z4k0Epo&IKOJL%V1Q2m~Df+v{FXrQaOiI)fUj~ia3&Xs0*S3C*EtkK$X>hm7}*_4sp z@bEF4d<)9Z!9}U*^u0t4mrCRacLD-*)c zMs+xrQCT?nTce_!XL43MdmcJ^VDGA}AWlXm6a?-goyNuG!R^=P6unFpfd3@y6>m|BClt68)`<|kUQfG+F?Cz8-j6XG3Yg zboj$~n^G#j7xisCp#vf-!tc|QZ$wWnE&-6p%;F%q{}M3t@JGt$JROtJ;r4_q;+6eG zjPU0z9H|S)P~s#V?RJCsPoMV+gAy>sfvdaj3@?es<&u!`Y=nD&1u0`*!TYG&j_EezNJ9&mv6!gKlnF74`(XMV!%AfVs+C2(KyZ*zq@|(y zDYIf?QYn!-RyuBn_KiOOwhP{Hh#L!`ocM$YG4)!A0VQp0!xlwGe)3Zva_gPhiUK9g z<7?rpiBK73LBtmK30wnj@(zXbqX~&A6~zRgBK&5x&X?^{Pz0OiRdOXN;MlXkpKK0j zNp+b_24wNBHmaJ4Br_zT!s*f(X;!1cE~Dmy}pAE1=S zesGq~kh4&|E<*Q;9gtscoBR+b7kNHzK8C|>?D2{IpyA#^MEZ8(OISm{pRY0HIaK6X z+3}-HV(}PNe@p|5VjiMNZB`Lx8^5C}{QVoczDULY0A}Of6$FX0CAy^_5=*{r48CRO zfDmqYq5_#(IS?^S(5DQiO+f)jsvwtd>e?jimYVl{4hb^danArEqi_ z1>SDTGWD?-_wV@GiWq`-DxAE6uA7NWaDCFT2RwmV)2Iy)&=I)Ae+na@gJazFTuC>* z$Q8P0ou<4%3&uRBG-WsPxzrw5_jn3v8yy)qoNq&?Cv3|dUKc1UhTx1H*WPTYp3Vnz zG;Lw(LmAK(=5zX~R#Es4e4-Yd2cv}^xwqCD1JQ4&A0Ylu29!OdrR;#-WS`MhN865P zDhxPT7;q;X@CkyCsSV6-JkrT!4c{Lu`yPKX8&&oP&qH*EZPPyy{yx_p;YW^%5@Y|Bd#vu&uX(M@=@~$={meqVq_GCe7VpQj1 z-opHJt?V#m(Ya)d{%YL3HR zcO3dcRNanntFsPqqBMymUaREFev5DvEbdz0XmaIr(K3iEI zqS%zquRyFu#h0^?A{bwVY&ZspfiwqSLSmYeI_S0+iJ1;aI;#t2U7L|1;^C2L5SopHzo#` znNP?eK^#!%;y*~m8|%mbcE)+u-Lb~?54~$8mYir+_Vef#@wzjGQwB%K_3ROK_{OUv zZH)^1QSC!jzt5Z$D;ZLh4g%rS!IDaBhl2r+pIK!yr<3bbeNKG*uYQS0ux!+HGa)b5 z_Rt@)mX**BLKKB#%pVW1m%cbeDA#M3u_ZZeP29=B4|lN|4IK=RZEL6SEuYHkUa&Y^ z$d%o}3wX*x!?n$z$(R$ZDN6x)x%5sp1W&vW2dsi;8)g*GAA`WGnrq)y(9V|Qa%Zo| z#E$u9su{0S>6wPAw+lPgN*>&qfjQS5La2e@?89*Z`AGVTHxG3PtGvHWSl?7w7H0bMVa zej*7nt8Me;BR;^WO)ZN*`I_27^D43FGw@A#plX)9xa3_dsQ|%40Vxz;qdFbCU7s>C z##_zQ44BN-z8wu$2pY`+<}Spz|LDy&2~n_6vXe$2^ujgoOvxV`rCkYy8TOu_v}}WY zm(*Rv$i*54?hQ0$TXqlg7f~I3$taSRc1-|kYjzjTlpF`nQWOhl`@panFAhbVX%Oo& zWIY(`yQ9Is1x|2uEj6u-zo z26P^6Y)=Q2N+%`_Ah>(^9rCnCfkKqi;l@;(ahZz7RsZnyA!Nz%5%E)8fND=FwA#o5 z{FouhUep~jLw4X1wS_gP%bYBq5c9kJCb{~QZu%S7GyW4N3FSUk%h`l~ohk_8^TOQ~ zK%tUBwE*XZ(gB&P&qHf^b(?ZV`?8c z$X`>QEZ_F{Q0FvMgc!w%#$MB>tfH~5hQ=OLH8Iz;K1qFwX*5RA5Ws%2#|Ha!X6U}Y zjj$^S=}n~(dm@feCt0hHmov7rH&B-D0GNx>-Xo7vApd9(C(klO9fnt>WJ*D`Oha65 zmm28sYnz)>9;X!2cqWVKxI$FxnQE#wqI?=oqn?o&G65>4>gpsD`jLU!{1_Ay4UY-< zWBMdD^BeuC*+X`lQvlfJ06K&72i=nJ3Wp6D4h3aIi@29bk=|w z7?l}9{hT|ZjWE{<*u@OgZU|^s!a5N(#q`lSO`>%wJi8K~fkrw+*0&jNkvkBZY?u4$ zo4y7xjn=_gj`cvxC4Uft4?9nq-dmyUK`hfDmloi!+C$_7v8-(3vqNH82#YsoW^fl{ zu{ULcopr@#)AAgoC{!`p zbM6zSBR2t|KuyZ{Ngali&%yK67!e!B<&Nm%rmukbO3gIqCaJ;OAQVF@xq5nF!tI*L zVgJK`sy{K@BE6iYlIxsVZSvQ>lZZTlFa^gytG2Qeb5g(X*U4*<{j=N?J?b8^e>6o; zVZh7kKBDawJf1v&;LQn;p-9XX-GGI;FIs}ns#C5<5}XD!^6+>V+!9uUrkIU9tdKA$ zs(ye$K1c0*29rJi!a~x$fJ8>UDP!HeTa4~8kfB^l)(6oJzvaLD^SEvDLs^-y+;-R= z+$4NK#qz2LY5D(`4 z>63VO{yfT@;E83@ZOUX~e5Xf>%>iC_nD5tL{xJkJ5in;G98q!wIYfpp^C0hm3Pzwo zC;QeDz22yu@cTZflN#!Q$crcNB}9KU?m(_%vgpRKvka8uo}V9#V(sd&)B1 z;`5g+#8gJ+eceK%8``qKeqvw2SfW%(${}>Cj_;lO+yhjcpPN8*D?jONxT$5PIDTM z!PlX`HOf{<+zsuTuYn#ts5gbv;*UsfN}XSMJ9#FM6v}0af(S zrJ#GcAw|}$>GkKsXxM&m6s+QVz#w*ocqJ;T@jUeS_`&%}M1|rwn!^gkl41QDP&({5 z3Y-CBwil}IgephziMmtQAue4CXb05)EDds}C13$Ica%bZkaWePP>D7gB;o2}4u|u5 z{+Kg2WP`LqZkwU{jwMKgUtz=415_YqL?CobdH|~IOsg%am*frz?&0HQF!;1^oiOF2 zTmvu#tW0Qm74oWPs32~hC(7-X?VV(DkDh9k@ATe$!B93`7EB_5fE zsMc7pFbB*BL`c+w$`il$l$AZXPaoo(3{B7w3U{l>uy^>L8x?GE{MnJRNlt)@{EUPX zaL2~ZC@p|WosFmQVaJaR4Lx-~`UoJCKF!+ta7Sl>#Ok+n4`W!kjgR1W$x0Q+t#@xX zC=b`X55i({1iblE{vQmmo`+7rz4cbHMZFN(qXvSFt1f)ubH|~*?Qku$Qg;{z-QPC$ zVIN69@4r^G_Il}FeO(&Sl&e!QOM#Em@#u zdJ=-RDso&NSf#Fn_2R-Dzp(&WppcWdl3m@jDg6?Of=gZ&27bbph;i}V0%f$GC2$Z1 z4gpB|ZP3?@w->Qiq5LgsYlHZ6#hvFe>4Ka-x$V{iiW@If3JNt(yIOQyouS4#2lc@* zU{ysdeOCj(vn8{1Q>fXOw$LTr(Wxoe+v=!W6{nY%aM_gI0Ps1v4pyc_ZV3F6+ zcKTs0DEi$N+G_6~J75FK)VR?GD8W3QsdT-PRnLiSZBVb_F3y|7Jj` zUhs3g@;VSpmq21#Yo4lRGw3;KAjevDnUo6+S;`V{z6hK0G_$h+DCaZN73mXml zLMV^Ptpwe%Fwu|(L98-}$sHio+pp;XNZamhqTg`*0s@Afnoud)mPjn>?Jf7!2j-aT zz_)G0dX_e2Vyu!4e**~<0)wI4av1oLZ38|7QgP}oBW618PysJqFxQkCV9jO%h$YA? z2ATiLEBdY z!Y}0@UIJ*Eb^z3rwt04^9nzwP&dIrh3D*JdZZI9q*e5)cr1-(T8emKRIiNv-~?wgLy@@!h#sEqlZwNmgveRwUkLrJXX~sXQ2hYK1Q3h@`iy(5UAKX{Gix6# zg?tj6v^0fL%qlJ)xP1H@TkMsoHl-`s-q?%?#022}jGx_!$rg1FB*?tAKJ+*=|3U%L zk5oky7|Y%G0KVx-UBUAMsn_MZ*yJ#r?nBBSG_jr!gy)@`8q7gr|7X1av%Zc0BM+qO zhwwk=jpS|ok31}2<^MnBq4)j}Df?Ruz{HYbH>zij)1#BhHVAKuI}Kj`KYG^x$F68Z z=w^2k>Xmkca8 z!ySr2-zT6e$1~`7L+|wU31`QpO=kMne3=U$=Awq7rffW+6mf)hy%&48~oePjSaHyKsR$dtKF({c=|s0 z{v;ljA*hjk=qoFJ0-;(NmRie%)y{aKnAd;n;)n6f5(KV|Ld&z4*LyyL8}=B{hiW^H z&OTADSBGxfG6;JW>asB804~_)Iv|cw112@(-S2m-I`%%pxVB$I?)dk&trj1y>St67 zX6ytL${V^X7>xe2QTKmN8*sak`5wUiIIj;DCjZ&+Y9Ba<{yQPID5YJvQk>RrvQa65 zav@qgD;_mJJ~~$}m+s5hP&hvYXn5eFkvpTP*uYx_j!dj~Z*_Ku5BZ@ouYJ4kY}oP$ zT)<-~KL_M`g1|~vf%JNRmaOPN^vs;BNXdqM=5=knH&I>Q2rbx+LctrcMB@1^mVYY!2HK_51A**J2e=&p8Wwv|-Yp^&(yN-+KDk~0mR)!Nfc}+T(xVch{XxfvMY_u+ z{r|s+uqNe9XsG4mCyA-_2*lho%&>HPvGAGKW55HtoPPVvU^4ezwCoK$2D(3OIHWUKxN{nYoM*0$ZF&NPG&pnY5BP ziToqHOd`>1du%*Hb>I{766<5%vn*?O3vx z1R?kOolO6QVDET$E}{^K)O5Q3^W*bppJ8JkHf`8O(zq%E5_^L1_gEur6rf^t?9}wq z7s$K=OvoKz@#iR&Wy6I9L@rtZL0sCH`26YG2(d~vZREX2LC25_?pUM{gukm({tNX7 zyxl&~U6^l(CtP>{B`26648swhYKgJx>mPwr#i>%^yoD8RrEAPWmyr%-hajfEhB4NP z`5_1LZcqq`*bt(D&GKoRF?xC7*1%dhgfbaI#7zOEMaa(C4T+ZABhN0Z*d7R^K>-z^9MypgPj|V~%gCT|%6k($ zS3m;zA3-mSFfkEYBDB-``W`aN7in+Zz{u%8-vPD{9h=|fe#j{M6q1@w0)5R?@Y#f{ z9IWTL31DVG5zJp?zHkj6fC9~9^1A5-lvf2oh-YpUHMZz@F}v?BgR4Aa7YkH{(6I5e z5zSOt@#x@)i{_c(GWFd~r8IS2r8PK8DbhEK|=qu5>v*>^#Y!jPFl-y=h&pIH>`$*y!3 zfbPzzF@q#~&Qu&9Svbw5c#Uk-VsEe5&53uCJ}A=VA`>T_f?yj1KC%EBNyh|@9Dx|Q zLHuDNy!AGxt*XK2Ag!FRf5X2UX)bR!PJ~?H9j6u$B2kBELKR~b(7`yytTDWq zx;+X%O*3j~EM&pz?Op`fq>$tfqA50X-4Ia^IHx+tSa*dWxjo&iCFOmxMm8s7ur}Lq zwN28osT9(7A?lc!-QP+xfg6&ba|v;6uw_8q1Qp3DJ9;o`>TpqTQgH@QjSiHuLwE>mJS2}l^1lw>?KtZ0}Dq8o&a4do^;zJ7|b~{akBBKQC_+F zZ|PV*-|~pBTH%6e+$f|Y2UDV1fE}EWfNV776Pqzp>02o?H_OC+H2BnKQ@-`~&7^~5 zs1OT4$O3@{=O7S>=uKm|!?%A;!ZB@X8;>q8zT)dPeV17zaTt?@QVPs;HPeeDO`f1t zI{oTTBdy{O(v-mIeiAD!Tep@#{TQ#xba=p^d@JM4=%-|s1+zxciYz}~0;LkfA9sM#Bpt@As_GWk|b8A-ja^v`k|heApQ}ETIqo<{rRaD}v-TUSiAmbd0Hv z$odLq)EL77LeYA_L)$la&@3Cc+R_GML(gVgbXK75MSiEE`Y!m$`g7iYLF(`Dr&j&1 z%j#b8yR4ND5(j)J0GY(`9U#PGg@_tbX}KDxc>l6_)h zjCyu6xj*}(&l?nq$Q#?A%AZU=7k`P1{kCo8+BXN+?@~C=b9ena1K#hh;$DSgKUpvH z@^w$PY1f{x_747%Gi|LCxpC}7_t=d{>03B95cn7q--DnC|J0u7Jg|`6xpU{r?0DZ5 zFqE~_zC%5JJCrdH{)E%Td2%txzLP3r!2I;V10O&3J z+%N1#+K2th0hXFQd%x@k+DSIqKvX4pu1o-1Zs5h=pwQ)lCHa5hOPMS$Oq&uo`EzWC znwvMYeu|G*j5E4i4o#443`Fl>E&~#l9@wp$r#20r#(9?{k{}43070-(Y-z<_0$h|W zVUr9hFS#1Yzn4||s8+7hrSwS^2jqHT{RuyuzBc~gje{s~5-6*I`c8~P+PAmIf<#t> zu|GU}36N-ug^URoXgv$wY>AH%C`V^Y4994()b~ zBu;016~MTZy> z{MkAAdX zd?eI5j(K2kQJL_{n5*H%d0Zc(x8u|-m0Cg{2=1L%DNE2?o8~|Ni;iE zv|ID)#~UO#0t-kD{(SES>`^evUs@aaV|SJSC04!(wju-$R`XBt7eB+PW^Px0_`f<@ zd1T^W#!^z>V{gwbTp}!Ha>b35ak7Gs2~O@@2tJhq0R*c)A=F3-YYR-Ii@yB4`uzq5 z{{v}5Z4l_sEOW!ryj$EaE4ofj!V*DO!Kq-q>2tQ2ZvKOhBD2nrhTlKcGDi zty_bh;dy+^xpZi?iB)ib_8gy*?ZbE-{IUF1u$@h(TL#;=!}jcR02XPXOzj&YOW0dLVn1KT!Jv+r+#%h z>{lvj!yElA)5tLb0chbafaZ{HKW=ER14pt`NDxs5406JaX+52cP4Ng+z_91PCWNs; z^2#vE1iR+kc3K$ahr1ilGlc74&uXtaF>TPEf!X%#7#LUd$EI)$quQt8f$faVCyCdCtT0hclmo07Jg z;;@JF)2*fR4Eq*d1Ff&tvuODL(CkBsW0qEf5f;;m25h$qOUwpAu%~qaAekRN|KP#i zzU^N_Kr&lQwrJYHW#ONHXAnWa(?HrwM!g2HL!uY@{x@h_>rE^LeimqMDOzLYI*9**Q-LE2sf*ba z0PZ*Mtl7tObXg1^P(sbQ9)V%ZX6LGeg%?NTEZz0(MBy}6pdD=& zH3D-7IbT#>3#+Moi{%JX=QMCjD!t4JSmn&YC4Iv6*Cmay;PMKfIeY|V+d9!@KJ8hJ z&b~0*l7k)2W~-|f)ekQ!F$6IHzdibHwXG9_q& z;>Z~fUB%|xl*tT|nKdJdUwP}2{v{XrrUL5g0=3|>FdU0QZkW6|NPF7+Gt^cPYn(h0 zF!g)}>|f%df?zdEhTRh=8DTZa_)k*6gU?^UEm>Sm|@TCHR2m z2*|u%F(onE!gv46Cxe^f4>x(_K^81k0jX=krS9j zv4!+Z&!$%6SM>jW^6!O%R#R~OSdJ;JVm>rMo;AtNH92JqY!8v}1pyqk2gw(S^D+Ik z?~fV%o+FNFJ>t}eo!RT$383t@LIhCwu;2obYc`h^WQ~9Sl{gH3_GKt>Jw$t%O?*&J zT3!z}?O|x#D)!KG{~|<;ppv2)oMq7|{3#bPL=eg;{IRL5;Y+!QJx)yHP@pDc0D8A5 ziNn899tHj4aK~>o{c@IqQ>Q>Q89Lr;`a;QBG>RVY`#tJEH`e?!lhLh{HYPknfKL;N;@Fd`>2jw z03j~!_uqij4>PT4S5hvJzzM=TTSy*$v$7fM&oPbP&F4O@R>nzHP6Vgb124?4; zV-idMD>$(!J(J?=b@Zw|szu^G zo3Csjr-3{5DwOB~=n!51!R71(&|*tc@Wcl4rVTP$`m0@(qZDu1NIhT#U;lNEKDfU+ zv?agXV>N}hiJuwdnmRCa2zE{(&O!sp%}s#a4&>+T#om@%KynLrG24Y6tQ|mGR0I0S zuDQX4W+&WoZXs9LV1k8l?u0WKnt@h(b-F7HR zS8#Q8MI2cfkteMCqal|V2fx1l-x+l~u>RnY8_-lJPQa|$0Epx@cZ8q<;d&@ZU^{+d zFApZeAe!k`u-onSG+t{$@F!XBWK=P62BK2bX&k1Q2~_yKD=nf3YDiE{tcOn98VA)N z(5w#7Z}m)*i_*WiC9zh>1jT^_gyfoVa2htqWFaz+We&dXM$9Eeb^u|MRM-Dv@4dsZ z?)(4o5;>zm*&-z*TV*Cvk<7@>%9fG6LZ_6HQJs=K%FZaVXOto#BiUIYD_iF8`BK+) zUsu=ZzQ6Zz-2eQJ`#aG|lb4mzc zHS`}o%HL!<2c)2pg`_H6uc`~@_AA`*v!<>=fwtE}|xO-Gw-`-sM%G8is z4sF7X^E4Y?^FM@vL?#%D?p)TTjgY_zPE;j3?jpWpdCAm(k**S#UVq6OER7jBbPd`?;^#(N7mOwV4LuP?6K1j5hxtgb z5gj@#yu?;T6*(6F`~^OC8x97YpL93?9JgUa1SVya;!ydL^Y^oP80(A_By68^m; zjy&4ZhrJ`Jat7Z)!z8Q!_I$|h#A^Dm_yVbm(F-Q-q8EsFg=t~Ev}iOU=8`m1#rFt7 z8wHphb~RkU(ZUa>yu7@e{oTliwSRhjwPhsl5gwrkvFUQ7Hqqp@4CuOd2>4Wv)_Pw# ztKMZ7zDqrlEz$2#Eu_jXdEB|v)wCUEPu3J4-iTP13lS{zczJ2%xH-}dPbwZWt&>Br zP72}v4UoGoLGzdY;Wbjo0JER(Qj(1Wi;bjZ_Zvi>c0iuL=w-uF|H~JfFX+#XJcQ&a z6s3B-Fp^2%$%*DgJMKfmlddz1B|&_Z{X_T(4*8f)P5{b8GA4R~Y$E%d5}vC6vxVLow$Cw&sgMu!xGB zv!`L9$-$s1l*eDy%D{T%)6vqCa&p2K4^g5zFp1mU0O#h~w}CvN-zAqzq6Wx1T?tN5}@seo*)IXIz( z{1_+byBgW><$tGz*qyKmAKD&Tnh&!2&3FKES(J!iwUmWs_~NABP+FqCRQm)hkdUo1C zLb+2%*^nEaS@1jpr51DGyqgnSs5U|$e`gHfJ!n+BnnDD+L|++x$6c|*16RJ4Kp1Sp zubo?(sMSGB=a*chg*Buipgc+HbUc{>2{F)oqixR5fE1yf(D_eC`!By>`Jpp6Bu>_% z_MF6h7HTIPX!}?JkOl28+a>X6$4dx)+KwxS365M2;HT}B<*e~gt^^ZQO;iJaFZDrH z8AYDpQOMXxP(nakb@&PL5dX4-jhjwRlE~bKTc74xe|WkK8a^}F@>P+Y$OOkhWbVU{ zM~s1s1;w?blKO0L%DNkv2mdZJ22~p+JLRM_>>Tu!&9Wk*HWD9I5Ye8!jb}YfO50%r z{0=e!1*nm+!de+N+$;rxDnd;gPpt^HX2##X|Dzyz;)5CxrN?=66Y+bwD-#OtYRXC`{MqsO}eOTz9Rf`_~ z(Ywb>$YXU>PqAmYd!Z4!IHd0LKyRx9bk!$4E*@YR;j(dk|8BB!oL$lNLOXyiD5uT5 z2=cHLnQK;Q+QAmtpmr0)b1o-9h@4vX7p|KgeBbn5cRtGj8WIwrZzVpVAOqC*ODL;+ z33GJDev~a2mA$XZs{ZIxvzk@@zA$W7|G59AdNiStP=2?RVr&kdb!atgX-Jn(Q(z2(EBkG z1P?dDeJUcP2cLh!x?E zB?@6D0Rfe9Ms*oME1y~@s847unQ%0RqF1hxKt;DkT%!zIRIn}}F`L#yx%@hWO0V~q z2#uy?Hv-Oblxr@(lx)CQ`5D2^YiFpomwxdk&H8dB&*H%T{c;F`x(ST7CO~0WqBz(T zYTuHoIzr#GC>0K~qKMTD@0b7~M^M_M82g{B-o1~e_K#YCKmO zp`@cZGUlP&1Rs;>#=`R`qT)jA0wDEA=V) z`8B}xIA)h+z9LA8?LSs0#4PrsT5;l2a}@&&Vrayh1D2qLJAU85a^fpgM?EAhl0kP& z4|i;(Wfk|Y-T$#;!lP^rBQO!rpnAKtZX8S^7v)Bt)*HG$tru6$i2$Hi6Li}@jv8JB zSO9Uc)e*(|H7CRy7e||zq&}U4Dyz_#_0=Zv z)uwklaO5;40}o{z5v+Cymv%^0J}qMahv#}&{dHCyXf87k5}QB&cE7!x+sAvlFPqj` zJ-^>P5I+exz9Rs*DnAtMZjFLCO`_dXft+_hX?UIxEwEo*ni~O;;X)O8H8K=6e#Hkt z4Wnjy4|K3MAy|qrpL+Gu=|^Gm&14JvuYZ3vqBH5%dj8G{k{ulgx0pS$qVEllr>)!U z(*q?s0o1xK2A`hh_Z|Nzw90#GC@5!gn110h$bk_+#gG*T=>HAlkMYMl>BJ$iN!Kv1 z*<%DaTjeV&rxfS|l*We{-_VG!|ENE9lisG7k96lL_=W--K*7E%no3dhI64k-6mw`o z1B~v*$Bo}wo@LM7YF+s;<7{zK*Xrr=JV-K5E{OS#XV;$^xvO~nid!$KUMRvcHg>F{ zF_?=SI?0yZ{sLeN%EaExz-W7$CWP4HETF)$>s~&qiaQ}ozs?Fxlbjn-e7^H1_@ry4fW&)R2D zUFAKEk(atQ+R?M-M5X0_-;i*$kImcTV!htV8@>32;vq53yF9MdvRPa7nJ?2G%mTfU z1gNG7redR-BjHywWDo!Z71hbXV3jP>I%wRRoy+tR6PpREua)$+tsi`>7fr<1AGX+o zMouHOMBw`NfY)`Zs{J14hPf18`4=LHp|RliFxWvPg1N$nJo++-YN{=rQ*B&eDrb6( zUu{bXC7-x=V*p?fB5w5@I!Qe#*_;b-A+-l9>;rCeAOSin=rtp#nLJ6v<8qqH!9P}? zaIzcZW8e?QwT`k?ZK}Qg4aS7$^``vPjp`9W)_$TpSl}x*W-uZSAfqZi(}zL}0S&|S zRjG!d4}axJ@0&e~Rf7B-7(uCqV-=4OtccrdX2u6Zvi*Ka-5_bY9iZ*d`06sy?<0UB zU*qr?K68L>$H2Kghm>ebUxW-xU!E#s<}G+S3BkSW6IIviJtpj%zzxcF?e`-yp5@)Y z0WmEacD&*aAkEi1iTRbCTRc{gE6w0|iRAsTo)2r!>V&hYAw2LqUB7hC)5m%%ebmQd zfTG;xdhS}>^WBK5G}FyVGw~BdeC%-P(FI~O84dbwK}g*n{1!3|mg?@cT7_o_Vc)^>6A(Z>|j?K3# zfXeWzI!K}oB={z&q-OP46$qx>W})vIb~NL!(6&vzLinxkbqS{Y4ZE9dxRK9~Lrm1C z%Y;(+ylrj!44P@w30awgsd@`aOH0R`rxsjF$%pTe>36oeu#PeNEF?>dSsWIk?yaQp zGCf$pu+4+q?%sVv=9e@EB|>-vZ?pUeY+V^SuH;PtN=`$+fu zmFxK&Wxn4g#CMF~0d(`4P`T_MrFgx#j2dP+pHtUM=W{D0`Qs=ng$Z12&z4z_LY z7hkCq_xGVyKk%K1q}0 zdfUrz92)y-zTNpg3d%_6^zo{DN_vC>um%IdV}@N2OssWdJY9>)s5((7O+N2m-V4>u zxufRI`{sNvMsBAQyQ6ZXf5Fzy`0~{5vwJ*2v<0-it!}2ukv2Q-)*-}oT=F@&M1YEb z4Zz^l&LS*v??lm3J=;dpv||;?0Zj@}4FAB=M+{^^EJF z&Sq={@ur79faxbNG&n&AagOHXwh)B>v>&_x;n)a#wZqszi~|hQ40vv2Xj`&VUdrW& z0;@lh2I1%-f0|d7m=kLNLQ*a1L>^fLYOwLD-g5gG#6@~}Gcb};cg6y2uJ@nUQxF}0 zIg4b_z}bqb1AXytg^29l_)(6;tpA9~j@6H(pjFStR%43NwQ`Pk1eorb&zf8JKr(%)`mgM}mfXw*(eatAFRd-Q>6Zm2~sRT}}|-$j@5(Y^fY0)mxNY z3R+(b;*9^Ce<&1GLaXtsQYkYYZ;xI&b)V(#`P@7!Q^wv3WESYaq=B|$7qwU1BmLX* z`(~DtdDdvz#5})jJ8)k8vh6viCr15#rZ9LRCV)0{e@UW?xLT%e6w%>I7J`@LybL_N zw5K85C6&zU{Ul%%@Vwr8hX*vB>z^bK7F%DL$$KWI5bIw6GC|N<&sj}7GQI%Wx;{>Z z_aX8tm<~oC1K>8bnLq9)V(sq=>OP@BXGJlk?lq^bY17AGo;yEmAE`$7s&&z(>Jb_< z?m2IQCw?KJKaChW&(8D%M2;*zU3-sWsX@TJV%r7r)@PxKv7OP=fYBvudsIJCjb>}H z)Ddfl=bVF9r3dr^mhZf+Y%BC2zAqr*^Hvw8#v}n0kgZWU=8P^(TGJ%s$qbFeQh$kiGe<@0cO`FAFH@8TEtzt*f$pcS}29z8}~F5S+s4{VTMt>w7s7&wpCh( zIE4W)E6v7M`Ku8D4uWMPs+n%8^Q9+OdiNX%6IfageS4C1b-ZWIii**{p*K)$5ylAI z2b1UOy)T1-t!Hz@hEMOQ>3;vXbT&aV)+uciaKJvB>rX@Uz9u?o3F#Zl1(y|TeSId6 zug7A{3+G)j5Ap7QrKw&Dck*K?0$*$&^3ULU!IY&F$n`R4;zF*M7-W-X$vQ6KF*Pv` zmtyx}tB)kpC&|sjsKxEye8pFKXF=wlWU#O08(HpI_uQb=eN%^;1&$vNj@s@rQ7{y^ z!sTrYZ9^6!04pcuDJa5AYfvSWgQn(cmUBwNJlHxpG}(sA?mC#(5n`=lJ8%KjhZZT4 z4ol@vz?>Bsx8;tW=tC>QpH9H-dB-5vOUn8HLue$}r%v7j9C|-$DA=ebTs}YtxAyzM zRuF>U1HSaNmd@u;^aqw6`ceR%+k{ZKiz!KW7lIAj-QGkuNdo=qHk{SkBUw*BmP7zL*YXbo@k+2pF| zn4iZ#|K$I*6x&y^RkMIhIwFjPB8lDAVDE3C?Q2<9pxNVJ5 zq3mRE7Q=OSDO+PxX-p(d;moSgbfsAL`$<>uD7laOE+Li`h@hE$L-j zXxv;3=8yQ7lKmXKw71D?{c!?&z%F}Wdg$F}2r1|;6t?D2gu-8$)989j0IAQ_sB>}U zl$#sifW@Qs@iz8H2q=+ii`8ZFBax6l4aHWYi*Boq`nXUv2evsMsjk9TpXzHnCaD4C zujAJ4{yTz%OkC zmm0;qZRcN-0X+K655PP6N;cYewODfr%j5noO?))zQV?6rVu z0Z74`7M>OqGqZ$?$#Rs#7xTs(ClsL#_2&~M53l9mq@9z#kxZU=@4gNp5xsilQT*D&Kn2BwI?q2aXV4W5eohPURVVt8p6 z&YtIWqi6N{@z^UY>I&@%sbTxHrbC9^zzeon281Gy!4 zoLmJ@?p>|n8m6JD<$}H)f6fVla@)S)?C80)vDs#qw-DlBGdl6sordjv)rzg#FrXVfZcYVgRoVzyW$B}U!Von`S-SsY2 z#~N?%qHo;ewOGmN(uyv+%7Z+)X!yy!Mkq&c3h!f2ihPI=%#qLI00YVs1z}u_CK(@r z1^ILT`(1%ElQg0J%l*OCnC~B;?H;6=hvt@J3Kzlr{uVk}1Kq4Y8~_Q>G|5crvn@Zi zIxa4b^A63ySIJ@(zP8FHgye>iFEY^W_SksNM5KL1B?;JuejRyg=r^|-xH(YT`G~L_eU0-j4b1s&zA{k^x^tpV2iihOMsCpy2fPS*;p6=`uiphmx32U0F zY(A+pae^#l^b#cP0ov3~75jQ;?yczmT%0oV(h}wF4d;~9$a0B&Ng_Z5OBV3YB0lZyjPn^@|sq**Y*33G*95(EyKbULPAthOrm-;RFz^55t(}Lr%{E6&eIswV(hqeix;<6-k#hg*m*w;pai?k z0WBr$+BY95i3j{dxe>-s1Um^XiPzkEDkID)A3mN|zk~h)Vxk5){nlDBLyvlQSOJ}4Ndee;j3CIe@)P}Q?6?xdLt1e()Xg2bI2(^y?1N>*hJY^D%I(5e9dZew zz3jDmiGjWT(dCMdi{3%{g`e0#CFBfn(S8qQ1b<%xuqW(Shnn#$7L1VkKh>q+ZE?oROd|91ubI%_jsTklcNLOu_-!1KL4C43>i^e* zM7Kqo(>*+nnmM)KHg_C@XGUL)Kndde}i`9UOHAR!GVM+hEiC@X&WWaJY5?i)z z!Sj(Cs3q6T4NS>1g=dOA6(EPbS%Bb7G49~PM=&fvFdQGH?jg=X@=_k>iYMoUA~J-m z_7Z}|!pNTe$fk+}cp9>2ofNw8ECW(7ZV2p3NfEa1Hs6(sN9qNm(n3oH6`Oi^rkj-2 zA#@AMKveH@wU47K`TPE{7Z5=7lK?7I5s`>;L98=)TpUP&qx{be>l!l(KOA zlOYD+cq#?O=8T~UD>%pg8y?anL`=vwGk z7b~~?+Fvj0K^mCsldvIc<$!~YzlCVw;qqoQ!lJY!Z+Zs^o8m)=5&m668Faq7QHJ_I zhZ;TSViWPn$6c4BH~JT$l7s;Fvy$X@F;RnHU2b!y@KJ-7xcpfj1+v?rnZ=^Xf)s+F z|6o*MG|kyI%P5i;A*5}={*NbXtkJ!MxiD^TpYZ-xx; z$VEaom_M|h!{*PJ!PP|J--89iLNgQYv&#&HI5~z)0|JgYX zOZmIXk&q=Q!N@^HANlS59v`l+xSEf)i?3&pCpvsHlI5C3WvW_GHfDME!Rz} z2&=I`EnxNK?3ji3)tz4%(K?2~xHKXr+l8+mU7{6qZIObdH;gjM`X%ipgdsum%VPNl zWxK>m{H+!hQZ@_aSU`&5%AtLgZF5D*BYbNRyZI( z@G05toSX6WJwi7wa>zy=+SUx5ecZ&tws+bYw&I`$hn^iRh1Zb~h4**ap0FSS8E~}W ztSnNcSg;I;tON0O=+daic3`Um9y3ONH~`V36OO&)DK@XjQ>K;|byk*Z-^L`Vpi68x z11fj3h%1aYV%1KZ(QkoD$JB0vQB>qs3Wn45)ej2)kO}a=(O=slzq8-t&1By|brq#S zHN&L2$GLHFVE~5N)d&$%R8ycGMd=3J|JT)=?;sYF1j3F#<4F`Zs!yAJaIEh9q|0(g)B0scRX;Bq zLS~!%-rES$XZ9vXrraLacV`;e*=~*a75?Sp^ zNlHYWbnm&#PNF)l5!)d5%UaW4h?8RU?B!93&600k372R!lCoG`R5+p4dHr|xMhyS* z5J(`ua8nCpMBNk6MzIe&D03T-vccOp)=mL?Dwt}l%uc=MRA}Tw)7tH7y3_@!N*MfC zqu|pCW!{ZjiTB^%ee!#`L!0sA1k^zyo~HFEicDC9_eTOLj~v7pwcWbyV84}RQ~nOaS;lQW#Kgo+#NxAY4lwI7!I#0!EJ9~i2o@L)TEnut zb|1bC%_6O_@YRG9$V*m+E&*wcV1&dBUF-N9LoDZKYH_F#)TFuARI-qWU0XYD(_Ne~ z{JQ#~ZH3Y0b0Ru+(2%7AdA$+!vNgwW7$>B~>*eWGF`yD8%*v%zEHs`sS<1|a#`YDO z_E(Jqn)do@wnju%V$%|S)HW1}Q*axR zZF)s~pp)|IO>koXwFbOZ6kz(h^alxT4CXoKna9nc_h5J2W2`8ZX$6um$2{j2o^V2P zq=YWE8fdT0Y)ms|#R$ddn_#T_Bgm%c#p4u3Mz)Ie@bMNvjnr)SLJ3dQwTc}h_b>Lo zY}8En!^%`g0J)*p;4?jW)H>m{T-a*7?tlUgtsuKfs00t-TW2~bz}zQa!?eKT zX@2s73Ms`-SZBe<2z>ZHSOFq8&;v~@5HCIy#ZBvDTQN`-K;L9qe@e7uJl#fqs$eow z*uK#aa%{~#J!MhTP|_w8H51c46YbC^tNV~~slhj}lRoZUms1B9!}6G^Y1uvfL6nA= zU4^JNF@uBB2E}dPzP)`c_AQuW4G3@Hs&zEJI^ftmw6!?_?YkhBFEn!|Am7plMC4up z`RadO3L(Y_#e=MiXTM(p5mmOBz>|PRx}RILg}|vI1YX^>id}5yXP)#2c1&2c@$u4n zog9Z8Ix6gHx)|i%`L1Lr#>>;~b0uR4<6N>d;u#pk+zlminm6p)vW&YCHp~DBrm#)W zZbIXskL++n*yC9lp13!a|6fa*k#JO%&NUq|H_ zK8iZnFj_wFWp2m>TYX5E{Nc$T@wi3?=k72V*`}B97)Bw58V6E_uAn?XscW0@$O%|W zyM4V_)1HiC{x_4|P(GQ6fachg7$GTa9+M!OM{mDSU{7@9-XeeUU5Q-~PPp1&B#S3^ zrnD8bDarAVdkYarJ%jpF#A)R*pr*SKFw5VA0&i#r-mYD>zs?3 zbzq*5dGC{RBRmIYLiuFjNNELioqi0Ce0!Fu0OgLT0Znrep|zUNeQO!XHjNScs!{J+ zXW#hrz+Cd7rsM$Bbpi2)moGx_+-U3-AX&<*$%76GV8_~rNNpJK#NfFXQ{q`7#LAFW z5>*6qnpAvvsCjfFVSSJ5c3Y!fdDrj4ncX-$(xjrNr-xdRvkq)DlKq47ry*QZTeR&fPa3GFUtlVi zBtiN93g`UBD-d1v-z~R$_wK}i2!VuOs#nWR1I60D9lB4%DrhaIEltEqynQ?LgiI4? zAV|jFpYae>O-TI3nz0gi=j4YE2whMFBJAIqt*+v8a=B1P5cCbQ!w`GR&QRzJXu1yA zRVUgl;K|Q#mZ!EnYs&5IJ&p=Rc%f6NmI7PNu97HZ(Aa^e?dXPt0SFG#CX!ne2ou?i z;Uby_nF_svDQe>Bcu->{q6iQ1(zbs8eyu&rShf)OujxQ*rsDEso?aA98UhW6#;x_t zpz?uPEOu;t9WaQaU})e2qOZ$KOIg2?8NZzYG+QIPK$5yy={$(jUk#hd{vb~I(_iB2 zJ&b%@dW7RG&QKkDAYlp+;SK+ z{e}xzwL=ZGs!o|BzATUuH%LmmIoTXBDBby$dsaFFYG_x4H9p08^e`E=da(_aZ-o1A zk?(h2u<4FGbQ!nSBNI%im78!$iK)Az<(c||gRyJ~=g7!)R_2C`^5)V~2T-g@kkscq zjBaQw#LzWQ4)%TXln9U$@m+}q$#nbk3kbZn|mdgF~Y_*!KfXD=x{%qHx8-;SL8LatSq+u zgK6M08&1Qy?Y=^nss%CfmTyTd$jdeZgX4+gS+U)7#rSX6m4y z)%K!GG4?S*+1gxY)6(3iJO5y3fqfHHjeNot$VtZTBM4|Pf*LY5$uiqiqm@Z14P~f+ zZmh!V>8OAS@pc@i#V87k6@V)X6;)4a6UDS6lgBr7d14**Em~SsG z6IvHfRXM;|w>hH;goZj^w!XH}h1^bQMtD#<=6IWsRn`>r2RJ z+kMh%t=Bd>^u$#)za|!H?#rJ)+U~*^h}n44Nw8rWwNL*SZ%W^hhN^4jVcJqo&Q>QE zi*L;-ni|L=W1y`^`EPuja-)0^Sf!hcKomMWr!3HC{u4%_nGTaAF0b3|Y6qKqRrN!d zO-~tOSwb0&$MW2WWc^ClU<;8imC*DF`BK+`A_3|LsSA7ylataPZ_gQll3Ur)Pw5f0 z<9qT=UwIRuUY83{fnqu0iZ_YB@w#*rEdBa5g$}(gwmJmq)BRxU3in0eN!M*GKu%Ks z+BM#E&1}{#n9?``XhqSl_pxs@i2(HfMn}xHZQF2eRr2^2yK!biphZPZ&Ex$bopmWK zF60cn)f==p$tSWw{0F}UAg6ck*<;EkFJ)#2<3!r(8yb|H79a@KIM$X8qFNRX*Tchu z6Hn}Y3D{h8m=L}d}t*g79d*VHIvLgsy@}lU| zj81^}dgM+@fuiUa5d3GC?mc_~K=`*G0yg_qvVv!)N7CVu=GsZ$tr4PIM@1FF1uTL4 zn42hT!IzPPe-|M5&xy4Ze2tCBIzjF1UENxm5eWWsUqe43X2ol)i#SxZrEPx7S6~~a zX6L!^t&yh*+36T~)%;3WuE;A{@`W5uyndIRmHbLLJDu$7v(2$jsw8=(rc{|@4=GzF z-#GN;$hi?rMTiZwq}WP zy{(@0lbJjv%$q%!>3;eaY_;W}5YIG0aXIA=E)y)QQsN>}em%vbm{;VRp2s_x8$B~a zuisX0vME^fA}dHcK`oKpMX=^u9>ihdZ~|nOTPKda>ONrNyZL!|5UfPUjBeZHCg7y? zNytKXel6vFwgvN@Kz)kWyWC81DF*X(^fp&lL`%N2n`i=6-sY)X6&F?^n2*SU{sr)Hwy1Le?s;a%0G1;3F z8k08x^a|ytaI%XN08~N$d7h2+qyQORGsaK#=+$HjTPK}Yy2lhxPQAXy?W4IlnUb9b z@B#A9OCiArwt92^u#KlihmUPW2gUzy4l3r4gX*;Eqokx%)6}FbeZy&Eg<_3fK+@D_sJedjZ{N78Q`#r1Z`n)q*au4MACjgOt` zYLAFv8?F-Zq#N51LFZ)qZ_bGu3#F!?!QoX_2!~g+%bMKV^c6bj6?V(vR3BA)KYE6h)m&d>rV?Z z(~bhRuIBWO^VA#9cOldFY>vm9vhc`vM5Yo}xDgT+x z=nXpzlFWaiJ1c8H2$%uPyOE6(oI@u_aC%d@&h(kU@fOR8(SdTKzM&DOS+(3>l^<{^oEDvNr+Y(;RYK+3iF z)?y~(>7kn?%KuJ&JAl-bGUd^fiAI~E4W8IwP^W!JcW~L-* zb=Z!>LdYXzx}7Ei1H?y1fA^*@v88;cuF*I%Q*r;NGSXz@h^x-mwN0bnj9g;@l82R) z<%3Y%KBjkj3%Lv{;NcRO4wYtGY<54`K9WW9kXg0h&(5l30s2xVtkK zh8B4zx7tf@M$`xo3N9zEmL`q@E~m!Iun}F38M+*kXQ7)f?;Q~dZOCl0-41!ROP4|` zaL4~x5mPMzBs5<@PH6j;9nc$>7V-AWtDD>S4zT`qE?+XYU}d~KM#Nr&K9nqWl|xz{ zgWa+aMrOHJF^p3P|E^HJfn$+Vzpd8x;>>EZNbo6#R7Bud1tYY^DyoiGMQ&ea?XV6`H@R36-r( zvg8f4NP*vZ06V6!5|G_6oAH?(N5HA8c-Z~Ke&eh)jE#+7t#8EU4#Y>F^z-gK zlOU^n*sV(z?mwzpUHH>!yOU8q{PC$gw(_~4B+j7c^w*%j3Gy*+cn`;a`JRY!Bu}uf zU#nfbXz=LKBkYs&JLN4r2L}fo>m~v3^Z6}O>QA0xcSd(maN~ZNFIaEV;}*@yUksN{ ze1X=em2csmKNtAtZIN(7X0QCqPHILt;NCV46F*p~&qX+38s`Av-^k!!#vb8CCQbvH zdhQn_CaS8Gan($^muh$Xx>!1jP<~^-U9|l1ulg(O$_J`(Rxr!eAdGwFH`Yj&zEOVo zF)@K7hRmq9abro}Rc;D*)Sd%AH5{9qH|!l| z6Tb!jDJx<%2vWI$m@d&lWA)hK(Lc{~gI{Yga(0wVO1@i8Q*rOwU^H>00aIjq{ z5ayA@#kF&@{^5!2Ah<{>x0~_gXI91NTE^dYbQY4+MuY+nSQeSV&pn{-w!yHANdIRL z{vrL4)Vh;ZUQ2t-vbr%L@%iChTM7C1DVf>97;hi8V}|`^=#$vc9cNiMN366n;$(=< zsoFk7{J23D6w2_DgE_RMf3Ww@BVhsvI9!;Stz{bU)N6|(O{6uIu7ScKVl$Qa>&uVa z2T25|k4GBJcHRV^gCcVOsp~Ed)bDD3%D{KZOcn+*K?ff<#4lkC9Y1jLY*je(Q`TZ{ zU?`vn32?l$f*8dt0Vg@v?Bk)1Vpsd_`@2|FVX)%L%=Yf{IEOtwdrL zYlh6ps#94ce_hpQoiDlCHn#}35>9h|AHSMWZ6D0E(2lb6~50 zb*GsZbdHZf#aa%7s8hb8o?SJIQ@z+ib6frVcn5@0P1ws6^!WqT`L6y|Vque!1M{se zDSL4rfhX;uh(UHhS+g8!eKhs-1I!KZF?AbWBH77tNYtJiNwOWR) zo#ui)*X?VB$wOynEaGhbdgy3`3+VRI4`v7Vf^L8E;Yup(OacQ;e`$M>9LG zebvqgKEv&j7^W|{Epak2`Xd`AD${WS+a0oQ^bfC^DX)@6?))(L;p|W8he?+>gOwp7 zD{>rFn_Oy4;cYAP@^T+d&l`i5`Mei~Zzn$Wz^re}@*7(}71*0DxbpB8Kwh?^@6Ekq zSuDI@-u|W_u~Z;nhQ|%;-heHlEay>$uIUL+xd-c#do9UdMD872xm8{_UD9Bd8X-Ue z13|IZM$+|^ETA3*y ztcD<)c9By$&}ia(_{X7^*%OmxCE|vT1~2~bnBLu!h$FzIGHUARSOE@p_SMXiPqW2u z3LQt4Gq5B$*ETJYzdPHKJP-w%)qY2?0+-+Sm~(YQ$e)KGQ0vye-u&5fAaO1^J#-}0 z(Qk-7EpV+NHdYb$+8-gnLCCI?ODHT){t5FhYP*wjqv9Uq zi)GAttviM2`L6hILEGzKD|Bwlx%USMroDXGoNL*3r3?_j#tKI>o;A$?s?2k!<*I}< zmzAi~*tMb3?-is1PGcI{Fdlc@Raf5*GHkgX%kyGOMN?JuR<)sg>~BYU%F0#&*eqx+ zI%{!-^l;hf9X7fTy$s#{a`H@%z^cq3CHzLl^sXXd!{q#u1R`48apZ3f3JH7cHwX*> zcS3}j0JpZ(D7ryC&j}%Dm?K?YPr7CM)x=w2@*tu=@V{t`U(;@3!-?yKw($PpgPc7V z8&^I6@L`mwyIYxip-yzt!Jx)r8}8d#gX;bu@os4KHaX+FI|ty;8ej^jaT!1djv)YR z`nLd@H^}29qj^iY-lBN6QI>rO@MDjvo49<6<4stLdMY)z@O_N_*uRWIj4!yK*T(i` zb9#e|dnoqUVOTF2GpGQ*cFT~TwEvRHY?5VvTiurlzo;%1w z+P=d~8@lJWr<31I_hIdx`+$9w*;cJBvDqzdxLtVAw-ufP$qHIWa}{6!wo0e81O zCzpPG33x|NFxnXDSE9YZJ4|M`|3G{z%jRQZb6+9|7cjeB1|SV4^$$c}xOAW&0UfYM|M`9jnwUi=~D;!~+l zsj3_cFU*@*oma=&b2w~PpFO=EbXuQ3v*V2E#xA$+JHL~FRU!S!lZvAp9NPps`V@Q{ zjBHnFHzJ_0=rzSyC2Tc3stueQ8<<=De2@6bwLGrxkSx8N%v()Kr-pqUGxNh)NyGVp z>%S}*LK)!l`%X6t2rt0t$L8LwM&`x?u-*0*a2cQeMF;RF%xg6!RsAgIm{U$r9XxK3 zWm~yjJKyX zD~{mA#I;iz&&v}PqAWV{Y%;~xp6M-zld6_NCVjrIImO-oY32w`4)NO{XMx^MoZqZyTsK=tEh@O{i*(PnMTq^KU9iO9o7GOs> z)xLPE1%u_&;fyDEiHIqcB1Me-K>WndH$%642Y2COpI9N31lVC(W0tGMi4JrfBzcn6T_LY~ZU28Q!bnN%~`>nI$G@{PXxw zan9uD7nN1w-^;B%hGTCo&F93O@om@fT8=P}wrD@5BTjO~%?eVc0{t!ORui2Cu0M3^ zjCP8R<@HdP>a(!0sIB(;s_E$HEU!Kgq9p*CP4`n~V`8@$RM!gLYB2h068VRh{Da!; z2(K$(H+BSht@Hkz|&dl7)$wF7vB zl^b&okH?7YJfK0eIf01)v%8&bQojLJ03M#VL2B z+pJw*UhEI*8ln?4zcOfSY@O+lv2%`B(br=kok7{40W8dpdpxBY%fey+JbX2^e1Ke< z(cG8OEtzz8ja^rJjx{%EGsoqVUTfFgC)!MP^t#*UdO(8adWruSu$GnIEtmRa;0~xo zlqM0iDI52WPS?tF8dZHaRqeHUHRu9Sm}jLCe-+fTTS^1!g9ngCouYdj*>~pkMPJgL zYy#jROc1`^;CVtFi3P*el{j%6J*6sLx0obu7riavuZvpbXi(C(8+iA?Q9+{YK=b4d z6xbz(VI&3f!%u_S0qN8L(5q};ozEPRFVl7DB`WIkwg=RcjB4)qyR%^cweaK#I;9E zbNVgV68DHT@dC%m?k)xK{+$uCvrUP_6{^_Dhq645s)TGO*A^L77k3MN*&;d>j~fGV zm}kyYHdd&juRO`$6L*H#efEL$7(fcOS%s1_OMRYa5bbPLol-h@BD2CsWJYmJu7x_M zn++%FJ~!?wIHY;Zw6Mm%dw;Qgz49SXr`kHS;OSC~qwOTE3=1;c$c&pU%VWw2XC9RGvOD+UqaZv;(J@J?_q+_+jG|=ab{{{=Tj2D8PCL)DBqjW*x1Fx&?DNVrP=x}< z(?;sm)32ubb@H=HNpRIOijn6NvDF}%KPNoaG2tm)d{QE28W<&fJ)e~2DCcm_Pr17D zQ?8Zva{C?fd2j|h=rhZ7lVE~~o)rvgu~VfUea7qBd{MgXpx(-pRr?A;?JT2e>s8~u zp~WloJ_{QK=`X4&{bg>e!bp0G*_Ofb>)!^BSD>~DMlV8V1AiJ_e+ra8yDJ#bs*g9 zRVR*MmW6K_{*?p1c!AAo$Nrxr-Xe3X@4n{Q^1RlE2Ug}y2lN*T2l|7o0Qjd!zL9i) zs#YH~tW1=Cdg5xY@}?pX>?v)V5@Q~PsBfn-iJvX)ceoFrPuaP9h_;A2ej7ODkfu&K zy)sjuS0x{wuWzW6o|V<8aB7eu0>n)_1Wd+`%30LwMu;t!wX86@y@PplBMRz^w$S;K zp=F#}j>KT3G+gG|w(Xyh`|BLUa1};9IQ4#b1@6Gppp$(^kEAB-yDc{qYLv++=Jwe< zDQ4oRHtTlEhe62Av+BzIpc*#|KB4$xc?h@m*WFg_@pm038sChkmmXM~`d*pSE1sDN z9ua>&h%)D*Q_ABrFK!ZRudl6+2bQh8@%Zu0#xq-BQP^l$N%VX9wsGw8q%-AV+%}wu z?$<1v=Hv%fJ*8c@Sf4$6X4TzU!2V3jWQHMhgeKM6RU%XO(+flCoED*fJHsu65mK{B?Cq$FLutN_Qk*e9AA% zUM{U-z+WD*uRkTFCf;+hrY!8rb@JyMS^A&y5Mpm~CU2@_Y{9kM>#JiD0OTPt1&#tm zee{FBL?_;zmDt0OlzImzbKs(QZfUuZy!;32UIfBfOT~40ICXuzv!LnY5#F{uJ@Ka2 zVkDN;T@|gMEHY#1Nq9vNNj|%hhWe=E7pzmo4z}joyTRQ$hGT7ecaJ*@=DYOhMxE+H zelxY6-CeP@&xUHs$`AQ@!|GP{4LtymNDy(^>Dqbi`}VOFT2tInc~cFw+|AoBG;Qd$ ztkyM3N+*afwF9=M!2wnE))DsXxzSGr{l(?+M{jN2ZM2tM2!npAJW}rB2G#qKpq|;m@zrQmUzq5USEZ+%4=%|_ z2PE7oDjuz1J4@9-OIHoL>ya$ zB&4Cd4}V$pudg3F-A?)SU&TRW+rgDI_{{QEg90M-=L}4hklGS}O#7AW7EX$d3r0Vf zdv^{u;@7MEk@tx7 z**Yc4T(}>5nS30euG*@H(<|Mpl2cPH@_H1dY!cEif1dUh?8**E#l^6Qos$E%^tC|n zAbP-7J1u%b+-$+;bM$kbI_if(Pp^ zn3cM@KWYIM4YZ+Mw}zJ8GLfvyqra*klWjXIM4HToBHc4c+jr55G~W`QV+xiGPKvR; zEhgky3=!2rr_18oa9Z!Ox`^0Ven=US!P^ptXsElj;VuuK(d+5R#`XDz@c^r+7% z=+a~7QoT4efK$wcFu`xz{lbciRpUurrzaR1C$^3$N)<%yzt)rDC)tjrqSMpPS91kPl|xc(Ez zGmp%Yk89?87##j-2|hUzE9m8Sp(*0=M>5QlEvl?H^Ev)ZHv#DnLm=d4>6zM00J_oi zld3OA@{JSZ+v_V4nkd@z^MWPb5%Rkx3mM7II2L+tXH}I~?#)hGTeZ=CY4+gR(d46n zC_D*HP5k)h7lwH`DawOzc$3}^_FxBlaPje`td|Wm{(rQ+cRba9{637F($P?nCK`l< zj1u9{va?P`R*0gIy*Y|hNXbqp8AoOzd!&qHWp7#8vPbwmU+1VkkKf~afA4?p`=1_# zocH@Rp7Xk{r|jLj63?a-s2A)1xX38O1>B+jON`kvv6@%(Rc;oi=(=WuajDUfqM@#S zCHOTqj%I0CE2UE3r7R|ghQ3loh^LV$=*5eWk|$v`s|%gRB6bs8QhMoEo-*0CLCWj{ z{TGM{oaCHZ?v-gwcI6|-f-YF&{*XJ}1^E$nYfG875}S;j59OxKA;ebzkq`!60d^n z;=}n_m8;qAk(!oz(;)^=GuBpD+F=C5_(YmP=RHqQV;gIzz~g>L8ox?Iv&Ej$_WSU- zwW@AcnNcB?WJX3z7-!|ou+C;3AJd8rno@KN%d#y+7V>7~@CSjSG0e$h*7c!+{>*t4 zP|Am&nVtn@Yb%*%!>aL44y3%{PNz z`r$7GcK#<~r&n@MHT*TTRetYZ7w;W_Yq<~rRg*IqD3VZL!ikrS+IcOz+_;cLBt9-O zyddTLr&tGfDhTeBLH0P8@L_N}!|eCAp=*T81izCW*hhx-kT-ssr^l0Zj=KsgJ8f1K zx_@PVh-%c;#=Q*vD?<;qX6$J%d|l$TZT}AsGacaAg`{ zY7gnOc>hDfcS3UK4+@&7I{A3S*R0j7x4`rXQ*pKUqL@J?L5nEbGGM5Eu>B3^szb;5 z*CkmkSr>vdzCx8nsreE37-M2rd~H%PPfCL3Fl_5kN!0Lp?}l1C=^TSYAU1vm;=Au! z`I#2IlHtEgXt{erTRH}6G&mWl8C?=XXR`c=-xZZQOTD#@d4~H^EJ=w2d`lZmT*cQ(lIa>Z5Mrg?z6&Fope(#Wi&F-#FZI#Cdfv;kp! z{V5CA%UVM^Tf#ZA*{5@%1Z==lro%sb`T@@)&-{S(jhm>Ki{~6ZG$zNe#V&a1pKV$^ z1+aPZ8_PSBpjA<8c6blMA4wj8Mjm~8>G6M|@=@-dRV@W|zARrh-q3Jn<755^V`u$V zXa{<|s1~XRtWWYc**v{^i*Ez12w(Sp?XGs$5~5{-dKa`$M?IbkP?sE4R11_Q%6i@0 z5_;nAk-(is7%G*>v`y$l)V6=>M<=2dPQ=#Lz3CKxEiS>I7A)zPSr$77hindB>90B{ zp*#acurZMyIchp7Sy(1bxkC?7fTL(gS@Qf+m%D&h%^87;!if5!f&YT+rn&rymB$-d zXME)B{&-9%v;)>|f5qLKN=uMCJl}a~nbcQ~mqp#U|3b1qGfXk{$L1JLtU&Y5?t&wZ zNs^h}nSTuztXsqIy=@J0%aco|`WLIB%^# z?26ZeMKX#Q7FBkyig<3?R(YeLFB<<|l7?QBB@MkhZBmW>zc1fF=>4V$gRTNvpmIfo zP@+#$hfR1iH~-%L-zFTTwcoip7+{i|a`l#sAIF=nTTMQIOf5=>V6JPmU6TA8sg=PZ zvt+R*N$(1id-CW$X;sL7uoH1VYQ`PqFQnY9{m++iQLd@LeNmx zk@~ZL&kBUCC!$QAFH7AqZBDj{{C)w0au415^_eIMTeTVl==kEZzcr!?Ubr@@C`#h~ zot`L(?M!8qJR{B&UGY1-{@8zh@zUO&b8noV)HDD68m$I7 z`dM5rHHd2*zMf-!JAV^^M@sz84ThA+bG|;-2_3{;+WSG<+nx$5%PAmD?yIv%!4<#% z;owrJY;1G|K(E>Wo%Jp+uVZ$Q|1U}i9nf-loJ0i({j|csHf?pjh}c@gIE9FJRzua$ zXQb@=*JmWOfEV!jcI|zw9H2Q2IlufO?N2D6IVvtbA%|<^!vVi?=i11T`$$MPCg=T28<-EmbIR0H0$W&7i7s;{JL1)=ke3YG~O*TEOkx0H`LHdDcl zFMj`rh{ic%uDw&g0nF+&7#D2hSzF-ZG}@MtX!Eo7NaD=7KL9Uy3P6;=!?yXQzsf_9 zs)MYDNp1HS0O5YR`KJ+tmj4E3B#}?rrsDUcCshEyQT1`5P&Z9SAA&nk+IGC&Gu3e0 zd>AWg@ZX?k;oAR2`|F+R2WC4Q7JQ^vfKR*7Ub?KkGhWPW-pi zQ>qQtq9cW(NjDCmu6B@a=l_7Z8si|_+hw;5`$o24ZtanEJs)?RHwLg*`dHZw%nJ<> zRw`;jZfyuqn(MK%|2~+|M8C}Q*VCV8!lp( z4AWTZg9&X}=H@QTvuQB1Wu;y`f`ruAaJ$xEyCk}g45|sBy2Tq~#Molli|Q6>-?;t} zKv>+V9^u&%xc3)r*OwtZCg~5tF2ok&;0kTo0KM^A86I7ur3;(w4%zk3M*cXV2(Xfw zp_&Do-Yrb_QIIHoYd-z+(BGY)AVeX)+DJ8T%4@LV9Lsxo(f3&D;X#h(=X3pYBrHW# zk9MwH!{ap^930$@zc&2)6gqZ4I1fKQZn06743OyDKllex3Y&VF5Ega-VMS2Gyg;Gw z-McCn;6-QJ^e!}|uNLk5pN)|~uC!G9h5`YV;k@ta?S}8+3<1=1(biOB-`}6a(NHfs zoTm;irT@24k5Qg>YnH$Skk+WIhZSUyi+j;J7TWQ&wA55QsrsL>j3HbXRrJy!(e~W; z_%sZKje>srxdjO_E(|`+{R9-?O;G{f-oo#HbtrZw0Mp8VmU0)s(|(F&nsu5u)@8)R zlxk*}42aFQ8Z(>1$ePIyRiE$wHMVr75MZQrt!-wEl)aS>NC4pY9Xxb@)1QSTSYvj7 zdPdFq9pCqng$B*nKs{yu1Z&tdkmbkwr|qLAIAf1{o!F{8s1j5_{(s(2!G|x737-6> z2$dEuy+b6Voj(E}`+OAI_n)2i!O*|Z%DfW_gXTIsS-;=L%G&}gP1tTi&VuhSuirnU zhBpdnrS8U=KdCq)kgyeCBD=z7?;8Ik|1!cNjeW1wYUtuFX3A>^YzY9rYlWF*wCO$o zc3Q9!+74iL_T!<8(Mx+?Zfob}+kmt`hUP~4$2A`&Jvi@_U58>3G!mefD{=^W`S%pi zP+!x7K~9;56}zuzTi(28g|d2^@wP@`>!1FOOE1a(knEINkR7;N_E+ zVX3E;fvs$rtpjA6Xh}e}-{+-`vk4J0u-3W_u7$jXsF$l(h?LW_oC0%o`}94!zXy|o zYCkPId$#>A{q_&HRlW?dy{ZMplF_<14`~(tfdvta6qc8LGTF`an80x4DbWq{fit1x zp-*s+DR~aKimaNmcZu8Oet6;bQClBYQ&VHKCU)l9@%*&k<^_-YO;%Q$5vu^HTLbvj zLCFB@RmU5ZT4g=X8z$Df08Yiv$D9RD1{#`fs7mhnhY}D^-sG z@xiG#Gb6$u;SfU!7g#1dVb=cw7P^aYcqKXlr>Y(SpmY9lDA|_LVJI=*=!4!RB&5}x zxswX|C)XV`LTPKraoX!+QM|taFoPhEP48~2sJvCpH;S8zkqj{T-N_uWYQ#!j;zd?S zD|j@Px96j@!u$vc^-pyQ(u$4Pe&ZBNvZtCfazZ0Rr#g@|AUIhjARnrpw8E}>Ue=Esw+Mv9?sr0z24PX4*~l+@T$V7_X9)G)j!uo3oT!{2<44G@d| zeu{h^cOgu7^fyC}B?d@Lbgw#+;<6TP#1;L67eJS8X-|A|awZ6s4W)dd7ex{nP$W95 zTNY*Y-{(65&qr7J>)^5PwT3@_sh;ueo-27wHoxVnI6?)$a$BHLqotl6qruPl#`tkL ziq4>*IJ@#>`@yqq$q^z+;CqrQ4Iv;9yj@?K1hC-pGcSh8r$|u`ZWv~>@y98Ex^Jz~ zIgJ*F#Rq&)$w$+w{eNv3i#L^^py2$MgXS$@aai_NU!GY=wDBLK;FA;X}Dj zok~jLmDc0CptysaaIwHh1~!AtUaqq)V7-Q~-y=mMxIuVAzO#LQXo~E4?o7C-BXrgT zhLhJm0^BxI&4)JLX*XIKdw=z=o-za5+yR=D`!S!(H$Yyc*C52Z zll98;EYP*z9ywA#b_7r0%4^LEF>Wm4Z#t=MS9ZUcy$~X{y4xNGkG#vtX-k=~8_j}) z)|9B0;^Fg|g{B|yLeZ2=Eah=rE*nqA1P|QXn#f-DqSlb!_L<^*rw$*t?>$@E+NBN1NJ;3?UfvEs8PkwaWK`zEy_)kve-5=xPf!0)@Tog?%70&dQha=BWo4yfbGUtkrOV~z zdcAw(lVJ!f4?Y7v1r&511(FNj?)LJdoMSZ|{8; z|3r62?^(&`z6Z~qaXDTv!xvql6?l%Bv`2&BJWsJb?7#!7K= zWxK4{t~h^>g}rf)tyHCpSHU&kv$3&}@XWEB)T#ZoZyP}i6BZnl!%gpp8Y6&Ps`6xG zcqR8vD0Ecl`lp0SW7OE&*#aef+iN$ zQg4FxJ=PuUJjER<71Dxpft@c2|N1Alc;wE+tEiqH8~a79J+&C>&gKI*Z*rf%Kr&$7 ze(ohx*E8>=L6{GiYI*rUWmy>+Eqmo?X~DILr`4|Sca!bbc{r|Gw6IPB|I<1lUjY>x z-q1f48yrgk-0;5Kg?D+BaKp8Zk`~q#AThsGf(teR&8Q=klf6{;V$y-*|CUE8=$^=JduPxgz^#H^{3yBcbWtHxjvw{P{0@VIIKvpkb-Sqw0^cX+SV=4Zx+x9Z z&b@b9KGxZecie{dwk@6wcJ!Te0GpYiWPq4CMJL&@D^kFYVsJ*@K<1Di{6prTDOG@n z8_Rr&K|ck5Kh8)+K8G~@=Iji< ziQF2R%946~nQGLuS11S{X?_+{dG=>DH?%;LXq+e)6cp5SE#x>a(5eVzTGd75WmN6X zgpD2**uMcUh7J4^%OHTa2b4?sT2?-dkw1+l2hM-gB;Cx(FnA;|D!lNhbhIe#Z86%5 zb|2P`1+$x(OHog`@e7UIX3NA7gue4vqns@E2)o;U2S%GEY?mXJK$HjwuS$6`x|oJu z6`n;Rdq3Az2z6$trO%R%2~8;u7H8X;P*Mef13~vR{#aOU*f^`Yz78qK`X0^BrwhS~ zME!()dt88#gGYxaCbVFu^dyi+Iflw5_Ngp`j1=Tji8r)|E6UC8a_t4J=DqDzM>k>t z4fke2OSYIz@ZVWpP~|1>+TfkSt5IKuXVJ^_ctkA^HmcV4!4i6uI)I7qNm?}&BtP&2 zY4Y4IOaDBKPUy{jPxbxK5xtuRRn;69H z6rHUt`UJy5zkx?Gg0%{@8EdJ7%zi9U!M(CdhF2(~C87We zv9%|bmz8{=^p7gWZ=uyMso;YJA=J{q`rXQW{D>UoK=gg10-|sBcD6n3j#rJr!FY8*$g?}Xu7j3<&=7!S$!;f{Rd-VDohn?Jva2y0O^7QP_a7$AlU;B zfuS~Wqnb0>!?EG-oE9cRBdY2&Xs2>6H(9^@Qvx!&3=~lilmv72KT|{r%hbOeQz^)1 zQ;!x_D0SgsE7=nIKY|sK`yh0N3s&e;x=Pi?3YE|<{>t$xc@8+$=*p)Rm;PV@7&rv> zzaR!6sG7_AN_Q3@U+NTuhmW_rt*?$lEN4|*hWc7ejz6P6B+4)E3Q@hK(nvW8N_SrB zn^x!gi(*O~v2uQg&hd>q?A*^+%AGeQnG2ka&U3A^&*t?U#8N}7BKeK|R$)rv2N>sG zj}P1?qo-U7BkM!*f!7jUSTN(9z1Vg*#dNV!c8Gk2FY3TS@6QUs7$Gr+>*vT&PN^%9 z=?cpn`cn>YrCI!?M_`_bxk|cfztL556&>F2_4-g@;tD$7w^tI5`jHp=$$CSCsjdAh zHokHt&tC-*w~xGOk(WpZ*iCEU+8mE*$H#l))~HCEyZGbDIO3vgXBIo3bbEKmyKs(k zyrFw<)k{=Ff4Z~G-gNHs%aule>_Ov6a5Z6XOi@2%J=*F^Fud^o_5%X(>g{_H?>T56 zyVm|qf8%23g5}B!sJ{X8WYaI+JfVT;6LfN5xr#d&jmYI5+#%}eRXvGARqCil4v8TX zm-ip_3BpHkF+M8{bWi8@g!z<-y_X^17rtHPL!$>;AF$?UZ$2WBfPIL)%P|(RFQnm6 z#u>~vKcOEqXK!YUF817?hmq%~$}rw@e`n@bp2ChC+wqZtSDd^{byt{M$FsU8Bts*F zZPG!*u(}$iX10whM?zb>FmY|6)i|B`}o#xL)AZQsXRWcIOlbGWb#5tRoJ$~YID zW~e|r-O1oIbR9UUn}(wIb4X4evD-{*LR^Fx^{4Z~zFT z#O>s7MdrnxGjS7GM=(!l_l>`MU!4wRg#Mco2(o_AJg*K(owvXQLt`MDrh+cxS5Jpg z+F6qVz`|sP7Y_Ac*mz(Bb1vXh?m`o@Defw>ir{wu*{9gbx2*%pv8&5@Mjll?+5>>z zSvY^7Aq)){$Tbk~OMWxyGU=4j7yrg9S>o^;MS$V7j{yt9fX&VK-kl(D7|&P_#gT1+ zyZashOL)5fFJK9r3)PZyD#dNm4Vps6_FrMbU&cN4c=M%~5Sb%#^2CvuWz8Q8S1w)h z#9zDi<btcr0HXu=LP zLqlRHYKfyC)NnXAa~j48-X6z3a3o0ko-+0nX>5q23dgzwL7SCM9nCAyp(ch-eZo`Ak?%0+-Ya!A}MxE?Ez;ft)c3k%4nnO8Pzgb?Qzr zeF$pI_zp(*23`LSZ2s{Ez{N?lJ>kwN552{F^X$DJ7meSX&hXM2n!ulL6sFgCk@OPK zAh!+5{F3;m5^OlMgk6@c8O`v3>zBBKxyK;WShLKhtk@WyMHiUsrNPH@>Aj55s45o7~zsn5& zyy0_^pohbWx1Zvnvhb)!jc`Z5KaF~v4@a-+GX@jPO9_jbb%3u zhe_uA9_qW4X&Zlgz?Qw49EjkG_8_bE@UX3VQ!2KQgFT@rM)Ne(;2v@88}t-|>~zfk z!j5}KPP^Dsa$_b{eW%gz>${i4@dB!J(=C9-fx~9|v?yjdLfox@_PImjNqogG(B2QA zrFN8%!c?oyDWYB;cYOSMvpx12@p<=QyAGu|0B2%F{g}lIG9~pc7-ZdTZ^Gs-@nSVrBvkC3zS1tdR4v+z%<_X zI}QuCfK>IMvWaU${~U7RHGKzDe!M<9?D z5?0nr#Z(8T%EZ@xne|HGcQn4l?;`P*X?aW(u*(VNf|wmC1%Q1K1fuVBq`i>|RjZJB^o`1qxF4c+LutE{CZ;{oBxPUIn5PkbY3jeWy08#m%YycjP? z6prSc$}njp+6sC89;}WS<)q`>mJk(6Tmrn^C(ki@rrD;r09DT^aD^FYp83Q+%x5P1 z9!i9-HeCV9-n2y9_{Ramo7tY8pO(t)^*X4481O8I`~i-K=^Y%7#?8XX3O?V$2S5yQyYsD}+3 zS!dWQ->3}4JGqeq&4S@A3cwFz+`HB}>8iGJ+fy565%+S+akA$^yIW0LW!w}vh`Pp3* zf^}V6Wn^Vln8M5;{iEdpkJ5Za*Z|U)R&I&}Y}naOYnAa9Y%xb(!ki<*TR!%{*1k2t z9(v_47@DmArsNSC+cAE_Jbx|-O;51d%y#1Ht1+S)(c=b0Bp_}LOl}cg02Qlcn*>z^ z3JoM?vzHRZ@t-XKbdxbt&&1xc1mkkr==aGrs&SX=0>gH*0qTWqH|Wa`^Xj=LT7(i4sEEWfj(83mpX4DZosaKw#9xw2y3qX{ z`<%0U1#np{K%ACqwg(uMe6$h|#6Ii{X82S~n2nspl<>OZC(wtZEMJF1E9tHEePrJ)FwKZivmAnO+we0jo3#mg=@zh}<^0 zSbkf;*lO#gLl0&RIH65`or-$XfGoaeD!)zD@x;m5C4k)K_QVpoiI#7g;db3q3#_}I z_$8?QR9452>SuMg<01x2Y=J&(L3y6XKfWfhkx}?JFzY8hUV~96H)|l8Bw(YkOB}pQ z3x(^Q^wqPPAocL=LZcw`>qqk(7bfnet6aK>p=P+)FsGueJwDH$2ItS%Y-cz)`k4-3 zEP$5Itu2QvaO1q&F>DMns-6uHA7{)T!axgx-=P32gs`-D$A&f7^7oOeRXfBM^-x@e zkgF@MQg?E?8oK#w&i4^NRB9b*@Je<&M@)E4Oit_{3B{~DVKLhDE9Y|6nU@0_4%`?y z@Xc>?e8hU z%{A&-Di?Wq`G`rOh{9(-IRcAf<-<)P6s$}ZcF!qYyLN3fDfKOo zZue@k3nUYWqO7?GwqGx>5x_-#Vw0YC3g?o{vulZiB9{G93!)=}o=+NsOX3_?uR0~C z#(TUmS$4X#vIaJ=Zu~m=ievZ%Yc3W_I9<6?FMqX`@H`U_?q}{NkSkbp{FLHMTy)Vo?rJKEe7`ya=g#p6Xq0c+Qr~$k-)S=Bv;oq& z$%y;eOPRmeUFf!Mo!i<6n(J5J4HZ2VTQ0X9Yw7KZ5UTp-M9`URY6s@Ug5v!Jg{t9X z*~$2KR{6Z9XIx@Lt`$5zIo~l?UFldPF=_u&A$PvbRQ`ypsL-3(ht#{f$3-H?9&apw9dI`1gAi04B)lvk^>qthC%o?&1cstWBZd5PV`sTfDm3D|xB1m8~1F@Q2y$4gzH31^vk zZWCOO{M~KYG1Tcfpl0Mdm41e8j3E#rLQD z`5NI-E)if;bdD;e9};)XOVo@PRrKZwFX{(z6D{{S;J4YCt^v(L3x`mj6Lzb_^T2(M z%)y3YeK;56WP;nSCaK{M-HaIRc)wk4MA)B@EUIm6(#EKro5Qx=y}sgxbQc(ZG={x$ z9N}mOc=9;Nk61)Dr{(A{JB^)2IcgFV`OJ1^uxW3>YE@ps^JLUuwM=*h0;>h%mwswC zGjTkSozX=e=B&|%*3)a$464li+GYv*D$n;YlPR78EJZF}vVR~ z^4UT&l0L7~(DbCl@rqG?;ut)KF$7VOou8a>)|YJp02UJI@9<_SC?*P)8JR+@;58VSzmhKeO<6f)`&{leu;6LKH`X+kjHzJQViM+go1m?JLRY-4BOizSPWSy{b{;rti+GhN1#T1(lW}R)WuvG0}tHzst zL)EGRkcInl;nZpgso1uq^q=);NW+?r*s%B}?!@RYTvPoDpERRNsnU27H9Y2jy?(-N zY1Lq=d+f4L>ZJ3Kh*_j7Xdz^0jAq>bv{O9qj8wdsWrR~EK{`b_j#I{w;V^>-3YBw% zKniSZUa`0g*;sCMVr=sY{bp?d^&}p0fVp!yit*=j?ItHAzi7TMV4mGfT-Nc=O}>Pe z!wd08m?|3F*3w>=a1Kx}Tz@iAzAHKb=1Z)&p45?dM+&o^ zQ1K@1*XP~k3->XhQ1=pK9F_1ew901@Gw(XTf{MQFxrdy1`bUnq1N<{C0}q3IjAVAm z#bUy&6)k`AhKoJ6Q8+#13Z&OuJG$n`VNeGcmhqevfNE+y`3Io(zO4fe$>3mF z>&79GM~8%+H{of2RLp|I((yIBbTvAiKEA%Qb?FtO%Dmi{+wyxdjMIaS6| zd9$3Zj2+s+6;APURgvP|82$WFt>%0#)m|0(m6MFCtr@0j3(q=6ayJWlaptV>_64=0=m@0AUOG|qZj>tX=07*U9YIdVtZ>zqv2v^-ApjEk zd$tqVLrpv0h|O^q64&Aw8=ne~urE{>gAz~bL9>s=ps+HclPcEZzG*Br+)QT4V-6xV zmz7Gj0{xTM-dT)(90M58muIu7BSFhFOw=jU>9ppgu=8gIwT}gPv3Ao?Yk~44gieZyAbdU9G?u^TeV2{e z&Yku<-~9YM4q~5G`MD`NF-_+{gvUeVYTs>N^SobP<6!+KtQ_M8`^9EGvYG_$wh1gu z6t(3}x-R5S9N8tf`g;`$li7AsO}Xr*S7#*`@oL%w^XbX4TSR8f+D6oN?wB2IuF>Ap zC31fB{5PeQH%nOnE#3?wMaB^}K^Y*Y!(-Jfa-tgsc20D@o8vBb3^o<5jp8+TA?SQt z7<*r1JF{>|pc@c2IsQ{1kuuWtOrxvKVDfOuR=K^S=Emz~1I1M9zWXW3Wgb9%${L+4 zbGWy+wkFGQQP*wchV!aZT0zjFOYD|+b5mqo7xcbLj`-I!3m(u+^LXy)f|Fm5AYyvw ze7%~An|IM9x^vnQANM`jx<`5Q^(WcMsNlJ}8ud83BIV>>D;*`K@Mgi+f1CD{>(De> zHm{;N0w|o_^}Ysea1(J-NQBk!O$Zy=80?})=L%cdI9G(bVBNI|GjgFfOJBgVmVQj- zr(7{#zG>cXnjz`=OM~Iu z`_6$f*n;0zNFUz+Ek?%L{S1uklF;0NRfoEQML&S*wdk&z*0(Xx%uxj#xL%F5BPLwM zoMHH_s+%4G4VKaCN2DFtONTKWC_$DTyU;ufQ_}|LFA%Qg?@6a3U@whm<%g#>SwIm% z^Y-n8_6wde4D}7PNz1M0Pfvw@TxdIX*shWz?xWrS7_W}7%TJlcyF}Fubgk?l*vWR(5OFnBPWxTav!h%U@vS|sh9U1{-Ck4}%$DL{AHctA7(K8YAqY9; zG*47Bho9K;t?#1}61SI~Zk2lPnh-4DfkL}P=(YZ#;?V=oy7l*xJ814H;5}Rh-p=qs zV|MGz#A%fGvMi!}r|?P@SsWIG4N<`o;&v`mHc_dlEm-;x)svTRDK~Dz=hxD@1O*1R z9(j03A31Agh<|LXRHhUf+1;iCA{(yFs?^F!lp8!1ZNgMN2V%F~+V7?LNw@Xfd2J(` zs>rq36O1&o9{$+&gpuer7>lK?sI;E)YxZ>_k+BPg)z}C_+)~@O2(l5pib>IFC~c&A zh`lg!*b&-}KdTS&8G0YQiWk5;DDp_YvaXkg(uGXGfxf|T^Gpyf=*H^pOv!`BviNPf-UsLHpWzaO*SjZ(#6Vs?d zi0s4oPYvD7nC*g1NCS^e;pHuq1By|Tk=!zv*mfP4IlS6i z&88A9%}n!xzV@NT$bHT^i8$BW%Zf^!3*R3S>-kO;x%gITSZ#2NJ2foPe|=ZcHVGPca3F~33B=p)e& zTgTxOTN_DSNZ1`c7(eoWct{;oVrqNor&l1K(882Vf%e?$igvj|uY|d4oAg;bC>S_1 zs((L2T!XEtX$3a@-jNwF^OlV}@b~zdiVUF_Gj3P75;1x#$RN`G$0Kfwc=uS32RbUA z7cs1#J|z;r*h8l+XFTIF_9#(b-~PKR(Ja9~uH=EGQcr^^$e|{8I*ukOZ3^gJWiQGB zWGQ3v@AmGsK}qMXxGlj9!VMh^)2jObIsQ1Bo8i_=K=nhJ^A!wl)g6EHR1Ay1-jRCa zKCL0A;yL@N9=@x`I%#y#2p0%J?xv)^E(ylka0)Cz2gP%~x%;%|9sFmdR~3Gpv~rvj z!=5rWycqd8W6w)(GN!AUI}L-fI3rDVSk^CrkZG$L{rW`BeaxEn!OLXaZY0`WtIklH zWeDhEYl2>Fv}H4KoRg-8PTYq`&@mQU$_dj_v(FoNM;1k30UkHTP`yP0!VM(Ej#L~) zbEx${e$)$A|H>`2&$r4sMxPglur;5)O~pbkkOhDG7wAT%A@>3mE4sjpsHh^(ZzY=o zP%u_pTpvbdhCRt?F9a?h7)F{6@?UB5ZlCZ~g0dwv2b-^Om5IToX;UaO2u#8eu0@p% zea5Z^=ls1)A?N2BRPKUzQ7R)A^`g*(^9<+977!M%wS8|~lL=kZ*9}Ge(A3eMs|0j; zHt(Bxa1shtgbHY!G~wU-yes9<^&R-Mlc}A5+ zx?{=>4#VF)@Epp~S3Q-k13bS;;RqhXCaCKv#SnigDUcz==jIqFk6i|+Ce7i?gbrxI zWn+Wu!Z@Qw0{rrcFWN2_U*+jZOf~d9AlUJeehNT9zfHI7+)M4|8+rs8e%u5N0H`7| z^kcGFaku!gnx52=i&u1sXn#r_2 z+@n4a!5fIhKEOU(?cM2Saifq?$39veb74Ft>J?GRYYUsri~{~pO5U^#<58bGph%mB zVsG8G>0m|g+V;x?dAzi$|EXt1hFoRI0Ij2ygMDpW`#mK7&`S-pX`y9gWwm{$s-wus z*=$6n=umCEgg2XQJDHOAgUDBz3J8&j7E7ld!j=v(KH=5b@A75lFd6Q!kOd39RKr4J zCHC;zY@E1_L>=lQ?aLr)5~+S7KcY9C5ci7DlRy6&>_VTS%{M3#=bW~Ko|d6q1#7T6 z=w)cpDGk-6-~8I)=#>SPu^hp7%5P=r4WL~FT+TG8r9RxD0{^*K9q;2jRlMcGiVsK( zTMY|;v&QS75?BIzL_%m-y48Q1j@wq}yT`qKP3t3;31?WuD3frjbPr~ly7tC&G z6`!G2cF{d{(5fedvz+ zo8q>bNU9z75~S}&@ghu;7JIEJ;+~;m9;tXJH4ed=ZLdtmczaejQD~$E%~Y2pRH*y8 z{EU9cMjw&~DT3V2SH!m0gGsTEJt60Km{{8aj3|{$GWh0gDUR{$Y7Eu42o)sHynoKh zb5|qkJb46TkCR$NPB)>(N8=0yU~OhVhR`^iyp!-aR5SM?RY0Wca)O91J|P{l!{lyA z1hX?5gR8?)^Ls9-dy?Uus>;;D74hX~iNXn1EUjrL4uq((Bk@-#p{01r32ID zC6pt+s)kgRp1f-Nv>39hxuKurAWN!<*3#hsQN24+jmH8)pwCdGSJ@`B!M!!qU^xtT z={)NWa^3bm+$?>ZKEfWO%f*fd%XebS|BL1G+d`|#s!UmaOI||CC4s{^cJC>@1b|;@ z$6iyE5brd3h%&|&hhcAeklzj@2sXn*){P;sv$2SHm0@Wv_1N%soLL(vj!zo;DQ}0zJ*Db=_7oXr++e8`QTQ ztbxUqEE!An2Fp&Yf7_%ogKw19I3Y5B5rmy~8b(=N9SRMj%0a=dNtrJuSd#3~izcWnd8q)iC!X`8#)wVDIguU4Ks3BOE}@luNd~?l@(V~p5Po>M6(OILXhw}CN+nc=dkyAs2R{8&y;EH$V1PeD%%UK&aLa8t*bc&lmMyL2nO z99r}$Lh?rhFpH3KO;SA|X2$czw86YkkicL(rP;rXQh9(`b@+*|*)LdOIwx{Qxm7H# z9w~*KEGR_&12U!x$9WU(Cu&BQ_@=A8EkS~p-+F<0WNDzHs7P7y`t{MXaR6+}rF%2@ z3(97}G$O>EtIkk?y%sHrNmPmR>x8NHXKs{GpB;k2Vlyg_If0);mhVvOo zC1DVJTa+~hQ>9=}5?PgRD6b??#S+yfy7JqT`dEXtetcOB23anoTMTW)fa`JVOOfmM ztWq>Hh;z`1!f*i!a?&qitYy!3ImbX@U55b%6}*xlMi`oj*TMm&5PlV!cAahIGK5+X zWNJ5eojEuZPYf`rt4_0Cjfm-(*@yUpP2 zS`}wchne-GUNL{VFGj`IvXDs;;7y#+w5_9Pw~`3U*$gZ)Vy4L^MofltMq z7xFmMw3$20tJftNsDhqGrj5jb9ntroi1j6L@=E3%UsS{r85dwI-EOYyG8cHz7!>0= zvuw;xZtHk`>4~a;-NUN@ye*2O{gg^N<5WD5dQQn!QM+*CZq*ObmQIlkp0@;AS$(17 z;iUG+BJk=Ch^bS1kqeHv9e{JF>iul+a~QFKbaWjNt7KZ+eN?U>lCo-pcQCfqaJrZZ z!-~f%%dayhEgj(v&2Q`}r-@O+1&XYL>u!Z=-J8wVzdKnwE`$R%ck%9}eIy7uP7DP= z5AjBR*(~5f8LvG$O}>PRIXJdS(^N8TX>C_eftOp8$1`#V$Nvd}Am3};XLT82+aHA9 zM_+e1S!Baz9{lPN8TIXNLs@uUJ&NV6n!_|`Lc9l9t6`@XB@5j}g6{7hjA!(UC`9^v z_&tO~2k9TeBb5?9$8MZ896+M6bi-5xdhGE7VO;F&sX*C$YjNEA4?Fc2c5$HKa$cX2 z6Y?5_e(H}Y&t5V+ZG7+~Jl)LdHodjCU}Jjw{~w~~o~$jjd6fawZ0F2(Nj)tBrpH}4 zWl&1Zojv5PV|5we%$7z8`$*$a4xNHJWTVcTeGIbO4vmwSk*<1-GTf4ch8Q05t4|{q&05kqem^t^ z%t!GKIrs91c>F<2%O7^XG7B_}ImpuyS+*cl{1!&vBcwyq?*s7Vml~X#ALC9FrV4Yh z61&6tsmYjxqDZu_Lpi*hXpcJKA5vMotK_o=b4RHHigk32f*-&hAD?O=4Ty`#1e4U<2K2kX875{o#ctkGml1a#evYmh@e?zwpT}Tlb;Hhd%@QhiAln zvT>k8L-Gh3GHlOH;H)L=eJf7dP78SLmpjR)l*RuPd~kWt`7#9ENIwZn|2IM`-d$_c zn8-Ku&8J5-wJD^vKav9U8m?QBCtUiAz!I0EoD6;wjuQiSTSk7FJm-XE9YXiP?lAto zeE|C^rTJ_``n0WEA$s@rjUZc8AY!1`q`H`cuD+!ry2%!G`$)qz+<7q8^7vHFJchk{ zHK79La!zM6Sd}#3-}`hvKDCjY$G|b?OZb+Ce&0F-FrUOti>1iFy!;ZpdiF;XpL54R zfq<{1N`iEd86beklC3G-_ysv|vtaFlPa<&jIt;XPtP>6cv>gHk z&yNc?w}75a3jB|l=HM>UFPOdnr^59e|NAO)@WM;^YgJ6>!u@}A5|wwZK#u`22@qE& zd4|+*-pmXH(gtR(?V>31m?&I#Jt$)Pj#ie4f2UsOCkndW008J69LxYIycVdTj{%fh z0AIHs@Ix8q-D0ydB9nRFp^I@7^d*fBT$TxjL*oPQbo@AUB}R<6Hw)YezZ18QaeFh{eYvY`t;jiopg``Z}B`1zWk=6 z&@4y_THYuJA%Sd)w`MX3F9Bl#j7GcibCEE8!ScvS)B_)PTVHVNEDz$+&_~l=#sI9H zCTuejbK`?G+>=KrczSI)wlVGZhIBP}XG9VcOBS{w(f6hjkDe*DBHswI?4yEVTGC4G4j^pFm$Y3{s?*bjy>@Q={vgF+im zuL4ic+Z?Fz76(=rIc#)Dqg0UmC zQDczcoQH;88%!a9$n7pd{^vsV0Ko?)hKTim#aOFD(LISq6CYoWcWAgbJCFfKq#2cY zQ8t_b%`1GWsycsYrqz%F)MVU6s)3oH^DYsn&#iFM?;r{St(-}+3E;hTZ{(xy7-WpG-3|knAU<|O9#6c9phU9M{fIo&p~-Xk2~L2q(#xn|BFD6ollZ zeEfmE4*hl!1<1OzaWmrUOHbPu06CoooR;j!;dMbjF_-0*h6EM)8>MJ42GXwwNqM`* zLyf^i5d{F-VR)hJyH)Mm>CjjQF1T&qq#M~7)_j@(+GGl6Buo$v`K-Y=B_jk;MJC9_ zZLlg7F`z!Cfu@9DXmlD6gaOF5D|<_;kxrWfaNYTMf_{tv6V=l$(g1q@By1z@1>LHaoV*7*qo`N$No(lvVUSIX2a^ZJ8RO0Xs zhd`KF8)|&X;ZQ0EVwO3YP9s@-WmOA*xJG31Jfrn*v^BsTyzv$B6_TF<0=pet#yD`m zvH(qhK!W;Ez!kuk&bF=pu31+HN#7^L53uGWCsktF9K$8iFR4;|+{RNg?go_sf zgs*W0a_rf^XJzA9@gScZ9BA|k9n5>Mb{3b(-*LzBK@<{DXV8s9ZLisBzH_jmETa(S zrWa6egQeZ@kHsF7K|1)OlW-FmA3*l4^3!=Ac$iM$s~}kbbtutl=}p5ZqW539bGbhF z5=A)Gm%xue#FCeM%V4&&Z%w0|AAb(A=+VqNS2S*i@D&wb9aijoA06vCivq0n z$Gl9WlT?VM3z{9RE)I$+Z<|L?$3_C(bISdpHB%|j@xLO$#`g3Rp~ zo!^egt~ef^0F+>-b3+g}DqBRcadNN2XDpfxqd|Z$Z{q>*1e~sATMpDN@fv*DhM;Yo zH3$O$U`>Yd;`>`3W@>;gh_>^u&&X10Kn=5Un;ek`bCAJnn>oN4;%Na>^p-K?kf`Ga zB!Tsz6~m~d2X%dZ{0CKhB`Q{pbtUi%PLH-u>ly2U1Jj7SKm+%xhB*cMqi!ab{h4=Vo2-UuQXSUgqzXPUa<0 z+y;}M<_gp)qd2HVL_p&!`E@L(eB~RcDMyb(F?`6i3kJ5S2+F4nI{`V(k2Vsx^+n9E zYCRiv2**Y(wpLKTSP3&!8Y=@sg$$$ol-?W3o8BuwVy1BL?44Aoh%B49e!Kp`qVINH zUbd6?kJVPS`-YH~YC&95#27M6N-Y)@;6N5!-@O^7iG~;9ANy|%Zj5rLMyab_aL^;x zlMt6^NX(P8G}vX`N4E|A8NXyG3%0i)AQEQeby|OypGR)ilOi7t(yLsRlaR!0p5w;{ zs7}?H67%A*FWQo!8FzCt8&p>%oWOj_Qu8CgfXGF0rBHwMrY8_GHm0{%!0f{}x2w{jsuRi|yiTQeRse{En035t|23bDUD(?NGi9Q1xPW?j_lYx-tqT7EMH z`546&8Af*HZ&g@cD%HP3pl1=-Uw-qZGU?ojF+k#VmC@@4TDjYMA!H3B43k1~3W7Tn zXtpg<@#n*guk_<)WynHOPz}&pL~wL_pCaF19E&J&%Mqh67iSC&2Y@PWI~=eRrXbRQ zAUyLkk?S4Yh@3Yii6~FeP5`G_) zl=};Gq0)%@Hgbd#n0u5X<2#ZI?Um#l=&=1C*4{fD>*)Ujj>xJ=MvBrRw=zSrRk8`U zy+?LL_EyrcLRJ}N-}WXmN@hg%O37ZC+0Xl^zTe+-UC;G!#!vq2i>Zjdk_iEFk48_?w(fboW9Ni4<~xNDuD$9b5RbQNc0F@g{zNQIX5 z@@3fvW+)$Kp+SlH!wv>G$KSZ2)NEvzWP5zE&NOS}i`)8Cm>_`=fxPI;yNGczp4?PW z_?2YR$ts7MiYk2Ie#JoKz}Zs-@--Q!GoRiOyJp+m{0OcU5|keKe9DG*44pAZkNjza z-~6Z0#ScS`vu_HJ9_?z=N}z5L!7WIS6jeiA{@!D##j;oza|QZ}_nv{B1FEW%wp4w*%M5hI}8jMvG;DG-m`DKqT zXCTq_5Rbp(+LxLDGgMS(DR-dE{XlJPw)H!0|c-<2Qy zWf0>`(IgD2$WrNu>DxQWIF@T=?i+Tr^jP8o5SzMFj(G3ZAS9+*?dc(~(tbmx~_@4#7`z2uhZQLS}R__RdNyIk)iy5IyqB<+TJ`tqbdz_^c!5;yp z`{#6Y*+$*hdsu*SlKrWlOZP50b=9|OW)X3oX=M{0@IJu*ATm)y)ve=+j z$DbwwV;lPO1oMH;zbZyjko!yF=eyZLkRfogjz%KO--w{n@>D0RM^6R^!V}e^voiog zaAdV<7TK9n$X*%);2!nf=UGs$G^d91SolY=5&AiP7pa5ZUSw*|y>s5OH}}ne%MTD* zhDq>;>r11$D(9C+-x`}qR&q&74YOO+nwp#RfcWbN zub{D|(`RU@L5b!Ln}SasG#LW$E2=*2_vt7uLGUK9;EzUv>l6jh2r*1Cyn&Vh*5V0B zzJzw-`zS#OvbEUXD@n=_y08D&BeV$`J@}u=(Y6yo&0CS4SPl3Ea3W;uONuvWBEpaQ z#QgsJLVHA$+I01u=#2xQ#{^A*Pp<1z$G4wypFZ~kJop$H^7DO=6)XJ)Q&F3Sf$0pN%=$1a0b>V{m?*-U_ zoA;znfEb}M8vR^+u?_>vDh((>2Fjgsri4flw~aUkUYBq2+ZLifU!(<%Q8W2&H=l*O zj=xa-@V@Gb7{mkqQnSN*lyAmZ4#qQAY^1>bTKdSUg~ zetBe#z|e2@A#{j9)6C@b^BQAWnPX9bpwn}gC7Ku?hS5=%_lMDp-Vh%ym8G=_Ze^~{ zeyQ^aX`bXXnq}r2ndQ}lN*i^eiX8@cEnOPU!mLQZ5{jm@hp0=$%x&5a%#19smgr8r zO+GW2u6&^FWC~>0VyMSSq56XVPY4VVf}Pe^Fwr1P3ogLRgoe&&I|f0**!YXk_&59j zOEi`X=WT59J13IHgtX`MWl8*C9n>5?L;8U->ax{9cZz&8LwKmdoxwul0xVi2`-o*x87ig&%z2dXB!!i|F z&p;{yovuPBCiw>gaK%lu#oHX;Tg{=2x$*d@gVD3Yvh`e^44qZvvfXLALz`U*sVM4sgOmL7SlRWvY``IQmj@+mR6%)ZVYarnqm@VP^1Peate5T9}{e z&MAS5=A(-FGICn6SM6PX>a|@5Sj;;uw|p9d{LjpHvwX#<N`Z8PV^Olt zf@7gpy$wO~j{E4!n=4)w6Q|2T{M;IPj42}V557MwelVq^9I}+=xdZjf(Sny5s(pZm zvi`6*I^PD3prYHSJ-%KCe<3%8)OFXK;4?NodQP!CP+Z<_JNh^fwgjpnLewJ5{!V$2 z96B1l@gq3dZQ39M6q)(YK@;FM%`=0)Ll;rl1;pRpav{Yc#zXMK6TGK#C@j%aKDo%@ zVwR!GJN@g^^HyoRcmr@2%B`1SubT8s0q;-xA9`Muk3{#toCaVb<(>e7nG*LTz2*r{ zrMy!^PBK2jpRy(E8Pa%lv8Okey4i?Cfcw4_G!=3o3x~rareig z*Sa5(q>#oWgL?!23hi~m8-X-YDwAuEj>}*Avb6@{TE9Xsu6^-8^Z4`6o4A;I<@>8| zpR+r51*;6HPPiL)wiO2UM}0}uS-jHyE1ui<3AB6P%6{w!as$7+GK;eKwpXTMwFjF< z)*Uy1SAi+OG0qf$8gLnDo~w{bskU5>CG^nqysDRj$gq)JR9y5|%|aMD@=eUR{kEwL zduBp*ha|EJH{1kR5;jVzce{2tyH{DwdfOr9jN|Y?_o?y&M^VZ|oKqZ`pO?0ZacZ1n z3=asv#<_ogYB=BsBEg$0b2GX>DpS@^0dkmA2c%wl-YrUhctP})Kdq-W!vC}d;#H&v zPkaiX>F%Ok}5Nh6jsL2gp@!B}zN#|VIm}bq;N)6i52}D!c-*Ry2 zd1@W2|0Ay?dJkmtTC!FR3+cf7IaJK*D5~Pd-oPYRQ2Rm3A0bL_1yltwlfCCayZ|XcCp#2GS<2tSLXaNzGdQd)uD&sFK;OEC2)*{&Mqh*>^Sb7uQer zyI2&AA6D)-UkEW*tLNU(AU$>Ao#$XBc7N;zLN~a9z^m2ArJr}yoF>aAuJ<%3nvKq<`Qwd=8kG!m`92$y>-^6oBZCj&-%D-|4))>d^QEp~#!FMN3cIn!~ zsbpC|vu$7Z!Gsm+heq{t z|07U0WBPy|u59>(RENH=vOMEmMo&FJ6vaNBu|Wz?sE1bR$SRxTU0#*iBhP;iT!mM& zYLYy&?XPHR6}T1^Ea8Xs-|gR87%(-U4qmMU6jzJ905plfS?hHohAcxV2XlT#u;Ut) zxmIr4Q{CFLN+Ib$V;;^dKVh1~a)3n6f4DWncG&&v?;B>JU`a8Zr z9SvMiy>li%f&5eyk6ZDUca#J`TuH+oDqMRXbJg0y8vKCIda$SEkOw;dN{*a;Jd?xc z!BMNMAYwf?P*l+GFx{&LW@zNRlVJYSm5pU3P9?F2O$+LCdgr~LH--O6e;X12Ky}#A zK5Y;&SG8t7n!#1?qkSBv%9gD4&VQ!L#6ge~5SU(xCP4{wF#PZ#@nbRM3*LK#lt*MS z0dEepBcZLAUb~%gg_*!ImckIEF(wYnXgjQSt*yrJ@Op0lR(er;Fk077%I^fZz$^!? zr2G2F-qE>?XNII@v%R3J6?~S1&U#zd)U{V_l!|>tNmX5G%h^Y2M=R@aRbS~B!gF2c z4u+-1x#BVor7p^vXSoHR?go;!VtZQQ92NaQg?U&d7>ajiIN8h$l;n^l04AHKP)5T? ziv7}ZEg5@h6Bi2OyL)c0n~p_L@3)`@s_VdY&~dx!*%UZFe8*YDNPfh|uH#Pjg3Gwu zMslPy0V#IXc4T)426`N6HLG!5uN!t<6o_p9ZLdYWPQdN&>) zzHjh|R?qn?Rqk4G&rH1^pg5~?;%{5(UX;U5Vv~m#Y3S~*kDuAtq{td^#&zJ{ri{<= z`>*pY0Rb!dmd!T8gj%om(`AV#V@#)uR9-UZo#FfJkWrJAtp=t?^3kc~v{B))wMnE_ z7D5#?aM9)7$niVQEMK^x=c$ot%TUJk0KQ?m7K9!WXVVeO;~XR6XP*W$XxGqj%#j%0D3^<%PoP zu5!H5mZmr3^PEWk_b6B4XNR0*A~J;JZ!TMa+8qTlpK8#4O+uwTi?Ab_d%H7J$mr+i zg5fN*7;hNmsO7{JT?dw;TD51Mg(hif8h&G>!JDw@E?k*(DCz4o{8;fPt|4nNXLcG? zlE*63m1TJ7oM-d0-*(r5nL9RHyN~KbG?z<07N^|@`PxqmE9P1<$Iq8)Iwm%9QQvR{ zw+=BGF;w$WtiEYa(sVJ9vi<=8Xq*LT(5JsefCZ~xZ*N`14|6?HW(Xb9B^~oD=*u}a zf$OGaPL&1lGM~JQ#?_>~d!^Rel3}|B)R*2C1!0o8#KkaQt}~$5G3oXagSEpNtR(Y9 z30rGMPh9ko8rdn5oALgBL{{RE`;YYfeGB9u(Q5n`fCJYxe@_(@$^=X75Y`N$dGxuF8H|ryM>VbMW_PCQ76uQQMQ+OE* z>Ce0aPyVzaR4zKnx3FVfmc}^zuoqZ!YOC-spKjgCmQLxZ;Fu^h?*w^i5r>hW!?M$D zxR5l8c>EJ^!+r35eB?&Y6X%0rHdVhK$ATi)e9ZFa4^Q9B*BuOVy;1>i2_3=~FA0^2 zRmb)dZNd}uTZ<3LWvQ7*C-iq1UwOR#I5)gI2lt|f*7 z>-Rls>TR{&UpCOCF4^9mn0Go++1BZQc5)}C=Rs_@TWC%MTM^8-+T`g4dk-BxpEmB#G*$LfN8L?o1WS2H+lddCSK|*?JPnBE+yy}h^oT0-th^$d7 zYj^aOu*FnyzwrHV*V1u%INkJ+JI4B4-M=j9kDTJ+0?hu^wYG^?Rwq1Ii~irQVSHIv z-zEg+<}F-?V-1SlN(SuM(dU`Mw4M~L8=%4ypefWgAWwZsz-h`b@wC?<0ykF)S^c)9 z4N@}U%wefWnXAo^2dkSeSY2f#mDn1~o!Y_=1>-su@z+DY4l%KpE{dxOt$hJ;!3je_ ztlaVRQe5?oS5+JJyf%H`@tfKNcOEq8kxx27p--4W%@lBvgN}c9@uTbo4iy(V$d()TYFB*F+dfBJ(hE|c?`-&yd zr$<`azre)XO4(0|%C0}xvl0oL&YQyi{I-nn=>1u~%(!-*&9aGSgiO$pn(@6!dXnWt zvgk8kU!*j(3U8PaI47UZoQ^=)%be=n>naRcnPs=ZLex)gIhNl(#RI_RRKRuiJd8{`L;43?nA$ENzGr64CwV2lsB40L5b&g(x(-#2!LaJa?%l*Y6}ms{(TRE#xf zQOricF243vAf;O}hXwUWu0CFb?O5mOKID*nG7odVzGEdOwWrifm(CnuK$4ak0ZkskquFGCXpO#pvT?A8{iNG+W;7t#7^E|727 zcA{E5k+gv|Y94b|A^JN;7}GmE_vHL6lt+pCAsBrml z;tn{bv;zi(q+xjhBJP~Pz5w=z&;s)KoMtJd1+L_Hl+oZ!ByPf$+VH%>Ic#brT(vh| z9+nYkysAd1w%YYQ!GBDfO49&%gRy3A2yE61YN0yZAs$LdOPLgN89) z&Y)X(0FnG@zp-bT3zJ^55a7XH1&!@2vZD3ru4e2nERS4KL7VV^1c1i!;BS3VetxH-cB32$fOW$sHWqRTwcYl zQ`~|8ivV^iQC8spIPS4qhH7HRQ9@dE|Dz0pM7$NhJ7gUDk|Se;-5>vdY8NDoi93^D zpB6I_dXkR2auv1E%piBAD5N$KhV8rnnuoG$vt7-oV#ZjrtbE6=fj<{1p-yej_ut3m zp;0dIPBaM@0sX?c@+O@y=5lGX)#;v+7w2#H&uSECtKWLrzarp#&ZluPcdQ;5CcmjZ zOM&3cIzGZA2)V7l(@(?YUDhpZ@Ow^Gt8{5R@YfHSN6AMa$?%h*rri0y+?E&@mk(N~ zff-6ueqSq&U|pajwpasw;!+!+x~lY!4+4?%&1bW-7jj_FZmfbHmA(>rqgTOwqiDuo zDm-#Y-z}W=mApm}RTf+}yn72w72Lj`*~`5_E_C%z7*$}4h8BR1D0O7j5J*#AgH5B0 zm8h&r*SuRePPjvLSf|w1poQ50$SgV^KLI(WZ`r86G&hAd%6&6ERh#-lzNX;J#H#%o z|3qoXG-@!4Q|-X;x>DFr?O_0bjIO8QUP`E5Sld)FF>Dp1rdqYR;wsm@It}P87JF1y zSwkda*39V6(xI02!>-1N++6`_Z;4oiFlL2fml3tzfLZOcxBLXEe}5-)+PMSs!Pr>$ zCh$+s?lFqq-P*eEu<)f0OOEwkLbZaQWF?2G@rX6l+RF0$7gy#$D)9q7W0yQB3F~6o zD%P(DRGn`Z-Ffo!Lzw(Cbk;fdy3o{#I0WwIDyM2ospARv1mhCie3wGk`$?$G?Np-C6$?av;^p$Qu$wc*27u>w~4!A`S z#=HOUP#H&Rt&OYBQ&j`5Fc3RbdoPELioJIK?JDS~_@#i|q=oLw-h5pnDqh7C+HWe% z&VIrp-KD1L1-7~BcLGqkPL6c|4Nh&aKu-tn8ZD898bAw{k{v}vY=nd@_bPvKSRA0$ z)YnuTZei(Edxi2FvtT;G=A0fO3;M>Z$KZg&ph@l}Z6%zXJzPdk@k>_K-roy3XJ7nS z6c5y_gNlF3GqcCC@~8qJTMr$jH(S`<8sYWYbzkT9lS9h%v)n)y1ty_DM)ShaZ+qrjaUr=MI8oEq% zIjnW1f4fXaV9ZdKCm+B?23L9h{yhJHk02#@z1 z9=7OAQE%2L_)?#Zj-RV=84%beZNlrXGah}(vQ&E|U=x=?Y71?J zQvb!mU<@WLhm@N29nm)&HftJ#ZAaZ&D>Rhk{mPFNbV7uEV17{9E`^lffyg||q;f0# z+5LZ50KhiQbd{HoQDClp=fN@{c(``yN6RnJBrJiEA6wL0@)LKSGjq_v>_K>i(Ker& zsq#MSN@BYTL_rZtW%Ws%2&Ul&Po=-2UmhrUw+l5eWVr-=5x4HI0zw%t^m;&vNVvd! zp<3^*pA`E_0l@v-K#^HVfeXelTU!&K;yUS~0{*ivx7o_K?NDyuFxB5xU%3{OrJh#{ z1KmIcP)ZY6J(*e)iyvk|+SQebZKk@{ZK>;wrU0Ko41Qz^fIn4LwoiCIn zHNasavoGRsnWWK;h2x+d4C4v+pq z!yCXMY-!2`ko6c2BBh<^5V~x%Pws^sBgjSwi@>bGM zNbWn^1dUvs=U#(S6hqT$PxVG%tYg1#p zkbzz+)fmf_OVLyJ{mul}81t@jd(A#L#FU8T2`u?;VXVId6#{~)WOK#)T9OuRB-bXX z<~YV)2iX_f45j2}tBThxkOkZ6(e>!6~sv5WR%ZuJcpe3%ElW)?xHzYoyGfL`_M3-O90DY<>iLmB#Pn&jc9v`6ef0>$=>+ zVJ1{AU5N%qWN)*zO4x3u&a@EH>Q3TRag^z}KmcBO?h?{Q2~v-%dAm;pG29dI6QO>B zRLQf{t15cA=-meIcPGoxcJefn>A9YIZP&z-V(aE&u%f=_XgRx|k_V*MWQo6bb6nsh zv<#l^X^XDh?vN?=+;LSi$L<|Xo_>4M9_begKB#KENgY^s3aU*tpE=0AB%upL++o2* zixRQ_H{vI-$RkseqjhxLcY8DY3gpPic`bU|u~GEywItn1=E{~@>L(1{L2J)?rr7!; ze%ShuSM?FW@e^v;PnP6@zY~h?bv1n!T$XkF(aNXe;BD`J)PY=IF6V*>KLCCyncPcgEKW#?-B^S4bMA%z8MZtZ4XpXU#vGY&6___%Ttmaq zu2wWaeF4K=uZ6|_P_PQ`C|{rnPioG z$~>b0Z!B9-%h4T*RmNG(7J-3UKMZjDVL&BKA6H}imbKOs-dZy(bi>asBPcArMZd!j zl7m4)e{LGlng9^F!TaB(9$=k6I{c@_O*C~Ej0n!(4!HE5mM-e+!;tFD)tosHlFY9Y za6D|i2MJrY>)0*WMB7vD=svX&M|h2LCu0HJbx5K4qG;)N8dx$h%v>pd<z3mpep)S603;y;Rx1OGny z&7P?F`wL>3`rwg@TV$XhCb=z;fBQ43F*iqaf!SetA9~~|mq_+07dpQz2)z68(`U33 zKBM`UX=ISkU+^v&JYbdjp+lp$;U4kSrmjb*bb{NEFxz&AM*kf)Si<5h4m}fEUFk#s z=5_O(&G0>la$1Ob-?K3ht7fGECvbDr#%o=G_OakQuf6tSpgHCPsT+|!=g>$xQrGS& zFcyb*w5cyIR4xc3#C4`ahH9B(KZh>V1>R`L22^iEJEk}rLhd6~8~QYM4UW2f^Uq4i zzm}#s9SObz^O-K5Rto@V94HYBa4@Dp&sBjx>=9V$wpL1>1+bh5EF2H4O%Ku6rL#r9 zp5^}~eg8ioHlAVB13jFh7Tqmi!tNgzFc2SznbKUjDzYRGm6dir8SW$_EZ>D+M#-4Iyl9;z&+q5b9}vQYR#diBvh zM(is3EZ6wE>02D~f^RnV5~kp_T81^EOG~4xprL`fn2ZZxuNnNY!pz6QlK|NUIUUvxbUgJkiBn! zF*`ip&sA^%@dQX3=J(%=35+C0{}Rn1Ife%Dw!A0Y0BeiqgL~O+%3Hxw!@+Ve=_vpU z`KI$BKv~rF0F#bda7AAN=26 z8izC_mXCW+!EV(j^gR)J?sD|tR6qFt%nYR}*u~~LeFnS1vJMr82#92(dMKXS5UgnC)EKW?bPdjU!H|E@|Lb&> z6>vDU^+Web_-O6J0bm}weDHq08zcniuZp1s^jKi5q#4`P_*&Tuk+LiY7#ii| zd8-)N`d)@te^6TRA`$Ge)6ca3CzSR7p?6TyLcUwd;PwZmxn0f4y&bP;>Y#yN<)1Za7 zFkBDgaBVXsyps!V0#0*WewMRa(%~-8KYXwk7oC^`Xf)ULZkh^(mNY&h8QlcCWNAcT zUWcBf6tvqqchtHr0%vem_(KF~SffDaL5OIu9AdN(x>l&~dXm6HNJRxP?BB+Qz;!%+ zkn)cR3A|uUIEpEMtx`r{|E%m#a*CoAH}?VYu^6z~?j@FCDzWg`T*({u*u2m~;zopo zBld4F3ama*cprV|=YxNcL-@evh8&iOI%crIG#Eg310F1*Af~l0QW#s}p_|C*GD1p4 zO(4hFBx(I`MQUQ~X3b@Ckl|?fW7UKk;_*sw0!bTu9FW z=3sfwVvVtAO3PJz42RpA6*3N&xZ49QdVu+ANd$cqqmcCT2FFf)B|Xv|94={hgiJ)@IhjKso>}|x-5Nlx4kcb6DmWqi@yl=~p5^7ME>>;9erc=`3?{~?fji;}_-k3z?g0K2`Z{bHo2d1+eFdD**5~_-0Je*8ej2OOU0Fbz8W(c@wm`>m zeSaMoK^Nz6Er!cq8<=3x&od%=qpJG~8)?`z#~kk|D(YL4ku}dr=CuB@(!1wx6%sDG zOmii)KOTUi2YlQq7k$HG?0@e~gyGq@%K0FkDah^`!o*H$h5#aqDWI1h>>ZN5!PrAk z%POUWg>=ny~c0sgMyq00$6BxOi>= z_)9odMa2*!ZUeN{58(eIF0C0Wwk~GB%%K6WZ2YiajQRUg<{+%~=wjG+BU7}2?)t!Z zr0@I3=R<3LetzA+O5|GaawBBFO4q!`N&e`_{t{C(gdP}ey!_t2x0E1)O~+z+qAl1m z-kEQ{{mnxtXfeY>y{COLNhyL_Fd{^Mxhjf?1yb}{mgyyIY^8K5z5Ors0tQCcn9=b= zzg!C+AY?E+PN^B|wjRiYu2^?Sjd5|rBe<_%C0mW#h0jL` z43D?FUF8{0{W$(nm6!l7gh>zpHwEOXWb*@<;u}Np;)vE`|I7XPhG$UZ{(XfDMC@t~kDSlTilW^+d_7`+izk2HMh{7J27cosCNfe|*_^Jc1eC{qm!>s1dxbxt-(p;h^&U=Lof>+zc!8M! z--QvJKwZ^LmOx=aZpsQtUf|gJzYwWdT1ZF8S=WuXK%L$*%8); zlFCmT(0QQL7pIa=iQ|YKytCwFbDH4uND+B|iwh&48S8ZX2GFG2G&#T%ra{5S2H*!P znwhHV>Sor>8#S4Wb0l)(6Z~PbnJ&TMnT%WK7axiO(e$_NDS2XoB~ksKO)uH5mO&3N zyagz_O>CF@VAL1Ba+~?j*ZuQgIP_pT{PnSp@L=Z5;|I`#=^~i@%umy$Kc6(#5e0*n zsqqZ)Fw%DCk%2PHNEU6Q&9`U2+2h5QfDl2`7GT%Y^tZS+V&D>k0c_TQVPJ zBlFcbwse0}6`fGhu%}|dz{P_noH~s0idn>jxH?xeSj5r=LQ0l#Z115Cgv^2cJ}qP3PU!De17ygbH9M9|ID(I5!&#MSm*50F-(F)2jI* zJk3A2K!Xs%4*UfYz;9qAxn!J@f(av)o9`?5lY{KPeKAx+q4^ujafsYp(%1KgCr<$N{XB31&bN+xtJ|J-5J__}6Fu&6968Mx3*FUTD9xjfA= zsUK|WPnTV+sVglj()FajVj%TzT+;%pLX#xpO&%^4d3opD;=`IFe8a>*a~|{Y7Vdoj zz*|&o4gkSImK(I-st|Jf==Dj)bpsbPM*L66075miGw}bncE$$`$Xuz|c5JCy}A8c?gBjX**aD^*Dj{Y1z3rI=q8q@WqE4%NESKn-OGxM zmyl8KP{??%4!_(d6qxh;te~7j)Rd$dzDx0ht%hj8_AVpHhi&RBV`Egz>>xLow}cAt zsMwijYN_%J>&dxE7@6sVOJ;u#!Txb!RMbXapWuJ}`sWjDlVWH?lk$xPU9Dz_@H{&5 zak6*croT%PPLF;pnoaVE=tAAY@G@TV>VWk(L}yl-6;BZ1n;-vXFj)BI&^sfLo6^-~ zf{X-@Qu4ypGUs20YH#vEpBOqT)Qm?`LNnpWq8;YbOZZ#=Rc}@=r4J+N;_EvUYA^Z! z=HRH5M7lFT3=>Etbbc7!+5G7nx~fLtWdHh`q{5mk$=8s{TYMkgi+7@sy*5FxBGrtf z$YCUOF>4=<2>zg93KsGiT(PM#j1{35uouIW#|^%XZTAZNo!)JjBt5#glTR6d7;#VJ z7>C=FTvv5xNaX78zGl}7gyX&oOdC%WIs6{+eD~Zy_DDamvmu;#aokNOc!>VYDAB$pegZGt`|^cO$;tyZ9LhG*!TUQxgcyoa ztN-q7QAP)Ra8!ZfV!RJH4N5)c>Ixv&kq^@<6bw5$L_n$>q?Fx(+i>gFtuk(XiD#ma z)iND_)Lb|8*6(7vV1z$2zB14dU!#y$AT#mGM`Y#O!zwzmgJO)6@X3c&wJqd6`SAXp zaR0OFLEHN`q`dVLAG=*H)SPM&)U--LjXPr`kVMnYf8jsDL^OdATyht1vYud}#S&|p zrCB7~b@3G6z1JO{Q;;dzp)GSS`&43(9{geZ?nbdcJ}>C-@b2*CL-yB91@R44s(`V| zN5V1Uy6g5v>788CkbD~?D-*nh=sWg7l(8DV;HB!G_`bi)N%$up*dhM}ap8vJc*FYR zjpE#LD8E7Qn0$gZgFi{s{*qtGh4B(?%wUO)p7gjznVku31RA1BZzh8FZG(r86%i8z zVMCm2hV5@CA?(jwZRSo>tFGz-x)pL61C5B*C9^64_v<~SaQUc~+|wB-aLTbB%1>^Y z0W7NC>!Vc+AK)U?R_D@8e3xVs8R&x^%7pa7@fej)q;inq(fkyoYH-w7s{R45YXq)q zV{le)c||R`=5a%C;mGzg+&VAPmqt@@plTQJw#ZiHT;PZ`Jqe7;|GnXGm;1o{sWvoP^IFhD z(IDb*ny6Xl-=mJTB+TJaAJ_g%=jo3VavN+57MQ;_Gng#%)Os~!0=C~j8sA4xPv~v+ zp($~b5H&`{Rz%tBISpGOsFBld}~3B7WiV%Jp*#F@12s{pt%VCJ^gt}I{f z?iYqp50o9P413Y3@s8wcu2;Hw*2b&6KyGbk(Ej75qF(HEr()n`^!)&12lLk!G5%Ff zlFbosey}iJ2cMx=!qzdbyo}FtM4xAu);Mw3+(3%Zgz7CUk>9P+5IDV}&j=_<bF)c6dXc1dzk9PgowqFUd2+)+sHql>IQ&3Wen(B zyM_2lnwhO8NdJ2giX8lSide#!X=m1#ShG0@)f_$}KHv)Xg3yl)qfaz$UbrK$)qBY< z)ZJqIh%aawZm9U~zx4uf1w_&scFyCnD&BliPn+`2?AQ30Aq*JaF+BC}7(mdaJg#2t zS$RdTYLGCP(wy{okyT&ENeEO8^RtjjQYNBJ=ZUYzLt zr6eg4No<<_>P(lt0UrP&fa14DtcY=E&o?PlERD%Bbu zO?|F7I1SlB)u6rSW~5et@B0r6u>IRmIq95l}MxAQgS3>43=Tjq47X>@vAdpS%txf8PPRsw!}lAkwc3k(;?R@_`+5H{rh^3u(TBB0Ke zfRJrzd+hLYtKq`N9kv|nRpF_ByxCX(lQ&DoZ9J*Sm(l=A(m#4Q=eEd;?yPQB?QE8f zJY88(($%W6iUuo%q7U~0S2CQTz>n8-7*TJaJt6xI7G{i3UdT1n?Bzb*-%H zUFlx!-0B7BeFs=glD%4)FTeP%@>?yLj(5A;nNwFd_$Pn=$b!Cib}+l}-e4uUa3Pj; zT`0P8<@@tDUgXe+66x9cWoF$v4OE~WJy1CLN41)GQw77cfOU_bxubPM8$0`)sy987 z9(q@}6x})iB-8Wd6A)VGXc7G6(+sBIX2Mm-CB6^-&lEuz+7`cD@*GZ+z(o*D^C}$` z@*wwmJ?x*}D7s)7L)7p$jU5Rcfjq7CR!Pg8!ZlYqUONY)HyW=LuVyPtgGbOr1!sWY zb;WE8JXQ@o(n8BvNl4mph4PkRzR3 zq6f2cIdWxB5dX?nN&u)d?#Y+GOrpVq38U5sm}>)U7<+7+V(DN82VL{;x-F&ETdhv+ zH_dV`e*hBItJB(D4@*c{aHMyg9ir81L-MSSTOY36TDecnk5mIm#UAqst>B1~SHDdw zD+o`W&IF98YlDCw6>g^j6a593Xx0jOw`H*KlH^l^n}?Ww=os0|Z~5PG?p5PLBD84KFn6>e~T{olP;-v-XCW?h}PGRZzMMZEbgVNQ)2A`*cZ)v4ivuvgn(ftj@_dM^6bRy%E_Q|C3+Z0#wGI?nux z%6%m6#$rzjw6w}k9Yn2{Do*ac5e6=!^N8AMKq1V(Ryoj-5sq8;Bkh^4P@~3TKdrCYnc`bx@BduL;^Mz~Q}hnSO|hGJw;uaHOG{()J^sv4H1MR{)u%$4^GTl`q;}e0 zA9^Y!`&Q!hM-om9g&5N@V+yKc6a>a`9t4ei>s4;^?w`x_vOeMuXDJuW z46M!zJIL=?%+y?{mh9a+{N6aFuVI4X2_N1X-N%9IfTQ>n-UkR658x4tCM*(A$kN2I zT!G;wSxeNlPy^8e_!Pt}c;96u86Il<=W_t-Kc66HOL-9CPON!5&e+(8e&Fm6NfzmU zk`ib{`BoAAcS+|%p6f690y-T`b{t=^t?H;m>UT7Aahfzyz1kb~cl7MZb_A1+-pMbC z)wcb;pKA5>tfX4JBN(pH!%kdaB?M07t&j!8|j#oNtnXs*4Ja7>npvA zefd-Al(EUydk~}oVN~g>r*0mmOOnqgcL@BDy7a!eYIl1z+(oI6-BdRI9=K1ZD|4{; z>|6mb7~;4Elba^3^fyUxL}vweeL6U@71vDK2i$JU-UOdUo8goN0XKYa3P1IY%Er%57@ag|*KiMm4hFYh^X z0#C;_aHPBGX59!Sr+*P5N5}dyOOdEiaI@ijcH;xzMwK-;-m!C0gXN~dT8R(%7X+5+hSuTJ(Mao?Z30t?`1&%?04S-5f#<%iGzNORQO&t0O^ zxj&mDUlBZZFo~KSDlc)U{D$x5@byyU#}9h>$7Ju$7?JEnqVI72f#`y1cgMnz5{EDTCUtTgcuU->H@s?`8s(70+4wBklTm{+j%`5jrkp4S@yay5FwgHCWY(Q zZ4{zH^pgYpo0v-7+D;2Fd+T$(+|e~EBV}4GKYu9RW@!3o^BpM~*}LWULWsG`j0<=# zg~RLfY6{<&b6Y4PB%`_T2;3u9D`tb@h8lev2Np`}7#{I%cBvg~U9}<%qqMYONGggO z9|zkBZ4uA+#%wdvCY)VSsS5G;7TThXn(}cjnGXXV^nM8hX%kR4w(9vD>sTLc+7F4m z2>Ej#yXI@VXQ)7W+L}Nq8)rXX#tS+LHw7pU!~s-nK6u(y<1C=~EpDH72tUr7 z!rCOk`3(eOQoaCWJ<2}#-lo6*2*h%(-6^?K_gKCnh3DZ>?k|EJJF`wzTSF&jGE`#qT>DHA3eW8~ zUv(aw!9I_XjUa)m<7uv|uNT$&=3g4<7)q1$)d$fTrM`BxxboguaZBiw9ks0Vc6!~t zO^`?q1jWk2UCI4T+TPEBC3(jivZvw%RVvHC9bO5WSh}xXx;GldB}qtMV(+g3Q3C@0 zO|MNtiC$%DsH5;!o$I!Jq|?K>69i8YJ#$kd*CgGkCjMnrFrT z34ZzadlyHGJqCE)egyIja{HdW@wk-d_0gkt%l1pgpiB7%DU&)5Z%mZm2vag4vF^`| zHrLUa4!wMDy_@vOu*@9EX2t{j%yL$bLmZyO=n~xzc>s@KjB1HEvC8@w?$>Acc@Fx) z4pyYW{}7$8pQ`-d58@GD!ygRhKE|l1iQj)M7GtDgo^?sqCYm6O=qP>K*|^T}Pd}R@ z_}{$X9m7d-^rhQR+?2SrBTL5=E_cJEDV$~P%l5|n2&KqrLFaZ|*IyqC54JOPdqU=Z z9ZiggnLY(FSUL^5q#`d8lk7#_1&s1z-jk`6vWN0UY$PGtSnq!AJ>$0W<-@pwH9hsK ziFmiq|6(QwyYeSMr;q1fPGL1n3CzSzkT4b9>8jRn0EC6SGsYleH&**kytI~HBV#JU zQ$H0BOEtsm3csL9ctiV~!p;i{rRZ1{q~61wqL9OLh#<^wkA48+C8fC zTfG)X{fi$ohJI*s5Xo45#wFyM3{TE+mVe;vGb*0sd>+}--*-5P6wBvVtONwJk z=luII;8>04=eYT|PJVmQ%vL>Uk~8Zt>Q_V%CN{S|+i;sBoj2TE@vRcc6e#yzQ`8S}za(vP071XvRGaf?U~4nS2HY?G6IvzR{HzzEzSa+n2yfd4 z{vU+BcR1F48$XT+Q5hi#7ukf!$X?0bGO{XrW-B3kMC39vvndMMd!(!+GLww#ojt$j zN6-B{_whS^-{bqwbKFn3uFvN^&ha{5=j(hjLiASoJ;}UP%L*_*l&EB4T{S4xzQqC# zrVl~6{ZuwTsV5~9V?u4EyMr)@nJf=mq&n)cRlBd+N1jYv8~}$L+F1vs@bP-Dv8xKP@*k;M+L_aAy+Are|AXa3Ye7fW zBv;1_FZB4OOXnDc<6{#mTJQca{^&u%eG^&2;L>Jxro6dhL%%dFM(sFxjJBl4cQj8} zeq%6J+Bome+owe5%RQ=qMqtmQNT0Xr+KHPk7aPp}m{UOrbD%W5>w?h%2*x*l_KDX6 z)cOy1anQ70n=i+l77LlwlUH`&TF+f@p!D=ucKHI0Ne7m(wo5yN?K<4~5t8{_C;WtdhGXAf-WlSCqT0@jpoN+6$x6-a?4yc;N^j9y9xsSWrXi}rH!e1Om zb0l1SGHSOC(-Qh$G5_Ry#ic*aLXdr-ws+ro`LCLW(5EPl1T8aa1(zo15SE61$BU-j(&$eRY(!75G5sH39IJ&HJoz;-PLZ(3)nFo>1-#S55Abf#LI%W z7TVgfX_u;{N-9OQXG~N@D6=g@0%v4AiCFkC2gW`!DINUFwL3zX$YW1qCW3RV5v$aM z#R~7#N@@_HzHnbZO-KGYxnf`o<0C~ybS-gcu6TNg1Po7glP9* z_9dy50?}Uc=a=@H4h0#65hO&`Q`uq0-1*%Z()Lv!?Jm{VIv6w0#F(hjcW6;EJ!eg@ z1#yDT1RlU7N2?y*dB9R)*sNmLsKeBSdhi+L8m(ugxl*??W?^&pUHPD~k0@iO8?41M z%ri@c6+cT<$+dO51pSbj&^O{3Zi{k=;NgYZU1-9W?auqHi%RUkuV(={C1h!)r2SJ9+G8`2Ag4 z%D0R_(q`|2pPpm-kBS_;GM}_V(0Kuw5H)*n2KPe$l?)G<^DW}|OHB-ZV9%&~1eG4< zwM}ev)mwJ6ypn9|WF)gv??SAOEp$4w`bc*& zCMfN=PEg1ErqEiTRJ)pba%qk|+8m{(22PV84Bhsx{bzfI;n#ld5s!3N1UOA7!jhdP ztJv2hlJVO@_5XFEh*-`-5cpg&mY;5o5A)>gyr6wFd%20mFoOdPPpjPv!}_OHonaXq zFM!}wDgZo8v-UL#vx0uvyLQ+{yX&7;t~HowoHQ)1)Y$EnmRo%4Hal*Lic23x*XwN_rRTE2}4C z`jC|e5{D@l@Ti3Kklws0DsrRxTt|rh88pJ2=Fx0+W1T{kJ24E`Prm+pDY0T0`HoH( zC1P=6B~c-k-=5=lNXh3E@Af=@K)_V9Gj|^uta)_o-oR^i&*48IWYR5X^A3)u`tB|; zwi2Hn*wc3vxrcW_W*QNhzbL-jDCD}bw35VFPw?EN1biXV^D*iJWY8n%JqW*ku-TV9 z5Y%4El~gAA8XMhy{Kpm=rXolKz9fo{YFWU<=yIFcFISkD37CNYGe2O9^2oV|wJ@RW9VpdSyGnRU* zyFiF0*<(#=J8es74K14~6Oc9ghCmdeYjvx`ptqdzmA6W6tqMA9!d*em(P&ZM5iO{x zXYrxwuAa!w($D3RD3`^bV|E7LgQmX&SKCIBE}?7S(>ylX`cC~oj!`UvPl8y-R9itr zmFLbGV=@eNj=etvvxiF{3M;xBM2?MqxxatCvUoU*(F|ip2gm))c_~;W zyz9P78S<((NeB5PEvYq`TEea;Y|7XipOGl4TM=@{3m;HQgAp*J1#b#rXpRcYUy@nl~yx-Ld^C3v6s4PW=jb-R!lN% z2hZo{Nb}pA!DkvxbqrGW*%^!BwE<-#PTt&(wNVFw!Um(0DO#KF%D=_6zrC7X@mz5{ z9)@AXNZMLfq)e_<&>TzBn(F-GPxgNN-20ELxw=r=H*8Z6y;8QV{nBIuQfaxjg=pcg z?ui$ezm4pJnzBIQ9Ra(Mm^`FmzEaxigVEvB#k-!{?-7rfJ@^Z-Q+tE}Wn-lJblwY* zF0&b|ue+C7FJ!GXGCspiz-0Ep_$F)9yMRBJAmx69t?N$lg7Nylpa?A}J)>hMEMybU zV3H@?l9(bn4V>_lo(Ym(CL^Om(6N8q(Iaq26jxc#OEro(M)0>ljSTU?M1d8Lzq4nPC>1oMixnwy=W`@hj5`J=F{hen*ePDk@2-Ma=}nW&q$a+uW~d^u z(%lsbPtFJOy_3fUPP2s9f-$h!&=Q6j^6>tA%*dG;AUS^PR~@<9Tbe6ukOO^&_`gU# zDZ>!XLmOW$KY7DZs7q9ceG`&rRPvJ_&Rlxl(L6_?WL|17CqUp|be)&4C%g5qe!)J0$X-xn%tb969D=*d4d2$5(Z$FEmc~C4tpy%h~*_12hQ15N$ zTpblK+g9@V_#QU<&14HQuy-79mYto3dt{Q-WX$ks+vdMEkqD^tOjEyAWi=(RIJgP$ z&^dnrP;$&kLNwNY(zVk)|9!3T$YXD)&shY2mlu!4Q^Me5^oEg8lWD%lo9@)f8laSe zQ7@v4;fOu&IDd!AE>=4SY%D@GkRgwDihQRlHjv|luemk*>$NnJQpV@=8cK5Ott6_Y z9y^mMcIdCX>zLwwa+(RMV9m>*@t8X2W54aBsBr6@Q*?=Z(-mDEJkZ4KIyN5HoT{^ zA6dCGr%$4W3tIyW@c%v*j41eLYYy=|u#yyp4oF_*3Xd&)~@2s4q@ zjZ$i)Rs6vJ^#txfn+R+HrMG#^1d52UDJx{};_$+FgO4EU0S-33(lb~0fRy0*e|?o1 z9egCm(EQDF2oBYxID`j>162(UsCSDxPWpeVC6fl2X73K&H9TBjg|4gqCOlW2FS3WJ zVlYhVUy%EYVI3!Al=+>*O5E7X)Di_nrjCIkJqVN(YeC1nYrRFTRZ9HT&Mzt#AFM!WaXC4&Edv69pmIDe5AYcdu!7A=ySF`7l^E z*#XzfG?G~29&1f_`rZ0;(JC!-Y9tU%C{&nS`tMgglL&!>OIYm8U04g785b{Jhb$!k zh?7b`M7wtXc_i4LW)Rz6=k~-M&5&yBBuej!?%>vw4?N!#JH6aN&F$c31!IZTBJ{uk{xS{*o7s_K}A=WLK%ymZGPBF7Ya%kOiO4NUU4|#`2;xw?+`lfgu zNn;Fg{Y-NT?52rtZ$|12c>E_9Gdo}HCwq^uIBU((M_Upd^7=GPkZ62PP!MLxgYiB@ zXF@G8M40H$HAz%Q@CYg)y!BGcXFMeS!eqWr|F3U@8M+CCvBKO;N=W?GPBnx83n*_m z{_B5Oul?%-urp^eAAmSZSm#1VVRyI$*pcR7hWwE#( ziduMr6azkrsIZDg7tJ+i3_ceW1CFuEIQK`CDAW1-u9IdhdSDrB|qpnqXHf0 zrGC4cXOWw+f$i6dgUplyCiB_Q{mgBu#oKOO? zVUxE`mhC~cO5-4}9{E{mvcsp(X^*2hVv1Aw386$Ca>LhlQY!ogz;TxXU|Y}m zy_EfzrDh93KmsRz>FyV>txF#2RHx5f0w6*A3yLy2h&w*0w>HcdS65fJov=sXP9YHi zyfD1Ne_s&Ai;2&uNEf|%FFKho=xs~lk<96;J2FKn8ptswhx1-*L$>!{e}ep{#0NYN z+*|We%&X&9S1w(rePCxsBEhYf=xx!DiH9=9#|ULR{fa1F*t;)tl|)#@jOh^!Y{%h5 z#neEj{r`CoW~^i7%SLB8`LwKGXN`OK3|ua`Fgtyh6S1^J>{xrPI4Af0gyg=mAD=n< z5a)T*|M!uQU(>^SV)V|RkXTiAAn-DcGaROeD<(nl!k7UZRi#r3r?2rD@*8v_F&_$| zK!zBlFQ|F(ScR*bJ~VH&I>Jqok;gu#2*2`*d1opx#p1)=$Jm==lhm8NFdtw=o893Y z_XFf}`0$7*5{OP;@)xs&fr;4P=W+DCh2h&w8q(o;el?xoXqo!ig!m!Weff#mv)51U zw8T0-(Rf%-0u4$HMrtr2$jw7Z6dOU8Zln3>$FW6WIObrbz*xK}nZ^dI)&n_al~~?u z*ea(k$9ESZoc?7+DE#pbQp)e)t$AvRZEqq_HYyxDgy8<>Iex@|u+U;oN0YVwlmxFA%04tapXyVPc9yRDNLy z*syj$=|Kjv?^pl`jpVV&e2S&YsTa;ZK%TROS)XN~+;s-79xVC;rDv5y4`+E!vFBSv zD9&k&2u0+$wkBXW(zSgtvovEQir=|1!dwg_!&Yy69+fy({oY%rNBU9-#(E*NIiAJB zK?31M2`f%9?8%bG@W?xt@sTC)AcnxOGcEiqmL&desn_~1aTdM>WTBo(sDb%T&+4kA zz4#^URjjfE)em@d3q;QFK|AVpMmtDUeT0E?S^;RuXX?1fUj)G3(*xjgn!jLSwFZ(% zV5xovb!PgknET~0+Y{M1tTGGMg|X_(T*P%b5F!l_lbYXMMDH#%59; zRkX_I(LmO-*O7;;v6c|#S&RJMbUYydmqT>Uu=FM6JyKlMhEbj zSx+wukVRSp{|T8d`C~Y~zN}?Miae&bjikkMP4%tO`$_+) z2eDj&XS8R4XN;iI(LRf5=Y)(ATZWOms5ACo(|ti*fTq_}(()S~a$LTVqBvtxZ;75p zk6^>366*ZzkY`X(eO9UVWM)&h3VZU{NE%m-3j#Q5nFz}gr`cNwurPVY1gZ>3^NGNF zzTlG=<1BrVpB3MyUs<9gjGVn!W@`mBZI`oU)4#^o1at7>PzfAZTCc)!eJi=RrzRL> z5f}5nBnw4_oQ7PKx%7+bzsnbZ;mCxS-S1jS+mk}A10@-l3X3q(A6vvJ~4nTVAo;)Uf-xD_)2%R}@T4L3>knZX6*JIuja+;C=T!58&ac>J!Z=G|A-+k{9w zLln~ZHj&p33YESK8u(bh8Bk58+C8aw%$@TA^xF|8B_WTjghsI0%zP>BxbBN0%QZ)W z`XV#vu6w~Z9or*{Hs;dSsh>enz|}IyJ36s}r;Vi5`Gjr+5Y%p>IS_#gG6>(p|GGi# z2bpRe_Dw9}uYtS|=ipo?dI0$dnG|^91)A2=f^s0EgaHeOs=mJj5mxM`k-xi%q&c=L z@@oO{7!TUl_Rn^HBh4!SnMZAHR2axO|9NC%HWc;|2J z0^TsN(j(dtSzZ=GI4Ji8zn#M_0p|<%iz2RjDV-Bppfw@{DK9iEWfD1iA0N8}^~{oo zK$kc_%!G&jMRONC_6HpEdHg;E0QT)*l1R?CJ>lK=ApO^CrZQ2pSwBl4U?pCe)M#Jvs9Bin5c+wJ&= zWeTadL?O<>`>^r~RuxHJ>&}&0(oWa%N7Tr70~k_zn!Vn~Km65%OE8KmguKkJ9rCh2 z+@yJ}IOYjQzNa@~QWla5fk+-2yr;^~aJRd#PrvgtSeuxO+weXF_?9hs0zeab;vp#X zk}Abz$ZP8Nf)T_TvR0z@wwuevV`Wa&RYzAM^oCES6cx}t!f>@gm1s1A* zjtzH>EKd{nJ^VGP%J*U{14os{*#4-T_hOl4lO(%9+_r^=#*fR>j~3x{6vOb;m@F z&T`_-g4$8}>jj<{Bd1g14VlHi|$yFV=8tU{|4+ zVdmFWKEG|MxF@yj1kah@BY2jCHMp5XN=JIwr(F-yCex=++vUzFrGKMHz-g0rM&23~ zB?AX+oYhy2r@r3Iw3n_?`uW`MIYl}Q-!5zq%;ZFMPQG)G#aAfgXoOro*B@>u?tD6^ zTDmrB%4szDN`v_8;ZqnSY6p=A<9x~emY@OfN70+NnTbBfKVuHrpeSLKJyM{D z2>El6D&4q^X`e&F!p0X4rJs%D$SvT*KU{bnEP>@aL}aph-`2niPT`cItcD4KyAsCC zoEpdUv*3_Km|I8qY?N{t)seeLdRfHdJ?j)4U|69T{I$snkDu)QN0rQBFC{b{wEN>; z9HFRjXU0Z0B&0zx&0i=w;y1W9(A{4cgS>XHdCVWY`roz7m3fkY%d zD-ZY7PF6vrIxThma8QmT9~T2DLL6c<#Kl-fp8_cb*d7!240^~GybY)V7~(`gsAU-@ zSwJ1ho|)fjvXvM90Bl&uMa<9%7@KYLiP}B+`#YVU7}hdqv{4aZ?ad0SKL{mQU%zz? zx%_Grn3Gt4{$izvaOt{mPyhZiBd4iiq1q~6$+AHB*5hDu*>@(S@Z0SOGo)l^O4tn> zy}ouGaIM{!>X&@s`N0IqpZ=*Ff+afebiIN;nlH(e4Zb(%@njMtw6$Zm-WG(d;c-)A z5#?!N)y`e7pCxb(~DSzMIj#x9Fj{SL#;CXZyAB#jTmk z!iY$Ej(jMS=wUksLQB2%N{w zWW`~EVMayyqw1LvIe3R2de{K5`1>0l?iMQWVmv`s7PJ6~ zhDywyFON2iFTHuU1jDJzU|!m-Ucf=WbqXmNusrviyM!Fsb~suJFOn}H-x%-;oKOEs zlOVE|j0l_s`Qc^vHI+heU#ADW9$Ntl9G(d|pjR6od_m9EwQSx?X(;T%5a&oPFY!-qG5cu(aQ$dFg0)VK}n7<*fd@3sjT#I>J2e`QGh4z*coRBEM~ zQ^i-h(^Z0t6LVga8i|PU7{NIH1HX01rWaMBGE2ym$tUY%hfOXOKm1upM$8E!wD6m9 zs63MmL=4S-tY-8R0r^mCD5*`E_YTN-mZ*xC!SHkjvA&5|9V6FR1n;SPuHGvQS<~QX z0L(6fCYKcp==u5pC9CgN#TR%zj;m&u5V3x-cq407(Y-8Eej1;{b+_4y`q*uK{0nKG z+j^(-i=BtKJ)!N=ZsHRy^TMK6ulCXYFwB~N6|zd=^5tYr8WHZ)2qP1ATbgTwS!>o* zM+dkY1g%~?h^(XSZzv(d6!F+fqh^hWLg<-W`Kn4**AV^LrDM9i z9AZ(Ku>rf0A!uK5sJ0-EHzl?PZMGCS?T4z`JdS;QTn(Gif4L&V#Grtl{P-n|{dpdQph$)Xb4baxLHYq`v~~twdv1k1CDWJen_a zJ=bkHd!9%sZXjY4K|9i?u{Xcz((n1>UZ|v)d!j!6{(ehqr_IN+lTz(tQo+a_B8XR@^x{PlsX&ANDM_IzS@WER~7YjkE@~irAb9-o&g!d zM!GB?HG~Wf6mqqmv;cBJnQAR0uk8($a1~$Mr9CzQ-{|HlJQHgM=h8zudhK(4D4VOSXEx+U>B*n=v{2T~Qmrcfpd7$rQiBNMp4 z^TGXRF~s)Y-}B~~I6(~;8BrUfX)zzo2yj4A05DEy)_14M7VZK&-BwGUF=44UGZ?HY z&)6NLL)&qS0vI-jGk4qg01j;F3FpDZ+OtpYe67g&_kN!PydgBc)Sq*IiqBg1jISjT zg#Atzl~|CSfeHpiRrZcb{mvBBgSo^Q!qv-fV575luAQcHEPR-DE~E7igAt_?q=%14 zX#uA&Ol6#rGiHQ+6Y*W?PhmfQKUD2G{Wv*r{C~X$xM*TI3W^wN;JQy7HP@6k^Jd>h z?3*M$_Lwkh)AXKU%?O3@(}{qmTy?t-A~>P_K#0MZ{xftVxKNTD-JWcCT`@M}UDShq zULpWX@x^;*bbMf+!!Srb6dz_crnwE}^C%g)A8id}+$QkcPPF(@d6*578E*EuD)z}F z8c%)$dQ$2D!l|ro@(g+5&pT=p3}UJ@wtz!u4h-qSt;bG5^2?EZVzFvC3pgZfLzAaZLjegIU7|eN< z-!_3-#O1SBk!^g(*#)i^hla6GJrHbIZcXecndib|@;@%WYa|LK^jT-wt5Fj5RI^xa z(tM|`GY`R3JZ_22Wr!PPn%^V}L8u13YovFj(xdU8La4H0DlVEZkna)mjp*}^_Ybaw ze)*W1`dzFhQ!9fzT&MR-p>cGs+-JN#z@!A!C{|?dk<~517Ja|%f}~;TS+GTnAC)bT z-<5)-oahO~eH3!Hqe))NNJ$@S<_JCLp*>uczo19{qqqnt_qqJ(c3W%26bPD*jxf>Kp>QAb0%lTqw~@3}X8&K@WJ9aC6DkP{|HcbQWl!9`CDcYP=xjGEqbw@9Rm+B~a zufCfmL|4y%wt(H{n|FvNVxi{jm+hgy`Rvuq(`_#&ITcU{0L-3tB!TdHrBAaBbHTnt&=qcWmXFc!xboCRl zQe2zr=4ps#i#>!v%^zuU5n0v^zz}2pQ#Zt;0`E2?;wO5#QHlU(&F?+0l0mbDFe&z= z(LjXW!ARt?n#ByABM5JLK*hed*^CdG=+pdXDU=j+AH&*KFTI3bYX$rrqzCq%ecg8^ zGTp-ySBf(AF6pDt=garzaI@5%t^%Wkz~h`Cb8I zc0N>~&n$EEO8tp1t}QY`E7x&~#83W)J!ErRD`TTZkN3>r+@`!SvTQQlnoUF0mzLj_ zeknoPXl@LE+r0;F)DCDsZp*HN-$|6VVf^q&nrocsaj^IhYi{zSOb%&VWCaK>F^))Z zQ@U(x|G$sDZRV-!h|NG3^nE_pCs=tu945L>m)=+E!lMO|&hl_+?%Ww^ZatS)7ucj} zxo7d^xBS?@n(h6Jyq3TbbJ-Ym0pVfDEkb7` z*1D7k89MzLl|GT+*tow;hFE3P+)w!ilM=AJ{I!(Q;N6Oxa zLXTCs`|8h_XOS=t@?g7eN2s{Agmhn#(@%cO86q!zFQmbBWj2*%eYs-1JdoBWnMnA> z3uP``x`4@3|eWe;O1_{Pf28L0?V|j&%WPl-8Zx`I}bXT2soMr+zgJK#Qu- zYa}GG@6F3Vy8+#1@Oough}JM@+IRtY=!xM7Tm_kX`fnAq<{N&FzZBD?jzw6+AQ`LQ z@&blWyrPkK3uC5a8}_XyOIJ^R;fB`tQ5NCUlDAE2>8z_*RsZrMSepDqt#~5z1Es=VTN%Uqu9xSp?e~YQWpCYqD)*Kp{li4 zzGue#1Hk;~D!ha(JF^_l+v9Rk>ZW~c`m$%P+1|3C%UsmM3Q+w@619o*+WQ?J8i}SQ z+I`pe^pb<<^y8)8JEYEZNw;!}J92<)Z*(R?#qV3FnzuR0;uo(IuTKN)kRit)l)uEb zbX*l62fpk5Qk5d42Z{CKQ`AfY-2Rll)QfQGc}Ud4zjivQR9=rH-Ke9z!>vct(94b( z4<}NSGcHx45+{hkXa;tz_aBaKgJbTwm#Ajw6ATb)^duui zD5aTniOILoH+iCNlIXJr(7-Z~?`%=Q)k77JjUE}@Idty%J|{%gl(kK5eezl+;LY74 zrNuSjm0HL{M`sq0@0o;xp&}J{P=2!wQ$*y&1o|dGbz;piNkGdYj6}8!lqOgEY^|1ZOcELdt51*MOUEub0AFf zdjMD*!=6J%T1bq;Uf}p2nDHgTfT$&~AwTT*q<#PACx#xcNeL8w z&5}8+b7GFelnFcF?6ER``NpWIwEg%Z-Oog!?+h_odu{8V?m>!{BImO5qiTEQgOwF? z8goK2pH1BI+ONk^kN@EUgl@jLwXG|>__p+ibmX9Hq}!w_8UB@z@&vnDW=GYo<$%^e zjOfZ#e^l-Tx0J7dy)Rd#2Gl!@piwGn8=fB26-X|gy+ZBvp-gbk6k$Hj-~U4Ot|3(r z^9^T{X(Wy44}X@FFE`zmbeS`>+s$79S;N`<}1y73&QG8@2E*KL3P&!4^>r)2IW+;K z(6CX_u#9MnB;sq5ss3UnPTeLyHN&bb312*+0}+|wcJ{)RX`Y)3j}i)4h64ipM=J7< z&?62WT{k}U6Y26pL+x_B<^#+zaSui~81b7AzGcamLvN18NXF5#@wyZ5doT%IIrV0K zoQVbnqRye>FglP5Y(=zXnN_K|y{cuwB%^r(2+3d9uYCVSew9LrjjnAzH*KYjUELNS zn6Y||&}*?Wtqr)^xU|XNU;B?b7l>YA8?j+^%-$aLcJc7x@N4hb|I%*$0gtKl_3g1R z`l!{msxZHgCWw=gK-qu=e)}?T-!J{S_X#RyVjamOBB=O>tP1bd+)fiGFo6yhQ$do; z-u13;>QWhQ_DQMdvavoK&(kq-)MGrlozZx#V{9m`oAgjs=$rs0%^s_%1dQ_!C4io6x ztfbrBJp9^W;^^x*!BRMMD*Y_#88k2QENwTAz!NPdrx^vwi(Y<-u@MQQNiw}_+?G#! zh9^RfcX^f0T8)z`9b5gV)Sv9WV3D>=W7?GGCd?nzJy1Y63 zrp}3k*qS!9g!2h<1WEXQK!)c?zeBf zmEqRAu&_yqkHry3Kfx4!ikRua`TAVVnLQy%arE<}{`Aj3%MLY4o+Q2JuL^!OI4m+;j#lI>?(K+9_z<#bt2v;UBDjeJ)32q2mHgVFXGKUdtK?{p_a>WkI{9b) zJa%bQNUE+Y#rkesj1-+Iv7!-q)QC@xRxHLrFQ_u#kmq2N{5f>vp~ikOXHynuR8I__ zQ`f{|DVb6jx9=jZRV~luiEs#e=WMzuNle&4V4QSKjRG^fPQ5e z6@6!UXgP=r+q`Z z%u85AWLR1e%(;+#an&jb&Euh9Qc#zFO*Z_IEg&?r?!p%e=@Y{JDJZ4YPctVL*7pQmI0m1*#)?5v9omVpzpTN)}J$b{JD`!{rlr51`^dmvGw7&mzE*95&gnFH7xXa!(`stu;+ z5fZb6AmF~u^Av9pluHfa7&yJmH9oaXfK8VidcVBr5|yt2s9&c85jo-&Ls*fpt`DCn z@}Nz?c6V(eC)`g#;s!)mcN8coV;$8(@sX*JGR`DxR>q^q9BA*NRt!)*dwaVa==hAu zyU^OA!f^{)IpRg6>3cw+wW=;oLFI<~%8yo>CPu}$p)5dAheyHP*UU{mw+W$u+eqWJ z*{kC5c&Yf)2$Ic1k3hM_j=jy#+A6EGTwCo7Jg#0@p{8jhtBB^D6EgGZry10`jeqq+ z@T2vN+b|$yKgRX$JH3aab)tFSzw_HK>FT`e$&S~L=QK>dD2i!SVzRMMW&cQ?USoM{ zvqbC3Q+Pq~!(V6mjwGCVz2&$bOII6r(u(YwDET~Ox6uV?t8+Y@pWqbQ%3v?}Tm8m? zQhICWJYvG~7!5>T%cEQ8g>^1oHi0Umys4{J9hghkg>NtKP{(ff({8=d+&T;A&odz% z?U`&+Qa$oBjrUW~Pq(Cqr^k;${<4%RjJyqEGUw-(qRDF(2_Vy+?|C`hHdLrsm6`QC zOdiTnOkpPI-fp1_>nvs6@E6YUz=drEilj3Kgm`-$!!C99(hZ#40zf4_|2o zEu-%3+Pr*+D|k$ZmK;IGzK*rL5QhnvPx7J-gxr=auhf)yDpV#Ya6@74&dAu#kEx?7!)W*m&?f<6yYylQuz6cY^>k*0L$x=gcixZMEIwnq;; ziLy83Yn;T-u-)?&^0Cni_prVo9oEY?Hp8|_6?W&Bekt|sy)2UqQ7&)1Z1L_PC_{*2932cJ>%?qnHylP*{2AE0qN^sU7OMF)lt}JXoIgn`pT_Ur(z zg^)foa{L|pA{)DaB%O(X$^S!|JU8o0%ab?n+=eBQu~HCPIJjqZPF2ucs%ts$N-QV_tdQo;M6mJ}|Ix(2op?}F9272SSM}G`1 zNKom@;RqJ$l^Z7P`=`NOWsc=#@`($rnM2GkwM3F0;ghF}KkI5p`{Zo_>|1c555gU69?v5AaZZ_KZ!oaC9! z(L@@PRZyGw05CfK)?6W>vk%@J#aqy`UaYgVg1nR!9Jf48GJmsF`>1Jqbn1M*5Ox}C7@#2R3u zpRi^qz38}_e+#8TlA<7&$kt*?hm8iw>C!RJ?V&fBvbSoW4V6Szp|T1}j`!-Uwa@dD zyj}rbK#Y7pB1mNYCCy_pbQ}6}Ia{op)X%CGYvp{c821*=hD{`-kDc%S& zmv7LkZZw_^rr(hn!sV@$Jc^Q-4HBp~)N1*)?~MD5`@#sNdyjo_<_vcPkp5`k&Q%_a zpjCue8@09Y6(lIT%2d?OIw;KJ&zTTA*vHqqKOrRbb#i#d#2H}4A2UckDfM`dl%k_k zT&a$f!q3xxOX|_xs(uE}X{o|TgTP|@#Itan7=92{NtCS3$rnmcrN;h)uQjl_IQ)qs zT=OZ(W%ZZhaOpoWBhW$XbHH&u_Rzggm62^X$NGnsfFPM+CM3##LxgZ(FFly<;=o4Z z-~T1NDtO~{gGYw68Oy;#Cz-`7E2CCIA35KBYzdj*-H;vCxeq8UKAH zs^M7H-p)t!!;WsBUbubN*16R?(i|!7CJw?STPHOu^`j8Fo2S&c6eG|KeT`|;G?|W( zl|`~+P^W1=h10PUq%ZnFGFb*pO5v~)dX4e<-oeOF&73=-w;69LYcD`&=J8Jbi5K8y z^{k7z3PpbH&OM@ooB*sN^9Yn*-7Jnbe!@Djiiqz+`*BynQ8kYe8>uD4thSS*4x^uf zyqRtZrzyjGcglv!Wdk&f;Uo=y?F5$4LWvutg+6R~K%~c#0cwG)-TN z6q&4)Cz=X*mDjSTy27S4f4M)ok$~!zpw_w`#(!1k@cW)KrIenGACITsz zC>nMHyVt0Th<7J%lIaxc|6cKQRVDe&;|@UxjP@}YurI`=dAcU4$+T&Fyb!1L6zOfdZdpn(#ad_fz2v@IC0T%d)xSAf3WBYAgs$U6278lrJDWo z?|%Fnz8c8UBck|rBm|^hs=ks40=i@UmJcEjfBRvY))9qkij{>Bv<5z%xj0Dv0tgtF z6(^;*RrdPn;jcCl#SQKW0wzH4iDx{{<4!!6WD!zIh)O(_^>AjimO#;C>z7-bfjfT@ zQkI|xO2Fu@i_rT3X6IJp>EQ!58d7^5Jj8pVpaGyzAykU1l{^6%DZrG>5Hs6DC#-LY zANP8>fwTrcgp)&GQ-n`0{Vvl4}R?+a4Y~KnHd>0 z-1oPskUZK)B=Y+b7-C{fzOh4|i6~u|eSJE@{9p@Iv~HW_8Wo)aAw}wEHM&WQ_f6YL zM(-Lfw`Pziqyl`_{U5aG)!=F~61yssQW>Z1EB#U3e#1hw2pvN_-icb;+Il?&1>swH z2z--1gzZ6j&$fBEEN%7315!_tj~>klN|`S$c{uc#Aq}+l*^BqF0xC-dkS|B5lV6{a zV0hYJ*98<7TES6MvZO(V^er#)bU_IrCNPL zoT5RK}}WB@AlPu=72}NR2Jm8x(VzIXf}p0y%88s zW|PqdNZ$gYB1MX?;yFvb<4DwGYREeSJ?yu9bC?r02fxpF;H$)vX@aWB%i=t*1jy!y=}k;B&Em-+Y&VT=)yD0CkplF!XAKxB+@aygzY;>YWeZjgg9b@kSLt*GC+eo)hJP}7*pMISD|+C3d%U$rZ$=aQgE^}9MJ zxmSs6O-w5ZZU3582%B)msX`a^<=?$h%CpDIMu}Go|`bV6V>Ih_t-s1NQ2Vg>D}CG(lZ% z-@&cA+)M;OcqTD{55zp)<)5X^JF?G-SU54w;(=O7;sw8-xhgHI#&B9qiPpPG02c=X z>joWIt4Qve+~`a>W`{E=-RZwV!E?xg_+Q55NTtg%=#EEuEo2PV>(Gp! z*~avG_%^^6O5_!gQhYI68aSHW17Yo*pPui8<)j#6xy@lp!1ki?$w(-V>aE|GY7m{i zxO?{UN*BuZHv3d-mVAUlq=F+1U=SuJ`!Hudj*rdNE0cT~goy$_ z9{B?>&_2A@X?*<6MNKZJp7zNcolSq28^2COYa-m}C|@h0Mblh!WIA~B2s1<8thz~fQ7id&M|BgRk?>wIzDH@!8cqyGAh(XX$iQ=Z+Z+FTwT z+&Y0EUU+>{{N#@~Fi%E#wvT@KU##YsA;DJIOn>`IsL7bJZD)COmgk)hRH;=i1FoYw z0VK2)#zc78ZV{t3oT>zKPP39xSUHWZJXA6~uz zTKKj@U-v+!F7#&EuuOxdcT;X!@zbm)2rNr_S3#oa#?dshcro;(3DGTsV)1;!=g0>F zAXNQH*2|i3Z)C+x%fAlrPZP`BFW_;}Xx^dt}!RuVCYsU-1tQ)8t2letv-uQ)RN8a!$lKRFtYpCJf0 z3X^(P8AZvyh%-PCTW$na?${{A`TV4m`6>wo60ME&^np=4UJ0>2kBy$#FsNS*Z05W2 z7NNQksbGaLwE(o*@dCs1eCZU~_6Vd6D|AcjRG8#)X40yk5SIz<$c{`#_OjfRTs}On zJcxg_<|0{y1gZnO@`NCMXJhLQ9S#}>kM&T#Xmub_P%y~UxX_zbLaBi9D^x62xf)_& zw~v4}i36p{xm?~Omjlb^pu#8V^BnW*#DJ)HqbK>K35*sAS~W0!qg>#p$F-MU@~+;; zf6{~{)0qQehE((}Y6Ek4B_M3SVITcoL$81ah!Y=@853gW)`7U-+AI;P&yaxGFWnEue4~v!kt*WtKA4AwJMNvVZD*df4(CQ zIHuptQun{V^ZqUKvLkAb!e^a=Q#!Nlx@4B|63dP3mB%h#AjfE!1bUB;=m|r$zBgDT z1;irZ%t1p#1So_JjURT8_Y+-YbI!B9EBpCmH}d4s!12`e)z+8%oEIw<|agvcuZ;Eqt~uRFvpn=U2`=tYL<$ zx|w!7pJqS{74#LalY{Y!iI(8p4~Bna>9tky@)gj`s^y63uFx^|`fir5_4p6Wu&zn< zfsXRSGV*-_#bV4?l@bsx$*^;phDCxlWBK#t4x;4-TJ`P8w4)`9mE%uo9|bp!11{@A z+Z^4W0F(claZ>y9*EmtB7lCmy_}RHrr&cNJ&xf3qX2oAR7ey}_O}!_?qQv`P`<<;g z9#eN61%cRKh@lZHA5YB+k-)&fCPBzK>HsB4fm z@RE|)#^-A};#HUMzcRc6Wi+Fr1z5NbdxTj5OBzqh@E0qk$94dYs;nvq?#qE0h#9Lt#9=$Fxe|I2u zR)dM#?*Nxz&6@ec5I=(l(cK4FB58?@+t_a(hBiMuj(S=~a4Y5S#*+`}HGRKgHAhDEzK<&zn71IeAo@O9_YFn%~`V*hGac@GF(i zA41AbZqY>wu7LuBF@L|whottj{3>_PLF?HD2xBdIcv6Q-B~d<)Z^m~%{}>|cUPbr2 zKXpsWdhPCJ?Sq=y^$!l>3t5fR^k83i{{h0UUg)yCvwyvy5c^y+A-7#>^^<%xwaiv0 zFrJfM+;0YbT*XZEanE1AbRttj>x<+2k6^!e?`{hu;BIrNEkvJ2(cW8TXKhRr%w+wI zfBX6;?yflOUWZ~z{k#B>0&Y#qZzNR%69jtSI$T<`ECN#r9>t=+E z>qJ*5X$5TwPdyI&7;}s(os}&!by)4buaMTzs-pgrJ(l(^dmQD!9WUVm@=d}O@-4P@ zD>GrEA)wOY>WMMAthJmyC&7jB3$ww~9~|%GSz}VpO?>t{Jm&F8^pPsuBrK-=6a@@h zBHZ@V@U7ZIUQ+R}JS+j^Stz%e4)|0fRp(8AzxmcW&&aCWH|B%=C}SoQ^Zke41_fofIB01RFDMi)%vj(AC5|Wz^q5H=W`fdbwKO&d6S@k`PCrVeuNMFC^<_o zyZ84cTJ<*jRk!=579qRYQTfX^vi&&2HqeQdNQC1m|`8%M;*Eu2Fc;V+wdy&vHNmzN%Oai|Dr7oRSW7lWdZwvo@``$cN0sPdm>113&`O1mga zeqaYx=eH93o1UW?ZCRFarv?W!nkD%Dk!FPPN`q*iF_8MW3BSh@4C^!QxAhjCi15zs zGW!DMwF`$Ox)EpxAg6d;dzIre5lU3&n2vOW*Ceq(o^e!PP=3QkCVhd7ON5=zI>2*; zBDz;!oS+ki8GqasqfK#C7dH=pN_kQtNFS4>)^8G3{Guudu*qKbHzW^~|7n2n`S%Mc zo1a+JU2+r8)&qhMC$XBhxjF1MGxj&zrg5*$Vjzh<9d|e}B@KCX;z5orVQ?xp*=_Kh z%7rZ`bk%rx&5|*DxfsZ~qJ1?jA~m$?aHK^UYH0_%>n)drP;xvV3ge_= z?KH=(Xg1cN=y8XM8RmXkwE z-8Omp{>~{A%i+t0F{;DwgdhCk%vpVC-dMZUTB~0YSNnS8_EOSm2=|{GAZrwi1K4kS z8S3m|hwi(5+z1_%svkYyJ>bLJw9DsssfC;hdmdthSB;FT1-eA7nsb1qaxL3`|+0xgDjg6#Di-(;d#L~Fj{kU zALHoQsw~@B+kUapTp;7V98`}z{BjcF{D2d|BBMQ7fNuNLq=0WF~_T8QN z-Io-CuR9^1ut#8Q;#V~iZ1k{w)rSX|-Rat$R&tuM3m8$xTtRgScpr@JGXR|C%- z`N-b`ngdmIjP9J;BR9Dj-hPMTA~8-otx969y#B$$F^?Hx6pf5s--C=^Jb_#7=|tn{ z@YI>z;o5CO?Z$V|D1gai@fdlPULNA<_s6|wFl>2tqwi+t-<<_9+y9KCU90z59 zkK>LH%C-C5NXqh*gls z0%r5^GAQRJ4Fu)As{yLps-_udh648sCv2Xg^3emUr-b_68ajGDmjCOQP;&hE48bD6 z=8Qhlf5Pps7EiPgibvHdTbw1>-W((*A=Cb&zI+JMD{XA$54%lBG<8h&Ai~Hk(tXs& zY@hCXXNgi!d7sT%Avca)hW!9OZCnzjm3L2T(&_ESrL{R5KbK_tmfjFdE5zp)q8F8^ zabK4FP<7ge+LpL7n2pPQUt6@nW3GZ*liNTjcjcs7zpd&;AUER0yTsvP*wcT zrGpFA%G%fy3CFCD&88)$%hfacM>(GVocmm5T)V;XHoxH^-v!aTnekRFKDjf|P`x|d z1D&2kVrcE!J3;7{o2{UNqFsIW7xnJf#xH0lIidvVC%N<+6g7L=b?6FB;-)-*MC)M( z*>p}$Y;`@kXNjg`vZ%uamgvx+a=#OT)S&vk-*oRa4Y+l+K0G(yR_nHRB#*iYNbR@j zj|hyF2S2O_Pnd(KLOM_Ef9O=Xe*%a@5^P_Q>T!;Np^zaOY6}sQeu_bI3%D-+^A3UL z&dq)AX3x_?39>5p)COGAV(+-AGyKKq1~oz;c(EXlf*Ob;jRUVjPN|cShDj3N{$thB zigl1$aNkR2`if0!W5zh$jb7T~k;l@|D~EZ1C;UUv zm{Tyc?PQ%KSgdJZ(F>Gc9)R}c)ntB-O#cHFWVH8}5}S8)l2x&_s>>tKQyUObk9m}e@t#Xa`(Dgia&2%e0XnZ`)NvFYqoojp0 zj;NT!ml^re_s2X6rsZ6D`LkyFIwDmoZ1s-x5b%ehS{R32H|PeSd)09pdsWI$pfQkR zOAigBD+s1Al}TV1uoSb(VWonC4X6Yi5C7ku-ETKM`rGgV z9F!o`2DdBof8S9syLLmE;O}-p}bLaui(C%q65EEquA754aX1dk^!&dXdi7}zFxuUYrF#TyR9w@5-aBxU4Umo-V(ms8- zb|MVQ3*QId{x(x;*!xp9tURTD(fMoQoe5)&o9i_LWJBsk({BZfl5j?Zf+PWUTFG|D zgb4Hu@Zjmh7ez#zA;;SBjG%cA2FDalBlgQuoxxlw#EsssxjJ@t<=`Pn?OyR!=2;a9hO8=1)({NGS}uU$mx>kI%= zq0PaJ3Pq%K&!A!t%U><0A_?FCY0lBsoLBNj!Ik@Aj^H1YkoV_a$QcC#wQvvVZ+Nbz zWHY0yZ1tAqlK6R#)LWtZY!J;5!l@}8Ta7Rsn+Bp@w$VVtO_s>)CJM7Yvcg~-`A|9b z<%uvB;(LNlV~x7#$&r5Bk&7`~tFL9?xY;4B`|H?)U1j(+fi zB@<)`fvtv+E*u!RL9h~ncLj^_Q5F$m5*O5?q4bqyCLyKC`eWyJ7`$b&;+(Bnz>@9j zDh8Moi0VK@@)lY(_Z|6k3!yX=1qa#kE`pp)g_|b&U}y9kcOz1Mr0AfJ#eP`^JzE-3 zVrUM^m~kTBgw`RDjq`QC-Dn032RI3o0Eoy`m4gZBOCz#?N9}tL5E3zMU7XN!W2;bNL=a*w~_oD>$ zE#ADU-Q5g^NwWJqte5uE@72*c#l!QQ^z4xt&c-D3mIN^_w@1ypq1N%{GY_lH6fG{i zduUE;8K-@smNW0Pxq6@BA2lyC+G+*~ll#uJ1@2_+mQ^*zp%s^>|ahu8(WLEvp z%r55Z6(^0TnimJXeE<0Ml(;;@R*)w!nqI=3bb?P??e+?q3ckyrT{=Pf!j<9lRZHaB z#_Ia$(Uhf@A?83^9K8j?)h-|h1eShI@G=js?6y_G>vCVvT@R>#t>jK$TI zN5A;5uu2mgL$q<^wCPnrZxTkXR++#yHg*y+CHZUCe=Pfs5<3S55cz&T^tA?Sf@M5} zqJav#Py0#!c(XBIvy!!iEhtY4!L1>eAzQF&24lrj@iX4$;fO)Z5dhv*SkB!_VRdQ~ ze!i>>*q^N1Ay|a9QC&lZ(P_8oB)~YVkq8s!u1GBj34jFJs(tr|pf^)xp_bS)sBu36 z9Ez(CqJG6z$r`khKAUO689gFX`BktHcvrOm>bW5Q*5189ZOJ!wd`I73>+S6w>Yq~v zZNXs#7fFnTh{(P8J)7wbNIDFwvM-&#w^~I2j10>N{NNKoN6lq62Rj~in+mgpTkCer zJ)q;xinjyrkc3uXG9;PZPlhQaQoCD=FM)K!B6Q7%_0}8W_L;mAx5eucfaT0~c<+=# zf44C1V#aB*sI$b*Z%x-a_j*6w>K%2P38HmDeK|(x%hePm)z49I+K3W1CPY?^i$q=) zoU&|U#FUW*G-Q@1e0-jr`4d`ING7mR=o)-WcFT0%-`DlmCq&|7PqdB7>KgadTP|>9 zGCTxW!C3;*O`|bXqKaUTOlMw~;Q-plOONo4)SzP}M^0Z|tMC_x)sH5uK8eX+s}GRo zu}x?l$D0X|izlg^#qR5xJ@?|c9d)HvMY|vz6q#Jq>_7#NRnal%kS#;M-?E{{X&LBD zLQ)p#?V{@mBU_CymizktV|TCZ5O3yuW8#W7(`!`5%k-#f9gGAb&hyfC@zyKgr9|z^O2{B=rXx-CBjUCSaNEbdIVo-{3PwfTkaLI zl@!7rkx5b(ZZrZ#B+R>zshUW8^iW0_8DzC2L3nx3P?s@r|9Xg7$y|B1RUBmrX7r)( z(6N)^Mq{x=m0`)fsMWqXk^Tf^0>@gLOxAWb=Oq@CFmsQ=)!O?adESZo@38IdAh)^` zSciI2tSh6@8O&T(AXo^AsD=I%a=2_|<4gaJG|?cSa~&Dj^@edYE5+X1tuVRT5@QIz zgo@Jml&**@3|kS z68xS`J@r?>8|Ct;d3X8gPD?0JVDs%qjANmpL?pBa$R#qy%kjV@-WbR(a0)&Eh$$&Ck>Y2>i3`;{LR(E)c#32r4-BL{ zcsDX4)k*|mCN%D;8^9%nUn50T)GfQjpKlkA2nl1V=ccj*%NPcXFO>2&%_$=>lHaG zP+5mj9&fqN*%L&0+{E>i@hb47#97feyaHTn3~KmPCC@|K*)`Da&k-7V{?gbKTq`1EIR5zBDFN_|?5l-v zTY%UKCXZ3t8^X{~-5bRD+)Y_-qpipG)VrQfEz%cd_syAD_QX;`+0Kj`XV zl~Uh@0pju4gwIuXUinc=e^fj7jTAWu*|3i|X?9>I>k&RD{-N6{%sDY12D8nIL^>~` zQ6L>!#i7tSZnl2ne5pe{8jJ`A5uMU|t^WA$iyc}QhYD(5TitO#Yuz_pTsxPv+fDMk zd%P0-KC|;Cogx}DJDg3zlaTYxLI&*jpP1)GCZ&y{1*Q%#QvSAgZ0EermqqoT7E-0s zyQ35~pK`)QjP(pJFx+G}u{HkcW@LAVcJVX=#P3M@+-I9|&G84*|B5fYG_oW5|UHZx4~@g;w4Yl1;xT{T;w!jA*rThw`6G8^ zNXTOh@6_HExLMwmaTj*2En`YIYT=%Enya9oGWql;XHVMFC{TxQi@U(l62F*X5-0<3 zDHz(ixdJePSpH8}&f0(aNF}rN>uI1eUZ=Nl|8dW+ZI2N6I}2()r`a<5&qILY-L>lO zEkCmY;tcj*Te#cjp*d#Dj-wJW6>dW*C(U~9`c=fRwpl*Lk8x7Gb6+mOlA z-#uQoIP<1wBq?IdrdHjh9sy0xyWFavZHW((Az`nqum@VZEn&Q+HAy&3`m{)J(k4QJ zM7~WgK04DPlJMO_z&%izX}|YU`tkGCOfaF>BQUR56#H|t?W9FoTRdhkUr8iW7{QR6 zZ5iz8>C*eRcUEgVsHId7S|=rqxeH8JRKw`A%*Lnp9-P7M-^=5dwV|VVU0K)`Z1@AM zwX^iRj(Gwtxd5n4zV90YXmSpdOvvphrBVE(;s+?}1zY8t#dEtu>HA1kF2L2xn`1RE zGE<{ba=re>Ur5AR(oV4}B&4_L-Uu}x@RbEOU^3M|ux{E(pLTf!L;&=#iWB;~zTY8B z5!pHSPM05Dz5Vhkf-J3MsSMG}KcW$5K@@U?*zHS#LajoBz}~e|TPWe1z**w?=_&BS zQ9m>VxyE!VTmR+)Bs;aAFTy*Iy#wUd3c;dUjf&ewf=c`s<3b+0TYnV6x(h1gKW-C7 zIQl+@YTJS~jQfJ#KDuJmbwSvBMv2BvHOx8>U8q=0c|Yei1de9zHx!-g7AF@gLwHRB zuUTikFz-ycz-wV4Q2$+KcU^rzxl$nKAdWM}v3|2+il=IzPtSC=B!+kF*^7(UmGDeXDhP52aWo+pbyd3tJ$8Z4hQ3($)2Ql8qM$cqrSrXo?o<%zu81fWzAg}3} zV9y6chs#*HsG!Qklqu1DLA|Q`;F@-}noE`w5Oe?Dcj!i2oX$pI34)&os zw8d3a&(6ziPpaEL#XKX$*KVukWA4*BfOPN26ErjbTT7sfK<y~xAhPBgJTmx@%C<(jG(b_!oyu!vc;ImOq~ znLnO_^>+U`?jexH!Ud(w_a*tO+2ge;m1f-?R#|Y#p2vyzj&n}>V>2<=rrh}Vq{HNh zgBeyOZR+0B%$S&++TGP%qa&A>GYj5!<3dgMlk^I-)DE4Qhq_oBiU>wL4`V5AMAB?5Y}|u0UTMd`deAlR0r|0&cF4czKv@_1HaCfAD(LAxx~9mcfbT zl2YvHq;FcYO}6Zd4=_G%aK5c2odTzto~7=_e$&dLttNtrGdHY;Ci?ORt_<289^OMO z*@=q_KNLvtib#Z%bkmf&#VCi;v?uGbQ==;rc{HzPrbc~+)!j&5b%jgCZOJktQsdP# z(Hj*Q7S-6-X{TZ^DtsJxy(oIEK)SwSR#PU^40@D3^~8eZhXXE7X9ba^&eqH3xLVRg zJ(uS?I+;%S7~_(~fOi9a8+EoBMtABOaj{Z@bFdF(B#fGJGzixf1?;*_8WYM#QG#B2 zR@v#vxluB)WVvxci+rjR8d>8@?Dj48xqGOb!+bC{?h0&u+KsA?1#stod2ABQppA2m zacgc}$r5+GQM++rczfhk@2RImm0y$bZ6AxPSK_N78x){;O(mwOpoH@qDDCek?GwRH zEhaAGfOjcUH zzV)*UVs&j|K8oiYxjS|+_L6}q>f$Cpa-Q&&ew7(J*^@0HlCjZw&ZX&cI#_gR;5UzkbJUTEOk?kO%1lK1&Sas^Al~{l`=T=R zE@t!ci&XmSaDcCXi{~#A=N+1+ljp9tF~(M_D%3*n{ybeWrB4NAq#n!<_7EL_(Djp9 zDnC;K(p{^YG&fDNr16H9EwR2A2OGOD3w1N&IwE|#_$T2wNZ@Wokt;SzGi{%}j_Yo@ z9;ai7DeTonjLWtd%sh`pW=TvYL#Qs-5hkuovB`Z5tW+tsRv2tc*eL6nl$oZMt?0rD z4Ii)=Jkhy@3yeBZR>U4kAQV}hsa)z-6=}=M6TJAiEwAMxKFLf=Mmt8-x`a}+MJdaV zJ`3`%VIhN4vx>uuBc;7$ibTd_jq3X@Nm;n0JV?@nF{dX{rq zN-=stuS0bEi}xGi{pB~|MGeN6M>g~fCZ_q;lOAmtX%7qWp6(i_!n0=T!XwHg<6TF* z?pVnUl&XuTQPx1AP`nx9{Ne0CdHsImzFCM}`?7}n$groF$1h`O(a>^5@2488Li)u$ zO9nYb?2)fa4yuY}M)S4sovQ8}Kh0_`>nmGEC(CfZkjVMOqJ#AXXWwzhXJzkoX@cXS z(#s)d=)VWhSDkzMUo%nIj=_eLd^(xwNe&xsN^w77y(>T7ey<<*l7|RoW)n&k*#d&C!YFXN@qZ#${;bTXwya$x~`v( zMuMCx5@sxp>YkU+}-8K84`B8~C0qk-9 zIt1R_;|>t?i>ikLl?x@Tdtk=i_)@N`byr%z*ip+J?xeeEEDn{ay*8$ULx<^@9%p=G zF4c<)#d3Xsk0}6i`$DyuMBbU=KfMr@>?x=zrp<;bOtLkd9cnNxxHOZ3WH!2<7#&$1 zx`bzg;RxTP#n#+jUWYR}T^Jkf2&J;Xa5|N8xS1iRRDDL$+q{GwY$UPi^+dZ@pZl4P zJ4rDBt-BgdofnTsR#N@OCyx5`B*&Jv>2Z-rj4fYP^%>bf<g}xuP8^;ptig3dd5t*r}TI^ zYD-L2RGq*2HmdyDfSr4v$bN#Hv3w|5x=kjRR0zw(kNKBx-Qt>!JmY)oKMa}lEseT5 zEHip3S~0Jhgieg5>n+iiVl?uSOeouN@fxm0K-#e2x5%PoXkq5E2svJ#K`Go4$l2qs zwZ_DSJkP>0q;8`(@UAMHWBbsy~?P>QFT+ zY8BWVW2U8`Z2bgd4T}1r+-c{~w)63^SYGDXd*flgIyh9uK$RgOVpge{E!qbgYTIZ8 zrimoCp7}}7q!4}K^5FUCuJcV>-Wxs1m2I6ZWK&F!qIfTlMW!k-wPbvQ|LdzD7_;5? zDkP=5rIIqT`!3F>f1Vg~JCDZ(A0n1ip*!;E;%3*1rHnSene&9)91rxDx|leZLsrkQ zZ6AOg&7|LPO{SyYHc+`Nw}TVZmX1u+xV4_e4-k->5v(V@yX6$i*~Q=DE@&|ZFkPaf z@QBlM*FfcBR_mye$*J>s=cjkKJ+F6u4#rR6b;&%h36H)86-)2Rc^Lrc3{jN z4h_U+J51U^*7IEB#`Ih$7ZeP_qul{^COnZjswr)5dYaw@;I{BobBn2xQO& zYct$E7Q5Nwx1h%d0AKS%+kX?rFL)3|$<+eRP?4~)ZccxEp5EHRITnaLG@k5TQwU~! zOkBVZpD1aZfvTD7;s?Qd3luECM;E!1!^44Zd*Y7A8eo^aaFgAw#%(kkJ&M2F*OqE`0FPm>&MTQ&ytq@8+!7=Rh%I8i>d^ z4$Vz08CC6$q9$eUZ>qn0Ih*3_b5RBp%ghG5xU+1TIVHFm>Pqixc zwBb+l>`F{Q%i*Y^VLC4CEt%L{9fe$K>9sew1s$)+*O>5kncFu!@RCNYcjF+9|2p}L zj;Rf&)9cIK@+lvVto@W~GR4yCsPobzrDtJP@!rdn{UQb(V}L=OK3ncw{~gNxX>54Q z6`9-Ll{|nl|GCt5qBC{QV1B$J?t@Tn2Sfa$5~(Sth$Odr(jwL=?k`m?E;A_&vPQdT zHGX&`P}zi2kGVH7B7_5H(DsnrnYW`w*v{@l_@T_=DZ}`*nW((%wuJ7YMAxC_$;V4q zmg)E7`E-{?y1AL=!Su+7sWQx)K80d^H|B^uY};{Dk6s^HUX<4DU7qm@{LG-zZ_9|B z3{e+5kZ7Y(#Yfg2l0t(MG);0u#Aep0&;T=kz+!pO2($apkfHp$5Buggv2)|`?DCrd z=n{6|IBU~?YPIA!md4#zPmrgTY=HpKJX)ZPbT?Z=K=QuBeLWP-82nwqZNA|QN@jN^ zJ;BK=7Qx;GEXFlEe6(`v90BOFYOG)p0Nd9U}DL%Ky}R6ELcFaCUJ&#-L=#Rf1nsB zhnK|ZN3ClIGEWA)xD=n^_7wKGEAX_k*_xx$v5n@b>&-kF1=m}Stw6<#;cr9tziL8T zB1ZV;Q_ORoN7+N+uKN;ei#$M>__RWkS-_$L$XOHEBn)Hjga>AS^RJAGyd2YaD(=PD zsL9I04UAq3X}%l(4lsW+MNHhY^l(m(QQX{GJ$1J35OgCJdrB|ubJ%`dY=zewdSN{l zGBnxo!Ly^^2r#F^IIa24R6kw{dv{1^rZzD;EnC@Exov(Mw(RMv(2trHXk9gG180=7 zmS_3(B$D+RHL>#|kz!YjITAY;wJvR>7PP?_tTRj@4>cR~_wQ+o6Xxi9n$$OSv13KR zxUzhnKR@$@#?W}QwAaQt?MalVZzNGAb)|~5V3pzC62fj6?3s`|1Gn$Tj;VAi(ot^c z0o?mp;Z9j47*#MR#7wARePj<3FNH=E`F?`GD3N0e3m_t?>;BXI=YdX%W_P9?87apb zFQyO{J%V`FM}}k~L`KcA?*I!mWh6d4LRcwxd$NI-A7kFlh5FQn+bcK z;TrC%Y3C-$H?UJ-!r1?)8e@}_%*J#j>JSbFcfUkZ3}x)>-JjIU*|Gl7!rIrFfXzkZ zJ47nfxMoO)e1|%QmaNK3u1*e)fF6G!IB6AQ#?uprG3e8s>fVcI#NCdHX*#T3fU#;n zDkhCny%PRF;kr`CxwLs}D#(gdC!v%k<#1Ak8YNNqnSfp73a|DUK-LWIuzo;i-#k(x_Cln9a_HQt{qK3e}&O!DbJc`=^G<;!o($UIhz(`3P|I^VBR3Lgo&A z>)e)SB9s28RJ`lMcnqyBh8vZNKB!de_Ll597}*jR{XLDrH@fe~T-Cf9?kV>7T_zTQ zJ!FVOgcn4z70LWh_`D2CeP4EuEQR78k7l+Oxg_Z6TUBs~*3&GFmheQR z027juzQ@r7hXG9Jf6JN~;vW$yWukIFI~m$>J7WfFfz3#te)W~T9lDiw$+chrSPmb_ zYa(OaZ`VucWr^&Heb~4>4@}6_?P>VM&XLm5kgoXTB{JdJN6AQIAajP&_crv&q6`~a zykAQ`LH+NP5~zK!S3LjCPHo1nk{#q$Chn7*(=aIvNosckICIVesyPkZs7Wqgc|I`qq)oI6$&my)1tk->5k@o7*VkM_#F0s)ItEX zG}wrpvt(g(rYt1@S{6Q72K3{+I8@Pn4MLZRIV0)O*8JD{Busi4FwYt8z7mxFl#IS5K+I9`M3ov-WSuf- zBU?fgj-aO|0C*|Aun;lgB>3&1fAdl;XaB>oins)2K;(bCS7(5hqR$Rm2OynPh85iX z6Hj4`wpmHyJA(-Yl#!W_ zWv}o4o23?}Na+vt&JwW+{_$SUslA6%yivGmhH~}ff6#9rAi0oYHmU#3`^NFoL&8@4 z-%a)T!+0}5FvLG-MaDcXq!WaB?j;Zln;-5cv|6{*mcu(#l$;WvC9L!M2+iMzJD93m}59-pSHJoP|0XCVf2a}}|2i)5U;ne-vc#O>-#omp9{0vc%sum3`7#W8 z2M086WP1W&&}dMkn1TINQK3Oqzw3~rBC^79ng8OIzYpMO$LXQMgys1G!6KY2fq#5} z3j)wictBskK``S6{(;%%Y;EoA(5vFz$GHS!LIvO@dVd^rerscfT*ZI)sN1a_QnWlH z4h(?=j7#2w+pYkABvjI6`-1}NDvX<14 zM=uz6L0WKP-qGUty^l){?o2>bvm1V0vD^OVJ-Hz0T9C|^CP1W-u1aMlWS6pRS0G<5 zD4#5#L`ZjiitzWlkS{OX%3?sFv`+={<^Cp-`I9JLzU|BiSul()A>_+}C||~iBw@<7 zMquJm?b>?BY_y)~+3i{r=Ol?cMU#8Ww^xTdTnBLshUGWHn;G3Utg|b22PoQ)t0!D{ zCwCuhc;Nay_|V+m8-yAsgZAs*8{XmMc@&d{BfD?*h`LPaNX&h-u!F%_D+9u1C|hp8 z!j{-CnIJGR1+Asw2u@YoEeb(>5ZlePiL@)76^E(^`F`3Zd#yZ|+E{&+J74R7i~?H0 z@G4%^?xxtt?MHTluLlFESZ@y7mWEdUs-u9p6#Nq4e!g`u!XS)mjnwr#)sNTKaTRq9PU!^z8W8*>YZGq&Jn}dqSy={Yz-6jicF1IH^$q@-; zB`n^W9Dj2GCbmA-P23;Y7H+_R6eX+-!eTHPog$lQ**3mAU{ zxPBJsdWg(9ct3!`_~iy5N3#}<`k>CAt$NQoF5W%z zK1_*FW5oQMi36S~x7Nfd6hW>pq4d|j@=QccMk>7yRGzc_z!?TFhN@F$+(*5)uB0{! zF%3**L&n8M38~JCqF|0d)2;Q6>7r7L$I?SMimHt#-VH*N)aT*k`qIKvZTWU&Q{2pa zX?7cS(MrO|PQMx$H4Vd{XdT5nUtD5AayIh#_}P|wtD7UkZ}%U!-A~Orb#Di#qeBg1 zBQKDbnCpn0n73a#3|S=dWrxCV>up;$#o*54B}AmPDXz8O-drx_x}1Rg_n#VQ?RPSZ zUwWSer&{(kR6~ue5~dDN0{kxP=s=YUe7~7&J~h$z#l2$a5HyLSRV2GrQJ*$MXke5RKNQ&=i5b4zbYtk|fyYZoZjZGsJ>Y>pIxtFyZAL4}TT{^4o zIIPYidL6Z%sU0#5y+|cpE~iJ|13S6}4^2_aOM?Gq$<{AF^%ATXGgV{bO|C=#yX>^d z>yKbkJyBD0XY>IAzL0PDSum`iAM%*19>Ar&{yzFhq%PD9Q`D!97$Jb?_bYS=$Nmjk`lxtw>j?2(J57g#rURp~ALkqZz zI&{mu+8ANfo+691=iRCMhyl99Br+2Oj02k!>}v*x%51Dgq~^})>FzHx zTCN%yWU_i{CgD11PG@p&aNi7o)3=K;a5Z~OO=izp$!uHi_-Ya+5R)QGl!o6ulk%;S zR_wsa{6L5M$_#!=DX3_sW^?Z7vxwtTaLxGA(!jYPnK)nhui~yF3MvZkAy|Em5iql~Z*8aLb=^^f!37#IV+XuzYUHm}~ z9=*~}J^?=!G2P5cI*uPf(!)atA@@7D=yqZ7q~5)a+-Aw#`brb;Z5NN9gI2R(;CWm8 z0(^OFVP^jreWD3y^Zu4>;IW2k)wEXuZ*)17ZuhVP8%Fb)(NTA}#+AxUZ& zZWr^7-OsL{`;eu~>U}5oxBsUw-+s9`t}-P_2pecnXar7x4S&wYq}~87uD9d3$ChKl zImfiktxgc~+|dUIHRDgn_v@LXx)ctk)7?(KysL*iaUU`DT8`etc7Y}C@bv_{ms8Hr z0h@CQq_QRqMC1WZ+zCl9nPi5i0+5x##NtwzYU@8Abp)kW^723rmA|$}6p4p$}S<@3hOAug*fB@^{6F`1{o7V-SSJI&c?wvsw zC4zpNAA(If>=_yc_`r|<1ACm1b8C2@i5>;u%1RoBKXOcsV{iv@@vHqe2=>29@Alsy z*na}S<}ba1iBza=D1-sF{Ta%1NZ-dY0hx>K=Sr8Abp})YF@;d1d1{U)BJ5@&-!w?= z9zKk0Borl5fU(b9Y$6=r!_l&$#yJQ&06pPcei*H*X?j=<-*bU2KHY!gJq8=Y#ts2OMaZ&}FtY+iX>$71{J10^zz6-( zk`@M{o(?tW!@K->n*WE?5&>#7mI|rDkJ_f77{-Z~Ak- zo{@G60l0jViz5pjUWzsH3wca7E-r@de(eM4Qe5B4Y;#tFI(YymWdUaFI+-c$ODi zlTvR%H)Pc?SZ}l1Ay()iES`!mCcZ4F5 zmn!H_HA|qqi3NE1@_o4V$Pethi0%OmSP%RGN~bumoCfJ1wXY6u!2cy zuq#eY!=%*Z198B0R`xXMtm}h!)T|M!H@mV)v z%jw#D$Gh6~N=@JN7VDZQ(bdoriomO0{SKgh8i_62ckr3;Iqrf3Z)1>bkk zd&#n$A+CO%C5Q_{*rbTklxm}L2bgQ+QdQD0iyb@}4B$x0HK8bZNaSegsrJ!vz!NHb zbk@BBo3P{ngWqX(c*0;I>%26w!)X)&YFprOiNWEIg7UWv!dqu+uEX`2p68Tk7o&+{ zDGt$$x<7TW@Qja?BVY18BqGt${AP(kk3$PodSxReMjFz!J?Cvu;DDNj^Ub_>_~_|! z$7=l)2FfLKUlSp+tCANptm31TwM-GLY6^U`6t7#Xq@!#?&{H)myQzEB*Z>kQ+b2>h z!I^^MzOuq(cLl4Og>nV)_o8*Rc4zUNJ-`_sd?IkzPtq<51Ogf=8%v4K5X`zc8rIU- zd<5h#M2qqVz%O{iEssI7nt{-)=FkWhI9#_622Q+~Dr%KBz8m-gJr}fJIDBe21-U|a z3<&AQu@J5c=#cI8Bcw?=vgnZQi{_1%f5bqgy^(7HHnFQ)!2fXG-mm@JvcTFv0DG$jCgeJZTVG==Xujflu zJ!%pLKy0v>e5A%k6XRp$kL{rOic46k8Sh)zkYlLR8s9hxpFe_TZ(|rBrgF6Db#bHc zgbf$)(k9G5=tFHbfN zPk>Gr@ZILPLy&Tsz& zWxPE0;(#wHEu-Y!X9t-j@8*YpczV7EA!KO$I}D%+V6JEr=1WozY>P;}b=#4g>=dx# zqFC7;r_DsbSdEZ${tX{lP4WzulRc(B`T2CtsW}tY1*it2mCbG~LA`wACdON2@RVeC zjjngID%v59h#f?5+v{XAc*6b z4Qf0=v)6YC8&OuOa($ZGIGCOG1rxO0Pf)ciY0kk@-G0J0CW!7eveQ#n_~8UzPkH`N#FQ%Xn~IL?9IcC&1=tlI1qqDN%DHW>HhyydYSL<6Te>B z6rWChi_wB~{%d!uKjg*+0=9oDffWrxd){*VF}>aU`N z1dkFDU15j}d{olfL9zjKVVYVA`A{vU1j^d=WUNZaf>g2){ME1Bm(``yM|xe%`a1^G z!_gOEwDsjd&R1Y#m-bTC;?KrB4IAZZ4Z)l*)Ectxp?7eT`f)?W>6wN zWm2zLRS34EH@uO|ts*$oS*{DfwVU?Pdk2TZ;!T^S@jM^siaW_Yj^QERQK zA0w?35y`@#uU_xh^n0}3Pz{{qXwfSSA}#ZO&{wqIy|tQp!1=}t|FKg@2p;^TZ>_P1 zUDJ{Bqa@LagiRdR3rbXQc`%ss0Dj#Iuq40oB?Etm^Z;8*?B}2Di7eth85mX9>HdSI zmc%o;gxv7~?9Y=50m6j5ixu{Q^UNd@+6xFQQ4Tp^!KX-a)aNP+r<0^jm}YlaR79Wp zawjDDyi^PW0$b??6<9c6RpAOH3~@Sud(XLZX?+`J8|uFGRhDC8@C7IKVF0G>-aVuTcD=*M7uO+cZut6VNsK!#5x)QbvDN;c znKIf*==@lHVszp19oipLhX^*{n8f*J^KsYj%w_0wnU!o=G*PkxTS%TX<~jj3egifq z`eZap$6%j+f9HP)R^c1$6UvUTBYcsvFSYHZV8yU}Jty~)^r>BgF!mBAl^DW+b1z7q zYHqy%tt}eQ2M&!TU|O(Q8TcoIf%?2N04A)Zqr@9Zdgl`Y-GquVMG|e@L);2@BNFeb zm7(uckHas#;f6(&zMx6iG~wuEh0Ath-=U50JQZhd26`1U^4n5`vgtb*l{}MX3zLME zZGJ?~0eNj5-Cd_qc>rt7*8*=4lh7-$C75aTcup6-n(0xOIg5>?KjNH4_wWsv%o}GZ zp9E)ju{yjvvc3ZW&emCn3daz$u&5c$fI-W?I95f#W|hm0tn=OeaE z2*41t*EuNFCn5=eRX;Fx$qq0lxKJVdL(l+ci+W4M_A?^;j=|ofisNeKj0h=>B3;|A zh+3LtL0j@SVxIhYXf_RS6OrTnYcSz=h`JFBbP7?YNCc~wA}-@4&l~uepP_*_tG6V& zVMNdqk`mwRpdx;vntvZK@jNn-NJ?NKlgowL5KitJIG~M!yi*r|jrb{c;dvG}JnSE0 z;$`)3WIPuWOS-)l-Z3DF^sUhKa`9v{t;^Tqmxv?ybiqn1IbVDWdkj7#$`$rPu7F-N z1H!33HDUikqP&mo>l2?9c7#$>Fr4~zhq#O_>>8{O-O;0g03zv}B;MK43OB=PLGEEz zg0jyNh^f)^>emStRMrqvGcNfr$i4~LjL?Nw*I_5F4QvKilp#%+0ySXjZ6`M39O;FI z$bMrye>-D&VvvxAj3s&A&QDHu>o-6{c|0cG?ze-PXG}69xi)$dpn05yT~g)&v#nm* z4n{02f;GEg)ynMbT-Ds|5t-jP>Bxz}{#2Rj`^T)a9^8qR9ny;-X!bah%#~f{_pt3} zvsfI^oHX2)=kE6EtLoLk_d5%#wGL+kZ5JHCb0*Q_i<{y0UF7@&ou~vUn;7I}k(<2w z*+mZ+fcpJEGAiN;!PgV)HXu>X zGkABW4`wriTEH9`5PN}HK9h0M?)E%%$(?5LR!Ix=Bfft72I00#SnM}|rrV=+a5OdB ze~|U2g?;VkE5#;>m02J;c5O-xx(X(db^rr9jxY@4MXtxG>8L&V_5j8X*?~ckT4}a= zLQIzf5O!ymU^Xv8>I?89i(lIBQAXY*?Xfh8(#bI=+1fEe@fm&BQ;>B&JN4%}fUeIQ zLc}B@cJ@7svbEPzWU~XX!_ic7m~-=EMf1h`5}2R570O+p0QB(BCSiAOU7xM4D-X=~ zl9}ZNM~A%j?auN>%^Nbx-(np;F>);)8XZS(^ib8Ow)Su=ccJbv2q4i6+SheX!ZCy3 zK}pzty+DyQGm~X=gO*n$oDT4a@#ogaG1HQI?7ic*2|hF!alMt=#dc6T&QF1&?bF>Y za_)0<-}f#fH5|Ae zwL=pwY$J)0hsuSC3-^W$s@^~73fk@h#iWzGuK>r}+ z^bsKCeD4yCW%HU(b;?$Qks==pv+}(v_E1T7g3NKXH#Ks|DjsZ#s$q;*yJyZQD^L8R z0Y7TVYseAmi`PbZHGb$))`w{RD<6>~5E9sKCpyhl*i(=1Y|ahCK*x>c%bO~#F#;|Y z9j>>2QW;l5KbiF>WwJ@vmvE{TPw%PT-qp7^KdSuA1pp(6Tf>R8mVCcWA6P{tx!vI;`q$`xg~N1qDF~2_+OkMY?-g zD3XexG)Q-ME21cf3P^{7AT2FQNlLdg2&jZ~H+RgXysvxT^E-F{_BrQy?sM<{Pg&o! zzH^Q_=E%<&Lrfip0rb5}1~kgGB?kAI!mYfB?AsDC&{#n(H%h}NfKt0h(*+t%p$H-ErS`71w-pUxd{sqL~jxRr6xOQ}^QxLfehfprx3De*WU5PbHUhG?Z1CXFEV232TW@JtKrVp{`58x4F0^ zon3>bvb68-x9{Zd<`e~lM1H?MRC3f%Uxs?P(7MS)ztEn(rN@5vYfTGW*R1n>Q;DvU zmrSLkLv3f-TG{Fx)retddQ|T>vbd{sPK-<0ram>Ub4%2e_Nzk)x$_x6(|e5va`|iZ z1VlF?ZTcjZy8z;$e7fxkUsUc|>SWa2jMoj&i6i{Z6KKErBX`AZ>-_cd_?~JWs%@vs zhk~zyhGAh(sK-ZYkPr8COeU}BLwQuUz zKz{V2==1Ju{emL0sp=_l-ABT<^N^J1p*jNvm4|oQ2jtZCsustWVG2_sVIbFPnsSkl zVy^PSk4BQWqKs1~YGNImn_o5JJN;zMe{a$zl|S7-1*!bJxsmFR<+px<;MgN*+QpIY z@pjwxQR3n8KBo}%RG1jCTy}^(UOJFVdIBSpnUs>Mo?WHi7#YSToebsYHj}>9bWLwH zpt7lOdBDX2JjZAmX#6aunp-=?Qu8QTEH`9%lDp}>{b8|hB!LB4c}L`3>}zEaz&v8M zRVqoW!)LjLmR9%+DAZ8Sm+uY)P?Tk`mB-&rDp%HvcLg;UwWfH*M{?=_v>z^#{USxd zZf{pv#S)b_I6$Q`7|m1j#kK9Jd%`8vwiSL(X{BM(CxUSQC7DWRx+R|;){(*mp^A-v zF@kCPXKAnk=PTWl)ySZTVU>xd0iw56ym%^MXfiWu>WGl=l4waRUu#5XOufG zaXIQ+vdl#@j@nIV=6@~!xsb>9W;+O0=;sn`StX^Hw8%%Rm_+F#X(kkHJ6|*XtsVLz z_fBuE7dXY!%)RE2riGqvU-YU^^h@TRb0_i#k(}6Yc)&r^Wizw7&$mdUWq%5vB^svP zssCy!B??L#w@g1jW8l-8DT-=Yfcd=Y`5+>M1 zA;|xOwP0uvZTGUbx@AE9Ly~Mai`)s(9_Y%Xn!l5)S4R=3eY2a);^Wen$dMIbvwmoY zWtv-})XPy&eppzb?JM-k(He>Ia8Jq8vu}@%%$Mr~@C1$3x97_UnzHG%pyozJ%&VcN z-tLt+-p!oL&lESlw6lJ@>iEy_%M2Ta59U+MLfebOmb>#z2PV0s66og7mB)YSLzQ?N zUnW@=ehxkCbz2$uxqLsHoG`HX`Asa$wy;?1omYcz@aS z(BI%4)F=IeO%LKOso{oMv{AWyVp6i<$c>0NR7S|0Jb~A3Tdo@rEgB_xvr0JXa>@sx zp{0Tx89vZ%GCXGXw9uYtnz0SFP7-^p9V!AwRA18jTJvr=XMSS;A?VH+9gYCv}QO_LB8ld;e07BvRMPYwP@OJv^Nj>QK`^ zx3pjVv&77et0%r^JvZJfsQUbsLY1sV`5?EnaeXb*xwu5akaJd)OdZ4tHM32pRUkkC z=8<5gE)&*jfjsk>{a1RBrywr~-bAhMX>M%Dn-Jt0=b2WC(Nj3z*ah<}4W6D)(7qXEI4DK6zuKQ>bUkSNM)&?|u|;`fLg>^I&2?35TgImv zYKv!fe%2Pg_0iS6l_04Xz3DpDbB_pBz9!f7b-llFD*x&@6&LVS$wJi3`=Xj&i;oRd z!Y0Q~P^1XD!`+<5+@U&|+Zk3|oqP!ch2y$A?(0UvKe}}KHR2D4Dz>->FE6yN>8hqY zn2aN@W$))WyEkolk0MWchf&z&B~h@)W_h%+AqZnQeZGGkhW2! z0E~GHaNAnyd_@!pqpPxQ8bv$N)FIh|4vDmFk4i{*LZPs>TJirq&nZxXB?8xER%)0{D)}IS02-Nw@yUe1+ytm=tRB#8TECe{k_$fB%4to zqQJGD+a(2D($0xQCEGnFd|>(U*F$}_`|!_(%xC@sfpTIH63mEE;kWCT1j{k&RDe)z zlt`i0CtQcenc(g%s3$I+TS(%YG-!yV0{3;Kf+uWpls4{3z@8HEYV7nk$a(DrYYbaR z1lAZdNK}6mz$=Q4TO0t+5xnfnDIr7OIdCzLFfdL|xM9kp5GDtrJc+^i)D$unpxT34 zlGWNe_FiZm_wz%K#m<%t6>IK8@R&3UW}KFE>Dvb)ubY*BgBFv<9~Y-gb~dZUU0<>C zfCX?~Bj@wf2^rTBqI`$Ao4p)KMHzB0&qE83pVWTR&rruhiEHFm$4o2&=EiiMTKP!p zt>5}0H}h3FjJ2b9aI5R$a?8Q*qagjJFmb~o!JI*!q=5g zLdzE++eyP7?~ijnG^UW(v4_t2Um*2npdvi}Ef5TFuH|t&<)x9ZY1{A=(94R(3reT^ zu~wCX@#Nc)fcy}^*Fa;CqdgpF?Z>{$sbR$o@IF01;LmfeEda3eH=cLQ9>WJ z%YE8kw=%uuqv53slhV_=1(mqroiN@$U&VW2w85sT4%o4;z^30QJ(?3HQt`T1Y7K5J zr?hc|Ww_ZzLeDFxc{DiZ2E8Ar%8A7+M^eo~7ilytUOX^ejJ5_`oKYK-%h&CV?18sJ z%B!e-pPg-%#Ru)1$J`v+&zJx(uivTqL_%ATocM@ekQdirzqsS977dT1WwEic$5SIN z4k5NwdfWjw`f>+w?^q1=r4a;Z4<1yH9fRsIY>8;Fh!>7>IL^|rbobVOg{gBLz_Q; z!a7nav`?3hRrk4n%+RARk6(UJ$k|bRO{cYMqBFw+jREFr?Nb!Lnn%%iGoTbZ1~(KEKNOt} zJ6qY-8*?1mtNB_L-~245@@g~ZArs$v>&#GiHRvr9X!h7=e5WU{UCcn83NGsjohnm1 z8JM;#Gjcnkho(VE_kHlIm%l@nBoMN66ljxLLy@ZDOr38>fLl-QmtH`0PL71g>i0vQ znfVvtCJd&=uGHu>A6?^}1mi<(3ViwV18oqkxX#P zm=FljZskrpSC_~as%T8Zv{ls^q02y1#5HC=(OwgEEi#P|#whKd`Iymb88V&=yPzrN z(kO=6kIQpc=_-vw+e4wn0m=OGcWZpc=si`T6%QZbV8K4Y07qak$Ic&mW{69vbMyr5 zer){B9z@;b=Wz~gyv@neU}qVh>v8zmUXVSNGxD_YQ9==UF!bN-(FqWnSRRF~^aySS_uAMOe2o(5YW>sVDl(`xrvOPtx%Xw1j$Ta98HrmBUy zzGuthZ^M>?gKvzqYNxqBCJaQ=bbnNRcwGOOOW_NjbnU7`&v>Hn-f@MIDm^&X?R66a zdsmlMMyPx5%sM=Rx;^U4u+t(c7sN5Kr*Se^{sy!^uGu`ee=h)4k`AY=Jte0hb&V-QbN2>@P33}FdB%(A$=IC zHTF*yML3ODa-W5U4tr5hIFR#ZLL-bZ?z*?Oz&(LFVSGtdHz5{Xjoon11pCTr z#gDtmmL^Ao?gCL@k9@yQlW0G|``Vs0=yTcaH{Ny%Qnxv3QQI5fD%$*z4h93JWNs<; zSXN7lj4stlo2bje>p5+GRrwCb$kuPHcggo|;25|2 zI(p?{;r&;*c(p;E(o40Bspl&}=bmd*<}k(D?`NQ6_^UgNM%WV6HBt;|Ez}5Ojd)Iw zeU1qZ8qVFr0z@|7<(hWXqR0hOX=?kgP%(`*MHt8> zh6$TE#F{?s$zQCGqK;Um)e|9`QD0x?J)xV7=G;5rCoeBRUC0DsS}n(TB3V{|(i!oo zSGmR=wN-%4Hp;k7#hrT$#iv|~UMk=6saZ^obFX>|nc>se{=tu8AZb+96iHk61oZIy z<709D&!KzpDbo)KMk4UaxBeXvUeZ4<2ZQwB z!_R${Q2)60U8n}kLDCmmyQO?CQ6@skz(=xUg-`A_pi87-thil>i9{H4fY`dB!@a4E znUa{6ye#%wPp9&w&X1%w9H8(f-wPr}D?RgibzBqYgyWJ|KoX$}3>+Q|ZeIPx17=vx+-AqT2_(lFf=iO3oFnOQq5XjKf(&XeeABJ=QR3dqxry;b zq3!_mhAt;TnfcIVEa|-80XpkPqLw>b%OLSh$&Z|fOx}A-Po!N;o3cE<_ma@uWs~;z znKDsal~nsspyNPCs9r@M%qUVCk=K`*ayYj)aXG&5^(E1e^BSgRy}35~E9M3_rK@gE zB_cbo*P&#qkJdW>#2p0^=~eF zuAF#+_d@^NOJJVIM69HTq#(~A_3S4$<3tbHAfF|iKikifL}QS}FRS?S5>#C|oz{CK z%`ZI-KBf67c^W^&I<_BDWHo}RrstsVHYkmR*FAk;k4=JaKb3Al82DkkYvid-Vh(i0 z`-IX94H3NDQ5wk#cQpZ&9I^OCHC?KsZT~b<=KG|T*>W$u6-4uu&X#{eU57P20u@_6 z8uqU*vGwXroz#iB<7n2ty#`4Im4}B<++-eb_Nn35@Ni2ZGM(u`#*dzCdr}^I@$5aB zEv8GOXA`51k#$o5jsWSa$I>yV+ih=`;#_YrpBoC;=M!uV@h1{=X54NvJIE6FhR-3l zCcQx+Bc6uokZ*>A8|cdq63V>63^&6r4!Vt=KqWGDcg|f(&60au{+>BTTCWruDJIzm z^~+kxI~n&0wAHPzT?enhd5dg*_)>8u;Dm!naoiuWB^q)nAqm$4d6(A)(%8&Pt(Rxw zf!fRQC71rezS}X5a(m^n9|9x6W;c9b61m$KH0F*l$e)_mdc)E}E?k$CS@wK5xSDFN zHK$?nC7Fv;nYW)*S=o^3-Zm6^VtUA z%bE3><>wkiJ5_}#6ulNbJ2iT?H-SrtO(o}Z=S_B9x-@xrSahz3^Tb%oGNjA9L>&gB zxcu&hE|RmI!#YEUa5rU&&zDuuOI?HP7r{`QT^3{zcawSYfV2ohNQ;cikmo|MC2&1J zW<2h5xayw;?N_>fhd!-1pnZmrvLbVj@u_#|))hyt-kA||>m$fMA!MJU6CnC!`s0d* zsuIhgZ_Ch~TR{_^HkONcbCuREh~^UL8?|Eyfq6ENIZ-yZBPqim#^&jGysDY)7e!=Y z@XPAO_Q8-*vl+MLr0i%yZ-;)TQ6=#@gHVyxulM^UKR_RKUNb`%pDMMKnU@h3_7N{Y zHS9e=lm$)p`E?eABar>ovl*nF1s#2pl7Z86QMW0I`j{CmhcA2|pb6_C-x-j(YINXI zINzUW$xb|B{h5KOQKK8C%n9S%sk-Ce&C*R6xW2|&P5YBCT?%mTln32#?lF_$o%7n$ zU2%@#aXrH7Vdg-7Rq9Aeq3c~6?73b1x~bY(5=7%cZ2aaHS~t5m zoRaW+2j))G6jcXX4@=OpkLn(W7WJN2I4 zQrEj16qc#pn>XDo-5}-SH{ht4;SxZ*+>?^=MR0qGhEJgF^fzOP;1tH7eoKfkt3tsl*N=EH4W~6d6vEyp<|2rORIA|V)=Xkd9+b9@@}l_n32Ue7 zP|hDGLX&)oE=iYc&P#ne}q>VLqV9kF{Fg9-_U_0nI z62OT7f+cMeb=@fm~sX(*wTjjE%6 z7Ki~%t=&WsUi{9FeK#oX@{-KD2fUPg4=|q&4!s{>dBcwg!gV@NjQ-UjRm$CX%$Ve@ z#@+hk=%(p`W(6{1Y@2~D@h`$Q_Q~b4*gDRSV^%j%Y8KS_GFSo7nn6hfsF4a${;-)$%?ZtlY z@AQ6hpl8!0$b3x9N$QPJJgRj+_gr~nyc@|Q zopQcO-&V1N3*`8WKA3f9IzZzA$78Tjc^GBZ{Ginm4W5O%$dk{^9}hLh-n`=Fj@HHa z5YVrYcQ{^*5sa1Mr#S_4lpM&6Ip&r+#z2c}HCa;0P3nvd$I=3bBNMg6kwUXb#=F{V z%0Q3&!&nh6V*2uoYoJHSsg#%i`V-ncm|jEyQBMpju9aEW#1&rv7QfL5HSEnxb1}NO zbCX`)2v5X@@MmG`$vRiGRy=?=;{6^4Q|pgeA06Oe^0JQLA9;Y44=5Ou>Ss(J+w}3= zdT+^f&TZPq&{;`I)~=p2eJg(=w&pzA(>G>7`K(dhi2DHGoz&@7?v3MU!qEZjG5wDw z99_n)9N-7e1(gc5585&g_a%cn`~LxvRLL;=qr#WZ zYPe#UM}h@`+l6h%?+Oj^P2UvmjqfZ8G0Otx95e%DBL}1hJ^w(;lyLfKa-1<6W3B zOou8y{|grnUz2@91mkkgy~G@q&2P|;PQ5cGjeG;_mJxx;rDK=9m|{8j(Xvx*M|n`0DaD~bc%#0CO?mo=?k0S_;3!1Q zto@IVJVk!x`)h4--GGL#Wz!|ZqT!VR7FByrjWF*z%tum^j16N#eX9~`5P;GFPoVoH zOs#4?GF$%%n$@1{y)j;fX(CyiGNj$b0{mWTP^hOy7OjA#*4rDO&m;{do%xG+u|aqu zmy~aXEngSpU-!YBB{;A0zF9Xs9zx6bj8mnp)+5!9=sMvc(AtkL5w7UVVoVzk_q2_gNY3X#BgeYA$Mmy>1=)A zK#8uBjB^Dg9rii`u_~G9+jL)18FO5x5I&fL!di%co^-eaGv_t(iUhc))~M+0=;eJ8 zR`O_^O1I5j;`FSMx=CO!T~eSS0-yy)0}WfNJ&!O3?ZJJ~T*`4C%SIPLK|RB8`9D5c z>Zbe)gO8!bjkdbk!6BEWb}rbH&ror{+k(ZL#z3b(84J+v^j}Zl5BXQs;VExytUCcZ zwZTFnK}}yWH*PqL>LBl3ru)a^5RGSdx<8V>{g^zjwJEI2h{N!V!!T6$d>q-^FT>5} zDpd?3#f^S?=hWrJ@&T(vT~16hl`tSxC3pxHa5o)bHua8 z7Qcz2Yw_2_lz&^bp}%)|AKA0Zq^HiqXJjX18_8Z=t2=YO)JFN15UURmu!i6*cg>s2 zm_N5bnNs@F|2d5Eb|r5D4~0KUEJ@iq^(>blmivAk$OC*wx!c!Hvff9Bz(*=SXo`=k zaL6z;=Muj3$ym=WYV?E637$f23F(;xJfyQ~e7{%NPAYFOAz1MEuhWBnxE&4c;-QiY z^JA8*@~K%3bDYqPkxu>lfZ>riirHxM_SaRw$$+%LYtJXkqW1~f$0MB(c_Pza5l)q* zqz1TFzR*)h!SyjK$0aybA4yU!SRWUhD%bUw@_#Tjee)CzKHI4L3 zlv@Au*gZ>Ufv!XrhIoh#ugPKDq}Z8HUYCN4rLsmMa}h4q#Tt@>@bd@B4B_5*WY4@`Fp!}$JOgJKdP}NS1FnnPK~{7}B@eyjMz`vp&hV@72>qjx z0CD%!xzNZzsePIN&h92(+5_~*{kRhmMHnq(xS96&UXplZB&ygm?SW18wDa--cSYCf zn@^uayK=^zkQQaWedHGpVBZ%TfJ=%FPO6HO$qjMwZ>a&-iwEfEU)6F3yQi11Cnd4V zfzhz1MeCEVFT{7FAsCd=v*4&JNW ztEq5mZG+W5H2`n0ST9;#nX7*I=MM40VT+yh4eHoe=fSJ(-7oXI!yZSPyzq~b%VUnp z_`QSG%0B{b0XB|11Ke_BJcknA$H*Mp$QW`I=g(bgnZhoEBH11}_Qdt__}e+kSVz*UGv0ANuP}=pS0vI5Xpuhtd1b+`zc8aHf3Wxei;4Yv)nA0bKdd z+i2!6B1Y$eNx|LT>^zt8>CbEMED95)z!b$6rmnINMDOmdF!$i>PKS~)AR?4D<4*K8 zd+$G^2E0E+kXQHv-eM!{a1?#Eh&xfgD3MOzoa;H7Wn#4eUx?L&jh4)t<^D|}e3G}P zIQq{9%7&!IjloRhzc(b!`c*XQ#6|S#(+A&LAn7P^7W7R}c-6V<7@V``q9`sQegKv5 z?dC~(T-nf^16bNA;&^PE1b2S@@wQjOllq$p_IM@1o3bxq$$c4A zSw*T!+ZhnKPj9x}xk7M;{>q!SyYS(&NKj>J*YPfw5(F+|St#e+*Cvm&dFnq_jf1Ov zNLoa%b^L{L;?3DV4vq25S5ftQl1Gjr-XjF{MI>YBSq5*Rh}NnzVT<+T$+uxfpGkwI zAZ_vOAg=l$N4Ad?{B-cg_0zG9i!6gm|FG(?gR27q3Y?vP>e1L}&l%OFNVO|ydrkyz zEu6kf<@AHXnjGl!3&TG{AI5k+6jt^57AC5O$Eu7CWRbG1GwV}$T<4g)K~*#^&Y!}K zp2`afB_2YSQnU{yFb+Xm;dFQC8$<(nLUJgvI0g-{KTa6HEFFBvF55sInK@VHA#W^o ze*aDZ$fyw2stWAd?LeamT~8m+hGP^n80<*|3(1rOv6i6%Cdx>mvkS>Iwupj)C+IgO zKyB~t<~J?9UhKOY_f3YspUk{??MJe5RwFZ?%rqe1hdvRzzpJVd(n|l+Y$&CG8{T~s zeOdms=ep8er8J`;Fp{n&8Ku4k+5EcIh!Z}%CX0!ZWIK&}l0+ng4+kAX&e_;Tm~Ci^ z)&_SAyQ6q^OQ4crM;jkTj@E3oB{{QNph zAkvt8k21k~xyZp4+?vuZxJj9bm_2{&nS}BQ#`I<3`b0`OgqJ0_ zcA)=P8H_^BFtTP0-~R`xV~K&%OAK{iuECYu2G-lED3lVH5u^Eh_n-M?&^)hI?fu)o zj|GVH46IRt)0eP1n1c&v$xJtB|G8Tr$6xv8rVfFu7$Wk=9%3LE5%veX7V$(v#=l>N zS@9%iBr#EE&qjQ~%I4o22ay8tPf|9BTv|ecLdL`DJ`1FOsSk^-etoC)>E3>ak65c> zcMV%dW~0-^3-WHl_7){EZa)?B(sF%)$C-?$#~*m&wm#ueWdxd6F~v6e`43d!F_FVr zAOA1UI=U1t+p%;&bSdpcbs=RiU9@B3_Bd^o2Qe|4YB%wexS>D{Y5! zo+7~wgqxnX{~y@60e0Nb*M}7hOCTJbWz&&hMb98E!w}#?0)tq5^%HSfZ7_?fdL!gW z%b#DRrGiSj-U*R^e03vwb);w}_SL$`w7T%`npUB*U-?Vc8f-&W-9Q4phrSCbJ~eD& zncCJN>d?IDoDB)3iWVHkr2y?ce_tyAG2%&_<;ZlpdFuNaJ%20>5!v3o0k&JlLo^IJ6I&b{s%S#} z22TBkF?GrrVEDJTDunRi3vdNqNcno=<2AjJ!P4C9;9G993F?Sl^2hRcU9i#J9P|}` zlh)>3OAhs+PItg!XFjA>=x8MX?vT*0HIPIwGH+L8^2$EF*>&ePv*O_HMV8V&M4kUd zOX(muDD(wT^kWJ29g5=jH3OvVdUP)kuv?zB^3bsSv`-sypHZpiP_;e;$-gOGwm=d} zC9P%>LBpUvX#H?;GYrbW_l7e+jH=uEYk6RNgA6`|{{Jt@;8^WeS|rZAl=f||WhiRg z|4YM>o#Zfl>__w>Q`s8otA;vP`m&R>v!3axNDSdx(P_do@u+lb01iysiUl5lg?-vw z>mbRrvIdlf_H_Y{x%E<@j(0k@=X5~?T;ys7sVc8+QHQY&6L8w zZ^oI+^nBr!`ZY*nDyH0i2&rL~$s9+k4v`VC?Qn3v<5%df!e|d~DCl9UkK$&o2)sGk z5OJGVt}3Bsb*^dKdfx2xZ>o7&9deZ8pC$~AK|In!B0tz8&#Nzq+=o}Jp^Rjsk_+~e;mPlFHtF&x+3E?c zMTP)GElOc-9H_LpDh`iZ5Vx_s20vt9Znm#%cGBxDhR!$f{#`v4d-Th z;NK-u3@-4wW!bl{wl!-DKa4^rNA2GkUT5fRVfK{p5+tOuEyG+Y6{ zR4SoD5^kOd7y=>-Oz^f}Jmh7Lx1T6*&by|IgG!F3jicMY2x`XZIb^-MIGj3@6}7iM z*g@%*eOEht9_rWdf|{v1?1arOQECxUBGps~5K%V8ah4j)={a&eeI$jwOBrzwK1#cQ zR=g_}G2C!i-24v6DZ_|DuqZk(<<~Oc>+2wgwXGY%d55MocT~!C#q;kelF~PGdtE61 z_954VpBGJGqX&bxTjHJC@8x6aKmg?unmVHYQ$F!r=cBL>)Mt#<=8DrL$W;YNt!j~t zJUR>T=mxpWiv;l<*=#<)pah}6h!^T{d$m9 zGxi2zQgu11w!;wDs32t&fgjdoi*3}6#tiMA3VzPHSnaG|@|9j0UQ?4Gq4n$i(8>y= zBFitY6bEcq+%!=Broa5;Yf51FWhEV<{7uc+GaxJ;Ur($=1T5VGb0zKHjRY+!z)y=Wn0LT? zcLNUS;PGu4!0J9$`vWn8S2{SW>6Hy35x^;ZTucLv;Ak|ymAMQbX@KT0lKyywneA(V zw8(`rjQNNdUig@62yMX1RP?BcYJ4p+mi3+o6ilmh1-}E-IfqoH+!3Ti!V5;q;k(@ z;rV9;a9f;kA3$vD7x9~ufd)!WL~wn)bb)=CBB;G~Z_8t(Pk!4-_3FizzZ7A%2cenB}(y~6F;&P9UK_Njoz%9z4PEdtvFm@cSvor)@ckS~a z6gu!#&c(Wy@`IB&|Gq*oN}C5kO2&3X~L z(x*ZnpSB<D+7`f2s~r!wmLS zm6d+?jj5p@5f+DGZlPh?&)&i@;_a`*WxmYOlp3pL$9&}6=L3g8wH_MWns&I#_kF2T zQF$`JLTE(Des*O!q`Pj4G0IY$+DSjG}~ycWL-EX~b!rHr<0UFj!Z-a6ULA zm6|+e)|=V;q1fUpJ>OueU)wCqHx_ptyF_>J>T#mo!RV=`VLD`mazkxrA6BV)~`D@cpiU zOv!u~5rpon3dmuV{d}&=AcL~yUhT_)$ZpPQ6RawI1c@X!%>Oiz*7+F7e)s`S6442GTn zMEr|u_vx{RQ2~M6M;C~0N5Yv8-!#4ucT^rDaoXrOI?k?ePaz#mNOXX)1IY&@lV5;4 z{36SU^)CS!M`4()%~chy(Dp56vnIwHu*m$b^MNsasoK`>oE|E!X;zMZ3LS$81feB}_xp z?=;yiY*^*OffHnR3FmZc^NW|#IwV8p7M3zRM1eOpuG2O#G=O)d zgj*`7$gDX4qewe4sue^7MCL!ED8&QBM?+ABoGM%GSF-ZZWA))ssLsYtqTQ-J`mT1yJfl z62b{%UOfAN{no~LzOPk+F>Cb(K1F~F?9t35n1|q?rCk%q8@hp&;uXb(N(E*#HP|9= zG|x2DFVVJmrD%p|aA$j^9NH|aRG!dzs#9I172}Q%mgLpwv=_hC8HYLWSydFy0pRb{)lQg_K}I29IHLwJGgD%@o44kRnc=I(^df~)FXElMo6P)y_3f+pf9ju`8Nj;z_arqC56Vr zy*5pvF^J>iL!rHUcXBa=rB;h6*r9y==@ZH8v1p*erM54ny0Dmhh~?-_d`><1lAW~c0>w+nNq6+hP+9W z_YaI6U9t2NbZ6p|uJUPfbgMVxQG+&Pj|#%XJ=_JL8v~>Ze$rudLT{IUqimJ|9}0WQ zW3Nz}T>8Ul;Fs6~z%IluOnonben0-Wso^yEV5bc_dq8G!xZ~LAZwiv&c(H<(`4v+7 z=Lob{-@Xrq$hXQgvi=}v`qED(aAdtAkW$BHIJSVBkE^PUS|{%AW*E1DEV+tEB|D!` zv~}&-2-(wW+4?dasT6XAeho%*mrEUQenXn5LDn$xeO^~AmE7CSNds{jY$QKl3a>_q-4D# zBRQeox51xO$G3zoVs(2_ZigolhB0(lR0fjmj0J4JUEk;;p^9Kf;^4OUeL1zCZ$dPv zi$S~J_J1A7D=iV@*s5PY*E_JB*DxKBXj&D>mH31qyn27BqtI~aDQ6<;qa!s>+bSs| zsC2T2U>xeVWG8O-yCXXFs;1XmKONGT^_)5u^So=7I^x>Scg^iLDx=V1r(ARUyQY%= z%Q+}#1+QJj#Z=#q==uGGcGi(6%=Xc?t&&4m*qv|iHbKJ|_3!6?c$k2b8{Sn<8KJ}e zVeGXr@!@c>14MyVO;r-TT@?ile7(0us@hHtt~EL+`Da1KV?iIjkkfh_C@?g*JvErD zKe)OEV(u32jVjSu;+!DUr@4HPg4Ku|P5@KHcWm1Gj&!f($QIj??ku=R2bT%BjQG(~g=c zX0?J@iTPqxLiwjr7($vVtJ;^9$r*i+k_LB#AP|kxPLcTN=&ZeI+RY)@!p7%?w8qfA zLu~jn9y=Q;OrN^WzyHq6_oZmsF5?iAt>vKDa>nyL=ALMJqc9FdrV%^e9%QsdxQp|x zRqp@Xm5RFF$@Fjt8itE5wJW43P#=g{bz>c%+u>J{Bfn&NCo);vy7`WPqTd`(C4?Sm z*bX$rbH41#q1+MUJ8Hh>JI#3;rIE{#jbO1p^~sf#hRI`Q#htxyt-)fzwxPnOrpayE zremhkr_z!7+gDPVyWF~gJ~aqdk90U;lT)J&pUL&&?=Mx$kZP{wi~b=9agNaHE-k8v zTg>jmOLL2IkWk-Dl*_j<37!1XYr1Pf79RvZsk2^{AI_l`%%TMxaHFMqz0k4k!Va)P0;!T|IQ_&%EmHvzV5;P{^QOTE^#(E!&R@x2L%^z`Qqs~14CebH1S6%33L+#-q-(BlhY(P8aWGwiCZn@aFGJok-nVKrIa*G zaSbr->HXQrE=$UYeVPm5og(xVj`#FM6m9C-F6!JL)!eMqG_^1L23q7!RJ*{cG^ksd z@VQ%`4MpZi)pg2^;549yQz_9{cG;IGwh0tDze%W{iE@tN4Lg+|6>@5ImuTlnhyn|C zF1hWWGYO5vc`5Z*@Rk~)q@AIS{^&@ay#oM*rM34y|NZIgjxr@Bv;Co(mXLvjU85xGzP4CY7fsTf@5fih8qoNrq25N&}p<~mi53)^jX_$7l26se}gXQ9B zW!mb;EXHRPss=S-cK5zXY0SSkH>&D>*T&2=ITA*a_l;VWSO^ZzRnyVYZjD_v2{rv5 z!(ntdS(~e&@X;SD(9Wku(B_9X%(l)pp4=Gq*dCn)Va;>gb@o#Pn}37l98b05@USh& z^n|YZ_x4jgvzj|gnh{lxWK1nwdV7<7YPupP=%QhIlDL)|j9}7UO(|JVF`n-7JSOe{5#^3% zs?Oq_?Tv@Xq&Ym}SS?&OLc8)_W~F+L?fut##_3&m1eMFb#g20{a?V|D0O81|P^Di1 z^UMuvDeuOO++vol5=eM5H($pdV^#i5bfu4!cB8A>Tqw!v-D=kuW#@N%LX?a22J&kXFTzLJXcZ8L=>1g&fVw&t+yV49VZ$wk9H(dxY0k8UI;D4 zG8(9v2A9$u6p7+m#Q2h{now#|7ObM=aqGK#X9S|J*w`~e98uVWdpEGNejWlAG1(SV zaJA0d2J8-hz7iibL;>Thc&>Yae*5Q4+^(#yZZppzd%2@2MRRK+*@!Lr!)i{VDC=?Ou~&*V z-yv(AJh%fYPc2G-lIE}nTnI&-iv6FuyeViV@-|(^r8E!D;nj4tFZ&sYoa%G_nKpz( zZ3p360)J7G@c=R|NRV-q{K^s~o!VlyZC9Hgijmp(SyfNOmvzO1dF!5O?Ct0OBGYRD z9QO1oUzw;(f<Rh2#jpCRjwj8tBNR)b9rn9WKWtg zt$!j%6{*-rA;hFo`#GpG{Fk8%Z3>|SxRJHXMKf*|j-M~lw!Q~lp+*&x`TnZ=ih~D# z#gEQ0(v`ZeWbMAdb;m2*T!8`)ZWm1`cF;a1`j9!da8}Ogu}_WF_NBKY1-#Psgyy@b zA&eYAYavQtdf-ZKn#H7ZYQ3Mb{zJNaGwHImqJ~K zg@_EDkN&nge5}MV+ho}2VWtx+-&|!?4y$ z3`RGA{PRnA#Y-Mc>E@>>0#NR&F&_5itX*0onqrc zKN*h}7QQ`IcXZ2Ol_-SU}J%0RR*yoi&R+we-}o+l`7IJI;YGF zn-b~3MA>+5kb)v+$Zqjdg|Ly8LFpz^pv^v>>tB45Ii-#^b0`DoQZF9&;OA?CMA*2s zD*jvUJiPxY=z_x-8$eU&tJ7G{GAb9HcpFy+1DrUg?9?^h!2mG!7R6ZV1CwV zk;PZUD7fl|!O!Gmeuds&b3BU1r(0;aTPlj;BX5`sYb$STX=g zfu;wUhM#II03H2Kx8{XRNVQKzl*53N!oqiGB~*qYBM{C};H|8b6H(`gHWe_m>{F3O zvEAGO7$#uO`x2R;6f3|Nv#|$64XcuTIV&XEy6TU~B}W<&W@>Y$n?SFg3SGt%dj;)7 z5*`J9A9eyeD~8VLRzbi!$@s2Yo$9~~>#@71IFcZL_bYdUbxaOHWaNW9-vPuLwt#Q5 zV>K`CgGK##$vJ1w1Q}Tgvy<@A;!ViN>h-V+SwWI-nBXWaJkJGd;*yJ<{mZOVAvcWE zp0DR_f`B==x&lwc#qe$(6F{bM)n~`yF)%qPQ8;nJ`*YVUjoi{A!?QRb((!C2eRu^{ zkGMmg?0X3J5frFF=*?b0Z;s`|L++!46Nw~{!6HVF{)-tbFFxS?vql|n4xxIX^P0sX zY93olif!MHTs?jSvD|uAT80*AxP8o>t=I(ssR6>KGE<^NzaIF))Ka54gqyhA5dEdWn zMExgM_n%zd|0i;F|4D8C_lg|;liL3Ob!z)R*X2LgE2p6X12hL^nBa2K zBqCy+KGt*bccH-?KwU?&`MJGn0N=j+kC6Aj&EpTozw>5wP0MmS7pA?Dsf>9E@648t zh~0HNx{Ob(J9FQyIfHse-4q3vA9xm88e1aI+roMspZ^?q1`%0HAN(*>4I+-b3@8ujgz_Kb ziv@m&B-C({{#|{SV->+M`~|DV%m9vUzyjy*dK3i|qAyr}OzdNKJ33RDY~ir8a_Elg z_pt)ZE*5~g)b+@OXreMY!+9o8eC0985q8fgIY zg@Pahqxdqw>6INd7DPml1|pniC}SYG2$dT9vGm(5^Zor(c-F_pUPFY8jVgkH*_}dc zBK6%+-p)?v{)QmgsCqYk-xyTl4GwS+YvwK{cOL2%*arK2u@z%X#{kTA_}>R}sq;vu zi>-WCd9NyLm-WS;4dKPSsG!&@k~55Ecf)wp2+g;r0gG;VRtPB)*T;AQ`fva`vYz8@ z5PEBE@c#@?%ijZh;6;kGS3E#}BdT0lV7_>$JBtq{ZrR;2{Gl0uNFvHy(HzR7*;{QM z@}pdx=+jbs*y+i{u0g-Yk53DfdafY$~xjaGtNH7L{ndM zyVu~{*Svp%E@E! zBCU9IbhSntzuo>lP}&P<{$D`be+A7?@5p9``wxMD-Srn7%7MtJT!>$ywCsx2hi|qQ z-BHXW4gi^gDspkVv2J`*^->ohVJwFAI+^_7_4;I9|C>NTuwDL0)rb5~am(b*~ecu|G~mj-Nl zp*F;DS8x>osY6VDRAA|)fc*ah|F-|{l}E!gGX5fy!Frf^TSdglde*n$g{lU3qp4}% z`^<26fV^wN+zwPuF+y0~2ghxA1+F|x>i*N%V~0P0q;e5by@xLKzeJJ9|FUwI>zLt3 zZEF(|$m%MHsL#jIZQK!9hsYq5fR%Yfy4gEc?rfD1->HI-=&?NY_Z-Jp0MfHw^n|Tg zKn-%>(6*Uq=+(v~DXQBtCPZ~|@n-ev--7Wt%^pK7=da2$(sbrsag=-*056)0I*LvLW3<2T9iP? z{R7^6iACN$UVEu(P7ouw()SKBk`KDG4IUaqTV7oHndtF#?@)e#2$#t4k$|_`+W@Ib zre@#S{1#XaV~JXt8uS1^&BzKTF}{e8N>8yT;Rh#C8Q*#lorKmsKsF2i`^e_84tqk zHi3zy1SR`e^34Mz1xxXu(!u_Jq0%AUrv@15xb9BQO5y*--kZmBxvuTQD^W@VsSHgb zBxFtzzD=4;C1eVjGi54c`nEJEqR5n~GL#`@NJKOV5mAarA*GZEA;WuIw_&x{v-f`1 zZ#~cN{k-qzv;W#_hx@*->pHJm4ta&}JB5zpJL5R=#_x8}rvuJ+Nv^iO7` zO8vu4bGy=8ETNokeM{!hRUf)agGuO}e9g^iT~)TRTTAUQC9M$p8j`(o3##6RPu zHk}2Z8~XP@x5^c!!B8?rG6L<-65oNMc!4gc9{{Yny=WS-JJrN@2t~$kC0i9G%P-1` zd5!*Tn%h+H@$$D1g0TkCoTSc4a`0k415XYPEYR_Nvigole(NK#IiwL!Nj40QVo(;m zs9y*tXc9>CE(qSiLK;zlulRKF%io9g$9<-pD6ZX5HJAlxH0AthV?5vAGYdh?;ik!kRLi9moXFeZlrV`h(sAlMJ9)RKJ{CzNd z9zYfpRfVR!p;OR6<&m$>CO;Yvv7kd|uiJ+^Zx)OI7ky1F*guwlgi;Of9I6rU6Wmsu zSh8vEx_G(c-Aj^UxMO}seej(+XRUFKOsD7Q&j&G{9c%O|A8~0tFgqRl zYQ=ycfgtAg)_!}iY(zZ&?dVYK_6HPbZH;XMXN>#(882jF7%+o>6`@nte8lndDyo*fo>1ur#jS$51>@N%B!Pg+1wQEw3(Tfm2*gUK%jfM>HU^v zKW@MKU5Wuhp@$xmI)>!s6CcaClm{#ls#LSoUt*EC=WNYR6wyDas>4J1D9L$og+pP> z*&Fs>>Pbb6v^GDRZBLqH{rBP*fT5m%tnu8?f?~5JJSP9sCR0fcw6u)%h|o{KlUZ~> zH(*>H(TtUGpDRv1c|(%_EEm-3!sg_cZq7llk8a zLL+oi2+nF1&S+HxD^-D_R(%>z*DOCBj%WSSwKb-xS%;=)jd^}6cNZ0&+-;^Odcc=B zlc%h&W*`p8=(d)@M{H9?93aZqy!`DbPtF)4haq9)c=_@p`9$jSy5lOB%llj=t{HJ~ zRo^#EZksqew$0-5dp)voC0l6TPxv*P7l%QMIhJ0Ob%z@~u8nok(4?EB{_Xfox794F zsph24!-it`xy{U!Z%JOpvmH<0p14H=&$1$c*5`);W1oP3U>=!TKSo^;BJ{RtlaN%p zwu~Hp|4OFxZWC;r$&73QfM0|#Gr^kogF!(vDkISG+%G~+ybxpWC_<2ISw>Hf$;#1Y4E%0&FJ}R*0iN>B2DP?s=mAj7W{o%Z5eqd zBCFty3m?*qodIfC@(;a^6M_#=0~#0sOC)Y#@{5!Qgl6F>TH(~w5LNStClt+=eZ%?n z^=%0<D~R~%h#ybXI88MRm@@XIg}n!7I>@BSh8|9`Wi?9@~Q)2Mc9sSQjrur zwqpbKW;x4#{4OmQdy|`+o#BP!8E8{$#fnNm%uqVs5<@MKGmHj95=%^=D|&KC8$`oR zCv(z1T)g1CJ5ft<=Jfu`!B^tB#v?jPrGKmdHpqVY`9}H@0J(cW7|4 z0YlL&hOXBfPDSlJ+1=vZt=DH26e$XmqK}MUe^xjUHiHz4(pPJ9t)5-}WC?a+61rSe z3t!ymuS_ClYNa1DA=Tbb?`9K`H-H&vXwa*(A|Wk^otSWxOad>?lcNm6QIeAG+aoy2 zH0sa)j8BPUL{lu6&l=lT8ZxTI(<1MsH{P*OJyjv|ZX|f+&b{d}A;PRbz68j=dDYGk zCaPcC?j^t{o>~-Dm-zs`DOX!%tdY$2)dsh33^uvtwW231xrRSld|hhBA3f{;hYj`r zlGKDgk8yvn?$AR`0n?gR0HyBNXWOL2zM^sY*j3TE(ia&R-LFr(w4M&)^xO40hF;Cq zUUPl=AKVEqTg-T3A*b|4B7amD^zUXvegQy=miBu_@}EpxGa=W+2Zr64PHxQql$?N# zQ+o59NVGni4b_1}zgOxedjI+Ll`k=b?enmv_!3g|3133z zZ`v}m|A)qDm6R<38c^}f60@~Jk<-vtOe3s%xWrQA5;G1hYwe>JkR=R8q;aIln2uDT zZ)h+BsWW>wFPG<)Z_q;2?bI?7UR8j4xm8-SdnHQQA|}gA8`eD(kmbUpsHd zyeN2VPY?|fx2J&mp1R4 zU^++cdGdNk+Ot6Kv8u;9^94K*_cyom^xfQjshgw6i1$ncnj)wh+w+LW#`Jcir{ z?GV(~AtCmIb75^1wq@{>M3z4iS)5&}lZh;>fiA%ehkMOX|6`>&!rG};=6(D-Lw!k8 zS$V8d;f1c*JH};!GR3=*&JyMiuBDVFI}=D==>G$fm+cHWm>%d_)|&1!{Q2B!8+2kV zk6DdzwAJU%+Dzuqh(`S1>NzEANtn@qUNwMaFqB9+BMS)JJr(Dlgo-XIb^Db-=qRln z_VhxG$!F3Otps~|q^&XeGn}hbhxcVMAmUQkdHX$fHO>@`RHg@O*sd;ro102+okvc_ zN(5M^L}$Kn+f40Y2FEGYU;wSYRDsPRm>);%P;tJllbL1QSW-rOC-hU^^EDK$qzgZA zOZ;{*25^AdBG)D>Uo!n z&;-1YTzt~ytIQ{&o3VmmGfmJu74Y>i`>!83xC%iZ2`jLGmHGh6$`@+O=EElfU6ICB zTr{iwqJ#*`4*)v96&pDj1wc$-M=8@u;L@b&hjeZ-20shcfSc3cwDUIN4jZNdG=iQm zJlrVL0TXEgA13>&BgIcJ`PCp~0DsIhvWtI7MKj0jyh!cupSu{yeeIt23cA^~8d)%d z0uR^TOicMbz(#dK!#C(fZ){8Hc?3L9ZRnRLGls+=*@(mEAE)IhDna$-+%E2`8gO8b z3)E(u;LxC*kd-Du5wi+t3|=kyx1Dw5LzKnddbWI24VWmnP}gbY+n=G{{|Aa>u9GLV zQoRM=J`|3%u}_{Ky@SciVVnqa;vZ?38SXmpM{=5w{9KU+${iYB_Fw5Z(WNWu=3Rsg z|CxiSDgiC}JMEnD2XQ{oAfrz9RPaN6Bu*sU?`UU$)H5g1iC2)dePZdqtJPF?0YB#n z3PhBoetomtQtVZWqpZy|IQ!GK&m&YRl8BNd)ncm7fNpBxMLiaBvF70=^Q>7Z)}jd! zIKSXqfkfSNW~vY~CQ$TpCamVO{*9gnFMG|jznN4f54a1mx>w`9G7}POhgH0| zb)$>;k;aR$S8JbFLd){NBG zPT(*$t<51nqlrRoEet*bzM8kW9U-sH@ZOKnpy{|1qA&jIIxJQ|a{X@`{6bXu8@(QH zd6DR}ocyBM3WQxDBA3o0^WM7mm1^Yg2)j0gJ|tn67s4(tXTfeKIM08MKPXWiKVBEC zL`7DXcOw6UP2+LEW|5$pI*`vurbYj4S}#a*I>TMrKAG>ezZgH-Ypfz$)YgmW8qSj- zVwvOW+(w94Pz=h}M7jm(7jhF0<9IuF+u!4YzLVN^o)updbQ7+(W4AAuBqleDK8MlE zq2sr@`Q##upGnW|q91Ad5*sh$Z@`i}s126fgWGU7HZkNC7~mCf?YZ!T-K-jxyGxF7 zGTVZRBa4qb;J-B2kxlWL(zNLNuXI89lti#BTDNW4LtZN$g=Iv=-g$zwhVGHGX*Vu` z?~V1T9r>BYPFnP}N3FaJ(TM8h->)I>^#IjN4}iM=aJpPGz~#udngij-r6qiP%<#3V7f zD`X{xSV_%Tv2WrnCHmN`{O^Ju1I*uFa7d3THI8uLY}sU zX;KKLFci%H=A9B|onwW+nGYV31+n{C7LyuW&{2Ca;Gu=ke?k-q_>?2Sr#y|}BC>d2 zn8}*|sTnmY`ceD~R|I)eywKa9+L7*T6hqG}LC|-iXx-dub`*j`2blsJGI-cp8IF75Lc#GXC4xH*ynljXta_PKJdr262yfJ>h6nd@&Rn#lv;!FZaEdoUBP%_6IKeZQEp9FELa9a=PGE!B`)b1nF58?;5E1DH|fDr?Q&2 z>Ke@YpOo1jX8^N)j+pgkCkY}m6GwA^nDvWg$H~70or785mEkM55N|Oxk+q%!OEO1y z9&vEHLEYJ15nb{GWatG#^?B9AtT#5C`qixG6SF>+tb|#|&K>%X zS^tk&|Dz+B{@)Ry|HrKV$E?G#{{Nv_-}&~e{8#2K%jOT5a-rLsL%OXj3hxr^LjM>; z=cFpGK-$G-oSSbO0`r~nN|zTA3aPFSG)6z@dp`kX!oRw5GsuHioD1C*0(Jjqy4MM{ z4s9;JhHi5`SAg*75Ku}@@xgM5#{g<+moiPh6aNuzfb`#;zl3zvgigBDj$S#Wvfj_XhTc;my* z#EYAN#FX zjA0m5iTR~Jmv}0@jEU;8F-zUv(w7U~ZHu%?b0XI+BNs} zv|lnZ3fw_IR^ALN9@mtsy*R8m1FS9glgS!J0GOjKNv*pS#osc68?=MoX>He}p z4aF%lx?@U$}186nd%2+uZCocu&D+8&`bj$LynuHJ@j? zDbkZz+{C`jBwIhZ%1MU}@^p(9B{}e;a8yD6A&CFZ3#diy{lXNX@XJ{-?m#@BH*dj% zJ>>7=Y#0XhU#^_JM-wlNT!_?`SR8#;)7VH9@!Llg(FnLQ_UMlcFBu6wy!H8ZTI@AV znXxG*6EAM$_~vZ-<4?IQ)^Fd(b6c+StC~LT)w21Nc(lk&7C1!VDYN6X-&12hLeyxn zLWbK_P8}UR*07Wu0NsFTXjn|=7n)`AnY$UzaEPe|D)jC3z;uop%(Ol?tOwRVJ-h4| z)tH}N17?8eVLi)e*J`xPhbaeeYhCM&5czf8Wn|rwS`Q4Ub?al@IV%D*b+GO{?b^H( zqFDFEDyqyX?u&JM{`c#Sp0Qbjy6|%qdNdY>+J0caR2s0Rex+T0SMjmnFGq7pRbujz z2s8J`JRQR?%gy}g;F_8&njBQnCsBG>TRb_ z?w{s5ByhO3p4(atF0N_}W|xor+*%r36C$KpJ@`4j>DjRTFP8=|0HSi9mr>L(pG4yd zUl0x8g_XYp`F|qBOqIn(7azLP@2H~Y`HkVz=;&7+=Z5K?UuD^iku<-ogt1JNbweqs zzgEO5`Rrw1B7exX-s^is=G*wWzy2C?mLRsgZ+!m4i+NQ|$y#EWqWiFDH)r+KQ&{x5 zjS+#A_&G6fHp z`U5Fxz5;hHTT@u2@jD#JgEtH8spH12u3A53IL%!qr&)^~CQU|6M|K-+sopG+}~7U3a$!5{hAEdHpNy4-`@Is7xRBXKjKUKS*qoh_Kp8s3p`*D_3xHdV;g9hmef z3>P@6ELRzAWVs49wu}>7s3`y;+n@(0yb(%4NiqySICt#)1)+<6i6LJ>z9DT|?7vZD zO`}Uq7RC~Abc@VgUZqMOdAEH-nSB{IHK2t2q45@cM;$v^jmB08{#mW;MEjY{Du*;{ z_GZtkq8-p0n~T&A7pD5cLto|vobW!KNVy)Y9w*%t(olcKgJPM&HFY{CjDy`plF=QK6hsS zPowLyRGk6H^qfUV)SNI9X3q76N?-lVbGXBxbLo z2&Cg&;3T&1*uN3};}=R@lxP(-jXI6dHB%BzQ)T3}T4+M1b|vM0Z%e?4x%H}1;>%eo zDG(FQn~`@`A)t0yVAn~);Q7S0Lasd@pXs_uZVc|i7=Xd&uXj)ng6I}3gknh-eoK5; zo}iPMS$Z;A;xloKk`CzY)M1hiy6(hH<#)89S8Zo7yoU!CI_8AZ<=`y2CjT<#uXTA9 z<}9gQ@Mo=f5V-#Qtw=eUz^zx-ZryG$&g@~Kr>buC7F=RqYZ^ZpT@i% z_N2W7IT1`tXty_k5#NjV(j zwJ(c^tn+w&RT_h6y_Stl0{D2X2%KD%(w%;S)rDcAJ6nnao~T7EhDqd>*uQy=*rn2# z(8muZ+}dnn6YO?aFDIW`r4H@9sp9AskKK!++{vn)Q&$4*;eK(hG570W{d(YSrYWp z{T&JIgOwyE&Lya#ymz;8M%at4i784DeVkUT-uNH@9qh@X zzrQDOKE_VKbG7>k#?BA7ZPO;h5x51aW~!{#yM04UJhzzJW(B?UgdO9Pi9&O$2%MBC z`dCDuz*g1dasTV31@jPsYTQ)G-U}~zuY)?trq)1LCu%i#r0~2gNZoj$oTR2-EU21nZO-(TpX1Ox20xaY0i&*}K4b!V7$^j)0~&<=O%&LfbKT(U4|rHHA(F9`G=5 zj}JVU(El_`$mG-U;XGe(X}|n3I5I8*CsmO;MxQ^f5GlR0awA@`Wu+(8^f(_*<^s{L z?!@Ct)q7N)BaX$0ADByGXFfO>%At*ycdmxh<4#v0{P_!rN!&-P`C~C!Sj<=u5Qhs9 zoFE$DN4_1u%Xokv+opGcnu11qtHdx!2=xE68r+WmoXvkEjVG|El@P$rFVyZ^2k7DM zp;fOffvjpLnJEBYR54t~L=R5WlQoade#o?~%gDk|U1^K*@UxE(nvO7hsTJz`WE!Xt zx~AUhih)2j%+LHn<-n!UPx_~QNkathFswkBn>TG&aq&i@Zn?O$0j7JYhX> ziuT|djn?)s+{Iyl_Otem%t|#-!+rK_&9bhkCcME}U}4Wz2mqsNJP8Z!a^Htqcf7i3 z*Ob$IeA&pilQlyF-)k@=p{|Q_*nzP3N9-^EoL;E-qsq+JA|1s2E(7nw4x4|KC@GJS z%KWVf;{x7fOPpD1HQ3YM9<*uBcEXZ)x zuMW~Nmb`zSEz+P)ko=FxgAd4vs6JlotWu9ay++t*pe*arLj8C$1&ZZ@!a!?qJGcSu ze`b{uez^8D2XC7}@b|}n-u#1W{(5@p`*z;j+*7JEpUS0}*6eF?8y)_U1X@GEf)5Iv z+cgtaxDLvFVH67=s@o*$!9R7VGChj$Z zJClHEjH8_4kY1gjTJ;&Df|13Z9XH!SE~=ul&)r&V2S z*3lP*uLV_Vmy6duopwM_d;qIg`~qa0Zb?pXV3C>Nf!@5W#u@v1v$)4YLz*r;7oFO& za0;9^Yb(uX(b*W!i#$Byb-t_gO}9eax7t#P7c{8%M69`Fpo~Fpo#ymcOOYO+PeXV$ zTZH1?9*eEBM1w4iB?WdRRJF>#={nm(9A4)0y>nG=)!qcRb38}>Tc!xR+lDUBwzQKH z0SSZa(R*2gKFyeDPB#pHOw?3YkZE*$yu=#+M~%(a6a0=tS&^idOzLdeEg~x*NARedGJcWnzHLg=!XN+Gk&L7fwUpCK|A1hJ3%XHw@~P`) zj}EPEWbj7Q_x(r6XzHfL`^(+l5Nf}U2#F8Oskdqu%8~&`(T>Gjb@ig|;GRt-}Z95P&s{Z1PVR)OHY4GpyhY3(w+Ox4}VbiYG$_%kf|-XesP_%1!1Vp ztg`LLQpA?supbswu>g?*ge}h1$FT%`KIn)9$&IQy`iGoiXr4MB3x|uC3;R*NWxl z0H15?vpG%A*}q0r3{h}T316Vu_a<;!?`Cvsc?10*`eD8&PhUxeY*SRNzC%Gz!v{rK z?=~rC!B~L_EI@2&aiHA8(qQ4&SGqn-WfBm}|8~EJv|-&*x*xvl_x^}MaHu-`j1^j) zdKOC8^?-TexX(*pMe;0VFQg6=x#U!V*DCw>y;h#iBD1SY-CNJKqkC3Y=pf@=UXj|A zO2YOllC>~t+t-%vrujMRP0=T3ESk{vnDMA}V&MXuyV>rMz%|Jrj9je{jl#sPQ z-55z|4c7#+tF2vL&?b|<-En4HENJ(8z!ZAh;VYZK(DNk43rG4NEK4N%YmwA3PqwTx z8Vy9c<_mJ47)2#5{P>2s@*Ov96;3X8+O{T;lkb>sn1R!F4@_c+K-*3<#uenmV?u%S z_tP5Ysj}Ate3l>pccPQH*z(@vweC{KLWUpsi-s{XDBp02cC9Tf_7}HK<@?0?u43;8 zLO49%bPG@S(W!Gv7=m`CFniy9H`}4)Sj?^m{STvB*i9ZXbCN8LZcz{E%U#Im)p7H2 zH32r4H^+E>-A+c(=%L+PqBt*=G1HaTO15$QRI24NEsvHzTvTMnsLa>lJ~HsZ z(sWC|)B!e=7tEK6Gh3vdFAc~`;|%vNSg@h~#_W@?EW7-C#Kh}Td{({xX+SUa@(!3x z-F@>xO(m0^QpRVYjF+SwP;De>tHi{c2l(UY&y%C5VbIlx1QLY(X0UxT8gJDKN;z6M z`u-)r`*S)(`FjI3>@7+`8+(*^{VxDzK;jl6It20h- zkuF=CEpg1d%P(#p;}_l)9Q23G(~7NsHyRy$nHfBN`ru|`NwqWnNA-Q*G=C>WjU_Hs z8`=pUY@h#vslgBd_IWLvOZqnt^RDbC6KmwNB^ZvfeY*oAltDA|0-fz#vv)VlHt_Pj!gAPIoAV&Wjc4yM}Kt#YivTg_ZJ)8l~RgqeP_N|GR{%@Sy!3J z9HzXj2NQ;#ZaklsyY-;h*MK;a&%UL5P1ifaH>m3*b7Q7@G@wbUuKkQ)te2AqxO*cF z+38ic1=|*w6zzRYTn~&8x-jgXDyycG-+WrQTF)l!!tg#{k(SnyaHFWFoZru~^YOWG znbd;O)8g|e8cKtr6W7`|+)n-KSa0Dgq@Q#~IqqACrdnySU+`j`p@+_V{#-A<?M2 zv1{qe1Sp;9-OMT-!{)hiu^zqj!}<^FbYDqq40GIVUM|LPZdc~oMyVJD_wLpy1X3FnD8&-&sVM1z_Fgv+mLa=af@-vf@ubI+3v#w zgu1-vPSfz}M$~U~udY_(^QY-EGRuP2-&V9~s7Km?miCUYDtT>nH zX7THz+d~}>5SV!k6T8kVm0K|jk~9>1sy5a6opUr~lu;TeRkujeyxY7Wy=3FDPS2*F z83#?Gj)7VBSa@0yHSUOHRqp0KE)8K*BUHGdio@;dmZRJz54GLISNqf2Fs&gbx`A_f z#ae#Jji-i{(lMeVllI{;h6a@j-9N)N)1TGCcQN0qb*}{P>pMDGL@gX3qjsPp?Vk)3 zdkaq!_!+q1hZ2Uj)|Cd`yc=%GIN!9qc1Bd%XTFbI&i=T?il$H53_6x|c!T3KGtQKe z?}5uB^{9uO^m@*uUO&&~_(~%1Yi*;G>y*UTA-hs8*{9~~q#wJs_dDORfo+fJrHA^g zMvKg%6uDgk`0EVuD-$ zV5WU;iU^N*Zkd_A)#;QpyW%V=#e(**4}T7 z#AQCnS-9+78S}wgYL2$5U!$C#ma1L%KWfQ1Yp&AJHy1Sai^~4!FF*n+p3tj{typxa zDEu?%9?p>=P|NS}UG=~qBg-T=<-JmBxBY|Hw7lt0g}yv$#khxWh{L2*=B0s@l;6)Q z_M|zW?RN9_ST^5)U@ks!t|M%Ei#uxMBr->1AA4p3wIOzx*K}wABp?}amZL?j2v|ao zz|r~9_(n;bD`{=<`oUOcZjO!hG~aG*-4(?-Vn%-{;tD5*6nTKO})5JFGF3 zptSAfD0`Bw@@7^I!>vrrzgjkvpAw8~lSWyp-)qMI zlJC{JB;21ze^mUnu>l*Szfr-^W)1O;LBt&(N<3t>HPi@5!04OX|9 zk^?VBfTep2v-rpmLPv{32TT~BVicZ_nd!srCmj!%_;za#J-l|(@w6!;M@vsJQH$~g zl4_^?n_}0ycf);#hilZ1nRBiSaRkQeTQCs7>GTbK#*yYXwMnjW2=Z7mtM&``znZC1 zT)+RiqojFMHRrt|P8;x$sIz%BI1~gJYaLRk)%|~zU$5*Uh0;8b2 zO;V+Kb2+o?2xeH6Z9FtQHCQ6OcKa1J#(;tJe!m(XzPKNuIr;qhroKz~zPS^iG3-XOWE?UyBfq@>@KlYb$V${RF@z*02jUPG?)>p3dQZ`ah$ zclEQ}%DSeO4^vQ*nZzrF$fTKhT7^NF#Ari*|+0LIiY7n)yZgBG} zaW!^-&1L$ri0?(o?7b&yH2)gb$0(}JLCEy}`ataHK&*%xhe;k1e|^^S{0vUA4F@+Z zWb~&Qc{Q(iaOJGrDv}zh^ZDv?-)!gu^WdZQKsH~0o))6ek4q4Gf4Jt;6WlDk^pbWd z2T8`%3~m;OYX9M*88yfy=usSL8g*Mt?P!OOA>%;v!zX)n5&m!m_}Xa zaZ5%SzV+NTei|mes+|bFY?oeixa;2cLE5# zj91>UaR&sM`?F8E&n#B#C0l0}Jf*2y{FL72SCVaP%b#C0Y+!#^O#)!ukK!@x%U{)6 z!r#|jnd7?Ax?$0jQWB;)ql+^;GwwhtU)$mhRdhuX=VczXj^g2tW&TjC*X;YWKh-wy z`q~_3uVSHKws~jWAKvw^S;xo8EoeFTTpdV|BQn{%6L}>rl2E7F=XbYyFKwLIkm}*5G%PXaxr|qMc z)>j!bcEbz?o8|V(`Y0^2ImX%*=N7do*Ki; zW%|(i44avL7yE|dgQwr>F@`nQi=ufmVLr=3k!?f~lE|s)HgSqJUhGQk&r-W>8_m70 zDvmABe_(5gxLS@u7rW09+-=Kuxg(XId<=bud97sOUyJPJd^zXG_m5Ws6N%51cB}qC zUBmv4kyvJhV&|WuBg7)7`TRb6P08wj`px04Wg$Y|ImMli3IKa3WjM-V=(1}N!xD2E zUhO)0BOu6DKHI8s@x5xd5#()aki5Eh1Q{YlyEnqlehM6dn~L{wTNS2tjL=8&qZRTl ze<3lYttgvS0C)d$9qj+zY^pPfBv5G)qzssNAegig(VWb(KGSC~D zB@THW*>V;HT0av=F2%cp-&2Ye3~IsPY!{#i6o=sl+J`PgzZEHbG$r3i~Gdj&M1&#zx(+RQ4jO!37D)` zU=!$tD65842eMFNNbG8PeAuobd9L)~uY^`hHUTpWEiRQJ&+SfX{oH*SpnnO8mR#pO z*wgW_j8pblgd$@y(!RRKS4B*8c*hMAU+u{3G)hilR>u|AEdW3jx_T4yEFfTCaT6^) znYecmcw5j>USUZ7u_^||kza?(M+)K4%JZmE*b}f0vN?2KBB;I@mXy>!L)7-HIYvhY ziSuNwaxWJ4D%#8|eLOf%>D@pVnAM5qwW5-Ho};7(Z_#iBx}cd!nj#LMo@M|?(s>Lh zvO^fFsjm*FW`*MEaoS`xTI)n91mg%FRx|TIt07|bpR@V@wxkX8&bYFPlY&Z+l0D2;qFLk_FLy%O9RsvJ)R0mg-1~pFE5`TtCOYlx%s?Tm0dZ*ZG*9tV$-`pY~bO5sV_< zEYBX)VN@Nf-=m1zLcmFqDy55I_I3efvejVIBqp$j>VlqXQh@ClzK3$wMS%0Ex=}m^GzpRMV0A(vWGGjpwDs;ojl`uv z%{t<1{`aR@&y*J>kcwM7I9b0t-Dv^9TOBd>zDNmE<$9FO+p9Ek)A8d65RT3JGN8{@9R44^6}EiM6duU+!;lsajZ0K7Oa}_nM|WIGbM>^ zYm5<7C;9P1dgcbpVu`muR%!4gkNu5rI&mnB=|(5uIap$baHfsROH1d&Wg7El*1DB2_u&kv<0 zU2kT#SBqs1>>)LY>KgC%cbKFr#v>k4cvEm(m4GU5bow}>-t*l>qjM5M&9kqrCcs{{ z8jW56dp~KZrx3ofI>ZQMdzt&iO2#3fI)H?B|B}zAWkY9->K8K4DZX}&l*s!ontUfA zwEWF362C9B@{fB*rUA}R+A>0ld;pt2y?+{YP@@d?<@$nh05~+Mk~yA-Djxc=XVwT% z8JqKF{>ubu#hqKWW%w9(pWnH9J5{G8fblHM1vhgZ=*uaLj^0m361(KWN1lh|ckt?; z)0ee`ln1LTu6wk;IjfvgN$rwWND$wJ%y?_k=M zgaiU=SG?Y_7=<5S)iS?iZST$Ac7)fA{H7hun~SrNz!ydw)#P%2hG6{5{5F}o*vIvl z!hWA}xRE1PP54I-5vS;Z8p@UTj!UAqB`!hft z(oE5tRUA^kQJ&QIzzWgJ0l6_U6($@eV!$ly`{cQXPKQZ5M8Wtb0rTS)jh>9G^GMFI zpI>r}7OD+B6jVGnY!Ow`kGM?M@ZdeBb`rcd9rqde9$N#XekhXw$7%ztZu-x~hZ`J; z8fiD|^w2r9<2`yE72hTdgAtjfd2=b|hpyam)d{#Ap^XtlfgRE_LoH+d=(h)RD~|=S zmD_rUt~QJ$x72ooR8kj)FJ9+lcF4*6^LNOrq&F(VPt{)dzcu$df_Eo{e}5ll^yct9 z^A|sE53uuy-#A(nA3aI)sNstpIjzw*#vZCi^AXl-_?|2P4>Qa(HL!hyD76HU@wXb1aY$S$aS7BB;O_X)*Ab&56peDm_~mq6IT9t6#jhORHP z>SD7Qf-lbj1{@>^gXrA@sg?>UUy969-x2r}+sxkOw755LDtfP{ zznH);mGQ!=W$d}Xp4zC32*XHI+g8{nIqesbc?kAgjz8leS4R94@JlxTEq;k1cyxin z=+IcPn5fnSl8EvlD70x~s+AkqJ#CbyVHoBpEL53|n2H zb~+z6C_`c}R(zdZeO50Q)Rnne5ZUTd-S(8K9|;B0yFcObpDZo;sWL0DIbl8VbDKqL!1{v)9x1! z{jp6Nf^hBBUSusCPl)|SwpUumFWZyLTP<{JjyNr*2~bd>)OI82S8Axxc_r%rkdP4U-oL2ecz5rBkI4)4o*zis<-A*v(|a^ zd?a}MtOs-C<13-+teYSDdAB@{_3k=j)S-XSSA>tJPH*ebJ*Z3Z z@FRW(yFffi=@r=k_vb^pLGs0d*6mTSd>R!&dZwiTKCsP4p5M8odlZq&HkiM%jgf$; zjI46Fu(w4YKpGM8K};t$z0i3W1RpO5U|qYQJak+kYLG@Kt!$?@s)cM5>BXAT3<>l5^ldiq;b9%_i6 zfdpzwa#+rn0VUF$f{KRq_X=5upG!g4qe0~1z{^T_N@L=tMZ`^Om3a*LjvK2O245#z z<=*nc165P=WODf9=vjmp3P1g*L5poCd{IvGzwK)~WkX1eSXs-*$fn0*!sY1c^Td;X z#hX(GLh3e6W&Y@Ji|OwR+583J z27@0ftVbN?`fzu@;)o7YR;ka8=+}k_)0aX9`&gTz@BUyKz1@3DFS&eBesjSbR4ts`j(oj- z6K%UK&3fGU-5orL(BhaAX~s;*!HQBI)<4O?ZebGmV0iOE%~g^O-%jS9u&x|$0-hl9 zmfnS=1(8LB;&CG|slzt5#~+}3WN}RF9UBp#&~D!jB^~$k;BD})JSN1tcLP`v#s*OR znHAw`9u39pgupjZZKHkP-d~Mct=k)II>JZ+RWc?zRBcz8J$sHlLMwJ8dRCD-fFIhU4qOb7zfL0@x-Vu{< z?f_Cw&r{<sbJN1=yb_*6UVHX(O0yQyRwC(nE0VOkt3c>y}vsmz%%YT0q->CT-N zqfMRJ_b~%1b`i?* zp{M%<344C&bghOg3SLBk6WIwvm-=;&@Y&-l0DCxN_Z;vqo<|>;JavttpCB`aw;4ih zbTC|AKCwNF+8_wayD%@8Qdg^1#uaMauu3$ziUTK&di>~8+VMhC2RpL|bP?C~Rg~Wz zfuAyNUqIjJoftM4GjS_1pFsQTmo!K(oPf>g@3~Qm~R{*N7o47yyJS(v&p4SLm?%4 zEb956_TS#7y`h)7>vROocr@dD7uP!X57PUqpI+7CO}c3w z5fkj7amhrs4!keFNKXC)2mqj_{^PBSW-4jXl_Pr_y*BqYU;0T3H!fns(r)+k(=|dMoC<^xQ1VB zs5YniDQc|(s*xdgodMXNx^-DWgQPvdAiYu=jp#e_NI3N8FbUPruwvI9>)aNPx>J(j zp*QR73VLhXZ$4hSvv9CCeR_kCW|ErfYm5z9(6j|%CT#((Mao_oXQKLv#P1=!d@oWW zC^{Q31N7uvSd@FY4hE>=df|(?XrFjRd6j>))>H++OVnzVDf>gdxRh=|!z7t5)P6hA zYlY$A;a;H;XJO6(j9r&eAYhuX!a=S2{bxk0?{&IuZA#3AckJ?Lflhqm;n$)h`PC?E zs+@zZ9#ms}`LD>yU=2-mHKY5F&eHw<aWzr`X|
BFySGf{4oohBc#iZil(`yRWh;ShW@6V{H;`)8 zF3FmovjYLzT~X}MBXgM+dX6n@oA32rFh@o*GJD5>Y=Nj>*Ec7x%st)mMX3LP+L0q* zyH8okRIn=rY;OY64px)Tx%;-ZZzZ~@N%8qTT|k9f&(Q9AT`nTiKPh?{cXPcWAWQuscTTXfqPCPt_+F6@h_sMDZz@d zF9a)r49$-q>RL`W`;NjvJe5FWewcX}sEy9Kecl)=^}xVm;r&f7N5=0!^fu6#lJfBr z4Bn?KV&8!AFaNj}P)MzB&9+K0?nW00Ja^S;RC)VA5|CWMn0Zq&_l7J=i(Cg5UtZs7 zTo*_j@VjNojsl0t3fjK4TT_1~YZp;y;}})*xu2X;~|NA!bGBr9z*kcxD z0B^D5GB-nuIz&}RmygahKr~A4RWV-z8bt7abk%gQGXIVCMH#@Jh1s_=Q;eurEq>x$ z;GTcaIsZQ3i)Y86q4w4Gt$lzgk;16#>JAT6X8>~)YYF^kqtK6!6d5J)}=siqJ!oUY9c2SoMdG`PnxD z=!}v%a~Pe6)?F@l`s_wD^Y;$l>#QAcp%b*Fi=A@b!Y1<~G1#~--(GIHpP4t)2%avv zFF2ANlx_%>-9@W>oi!|=Va3XnLKVfdiha9mbPJA^j@e&6@yk`=KysSYoLTwoHcv>Bu2 zflyPWN}2{J`fzbLycOw>a;SbpaI5FY>^?hG#>`zybHAKez^i!PKEGpy>FOsmQ-@pl z2!9hF`f)6h>4xjoWz%N7zyy?RE|@6Sj~xv#w_ZDoLbz&B@%wPr_{V*J!DMHfA@QEJxC zMq~)mu$&~05Z3{@uaIKVTOmT2$jxf?hZp}Z*4{j>#;$!ICZUX_S%wrzvj(ZCZ78CN zG?3<$R1zsFvdPrMEz+pmC^V@g&50t7L@FvOrO{BN`90RPceuab=lA;jbU)UkW}UdnBqQzZ$NNecxCpe^q4{`sz}ojvrAFrh5WZpsL5|JYZtAGJ~5n1GNw$+(+%77a)@b% z>LsB)BH~?onXv(6;Tve%a?uKVl3nVpjbl*DMit`+x(6-qIA(9f36~-_-I( zcrX9Dbg1X1Zy^~wvQ^v{H_%G}eQ8Y3j#?PiAfC8X+;^fEpk?5O5ofG_16#I7dqi(` zipYB))^>^?sIAkHJ9#?gkOk{{5&o<+5jDQad9}{+!1QG)&NpcUog(c6iKN7jaAfx% z!|h8bq!X@94}nks<$1>)>XwYDXV(VK&B=s@P2JP@>G`!E<=hW;zn0ziBf)-ce7#|6 zc3VTXpZj!CkyaH0=Vp1%EdMW!fKzKvd^`ecyCX3$YO1J>$K%?fl@!k1XTrbTyFzyG z;nTHA@Lg>D4pZ#ET@Q^CcNzAC^E-;Lq`zIfEnoIR)QZoClf87ZHxlZ-&YTp}J>9RA z&EVi}Oc-TrDt?js*zRFB0L@f=10Sy}Op7XL)z*|Rmsx*pTi+MIEIp4W`%_cAy4*H- ztJmx-Ig7Gqe1r|sw%LiO7$y2FIe{bYaLE`w4YT|B^XUqcbI9MH=6*?rwJ+W|p%(05 zH7ou#axz9&n_3yp1)URpC_%q`4SE8}$z-jW_PZrHhKD7XO?#S?@0R8xh;+6crQALb z4dTX+a%!FBDu$mdS4&Yb26EmgLC$+WW$|VLA6t!P;fFew-A3pY^81v6t$f?B z;R}uX&fVY=uHR|-EePfDfOfM7PCL_2*>{f!s4BS!>E1q+RnRKqGgx}JCgr$rj)1CA zaU}ei;T>I~$B)G>6!qHa!zmUZ}5HLCV#`tZ47i8dYtjRBrv7LhU)Z*v{@u*QOEsy0)>-96B3i_M$T zo(m>dQ`EMqVZz(MY_uogZbtu5r5&Q7!?*L-=EaTsye?HA&&bdIp7C~LzmlqUQ0%a> zqbt$*#@o3_X4MEf-{_+(Kg*R9!!OrQIGF*u2rS(mR4_*_TZyZXm%ehM7z)kr%o)1F zGPOl8yINy&DpzRaO)uZi1Xj&(Nd=eQ8rO*H-XkrGlL_$WJe#w5Y?l*FGo+6Jk-T9j zlfW%SfhWDgWvtERuD-d9s&?_!&pzYBaoPBW4j{sJ)f_6)J3P{e-?>teZ7yz_7Sws`V@JVNRm~_(3Ke*rcj^(zIT|{>cY=aUH%^gLZ2tc8_>z- zJ;Evw@vE3}kGW|>kdTcWy+Bm<_OfI#kLo?mPxrV&1HLa>S4QA>P1OYlzN5imwKIS> zFK^2@BANmCowTrU7NX{d1eI5a_9C~h? zx4owy9HKXDW^vvRs1NZ*)8d1yAyb!er<$e*W@m@qmW_|!z3MZj=izZSk?8-Vj<40q z-LlH{=AXJ}6X)?!k-Qs;KxnjR2ijk=QVv5q)LePz%hV1lXF@v&y!*&Za-N@gq*3AP zJpNx!z$AJNW;Yuju&&zw&g3+K|0}aslaKQLR`S~AII#Nevg`&)cByIO_R(G43;45N zYP=UOJfC7?#>$T&i^WE&a=k>|p|!u=W}vV(N{+>Wg8m~E*Tz=Q2y8p?1GGphm3xQ3 zkd5~b!Xub+$jW=UyYC2E8;qtt;ziG6xk?a_|Atov)viq*KBr7FJ(~$4qT~GK8h~rlo_v!bdROj>|w1a<_Vp3fgs?8 z+bqcC|G^d7{V`|T09%vBsCD_qNisDW-Lc9IbAqjg;ZUldZn}eBc>wv0XUw=~4&Zsi zC=vc)g0EihAh(ZeNg*KripPQNpF5-LN9x$n?8_TXl=dy`k}OOo?E&!%Wh((b>_)|? z$1yAKjLoPIR2(2dRQ(>3WAyffYiNl(-vkG%~XC(m`bYIc5^l-zS8_*SkVc znz!s*&vXXQASErpTXc~rD1RYWt01>)`NSL*qLG+QbXW9JJ$!#sJm5_w=aNKM3R#iI z*8hu9`?&_5#RCtY8XgKo==#0%!w&#?rp@rv(3dT=0@;(63vdYUp4hoS^{tg$p)Kcg z6%bI|r2(CkAPnv;%CsKHV{0suKK(U}DCG{4*Wi)%g61)c8YY;*-m{~@34VsS;xhY=*QQ)cjMep%@*?`O7A z#G5~VvC&sY&NJR5=`(dUsKp7yI+)`e3{6(DByOv`eGFY{P#s%i4%iPE`EG-=V{Cl= zT?OZdxBOcZ{MinOI|)1Z^%X6mB`^rBI{w&KQLN6sA}qg~)sDgB zhrMXA%1&%-8L_Winq;_KU+(d0R%T5c3zLBTzD89kYCX40Wbg)5DV|VpIqX zL7tnkjHGMt(%wD1!1kzUzjlg2D>5*diej0gtD6sf)m8;7`vDu)Vo&A$R3hg!yK|98 zvqf)^BlNWF!o#n&-m1tC5Kh|8zZH$3k&b$EV9&0GF=jiBDdoLK`Vy9~9NeZ`y?`W@_rmg%*wi6I5AK zWV6}myKu*L?N*zBK;Q=y(m^3L3+APoFAV#@>G zUzP^V(P#bDlhM77<2jD3f3Zui-|uI!IY|iVTWgS;9Yqy@xL-Dfn<(1g?a)9=x&~U` zH_lXO79xkZXl3Ax{SK)RX{N;97U|Az=NmO3}TIESa_v_B=KT)`=X9mdW zf4d*IR?6(aqp7O9f09&^AI^zH{wt0@P}c?cBVmx;DnJYuK(kQK-jLO5qIV-d@XFgF z^6)^a4jZOZHw#1EGO~x_&wVBDE(v{>;2EwXfW4OM+{??H)dUqgsH2Z<8A!mY1C=SmW}PvK4YJRB1utOit9F)n1gWOzpSYr#FYt7 z^Vq|-GezI0x~Of3pBl=_L5n2 zxV>CRe|u$V9GZ^GINSrQ@;|ugnEbiaE!!yh;%3V<5pUOyP$Ua2k|CHcF9e{d|Q|u7A zgO8^2X{$aY(azOV*LuC=kJ-ykZGueDhNxbd8Zj=5QWmTcHlF%xvmK?l^BOdi-{ zv(^4RQ=+fqjF}e^@9$6YIoncneo^q9pv9v09>!aIk7#3SQtRiOyJuF-#keg1MqRJU;cbCPXtL|J; zlwpW7Ip}iqggEFX23*F!A9Lfb2(%r3dRThYdH2gC(yW=oN(oiYK6?cL3?TArTI7&)11e?1mjB1U+O7z2Vw6_djdE?(q`BKos zy*a8VPk5Qp`K=pc%l}4jK)FA|)jyjI6n*2MdSCi(hi$VJL&wG$jgQ_?{J2?+Dpgdq{LEJ{85YFO^aFD$09(!T63vBtm@xO0{ZU{ zz1@5?iu5tp&7dk)bs;YbM5WNkepBN85IIIu93w_&-e}_(<-6=&F^`dgRWopuXV6C9 zf+gLtWm!416#z@59YRe!+*DPBSP~(k2T$#`-`@1PNtAJ3p$UwBl)7D+p2Y|W?RGEN zK+=Gd5fV<;P&nO;V=TJz%9pWU80+$7j&))8=qHgK5NFsI#?7I{EP>R_UU8YsE?GXK z)NWqCiEdne;OROIe8cp?1r%!VS~VMNys<{etNk^l(CI z^b*U7P#`M72b5K!X3Vz)$g57*sIkYT97F|ugm0EFW@R3Mu>3K4M}rY(@!z+FlARbK*zg&Q zSp%k~-Fy24O>4tU`&xW}U!Posf~`8OT|;j-)|!zc;9|6aEjO2*^2`t_X19dRZt|8J zAe%RW?6!r#&4ck|PE}Ve!sC9ts@JBDi&jlk%&ww<-&|L;qY##luU`c~Fsl5C6_IH# z?U5fc-Osaf5tb3KiP7Pvr?dMOogCi1y=RDhnTFk*Ego|H0j^$M`1S~bYKE`SkHLW4 zujA4`f!&fQV>Rlyq{?_WWLrG1&`km9KG-y_m!1frj3r>-8CMDWaZ zY25T)9yu}yrGTqP=H&9o)eAeUC_z1qwEF@3XQI!B9!s3q%Uc9~kpNGkAH>yTwnkVQ zQ$Eq7rkcjXKZkOwz*A zN*FD5!O2%SZAsf%?CF(~_$W8p&bYU4t`^$@CALFZhl#VYHw8QC@9)w{35t+B1Vv8b z+=pK(lVk672+B5Oz+a=t4 z6+)5S=}g9$K2d?qHl2Sde|Zq~LB&-Ys7rk@7&lAV@UhA7n*}`Qn43|Dl^luuLD08t z{dW(lB3QZZuj(Wj+HekhYNiM?#iD9I8W7#zG?Qq&T3lE9|6SMUKdq+rcAS(} zXEucx&b-1nDeHyA?*4xZ)$VVFNSJ+JWlC+HEIZCg^m=bNi@r(`^orLg}u-cXfs222t2VCsMcECRVn#`v~m)ztyvo2;UO7Y4Q zYP23h1$B+}5sVo-RNUHiZoE3Y|M!wuJ>e5mvm(&>*QouoPyTn8cW(y7JiE(<3{>Df zxk>oA{5KNsK%?gY9y^M7tLeiwBHF-Tjw~ zs)8$epNTR^w}P=(n5EIq^y8>K1!&Zzb^YGNy(uSl%Ar~EUv_=7X2D1$GF#3q^>M4F z@$?gKc0zKdksk9MRRpcGN}H0w3jKelm1ve;Xx4XRHtX|m#1=BwzQ|cQ7~D*<1n)QRirXk=}j%S=N9H5Axbk2f`` zX~$b-Z@20jJ4*}i0gE8hci$&Ou^eQ|PDZ%_j1lx!A)MVDL)mG+Wwi$>$jrns_0^wq z?l+$iy!*aoMO@@16goa*5K&E~;lmt{&Fa|y>hgG_TPU8DnC2g-P;CkeLVJ(+f}?18 zj3aH)?f0*hO!NZ0{%nRp<=Ek-&&Ppvl$Tz1jrN0hQFVHD;gdUE9(TAb9tH!~JLN+! zNxzWJxa!ZCQ!mk0_~OYet1=uvW8i}~k6%042QlbGGjr%pT69?5v*m07rWh33@A_uK zWkZHwZz?lGfMkdkF>`l5*Z;nc&_lG6#4aKCb8ATVqz3S_>Rs|jUp9~ah<6Y5E?7Kf zRX=`W%1ct|BaQR@&o-^G?kYTrI!<&f2wr@?{(S0^7TVZfIUd=Y=XR&yrYW$>6G+Q; z>a}OO)8g`H$K@9VT^jDr_1Fanm&1iR5vy*!8LL*mg*xlXwfz^yZlB-!81p4!jG-V& z@0FqE;|Q64xU@%*_moXTKS$bMdK~;2m_d5ioHS9;-x~|V@awu+&VymlS>K@ehhg}H z6RdMzoAWWzMaTZyQM;k<$v#oisN3}aOslx7_T_c*am8cfz+38z9>@`2Eugw3Zw%d` zq)g*88rkl2XdYc_09rwZgDAy9?+1%-jIA0Odw@AuuofPd8zpU6l}CT1RiiyI;-LaY zfH0LtC3_0_PIY{jfm1*3o`)!AGK)OIc6q@;R=O+3%$`d1dNR*|-UdH-RffAJW1gcJ zI;47ay4jyoKpm{CTlO2CUnpvvY#ufCu{*7LCOEgbeauboS+2`MS5OrANQ05IzgnTz z9(kW&4*^#!E#<}t_x%JwHpLpgET&Q+-dywT97M>folYSW$6|$J znPX6$$xw_(AzW9C4dj1k&8rl!mbcyY+h{2m4VT zSm^!bkW>9U7iQZH$vJ)ajhGzsGin(EZz5lhcTa47cB z20;+68s#xI*pZ9@4}vh`yan)4&;0t$SXhgfk%&EM8Es^`_|@ zZGOWmy?b@pC1nESb4Hjku6FvJ))q2k_~dRl7k>N=V}IZ7oc;^p&_kKTsS^sAejKjE z#OSe*{sZ`!d)~b1rq)C`xC-k?N4t39u5|IJV-?CBE*9S|^%KAWsXCu=w`8xzLyqi^ zJ8TvYo9uEQ{OCYvFAacAvJImbq*K~MEUmzn%P4OpfVSYtZIl{y{xZgUCVA+ok2Vki z-deGbG@5-5uUOMpCMrGK21M};7diDyk)`M8Oo&i^lnY6Y7L>6Jm66#q%Xj2LFjBAN zHBpg4EZFI=ijpZye#p@54KI{`uYiMpBO>Uvz+$D>I~kO_3utmlCH> zYiDor={oPwb+$jl(_BsG1TBv-shM|JA(b63q5Oe`0^ym#S7kp#=3a;5b|jXbr3#Sm zAP*9fz&j*7w~}SNLo-p5IjqzEi0Hq=r%kkAnFK%c4&`T_|CfOd>lreN|I4-9LlU~0 z3(F^_DdAoOlY}lKMM4`Vc5l>T&%vfwO``UnNjfI&7M&sq-Il5S zVZ~RgSZ8n_u;4Y>VK8wCwMi9m{TFEl&Yc_zTPxB|@)PHrvBh*=_|W(7eTpTSx69i} zT>9u=uWbd^rmfS?cy>8rgFDQe74upxLlAd)ht45_gz=fIEjL;*TCdY(@KqrJ<&j0e zMJl9`S6mY{iT=5LPylpZtn-&c|0LN?d&dI(GtZ{pqm(XT?Y!@2D-;&@CDk{Ii& zS`Yoh%iC}n%FXhumLv7^8Gtz<6RwKpa1Ne!_3Xp9?TtV>>49H_3m5X?I=3%D-kI(y zL5R%>7a;tXNScP=f<3B|^;0IMsbmUZ9&dhd*KK4UvVv?OqHi2c` z^m}#d1|P?R-vgrXcB8}-a}Vuqs#BWDhim?YC4y88L?vS?wI5EB*0Y?CBHEsbNlhVH zaY*R45*4D2;gy@hkI(6{ar^xi^+Ht(#dhW&Kej8^jzR(;euQAGOAtP?H<898wli17 zxpRhg1-cxbp{`$3zh{3l=C6?j{=W~>Z<##sQS2}Um_j`b?VsP%PO(hPO(}pe^FBHz_TQ2tJ2uPEauBqQQV~jVfr3g#s@fIN>gpPn2Z0wZ zv+u0dsPpa8;u35lac?n08+J^2_JQpXaosJAhe;?j2StR1hgX%_A;9?UfFpssO=#@F zV{pzT&mSVAbU|uEpG0+uyF^};z6e!}PR{2~f1Mc4F^mSDhgx(d*Wa_+uq)f$d8qvP z6<}7)(E>{1(`QLtPsn0rmFYk2kFjoPD~~cA?eqDZJCHOMwwOM6=gu8**}8t5rsvea zXq@KvshvMi5gjVddod3}Wx9QDHO9;fd=WyhKgyOwaUQ+azd#-6u0Wm%+EAxRy%9ii zkSh9(LxUeyxzpLMJejjQrL;EdaM#`F*N!ziK7;7|dreP#`L1+~_?iFjkXg=0!$CE?Ucy%8cHFrq z>+p)Pk1hQ^s@r%kSe*>yJ$Kj(^qc{Q=bT;S`N<@?-5T_Xp^A!E2rUAc6BA#m4CB|S zZsSq1GtJI0duzzO$F{3GTuvqNHdSiSd`fT4EB-5urVdpg*X}p}?M7r}BgOLlk%5Uh z0vY%@FT!#Ptodxo@Ff$ql=&d7s(aroph8`cPup-o7G3vd;yF-a@Yjqd`M!%cb;}7{ zFPSa4>gM;ZH^%CmF##4`zPinaqAD-A>Feso=+Vg>+^&ok^lj&Py=z(2^6;`FAz$M1 zC4g?#z{umd7!b{->kcjxuUo#$vWKsXt@`rK_2ewp{tQx+-8o~{OH5m)N#0raQ3$>* zGhVtZ5mR~D)KuOv2}P95boql!6+$zB1&`RJ+#*UToLqELy^09dn+TqX6nfHig;Kf1 z&tJ41!H93>P{$nYpyLWjv=|>cp{OR4JfqPu#Y%*JEJ%Iq=lrHG+gO4D=(0r^uwP3ZZBm3TD9$z zxe;#uKDAVOD`0)Un;e;=+I`QhY~|Ac3gAbduFH|?wLGa}e{htAgp_36%Ica_bAF$ zqnU%e^ldYMjd7>z-LI$0gF~TWX)A+u&UCS!(w>GssxT+ku?lT3W7ss{&b7pjjY28C4WZlU=^T+Zog zldf`sH7UzYEmm3yJ-A%+b0J;=Fc)goesU4EkMSC_B|<+;7*|;0a3xYqtYhY&)bqGPe@g)y);3Nv{IVTV?WSd6tmuZr}+5 z2GMjK%my#2_r%dSgHQ}b{hKw2DNXZPCo%VcH5D1ZvRLkE47iSI^N`8>-EB3oQ>r{B zfbU5!ZFTV(etTWK2komX+^+)mwM4(N%a(d}4BzC@M80LwOR6GJ_kmQrUQcWQqX<>N z4|!c_oy`q1^zQ1~^@C(0p89h1eF1E$uv?h1fSVB5z{_t+7)Fcvp_q>>KyprAAB=|B z`F>9bO4Pm9>t`3KT<%k5G?RSVMDyv|RPMpnEe7}o!~X_R28Gvubbc2vA<^_@v)>sk zvi0?nxGxgPIS1cUEGA%IU2l?F?qBi_FL?1U+)*@W+)BYrP@q&4{lYFpT-#=?Mkdue;d=*OL9c zzn2Pr>P)AGe#?{T*Mw=oa9BV*~ zRlyvVp#Y6_K#UvMb6jzy@Wi>&7m{Q*HFP9YwE%k_ZXf|nafVW+t|IE_BZE22%45A` zOn!RiP+KEG*p}I%R=s8N?3+xj5TFB4D#7%boS$|gev`j4cS4V_X`3L(DV%zM0k2wh z177-{SB>l_RLS)d>d_aNvoDs`I5>bvK14%HFllHBvcOvMGbQkyF*?u~5qF)FbU0yS zZf!57a#LiJI3U6`3}DD-7H~0sZQjIk^z-nHs}?o{A(bXLwLfE(QA1=G=uc{1e5*5J z-z$_To>78FSau^Et}QXUSP+14Sm3<(#23&|jlW(}Hp6-~btsmq*fGgpBFs2A*`t$v z)S|s-2T*@>MkXeobnlhoGDyZ>vyG!7Ixgt;1yTnLm4?&cs7B#WfDpst+W&M=^irk=c#wVAEdul--W)`sMTP@@!97c zl)gq=>R1TcQbkO0Wu3O#SOVUaM&MnMgQL~qM* zj_qq0%P3$)WDzcuw{^k^rFL@?eVpq{`=PDWP1?d;)wCtyuJUXHpmn28W_THh$jnBJ zI`|C~JkHXATN=MEg#JnRG3|*`G;tD>5M< zsnz~FHm4plIunnX$o>vO0tRb}pOG2EvKw-#{b1>>44jZ&H80gyq^4rJMR^eklZM5gKF>FFq;~ zp1=D>P{ht1IysvlU5G#ujsg09c;EhFya#_AlJvUHZ-n6}45$9tUc48?u(nKqd?Eca zB#Zazg(O3qn5Py~$1>*K*gYgb>3eNl`key*uMSBRcyTBTbY4zK1^$7I zO?#hRO*uHXprYQe3`GDa{SEG;5gR>2kFrdaBr%J>DvHeapvw`n zh^9&6K-EjbEW&h;YvVNJ*#}2!X26yJT7q;XNMf^0Ld|>uL^rSpu%W+{mKY7^f$1Fz zW878>#k-o1D_4^@`*k<=p2tEmZdS#TF0v3rg;Ej^J8Ezq2|8^vow1Vo?GAk;mtl)s zM#;l$ak?3@FNwc%8LMV&q=@!bj2!}ilLLU9oNZ<8sb|Q}!@8L5#J?VhOGx(aP4hP^ z@}a%wfbM*8y+GR&_!J~w$OPvAL3zeILROB&)_s>Bl7s8~D^*Vf$&(B9#y%i^-T1bG zdQ?>!G5H3ALVrjzzMVe|kGc?0bDk3DlQ8+LU(K>Ov4??T!RvI_)24*^W;qg*zZQz$ zYoBv$IWhThMw%0VwnDP=VPIZ7RFNRxeBT%{{iCL_jC|j(t0S}+GF=(Rt4T!?kGTMf zW#6HV)-7$)x;6hKp#NDn#*sguN5MJeo&LW)!eRnCef*FycAE4R;&Ns@uwyo@PDmvu zq`K|ZbBc;9#siAXLn7LVqLb^|U$Yk1bFI)IA+=)bhX>xT)9%lzDf&Kdfj}bHFZ-mR z4S}$lD!-d-+B2dpi2?jm9)zld$pvM$ic8I_YTC8K$)IN|6u-gnaLIjTy zMN(F~qVWoQw>G+7oPTe~Ly&vEq}&Dq^#`@jKpp(GU09(Cg-E)6#BFhDh*bPoJF<4^ z<;gO;?u!*&V1yy95crSgOIk{|f#m1uU48>zlIvywiqleXSShy@Q>G!J6WqOK!>{TY z|9K1>Y&MCa`iXZfg~0p!Ip6)q`YxU>AO&Z)*M`Qoki;rqeGQny$cx@?okBi$k(qwD zPT&r7;zPd%=^(U8*_KW4mUgW`Xp`D48kLFAhS}py-KBz!P_D}hd;cb1p??mt$Q;A| zEhI79SV*xht1aBoUAYZNI3i>mEHM1)BjR;|9I8KqG>3IzzOqKCFEE4+$+}DHBM7Xb zC|c3A*&6q-cdy4zAN{@4q2}1>=L|_i^|A5QZ`e@gn(6CUt@)Bjf!W3>uHcY$wK|Uu?Hc;u48zg|4m`r}~%5A`R$DGWwNI=L|6jJkq>^brS!5RXyP8O^J z^5e__dxPwWUVz_q5olM$5ri!jJ4|MVs7ephsxY?s%(8oFW)DF$DrrUe8FVeSPcFgw z9_6vPimTEO7XKHZh4{jq$lBN$&N)S?_A=bX=Q*@96ZLe)0ySo8XUx3Xu*_dNvjo8p zX6A=X36AFmcrFWA{x-P00{J0kD{(7&a9g*tw+J18)t|T*WEJoNsz|zk(L1%qC3PBp z_*-DGPpl7`PM7vx3XVT5L9Q@nXZkZf>{KzRgKUyA-!u-K)uc5RB%GoPz}+K(L_saI zCAcBhQCmfRGYwO{W8>Wo>^~P89#bEivQx`s!}>{_Cr=2SoH=hB>(zY{i4xA~`_G;H zyH>n2xhB^rF}?S1UJu9k#KebhZuxX==cCOK|6BOnHX3i5kng=^OMd#Ool<%y+2sBC zotJ%YSlF92l>^&?y(%O7hRWVm_C^RerzmB6Wwt22f1Mtm@Dgpge?f%yJs$J!^ zD0cvxG}{BgP>bO6gk#J$<52=(f&qn5OupjZ+M;1$cqO~3E2F$wz3E|kQe|Yq#Tg5) zH!*bFmxayl;8F0II5fHzO8vUqn=*;z6EcQjKbRPB^p7kx_U0|C@aBU6Q;c&=%8X^( zI_Drf1A?v%W|55dtwNUOl((5q(y76!R{k*fraQE^3M8K(WjF@~YD;!tOEmt&mN4DE zI%-S4V@nKOx@Y}kOK6q^eC)YIvbKbA(t;T_#2cZ?a46{Le;yE}R-%9U#F)|PyDPJo z;?QsHGj&`s*}^iU`5Toi6@z-e%-VO5MG@s1N18h$X+aJeQ|~$t@}BT+CPr)-@tx@( zZ~c#_v(eeMjCC64Z&7OU?&J8J*C#~)E(pL7XQUe?_;f8SJviw^Uj`u(nQeIg%oc3@ zPWJe9WK-V{Ac3-#j^M1fbY!2k=C7|WCmpMH4P{ivYOxHGbw70isWsB~=!Rwuf z6mS&6&kHh!&73ySd=4Gu;E#qv`zaatN)AtckPs6BVW5}6sYI?rh4s?-lnDRd-(K(# z*X*g(zBS~~_F|^10H%2GpI4iUbwAkaz(T=y>xzW2kz9j@KkqF7$0?9O?n_^1Gd#El zh>kO**#Z!`9?ZF>>G&6fjYu6X?L=buRt4M$RUh_A6UvF>Hu0NTc5I-8&4!e~wC`v$ zW|Ss0*!-mj20vbn^Ownc_)=i;LGbG2qZzD!!8C?1GK$!#i(YU95dlQ|J}*1;nMTol zZmh=^r8ip>ZiCJoT(Q2ZlO|DuNu#;MI*U;lL0<3>NHg-u=IaF3&Lf+D^I{08q-eun z0Ihdd6e=n1StGo^aw_^MG#LefxSd&UcdBfQ8qZL=ZVk5K`HeYtze>`uN0uy@$NfCb z>$)*#Xbj2R`W4tN+{7w6fKq{q?#BhJn!L5(9oJlRBXPG9W$+SDTSj=L;{zSfwu($HYG`PQ&0vql9kVDGsbk`XhV{VQw zFW&EUV7rfCJCAJw(_yKIWxq_yays$%25Us$&n#ma&?snUm7VVX6}w?Ej?%RWS~;Zy zViaL95?9Yu_dKuJ4;@HWYNbW@=p3-5Lm(9_K|fT=4Wb7bQ3}&<^?;BV5eg{ z`43&1OjVs0HzffDPHca`D9kFtp;Q?Q4Wwez$l@EI6kA)a0mhCZt2{uvw+;yoy z78T{xt;XllL*{*%YPUjKhD6HrONb`4WM!7?pTdQlW=jQXjMu3`^GC-)>O~*G)W7;M z!}O0LSsUAvaZdHZON7x(DPd=@5gHG9yC0ZxUL&)6gg{kzmQPn=M(je5cPq=omF0_c z?*KPdx-b|oc|#|9bjZ{z$xH&8sNezX8G?wOw1UNe?I%n1ElQRQ5i1&Y&W|WK0E_V9 zUC!@r#{w}N_l-|Sscw)~X@of#WmBKn!O1KQ9G`j^oDp_|u!%8K=5`l1Cz2ZeLhgrz z_?2{2x0PLsYAcVp3iP(K6ixaAhpWKcKgE}^3|-L<^i;B0)mQzCT(%bQg(guE|7{%V zo$YUGS?t}VGSW?-mCgDDct^2J_6mjw@!e0osTVm$d;{NQn zE_$jx_YJ_ghpu?SV?Tqw$`?#0LA%RBNX|r!PQBQz|MtbM;>8{=4WwKlX76~}@5&p^ zW2&(B%eVCSjO^CPx-{U-d1;v-x4n?_98Jr&)x|VljR3|KNe3TlE313>*tU8~@Q~>y zY1>kgqp@Sz1Fd?q^epsNUV)nfC5BfZ-dD1UMP(zAI$y2yd7?24P61*1blo?f5-bcO zAFakP^2qNaW$R~I1`;+_QJajFbgegJdcIzUgMR6?(z}Z_$);BUYk3uS6Pyl(mz>#g zSUve6i5GELqm1`({BPf5KY0)T`II^nT}IxcHR|^m=_L9!nhyv=OQxkn={X9t37ca)4?D;Pb#QAPD<{98 zCt>LA-s6o(*wbTYTqcS`Co%P?u`~?D^Yaw@S`_;ERm_h2SMGqJaIn(;r8;7&p*fa$ zs;OHWG-KIJ+le;u$t+Q*YjwK~N|8t>kUTEsmOMeKVVa&q0z#m(LW+bsw^(tMTV_X= z_$U#_G3FU4WAG+0{siLFq+m{`T3uB_Gf(coF9l+(BTv#!0Zv*4f_(z zpkxsik=;~5yS3Zhcf4;ou$!274gdB2|5zSrzjIwCZ}rFW$n?6ImK5}w@aW8DutF#PVaTa&F~lBGxqHcB-{3maW~$@I~?cY`a(GSqR8Gv z0l8LXo1MQ?DC{kgkyIXvd?8&IVHVR9r56*=Aar{ebNHM5x`uSBKDf_I2JxL|V0j9E zQE)e91b^kmOzI}w@DjX!3(C*Q!AgoqeHaR$p!rZ>>qpw!Y|gKhp{E_?sRYk3!YrCa zfB^X7_m}_v^*78UmBcS11rmA|k(AEx>eZEimob2Yh?pdZ7KRqZy2z|>hjKhFLEv2n z4!LS2Vkw)c8SgX^K?-gY4JP?qJOIDCht%ZFnN%!w5dPwd_Rdg>tdo*V`hK<@oMM9o z)736E+h?_aI85tna7zjdR6mf##2XHlN;xzg8_>z_PTd+*z2J!MSDyv>1Ue4*&(&st zZzr9W^ro)UNKqR=OWZtDPbrCnPBy7Xl#O{b{}(3uXZ6%@Fo_Wcei>nn(}J; zR0MD}=TVZFec0K=nH`cJQt*vY#6c?gvS{BlmMe&nB$m6g{1&z=Xks)f+^0`|!hZ_c z7aN)aD`TzHqD9!Tr1R`++m$P|n#RWl;-cPykABPzA%jc(o7dk@vK`6+EtM|tagDdL zZuNY+^67$LfCY|;_MpchUHc>8Ter;QlU|@)Ht$iWQqG6j9aurb>d$D5xYcq&U5(^V zubedkHv`{IuvADBxIr6N|L_H1wsQEN^Q|>lPue{sAam2^gFpwPun_%(8iQ1OL&tiW z#-udf-|K9#n(Jjk(Kc!=k5cHrvmY^1e}MfO5i%mM7K@gy;c^^#c{Oi`?>b@bdGuoO z3j|qt1xv7NlIw!p0^5M^@29J;&IOY~lWpw-z^2x6KPr{4SZ%W)viQ?OqU5;l^k=BX z{~!|)x#0MaKI!*#p~vp5w++1^(wVK7gt?DY>nPpQ^KRx6nchD=Q}f^)?YuU{WUUKF zo`}2z!l;C-^5&JfXK2Ngv9T>at&mRW{P8lkda#=Cy8(dJtLAo@eHM3L z*{wb{oIkD#fXU=71o5jH%o8SqJDzfe<{-V|A7fiKjA6nN(L+Hot>pLIUHe|Xn5iwj zGj*vM{GpOsFYs&!oqZ7CzYqJp`z3h!8a9eK{@Tl$!R1 zaAXLZjQbhq2#0jOeO*~T=MstDfQ zYhK?CmjW)1`)C=J+M{-XhI^SsRl9|jlQiAkGla>JsfIqq(yq`iaX4?;E4RSf{?3#+ zt1aV~RQ?=h+uoc0#=PUap0_ojh~MTrTZAT{YFpeJEaO#I>gWF{A+18({qLNSZ>80b zrZ0{hYnB-kCJ=0bGWU>ui6!7o9o=b_((XU}%vOzmx-ce2!ra=mvhI_I2>}YPjQQ@7 zIs)q3oNK(>Rl^gI^9H`=){9m)g_iEvRMv98T6Zgf{qr*`8oID}D zAAW+iLlSp()Hv(I8GN(M;^Eq-vB2+c6l}_u$~U)^V~GaQ%XlzpHnWx{!C7N|dO<6J zfGhh51{YT~SktMXWHFu|UUBgAY! zhvSp7#B+gsOHsP`D_`@$ED>1twlodZWcUrf11hSF`_g5%dubf`r)A8jL`ll=rfwf4H4=XP)RD9_G2MfN*C zpVRm1f6Dfmq^^o|AL|``Zt$Q!*z@2c}6>jOA19|4;FRWd#15XW&nIP^2} zPe#7_x@v>1{r2FO=>UDfLCWZ#O83fuBMdP0!~aejGQ z&*|t%uqY!%SbXMszn`MSzUoK5{l%{$8wu#^EwBv5bxfXngvKcZ#sdoz*5Se=k2Sz| z+)5tcUtkrf1gu~#+Xb9S=VL6py#=mUvQ5#vr%!4NiSLL5-FlBe7`!ru8m$I zd#+$#nX0>#E8tq%+7e-n&lGUC_)qbhzO5*krBGbLjng;mQEKBBdPUgz6$V0 zpL(GrY|9^AZmJqP?CsYO+9H1l?1)A7wT)h%%|=8fxvnirs~~}YwEfpifwgi&`o3K< zc|V(l#q!fRd|Vb)M`dS-*!5o^qex~+S z3jARQlK(sII6ARBhNF1)P@nXKQJKu5jM7J&3C|(o=Ke<~|1j$o$_94?v2E34bDg)T z`xC$F2w`xNVBx7=$QgSsiU+`xR++U?Uq~3s$s2HZ z_!{>DA(<~3ZqacAe5csFCE2SN0bQHt(Q|VS*$PgpU{bpl^qB6ioYUj%B2nm$>dvrH z+=9tZh=fYID+O>^c7HnzAWdGYa?C4uw0KPuP=`2eHSWG9uS;HBwn-zLQ&g&VF<|K1wekY*VKXC9FIti9Mv?^%Ide9scSA1{QFL3SI$nk?J7;I_ci-A|1B8Dg#l~ep?!fnftg)_r7Y_}9tYoOWr*pxFfuA`+ z4H7nit{Z(w1!q@xv*1%g_0-&#C}rjb2zEI$(+z;X8S8xA4oF<$nU=tAjC;J zZOk~ygG7nCiHX0<3A7{@2#|FTI1#23kV`iCewNwQx$coZO>Z@13s2`p31uiAmjNN) zL-Q~9_+}mJi)e}rQt7-M=yIWHRJfLJyl$~mz@$=wf?A={l>lmne!ZfK%PHAb3vhUt zb>UtY#5VYSy53b83v=IDHr=)52k(loxWf((_$^FtUS1fHl4ioXdF-3axZG@&-{lN?=Y6)sT(;i~n6IL1IJE;^t*1W=wJ93~ z61bz)QRJoLLJhigdDUE#2oE$t_0=Me1w5RGn43|FgSm z;TsE|V=pY?W@yhj*b4_jt-3{iO;GLZpTxCWIq>sckjVPp7hC_%FV+ps6`a-Q1J4UuuNa$WYVFL8H2=>=9BK?`wN#`Gh>H{?*Iy~4x~3T} zfA-W)0O7csN9xMCvwH(}LcO6>e0aF_)=CzB0;-;|dXsMxKm#_#P6zE#k+iSrOl{5g zy&q+Kj`~F<&jBTZRPninWj6NlB(PpP^x}dp@d*7U?djI8o$34}`ss`O$F?KUc{cki zJ!{hZ2H-rb2GGS((~&`>%75GkDVO!Y^YRO|0^P{~*Y|tBCBfn1*9_j!09TuZ7z5nv z33!s--6sVmKOxdkv|@NlFsFEc<(_V;sXEZWuS&ODQ()cmj*-Ho58x`>w{9Z+ICA0 zHV)(|X*^8jD|lC5#J40m)T?{iQH17kY}&<&9NGId`Bwyuftil4TJ~I&vQ5M2Ca^qY z=dx=Xxkm^-)T6Q|z*Jdi=r45Cm(QaAZ@ydL+jjTgUfgcZn%~m5?_wps>Np%cslxHx z8|tzGqf6B+Y_66NP;NmBu66xv1A6I?TZP(tr-}{_m$}i&l;bTzn^rWZ@F1LmG)Gl?)mLdHdlpkZDh*?%!5YhfW|Xb}_huAA2@6<^>s#8;4M6`v z8o=_xcX9p>hhy1aaf%(SICL#oSV6gg6AXbmx}84}zMHVFvN3*ynI7w42k%aUXz`Ov zT|BEJ{LJn@;AI55RhF!BLmsdFU|_Tb*5%diSy?EW;%_O_%CEY%I4O{`{z#e4B7?{b zEPq_J(C_Tx<406R`>T~IB-}kH4Q>7A5m>feWtU02=6nQc}abOTU3cMDo?sXQRw%k*z|Nc*uSGYd!KO}n3nNhKLz45=R zZ|(I%@0fx3o@>M;FbH99UHKj6@4ZWVO}}Km*F`0oP5w#c(hF=?HlC1XIZSxoR!x(j z;Ca{#ihB)GHdrr!E+~$EniObkesm9~?K|`oy#$8-N9(JFY_D^hd6G91D#>cXG$1U? zH#vmuU=E^GnZm;*jxz=3zP0Po)FHg01gY^xi;_EjyXBU74q9) zJhdq3LP~XWsripoVGjP}3n$v%f_;EHTcFs>1Jy@*F}5kwd+?hz-&6kO?vJ|X`u~^? z%AIFl0xfk}^+Xo%JD!tuIMNGWw|Yo}=Gq6sl{aOkjo(77BjM0K#k5v>ZOKaa69G{Y zj}_e0yrJ{25-P5n#9Jm|Pf^#6X`GUQU+lWG1U7X`9tF-b_nSQ<19yVh_VwaGHJl5T z3e!0QdZN_b|LShCl56_{k{>m2Us`GCFRyWfz2sHhod;G#vBH}MJ+cCa)R7UGk-_$8 zf8K_VOFu7e-+zs`r+r2qPkYn8rXg`Fy!u!RvRuk(_I%j|K`nc?`}mu=h};}Ss_h2c z%`t9Oy<&U4k&PG5H7te$GJmP8K(36Mmq^uOt05i|7cN~J z!8WcD`V|B#ZJJ3?X*}6{#dA(_{_wZC3x}QC;`?1=9@TxCLbBdAZ=Thb%er3B6^ zhh2`{-4;Tj>EhiYXwZGUPPI7)d_hu;*_CR;+&*ib{WO>=+A<0=a=^-$gY=vPws#_q zSv)rMCSOq&V6ys2+5d02zp(rtI=Dy>D<7e?CpJ=G2^(!KNUM z)?BcI~Ad;5F^<5YxM1?dsE8V_y{P{frZU!U@|6a`)7 z+)f_3dfQc^{W}nDuUODrzk0AWxEk!0`jK|n8rD4`zTDa7#oto_Q7~*NB6}aAQc|@% z?7bj@nXfHr@+WI@kG~v_KyyeUTjqe8*EFU)NV}H@R_2@EQ}wJMteO3fYft|_w7q#e z)!o-VUZRvp%1miM$dHs!oaVvMAekaX(V)SY209hp6;jGnqLea~NHRr~(jX;8LWYV` z2o;6jway{O{k@;(`3$e$f4w@#dB6AGYp=cbTGzTRr>zfMBK-2WXVUM2|cQujaYk#>}421UX>)JEGrNl}-*S^xU-bz)UuvHcW6Hfw|Bx&mL zrLF*zl(q2Xd_&=sZ4cT+TO7K|l1eXfKo=C>)3@or4RdR&t}uz5%ynqA+PSZ{ahL~J zBD=r*N79>~ZXe0*OW-WrMGnj_1T#POmd6T?1Fx_Q>S< z>J?3%xp!q_jriP`ysF#3gcM$H)XLL7|0}=HX=UK9rYB)iC?=^xV{$N z|BgfqTg)>%rZs*n{!qIhVD`apE#j}spS!1T-Msc=g zv+*w5i=S3hfurpRJ8`@C>63}`k+|Ii$QMO##{qd05iVY3F$sy=-clrcx8>YKZMIm* zgVkT?I~S<0X)+T10BFLy#*ToRj5@w0Jvzv@=n^YD_(TJUao<#{g`V(ni=(iLk(=3> z^Wxa8cTxymHFJwRJzE|LH>046i__5vy2)CmxQ_r0P=HO$?jpP2TfekiFJ#vsKzj#9 zq$|-k{i0dktYLX_J<*};p=t&Ob>kohj0XvCu zQfOP)IjSV1aR`GB^}PAp`a<@5(=pR&bkgiWOAGJvUj)aOd~)M->Lu4$gc1wzdpGB! z#3CSEzUq&iqb7({xfBgBQW2^0*i$o9Xf(b1;1J4 z#_eAchyvaOl)_fo(G#PFo`FEa^v^ORO>bIleOXXZH!T`irpLA26SM_VWYx)3Dt zDhX2`z*Y@0IK+T5;fweEKX#zMuwk{_i4_x4jTnp-kR0pY+y29bjg7ttiu??a3-RsFRSZts+QuM6(&&4nc zeOGSZiFnqr^FLszk!kE_UH&hg1&D;p9QyH`tMn|z`Yz6ADdJhNkv|Bq5z2nnh5!6n zrE6)uSg5Ed6xcP`gXmi@H36*Gt|=1aSDucc^{V`|iY4>n45VC6J!^y2)mJWZh#?rQ zh1p};cXHU#a^7nET>H_z5j=!r2U!9o>0-qiSt3Tpuk>+0=g9PdZCQINpKLyvW%DUX zI-BDD<1NM=4YEoXRwGi58a*!R!yL}Xf#}(eZJ!Kh*5i_6b?jMmvHua0hx--~1Pz^J z6U-z$?u>Bjo_^=Sov(~_+rF}v>`|Q7?Wx)G=wuc@{C_r?AV4-WlCNtbuMvsnbGg@? zQymBv$50m@mUj#sP0sPj$i+Hw-7~`?+{tue*v`>7Zd>IUYOZkFAdfd^T%i*oxT!} z+TX68eod2Aj=6Nr=w9;&j?9o52D6lkwITGz)pc}1?=JK6T-4?0GJg_H#!>dz#wcwo zOaXi{S!9zu*_1uTRv1*7J019D$X<~8ZLebrxPY;N5`>r_?Bp=E-f@zp;w#c)F*cj$ z$^_(}%teE9#{~t(m|8Y)bGy9)Hu3 ze;q8xy$FqFQVXB$#j}fya6-Rfr@-)B+So;tVHa{HkJr*^0vsmuR7-fuos(^;o$)L} zVy)qU>j>JZ|omj^I}g9lImmgtgL9|Tn6U>$>W zRx?`UWptWRab_`U`IJl1EZX>_5X5CbPz5!piu*QA2Z}Y#C(t=V)X~H z&BGxI6DS$C#SkBduqLqc`M15^-9f#rR<3MBj_c}sS`rEv-J+nUm&ne^C5*u~(G<%r5C@_|P*B@v;|JrK#tp-F+lbj)lE-S;fi=Gyd~9IZ_3?Fa1(D#lnF=rfz1Vnb?*^uNye> z^u5AUH}ZOKbrdegc)3MItn`wsC?cgVhl^~?;k^-Oos|i5=v}sycDy+ZHu-XDvoHES z#YG>yWRHY?_$G-}c`r;MJ*#av=K}RPuam5ynzxqy+J56D>edb~SYcs1A(me1Wjud& zHQR5y12_IuVdMNIi#h_5~uJRj}%didMrT;*PRn-4QOH`Oo9q5GV%JO@0|pVM#l2 ztDZt4V+|NHn>|1O(!$M@1+ulS7LxH`QsJ=BT@3|SV4BE6oJ z6aKTngQH_}g&*8w$!&>#`8Sq|AMfe-j>i4N!irwGg-g}@S+hv1E)&Fk*{Jh(C0Tri zBk=wq2iR9NCYRR6>6Ak9)ea>Um@q{Ehf|zBRBS>{@od~y$9@Y41I=yU*M^e0v)w+H zh4r0CMP}>}*&E4rP{Mh5qqs#+s%|5@J=B&knBsX2TgK1xiVJ@`93C#fo1IEoSYR-5 zF=60(T`hWkvL_{TOeoST##@3Vp{ zR?!u*S7g5twAI&y4%&G6Yn$P^#9M|Jf-!nClCjf~@ypZl|`P zFP)Yw(iWB>GNrg<1y0}ldI}vSE=Ta>G2eb*O2n?iix=#Ew)U9=zFk;Iyj^eEncTOr z_PS+=Yp0)G6+($SHVZ+#NXbsjIv5W-`)A!k4zr$g&;rMLIML|^ZcKGxPdJ?%=EGNm zBNiK8u&s71CoexWbZ@o|9l@l1P6qA>ambf zc;8192oye!;|v6{X$4BH)VWTgsA}Fgy9^-Kw2rO$*)Q%cehW(0mKrpi5k=<}B%1lV zH(dvi+Aib)qYn$fm`~w@MA9Y0=$LFr^BFj3O_Q)qR;*#|)2VTv+rvjAZzx2Lc393i{+Jey5*syym_wbvDfUkpckGy}+AES$LVpaCbAD^} zZJplt8!mOod7|1unA)B>S@qtkQ-gMup&1m-mwPuq<=4D)fA81OukQCo6Hnn|5&gA* zVRx23&H5dd`QHR5!fO``0J@6NEJStefPr#xf3zb61Qo3J*`DNyq*>bCm7 zRLxK2woFHVZ3}SB5OxT5JE!Nhp`AtUXduf*q4@ucC=~8kBpTu?OU1Dj&xSTLt^Juc2K zs%8p@#b)1+tL(g$O8Sl3U(z3|NLJnaQMvaDYB@6!(9xdN+E!dVru+9ZP4VX54D0!8 zBfIGqmBP+vrvyJ3es&@Px9HW6W>ers8iSyl{_KX#V!742IF4}11!pgW1%D40tiOnX zTg9i(pcnx^2IF|BZzIG!H6tQx2Q#4j>!}|1N{`L&(Kc73ud?)kl(PXKHOVjL4jUKp z6_xZWFIvG?dSEqtI12Ri|P---8G^O)qp@Y z{58q{Vca`bCqWe*t{S5ay)u%wlz-YWdf&dMRb5tlo>p}`0%`h658?D?fg9n$ z1&5Is;7fUgS^HlV_K~<^;6R{!f)k=}!%j-;i%J^A8eA$pK3?WSUHc{^v#)q(G+8&Q zbsRadd%+u9a4-VNehC1*?MZpB7VCaHsbTx!iAzm!gmt_eVmxz#Cf#Obrd$ zzlI(~noeVYN@jEJ#ZkIF*SnWFBpucC(Hc|FK7h-Ze7QnLsFkJ`{{2{8qEJOhu;D7OB7G~or5vKIsirJGhh?&6mQhLf!fIfl?&bbAT4CS4TqMlq= zvAF%E;NR`*uKe8ZNc0hl$M1Imue4iw`zy=ijJi)HamAj$zL+-VrT~K-jb04l3y+rX z?=0SYB+a=vYFztOE(@C%(u)r;zETvGc75a4*5azKD?+bj-~am16s0-Z4@*$ew;GY^ zp4l3{`86IQAMUa$o$&R$h+(rvFKSf2o>=o=i)T-q(|BQ&W6kCD*atV)vSYB0`!*hV z$YD9})@fq#B{jeV8vHU3GAghS((i}=X^X}lSxFor&s(i&A56kNU>~i0CX(}#%XQeY zSNp!-QFu@xtJkU8b1F!6-T9f@N(0gOVD(vx{?-T5M6nOFV%@ym3+WIA^qm)G5OVA*aWctvrCI>bIF z_$AL+f?GahF=HtI!$kgP$ni~&5{S~XkC=kBvXQR1%q1wr@QjuzQpb5_v1Y|%gfYFl zqKLuN?v1-b;p?)J_J3`SSibj5nmysSi_0s!zqdU?GlC%Wu$J)MBrq%LiLrv0n&X3r_vhRBSnITcA&T5o&xR708 zp5oY^N+6`oKuZwrIVWH9-nD|36TGvVUK$%`{;)nW{yagD{Jh5ZEXi4aMEb*cZigB_ zEV;G}>x6TAcQEl@HDa$mb_x&=bUv{$vR)Wzgb*nFO<_NB{6Nla@_e$JiB7XKy7>^Qrgu*zn5vP|aIQ?&onNKvOJS^IT=xC# zr%))@EOv$*h)ZzBTiLF*i^pFOVy>&yT7}w5dO9N7 zf}icRegn>wv%5EkptnVtUAwUKoMu+pjBB4%WuXp*QZ{=A@87g%(sh{?ko-y7zUyQE zdB;G3q~(4Q9Ioj|(Vh{_%wgkZUAw^UIi5smf3EYX{WldEH4!oj+t8g055?o?4JWS_ zoZYywfp6Wt^yz+SmBttEAUooG9q=SUL4l6mZUM^^5h=>s?=4?{!2d zENr@V`F8A~A-y#8A0|um=2BjMdg+L;< zL8#xp8Ic7rf5U6%({P1i^OKu@?oWY%fR=g6DaC>UvM;W$FV7KGRr#^#I*J<<=0gwL zaDQY&{f;5i9QUo{mN$(zJL!hDJ8G^|u9TYlh#H?ozJg8%WCLk;vxtyo2D<@whDd%) zm@I;kO(l=FQ81!`U}UrK^ePoJ0%ok(xV66#5IT?$ihTY06K?e9DQguMD&8NAK!}2| zv|MouRW8H~=r)o#x^>T)?jX}SPbf5ZW#=?qP40V0$m4nWXPz9U=S{)$R=!s+^T+da zRyj~Rc;A+H!t;VeOTXcHr|~>L#o&Ve#do-j=P5njvJ%e=LGT=D_vWtpK4y2&`jrO6 zyE%iMC7Ut!o&uNd#b=CCgwZhx(q!F+P79U(A_Mj^`mKv$VHE zxbzk)bEW)WlmyRWvzMj-tz(dSOp53+2!r{*G+z&D2|KSiP{r(Ww9Vb%MT5Q>Js6o|h-6 z(YJ?9vt9HC%`e9yYeawL+`Pc2nhrejI%;%u{!QCkmJ0{Y}VT$Z3eOy?vXb%;Y6 zgS}q=Ks511w0_j-c&iK+SAvH9_eN@G|E^j&f~Ijj6C4Yh4AT=-)wHmK)(iz}g21}^ zAfp3}kL;Umq18B%*;i3>7sMU)vdb*c)HFUemUOYk1PNnqkD1l~YIVW8w;@ys#P6|GC+nS#a)=oeKSKMh;P4Y_Ce3kgzWM zPU(6lU{}%7NZck+aC=#m@7W+m=QN^L>Zdmkeo-e!=DzfkjwX)bH{c+V*4KfW)a$C%)}S;>>df++Ofs#fw$R1<$d;zgildZC>9_LS#dkc)$p zL(0{miAAkrz*Cc~%O&gl@rit`-AO%WJD1RKv$fDKCu24*NXY(!UzvgfO}yKP6G4^7PzsK~!TC6Jp2@4i=csSq3bLNoP)vaKJVsd|1W3@3`A zlwC&(W=^&A+B#o2fs%WNhL5C3Wms~1tN?)&dYRf@g6-(#Utd;p4}~s~0Pp*a95bf@ z`objCD!_mwF%hxZfL3>I3l&gJ{7ge<@3A5~ZihWyZjZsG@>6g8m8zx%Wlkd=Z@tY} zn`&z1YLXCF3SGxOLYNP};wX+B1Khxc zhD?eph9JYEp>{^J-^IzSxWM=w(OmnNmE0taG!Ts3q(&uquG1~{Sw%}Tul?v8amCJo zYd+sObkp2-wR|u-qlH>2UC%wz;`NUvx1 zN!9T~>|`RdH?H6|ez?l!H0k7QTxzH|jPhbDc${f3>_t5M{ne{SVc105wtsm-n3LXV z$DQ%8TyJ;NNJT)qB3D^+P#ZEzxUv{_s;h-26#OisG)(dMkoY|+`SNPVa!%lCNWdsR z^?Nx@72xK10c?L0b6t}+x14ej- zmv+6GqPC659BNB!3~iB|`Cul-&tgn9MvuMoZ>b5?%AjkYMb(8vm#SpHA{nTmMMe204z%FldyzQl6`cx-=6l}ULdWvgh0y?DV{~N@3q#vJeLII^(K*xYDBsYHs^@Vj+>R^@8V`L zRP@1m&# zy6|a*n}0MPo1E(U?G95Sr+VbTPc=g>1=;=i8yS590My;yH(8$meu{rxUWN$d|7~AE z#M5k7uK1>~eJvWO8&2t~#JKDt(k=^hOyDJ3Va&*vJc-4IM^K;qHR>QN^wp7ly(I3oQYRdDkwJwn}LWE{%sWgcZ zIS!NlX_uQw|7+pV_1AC+Q3mm(dzf#yZ17a`iBroe^a~zg;R4Qps^3J*Ao>Ez(EQ5h zHk+!#-ah$-(}80Jj+^wg`?o$b0mseOjZgk?++ZR5OCJvD2tf_6M|Sjw*yJL|aId+x zHuT!#;?6#g^zP2j!#0$GMti z_ONz1$A>hCZ(N>w(6)HOI&AYnbMIG$_<@98Oy?wQ@`dn#*ff6DeczIfjX!eJoX18$ z1da_h!^St%o)oIygm7*Kc!|Y1O&=>_QqJJij?~8)5FG26kO!F#0bs_!Ps1R78if5h z_mE;e`dnukQvrKQMS#yn3zXj13vU z#*~{Zj}wmqC-@?R`S{xdIU-oL%jaoWnfhL<>9_{ z$9w#bLo%4uKYX$%pM{4Y_3OKaDB`EaEyP1)BnR&Y%}@w0(+?OuQBL3($}_x%L9O4m zfCh&W#Xq)ezyIg==^vQPs%OyiW=$|KfSu*_K8v6?4?f$^TU{rCcN}>&7CX8DB+d-< z>v*`gAS=~dA?-UZZxW>@&%&FiCo2+hk-Ei@0XuRKlgabjQ@1yeVjKd~FPc_0ozf(Dw^O6Gb@ZbBtsQ0kUsBAW9)4~POsjoO-KZ9nIhS4Dr!bWkgL+Fzo zGrC+BbhFp?SUeTu(FmBfL4uG|+_%7kw011_H(*acup!KSHq<9_05l6CAXIK8bp|XM zuIffG;NsyOd&wdlE@I_@baf7gpF$GYG>TgzV9}Y!b`-|WLKq8{sA>U946Lxz@4w74 zA}KS#Vhm#rrRK574WWtyy}}wiB|$mC8zuziuujV>k9V{Tp>1-YPPPI}#_8tnag;o< zLORmwMd5rKlqBE3TVu_EHU?D_VQFno45Bv zz?;YIL#X5>vvzPK$H=qTjs;0`pCc)Qn=d<^yFeXEo=X8-h2z317C^ z*)<^{2JuAnn!-$uc;cb?JJ5oR344;p_^{{z<1);_RL_-QM+ANcz>OPWi^NK6suu0vqg&_4d7>z z61@wkK7Y_vB?uKUEKH1!Q!(2O3k9v730&g>G6v9%uOPUB_iZ0JhK%LlXUt?}zoX=w z`YiGQiYeGQ7dBXug=mA!-Sui|koIZV`-*LqFL@x+#AkAA5yof$bY1AVtm$JymLWCw zX25TxU=$^t65)d&fB<)PU2YRcO$v{y7z20K>wxMHVyeIlS~~?(1+L2-ao9R^;*ibk zLcXF#R&6ksC9K+tgIW}&4!TtCv9*WO8;|n^n#rLY)`lr?#|Evecw>>+Xy1<_;W=GjEyR(+piE(S68;1>0n70JjEA9GzV+jswWuy3xh zwh~Zi-LHT)DxO7Dz%iTS*FbS5LGj9cyp)U%ymH2=5J6_$9hZLPBzzL7i=D};*DwpP zGc~mK+7F0S2XoEAuE}5l)Fb_{F$w2ZOWI6m*szd|WZsNDCqmR^jX1v=mu;BWhspf2 z99PXTO`CRJL0IO7_1-G)K5wAiCVG=av8MK4vnbG)vPRtZ2;^uToVeQw-8(8I6H;Yx=jx;MzLbw+{=zdTK}jfIo-dg$E5{KH`}@?Ap1~;T-+}PepeP z0*j!BeDvQ`Ke43xNecGJt4Ck#46#STRx3Lb{HGOj_Mzm7Z@DV2&t85kM$2B8#oUKz zwl%>obhM0GCY)JbxkrCaj`bd5!I-w*@&kBxA!ZsQ@!?byPD_82X;-FVyH9;&BScO+ z0nnj0FD%RsA+q3CIUmDuP8E&7@~=7l9H5nY9F_&|`wfe=BVlwuS_@w1un3ZEe&a|c zZf6zPuvegPQGyIo&c34P%Z!m2(TnUJ-ka3nSi|}y-?(7{X z{t-4259#$yj7VSbrZ0NDH3KSx#7fr6Kp@62U?Ya+*{d8_d;#O6Lb-zUdPfHoLLseNtPEI0ixvLj|UGqPJlrAP~0-5ChASL=$xJ zjLZ?kn4i8o8DA{2z;T&!IVG`ITEv(VbiK0@Nia!PKn2*>N5gQ%)cYJs9~e$FEbJN1 z4_0(K30gXnT0ESGVe8SkD`fgBdh-#X zu$WMNCj7%k)xm>|hyUa$NMR*#|7Z4RjL8)s+E*-&+L06vBsx`cB=KnQ`Sd<5<`S&8 z{3L7!g=V4JIP4ofR%ZiH`*yvs!m?&*z5k6##SR%pCX{O~LyB511lsqba>5hwFo zHgOr^0NsY989=VtG9~{f$Q3g%FH$tjH`|(s@-HcQ4`RksSQ9HH*N+M(3zVi?+G4&P zWq37*tBk|4s$fBM0R+NtBhPgELIWhb5{v50H27ci@2_UQRS9p6sJc@KvkX^C70$6xg1CNX02SR2a<1DjD&mR!NU0xrIWxcj=ics8Vl(Urtu=K3XUDPV`bQ z)to~x&SYHE40QnK9oUWm#TA^%+h13G8jip4Fy1aaZG8W9U|s+$t9q7U=DL;cL&@9( zAt}`B`R&rx{@PT#g(2i65p8#Z0BW*|DJ)_i4j z_1r?QKF4Jromv1hS$Q6pM^fygq4}9SyS}wxElOk*{B@HxWKq(& zm`8N&iY?~}aMRM6^!jJdv&t++nMuiyAypnv4+jVeSs&z`D6?!XV@b*sv6rz4?Iv*- zl^ymEy0|K?WTNZvn`X^(^-YDj9X)=kTBLk)FbQ(x*FDH%cVX;YM$U?HVS^@24zQCO z-jj0T$*iSvp?jOoIiov&-&c#|*g)s+Wxra>A5`rB;Q3nX=et9BNb|iYNs%&$RAHX< zsC?YcBe!>@vyl?_wg8Kjn-1Y-ib(NQ=$m@0kQ@;lS#qr2;=VJBEjksnXdX)ZsPv}o z=`>=WWxZcW<1LN&xN2#wjM|Ny(syR56OxWvx^pu>aia)&E77jtl)p;i<^%ENX?Flz z@&Px=^{A~{e=(ME*?#ntpSz4%a60yi>eAt*GO{KD;q1H8E5y!Q7~;5NOrLUbLf?zf zyxaJK&9?zB%wh{?i-&UVj|rs_XL-QeDmL8revi&~`JR)K>s7ck-|n2hyZ*wFeCfiM zF~)gIW^Kz1C`DN?eFIo9q;nzc{H8=pKrY}Q<6Mue*M^8&BIm}27+l!W8F1+U|Eg0P zpOe^~-6Wgvg6PvjPn|?e7qvlR#GhSviuk<-ychcSl__jL@BPFR`vPr*8ND zb*K`U&ZnaCtZxq|WoSRR%l%16Oj5+Z$D{6i$V|sKo2m;8e@#&{H!WGK=`mRHQl0)K zl5TaldB8RL`TODy11xB$$g4ySt9792&gUyoKuN(aUM-o$#}NY~P+_hd{L49z$+*Kc z>B2*?0N?cmKcllAjPu&3p%&Wo&~K_dbCy>V1i7D2NU%zl+Xe!JM9+%!4Jymq%C>)f zdsLvTv5L4B-S_*C;eDx~=DaiU_P&vZ`D(jHcIQJTE^>FKrr`*KSLV}R8(HKGRcQED zPs&gdsy5-9_YLQlnUD06&%znhJn?7gXQTCPvm)@bl*(|unnChx{htb!nqhu@Wdg1< zMjGTZ%=b;Nic&K50iDO;4glqt663iHh0W5OHr|FB$T5#hc*O*PTHU5Z+@5^SxdlT_NvO#uPu)Gj z%)ayUmo41dsNTC>tP|sWCk<1$%CwYXXFM8tx0o}UrB_oA8FCPnU8lqT6)M zqc{#?c5dFuNUMb|5O+Dq*os4Ri(w3ZKSLfFv5-ij-tybC(ihnXaoJX>h*#x`R;hK| ztZ?f>2XlMvvHM8lD50D zy`0UV)8=#esTJqwa5H-$rN6!k@=my|YDgKMKWlw+{yPwVdE5qT$ML%$Je7G8p_eT^ zL~|JzcPD9XR6)LZ;P%=kXXCYfmEc2TnW1vv#T@VB<8v&rF2`5={Ev_3TcY-?vdMgR zDd$qd^O?-um>DoS_9$6tFYz zjMy#s+H||5b(dV z9@F+TIj>YlBysMikVj0KqoPCD*TXcf2wpYI*>65A@dHQLFB1@gjlF^AxiptJwUe!1 z$^Z9g*~Y8#_NfLn=5U@xT!Ah8fz#B)t7f8SZNk|h>SO-8d*f#)U@V&^O_$=b6#1*w z^M2F`pXv)2)FAZmJjZTdp4~|O5e8v%xU~iGMuQ4iTsDvZb&a;ymKVATJxX)&1fKzK zL^qM7%g?8AnWO%3dZ9S~fN+LeLIrQs%=Jl^xr;j=ix+P`X3d=MAvu>qaRxI*cztoZ zdUZ{j-vG3w(~+8t{OMzM9zNM4$byxce999)eG?C}4RJ$5$$}I8MueFfh4t~Ak};I& zhRJwYm@Y{gBmLjFBx~b!e$AXVABH$?y&I=&VRzpn6t#ZZHft_iDfjV<`uKx~OLDXW zS5D)Xm4suOd0B(4h1h$cb5Ta;$BfW12t-hhh!zNt;s_qdN)@qxu8WzqLXQU(o52;b zn4W+Gh`YHK7I}Z*E0vj%?X!rC?KFm>V7j>KjUv(?Ti^Q)I6|^<57NLxra&w{I%#3b z->x0$qKSG8#!J8Pf?qQ zt*ineI>?V^he=T4M0>PgNaKQnY20$KI`xJ0D$q{*3~`k=a?o;wqO+#`fQ`8r3ojM7 z#elmLNkZeEr&b&|R2uI#MLfgkzk7x$p0QSG>sszkD&F+OTMgW4yxZX3-@c^;P!1|$ zGbjt~f|^R%(Nng(1~N8>?2eJYLkGbtP%)<%Mry*gc5E-?Oh_;aamCg$eO=1Cn#R$d zf34T%`aGqaP@-PMl84!2fM?8sjCJ$_tmTyX(6}49(D9~q&d`{4<3TJN6vm2>-=9M( zvcZ{nss1c&60Q23dqbB*5^Py9ss!oX{!d}oI9oGq6^98q_~I$H%PvRJQ%vxb)kc0P zCU{E18BJ1~Z(E$BT|D02bV89I7DZC|0cVyblJW&#VpE?BO(9*iq{%4*?`qt8$b>5j zL%CO>8eov3-bvlQTaaCeYcJWOPbR#|A&){;LrhuNJFB3aHQ4mg1431BX5ni58}@-* z`q^}0=h*{?GG!fxvd>sq=&EHTIBOB13)Vba5K-%|qjE1|tlsnYphe~fL8%$xnsVD3 zij5nib;-)@Vddu=&MkST$u)DyCRR;owSrA}%qr7zXd*+#`oo8*oRbE50f!{Rl9_9` zph}s!`J0agohKYG6DW+Oi;rv_eo1}>0MY*6e%78Cg)lYm@DSae->rEFNwuqYb!k&| zxVq-Js(`4K%Svz$Mc}wiW=~hssAu39O#k!<;(KGq?S9AHnKO8pi>vjgVHC%J zQCfOE*#87jOqNK^sFim9S$*Wl7^7Jer1m!6h#9rA2MV7uYN7j&@+XeRsJd3Tk#;te zmbHs3-$;6-X*0F^D%EC8?!7!ch5jS^hGdHZ^zf{gE`_a!GQdM%g#}$KGsHsbB71Kit=!b-Xp4x(yaT%YyRB z@$a>gsE}a(R$`#^fOoVj-WO8j79d}hJH#e7?AJORM|f}FHH>bf?GWsE(iO7 zI=yG)<6zZMghJX4_Ay~XfnQ7jq)Z2*6%o8dx|S;&ymnQlv@jNU!zW9hRX|D!vaeQWo$9A76@6ZVayF^I73{#ixay+q2GOYFlt zpU!xFn26=8!4RoXxv1l#SNF%L8KGBuy6zlVdxBvMFLc&ItIKE^ZYwcP^_1*N8k1OP zXS!<0BV>m{=Z@y*=(8TowV%|Grr&-%+93qj6@I0Vubi&%03!(JsCiIHq=m`~R~z+j z`H}A+6r*;*Wn}w(oAuHWNMarq&3wmG4T|3VKaXesJno;arlB#`U+Y6iGo&11d4&q0 z7`PA2&-?@v8SVMIV7cciZn@gCO2jSggFKH98ewdcZ)JlBSopPX&$uDMEkA!|P;+24 zvCmeEmJ>7PoITq|>Ys-W!orYgp1L3o7QOpK>^4zR<`Uc3#JA#xAD^BT1ueOBWsAT2 z*jk-h-|4y8p!gQO@I)-}Hz<3Bzh?JzUwj5grTuLX%HxBdF|SXGrPkf_(!uC=|`?Y??8LUTcGIYR)?c}r!^ z9Jop-Lc!9D2VC>(WCG6P#-0^c&sl}x4wFIPc381t5{ild2tBAU;f!06fi=S=xRqpK zyFg$IAJ%2qc65D#SaV$Mm?4LVg8O)6HF>4yDpM_PUgZ_`>$;~o?kft@)$6+7uRErx z++CjCWjR{IH{z$eKe{c`ch9fYxBhl&qM8RBo9|FbO=-)v6FcmEFXYeqep1skpRxXT z1-R+;T%gPwsf95hdA6x_W1OUX_>unVvYLS4k(YUUu>hEl&?8F|Bs99>h|T9UJe)0ycj*OQNemG_r~NA(`!xk zgVYuIn&UjbI!Evwk#;kC{_JFr?yYPRTsW?|@VwI_g)u|rf>o>}JbQk4c|~bX$-h<8 zWO{9__;+|V{~>|X>cy&xW(lQB4L9)Y`n+!Z{^X7EcfCce%`#JV0mL3v;XnA9<@U78 zyOrve*n9(FqH^W$S>KKhe*Cj4YGo+10PSf7jPBsfK4M?43B5G>SRyfZrSqX z909j;4^N6PEce^tvkyd@dDJ!a+;)SF`kjhz)InO`1Ty6l-ZaOx*7o3cttJv`2Yf!) z8PI9TIo}O;>@jYcSs=!(tfbaKS{U~wWf$wVJU!Kty$<-`sBB5ekj6_r%4x3r5EO)8 zl{dT!WKXF~C;`}HR$Rtia+#Imn0iAb-Orv)9x!l3U-JSf`m#mzp+0`VX9pNvn3eX| zj8VL&m5WZ~)WM^!$dui6@fkuX3Cai`6^LuBBGD@!=z`wZ9az0Pf_(l$hh3A^I(#%U zCp2R3PVo6Tv+G{!BtnA2es+N8c;}O84-P|TX;LOQdBq$zL9uncgTqzcW&U6xznfbc zLH=#lmExQ_bNg`NJM9TOgg+XEYr95mf1qic-{PCO{@V+ERsLuDK1^SHA_lu3%E{h< zJNjAMUd*wR@4CM2phF1Sptu4bGs=KdEZOr=5v53SVaN+`;u84fhK0PehH!&N?tgeWVVX6FFN9hDAZdl-FL@%R*1AF-fT1}F!^@x z)yQhem&_0_@IS0eRhh(|?q4TviB=hiKWHXZs0P-|Z0)|S!i)waX=cKP&a?k&E_Mq} z-}tmaD$8X?V?Klw4sY+@T6E`%<7s?mY2|t7+3Lto{g(hSL0>&r&kd#1d?o_WBvMJ| zD3GLw(R}SwzC9y>cj=-yov*iTHPk$yqUD{M-SwsV@E9Xr(s6;E;=@@eX1oIle2nq}&>&pCD@9qxQjxz0~Y)i?%PK?qQCv5R%2Z&clD zzL;6C4okDJibQyt(_d#@+dbw(bVQ547CKB9XVsjYov}ZU?9EvqZ6;HWW)(IS77s7Z zO3=WIPk1DWY|wPJ*VKcyYqU_p0=Y%xLkb+y)u14@{@G}+SB^02mgu4LEy^J+j-fZQa9(=5XVywrhuHcnTyuvo-I3I+ zFOJoJHtH|Q2c8ge7Zzw~CH10e5DX6|I^^TiPW&iq3n>^Xr_^TQCO2Yp4;dWwQh&$q#~S$Nn>Om44f)*V-*fsL5M9tFlA~yiSyP!i1}f7X@utW zO?wP%CNg8Wz(}!k{;ckwwesovX0;W~&+GUYp@*xXt_}FTtFL8zRjfRB8_k^F3dYgf zZtzWO7OR>qo_C~0`4o0-d1I;Ay|<`w9J9UEhBDaVT!@9|Vmh_HPH6G-YvDhGKAp1~ z52z#&?p`UrCc(lav&1P=bAg-FNwE)a0ZPxy$;lBJ)l?T^bZy4>kfhG4FRs$dp>T#C zuh`8~Q;-fXS=5vZH{;+9-z~gx=0hJO86?-JRUqH==gJG-ki&A4tEN;;UctnfCLFni zRFOFjJr@Ne0%b$;hHEe)!QDJkAC-ay5n@5U7nZW>ef8IoeDKP$QZ~lj$$)RG8UA+3 z0wm^^OmI1rBL-*+szRJUX#(`)8re82uFV90aogWE5dQLJ0-oouEx9p+JC@hLdgoo9 z3Ec*5S|BB#_q&DqTAAH^yawN^-U?42n>hDT;#D7lDjepHpFUi8zA5i)g?D$T-t*_o z#<9E%DIv<`$QWXSyof(;&6$)U;B+IOGgt_y$%+MUn)XM}v~QLo!4 zA|T|vJUX=IE!_Y_v+5V#?`h{~(q&DMwrKPIfWic+rI89aa|~lnd*X5uxfToRG$-ZN zDok&XNM#~jP33X^L_}KoFhmigs3b~poY-V ztV*=$m^qwV1A;yC0@K#Kx*euibSbg!uU-3!?M51PaxMam&=La_oPHR)iz~3B>AvPFc&rW<#c|VUqJ>ZWykKa)}$!sgX?SRK@B{Waob1sKgH+wUQt;49Ej07A6z#X=$V#s4+!>4HZ7`p6A43pyLEh^xnykb*Hy zZ_045+i1LO2vvwrAq6=3@kL{0Vqw_FC8o>iO8O3}DsARDu0RNxj)bb*7At=Ketlrp z&|D_I`z1re0BQjDdlS_xN|2jlY#Wzuxl)3mC8%WIB?OBT_QCsmDvZdjNYcKxGve6v zu;EjfNByBCQp^NigHUx@rHG%he}gC>f8#v3YS=U--a2_?+}0WT5o#hFP$*W>a12Hk zI+1+g{~rEgk6xfXy2xfWGw%8w?R%OAAKH%Y2=Uz!*7o;JJ`*+~IGvgs{);^T^9o~` zS3cGtY!rvL#+E~q_nlEM&Ra-s-izrgH{Lo4(}znlb15#(!!diZGF#Xvlqojh)3kUm zfh^nLy4)U4SZ_)08xGVT?c@et_zdloqA^?>VSYifF+_^1p^pRC zy!}P_0+cv~lzq2j13|#&Gq{j7eB-f~&Ce9uaC+tdZ`7bfHfsFE4YeMstodYpf1~u| ztfne%b#tok{Q9b7vg!H7h3l(xy)WO2nZ|i6!5bes&~&J7#X?(|#2W{4E{OvqhJq4Y zSn}6JR!In+3L?V@uE$O3%=LY;YtfioYyFcX9b0@J8ujKIAYUbpYk{gab%VZz z23GaEL!$(cNq1wFS|dn`rbc_3S{jK0l(y)Swp1=It2$q)w_0cMO`xtgHgX3ozHW+! z5Z5Gnb*}&D)vJI|4dds2G=^UNdusNawY#gmEwdctnFS<3Sq*hz{%5=Mr{^L9T3k-a zK+$ew|Kz2-ez#N~J9g~jPa5s&b)19j<&6n;1bZdhguu94TMe2r0O0>$tD#&LzPwkePda29=Jnp zuS8{_4(F=Uyg=%=o~DK~`cs_nKm%1oh|e&#b~`Rr-u zAck6vYcZc@g^TfD>*^(%CaHyf+&7(*sSThPQ@p{ac6V1U6Zo_>7h(bJ+{Y5W3f+WCxd3$@_gV)UubPq8#AGJS1`6tI zN(ypeiBJM{T)73?J?eG+^ec}!PhV`}OFY;w1V~|?hga(@l}TVIWj}=^7$Yzgh1GK@ z^AKraG}Hh3ZpZXsf>`!K;R!EBeVqKy~apt9R#mr*9ZgMTJdMR zv?(Cos4G|_sifHj*EpkEVY$b$zaHE_k#i|+V7Q843DLzj!;~eF+Yw!`;wPByVjL#p z+)bYvAhq9nI$(y2R^tqgUSpK~S*YIB#>vJ;CLZ$LYxgu< zu6Eq9w|rBcAG6@Xg$s#jYpo&vsIbx3fE41G4J`_T3rl9)xfe1141D*~TB<0c zzq8s~)PHY<<&LZwq-%%c1+_a3iOkjO2YMd{l5%%OZJ7CARnreJw6VAiFXt_PAp%F8 zmNGi?z4DIXqUT_y3uIfyv8gb~*p=#ghg}g*u_ScScQXNx4m9-Cz<0A=i zw%AK_NFdTs4@6Y=gI4M=@&ul5y+lI{_7*mP8joWo!OizeroAjfof(UL9(Srl1s}fv z0^R^c&DVlh2cNOaH0ctw0+GdhzANSCU^h%wxqg?^VE{Oa&IE-NCa4a!G7FY!WRw`= zy#7T_#+!tf2yI<`MXzhKn1qDl7bi4VtlTot^@9+6f54LwTV`?3C9IjwD>U`e*QWjT+Gb3ZQ zXo5-scCnrJKb%v05D+$^M&E&-_^{4)(tub4w3=iIgx!c-$1G?c)jef)cbB{4&{?1V zdUj;9&bXlQ@dO!>*@f+QkMGjnr+{;8SrpzznE*o|6u@ZP8J>*P)5lK|lANoB3DICh zEcRT+(FP5TIX+Ut*^@u~4M2cCeyl0LK)<;=QL9C%ChTq7^pCEZAC7EUK*J@_&5&c4 zjyGVqm)A|2LpP*A+>pRpb>}19kW!NJ2i%a{C_2sPUX;C&8Rf67cu&*tL$mqqo$Jj2 z-xioZZ78QfA$U)R^F3`8I~PQmFU1j+2l?&@VFl*@b}9j=ayGgoaP%yQ`{f}yI5Sl4 zl$NQDdg!Y90hk@$$x|@u;UWuzc@0+4yq^h{PBLH4s=e>0C^)hQ!AO^;`~8s!m({1n zPM{^20HdCFzet#CIY?Fvi5sE+5{)i$2U-G4RW2>)e3i@EI=mpn9_M#T*HX+uJ>YGV z)Y7`|j`x0$-E+;a892u5G&{`pza6AAY@`NXSXz8AC!b5}uw0hai}=4a-u2(=QIETp z)$Y8$-u~l`!U!^EUi!xD?usQLFD&I-&#qgv-~b~Xliu)Z(KCt3HiyvP+d$o$61WI$wt4QNwHMDv zCWJ9yN_Ve9seiRhvn1w7+_dh;spMO(jboMwUK0WUWWp1nIkeKVB91 z8@UM5*MLb=V`0*^sQ_rShL-k!1sV-vZh}zq%;fERtil-p>NeYr(Ir7!%3hx>GTHyP zZJt6$*caKN!CaU5R!jF9dSe}JH8-aaTb9vrWBw_l^9M?)h>d3QY0Fv04&;(5-=5># zXb`;tQ3)7x+A<}WVj&;}Ek2%a%(pyWbE$u(;VQGFu+FU<4B8mtx3Tb=vp;WH{YB)e zwp!ZvSI@jJM1<>2NJ`Z=T2cpIBi_>}x|u6p$$z7W1$gyHlGvm=f#7a9ksK#jPn|}7 zLAC>2B#4@@=@d6hnIJQ+;eq0ZXoW?h&D~4snnI_~t)67`H-m&s)BXTTl_k?VAb}!Y zrLOh-LAk6v8>cbF6rsi1s>YmX}E@mOOYS*u?`_bawlKo7( zrd3=?QUU{h0lEshbH8NZKpQGz7)%G64EFw^W0&I+09w8k{c`BQFsYUkQRlaGz9|KmR=hgG;_(UV!{XVRq&|4+7xk9?TQqL!`dWGcX_N!-w+# zMm(-Av7iF+zpH6ZJEk!p74d&lr-apXivQ!!T64z#2N-Es$@hDoRP#oOs0y@XXaC-)$_LUQUQuh8 zl_9$O_fR81-kTX)b2YQu6DF#4l%q=3lhyHIXW7PJ?<$Y();y3ykN3P`xAf-+&1`WX zZGL!PX-v`&l`SSH<}$!3r+TlPe1>CVkL~FF`AMKU&A;*gj=))Qi7Fha^;pYwRT%FIP^`q?DdT9&ctmEFPf9fw<{eC zK%PUTa$?65d)?{rmf5;%Jv-hn3~;LRJC$vbt`TpZrQL{zg6g<+zbwS0#CQo_u~@zU z^1*9M9ba4JZMAL<`z_~>@Bun2%!2&jqCu+=JuJI0qLc0o`(Q>LuU0lpE6|Yhg*Hg%{a@xIn)>^Nw_UZ?E9ZOk_ zBK|s!D^SjLM_`)Rs*-W|S5t=S+g7h0QUBSvt5Fq6!T5^Lp;6jX8q+^tyKhz_DVutB zx;)|6e>Q!7mB43z-gV7xAQmL8JAP&Bm8okHW8Gy$Q$a?tcV~`3Yr&0A`IH#%Mvl1C z{>w6MZQPXI6yMJp@Xij$8NZ`!eK^sx8h8iybtOF}G|4!lJypMQGd)^Q#b+5|b?9p4_PVNG zUnp^|;_y||$x_s=0flq#pHVnaFqF|S_u_AZo*SBrQr-3pY%c1c<|1SLNfXp27BwL^ zl3};+vE8yA!M-8@uPd2e8yPX@$J^!$fJh1U{6Oce)70Zl*OzlH zFP2s-WHbuBLT7+VM~!G6xRmpb0;^Vk_}GL3rE8h$PXI2@?5K~*^Vj+6kVFB}QjCK# z%!U*{Sln-;_~9vXWEyeSd&&iHe(QYNc6z`zD53!3$EHFVK>{a?;@CcP{BnX5nsVwM zJr)?QaL4M~MIbv-#l3z^rVhBZ@pSP@MAO_@y&e1VBy&LxCi1l-yNA!q?Zwh4+1p>! zKj)@iOIJMCdE#h|#@&0B_gj&{R( z-{*Pm=N_;7x>=^rb2D2t)Hx#gvuw%z(+{-o^Nt<^r}G&Cnz?lBi^$#Fp%NgP>_{bj z#_>;6>oCA{@yBIH9(O-GgK4bG%N$zy@OqmN7;8-XuOVH`;g}2;07$=>2dTitUzs<_ zd{IV#5cvT(b(J_|=}V4cy8sL=XMM@L|pq-=3XNu6%{NA$x4FEh&Eo zDWw68_q1wp?$7v90nRl8pSm)oJPxFF-MR2M#vti2n`zg{i{88^6fl{6_L*o+WIT*v z`y06Px{3hjSo&;-1nnN=;2ymEH}@c19IuYV;9?W<>aiDZO^h?a=0%E!$gv;3MD~A4 zblk3o3xnN19;p)%4;6~b`t~BBv{>m3QT_@o-!y>Ft4l1Bq*;yp{QNr4shrFwdIl@b zfZ6hN?&^A<1oRBO@*W7DI)k0)fEVj46foa{;FR7z7IaC6nS=47(Gtk>A`LO~-=raA zk%lNmq4OTWz#o-+Gm(1^0aqx5X2{y+2?-Zn^y|Um?FC*g@70c9XREHkj_i*@M5Zlq zzxKcF{_~{NBGMh&)V_`bi0`D#PV9z4^rU=146*lu zHM!8Q&^vMnp|XrU961s@lif>0y}gd<-S9G8Xo4o4q;kS$;2|Cqmvfs)^UL$ZX4#3? z9Yfa8{6bo>D9mfk-pUdcr9`q&2CjD{4dAa@YP})?n74_cd=B?X%27D&J=S+Nk1Gs3 z45ZGt3%|bGsyX!kTMGo1E`oJ@WuRUpT2*Ay5+`X@c>5`ledMj!saNv8biLN1IdUmg zHiG+#gXctO1o6^<&pyW@lxOO*A+(c+YL{6;KJhgO(YGV9Q>AF^qs66Er z_+s7`GY51GEC3qIBwdD`o&7W#%#2n}XTM4^!PV}y9_IOjz34JcbIbn%)wPaY9axz% zK{TO>`eg7yxOTq_rsY*akcw5j<{$)5Bu#3Fcp?+`{&Fr}Xhcr_@i`nz;QQw@C;gNX zW(|)c$}3qD$p>_pskTw5wm5vst(K_mTHVTi}da$b(3kfY7 z=|6!!F9IcB!tkAd&KUeHRJCvM8!R7utHQSc0w)+w1dfC;8xY2DM@N*TBQNI|pU^#d zOLC!^hL(36eL&jO4L9~oPGD3n2Kb{OO3+b|aSyv#jyXCM54{SMds^~BH~M_n%b3F{ z2c}Y2kb;FAgCKetmzm~dF>fpQ^abK%^pkiCFK@1}=;83USWC87h5eBc-puBy5Y5f6 zVcunxfgCt>1VPPEeH)nwIUYv6CiBQ#%BuD&K!p|hjQ;@AgxOha??Wq0r>bC33~6Nz zh0f%;UC19c=SNM8+`)D16{p2(HyAwaO;!tAMjgm`H`I}x8uL}r+6taoXVa?bGq-Fs z8w8jiKz0@g+Quyon63SE^rG#JU_=hxE^4+n)$bV&Udck%{hR39wGcB|L&T&_-1C_)upz}2P z`Q(qiKWnyl%FI)6ICe{5Q<)`omBNXhyYqP*Q|E{BuQEz7TdOMBAOIFy=~<_P6`ifo z&TKgIvX83$yi2D=>vInaT=(JY^Db2Teh>*U!Ejo;6;MCxf%@4rx922^&HeX&On4dW zALa%D{8y}3)Jz&6Z4USNkZ=CA|CJ&*cv7<-V%)@VMFczR=R>4Z>NuJYtL|Go(U_G6 zTw*@TErV|x2=s3~=jw2&3Wu2tdzpPsi&>b-jNs_+xsy6}l6fP?WK%Wu7aQG|~bVOBGd%D+_sE5-40Ie~)qnT&vTTG%;!K{BCA zZbsmmN&pWuPQg6)wwZl3uC+PFMH`XqHCx2Ix=+Jj#5PFiM~$0#p__^A&ES}v z?@2sBEu}n~Mwl!Xp)##@b*(t_p+!I~E%<9UXkSozq21sZu2Y2PcTby5WfGKt+Q<4n zG&Qwv)5m#KeqW!^E0@C+wx!(fOZRaCG!K!{h`p(|Bieq?06vyZ-zZiejxD|%J8hZ; zV82=pN=RUPVqP4O#xZQ!j{wWrcD4T*#Y*sp3V3?Om=7LZ?LKPCNSB$+nfe zA|t-|S+*CK?qHPz$nG688}sgYZv$}20oM=*E^se+8bl#g|H;)?ZN%Qu;L-7MV@6w z-dGs2+(M2aFx=Mqn1!PWfV#9$E`HniB-(p@P1%Dn#y}o?Bm1=v)^dfp=Dw@uSU^QA|6|H>V7VIUR}I3s?<0 z09w@vG;ECW+hkIvjk*jzUlLBt2Yi?Q2Y|nrc%xg;HW>d)SVGvU(X~{ED2^HCCM5LH zHIeDlracD2Ly&Y5?W`?&zPOyAYoYcWaqsPEu)Xvbe3q4{WT z45WE(#VUfUxaH{r9{Yuh(}Df(cgpc+mNh{n(#-R2^abSpS99lSu9%e(Q~otnCCmfY zus!-nu}ELmlHV&a%(5GigIsd$ttMH(dmS^RNUBea4%Y##z$~E`)5N?VF}Qh!i7N-% z|Bc8s+}yb8EX5bD>}tKTn_EdZgxnLk`3X!@T74d@6;^@A^Y_@{K7>xG^;UhPitUSs zQ3VrGL#P&Uqt9?GDrc1EIs0cJCgVghYs7)&X5d`zg;4(U!5E#?&7JS3)Ru56EPTlZ z;nTv>2L!m@qulKGfF?u#8UM$u16~9JuPFH;!l0G=)MPRS55*?*5YtoZz6|B5q}_Ng zD!SJnJcx~9TqZn*LAo4_JD%>>#6^YTW%=#m7-FLjl&!bTAc2PaN~=kR74xfc#znkk z^N6&E3!8atL$d2~A|j?2Wp7dqnU)DBf6F9D|3p6AUei5O4~60OQa6@PZm50^#vYlW zSyn2PlAy%j%9ox%<+hd3P`Qv^Y8+#Xt%?2WG%p<1@?{wdT*b_$G`}n)6H0{9XYCw8 z`m7^&qRIbWT*_oOfYOPzWLK?D+D$UG1PMa^h;}8&7hG7%D;mec^BsAE*DZ7}K2XPn zkdaHicFmJ%QM7{qN&Nbey1V|YxeGr{Nnicf-_pOB1%!+`SSV69f;3TM5+5*(ZY~1N zVY%0|C!oi7P%q~J?|0yFUPj;Aq8P zis6ayWim#ut;8`VY6bZi&)!!;!U@g@F;||>KDC;iD)+g_177SD#AuE>r8>Pr72CW#3 zj`xZsxRfD-q^>Y=wa1s^Qi_q+g2wqjU&<*np2MY>uvw6EE$Di0-Z-Y3KA|*_cWjvS z<1M?9U-(7z(StkLI_1@p*fHQ&ir^HsEeeLdv;(t2wv8m&;9YeTkq+HS@5!u#M3up{ z7#DGvv{K8S;K>*f#uqaaRHeqUMwhR9_AZY-+N5!mloY{nF>7Xm=c1j=HDr|$z*7;I z{UR?qgffmPPIe&}PreRUyBr9-{R7<%Cng;ih(G%p2||gO-xE_>jYu$82;X3Pamj}{ zY`Z8jl5w{o>%voDn!!}T1eQQlifLVy<461Y7|8%sNZ+3ce^y)W;$&j|K+r6FB#;BL z$A>iX2KOE3dY?fslEM1ef=p z2<~OVBkaBL@axOU(`~dKI!&&ZCW3CDWGoucW5XRs`%@;Hfykj3=o$Um~=b#M?hn(Y>lWOHwx;pH3$dY3aJH} zY&p(Co$w2A!GI`g69dvC_9=&ku%9fLEU+XRkvorj^kgj=BLEry1z8kpvX01=T98k= zxhro_{^1poN>c9b7!(}VBdVB22=RYX#j_!|5jsmlk01SbRde~p$tk!%3CL}AWiufv zW)MmkGx z&o5-zMe&n3$4Rt-1hj!(gX~Rpz^nsizm=Z+$&~3hySc)vE#Kn78i86<@um~xKkOhi z$Tnv+!9*FU*b=?~(hgQ}Sc$G2!xw(~;kfkL>q|N$LWuP_UM6WaF zw{ZjNh0T7q0FR#A5;w-Py3KTGDO?|k)C*WM<~o)KlwYg%6comzDOa3+Ba^v`BDH}` z@E z+Aa5_sFKw8?dsx#|BB4$om9fTRQ02omcz+!=xz{ZoisWKCHs-SshniFL^T*$F_tDL zB3tjHP>En%@Gtw~(Jy)fqMI9Ds>;#a?kS03zuLh$KGnKQ~U0DP>^N(M=k82<1z1 z>*LBD$6vWzx{n;vhmLf!9(>w!4QyTYQfuYCq%gZYD*F)h%6}KMkMRJ$fGj*%rq(`T zrR01+(!>xh;O8%-vlP8r{pFYGEzXoZ47XIp0XkLN4y*wp2CbzGyqC%KBQKtqp^tC%+t~5aq&E>> zNv*4^>jI|Ui%{=@goH;GQ&uo?Sys|v*R)Q!6m{WaM&P*9CC$DB;=;5NpWE68@ec7-nlf;njs zXg{Cx2NpMw$EV*iq_=oLn)m&i77tIL!`JyQ(YYPqfx{1QE75^{8JN4=7VE0*%0vY_&sr>dFDSa8q;(^*P- zBzxAvI#0K}@!JM)5ERw^I_r*`vS(QXXg z_YR&-bS6Vw=qYFnPF-2=t&BgXB%!mFDAPQDL{8e&e_aTo2#dm=UX6O=lLOu4qu5M3 z8^^D?thTVX8X7Bo!C|8F;*V+cjEsb=!TE?yG?~-Kp2s^Bi;Okcz&RZ8JYY?ejQ_-s z1qnY)vLxEc;;MR}$FYr^3}h6RzLj@s#u|PbH1VtD8aR}u)CY-$4!2pI0W@ePof@hs z)3Z0W^NZw7^!8X5Je7M?$TBeX>zALww8+8;q4muL|GM~zxmy6uMeMpJJM`sNU*BMr`5uaH9WGNjA>3alB1q~!-0drpZBKB-WTCj&yyi~ao1iQG|rB(73ud#b*vt|UQu1>A?t5IhMa}Y zEvQJs4W#wCLZrd*r&v10Z#{F50dAm`-HnM2ERe?lpy&4Oe9r1!cSM^hGH`-d7B-vu z&@`sAZ(H9zCyEH;(b;Jju=p5UN=KD5GfVrB+$W%MXIHJA*H|VXOpRfEa|T;^ zYFuIP<+Bup)~bkp=hV^M;NIm|?zC>IV5o`1U*NTReF`*+a{>^xxv;R)sbH0}P(YZsVPaZZoDlvUtd9$JD zM*rR}bcnN&Tm|WPr35gn(30sBPYH3idpoH2mHn;WTm~bf+6Yt;kIuN{Disf=f@n#j z+KkT*cI)VG$ikzk|8`c_^p}rXZYy99VO|yejW%8spAHKHJ@Y$^IyA53#K?EM#t>KD zxo1ryf{+6D2(fQig!;*1)Iz0*CnQJzDHb*zH2+K87oDlXNjGgQizsV+l5Elx}R;H>fioWx-x?G z$&oDF-yD}w46HwD8sE5wyf%1r_b;5LzURF)8BvKDh<4Yig2ZBN{X; z9fdL5%9yNTuL50ysD7L@sAjq{x={l|KH%od+_syCIm?Lmh$|t0M5C;NV4#m2mJ*l5}A! z7^L9nsvqw$yt4Yml?gx95tshf7dxO=$baWY+1qgF zyX3s>&101vnWZ$(+J|Z0v93Q8T=p-PWH2XWXkfHow$2|VSfKVdf4p_bqsUE0(D1#X z-A=Q&j0b|CK(LWj`_6Q`Ec-O$CUMHi86So4_IQ4s&A1EnvK`^tPtpo(7uM{1 z{yUCUm!!!iAAf@5ho(4@U8Im<2u)*92WHyyOaD5 zRz%MR_}?X>2Exu(bwb#Q&|@g^?^QWk??}=Jb`5>P<7rA^QR)?n8X?jJdio-ZdW6mb z4;&{&4th25^PA220Iu9ra_u0TO6D@&qK+);hP6=vs)mQXDOn};&w}!Uc1UF}+Z-0u zt6`QX7BBx9l=r>hfjep9pN6Dvpw31nHQacq{OxuPv`-97t*Z-CsEjM)8|u z{@||O_duu|4*a8Ft0(0kID$pjAFS}5CWcuRa~#<5Duzn0ID$dU%j)#M?8+1d!fa*o z9W-DB0Wt2MhGV=7TSjK7Q*pBh{u{0V7a!bmkwN2{mB& z-h{AJ$HLe>0))L%7^Z|^+9$1-w41K;=aAfe!=yj!!8YkL6AGtj)}g31hYP?$!y0F> zT$SBJ337Tnh;eSsE3t24QmBOiS}hqgmmA;$)pXg<%+k^KJKCR4Tq@JwX5BgcuzSc?_b2B@2yYuQkHL&#fy@ z71PrQ#Xd?Oq3>g%`@sd;#MPv8LQpqAHPOgNd;tFrVo*^>FiQTgj&D7p zot$GhL9v+anL_nDcTotw1`0pqVfLUp{AZgO0$Fr!(RVyt5)@@$M*4w%-OUg-=BrLN z4O{S?FNr4pC1So`4m=>+3RZl}!6|lIw)nppa{|{eqG3zBz-VZ8a>_ zb9FsbN4Re-yL?(y;=&bAmawyXPM_UrH{tb{du4r8s+{n5^;@fkXYn1*@uDZEUv zhW+;>Pw>U?G7j?Z*t+2Cl#|OuSunXH@wlV6|iM zkh_gzg22Dxhp|1RN{U>j;n(j;?ztxejZR0+E&tuiiqV5feCLi?RpK?-LG=@kpN zSesK58s1s$iwTmO>yAc{yw`x-@t*_hDl7IoGJRv*8Wm~jQI%s|p1QR7%Siu+!SWN@ z%OgZDTfuCqN4p&LzwF6(lg3VjgxGqRCyoo&TdwhSrN>~Z!ng$BJdyFl457rqhMuek zgM{ApFIm*(Tf9(fmd19_ijp4Y9Y>I!&a!(lbFv+7Fttfvs%&*#&9k_GldN zrqQ5vUpjH@Sq+(WL<3L3+CP4Bj$0`wE{MAmJ3w4{Z!*m}^C#vWanQIaLE<`VPc5N) z->%a8jw@8;iM=wY1vyCLM?N73wgaZf)v>5O?nBB9!U?*Hup$ExUw)%+sOEXfCXwV( za1Y9}^^6eAcIkc1`48FVgJdqhKX-Jv%g0JtB-pv!pswleCC>Xu^AAMl4o3TC0KW|$ z&9gwO0A>ALZAzSXZ*1m=10G2^&I*pk za$Bg%@Sna2OEi2`V{@YhI2~~!#2MF+A<)S=Jq`OES|mU>!{h4Flkya*Gui~T_b3z9 z>~RgFHJy5gL3G73%$B%2m-f#RA<_r%n6Rg!=j^22V;1q#n^jtN5M=ywhQs}}Cr%8! z(9e0>ZR3ApAb)=1>uPXS@^h;G>{@q*Z-{5etxQ*cZ~u?d(2?22q$Q$2A!o%)qGn+Nac_m`{2UP6dYNE=`8HR>%$elBIHZo% zu_?8D6`tx}<9rs{Bf_vRl2c2Fr)r>>I)uzY#TgD#~vNBLSKA zjUg#@fTYxJ29i>P>6qj}y1k>_wlR$;M~G1O%~Y|C+E>#vKCF)t!g!wj>W2GEy~H$E zH(W(}a>i-?JqKr~rxe(u?db4_)zTRrKZ;B_Rl$)*pox#UZ*`p}41bbUZ@LKy7$Hs; z0u@|_-SY)!PB-GP36(^lOR3mMP#2ATf{^YWI`f>r+^6DM$N~%Z*m~8`@2W{At89^; zIdrBd?XG#-!M6Ge@MaupEJEzH{7H>secUbW``cf2%y%uy!Vt5>;{|_MRrhv*?9l!u z;5B`XoyQuL@{bR-->CTtM&21@sy)HMxq+*h-&b{Hzz(zmHqH6>ZtNB~4iK0ZVe+WM z@?LiICf>+irXIY?{>hprwmO&UmB2r%B(Pbz`IYT)M>i~X-shFRgqqr5`JPZvf24YY zRblS&w$JZXdmm_ekvdY+ zh6_!e>uNSMSdlvq$)LcCwqPz@;O%o9v^i&*OYhq{kAjZVOB37(Kt`|1e1=QZV+VHe zeT}O9=_MS5tTE|3(N%<`@C@N(G?;%2bc9xNl^7?Nq&k0z^pQf*8{Z^ohbb#>8ELFN)c4o*fsp|u3YHd=uX5J`-w7^k$N)G(gsyt*NtpUWuCt}fDP z#e3dU)~6KL48FOvkD8u#!IGVqkp7wjy(;3;m_L8Sj_{;}GO<~3Nlp7nva`z~`Qm>- zZCqjEp%LzqRz0@b!|uk%x}VlzKabs%HeXl1on5M+)zCbjKMJGcixNN8pJZZtyyBS< zw@pTK1lLsO6|z5Y38mQDp5|F9cY>*;W$);{)(YvpOq=JDZ<`toG{1Eyq?_&w*evH@JXUcQ_S;tC)K3?^jxmj^f+KOok7MEoe zO`Xeh>p&i?&AVq9vT>b>(?VL-d#MG#thY-2uFooln^trYQX?5QrFrPT{vhO&eDUyx zqALvk56cO+#^a5ACRcmqDxbJNUGd~oBcXZrMz`x3!a%v8W5b-rcO99Xw_e4g%f?dv z;fyMfqS*D3-+IipyX#~ENE-JhU)cP!7Mf!)=yp#3E5tc>PWHCfMH$o*-MMsRc|=JK z>lYFZWa_$@v_mXnz|T(t^{F68V82@Xip6K~C&vSOCiqx1bMt`h(HXJEmjT>J_yirj zAy}hY5+pDwV|w{CWe(Mk#=iE(mtW_??ZUNliB;i^IOwHxUp-(Jh#+rxG1gbSe`t{u z_cTPf-o~U8{F#Zu#>#u7yEjT5eRJJ&clDbU9ZsN7;@g)w&)4Zmo@Mo%?y2(!D7>CN zo2xZsrZHLwcY~73$*p;tX<)kzLBzUjbyYvDSwEOw;Pj;ta3}Pzl zRFILVzC3x6FrmtOmqRQp*}V#Cr0RFw^^g!2c*b`^s^boSm2drl&V0g3dnmO~@2qXr znkNsF8T{>ion?Ia<$Z3yc^}U&=JSm7i6(%N)iQIfuM_&r<`+H=d9w#3<1e=#Xtx#s z>oX(%&;HCyw+`gS+uD8ReZTq4a`?jSqFtBvCmi|y^^jFj+V_3z`30BjQ#P}&yG42j zSBCyj=Y8a}+1*TL+I)-L+#j!O_hlX}5LuIYZb}LN?(>dOD$;ZELr-+`otU|Mbg;sf zt*65yE=V>?6t)!;t(6uRBED?B>%gi8=)euzzMwI*hy z9VFOL0sN7k&ilfC+H5!5FeP*wHw`5-(M+C%ndFJ;(V7oKvOTtEd|VU7gy{wI)eV_? zXAjFhh@7%S4z#lPN(cw9+& zyQQdwX^!Suo7t!5{A`e_b-2X;(Fi@GXH|V3I6vVs|2gb7%FpOyo|DFHq3ptoISNj+ zQ&W=3>Aq-N?NGw+;NyH&X(a?Igx?}kZrVDd%@WVw&%5cf;0<|#5yS2F+i&@w`($oN zS?3e$LW3{3X1AJ{Oc$$HKK_Y1{V|${Gj%KKJN)g%OVIC}ZNwx-8nq-l0@?q%?BFM3%rXGsKf2Q=gfn)7%vrWp6;q zv3+OjlKG1-WXk(Gse`c=T2Zxm6`dcNF!>q<8e(Kw%J)xmtb(t2$(r_ORP0^*N?f^) z#i;nhqXXK!X&01sjA z4xWKbdFNv3Ia4o%_=rps(^MVqIb>B_{xB)QEI9LFNxPCvL94t?_01oTu&t{sRwX;* z3yZFmh6N@o$m9i^)s1kjJyP=brYflyT;9+A)yGM>)u80Xx`*xf#$4t44#I@~LGQ+s z)!%GK``{rljheiF^7T7HmnI8HJyCPIKQp(5y7N6J`J=v$Sg$}++RT{Rwq(yxUWWl&T+H5kWSr@U6Bz9;zK3>8fsAlX@Q-%e25`E(p?RSScB$_@+hg zW8Y9UJ}!CwYUBDU#5j4q9mJ{W?I~@xEziprp5UP z2Z>>(B8Fkl0?x)v3Hru=@_;S?wgRDVDtW$VEomQY8fQ_WiZNfExtL5u2o!2ROZ(@^ zL-Ty^WsB#mKQ$k$Tq&*SF7utMB!3JI??os5R`|HWNji;THBLq8E867ICPYTT^odFz zAq?wQ%Jp;Vh->NAs8pNYux3U0!0j0xi>oenfkhA!{^RUs<%Lymz7a}iH;nE`YM5tV zQNZ7FLFr(@nqbiV8+q-vNa((9WYfI=OkvtKEAjd!G3hx&g!HW|Io{*&wpxpXE|K{^ zwmef(C&h0X#UB}Za<=YC`OHz*>gA8BaFX_%XeojB*!Usq>}K}cIiO-B<*(-*WT%xb zj$kUq;qrbf=oF*DnI$2z2mBBfj_is2p+dxbi@Aq;q&3aUi#>nhRI{TL!x56X+#POW zbP%D?L6hC5kUz`ILveSi6qS?f{r0@Zx8c9%Z=!%_3a}|d#Vb|*=y>)9jJ+GDZ{3q8 zef*-!6VKg01-{I5)$m#HTtB--w~mZic@Jz=Qb>BvNN>EADVfHS)U}8GkAkj0K>>Z; zOTvO#a^weQ>;14Rm}6yWo;vy?bhNP2t;p!(EI259mP&FqGjVK>M1rO%&v!~+n53;H4M3gLv5Pg&)iR@CsN(0_e(yM2AZMH*px8pzL+=FYOX zDczBnet7<#NZCH|4)r;gwimq702$(P-(ff+J5pNr9h)}mnIn2SoP}=s>|5a}5K_;7 z2~9xDn)s)NKMb*%>JO$&jk9a36te0#3_i(DQ3CkIh&EL}rjNTZsKDk&Hox};C8m!@8bb`s>^?s^S0@*LOz7MQKW3$i3(a7gt$Q6|&NIMaLhJ zA>q}(umF{chPU77Mau3Loa#rI`}9iqxjcrdYHu-VAo8Y%V*0s+p2cwx!3VdmVoPLO zN$T8u*PQPm%hKkwreIYs<%_-Cb}K_EcUN@((5T)kGtJpT^)u%k;Z?^sF zP!Na%++*G`_KejXzz&f~($emIZS9hm%ySX6?xp6Iuc}Y0040a+O}j^H;8)oU&Wk^X zv8~1z|9ry-irEiw0kK*K?jJ75cs6%~h05lrBlp`Mg(79-I_%?oF4KUMgQNXXK-z`I z`MA7?mObRPDDY|ini97_Itr0%VdOa#mpxUp@x;XsjC!<>&4e}pQ{6L#|#iBS`EOy&p~2F+^H(2 zm05NjNgtgTMpTE|ixJQ^j#T8{X~v)<#Kgdn7=ztr`NSA_5@R6gS;fu277FCiggv8W zZCfyFJYbWkitSbcefuksi*d{w8Mg+u9cXJ{i!sezQ?>USNv{%mjeIgt32pBN$2V7B zp*$s-x~1}uVlwG3Q-$^mw6k~6lUOx#GNYzotK`F;dv8I(VG0_*r=9IAXLJ#U4@N^_ zjrm!$K+_pMn9wmf6553~lWJ34bGgEo3m%?w?_-#r6B?xE#+mrxg z!cmfRu+#0$I$+n=fr<;sjuWxXTTjYpq=p)}5h&Gq+5CU zzv^}WuO0*fzr>#{M?dQ1q$^E8LMJ49QqIx%tM}1P2nDo%ctV69JoPaMV_Ms7CS3MI zQo>q$NN-$N0K*XmQQg^zIl5!ztdI2jneBe?b_BVfzZW1Mu?!ghy#UFLoL5nFVxvZb zK_>UF1Hws(pmKI|4xYR}f~E_+=(+&H66Q+R^PL|JBOjnFBDXxooB-HoqAaq|>oo_% zVTLs~B1n;RqKCb{i9Ay zeEE32or~Xu5@zWnLV6Cvd})Uy1TwMnx}{cFWRE1Rrqotr#3skn#gO!S%`r>^YU*z_ z$3Xb32F7J7woB1|KVe&)#Dulp2KW=4vz7u?nd-OHx8@%To(6!f%ObwrQsAkN(w%UG zihNv)o2y?0;OUY6G>Le2*duyRSq~W`kWIH*?x<~Qkm%?4+U9=luJpgxHpNI2cfk?H6&ggaDqCKlbyc@59|r*nzYamY*3~AC6za=pCC62I|4{95xov?6s;>O=d&I~p z>j@oVu+@xPGg2K1SU74KQL#_$fpwvyBG6DuGnF5+leM&osr(&1P|0{q@^9z?Pv}zg zp_WW52|B9qZX*6An}zvm&(}t49G8wR{kR_ev*Y@M8cVR0K{Fv5^baOhgP0GnHz9;W`gWKy#RC z#*!|ar8FfqN84RBmgevM&pMt09lOr|$G)?T8b7k=FmL*PQbr+J~NFw?&eo!#}ZO!mrcG>hx|YT(tSZKJjThcpAN; zwT0ZbMP)16Vod+((=Kbmg=*Z5p;HL(5YNC!6zVcNnHq6D^%rN8h>3iw-e2sM?Sd(xRK_y_@Xtsgkl%%Nxry-c{#p z(*Sz680;&i)K%e4)d{*y+dsp6VMm~!+L}&7{g;l6x ze{gxDKbA58wH|X>W4o7kVL!VoIFB!K3wl0!ca77~AFXXJydlx?JQ@9viy~G|J^!LGj7hYYrnOvxC zP%q1ithIOuu^qX{JjG6QSH%Ykz9U`xsqc#zJcPyPQEf z*y+*7vRN6)vYD6MHuPD&={Bkzap|k=t0xmw{lzt+hGb>dFfcA%Oln(quan0$=s{CO)5 z>a7|C3oYixyPNw8ko@ldR)%4|DxuZ?Ivjb2VsY1ruxEGbTE?xPJN#DY%)0c>9vd{qa6@-&f>(l{46nbndmf zHqB!TgMWVJv-MJT?WmSM{?kpH+>1gM-1bEkKR6YE`V=?-gQMJPF@Mx;6^NPhcVlL6 z!=2&2DycS9S?b<`u$fSyS*f-fm{)@TPXVO0MmLtR*t&s77|5{7wW7hqDml=NRYQ3} z&C*2>1ur^iJ~9lbqmvs;8!FibjLUPLOhYE{uNy+XShQHHk!%FZ_Ejdt=b-=awKUlW z7|Goc!Id3;qpOvLt}izc;H|;L(yuoy9+SbYoPkOTLg-Yf>#s28?l4N1$--!+8kzOQ ztNW|%@}^8b&8@j=!7`-7e~yA?+pScv_I<(}OBCG4<1`iHwsshRTu#H%`x-?qH;L+w5-da0oD7# zv*I#ZqU?t6Y+TUsJQH=y^(o5 z-uG27SGe5Bmcw66lT&j|OQbZC^=*SQjyJ8ZTP+?kn_P&t3hWL0{5ADH%P2=M3P;c0 zx(U9N96bkHeoTgccRvh;i*4gpVsrRS@)TEQTv>^!*-+OhX+z@*XiN*tfxcrLjA0t4Vciq z*!a8YC=bC$c;8q4QCOE=;$iboMFLZPGQ9qcNMu@~7`NcJfe9U@FGD+*hpk!(L&rg==9I3ykuyjL)D9+ZM(>%6^ z9{`54HlxS-KA6X=^s^JF1Fg^03&6ElFZ=!mw~;Su{*S>9I>&eQ*PBbXbD#w!>?=Lj z5~w*XzjZfqm>uoLYUGOFMb%`Jg2OaWksXsP;&oLe0`r%B!WVgc7|#j!&C+{9eqMS% zHF2tFbdHKtcv|KcKFOR_)j&y_gU;1FKD&<9JXiWL0}vlW#=QlI*6km!9O_m?X^#2I&2K2z=_IE*kP;IDnblj;5%24fKYAIKM4XJ z(zl**Bv&DO$ui?KY4xBrDnil(plh%2^%90l4pgOPFUN4wd*`*+BWWF(P7e;h`v2Jl z@;QbicO`uifaEp7b$fF$cx~7rY(wJHnsN7ROyMV3P!&)AYx#Gs2)%*f0?MFMzp9@j zQ=RN|V4$Y+IN$E>Z#Qh4zs|>;OVfeJe2Sw7<Tg_ao4ewd~aR0c)8#8@Al3KmQ9Nw*XPs$HOM2Pj6 zEupn9Ed2eIp7KF*wXI54i)S^~baK{WnEYd(fR*{$l`d81x0?banEx3#B4}?G5LMQR zg2a8_Xs53c;2W+fMPI<58OWq2Z~IY*Hp@Ny$9MPEo6(R-t;=K=)|xDSWYAi*KI?9* zEm8KhBfzHOj@^hgouS-CS=FMZ$y#!x*fBBLhLoN?Wk$3-2dvN^%0AkN+3V=dV2cec zz{kCgr3-@5-ik7E@hfk<{{!Ea#>}&qlpi(0d1ql7#c1Sqf2|Q;Ab41Mh88@mX`U23 zFkk%=JwRrOtAPH)qwk~p6E=&RmJJ^LUd^QuUXK>FJ@|zMcxdtL>%r;|*t^9$NJ#y} zrngdun(8%5N(;dbuE=aRR3z1`9tjt%#$6Bth5GB5`?`~vDtnJ1^YcgKq0DWntarZuQXklqnK4;3|HNg@d za)5G$MobW`Euk|0iS%6yl+e0IB>z>&{Rv!b z!XS(C8)K_ktWOTK`c`kFO?m2A%3qh8o}7uz7&Iaop?fn_m*jylQ{xs^B{+7tL};CwJ&WzS&f0NWk)PZATeN1Vy7DH|*g3Z-2VUAo7o8y!>Y zMQ}Q+9tz^q!rtK6Hr=TG#LWX_{Uhm&$s?$UFSIs{^|o3`kh;nEp)pQdF03Wf#F|FJ z*l8lKS+5@2mAeLh)jadJ;c7IdQ^ITxSp5h6YcpDnu0`MP#78ylrq`mglOzsG!s#5# zeefp$+MCB@=guI)j6x^x1l>VjuQf~fJd%ts{H|sT2^^EucRRvVv=VJ-+W-tdsM@dt((HcWM%?GlPCUs!x)4 zY$LTDP!E#?jttJna_emo#uTzQ?0)#4}YjhgT@vHFK-EKfK-JVJRjkER#0q%^%bo%Ts(~ z`(gs{{dd94I|~RVBK);CJR#~7x(Ff%X`QbY$+C3nb71V zPUT;EPRZ`6NdfrKgFIqk`q@gL;lcb`dOjwnMj8W+U5xB2PP^N5!j zpiIYmXdOf%EVk&N9S;;;%-_lKVBk+u-1j>mqhgLusC!CBKI$l@3y!Ctg%h}`eOhYl z+f#DdBo9>TsC@#ylbyf^mzaD6+jIWf>2q~nWLKZ2#52SSTMlhEj;#?h%GFOzuq=8B z0cf-LV1)q8jtZNxgtaFTK<|iMJ3O|o!z(U&5yp*8i;RVbg)tWitjIU$rMYEHruD>c z@UJy{P1D7bwvzkoZ9lh1k40UstH-VzTp5^$N$NbGC5`tA*}E13AD8K4ls=uB!}@6Y zqN-D39@%PpE*jL%k~rJ(g*PFmLCkUORHko)HHRa3k#}_f1TtjxYTB*H0Qay{1=5M95mR1O^;2D`^oS z!5v%s^IPs6b9@0zCEQm{9=1M~?vfV9{CRgDvvhHJ&rP1f+{VhHpTp%4uEb?&VE%^!JxLBLwMts*6y-&bI zvnW*Ctxvt->QqDcmpE5_^7Jiso<-GR4CM8FS#RS}bhn{;Ez7RjX`-Du57?YC$(ijo z7#6%qF6~`c!nY~A4z9sj89~dZa1A8%q-%b64Vb@h@oyk%P>9K4Vt+eMvq{SgbBOB* zJ`Ekvon7aT-PZ_3kb)?O=#n3jPVzJ})3i2kuzc#RZ7e>*pzAi|dQZjkBWMojZ1@UG zcIsC#W&o%0%Tph-kF-ljjbgq!m)M7;E7z-z+XwtC%$lL-`tl-|fGqHD4ORB4`HOiW zH1(OYaV~ZZ@mq0la2W+hAh^qEJ;@%PgJqiau;x7F41BP;>sHey zBTd+AVJ&m2%zBbqcDvIwk@W$IGbuZev+TWHh%9a2y?CN3ANwWkd)2bdU4Wi%#ki2# zj2(^~)ONyZ$jYF^)x}Wyj+lPxLMWV#WN4-br=C`9{Vn{}hE z=a90+Q7pElO#M=;6ujF}0l@{6K9_8#sMaQ;o4^0I4YQ?4TGp;LHq{%#`nx0sKHw+tzgTFN6 zXyv%QrwOAG+o8%wOR5gYc#G-B8ea1_{61lU(t+wUdvkQ)l;rH$CDXAC6H-po$af$e zC?kQ-`(_x}&)}`!lSLS+PKS9?Gf+HhF*K-;O2li7`ISU0{yGmJXwH-L%R3JZdctP> z{0Bup)iw_Mz2hXm9KHxoc_1+8cLz^F^8fxK5L(g(g1}f9!B`yLcF>H67sdh;h(g9c zpZ=iNcQF%|;FX_@g5^t&3^RPjyB<^zR_i!u7jOK1ZZZ8F${PDN{R}G2JMR` zlf2v#_c4S|xHwjaA*WZbV|9kTuY*owb^j#|0(>w&>T#0MYuUD1b^_v$Y{Jo5U7g== z4H(lvq33XAW-a%z5fuSb4YEdy?o9kq0Sy&WNZGOZ?xa&9Z``v! zY(BAOgF9Fb|F&lz8L?*ys`@0XqXc5l$k^g$45^3!ueF*w_H5T$CqkzsNA@fx%v+lc zduDj`jqu<0%!9j0j%--%*4qmv>H@4X+4DrGt48BG^6f3)O}=ht@3fo+s*V`sC7_1g z8FPLOOiS1r+`z$iZ@09F;P#_9L~7`h9t2k5Y?1&$fwC7(eE9Viu!TMV%;3&$XwTlL`)?-i zJbq&k1UbZD9oM56{kBRaYI$xm;bR81U8RW#LB!z|SXjsuo&|BX_9hovgHHYNzvyga z2eODP1j?-Rnc&^xb$0R&)XyK~=at$mgmEpjR$d4FUb>cb0xRH$ng0F)lK8ia#cV){ z7iNOc;rth7;`Jh`GVPJFD}5#tgYV?QK!IeLL0T+a!}?w&-Dq`%oEpr6TA6&gF?8bB z&kizV@4p~L`i0R^kva=!wvFP#_M2RIQaBhDIY=%4)E>c!&^uIecIQbNUz55$g&aVh zJh(0+7*T#<6x*!euxUL4Q;?Q&5JqQF#93QUx(G6?W>ntroZ6uCw`b%tDY9rB<*e>f z+cPlf#4h_#T5Fq7NnvqpEY^rHRit0$Z>*1wb5XKv{yfQaM9OsywSY{20b^94KCDjG zo?@cCsmhRfWy4}oEnjGm$;e;2*hOB*+mHRDw(dMoKk05$qu73ebATPwZ8;hIb>qWF zXxF$k{gK=&W8nm_BasmioKWhraztLkwm{on$*2?q(DF?Ezq07BEvX?Mj^`WmG;Yly zb34h_kIC%=miK!>h2KQu2miv8kZHMlMWccN&Z@9Xp)Um8EC)`KU!`2ZdKNk-YlJD` zf_GFK|1Ht6Kanz|5P4{bJ6mPC&9|4*F5?fu)3#{j^?QY5Mi9A`)GP*<8!sik{sa(K zT^_SUa|j$$gNyvdVnXE}4k~vi@z;Z2Q!wV!8x(M^6=$P=z4Bl0&M1Ii@h)1`HDJ7C zjp_L_jd>S?Sf@>Z+hd{U*s#8ChGyEtlQyle;nh7L7uYgWSo%DM1}s@;HXY&^NauUT z?4*b-7=_fdJY0 z&#`6iB%(ywo626vF*2X)d+NS#-S_W#y`JZvUUHo8_cN}~^|{9Ty53xz5HQ+vr4b=p zXx4%y?)to6=PgQa*IOx_WH-+L;2JmtISBLS_KO8?%vN4^x`YdhA)j)H5C#SY=+6XSdk|23NCJETgd5e7 z&s7<7&nVq2?wcN!an?ulMirPnogfDuH(Ca5_Zp@tNthv%XfE= zC-Y4nC@^YO%z)Q63KQmsKU6+ZNhzC|SArKBKj|b!`f?~uUa-O<3vmIOkmAIhZbLdv zI*uFlZ`tw1=2K7h+3f4051r8Z>`d9LzYk-K8)4q3rY4em_+zC0ib~I~HgFTznB0Lg zE0@QgSjxqCA}4Rs0Lpy&ju_8UA3$V!3vfK{bJ)}!Rlx(36h8Oo+94;sh|yyG_Otfe z6=wNQ(l_7@kT(y~(k4CqI>C<&1r*Ep<9%`n95)!?xEl2|G`dz=YHyGz+$A{tRp^%z zH1hNoUKdxNayR|EfdK4D26ntdqvWEAP)5|hh4d%&BxlI)qx`&Yn=2((UX7+z63ruT zF?s|VQZ_R@tqhiO&e{T@a8rP~_~7f#VA%POg@3N9i36-S-<~tUGt1|`_^?twj8TAXtUZxwKgp}1-=zY~+fLwr+mPwyrt=k=G&&MmFiaX=LvbhbT_sZ zB-;L`tU{S_{HLbZ{UG*g$-X@g=muNd-oTkWAiZh3PYt!-v8zax8|~kY=n`L}2hVOF zE6p3UQ-9nFzl2FJ9D4g%$gOQinGU|&}Q72p=TE*TT zNaCOwG!9W)VV!nD2W#<}Vo3dZ;a~3nnj^>lUpTLgACL}b#`T*WlK#Q4o~;B{$T$D)YX0{H?FJaoFAshz zkPXvQbB0N$7|E{w%ey>GS0$*tqL+2)tyb~HABWW7`tY^izFvKJ%}DokU#mH3kXc55 z#$s0#zD28i+ga%N&hSK-8DLBtg1YJX#drnK_Gm^WZA8Rn;ozVG6W`P1A$LUe*8Nwc zIB>LoN)2KFSkb!eG`r+kx9AWdu>V!e{4IV39q1GK#6&t|A~arI`K8KeYahme(a()S;Oysf~U|{ zLFjf}-j1-hS&N(Id$gJca zCS^e;*gf1CIMn-{Kfm7u@+MB@ln?L1-bBiqF?q3~@*L6(2ie$qg?jCL!u2j!05R}J z;fBGgIfCf@u1x*&GhsE3>0Qqr_NlgXMhdCE%O>O?DTqzfUJP(a9!^Xg$-d*fEO(*-0w_2#9%jPLaGIE2I!@xplB)6t(`IfQtao?^%ub6T=t%xbJj%FJTF02{DQ)UI_c zIgginP2bw`A6o{>_WQ-ZBU$c0XNhc=388g1<1x@6N~nK~mhpMNaDlO#tDdp}1ZAwr z=d&D{n-MFRLTL226&%kcsNp7*#x}O&?~5A;mg)1xQu5WNY3Uo9mwzh zzyrf_c=BXR3GXX6#!T_=+hwXaOQ}WP0v@zDt@A=ElBW&f3BHI#>9Rq1>YiP!+2(Yd zo}H#TZmtg~H*Ds{(+{|84A|)dA*I<3UIEEpEu$)8P?B5OoKW5W#>T=EEeP|C-@xF` z?s}VPw!%hy>=JdXNalBZOC4q{`9Ej9aX%q5p2mLm^M3Oc=atwaU2ERkRjQ*6e(Tno z^xqG<(T`10phdG(FHwJC0sfE)wLI*&xX$=iz3Pg1SK%w#uU9F;04$ck_wm10{g3z8 z{=O8_DuIaDvZj{10eu-%CKAv= z{XF%ra1Xp6cI(FQo^rh!=t`Kka(a#GJ>;=$e!f~9UmX1Pz$*~_d&V^>9kLg6{qM#K zI5567iPuMu{e4c5ADXcoWjX9%Jjx#u*1hSsABiDgIN;6y1GEq80#vK4T=vj(4(SgQ z-ST`mC4F#aN6MC^o&2 zCX+t~7jx-v*TSO|+M@={8Mz{lhqAz^&Dy}`OHnF+9D&Bb3WZ|jPQz?w^)}?#L#~oK zxD;JfmWNy%|7OPiLyNpdNb7F~{|+YEX5NaWM0M2RUCdl58^IyJ21$5IlhTx919eQY1;QyAA;M!&R-yub z%%8H{;fET_-pBWFz0h#}id^bNFrm>_`GzgW`cXr^bp7)%|Kvh2--l45lE_B=z5NPc z=nMVkt;7hxks4I8pxXEczy6XHozq)f)$~`?b0Fm6FCTOjSVt$yiA>f=d6Np-k_Eo1 zfP)L(!gK?s01-YbJ_l&FcWbf5yNZ?j>j`KZpXM!7R<&@bJWum=1&l}yaWCk9aSHu) z9Dd0XPN8DqoK~_<5mGl44#6g*cSl>P@A{k8(nvmJvrU`;mNp{)@$YH<`eBvfu1tp; z(q{#l2*rtxA7y`d;TsJy|8{wf^pj#ePMQcQ_4(YakN1Cn@W&GfRVbv4VhTDHBkffX zins}D$W|hl9ty$*dd7CNA$eTr#KHv7jOUAYohaVV7{p|CldSeD8KY=)m+FWoe!aBf z^yLfxtUdBBU_4DPo$qu2dh%&Ti#pqIBTgX`4vkv^tEZ6!^9CL3sz2gtwzbIWbr9FR)0QI#< z$Rg@j!sO*`1a5N;*S|2291YB)P&fUl2I`n}ikvJdfaB~d?~97&Aj4Xjs{5+)L)gjU zqTX{9iHp&M!*MYoqU{tofz`mP2V1KKd~}JBhx}K_L!ZVa4-t4324rDJ@FwPz1Fdb? z_8(iAcKZd6EnN1%$bk@`M-?GhY6K*H^|d0!X{YD80A?}R?pj9JM+rZ;gsI?>M~*`i z^&-jB6h;xs;E?%UI12z;tzK z&dbsjAW;J`H+Sv{p9uWLZe?-=g21zW5Co>t{l$R!x54;_kW_p`$#)`3nMcYg;IJ^)1gUNJ2$==)}Wq&<9(<@zfM0;JX8fmMFyT zI9U$fz4u8<0V{SGl+eeth<~ZerQ?~Ch+>||&zwi}mkq(zH7uvt?A7qi|GFI{OeVBc zbLeqy^9PQ3Mxk5K?iA_jCOiR+l>HHod00w|bTDcht?j?X(b8sz9zqsZ?XQ^apQrB= zsuOwFw-F=C!6w|Go@%&wP2S>xob?Lzm-8{jUALcDHpO zrM=AG@<90^rj8mohG?~oy_|KjE}e^g1N>1JLdEQjpreyP?7}C6h?`az2{h`?iFO`@ zV3Bxc1SP&v2yuqOS_6tj_Rlky_#r>*b+m;8`Cbl;QF$vet_@3La)hvz{RaJZ!Z(D$ zDjdcA9=ZiyhrH00?m8)2@-aam(TeJ7geks-)6Qf+u@m4v)URIpHzC*++*vTO9?Ok# zQ>OdZW1HnU){cCGvM7mEgF+z$alfpWZ)bQ{K&0j&J3F^(RD{JC=gwgiSBh5Y)rAFUQckP%>=-W!;rJT>+&%B0k)2#jH1*_w zqHLXaomC(-bb#ykfEBcT@jLdPZY&$8o?MFEo=NGR554Chgd2Gf0zJ@2{x(!QsXAou z6&yws;cF1&EzEt5f67S3MH;<eyT&&)OPm>5(NVUe5(OyhTm7`b{&ZI_fr@AnRgbJGa3DyFp$?}M+bP4ajTM( zS3l4KmIDpY>WMLrUvZ35*zdVNsI@3JfE}uH^AiLc1n|j^Wl&t$mD^>OUzE;w2B@mu z3zSQy0&~{=E`Q(wxOF*5JduI}GeYSR-f5{_hpw92W~?nNEQ-IIWh`8WQT4!{LkUkE zT$I_(|88=%QPv2ZbX76m>c#pF0*tSzN$2Rr2$r2dfq3lH?^wg}P2=|qH+}<=nEOW> z(dVjt&9*Dq0YtF7{A&HPiX$S_c>24u$W5EzG6((Oc;>wA#gV%$2^9to2u}mxU)i%>L@C6x7iPJc*=JpVI9Kvm~V z^A`fh7?8W?p+V-~!{ed%dDmMsH+}}pC_&55@e@*)z^{kPNl=%gByrn)u;MKP5U+b+jK#`ESY3&TuiGXdA_!q|%HO&-gD+Ck$y?>~l0)x3Df%5%)GH zK$3NAdZHQ5%kl2>hoS=rroIj`T~EO&{d;$iA0RJ}$Pm&g8G&Rra;k<2aea6pCa_$a zNf9NBAdm_1Tv3gGc9rtI2Veo@xrEwG@{60UxDjgY1P#FoBcQiId+hDC_T8DB2wc2_ zKX@;fBNq ztxtYiwA%c_@r}aG-B?%#Iv&A7t2rw^eoXe39s8@OgGqu!PxEe>6hU5lEXQ%+T576% zC;O5I`-m$b?m{#@eCIo@V8bo*V;0+}X*qnUe*g27>F%yHdXs^%cU%Mru6I6^Sz}QM zcI~u0+6A>Qo5h)r%5p?f&jkMH(2FsTQXIZ}J(U9$YVOxOWKf8qzwOSgJ!v7f@qypU zus2Muzq!35@9Lx;b#S3fDw%2%4LuJ)1C*I;yIJUz5tRwy3#FQ!v}QO^67ufiZv1rg zX0?N#;wE8e*hP3jrHp(IJ$w&~d>ICR10o&Adi}~48g4kolo#?rVYJgSP*rRm#m31$ zuz`NWbl(gjXb4VdH&vk^pO@FvUMmiTIRzc5sk==zt1Q|qZl1o)%rUA~gs(I3ugN3J z0H&DWzS0v3=i$x1P^}v5{j_~6p&v!7yv6?GKF70Q<^^qMs6PwixQ_F6=RUtR=<4CW zmyd&9ov`@GOi}TkZEs1(YSkTXqUgR)uOBMpJ9%9U6M74spIHEw7@JgAf*+h@4L6G-PVoF#v!N4gF!Q82ze1 zIx8^=S)&pvf@1nsno3^qK_kA(rO0u>PSf1P?nM@h79Mog&0%!^hK&*D?myno$3e{e z20n+)WRY`Lg;|jEouMJ3Z~9kupOq7hz0*LVOo)0I%&DeJ2p6#`IK$Jfk)|h-VpLj0 zr-G5(XM8O?dsy*?%&cqNtFyD!u9W=ooW8%aCmD(R`7np%HlFj~dxeU&+k z&ncbL!w(*3gN$u^9P;BoB7f@~2%V0+p9}J<*T|4sU%cY%*M{JvG4K3)31B307yIVK z0<)k+c3jQw;)bD7QD32T3tS*!i1hWJue?t+?81mjS|n-E zm-{YJ$cIr|lGJgAQj-`X%Gjz?!X%EsEjjW+bJWzFkjV?(y5T@%!>Gwg&NK-%DuEk)^i`V?8lSasW&bX2R#_M!KV9nbRvsK za}>nvl=a73Sa3I$wax~5&0c_mVYEXm@*M0hHM2?7wup$mhc=4qo=wMlpFe%7qptp# zPKgPZVFy^Byp9 zp`{UT5TxBWQ(tT-4B@t=umv5AmmX;IYWq{g_fj(gqD6Q2@%ef_WdB6EotTjQGl2bb zxPI~O#>L)7-CMajRR5wrg*5KKJ4MCK2Lv)QpUEF9nwJp=3VG#N6wy4%Qxe9W?G>JIAvciO)Gp8Q*pZ_A+k^a{+QY8%D_jS$@`TYpkvgN}vYnC^X7 zwVDYGw$X{vKk|?o)Wqma+jHm6<(bv)(J%GL&9(Sc3Eh{O^0*Vbqk#TP|Jt>z7TCeT z%ipU%&@HkaHB12;HV0b&UX54h;^In-_Ve?*e=z#yRc+s8(~h~}3EHPzprx!g6NG4J zvmGoct74`B@)KNi@W9`j1>3elYj$a%x52$*EAm^8Vrtpr-6tE&TqDFKU@;#ZC&Ube z*~~qh-FO;6l((6UdA9>;k5#nKntS1QV1tRDeAOU5IK|w&6RxoAqfu^^Xga#fNfV8+ zH+vl3>}V}?H1Df#2R#S#X#nr>GD5t&T2{ph0eWuze7i^~=wZOiet7KxICANup-67d z%|au#L#)^Bjgi+}OHPjAR^0-JSi0}Ic0H$UYql?8q3M2JAb-)j+dB?iEy{ahYkXtI zpKkB_45;){TyUSvZL_KH-J}KXYg2&{5WDcV1B=YArLoWDYjXkzge@L%EnR6=!f6bP_wBtxlPa<_5}?^Tt_`Pd5HXJL#n?oqsT1;u z{L|+DlCpuaoffRf+VLW5r<@!8_0P2v;>gs zOh7SzK2RjQ1)7#|xhvLf>A65|_Q^H3*1mkT6^OeGJcq)}Z6JoKT+?87a)0tyNCr=9Q>~ugaL$*h z!}JOoyc;YwA&0J_m4+hq1E&$&;)f<2F>V>>QIU-Y@|G?~@WLBhA0Hxm6w*@^-C*F4{JA%pMx^0e5`QUWM}L2bAV_DnQIbv@3EX z)uU5AyqXS(*|eKL*ZaE?s-~u~5i zWnEBIR(S2J`~g7|U)xvpqUo4Rva+w4xMkK?UeTqNL4YN36;B|;B=d`$$2-AkyuyCt zJ7GKtgOMgTp3#DSJj1CAz*W)`sXr~gN^Y`+Q1pG)^{)?Q@^&AVZ-;x)K;q%4FSHAN zP`F>*0_O8%zQcf=CpbU`7FugH2OX6^UkkJ+e|Z}i`4tXEKjt2ZG@_|0bp<#AqYk`> z+RQe8`HZ45jJ6_v^%PJIcF)CT{pd^{ON=}JFb`I)aDEydok*3@+m&P4q;aumi_-&W zcVXTduei7C@VRt~ryM(UAd8)g^$Y<4A(^t(@ymT0P>9`Q;rh1CI z)X%dHQajx1g3_AlN(&LIW(PuzUanP`+*7z^_+t_UO(0O%7$ZB?4vP9Eo#n-7>7LxL z_CCumB7x2*5fchwt4yfPt?o=09Ef!7wS=}D;Si5#W7T{ug_>jt@Py4!X52B@m!QPV zyk)YdIDfnWsIR_t#$M)8SOiLl4v=aSDCEj#lk#W>uE=jC3?!USZpNB!nqIC30WpS| zZ{P-1P`qE?+>Z+M^F==swP>th)il+ZJM%T>d*YJ#jYWs1EQY(1z$mfH>_^yNSO7yR zjmrs*!rLw-^F&)8bM67}EBC@9(QyV;<^2};HIX$!6oUhrIBU5I=ODc>~h45QXe z(=!NvoFVP}TV`XYnpV$XTeKKyM}4@6<7G+PPGS8Vi^rZBe(~9O9`*DG`$evsf=76k zPuqVlBMC=~8&JqqZ7W|QUPc0$G+jeaso{+opVVT$A_J@SwNORWI?=)I_k*mGMCf=Zrv0eY+F76S*678BL;U zF)~Lts8=e&y62?~CM%^27rI{#hv!<=jW6=1%h!87<|izH9@Agq z{3R0&SqZ!X?wo?{ei;-Bp$pT_Ro{d~tpM+bJM-P<)_i+o=AAgKD&sC^WxOPrq=xZz zgL_xME6;XvriR_Mg>`vu+#INea_FvDX|}5lsG@eR1M%F8$^`Vii{Zkx{zppl_zIF1 zFcu^DP#nASN8pMtZgT<3i+Hx#p?b#_=B+yqTAXKdkMBB9P%Aw@sllS=g;*3j*d*Im zjaKo_Z%jr+-;54C0&p2Od7jym5-6fI1vR?T3K4w;pNSE%~b7-D1cCQ;X*&B z@RP6upx8%(;w}W;d+{+vFmYb2br2B1g6g2o^3+6&Gj5$vr3G zi1WPk#1op%s*#>h&!;k$P?rF@FQQm0=j~SRRfD)0f}+0+V`q!=AU+wGv>z0gG4gN; zhNY<{e299!Y#KHyJX|PBA3`*lwY{HoHDj)!>xzqP(}F_u@9kY>n>}Vyrd5sCeXDI_s3G(qUrOjTI&42fRYqHAmNfq7wrB*?v}C7YHrGhVKG7CWgZr0 z<5~?o9jx%A-#w7`X#VW%WaE&PVl9{d9o$+0Si1o9S?&L>_q_db?Eaj{|D>M9! z?y#8RNBx-@(KuR7&hsdV_nqYRAyNd<>M;bp!&u$=2?;mm${>=ql0{yN_Fk&R-^Q&s zUqmrDD`!wA<(KCYLoK*UC3xJY`?5ItoA5-`^Y zini#jn5Ri!F;qzxLP-(rCGL*Qp*Yk#u%AQFmSdqLhvYWKbewNf%9jxlyLXQ`)2}B` zN1<7auGez47Q0Ss*tS{2<$}=Z9n-Q^kHzMKQJ*eqQsJAn_F7YI?%vTT2fQR>E6!gD z-`VV$%e94@ksgo556Jj)SwlQQne6?b3y?B~2ln!LVQ5q8?xU6KRAb*}i)LK9x-vaC zJOp`C4F0itd0&oYFr7#BR_?7k_M1iD_@Ov43C9V44JYx1&(Ep`?(4c-i57IQclxKr ziuh`eZ|@$9y8rm5vAschIkng&S#V$dPrqf;PY1O}@db&1j#!q1flA z5K9pW;cT=N!8GicIyy{I%sj{8ph?Yc*JguFc@&NKbw7zp85?eXEXN0G+3sD-E3*ws z_$j{km!rMrvyMjJ5aKgHcNu~Mg6KjCu#)mE-oQ0v!>5(%z*z!@M;ofc2wI_OFtW^X zqjumQe6}~y7&wDp2<*cRstr^_BL5Z6?E{~ zasl8#@f)6qq%wqAi9aWqbcYl~tWOdA35EGO&{^wp65jdsL+Pb={!$s>YUr1^Wx+j1 z!WH9Y)EI>!xo3Ze)g?6Y#*f-`ubCGlT}*fK_r#AW07?cQ7r>v+c6m9ZJR=Hu9Xz^^v75NF47xy!V>Sb?&BUB|B zZ1afBb;5ROj}E`h(rk(Vcbai|uM4y?vj#(pU-*US&^_NicYf7VBUb|u;o%j1n7=V3 zN=3bIFYOoaP-@@a)yy>Kv!=B+JpxTqPAD!$y;+P%bv~X@3qiO-`WU|_B#va#eb&=X zcPA4obitRK1a930)=-@DSv C~pgO&W@ZVpp*Mhi(mMZy=UGsr@xHFNJ0C(GCLo< zFwQ|$#;Dj?U>aZ~ufT8bLNVcAe@}h&@%pkS+)~Vp9^^c*Ba3qhaIIFYLa)GX|Dy*) ztQfk^Z>sHa>8hVI#Iu8Ip@zW`b1|sX8Rcsp%ozuStkA+6x&J}4S{Qo=a)CeY<$@X%E!BhD=&Eou}k$VfL_b2tgLL$$UT+uw(Dc0 z#4@MzvW2>5Z;5*=1f=6tYv;UT=qFgpsboCoZHh-;2Ieh(u51k_R>Uy%OSnvoxF`*> z$O`*RV9%6eD3yQ){L{7iyXw( zlKq#J>reJFyO0y2s|4=28&kh;ZJNz@iG@BbpQOADjX!*P9#*2FdavzyE*ShFbK_*# za!2De4{(6I8ocgB&*@H|eYXEmfZ?<7qLwD^kB%gc7^|H##twWLJ*1!*61w;1(VfzZ zCQZy!!XuA}%cfDX{8Bj@vaG&^aN?ri>Mrv}vdrAmhU!npAfjG+m*H zQ4SI*ekZbND9qr%iH*r2ESW|q*J1kj=VwO~)s%FokF$F(#)A3fY&Qd>lC3YNq1eb4 zG?ks{65LH>L)#x+_T|p1^IpHBO~)Q`HkUs%_BBR4rO(+>L#avRrH*ghZ@^e6?9mjz z9X%Uw%`P)JyEn9%8I{A~{r-4eF5P<*XZ57ibHOEqYtCeo|B<2|WGS*x5W7m`b)Xt=LMjl3u62O^N%00u0dl1TT1a1OkmR? zemDA(sMZ5cus!L1JIHN3{)qE-ygu&H@oSoo)Grp5r>_gNltJf0-i0TfNGv>Brmr*4 z_JG6`Vg*}h4u2lP7m!Kv+!D!h&#lVkZj9M79CS{ zhIUBTV<8s+oB1Et$*ho~SF&x&`YPtn=G?p3HrFUNR}N%|cG?dfRHn}CYHGIjum^+B zfXV@E<9VVa>03*lMnZZ0j{~VPsoo1y7j*%2$3U zEi`w7b*L?P`hYwb9igbx(QIJ;Ipowd5gjsZCoCs*x-qy&ovWsY8%C z-ao!>oZFtZK(s%dzd&O$_Z7^FJism%_`BeDNI@K`=SxP^!BqNs2u}8ldsJq32D{xy zf(QFX0;!j>t7?x%Pek!gKDb$V4saq)#vE$>3aVf6>)%@96@!J=Sw>5ie)vh^Mm1F( zTbo`sNK8wPLwdwh@A?;(2%z`W&rxkTfBqqxEkMT{SKA@p-`$iFEOk%EcxPj9fXwp5 z$u?1`pFffC{{{uG#wsafYhK zXbqV?Vyi~c&K_1pV&=yX3%B$Jz!s)v&u}V9wUhvqYHD)Hrj^;BT;+%tZY_yxAOrtv zgPmQY=HQ%}8=gGgm7lS!ygHVW(XBZ)*S9oG9&PG*9_6%MYQRuGyD_>fH2&wgT})~R zT9`8;Yo*7bn~wcL&W+OZ(RVxoRv^qgG6X4j>t{c=$~(R+qe`$UU%KDYoh*LNwyB9M z(l)XJP2dwCmMQKMkyd}Mv$jFV;|LYFj2tKJ%pF+FYEPFr7f(? zDX|bCcy^wR`MtVkl}Z6wx<6dMKAO+&GRJx^F5nrq9J6m)uNhx&nY|Xc zOF6N4z3AZ#sM2E3L!-1O5{tcL*``07Y;al_0_JHKSG}~uqh&}EzyxXSTBq{K(|KKW z{DM)1`T~vf^fbUiRDTwf>?Xv}z>#|@JS+>94p5mt^tRXi2!x^^Zh4VT2_n)%5Rv+H z5|V%U%ZVjuAW52sGK%TPzVO{jR*Uf452$rV&Z_JvGU=Q?ij{%o)5}aID@Gf27S-ub zeudN_J;koBuc`b|d&E#*$Zt_ncx~DG-crvOOkw#hHd0=#DQ?7yyG+rH2X739Xm@J{ zPethFCdotx;PUtr}m>g6n#D^Oo%ntBr}!?I$ED+PjF3$3vC6 zwVY3IG*W+HCu%37nHrCrX#^6A^q0E5i`@m@en4*P+N1_n;WdLlA47z?pwmcW>__kK{jU|* zaeUp$UW^sZEXprL>roC24tOd>(?+w)F&vgRmZiZ#VE&;-t7t6rsbHLC?0j}be5WWl zy=~I0N?uxmc(2C284%kYeBgM=B)cSQAZ`aC01d&{=#TEz(>I=csH9UKV_BNm;h|Zf zY`A?UkDms9OOz4VU+p5;8JQH{1WC{HMKw**Vq+3`v?n(BwzqS|W@ zf6V&#J2C}7@v75(cEyw3H;4_FN)tJf+4N#KuDUxu?sGpI`(Zqzyq6(jK@@f1%5=TR z(y`WVH^cyMj9N-}A3)Lrv-|>rqpL=;N~^``+oZZu9Tz}Q=XIqambGGS4s;l`Aj7{mKwx{mH6qKC2z`XH0U_!MF~#5 zyJnY$7Gy7Vcw6Y?)g0POP?WN`uyD(%{NjS|7xui6$+fHFD@70EM0Tc?TdM(J;lc#o(jZ%6HwQT6j|_h|bwWI1c!!>-hgC zC-GSK(I{;&r>V^$;BL`Do8>mC;eQ0RP;yk5FEkddi>4ksKfqwCx7hN0b$MZWT8^WW z;hW~&vz(GB^_=7stJ|c-1m8>9Duh!~`?On9os3xf8nQ|oU;1H4naL^x`%s6SFS07V z2uh>BPt9c&jWMj#Y1vt-VvDC&Z^>p5#Q7idimjxZg^G&mId#UeCn)YYu1#|y(m8IB zuqlElc3Yy_gLzF8b^RM78m15v4i~l68)LD0*eP%rAFiQx2G28Bq}`!0j7yd?)>6nL zMlVGM#R@(aomS#PAIH24wb}k8S2b`AqTQKysUM@+h=-n0A3_Hl>H3yNpIoWl`2~EJ zYH?}7QFEKR<=MB>yA>E90VW+edtZCgiI7j^Ar^aSv`3kGt`z=It9g8-%b+cKX8feQ zsjF9qLKj$0)6ysBIx@tu1R*cc)zxVq*8w?O^a?LklK4R8o1KmsyprkkgV4I|0G%?1 zA=xX}-PFmeZ0!AcI2-kRP>+=b@aU?jsEmeWz{WS`svG-VSV`4hG-|oUIHElQcDTWu z%B)qkO6+O>wYi_^N9R1@QgKVTY&9zv9llri{9;((%7??=5PMi4J}^o+XV{0{fypF2 z@;L{;V)tl~TV+YQq}h9FgwDGtvF^n%Oc?!PYl+aQnBw4UMfP?=Z*;-fCy%l z3m7Q~g1^nqZ*kbu({~2rjIS&K|A)asX2Q*#r;~;5@Xi@Y(JL<;$yxi_^Ioy*wc{ez zBRQUpJ8`S!SZ`!&CE28*&d!4>v^6wGEAEcfXhD(d+uK-vS_he9%<}g{hvEQLbK{`% z(u5KKa|O6vlylnIGT(hAq`pJl8 z9eRFL3cYQ#93T0HG{WsmwGWA!X>NHeMP_H zu^5QVOm#ooOHFSd2(@BEi(#vxlL#R5kcn0Q1 zC;2BO(1{@%H4TSQ+jjQR9Uz6rlgJ(~=lLio*{k~ zAGlX$d@zM7g0#Kb9&N=2NsV+8=z(F43eD){PV!qm|D`WAN-ZqTQ;Y6u%XYT>KTbYe z+@|bd+sd3zcJlPvraB<)WqR?obUC3`-@de^UZC^Bg$p?EbK6}hqRvev0Et%7DmxX7DkjfJ_nFwN1v_gTEdU-b*hLXNOYW@7Z6nEtWJ$8--7s>yoKQC1rNZJ z#J2^wi97Lv>E5Fka{vcd+y)2IzGUV$U3Wdv4sQ^cA(-IEC;1Zl zfTRGZi1#RS96^(@sidB6HQ63*RBd0BK1VaUXce}!3SqwPYhO19-$Nt{_g&Lg&EiZf zr~NV*$*Hc>y-337z9XFc7UA~?Ui?VE;{6c&@^AB;t5&`%g(obnB3@b**D)V%oqi3! z@WeKJ7lTlg7NisDL3 z^bt%>^5t>I9=drh>sQ*7LXhbZEb$}PisIkk`j2-cdKcrqGgs+XoCx`cmRkFT4N;=p<@bM4Nbh_;+fEsAeK0omu2IbIG`x*#1;(r$>Qr zv^zgMeXGdGG^a;rdFB1^!%(|9Dk10&2$y0~{R|^Xq!-;jR@55pZ`PKdijQ;x@Kt)i zN&Nzfy_|*}|H~{z3{(zw6k;#4ua2Aqfq9eyIE(i!kK=mOnIWDvw>!~?7eLgCVL@V) z!n6A>r)yv1Sw~4J z>Dgso%bl@z*oxk=0hlT)#VY=LJn1H{0fJNrAqB*XjlN$e$%k3N`ec=2qp6)HyYgLa zk3+%|XwvnNc%ewTsBNdsr*dwU@Pht0>Qnddd+{jcO^?kWNwLn5iAzX@>dp5kYp0!f z;?t14G<;~PMnV9D1>N;=4&+KfqXY~}1dT=;G=Ay=?bR%eEW&Oz2{2_I-HLxF*Bbe$_DLoT_D@u1r{aF${3$C(V3eP$)lIiZCrNf+O~8<&%lNyBp2{gu&gd) z!3ZV&m2Y1SyJjr5zJ_#`Sg-nzOd-ar2!J?H%edD+0P_@Q`LTJ%1)Q3;1v-I}MwgB& z%*;$=eN!Q6L845c_kGPQUi*Vg$MwEhM}eO-CRN1b)kF zvH86=r~gFl3RdnZ@M6Wmp7lA1bu{ zYa?AcYgywU#hxH1i`FNFhcct*_BtsZJeg|^r!}FH1?@%h0dyb@CRGuGCO&qVR46w)kSq3jdkUS!0g?heISO{eREUu8oy!D z(;{CZ@1Iwg-<1RQ(g0Oz7HtZpde;b2URvWPONAiOdQp1i`NBbdi z5|u~N#mEUbAwiQFCdC*H5_O#P`@L^w&?%~bC&FK9?oL*TZPd3be2Y3W*AZ@$V!@-v zd0xixakTr{5Ghac$iUDwThcLNIWxq7KB2hF7r)TCN)gd7Kc=XJ1P;crudZ^2RKy2; zttogZ+F4$5tsPt^uX;zw{2JC2%?t0s2$F0elELpbDm8-5ustqFyu*j&s#xOyG?%3$ zYx*9^Rn<2^zSlEIef(y)`E}y}wvEz)ZKe^rCUeY6o{ZpM@4f_^|K%wXnHM;Qx#I)_ z$ef2EkuOwPCrk15*Hj@|sr0XC<)cx5&+=HNj3sSRDe|C~KL-$b9nuyd0un8;4#I~I zU1R`C@A$e5a^po*k<<+6^E^~9`(&UI8f40;m_=6rx7B@uK~Rm68{dDS`^)BQz0)fP zC1BP-lwXOY(~+h45lyef_Bukx*i_Q9rKb0RFhf04tt|8^jcjuAmbv zWG7~62zf1X=8wBK(cWScSqK=ES2OeB*ENyiDN3V!VPsA-T~3Vr*d^?UgtFe8{8zF*+A6RdH@O!t7shHjo3*ojSD` zhS>Kcz2k=sWjxxe%GX!zi=lONH%rPP(i(rPN?TgxLyt7bfJ`mTr*B=|*SL~;p%LAK z!7T$S^OU)OnzD(I*zmJOt*u}(l`%+d&@ohmOuU*M6EaqjCNT5X1p&A!2I8?(v_)4e(wAOQKnNkX53k;u}PtCjpKlf_lK9 z+}Iv{y^c3sBTSp~g6yu29NT_1JBwvs&o}qd`elSI~Dc z21TR*sXw-xk7sS{OlMf2?29>1UPU`|lvlw(+{w5V^kmOVB)Vr589E zBF}KD1aQf(_7kpfJ?Isg zKXO%|Vt~C>kE{O)T{MK) z<-?>Ck?10qXzwi~`O&ZG>t217p?D);0b7k^6w7nRjAtU%83pk_(M?)9Iu0GhKUbj+J+Vc{C)-** z?`|sOy&t>AljB~!&%7M~BHpYf4TQ_6+|+#sT>SCwbt=kvXLr4h*I_qhnBKQ^U|E`Hftr_A%S z4`O9&L(upc-{Er-vnpWwls!1LI(HoV=&cx|1VyXFBlu^j*-bV*--H_fZG&VJfDvZN@%QJxO2PXum}uu1#3D`4fV5 zuR31Q_Da31DFS`3o|2Ea1LC- zhonlJ`0qf}ZRmUdC-Mh0)EuP>oJUYtKMWx_(U(EBL;>&r3XovuQ9@Y`8JPjhIvsku zW~FkTtbTgvLI=+OYeU1YhDA;J`K~i(xQ0b6o-hiK<7}5W_g_vEW%bnd5i)yr zr6?PJp6dn1qx#d%V`h*8P;KM11>)H$&U;Ye;8b%1E|f_qzQ{(x@#|U&vtI%Q^1xR7 zXjd?>1;NwIM3hj`#ttP8~`^!D#l=y z8+mVAFTMMtHuq0tZwF*xmr+a+it2@vIP6eaB{Xedwv<;AKa_;WzY)8*XENt!DUC4< z3Q&-d@yYyd2bEB$$^o3YGd7i|@21Os@*M1>YVUNGhNgwYys2x@Nm01+eUEdpe4Ik7 z54~uIA)893gt!1@$qh~mlu~H-@$#djrf!E4bX`bpB!lO7g3i6~034ehw73o`DU`Vi zC20PHedBdhn6iB+QwqMT$N}h>!^M<0hzh&BU-P?A;pea}2Iz`Ksf8LrzryAN=fvQi z`%&?YsgB(yYKQ7jN=T^>U(fD&azd5r$_iJg$}P>)KU@5mBu~p{IzZWb0(9sP3tElc ze2gvk2q~$2<+P~31Z_p*utBt{;W!^VK5^7}fRDaNA2~6kuQ`Ke9Lprcs z>FLrZ25-SzkRMHls=+qYj0BNUzi}8*)C6@yhOpsktO^)5=G;P`AM7_2G;E3wL}iKA zuIrjq&YiW{~0uMatlA~?`0hY z?GF7LHglj1+hOIQS}>SVhCozSOSWDke$}5K!ulQIlJB#t0zGQi+x9`nlZ90-E{e!qrA1lKdatjfxuM_%1N5 z=I(bI7dACc-f<_0$=legQUer2_YU{5;CWN1YlA@`q?(mDP5?jBA0%r40(X?{2Z zk6?S&w9`zTSmG}C!*=iJ9B1k>L154bIb@-V??m(dUq5?0ovDGtz@DF2jNq{~mJvQ| zKX&T9cXeFR8(Jo*kUOX*RKSbJl>vsOm=F;WS-0uGZ3TYTgi_$xxH4Pd^IXSvJS_y7zIf~Xt)ei04EK@ID0NyIx6N&GG;*fF4 zL&l^Mv360h7ooe)YeHvy9)eEUMG?z(GecScB~K!j4DY!ke0RfFMm5&V8(FEOXrVU| z{!&FJ+Q`~l`~*1L{6i^J96?22qY;eHfo}I)>+vzD*GvVj%4U7hZj|OJ;Kq7$Bm?Sk zTj*4%So6u>Iys}9kAWZQ83Va*=8*VJaqMY_p&zHIUB;kcXXz)8eAY6=D?^?FRHInc zS<7N-qj<(Op!!{LZ+$!Emj);BweB5T4XGs|j9@8RNoMh4b$oIkk_IduM;*%^Z9D(M zBiURA=|}7u1%z~Ew-BBYS@PYm@x9-ck%+Kf?++}m{$;L!43lzWwqnmN>@X32Ikrm&UtnD(Cu{tD3KPb?$v(>s98^8!<)5 zHtghI1Qvs0GY@bqK7agp!4N8+$GGK-8b;3+;(LH7F>7SZfIz`85f4>F2Pm#vpXFMn zprQh$jcz{O&!(z51?AiC(YT#VZ>Ke&>9(P|$lFQfw_!9%qB#@v>_3zP{C=mUR(3^W z3-D0Qf7!=3xE6Sys~|TeM$C;i+YCP#iazEaVZ@dCM=;}x$R%bH>FkhU{R^2HKmYUr z`~|~(5DP7nZF;Y4qfw6+)CtVBJSAO?>FI?jT9o$VP|(6HuYRNP)1{~TagB!f{!ny*%aoRB&9l(N! z|M?ksp!xMJ%9ir8r;`F-sS*%Brx)>Y6(>Mq2;&E3*MSZFEt{AM^Gyu;rG>AJJpdS7 zlwR+C7*Z3MA%<`KV1O)d?^`z9A2%40@HkLlcSf$&s4ldSr9xryvAGBs+D$|>2lA#w z9YTn#@9sfYP`1lAxGi0~9?XZfZc@_A{?QLr$Fea+Q6FE%jvy)D4t+;Q1U{n)0~py4 zWytP<$yP?NzAlc;1VHAL2L=IZN}YcNAxH<*n+Y~UqJb{7Hs2aNz-{mxI(=@JUB;Hj zCFXpo<{u1c5h{l{`%ClhVXf86*vf-_R#n;LBH<2T4)~jv946LA)o*BShZJg{f2}Y_o{RoCe=* z$&m$2TV)kcww`nXJae~fvE?8xT49g3J_Ha)qTV0ZL^ty?f#V`^nvLjS^pUK&q;7 zmmysT62quQaN2_#>ex|FCbjhq7YnEvo-3h{&N6sb?7qi4LkpsBiATX^=kDYW;x(OU zi}2A&QqLdr6=ydahrsw0wDUkOM{XsZA2juSLQxq9J>3nc#m-U{rmVQSXonX0USdk2;c}*qd1QX%%gN=Z+Iu8 z1Br34mMpNJq3gDt4z-aa`$?TGhr9Q#sthW;gNd2`(WlNq0C{|-Uiv-Mo3(-;Uy^SX;jJ;~h!npw5Wc4|g z!~6RBD-n0$1Kr1M+n;-sJREe=wiJGO6B6LAgr5-^h{zI2fVTE_17^CA7#Lp6- z?kTb7Hf!)lFPQN1gy?Lq_iNT?P>^7z^#v8=XrS;1G&yL-K8%rUWTv_^b3f#S-y;UL?Egus4aCfD+N1o&7OnzQp^pkH4Es9sfC z?lun)pM73H3lknxY-o7NZ@GYp#Xs30W~Dt0HV-D*3Ps2Q^|JOM8wdGLugay>aE{Yo z>8gd^F56k(Az zGG1L#NiXqsEE9U(UP$gf{_*WA_n*VSvCJ<5cheqZ2|`^2QA+Fb{>&a)cQjDP{35E< z7UR3K#WU@D1{x)kb}ZN=r+oLh85sen8=4xrc12nd3O&`J7v(uH^RaU~`dGm2I)&UW zj~4_CGO%dD&%dX)>iT|gyZY}9Z6VVU6(fn>RK}} z9b-xj9jH5Wc#F7sh;FUoRSukC3^V>o0}a9s_A4c*rQ{381iqXN=1`;tCgA4?hxDXAVSvRBo z2C%(%(Gk6nbn1hJ%v*{V1@{q;INdCNQe)I9_R@%6WvTXUyg|L=^py}?!Q*#wSrRdRjsJg$dC-ms~^y|9s~j6b36V zN$48ZI86=*hL&yg^8K~^j1Wg6mRJUdK9Eq@ADbx@MwVE(h%y&Q#_u1e7k$Hh! zX2h{@Hy0Ng} z_`2HHN#c|v@O7Vqh|Np=Bag}`AvUM#`(-Wg{!cBy$}<#cX?^|XHo6uIVBo^3ooDbj zxCWcIpZL~yp(O0EAUcce`dKd6;nki*hc8BeI5@H09oOyo_c*L4$zfQJXZOyO2!81o z1}Yy+UMhQba-5hAy6=A@B>o5a)OPf3MmXA=lG0%EvMkU=9uyY$RpB_kaSUR)h#)#p zb*`sbgg*|9>;Ji^gn8t;#IjV!iyol(du&kSiHFt*k^Z2;U&W}Nu;twhO^lBdYUz*3 ziTddCQ)OHdC61R!a<`4$Ypyd-FJJwcoHKFNeR?(FcW=NR&4Ffv*I2KfLFUJUso0E0*X|5bJr zy+w%y^r#7#+SgZovrcx?(;`^OOFlZ@7#~8q%BNy|08!tR{DpP|xCT@_B5O)Nxmh&e z5uRr78D7$Y+%dHLX4<`V9@gVsZ>7G1$~M2cl+lxyxxfi_hMSk&0lVpODc@Hz1m<{f zMzrV-wz=Z?aGe=fiM8#%3ppPfM)RY5RDPeJ$?CizI)Nn#2&bsHeA=y%;43dhq9@&r zmvtXeRoSL?49KdbsvfmQWb>63BxSm}IVa&)G)&9*IV}r}vR8`WiNGb9iC==g&MJM- zw29$-yzv9ov*sl#?0U=)Qe!3OtHkUUk+9H~M@@eq9pZ19=i0%q5fP>@#5Boy>nly9;gsgC|}d`}{ZrOoy^v$LWyByTDi^ND=!z{M06@ z?0bX8mz--z-Ty-=xu&AR3&e^DF%nmMpeG&gxFn7<9wF+)quXFE#LdA7B2-?j?N&-u z$1>#Gtu^K~uT5IzN3S&zoM^>y_y$DDF~*>vTW?1i!vY+}XB!Wel^Rj^ad`Aclt$Je4p+dQj&^<0lVM3(r zzCn2KF%}=sB`v5v7MvTh$UflisHo>0P(`{O=YJXqKZ_gd@p03}%9h6|j;XYjDc zAmNaG5{ACHV8~uV03NuJ2`q!tF%>Cr_rHiN@)jW{n}00LqmcVCOLOw`Q(UO=9WiLm zBPD_q{-<6aL0^52;2oiTS!1)@#vH%2n)0NdJ>R>^g zC&PvLntk9T7@}c9`Ac2)nc(YW6-BtL8lv*_*=)XKZE1P$&w&9mc%kYIT_ z{)WE71C~28ZANj%dC@`Az_8=1lRj@=qRo&ZxF6iP6 zJ^gD6V_RBR1NVXwaO&k1jlWav_vWlja{C*F+w&FI@}oaF5FKBq($gFWd*ss+0~vfc zFID6c5<{$Q>~mX5>@*v~pX=>8>rT@4Vpic$q0Sc^D!LW})fr$Ow!zpYG*Yptz|kI! zeu5rdvrMhx?JDW_QsQV29togbE}>}Bff-H^z_4^wfqq>wb#7LrwBKs5F3F3luQ%9(FaH zrLc}wj2I!*GI=|vrhJZIrZrVwEqqI7uk|IFt#7c5{Hp|#iHu0#KM2s1#s4OWqwRw* zwCGj&9cDg01jfGv>vLbEcD{Iq^IAgj9Wps9G{YxY$T6qt*T@M7+dt+u{#qg*uv~oV z^Ubt@ss!U;o>QGLc%^0J<3||y17qLXdD@M7on|I`nI+KRsn)8MB^4CVw+DK#2!_%# z>mCy3mKA~>`vN4s+x4>nhJ}z?t?^}`_mKjPKitrF^BGK!+!ymbiVKn95YqCz$IhUz z(QhKg=1~BGyX;fVY_rN^rC!V*cEV*(e1eeqb-t1-hU5os8~|1V4g1ng-LrKd9{H6^ zn4u*tbAugcr1`ad7}`}*-*-8+Ln2ALvsw_j zr9Dm=5L~r)YT?X<)J%NVyGKRZtkfqa&u@d2DoB=u5ZayCbR>sq7Bs|JuQ z{pafdoHs=G3)Z=jM9%6eee6eV7y))p=w5Q%^1I1$RH%pgyic&Ou=M9;;5>d~7`;3< z%iG-o+ZYn0C%aI_ghudQ^2+y?+X=-JxllB-a#=I=t0Maj5SL%zQt_#fyTw+bVXhu0 z#5`T#Qp7utsv%rlI0={P`S4nQ)2aF%qf7BRag{t75L8NJYGkZnytM<-U;?gy$nMqE z6QnzE)O#fu#n#&nRbu~O7KdZ(84^NA;rP3iUHeN%d_}{YyI}Oa0Z4Q-;z=b{`!Tm^ zSI0_7W4`_I@sgsbuC!Y)tf4LHv3!DZ<9IHbn)YO@BgRjl^cM+*(R(!;tHKkk?3w%) z11*sCFbF+s?IHhKqTa{+03535B}h+)Qz;bqSkMPMVJ7In6S$!2!Q*X6r1V9DA~*4( zN!U~fjk$(Xsz7zX-gyzJeKv2FOn`-rEU z0$9Zj=$MQe8P8RuB<1U}siY^v) zasCu)+&sMdtQxuoK4d^h$b;p!loZG!1w2|_+IHi-tV)LQyp{CXIrU~kEr+R7FL85A zaRCM($%~F5LpVb{4%yP#BcjOm{mYt|9Q^ZLd*n3DdwHdEinI^#x*p@;TXRs!foyfa zsp9IV=l*n~ ziHABrt*CI2T2Na6y5Pb2=%@T>iZHXg=j9y`gJvYwsYa3cz9hias@FNls&1U;B*Inm zt$h4vKZEB>Zck<;pIgX^iYnnwfHb~>s;Uu;bKO&Mw{ABgP~$%YN^`|!$F1K$5`nRY zL3*i8=cU&Dx#tMAGvWC*-urBA;)YaE37j{BMtja5dW99ZRDvvc8DU5_QbWosDl zqSATRYI!FSE>eiawYqu2*x)isDTOA%G@}LcrTMW|lUMq!vHs(AuOE!3*Gr{v4b3JM zE|k7tQ!~hg$)3PP=};#fRg2$+2Eb~oBl$Fa?)%P7k^s2k6V#?CoJvXfi6sXn3nl^85G0B+n-T;}AMFLRn=<_J1w)pfiMa z3+oRHgSp)aYPn6@J1o3m?5%TZXm6}cbXqEm2t%b@|y>#Z?x}ySPwW7w5YR#1NXU&AwPRh`e zt)>CRUAo6XVNxq>dPD_Ii6ed9WYleN+p&*i z>}a!3Ysq7Z@m^`6l$1kMzC{+{iJQ9zv8|iiBYPG4?vh|NM7y$Go^xA?(=ad zaa%wsHa~UebJip0fG(i_zGT%Nd>-~I!^Uqzt%Jr3yPX0JSU;mMHY+2#bj;-`-L01< zK+Ld>)gAeV<|1%ue$FdrPC*PxVgSXUgyGW5EGej-)( zvEpB3{R?48@%YaV55~c>;9OZ#ez1Ml7*vjALehgq=+;9toYs1_QBmb77_^`nC{R!Ql?`^;Eg1{+_xTw^I6DK{L_P}zo^6yDQutKPQMmjy+Ho;v7V>$9Fey1m zr2-e1{Xz!z>WzXov|9?$$*&{SXz$F zdt}Rhy!3P|C@#rs!Fh4`?c5@bY0LQg&KH&vsKh8vv9Ms4Z!|vL>mbgA`-&oej;@QDfN+$Z=Bg$x{^%q zBJu+q;0L^e9{fkaEcg@q=4XY9yGR1Dv`qr|k&lSaZ+W2=$3DDku%%f&?FF0iP1No1 z!ToTmib+8$G{E*atw2|QJ96@z*H%-SZ!8!BA6Tn(7evonPc)PR>L_y0ZWsFDVg>CD zQhckwh}BM60_Y=-lHc%QEVE@AyPcL{JCOZaGyyV1*6KB{QcUs|npAk8!cXzi)SSS? zU9GF~LUWn)(n7q{tM&r4@CDpwcP{85g)xBg2Xe)OL1NSp z-6u_j5%~`tue|4}VF_59u%A?_v8c&F5(gZx@z%jtX}fbLP2Pr>KUuP=x)f{Ik*Xt( ztM*#ZDjw^Ak9ygU?VU@k2c|C*MJBdj)SHS;m%xyl<4roDGA>DMd84Z<6a{KZf+OwF zcL((?%J5@939o1ei(iXJL+S$Jq4w)IXH3RzRtbgb7d8w4LkK(9_2xfA*`?v{Z!D0Y zX+qg0A;L2tlm19(Y#ueHY^qRP6K==z>oIe@bDB?F7G{NJrFqYbT?_{JM$LUAKDr5a*iM70vN5W%vCHI?u6JqF-);PzklGM^RxtP z=#UKItCN3zvMasZF;GhWY0bGo+Bo^R7f`og%A?hD5vrnI1?xd)K1j3O<`%nfrvGIG z5ze_#o-NkB6WNec08i&+-MJ9RLAEF8l?(|SBi97T26vO zk=*x5R(+6W&nY?v57kCvx2-$)4R@ou2JHEW#|R?3VP!`jlzP!bK2@dft8`EFC#bPhRHuysq6?ao8KN2|uI_0v3>ahGFh_6K9Jrl(_ zYR_SoXYr>k+b&vx6nr;TIgzHq_&7ZW{u4+C7$b-q&HGJn6;T7HeoVjH3Cepr)wn$FZC2SpXUIaiQXka_}So0@Yq8aw^h%~bYYOIkX9 z{J5DkpL&{gLL&>y73D@!4umM|5HSw$kE^*wrP05iptRhLD9N!cJ7$Op8N=;wwcXHx zlvqT>(RS!)Si0^an`Ap*l^*uqS!TRf5O&LHg7lln*>y{fyMSOfALfyq*=|Bswr@oA zaW`Uap&CfMt1B#g!>)|80v~<-qX)JT-?#>(^yb$+i|42g*w%6w(X5XnM6|}d@z^%Z zIT1`Z$~i4jiLC7v!Dt|%0n|21b-57!*^T0KQ=NgUn*lCzk0@{Hmiir8`l~BLcrO;A zDBbNnb^1=cG&DEV305SEupHtx(1r>pJBYwMhGwx~3({E#sV_ z$=6%fZeV4|VA&2;$c)oF_Jbo@k!B?LP$`n;N=CiCC$-m0KpEV3e6+m?c6zImpDy?s zrD*)s-ZNQS$KO^M-yd3Lm25@5$gjf)xV>~Yb5L&M;YBEvKSpq#>yJnRUM{;0AFvht zWeIWnDez-3WYZGr8oHLi=TkS4kLLY&`0OTHA?|zRGU2U1J>hp<>9p8(FWpi?2)2yG zN^DPw$?03uo0JMa88fnk)p!x8CFUmSL(C`2N%#!Ydx0{tr9>lCov#mDf4G#x8bxuP_K1s+* zDhxYe_kLofBWN{WU~)b#7kZ3%&5k!?IAyS1_~l&}zF^fa-Xm)DZ_jtrkv zDTlM76xQcr>qs7PMW)&4Y}&&$v0tXFM+zh2BEm~Fa^Xc|oPs~t2GK^ax>N@S-Jb|H zO1&B*+;Zfh2Ok&lC1Y6WrnyWQ^n|OIIr8(SEnt@N;p`#t!okC_56ry7ilD<+35Jz= zm>2Kj-I*~BrDVqZP=FWb9BEB{fEU{pdTgAP-z4pAp&xs=rukRBmR|#G;XXQDmg;a! zJbXvuM_i5=e%DP))?Sm&>`#T|i>V!!(^WckA6<1|38iR$VkvIHZ92X@eT5{izknSn z6D)f;({TT)nQpqp#0VVmj%;`gUwvPI>eG$K;o%pP53xnjUS4WD#z~BYKHOw9YU;rq zgHU7C9i`)aZtlPc_Zcb8TKp#rJJ@2+;Xk03;pD$3$0qg2<-!Y+z$?WFX5vI8fiI*y zO!mS*)}KD)BcjG>3&R@xDN{S{)l2F?J&=w)ksnGQ^d^W_8zGO73Db6Y9q+9IYE&<<3B<{0uBvs;3Nq^TjzXok^YCPQz)3KUPev&*f zq)a=k9&tVJZP*RV*Gk30%lWv3SnY62@-~Q~ROK7g(I#34=D`}=?Pq=1-gl&G+mzEm zp;-91fd>v=7eziqEx8n(C8SKv;zsM+Gz0K^Dmkq(U`;pL>xNbciWK4>*DbHsXw?}5 zJ)TrxlCv-ndr$Xi74PKxgM$e4MF)sGW}Vj*Ay}Ccd-F6A+tthE&AP$H3j0sq2jxKn9q+xj<$`6VK)y03 z`LEl!e;CkP+Wn^%0FE5)h)>GY&dY4qun*{iEs(eqUE?9?BQA=wDQ>v+x9fMUB=lVl zW5|_=zGDv7nhq4JH7b&_Oy}pcFb*~jdbe^~y=TA&2UXdso5xI>x4>Pnk6u#s3pcS* zvWOaSHnf+#l;mlRV)dz1BxN4GRlaOg`^h)oOf;nRn|^}`8DUA_eu?|+>9U&7&7%D= zXE)xA!#mSWL^|v+mB361Ds%HLXG8Ai`BK+>fespR)jXR22nX_+6XBYv8pj8%q(tb& z2cvO2k!#<%@YS=tf4aewnB>FQ984;^?$u}71rx9VZ6xl!=DuTC9kiSAE<=PSc`+Ax3)t^G5v z6YwKFxQw~$IR1f-7<}6wBUFm2*P(Ofi#ggh%w1{UIjWAfb+ALbhxja~@cMe?1DP)O z%eBZ1osEbnQ$5BThS6Hb(hDLX2cPPHy}I$((7i)!x>vtzujts6S9jo3oT{~`IrrW! z){H{zl~W#!Y2ijnAo&Bn6}|T4Zp~Q}zu9>=`IAaE>i>jz_%47r=f6N)6|+aZO3Dw& zXgE4JHVJ~fijmc#OPO7Eqa!Ci`L-&Z-t)r(5&bq0LX;9bjN@l-GlR??i5)@w&Pf6gJ=?3Jqy`sckFAcnU>I`mqY?Bb9nU@D;Wo_WT9d5ViKiZM6$hz}?^XdkWG2sniLuK}cOR`Mc7xH8 zbn=LE$tyDpMKXt+8g0xQuxl zAe{5}dWiK&04mH{`*COUqX(#*9;jn+!vIvsWw>$ss^#De!T&h=PIXP->3(RiWru<5 z2ON6eJg2j6c|8Vmk#!*7C91CxiC$A{f@c=pIUQ-U<()VTM^gDv^D8?mG9!|(2a?F4 zA&wUU&9KbF*F>}kF;qVH4vjO#x{cqv6lo?NK6-|{^ip?@bXdrAw1t2i5D0wm|4$p97I-XCrW3>3z&qmKN* zGZ#LtqxW7i{-Jr?*Q$x50{WrVz2jRbQ(9Ud^ys|4naXA3g$3RS7Y2X|GwW@VPQSlv zDJG(>Z8Okz1>RO`4YxB6qhFy3bm28(h_umy!&!n<7%n+Oa}0N}KYZcw4^e5C`fo)g z6WlUzY=Qgizuq#Nr0i)(@Jrm*aLs#gOLx7v{!`RH+>9%kW#-Xo%;C)a6jAn@0gK^0 zg%6R@ld$mQQZ@|NuYdtp-OX7OR!R2$VE$#pObm8JNsjrYSJC%sCE+2#(NTulfp|p^03EbJz`&yc>>SvI{})Kr|p-Le2Oerr9cCe9e-D zIc^ASn5r#8gX6jUA%dLKf%?B1uKiDyE)VfkqH~f!gfv zxW{0hk+KBP9xr_QUa4qDz<&c)4oyd)Rf{`>aK1ZfpjZc5>v;c_gwB&h$($zg6TqRF4tnCwiW-vPn<(L8(PD=q4x|5;ixIJ7 zGl?5=#bFmg)Je6Rbhgf~d(Z=hl0kp&mM(amqyd)!fdIezzeA9>ODE%Jy~LU4a6+|x zGMue%T6voINq%j!kW!TbLB9>l59X2up~cxPHy}T7-(_~;zY@6se9f;!W9(G-~Ln7qg>XF)Ac%#!Mm1)<3AvJFRVZ7^8d%2Y`&`AUEpD?=r7VHNe z0>00)7~DQeCA2j9YbI>jIzHmMZ?wdk_+z zVV7CUeHqF~^Va4(`udO@04q#JYV;K#C6{;bGIEBPKvpnisBQ5e!N)$S={Ql1qfIR! ziQ<25?nW;wVj+}*PF`O+CTb3KRoG3*^MpMM^0x4%0C{lH<1b1L#iBQzoh}8R2dfKM z(G5}CtaX+1p$Wh?tVqU`a^aJfYsl6 z8+VR%)b33dvN?h~@xMAXzdsg!97`##t5;5I{le&4rxl_FO;J$%CXZem1t;)@ifHE#HaG*s(?MVA&o2+rZ8@K%DDWZ8w9#`o>H&X%Bdcxm z7Tu5gbc+lYqB2P*H45?!E~oUl8Q7gezdyqU&WgTSGYt)hcdx1&!z}RIQdzJ*D)j61 z5k>rl6OaZcFa}AmOffL0NCl9@3&}?l8-M=uxf#aro2eX3%t+0MJO!$fFe&{Gw~-)N0{<@}+y_APT%uL`ViM#kX?q^j#F7LERQ?x#8%< z@fu(exNoI~|CvRgxlCmDl<_5-io$*lb-~pKr}1(3m$`PGbC?I2I7c*d{!?k^75dTHT&WYaaeQi|{HZl^*B4Oap@RN3XW9YDI&gGpQw zu*2yFQvZNd5c?Kms;GqIW|(xx^F!qDQe_~rbc3^&IE-(hwQp-=EH5liAV?HNAyCa6 z2Mg;{0gE>s?Fn2O%Y(7pYz%-#DGOR!Od#FzZIb#>hP)=i|`%r#Q<%9n6F-Q z%a%)^_k!^X9lG+LeEC6w8?~nXJmiA2QNh#z`U)X^oOL-Gd1O%eNPa)L*(qxYRZ z2_?`lp;RnA04w|weviacCQ-#L-wjU#4haplBS45@fKM<~vS0WoUND>wL`+|6JLLhK zQehOQ0uCkN6z~>-Q&rpfj{p%@i&Yt-Cx>eQq#!(m(6fOT?02B9Jv9my=$kT6_lB5ErBZ%HX=hMB!C0C z-dnDunFrGFv;FD}@+FKxEw%}XE{bhB%sK|7u`ta)bL8I2AQVLN&UVi}qP*rc*fE0R z_nlzA^=Z;(oW_Cx3n{wF4Mpq3=~qBM)oBkwXE_c4>yNZl0Q{uMnSO)c-MI*#c-VRg zok#N{;Rv1C>G)%g&0?X%LR!V#v>RU|pt_lN&#V>3pO3Nd%gB4;h?x)h2%nYe2QMSR zMx6E(fin$oqW89|2;ueb9RQb2gKR-N)j%K?5u!*UUyR#D^k>n%@17oe2{3#<$Gs67 z2JVqP5XkW98UM&y(ppIR&qI4~cL<0B%P#u~e<2r=)0H=9kb1m)6jSZ-u=CQEH@XxZ zf>)XlqbqE-^@|`!C1Y;)tPglK+Kp-0exGjZfi37jr>X);Vbs+@_4y)bvfHPx=Rk}E zdx{F=v1O0trbsTlo#`5IZ$xyxCOo9}EYOmbT!bhBckMpxu&b}tvp$%ort(!31yMKX z3wN6Xdcah@g7%9-H;^;uuh6ClpR`+-_2n6J#Er-fg~=G-)gl#P6f_NwLP$NvW00XGx}eP>{C6p7Tm^>@hO z6nDT>t#6B|JGJFVLq5o^XKI&0`U4-}ML5Kci*qGV@=fMVe}T5+xB@hsC`J2(-qp8T zE`#3Y#{f|U^MS8dwx0x{iub?(mkMYi2U`NYbo13`fX*Vr2+qOpijG0t!A~%^^fG$J z3bKt9zu0d5Jo?K6a2feou8vEDAfwgf+Ad__B676j^1Jk=J*g2U->tX~czwBv24^ z`xcO4IPJh}s;j{shU;niBBSt?+HIsjuug=sEP?mSKRu;>39~t8r}qtRhQM#^v}gh~ z(@4C-UZp~=e097T65@1#V1a@299s?+-VQM9eB~U8447ni69l)z00e|>>@t(=fw#&j zCC_g8!ul)DK;$x&M5h^)5g5n)>BGoME4>WHad6Dn>su}ZJOak?D^*cA|KCgkI&@JP z;YcTAJr<^cSZc4_)!OncgjVbX#AwI5LTJpwkc^@DqK{z7$pJK^ZlsQrSsTFJ&I+Lq z8L4$~cm~g`lnv*UsO|qtWTA{{#ZjALyKrLM%|zsYV}gCHLsO91)*>0W8=2zqV9%xm zv4?K)7qBGcWfM#bBjpuIG3 z(OdawxX&9#iq|yo>;M@6=mqAc$KZG~p!&p&k6c}u3|6Ik}ok#2N<3qw>_iChY zLf!_u`4O~K?;H1az`SwsEN(%?}&ER1Y0R|(K zh@jsoCPH6vS2Y8t#%w?mOb~8@B6`Ll?CiMREt~SX%ExgioZ$=Tz8WNX8|NlulRkQ2 zL1iJd`Pn$&6mbHsc8kgfQ_w>$o;e zn!vij8{ERxaCWisam?;ab7jjXThRm0;s?$R4K^p3P=pj&p=>pd=@%fuK7D=q&_C{Q z02^q1E+w~5(cZF3-^y#f^$Q4Xh}Lc&o{4Zpw8nQl2e=4J0>EXu zb9&d-C`PH2=3*kV^-J2^;|*Hypmb$0P-bU_Xc1I)Dv8k2o=zUvs_4;ebiq4BPGJr! zP*@z7X$L^%4hRPQ(pGsK4F6uaD2LF_2F@R~gbVC%XTwzQRK9_WT60PPiutNu6rj-W z-!Gsan1F)&`l@2~?z#dfcENDt$b$>)7?Yh_Z_BBS9kWYySeS~XfDrWw2vr|8c2~s( zGMTPHy!YMknFHt>0g*0zd}5q$x41O8cka9a?-JqX=D7;MV$$dFL;xBGSF{Z>vRlPZ zCvvqwQk{Y$1_A2^HCVHuhu;YXOk^IcJF@j`fC(GGgtcCxr==JE>UV1|O)12zSbk6j z7Cq*t5sWv;yG0WV3BH$xiP_N|cZ+xR!vgBW0vKJZ#M5>sG8JZ+q&6z3$ZMdwjaI0! zs(_kjo?k(SaI#>QmAQ!$a~^%|20qc_1wIgvkarU8TZEVb+kb9hLm>S%~HF)qgMNwM5ro=?M?s zibQm^a8HoB?R+N|8%RMmBm`^^g@Y88AcIsOV>?c3|9vUjzO0ehxGyN}z*^!rcg!(ChmhsIC9N_|O}=B$bkP5wF9+)x1w4TBN@ajsemm}( z9w3QM1)Wses@hWa!4kep3;i6<*&hVNrH)uy2Q7zoFNC55m50AOE>m2j31a_)odGUD z1gSq-+JBe&6H$cNmbKM@r@aE8HfDTk#+xm<9Eo6&y}KpPECF z`kqgB5N@H9K)Tf^t;+3d!DS?4!aG4}{$;`2dT!`Fu- zEZTv|Bsjk*T>_*}>%$>b{DQu|{w;}zMKBxbhSO}E#xARq^Dq^=0u~ntH5lFrLCoKF z9KskD>N7YA9kiExN3fYS)#mTx9)#TmzGe1zH)YVFP`|TYlYxB!Ecd%s11Cq;Kl*s@ z&3rp6{?YifFUV_bI0Z(5b^pB6Vx^^SJ%f~oP$Y8^#1 zb>V-ZILm4SmTgePlo~o6p~yxqQ}*@#)mkFNQXm4jKKL2l+4x+kYB;ZwV$Vc?wC?8| zXP7wl{3(0RyJy!y(N91F@w`c&GW!KhAN>6CyvS=~RC?R_Bijrh;Hod%o>3}~3L(a= zdoDgHgFh9 z{*J25nx6KmScOWR$L<9DT^V=%h%A)jrj;wYCc>s z3D*I?kuo+_W)uf>LiBU}`C8@lbW1UE z@B%OF|BpHMfH)CTY#*w}1KTliByQEIEv>yzRX(&kN@Swu$nv)xsJ6#b)f!T@{V?A3 z9z(PFUVIuTo4DBYIG4sW&#b(e35oy}PEWe28>%Hy>$x$;bw&eCA%M^lwSn@QVA`GO z=r&`@gJ*V^hhBK{-x>>$J-lDeQ{z?Oc>@US%7Pl=3JMPJB9|#?Fn>7-o3i(vpN$*_ z90h@itjG@Y(F8e&PH~abji-xD^dkITe{gQDC9-Zb`v7(qRf|zwMC{{ZGbTC1(K?Xr zm9Nu&0`*2;cIB5!pu@h7t%?Q_6a7iel$Pi+m0p_(Bkr(CM?k(FVH~tn6QLbjq=TZy zO*D?F?+Mj@O%kqN0CUZw@Sw*b3J*5Q=r~{CUv-d3L36<>JYkmz4E}XX zy_Y*4+j9^XMV9aqdGa0FgXfSw^(TUwvQ)Vd5WR6d;06sGD4ldN(>0%nv9QG=87OMAq^HNO#COh8DY`OI`bzvY_5#`R!59CTb;qr45J9q?M z*+hBgY;}642CdQ3&SCV6?I$q1cQ?ryZUNSoBoG|wmHGoPGKk5g={ur6e4)coCR^4FvOMb07=CuNF7zzi5gNM*z z=xen@^p}o3dVmTe&>OxHm3;URZ18L|bRa7y21b@cLtZq51eMN0ND#$$o`D(kyNu$` zdF%*%i|nCh;04rOL+F)^`XmdObhbNTBE))Ws=`}H9xm6!j+6l0%vuA`G57Bx_-nED6UH5CP{1m&dQJ!S zTagb@-C?axSL?Kk`vVj&01B;Q!asnL4N@#5E?`=K0nB?YIpc5yzsDfz_gPbK((K`4 z;k?*+sQ={P?KXdU|Edi-$ytmH^N&R3Z1Y%6b5yKcd@_Ji@9f>%2am!ZR|`etK)`=% zQu#wKcR`?j&oc1;3u)XBl_(9X`YELQAZXmsKm!7JYta?pr)SBzC>Y{97$e}1n(qAByvB|TfS~^EiG^@U!wA+vm?}6ATLJo)S%5}z`b5{n+U@FKEVC4 zG4_qvDDt@p)!!4qYjcj*-oQ`dtFKzBc!w;!8=x4{af$&IfPp_s`=>H#6XmFaom4Gf zxe&S+^k!fTj|_a&1LD93NphcVf_p6k2HQLiVg+kLdd9!#M78Dg>S>t9Lwp7#5IY-A zKzhTWi@{8B?~Rq;00M#rry>YP@MfL#Kpk4@#_mFu5)6>gy8Lk>;xD)eiD!tfe6tb& zb_);2mt_3$gsU^J&?5*wEBPrfQ~c>)Hva!;0hl1T{eQIl;kEzAxP{Y$u*-SztuyOF z(D<)u;k9Ysq)a+!WoLb<;beB;Ra-oO=WyLsVE+%0Y7M0x9Z_fJIs1MtMI=r;R_3 zE|Qb)SQ0Vcnju0J79UWB#i>`I9!o8{W)MgAqBKi|#4z(;d50~hI-r0*DXu={E6Y5d zC_Q;(?dK5{|Ar-34u{tczlx8rUyV=jcART{yWFU;BHs!|&SJq{G?LkTB75)!%9*ic zwnR)eOA7x?T3bx202Qh%#rOT8?fbf=kCP6A0*uD1-*yNeumgilcMX7=<}fU-ap+2S zeHkp%P^J1Yo;~=Az%Xst4d%^{nZp=}m(tFQ^^EgP5}(lzu>pKeFjT(SW6%LSE;du= zrS=L16=V6+Nn&(XH{@G>%{#BnJMJ3RSew$ecqc8*k#jy z-P`VlZH;{wR}zod&j_a`vdE#AhPySs)pvHRzNKajwCJ$k>)xP4$>h~ir!~}cxGVV#X?PEBiwED|?Ez6F)9ER%( zZiPLl{U4sedH4BRqB0Fp*!i~@Mtac-f-IIc|BY`oB&K~4aW8MIF z((%IOevXRfg1L-T5Dd~*Z@a$t&L%lK+J2FH^;MCVO5z3UV|y@cr7qBm3-ihd6ZuIy zP5H$g`$4%-JqR|!k&JRXNn~GCo}2gN<7z1s?WtTo_bG6p-BxD}sm@jVGeKNC=yoir z-JbQzWE)Kwd$by-u@c*tmeMubWa=~>9Gm=;zs6R|w*Q0%zt7_wRGdrk>c>Na`Pn=@ z=)c+l>bsXyd}aPR?O6Ahz)cz(Xa|bzpa3`~Zaf7V!%jEVznzA^-^qvQ+v4%B=Qrq( zf`fC2uxnUzg=r>}{_#AJwmRw}x<*=VM{$oU+T%8KC9wgI$Z(frg~GaQ=;@bchqfrS zR@hdDHkV%?KX4Dmko!CTa(8Aa{Pl_B3)H}?$+paS=n39VupjPTTj{Pq0Tmd>^lge` zZHhyF>IX;yIa$gq7?5^jP`X=d%1dB^MdQ~;>MwhoempRTiR3SK2!6wp4@;G+Kr)!B zW~FO#McsCFI!xFqe`Ye^wpZYYXj|p15RmkZW{I#~4R1D%O0Scjk2pJ6g~CwXm_zoy zFVjYK9aWtc`ujnun=Zh7Wp(HylF47CO1gImd=ukXxoB!!FIwKpxM`BLM|t8SGHQ0! ziawYx|Bh5)ZM1MTu5WovWN}2XFvlpPQK8@1)Lvy_b-qx;lS_cL0CdF(6{D0({UOcE zzdj2mCWbaI4~MPlXTu)^8dvu?|0w1wQqY?!xz`aE~Fv9Xi&}J=coRM z6jJY===O$n>gxu*?~>B68-C;83&Y7}#*YQ5T@qfb^HwPD3amh4R=)0zZ*f|#bm`AA zJ>lFO;nRv%N76<+r~%~WD0s7?k!hrKRZCty7s7J!-=EuK=F1N1g$Gjocdg^zRYFOYd>eioAD@)bqzyZ0&3 zeuCX>VB!F4^&>7Ylp~~&jU4pAR`7JT(}TC;%L}4-Sl}-cx}Nz z?Pp+(L-ca>=-+ZkogqbwdJhO=Mu*tn$ZtqW1RV6 zfppw_pY3FrmAd-N`KtWS!Cf=a<{--6=FPm}2>q$B2-^_U3T6{b{V9X=I-lQMeJ6I# zV59@~0cR+SM(sfzjId+~PA$|T62ZdweeQPy>Itf@(LtIQdKBKXb*tDct`w+4Pz zXsk}fkGAIB&9u6m=x@(pSQKxT=H}EGr_P-*SD9l9!!$TxY=7Sk;ez@6N%_&9J&r@7 zjq}k0Yvp0fS8bPjk7(!yhYkA`B-)=CtkTUZ$S`sYt#O>NXl&zdZiQtHU!H0#_l$HC zj6|{rIFyMVmQDCPZMrkxS<(E+z`RIPec`N1VPo^JTZh6>%TUMK>U`3~_jr{w9%0Zj z?W-p&o^w6v@jdo zy{zj`9CWNHZvg3v*!y3OKLq%ioO5&7&iJ5>O+&qDnG${OD%C2 zdI;s)udYfw)Ae*qIg&tA$5E9E#lpo#bI@@&jHB;z zxLO~7BEIkLK91h7zV;3Z4!gRiu|H{H5sSR=*UO|NewDBnC@!fWM{qi@<|MSj*!TMr zc6;y+4%EP=SWD0Q<)|&n)w|V}i{w@QCyxwqQarhE6irbuW;)2%TPAo+=}fQ0KC8BC z=ljxL&Bn)WJ8j|L*MIC2lP#}B0E1)ovs)#U2bhM>5Jg`tm8Ad1-K;9-dxz#J?E5Lq z`$ojUGN03&|3wZ|W-KvJdAzOGhzmgl6$DX&N)nWel7qUGAW4DD`0Q9Rh$n3@5&!m(RjzT&qZ&oL?^!s_#^6rT*fU=RqIIxLcXlv-R3>) z)_32$IQ!13(j|yxE7kCRN%3u+rt91H4>b=uzTP6u0s9-}gdryK*^Al9BTy;QKAm?f zZVJB(XU;OMB5MVh4fhbgpM&CptKhU7fyG4^diGkJ>N|QWqM*gJb?tjWZi8F=Jw8H= z#9_9_e%i4va5Zs8FMsApI&DeNQ$Ds~X z(H~1C_Od~m=m5sn`LmL=J-Wl~+tP$`8UqaX%cq+rskj9lPpYh|zD83W?RY{&$eU{d`A>&!MKSm5 zFSwz@X$^BS7c)I2q?S{OUr+WXSE5DYY8 z9D`rrtgq{oBJ_8Z2cL1FV9jEx<4K#TzJSZbYw(G#_de|J`|hLnufDB$Ag^R1+)@o; zNb%h<2pb52>-libo?l`Zz=6)Oe^1*ZS{5LGKVniYqdg%2+nme#o!vc$XG&4c$j(CX z{>>sa(h!!%9`a(fzDMP~>-^6b(saI&@uz%okVfM+63!M zLl!5)D_>+TD9(h>S7rYqP=)KL8uVaZH_XYBwL4Hnd6Kib*8fH^jT<|^$n$df044vM z0T^{w?Ip>_P7Ze{_7ND_1x?e1K0b*kn?NSceD{VZ6t%2P4#NLT}*FG^!(8DBijyT*lgq>A{JF4R$$V zztGUIlM7Fpa8!)RriK4C6cK!)fngy{dLd%ij9!J}oV8Ea1*-(=m@E(FS~Z){NUr8$ zR&ulY0Pjc(j&F`}EaJf!*%w`>L>>3AuYHhp+QY8C9?Ck?rL{o$5=K8++q%WaXp|1# zE-oye8zCYgOI^%xu2|rB4bbxsw-MqX#&c}zO8%3cj7s8ri37Gk-=dX}c_lS}-1gkY zgJ6l1tkdRM&H6oFi*r)%auc}408=572?Z0TyvcZN zQMLUc(Pm^-Ddcg?oa2fa#!Ro(m^t-pE?{P*M5&He)z3JLDly3g#7^nzX@tyR_66m9 zV&3?|tU1ymeg_k21Ku}%RUc2`a99!V*W9*8`?ATMFwtb@QFXdf)Ac#+n)&9Xl*_ZK zp(%%&(o>kNnG5G4r&CtD8XVt6+Zub4&dJ2Ao;$-i>;xxWd&7;1ula82pv{PDxrj@B zo9*2?Ohhjhyz}s8O`c>~?n;th7c)u%)g@1ISnJX$mP=AytPbOot~qjs&`zU@NsT;X zC_Uh{1rj;efvTq$%(8X$MUL6sSHlHv8TQ{Cp$sjI5W#-{1QfIaJFd#E)L-o z8p`)Pvx8ee{FBL2pjcv-YaJZTo_DjW6D{Vh_RfSb`g>5zUBAf|z*9fu7wNd(f9r-w=yCgON`NrBD8f}v%Z4D@)nd1qW z7-5>^4ymPN3tg&Jx06oxV?766Li#G7Xsv+=%kBI`Qhh7Tq&%(J=g_W0{k7d?XZve+ z?<{@6+pQ5nKg)Oa{mQxWQr9*OL0d6G3Qd0NG*&ieDyeq_lRH20$F*XrR4>Xk2WDNm zoHzFT({BjIF3?oQL3Oz5!nw>(#=bOZL!}(kPQ7cGh!F`1HVdzm*m1Jj`LwS$Lda^I zQMNa*z!_1a!)}o>w(D=v4E@+Qaza$661TQm(_L*B_DA(BoM-w2x1h+B5a8M(>v{Mt zRE@@sgtpE3`YG{K!+F|*rguV4G|=1~uAKhffzR4VIXV~fiYBfI(zHRjt=E%b6^TXPjte=_E^v;4)>l=JFG4J zh%^5JMlag!Ze_ueV9`7$m07jRHD=D9+TsHzL%RA5rnAmM0a9V`U*w|3XJE>gLi9`+ zP?PvT%9tRSdbup%y3rq+)PGt%j*G97v}b{SA-qdG>2tU3f@Hq?o9{eTnH`hI{fKDGOw|KS3Znt0Nn3@q)7h9^l@@}=51Iz*{=wQ z`>#XE*Hx1bXuHtUp_I@0phh`FzC^L#9H9T5CIQ?|IG1LOU1$Q1Z!XJ`t|HG`o>cjv z8HEIn&++pC*^~_NOZ7EN0EcNH2q>|eR-GoKNNW8X6)(bV+SarDX*@bgBtW( zaTLtCZoS|#&f*GLiOE7%S52X~V)=ManY3+vR( zDYCTFt1FBy-s$^|{F%q6tk!=KjzSP-_2H&yE>I)2#m;p9c^N>Ka;OlNSLwa@1$Qwg z@lfp3ql39TQ6I|dT?k^l;!!Qn3zSqeJSPL>LL$YPW}eBW*sicXNxPQuH`hm}5%FH_ zLzym+;Tsr}l^2{OkL>Wt?1jMOF-GfU4-5G#PD{my#&`S84zfoh^aym+i#i$E#Dy{O zekkYER2$0x3HdX){sM2d{A|`lG4X3`=LBU7KbZu$;=b!Lcj$dD-dZb8zR>{U)_I-Z zSn{9FGj+`HiQkMuxE{zNrrBwabtj$}!Nhyg2(y0^Zrg-RTUT$*Td+RC&T<7n&T9b? zqF=25p17LtTt5784^M*U3UvPFT`e^!WKlYpin|`BCz`3Q>D<&n!-{zt%sMwbvM_^) zGh982rKq}`tS5?l7NN%y&kSj+?U2NVoRhqvOPz(j;6g0xn$!@d%2>Xkz~k4v_N9C9 zo!u*c4hKvX+WQxYM)tmAcpweOHYYWNPn&UC9jpG zyhIVfEvB<`)#oZoS7?;*RBx)pSS+$uE1l-AFmRUC)Gu%b)UF=iWsK6#c(xG{YUV4*4#h3TYb&gs2`fR9!0O($P4?#(hbSY4TqmoC&QL05g}!yJZ@FOB6TTsO$Fgv8z7y92P86_~#l8JocxDcU)S2hR z8rhADAd#iHtXLz8rCH4-@r(8_O7!N-_OOR#6Qr{Mti_5I^MoiqG!M`suv7&hArjHe z<$>h%2IpZx3pVRGnOOj-+|DdctlC3iA^nO*D5IKM;|jvD6#Bh21N78y2TPegeZjgA zr+OEv;TB5P0WWYuk&Cz&;RAqvom6q|r%uioT5ZOLAUI!#jc!C|;R@Xr+nA7iwfs%x z^EdBWnNjS(rG&j6VcjgB-a%zAE1>_xz1uVOV_Ze}w`TS3V zz~8;f_S{S>WIj=9e6udsFf-aIJJ)b_t#`}y%-u1k0Cxh*(igz56Akav6bBx8kJ+|u z9OsYpwIqGGp)nMyDXw1ZS?{V>kGm-w;CyC{&Tu}d*{Pgaz6ybz_T;FzYB53K0Lv%5mvb;usF+v+8PRF~JT)tasf`2 z4XRz$Vna`kT8238R;{nva0VPT6)g+Da`d`ww{8~w$TtNDMdIWH^8Xrkt#QW7mIwdc zoT8NV=Tx_mz{sHcMgCfsK$6}RD%6x*SP(s9x-Y7~ljb^Jwh$Ak|LE&t@0)>kX{&n- zW=heJVE%;04G%(vS-C&uNV5zSfA>DRf;!Ss=b%;jb_2@xp(sh%^~AsAt9YC%&Vit( za%s%}d@0R2CIqxt=~L{^VrfVC<2V6uGCfUuYz=p=26+T%wBOaN41V3dE>Ts~k;6xx zQ@m1lH|cD^?g+g->Vd)=au3bz0_DEluxpU}Xlch)Md`n?2?+4}OAjYOe8PY&A#T6G zM)I@J?#Hn;gdw`gfTlomZZrfbnGmTws{q5%t3%@0b?fK7C0eCAE;K zl1d?rQ;itxWp#4}7%(Zo0rx)aueyoX0k6Ahw?=_u3LWIrGS9B!if@pl8WoR7Xv!@1@lcX696Eo zn}*D=eG!$fm9O-*rO+Vav=<|6OHK5nH!;dLUa(GGXW5k~2q12enQ#c}`*N;biSlW6 z3|;mEJ}z{MaeZfvs|yA@IUm(6_lMaH>+*FpNOtP-(RdNMgBmFty3Vnynrb7R+x)gB$!t&#rI(PM&A%wy2bJltK z3pX>%tNEM5ZU<5&Co+EzSlZ%bZ*ZDhMQ7m&jba=h_w+YwlkOK!lT!$ls~pqKeo#r8 zZG0+~&Baiw!#@3OE@}m8Zf?nEF5%B|-m0m0AwsAm?^7<$N;&H7!hOI{;G3dTa%UZk zHdI4<9#&mHW#JtWY%!J7rmvZSu{)K*%q19|qbTi?j+L&>$y7HQ=3J^HlU^=OdXc>i z$sEQAe-^>i1urxrShZS`@Ug2{+kzQ}F1POV&7@pI<+#*VeC{U`Y2yf~B|=^$6lzh~E6>nQ#>fnL`a615fmP04Rz7HOQI>Fu^~FLrg*%sHbv zPqGaaZPZ|DbyD@2rCaz{Gd6owfOip<8uZ(tcu;a3=+5;QYd%CC1l~pB*x73klMC@2 zs~1w9die92*sVx?_!7xom*-YoL5k7p%ONK|&{UdM_^rxi7#%dsf^3IXlwaJ)gzWPK zDKLX|1L+D!FIq(47+KZqgFjbJZ1SNa5WtF~342(?&~a`Mf-f#V$a|8vqN5DMSz9MI zL(W&S;-w&KO!wr+eRga&da9X!bua-NtN770O`TbO*=68p@3qNFf0H(E(aAyE4wt`| z3RqRyX9Ndov?wmAGla4%DcR*I_TSQvHfg1?XJ47ax-DUotsx~CcIpu2zv#&yW!_fK zS`^pKu!r_^f}Nk@-`D^->(7GZ(VR?m*VHsZZZw0GUi^3kg5owLT$Ik4r@ds!w|ad~ zXrq=VRDQ2d2SVW3*v*R6g~DFqweXe8oKJXu;WC0Z4ajr~pya$y4cNS0m0hhWbtj;9hr491CM9`#^u$F1MEd ztE5=rU3tp-DQ?b#%F_1@*xe=M-*r6x%$w3I6ygcwqvX)dHfgDSadtqUQ;k)P^xcpp2_ z>DgS#>8a^F`S>o%Qj?zM4lY+~6{!_&DSJ0`4&}NMa+7j;&yg`|Y&b(^YZhU3Ns~3? z;rkTswjBLR+pM!S9tQUZk936cmxYTCX9b0(PCGnPW-`G&t!g1uUFWc<2S$FX&Pc?) zkK|ctW^3BQ7@y#okypYw*7%HR`wH=-6(nYsa|TSHN`5<{h`88uhZ zwXC~SI2b=s0~5$B`B&vggr?9TCeWArmhp%QbSrOP5QOqR&>iE0%RlxD8q-YrXJm=4 zaB-2IievtZZk2#P+T&QBhsk>?-56FDpVXLC3+XQ$ll2@Am=B4(lG$9Lm@gOSGx6@) zG;Pz@O9xd30!^A(n})i8RZy$o&)SRNas_w4Bp~ax0Pu!@$hKj$@ z!6)&|D=R=C&}F;2sGq!4K(oe{XoK1hjf^56i4u_NJI4_Tm6uWO?8PHb%%dJ!>)LUZ#qLLbi{)mD?Ccy2}{tnOXc$%z*dadTj->6^U zEn4osHR3z*hhSlER_I_w#%V)QdU}K@(sB*TU3o_?Q|Jhi`Bnij&Rr`) zdyVO!+0@wsW*EPf{@TG!%Bhc)h<1?6V8Z}0w!y-b|H3k1dSuIK%PCLgs3+T6Xx4`! zzsdNz)d&fD){8jKkKvP*tH%i*DOYBX;ZnTf(j78s6WWwI4hT>g(wF-`El2f3K`DFo zws5FTU09V0UYNK|C{OX|kC4uKLeQ&d4bmRKK@II@0*1$$ z_YN@Xtm&)0M-~N(CR81&*n%}I>Q;OAo?ZTU1f)wCB3@RK|Ki&qN{BfC=HSDZUkS~_ zCiKueYzA)78@k8@rL5n?|NLEcO~Xd=f*f@_KE=PMZp(VIsS9$Ggi;TKL$yai83UsVoKC5y%S7-l_A2sOWVybJz>JjfxsVY{Ul$PoV9_$KkBPPp}2v=VmcvwTlh@ zOundh=vkj0vVTTk!ifodc|vSSCBAe_8ObNPKBWN5$b|f&S6E4H>|ydakn2_u1#CjW zF2cD+w?~a>V^lVGdCDTr!T{=>NgpdGX!DkOoPyEQv{HI<;=7>{XQcc2#OIKYed~;3 zKsKpH_0h>&p*LDLmU`WKCLNE1G+!9H?!&^qGkiZ3j7iUGDA?`E^|Iy7zeb5X~93JLs)^y7=UTM_6w*A1c3;M z0Db2s#@18;jN1D@H8#8Z@5yF!#}4ji87%>ViF$y{62fK-wTclP0YUJym9kQqa2=oB zX@TuJnul0aNUe$o4pY+2S$8UD!w#q`3EN)-qE(Vzs04IyBr~3BwxkebBrQJ|Lqr;F zupT1K5ryzy&M6;1A`|n(9WRfCdK{HwqerK*aN}mGeqo+7D6aFOo-OF``6}~u>Xz{* z`{*y4mj|Lia`2wONNd9Huec7^xo>a8nAHV9D}Hq4+Gv0v!jER%?ca8%CC}z|&%G!_ z?5})IOFY)0qhBlg;OB3ZiA3D^|2-n^ixL8A#sr;S;uhyQxX~kd0OT`*X^9;bs44K< zZh&8`TDgAlzF>pD^wtCXBG~#TP)^WYuts^Px_dG^;{6-~rVjbVI$KVpu zD?yjzo3he(4KFsK%48^l`elA}L;gJ1!$__z?MD5yHx!KP6?2f@ogpg#?sDyVh$H&r zH{F?bkQZ2z!T+^UCvIb0_)_o{=x#tdy>{k5S=9fRgkc$y^slIT)=fj)nX%ywQzSk| zq$TV8ukoY*|7{`WhwlF|k6VUhx-<6^q61n2QSm+mN=~<@UZQqHbQj+SL_T%WT5D8jmtt_y0z_YXhjudb(qEcU`R=N_H}- zMs3c=FI{N&v_>3}z;0}BVZr7?Ixp&H7KI7!H2}bjWj08y&9@dKk|*k9B+4?^Z?(ir zX-WYfCrDjIGAF%l$+`(~nh*zX7Ao0kr?0<%8yzh2^bhyr+a%Cuf^dC2Sq|22Ce`6W zUVH3&d>$KRkCGKgX$M}Q6n)L$wmvfy<3V|AExWF>*eE3!QCTuQy`lFU_r=w$lP_-GJ_^q7ZCd7ZRZpsDK`$_Rsz&NL7s{Z6Jkwk8u#N~=F= z02?yc95SdzX1NFyyxCeasVv7kE?tg<)S;cs%Q7o4kxIu7^of#GfXBO~V+YK>+10k< zBFAp&^-t1)2o~>xkS$ezF>=~De!b0YLu&=`a28?o$ZQOmWP$`iyMYT4-p=&UWL^iZ zTI-U!bLi(H?{DzZOD(o;v$$vtrjaNoOVoW^jhM#4BYT;~~YV7Pox`G%92n44_XlH?twE|3oRt^Eo>^qrwC5ImPKUBNTzG`YOH?4&@LoXE&A;dbv3WsN)7P4^8?YsoNll$ z7mVu+D;kE$9@?UFwSvhDdU)9d|AjW`jb`bW2wENjrtN|b;Z4c_@)1`F888(hCa->g zY3Y4pTLa!NbZQ87Mi)SC%#CWn$j2ouXfny*o;IKp+L}i|Tx1|FnlH>2uO=6B>E6lF z+~(D7O{0dtb?+r8QSfY}bYOG|7~h`7ceyW7EmxBn>GRLR-sVlZ9a`{{8Gz2vfk7Uk z{{GLSgrNcT)AIj=`e~yd-1km_nU^jLSRS+|kQ5hh5{lD+PBkBP{u9k{;CXFxz8YCe z<3a?UC&^=!9^R&)lLqWfvnm@knL8lr2-_cKT4kuUF9k|F65q&G5-2E&XJ4jkkQZ_a z)xyb`VIFEX_T#2joc4;k4t2m8t2TxNJ;`tu z=^H;~cC~+*od@nY5OuDmtw#3OB1fulcoS@0oe6k;LBfzYAOYHR3U(FAg_hab;NpVy zQs(t@D^u8FT_3jI8h`2La*)*2VS+McFiJpgNngatAFlTw?54TL18$tFzo75op6cMD z`8P>7=Yb~wjbvyc|7EIJgJRG9LHX|?g`RYJToFX4U4tJSfJ`BFWXh1S+j)|o}l z2pU6Om*cM_fl9KexWf#u14TxTnw?DFAKdEVl&SkP!VfZrJ*yfVQ3z zV4==P#_*lQ*vL(4U<7~=g=LxZ`@=jFD=>hrL;Zl2!Jit z!4A3$h-TuejtoMT_UeL6C=Fc^kr$*ZDg~bMDwR%ELl(=>`~Yy&Y#cUC8F&A~1pvCK zwB|bC&B8%iMYAtkw?@A4JB-$#1xk96sqbX6F}noc(Hdrg3Ph`XE_F+&$HAncGKFd` z4-u?%+TJt@T=Z;iyWCM~1qs)wj?_#h-SQXHgH3rE0Q?tr=I z{ok2O@as-gNcH)zq5}E$CfLfkn6lsV~`eLMVKyJ%t_}a7AWQr?-k<0g4YFbi}O%9R9=Ydtn1|86}Tcuo+!Vp z)MPR3Pue}9AgW$!;-YVN{R3!EBr&q9m)HaMS1aFS_?iKf0C22>S_S=w)SuTlD0Rx0 z-VAu2WsC{9i+VDGU|i(=B#W^nZL>(t$(w4-@|}{XZufcws6&2Zy$s##e4E>-CP12k zo5j4|4@#U-YB)Ehi%UO1HjM|zwxAICyvh*~(4NlHR} zq2WXNRLA34C_FnXd=Hz@*JkFtUwedY*As2C){2)}`r4VUNoxYlVbdJaEApC$S5S9| zj@g?8!N(EWgdum~Lf||(j%lVlYKlTC|B>sPAx12_HtUf_J97e(xOWo=Mt_vlpT&O2k%2+^NGi=;T7NGJGu7;}7>xq%%U) zmH%0d`p*eokZ&$2UblNzo8|)|`x7m~IEnBR)zr!&M&nNMigi59f{dJhC>}RFcoR1m z&d5e!kuO@=LME@?O8~ahQZL+^sdLH-UySU`5ZSd&AxueN8fxIt^n2K~pm}++HeeC= zHe3or>?U3SqRhhz7GIISohOW$PeD;(OJghG!8$6HD6rO32Fn*I{e3?mh`>@7jbe~^ zyUf}pf}TKDzUjdSAOzxl=|{TrykwPPt}OJ+I^{i0l1~6I)bDj-INDhxVxMaW%&~_B zG;^)8Od`0*!_wf=0(VkLyzM0Cr!uLk_jNE-^4vMM<>%BjfQj&2HR5wnRr1`WZnJ{O zYdW~=b{(b!?$H_^pAP=}ac2xVtIy2!g%q#X6sLF|nClCZSZ9+3!d`>xV%BUwUGaOk za+yz3IkkVnkDF15wP{_uwiLVc_=786OZ(}Yo7qd1OS6AOrCd>wnE5a5g`Rc!(=h_$CN8xwG*|63V||8G}7ut^6H z^lW`@d=3pT>jmc>gqmT7fcxy+0S>J#WQBEM3I_9Pl1xGipL8(9p84w1(W!<4@@W+e z){3?pfG?-m%HDz4n=L5>@;rPaXc~pYQE>|K7OcXU80~X1}C6d zmy-U1?RjZ~L%p?vU1JLMow+a~KwYimK1K~BXReh+RH#8~8J~9+e1M&4)lzf(#FKt_ zZ=s*ZHmrCcO##&Qz@uOBvwlbL^1$wC-G$roD-?Hs7t1xbtLVb;BTniA&-Sx=lSn;E zNZl*Np|eZ3^U@dEksV~Ce_DOKdgTaNBds$Rmmw8pLwxtcXB$1YuF#ZPil3-FcH&P` zdRB7MgHODd@wquX9KuV(QBKpMwn^jbw^C2{#VNP;6zf&x`c1h_3f7CTlwpJWpV58! zy!7(MNO`;7ENbu(8wymP}?igbfT$d=2z>?rC<1TKZ^48Bs?Dj9O4?sx+ z<#ktJ5H#@CJ~w_neS6Zm?NA8Am`Y(U$9LHswvD)-#cN`smUJBEg85iAdQwpA&eXW4 zDue{l_8n9;J0cW|tRZJWS?RTlO_c9WM>;~SC{_XXrt4K?K$8H7Je(LDTd@nR8 zW9LXYB{MaLvf^Eb8r^c5kOELqm?P<;R*~SJ&QxQV>E@>;m#zE`F=&1Mv(F7DWaukE zq9y1Cw)Pt7Is_WLdTtvF4rcy0dm&<-O*>&#h{DjFZQh2)^Ji#V$}`@S41$(jVEUDb zBDL$RAA=A@&e{p(RR`#LX`{tQBCMN0;Vg=dNgUeJBW1Mr*tgQ#UWy#+j<&|KH(qwn z99QIBYp*YCEtTdv7uUS0@=c}s-1?o~IIYL=A` zm)6;vD;GGk`{GMXoDDqhVJ2?V^OkV>3KxzkIdD|AJ7h-M?VU1qeyW>=QCck*F5>^L z3+Gh}nlSVOduDvGdmjm-X0ABsD&^>g_STg(J<>DLE460B-8|q!H)+Jr(N@U0SJ@R2 zC=}n#arBCklCn$g{22=(fG38FgaoHaPd=Ft0TbMZp8Vy3;LMXdY~!wcN)-J0ySF$E zcT5|9q7^^y3VyssJU}r_h;yr4)xGN4{-a*^mcHICE=ZO=J-h+k2%*@8XN>AM=x`Ym zeDq6BYhQb#0J--qcz}iO1I3I1g^9ff-OB*sIkTltN{4RjIBd~eq{Gvi_9|ApOz+28 z9y@UdM!ma_=fXH0hWA}>jV|;Q4neI+4!*`kfBtCOGUOTIbTrY>FCj{LWRK}Uud(b) zk$xsr{+vDkt^Lg`G{opp+DT1W`CX3QS|6DcW#KO3e(lAm_O~Pq%5mgSz53!}I-Q1^GPQ|iJKPd$gMNRPc{{2G&GnwI|783_M zl*RvC;x9@rn+iYh(R=SjfpTFCpRzlKK@r0Xp0mM@yWQQVZ)aKOmCXb$NtENM4_2KAPUoo!fV+WU>vDk%sKYp8GUHOQddX}V% zjM==tiN8TrsN6f~;71v6R?r|A#L}{u1@=-4wv<`+~|Go|&fxd||MAai@pAS5{ z4U0F$ozX6wcE+?ikl~;tFuUd~dCPcC5x3p=+x>~R2feTmEzB#&q#W}Si>*%(EL^jm zswZ{iRJ|HGX3G5aL$27e?3)vOEBM@^Gt;Wf@NP4ZA&rRA9PZ`!gl+bw`wV)5GbEw? zre`lW$o?Tv6b$7OF*gHrboE6km??Hz)D!(ZCg;Y*_Wpzc+KvbpkgYjs4)wB8A;t85xPe6pY4;bgtB&ZNloo zsoxwFe+ok1WDr)HcQkdrZqSp6!+awG?7U|M6B+!|I zRL*R^*12xM47tm^P8~J(PoC+V0vp7VnC{YU`5*jr-OK)b`A1XzPPHl8Sx-#7`wSkj z>tdrA>c#CYqB(lAl-@wQs4V`Ic}AjK)T$U^(UGr?Hj5r0^|^O*h9pWkn?+xrT7Ty6 zuw|yRUDzD{Gxi}=wsZNG9AC$DNRv*-P+oPg$^KoCe^nlqF#3|Nfh^mxN&zk&4kR^I za&lKo=#__}zf5Xz_uX@?B%gB(CY$+VCm@a}dWoI6XLI$K-D~f%+>BT+h}3&10&^Z{ zfg`GRZfXq`$m#Yf3EEYiB&f+uW_xd*g(m+J;?0i1cqB#f$?WD)-acw@$_Wo1h+T6( z*Z42u`wO*$A@hg#AHF2>qAZq}@paRvn&l-DI)6Iy-PtVQ$%hrD9ozDoAX*Fa6&p{m z+a1{)Co`dssEcAQaB@`;%oHAdAC!c;51zExkq!sOhCt8ctY;f{+I;DFW0Z`xZCoLK ze(JRCTbH%=(3vyo4oW(3D0^ORex_Erz4fUc6qseoNLxxh_dOf_-PiO|>{eWyY$Pnp zkvu%jLcZdHp!LIk55xqSB%^;(f&rOw+V7TW?{Bpx*?{ifYlL=De@>g>a6feF>T9Th z#KUANAMza}hxY$?#=wR5$%3Zx`Bd(Uq_B#UIdNFCM32d@=?2A8L{|x<26NE8nsjSK zo!kjAu#TnYzOep+?L%mAd53#d5rbW%rL4@0H;imViQkfIu)i7AD@6ItAFmU6@a=759yn!5++a;k&e^}uQe2e6 z*8DgQJ0CD^C@ZRmB&Tx@sFGO-Y8?4RE(iW~AKm_t+sl6tdfIo9YL{D%;E-kTWx~>D z`V0Pa^ZQ5BPATyeK6MNp7Zl2<9h=^j>m42=mr_BM1oexgD`SF7sq{pz;e znd647jM+#FXM;V4a`Edk0`HFiaoY=NXu`WDvBc_0((N}HTiJgTz1|USa6XRqwm+9e zh8w-!QKPEeN|aLXL|4akM9f*?H^bOf@g(}Tapo$%XeLjLB#PLaQpdWrOJ;FMhe45=We!9=dpC`oX_7;0Gvg=ai zU&i;(G|It#oZepLQY!y6RK4CqV%i#-M0K9t_U-teov3Q=N~21)X4SIri*>>$CY^*- zq3p_+IECGiD%?0MgoZo#9D-CqJX`FigksED64TRtdQJl)&3OhcM$|Y?r(#j1?vZ6B zSK3kqab^7QmoKU$q_=pspJJHGa~S-qp*MO8{HiYn{eM;jJBZF>@Gf|xqXzY}B z>TNl{SKnmTAh4d)70qfOCDmTNU1EzSHL>kU5M=Yn|8+`EIC)^k1MI?MvUhCKEorzr zE{(+bZ+y4hGikpk3C1!VVMZ^?Lfrleu2{;e-7;%nWsQFD>e9Y>QordO${gASVVnq8 zrv^EMaSD4qE}?Uh0b!i+)2kIfjkD!a%-22k#%5LRMwyYu;j!tKBSJ(sCquUV$~J~? zucQ4tgW_V1$hfbt`5SFSTTcdCPiIN*{oU5jAY1o&wx|J@&l`aYuZ|;Ie+{-?Y1GR3 zbIo%OjxLh)C|T z_BMY|?z}6~S&uwKyg8aXtgO$#Q?^_rIx;`Yw$h{}1L8WT!#WrH7P$Vt&aEh1K6|25 zogRhDdmleR>+BEf%<@z-{+D%DKoY2AlWAmSa4cx;|JpYXNLz(*%MC>?)rSDr7V5vh;=}YNwxky2>TSPq+Oo5Eor&AZZrDoX&fq-k9W7i$ywEq zVVr1oZ~J}XCgj~ECMfStI&rL0?WKPsx^#rpWg^Xo-;W>qXY>AW7bBm)LEODpRU%36 z@=ZvUrCf(YAuV;q=Ji*fQeVd&@LmVyoJiCVGVf8tQ*$m*t9V><=LN>&FQfHrHN^($ z8{|+hytN4m7$+i~o8%o1OqcbpD8qp0@MgjOC2WuA#!>(q479a`@Nh(YPB{oYOdvPW z6JwhFC$C1XGyx3aXfsegpB*pBT?b|Fc_1S5P6w>N%Pq>8kgeGO<9|VnU`M7dGNxo! z1&#M{NUc=O1F9)`r?}g0r(Qdht(!obFxnC{3Fe2=o!J;c+I~!)jNwIE{^shs3*j@h zvK&Ax>Gy+kd|>Gh!F6NPXB+-swv7G<7YAH7AC7;CNkZ3+DQh+wEl>yXZkTA=FXPT) zlt~I93Sa%WQ}9ZwU9k85fmzd_V>)BhbYeT&T`F3|! z*97b35IQPmxV1r;ue^B*LaqZu7cfAlg$5H_VWiMFD>`U-^1S1Qno939$beECCtAo>v7m!<1u4wpOdsL*35gmC5QwRLdd07K5PU|{ z&6|5*MZ-8C5Cbic?P1X-##l)}1v4wC1WVU?|Gjot7J`{>fTz9(OTNzgL zw-*w;Mk0f;qmIxk-|-+`6Xcc?Vo^{we%2J+wxhQO8OvUW(p_|~KT(OFMm$i5+`)Ls zg+z16pg&yR`ktsV)GH2$_Rl=~`grL`JKgtu&^f@HbSpQ<3#^S6tj+$r?JtQOvNkrb zw#09ZAzb8OZRSGRC?2Sz25S?J`$daB#*)O8w~rejwXb@ahjX(UL^&7%2^s^Yh>{i@ zLdRCCiaTdtU)aU&g>!}CVf?h7qj@LbTdT>z1+0=#%I=w%vzknIowVR2;koNlqdQBS zqIFVtdo|)%zD|nGLE-t##%%dfYx`NK={t3PQ#psrjOJYebyeazG@*5H+N(ttYloym z_ZoQ8eH^U8Lfgp{kiRdliRn=t17NZ9(v1)L@+7!A!I^*BcIN9drJS+#pIu-KRTOsEvvI3%sXJI% zYK%1}&dANq_Nj~>F@{$4BIxT~fA-9bhU*0%vRk zPT49!tKftr6s{RYZxlRYw~Lb)uVhK?yfb-1CdO}9OQ{s3!@pg2?h51(dEXKdic^5d zTl2`iJ0M0ZGY6^Muumcr3Rt&2SVFi=$97bZ)ISxlHQ%rm0V;q|*;WJP*}&b7hj%_z z7cDKliS=^0duBU&rhXLf7gd#j$;ydheVa#DF9`r(AWQ35%ka+bEmr z*f=t|QJv-yd&fX~#4nDL_Ri`imFo)_z8lapH-(L-0+i9y5nCx3#ossxbsK5MdnG%@ zI8_`Jw7c)2DGS+<s0sfY>%PjNe@xtjA^=6PR%;{j^(=eR%_H$-s zT+0l8Be~RN-M8N0yqIMk3_uz>(F(mluTsMHSjjpLg!cqu>O;QFS14?Ozi=leub~x8 zPb^zQJt)OaMy{?DK4C7#6Mhsrq}Ygre6er8N^ElTA!qc0L>q|bnYmuXybK& z=06xGoBdqg@e``UBt5$o(+X$yh(ZR&ay}q~x=pes=nar7*$ZdWw;U@ml$46)^1aK$ z!p%?|573_h&OY2Vuanb1u$MVl74E)L?t2oIU)gF}aoe1Ae1aznQ^n7X0_ zAV}nf>&sZU3YcD}8MlUo<0B!^=>A?~5Qh|}#(?`~=UCnx9fcal<|n;)mG8PXhc`i^ zOQ7q$4$~Dgw>4om!S9(5wgd7}URbN*a$VxIynoC~CMFNos+I95Hz5Po%8#sM5|*;@ z9<0^3ohiQz;=XkZz%OR9F?TX1xoGjFuKAv&0uH1RXWm08{#x3iqx-e($)^;Go6y*+ zVz61QMRb>+pHt8Iav%iSu|6w0ath$h`3?|Ps*L}}yV=j%q#ivRctnCTOzwe9^N;kY zxc)PvtJP$VXaaM^lYK{<=Es`nc&?+K&1NROjpH&g?8L0vI>BSIwKPGGPT%IrDi8@m zflQISE)cdHWi#k6J3Osrb$vZ@`gJrAYDJHUI?N8P-w)fhhgM_b0Ky&qZzD>;lRkX$ zd@+a|B|cRT+)HG5oKiUcgIE4Rxbwt*00GuJh1DXpb1n5C-gO8QF;@!{H&YH1GFKb1 zoI=y(55Ix!#st=JZP?h}vl%=Pfx!7NLHHdp+i?uD?=jPY3C!mDiaB`M*!=fsa=Pl@ z0KA=er~A_67EZJCoG~2 z|MDTJV3|>5B%dHkwHHF44EoOFio&*fzl5{ycBH5K?#Nc5*)2B#T7|-7=&+)7=OF2Z8nh(* z^FT7<0I9x<9Yg~Sg;chYt+^;hNu-J|j!e?7v#G|qrBr`BUl{(zkprT~`W_;%_REJP zLt$aWy@U^LIVOlz;oajP08r9v`{mtZ7-u zL!#q`ybIlEB?_rk$((?@g`WH80>%Jf*fb|&czDM-T0bJ8#RgKNvA8sgU*5gZ_rb1$ z$&;c_;bZEkPttx*Gsxw+13?cejG1?4o16E4evXW9MT>*dHjdge4bVaNRRrcF@c^LW z@`wmob^~CVKQNy3`xC$fb`o4H$anX`2F};15|GHb($kvU{3NJkuq9DF|44|2*^zabF(lLfC-EsLr`N8w z%E}S(21c+~@wBwxVO!Emr;hQ7>hO;&`G9}x-J9bJ%_1=zU`Q(M-M==A(7NB)F^$SD zCn_^u*n+DG`qB?%W5QY>3!lsG|5t=xf-u3O2ed6}PH11wn~ zKLX2-pk0Wj=Zo%Y{x2=fvt0#Nx4Yi+r|RbNNX}NWj1|2+)y(8YYek$J^n~Jb?*f2e zoh^wg(_4@*vnxeQNsJKWo6ecvBXgNUaI-9!3AfYP)R`N|L3Fsr_lW!(i>ll88T{29IUP} z^upaPJ`ixd`be+8pntv7M)ks)LLZXgaJ8%vxglH>526C5UDcAiy>(-DpSJ}4S9DxO zkI@&O5Yc|bHn1ed7<4=J=y>h>r(bq)9Rpa)aKF&20FuHK!Iz}w=7H0?XvvTIJP;E( z!acHx11GE!o0|U1qr-K>0pX{ZPtdy{E&y4$a>J1mnub*gEt)2(_^)kZC|J;-ua5{ z@8lU%R(G2lhy&^=u24S)oS?VNvU;#Xf+vd7}Fy63 z>+cisukus%!TlkpFL%1!;sEo@Ki+Hzo7kct6Peh0&;0Z+$Lu36$~|oNIwHhFa| z-TXFvr#FC<*ex*eD91FD6jI3g#xb8?jfF1qbg*Cjs{FgHyT)M?Efa_r883Q_9qzAo zwVYG=7XdUO3VhE(`CndK2x;_pZ$xvOgupGDkCu$n{_+&aSsG4u=8UZp(p64fO&L`X zN0A{QcEu>`PP^Vq955Wy39Fk^Axl838ZvA%DiLt|fh&jU_CKQ%1V!Qk=;EtZXJt}9wt`rvdDF9H?(aMGE#IcCu zP@QaXTF*uksY%Nr9P({wi2vo@{}HU@@gC#ra52UvB*KYMB2y*?xzrGTvG08IyJonm zF5Ei6iQ2U55?6v$7qqZxf>I`NG2h^EMtvcUV${+?1wD7i-3cBGhdEMz=Epw*qj`wG zOi)e2?JE3Ez zslZ{beBObXcnM=58Lwk9D1^HU;_y8Q9#OwGylo$#|Fp7*f}Y2u$n_&InpnCAGF)+L z5aNoOqf7u1!PMiG?+^r)iQm2nxb3QS*8-ZZK)QJ{hSKri_E-LDmj7Xa5t+uJL+$Ua zjC;%l&f}7`((8+XEg7vV4*64d-Px~$20-GAWP|YH+Lx%CM9bH>0*A3b;U@9o4`hp> z3}Ty<`hVNiB;+R$JVzAKK>51HsLdP}IFKFO!KKMdzyG%3wH>_;k__k{e~ZF3=~T&( zYlkxGudhag&`M0KE3P(_bN0EtXXJ?SLy<}e?XDJjs((p!jut+c9w}tr$&J<-2Wbnt zUs@50G)v@2#`}I0wtjz{7+pAo-2t}UoqLvna{J)+CDjnZ9 z3RM2o5k}b)3z)F%cT3`Vd%0hg>=ggrBmZ)4V6{I96D3>seq>BA!WRtk+K}_lx<2ts zY?Mou=KhI{ZbO;Mo(pYtOf+~-S0)#i-w-wQRP$E>tIpk=(l^?%_36%IGTCOdsDHqN z{ir6voBw!xRVP^W|L*PFdBCFe{B&1iwpnIsQ)x8hVawj=nVq zrypa%GsqJJjjiX1mCc(^Am;G4YT5Je50_zt&nAf6>b&mxVC&mE8jLW)1A8H*brGKz z`+a=kp@XpM=RIC=!UNs}T1s=txmMJ}v;U^94CC$a>gWG{aF9-*g~}RVLd_XjwCWKV zE!6)Hd+!~O_51!0m&hd&*()TJWS6}vRAxhI*a}gSkg_g2E+ZzjGH3j92y8Hxp0x0&^XF7lo|!SL@EV+{W>f){u3awrS0(rj~;pcZiI9e^=bKLfD0Ca0O!S^yrG+EK?K zm4!;I*qZi5GErn0((o!$pX2$^50;L*coi1K1)oGH@L z_o>rU(VKto|HguZ&GK-8Kt=SHKP74%7Wlx_P-GDCsz^%{3;8a=63P(jJGg?sPX7J^GIriC zNBDyVz7T7YXlOgB%=AHtIPEr_zVGTO;VI+=eJ52OB#*1SWEY`{+M1qc`)|+QP)=Pn}wr~|0!rL;OkB91Q1@qey0DJvOq^N zP3$OdRb74>eT9%5wqBRVlc&sdpcegGOBdUyEdu4rqLJXwY`lB^@j{dCAY<~lmvRAz z3-;d^PMt$APB8YdRq143e<`b@FZ-y3Zl}*+4f;pQEd>j+?><}su|Iq-X6}#7_a?8p zDsN8wWgOzl)x5Y1s$La_wf!P+K)VinkwxE@4{jem;7#-|ku+RGTX>t~DjhRG;}Op* z#$wc~qGhF(!geeV{P-?g2A`Cknn$X~7mw?_9Ep3ngch?ZZRiK=1u(Arj9I51k`vLt zzqbA}H}bL!6cnPyh5q-qI^GaaJpxR3z+{;Vb_)YM;oCzi>-p8Wj#U^`T~n0x|SH>NwO;kQp~?SajEzIWRh z1oCsHW@HseZ8piru zIu~$ZWj6ixjNkRZ5+7BL8ql3yGsq~v;uDqS!MiYZ>m$nhozUmlA8dVaiI4Kt^ZD+_ zp1*$yS|2S~gtDUzeXrrX%>BxLK#7#s+g`w3kz0dc5zL>|PPkE|!nyNc{W=A7V*`oZ_pBwuf z)NDnX-IH)Kot?+i*4LhckJPDwbM?j59AO~WJ}-6*`~YRj=Nc#$zel9B^ZXc0BpAXe z+aHX@yr*aIYgOrHT$~7K8Pa^4P=Dowb!(StRCeGXTn>Hg_78$PPPYr!UH$bN(HSe` zgA`3y92)FPAmP8mwDTogB9{@qM$rUi44b$_Nx_=Z?cBKHk1l@d~?`lt<qt6wmVeV^+MEeo=Uu9Ltr~OZuP!rV}Fx6iRUnV4$sf5lZ+Mk%!PRFUI~%-PDiY zVlR`^V#}d_i=u_kEx?a{&&9!dcwpR|Ibde9N(6tV+Uy}6jTV`&!Gd~+56!ghy zC&C}>4@s0hS}Jg71-OaU@!Q_Ry?hKtd!Mbzltl{&1}@?w3Hks4E5G5&ewdWiSI121 zfk?ImV(C|Y6Gd&dS?RSGk8vM5uAT^ts$FT5_8;HB@7&+Nudka{} zBo?$9srw7R-xj6i00*>N{vh+AAHsy&AG=q~0l3F|G?jHAXgV+~Bk8Lu{l|Uzxym|a z&}{n-JbG}R9IpB6%ms9Z^WlyyGh4m+9gKQ$)2y>zrS&JiAG=~OL{zfKLlm55T3v-L zpEVs4Sg{YkEstOqmN-BRw#2;%GzN$8f|{iqVb<&=@SZR2m;4=(kGXaf-Q=!pu^(IU zkp^oNS`H;q$lZbFp72#c89_7GtoqBL6MXKs?kJfY5ZY#b4c;~35jeJBS#VgkF!@$A~uS)0dm`T1jgff{Z7X8 z;C9}hGWXjL3Y8F9S;)DDx64AhZ{$n12s-%q_^RuF<^|`78uVS9vL~vfGp=_J)INEF z=5{TXW^t`t8c3TUV9pts!9$-cWL^_L33TK)S?$MvCHh+38?;a@Cs4cJ0&mk#9|8c( zkJuPuW-Zgo`=``au>kWXv9=+M?~@qSZPz=ny^_NQQYdHk&l^H~aS!-sgPparm!Ugz)i(!+iQ>1- zf-Vz`rFrP#9M$OyYAq{wx*u0?&+dMD4$R2VMOdc4eET!VX`Kehbm2D0+)ZNIE}?_~ zsyW3_q+kB6yokepZBXp;2YANWrxUb z?tm%~*YynK8OC5B_7?dF5YS(rahH}cw<5lkd$*(-v(kz}R5TbPtbW78z~47>b*mH- zkqF8J|HygH9t#B)m}C>!d%tvQC$1!B)-G1;OQO_;8t|-b7U%`_A}>@&>wbBCk#S`e&@tUB z3EAS`eXpNyB&H6E+??x~JR5X_4KO|;3`HuSLWYSD0IeWW%4FqFi|I!f! zyU`(x#ZUnrM|S|Cy(+_Uy8w(j>RAP(s@>K|OVSUhGLP(nCh-TG8-*i(iTlt8w5&ll z_-+a6ozei^@B?*#b%q+tyy2ax-v_VX*pp)U<>fUUS!=vGFhZ@Xu!_XNVI|2vzn}|cL^c06%Ff`O! zpl-!7+c+lC3-O?f_mJ{JS0q6ouzZ-Xz7vMD>33yi)R*JVr)+e5AxP4FUz6kd)435|z!uIJJ^^e0hkO9dAyK(wg zSy+7(2si7#|e?J#CG@c$>sX6gO%6 zKD+Q1Ae%$zag{IIpR5L|Qd|bnwM;6fRz+v+VMtoA7r;#KyXiP}nH6fY-31c_1HcH0 zVW!)EQnv!_091?*quHgkFyl*Q>5HA5kX2i5`e@z)0=2%f$wr_N!X;&+fs3+ovwq%> zpFb!R!9`(_E65hN11*x;Jcs(6FgX6$Dx75xD$xA0NTD-WKuqpgf+juY;WB00Wk8ii z*?~Qq|3dWPeh!uoKhJ|eESH68I&6k_!uK3g~+KV?$~FB!)(@nioyq5o?W|C8VE zGIk#^N}DI;&3{Y3`t|+3s%;Cqz#TY(X6_;Ya-(1up?eJN-BFMn98ty7-`4x{`5$LM zNS*MQb&ypGDoG<;*1vQnUOUqPwD1R>2oBsJmJ&eMgEfr5+ozxhM&W9eCbqa2WRmcx zg$a#VWUj;Vkcah&Ib4gV6`zRg#XX9?cCtX`Nm}&Z^l9uac)U8(;idjexFcnUe~eH$ zgW?G^I(~JFwdu?@Z^lrau)ULRu@egOTo%ll(Ph!P(Vt#{XW zpM6pnbip@~V@;Aepn^md4NTTgMEeGX@M+2S9CLF%rJ@pur^u3x6KpQ+p1Yvh>W|3jXH_>9>Z9kX-Y~zn+_d*f1 zvM{9kO=vYu0$LcIic*9!+(J=QsgHnPVxg-3>P-vF=;-PCo`g~8AbuKE0AvIeqj;j$JdDXS$20wGC6?WGUI4o$!tSle?ra8Gn&5nMH9v1qcv2k~vW&W(!y$<5HZM)BI#^ zEy|^eeEFz2+I{(c-{g-50;gS|Ktqd?2r0@{FZioE21*kelrHW}F)Hy*w`X|?(*3VR)N)=#i*AqCl( z*MyV8m!1p!i+-a3jQ&6thY-${!|y+)tj)j-5`%xO23a4k|L>Qh!m*#Yq)N49B>4Cf zHR>=+(rV;tB%~@3lWpITZ@4s%8a#S+d7fxQNu?CU7nt~yo~k7U%_BpBBtsKP2CMy> zzr>zGI*`H#we&C8IR)w+K5RT(LQFaSWNNRu`Vca(?ksH5mKSI4)+e70MKFDAfeCPV z7#_x!-v~^u#~%fShnQlp%d}wJs;wJPrU5SGPdkHta0kmKOY^S~%k+(8sN-gvV?QUb z7IZ|SJZm^Pt)iQ)MFS-<&lB~CdnnXP3D3Xf>JUJR+|nf^hyTdb{&@OEu;Mp({uM$> zwZm)`Zt2RQI8k~ca36zE_4o;-tmWa}{VYcR{#peF2xCe7uNX@=;-7d#cv4%~w@aZGtqjgN92$j^1B1Gb3ca2JZix1VdMP>`(lw8*wGeaoMJGa3aUSu>NnH2xe>g zDnJyTvSA$w|tpy^51SZR68ft{!PJfaUA-%ir9rGp}vbt0tV6DPmzst0pDn{ zFLMwPf&YH4>#%RZM~Ei-SD5a5%B_f;@k8Z}+K9F~jS2K3>xp!?Qtjy9`l90G5m-NJ ztAelJiEN74Me$$k)#~-oG6&!G$d{}53(M0;k*#opPD0bp;l8!8B zm~Z~K=uwJ~0)7^`vr-28?Y{pS@G0Kg_BLk^I?jWDSqs6|tFLW09sN$OLqaEXUUE=} zzZffeU=C%HGw`HOMbB+qw!#hE`M-1nTPe3%?&3e4u4(o?_4W|!4$yqiXp@ZxH5NLZ0uQ2a`bix z5TyWd>dl~VF^H%pJ)ySKfwrex3_D`U{N3gvc zL9>z_DlKXdJ8e4fdf5%<*=CL*rnV=L>k`xjPHkJW%Un&fsPB>uNU#Y+gJ;0yAb zQ4_VgE->V~6q51Ahe9ml-*1&~zdtCpJ;rspKi{FsxSQ3*zN~!^NB}Jnnc2RZ>zsib zg9BE%eW3z4m{s2#rQpq`GmUHPkAsw>5z0j6qYSGOZNSTwWiTF-m;zMAf=ei(V)n+{{= z9wWLa{a)0!fyN}&0DS4*cCjqfEtT@dUA{KxT&< zOjDHI6|+<5%L`uRpxD#hPsI;_QkCgFM$E%yG6T%c_GwWs@`2mBhk>q`Q|L>p{84Cz zzOHzXn5X+Z$?!J(gv)X@E2|TbsfNmn+_Ol(nXD1r;9tv~5;H|G&opY{ z7ath`iH4ddq%R<1TuWyv*pg&Z?_gBbc}ewbzu9+rm;+w30BoPRX+1ENF2;y+8rZ8o z-BqLw8`|{T&rSh+`3*jF`5qjKC8UQYq_!JGPcRx2^YCg$M;h4|y39XuVQy^Amgs&Y z=wuEpBNx$diyWyLrs{%y*52i**C{B~0=_c8nN^D-3OULZGn3o*2#pULAQ8N-*y|hm zwAhbZZ}K6-BSa$hhT~fG{}7Baqta5x+t07YA*G31LGl??K)#EYfcE=g6|j2b*Q5>! zMW>h;ej5DP1Fh%nk5T8G6C$%Cf20o)I6>+*9I)++vVUBwDKGm5xJ)$=i((CGQJ)mV ze;1saK|Sb`s9BSc^M(-e2qHFucA@z?PH#!OBwRrc0v}RJ^~ciYG#w1;L?k-%z@Hro zba$g)qj+Inee*S-@r%!&^~-0>)W9{P>+VR(CX}R--WL1P`7xC zs2x&-eu8-tflB;MTXO7kyV8*r&2eba2)X&)&Q_Mr<^iG_=!)pP37JOLTarc z+Bi^lUuBpumy68B9@O!k%qGpIytx^YQ{Quqt0E=mA`?^)mtccn0Aee2U>FUXC{8sj z@>*;c4)vWYU0xWC8Puqo?_%5~U#3x@mZDllSO(@^CpqTRkFuWAN)THgw@%3=BGBP3!l@nA2tP zCVyjq=V!!<9xVq%gT3qY`7Hwt-XbRKTn;&UyDf64Pj&-=QTzs?J&ZC$mz1ZFtt zvsD_myG4$tpF zsVg{BF!f58{MYpax-53He)J2c=1j$GE3F_mN}?4c_2F_0rQU?grcr#Ku*dpMSPZS< zy9A}9@?9h(CDeu)$ap#g9Icy6kWG!yud7H9J~}85Jd0n$X%NNc>{7yjc*~Uol!B$K zy>MsQt)sU(`82USsD$K-2!XehG6leJeGIh4=LCCgk4|i-%|^Lm+rj!r-2u`9tv1!N zSpq6}BLS2~mT|cyd91D_jH}p@KM62RU_$Qp-BbduKsIbS#=exg0atK=c(&_|a9Iuz zFHXFI0inh;oK@QoF--*5TNI13Pvm9V*Wtrzi_eL;y&V4%7IzTebU!(L`6+qC?Osl< z%94$wJk7$ni{C3I97TG0gdYnF;$l48p=C`xLUk0l3c0F6x|#g5EIvHyy04pRq!g`E zO8Hz^+}~kIOC=Y#qc@Q{9VeOnzjOPJ!|n6pChynt;4vO|=I;$8`IL&0rXO(uI%pQm z2c_mSMV6_VvUYubK?*~K41Nv9;^AFBL1#TMUD*fNsQGam2GsOB=~K!^lu|2h#>c z$mqAorACcs!(ua?`IiGZ&Zkxww8-zLN_{6^81w0IW7ICo?P|;_#2iLtu_*!7Ku94h z2(>Le4_dAuEn*;(Uuf@Ri`ssN0h=d*O1G>AKKKCVfD(B-cig_x?Q=#?ULbG^)%hVD z-TI<_m}-7E+3~!bcp*FNX6s8}34L3|*xv6V>`blaGiJ$3o$h0OOUv?HT+}$rHzvQR zr`w0Nb~AI9No-f!>N1U}>3a=IJGhAQQ!BKIcNk|RGL~VE6!&qRJL)0J6^m-#Tflpq z^JU}fcJPb6oa$#fDeks!yrop*j5UnYuzKgRv9Rcdj)V`2 zS!gOn)q`1Rs~3%-av4=QG!9+CBzA5Leoj<+CoXi`sO=e+q-+qlL2V2VecuHyW z_;;L{P3~f69Q%^l*@?SvUAmORy$@onC$JlNWrnVz)iR=^d^)V-Zv^+djaOqRDdoJ# z)sz)F!53qakfo0;)7Y1~PA=EDtf;tTk;-Mn-yg_TNS8X6i|J7^o4jOo^Xz38 zVyQDg)_cMck&(g#gyeXLQ*U<2p+X}iajC!&TL6JED*h({3f|)VK*~(z;XRBs}92wY}SnS7;8A z1xGp056msv_3irPeVzKi2U%aP-0eG=6yJ3DM7`-gzscJ9!%;3D#vIw#+s3mJKBcM} z)(tl@3HK_NP)qBT+Ij&~vmUQqVt{T{_t&lCMjr4Txj~!(7#m84FkGHWB_8GzNsMjx zn^nW9)D1RXdKoqMzC+%ctMWk8eN$x)F}rL0ZoXVhrK(JYWAPyx?>XDMd`yMyNCMdu zNUI+;-{&n`6wsR%p7rDrw)YP`NV~qZ%XvIkC8t}7Q@Fvt?f}U0w(j`5f2PMkhO+@{ z^5v3YLvkY2WG;DY6oCh&MGiF?`l9&TYoBM{!*OV=aZDM*;dTi;TTM~ZD%M$l9ZQy+ z#)D>pcKca#r8OcMr6=k9CcJMLY*$0sN9IBqxvzd7eW#C33On`|FHF3VG^190uk%jdL)rVHCNXi`Fg2}@kP`Jl zf1BiQvQJZc>}X*_VYMV`nF1@*N+T05_v z#3b*xaPX!vX%Z$ud6t8|rmSjzszpBvcv$uPKkmmJ9@?QzOl4FS{|1b1M>w?zj%0Q? zpk1q4=iCtTjwxkJM-GqkmtHoYzHGU<;k8|SBew|AdRS1aKp=p`hS(H+ftI=zfeM&0 zSJP?2a6x7kW}JomskP@*YjxuAg_b&f#AM9-VzWi#T_FL(k5T|f3kV*IU0~KBk3r*T z8e1McVyc`20%y{9ChDYa&ws)3&62pzD4JUEo{yHXg@K6O%ge3i5_We3n%Hv=m8p_| zP*Fy2ptEts%&B}7){Ca%EX61U@CY#}7B=n@3b@{RKzia1MuBqVzz3Ty?#)NL{o?it zF-?SGMmF0PSCDmi5*a(T%r%Wgo>O~r2$^45fg~G|Jv}Y zhSzLiI4aBB$cMJ4K4xD25NC9m&Zfw&clUuQ3)P7ryIv#VBzUFU6voT6kXyMes>do) zCp;^8(KMQMA}?%ki?g9}?mI5KmTjzIINgKBeUo9vfs-#cxzL?b0m+mye!#sZX+L6h zkjxu^QvagrG?SDLlKG!oA}$Jkyv3o&am_fi{H1*;j?H7c5S8IeBZlJsW`v$$e9^e~ zN`lZ?kAXHwX7qYCq&8P}Z~+A0bJjhu6ZAz*GdO9a8djUtoWU`vc;JN*J!qCRMSSy2bD&F{chDa+a|snO+#RNBW+nJ!3YKcz-POAbR4&F zzSHs9_5h2KI2g-?Sl~VOZePc|6fJJmR^Vhb^GL|Y0#|~E?^adW=Fr0;|9E>=|DAkdbt5|;6!TO%NJ?kg?CGJ0tei_2wbFBaHL8M@(sZSt zvT1CrGeB8Vr{J>Gh9uYog?*w}jPqz42+{8%r`>YE>yi;)>-4lD6A;?vXbaP5krV97 zo775MIC{?|V&6Z+kJorY^-G|ddpm6-bAcc8wu$Tqc43Qwyp{u+U$iEI!UAz(41U$n(5)hZi&8e0A%Ff* zeVoV#GhEtYF?KFH%HiaP^IebF-SwxbY#xWPAif-OF{3uRi9IS#sLn5X^331zyAhDz z1%8s@Gbq1%V^$2ciQa|$F5eoq7Nvp5iJ~@bB|gD>AmqF^cid9yhNJxNty(#EId7BZ zE74F)JtRxC;eh9t%XxFXtlRxaW)gESB{O*#zG#Qu`w^Zj-A%@1YRZ`%aLo?3-Li(( zDz@v&#=`bP2Wh3rH@_2WNaydfE*7OZnc97xm~ne<3VwN^Z=Ies8pJXH znWqydlUoCM87WJk+ZypcHMF0uvmA3!nUNra{KvL5V{8wOaR#7-mp9e+Vn#)`)Y-B( z4FEnkoX~+1IuHC&!eztT0tT4HCz)$qt1kXER*}EXrB^iOzP)rdJh2ufa$6qT5n+aL zpdcHyPwC#ZkMvCybbCp?LjuOsT}?^D9Hm%R-R;I|NQVuDP;KYvPNww@F!5pEs0f{5 zHRch@g3jiD7axe_P;~LP&!4WB=}Wy0*Uw9}?sdX>>V!ba;^WcZ@2C@nzpmc(m&)IrR;kfITEUTptmkkEA}A-66q%Fy7*T`@$N- zA5Lw=M+w)+?69lfW-dTKQ3MQw;Cfd3GRPKJ^-`De2V6h7{SLFVCS|m0hG?~KmNRhR zM{nb7l>qqL>q(fJw1e~{DJjpw)M$0~OtZ|B5w3)PbkcxIl;Q%F2v8^USWt-@NVP*z zc9#>3^-71~O73I+1WJ8y3>`Fk$zWKHIM+x=(V)BBcTQu}=32joi5wb0HhHjgMNV(jCb~(3GhE(pNhY~H5sw|Tp3a=tS zF)xa_*`$(p!YIY4LG!x$x6*3JasH6czE|$s4UgS%&IdR9GBdAVwzCVvIqd&%{GncH zK+VyJuJaqLD?!CpkUlI`cJiB3u8YMK!4L}h_t>(=y+Q$>MueDR%t49XD=-nZ$4x6I zi0zN3#=L1 zKD6uz!&7@C4@I)uJZ-!!91xava8}rPAJlBrlc)uqeLC6^>7`>kV*`k_#(*&8c%dKI zcz67XSE5^(%mwyccdiXE#5sA$S4$1PNQd%K&z#PXlwK~s(bzeu=%=@P%Z2p=b>+G} zcTzXu`Xq>6gzDOze$56pU+cn<1iPSybsaMIa>kDy{WSOZm^Ta9*Uz7gD#@3Vkr8j` zq4L>vdt(*#&=IqNX(kc0PmX%v962xXHFN;}1kwUu!q( zC7*FnAQkbd%d0o?yS@IkoYJA4`*(g9TqN7S6*J?XHRcf#l4dh4ceDCcZ}?zZ**h)6 z;kmwvh-+1!U*!|p8-LuIT~J3l{_SGUXFyLS3dFpHtRlzF^$Tj#+#(8VWuy{voYWzz zw_arG`=Hz0IDj*E_HjHTW1|ZYv?MIRNPweD2C{j#dGa1uB^C5QbLpw2AgMeo@3Mq! zQ>pm+k_)P_6J20!8Wn*_>uJM8u)S?Sn z+Gk6j`RQTHJ#oStIgItk)gw}47#(p~&sn>8MgzyLTfEPL%qU2U9Y$NS(r!qfptx1a zVZ1oBN66vJ`A}`_rvdRj>MWHMYNh#hpw&*wUksFg9cbgcJQ2fg6vUP1u+y1dBts{T zkrBrkATd45wE(kr(&vvlTe{5Kfam9h$N&j5AgAud&E9JFd+Wnk?9=&qc0k-!NPnpp z%=)x(rioNXCgi=m7r_dtsukyuT^}Tqe_Z8VmX&SNF(M7x2gTwo97ir8S=Gi$2* zzxcmqp#qf6I^ED$U34dg0r`lFcIew{Act~=AX2X+l{Y9#3 zi=_`-BU9s+TW97n+sia%+R+T%q~-H;<1`EYuWnhbiyEYHcdhLXAIQ?m9~hmop=6rm zuMaeIBp)c+BG2kPZR%oIwF^#e#-_@5sSUib&&>)qqjq~weP8M&jialJvh~UVp0Bqkt8Y;`n#~@VPZe&0+5lP2azh-Si8t zES4R6N71d(MgGBI!*XZ7ugtJo9EgrVdi0r!;{}qu)!B@Qu=*GrLOgvvVj=$-qOH_b z?FjrC8p>Z>kz3NA4OkZiZ{i_QHon(S*I=OUPH@-;acJDMLJv}7@G_+4(8`6E8Ry>j zmded0;5=I2 zO6Vy%>Z0n>2G})9+Ap+g)g==Fty4i9A|EK=IT!MTC<51EyGV%1d<9d<>L9>GBK!4?21&kAs42f- zajU{grRHgSlOz%OVyISy$ZWKuWUwjSOCmC##huT%|OXs!IceV?#- z1(pDwvv5<`0%U%wgucgPn;K1zeY^NelO@&}mOOv->SlP{dm7O7$&W9jKXJ7Q&_>|4 z|NhY3h?jO|p@aPj;IliYj*B*d-Y10eN)i zJLeF75xSts-amiJG`y=L(pVeh1vnq8BwJtPoc;^wFANfE=IT`aoE-0r%#my<9070Q zi0-9dJ_|FWITYoOB*CdEH~>`X>*qS$H0*RL;!XjAnZC%&^{p?~r0%DzegM>5IuB-& zipnIFKyJeE$kmDGQPS&QKHHA~h3t=}&rJYdm?y9UdqGD^hUrJ;BQSRY9_F7in0^5s z5&qT|P5)2>Z6&hH!|>-b)_yPp$mz>YqJBAjsJJ>>7@L5|>{Kj}JHDT;a;>REAqOtN z_k?zbz9xoiV*2RF*2C$O(0-!*=c+I`fX7@V_6gs49JI)X>~N$(uTrN} z_Z%bZURgOhVqN&w#f$R&EIa@QOZFxg$mBQ&<@ZiV4?X9(2J?r#Pz|=T%TJKeLK#GYQmeRxr z_ut|xZtaRHNP8CUY{0C2hAkxi1vPr*X28JCkz?b1k_BFkbTlX$8F~{3NEa2CZtxM=evLt;KcwG z&Yx%Q?Kyi=*9N($R$-16XWL$uvGA}1rTUn?%Z&Z!83-(=FP%0A^1hwnIg-t z(9nuvarpp$e@`@(wKHne(Ntm}KBO=i3jJO%RgcRNYT%gU8=s#SlFE%?FRnwG2)Zy7 z2Ir|5d_TZGua&txKUf4Kkm;gf4lAFG17K#nuWM!jH;*KPHml7L{(FUBa_Lv3ufD*M z)*obmi=C}?-Uh64K{SZTNd(FLhn)N$c?uw{Pws-_MX$He1kShfB7~{gej{iW_VWxW zXW-R-wtR*{E$MU`4}#ND00qIOjFzjakb4k)mLXRve!NuEF~Vd~Z&AaMyeDSqON@4d z)Ax{=md_(dCGZ8!K~4PCyv0p&wP?T(b;7@Fug~PP>*_9mf9R2szclx)p=kx+0-))ETTQ@H8oAxj5qhWI5h^X5o>a zP7U-_VRsTc2ZIwox3`@&5ZNdK8DiEd$-c-dfC%!|etvR_e;8p<#-#Hnq(8IlLCDOR zG-9wsFjR+_OzO;RfO@m!6Jru_T{zFh6JYR;{g>|u@hkQ6*cN;W?-zs|y#n|3CfHOCmZ*_J-#PsTvS@f0b*Y7{Q2kk&*mGmZ7mqt*|$`L3T~0M8|vRJ zB*~VN3#qgH6uPAuCrdL7ONC(qtXz)&9L&6*jT|1~%lMROn9VzLQ|8Dv^%pWDYEDd(Te9?rqO_IXGsieA&IX%#5^}L`5 z6d8;2V21Pa?8h+$J?N^9RpS?{JC{aXTxLD>XFXw7*g_U4ts*q=`&C+oxSGZmp5^`- zef*Su5oDEU@}?54JZAvV*J+!4v-Ps^QfvEC>zIxFj7=w+DJuWf9(*03^4igVWn5a! zwl9*BuK5I5XQ2adPFMfSa{?UT8BY%5E8`zTt6P*9Mw^Yoz9Sm}_l;RX$N`YQ9-(iB z&TB^iB5gX!&ba?OLaEJc4zXxR+B|x*eW6eqM$LY!3?8Skn2yMwi|B;$m4>r`HEh(p zuZvWNEVw%Sz5?LAUVHGq7w9CgvfxL(K%EZ%k4%6&Pn>qjO zc@e_!@r_-F`64G71bQ}y=2sM#7}B=KJ*jV zgqp}c_m=aVoH2c|4-S%q@&q_iFZXu zdLS=Xe#;icKN{qXrc%1jA#0q1L7w0;(w`T?fPB^oK=2}+Mae=14}k0eNbEZWa0%SE zGZOvN@?j|;6c^p;#@PdN8iP%BafmqS5vI}f$kTX-HBmPMFG2C9g=r6b8yduEz$n{( z$q)RmvwY_x(eDx=ab+g^>X+U;_#VP#iA7ZLml7kbd0~*(VT~6X;MdpAKt5*RdxXr- z1!4K&#=YF>t_aVJg{EP*rgGaxS9rimJiQS)c(iY+{<1|T;Naa?q^9811ovEK(C7p_ zcBc}!=SR3J*LY|YZi3NhIxEcuyM~&1h>QB?E}sS8py}AIZsZ%7!39?ye2V6!t-bdT z$-V@W_bkC(l+FTQ>8cSMT4OE5#2TUPJ!=t%2}F%SN=y_;)LxNew$^DR6>WqEFe@}5 zpHl?RqdXSl^%teife`8xz6KZvAiU@~%@7COH43}n0mt~vx2-LwX*UGj27OEIWPwf- zl{XdkNDqh_T7D%PCJ{r7QRyeZ@;~wv9m2vxH+Ee`{K~!{WxF2V;aQt${?n4cL`iJ< zgIUKc6WF%k=N6aYL1ubzE{>aVKR*OMA<4H*TZ>anDAcQ#`Q@idlR^s?;hjJFfIx5! zNhO{xkbH9CN-Jb-IA|c6Qrl$6xVGY-JIM?In`P#@?CMhxgts>_GQrx8P^DDg(NeNm z)gJJrm$5wV#N(isH-`{-O11LgDNDUKUg*P9oNZ*`I&+Z1Q&^uFpgzI1zx=VO;b;tK z-bUphL|6ORQy8VUX}251?1~S1OvsoJ{wB7B$d-icwcfIu>>VQ=5icGm^i8qOAawJU zQ#$z|bnr-&#GwSClRWX3@t;q^h#_WN*eQI9~Q?2qG#JR0PEyo`U1J9%{2V5%1$455(4^uq(-A z<2iu$s_NFvqc~a|@_4^zQQjSfT%p0j7CAP%7RN8S$EWSe9d4aNy8rej%vRi;_W*fTjdUiFY zB6K3?=HA%_5_3Vf@}fN$@ZCtO{`XlpbcoH|#vE6Bd6!?!_LdK5Qm9ttJ&s9zl6|4C zDoVT7*x0!97H>2L&9r%zl#bHNrC^zu;~K2}K^xpOlJ2X^TxYA~s$dNN^#3$SU?%zf zlod{b#XEhs$lxlBp(}sNT#ByucZjV~erxTc>FVf^1p@D5%URn6=H_66dgRzc2G6^@ zPkH4pN92=@USDXok0?bAKw|~>_H^D&zFxAeHs{;3=Y`ctx-0?G(~YgmZQu+uFE8C} zCzprzk|JOXDNK%Zyo$Wb=6inQTRF6XK!+-ph}}iO@6DPIwpDY`mBuszGsh&^T)Our zlR>$GtR4KdBIJ2`?%5*8NGUT`AY@xe)){6TkU9@b4tfMy@!omioohn#Q?$X>snvt6 zdks-!`lDl|P?N#hK?=0#w0PWF)=?{1fkx47)~=i}92e8lCXi)Z7BE)EpwC+6GJ3N} zUf*8V2Y*wF(E*sUJfK%y+OZp^VzHv^*bC9>7rj*N`yD2>xG*BXz?G$`25)^AND>_8 zjY_w;Z`qQ*%W z+DXVwwb)c|uGV{X@$J;O66{9&)+<$qxu2sL^iO*<44kQ!r{3URD}#+-P6eS^hoyv# zSqaNQpwZt1-A5aP^w_a?!^6StZ7G~B_M>mKXU9?JSSAFKg*Lpr$idfrqd4$>cQQru z>r3SJm)p+0ak?rcG>0++FcRx=cVNV+qtJcOSs5j<&F4sN=qpv%|Y zh6BOeo#M{j;&!^zPc>bn7C(IZ-1#cm=~4#6{Vz2CJ95zqa&e)2)~kHBd|)_ue9vuQ zt;dKv&Ez1cFWK%blJPf+dXnEPe(g-reqPv9T%7c>Oq^f#rR^Zpm_JO7$uCc87Tr32 zJcoowe)ho@PyB?s)h7EE2UEItj?>>h8-DYkDQs-iIjl;Mg8Lu^6`L+(lEc9{gkK7> z(a4>y(R6+}&!E5x1?kT--7MT&&gIGA0s~Ls7a%O5z&9u{cp_9#XMW!NXYyzMg2>xJ zH{$nn_Nv-73xtZp&5P&b_agWdMUpg}^EEZ_tWw<~))=d>6eQuBw)TK(AE;UUQYOC* zWfBp-9-1A+Jw&1KE&FWWA%m-sden|Jn1XG8`XqW2>OjqewxL3xn|Mz36%sNbozH}J z0Fadfk_euB5pgzEBNnkSHdXkAKs@8}QafHYa^iJHrGv(oJg1wp-@b;P>bpMy<3C^M zq!#W+SwB0_3t#RQyZ%Fdp^14rSbt28Ml%QGPQCb;5WQT}ZpfWl4dWtLV`dUXR$DM~!m@4Qz?pFk)wsyN`II!iAZNO9DXC8%m z#Xz7}#AF(I^wk7=M*B9oiTl+a`0f{Jg-GJx9}@w#=rcUM>sYQvN9`e;F7EG9whoS-v|dSA>v)%&1S^0`xNHv~(R&ap);{_Q%LA)`~rAE0>1o zr}-#voF!q5?=@X8{;>y8wd+T=V&z0l__XYUkj=tK=IMSHl%L7EQY|~Tv8r2?rs+S1Zeei0BR zlilF2T{5RY6Q%!9I|?Y;dUbX11@hM}J-e5R-pC2wX!`R9pS4)!4v&^;5J%o=kvv0@ zj0{zchDm%@mv72E6o1$i;HAU&x2z}HLk$V~!w)EIcEbCa&dy8r6&rko9%n`k>8ZNb z7OTuoFUY-E$u10yiONri9{600Mg(ek!-ZmdKmVswk5ptnT&U%}B86T+8^`R{fV%LZ z;WlRA&;#{f8hA^Q7=j1p1TaFrAM=O)$}yNZDxJHaJG!aj-kyrvg<;?+K|NQI)YsDY73|WoA7_(e)h&E5 zWNPE&H=*`DiIGNQ`?InxU~(ByROp?|u=t?eKJcZg%Ljg2 z?Ur7tsj2f)^)zshy$}hd@Ml9^sTR~1(l9?ufU64ir%3p~)9Tk_x52~i5$3?e)239% z*M0tVyxkHcSSI6oP#ymcFFaOHz0&Mw3h2N0Apie5?*AusTy6wqh?T((aJ;3Fw(~%( zwX86s)es70vs7j|phTK?n=OJ`)Cq%}RAGyw-%n}%`GbNv2+||%I!9$5 z7&RkuWHSPt6tF_jSMf`t5Q4r78_8Zd(H~qyArvH1yI=fcDgb(rf+|4&&YqDd(tyEo!EHK- z^t%5gtfu0#_zJZr$_F`Mia8V)hgz~khZ18_Us9kTv{s8A?})8RhV(BcL0 z6O(T>VSuc`w)G1*lqgv>d61nER-4!)$Imf z;p|Z!cgy`y(*1$@6jpVJrrc>y9%I)F^U1P#m(KdgOKp~S zqB&nRA+(Rky0r~BIbZDu?D^yREYS01(LCL&z)|qI znfs05Rh{$g)rTR$@Z=(6g%B*U2$GklK)|w(nNL8b>gT4c{O~ab45o`l(l-Q@CiT1g z9*#8OC}gL&UMKzH=JoHQa&csnhvc@f7>dVIoEE0PX;NsF=I>+M=hL9BA9zP0fWS2T z>hj=hamF}II!p>knp89}gNxV$G%3ihrVGNk7+tw4#m|I~PU-nr$NWwWR+{Fa3=b8h4q)m{ahUntS&6{xili% zeP9&92TNv#w56D9lIky>*NsgdC}@g1dM4SeLetHfc3c@u%s}PrxO<%J*2UDFh-+n! z(||`o3Q?`%yZcrK;m*xHllnCGSWkYLv4Lo`JWHyyJ{eS3{;{ONaQJTn-{m|wv(3uS3=4+H7c2lffr-l-k-05#`0=dW5i8{R1bmVj;yvHSbNir(X*0V>rKq;I7V2 zKa!Gz9NqJiiO=G8J5ez{E%@Nt^TGA)A?Z(y5RCx-h2NKR^Nx;4QL0csX+AK>p9&*> zHLWWTz)HeR*h5YPMY7ZUgh8o?b{WJRe){~<+7f^uEsT=3c;AKP8N;SYT_Rfy(j1O` z((Po3xT9tS(Src12d@Ws0`W^`kqVoz_pO2_PnOdbHhs_q0h-ywq%R1W9}D+_MUbBf zmaJb?^XkhgoPwp~z$IYSQ3yJ3Afk_U47(n3EgKB7ewi5tSYkdGtJ&F)WFSM5qmy0AAFtjL(xnLm#L_F5|( zZkajV-k95nb_I8gKyEAK?dnwe@{do)F*Ks!3)o~BM)L8?pTxKA*U7qiein^?Pq{Ww zvt!s|b+I2+p+MU7$KU@v*(FFHPWSaZqeRTuDgBQTHi#M0hkK0%2@@|?C4g9p`wFNy zZL9l><(keSH4f}xEIA=~`FLOpn|TiNDzC&OL=v^hcL>Ao{-H$_Vkn7!8jcNme zk_d8@e?w5hFO$eE+j6rusRK4SgzJG$?saRrdr;QYpwrl&&d^C`z@}vkx{Vm-6p>Ar2{xt8P@zZ{!{}G{UFLL_? zyRQV`7?~=gS6GF%A*vf65_E7t3_VM7*o_OaKss56k(3yQ{H|*S*S5F9!=E8C0Z3LC z7^ZJw&f~;n7pJ8(Lyx)qD!T<8Xl_9Q;MPz>jH~O%s~cjN4-+L9~MjS9F6S zNwKn(i3ywUbJ`8}L~8=bsjxxZE!4qo#sMZNG#LHg$U@{dE5vVwCP1I9zY%%~4zfe> z?8!e_!)}a@(<^^$EMe?Q^CX*N2gLQbQ4} z_&pRP6m7jAn2qg0_0~N=r&JiQY}q7= z!9PY%sU#& z51G$@s$N(f9Dt>%)etpY-}fv@sGqs=oV~rB#Wzlu=Baz>4}&AwG7;{(ZxB*7zl0Th zo&%yX>NX8dsBm9}e#9$|`eNqav9A!}0B7)B%tQcx;l>6Q;O@4U+js)P3R(>f@SoD1 zr~V5ii@fAC)7RBPAtpr}3ViG!)NnLwy#A79M`(EsE`;$NzMewC{1s0IbCrhyR?s=6 z6z*4aN57t`%AqY%j9}sCsYpn z-@q>5L9IKW3>TiN;fkYK*wx>^zY-7)2jHs3% z#4U

)$orVtWmY@;|q*0Y;e`72hyRs_oY!R={i>UtXo-zP^i01Sd(!{XRM5{ zyf=v?GXQE2;8Ku7Lqz)L*Yhl6oz?2yfK?)aXOdko)#t;dnHaCIum66s!}9Nfw7ARo z)CHnZ))Oh^RRT~rgbs%YVVo#jBJkwM>_v{|-lLqJOH9(N^1kF)Culb4PtolfotsPb z^VhRiS=Ku{Q7n(dTF|7JPERO0uQHds*5*fNsK{`n=YvubGO}W-dJY90zNMp`@5R(V zJKWe1nfE@_d(jHD^HK5+Z-CZWyUS_lwj&8y>Rfk*ifoS^ZUDh7@HYFtf6@`l$+d?p z_FP2h+o|;FY8K8>*13hu2T}l;Plx-AiKG%w6*F-Wz*a*#zrcdyKv;0nFB3g~EH{50 z&S{)};^T3g6N_u*3h^wQ(;UKT@z1=VeM|yR4&|ApoK1>8;vx6;=+tV`f@Y6yuAZ~V zcv$lUYxPdl^F2};WdR114-*Z>r|8$Y!5D4# z=1IO;07Zhd98?|C$Df4*o5rzHZd?tUql?|8*|*dk-Sz2FuG(^ao0gRwIlGsz(NG~I zLdN&Mot&wnysi7B&c2A+y`}*!Z>LNrB02X>#8hi@xzp{MRRF@b1lGSq78j)q{V66oFi&X@-GM>Sw{0m-U1GZgKq5Ar@ zx6^#|`B!tuYTyRYx8$_;F-iwbFvLW|!6Bj#nyWWYCOAk2{T0R)A8vs0K{_u`h#6*4 z;<~ue`f^JB@8;GhFR~B61-0r@7Irs8vF}+RDRT^4yP>Vd0TR?0g=?ruKmR0UI)6#Hf!l{%kcjxlGH<`z^2I@Yu2T0l zz*R;<-W;mhFjdVtuBcVEQb{RbiTs)`UH3UwA66fFLz+LD?tqk`MiiZggGJA_hB*$j zZ3clD$}Eet4^Fm`_iTefP&oEuFOlmKEt(I(gvpSAX#<<+@?}$IuUMvYg(?P)VuKGc z{I~dEGvkcc&Yf*;fl4E8hXz}^9xn;I4&5m2KHOXL_0E?yZ~3%mshoJ1q`qE4bnlI~ z)-N4$zT9djoiRs7hgeo`L*njGJ*Kkct#dUcbx}Tq7iTd`bGF1O{Y6X z-vhpK55MFF{PG?>_{uH=Dt8lcZwZMQjzwc0eB~9##b=Kn(r@(Lu=JrBA_8Q^4e)84 z1^a%R{9)@T?KL$#itaJ9zv%pITSyF$jeAlqZB4iARGA=2$X8^4ZcE za6*{hm_7mfL`b2s1z|2<1skAsJtp_17E%enDw~QR@bH^_X_6_8DKdMp(+06O zE9Y+G+NpEn&3A@@m4m}lP~|MN-4jvGG*Nz_lP`jMNeF;)p<{bzwq! zw5CDss1E@doet#A!7eQ|4|4aZ_GvkMEDa`n=u9oit&^g)ZwC5}6p`#!CAAcAGwvDu z5Vg)a<(j6a41Xmh+)+%;vAt~J2BziV9kHX}QQ3*Cvcpq_WM8Z<9_CXT!Un1A=wUTvs%?8Q*rAqpF8|n-jjRl}S=z^4nrq zHd{%mh5Kt36MnDZ$R7{cb=@pFB5nG-j*R*HjqH2-I(?EbrNqpnlv(Y1cCB7rIwe?$ zb2@!XzbZW2Hh!2$B@pafaEikh{L9sJgw?3%=pH86xfZJsZe%lLM3VW57TOFgQBDLv1xYbD7boz~=e;NG$M?;?9*gI9jOvCrmeI<4dN z^rdcbRZMCTk_lBG+&Ss*X8JFd-~}RlbO(WLZai=L_-w_942Fi1a$R0LyTHkmjw6%H z|3Bq8I{%}3OiBC~Pk%a{IpUF^S_Belm$#g$CZKa8wmAPL8>W>ld9}T+d+*3RSASc) z$f3N?jxBa=fCHccqRqQvHWEjq}gx1nT2Q1zDDMcd(+8?6T~jE%q}(s<)CvAZ+K zLH|#;tAdetF;}eiw(8RJGQtO^hJHs)IBBgp2-%`m=iZyPXnxnqN}eh$`pA^hkqu?n z6(9bQa{*yO;q;r-$nUsNhLOW73Btsc*w!=QCz8Y9W~6)Qkt`CRDU~6l!|IQ|#k-_$ zF+Kg+WbWXTP}NMe;!lI4KRvG3CVyIS1H>3E$haq=g0lXlc^X<5tO3hW<5Tu8>0LKX zFz6(0GZV$lmT2ArvLxeWdAC^^FU9PyYAcxorW z6W?*+i5XE;>!7Hd_@&-WV|Ei;q+zy`IJ@Nr|in!0xv0 z9z-+=q@{#3eTV&NcvK$2)~&vfHHW}}eG zW|z{^V8O$#2ER|#YR9)45s0Z)8da3(k@Y-URE0GkVy16klxEeZz)628{3ag6CjoH~ z1&B!JVnFG25xdrsbGmz-fK@l-s-#N3<9-I~)jPNWpZ1MSkCH-?#-g?{`8A?wTMWvX zjVcuPmSm5$|Rgd?(OvXzNlnUSU_zq`p(g5=jCrsCz1#t zvC5Sv4qg8bdv6|3b=&=mmzxqPl}#aOlC~jbE{S9wGHhfjN}0)=Aya7}QX=!1VJl?Z z=E#tt%*jl~5Xu=Z~l7W^a3cuIpOUwbpyR*HIjBwPo`p zq5v%nLQ?+Y|Cl8ufp$Cz(9x(NFgt!1N_GiA`ve~}82kTYmQ)x@v?glw79er50!P_9 zpHuJ|%DOv%T$UdPJcQbp>JS~2EJQd@>E7~D&H+_iCswulSLW(pYk|+8@kEz@s0Op6 z`|22EU^I0CFQbn7EllPCh^z*2*yR3~X;LtA!p;GkL(r-M@ePOpF&s`Gm8Vld;(zf- zDW3+3w>x_B;D4r;&LKxQlt@0vmceEJ`WyNamm|2YwkE5XKr3KJI;A`$p}_zow~>AL zT@J-g<0z^bVGbA02LhbcRI_JWQiu@nA?8&eXBGo;W( z#!8~p?*aTA_|D{VCDVWpdbAlSbOKcm0B_>Ppvq-)9Z3vn- zM!6kYC79@=!gGiQtd`e879sAXGk-`DV0g}Uw%U9rBZku6~v)J#z1@Rs}1XFmlJao*p9Q~tJGi_DxG1)@D zK}^{m(WI1(tM4X&yv+%ox%0o_7Qoz%R{b(}8(#{k7#%p3|D!D8WS}aSHf3Vxwy_M> zMw!j$toSp(VpD%Rp;nu7B75!^fC9>j42$rEIffzZSo8?*a{o9n3B}XEpq5vKXYm*V-Tj{^}_# zBq-&2nm6dmKh#2ZGsrN7kD(7*+-q3e=Yi0F(QlxmrlN&o*<8)?hfM<}#h*nVp$P$n zWTp^LeJrV<7gB(XgaOPJD}mkmr&4$h!*)4fv-bX(r$kCYxB_SLF+CRdTXEpDl$Bs5 zL0Q}z4Aau3B0k0%*~S1%HsW>^M+uik<-i0d0rPJc6%=YcM|XaDt8iEG7-MQ9B5pz z`sT(GJ&WK}f=C;41Y;P$7@uf8n;20O1wpH2&N0 z>NaxrZ|?nVl%Ozj_VooJ8&k%BGL{Lz7!!a?*IH-PF}M!`cK@a&QY;t@F&CN}qI)4m z8N~P>vl0GuUiv}E*~{s2|Dh`$FoqAD{jWh&&=9hk3PqZaQOMcf?U8tioPDg^2y*u0 z0LcBA8X5XY6C~`PcI{73JcB%OQO-%;Kdeg%GA_SCQTqDe?CbyUaP~jfzxHem!F^m^ z|9-+^*9#d2$z7Wjl~t6lmha|g)ZsL)py#LxyR?VDYPURJRq)=zDti8fw8vZv_mWlU z=#+QSQ9L5^nd@6$VqVX3any1!n(7X9xiNCKVK6Yy#b_krQ)o~6XyK?!Vl^4Co~$dZ zKVt#<4x9DPH}31sSEf62UXC5uK~5{SX*2m-Dq5qra^HnFe!_l5D;5(%_MXXCcxsMu z^B=!|%Aj8oRCLl2{TZ#y6^|dmCBlyHOEysib{vp!4hY!f&AF}2Mhp9kV`34X#gSov zv}ZP40J|Us6lPKV+Mt|0#9ZUyPF9aiWR%a~yKk}l`cCwr=##^C>-SdAdcw=td$50w z94>X`*r%E1gMO>5w|PLvel_1kfPy{b{YYNZI2}2=q3q^R9rRubde(ZnTi?bC1j!)L zmD3=)@~UPb+w4=lK%c9vRi}ak_9dBz#Ug6zFEy$Du{>BdBP{!6Z2j3?*b+DXiJ>HW zPx9fZo!bQu$R4%nd+M!gN{*NUT&=)$0#&yXlasko^5snI zwt7By?U6AByby35zAjk$aqi(iK6n#Z4K5w&bRS&NkIa8Zd-EGR%PhWn1!3*E!;Ye1oZ~ETdEjWU{Rw4IyhZ-+YT017#q~zC| ztP|hH=`m3cx} z4kq3irc$m}O=BKKyGwa@7i;}pl>uJL7l#|$)8vcvPVIM@@`4xW#65)6?y4j{{=IA1 z{)sKYY1WYj75;w4$2X7Yh#bJ)=|sm`GHgv4Q`=2Or@$6l%Wr!Swv+qb6D71Ky&#=M z`xzNE#60g|>mw5-x7!ELDWmKm6v)c`T)9`7)Hq1~KbTpwUF7+eGOQ!Zr_a~Rl zR9Zy`4lzD}_Zw=%GR8i~e;1}}Op{0U;VhGYd5HaFC;$E87xLH+eca7jPmqsV`BNk} zk#*4O_lEdc#|8bl-vMV~sU1wb+KxjLBgJGnw5&$`KMrrvF-yItjV)c z$Np-ZincFhqM>K@pjerqXw{R;M_56<$&z(LGPd|I5jZ&0usngl=C@V*tato0S8g9P&PRPVzD8+zT>Z-+yJLN#yP?N`!|SpT( z3f+i?w^tSv=U8-^(P5Qd z+&u6odhq=p75!R1rCvp2*9y%Fs^8w3khhvnR{pN@#R4hoCKWP%oIv<1E# zMyJ3`!={JMR)mhV{+19s-*HVcY6k9Xm}^s4vbH>NVdZ0jJOk4y!v{GgEo@CIH?6S` zegn3|&2MY!-~1Q3>mL2yFI^8BS^ivqwJ)r{=+Ti?%nPvNSWCW(pyVAD8;4ab8Ub)n zUTMoyOLS^cREEO!Kl|2Kqmxqjs69`6jp@v0!Q~ zs?&y;Td#g5rZJ#klIc+)p2(8%R&W7YEnY)tmo(5wvbv%Jjq_^x41(e@PstK$?g~Bh z7P2^0U(qz!Z3=!gh1gJ>b*Nt=qQ(a|c>%T_9@z6b1Rz6W)hY1Mul$)OmDE6@!#caE zH(pHuQT|RaR0mtHA?@#wbX<98iT*p+hhu&&5Rd%OkX1|z()3LJ?&nogB)V;mBUem= zO6#iQGipp12$H3XLVJ$vn0u43PN47&KcsxG6u8JHp=XAB@cox0s1#M+qhX?7y-+U} zQ%fet`fM$JZO)2QY2TrEvA z?I)q2GuJ|gN!0ZgesO?}vI0j*b?DBJcwI1;;(E5}M^oZJP2Qq*+fqg73&VU%ZCD68 zYI+LS2fSK#@gIJf5alZ#PKPgEXrl-bym6b{#QiD6N`bAzof|LnohWsE3EulNY11s% zn|Jry)HP$OXSpEkjy^lZ0+By`UjWCDCaaQby#A>-4HRd6kN4Xilz*RQeHtyrV=Gxn zRVb@d44EuWo?AP+x+MGzDObPwuhU^3Vp(L){>Lsxb$=bjFL^>kTBg-dnd=Fr*kf`H7tx#Q-l~NyI=O_)Uo=Z(S32p;911f&~rbcLVtyVFWCQU z3-1D0&`$>N?DtS$yCJ$7AoADG<}<=u`(KJRjp$SeUWvZYiEax7jhF}|JlEfOfGI2e z1h#Bf3l6j?rjbmvDpa3zv{+qLlJAOAwB=u0x3kX)H95hHtPNz)3R|qW`jyvANA22V z7m4IB*_kh>m|}eDAxUAk(acZ2CP8?kzKLh{;Pz|i0nwv$AoH<$^2Jv4{B&UFRkD9@ zZoKpzB)oEV&>Vfb8JT3L)vmtG1;ggc=;x>n0T;2Vug~y!?9C}Wl4yoL;WN4GBi@8U zE|^f)S8QMtBzl`lP{3|4s5|@9Qs7sxSo5N|0rX_KKWFN?pd)+KhiyK%M(&NlQz5k% z$9zjr5PFXC#XcjRUy+dKSFj-Oe>rDXWJi*(y0UDTj~NsQjaF%)FAk>g;psb6a(!uA z!X*0HiA-gHi6U@#pRLAba#v2n*Xy#n&?v6RWgyOoxT=T70q*#|QREMeh=e`9fw= z6&k10;to54oD#Yn?2MN=fDE58h-kdicax2mY9VA-|8>Xdz_Gt|_5BgtGa49-oc}P@ zg@;xUKfZkLl+W-jBjD)b7du+CVF4ai)>1Wh^xq})Pd>FUGX)3V$SbP}UmOC)ELp~_ z>8*DgQSI1ba80g7S6hierYc2XMd(%0E7+Z0hNGVK_r>9Fr!0)_Oe%xS8;=&Zji=9N zq!Rgm&mzj9+a;2&b#;Mq=Qb9BZDN!8lAR~HD~I86+Ov8nw4plKuM@FtH>Gp=3o5qx z+>=yn)Zf{gW#O6gJa$uN-Dt@5rl!9%S|4df%{G4z41`93J{<73t^QMok&HC^@Os}# zD2HyLM7cduKH(ew7`mQ)aSOipCYi*l@Hx@=@eLHSUE$^y~)+L0eEWG z5o)%Fyc90gU%25lZPrvFHDklmk1@3nQzEavIAX{;wgohSRt41f0*|Qw#!J8LKhlD& zWKPkb6*k`jnknGtnC+hI$XA{65Kh>Oo{3H(@-mX>%3bhG0b=a+S<)BLv#WZtZ@VjG zQxOWD+7~|7P!qmBQ177j#&>KY^F(nk_K|^tUci}bjZ!Lz6V%v_0x2^Jg4 zXtK&7Q{9vC*>d0RZ>a%CCG7ZcNKshtf*{=^KmR~{5bdkj4vM%Vv;%h0LVKhi+oH$$ zO7#L~l*w_S4t~J?06bnb7K_s%e~lsrEJ}UB0a2Hp)zm$B!0UhJm zh7>2B5$NWUKx;RA;Gc+HDeux^i>Ewk?20k~)v;pF$j?Vi?J*koVhvl*8ldNyJ)q#= zZ7jTDb|}d~KAq^1{9Q#?!;!oeGg!qYPdkVf5+*+Mz<)zjI3o(`zBKcq2_?B$^)`0i z?%h2I!b?dIg*P=3u)m@uE2-SKoATfmzsKk~h3OtV6?@Qfdq9EtY(0|YOpXAJh?;9H z8s~pw0n%u>ej6V#@SqK3@Lb9YU>Yl#9i1_a3P^+K%C0yc-5C3Q#d=4P`Htf2L?OZp z4%(v-TZK-w-z06{_Curk>A}-sSW=7jd?`stg6v>L%=caBneUUS?54CXxES#;{#`yg z7zYYaj1FAf@P_oW(!%v`NDG~b&+*ctjF3U4bnJwh!I}i62|A*Sn(MCW6|g2Fb%9c6 zHZ~~^Il7kpOjE%?@VmWy_E+aAf6yDru-@IvCyK5aL&~gjWCxWNAM#qy2{E99 zNfXnyW-C0OjYZ?|(PXe>5o+{ckTDXZ|CKTF5Gz3Gs`(L1c*Wzyh6cDgH5(&m8IUIS z4Ee5tYvnzsj`Zssl)v}I7>~|X3_2GEwr{&jd#4IrXFZvzF37T0jEP#a`Lm27IqATG z!7|i*fZ0U!2dn`LMc;vy*qS8z^>z7Pa_ltmAQ7()iIOna&HhNNb2jyDX|oEvR%*MU z4^ihl_|T<8MrK1FV#WJ2I~b5Yti;X1sz6N%*g1HP?t!1!6OlMFAN+?r{3!#hADrTS zj>=QB9S<84Mm{9v7@UUlLN`hjiNy$!nbebf;^mNL13q>`F4wm=pNAJ&w{6Jf5h)L| z5jg(y!MZUUmn%$Tl5mID}+!KOE3U z>(MmWEwC}WWz0&{In|w!LHTiFLp#@v0_f4^%2HxJhV3MoE-wRSEy;qg1Q=y26($wm zZen%{Q;x$I{)0rmIB8}6>e8vabCQ7~C}I|~2aB!oF0v5Qbvk)gza@=~3u9bJ7-%+5 zq~q2OlcVT)O*S?|Zo;;>n-XaT)1}kcjkllN)t6WH2yK|Q2Vr^dkAl4>Fwt!RC08Lo zVF7(k*->X*Mn=Z;G7TSc>E<;;bQ~ToI-GIX;GJy4xaO7H*Na^imF^;^p6Cv_p56JP z45=WBU}u7N8wIx=uCH*46C%M~IaH3_#%}~Upbt5BrZKAqQoK$k`<_YOWj~wdm|4`R z+Ak()9VzM@ix*XP4xiP@Ha1ArA#vk3uS&71fobC9*X5%}C(jxWe@1%yKBHoILd5q? z%k?>fdX=oDGkX48S_acFZ>6*R`EZHT&%d++5_k1cooZB{x`F9O&{p5B6%No3-#4n+ z+c7a>26<4}y^TEoCot6H0&5zdJfa!tLW70Bjy5lsMmqMI0A)r3LMko<-`PTw3FDZX zw(MkKF4zadnX-Uk;L`fqYAW2RV;jtVl=ZDnISM#V=@vq$RaYW4_OL-@_R(0_iQ+lc z0m;B+i5f`8ST6RuSV?xK`MNHTC8c?!Lq-Nyc%zen@r=W({lH4#07$#=sMIQd!9LfP z)y=YQJ%x@|bG*QK;1LPDS8cHpTU+uFO?cYt?{U7|R38)2tQm)~gy)?=O_}+=;n>N0 zv5fETtM0eHzM`L(GpP)XTWH-22i;E)P@1j`E;X#lN42qdG2Y!tVSVqahgiRL=Ft8}~*qjy( z(`X*n?VJQQsSK9KoDIIu0;jr2>5h2q9 zxEo64ePcgX_iM6FqdU~yMS}>ccPcStlGJ#|(4e-py&D)W|T~c*-3^ zu8iE20!jZ-S^_8Wh?DJopQGx0W98p}&NdWEN(1#yza{Y_XP7I{UrfU6 z4C`(;p(@lnL1Uw=gMuc;3sPUm-%1gvl0CE3f#N){I;WA;A2S)Vl_fl% zh6_ZWKW{lT1YK`Q4=!Sc6O2$gGD77eN11qu8fmKQtJ%O1(+O<&#t8Li7G@4~UeWn} zJ;3eC^;~C1ujmpWa=U=8ZcJbVb&j!z@Y#CDtMu|{5t%KIy5%-=19L-ox$fa@gFLpK zJQjnzA3=sMt)7gb!2HD$gUr>@$D4Lwx2{J!t|@7j7=;MaOo-Pm4!=LJ z5oLWmJ61ueU2EObSG#zmB*^Mr=w}K{n9B=iYP?X4qsrq}fc(zTWpJ&5hGgP*LKBWG zrMt~@tN;t2qPJlJMWFb(HmH!1zRBG0wuEjbQsD{=cD8^4T2Wme^sKhG4kXBP=U1Q< zCCW1?K74;=ZRWZB*)E_zer$5=2TXP9M${=CKfVuIG{%T0#+CLKyA(DEa)#(;8$am* zww?u;Q_unA-&ZGIW%--6z?dRx9q^-*|x9F)Yu0YXrYKkZ@ z@t97$&u*Z|X%-DI2rq1i5VlpgeGaAy^bEY}{{d<^2{h9$i{aec5*3*o*MJU?X`+=F zxFSkc?Jmn5Sh2_ zYAX{C<`7*q>nka?Z4*u}SxzY=)pr2bqdCw#rWUW&op@sodCHd`!uacQZ0op4cI$3c z`;6Mrby;+AEGfDZXtt(&ZVbPHabeJTHJZSJwE>6EIl*9L z^3SgQ7<2&s$~-}0$^jTkM{*J6(-3FM=|U|0*ISYB|kW4IWWX zU;s>cf&Ih{v(%hma6C>^%Zytm`P#dAQ>Fzqc$~m3bO8s?0ml-bll)tjBkiY)7f03{ zZFim73ufcpeavhu9lW>O=m9U>a^9$C*;+zydFD_y9ddSH^n#Bnk2zgycQsTyteQ$u z49+CU9`bd=AML<2ZOsM##sb%tUDC`3(9IbPd*d+WQoEICJkwzmZSN#7T;zXxoIU)E zV_MxbdqaN5jqv=4%K;PScv7+%H^(~trLmuAvP~LIt@OBZiIUX`f+fL;Yd_4APd57m za>cMXUHjyC-y-ai&Koyq#+CAC9$7J?nCAyU=KHdP5{zzqZKgD`2xgCmxP=88`Y|n^aS%Z;(Lq&`_ zuJ+&s3PCjBuxc-#Dg_3QI z-0N=6Cg|Nc`QfTrnau0t#EzZEzIjq}=au48$GD!tEWrCT%tDR0MSce$vJzf^8FTsG zC+=+B=|FvfAeJn7^0YLyC_$Mhsib3(qh4IeQZ}EhFVi5=m21&M77y90P#<=nZtSOO z&DKvgC>u(6etA5t82F#^4t;2fmo9WL&S-@mYGY^WMEZMZUVM&)=E=`6!0ea{P-b=? z;?Ps`cEM+>sdNLo>m+?>^%Y;IIR$2*Y)d=W*>ribk)I%Q>)n3GcKpj%SG8L+p@5%H zAv2?@lCb;|DAb`&sF#k7%S-#Fa>i%kF6cH#D-l!@=!1wts*^3V>2BkUzzlDht*=TEkB3WB6;n?R;U_UeIU|Ms-B|DGFlQ-# zOBzVUm=gmua%~!I6D8K8y=utaKHs`ogFMuSqxG$0yO6H#13%T5q;*CR@)7(Doyex6 z%Y{5O!KQbwLxyFDb#j$g?`*@lzTxs`CsYkWW~7&;!*hveYwIH2mdDbTI`ib6Qe*N| zz0L5PI&MqDdQr+w5*B$0he-OiIU_c{e#3o?md*}9idrC&=!3IoKS7+$_6+giwNFk~ zb$Sc*{|yVkzMJP)PAJNU*7`!lx@UtcFvRC_7en!JwS4{@wfqyq)7cqeHc5UK1&Iyp z&y#+}&e-xA)!Rvi)n<+RMbtjQyLS+Jl_!lk?{`J0Tx(DYa3@4r!u-WdhAXa3!$)$Q zB7EfMr%yGm9}soTtCKX>w}^n2EYcow20nDUr2jgGboQvsD^G zeAM{aYAa3m2oKW$r(|`fVz=Dw;Oj-}Yb%A_uhKvucRtr~hgKBb%bE>&J~!rFIYv`l z#)aJm9v;(GNsD@Nk0P+P<_aL^6N`M8tDd0CTgN^QZ7ekaIS{#eQgA}4Gi}?Q*DQDE zSvyv_Li>V8Q9ACWi-Xqvx2NgaVqfn#`liWzEJ_k7CjD4VO!^a)mV4NGOBAcf_ZK6@ z^dtB3IU01tYDzgH#HTLB-dNC#OLv>k8TFw=62Ixe$7?FPVs_wmm^!jeYNWmu-H&fo zi;eUd%FdJY_S9~TjZB>%DXW6ol&PZ?E{}p*82Sx{9LCxX?dgd(D0@MlVf^F)z06qS z4-*5R_nX;6%9En-z<(F$Z4-!ZV^or5k>YP!>yn`glj2H>dUky07Hvxi4>C95p?u`t6?Vyvky0TK_U4 zGHy%0@1Xgqivfl;o?jWe=sqqQ@2z)Qdb0UE^Sol=yDJdtPOXfmJG8t3x6yr-XTLTf zQBXSNw)2_z&Qw9ElrO54ub|@Mu=>e=tkdEObq(K?b5|n$HHyN5moeYq-eU8qDV&*! zr68UD(3mZLrgax*Ep-*4PtBb`nd0(g-&2X#d&gkvSO%|JQv!V`@wWE2gp)1)-wH_d zH2e-FF#9!V%bGLS%soF_g6@}GG%cA{SCBv1k1+BW4D$yn(?q)() zYxkw}t2prwH)Ssc+i2Hj96v_v4z_XW6j5Aa!?EHu8HZ-=&RR?*D)xCr1X2xVi|f9& z4)s|gxDwqz-MdEfnAP2>oJKJ3!&kc^2!hfcs7`L1d7(H=6J%?~d7r5&Is2@$ThNLc zw^sh7{$HZQ4)gr;SC-BVAD5?j#;e||EL;G0m*N_)nh~4l_y^`GG%%1X)P=j19+x<7 z%qiWW%QXLJY|^ij=LEaq$1T>*RdczuRsQ#?I@y(krH7vfwX}VQ73KZR7VuCzm?|*Y z!uvA%KI?P}%@DzZc(uLROLjOZ$G4H+8MIV^V zjZeJ!nF+idI%&yDR)-1V;q-r*h(B1K0dm3?7~kopsX))HJ@g&o-@?e6a(abvM*Jg= z+kpuVlGC5kqd64JFY)Z_mbZ#+<(_c9_Chr2yy9dEdf}~wZ*J8&q<;63v$41@ zeZ6s#i!kw)ilnD@#S04YvO^(N-Ta|VZ`rxNo`yD_9?P!@C8v{!6gsEZfymO<*S+;z zjv9qe!HsWQ>ibKyW#R=)4W3hpe!Rh@i|6{f3NulA&L8H=ePU8B;hRoSX8JmwK0U!a z+28kCU)A@G7s)i3TdMi$A+7Na6&1^yUs9uicy+ptJ7oLpqhMJ1WIUszU!X%I)ehWz z39y^cDL5a{sx{Mx1dWs9kI$R~@0*cADA4k5go{^hp92RpSoqiEFD#1Z2nGJ6)%I`~ z^Adh}_d_3C6V{mIoY*a760b_&cH<8u{(RC~n&g+3Z5?8xTpLa71F(<1-;Nm_=fZ0@ zlX+B@M2hp%=Pqd=ok-K4fz*Jl)sk9MguuR*dzWkF@uU~7alNOLuZj=%JyWCEfm1bY z;l>pc^OVBvi9git3q*xOgv~*#9;Ie=(tKQ5R4F`~_~rFnBeQ(?CkiWz?IoWs^(s5{ zCfejF?hEQwyREvW!W46SosoHY8Lkt$2Z<%=AL@s8GutSC)(;@*wlT5g9KURvFK^-e ziNLhHINfJh_JZmtxS7euu7i(-1|D>}u{)-SIF}o7{t#2E(r!$0O`93)-azr4t1yE@p)MX}lgl5>gr28D z_q=NHm==`v^G7)gNZ7fxXB$g+J36<-(6gJIPoNOi{?^hSd*}jg!ka6E@Z@TF? zFZ5dHrMO+4!|vwuhr#!h z1v%_K!PVT#KYvf+wq9k>^5rrA(Sj++WDL{C7;pBafA@%yzm`kt_}RG}sD2gb72i4M zlgzGcu^(JI%1tSHy;PpB5qxz3cH_L+Qxrt)xmG0WQEopjZjN)eb zEn#HyO$+lMi5GEi$3Hy6hdhg>kK~%5>li8R#?9oHF1`Oj^1@l%11d%KgpWQMb{^TVm=?g*|PzrtW1Mn5OPlzM!9 z?~udWA^LER5W?qp0b@1KFq_!gCa}cv=Par!V8Gq>f z@Vu8-P0RyTCuzMaR=R|Bbs4R&^6kqBMIB%Z-n8DZtj$UVZjv1IynIIv1gG7%x zt0ndh9p5@k&BTIdBh(WH6LgJk8jA!;6T;_jyuXf9sC}8=Jq*D>nE9Qlj#f|t1N{(z z@qKD4FRP9Uh3R;-UW(Ec)+&}%cW`D(@j0(f%S@**-syaU?=j)C$?MONZuIl!ElMMDCmrALqQZQ}tC}pwpxU zR;C#UC%?22Obzk-a1~y`3Y?WLqF=0KP*U!^K=|VgT;&Cn$&ey5fcwpSZ#U^xtTv46 zo`jC|v|5>z_NkC-{?=zatza0fe2#b_$;|pOJ$t14+EQA8BDJSnUukk+wuiJY-&>HD zT>vNFYcQ`In zBN49Zrd>q_GvD7G5S(OYVeZ_#=FM>VW@Qv&j_qnH{=8$-c`&v&hUl#T!?*G$VeWm} z?S%XE^29uq%5aEGa=-M#*v@-shLL5`HyXk2*BvLRd0u z!$6szkrrbQX?8oS3(p>R61^(GKz88@##hQ>BY&tD5i5lOJ7srf(aa#Qm$BnpBN?}_ zpom>DBq4jzT+dD`iZkW+xk6gOzdS(mC={$lx9{+aq|Xl0;n_E`kBch=T}t$xn3b=L zeTdgS0u`dH$L4J3Xh9#6?o@;xn8U6f+pXE^r<*yW!l57+M`N*(TLdah6b`Ye@P#^L zyfA$Bsp-a*+N`tCeLUs&v@EtrZ=x+#Pt**Co6g%1@i)|zl=ENrvvY-P57#kI(^vh} zw#A~>HznjE^`ji8=OZF$EUoUEGE>;`D@hW4Eo^#8kq%)Tds~GO(S5g+Rc%f%%d(Zs z@WQh~f~E433@$)Gr1j#5ET)lHbGh=vTy1lO*r+ejxZ@LBXJ_j|MVL5)a&-dot!1BL1WwbYuk}nC4S9Geb3sx#CM75~{ z+j;48^ieM}_tux)nN%lM<|jsd4DZlvo}ce;{FJj4G1JC)F-MJQUrM9uxp3!Pps}JM zeeQ+K;1{2Z!kI?_bf7aRX@;4P%;U<$B@MM=qqEfoeluU*1ZnMT{t;M?;vd6VLDO9A zNK~|)yg&NHp8b`C!G5X<DB?( zVsDlE^rwlG7k$n7V!8C#_k4{=ja(II*Z*tLsklkm+hzHfG0Ep!wvaLOb*Jg8fHwS) zk_MkPAj!o-wS!Bf`OrZwjplPepX|#K^%ZyrCylZ%4a30iCliJAvBvM#o8xL5&aHRj z>`=DN(jfR%cAhNt^Hw%4kETNhapU~CU8Ja8lbmT2TfLJ3hMNT`t&VxcMXNmh3CN;4 zQk&YP_fz_;XZM?W<1}6aPjfTm{~kM6M&ii{>jWMmg~W^wB%->xf0V^a%EKtuhlNIc zCAXhDb29NNUqM6b8?8cGy^e9YwQzqoRl7+($wAUT^`2K-n`a5qgZb8KUFsr?%+CJV zI_D??KmJI4_Va8!6ydY)3C-SN!F<8N`idpJuu9t&gnWwqH}Waw>1>r8y`o0^CDl{- zrv&kVl$U9y<@ac8*Ut$(n^idwbfydPecd{n@5Dof>2-c34;aWo;{MuV_+Ou%({NBC z={WvG%7BV z+w@si>lU-x95Y+t{dh*^lUMI@RJF{9)iDVy+^cylm0+P#mP~bUUg~{wM)Pb7z|}N2 zaooALB)iYFTx4EC(!CBJ!Yp#@W)=iFk08jITc`tp4_evYQYA;HfadsNMTc(l*Rnl@ z(Ye{rGDZ!w!nTS6hiLrcjh|4*0sp_Tfg|EJ6sZe$&m|;k_a4asu&$rBwgjeSoCt z3+1)tMg{8n{4o|(oD@R!x8`kkU;BQlkdph21$dT{vxzvjnGhS}!g$2zy-lA+C#Vnnm~M>dNdz*0g1}s zDHDU(*r%e4k3$J&iC4_Gt#@GM#Pn)8bLwKQ7x+1RB_a zfwn5Ex{+`hrMsPKQMSH2ZpNwOC@oe{WW1zSJw;!2 zseWVz)HAR4iT8&$!MU=+;JP%ud7*U5qd8P z3t9Ll#S^g%@kr;l>cfxobQ5RdYGsuGwLV;SM{#p`c1DC(&Alpo%EvssdkW3=K9}jU z&)=wTPTl@2-WBEpc8^#tJ6Z@NS*vvQIgRcgWiB!}#U2vDZx&ovwsS8}X|cU}!%=Ag zsMg=O7GaF)@g8Ei6!^1!rpdb;*3>@;Yc$?iQ+fwg%rpDllj;_%=8RK+Wran4XN9vV zpG;od$O^l>GP&)AWrf?-xv{J;P(XnOJ>7Pf^XR*I_T+CWk~a8&mK_RZu~#J~z0ydc zTkg{v8GrV3$ZGRqp1gM(X7{wNyoZ{Lj^?eTtEaiTO>P-y!sRf%03`QIOKeY3PWdvu zj``=cV!PN!YkJh$a|_bA^C35?E*ljxC_d|h_Z;cL6I?-RQ;sv|kHGWFVGiRabl4_}&V zXGmsxazF1bRXU9DpGM*6xG6fB=gq=a70+NN-58-<#9+k13a^<{v4>sZr;64FXofG5pb( zpC_Z)@LBcl#GgHow;Q2au)8>{owF@$=2fjMKAkAIHP^DIpy>cp@x$3yS@kxH>Yfn- z>1r;72gIKdKKSrDCes$uJ>hO1DH^613;5?L-Hds+=dFwMwSC9W z@fcRqF0$39=@k|<{7T#EG7*MSyjm}wTWuZoby@hDPw>yo7YJ74A(jL&a;ztJC(UFs z3J&L@IdBD|?Cf}SQ{+f#HJS@nn!iGk!)TRru=@7%5vA$;Q5MpZ%in_K+&+f)!EFWxBw8UFvb$G6u-AZ}{2gE((^QMDr?Yvash>iJf*I-N1*_wP z@0ZIZB<)e-7PWP@?X7E8Pg?o2zp=He6wfhgha5VFOB*{kG~cndx*{ll5-`dwmNT6v z&*V)#+Q-{{^-zzz^lMwkZ*A38+$oh8OyBrypLeLccfTY(vPxY<(>WcKBjYjEWcF)m zZ*RXzp+58bjIR1HtkzQ6nkz)5%S%$C>>Xh)c_r9w6;KuqtJ5D}K3@r`lB#?K)I-GL zf|5kroNCDaLU}H{tEptJQK(u&GSi^ykdP+zQ}8H4oiN?3M`@I%t0&@4lyLDr)dtmT z4LY`?f(xrW4aQ?mGpLBIcZJYcYx#9J*=RHZnf>BJ^_;2F5ldxvg<4$SAA`7PvONDI zJ;1{Vh0)zuM;M6k0QC`mtL=riNZDIUIEVbw3%+vPt>F>~cK2;zv+xmc`*}-KX77-4 zkea$qf#dWPcWP0{jLq_u;W@ck=eh!tjZN)!bc40zB~|(JIF(~k=hq`2UPKJZ$?zMP za~d{RuO^D5%+#wqhPvHIXN-sqbdCjwzVqvexqkU{tC0~?H&?17{C!u?R_|<}o)C{)@5ZwHP0@_??9v!! zq^tQN#e}jO4;GYPn!cpeT3s)U-A+69X=;aMqPYCHV{{jGJ3Yer3$P%#7cbk}9eY(4 zr%3-DZauH;)^mId9YQt5^^f}O<>)ElOBcLaLCGX?>vfl&h|DA7@8R^ukx-4hE+{!# zvbxaa07Iod(F={!gm-RR1vYGsm4b)|V%iuUtrG#k7^Zax6hz*9HpxegntYu}j9Zq|!NHBzp6j(x)Po zqoQSfWBAx={uy=*q?YP@k?T9xewP8A)Aij)T{d979ZXlWBc5Vwwh!+@B`C@lfG3QQ zJ>*I2a8R|0;o#9HVz&SnGzm3-{z*EwHZ7wL;7AK<4xF5}U~&B>uDO?}*M(;LF$r2m zxZH{JvCj#2&cE-F{^@|%950{U7iCgcey=I<>PJZ7rgzubu#geAAxxqP9bghK7ui1K z{r>Z9lw!m-j!HnO14#6E7{}^{@nn6B0mdTV4&i;HlHL#6NJqWtv#C6`oHe-HQI&mT%}Yz4r|rgsY@dJKhC#z#_VUWQ%D;>H5$wa7tp31PkxDdM3g=*u8>mGf;smsy!91_sYm)%$GyMP${70{RC z3N71C@VP9QGo5wLzKsxF#x_7MoC9zHQ3nz6e+rx`IRQN%9S0XRdFEx6XW&7`>N9 z4Uw3D`Wy~ubA2fkH-~Ts)%P%{F3DWvem3e4OwQie^@RES%a*8+Rzt(NA8Y-(xd9p$ z2|-cPNenMdx$8dwmQCuJ4V@l++=h&a?6wVTC_k01;4F&h3|XG-z%;IP4~E?C-;AW*=QzsNNI&?0 zsByF#8>sO=QNsTZDZZgA|HqKx30o~7sV4yDOa}_QO#7RlVXhrIyi+Z@at}(0Fda~F zXW-H{)GKuOAaw@;j4S97$kdh>3ae6pxf41k8R07?fMM!eV?Sbw0QY=+Y0;BW11&OV zfw{gQy#l+8U@jdp=(`ezCeM(p%?W3)H(sXV=^H@dU47jFMMiJ2feoBHfMZA%?tVA_ zA}^wQfbs})Hk2mMb|S6$p?{tULpI?NnDC(I>$&zQKt$xi1kQGth1&6@^v%*pxI??a z{SE}Y1t4vDb@})3zMoavfG~!ds8-e|raxe}T`}T!!d6{Fb}B@Pboc`$cp-S})Wk%# z_s3ngKwmXCmOOn4WwS@nv}*0-AYTf zz}o%+1`A&@Ye}Th2c-5MuolAmWC}3b(Vqhyf!I~BXl+-5HRTaD%wV9HR{ra!tqfA7 zW*CrLHvRt7Ds?pkq%_sOi9vTgYpF3fdFz2e0FAwaat(kz zsW6|UcC{SVw}gld9$UX)z|Pr?`u90cN2_Sx7gPQBIlpjoxv59~lYZlzT{unja1`Jp zh=(XPx({T;Fi#b`#(KbM=!xYn|20P~>D?58+eA#CoLB-%(9mAHCAi67N>YkE6y2~5 z*20CY1!UbzT&=`(*vW2Jq~(6hZ6Kc{_0Tj@c0BR8Q8sj zc3Jva)xm&}jh+-J=5b|QIiS0DbNU8gvzSGWQBx5)+!T|tV$4J0PhjGzELauoI`eQ6 zLcqlR?*URj-)SWR!x0?-CD?(u0{~q{GAO^7Pf`{IKw(?4i{oNGx@&R2`Duefta;!x zfNBWS%J2zyt?A9qfC2AT`T`Sda}hSK!TinY!W1ujZjMX&5DY0DS-TB$M;9Rc51;DE zxF+2N<5?zS?(E0}bu5^Ln?DpjtX`%Sq^$gee%`6HlLl|eCpxl{P@!YWB51kDA4YXr z<-VojXorH5f>qYfuUQRW5lEvep%|cBIg{I`vH;z#x%PR~2fB2Eux@~Rdo}=x=fuG@ z{CDj(uUzP#O?TOU($iy^f!W|BJt(r}Hp_AFhr2`|wBb?F`Bt?==27TNF#+h9u7&@s z7d7|I{8E^Pk>BtEs%ZCi9if_e>H6q!F{TjTbfCes=f`W73e!)K@b7fA4oLUW4Lt9z zzDxI2ANJAd{^j{~!};H^ay7A*LuTwntA*tqg!&4A=o@v7^^}^KXPYenoL{xDbQA$t zE1zh;j;}ns^XyzeSB)!lu;)+&qCyA94aiPE*mbyj(dx~r11Wj5V$Vf8LFLc!YwN)} zmL^OV*-ubGbjoZr$|Vhhbbj#1hqNAIKRUkHVRWDiG6vmV@d$Yub!%W76Tj&*gxO6C znJN8iXEqeMI-t5Rl$KCQDDa1B!rA30AGURvp`Eufv0N|(_+4|T9^@L<>@GwAIHgHV zU291$FDikqY?Eu~&ab-supdHd!j#hd?${YOybs}X+)N}tKYtpl%94V``$R7VC|=(Y8a{*iEIxVg z2uls)UFOG!(})wUFf-KwKCBal7MlR9{53~)E1ON^8OL0JcJ|;dhysKWr3p!~;r@X6 zZmky@+^z$5yXR^TkePIWH!*pB?Bf<&zx|!BK*SboSB1ut<9~b>-{ctqonr56#F{bo z6;O6)t9LxTrZhVLnB7l;_2fn$4#IU_eIuI3Lw0!s2=9FM8DCl$I(0&emkZVmLqJ#; z39?wrNBmFPbPnhIRj{MOc$a@~`wu8@_u%*-gXW;{iTg{ZWHInZq+POx5sa1xRli9| zPi}H=l4Qtlu$%1s$VE4fiZtOz>~9xuR=uM3#L%Q{Xuo5(0pRa4Q0dOn`iVbO$UaUU zafj)$Z5$!3_1{e6d+oHsC>xa~7%tz6?Rt3Gs;+fDN1~{Nr6@=>`cp9>Zyz(%7X8g; zVdA%P*YnzSx|@>ZwBI)FFfI=_z>CqW;2sJw_dwNT^UFO@g0XBnON|d9G{yFo-kfp`ic?bm?-aIr_XEhK49u;Z-irz#LuT${J!JK%Hw$*~du*b=-w{ z=M{U-2%!KWF4MA?<$- zq4ITJzc^n9`5V##FJ#S0K!uOmizaXiqJU(#JlT>MZaMCQpQo28oy!CBf&k{g)5Vv~LlXbLiYS^MJmJ zuyKa7zW}KJ@eExFO5ecLJ6zE%x|P8Xhp5AdtcM!+EKp(Ra^<$i<+7j3%d~mk`C}5W z3hBk6K6v{#Fy_1i*uiF%g{5+?!+>4VVSk~xh10d}B?!Q^S8bgpS@(Lh=}Z3dWKiAd z?0#eDe!_sYB!VT>+x^_K=V$_#J?J-?Bst*JbFKP%xgMQ{R?66$BC#rCSJEnBP#1ko`ecwk9YVDH8;9Y@EciyhNB zcR3RrSf+A;HHF%9R-v1sq8}R0m1=SA8buPh-E3iU_3=ut>A{KR@~RaoJmtGB?9uoci%A3ESE~}mAe!hmTzMuoF5XJnBLGGI>ieg?v{PO5ci__9I zxp-Qc3s|-kP-^z<4}XsL#{pG7rb%O~H=9dMv1TN$ty36qJ>b!=5Ju<#KwJ{NMS!aB z&B_4kDGj&CwYCZnfnd(;|0C|bikHD zZh-Q;bta1eb6-}GO!P(}F;93fg`Js8{d4fNHJ&w-$%ChdK<~38&!jKKf{v>RSMu6G|6PS zB9slwf}Gb!SYZULbivl4Tjy84KVskrSdFcTePtd|Yxt$|R+8qYD%ODAP%;rC{}i?R ze%(q@gBhpsXtD)nTJ}I7(+Q=mBR}1W{HX2_FD7J>UJH}u4Ps6_aFTz(8%s&f?brir zvHPSl!K^EoN-LZ^1ueM`6Mmh!f1_4<<%Wil%a=PlJ7A!f3W*;qB2Uof0T)4{nJ*M& zMMrP%IBiD~z}tqjg?8I?t;Beq<>TT@SD=IJM@^7LpZrc;Bc$z+JF07oT8+W!sB#pv zdSj&KkWfs_nM1K&3t$Jaz+x;GsEAC*m#81|NfbBO8`{X;uu7=YT6ag40bY@(fE6!Y zd4McEltQMG{%xo6JD%kmG=5m4DlXJ~O0Rr6T%?j-@duRQ#;#mwj9{K|sse|nXF%Xx zKO@xa{f3?*Yp4mnI@jo?aq$vK0q85;)bn>9TSRmmhFo24yUut|(HMNwu~*}b$xy80 zS=blW+Rd!ibirDu0y(^ph6qiYcp&-YzW~|AV}dNzq7B;`<3+I6Snm?%{KIbN0chn591wobF*_F;X zRrWbmJD%^kFq*BPrt$Gr9khcoOxicXuu0Oi_K7))O`t)J3!u{r612@#gDRegT8CE~ z&ki^9vEZU)HxYEUf)CVe*MR0JZX#0s;{y#*@2ipJxU>$tui9@*j^`bNp=?;#+g1Fo zNYVo41L@ypz@+T?vulB!!Qm8t;5)!F0Zw)4Mq0?3TGR9|EhwL$<;llp zaq#`i0Ityd_b)(m>5%^K0KFCVyC!cls7RW#Aa)gbq|kgC01+h&%Yi1xlE$)ML|@Mn zAL9QL#;pD+z!UC|UmMrMSob8{7TI=_DJtWDHo{kwa#Q4>8{hS!0zTwPjOOLs{b%`~ z|NOw3|4&m7ffryv)<-d`9~3dc+bv4kvs)4ux9sl!MTWtZ3)6vJA^*ut(2F3vTKWqg zZe})C=j(j8nbT>-*IZG(af}3XA0R`oC*X|39^e=-#b(pLZ8300^9 zc)l++gQPFb=7LwQlBm*qQlt`mFcBm5j-y$jc>O!~JtIs0~;mbu!Caqp|*jTwuxFF2- zyQ=z6Mrr-qljMO8I2qfJ^D;(5&(el!0-@Hl(kp7KOjz3q*bz3G+6`lzwDatqp&`HN z*X=JMdt|M)N%4uM)&sEH?ty_y^T7uhZhUN6Xe1ayP4EFgrwgYv43Yn@qu&m|5I!k; zgwnO?YYI1}229Z$yniLQfzp{c_a6wIo)~*1)_di?^{eFtluBD{wa#s~uVB+oV@6Fo zZZjn-?M|IG+T$bRB`d{6Q?(MaC21u&5XEhOwN3OD_`{8E3U@-F=b=yq(!*%HxovN8 z4zyrv!H`(FV~4R(d+~*sdMwxhBe0a9s1Ewq%Kg}F(NvrHsqY29GHW|5wV@dODq^Yvu*oV3KVEBlEogVXv*|8kP0Go|<G_t7mRp4j9hRa{65iO`e__1!6UybZJSMIP z6*9DX`~Du9#W_+ioQPt0xhGMq4y~TU>M4iH#JW#fs{Mcrgmnc3>vt|DPFP)41xCwR zwT;uG=v{kZ#^D`)N(Rh8DMmW7S&?IK>=AEx)0fUpuAsu=&jKFlfgUT@uTQ)T(K#f+ z;|qPT)ZnO@&wlh+HiV%J`K&*a^qZxgjQg`%!X%_9>%w}4gF?%d{gtyQ2q#p*V#qf; zY~0#wck6&=VOvhyWeUss=XaJMyq6ARNo$V@xuik17Oe~GZMfZ9#_l@;jFO=I=wvTuRpD>R*b9}Uvb&psg9+jT+H znEv|kP+a%7_L2^dm19yDreQw(Ar8!XJ`nj!)Ut)Y5t^!mEgC&z{EszU&~q7}{7qbU z9M~vn6(f34xCMG`SH&eX?PmroCgF5jZ=vhjd) z*`sYNf~BatX)gBQ0oiadTL{WP)*|@4mY_>(w{yYU$NIm&?#%ww83g03_-1~fAYRzg z%=7zJP0zfw&={AwAghw0ZxLg@jjE<^9%)EF6WK!eN`{L1&g_N>7hLqFsAsZZ@auhR z2F+m*zT-s0sof;9n!h=t^gW%PKlJJ|oxs=ahmQYJJSQK3?!C z-)U_4+x6?dj9(7g^)AhILXWS-&VF~G8mAvF-`gR*ZIU!IHuA}{aXW~U&nsvM_8BBr zz&vyTujI>jZIu+#*I%pntOo;j=hQ1Ozotm^JkD&-ZvX2`Dt_`K)J8|NCKvq3|FL*3 zR#_-z=NTE}A#I*OcKaWQLVo{+4D*J)jm(eH=;HCB6)BRy-!~y0n7B6R$}P_f#!8{$ zl;PtAm|UwuC0#Ef@pTbgFqoB9sz~?jjzwrf>Ffk@a2#o=$#)+4)+0EdX`Pe)w8*vH zb9u>KR zp-YE3I4zIC4exjPI|AOAiR7@sHc_sY=kgSD50*=ospftZjCUkJQoSQt!BXzD_{4F< zWCb6)USA!10z;lqS7eLk^|5}^aBOMEwpAaPi@i7N$KE3*pPpKO*S8}YVVPHf47&PG zOt~j7*wt^+N9nnV=6g<9@$O?(Ae3+c_a--2X-kaDka5Usd3h+f2k?Ae3ACBH?rINQ`vx@U{;jP>^7ALYvjK`oozMti~Y6=uLlNQ$KmM(d1jF%}3Gd z8w8<3m>b0C-g9kEaxQOMd(Og;s>+H!YQ|gfm^zT#2Gh4J1@d4LQirP7wkeZj1m3lx zDrEeCsnidVmpf6mBvDotk{=*dYoIDM^SBeQeO1UhI;AE%?e#Y%iKPb~Sp&h^sk2@l z;)_uUn4)h4!=4@Z*n4Knu<<&k`L;gZqTmQ;TSiWc{^iaNz&uDunS*C zlBMA^lJ>6EFH~(qnmmVV^dWMW?xACUr*mGluj%zwQ&ez~92*sR_A)RBNW*trQ~FUi&`styo#J});Jhzo{K6n@Eq1Ce&4b5b#=23 zzzLY&@5?toR7X%WIh^G5{)=~n(>2?Rg7edjss-aKRuR@#FM}>*pfv^7ZBAY36)oR* z_@rHRu*F0u3P11k1XYBBlDUWk$v5qnPeGKNdGq1%{&S;C_I;z!+L$g!ef0g(wx3=w ziDLO$hj|N%lPE>H)gH}Rv?*xUvWjM%wI6^mlA6q_imj~3Ep}UMk$MOV6n=UKDgn>( zug>bc*!1LyDHa>CQh}OZG#+~u+TcCho&V)j$!wcniPFZ}5MNJu^_Cn>?bJ@wE9#Oi zfyPJI2g4cL`yWUy=M@1MZM^4TV%f){?xg8Zn5WxQdt`3bz5iycDD)9aZN}8 zK|4DIF?Risq}p9MZ?@Q6WkvWa6$5k?`;m=d!G;epF!a}MDy1RaHjnMNrDE1e^EsPt zi&js5&5ZXoxm(gQ{kQEp^nMwJ9yv{)Iq|y2^5%S-xyNr#=C=L`Zy%}M0knUh&Fa+l zY}P!^;1H+uFOeMt-0FB%hR=lP`vX`COHbekwj-fb12t8JZzV3$JZl>|JvR2}P3D!A z&D0miAyWYv_6qv2-(Q-}b=!<>dr(f!jWX6f{4T%JJai+7scX;SmgaZry?Q3+m6v;A z_!{UZ6_Vf*iJ`sv?CNON{L!5#S}P~>B%x7>w-(I+b!vu@qe76NfPtz`VozXwPUQ6- z7g1;-(02a$`H0+y*NF5qk%r7*syMl>A%j3e+D(;*=)1Sq%-oc-6{+9To!zQcjf$aM zuix|G5`%rk9iPln^DeK>QFA@~O$4}_CIAh(Ufa8Zc8}596swDG_k&ovtqtc~N0L+D zS-0g$kKgYu=o-^^x-X7(_x2;}C-JRU$d~nPe=<_)RR$Z?o zRlM|dXGwg~R+2#Z6+hV(+MmF?Fdw@i%07ncDT49WUDP!gV(;!p&Xxp0(4(t4)u5q5 zPW}-XJ|2r#796facZ79`+njY)7~E-js+<{(R~5a{s4@~6lZFE4sm0%zpaVT(4081a z%c#Z$Eco;#qc%bI{boC$bQ^PGsYvZ(Pa{)MY^VOukdih~t6FpdHk4^AmW+C%w5=kv1ry2WQIwype*GoNS>nCoh^ zj-C4A&EBCR)@udz84vgp`;j#N+v*a+F$g*NNcCD+Nq&fg*?(wZz!((CAq{waWGq)D zs&U~F`_kYECos1`%@Ew>VYP>H{b2UpeIq+ejv!Hs&Zc^@+>4> zXS4joI^yfO#gqf8)g-m*C{Xwh)&V8Q6+k)@SLt3Kb|n2$3+hI|}z=I@w+ z3_gzjnvbIZNo$bHb8?@_4RV(L`)y`4^uezXqmpWMaDR20d1huQ+!y zOvum+5;G6qU&|jwo+uMGVRy44>eyN8f?}P#uOA_weGxL%G5VguNOY5<)*ap^or73? zAJ~!VC?2W#8y0+n8`PL=*_zt&?A?mt`01|x_~E4qcBA|JTi!B>61Lv2dcM<3S5)Tw zc{=$sc15m58XgN3U1c+RXXs>P@G>$^G&gx4{9#xXU;~@6`T;`Pu2|kJCNb zg~KkBJi^WD-wRLA+(^t{&^1khTu2LAK6-+v)z9sH)_!bVq@bVYNXjxR6YZlL=FN#& z?%nxWQ1P7myS8GuIVqDBW`^c0b*3LcOPeVOiTbt)wz@2IjfF2F7g|b++PA~bPS+iS zFN(J+&zg)i(=+gB1-yLQl&|2qiJ(PJms0y{)3adjXQyE;CWqrBk*t8uu(E)wo)Y|c zlAJQB_OXUy_3C0&f=;Ppj3EKGzs}Ivbzl5s-)f0%Elq{%eR1t%hJ$?esLhNVm`UL| z5$**0NDcCEkxgQR$}j$YML~+uW-`Is>&c--`kGDJ)UNAN-tOpN@x1xsvDEB!ABvIgCC-sZl!9VplZg z2bYqkjbE4vUbyg>Q$+&)Mo@=vdN`uA->#y(=hR-cEDoi6gCap_b!`U?k5=Raku38q z6MFc@d9~<3Y8uy}V)4fNPg~K_(?Z<4MBxGYhAZfK0G6G0-Gdj=B_v67#9FR)&4i=R zc=3I9wan|8MSy%xc7DlK$&Ih-VJs{B4Pz>P-;9dEl{`a3TdwU0;Kv=pPkF*$S(B|o z+)pNx9KONJQ&&k!R^*@`IVAtd60N4!BV1|@n~q2NhG$)QwB{Z720h(i|K{6z`DwM&&%bBGVLWN2uZERf?qoed&x3u@@LF*O zxP+Q2kmC%Ca}hWC%op;!9;VdXB1CUIIQ5dAvjt~NF0R)C^!i+RVNQyHr|zWNj!>2# zZEf23hu$W%ojnOYfUQgoOuMtVOH2o^Y_8Mw`+Da3jixEvmPlZp< zCk`Ok`){zt^%h%!WDtm;z+wMQ{2+>Zf%&f>#qim{UMetF4U}?rcb)z=3=nE(k z=8U*><^F*jMcU9Ctpz=Y19ovY@ABq=YYlS=CX1gFP%lE%0E@Nhe$E>mu24@y%o5=_ zQr>?1H@1PAZ2I75*Cb~-ZG@~{Bp7uCO~f~u01&1RVptvR?quNQMNB0h=6D}ImQ4>l zb&s0na{H@Gau9NGbA?)q#>D2NMkxx0CMRD9L{s4TmCQ^Ky?s(6_Gx+97DmJkb&tC{ zGlZhHz06Xh5(dXu{YN=+KopZ?l$o`UPsl5+iJl>1phZzci_(Y|nXgJ>v{+9DwCGn* z1axKa80VPRbGBE(<#xLmyjFp;&K%KS&5?G?tr-0gg>hr_M~ahA7M|EG`|&q@rteZ8 z`^tyq6t|gX{$rVC1-;!ezBU1#J-|vpAps*cJGR(h^R`mDdC7sh=6|2l#_USDX4^&%Hb9+!7Bt6(VinI znwi|zP{N?8hzR4uvY1Io7kGUc?OcmT-x)bvjNCQ<$`T(%+!Q7y)1my5MB$7n@3zFN zNdDlXxk2t&9;!P$7&}tVM454Lmj82px~VKPdMFW&b!%SF@ZIVv5(c{>_0MnWv)+<5 z4IxSR@lxDwN%DAGNt~<80pk1wTU=oF5fO(BX2PB=n)yTCtq4-kL5QCAoG&=k_>gQM ztjDB|lOU$MT3AVFu z)!r@0NPwaVu@t=`S3zdmj^Uh6n+PhHU;k{h`ZU?J9LEaHZd~AmfNY6SlF{##WBf<& zmKtU0Mh;bwbtupRhW7a06s1!)ci=UwzMhTi+rak8-Kh=!G|CvKU z%&w~9(cAbmKug9%rP91r;QXg8^uZrHQ){Qief0E+i5z3eVxqUn)A7hg?tgw?6j3)^ zFmh|2&FIJKjxuCbe6+7mtOuO1EHRo9p~p38m(E-$swm+taxPL2df4>9ouX+TC~Rb| z-spM^jask5Gn*)5n!%S~-~?Z~oo&AtCr_2(OZ@&chRHOXd>UeQ{(0}MCc&d4KRerK zh|ydXI#pe!^6i;QKcEKbU0aYFdZ{5kW8&7G;vYugehI?w)N&rkkjD$(YRVoSl*D zFYkrRE4;OdXYCfNvTy3n34}k9Xx;r?m~vfBA5F;aRQ2bK~waTjPae z9_98vr+ECVmabcE5d-fgI6_CP*2c(hoe*S%;2#*S>SXy~x9o?@u}~P(09|{XX(&Gf zN+4WM*NwT1);uZ_WKN`yX30TZHv(`z%kG8tbbR|Qei&y>fj$oa9{#BIdMr5>2eL*9 zHg@2(USAo&6QcrRhf*Ta7f>2{gQGL|48kQ(j;Hv!(TRF-^gpZQN=)XfRqEImf1-4G zRXJfuk52?EIMF}Z9hpTvAR&q>^v4%rH+{RuIql@To}ekWoE3v_sHp)PL~oAK4BBxq z{j$7hbw8R)-&$-9bzS>GFhh)dAzzmnTVsC(;4{D^kg}?p;#)871<_uF)eQ{cH^7it zY=~14ZQo0w^aF&ETl-T#OoqKCX$rgYAgTo;8|;YyyE;$?qz9}PHvpqa9Y{v^gkA~y zyfx8GN=ILk^Sd21p)60cC4-dl0WXa<$G%3O3{A5R&PpkE)9!AA}eeNx)$u>aNNGM{M(D8>cxX*gxyfiZnj zsISi)T3rT*XY`JvGn*OIOcN!GT~GXV0i>&S#AbO1XVy-~u3>iIvupK38T4!FbZWhc zM-mrAl!*wHmn=Fp5{QX4PaW1_LS9q@An_&hp>3&mOOa^_QH>BJf3i$!!gE}+A@27A zCgJagy@1k4M_U(_pF*dA&FvWbv@f;wZ%1l?fG;@P@;B(10yl_HWr(6nJ(k0}@l_l# zHx?ox=DvUQpqBb3BAH+uS{?sgDqq7WUe;8^L~RP@Tgc%y$043K7nD zCottKZIe5Kyct(?@zH~14hMk?UWaKk9S36I-kcHvKVp37DK5O{S^<~fEzh}^?`|Q? zZrLAQOL?|6X9HJpsJVl=H^43@xz2m&9ii}IA9x(5{))E7+ZN5cIL^R}lcdXC+g^I& z8n~W>AmxJBh8JrqU)Upfo@l)K*_F;+aE!&i=-MWm500Ve%ylLLJH}=d?3h3QfUb`; zPv`jydyz@E9gg8*;#Xn4=ULjX*fy3$i6d9srEroNk-Z+^s?acQpqc(>aq^G0VRVcS zvOF%)Wg&n0&sWRnLB(~Y*B|=ppNOk~j*`0i;xOW>)55!5HKGaC#2Ylw${H{ck-UF~ z0sR)8n(3AV%TD6_9Y2dlYip9w&7&pZV99-!Yl;**COQ>4isF+Cn4`FQa%nV)j_o$B zwpj#P13J(_JWXSn$~au0G1CES)YpM`@>0$;F6z~C_bYR@C zZyFsoT$+qh24o;jz!-AA)}9C91aNHzUX6&rKk*7g7puG9b$oRKSb~kHs4ySkPOMsZ0;+nqr9`qCg(2O5JGa^m0_B|rp0C?UPmxY=(|MgEWZUMj*+V@-?{Z?Is z=R!+Fl!k^rF#dvJvbQcd4~Ons7lZ(^EUxIboL=^+`Jvj6Sw)72c&o{uj*&Uy&99iUe; zt&(uk($fVR8}?6mijE zi3D>4AhYAW6|?x zfcAW-l5J)VMte@%m{DM`Ebl9!sNa39RMr_sT6GC;tDM=?& zo^5SGQMo?=_$(D^h#@tR2Z-GM{7ga=u+mafR?4ZZJRCtxrz4S5{sma+?Y4VcXcc=x zsBj20j4wdwDe872*L59f_}3&%n*(7@nNnY0-@uQ6zvyfhF1hv%K8T@Y!Jt47vPaq;#WE_X)FvU`cvbCDae$?WyzE|qdkv^pv(Ocet2hG zPe}J`7kY%UEKpQg-;EAzd_a>t2epEN$5cDlRB?oH#=#Q=Wb>_)lOQFW=Jm{q9V2ur zq8aP9ud^DWzy%q8p|eyfc%ofQ*{q1-gMs1?c(Xug85nZNVAT)r0T==D{7p@!(zlXO z^DR}A(-+nPLaS#By25)Eq_=2c5Lnu&*1KS9ald&xO=xnquLhWa%? zbaee-_z!TCRa?VCvJv$~vjB%4EkDV3Vjmd!;@7Vq%mWVn2RyoS0f_mICX1sG)myT7 z;XAv?x1kv1`bSF@iJ9I#iu7WiYIR!3f9TMJxy>WLL5)f?;Qp6MOuQ$N52d8+VYaiRy ziM*Z!ZV6()%nBA-sUoP1hm)Oaar4zzD(rb>(VR#pQ*mR+(d$F`=Ye0p^6L5(6`D6b zlqbS-(ZQHmXbcOII}tbKIz3K4X9`Rs{-C({6Av&c{{J15o|ljAy;RvHZ(2+Z@T0ND#%LRQHBS^UW3f=<*DoM+s9HNA=L061 z*()sN!v)6ksUv3LIxe6;s;JYcKxP`e0HvZhKem?aSQVn1cQQI%JTx9q*I(-0Lbc&p zJg=J(zd|jmHoUyZw9_FEpfde>pR1<~C z5rD847}J?S*Vp3rnuw6{iVE+Rpz@^$ets`WC>SWMdz~q&G^(UqaST|i+LAJ8q)Ql{p0h#0NX|)snARZa-eQ#PF|2mtP_kiH= zDl+@v`X@xzU7=8jBQdP}YP*a(Gws!)5`vS(7&2EeVn$OQUdB zCbK3)mdF)VNcD1o1O@kk@vB(pBp1CIut)W3H9XG>B8N551q%_b!IYT%fLa#3i%Udv z@SQ^6hIcU%0DGMHTqOhq#yrmjQM=0$fYMTa5c(tXjMl(j9vh}=229Lvw(qpyKr zDP!Jo0A7L*0y~b^FSdC76!@;1GvT=x*OWbNc=94`;tG6p6|2N#BJim1*U62kQQU(=P>txj$L4`-`we&^qg06= zyi~~|Yj(xV`!>?s>%^~Shh(!9J{*fu=z>|Ho9=SPkC>R-Qlu@vBMfY(bxk1*CkYE! z?qKxtoEs2)JceBD8E{#KC1zc*`0(oOVO?<*$mX&;+(}nQhqi7Y)o!4_)-_8EZx52> ztG{0`y&Omq#=dBJ5;`^fnh^(i^mt)!8)!|PPQO9SfJ$9-pl7|_(zt)GXwg4i^6Zpto z{+UHIgU7*9-Em+9SwZ+XkeYFqTQ<5Xczfb1rr?hxcew9gu6H}_qHKPBn+2*YO`m*27zbU?9Sha$i;07+_OqaA_Q*q6&H zk@W*L`eU)IKLX|tC4jg#AWj6#Io{?bz51jL%dW4HV;KWDMQwdCjtKT3k``JbBQ%;% z0Oq6&Q{q^`@k7!Ai6wEcR>Z$%93ng;yQWWdr~Nd-oHk%CM=ounS^xNaw8f>$8;neH z>n;ly>+YJr`7_tydD&}LD^Car<*oJO zD913wyIwprM<32I^U!1?S5qp1T)cF$lNwP2B?KFpV{_bs&Hx~NV`6LMz)$yjYqbxc z9G?Qxw)0u*1P%fl4A<;LP+N%*@*YXlNBmRo0J?0unP!=ue; z?4oMFV1Kb5Tx?PW8gaMixbPB0{;6$owE&`MJD`y-UdL~d?HyMl#e^Z{S>TKpsn#1j zEqt^y0m_nJlF@uqYJT^~@3Kqpn&P=$k%iIKI@uA(Z3|E;NF66)|jn<{nLp0D~>Vk{|D$|)m+`d<9a1cd-) zRO%>a{1V0!ry$y<^M8r98HD2AK024ptO8p64!5@pzGGuFbTci87>;C7ETPN^ysmI; zlau~6z~fu$hg)$2#wt3v3X^>N{zI zpSa%!DeXQzg52O$C=y)3InYR(Xwim$X_5zJTCF%@nhVObyUIm(0EEgvT0M9rBA}Qp z7(xGc6eCP@sj|K3Hn*u*2KGw`IY7$;K$od3eJ_GA@P&a$0X;JUPKaiSP-~wk93=WI z87g9kaG;cgK`GG^2;?AAR;@|3>mX8Qy*F)Izc(CD&arBvmzJ-&K+&60`1E$LdHkNp zf-3anOAr?^?Z@>U5kYx|LhnhS%3qCQ4s!MbbUV=P;IzTp|$!?eu zeILANIvYiiyZFgs2O5lY|GVgt2?A_)d^3}5;JW|4_T(}^V(JmYXI$8mrQs-#;GFX+ zfJ6)bB)u6KJkikR=PKBTvw$aV{a2p&M?SCunkn)NtutEppH{J0Y6fh;oKjMRSQn&v zQ|_C*4hu(6>Pf=Et_`MOvww;f#Wa2(anmkRV(7;PDPyagbr;~R4kA2JBz$3m(})iv zzRk5LtmXHtGCe&#%izt;WvjLe8~Bbx&;WqAh00u>k_@R?zXN<^TePteXO$@UaFE=y=WiQSymd4~bK$?2bFEP%vQ0^sqv zlR5suK1iEKTgjBDOiDrR^;smXLJ+_J^7%B#us7`;htU7{o(5qZStJ>P>=i_}oHS~9 z1y7q0_=9-JL7a;r*SdPA11=Xt<&D9X#64q^4LM6a&HHO@n5CE?em5xxE3k}Iu#p3ng9 z&&yrB+cp{p{W!l%#f5xpnt^LvGd)~DL^FA!jtRkSjr?OlhSk<%X@P%(a`+qtiMaxC)IT6F(47Z|e6Z9Eg`au%fU|GJ;TUrk zIpqHs|NM(-)r3H*)KkXS^_z8#VYPUxZz9YBc3U6%5e!a97=N6w&=sFLBNr7_IJSvx5V zshZp9H~*Jjaphuz3`W_1GBB%OLe$lyiNBb^7y}scwXY-Jh#}+##G{A*Z`}ay|Je<& z;N{@gOeW~B8I~>aYs`H4u$tvxccF=Y2^^Nq;uHzy7}yt0xk%*C@<0TaGde^ASUKSz zGgGBTpaV`2qnG?QR)g9J0O4i-{5m6{3VAHuw90)=n!sNuGy-BOIv?UtD66x;3Fok% z&`yX38~u$;GZ%c5P7%aIoq-uS!5PKC$Pse?WHSEZWPCSBsr!;&WdqCD*i-(>ji`x% zY#J8*x`2|Xu4M7HGmNH1qk6!{*Co=DQM_w{s6`Ua@x2HZ&%~xSNdf~91r-It!+&Ea zLlWZcqXEXT^16PQiP`Y$*R`WeshA#HQ!3|?;HcV`K!wx{{?th~h@Si(5^)CH0KY4& z?6QG>PvNVn!@Cm2GZs)-&K1JmGi)A3QM!18D^8r2O~6$NL!~1q^Wg;{G)yQufXr6X8_@_gtR_MNohIvGYMeO4kND$K;rF7WqU4B;#? zMH0U>Tts*<17q28N0mi3ivNt&jr_90k$iod;@e6NlItlc6IwmEJ6;5Kc*9=3dKpb?4IB}*pVK;ggQTsu3HH5eF zTWKSIz6XbM1(1#~=^tB*sW;CS#vj4?8A?F@0+w8AJSqR1zZ$dy&c7m;D2KifaQ193 z%NAl2a915}(}XJEiR{hLJ^y6R2tVMJ1y`qdF)XO!Bh5cmYHc{1h76E7%uXsB*vxJy z`Bzv?jSgtW=g{^JOuZ~YVZ%a#xwbkOR>@!EhtKJQ?*V=)8G;?;FKQuwL8l5H_%*}l z^6>TeN1#$));D2Vehooe_H*zbRqVcOt!9%jAP4dh%J00MruOy@QN6+B9!Gy`*T*9)Bf`W{)68pvb!TL(puHHww5 zt={1sIKnoN3c+lrcTh8iawNvc)t?$PU&MpeN|@|80&lVaJELitW)tM5#;b8uKHR_y zFopukCbpc@fLpFf3L3_{;9}q}Dy7%Mys~2lG&A;Ej(|Wx<-+?rQXX!&(qlOgDp!01 zFJJ)*QxKP?dM&BQ?pZ3=dC&>blaAXNOc*IbLd&7-n>_Ir-p_7F)%2JljDa5mqU~VE zZQ5{ls0{vM!Kz>@Xw4DP=YC9%*bWUat}VS_$SEvNn%;@K5hc z$##exA|f#|ns$ObK0ym)OE#lPB!3vhqAIs2UxkmT9ReO)t43Of9p!oa#VgT;FMIRq zjE20`NY~#6>gyDoCA-bL9K9A*$L6BySYzZ1OJs?+KrpHyDY_N2)s;bH_5EwRepZ^*22})B;W;3 za;fjQXuvrB2b*Z4nFA>)rCGlW2IlSI$z_5ge_@S4fN-7|gg+4g2(+M9Aud{d7BX1D z7I`90p&*_Gv&T@ZdIs|H!(!iDb#4GJe0}hc0r{yPffvF~sCNE^5}HA8&sRp$bR)Uj z;8}jJ*|5L^A%lWnKZpN-esSSwcir+MiqZU$R84B9ZtL7fb1$T8oTE~u{c~hFh?|a9 z$UGz-)*Eli-NWkFarQWvmwWtuMCoP0=zA|{hO84_5Yp$J%p8;7gMMGDMZj+bI^ItC z2rKDELKmPTCmQ1X(yOV>Zs(gD zLd-`nC$=dW%Xv|L^q9{U?uCJRIe81w)bziG@l;4`NV zfCcROOQiTY0AoE=Dg(f{NqO7kFA2pVc%D!mpxx(RQC{8v(*V6X7$o>gAci(yp+=1n zIh55MEdF(Q_oKvZ7G;Z9e|_9M7b$`4q(WpS4NnYScQ|t4 zLV3)&2ydtfII3*D$QuL}*qWMujA{b91I+EVfqb?U{E&|_y|gIP`#u-z5nAIm1te3p z&sL3R*_WSv(^*BGi!w3ryRsCani+NPV(f*J1;Q4_4sPqpZjaIN3md%vJ<}*@QFcW9{;8Z8>{1hutDX0cKVs+dsUA&5xp#p9-3-bDW@9#HB4Z}<1R zL@wgRy`Fh`eSLAw#9_oDM zWGW2`N^J(XWZU%5^a*mPh`L}v<9JCBB!_{HHRjbVLnYsl?f=p;&;lkAKd7*qL*yvP zyHzC3FbGbea_>_`E6ddGYA=6$Y}*Och$@vyi86WSi0Zk?xzq*_lMbsjg1916X0THe zNnivf6)KnELrkg;Oq$43?Jx@1Z#GxIq~-V!{0Z-`Ax&`Ms@tt(qu+<$!;di9Q4 zKqDsG$qc8SEG+jf6IsS0WJf9-k3da|Y+%7ye$rHRK4qT!cBmJ8Wps};?YWA6mRbFA zvnx>AK%uII2_1m`67(INhkTgjW1KowfJi~Us#q0gO>s3h1QBy+8++P`6Lmlvv@7(E zk3i+9<{T$}C5|3S;aD&kzg{d7EkQ^u66lT}`EleYFRqCE{mxEm>Csmm$NaK2(!`63 zEgWM{8^)!99+xYfw??GlCGh$86)fR{Uj#-N)7HG2hjTGIG|MEcLasv9+S{`x7fDPO zpIBtph$>zEUaJDz8P2%Q4}>&A@$RV;lRunGBqY3DVS;W0jM;wF1JjQmPG5qy8b#>I zQqd}Mbwr&{CmOtLoV4gl+B@_HHl4iM+Z`7%X7=+sZbj9Akx==%(<-nB=7ykEAPvwJ zedfrrbJ2*dIW)PbMA+n;Yh{|KEWpMNp$5_5Y&L(oluO?+k~`ynXpAQjtb#Kq6bcle zrp@;TnFul=f}m!ZSF%uC<18VuP#{D=I~XMU*GK+0O?Jfld$yza;nMI)^LtG&*BzqQn9AFB!v9M>nR=uZJs`i@~jOD79933w_*(v_B zbaUfw=%UC0EZ&Rq)}J1S%`%nl4A0)%x-E7NEiaC%is^VPy=e8A(qB0&pVx0Hy)^Wq z)S_ox>0t2@n67TsU|CKr!Ov>{o>rLc)+M&3!RB#afg8Ii$nKo!%YcrJ*iTR0T^T;k zFO7Rd^<>v83|Z>0EcjaI55A>nv?&0h!ZQe>L6U{qbO{Sz^21Qe)gCxZ(x7dA) zX|>cC35igJ>1hEDYc}mqd;s!%YWL9SU-XSwU;w(NlZh6(%aB?7J|xPJ_7vaSK{L4+ z&$<_VYw-uh+ocYKN-`xjnCYw;J${c%sR0Jml8hcQvrF+mqJ zw}A4%d-1t0H|LgVGUf7xR(pjWxDUZNWhKiC zX|*O{z8n^#Q?O#?q(;dOo1-J6nVEJUNWMo&*Zbxv+>5H1{4Tw;A6!|Zug-BdMh)8? zt5w~9_l-LGDcz=b?lOeVO^!#wF*BJR)GGeo5SzbK7nh2Xd*scb;so6!5A!%m?_m-1EKqccgQz?1FQT z{Rvm&v5tFD(!cBE+DEiVxDB1Y$L~xDUK}qFpg1f_${pi3VMhqnJj5pWYPxb?Cdbzv zLqpANS|v8R;;_Lf?&DolDoQ2s`zIZtjxRNDPtuO`(dIn$8x9c;^q(F5>t14(?cf-^Q zYlwPS%W7g7g?z~9U_BQTb$SeZO;QN?@`gf={>;dAn(sK3!JPXEc(T3=rmgF`vYM4^IrJ(Y_^NV(B2Hhz&`AoXKMQj46b za#W8@yywrl($2mTs>#kSY{zDYXYllmzSIM2N{$_h&>flo{xpK_{aq;qnu)KyEAA~{ zq=)(gGc~I`e#fw@Xy$5^d@D5~cE2o|ohxef!6f*jsbKZyK(zeS$3U&1TG`sR%d6C= z;CTzDn!q|O;xFAOX3ab*)j?3q>X(%IB&@j34*gK=R89{30@@vOG3#SFTNOS-_$tkD7LXTbDm%S=~S#jZ> zPk4HpJm~Y6mKrOZs@>0aypC6JSN5@+nG>E~-E(c6OTSl^Z5t??aDkCaMH7;bYYUTg zrNN3t?s)G0XwR&z##m|K;3;T@@~OE`MtMG(e7xF8DvO2Zx!(>BLHW{<4pzF?c=}=A zda%Qx$L!<5qgM8de78I`KUNE#>QID8|Jz5+teuH-{IY>U*X5;{Ev7ZDWemrpdSDb~ zV24Y=1=7y`np^qxz{(`~WTs5)=tCx-^;&?(B-^Nu4My|-WXP15`@i0A%rLHw{VZ?CX%g-mwohNT zAg8aiKk8t~F}LZ*=Q6Hl+;IBPcJitLYz+Tx#PHr%(EQ`Kwn9*x`zV~sDK$LurW>+A znZ9`7_PZ}(;+bW--$gyBEv7i8peP(1dS^nvWG1EQhumF>t;$Zrt&E|*YDTxY4DWH6 z5=&0W8)SHl8_o?an3^j!?=<^faKeS7II?7%_S<5)SV>rO>HUL+uec0|2c@RkKgHh3 z?FqlU;|dQ%lN;NDm;se4I!1JuGiX*5KEmyc4Ui_{)7XQ(>l8!x)**VmIN@63|`Rdenm9pjt#WLp$oy=rbqD>ZVb z9)|UBihMm`_9MQ+wTcloIhqSKF5gu~#r4OZM6Dbvf_*mapCUE~?t6OevS{D{^~!gT z4%smWugXw*{+j_6ELW8mmgIN7gke0QovK$24!z|S;xkHW&zU?`gb8sLtF6t>Pq`oA0%1D??xqnGp`q)j7ZTl=L&xt;Ll1mA-;r z71d)C#}}%DG)^zf2;u^TC?>^LX7n=`Xrl<(1uU>+1^T1sYAhOHbX{i2P^*rcqbmxy zSUnFcU1fi-iOlMdxOm}Q7)ZCnZOGZ+kZhPxjMHr$!wYqxMMr}{i_Nlr-z_BJ2yaa* zqy2VcU?3!uiH+KfBJ&1qsMXxy;&<2oRd88tcJ5_qKc1SJd0$;NzU#N2K(;p7}yfh zm4U~8C+?0nsk$GE7!nE&X-z&^9rFKh_TEuVZo#{-QWQZ2q>BQI0s<0>(n}Ntm8#fK zAV>))O?n4oL+Ogrn*|VQQbc+Y3BA`K5Tzr{&^zC}!E-$KuJ8WVy7!;6)C0-;?mc_< z%rnnCgVG9;pS`eHy7F>2A8*kz4C~M$Xi{xWmu_uNj>06rvu<0v6@wcl!%>XB&$Lz6 z3t<{V+es;+JgHC~#Fqs}einx7+w~PVhG6UO?N?X%bRUM1XpU~qhFQHiZzzt9uBQxd zK>2c1T~EFFVwR)&sCKs9aP52o%JT#w{yF||uBmCY9}aW#59iGdVz%P>GNXdwyul!? z-G?2tS*LrUr`k9E-c1aslHDC$nbUc!;=PfANw{I)dVJ%%b4iGG-p{9&PEGHE6lD*u zm(wT4tuI$GNmw_u6Ch@ZSv?`AGIH_Z{Y{>x1x`#<>k3zhQjIeo&6$hSX#A zSr+U)_dyk>@19GRBN|8-&OvHcrPZ-io|ttAdDxUzlC=_)w#Kyxl+=m0VH|2|j`has ziEM2rrf`4s1`InO)GKEKYlKsr$hwoFujIBYz z!w`OC7eIo+X}VPmLFqh9zqwP(2Um%c4!yA%aif2U4;!L*gzNFAtxa78e^KK?TupdQ ze#hRX%Sp2wQ9%mRc{ww3M_R&9+OJ=@D+?kBU2+~L;Q-Q=Q$0z z-!wK`JDzOKCO*~9kPy4VM(1En^^OQ zVk6~a1bO+l$J2oyu|rgdv(&V~c|&$G?DjO1b4?%*O_)$GcRd}1XiMkJF%SAW>3^Y7 zhi2ySAAr<#!!=aF`la*^-8mQWI5EeCUmZ+^P2Q4|i`{?dP}&~2af*-;K{f*Ma&kh@oT?sIG%Fw77RwhYtV_bO5wLinV zuXD#aFwW<`_l;AAaceV8Uta~_B4N0n*c9O3(22gI#w(4zKa$T(R#C5Bu&M&g095V2Dz9 ziOWdDxUW$9g&?KHo40qXQf(M@4uXWGXw+eu&<_{6m&d5Cm@gr^)ch; zV*WnN=N@E1{J7!!z|?XSzP!3KC_?bvF3G2NCk}*1PxC+k2lN=GBefCxFA$aQPE6fP zI0#UECs1lVvCuEeNM=C&%ho7hf@|)IVOF8-k{|`3uHlEC+L4wnFUsn8+&Os+>2;$B zA=9+4mF*oVrgZ}?mKd6$J2lI1HRZ?Uzz)q5#n`w!EHBW20gy zuJ~@bQf9RN0&@4iR$6TdN>o_t5sFIw1+k^ZcZi|Bsp~L?`-?UpgJ-6kj3ujRo{s!% zl(%HeHuf5NACk4GKi8P*w`Es-WL%khRhu>5pCH70E^@abma}l%ufa{4$_5D-p+e3G zUmq?bL2-=HsUZyV+lJF!COcm_g*j1%zyusO$-wha{x>a+)-`fz2`nV&y`JsZp9@sta7bjk9x`PuXMWF_Y)Ju zASC?7o-Ij)5wj;Tte%0Zg+rvOY@+IzH*sUJ?(58oe+y}?`+B`~?=t$)&C(|2GGC|^M#0*{Rvu5YFM>JWbK&f zCHM>wS&;&kCXHI>e|r|=J#mmcBbwKTy}mJyzokP(i@&>C|A9GMQ8CxW*7wJ4C2(au z9&%xN9=4K?OiPNkHfEY0K7w(dnycMailI+Vpwy_^%}-!91nE*24#1^Sd81^tL-3q!oyCzV#p{r-3Q`lA2VwE6LNe0bw!By z6kX;st60aHB z6_n19z9@cuUKi`ihYS`z8NoK0t+fiXX=7m$_Q&}#-XQf`W`LY_-)Vozf+~?VeOkAy zPj$f9>6?5zcX{)W)n?%Bwv{&@Y_f*-42?@fScuFb6*Ql&Ko7!}!yjk1Y- zBE=g{oGCMzlsaTxJREAdIKf^eeS;bbkl7r zNO{L2wrBk9l_B?tJ)e%qO(S42Zsw|?-H&ex-DlvMI}v;uGWFU$Ircgwb}^lATKDW- zTL)j|;PY%3lR!)vw3I565_BZgLamoi{i|1CNQ0zWD+_K^b6kMTUrc)zk$6=7{^((6 z6A2y2tz^76*XLItsP-;cpPh#(ed?1E6p@U-@UiDoYEdYCQ3-gqyV76 zTk6rNI}SjL+UVAZl&&GHNbcp;(V4mX7rCOL=09f{0zCv~cTZ9rX>KfzfD;n2S;9T{ zlio~XGk4Wmr#*tE?fix>!6&M;LM*imnVKD{upWOcPmvy9mHL`QAOLh5r@1+%+C~j< z#1mo8uy;W+d{IATxb%Mi>iNu6`U{@ru0phkXnw_hx%cFxtS@{yI)jL-8S7Qmk~tow zZ&wGHzFMryQ3Ss{fvfpYPAYp8wYA#i0BW&Xv%b25N`QrEMQ5}th!UQ?D_MzBk9UTH z4h`9F-cpDJ3j$#tVR$`+8YI#^#na3K5sxWo(yZ@NlYb)=+upJMs`1f&SpoO2H#grm zk5G;%m8|vUxR3@WPsD5ymrCO#d(7W)1SKOOA`>RhkDh68m%fKUD9UzjG+k~+9r0)1 zng%Fayw@6?v$m`~JO=~!Z~oZb2EbcX-S^ydIOZrYz7`;g?mKE;sig-lrr$O+Ib0lFi@(IX}p-UHLDjtVQtHyyGnY9OeD-9{(WA zS^#I9)=B+H1y51Tz+ER>VT46MXxk#I%#AQfWpqh;XnVF_RyC~}eMB!GtPqgv`aEd| z%5|OO00CU1+ullAiV!QYYhDRiT@khP!BB37hHWS7TKZoeV!LZ>#H(B@Tw%hm?_3ss zm~!`_U`=__x93syG11CW@2VPRrK{HdB$-aF8FMIZJt*1e#9o(g`?2pAXgdR3(F5{E z*>iYlZ%cy#=S)pu(vvU9ti^Y8b(&2nX0oM|3vTh|qhV06Ubj!UOeM$*?bQCLaQw@r z?v`J4Nw3HA0{?~y|6 z)c3v$Q5<3%x`{wmMa~oYY7Pa0R@J@i-iFM zvB6Dyk6o{QP;)Fs_^fb};3`YDZEm5%f$+)p40y?0+aG6kCm;?EW_){&<2kLvm*r1l z+v}&IzHilMnT`)X{cXPPm6$74qKN(M-xT>V>y*+Ca}N)Xw-(cF*Gyk67_(DM^+t`) z&$xTA4bx%PjU?%Qf}&6ChK3iETbh2MJ*0RkW?u=kwl5zHd>D<9R?Um-?{HJX#$ChIx8Tj$c$NE zJ4@Ocj5aK=5287RU&@VaIx)NdoC|7NzjDzCJJo$%m=y7|N{RG*QqI`*L5}Ow8fAKg zQ-^JbUJ&-SB9Pv(ERWFIZm0TZ3i^iP>v1=;OnjZA?N1X6Eew(;fnC6f$0)9WmQ5Lmf4Mo&IUUq0IhLnjq78DmvB^_V7IiTF#eWRov z(9KCc!^a0PcWD|ccjIgaPf~=ye->McilA^oV7g`eoYMs+SPp(`DE}0|>B3mh3zO`x z95Q3fiL!nk6-&BGnBY`)&Uwbnnm3 z)`_UW{1}hUZvX@tuR%H`S=>E;4vniB*w}|s_Nz58t2Imw0LqD0d`#5rBUw!S>A9$S z5>ZQW#l)$xId2}|O(mYACEr--tpG&e6G3+JDYMp_FMs_5PjFTQ{h*i5+<_&E!8yr;wC5>774YJ9(rkKuw=AWM%DSNfN^hAO~B}VLJT+v?7ZeL}l8DOL=kj z15o8Hmg3~D=Az#WoS`^heE0KSA&BJq?@gp-@6H{iKj0TvsqoMx7~TFN&xeVKSwZkv z);=%yx;dOngH#DAVA5TIk*7XPlQJZxy&?iYxksZ&_-n~pO`r$~pf9%J@`DtfXH7&0 zAhmmr(Lv|Dy;uA&CMXL?D%6`vYc9)YQ-c&kR&ldpwVFWPIkIgbdx0s`L+ro3>-}RgkCfTD&+M@JV0N z9g8{fw%w^K8g}p|{+ORQ|!n@?s~k3znbj9oi(Y>Hbp~(x_6> z@&RM6aLa}E?h&i1-Jv9$HI?+B%1;=kAanP1o-3zTzTYP^#E_>(A+i~(p0rpQ^ zXq3HTBbU-JxEg8te#oZU=$e$`oQTFjljV%Ig9;coh~%Z{&Y(uaz{(dZSB#^DhUsIg zzq@xr@mxyEvf3*y?vbNrty>QS1&J7Ke{FSxZ!}k&{MH@6@hxxWV7afkd#?~@<$)!R!MVJ= zr9(#|M>vvIS`wWWb(u?@dTu@0QRA>tKT|jS<|6PAWsasQ1N9xb(JBQgoW%SLAO9LC zR9sQccPC&=F>)Y@Jo)nuD5N$~bO$V1tQKbwa&L6HN#8Dgy0RwNAqP?ts)3%@&OjZJ z_T2}1=sd)oVz|zU^cF$;1*EGK+vzIduAz8I-g>1(lX{qe-Nhcr_FBov7vo?>i3i8I z?J9~dYFTCZQ-@^$>5Z}cwUZ_HH+=B5U)Vq@6OvvhaNnFbF?4M$Wo$KoYSoW(o@c?h|{-EN>K9+R&=}k>IsnQ z51$6$H=QCxEzU!H3W^+r)aPKf8`B7OhTSz~W+=YMXngQ{&<@MT3dRxBbW@B){QnSZ@oz>%% z+9mMhxT=`!B3XA2u{3Q59QdpAHl>S<)zlxEdG2y`;4Qw>XpD4~CPmx%Qo;u7B5(`k z3+VUzconEq;)h*(Zc#xlLKcg?QpUzXCnJ0iNk(cR8F|fd>2Pu|nm`PT*~J$Gmu5~= z$r@Ios~!{x>5}yA7dpmaUP3H;#~CU<-fGtDy#|nxw{a;j3icwgZtgJVK`9Us+K?Pe zq4LyMixoSBWutX^V{IZMX-Nvo@QXDxxuBA)0Th~PwK$kOAZ)^Zr(whtGI$pdn=M@` zp8u^(p8()Oy6Kh~tvZs%A_OxnHog02ZjlE34nvemw~3Uc3F={Db;CWMEwUv+D96m> zCmn%}faH&!P%>3CiX+W;d5koSmo#%>iZI!3js*k0LRlPVf}{tYSr$c_ElwU2ve2qPlOC zHkBtY5hm&xk|z5&>5qY{W9 z$VDgC>(A%rkRz29HdiNYbGsOX0p@1wPGD{2fzA|dK7nwL_RIe+bEsJ8GLv|}BqvJv zRaDTiVp^KM`>k;R{Sf;Cc%k=7FM%F-ltHU3==c_Kc`M*Z&GL+gN)2d*KwHd13;lon zQ4f$IJDtXax=4c57jEs-H2!dGtGLW$c)#)CgAdShOW0kXZbuyx6~%o-{Dq;9@4g$_ z;4dCN`lzPtnyd-dGm*Jfz0x@hl=3 zgy4X2*nnO1_zh-BP%s`pC7KV3)#tg+9CEi3^c@}hwA`X}*NYC7YUZh+AmG`S?oY`Q-kS<^+~YR*Jsu(%pfHlNE0 zZ&-s;nU>J?)asst5(Fg}kun~U6lcv5ZaKQ1)i(F*I^2f^$bC4>dfV~^Qq0mNa$ZLg z5=#okSN_2!C7|IdDOUPdbmKP&6oSYFp&p;!3@pz4IR~z=e{BV3j_4 zyVrQ2YjF3uD1ldK76ftqpsa38D-4`ZL`l4b)?w|*N=t4}KhkUvFASXrx+<6CCXO}N zfK{Sd)#jL1RL46m!hPm(I9nRgR3%sjWu6QEP078CW_9tqe@7TBaRh@6LS0j(u`U?q zg_gXc~$egf)qFcP}Ez)Y@4W;cU-Lh~qZyx&2%jMGA8rS!;~p@;}Nb`5Qj4 z@9aV-jR4@fi`~WwyBgY!17(Os=!PbtKk~FiEALD_dnC9ywI%)-hbxhV4U)QO@z4yf zDGNes7-PI83zFhwQ}glO`~>hyqP^GVoMl{ENwe2H?7yeY-d*Rk#lB`D09wduSIyoK z#z=+bN8I&+N%Hrb{XchHznx&?F&9O!<)|_LP_gns#+`_5JMKw={v#LU8s#Qo<-w1&p$tZP(Fi`08*&&-T1z;mYXCo0#6`0O70VAzs1!GQ zZ)R`f$&ejTWq>Y&1KS}xVpt9$&5fhiV{AHvX!dHwYsQJ4Zu|;gQDj^nTMJcY-TutB z*<>=uKZ-XNG{*iBq?+=0k(qd^fGiB)36d_W56qdUR)s~|*0N*-B7BYkUAlSnxJCFMfbPJt~M#??-YArJI`4rljtNnt_>rnM~{c`pCD-m0E5Nb&qC~iL2dhZ9NMN5^p*Xw}EdUMHh#@ky` zZs<50COY)w?M_GVp7Y#QWoch}UpDCF8^(ExH%UwGVhpc0TlA;z0Cx9c>h}hWIT2vK zD~|jDl{5O?n&n5s7iXAVXO?|CcC8MBebYU{ z!Dn2&zQK_F2yYp##^o&^Maqr=PSxRrUl}@3g56+jRfgUSf#ycGrbx<=4Mhz2y}cvia7_3r6X?^cFM1<6pSe%DdU#VHq>3#F7H#jzO4 zU3~9ikoZs+3h=BL1g%`1$Y?tI>JhX8%VtMK2O+U|pay*dkZp-R!aCJj`H?ifk0JW*($^ksf&dFU;e2F$Va zmR$jM;yFa^yNr?YP}6HovFO6ysif(AQjUqlKK5@O03__Y__~yipSc~0CXE1Hj76G(0*d3#``6kvf*=BKcUWkbMHY8!2m=G_>d zt!rb_l5YVsS)6Op(X7GR_reU3)|dRT)nA{%%Bpy4$*v4B&%_{UJkrk~J~x8Osmhyy zk)Y#HMfT3tRptx}zvj?55|sqf=U>uDzONz9ArZ}h3D*N7zp^EZ08$Cb@5M_FW)oNafkkctl#ZF%)9TU4Y-I0MQ1&m{SqJ){bO317bQu69R zgc(-iW)^($Bm$P)DeN&K!bSeIMkk3 z{+r=#4`=tdh@ufelO)=!#c(eLx>5Y?XQqKs2|pYWfoo-8_CBSulA@AjFkdL~*PS}* zz^3-1;$=$-Qd{>Nk zR~L_u)om_Ukt5-ku>kuC;e{ng!{a{OZUPDgF1EKICGzDE;?2qXFF z0FbKwtpbPfb39p)K+mnO5d4)GXZ4C)NUz@UJoIbnq8YV9qDD{XOQ2yXfxPcz&_`7+ z*JE^NRESQ!wpGm89QZ8Y9VIMZSt{Sn9sOidWW8^OFEIH!XCyoh%qY|~GtIvDRNsHF zt7LP*QnC@EnRL^_SlwLV;v%euEQH*x;8mg;v|n*IiG4TCLD4s9vLV3_V@`nBGY+<{ zwA*1*yx2>=p2(;UT?R2FuL0)(jCqq;k$+~vX2C?_Ja1sB^nTvS8Y=%-nttJ8T-C;9)r3d;6{R)^7@W(9w1sX|FOC5ek6;XT%VqHZhT>%DqZC} zS9EhgUP$SN<88 zG&ewryM4tJ07&8evSaa+MS|WmcyQECjVL*VjLj`VA=CZBkF$pBHV4Gf2Pls0WV*8J zB9$##m@%{a<5fnhjRyk{3@&dD#G2`TRS?cSAdGu^YKVDY;YCATq$ zw%#g9U8URcE~2t0q|>y; z^X}Y_Fyj@!Tf;yLi<9=$oc~i!Tr~B^(3znx(Kn(phXvye#k;E6ZxE@Ov*s13b|Dzm zCAw;f*ZVVSUSBobSTY@Ct7;u_={eQp8B!GSu;w`vKP!J}?_zcw3%~sS1vkKyZmhp` z7JO?_WU$uLg`Y;bUi9abN?(3A@7Img6)y*e`%-mzTYWSXXBlts>`3uFTYvRjw@X6E zmNg7nSYFszqF*OyQ-_TA-zZ(}upOlLVi;$uXtTIqJ~UylRNz9IE@UgsiPenL+j>2c z1(QKoDnscN=Cw&(4b1A+mUl63HODJ!o&*>*mv<%V_;}5Yy?fy+7zd$DK#8*CBHdK- z4zZZ!6`hKeCdj*}#wCHS6BVxR9okii3U+jSUu8QU$JbxR|e&F`SOFjDW~t1 zTR^9==oU>SdJlfJ-dMBScvur5VTQ*Xw!1)@nVYvsnLn6rm=)oT$z7fKRlZd+Ip0K? zzp-|u+(fB_b36q7nTlEMx=<{ZtS5|Iw;-{Ojcr+Ue(c8oDZLEJ#D_DW_;@M%eVjYD z$M5oeip#DaE;a#}y+))?cKD<&VzHBZZ?L1wUTY?bYxT~vQKnk)jytJC(xUR;@lnv~ z-aBC42JCg{)gOvbET0H1Q=!^bimF@oGw$~f|I&(3d*iTjhob5 zHC!nqZdgCkalB>Kv_KWf7%qC}ta_AWnn2=I`>p<~rJCWrue24Qr#Nj)r%aI)0}G|22syT@AtRyz#*aP<}_CdVT7lhys=VB70WzB2?Q6UoC}&tCLxEB4X}~lhHm! zjor-Zp?p_&-GZ+TIlXt4K}WL#ksEyiRzpkOb`?tWE||nU32$p03QQsl6dTgiTf{p- zNhUn?_BWqc8^WBw03wCJO+m}I_9nflmzr69gzLy4Z*bfLqndRiqjThE`$yoY*%S9u z^QT>b$8Q8C&V>3l*hWJJEf{(MP zCBCf@FNOs=aSMNoe`jg4L6W(RN4jZ~#8H5Uab7gi=Zm?2t=8)sLcA4N;Cah#T1-rl zLWWKtv|dIQPuAi4_hI^2*?%#MB&j*w)+f*JX|~$AlJ@;;Plhk7@5ghk^0FeZYlH6( zB8}L%GZeG_!)P8QT=^4WBxLoX?EUs^1lXVNF#=0R(L5-4n%Eoit1^*UqY+*`<54?s ztF+77!K?WGdLK4v=;7h@6!1aB5G9Yt-?Y;?yZOJ&YoPil@@eygo@Q98+qZ@wSd|5a zVB#-EvusNYY|Yx!Tc8AcHq>`lXAbOh@bd@qAs2b}J}TqE;n&1L(?c^{cyK}uYW^HP zR`sA~{DZAW=x~21-;F2oZLN>>5do0>Gy>t1JKpjM^4}l0$bZdRlMh-NMyZ+Aocgc& z{ktg0AG9@b7sP{VUZFhee zP|=)|F76eC&*9iv`LaPE|LH%bOg5KaM}LeC6`bplN5o1{ussGO$?q?~P7Xyx72e~4 z?b&rkl6*EUqhrT;OVan8`v!%GYaaW&6re$_a!Z3>-5SO!QhLAM^j;OLQ)@BNJ!%^5 z$Z)^FOEP4%~oqO>?vM& zxlTeX=nvq=QdE1moU?T@EnnN?lKD!MwVi4%UI5Qy-dBH^>K7j}_HUmD`X@oNpXOpkn3DzF6;kx+{kaTwa78VT8m z!@~r`Yt2urTrWLmR+L&H4JY{Jp*qlyHVR)?>ED zWiqqM=;zlbyuUnF=f}k?I#auWm7(fT8ilyy2WTm(p)b}S?qzGj%1$s_*;`$Nl~vOd zK{Uy5tZ);smg{N8t5I;uZKTvEsqL@qkhZehTwl>|Z5IarQFL#nctXxqg7^U)GwYv# z{E`9P@{(0X#8wZ@DzHuLre*`Bd?7Cwgd8!Th+Y#I7VZHF=B@(C!-_A`< z%gyaJ^6Q2sJio6O5t(raIc(rm5gD7kS*V!RuOIOpX=Z`Lt$(LO05PofGq9Mt0r=P1oyxF{=I;VX9FtZAzy`r11rah+68 zWj9jpC8_1|4UpZ@*!u_aZ5K7H{-b^x4AyjuJXGS}BLSM^pz&LY@?NRS)e6-kip88- zfkE%mi5gMYosH(mwyj80ZR3gVGBt%O>$+qPUuQZvStsf~vKkvFQ?OYoJ;e%5s`qMG z+wr;Q0WXj%mKGcy%UkpPe_iG*BV5B;!v6n;4CGU}%KOPX$#OILU8L-_D_J(RmYT_Z<3?9I#QwQj@+SOOy7)ByxCvoOrGx5E?M>=j9{vOA` z&9HDq6qzXGa2|XeZHmg@#c$Vy#h*HB{q^rN!PbgCF5?Z7KLB5exnYHHg}QC44j1zQ0Gu*k-;KtLe3t>jgLi?>JRLogd1;P_yTX1_}d-pyvy6~CxLXtP)NS~BLqlfXY z_T2*5X{Bw2aq?<8gr7z11ud;(+-|CU4l9waJO)pu3V1}aDC)Sj& z$6!gCWp=tI+K1lys~@QC3^$%5X6Fdm*vLB? zgm)s)LN~MmxVMIB(l}f)yl;E4@CjecL7j~6FNkg@(@QnMlw-8pRbEr8yd;7(yPglf zeH;8@&w#xIa+EF4!cjg)Gq1|S@=5sSCmuvk`0dTCh#P{D(PG9b_0cjqKTRYI(~%H0 z0QUdjZesi2t#mjOe_2?@@fZ2>VsmT$tDm)#!jajW`Q`hq{hJ@(J&_61;@L=DhmnFy zCO>Z56n~DZazC0DqDlMy;mdMN@>Bt{X01((-o>6@pC7DuTG(#9)-XJ_qET)_cxzdt z0P%dQ#JxZBcxKg4R#>-svbxOH@DBp)=Lgg01I>@MC20leW@9TMzL$Hu*7s*bVX)c9 z!cI`iNfwSt76xj%`75iWOw~@6XowaJdN}xH4-KR0|oQh1LGD^!Ro>aS$TP&;PnB zSayCS7`vi#n`{f)H~T57gO$hNR(U@E*=^yMi!~t&r^9!Vv09%e?I)m4?~^J(h#O$I z8DJme00qJg19U7Bw}|rMu70!I+E}UrQnQ@+N83SsWweYvvxd_-9bR}afzk)^I-Bf~ zWNCHs0mMav?;T;@XAG9}CmPW{j4Q7^maJ_@%5K8HJg#O`R}(V0)De*wfjH1k3Zd2+ zl{9_ML3~h<*gI8K+2f}-Vs+l#&+_HhsI~cQFw3X)0Ifl#5(#$PX@U#KPQY{ClCmd{ zwmgO6X*y*yd{%oC4x4`kL(BD_+^t@TuC|xa)IK4{KIa_eoe?hP&O*P=tK5ghJF5ny063c#Z;k zKZB4F$E+fH(r?$K9NYeL5m^4Z;!QsPEMPT)>{oUE`iEv!Fk#PcU8j-LyS>uBbf+|l zm-y8ZM>(71=hQ6+D{w+wj%~c?_-P6l0{5%|@BbX2A(d6bW&FjEYqF+Syi(Q#rMzJ{ zm_YL-*md117NbUuJpv|oeQOYTN*>X(J6*Al?_2XWKm7NypmWag8i$G5tUy&Yo{%aa zi=tkFWq+mk7>Qf{JP!{iJRjllSMn^N?SH*`g@@%8B6k79@UAhd!@RSLh!=bvopKSm zD9W~Igh3hddb*x&w7AUO*7pOHKdS-{bHV{juiq0g8`Xhml&$W`K^$18jc2%R2yA@h zV>|NnLjMcsSPsUhD4J6zgSqB=A&4P?o00Ntx**aEgaTtA#R^L@7b8m*uLyUvr;%0S z-;-2uGX7>3BzMT>{PP0vth(8W0?`*MUyh%4oi!0feq8$w?y7bc%tgIfh}9q|l-kw~ zg^L;c>L!Ko)os2c)^eR0gwH@vP^1k>0n)No@V_A~wXtTc*hg%D?;-KwTf;22jH{x^ z(6`06LY@rfYVqn(eY5Jf-#FRRgNbnQOuTiVDDzOA{f7%+S}T!IaoTWu&*QTo_7vj0 z#q`&+1qYzrraPr^LM)BKx&=AxV0@NmO?cqZ$9&O(0l|LSatVtx3fKDujUe4PG3Hi$fAGauA z2%jI~WcVow5IGok={rwd#K<0LK7lLegrYB1n3*igwW)c?(8m*UOKJszbz)DvixVU3 z9U=*=wyaBe7MD>UR zO#GVuq`@jx**oIHIIper3x(NX#2yw0oyo4B|O?1p3mQ#VvocUF%UZxRXyD_4=l@Bkjq>a|8`5+q=g%(2YJmS~) zgT2(X0AdxsA(0QrZ;JfU2>jC(pm!Pn?)vfeVv@$KpZT=!$#+!FvO~Q=QEO7hRN+iX z@z^D9s-6Sp%;zM1Z>j`w9ez~mwzB6TVp$IMap3k8ccYgGv_r4Vvd)W({_!B_bEkZd zGpVdHq+dPt=MwtkS*#(InhZ@v)KY`LpoOT9yEd7Owba;{`bQ%BiL~X-f~74Mf7ZT? z>!s5bthGkOb3X*28(p!#v0ov{GJ?)yQg4>&&&M@A!cDDOr_wseH`HAB|9V3W=oq(k zK?-`^BSDM7l3B}X?fpg9#F(*ssogtW`FsS}l^ZEG8YN`DvvdBjoFB=a(B@pxemQkaQe1Q;&Hu6l7G69DMYb41$rn~Z!C?C% zYUgV-5IN7!2dYmu?d`t+`H>%#B3hM1zC_E*cwtg#B81_KKMH*^8m@f?8_~N=62s1q zT}XN#$SGwVe?KbLR$H9c$zPrxk%T5 zwNG9T)ezW=q&5mH=EqA`c0#lW9q5{v`8-%NRIkLtRer8s zBC{dq?pN|4Ar@8`;&;YU605ErEiH!RpSTddLfhK+@;X1CnB0TkXIF_2b5&vZXG>-1 z-s>FKDK~LTFsk|A&D4NKKw$hymLmLYa2#T$D*;|@yf2B8Rzrx|{MF0xuaU^zSEwvn z_Gqy25j9o5L`LKltIzUO$%jZXc0&A@ay?CumM=~}>llC-QNl%g$s>CUc!MPw{$5Q8 z>g|76P7;n*ABhRpbNZV$GE@N;FwB+DY`5`09$8wy_29p@2qy(YL3?TScm@W(b^b>D z>xVBl1076?>uh-K?Gf;=R%F|MEt+$BcTw31n~e9EoF@Ad1-5FjruQ0;Pg`^{Kal`1 zs+dnJw%4BXFgcQ$p=#ar6+v^RB2Pm=fm*VB=*#%n6_gQhUM+K+!gTR#y#921R4%qV^adC+oB z8n|e#9(!k)HKSIEC`LD5!{K**{rFnQxc1cvG24M}>`Go9@0s{?xW*jduB^EkJAUuN zX(R|qrE+_1mKB*({?EbgWFjBz*7292{~iCb!Jw_(O7G|idlbJ#k;eRL-a98P2<>Ho z;B|0BA8vbkmZR4D^%<+vf)j*7+R4buyavw~d1J~qHfm?8;0MQ2&_bLvQ+uz*-c@ZX zhJO&qKxfRVyFT&%Gmh^=0eaA(=2X+h60!7G+i4}lsQ)aLIP>plk&1Zs1F*nuJlYGR z4zsuESzjO`>%nifzyImZQ}5-e?1W5elq&_uE2IM}#KB1uG_a zSa&3@HNY7RN6gZ4{23pq?TAw;NA}2%iH{s&{S!q&qSZ7G`6u!~Lr1p1oNJ;U`I2Uf z?MuTzRnn)&GXmg;O_!qvjZt-S>Z zV2cyketU-#&5_7)8`*w)mjB`H5wT`@(5@46p6(5ob-dS+WZ^|#neC@A5rC(7dPeLR zJjFb$7V;Ea!bg#?h(~$*DfUvDUvQ-vx?cU#$M-Vw_~;}myE+L;23Z!}DP)QDwx2@c ze|QR7z7(!IbN~1~Fs{-EqYf)o)ihu)&HHd4m6Ae;1)2A9kV?$@whx&LN@85R$n)iF zsG`^ydDdaUvEbXWnYiWzv<33_2)djsTyx{qp$Mn>USzJtEbY8t)2kcR)riA^zkj3~ z%B9zHwE55Xq79Y7=28)d->$R$wr=Sb+2G*F#{PcctReeOdeM{Q36x`rXlqw+SyJ!P ztl$@hgqmx2ot4WDHtT7zN9IV?3N@$5>lhs2{gW7c6bb&Wc)z2VT!Z|e6pk!p^V9GOA^uwJYbcud z0rlh?n1!wQ*9#)H{DfKaaaKOVr|MO@0X)qgkMQlPnM)FEzl zh<^~UF0aY_(OA+7%Hz(Xa*)`SU-WK^8hG%f=(wibR8Htukm74n>3I|jV2?kSLP6eA z25~O78@jp&i{_e8n_B?Nu_Z-&*wsf#p$z6CyS^ng$_hbUHt*(VJ5xQ6n&T%Iy6P(% z{F5V`WNjP34{;-+3%%}53KOT6d?ESTi(rg6CGLB@G3<{d!KY=QJL1}EY-Ydza1LMZ zB+f{=@i(je@d+v_n1lnrcVu7vDUQs=c%=#Mu&rs|<5udX2Z;YUvb`R;{}1Z{PXE+L zgfX}1Jr~u*VJJr(!lv(VS1-Oxfkj z*>*urUo?MnvUH`v2EQ^I!xo0IJwFL7B7F>3J~NjAkT~EK!r1uLH%SKWX%aKA{k)rt zuXF~2mG?hq(vnSHF4V*KE$kSFX_QnSH={Md%6F9}41bCAd?e9#i*7r0cS{am$5Y9d z7RGhk@N5{{-^!F3gx2?kAP$U>Fnth$&ue6q} z{!umsCjdA>g4~lvK{twyB3L3&UKAp^blzoZG@$gC z5a}XpeK=!=_r}EFOFvW~f(#*XsLLQH@n*fFaYm5$q_HhD>*Kpb3WW`pzp|y<-@QeT zQQTS&7qiD60v<@kt;8tF)1xXCbJK+=;E-ihAvizEolrM$(#F%`&dTIKrR_I&qFnP9 z6axM7*P-kIiA)z>$bjVQ()GqCeQ;7i9g4qyckuSmmqyQ-<^#CiZO3gNlt^08D5I<| zX_-JsiH`<$!IZJrqZQV8o|_;$0E$|U~^KFcBLTMH<-d^ za8r6~rgUqq8)P}27CTATVMn4577s3dAB2M^+9oP#lvB zSbNW;F0+k$rH#^%eZQ}gfk9&K4sS6ODB>SzntxGW$4-s0}f*GbOCN+7n^#bMae(z zh`8SQ#Rv|N&@`u>XvC`Atmll7?|N%^qGrr3y*Zn$)eKuuoy8-90?Tbm8*LZ(CHrBm zNmCZ-&ohmySi9acF}H>9_il0@0Aj24J@vGDRKxL@ZWkb7SIPCSG``(HYJ%VCWsdcG zl*STyYsJY&e;dO2OnryOo%(s=Su+k!F76}%w{a*V_3H8x!9{o%GOL)k( z2U{~d)1FzmA%w8Xn%D5CxAm4gGFZKxMpTtvR;M;15apbhlgFDu0@pSx@rPP?y5>CSAw`}A|918_eG zkV+4~(&>y)7yMBOtzWxokI7vYbp>VkU^3vUy9k=S4->8!LL-uaiiPO3W}D^U4uZ z!AbQb^~8rY4wpvG?B-&JhAgdU$3?=#UYWEP-0MGflf0o82keHIUtsjZVP^6&TP*|L zrr|a5m*L2PJ%dOHd>RSCHhR$?u#X!M3e_+J`9yHk{NJC5 zFJ9#)2m4O&#~n%z9?Yskp)?(Ow}353**_a9J(bh8i&jtxR0|QxM4Ci|jmIFTZFyMf zAxz1Shb}d02CXlc_&BMf&7y5pCZU1J#$iPsUegwm^s0=J1|iKNkFhsCz7Lx~9p}UN z!x|OuhI$mR8Y#Y>B9>=d{So2IjVc}RO$>7vG(=kE29&nulz2CyBQ-yIRB-k)m~9R! zv0ClDCK|Enp<}Q4BrtAyxoS|yEQTe+wZWp3Lkr|yfNuG)2F5X@NRz~4r2jwm-a8)a z_x&4xC$bupz2j}q>`nEivLZV(BP1jvo2#_!QQ4z1GO|my1|lJwlCp_pW%E1E>!Nyp z?(hA(@9!V?@jS{FT4eHFOs=YBx|v>WWIqPv85!dv5ax*U zV`IFJKL{XSzwvx>mMjkii`eYoe0|^B3O>*{F&Hr@YGC3?cQnpIy7?Ly{{NjI*Kxg8 zcUk<;@K&5+V%(+tAqfYw@8SnZ&`+wH6tx99;?k`v5|A*P#Cn1 z)h}-kDX~0f@TXdTzRKWU(aJ4$rCF)Ko%txYHt|h1s z`u5em4NUaK7vIlQaVVzVzB`XE zxu2yqzKmms{8wJj4JSB-Ar>YJXk-2U7Bc=@$kUcw9GGRA5R|(Oa`w%lhq{XE`G8}E z$NJIRZvYk&tbI%ybHOY9)$6^VH^vZRZukagiZQ^FImI$wHK69f7Mbl0%&V6d$0XXX zL%XIvwbGNUf&~C>GhWTg&_3ER8PQ|x?EqHP;f8bO5w3)|g|mM1(JQw_TJC`J%6(93 zB*JZN?On}E@GCw_wHAnU!lc$FhT>gkzUZ%2fr;(j|Kh=9m31!uRhU%*NrW9e@@{iI zdXC)o6fV8UXt%6)9u7j~cFzdPBV60j*jqC&6`_UEB3hhsc=H4ErdB1$0iSq=+2SMW zB{|2Z`@g*2{&8q7VQ_;(0IuuM^Op%RaTns}oUERgXY zf%cVFY5z?KutJc^{uN`*{G9cJ$$ElVKdcHFadf7|7yPCxi>QdnZ1q$1Ju?QJ%Xi^G zZTuJrAS=Yq&Y*lEXglPIN8~Fiq;wq6hg_Y6&n)>ViW<^LztS(eK_fDo!vnXO=#b9! znb%ICQ&cB#%L;JHdHOs^6=*+)S|xN7WAp41Csy8r=lR9zwd)B>o;#HjL&0pm28$18 zz4V&_uH3S`` z3q|)=Lrcts5B!)|u2Ep}nt1pE0+^sdG1?842M5-5e5CJ<`h&lu?P4nA?^g*>jIf@{ zF|luNz5!qK-3|@8XDf_RP<8_Vj^sq`-r%8T(Ttb*HFBf(EON6visxjGtyU+5geaEb zJYf22^K%f$G%XD@*%Fs<;OYhOPjl@524xm{-60z(uNynp4Z_R42PIi9w#JE&g+82?_uF#g8o;dHL;(9p`M84nJ(>v{Yz{g1{d#J| z9nvcQ-=fGm&aI^FQNad?Dr84)dCB-z#K3qSVr;U63nfc#RqH30apjfIH?4ek>!D0( z`lb}1n2hpfo-LoBps)*_F*$e!!Kmi2`@zx?q)fk(aA;FFLMz)!+u)W1d4%#ytF=Ki zc*F;2f#kw~pBqIZG~fmp8+$_3{F>e=#D62xKM2Temg?jNS6i+PCARwJy%5;!gO>A} zmxP8+&{^$OfXQs!@VD1;(opI12)g!C+c`rolqUfb$=N!S41J$)w3 zHE}KBiC68F;u~bqdM27fOf2K#c#p=*5s04{nPn%_hL&a8E5|A)l#X3^ z73cv>(XhT1j-<=nV=pFN_#^NQn0*?$a&U&2M{G51EE%n{MG_lFn z&qtmB=)_e(?4P(M7Y7i=N}X!xg`L&(+fe{?1ku}zh2eFmW8%Q|budS)VcQ8ccT206 zp3W_2CZCW0l5h4_xE*syS4gV;d4Jh#yQ;ulXgIBuyf7aQaX?ZAq6<5nvUUx+8{gdJ zOw!pf5g2x~Y5C5sNr(-a=TO8&zh>$QXEv^XpNiPk6kYTMwjMMM7#(w}2p*jJwTpV^ ze*-cUQ`L~)URrp)(Q2hI+&7mikO3TQ`4>`@CqBdMg}u#L9&;nw8r*(PX>(pfr8S|5 zB#X)83kIXjq#b!-E%p6Ei$cwdT>N7x})UTKU9k}!7m}-iJ@m4dN zGK~azIq=V~v4_)Pg&Ih3d4W0L{#y%V_1U?{a(lhZLP(+7hpb2IN)h%f74 zb$Gi4t567>ATF8js=bqaLZ<#~(#P2YPIr)>;M`I+elXA)P+rcBb=0SLo~R{cO)fTG zWAw7!iTXuSR@E*;b2)PCDCxgm8+6mJoVFGWF0C16tji=dz4DU4dA!x1DZ!~wsq*Uq zCob^|gf;P#Y$kBgHV5bOdravOmr>z`Eo%Qc>bV&wfBgP$dv>t^GJXpQgKtLljkQEq z(*^wsC&q!uZCjCgGMd<_dNSh$WFjHc@cfP(#Pz)pKSHMACs*F;E9z>p?b!!L7B8<8 z)NO1}w{GzvPygsgl|y?3)~57_!7B;=@c2}Ns_A@`B=nmFd5W7hBEV2xCND?DZbo8A zn^wDm-rIM>k~tWLG8L}i*HMFK^UXNEyEUd&LE&O^A}t~Gr4$TnNH|<-3BA?9N$0ou z%`6<1eed)ceO~LfaBLMYWjIy2T*d$NhGTWiGxgMITsWieshk{X)9*=G76Sz*D7G~5 zT8-e;6ttmU{YaQsUb^~6F{t1nvQ*EGge#F!Q`Ou!W}WlY0x}2!L9@5K_>Er(0d7Ee zdQd{5Rb~gPH(ADQI%63CYsV%vTF6SZFGNXiWy|>ZhbdzfTG@8YN>btH% zUV5DgZ!d~I(s!bdUY(aC`Li_&VbW7ihK@`i@?#5=v;*VO8nVaQIcL*PG?X;114ON) zS97!3MnUEWxBujkWxae;#!2S4SrNhx%^BCL7Vo-uWT*$9V)iZRO;u0mCmm}I?|_C? zaHJ$kI~xEg%#;ajtsmSk@lr0PMe(hEULvXLVzKw9Z#GhL2lb z${Er$b&2i1S+Vm_yyuZ8cka$LjI588MNyE_g~==Vs1LB(>+8)qI3L-q<-u)VNV6S$ zZ7TB##ekOdAs{ozu&wfrI)ReehXw}i z#7Dgzay6F?KY`Eh{Q7_d1?OqMEmE^P&@4vf?+b|oIv6kIVvJ24aAiEIDfwEylR0p8 zHsK*tH63q;x#K#E(Sw_xp9{4*mW9CDY`Qjn8u}*QorT+kSY2 zb>tHcNv3jrVfcQ3EH+4|qu$*s{j84KoL3*@_Y#BRNE8TbZqZ#6anV@t9P}QfSB((} z#X6GFEFIta?en-b@;*Ul{m`p?zh{#)Vhet*2Qbpu8c|rZEE^p1Oy!MFs{ciS@PC#9 zdGmM;50P`v9UoY){`su1hk4t10|J#$G)(|$u$1*r<3Wd-enR(x0?yt>#sf) zh!k%X#^Ev^9D7y&=?EOL_p96^aKxQ@zfZWH>NTgrQr1ee!fNzTl+GuQHVk1sj4C@~ z1O2norM^?qDItHRDb8sLt%A#6U$gbGhBEVPMh~!l(PUk5xgTX)bcfm<+NV#&Na+qf%I?B3~e19G*9$B?axt3%(?=RIl zBOViA1Q8E^qE8cdT?%+*|B>uDv@A-ewxG7)Kw*?|EbUd3lkYbprNPi1?}G}m9O}uk zng&wFdbt)*yqwPvycPrKGGX zozrn7G9BE}S>{Fe-84TsiE?P95+jEt-qx{Kb%YkQz1=wDi0OYL$;ipnMQs3Z5@Q&G z#$I;Q;Dyy?MNg)^c5VLx zK6vH91>h~!No@CMWRH0>E#(r#T352i`=x%h@RfmZU<;Su_(VR3kX*n-Y zu`!>q{=(^Vd_e_7^Bn97T%enHND#shWezOoO z!YvWd5R@H>I60J&;20F{H^Np3o&WU^151pYU#Tr@s7D!lyq6Bo`#6v`B+Rp?Q1e^s zNC~Sl+nj<@r19JK%gj&`F!i{Qcx`KSt|+GJa#CR;(6!G2-x?@G&n{j4y3rUDy~Gn` z4NTr|!enMB@_j~mhi9S2^nirpSE03Q;&>o*YE8J@w^A@T=}wV90vYTWEQkFZS}q7Bs*_Dp-fZn9|&}37>#oyY?rwkw=I2QYa+SKyehh)5iU`LY!)mS=8-n%=;*PwA&fXA2{lYmF5nGxtT8alu8yES1O`ZFE6rK)JYv{T$z;kyu-RVK{7A@n zeQY@7RC!GPCxktaMx(zC;or9qm@5+&Y<)w+LCvxcD$Kz{O|EpqDC>T)CDAa^wvWb% zhe+zndncw?`%71zMAH$Lc5#(UeSLFe7(C#0X~1&ZW#D0Hyio#)shw@0APbxDY1ne| z($?zrM2`8YpK9ibjE!JCh`W}9;I&U60s_io~jB;nKk@Oc7UbYr2u%ghMcjr`AM=-X#a zGU)S2S5TN9m=(~ltlS9V4N_n-9$6WLKp9ODVgSxwZ0+yLV7TAnV@XJ=I7|jMHZc3k ze)gSsSO~7`8)U99&(D3ez4{UOhlik~;b6X>P3nU1fY0Lkpjj`+0 zgpoRlai-s>y@0HNU}3xgn!~?)ytg+kZt-yhjIrcQr?w^FQ$Twpgle59gpSVrxSUkj zd~-Rp^ZOl&w%M}jf}DEgI#})+l%m*7O2=}TA;s|;=@C9Xoa>KOB%Nnb?P4m^p&mYb zdkPoF`ECq*{d?)JWDV>jL;SuB4sp4BSNHa#y>`C4MJvk_maYZbPNq z?Nta$(5-fcEPDON&p)3V6uUbZd(S*`o)PPLGY1BC)}uit=$o?FD=S`KA7rsnF?g(b6d56J+zUm_$&>cAU3f-1k3>ocWhnJdDfOS#1@L9;OGgu174F4QRm z5y$6M&NrRrjNTkp*wl6&yuviuD&h9Zs(cKFY=#|5c0H$-EGvbAh1i8h)OCTxM}~l% zG7OazjzR5vDE5#K3nV-W9_24JB#pICC(Pyi5w(n~d-6Y79nfAhq3 zkY#_Y;vs_beTud=2G|38>H`M`878O^v9~#)+^}D(_V&*4V7}r*Xhy}2%QRs1{uC#| zpe%KWTf&DUY&Zm%y#4#rpppKUXb%)`7gl+0Zw6bGxt_D&i8ZQ#g8_O?=TS<13KZEN zHRCDp-i_?Ha+BcFt{XhRY?x;80H$m5}@jzSpu z<->rS0q~!{P1d!Yjjjb?IAroD|A$Q8nq9&%_;8*ao2}+gd3Nz{II4+s9PCe!?Q#A& zVvhjB>?^bg)2zY?{tx%JeXojJ<>^sdrWQ*XGN^Cv9+9c0il4E3xv_f8|K;^q5gQGZ z)ld&*E8E_QpX*6Ye_Y3SpCh-9e+NlcsUJ2#B@@D}ok2lx<8>7j$7xU^L#^*p4(czJ z@N&@J%P{mv=fxUIccbX~^za~HBP>vd_%X}+{e2^A!;aQ1ll?keop-*0`&lXJyRb4G zZkCyU(NeTssv=zRK2|OpjwjQa=J(BBm=BTdXz^~VLZH!f#qj%=3yALX)`{^>BLRa~@|ELe)^?N>;{?E;97N4#oYVkpP@Sui}%= zd7dS!a~Lb>x%sm{2P6qaXb>z#L(@L8+U8+@I)Rqln?m_i@!{wim;L9&z1xG z0D!TBvoA&O!HO30K8`n*6Ol7nYAbL%S;I z6sX;+ri$%HE9b`HNZ;GqBLcBi66^u;{oe!pcj^59y92b9%`^hwDC$E)NPBEQ1+55& zawwgy&;3>Qn)^~-^$2MniNg$rednF)r2PybE(CmhE9r@4WYMA(^GOV$ ztBJs%6#cUp8OW5(EJWFWYF)Jj$Uu_*+d$H6BsxN4cA?c|`=iqr0nD}ZS_pY5ou^Yh zG)jFubD4C6q@ZT5LIpJfvGctdDglZ!xcJDv#`v%OoL}~2JlpB%1+&0qHF>cF5gcHA z2)uOPvbK&?>WoSGbCDA^@Husy|6>iflgY{+zHdGJf9a}A#AKGP3koH}Fm89okc!TT2IXgf)L8=P zaWALZPu~ECgV5t}q-_R%lPe47Y@E4qxpx4a;Cj6m(iure#gZ6KRnomr0`wUvZg~ql zBH+|a@gdZ;jit*D>Uy3Ef>=o>{>Q)3<%+3Bc$0=E(ir=$Y~4aAk0Pe5<937t+(fLMs14VJ87Ul{Ik?=RPiZ=Dw8JK0tAT5UcX^(d{ScNYw!fSkf=q1J4ed=nx&767 zu#SjG+)W6%?ugppCLW@ja40j4cSqC|Rnam_MLno@gIM?@OH-yk?$5}Lv{9W^``244Y=zxs}+M*%sr!bLY&>JhI+!0$u z_Tw*+U?CcOB*whBz3xlDXaOtleS&=vTGB`m(j|0-vNH1wcNT3;hOmeGFV0z2O;BEa(2Mu0yo_qN}#gR0l zS&>xVuW)0wh(t9))wb1@BJE}}SQ}llt=62R4U4q+4DWZa)3?tX`FAIp$_TR5xB(l| zD7CEwbh`0v(+S-W0PnDm-QYb!O(-74zJbLB6x4%w@K{CKOqEqPBO451ZQ8D2l#xJ8 zo0t>r{72%TjUKbuEI_H0kza2Y9ct0IxJ}=>=p{l2RxPd;Vi!u_$5?#p=s1@LuOR&s zP{UNSSEbOpgH)gi&4l8#c=fr5R%^wJy3Z^cZGaY4IQ5Qb9`1kiW$-&PT`_;jr^bT^|zw+{+D0I{7NdYIWwfSBbyfOFfZ z#u@(_s@WU^l5Fx%lT>(B)HFUM`i~W_UU_Jx8;sr6*`7ou8D7{`;5O+Zx8;Og&25nu ziatmRyLv(MJ=&mJY2+*3$Mt!K%H>#;ICleIB>Qt52Rv`~eN;uce_SV8=UK2!A}=DWcTI~X z*0hj@p^Q+fGM>`Wck`o#UYajQKn+x!7vgU1w8g{$-{3Q9B;#_Tf8lN_ixFCL@y%b| zxoFXAtU@b)pUG7D$&N40h^a-OUjSHyL#`qG%l9#-IN%kT2L9u^Vi%yqJ4|EDU>I|v zacP*X=DuAWo&8B*rJy3ZY>d?-X}T~*7?%AG_NQ314eCUjqMDfJl*^2kpybybC zH8kG|B=={iDQbv&auX$V3TY$c(>W;L19=f&vfo%7@IYPUAG!eZAIP5M)JC6`r%ec@ zJubVv0gydQIsTB|9rmLJ5q#=&G_mRt~@BM$mry z=QmwzkEusT_@Po9d$DUH@a7Y49!~|fDGr%$S}OZkH(?r^$xWvN;Q2klWC` zM#LxkI66Vn*&?ljJ@ahJ=MU~;IOe-}@`%BBt*ZwxV?g#KK0cC72mMHfuTv9*VSQd) z5thkkZt_jqLnHTIK-`{)cO9~lZvT{-v2+D9fdH~5R4||IjC0gTlub(LVlAg{dIx*Q z^4fdxkGU(=Db>=eQ8v<9S^OX+Bm8aQveBh?kRe3^;zs$_nfXOtp^(##2;r9gB)Jwa z3wjjl8G~+9Z+PW+&(=i&6msexmww#eu^k3}s5fIAc=W(tSHcDSP~em8@~ogOKk)$T z!xToo0LliBt<`Zhax5Ln#}4(lb)5Q$-%ozp9!3SO&WL`PuM&S}#Nl$1 znE+?ig3k7rpNmIF zi8Rh048t;pxAqcZ2Ks#o6wMV`DDTT|{CMqevZ!$OI4*v1zd4d7liHr zQ&%iv>Zu-@o+9%s3Zgp|Rt7WPJ+1cWt&OZRxo#}tJS4l8*i24|NM8d9h zn`$gLhv@^;HV|FydLoq(Q=b(%S(C*j{B%I)?>LS7VCPaE^l?3yUYv{ybp~wUKW$Y~ z#BW8UlwKQLC4YOgb;JS-Aw}zk2KK!5T2?HN&hJ;r{u>DsQuCJJn6kxpm)Lb!+-7vY zGue?DKH(>UJywh(aLORAv?LIxZtniE{wQ!;_?^qJV+PJsyp=*%LWd%*8W|C+$*U9K z*XSF?_u{z%Y!Y>ly%>m=FGZA4AO>ED+NgxLjq4(OW%qLcp9zk`lUha^p-I; z{h^Q6UC1JAuHLzRY=kS~WOCz&x>(%i16A5cJ+BlVEwgwFJW-(B9`LA2+?(g;x)d!88smA;If)xvYpI5 zx`|>Sts4JpLf!~tJg@d#aUbqV5_M{@Ec<@xCwLRM>pfskA$1;a^7WUFGtuC$HAb=5 zA+-|Z84exk&=qd%1HJLCMOJH9F5p<)A}YZ3@(v6UJO!(lQm*?Czf1F$YzNn!%M{Nf z4U3B26-FIVO`(a^*q*B6O%jNccWw)YK}q|lOGJbI_SWU=yAoy7RALe0=DWwUJ{~n| zG0cb1?0Pa+$+%w2Upc5zzq7-;vR}^qWqiSL>JkdZAwkDdv!rTTV@<9pWcc7TtxYSz z-x0~t-w-L{v%`pG#3u@x{OzBqsmk>&-c^ALr#GKz<%^t!*c}5W?_7}6L^pe@_RG*) zQ)-nw1!m6-dh+gzrNC_ANNQg*jVCo4S7bzoC_&I|bi@dQZ*J5-@vlt`fV`=ne5o`N z5}0cap7!HQ8c7t;v<~cXx+=ibs3WP47$^IPb&j@jB{w@7(zbcw0lVuJ=z`485dfUB zJ+?h==HxKGGw!;^9 zDHnDWAk~ir&!opr-(k5=@&Y#W272QSZQ$Ox*K6?t`H$ib`H!M9=o{siLid_Tat#Vu z{h;Ld=8;lxxo`vU8r7+qt+k_`b^ZPxY!~?mKTGQfBl90&Q^bt`-!BZ0%=iDk%V>YD z?NLbS@g;~w`<2bjQll%9cd<(fQNI;;o~y(EJ0ggn(-nR(A`X~E4Hfri7U4m9mroXezCZh30RFkGEAeQCToKUi6_MWEqigU53W>Zy9QygD1CfS~ z&>RQB9Ta+{+mn^CC;17ssBG9~@%Jm1bDJ~2NGQkpGB}CAiYM@Qu2xEM>Z1jLCjeZx zb?xDtV_tlB;n`7&v>fmUD!?*#PxQ(ylk*sz=6P^mN`2d{qz$iPwYOpaee*By ztcftV!HoJ(e|rvG6|mVwr`lHjC3V0M=qI0lg5o^}-Gy!-tIQ?Fqo>vsvbzZxEJeJ+ z-3;Bl8X`5=@`t!K|Y@ zs6dzuY~3DXaW?UE<9bF8l!ywyIrbP^eK_-Ark7*3bJbMDn`FtzK>umJ7qrYH#C#3ldkRkV zj7N>^st+j45J|^AF$m>jWj(LX-49~#XvA9P*?=X;8tuVL2fk+&N`V`wqaJMsBrL@C ztk;@6?t&(u-wOdS*7@4jadqu7qV=a9kAikl)n z&C(T|MGLo#g%g;kGHq!{G27%ns!Oo5k)VR|pQIxL@AH18c#%cn!26jXOdNOtYvy*f zj^a}=cc$NdB*?-iJdpa(MZB^{;hr*H?^Ig?RWMc88G=+nG^hedm)!(fJh(%|J9mg6 z8j;@ae%oIdS%PVaQCjN9zli~{dKg(YAj39-H|tb_H&ab}?~(>@1{l=pCeqU^_YV~k zqbyZE*h;fiHx2XCduCNhcSXi{+3Zzjv;Y)+^N|G;*hP>>4U@}2E;*MHsqG#VGzNC z*p*S^X~a$A=&p8FK62E&hC5u6hTxZgpdUJoklGHb=|dT)Y_PVvZ1$!}hr!R~J~N}E z0e-IWX>~Lu!4QH#!<(%*^MRF#O@GA7B15$IpO0!w+l=^ zx=f$vBv8pk=eRj!<>vqkBtRu-$^a-{{%Rn>GgWgy33$ZpXb+9yg^(CPxVIc32N#yM z2e7-(S3VhA?@?gUl`0=Y=5-5-(3{~Haxw$6+V%E$^gxU$v7~j8e*4;Q=>Wp2b@d&> zDzq;<7XLKz?Qt8Giw9(*(Csh>00L^@k%z|P5!6oy^$Zfuggq|me-Jz~N9<4u5~0wn zP#$IreDRGlQwu>Gq)TNxlC;Y)G@2E^OF;+g>L=-S%66Dg-yvk$S%&ao@aw@}r+{4n zU*ikFyFvg+$OmMfy^C@;1QX?by_)02c%KireR2paw*q67A?jet(E^9PWy z1e_Hp-bZA`{bkVK@K#+ayriZf1~|U#t_N}O(qH^d|M;XVU^63L@UM=Y!U=9WFnr(} zBrDP2n9R z;zQ!s-#PEq(%gTC}}N82v!sfl6S*NxO9Q7%WDf~XV>zz}tt(osRTZ0C@5PS<*A-wd+*7vmp`=J`Df z3+)dy8j#zjiXl?{3?M^02$LOXw}FnQ9lTd|(LO5m(0gYT&5P8!+I#XyVp-hoe|(R2 zR%Xv^T>t$~0jextmW%L}+R^*~9nDno_>cmtKn_IP_3P=U;OTCc>=34A_cN@cxUewa ztk=1n(H=z=hxRsEIuQRW$`?Lz9lsp z@3Tk};x&Iryi&ywpOAw-HDAF4q|%w~l?H_%Mvj{tw`a2mkVN60T1I5x)RcaB?LR|G zA%%RGrO+fezfp375?ifuzoR^ zRrweuw8q*m*x3N(h(bWYnZ`zTl>6)%V1(!sIuEs%c_JdU2bp?a{nmSqqzT-pV1y&T z#PLN=yZAc2BRBqr>4QgV(x`^1LQ15rS6;dA7vY5F$vxlH#rVpP{!61Oy2GRU?*DTe zyK|Hn82z4s<~zzk%P`|Jlq2^V6G@3f)O{b;Z4(s_!pK4?o#V_!6hgAlR+cCQvv-a)liybaRda4uEnFOATWII9%;j-JP8R{ zRZRWLJ0OY})9%2b8Vz<_&Mo zMDLTaewNajC{;XaZ>*RagEw3s#_!1du#xCUIFp>Tl5G(=7n5z~85q{C*IZRh1y`e7 zRvLk!+DScH?^Orx(>#u@24D73@Q_nk;c8HFr~USIJ2gNz&Zs!n{@P^pL&U>?RnJ>W zAK3964&O;N#BX{4Lxq_P3s~eJC2lu$k6S6V{&;FGVyixlSncK*^2@)CWLtX8N2er; zfA$zII;dMiEXq%IVFid<(wDl81Vfp`cOM~0JS?2T@`iB?Dsu7Ne%bNRYw1J5(jsWKtM`W z&&lA=AGVzqpsi3*zH{+=rKeqvVe$M_+GjGFTeS*XbK$OlVx#2eGk$TU_QCT{SKo=g zb5YoD9rNG}i{GK|)#J&c?#;2HfG8;eegiNC%C^Fcv5tb^(`{L`bh21lS4W3lBMWkS8jW}`9+ykbMgyI7k(SDXT z|7(rCHwE2eH%isTFDL8mztU{rT z9P|~cVT>a6+t)q^TfDI8A)tHN2w6A|Ok>_c#f5N!q1Et+jiPkb4g}dS;Q*HMkEO5E zYOTUaM}Cfy2_5G-m9!WIM`BI+BbnQNbg`ldly{D?i6ug4F5%NXY^3Rfrsz#(g)ZJg z@?VJ@9Yt6jL69xczt7YQxic|se<44JNUi>0G;D;Ov4kFZ^(j*9uRfrN&0Su&u&53$ju`Q%C^{~hsDS0>h+gA=QXj**WSVlE z(WesuU{(k<#lY0=9BOJPSoZ!qS$_h$;jo4Nfdw6XRTiRHkGHuu8q$&~;qpIYYpv>+ z+Qs0TN>o$HV~vYEoXyOyf`4(wyvXELf7VTKEclx)N1!Lgf#PeO7>KQf%wO(bxSo|o*?vq1L6tn@-vj7$_9gv@HrB+t{#MYqZT2{iv7Mb zV0AU1cv9O2-q6AK?{(3q5#jI@`DbmY;c(|WkD6CCx?lzR*GKqXg64jo*XbtqVBBH$ z?sFp@Z}>m1+X1y!Qd4O$ao~7bo3acbxoiX-sbZ=)ke>$cqVk{%8)wMudDw`&;a}0Q zFjc|ld(O_T|4wjTVl($MO*lty8w$&}*SUNWDP0AaYahNBBTf{{@@$XR5wxZPbq}+TYW#jc~#cHqy9heUPvgPl7bp`93#OigI5_dJ-UgO zZ39n~8P4vCCyr(5%KdT+(S!X#LmYp z%7y|UVWZhGpOK;gXZJ+(4SFeTG6nm^Fu5aF!tI*&DcQ6jZB_$>*r7EK;_I%M#~_V`c8juN|OYF9>>=fq4%_}oW?+k0H5QXp+r@SS}i_z@%0Hb|AYs{V1?J| zG}z&?>OBhChm9|95D}?+{quX@UC)A`E$0sW8g+|1q}(&L8=s1gr+VQf!PIMmBJx-U zHNF$kWz*80ebzDQ%g{SD$qr*^VSs5>2h6^SbS$6DU|m^(N`JZ&@LH(Piub`B^FVQC zAWd}r*=KX8{(N7`xYZSS*UX-(?{1R-Q9Rq~Q7=NWa707$Xw`(0pbGH4cn2wtE+j8k zmO!&p23wdU>-*SakBi)n6d zKMiE3?_zykyk^cIXH#Bu8!!Ksr;0fAq+ym_M-B9NNpz`W8Z%LgEudHm%A0LQ+qnj-Z1|y^Kt2PV5#|Q=lt!Ppek?3T;kC>u=$OU(^(X zTbr%h=|Pm%*-|^A`6?=uZiFlzb=bDQx=E@X$Oz%itX{NAb`!_3o5ZPyb?&KQKZaz!=*5pPNkixCwHh{{jglGk%Bz(j`SGQcn#^vG*>8GW;8}~X2Ni& zbkyvplyKH}O1lFlm&Azon%}5iKP3LV_l)bv+sMhuv;JOdz>*RHyeax=F;&ynlQA_L z)@yyOeh*-HxB`{C)(vW4c-b3fuf7ikxH-W{_vjA5-6bF-X6J+n@LI)7Iu8ZRY(T%N zYRXz?X8S4m`N%~ekrXol#w0sL%RuwopGDmLPRN{@-|DCxWG9t2q0xN8V*CS2RwMx| zZW27;vxsJ{AIL<4&nr*-MD(Kl9>bv>v^I&6kiCpXYGQF?T%pF}`K#IJl#LOU&9xu5 z6%vy-MmRGche>qwP3O$aoJZT8hsPvPRI3*M-HRUcfaV=#GJ&SLXDIS-?h_1ac0$ z_#jp*=a~lRPacwY@_0=jBxKG&o*g1I1}u37_=lXJ6N%#M%NI8I;x!wig4C8k+)y06 zkU;y9Q2qzT6=vsA58w5xTCSSqmv^E$`c?uO!s|TzmvYP~zrGO!bcP-3$uYM; z^ftaShm})>u1B7m#mtkNc zPXx-a9?FbDQd@@5TB}Zb7*u4J;`{Rq>N*bA97F6A)8BzftETFS4TBlXcn?Zx5J=G4 zO9-7;L~8EZAFFtH&9Ce9wbRkS*#Yc6xe-N4EKeO`&Qz#+VTW|Vu-X&RZdoPHzs!WI z5txb6x&btB_>X&^D`4*TJ&Q$C4&%O$qZQ~cD9lbuS=??UQWwXI4rS!L-QImA|1MBi z1@Y!_xx0lFm~=!S!XSv9Xg>n+vMSCZqv6Ly6>)w@YMxxHr$xk)HnVL@2`5-*yZE+mPBZDpk- zQ|@VgXzvH1@8lQW1H%c65|@a(atMnh{)+tChj1zxIa9C6bnfre7piS}>lrYOM0WMP z^rtFG5m`9p(He-D4@f^JI<0IjEN@0rVIuB66H;Is$d0BvWx}13cn@IfP#G`r?^W5y z@&Bm-M0r$M_3OOgT(&D)W79!@j;aY*nD<}=_ACzIiI9eK+x z)Yq#ed>i}RL5U!VH$gtj$QY)mu5|+t~lfO z-6ch}W^=}=1L|~yvTg<7k%Kz*L! zbh*%S80JCgl^jt3md^7)eO=WK{p-m<=OX#!`1CE>hi@fow!`9`FZc*DtPkdYFlQ55 z1z$nV0S3wWF5gwOpQi8xT1skp^63yw>ut766qrt+B)E2xL`~Ut$&z{9;Mkb0!u6!N z!NTY#Hxx_3@2%kf?sp$@|JhcC2M~<85289NZ4$<#LSF=;-D4KbalRcvAjdZYH%pG) zcw-_BEFy}^|9v?`IU(Loj4md+cP2Fn(@3+d=^l4^nuGR2BT!nEhtFo`NIP>z2Sx7rCg0{F(LsZ_KeF?)&IJ z0?3_kznVB*$QP^5%_vm?Zue9l(4%HFhg@?n6(IMkLR*=oc$@rT8+ap6d*xiZ9z%x8 zL>zS9w`%6)Lu%mc&#IHVI^dt8=VXLl@0(hIDz}SXTR|$-^ceW)cj#pdZ$x;HRBcZC+f#a+Nv|ryKLRqC$fiR*Ta2o|xoo7Kc zySCMijK-KHe+D_sL|*6QO_;(l=&K?5HIPCfn8g~OflZQj7(v;BBEA4G{k$u10i=N& zm_f9seyL)*NY#1M9BwA%)q+CgAno19ft*|FWxEiG@6;9i${xaNl5K^T%;#Ya1GjtG zH1p+3@Jl;@`#k0|gj(r6z-^Ty)}dxT-z?Iq2HZ3+FMaJGvXO^69QTyMy;>_*j`{+t z#;8YTbE{21+{q?xLVifFbD;PtgzEQsv-Uuo!@>($sNAN9BKUg!*n=R#9z+Ek#6Zel z!@nxdwlQ!o+|OLP{reP<_1JGxyWun8p7%GjkaL3G_6YuKMDY~<(P7>&BGvk1nzfJ% z4_zp?raoFmbX-~T*mY-mhY~GvtI8j*NQ3hcw`~<1hJd@ZPaUsmB-B|dSdD4FmaeSE zR4=A4-aYH{i0H38y4VfiBQOpTarg3RaY>HOdodKmn)U+v7g+;nPX(^C-lN@9PGnl& zYPtN<)*hTAbznl;jsrcW?W5oxWbAhB9Ta}j_8yWI3I&=iU*HPT5V_cVx@LQGHaOsO z0navYG}kiQ8T5ZYe$-!8S~?e_(~P(8TjGII3_!?qkkQoX&8QVREufFF{~ zs?#so0-hs9g>JoLSgYU9;trUX9GoP;7D%_rJYmqq@>#X;Oam7N!sYcSZwRF?Ash0N`GjfV)243Ylh zbNEu0h#~y!+O&6_)=dK%yZUS$_!fdjH) z{~{NyE9H7ivGCmpG?|@0-JC2Zqn;#vAC=PJ$~_CXX8H7;(~nG5MqO}@yj3h4#x$*`1M)(IfH4akDq-`47qebr_1Pp#I*Oon&Jv z$j08fcw;dx+QHy_$+hkE?9EACgCc(gDn0|vz!hxx{`D4p2LJP3)=(xnuV=S8Avn_v z`SKN_Hr;6<$zJk3=?G`1MC9_0zm(y}V();^cj}ily5U6l@-T?ne&7v@dpuYcd|tKy zNzH<*1%3xd$KQuIq|OC4pmGx+mxH$Q%3Uss?7MI{<=vh4jI06D2K4X41h1!+e!8mq z!F2Iy;ljo3Z^Ke|llTbN`r^MAZ*Q$rLs2qBnrKl4{3A%b8gWDVUFCjhy=5dV_8z7!U>JL&Q%VOgASXC54Sw6dC{1ivMqDD@f(o z)7#*)Tk1DT(tT~zZEZa&6lec*F^3MXkZlyAljKF%>wHob~j`4|mMJ=LNxErFGxrGd?Y@U8+I}dD35 zMX7cT!FYth^r4?sq4L~_99n*$edQmf5xb<*52H;2IX*th!VZ$;N`OcA@nqEeel!I< zTGe;?m*2SaXbO1r-|%RVmZeLV{(;}OMWrTM_HijA^7x*ffC!Y86()_DUi6@Q5nq@^N?{uj8tmJFoj5P6IBuXSL5fP&uG zxWk)H3P8l-bBJ&UI>PY)mo;9r$-Zk9m!L$bTb!qi05Hao5V)EZ=%-_74*bTGC|L?I?%wfp#GC&%4bqSb?n;2ZCHB2UylW=wd#qi79}NFY_9Ev1E_rxa@cB+!~UH`U$EP^$KmM*b=wGcZvys$KB<7GBkw5x5u7t+ z&LuV29~xst^Q%|bY{+P!=x?XV%89N>tq^|GM)KXdeT3ktj+6s@fNg5f7@S5+yf;BD1tvcgDZmL?ihxksq$d%A49Ftl}zP<6W7g3b0%Af z38+oWL`^44AmX_;1EJ;b!Mk(V*TsO=n)|orgJretD`}}|w_m8?NesAZBV$+IJ_@iP zJ``S=l*J^F*=8zk|43u82K0y$^thkErjmXYJaSD^`M%Xo{n3?=)I>HP6bDDA=!{Gt z+WL0ha~LLBdX2J_7^W4ejH^_msX&<>YHX##m9m zyyE3P`ZP$3X7MgxJ%TqwaVNrRJKxsm%KyXKd>F$N$5}mC9(iD%l}LC7Y~Bi?ULZ zY@%eBne8f#W7UbWN5ja9B73Be2C_3N%2q-)_v>|Cbn5)RkNdtK-~0aOJgUQWeLnB; zn$Oqs`6Rlmbt~}hE!?X@4G757Q@m&tf74)&RTvp8_4|$70-tGs3!drvE;iE+xCnz3 zlt}45cs@B=>Q=CZ4XX~Rk@tmlrM*|p`1+%Qz{Hn!I`jV20B1y2+r#U!E+nYd?G`Y| z&*JZ3hl#{im{H8P7n0-_)+Z@)Jt2m$i<~*+_ZW^%`sNt+ks^Iit(QahqvP`6moZ>I z&DHBILmOOcM=M3LzdbwfB&IzHjjn$i7tRm_SyNZmxF-^U70u+ zSZn6X$7b^SQ|F5bKnZJuEicZNTvFA~Kgqdui2&`g$F z`|A;$m|k7v$Q_Xo0o4uiW8%j^&>RZ}VBXU9Wg`>ZIj_J#oHP2LgS?)pnEsN29+YI` z;9ax{Ry&Ez7u36U3wtljWnHSe9TIbCt6G>aH)JO1G-?%4n+Qw2@M&!zLgpk8rIbbeV`T`)w))d^`dVa=a`h5I=*FG=ZpL@Ku?I@ck%si2w?mlwQBf%mIX|t5gPbDm#7ZZXv(9dd|!KV;=T{~ zeOTLs@7uogeLbe|6|w-zS8idfvKeCnNLGoW8~h?k6!3Adq8eWlk9NU}2|JR& zb6oRcLcFE%1$fKnfl-u}JMN1-zU3Rfq)PHj|GK6ChX308Lb8ECYNz(-6v^@HTMtj1 z&r|!lmt!Swf#yb+o%g^G(fTJKbHa{)6l}k-(9>*pyX1&>z-ANNlY4 z;SeZla>Myrw{&MBTqG;NwmkisJ*Vm=eKXev#=3fQH@LbszMdK zVy4;3dINZ%tfQ2>@r>3$tZ^e0tPRxyaVkZcmb|LB>g&nv*}fP&I30s`WZ^Qpz@p~w zqpDa24<`ZR&tPfeKN1`MctgajO}ipyO=B}vtjlhdc(OGcW<398EC>Ke+0D9F;b!bQ zsd^BP&NV__k@;>ev#DEsNO+OYRr{K7fGNKlhXDGZJ25W&Yw=F*$2Hv*#=7D^YpMln zswL99@s&|&FUQ#9f40CGh}%d=^XNQo{A43z?YZsvg~t`I;CeixeBqk8BxFQ}hJ?2Y z44|t*DrONOZgJvS%}H6AXF&0RX|*_zs%K%a2+a9Xfy^TJIn?#?P;}4e}Gu^`GF>Y zdG1PuGR>P!ra`7qaucw;J(e5E8WsG6h@K}>eGp>!Z16UzT6t?xyc=(jhBV$`{?*nB zzuza=Xj-sTytkqb#F>F1KKo&?AZu3ot`AbMfmoSl0)Lr^XS)}~pbPZFNrM9s>*7Po44(x^xRKdb= zJ@$~d-eNYA-jcG4w*=IMHyOUW#=-Wf9*Eud$#t{T?6`KRjF#^q6M&eo7gTfc)y&BQ zXd0EJ_8LI4^j~znX8Mv^dJS_z$^LC0RTg z_`=P;fF%sDCHuk`0A}(Kfj|goDVN&1_XD&uFF{NG;Wq%NA@E>$)@vx8MRu>^=^qaIZk0g>K`FXGJbX=Z%4+T0VE z=xL-^@xI`8{?-P=Wc5%K%V~AkxbG&{7ezLkkgd$jl?X3Xm!Ix&1Y-%E)D~J1f)@s( zUJIZYlT5Qi@s;T1xbBKT6;$%g{~BRc2P24eSoXROfRE4ZD23(;gGoEfu3fy@r_wDy zS_CTP4`_rd1aDo$BYxONtSsJ&?n1>#n2>9giXX=|L>48O21zI6Rz3wJK=EjK7;KW= zCfV~9p0k`xMjjW5${qklG4PNj1Osu>u9;kH*O}U|zhCTY(*u@yY&2!rT(2S#f-lx! zljR-QnR)D?JX&uh8W4Pc-TO*Z{Y+9BVs@+Dzd9b~1f|JskxVvoX4D)xf^dpRTS@i8 zp(k(Zt}+>hovEx&I@<6PYoZrpftG}E;wAvOCW%&%*?cnl z^!W9BV3Q{tm~`(Af~#;^N8x&r5YvRAvIP!go;{fkEtkJNFR7gGnh1BEd zs3$g2oZW6~RPff8kc-h<5~~&$YT;Qi~FgUDaBx zpT6^B=)Am=-tXfl=$HC?2Z0Xre9hwAF=9w0v^aEgFPIRm^`Wyc)7~rJ%yi2g6s==W z3>;BTJ3(1Rx(IMi%1Dx(dC-)ak*9~b5=+aDpg_SWyGt?Y8yOY{5Gh0Ijgl}4LpAH( zA0N88xl#gKj{XeiJfbg@(R%hGOWBUH>u9=UV5kP+6#L+M3+JJP?!5v8jP$SGH?_aZ z0@^P_CtN|@Gy%v(@*j{;1)z}TvSRM{2F+svGqnLG)VhhFtW2$q64cm^-Zl@LDr9|M z5nGa@MSxyR$_R{>inN#n?B{ohAT+&lAOqab z`1sP{2pD<2*oAPa!+oM&d_1ZwHOGAoc(_^41rLV5R_=~uzLMYa?N_8Z?5cKq}!FBXBP4Iu^oWm+v)6x^`VRE`XK0#xM>m~h->|#=^sR!%a4VZXQS-p zOzCQQ4eEg=$Covxy_Gat6{FABdkI4ixrDzg2x-U)c8_eF)B{;b;(h-PMxH2WYt2p! z-(}%bGPZ}7W`FI$^=c?5;IGitq-ST4wUN7+Mo)fFr^eFCSk(E&Pzl>-K(>UUpum~; zgJ40d-^WTthy;inZV}sC2Is|2{jqz;pq~LdQXMc2zf6z&w3)je8boJmolWlvSQcZy z2qJ_On#0#jsr7|Q=6>AwBHkDR;DGR1U+Zoby2nymbMp|23)R}Em zgh0%{w#yqjx=aP5Yn@+K`(St}1FT@$G7@FBMC;jCO7e9~VRO(@*N$qFngJkyUB2HK zk0TTJs|u9A-pU2?B3`0J5Ml`ybI8gl#@W_AJZb@qV#>Wy4(h~Ow!Rx2LZ(a=G^C1= zI~M`Y2m@;j=HvGkiL#p&ONA^ql3s?Lep&6y7jx+h))W0S*+^AWolyBVqMk*h&Cjdz zs2=nGsKz$)XYYJ#rruihM3pP zwy)rA7fe0DOw^&mQj5}G;?9c!21;xu)e}7@<47^9z$DLe6gjOo2x4aL4^? znQs#Q*giGbzNJ)+ykDgXcwJML`0|!Bt)vH#hH#|VzSUytEANFrSbD%V?YKgTvUeXm zJdw!<1!FlA7fsmr22fI)R2ACHV82FHvGyAnM=v)r4)~)~EwMmMP(L?AO6am9QPBfD zNMYTh(IOgFMGXOGo4xbn_5KDNvz#!#gzlJ_t5^TNB~8?8OSYe|!H^OH5vSlXK(p*dLzcIG8l&Qd`LXM2td;S)nQ#6|vzDkxHWdc2+8Tdmu zg8Z01mGYcrkJq@ zMoe~TWqBKm9!Q5>ss5XTjVFo%af?IA z;3}O`^F_1`;+P<)%zreBLFJmIpmGgkV`U7K6efH-)F7YNU?T^Wx(YXH&DcSH(Qve; zVx2cRT#vch^8Nyhd>;jHSd*nE5=9b)-2tPaIW)suAc!r|{uP{4rOLgE%ohPtqry4g zrxZ!2y5};<&h?F69lz1^>&6k(2u{RmY}d{29T+wt5KtV50UUuuH0}May*%vGpu*r5 z?;uz-Ubi)jsX$G!0C83CPYrF#1K`9KFVHJg#>mL6E;uIZgz=AM7(UT!%}uau_gjj7 zfQrko?uy{d6jNVyw#uHWV1J+fpzj>Gg zj%gLWDk5rFvO3TYv^*DcUI>V0V^iX3kk&B%0dp9;EIDe9`AUME-`FNoH$V*N?Ufvz zf9@QHE)V+VIy_Myq^Nn_e^#p8m9&MV>J3#Nlqs@dXJL5ihOTsuamXzhRCv) z+TBpQf5mVbYWKI5$U{pqJ2B#Irl&zKY-$`y}|Kq#CAz9=4GU!I3|JPzmJ?f#6a>^1#XR5N+aLc4CiJMtV87z7SOx9 zEMRm@k@+V?LIRgV5xAS_-)Bs!Iv2AK{uBFbCZ-wUP|rI7QGY=L&zJZ2;gA7-OxHa5 zO?v*gTpH%+s7dLUzB9 z+47Ib!q?kixVz_CiiDjLqX1-?NpI{cehiVIYh242wI4cEOY=d0dpAh`b?v$waB<|0 zwqf|0-m+X?XWzp9gh;=P&kc_>wP!m1HsJ1_>8pgoMQ&ZqnE((>(#E*lFY{$l=R~>- zV*#6@z?sBXVJ8nA5hVm?>XAY9S;Re{|2s7MjqH;G(g7q`9&~3kC(Dsvm}Lt>fki4H z2w_)-(7^e@2qN(OX3E9jccMP$-RKZs-D)Cgjq1V)-`f!D4ypShBUKaN0g93ws7)8a z4KcxJwappH*DV&}Gu{oyl^9Jr$lIh_c;cGGE37y=@gV(q+zW)WFL8|EH7dP@A;p$D zF8yC~4;06w42Wk#9LgtAQM=8%RS^#{{~$D9%eMOhFV&rpdA;CBQdx0kn-&FuXmFpjIt4|TiNx_+tUy4@3UEp>Bi=`WW?{zIuQB4oB8LM9N3w`#*F zO!~K+J1r7FJ6IYmR!G*l2g&C%mpv9L*xdmcD*swOd8?f1x8eMrc0d`^f0N(_+} z2{yei?^ohX7kbC7)-0w$Tt**))LHh_+fJ3MKhU$u*3$G=X$EMOzrl_dGM9rdw!@9+ zKYGmVMAz76?xsttcuHkzMH+e^TRSy&RnufW@u>~pavrPT!;B0O){hgLel68CsB*}B z|E}0g7My_Nyj;Lj2P0+Qr1qFLRV|JUD#My9KRbBG;zU(D9EmPNFIT@suPT2d{WYIZ z4{PD}LRB#D#9E8)KuJM)&X&cgpI4a@P(;1x%;LQJ51n_Su7mu*hrf}shD9mCvgU%u zmqT1hjyPtpoe6X8z?HtDt9Vrw!upX0V->cxOlm8l;Hdz(;=2r7p*-V5C@|jfU3%Q5 z=WaL-#pNI^$*;-uj@@HHXGP{-L`nBA0Q@OXvLgfpB6A#($s_IDJ7sXyPAFv{^XUPn z8lOiGkJbE}#qOukASK zDGXwXIzQ6~I;%4dpAn_(sEZvH^~uAtVE4}_LX%2XBKsE(LHHzAC$7t^YyQ<_A-i&D zl7z*E=DE$N8yk~sq58k(Ck{3t|Bv?!jIXR>v%ZyJld(VZMUSD7+ws;56#?R)pn?-E ziM_*_O8EedtoNO0QmN@Y8!8Us=*6GjMN0~K4n}sV;;0nNj>Q1_>RQ<#4~dnY(x+kF zx8qu|Gmt7ABjYd}Phecl$HWi>btfQe(7MS3DDCoQg-WPAEP?&4z82Wm71Jkvps@CEp?ER#_aiE7CeqwT0e}N9aRG1!_h8c z?%vrbhdM7IZ`X^}iO1x1jGqLo_mSV2^bf_EroO*ol9UD&) zBGtvF&0hMNuS8j)$eW`3!kNskmwFuDi8=s&c*g_Sy5FWHNdwqk)aTIQ`45f6JJ>l% zyDzGQv&6ohUXC|s80G^?yP+ynXI>*OTeKKvdScF168O)uzz!#X%-O>hxgR41Bg$B< z(S^wPL~gY6OuxmChe!KCIYFgsdc>tZzq=wHY~wvNNjDK9@;Yv6WD?qufmkO#>S;|JotKO#?CLxyEjxWYH#@u+cl9^3 zwH?gXF0K00G;^A9!C5uq7wT*pRMA$Axu*lm8iW41wD!DL%Z>L|7f|wFIL8LLes%w25L^d<85m8AD*1;pM^>$j_&yz@G%MMhdH}8J*_LA z9f?#7V$W+8Kqd_r7-cV7s_Yh}hPa!9}9pYV0Ksv|$Xd^stkfezOx(bj_s{T~n*pwjXe` z%0>rPpqpxxBw)g zeo7C?HeP9?Tk=r4XAXa1j`6AO`97!rtE-!F4joe?j(q)l2x)!`9RNbn$Zw4WDCX0Y z{d4o9Nd;(r)dO<47rlvceEv@a4%lKL08n@w6j(moG^wB!ER(_dA73v6c%$abfeL*m zTuQgAffxg=pm^n@$A}~eD6Y6t2*HCX8|V1smxLaaEoJHCkORdX7qUBvars3^-q`#~ z-SgXf!Gru(%z=ZFVrbG0zgt>LfUsB)5lc~0B1`x(!9aFtQSAK!mL94Dn~49d4#1h^ zOG!i5-^0%(9ByYb9`F|laCd4;xI6OI&?4WM$BW?7<#0?l)58_9>kx%OzekgrS1Ewm zP2M;m1Y>8o<()MP=up#f%u|wT9q+2-a4Ja-KeCJv+ii;2&ow_6g2}@X< z{ay^zUf}qCK-Qq8yAd~pYZls}x%lUrm1;n8b^ZQVR*mQVq`Q@*@B3iVT+WrzJw_*&I1cKt0HDnGcIM56wjR|GL_zTZ=5F*;6o*(w55 z?tx;EDgwc=O-;Ow6G@{rEe7_OqmSHn4r5P$GHAsEz)9df+5z9}wiOJzqVW^Ho1{p@ zv-ARtQBH`o4$L_L%=v~*N12uvFdS6C)-Ye=SF|MlX)&iw!1L z-2Gbtk7?BRl-(YEs`cXbMN?VTb&*CZv=FXhc{UIM@vew;BZj^0&a0)zW!Hmq+V*)w z354;Wmi0zgdVU$PJWdX{IxTZ$|6J$3Kv-wH_KrIWlGLoR?$)r#+gOYMKPprVeUgIr zoReIT@azMSL_Z404}1|YkUaZ3gxm*;w~A5)210-%Q}cH7A1Hwe_?$b>?w!IP-q7W_ z^uuvg))wVJoaZA1f&h=p!03A&c+M;}cut!T)~yP0tH4`J?0CYBsTf}LR)~dVE<|2W zl!l-CWrSfH=pZmW5ptA|c8v~l#9a;!6e>_z7v6AHjv@EUUA;PJaDTWXYX?;o?Ar{y zE^7BJy|9vX|EmRAwLQ*})*g0o8D{Ox>w;f2x_F+2yS__LcLmzu&1j#gd7oa|?TD$5 z0RVo7Wb)V`Otgoczs;mExxDiRAZN&t`{sqqvS8MdWx910)^PLLT3P}J*aIoZ1eKmmKv% z9WfShZ=|ZZ7$UN4!M4DpGkHY(B(!3lSTag%Sy~x|UaWeJv>!o*+~0Tg2LN+xa`w0> z#&r+^KbmE=Eq1keat;&E=aj;re!Z5q!5!=_I7=3ta0kLUWk4`E;CWN}_5jqp82Ua5UI0JmQ8CJWYCG)28P$JsIi+~sp+E@UVk8v|(vKKC{ zUG^NcycjUFiSK^*+kt}PMmhl<=Fnt)8AJuP(t%Ws6ky4nET9v{Arb}^)>fR3hiFi? zu2_+_hZh{C-r;dRHrOm{<$FAEK9e3&HcMIl+$x;D*$;yVtGC-@TGq6SOT3@zSE6}3 z5<{}&|HPmJJD@&Unam~zzwmnJ1=JlXP(_jr8;(*Kk2*0V2%wGeXU|eZ2+~NMrqAIy z_z1%JW78eT(Rv5tU>;$eX{GAF;E)Q(!KBD)Yz4f4oP@pj-sa^S^#9<|aV&IYgngFUvGqv|4jkrS zjttSMd_Ae}*&hMEtvRV9$r=*oB`zeuMv<@Vn~AwTl+9>GPBg)z!?3$t+X1P)?EHL6 zlkuBV7=FJTuxZP^N_dPNC8dB}i5-C?PaNR-+-uLZW?3KzN)3jzIO`?^xBj9il!ZjG zL4-o=t)RRU-dFN|O!;M)4egc&QcpvtMo(HZ9=H%{I~})4!i8wxbsy(C zlI~J2gr%I3B0})b!G(yV1Xa3#FSUO62Gc6E^`vC-+Gv?~|0)VlT!7U^fYE#4&w#E_ zVOR2LEmO-xI0R6G)7nWTbnDj$Ddn4nwh%ecPHLl_EF0p5qSi^UlL=QP$ps_)n0KmLUmo^1pHNlE?t-JCspQ@?zov|Nr5I1R!Xz(s91Bd|LnS zO0@qU*3AaLM$c`<(j0>&+2seSnDi|j4a#-ZFolE3%G6bh=h}qoTMiOFw!-kz2RQjB zkC)Ov^wW~Sl(UD2;s|2R4<3Ux2QWRU3c>X7F()=ejBi?Ap@HofS`>{3E`wZQmGP_Q zG=cIinEV%j2z#ZR(F%MN4fbxBtnpK*uuDt*3TC~|OM!y>AxA`S8xSE-pnDn#A8))J zNBVF?3HLlso}8yBbsoX%{jY0=(IaSRkVlW;CV$Hz-{hU}KI*7i2JiDba1k6^fzqMt z_&$vAKIy^*wD9q#HuiBwpvDJ~Ywy`k`8qf%bmXhF|IESvT%{`zlCD?oL9%a#9rt`D z^$=Tc00WgnyK*A$9EGn05`DA>As~K=`OZL1EmHZ|1wk4K6LR7(PoD3wK4J@wEixc0 zD3+PsU}*J&th>wdDRET65Z*Sh&69HCmzKdtK^^S7wAMi*@}d|JI_-vUH>hiYMM%-r z>1KWA!}KbHR)V}hRz$KR%X7;tc6+|kq8F;vK((*3+~#qM4^D>??>LY(|6};$Gt*<| zQ6!+-6Dchw=Q#^_)n~vI;rJp@G67ne+ydaoaqbZ~yq>8*E|uPe`SrLe+*>4MhxIxD zaKkIhJCpPb4I>QW{AbEVI0I5RK5}C{dB?~3Q{~C5nzHclZI2$MDbrpeolK5eg(hx@ zVt>=;ZtR8>&vW2maNWhqEs@)iOMa4^@PU!~;3Rc#8nZRWmZ(zzrji zV0U$5b=h`;o+ys9>ak%hfqazLK;Gr_@l#MG%mw~__JE}KYwt2iZ>ceC#T8l@aD}%S zT%cxNWL;UPu$K&{Th1&OlYeqT<6^QVQrnjkaqoZhT{8K5)_YIA$U6W2zGE|RsTCXp z0;!vOe;kDmwfNGW@_jSM^D)s#F`7sg2flm9 z_vK89v>SOJUg`RNjeGBYL9`L>;Dwe7I#~z74RQFjE}MWJviUKTaib6g{Mw&$Bq5rH+vc_}Wp2K&r)d^$O_44}kUYW9IYX%T$%aahhJi;qS&oor;Y*Zp@WaWhPN zxXcH}z=TpICwM!l~tlz2q^?Z*#QReD{~O( zci~C_{qA-I@E-_X<`%}w*|ZI#1Lglj2g&p=7b`ay&EG`m(NqmgLfglGI~FY?Q65Sm zA`UrTI^%#%tPYs|9!hxTeg|E}$uD)7NQbCX>~_hPdz?T%l@J&+{xA#ZIH6{;p2OP% z5jK`Jr};@$WRUtuyFy%N=J<0ZMc0W2DDm{NrM`d@$^G?P*o$UQ^y)x>Bq@MAQXI~h(t14riPUSDa z^a7d4bh4#Vz2N5nHLs*~%Pqr6V2*omQ)ZVOFwCg|1V?G6LbCXu;)!9q#NK`1T*;K5 zX?DTf3UShKuHHSm^UnsZT6L%uI5%~qQd~aC9-P8D{h-wF->op*?`V2`APDM@uuA{1 z{rFsgEHq$P70K7F_B2&ZESsLp3eI4k(w?w5g9KLs>ya_bb1&gCp1-YN>j_AyrpBk1 zjmeHbfn}=1vr457Nrtn`7U%1WMqFzwLQh4Pnnf97e+6K7$}?YpV%XAh7m8aTdg}-u zySGR1-E^2r*9e2HFj*-9WV(JZO1Jw-D(_NenstaPr?*tVL{jZfBao*sB z&FcI_ld6LDFM`gY*3&W~p74|62Bl-Y3EH(&N&=vTVrkNAm+G^suBDCzQ68+^xAbCx zp{(nPPLZ1v<6C_I5kjgnG9@^KqCjE5pHcS&t&120)RD*e9xM~ETf^|8gE8ZOq8b}w zOCu7zS-;sOd<-vvz{hEa4-*mv&%vLqmUO&!V5Ru21N2t9@Y%26b>w-3!>h`K*T9bk z=m3So+mC|aOrU20BUy!;7KaQ$Vh0kPejoEOr{$L>9S2AV`=y34r$6VyLBplA+BrO{ zz)X-)bRGUQkU@;~?qBIy;s{|{9ly1gC;fRY&-&@DXhp}l$ZtM$@4P%t31jZ zg!w+CnjhW1XFuf&t_-xo(s8g{|Aqt%ii&&2l8Tw1UeU}(vP$^zp7V?F}w4T?&FK7A{qztp%*O zSOKSCCEw4;xR1eyMH(FxWB$iymFU*fiOBv!QYLSt1(|%D9G$14T&YG7tfO?c_!60Z zoGPwk=p*Y>f4-M-F9FE0fM_9k{cZ?r1$47$DEiPl4#0PAeSLld4_H@r?sQE_J%tq( z&hr82Kl12%nxHc1U?ft32j)GEBO#bg()tK8bhQHgH<_2Gq2XjJFwG@%k_Q?Mw0vHqNt=n@&=3(AW9fVnxt(sCFd42A> z>Q}P+5>N|Tz(8EG7qCp-`UxmKMC%Uqn)y&ZF@NEiZAU&G?}EL@{5w|ej0bQ&wD!aK zFf`U>#UBw?CbiF~@(JgieRFq!`_sD=ZSD26lX_X_L)PGdp(1SDeA?@sgvFb$?{;oU zhIj#3YK{@Zum&|OEd8l97e{ReAiQm29CM|-hEHi9bg$R#ona~X5AGo>K%sD~7%-mo zK!&V+b-TOtR&iIHdcvN?g(pnHvE<+?lfKW+l+We)WpHrxyAmF)(JrNb`^im)tOjSz z4_6h+vFwqOcIs?m9d7?U>wwdImmKg;y%^N{$ zIQaqOP2MmaO3Cho>8R#yq8*QaTE+rwO0NFE3zlY&R-3*RWFb2KZ?2=yiAzuj^5i`b z3?q1Rf#QQrX(?W(9_wgcHUCPl)|8rY6EZk1JCZ=jtbuNx{aMDl0UvvSNK|JY1+ix$ z#bjkwzsk`+z&wJ~4^}u0+X?uf3i1SL`PJ1*l}G+COsJMX3@LwgU+#X;CDXczl_G+0jZGolrOYDkR#p}7y)%3yLEd0=c>GE8=8`b~bR zWOsmmjfQwM8Im@`SlcyoXH1UJ2APR2k=l9d$CU}cEMI2LAt}+Imb1X+G%9>?erBTa z81;_sW*Ms2Q~JGQ4;<}n3G*~BTlX%`jiqGE2JsNg0SU%Y8Lxi@y0+0=WclL!#etk4Hn&|%#U5h(+{$xV*PqT%Dkw)r%W6jMx2tu0AEc12FXu5*849@Lml=hzzL_uN*g z^JC;!6ukqYLJ!H~i*W0<^}3uOpE}`apM`S<49w|Z5HH9@r*TmU3FCc*^T>6O6g8{r zg8iRp&H|NlxwqC>BoaamoOSX6q+7War~Bezvhv*SW_u#x3Z3KSTOG1$&d!lTa}gOm zaj%P!<)9D__*nAw_vDKRn92>Wrll_w>@s;qIr6YV_y>*KrPwL)0xroQM`ah7nXCs; zi+r7x6fmT~5A?wSPhCxT0p%3-^u(u(+di&5x4&E*YYk>QZn?+)eZh=9`W7^T#Pknc z%Tgg>X#)9lO^?fb^4(YmvqAgrTIJD@Oz0d}Z!5SG@}lsX1IF13Tfly}Hay=!xp1VP zv^@*#xt@$7rsT&WhXJ_5`K1+sZ1p&}c`99By6zFkR|$6v+q$ScHLuyy?-WH5ar1?x z4Ns8!K;W-^832eeM`gtpTuvwtNd)t8R|42!l~8^Aqq>=A%8&5o08^_Y%wWX3j(rX6 znNwfJQ85GGPS1{$(aSs`!bLv4rKf(0-@!WP(K;?%otdf`iEXd2*h}rq%kWJacYSjl zs9Pm~P-4&*UBLs!VFcoi{)N9CLKi}<2JK$x@2{4iB^gZQbil0CpxoY$qCyz!)jinM zWqEP>f+G3h%@oVULJGk&zfA!-T(}%{)Z^iGyDa7N=-Of2vA<45NDavYG_FfQf5b6S zwqqwGj+c^pokW+GwNwhOQ{}xOvfD@h5wdsnGdjxQB`-F}63TMr!8>PRERZ-hDAJTK zyXlMgKGU5>Tur?$#beP~Uh^}Vs?NZUj;a|fZ?g4$OXHvwsl}(dfhuJxJR+i%d#`j~ zw*74J!d<itoa?Pt5+n1F)Ona<^ z7t7hB2nsZ$4e(+clFzSGBc3kya3#;1TwBX_O|%E$k61O@{E5sbjXT@(8h36r-e8gf;yBts4f8QME1GvAXTNs9w_dIcPj9^vTZ7gg z1zqv)BKK%58rdY6#;&A4H}h&;$>Wkn-m$B+^yBqi)VzH9;-NJdyLecc0@*Rcj{OR; zJMZ~@t=&eVQ8T<)&bZ>6IE$>x7SQJ?yREjX7!p46^U4BvJPWIA=B8A7JW7}5^#{@Iygp`|JW zwLPS)Z!>pQEDd{vY=w>4c}M&=Qk{33`-X}cQSR?6Vvw(Iu|I-inGtd#m>K;=vRK)a zZV-9b$U!Ya)?D4Mgk65Ym6I&&M>ri%%{w6}snAaVUIV*25G~MG6B`-q4}wAVT}ZYa zuNlTkN}Jpt4VKE{6GO}2K1^YE$(J?YghDJ!e7eKNmOOS^9m-?0t5KRa#m$;7Z;de{TsaJKV7JJmtRM*3Y!RNP1M%p(B4IPpymOUQ>;^2!$Q4cc85>brZ)PWw5i zLEaS#+N@rp?hUlKp9msfI^o6-y{p2;xk4P+tAu@$U0a2BlW5czAR9L0##XhW+X9)k_6TGe|1KZ7kN1nb*J}Wq{RMD;RSRr?1gBz*8RKA_OnR z(@ABw9nRILBOA&2YYF7}{5JYSrIr&B68$cE&mO|;SwZVrd(1l^mYz9JTcA2%*W}qo zoq*zp&ukdO?8qx#^gph6-?38953!MUOGo4jjpKFR?s7kGlZ2?&2<)7|iwd())kN}k zk0j$?mL9R47vjL`b-~dcIbW;8yQd!?#yq`j+xMy`U3 zu|3*=cXrZi-e8HG%_7JJQ1`-VkFmo?fqTtZH*vs$mZS?!&~w18qt z0yb7LC80H5J?RV;r^3?RSs4k40Z|1%qe^GOOr1~N9(s3~J;_)JT7)UfvlX=^KD}!5 zZPR4L_0nN{L1fs$67=9HewPLLyCU@hw7sp)GzNsj0$-tT=(i&TUvZZ`cn?D(-P840 z#^xo=sPbNg;+6qnMCHvgXCFimwGZzs6KcTa7)w}a_xSf*{Y8RKcgUKWx^TD(;5Oip z@xDtDJ2jv7x0V=ocGn1MprKwjGQ8$09b}om>Jfcn;hV~YX&h;Dg#?ya(@Lvx9m&-& z+*wc9vVq9y-{Thul6SB`kPN#Rx0C#C;hK|D6FI!6-i1MK18huqx21D)#5V1M3v}%^D+xIJ2pQ zY6Pk9(lpS9h?~f_-8}xkTuPwG?Rl#x|7$U6E_Ip-{Q53<_W5id`TBt$ksb+zkvFRJrb~i<5bGWY z{&45z60sObb>&{W*IB~X{sj)j9VQUA3+#IK2&_h&3i(NL}5686E58FqwMg1)09_Qa7t!gTXz;p8$irtG2EI> z9^Qe*)vIjZgDlOU$W{limsnen93+oLBOMC5*Mrh7Y{xdluu0mgLMg&#d|c9|HAE0d zG?2l}v7oI(5KHbnk;g8TPn!dU*ApwL(P!jSpH<&Ap2JYvbSX(jP5WOI-v->ZjKH$&M@g8Cn!eJuUVxpSPKfNO6E-ai=_8`|IK@0JA$E{VHeq z@Lz=`J$ZV++HXs`0+#fdKGM?b;5cB|t=qqg0A5px@iw~iyhmfd{zzQwV9 z$1oR1?u~kS!|#_ls>jA+7x&726}kDyYaR!iWoG&wn6r0P%QGzApGD#T4lj4W+cmnv zSIj2BsPm|2tapPE@`;4SAWaggacQN+jz#sJG%3v~o=B53a0BmiXX3aL$DK3P7u#W^ zINee-$n~+#Q(mM_Q$d!hl#k}@Sff}-!+{3%w#v#(Q^F9KQ}$h@_}g2Xnp~-(855y%}DFhYh)}d`XXR=bTY5T zGx-}7vWW?Ez-W~7!uHBHx8{O6YvBmId+N76L zRiiEP8b2NbBg`G`$0n8PQ{ym*WP~z^DLcusSl(0Dy~EVyCK~=xcbyn$><7t8Yrl-= zVlkruj*|slavh*ve`gloA`4i0$AJ|mgHGe8+qkGVaQ#YLpUeZ>`N_b^!@RD`_GuH` z6q63unYL%QXWBAOHC?FDBzvUh&JT1O;GV>ti9mp%=qB*&yZyMc4Iu!W+5Xp3a#s@uWBl^6E&(5bBcy-+I+{) zL}h9k52a3m6o>45xzSv?g3}gr;~z*HH3N@+Ys5aZ;30~DMkx96$tqE^bpa(*Jgm;5 zGB8)PG#TCOkTAVoNuyE>qwwioa=_$eUZW0rA=F<#M|D&_*fNoXtcQ-k29>Zlb#w6u zR3KHm)T23gO?wlD4_?bW_h3~feYeuSnfJwyMP3Wpa_)HKp4Jb<(lzhD^_nuhrCC)u ze*qG5i^%#z#-dFpsqJ{q%f3BmY#$a;6rBRLGe_*}#LoHQXKsCPwlhZ5=hKQGE}ZJJ zuC=3t5|*=GnHWmw>29O|p=VS#pB1Jdw9$Zb{}mQdWN~Gd0vTwy^s0Sns8e0GIN$`p zkoGjazIt$|(*>sX<6TN-J7hz|y!KrVLDm{SV`Fx*5$R^@3WL)fdvb|nEjoG@H;~FqQAyzdrf04bj8>IlZBVK{qIh_BKtIN6CXh(FS@or-GYE z4WYGTlz8*fp@}!du)ScAQbb}vwy{xPRw-a##b((JF+inou+79iztl{B4Ao9$z7>wu zX&3*vV^fhK_F_t-fxBV~^nRWsBfT0bR01i2bkV1^c1Mt2Z7)zYDVI#Tmo$&Lc3