From 1fe7b94454e880b1a468b1d1742d2911139359ab Mon Sep 17 00:00:00 2001 From: cloudtoad Date: Mon, 24 Jun 2019 17:05:42 -0700 Subject: [PATCH 1/5] fixed meta file for lesson 50 --- lessons/fundamentals/lesson-50-bash/lesson.meta.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml b/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml index ebbb3a00..ac48aa2e 100644 --- a/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml +++ b/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml @@ -12,9 +12,13 @@ tags: - scripting - linux -utilities: +endpoints: - name: linux1 image: antidotelabs/utility + presentations: + - name: cli + port: 22 + type: ssh stages: - id: 1 From c9e7a23bbebe6112437bb5c04b32ffc3c66969f0 Mon Sep 17 00:00:00 2001 From: Your name here Date: Fri, 28 Jun 2019 11:04:40 +0200 Subject: [PATCH 2/5] add stage3, fix lesson diagram --- .../lesson-32-stigcompliance/lesson.meta.yaml | 5 + .../lessondiagram.png | Bin 71412 -> 3006 bytes .../stage3/configs/vqfx1.txt | 172 ++++++++++ .../lesson-32-stigcompliance/stage3/guide.md | 313 ++++++++++++++++++ 4 files changed, 490 insertions(+) create mode 100644 lessons/workflows/lesson-32-stigcompliance/stage3/configs/vqfx1.txt create mode 100644 lessons/workflows/lesson-32-stigcompliance/stage3/guide.md diff --git a/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml b/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml index 5f1ee220..3afe0a18 100644 --- a/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml +++ b/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml @@ -7,12 +7,14 @@ tier: prod prereqs: - 13 # NAPALM - 12 # JSNAPy + - 24 # PyEZ description: Security Technical Implementation Guides (STIGs) are the configuration standards for United States Department of Defense (DoD) infrastructure. Any network engineer that has experience in running any part of these systems has had to spent countless hours going over infrastructure elements and ensuring they're compliant with these standards. In this lesson, we'll explore two appraoches for automating STIG compliance checks, and saving countless hours of manual data-gathering. slug: STIG tags: - jsnapy - napalm - stig +- pyez endpoints: - name: linux1 @@ -29,9 +31,12 @@ endpoints: - name: cli port: 22 type: ssh + additionalPorts: [830] stages: - id: 1 description: STIG Compliance Validation with NAPALM - id: 2 description: STIG Compliance Validation with JSNAPy + - id: 3 + description: STIG Compliance Validation with custom scripts diff --git a/lessons/workflows/lesson-32-stigcompliance/lessondiagram.png b/lessons/workflows/lesson-32-stigcompliance/lessondiagram.png index 9f3f7b96d195cb89873f332232e4b6a13155f50b..395fe085db56dafa09f79c8f0a8d9bb6342e2be0 100644 GIT binary patch literal 3006 zcmV;v3qkaWP)-s?mZ8Mu{4U;;m5F%q&X)@*@W zLR>l7X44wiEX1r_84C)faWZWab8je<(q)fqO5Js$SW1^yHU+ffD3H=+OygwQDHKTQ za>*vsB9Pm+EV9Y8Xk_&*y=*e=BJ%l`ST>oK1ettGDVt17h#bBplTD^2M{?iN$R^V= zA+2u-WRq!GkupjxY*kwW%C~{GOav( zpNk7_F|w6^c#5z_gaxN%(@^bpL=WB~(>R%SFXH;&IoUK+vxA7i+X>k;RI`cWUYt(j z6xQtEtP4kFQ&_W%gLa&YYzk}EaLR~7vT0t%GLFyG=-*jth`MD{ShJ6V!Ci-JnwNPJ z4yADlYxZ#@xM|GR5Vgss(OO;98Qc`v8p5t@3Trh|dvH@^YY5x2X~m^>Y#OXBvMGnF zky@-#8rKjuWYg44?bw^9QDkcflC2>uWm69K3~Xj{ifj!*vNgmLvS}~Hv#}A`G+=uM z*26ZXaScJTH3Z4l5RYZk3fuFr7`7?0H3Z4l5F}eekZcV>vNeQ{yDz{E=nw44UGrJ- z3H`m>w~WRb0Be6Z>)#+iL{--=l@y)O7oXG@oj6wf({aQ7asWw-mdA}6EAd53!9&^F zS$7@!Hh1YCUzemRqp@b{pk9(xB_A8llqN*$IF2)!Oqz@Atd+|FG-=T)IW^-~t)BJq z^>w|@h9RLXJ3L=MAn@S!Ew0xlAKH@rz-TNfJOg0B=y6eP+q+nsmzVd9^iNxLc)oGd zX8`=TcNfWKi0Z0J(}M>90vZOpUK_`8FAN#sdOeE4#BAJfzkGbBRteF%fBo&R_Rh&% z{9!`0Zfs1mvOBkh<<~BiWXyT*&A6_wJlFj7ew~(1`@`v@hXE{{GBF`qH}7|2_|tZM zwILx|H@;IV{@08-?M)q|M4>G)@whi7MPIj-yoppi$ekI%gr&? zR9m0$z-ZjN6%7FHsOD57!uk@*OdRM9}oy2Ha_v!BS!i2Mo42sz0#j)-Trp#Eu$cF1&j2!jh!PRR%*)SonnL zv%AC%^z-vCI;mfqwrKU@l+Z?vg*EgVJiOQ7;fDL=zwO)_z=Rop8JIZUqLnx1E;_6K zq4dJJ^qEPiIe9^$VF0SDs#25RG~6!_3=TfO9{b;bMd@`ag;Q!bo21t4irdic|k;_i+SSdqu_>5!JT+#91Ez zD9F#-y!s!9cWm9db`^kOuTJjP|3z_ivI8r!0mO|O1E8k5dVg+?u>9b*EtQ4}0CDk; zbNGLc6+AE+0rVI&)Viwn-Cqz6?M^Xt!tc8e90K6qsS8%jP6iOwuEVP{=ZLF~DHxKi zi)z{WxlRD`bFziyd=78+Y}=@I9n6K-FJI(eG;P`1x+;$2Y?eF7+Y6URMCxj)tMA{t z>)#+?dfF$x_3DYPjU5=04Inl?5kR57;7ZAPzT}tE%cqVW0uVbYQFvxWc^Uu0-k!F& zy>6a>hC#Zhmi+5B9lPk7w-8+wQ?Mnw&#-uY|1$s4G;Q~$Y?I04X#LL1n`SlV2 z{<{Zj?3Fvh*Pmw`Kd_g7tv|3QFKeCXs+fW;*@3|!U1J9U*z@&9lgR{N_oi$B9s9(F zL_D#S;&&(kTrNIqU609R`uSXuxN9gnacu4K#Q=H?dMT!79{`^(m}9dQ)xnl*JX%R# z|M}9XqlXIh1*I3x0f>uFv^cFz$1ePm_i)};>q<@?Ie72(EfK9(l-*04{+6+(IwG>k z)CFnpEd4krEWFZCk(NBAy0TJ4g-pSm?9Tn-g2KW9Q-T%T6BN zKX+2%`O_!Eo_gBZroYSnVqfki0ArJ8M0f7S7k2K~fB0)}0NA!}_4j$(EZ%bU;)Oze z0smtjIIdnSF&8qG|2ckW1WV5^oI7=5=F5*mdExraZ8~a{91emT}OI(_=OTH#<1%!U@?F+-%~w7w00IW@_x<_`J-F$fXzg zb}!=k-)Y(Aj}rNI7v`RKc3>3~*)({wfCvjB(>M*@?n1;+ZN}B@Qu3`NF7~!~*)(`7 zjOd}-j7yPCz7@lD({MeFlWzr(#55%Nij#cHid3c{)%V%tTP7ql4GAA!pvAZ3NNXAv z{|8Ni>Nt*nLH|t6MI<*3$sbFid@c!cn1&qBppkDEk;ybyTNzz0DtW^`81<3$Z8OjEGM_ott{< z?J;%B7E-5pSMZEp@*LSV5%CG|;12O{*@Te)1DRS5|CW2D-~a#s07*qoM6N<$f;t54 Ay8r+H literal 71412 zcmeGEWn7fq_db9kf)WY{0s<0(h)8#bQqnziNY~KaD2jlBlypdUGeZqvf#lFNbaxLO z=N|BRp6~CR_vh807krr5``&xSwbs7Y+Jveo$=t^w$3a6wyD$4%QVk95_5>OldN9@< z;2q>CCl?ypEnjO12^Coh2^tk=2McREb2PN)QKrVmFJzgY|9SJq*!WL36C;kZhuX)F zpVW+-f3|eD{G|D1{F^2%L0^C75y8yQKqB9U))uTxw)MANa{K3A1GzQ6mn6JpiOwK; z!CGX{Ee|;xC(hfq>F$0>O;Jlp!8Kb(8xw5Dl%f|uyho!4ZOlgdC3?#&{NXK1EVJob z6$4K;@M+u$6S{w)gNO(h?wQG>jiJjDK<<1@#e1U{INDAY$|w%G`-k--MN8noPpR({ zEoviCfeo^E>I8Dwg~Y%8j!7aVzvq0Hpp)H`y_Wqsdji)Zc5TiTPX4dipxD5Ng3F{D zB<8u6vCsL@C3rQz3y488s-M=pmif-brlTzL{ZC6TS~lK8OM)!1yFrSU4}~HLI*tCc z7#DQ4v`oAskWXrDDfh#_{q7fIa6*Uhojd-vcRqlZaR|c+XYnl0TVH)NO0lrRc(c#X z!CpRfc6C)ne*5;>(>ouUiLS1$U@KQw&EY|Zx92y+@z9=nSkHX2CBz5xkZP@=?W(P) zAZY3UW_@GkU}Dbd33deZgoY;UDG2-tHg|nP;|aF2cM#w-l ziqL8+s?bO{IGfY(uyV7q(~9EI(9j4wn^_2|NlO164!jbfwQ_ZJ6l7!b@bF;u;9_-f zwq)ZF5D;Kv=VasLWC6ax;^JlR`o@#R-i7XFl7HrrGG&HKj0!Oc~K zmKOD(e}8V)Y3^zL-;?ZJ{%#A{ARFovHV#&Hwtwdah63V zC4xE^4NV+PR`R8W=dF#&yS@+2FWYt8`?=SIC9F6CFSx)R21mbA7{`c1o))&Y9 zm;YaHiqoK>Kb^QGzWC+;%mPdbe3|V3efb~h{y%B_ubKTnY5YHF{Qn;}f+hX|yBr3` zgB4XuVNaF2c#l;)J!=a!i*jFR7RDN)rC|RBJvqg|;D*6`fd?p6i9g5Pn1bmg^MdzI z#wtuh7%G%xWp^8so(l2s47I9!dxfc4qN~~0*O!Jd@pP8QW>DqlhxvN03st)D4k zQV<8vZ?KTY6Y~dW3BBh}I?fwxeJkH`UUf1bDQ0uBw|IKK4@V9ti+M$FEG#Sp-X$j? z$vs7``w;GcN^}b(Lh#bk>)qDxoKK|u1I=M<;y(<0xel*qe=dXG7C|{MUSlhQeHcc} zRPDSdcd^?>{gS@7(aXhcW0ZsMme^+Xz}pw1Z(m-|kkN?q#W8+_Nx9(xYKA>xe&>ac zBy5JoiCmUzS&^ds=>eCC4wJ?cz4@wila4>{*PkpUBS)Gqc^*kTeRi{hj`wKT9(A={ z+=M8}Ww75Gh=JLSads#1$Zt39M;vZX8;!EI)rb_olF|$-Ec{bA9{P7C!+_u}+orK(6Az##mL2?MUf-MDNqS z8n{*QxFxS@>K#SlGT=pa{z|iUyIVEG_fn0Vq!*eIm8n0Up2^@*R{P^U-!u+e=2?uK zj;jX8T#nYa?Um149$8d>o%C@Y8upRX zj|vLZ>%a!gE|p!U`BpFQns5YRjDGq_0BK?038hGx8wIcWXK!ST)+;gls=znX_-jtmD#mMubMYc58sXHR$1k`Yl}=v>9E!<5W;qT;Mz>qyQvnc z-~Ial90HnIR(y@&A1@_4a9j1#lo-P5d!+|$C)6k%C<=$Q4$Gej6scPI@qtD! zI;Bg}jy^Q`o)PCzK0oHLw8%e6^_VK)Fm27Z=uWb?W97I}0l`Bcn|bL(hJ}7@%h?#0 z$Mg6idw=M>=RfnASzNJNaU7X@oFW`k{j9a#zkg4x!D9x=p?p0|TJ_BOWDr|U_Jt?t z5OBbC!0kpTJtn^45WfiibnE_KcdN#DT`Mo2w11s(VQ91{d_3IiWV0R2R~?5s7~NXN zQSVe5@h05-0A^**Ftl>$;CGgsW=_a8cM#6WHu8T_UI9ixkoUNnXWruC6t_v=cp$+J zG0p5D()d1V(Jk-MlldHmyZNS>xjr>!EMAp1$r{}GtOk>2!6^ilLK0QcrrC5d@LR78 z8UhT{9T44Efj--?5w4#;W@cth$kBg5(hCrU7fGW83Md@EwR9zNi5yYnWoIu?TrhT< zxL*7rHKSVnJ;&_GO((%L?QKX6J65I?P1w+He{s=#btcxGCZea9#N7_XqxhRj(#Qt} zCo7|0yAcy69;M(y;zRJ>LiNa1 z9@`}{lOC4_O0VaVD5*VPM$LA9TYMiiI}|Hn0j@A^{(*BDTD?h9Ms?+>6Qx#TiTD181 z*t0vC56-bBr>g08kx%M&iG&K+=k5H$#G@9>_qcR|x;Y%_Mcl>3#~)cQYi8x@`WIg- z0ZTl2dSiz*;?B;Mb8~YCt9j{ytvby*wv(K1AZuwuT~0#p>6v!A&#jY=;0zK zM^f-9;fox6ndim%D>DbwE;qvl3{f(ZLT_;2?AO#X$N^wlP})y*yMdU`r11ySuD+E_ z1{(3!rFoX+$CIA>(*kL4{(N~tF6Q6ZRn?$#VFjDWDSr0!HNGvNfs*d2CfnQR(pLUKsjnDY7+o zK|a5&eDJ5MYw&HrbQ!UFn%ljZRtkqfAcAQCiNe1MCFnpuUnlL*iie<(l9gz*$}-aO zQJs3FK?%rUl50~vdXuIhcS&?}YuN8#MEE$HIPoHFQ@~|urRnU^DYaSrXUA)y$;k#% zZK=Io;=aa1Ox(wUuCG%C-TK#tionFmg0QGNO(#({>3x5IbI^wovo^8q{j7CHZ9+H(8Oz1~cz@W)Wqzsh?Kq$VMAnmH((2kf27 z??4rX9M*$;q@&GpZOfJttlJ#}G=~8dZ}XQR_Bne8p^2mtDKvz6uNIXxRf4lnE+~!` zr1H@Cwbye)&GBGVJd$j=_hfs#rbvMedPE5NmU-HIkf!TiKirUT#7f9M;yS#8IOs+{ zi)XY<^U4LHuFz1v>Q5;aT8*1s0r?ib$8PuNZPeTu7#QxG<2iZ`u%WMZ$r4A8FL2u3 zu^+`RKIz(6gr#{(bPMU5!hevzgv^*Au|pBFcY6RjQYsTr{AUYKiMV)#&BD7^n5$G;*kETzRZG zDc^W7lse#C_1#^3NSyjLzyV1%KpKSn(9FJ%(zrav2RzEcY5%isk`glMsoKdLh%?SB zc^dm)o~ixJt;6|zQ=Ssk{>R_`-OU7R%NJ*;(aSj*K=b;vJB#r~YnkD!mECev<(u^N zmgAh7`PzN-EKjjUiu_mXi4*w*LXXx*fP=C+f%em~BSd$Hm+9qHtV zoC3U!$xWBA;SxQjCr@4yC%%Tay(hl*nIr7pnwchB>0ch8>PBNAW+nWk_Uhgh~ z5`p^6`MSdZ8ONsG=YYL-2C(@*^5+HQ4>jPJle#g7L3QOZs@tIbK`u9^X&-}r^dHRk zgUZX<-6$@rH#Go5D-pdsHU(w`o`pgR*}!0gqE@)}js7=ADT_8+K)zcnzvy1ej44rzhk7(Nat zdm*J+0XR(H1FNxB-6307$bHiZ{%50A-&C%hXoegZJEH#r9W{313A@vrWKMSWF@_#v zVIgY-^@4gU4*C@OlHt~<5Y++eUSq&=szT+=+HnZ^4N{^~VK zc6yi=Jt@|>uoHT%LW>J76!y(LbxcF*Z{f^75KV?SOqa$nX`TN2a0=AJ9pgSexPG{} zwDgCi?qtjG>h2mC$}Ya72i755d}ZgGyOMZ1n?Jf;8z{zG!@yvn6}AVrP-(&z!SV5Y zB(jY<;248KwJwb3%#|;l6GZS_A)}jz4^h~aDx|f#y85q|VgYWxW!xnA>jTPYUbht7 z-An0l3M*C{k}9DYG$vp->Q6}AgvE>a9InJDi|(?{iQE9pOW^2Ec@X~*4Ulxu4C!k{ z#i8?)eQ=Nm0{P?6;}aHZg+U~d~^~nCZ4h8^R9_5B)bJvffE%(?qEYXAZu#K~) zx^2<>n-|ln2nR_odsJ`E94tnZ5dJeP6d3kJAL|F|(GxFr#w^nrxwr-x&b>eD=IfRS zqAW*69~kIfzPWd@oW8!&m-U|-q)}>UeDUi#%D-;0{g4sUOfuogeYi853dQ;;R3IkRm!# zn-(hmvrizW#Csbqj&)<7d+T6Va-5A}UP6yC9B#qLv)ax>97k08iWWrlfM!hpXESGP+6Ad!iLQ^`!Eajt z!v}Zg4`hUve0qzH!P)P63=kj;B3Xgni>~UPIj=8rF3Cho_^RfF{0@Cz{PkXO0<7S> zFYg84V2RqTJgTj6%VvR?%86DpMbN}(%Zd!*j^Y%uti z6NksEW=gmW*5twOC(Y>Q;t&v!{k1WAB{bud_}!rX%M?dFqdB|tIU;J7Jb0QiCg>(c z0tfXEv3I{q(O{q^EJ0V2RR({ECG{2vNaOm!F~%$ORl3Q~ZuwO=TnU1EpBL)|zh7>O zsLxA+7f=3zEuA<%6#p(0piMM%DdOYltIIqflpbqD7L%8(xhWkon*KI2PWLyeU@j{k zBbYoowc^RA$obiR=E_`YF$F49nj7xT(1=CA&Q=~QW`|L7{LzFDAXa{D71LlA>D>4 zD}x}2ZuPwe|7CZZe`?-?_#@%V+ZgR>O6g2_aHB85@{ew&SO602Wwo6<*URKbzx>(W z-DL6FYmCiWPEn~Fk4`^oC`)rRn11!{5#zj-(!y+5<)M?VnukMQX}W*!Wj3rsg0(57)FcmX%S8Uadst8hm zg!j9b!ABevGI`%>3vLJ-(O%`W`3`5R83>14b~k}v)%uy&>khN5q&I+1m6N$@Xc?w@ zxVY_2wu>&H_{hEiE$jDMnJMZb>pY+l*kw|Wh+EF3zh?7>Vnw|}w;E5r4QQa+ zT_ZNPr)O#bS$R^>L%yrw{<3QM0FFI`)ZXGy@cLwL^fluvG8M72zix0ar*3!@?2%mL zq>SA8W%T4!!EJ>{@bCJx-1mJs z5McN<-cGNkbR(cnxf15E7(?#Tw&QyQA1_zfp6t`!J{c@54XayU6+DpHlDl+J3fIV~ znsXbOfgbGb3&^@=PSv_JO0)UCzN{~>O+QkE@JQlcF)@wtGKBJHCD%u8S%?|63T{FP zw=mAWX0U`-H+AhQ)hcEzalQUQSsnkW<=Xw2gMLVl1)&fZh}Btv>Oa8InU#i_m*a}0 zo|sYW%chI>_6}e4_%*n!o=+V0qg~W!PW>_u3Gn>=WGtc&^LE>6EkFBNbo+nwB}#3iGaN05^k^8^#9?Hdl30yA`m=!wR{)^TV64pIrLf3I15WZvmqwe&{ypEw34ZHZ zXUd!5qUm0E!*-9Q_6e`wmBv)@WZu24#klgV!Mz6_r}{tD?Nh%69UXz(%CZmN3Q1cd z&gc#%E{J^BPD>@%&+|A-sMV7)*|tkd>&AW#z)yVMo=*3-LhH#_DrIr2d3m>Y4W`A0 zLAE{0n#ol!^xOujE%f!$sn&4Qbkbqn+bT~g*AC1h1}xbnljOOsh51SnIL8yzec?uh zrsv>Wc~eq(hJX4aI#ad}SUo&bc~z(VAY-;7+u&1pdgmErBO*RMzF~IN z&v$HHtj{%=N+eneC~jPZ>~#cO*(puQRrT3Saa+3Yaf8z~5e<}AJ0*L`-pme0>jsmy zRDC>CKU@4DRMT?ZN?ERFB?3RYyE$6dsG+X?>mFW5x%j>B0*+D_HjjHqCVbv&RR%y( zMBja%#L2v-AfNv)&6E+0Q3&d8VjNrdlu^U?E{R)22!_=;i5sE~m+ygvO4{sCn1zt@ zjg7Ml%LiMfYjubLw_cxUE+#Su-w$LR2E8V!E`cKgxP`h4;JBf^Z)0mS1_4OU%{|>n zqw{K|UGllD8piA?Dp?UTTjjVHOHOZ?Z!i<149HP-3@K<)YkI5OV(o5qrIX!Rd8F6s*}9Z_+x0E|>6b4gY2$gEJikkWLO>8QNWuw^i6r z#!R{G-bXDVkfh+Exw%T>uj(d0_r5Z1@D)Ffx(`9KM#$_I4K_@?E zcUl>f)!>~Zxk8h)FrJ(ZTOR}iMsIe@>d`f5Fagogz-tVP9A$AnxAM%| z7#Ux5zAma++d?YX+iIVL6~9?*bN8R+NfB1M8YvBONYJDx3?0d~)zqwB2IWzY&btKE zY`=_j+1$Cq(g;c4?A6j2!lcbWPFvJv9vOl1vlt{kNvY}8762^`l96oib^2r2bDSG6XiNxz^#34CGfZ9m4t zr%!t(_MxvZKu6!6()ul7v;3Z}hj)Ww5p}0fsru)+uk>Y)i}-S%Eo}~iKh*07B$tx! z>l-E_?YEHlwj*!SGr#CMo$3qtUA`*pdDpSlwTaULtsQ z{a67)fSi>fP0mG~y672uvt@}8vkE3=AFl3Pon|sh&%fh^ zkE0dy-5&o=0~74!|}FVCxc}}H^W=AnxOT&pw-9eH)@(*u{E!w^?DyA) zWq+C|4N<`3%_>>I0X_*+oty8W=qo&074d^dp^|_zlzDqZE02YJA6XAc{eJj9MEPS| z&0ZUbaBKdpDFcADXhEE$fMoXN#nDh<)dw@hn=Cati__svN%&yjmB4VfbkT{~t<>@|F`L5{E+cw+L9jY)#erL1Jp!!Z*HU4&Q zjnUM3i7nMP2aZDezG2saNB;@HR)lp*qFQ*w9dQ6`QEFEmlc6qIf_^&0o_~8wWRd3; z!ZP_t?tOjgAcIqg{nZ&ko1wGvr2FogfLjrjk?>ES5n7mo6U?W=pz6AJbzZAq%To$fL=M%A-+X^i;t3X#Y_ zRMXQrhuWM>cZdc3Lgx?0aGU;wVqHJ95g^avkCf3iQRJPHcnjm|7|d-R`!UC;M@g{_ zl0rx9JC)_iFOL7%9qV8epYgz`3*hb$Efj5j{uh7t;-smdihu4*XqaU5k0fhEZg#7 zaJAVJ-5js&5&2BhpFuLZ*Nvm+yNQ58<5W=y4d{*?Na*j*Yd%30<^eXBmSO^B?Sif=#^J+^vXz=RzuzAG zG%S%jR4883Y(bddJeC#7o^HBog~Sh7_JBhFGW~DG17!!^&d?H|Dtj{)K;qJx-mJ5_ z^o-JDBg(RMtv-k@_OUfyp9YUeS({(2bMySLL-Sz8Cs*o_JNL=|oR{BV;tUXP?D_QR zO;EM7x7srkE^y7b7n-gsz27FD<8MrsOhb#cfGVbQXUFg4!V=f^a?oOCK~CSFbjq#i zT#p9s1%bQQVvxl~ov5E)pQu%oFoBAY>vv4jQC%bZkT}HC=lq62-9=(Gn`_*eKmOZ; zBtQYZX2p1eT8ll2eo`GN=^U+8G3_DsvvQ}D$huHHkXbRK~8yLK7^EJ7eW($ouP}qWS{`1iPGY&XSlARv<`SdSjK6_w8hP^Ra zp{O@98WJPq*V^%1QYrk#ETVwiA^evl{WZ4y!02o&0aFlO z%To>Op~5)exc>ORb-JT+faX`fuK6Fy4D-&foU&2d(FMf|?a){r3>-r3{YwReg*O!Z z^ae?5#eo=$Ng7IkN+O_G{77d8=A_xLJE2@y81CS6!v=r3YN=O0z;xdLEdyqX3E(bk z?dxDv(Wh2wCO6q$OVopv@ zHp9h|JL^Y&)TKXqoSh7In6$@ z%#|&{3d91Y0p>r$7q=MblTeFxKcUem)>b{54ro>;yWvK#Y5~Rp0oMBDiPCI5)&$Tn z0~Fipm8(}n)N5AS?*gPY<1~86cVSV&vjM}W9D{o)ZQ6U!1N2EnCo3#01pGc$*qvBRfLGfBYajrT^}4``t8B zB-b0c7Ke|a8;Wv8f<3_4p9F+j(*Q42Am~f}6QoAIs!KyYvWioA_^o2VBF~&@zqr## zg{OJ{86GEL(Y4x{`Tj4-`F|@yg#18%m04QBMssn}S-rphWl#Xe`V-cjt(BK@Q{VvM z37|Tiv9q&7;2_d{bA(bxS4aY-mGXkG8A%lyM#gropz+I#Gr!Dy-Kq#G?VVJc!J=*T z9yu!2ri4Jd)hm@BjH`$KdnmJ=ZH+|~yBfI_l;`0-5B z({4|8L!b$*3Mdd)W4K>cs_tJ}2WaR6j>PSMe%x!rTyoP2(*n4{lIit?DmLgIlWy_# z?wdA3(@R602h;JJ?X@Men5D#j_?@)}K1^lPh2V{j?*Oeb>z}xK%Ku#m0ysVVS8@zY zL{tH9sa3u1*s6sP;IHy zhE=1I4adZmy~R$zX&4afdq90-;5P0^;hK?6U9nWK-j|l6D}xNa?N$4t{$d?2`ln9; z{-*HX`X>Pn`oVwI%T5d+#O4DvxADx&{iDq!U$~o`Sc(NgI!Fl9z4%Iri>gvNnuLt3 zV64hA#;#$%l91=xt{(t93dfS-L78e$G%-82M+hFJ-QA0mWa1>zVra<`0u=Q&gLHHs z0ry5m6al1eCCe}XiqZhV{y&9OAOZ@eGrjhrj^CR7mzy^=)(xWLK_`i7Z?HN$(&NomUe}}^6*DVTZydGQnnuQwe zB*^$Gqdpn7^8t|3%N^XuqMj`SRhzMPP=L_lax&b3zQsa;1O@@W6A(X$_!dxPIT|_x z4FLs35m0O`c!hZ;CJQtS;rs0#GBG&1y0d_TvQ}4#Q3760u{;0${C?#^nI3{{0xYND5d!+n@+(Nd#5Li*(n zRzl(;!?e%4rVBW;o(iz}zJSYp>cqCdzpe8sX&4FICBg>aaa4t-R(uAiXN@E~G_5{b zjXV0R8s9+eHX;3H3>(#HqX809ijCl1bqV1vT;5 zk83{A8v%ZyTWu9(xX%xEmoAE%L?m&@3wmObx|BQG;^ z#IlYIi?iFFMiy-bTM#zJ8+yxnOnK#jDgI6uOA6?6&pF4M0kG5=&Y(}9?oB$iQKFh| zOcy>Qeiu&5Z!^9~A}gZ|Lf5ZFBG{0pEw-*Ja2SM3N?O{c^%GhB><0>zHd|QG$r#V7 zg%k@l^KxG_&|A$(q6K9TM|=3Jf4 zG0<-*En?9GxrJG7d=iVDv}@cL@mSDUDBNpd1n4j<1G+!PA>9|4vPma@*gvQ2rCxfw z$qeDKeI}u|?r0IJS#czC6K*gRWl$KX&vD^K*6<;RQ;w=#S3ORrqi}3`^Mf+OL`3Xo zml06&8Vlw0;sS@BK_B^en+pgmtS}%~DU|i}V@!4GI=AJL225a{1$H#0<_EnDD0Fnb z&67_Yr%bWWrlcz(&vg#X_X{bf+oe3T_vEZwr`iPo+hkJSe8@zzxGVA2!-l33T4j02m zxhEK#h}&+I-Q2=roLuXP@T-xDD+jj?K8>ZcH(y(@A5TDKs;HV2#r#j3=4A^(C53R& zGlhVQbt6h>1I%$Uwkd3tZ_-9O1w;?mYFKH3KDS=nFGS3WGA;>h8VG6gfb%8_mK)Lw z&qzjjwJ{}P6V8iuiRpTN^g!*GRDK^M&bV@ZPG~SxKCs%V?QU?)8_HEzOn&_J2^S&K zZX1NBx5p&czn{9c)@0satLcMO5o%DGN|P!}hS-N?nw-k+a>WXlKr@d@`g(Q2i=%r9 z4|JPPv3cNS6vE)or_wcXCkwws<1=#JAr{{M5&{^1uOO3vZL&RDZi1k_7hfRi^2@MH znGbkFEkP2* zcfvvbx@Vj}~ z*dcWVYqoMu1(W*^j1|57KYh^Uz^@i1Qf}f@w{_2bxZ21?O}0`OK_R#ElgsQ60i0kF zXuuvf;r|*{`hI?EWc_w&Ul1%{6r!%eiLTdV_${xYriX8g*HXZ9CnHyx&su7Q#ahq8 zf&rle4#(0a;)=DnZ>}_6Cnawg(Jlw+t|OQ3D3I`*jGe7(cR#PKlhaSn{~aS^Cd2oV z!&Hpn3`op(S3>n-UK7TX<4q&fUnO&=xI;dRIL^<$^;(_IN0f}Lp+*(9FKbP{dYLsDJ1sr_QFe3V1kM`DX8 zZ>fle)c0*m>tCzBD#K&)!WTTf(<}<6i$I)JYr^-}`Z~VlF)cT$^><{BDC!+mNGBT1 zhpd-@mQ|WWw1+3O-Xo1mk~tOpT6H;eMFQ!b>9U<5j}!KZT?z~uAg1^pJ#U7~j>VPR zYCz`$T!TPgk-+c9w2T&1BSX8q>A~(Vjt*h>>fS67;I>p)XsBw2xQX{N z1s1N~sjEL#`;A-r89g){Yc7?YP%Ghm&s1+wZTc#CXoiJ+vR3&Um@Nv25!*%!1|z({ z|GHshJnUg}S+#V8Uc+^dFB>e*hirr_|*gN7sR4o8;u?{qDf0ez&(T(=l9_)m=4`(t^_s_mNJPXGij|aO4 zU4buE*?t=pMjD>WL`83=&?WRe#>U1LD55`2s&J`kJ=o0tn7;;G-S}#w8L6h77o@ww z!~G2WQ=tZ8&-RGlJO`viW;0ZhQ}5=oCYs3uI)vFzJt|Vt80N6i)RNS;6{+hz@tExA z2pG^VBEJ2MZFu1p{rKav@0sx7N9#upcKRuE^Dd_mB{oV1S&Yr?Yi5wIk0!?eYwr;- z&ayq#HS$SZ)b!gmy_KaN=G&wJHb_SDw0xAAuZr2+sFH#X^e$KSe2q>?Ggvv_LmcU( zhbKIEhx*KW_VZwX8psDI#+IVff@16?9#T^j)z*6cwoDy9F#}lxih68@ka6hz)Entj zT1Ng}p79EifW&;=W%b*V0U_Xqm=NSf2uOvTC#O|wT+9ilKV~uHWV9p&nEQ+rZ0%-g zZ6ILOVsgfsTsT=F=e4Ui^tf_Jjsw6ShV-i7g=F?cw$T;EJsDO~KGaVaWx6YxQusO- zeqq+LoLMw4(dDfk{GnVkM$#&zSIH6i@IgNe#cimiq=gV|5i?o{g%c%L$ypx?>pXZ^ z7vI6Ao1T_p<##@_duWVVdUxkf6kXb~^Y&O(8=L3yP*<0!?qRFCoHn<_i0DD=xFG^j zN1JnklMVFDhp?SXq$~QoY>P;m7Crp^i9dnUJk0-mS4QNZS3;DyzrVlO?77mk@BU{c z(G#`@5Vy1^_Zasuj>8*bzwKcGq>{o?&9Bt zHbXU2Y!pS18U@1Gngyz#^%4xX}IfP01`__gB{MWpkoE+qKQm=^D?m3e2tZDUE_9Tm{*Ra$p_;fR@Mj}GTmQz zl^82%E8Euc~Vj;fPq2q5Py7%nv^Dm7?W19}+;Kl4pl35`ck3JF(rQH%PH zLNxkc~$rSr2tSEC|1@UpXC3I&0V#OD1@AG3%ckM*&r%zd`Jj24XMy=nxyHl~-XG`716{9CC z%^M&NTGmz`#`Du0@UdiC-z1h5P1P~tXK$;xm$<3h+>32{gV4WvReI2G)s6oB3bOP zvdI#9=Pq8PdP&f}a|j~m+}>^MsglZaLQj&hw}S$o(jn(JWj(2(u)h4&wEJ~!uTw7Bo#sFgxQk3Sif>Hwd|`F% zO)H6>yb|HMTQsK+#e=BSS(f9H7Hro2agF|O7FOL|GOjk3aAtxuGMLYqpVPWeD^{uo zTanq3|MvQVUT0F2!WEO1LY)zEPCw?yn*Z+bdRkT_)x;26-JyuJbU(RB|7ut9!o)cD z$u!@>FdvlLtlL6NJk+$oYw6CPlc`@v&x@Y`3DrM$80wXPY|7R%+wupA?ep6k)M@Y1^JCvaFl9$|bYvF{d#|b6@z*De91ChwsY5?^-5O9X zHAABXT}{IRVNKPCqxX7@$4OprJudYlO>HDe2hN+oXZU+CK6dtu_ea7B`&15Pe?n`j ztSSWRW7Xg>S9Q2+IUNP-gE8tGRK;kAXh}YSA-Y`IXKVmb-!HV?7=x(t>tM`7H9Gc< zR+thK6E7M~R@py0JN0dq2f@Ka>;4OUoRLtIcEZuid8oJTiegglyf0X<;f2xHXNpPM za1X;m)hy|DVY*2ljxF5cicY1UZQaF-Su&PaTYFOl3EM7W1H%rb)>+iMzPw$_KhK3Z zOQOKWtYho===EZb)tV=5e5OkSoQ;s16@Yj4s^s*7*( z2_8QrORnMYujGkJLLM{wXqH90QvSJQ&6CzN3Mi8sMpzLCjd;XIYghTFD^l6k=iJS= zyt^F5RoOJoo&~2}gT&<(YWnmSPS$tV$9=Cd(}s>zugrT1G0v_|w6D?9RNXzB#Q*uR{YT_Qx37K=Ck=PdpNjx`SD;$-T_??V>wuhQQf`3}B5< zJalV2t421X^kZ<<3Y&Wg9D2~2_ARHvG3j^Dey5 z?m}2Qw_aM!?2o7xHc`14ft0-tb#f#G6Ks%@gI!y+9V~1od?#0mE7MGKM6QN35#SC) z%2Da@W|tVGG0VGof7`2r!Nkiut+aZ&bH%S%9LA=r9I^VHd=V*wytjzFP6;B#E_;FN z0&ID+f7lv#-u8%H`BIa_poyOE{7efS>e{cL_B%32-xOd9Iot+VCE;B2GO+@85&Myx zi*2p$Q_BTAR;@CMX6?+Jvd;spY@&?ilS^ack)o&h%K|G)oe}3GTx&DHAv}i6ek)*7 zq0AEj0gKQP?jf4X_ezY|dP*x5h@3eoLsGv!+fr$U=ui}nl&q=ze5eyz*xtE+R`V62 z6zTn}p^|E_7ZwUB)!9rWV4|JN;C+^S5fgX(+a^crv&sMj96LE?&wI?g+MZmD{8jAJ z27~;P)Y{b*3WDa|Ps^E^?MUshjaIL~Fytx@c8TRdXA^R|rq<(nj=zMbuJC#3@rTR&Tx466=ivio8j69~o%m+f+SVR=zQIMVpd z0WPDVnVMwq`%=WG+Wx||NYGw+xF`MVs*%Wc)rV?jt-H1%zXq-ArU#c(o*WIG&bu0G zd;)phx8y?*5}C$+5mp2%9pmRkZxIXhxG(Y6?(mt9?Q3|tfeM#*4V#j~Gu z>Spgy(rP8Or)v-m->$7X>lu!q0x5`w^NdJeoO>(#y&$P4bn9nK8zqcq8De96SJIZ{ zwH=*1nZ|ZkA#wkg$5c)Dp{Rs>n`?WLWY72$ix!upi|q!NkRww6Pgtq_y%UGA`D~yo z+M0bu{(-}*M7NI%Kj}%FW;qrINAoa=y5g}o$orYjD3VhYhiyL~t;$*R4C8!~M_j@! z*X`GFovy^P@#&X+ok{W~6nfa;jkj5ndzCl4Q|z*|7+uU78t(&_JcGUv?_7yIsJx%^ z2CG(@W|5So=aSERtca-c%E{xS{}^OK46A$J*QinPYc{b!LNgc!_zJFl?&&S`f4!RwxOQ6 z>ZkD{49?4`@{r~BlgCOqm`4i_zuheg_C`xJ;firg3?2*M5XmNbme8z$YsA{H!3j6h z&gGjpD1D|!bS1!Iac3*|{eXxVaN|xNT+(*0rhY?Evvet@j(>BlureE*jNCk{IzalU z*DOO>-nUM5oL*i1CNAe0`(hO%J-rlg$9O=?$Zs*RrO(pz z0f@HHERstHqN+*Gr^S@sY^=s@Ze;|kfuvETUPj|2L=<6JRu)PQ_G;2e=a)>g;6#m= z&SrHrE_0BxXND+M_GmN*PCLcf4y*dDA6aL7-BC~0Z8ldttrx$#V3h?oQt8B1(EIGM zF%5GmvnIk_`a5>(+7G{wg?d9gicEM*DwERUDRF%ufDwm3Lqo6l6+l$v7I05id@eG zG=0-H$==*owE&m`oq;Z-c~Ku!J8TKK8k4558hs(t|7y@ z+^B+|lCEdRDDB-NimbkLWLY!06yx~W>2tJI0u)fzfck5+*Dr1Va57!6{}PBizsj^s zm15n=#L}ZtcQ!7}zvn!{fMl_~!DAJHZ(-Yg#)U-GmxVukn}`Jtj(viK}|Jaao;!fvcm3Ppwk*F1`McIGay)#|)RKSKm%WayQk{+6kE-9+1n1n@NWI{ za|HwY`^V*Xh^;(BWQLrMb{m#*q4tFwWjedd zM^YuG6KCA(6~)2)?h`m7=JW`%;rZ$FD|4(eeSxA8KJdHN^UXJjL4$d17kbJEf5_ht z)lM#gLWy@OXT4qJWMHm(Ldq8`)DfD>MWf7qbCn&jaE?lwxQ&43l#}}9K)O2~74&Ck zAb9_dWR(C&o+J`fv~n*e=cH!hR9Fk*Z=)N@OmQN~r{_pExn}b!+}~!@_KWoCg`RDZ z0&q7pI97c3vIe&xci<7mTTL4MsIk-s&6N3>(%pVBGqF7CgGWJ7jj}T_q}o2wR-3B# z;SO{)oai74DH8~vHX;+M9zMTsOLAo=Sj2tS9H-f4+iH@oNMGqZ2cxAQ=*i^Et@cR^ zqe_fRd)OPJzCcw>xOVFx!Ut%ZsNaMj8pDORyD!EZnlB(d{PV|KHM~S#iHSW|yO9B& z(Oz5&V+W8WsM%xLst*S6{d0{{kOYT8sa98^0PU+v^G;VFJ6Q#8 zioaN!ty~`($!L$^F5FBV&Pv)=H(h5K_8x|M^;Qo#t>~DfQ!LcIr=Kpey`btG`#Syq zVd|>GvdX?LASfZBloAR`r_wEg(k0!XB1oq}g93_32}+lgAPpj27D!5`bayv=`@Z1( zzJF$(c^vP1?>RfyUT2+Lp6Ps|KE^y7IN?4+1>jzRr`EI;e!ZoKw~LadPS5$c`;)ou zSzoles%)PAoFlD&JbzD9FfPA3+c0bPLquuy^Y3@&e@v5mY$@%=wNki$;h}WtTOoK; z|GToXC46(M)TfeS@TX8R?;7*{J&e|ej1OBW-|Mxyg$noVy{n4jc_02YTa3JrXF|M2X7nRQSr-r<(x?dUO%O~shiibRODtXGSqJ$EnTSNSM zW&6vWjB~ym-&XA?Y}IeNXLj`KK4?4)GOEx7Zjb`W*2LYTIrQOXy#ne+>4n$u#s4A&pUqzyV&7Mxwt4fY3n zI4Wqu{V`juQ+chMOgXoHPCv}e_3qx&ukT(hxtRPt+d7KTuhfAz{!HxAwn$W1OniEm zY+ofU)`rOD;$JNk(9fe>kG`*bBr4by3Y(_E?oNA&Z# z6@SLFnV}t5H$Ae2?MA%J-tna0*~v(ce|Pzs$H#zD!oI;^t0jETy1B|Mtz5&TR|>)_ z>6`j<4KD8DT8D=fx)h#=rMfH2`3s`#xzn8uq+Bw{NkLiocQD zg3tSG0?pd+OOZ@NvFz*SJ7%|zc9LzX54SGL7CZLqSGqi5*Dp~4selw$LA?}zVn(vv zEw75otWwH>^PNlIODRG`jV1~PO@uX*&9d5G)Gk(h9!MA^)sQsPtDI03?W$+AwHV%@ z8-BQx{m7j*`uNDBOZhpkS<%}k(;?#!#cUUqB0oP@F0c6feXjIJ3~zy&A;#sJp@v0CH+Q4&i?1N`eY zQyzauw24T^US-%OF>%aga`Kq3IVDXR4Gaqt3iEwkn$G&BFU&-9nf=4YL^rdeTGnx! z%R7A(=3A+9-QRJWonH~wvU=N78h-g!!}6snX||*<6N7wuqI3km6q<`%?z)Zr-n_Z! ze>tM`x>@dokHY8SMm2uEuZN87EfNnLMH22-dPp6u>aGSFzN54^t#h>Rd*Ya5t@Los zFpQYtQI~(5iNWrR2)Fq(22-PB^r(5Y!=TYFf~x~ojj>$QkQ=k8J|7H(s&(vd`cc~0 z6_qWO%~yPWKeON2+1Vr;#_&itxZFYHnUd?eCw`+ys`=+8JQw_?x0I_^Q`ET?3A-y} z_)*I4o^*}}%2D)t>pT4W+^?$E6-^IzbfUBfuEh22{f>|N^F>)Kr{r5*9T(^&M3=hl zu3g-0S~l)J+==R5vDeE=YnoeZvHdF1sJ6Y-GMN8RdMaqhmHY74Z{H=VkEHJk6`$%c z%-TGDXyGumG}O&Im@n*TYteT%wgP~w2V;9pLvA61D;cy>nEH$=D-rhHMwfxXu0n>v z%WHRJ6Sp>z{D#sduv}h04J&^CR~C-enDl&?C;mO*1Ol@J(gd&dV?I%{gvXm6k8&-( zP-TB!D%>k#(D4N$YEkiARk36E+<8i3u8QP&iLPdx<#%E9+ORyMr@VO>;-nReATNgYHisCoW2vQu1O0s>90)xE3eO3 zTVS(MNgE=lx*57d>D#^ z^YcD%7-Vu7lxh1<-%B`ykkq(io&=DwyZt^>`Cv>NP9#qsJ>>S*^C*ltClvHf$OCF+ z(cp2e;0Z1xKHHS@fTXfT(#W!!UuUcI{j9TV-!wni|Dq#fy-=a zyz5wVa_5UjH;pI^J$5Ir$R9`MRBq`uC)^t5?u$O=>ptO_*cAeuFDCa&KEmhXAQf=i z$wP#L+z-DT+G{}nIBeZ&N8o3=)c>V1j4ekyzi!>abeLoQ_5)Mxim06|pyS4ynHt&E zVs+1uET2O=_fp^R{8Z!n_10TP)nH+U_qWPvCH(}%F1Bcfo_?P`9WbUp2HgFGux>wL zA1vB>c0dbjW2uy`6erU9SS-{`e1L!=5hF~*WAz6)@PZSHfc7$&5GVZX!}Du4E;*EZ zR!o*Jz78ftMqUCXB4>J`!slL}+z9p$w}%_uZW^1WZ5yR2C*+8^@9mHm2A%M(ERn+! zuCv%w2vsTF%bBiIbbIh2-Vt=UJ>Vhgwhb{LD_;kDpIzfnY(^yh5pXH+%RW-?d_!@Ya@loE3Vvb z!y7OD9lgUv=rVSs=4TM@$3=8*pTYC={F1*bBkJpAvh_>bJ08v(wCuN$UIICnrRrl3 zy)(*!lO*n-DwS!JV4iF(aLNu!~Q&G2vj04g zl5v9L2i=X{H3i$hcB-hOl15alrFt zm`7C754K6Qn!&n`3QFZa#Pw`pVbWIlgrWcv)-scji&1s?Q2$(+^x5#B5eT z-b*9qa(eUI!M_1f_WPi=rV8p0l>yF1L0G0ukx3x#6XO+?f7r-b-6=R7`)~k`0HbJB zwV-pc_8%!%y+#CMzHC0HkbWRdQ2Ev&PeZYMu4Q5!U+eHw3JII4tec{PrtP9+C*;RL z;B+{NH=P|NW0*Pr3sbV^^9Yr69eWX|V&Mb>#gK+YOwr>|m|&eQ4;Y znkbya0m%?rN3@+!c__UCqAZN_%!J*nlKQZ;AnF6EN(-`|;@&Mn=Lr%Y3oaj?lps?n z!{?(|dY2f`VXm1DvC8Uyn*mY})K*$P&rz%`+(Gy4AvqbDyt|%#k0JzH#H>HdpksJo zAVeyVGnvz3fw^}px1%!%F8yyk!_XvuznrxoLJ7I3dLx`rAmZh+?{T*Xd<*mG$uSrx z4#dEGbIsVLsN8AxBe1ahGL76fySTWcV;Z_oy#rec;cEZy1iXUJ(+2v88JNe4-IJD* znk#G->nNR$pGOoF9Au73CO-L z$GC`)6GkIq-pSIznNU>sSGkw7?;y13!~N~AK;x`g#f^2}>Vx3*VSHs3{mj|NAjkE~ z_3;*puPRPs3}FX7d9ns^n8$eMDfyaKtNM}1JpL<~aPenH8P|mw5c3%~YitVf9D33t z=&`HD;O(G#V(bN2C9h(FQF>$I`B+meai1w|EB+K4!SJcbw3#CAX}>u_2vkwUaNpnR z+L-OIe#PDD#lL>`&fU9x#s5xK=zuCsgs;#vax6igZ3URFnLyVUf)+xVl|?h_6Ug)3 z$yvUl`dZv+ol2%f!;X)hdoe>lE{X6N!5^SE*2$?k>TaMlz+Kw z9$8fppqkJPa8%~l;0-i+-SRwgi*uRFC~li>ib|Hg>fZSuCG!z2P%?EsIil$2z8Fza zQDxx4qW(diJD@KSF6*RC#H8r$khezviv`QiYeQ{Qr(YNT~c*akH_gFzt))W!l@@q@MI~i#H!L6wh-_Q$GY*)(LV52r>o31{k{d=x3Nd_& z*}7i};<`l`7M9AF|3{QHNA?y3*^mv=XR+%sc;*a-e)R~XgK~adac!!Oe1iE~ArZvq zbW7}#EP8UR14dye-3B4?KcO6NaXet#w$)LggpV?65Y~0=%X0%C`L};W_a!L{&C(6< z;Sw=fdV^F+CKRi3%F5d~KSUUhUJ{C_L~t0m{nj~I5}FV&ckj;0-V?V2&CgUM{vsaC z{z<>IKSvc!x^kZV`JuyZCIBc%&+2ElR(Xy9Ghdi;mLtN$NO78_!U_$LPi z*zTHCjLVlVmx0dL7vK}?;Vo5e8*a|`pi)LH)5@~vv0jA1(xPe`j%tu0XD&W)8rfLhhVBPJ=@BQP(Z*^L9dMj#x);WvXhrJ*q}`x( z;$9Y2RPy$!!NIj7+{VEuKm?75STG9BTDukbhfFM$0J;_BexHE247fAV0tQr9DggIW zzY47ez0$Y+*jsoqZm0l{R8Su1ILKBp;dnzXxSdA6KT`Wr>=mMs$C%*uQJ%B16ItLv zx|PvaS2ICt6qwwR%Du>hvprS*37j!Oj2l&viU0qjMkA`|+}@plHk!#7D?0uRzN%cX z*gh}U>x`jg=nTc|QfbADg=eN@M^GsmRv+zs{x1Q9`@pzgmdWA#$tojWJ^4WoDn*+Y)ahXqc7a&BC=`KYj>$jGCaZIfPpM1I}=9FkI?_&GuHgxHEn0 zI0FdA{n4ETkL08F^>m1^>Am4K?vfimPs)}B?~1dj+|-QXOgv2Ws=5F*AXWECI9Hd^NP*)qV8Mxr3!LMM_vEs zV0#abmoZx64Z{{8tG=MBx{S*0+snspgoBNu(}EGAOQPG3hMeQ^%Q~&=V&6quoi!sk zB&xgXeDOL!YL-X(S#i<=Z3a;rNr~e$0k6$qWR6iaht=`QH$wB4SV0LYbZl`n3?eUa zDJ+$dmQPecFVQe*jK5((PD%B{r&KjDNx4Q&KtNDr*~5VpW!Hj8v1epQ21^~01#mgo z$-ky|u-}@zxjo;beBl=^CJh=qktP}Av1@adRr*3za%nFj7evm0vTZ%~G3xO-}bzb;5 zE1fdnog}LI8LITSI5S$O? zZ-0*pAW!9Eu$${-w&+O1|MBY=tLoC&m;|G8Je`ec02am;Lk({~yKWK9l??sLmHJ7` z?yP&S@(E6sSEdjxIy^lJS6Bl176WvfD~*beyI?u~KnZuRw|Gb|Alyuq#`EZ4VtH8^ zv=J}1d_SzXX;E79;$$&WB;hrjjPGk9uTjht5)vW~i9Q|F8*v)0LT4ayoR^1=j@=t7 z?u$$M80yUE=3nWGF;eL0=ucC;vyh+l64%5{tciOcEkKT}FDuE2*nqdUx5V#~;5m>- z@)dwLlSa4EY{?ewY+RpiH3zS7S{=K)$&e+9{B<-;RZ{V*OX~i4XOO=?K#FMS=xeJ? zCpyixJ8doKuxRDPx)68M8uwrzrC>A2Io}Uc( zne+8^csv~*3A3sX9E?%~u{1>j26x>uCuaA<&7S}K$m;{_v}Fd(S>)sVkapuX7}Z4w z5PLMh#l`)IfrX0=W`~A(2Pwd#Ks1w$pPPSpZec+|e<0B2@)XO?dDLg=VldhLdyW*= z^SzHYLuD6&v#hG@0*An{KSAc4y6@%(yK+Ih;`z;0nd7$`X;$RaXxW34pgzh29o1ATRNLOlVi`K=DiR zw90N21NhipzkCEk!^>Fe%peBVks@l1Qw(TepNb$8 zW@_huv}*&(+T-8h%>S)08eSqHzX##TZlm>7nJdD$)Zr2MG%Y_rKV>WJJ3{n%B5Zv8 zR1j+Ffcn@6(|WKZ^f?*YzqfFNw`k^Fxr_vcK%7_+=XW5#Cl3c1--MT!m0h%T1!fhg zeHPeO6mf5M%ll5^>mty4g3(#o4(*Z54;|bX&@a#k~iX zYy`Q$^m@x`Ans4>7I*D3sinO=STQQL(m9C%eKdCCKk+RFOK#e46Krx>cC$4RB}&x_ zAv-Hf0*@fD6)Hd;k%JceZV*m#q0$4fl9H0s&dPl_()Aw69^y2vSTA0@nDEByYObfI zrfwJ>Mzq&IRN~b1p-i?W6RYjjK&CC>MI?LB=!{e!A0>n6C7!SK--oMXKbWi-)kcXi z9TXA)`9YM}M_pPIZlyzI*a1~D?SBg+jfQ2jU)od8j7n%{UwW4q&7{gl_~@@l9ztjB zgR<8aZ0LR7rYXg-=(8~}_?10dR)XW3b$q8rFNWEcGAOph?SO-dEzrr#f{Hw;!@XQX z(J_YX-Sug5)ILtcqV+s>9NkM#@VLk^H#&M7m)ABN9)!2OQM^6uOP%x9=AvFe3{UdMKu0LQ%JTbx5 z&@wx1%>2<;qU9h&#U?>!FN|kO7UQ~z{j}4LEG{aF;77X5wx{B`Lv1;C1BpGX7ak8+ zi9$w{kx`V8z}Q?Ih~O})V*9r}8}N*;V#}-!Sg4hScQ!xV+mzsd;B}3kewtxY8?0)c z^pfyXHYEJYj6lB2kPg1`{d(kSZa%~_ZsR!|emFq{j&su+vbze@yi8(ZhM^8u{0}-a z)Fzgea$Y}#J;+l+Kk_Vr_R$HX`f0sIKJG$PssD4~$yE#j)DAh(c~!3ol||J<0b{(6 z0Rr-zP=PBmSvj_Vbfmkkk;yh-ZIdEaFBGvghYL zuJMB>;^Wy_Um^z?#VYoR2cYw~_IR@HEb{+-CS$ty(MQC=x%LH?uaoYa(6xovCn2^s z3xdhOLbhZbtX?I~ib!Q+1Sfex7t~ooZaX*ZtuI4qQ^SY#yetozIb5}a(vp&T#TI}o zGzOY3sh*@)X52(S;k#F?eBhZO+!!M1#hUlaVJ5#uBFSVm-Q-@QK@(ztA)?Y>;k@qC z0mW_u)+$m(pmGwt-T=8c{@2A}$qBHQJbP~l&uWmrnE3cKLy0*|t_nK%z_GcclSMV~ zMtlygVemcAW6}9K=;|#c{qevPli#@RMPYL|C_jM-&$;alC$8s)%D<}gPGzwfR$TJ6 zrmRSp;lfnCxC33|ClLLw<1lN9P2wMRQ$r;Iq{=}I)q40=3KVb<7pFm*=}eMAm77kz zFXU$X1RDtFUR9VSXJgXOutMn(ax-W52&6?&ehpu5Tn;s;P5CwfGbD8@{SklxKSJ=s zEB$0tT_rMH{Q2`|R7oO!6(e0aAr16ZiML1jjHsxn9s^o9F*|FHa!F(z?m@z^-uOw| z2ft{Iw=h&5@tlbMWo=^p>zEiy`;K;yw`CgBhDg1^mo6KIrx{m_sWVLg^<%HSdnPX$N5z;bBgNVKzMxKr!N;+(v-;3EqzJ54xxN8l)lc$J`y&;-cr^yMSxY!x z&m0w~HoxE7n3aU|Hm9hK)Hi78lougb``M7a!v)`~s)06m7W_{_3c|1yyf*0=k}&qj z?3|oZzzaH{aicTgxp5-|wwm$#g_Bf1Z~>n2bcs|Ic}7VMKx;{Y$2I^mnJ@N#`L6go zA0DyAsPajLw!hGfkd)ISN7fP>Jb0i)S%x0AYaHWO@YQsXeZD6l z@!}dIgx2)LL>d6M;!#|^4=Jb zRc1dzR4z3>M2zlm8=Dy%&`R6uYP?pKHtj?r%z=;`IF|Mi32WGqcy@tXh;ICG;EmvQ zv-k$Deb;qkOVpo<*X%(nR(#~@LxOBF3v_C?+Ezxt`F2LIY6VG1NPJR=;yN{mJaH2f zy2`z|&rpKXqx)FakhAO3{oA2=B&+W&;izJwW6y|>d>!^khKfiHDz|I=EiEnI&s<;S zLzP6}g@C<%(kV1e>3Vwr2R+k4nm^S^p!hbDGQ3E!6Gh*V4r0=wL#-Ww)}yewG^7WS zkpmExH+98THvA4}ysd~osihNG_vYO$+%5U~l^>8mmVul=VpNqP-i-~N2XBx79%6ku zBe1tTkh;noCg0F-InAh0@LGhQqBZ-~t8FR<`@nw8^4lE8ZZK=}7Tl`!xwoA4lO z(QOQ7*fJ-Y8`k|i&Qm(om0q z>2Qz6sLBm#pIMBmDni~sY1{_j-M=UmvJXjP`bbn97x7E-=NmJjA~OBZ!}!D^06Qcx z#*-$+djoex{l(GI(Zt*w3)OE=%cl#yw5MC`JxD4Zwl=u=s|zv*HTHQb0hK~QGl(6N zuO6N|caD1Eq7FE1)?Kfd;PqkZP1Qtk^gU>eKEb)|e=)&Z|DrhlGmhHv0$4vW%&FFd zT%Fz==-#po%0H;|cK>ph;-E2B!~ik*L@4-iWyiYtL|*H{^x|J%S5J-JX*V4toC5&? z%neBDok^1C0J2w^@Ux79itiJ2FmD7j5&JiJj}}b+2Sm(EjlS;1!jhzbCgnZQVeg8` zJ878(*h)i-lsA!qK4z`Z@4 zAMfJ52?$V|czupx480Q$k7S}Uw3oONZUt0tMRubSqwn;4rzH5vtB}BqybEq3oY-_3 zw}AZ)#JwXWrJ5k-?o-ESW(H*(bS^XQcME6}8NHp?r|tos;L8SGuF+cWMNm2?{@1$n zLF@8tYj11;oaf6G(pbm;D!C)TdreS6JdXt00!wi4`Om18vDP`8oiiA!TFqPA7$UEx|hHwuqUyvDk z8~ZC38EcDN@#Re+Hb*jB;xjPg`9p&1p0G%MSS7>bkkWnXij$MCLv-_2>20~eP5{BZ zKqnDWW%QX(qV9X)p!}lo*-ReHD`IX;Jyz1v(s+8e_7}Ka zU?ow_GPtCy@xjjO23%r+E&Jy6>qO|-+K`U*G~9`I<0i^Fce{*P!DlI9o;`m_90q?E z9L6E02|rt+1K&P1iY!Gh%OV)U&4ArWw3np0LXo=T%21Cun>fuprpmXtCm#fe;q!>m z<8`G!=QTU_9YJP!F3{EBF2zSIufD(H0^3SR9D| z-Zg;3As1%ViA!SPk|d6d7z3do!YM@F1kytuzc;|}_u#UG+12r1Z?YUMspI9cAPt}T zy*P~}@+v2p0AeO3zYP&Ty;ksCqt1AS6NH&sMJX~G<8%y>z)=`Tau&6XUcOY4z)xO( zYPH>X;6a;d0@qQE)L?5q6xiQi;$%b+itTvqZ7=7d+7~Y`MVysk0V5+L+GhRv=5aNE zE2aM-874~5Fmq48N`_b&hyC`7XtXAhqSN61AE%X(+rPsYgHJm=IqO;OT(T+e4mB;xhhqF;nfpZHLNG)$1lofi9fX>s6$+DDk( z;GXmGKbZcoy9vBpSgyY;uhQ>A#M|+v}2o3)g#EN3hm4jVJ z3ZBOyruSXHzrFym;fP&|0Dey$Gn(I43GvY_t|Rw~=c^z8SY1@*~s*M4BDG2#;j_`^KWGiMC7P)`Blwtt8)M4W*irS@x!O}3K zh!xSz-Bqo4ZVyE-hyX;tT18<&1`882BrGiKzxOdf;~mVP zyiW+Fu`~uOA>%4j#atcVw$5OQ{q>~0?Btk01n)7wIATu7Z{2?fVl&CswD|=nNjd*z zf+A$M`4|_F-4-8#E$sZP#R=!wFE~K0O*Pk>pL|-wh+-osAson)1eB1pU>|ObA|j;o zKWU8GIiZQ4<^Og8mL?E)W4QRQ2Dznyj1oLvRvm-hQuQlZ~7{<C_#{dp1Qe~oWF8p|YLVBk#606^p+Wf-tF*>Ge-noglk&T5T5~$gg!C^0)6JgT!{wt@5F&*cl5T zxp+~6Uj75gzjXJprX@~zvRmTp%iH;Xy1L$DoH>&LN9z8IZ90I_o8Y+tWbbs%ZmQ|B zMPC8EeVD^KJrsaz-$p?_O;U5igmzY@UNua(DVX^x57{Lz$+ zl6jl8{4df^+-_%4|CAUOdkqCSI%v@_F}()RmGy1d=**0a$RoHwYRG}#y98CEvm%Yy z8=JH5pawTl7#aH!;4r)Zbgmyb&--&Bs;NOhKEY=pMNeVExn_CbvlA<+LbECKWR9eA zqh0=VC3}+*Ol90aI-WN1Iy#35a18^HG1Rr-%z(P$ARE2{_zmsAnzkfK|MJyOi7@0Dvo_ariQ1yjdWR=whI zw-?#PrxW!Tkn6ktEh-Llwttrd*6<)ZtUR8`tv(W3RX3i(+rB!%Y*Es7x-kVtBQQo? z6QDo<%pcGFUIVOxa}w`+1Hj0)9MVITAyIiv_f3@=FAtS7PFO&h@V&X|UrC4qaX{Mx zCpsh~v4n}Ac{*)!@cYR(x{|<*#kFF-o*TN_5dgg$ymde4Esl@BtSiPJ)}w>AE6>0i zns?wf1^Aq|L$83O@3g!2=rsQ=+=c+WWfu`D4KH9kQ6F05vS~ppEkYrvjQ&&2`_v`} zFCcIqv;zty0?NccJACcGUPXnO1z7-4UCRdQSpmsGpmiRXjmNa)AoG_P5<U=2yk`9zj5tz>jmH_kUfT-X@f^-c$Kp;7-TPtx#NRthh+19Yosc{A?T_a9_f58B_ z=7SfSzp|cFEb&JGdHPWKGfTd!MtR2Q5W-uwxc#Y+uq2ZVyJGHBX9H%uguPN^1lJ>^ z%=hHt;auXiAb}f+j{mD~mvB3?^|Uy&EqSkc0v%{#meP^m7v(M9u>iyfo5k8A$ofkR zwKN6VcpIroJI5dJ!=JyMB0j7aV61tr8ScE4QPkI`LONcXzZJ|Uy^Ggh%(hp0w$Dg* zy}g1kpDS6%D@j#`v+1Z_p<6@_cKz2nN7aPTNKU@FCnPJ#>%MV-4<|K_%Nc@-8Uy0Fv|#PA?LQnj&x-_|49x>C<0Frp|${I zoO1GzP;nT|I31c*ST^ybMPg^(&NwE7p{h#3^xwERLTq5bAS0IkM>AO*=97ffUzLBVbMHY5>BI8_-LYy=zp zSN6?FqJRTn<-Z9I)-tIFoDTy7O9Apwin0R`2UpT3Y%CVx}B`lc)KyMiaA5sY7##q#Xx64(HCD zJ4CIYvpK9B`G7rQNmBgeY4u51{(xMnbr-}SgYpDfSl%GhA-Ib8-{!nQHpd}7L z0b1rUu0boaANLDk&6yk#8#=8oJTQUFCj+1;F_#;R(Nw8ONEtB<~1{Qzhs8oTWUN!+Fw2$JM_K) zJZqrNK!O4?oHxYI`Y!`>Y{03J1Ml@EH&prOy}kZ5Fdn-N7o~MrNmT($k3!6?Bu<7V z1~wm@W~93@?v5CZ@fnO`I2$ajA8aD9=-%NM%7m+)yv>6Ysz!tjI7% zf_n}6p+C@AOkk8AX3+eCXJtdrT6$tEd<-=&|8AV1g?vz?yaM9KkTM+r;9h{2Kx3kD zWT=vG4Cw?ZrOP}H%TBYdb~a?p?5%E^`;c|LYK=p#zJs3LS7CE`H~~naY^NnT`aZ&U zx&#oFrucKX!EYktIwWGw)2Q|ZNt^vk*zIS~sd3%l0=X28-W&ia0pZDhaV_wl7J%+6 zL8%W&(<4q(h=H_8X^Jtp>4MLesF0f%zjHdGvSZ#;fCcpSsU`Lhq#CAsiBJpTxv%1q zb0{F=1As7lpA&?-A<3Mmp2Hg$;%cBj&6^&20N|?mR8v&n6Z2Tqmw!OOQ2Mt5IAEpp zcAIk=7QK12Amqowhm7Rmu?-y^YX4Db#Mz0U36B^7E?hVr zwR-Vl!;bR~Vx^#C2oY-+TU`#M7S^oS0LWzq?zUBje(fK0h2|ZOSt3;qKI;%cx9I`H z!9=)0S?zzoAB`45L(=fjr^47H#sZ zdX<~=|5msOS0S3mA6OW4v1t&!kY)~PLrEO4n^N+=19G!1t5$vcI_ou^~N09s@$X=_~L>!G8h!4%Kkw_UZb3A;Kv!k}-yKJn(9^0?{LNd$#fhjs;CK^4f0uZ=K2M*tg^Sotz4?TFi8C;AEV zciJmLPj1|ur4#MD2s!M*6?N)CBLtE1@?yt<3u4tg{(SCoI{Gl~LZc*KyH|Wy=PbOX)Mo7O+zkFrdXqMkWyuPZVz+sieqU5OUuuGVKui5rho- zP$0=mG{VH6XEHL#uY3=yPCy!*zb5?i&p4^lsL{{Oj-~G3*$q(Z)5ZVfxNW1J8!Jz6 zc`%hX`ETkx^{vEN_jz+e?xk+5{(MF+C8LTv!B?l#$uqmti`_*sG&J~|57h|LJSsoQ z*G?RdqYE8-^3T{G9jJfNd^p!uDa^~H#WblFQ~dLf?>AwlkrDGUr{kNGt;ZN$+mGer z4Rk|e!pzfoJWD7m{QmCE2{r3-#m$+U3ch*qY`?=haoy=wI- zvx(+#RQ#<(u^R>kesOVr4Yf-#4%OW@k1ibW5e!L2_Z{ad^9!j(B} zE6ueRGTg|xj&d$2^7u%lkCMDGxOP53^kOSNzlsnT3{3`*H3OzNi!hsd2zsHVzNQxp2jJ2=Ov2$^$3Lr&TC$xV5 zP-$`S6yVV+0pW(6!};jI8F)XJWP^X!@rj-rlc9k$|`J>_|(xQZ*vgTt0f znz;CQsc5$nQn=Z!Z42(d6H8yYP8;;`<5D|)#%66+eCp%6(C_XBv0cBu|M6SJZxBF_ zU*3}>p|~jHQ65<8l ziUegNiQ^qs$~n^JueC7GXh+iuDg#@0{bjRqEH_)csoWY=#J{ ztzP`moOXvfo5yPcE}2Izt5=@0X{AXD-TqEHoN_3F?>+Ute04NU*MPHH-6F2Tty25t z@ty7O^Uh7YcOuQig4-ob-`qHdf!V)^rt*qb7kkA8Yj z_}Ozm`VFj=V_SKP2jTSA8Iu9qg7gr8^B1zvd?1XKiJ8~87*AOwG$E`2qwCF0(QRfl zbLt<%!H{HV_;6Qa@xR~8Q=cDbsg1%VXO&XbVt07*H1Xd0Q?+m%iIS&fRWC`59AkrW zqwcii{P?8KY<^sqGtp+l5*PR;32(qucE9BJG?Ql54ME|~bmwwThB$gZr7Wc^zs=31 z%!O&a0y1a1E{9wG%Gq1JZ1>C$wLcLwzq2qFO}VUCQStW4ul8CBjpQCr!qC>aC2qr| zhgM}iY8oz%&SUxWPpOkHb({?(G_NvbGZ4MXl2Bt7P5z$emPQf-kE{h_i@btU#V*<8 zbmTmp#vAzn;lL|@QFV&B^Ua@;)a`Q`{sk0e3piuE!%5V`|$yuQMxuMV(e60_Xxa#eWzv$>ZxfrP(ab-TN*1G(~L1cZ3=@VbGA)?PE*SczxSnq=Od7GJ7XI=0kT7erk)L! zRDMLL5H3#BgNe+J_n@B6fCFuBOyM9n2~zi|f3eW800t~a3TMz$WowCe$BTIG`i~tW z-l$a+JG^1ct|)r{QETHp-mlfwn+_sQcPw?I!d0JTgi!q!z8WQoA7D?*WN#nA=kuFV z!u*Yyb*2Mv{GO&0y>c~;%jAW7rDg4pbxa$7SR4I0FNkwxL+;TeU*QnfYCh3sWYq^3 zy14sY((DaiwjKwr|7e^2=Ff@M&-;nVDz~#Dm4utmgp4l+tKCJE-$JnI)!_2Edj|LI zcp8M6*-aVA#D3}@Dst3ce3Ck6Arvv!sly^7zwD}NfZH{9+mbNG=aaj#7DbYMtm7)h z1bZcQsakdMTB^U3Z)CMHW9nV^(()qb%ls10()su0s(Dl;kKRu1bFg1-iw}}9Tfskw z6$U zj=Y;`UT=I<;BX^A<<@v2Q@mfI6Jhs#DYLCrfU9}KS+$g$tKTgpY|uO`W)wqFm0>cb zJc3A_9T2#V`jVgjYCGJriYa}T9{&o1d&J&ZA9`N&U|yd+$`}p#Gg0)sltBarHge_r z-#7hYWEI0D4=NPx-<@s3^_LkW@?2L@C4RuQgQ-utMt1eW1MP+JhbwXvu>lFcDh?e? zS6I~yeHbSH_)W^b3^wPr=BJ)svLte(GxgV$TN0^F;dIrf908!8g4ha<))r@8O&^wtUi!=+%i| zln;_qtHk-g;lJu;JPu`4&bJM$wNjV3#`*GpeX~FsbNI!}mfFjY27A8c_1WQpeo0B0qCKX1!V+_b zZtMCOXHV}+%B>*P=myK2+Z5lw(cq8WpHrr*Of8zp68Ip3PphLc5)>TFUj&SrzPBCk zH*Ded=AQ~9j3?eyV}X^z%!UtB7+!bJ%hkVj%z!&~92i`4X{@9e$WBb;yd zkfk?tPDjOsBaG!>?N!zwKPH)e-@-DZ&kxh=Mi?bh2!o{wL<3t;6$nh+pd5P)s{l_?pk-ri>?%`WZ(|igRyoc%F%v^5$e4Dq*|SbWPM;#`frK zLrXy|TOEFTNu((uv5wlv6@YI01jAZe37MeN;hj1mO+!ts$-V+j^~=uh`s>2hJ1e8G zEHY}=Ij^?wylnmM@8|#1Q?=Rg0j=&{l_Cor1s?yEs^8wF?^q=&&eO_%`TJAh65e7z z)<^AcT`M;vAJ@}<8}n~C^E6d}M#t(?t)9!zkmxMdBYP|b7sDmW^#@HcH!Cwpc@%#= z>f3ym+m!IY_UvW1=Jf5gwGO5`tid-^Wy_Q^N1Icq!|+<-8#_8&Xm(4&@doq#Xx86w z&HiO0R3*(+Bz=@g&THBy!#mvW_2j2n!k)8pM+#>?zCK zoLS38(CQK}k;Ha@QLntG+4SZSbj?L34Hrk%fvbxQWkU-KZ>uy`^mLq}+x{Wypm>*$leceyE$n%XadKo_GuZ&$Y2 zE!7CCv@~dAnrS!t)3#=Z)7dnBeba%|o2>7)HNJZ{@~lYJscdx-(maV3WF3J`VA&DR1p=HZYCwPOgGwyNE|f! zteAzGM#3g0b39yQ+)6r~eyR31J>}YeEJwU6(?Jty9de6d`qx2VoD1isi=27A_R+O> zdqX9Z2Vv3UuVfVe4h@N(pVw%9L1HVf(QzYk??q|r`@aQ08F;0C>*Igj@U;lJqU1CD zkdcvb_L;`!2LpWHe{jQlTsT_H=?5%T++o{x1xi0Sa(0x zBe>Cs7LFdzJtemp`6V&F{#HfLIDHwpCebF?o{x)rqqAC@u5AgIZ3X?u1ke&#b}7F1OBaNv*+cd zJ;rkP7!^C{_vD%RHa{zsrs>8_gau&G9Lx% z2NLG8F}p`;t?|5{!hhO2SEW$r+|`!LpFN*O$ec=heK(+dhg)&fbwSWy;Yw(e6-l0P(?kD#UnGq!mp|JX69}kIPD%wMNfW}Pe|p5ua#?dFtdB?ELR_Yf`RYG zPCn1u3JaY)@jU~pN4sJfPk*tTrj<+-(STJmEAhg0DW-P%&Gj_UDN$8XA?nI8(937H z)QV*?YJb_j`D!=ABHQIn$FEoeNy*`3Z@KLQpQ;=UjXllQiEE+*^hyd}f|QI5?&8le zr*oF>?(e4HrEF}BNYFRFZ#0om6&m!l;F;*lg5+oc}}r6m(;7y(x*le96gPohF0R^;6^n(KxhKRtMU zeofZ3)ejS8cOUb91b~TY$dNYoG29JfGJE4YYWfA#Q~DJkzTyl!9t>$^>+(vPq)e9m z&8jz9D-kf!c4HdsTvNV+$vV4R-+QZjXMwi!Alf45$Fl2qp~cwEpVJt#u0sz$($;Te z(SON1uOF{2&$`*VB^pkuBfm=Zv*I=HplYS%j%LT<$`&41l+QUj!Z~4nrroMLnC$$| zon0=ARJ!3OWr{8QyrW$epMN&;{1r#yb8iEJ19`t^9z{{e{Per*Rw;sS*nTS^`zN|b zSVC<|X$HP(;nMd;saG);UmJ$9qzu=oeuh(cG7PgmX)ej&z3zO8!2Yw0xr*KsmxrmB zIK5?gx5ZxBP$N?*0PemC0lBjMK-ifgs%l9vuWEzRdrWO*8PZ0FRY z#e_1Xww66fZK*}wDt*K*`Y#s^X2_XOf?D+5i(g5|a@e~Fde#}tZ{WQx_OF& zvyR|LW;FQuwM_3Bp0lcOS~J#weU-n~}eGDSIu_ogzoy1#XlawSJC{IkhZ z9rr!@v@Dz>iyp^+E4jIwp8E8x)(b+$MJJ#Bh=?5ez~p45+cvTfJQk2 z2XtdfSWxGUa{j7phT8)i?R;TPI-qfNRiC}oB*A_ym+~0Rq|2C$!-h2DgZgXBo@XM| z*uyNmWuuR%;|_%7{}M&I?_W~mFcRNU)+98&Um+qhv&)_%3qJl-G6J~+N>Hk0Qu z7NM#A)`IMw{E=T^T3Z;Eu>3u9H`9>4oD1Y7UGgw(HwQk#_cJZVr=aA_Z5rTBBPX0Q zbqdo$;()#p%HvQ%)LQ068Q4#H`^Yg&E;32Fe)v{C=FAd3{);D1*m>`Ly`!l`R6>>{ zwDwKSoaMnNmTL#ak4d`nP6~z4`{+D>uCJQUzpnOFy{+eBcFSJS_ij$=*}3^g2BwN; z4(x_}tIo=wfBNfxT7HAw&!ST-E5aqyR*yMp;g`q@0?i&V&VkJ5C z&5I4K5(^X;3f`xfyJ-ZRV<*5)pIvNHwHl@ReI_o$YVvznR8CxxWV9+<=~4MMt8*UD zvm9*ott&KgwpH)_x%K1~49vOl3IlgO(T7Zx*_HQQc&YPR(H#Puuf38LXEQVA+cWO6 zik~Ik#o$F9|JJb~GpW*An_hs5J(VYg)AJ{TXw;>qIx7mU*<(vJZno9Ja#|HZ_J>^W z`qJSD#pS`lL7#OQ+X#F(;d66<`08mu+`F&?oPD0^lGdoP&Q9 zxA6(#sa>F?W+wE4(TMqLzAsTNb$BK}G9Dz;6JJSTuOqr_neDG`$|J-zdqpm%G-_-n zX0#p6?Y`gZg<}m>3}g1Y-r>3f7VldZY5Z#0zQ@Gw*0PNy6I^VfR$IoKIoi+b{6iI0Rz^mS2`-fU$uGY2n7 zf8?mdW7J64PF5?O|Cn7qk@D7YL7waFi-`4n%hAYo*e#-OqQ-_uDtncuy&gI21Rsui zbbLv6EJCSfuox~z7J&@w{aJTr|eNg3IT68`K_r)0L8_Kc6{lD!B}=fXCRw8`GGF)`%Jop^0fC8XwkIxrs>GN}1Z{ArU2 z=OBqqi6LLaOFSNXu~}F5-wfqljm$(_J=5o8c)Wh zkaG%>wW6V{xeR7FCw}fUq45u{Pw6E`*GzKZ*38E-KcdQ zHv3C~j&_@+M+)C1QTL~Ga~`*vX1@O~m41V7paOs9$DdH7FSDH)zr|#F2?r`k`Cywf z2HYAkvcLD-Q@{XYR*TTJqhxart*a;5V!T0J{Hmp*t4gp}Nk| zi842jvnh=&;OxiPf`W=b_w^KL<=3)K2Y~(=Y8U`6$bU*s0?;GnlwK;3Lp^*(yS%)73hrkD z42s`C^LyM*VAQuFG1cG&EAcvSJW(sto=U6SP8%lC%j} zU=>elpJdT*rT0fZ#D{rk@jS^_Ec|9O=kbEgcsUhy>9zu@;(eUA2DIBX1*7Myta{DV z3Ob#44a4~NZx>qJSzWird;W=`po1uv@&yp%0=0KWB|biFlYu+1VF%kzlY~Y`CuWv( zc6Q>7s_FLofi_tpZ8{TMn7AhQOn zjp)B}BM|RSksT;%p_X9g{>g}t5Jcb`2}nyzn@lY=6L|UZBk-fzdDUNop6_oU&S^>! zJYNaiY8((0(l{z*SXjY8g*&AL7o@+RD}Q`+x}}1GgcRG}-xzQQdd=FtBaO6a?etKM zY7E>6$5IpI(9i-*WQ>pB>#Q}PmPSWru79Wz;DKiCsO!8{z5xPI3^YIBP_mq@HWlS> zfYtrHQ6vPCTV@4gv!}TDMOqH+mtg-q1n-b>(h5w0PT*A4=q@)T%@U{z!^?b^UhlU4 z5*RXT9akj))QhhuRd}8V{vv{m-2wyP`agrHlfF7&0EiEAY1~SUECmraw$2Z>e}o2q zn$o%fEw)FfZslz1tWYIl6yQXWj(m6BR~Z>q1LhG5J7$X^nXBXVuuZW|bEYzeIU62( zsTNP$Mhrv;t#& zi1jZ1eqHYR>h|iD*YzcZfM@r^+uz9kiT94rHx@~oFBG_cLaw<40JoKu-cM`@-u^zP zP%&FH|M+uaP*bud)T>QFAyUN$Ea(Pp{4f6lw>*M-38Z;_K(N((m_8(z+hobZ#Wp$+ zY+Z5H1kfvTE}-!yt3MYQp6D4Ut-7*VY^9oI;ds>~?U(q{yMD!-ne4NgUo`mlTyw_N zlc_I--Yy5)+&@2Ml#sn%_&9FTui6Y$o)q}4O^13QD9WazB8ojL00O8H21{K@yd~OI z{=rRPKnz6`lzCVY&MTS99(<~;STx8{MD33$6}-E`s!mbR>N(-xj1wK|O~CB`#$owp zzpj1j{8#(L`l~($?fXutW#K5fh4(jrB=rSoL4;W_tam?dVYJs;jAg<6Z1dIO#vjEU zg!liy_m=*Mi=3R#t<*u3j6aGA&*Meiu5RN1cLUm5;DV^A=t~y{7DWxaA0MSP%9!yh zWsaQ_R6XNndN{;3Yh1=Ae)NTns*S(G#qY2;xEAv(4{!FI8mD0B^?X9=SH2>6_M0(@ z5|?uWs&#MjdAz%Ryzt8s41!vV?>R10WO0bgqM81uiU##= zE!K{^`YS?72(U4RK$#B=)syotTgdS7CBbSF$MmAn(|ZoTXhoD!lQ^@an8QviSSCU4 zW_h;Ke6oE8cT~;2;y$6g#Nh%0Bx2Yx2A{Yhm<+}fFm|87pn|nnCqRVT8m_TE0d@9P z{1l3GNsmtroY@(R*mmD$!mrjt)w+;MP-?i(7V^JJ9=U4_>kNvC6|t($NDMCM@&Mc+ zOHhPQ&M>n9E|6~D-bvJ$(}BCyGS6;R*OdRzJ(V;tep|z3KY;m|k-7ye5`fT?Y0CQJ zOHR(3$ZX%;7qZQd z=)3q{b6H?1O?+{d!ETA=>FsSkBooa}1Is5O3pQv>j93OM;iY(>;r z0;PB1wf~Pwqt3d)L}nSFC(3(iI`|hn^LJCQ1GoRHT>&g=)4P1b!x=#3lUfwf)7?F0 zp6N^5uImpJ8^xPW-&S8wrPd{7mNa5@zk z2c0Zc@_RgQX=ygIt?{sC7fmTO0JpQ#F3Fi7x-ZksQN};&tSv!YFT=_U~ z!^dqGZY-2W7W9n~g#mYVo>P=(F@6`?U-1O+H6(Wc(^BYW^u~eTNl#CYxSi8t?i=hA zhw#kNbUr%&ByG@ec8JdK;kta|%4)+k1Oo*v(`W;R_So2d3@EC>j> zpT#qJBT|!3o;|yzDbv4PAXN_z7`)uHC=AC+#R+ zU+y|8m*taS%{3+)vl(S7*TR#VD7SB3A?5GWDm`d`Bs?D|m1C3xCIK_?9ym!~bXwNC}~$-cB5A zUHV_pP2m25mM6yapMU{Xwc-YX@Haq}bfR!}48Y6d0H8@7A|@&tiV8N#%iBL?ck)Ug z)Iu6+_S;6`%R#1rLeY1xTLjaEFYc>s0MbiuWk2@!yzMNePPGKEN|id+M$}MKQ}++| zHQ9gkdVxVD{B<%=v0dun^|OxNsnR?H83HBm6~0*!XV$&~0ml zk1p0X1b=S#jLW#J`aKm0QI26iEmS;G?#1vk6JBbc=UOw{$VRN!;rHqYfH{8VN}xDQ ziOFdq3Z9Yd((F(+|4(4tgM=1jk83xod-vbgsn&=~mJNrR3J2(599nGL;EiT&j$%E} z$X3pi?sj&>XHf255&Qv_H2=|Y?xV=2^CkcZ@~8aQYfOrtuZOiop5|iqSDB;>k0sh$ zZWgRE+`lQ^cmveWjHCC;AcGm+LlOlLKj1T09g&Zo2Xxt6_45JjJxp?I_5*tSdej7Z zTRKXf)L|xbh4JPK1eM7$>lFNQ#cWu|%xi!Svb2)~R34}hACx8Vm+-fAJ-;%KD{Jc) z&WC>RZ3>fCEle4=`;jOTIKS*ahK`Lmw%6`I!!HIb_+VuDQIg4#p~6*5cd(Vnzdr#v z9RN>f1B~V;b)$K<7;INxceJQ$JE82#bl;0Mr=X3~#d2rW3S;}>2nUr1AT-BDZ+!P( zngFwdv-DN&DmmQWiWTjc-2j_2{k4$}F}+NVY4KEc*t}m}{vCv4)E%t4$A^bmz^Y;a zy?8=Qz(bIj++8Bb&`CvH8P{GIRLjjq{By=xz)HgG7d3%Y|uLof!Sj1SRlSV zGVRR!X4BPiY9ZQi1S$7?y%L}WQn(%8j!+|L{3}5V3#)V(z8C{`XgScb8(WB$ zej=Ahg5JB(BE}@?mY-_0$zCA_*>V>1=C@7&;>l8qQU6$ts|r3sRa;Lu>4|^PHgD zQSkqj7OFJ@3LdQ%b<`%(`aVeB`Dny`In|5m@q)w35X?Ixf0B0sqr;BfGdi&F76uh= z97<2{>Tzj&0O%eIfUXc70q~)snbW*Ur+xzP4yGxd`SZx0=bYTsqaZsuI>t%P+5m{! z|Nn!M0f_TnP(zNwqS2}3r0IA;$~?w5Ul_Zirk$EFm$yHaDcJZsZvn`w5J*v=lK)sJ z>5yUT$Jct0e#SL4Oiv=A9pBD9^?p+I7=C_)(x1mB<64Lp;v5wl2fTdaz{g(%96|rw z0?>fcuN?@4-h(H$bkx*Hbo-p1WOc+mfQn-13oFEO8;Vx;nVI@Iu)KEbT>w!n71WK9 z2-2&1YGXu4e}DfgW^i;(xxSaY-s`du1;vmmyFA#@TvoUCD#-7cFW$j8Kz5ta_@D&J zD*tg1pi4RjEI0um2l#)X02_x+u&GfH$o~fD5SkSoW|o7MOJ%=Mke@5(B7q{=$Cj2B z=u@%)HIcHsw}@3x;{dPAZ(&Erm9&w)R-s(GgJE#HzNSZ(yT;cWQD`oE4Jx9&AaIHM zj7H!x(f+lN{0U#*klzOfLy-myP@S-n*l0GpW{P=gL2~C?KG@Mb6oz*9>#+yYV|*+< zK+0=+`2_@F=+nvq2nZeKw}?AX^8v{Du^&`fqr4#^L4p@5;HIfyW9}nz^MbUMyVqY( z^Z@sLKCtIt8eG16@?YSLMCAu=*s2LV7#LCtHa<&zH+YF>0>uJ;~;l}f+% z3MlgoFpdc^FogLf|F4cwEgxX+^_|g1qws?9sX=uVsNC`HqzS6%<7-?6zuB^4MNSg* zK7a0e_!SW<;4cJKzcReHyaB*?hTgCZ5BEaayp6a$ z5|Rv92hSl!z*Gvdj(>oiKg-iKJYa9pX_yqoJl85hfYcn}GisK;2TmYcMd;#aF%YnE z`fG1TbQ{!B}!Lgf`QI+hKyj|h1e$@ncjWOzw zDe=Kdk+>~D=o)Ks-Yj%j?)=ZL4Srjyr2{AsR=x!TRFiR@D{3U z1Bw09zVzIsf}D*mJQ9ahKW!vaNP%C984o(L-ZUkKqZxxFk{oKrptm{Eofq4v02IEE zi&nQC`L(0=i{LcCE1T_9b?7YryA*=~l|^v~YE4iV7(jpN-T2%BvnY{SJ(*Yb2-D8?tHqo^jR{l3E<+eV>CyFs)Rdq zK_=?_l++I(fOx_1QRtrym@OG7(}kyq4iJRb-(QGHIlsVr*>~b}BJ{s{OfE~ug!M7t zBIfnQU#Yg84}n6nE2Cnb5|fwjLZ9fqhvFP?1p}PMt`0E4xcWSJc6WbxN{kZ3?eLKE z^`vdaaU_m|Ik2EA#?mf{7spj*HYqbT9$1JE;#my@%ewwBP@y|CVXQ{a6WXa#txq8N z$vrFt8FExyzIxAF16bWpkU|6O=A#=z@m|l#W8h7U0G7%8P~#py=)_y~9+k_Oq@vvb zTe@bsjFMGdD(gfzk7!qg%;3%qz?ZuQwfFxJBjBf~Q4fVJw>#^N$>_EPY~LKqUz%_M zxq8dRX`ZqlDURoc(hxuf=Z6~gw1EQn^w!<4N~6aBd8*q_%H_|XTOElZ*&ztGV6Y=M zmFkM|lF$3xrrA-9=Q5-c`(MO@;lo{0Dg-$w{aRbz3^$|79SwNKzDTNGO$;3S9J>9x z;QD_9js);E|0sZZeGl7&0A$wg*kxy$S$tnwtw`>Zdu9QMabTA2$}ElKy+~n=D!<~V z(2s*2VlW20c{prPQU`R%?dk>SpmJJ_31`f9E#w#;jjz=_C^#{zc7w{b8!d+O0ot%9 zB>x4mET|c*DGlvKKAxSz08Unf@UjqqcoGHxkjyUcbZhLovQs5S5kAm zsR>wuYnD*B;r}X-goR+i#tIX7n_BD+{G&VT{p_4SI4c*vw)DD7PwqT|_QGrdK^iQA z{=h{vJu9%;CJy|k)cZnj+a`B@q)PY%KWq)l?Or*9ZN!zW%{RzA$_G#Y7zcJg-2b~F zwE)Cka0Ws>KT=|oNYAyLaDt~DK(?t;{a^ITSMF`b!Y8E~aRFQMRXvjxl|!x&gl zfyF|Z-yM@7qJJ7}>wOzFHsVZ1N4I_ToziF(K)!wh>Kq93Hz4=bk-Xp&@oMQk5i3rT z$Pg>iyb1>sVox`~pLJo7!JqXB!ei*^K_jNIzW7l{> z6WE?P`X2p{g8D4WI1pNu0R>{lwaTA5D(?aQ&oI!<-uIa>2tnjjiKvX{xPLBLXXmN* z&+`n`VreA?Iu3FZ5o9^3+->r)0`k>iX|-hGez_mV;Puhy!;pmgSQG1u9c z=SUnR5@m94?31*5F$GEaStQHu`v5!W%or$piiDH}3PwmxM`IonwBX-=qO7?NEAWRD zdM#g3k@I_G{pAorpEEvec6N66sQPx^PpK*d6$twDo<_%ar54jIuq*owkcj7~#+y8n zfjV^UkFaJ94ODRZ0yq58BcJ~|VdwOR0N{o)%c4}p zJLO&00DY|+uu)!Uc|gmS5)!)UWB{12lpk22va-Uysc?Sz>!zFIvnJRt2B<9hOqyN3Ho_;f4ntkk z+*Nqw&*9=Q%4NSO%de1o)oE|EQ@iz+tkWDx6UTzX=UwIALeqo&f$UN->dU%u*rC(m_p&uOGCH-_Niq@d^UhXM%~FSS^35#6K3me(|2ReoHv1?N zo|yl(yfG^$2lm}{W)tc~n)iq)HjDdJROXJrNg7X$&!)pDzj=n|20DNPsZbRJz)Ai2 z=q7i}82CpmEa<9XLwt#s@(V-MUP?%H;00!&M+ZvU+D~l(!WJbDj~0z_w*ZpjvRj~^ zyp+^fE#>K=5fLFgwPA$tCv{ubhHBtsO)it6r-Q+I2K^*aXK|HpdtKZeo+>jbvdnsL z7AqrNUQSCE@a=zJ>v2p#2-86-bl~&k0!P^(0+;AC_{xkB_LnG9S=6xEk83ZUkUycp zT;=)ubsAL9NIyVZMJZ-K`yCTLAj8vOH!7Lyo&n-Q7WlJ<>N&j*y}V&3#;2zku@1^rp3#h}OIj zvVC1toy6*L+WM;mi*3aTZt{zDl6A%omz2VCK2Oumg|}MmSj7NG^J5f&iRNPZOwW&x zkYm9|*cE$>SmWo|0}QWB$$qqB=kYq$`=yrsiOIB8#-~_G_~80hSQeXInSimzXzCqN zqtZ9km$Aa)NWYW6y(#d~DAz5La%=tY@7<(*=m6=2tGn;=YheD$?owly?JM}`0;O#7 zgp@Ebsk*`yI%ts2Gmc&X3gt{Z=8rNiB3z68JxN_X^Cz|6U!&rr{_%&>>i|9RiwHPO)?0>+lL75TS6FUXWm zu|}QQCAv|=IdBn@|K@ez5Jpz#UalU)#m~h`qoDlrK(1fqaZ19l>l9h;=to}_$==Dz z{CzW#aHsk#I|A70Rko$hXP8L4`J|~kKdq-U#1eIwS1izl2pqCA#@oiZ`B6~DEQekyOJO zX|=CNOXtYytiMb>6=1I$Z`u6+A0L=8aoJq2w%*GbCy;{J0?BnB)0)1Bv$r7?aF$0#j)Ah!#)3XCbF6;%K3E`-Jbw5M(6 z>*Z90+hat@$^K&j+#zhiC4W7GKDti9MNsm{pH`kNUti9SQxS&6 zr5GEp+_ZQ)l?TkhU4X6vjVu3N$t-ez*c0oXg5|oIh`Udz+};zK{)iM~xvqT6=vmpt zoK8afU`t;N1|ThT0RE@|Wy0yn<~OP5Amq?s&<{#}z0&O}s4RT%V&^qjBCj`zZc%P^ z2P_bWAo(jaiG^CKD z@;^RW6&}x~U)nD3T-x}x79Ua=q>GQ9w=rtvy+)~aw3x5xzqY26-^3%RK0SOY{DqS% zOMFw_VxbacurxmWaa7Ozk5_%@B~G6%^uf8_s{ePV$;iK>N{F0w)#_R5E*gvJ@#*dt z-#zw!2%L}{5gtkQ@R*Ve+OhAh)3Xy64ls@>Ik#719R=S4&`E>6DMe|Ck8thic6omy z1}R1pNK-g);*z`X1n%(;gfsf4@R56K^ejVuZ1Lu4y|xV*>0QF_rR*4`bdIOG!lFBA z$W)#B-g2Re{J$|vN0r4jL@yUWC=HICaKv@+xg#m{@gb2;!M5XcKp+eEMVsMt;m0j- z9I7YEBGIsnZOjGuHTfT9UjAum%PbJ83qP`w5}P3=CXHVsJ=2yyWz_0To4gZax`=<~ zR9?hK@~FqYT9_6&Sgeun;{Njr9wBpM!$8c5%^PJ7L~f!=!YjRva2DysXA?ODt7#Dq z&Yy@~moJPH8*buwu{xga3-D<~^vnhZtU~Uq#J;3AA#K%ecLY9Gmn#gEV18U?5?PGA zwxlUtEk0?)-^&~+R`Q4(CvEtvDXafbQwcxs(H)M@@tY5fN%dl@4m)}cIcOuxOV=?+ zXLMoVCt)532|XUZ`%;(mxl_J{7g!$#sI?4As1K}@6{?MXbWAdeK{1_g9O)aXz=Fi$nZE7%p_TX! z;~k>L9XgkLef;EZv%Y z%+NCqf9dpwJ;Se6qbj!<{q#8^z~G>6#n*$?a7s@g(I6PkLRml9p@eb=ggwh@TMt{} zsK|H9NV?CT(}?uQioRL334;&rI=&& zi0Z#})&%afR}DOmXq~de2J#XM-GqxxqT6D?-%jExinl!}N_pBsWp$^`{tC7GA|t-t z&_$yJLwz+n#@_exvWS^6Z`}&u!8oSF#pi<_nK$lOLW|fnRX6Cm?A=(csk6u6 zP>(u}C%#Pr^Nt!)jCNlfWJDJ)*8hkd1;xp+N%*p%bp3H=^PKMAwWZ{ZTouUFP9kWQAa2M#6WqAMEH z)6)wpDPi(AZnh92x4-!l1JgctfC3A9-9`B(eTFQlqmAh=$EkrbV%$6IFut5-rWN%N zm^%y(P7?BOY|Iq0a(#r^j)>f`T1_N1n_+p8gU=4W0@N0hIKLYktZHL=sn{9W6Ma{l z`thmB49Ed0osskNokVgSgU}HenxFbNM{*X{LpBbXd7s(bKPv@t)=}6WxL@Ay-AgIa z4{mP+ueJq~ujJ$H963EG<*O_cBxSr;cQs`v*D1JM`n0}XVq!C@&jKl$uMo_ zeh_1p*NR#+Qy83+8cm@vLdYH4S;l2HLp;w!^i>T1nc^IEE-L%?x|FO7$)bxs>jQPJ z9YI~SwZvc2bG0HK@V`=RlXvxs;rb1(wHoLq5Fl)GEz%nze7@29d+cfB^31Z%zo0D|2irRJ5zIk z>oyU~e|6MWM~A^CEV@mq@75WQePp0mk5Un>Q5ix<^8!3LQsFp5`UVXmyh+Jvqe7H!BK(j=Y)ekx1Mvf z;a)Umbf%0JSR+S!;sII79D3+wu;%+gZJ`v{>9s)Y{QS>#n`xV&#sIanMgp63(Q z(+U}+>LA=7G`37iJH4kryZ6{rCM*#x-??cN{TRqhd^$XcdU2m~Ez){dZr3w|dwYf3 zcGJSmc<%Q(#GJM$!FE;4zLw|(HY?P;B87ZYW#NOi3_f4_wJUi8|(NzK~!|A97*RX+-R)tEe(Y>e9{M% zWPjthhK#V?fC*{t1C}ImG=F_@n`1(~`^dc@;)LpaNboZ&lXhj&ODpGM?XV2B;>90r zR@Pq^_T&QoEsCJRIJ2fW-^Z3OVO`&f`WR<~YC`=Xs|Dfu$A?j7+us-=S?6Y()K@=h zbOl;S@5ZTU%4d)XULZe?H(N?fWAa%eXM>Lsc+1I^G%MR@jV@`ptTH%z`rYHmwC+;_ z7OIWm&2DpFro?sTY(2K>DxqXkLop^y1nr;gtivnVx*hJ`M(MZi!BuJrktN{=1C+Z4 z955A6HCQipuH^aWIG)R|y+HI@WrS2gx>P^o7U6)f$^`%A?&Z<3@(;DtaOP(EbAE@= zF*pkJ$ok3GU@(qW+c22&#|5{mYfsO(5aQ7+q$P_{j4-9AA)B_^%2*ESDPx#MtH*08 zkH5@3k=P6y`mU2K$kFuUn{N1*nYJjixpGDQZ0>XMq$(MLd#H`*?+S zL8zmiJe{%Gb})XACY`MXyaw51wzvss;>E6KT519D(tcI&4%Mrzwxqx)${Sscn;qM1 zJ=Lv{QQ2dOE_lELsaeuRHBBgZBINn^`o}kn@s1G-*ZmEUGi{q49Nf?dSCxxWy>K($ zq;t;FdCt+n9qKX6t6%I-Fk@mwMiKjR4svNcxQxkj$d$ar5!Lx$Jf$oBrSN;rR3UB= zq6V<+-s*v-|3ag10_K=bm+w*QYGjE?m)=_&wW8HxpXEMtEdAev9}eOp>fuWS-$u+y zlE*l3t2muJEd?nJ@qFsU$vg)%)vxxOy!q1lTNs7w)=nfQ5U!qil*j*^tTpCV@Fu2|6T(oBksd=fOl-jtY1{&Gp6!#m*O(E*Hk8zK<1<#>*5 zGl-|WKF4Y7|55z1S1nj;r|Q~>e3{+7xf!uJrtj6xiGu<%Uw0vEVaDf0NFG;xMaEp! zWHBWO@WuV=N^M^L@m~I|YN|ej)n^hn*^Y@W{;X=B6H0~$ywUeHRs^RuQCYN)8MX=w ztrlP7?`lUXlrE;hzV+Y7Uu5T2nkX4x&!Hp`@-i96lJ>xAqQ+rySl94=F z7;#I3@=3`&!XA$N%yy2V@1jKM;li7#Yb)Y`K{}QnVH_9H8QWGbo()DE5EFkbsQpF9kTjES%r^_Qxaqg`8NY! zG*=h%-0q}tNqAJrH-YpTKP`GxJDxiyH_#SFz{-KnA_VARawN zW=^W3=AlcIovF~56vH%Q9b)X_#0WG)aQ?hgV?|!9&ZqldtqO@EN<~5JEWxl-Gub;h zs2Di^R@FtM<%-H*aS-9x^Qx2Za$9J%GW!RLH+!?obiLU0RkL4Aaq<1xp@xH0%bAB` z3Iw%}B9B`g8L{9a#=|9!xI`QQ*DQc=YRpu5SVcPd@56iSoF(9OT{O>R)pb(e_tV8) z{_ z6vqUMleh!(x86t0IF$9Ka<3JgH+_x_T#hJ5(v=mc2ht6=>lybAlLSBrHPIs`ASf(4 z8VK@symGR1E=n0H)*K_@imct`@-@+Wd&Ij_Z~P_OMZUaLYB-?H!=zBT`q9CM=&vJ? zZE|`XljYHiFNcddVT0Woo@r5Mt2c%*lu3T5n>h)lUmR+Qt?Ps?jwvoTZe%BLhaFEQ z9K%ZjM-ez)E02T1yB)XA`x^i9uj8>8XG8AJx%2y=0KN~X z=nF?Z;q^`OTxSPnf|FP05;ORm*+a)<;an-Gm01t4S>PS#_8NO5Rter7n50`*$h-Wm z**r8odfwV^{Tt=|MYWS9?Rng8yA_!-&Z`LqW5jGdCn8?13tf$eQj;%%wI!La`!iTv9@&F~t{fC;fXTqdR`YYDjq9a@a9s*28yL^U^|IHRhR) zxh`HKwi!9wwh-jw#C1wZ~P&6%A%jZHQW>1CXeO0^%K4pQn-P9#T@ zZyYjRTjC<)uO_PGHD;r`jfH4)^u+qS9`f83wtjkRIEFO-%;VWYCcwlEE@E(oCVz?asjIP-^Ew`)rz3|uor*rLaH1~1&ZTpCj(D~YDXu`4spJAN z`E_Cv}d%ZrPf<4xg;_Ci=hId{Q-kKHa zzd5+jSy|FTD)$FDeuY!68-+-nrnaFu`j<;=CPo`e+m+`n3go#TBu|{Q;J{vO5fF2d z9EF8RjWjDtzs>l&Rjb4Y#iG;;UFS6-2B zR-;jIZ9Z8WOw!J9RcvrXy-X&F#NE9ve{yxRveBgBP-8dvab!#Xkq6vL28V`2Ow>dG zSIQYt(DKSj$E-~nk0Z{NXRmFi)zu{a8G1lw<|@PN;KuLd_?@5LgVr845yFD%(Wuy{ z&m*&+v!>guzy4dN5njg{^RC}wkWA3A>T!0CtWtYpT<~#Z)}kTGaSDPC0f5v^Y*4km zx-PA@k_~RDmYQQDhad*6wuO~Fd9heH!>{PWNX2@yxx6(47uD03+_^53^ep{I3lZWy z${Y2nJK{K4ERDY^CN%{8)>lSrC4h2mZ7tNyv!ic@d@4FfOrbRx2;olsD1E z6)b4`3@ruvdS&FGA1LzOICPp-4WhkX(%eAPWmHXd;;36EbYX0Mscm8&%Bhd z8G?QmfYwTMeU&BAO;9>Zi)-cFFW&jNyzsj#?8kZKIU{rs<{hdF6`6gsRi6$#r{kLTiAI#p^)VX{AX-} zPt7AG^wDMw1%hvWET+>pYc9o}ndYU%bOgWR>BmHiP7tv}&TqJhefcy-FX&HAwGZ@? zzW_{iaY`nSo0PkRazZF37Clwqw_%2qc&ghe17P74;-Y9%}fr6RoVzVAU*1SK~3-;q4`pu|!ZmsoqU%dHj)_zr;k6odp8vJ zP-w=x5oo-gV=5T$CaI(8W|0$HOep)|MT5>zBbRJ57v7af9b3bRdNZe zp+Vv2r-s3*Bo3rpMil>68K%&7U6v*PbnRt|&CgmV!l-Xl4U@7jF=yNwf`7HY!K1#x*rdFb!fvWQ9$MW=ilJaJDkcbA|tz7`HDP(`dSjIT3? z238)}D=E3p;h{tso!<)`kt219UTq9>R6frwS~F#TXEZ)ZXQ(MvW5JBa@Jp5Vg#pA| zH@_vi#6-vuBrfhHi$lbaDxW;O!EYoV0y^(vx+cSL86Lx28Gh!pO<~MiB(Gr%jF4#6 z4q0tutKzo)oM?mYKXjTKQQv5l>Ux{0*N>||mGCuDE%;>=6*)ehb#q7+wH;RC+B&Yr z4B`WhH~OeD^UEiFV=eE(CkW9aGuEks<_a5#j*24i^5YR|1}NEDCcbmGykgz6g-a!Y z_w-7!lV_FWEU&eC`2}PE^3u=9t!Z5)*Ia^ZV=Tl%FO!TaPqi?x!{C#d9Ng{=`wci& zU#2{%iZn~CDsv)~`*6hD6xmCywr->;p+bigd=kZq6NL}UQ{+5m9{yqvIXRF^Vll9L zYU5S(U0K2H?yuvLLvv+%H%Z6#UpCQYj0b+hLP-%_{&(2}iU%1J)HxkA(41}Dt`!_9 zzqGs@m_r$1`=dzA+wuB01$*O$Hl3{+e2E?x0VD&pe5t4PTS~y?Rt#Dqu zY#X+go091*-5T%J5uy%*{ObFVqGm3{{(@mJWfH!JsC6SAXE)M+_(coV?#%ZAXL4ng zp0@e79d3fgNfdXp>6TJ*?T<#U_b`cm+s7UWK_f_^EV!Req2M>O(K;=UtM1-)M|Aqw z=$zn*QWiWy{je1Dd-d~=A>zb~NhiW#?JuSZ^1Qw5Pr6`L^1vu(Kp4vKDa|~2<`p9Y z_hiTdAt#|}1uSaw#%ZC!hCRibOELWPwqxH0NRC>-(O0n}A~iL`5fK3qo|}$`qwKY9 z*&$TwO;$VIRluxrM|X#>+w`2Pz7B5d(d?Xk!20tT-6$ZHO0SjNnJNhZ0y4S1pRS2I zkKesR!5-5wU)!}e(sAFhU&AB|k>hg<4I^e7Qn{TCB=tTwjEQZZm?^c&xp_#7?Y8l*_4v-V$g@x+6uH1*<@&N2B#THT}Z? zf~ih#D<;3g%a^p$8yJkI`BL4t2qNf54&6Z18&mxnasCF_v;?iesI z%fX-Ni&|rWhAs_;Lyw~x^6)wXDQw#Ebl}Q!$|ATsKuIay-j~&isPqmg0zEomE#&?? zpm?97i^;^&pJuw|z+AeiApa9Cz}lXwp`2Z^d4=21%h2SDuA? zWh7fAA76;Vaw6|8#=m!_izylzI-3{pK35$`V_qSh#CLrAW+gt-qe@PWYd86Z9oBb! z)Bv--EG=58=DlUEL;88Wh}&7&2|7{ezyyNTOGYAs04-9`-iAL6<#^1Id*6v=+uRg*xkO;c9^`IHI_=-(7g?2Np;wVzudUVPk zqi1fKY#vv|h8yfE@LljZ4sCmadP32CA&G_-B2O1^X5(#h+1mMrJ7Uo%bX0vy@1JWD z|Fj>?w?EcT@1O^5HZ9B;Q7YV^>{3iclI8fK z^Qgcf<}1n((v;O?@sk%cyKkQPk<5iFc$iSfe%9p2c$#_lL^SUri}8u4Sw%%&DNIEt z;|psrFWsLl%_H1J2|0%9RUyZ?78xrB49i{M2-2)c^2VQ5HNIoZWO-=l?=Nkni`k}9 zchCtjiQJ}|5ea#=zN>y(yz)zXXMBhV9Suza^kNTz8y(*OIL%FOkA}?~SHEwDoAN&k ztj3ah;1&5)>wU3rF|)&Gm{gPo6l5yXXNoRW zj|hbd<+j#LyFN7aV!=O*v2ka7N2-V5iVtm`y^Z`_TVnPWNGe&nYZ zu&oAu(TDayQz~c!%})D%Obi_~&-GP|q#n!&aqVz1 zB?hI1?J2v|deux#J6wdLm?$ycpI}MJ%S(VmCyQa~x~Ih)iDNqZDgvcPkdWhFKU?i% zt-4GWDW(P{3U0Suf?Ta8rr_H&o3z1C=h1=|Ke~U_X4W&+#o7YFgM&Nl>>Cx#F-Z?9 ze53Pb0S{ivvC4EKB{$yu1ww?a4t^(n1oarps2(Lhf&_xF+L{uzM8Wxu7~%d;M+kk^ zC4C>XV^QqasC;sR*!MURUmq7DAye_Q@e5)R2A7oGnis0@O51=YBsc;alFwW9>p=9= z^d7qt3RH*mm@t*ix_`KM0yy|Pv&BLjhB;;m*PzlAF9!GH`viIX(gxf{>Tl|2W{l~r zMWueY*kj(Pd=_KRl2qzxBrMBo&vf4gO$lZSnE6{I zo-s1QX23|8>e%TJ@W~3C*vjf9KWtLWm{|KQZ{I1YoAuaifSi!;eV86isaW&KN2VS2 z$WH+u18O5H(Z&@XCD>XsmXjBB?ydRi)|kmXA>~z_KoKMWDrfpY;d`FdIsYB%@!IIX zKb5QwLgY&@O;@GT*yc2^B2AX-MN11XDX6t=;u`Idn@iNc7E<L0z0d|ixpu5OwJk&6hK-tCCr$$6=M*(EXs4gIdPjx&Q zw)&I+4p~^qJ9v-)`YgSyU>i|2>>rgbEb2XXnZ=(20v?%|nu??dvHdL?aI*#G_?T?2 zq0m_dAD-HV(zcb?$re_7ZvasvLV>!nrSgY|hzG*JpI)HnNDHF}J3mwQwND{cR#ujw zwfj5^7~#Z&5Oj}=P=|wq(|}5BWN*5Rc&=WJX?nb5LxH@g;fZr#el@b1u<$aaj7dWE}s6l=#vh0~!_)E<4x?{6;@M z>CC3(L|jQ-nba$H8)J=ONZlXGMcDw`+3(4sPf(fF--p-u7^Z2@%Fr+?zi5CQk_VME zNyB>8%!4d~YQK4h#q=dv3ns|JS;l9<5j{bRsWk?PzK^yrA_Cz~k!~T&h$M?gAsec) zvXK&h13UQIMpT%s_;YX~$r$_pYwxVTs_eGDuY>{u64EK%9nwgrfP{1kh;*lfba$6@ zH=9(tq`SLAy8Bt2`#$%1-tqhc?+?eZhhq;mu-VtO)?91N`JJEdr-SXtXnVmY(H@ys zR^wxbj=;ApuhxG_=-~6M8s#0sfrCVquOcX}-Zi*2y@Eu^7RW$JzJgTE0f$A}b^q2G zIJi8C8MU6@^fom?RZUMpXgLB#EDS#o=za=!9j-s3x~rd+N_D}(C%}`@$6%s->Q`vL z1XgF^pgrnI35NAF-6|g9s^*E@j=Tz$&!N?qH|!IS^7nJ1SXUQekS%TrSYJAh2};Pw zbO6By`$;82r6Sf^;3cyDZpv@Ci>XE$qPZv)z5PcH($jU=@d8`=2EQe*9*^_y&Hmah zC3KXm7=cT7o+TcHZNA+0DA?mjj*G60Ldkn(3eoAl*=5abkM1+@3i!BMbBGzW7u}u# zx-k=SmhO`r#W!E+IS%_fd|%mHnd^RzZLk?&kH|p z;$!qaW835K84PEw*4m%!0=R8f*tgcy)7$Cj!%v{a_yEmL4f8$tN zLUD;Bub%TjTi55y!>$56#1uqGnOwgk=SePAaWK%|F9Mb)D@ms`6+aJICjv))E=lUu ziez*r%d7qATi2kV@0zv0zTG;2+QUR3i+Ck7CCRh34wW)ij?}h}gGmGv%uNwUOP$Cs z#BS2HKQb`!nMfAW37!!vRc9=Me}V`Sa+OeQKQd?Pz3$k{K~DGjCLkkH^fBhH_}q3l z^YYyghCi(Ih=|W#eaC^YG@D^wo^s72zqmw4>eNGL2is$5Y471jlq{#k3z*j{Yinz5^u}XSq`*RW z6pm}gd1qOe`=%WEF_{x7FPyLvll34MX0%Cam}(BKGnlbS)!k6z&tXz@bf^q7Ef0Hd zzFFVTpL`pSyXEHAG8L5sd%TtC|QOI!XdP6%mq8b_H zMPOozif19iY3fv+$y;PPFk*A`dnr-A*vvm9Ei@*CKtiMT&B)uXe*K#}JU|Oz-C}I6 ziegr5>VQl1a{bOL+DPB)Fh6SFBO%>NV%x}?n`MwfKX|RmH3&X{+5Nf)BDjt@C_P=P z%%n{A8yv|y*|9Qhcbv?6ZP>sH`?=zhX2^LW7sr^XoJ4SJX9Bm$_d0h(3K1{1ErU^*LC8y(KYY4b2i{c(WswWCiNvVVFXVVi-#>9$`#bd4T`JN z)2Fdwpo`3P1-LYG2|V9XYba5SiSylYM;aknMmFQfC|2cX=`$mf!S&8ZRje38h?!?~ z2CSwan^6B|1|4FzA7&#x)K+p(iOGs=y)|TS<6S?_I1IT8&3qlSqBW`OISwP>0k%Bf zGfB>)kNrH5I@?(VY$H`FaWKf`tsd}mFZVpFx~r7bfYS>q=$ZD-%L~gbmMRF#ZpQH{ z$7aqk$1uuEZJUK%A7+lK;ECvCe6Q zk&vUvAR11<%+8u5`bbC0`_hEp7pyc>Bf%`?pR*I}2W7=$bg;7t8>oc)Z)kD{r-HdJ z<^g;%$ZjOTY%(xqI7fR?#z%B3t?SN~bYrT+m&S$~T7=7|7t`m9nwH2PF-U?Z-TVAh2 ze89#4FtlEQOkORV^LiZ2yY~I>3k(>P*J1t)7HxULr{;0B-BBA0-S?=(|WN<6FY6sti zif~_Tcm%eJ37~~95(La=H6r%bsP>0`0otEaq;H?U2ih_)V(Pmw6Z$!5#V#VQWs_*|tDhjn zZoS5k>_3Prb!Ia%-nw1ejmv5bdz6O!o*Bq54Ckn(TsP+n(n?5{gYmebj7DY zvx|5j1H24BmzYTtvKsaOsN5gq^vm2&GWK4@f1R4p0z6QIe0*S@6n+yy%8KcouL3om zMAfk=sF%c6AZc{vTwxuNX?6^NX;xdQjx?f%{1-^L0pyaiT<#Hkani z)Ge1kQqSK+IP#of-Bcb;sR$i)o4@V`sbUJdk$2*KqGC}u`so~(x{AG_f(voGIC=A_ zPK;geg7MJYvu;uf&os?AHgHg9rR>GT)R%0MubR)iRMf7Y@$0vJL$~04&32giqS|)D z^+n$^W=J^RT>j9;-HoqaE+5&2WP7oUd)5Uuef6n<7EfWUgTmbWLbB{PVvQe&`sUa2 zYltqIy?Aw1^+`D_P01dS^; zQI6l;$s z&AFAh&3LP`KUG8ez#8ibf~i!{`%iE7Q>LFmukV%M**WEhZipGi=|u=Ya0C2cOF~3 z8Y%Q9#=-itD~!_@^u%x5hXU?WuA^k|1YEKSzbN%oBV2T&W7&#Se;*Pp4o1wj3!p5x zo(nl<(76WS#Gl35cHFd}=C4el`dKG2>FAt=xa2OVw7w_k=$TZx+InX;HGPvAb>;L! z`HSP(?gW8Xo0cm$@@>i_`Jke*4_gNu!?tdVS{514b{6(SUg;zH$~bMSwAVToxhJGo zD=*AJStU+9oV9vQ zCi@NQWXk?56QY`}m0LoGMo36_1TGW9aK=_dZ^dFrgPXdMzL`{kAs7lNwcRvf)au;6Ju zmPe}1Fwfy@0J}9oaWs=V!?;5yTf5NpD(8fsI+ML$dLQeTwMPXD0|5kQiXrIybnGRr zjDAVUz`(|7GK_>E+EJ$!LeE&&M6Q>)~DV6&Ln9rZb<>ega|ZS@K#ILs{+rXhH^Sopkw5k5N5al}x%%(U*l;=go{rv6vQ^1Jel->gxWIKx zNuuzeynHx2*6-z)DK46zbJ{Gir1V&tpP8;CW_2m)DDU6l@-X0UQBhcg+O$75Ij!e? zn~se1vZpnA)ozBfI?~vQK5e8J&(Og&_N>@lE0x+=nD9hEXS?K@mS3wCdTDuNy4KkL zh^Yy=svFNV|{vUERqC{y9 z_vX_^!9fCBz?gwhVQ-_mz z|M799?A$zqwOlQ~yTJn)^kb#$c+*=FS!K|7#7QpCuEIjDR;()csiW{^n|1C^ckxI1 zNID43eZE~$PG~v<+h=sn$=>>Gn$xJ03NsJvUsQzN(4kU|JM39BSid9yr~nlYuZYWj zwS{m2Yc9#>%{x9X+E1mrGt#8?1j8RvxiLWhy~7PhF4C ztX=oD)Z4l_WCx)lxMk|_r;o5lt_d!?+m)4wsHn-hGWn6ocz^yn1?37+XjpRiT4$B8 zD7jJwoTTC{0{Q6Gh3bLwuQjE&xk#@j`jh(1wX2z2Ilc zxJXtd?}NhG*(WTOm~(=g7iUZZU;TA2W(lY?`EVAJ^Nn{IQ`oU$0v7dYTR|`N4{=rO zn-G>0*)(>k4p(Bj)_l(*X}u5_i65V#V$I1FgF1r>SuiSgpVQ2tNh;@jBr&X1M{AA_ zM%?7iV$QDJ*vMen8$Fq6ra%_P44@_1(zB>wUzJZRJ9$Sz@dC7*DFz{S@90p% zp|6Gib;X8)jr6;RmcHO(FgTbw-|XapFG~pW-H^PFCnLUmyah|B)tq^4pnri);Q;~~ z1%C+Eq?xZyw5ew0{=s5?v-`~p>fjA^PWvx&HT3*f%g~VWAOk}B*(`r5QsKIW>!mm| zADWtCnqIaf*TJmxn-lAlv zBu5f0Hci;&RHO8CH-zVKWlzW7j#w4NBh5I~dU&*_Ex-kecFB#Qm;oF#!<$FQ&Mnod zetWjJo%GR3Tfw0|lQe@lB2j4TN+`-OaGjv{bP|Cwq|~k1s#mAQF{xlN%)cg2qS8?> zcEc`m4$Li1Y%LVO+n4T3TXan#E#5~tzNIa3*(8~c8}eUW61E+PCOI!e##+J}rao@Z|0@Nw^b@bhLZMH^`~FON)ZBocWi|`>!=76g-^hhy2X*s!}}$+lK1V z@u}QIq?uyGUpth>xcBhsTqp9^{et(uE~521D7f>Vl<;p}A3LnvhdNV)3H@0e*B3Vz zt-r0fdVGOXGa5B#W?#S9^In5+xaL-?i#N*PD5$4B#c|VdER>aO_0LhyftW9+2W4(p zKpWg~V)ba{;B3NsoQF$uf2y(K+vqj@$fQ`yhJ3i&siE#4Z@aK4->zsar~g8=-9QYT zHoes@^0NJ~%hJ)aU?Va&SrRH-UN((B6{O%ESwa4wFJ1e4jKbjLbEkOmj)&<1iSUfM zA3y1!YJ2 za?f{C$VV{j7nk8q*msE%KYt%kz8o3Hr>FN#2J`)I>1i^NVhO7Idq5RgEtDrF(-KJ&|SYH<#tA6Tz3 z>K&Rt!xzR~TGmtj`tis(boY6BDQZB_HiBI9BsQewMezqMB(hdcDNhDMl_Y zW&rQ!#FN(9nr0KN>LUxhg$1RxwpS9taw0#k%z7Ji^Su{6YOb$VTRCOiqKq@dUlEDG zML(9Z^NutCfZf)YHdcJh(D0T)OH3T2@+Z2S+jBn_x{P{%diJZy-dzP;C3A^pO#Nitw+y?uNh!W_%}qDn zy{u+c4+1Q#yqo?2*8AaChVFJ|DXLlbY)P(hDz3||FNrz~!ufI~oz@Q#ixV>Kl?o*# zyv9%>&=vdi#a7o_Wn@#+T@SdCxgRI=+OOSH~oke+(pVC@bva+^3yLi4}hvk(BR$H4?XHHvH3_880 z5LX=+mt#CdbW%Hf8Pg5;xg2`w~OyH8jRSxpfdnA^g%*|p^I6;Rt9f+0kiquz3-j~k>BAEzJdZ`p9uC{Sqn9X0ja02{eLn|t31yEbeA#P~kh&nUMV z;vC#2&LdPJBd4QujJWo_(eWFHGM?ckjeKLa z@fjgQA9#E#Qjzt1hYK8}dwJ-|h z60^QGUY{s>{3JHZ#cciFn*R2=Pvek!=5QL7n$XVctiV9Iib{Gprz;XBs({{_&#i(` z$bvtd7OKkeNBoMaqNvk5rLI9oRXfdAAzftkGrGODlIxiEuO^REhd3!YzHp|bv6b|F zwBr2S6SSB(p@lM-%AKQ?1OR&q3tG&ZELJDV!n=u<=%)C@GuF_r?60A;3^lmLHLAa$ z#+r8@3i;>1HLfGb#4F501E4zqRp0!y636W{ao)}fPyGdTe1c>>vK{@3d0(=F;0(9d6rVIw)5Uop9%@o6POZ zF4zpKLad_3Q#r%f0XNNX5a6cv#%v%G7Fgr8mO8~c&Dyr99;YhUrz4kebxq!z_^@HZ zf=PwsfOZ3NDD1IOVS3q|DleX7Ku-^^LQ3LaY63?s&{qHh#O6C;G7J|!^oUzxxt#%q z%o@t{y(t?1Lo?Nz6i!PLUcRG~B;o>sYN@}a}V{HF%G$rfD4ZPX)g)Lp`J0V9j15kjx0(NgJD|#3D>i6e{ zNGVT}#;xr0vS#FQ6(kqJNF}?c3Xih06e;-u7LJa`)dJ zNYU6XeWxH(68H*NGVj?lbahFQ_e%DAlYyxp+zK0$=$7FBMFjXzR7i6;Uylx8r|(?O z@^j(Z+x2F}w=vJl!OgfJw<^eoqooM%vMj>f!KAxA0sutc+FEGWxRDYr-@gaLGB->Z zKG%2f62TJzz}>g& z(wkDN9W;=rS}mUekHJ!FnQ&EFd<#cE-Q_#qtvJ%S0vXReq2UnTLGBym*r@p)vy7MP;A1;yK;*WItazg@G6J@SxZG~?m zTu;Cj8YNT<&tsfk7dY=qNJw}BdzS-e1j!%8PrQfN7+{_9`sKCo>00=WfROB*Llc$U{97DdRg2m0GCBhs$RB%ZG7U8L&+J-PNfD{{|CN$fZuZ!LGof z9w`aZ5#Sh~A-hfAuti<03DwB)@LF02-)kOy)-a|r8&G@EY&4WV=qoWeIu3*))HYtY z;mpz#A(M)SvHe^alRntl@Xr5al(hvdx1E|>j0UIKKhz%oh!Z@H@ygyd`oqY&d-^CT z;9C6q{nyYUa@QDt9zi{&Iv1p*Jh<+=9`I1JbTTvZq_=l{M_&&*R^`E=pKyv8-Q?bt z{kp)_{&qf5#2CUA;TZ_#!y*DXTEuIA0NW!3qq;h=)b#P?QOh{&(Q%0-E0SDHdP}6% z+;IWZTYe))eJ`@a$9M?3Ve}{$V-K0m88kWEwrfYL{-+>RPR5gx|Ol?Bf zlota{?RJmcI|Kv}Zy%=f=McC8nH>)_LjZjElGm3^UIA>JX{81SN^iHb!kHZYsA|?( zy|3K>-4g~*?}pz*^Bo-~M4u4pX&b%=~xflSIo~ zI5G-~)e&)`&H}|eyFJA+y=R0e56s*P*5TlO_lXN0l-*y)F!v1cmAL8w=07SCQ8=J* zD?a@lR_tIf=pgZNHeLV(RNHWda0RF-gO-M%P_%PUBx`SWTBaSn z1|Gj}o|?BcyuDQCj9~INEg*jcgAM1Kk2^*n!ah+06PWa%HiyzJt75h7 z?}ra(rmW@yj1~IY+l{!>%2D1q(%>!qL=PU1C3=8GiOY8Iq1ypC)_!h9VGa*fPKK>`e-oLxA%Lyz&bIz)<^El^8#i8jFarBl zPK$7e!sBWBqwZ=)APC}q7Pw%>umEjpDPoXCLN_2x9RnYdwf;m_4vi(Ya`YFn4~(`g}!H_mDe|lER-&F73VFMA4IPer(Ai$aX3nL*2#UM^hO$|RXGV;!5 zJz${bn$yzPi}9CtspHbqxO>)2*|kM+01pi1sic(MFzb53x zCUU=e3y{q}xWu2sE5U*#T>1S(=t<0`+==)eh=E+wNQz54flJ2DVP=}VV2 z7u2?n|6JRDw9$zE!iBu>&^#fb&Xgtc$cdJ1_l}m5=>TNs(dtjg;FX^6L$R{svZvA7 z96HV$fEir=%!coyWQOt-;p%f#Zw5!Ph5_iz-gb* z5#fa6J+i;ycP}-WjQ-{E+Wl5Pa(Z(QdOdZ3nN#bs5%44Z?2o}TriM!`*8<blUIJy(POA_4t+W>#70N=E-o(qC^>#o97?QbLFh6hyp3fQ0ajrYz~t9f#t(gXnO;r4g8x3%@gqy_#ni01u0mFjX<=`oH*g+h}c!=>Ur zdR;u(hr|Hl#kh~=&+qYYM*Z2X8Er?0oY>YjD8J~zf}vN;?qGhVyh>UGhTxK>{;1C7 zX<`u`SSWmTcjw1s)D8hSL%hVqM8mJP``qWlqJOw>Tn?G+>NXh0PtNGZ>?cyU+Y<4Q znXaIAmgt0Yt!Aw^f*vLbC(mPELtX0&9X$X2@4E@^X${;P3=A9xI%k0N1*m#G+C(Ys zzOh%S9k`ZUrMqwVpQULJu6RP0+nmjSG*_TW+b&T7? zd_dJ^V)eMiaqXO&^q%wR-jEhG{F?0c3=x;D=Sc9W^wDdFg#LH0GgwqT6I&dYz8PbG zx<4C}Gg2s6N?WuazUfMf7@UN%Y$5;~MMrGdJN-r2Keub2n7z&MKkY9i1p)n8PR;L> z<%7mUj*z0Z_Vxi1_h`@dr-p7OtrbEHwOWhRmFLGG*B{r|y7|&qsb$V*F^FQyQSjb# zQ~AJ2)&*0*-iave&!UBVX%3g-WEj0+S|Jak@x+edo5!93{$}f#UBnfq(1>K21<)g5?A{4Nhm1yJoRehel?eI zCIsS9Fa#m=DSq=dm;pLXeGp$Gcp8}^JhPsZwfTH&tLL)-ea3%(rs!=l4)&?E^XdgY zoE8(9vg#1wwaI4eRDHY~giR%y}7W%hp}7n!^Tl+C0@SP}o@oh?3at(%{U-}ny7X+iLz4SteHdMCyS zbrI3n%Iu|4+Fd}P_Z|_C1CevyN?5J1hmCBR34{k8nNQ^;zHN3IrIJyW##5zQ!9bVA zgAv1FJ}bz*6Y(0_1<$dt)WGmBK8-}n23(J1==%C+FiC(6p$(AeQVT=DqSOse7D#J_ za~6%VtXT(2p?Zc3Nnp2Cd*I$}{?knYAj6OZ9`CC3UT6+}H#RorQS#lO1ODT`tO2|a zuL*c6?Z}@S82&TbBwA#2ft^a{8Vy%dLlXJ7O=*-KQ~#NI zf)KRnM#nNeO^9Cmi#wod^aHS+Xv+PMc@(lqKeQShB5n;YcPILOe6d|^W7t-cV1GK% zAq}g2-aw70TKssd;tm!sAKR@#9RB+HdcVV;KY3*{Y+Or$7jUNbFPF}AK&%!{^6T^W zye7pkPyAc!`>z?LnJD<-L)cdt^6pPBk?}p9dBKwt)v%)MXg0%$597Pz1qRrP*Ectq z9<=}*?gYM1#YU67TLY17nE~9kMrpZ5XPyo1WdP9Nq*?+ZXck_Wb>Y_8_S|Fx{nNki z7I>#0N>DaC>CWIsKiZrKefR*NXEfXtR>I)oEtHSVeEw%k`|l^<$SYs98>|cepJDb- zY+ZJLdTX8Zs?PuWqQg_9M2=8{`S(`+uLHwVgu6urGu{2$Am-m_n15aY`d%+ENO%N| zQ2*~QJP-$(+uL(44VnK;*}uO__a*rA_n#$-{(UO=U%#-92u!hqsVy^*`1@a9etPan z09KtE=+Bt{>|6i)!Tx*4{uw3z9g6?Y9Q^Mb`)6eQ{}nuzAD`RSt*v?&zl41T{z-~{ K5GfVX{r*2jQHfdr diff --git a/lessons/workflows/lesson-32-stigcompliance/stage3/configs/vqfx1.txt b/lessons/workflows/lesson-32-stigcompliance/stage3/configs/vqfx1.txt new file mode 100644 index 00000000..05747375 --- /dev/null +++ b/lessons/workflows/lesson-32-stigcompliance/stage3/configs/vqfx1.txt @@ -0,0 +1,172 @@ + + 15.1X53-D60.4 + + vqfx1 + + $1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1 + + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key + + + + + antidote + super-user + + $1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/ + + + + set-transitions + 0 + + + + + allow + + + + + + + + + 8080 + + + + + + + * + + any + + + + + messages + + any + + + + authorization + + + + + interactive-commands + + interactive-commands + + + + + + + juniper + + juniper + commercial + + + + chef + + juniper + commercial + + + + + + + em0 + + 0 + + +
+ {{ mgmt_addr }} +
+ + + + + + em3 + + 0 + + +
+ 10.12.0.11/24 +
+ + + + + + em4 + + 0 + + +
+ 10.31.0.11/24 +
+ + + + + + + 123 Datacenter Way + nre-learning@networkreliability.engineering + + antidote + read-write + + + + + default + + + + + + + 64001 + + + + + + PEERS + external + + 10.31.0.13 + 64003 + + + 10.12.0.12 + 64002 + + + + + + default + + + + + + default + 1 + + + \ No newline at end of file diff --git a/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md b/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md new file mode 100644 index 00000000..897c9d82 --- /dev/null +++ b/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md @@ -0,0 +1,313 @@ +# Automated STIG Compliance Validation +## Part 3 - STIG Compliance Validation with custom Python scripts + +In the previous labs, we used NAPALM and JSNAPy to check the [STIG for Juniper devices](https://stigviewer.com/stig/infrastructure_router__juniper/) were found to be in compliance for the V-3969 finding. NAPALM and JSNAPy are great for many compliance checks like looking for the existence of a configuration setting, but they may fall short when the check requires more detailed analysis of the network devices configuration and operational state or we need some "glue" to bind mutiple compliance checks together or report back findings in a specific manner. + +In this lab, we'll look at what it takes to automate a STIG compliance check using python scripts and leveraging the [PyEZ framework](https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=1) and [PyEZ Tables and Views] (https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=5). We'll write our own custom table to retrieve specific configuration items to make it easier to deal with XML formatted data. The tables are written in [YAML](https://labs.networkreliability.engineering/labs/?lessonId=14&lessonStage=1), their usage wth PyEZ is documented [here](https://pyez.readthedocs.io/en/latest/TableView.html). + +We'll begin by starting up the python interpretter, defining a PyEZ device and connecting to 'vqfx1'. + +``` +python -Wi +from jnpr.junos import Device +dev = Device('vqfx1', user='antidote', password='antidotepassword') +dev.open() + + +``` + + + +Next, we'll examine the configuration of the SNMP stanza in XML format. + +``` +show configuration snmp | display xml +``` + + +Since we are examining the configuration, we need to use a ConfigTable, which maps XML paths, elements and attributes into easier to understand and parse YAML syntax. We need a list of communities, and their authorization level. All of the relevant configuration we need to check is located under the XML element with a parent of . We can translate this into an XPATH of snmp/community to use in our queries. The communities are all listed at the XPATH snmp/community, so we will define a table called `SNMPTable`, and instruct it to fetch the configuration that matches this XPATH statment with a "get" instruction. This will create a nested dictionary of element names to their values starting at our XPATH. + +We can save this in python to a variable we'll call `SNMPYAML`. + +``` +SNMPYAML = """ +--- +SNMPTable: + get: snmp/community +""" +``` + + +Next we need to define a view, which contains all of the XML element we're interested in, and map their names and values into a nested dictionary which is easy to query and manipulate with python. We can concatenate this onto our `SNMPYAML` variable. + +``` +SNMPYAML += """ + view: SNMPTableView + +SNMPTableView: + fields: + name: name + authorization: authorization +""" +``` + + +Then we bind this to our device as a new table definition. We'll need the yaml python module, and the FactoryLoader python module from PyEZ. + +``` +import yaml +from jnpr.junos.factory.factory_loader import FactoryLoader +globals().update(FactoryLoader().load(yaml.load(SNMPYAML))) +``` + + +We can then fetch the configuraiton from the device. After the following snippet is run, you should see that we successfully retrieved 1 item, matching the number of communities that we have defined on vqfx1. + +``` +SNMPTable(dev).get() +``` + + + +Checking the type of the object, we can see that this is a `jnpr.junos.factory.CfgTable.SNMPTable` class. + +``` +type(SNMPTable(dev).get()) +``` + + + +Using the builtin python `dir` function, we can take a quick peek at all of the attributes and objects that are part of our SNMPTable. + +``` +dir(SNMPTable(dev).get()) +``` + + + +This has all of the elements required for a dictionary, so we should be able to iterate over our `SNMPTable` object, just like a dictionary. Incorporating this into a loop function, we can check the access level of each community and print out a nasty message if it's not `read-only`. + +
+for mydev in SNMPTable(dev).get():
+    if mydev.authorization != "read-only":
+        print "VIOLATION: SNMPv2 COMMUNITY {} HAS {} ACCESS".format(mydev.name,
+                                                                    mydev.authorization)
+
+
+ + +We'll can apply a quick fix to our device. + +``` +configure +set snmp community antidote authorization read-only +commit and-quit +``` + + +And rerun our check. Nothing should be reported back. +
+for mydev in SNMPTable(dev).get():
+    if mydev.authorization != "read-only":
+        print "VIOLATION: SNMPv2 COMMUNITY {} HAS {} ACCESS".format(mydev.name,
+                                                                    mydev.authorization)
+
+
+ + +Running this from a python shell every time, on multiple devices can be tedious and error prone. To make this easier we can package the logic up in a python script, and save the ConfigTable YAML definition to a file to be loaded at runtime. + +We'll start by exiting the python shell, and making a directory to keep our Config and Op tables in called simply `tables`. We'll be able to import these files into a python script (with a bit of preparation). We'll also create an `__init__.py` file since we're using Python2 to allow us to treat the directory as a python package. +``` +exit() +cd /antidote/stage3/ +mkdir tables +touch tables/__init__.py +``` + + +We'll drop our YAML definition from above into a file called `config_tables.yml` in the directory we just created. +``` +cat > tables/config_tables.yml << EOF +--- +SNMPTable: + get: snmp/community + view: SNMPTableView + +SNMPTableView: + fields: + name: name + authorization: authorization +EOF +``` + + + +We'll create an accompaning python file to allow us to import this YAML file as a module, doing the work of `FactoryLoader` above. + +``` +cat > tables/config_tables.py << EOF +import jnpr.junos +if jnpr.junos.__version__[0] == '1': + from jnpr.junos.factory import loadyaml + from os.path import splitext + _YAML_ = splitext(__file__)[0] + '.yml' + globals().update(loadyaml(_YAML_)) +else: + from jnpr.junos.factory import loadyaml + from os.path import splitext + _YAML_ = splitext(__file__)[0] + '.yml' + catalog = loadyaml( _YAML_ ) + globals().update(loadyaml(_YAML_)) +EOF +``` + + +We'll start to assemble our python script. As a nod to the name of the vulnerability we're checking, we'll call this script `V_3969.py`. Since we're running this in a Linux container, we'll start off our script with a [shebang](https://en.wikipedia.org/wiki/Shebang_%28Unix%29) line `#!/usr/bin/env python` to provide some flexibility and run the first python executable in our bash environments `PATH` variable. + +``` +cat > V_3969.py << EOF +#!/usr/bin/env python + +EOF +``` + + +Next, we'll import all of the python modules needed to run our script, starting with the `Device` module from the `jnpr.junos` package. We'll also import our `SNMPTable` ConfitTable we created earlier and placed in the `tables` directory, as well as a `warnings` module which we'll use to clean up some of our output at runtime. + +``` +cat >> V_3969.py << EOF +from jnpr.junos import Device +import warnings +warnings.filterwarnings("ignore") +from tables.config_tables import SNMPTable + +EOF +``` + + +We'll turn the brunt of our code into a Python function for the checking done above. This check is for a STIG Rule called `NET0984`, which is a component of the STIG vulnerability `V-3969`. A STIG vulnerability can consist of multiple rules, however in this case the only rule that we need to check is `NET0984`. It will operate on any PyEZ `junpr.junos` Device which we'll pass to the function as an argument. We'll add in a variable `check_pass` to keep track if we had any communties that violated our check for an overall pass/fail grade, some comments, and print statements that give some more information about what we've found, and what we need to do to fix any security vulnerabilities encountered. + +At the end of our function, we'll return our pass/fail grade. + +``` +cat >> V_3969.py << EOF +def NET0894(device): + """ + Check for SNMP write access for STIG Rule NET0894 + device should be a PyEZ jnpr.junos.Device object + """ + + # Variable to keep track of if the check has passed for all + # of our communities + check_pass = True + + # Some extra information on what the script is doing + print "CHECKING NET0894: This examines the configuration for", + print "SNMPv2 communties with write access." + + # Retrieve the SNMP configuration table + snmp = SNMPTable(device).get() + + # Loop through all the communties configured on the device + for mydev in snmp: + # check that the authorization is 'read-only' + if mydev.authorization != "read-only": + # print a violation message + print "VIOLATION: SNMPv2 COMMUNITY {}".format(mydev.name) + print "IS NOT RESTRICTED TO READ-ONLY ACCESS" + + # print some informaiton on how to fix the problem + print "JUNOS FIX: set snmp community {}".format(mydev.name), + print "authorization read-only" + print "\n" + + # set our pass/fail grade to false + check_pass = False + + # print the overall outcome of our rule check + if check_pass: + print "NET0894 PASSED" + else: + print "NET0894 FAILED" + + return check_pass + +EOF +``` + + +Then we'll add the main loop. First it will define our PyEZ Device for `vqfx1`, then call our function using this device as the argument. Then depending on what we receive back from our function, we'll print an overall pass/fail grade, and finallly nicely close the connection to `vqfx1`. + +``` +cat >> V_3969.py << EOF +# define a PyEz junos device for vqfx1 +dev = Device(host="vqfx1", + user="antidote", + password="antidotepassword") + +# open the device +dev.open() + +# Evaluate it and save the results in a variable pass_fail +pass_fail = NET0894(dev) +print "VULNERABILITY ASSESSMENT FOR {}".format(dev.hostname), +print "FOR V-3969: ", +if pass_fail: + print "PASSED" +else: + print "FAILED!!!" + +# close the device +dev.close() + +EOF +``` + + +We can take a look at our completed script which we built with a series of cat commands and [here](http://tldp.org/LDP/abs/html/here-docs.html) documents. Normally you'd use your favorite editor like vi, Atom, IDLE, PyCharm, etc. + +``` +cat V_3969.py +``` + + + +Finally, again since we're running this from a Linux container, we'll mark our script executable so we can run it directly from the bash shell. + +``` +chmod a+x V_3969.py +``` + + +To make things interesting, we'll add in some new SNMP community vulnerabilies onto `vqfx1`. +``` +configure +set snmp community public +set snmp community what_me_worry authorization read-write +set snmp community no_problem authorization read-write +commit and-quit +``` + + +And at last we can run our script. +``` +./V_3969.py +``` + + + +So let's fix our problems that we introduced, and re-run our script. +``` +configure +set snmp community public authorization read-only +set snmp community what_me_worry authorization read-only +set snmp community no_problem authorization read-only +commit and-quit +``` + + +``` +./V_3969.py +``` + From 41f8429fa5285d734b2afc20ee4bfc39b2b4136f Mon Sep 17 00:00:00 2001 From: Your name here Date: Fri, 28 Jun 2019 11:23:48 +0200 Subject: [PATCH 3/5] fixed some formatting issues --- .../lesson-32-stigcompliance/stage3/guide.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md b/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md index 897c9d82..dbb1119d 100644 --- a/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md +++ b/lessons/workflows/lesson-32-stigcompliance/stage3/guide.md @@ -3,7 +3,9 @@ In the previous labs, we used NAPALM and JSNAPy to check the [STIG for Juniper devices](https://stigviewer.com/stig/infrastructure_router__juniper/) were found to be in compliance for the V-3969 finding. NAPALM and JSNAPy are great for many compliance checks like looking for the existence of a configuration setting, but they may fall short when the check requires more detailed analysis of the network devices configuration and operational state or we need some "glue" to bind mutiple compliance checks together or report back findings in a specific manner. -In this lab, we'll look at what it takes to automate a STIG compliance check using python scripts and leveraging the [PyEZ framework](https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=1) and [PyEZ Tables and Views] (https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=5). We'll write our own custom table to retrieve specific configuration items to make it easier to deal with XML formatted data. The tables are written in [YAML](https://labs.networkreliability.engineering/labs/?lessonId=14&lessonStage=1), their usage wth PyEZ is documented [here](https://pyez.readthedocs.io/en/latest/TableView.html). +In this lab, we'll look at what it takes to automate a STIG compliance check using python scripts and leveraging the [PyEZ framework](https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=1) and [PyEZ Tables and Views] (https://labs.networkreliability.engineering/labs/?lessonId=24&lessonStage=5). We'll write our own custom table to retrieve specific configuration items to make it easier to deal with XML formatted data. + +Custom Op and Config tables are written in [YAML](https://labs.networkreliability.engineering/labs/?lessonId=14&lessonStage=1), their usage wth PyEZ is documented [here](https://pyez.readthedocs.io/en/latest/TableView.html). We'll begin by starting up the python interpretter, defining a PyEZ device and connecting to 'vqfx1'. @@ -18,14 +20,14 @@ dev.open() -Next, we'll examine the configuration of the SNMP stanza in XML format. +Because there isn't an operational Junos command to tell us what SNMP communities are in use on a device, we'll have to examine the configuration to glean this information. We'll take a look at the SNMP stanza in XML format to examine the elements we need to inspect with our script. ``` show configuration snmp | display xml ``` -Since we are examining the configuration, we need to use a ConfigTable, which maps XML paths, elements and attributes into easier to understand and parse YAML syntax. We need a list of communities, and their authorization level. All of the relevant configuration we need to check is located under the XML element with a parent of . We can translate this into an XPATH of snmp/community to use in our queries. The communities are all listed at the XPATH snmp/community, so we will define a table called `SNMPTable`, and instruct it to fetch the configuration that matches this XPATH statment with a "get" instruction. This will create a nested dictionary of element names to their values starting at our XPATH. +Since we are examining the configuration, we need to use a ConfigTable, which maps XML paths, elements and attributes into easier to understand and parse YAML syntax. We need a list of communities, and their authorization level. All of the relevant configuration we need to check is located under the XML element `community` with a parent of `snmp`. We can translate this into an XPATH of `snmp/community` to use in our queries. The communities are all listed at the XPATH `snmp/community`, so we will define a table called `SNMPTable`, and instruct it to fetch the configuration that matches this XPATH statment with a `get` instruction. This will create a nested dictionary of element names to their values starting at our XPATH. We can save this in python to a variable we'll call `SNMPYAML`. @@ -105,7 +107,7 @@ commit and-quit ``` -And rerun our check. Nothing should be reported back. +And rerun our check. Nothing should be reported back if we correctly fixed everything. 
 for mydev in SNMPTable(dev).get():
     if mydev.authorization != "read-only":
@@ -297,7 +299,8 @@ And at last we can run our script.
 
 
 
-So let's fix our problems that we introduced, and re-run our script.
+So let's fix our problems that we introduced, and re-run our script.  Note that our script actually told us the commands we 
+need in order to fix the issues that were found.
 ```
 configure
 set snmp community public authorization read-only
@@ -310,4 +313,6 @@ commit and-quit
 ```
 ./V_3969.py
 ```
+
+This check is relatively simple, but can be used as a starting point or a building block to do much more complicated security assessments.
 

From 4dac1428aa44d200db71614686df80a375c6b39f Mon Sep 17 00:00:00 2001
From: cloudtoad 
Date: Mon, 8 Jul 2019 14:22:49 -0500
Subject: [PATCH 4/5] Updated changelog to include new curriculum content

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e965424..2cd7b267 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@
 - Prepare curriculum for collections [#224](https://github.com/nre-learning/nrelabs-curriculum/pull/224)
 - Update all paths with new lesson directory mount point [#227](https://github.com/nre-learning/nrelabs-curriculum/pull/227)
 - Converting existing lessons to match new endpoint format [#230](https://github.com/nre-learning/nrelabs-curriculum/pull/230)
+- Added a new stage to the lesson, "STIG Compliance checking with custom scripts". This lesson goes through building a python script to check the SNMP vulnerabilities that were done with NAPALM and jSNAPY in the to previous stages. [#238](https://github.com/nre-learning/nrelabs-curriculum/pull/238)
+- Added a lesson on BASH [Commit #1fe7b94] (https://github.com/nre-learning/nrelabs-curriculum/commit/1fe7b94454e880b1a468b1d1742d2911139359ab)
+
 
 ## v0.3.2 - April 19, 2019
 

From 55f1008b4530597aa6acbceb11379b780eee93c6 Mon Sep 17 00:00:00 2001
From: cloudtoad 
Date: Mon, 8 Jul 2019 14:29:08 -0500
Subject: [PATCH 5/5] Fixed formatting error

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2cd7b267..e31e0dc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@
 - Update all paths with new lesson directory mount point [#227](https://github.com/nre-learning/nrelabs-curriculum/pull/227)
 - Converting existing lessons to match new endpoint format [#230](https://github.com/nre-learning/nrelabs-curriculum/pull/230)
 - Added a new stage to the lesson, "STIG Compliance checking with custom scripts". This lesson goes through building a python script to check the SNMP vulnerabilities that were done with NAPALM and jSNAPY in the to previous stages. [#238](https://github.com/nre-learning/nrelabs-curriculum/pull/238)
-- Added a lesson on BASH [Commit #1fe7b94] (https://github.com/nre-learning/nrelabs-curriculum/commit/1fe7b94454e880b1a468b1d1742d2911139359ab)
+- Added a lesson on BASH [Commit #1fe7b94](https://github.com/nre-learning/nrelabs-curriculum/commit/1fe7b94454e880b1a468b1d1742d2911139359ab)
 
 
 ## v0.3.2 - April 19, 2019