From 7547305e7db53231ef7c1dc19e706c7061c61352 Mon Sep 17 00:00:00 2001 From: Maurizio Branca Date: Tue, 19 Apr 2022 20:43:38 +0200 Subject: [PATCH 01/23] Improve AWS Fargate package information (#3109) * Add a proper integration description Giving a less generic description in the integration tile is very important. * Replace screenshot The new one shows the actual dashboard from the integration --- .../img/awsfargate-integration-overview.png | Bin 0 -> 346629 bytes .../img/metricbeat-awsfargate-overview.png | Bin 407842 -> 0 bytes packages/awsfargate/manifest.yml | 10 +++++----- 3 files changed, 5 insertions(+), 5 deletions(-) create mode 100644 packages/awsfargate/img/awsfargate-integration-overview.png delete mode 100644 packages/awsfargate/img/metricbeat-awsfargate-overview.png diff --git a/packages/awsfargate/img/awsfargate-integration-overview.png b/packages/awsfargate/img/awsfargate-integration-overview.png new file mode 100644 index 0000000000000000000000000000000000000000..90a1f7bf5f3f9a37145f0a5f10018ad1db54e977 GIT binary patch literal 346629 zcmbTdby$>L*Ec+ffP#REfHV@KA|WB&ASIoWO6O1mL!+cfcej9aNzKsR44p&AP(w4o z5HEV&&wV}b@qOPv-*Irjx%XP@w|eb?eG;s!D2qT7cy)6rU*2+?VAE3hlrOPE?%%D6k4s<|tw z8@pQ@^O?|z2;&O6^4|g2nu5O2y4uFpJ-#!1?W}~D1%L1|%qSIDTrj@XB zG^Ksd%FfD8CyYxg=xAcbuPXWBKf-q_Avy~X$ey2#4Gadef;n039L?F@@$vDov2(C- zaIoBQusFE^L0?>1fKK#(ApXISG<7m|w6q6V+5u_*V16;Oa|Q{~(cRH${{wF7YWXiZ z(CI(!-vxs04~6X=D?8i&W(QfC{eQ6kq5MDC@1pQu)Bi7U*Dv<}GXK%UuWadRYV%3b z($*B{bZ4&+9Vag**I(8DlC}RgnUDMZzhn(3Q%4Cq+dJVq|I~~fP47@F>_C4R{#eGZ zYU*TX)nF8->%JHsvI<3hI z002yY@<(+k^{S+?*^R^F)5Pp5^wl-vD>g13vD@3*^ULc?^!3WxCi39;40TabQNMxM zSzcY=+}d5+*g88$1Hc25Q!~e>=clO4t-a%;le5p!Eo+-wb#-;yJG-;~ad~ZGY9`9Qu50P|`uf_^-V2Ssxyhv@5@k*W28wbR3+)4slbb4$Cv@Y3y_{ol1svvY8tt}1{- z+xG50>f%aROunMNs~77^vQw-$o+$W-kOy3oW|wp?X%;hrDe;;ymQofM_2#)`sVb^+}O_g z_{3D`AhfrC*wHN@X1KYydr?k7^WfkpYqGnn{P)!Q;XR}LY2>C;YjJC9dvsLv;k4bS z>QtYA$nEW&g@vV}l8T@b*v9U0V{=E@JZx-ouA!+lC@jGl?0s}{o=`U#n~-{n96Op^ zS_sG~iSO@6EP<;QEs{D@$2wv=)_=n`-M@uyS9F|ST`@G z=ENr;+FCZX&}&_nt56)7ATL1|(?igZTG-Q??3>mxv9SiwQVpprK<}AHr=%7E0JH#E zNilWT*G8SdRm^yoI6X^h+C7#=&t+CXVq1M2f|%b{R-@Gj zJ&q~|z6^?sM&kF{-UKQmCRk45B?!0&N9Xr0*@f z8aqZDf*Jo#etSEg=Z9-E5%H&&Gco(qZ~txxp85m-E+)w#w^mOe7=ISil8B+% z`iJoUa#cL|=h=nSP8}m#ss_+ zua!bzf9_iMNqd0e(>kk3D}kSP+OsGCuoBw@TOp9qrsV}7D2HXP37f(fVq0HjF)o)oMeobWSN9tsHN zlyfdulE?FUZdD$@V?2O82&09k6{zXqq>++>2cOZOFMT{RQCCQh_(A~axCfxr2OKQv zpOHX*^E`uKzE}{^5`MU>rx5H9ZG*_XwtRsDFv4gV!2-CxN`j(v7g#r>Bx)aLq*Ku3 z&DK{B7lGKP1~+zQ-a=Ld>Ky3190^Ip~2E7QZv*zIppRL$&xmy0TVps0QhqrTd-1NyLY(wAAdqGwGrn zv-JAsN<;p;JbuUedO4?~Fj;I{}b1^9h?F z-y8XAhJR%cJ$pCO*o*?x-g}Dv>%`OFSliDbN|WNuFa=>QifkOv-gQt{eOv)@tuov9JOLj*VvB@Pv54f8 z;=;c%Q@&X6InV4?32ADJzf;0*B<4vJyCuYsW;&I;7cR0=Y_eZyI2aJ(+T?SrVH=R9 ziNxD3nH=&mv|TN-a}j$f?bW_K&jfc>T|_DI3Enks`Qd;qwh|}2MPIsMGJ}6b1%@1H z*L(R+7#2`G-st%lMcE9cAX8*fjVNq1IAwK7T0d&lk*Mvf+Z1W$BMqlt7$%bryK6l{ z5fa3*bY)S^x1F~Sf2P3*DNa9J<@}h#y}lt;Op~gb1Qd$-?5wIF4ynhl9|nqERt%fh{XM1W*(D>ARRt*xBT?*Bq*8q$M>xsJ=PgX?)TILb(Gk7ezehVwu;CB9R%g24H0~{6iVs5a zNnrp;I_`l_s|ec zjC#>LfVD6z$D_BkYdXgu#LZE`aa0fzPAmcLZL08Wez#Qj%1U02ul#Q4Do29!1b}<- zTanYfIj)F94TR#l%WQi?tn)PUkr14xy=HIcH_^p9J1B+L+arPTDA)XyE(<-#?&RYs zP*tF7ip)sA;Sh1|kBSu>Xr<5c2z~UD9xUe*Fn9j!ox$ihM>LoVu!aY39hX&P-Tf>K zANAU$LOfq_OB374wrzaApzi51T}p$)sk)hDK7oenZXKEDhVRx!c*~3~eq)l?MN6N? zz<-}kEL<+v!G%5f%2d~{b6gAwrb^sK%5=NaMh~!D&d|1O1`EgH)wn_FZf?56?sPHy zwSsoa3j&%%9|NH2h3>8hs$sX0b{8~)wiI+TF=btQEK=0G_%;r^I>hDHXj<*F5{tuc zkxDXt($f#%!sHmJ2?wb8prJ12A}n81=9+roAzZE<6$2;TKW$wIh%1Tn_Hosm6G;5j z8NQk8A!%Eua|uG9XL2=S6KXM)de?K0k}fHUt7G$pvjSS4cYAh3=6Llw8@LQ^MiHk# z6b2O4YF|qw-#a!3q8%APOt(mVrMnu7(BeZUY!bj#uMSs#eNupDbY3X!r#GdfKw^~B zYLxpKvpk+>GUbJ|u(II8i7?Xt#1|=rTof6t=trRxS6b_%J5vr7+HY=_ zB@v}*X6@yj{T?`ns|;xq*B_Y3cC6WYLA?^zE^+tn$^#Xn{d3=8QZ0NG*ByO$UrpAAl2YU`kUxaWmWStwgYC}eEB8xSA43+y1CV42@Hb8(6YAS8n`XeV7F!(0 zpA?q^-^M?f+YdS(VhT(X3W zHx3hXm#oY2z2^K(ftQC{uG_oYOp0j!rs|b-ir!Ff3v!E{mz+}+pSFQp`Ik&qE6CzE zTld;sbQ7#pQAyOVip$1ULw@?Y`#O{3tb8*q2#PR)Kf9zGZpG@ z2v~M3xs1VrSMYouB=RW2XgTQUPwN<^vbjpJba6=2!5Tph5S>rPj-k^PAxnnq03JH;j^(XJafFB99>$nXh;(!(5n*tH`izt6^#JW+~9NRk4X5 zBwUZ+;H|K^ndU0wdix0#3o{!S;nJzSadZA5%`iK-biKL3gIpkEW_&N1#N3IvrDmO- zc9^=+(=qVm=$oxM>C*vGs|^(n%ewEODYY?MHG>a|0p;$9c)Vs~BX7jn&KvzWrRcL^ z`nYC(2v=GflWP7%wSvd)mj=%(s*yDJXnbc7TEt`Xm|WVi)4@>3Ia$q7M#gcl{PiG9 zH_4;t8!L^)*!Pe7F$Q7V-@?h3Z67d*eV#Ok|7_Csw0pNS^NS5vf}Rsi{I2s6&3QTg z(1>3EsbRGH>9+LkuXy*Dj^8`cZKXex3b(c3HQX8Q&3X6k2O0Z+unU!}OUDVOS0$S- zVsED3z#tDax|A$#7U|AdzW3BWt17-jH)affZ}_WXtA@8fj4HGE1jR`Kinz93kP|$d^_^NR<=1)qwb_?=|3{KFcX0xmt25oflfQb8B5?1+dACOF=bIwJ*B zUum!nOYj85#>g;?lEC(OwZd8Z3!}Xt-Ez`=2t|JT-TD|A(Vg#KWO|sewo?c49vJDH zG>g7?ffFetrHN^>Mk$z2|1kLZG(~zCC3np}os)bwkThR@GM+Yd1<|1eRo_Q=BAjUca5WCXFTt>8k;9Z9JT%iQgKX+L%Zn;(77v{>O+##30=JoC+r+NSV| zoomG@O7vQBi_q@bvKOfm^zrk}ePgyii+4o>g ztI$YJxxZ#lr)+1z8AdpQN%_hQC&)$w4^9;_j(;(FkE(%;wXxFOExD(EVzDW>chb!H z@tk>b@iLaPYx(N?s{8O@FNWtTgb0z317WXU;lSzLVxEB_PQL|=f72%Lp($gE32*Np z7EUBsaD3;Mu_Hq7w@V=W*{e&~9cB`dyt_cug9pV&W04A&9;7@zU1y-%@rh)N#@4=j37?Z8uOWC-EJ@o;_Q78 z@KWvLpD>8th2csS5uc8fEXeQ!#vQtAiJxSJ`2z(q(I7j9$BG=EK9g&A)~V~FwJ->Y ze%5~`$piXLVzDB3dh8=mQDO=oj;W(_zX1<#WE*JwG)KDvUSCdVO0WhXxzYvg?vq2T zfre$fjNA5~aoieMMn08S_kv!g%>n1L1!Egngue-a!J}#i;}eOeTU_HO}z~UgY0@4!s_p(~~tNi@g>xrjtJm*@o zr`5FV`R>PMJbR#CwefnT__eWtKk{4QLjqi1!3(&H?FcFOO(dW(`(uoiUV*S(QRsD zUH6Cg(<}5{)K5Wwn*6at0Z^68^FY{avIB0+}<-r@<>!Dj0>LCFKJ0^T>lEdrrhgRv>VT$gW;)Q&WN`_b+A*Z0~x?3j&A1 z%MC`vhu==zGJm66cSD@PtW&=M>v1;)n0U>b_66^2-??k2y0klE3WMWS&dxo6Ow4z< z-=()17hLhjE)k?%Ac~E`tyYJ;pdPtMCG|p#Cs>lM z(GI~{4>^W&>PPD0K+NA0LZfmN5i#(+04f45+;H^}M+wRK8mvh^BZ^G}-blr1#oqL+ zFIMB<6y!BkhT>pCa=r@%Dv*aD3B3KTS0rb{X)yiz>$_7ySG<$#PgiqkX)co{T|;rXnM@bkHmzO3{f-K_9hFxGMh$!s!>U>c4pva$cpzY~Y404@x1Ei@ zx25<@MiKO;JUmO$uUN^2x7sAp?;Ln$t~>h3%Kw!08?Z?Wggq66ggRR8c26vrpyOa^ z{U(GQnEijU+CJ8Z>stdIcf){a6rAMDm%#aAQ8rn)!=J|RUiJwB&)H6of*1ozyz6v0 z-wRyQQ+N$x<0w7U1i1^ZNyXM>U3Jxc~B6L5clYlBDha9#y2Zq6IUz(ds|I_=zSprsOAz}W5 z%r`&Hlo6z-LBjanJog_8?hMKIk2glXz3k8824l|j71oetqdvR}>(rL-_ z^g%oVnH0fKRHKPsQhyx9MY#AC_0AB$m)GOw%KVY(y$U{AR5w5qS%pL;+yV`o;NJK|WUKviuc1IYzeyYAULHw}pM#Hz-y+G4^{3H|H3h_UOZtFQ!A z89s#Xyim7z-3Ym=yF1T;vL!u$2*O#KL;D7riFED_4@F!F77_jJ81y$F+Zku(VA+H2 z!ksN_!(Ri{@ft9Wakrn>H8t*Tkuo1BUS)svFN{uHn5nBsUSW|(xzZzX#DqX~RItZ4YJeXZn;aqwlk?f*1VPeR{0c$X!8-js} zN|}te$7+CNXRQ)oY0swTRq?1;FE9IuYZ8OYcgD>#OLnAp{TfyIl}eU>=p3@lbpCwB zZVV~!-d!P>a^f5$b7r-i3>&=Q$AR}JY*;s$PJ69CF*K}R!A=K8VD|GTq0hAehZjX` z_)Y@Z`|X8YhS+i6Vy`2ekiJ0T?-A7dk(nuX_zU!){zccC+7BT7iGIF&M#doj+*&+7 zc+j;gSM@|cRxy6th#a(Gu5$5YLDB{H_-8(kHdP1xs~-3=hqZwDa&W2-yM$yy56@n= z2j^faBZ3;MwP8x$!2(UYi>H|IT`v$=(Q{It$~CM(jMupml2gt@s0Z`vy$c|P?@r9C z(B`M|tge4zNc}8&&SOOtk40nAW?;RyMJ~xZF$gL7NYIj@rlPizrmqcu<>rg;b3%Ks zNkUR5=WrFSkr)-sF1v+1-rx>&dDqCL_;p4B*r52e?KwpF<1y# z_06sbkMHB=#20ck#pO^4ZqAQ#tJeNti_qbRL$RHkCt)nBJsP5X;wWo{dAkH?&wN># zo(mBoo_5y^X}s~p%ETG0%7OUTT}iw7suL%~aG=y$eD{gLvlAO0Me{Mz+rd5&>zXUUw60%>FVPUs2P-g1~MN3GcK>y)G& z%J)6-`1`BDU+Wl@pcubZl|ta{PX+i@Was*B)Q%^4HO%q0#Xx#53o*YMAV*&2bzO%2 zGVnfMA}nvt^4VA7NH?MtcHI4^ZCp4a_xjlsFqWDw&G1s&5spaRZQ$i>$O0sr)kg76 z(>!8v!zU@>WVoL>VeT;EFBmyoPIVGx0^Fy zK7c|}*nJ;s>w7xMedbX_J+4X*$YNk=@{ea!7^7}mF(nnh2Y<{K5UutiXg7<8=92A% z4VD!|J=wv#TaZrHds#00p>mDz!mYuCsF#yGjI39r@%Wu9{-Z{a3p%{1kNPP*_uj}J zKOB%Bifl;Yw+p6UxTpblM}Rgr8=BJe4Lsa#orSZ#Y&iQXDdteK+#bzW9Q|X^w6|Vq z>vIW%noqr>5*A&cV6c09=0%EU_~|64#hO$@gFZPWJhzKyPuy6bDNgPQOGAtqEy@UYdczv-)3tj>(xrQBaH+z(w`XO{XR1HqT&P3Ywu2y5v zJ51@Vrjy6IbKtnXsWBUUfXPS#5BOE*NQ@Pu+$=Oj$!Ys&)u}9Zf{LjmGva7EJVS{+ zr=66@B3&Ou(=bf=$PQjHqW_u%o;DYABQz;M_yU5VNCQvnk+G_p@v<;xraqq>|20L? zIATyb6~Pu5hizxkl`^M4hP1Pz4m#__7>DUaK$`_(Ygb)6UT7^__?~r^C-0n=gsCv+ zG%WP^T`MjM38XmGKg)Byq|f_a8?M=&>2}7taUV~Lk2cuGJ)vtMnHc~O?FqvY^d=R}ZI;mLmP*~qLEWoQOG z)P?O9EC5-&RVNePi}ZsqQEnkaknHS`AmQhLF%vP4L7X8>dYh|SO2QXGO~0t$?*SJR zkH5M;B4W9z+gIFg8WU*{F3J~ycBT#*`PbjJuvMRcqwq)Y*{gZ^9m<`_;fGxNG?q zpnE+02`$1BD0jlGjUTgD2kjpD3lKnQ`Qvc9dbCdN)-rqq)C@L}SewY1VeH-V20t8Z z%pPncHKT^hu7fdi&|0fG0s=$sOEZIz9O%x?ulEOYP{ohlbgKfl)R&(DdM9raxga8Y zLhokC>PMO+xxWLyj>&|J^Zi)a-Cds{n~1h_;w#8A7b9H$ErBJ?dHze==~mmsB}NMT z-Fi4MU7AIUj2!*~I^+_)mSNN}=YaN|FHtAZ&!X&Bnc}XGVd!n1FxXRoC)Rvffnh7T18;Z!dW zA-wtOJQC@r(%!!p2`tc%Yb;1zq>;KvW4ZX{%yJ99XJrVx1olNx7IX#H1L_05#E7-}xB#Xy|;` zA!0MOB$t8wJ@G%Fk9cYzD1s2L5A2qp{3$^J6?mME`X_z;>zVECu?n2J0N0Wodt@sL zER5_)m%QmN@73WU^sM=EVvIqH*D{IKl9@bD;jwbW7Y545sYhv`v?ds++PyDNWc8L* z1gL~|Z`j>u+jvMJq@pB%8diW}?Ame!{gAG=cCsNTf8u(vbj@4SGR;tN?q1KmJG}B& zfre!sY+QK5raus@jBz@-aqwFYy&|Eo_4i-j{s}|K#=#Q&>zc5|d#33e_hiJ7lA&ga zW?@lLwcOL)W_(&afG%lE+rwr1GCQW@h_mDv?gP+>S1f!uLptu&WkO6W#y^TON4!qD zmls-Fpw~j1j3|+V7%g<+BwCa!RORi_%$_^GKmSurue!sq)C-nQ9?C{{}q8vTisms zGU{`DXJbv(zTQK?cOby=1$5iwGK0;q$?PBws9~TDc>L#%_6`mJ5C#2tSty(0?%SPB zfIsa2*}TKLdmO?4pUr<|{@MIjMp+Q@2gIJgJsW!O?jbe#U(vr@|BC+qQI{FH-B+C( z;AETo=8wg^cFgj4R#JcLwr>(P(9xy|`D63YSl{S9-6ww>OU>9G6)*bncXzPQNE-Fy zk3CECdb+!ark8&)c;xYr*;1%>o?+_Hqm5;gV-NK9#A(QmhV^ToL#NVThBuo*!wm!X z?t&zRB4b2}(1bcW`R;mqM1=^P)>LQusAgzQ8Tv3oG45iSjea!Va<&e`w45h11O zlo(0W;Nh`{Ghg-`*+B1AX9&w(QguPYBa)bKtUw4`uV^jRfF;%BwRu_1KSCmQFGG+H zo2o@Z5Uvqh94A#nkLtT?cTfoO!cFiKNQ9cF*^W&CB;dza(Cl_cIsfx_+)3^#wB>x*bp!#!a>Tj@dIk71$2w1kj8}mMajEfvy%(lJgBPvsk+8vkyF9b`vI^p zm=J$sQ_f{I=}n+N#>Okb@i6f$K!4yPc4=pr&p{c>9pNuM z3(e|2_eq`*9}*`lj!0j6w2}05;^Do0287}H6v`s^(-oUZV zbfbCYPJ%ylk$L<0sZ+=*3v4(u2>118f+4P2q4pG`%oUBgKr0fuktubWHA{9fnyz|H8vhI0al;7Xu^_m1dK&^uy4RH%gBZ#&HIw?ZN?Q5XEH*4p3)vuQC_*6=-vq=_7fW})^oK4owWRv8PRUV#%n7Cl zd-}7ozvA%Md(M4zAcH8qwu`@Sy^njDSFB(`fe;XbsEwxl=Aw?W8L<7WSb3SFAJcqKk!*W|6Zhq;U5my6Zl?$=%B{Cj+3wqYTc! z^vNqvyKN8Iujxv*v(3&*2}n}Aq-F*2w0*O0Nu+-SXVUWo+N2}BF*f{h1c=%CwPz{b zpvAz%4GoW}8_Qm)e6P)8d~Dbxk+`@o@m-adh*3P3)B-@HdO8S*r4 zZbm$X-sjHA=7ac|BG~Bz2xL;u|1K&p`j~u5b4_XgRD6x zdvGXwGYv=$>j6#%#qKB!$ki@%S_1dH8;oET=m=(M{@jS&@9fRyN#Mc`QeU5mu(FW< zwaf3}--DF4tgzuRIFp|n1&B>u%_?026<$bvK0N+AJN1{jx6g;%g{@HcEu~aO9+LT2 z$SRZ5zFRR3daA4x+O6d524A)1pFHH>OCUpb;tj74zE%yG(L7_EOA91Ci-DrC;y-=V zPcoFvBbbGv-V}8Fh%OYDyt?|tUG3v8fH>2kHHI_&zWUJx7%1C)3Em)d^|lWr#y^r?U0A*8e^$v z6FqjwZGyyj(_p=g--6nlAN$AklsnCe-Zl92cLQ*Tj7qktCVA#>wTVmvv0~$@8bf zW?4N_Xo0A*oM48#N2-^>LO2 zYHHCN?RFoA|4~7V_aF%;MIx(RVmPE&d?Zl7&jTXT`(+E;qpY=IS?VTpsPKJL#%6voT7~d-BB{(1 zGG0sxa6Oi^DncTo06OSjvNqqmkP ziKVP*lr9loQ(q_3#~@=X(^Xq4lmZS{vCGjOth1C1g1UCc>}m)C9x9=-??gkIVf!=| z3><0 z@N$54&Xz>0gNWT7+;c=CHd56ZI2`_3_+B=IYKdj5P0}?3vgLGS7SRGf2Z;tzJ)z+`Tmg)e$uK%B(<6l>PETGczn6;6ax7r8Hq zQGUpDj13mp^+^AlmzgQY>ku6H7B90eJ&dWr9fAk)V-x7xj|o*9liRwl{JvFh@h5NN zn3)bIz9EL)s3EgG=Hpbmt)_yfwT|ukA}oh1HrX^Fo@&wLuksVkPr=X^m@?nbELIn; z2JDVjekVK-X3RC${no3Q#hU6I!K9NuW3sA~vs1o|wdRB<{gL~^>C^Z20jh(@Z$-eU zliDDl3GkmoAcL}ZWY0)F@^Ms3MSrR6$@}$}s(9`fQ+hv~sv=Z$aNYQtu`lwE4h*kj2f1l+!QbeYn&A7YpP@);35b-Ci-`C7#>yHzEeYf2)ug2 z32!6Ys;Yl$3JO2c^$SBX{F=FR(=RN`&nhkV9q8}ZHY#80G|pjc_7F1FY3 zx67h>uh5wO^vkrp3wjkKG0+bQgac~#4c3Sr8ht*gvv=-km|Ke)Ra~Zhh%?%F@#3pj zovKV^!f3KVwWy-W;1q%yQFC;ynP*zuj_YW{dO#I=ryYu zX?x&cRG4ZZ2?3wx)L6R^@jX56oiT+x$cL?Yxv}~{YRA$E$SQkTDTx7=G4@3tn|+Pk zm)+3#>iIVy>XXQ5J2lXbGEPV-=Ekp=oklMA&&~YGx;6sEYJc0 z=DShGO1+Ac3o8MAEE0GuNXt0Pi6wZfR^}IE~ zCCfJ37b789MJZZ>NYdg3RS%2t^WZ~uRjeDViIZN57^ik>p-t-P%SJ)F2~+7gpxO7~ z;f~4tbocc9^g_Rk%NqlPEb~-n|5wCEcpx%_`Xcy80Gyir_kNIs51RS}X>dtQD9qS* zL;d-x)<^K0VaAzP3}gFE(N%vl2or)4R+RK*f85yo_<)l(vozfu--dtk3PzU7%u2Al zI>X?~L;Li~Ria=sbSsfrXqQW`Q6`|0gkZx;B4q82SI7A@E`;>8Fa<&25?=}(cvBm( zAj!@+zq_xr{&hTJ3BmB_eY-ExPw1#3onkMdXdO!jiQc>7E$EcL4{ux6$yh)zWC`r* z`zz8aM|6v!+{Rj}NzUJ#rK=S|@qBKmU>Lum>Py>!aV` zlRDI)<&L;nU**Dt2hox0>9%k`JMc(fKeGw30#?8pBdZ5&2a~z2CyPHh4Sv+6zDI1; zC3c>a{&c7}F$#~v^&Ln{I}wDvJ)YB+?Rps*&ihEex80q^BBv`+?TKT)bjxOBhU0e+ z`hj2|%ax2kTg=Q8lbt22Yy0{wfjtdkCBkxXg%|VoNn&a0lN@42{b<#wND6^0!&T3N z`&(3t&%V`^it36^CcGIFSbVR;M7JwHE7+v3NWSpWVr^S_>36&K{N2UA#nkv`Hb79> z>qu(U=?`85MydvJnmVbVH;Tf&JpD=nmM64{xCuS&D|2Dj2ck-%_!Q#zGDZz*o^xKS zWJ33OR9JUewVLUfNJg8 zd9pl&qa?yyeshEN?JxGG9)#fBd$pP=p!9V2?byy+M3vNYwzW$XApO~`V3TOpc<|n_ zMWXg^kbg7PcYkY#u@J?lklJ_O$QtEc4~P-(r5{g0X!T&n$=O$wC#TV~8Ro$qdOy6{ zw73!8kG~w#C7Wae)MU>9Mv}Bf|%69hA8yZ z{7;JYyzd6FvJ2_Qr*#Bk7D2fYRp$biFA2_7^-D8i58y^^AT1t72@72b zb6Y~DUwm)IpbfUK+*Va-(MdV*QVU)J3XTqau$P zH>o6n41v4r=@cg}fMyKRr-+Qp@<_2El6P}3Iq+mgq?2l&lQ(vQFLRDceSwetwB#7S zYGD!>}6&c38&H*g~i#`AhZM$D^G4_?bf)Nm5E&d(uQsQIK#J`$A?3olWt z9siniPBZhOUMSz&l4PxZ{p=_Nnn00gn>6=Ne?rqY-b;W9vF26V9~PymASQW3-PM0? z_vnvM2p*v343bwr*1zTT16SoBlriUGmMgodM>*=ACpB{`g?$hNd< zcM1>?5|BTZE_#?28e!S7qd)zuR39JQ+a0G|`Y!(=#M-JqHN^)!zUSzfM5HKI+v4`) z3@n(_@6{yf4RW2!f=;!t{OSeMVkqhnV{F{Lzu{cPz#G%Sy6JfSx|nP@o0LZll?6o= zsJNo_C~t?q%Y>aNb9qgnSCJA{qEaa$;?zOkkx(9F;4M%uw-hyzl@bRW;5a2~-Zaq- zibWdoKZK|IBC)e7KK=~!tsVw=3l?Y2MTnwkP2`Di$X5H`7$;9^xLmqwppH_btf0T9 zw(fe6$-jgD?oBRh^4Iad#KC76KOirjkZN)9cg`D03DG1bE!%K1aU^ZQsFME7Qx92P z$z|r?@qs5D)pGl`eFjbPm7YWXNHSaU;1;*N&Dv+!gtpe~Yv??u&+Tfe#EV!M9@6tc z3MD(#3bmRKNFM_aSNX0@JF$!*+^~N;Of3YFI-rJY7`2kBjUW+HUf1|EXsXp32wcbA z5jez*GLoOzB7rsTPtw2cl;sp6<9rK0+tuhh3gp>J^1mU!AQ7ZmeO4*X1MV$Z5WlxH`a&5NvDzEiMPPN~c5qMR#~Y6;D~k=i0| zW$*s8rv?MwX4ncXYsShBQqkpWT(C?pK*JPh;b>?4t4YyC!U*Mk)^Cp2YO-c>n7Qc9 zgJbG&Y-xF2NF25|O45p;ard!^{-lm5Dg|iDCh{SeoU#o^-{(B$;J#g5cdAW8z^Hye zRqm+Q51e7e{;<#j5RIYu7Eq&L?kjRLmF&@VVe>usYhR?PF!p0IOn4Rf>r#%v;m56J zMD=`UXlg3BMnPAXvE_5$)G2e#4`>C%`+Ob&Sp>n0+Vb9-IdTX+y#?Fzh0~&won?)| z%|#)3Q+x!$77trqlvI0L*D2MFTT0prO;FKhNqA~bEb?YT(g;mu{=IwSAe3?B^xZgq zcco>FeH>^1Y>hr|RI;RP|NPwvS7kOh%U%83F0eDY7?B90Vo1q?0!6_rud9-aN|{C_ zpd&Z;(tfKISUN*0!m@PxOKo4lhhlqMn6##8-(E1%dW5QZO8_oj;I^{5{mu|rj_uP_ z4B0=(i&Rc?`J(VeJ`mOPX)Bzz%mqrm`3i12k^ZhIkgunej3vxV^zQ$&0u;zTTvNr@ z+WDg0qY~e#t2N>S#Y*%-Be}ZYiO}Ia-}xufU8SRvGVXXpBGd%rWgw6oV3^O4wUx?-hH=d9#i?VZe9YS)D4J z^Gv3x*99arPL1Ti>F|7MW1<4Fn(Bai)0D?oln*+1Tb{^uu8uR;(o>bMW}$6+>Q`T< zN(TX*+^b^zky6j<3=8@NY3@?--CCdMxP%@wtS0u()h|;F^(uI_Ec6=d)?M?M(6Md8 zlOt;N)nN}`@+cK`uOib^oY!tNFCApdexopBjsffP$|r(zK9&fQ@_$EJ&3jYzpTg?N z4q+)nV74+c?S*0x)0hyxOF*ffWf-v#JacxKWMJuN{?T12 zVxnPNT~+egs*PwUkM76sNzIte(eZ!sklAB^Z`b-PyJXsz;1yiwlPy~`Cbcy9wY#1c z#H${Q_}dspL-Mb-NvZR?fKj15$aol&!fSX`5(FQvt6Pi4cIP`i$I7Iz{&u}Hd4Cd@ z86W|yv2?|am!5EmE7_(2mKI)>U4N8PUYBMC%n(H|x+-*CzX9e8PWn^>k3 zz}s;l!+~3&Vr|xjFJF6wGyc{JOzPNwkkqDpI`u2~II2JXk;MGJBh0vH>zwql#TP5fOH4;eB6nvU>mQdu zO-QR6_g({Nt|+cVw#qWKHCVhBm%miX7;+l-n;_HY>>=#`&5J#ZuH zGcoD2hUBEQk+PlTbm@*3gK+fb1d{}d)z8>6LHVeOr}|^2)K0Tn0dzxi!oCsV4j1+* z+mS-}ljMoxKBc331)EVW!jTbbftt@a|DGr$qG0)4^h19OYgJUEZfzDN>i#p7cdOV! zWLHB1W*yEA*$w-<%(&Yd>@0MD0-F!U8gNM8n;TI|Lxc0IUf)z@?zoY^6C_c;7tti& zcJevqu4Mg<5u5}SOZf|1&wtD)N1|i)(>@qM3dVW3Givtq!h^>*#QTG87meV%k}e(& zy~Sf`gv@s zd9v+SO*lV5&nj^OeiyL`Jd+RHti{{7YchQ4jvJU4AXl)tl7s&J7VC->N#E_(F|!ZvpBx%LcArd-^+ZiW}&4K-1V4wUBd-;b7_+UuEm zJos5r-ohT>ZziBYkn=2~+K7jEe3gB1-pA`IND2JNP_sC~;S-oUqy zI+BSY6At(5x!m3sL_mb?c)k%5LzoLv2JitbVjDkRIdMQKf|*RXo|36(LZm)C1uGSi zOqe;CsnNk%3Q}54TWg;clz>9E&9*Eg;ciq-zjpfY04S-S@dZaJwz+d$OA94?2CSM@ zeIX#7#4U?n_9vuDK*&n`R`eTcbLZNFlITXRkB@8x09`vE=%0_8mlXBqJ7{Il(#d~x{194-pnUpQ)(u$%eLM0?yQHI76 z3K5dsSh8mu+b|eQCE2%x?Af#Lh8ar|vJPW6hU_zzu^Wuxz3F*=-{1TG^?p9@?>&E* z`##Hc&bjV$u5+DhgC@>6k38(Uh`-Zb$Mk#}XR9n6+r98}v72#(%gadhdFl`&mTz|> z++BDV2DRP}nUU2Z)YsG{d)ap}F$=V_f6v?gJY;5PM7|#4&0D?^gG*I8jV)m_atK6v zQbxQUz;xKg#}!|mZAce=DfoLM$@`%?2nKo*3NMN=l&p55V3Xcn6XgE65~!|!;H)ip zaxP45w)Xkf!75huO`sVvcBZXscXkEh`N4C`*0N9uS+C-c_}V&!A3#-Q5Kz_$4b70_t)e=EHi5tgxF~h ztIWR?-7FO|<3he6JC`n+%0Irw+^lX(Q?8!?p#1!HkZqzwarEAw=iZ(%<-DHw4z2oa zk}K5lX=!RY`^VSPG|kT-L$v{+9^kAWt=SGrm_&JpFh2acK&

~*T#t84ZVx=nv* z(I{U-@0)Q{^{YBg*h=pfRxQ-P>`8GU!$U$YD3kq_L*}+3l@@Q-OIXp-Va7a53?LaV zgj+A9_MwQo?W0=7h~42~%KGAAE^|^eM#!krdFNg1CEL8|9=vR88l>4`x0O;9DF9I$ z$HY72{8RjWUn{83->%!UBB^VabyhT|Rt32q)?Q=qMrV>IF8|f_i?9Pvx8?j%d(oqD(Krr60|(eIn&RBWsY+Yh(jdo!HeVjVszOd7*k`Ug zSIh6&9br8Qv*w=oFUEJabfBLnv~^I)I?Z`?pQf`5LrywN!BxoX1xPzh*DMInV=&7n z^RO4=TNvXkIL}h!f3^UP1*vW!D)iq4RXV>z5|q8Ke+eu~@7PfF;P@o1J!e)fRs8x6 zb}5DQ5qUaM`rIyxnM-qa)PZFsH8JIlkfn@!SDzopvuP#xvlO#7=_WZ#LNiyG-9S{f zKE1wB?4@Xskpe^$m0?wAIg{>4-8wr5c2Oe_=LnlL6dOA=;`VcxX;@Gbj}Jr&(h$QH zUk%3V!dTVJUH8(Z86g7UuEUQM7W4N49BfRsH+H$x&_y$aS!Z1Qwzq!;-UduJ-dVOk z`DKnpUHPi`>^?_qtw(d21SIz1>jBsW6kXD4nf~ZU(vJn*<_es;v%t~;N0rzc{h<~Y8~f4}`e4L4F6uwBkD;8!n`)k^16K@ePr~sI}?n z6~jY0nAaHT)j{soe*U5rkMvTWuLn5|VzJ0Ka9GQ_K%AA!4g>I!Ai^vgyFzzI{gd?m z&yHaK$bg51eRLRUuA{|4Rf)R|88n4B{DJMNj%nX0UF7^YT+~|V^CAyT&?R8J~E5&;kmfJc)IOA$~ zeEu}h0o&*0&o+3)w`&hRK2dE7$qx&ojWF^j6|v3q;K^;Xqj>b9-^&;T%)O7_zJEVt z0?J*-FsG)o>tDn{k%T;_~gjJN6e(oRAGv)6eK=a7Is&N)sEeoOj?m&AI~5YH~D5PYr+!ldmg8w|PQ%)WSS zJZ`W*dE%*X^#D(qj*mMD7-NgSJz**Yz}Sp_%-7k`kNL% zv6lZ|y9vn^lVnIH>1uSx!wUzh$w!u806emhVnwftz($Wf!WV4~jF8YV<~!?iWK(q+ zbsmqHG1(BGizvT+2N{ZwsQPLUKIys_uo5^1l;46eq5?j3MBD|Qk1HSjo~U?G-ylL3 z104H-^x#1s1q@ST{2N2$6ywB18d&w%XzawL?#=i20SL#@MG(aGgRZeS&cA_2emqs- zNO}VL3!qevo0 z2?$4Wl>V*rZ9nc zLQ28T>ErB=!q!P*PE(!nhvjf-Y5Pq0&DQ1%VTy_yrvxr3W+mR^>*%;07=LHV6>wTr z(26;=RHoh;QFKNV7xVM}**hy1%|S)!&+Z0Cc?OQY9QeG{6&r><6?e15tNs4HoSW4Y z3}Hh;gr+s+Hcdp3Z>_PKX@nJx+-fI*vNj~LJ6B~(sMm$D91ld(L|V!Ca=kcWdw+E` zOMR$EQo@VJOvpNg)T0}Jcf~v>E z-EYnTG=1U}A<}h|96oOym zsxU1lbYS2zP&*-2IxEfOtL5(sPYJQD+-o^fXIQ%WXEx7n8(*to1X|KkRQF4bVtGh} z$u!)#_-w_osYo|;irL%Xf2Yv9*;KsnK+vyp(x@D~MJ#d6Dmrsth}+L8>Go#0C#gY* zmgj4g(VXBe&yCq293M;}W5GM{6`>*vvi_Z^c=};i@Ola`lBXA8C@SA&p--|!b!F5& z%>oS!Lku&cn07uSG^J$zAn|S24?~8!*}?@^g^B4aD1U1ab6sr%_5ql!!G2+1su=4L zD|0cBqH~)?K0utU@Y{lhVMNDNMbR~2G>&$LeMOX&4(9jIAm?ho?;sHYP)^v0_*bIa z5|dnUQ{mPTQA$XK#=)ho2CXyBW%p{R*W~Rzg696?IwtsPQ9We=hI+665>0Ao6FrX) zGS?YML!g=-%|vO`MTtS1n?Dwf?`>>po8|-G`|ZiHQ-u(zF9GW<7viri-_c8L$Gli@ zi$;tEtjw)ZJs!Sid6vURo~W{h@%(eGkR*udv4?$K56l=>>|g97R!y|@`vP0}-CPbN zR!D_ZEqG`o8Wt>%EKm!vk{ZR6P+xMKWI?Z@jpC?7N)@z=vxq2khX_oK3w+7xCF?{4 zE*9DlLzph~Mv0w$48YNTLu~%Mw!>-U^-sq+t_~YFtyCsXq)!iV8!a&#{q<>Bx_0vc zZp#8^PWlnY*0yjFxr^Mxon`6R|~0Fv~ll1P3DYwk!V*N17< zc~`^e%4;<&-L5-TcJKIXvXjZvU$@CQyr=u$jy}q1-=28-&07|(6E7!=^pSl6?7g0S zuc9j|d~U#N(pxrEm_E?i(kSzkEWWg6I{l5<1~eSlz1j+ara{IJ6# zde9ZoL;LREB3FRGJ|%D;QB@$z`@+!y08}}m^Cx9NX^DPEqy-?aN9PmpbQzVac9eev z6*x&iM@?N`9g$=p3pkICXsaw}i}!y(5@?Q^(%Aq70PQ}83ydF|24=`jN|!qGzY70C zE0TSpLYVso5TU08sga)Ku6a)A>;9al`TnG^Fwt}Pk=hl7N5y`lf3}tbL=qjeZM-XW zs*pUxbHKdyAHx(REFc1~!(A6q;R*;rH3uXrdcprCx4H|V+X8zE+;Epg3Wm7Z^SVBO zl;(Se4M(l48+G{57-F{p3{QXsr4i*dI6FP7Ey~eG(My%8akb5CnZT&2S+3x}>Qx(m zPG`1)j)izjYT<``i>=|q?LFFQ5N@c#?P)d?WBdose2h@#my`(_e z8iep?WwDFmcs*Y^vWp63;))NmuR)ET)M9z@BOHDz>1=l>#468Ib&bb>|Ro~X+9aU*Pq9g{6gmft&`5OqE;%I zi#3o^E+^z$j2=^T#N2FXR+~+VOX1yO4y9l2Rq~H~2~6=2(F8_W!8mmltKuH2+q7RU zm=8DRpfR%0;4AxV7cWnQEmm%$_>AvdsT3O4i12ItbNOgleG8I9*6?v(8X2xSg+x6J zNkgOy$dcm~5}2ad>_^76lb3VFRVX3Vhv;hG*8|bp5neI`dE7@*XmU;RiKGrTH&x^k z%<7{RSlBhER=bV+9|fX;G~+|bp?hgK)N9B>kyp@%#=@x?2T@RyjVYmVVGi9~Nj)u9 zQB}PQqwH}}dh!01xzYkqNiBLB=H`SBMoJpOd6qP{omg(S2P_kg+b|w@a`!gM&fQ8t zl9zSdqu~jDT*{PSbe|p%dTig8qCZe^&EwEmB@t<>qk;y_%wGhCc=02NEKHVJ!J+#E zKG$4dG@7@UE|>nsE~cLY#)>6F2Nt(Mu(M4T6f`Nn29p^W|<-)(vj2Oe@X=sNgjH%oVs1+p@Mj|{)?|v_t3#N$yk5K zKw@W?w2=i)&D)(fD^2X4Y7m^L5p8hHg;lLa=-TCN81QFXyOe%)>8hl_Q;ZYqDAncb zIj32kz?hZFHvp>+?07QNYJKa#eA_kcL1cSgW-?1;4vc>3($bmjU-p8Os#mX=p9vYh zF#No{^)xNgNJxHH_RY#jxUNa@6X5M)xo+Tn_{veKFT4vq%{umHy)U#wiiY$ z4;PXcrEsG7(q*u3I>BsYX|i9$QjylfEh~ka?i2Odc=bqsd(1 zZu0f#>sn{7dqmSyfJui&Ub7Kb=efGomXJ#|WsjD$gq%~Qr)x2khw;TybKdZAu&rg^jK%!v(#xGa)HoMYFuiJ!dt)R(`J7zN$?6^nxgdxvQk! zz1UOTPM@>mb6d-o*iEUI*&OTtFqCNZ0mrp>_^h}wk%KyUU0i)28r)xJrL}c}#L-_x z@1v>PR_S^hzlKn{3N_p8XGg6ChkG?I`Hj=ygU|!? z3R>wjFn2mu;^$cdTDsZ(`^9wdXDH+KF?$6Wm&-O0u$<=$NW^PhR#mXvf)Lxl$OUbD z7Oo-&>_CI>hlzYgz_VqQSKc-B@-bD9Q+qhK6>`lc{KE(*FWM^%sY=1H)lHP$d=&Clrw+x=W2I zK8=bXP4Rh|k3a6LpVf@SCVXqg1l4aCLU z3r5d9UK+!&T==EBQ39kGoCOx!Vn5TaUHEBl2!9Uio?qh2dgDPuR6cv} zsndzHTLav9CEP>f2lZVWkiq53$>fwVyZe)e=2-7vWRRw7L@|CBx@-iBCeixLOmi)M z<2;(}hgME@HE`372gXS ztsd>pgj8&#WQZgSo$~L$%1atr?fdtusu3;Cms(}|cI|c!`ktdauo)W@e|U7>qN0&P zw_J7?W(8ibL$mAA^Ec^Zp|QEif0o_no?UTylX4jela5+xQ!WjQ{-})N_#LNw&+0jf zWBAE9i`m8DI^g@M@ZlR>+sjAVqe!n6a)0SWu}WBWL7X98Kj=O|vhkXoAYMM2M;&Fq zF1TuVow;nlP}hj=WX_t3?+NGJdR`^--P@V#-q_&vZ)6 z=%_tSn4!DP>g*Nt5}lQJHjMk@v%cwRLE^zDH3Rb;t#FtS<9d3CNOxY9M=^s;(N|dN zKn`wBC~dgqb_GfFS0LLZke(%6?Coa*HIgDdQaL@Y!tx6gUVwH^LZ`z-*2dFcd#7$) z<~zmJZrow-Q_GJ(oAP|73Z|frx^g_^1wp*H_6yqJSo){8AA1mXR~^$120EHWZ0ePg z&`iW|yUv#(PbP2Sqd>J^c9({%UVus-cJqBNeCp)fD1wfxi6ljpXC-oI)8MhoAu!Bk zo-2o1cNEK&;BQosmYTt!!&ygY-+);tk0ZFRUc+sF6!d~gT*zFdHwSkc9~KBpB!RX3 zlWw%GCvVJjihb1@$V|7($ARqYwZ2e#IPAXLzH2Tv#MTLV2JdFFa^nB)1=l#z2lfS_ zKr30l9C*2>%?-gnTiwK}RCVIx{Y+z7R2tKb2U3_UNYK*Vo!|NQv4x>MFB(ch?ZDPp zLzVsXqmi~6VyPjA_pfB?WhGv460OekXjTOMD!5qi4-41)Ixz`^?aIPQx0OkbImTFl zRdhV(F?@IlnO2F#Z0&H@)NAu})w%e@#Kq4zxq{21MS0_{-HLe&YlhlF%Re~r9J*cW zCx|VIpyREph|gk8IWrNWAd`HiUJjG{G3S}ehUYx2No)Vh4R$GTx1k?Q?)+LVHA;K7 zG!oig$fMEo*)}T}CU*j*p;WCVoj>1MZKFNtrm?7KW)Z}n>My*AkxM&}C||z0dBx0n{1(2(fOOSoZ?UpgB6Be2&`!qT37%!J`+D!}jUH z0Zf5$2BtwAl+((>L9d!D&|_RQP7NH0Jwk1ry#Ixsni&36rg8w0EQdDudHaVXdSHX_ zL#NK5M%991p1;^6D&!I#^)I=hQ3gTOQ#iggYzW^GN$Rs;xU;#QEsfdod;zD`j3Ie2 zm_7dy{g4|!bUp}wd8$JK{wY#rXjiklbtLpR=HuNT?;Kt!9Gv|4b#JH4*@+k)cy(Di z^#!oTFrm_)Bk|4LdaFPzfOFVdEZcTvOLul(f_9b~=%OoYZ5#9AW*5!t#wh5@-M2Tj zOFqU~v848SgE4V&R(WInFt!Utvt2HN6T4H@2Kioog_YJG7W8*b;Kn324`)=&+cU#6N!a_7ZqI2n!N z4B|5>ln35{PqxPlfUvG-@_v=hQp4)FJX>NPnFw#0L!;Q=qCdhEatMo^`x1NEQ(SWS z%{6SEH);HQZqV6g8^+dZ_TPVos*5i8T<7~;+y&(l)~9P#wub8F(e-M}#p_Q4v@mr8M^KRcXqV>qBw9d@bzHN12u@u3#LTw>yTyY3cec;SQiYHL_J#d{oL3-l0)V=$N+t){29&#}G;NO4wx{ zEUE@O8_JA?LpPt0A>fAXJbQEV3PYzeA4a3?Q>Pky>}JRh_tt0M`>V#kKd6B7?G~*A zr&XU4@}9ilZ|!&+2fc&>1*4ZYKIx^H>Y08{y7C~%6ZD9lVsx`Y?R*^a0E!JeWIY+^`%H07;Q*}SBlN9Nzd_eX~{FRqDlaKpc`o3ohy24-xpt@X$scS7E{*Jpz3^g;6X%5SRcNRUmX)1MttrsnQ;KHba3& z2q49}g$h%X0bY+>v)6b54{G}ynj=SV5b!7fs1Pn6LzR95J3M>hT^|qXWUqZT>xp;p zJHV57Qm^-^6F-QI_#b1HgmG?Es~aG;s{Mgb06--L3#B6x33LHXzknX!0az##eG8KE z*I0|#BCva>%(2^hyYK#Sdjs_M!z3N?;AW@}O%Z?!mZIpbA%}gBbnv(o3S*idcj|;= zd@XINKr}+#sg6xn~UuqP3oOM-E!}&Ra4u-k4pB`g9lRn z8O;0e>Vv&5l9UR}YNV=Hl6`4WEhr@ha0f?Nq*L7N(+k*BQ*NaGT%!z<_ox!BajheR zBKWRUhKAAHlP5|J3G8EZJkymj6wtJWm{0Vhq>ra(F$i+n?_T-5-4xHOE7>1Yc*Lb}?4mm_} ztr5&<$Zx-xvmW#|1d_A?7y2JYp~&64z^uA}IXN9Jo2>qgQ{eVLfe`-2JoukL2*-g7 z{$jC{i*CVoZsSDT#QL&mgJ=aTGie{_1#+tSzOI4NjQ??*4{^D zylrx=$-noc%vU95Zg&$AnW;6W1E@EDtSP`zPEug6xLlID`c)6ia-1zF=lMg(zE}s& zHjpQp6m03CuDb|`ci)+XliZ$w!v-@~9t|YNsow}2bV!xYkI*jaY{Vp@-_{qpMIraP zD!R7vSawu^fjWBiCW}%%$2ssOYujljJ!A$7#9;H6NYZWzd#4P+I0IF9cDE{L-cz1|bannnWMum}#! zlT;~Hd!)mZze^9=Zz$2FVI{FR7o_(RcLpPQ1pp-W7M7zN^4&gq1~YsW|J()PZM9jB zzU}MYSr$U-#o9pUZ6^#_pn)VI8AtMFOh(Zv=TYpAA8F~7wItF;3SoRViL~}z8Wp|U z(m^n3TJDGGYi*n@cK97U_u)-nZ-qhLA%9RJpTE}Hn=*;MWZHx!)oFKOW1GUHmgSe8 zRDvEWezu~l^JtX>gpvHObvCW?qMDec&GkhS#_aivO~z+d-yCog*`i;UsTEDK=rB26y9O6{iSx&l)|QLPHJvq%L|P2Mj(XXX}x^ah;b7Y=~Q}<12Gl zT-9w3#L;?o{6_FOIJcfI?zfk<-W*+)L0MA*AzM8`Yxpsz5f#|kjgb`(!MKgqq+0WA z@S><_a^*td%ydeABrt{_>>1#|l$uv$!7k4YYMC|}>H+tF!$EqrLf*fpYA+H-%oMHq zS_$189NtdZi2aUulHSnnq0OOjMIyiCkzz~C0G1P?fhWG6&qlw5ot1I-X6s~rjW(*u zG0=~%t)HCl!%i6j%d`pYHTjYZvktDibn5sknPecG@+e-sD8K-Y4PVu)c8^B^&qcu*(V=Q(ESgcX2{ z-*h~X1f-Mjk_0jKvyMspA6`V1f0q=v=zry7P39#SSfP!z6TRfO^Ut^h4gbt}1BoMM zfLlI4Y`FyYtnV{sUf3;9bOT_h52AgynZl4Igga>h%b8Sls^;a8J2g#AmNI-lH^~di7I=bIzKpM?8EDWoYLx zm^j}xxIJz_RBhL}N*~g^)@4(PSpKPWr1oD{fM35R>E%h?t{Uzx;CPIiu(uQaveVVa-uHIFmLnlT9ny#m-;_Ce9lxG8zOaeB(pzI&SS|0crE|9>as5x)iSW=DtBvAM=E1NQ$l!!V2l;NZk} zl_R)69%tZ=Z44aK`Z~gncIp3qzW+}YqvOa&0Ec*_w){U^9aiHxbxqoFQ^`$eitdb=)JON8wHpR+KOOa$-&^;kC9cA2QSQdv zB*P(7IAw+5^a=v+zFvN>!({7iuv)m(b}y#c%qF|Fz@mWy?bClwpUYqo1?8 zKi(tN_0}zBNuZg9A}ozo-b$rPuixkdOZi>w1gs36!5^avU6AF2l9xWHC;!Q1#8VHx zmklQSQtNEnb|l?vRB_EW9!bgp+G6|wA;o&C12KytWm>ung_6=yYDJ6eurknw=}nk7 zO;`63JhC1PC%4Rk&Q12clW~iLyn(0gz=DK}5RXzd4lt@HDL;8DfI&z{v*4LfIK2hc z4{xwgn3`%Vin%gkE}C@4t?VUk;Kn2I<1Vdw?U^gxwqHZ~jkF6{0Z`R(qqX@VwQEis zB{lw}(PNZ)GvT`h9p?Af#ddn#V29_XntI1hBk`A7aDTElMBX|cV-u5(;0!D_(V#vh zk$CJC$aky3H@m!bFa;^6$;qiQe*Z!8+A&qdR&3%dMkh21rj)0iU4(FtD3L zheH!wp@y+_D`2!?8MUl)2e19;rtMprOvEE%csR8zu` zpsJ7DqZvx%erS#EaEV~}9y~R1PCOGGz+rjllp8bWx#!iG@FaPLkV=I6a7O(Vi`B`t`nUI}a;r-z-KQiQ6=Vkqtt?a}0iToqAw)Tv zq#9?aya=Niv65O3*r}5)h@Cs<6!7FvSIOCDS&816fiTKP!q2Y7kNw60Fjm=0THIXj z?DmiSbr{xg<|~eiU~<-w5n$@?~YI+|0CJG?~%gh2lGwm zp#NWs=sOIdI);p~15@SjaB(Jtn`BN#G)xJc08@K%FcY1Hz^cXkqm~6Z^Q$gup(-a1 z%2(t%*n{n2i&{((04aPX-FNAj?rf@g0SX>DbRnur(;G{)&hjY2U-Wg$Qw?9EURYGg z{x6)rB9iEw1F$N4f`amzQyyp;5EvtfSCf4KZ#T8y4A_~jw(}$oqISBll5!3va^JW2 z-X+cRC?lneh*gD~g+N^qt2>}SZ{HFJJIt9LJgVQZns4bGZ(6al)beQl?RgP@z^@gy0J&a zYE6zinw8dHwmICfupkv@!5AeOhr)_sl*zGOvk?4h_3$O^(a#Q0@jjv2f!1O3nf>o znRjJ9JgjSIbZ!pvFgDvn-3LLF0QYk zp0(FqIPoHt`F5YHWnZTyk2610(IQm$oQjoz#|`zl3Qgw4kisjfk_X%cL-GjN4VIN( z*-`o0+BD%09zutjU1x%)qr~y)fgV2|VWO-MWrt(m9we#40uH};x=--?8janoQ_g9G zci_W#>c)act1KjCP+@OK4{y{&j%M*UU*jtr{PI(;qa_n37&uo)Hl!4WXgW8l-<|0g znaOGz{Krqoyhel_8bq?Mp`ga>b@RQP6?B=~8l9@A$Vxk7{35DZa3QdwtgK>^M)zcMjT==k~PoW5g_+Qo*%} zCa?E~I|k=Oj30m_i66d@-aHLHj}_SIcIh5Sq~pc&Iah})JmbrMfi(=3xOmXHqx`OJ z)q-X=QKIZ#CPK2B%9S?%AGK-W#be!TY`_MnP*ULE$ zUOWW1{XACsjOR}MZOm_UUJfO3pFqXTFI{Wqc!5<>Fty2Rd5O@L5P7nFahqQ}jn!(N zCvND>mDqW?hB7I1^rRl0mz0b@bV>H;0s*A!#jyP9DuZOm{z@|?eKCaS#RO0KRCFP) z#-;@+l(0`k+-?mIwmR$IzaY%b=5`*MIe>bN^EU!3ZL>1E=BQ=j#DA+)Sa^D7D4_h9 zFHPMmPGQvP4AD6mwJ?sCs{+=Q@)V0+h0x$qVnR-688#n+R7V8bXk^G zIhj5hT{DaogndoTejP|1l)`!!WhZo4anmH#LIiD6Eo8l9*gd!>LhS;RcfnDY{^fbz z&3}Q$$c?ky#rNHrM=PUFRT^H3tsz}D{8fx=R2qhAqHuQsrITX%ZC4#j7{}!@u^TZ^ zN&T%_D^+-A4=(W}cKQ1ad?}N(cAdd96wa9rRUHPJ^4uD}E%X$%{G)-PBQPr(nqHh= z;k5D0ro^CkA^-Bz+d&&9@s+eb)U6-=KCvAUilB~XR&EIb=a{|DY2y+`W}IByc-3u| zzuz*gjDWx|%&YR^{X%+a3Aw*tEKu%$Fuq7*CZkBUc_4|%{(2XmetK8Gq?u+ahmiL> zxw-Fci%kmog;45w?RSU{`e@pvI;G1=m_RwrtPO9E7|RDWtp70{*RvqmabV4RY_l=l z-!|7(8?vfdQ1^@E4@HYZUINl#2C^j5rPv(eUG}1{Xn5;sM8BnmD7#`!k8O7I-bB$5 zC*DRCsp~XmaeKkQmuRUII#&uNRj@~q-e%%1Dpz!P?cIu9iK>5&_YHuZE$X`HiQ9gQ zRq@^n;H{%*o^}FRiGxkIt0I5##fI>Y`X9y%zf7=6COQ11v*!(>7j`jRxIbB*(cET* z`8jG6G??5{qoG9Z(Lf<*Yu&ge>>gCjytzQE52pTnk2O5^&wS$KO$y{;4un|UYt^*@ zFb+T8`(TPqx&#C10X7NB6KOv?c4{6*4uK7w zGKn2%2^{O~D8E0sk9dhncGOXVC2SrJgM9}@%O2BB%TJGK>xo957Ub8x_aF>;W%T>7 zsTS|^+K{JJ1y30mg~V?AcN!_mI+ifX27jzpjOG`VeVKRiOp?$8*~K1A?DoRfU}3w zk4<3*B_b41sjI88^Wr^K8YL-f!Aa#ig{4^(heUZ_$zDiZiB<&TY6?AU$0(LkJD~RN zFG9`v@Kr*(-~ItS|H+jRIhk=e*F05bkSaVnoA$!))|oKeGr&uCMRz952(F~Mz8eW6 zZ-+KTd?vBwH11T1otQ zxb^X{tA5Du=M|%jHTU;^j}Mo+b|5%fYg)gMdP6q* z03##C&}|Et`9MoUZmbDJba)?=k%cf^4jy{GvgecuiOX|nGjLWwT~ro*=BAdz<}ucK|b!ovfEE1yTT$^ zzDV;S13I%gm+F4Alr+~Q1gdlCo%?FVNgy%J&WPnKT~#!*d5!HPsX` z$+ywx-OesA6!KFbaa%dnT|tlhwOg_Z7BMcF>b9dQi(<{2j~&0ZoIg7&R2i0E4qzHx zHAzO*{+YoRn)cO(kQPqA*R3`-+}qii%eYEpLM%x`7c5Qxve!?uvB^Wu`AjhZs;s03 zkFyc2G2Qm|wb@vKFMAz-Y&KJR*FM5HUO!CPs0~xCpBNx`2}D zm5{@G)HoM?*~o8$pkYv02bb*zB-`f|c9Vq*Kd{^wMNHM27g5~J;|I3qW#VZ5C( zQde_a_w!+pk#@*}V1JQ+z7mS#7wzxow|DOmje?Ewnx)gx%4D9zug_RKIO1^9PV}*lGadC&Xp77jyEm{nMc?I|n>F&0C_@9p|x9~oD zq+orAgWhEcSC6NHS@#B$7aX&!e>R&>Syalw=b}X2!{qP)^{9or~zjx470<*VBxbf<94i>;20Hgi=wz__8zwq^NGf@SUw!lP-xbSbpP6ShoVd@>6bZpb5C z)!s2r{pY6kGJE-bscaZhVeWfYT{$;0ZLuAu)n2lYvz*@+g%!97_h{ZIDu}p^2N~y& z&mY8&3i;k78u@b2n&}-XTV#PfD+!CsxF)PX3hlivg}>xLIF9r~na?`Fh!-#5zpek_ znP<(oU>(4I+{{BcT2tOAq~Lm~Xi0}+&VeDJnD*I`&(hW5hF8B$yZv!WCH)>mvvN_B z(-=PsWZfxQ$;K&Nq7ApwyIon!?ag}FjHP7)9V}WEy~R_dnGCe=?m?-@aPmuD#87OZ-^D2hvNp=uk*jW1@-+;dg9aHA-9Gf|L$mhp%Gk`6)fl*} zVTMm=8N#+QiqEJ%o~hrh$elukRa9DRp=$QE4yh&LC7KAA7hmU9t|4RlBn!ht#^ZEs zuQ&UA^MpKJ8CwTt&oc^`R9ao!u6e2+@b%h(w}9`b^eCu%h87AXDaAeb6Bners`Uv5AM zZ&=J4Z!^R@K@$K*{()Q$*TfiI|L8rBc_02}x0d?$I?cr1?!%xWioh;>Duepq+=dw= z-S|^q!l(4ct@UW93K)`Z+3~SCa^@7Cj43rg{5o2VgQ1JYPbp%eRYYD0gy zS7p8yBxG~mjIw9)?WLi6MMLfx_SIso|7-yyn8}sGvxD;49_&ckl4>0)i z_n=KBA0+N#)<}ZU@Pmg6%H&C>*`}2g^~lkYwI018iISGx&FfZlqcJa&D6KR8s*Q60 zauTtmB066Bu`=CvQoi%pWDlT$V<~qPY^ZKU9fc9X7zh2{o8$h=qes@k;MD4e!$>G{ z(F0%eg2}q6KNBpVxQu32jal%%Mm#8b)du%P{Cix_VI}i!fRa*Rkmstuz7ZR^BS~p| zUgV#=B4sWs5}6dVtbBv__TO9iyQM6!nieHA3+-ABLvlw$c@&oeB1!VzyH(NEZWc~X zPG^WI!p)eiS&YzsoBL5FYqu^+2a(k^!v&kTO|`fYqGp93ay^dVPwDf*xlb z-#{awf8UQvP5||ypdX{fpZ>)}t8UF=2*k8RWRnus{iGQSrAFnO;$3#t7msD=0+>BD5J#R`Zm=BJtXX8_M?MJaxTxac#E?=KIn3Vq-w$m3w zy=g8Ma6Ar0@;8|Axyw`Kx32HYxLM8R2;etF(3X$DJnUWc?faeGHK~4==8wEy0YtFp z!5lb$Sv79|pr8IY?&z?<~ePikvU~n@r zSNzf)NWj27>+_|INDZHO*;A5YS=<3KxrjBBfSaCc^0zE4b7bhcTmxh<;Ms|h4T)Iu z5zo8x0aqc|#pl-S`ELBaTk6rsdTd6Np`TIFZ9rQ`sv=Ykc;9Emw`r4StmVn(9rEyf zJ96o6?_%?AX_M7(!~)Bv8!h0x4?{jD?_31_MVb&6`uQhVn~Z)A?;rCYv=tHm(0pTS zYUX>fO!3gMdJF=K0LSS!VA4esJrkEA!n(QuK_I3xENnS0!XVLV#m$~(weoi_%T4g9 z;opTa9D~P7ur-2FQsoeS!kg5*iOV#&9&)GnkqFf%1L2u{H4EG8O&T`$vj2I-x;y@X zkzZSsk)KrI@eHQH_~~i2WR*hS`BwAUbAV`Z8_u}sE5(w5pDelDyF2NE!K#&vY`~J_p_sjjAFK2&B_HXZ* zHEY()>{;`y^)UDCPBM$|y;EI3DH9X9tpS9Qi%a+t<#Wvv1>T)BGP-cA+TK;2&k#VR z3v9+JIHT9_wbrL)7>GkNQo-?Dk*AbLcK_3K)4$(Cn$vzHd#Y^>@-hF?;OpS#F2fG8q5EhZzVh_EpVoijF&u{PgxC4U_PCT*) zN+#_0EcLky1D$87ubgJzL2fJ8rA^Cjs>0D8s8ElGX!=TWjzV($kX3>oW#U!~xie+@ zdPaIhX}PM2(>{9AqrFzYtzWu5?G|m|T)fM>EKD?4i_UBD_&4Nd%+4 zIcmVk(A?wl3o)iYy;7DAYWhg!mbwN3U%02NR1Xor|jVOYFR&D>U^iubXd#_RykjQsWXq+i^5F zl?pf(-zBPuL1zP|K2IzB?E0~|3?x|Ixp<3J|0ql}; z5n}!k+3nZ2K~-Y}NR=4y$LO_%JrcHi{kOdKhs-2ABJ}fGu~C& zg>#An1}hP`wx6)8TRE%=+Z>^JCU<4x(0P}Kdc@0Qd&&DP8oNLx^!m2b3=_KO;)mi6 zj}N|Rf~FG3-?*hjelMBkv3yZxce;x+6Qxmc5ub}DNH2LQ(VI2EA=18E^?}` z_$Xp>4Gg2<-bqc=2{K+KO>^!A0{u@R*64|ZZ04wrVm**d8 z>Fn&D{O@5U{z+klHk`jZ)6H$Y7rxhlMyx| zgr$Bei_I8l?SUiB`6!2uwUr_fs^s5$wi`PtKVz(2)cvScaBBosJ)TAhGs$mQlwN#W z8-d=AxH8=CP};wzT*5)dmjlisw|Cjtrh?s=_zxLmAHyTkkfcI^$1GB)-{N`87RJw| zeRxxvbC>rTY4!v6b2Q2b1j%2#W^E*z(Ln3qQnVlt#=&@3;PMTr}awe96uUS8Kh_+vufmHq@(^&Ax1a{)eg%M z$cW5oa@*GpgnPRqufp@tMpqZ(v)6bFl3K2lN*Lq{gEnpBT;18}(VCnKC;~AmX$@Qe zG*TLMkzF**pYE-TWeaNC=d-jM6ja|g8oRGz(8vJ5rsu&3!e6O!zm&%UNLaA@8pY<7i(#b|naK`UZ>aam>YxFz^Ga_yD71V7T|)> zwH{42*zWje2GzG}ppTFhvJURMO0lbT?SWQ4>I*+76Ot1aa$g4TAnj>kk=qMSJP9dR zCj2bWaPK}ipUPxL|GD(LrYgQTSI8sZ$Q*cjP=+zB#WMWrJqNT+#Rh#V(Z`+;% z)<|d6NRI&xOZKf?@1!Xy=)owzi_zN<66%?%yjRMiv3nuuNXWhSgjQ@>l0ZrPcVc2Q z3!NlA?7ggL_8F}JrEUp+`!>D_Nh)}HUP0Kah3`IS2( z^5XoQhp8l7%*<`X!_?V%Ga?sk!7Ru_q91I}e#Y3WFw)x{6wKj)iUZ|?A(nx9$_-b< zBZph&K@j{kIkM@Uw8xgmg_Z|8dfWvrpAstQq#Ct)X6}uLPnfS+>xKP(`vMuX690|s zCT$7^r&Yv9@Cr7|2*V}NfbzL|l?yS#fLZlR)E`uZ7N(?y-=++>_-sbJD{I_*OKWgs zV_jkaWf_s&H~p;w#pLfl6>M_W_hU5jlHclus(;7N_Bo;>^4d*O^|MsPJEB1tJU3Nn zVuzKKlrX|<6oeB_t%ZcDV<27js??mCj*qog7?4w3C4q{+jSjlb^5;nl8-GQ39?H#i zPma=nl*qE7ILF|cLK_498^;19%;c*Fx%m+Qz;17IMi0*OQ_PzgtY z@jcmG%Yn%E&K7xKNvad+d_abJmeTAL9TUu;V0-E~Yi5y5f4(cNf1q~)D(38rMw5O9yCEO!B69bh3?LSFDKlT$87Bbc|78Gh zq5rx|7UWtHefIn}%P|GIw|>BHb-s*082>&XfD?97{MitLjVzL4r_WCQEJicnsYE3^ z!V}s`rc&~=*`t3|_#34ar(0Sd$1XGbrlHB^iQIdND#$q9K-SCOk}YMumn;hM> zei<+(TUHB-dNVGOn=b=RIp!1z(OrFsl#vQE1($XnX`2f`C#TpJw=rK5n9CSC;Fl*b zIC{BtS<*8qY*H5GryduV0ga5-9mZ*2E%T-8{1cc*;ecDnje7>myjV5}|Q zfcLc|qV1y$0a2FavrAQOLfLp-vz&#!Q15vLSWOKhZ2!3xd0j*5+=Y4+p$6r2_SvVAX#qY<@-lTp;p8dq&>m*@hb2P%TKdrNR)Vk;Qj+X;{UNNZ+cF=1iE-LjLJX~4NWUnCnB_4gf|rDNMHyQYvFCORKk zC|k23=)~yA(pVIlp>w2g&J#EKb zsc!H$X&L?U+=9J*Gf?e2SMqcPNp6avk=`3ScV>M_u+sRNp!p*DKc-ha;Fk;Lpsi(t z{goduf|5i=0}wpka>#mhhy(ZLJv@u(%s_nl>EQ)p} z4LwVNK5;%i^*&*ku-)pfK#>YKn?*7StY(;5FKuU(c&A>J$~q zJKvtY>_4=24g;#uG!v1ys=YPZcbe6WN{>$@)Wz0Xoz%3xq z7XOGp4uJuFr+xNTL>(Z7q>O^3((|Ao;BRxNqGGQ5s;vu~LI6T^LIs+WJ84D4Q3>oS z&1;4HXxfuQ-5IamGTCGfofdggbCxTNBgT=3iQF4vKR+joj5+yfRhaP2g|2&#uXgjP zGS_wY@p}FbOr|Y))SsD)RF(GWvU|I|S;^JL#ozB>6IGd)T?jM63=H!DDM*#g$)%I~ zoB3|<>H{3}U+n(=OZlul-X{e4-__?G0Tav-GJ5G$im{&ybzPK`;dn`oT|r^zVN!k0 z)Nw3;HZWycPRALVQo6~$t4y&kYxEf$18mbIAS+!^PC@6>iQRO5ta7&QYJJZV9GpVx zHWHZ7Wy+NcY*QOeiyBQkZ1TX6cqV>Vk>pGrupc4XB;A6aysB7l;d4|5B~OkCEW&+8 zP0zng)>q{1)Z6?UFkd%$F$<%!DpV^~9;Ll$=p697mOhn7RpqU| zibqt#Bv_*a>r_HUeBP;fYeQ8+HC0$OGCnT_i{D7r(gTW&DE)|(_~|t#IeLkiZGw$I z%Aw{&ytuCO*7f)9A>UW&U5<~MszcqMAVeek#-IMd87&LA)NEtGV`-rXZY#>4_U~rvyHNBwLXeK=# zC@sG25Whiw$q2%?o$jHdSrtn|2hNbcuQP)TdtELEV4#T(Oy#*?+x9UQzV&Pt^NmaR z)O#b)d$&#HF1I}q$dm}G;d%ZLLucv!PzOmS}}HLWgB;ENm|F=iurbM>!S4fw_5)#RbGYNbDOyGzzjqQjPL#n82l-iJ})Q>#pJ60HJ+4& z%?eZa@Dk^g!|hA(`AF--@Snz~iLdg|yQwnJg%_B8*Uj~{fR`W!F&7hqz&suW*rT#o zP-@+?qe!GPtTikFUU$VK?*GS0h_$ECk6F6|g5waNL(HSI=0*ywdq&h1ztmWz>G+Zu zVT}e_P>}O~ypLEvNm8(RRr?0oYI4D%v+$@ALC0cK4IBiim=sQ*|gG z-@9p%uH9UFwd+~AUv9m*-0~Z5L77G@O@xxncNU2m@C7 zjNtcNut_!0><`;%n%uQ<9=a1Z24SECjmB)`Z?2!Q$$<>8{VrKP4}t51mL?q~Mm?tn0cpt3cOw*5=_BH_isE z#4qlNKHRpy;pH)mi8j&8gs;%M*(ZQ zB`wCvSEDV5Um^G4-byjX^LBv?3t{JSs6c`WNni?3(Pce-Hu@REjjn$(_H~3ICQ&1o zJR{+qm96E$aBq%mv=2A*nsCH`>DJ?{I7c87Mh)xV#S@VN3C>f&!fy4$69&*Ey?6@K z&EhL$%7_`2UfH2qw}4_m%+q-Fo1@CQ0$hG`Fja&^&H= zY-ek$J<>v-okDao0F0p{ml!<>tQ_kmS|^m{pW>-gZs~ zw;^JKYVE=;>M-}P5_N%X^w28pk+Od>V`$)SgO4=ZD5hdCd=BnY=a#s&kzZ%f1c{-=a%ng6QMQSk=W`}IQzVBPh5 zMs~_{-_1+S_p_-a`ELE4n6^l(m$EEOg#K55iM4$8d7q>ITOx_3*2rbO@~ww8k;8&3 z@Vb;`0IrN5f^bXyS6crkU`_R&%KilROK9CApW8ft7-uR*$E!iWspoQ@bD2ERGbHied2qlM(#$RwHzfuq6^0Xj7 z4}$2E98xG%;Mil{PjT?!gpy(kFMHwRi>7D)^dkEU86*-4R^m6&;<_%njT>9r9`VDVwE+QKorWfbV z9@#o!y)3C^a8#tZNiBd|3S@;jyw>5=^83}{)L6!8>vCvhz1}0+sL%N@(gqCER{>JJ zvInwQ8y)n-JEt9=7;Z?Xeo)cu<#RQ*BW-0|s3{8us9>z@N|`TxGspYmtOX{H`8(UX z!X#Vi!>{mkaUizy^6$C}9o1hKLM8}T*T0q%3dICHX2Zcg_V;Ui$W>v$?P?TKV8&If$uX?{Nru=n-Wz4|X` z?y(>#ww|%9SrINk5qDk}IG5J);8#ZluoP^GXI$OHV;Q!2R)6-S9V!U2;h29~P@!YP zwKg+N-c#wEuAZx z49|G9i3dqOdlm{$$K)aS-Ji?ZjYSYa0;55d<&xE&^&6NQPYW9n5W?VRN_|t79d~>r zQHeDPAObGVv1*?oKaS}?%gb|V$^H83Cu!sjvrPziJQHUIg*TZ<32Wx0?z+shj!G|I zrwC@ljhp0W&bHgJ#SdD3HW6|53&ZOHLj+%pHqI63KnSu0PIIUG>{%#bn#Dvgu2;mz zwm+vPEoD$>&w48NiIN~QUz^VaIp`4%kHtn?_q~%0Q=rz}`2ufbM}m>7$*tic$pz4g zz#&Z7?%lwH>fIdmviHguiV%Coy5SKo;|vudnA={8#kHx+`UhyiHA{!2-DGFvnErdM z{_e;k$Zpitas+~-<0IWw4^X+-$0xxO`4@Y(96mw$qN`+3()vZUv%06Z?P~-!&u0meXJ4-vQSeOlJrjd=#TN~Ke)m{F*lXX;+gFdTx zAy4FMqps5!-#Sx|wjHVG*U)B7|9o%$kDKl0rWB;!#%Eyia?jr0ep{)L1V^3xUg8m= zpVF)=WnJn)HhALIM}9%YcNP5`7k5YskHZl|>wwksY(txd`EsLSIDRwFQ2G5JfM5^+ zod-0F&H*bSqz}p;E_}*REqOKg&S0dhY}#i;?{j_mU0pBnDtmJ5bU1$cYrklW)A(Or zfDk6gmL_mPpH4f_Hf4kZS;mgg-~?D)eA{ky`NKSNxeBlUJ-1+rkxqvzn0EoM{&(@v-&IfInL2*q!mRBr z9O2P2eJP%R>lCV-7o=Af_T{ny8Om#E9o{V|a-2H$2A>J|g(_Yo3;pVR4_ELC;{%4q z-#giHC32ZF`n)*m3e?jZ)m>W`fU-;$ebMED&_?(!c3Eg%RCE}n(yQUnZser9-zDC1 zslV7zLv~c?Io~;=y7zO;)pC$rPo#R@@deZ}r4hrW_|^jrcPT(K5Jky z3pCW}I%k1@lB2MKy|BP9-b2CM(u+tduchQ7rR7jZ>9ft<)2*6GGX4AIHSw-{Pj;l< z35C7^$>RF{5m}^r8|5$h^lsAg`$~^=$mdq|Bu$>*U&mR;d`lkQJ-ly}QOti0jg+>0 z>&cg1(?DVdS$7>TDqi^DQjGui0m~iO*{~m3q-@_b3FrIC*bVC??%KJgfrG=vPoBy- zl+s@Uj|;V~ex~z#&%8l9Ldl`L)1B?UdoJ*z&;b%lQt!W6Bp?b`+xt)}!0It|&01ZK z(1$PXaWhOIED#XlIJA(`)qT~>QMP~4n+1=Z989+UWIt&*xdNFH~Ow{RF(AYU*` zihurAT_Sp_OCK4eP;nulqjks8K(ORNYqsfKF|ucCOP}tmUq}6{Gw`U4!K!%!ed8XKM(a66C zu*{^fp=Nf`1hVUi(dgm9G`;Qb!QA)qxT{mRreS~aOUns8&a(L`D10cwh=;IF#T|s zCBR(jqDfeUkkFCB^&#Lslw@i&w^$r?FthZOc#E|mn7eQUX@UC0Xuw2)ZB(#~kQ{PF8(Yh$;^p4jRj7yV` z16XknYISVU#-yTK<>tjQY&6#9Q{%(N@&^4g!s#)*{8d1B;Hq!vg}QZSvhQ|CLv`Fd z;0@~ikb`qqc)9!6Zv!KtKPC?ZAHpQuxw&OOo$4;d&=9!HQA$O8EFK=<5VH6w)p8XWnCViOg>uvl)D!nMgwl&ML}@`j8+KdhFp2D1L>_oh0T z&aY-!L`_&Ncg7vXzX3Y^v`!wC2xc$i8~r}fVOuU-(rn>Qp%iw`wcA}yB7!nhhXy>5 zKoogpNPvz~cJbyO0Xu416<-dw_`1F{wUw@2k!6(jP5*o)`IYUdDtaSBBMU9;zih-w z`o{0L=sc?Ooags*R$w6GlRlrZy@Z_3;TBYEX3DR3=xeYx7VJs<$l#wA8{RQ-$X!^5 za2Y1v;TvE%-&tP-_q~>#9@l4yWPtN%O*6N#;b`3Gs~Set%NA-q2?q2_ch!97+xg;asE1@2Z3D05__v zDDE9)JSa&ag+2flz{bykCBtdYi111XW*Nm}|W|<~kvV=t@TzA6=pl)wESwj?28#q-TeOQU?)wsVnzgH z%Ju}V$LgV0S$g82b5s_UPjg$ZNM%?oZhIZ8h?mRkY)kn{YT1dIK=h&#CaW(MKI}Mj z_EV&cDvd7(Db14xsrNq#hE4^)w?z(J?dAe{TMi9*L7rti4-KL)L8&UPsnWitlAsso z?KpEYB8@#>3b7C+JQsL*ZsU?N#qXyBpy&49cNd@?-)zuF#t-gTm<`+gD2&yNd3IjJ zv}*4UVE*Pveq|wZM!-_;@xW8CPu-7~IMRE+bdt{(7WLIS(a&1)9LPh+z4cQd{hMp4 zW8z;5m(q`?P2YOB1152cbk16y0FhCb&;9N(Jx}k5s!eNZk&n)+c-8p}KA-O$A`nzj zYa56eF~ZMAaJidi2gYJe2x{*=tY=8zohq8;Pn(reL5$SgU$z?&DAqdJdr=th(S`J8 z+>BIavP9hP@BY_6R9^uTFKu_0DZ7QlFbhNUQys=9tOGgLU0>r(i|5j=Te0}=!3wA& zRf;U!f+gN9%10yz7Y*;Gexz{v^31{?uwOJd$n_O*WXU>Mj|EM;6ut&Djo4*@g@!ql zoX*YPzPj_pYh!c$a`Y@NEQGkq_US=B;Vh~^KEqEPSvf)9Eq}1Euy>WtAovR#BE&bf zXJ(T>s|Zs_6j)G)PLkkXlREJdd6RLk`6c_|j7X8}{jZ3l9wUXrTeQEEEgYUg0cN_Egy~GKochMKa8oaZfWc`w1W&pRMnUG?l;^8 z`kdGD1Do2O>&-b*?gZ96esJ4K-A+y+eT_;lS*3Kwvn-AODrTAGd#W_+OE#WcwmEO8h`lcfylFLPSp;LtR~BY z--Ja8AJm`NRC8)-Sv_~^TsaeL*W@A!o#Su;_a!y8{#r0!&3-hIsY#kgusob5q!qFz zm5G*fJ1i1Ytl}J+OCbxOowF^VW#9v>EruqsaFBNri5YdGRgoaqa#YwF->=-%?g zPOcX5;^W~K@nfeB*^JfL=ErR-cLmyv>l>*BjKGs@w92I{ZTUtm-CmnY+nQV)K%3!9 z7LJbBv9+1XmYQG@COeywGEvY+KDXuCLN8j%>xz&O!$*2uP@)gj)!%&=6q1^%Ym2i! zHEbVyXlW-se6me1yrnksnh_ti8-KpXFnpOQ3es0}&O)nxJQ;}J`ZantOoNM0PCY`X z)R0Ht?f4?zs>JDL_ILnXcXX?9eBqHS69>z~py{?*!D@zaK--~$grHeA~Q(9aa zq8Cd%$GNWC-B|HS)dBb(e4RplZt?RE>1QgeK&?7(tZuQsaQb@)(_KmU!*m+Z=YSbO z4~GG(!Omh%pL=XN?_L;EB+K2QOQ=3aO{innlEfOkWheh=Pnql><=0oq<3KX()tAz8 zMB|HihWW7JOw-!qP!h=GrwV#^YDRV{JzN&{XQPHx&04eNVx~Bh=2{s3C+^eKRQV5P zIeb_|3Y&}h(4CfV+WjOV=fu$HiIM>UK2A{RKIx_*e_Ae*Ht*DT8J z!%0=&kNjGK=hLk?P~7OP!VhN~mQBl4H+s7L@|Jdf$nWayeTDkMSJo_{=VG@aU4&T< zMfsjio7OV$URwEZTZ+NQCjw64Xwv4>WdJXPKeE<5_D70UTMEu${IQs zMH?40+3a+OHB?5GWZSx4UF$90@Mp3oxXh+$Y-v#+29p1&EWGT!IkAMe(tFc&Fr}A(avoE!R~bA1*tfJ9U@I^gt~;n7%>1(44CPXVoIJa!>Hv zv-(&nHkEAuamL5Vgt)ARjL)@+7&Su(v^`cj)jHSqiv)eXk+n>Vm>@r2r|>!tCM^W> z^!&y!iMXg)^TvI!984POPetksN)<6$&nQxuMv$$k?3zFuguFl(V~-B_(f!woV0#$u~B%Wwgr=kQ5= z&e`7|Vc$Az;CgvJ@yw`dIFBIA>D~*mEZ7H!kRa8*e0Z8^kwpAS6KWX7S;GHR8D3Ah z-~2)~op%)SyF6zMkx@5eTeLgZ%QL&;cDHw!LvvZ1UaoAD)1!Fji;(GfwgGqr7o}1qrs(=vT$sd|j{f9s(>S$lUi^66QT{7& zP|ZkjVp{%tRSrwkUCY^oY8_ioTwK@$EVeh#c!I%uL1zF^3u*+0nEZDZP;^ikVlb(5<#;5h#eNa79#OK;}vbu=j z1=p)SU+DR>A?43-d_@X!d3d=1+uP6Zh?}HSOs>0&Vw=C zKm2xN1Y9Kt6t1s<$c747u@i5><)o(_DBeVfD{P_GI%mPxlg< ze%yyr$aAgX;^s`tKFq7 z09=k04h~H1 zlgshE~Ud`gipx_hRfy|;i*?Ko+a`o<-(Arblb~t0aaz9M=J9RgWTuLg7+U5ea?<;=zM0hdZgc|y ziWg%iUIdo(S$gFx@no^F)OCS4uyut2o<&dK$@kI;1BMot(A=yhPLd<94K>P@^U7X) z81iony#TNvZPC#%$1iy=fQ(#wvlfqi&zHQ4SV;Lgn98!SrX^G~g$Ev74Or8w9Xr zrb3=`G5d6-pibh(JyIdoB&W&TbAw$Y)sot3E&-Nx4>c_<(2!B@N)tOoqYnJb4%}m8 z?$|eLo|`bgsoQFV(6wjdL*gUviMDm<@G=4y)=8!fsAlaVrtkS9YCsYA;g zmOPeuj^NydSgyn-?L*6NZ0xA?$~r9C@(1L3=~T0A2JF<(BF36C{f$y@=>cr07PTAhXk z6#|caXGt#eKcF=>rdEhtuQK~53f9Haa*hi>qb!p3q9;%mHDH+i_nA|S)?)rY?LhtWEv&pNlGQcj9_1?@IrN68xj<6s9dU3Nwa=2f~9WZ#eeI;dKkY>!6*LvW$rt^$)P8A@!vco zgHTD~z|I86Z;!PFvxjNWH9T5eoOsXgka3kS+p1DnWgw0g(YL49KP3VXmbj8qj8;oJ z)meHhw>RCYv(Q`Zujln!lt&UH-aNC0681U{}$uXG)`w+f`~|5Ti3nWA(4nu@gpbSdpEt#Zfi5D?$fI5H8E(ZRUmEr@ zXWz@D>Tv(-C3SlyzX!b40NJsG5xEZ&ttokV7@1rE!ZUqq?WSJZPwU2$L2g z?`U=S#MsVFDp#z%KjKqS%t&bh!A%PyAHI*dr7~ja)02!vaT*9Q=i4*~DZ#JPeEq>nIzI{1kxa=P-D|LVXiPBIvb_y01bO9=^a(E3H)kr(S*#Y^Pz=mNv% za*>PkZ4tS2f5d%pNV-MFEu@2i80vGr`wnn@ka1}QxIR5IG7ty-=s$)`R$LFwpS9GE zlsZxy#_vC}SBVTfP%RYF9Qvks*WGBo>F4ZMajK!t`Y-J|Q?|tP!QtXR^ckNY#fg3j zmHgPeFU}^L@)ae{)x59bhRnSlNTL%+`3%yFWuCD>U+O2qSa?zzVli;3!5W?v-vfU* z?RPl7*lk~8w0ReE_LMZ?UD|0{g(mx9_#|p`JsV6tN|H_W50!yQiurm(NaXrBJ4J36 zr_n|9RXE;{&Gdi+JiKsyhXDjpCEuRQ$PP}F=lNE@rkj7zL_OS4JM{0yH+XQ!MNBB=M{mj59)Fs}t6hJq2ydB;Xjc9BEg zaZX`JoXf}vMaXRFv(r(V1pVL)tCuW$Bv?u^Jnd@f;EygU$hW)Y^{Ckcj+=n2LDgJgoNkXvb$@2 zcO)UM*Q&~0^RYIc$6vMBSHv;{s3ANsz~Q^Rf|KHn>oR2obQtWkj9@Uut+?Ke1XbF1l8f3gqJdi zeCWSjbzc@}Q#B>-w~Y{-RUX4nzLB*x`zT8WC{gh6?WC7;I=C=f;QlT82UFLh7^@_V_D9cB3^Eg@8;wQ{dmn+yDhtoNSF808)?yhvLKbw z?2X%YL_-WSAo%G+R3t2^cFPWY|06Kcx#-eL)Bd7UvQ~Y>Q>-rJ%IzevCG^4fX%)xNsJiIuj1D<*;pJ*FeP)i1seNa|IL&MeVO=0zsLWcNBy>-6oQHq9 zwrt$v4bhOD%xqT@TP-)QjalQ$@VJK{k;npo%8**OPO^kMaDrU8sZ>gSLq+5e(CavV zwYynm4Dm!LuYMd9o}ydZ@h`FoRg!Gd2x+W#NEbmAgHX%@miO zfdn5P^jr=}GD!q$YX4w#9-j4AKd&%+z6x8+)>9!4LI6e?>G`%8vlcpCOkYM<9G1a$ zjTn2(^}}VTx-{G*wRC|-6>wp*iObSo*&(aACfb}tF+K5(2l0dJ`yqbBR`jufB<8dv zlqOw$Q4LnRHN7WOAAiWu@P_(0DCnx{$65}Y60FD|qI};^v$5)J$Kl?|!&C%^Oc}B9JqB>>O^fNs z{9nl)vk`NLd_F}2p2{c{o^aSg6MLJ|?w}wLAQl;hPC5hb78P0QmbP5)w7P+oGDcmW z8=8u6iAIY9QS?xWrK^lF8gIu?@gf>IF0X;o*{mQy`ZTNgbLi#T_JM&up}h_;GTaMq z$&~uzh}UoNP{ke@AlK~vY3Q?Oq?PIOy0oDYo24OaO$XmQztRhQmo==JbkS76=Tjo4 zFtpVfd`hnQvV&$wzn!zT|J{~gzo0Li_Fb%NWdX_fi}b8#NIB5Vn4Um~^L&ZFLsvY6 zLFTpfYntdq3FBucj|WcTQl|$2PExSfgyyVMVcZ2h{t3-irySAcc0CS8c`fE=cF~@? zgZwqr{MiE2t)~Dcen}K_#!r%Qn+z(Y2Yy7;EUUQ-%twDZnibP{O@JB$Z-p2?Td}iV zz^BB%|M1X0+QgTFAW4$Z-1lBfj?iow0T+rt&d~HP;Y$H|u2mmZhyqc}MlxzZzn>up zcKQjYMh+<1w$z8_q4s^As(sN;FN&C`jx%=8LXQZi{CBzUnk=%uPstXAcjhMF?eP9G zxyAE)CzN;1B%4_h6;)KCKb@RGWn>XfiQ=~}5E81Rd+hZ_rkiSivK@zZWIHkSIU%b+ ztdwY*w*T87HL)~VVzLUSy=nKS31-b#KbkebDUS|*JYkA+6`6(@lr@AlFR8mr@=HN# zTmIlh&YEbz=Eh`5&VP4o`~S}AEefG9G*>nA(QD7Bc5Oy1HF=tiJo))381ZFr&X|i% z>2RnrovYqSd<~JvOiwXZ%OgV2Th`z*)9Qy3`(Pkw6nY?UtHL)>c02}DnoFrpANn(9 zA#rq6z`R|}G^YQo3xc6X%<6n>JDZb3Wnp5=ZQfa?fpnND(lNc7d24>r3kcO_QW9|x2WurX<`qqUHC-XnNngNVitz;)1 zWN2>lqsmVpRCRGRDwhd93Tc(rQaK-8;%oVPYKC47eQ4{?sR9*9SFy)vq%F)`#=YxL zh4?!Ew!MO0cGBio*Bzk7zZ!6iBNXR-SaLNbbolE+I&I}Ye_dA}@~}x(4R0kBDsKt} zs-GNLxJHCbWYri)8+KQ#kU9ArSQP7jE`L6=%Q|N}r@hxICZ{Q0^5l&F!Sm z$RDdm%ZmXC5<2h8O^J*o4|xRjgL3gA4_$A}{{_OQkodsEwn{oi;eAI=H#NOgBd?tQ zeJmrfPxDCnAMw;Gwnd%zZe9E_fT$^a9nh0c?!AawGS~pgK{pZ1PRZba2-Y7|bujCY z$~pp5xv>GLbCrG_l4~fGP9YV0yok2O!Yc@I<{ktfq#nU+j8Uloy~^t6<{WHVYA?Hq zxWDbi)1$)`w=hAwDmE|rNPqH0TDxttKLl8C(7^2p$)=BBiMaL8bM2nRkUo3c@R86$ z{5kx7PkWToJ7z++M`!mBKV9%wD32GF`;_JI;Jw3o#4j{rWg0hmL7P2 z@KMhMi?bw6_0Ie{y;>1RtvuSc&liW3KWb_1eSzCWF$R+#cT6M+x0+}v@+tbuY8J0# zCuiyINC6OXd-kgQu5D5aOHzmwN1YDi)##rGTQpSW?Amz}`2G8UFY>O;+b;5-y3xaI z6MA=x1&9xARaRN44?9K5Lc2rD=GnL4F=}D5aUIVOn>m;rTbQ|cu2HE^!^w2@o*(wS z;G5Lerk6>GDq|IrD%$1OYV= zsr6J~e{{Z0p-oAM3d-ZPt}o=PLdnQ3TJoy#@fCxV)#J@%#R_Hbm+hhOGk-AoW-9Rm z-L^v}*$j9OV0QsO59ed=6u)g~po3QM6Bq+GsCcSPFgO5Vpq^+(P*H75u0>wEC*95G zU_#I=B|B<7G>Upy;G_>%0vt_&8)*_AsrElhq!`l%p)Crmi}=JZ?fXkreNZ_(AL(eF{lN7hfBtq z-pPs*xEBH08;+UZJ~`E!#2qGW_$H^!oTGh}{7B^*&WK7_z5bNTV$H7Ni(T}^u$}w@ z-Mpkxn%bmHV_{1Gg0j+SQ#wj*4yiO)sfks;4T?K%$I_O}YQnN9T!bXKSYIS6HoH&RY7^|&^TB8K>tLPztf2)|A@z@jw(T^h^Bc@VE16#7T-Zv5Y zgs-X2>jd*(e$RO&~zc6m3?Wy`&U$>mBq$qEQtWbcgg>0HV4Yw{UskC&{-n`GhWM zOHx$4zY`)|mygh57}WSnnhWKg(K+nQ?LFv9aW+f&L=_~MdkcU4yO{iRT3iaBaEZ_f zIh9ZS6PDQuZ%^!3CU%!5eIprN#AkC~HniCez`fdLIimnirI3R1r+sTr1l?!XYh zA%TT`ik$s8=KwXO2Fb*5NHNoR$X_wNT>*OAxD8aYhu`x=KP3mfoMbxNV%#V;lL)Q9 za;}y>pvP3XiqK_RGrr^GB~muBvo?@lZ~EZ=^+n(#129F>n5!N}%EbX{$=T3$RlZ#L zh!ePp$v9FMx|1b?MJF<1FZ`86K(L!nmx631cQHKhP#+{{7HGyLUW=1EUGR3NhW!hx z_EE3=@h1tl5zB$~a!gTRZj6EwEs(EAp8^-qMj-trUp#v>OZ;kf$?9Fj(HmJ5%>_-D zV~pkJV}#nnzbW2;DXgG(U5X6m_tuOO)of^BQB|eWi!QJ?YuTR}$ndC#IOqCv9Nf-g zJt=l1SfSggxAcZ3w}%Qh*O}hnpia}KPVP0h0WD(f$dg*=Vh}{eVqx<)WmefLJo`5I z{-DNC=v3Zm$WqftTXXcCL3PN`iAgzM6QZ^2JhV@unE)gA_n>{v+UE2IEzCfja&OQi zW3@u$u^ty_SZ-}63sqz5AOX4%-I zD?K$N!~UU%;jSsTIhEOf(g+7cGHL9bu^Mhu#tdpn?X!+ce>qsE-s5mmOgdcpMHhc- zq1(iPpc(tC;TvClp-Q7`sEACbcoQx%v_*pNc667}lv+SfIur9blcr0ET+M#-z^g6g z6{6buS5TZ+Cv(#xzDBC(WK7D~m2C7m+%Qf1O)3hD>~l9id|@B*0yco-1Dq{FYZM88 zKYdZLzgYsGPt35f*Y7=Jiq$_X0t#~b}F}V{5u@s3_iymtG zz0```iDK|Ypv`o7d!$ZNDIHSDz}q3VmC*V1EU!b9g7KWnhy}={2Jm8O{hcm*W3a*- zs_66vyi9KrdD2MG3FV zrYau3(DE>@_qlz=lBm`xL%d0#qA@y~O%~?KmD`e(cD>e-_Eb4CtV;0qq6GumU-$t_ zQjE!n`YK~c(9bdni_vY~YWe;eqO`onq&0>^_W==%FAcje7k9%-iBIYzPVk&}aoEYR z;p|1~x|*zVP}ud>MOwPxI!5-qNw&tHZ6k*mmrFKHl5)a+vF0{?^<70Q=Unu1FDV|U zPmj+U^zogUc;NJo;#i1jBYii&h%D1YCIe3Xqr`8%H^Ef2Uei2Rj@mrd5=~1+PH1K# zY4#S?NnU8+i$6Lv)%`g2cm2eCpJv7O%(EfNj{P0ADftW6Uv^oAltz!y^2xH8LSLQC zTMR;7NC*tt-I`V-f z5pj>z0f$l=%FImDAA<}G-vDPDz$T6+sjs0`o(fM)mHvA6HgGA9zEQO^H641Jmb_Il zq|kxbbBChC(-T;y(*hY48dAg!<6SZwm^CQawM0kronB)|>eP0O&a^7~J$x{#&-KCl zr}t7@z8>AT5_w$k1yaJFXShxb-|!!c)476kufgg>juVP#N9(LJ=qQu=q7a_m` ziK{5&sv27l`D^HoNe3q+@Y3}o$Q)}NML9%0PbtxoJzJSF*Y5GV3T)}|9T`xN-wVci zEtoU)API}+F>OYNdea~1l7Us&OXxqGf$j{dEY_-6UVz)w5H}SA4^16eHG^V5x_7B$ zzXQG%xpr71f9wwhDDfXuNU%s-{h0z4o2}=qYL#<7?M?z23!{zo7eB*fw&xhVpHp8?MSU@20UFZT^y~^PBDsYt z#Z%vC4W6;A1IE@C%fA)2YYv^SFxkGyE^3oh~FfRZ35|BFF zU}w(8Hk~DLbIq*aP9!OY$3MU4eRUEf1CvkhZphaCI> zb^IHWe1uE2MhSm|EgAwC=p>I3<`K^}!=2MdAo=2TIHuQY{!);4Z z##5aePh~i>zWYf#aCx%8o)NvI+??>vGKJ1Glq7*jdG8tBh#^_T;Tt=HAeQG9p*e@`t|8=0 zL_c=Hn;btEoAj5~d*MoyI9#3nTJrYaaDVubg9piZ8= zH%xcWKuQv5Dr$6K!-IR8%3WE=Uo~%_k+jq`F(v?{LS$4e*mvaIdazGaS-pxuDR9eB zp-hD;dm+5M=?&z#x*m>6h6CcAXay0QU!Vv|uZP0e!&(uwl+ry<=|^k+-dmdj!GkS| z)xzt^-|vd^wh{p5?_u&+rKBIMN#vWDOE(MdGINOP+&Ab+m7|3MXf^uY6jwb^^EK3c zRkq`2GIdwUXAst2ojGqP(4Eaa{U3VudoIptU(LHPA;NzMe$X zzG9P)kspwl-PDVGnq&VWHJjid@eJ`#Jh_I=Wp{uB{e5jEHk+kvqo>0HpKI0S&hAki zS?VCWTe{jLTDZBhK-7t9K5|rG+%q#EBz&u=dsv8KTAV=6iY9*U|m^Bn% z+Nt_Lvk2~Oj_dCC+UB<&C|KMQDqD*`j7T{meKnSuuUn`ff0fEYq-3nUifXZpS#n8b z!TAv4znr>+F{zK^wZCPv6%WwHetbO5q${pP3y-y?JNbbZZgA+S@u;yHA!jl6Ci)#k z^nkcI^R1nbLKKsS3F9QCCyT(Ol5QnBvha=!kHCoDFe!RtBAg1*Q3luD_nf6V=u&PC z*Ln%Qk4L?@g1@LY)bX3tJv*~tBA4yC-M`J4L;vB(C%2J3;vSG{E!R{fewtDFv8BI* z)qyoUWrGST{bqAtF*B=Y2f5TgbUZ3$#&~P-W5g%vWa0KZEw>CM5es_eN18f0Vv{gk z%sH=4>fxsMtoMsw!jX`P^P^-8*i`JTlMR3My>-al`t{6CxWY7hk-Bb_fv%B6|LV;s z{$k$7Q#wv4!zi<%UYBFGgD&IS>;}8`_xh*yzz<-@cjkx6S~iyfA&`Dz|_+S zBKDjcJ+)VYz2RykCe2Ui+qAFU;6KMC}nH+$YSnU6Ou zE;H@`P6}k)hgUU$B{V3d9bpdat5nbl%(tqk9eUTxlvizxPo7e`VGG$4!{5*P>QVc5OtT?%F{VCOwtJN^zm#lH$J!1U6coJGSvA2i?dJFZ(q)bgY8h#SC6qR zl=g9HvKS*X@ii^D9+A&>tdj0SyImzNX=$)BXT~s`Vu<33VnbZDa2(KB)_h z5Ki({mwlE1%Z6~&%zdZYAo8rTPQ6l)<$?6a=L>$DB6Y{=2_mcFxg^f4)tbk8zoL_Y zB_H28GSr=Q=oe>p74ZFhfE!-g(e~3=QnA_sx3teZX5$lXyWXCk76Nz6-U~*Dd}Qbe zwO$x0#^<=WGx9lEkI`w$Hj@PLVSY_}O@G{asdo2LU*4EctdFY|-Aon*cZsAjY1Z;r z6)zSIIwhQd)$b%`$YmtFDFt^m$6TT}N=v1Mp;+aapZ*lpn|z2YAW>?$X5lqu#l~UE zqyZyVb=6P_hpWi>Ac*c%QAU;s-#P*!nLyXKX1%!GWnmv&WI@gbvnG>KxP7NDlj&P7fldt847iBq@+_3lue+`oAb_9>?IM|E>|s%-7cuhTGEH1v*N|Obo56Tc zRoVG8ug#bve_Bu8$OJhZLDgn<{qeA~3e9^RJ(c(*BzXtr^$c*D3I*CezJvxd6?E&7 z$K?wa1Z5wO>-w=-QZZJX%5o%v`uNKYT1~eLDd?UQlUl3$uKuA z6}dAJskQ==6wt_sBsfEkAZPoSc=abb`kck_0Za8;xYm6VS)X7FeOGj$cC$o8E4@Ig zU_mI{oLUU*n+BvC+$!u<{1}HdRIo~q!I@@0nPu}Gc|8-@q|L}=(2;>nZ^}vs<=)`% z*qd`@>SHdaQ#0SBCihS?miKiH1A0#Ke|6yRz! zacQ$+z6mi%Cdfz5vt@=CWmIV>n6hv9UBF+kSQ+Qx+!XgGC5nN|r-w0|9F z*F>#S$UV+xtHxIPTs6~x&O?uFlWKD@Qrk_s1Z*(})aKJRySa&ZV@NLmEVf-KGv1u1 zs*c`XH7&^4@Muq#Ya)qWeJzDUd1+^@?!@wEHBzWJz)h}SKTWkrT{qFg1`+;Q-Q7MG zERyoLSNUN#*sdYpD}gK;zlijRu>{kor%1j>V%UCT*dX>h4G3GeJqWTQ-6u&MNlpL0U-FxrPz-u zrWP7w-GodF6`ey*`Nz+S=6M$fCZl@1$zGS7WN0qr4K_Kvr&a}YS$Q)b63U$A_^KyB z{xXf6DouuJ6Nm+#R_cw!EC~RnOqXk;COaRWrvW9k0|I`wiZP4Z%m>KnP!B`=Er8V3 zNq1MCMwQuLzHd4KU>~@_H$`RHBU_}R0s9D?;_$4DAw58Gr7|g_f@SeI<@ddKhRSKp>1 zL~xupSrPC(RHv_^=+Cn7ybVF zkt8c*3|ME_Tw(eyWcjU#VUP1Ng}M+Y30=dXl|6R7Rkf^(E5p|>IF~$!MlV&BN|OXc zvXYZuNgP(ob!;9TPrKg>IZ(=ZR}U@kX3<*4CH2K~zmZu|D?A#6NNB#*5iXWTMVgx0 z7g>(fo7A|34NWN%5-yIMLvkc{1`HY`U^rfO>kKa_Y$W+s--A zH+Z%hNA6%aMWbVf^^$0g$_V$Gv;{2!{zz3t)^`7{rTDl0=UCQ=XRfAKq#Iapumk?{ z{cKJy`w*+@SHT^}B|ePG z=!N?g&m|$@4(1cmWYh~vo^&mIQk)u$U5o8!r~jCkJ$q&s0+coR(oXt4ZECY-pqv^C zKv8)6f}qM3o6`5+3;rZ7xI6x`snZcqPV)U#u7AViGreHo)7kjZk16|0XEIWpvr?=f z3%ck3bJ59%9E<{VuBRW7!U&QtUquJz~cJD91!j4%rCU{9zY<&m>*RPUpK4uh;Op`K{`W71klP9j5{*K_s&2BR5Y*FXT-6P<(!TQl(q>U0-%?y0uD_aJ! zfBhHG#0EeAOZWNhhaP5;rK8Qig75kMB^{N5;dVzd$r613I7GQ){J+70B>zy4a8~di zjP;qHMw%&gLz{3qTG}fpMe1J~>1PHil=}@Q9$1O1fB7$A1&0(haluOeaD@_l$5#?p zqEFqoxBa;o^py0JB@~D+5qruBzW77h>LgPoT_xPoJ;8&&ZI@OjUgBZnVNb^(1R$(c z7a#IV@Hq>-<_Zl`j3Tt?A2|qrw=1zdaAYuob>KH`*^%8AH=tU3IEAy83mX-MwyKR&(z` z%fwmN)i)2)ZLh-Ol~rim_@%$?Ch6;alvoYTyUjCMT(&xPNyLiY+_Ka$8Qh*+j$W=> zv__H}uky58tPDq{u)Bjixt9w-AM%yb@9}BIv=(M+^!NCa*y@I}D6*($B%D7speoJm z@b1>UW+Mcb;{P3sd{@gm zeC1DAFXIzgk~Md;j2Jv4N!bW|6%ASUv_Mz`wI$_pu6D)A%uh0>{wz3*zhT=}lvMU6XTOpO7U_3b!EFv z_*qh;aWGar3D>YUuWK}Vin}p%WCiUjsfceO95}ur29GvNUTs}`Qyo;3VRD)#X-D#A z=sCI1XbSpaC9ckJkjGvow5B`Z|#HIiy1 zx&l_O~UIlrzbG^_`w@esB;%Px*AO zXyAr=R7jx>au+WCWM&Z@g_c%QX$(D@=$@@5$;$O`X;!`x+kCdysD`=Rk+c`KfT7eL zo#qLfondiKvuzf66X1FfQS*Gh;<;Lci#-Sb_p?3;Hx<{GHp=4*>#L*>+12&9Pq$`m z!mdi3+J{F@_%6x&LB&e*xKD{~r-j7Ld^u0A{*c+l7*H92TQG+WcRZkVBl~w@5a0=3 zdnpRiHU?T`e@q2FKjH)~55CvfQ+x$Qwh?MyoasjRT7ZT1tyMKKqsKtMIX3XMdKA@A z%<1}URkVEuHL1Zl6!wO&S#4DGTO&)ur2qZKZW*Y#(R)jaX6g&W% zyabcUVtxsDazcb>%qz6R9RvGsw>6(bTM{8GcPW}x3NV8sNR%5fcu(R7@)CVP(%9lE zwm4?LFLI6@%+XNk^XjG-QM2;v@l##j*O&_A=HD5mYD5(a( zI+QnBwNk~^x9=Z{PPAVXaPJ``eg0@{o_^Kp zdpq~;071gG4!7>|MvCauN14;|y!G=A%(Awp`_OjYz2LGluJ@Boq+bVINw?YEeO!$A z0Q${cg+x9syY=7ThZ(7 zZ#|>XLk~^L4NCaNO<1;Ow@eF{&VU(MSF$Y5R2_|NcMMAWhdWtDcI9&s>l#mWS$ zhyp_;ZD|L=g{#AFcmB}JfRucvY-bjg`RKYd=IheBoZplleIDvrgtV@`E*w4s-yV<# z4S!A7fw++XE&A0j-{#qSn|ZrsvPT^v$?COMP4tE5Yd0D#wmk@$`<`NzY9CZ+TJfJO z%2+&!og8^-o-EWd4XC){pTugmpf5F)NG_C;{(3m|&2i#>vGKKG7x}vkHyB>Hwfy|; z)on0f9tSooFq@ZOt!^)U!ZvqNm6y`mF*mcq&{U=|zy6HE`yYYEyHiMHv`B|3iPe)9(bq&TCCvCgrg9I&ia5Zn5G}x%YSrnNp+L zWZhRgIy3_mndusgz8uF6GsVLQTlJsek{0`Xa`&~pwfN+cFJ{VkL=hZdk&D^c<;UEu zqk!6fv}-b&QruVR1IQZktJI(6V}1ypW8*$Uj_|b<=9_01ozUp1W*{TPrK&7+jZNrb zGJ5zRtv`Ch=R=WBhQZIu#Av+Da*;qGb5vy;dL+*~mh%Jbs|YhVCN{3fR%gspEIqDo z;@-@!?EdoW%&o)QIPKAmVRFT`l;306*0WEs+TCB`JYf6m&tzQa+AUE?+EtV11YY&< zV03)o8rO0{QPqT+a(H0e|EarRORYfQ$HxXeuBs#aF{UHH_J9TC$Y_tWWt|H!T9kpn z87?yrrC9(aEtQ$^04)i|%MdXiai0j^?Mn4!3TWR5Y%{&IE-l=(N#A96U8q<&i*q_^ zKyT)ZOA3d_c+vn#c}*AAXae#Sg^&p-bD)MbKd?vyT9Qh;*a!(mTCK8oH$)|v<_>$3 zf=%TzPQE=@!MQx6&C7$Z$+{__y^<36vR+0rlbmW<7Jq3Yu~GQ^CwVJ($xP&z?r;NT#b9Sxvcnh0 z-)y(R9B0)EN+%zs4mj0bee22_3iIZqqn4`9V2w%lhenOE*Wva*KMAxh>Q}nJ)d!oVjL&@E#L;iE6(uiTV-Ua)~_X?)7T{O0+BT`Adu( zv8E~6CnCf?UPY}15PGDA?ALptR`<&nQM5|SS7mcl%0pkiWv7|J2_kKfVCeDQXfIlv zOJScFNI&yibKvehDF@t=Zj}Xy@ZH@wzo1yFkTxw!tb@tLB-qeLS~PAC=ir4!XW1`C z8sBaIu2}ITSyy~*(+y9s3tTr%2S567gxlcBfX^0r4CE0oeVN3c^mc*Ql_{~)drL0E z7;0BMUA>n3CCqF;HHxgmmh9+XHy|JfoUB^KrA=giW_J4^Y$?%{b0TremOo6(ju(Xe z>R$O48F5lB^BzwFRX=I=#qVW=#^#KS5Id0WH&1<$m0X8>ZJ$Tdx(Z$CV)yyCH6&%t zIUNTJQZ{!10Qt9okdTR7-n{J=p6T8+%ySa>x8Gg>y(0xKVBh8UycbCX{qQ}nz=Qp! z)8RExX&^Z@kB?`+*ut*POX%j$aCyu9Tz-ox$t!l{y8Vj%k8lx5;zTgCz1PuQx`$9+ z@tTh*IjOC`tnjOh!Tb)f@0GZc1quFyqe4Z$yV=XaWz^OV1n5{tW0e9BpF?rdsGJYT z=amEt6qE#jIkm-0{XHIRwHy4~*1UYO14n@;>Dsnr0od2}f-`5fI!NzLX%d=6S%503 zoHoU>0>FMUilBvh!}V)eBsQ*Fqcxd1E9x0e;9 z93*??2vBerB9IAgII+w}qb9-K3%`ZcUs3k89}s!1M(GBh89J(Ho>mQvpfX1$eWY%v z`m0Lquv}eCPEkYgP5o!bsXcyNFqgr=^=2wk&N45pp~y?96n1pm`$;6cL7i{)D(!`E zkU=`qzBUWJ^F^Hsn98#r2=EFMtxs#dd?ip|Rygt(Q+prnF! z2B(A?PLC4F=W|soYn^qe1k>$5Qkaric{R`fBS9=?Mi0I)rBV_ikRXAcAupRqbRlB7 z+-yY4oi-bV(``~?4yPCxlUD9=BYR+s;V-?|NAE=$x3KK18>M~24SC4P88BeY%|Obd zEZ;Kdqc?+n)SX6KnZ#FdT#Gn%deBSO9hwvXhANA>VPXwpy_pZm<)I22Lrh{rl^9B% z51TW^vLP~(j>$ycsgccmK!WH`^hpzek?rK785}d~dPfjlm9IzYy<>}YG(Gz>i2Z#C zI=+knM5*8#$k!7Zuh_ibcmsf<@hq~eZ`(nC)ZmA!u_3i%c#MebC53&!nfKD-z-lcn zHa6SV`kRfnV zVI-XHT;1E0QEcj(-q8n{TQLJg-}YFn2Wo*lH}dgqM_`MOlP#5#&XGO+%Cl7q`^aGP zC^Kt92fMQ9Xy*j6OP_kVkO&3n#Z)c6cggEWm*#2@O(`Z(7Fohda=}q1Gwi5s5{!b% zD)>&hk?xEB=&88ej6oxNCZFnf4#UzA$s{CPV#bko#@F@dDY$bZwADIa_37G|g@L-> z+BZ`0!<(KIBE@hN!G$g--by7}bwGsJ=UqVEph!e)5<@89>*oVf;l@5-lzQMHCf~`t zZ}U^7;!+@+S!+5Zi%A2C`(-@>?df-hq~}8AW*^f|CfaXqKqMya{SSJK@Z-SJbf0{I z=p>^@XK@Se&c^)bl%JMT_LL`jUUN2wlkgzLfm~ zT)Uel)>Lu%jes*9+s>joMd$^1hKdq*5-hZPt;f&!=J8t+!cPNxmV3}fSgI^V4$tDx z9p*3jIcGvnD}%UpvsORBQ5bB?Xux6O!D;q_#d42*r)XHW41O&}&*|Hpo7%cK;f)*Y z;GCsU;6H9#?aXsa9rT^Q${}AtpmQESW37(66Cgw%foFeL*6QoUw&mjn(y&D^a9}w z)7BwDx#H%YYwuBoG7zvWg07D1ay<>g5yFwYU%SoO=S*jJV;IJXD zgO}%XT=)Xvn)v6+4}5aLfHoYM+XqH_DT~ z^Bpw7VYf<%;0G3vAPx?nK7Z_wHJEWPn@sLc##o#4%(e98Jlo2z*+p0;Ye|sEduKb4 zCk3R^iblOV7sPpm!L*cTPFAXlV3*l?#KG(4tIPjVzQ;@W{%4;WQ$`^T%8y)dkJ1b4 za$61{)=fy!TOu%W;}JMBzEej#l_-D#kBp?iF26?@reDO>W##M+od z6FwUBi4-UsQKN@M;zF~piw};m{-~N-AbAz_d9R?QksIc!fX}#$7c>%8szjkCHy{d8 zAx8wNdmU%bbG0r%14CPa@O;u$LJvu#ecyjP3UE@I<|vyas~sA)w|RN1f8T}X>iPW1 zNnxG;my^KfMUq@yEqD0B!Bp+y76z$wOJm8+NEV2Ob#WFgFfh|~{Kr2H0~=x@P?b)Ta@>mTz> zy|Mp}@~i`GVb4mXPJQAKq&p*56p|BkVhB-B2uvttYca@{^YLmyd%`Yc)!Xvsw!dza zaiwNLj-E92;$4z6*42*$E$aHQ?Z0l(8~Y#5C}~G&B=YT(x#st@|E98JO}FzP@>iPmtTcyW+Y_BL$sj=6a4Qxx zHbo@e%YN-8Bd|z67s;R(Z7eGUZ`F90rw~2`8|eJmi7xh2!>1<==__A-mr(z+95+8;BWN`X5a3Qs)_Z* zZO=Vg2Fp^jkQ!K@!wgNzmPAcg5;( z{}wV}e&<`7AMRC@QqDiS63gF%t$*K>fkRa7Og
XGu50$j{&F@i=9l&t0VdbRs0$*+H- zXh%b9gZ_cpbSe89n-0;I_|U`x?B+)kQx%n(Rt(gI)%|pjsDVJG zOvPtZ%z4tmRkX}L)3TKLE8oZQA>Y*}szAC^D7fm~4tWhq11ZBkIh9=%z339-DH!5) zOr9fW&xhVpGz>joRx{d6dAGq@g0|gOIBs9{4ia^1&PTE4$PZ64%xFDBfS%0i)NlNO zO*11X@u+OK%%Q^#1tsvU2Hx^;W>wPV--{0jtOyprCXtrK2mrUNeZP&+0#49$q!IB! z_%G>R2FTE$y(6*23HHYxz#YlIhT9*14bUwXxy=XbW_6B`S&sQ~tjlUNm8wHseDpQ8 z%}Pv$_f-Z{g##ZMa)!9B!l6s+ zEVp))C}4aR$Vw+fDcb5wD050?CJk^nWyA+I7Kv}>eDX0cmTmmho<8KWGPa%8e5_*@ z9n(k8(!`x3mB#fw`|V7o9*v)V_~(HeT()tKpYL6yT~u0W2nsaZr&CD;3s?&%%rMC- z)Oa7VAY2nh=>jJ&jcq*di5?Tbn;S}|`%6y5fpiN4szl*l2uYgSFS%wT)s19-<8kP##nJ z1ImNpL!>abr6+*0yax37ySC9(T2DTM|Lk4vU2aPi3|PgVcXqe`dBpE@y;=^c;FFX4 zwbM=VDr{WWTv{%RSC`pS8D4qeuDOoyM{(%gK?f6%B-3{M4Kv4_+|WePV%sKYC1Y49rvRh`mktHLfz_ z=Smw?5kqwLQrr!K6+f;RofzRLVbkJ(?@4K2M2{Bb#u#D4t}@is%7)PqD3U@8HjUl- z*+xlg5!TYDt?+}wjgPru#YozMS1kq8Pbmwc!jgbN4I~g(KkohuO_)&m*>*J_X+EBJ2Ov&xlRbQ&mUVh;Db8no5}!8s zo7k(OPIrWZUZ{rEe(MGO3qFE@j`_5rJD1B((~F7m5`zAE!>lmX;Ov{`5eb9x6FktN zwa3SesyYhr;4xs@h}z(fa+ZTQy3N`I;DXX@>Ob=c6UNFJC{4MpOFKm&kZ~$VEoCry zqgabwz0XB6SCAGd^lQG%zEpJcI>fd)i|75<)g&ZY1w_fDBV>8Yv3Pi0UhlBv8-{(| zUJ*G#!0bYd^+*H_pgVS#JIO9@$=OvhIrmQ#lRE0P1_5EL=^R^_1 zh?esPV4Sew9e3=0fgRR67!7?lm24WP&YQYnQS`o1GvX*_QKK-s)7k$+7hxcko^jn)3+E?U!Y!TeztMBDr-A!yh)*^sGm~XiVfNleA z*Nx9igZ#BtT0W3hli~*C>yKOv9#?vyoQ0xsS17hrydUl;}F6twJw z4}S)Lpsd+hLoqV+^j+Nx@Sa^VKkbNhm@pKWN7b!Q&hh2Lo3*3|EoaFB3Z~JAhe14R z(*oBmb&`nFR+ON_Tnd_;X4?+3uK@fz%F$n5oqKE^lPCCsS*|im69)`j`4qx))~CDF zr{!61E61wCv)K~@hKFO&p(2rUS!0&QYchpW@~cSvaTiP+m*ET+zqVSROg(dQ`_|e& z^&~pTCTe1*4BLkVa@RO?-wmU}ioDw6a~Cze!w(+Yh#r|t)*)$-!K;!bDOB8=QVrJx6L|-aPD8mdTjzEL_^(w zcfl){WD(k$_BD4ALJIp8;dSO7gJ10c<46(KNn~wNEoaf$Adz_`4%>n}%yQ(Xl-DH> z;A0!__^5S_%S#E|oF3q9g@KtnDu2+Iqoa&Cdy=RC#nq7)`eUZ}h0O=JcxUw?WZwZ& zdoa7wl^^oWE5i|TL&rZ|*eJ#%1vOwwIFS!}hn|k#il{U19>}_3XCQ`3H zjGsk)KP*bbUwE~lqul9dIE&{fGNxU*r_HWewmXVO2OM0vz=pk%Gnv%QN8iW?>YV0z6|MXMoKx<#^P8Uc6g< ziKo;mA!t_ahq-~X(O5iAtz4YIg09sY65wvLB1AaSO;;#Hp=y-SPACsXl2{zvwI!0N z)MN=!a{MG*KNlr5EzXJW{l#it=xUjG19ch!wCGN>ig^7PQ_{MgG#mt9f-VkSue-x> zyc7BBwHV*n)0rW-a$j<7-EHiIkU>paN7J?#UxF7+7O#5Y^MdT8W{^I;s}2q9a@x2i z=BAG~J8tEe)n=PC_XH_#h*^_*vG0TeWgMQW^mfZW%o6(kriOsHPJE;9>Vej%E;>2e zC&F_pxqa!YX+(e1nc@l%XoOwg<34gYKcjdmvUTG)NF>7({DuOHGb;B@!jN57_Gyf2MM+`a;YHm^Va(L9+85y1jk}f)y&s8rO=?jNol;YzgHuRrGG(jCe<@4D?L^SCcAFV@!R#e>Su(s24N%v8+mubQiN zL=dbJRsW_PDQfa$DJk6Erc&;|z4xo@zyk8|>j|R5k&e-2r@hf&bN$jd{F{9n>FfKr z)*s5W{)Jlgs0=O|Ko+(qbVKQvK&*j`n28NEU5IkzY&Csxhl|?BlurR{f`OJlkE`d_ zvB5;Z{%BMv)rSa%>DqeLm%$RCkMww`!4eNR9uzRv8;MLraW{l5kZBpQ_YHb!lQbny zU?`o+MBp=N0zE9F=U@_cXx1i#Y^Sw=wv4y~+wwcgmZE>7={cdMWY%%%$u3ETuq+ku zi3V0h{~D)JGVH~S)B0$Z8uu1@;x+1;~cD$ z(5~|6`~XAK(r)LcbGTU)mJt1SM;$dvn;V3`gtO2)=w$8iIF|S&n*0ta=B6GV0-niL zj+tUy`kzm*{_V-14oO@&=B4=7SM)xIJPciG^YP&l0LNKU)?D$ifaT_=`f6fVXZXwQ z-UpehQDooN8g0PQVJDw(z%vw429Gb&7mOX8ek>yY*Y4Z57vvD{gY@hwUg8;S*e?<1 z*G2NI?}4&Vh&L_*^iP>0bX4eYjOz|Ntlf!BRW|Z1@JR}$d4wt{&7j|5(k}2P!hZt| zy0d~{*tYRy0+wKE&LrUFm2S&8n>)KtyjCTS$l%$H1FPO?r64iBUe`zoK1I_MgO)an z_rNQby#NZwVEJxrurDJJx0jus`M)a$L%cu10Ai$E$*BnO7H){Z?h)RRYy9^>OV9{m zZLkvjohh;IKD@z&U~sKm+`ZHnZ`XJ-J@PSFfL*?ib`~G2|6NIdcA<@>T1y1m<%ncW zA59RsA~rY5>=9Fhh~bI9kYIYQs^Ey@xUT=H=Hu&owAw8PQwhKh)Xomy;xkj9 z9JHgrP~P*8#)854Z1hiG^e<4KIs}1xQxFZ9W`01k<(T&@kVNTXGMc>2(?1;-tO3g= z9)$iinF+^x71Zmw@I)`e1`^iW)I z6b~Da?Pay23hbBc5>HAzE*Qfh^Kcra?_cmrnFdI*mDVn~;B^=1Lr+nH+cLU!Kc?*C zIowfnR{}C^uB=|-9oogdrsH?4QXzY)@qqQ7->*Qj9*0Rd_ZL-MNbg)YP@o$h+Wb~iTe?#~mvh0}zADn7}(@pTt|Lc?Y z59CD2Adg9eB(w|>?)@)l{_qo2)6w(8c$k75b{`1-UhYK@0mE>zm>!Jw;RQ($o zq}QlWNobqbmLZ`b7t)>|oG}ZyRTcXv_N~?L;SWZ#j01u20X$2 zy^)wiJOYSCvgcjC0qi7lZk4xb`4WHRuqVLH{}*Umo#~aQ}>@{}Gy26o}=U!63nx?fd_IkkG=}fj=N4+*t8nlgwxF zU9ra3!je~bZhuQ9!ms~YVA8&bTtwN;g^wq~VRMvDr^u52;j1meBY|^EHT^sIzk^5! z;S3-JDHtngj<7SuNhQp~X>g)}?daz0PMB|*G28owMW>_oK*-EdD{QppNwoM>!ppLo zuh~L>QG|Tj-M*;~WBbD7z3EA7dz`-Z9iGs5^upElAurSX$gV2*PQYPyAvmN(E2{Mz zz?CqnMP@6b_5d~(OkRO{2mt{5EkkZv=|X4&HWW}}WTv$}BQBsjsLng6LX z-rm;;F($wMku~MXNJ$7hzwhw)8+stO!>(#l`zH>l=uA_OeY3Iq3x)iNwJKLzQ z-Z6f^T?rUd3;T@0s<3>?_@&jJfOu?DZ`@A1_%v&g_sr>C2E$zxpma{%Pj!mrdz+$n_$91Ykt)LN>7wXe{r>q8gvL_p{}A=oL2WSK z_b~466nBcdJ4Fh`wP-2s6oR`KC{nbzLxJKF2v*!7xCW;U?rv}Te16|~|H(`;nPl%h zxp#N7XV01@&*j3EEqzLR*YtKWW8U<$qr`e|Sy8veYD&H~@8)XzW?;R- z9|52ESn2XV(W3Z!f*$*huZ0wOTRNA2ciVfqj;7qhBHfXLacG*BkPm~e7m0-uF4uG9 z!15-5XX}OMKxUc_6<@W1cswC?AIj1&kV^v>bvt)e_kFwIkn3n!cv-b=?P7tob-t5= zlo2}hNKmdwyjP2EHu+PJEw^?o88*ki_<3@#Uo_uBvO38*KX0^DpUh8O$#vm%ug^Y( zfG6VTcwooX_=|w4mJ?`N|BUhXi7s!f2j#EF(b9oxU*pQ7PJj*b_O0sjE%dMjf~$g6 zXH41fAI19Iucdz}x(?SL4BmB(F8Cbze+}0#nC|S5EqtuXS!G+fc+3s1wbfm;CSzaF zySRCiEiEJ`TRRKT^)9M;i11=_vVJ%C#rR_6rK_;%z*E5F8W-3ps>+r^n)~fZq2hB( znZb=B*tEO0cQEvb#%6UOU@0qO!Sg!SJu|*CAF;t!)%WzNdJe>z(-1Yp>jBg=g-Eow zQM<}qF6O3S>mS89te7ZqUK}sXqH;KvIEwW{Fd)+jrji68ii=Easymztg#eV)(qMn$ zCA~+MxU^xZ_s4p4+Wo^V&Qp(T!_GS~YwFbZlD8MN8$^W^Yn=hm_6(RzG+8Q0a(~9M z1{BW#7>j?utZO?yJeUuLkeXK&FVQkng0OemM+SZ5UE(IngMqey#%lNwR!4);Btk2r)kRG+yEPxJE3rXSfPXYyOUG0uO2xMKC(+t zQDSowM}SEYht2lXk|5WO=KF-n8yH^-f%}Tk7r_rVgSbeOng8M zDRcd?pm45AX;&&NqG`D`GxG}2Z1QpQ&iKK~akOBKh-x?xBzf3X{t~3MTJ=)d{n|)$ zjqATSvoe?*X@NFB{+SG=gU2MhJ=F;O_&bd@s?dP%n-Q&IwF_p+f--`r4_)YQUKEBQ zGE}FIY5JDmYmV|ap&Sh(8b5L~gZVuVp6%YM|Jofbn;O(toi{ZtKbX6pta58CS)h(h z);HjM%IQh}k*V|7PhSr*wHnx0eP{1fZ6l%hen*>#gAHgYVbyW4#OTSm*JQsq(e(YE ziZ4GvlZw%h$OrV3=XwD8;~l3vSWjULMa{PB9no zh?q+4Fo4};J<>?o9nram&EuuXptL}7^2dJ zaGrpRzv9itKqSzJ9~9ff6aqn^$D=J)0ypnLYtXpuKMs#}k(;|blZ2lr4%N#5`{y7; z;CODEmJ1p>5oF_|=h#`QT4(sK&p}%*TzbG=bsg3aP+R4DmXo4uXT+I!t}vZ7xTgsu$;BDV}}zfi8(|O_^K9 zp4Cu%g9p%P=cb;7{n#9b;evcAa@wxKps`$;*Z7gZ;jf8D`NKtlK?1*>bZZQ;2S z3&5Q*IwLwebLp)kl0!1Hiyo9f25|iyaN)t@IJyic{a(9Fj<0;iQ4zN+E3B2(v~uzg zl=REizIx9!7u`-%40_W(Ba2f;KmkZJoO4%HWr7J=J`(HGAxsf8{)VRSs4|as#;d1L ze5H5jEeqT$?l)!voBr4%4>Z$2)_EO^=B5d0d%1W#eH~A-MFG7!fvIS9F#;=HTq6yA z6fKrMjq;1(7NXqg{_JG!kv>HSQ^_uWqey2@{%!h6!JvEo>ZpGA8;m8-gA$g_qLg&ZeF`IfGHJSM>@e-Q6BzS#aKRypH&%}9`bRavoa1KV-$RUEK_z#5Xx<{-<%o5! z{Lc`<*>?(W-WELSWW2F{aJxLte)!aq8}{uwYpA7s=!<&m07~#j_e_}Sa}_Tc=E-9` zt{!`K6S-A^f7?|w5|XjscHzX9f5_*FZS_uPTdH_sV~u?ro4|V|YMspK#PnEHcV64F z6eX?LVsQfH<@luTo_7=~>|#Hk(v#sqRWrTIGSDRiNcl&fdt9w2M&myx2Kgmz{g;tp zor&e)*$5yDgrsLb3fFP$fJaAe3y+s%_lBPl$|~lw^ZqV;mCfmr zhu`4OOl*rA4nv&^kr=P_$$n5JjFDDTgzl7DDe+%L_)f2+Yjh+?w8+R2t-KJ#|oo<49<$=TVMjz;IcvwWOJnh)1iU2sorj084ny)EU z?neRh&&74ri;rM*`sFe*4RZ{8u5R5Fx#ka2I)iJNmQ4CtaR zVCN=ti3-;M6Fi5tybPxaOT{B3?9>tXBA{0Ib#>Hr)d9aM5UoROOd%{ z|JE#Q-VtzraY}P}&z*P%K!mOdrj6n^r=S2_xu)GWhf7q{!5 z3i{luNO1&!Xh8Iu-L0KIn9D;jv%o)koqF^sI_|t5 zYcD}xP|vLR)KPXxNp)4l%EZ|}edHUr7OO!S`v~jA-l8){Dedv19*5!~?kv%zl_`8M zAa8SUK58Twp55C^n7uNCIXl?AmEX&J-;Ekft0q$NHl7?|p3*zxZVQ^hzN=14*+O*Z ztr~AOd83()X^|7O9Y3+fMsoEO8wTP=RMtiF8Ay=3cPkh1UAk`|uV%isk_2yg=L%&_ zBb*CQ=PXJzqt0W#t!61JUPXeq*&)r7bMcn55dbohdERabF#) z^|0Z3iF8*+g*dtH5cAXoRhX~Kf0~xJBnl#c4r)HqTy@6L)eP)1~(ayxVUkYUArz8%L6|He5l1z+Zesn&k@o6cd-=A4@Ct z_-#QDTzxPqUzuona0*8)=|^2M=2~bIrUshgUq~X&VRZX>YB)be4r{m#GC%>3Lq@$xMcPYw4>fLwzbE>l#s+LI`z2U)c=?eF#I47 z=kq!$SzYfDw`)B&(IGTeYB=(6{?WPJmy$V#v)RJJ@~CPdk))dD%cra$qh+X+UaZx1 zlUgI&XT=T0I4X#bafz8W5z*|7H>VO18FcIGu!+WPjSTR3vt}z{C|2Q=30s24%Ew1y zQs1!}0cE^b*8g~E0qTtk#PeTS*~%d6FN(7rQ#h`!tL?~rv(@HN7*5Vl_tK0h?Q0J? zQ{Ar3ufv-MjRjO43MFQe#-89#mZQ8!HqG9LlM`kpZ8a}8d3_vYsQ!S1t@FwoUhXn@ zkT_p|_A~pDEAa~M*6`h@@RN9V&);$~RR#2?LTTP`V{8+4q69N$`ZY{RYk^S>q^B9K ztR4%jMY=M;Uf3Fk11$Ne#!A5u=Bs?OWc)Og^I-|8u&wFxZ?fM;0{p2L@)>I2eUe++ zedpwl9(`2E=zn;HxL$5$dHqrpc-*SYlPY#o;bMM#hLMG?&pE6_hj;gQk|iY=pe;&C zH3RM}o`R=u)GfZE(_BwTa5*xnfvYus%;98eFpnI?H#mm6m?DiMLrn2KJIbkuF=>ji z`(|hP=SKLFc@wEc9fg>g(7twB(jN?mE+s8-CG@zaL}qY9oO}jE3rTP4M6smWvc||+ zzg4z>!LG!9cR*zEcZ?dlQ9du9K4$ju>nA%~#EWOEIBAG4HWOd5Q9zCA+SNu`m`h#4 zvG_0j3u$)NKX?9tk70)GA> z=WrkJBD^!xBW`4Pyi=Q1zS{a!bQVeciK5Hr+&z)ha_sEj(hX2dG}jrfU3fPmdt2-d zdPI0{FY{KBZBItg<8T=^`L=zgtYB+|2PG0+u8E3ggjl@Gxa!MB1+mO0wH1H;d^FwK z=kh4%kE-xq10G_AC?9kEcOPGqH5Ji;M~;RY6OgU+!~8=0=BOTc7hJ2BbW_w;vVJ?f zwDZX4dCIvgw!42Qj|rfdl?`#JmNh?I+K&x$3DV408Hy2iXIIpAdy;E! zWgBdJMFf34GM#Xw_(%|~07$X6xS@@bp3{6#5Z^-Nk*Er1}!k8T0IVGyiyGaQc3fk)FY^o$HGcq}JS^Gx0%h zzRH1hNB=PnH(k++!Q=igilJ+gs*5Cn(pW}s@f!}mjJGkhU2L@MEjcF#n2vDPKeoTl z2qVt=B`6IucigU?@`BJ}RG6TmXPv}M$J;`XTCQ~((7;vjD3wY1^wabnb65BAHW*&+ zRd9EIFvHSQx$_1+>CTknW{l`9(p}=2tZs0;xS=r=*-2emNahC)lbXImQK3Hz~ zKQ2HVT0ujmwUWS=0FykntlblzjCW?)Oq8be0?KP{i!N04w+Yx(_l=xj31u?fpPpJ2{ON*1$YoMVYJxxK*&M6CR0_{(H` z_)1;r+p3h1&?fs`4q_{g1Q$X;dD$mS@nYu1j_;ik`0w;n^isHBJCOOuq&-mYWavG8 z-LN*_H!NaLA>NJfB0g(Sn3(Wb`<1E8tt(t^a2uNGea?rVpp=AXLsjNe`8=0^Hkmws zia6&Drj$Jajgpp5DvJ~BLQ=T;#x3^c$eBU89BnBfV~m|0bOdZ!|? zm|Pe|D-c9pAa1COL43ZR6dbLre!ca1+Hl51N0~z3HprCZZ8scXXX_Ixq`;>t0eg`U zVELXC6_OO*xfUEKL-_M7*Xy7qWFW(83|omaLg61QQF4HVvb-xLH6bw;J??5jcqgh} z*RqtL099uk|C3YY5|UGwbJgv3u6d;#@j=wIdPG!{qtH3|+tkYCtraWP`Z~MuZ;B-s zuxK#sNv{Nu$|6=Bbl1r~iIHLyf4;Uxv=s|)z|o4hZ!E6l>p|gje*ex~c5fiTMY)<+ zH+cIeUfjPW$*)Sk+!JkPXjFw!>~5X*%mANv_nS&cTVGQQSL%MryVoUI|7?Oczq&+y z9Fjoi0>)4pbdaUD0LRnfYscQ}6u#!O#+@ase4f<&K<9hX-=o*jlBAXs8ZulX%4EXF0s>O+zGlQhR{T z>F=8uyVQyNu3PGold$}38AE5av1xsa`@nFz2L3A?py%a z84Fb$D%Dewx`6+`)Fa~arxW;=)8f(2+2JDyqLWq_^mVPRaH z9oph)$5X!MQr^>bqADxAJBZ48UX0-Qs4XA-m%N%RFAuS(n22Bh*PzZ~TI!(r7fR** zRjFizr9|DXv>C!$>!CAQk-VPNvy?Z^fj2wX)8Bc@C+B+m562#8m$QG4U-Fl*w>j)d z`j*fZZD^DgKZgAJuA$*|%o~qpo?`r3==WtT0E+I|zC$rhaeQ5iPud`3m+`J?seAvuOc~p?y1oiN& zuH!e+0mm~nQvyg8ke1tcjPZ8IssbJpxH}>ZcWXR_$|dtYtsh%8T474HizN?+I9k*8 zoxvdeDH-5KKaveGF z`NSZMD-yzY%F+5V+%CnYLZG7|Dl^mbU zG~-|EQh!NQjZ(-viNE&bzV@hPht||F4!abwAPA|BTf7&@!m#TkoPvX34;6R)fpNi> zb+&ePkIlc^-rkAHI*M|mKmt#Iqp&&cEAp7j_ww62zZ&&dFNy5+ppzfS;X=`3MaoD& zC|#K3ztiG%|9tNuj0EDB#3_<#53KEmzg$m!RYEX^c1c=B$NfoUg2}U)UP>W3`3MqF zS_oDb=v=Kplc@mmaU4`EL|;{^S)hYDHt^7Oe=L_JsyPDB>15gg(zoLYJppPk+5AZw zAshZDL?5x)0_nRof(v(*!{4Q#f$xr6jG4OYZ~G*Kz|MzwLHzb_vp3Q9Svzz&;31Yn znPqo%g`4COiyXq^k*)_{{|?Wlgz%wmh5U%%){oENgkPq3!c}fvAeK*N{`>)XI`f2B zCm|mbVSn153nf>fcX$2mk~^OjmMxLFmGJjY-V(>pY8vvX7K zVOq!FOc|6W;QPPIzjZnP><1a1?7yfp^|3m;zDmHanKA@tq|kx>!Fcb%cRvFM!B>Z9 zn%}xh-(tvmJEbj;jWms|hY?)m!PP(CxCEQ0F2gJMW#x)(_QUpRxg6(^bF0k}hC;W1 z2I^4@1+tynq4Q8XM_yg-RahpxQM!asPx}VN7xhk9)h+64nL;InQ<0C{J9aqXJ z#n#8P%TPQ&k37IHL!W1d{BAieVpSPnyXU~Kb9p`l|9ONQ>DvknKBr!-V5#|b6`E-Y zNgkVo0YA5%cxm-ZcK|Z|8E&NO;K;(G8|_Od!V?Q_mP;ZiNSDuP@736LQI zg6Q;a+2?XP1862$XG`a&oe?2tSn@V>;J^WzG(uuceoBzm|m7@2dMd(wzO5yn<}K7<#)0TO;`o)3r0Oo=f;GFF^wGireL4 z%l9SyvCY7!T>Ki_6NIlhs4 zoPCA~KCZ*kjJgLPGlBG`LIa}2`Vgpmo^!TsC%-K4NbqEa5?pO$wZ7(w1Toacl<^Mt z%_Iz4?Gl+)gWWc-x%hhL!07%`Cz_3`a9@vMXVMpSC)hsZ*9Yd>X7qLznH;Jh2CRxj zY^-4Sw&UuN$na@}PUJ7AkMr~FU zeSKiu{orl^KjRU|_#<63m1Srxv&s3Ba_c?xF46D_YhU-5s;utCan*?7%UT9C(C+P2 zl*vlD0P2kho{z7X|mA7pA!eGvG09P;fH%>9x0bEaz~^)<<+2}RZR zBcD?SJCrU^dFNSsFDs)@8tO~zSDiQn6iAXd7e+3YaKx-@1!uY~5&;;ZklqoK^1TPSVOYX(oJvXpvSI3!1I8EAk<==wQ$NFn$ZfXK~Z2{^8F=0q$ z$cs3jYS^;TMt*X{{Saix=A^4PkkhxK6vG=v^R=};YKRK4*U(n4cN}Fn;Lx)7ET$dWv)R7}^-lkb$hpN}@QD;^U7x80AW*(*4dC*bEvi8?K6OiLT*t$v7&ad6*&SU9PE z@SBzMy@SKOT+3Ko=UUtB^@7U%36WXvlYZwL-J7+k5h|LKwJa^Q9kYXn-oZJu$e-qB z@?$`6uCuYj!&+}+{DbsB%V*S64l7`^kx|CMLS*xbx7u^6|DE5|F|cg6c)nKWpydysbq-h+$I52CXO_R8X_~P+da-vE zbeeB`n?X}uz5c$dxMFGbnA!0qGz)||=E**?>3%agxxT$Qh+h8QYj`{+%Tjnh(_8;e z%j;O{IR|p$gq`i(!))68+xg1i6|y*nf0%QYd>C9 z6jpCOTfD^w;YuZ~)X&eD0(Stpqc~WU8l_!{<=rpWaiOE%Pac+Sw>_qc4R5aY53MitQ!4VD&T? z9Irh+HqRHQdu8vwBPd-~mp^CPgT~#R0^2q7ORjlmZnyC_N7uok@EvpYjmP$*mD#rT zQiDM7^w{mGAKo}=wFEuXqrLqx_0HtSkSDIrg6B*K0#)0*XvluD=8o zwmpAsy{P*f4O|FUkT&2xY4=)oU)f1$3F`P zbm&QF=c&Yx!lc}{VAPCfq)~>X_RWL;MhGGTp-ysjuqpmUb)D4Zx=Q%l!I`Hnb>)8` zo3gw`@p|rm9w=PXKO6k`A}d0kSWiNAM*U!Z(33HJirWZOW&_Z)fO8G0&9TB_9JwAe-($pB%u7O`iDdF+(gy`#jb z*7?>^evR_K(P2UgOJpq)1+G!yL{>mS`6r;b&Rao>6%r6Ci2t7(CoLfOHyE4dK-t^9 zuKM;L-wqFi4`MGAfBTPx_K#u&&Rz0_cq$g}|Ysl|L-X+fC2E&-BzZ&)tXF+AAn2tPj3znR4A_mN(n#t$C^WffHT3lME|&D z|Coeua0RdOz|c8pIr#V=+Ym+pE6#w8K=K1r5lRAkS4bW@#J(_F3LV1oDsw89S%*c0 zhy3mt_E2(&d;~+DG&637F4v9svM9R{c4&5vGDWW`Lxgv&BSVxVp9B)e18LYu5##Ph zXz;V-{u}*OLc$uK6T63=L4a1B+y6IC=rmX|^-GXwu4uai|6Cb3_X7?{0~R+p zrBM9Ke4&dNok_is5xg-59B3_U8Y^RbVUcO+T(=V7jO#Ui-HzYb0QG`@r@JW~#hd2mJt5HyMejf7EHqzF|D6 z=5g;{a_~Imecp;{dR{pb1| zNCWD#B7Dxcn(DrN$Vf0KY5E7rRnFuZAC}Zl61m$DnB3vNtcwwXQbuI|13kj!-%Z9|I#4ye?X~!8RJQ? zgTCw%{)eEPFn|%z{x5&D|0Djvkbf=ox3Q?Bpb7R@Ll>?f(u#4f<$E&<;&fc zsy=p=`HQ02w4d!~gng>9?3OScmJS}8&B(xLi%v<*{}}DJ@QDk}%os~)zCupw)uVCH zG04N}%hTob=(lMWk4A>Yvc=KUu|<$^R=eBjpW(CXdBF9p$&d9MLk^CKxu=6j|2~F3 zZUaZ7??aIT-zV-dE2m%lg!D^%B?)6#=G_EIXU29XC+3R_#!a6ec zW7UBapLD&5lu)x$+v4T@$mqL^`{wUk6s3@ZIV;ncNEetJJXGp8bZ;u0wiR*|iHF@q{&^{! zi3>b63D~s$6HWW$M^5|4_g3Y$?4yO^839wN4?7vQ zW00^6i+oGw@9I{4z&R?@k2vB?Bic0dKq{&AJkDTrZ?>=Pr0kKSOgvk0%taHd54|;a zMVV*O{#x__^nh;I!5*v}e!Z6@rBMH|@>T5HqJ!M+JGV}sZ(Ila8?4uq`-0slJ<6$9 zfBKX%s{?zT9Yh`;{3<$39J5=Z#mydqZ)(Z}zcZt4_)T*ApgG-ep!|Vd&TShv8<$0m zxYv|bQnbLLrblX!Ma#l-=kXa~LPtuM3F>))`BJQIh3~cM6wg5*94jzN zP~T7u2NmO5D4sM$Xo!!M`UrL&2|K}-z16pvn;0TGVF@`=O=w?v^F;b-17raA@6dOVQ_|Kw@shL=K*4oNzkYaQc%lo?MJ6p%WL4hggqATJ8J-xrPSw$8wW2i>~KT;RiH+-)qm2e6D3qa)0lsBqO? zX*t}{X6sNXA>kqoh*u>hR*wYW9UP#D6o3D;{?BO>vb$f$X-!jI8RN`4-sUi{AV| zlPv$RhUa?gC=UM~0+xK-aMV?YVdgnNK)<`OSXZf%~7vy@-3? zW=7C?y6In#at9Hdccw|Gm=AF|AiY*bZ$0h4&3ciO&b?YOBU=B=aK{s&BZS$9-zDwY z<7vR#@kxs*I5#rTR{CqFj}>S(PwwZ6v4!$cb@pPq(gx0Sj}J-d`Om_TlY92|EJA@H z{Qzvyr&z?|byxr6^~gb9#_Y}l$qDi)bFnb~jI&ey7sKBwnd{U@+U&=2nVTuI`md=O z%6?GUw||rZjv(TR8r1?rt6I$xCcRAJShs4S`H@tO@ZFZ}N~9>(tS1;FI*JFO%gYDw zI|n*BWyf&F8cI$!rqOh=#X~-W`|f-3@yl4EKL)E#k$2G5D)^*kF&_%^gtTAe9#Xi& zBqA$+>*+<}%p@Zx7+KLCV`X{%Wd7Vd!Y(segvLbW)#mAqP?uo_W>|%KMXgmgB9UL} zP`TelN3RoaEQ{JH+@(ir>Dn6gb1BduLb4<<8G9Am-cE@VDkT0cIZ!Tmgd391L2x?} zC@WZQrrb~vL!hP4zk!c}OP7l5I;Xt%B)SI7mknlQ$A0N8UvA6+aq@WT!-2Lk7E-$O z_!ij}YXfkZ%Z$|(w$&R16VR-y{g#Hd>59dc+!n{F$!+$7F+i{Pe<3h~`cILHqpjFJ z?rWUY%^}U!X)j52yKF|=C4tHUKDZ$iMEXd!w&BE}o|8G8s*=!CjU)R2CblD)53aaa zwfm%szT4k~lp0@R(_RZ!_CjC2Qq^JsrgU0$9hc4-(d+`tSS%k8*)_xGvn#47!?AFq z0J2sRu3GB9;F4x&iDB+Me`u48-;%QR=XVTQ%cwB70gm?AwVX9G`0~+HlD2vzH>!v*EK%DnoKwPh;qnNQ7HQ zID~9?G?JE_UC^OI(Al!jKg5ldLAi!CsNPXONyX+x#B|(DcWT<_T!nBT)H(CZoq>m2 zCmEhp@FPaC0ihcz)+oG( z#GlinX_x8-cY#jDa)OH}?ACscc&yc_nAUO{H#&@h4Lg9ugTN+mHUPR5E=;M|bmzv| zi^$?9Dug^K3tan6Hz4{97=1dN(Oe_eF8?-%SlpOI9;3SO4sF`_Y>27Ju@e1$!M?%B zf|3413cDlhufzTxMmauvik%pSH3X@Qu#*PTnS7HW0++`n1^S9u`ed1v({HU#iqJnp zQx-1(6Duh;!NdVYV1eVGsZeP@K?lC%&PyS8l3z;aj-RYjys}}qA?ztcp4X@*rtMxt z^qs9vz+{3+50LqwQMWf{;Geawmp@cgR~KSQR-&K6sZ^)}T{+P8=q8A7U- zDzz=*4Q_F5M*@W7Ke-){9?M^1SvT41S8P9SO*EQoHhY@_7kVcRXQB~(rkW@{Xb=#o z1K?L+%6PzVVS39*OXULc$z^hxJPq1EklUZuD~#pkg}O^wlPd8lsG;kXZWam}L6M0| zGz9w$KO()FHIIw&$^Ac}V^^{@Refd8{R=om_*-D?98$!HvqgBI`Z+VEu$8?;gM1o> zoSTCX%q3c;RP%(ge44of7oAJWLWzAoV4P1)uBo0*Sp)+PW3cv4WI&ZdgCo5?WU91a zmD88*dE~5tzXT(TmEcZ#RGO7GzJFwjR_F8c8EfoVU^>=^iqhjP+7la-t>5OwV+T*7 z7J5L5&FSJV0rP9M>sBpED=jiW#_!s`MGZy@d>OLd*!lcIYvKBPbJY4x#YntV@{!$! zqA02~Wp7Nx*sM_0g0m~tF0&|NwN}VOR~~sWe_VMqFNG-*E;2M> z7^7{2CfR9)7m@{*^^S&IbI~od52f~$4FCCqcVR1K%J1kbLyHu&D(mR3@E9^l=8Nb- z!!0cC;x+{RhR$%L3jpV0k%{fM>oyfcVP)2qd`gc(HJfnqgF^3t%!nyn7t{bZW2xQAG@p89`R$sHwnwQ1P*Y9yZqfUZZ#?% zP0t==?LY*q$~mNW5kOzgcMwG(NHKJl&+1WH@U`#sFQ-crJNjc7ddIFkKDw}`FUWcm z-U)d4e4vKbM-;#&g>VlQe~gG!&PJWjUux&13aBLAsjcE6ayWUJw&wf`Jm9M$ERaW8 zGGVL;vlG8ZOfDf8A~(D5N1HWqA4fcB^q7{kAoqt|9m0y&@$5 zM5ro5C)5L6EwDt|8Qep9bcQbr82w89V{N(zEe7%<<<;oZ55(@Mi9)~7h#Watsk1xW zTemOv2`m;>`vLkgK>C|)Qoblno!m7Oy`O9aL?ssCb(f6~BD0AX*dM8pi^JkiZ0+9j zJ!@h@PwcOTQTU%cuQc23r(ptli?ogHLaXqQhIhII7XX%zGnG@g2fUgJl_4%KdQ*IU z25<4F>o%?{zox(ZU?X$hzy)F2wX6MoEnEQ%w5B`#WFcsZlDQRKh090au^T2{u+vL# zwtmvDu<9g;NERD1LNr~IXNamw58a&%b5SJ$bR&aa3;f#PAal8Ebklj1in5P(Pq}zC zqygMVuz42JU__;R;;#c5st7#^MLRE}krbMz*p*!QpwpdI;NMNXD=_m`hP|hi{Tkj^ ze}vwBq`C8K*FxFsF{~J2;7ncVF|xqFpDb7VetJ&%t5@=JDf_1%{VFULBzFv{tC;tX>H0IevOq>R98em{nNV%wZnKe(QU`D!o-~;By^iA5 z@7;u>cYY=k3Ig*u-cnX=$z@r(uCbWXS_(AFf5$WmS7&`j7XEl$o=CIF>{_73H^ z0G=2X1Kt}i%;h^4R;E=^s0`i(=7r9aI8a}*ow{1oJ3DY%$I*RK$n^QAUb92swIMsU zPL9*ek$(8em31eHcP25k>+j+IW_2`WnMsFJ^g2T}5~T6-K;rbL^dpYrCe$m6&*~s} zP@~>%aiI8^4R62sn;Y%-;Len*#j+PpcdNs|4{Yvwpf1>jcg2GAZPJF{&=9>_0$~e2 z%jnCXtsdE30~&j9HEWJMPOk(@XRGO;8B&4uhrHsA zdwgt%77&H?cm!s>b>+tlrZVvF#e^9Qtbb4ZxhB8_oeUxXG1Tvr5pF1(0Op(rjGc>r z4<^pD%22IItilBN?5WFeZ~9e@xo2txF(KygkYq*1>FXHd5knQWU-H5@>$g~vRVT|2 zQlc?P2v^d9b#tS1=t%J9Y&zSYR(8=1Q!Lg7{mw#Uz4K}8R0awkaWuYTC!OvEFIB$E z;nMqd&`W#S!DHC*0?i#Uqz0+y(u`ou0#Cxur=xaDXN zhm3oeWK3<1-v5d4xlZFMlo7xLJhfeMZkk#4W6J(7oBL`%muVZZw>quZtO%3PAWU2Q z0-tpyz31#BQd_{1KL@;j)%XxC{wKm0jFH!^e_|6|v?CAv^}QAPz^MJ_eMCGs{&H;l z?(T-@<*ka|hs=!v3kFBWUDk##v}x2k{7iX*e5uWM-JX4|^oR+nXzjlXR*gl2dOG`b zYLGeod_fMjYF+v_@dnBa_;GUG1`sv?>0pw3nH;@=%m0!&R6vnAK9`_MvPP~5$4Ly@ z^0B`6H3*R}fH_3REzb+o-?IV6dhz+9A6~B9bEC@nNspvAssKBLGTw*Crpa(7XXO+3 zE#KOu%&tm<71+Is#U^7}L+4uhA@v!T*($EYOeSthX}zY0rDt=-Yh_x7Qi}Eb~QE zCbnfX#h{b2q5~F$vC5AkQCkdvxS!!XA6$4uRXf9^y!VNXxym^5g!;n}!+=I-Jhze* z@INu&47pp~kC?_7VhOrX#h*>TyJmZ_AmqI54{=N9Q?j??U*y8#m@8AfU7U`e&%v{BW}f_6NLEtt$+&n-#*kXjT> zV$%jnUD1=Qj{Cp-l^=05{?&m-ee$>?n5&4D+VFIqsj3|QF4{%ws_|5rzQQ}=d=d|K z_A4x57Wg{67)S!5n?lf>%U%-H`AhxKSqo7xhDJfWn9f!4Jkaf-poX(MEt=4;Vb2sb zAs|=+u_3XFpNkGIkIT3h4GcFDdnfl%eXC;nmb{UQYb_`WWT>{d#|X0kt!fo)&_uip zyEUZ&`>*Xz?V5LMECl#(X9qkGnW0`1#k~{Y_!Bbi=wCjf;_spQ?c)|uu6imfRiTQ| z;S8I5oZKX57M?>rJ*&a;5sWoiuEm*ELhpb*Kd!;BALIqAS8@j_opWxzT{Q>PUo(ip zn^5B4cntNO%00+#Z}xEQrLUuvMxJ0%q9h)-Jno%IrZ}NkOiI3lOcHqc(p<=i6H$?a z^y2%Ot#kvu$oK^uXZYd~AOhXLa5-JQKAoV)R-~ zqzgL)_kWOcJUi86CSe?CG-^#JoBRozy>i44LMG{&0kqYH-<004OXM@yQSEy_E;mnz=iv_OR#1()2nk{%=*-KbJ zaiT2eCf7@MN>pfk%;#V5c+d%=GuZS^8{*n{kJnI)Ad<*i>@VY`YE>c{={m9&45yutyBT{8UP&0h_$ zO=qSy7Cvf|x|JBTr6I-{@&SO~qs2`mJ_H6a65$*+)AT=6{G2@&d3-iQB>tG9rPW9g!W@j!5g0Kp+Zun^qc zA-GF$*MY&^f(D1+?(TyIO>p;t009OY9D@Iod++z&zusE2nxUquy84{cr&@OHjiI{w zu}xa3xNmH&$)2z&%HII0P}x8Nh!J2snmj$um_>;`UC|nf|XY+TZImKicK5Z*CnlBVJ3j0We(!-g`FE`s;%R68jT$#92IJ{M&8{Y$kNZ#raV@nI?Y1I(&UJ465*%{DX;rM=3C zd-$8DP?ZJIASW`piBW#>+s#1AQ>C^}NTVS@va$D09f=;N=!Kl)rYZzpQml27q)8A?>C^#FxFaDwCE`=he3*2G%@uvlGzOD;qh? zOO7@i4}xmn2`L0Qd5)Yhos24stO!pF-=gVR7__S&0nHbeh4W6Jby3B`jS;$^ zyLpq39#8tFa~G+PxYUJ1d&EVn3hg7Dc3_v@Sg61DiE1sFm1a$Y-v4a-P=Wde%f&pX zISJG`n~S3_mcjb5+d&prxk&(vR~Up{)zV4vd&sFk}8F9Ofu%> zMHIf6QJJIwn}QRI-6E_a?Y5j&Emuu%2%aRAA+t4YCjk%B{8RArn+C8X{b8?BQNt>i z1hBokh2rd}to-+RbVYr!Byd)4@ryVxRgjviUDAsWuLL%6{GFyL3)4?`gE3>mUAsw2 zpv}F#Bv?mYcXv~<&8=6i>>~tI$7#Wwwym52j-DT=c{)iApA{6@fgSZ~$_2xWMZZ=x z%}2Qf8@}cky}~BWs~#PM-Ou0=Gp`yC>P%;ehRz#1{anXxlnG~45pBjUW&bFMY^$%0@_;Y&qgMqxIFC5=whn~ArsOhVgx}pB8%@*Thvd(20 zzPBh2AH|ai-iOJfG9xrl7!htPOONu`A57yvzAa%qL-q-2TC66``uNbcU^H>t^toy$ zZ`5+mZ%mJN>!F6%)*DIBH!5d7smN691~I!7=;d1SdNFQ4(;c;#MZ23?6iS9k zg8v=PUD3ntoKlVew$#YxtY`N6S!2&mwc$Y%;fOqkOojrWuD0TchZ0W$s{1=#A|BfUI+AvA6zbYEI*0bWk?oIrD$%T zfV_@f23M=0ZkIM7B{=4yF*5)MZ1oWb?AU$G#x?~cFAF>r88mJ#R7ow`53w zIACf*Sk#w);_17Nmk=@r6^R%}z~AlT&0(%I0N7}t=l$Un#Z~D!FOFn*`+8TE0^E5> z@;P!i6v9>|3M}h}7z-M|)NV-hobc@nz~0VmGlQ}s)RGu4f|Zgo5d3{cgPmC31+ln^1MF_w$#w{(B;7d=*sh&OQ z+Ym!5@1>3zeHywia0@>G@l!o13ID=(opn=m<8 zMuE5)<48km&9l^3NCeb*@$wYkI#7-WCjWo|i^e`d&TEL%PpTfyt9ff?(41Z21)_J& zocav7x1O@+`+AJiDU~VO?Rd06eul6J$ehJT*4eycJSya$(*q|L0#okd=ekN9@EQIY zEmFSJ^8TP)#A4YE`aQVk5fY#4JHzVyEtX_hI?xYL#kAzs*hY(HUGhBx50*Oqo;LMT zZTBpI-o>@)2LSQ!lGN)$f&7~mV7Alk#MV>E7Q~ads-A5$xyGmAWl#h>ocjQKoVNQw zZ~i~K_2Ypz{B~6Whx~oL7xGSzq00C^wRk=nYz&B_D*I_*32vW0>-Mv>PAAla7> zTv1L73rF!ygi%gKJ3VCGy(?y)&XfLccA?}0Ar?+FnW7V8X%N@>2DLPW?mGiM=7FL) zihuo^bovRwa5FH}6*il#I{>1_7pH$kPC3wF$Q&)sj5+uo0w~j#cS=!tde9S>-I(p(sj)D-q^n1G)&@;-A3wSMD!7fu|2a4z zFSkU)wItA5ojfxnxl@ttz>u`oq5^pA?$o4#syCPQf-_}cn8ZdSv<)|4zQ&L?OYeqlk+tgT*CKD4mR6ag zb4h1M(;$_SU+8{b_5I?Xn6wMwwx4VtiC!7uYqa`_K+RS&QuXarCYi7D1 zPt$u}UMcl$nmijlKh1#gC4}xrCN(SXj_e~Pm`j#A(s1^UP6JXET8v$qqHylcmrC6v z#=<`PXXA7buUBRX%vmQ%EYH0ZGhFDu_FEhn8~D(kw_>Wr2{KztuT$p~^^snG7*;X- zlhClsT5&jLO(R#gXU4lB?K|zL<^08)@_sY^ zLA%n~>$UjA!DO429;JcdFNw3U0~Udj9b3XpF;m!E@jz)yj&)hW?%(SyS8>0l#6FBZP@;NHd!yJ>OpfWp8KiGHQ~(IMn>8F@EBO;8P#g_4>+3LF;6I zGLFjoO=#YYssOU*Xr78G@)!%d`@H$ER=-zy*Jpp6(VE7mwi6udD@pDqvNo7W;-G=^ zX_6aBS;3{xHU8cPPDXq7mGf7ld-j%n2~at0N0s?`o&rLOYD*~^`@Ath-(IrlikkR{ z8j-W>ANpYh-~PxHZ~P$p0!=)BOz5_^bu|3hpH=X2qMGfu8)A+z8FDk{)uBwxdwrm} z$*{Wl^caeP3=bbQIvE1^J5DwhHF~5&qrAkcH<6Daj|49{{MRX(Nnn-X$zm=KB5-^S zbLydHj=-k3{G4!qH_mh1h`at$qQ}AV#{k6yHJ1X0KRSc!8eJ^@2ALhtWCAE0R?3n> zF~=Dr+wA4o4Swd^r{pm_n?raPvf{*K2NT?VHIiM_JMnPfS9lWp`M#)TKslUyU01X4 zX4|Bi8RgOd5%kR+#Ruy5h!2TOk6xTg=M|)W`L7E3Xc;j8fpDb0Sm?W9w$K_&nHGj= z|CesVXRjA|onjm0tAowFvE9?#7xU?wg9UDc5~*Y-5ym4=v}w;Nq`>vJ+>u#T>96l`fp!qNel|Elvyrk2m>64QF0B@v(z_1cCr! zMtoL2*V0`Qhg2@1At3UlSE{^%R4U$%7(P1v-F_wrW2Sak~TJ0 z2(^T*N$#zw^|^}{ziqNX&i74tu?lMD4|u@4tH^(lwmHc+n1P`M^3nd}1R#Lyi=se1 zSQ*hl{+ybp=wGFu*z^4`+`8A#u?g&_#MG!M$)5|XE(u6WF^r}v=BTBe9*A2S! zBf8;RjA)vmqZB|@mOEBuO}qa5IRjcm{U}H;`}WMWbufPs2?P)0B8BFJL`Q3X={!xB z0o(hiw#~S>&R-WD1uU@C*sM~$yUjw!;dU|FyIX;%D!=f2`2~jf&J5%RlYKWKT%tJL z^pV6{Y219RJSEJS1sn-yCF^ubxSHC|`j#$Y=+a+Z6zOEJ=H@qdx;tUp#`Yr|bfoTo zbX?%nIP-aRgUmZ|vkGQ+7)=zb&B*0)Tn_IW6XR9)qViJ+9z=zUM$p7(GpBC`0x}2# z%7%<29ubr+D7dqq=W%+hnrifVv6i5HlfJ$Y%h0bgaLIeF)y>pdop2OB#JAS+nZNjo z1(xXvhHyGeBn3MPY}LPjNHVrG8#6BwG`6{^zO@Aqgk$mh0PiLRJdC1csw_q<+vF-; zop=YxrJqaQ>1x_Wa##u>I~ejM|7^7FbX)!L2>%l(;&zW4g+R-~Y%xud{k2>g3xq9R z(^+~?+jf{Bgl(UqTmTLxn*9NA8@NWRVZq?VCvb0ZlN~F6ziDm0dGtRlK-idXCv?G* zsc^n0H53|}1VezK{~=X-#RLD_)Ah&^?}bAQ5~EE<(^;{1t5a+gCUkF$j*FTPA^na1 z+jrO7SF_QzV8tw|hQ`9Oj;e?J4F>Pv-nR>Nv}F??dNE)~#SX$WrU|pb-RpyH)Qe1S zV|z|?%CM!;kqvu08LRQG9iq(a&md`wsxPT_*79{LK4Q0`z3Hcfa+=L{^H0`y4{qLI zdjv2>eMnLxF-;;laPp8D$5ziw6iJ0H z1U1F}nAC~WnOLUp$|~`8Ae1s6b!Wd6{cM+GnkH?}6tnBimFD9zR^?6NV0puytp5H$ zZA`Kdo0VJccDcMEnBVAX6yp@HENLReH#^#KMi?-*$C{z$98n%%=C12Q<(yay^XVnO z9j>PSPPixPkLuxdt&E(XY4w4s8OXvr#!PR&`dJ%iIoMf9g-fNzr@@0ATai%sv6q)! zGrISxvLm&LeP0GYqpsC2|L~=;Pmu)8ARNI~GJ>m0Npp`8rj7bkw|>sxa%KKDz&^jQ zr>Y9mQI=LdWtXp^OBMX4aiBFbWs@BPM@|>%75=$4v(NaXc}gJjaa5l^)mQP`vlp7W)1e<0;wVh;0_ovoSis?Vy$F@YtYP&YOS6ogfzP zB~9Xmdl$rBe~7EfZny0!(>|^s>>cr~4b`3ZgxA|^$we#fv&FfD8V10cG%<%AOuOkj zXBUzyw_9Ej_uB04cgNH@<*O|CB97ssLs30NQVwilU0i7TeNpWh$zgjIia}=m9_THL za`xL6Av$=_9Og%T&|GxH`n?Dhx(8k_vufL5g$38{+gERSIUt#+UyHCrRmAF;kgp6T z_7sC;!YtdOY_iuTyy6kCrv%id>$!`L2J(_82>Mg4|MIx;Qr%4w_76%^k7(}DGu)-fp01x$j13igfSzE>pjNWwDm`9_w>na-poyF zxZZx|>vS2k=Moh$-N~-pmKOoi&;zGRpk~1I3Uj+N+5rZZS7=&|(t4ls^Sz!yX zM$em5Vfa$JS{A=G%Ctc^)JAJ&I}9c$N{gfu1Gd7)7c2)0YBFd#4v=o$Bp|Kn-K z;`j)A!+G>q@553u*@lK59v2iq(hSmO{Pr+MlT~js1rU#OqV2^}GJ(E#hL5<7adn^q z$lOurHc8n82Mha#6Z=G&UZz!v)r+>>kdphmF5H41iiVPd-S4GnaLlM(e(9XHf9yf` zT42S`Jnm*zw+*C`PFcO3%@^F-C-J)av>@QZVbS~@V4u@vUEPWH2J)%98bVADheWRa z_)D!WI#CDeyq)@q4%}7^Q6MfqM+o~l-7d)g^&(Ipu zN6M8Zerx=xc!kM_?ZD-}iMS1uas`O4o8jU+sM+w&a#>-es<#wl?#d`TvVD`@grc5k z+TY~4nj9RxxO3QJLI??vxxPRG7)Z(SAVxUweXFqr8$9XoCZrJPeR7^#~G3e4X(;e6_jE^$Qp~KCsT?ZBX)p za``a%8R}76s)_WkXUQQOQijhFcejP3?s+?+eR-|l7qMoEYv^H=IFprRm1u*0$eQnd z4CcG{QJzRz!Dd;!=^R_ri(b_OH7-+^Q|`ony=c9ew@nao{&}8J$8ef94IV4j^5;h# zNSDHU>p1sL{yn)SSs%gQ;~r!ryYaH6MTFzOX<$_5VjY5))$2`XE|>E823}gF?^1)3 z)D?vevcL$kKta7^<=iS$Be(Dmt=>!4{7i*cJ;W$r+kioy0B z!7W&$1qqOqNSv9Eholot$f8N|>(@30*;`vt^MYZm%AXl4(o)0U-_cTWMI0R6LU%D_ z72Z=8)uT*5$=(5xu?cHJp<{tvucs$yA|;3l`gyYlHd%v(wW)*Ua`{O4RlafsPm!dh ziMPeQCwgv_b+)+(%O{n_$zhM>;mQ}RVZnyjx@7vJ9M2S;hR%Bv%X9EgWctV4EEdx} zFy(x%@ZmR?^6YWTHz06XWb;&k^G~=V(7trf+wYA-K(WR8VY63PqSV{!BI}f`IZMyS zIS48wwO9>Y?)bUdNKW#WB;m#U^b4HZ#|#3h1W2iL9{qW{p?HZ#1H{+4q)?P`;aVA@e-2FP znqkSF7jL6k{tbViin2e^eg7;4!_}F>SSjQ>d=h)|4r=^jt}-MWg~cJb;tr*hU0-t( z*}>=@TR>=6Rn!gZ{jvVT5n-yv z4~w`HNi5DIoGdbxmx=2M(dh}Rd|jC2$NH%~CEnJBElv0ETI@DVT2(fFE=7#D2)Y=( zeS&(cOj(n)k51P*^GJ%Tu2V8a*Osc3|H@eW;|k|VOZLS?FB<5jb!9g#KqugC^A$Yk z)w(TDVlZAK(03%vrTbS)y|WcLV9c&1Q-4Y3V>AqC#{d(dt>aIt)uY<^mAk@-51`x~ zU{i+2{4NE}Q9Omq)hY~T>uB9iJW)Uvs#TeJ05Fp-%MsF0X z=0B4=WOniXPM}-K#}CWyUKdXP{lLTRwY1YmdAv)Sb{O&KuPl7b3`r|RgwektLwHng zElhFaqp-1C9%AX38ZyRj(`^EJz240jia)xc{+z7k1UZ@)+efV{8%_wbzQf?(Dw<40 zGu2c%%s0s4_<}f_7mM9A;thMWB zh+`T!lD(9OsG1w)puuW((sPRpZWP**i=K<#`jiydc5An4a^q%`B@`&N4SuLMD>sPf zilBNX^;X*aOi7#l`2?^Cd4Z@M$**3;XrSI_@~gdNx8k{j!~>)co6@m#N6)Ks11L zPe2P~diJ!S&IB7q(!iIb9;7~$$b^ZW-61%F0#UJMv0SlO6uT{%FEN#V!21*n*>bh; z42F8^7H++BAhDLSvaQ-EJEbB$K+7lVL6qg86v=tbHrCIC7GW3i=?=zW6g|pvn+9%h z{LAU3ok?}=?=IhSTGA>G7@X-o^|HnRFGZq27XS4Lg{7&^tJffId8T{=-#{5+uvpp@ z$&I4L`ET@J)uwBeY;L@++`y~%sqp6+K#eadB*XF)fGT_jSF!tKE{zMklF1Gjrw}_5 z7&FmzCh79Ggsdvd2FVwMuLk^S;xN>lM$ydaNA|&2{O1a8$Tqn4x7{od?cZOdRuDq* zRgjvy{B?G={f`>?ChZPr)g<}aeAq>F?S6_W2L$gpn>{{8E`HZ_)Un8GcPnQzcBm3t z>F^-MKkr-f(RNH1f5RxGNjNYCENr#`3um6LW4il9}OUZLB+;! zpab7j#gFx|Y9|=|Kgq7de^^w1SqHa#Ynkm^!o29!TlFgZRSZL_q9qGaJ^lPaQjX^= z=~7YtS_}CY37mLVphd4?z6Eg#OZlvNHRd*a7`^tETYw&yt{2Cvrvf~&>VJv`BJ{rT zmY~;E96RlJbDKVNeSX69m>}2Sf(V=*{@Ot9jVv5x(fD4KMTNak?bF={Weo}v_dFTn z6Dq_K?b+9mXEuI`F*h_OU#iYJXSD6FjTMsz4%N2w0N5WIbeT!HP7;N_6%SZ@^q`H#3ca_SenM#an8HU zRTa&8jg>8ix*yLqj}z9Sg|db=;8C~p|tn7zI6uYcslXt5)s1i)HfMf=hpoy2Xnu? z4eB{QXv+-1td9!P@)mh5YgF!M();ZyJuYW~XjNbt;}Tm|Ybzwqdj(IiS4OyC@Dy`% zjuY&R*dT&1blc;aO@%PJWdikTz^Y_sAqOPa9(r`aAaP{5M$P?REOyZdS8TTEjRs-M zu~GS{q0QV)-K_Xg@7d-!F(2&T4hmgD{c)L_{#la%bDyj~2nbh_Nrc{s2Wc+|bt=wH z_c~!qh7lC8Z@?SR&BloH&fdT?9dLZ28uU)5r;%ND<^6D!d@Er7v+4H0^EA8G!u?~g z82&$2UP@x|=#Yn**<`xAiX9P*YSX>mx(ke9^fKaYY!&hQnXlWX+5LCeVCG%%O#DN~o*C8*FjCWfv>f4|X^v`n*uVzZUsQi-j?=Kz zx7V3_ZiJV+*=Y5C4r<=pX8j{1yEUF zqWxWK@iuyN&?X#!_v6fKx;D@-X~VaSk;$nqk6klANWWWq{s2ZfU`kY zjJ_4$!@7-*MKsvuVYFvQ9-D5LxV&JSIGQMfdi=~kNN8PPzbx)2Q~V& zp?*PYO;S|ZC=zCi3ycXj>-vBI-Vf$t4(jvo+HKv$0lZwN|FdpN1wp}59ce{5A;Y;^ z?&@Qs&8X?M@dFCPiBBY+yUefBno+4`?xAj`#d=<$zdQRj6v`RrPLQEdE16`OFuh={ znHMwH>o5AO1$7-j0)iXE+Bfe7I+oEWYF?$E}j6!xoDPCWTy2Q;iBLP1mqz3gY_EV4bpLFcqGon#4TWm!l_!n`9leR9roDK@Bgbyyx9ex?~A7` zCEc1kp7=km5^V&(1j|`A)-jbMfzp3OpFx_x|01PXD&`wkHhlvD{XJFqOZv_Fnuqfo zQO@675x;BanQn>VehA=#SS3%U>;sJfZ|RyYm3WWX1rZ)zG!I&w4nlGC!8QDPy_18D zJ03_UnXY_f6^1WiG&OkT0|!wxbXPx71U0*9xWB6GRL(LTO3bHT+2ZCzQA`))!!&BP z)}&yXwt8(#2I_NVg*)^Nw^2B;Ej3myd|-?_?9;m$4g@e~2lp3%^Tx;7r;D`D|4j!c zYil_NGGlDFaIMckq(SEHIoEJKAyc_JH?7^DkdkQA12?cyUwTy(9@O zzm3mceCopR{%BPXL6_l_J+6cXLGVJUM#d2D=|+8NWlvp z1s~BowsB%HSItvGoZ9zb52WcF`ITw5`Iz8*QTN_2m{R=Z$y#`)Eq4;XCTCy{k5 z&HQX?*;0m!=O}DC6hrV@8)+u>YtU?#djU~#oC`GE`1i1A0kGs{Vse~oO6kHPDYjQV zr^|%*+Xx-j<+##bvi08GsD(B$NN3z1=stNLn_-3BC7~T$zXCi}U8f72%xNW{Ok zWt<8aTTJ0NJyzY~-2if}irvOv)--t|4;MrLV@wGXFZv3;&JHEj9&MV7hFxsA1lfh6 znBR?9lerY#mc4ef4||5D1q)sMrHdYX^-s#+fhd4(8TUDm^Wh6fr6sa<%~26EYoppH zvx~~-XQrcIlE?*S&W8F?%sdUi_w=2tyR#W&(YF%DxsXycPHX3=TICBm367|CA1$gK zSpcnjyIyW|6^|x7+4&nfvsd<(=8l#m+Ugi2Pfp9wUARv10v=euKIfTqU~hgTXBG%| zavoTBH|}k#><%1cEdv8YX3og>KT0_&Cl1m3m+8myQb_Y1b?(6wDFpJKl?c{HSZHe` zfW~pvso5uaExzbARXej>3Oz>4{k2+q&;tLd+Lihm%7`P0wj9t&0z|!8 z1h6K424n?v65SqrVfiRfrhRNx2Ga=^4XL#?2>RC6>YeZVqNDXy&C@)RG}`g6f*Lz1 zsHk(SQoAqc{cW=PE9hX~=<($Qg?%g}wc5GLa}=2r^1&9R`kjWS@(K+vlT}^lV-lkbzZ3Z z)J^+lG2M1&P~_0ZKfPscaU**QIC~FTy5Br3?aDcu?I^J+bFA2CT_-ZG)T@Gyg=cSG zW5YOUd0A)8Vy0_0T<^hhR}m3THD!2?61OV)xsP-gH+H@~=lYJvMYbMK&s{q6?G0lK zF z`ntPG^YKcN--SW-o@R#u?vVHZZ>zlK;){)gCs23!foQAm?z@YcIB)Kt1)2S&yqSg- z;ZDO1r79hRrTi+@B%QgiR)eEC_ajNm4vzlH_V&cv8{XuKLZC%c=<--sn|_;4w&a?| zb%_?JJlqMmAKlZCo0Y4zL)McufhH< z&1)@c_XZNMmmB6_aLPep!JzP$S?Rk3a81aic&}e~l@;q_`kK$Fd($MOD5vc_!sySO z_D=TpIeSU9b1?I!S@xG}5ASi~AMsDl#h`!ussIh7VzAPFvFb)+Q)kJcvK%&Ps~lY8ItbUEDj`Rv3zhU?kj@q240PKnel z{fRa3_L_E0Vh(L~4dfmg-ny@)kqJ z+%Ua119Ar+yeI6xKVZEDF~XEksQ`JKsLA~|AOH3P)15osg?yjR`3cy{{RdbFQ{&~$ z=zat#MEnICK|Ek;ZP>&1sdtC_W-%NKCS%F(#Q%X$iNW>`iSH$jUlrcuxYinHM6{?C zq!bZi@Wz8>QCL$LCsyvyO42s$NgnKR%G8%uRIvDmrF}emrYJbLbrhq@IY*h3j7LWkRNUTqxm&)UTpvd} ze%0tufXq4n#T(%yO|uSG2%77++{biHbav_05E&1(BtnO+>`_`n?*4@PGXi-`@VBW< z{>T|(h8xl)T{^M?sR6(`m4C3861OdpPUkU;&1#AGRXJEZu>kuCnaA_gjV8YZSpqzSx;1W-Y-N?2iA}sEM~=pa9`_B zC~S{JoEKU>cc|CIGon?0COuq4Yz5ED{$s#t`+|oLP3eL4g_ki;pfoP($%yUYTW{)0 z4_dI#W$Yd3^MKr2bWTbjgSsNaPuNOWYw2T6f5plZzFVybs8WRQKjsO8>8y_2SZ=+_ zi_96(-xl&^9@ zR`#3O2I%Df`Ypf&XO7du7W3g*mLAA=Mr7>wQNS!X5&PDi&`rV(h1Z+%Tv4Qj3l%-sQhT~uP@5t_dmQyQ%E9B@1soa75 zfaDJ6JNN`Gu~#8jNKdk`?I5ozcpnvvk5Bye;4L1rlBgd3&ALq>u8M2@PYvqfWV_uFxP}d_~ zQ~Ir*+QX4o>*ET>%m--${K^_j%2>(_(LhgGP}Vob@p^ylx5stm4Q`j|P0!VjL(JSa zMPGIDonN~uxM22Hp@TDH--1F_2~q!c$;$*F3#|1{PCBJKDK&2^_zj)|&pQ~YvgL?q zw}q|U`OY$N-+X_(%Mw;+8_av_%=$kp06}KTGzA~vKa8^zL?s7maXueEnYx){@4p5w!6NDmb{)h}6bb#Mf&3Q&{+BWi%2SZF@{fWt0P!#N-#^X&e0xu)*JBw*Mx&|8*wtU-E?g|3}nUXYSjN*>K zX+3Fu<5aWe;GdGIfikZNXqDxbiNvEKAq0z2;Y77jf%Z53VhYKEVINq*zva2~AWk3t zZSF77sl3ZV-{()k|J8^6Ie(C9i-uL68N>ZQg&}6hEa0{h)p9J{s=l&W)@Y}HyZ>8# zSo$_{);A?GO6!;Z!N4g2cw%6?4w9VAb)^_ZZ2sVa&jSDNj<;K4pbxXeu$qLw!0EG3 z&II7Hu;xJVbRil#L%pp^`?%cpE?z+A{U1|eik;O$8@!9Cg){AjUH!#d+sPx-YT!xl zn5)Dcv%`_fj?(X@S-!oBNXFn=tp_{xNhkAT4{(uHC1e0!dFkyvL^>c&*q1SFAOj#de0R|(fd$7ER51)y?nG%Kx7@W7n+xtA*sP?G6 zU8{}kInaBR++IX)wda`6;RdLgj9mDZ=lnkA3-oS4$uZp}kl&2Eb4+oqR}GMWN^MeR z#1T6;WF$GkkulYR%9)q`DdHo-obbrjG8v9AH+_!KR34- zb+^G`rb8{*N=q@`OKq~eMPblMV2LDDGEhM$AKJlx9UKVQp%9_SHDi#dpG-d9Hn^f; z(bi}b#>7{*uxqPo5?Bh1O0mky+L9tEJ-$dG+E3lgD9NDB#4-CES4SJ&U;Cg-jE=db zz6A258u|&j_^REUa?O06W1ibQCE9j}!Eh$vmbrK^Zyk+Ju1#7~@9-_1Yl{;Y6Dt3# z;_a}8L%S0HBl``lp2Ck~?I;m3(Z@TbONHk$gS!w#aFiC@n?*xRm$x%dOD5hkPjjL} zYj4I)=@mb-^!cp30pxuR-M4neace4v)P73XS$oq(-W}j9WF0pV(?Rw>VOC< zYGttDhMU%tPy=oF*i_Qv495zS?x#!NGA*osD`M23Xd&W`<;I!MEwgFG=55I` zd<7YZ{(0j}XfW70$ZR4zAzbR|p`5*^kLtFhE;yr5u2I;Deg|s)l^+?QdsuC`5oRzSWG;Z`LrE`^LAJ&Qk=t7Zi2c^cw023% z>KKYpCLv=t%|3SDgQ=6!*2n-}Tn#|7;ZeFgP{p>qGzO5#g(!Han{c!|On%AOjRA;O z*jaI@mB?ZWc?Vk31h9;n!@pYNWdhZ`OSMtP1uIXE+^&WY3Bg_3Fjtz1rL7;1GP(32 z?Bnbq8N(RTTamqEIDBT@cW60Wl4Uz_jcmCujFFUEa4dW`K8-?t6n4H^-w6I(g!(&h z8lPNLf1IDLe`?`-{T0}fia|?QJ&wrB=h%+2%8%ka6z3@gO_YLrO_3T{W5e||6&DOR zQXR|MUKRs7y4wAm+%|O6(Yp*ED=A!4irCA|#RHFgOtu49Pn6OaqpXCPmTO~ranPY; z8tgVGBfDo4l)EHMr5f+58j5oB>Z5x5$}HOD+*rujRRpm#KMiF4Y}H7J;WS5G3pe<_V-cj5Vk~1wYuPZFC7#$A2UJyBg>K zX=Gi4O6^|88M1m zg`+ynkNM(p1@m<}de?3Kd@~W9Tp($guo^mzD4ZNwD7I4BY9icFsu=y4>x5Kc*g?kC z)F{bY|0dFPy7EXsmvcRCZ6nof{<{NN~kKsnGt5pTBBqj>vd_1?;g`j#|@nE9~Sh2vGBM z0Q-^WMtUi1mc$fD02sf4xTOJ-G?T^bI)Hs8FC4NzY$BdT<0NabUN*;3PrKA)pYZ2t zJMB|6b@mLoeIpFI2lkL^=LY`%Y~f(3+0k4Y5Vyp)FM}Iq6HcNG5!-TwZ`PW| zN%}m4V=nsFUEt$#`>kN|LD;??!3tZm=mRex2)Mm58+>xGOoTFLorH(T9wW8HgF6GhQlm$y2L<%Wg5$`Mq5-6uG^xW zb`wMuQ3vtP_scrSHlqvE84K44#O;I1j|F}S36Hq)dov(LqSSRn+p?qmy77Du5`M$8 z!zN&ekZ!{?Ppe7(OWA0Il%Bx5aIO(jkYbvJ&ytXVl^QAjJR`yAL-)#0DRU#=Aox=> z_kA`zW|J9xZ^5xpNr(Mj6?s<$k7Fmt872=GwPUw6uoZeyJOxn+x%}_ z70g^!n5rK`lxoN0Y^R+U5$(8Jw*iFV;)SZ}yN=ke9R!7X>}I~aiRao##(WzC1)zjW zYb=D;W|*jQ4|#~Ujui(4Uzrzt5K4{vLN#Oiu>$_=TgZqyp~m2AbHRQ$Pr}TS4JG?& z_i|;w3gMyGKn39`0&vq?m{VmeKEHvtPjMxj`-*3qz{+DeR}g**UfD`{k>~$0B&0$F z!q5J4N8Vme$ZzRzsRfTOq&4DSepTv)YvCV5n=%OzWd(728dK4OR0oIUgNx=36L?B% zHgtD4HEFa@2osVgV>K9K#Gv|F9gy8QX&}DOd|QDd?{5unVa@^M!p@{|7f{$0{fvM7 z+L%sIGung&yBt(1NT`)ixX>9*#E*$V`djL&wzsFU>!HCb$V6^MD35#m^~^Ih<)_dW z@scRr*G{7Ay}mMQ1|1NFRc`def^%CHD05_=t}5x+^*1H{1OHFsf&yQpdBJD>>w+B! zh4;(5O?l_y%50znWuE{!HMZcj2WE4PVnk;wj{}m@B!L1Y;t8JDYTh&3E7&e4+*+*q zGfHnCFxNg=aVWYIPa4!+_-($d2<9zHrLhK`g0@cB+DY0c^#!Ik#fVp~zyP9Fs`486 zqKt@lY&59yID<;4dVCf;!$>G>!FNcPYL5bKDo-y6^+Vvj=v)mtjDpDrQA$1qc4w`)4P*cF5__BY!E%t8 zgfgboDx`GuO_C3_yPjimk24P2+Xi(#@vu&%WSs659E)HpPFATud>K5sy6@Xc^4tpq z$6@4u=`)rZpODd{5S-;-^2Jthi)xXo$3husATrT3oOs4Fz+g?&^iSTnZfNEg4}EbTph3C}zAnNXQ~E9q}ue zy07;=MX3ElIMm!&uCgZY>8PF_hGkj!p@=AR@KYiZ`q}RC*zn=YG^?X7b&*e@p2$LL zuw|YQIr6PUaQ`GK8jodLl76;E`^`iNq9+RYV_L=U=XO!iD@Hm*rpNfiHrTV?`XnJ` zrdy6!2`trqd^P}QlNzlq(KMLOL|sUbkuy*dL|-5Yj1<0hSLnKZJ-1<=H8p{Iac|c6 zc|$+%FCk!n|Kpbc#CejR=1`=iL7VP@OMeZ9SedeXN#LqAz>P?KMuL2X5S?T6%|Oyd zD*s&A)7bK~B37uOChY&AbLb31w*EJB~)N zbBK7(`vk8`#Mqu9n4D*3C?9ITkC{;q7B6w5&17MUV`Xqpp3OC%H)m+s^>qJr(0+KV ziHhynoxkt>R%d<|?Me(Ig%~cYjopiz15EoApY|pt$0F+O%H(&d&j~%e%~9@uZjit> z@3ku(NJk#lMk-n86)G7Nw>g7DU!zqC`VveD><+CRj)87`TixBn^7I=Uj=q|}fhE;? zI%+DXbeS1(zRRCd8)Q=IAOm!KCXA6M#sRw)^@ND^`1r%xQk}wO29KxADegNcTpM{m7k9VRBh^=lzcF87Gm-e8YETxLPdc zonVg`D*E^VEW89mOTE9)vD&3@az1RMk8jNAi-o8Y{SG|bxC?%?krXHF~(1lzIGr?7d|`R8jvfih&3SsFacl0@6x%ihz_fk}4%N2n-A` zgarr)NOzZXGccsm-OUChXNaL0YT(Y``=0-~_xnAc&U_eU&)RFR^{chx+0PR^S4VXs znNIu4zu^(SbC4ZL31W|&!i(58g)RHedc++{;nN#+#hGMP*-Y<`GE*prsxUHWc}r0P zZ&K+L4?|BL5oVDCQLveE^v%=z;0m`gC%#D*uwzzQs&$GecSrT(fuA>>Je1>6QHK%B z9`wbzALG>Ks)%lxo}R49qsIlbi))W^WzccF-%Pq5_(`PvRUH1<@|qF`O@7!>3#i^oDqh{uIrSGS;pJbOPT97H&6F;# z3x0tJb3F2gL{JtDCYObxG*5;yi@&=KPf1WbV0Fz-E$^@McDRdx>=N_4o#9=UU;ilY zbZ4LHlCo>dZyJ*D#?%j_yg&z!rX4hIlnS57U!vbd%@7%%gVYkPoD%+d8F^HzJYe%z zL-C0?v>6NyRi60y(~)xd^$f*$2RXIAsWdqvrY&V(uKn(ptsXtP2RJG~V+6xa&0d)n z2h|0?t`uH>h0R~GGPd^&^2S&yz!5AJVAF!f@>>>-O)NTbQFSOKZN~R{_??BDT5|Y% z*RoPR{bC(HY;mJ6C&}7lw(*`i$>!Yi`p$hXuwt8=xur@{24-I)shs)e;cw8>G}>|L zlJ8m$C-=eVggz@WE%yiTnW|K*97RO9nD+Y$)tQ%k899eXT7sny=CltV5xlvSZm9Qc z+1UK04znx9V5Mj#%*4Qs+(B$<;!978WFRw?J3LgG$;>uJdcgZ zb()t{3+UVXX;4kOm-k8hpOk|?3T4bc5=BxW{OuMDdiKv~sm#l5Jv2M9a>7ha{IBSg zcB=#8bg-$x%n9E3D$^8f)_FhkhF+gwRSIG91>p>#rWt1V6G-jK34AM6D6;$TD)vkn z*tmG1iP@8k*j)kR&##v_xGbNM7pio^i1EOKH?AZ0Pm^x?+4ozNERy2jd1ZF%t~_oMIHu<1Oxc&8ZG?wN zaw5WP#Zz9+YXAk~7v9Z>`7qs`R?#xZD1+znk~IrtiZy@jP`fG5cey$q4>_?v4t(h)f1f#9$ zlZ0>Q^;2|BLMc&Zm52PFL2ouic`ZoOM@Zi|D6IzNzt)xE0Z+8i7%Dn5f+W2kroXiZ zhiQqvckRMN@z9svJ}kx`Kv(68YF7#)j)E(?%lU$3`2=>H!Ve>q%?(1{{H6t6m|E~P zA6h#3ctMCR?;5Fa#anmUe=An>VF8ys@qV*a_G6L`{xzFg7eiaWY$#YB8*2y}v&bC` z;hOw}sp_M&40Ry?^F8E?EL)2EPqSp1u6S1E@}uRn89@R7`V}OgLQFd+_tE;nHLxqf zeRJZ^!bXMAqgCuAN;s?7gWqiGH(tNQ02!M6cmQAx?%HS`BeztV z)2(~Bm^@J8hG0k!rQFN322;fX*JfgM;97PbUz=-s+_2n!Cpd1uPlIg*gGI!%q`-n< z@Pr{96L>@0N*pY2db)bB#IAm<(DgAe3HxIIM-(jkHko#D%#<VUHS)Hx7?WhQZU9qdHS>r^BOxU2?ayfcE+!$ zqTeuVxeky=tIiPDQG;hk(rMF&>5r_oHwV3!ch8@ue!uTd3+9#JeOx1=clWy1=Fev< zVy4T9aVK2?Q#ywDUM1tSe8k*agC~%Ibk?< z8~X~)j5N68jo#vF0`l?}toJ_HcfVei{kP}Tb>LkJ!Q%A5XVfjT4~_cxcGJ~^+P0o8 zU-op{ool=zZc>_eED)RCEpd#UhseNsOi|O&FDT!Op>(KSezSgBU9PO#&YkE;6?XH9 z$&qyN_ff8_X=kcd&8*g|x2BF}i2xDq*5`^hPCu!=bQVZ?uPfL1E?sQoPu%Na(g;Y+ zno~u$NPST@L*&irCCR%J&7?dG{rRfHf(@J`h-$LyOFRW84&`?T(@gWo(Sg6vnJ)E0 zZ@+@dk8N*b!xa%o=-O$!(k3ehld`Oqha@XV%vUIci1u^hnt^(Gus8E4Qyo;}gPRF@c^bl2a1C0+0m&6pX6eJDywi$p|6n(G2NeD*AiQ>ZXCdr`mXi}o72Sb7wS|9DIqPl z+9U1sGr}qEa*1KB=;XF)?h}u^x5`veJ+oNRM;&psdS%M@olFvU`{}`Tt7$VtfOJ%Y z@mEyT6WJpb^6Jp>M>FxAnaZ*crC;0vqw8;P3sN)XTbE3dKJ~sJ0-$mv*NTZR#K0PP zcDj}{tjxd56~Ji1v9(3}ou}o;Tb&KG3m<-^9WqcGlXq7!#$-L4)F~KRUE=KbOBPD6}Td3CP*p^TPLL zZ%nqvelB}K!^)Yh;Ht}wDWZV7MyHEW=n4b^t z!u1`4C2Rd$O;(&IY9k-zGEkOM>6g3Jn#vso-%zYLPVF4&N;sr8^bTSyhP{7$Hl^Ab z@82u&E?s<+7@2zh=8&S;QqAFxA;l>9@U#_-7o^X@DG?lQCmP;s$ulXt{ow|%c+?r? z=--xPD`>izk5cTrkX5a5`vqf43Tmf=>t>6;-e)iqjaH4;?cjP)AfcDsK}f}~{_^!k z4@2;U@3eF(Z^my4I3!{3SdeBjwBrtde2*Lk*{uBOvpStq{Z;TLv5~xx9v)WMC5n=h zM+47e8`^2%Z6~(8?7@n~OYf-Pb=LN6;?EmQ3@qW-Nz)BXCKtz86AfpaYled7?~FL% z9_M)v3_38l<=G8QTtY`?Eu_8S*)dc1=#ij&JMQI0GC;Q?06N(y(jyY~EvSR7fEsm{ zxCKE~O8Vx^*?mM%0mWJ?{WQgJkJ{tfv>X-k0v3~8H1Wf#xr)PSOZik2Hmb9jdm04W zFw#E92pbLKqG#x1E0#pbo~bo4>#$mUnmR#PEs8GC;l;eGDOd8;E5`BVrzyVrwx@d6 zF}nT!QY;&hO`tCJ67#^Qseah7;%YnKH#nFqT%f3Xr*#8=jtyKAzg?5)xE;*#CQ#uy zcq5?q)1XNdJ}c`@i5@GmFd$$LJxbxxgW9gVUv5VCR7sOn{N$t{q2A7@K*Qtgvz@ne zM_T|jsHkg5>u);8j$fsQDSy+Xr_b(64CbD?_HM(^>K#qekHURah?*$sfz-9eH%*iG z0z4JOz-P>jpFx_LN1F~Du}9gD&DZh|H7R7(L$7DGNf&r>Fnn(c+$g%8oAEpVq>C&p z=U6EjCt*|frK$+`ZQ!7pqvQ#hMmn3Gzru=@jmL7+0H(E_{D5YqZ8cR#bV<|SQ&g#xt)fgF_e91Ay&vaz)Ry-b z<~B0jNtvNp)d2D(BB%73iN`DXd>tO59Nu%EDOQNTF-&A!jK@CQy$zsA0q1vlH2}UV zbyCELCQ)1S=1RfQ7oL}|{6KbdOC)Fvfd6^;{EQ|9P~zRY(+IzRd1>by<)KVztu8s@Kq6qV#SwwUNAqjQv`=+_(48eaVF7S}_hU>XI$1j9G$H7(TtePRmD#-H;N1Mj zn34W<4e(iYIQ3tiB+ETp+Z<=>kV-?Q!Jv;EG%g4?4iky&gy6z8zLaH&+U@>AGec)n zVK0`O|HT6EDvpb}VXS=>U&~jiD8zU{M+X6L!r!eZ>)%9w+h^PvJmp|jr~8WBU~$`6 zia!SOFhQj)q;;*r0|^+ti1l7^!;6mLl+zF~Z8H#!_};I`wz!8G+6p*SQ%bt{_?)gC zes9l;k5Lc)!sn7plcr_0tAxN~ zmAY0m-=5y@_RwfzsYFH_@8BB`&%^c`-I?U(LN6EsBMzs5KQDwZYPHfX*)_gl9&!*a z)3WOZITo4f1CBI_up!*AZW}3`~YRtb!|rNXWl_oXIA^^JJo%qcdH5%<Yj;`_phlm znAU6DyEWj@fVT5w%&Hj79T_ruusHH2msXnwZf$)yC>g4-8#8uyJ?0&k)-x>jqj~f( z*!-0|TG}8N3T9~$spOGfBheegrWF=Ohl39?M#SOSK(_M}_^uBS;ou^Vz-Mx35l|yO zs~EUWn}x=Mp#}#@xefH1hT34ECV`{ve7XxBvV{vZPEhqc>`z$Cpqy}y2so_3pZ7UC z7k0z5HXIxk$@kCyU7O$AMxV{TDGqP7Uwi>!ZM;3USTL46Y{dRmH#TDFb%H zr>B0X@s{zxomqV~91%Fn?*AKd zwONo#hi2L2`TR{FC0bx;k#`X8XUOu22_FPh@G?9Hcj<2)lKKVM6mf9_W8iO#j48|Ah`tJQWvU znSQ7R0qv{FToJsT2A~+r)X|&W-LJgAJv%FGEZ;j*GP>malYVy6*4@>mjA+*ZqSU0yh;N|rE1tP$?CEDkowM79<|Ke7J@O(fu~tL9QNjRWO7{SJZx#8^-^YK` z&-xMr2!UWdgb&)ja!^v3gc%^@w8u&ThqaxyWP@J*$D&NwZGbU91gp}DO-Fu9_{XU|TmRX_U8ENI0 zR)d(K_d?He^+WCm^@8f-eZJk=axA$C;pcrjDCf9f9oLaiobRH38Oa}iSCstx%(-k7 zSksuldEIPXN7u6NO<@Js_W6i1`VkjZuRQIJ={6B;)FWf_bYtw7f$zo)zSOGN$nK9L z_Zabauf}?%;IO%&+h=l$5h&Te9iBFY9~b2SUlNz1kz?5}e`maCy@_CAW;GjKhBIi!Obq{Qc1F z>Ib~T@BfhJqv}oCXN8%b^v<%Z0Nv)gP*Fr zc@$K#RWv!Pyn;@1Y`?7ky7BW0^NdYKXf#UBy5cadx5hDhh6ZI-kxx_{Y21a(**UH< zd9U5Ii;8Kf3*$*V)>k1yGG#jpH`PW^~`d($O0jldPF==oY4a-A9|}NH6~Ju%vTr!a#d0Z)wP* zs|3TEO$kl=3QdyCvsPMFoaJs!-7x8&(e`o4DZnV$yDS`ZXhA=_#zLpfa3L~erN%G0 zjHEzV&7e-jPmN~|sT;z%GcLj*3|+K8VVp#*8-dbYt>q_T7tZDUoD7<9yOS}C!dQ#a z-F=e)sSvQW7@fb@Jn5u*s_3+rO_VT0<2SJ62L-r(VRwrM=sJ=Mn6XgOJhC638!-21 z#QYfoIn42?i0@tJ0!%#lG|6fMLnEs@gkxQ3O8u{j7k2oMfcYoD7N7P!Ghk8O^5{{> zVKR85N^5gCu_1gB97Lu zNU4wvMChz=#Iya3noz`~JHmthQfI0kq=$C@e zL-zbaLK(#-*tgw5E>&ZucJzB65{gI7ce%58H@x36FN?oPg`slkYFI1!Z-IXqXLA8u zXT~mSe$LC@=30Z4mk=&wBlVWU^t*$^N!W`*?~TDBJ*I&pRnNcm9@Bp}W-H>y;SZ6f z)7r~JW2qjeZ?b0CFEbiat=T@xK)1@?xSWf@e?GKsBghRDWfR=1Um2w$FU* zkWr&l`YW5&Kt`TDRaVx;#rDN*k1y=mK99pep4meRYl|5bk-qm9BG-}2%Qf6BJZ4+J z=%0}152$N+CmL=6K|FQWttsq;BF;;A?$upe$&dPp*=*Hjnzvadg(((c+`SvUO}zF! zzVP5TPI@ZlbH5%ne!u*NhIH^B=O;FHkUmDp)lEd(htY?cpU%3JU_6-%c}h+tgx{;jWD82}uM#i=( zlBGY^4v(wc@vjyf?5JemO`7nT0LLcgVUv-mqI?xd`{T9N6k)RKVjq2$m;kTZeDwvX zc|ihRvdmyGB)_eTOa+}^sC@Bc*aWIf8Z%$xysFW`ofT6}Y7xfqQat|^`g^u`nuv>~ z*6Uc5Mu?KILV8KUu*pj}uhCibhzhb=u#06lc_KT}wpNskQU2w&=-+eJdfSkb-uXwN0ROoFVAg7SuHyFbbG96(zqL&vYBK{8Smi0EfC4JKeJi=RD> z(fP=`TB)MX2`eQQtkfY)tLL6s zb+u;v!}QrX-Zl1BKUsk`pM#CE38RW3p1QIFrbNsuztQRJ>$}vrlNIb|AvOXeww7#r zp+F=qr=i=k`~F^M?VE;yej_q+8;!;_PZ;bct9%Fo0k z)PgDH>xV+QXxaDkCraU{wO+sEw&JDl{5jU(ZCK0jR~b3gX@wV<00PT?E(sb@p_%t!%H(6Fxko^yxC zaNfO*^3aob2c)H47V_28gy2By9D~~IZGVj{IYZ`QHI}Zbo(ri*K$3NT*?u~fg?QUo z@5G=Z()D9SryyEboD=`@!EhgUX-Lkk1B^etuxk)>!Cf?1DMNB-aUnWtLH@${i@bR`g_5S2aU{)tV!XPlZiuo0>XoOCY8`Vx*69On7E)4QM|= z=8$h@UH+~*AljHZT^0D-b1yq_z-?_H1s%v=z<$%4bE~ppiqmgYM535@qp^F1&?Gmv zJ)d2n-jqCKKc2JYCOO<-zcmpA<~`|KT{Gv2t$tS2#9ky3!LXq7&4gOqU86+L zJm7zdz2Z;Q-cygevmN)}#@x4z7mEH9LPrge+R@NegQM00hVwo0SAT4r%c!HReUdgN zi1OIg=^+%uMePy_5jC*kuDU@`@#hr!vY!c0%f60zw1wL7WsxZh`&zM+4Xzx+9z;lk}TmQ9Uy%|zH!Z8Nr7N2*i z3&*Hc?HsEX|9Vi%X?^jY38-yw(YCwJisjZ89(Uz#)XGlaZizyca}$h^y@ac5pn|~q z#EmxDvrRYb69i{`YQWHU*`zf$(;S>WdLO&jvPJh=e1D3{D3oFlbbugE5OU&Nqbn+2!8SgYm2|xNH;@l=Fl2>GfvzXgRIIkeqb|i20#Z%Y!$orU zPROjX)9;}VBt(kAirr5u-MpJy)3vqUkRusJnSc~XfeDPqgK5I%ethq`vf2|%0`DG; z%ieNd#T-NUvh4(#Gq)rOBio3((B=kAMVfqV( zD-=jnysQswgdYCTHWmCQpsu8F$2=?1_bkP8qK#39z3^=J{K;uT(@VDfI- z>%Wdh$@XZ?d@_pwoc`w-%wL5Kjiyc#3DluOaIL3x9 zU#@lZU@{o1rL(RsWbp8INVDs_kB=0UA%^^md~5LEQ*B#V{wedZ>f&dgmLA;92=sR* z_{$xoF8D!-fO#ZazAqPfcZmY-8kEv}`y4Of{K3Q1glG#2Hpyyp74$DL^o38PGEc09 z=+4@y*Zh`#JbycNn>yKC|9BIs%ly(%U}jo?h|3rgq@9ucLdKpGmP)=x>`4p(6f>M$e&G z)S0H0+QyLNDe|4j$v~e0SlSVO&X;s$>*ErZ&@>>NTDydTd7I8hB2rX+O-fEe;~MCLuxHAjGO<{R{n6gtdU&EH zKhHg2qspQ$U}(&}2}XAIUh;#3=jf#zj@tV>s`w!jZqXXTR7IK60Vi?nL)>r$?6r0C z$Pngo8%YJwb#<3|v8UX?PWLX5L3{N!8@A0otXDrFd<5Y8W{s3Uh7ryjmG^<1*kBZh zOshu`UkrP@8 z0}4lA;Rbuu%MHCoJ}$GMwPx%B5&8_y3w;R08cyI|gOmZshM{D6Gofj&xIsUHLqbsJ zv5u)+38pX6FE((tkO6Pg0KBQDQW6{QTvC;RX@b0!%42NFJQ z`oCZhfotT?mThEiawsB|p$=8$h+%C{Ie5RhQ zk{LH|kyV7$XbP$eSd>iyWkNe(MP_{BC)(oWQ1BXOi`IRd3zCPt8&S(AU15$^iJJ_Y zhuLS~Lx1wWNH?lMQBlE3&rYZG=)~TwE_Wny@@M$M6 z&0SlBF9Y%(9^T}4toX<<=q87on7p7`!>B4m1(mKU@=q(HRC1`HR}y$LH_HJLlLJxk z1E*E6E!8_SjHJOD(kT{l7F!*jOCOR##QUo6wv8==a>~6$`b`UpTHqI(c^!o?p$i_~$&}HBB=P`_)FYNyv;G=XVG;plvhHlqL5q&LXUmqCSRy4=B%A=rv z6s){QW?PW5U0_yUG%i&V=+$Bj@?k<}xJi3bbpq%<#kQfmxVl)n8lT64kN>H|6oh~t zkKY4O_8CT=D{$1%W(vx^`cFcmRlW4gQ4r^dqKkN3qwo8fu(pE=&lG1Zd(1C4vjU#HPES1&<6?Hy(OkC4+(>4b>si~HoY1HQv+dH-@ z`;%hi?>{Y$x6lkD$t!K$ZB3KGEKnf26q?=bvT5v6(YRo zyraRR01*=YoT4aP8z=#9^06?8_$LD*^c+sR>bA9E1>exm6z^QEb__!?_8qusjz$*n z1D;L?D*OPsGr90f^aSG)ZqdT~r1l-8+p#povc>$|IVc`fRsW{NwP9jCb(zcTlSDyB zNjGt(5l{>W@g^q_c<_&0)gip*moL%x(cq2j)`3;woB<@NJA~}B)dqg|*!2(6zltp0 zfeU^JRZN{KFA(x$m6ve$O6)&?d3QTYWlYR?)UAcx$*i@9G7NUO5aK1Vy_c} zt>I(ZZSOHARqNA_`2ho~|8K-uxk16D)&${=mS^@tlz`sE_kwstb*(|YK}&tvaSG@R zGPbATaHc73)^WbB3Tajq{!h3;f>BixxkjhCab~BF>d}B^#muB+y#?__B%Ud|(K3$lMZfRqXLfvxi8$ zwhY4LTP~OcyP-F-U5RHI-(%<1{(6X>T?k2e@k~14ZuDW zf=#Y%XE3zz>bcR|u_1>U?8X3EpyOZe=}s}jcL(2#qaAT&8LwH`Mc(5sFzLp-_AfXa zLuk9@Uqy&33KzthCuSIZKS4-IHC`=mcy9yuO2^h$AfX^q=4y608Cgj`n2oT57&qV{ z5-vL`pfL!Ql7d_<#ceUDl7QE}5N5CdqxTSc`~V#lZtFZNyeBwAJg7F8)`$}LywQyy z)dj<_ZT>X<$56`Pj_@BS0Dow!)Kj#Y13oa&aBw{N0>YJ9w@CQ=GcHU^4dt@>lQYf? zUP798|5U#~|E*oo{qyVyqhTo>3Qb>fx_X3X&~RX&2vHM4BSVIOAOfUfLHiJ{G3rEd zfRI1|+`$JIZNYU{ILnKC1Oiy#oXiEk|6-d!FkU)vI)KMo1pDi!XsB7OIhZXz+Nq|L zWeDi%zg!f1haHXXkvBb%^cUL%Pp^;x;|W6?5kzBl-QvaLuuC(Z@(WoVd|3T^m5j4e z$E~{lN1>`<#ocBnvcj-1QGu(ya;@GRb~if;s)42Jp2K^5cvVw}XD4G2q+fj9qd(rI z9NHrL)0$Ynb`=r^?>sDG+!>C}_ZAVMi?VHhzrTZKoYlhN5I3r4gE!y?b5|m0!?fJ>}(b@&SEggKSP?E@S(Dx{G3hK=FVNoqwKP|4#e807C2mo9}-y zRK`>>ePRcBdy$BU?eEqNkxPK^sW^^S?<+KOQ`v9%r1x{ZrgD`|N$|hrp(D-ww^O zVocF`jyheRiHVO3SUB^k=ie-wJh6utNNcR1-Q1`&L>e6s`Etw^OXC@8R1UKq0-%~s zCa(Tr7ph?X_pRRr-nD*5Shaq?H`LIIIA8j(s9P|gy`~`006#xM=s{cq)YtV2#ylGu zFIW41|Ngx;keVvtu}83A8p)O?p}RtOw%X^@a8YdN;9g!!P+n`a;#`sEi(F?ADTlAj zY>QmQAD1q}nHi0);6PDI{HVQp2~QI@yeE8~xFv|qyy0=hSx=)A-YoQ_>r^47X0H|f zYJh%CB$OGL-5ZT*+M9vX2k>95*S6g)1>fEcgjqO&?SeC)`c}%zXE&8~3`p{L2?LkF0khI~b)~9mPSYk(rFT7<~wx znDV-3N?}AkQ6xkQ)3gbwXwbgFx}Ym&lZx`*h%Gs1hM>E_3md{r!_m=<`yMYjc!F<= zK47|${4H+q&V6%BS;H6cPqn^{1R1DCkH2xsP{ zV|WzrgF2DX9_=+PnG9vlu_Du|v)$eBY!At5V?7>UHjkNo@TT6q`d?V~Dcp2rd?OT# zmtlMmSqKgRvy#|XxD9NkV@iIUOln|oRh1y{nAQi zoJWDmkJujYFv<*KE=KPV#W&NTaBl>UJDhhg`rc~x@J@thh_HOS?xUeE{--Ymr?cPL zG&z?&(=VoEO`bKCRcH4|$$k&pIQ`d6leC8_dsW7UNOk-Wy(KC%U7Ru-H9e{WGO$r{ zOnY$szN)a+m;vputxL96Q4SNVpsx1opvmp_IFtf&HmLGFiXDeu|`RlkE zF~QGLEuY7m;&^yGY#vIl#>4AaH!{A~Ikc!xG zMs`o#H&i_lkXKq_lzl%^**OO$Ubrb!UTL_tQ)*Mj@`gjru*v2ETY27|IJ>-3?q@&2 zTB%FAnI!dV3w8zgs>T4C97ukpyh!%xOY?xMpS@V!9InK2wCk7s7hPK~| zZ``;m*!)%};JGw!Zo+{*$jmI&sB>|}loJf~JaG=8B3;-RWP$LOLGbV%c$Krs46Eybe6 zt^2;^?6#-QfAS2#^e6bGy{aJc=0i{Xb&$=Rm6s?toy?yw+lbPh73WKTr27xeh2>4t|Dw z?A!ZD@8Zq$ir1_-RSE0K_cu93P8hL*@yG06vPlesX#_ID<4%RsjK`Nc4@I9~QnMWPWdwvO z?)f;Bexl)~Ykri>z4>m_l(XZkHnY=v6}c&mhj&rBe2>Q%hUT2Rfk^Y08WNp zfg4KI)6as8d+X8y7DxqseWX&y%eyBk1PfrRQ|n9PNplJ28)Q>_O;#25hfbVlf(&qx zO6Q*rke|mp^1p@mYg>pP`x9%$xju5KmDVnr$}rR}${V+L`aqA6J<=GVG}5pcdw2SZ z%LPUToZ7GtxV0Y^_@)(=DLl;mq1`^U_*$g&>*jfgz1#bY>KyCdnu!CJhg@tAs+LN| zSbvS%YhpXov8xuTWKA7hs`Wd~zWAGX=hl~EGaN2il zzsG!1LStTNcOF$>Jj2{CUc3!-6YmlG*lAPPn$EhA{yK^Q&dHY!J-=~AjrYkS%1O6_ zF_+E4tM=8*1YHLhOpPJT7sSI;&Ktkf8}odTx(T3o=kauRr0X@dT|n@t2C-16~vcHi}$G&+jZU4pM;H?VCRNs(Qw^WQ#&nO z?|M~@OnF9@D1;n9F9&nLB&EE)ypH!XiSL3PI>2if>R<%VoGA~I8l%Dc^i6kzkxQHi zn8&`Bn6f2dT~C9}5Yu-4&q8D&=LaJR+xes1%d6uqS$C1uDLkJu`_Mj%?a_q>zobkLHB6qfew)3UCeKCA0mOEJn(>;U^_+yEK&PEl}R zEXou+u=CN{Bnh)nfIfORsqr;z%cHtc6%y$EZ*1G{d2)@;K3M5WtZ*w{GfVXD%8wL= zahhCK;g#OAJ>=k4hdj(I0~bh@w%#0INYV(FuSpDZS;i@xe|U;|=WFJS`AzCTfj4OW zFs!a&r11x1fQCWnge$k(k(ZB8O-?Qtn!=J^7gLvI>up`tICOD~k{nN_N=my(4Kcpd zV|lozPMk++mm0g)x*v2Tbes+6F(f)r=E)>;4dexHiUQ? z`j$W2U;g_$Gx!o*J;uo}taJ^pA!;{yM7tdX<6ZK^jF_|NO&x}4+f`arv}9)(XU?ch z#cWZiB+H?Z?;#dMXw2!wO9KPg*YiT5OqyDFIhN4V!qOG(e7>^09bB42Abe{4T)z+M zwR5o5FlTytw$jJwdv4HVspsgMCdIHtiudz}tqJG!eK@CyJS=|+OI3M+JiZJY37adJ z*f2`N%G9M^t3@z~^$n!qhYCs=21LQJQoKvNF@6kxczhZR5dCy!R*0A; z{!l|<$f5Y8@mM5a-A~^=qcFlyBC@SrY4&taF}r#RyVve zx(|B~!FSZ*7I0UITjFyts5 zx~k0y7A_dO>||yev#m;Zoa;sb`P-ducH752_pK=4WCe$qr%&dKiW$AF`;#_G>TCBo zgk;YTLEf0-w>D zilrSArjU?P^lT^Sm+xh~_h_Mh=I8Y$)HpHTga7fD-X z^-J+Z1&1hJ?p#X@G5{~ZA`18%hdB083s(OZqi(k z6{?^;M)AEg=E;4k`DO>q6@b|jQfp!xHa3bY5zDbb#p=e2$Y(hC^h}$)#{#I5OFu8 zsCLJ#2dckq)3XbO+4s#-efVye5hD(pt?f^pEU*P8a-XP?J?VBG$+i2nOgrZ=DL9fK z4*N;>1V;Od-gGQB^1KK)A|WZ)--ZMbKVV8&Z2a+)3YWyvdaw2sRMl8t?bLUUKUTTv zv}RGMcK|U(I|A+!i!-yp!kK;Lse4&LFd=@gU5Mm>jx^nkt0^ zfKJsuhR6Sfvyf&CpMvR8eit<5LbDkIzgu$t^54 zZUP2RF@m4v&Jx1gukk7m<+minmmm*H>;wJ&g0Du z)nWG7*quf!d3UG4*Fhi~V^KD^|y;PbVos!#*_EWL}KJJ}@Z21rLl8_Oz9nbI7 zHho6Ok@DXQe37B=xb!tnUg;o0utKaz$;Zb!R~}n5=8O~HxC&NOQ;`7gD)ACFwql#QDj7X{+0pjd@(9U zJ$ei8pEHRO$_T%>6KTa9aI#eY@}!6K)_q(w-G}+a7%_uO`W}IOQ?3KrXmHDPvGdES z0E-n?Y30Vzt}XUMK+3fBD{Aq18ulF@c+a8O;zo?;qj?1cPwptC!R587y{Z}4kHdF7 zEO%v{K%-AIN`05cqnyg8+`zsU!XJi9i}`f;Rb1HY+lyvmO9bMR83_vkLxSTlXt-{n1<|NPEB4m8o>edr zs;P;Qkx^=5$j6P+spsJB*+JE9X^ku@eBf7OivqP_i(Uf4)Bc3bo9S);NK6bF&g`EiPT~Uexg$)qY*5l(Q30Shw9n3APN#U=$)IL{Fx2w-h-#X~*7lq0ABf>I z60Gxzlc+-t4KjMwy7irRzbY4smEy4y!{JH?K@Rn+aHVRY?^V0%Q6bdcgAH}!;^-CW z9wnd$tITv&7@x^o%bn$M98zPi-6o8>i*>Bd6#Z7qZw%5uTcb5DFCJ}H*CCD8XBEI; zBES3~nAoHhSqP2UI7Hq}@xBgj;i-6Kp5juJh>MGx|BZ_jBQ|O8FDolem&C)dzNYR1 z&=UcK>CGFe71mY`GHUZt?wMc;tTs?mZKxmU=!j{a1>x3A64=&p^yaS-B3iJ-6)grB z#(bC|15DiFG(Rl$b8Z=t4xZRZ#J6R=O)W2vK0vT z{lFI`6YX|K#jB+u8+~uB3XL79_qlloELK+=i;If-Yn(5qyrilBj=!s@=tuS^=f{2p z8MC#oeKeyMjWoOoCg^>`NSjbSH6@l?Cy?<-z93N7t^Q)+Bf1}qkQz!HPIM)P-}ryI zI`Wn5k@Gi{Uq?C=L<2V4xM}IVr)pkGCU0&TKB$&he)$k={+msN$;TYJGI`8dkfw2+ zb40a*5$@|rmfPRozZw_<`|J6|94p5Vf(H(x*S3620j|6YCw8k_*K4e8R9{;Bu@Z1K zv9b1|O7p7Qv`rO!WyfI*Wdm$Z=}_vJ*c+}bdwYGIE?1Qes^!;esXupTU-m8>Y2Q1N zD=XapBr`a}sa+1zoK)p%&6EzEG8}z=9{7rg{j(jMjGs?R3&M zWgb1oT9V0WW39G|7;s6PQ$^2AN&*EN+UZa~efZ@Ln%bD%cq?O z;3atigL_;zc~>qw*XC<|r)5j*5w0Nl?jNfGAorSb^FKd~Z+(7faNL=g8u|tF)M2=1 zUg|nv;KD$2qW7^N@vkPQTY8B@Bry&Ef3 zlz7#*fF0fT^2>SulD-n*D*{Wshj7QGG}?%`55)c2KGcQmcmB)IpU;n zeG^1VLIWLLQKF6!m_{%pG1Xy-l-pV{yJr_mByNYeWm+V_E2f<;4tp-Pz+74vwOnZS zJaCk&q&38lI!`m&rR*e~mf-gNmUh^6Mn!+|)@1HzI;KH_bR)Elj8&6}*G>5Ep5$$v z#n#h=;~JeiUZKmeS7ATgzO`a2XtyKr^Z#M*&EuhJ-}rH@dfK!rLPe>>)FY9x6d@^E z$u`nL$OwnQSn4Sh;VB{e7Ajj2lQV`Vl8|*mmSeIEGvUZO7{>2DLp?p8*Z24R`}fE1 z^%~olbKlqczOU=LuXCRWUsc4VEI3c$bBx~NmMU|WcXlFqwrYU*)YSj8+zRAtOih_s zisYe}YCczz@_KLNYLxre-D^xPJITtrw{NY%F_*DwuZ|O5-BZ#&0O1Yp5>Lm$N!qf9 zXLmr^-+03fJhd#TsvB{xr8f^J+}ZLJrAvQy`hJMY&DDO%9Qk5HJbw|0C>@H!Hw zU?qR&Zu_mekF$SVo&l#^6uXatQ=F@oB2{wGoZ_pAzgw0iQjt9IgBy|k*LIuT(>xyL zQEqLcbDT1M`(A3Co-r-0?ZeXT%O#dkb)^qgo&L#CO zNzu$_rT^7GwNABPgERN}H0c0T9KRO%el|_oX3*^&{$rl`w`(<$bzX#>OWG3)_l0%u z1M$wQ?WYC2?Pd;d^CRK{l~QF_9iu2aL^?Qy?AkcnXgIxpH3A!4@<`=wh3KCbJGr+` zN1g9=)i;d57HpY3$KpWpP%Hav_brvqHL**eA-InAM;&cIgM(&2ZWOEr3bws?YO?)& z|JSaYb?aLl6gR*$=|zD`4FIAG`v&` z$S3PU$&nfE{5GeW9bIz}qWF1vjm|-Ez>|{Im_rk7kpixi`~8TcSgAqf2nxt!%aI&jZOq z*6QCb)%Unrri`9wX>>0-hwFOn)_HbW0^VWVMliQ@bMOlIrGfMjXs)^gDg5XXyJ)+d z>yNYPj!>Zeebr?T5A^Qe5qaRzmaN+smkNuJMG9Vga{PNR>dklG@{||p`(4hNHZRxA zwb^%Z|I-(N#GI9GkF^T-r(EyUI?~dMtDueUtbWw1_x+LQ9&hm#R}bh-kT-euDoXTO zm8m(WjclFHBh$}RU7WOG#(j!+cz03ppY+0@?5rWQi%S`9z1N4wt|q^*$Wb8JwtfjdqT2z;9!+BjtR$dM6rZ$<8nL zA=YYUUoYE^MtmQqEqZM#L8Np9qSrQBGw^MyFg_M+S3`5anajkQ|lNO6!6 zX)rI3CY*JH(iF8;8`-aOP8BY{LoHC&bND4-NG4$2{3hKybL zFqiOVw$05uEkD}Ap-4`*RI<;M8CjBi7#8l6OYPkP+Ni*jL9CnEa%uIduI#UG#A~5i zxwemst{gKo%^yF~=2o>$)=t{hMBPYEcx7l>R1&#?xJF>-V3RR~t2Iofmdk^7O##20 zkfFh@g8cG$f&(y+dP7a9_90PV#cc}l5h`yU&yEujMg$Jt_bRj$uFWg1>oZ{vT5=_n zaS@@{o!oEWV54wA$-m_pl7l!V!Ux`qjaxPw0Gugm|FUX zeH>fOo9r~Du?2B{c?xRFT(sjkqKv0`x_iD6L9AgFx@v?rWtrfe#QiE&68{($h#)dS z_4ex*?MOgiam2Zi9lcMA{_ZI@|3?W7lB7(Tu39P6Z?)K85lr6qf2TI5S z|2)v<>;n{ZYLT95aW2ZjlKek7FAu;tpg7R~@Q+>~acIMmJ3o@huCDo8kX#$SpnF(q zZL)Bz|4IQ%Ez%|hEs~lOP|?!V%bS3Hlj_a)4rp_p0>Tdd93_Y^$i*S(qfa(qr*Xa) zz!=Q7Q=5ayAbBgI3z~y>+|q3zL3p9f0wn>cAHB+sZ`rS}r$unKAzM}nEDl0ndO)UI z1XdjWNg-$&1bw3do>fV0)DHqX##s5LOaA$!O&LAAXh#MsIH?JH#l-da1cmf)(J>aE?#DrxRUErqFQ$cE`g$`sQeQy(Fl-L) zY$^fx1zK7Jz&qeNK)@Zz2dETiyj+(rf34{ z4*n;LuDX8CjvXQt&zP+U_R`d_TciU#NGh_mtVulY@D+T~vFY(#t_@MCxFE8!=>Luv3e|0Z#f!n{zJ4UwK=( zUQ7A-q* zsggGm;EdmU0DLW+&5M5Ym&dAeroKkRs!ve`!LP-m7H?95!P6;G95TcK@kB&=5;uq3bbMDvLC(-e2?Cw(0e5-IHk%)_Pvj!QBRoirtuepS%+6}}-->gYvA*ydO-NE3IFI3TMp9dbl|nj;r_O8H1PC=U!5VtO zd|LoR=}PkH#@O!&+|c!a$o~iS*0MlA1sozc5r@6!l2W!F>$sOtgK24i(@RivV}_Mj z3v2B+m5aaqU-1N{gMTSAeX|!#l=W5#j0~i>;#}^^ExA#R8JfF(y$w41ldLu$0F?Zn z$lwbDqqQk)iwS)btQ09r-}KF z)rTg&m7V#z>o4=`EBwVa%h_+=uuA9Vs`0MHHHlqO=}YClyf`(uE2x#L_a`nrBKNs! zMR-%Kt-1wTBTma0n^~vGb0fvQF|_j~viyiyhqr_8;H8vnXt!*OU7n#GZ98mEUxS$0 zDAmcbT+b-R7^mkg4$L!2&m(Mv2MKEz{u8_kv9aYiVb}S}+vPRAt8$(n?>Kmlh5_Z+ z7n8eXCYg;U+53LIt@-b}iK1{~w9Fbo82d%ECZo}$^Rr3jX6(;`hT93?P4Z$^&7Z6y zSpA0QY+59{f9`TRMuSQJGVbKY)8Q?EOz_F2NS!^$3E{O2j9FmBWAxvY@cGLzp2+Gw zRk|M1q;Mg-{5o0Pzy8B6D_jcDsi|lrvKD;DUV2XwxZU-GQT*%f5|5JxFy_JAsap_N zoIhVuTcC1Z^l%>eD0sU|n-m8wb57}80f;?SKd6R)SpvimbY6J;`HoYh{`ie2z?SI~ zK=QnF*C2JO>mloHfJUi(M94Z4slsHU1O9y>fJlwN-gX7D{5c7Cd19N8G)Cxuga_}| z1y|Hnhxsi*_><~xfDD!*S?qc30-A$~&Db0^Ai(1|VPe79Gh^vrn4g0P^&RDlA{Y#u zwu#TcljmRg9Dz|KF$3B1f1MW0zwtOJ97vQem*145n!?KGi|eWmPy{A#Y!Zic@a%1k z|C?-Nu}OiBI4A1C_0F+xdP(VEOT%y!gn1c@a2K%UkJxJnp|EZ&~ns@-9}*0(=2eF9&ys)HGofphB9I zd9M_Nmm!Xc_%j#)K6(DG{-+3l$HkrJJE`82|JZn<>Hn}WZ_vMi4scTA<$TZ(MT}i7 z`AD!Jy=!2H9;uR4G6in?2W-#-uw~v8QScZj^%y>BZ^kM8@PZxySM!Xa>GoT{6M#qo zE*%4Nkz!Z`ck-o>r*eEK5(0E@RO*!Vdwn?!{CnX;oRoUihq>eF>j)OrlCuii&CreF z_CDi>EVA3a{z1LB2~%Pcc^5aaXbrWSw^rm|=nkomO^v_G8Ci^o#!Aqb)$eC^OCACUQZyD|wtv zW>jol6;D5y@ig8on|y;s5aV(t^2SPQY)6)Wew>WHq5VwkqYc~3K!N40r z>NodPTy<7pdp7N_pV4wwFSKduL;Y8ggyNUZdGZX?W?npR8`xvYp#&((rWDgI6>%+{ zx3-p_c}wFSpUtyoU0GOqT@$wY50E?BDN1Em6{!IzBfMdbasz!(W@GSTZTW9 zAIKOm#3@)HGT!(Y9Imxv^-#dQ>gTy;-t9lyMoiEg=`!;2GJoD1hD?Xb<&1M)XAAqj zp&>OO?_>hnhWj%jF9&SWZfctg4Ef3}5f~Jrxbd zS>s&G%SBJQ##4#+49`C!Tia8g4tq-8&(o&58QewnJ9}qm*G+GJMYhb|F;P>2Q&e0{ zweu~Lh`)<=g{-!lJzMDFB|9b(RPa34!qfB~!Ohq!zD!b4f7ZA=25AGX4uL)DoK?yA zsy!3_1t{7QaSP$OT3RN~knRsouzrwq(wOJu-OLine$DC=lXYRejvt4I+FrWHkY@UW zntL5PhDRsj%M0f;>t{Ldd;prE$qXkE0Abi-~OPk2-=SxR!i?nB&6iE>CB4p%CsE8o$Y6y zIB0xT9%dG;n$@53oO z>))RHC<~>Vb6$89v}|LEH;TU`LzB#U!ADW=yH_Ieg}gWA{;VTH<-yqllT%+g7J~4c zJ6E}Gwp0mX#GQf+dJd~Za;%x5^n24g_y0-RQW>`=b{*l8#OnfRB~nH@XWoJw)!-0L+L3V)5|_PAO&hxp zKsq?tY>PAu!M5pea;Ia+B1ooTI%12+#53jQ3XCMg?Y-c`w#!3gpxPhP<>C@aZ7MZN z-orgbnCz!1k9sJ@lc>0R<8s)Kdp1S`OT~7V5E7<1c<_pI+6#Sv2EogD-px@PN_c>QQ zT*M9rETOIPICy}!5fU9^K)tkzrZd5Jr8_Y@N3g@I!ciX`so00eL`bwru*CQ6pP`S)TZbWRX7ALLq z&AE5RoBN)X{R^t7A9Gc?fEt?HQL>KLI5(zGkTFGlgY~T z*_wh7IkR`S(e~FTT)R9?%s3t9=bzb@`!cUX^!i(2wbIp<A82@oc>sH6*Q%{1oAv!q{->3K1k|?9LJDcvx zBlWEty{zYhVvGiJEe?4|tQ%!=t>D~gwI8I2S7q(vUR`8X$0MqrMTRwO0J;GY%WJvi zj%PTlVQHTlmDZ`wOph}hqT68R9hBU-rYCLG^BpA>|9K)i{!|((Zme^!9D$5ks^key zl|&q0Iq$E1<#_aOGYOOyz`C&B9wdwd%8`&jGokT3EG zv-Y;LyVg)r)P%U(+$xYD@iQ3iq!lc|oI=YE4@SfnwFc=pnXg`zZc&rP7H1~o(&s3I zYN+^vnoGJ`8rOTOP}tqALA0KhZ_fLe=B{%7fH-)RbcFiIclCG&2F}Of1`qLkOMc~% z*T~J*ote?Pp0sv_D ziOlwR)}TN4Bj@@c@!cCw8@q0Hm1$a)5AE=Aj*dY(wI$9!5*OZu+keJM6pwbeLE zZY{2!Hr_fH>~l%A6CE2aPv0FkSu@-( z-RqzLq_*WRG(VO;>r=0qYww=@>3c1I@t)TmtA?$1BHEqT6`QT?&NJfYA`dl4hVdKo z73t=e`8gi{lT;9-cwChIRzn$zi79U6hh_)q<|nNEEsVdOsUBp4$Za`4&o%W!bL=AI zyj-8~3_)DSepgS+X$Xi!2}=7irq_|=C?HXCPI-S9B&z5>*z|Uu+Dj0$fsY|iBufJh zQpI`;r17uj6JNd@HzI@BUm*XR?d|17{Co`L|7cbcS%4pLqgM4|#C;)@Fk#wfekMF`LqIN1q*%n& zh;jC_m@nquBIUHt{J@J(#s&n8M3H(q$cnpmhBM+MT4#>vi?@qS$l?C{MMfLSB(sR` z8$~d3Rp}M@G&~sT4K;2!s|gY+yl@93*nB)ga-8S0Wa$lvV=z9QB3B#Gz_8-SoWJGj z)J2dm`2sS_UhL5KlMgJz2a1Zl1!ZTv6+ny&<5f(ktQ(F^ZKttVcV4o0&@E>3`HF)- zIuS!R&+I{ObQ(RII`T`W)Q9ugH=iTUNO%H1orBBneb=qp8@&470-<7BoVuf!&}@&w z2JJ@?t?aGMiV?!b*$ouQ(gcvlW58rouX=}{$C8p+!5}F*XX%)V&rQXO9GK{^$^#Ib z42##XSSE)tLG~?eA8{?)BhK` zyiQEfpsFj;QtR1d{{Ipu$?_iYYU%B(V2Y}%QF&#|o@ncP%RWO9@k#GWZ_TGO3pJ#l zvfs|L|Ht-;ipi@YI9f_w!R=^!<#gFQmhUozma!sqzWl)_031MnG^^<^qV9RH2VCy` zLhFeq!N>imuD+r&-5fC>j0I$<9XT+w-7QUE0aU3E{-c_sa^1C|Qts>aUG^S-cMdWV z4d>+8E*bUCgYnmYF+$paXaXAnf@ZRaycqO{e%|wm@4W|U6KrXwQAE@U(iZ7=G9JR6 zAJFe>=d-|hv2z44OZ=h>3E}+htLDVjI?QaLRO*UysC*xK_13Qm7Swo+rCE4J9rMHknLO&CJx$|BFKaVzKFuLq3Eg?)hAK zq-AMG<5SYtbD02C{=-9P5Qr2hZnF|NX&;*(PVY7Y5tf8p4RH7+LQz-}W_-7m#q4hp z;ymE*(bwis?6slTj7sle-cGl8Iv_6Ws7jh_`4^r@oB5Sb-Schrs^uut+3cfFgj59$ z*bHTHPPe7ytatq?X&2#ttyZyK71GCwfF{9cSqy#F<{|1Mw;ZvQCH-)X=~+AQOY{iv zDgK%idxG=L>dB0~qdYR4@!F9+ov>a*N9*`9#Yl!j;|!0I~b9)W01f3ms8H1 zJ@Or4MS>msjwu@PLTFs~pl+3JfjIi=llKST3x>8T+z_I!WYuXp4DVFUIH{Zec+J}U zfp^aj=|+F8-0639`%?+0AkhdV-!FAaekaiP5gLhqYaIWhr=dgBpWyU^@mSNkgJgK# zekj4XS~>l5pJSKpS;N*L^4AuFc(3^8E^IZRU@PCglugi(7&81f>Sl7;P`o*lZ#0fT zT6}ZZmvYgrZni=OpI%T}x)Lf6(D4nb8E^$scTOq8LI>=X^7K4c6e;Z_`QY1GP`4j? z@Pxhd*dpgx%xnVrVc{Y~{x*gG$vV|-aDR=a*GLnymY#bCY&1g-A2Sih`vt!SB}&6* zfWX19xxuIiy{aGi$WRZHsxa}G{+#HCM;whvO)aghgP#sAjE@*XI3?h)Vdqa(E5T`y zK55!!Yhr%>GpTYlhkSahOMb{oQLklKjIsrbQNma#s9DLRJhhdE9X=K??F2`Q4WqP3 zEQbi^FJ1msgIKBXEk8a0Hj(-C{Hrr8Z-w#+nWJ!RTurf3vlL8CUV|jpGgGk&qzSel zkuiZ`1nhBG)a2(v){%> zL`ZhakW>3o#23M7&ib4Sx=shyu=EXfS5#}`5#yMIrk2lL1(ry`X~1GZ!|%GgNUrlz z(UsHx12OHUmxQBT85kY&gY!`r<8dP#f96S#$uW+!Zm9$gSGy`u@{2}#+ZeWj&ua(R zHJE-v74|PRpZhX?{7{~Xu6_p7Vs*GE3Ry=pA6lCF@HZd$Do5|2KPk3ag}C%4X6zwb@O8i%r@JsJXYe8AJ)pn}4d8>>Y84k(8kxHcq~5 zP$Tj5lA*En+f-llW#KJ9Hq%j$6hlyp*euI;YW_7L(kkqqy#NzfOjXtTJ>&MC^o(2+ zg$W2J+c@=}#-L4IH0}rM5ZTS$@NfJrln+Iiun~PoU5QrMftcKVk@3&2^o$&RYO1q7 zsg*l^h3q-yyQdyOLx+tvo*nAx zCG>9|5)|=nX@4O9r7{-j%>B(N=vBax<&ClF!d$e|f&N7(!>f+MjHr)Qz1nA8Z#vYv z=y{1gUk>6eOq*>1=(0YjG%_Qn1bo$ao?*tI*L0n(oMNFLx=XbCe0^)9eiPx>hIV(bjnfMVtIFsuwH-({N11N+hRpfB$L2AXP+9kIH)~I00S%Dl|RIo4yP= zIIvJFXC$c^96YsvibrULCrClmyv65??`i>C^jfMA>kM=J(Bg}U_*GwPl!qUo2e!BT zzv)+%z5_U-w`YtPgF1wFC4*#~G7 zX48BNJraVN*J#f61obtDl3c%}Rk_5~FwhLG0@_thKbY+Cv{R<;mq(vziq}Af*?du@?nmzK$?il0ku|&uQ`A?wb2@aFC|wj3h~ z!9f1T*cZ5iHO=V;VMg>Qsy zzI;9GQd5g2X{e?$Z|q|ri89x&O5sY6-YA}PB$P1>)HWeVjTuF>_k~OM>d~at=k*5J zSqIv}({hz0^cNx7v(&D;Y)0xGw6^1=+cz9fzGaED4yQ*bW*stgN%hCz{>-@_{reKy z;?PzWII|DH!e$H_n$kbUp(!bB^;n+?itSV)OHR#Dt$AB)eQX;!>)rkNI0Jn+uo__$ zvzZ}XL_W+Nz?>4bn;9D!B_B;AcX5PhXPddToQ6ZJU};Fu)!}1lDa4OsL}3>g3xaR& zk%6iJcyU)FAwz#4eP~R9(ksop_)FtQk=RUU7!OQ}KUow1=Yndm|mHnn)f1V3!sejrYv) zlsiII4D_RbScjj+fuDj4%t)^4A_hcUpu*#}ZhmuSv~YagM_dyM83Jx9akinf2IHGBiwyFc-%E!ucS14Ll_ zxS0QQVGYGVm~2EiMK`rxuIuDfU<_GzzCia5Wem7rI>sVxzPf*6B2Sxh`|?~l&Wxon zol~%$0tuTIRP7IZ@0F^&`n3X^gc2ZAMEc_S<9kkEKR8^s~qf-u`%=@H73 zlYSYdK(7Au4k8OubdK!(wx{awDZtqzhk%3 z{r2oR^r1z3!-}_MXJhWa7L1@xZV>*fN`v=T`;5`1UPg<%ykwibk+x*@hsR@6`HqdH zE1>$xP(~rAHCYp;(}O`4#y6@npsxqq5B*6(x2;&L~TUjs@ocrvSwucWpYY^~LbqyR6;BtlQQ{{bYT5ajM_|2C+4dWZFX|_;y7Gbuz zR~H1dRC$jNDmiV>=j|8!=?oban5tL5o|V$%Oc-Xi#g#|QRzY+!|=ss4~ZHoQ`P9;2l=;wuz&TzN)i?%h1_~3WlMa=b#|ow&-vC;-67ag>H<)_Ic&}9;5jIHLNoh@ylJ86ImeB8`aH-zZ7{p-%k^WGS?m&wAw9_GohepmG73NgFCnxUD`y?Ql;qKZwy8wR zvN&5%kmt)fq<9@HycLljB*Zo94F%=!Td~weQKrQnc$8LUFq&DFoZnU^6uPjWzXS{V zXfWDwpbwH3ln^bL??0J4yOE{l?er$zHVz_H-YaR9bWK|TD^;Ebi*N-ZS!-~t_?7Nz zX;_ph7WcGHu9hw5^K5|*18Zv*!4{fZ2jFG5u5%Eon9VqR2c4KYVjF8{asVp~VJ~!8 zSc9`TnVhPC=+w93{G&@}7#0a_4pC2@%Mj?aob${e3ze^xM5d__;Y%Q@f2d90)X|Z2 zbbR4@Vko*>i(^5;W#6WF$09G9z1Dy(vzNw@5!fAR;G(grS@}lX=lFPHpS5qw;Ns5T zx!4b6>W!!BwdG=4Dx(k48#iX7b2&Fajzi-TqzzMknV+u#Thq~e~(oGpL* z#e5sm>_97Wyf)M{{)&aJP0FVn>Dt(9d7G*aMf5@OgJ$Bwt_w>KXScA1A{1g{FMmI1 zs4_p1&s}XWYN}Z21mHn`CW|C*=fL}$cGABko$8W=x2TB4fq+BWwOj{Fov;^qKVFm5 zl}If?l-+YJK~G<}l=)7W#B=W!Vr9LS_}r#Ha-0T4*!3YRtuu{+%jv7DXA`5XVC#kEq_-FjBxJ4Al6X??Lne z_}1a$1e{s#Nt6y}(izTXJQGK7InkVusr2ZU^lAMyGT?Czhb*Tin9Mn>y$ifJldBTR zck7W@aC2o@kWtZG>VN<|o4QYTx{y_*umtw0BzDhsqSUz$yOGWa4{3zSvl+a46zjg? z^E?m6j7qe=yl6RaEa(!eBYF{1@uOtawp7HyU)uNWsOsmyha8*lG4sX*jNyhB=d>N{ z;NW|k(YymASBo>LfGF}F0jQ{8xN>VE3x>Y9E!Pc3=@U~R;4JyM2CIg}CX$C;aoJ9k zBFbjJa3^f{z!(Yv`zknA)>x5X@`aN}n!XnTL%)W;{raJB2Z@S|MlYUc^($cYWu1BF z^w{wknUUj>k(j7Je~B)q9I2L$rmDNz(Zu35MZefA4UxJ+X68;WU|d>`JcLt#9p)S7 zoFAc9M1Sc){em!)A{TcP^o13`7fcbD*YQnWw?PFQH;~tWFD8f0PM#f-Eqn&0CCh#e z6#Hxsa(L{s7$!+#aKQi#zu{6|=U7=eWcLx*b!&6y#!BhRLX!KMpz_A{*m~z)M=n-; z#a=}{e7~-JOLlj9?UmS8H>h|D0PaA0t6IGnN7E}Fx0bt;Jf7dA zOFGmhx4ffFzW2y^&}s%|JHjTMhidav$<5lf*v8#KuOKpfgf|jR7#Z)_K^{-lhbXoF z?R^tJMS=-YF9@ZrL!~&HZcoSZbByLSFq42U2vvXCRO{2^CMuE1M$KN6W;z{yUrT1^ zOocj+tK7W)OiD=eH6QV_K&MN3Xz}21Q;W!(%x;tVSO?>dQ>#4F9Mu)T7RN6KyN|9U z^^);iB=mK$f}6iXkSQ&w5+Uph3@?14WZjTF4?4!13n;OieWP}bDcsSdHw zYDk}BWi{AyX^PULu1R4W1~3dNaV@Tcl+vqbNHX>oW=)9xPYj&lqZnFqAB`vY9d|nT zf-JZN82E8cp9VPNw$x3Z6az)1`Q~98o|q$eRfB~y?F1=j)KO9wE%Uk@S2XOk0^8WG zkwzlnZisw%xF(IiNB@Cum_J3)%KhpVel5C^Sz_16hPhEnMEX3rnK9<$-qmv{agYtEPPp~+L<>*n0;9+ zag5Juo!9JhIx!x{)Hk5d2psykB(pJ72t@rmYgPT{ZD%opuT}F5lcEtQFLg-;cJ6Ny z@G@~{ok2bwk(O9GkdmK5_UM^k9wAf#mf}mUI^S2AqywIP|`qm-B9<7>XLSbyX|Tq6(bsX z>N;hZkt53K&0V*gYHi<)XRFDQ&dTiRh*kQvyf0t_fz%{fO4zRLB-Amjd>?Ev=1nQ3 zafvs7+|5&B%Nas_bM|4}2-Ah2YGJuTYaXEYx(%00MK z_8#xL(=i2CgJl&9B`Z3d2FtRAG+FA(>Aea_=35oq0ad&@XhP--mk-q)C^NJpGqh*Y zMv63d52pdlPvIfj3L+nIBfHz2k*k+DHm&=5ktw3>{EU3$ChUg{JRCV(&(E~s3J$g| zfoCeYF_5Rqa|+aF7f@z`}Y|?(>}F}@t62EbinWW zwbyzwnh(!xQdr_#@nOf#+IMAHTTHHBTdFNCne);Auj&UB7m-}ujVFpVf{IeZsA=DHlV7D5y~O|W6W zWKNvALF@G!((8R5C?2p-e7d%|q5|P$L7b0IqaVwAC+{Kg=UW4&?GRjy$Uj2=L8|V8 z;f}9cTCf}9vIwXkl5#iAtwLB}d(!^(ksV<~n%P(PMEv4;O4mTi4XSA@{pIFqTyxav zV45gPd)?CGsn=tP`jO?~#k@V7YCCaD!i1xu@vA?f|?cY)XQr;jv&)FYZ|UXbu3=FDEj&>fZXJ09j|=}@#?%Lh2;1Fz`MUwKS% zKPIv@d@(uuqC$SdncRsK%bDu(K7UUF&5%}ym`Z;h&tK&*FD0N8?y&^2U%i-{zT#s3 zWt96w31_&uc}WtvnPV9{+n3i?Gj=dZey6aZSZyi86$HVrEr&q1EiF;+4CdhMuF zHDVQIN{G9x4Cy-&qMG{D-6}JD8~ZPEb?eT$pdBmzI*o_#DW2b`@-~Kb)(zZFS|*z* z=9EUd_B-30%w($GU?Agxi-A{M*IUt0AMy3F)5;kqkJj3^5T~8zZl;f1`?&V!c(?=G z!pGh9hDfF-#y^a+TG;8Zt zB;N1ql=`Yt?>9fvwjJYifD=<3>jH6eHSlB*N%MfGm(#_b2qU#2%dK#Fe0r2a;{)4y zd)29@6|lRVk0m>xese5L0bEpr;E2zzRwJE z7K9V&*R@?T@mUUmxVQ(gJ}(}eR~26luU~rnZ+rmJXZEb~J}va3T%ElbVb1gxLNlYt z4V^eWu0H4A$=pf^#=eQK12z!U$$Y;y<{`>#zsuagD!UZfnz%b|Q+Sxb9{n)mwxF9^peSn;sYeX_UnE_2A$ z`;tA|h7iYUs%(<+bE$a?`neX&{0ab)G%=*&ToYTr@W>-Y$)vW_C&{bDh-YOFSO};0 zY&r$w^^TWBP?OJ}Z!l?~jOl+kNen;WBRx^NHm^iW7}-`}XDDuBb+PSYsP$_>od8qW zSG^{W#?o2n`LOKEn+~z3HNN(QtpBoK>Ef9Y*-DNuxo8mraPCuP68X=5NKoHIEoEbg zNe;~~LZ`jShL{%}!A7rC99(eWi*Vm2WriC6Y1-aC8i;agct?>M2J10&yV zPrEHcxSq0>hEpFr^eMU%wZ3j&dMuWIGA&f8o(HwwZOC8bfFtQAGVcq+)t}t+Ol9do zr+z~rk^rQBaCxrq3Z!i$^I~?RCPgbhWflFEqMTk33TyAb>n|8U6`-B3AJ^sI7=wxa2k0#tE2hL8BX17z^ekYoe}Bv zmO_;h3a}XGpA@5kxsz`^|MP?p*8*NW$q%O#4GdNh&Wado|9XQq@&)c^#6p zoS_+kgV2RB)d*r*V;?A~`Xl6f4$f06x|InsEFQ-3UlyB!%B+AI04 z!QNbh5;bft$z(bClJnPGgk?O1EIx9$l$+!FOZjUitD#y2SSLUbmd$BYZV}Z*ch(Fxd_VB!z?;5)Auvc?i$5g#eeR0`)0lp8cPM~@^jnKG99RJpRl-qzr zf5}|_EZ*hyf1uy|7|GYxOqX~T-6mYf-i&v1=|A^)d7XWW)X+iXQW%GPLED~M25mYi_Ollt=FvtZl^}EA`FCV`GqxOJaG{+d%5ufPS9bIeW#rGW%@e^x z;m?igV)rX1BNe8y=w3}@x|PQGEg~d^4xF-bqk_F zJWxTOILliVZS8mAQW9Q{5%zsLz|y^v^UBggzW;AAK|apD)Swi5zmS6|t4p`WlioGR z#%4-8Mep2wo40Gx(M9umA&UcBI0)-}C&+zxZ%0ft+~7Cdo#O+U_OYyTC3N-l2$-8-a37Xxc+FbupI1T_+)kV78i@Rk1o18RJjIylAFEgmWVh0J1r%@u}%DO4=Vmr z+g5K)L0Qf1Sg(TT!`0TwhO0}f_}G63*kzT&^j2K!1j+Al&ZYAsmORf#EJMkv+KWp@ z&pPP;3{aLJFQD3eaACA*}mwl0~SmWjDN;kqi@`3w_yf>eb`!YWAf23ciuk15khzQ3%K{_+$>FTEn(? z69Q{VE=yM)7sbI3j7(Mtjw~PFCCZh%s(F2{QvS7@w{B@}&w2g+Z_$-IUH6hYznxKZ zNqDzudT9q+q1Q#(+DZy<6W0G&+wi(q@kDE-Z+({hv=hXW*5Y)YT7eUCr5i~kwn>9h z(TPOz1go!4tI_^@jS);vZy&B=wp^XhP!%B#s7ohO4b%w|@4LJ~4*uK`wC+#!I#3H7 z2aobzoq~kh3aAtM%7zQsRwmei6GBqrnnr2X<1?vTEUo((g#Ib*ljZw3k=lZn1y3`I z`nhq#1zQEAt%&9sTy|rJx{P?EX>>@t5LPs-qE}@bZ9%e2Uev|LZf*M9LvRRKJWjP$VB+gTk;aKUpB)D<|Dd&T`74M?=eAr`jf zcJEg?_aK<{Vlub1M1ymuR$aK{4~YAGpKjE4$RUj-UUnkpIpCU;zJ|nj_rGqD(&C_Vg z2JJBZXtY`;gXZ=|q=X%qp=2;90DCn&l|s<55uXI==QbiQQmwoemm9vHz(%Da^Hw>e z{m7DD$YPN>4RA0s#2D)e`=K>7KWR?_puglr@an*>U>Rgez!`Lz@r7EP3$oeG3FPKT zOKkgO2UL5%K9+92{Yz~1S-tVt4?BNuXJe!Kp>rW9y&T1MT0|6Ka4ym^NYU9&(PNsZ z^yhr;-F6DxLQ?NVPaD6No7=dq)!LXW7)|6~fQR)yYpOB|I@)ZF;O;+3st*VBb2^!4 zev*<28SH~)q6l&zQ4d;;>`sk{aC;Oo;OO=^=)jN^5{9P!G$HWGLvWwp(KM=p{51~| zU~bw$XnhP_6_{p2@P(>qME&wY0TTs-6K-Dr7(@cLi)zVwpMdXN`riGaj=QsYLQqdR1r_nOU|v z&x*$WSvsFu728a2?NMW<@#1Z4X(+XKob>r3o(~WLlz?Yg;$SN| zd0mNanG6y;6UbzzUu=(j5B|x&6oZ|igRp-T!TbDYf-$0!F=oTRwWY}LA)C2dyxTd# zy`o=fYo7AZ3CIE;hcBujm@KGS{1YfrvRQGW-(%3J?MS%{TnK-5=f7?*y6lpD86 z^Gkp{+ztPZa$q`B%|z}F^66T2kIQVv-+;_NV25pp>1MUHxSY+Xl}aL&(vJMBu~EW6 z=}`d5lODCS?7o({WlP*UaC*O#&G~w-$%OL|Nv}&P@2d098GM);tfEquxUB&xBWzZs z!&MQppa*s4R}DB_T|ta-&$OG~_Suy?tvPa0WyY39(ta&J_bOA`#zw?3Aua>>YkG|H zqL!UC>F8F^lDl1AjTF2S+qSTQ0I*RI)aTwCG`HO+#)G2lMt`(2o`JBL$ok&0mkY(T zI@M=j&*WA8?9^8}C{~B2O4%gUc}>}LAC4hTLJ^Vv z9z`AG2ifsp8+6il#50H*=S5L@IA;(TGvCL+CH!0o7;2T|`n8?e(gySE)3daQh~u1@ zykh0}Y}XWgd{TI9qq%26`+|*8!q9zM95cI5lK&4~Ujhzg_x`VXL#eb2AqkbWgk&ds zsDz{;OO$1VVPb5B)N9M0eJ9xy!(*!y*%@1wha${a9%UPh<$s3i?S22>-{rbot~$>- z_wu@5H=>2_L_&9;#@GDq%Uz`|Gpzm_wH6$VCvC!O^F#x&WQHQ&U;m}>t{|0F9F%puB z-~+Cmax@jI`L+uZ-7YI#6PebA{jvCf>zWRcmBw{j<`CN(Qv@&rqL0I z@AOnx|0{hcwpYI)Y*=ILs<=u)0t7&x|bh|pfJ-HWdO8PA0dyx zVs#q|v-Eb8F~WS1$#G0|_F-@beM6WfHvl#4I&I=@$4{)B+NEFkmA=PH4 zt8@4vRFlI0zS6s)4Pd2xTVaAO?0qY+&0*kvK!SO;f&Fn+f z)v~z!3y`NF<4&k%#V#TbGv3kY=!^|D4UdV=-h#*)s6+rRe?+EwL?aZv3pR#3q;b`! z!9MVC^N=&&d>dQIS@3o8OUvR-B3|M#RX=wkr)WdbdIbERH&Eoyb>Gx8acg33!-ca~1}CjQ)ODc|sIlh!3V8+rpf zen=|Ex1iWzku$|}b`jNT#_lfZ>eqHsoP_+20!Jo4cDz!dz zb(!{SQzBn?6W!?Cgf(8Oa&>(_F|XM&Gnn68cAU@cc&#+7#%oMM+*|)mAOlI`7`r;l z`S->@M#=WX`wvN*;bSP1i93x+%qO?3-ImQi41-Cb*7QYr0g`zm%=32ZVBpVO1+XP4 zh?(IZ%^%u0z6~*;)`zGmV5g}u;(mQ}{~7e&)JeXYVTi!A6DKVjR+f(f+%H^AM+45?_UY!=csgp9cz~Ke)^u5G}_(w zz%pRVvbG`<|um0I@6|Bc9QO$w*A zgsNpfNWfgU<3{E~0@}k0SeferDi=3-W$QH{b2ltru~--0tG}ahEq+OcFsb>N{_G8T~R+J z#&Um3FE#^a*rC*?mfeoh;eOT@o9AkRc^CWm>dj=~!#?j3r>|+^mEWt@7%GUk78l-V z_+d+ni~G=0OU00}sKrw|p5RB(ZYxa^bQo`R+g?Z>dsfmLA*4{Qk)Mq6b}nYp$%)I} zKfk9&IH^B}q?d`wuIfL|nnAM1gDuHv;R|s3Wh~dU1S~Hs z)@zH@g;YH8^sO~&;s@Wjqh@US}k>IV>;l{&I!2TBX0LTYEr z;m0;0b5g3?uf5)W^mS-Nj=LWsQK@GmvENii2jgdT4g1>nmf=MD&*%0+KzqC_3vq9JblPAWgF(G|_qrnf9R8-v@oJan+>mwr!hnUWXwh54$D583CuWc=G{H4} z%qP_K-YV$54i(+_akE4ETstLG+RP}wWcB{4#r+E!nC#pR^Ltvm!`NK6JW72~kQ>6z z7$I{u%{0HnTn=_8&!UKnOF8YO`!n-D64_BfUDNm+oa6FX^NgTDd+rBYJ;zw_zM(CJ zw*+sMfcNa@=DWkmXHehQL##TeLxHaqXGq>W_48GvF4px~^D2mj;ZJ zQ8vU#+qK4B_PLKVCCCmq`W9aqzJoKogp+K9(=Pc zw?sSJ$s_x9c{4Kl8(w-Cl|P>1g}f)j*c>%Bgh*E_tC(-L*}j^NHwH)L|7)kcRQW=a zB`?~~G{xMEt-{uA@LhTU$=r4MJaC-(nP*_YOUL(}N5{Cv7CA0?np})NIM_`TwD%aF z4&qxTKYTYW{(dN4PP`eMF-NrL)Z8Bf%=tFKYra^ZBl%4uEejo z+5AQ&+s5v&SkD2M+oBz<_{3sxfu8xTdJI~BW8Ar?&ais5f-++_w9jaDc|LHQoJ;Pp z(zPWswT_wzPtYg!PCneiACea(k~dG*dT^%mn587^~n2$ z&cC$$kyks?7+M|gK|}e_c?c zC=aFlf;jYJv$9@GRvlr#gjp4juWnP#NVM~`*pSHUDz)19A|xv*xaT;N$8ytpVOK3> zk7WELpvVt#jf){OBe>NDkFVnli^0;njx!}V7!exBbhHJx3cV!Owg7-8#Zvi?xy^mljqEnDpuJ|cW>T|KP-d`; z?^gdx4sy%Ete_j?8BS=)YM(Bd>%urYgKr)ehC6GyfBh)X<12_6YTX70qloMH#+KCR zRLKPJw@fKm;MEkjhCl@^v>8RzNNij4v`i!>FiPhIRON0wB&-)?iC-6K>t=nyOG5|e z)57;-kxCWvbZ)paU=iH@HfngpZnHGs$xqD+l;%3 zizu9W0gyY+AMxMJF^q>H>4erV(hAF~HT;$?2pvrt}{>SIafsy+aoXrC-4h&zbnWUp9*NkNlN*wU( zx$iVPwtlEY2})RK$1&a_uS1Ve(Wf^33tVN zpglDsQpY<2A0X0N0_CVJ%vD5V&|5#$6sL}v83Zc##%xRZX>{_P#o;)ljK96I2zN`fB)yD# zYn-1NjK%#!)^Wu36E%L#=9+lHQas~S25IYuns=!rC-V9+nwl>`4QrEn2C*BLNiwTB z`)WKg2A(p~+BD{7&H*G0JPvPqoE2`iXiaolo8p=qnhihRJZs`8()lTJdI|f&2E|?z zo3Zt?m2d*l!IsvvPeYFsP$wb+MGv>juN98$ARV1ErKgFXI^L1H5l)35^#?$( zyn+}cC;kgZyCD%J@?zwu$!ov=-=AAaVkg|2BzetQAm>wFQB8{c%9A#bLa9kK2Hghp zQKN`Tu2h#Eb(iYKXkVFMH5mO?`nbe{%c3hMzKI@&hV+Ea^?ZwTr8xZQP_6&r&{>I0 z$t5_a^!pd%ckx-=h0fvtqa7IDRPv3mBQ1Y=E!L45yz-lxH2NU5Y5ONv>K;id@GCK= zNDdega)T%JzD53_I5l_vPTrS^?1xOxyI^nAM{`2W2jKdu(G~ZF?Q{2@S8@L~)z2q3 z=TgN!M6?)gJx533>Eudf`45~w7{*1u>{d5Qq|QmhSt#=l=Xw9v+tQ1Qx}6DeL-^S- z$)X=P4vVMAx1@rlK#AObo3z?LjiUbl`F&vgzFWy;K|%T+4l&)1+(-xB@~mjvPK7_8 z(!z*?V=KSY`YK54I25t!1vl74Dr?rVBG9`Ph+R+pLqyB}Wb}nsXc2#AkKC2fQK&!i z2$vn#gFgnKPOkxEh&*7bb?YRC&TOv3+H|&QHR1|~n7CveW>N&|fA-ek57udXhVK4{ zbd)%PMd3q-JY;wOB|mmlOh_ooV$Pw`zU)>9pwZv9y4R^rOW|Ck?*NlAdE-z8tdWh zQo1o^SGwinTFJ72!0Y?w=0zc)-JA$=2o57j!1c=m{kRvCBQ-bw&jeGoI~IwiH=j6BPpSgSJg!A@@svbdm#@f&kP_lj9! z^qUA^3dp&oP+NR$OH%pJCIhrJ3-75p3_iXP-x1&1@zp}}2}|Gg?k0^Ur}5^09>;8I0#wS=R4<7f74GjXGMR3+N2 z5^^zN=;vq}ISirFX(Fq35yQB9M9V++LKRm{I658o4m79}g4OZT@Clg4YcZ{S9UQfr zxp1*k>Wnsn2Jgpjvua>b)*3WZ;e^$()DAiFNTX@7;Ij5e4ai#de9jls8kHvtjne~N zQw}(&KNPXIOfw|y&=Abt5&vkir2`R1Nl-KSx2`*qjS8wcky zX?R)#88a+398(7DkW1b^c7?%a@>*yIh z2&aw*-G?DA1JM{P3c|;CXoB_{g4C+&_^SEFh=_B2G0$weHip!C$vkslUKbc$kJF%|-Z&uCJX* zf|`<~%yefm!!EFg`qOC93~F1tTs{TYA)i~2g6QqMB!;m};a*5-n&Fa(3*Bv44$~Ucz ziKE?Xldc-rOQ-#^;21MB6-xgGT^&DcxETlg;xR)l-C0*4*G04O)MTL*obn@K45B9Hc|9{_;lUqS%2w}0Y5lB%qSZFK9WcK0} z%H}ACaFAix|KUs2Mu-X4K`;yvDUL+UH&SMY(J2@_FFews3Zm@h%dLP1@0S3pKh(+3 zu0R{NGBKH>U{SdMQK+PAA)z&Z9Z!QG-i!jmUIO@HfgU8=5=ZHBrOP^EUw%BJTian; zE3N~M!~{!n0jSR(94 zC_s!CV@5wW1V2m~Bg7vyR&z4Np8MdYvFV`Sphnt1oe%|b+(eVu17ji)k?dl1@^tt} zXE@SL6;$D;=fUATDo~_Jc^h$vWICmb2|E#im_Pq!Urs;pF&bXZC5=i0gaAa5n|y(V zsYpE;iu5mH5|=uJ7AMv&@@Gad(sr|&4{g3|V zG{`HLNIZb?Mk5gz4pPGw`6N=sxy-asF2 z|4X6+8svNC&sl&>{CG^Ta=heu8{^`+U1OxnB((OQ=m9TFz`}iDNDJ63k3^c@@ZPu2 z7k)7QTXqqqQ1m9mPQY}6u+k6`Rn*vFr4MZTi`7P2e)4dRo-T~Nl8%-lO3}nxdiYtFQ zpgY@wpf{~fC3V10u24>ZJ6oLz2{|Eu9I;j1eu`s$_O4qI23|Cyg? zNHQ-myvtu^3d>&X3|po>7P0{Sqr;L-!z&45$G@&Z$ChLe|;DtWs~QBx#hslJ=6MXR>( zz;4B7`fowmeW$-u`ZZO_>8#tZgC34XhMtaEhK!XXviVJC;CF<|%6s4l@+p|?YqM6! zlSa9s3MnG1-;2SYRd3%<+Z`2vtCz{u7D6^3;_>5qx*emCFOq}wFQ#HG!3@Lxt$B67 zheJDo&8^Op-|ydE7a--mKoj%W*WEUD9YJ{0syaYeEpFSmxdc0?g3G?P zW*fL&t)zYGz*!Bd4uiC8m1X69KMpot`uwDNW$fHh9f1c|%_~ZJabV^vD z7dY?d+D=$=Rh<(DDyZymeK`F?NrODj**tVl0n(=PnHL)0zA<*&1;2|l_`+~*TmVkS zx?MU2lTy+t<$*kDlAYZf74nef>q?^@zFa#nlcFIR@sQY0sSy&7^c6& zR+~KK3pSeZZ3$q0lp2NPKOy(bDP%tBnL)qvj|v`aq@dQmy!V}H4Mo$OfYT(wxvS#D z^6!YpV%_}g)-*^AK$XJ^OfIA>NJhqXDo{S7=jXB!I^)}(L_y=>rG?7jLmRWOfaEzT zil@=}4=Oc}g@A3IBOeRP`-=(jvCh|hk%>+)tu)-4hdFEgo>2QQzwwxgmW;>oetW+W z%TUuZ>)Sfj1&)tu&|Z`{zP?yf*;K*7NhNqDWx7^U%LPfsoN@ORP zI&Y@npgq}%VX=()c`{L1lVj~+W!`okva6gQdy^*#EI;QH-o7B!esb zyl1_`V|{X5Txd_&R3F{8 zX}9_J4=zfrf1hX{PMMx5GL9>cgO{PwPPfVUs3JKG$R72_7_GwwgOK{XE{k3X9^g18v&7c?d z`dXqM!=($+hfeW7*UL1Jc=2ufU+?mi>FI0&kW(KH*gOnP-^*{{_Ln8N_$zxw*U3!S z_K^e;nZ-#mu$Pzruo-rtKpvv5pHuM7+g=q#teG>*zY1S>_#RvKt!0fHey5lUOD}kP zoGWi~wM2FM%2u9a1DQt-8drrJ$NwIDYGybRxogZhg(Y1w38Mp@fmN}{GgWcInjQhZ zo++K~{65T88}3@r8RB!I%owJ75b7{*p5Ox`#NP|m`uE2sJ0tx;-Lnx7iu2eYc9Q-Z zjCis55PaV~iVuIom~~~^Tb2|rv!?aNLjh8G)h}^lrFTAb>`P6FhxJK#C2i%~u~H#0 z8=@fuVzdoA1Zt<<3}vsJhIguor}s0EGB6Y&I2@fuX-=b9$#$NEn>2NcVdrfns$|}-E~Z=PEaN8MrpJ?>XPhJ!N7hqa8=D^}WetJX zs>@ljzRfQsn*?2Q^VSJ_m>?_N!QpS`XBfIriXe+VN6xF0CHGyAJqi0egCoqxL^Gn8 zxM9nP5VSfu{LmSAT>}VaNeUVs+w$qJH z-SM?{XPs*19ca8H#(SRdtkK-NIP0--Yq->uzy@Q{2CzVC=V^FbdMrVcqzqYt_t;o> z$e0`E?G7e)kVflX^`NnR(|Nbll$No4uq|$|Z@J~`r$H4N9$0|eGv7e0xx&@~dn_S_ zCy$UmEU>V|J2Yf8*rVb$$OdlzxXw1mv!eVJH=(+2?DfDVGrzbqb3ee#3&-{Hqn(z<-`GdQ#S=rc6qL9Q?1h!+qg1H%QE@t%ZL$%blVhqEwvJJfB!uINfK*xrUb zpZ7o$1rmZV9qFY=M-v=*=OkRyQqaL{G{Esa9K*5aW0R*=Iw;&?#FHNJI>fi6NQ}SE z?$ZR*^gDygP6lBfH2jjl3MGWff|W9(jk`|CQUtboc9W1Rg5vA8`p!Dg4s~&0l0Z!B za0?Z@8zD#zrboPLZRy8It+Jx^9QHic4ZK9;b&`6xat9Bk<}h=A~*sG44!2VdX4{lMd&d5d?!leGQh@Iyk|xJH_Z^F3rfA5-al|H z&r>P1!WtbZ@vqpy*MSQX%`lV_WOzmspoZxgFSqXVZtGW_mD*{o6oA zLz?7Awg(;+*2Wz5(nRr-Fz*=c?2$R00d9(VMm?K=U$0@)XZEcA0dCjL2wCHqnjY04 z4^41~qaDr4vIfMk8nYP~0MBr=P+BZux*7!VxV5W`d^+xB)6(}RdrsIHy+qeM{ND1e zk4cmV7VYZWS0jr}#~43TZRG2Dm7V|QL~3hdIAYyZzNf~nsp*2t+6~n7lX4UnoM`S? z=-6eO5mlk5zhXs^p3`GjBkLIlE-C`A&@`N{l$spSf;3K~Sv-%4PB_}z#Fnnugg*^L z0iIwbwMZWzCGe3v5?fzABdqCWwQC&{oUoe?Ik=39^6k>kEfj@OUD6dD+A#!FkKbUa zJER>kF?3dfs7Bg1b7S(2(0Kji(4_VJyzDJVd_GmjJM)0t`VwhdXQcp8m zusA|2smeD-XAst=Big@PpMm@P-uNLAvd+*gKfh*S)bYG@%DWOH2QL{Z_qCLC(Y4EH zp`q30CX28~-yG_NZB{#OPk%q(G&sE0?>rAyuxQfC{~}c0(jsZ)*r_<@3$MXXu{B&E zHgupN10WWaJ6K5`4ATj27CnQd@XP67j-vF=rNYM8THk4repW-0Q_R-}H6&uXh?S4g zXk)T(&GU(!Aby}|EOd6lk2k*~ZXLg8ecx^xFHChl##1m8Q(l!DVTcwnzH+dYHtQM~ zWQHI3U}G~FnBKQfqZDbg7P4n|1%Nl46V(4)s3V}j{GB8QAB5oCv44jzy9V|+lZfgx zvkgYq?&8!L5w^V``n@C~k&AgRF#dOW&#T+E!`2B`A%;-2I-Utc{-QA$bgBdO+-ay` zmNZ9Y3$LqDgGG5?) zfhLWW)J@10?Z0w0tjX4SQp^11KRJoa57yGSV6ROjRLS0i_|n`mE?kt0=Hhe)hVBp0 zE#3szCp|}Rf>Z#;;ksDU^uk(DVeU0k@E^(+m5LCihvpr?pg>+Qv1b6KdS6Gr*IJ;- z8lKFjt_TTfL9J)G;Be#&?{#P`3c%X%$u=;1piw0=sN?SsSQMd`EzrW2t}fT8R#5ou zUs~$e&k?3@@bJhCV{ zegEs!MT39aUpEY`GOYZ95v-;D*%z`LV-y5DN<(v1kd*gD1`hdv#7rIGp*V?DR-7iu zWCwtt$&6Fof|m_5E!7?;;8vp!l!nca)=}Gu$Ozz@U*@2?GZ3=_xW@~0%BYS#8Q4E> zJ9nb658j&9fH{OD`7+hpTi&tECy7yfd#mDwD=Y4R2*q*!jv8t&G!f4chdtN*U+=A< zeRhTFWP5_U9y4gDEfKOswC*4#ES|Ga8-rz(i+Ka{v!9gE6ruETxj*{@z^9^C&Ypm( zbca5^u}0gJU9eNfUi)u0 zMNBmiK+wYyjI=d@`v*Djms#`u20tt`u_k|_^rvUea>93+(~jO{b&9pCKWPmygds%@ zKxkaUvn^JeF2dBE^X{Yq@iZP&XJ4Eq`FgJ7_K49HtKt6u;-~3Pz;>El>iEEcYb(K@ zvEE=%Dj|m;1BXHYO>7}L(G%x#w5-|N{A~;}OiiV}pvh*?6E-6eATJWRU_WX6+5~Sf z6km|>=VW;^;rncX8BH4O&%RA6(I~T>4VtR@k3@em4t6Jgj|S~^JXbmH#Z(vAu=#~$ z>NLuc8wQBpB%5pv{As+DYL3hQrU)=?&LN3)+d5*KSH%A{4-x+@x*+^)kG3O2IhQ&% z!fn+0C&z`-UrqyEx^7xQY~d%aOQF!ioe%Ugs_n(oFY zd2q*9-E9X@ za2K?>&(2EhHnB_s+;*TXaKC~aIVYkdL-HlwJ3q3>b$K|6azYf85abFIFqRyk5aAIT z9NF~Qza7f7f;1_Y1vB)_waBK)u^EzwK(lyvYDL3VPxQnD2QB=xK!ycVrEXWlukB^@Y)2=?f0n4fr|eSi{JH)4tZyOq&JwF28? z|5g;7rj!#`pa&-z$zAzTjeBcs?5yx)X-7Sw*7nT}$Q^KqGWEO^*0)fB)zKz9CUDy^eV%IWvr>Sczo*Rz!v65wb@Sn?=1B zgPzkTbT7Q%+82YQ*g%zP@Ze)BF-`Jgu$TFde~t3GHt(AlXbqgvo+3BtYID_kVjuK~D(FfK=Qr8VL7)7617HF!z7V*m54z zW5u6Fy9qHd@OPGB<$z2G#gRgBYJ>see+`e{C%FSm&jP6k+YVXghRfsG+|mc!BeGvG z-G`WV!gN`WfaiTfG9)P=6nbvA|As*%cM-kio>c>-+Bvlz~;(((8j zKIwJoST<=~9w<4(be)e{ghKt<0b)iD%*HC=%z*c^=DE)GG4e2J{Smcv>|}%t(fNMA zx2+35dGdGB&n5!^5AjT1x2)8;Nv$8v1xCS*EK-@na1`3=&i0q&i zLQyMSx5GsQOT}}aje>p9bVZ}&#>)Bu8JB;{(zX}WLT%PcfU9v58VURnyb2e53)I`& zrcLp2^|pTgFQSSt8owAK2Au>7%{To=t>AbI%DZB0x~%FSBbuCOX1`3+{X1a?e_^}x z*g@$?or+(zKfq5&x(|AhL`$u|p_X%MR)y|_-R-}vt|V}ymF2M41mi6lpz>o)GlQQ9 zdw*6J{ZyV>0JII%2p=IPJahKBSDMeLgps2P4CJr8= z%sRQRrlIK|+vQ4!qGJ#6s}aAdq`>1w>cpxlDpCHn9zVBDV*%>NCszgd{-o90LpFwUdR@-1*xtTa>qY%yQXk2Yx|^6uVi3**FAdyb=r=~q*?tIFn_ z4X8d{I@|c(*wV!9!j6$4hTVUy-|AV)+s?R=Y}a(3C42V>W%r3Svb66Hot@9u=d<1~ zg)}Txy}zmZU{u@5w=hX~eGau#Qr{`i_uh%Mnbdq;uCuC(?Lxal1>7WdjQATI+t9m8 zLu!?60go^r*)U#Ce7`YfvzqaJFIBCG92y2{akaSuS<_Px+n(6(u9Te}bE==z)O$0& z{0Ekioya^x3R*gF8+KhdtL5bAB(%cz-H4gE2_b5=`A&$54z^A)us6o8mBBqp{mW0kZj{bD66!*= zROaRa@(KqE$8FwlNVSQei9x09%Wf^TlJWWT0owY;Bxdlb6Dw9m$>4Dtw~CeCI29X# zw@a;tw;%ng1rU-R!6#O9i{ybvQ|;VRtyldMe)LWxBot;#4jUdzZ0Rj6bCpW;1fNN! z;&~^veAq^wd^^&D`Dql=SoV;8C+v9FGD*^;E%*LkTW7Od&i>EPL76!19jPj40Qq?> zJA@yEa4R!}^+LccWjZKlj~H5_MdCk$eB(1{gD*0r$nG~?^^-`#l_ldOVh|VBM~HzO z)_Pl8B`rpUwP*lv&2LQ0k;7Lys`i`i|6#wAXoLp%P4GQHOxTGLQtVjUNhOVc{Cz_K zKgVpEdt?C|_H$4acLWjgMvlB&6C0W&*{`{owW$0;t)b&FTyPyuGUTMn0P4nxS_~ip zd3QraFvi%p@;KE~yEn@$H6ss}+&u>L%3fzbpNXSYPQo2+YmP%M%L6Xt1m@d>nqCr4 zoj5q{vhr4TY~PhvZ~&#<{^h{D<#; z>Qg#w+`SQVgN%sv24**La53MC3(0!IC1cBYdBa0uap6Zm?7JF*VK5G*7%I&omfI2a zBj4&y&QyX}ZqKX^wt`cU=pi-5ra4FNo5{jrCZmvRUHc-q&1odoSvxMVm`8dS=XO73 zeM;rDTJ3&l$H*t+E2CM+ZPp)^e&Z=UM$s5u@FB1om3xlwo%Y5eBXdUerK?X;F;Cjq zScC>2gx4mK&~Xy=EvuefcJY_+vypwQ1#{e~p2^|*PC542&&O@XyRhd^=LjWQEv+AN ze`OXJWK@qm0G#?eI=HPHlKWBC&0U3a_M}g;>s6*UfkOj0pLmtP+GtOkV;P@=>}*#2 zhHrdj=ykz-7$5xVVIZ3F{3yM4$Zs)N5 zjU28OXf0)<+)#-{k8dw?v!u7)O)Oc>c0ESEv4dzd7gwV^Fge1E_4ZR5c#1>0hvvSK z9zsuLvz#cfllt48&z+bzfW6I_>EiQPXK$cAM{>8W*?maL z%>AHlV+fN!|BZv=Q+DCF3pv~<5vcst_qtJ+z4FGR>a2<|4-;0o&UTM+6JKAOVC9jmRl2;zq{w+R$P3e7kg$~BEp?jC6yAN;3 zeqm*6v@iR*ze#;SXCbM4^r}*8O-*U=bMax{bBkP^kZHggJxY`%a>=7c7&pv+6cc<5 z6=YTW1Uc{ver$yTu9M1DLRx0>WZ!n2&n-<8EgwW2Dfi{(*EmT0#Hz(ji!nZ?GWeiV zxtfIbp9>DWZv4anJ*t;JCFLV|HovuntJc2)Xo&eBZDOm3$b^WWThUritSq{3%hmf{ z_%`j|yHY0~eo;93`bhsaHdd>UkE7^OCE=##zjhru_U3@9{u6$iH*MVy%>vK8^2HY2 z6p=C^(6|EALP{ZU5%W$l45*sooytUqK)b? zLs^hL)Ua$8FWolySv&gTi!?(oH~KN(lY>WZKX5`D zK27UC&ojid1718pch!G=02CHYsmHwS6YE>6iv~I`jNJTNR2>Qqy2mA&fAP}7O~G^&#=1T!)`bU7oX5v5%i%AecN{0i3W>-PtD;r=R=(*dtUP^o0HshF z0Dc*atY1Cw0Huf*A!!AK40^pZ3qwBK+YmmWhBcMCc3;XY|4EP)$Cw`rY7aBU@d^R{ z9I9#02R{%7|Nn+%9}j7aOuikje6OMWvR}5v_+xbc3peAxFquIQ&tK|c8flBiWCrMM z*z>?=QXA%4Kd^Aa^9h@#3F$U&WrVPDae`xY9MM`QGS&<i*f_PTV7f&>dbw8UeJ>_;)<#0{r^NXtE)# z{@Dj^OBaq7%}sR6UD(Efzf@Igbh?@y{W3cZcL>VggBjBL-X{G>$=c%_^Q-N0d%Fr8 z>6<6pD~jK>jn_RvJNeP#jP_z?evm(#_Ye z^x(v3VCliLVq#984fJ-^8x0p0awXZP7QShEF=dn&n8kiwtW!UlYu}d#`C=QZz9K5c zjE;(Td5F$&J?3PG<`(CgGfq6^QFU$c7vip)S&?T2+{bquj&pFa8#b}CIy9SmF|m6H zKc91yb#!NBt4{ds`c9s2XHq9*?n zJyi5pteSmobk%qFuzFoDG-j7HJuG;nNF>E)cR+miPOs1QEJXmJ?#?3~Vw?Og&@Dv94&^&t?dhhen}D-q*u&;(1>S=5Y|CLK)UrvITsbT2wDKzW5xLuD0&w z#9B(lj+;|)#}2GzetNj~tMhsY*Duv&4`Vi@4Yg#9P%qc4gvRBq&GL7S?zj2eE7kz+ zP+ynWH|pqbr0jid=4xB~`R?(*m#UUnMyr&g*veABGl9!WUkU7*{K>y$kFT{pVj^i8+eVt_{O(LHh zw$W8E<--dt$bN4o4fy4k9*VB=;toD7CX>n;_w{q{u{A)L4Y-#ue&2}8qXX@py93yY zhXyXmlgD`E#R0X1s7~fGawL3Jwz{?U?cJxbH*Sl^XZ$RfRb2a|4yT9JZ0FjS8p9Wg zVjglfaX!y>@onzgdqyu$ZT}1|;}F)qyjZAhA-fyXQ!aBS`q+lZ`tg;pslA^x!_La# zmkkx>&(b)4&^Y8*eCMmg4W6QFiC}@Km(Oec+l7=2y9DJy{jT%gg558CsV+Z@NmYM& zn#7KeOp1)6oDgRG7L`o{FOPYfkMH+!%Q0zmLG4bGd{w=7561HkXWt-56O8R%oPrgP zOR}cQVhoj|Ns{QtHy;(>y*!_|eZ;buaqyBn)`RTu)79M?t+Np(w^+LaqO*Bdo=@cj z;CY7G!)sl3DhFPZ#mVE(@4NG^D@F6`ee)>|W1rMH?)iZ>X_1b(GLgS=mx)yeT)FOe z-Wr#>#Ho?fehOwN6LoMRM)n`Yy)LR>eey6=6I`%L3{n%j;Z#reuqpV!i^RcaceB0w zx+?cW?cDP(+5-8K>DXyycMzB4$+;|+PQ<|nmyAavqrjIo8@Rrh67x(RBew~G))$r9 z0Aq`R-iOdr9BC*i&@!qPVyL_II$_WWXpxUZl|jsBiwEaWt=AL%~cn6qR5ZXmF>{yE-q!Ec7$cLQ~Dg@Jm zl6h^e;iN(i3@`WLC3!4#sOFXbK1`CQ zaTS`=!m^P_2bUBM`f3l@O0}}s19jtgKX!2bp=?5516DnFh^-Z!q8dRAsPcE16 zyX&Vb+{*2w+K zCO0b72hI=rtT-+oU}bB3ZV9C>OYkf9MDv@DKdSnxXovC0^})lhXyCof@0Asgcs^tqa!xgQ(t?+ckfXYK zF9_an(b=-~Wyu4j`t!5aO(L*yQDft@-qnmL5qLJ|Z(`2w9y1OJVpZKvxNH;PNdVM6~e`Lntb(PzU^*0gnA(+oui|t2Ll^a9nlyCL5 zs#CWvI@BG5dYw)W(FU|8=(jcV$%}J*uoh61Y9L*+-585^7ZHGPYU%CCMes0&C z?6BH}8|^boER6C~l&*(YUJKoI`THZE-3Z zi(J***@JK$l_$4(aus73f0$T0pKhI4ZR+_fPYW-TF{wWt?jMHCby-<=T^T)cKwyug zWxzwC7PHc7*&8@uubK4Z{PH=L@447A zUTlBLf28iQaB{z6!@HK?7O$#Z_o5!fk34ofwq23u4ZZsh?mH%m`*z7JS-Cyi_0H)# zYF>`GXo5VJA*RT_)87!!eidqdrrufG0?(@hQZf`2=hZZH}POzP26VzG9h@Yty!4 zcpIC+--v_5;+)_WH*R@)&ciV1o7&N&PxPw`(0Tb4ZTn*;N-9TF%H!fj*a^O$gA1F> zwgd(H8x>qwbl##y6DGD}# zzBxI%S|t*z=r5mvB9c~B+ba*iqu*@CIT7wlamN+t?R7Cl+T=zFVx4LpAJgLXGab?* zGDb>I_3B)unySRFdE3w5$t@;NzFepv_3Rp6f5h$_d2=XBUUI_Fnj}p6xRz_Nv~Y=3 zKVNl*TtK|sUdQvfFL;mq$M(^axp_u*r|!NqwKhFcS=5;oCS3damTQBFAw!N0v$Otj zq3VXXklBZ2FZG1P!yF_05m5`OK*>ZN2>~5Oi*HO!wHdSxHv{c@htJdfnofLE(~)R1abFI(*ZdspsMk0o0yk`wqaTWV1Cv~r1cvqQT!fru1Ro0%Y z+tKPJZ69kDalX#`n5p1pCN4wx(i5pU&z4o*0rKRY*|v?ZBKt3VVLv+Y-9iZ?X_HO& zFlJc62}oo&FsCF`-Zi9gCC7cAAAYd%L&2t0Li#HL_1<-xQgtd``XPBxicXH66ZxA8 zRLWh<32ZUiV2lZR@oK65Fp6`#4u3}O=#}lV{RoGJ!y7wmuThrNJE*^r7?K7XFWeQn zx(#c}$Yk0W?p+vqweFZRuJ2J0Mf9A>VCjt%!J!%jH=2WS%SivqsC|_URW70KiPPEp zvs`s8xUs4}V!RGR-H+!S{gv?5K2t$>lNns^%xOre@%S~h?{Dh?K=qZ#9TTI6;h}?; z`V(BjA?F29TAg*z`o6a~o~gP)Dc@gxmvuQ_EUma%oP5cuy3eI{UY?z&QsHIF2bBGz zALux>qlU~uJj%fd^y6!gNZTuiTYsaYW=taHgeUDz!u$FmOCO?zwJ|EKm`*={ODNV$ z;<{mF%rNitz&jk-R-oXuHa3}W{HZRXmhOuH_JHhHjVbD)wY!Y%n#V31eNF8fpP4UEwzKrjo0bTR zicJv6qv-C`f6VjwQWLssorf@8kSme~n_pr*?3ph>==09bCMf6GXmtjEg@Z$pSf0-l zK1B9WYk|AD1>={oKlmb9g*UN1YSDW5arD?s+7Oe$+k-PoFYHcRoEt9IPT*;ZBy ze*o6)sCzN-wjOq zx|$GR&qZ*v^VDO%`$nR9xsaF_Bhyr@=4G_rA=l@L{=Tg;aV~kpW7^U+{R+ytult7W zqId{8$~HbXjDjB#HTU=im8f#amilx(Td6y{Z4qrU>H}SB~d$3+A}3 zz@1+`y=a*bs61#9W4KmV{&Di4pY57t3T5HQ^||Xw_`hOJrFo$)&Lh$0xzSWhNI$ZGM*@szH- z&8+;2NZ*)Xl|=Mqx%gK)F4|b1aB`hd#zKK6Fq^Wu5T>=@-*4q>92iMsPQ)!_ISvReD04(jgn9%vn1 z89_ih0R0>~Pu$IY*;oDLWy0_p6tbEp8lMu9Fq#q0()jcqe~6uhP_M@a-U!xOyCLyA z*6yedQrE1hT~E1~f*;P#rYb#qvkBZ^QY%NwPTj+~NV5?-dngyf5hjkDn2J@=?J=U? zACwMS{H^3X-0gih376e4l8y0aw0LZC zed85@?%Su9xoSUK6>4ejB)<lq!|aDr7_sn=t8UoNbK?>-Vw7|B&Dc&kxe@k zH?-F{6(xTfdA)>b^=r2JOt#Sn-OXmiJ7=J_;H5Wg&rt-xHbYV3$s+EMCaK|5STZ^}$+NwAp(huY-Mctrw_9%9+=a za;}b@zwDxHYWCl&01KWsSL-mw+&kGmMZM2`{WymSRA!rOHSj;nP}VCyIGo4hUfrWA za@v$Rf%kkXiu%uz4(Q1D8lwJ3@v=N%ndfV7?0vL-<511L4O1#m+tg#N8A7QMD}@`E zBqEki+fM|C46-k6{%^D;pK$Eh+myVB7b+hi<>I9BVW%s5+k~wf)5$J0z1_9<(GLdl zo+B&XGTbQ(!Myqr`6apOX;y!h)7k^C5pF=0_j+XTYcGh3?gOZor=ql2WucL6lG=C( zdAZ4e_MNWydf!kf22Lv}s-dlG1Lrh8IpR2%ERpsQxpcxGIibx4YZjP5T^cf}i?*5b zM!vWM7usgATu+Jwznk}Nq<*l5Qk2|Xx}bgN!O_jkM3YKB%*_NzeMFeO^quSHKIs>s zk5pVs3%@kJbUoVP*!&d{&^pt8X?1Eif?hk@nK-Txq4R4dvDcj{g7p2=&MaHE1KARx z#R_OZfd{GWgXhl`Mrl00!^@2QM#Tj0)o4{Vopr#@7acGcuc4zH{pqG%V>px1BFV8Z zGe(ohi!3jyIg9`Z6byvoITuL7?y9U-V^ao8XIGzwZa6)KFtD-2RArqi)M$$2zCNz<;aC3#Pjhw|j5!G>5pG3eE2Dg2*@SpW@?)XdD5LE~Y< z*Sd?P$@|8MQ$IgyDpF8M@=mp7i7wd&jI>>WZVyASLnFO+ zfB?qaUKt6VO(}aA6ImyNBBqw8KzvyD0i3~z0p3i5;BJ^2YI@Y>U*60s+TS*`lUZ}2 z3wd(|0TKqjV7nrw`46W7GP7oE+0qt879hy z;V9oKgMpw>%qvAwQZ?s3U6CIoE=BFK9 zD_Z%|5N2_!G4m;fNPsIcd-Xr8pM3;JRq`q8gegZAXW~MF!Dw4!Tg5+Ps+^J|Cu~9s z2bnk2r!NFN=RerINKP*sn6dxbn)s0#dGRsq1|Ys%b_itz5QGGT1d~U6rGW20s5#wj zC>!vYe$3sw*tWMQz5M&m#eZV~pc0qzEVsvz0nh8D8^}i%!(z5;xqVmJ#_beSE}g1P z6K~aC11T6{R)nu)G20#mxhKIRdK>-navN(ZF5fT}Wq!23i+f&^w#;w?6gUV(M`FEz zV)|L9WNCKU{Qv&tHd^ojT-4fk5fms&1~16JeFbak>?}A8OPKi(zOOp^gb*~HJ}3_N z7XGU=$?fu?#6KkG3~vGg^ma^m#MkiiYK{8#y9k^x5v(`tb$>Cyu9%_Tb(_x zAU+|+c&v1M$KSQ<^ICs)Y0a}_-06Xy%jWDd4aHjQ?e*v z_;$2k*Vr{u_=oaBtdo^gNRMS5YFDhB?ri$bVVS>LsqpN+H|*%esBYW9n<`zB$&sID z+5T?Al7;>s0$u^^ZArQ$KhoGX{{`X5_7L9TdEP|i51wSge?(%a50lW+#&I2UT?btU z>N5o8sqsq4e38=-m;RkvDOX=vvd$E1~SjHo;!k3~i=! zq|8lH-$kz*pH{6SfGZ4DcZQ3!zN+s$d(P0?xe&YAe-sR!OOS?E{Fbt75y$ta2^RM! z|3TMgO^G`uB?#|Ntpo?S5mGczn8aG+*A=lX!5JSMFjGG z@wZoYPxPY0bDY3YY-;jhjAfYzeq1!1g41jL2)M#wZ#Qevr{8{J607)+M_S244!YUd zTH=|b&xdr@rXypG=k0Huy;kGA7d>fq72Fq)xfzFhip38vl=^jR?GI0mBm0t^ZZ2!t zu9GFgPOXK!505p=mmQE#m5@6eP`6RL;?)7U)nWI>EyD9baXohDZE3-QwOiPRTE0Fa z!E{*vFCGw8y+U;u25_&M>sLsY`%u9ce3+TyBNmk7g4Jf`yLHX9VEs**@)QNwZ$RK{ z!LAB-yi;)3a^8UzbJ{H3`=gMbp^txAOO7Ldu;ubJWzQKWDk-mgPZpx@J)aQYSMqT> zYDrZT&+{}gSvE!ZuKf|c6Bl8Nwk9H{>(`bI=!zQGcyx>#(e z*`K^|;3H~=p)a9$3?YMm@EPb6;uY3QA1{-62uI4{a-{L&9Nmz&o}-zS98kx^Rsxe0 zUaP#C$Sq~;g6Qs#iPUmL9tI0fVFKB@EkQ}Rr0J*{|cNNUw-}o`(KNKH(^h6p|BaVtFdch zfXDQmunOLXLxCp}Dj4v9CC_()iKMMia8*-6t&?m8WD zwOVHv4wKK>Mf!<R|s)MTnws(GSvD(N@Wrp5izi!M4M>ybI*orl|eArW4{U({HtNW`pf?=kh z);h+Rstn-us&zhK##_z>1S`!wY2nMd0}>*Tn60>WpqTs1f6QDHNYAq^N1?W`V$I1C zo!;}jv0Q8Ol!JU?^y`T;SSvo{)Yd;^ka#)>ekYBbj8WGCL-JrLZoS+f&SqYxir30{ za$rPP)yFop>R!C}%koTa${L@&%`##9^NKH%yij*D^fOeaJGo-2Ak3lswP0LUL#%Ey z`Q{vME;U(Tzp%LHqb_OC3Mw%Rqa^m?+)`|%G_>FOr_>{w+07qmZ+YyMdyjpQ0v%S# zwckVTb&Xn<8|vUxfvU~L1h>(PI#)IroA@)9ju>tE)x%oSg0aRWYf6uE{70faYbxt& z&bg0ULhVFF6S_%R+w4=^<9DU;irAv$pe}&0aQV<{um#1zVI!rsx?vr=(O@hw@33fD z2+`N->6gG=)Oxxc&ztYmSGoHAOT^uzPv$rhHbxBq*ZQvX@W4B2H~> zpQ?hmNWL-?Y(2T>PhB8uE|D?_YNXUP>u^ z>-@OTp=|wq!mLGo&P?)?srAOWmZJ6}GV6*O9*O2Q6_$Kf%afgzBJYjTgeubGA1T+j z{i@Q6^TdbfIKUf?I)ai@ZivCEuqNU%%#9tEWmhkCi3eYYS4HqQ{j3X7D~Cs>sIcwg zmvBV0&?|^rFBeGmn7EAry~fLLU!v#Tf&o%#NG51@k5SntW%ChO<#R!b4iY^cxZqaU zg3rLCOOwa&aPVBjeO>1+HuqQKT&O4Tdn0#C%b3ziEGk^b4TYom(Rh3Y@A`>)>b7zQ zMj}8k$0<9#!9tn`&gxxAoSKeF$a$xO4cbP!?s3(Rskzq_vP7LvH^nvl@X_Dd%yRl@ zxJ6)kSG*+vBDWIi3o{nyDKF}nki&6DFwa_DBSnLjUcr4>;pxn8qNBnhz{0GmvtbQ2 z@R545I!<_bTKTO7zLug$unVIBTS@-WH5tJnV&6wo^Ujk(@y12Bn90$j=h>&N>7}Zo zis>C)31Fikvm>QWCIklh#wimr8HzjtQcFny4WAV|2Q;m3uIe|2&?M#Atkcf%ml ztp6l?3J=M|B(OAva9_uxb=4vIts2W(&VJ zszV}fA}s^@tV|~^?^}nLZrUM>Has8^*8OFbiRb;02(n(5veu1B)0?pdC@7aR&{)+QUhYdttKIWD|Tjow<^ zYduxEL~zY!m~eNXa6v(nFptC)1h}mwURUAx)N;rwpq3k^|t>! zbXjF{mhEeZE@p(SCS&pNaw05-g4yItTlO~6cL=dK-R>aCwpjmgwA6211d2sV&)$kT z;MnZGWLS&!lAjrEr$l$=H<_O)ok!1@(msYST0Lt6T>icQr_(g^vtfPNdMg!coU5uB z;#ny2<4-Z1?<&f;IZkMZJ<)Ka;7`>F_+7Daj*l)o>d6@7jyfqi(Cj^rjNs1g^*vW` z10yQ4l$%?ww6oWaBN5ZHer!I#i*}`|UaWd@>-VCkhB1vqftpLN^a#W1GL^N{yXw(x z73hiMBHtE#zcvzE>aD0oHH$+eOTw2s=9V{m@eA!9BKbO+%7V%Obhm?PSlA44k8&f_ z+|B%k;_-8F>&THmB*)o?v_72u{2U|fZN8}lpTJlY@hh}xLv2O68#Z_=2Fp}W+tcBs zYlh$5x2%h!vnX=Ko)LSAU9>us6!ngM0=EG9e=RvS zzkBm)+e{WTS>2aMRx_;O+Jzb2;Ufg@IEbgc9NMdotAB}NW!b1aS?barUULv73a=>* zo%i9r$i^7l{s$>dc{KTA!s7WMK&5d8H{H?W68!k6T#;Tpev=d`D65PImAU2 zUdld3bm%RH#<7O`&rx5*EcMvWw??|DLOUK6;GQ?ln@GlEZhZpJRh0C^t}5Xze75e# zCz^-411#=b_3(~&2OlmO$MLCrp8Popk+nWoIM-OVoobD*ztx# zg&$Uh2uIyBqf^-?@dJl9=%_vTzlz0fkR!kq(b*6-gAgo< zuQt-sE)6t@i)pR*Yr}yV(o_AdI|yqHhRJ&T0DZtJ1Y>SxAoO(TT1>PEyLAufl#DqG zSK5#2YvMM~A+YkNCm&ehf_HPC`0F%^j98QQFMI7IZfS^_#1~LnE$yD0rlao42xgRr z5MN+tMT zo{ah%7tedEF|^gLuh2PpO!@Y@K_eo_XM{ zKCIHCVY-~w)weQoI?fa0!!ydMiaBQ%*G~PIE25so7{~O5pVJH|fTL?j*e>)zQ9u@O zOzzWrCke$!xOBDA+&>8aaZjauz~-E7r-dx@Xt15O-PcU7=^R%s}|~>hTCl zPEffDbnk#)|150aTFVU?=#>=#fo>W;lLq#BT;GR~K!Pvmw#46YuJ)b4?lSOd=L-CQ zVo1@kw}G)<{bXmm`o~=x$gBw>Z3x(QzMD?~ww-6;*{LzWw)3j@RRdBqfbx}R09}oK zB8Tf%Vt6ar9S!NFpxpi|>ediT#S)F99``clW_y8!T(KsiA?kYfB8ApZ)NtDb)e zY!kX7^XiA58P0Sc7$fkVJihh%zkOiVxIHo88PZ?eL9 zA3-7NYI2>AN&)8RK&%1F2?E`qM(3|dqL4OM9Lb*I`rA!|1)lQ+ZY_)g{`j~XbMXOS z+`CsfK05M()>oXhgWSVKVAmdAq1uuyN*_KxlukM%ZYhs<$d#$Vu34tjtU}_8T2KVBQU2 zw1S*8L&APh(Wwl6=LrKPz_ZWTfRf9-RvL6{^Ikn5&Zo1X{`F9ZVJ9gA@NDBlI5vQP z4ElsA8~~vuJyaNpb(6CP(BU%@lt#|`$U^xf&laR@zQx=H1%8iQSW(X!i;eZQGmynY zUP?YVPPkH>$HZfjex8UgF=~DV*{4oW;9@k0KtO0l>{`F#+NdX}{G)hv<+j zp-hpZfU?>(UWmjcMUmiQuxoGqkKCUhh%-F;i%)aJ#4-wn3e%F-0u~I%%d=bt085`T zwRzQedR<~nKBa|9UCuKB)eCMng?E;lvH|VWF&VVS3_kd=sap3i7uv_yib#1C*_1x) ze3Pvtd`Lq|-8kp@>y`m%k|IdwT~*;1vZt~aoUg1mpRiipt$(q8GsMXimYPdN%H(&a z9^LSJYU21@LBGeLJKVaXZ}0rEZSzZnVY>k=Usbr>6-w zbW?(nb=kUM1n5sk)(=(p>uaY!I|h{G5YrJ;vA_Q_rja>xC;FDiuzaut_ zq6JL;h+w%CP~!)VO#kFOS3`ZrdMMauDCF|nB0p8H$ksl!Me9=wpnx)I$D6}+oi5X0 zl0@n#wME@2u{KYV`-|;DOy+5n6DXSV{DAEar8f5sq)CcgzLUBVwA>hKJeSr?v02G3t??s?@+g*PA` z7eYlIEcNyd46O8D0|ny0-=0~07OboCX)GZHIl>oJYbVPgT8wz?173CCU`NR%R7I`2?1FGEjbcUvwMt=ZmPS5a`g8Iz>4cVCpIE$G>mIOKBkINS&qi>K{ep#=F#>4B?4FHX6U31 z_fvG$|1MibPDAiuNxE%>ZFQai^e&c>!;7`Pm{B6GxL&npl>ZMK*`W8?^jR!sZ@i zG~G5j4!9YigmW%-tHR}5H-sI^blr$nd&m(Pq7}ZS)01$V161LPin!`gMcZdt;+&#x zGHd-}1H1t#q|ofb)YZCYUSuFpBW23G*Jr5ZKgZ-OLlNzb*^rHv#$HCi^E{U|5Y6{U zed4$d(fI~mo90!5=C8uZtS?0>hV0Y|fEIzWJz7RF>6Bxi6gNhJzKUyypPBXk8iLqS zwYbbxj%SGjFVO5Lxce9vI!xvuh?~R;kiAW@g?NIi98ae4qDxiE$dt2vZ4;`;XjHGKNdq!xI~w%jws!opk#{`I7HfjoT8rct zA7Ia$`ilR{bmmga^LREN3y!=q0=-6^+Gf-7l3_o&)l$XJ@-^w( zFv8j&)C~PL((*UtScKL$3I}W$bI!^qZsm~CYD=~!a+nx+#foprE=(Ix^gMeSonK8W zF}9CRZc@CmJBs$hDfc-`nUyx)^d2M^_4|3Q^~0Vhwif2VE`nC60qaG@()nmt)67+txzC5x$z#w!q?{et2@2PNM3(Upxom)3i37Tz^A~ z78Hnz**#qEZ+2R*2TRVLYb9vxPp*HY`1zE`RYkaY6O}gr)G6#mmdhJfXX)Qo<8mtuw^0FooN(% z+k1nQ#lITDT55UC%{ajF;=pwlW>>ql54zHFDksVPVzq2hcgkiq*1zhjZxEJ%{gX~t zW0^#bofI`<1P*&_%^T0PafY@4zhoDD^4&zQ3=OmL25%OapJ$@bM{bQIeS3?X-W2d< zWQ*lLnq&5uHE@ZRA@{F{ni!tEgIC5ER4GFr$W8U>-T=)Zx;*ooe}_%`;LTa80kP1lA+;*fH=5ZKB$aQLo&<}tABZCs_AEq;rQ=viS*44?3L7-E*a--~#9m+8vz z@8#8y8Tc3TON^X%mkiVG&s_&Oi{0aV`wZNu6**hJ+0Bp|MlS~267p!>O~wv}|D9!t zqnhw4CMB3Uu!5Z%&(~_y^hyNAm}VF-oDvi3%;6duO@FE=b0zZ5Y7)!yy=?aYo<$Yt zgS<0RzX~~9E1ac1v3bSMJ8dC@i*+?Uj~{Q6lj6GH0%oBXd=lb54(_Bomts85qORZEFOq7i=QjFRS{ zmaYejC=M|IBYfv&+X|$txF~1!<1ha;wOmNo-xY`QMk8e7%oV6+Fe+t-9*U$2a6j!| z#)%4E9B=J5*KhZY9c-c{mRE~A6Bl7kUtky2fnn#9BgLEneV0XMShM}7V0EL*4RzD~ zv|E8Oe4PwUUfts%Z5Bpjl4#!iIOAC$;Vi+9UxCgRosa-#Vb?WaXk5+Qe|)wwibV^* zKHVrrnKT(&nFtDso(}|jNHjWz4#ePyCE2l;ld}OwX$4%MFQb>z1~G7;lDGqSjU?w$ z-s#!aZsIO1fcD(j*KcFAl#p=NugmwOU$j=Yz866A;My_x+Pzatw}u$V!S6_p%->tf zqnWg4m@+Ri4JK+DIpVur?bNr^YjHl9q1qHADJgz5Pq@;16k8wwVCob* zngf1l@O2n*2vnheDK-X;Ipe@8VSrSiF;+@{XymZC#N37SavLi;9+yet`?jC)EM!## zIJ!SZ@C|q7N4n6|z&J>K8h5dYdWU86D936EC2X_0KQ4(K>BG z-9f*`9~eoM1fAS#UU;z;P9e4p)(nZpQiF7yzK?8dtRAp*3`^dj!p zlR>Ou**`5xLO;D3^F?uWYoUjihA2lqY7fH6$_WTS0R`$L(e}KbA3a4=w&q{+2f~0L zDhivt(Xw2I&bdqL*A_8xk?WJeNOh>{X8P3WC5&54l+ZtA<(`li7i+0M*=#(wD(Zgp zDgNtoTyMU?NrKI6LKllv%^%9$sXg8F{Nr4~e=OlXl%-0kd!6(unDxaaT8XcYiJaOE zMSYIY;Q?M7tN)61o`RwNZvXkx6FVoHi`(`CU;p^m!)DtO6cxd3H{3?Y&t@G%%hD1 zE&nf5TDG}g-2<;7hcSmNJFDwUJtf~b8E&IUb0m0?OVdX|`J(AN$=HovS4)vS`ui!} z9?;Lwc$M~-7VqkLIn?Pg*Fxu{d-kN3v0N`@&Xa_LyCM5u0;YkHJF5M^jc!M`0ErVa zcpjAB4o9xjLG;_g_O~{C-Pf7SuLahqduF{!VK4J=v`jOfzTfcF>qvjPJ|JS%vnEoN ze)v@MM;`5;Q2Px&S#U3xNHTch^bw!vhovf?f7DIqmMQ!X*=y|Qv(pMX%)wSTB|~los_s`7de!IgeI# z)lo2%o9T?dT{jN@{@+-D<~Jw-#&Gb5wV6=da@pFCEyu_j{6o!fiQ%u7 zmNMkw8gB5RFAYpDy->zUrR!Moe+WdGa~lY3h@bj~Repj;yL2go`8wo$UJ4Mi0{!>!o z2Ent2r-VG;R*7-uOz+?oQ`7G`IpGM2rr;z$K85Vy8<0v%# z;WrMoTZSgBfj<aJN4~9^%745>LAXo!|va8{Lq_v!fbP;A+!x z1nzO%k*jz{%T&?Rbhv<5sS4gbD&z6{c5x=%JQqg(zbq-2vA2cejZlaSf4}3sy)WK{ zUMcpYH;+OQKS3t5cLLu~v8gU=p5fl457M)CJ$(W^`4B~N zPvq`Rik(X}hRiTb4}6R5C$pm~8h_@wYE|6zA=!PsAy75n_2_6Yj%;Q=pC)MQ*j1%C zCq?8quIuOVok$<)FNClTpiX$SrE~szLC@iybP8cz!S01KXQpoP2vzEp@Vu?4IN?+( zlv709CPZy@%e-g?2^p9N)MK>8V|!t5@2@*)ak5b0?KvK{%cuE7{h`vsEa& zgF!pLRtYU|J5&Nid=qg~4EuF$W>64U@>s|)uAr=D>ppU0?{$uRM60?>y5Nrps1|OA z!3tikEuc$4=w@AHrqUYC~wN3B4@9@UJ|xAlF2!KhVlB2!1lCkONkC?C7?%%EbGO^RIO03|gKYBT~C`5SCO}hjtf;t9B?fY%B z+P@O`NNgAUwhO*FhI(yb15N>p_(Qqv=Sq`~0Q$fF!G-a=H&EFGx129}cM)IZyWEaM zseN4G zQGXW>;>wYf)?c27zVrQ|ZNBRyp1rNUkb+G#Y~UI}AP}MXr^{Egt|qV1Q#6Hs6tICi z#ZU3ux~Evf&libOz%JVzP3j{iwgUYf>Wv?YRs-|$8$4LUG~WN$EauhN!*k@TlCio( zZg8lS#cE55*cLQuXz5SB5hOpsg}qg%#GXc=&q-j!H^f4Bx zQp7jNhP|V!e*H(4i-)OI@W1*~Qr1E>?IQju3P}d5SkyB9n&2+{ob*G>ZfNa#r1X14 z!UH>3p@)mI`o7HM4HvP-@8FWdTU~i;w;-z@B55kZikGgV(DCDRD06-^M7s4b*~!f4 z^{9KEv7*r*6F;%YdTTBrCNs^Kv?Nwiw&qTj;JPUEd^>)u?V6C?0K^oDeZsDrF;!h# zn$@~-sIByKR0l3M)4J{>JR-7Jyr&KzTnZ zUF_=8c%GYY1*c2~|9$|h7?m2{di1PT&&z4O>whcG!Q=Y1UpSIUz)8*dfJ0tT1Q259| zMPjOQ)?eBz*XIndlA2xNhY?!(h(@(#o0Q{vDLa7gPOQ-M5IT6&Qv%I@bZO4)uY6#D zSSN1TPL|zMLN`$s@DpCD!0Fr}^M`d{g>zwu1WHH9nEqYoWC)`7zZ3JK75+#GaK{=# zg1Gzn<@Xnffb&~npU~lPCo;r!%Zkg-Yn^7(F>*&_i^~4C>#acgo@^d=)v%;w;Yxb#Z6k4;d;6hSocTfm;W` zmoP8%J->hky~0K(NMfzd9>LJ;{yq7#+8eZ|+$K(!mzUm?(YP7z83affwl}}bqV_fp zLyyey;R(lfe9y;Wb+J)co@|Pj0gl*QgoZnA3~d#lD#Fs%@lQH?i<7 z+#m9yM!P9O)HB4AYSu=jc}=`Fe@yIybD5kw^Xa;oJu`FC(6lv7Doq&8bRb26Zbxaz5@Inw-*zQXX-L{#^KKT$mYj=PI|e9uA`BKR#O^f zWtiP@*uccebM?I&<7ENgrZ3=0g@W)LQG@R0?E>JjC~h)jVpL*vFBp-Lu-A%PP!Enh z1JzAsvJ^4!qjU`oOgJz8e9D+UnXNHw4wyc9Hft5|sn4NA4mf_Qr~z}vSmX28C+Zjc z(br~zxig|;%s+3_FLs2j4rGY4($yuPSpy(5bm$x(Is8V-XoIP6@%-fX*HfJEobAeR z_>P6f-q=3fhN1DclP+YHb6?9v_2*>i=7T4=gP^4?$@?M!glzHI4Wq}!-&x@iFpW#7 z|8`i&-Y*AG(&%}CyD*&WMoz=5zIpPosCvq(GG14JVVYrfgMsJJlh=Om7>PVz+&eob zOf~e&EZREe?=BYXvj5n;eMCPCwX_-|kVPdLh$9S|0-V;tKGsLSzn1DOEJ>$os%}#Vj=QYhgyic&}nP;!DDrk1c>U88piYXY7 z`&>0v25-o;?Z1be!(glE*LU}}U~4+YR6gCD48;TQ34dC$7Mzcjvw_eS4ZcIM%V+Ou zMr~Vr8@fCtYQ{!I2+Q*Dqi_m2zv+^<219<8pRg8^rPt;ZR5$G0!DZy=Q{XB(dOWv8 zhH2mauU>yY_Nh7LiC^}-#r~GpFnZ;9qcvVhS%-SRvT-c8iJy+jeldEC`GueBMV&rP zL#7P=V5y^hsTy-Da4_H9I~{BF0L{XQz>P}yz*#6_PN^M&!lKH5vzz5X4sRO9r<4 zDcsQ+IDgS0>3uro+1upBU1pB9#&(+fs0|T z&DBtQ0oUeH=CkatTmW$(uk=uG7Wly3Xs~towU%Q3OCBFMr_l>p81M}Bnko>6Wh$ls zF}z0(GO37d+gdAo>zy-IeJe09-`yOH{XT@|>%2BcPGc(G9*sQ^LE}Y-{AB+E6=_z3 zY5||P+?5wo ze&snN&dseMgO_=L&gTaO)1tRYKK}=}aS=ooT4RoL1>NqOP6MDZQKKy^wlMVM08^g< z0D+(a&(fiD;M_m3CC3Li(tq{o-)}io=%`TOuRrZ(1HTp|KLX8;9rh2(V$1A2?Bp+H)yT_VQl~i9zhmB zo}c8Pry^(oiy&s;+jDs!rTW%Y)C3TnK#D%k@p%hi0rLS3f=h>fdJA8*s|DVI``rOt zss2(83B@Z^PrsR9o z)UNmG#NG|V?tpr_t^fyS7(@G1b311ojp%O8eMwEw%(wqhaN8cYcW;qW-L8seH)rY4 zj@Gm+$~by)WTCr^5Zp0UHH6qY(s4cAKQcP7ZzPj#ZohY?a?R5sdun|dNaz?WL!FCV zlqHPd?5O8xy0>hYE`Ay>r4z0!)}>6Bb?*93PS#-3k1~f6cabTXFF;O!DzgEMA(Y2= zY3Tf6(l~gMp~R5VLqe+_&)`WV$=Nh#1}`|xdD~#2I%-lilb^NRVcG2P-sIwjox2#4s2uZQDrSFcROlmnfqaD%x)>}4c<|tIW;1JsP$YfepF&lFeGBb z^_5^I%I|~s`wG2`eb|Qx;8pw{Ba!G?c*sqiDW*p>e{cBbp8Fs5Omd(?su1M1F$Ph$ zE@*>JfXz5H^Y0b#orFl7U!WWBGzV?DBdyLX`NwKZmsZH4geNDSHye!MZ7SL7Gp}fl2be&i1)U3mwL4Tim+@)*~*v-!b=`M&oJa2=0<%G_@+SPmo3&)}y zZ(-+8l8Z-OnsIa9<$ zx3fZSIkHmb^>e*CQD&&!325STI3>!R_|++PsztXZ&GY?iXEycGZAmKuL4i>!52pmf z=9@sgQFF>h--X}Y0x;NV+C%0+@t*$tXjsl9cZEzz;sxOOud2t86L*$7x{jlDBM`gY`q<`I^NqcJ`+< z-qp>WIujGK@0O6Okjw@y3wdT$QCbROq$-TL_%sn$SFFY0b{aTKWtzkc%2?;5yP3`m zCVWF4j2+b>L2Kv2maHc_vr-u@{>9Qy0)FF_On@z=vw=&&kwop73AcS=vGVg`0`F<+ z;+mQt*@=RW`K&(flxsazF(8&&B#mZzdt<(4j^FZ@Z%l2;Ae`A`ha}6=73cHdGAg;R zhanwOe%Y4Q@Zcm)rB>Ed=#MvjRFk3vPhl*Xp4#&&2bw5L8*51|FN|6fZMfXPI$7an zn5?bmq=vpe#9qx}OPxXDX9&^u9}3rOy)X1Nl-Hbf%}>p7)^(MXftKgm)eliLZzesJ z9}j9$!Brn3rtc1_2Ea5((6sO?f&{1`_ikQl2wdK>9{8>h%Sr_DJkaG<8Q3Otj>*yD zTlK%&_iGO*-fh@s*QhQiRjhT}(fx}$LskfZjML3pHKxQ~o_CiIQzlyjAnnID4QdwI z_-dYzycUd&SN|F@?dVr+f8N~d^;09J(2p!i0@`OAOW0A}+T%0wCe?axMCs0Ma!Fwu zH(gZan8D?dASk+N3`YSp>%Q*C-vuUECQkgy=Wu!4;aNwQfsjCffoT!2Y#d(FA{ za#o?Hl8`V1a#A>c$UsMzhswOCL_V<)3m4g~SzJkjM`il6U(j{0J4V~-q6qbMUiW|2 zzK8ao%Nw|VDZ^aLsU6_Kiubur47bPJnp@R$6niCdi}@AIY^#NDa4T?y>}qz>!Xw`B zh?omu4zFcRzkCv+o*~~O++0@gD&K-CZ~jcr70lrCYhy93Y%dF7kuD=dn(|JlKn*hg z5Z!qs?w*?AXO`<1cWu65pl)duda#ut1^JA=kyhov!&+eWXJ%af(Y#QTk+Xd@=Rb)# ziyJQ4&#mLo4>^4#s+`G7Zv>gu3&9NkfxY~?_7Sbb=Sj(%xB5JWI;tdR;q753pDXbV zH2Ls^G*p9{6%p_&YwG8qW2aB3%ipQgP}kpJvc59tmye@-Llx)`FYik1BLJl(K7=z? zo5T`FsOGi*773^<=J{D>T3?0@I50$7EkBK%A4k~&glC9UWIN_~`u)IGrZ=7F%#r-TNM%!9H!*k`x4io4v zf+!iTs~7FgE76UW3(2kOx)ib`R&y-K2l5@anYj zO{xt^-w$76n$-~n=R#A*1s?W)Oyg)hUYkBtQ5 ziQ`>?I;pC%v=eps!@6HDv=y}_gBuTJj-sX=MC5*ocOJ$!Q5}8=W7igJoc>wW9_hI3 z)`e<|)2HZY^y~zGmEuM?3!MnXuKb?&WF=lK%W%7I86LR3USus&*=*%@@N4%4HJ#Tn zj`j2s=Q%Fwzx9|ff342$***EK-dkvmwbXCcSi5QYpwB{yB`kw}HDR}?U3i21em}rL zg7`FoBagFR^KJmCO)zQg0xs!&)2cJZ6igbSL<;RY+)#!x=!l8$QQ+RX+Z0O%ruKNE zr#Y>*(s#ol<{`6N>JE)s`|iTyB+iLW9D(Md8@!kluIf3!^{=7W7@K;c)};LqPE_Z< zE>R`mFxt1&qLl=Cch~2AM9dZ+bHD=HXe0H2E=hWm9D=sJx~qk zH96gx|BAhTNR4FFY+vuG>h=0Y(`a<~?3^mDhrj8GHHthMVDQjUm9da`&3fU(=LBU%Gm)_-{OpE#A!1OhMMl^4$xK@B99;ty{ zU&*Sjpu>T+hdcIZV=~Ma8@8dmZdRX8NUZA-ACDM+*^F-4{tDT2{=IRF*Q8uI2n*gs zu=}&{`X)b9%+)AYKd_6l+dU0TeJ%KiZggTTw=*Jq?2fO$W(UtV?Q)0As$ylxyJ0G8 z7I2AZe1K)gC^IG@zR&i$8ahBcy5RvR_oeN9D!9F!=fU2Ok6^MHUI(B5tS7wrb=zIO z#|;{{l$MU4c#D06D7k@r%woo-)Tk%|f2qavjQMxg8@JywRw7HZZH=gEoVjgj$hFud zvrWVsaBwWTE3IU*B%?IT5NYUULplGn*Q2a~Z@7}fU%D=3v zJ$ufXnf-Z_PcTwCJN<<1I|T{zu?Z*OXb#dr392&Wi^*zxd;sPzbqypHk;iaU z_Lp;D5_u~4Tq{<2YS*`4Mw^=018-BR_dxfUj{0G>E&}{CR5dzCl|a%hdp4UMo8cuF zjxPzd&A-=?G+uyJ-sRMil{_c94$d}L=fnZ{qo&P9Uu@Nz+hX_=S=GJFl%5Q0*nj5# z#jSgp#wi(^!{wh%(_I+k_ZK@x=~}WA?c@t5mDTQCi;)~6I$Xq7w~qoM(1r|@c+X;i z%nVdeScXWeO|ir2UVTPwUeEa2{=t= z9REWky|d%&$$VAh!j1$Zjh~G}DhLT1K|*EOQi8c{C0EUOxmZr845g)fu9?Nci){)7 zwT}Ht;!T)XTR!%XO}e?9w3;)25`+N9iIc8g1C1w76d(hr0|9MJR~Nt{8j$j%gZ35QB-W@<@&vTp4!zSWqjWq*c^)z; zPqafD(*0oxZ&i2uq;p9Cds!AuUl2&*h;z_sraq%Lw}XrnKup%cs1itcP`rD2NEycP zM+lP4WRNiB#QM1IQlle>F)27(=!xoS_m-NL~7|RYO0tKOa#!mp{iQ zFsO%a^mQ<^hQf3-`+M@JwAc3?|4M0OG^Ue)ro5!i6YZ_29((qMs0YfZcvPBK!5qa` zd_gXx@aKh7`~XQDs6-4hnd9xWInof-E#OR5wly4fMvWAe4e~8tNEfrf_GD-Orw+{5X&+n@#y+o3Caq$7f$f?HwsH%VQB4cJh0b zgxR5`KljFSYa}0IB{%IMJa@w9@u$Xd3q`fvhX!mHZ-=5urZ~n;!bmKyE_6kZc_GL$ zl~y+l(MS+01}-^UgA6O%z>m}l1`}={1c-~f%I1@uri?f>RCo+qXfn+4YtiehDB z5PYhSuy?9l&T$uLMTA%xr`VXh&7O_>Dnj2qGJic8WO;e}K&){pD_vnbHn_{5R|Q@0 zr(Q?C5{%}MYpoZOwa;9-OXv@GrYo_doN2&-ys7hukaxOM@&)k&6j#*;)n9|vPBjqk zf;JQb+Vy3DwyW1Mwjt^0-qU?4K&;U6ZoQGP;FdWFet@uLT zZos1#!5L|}xeI%JRsGL0ot(7Nrsc1}$;x1Hu3DMdKO!rPgXYYnxmfjrvYZCNOj5v! z3f!oR{XJ1#?I(m4;FdPGismDcF60%cWW~RrLzeI}70R0pj_nO!_0~Akby1`5$ohZm zhtp)2mOTiKx?w(rj-WtE&gRuiAM9^Uu=uJA;jtEeZ#gK&FP();SehV@< zb}$M4d;<9f>lQCFQfU{{xe=k06^v^P4e2etw-7dxz184fa`mq&G?E3@S&Jz)@H_9P zEyWThK|}?iL?O;X6cksYC*d&AZpKMNa0P7eirdSzrtjCi?~N;d!78owQsr6OrDd~| z-j;*|FOlf*tmBq#*|^(@1Q=3?zNh!;^cBFN1SSrs+B_KhNF3kS_tdl+w%%ApF7@Ju z4Iu~3V|yAjAp%GTpCKyHQa%Z7!E0fiGnrPEMJbHMXr|+|HF{3c2+L%6=W+FTy5qeg zf0*6y$fda2T|kg7!y6Tv7XBsxd?JWb_|qpq9vLc-or3t5A=wBFerhYp3HwxJ z3f^g&CM{0QA|EtL9lenVK7#55kclr6;^*?&zRdU9^V&DrRj? zWJROd$S#khzTby(M7MzS>M)lk7a8C*!QX8?j;{q)W^49o?u^HH*J{P$-lY=Psx|HPpR*Edc1GjWWXKytR(zU6IH zzHP4D_x0>CGSz2dJV$pN0EySqoZGtLxUJ`qRhZe<672-jcppD|d`$Lm`_ORRv;|};)1TAuRyfwszMX6pQT}F}l$@DObOAAGnQ9{t9iY_OPzfDK8TLEx#%fSSM})lzmxW)75GHe)9o@Ji zG!0Pm(-5-V-@Z-YiVphTca>AaQWr~t39##qDue!T$jX%~aD{6kT+S-pd|lcMavo>L zWqmAIwWI9kbW#k3l@LA}j3&$w&@Z3})b#ElC~S>_YluH^AOMcUA>s$?g5;p)1XRAr zq8mLHMh7S?j!LreM1|(2+J#z%M@0R?0R>_vMP+BXNIQ>BZl+NvGfB{3P&%9L*r*4w z-aJSnY5>gc91wT4Z8bOq+J%nO%=QyVO7f|U%>O3%+Y%JMcu{;o!JmXZzO!Xp@;H$?E!?R6pW7AM|Mp3hIuk$}PD3y_T~91v0=!&A$C*-7g|uIg5m1Vh_8J4R*-pi71?ntYqSmsS&&O#bCvQT7L28KSpoy371Yv5+$R_FdYOW_5AMq z@qbPAO>wmo7qA*MmxpJJzVR#LFdR61AHP!9V-Jn1R%;h&4R@Y!RYvI>8;};phCu4M zrULpkff?csyB2$;0Hlzdy=YfO9=lJjx3yr0&YZ!Gx;V?jBCJ}T%K>3KUHq~L2;e)7 zp6A~$^g|!H1zYv=c4rq3T(NrZ<9xm>y)$hh=keYB)@9WHzHE5`F%zD83RmmUheKn| z-i=UP&VMGVdyd%wg3uuMIWQJ7uk;r^C-ZKiosV?#tEM=ExRk*1Jgnlt_KWQoQ*qMf zaM-%+ZK%Wi;j4~M>%RU)EA1`yBk7gMx0*FvZY*so#uXQvEhkc~#SVbFs8<8$z=lZ7 z8~n+`U=p<$t~^;97f|G*|Me&Jt&Hl21B}x30#j%UZ?r6i*}uFbMEK_l+nX8fK!_rM zVNZ$GB7oJK-6B!&_JeQyPh+@=z-?)>%lVoD;1&m(=(?XyG%|M=~Skabps-9dFZ zyYjxmi<8O-6;lz^x5a`SAC|G)2U1=XlZX|e^*BpiN^StLzh4dAd zUch6c&SbzjSKu)iqAMx4Y3eVFQnuJKLo>FMu0a^ZC%I%##hC5E)ZgI{H4P^vii<64 z@vpEUS=-uJA^*PqY$BKgVutNSgbIDG^wl*Nr7h-p<8m@_?zD{Gy!8mi{oS@A3`tIg z|CLso5l@zWGB#~JR7c&+f01w~T0k)uSORI`t*FyI#&_pE6i3W27m7HLTkdPJ8d)2O z)*neHm4IJ?*<0({#!fV!o8wZta`Um#LGzObdH+~kk-ZZTN%Ozsuy=0ml7l)dhxC{O z$VD9=iuQ~@5+*NznNna^}XGFv_ zF3`T$C-ZPSP&5b4gB&Cq1S1MiZ5b80j5@sFFLh)aw0J-37~ICDpgafP063R*=ng7! z%p-jM5Ay1JXua;>wVy9udox>H6`JaaK(<61p5p<%3!ObB{?DU?{>>#M2AO^~O|(n) z!asCxkUTL4*@XrXNi5QWSXDFV`{oJO0kXE-?B!ls974;JKk-xnQ|)@7ds0Y;!$e%C zuet?Xs#FToE~lu5x|*30KF8DIKJF$F-br+IH3z{|9(|Jn}3HB3G&NTWazLw7Jg(=gM=BA zP5L>_4izBrvW`D45=54Vq(F4Wi*uj+j5?$&?`{8{KeNYx(jM3ZIu=4XKt)u{;AC+= zexRk%vm5`SP0#I#ZQBuhrEwWus|4}Av--9Qy!Y=FfiIWHsb0MMx&9*SZ`>`WaUpA< z4Cjs_JL-Q$ChO3)7vnWjepB4d^z`Nx7=k=>*KFJdOh&BJ!<vM`yMR+t5N~YpA#1Sfn$a1bm0Zln1$WI>RJr~FitF8F z6;qAM}X$jku2Izqcjs$VxITM*iOAUAjLmAGtTxmg;~5VGIYk>g&UP`uoZ* zxa|6#(2AnI&IHjuKk3l~K){YD?Ex?%iY=R*d1Ou1tTxo!U6YTG?k%+Ra96ZGji>OR zDai#kOwZkdVWwD`pc3>DTS)R?f3axv@jI~pK8_9-O$;Lf(y|GWUE z*pbFy?EXjr1$>o*;+%12B&>7A>^g@31t|J@vTLjH_$&sTDa zD=^UYfc5mNU2#VdjP;W7IG@y_xDzveIq^aAv$ps^izzR*>xTda#e--`PwEV^A*+BL zcPhaN9|r?lYs5xWTr^O`7Y9Y#{QRICnh46@sT_snd(_Hb|fg=m+9vy>*6JTvoV-$ zBAz)HvSF@Yw+Oqo>PUo4&oPOw7 zu6Z8}voJKguZA<;ZBC17ue+QA-?n5OwFBz&77HDt*<5)A@Ds9ZE67ftDfo{#KXxPA zQ?;L(fO6BQm<1crH|I|SqB*v_&pJQ9`>v348?2mUlJ5ag7P$E3XYYpt_e9h()Qg`d zjD6cw{Jnn`UIH|kkJ$Mq5rn6jC@J%-SUjLCM(-&lr*p+ur&%d$O_RHu5=_tlMZA6A zL8r)K7koV0t$M$x*wWn0shRA#+Ou;QEtpTbP>rD^EtIbQ?UmxM0+GDrR>`CVrElY^ zPl|F2vW3*Q$^4=R$Iw9!Kkb!oBbmK#H6TdvSCf`mM+q9_Fwa7(Z{&#&`?9LvtZw?L zc;2{1eduul0hIXozA8;oa&>1Y!OZzr>>G0pIhCTSSn%J+EpsIf{RxTZGN&KFKZ23S z!`y4JzE0#M}Ndg=z816V<5VdTSBV*5x6t{b}IJFvwjQMrz$SQT9B}iqMR3}O&iss*`@$&=CDxxI2bvqT&HPd zvI*J_Tu<%)=+6}R_!1wn;lS9xlo(gAmf?W=Bw^HPGTMs@X2)VGM*YH|#Sk7EA3#${ zMJW*&!bt@(auWv8gEn{~xftb6^^?VvUM+s4|KMZeapRm#Oky4wNL_A^_U6m|Xsrb| zgMD3~NCR#?-yN5La6&(?Dt-3Z{VrrOqQi2rN0h$f!1F}{9_7V@9IcZ7VrzxTQH35# z4YL-nDFM6{hI9a@swrK6cEa&BlNg|Neep;7pLZILnAVl*Pm)V9Nj_$a5cOchP0Yo= z6^IAK2fJ*IuuD`oc($L%5T+Z+YA2kjy_K!=b{(kdy`IlcUYWqxx{#Mnigvlv~_qrFqn>#@+j6``A!44c>8I2K?$DF?n znN7z2K8i2!KNLE0rqE@w><#ivk3Y;k3y&D0yTa+%qz=x{*Zt-l#RDKr{!QJ=$gq>` zSIA`d@Pu*WXFm_O5x9%cfhgx+YO8R{{ulDTKbym4ePc8)gC7DJ)5@~F;4|Arr zPM7sA7gqeBQt2|eyBD@2h%tZCjX5m$92JB5DOa6Yz6t;Kbsu22L`nXr@h36iURZO^ zkHR;>MkZzw9i>c$_!#t+E3XQ_q9tLti>ly2%7{=EAFikx|DHFD<^GxHEZaD^`x&}o zq8Mp<|5*w$Ns`>AcJ_jnt`%Av+QlDw1}T+bU^BrThPvwa^>~)0$blY`oT=FDt#E-oks9cE(RGb1#~ zznXZ$x+pdoAnnhjJ{C8UHm9q8h~hcG z=dx^~QJoH?3QsoM=6@SpXj{BNeA58C*x37+v67o_wuM7_x{2vDOR!_W?QpP2dzgMEC6idFqy4 z&%Lkw?9XZ}D?5^#$CuOCG2=V zIUGeiz4q0aTC`l5j$)wxht=jb0ut)_X@0K~$U0 zS6lnLf9jVDf@j`Qmz_JUeNTX{YkLMx;+SGNS6zpefN0s{q@n+${3i=aW13--A0&dU zBwHiE-R`mLT}{n)VS`cOwLZaPCtWlMsw6m00jxGZR=2StzVVNbDO0#KdI?M4?yt%% z=0XabKkPj}{P=L9OYV!#yRz>r1lVYooga&^#KP^dON9AM{Zy6vOcj$dnlqk3-_*-+ zGim&oI4GN-`wFO315AMsJ2VSc44tdZCRu$-bND@!IjX*kV@6Ss-Kflx%XY-U_@s`f z_z~s%$?F7L%1ug##`&cQ&v$hRZL|!uhtkJ-(Vp^-Tas=uxmdE`?%>4U>L+{X|AQ_ zGu)L#ISGWXEZ>7Q4942-5vrL5DGv#5NbJ{zzr6!eN%$0yw z>WGJxgA>6is~%vL)!>y+Y@bzS55$GBGflg2^vL|4<6i9NkRe6(3a<{7)< zTjVVTgmHLuSw$yv3W{i6dHx-YLrdRUnv4jLFusU*W%gI(OlC|Xs-nDY=yiXQC8)+T zrZz*L%(*c};@5g+lP`bWE@!W@N-#I(aa_r{Q7Ilvtyeyn zpDJ1c8ybLLUCMnDk9M~(qjMlri$0N`SXYd-|HhlB%t(%`oqs)clK_bLzg=LHWwb_( zcy*TMdFdwB*-cDrF#)@Fk146=^m*u5SKjYk>t-%UR=3jzkW%HLnoH~*6*dM5q~h&D z5QU3#d}8e$L;tE3AZ@mBRrk?SOy$8@x_$C$_XmE0D7(Zo~^ zLzX+ZJ(o~2We9(A@0wI=5KPI)NHU!KpFu}De+kKgumSOoy!8H2-VHHi(168)j{bs< zg5r^(f}Nb+k6|o120CpMiY)DDzz<$CdNQGJy*0Fj%W6$eglKHnESD3N#03#RB@DWM zHXW&B9H+vqN(U>W_^KOC@qY{xekQfjhM_#P$O(*r~vGrloc&{7b>= z*EL#)*!c|Nz?T2*1?X6lx*gHYHs)4Ggq&gm%-Ssrd<|pFM|gsqjnu~pFq~@2>6Vei zM?Y5*&8qa;&@Rx1kyLJhts=&Ce zz5uTyRdPsU)I`g!D54#v=PhUD(MXxH?q^z*`<&VA2hsaz>6D%3BfTS4jlEVK_tR(c zrF98zgt2c*D&0uA%`mo#jmdFjhttI{)&N7tA0h44mz!U>=#Gi9kEJ+7hu$yR0Kb$@ z_lInI+=zH&q)+bdBsRp-9m3TQ=gurv**ltpnP!>#mw#DQi70(sppE!4S#wga+MSq~*!aoE zLHj(scjM~M;KXAn_|sm04a@$t!KB@?AzdTi=9-Zj3qTP^VP5h}2s4}vN)7S!de(yD zg(y8#V0o+z6SRQtBnVV-HR( ztBpZ!a`PoUF6E}YtZh6s((4yDmtS@+zn5hA?M9!p_ zjCiK5d&Cl_$ODqUwjWe)#iLc`YdCz;8RR_R8X>T(GA?z?XIg#oTg`?78W32x8Z$R+ zqf-ko+bYl<`6a{OxH=Dgr={H%`=O?}FIw*0XL>pE%|c7cP_*k8mUSO`u#-wj-%v_+ z<^)S@4iFEDoF;+wS{quFSCF}uOo{?`ywT2 z@w?bQ|L9ywh*{z?`XTJqs~vQ-;+y(aPePuHG`vvA`wh#&_ZSclvFk-mvo6&wEM26PqI--qWu^BqAbhf%c)NSMp#-U^6A}p->!DTI6npxgd zrexljv88l%2shTedPbjdj5*z}G)HtKPtA~xD_OQ&GLoNeJv(wkEo^sNjI^_eI{a`5 z4bqhPyiQy--c{Cu-+J9P4D{+QT-`B+IrQ)p@1wF8!aIt*Zhg8nZfAy*@h&R)w>Ax6 zn8OIaPbf{uyy`S7d?R8Pe&7H0o=tuB(bVjIy4bbQ%`+1KKdoc$Iyt2}BSONrQOMfl zVtG~4gJAeh!E_K5kYe+O;ld1E9`=#jS_{dGxxs=RV7kbtRr76g?`t>(fXhkDWG9xd z*I8vTsE0Xn-bd}(z7ReojqEdiW!L;V=j$}$`72)4=TN zMxT4jv#EENsl&Pgn@uTEOMUTIIb@!*lFy+us}1ITA1ze-x$o# zb{fxY?PC?TxAyk70|g3`{ibytjW~qGi>~usAe3?Kr}{vRA-20P8*#FLlO~T#j(Fbj z&;CMC0d7cggIk;WkAE;AyXwH5T0NhZFAvyL^zUDBZSGY$mXKqKD70 zd0Y&7dXzprS-eLoQw)J!US95Rpn%j=Z_j002}Z?mTI~D&4k}lQLJF}YZ%Th;z)8b;R*Y9s>RL4OCm9X9 zn@LBb?&x3)GfB2x9}6B;Z47;2Pc}fTPa8D6{OkJ7aqB>>P!z$ab$=7~Ch;GL>wZbF-L_;!?>yNK`^l|CW5}e$_;=k&*8!^vL=ASsdf}h4+ZY z?|02~p>Lk~qZIV{Og6d8PdO&Rlc=zRHa(GA@%jCs8TEk)&d`jPjcHs!XKMs(oA+=v zA2ZQGU$g2XawBbja z5+UGJsh`pQ&&k5<%FCo;O1H#g;@;^XQzHwAtGe?k&?^b(_d8CcHt*X)oS zTfz~$;=qGgz|6h^A_q)huzXa1WRSi!ITDD=1on^*pD)AWowp<0FYO}M2gJwjEn|v2 z%<}{63w#f&e`qW5ft`e$KRCo1K?T6#KlquTCe8&9pKm35i8+qwa@f+xwbDGidBE^h zl^R3 zk1Ndj6geTj)W!}IC+-wqs4rFN zhwsc?Ukij`oGmmM=(i=hMT&wA&CFj(?$XrAz1{)bmB?^KizuALg}8}@Yl2;?ka%f? zr$4Ow_lK<8b;bT3%iM0Gn9npWzWr4Jbo8)in6_~85Zf|w&X*O=03tr4wwb37T) zkYc)}bsU|~#r619boP!Q(bPXN;4J6Ki80mGE1X6vx&rlPxeBxDUx8`5D$*jfK0glH zl$XhA{wS4TL!#?-vlV`pBLlA%(~%p(Y=&=UWnQ0aZVz>}9FY)YcghRYs?d=JhtXl4 zgEtCt`#!^OEE!3^gbBJ&j(73iMz9;r$FsO&)Rc(!z;sGZ{cIhuz*#a4b9t44UJa^*bnZ}(bvT5Y{u-izis{aV7n+FW&)5|kFk`mFy-FRWf4h# z*O*PcUH;2c>(#A}OlvavMDi~u*@C~jO9k1_cLpYyiBb!0L4*aDGo@X}xJNo3c$G^leF;ab&P`2`2iAyYnjF;K!!@Y42c$H(;x zmy}g1vly`DAwXk#{d!=Dolx~K6QL=c_={`LM+dDM?~T9jCYjf2i6-AAuBWE1N2}0u zF(QV8C051E1D%uROn~zD04_oJ5E^lk;)GP|pSC=K7mn`Y?!Kx>IxgUI z=~icg$wRDP)S}(%mCXRL8_u7@)=TbGoUZ|*EF10T<1uN<(RU!wDZFGmbhV+RGKqJ0 z3K82PXl{`;);m>cSpj_4j@3`6hKK-e8@RqAw9rZwz}AfjG6>2%PR=XRLw2y+csU@$ zYd6Q%Y#lI9h#GKMlHn%gq!2_iRI@;>hS>Kh>|^RKmi>%Ke3{|7L$!kn%j5pv0BlnR z$%Jb9L7`XrOzj?C?W*&8Puqm*)|MCvLQoxp6ROh>YzH*`%r`&!pR1EZwRH3UyWqU1 zN-8G{IJY#;_Z)B~Mga{!Tg39ju6*q=h>Jo!@(OjmGOWa)n;28YSmepv&#^$SVA6tm z<*FL?HeC_<3g%i=f+8C-KMay-J6t9eVfnHp8=$r@4ht(>Ez|P=1=6iwL_S5grP*Bu zc}>cIQDrn5HLX#?gjA9;k#>~b*6cVc4BY7k1ECfuF7_f?(*}Ld?}SQ-44Ebi4sS?SBS6C>K)b%J^|UPvwZ& z5+XsMa_a;vmBMjs2#%6CR}ZB#H55R5e2{2YZebVr;5ed{+ChB*#Lp;yFNiEJcw>7eMxDCR~566T!A6}Ju&QA8r z9PJt9(>C9HA-_f|d^g5l8akXg{v*`c#LC2XK;wL~AuqXZtDRkm7T`em&8D<)nbKto zx00_eeoDD)@KAszCe=DbEhkiO!6zMDlX8U})MY3xSqw-^NTv&%%9r3@9%FVjxsm*b zyO5czEUlCv*zbp*QKUoy$Q$hPgNPoFXsIVLc+ckYs_^mGubkNyp%gavEee(KEG9wb zQ2ivDrt6W{4Y?%9Cdu53)$)0@$0NZ@HGCBfo-oD{CTy%R31;1}na{7j1thY5%@a>0 zsJE4lj5n)iMNGcVy%Da9FgiK^5h80TyCwWVh(tc4?cQ| zELgSX%4dgCFRKeeNDb|;z63j;p`H04Mv4K`lV3wfzE$GYow#i%iJt+E!?Vkcc}H$- z%r?UXWq^d;6A|BhLU zC((y0T~#29FYO~08090p-%{KEa?BU4=yX5O5ItNB7=6|-Z@zqQ#?m+%LHvEV|J_lS z3RG9+KH}Spo!HmO2g2o7tx(2oG_wks3F3G!f&9rul2@c?t z;OLIDaFyj+=)6{d2O7ZEH!TG`RhkbERKAWrd=BLWGrXL{p2?Pp z3bQ?rAOY!H9gBxZTU(&vpt;y1b-rWNiuv}N(|*OQMXHx}Dgid~X~Sm3tg5OBh-;Y< z642z@hd6dPNa9*xZR&d-(!6+RO_gG+pk;T5sxWJ)wA;ln;PIhr|PDQ z6#AZXB_RlY;!wJi`9RJ8uORc$cYyBys|UvE{RqC|XT!}bYBKZ`y|22L1Y2I?1Wchf z*M15D^W$}z-2J@_P1)PYv0?na;8~bqBAFoO-%HV8-x4v_Dqr(j&X|o*7C(5%gCF^A zXvql+eY5)U&5uFBDJrP0GUpg;AJa>SNuy0s$6*)D!g@K<5`K$PBh4os2gJoFL=Np1 zk5pj}k`8>PurOT$esd~nJAr=gvCblaFt3XK(KgT; zkqJR3$C&;uYVTHFtDxOE#E+fV&G4MNx?#N|)VaABh~}`RH7R3$dp5Tsbt^}n9=!M; zDwsNp4#0j%-O@I``w%FC4Swq2-0pc`CKCgIvIq=DOrR13SN4p(Xm_F0Rt(*~ELZsv zU%2`j+%=0Cvt0`_&~0UOA*lR}x}eS)nOm11x>+-?KP~Mij<^gx%_@)1^#}iA#Q`YZ zYPpWA{E%tYbkm9Z_BGeDR-XNjNyP0aEdQZ<8s7$<(VuE$;K5%Ayi1Y3Eddaap6&PG zQ$P5jLR%oo)u)z=FmK3fP}u|=Q}fpYTs1Qkdyww4fbY|N%pD}4y0b&`sOvD&B12UB ztaqVV>__05FYL{cn0a@GrAT$HUZ0GUO6@2?;&2e1{v}rH9KE*@U8?){?;9c$Ic5>k z8(V#wE+9HY`F8>xI3jdSeA+30dCcV%gsIe*??wc0u=0;;tj}zadNQMcP=8h>mVTnx z6Fll3eq=nh!8^7WMF6#acQB^c;HEeb{`{rp(3-R^Wje3pV`s7Ut`nza(pB)5sdK(X z4F`34X>~%Q>7ez=t9qG2Ukcue^y>Fe2~X6o)yATso80@Ri{33aJ&2$O(X!QFa5mA` z-t#sT*828}GoJ?<=M&4=VM=L@BUDG-$2H&9w9($wi=pF2G zk|IEk2YR~i5U#%K9nq@IhW_U@{IMmtAAP4-7zo0St-p1lyM-g$|7R6*XJ^c7$(?QA zQ_uQe^AuPhoFM0#TLdT$*=vr=!F!9!>yv*VO%r>5y@>oT!koWc|Jmn+6S2tM_VInI z*|P}{8HhD@GG$x!<{|(Zhj(FaL<-~IVM8uGm$_Zx$N7_Y_v4%8P>YiR(PBq_;8GK< zl8=-s&_Ek5m5Ie|OU}x_6OK4t%G%%}p2SGj6fo&(}9e5%K@x2Xgj%D#Ub9?0zF0WWE~L_ zpL1fbv$06KT}}fcu}Qwm_3d1=VXe;ZFUbDRk5faA0zr1N*=XNeBUrC$h?^9|g>h~_ zwWnvhgL(|0)D>!EfU(OY)Vn(%Zb2H``e58h`FwjWWk;?3ptN)4F8eD|=#8|XwX8db zc{06Udl8v&5ckeTLxO}tGY*)~1kJ->p}=TSzlP{ZB!$0&5G_IG zMBZFqYRg(DgQfRo_PY&tSSBK5i~)0X4%H#sDQkoM1XE_c=;1d2iA-QW%$Y#CaF}Yh z#*0qlmZ!wv&2F`(T%l_sXII8x8^?G72zNO1u7Kj*X{4;!zN{5!UyeGR%N7&p zHr(|n{@9pDTXl3+^n?+fHhlNnvB`z(Mbg*qa%CuU_*{GfvBRh(oN}fniGAmNJeI6r zD`l4DKHjv+GKCQzo>4__l$CF?m;YBkNKr@+w zQ1g+&#Yc4CC2v!OtVFwF@14ZGlLzGCtlPx=ald`up8dP0M@CIV03zrW#A5B4?MI78 z(U9J5dyQwx3?xq$i17T=rR&uPQNZF_RM@dWZ;jZJ!zw>t9#X64IbRvRh|^uvaqvXp z>OnoWcv5?R;LcJuN$zyU1aUSE0*<@8JMO9c?`7}2G#llP!3dL={`k%A`b(%Y_#^=1 z((qHu8SbNj$b(ELG8^*V!Z#R86j8(9*I?{8EkK}f0w$PhVu;6!oc}GEp6)6=!*=O% zY=Y<>m#($7YDaTkz4Wc)r|f&?X;c?(ECGe)h!7u7kEp>c%q&lrB&?_M-~C1&91bgM zV20ZbHd*UmkNjCSh>b(GN;dT)W-dlmOMt1XdkllXQP*rD=wn+?lLd9B8ycu4*5%7A z@Pp@bFf-sbe>O_cqX7`sqwzD%e>|U&9L%xWDN*XHn!Ru*jqw=I3zwLAsRkFUvQ&5B z=hvRZIH@f)w&t$X=mIsqPd#xhLRZED>bHm?f4UI&7X^~gAZ&hLNee_7TLb;gLQ}oH zGCfq+J+&QmF+5QDCDrV=r4T1(4P0f^**9dzmthsZ1;} z?fTImA+d#hho0Bnwg1XSvOZ5WDC+=OOFWP@rebP(@RmEJqfi*=74Tp$oy(UP_RRkHo}0nk-48!A5~1Gig-8;av-A37cEkRLSba_vwxuJb)2JAT!YHD%hFFTcwsK z&58Y?Bw+K$wntDXY@0kjbYok1{(9i;LOcef-Ix?C-l4#{Yxl9#I5yAw(h{YvThm+i zOX`f^v9NurE)YuW%T#1F{0ctGm$C7@VURi0Dlbv<@_6?dOf~ZNr&Hzv$4R0yu-f+Q zv2w4uDQxNN=R~6tz(G*MowRT^&5ZY<%SpO*)`|ke;Q8?lxF%YYq3DNJ*5#{$@7Xnw z)hQQk>X4Ht$=5%>mw|4F;)*(?TOU|ejbP$6^*c`NRM~x|nKaxqm0InT4e5&0&95Mv zLN;Z{0L8X?uhte#%i3zx8k3yrc-Qz`d@Wx21*4i*5Qf0GeSyGnX5upVbWyisl53N0 z=k!MB07-Q%`oq`kG94;Up4q6;m*6VaXbfJH&huaRbcqatJN zGJ?O)td9o2S37ZeG&12f54WIpy8p21;;uE}pYZJ(x&11eJ&CgP#=?fntoZ8tH<-8K z1clw+=jP`Gxi5WS%#?;W)V)VKw^n6?@GPDu!sU`Z-YFcD*bXg3kXGQsemMtE?5c07 zi%ZsuUJVn0v1XchJ%ti{#$SW7#ahny z_Z!QItxMFOmVPajTv$tcqBlw+@J;`0_U*70Zq(oy8%ED_esU`r{AW;^)>YOyK90Az zh2ngY*BX~DFCW-Ak(S8IXQ}v2ZfiTxp(w-NmCQr~2oS31E@nw^vb&A==aa2c4cyw5 zb?(Q6FNS`%OZKJf%M$L6Kh>90!yYjgsdQnHPX~>6eLh?l$C}S^0iTH;bTNk=O(uEA z#_|lJs$=c;(^s0bzKHki^zP9KhmJqI`Y5)49sTyNM#_%6Dv-qk1Uyial>%mV+dccb z#TdqlNuAcWbSa{a+wqLr*|AVrR68ZyLch4hs*`>Xg=wfg1fW3GhfmCQ*sCHt2D=B> zrr2`H+%_{m&Qc$&J36&fNdqZ|0S~T619=P9q3TAp6F0s-jwZ|3kA+9}wa^RefZ?i6k4>~+okIUrjn{jrPTR=AV`OvPUh%Fcfc>T`|q zL50QvthmS4RcBJKpF;8_{%)3`ZV*PkA-AQf_Os=}MFx>L$jRI`3rnc_Mi{=`_rzIpb%l`qd*434 z@8kW?{o~%(J+J5Mobx*GGh6%0lxE&v$OnDdkSjc4%D?Wn*nJaiq-MJ}ReQTd?FPD{ z?NR}1;KN`!d~)JOmPRh~yI9CM83JdIbT5BeYsb1txm@F6wQ{f8+C9le?b*QkuOfk- z4oMg&{48U0K`<2jI=9GQPmCOiZkP)=5~{7Xcd`3~ zavrDG2wA1}HgZ?S?bD=l#{DlBzz*%}Dv4odCxVxEyxyQ%>N!tD4A@?DFUo`~y$+`U43CO! z8DSmz?v=kZ`qKzcu~tj7ceL}sAczODLE>Q5Nmfb520h~RO@u!A$`2uU=QBVZ*p6Q2>EtQCS#_}B*R8#~A?h;Y0 z$txnZ06r{kV?;~Z$LYU9j-CR z1$o-p_Ey)VF+DpsV zZ^w`N@4D5k%Tfo!UI&t((PzQw=BNywXVDEGo{4+XF2_y1CoGBet{A}OhaaZ`Gp=htcUdHGDH_F?tAt`1vyP4b6BB(vn9+reoNKxfiDg6x@AlV)Ac?0=JC?-5e|XN1QjhrS zbca3{D+`2dKGZAOdmm1+SoKE?kP)^GRETRe5kw6S(HZbCV@j3@NkRD0VoVyc;T4Ll z-4>i|y4J>tfNCcJM6JEySo!NmA{HGA2*;S!5(_*XDQD_l%&j2i8U9XQBZI`Wv^lw+ z`XovF4;zr?)Aa5ySEt975HA&CnH2N%*h>*!Xrglux0M*Iui@h~7)uJ6|8Ai+wE2(q zWYahSaCntlTKxbc#iTwnf9;^u8HQzNGgCZa(SXlnk_y?#3|q*nZ7wj=^UIr;OtT%v zoIJ8F(INL{sF6>%M7}3P3x4VLxISWqf!2{)H_$YpSl?mIF7JSbGj3wbk()$tBEU-R zMIJHyPp)NIw(mx+t=D@hLOoy|8YRCN!QK<>4>k;m`^-e2^Ot#8)hBZs`e$5rJC2MmCbUff zkM<`<_x1uOkYLDq`p=sEPtIJVKam?V(D6eCXKGd{(A8xN5>EiL`-u#MEzr6Jq5{`- zk-lXv;G3u}Jrw{zet^~dWrGJ$gntyG2yII=w7aTX9STPfpo4;b+KUoHIuuWQo**VY z&z&3|pHL`59~PS56O~+0g73{qa&Y=GfGOAvafIA*E-_@61kAeHv}*#y#|4uCN5*f% zHmiU`xqb@(6U;=7n0_ms4$dd2vjMHLPy01bTf*(@5jt04Gg4#yxh6)=pw|C zbNr7SALRP}O8|Un7zqFD>6*P#F-Q`*8)R&}6GVieWI&)YHVp*vOQrBx!4!B1TBHGv z-D8&U5FZy!M(U+K9h5?`_8>{kNJO|gG#-|7lMvnGwzjz z5n>DxWYv)X^VCkDa;o+XNv#lu9~ty0z|Rf+cu8BhD*5h2UNkBMG-=rTN)cL*+~r2M zr3yn)y+3E1X>i!!q4#63?1tn75NL7di-Yo>0ey1x>#Y~}a6hHM7(HAkg@H^k$0@lM z6@!mpEcpL^6N&}PNWnml?k^Z=ypIPJMqC>6KG!G$I&;?_5ZAG z%g+0g6d0^JvHLEEF~dzvQm1~mYB5L^e(n3B=HV~kMd$(KoH4RyZ8#KMzJZjJCI7cA zT2;&vApUI)f53e5QHcbI92lq-%;s8VC6;x5y_47Nx;n=&Xzc@*d&l)4YvIw$xdVF7 zyZZe4kHSn|{`Poh=ho!;+D7F~2j@E{9jWIu?|HQb9#G@=3X#>_8or>Iq>!}``oz0? zMYFf$&9hx5JkQ)Cb!Fj;#V$Jo`1<2k1 z4ir3)P#E1r6u9Jo!?96rGM-cF1J>k_ZhzJ9!>c#Z4=1#ca(s{w9!wHG!YK(d-n5ed z%MrSV0!oE&OImqiu7LdvNV`7soHF|TZOgjYsJLWx((ktMyNo!@8I zzlhP^6<#+lf89jO9}fSb{zaz*y?ACTtF~faqGxHQ2~Yw&#;gD>gFsc8>dvrc4Az>g z{pE;d_<>8H&C?qjJ^HRdQ8T+DH^z$QJWJ&ygfS7)9Xs2-7x|kw9P6MA&$Lc|9)+Wt zEdYi0YV_x~@YGu!gi2G{u$=#YKnpo7#gAO}{Tf>@K9tu`^wpV%y3rkN_s3+m-})`^ zhGx_66JE#LGQqTmN+q2 zr^-lF-8lWBnyZTJ=6C`Wp5mSY0*JzNlFdzYLgw{KV+JMKfq!Ms=u|xZEODiGI54-) zjYy=B^!IR)xRp)y3KhDe<0jfO9E>}u^x@`fQZwc;RVw3qw-E3U**JOx_pVHGqFILG z<##T#tGtaGj!o;6k-!( z_b3%Oco1aV!6$STsn8yZ)H;U%dFGJ1#}I{iDWD>b%*5we&oFmzW0&k}h5eJ5ilh~# z4t>{xg~IcLwdzU9Xm6tL-%3f)< z&DB!ay1rRanJCZtD$ShBwtRtX4o>WC%xq#QsuRaloZKz72aK&6IfyBFid!%XDF1E2XCISKQrq@RiJA? z?@fwFO3y8pU8RF8Jy32E`W<6!L(-O{OFs&^OM0njLO_NJAwOc=2~d9LQ-@E~k!)`M zGC(~cP*GT^a$+2gWn8Xy=+{j+{&ri0Z-K76$^5pG>IdB~k=Pa@BIa)z;c}^bENzNr zCYmFsm4&I&`^x*DbxZxDX7|>QXl1{l6-jhJjj|URf-k^7ouf<>pm3_Sg?f8a$6y7) zrWW5*j(I&q&hM-O$f*q#L$C)iIZ#>5#(}v?{H_iV5zeY~asUIpX!FEFAE<=?)Su6b07vG-O(y zIMk3nHJA^dND9}gMv0r_cCV?Xk-?$I{QJE`Ffcc(`{-Cw>Pr~*W!TiMe-dEKhA42u zsTEbklOoEV#Scoq!gi_`+xgAh<+L1Rr@nu;gV;aKE9 zSiJw9by&Nw(p_&H8f@Rp=z5wj*fiji;A->HWRaGf3^}~chBzkcHlr5LY)EM97fHC# zYnW4Rjj9soJJYk=va85lRfwLsS32)wP3<367A{!<=lSX>%uwy-*xF7<1Toh`Tv8KG z$mqH$jCqSG4HYx4_L^XsKGI-*sx~$d}$v0fIl5gGV&ya25L>14d z@|^3w!jeYG9NX4WX?Rf^0e|oS!kGkp0)sGVy6DZ-)b>n^UH3=Hew(Wam;AGbR~V2u z{Gc20J#>lpwnyQR9-QZu_^%eBj$p!3bCE+?Xj%iaVvJMQkNDi|^m(feJoF6E{Y!l& zSa{ga3}a>5QknuB+4P&s^JJ}Y0yIseLtzS-10!|E#g6sR-5L{I>JlUnkf?TJMFu$w zA;Ua<(6VhtaYv=hOL=OC3oK?gDk-WPDcE7~LWK;ux?b({GuBUJxOFp_2sTpUS4T2L zw6#kQy;n&Xir{G)Ey+}b^OOuzeH;3^GuW6*`8n1m1i_$#DaEYg3T_)Bv3w}8x3B;_ zbEDq}w+gC773N1S(XJ8U!{wBX_#b(ScoB2C#rSLk@?JoTxNZk+3_Cu|qo8eX+AZpM z@3qoV-3`zjjXZR)@gIfq5GpOx5y z6LnUTj~OQt@tDn8{D*K}krWC99A+OkqBr&|$D+I&Xactl8==w|X(UkBVKsp9b=Rf_ z9<31j>$<0WE^0KCiK4hn>~PN7Z2{ipwKm<9Rh(9Ci|km9;MZ=J1|e1n&=~s(K!=9Q$wt1j(_O#Hc zF=)dk7>PFvnUw#BbQL99r`3*8>Et5%OTNFA&di=K6I6}t@y)MAVJ~&q5bq-bnR~NY z#oB+h8yIbaF*Bbvgh(^>jN}BQ_CE=y4rxQAZX-u|jKuC=2$5!}?x+*aBy`UtRK^{f z{(A3Vucjb%{>scTU>7H(+Rpd^1h4Dc-V!HRX(RvNZox+{e*wz!m7r}%HvYxG$k^9c zY=r>~AJvw8x}LOX$CgZXeqxVWjKpf@S=AtT({)wOcJSYusmhjBZD*78Gxd`FFeT>C zhS5D9G{Rh!Z`^+b38D4AJCYE$^Bx>P7?G+CLv86j$MM`G)z9ntaKTyeHUpt2fN9>D z`_E(v=r8QhL9(spv@}0*p^-OLkQqr+Ob)xhGeq5C$8_8rhn`@4?(g_oj|Fn4<|A^) zhgeIfb8F~zX-sUVsYN2s5DhZOZH6!Y;McDPp-OMg1*p4GVR#XT&9puYWz<0o(Q(G# zz7=C@!$j4pBdrAe1j~7fu>QQgZ0)lF`1*Y>i&MbMi7gZ#mV(ESyHzvQ)=FNxiE=Ph zq3ezj(M4C?<0qf0srhPH;b%x!;by1IX!oWG2KMB!R z!MEUK&rqemV{W2*j{n)D|4hhWgge0B8}Pw$>A!D3zP)odq#9Mj>FXSN@k6Qy%L7U1 zY={bW%0;5ZcpX92L(`VStmke67%vq!#T4G3~#7k?sP#EjGb_y7ahV<=l2S`{~oa}$5jLU&D7 zr0u@7P|iA)Y(;}(YDolkTv&an@&Lug7B7QJO04!0nO_=B;rf`~J_|uX6bc#7-SXpJ z{sO@KrT0b&p26{@4|CeN)OB?mc8>1&jO^^t#8t^6*%UAgD9E)cl5H}F-fwP_N7l59 zcIF}Km1Mjn{hx--d_45x(s27PDa;rn=hw=z?GY8f(naW7;v6e%l2uouOXrZrB})tzj)D9W zVGDD=+mILv^m2q7Ggm*8TECMrwDK&sEMxolnMkHDkjy#zXPjFhj`lH)r!>SvJGx5P z$o&VH9gJz+zAF4KY(?F{UGUWwhtJk+IQ~`jGxvEXCf`9drN0D2VS-| zv&b3!y%iMkwrf;P6U<~3cKf)b+k-Vxu5DhXHvl&5PLz=(35yx7Rj{L20<=|t5*$j4 zcroE|C45}Tcis2izaA!wM^N!y9=(q-tjmU9p=Fd}<4#a8w1~3Ys-a zL+fc7^fKsAF62CV^=bITcxUTgKoJT_fVSPhil{1Ju#;2`+U~PhkLQQ0nB@LPp^i0D zb+-zP)XEpNo)-hoFyOV;juH(IO9NhFhfhWWq1)8h>Oxg@-ZInEtjZlxG7k6%IA_|5 z-%O5=wej{=&~vjevlx9u)oVlQDG*J>utKI*L| zV-J0}Me#SrRey?k0B_8!5blY*i$MiWDPb|f-7myc#1N`Ho0(=KFVx88M^`gpxiO^N zRE=h7nJ~ZTNXVPrIxZC0o)w8+cSUSwni_(t4@|t_aUjU&xfu&p>cfNF#+O&`Xa9-= zaR%F+v?zjBDbMoZ6P=;zOUjJ`bMy&9%J4LCTV1va z;U5nQIo)ng?^byCBMGN%(oSXz)gquLE zA>5zb3x{ayGear^=`N#_sTDkw;9YLrzI9zkMLwa8gy_mN5lIh%DMp>8fysu=Pj;)%3n($#(fZfuNUXIV zK?+zA&L!!zm^|+iiUo`?*PrmaTRrdCoiOZMGtx4s>-4`TM{LrcE-4|<^97KaV>6f* zsy>P`ot1JMck1T1&9rc{yh`w(RCbOoSIvf+I&I> zqZv7W_)V8G>3k9IksWiBXNHUeocW=akT+_Y<1EHNBt~fy_?-mzT|)6S*Qx1io1RlP)BBkDFD@aau^TRlR_?4lr zaUrjXm8FmmpFo-(=YRW`Eu>7{N3hE*LQBC4_|S6=;qjo`gt9XXDlY$$MdfzOt2Bjdt@$DUf! zKblH<`Ic2-qO zu~^8or!GxL|IfXRhi-_$cKjH^EvPzF7!PtSPB2>WGp$_a@f%?E^glImMNoOQ8!;VD zvZ7-2lc@loHsAHWPLKU#je_%cy8=5Z zyQ$43OKWS}om~XAD62j|aCHFyZk#mrKlFMd!7jxe&MI&;MC)O+y7XGwMHu+w_gABO z`cSg_z^W9O<7Zq@zZYSEzPd+cd1kdlD@BQ6CqR(xxLr*p?(pPT4=y_Ni@is3qll39F02yt*j7bUaY zU>>0=Fu=oRd{*b?|KB2n??uaTta;3ch?DGc!*n%^bygtUHbT~Q+9ZKKC5Vj;wNR|# z!b{x(z*n#mNH^!MdA;z4Aj%!mqb5D-0a{5i$0_%B)z?37xF%4jU8 zu$t7005|+WnN7$^zE*w=VH zGWQ4;@OEcCYju@p;9yXh<;W0Vud_*eY)Cu;30VrZPvPoW=5t49Mff06D-n|5wd5Nb@S=o9QF<*eFb1n{A_E-LZgOpf$|evW z6JgMa^{-eN3%`g0`>4?U9hGXuuVJ?jV}+ z+O=eC0Xe$$dMo9q5AZh>MX5tqIDmDV=^z0?W})B}-*h#dymrTzO2sS(+E-JXN%^=q zW1kY7AL~bhF~vhT(1F<{=ibB@n*X}tM-1`kt&qbJG>L~UR+n}#xM08?_Ti1=`FWd2j7fwZczPVUV9l3*K^T8O^ifljz<+DK$ z?f@CO2Y?+gN!78QS>H`P@CCdl@$g})MU%o9S{q;7!on%Lr(++p8zk!^1;d#p| z&WXIgg9;Sy@zA<4;GoLhiCT$C$P+~21DH84hf9{JD$4`M|K$Qa9Wzcy!);v=esWt? z(?AhwFFL~m$l6WB;E>fAH#(;1h>Q!pgppDNi{sTu+k$O|gMZ<0%1an6TUqKDY*RCur&Pc6M4eW4n%R?2YLnNNZv|K)$qAx?6 zkN+AmM8U4wttK&ZM64ATx*|Zx&AR_+2Mhu|Qki6CH(5z!O%efmNPPPhllCqiPFu|l zUbp8p<)&w_BH6ex3_S8Vl~rkWTGDiun5#aMC2%@Z0=@u_2cAWMtxJmm^{DUgfeGB! z1cMa@_#j3XCvEsdlbiH&MlMGSa2#sOaXovyBhJigecS0H9)kM@S|9t&gnBcYixS;b z8WciZb9C%4_MhMv*5YEym~^D+S53sffMUZ8L@-{rIjf`XMj1O5q6Sb*B+*#!yrgej zd!(boouXG+ju>`=+=ZAR~7e1VMeKZheb25C?!iNh80<>>1xU%Fc z!xgLm7MiJhDsDZSZG-pRETO=hh1mbO{AS|w($pOK0y6NaL0Q0HgN7R)=`x^!k$Dd= zzlQsUgJQQ`y)gCw9I@PgUoy8A6a z`-wpkoE;CMS}dJX%198_40oJIEGZQTZfS8aqDnkE2N=`>IpWRFiP1wFQr;oy7X{rX zs2pifNXx?V_0_M@y=9OUj;DA#}DrUqOW{1^(qBC>v;e~qNsY?_UE&|CI(G>TU@W$=?!S}j%!H% zqw;+CZL?-aOER*idgG?o#te_b2?teV-{aqiX{-UI&()W|%MrvLSK~{kpITGwJuey! zdX&>GfA_p}aC|9MZvX15!@SJgbJ-Yn-xtv)o!m%|SEdc4b5Ds$Zf5=HSKq(oTK}7e zIN+uutBShUVSVQ3AGs&DiNYUv=Wbunm>*S|Ri-0WXMj;>+MN;8TeX!U&(gb&D*X58 zIWtE5I<=YWzA?$YN?ofC2NR+>@F6-}$=TuHJt9tY_L-wiy4ECPOWaWvVQ|m~u~579 zbvN7L0NSc@@nFoDZSE00!ray?P+#dJ_E;_oEBd$4Y?E?l{2G*>6bLk@zz$;zTuK6v zrQ?<^>vRy!bR~h>EGFv-AJfs~x&tFF&|Z5Kt8#Ln!FCVqe7lZ#D|9A5z-pd^YHs)T zv!$7Aztm!SvPed=xx2-8MHaN_o~_CUFWw!wme-N*xlS3mPO!sg^zloFeCkd;N(K!=#8oBD6~h zs9xcE@2>^i__?FfOXJ>xaIBb$^pC?IEUq0rM}JgK=v{{l%KXCz?soLT`HTj& z9|w{m27HAZkqh#3Db3IzV=|^MB^t~(niKg&rbaYaP}zIi*5Ay6`gh~!??)|Ln<4^w z9&HM5BBOj=S4rd+72|9!Y2^?ZRPQ<$K@chqo>oIw^k(@`;sy~d*)^Z+9u0J zc#nT&H{ZO94?l5>eV9(bw+*`^`T=g1DybISz{J;9Q~G^0$o9_=?}TG=b}KOT|~*)hlI z>cZkX@@R#LnaTMmisLgabS`xzN@HAqH?o+U>|v{tvb zrRZF10EnVLI^TWNNIle;yOP~Jwo-9$$&8YWAiEY&unyzfFXI<}CdP5YUN;(K;n1)c z7;;TL-obTG>Ub?EZN1~r*j{jcnJ_*2Eul!pcjSk4v6O6%b4W5Zj}aG~on?GfjiNzYtV8q=K@6olMCTq(%EzTn-+`^WP1)$7Gy4zLG1E_& zINy^pr+t|=*pjz1i5%L$S>MQ>y#2ZPFAeJMV^u@RAqRyxP|f*SRc*zwdvxeYydoip(!AL6YBDc^F@2`%bXN{It9IwU8=^y~?-H z{C?a%rEo)P-2O9se=W5HPv2R_JF;i^Lpv^yA(k8xQP|)0$kC^qZfCX`@>l^3`?szV zpu$VRKoA{vd3uMABD300g!21K?9^qBsBNtgf*6eA@y&@l-IGr^y*Z80nS7lLKx_LDvW7$b(=jdFRm6d9XAUV$m8!;_gmT(NgtxCdUF3 znv81CZ=CTP{$LFK1SD&k4X?PdR`R`2^2+aJxX>6h7S$%GJpx_^~ zw@!}BE4y?wF8gB9G8D+pu(=LOeWLO=++Fcuq2QJYwz-0ko=eD;`+nmJtm@>)6OqqN-fyQW-HF-;YNCCpjM%@!IDh>qNI^s`|cB-GxZpd zfewu#Jm`jEoOD+2f^N2}ZitDm4Mz=|E@5el_X8{biJ^|iW>bszQF~w|xJ6?(S#HZl z4}cwutWCKEj_Io*yh?5h1)zG=ykUgaSDxSS$sn zTIEn{Du|#9$4jq4$IBF3;dg4)!lC0{cMwhZM@B#L=JCoCKN`N6nUHM*sT6Dj^^**A z8K?HrISVCPm`^>&&}?pqG!4GSt%CGJx5U5@qs10{WpWFhy*5EZ%8VaZGfD8$fg;minzoPT zj{?1?j`0-Jbw*bSu-RxTw2rFsKGLkc@1B&%@60@(3b&2`98p1*)ZY!6hR+ujSnigd z4~xpRJktAMlJXAab}np5JOD`wd-mM!(-y`{T% zB3Vo$xm)t)s&w;&^PvD!X0=4$WZ4O|sxnIiA71UgJxn}ioJ1FNE`BuA$0P}2*pn|6 z3(pl+taWQ3#Po=MD;st(Q(ENc@k!t~WdSL|g9y?gJf)P)$%0+~|^JS?}Y|u8S*G^e$oAVWpyqu<4I8cQ{82W70K`eQgW_ zr<@HA3~L&2nv;&lcO<=S{&j-v&VX0K3-EcI&lhN+SZwS{fF^d7aM%UeoCg&)u;Pis-q&;Wz zw?;OEJ9C1tv=eMq!$s@Pw@#y|2xhPt2FrBAUX@le(AWH7$ldIrrmJTSX1drX#OS5h zRc_rKglN5I86rPWw}j6tXSx(m_;qc~EFUE-bHV4rrN~RW8W`H#`CN+DqGETuv?zNO zQUdSk1e2zJ&@5dXCb++*!uWpk&TK)MW_w0JGYj>^?yB^*cJfh1xua73usbnkN!ilw zwqIXUN`82{(NG@wY6%zo+>&3axUzbbUndo;fnA?wsB8JQGEvOrxzlB0qUgm~;f z-*QE;K=z=ZdQnT%db4|d=^zQZ7dyGjh6r$jbq;K2#DqjdB#Sa9CM1^#9>kr(W7d8P z7m$a%d1@6QXt(+MQ5()sj5t3GxigV**lo-r^w#)P8Gg=CU}dh4+?9ZI6boGYWLjV* zKh9_a^U0KRgittb_$J9!RMS;&#XPF|#__=2NfK9}l5zaT=d2u*@+H*tni2uWXb3GX z5F*^6Krt`?9am2EiGEE`7&fJ-Px;;{-|?GgS7YfN%Z;n>bb|KXC-13$%^LIEw75=Z zS*x3aeYWJ|!&#WbY>29>uQ&rJOY`*{F#(!U%`rZ~;MnUD$@cUWSd($wDpfGcU^NQc zB1rxvU?2fMUI5ivQyJKGex=Xw&EB>w6I-1`eSHH4f@{5b#3({jUu%~iSmggqJ>s3_@xauxRmoyU=hQW~*M;VQ zw4Q7fbc6$=5W3OyMuy0sAf(&~yEVEpaE6Y%RM~bscT`E8K*Dh;CTDpY}n)2TTuJ-ukax(9M35YUMx^BILBg zLg?7mXel@ldyD&mt87o=IvqSD#lDYDe6VtGdrxJ@*rBoc0{nI9^Q`Q2x$k|xPls;C zBf$#m3iOfSNbq#wIc(b7I}%&FEJVE**|=Oy#x_&D%ZxWkiTO40yOD`)&(tf_jaq+; z4VhQ1V{CrZd27sY6qzRu&9VfN-~5;9W@fFBc{~SG>76i;Q$VA&HLs|Eb97Cav5J7~ z?YYjyZZqO&EQ_I04YQ01W6ng2z`zL0D_0ZyX%d84)B=~^v2pF<#YY(ja|1EVm2?a? zWT@LHchjileD>|1^SahE#vNBoi3&Up8s=g*579tE6Eeww_fIQ58gzCcw!{$^oE5CN4WnjR70TZ+{=vQbw}9Eh3yDNy8wGvYzYB}2$Ym+n4;ZGo`l%5qtJ%AY zPFXJ^vDn4xN0AU{)2(kpcRC(g{_K8|lET#ZN#a!)Rxg_FTD7IYA*|=@-l@ZLO*i^} zi$gk2SHj2p6R~rxbG)1hw1mjzc9QI0-MqA14_r&145yLHE=d_T%rVcNiKFL<7a0g2 zd+;=MT>Mz)#Yjn8@g533YJ+l^Bgp-o zVdum&KOXwgWDWR4RPQ6(*~!EA$RK3pSEnbzuD8&;IRW_xDKBYOI*Vq&IBne_Bm!&kd-$eKmmhVYCdgrTXcdE8?etnijHr(q0esuI7BtAg zqa`VzhIyLg+WKlDj|&pxknuBlX4GS*VB+VD*=1nsddr(5U@B6Jup52b}f#gP=my8M3thR_|H z_eFv`2Bh2;=9C6P!K3`D;?9ps=811mf~BAya^27T$QuM1@nfaWvrh(E|10(!$)P&m zh*MwUooLv!o%ozBZ>fq&>Z3-`An3!fO(N^MDwt!ZsNolzwZTnGEk>RQ2?A!pZ5a{! zNVpjR!r6tO2e> z+Rb+eBq3Thb*ZPJqn2BvKaDi%g+-QYmZ_cY@S7XxR9p{copT&WjzI($FUfX;R$1Ot zZPO#hN5?TYS4A z8Ykp9uu@h7P2dORoRITR3fy>|DF2O|quQ2u?>u%?Q5Wyse31@im;Hw(S+MyXpPUYdIQNpiu7)E1uqB8J3l+rAYApS;w?l z&Ft9ncmN*yzNHTABu4!C`P}ST{c%E$vt#tt1ZvUh zX7uh{#;kAkIP&A;5dE5(;VIqi!AZq03lXu4onM%Ym%SOZNUUp|>3o2L#68^koANt) z?2?h-5MQQw?epUtdKFY&Ui>WtckLt_DP-2J-GLw8X%og&FiQ8nfoO03l~;~fYn}lE z!Z3rGMT%RWU-#(Cn$Iz8a?*hXd)%|G^9d0?1 zbi}vUhnmTUlPcC7iHnR}arbW|)+!QQcp3$^pjU=-B&ewaot5^?fpA=!&*PAXd~NO& z^qWRkMgzW74eq1nXzcZ8O7tD)9^y%Fi}}L3AT0oo2_*MH{*r?5A&b95U6l6vogHf##Bfd0E7PB zJ`B6Q%f`De=3o|J$3=iR-06ICxCFTimz-jx{Rwp#_`Leq(!m%*2TWNy)(|MUiUa1$ z0xST%b~?KMQeJD8r5S7XP^btW7Q{ZuHZo0q!`$0hr3JeKk`naFXXu`w?;7}x9^PA2 z!aT(cjPVj7FH6n+rl=7?rn3K0;0d&G%P#C-YZ2+Dv~cYU#a6v_*F$`pGt`LjQaL6% zOV4vL0Hx6``Lzlm*r5Wm+QtkL9?Cy&`{m*dXDP-A(R4ra|5JiDS(NA%;KTSP!jD4u3KflD; zi$0p2B($V-vKF!wvVd|-6roSJ5|M04{r8Gl96ou#K;NI`Vd*EtAd}zk+fD06bl=&f z_>doH`!?t?jp(Fd>-}JbHQ^2y;FLW}J9H4&haTNW*-c<~D|QzS{9TH|4q(9Yj#dtO z3NYZBUkGzy#H{L+tm((d9iS;D?&*zuTo);H3*FFWDn_#Tlt~S9Y)4-^ zrQgub41_A35WoRZg)76=D#n{)|F9N<)IAn*CADb7+1s5sDkVH_M7pH8HfQ$i#ldYPbaO9kIQuaeNhc!1wxy*n=W2 z2yw#`{nv9nCAS_|`gEJHh@s&g=gYhGG#sr)tJjHxN=O``X<^uL%i)jF$X#OF|3QP! z?fk^nlFz#)rVPzQCQ6_+px2)ll^&cXZs#61s9gfAp$!AQ3eDgZuP}{pb5R~wk4S%G6}pD z4(!Vb>4b!_lCS1Q;fKqN^@u-;p(OMA>_Yw3<=I`+xrK&AO7UB%@7U^C2j53TQN2&# zW_%F+!@-7%_piiX$6NAincIP}H5uRvb79r3lk`6!lt~&D@bsz6I%`8Y9pOK#*E153 zR0iXm;Tzb5&OOwX{I`ixnLvNi2yO77$ItRKP#}V=P>i7~NHrVJ((8 z2A?6{9te~?teo0o^1im=t)J*bCSTWvf_29Kde++5>{^%u|54qO+f=0@W*ri{mUXMe ziou(vb8$4qhH!YwkCS8;m%1TJ3Q1Pjp+)As6WtCl&|iJ$nTdyXR@i_jIB;DGh#5|_f8M}FBgEP8wexgqw`tbFh25JPPpsxeMCjMCSy=J4C~_i zd2yaz9hb+#mV3!M0e+|my~}HX&~Iyc`CSP*Lt>yR~f?Pv)$O`9e4yJZdMFHi{*-6JN0lyg01Dz$%I{^!X74zu1f&c*DsNm z3KC&y*#6*)vSvJETUgbx6S!4y+JEDupM7O>3fJ})K zTSe$EssC2D9=Ei$Kya>V5}?O0>mpNUBt;p-FT2GtSJME@EM{^&xs;2Agii?}0S_rr z&fH#p_Epg@wjCN?k8O?>*QEbf39Dq9>k0H>(09jBM}x>1SRftzK!q_YqG5uf<|-_3 z`MDo4P!R!1s28&B0VxZ_02cG5BHVI7z&hl=tYZQu+mOV6%vI@Gg8exbK1u=cxPgd> z23JE=ss_!sa_lVsMeoPH#(5_#QN3`Tvrv}Sr2*KI2tsUA$o2qW_Ah;Z9$|&%E)?Mt zHD*HKjCw!Atz{<2_3;08k}{=C3sHot(Tdov#A45_xjKaYCqw=~W>F3U4)}iR1C!Nq zJVY5DQmc7#mCV=4M@PbYVscO#EN*P3s{$u$k$02I>Ff)v2aaHz3DPZ1YqA+_G+w!E zsR*5bncq}Nd{YQy3|!L&LQ-TbEBbuu)5$Qtv{aIHUK0!VmH+z(TojcR${rQ63E6vx5VBXcjH5UlTf-<|`x>w7dXMY%){k-*pegO~tk&+*2tie*xxw6)9Plox zO46U3In_Fo&k#6R0USU{U(iaEi>9gqjY=J^%uOj?Ff^eUGpXfky19!fP$v68VEj@B zP3XYQMTpc`eY+G~g?r~=BcXW7vVhH3C8+5vW z8en%&wXhs9V(oLe*|!$6sxG~|VMXAg8_JXM0;L_I!pb!4U2MuMje7~=Ku-g9A=KkC zBb_tUzk76n9UnNL;%6*;E)jbib395k5cQtR6X{{YI@?L9B~!EWk%c4GpR}49?P6mV zo5+Wr3w|w!^;y;lHfvm13_b#~u@P1G_96_oC?Hg@O_W~qZCl7`+{mrF29`mf@Hew> z_37`J7J{W;e!!kIJdB>D z1>+L~IU`t4^Ae2oGRbD!J((Ja^J4GGcl5H>#z>i7-Su||vO0O6o|>}kY8kH;>+&dp z!>_K!*cQ2oZ~!f_BdS@Bi3*L2wnd^7jbrvT>-wCThFsdV!+tqi`;n&dE+il9YL68A zwa%VBXcn8H?GoiDo@1N(Hpq`qMFC@>4Af;RBdFPWeXQGdb+xB;&|w<>}}(ikoHTHH5wH~&F-ZeHz6!VuW~GJ+=<+xT51Q#E zJ0PZ`hC14SW?6bp(+u*Qs7X>&9ig2&x{RdHH+1Cmv>2{!^kpcJYI4BtSE|uzd?ZVt)Cp)>E%d^Xs+=f zH-}k3M`nDd?+rq1V!AGO%Kg)sI^2t*3}1;mLKhx(cA9SSkvFEenuS&bnaVb@4@U2aA^V<~jAuNqP8*@0j z2HVW&u|*)KI1f-l@y*GmZQLGumM*cX>dn<)Gh2lc;Vh~3WgN_Kg)McWDOxn$rNYEA z=Kip8%C(1KqMRfI)4@0Hf{k6pI&X8>5Y&%KY@a+QlCMQGNt$soBT*!ZCVopXtn}xI zygAnxEW}HUJa9p)xULaz_jemS_WkzFi%HYxpW9rE26|jeF`GID6YMUH7*R-JB&vPP~ zW8Vi4F@Vp0jx1AOhCDoFjV>Tki!diV>$`E5k2eImQr}Je@O$zD?1rR>F!nGl2=khJ z_%bXJ(3kCz37X|FB~MPiX6?;rMRcy8O`&nMI@(Ra=5Ak-Pge1@21z^Ix9dV$t=bbp zSyVtvZLSqvbbQn#iH&4}U&a6{t4+o!P}Y=1y_h^K%lP()@A7%XorKArhn%!fF=$RF zEWi#?GTpnz?je&8ttpb|w14|4uNtXglpXh7hAgi_&E^KoN5Rr54JMU89dNAQl71vO z82sp?a;lNmW$@N;#E+TCpdG!X@3OV;lNyrYCxchm8ex!;6-*NW9>Xq#^+t7-)C-WB zhB75#$hPa3vgQ*xNV(ImeE9Z&GBR1n(=zlH_x!hT9IzFgM2r!-eWW7VkUSJv!N>!2 z!U^ZmygxOdr07csX6y>L=29=brVCK5iV0A_Heu#jyEijOBjCo(`-SZ~Y8KP)EiWMA zk|UnK*`|gp>Ap#QUKhHPhZ~*2-h4VN;eVW7>zB6HuRUa1V!k?Jei;N{g(w3lwob zOcI##XmP;qTKH@L-s~3P(foe@9S>by zLxNoz2;#skby)`T1Rj1KR*O+1jf&~W7oc~q?X(?pY=h<}XXKG)0t%DGj(Z+%Y{~MZ zCA8~DB7qC}Ya9r2UJsQ`fM4Vo&ZbK{>c>=1Fg}-oOrH>ni+kYA>S6VO53BP|kt|0& z4m;fSm8oa9()_+lAwa~pqvACBd1G`vO-cD>NYwPJe~RQZoFqKUY^AggWw;w`c|L$&P4BJjNV4!m!yy z2n%4$Dg}zpRD0p-2M)KDfV%bE5pq9o>}d_Yk&_BU3A_e6Z95R3*fBtV-fDJuQTU>1 z$}Y)g&-68KppmIOjHARftNuEH()Hd*JZ<@fqF}BYOZzunoGl%ADc$NmgWf%2lN;FTsmM(2dS1)tK+^SouTdG}2yKq&~k8Kn~rBP;JN6Sm@Mow9|SR>b1;cs+O1 zl+bNx@88OFzfuvLCsBzH=2V8f1V!pV-6>uZ`jEujPoZOvj48Iga;`OF0U^ zh;TWIe7_c~@1w?^LSdE!5cwj0r2fV}Jl&Y!5`w;9@C+DWcwn3GS)DADsCqM@F0|H~pmT%Wj2U60UbBEP>i$+y+ZmeR zBU3}B{aLogm`={{;P|08ELk*-R_$=dKE1B&X69XH>?}=^Z^ydL9hg?h-z;H4XlWR5 zvQIjIJQOPwkN`=*2jMR!5IM*cm#p5*38ijYkg_oWozDhyD}F(YZexy*Zl3g!8j>dg zZ*JDP^eT8EC{d$K)EOmS@YAdY%u6a4XwkwA5>()Usa`QxgJil~f6O?97pas(YqrU4 z12cNl3SdZEbK{KBdW^xn%@?4M5|shNwehQ)Nk49ZHPOSPLN__cZy}9t?&j5BR!;p)T84|`md&G z=Lam3bf2!r9dcz+*sBX~)EgmCEIy7-pCs0=uEZ>iY)MOa@73*pXS9aRk4k0Vu&vdr z^T3wn5Y*Vdt{I~ut97_M+VL{%ra5P^e$tQ#n*MIFjPPJ!+U`4k#7FL%YyQQFr5DC$ z+LRVUx0<36Dv1(KR4+h{6*O3DtI^%zaW-%9j%cC^=jJQ-rwwBmELwZu2-LLS{k|)T zyD_F<8@OJe%BBI9MOzm=VKX(Dd|}AClN^6(`yN-9i~Sz-KR=U?2#P$^BR_$5de^t_ z8~9B{ZiY3iolD+Fxk(<%5C~%$oNjyj&y#X z%XSLgjFVIYi(hP3gu7(QZDktiCOOW8dqT$PW>^n-4MOX9+Tby}N9R)?q|P5S_R&U$ zuOXflm`S}drnOKvd&q8|dnAAMY~B1#cJ-VgNg6H5oUtq`Kd^-8fS@jP-5)})s}G=gb1G}OIqVtgox@VL+E#fJhRI)eZZ4O4AQbS)T!1JDM+$KYx%Pd z(7BeiTq~twyeX7AW0hGkeHYA1uwxf-I@Ysrbq5C~sKq15WEb2=E1or>ku3`n0$ASt zsl5niN8Hqm>tLt5j9(4?}gD z{IZ@@UqgHWw-z*vK7n%kWfXki$4)Vso^6<^9?f0D6!|{<5tu6l1eAwU!MmKq&+0}> zdZxxPshX!y%Ts}Av9q?ux0@0-=hEUy`0KzIV0|gSK~pGGox!v0iJ7|O!{y7ZhXaqvYu0EtM%z!z z`ZmJs4(VKu5_i#)!tUg1`CGZ1z8mynR}d#Do412F!FBDo$7DpZb1Uj2Co7(DAMrpj zAJL{g6{U*=V}Q0VBCNE~a!-YDkP)Lv?FpDp`Pz!YLAM$SVg0fgDL8#rofp(F^9E+k zWh`<^u+B~RAh(-GGY>L^>+-n41yQFHa<$|w-ukdx?CNR}-qcjHMdxmRw0IpoBK@U~ zNOgBcTzhtpB_FILesVPtB?Gj%flKx){R-C@6t@iXF-1Uk6hH*WkU?8u>GhGI;{xK% z>l2u}*C{-%NJ@opx2kRAxU%l;G`+8~M4F!30J_LT`oWexZj$Gbf5s?>k7+bE5`Kiq zQ&@XZcmbUg*4ME(0^AxG&+ErnuV^6lB#vl@x96%amUj*+{^q_A8^dfVz=!zJzb&G+ zwV@)_gSTX5rI?3_ldh($H^tnTUM;MzG$ZAvoy9n*^Njiajx3U)xk#(w*yCv0Ogxn#{F%v&n1&IJT0p5WY~LO(DJMCCr*^cl5tudcI8fx? zO`t@PoL4&4y$9hND!>7gSfL7n51ye4t%r{2UK#~H&e>BExSI(B=9@VONl4W zP1(4X4!)V^)@YXhMtnnKu9B_?uE#L9I_Q%&+*9=gu1={zpuF_y8SMJWP0jZ@6|*w| zb#lT0I-)Gf6W#v#LI^(M{v?-{xAp_laX~4Zn@#O)2h3o0Y zswGc!()^JAppy&O_mmKx zaMJRA!#0yW+X%@f9RoLc@&N~v_QP4zg!es7SkGk~{X#3f) zM!X*F@q_I*xz*xe=8kUcPYg1PR*eewUIZ`?7Z&0jY^cKBD+DBow&q8KH#O2gsy?F} zoP8P(9Ei>>H)rZv0b! zOiVS%K1nw}>P$d|Nmd$|Aq5npA|UGsya@l>aKnIYR@7sXmR5V+H>D*69=DRn+E5Bdj$A^ zEzjZ=v($d-H1TskpB8p8?==XebOqL35sYr+uVw(^(i+}TTT!>p%$n7cXAW39H4SM# z-A=Cp7NgG68Y;ZBnAR45ET^yU&8*zJ9xw5o&MD-I&&=zV{%m}PhfkcYkLbyEe!54@ za3j$AI$rn}LXlpUkcWXmlP~M($m3L8zxeT}-TD%}XoimTT+cSH8>KcEUt?&Rvk{om z(~ajHojU^So?JV5V($zUzaAU)s7jt8iRA(())RBrkGeai>1uI7KKhQth}S_gWVNsD z4d2s3eG&u_EEc2lc069fkd{0?pcgSU=kB@5%;fukzGOSQ1Iz3vh=BTm3yB^v0C}3D zvGktloP*owQ-s`nZ^;a(qmfwn(L3{4)7$S}=;%0#t5T)^*0C+D{VWx0p@NavOTY6 z2oM#g-*ua3ye*+RBKtcn4}e8`nDtB?Izsd+_I37t&?F&o-ou%RO0`5uC@m#zJZ&vs ztdI%}=T9Q=ro}IN(Lg zMG#Yy$JmRD2+o%%-tqfX3O%nb0NkueLD-QHdJ_PnZw2V~h2_wh$^x;-0^+I^tadLV zDv;rse7YA9JpqORZc9o%uj(%#1Yp3PDX9g}R4)0tm>vOemjg_`^+X7P4*9C-A7)rG z0zjFRBn3Mp(CKz_y%id60#_C=FI~eiR3IaqvB3gI33&Ae4#Ic3)CHKO3D0<^+*jV) z34$hlQpWxp>fUR4gwleDig3a4mbfgiWSGvmtNVl|_Va9E zV>SIyy7`puE$$i^Ap6eEp<3%$W&}pjxB)^q`Pl53pFK-$TMHeBPLI*EZEwOXu$&y| z8*fD%{AGl_P3;Yf2Ze5Di%#KbdEw3$w(Z%MHzrnd*@dYGp@PPN*VB^%m#`jU6)L$l zrb%8l`Oz5C`C=Wsetf_`oRhcG0zFlmFPkl znR&nf4>ub(buttijO+NghG%Y+LvoLA7bGUtNo;gk+wKw_3o~V2$5oZ$OR(V&Ig~F! z1E==b2>Yow4{mTSp$liWm`1X6)jM~MUf=7QE`26)!S7j#Vfzq(G5R%%zmN{AVN(}L zQefjOJg!O!E*ZaL8M%>mg_P0z^{0XfUjq21%I`s7K=L*6Mv~xx?6C#Oi}5m$2wAk~ zuUAM!7?A_=#@iW?|bzlrIwVsOKP} zk9wkxHrok7r*jZn5j%FJG}Tch!!eO9f+4m%yP5mIw<@}Bf==D?_Rs@fV+Ij;UR>ay?3x}kgo2v0Nyp`J{v8Fvg70e&RJ9PUEc#M(A6!2*EX34yw-jMWiEXqKnOjp980Vq5tSh;r)$Cv(W$_+n&kYsdoGBtGY<^L0VY| zhPlz+_w%SGZ@`}YsZk}h+Xm=|A~uFWLOYHwmjD**OdIN>z5n33Z+X*DZ)5x7d#USO zqjpK1$%clmUL_D(4(&d2)_ngI|Myt{<@So?(r&-QP`}JBpYkh>wqozeNYGjC4hwI+ zozyI&O4uUqW>zluWIO#04ZF_q~HWCcKoI>0j*#l7r# z)2xhD_n=gXBBziVH?Qv^7MUdbi9UqCt-(SQF3e^8CW#p_QmLeeliTs@LX6+cfC%h* z32C%Va7SV3`-f6XglZ4CDJTmIJ1p~`7##)Dt24Wc-tQe!TC~6$t*+}!VHW@JFpl}I zht50Xe!VqFvfV^Uy6P@9N9z&p{09zMfQ0l__8r=xH|}I=N{WS*7Aw*Q3--~v5>s@* zt`1AKGFQ792Zsw;>G)%^i0ulccCq|=(h8fjk;d`y`iFY}g*+3G6L`)5oT*Ws@$MZ) zz9BVouI*1QO?s&G5LxY0c==L7!j0OZ++Mr+4;mR{FlRs~yN@K>!=8+Za?P4a3r5{T zfp)t;@##$>*ZLBi?S#{(qg@NHeVd%MNz!J#ol6`r?54nLKGGrlb85Tky%i4Z8G|Yd zwJ6h&i}Y(wl5#)r9She$i5I1WsOIrLHr;&Sti~m4nML_7>Q1(C{;lcFvIn|yHO|>QLhLN!XQ_ZJXxiAaD2QK^2-70!jEenJ$Y-T_-S64sbBH2}~f#m8Y3X_BGgc9m%nbl^}yhCm-HB^A*ml4hZR9L>v&y7|kZ;+POL$ zh=8SqaY8YnRUBJ5ZG;jl$}V4=#4%XYb>=_eqS8#L7-%3sz*Zv6?*rx4rY+N1HxxsI zMPy;4G1j{9$Tm{9V|xrS{3~8+N_fL%9pG zFF)&@5T$1RoL;FKt~Ne@6@LWk8aPU2tXBQ;06n z^6g<$^+c7*n8g!S7(aimV~d#t_8W8PisYK_>6mhT^XM<4e+lYIM9mo5kFzw{V>58O z((K*?U{_1nh+-VSEyeq zmdkX#u(bWCCE%#`nO%!K7MBy;bl;VQt&fZVSKK?>-Jy4Pgk@b7C$Ep9!FOH|@p@}x%pH-e}@YjSq*06lO$=W9~ z(K(XD2qyX$m0E4p^>xlS0&H)@F7Edj!Jw{WDW48b)e|<)@n&R1jQWDo`Ku6P>hU{Hg7(_r3x{4S-f0TZ6MLH zl@!vxuq+Lx_HZ^tnt{_$wKLvK#k^HHKE}ONcAuQ((Bd{e&yEcaP3bVEqAN^@Gpnx+ zYdRVpTjl=~I9NI9)W8 zPYAf3?){*7J&1oN_>EI}Dg8Ya!i0ou-n%heT< zs*a3ZNAq$E*8KohSPu_MZGAyu5WW(Lh3KkA)4=$;w%oNf5wE5PzPtFCtq^zn7a zlA(?*&wE@_`%zrjAUh$>s|$$NLW|>Hyv? zmhX`n7ta%XrpuDK99cau4~u32Z@v)B7O-lm#D%RTs@ZQ@7c=%K*w)U1gHV(HkgCx+ zNB#xmJ#cQHeB40*nVqR%_f#umOFXF*^V!0cT)zuXM< z;eNKa>QNaa&R9TqtmwY~60GUul4yLFc?|L>a+%Ge{NpIt#O@a zBI3$swbN@*UFTH9ou(Yc$xHU{-_c!(Gl{RZce!9ffUqI|=7Uk^yEpR#YO7<}_!0Aa zU|i(<0*1eM?}nc&-SIr!0x~sBPP@FAsBg$1#_jWGSZi!4uqnNHVdWcTgI z-C2^K>Ru6ijT@$cyqjpTSFW4@>Wfv|D=lSUyii>GHmF1Q^Ikrvcbfmsr)q1lirdII z@vQ>pRDx7D7-PN&PtRe?!4p#*llnm=_AeT|c)H$U=1I zJ(O4#c;Cfl-9Oc6;}~dq9M(kD+Sh(>SM21!cR2xxevb;8tSH~wi|_mGfisV=6CvQ% z5S~<9VIW0Qj$U`Vitvb}N7jbkJe9L_nWB1k*GUf|bRoEQQnaNmTST0@wS44DL~_!e zQfjlG9cB^%ojxI}ep_rA{?2NK2~T_XB0^2==e!X|DfPzlkwlBnoHD|y6!f>Rs=Q1> z@FNzR6r!UfCPl-Ip>@SEQ)i#5OPTJ8B;3}dtW>DEdz7euMfB59J7vc^=Pg_Wi!9`5-Wej?;VkberyVNJRR~QxK zQkzg*e`R;yhlc zoCM;wl``D@&!h+TPvvdG`$=6-o#Y80ji(S@U=>aZVPq>)(jFjxd*6lKe&;AO#X8v~ zF4IhWdH}mI6JP2e^(`&yIpzh*SX~YW2(kciIy9vnN;Caj)p2l4iL_X*zGY(RkFK}) zo#=MluLl=kYdGeyWCcAPI&1#cmCK1!B`coQg*J~z1m`pPzm1c(b}x?|y>llgh@=?B zE9iD!ma|PGmaVDX6>#@N0L^ah%FfZ6gkueSn)N34x0E8FW~_Jc-o06mzA?a1sAb?n z2E$e4UFFWtpsHzNx9!TVN^oXWkVw274F7F|K=A zncUCq$`>9*GxBXq{b1cb+FCKr=%xYQ%_PFgdUjs<@KE*fr7<5c6>yJm$%8j8DPhg7 z#c=h-=z@LM7S|8^vIECqq6wY7Kaj#-hDEX~He8Viw+u!NJQ%s`4!FiT<72L+*>V2# zhrA9<<~ah^d}JO)awHdzXoIlg7r=_o^2uSp_qZ>*hC zdc))^-ld{wA;8U$6*TFsadp&_Jx($;tycKe%yY%``43Z!3X=!)@;MzIe5|_o6>72j zU2l}7Vq7d=^mc2}YNGk%q=$z-(xWbr;dXcPUB{Ui;Fhm5Z_A${%zPrvg)Ifx3^f=7 zw#sDP(;e4}q~40_ZFR!7{qt8mozgWY`&#$1H!ddmbZl38d#6i>N(^djJ(W)~K#RRI z3{LJ8PstyrPY@rknVuToY5*sKrfpex^VzM}6N{%##0zLbw99PCfOc-uRj{Kh)R~HC>pf?U`<2(L%T0g!1-ACY9E#)x*k&#CKge{X3+Xm&MP%qRN3|yz8cy zwB`2$R$G!mpZ7n3B)>f+W~!WaEs@$-E5l`!P$!8kP&zC7Ty*j4`;+haqGk8K@aI+4 z<)#kvjrN1=&WvaSRbjJNEoYee*HUkQ!;~5ELxy)L&sWY$qQbr|1D8|Vy9ec2pB$VH zqy?Prp19n|;1rH#?CtAN4l`r80u$t`e#BXzwY^w5++>&5{^2C@j{np{uizoZgf9$Z z7T=UPV4vrnKK98KtLOaoaL-?QUb^Uum|#ZyPXL}D%c(Ap4y+QiV?4Oep5S&@z1FKH zl?xn3`Z}B(s9AxNG2v3c#XbSYgM{ng$hcf_crqwzg4@R1V?CFzxE#_v z(QemaAgsb`y|ja8)!Etmg-}o0QhDn~B;E5_o06DgZjU`xBH73+9VSiTeC&c0EvRVZ zb{2)&ePcsGZXZ=$o=Y@PNy}6aBam|>X%3h4H8DW9f>8dsJ7C0+#GR%WVOr(T>ESnU zNxFua5aTeYsJH_e-P3pO3FvNRx?1x9*5}3ymZ?q8@4FN>+>kgu)UG$tV}b`PZzU^^ z|4G8Z#z|9xFH1|0o$CZsOj1$99Y$$&1G!%(@u0M^eUIfKA`8Hob?lcaw+Dmc@wAyn@*|;hvtpAkL&cm|+2~;iESpYrk3=f<+8Weq5)XBF}#z8jSCp0h>_~~3L;+Cp+ zr?;)Mww{g1IFJW|iicliphiqPALD{E%M%=s#LC}+ok&%R`|d>vPvCyBeTnRPwC%l8 z$zq@3zlsci$@3-D=V{k?RDrRp#7k|8^JQ%xdGvX)@TeS0`wB=r^h|9EZ6lt8J@X^P z>A&hOU;!6LwkD04Ii=eqt!7*ykb?f#vyca;l!9}Y}w@}U4Y09d`m4m%tl@wRLi zTyi~x;sT;M=#SoLT!$~E`{WMAg_)inMdZSPcb-3XRprgqpF@ThA*jF`kd(p8l0YT< zQ{9)42UigZqr<0Z!_7y;=WBrnzyz}mIINIqEvprbimhv;{VU*g=rleUve#GKuu**V ze5F$|9m5T!E#mpWWiNqb2+)AA8W)mAcT==CEy%9+Z{hv@)D5k}kHaU(L1f5ij&mg! z)>}qsY7fwiy1#yak)i{k%DvlpIRS zLU8RO7&Fl{WncJk00GSfcFoRfMBtJ$sR)j{q3Zf`^uQ;G-eFfrf&c8seRH;6B$RxV z19;0XSEGS(Bh8lJ!2NO9^(-KFl>_E|8VpjcservPNks(f%)R+PZt--lb>&Jz81}ER z{@BR%feRUzJ{@U1T;%_Khg)P{{fZ>w(<%1X&w@9u!2A?=BjZ;;zg%^zm5Xqs!Ar!N z<-af3-`QTlCH?nY(^um@SU^zskib6BPgF^N)2+Pcn&t(=&;R#3_GIuBIF3wB94SxH zYWo$p=-Q1dEB`$88NlRoTdye5-yVIcZ{IFYL*t?Feu9ka<5wG!HOViP1hcq)-=n3QjTZwd z_Bj)&Aj12@>)n`E4cZ>Qk41S~o%+&w`4mVz1e6wBQ6WT2IQAGBT@UfVzaBJ`#d;~OU={jOjpO*wark?!)?O3==T-Dj=NW}^K zvP}Y$74CW(U8`9`zKCpH4q?ItUIHhAO&Zb}GE0K-f1KhbO||!>93;4@)~v%v23!Ap zDC-TV0+~8sdS6x;D^^lUdz51N8&HEN_+p%TqF8Y0P~Q*i*Q@X5rPn?4nqG(x;;Pqx z_m!r90iL)E#h6vcfu_BmhUG-uE(8ml0{@v)q{0l2?}?G#oQKb)FuuY{A}cH&#uSzn zh`Qxm#3|TR;CM4pEaLCGqu}&ky+3iUHZ0R7t*iv^61x?f5d#k)ZS9_0M=8MRkJgv_ zPW)DzNEd5T_BZz{<_HtT;{HCrc=g%-&IP2ug>l`w)KnQ`)jy+&2FQvhFyIn)U0Mk> zAv2=C8gmAIvdgYM2`P!~es$wtMJs{9b}WT}5<8>;ty}_!D4}_D{|H11PdUr6&Hkx( zXZ0bun%#pP64Vy1U3~)`R`Y%R3t#T2q>Jx~A^@i8{}EFIl6QZ*!u7V`U!}Z2Z5PCA zPK*h`;-$iu$}~4^vuS^7@~)`59D0qR(Z)cMpoAPO;Kb$%Jl6FX>eI4is)Mdj)=?(m zM7#?C{`0A0G!2X(zJ|p=;qCZU7`4z1(R0aPqXPdib}*=@FT;3VQGoXE>wp$O#MO}4 zpF^z_1TI{56`d%-F;6=_T4G}oKD&e&F7eE@7OW@N4+-U%3;-4(EBM#oiTzpKHT?J;0pb>o;y_(>$&xV+>CSP05S zlXdkYckM!3fa%#4pYWn-Tn@OL!)DZ5v1>mMhAFR%n&YwlPEbd-}?d~6? zN_SySnTCS^5F&yt5(7X$i;Y(GJL%$IxLc*hT1*>`XBs3DLr~LhwI@2Y%EI3sjQW|x z(z`5Haq)U6X4PE*G?R7?t+|&F=_LS0kzf7unhx@>>&vnZzT!*Vtqzv%b%<2;Ragad z(|?us^<`8PQRnG&H|De!;Wi|Adfl!0gS4yha(zScoq(n92d)uZ(V}2pDyX>HUpHk? zB}1N)9Y`TulZxG#N*(Q{_rDS?G0}?M;l?~yYin3mX^-A=AH{Th(>Kj2>SF|%YV{0Kjayhu~QAMRZ&B@B~AFL%Q` zVw=7?ch^=N`8k}q5&njf5fS9+oFVPu# zR{+t(BaRj-M?w@)wbNUJp429^vatQhvXTO*QG|puj!uMeZpyfS*LWG41ms5`z>?o( z_#Ce0M{?=qxdl2K7ydG6J|L^`9L0G##_C9_^-Alg34O|DPl{PbIGLba;gC?=Vyd5YoX7 z-lD$&1V{+%nZ_Fs4`b;AmR`d(yq~ar70DBiO>+}3Kpqsz6kS3v+{%5^L=WS%p?|Zq zf*j;UL43)Jzp0ct5(U@iWmKOAZI~vCdH)T!?Mt7%z24KfI1^=Gz-CZ9KsA7KU4l`* zGk`l!Ax{^WbMeEOp&|@MkfxDCclsoib%^wY! z$k|U)r;3{Y=$ZI?VVK9uv#DpZW~iA%w|^heK{ANtPD}Xon@4uu(1TH*0iPcpW9A0e z#B%UZ(1FDrXX~gvQ=mx}@=;j4kb%SjITiUc7sx zQq+*~bI=DdGUUI{0-QS?AvVNMW{QyzBEPRQC73rk5r2Wb%M&Mg*p%b4m!%cR&d=w> ziG?X1IL-L0*oc<@mDr>nJGAB@RkiY*UWCR1rPX;gx^%y5CKq!M|FZX=T2$vH>S_~2 zojo#SS~Y>xKR8!hcu3F=CDe=NE|A`mG^Vm34-%8%hh{P+qgt@awVq}#a1P+}Y z{<;hi*gPL|c20s{Od#p%vz>2Y?N5;o}t2M8x{My{( zd&%Xsxs`OYp057GO82$(b=2eTxqvq+kh|)XC0n~cdW`qSJg*#9=aE}5`B~9g+=;N0 zr`qy$6RPsyJiU_~89*q!K9g4j<~)NFAz)P>im8eBT=0!{rvjfVa=Gegr#W$_A%>|6chra;EH(fc3_=*ebe^Dh zES-H%2kS%{=wRuzFrv5w7I|4n#q$iL*|nI}CeM@O_B!$o`7e!5LGO#bHLVA1(guP{ z$q$TN#Mw%mbE}7nj^%~H8)G|Vgfxg6@dh7}A7C zhuKCKl-UaqATLtLz&7sjbwtt2`qwGfiO0tERH8!65h#Lo844iG|) z0oU;R&W7`nQs|@xC4wUL&koacPEMuwMHC?^5v&3ARY#^3!Hc7^kj;*b)Af_Ylan6T ziK55=O=w+bp=sK{0AG_?>@o@$rVC;~T#3EX=#2V^oi)@PIpMfr1W}9gIZHHq^`1oVv45tN4C9ux{FV zB0cwj+jOFTR?C|kk_db=t;OVE-{eQ$?o!gd=N7DirEc?!Dc*%Kt*jjy^NYLF8@Wd( z0qf60QDXF(r$08NQQ@P{>cx=72v5J=PGLa|CVsip7~mKg;d|YriMB{Rxfja|k^Zaa zcX$ZNv%S}jT9wiM&v`>Z`(8xIl+q->S%QE~i9r++g8{eu2uK$lqmQRh6&AVMcen)O zTf(M1*6W0{bxt)Uir2=9mfhqabi63YNW&Eb;JN3{nnwXMCeVsNZ4GT|Vlb;tsP)Nj zdNWVs#MI_oh6K79L*AcGoycB^tT@Y~Z+y2(_RJ+HzG`#CgIE6)@K1L~Y8F^hK?p6t z{RjpekCsb7jUyP9jTC`p9{QuGD9r71)ex%(Ez=@WK8sFt0XJJ(Mf|B+^q<4pPGF?M zW~&6VYHMdO>gt%tz9|m}G(fI({#y1RR6+tyiMaowmIjKEL2q6p-MDP<3-H@=g$yJT z;mz$lNLdlnYBwyng;X_nv5*WrFx%lvH5*SsnfS8?rli1Y1tyHdE6rIM6IN?l%s9O` zD$Q4Nq2uK`#{Ya|7A@~wWZu>8w~^bfS8xp=#|;fvB1XWu1r;E3b@9?FiF;M8MH=J7 zrUr2sZ;}}N+kxYb)HPdK^Z^+uRK6LzeflmjE{%S%U5)gp>@-M>oqwUr-!L3X!KsT! zhoY9n<4GuMSvlR3;YAbnOMvpV<-x+322J!n`eRD5yUYF|4@FaV(-*Y5v!uW8UZ0zJ zD(1WTS*_NhhI6*@VF++nY|*k6^?lfx-{&uWkTN;tef+hx&Rb z!Rr^>RL{pyWZc6BZ>Zk4NW^+95dyELH(E8lF7_ zzFfcv&K=A)E?FBa+?{Tm%kb>a&obB)a*oq7H5!sxe`KKsSQWXrxFklq0j;Hf$MpV{pmuf8My({|q(kCoK!9S`q*K zhrSd@sVZfFQsQSidWpKjTSulyU<3^9XJA7yZtH)Ol~NF@eLqZVZ#O00(8I3E^-o41 zMvP9qY*z)wf=!P&2myhHnr)=#SmmET0l@4s%)QFv3BcF$GrPz@q7XgU!Tn5mt;&!* zL{C8#Zdfc}04yS8=ls8vY`89ki2dhF+S7!%h{%#H#*-TJAf0jOFT4O881w-c=>L9g zE=8Z`cPQc@wsMVDvkljRLCcJQXF%)NV7wA1;{~3iSb=^joa_Hj;Zc;cjfwZahkN>4 zoTu!ce@+L6Y?+xsjpfn*S^bXRZ1L7wO$gnVEs<~LO~rWgzmTaEh{BOJFQNxL<#*(o zF4?4k{T&)$5{ zzJ(m2*Sc_wu{q0ZsmLdhj_AmT>PW-Y5FE6}fH3Mn)7a`sc zBDmbrP@YV4FIgmIH}f?lU;OdRLxbR#D3=&i1HgoAxU~1jX9%w%!nKk9HxzfrV?dHV z0>J6;f02lv11$Z3m$Z&TQGdv>J;(O1FU11qyoU+{y8IPqlOr=?8uO?Bx~5-p>6oZv z(Y5~p(>zC5n!;fFv1KWzR%L-sd}QoTx2TCj{j3uHYr;L4OTc&#{4opvjbG+wMW(uV zz#GUE3&h+H|BPv^|2=A$zEe$yx;9rR|M{OBuww|V`)@${;nCi%Z78aCsX!$K=KBW? z-d#sL--xU|sYBD=6x9H5=ss2%FHz{>&&dYjho9Z~PJD-0bN;$5<}u@+sFy+Gd$~H{ z$Hg>e{WD(kf!-Tl^A!-`;#I?QygmnD!0{{%b^;_{RyjIYNeJAw>I zCgDK%89Tf|xsHSN9q=js5$tOsYHcmm++FnPY}nr{GM`cBgWkbGz>LI80luN1Ms`TN zjmX8=-Y5df`CqW76#oAeoRk4!4BV1FvDsw%gug!y#hg5L{QG4BFs0{ch>ng2FA%Kf zxltv1(DZ+zTvA|ow;=U-&%NL1nS2RG0N!xe{O@07oKG%(OY;KdS{MI+1_)>#$N6}& zdwXX1Z;BuU3#%b=>$J~DhdL{RNR?=1J*8{XZEoSQx>A@icsa_OYzW^yB&C(GO|6_u zqcptx2NT{9IlZhrF=_pqTV1N9UoN>#$R|ZX`)zSvJ&}3v%KG#LHLefU0t=*p@Zsr; zqMCeIfw)R%@p}GF5o$n~Ij_cHD0U|WeX=qm`DRC6X0O0z9EpM2}rUuD=Uc8>&2HKYAB2m&!VZ@V^7^KgfpHXes5hU~P^_q16!~C-AS_LtVMg7Yt3WVJlKig8|(% zHS*I|IiLw#9TF}g(_)+{Qx1iB`DJ;k-2QLgVKP9x|D)pnjD^SB{*pZ3@?V;$%cJ}e z<>n+%XFGY=AF^>lz21AEV&XTU7e~KL36~>vLde8ZSEvUI>z((2S{|#aX%_Y%Eg{v3${rzpA{RZj5PgU zf+Dlw{p2s+1##td}VfS7@xM8YnC@u9AuSR1TWbf7de zr=5lXNOAlo0c}ZD9)HhY{pao*H~pm2;3<3TIR(sk-8p=rAU4<_jsdSD2PK#NMNvI> zc+@IbLaFjE{of8=;_M+Y{5$m^R0HH(faOZ&=NmCCWJsu5yOL6a_|YN;oHxUl8lu^# z(V_mL6XuK1)d&IWIhl&Mv*95|kRoxbYnC&-JG1!D7zGRL?i|NV*l}t=4vDJ#F^<(y zLM8hZ?S&3G)cf{>P3PkJUzuvk*;o>>e!j}bu<~j=RvdbQ{eulv&iKAzZi(H@DDGX; z+Vf_KEbl^3_r#{N=T7ejz|1#D(UU-BCuf;u%{%c>EiwZm5Hz~g1-P#3J$bXSloS3| z`Ys}^F--^=v$~xw4|{Q;>ztVOiddXuz9veV>DehFf+%nyCZg2UL;AywAI7uEF42Ww zOk=rMo~sIN4mST`XtR=T5xhYjQm{a0gDrZOHe#SI1lNI3<8X0Eh>QzDxLXao&cNjY z0#{QQw8)UbBrZ@U05Xp!1W`(hjpiln%VO)4HMuP%&3X6v5{a^EdS~(^YM|2T$yO`l zqVsZUfAVtpqor!xXj`Iwl5^M}>GAEe#^IgT_%Y?YNR;r8aXxiSc?xv@d?A_;A{r6o zfhAH1tf=U{x{r#P)oGiQSrr**?!HmzdjDqSGx*B4!zX*G6t;84?&S0xjsHM|3VWN@ z@Y^XZ<;B1qsGF;v3D&f;{E1EWF`AsQ;wa2A*mmpUIiUP6p24Fj1R5z*SgANcb+?E9 z@b`LgatSNA#+BX2D!|#&OZ=&l#fs?Gs67Whi0+i@>`Iv!?0l*~Wm)$$;kYs;5+sZS z1S1#_Q5O1dWI%s^kG2xaZ`>oR+`f{~OoSkkfs34*2!z)pg}JOt+^sTp@Ai>+gN$ep zNTqx7WQ!f2e%zvz&o{`XEced8u)^2`A$yCS+Fj+G7s4&B&yK;Z0w_skjDirzv!4pa z3C=QiR1&Qr2W!!CcO$o^-xXYrj#=M6yMm!){;RNt7lHN`s+Y}9;{`ly=8Id#mX@K! zzw-@L(jJEmPB#wR9D$(h$beB1oX-kpv9P!cZya$YP`y( z45+=jkAGwE*tb!m4&C%EL%R8<+F(ER;KXgF`gxtzF98}e@5h!*)nB&+3YxW@Ej9dX z3rwhgg|qQtZ)@4YuB^_rHNP_|7Y&RZJ(0#DfYYO8ER1Yki(7cU_t?69*rzqlNZ(XR zkP19G8OrvR5Bu*jow~BHi+A~FMZE}C>DVdM#oLh_$xKHT_9NuMY);y0O6e4 z8`EI1zmr^!!SS9p&JBGKv+BmP7y0`%cKR}qc6c~!pA?t45?z{?k6TfIoz0og1ezdq zk}7?m>4CtWa{kI3hA^DZUXEqXyC{+Hmtg*7k{B%Qbvr-<+L{ z*`Kx9JcWSeM)=!=dHCRxnD_s;D3mHxARby3!7YbgxXxRT11FPmzAV}lmuOyPo6*K* z!7NF+oze6-TLVvfXf1&X?m(^$ItAXHi6}UmE}85(x%Vm6d}B4b2zu;Rry@KG`5ejb zh>$UnQIyz&g#X2_dW&EjAJenZ6E@1ehIgXyQ1~PFtZu>)zw6b5PjBGp`)c)mzeFi4 z>+T=t>`A6r7wVPvnGp}@Yr5ym0t!Ff&gbhksPIH(5djCUaMm34WBBsgAED>A;u11V z63o1UC87L}abd@RAJdlRGI886_rqjES0PjDswYMp^eZDKuCm;N8FEyr9RbV23WFs& zfv#@fmm0Gr*X8l?ZtGN#g@*sct|GEQ4w_~Pl ziesM-RE>w?u)ZHmu=UbwbGHd45K+iboGU5NRp;|xaV7v~@^wiP3tl3ALI60SM{mpf zOq2o}U9c3MzErw&0(lh=*#IRg;X(Ma4D=-X+;p7#qK~UFY%;!$#YQBF0!k>OVg(53 z+UiU668`qaRiD-eGv$5hV35<-9 zeN`beOuxS{^Q|y`XWjwWS@K}djy3Ax2u}Jlp%*NC~hwcBUiwH_D zK(c(cAX4Bd3sA0_ZB$7ipg{l$&CXhCN#_O;)I}bQ6?;ky7VG}Obk*#pjE$u~h7jg! zTdpUdY-yGAND*zy^epuvFf|gTKQVe-LcBya4%r;8;#`YlZA0C57l%JaK!FhYXKrS? zN#8wEVBapMDMto87lOOUBsvS))y`4}d!yFfMf>wPYYjD~!at$4pOr^Il!%)effUco zsIgXTgV#)^+GfT`2es!b0f_!_j|$pnvT z^7sAgoNUG%XoBM_?ZY9r3tj_cue?TXz71g=)?sn`V5F!#E*2*9i$*aG)O-HynUVsN z;x6e1P!%?8?1vT#{Z(6-fzOC7=MW8F9)mCF=WP*wP~(cRu+H_~A3AOwX5y3ozgQ>I-WEeXUReCqr{fu8YfUnDZH?o@ZpQg4an z(}WJco9Y{4Z+-vkUiw1HC{J9`!vii0)!ve7PnG5y^9)%%>hymD@Lw0KR(lKnIgu}I zmFwe=xB$|HAyk2$u?IUPq*GG|(6yoJkZ!ZIPZ_JMA+J#|j&{iZc!6Ajq;1=^x4I|` z99FN%>Q%W>KgM{2;oyraeFhxY$Lljs=WX`nWbo4sUK^_x!>XrLz=Or?nX&jKYGu@V zgW9JD=h;9jSE&h+a`yAjHDHZWw|olX^{dyJNC1u8@i3ep5E@&qfaiNX8q(mJ{KYx> zcU#hK2#xld`FeQ55bi4*`Oq))X)E7SfuHsvxAJ*X8#E#Z3^sr;Q>*RLy@1whj)DchqYz5h5SVGC;PZ>KV9dkgzx?KjqKXI2SgnFo;zz9+F9a4;=!{f1d;>4 z$1RV4nc$!oM2zIV}dj7z%I$mhE*)umSLhDYXrGlZnP8p~HCu_8` zFQazl+G#L_jDJHS+^`pHSx7a;oq2!yPcFdtOy90y!ya$rHm)GSZO;UvYa=Bfs)n+J z`a1ZYJS0Za8RYrqi-UQ3&j~;&siA@UFs$Y!l?_lf)OJ|Z@$(Q!1cpS!4y59iw2Mz3 zY^~VQ9XjXxu_DIW?Up#|NE@0w%hX1Cv(y}#w0bqRj2fkyZnp_Oy}dQ+V7{_i-D&#kvaBb3tMSl;tlBWiIeh8DEPfFM zi6IGY`j(X8SSyO8_o8^#$-H;Byc}+&v*9$_ayiF zyowH#y>+gC@R9g2);Bmk$(W}a%%mV!u5bQ1DcNE!BIP3MnIL+0bwwmME*czAq`4rI zqS$2$EU#gCprUJaBVo(386~<-CaO8+Ei|)b!j}d%Guae>U%Oy(x|=s$HonAma3bp6 zaQ#mnEhSJRZLk!CMZ7{-uwrB$5<`!#BL0Bmf@Ni8v|&R(JmOp=X+T*lPr5v+#HYxC zKekc7gzF@Lg=L7j#!TPGlgM>#K&NF(4&g(r4&{m|Qvn&$26guU8H@%iKcH4(Dyw)t zZprKs-IY zu$Cbj6j+HZfv~RW$3XOO;S7XFDF9b1HRh!9ockv2Gej)W4zV(EaECm1Kwpx2K;T55=_Zy>S?{agyHL~l)0 z<*XMSvF~ePt zi-5t13AV4z^mU8FF0AE^19jrLKxD|;XQy3LLkedJn>?A{O89D=Merx_1otCDK%BNb zPr#W%v5G#aQs}nUZln16wOXoMsMyg^3X|I*0s*ht3oB7>3{`?0&(~5 zMXU7(|G2Mg! zOaUi*j7Gy7M6jCc!c?SFLBO@_<0rKP_fa{*XGR6sxhRg2IS~_1Dj+^Lwi&lxhyAGl z6Vb!A`l-?@ohUeE{wmeRduabLFip>S)!!ckOAnbWy;HGziTG>$%T|TRYE(^KkK}w)5e&6JU?{L0f_KB417ld&ebr6iFWCB z)FzQpCoAMZf<2<$HF%s-e|>Q z=l5f%rPj*u{y^hpfrYeULS!4g)7@c{#lAC5X5=90*UX4|6djc>0U($+vnXm$zr)sk zZIwr$b2!ckX(srtf*l0dZtiZ$|AC99XT1FBZxY|&Y~J7s%FSqzbpK%QLEU#vi4zsG zA@v|`{kn1qee&KE2=O*=bcw^+PAFZyRG|h4kYmjJ=lr zT4r=d{QLVR1JvNam$rYzr~r*2Xha58Kmk3IbOt`f>R}+q8|KkoC5g!(1z1!Y(TP=@ z{VucVjv9-va2!%{LUO)08kXce82&m)^X~_M+FI= z#Wv2Tu&)&!T-?qGpN@3C#_&ZHgBj|h+I-!7d7rdUM2DmtkPPW+h+iH9;pXD$o8mWM$y;(Iu;FxCz`yc{H3X<7(> zKpKQt$1?CV>T~ZE@XEttttXwCcx;3cq!#FSGkO07CKdG7T_8UEGY$0g@J7G4jEC`wD}3w*06ha=`RRuW|UnTEmtW0m^zMO8?#mq#@RC=gK-lf zfB7hP33GCN)+)cLD(Nf`yEJPwl&~|=S#t@jjAIG?$3=n_X{3Vg9jtpAQz|!65d_(s zA;A!ov-bfG2D3@`&irfHowlr0>>5ggZQGr#UgLsC&v67B;3T0R^qvN5qk%FPKKt%< zfYE53#s)}cOx~eD+6Li98`1apKD|QxfR2-nH^h1WWmb7cnd+!FLHUrey4&P}| z$aj_>zn!ELIH?uM3nV2{kQX=V2SIh$Fq^weW`e78;0CbwPf2c-F^jh1a^G$ za|s!0+K7(?;FV2G{Ht^<$U;?A4JpVbu6e-hIIq=2;rq=j=?X|nqS5(gM;Yy!buM?% zkp@DwwWYRPo`1HeWro?-jQyt`I9}uV+-fmcCMSr=xYvHKj5ZVhN!jhMEJKbNy^|I` z_c(hmU>z$|D0>ki@Tc$3h!b}PM$g^+%P`1NZ7c<<#ptgSY?uca=lN=C-QlRB@FRyn z4mE9HW8QQJf}+2~qy*UD2Ibu&YZPaDUX=PRrd zUs>fdZCYDx^b(hjF?o>W+m5>)6?BsnB>F3%!MFtpgH3_iAY8?6;n8Vmo#s^eC^kBJ zoA`+zQcEN172# z1SmvSvuZj&%xF!Eb30tauz#;Zlx9D~-p3Z`lkIEgMnKURE*;)0LV!pCyaQ_^rI)eT zHy8b*Ne0QE4flka9eg)=5$XxGaHReB4nZEDpvj=|*<@s_E&_+Rie$WM&|h)=*$)^! z^;>pzSbeA`5hm(Uc{HLHS@?7PtRX=BGH|O@E=3+MklVyG$6Y3Vcs%i+vCbn0)asuF z%c;TPr_;pTNEY!9*XdZ^>z0-C=a)NHYtTKpB`|Vy;GAmuD2x_FeEW*r*A#N8@!4=D z$LdX+p(Kq*>v{^cp(_;C8-JsvL5Mc2WFGo>2#k+MK8xALRU6*5rF%QZIqPIwDLlv$ zeP0yV^S-K`7GV4gTT#UgEmTGyJ+>Crl=_uzD;X-4n49)a&WTwb#+lQ-^5@F$Jmhrn zO>opGx|aM3kd&8gRCm*RvD)$JDtPcBKJvyg1Gq3S67`5pYXgq$Ovcr&tob}erll5F zLp_z~0P&8+E^TjTUZKwmQrBqN|Fe5k$lHerjTH>U?Xa;S!A#mY<^d}X?wy)Muk+m$ zWI}12!<5LH=Sq!vldM?HYhd}ep3g54ME~A;LXD{6J6Hf%Say?5;Vy%-3za-d-}R@H zDQ8PI;>FJpsKhVCTP>)q{7A;Gv6HGi`r&J_F~CtCHH+0tr?Wa2zdy0GKk-&v5MQ^u zD`oBsCfz_$iHF>TVbAB_Ua;BYSzCRr-_0S@KEk~>E#Dlf;D@hZWKN0KFp6lZ?zqe0NFqwhtd}kf|>wQBvu7X&AMU z0E~p^g>Zv#i+PSYP5rLniBPnd#EHg?7$^+Fd8JhaA(V}SZnd9Z;6rO2g9&*h&w8+5 zLZUJvokJdN^#smbM%PyP>P%sp2c--FMnj0E6i z`r)TTFTg95K4$Vh)P1+5=&T z*HMo$o~9dNE2{rW8vi(pzSAd2Gofe9B~SqqsLaOSYs}2Kp0#xC`i1^b`ag13&H%Rd@*^xgwNgEd2*5PWO1C_w$qHID2LFCo1$ zx^?ZH1NsCrK!V&WS<=)Py@0G~tfjQ&=(|BS|5*6QV&ak6dHRCY+82usMLd&{qB?5L zy-u6u9!6#ztCw+^0{dT<_GFeZw}{S()|z7(8XL#;9}fsGR=@a!pV`d#mE&vc{)_l? z+qoE}NHtbrGL|G%)L|H>j@uX+LFCLy`zuSj^RfQmFq`kwuR*vS&GDTQ8UEy1%;v*} zZ`m`C6;KN7-E7hp{WlK3(JKyYY0HbD9RmFeeI5iQJ0pb!p)#sa7gdNOu>$21giM(7 zNJL$Lc}YeWq!*6=>IG_g2&__LfufJ^dc7N)=eutrt7Q%KRhpj~4&FK1*;sVW`~o&@ zD2Y3b=70EpL;NY56!o>~jl+R^Hf>lbsDUDuz05Szr5?(&-QJEhzI!s>gTwU*w)(9M zuuu8AhdF!QkIo!^z1gC_ssigg$F(%4h@QqtO!+J|8#bCA6ztH>>pght!WMan{1FtG zBn0<@amI++6_aO4!TeDF&V%dxx#^gm;e)|u&FO;_xqrBkP56#5t#a@k?W_OWbQ!RJGb;P633JL;Yd66VSYu_|`;m4)?52xEn_+S<7G=7dBrYq%$J? zp3_ABFY{VaO*eN(vd?oJJ(tWLb>GFJ1u+)I}XS}2VlgY~Rsq-1> zssh?;adG$i1F(H5J3$Dv;&=hu5<1?@s%S=HOh#zr@yeEI8*`%WTHO^b77=er3wB=8 z_-u6b+B;lEU3EdOpZS!(BVPC?P}RudIc=CRJ1u{u^&^t z6xz)oRm1Judt#ilky)GieP6HlhG0N@jDCV_nZ<&f7@ColWlsRNxSMm**)(T13E%Op zG4Zt}RBB6^C9NPfMpi-@4XBGdzsOh${FQOx^kIIhLYogx;obw|Ej(>HnP)T88#63c z=(nFAZJrxoovc#3!5xgLt<#cU`O_pyY%~klyHI(Vj-!|uk|Dl)5+uKO)f2YL`MVfF z+3voh)zzI3&e5_f8o+))L#x#1PYLs@($fc@ShjRuYfcxkwYZCmVm&JmgBHvs>;ct6 z9w&PTwm%IXM6Ii=2T?kjA*ovw=IH19nPp|xN zC}VI?{$N)_al?E%q{`DVo@RQjrE~m47K&_&t8xHMHK-GY_<0bSh#SpI8@o@w?ops= zm+i}poqJj+hKYJ}Yu6j%6FV<+B0T(8HIrOy)@8=^j2KBdMkBxq%Wf{ERa4e9)aE{Z zAl=aNtHG&lTY2cDSVzB%&Nk0it{`XaJ8wi*MycpebNZz{3p9`Wx88j!c{Ca&={$gV zUEoUw+I%S5+86|5K)lFNep&$@qhm0#aHsqRV7 z8eE;ab?4YItrAHC*}&`)vm%Ff$e;Fv#$L!h)5bWrdNCg!LJ#fg3)??Q*&pXkantP`FJLvn!=ud(=Z7;9 z@Ogz}OS@;A2N?;n#dupY(!MsOKh}G5C9CEa#w5z_N>TBwKVM8R0;FU2th73OY{Ap^ zWUbt%yhf)|18An&!A;Yf2MggQP^FW0hB zT&lk5i+(`h{eXtEwV_gTozQ=T%vpLUnS|F_4DwQKP0+%()~+5?Wg-d>`g zQ~D2#Br1xgk5lL$z{@9QWH**OfWeU8cVlA&mBNsL-8Qwe&xPwx1n3T{+WRHC+H2*6 z0DWqz{L>4CnNp&;fhS$tEmt=Ofh!~F<^kA(kvLrqVF1nwGFou6*=N<6_c`Q|7$>F z$c(sz_4dTqq1q`%C+Sem)NEGA(x z*z!{s64l;?+?%s|=Ny5#FK>F#Ak25LXHXI+5 z;+~JW7-Jn-nMnA7kL0$FE-sz1jpRZ`mi?3iieaJaUr0BJ6@sHh%NV~O65eFG>U|~0 zioqeyz((>;TKd`;ULSQ3DK>0x3MDTy7Xtt=wskVMGN*{IElo-UmfCsR1V4vST%pZ! z^cn6a1Fc=&3#-WUQZ#vIBoZjK?9ZkofYPc7jPBFeMZ*)Fp%#gfU_>rOy0CIi(u^WX zUl7(RHGKPHc>d4MFSw`M+o3+8huKD72NFF$sM>lzxG{G6o&;ng1YVbo<3eopCedwc z5w|yqkuhF(8`+Ym*xH|)4UPB*<{TrEw!`GQvP!kyYyB|mjxoEhd>Ajmb2t#Q@QciQ zb5SgyX>W+Rp)IOS4XcU`P|AT9)%-N@0!O}69>-lr`gXa)FZHtumgL<)F34kLjj=d= zT+x(&2=39K8x%3uH!^icDT!CsJz=iVR*8Nn?t62ocpvXoT9j(6tWy``b@#~Sy@ekuJ*Fq5 z|86$CVEFqqT@g&;aG-gkX%kqcX`5x2qvU752^YfnjOSLQp< zG{=QI3g>HR_Jc!kZRS~s5Cn5?9rgxtiyw)`USs$HQ^R%!VNO)TcVEmMAT=vqfws3gvvHYBgbXyi`2 ze7U;l*+*IVx2N~@`h&lbY)i<|U2N_;_IlzfELuGV{}e5RvhuFk=_Uos5RFTmg-$?^ zt`a1kt?{nRH9Op&oUU);Cn_^qwa$JoF!wH)1>S7SOz%9qE+-dpaC5u;CGJh1(>{_5 zi3)ko44qgo{@#74S_Q8V1Z!F-LLlF>uz&MSYI!iOr~af}yv)GfBU92?_n^3oMk%W? z$G3WnyYK?YqPfPNJbsa8@j{CEQXM6e=2~P{-$43X^8TFToX?pjn8qo^uVP;_T-5MG z4)}mKkK7Bc63OFzcuR^pF`q3ZY^r&HR>ESw*PKyZdCeES-|HVuyloX?uaPj11K3PH!ZNt*sojJr^$2~WF~k)7KL%A#ZQujG@Ir+vw)D%Ubo_X ziHxLjL-!?3EIY9h`r;Hxh?3~q-CM793?Ez4VwX+sV0lib_zxs>2zFQ0@oKLLP9tv< z6JRpN%5KMtutspTJDfjaPxVBvf zXp#$dToH1@Hk6AEE<;Tbuf=D=kAgG2{Dx)9r6scjuN=(y6x@CL0@HG^D=hJo0KjK! z;ZNd6#W7Ktxb`sIh1|?TmE=P<_IW;MikxFT45%tqzY`8Aa1q-j&{zDrRh^64z_>iB z-s7w)OPsvP_}Mu2(O2bmOGac&edBU}#@+eBtE0R-JLQqrxN1C@FYT7G7@E#p0piqn zY0$E9n1Oaoi9AeLVbZ#T!L5StBAuaXRCDdV14D6j>jkWky@UiE4?Xs*MLUNj`lEBo z3s+OReIb~5_7nVA%9Y2N0RNEp>xdT{|H%c&X?h$*&2L}TJxNy0{HlLs;QPc&#Mk~t zH(p~Pa+zuiy||HY`ISTikn<>JsI|P-*nJ7S1o9Q52tcT$7ZyjPlI^=B2Qg9sKjH+t zr~qk&Dt3;^eUJ+^>PU%9Vp+>T(!Ct`I4>dcsdW6(+rH2)A*@h+YuC69WeH+zVtk_W zO{~>2pzxM42a_T2=-O4uIhqD`TK!uDi#eR>gs97@?tvZaew8=t;`>Nww!#qRrPN_K z?}3ubwC%1?Gnz4FPmRs{*Ek9(F>KD-YqgtZm@p}06jm@}28X6QBLk7|O_ zUt`3uI9G#=UP!WgCbBPBy{BKuxdJ3RT^?EzhO?;=>rsK0ArLerjH0BLH&#P4q5p^A zTEcMm=(T77*Xu}*e7>xU?x+Gym*OCt{jo}0%LVu_T)}lIPw2jMYWEk9P4jlk^*q6f zMi=&+(GAwTdez9!WFXz%z7-Y@(h!3CIhSeYNU+!w;l?K4@c|&}p}kWRd(rEi^zN6`G+m)pP)J zSWkIzF1Q@h^4PhsPaM_Q)m9EnOOZe6%}2!J(T$g197kcm%K%Ht5v?LDnk|xAP8mB_ z8ml+Sji8I6gGBt@7qAhd~~D#E%k$6mNJ=sMWon?7bfqCLCY#10j!7)GeztS z<|JGZ%~@);irI`5D$HnQeMe(jj2RGZQ-3k6F*xjELx|K-Csf4y2O*k#Bo*;OIV^vW zX#g^|-jzmP9kc+95GGXj@a)?7P(9EoohYb?r-iXS)AD$GH><_@x^`YH72?q-NOl7y5si%@RZ zY5L8mr+m1x;5GQLrhF<%LiH@!OSX43)SWM_LJ4J>m`Iu9sVnV$!OJK1MR;G``!5(8 zq;Fzub<}JBTl@#_b3pRh7rMA1;90JcndTmW<3#w%(~nMTFLAcaNcSGIhoYmtU*B#O zQUD`{13@R1zpl+?kYjPH+nRYKG{BZHGB1CQ8wnNZhRn6^d`^>zQ>_zfUiq)CF1bh< zwqTrWucA4;eS)dU7CtJwJFbA!oQuJiFC>{~A5{@>*qEW1oXG$W@{W(sm%Y`oUo$Wn z%JK|ir+VRR~&I6kX z|D59hFW)mU{O}R3>-xcc@j3~ZQ&&V!y|G3bJGIv5sJ@&$mgAwD`iY2hKWFr~EdG(o z!AH9=1w7ZSc;TQ%vy|k1G`II!q!1$}V@kMfnER~9hvNodtXisGp_#1#)5VX^mle)b zG=>vGTTP2%-hQm0qp*EJkiSCQ4bWHvXx04y)86$YfOszg;U?TTx+i=LW|uJF!zGz3J%b4xrY1 zLg!YzT^`OhbkP=*QH9;jG%A{b+bY*R3G`9U>s$T7y7kK>7-!4IdJfN9&$oH$d;n?= zfH5jy!^W)P?#1ZPqZSg+W*GOx}rXhzf&qK%BwK?vIodV4diu?k#Uvs}&iN3fRi<_`QPFhf=&;jaf zK>TOl*p2&Qr@bLzth|*$iAzwixMtl!%I4aKoMPN+ZoR@-<3Pi_RX6N{$GBOfYM=uq zqsi@3cxpB|JM}h!Gebq@&;ID6g1S+AL2b{2;Mh20xqG=it2?23H3*~iA3uX0;mlRI z2(`ycqcVN16=4peC;e}K?-uwD=3RaZJGI#?q`gRb-~ZhR*6o?G){6a$krVjlQ8XqB zDu3$3_^*B5vB`mFUz1YAGi1YmRcQpcLp~Tw803T16Rr+?x+Qpv;S|kavwP2ddNOm) zB88bRiQ?hx`|j*m_sVv-Tro9^l$lR_!NR&h>2-Ax_lH`>{pofrhV@cF>@7_qN#~b| zMO(YQD-KDIw)$fFztI~!C@<1V*XK2~>56ctxPxdH&_ak*~ zp5DWlkpkcbwXv=H3V5BYj`ZdoTZffM8i^k~XY(!(^ZKSX?QQ+f-XVCPo|x_H#1Dbs zP~3tgv{PY=G-(m2xG08Ad!9ANHwgoNMYU|=(k_8`YgP^}=J7o1~uHAJ7um&Q@N+fjf>4P|Y08QmMp z%UcS^{&T&Oq7aZ90xLK>ectfFKGS^uVxUqJ-7SSMWX@S)Y#g3V?d;Ha;UcLpXWA(< zNY(O6ROBRq1Waic6Dd+(SuqL}s-=BhoAJPjzwZ_(a+&>^(c|vQi+7IuE8Yg!gqE)x zPE2h_E~~$B=*l^+Yv$Xy&VaNbSGJ4HdMkbtu@Z-SLY;w*QQneYSE=ebDn(XQ%j{+%TcKJ5hl}C z1R<6OXgw)wPcbB8#Zd0R)OJDuL6we1X$2fp&OKm63Y5mG3n}t-dsr`vq6G$}Jof8I z_4j68ansByk%?I0BKjgp}EvR6BAnMPiAmLL3e!<>L5Mam$m zpHg9N?>1*fuQz?pWDrj3`UCXC5ieQ4;Jy9CUsC)!X)bK8tj5|C%zfjpML+n&1>XZM zl#x4_m2G0)l1taGU$pZ`PFtQ+sC_9#OYd02z4P!DqW)uGPmXUzjxTi>U+&P-UX`EZ z!@QA2ySM$qqY+uyRXKDaPO9wYcyvvFFoH~&5u5n#h=4ieLdS^zDaPN>`L|TI_7$i2 zD<6r0Hc8|luij4@Y$6ZFe_UPCQhe!^Q{U}Ui)a7bwkgaO<@nLf6IJk>x|VpsblJ5m zvh(SiOXYMNChY`Rq4clHPXTq@vf%I#<71s?FW-Bq^le5`AKFwc8hAN6=#P{db)&7w zhrp5_63ov&2DKlW5c|wA)G{2wb- zc6tL7#}SmjALw@70HqwGpT&30XUThBX&i|t`c0+U%jf{FJvn(>v;N9(PS_*#%PS@P z22~T{^2_3pvmtr>Y}r>&@6LA|1LViG;S(e$*ZIs4*VxtxFCg0<3p3aN(@HqZMVI`G z*tH(*3~$#DU$5BNQh?4a+?W$S!zekOAFB-5%xA=pvX6suSmxQ=?r8Gg;lT(Bj?V>} zLHUUF86MvV^!jV$k8Ufqnz;3f8&TPnkJ%kv_5i$;>#e0URA_14j=6tFoJ~5uK{8qR zw>=0hvEh@LyMtg)83nc4=DxK}zKyw3u-93?p#W>{mHsfpcXJ+ZSvq9U6RTbR9VA|t z*pSvx>uyo_fbn0z*j1#=D6?&~2f66~USdZEm)kCwJkfCd>2Vc6eaynYxb=ZI+EJ?d z{efW8i9s0mnm1`ZkMB1!8^mC9vum=s=_1Fx$ES%3d^mcb#fTHR)%_!O%C>mT8wk9J zDaR9AX$gx|T^}IbSXy%+bzXG5#41hljZd!R=5C(<+<@&U<&zBW*k2eK_52LT-5%>B z2IlYQndQZN84-jk^PCjrz>h6b*A26crq}JX?{382>#VBNT$fRnpwT}X_~-YW%^R+f zecgo7hg!a6i+UHY-WVil4M7;6TIMNSToYMR!7o`P6)5P|l*bE|N4Q7bF)p|&F)N{V z`|jrZ`(H?;BC5#UJ(hB1+h=u1}M1OU-+L-@X;8-w;g9j3=9ae?msTU2S`%SiIgxUhUPSNM))L62Yyl|8f>BsnbIEGuH<8xS42wy zZ4MYg{sR`feTRLP9b}dqGV9?~YulSqBC>iG7B3#miBI;i^6<~vyHKf_VIpAA_m-{I z&@j#?;0<5#4Z(3QU9QDr6An&t2u{(yN2j^Mjyv*KinS6<>GOKzey$WAxz z$-7=9Xk9wtcn_kJRt~{6i6)rT4@Ef83JDhd%XT{#+gQ%Wp!(x)aef^3FJR^TI^& zkKrv*2f}C1nGXubgEI(_Nw{9Kt)1+)aQ*_t*PGNWu{HcM8uuwdadn#sdS#YZIIZsR zyi9>I5gzgkd34z*wG01!XGLjq`n3?Iz~&-Ic`xI?eEpOlh)AhY;``! z(mi@9*!J_Y2up%a4vW_2ezj3|tjMP8kJoiu7cu0<-Bc-DB6?CI%#i~2M8X>3KM&|o zez!Mg%Z;(2&f6*bcVF1Fx&GdAF{A>$tlx_|yD%tk$noVQZHb$rFM-FO1SuAMbd1~k zCxzSsH`pvGhzPE|b}J=US9-RdM}jh$5K9KT`XjGTprh2$PYz_D$1w8E-}%py9z=D` zp4rJat2o5zpFWh+s=YLiQ0?~@n7Y31UfPpA=l9T*;lN5E>O+%q>K`IuTtsN0nmU;z z;6L(sLM1%u$n8)KdN^bUAR*hdf0uMvc29pRBsR+GvwnNUnteB8^Fy^uv4TE@D`p>Z z7o{YnW=M|vK7R{pn~Kp`dR&Vbh%7V`MOKOn*?!ZUi|qZ}>3&CBw0djY5u?n7HaXk; z+(H=r_U8yX@IvKX?3{}DkkUGua{+F{dR?SayQ$;5g436O$rhE7-Mt6(;(2WGSW z#5%AeYb@=(<>d=p7s3$vvS@j!=k^RA&c0z*fal4~;`H{dm7(=_8koMnBFZ#vT+s`Y z9Afiwws$p?y0L-2lWQ7uw|-rF>jH{{8O}iqjAdNk^x`kbEI89E{qTfoD?n$6uAHT8 z6UqcsvlLP*KiaGi@jr8rZ=J1@W=a`X3&E}M!#^P1n5Dlz6QS^R%s##w3xPcU0ioFM zCs(nuf!ME_^oN&US3(XJl+ko~2+~S+RzT(c=8ZIuBkfS+L;$mDyB=0UCPAXKcw*8LJq&|b}_ zo2ygLy*%^^2jd$9<(65*YX_}tglzJQTm8&UdWuwc+x(Ty+v&Qj*U|KK2 zy1DiFudPsdpThsg(^rMH*)?55aVS-$e~l#_ey*&};q)=I=J@sZ0|SZO3FtkOermZ6ng=>?an3kAf!_*j$r zJ>uJ;-xiBntfC+1IYE||)%-`;nW{}sk&mGg+jFK{Cf5=BBIXF6fzG&kz9A1V-a6OA z4>~6P{9Gemkn(WW2mT$K#FfzRBT}ob#S&OT#&k%Z8!qLi2A{!(dHmCKL!Ef4#b(V( zWb31d4Pe`#_S3IS0l(2Wr>a~y{I))7mH4jKU$or*y^kI;$-H%R7b!M8!r~h zTyp}zjj+r0^zS!qK~f-7gNf0+b|kphE9pvr{&~}N!x-Dz675zs|E#!1?h1SZcYE4* zzZo6#;cz<2fW!)OO5g$b+?zifI=1?j#t`?~{`Hcg54D)(D1y5_N&fpqWrChpwE_+| z5JwGZl!$jgaI>?|P5mV7&)Hb{*wPKv)X_7qR&OKw3+M7zw~@+Hw@)$jZ9RqYN#vA5 zq$4rDE4^iF)z9>>BE8BFq4gD>po(RKgFm85m-vi0h8y&!wocPrcKWWi412^>c(`YcEGl2 z1O0UyS~?IaHT=9db0)b9fmR{-9xJr0n-bsdVE{ZGC%K&S)u}ubZ;QIGq0OFpzt9G~ ziHR|@C8i*D9KG8=9#>L1JK6(s+&S@q?%FTZmTN+)p)B)>j1TeAZiWZQK-;pA@6mRA z;qcmNU+1Aq5|$h3_Lk;p=V4xb3i1EkBI%D0$}f+5MZ89|I$|HF3Q~Bx<9fS_R%?SOXuK06b7haLPr2^3l)ysD_o`=kIm5GBWZ$<191rXM zI!{2;(ZGCbhcCMSSf}fS^Je5uOdsP2(RO1IK73KcWI*V%ncZf0@{?h?qIA#k9zGIN zxNRriP&2m+!ocxC1s@jZu)X=pA>i`LoLJdO%23H<&te||E;f<7=RgL#I&ip9M7-UQ zseJSnyXoM?xZzzQ;k2Px0v&7) zGN>L(BkaEJ&8_FG`wHC>Zkc8ts9Qsc&a8<<6u@buFmQytDEA`I1%XrV3M4!J7gUxl z_~EpAp^$iUSP#HdhVMx>#N;^F7znklUt;WGtM>>7F`?PM;i?Lvz~!1!s8FipvF!HvB4_ z{9+&{YQ)ol3TKHb8>yvnd$>`Z%o?SycD@fOTyopO{R8MQD>=y2ok zrjuZuUVUBmx_fK&f+|d?9&J@Ou-a(x7wjr@cdWem#Be$O&hE-#yH^COy;u9Qpl2GE zTnzOQ(sEk@H%F^wD=BcwZ{KmB@Wq?*bM4nCsAU;Lz=qv)%4&9CYy_H>St|$A&0|=S z=V8A)NY32*CXHh#sYe^5(d&r#L;$J#HZCUD8Uy0<_{i(5WHF=`M6=UCi?EXNEBWOq zCI8Ql)n7DH!t#Msz`N7zbT3~V>**}CQ1RH!ib zf89|0Q){*nq)wX z3eAsMuqQLqH2rqQqE{l4YxPOE7g>Qp!oBBB3BPd9}R{nkNIj?-F z$9OvcVa&JVs*TgUV6}(06LMF|hXM5R){rbEPryw-mKRhF4Yp5w2iQV_;4DrM0A3}r z1xh3sAnG7fdhEw9AH<|!_xHeeKwKYR03$^Ge6Ll9$HkoNCjN4`&;OnF=a%C?y=s#f z51LU25WvP~NFaG-VITuS5;MG!w<7lKYn%U-Hq2U^|3;Fl*aW3D6ewFQTQ_G`LkbeU`Aw#7xI%U(bH+wGoQ3P=>-ug)LzW-(%L-X@rl%Zj4HV*@yHPXQFaM_ffneG8GsM*xw@Ip+7aA;m&E$Wu zjd$eu@Tj0xl|KkyVGCXK$nBO`*Q*1>|{-A@v&v|FwC_(-)o{a z&{PMfa#I~{#-CGh8sfhnDBr$VWllU!pD;rDGC}!1CsdUK8lywVU<{yd0X8LHYF)Wf|?Q+{z}_t zr1#l4P2KdMyof0+|F!289rG|xQD5*?r#^4gGZ`uFJ9q*15t1CT=4-L(a9}F>Mq0s0 z4MEcPqjpsd=8xh){%>p(Lf30e_J!~M<)&@+QvTSmHM7@K!u~n2Q{3;D{5Nt=VB0x9 z5QHs!^Ig^q8*H}N)=vI$&eu5dJ_+TnN<|n^2fc0pBo-^aKKZBp^SI$R5}Sb1*L!Jo z%BU2LZ5qcW=N*Bk1v#8cfo$>s4#d2OTZIB>czv?X%|b$3E(=I4l)f@=zuPzzv%Rx`Od|p%j+Vcz*0n8_HQdjx#49bo?vJ`P6niIxC;!XZ zt?NARD>VHg8-*`XWbbJ9{4b^upZ@+gUM~9gZY5W3fcty#0KlILv%=J|%&z>*&y?Kt zY;B910B?sH|JavX3P5~(n?fsXBuL~nu<_>%Ixw&-VPiD8;iq1q%%ePqv_ya|YBsrJ zX#Eny4?fv-P9A0H?*pNC#PhG)zox&>{N)0uPysI$|xz+vKOBSo6Q<wo85HIZm6TbEP!(j39YGW*1RoCQ`a%Eo-ymfNW!hI#99DQAwVd{;~Q9HQ9%^k*|f>`gn+#&CWdtr@6+MG zm30I}KPR3hH+)heX}7$X>{)Hw&^|V1^J8WUqb*&UF6eBJdo8b5oVwgpA;x zoX_=;R`e9_7l43L+Mz=(9VJy>`p&63h+OPN^Ip`Ohyu&Ik7rJ#u%vr{eD0rDcuY8p zJ+D1d)~T)(=sD3i-_}~m!u4=yxD1@<<4mqJ^?$Pf_`qKZvn(;d#z_}R>k5SEJ_8jiG`kDQvQ7X9#=k%^ibOVjs9KtWx8*en}4KgCfbax);=84 z0;V3H32Qx3nLJ!@6EyuRl^En+#l-ddw?c&u<5IJbr~<>hT^Ya&j^9zm-=j~q7IpwW zTwD46XtuA?;*v$o;ctGOdr0$NRl&u3wk3#Zk^e%<)lS!Lo2`U9QL(R4NHDkm&7vrF zo%2!x`=NA4Q9*~U=hGDt^ZdIMNHaovchpN)!MsQ$&N&hNg#&h<7~jHVR}hjGu`7$n z9zL8D%!Kld4Edk~2XMhXl2L7}jN?ft!;=;;Cy5ENt*=Kt<^=DD92(d0mhj-OMjp{h z_e&28`QwkjL}|Z^N+^?o!O>8iionpEE_QwRwH621hur&x!`Fv8aXUG4+Ijw70&ku<4u8rLCjHt+x*4k5=Ico)Q3+C$ zhBJY>pma?u#~^nm*=%C2H%hXLp|Z!Oucre45}b+Z(ARuH`1@v*a$xN1au>kY5_j6= zUa%@zd=nG=!-a#%)b!g7AFh8~h29D|`t+U@?^^V+>hD_vJOQ)71wQR@!lPI&VUaiJFKq*MpPBXg?JLi8XErQ3t!pBX^#)7>4~JIJ3609buz= z7L%_)7oS3?Hj(D=hc4VAx4em!is|VXNCHOBT61{U3 zXk-`v>;DznjRQ6=o$-l+L{)&Yi=HBiy9Z02DGvtU0V*m{Q>t*c^TiRbHYJ5L{--wB>*l0!RJU*YTdat9Ji40yh=JS2p z78{R(y90J971@(3rlDZKI!o?*ZCpVZwuw*@}dKQ`wlg>rbUk z)^VP})djTU+C=)Svd2CNvn9x#hLhA`#G-VfO0qotb)A+GvqpwBTxq#t!<~vuvW3T_ zCO3GJg-vpHvVE65b<#LN$+DXd4YvT|6%;^XM9tHio~g_%e=&u=2E$+>9s)i?>fXK= zfrT5h`B!20n;`B73QQaa41yJ`1r5PhLjg8`hNzkl%zy0=Dgco1`(702p7YoCU+`Dx z6ArjL0|B08UKNX0f5z$Fzkx+SH9Aw_H5BLh@jNm(aBYz7gdgAx^CUjD{TvmQ%I&Y~ z{mqO1+jL}U$BPMtze$STwywB`=28B3|3IHTaTxs4Q8(}rP5AW46}2kFO$?LUu&V`_$|wzda7D)IzXFNzFstJK4E4wl)4qw z&UOk7>1?{DopZ|1l?u+lkfTt_JQK=|O;*=WT3{W8kTpn9)tRNIQ;}$MW|7%x&k>)? z;?q4mZ@3tWhklXql?e0?g9bXE>_Ld(18Ne0i-l$lc-)2IfC~aPWc;wr(F(S}=ec~6 zFm1-D%S4KA@+3I!S=t;>!fA)&@9MmQQ>)VEg!4K1u1XRTyI*(uZz&<||Co|04Z3c% zC0&lTK*|mfl!h>UHecVMfgRs{xJLQ)Sk;-jv)CXJAQjX*%JJh!q!e%LI~3_&sz2-R zd&e6uY_OA@#87dG*H6lqT0)`&Ec0>1 zZU=s=;Z*w6LF%aEY(%T_pK`Dit1oDIzGs@NW+t6R4TVpMgIv`&3|HPZM`%71eG%^V z)!unDd55vC3Vu|SX7eh9isi`lp!|Dnj5v#@HN2{S#$2Gf5Z+<)@MOs;<(rysG&Qur zZgcN4WRRbSPm=Czlp#r%0V?hI?EHYjJV`|u;zivdsOqN_O2}vva^ugK?byDL72cE< zb0iSx13uZ6*Awj`X~_Y_kC1wu`qvtm$V5x3&!i>)7v z64D|?m>Z@cN$&7g!?}8Hyh_(@UE94ikDq6RlU$P-ZBlmDe@WV{O*K8kk@-?Vd!QW? z4B5;u?j_{n$e0LHNsX5H7G#%9vTdg?D0y|!_4T%%* zl)q1l1ct+#(ri07S5*JF)nTQHRvw|vfs`T1XoUF&f>Z00fR-%h>P`M3@Fcy@Tl+F_ z0CsC&_c^;Ise>aU5xLPcrptOu(wKt`plIGFz2&-Z`S}m)SGTrsAXmPpQ#3cA@Dd4i zq_s;$2vONhTz`6(sx3!7BW&Von+FMi%lx%BGS9g%E7N~cXC$%r9am7#$?t(ZBpKiG zu^u}8yZ?{vKn0v-0uF7ub{DNAOiW79MlJAy2X=ZY4Wr0uKmwpaa6rLZ?5T^D=s*G= z!eq(GI`*m0`Yq8W7AJvsy6+B$jz*kwA*4p7q%zr+q+QJLdY z6~_L0=RJ(FD9n0>t!pplIiuE>krwF??3)!vd;V0n2&k>5v?qyj=m2;%<`QnlB^B&c zn0l+mYmz`VEd;sQ*Ry%B0c4dI&#_d60+POA(97~Z_&tAel!Vo>!Zb2RHa|mF#9wbfMlbd!ikO$xe;NyWgo%w?mB2X~Py@|pr{4zcuT>U6{ zSdE)duLxc~8D-dv8q*NDaoD$GE4z4!bH{;&yAhTB(tKZww?Oe1n?zo0^5b@IfxWY8cF4jmHTMF!)$D>&VWyB5KdyBhLF-L# z*h%tg{4-UL8F?wRCgTNWxsD1wHPC z4?aJ65FEl?!dhMH&=3L`x9xyqfCa)(&tb(Gcp__!#Se zNmX8~YHuoXcVc79O;%b_tx%mf;>B|nhM&BD9CMvW+Yq8jlVuz4re&AGf^I2%zB6X`%b>e%Qre~Uq|Ltbq`@P`o%w#Pe)WmP- z$3q6}I#VH?D|R@-J)^q1-L*h@r#WEy-QO@CfWB2W2i~Cb??BY^eY^yS@HCd|L)Jt3_Rcw0e9Z7^!1z+UgvdaF%hn!sXg%8w>6Z0f&w&R^G z>^y_=(Ib#xTXb(G?sVu~JU>j3I4WoVTB$Hitxi0(;?5 zGwQ*g1x`tcZx8wiI_JmI^)+wDQ(P&Ihfqdim=TH;4DU6(#x4PkLWqi5 z`W2dzCCH=t>c=H6&5P(A^9K3amk2<$UC7xWFttP|Z`_vCl?l$3mB6;=+yC$K!?Olw zfjg3RN>oV587TNl;wVIv(+?6_~1*rn_jJ+C-W2idq6)ieWRLC%boP<#zzXK@bDX<^{-qn{u zamc7I1S9kF)^%jQ#)lxPxkNZK10o&7Ynx{u!(wDbQn2=Y@#bi)$3`Ovj7zujj^IKP zR_flW#Np>9!|=ljuB#JB>xr0?tE0W=)6l5O_vgb2Jq1)56`pZ`N` z80-%IZ$ceJQS`LAJ{~KKT9$j`S{Fpp!~AsbWMy4m)Ggj(^q~f~E#-TzrrXrJkjlCa zJ1&{nF7shgK~TOS;#pt5>Q3fKF#9ztbWow^5+9;-Sl`0+rGYG$mu_YVxnmD1EfORPGansHq@@=)DQeAVlIqTJtEcu{ce<0uY50|k(} zfIaq}4NwC5=Yk8-^F4Vh8yFXTyzgM6&BAI5f79<+@H4ylmm-Mn+osZrC>OtbGJ(5P zuTpakPf_c-m*e(J*o$(p0x+=N(MkM!+YmI7aKpOMQhXCYS+c9P8z4;mdab7H2D!zn zG_v7$o$-`+Qx*<3>C0>KGUAzCn20e%6JOW7IW*G+p7jJ3#CLU~= zbp196gZ8eWA%ZX5E`3RgL|fM#wnC|jo(2R2J>Uv1CY`6T7YSd;MIBOAUGBPOerELd z?1~ztbTW8Q5EMM%SFb30`vsX#CIytWwV$!YF8fmM?|Pqrab{6e%+0-o!!v4b%mkOv z4274Z4(vbhbnTKk`zP|LM>P|d|9gLUTRr@Vkg4)3B{mZ#^D3yrfAueTGjH~9aqd#E zjT;63qn2jJQ!-`cg=0_1Cq+*(70VMS+)Qys((umBBZF7#}kBw6}r%>|V`ghyd-u zx~A8(=rfC$(WabxLKcDMAk(e(z(aDZIM0i+qR+vG_1unR~+M$RL9TXEVJ4x zLgjBV=9%5{d<2NlHJmW!>@Gw{oL`cAZ+ySdb?y3jNHO|&U~iUuvBCLBR*vKyu{w0> zu^M5GgF|@1Aa2cwGv(G-?6?G#C_-X9N0b`sN1dPnQGw>ddFZWDNYpbSAbCnOy6Sh^q7ZlHLI!fb_BnNvz75Y!Nwm7C z8v6M6J_BFkG=-1H5AO{y(5Q%QD*=Tv#o^(%awF^JtygAD0^LdvtRJ zQYL&2gOij;%5J|wKjOGaw+-^FVmmRNm3{Nt6lm<_gW^DmM{>m_OP>}~6!h34D+1#> zjHF*4zWF|-08^b8?M+1sHmXZR>RGj&FTO6Rq^5wy<~O~h=8vcU=4D(00V-To-U3$T zCig>C-b&Jqu=J1*bLtAh;ZU82kv7@r*4S%t?I|G-OLR(3$G;82fjO^o5If2%Tk2ih zZtfgeYVzU+M=a&~v5$hF=TtaN3B2few07H=e}bIcgX;MB_m7!*QD@|@%qGu^pYDsE zxXyj1mMMW^fIx_Nzy!an6)3;!M6P=+D*&K&rfVn&9ZmVigAw_Dpj{HHa4EpWUi(YH0CHG*4hJWEEH+HkX&6p5r$}h`rm6n~d{Z zpIihtRF#k|o0=nrEE`5hckD2XbE%OkWuyZI+IGuLmIJHU!jYFKb8EBb+TPi@Bl@ow zJ~K3CqlJBIxFr`;BNtCDDACB#zcQ*^VmDaf6t5L@K>-%iZ6KU@5>HifcCv@lJ4&WE z6;hTc^u(Hk$$>r@OkSb|O4U1JjT;x4J!M1k+$n+2>d#FAZh9?n7QBdXx6zGwvmSfS z!vNXz7-%;dxT7OA0CEq4qX~(r>SItIg_jwIXH1Do^SM(gs!7Ov*@5Kqe8$KrlST~W zGUWt}yvChI@A2U86qlo4R4CdcuU>8QvSOcd>AT5t+{DsXijy zLsFFaiLI=nsMM#pW*ld6Geo|z6S*> z6g{2o3#9(f;_juL#@uan%1{9pn<>ha<7KoiChz~CexSLU?hk7kZr{jn(-U4Lq%Ng# zvq6G(Sg>bd8J$)#*FWZ<^|DeWyF^E*W~NWv`8y+lr*!Kzj`5s#{u~n5(Nyo350lwE zAnxpxeO>MO@Yr@jP1#ayIFwX;R+l)9pEvWaA~tDFHNt!UEMA^eV(cjyPu2b!k4KZL z&cpi%$1rfy`b)s^>A<_T$?ECvHQevlKWvn(h3kB~a0G!>L$Gy3hS!$O$2ER9U}}Em zg$pW>$bSMyai#tCrf?96_N?3f&AHT|Mq9wuXf&g{r0VCjNVSYrx_ff6!OpFA zXTD+8pAi!SeZmFL6!?E^>t1-d!@Z9%q~aU>M9!!{xm=@92~;x1yGqkKDxW-q?=L<* zF8)de95Kk94LRe2`@ofAfpE8n)A6#tjR2y!^-3-KX!i;GjeUPRb$MD(N&L!*avg`s zVr{X2r{j(jNp~L#5HYZ0Klqf-9R1!3{JE&RedM^pNA8PCWLTT!)Y)M~Vg6i!N`-(~ zTFtornu}lsB+}zfQIiO+YGhH>>~z_h5Qi5L$Cv~S))MLEOd$G_1*8)G2%^wE;!5UK zEzGEQo0^?E!;)(paVnM(G*H2`{fL<%UwFs%b~o1WZTj->@}A94yE#a8lUZcT^K^&6 zW8TFSnSjT&9PxTAi0mu=A2aPAF&YVPZ7frV?`4r$O^T;C6ZHKOyT9Zmy#BrU<0Wu0 znJ}kaMuHYYxNhA0 zyI*Wf1hzmSW!zB<*eUJ?Tef?ukb*s*UiOJv;ASY12ggyJsuJf7xM_4Q@A*u(2mMPq z`PWFsL`&ygn!CwkyhCb7KT-b=ex3BD-7|60B=y&77s<#YO#@6ppN$&Y`s6n0FN7-g z+`KrPQ0F(GnK+P9I-hR<;;>RRrh*kza>7hLwOsQ=-I^uX-+|E-dT5n3sg2NXdi`;V z(xY=@&#=U=9ff3X7|~65h|}-b`8C6%o){A{mcol=Dl5zbh)_y>HtWI?N3hYJD^v1<`ymk>MptR`Qb+ z`-MnLNtm?m7h@P~>~$x#FP-S)$p6g(ywgxdj`$vhZFpGaH<~pP{3qqMA_INIgiw$S zbcuuqv|WXil{+$Fc_&XM!9RZeVxeQ}1sDz8*3UN910`_{sM8Ysl28xB8zB6 z?cF@XL!Fj+HQQ2w*r6>Sf2n-xPF-h3*)3j&J4xsh23Rq9{#)zhA;LlZAFp_I?PHqC zzNfT-y>sB&DT!GqD`5HewCkdjKO^rBjsAq*NIh@uV4q?ryGpw4Hgj~ETl0_gBCSm+ zx}R8j9)(<5mOp#C+6fBV1n0vx&bMozgI?haT>pPmO~U_%aDA*aPpmQsRP z)TlLgookKBqn|!?>+#QTFRpd{Wiag985OvEBvX!0?yyxO7Pb5H<${~;UVSI^obLB~ zJGS4A>-h-=8RuIVfW1$w#3+rbj;8LrMoFtSS7BC~(8ma$$8jXGlJG76!a>@RvbU{f zBK;K2MZZ{(0XMlb!~``Zxj>+bedR%azxRoA^o}R4fQ_fd{+K+2oJIma!l|=`@T>>K zF3tSiE?kbyp*>P3SSba-f)y37h(EF+`7$YUYdL3#b_PxPq+6ZEuD#vpU7g_Mz?>&_WO`FUfiA>|1dCqD0<2^k<gOuBu4Bhv-f-w(q+7-?`}Opl$sMh=%Hh>z@YHPicQ<{SVDa#%t5zr!rh&g2qj6!1RfSA_3N^(Dp8e$*EBSi=+{Le=9E)j^N~cCcWaW z%_UZf`)QI)-&wuUZ)Vf&JObUonazAjgvX0=vJB3w2A)%x=-dAsdGS-96f8@BGwxC9 zUu(h!`S`me6<6(;&ofW^J_k5<;=OjhE2!WvL~`9yyf-<` zcXf!Bq+qw#Qqt<(rm`*iYLY}3pGcC1*}KwRl@`qzm#g8E zk!`n|y9|j_rJf|->|>6d%*O|%Gue@{`9pN@(ZK1*;EO2AQY40Ou(zy$UnwVr;pvQh ztUu&l^p2Yp2H3mM@V{XlgbLf?Yg%OnrNtH|i8aLO!JM4g1beRjEicE&M5LiT+)}Kg z>WJXNImiBXcP1Vn_6T#4r&^(8TbNLek|)G9?R@ynXB=6&;$oobrPeOA0<9NG!ZvAX z)OVrH(Duq7pGQT0BSYjFWB7{LjH!D%TG?c%PsvcKey5P4|543sB|4sw-l6&q%v8*-5^4h+bx z2c@TO4(II94PD)K?jCIV?slT4HqcXKL=+p{+td}tKe2Ner<{OF@q9;}n7)Ga&lBF& zY^?-7vd6cKj^hSB>BThwm}hp8j0)=kATY&&AO=_!K1Sy{?}USr@AuQO;wlfOz)t4F zlJ)l(t0)rky+_!=89bT?u~oKgP zI#Juj8Sm%WvUuU{;)MusUm-~~d^^GnfaO(5)Xt4pj|?Hn^Jalq+K^Q={x}@!Xq{!}2CS}EueS#mz z^5v(@n81;QI0J9M*^{xH6_z?vpDhKz7X;2<=+KHR&sDkFl$g~+SJ-mIxx^;Ela;j< zR(@hzJ=%6HoWMbarQ|9{FibAO9IPCQqVT^+xZ)EmRFNicHH3XqcquD$b^o4{C6sF$ zM6jB>SNyqoQSaqdtA!+s(-Hd}kdY_rtd5xHSgn?XhlK0!<4w~y)X*^tjP5dSF;)?z zVO1(v?k(C%!KtV2n4p7Po4d zQI!7eM4cfv>hV|*r25fKR~H6FtPI2*MWgBv6ChIT7gloz-&YfChm!jDrPrl5EXHDh z@#+7PJE7kDsFhQ-{6dmD2?q|D)5ft4Bap=jIV~Ay0qo59)mY-}v=`+ui6B1vaw#OJ z9!Ea(ih0gH15556r5+kCo{{W_+kNE!ij!AI7P9kkUAa9iOdo!Paukb}#SRkm9SVb2 zlxdm(gQ$d*3vHd1SN(-u-eLTc;lE{;rF_xAV5ML(IVYf26ABYV`?hGsE^R}QIgNfv z^_Ee_i5mLg|I1d15bN&CFqvX(3JK2hGqcEt@2!@&KTBPWp9!D+EXjX}95Txdr~TTH z{@FH49v3r4aFUvNRBjbKm>Fg`RdRk;^6gbXi?Xdfk8{CXVV^=g=`&5Q*qvORwMc=< zCX0Mikt@nCEXrOP=3Gm))s1GZ<%jSDVT~KLR_5roy4pJ4Io8GV z2_P=fSp@!#ivjV7JoK%7fots58r=-zS%TiF@#wU4IhStUJXf=6&$!OnXoICxwehs2 zy+!0^wu5cFXoM^1Hryd}Yx#&?JGJ=L!&`phG}C>$8vd&#Y-cM{Utb@>*r)VTt?dK1 zMU>Co#vrh>%a76Dj0+dHOsUSVZr{#oAJSH9)yU`$oSc=$gp7y7oylUrC(4F@ZJ@~$*a*$%s?SBsW=j|E_2(g!t{wlKHLoAJ0)t9c*LbCV=&Z_Jds4YvwU zO;GFjv)bt{bt8*14}%Cf$zoH*=v+}iO8e+G1fM%xKkYjWC5eN#%E6Td!mNdfsrl;H ztBRCxqLL=eI=mpvyDTAv7iJ0NpA36ffYg_;(+_^T0L$hi*OFm! z5A<*AaYGsnGD|jRW~2R-=(USBh4XK*BXzzkh-BVWQ9Iyab18Mil!|=`y};f$J5lrETm(`x$^1kgxK3`t9h#r ztba#in<{>x-YRNFDFH2dqK$y|d}(+7H1Hm+>dS=7YV(6G==p2@kJ!zWUJ2LQ{?9Db zS*M7+@xd<=I_g0_1V_0ImJgg?}x*y6rX znmLBMncffAD4`3s42!{#Rn+B7-2F5$2Ti#-r=5H@dB4WV2xHVFk};q+A6P}{5#WrG zruCM3<2MB#Z$mF1=}r^0PlN*1kNQ zm|H3htMZ`Z^4%bbQ(h$?rC_7_qQsY-N0I#`R^D=~LDMbTJfB`FPL!S>wL% zq9q6s-3p3em-E0M;ssxM?=)=FSv(7Sr|f#&-|a1v`e^SHX}s)*J|C5G?JfWgI5Kd6 z5PQC4w^pppI^uH|Ugh;jvG^Z9#3Z9L#u;>cTOJ8{8cQR?*a z6?URCSCcYSJMo3+H-ZoRMcrd{ZS~G=E9S*b-eo92trZHE>Tqa&qBE_|;n2IrLo4>p zHU57+)&uq#SD)Hp-892wyDxb%f~X=L-$)X?JQ&VES=SUWTR3&~#Tk&eI#40XEz>1= z%>w1f$S4QH1{da9NSN~TzmNe{KUrtenRoRl+fuZ~O5V(D(0u(_p)FXgyXs8s)DR$V zDxhr+bImyZaimSWAO?u=^Cc& z>7`ZOL$JHc;`>v(eKvH{4DZ>?h*jkQNaCDLPlOVhKf+cy>!O|5Iyw>pmk_H>@#9XO0au zyh-&bi-1CzUSFf3KekqA{hYApQYcBfPh#-AzHF@N8Ct9aP$5*2MsO4H{Ry9Oi`vU6y!AUnr^c`V#KWyNNfj06(juZqX|D5~dtCExvpQQyaJ9J?x3k z1<8LLr%=D;EE*Ypn}QoaMu0&Ty!Vcigy|W5!C>ed633$j?Y{YzB>h$`>fB=^=#wY( zcbyEqgPTfY=rh4`pe#(zNl>(sqgq}xQ5CxriiqblQ<=&!P4heFeaqL7DU4NWOSjW~ zs!#@RtyFKlaOts$U#klXSKWP6{68zWJZcH$kP2km)k;rlTk2T&w%dqmElh>U=x|f6 zj|=I7?bU^kb@Ut1B~yH53{Bq_tU5RGK3MQBU8$~JHpD!-?D=)N!;I70Uf;wQ{wdGk z4uF5J2xaM+V1v2&IhJ17tF)461N49CjS2{!e98YNV!~h6sU@eH^|W&JOGd@FPyN@3 zSELI9Xf#El-QKM|Nb_c%QX?E#mSo8AIaGka+6iG5eD9-@MKEg)jY{K;j)UNJO8({i zVUPWgs+o8oYOB7F%Q}EzKBU+76|_X%`%6-`YZ4(?r8C2{hMUuWlh>fO%GG?Pu4N$k z)a;_Pc9+5&H?-t<_e%La%T}LGvg0PT$FUwin#VTdL$o?af*RR7$i10&#Rf$TR73o@ z=t+j9y4*M}F;@Lna^diY8><=FgeW#=#3RG{wH{_Xni0>k=(^MulsO^3;zr;$UDB3YCM_59_R0xnH= zkYxphmvIG5%_jCu5#ZW<<^_Mw0lGE)zT4w#^^G>MF^3}L0*j`EYu;RV8ExVGCD@kW z4;dDI+Kk4=jlpcLyA#D2Y`H@NZR=wt=Zw^Mn&@}tOsUX2N;@NO4X1@`xu~dr^5{}| z=bB?~A6I+|KN!6{1j20UfgWTTNBY3@fRMF(M_*vji$5BeiUg3HOBS5h*0V9KKX{3Z)7wM)}XNfvF7u0v|@yBfoyhHtk31Dos?ZH#5#jQDew$I~_ zQ6ByNx#`D7rx4#hBeY#T{&}_KHO(IUXX)MC(>8YH8z6XciTaDFDkx?(gC+s1CdSF{ zBHDJEw()YrNH#neqt-N9mfoviv!@4FK59)4#y6_~-AU&AU>UMvZczr89|)(PuC;et zBP?FemleE-1*PM@1x`T@C;(e_P0qkoR)zy38Q69;i^wd}w3-F=CLy-#GmmuOg+JG_ zR!5{;0UF(Pk_$#rC5;TRWI;5=?+DklhlLx{F1=1-lRPP=cW?9GX{U3*PpdO7W|Lh(CV;;|WJ28H=M^_8=|oX@@wyKr zf7LEX@;qSKYhs6Sw38;yU)|R3Nxg&55Ze=wD!^xmt!4DcjFEiUMyXam%xXl7IJ7#q zuHgN}L%ym2osGos8#E0x3W$G5iHK7A-hxk=6E5yxIXG^|?(^;go}vvdW`tdX6z>}f zqGOu-lrT>%5VH@?aeY0d_ucZXVoo-6>6McXPNd+gukZWoaj_<#fyV`Wy!-tkSkq7A z`Xv{uxxl_5mUjJkLc@`WLGXGrep$LSJ_S^MNOc{>)Ht}UupKv z1ys1eK!2`d^qbZ&dDVQ^X4h`@745W0BUutO4U2gwi2^`&CLGF=7z*~j2*d&;5(-~QqD<+gI?)e6SXRXE)3-M#wU0hmsK z>6>6(a!}plzYda;pfOk)nausxl)CCFgz4Jba?bWj{-R}foSEc^OEuD@Z>awNG4jJ*wU@ zaH0&`zuz2=_1yI}?GYA#yZXG`A);jBPxA+@4m7KGV-X>Cp}DY>K`HID^5$FIbcQ9) z&mF7qedM^;TXF5Y-VFNTr54J(#>mL^f+U~lKKs#@q~^wS`OPu+;f`1Y<=v+h>_XZW zccCc(uNvl{9oV*x;F3<9rrf1_eKd+tm=`+ElzQ{fIVkY=ws!7|=Y~OMmmPiIHaQIy ziH^*t5OSVfF|HZYbai$wExhv*$IQDQ|6co$ErK#{|4+Y2$97%j-oV*+QgXK~5%w4! z%BPN;AnDoQKA6W8_|E#GN2G0DGy;C510yFKKFqu4ah&Ug~;MwUwG8vXI{+j zUNx04!-DJurcCp66z@gAm3PS3ECnz9QfJ1Z`;(yN zxdHxM(~07QMb~-rjs*!DF6^SRpI)ea-kt)81QuK^Jpo6Cq%vN>5zX z13p4s*CHt282iDO!#ucJ>+o%}yZ*U-a`F8dM|$2I)IVoLxVV&o0Q!ES#|1aBaNm^l zp5OOXuY2-Z^-2An_pCECyEj9R5ZzM$G4%L}0)qbY?6b+GaGNjR-JUTP1+oIl4R7nx zbeygDBzey=!-Md7(F~`wCeaq`NbmKw!J{=8n*~yJc3uQK_nH!z;!zfE$y3kYB6}ge z`!SdIYdcx`eg(xz!hNUDKdStHlE60~fk+C43vONJO%OvUUCp#zyfHx6@~Y@*Ly0E) zLP@29vXY@eNwJ`iL@5M-iYOHEtm0H;<~P_RlFV7U-iqHkG0`lM8~8=+cr9AP!D_Je z)wsL(q}m;XAwj96+ghzNP)gr5DxAqu)lJ^t94h~z%wq2A6eeE)2slKJv1YoVz0W<^ zLO1vK^2`j-h3jbk4n8_}iDGmgnXnF~<)#xl(%^1ErUiP$qu^*UM8W{$;KAmr_P{eY zBYQ6s9HMS&GWMphkn+~vQot9TUa*wf`~f~c-Q6Ud!&56$2YWv471}dY-Y5cm1R;U* zY}RtmM}l1G)>clISP0j0H=Nv6QInishQpLwLED>m@;O{jJj4<=Jsa%~eG65xHK#gS zOGSd*r2;O-G#(><{$b8851I?iji5~Yj6gamb7$#tZv336uQFq^%S(%l>G>9^?wyS4 zr|+IXi0Xl3uSIvYQY5|(qCXI}B26+dVf*iEeGGMY&8$~f-HX`?;FBI0+@ZXlJKnX) z@svkfz&pP4^9J7n9%G3KGN<&kxw?w)Oozga7AH^T{Kt18Jn1Cyu|bZ)_1sr??|$kH zvE;iwaGX%1sqg{%QYx6MA}FGEfftym(E`Wo8GuwWx*eV_ z=4@XdWcEKBnv_WFi+^I6IwoT1(Hi^c{6_*8ra5c)a@x3v?_WfM`%xul zp2g~i2ifZwm=+35zIs+=At?RgS>T~Sjr@rP?M0k@0T7Zgoz37L9336k171v(q>K?a z#efT3Z7K-olX|9Wd4;1Gx!(PJ5dy-5h~HpPZa#bM)T`R?Byfw#MQiJq@67&0-rU)` zp-^>Z#Bo_KDpDg|&l%U!5-j;f?46gfg^>AR;o##Sud&1DbGPM6{b7T_oUtCc6zz^; zg9NvbL=`@&Oh6uPS~NFpNg5i|l-sEo&dC5OgfzFbJkq*snapb^px-6qR;{FEQ>)l= zAQd;1*)yqTQ!8q3dC3ZWjHvJij(V@Po=xFP?XgL`p9yW(Zwl*s%5uIL4EzZR|oOFk3**gmj?^Lh>kGVi`Xs(Nc|AKnxU zS1?;12UAc0xQo&QeAnD+j*3_WYU@7o_6T^Cm7eHDi#0a!xP%UNU@t1RXbF}VtSpN> zdT;ij3?KceSjd_qD0=dp&01IE1S{@WsRN++-S3fu1LOA%v)TXog z20nXBx8$)rrt@Ax#G>Gn9Jb=m)`9DOF4Z+(Vz1wBzQ_vhulgUQV}MmjlQ0dC9-$Oj zTGSs$)PJlzu4~m@wWu?DTzLnc94XZz?tZT>^?!Q-qy^4MxE=<-NNHAg)2H>*{}PL4 z2R()RD-6TG!W;t#`jvtYnK$nmzWlf@(ATubtMh|R`r?1-jt;oS3GD3!oCUQ=qGjri zW57I3G(mg7TWGSM>HpC_^BV59;c2vFaR!W8pADw&As!?33&Ew*scvO;=bC1&fLnld`Gzvm__ zE6?^#+DeEm9G#xzG?UeTV2j$oZ$9RqxpgLtlB|!bxznY$mO_&YM97oD!GF8#=WzaQ z^1@5F>hz6~l%4xXz{PuT(ACgcO@a_(i@f3rK5=wP;_OC7jrLj!QPvpL;_| z8FL~G63d2-2VD5m7DUrRDdPMV8MD?JJb$a;)P9V*z*GIXtq6&(`iy_Tj9F1hK(LR*WWbtj5-|&K6L|4-69U{tmo7)LFnGG$f|$n#u}@`r(pjB+7LMQ} z-q?gai9=8yYfsOWsP!#PdT0TL*el9-v`A@bB4yT*h)e$zFQJAsoKsSc(-ci%yNr)R zl$xpajC%ZtektF}zoh{Xu0wVG2vz1A*^QS-hk)npGrgaZC?#fXqN`PUvld)qo0b6b zMibE;kI~begdr=0OMc7K%Y8aaVpaxBMO+z6cCvpAsUfe2HSF(4l_yeC#Z(g!&bURV zf&f30N2HE3qLsHvQr1N|&9_&0UIBs!sk^wLvv% zj%FGj?NAVKrSV%S*r{GMKSBk_*R<;J<`|?L@e%h9JTrG+irirW)sMJN6vOIBs~@~} zDu9Y%uF6$~=c@sREmySoh~KOH@8U5sB75H=!(qY##8nrA$p_~g7irwDJWQel-8CHS zA{pE%16AuYIEFo0y>Ne*uzS#8a=(^3A`>e+MpWTk)~~Exf=qAHmz@iFsr1JwctHhLR}JOJWhjOl(io zso{Haa;6%KpKcPRw=!neUbQW$&M)CHCc28b!_f%0C>K)ky#g-M%@WJw()femyYFAj zV4~9u)a#S9kBmtMNkh0GfHyZ&EF&N|%k~)%((S5U3aZaV8Wtq-R`2{-4!-JB-b=ip zCB<^#d`Mjm0(_l|eFHb{sWP2eEcn=D7E@`jyK?0^i})a8bMZPI zau0MO2`-VMUO%r+Rss4h;nQ%nH%SI~l9CWnqsrg4pefe}Sy9pbU0!ht1T~)OOkj}OI=h3Mpt$gy-5}of_?0@g70rBPYMEpHa)o=$v*04d#~kHto5;Jx3E_$C zgM)wBov5>WXXC|>jX8Wl5F;HvA+9Q!*Yb$q&EKac-KbEf!o5TMsx!q3VSuzk$hj3= zAd6MKR2i{f0qSQ)GwlUwJh#}TE2V|+Zzof?l7Da_MIpxcx5Ndmys0D zKpAd~zx@bEgeUFt7aNF4QyfRcnVLMxVD&56ht+uWjnWYnKnPel_rQ3v=(1DU~Trwv$oeJ#uMy1<6_1RDMRl5tvNUV{^&4iIr@d zMH+O@6f}v=4Ie!Ie~>LrN8)C$DYtB@4W$wuY{*|=?TM+Zjdw`yX2*H^O#PmoXuUj5IHOYCWzB<2xRj1b8QuJL_?T9XB zBvCjM{X~bhI(G}2%xjv2!Pkzb)^^|wg}x(6q7MlL{H_=OO&RF4x;H=ewHJ?MNb$SZ z9T$h}9a>cX;s{nBUuKath!MK3T+mfcPf}zzHBB?;28|x^u=HXQqGPpe!AtWfVvSh5 zU;x!m$l*a3KzHTpn?!=2;ZLx80V{=dT$mqv#@?j(Ls`LIv5-G|WsCTOn!IK*`+G!! z?E_O~Fjah1s|SJr1syOyLZdGPTr#2Xi4~Zt799!U(R`&N^9X5|0z1{5+~E#Az>T+c z*GLt#{I7H4X;#yz%hb=s;zP}M2#DLG zCp^K2)HPx2xHxV7BHkwkLh%x)H}q=Kfh>3?2;_qSpkS{I9D_i>6vPFA1g29|=twHy zfuDPGGbjH3`l3&=u*AHt`S+}Hgxm+h5-ALPNn>G#Z4Xp$ zP&JH%NLcMQ*JB>(X{I+3ll}3>K$-aQWTc)Uo?Ad!o{)VJyrIm;5e9?Qyj}_ ztvMJ=II9CJRdy1tL&4`F%^a#zpO*jD16Y)o?K66w^1SGTK&&*7r6`wcl6}eJ>eP7K zdM*^gt>G@kMx93D7vAa34Pp^_;qLePnDhii4XXPUS(4(X@CH`u3DAtM1&E7Vq%HZ9 zY(zqYLA|St13Yr?$&EtHamWeH=ceIAF&-14s?V~UtE-*?8Jmv*Y1{ka^q@^@T{!2w z^uT_?QjKacL%G_V4>q|S=Ls+v>wqipnE2A|T_3H>r-Xgjh?yFqi9C0fBt= z^t@1j=*W0CWB;gNr5cgjB+^=V4|R)*5>Qb8T-$8Yiv+R~&1E8c;Eg0doblX2*gJklKBDtAh7d>rRG378 z>0z_J_dAg4*v&jrI>jVx!Q-ash`o#-OL%k7?RNwkn83cg`u2AQMHn@{Yh{^>PvP=C z2n3IY0SB6k00P-l5+pv8Awi=kLsCrYCCJD%dt`nvzGjrxCr0F3rxtt>HwGTw$0b1VaK z!#b))z4znD^MK_@$GT~t;55xsnJR!czxR)c-*Ymcc-+MZI&k;^1`nt(`0GnOs%hXp zEef%2+S;_}g6N=VeH{KW1PsLM4I-`JAqklDkudnJM#Xt1+poGE;x}(_kB{Jfcs$)Z z%4KNRbemW`R2EGZLQdrL@MpVLfMEbKxgkmWyrzb{>3L*ocsDANK(e_SA5lb70v~hI z#v>i8rdr?@VgnTk$w_bqjR65G7%(%aAy46hOusGt90{3iKK1K|@{XBQR$5U@KWk&N zGrJ$wvboD{JbpzvK4!YSJ0$vYhS?7=VnP2Wfil0PoV%n4v%QM1Q|-yNK=}S?KiDP) z|CqoaJD^EKc!Qv{CpE6c=0-+PM&~m&a!`Y^-&VJSLh)7379=U*XizQnPB6M&x|OcKi58=aY=r~a}qHXc5+o2C@vg+5~iYY zA}LkyITyF>otg*d$~agbycSiIk$R_f9Lwn6*%tE9?dwrbFEztKC7*Y)?wSv3b?;=H zgY8a6qR{rj-lljTL|Py07Zhpcz6z%p3>@_1mg1)l;ZBALArzQ^;T0?+j)=OgvIc$x1^$ z`o}jo1$t<%5xqM&Ba=|x{ay5ToMxE*Vn9oq#gE;+pXxN}X?!6NW#mK*CHeUqe4=8K zppxv9#V1QM-nxhV-SE9~F~$ZL`BO@r1xlpSxaUn`&X}{ig>l$R#){tLOw`k3kPizt zLEN$tJYTA1&96$bMm~VxXJtVgwVP1NYB`2~xN!HDO<3W~7 zg&$vLhYm%@g%08_u8jP6uHwxPH7CgZeYP{mqJ>_K(1b^r5>?gm^j1&(q~(3VKKqcR zfJ)+FR?-p{_$tE`p#MZ^B0*)+z)+E|`7F;!TNJ1dyl^3YEQqGmePQCq7KF}ZH+m9mC`HAapKpZ%b|?MkX~~f1QeN;E|AR&2I9Jh0%k9cbAk5P(xU@EgZOkOc~>ot zL4=J4vNiQ+Kn-oH!v;IVPy#}3f3J2mkU0qvHlcam?>#;fMB=xvM8IyeU{2xihz??H z@E6)oX!$N0%y5FhEimDISfHmdr2$_bJoC95H2Wox-Se>+%EN2DjGz_IF}yjh3?_A$ z38G_95xn#p9qnIQqtHCi*))px2be%TKQ3tBq!Bf8Sz4l<7IvfwBkRZn`C|Pm%?fN; zyf8O%9P};Np2isr7#andIDaW9OViHa%n;QQj1Wl7GX(n?VNj1R)N4He>FrJK18KbtIH=~mla-G9a8}Ku^%WnqT5omQKqu z(|y)k{MEgQ;J9TFbC0m}1jABZtyeVJQm%)OnhX+RA!h|@&KPR_9Lum~FO1tCw{WZ5 zG$~2q{#f*MF+W?|K!1cOh5E4N#rSqAf};t4mNzqZqe41M=3T7*#^DnEgGu6OB5&Vr zdL93a5kr*+TP(Xm6G_~#WqUp=M7)w}F~*1LR(>JU=&p_0>K2SA=TwXvnvDJIIRS#- zR??UWgy6fYj5%=Bpk1=EMG_o?gX#Oi-x8L(77x>#C4lx|Z-h#>XqXi1%+YmBJ;@x^m4}_yBVO zE!w;;gTZGO;>Cu>E00Z{TF1cW%THEF$TyXIrFZLynEFH2n0-&isP=7-9(g^=n-vI< zEj8O|@bbAP;Fnv^`Wf+WB>oG%;gMTFpVU6yWKs~ir}R+OAMqfZ@R9JUXtE#V{WXJkX?_2 zrzSEK-$jj7zl_#oV+7`B-IEA0pA*Upd*PmUNcAgBPgV5%hNepGs&)1c8?KZ9dD^ZO z78fw(-4*Is)6EcbDB8@IfgOU=NA#6jXq$x5Y$$vQ&Kb@>|7M0!9lHoc1^2+-x^0_N zWFNo>jYYp+&Sc|Ko8PWgJ^sgGFtL0%Vfpx{WT8AML(jvq@&HKXCdBLB-6Bl_Yc#43>`t<#>h>1r}wVS#Ndhe>DPfnza~;x)w< zC)v{_omd|z`ex!H(!urV&J&Gg?{>9wQh6A5Ozj4V*@~lujtCGyYdXXhxiVLABhB~3 zAJ6fvykd^yRWP7aHS^m`*(8Z}=$!u7PmTV)@#Z{JN8h~h&DsASzI1c#{uz3yb=&*W z3BQ$ulRI}VM@;r1UMXv7F1*#HcP(n3ELcEo~cwp_VO*r<5YC%Tp7Kn+xN;!aoAVs7}$9jYZ=gi z`S!XG%I|$I;iB&T)rw4^;zPB!uo_pn1nzmuBb$|A)A7*@GVzZbNcXF$Gp%|#7R$zjw$oUwHT^L+ymy}z=3nykR-~>5??ScWz(1(Z{f7Mvdk=Sg zw%&^;x3qmTcT#9P2>yU!J<=@n3R4OZaOjO}nOX3f#+v+4=J$bi&Z=rFPJ}>RHq4lf zcyWGq_5z*H044pgF{&;5iN-4m>5ryyI|dh!;iFCQ7_@00%aDPJ~I;c50S!)MCMENwlzAhCsIK~L9fp1wVj zlIdKJKxetVe-?jP){A7P9H>5RIZz|cIfGkWIis^aAZbdc+9&0iQP0w8jz&E939#3th3<#?s~-?H1<&m4yW9z*z0Lahy-T|Pd{0mq?>l=%!O&{! zp>6H^vpy-7aR#F1vEe<>eq${3(hZ}yZGFPyatuS{1NF%hJ>qB9dcr!Kv`5#m0$dXQ zdQ4gNjD>E(r_F=TNnHs4rPJH*)Id@f)Je_@}E;*d^wma z1nlO3?M&9%2!6@crLFIOmcCgJ=@1|A5acEHa$LSF_|<%axwLGKP3A8V$CfqrmeK=w zgZ70xo5b$2s$xqH{h$Na#UO(JVG%)RPAN5W7C8q@M4Jvy7{W4Kn0XYWL!1RBUpp!W zkNYD`+vok8*Shj$Vj|*lI;M!&a+u<}cFLbpr$&6vU(L5J9~ktX9>L}>jTs{b2ZpQe zWviBYrVeAT8X|8c3h>LVg>9`|W$|i$57CgmPwV*wiT99rNL$NBP&us;~iL-2}Me z+mW!^T$1;dnd+srcR3>MEx0SnUk?#6?5uZQp$K)i{w-48-nifcQMIb_lJ z-R#{5%%OOuw?np)pqc-)xriW7`Xygw_%9S`7rts&oJg|@u3B?i_GfPSm?5VWux?eUL4;uc*2#ahfk0aF@jZ^mAfS+7olYyxfm?q+ z!SOwUuF2839B5Ey4aHbwgCLLv10Z`6Pj*j(K>E>$ zh`-bu5$ykpb`0|6h;yp)=m|)b16@-HlKIeLYEC;D`^4nP4V8s52HTY)7#@HVz-%rN zHQ+>B1(;<16LQ}3U{%tFK*9oqS7e0II7E?{m9!1563L|2-cnI%L2q^v~YgKX4Dbu>X<7yu)~?>|3@ z)Bs-zfsCf9Y=4%oM)VoLIC1YR=m-rYyvJRye957Dud8e&-8{xL9Q2&AMGW5j2@1+5 zM~!tXOJ!c>vAzjrRd{9=Vku}93}MA zZxhG-Z&y0o%GiNcN&4M*(gt6*h-FWO_f?o~odw5Jq1qmp&rsu12UuG%A|%9$q-~Fb zb8u*Bb3!0Mfv@6GcCzP^MJd8z3I6>i`WU4Dc124y(Njvc84(byAnC{vGM@tKr$ypP zuf{3#5ybdGD z3FrhZlYluaz~5LTuhEZ7dpQe)hb2b0{je*AATsCP zJT^%lc1axGe>-#ooxR$>hAAJLWlyK%&HJ$$$mD24NlN6kGt-ifV_BzN&QI^Z#bD7b z!u$KdH(d$0N|*Qe2kN1yCi%oFS9~V>1xGEDYGsr4M+Ol!+5(T~bN-B1;~3K6e$VQK zrk1q(Gvwc?*x1;FoPt) z9yYIkx&Nqj1^Vv>-n$3V!M>95?NdJ07kN%6 z*3{rDRbi-6Su;jy)sC2^Omp5N6X>lG5eJ1t{Cb8JYA-y}Q!ERO+caK&eQGTu1L~=i zEyDmxBN$JFUVk-6dhJU1hthUV0OGN`>MhSS$Pf) zqA&D%L9Gv5Oo*s%0thsvQ^3~)tOMP5Du(DQvZ%gypJ#(fT~(Ng$bK`lf<@yJ&fdy< zOh{APv*YF2gpNuFCnRR_D(JTD2}cFEgzBO$+qe)w$Zm2V`HZ8RWECwqB@FCNn1gvJ zln?dN`4#fng$BJ+$*e-pkxdDt2@r;eZ>;%G4)5W{Y`Rp+{UozXFA|;GG9^#1Ewyv@ zcw#Z28g`MeNezlqr1Y#4Tp#VtB-wGICO$W7${KT7_!BL~vRy}ee;t&em<@E++UcOVd%3)wXotkZA9n`v3!x$SJ`3!R+PvchDt(^Wv+Jc+DH z%T}0fs7CnZ;>lUU$SN=5X87{4+soUH-k=e#0NQwF=JAc8(nh|f@XRick0{d@1_3m{ zw5d5~4dENB@d{(5h`prQdx60{$oFh47+%>wUWDs;E%8M#UjLKPx$8339 z_jtgHKp%zX+v=Nj^bR_IEAU=Ywhk^r?2#@A|EGXh-F)L<*DT0$s0L1y)TCZJ&suvn z3{1LLYFE2ow|`z{zvN$aGU{v&p;u%Of1^x+CT(6pZMe5ykA1q%mh7Op){I=GOcktJ z;^xiFY>0yz9q4o(Ii2}3Nr9V}eH_!&DkitQ+cR_K)9_?m5RI|2y0dWzzq(J4=!$nC zp&sfTkt2OCFFjH+>ydFd!EW53FWY8F4gz8BYxF7|(<_$hif}nDt)gN}@*G1Ew2jy8 z;EfnI%@tba5L7e49TyIkbX;K{E=AKqUe&a=W zKA&vWQI?h$B2tx-zCF;UD#TkwRJ?I0oAJ8pbX3tTk=A*CEOa2NKvK0p63ld7-&CDn z;^lta3%Whh*pv=$x~P6drFECmvW|@7vwqJZ&@THs|4(&LXKx%pA-z=VLqN5k42_#> zy{hp_9=?(|3{vSi&x?MezBEc9mt;3tf}{SuzJ8b#4Arw9V&M+vlaE|-Z^_>y#(p|F zw!^50XD=8B@Fx}zE9=lwNp$k?g`t-#u=&X%1a5TaR=wQ%{KfqOoR`_L&%kjDAxM@M7LrkB&u0J+?1&2p?DAe06*HOC;8 zIaJr1=R;kGDCntH624`d9t@#aka%ve@uobdJk=X_CnIgn?=QSGoQ=PjjaZVDF!HC~ zztp?+lj|(x{sZg47f^SM5!i!<$ZBiSLhy49GdHmWI_8GEBM@jjK6B{C#k&o`9{-(9V3C={`B{T>+&2xB;F(sV`Sd*x4wb)Z!JNequbd>ILkC(Fc=P!z zM#z^UW3G3rgb@-m*S^o{$6Tr5>XZGHx9IrJPM)lm-o*>Alni<3yLpdS7su5?fx{U zHZ^fiYsn5~r&0R({v|G*H+p*C_6V;4J_rGfc$?@|17k6krEdM?tb1#dq6z~piEVGz&zE+!PpUx3d{{c=s6eZ@)gau+0bW9}s zjNnuLu5eV}=r-IcXmJrUJ2sJQDOTXtSmXVtEck`R{UHWOAm?3d-Cj~9jA&yvqC~vw z*;Ov>gC6(|)P@V72?KbtWIR7wsgt0PoG&!@d|=Dh3z5H`qPo_{6ifjZJx%a{>;(;y z_HG*G&Y}sx4h@MO4p%9c-Sz8Bp3L04G+tlVgZ5VNmrccNt-dj5DH;~z-N@pbUvb!h z9*1mSw{D)|+xfWuk!MYRxB#(K0`I640GvA#huPtoSu7j5Hvs;UE10PRu_QaMb546K~dj41cxWSEtm*5H*mE`>|j>E|YP0(mTIz z>su`m1@0U0=!l;un*uDi(6iibU0>Zij{?)$vc+d9%R_6W?BxM1=99-DGL4QRD5w+) zIsgL#(kT{qv4Z zmr1xeZ{QOSDDQ6|lr@mc-#)U!Naa^xCTZgi9P7h4a)eGLVD%Sr?XaF5ZrkzVTwZ__Qka^Wg53oVB{bH^!mHM1!$n2p)6`z^Oc zScu5{B~!;fhpg0q5DA9$E$gb2aiq!!lJ~OM#u(1uCI|G+Hef9;t%%Jtd_$gDG3s)C zsK=R(=l;I$sSk7rfzna$NMg>u6We+KqgtVA~x6RI+)CXb}X~Er(^?vT+_!%c)2f{_d$lYF7ibXUM1Y zu&3PVlj!$qY8t$2r{u2r^V(*tjNOzWTuWp!?X0CIF~OvP-6fAU7`3#Ht=JrWeIu)C zI466!$`6}t$?R>aLG4u1e9Ps*Mm7XkgwRA@^7PW2WJN)Bf;t<+?oBxkMSB<(&%{J& zs}ESC*(7<`1X#*RquA!+iSxJbj^u;|r?hQr1>D{p*hMJ~F9*5dSx1axaY9oCD{Jzm z@%%x)i#=HcaOyMOXjUSYnwJHz9OR`Hx>P)^pOjP~Ny{r&89 z?2+{TvnRU>=BL<|RS( zJee?vhWdJH!`?o7U#nA{|K*>*cK7U1T%qSkdOnvs(S@INWrN+`Y_R4AtEGJFIKu~ zXZXswX@*91VT@|ROrJm$jQZ`N$iyPn!v^#iE9fl8tjVab?Wr!Nb+o_C9pR8sq$P=h z^MW+UIC7^`)-iO8KYLrUxwY65>DTq_)tSDe#}W!#X%*dX%v z3Wnzhxx4mDr@Cu^Pf2+o0Zb!qUk@6WQ=Wi08i-mY>Lu{q4SpN5n7tvJrP>P`3z>gj z1Bo^V(j(F-N+Rg|jsDN>QbrRKg9%tJ17HsfW>IYu!^?4=90kMJ!5}jdbJMr@j0pcD zGBvBK<&RTScAeF*Mvzi8kHA2-VqK1wigSmrr^S32GFM4^F2zj+gMy0SBS@z|WR2vr z|Jv{CYkhfR6FRVbP=km7cm4BP1U7;bYj;fU=2(^wcbm(vWZ{zR{I66)8_`zTUg{uD z8W15w>>#GfEJr52CjOu(=nHbZyY;0NI8!qE$K2nqRIKkn5#s(558RWwlul`*WK(n! zM2M_(hZU6hm?Io~{N_OOMp+8)$XY-onM`>wk=5uHVrMgNt2D3ciWo zcE^eSbwvRIBGe0DPR?hYhGp-MGmQ+S@7gpYA+U=5wYAF1t_DP30jde)6z8SBBnXud z=6-xw{`7nBYd#b-qvgUwK>A;AngIg8!L7MoMSG)ojQc}U@Rodfo!cTgLb{aP0e{oM z<72b$MqHvdB@86u5AJczt?fU6SK(Mlsw|7@qJ&XJzzRKH5v&T~DB*CU_~`Awh;?A^V_|0YWE@HATTAZ^ zfKj{u;12`}z5lfIp11BA$aY&3d(WeKNdvj*p|Dph@NfKM5gj19k2QS@e}^_Ztn|kx ze@c~Bnv`8d@hF6hWoF~B`I~lqpK8WhRfAghV4 zJ?(3xv9p)p4_6TEh}j}b6J@Aq?z*fEA?}q0z60-B_i!kLLg+=M9{6WM05ipVX7HH zdJQG6b6H=39Ny@`8u6Z+4iY!<(O@{Rbgun0&KaAOdY zPLh{Lq$u7nDuxN1;Xac(oT`yushiWKLH!IR3eCn*vm(ww&Q=r5Zl|VYDkLx|lEj~J zx)%j3XE}2*engB|tCP}(Ax{cwmFR#Umg3eh@PvLZpIatDu2N(LAD__DeHfr=??Y&4*+GE=zofbj%haN^6S} z4clZO?=jH9`a_umFem)RXKU-3W+cF<0yH-#4})5cix3S#3LF=`yoOY!lS@5FhjJ+t z(4}y2UE;}|xb_lQya}ngslX6DcGcA}QC#!)^2)ZwkX%wegeZYZ6`zA;P{QjArMgc1V$QcV@J{3G{4c@T>9DB|N zX7P^*P%_EOMWX-FL&E+24E}O~y|W1ZjwkmV4}FzJ$?zd<)q#U=7**?ElC)(Tkn(m+ zD!l0%O(jspFP&*LZ+tL91$b7qAYjfA!L*@g;Pv2g4zia7vi$HFY{M~&HwSQ!*!Q*&n+<0IRP*Nn=l=fdauq zGnPy`-Zh;A!iJ$S<`~1f^4x~7l_GSsX|`#r`_DG;c~Ie1&`GqlC(z*F7j04L{Uh2P zBcN&OR9ZJYX-g}v{<09ZY%k#0PqC)}M&!TizZ{K0Lvp2(q~eSG3meWvUB56vFj4VD zqRih~qZiH!G$-jCii{bJ9@{e;O#)vQ_2wNU>iQ`>S3#ta-0Qdae(W=Z@+XAhV^3rV z4yxos9y8y&bMuS;<^kL1rta?E>DoEyl-;~BL8A(O)DeZ`5VE~+Y3`e^-q#8Ig`1fovsXgFt`y;x)2fl#Hf`5hJA{GR4 z2VDMvKs3QsAqa%>1<^76_dsY%R7WD_3V7_D?qJ+9xcUGIo%;HhN+=`)9!T5g`(LBy z|B3dmaQ_lTS_73D;CwCQPZKE|oRs-e_UHH7GP$0G<%G^3$1jLJi>)=@;8Sy(yF2sG z+iO3EHrPj527ldrX!b<_)Ijvh7>=%Z_E^d)B>v8^v$sM4g>}PQYi|f->UX#);)ByM zd+&>&?s18%9$yjD0jKPLAQ*NPhLxc63I)eGUZmDD7oc zC8i-@8aaHchZYrZ#eZtb%bSLt`u_d3H*NL zJMF)7t$g8`##1qJv}MubE`m(U&_1&4J^!xP+D+?`3?>;nc>}?3#E*J0*p(9+SGVM$@QN#=!Q(s&9>7nY>8$ zg#pKF?Y{=;NNY;dEVJ6anR$9JyQpm69LGD+zC)gCv7A)_K1+BoD(5K`rmntv$DwHj z&}|UkklIg$z5PI_4oFo@SS9S`9&qTzcV|iIHto*&k#AB*R1GYI3b>M`D<51}4onrL zSG^}KO=K;W)Rg{l`CknK7FY&@V1XfnK_Wgyxt3oLtq7af57hd}oEQz8gDoX2lcRwa zwYK=2q-|MPNJiFUdQIuqmkYT(9yEJk0y#$x=kgg?cw8w7dwV7r<8mdhOiEa5gDnPalS@bqjKRW`kh4R@yLn0yAJD(ziuwJ2=z8n0sJiYA*hWNJ zLQ;^BE&&k%r9>K}Q@Uq}p-ZG&q`N_+b7X))x^w7ZK)Q$S`VRU$@B99~@B04X;^Nwz zv)5YpeeZSF+UM+K?U*z^k?E1h_!fv*JC{8zT>_}_bgS>O)Nt@9UMtY4cX+pc!p(>* zhOdu3G$jGIZm79jX8fmZ|G0E&fOaddd>`wQ>_@&1C(GQa-@Db)g_^?NtL#}H62*>d z;qeNvxS6p@Ds~9kGdhY2)FM^3B-)&O_IPWxKe_GCTxs&dT3l66M;leg21;n{V-B3=2xl#J z`}k62*%qSdm0OZPov$S2{q7;QaIY%8kB&GZXT7|fPDj%%J*!G`!b7VG1f~phvvfcn-n;g+-_PsR@6!{Az@db=k>w(IcMg)}@r#F?Pho$P89v4>3ew|9IB zbIho|A(sS^9z1du#A;h#--yNG)baD7fIHU(tVtf(|Ho#zwvN>k91{4UhjMUb#rNxl zz;Ba$*F&lxzQl-KQT(wkhBeM)xrw~G&T9TR{+QoZ_4tXBl>#z_ZF;Qf**V;(`L!~Y z?yt=~l%?-#>&@pC@_4s5)1$gH9+`TCCpek?eVqAaB= z=yr5sV{rhjnwM?DmbcWW?~Qqo}{zzsxh6$Cuo;89L z6OMXe8pNz+(h+0$30D0r%~eX-#1#D9>A}YM__ukzGs;9zeg5C2<6Zr(Q2m4R{$PLS zT#eK)v$%v#t`$V{1Ky|SolDB=mrM@H=;ySP$U%v^P4g;ub`lj4daXGA=5xdC zOd7dk;^M$obcD*xmn7jbqr9YofoV-h1zn`Le7OZBHW zU=dG1`Pl;3Bmoiot(!Y=o;;8qwu9s_eOK(hH^vhx?)ZGFT3t@Skxhc!Fn?IfKJ?@v z0;PugZP#;Nj`T;<6{1rLu{Cn}l2W*;e=5q2#ZyRRAx#ZH0BHgMLNlr?swgu`qPAZU zaCG?{1a>CC2OT`H4u?p4^;(P>@er^VC21JZymU2wLhqG^?Q z$trMP%R0x{YnjG*NOQeX)cjhJR1?NM+sSo~{Y-g9aQ?uiHd?WN+|p|ts0BWHO#Z~P zoEx^d>Y-z@GHHV-jt5RmZ`o@Vs4a7U&7gz8{?976?UOF~Mp3wW7EV&VY#B!ePj)wl zWyie`bPTUi4`>#6vRjc`a+%4r?CouGzNVf~ZSe z64ZHC=VmE)ZuG>@-rM}{D8-rz$}eVJ6hnA^s#Vt=Z{@ZOvDxm*f(7NXI;K)5&HD*q zNp)MBC`B#PA*@&P&a+in7KShBSsD{v(i(oCYWR(nhXHf*pWH*gh5 ziPSG*F>;P+ctiF6KZ3X5{)!7N&XsmY4M(LZlg$Y`_Na;(EW?ztItpRo8B-L$M%s*F%0MtX{KvY2Pm!pcLC6A0(;*l_R5``tLNERQs>x} zkSzZUfS;Qb?`APa>$UU5fHYF33`w3#Z>I%J_ygLEnh(nVu86+hHtvo#46hz@*wE|iRsFTPmhB|9@ce8AypQ^qbHj@x7j#oKvDn>e3y^p;b?j(S5}2aji-g-Uva-*}4A-@Z zA7zc74T~FvLf0kkD{;gs|0Hixt&3v!!#FESlW0oy?%{DTCE($(U?k%WPTyY2vRK|) zq3}xIPZd~k{uT!vC2&fz;+>HjAd-XTIT{t!wm||z=sO8y28cG47F)KxEZi$;S*g`9 zI+jw<<@2H70{tYkG5!ux2H4=1%H>|%@SYm646i)gWY4Q>rhoiscOHlIn6I7!f!*Gf z;^(&pch)UQxh_+EA+kA>s9C)5)$4=RN9u4)1Rug?A*m}xszBZxb6y^S(sR?*%@fxu zS)O}|QbR`)QHSDgD2$`zpw%*SrZC+znz*lF8a;ZQ8yv0Mv117!bL`n5EEfb$VRZa3 zYX#rrZ(GQiAL?6el4HC$#LIjF{2MGzhMXfuq;mG;k>i7G6_Un4!`E2Smy~& zXhm`eW;oHsUx8#YELs2)6XBT-b9$->zjidqoU=%!j6PJlBPmdxpwwJs3}e%gk&Rf9 zvn`o?2I4|BgLkG~vfqp*%D%7~vP-{uha<;gqrBYCHXWH<7`SNZKe{zbB54Qn7$E^LPIB#z#JR>T*}415eXs4wp;evPV04CiuerW`AHca2nh1duMQe)&-(c?E^M!@W}AER zG8|QmrZOtNUk;96kr6v|z_}4Nb6SeeP2)w%631qFwQ2P7uxTnTnbs2CpT)l0djBdz z0YR0fW`CMM_sK4rTl1&)6T$_`t>DP1E(aWh?)2nvt}PD=bcv_QsLRBUVt6m(01IsU zsh=hu>z%Um$p#E2%1d5f8YF|`ljJ4;EW#aN)Zvp_BT_q9XKnGJ-E`{n4qo%4klnbi zQFVZB-nbKv0KM&bm?OV}pt`-#EMa@@OVj{a7dK}^*%MOibcrlyv*q9jY zoJid)6Vd`9ajtHMZ~Fxh#k35xuTW>{vL#IR;wT9sXSxbKYVV>@>d0bTm9Ga zC}$!T2usLMjH3`5+_t{5ss#Mknh|6Q5{t*tTlO1$Wgb1&?EM0-n6|1elYIBm5mw8V zv{z$`JA>xZywuu(uT5@`DTE-f0eed<)+Q0;?fGG>4rE=I#%4W}x^hq?y*1Vxj{=Rb zd1G~C&nm9Cb#XvmvLo;|Ut;uEPT<`zX!;iTaI2b^yf`wD-j;`Q}aJBfWp86sVVb%^8mh53~?<+&pqNEx+aM*rBqRj#(BN*?@q$3B|ytw@C z=iWOH=DQa8LzfRF+cXrL40+h#iZ)lSuQ zV)ZG%L)&*R5Sb+e-FG)KB^r&QL#B^ytaF$pRBq6^Glsjy-&3i=@IxuLK}hMrrq&SI z-)Y|lPZ=CC%R)rl$ApwzioWIr(4Afy9XU@N=6q_^o2Y*6TBH}T_TV2Ny)Av&c-dEe z>v*l@WXm+yQRqX1E1sVApD_VrJK;Y+^KX@vSJ8;Wc)#}GCL$^}RJzPJQaRB!spuI! zS%9D|cmP4!wNmZI7_W~Mx1q_6B+86uq^jFp5O?kTI%xcVXyY`Yn8cw53C3ZTV~M<> z)2EcjVp0ic7{iL?95omr>l@kC7wiPV#Uzaejt8C{b z3!wf$O5qpex)i*Ti~=_fUGQP!^1{~g+yturI{K%gXCgX|_#Z2T*g&QIn-{MjXIrXd zR6q2w9|MIvUWra9(Ck8NP??p%M(kn7#r;OY3hcex)61k954@JP9V0vH*Dg^&{z$F_tO=;5>j zULGl$_NsM;9ge|oInSo02LzHS+>qxVsAMs4qvW1Y=OqJNQ;0*xv#gv4MtrdtfBD95 z?ZL=k(o5g9WiR}3n^>fIjPxsYnNe$s0Ykv1yyUOHorv5V`G#yL6}?UtJeI!&1Wu25 ztG2cKxV-TJ{x<;xglM`nFLYyIjs~12$RJ6!uXv=<-M55ivmFV9p9BJ`uonG?so zDKPQjk^9MkrE~pCG{SBo;%2-Jw^`Z+7l5zCCV-Y903aD@cxj;|YH+lm+HZCp6%E|5 z0Cgji=nm(j#x4|@wenK`4?O(sK#jP8V^4QeKc?>Y^}{VXgzLJvQKyG3`@OnprFG~xq>-}jBH~)TR^iO7t>)%@wCLe?-y_D79z5Vg z{gX>LodAzxX)5jr-Pk?ow!X{D8{xajc1Jp=ov0PzcsX+hFe_N4iuA+2%tpK{vFj>U zw>!9IFijw1`v(g}%HG$91K`HX{qfmYICV;Qggl$3-0|{-y;IFZ_?{enrE97q$4J%c zMUExjJ%lySC)=H4`ng7L`eb?gtLhF2dWD!(&g>QL-pJ8r~# z)~ZqdGQD9R__~Gpf{VgH3YIWkYoBA(TPW3xucIxl)g9#~E5)d)ink(PQ@TTN2!fUa z3DqkW{4^}}2*k>D4Zl2#e=CosKNv)~bDYe&nx!R<_HULDOh(z{zQLs%E?LfZo*eKn zTXB70;*O;=Y4~}BRs0yz)AIpBSR4!<;UGXksM7|Hz|6?VtA?#d`b_5&dlJW@*q8Yf z1)s?GKH*d5_}c{W>YLEHQYtL^MyOfceIxR1rEZvf96eNRi`hT{wC-*c}Kp}0`o z9I!^wGoEb^=1RS~&8R5uX+P(SjJ`&v-@ltl)7ih01%sMj2?-R)=+i*cr?J>yTrVF6 zb||d2*GX&PvJlu%j1kzE^|{^h?C&)GY-K&!lx=@&-fiCm|2}n5EKe8sO<6kmhnGCH z99Gp_S=|Ibd-(XuEse(lpVT+G`^0401tC{3v@fiPFB`{ywTlbh60F2SA?_j`{&eb#I8x z_{3XGC>YFe>@Pa7t5WvNbwf0uQp4Otq>?LVM;sc*{RXF;CK12-^|P@KRiaw*!P@4Y zx(d;up5U=o{&kXI5Db??d{-($o$|Xwf5|deKtjy-i*se#rWxAO1wK)`r+8jzvsF(} z&&!ZuZPGrx`X1(-=6kp}d!$Bzd}D*;w?okPBMiKp${(b@VxG~7qQ}ww&O^Ked|~VD z}9}@efgocXqAM?Mn+|sT{>3M>B(vZR_uOPoZtlqMJ$F!|#cB0T!cZLL1`Zf1Uma5pXs3w?>z#>Nq9ePt zeRg^0*DjHs-c)|FxtvF~R}>&#I}}H=$pQXCZG26Vz=169JI$GtiupLbJ zCk2h)4GG=*HKvs(AzeGK%~@+qkzXJjwQp=vQ=Tl z+ifHpsWlqcsY-hqDXCv4zk9O6s$()4UIgxbfu3D3OB^?@&d?9Z-FToe5UGInJYg)$ zxHx_<(s(VUz6LY*4Es31TJG1nCjniI>#BY{()zBN5?Az%D8zYDl-uiZ{X=bHm!oI+ zOfWgLnSrg?=#<1vR>=x4+A=YmrcDE4#U!?XS1X?8Xu?ru(mbQLv;^GkzZAeh@^ew8 zz0p5528nqLWyc>Y*Ced5-x-N#-Oizb#s31oPsKgtm$}iTWV_>q^Z!M%ZCY6T^!lMjgl|JV9;^A(xf>H^}u4 z=L_fQzF6H{;sUz4R=K?Sn(ed6ND`FHqi%-rPb^!$h(H(3p~GI1Hi-dMw;+AXPtNYQ zb!Sv+rQe|oci6u)YFg8len|iQ)+_U8Rrv&{axcDM135C;vp04A)s`BN_>8PrW8cUM zLw@~^1-U2{!)QvZp+0;ocOp2Ue-CXOy^rcH2k>sm5d53IgtYvDQ6+gack&-<3uIy% zYJVFIHS&P1F44g-7Y-J4*!#GkjoywcZKVbcm+O3hnfcZ9I{AW{ME=txD0k_Gbsa*` z$k*wqww%|kJRv1m@E7u~*|*ZFBM0vZj$5v0ol7ls-~UP7L7_}CUTxt{?)xo50xJC1 z*u__V&J%HIR>}1&SiAGXw>A^+DJQeLoeGHapZ-V2M@o}#W6>*eDcTWC`s#iR5Gr1% zdTE4;piUXVL%CkEy{sD*B@|Y-dD>s~rDA+{x(p@?;lDf+R~mwy$`X%G5pB7zsn4}> zs;VmBp(MBPv)n}qHDn&YU=Q0}J6dB%|3|qUy0;ps1Bqh>#KDMgesZnKnb*wY{hEHO zIJV)G-Jch;4R6icNQ_r;gp5}eW%b592FjUn@y8J+C4IM!U5jx?sKo|dzpU~FJWRLNVMjz_V_4!CI;(tO|93^&Z{NE1CyBW}oHv$qO9s_H4F`42~grz^W=x2;{2$qPx3~}er zRv`kDb}55gtu0xC!d|+?n&km?u6`2GuFDX9wlu=ZjiD?gg|c`sI>;_)EVs?>Q}wrL z=K~puo8-YF{r^zyWu_)4-=rn`tXi4-_oG%FN%3PI0h#&I&&_-*q3Enf$y$yL@sqL7d_m*eWdS!<0r-Gn+SraV z_Ie-LkiN>?M_;T>6c$NvcjE1kE}uBGsoF4m zM*a6R&f94`)Ta+=3*;s>iL6AEPH^}tmJUa7UOP6rv=H?HI2rk2FsRoWhbc?kx%HK} zlZ|%p;hW~#@hF}Rl6MCJ7J!ufcfIg9nv|28|6t3{R`c;~gv^9vhF5yq6d!>-_NT(` z;f~?S!Zu!8*or?ZYTgaj5h3}gE)Dzko|xLS;(4IyZAlLP)+xTGojj~+j9xADr@YUg zqmW}ZwcF>J)b@JN|4h05BtU%zD;UH9WD-FHD5V9wu;~6L zDKy^c$9c3ZHM(S3|C>7MO&^H}IreL)ifiBxY1(t)I&q9XRmZchX1G(f(vZb-uoxaod3U7l~?9;X4egSFBpL%cP2 zXO81;%|vj(GS1 zVo}{hJvE*~Hn!o18>E~R-aIrVlLZrnG9GJ&9=jAJyQU^1v)LbcZc@aLyt1C@{u0Np zDur``p4>##n>M9pQvg`YF91X!&f+u;nm zDUD2sQCeR<>{QaFSKaiz+der0vTUA5Z-N7V(LGvKpt;awUA#)X% z>Z})@`*gBPY7Fe1CYIy;k|(KSd-1&YJ&oKpJ=OXjbRc z;Dh&Zv%6=V3{kRe=}T5iElmy_V#1vR^&=Mr{(&`y_JR}*OI1*My4M=a|NOA0&Bm?3 zVfeLBm9kUKna{Rv?eYfs>vHFyc*YanYT@hH&OuNN21v5xl*M$C|JbvqXYG<=5=#(= zsh%=0g$-vwc{(pOxye@?5^I4Cd~;xt91bwJW&Q9HD&loA2khaPWtN%bVmZAe+1Lx} zd%*MxO*K*74fKKB1P0~8J_?kNgiOy+={ZCwd0qD|!ElxOBgW?}Q1aaCdmd$E2(nd% z;x2xV+o;Vz%6t>KUPk1*}0=k18B~7Z!Q&-~+j+D>9QJ4^K$WSH{EH&=4ysQu$O+q84KTn|gP?*T#FSLZD(RNYFg4`?`v z+m|DQT>s%JLr<{X#ER|G(JWuUIC|!~#dGB;8VU?nyv#WF{ogBFt>Ogw{Jr#p#iRE5 zqz#&B23rwN8IDrg8ekLQ-@O0^n4?*?E+VVK^8skvgbapaCZ3Z!uwDNtOc=|1j_vPN z4`2nH8kUXI!U7@}!vcm$u$&9F20wb0!XxU2HyZ(Hg#d#G?>-{GJef?XfZSm-R zw*TFPl0$gEK6nA=(#!HjnwAsglD4nTvfu%#Y)=Qjw(~ z-K#z2`(O?b0vHPXS(1bCKSp5zb-bqyDSs~7K0N~*ALo1CTUoPWC*9ll{LVY2bchw|M+PV7k^MLj&MOGq2&&0zomqwo5S;T zb&Lgo3lOUBJ|F;O2PAO38;Tf|K{BSVEQeeJv~d!ShyWkngAk4YApQ(G!_qfb_)oa# zBWpdq+_pCCf5Xr1U4*4L3@~~1=E}@~0hpHmBH?>#MxFh^UWBw&Mlt{%)1{-r`~eEz zyau@E#tY!uBXqkd|G?(P8hnUzl*pfvua}PYk=KsX%?&j!dTMz8KQrYNvKM}`IrQfL zHOub}ndhCNUWQgRBYH1#q{9ipkFs`_{VYAIVh6yUbhEiw{y{>aZjH)c-R#du2ju`J zw7k@HB0om;!}C%oaVa0HM*PRiXL{qhghqbAPNsR%9hN}6x8-PXt!D39sh8# zZV)CeB*+h3Jf}I`h1IX>qz+$=dK6|L&x%cy7eC*SVV&*V6wQN7zlG9RSH`x`YCoUG zXIm^iCU*G%faWi2fg699Z{P^7V8Vh@nNOKNhd2H_d(BRPs0y4>=hEmK`pnag5#80q z=a2TMY159vN>gPKiUe=qvnQM~u~_6ud}vQ1EbJ4{SsAUnz{fNGi2AvK zRiPw_*W@FK~%qLl`9JC}r!1X(L(#sY)kxeQ(K#Pi{u50tCz z!{w<=u@ibO+xkaJUcpLBZ9a zZmfMZwZ4lVx_hW6`RmwT#3p}7psdDKrT=fjmF`S;neQ0B60LDp1wyB_KWQ@s6G*N{ z4uARWm~_AA@SeuHL7mEb%7!A)GW>ee2D;2ANHwV2Fr4I+i}n_X9PD%WF9?|rdqTav zFLoRCFDhnNo=+xrZ8|bSN_*LQd#8+YPb&%%b$)p`v?dHc@aFEt3nN{ZU;AXt6YHs1 z+yASe&tI^P|6?h6L9hLwnX&3VENV(el^<)H6kjM+rf+LCVpQFF)_MxG)tk#_cDb$h za}$YZS3nCKPxz(wae$J*jf3r0l+^ve+Q{ZA?<}sN{`K6OC_Rx}39s8r{7B?(`nE$br<5{>YbEW&KmYb95UcT2ctBKNbrzg)W<2D=7K3`#aknBvbN>L+3 z$^f(jvyvaT3%b~Z?TSD6IM(jua2`f}_4*wY+S3E9G2|0XB!hik8mW37IwPSCBI)5h z?<7Q%uLvN=a+-I;!7lVGk=mb?uAiEvepiuoCUPyvMX4XmvJVd6qItT9@Be zyd0)A%XBJSK+mnlQxIPYw?BXB2-bL(Nen+N@$YHW6|nEsti@F54e;PTRNd0+<3ig! ztB!knTt4q&UTG*ZPOY_&7yHgx^7}r0K<9V&+T6tk6aj1i)9#%&tEtVZ-d6=|9Qkgd zt=J`rTE@XVRA-IuOF_qTel+vqmD^eA(TW<#S=}4^F=X~?e6vcg@q1R^V=E&2DQwRV z2zygW9GJZvHCeS*bO|1Z$b@2{RLqydtTWB2GO|q74ptNUW%${cqWq;bHT5IS^sJ(E}n4&v&ef*eKETEekr z_4JSptY%K~E8W!^dDS8$V=GFNO0k0R-fMWO6a>KLq>l3`mkCK<|Mb-scr&?HAx0Q# zFF2@ro&Mm#9RQ*ga`IM!n$m!u=?*X**ozgGY;?$ZDm5zXEetwn{IO9c z4r)|^epO9er^VS?HKZ5nOZj%`GjCLHqlQ+2w@u>5Yre7K92~SLDLb6q1P?^m;pBe2*rR25;dl zX~mAEljh3=>oaiTkB^Ryh3J+jR(k38E1%1$4k4g*XSiF6=&IzZxn~{x>#Hq-UEtoCeoX26J=1erJb%^OFR5nRWmW_J; zF7a^6W>xK@TkbepB*_Dm3rb>xk6&P4Z(=uQ zkY}8iE{D2O@!Py>$Uj$jHyF+x@to1A07Dz);wtv+*eud38=vgd&yk$E9zN=(-AhJ| zPmrI=gQ9@lmUYxk4s02WdP2gh+e%b9pi@cU`m@3Y>*Y%^%c7KBI?Wt-M+Gk`5}&&# zM?jBZ?B41Yjsu-k7 zj2hGQ5WVio*1;OKVa!pBq-=Pj8UdFUG@&X?LdN!(Zr*QEgDBd2T2@t7`&yZY9kv-~ zR5VHn4@DNX+u1&&C6qZ&kaCJM0&~KHy5*BSSSWYyj1%$Nn%-mYd^)Oqg}dBV)y^5( zAJ#0syx|nK+7|Zq9`sxr=0vYuC7*su8TL*#jpl9seUy9J%xS*5&#!(;aLnRMeX@)- z6aP#OvFQBeHUvS!F!&QTEOf>%Dk5bf7vy?gTTdH?6p-G!xuULxrA*LQBpqDtOqfbZz__uQ&-{wG3udRN-T+Df4OEef0up*kPkArJV_-zXey?mYo}pEhVBerx9}4lKtSx z0rC#;7akNB!dR%}4JUQIp-5SIy=Bt*d7fr2AA}?E?S#|8-sR;bMxJcwVEFULPQcDl zN_Bp{t22aINCRBt4lEp3Z`QJJgmr1UZ|m)G&Jz>e@lLmCeEIjSE4i>V0mWYUY=x^^ zD2Z|Lh^~%aRP7!J6+fr@^C~aXzs!b}?yDA~)0#5mCW5rR;)S)R$h7h=w?dF0z` zlGW`|gy;T);R6P^N3!v|W@-2Ci+=m$SDEjJR(vjW-$0JI;MIOgYAU;1rl7(j=?}zq zIjm6bj{(OrZweB`^WRgz5?i&L{1sg0vVy)Ve$u=sVYN(yDoiR66B1qm$2({Ax&dO! z!gM$3Z7JTjpFhK#Ng6y}4ayPj=UKpimdJj%1@TVgx^DJLtv8v43*pb|tjK!mem>Ps z8-1CK59e(ds^#7k+4rU*Vtc>Z&W=5DaA@P2;BG_*`NOrT-|zFSES|R8$ zH5xItY{2}Wim&j&k(He=C68>nh#GBpEoQt;-R>&s>5l6)L=(pZN z*Z+EFBd`od+t!}#!TYuc4^b!yj`yqo>mH{*leBx>5165p+MCR@n-)*=a+!1s1e!kZ zuBIueXRa+VlZv=ivo{nvsqR8TH&nRfSWh4Q!1)X+ zcA{RzF~3v%O_rK_1|@_N`vOusCXq;2xIV$yJzpnLPmL)Km5df!1;SJJ#5~{IJEs)9 zZ&eF^GxdrR|1V$i4h5c#PbK0)>LB4%L7!*0Qe;}=b7Ae2FVfU1_PC8`rQGx;_4Gst zYU6ZZ1C|Yp*Q7eBcQdpdm@YDq1GolbPpY;aUVqN0t8<6p!~WHi1&3EsPY1q2B&K}W zoId*HkYhZs!CGB*HgdR(sLiai1ot{=MijUUkImQpj5}#PBiyx16NA3%G^uM=+c9+P zm|7RGij$sR=t}xY6{A^-!hqdP`gQeW^cV-l55~cSDfK9|M|lRATwgBrJI}&g&&OBD z^P}*GZ9I0)0zuMZMyh!OYW-Nij_3vDpDAW#+P0xT4GBV?BGV={+w>|zH zRxq%}kx=r+n*`Te5G!_nYRLI1O-yMT)Z~0!>@zxNZO=mg3ytWZArL*-9vKA@c`X6Z7s<7d#u)fF`{qB=FN&6Kk(S>Y>B+uIiMn{6G{2WimpO>LSx_Ck?pZ z(ufq$g6}v~OXggYBEjh$ux~wQIY-b=RFD?!kG3_d)hgG)1nuwK=-GXDtv4;eKEq6H z=bP|!;3~nM)cA{(^L>>Os+-n}IR0M^!`NVWiPg#=V{96iJ5k()EXsa16t2>ax5tn5 zDcLSVkg+9?xbn!brcCH5%f&+v--P;Qqjx$_`QBG>#=}*$-t5nr9^-5W#2`s2C|RP& zDC)fK@Sd2BSsnX=t{GUPi*%e{f7U!4#H?pphDGn9?-XD!rGZB5W9*F6X(ra%_o=<@ z_m6tQM?0m~`Gj3O3mvO(?J9}-vEG6VSPd4hX@Sb8zc$yd5!hkFf@uyY)MD0#RfOO3 zn|0fg^I6Mn&?%YgAT9-51wY)Ket-)RGeza@_=2cK#342x&&WU4r%2sizAZXm<%$oP z`uVF5rTaix?Eg^ls9#2^`6FGO@nEs$pdF19uQFUltcUo;;!Bzh2{I9az=j`TJ`0Y5 z#%r$^)?N!)%S=`mOLWSHE)y?aW?G0&)d4S4k&o|4$HkzPo@@EavV&?uomo|$jp@C3 zBJ+*%?i4>VOt#F}g6sysxUkD)PBTF|RYNYNQbvP0kNfOYq_;;R>ZkmA+5 zXP6d_xOX1=c-Lqu@ez<=W_)%cXnTng>HM~5{OXveupaFL60BTSK6wXCr@mu1T;TC; z%IP-;XoNN6FsHZ<2`e3kNn#?4EvHi6M6NBce*BC#+}# zse9d-ihHqpi*+-<)of_s_u5Hz zJsW-HvD@)(?4A5J&tFxl)dB3{&$Je#GimmP?%G=8qbI)4A@Bj&u=8tTPraV?I2>yk zFFCa7N9qIbw*CQqx~B5=ut#O93A>9n4rBvXlP@lbkkH|J&XirkCe_Dyox>@IQ&6cs zLf1`LvgV}%|4^cY3qdCG#y0~lzrcfM_mxbrXD9|fy+fsL6SDJ+)yVi)R3FC!6cn7T z`0t8Nb?WsrB!c=JWR>#yS^lI)XH>6+;o>Fp0W)utw~C??k6;iJlQ6G)@uRtk~b}O(qBEY5)H+x zRj~2dEK{H3KJbb(#&8n*&H=eD86nFge^0tOEO3Op6y%3H?jN!BBco;>0cmaZ(Ffav z+fBM(rDKBYh;d#@zj*C?0MsWv1o z_|lf>Cds}1!;uSCT%<-Vo04xuXf#yT7*zPkOFhO+#c(JhCa}iP8C&7oTU5F^U+6pC z3LYzV31=@UodB~axhdhYYw4tyB<|NdKn7A5xVrQZ^?mG>yg!gQXzpf`n^3&(S16KE-@fi~q@Oq@S+Vg0 zscg&@9CjEZ`o&K^75A(z0Zoh_yg;hS@dWIFY2rdzD6TSL<}x;gie7!$$34h9NHjA=xlX23 z7H*&;yx=5uW}eGS$(|RUD?EY&JSzR!#uoM7R+9o>&KC@?+kW59yea!eHo(K*154$; zyF5_b)A}f|E8&8`^~{^=4P)OO%Xas=1w0q4Bp8_%c&!alj+0C~C&h={k$uY_rzr5J z3j)-QY3tVlg;m6+6XJ6>MwH-2>;uT2r-+*pam1J0(92M2^_1s7NzOZbn`nsyGRS4V zr&tsdz09jC2>wseTNU%s1MoP-E|;aNe9kg(Sdlu=wgHMtPe?7&>XuHvobUC$=c$%J zVGM@TtMpfm0euMzxx^-tIXMyWtA?Xr4zOT5=CE`&PcN^f`UNcX4=B<|aFGwF&u)B;&dWQn7Y;b z^_li4mjHvmDrDB>`u}$rGdaxjPlskXLGuS?RQ*U){Pz3s%m*PH}Sr1?{O z^~enI1(|X%wij>;m#c^j*KaLv{m^y@v#@y3;r#Pwv*g}b=ezI98Kom`34nPp5IFSrhNxi4m2pfkgYy&`V120@W{M;$8U7w zN!j~a-|8Ed=C+7@p}r>N_aH`?v6}b8)q9=s`JXOI*Z^Dju{-$1^-tXo_1J(Vr;lNYz#)tObgX``u9_a% z-?*AV#yh#ze!n6V8V_xk{6b`o3515Z@=-zq#lQWLU4LdQ*v8+c7*lQTFRA^Mjexz_ zrLE;Cw}pXkK+p{^mw?Isf1~qFi)>pTB7|>k;#%UG6ZdE2|3T*4n?~DYWA4BVc{e?n zV^j@J4^ZWA*X0w&>hgXw$rLq&C-0_%6w^BVZ6#o@ho8D{=YI2cooB{8qaf9i>)ppJux~OM2K5cvnK;PG%MEs<3GK9iSV)1kD{75aN%~ z7xp$;<^e#*Qj_-PL_(8I7aY3WF^w5@&~d$*ghzM^l@DDNK8{xSQy7mW)Cc&uqsaU9 zYWdeiGF;z};eH7PK5g7JgXE}yRNvR94MSsDZ=H>pM<4zHx4q^MeM>+I+-N6|0*B&d z8QZM4QA9yGT0&=;ht+u3mrf3=2|8it50c5C`jg!7yLsSov}w> z{>W89${)E3{NWcw0U;C;q23X~5WwiHwYLH`tzFAOf(=}$sED(kza%B3)qAokZ=v;Q z6=+U#E|pdB)Eo}AAz4;P(!Gz0=`-qR4@bfJppwQ{wfWrv=$u#^p{~i63GcmULx~Pc zh2ES(Gtbck3hWnu{5dGz4^)-*rJn%>X^nF$2Z~DI62g@ku zdjXDtwieI9S%QDKKiiDbS4MS!WPn*x_v+*t6gBdM)bKyfXjF)s{~W@$RA%E zbk{UEOY%*#IZ!mCwYF_eE7V($1g+_S6$$GvkN?Ji{t#W2>nz~iVEZB5+KV;XZiZs< zO{UxDR>W24HJoS8Kh#GFuWdJ@T{o&>UMN_?0l zL^}xC_8EP_pj@~h0BjP7t#qm1O5)l&l>qpt{?hYsF748EFKnh1%y)S%GSHuPsj^<> zWRmoV!X0nQNC0H29LbgTqb0dqQ=<2`w>4bEx*xJP2zy~8a$73cI8sa2;;7F(QXyf# zL?i#!98#pZ!gD+C`Fojdnm4gnzI#hwU0f0@ithmp|3Bb4Xt~UBK~vyLMW92lF{9#q z7_!S)s2V?U7U78vB^a6rk&O}|EXNn?Y|B4(b+JN_ zT9#9O)^mqH$5PlD48N@HM`16GbN zdmLdmyb$xz_ntV|tI64N-=+h3zqYdYS!J=+_40Kij@!R`0s4plEK$XMctsr<$UV5# zJ5hx0&e-BJ6iU>zlw}Z~@B?*VzLhpLr?s#al{9nO?_WS5r-}-Z?MA_~3zSL__A-gfB?Dr@w49PDE?L z5>9klS0=!7uIeDzq(_q`FGugMaTi$TGmyC5yKgy-0`{&iLvOq#qd-+ZebMB=a=P4r zTdIGV&}Q?IUfxO}uh#efVd|^HqUyT0L8L@lKw3nQ?vO44X#pjrJ7y3Vx{(km>FyHg z92iPKx`vKnKYwxx8T5!stH0McXh#23DyO+#L zRn)1pDh}m%8Em0@%_1)s;q~BI1hm2kuaY^6Kk!3$t=Ojg`F9|K;oc%@^7Jda#%@0E zMNv|g&zLl{t>~Ocbw<((jQww}0P&KqG1_@(?lDGgi)s_<*4xMLxckI`5Uk?oeb#cHEL0(pwm~3k!yyLT9jFmf z1AjxGo(+9f(yp^4nEc%h6FEv6nCN9^+~Ty9jtbomp9xtJM9O{YWtE=lvRFlOm+#G8 z(*aWLP0&fjlRdoX=kLj8s_LOl3iu?X^8oS3wp4kHK0P-UPvNB)k<1XoL*nZg7@m*e zQ*vAWiZ-q`Xv7;w5>=Cn<`=uyyTBHdFu4QPajk zMS(b5Ua|!Elz0{E+$muS<^o>8+gpZD2!b{L8vldtjM=K}^&cpDliT&2j>n0j|Kg&^ zA(jW=qQvfdzO*G?q{VL?RO=hp@BF}&pyyHAnghsxa3OJUaS!W$Z0R!OXWY88c!~F( z+sCxf6Hh#OJWLh7aFL&wu3P2sM@Ry!hK4+gNl<<<;iF3RJ6nV3x}UZ$aNnp3@i{yO zS;~HWovex@5^8-_t^S9opKsWVOLla~xN)gW*XZ=SacKpz#-Ky$DPQs3o!0vGRLM@; za>1sSg{02SuZ9{=h&Bx6AgaO8V@73x(Za6i5bOn$aj4Ji$NSUkr>7-O#(Ou_5Ud=o zPS|+Jww4UhaQ4BM*Jl|dwKz%D3UG@*&LNltn^k2QHh0YEX_aH}+k-_%ZNG;s@ZSOj z^?n&PkjB4-RcL>=Fnns9*(hNUqW3#7AA;S7*wLRRZ-F3Y_Jqcy^D?=(wB-~IV3HC^ z>9C7!L*;KAp;PXVxf3W)w5^pETb?EG zF>-mMMO0&q+l=C@pE0U}in@>SNUu)4ED2C4O_(Vx#4whm=|J3kw+}W;CcVWV52n)JGoqGOdPj>XuC4$L+BUeV4(#ng^1NBZ^GKkt6o$vAaex` z)YmXQS0y>15K@xzfvMfO$d)3*_lc{w;!!(Hhe08uo}+Ce3~aw+^eda6?1EeD!1k>N zVAw3Rx%>o^1&rUigx7uQs|ZE^djs2PIoPQ-n7X4Xo{4)Kth+Ew+T>*DZme$}!D3z2 z5L27T9S)I$jk_d|L8+aVkV#H*Fz3}Ix`50C^|ssNBgpR|OZ5%Ju2=qdY;_09$%jN= z^vDYhP0KkUBw-}KDHk?jvF-*w<~MG^%FtExAG;QAyvcj3<);l%mp@OnTX+7hV+6z} zGx$y;?l1u&EQ~RgD`<)BB?F7~HWqW&TRrT5%7gj}p5SCfRWy(}q*d!z`V>tV>E3(* zZTft9PvfTIF}G-SbCk2C*`iu4c^JRnr0?bnSAmgsW!$dtWozZ?>2Y?x1Ujul4jO#C z-j7pFM3Wa!v`dsOQgob8rD5!(3(%5cdYE5E%#tMKK$TN-uT#f;buyl^@3pio zr&&6VEb&kX{5M>Z-5(1R8B*l0_N-Ay zDyF=F_OZTxvJRwV!vwY!PF>(swVzs_A^RQrCOFc-LSZV{mV^oW$H5Q}R^GET@8{Dk zN-J&K&ftCv%hm=XL7K)%R^%7^z-&KFX1~*jSCqSNusJ#fb!+Bdai?TQQLZ*dJ^H@t zD9WD#sf*@5RuZQc?}OxQxP5qzqQ#i0<&f}Nr7ZfSwv$0CuoaLqt&i7kikEO0&)eQ2 zYyZud0Fc>}&sE{nCNRJ2m1vJvW2!=G;U)hS`cS)pEmZXSW(l2*s{{Sw>4eUQ+X2GV z8It0NXHRMt2U<+|x5+6TdL)e5Z_p=~s>dm#&4o66(LVar)rFtGI^W}AABxw)ny=n{ zxrcKU-BU1BXz2e4Lpe$q*9ZNa3$HZkZ5z!5zJZ+kSBgSvFVrhsrEr24z%Jhd?WgM5 zKjEQgK+gLTr#xPRo)%J-%O@G)+ka$}?+}Et3{JnW^EQo|YwRh^w@ic~=ik$+E& zKM|ylx_u!=XA$gBX&zZ7x?5*y7O^dqm3s^^x{34uQ?3FViN;Pk!NDa65ie?~G>$ke zwaiaw)8I+T66$c+wO;1Ux0wVbf`(Y~{Qaaf-Gk*E@8WC2xsWo$lYg}vf_(~73^>Bm zCD&cHQ+$H;b)WCL(Psx#AS^Pl+m6a6h;n0jnZCnqFqFz1`1YrZg2%7oauM3kKlIqG zAw;8JJ!3Toqv~0K+MIL?G7^8m@~&(4VGl+sZyEDEoymFf&fPyN!9d!iBH9zgL1)B_ zJks9cGda^GU;GM&Q}rtt1FRC>5-W`85Pg|Z|B>akDte?%&ICqGyD}io%-d) zprR2jAsT^`kcX302a6OIlFa8}t`tY<5;dM;iW2nZ$;8Ic-C!`lsRkJH{dg16*B_l| zQZzF;>iK)mo=Tnmv~?0xfhjd*PYc}#-ST8xyJ^kWzBsjInlap5{Ea7Cg?pRBprg}( zOf5SWKRzg;SYgw7?LBYzXRn*J@eIdV#lv}(ocVB7rM@on9ZV_E%Z-D$9>oOmOAB~A zw!zEan{~)mnCn z#+TNXy?vK9mZ5&C0R8PfgP3};4Yu=9PoPZ8Lz&KIOL--=OAHchog{J`e;ak}0kfwD zW*_Unu~({e_o{QS0!Xc%*Lwwf2eT^SDPTcAqWposja3okxQ4mi>(}%$rsGhLVV=k8 z+Q3ihm!5C4HQQTX9D*rLH5nX4%dvdhH#JMlli+ zvb(p3qpz`ZBM_0 zJBkA7U-yrCR=4Rvw1aqfzz;!Zj%5}-jh$hiX2jKKXZwFgA9-*)fw2H6fgk$|<z(Wnn|Kn04+82fzlbZxd9zytI~kI{t+OsM`T}VE-9YNJpXAXD=A=_IOt-sP)o- zk8zIu7K#?lT-efjcp*YPcza!yvsM62$Q3l_MhE1b0rMYqC(|W}6Bl(fK zJz9Zu!YJsKNX7M8hh%f8kNi0bM^lhYnC`&@FxjC9V3j{`n*s)98>^R42~V!%m;3b@ z(5Mx6@$B?H+YL%L&B>`^^L+&@Acg2FIFM=re;yquRrZy_+-V}37y0AD3}j~S#33sA z(WImH4PK&yLBrpryk=VuaE%2r_nk-^_Ar`cb_>XvqP8V{$aAqO#)todkP-|zJyiB( z<}0|KXX0s_fR8SRCU6s~$kkS$6QyiabaOTH1#;1-gX&Ph>3F#DpIHLF`sY`#C;UDi zeS*;UkQW09|K}^%`v9?)%Qfp%0PNDE1`8$}U|834HL4u=HOe`xlU>Bm?~CDu-?b@p}Fbm`xos8&|9CRmF5P*1FO@Ct*&sGtCKAiSp2nBe#p-HUvoF| z_#e6cpA79dn%Rd_JBhL-(q{ldT{OO<2CVMk`@yQJivA6Zp`Ob}p&0jYd;|KkK**<= zUxaKN5~ebkYE(u)!0&z$E}@5o-6$tbpeJGb_4L7fSL_@e?F*vp7iZpu zuhjeJoZmd|1Z+PqE`gaG4>f%ko$rDmKgYmh(T8W;{ZiE_R=eYzrz$m1ppFvl9dh}} z-@lhF$_HFcPQQBWZSM2jGQc=lzQH93hvGCDqG zNWHCew@vtga+gra?9h{8E{$><@yae3aYt9weXBv&jo_9-4QwO6*c1!<=3b+V(&f7a zo&N=%dI8h3fc`n`4Xovx-`9QctM1koKh$Vc-^E$bLXFx3DB^^L%;UT@47jPZAW=AI zbB)mL;M??%i3tycU`zo*4s2u(Wm^D6HEm58<)NTh_Z{q>wcN;|2Oedg{XJwZ)n~yYl9e(wDJybJcP5&mfB$MuD!Ri z)!}~ukfdiCI|S7jP`yuN9wfm)F6XTZlJ}4`$X&fzSKyCGm~V^&mm3opd~&h{TwBym z+*4*t*x?jIKCAz1;OAFbuo`a>o+Wjg)JVdr#p{7)(}j^UZ-%FZE$q+#EHe-;-!(yV z?ApsaTsH6YQHL=eejF32u6;`R{8w+%zOMIbmnf~_oloLa*lCyjL$-hLQNfS`BQ*t~ z+qJp7jHN#eN(pIhviZ>zHFLoZL?o)rpA=O*&<+4;2 z807n7IST>RsK;7{bG;G1Vko?B@<8#23}4@+d;$nfjPdTaL#z^e@Ibu9kKm=+N5rye z`|ZReH1_(#EBdXw_o&O5*=h)sXr*ANUB)fEM{RdY%x ztiZUw6bwynZ|`uPsd9<6`^}{NG%w6^@dghq8q7|vX2_>$<`itotx_}SUY3RSII7ow zdGCpg(|YH@B_`=nU@(Y(+hcU*JQ^ZcmeXE-@d6nwVH^Xf@5Odc=LAA=AA8WmFZQq4 z3%j;1b&Sla6!fK7@xpJ5h3!CA2Jc}G&+5%D9sJ@SLfyi4zqapn&KW$!8j7SIB0p2F z`iAj1b;=q2?YNwPwlW3Vlum1zfAfyOtulkrC~MA`-zO1W+{8et&vM46v>H>d^-#$c{D7 z+?&G!Xx5 zQ~Xr0O!&#kl1zc76rW0-p=8gwWF+-`)`*vgy8X0yc&2TLd|nGy_9qy$HrFRU@5ofa z3Y0Ycj|$&b4}8CQYSR(r*H8|NoR zZt)IZ$uX=zhIzVCR@Y*$OwZAviBn&Nry$m*(6x`0_-qU&sKlwY=lv`dUbuxPM{iO3 zCg-7Z=4*4a8XW`9<7NGok5TW%Ka?v$nV5=(IC@?`=WrsaUKSvU`qLH`(G)&L^>wqO z7h8R2ZbbqR6xN^3h_MfZiT9Ar`EFMu*TiQ?)CwZU*t;#@`t9)2*)EIGFAQYI>5B>@ z)dB({AWP2l#fQiq*gNQY#RCFUI-XY``^<$!pp~9=}&=kA6F>!KPlQ2G;8cu=rTxkt<;b3ZLWQiI{Hcj{X7$foL6sr8oJ-x_uGyAnn_@lLDf{% zntKHc^ER?GL%qsjN$#Nm60PLfr*?0I^_GgBn&^37_y0!N+_|BqrJN@oLN)rKep1RB zX|7TzHG`JajfZ)(LmRDjtVkh1R?M!3sw-dPntfiH_(}Ig?DZSy?Snwd1HCWb4W0cl ze+hDm)hQG=J`K{}Pi!*ouN`Km!u@{Ahd2i-Lj{Xk9!)e{TZ#PRT}J;yE})6ZZU)09 zn=eV2bfuy!+5MGDP~TdIWL1`%dn<+pVm{XXbc;VeU2nMyks|WLi7TzG^COM8?6L`% zI+bPF6K(3BZK1UZ^qUrI4mQzkhZCQ)Z7Ou)RF^>k;#~zdL=})kwWuH z!S8a_HKEp@_ptBHCgV#tM+QJV26{RP&$&gIKaTwo4n93EL%IV30@_FT(-kdWNS|Xi zP>U_a)w}bK;L3_6gC;;W3Y(;*N9H(LDBj5zXZtaVF~&!pa4 zUsJZ6)z8sSy@xw00CRW#9b%{j`);cGR3lX*2O0`7X?yhcUq@hj|ImHjDa!{b4w$>C zr4gfqeVI=)y+aL0Hy9X8E1%=|lPv6`Rt5IhK~sMp!xb+`Q^*CIRV?;*^@|3 zz*F^zavJlzaEE4#Fd$1vgOFH$h_Ql`AVNqPa_%suxFOO`ooJ!jF$FAUL5k&DW@34T zDOeE3Qb*_a)zGAsb>5RO7KKmi+Qgyh!n3&v}QUpX#-mpg-FQo@yq`2Ddg#TuZq}^L0SSV zI-nY5DARg~K1P>_(XHC}&q+6i!&e!x6VcN{3`h`Bfb;d4#RkH>Qvf)s0bf4}zxLTb zcbYu~(Z^0u18!2T;@|ioI}S*%Q3V=Z^NvyQP?gMF+uSGSWfI}HalRCAAExvKi@Dws zQs~Pv&ljrA)4Jj5M+4zouN!Q3tr`!IiGae1zRxuw7;$H=J=~b9Szv5J(*tJP2+Qr;imjGD>AyRL@e+e*d>?zLLmJ%LLfP& zh3@C##@Nh$hM-H$D}MSd|E03}GxK!(5Frjk5u#UbfqQ-^MQ~t1H&hh|g&&!u?kVyC zMoWRVwDf^@tD|cds)>-tuQ8u>D?~JU5N=m$W2UbQ?;0vO5dYnJ{Ii%_;gZV2MM3S3 zU(LAJlfj{1@4Oh-c9=>(r1LKQGA{bTwAk)j%GxswVz<`u>hQ62)k!EzZr+60jD+|8 zG!{HIdKT%MH!V6b@|}hg#0n|NhQ!8w(+}bta$2?Q`(|?Zq|h)3nA2Tfi|)CTsPFY~ z!K?~i>)7d!G|~yb=M34*_uU96S&g*UZfyM1tvemmXpF~;indg141ltPwi|h8yh%fA zq-YH`$3Bc5hR+!HS55vi$5X7bvKosln-Q&n^N2b&u9+dn<(6>BZ0Un*ZA*s#+h#13 z8r|C*_?j#XPP|&8=$6=6pf;EBIUg`s+m#zb~8vmm_&18HyXiBeJ zze#KMSTWE)FNnJ(9(IuqUd8wk1V>f|-7bDiReP-aqOmr)f}&1p&eM&0YiX6dHTWYl z)E<8;%s_7W7ey}hEe}6`iFHi~&Xw3D6_@_A77>WY)7E1F_htfn|)Qr0I!lr(gfg1=v8RyCo;oY!(}N zZLbH^^7nu*gl_U%nku6<+`jTpAB~TMJ?;p&$TIae`j5ep4az0rq&f+4PL;P$*M=%}FUa-?g^ZB| zFqD&-^q%Az!S~P1N1k1%}rVnVVK;_qI>hE@2Zj1DRbaIbD-C~2ylr_2 z(KROWot5Vs?_GXrix@q&!Ck*x_mXgqKB_4373ce?@hvH05ozil_v@X*oE5i}7O<{d zRAt`P;-E~;yUDIyxQ}e%5jButDN_4!nAvFIY!u9)nW`gtDQmsovR*dho^DMfTflKX z^!Nk)%wW({0U;~bV7RE_4N{qne}ZFor41}3gS7ES<8iHXze;Qt3tb2YLlynCh%Rp% z)Reirpw_jsoxNoU8R#wNhiL(r$v0Gjm_0^7ZPNf=tcdluN&JSe_D*hT;VUy{QLv{M zos`Y|Z$=fG!8?Jv@YBgX%s;Om!IYv~OOrv?RUPy@d<9;gcARAIb`Kuq36T2{ z-~NGUPPXPz=kMW-YgrH6QzL1Q?7h8rRizI-#!ikt9sSKZ72(OiU3V1nQhkBlF*op@ zy+-;xGC-+l;gH~+gP0mW4xnRFe3xydGEhwmZFhN*AdMifCae5JuBtM>BwA{dzF6Dc z9o3XWwf3PR+Sz(@(|KpuzfeHzxUX9tCbvcxStRJerE?@{;ef{d1H=M*m48;`f$q6> zV-a~}4RR0)rq8HI4hF9@|8UK?PY8&B9Ez9v8U{Mo|7y{(ll;xDGaKU9G%)$Sk)=UY z>{WnNfYl@OU$P$cItZZHh1-0(v4?%jM(TL8;NFFFz+xWB4Z(DrCu zcL&vs%y5kv6Vx=Szl!scIsPa=mE=3>{C?^MtC;w{mz7V~AI^1O^PCdq%iN9ZKZ_)s zEnBfvRd9*vX6BdYzP*zK`_!pK=N?NPYiT?WD|V-uEO$8N>Fw^7?PDmdHs!>Pikpjp zSyD>XzsEO97vlQ8PpO~%y$fI!_dyb&;{mIsm^yS_4o~*m;Rnc^B&dO*;K+**1^w*Z zvPEqRZP})^QsMiV9A8ebCmK)M;mOYGYqjrzjjxD}7V4Bgdsic;&wa2MGApqYW=Y-B zQ5sHP4ALE7{DHus6vKa6q?_A?i})Uea0-Zg`Qm|tYD7a_GLYEH4xwjlz=BW=-n9ui zrE9kT;X9#Ye3^@2!0Qt#zno~)C4~Bl30FXJFkt~f2AflrCcj^BxNq3PQuq&;(?{gB zGj(@|bE)Tt@@C+|7noaNCXaTD?hNKk|!;aSF6U`y`sD4U!619;KAM=_em!IWWC zW*}HGYK(cgu?ow*e;v_m$3(t$ht@D!s`f~>x{EgEgJy~qMQH<6XUza0L!ikU@;_AA z&8?Tsp|<5-pe}4Fj^WcXBWC{iV@C!)zF7!5M9jQ#exPG%Y5w!epZN|&9RNL7ZFx2~ zWEeC~={R|n2?|RC?Y6of|6O777VsS9+WC*B}7T=%{6%Le8sp1}RR5!%Ru@`cJJ^2qii zz1(YDQ96!*Ly|-PA(|OcMrQo`0 z`pevwVTc$_q+w)`^OAK#w5w>rVyBLI(0-0QE-fK2{VH0? zztbqyXhyoEvx2z91B=ZnpU>|dN#(9~ej$Z%n*cZXVZ6gX0CR8?OePH3RH-PlW?6rH zt9U7gSG0=`Qn?^4I&#YC+8aV!7kUQdW&}*0l@_0fGI)Hm*Oc~X^y^ILsj#t>>}v(= z95#|*jtoP4BBAaSu@dK4Wb%b4nrey)4m6Dk1V85gg9pd&Fzvxbh7K9~%UW9z8j@Uw zfnkMG+!LH26{##r=2QOq9Eob}1s3J#M66ek$+2m%9L+o*?I*|tRH8RJG8|e%eN3T- zJ4tT5^fZB|>qpTZ1VLYyr9KLLb0pM=B5iu=cvf|J)AK>N$JlYJ)A01eS z@}^vb(Kk`#vi4P&B8;8YZ2-EGx4T2meIL~HN=bK8)4iae-XLh7z$%C3eV$KZfDx3? z4Fg6fAe6UQ8|dS;!=doBDKQI-=!5Ed2%G=bvMnO)(JiF5H@d>w!h-xyREa~uHPUcS zzx+6Ny6xn=>%^OGEfUxP+~(%M=7gYoo9e7N43uS&Fq-uBjQXFhz=w}a$fg+LWlhok-r+|)5)zzEO$=G zrw?U!fGxwpX=uU;lS5_t?+mXqwA80biXOu#bf4OjYH4gIb4}c;MGB#4;91%8sw@YT z+gaX#T60+yA%dFJd^19!$f9ZGa^-Vui1%&WOX_hcSx}Lv2KXid8T_@HK zJF+;imOEg=WqkZ$P!>vhXoTlihro4rQLJSctR5hx>UXGuCZ|NY=y zp_q$#+ypnO;ik!afv_+3<~-)^PhO0Zfnm1L@tFpNNm$rg#ZuQ5MRfApYnEdC^gfl6 zduL=LI49C+j$?Uae&V&}k#{Wp?76O!=B3BgNnY&zUg%>au#s9cMl>D0$_{rSFlvNz zE}4FInDZM~?U$}a6<|8+74OQARtg$n8sW!>R!q74eEz9lt%kkNeQ&C^dj>8#$oyi7 znSgxUis}=`NRlOj=uKMDlmZQN2NN2mg_j z${>1jR*Hk$o}58tgiy=79t(!YI^o*k!|GC9d{jN{tJc4#1=ubgc=cVz-W)71XA5Jp zl#mYksJDDPzCACEJy=kyivWW8pjS>EzSq+MIx)TrPw!}7y>-507l>K76FniEq5>*C z{C&`F9&BNC{75H&6`8%}WRI5ut=qJ4;h2zSkXd)!5tW1#I1=n=b3V8XQHJk@>zh5~ zf01JqG{rOe=+Wg0o2>9q#w^y)5rZXPMkFuxwp8|x*Ue3t-*sbjst(0n=NpgiXyAZq z+1Lo-*>-=*9njVxb5mwsc#UqhpR)s(db*9ZwE_3L@ze+EHLH>DVs8QZKZm{*cJ`p- z#~BuE=$(VL{?9xy^}C0IW5qb~8NFkk)h?`MG9Jc6Tk7p1GX0ay8yw#*`C&4`pZ295 z5n2d<4P-ks&bb>u?aw3~cAV;+VHC7V1lT{`=lP}818YMaq3)9Hi=1p}1h+g*-SCiB zy>h3FbSy+C@BG`itTh=>@gJc?7ZoAE z&DBan-vj-Zv@8BAU6n5#e_ZPZ^F$mLN}oTpfJf6mit0UOM4~hrGmMww`IbaZ=e>q5 z&NfrPi((9&v{)a$zk|B63k^ZHAue%u^qdXv*l%CwUMm6v@^K)@PXR^(=>}o_yD~d? zupaxf?fqv|ehT>xupS~=yOQZ+LF9orS;!C0Akg(X@k6b_{&Jq{kQkY`qL3Cok*mfE1?vjJ+dhA#=HKd-45<{WkYv6IGV0M3^}PKW#&NGE zeIaq_c@lr~=ZILtEs;+!BPg4~IKIO#m`7>rP(qa22+6mnv-hUV_A4XMD=O`xSZ1Xu|ex;q*yukA;bLM=FiWWD6s^l^nE2QIhjJ)imwIxFo)2Y!2Quu>SE5$cF_QfM=Bq~(Noy!@LNWHyjx19^7Hi( zHi+oeynY~>JwJ-&yUy!@6G~kW`GkmyTgvUpC0lt3O+zoxk1yazX+G)v`I8kzE*D~F zBK!YfQAK{rPS$21c&|X=&JfW({809Gog&U^>=|)Lt0dX9;^!;*vQJ=-7b{DYu!`{^ z+HVa*DqIOS)Gm`_R|T!b;o$9)(7xiQ>o2)aGsDClH@!=nA7hrfS=pZ%3+Ph&iI{GP zKfwsvkIh|8t8jP;R#liMAX9nGX|LH~aKmLyAZj4E?tWAZBtx$npe7}Pz7EH3&E#xD z;m&917sKrXfXGVV zhct2?PcfUV!%7@9J9KXLt>_LF36hOurDSdFzs)p+fD_5KwTE~_jsoBQSH008!cQP# zwXX;%sbqT?TrnA%iF2u6Mh>^>h5JGE^RBN;sZ-R`WfP@xI?lP9x&u|n=6cgdj7=e) zK5n2-`aYNhVJ^`=A>lvn|48kh-lsdDg&` zPYF_OW~5Y8``p`=ocQb!>mzo8*q8YcE9_^UqGT=eVD)@PEe(crj(v$N-TWGPx;g&J z7l$$$j-3{)0ip?NMe~eo&A(b%nOYVt*^e8S?`iFaR|CuK#2!>g}BYTO<= z(R~!pWjVP$rY)913R`zhV^-RqkNjSa1qe+?)cj?MfwXlU9aL};ZF@@tEY86jS=p3i zOVi*aUBQ{I6S5yqv}1KCXGPTP#P+&UVz4Q?H(7O$&61+mZ6PByQS^zRR>?lPsrKQo zi`N2m5%@iZmE1-jzO|-BkWW+!+ssVU>4MX>7d~`Zn_WB?p;5R~KIm+bYP-2OJaV9i ztLYuLMS}r9_rDkpR-MXyuRvsvy5j0F55DSiGo{%iO2-+$E!7KDg9WC_8ADV2B6&+` zHf%(rQpO^49g2H+#Atp^lvZ;eMKMH-iiXWq$#7M)>Uaf98HB*B+#{UjHX3F8(cd)< zU}|J&k*I|0v0_qihpO#%L8?@x4AtbLr-@#>Hh<4+X_dCu*>caH8CGECnz36332{pK zt)?bH52F7Pii_jQm)k#QWz!9<$Q@AN{siclDrg@&cSb0^_n{(ph_^n0i<&b0^c`;* z0MYNRj^Ti@k550mEAZQlq|z-q1%0DnlY^=N<_%}iP(jSu*eO}4lq_o-GCM7 zHO1?Er%$#g&w6i4-Mme@{UduZ;RO0#a589 zTW}~)!hJqJI4A9;k#)f)U1{cDi(~i!orUv}${fVM@J(1}k%e+uEk=g*E1G=mF=W_m z73aJD3{wkl^luweIrWdtH7vKz*>9XUj=z$9klR8&BO-WjrF|qMeNLBgdm)6E%-oO( zTmewl#c^E@pqQdU*rw~_MAw#AWNg4e@HyZp_l`v0y4}}P*jjzZ3FJ0y0f4a{~W>k1!-Zs z(7Lp8KCa;Zk*8pSi3b7YFiflb#~QJUkvGwZ9e+#McwnS|4F9*&JelHhyXXG85mWrO z!ra7@xt@s~d(6wktg;)J;Or#FJh51!V?={ERe{BtE6TotlKE%Uu2OUYY`9XO%p_4$ z85;>pRC~-|61&J(@2A#W6O-&AHO05oA;38K&^% zOOQOC#Bkv%A-e)Pnw~dAuSKn%+ZR_w+EoFa>E)jXyUeD{;4R~Y2Gdl3`0%2F^DF0z zO~?1#jy#7&8y^NLs|17y6n|A`so;QJaG4Z&O6797ufC_Qsp0rL!-f4aq*gX&E8TTk z&UX5gYj6ByN!S;%(i9V>JtXG`)cE_{#&+@K$ohfx-E#S)3qk#L1F@{8E zX`sQx`3k7L)d(*pCJ>Cs=Gkh;Ybc(Qn_QIrHc(4|g!QVkA2!_QdCGsY?o~!55yMe* zXdICgtV-?QFJNrSwv~*$dP_4b3F2ohK)sn@@Mh9Jb7Ep@IxUSe?MDp{Pk39qt-h3d z1Uf9w2{`14zI)VDH4BUC0Knk%ezE&E-7mvz0!V zbE02>h7UxXd5V22;NpyxFXAs#lyJLM%^8Y=`YX&uz(YM^#CQS`0e*F^>Mi zf^-+@?5$mVyF3Ba_#m22U`Q}`n+^Pyzyj- z%T435r!CuIQM%8j0>M8BfQXhLhrf}B{xMktCBxiM2~g(LnTIZ=Um`8~%IDw%(;63IwIy= zsAq#0G3%9G(MAnN?u#I0rWf#$8rTQ-`=QfE%YN5I{KYpd-0iKj^ahmJknkP^eTHYo z%a>9?V2>%44(s9DjDx(H#a00|QdzZRx2+k0WaGF6A8GmLnsHgGrcUWJ{dhXBAT3yE zON+kWrveh7PP3(YN~a0m7O-Ir3lh1A65RU1m%H8X9H?eQkiJ3>fTIhnJv7+3NeT&! zH9F=Usp{F$2pmM@Qk1W1%{{ zz&oB0P{VQ4pUE|x)C*rv`}RajOnk#T4!fdse(^y#coyx4Q_Vu7+@_?1dy=?Drl9l4 zfpwcZ;ntbmgKL)W6lAc;zo(R@KxvUXD&>w*d_C>6w_u=zmT*?xMq5^5ymN?<6Oqb} z5uCOzr7Y{pn1oU>BTvi<2!9;2R=M?(%#`@UM}8Uzf#wNecnibrx7n!plj+g`M3%Hi z^`E1&ybSyKA?yjR?Bx5+^X0_}i^2O>Cwv53``;z5FFGTkViI^baL~LF7E&X3=1WM1 zfEtCYQL^CHjGzv?Jj-d*(+BUA3?2se44G>{CDC3{!0^cD4i-xfe|$`%WKLeY?rC)b z%4r3HbC^|$Tm(Nf5a7cYZ{W@eUs?S_c9iL4|GSdiE3?g|`rlp633cBUlk!_V;-`k$ zd}e)ZR#5*@`512<_I%CFAZL&&-mC-(S9{EQ;v(mu|9 zozFWn0!F~fX6rD_J%G7IgXa8_*l(mwos_W(oYMr67=hMccSX-xGMkdu2FWD)CgQFA^fqZCW6>uo0P;2QWwGz1hMM>F2)50;$;-k1)V_(#kPDGWU21%_>;VSlP z+EyzBGsE;@K74uGS+w&`S@E*B+%a@!r#N+~k;{3GYVwK-DfOgjgm8-{dY!&@&_N9j zLbj?7mI=TTPeS+gf>R^0kg4RyxHCQl<{aaJ;Lz@~?0pVa>il@6!{3E3VRMw(aAdFn zAM`Tdv-sQCf;s&~_{|{d}h8)XVrj zBKdzPT9*&pu_@`yp*`bNAZK6sRa2>t2S>`Dxy&d|irY)}+0fzCreMI(#emqx?4OHM z;Kq)t_n^n4<7G-oXWvi_G$#Szf-%#jkoohHjsr2i0=2{`Kc?Bm+BhBk*`}B;G@yV4 zEv`zTDp79d#}&oXnEcA1p2!p0g@?$Qk(Td35fYf4v%XP$w9t}|y{@DEB<3TS6q7lV zuiDx>;dGC3k4H$9HFqo>&5RvW!hqG@a=-CXqu*@=d$G8Gge46e*(@L1kn6I-SFQ8k zT!2x;OJoH)ykd_(TM?yuICMyVAl`8HFN;X7AGMgvKr3tTGvYB*NnrS1Pm~O>incM( zD1;4r#1JVuZh!KB5(Rd=61Z`iu|EfD;4mk0o^p|9w?>y(L>{vq6CCI5%*X=PBiBc% zT<)`1MCd*N4;nJ?!QW%u1#kcMzIvrwBNj%LvGM<*-GR>Duu_5W*UdK3CBn znTlv^6%)rfA~{~u7R{NfK?f|b313>8`iU!Uq3cip&gU+7E%4(tO$(2?TwKCFXRhjxC3BkI!MfKUJ}5XyIWbK~vW z_=P`<4&hR+b0Gi0X_<2V%iKE>O3FIcmd0%Fb$wIN`(&GUS{7&Cju1vBsER|%s{;di zXO1NWAz{B1mx>H_73$vk_RVu`YAT`FGEU38PvU7s63h-b?ddchHK60nkgA%l6f~q! zt%FTpA`sb%&)Jq)rUmf8AT6bp5&Q^8!A7g}$4}|G?%s#N@cA|itb5Ptq$F@| zi0?1cI&RX9nhl)mUbK7zr`^lkcRz_pV8e(m_ z1rp(0!@7V!oXDKt`a4M=5-qBTnH}w0TwenF(8V`%_G*R;lYXlTc+;_ogD%}Is-75m zK*-GBT*^5Gs58Idn)t$1jTV_mqS{Ol({P={6~#i+#b523e)H z_B0ap;!0`CIeqc-A)FJ%^l2a4Guhj=KqULP9>Sy^KKmdnB^(<`WdBVt7Y(rF!6wy> zR^ock8)9;O;-}xz{2BxP>y&EdHsHzJ=qe=@agL>chCE_V*wk!^v?)y?k9B$-meyqV z>$QEJ%z4@TYf=5&`Ab`qMQq65Os1dIx0qXW?z>N5eYjF%f5X6i!m3q9qRGvZxd@5< zBIsk7RP3sL@M-5iCdQD(!zeQc);o94gOwL%@IR1!Ms3c_#*S^8zIRy zvSd6IVa76&WnwJ9`;4~t_rBl%(%k#pbIKjFCLol$dmIGzEL>+4iF zX^LIWV}25J1MOe8Ga03>plilL^6FJ+=obsTX-~FaXwAmG5M~}u`fO(>*Bi{-HPP&{ zZRbe0u;a<5EZI*yoA-z)GoMTw;=OgDbFW4g*YW4)*wK^swy0t`&A0LDD5|zcXoxIt z54_`}XPpppYOZQ#pmJX|VGjq@8?F=Ou4N?RW5j7+$YL~Rdd zYh8%$2HnYYs=nTSdV`YP*&L8HKU5U!NnF_gV;*OkaDMM~PpeQL+X#Dhvk@*zQZY$M zN;28p_N5T7p5JCE2j)oz_yf2#MZA4#*4|!6f6ZcLzz*C!bCBO8&N2DLh)#UJQLesf znqQBtNcv`F{6~Y;v;*L(8l-XC_-!#89t>W!Z%C~2CR$eesc`AuhB)xf2(+J6Z7q_1 zPMNAQdb3<2_U0$PLCvs#WT`raNE4W>eCTMAK zVFug_-zhT+9UZ zHju<3&e}B>H+`bs-EA#a{kL*>Z&Ajy#ny)Z^1LlncgIck{aIl+QUq)Gn2RLcw~vI* zG(l;oZ^(*g45qYZZTqr_WF^DDC)$L0jaOA(lO*xYli@ za>h+;?IPetq}1ZLhl#v5C>aG^L)`)1@kWN$pmp2e*Yn<&#H{_dr4a*IFj#lr0;H!H z=J9nAso28po1hB!w#`uEWt5X}U@7tjv5Z`^(*sQ=YDyG~2%94wp?J*ub#Otp+jU78H^C&{BHpzGQuqp$r zmmN>jo{0PyR+4fhK*)5Hz@|=rfIZ$r6Ez9U>e(Jr`!+JWSUYjmu!s! zBXrlJLzXY&F1V-p8J_YVTD2U5 zH-bJlKQ*=wIzLix9A{y^1Jh|0Wkr6&P3FgY=1cOw4~Vl9N#{6=Rh*V-h;ONJV*8@B z3tWHod=usp=s&2ef^RDkEojm8vVXppRUNtRiDl0toSesb8DziaHz~4CO!XU}fL7Ig zq?D6u59D;?Kto2Pf1vN@9p|^fD|%w=2X$JoVX2}-d>c0@tL|7GA@?lxE()D*)b#!$ z(N^S$)RxB<6dtHq?kTh8*W@z!-);nM!SZW^vdv1Wl%hcwVr21jT-*}HJxwka+Dkfg zP2|Y=^9*q0n^>z~B5MFtiDI(xLbFH*zp%UQgxliOfdzln?b zXig!UZiE2zwmLD9kN=%OxzgGrM`1sNx+b}!UB_lP{A-rQoA0~MQai~bik%SE_=`t< zT~q|!`fS2d^Vs-Ja4vL~dIp)k><5iV+*t0J4g0M|=Iv0x>ZCJO2yIqG-U`fq_c=zW zJwO?ev&eoU%=nBiMi6v((sb(ENf&j90rsfZ;|r&g-R8^R(3>H%FJDhCmf(BCIFhvA-n=$ zF7TzyJ+^QQRCF1oaS^ZzawU%o{hqal=IvAEbbGz%)o;GSp$4RIFnvrTUh8Jl-v?a3 z6S>!GcJ0W$JP5`#t-PJHgcBw&{P&sSrqY| zAwp@-<1Tzl^PB2v9ZBUGc(&&^)^pO5BtZAKgAH~lJ|VAoRs~GYu(*0eiEi1(C*;WLt;9G680nmG=2lX4P-6@$%GOpnnM3&U-W1kT>@Tdqo9nbhO#_ssa#Ioq0Slt#PNZ&XM?NvKcBfUR&~*on^+j77D*a%h9U z>Eo>|X|(F zQYrm#iaqoZaoi9gFcjEx9vxo(Rm0&6yFM&TH>- z+i6vc|4?F!UHnUx`XV7i8pJIK2|5cWPkM~l`xMST*ZFPxt()NuwM(7x>=p@heDh;a z*&AUU#CFED{XGrHYXa1hEV|)Jy89Sktv`b?FV?HG$f2qy;K-0~elwAe@a86&! zykg(e>5h*Tx|A_%{-w2${C(q}F{-A&X~E%nL><+vCaL&ptKyHX+jzyNMuDxbrv?}N z)8taAD}~e3FZ|rejK6m*d78A4)Lm557dI;Gw{ER2LIHUD3$a#BG82XeII({kaZLWh zgUXCY<6cPL;@>d`kd7WM%QvB7Ipa2+WuJ)v@)1Ec%vjrRzjjsRh%E>?hqgh;b$8P1 zk?w6e(SsIBnG;J0E514{&qe3X(`K?S?6Hd%RH@}>vB{+&bNi$*Mbq+eY9K_Pldj(8 zI)45>>jq54iYlHotN-F*g2{?OaVI#c4ZBR#UuExe9ZCofS>&QBXp1Nfl}SFxPbb};=4^9nLGv`0tKE@hd^SdVNTC{ z!LgK161ZY2Ld<5*52#RgM3yqrld7-6=G!oXh|=%1h`^biwfj~TV6Qje7LK2h=>mxH zsinilUl3n<5vRKa$)lRNS8^1TR(`@~6CAW1 z*7a(XH{i%rqw@oB5aP6`E+N#uqT1KhUUkn^Jq2gX3AL?-mxZt~!3Smv zFIREnkuPK4&R=<}LW;{hIhfmcPr88-G%>g4)Yp}uidG-=i9s3uJ)CUgAe3UC{76PfD%Nvn~(VBEap$&3xM2^ z@W^lZ=JxnTSgObZ-FVa;T%Q^J_Tl?bE29GK-pB1L$##^s>I?*S*7M&kn1xz>0Bdet zpTq(mXCyU%KFD#m=W5G3Mwqw5ZBia$9dQpu@`Nz1U&I~zk(8r}-7Vc$8NUg0ZPaT}QoTyZyKm?lN3)5o78&?)rVW>(Di@E%0?CT5L$g^CpFA zEXF$At-tVoJYFt=+;)?$N|hs39qm;QfR*_qApexI5aAAh5tou9J294d@7cnw7uC|Z zn)yZFC;3|qGc&>I6!F7_s55qzzPsp364(>sj=%C=Mwm48b9M< zaQVt4OW+%&6mv;m!s-@)SWR7x3Qov)X6kM6oR%t8+J&ip7o_?uOg5v%Z!&9_v34r{ z@rFMDxB+f7t*ShB&S-&Y79%h8#$cYO-_+=xp;l~Vg`i$oUEe*wfi4AC)|bcE^2!%) z1&V!7@WM6Vo?P13vJqTGkQwsj`sje?*QuQ1xxbw`7I^yDUYB+N%obdr;DW=q)l;uzbNdf1 zX5{nZu%3sfb_yDPO*2a_T#m2UM-r9O9shg>3rZf_qwhSlxK0{q#2;;oI$&OX&P-*0 zt|$#-%zvl!i#F&7b8!P4b6}{pvWZ=KfT4Ygn-R(md1b-TE%vfh$v}^q)#D-3V}Rc< zX1i8!^^{4fzQ~eUxH@6Vu}>SFY&4~a8CywBFa%$1<5nZ=z)W*>FB2tB!&VREJ|x~m%a8~IAHvkrDh$|M!YzU?dCUuMi z0q|t1;;eJn=4d`7vl=}@VuGIf*|Or zQCP@PzXfy2?#_-`e#>6(O=qdJ{P-}piQ|#wVy6q1N=5qZ+fqyo9Oph^bj$69!j$oz znj<6UN0wZn@uxQ_2ResEMjj+`&!_vnFjz`|#^T$AD6n6(uZQl+fbZ{xQhWed)CFqv zuufqyxe-Ul|G=dp8zu|_7dm#Fx$;mS;}y0%xf}Q4?Q4rSL5Aa2e_b(Jt%3|q0;g5W z4%jJLrO8d@xz1TKnRK1<#ms*j>8$xYa@_JYS8i`=5Un6O$GfDVF?wI5(FIAT#g#3t zbzNm+mg!r3A;Qk_OtjwJGMe2HxlYy>;iZeF!9={i|jR& zk$qJ(HUGA?N6)=iNw;HwAh({H)J?B-J~OXQdMT>dhL7$_Nla40tW?@j3VQ3q%r?PC z()`X{@{&PT-$Gw~FC(dNrMQz^**Eim{YtD7X|DV9)TZw@IOoUQxf06Zt&rG>*xAvb z$gMka$(A2vPOL%kGK<>>uHRc(?7#AIsKa+f)@0`Tmh;7NgF)A%cX~VvZ=0RUI#-%K zI?8Gef`akT{y`_O`GvF!JU*|6B57L#Zh=6jG0>w8?@h{hzpUq)o2IVKR*8h*A{A1k z>kMP$ShvCA!*bhPm3CVRJkfA~XTxC9A=gc?yD2ki&)6H8&CqQ4DvWi0Lf?Kydjm>$S?@zt)U+1=`2&h*STw50&K zJoQAfA6zlNkavCc&;`fW_ob+^b=db?;X|09jDF2xbRX$aSMvxDk`$a$@pZ@oUnqx( zyY0z0?I`vod^XW4&nzrP_>Xz*g3lwpr}yz& z9PzmXA#^M0sutfF_s~4AO%bG@Xq|-h2n?y>FCE1U?y=4(wIg-!Dp-&N{my(9aWNIw zC0+Il%YePTdIx{79AFlRHN65FOKfci_XXCn7>V`Nkn-NOAuRhU?28V$0ni*lh#4lb z0N&w&1o$N)i*_m<$Ngs4BNJ(60|(ohs>{jtaP zve=Mv^BeP;I+6Jj9>oe#=bTb|sL6*6`4S4950pKzyuMeA5!!PoDuIAxFS4jq$I;cv zOMPrw@|eMvt&uHq)9R9app^Fq^_Y%fcq}bNGZn&vn#at9Scz?`i<6&|cI=Q^6=6V9 zuKk4Onxy0Kcdrj7zJ&>XcgsSa>EAg6o0}UBc;wB#y4mM_F9O>ogkhQ4ydBSq%GqKm1~2`R5!6xXHVnZdLm+gk%glBMxcfNFycKSf#0+MMr1z>|V<*ye9VZ4(pZ0s&_VltA^FOT7 zXDlZ3Ea3C~Gvm!kxv}0__0MUDmGrcw>j*YbuySDG`o5)31N0 zA>$k1TvIAp@!I|iJ5ui94=^y&74bsl1jUhLQI9{`s_$!|O5F~gk{umNxxcH2wN0z9 zQQ*(C^DO?75GE;X2xhd89Q3`)0&>u^Smtk87&!z5eT4QZ9Wzjh1ZpqQzPk12ZvlRo zVDCwco>LG-?sW5n1dZPlx$@}pZJR92^f2+FJ$cQp?zyB3lhj5`_~gyP4Imf)VfXo4 zNbYGrU`m>M;57j%h0?mW&**9_=#tTbq`-CHId_Up!b*4c+H*I6woFGHLL`sha;Tj= zBpPxy??!KkgU!h|CpH)M@!pQA5L=tmD9`B{%!-wJ=PE)W;)mH%iP$h*0J2 zw>aQ%@U@>qCNZQbn~)Y*;eU^qZcGm3gL~vrY-WjTx-w)nr)!}YGqI{;k1^B9-Giws zVoFhH4jHR~=lTJeeq8wABK;MwMa{OThv+mlr_@M)Sr zw3QIwN9b#6VqeQF#0Rv<14j!qW$q`5M;Ill`Da$>5X@`LS8v;E>c>$O2Ew*~xb6Zv zb#Dd z(t^~tpcyT2`LUQ(sxT9It78ejTqe<%%$J#jNfP%lOynUS8uI#NC~Lw)Uiim=7ENk( z8|K;>uqPd(yhu!>o7~(9bJX`K_mWmQ)DyBO3TPDUpHLA0<`@hv9uhcDSE{~)z$kcs z=@Dfq*a`~_WrY~(LPqJyb>(YA665NS&SRSs`(}^AuMYagqKyeFDfXHgV9*cqAAu2@ z=M!=i2@%AT8q_WSu%8N~iD!y7!L__A#}2K?W0EpyiT0Xo@svQGoQ}T79pRV>KF|kP zzl0y=*XEBMKML>Zf1nKM`Nkb{BYXLsG3Al~ma94@iu?g~x7&cT+cjR#O>QH(ddeh9 zu=vf?NG4Z7#DOXeyaii41{;vg1+@M(mKU@wJ4CKtnmGfE1e%O@H{7?#Br3+7!+~CE z;^^9tB1t76@MmLkf7fgZ-x2t1M7K>C0?!akGF-SCMt%@K@ zr)Yg6eAkshwsaF8Ab3C%tG1#6w4;GD;e#dm%VrGN*5&- zA|D%q0cOcy_a=s^Ky)lN22u#PQipR*}X z^Be#sPudIcPDk(#!a-%D-dlGbqJRH4_!n*JOF-FS-b^zM88ZJCU_;sk_ZYN2bWI~( zEs#y4KWSF(PW@+Nh-OoKjjHbbE zRFi%4jCEObeHY!C23DdwG%Mdxa%+yIitx08S+qs7cx!-KDP|bi5ol8n9Bs?MLOS>t z^Dw{mY^=1<*uZNSEo`UvCO42_kXPq;CAWz zRSvQd;{4I*b$VWRZ)?Q88@Hf|-X}D#5#Z@fQa{}mP1apsx03KGilRfu>S!i$YUDRz zf#h*3_4LF zu6Uv)@~6!arEYYkT>yiDO0yQV=8Yi%I%w8;;%`6#&NyNM^3aV&dD9oUhUoAY{ogcs z%sf{{cbLAqN+Sq2fVU9CG->>x$6g^rLRDwof8uI5cD#nH`pvJSgAG7~PN5M82rgA~faXRr&5-dYn2@XhiOa0FfkOk6 zXy6U?*AZ6r_pi`*0_;IRB<4SSE`tp~!n*ChF+&%5?jP}X2SNn*wZQ7@jL%pJk_d0_8D2xD^B3dVPsViC>IyObCgfbZO};T$yPS|B1R&QIz{jkJhy@ z6M~_8!g>hjY6i^k$|d$6B+rk8qKD}GOeE*whe2GR+kq@?Wl#&?WGV=Y>Z|??+mlMJ5nt=sIoK ziG)ce5WolpY-lsSe?%^N+NFHLQy^M>)>)x1&jT}&^LB?aT@22b^B{U56FCH6T2su0 z?Er?z{@-?oW56~uF%?xvO11gKjOGzoB$C+NL7xH$R0uX7q%-J}R^<20hm>w4J++zm z6`~OKpN#ExN>9}0&uD7tAoV!JzP@^T(hIP;>YqBu57Vm-)>6!>apY3HwU~h#Rv9f98Vp*a&!602y@7(1AMQ z4%n|9>iQ3`@P}#5#y5wj1$F2^hHM085EOqVw1AXtOny#I1TOM3W`JB5U?Gc)%;Y(^ zlg18b`YrCQm#OROY7TCm77bbpaRh1Ox)$cy2rJ8LE5r!K3Z;N=vweLyiMBxdkpVUP z;emG)F_uA7vkK2ws}9d!xGj@;KCUcIswJZu75P9;mKA%iU0(+^ zX;hK%8ikyCrkngk*83~IwdM>8gjIQ=7E4i{c@<+`xTtfAt7p?)X)@?<81<(Cg9EZ@ z@w#Je=H$XFO9s@spx%n0p3{-?4~GBRcF6tpLxt1gy&>Gky=+R(-wQSfV`gLxvDssl z?RNCe<>2j%?8ggFqL0;n7WuG)u-W5Dq15IggBmGac?SIL?I~gHNj39_?<)x%dQcZUK6Y^%o^geEg%`WhEeiAH!ZbhWcabNiw!!<4z^s| z791T(39SlJ{~&s=P33foD%Rf*L$z^|B^g-i9h>$S!TL7@GD ztq|4Ai*oSxUpOHX7D&$aI9ha#Sk|xW8Y8Xym!G@$tD1pnOKVj#Q>;PZ&ggF5B(cw6 zh43^Q+uE!Yrm@JLC&)XWcdSNIjOX^K^>e+ti!-*HKDs3>_UwijhreoGd^W(`gV#;9 zSk0tLm{j*&pQ&|RXj59N96X^EOBr;HPt^*4>eEp}eKv4qRd@U9c)x{9moMZswXr7X zw5w}SneTAJyP=iX*x0Vv)ux7T5;bcxjY2c2v4azf;{l+phq4T5>lXi;=<02l)Z3KT z+35qi)$Y3}Qev(R)9&n#a%93gCUmKSDp)tUz;L<137TiN-`G2gZ9J6<&11f^xBXLt zKAcjT?v67Z$tFC#Zt-;*fWvZGiYdqwjdxNoukczOw2T-eDOP%neXfJUrUU0XsXUa` z+Udc?l@ydyJ0gPMC(zaKd>Ty{!_M=bRh`Dq4c5O+oFATgUV7T8U=fWCp@^yU3Z{g( z?r&eo;V=lg?lDv0YPZ;>7S3L1x3)Yp?6sIX_szCq*}!yf%Z}A5UynsfP1IN8v4t+9 zf^4Ur)-~FTjw++&Gg3ifI4Kgq5!c?YTcAbW_Lco43s&reJ-#-7bR_wVGEe=qS7cq! z%$V4bhGgn;8Z0%T<}CUn|aFMNPNj~e%ej`xxD|Sy_S)6-_w@x1D971hg4PVI<$8OshY>J*5Zjp zH6Aa+GTVlTD;1a6G7?ap{7JAYf)e0#_bh-B3}7@|&pxsdu8(NhRom$uvN+iI*?0bH zUH(+)Y`PPP`WIW^fdiZ*`9jlsSlcm=pGo<(P$*6O@h zF3`;e2!$B}T-6XRw&d9kPl&KWdMlBYGJ|S<*8*`gM|0!6EqmXaK5dQ@s>>`r zRTuwNnl<-)JIouDW_G)&lb{B~IeY|_MmtAzau{IeF96OG*ZpqiI>WuZazB`2nGKNU zQJ(xouwIRtSb8qa>_RXaD0XHj9H@jYRX-w?R_^DpYY}z;bpDacnM_V2T>iiA)zr)HqZVA=-5stT?}V7Qa0@87IjFr&U~p zNo8@{FgqOETi8j`7XG^drcP+5#Oc$YP@MVS8XVLr>0k!G7H!ONxs2KjZIL34?!a(~ z0YVE#@8d_Inxr9RY(Xz6#S|4IkCD^RF%^ zmM{DdZXuJB($$-P|!Ai?&sRyo*l z_|S7}NV!SdcX4@4C z9{UmS|CZxHoW3gtdk~U2^-4_JG#E)geo(L=$PLoWz#~xj81IaViS~nBummvMzvKM6 zN}J1Kd^0MB+u^p14v_+)$bW(KF75*td@zhs*Gn3BzAg;2*KbdMSrX%qJOZrLS^a|u zo^L`-yslCl?h6+Thf?Z_b{eP8saWxrI7S8Fv-G7u#WaMiEg+&!xRlfY(RiuM3@=hF)hp)0l)e*cB^p*#ZBmp0D zKBJ77C!pwKi5i6cqN4`v4p5jSGZjY%~;6hSFe!5Sqs|AVm7 z5Xx&`2~8RM3*%#-Uh(k?TI3@7zxfqsvUD<14Xd6mSJW~>fJRQBe!F;r3f>Rlz2b8y zv6tV~urlctgU+J(IKh4Y*6s}oH&A~FrC&P!zZ@@u?>jG8Mj+kK=p@y7kgk86)Vls5 zj$g1Xo zfCB?in~(@Kf-k@Fr$C8S@7z4f*Awq`-rTkxXhyvDXBfDO z@+5f22>d6jhVp@6Y=Rbz?-nsOx%CT$@Ag7)C!jHoxU*Efn6XiJ2T)`9_301KPpe?g z*b8%C!#uGu!5*gsdg1bOoc!K7@TY=KiGV5^t>4=Bm zZ7u3J+zcu(VCMz-7+2@h-h>u!8xCatP4M~MOgW?qT$d9ni=vzZM=;=dXu0(QWdSHq{w`k8H-{KzM`iMQ z9Ud5lF3(m+LIJxsT{)UR=D!Rj0L!mqbUq5Li8Tib_$5-V6DS^aBWF-&VpMQMk00>P zKL)dcilY-anw#RLANt@y3G{gGF;KgSMuQ3);wj8O^hPhQb?+ntHGE;otmrukYD);t z45QHh%RP`1FMLlul#Wktxv(e=Xb#;#mEW1)D+nDr5Q=E~(-gNBFIo3PBnI*J zvULjROFRP8u?kL$!G9vkru)d>#4~$=2*2c^G|COX@}7SoV`2Wrd(4eCj_Dm8OiGPL zBifM`14YW@DCER>{TXZVn8Bt36JMP-UT>7w%4C)pi+gljmzIS0pW%bM?_+h8l7Idd z08yiObs_MHgO!gs*Ng5k22r>Vp7=~Z?&yNmi97cAsu|&-;&E@b;R87WTwHpClylCH zey(hJiA?$8@uO-DRM)SOok_EjjLcHfwZ;&+GEOI~QZMddHM_tgayC#40{#zxboB`a ztM+>i<}!pGwxwMYvUZ)1sH%6ZwQQhBz|H1Npk zs}C~0}yTx5Ht=9Gn zOY({Ju8n#W=A()=2S1E_S)P7!7ThP4`G`_#Q-0^I*iO@Eid;11Vt?vN<#kubrO#Zf z#G19l(LfsY>QsyIQYR~S#mVv&?D;L`)|qBt=9fo6y2Z9;nZYl!Axe24R{UuN$73%r zb!kw+No~h+{`D39L(i&b4wn&W1qQUK!QiTzVe+K$$i(axW*Pm?{2gvbr2vb8v-<4h zsG@jek6c<*^ZvvU;n1l_rBb}HNx(I3SK?Z^b4^j%t6_(EKLVYuMz;(*3BjIl6<4km zP!AIxY}Z8B9IFM%B=$bbo6TBD{!XnBkQvNb$T(A!*K%FDFi>u_B0MsHF9JiSc%Rqa zzGTYKpTN=1&a9BV&k@NhitkH$(l8JqlULAur{lC;2J!(ShXjA)rx4&r7dmM6gKfXfX8O%jM$RJ#>rvn| zMeBOiR&wvrI__Ts!0qfGZ@XR6r=M-nSR$uZ|4J#!E=m=)P%6qR{yb6Zu;Ojc&0f@J z%-W}7(*2%L`7XJ`Wn#9T^7ZP%P;+YN$z^i$!pL=f#mYgdDfH@|;=}2&`Gp(@{xF|H zDd6)yy%*%0_gKpxdA+Ar?g)MlFIRykwww?kS#uusWFddtW@d?JW!#5`X^+BH^qg~6 z=hk)#*e&Oycv+++zyAPCn83&uU8D_tKV`kN^v!!|X(5}if6H{f1&ZCcgVFtD(fQ;c zTzNO})-fy98DYIUGa;MxwoQlh>)vq&zmgcyqT2QkUhk}~W^c1Eq8ZkBlMgl8Q|>Us1|QlXS(+eM;2dk64!+~pQroB z3B2)Exg`*SRY41!lLoHf?wZ;CW~R$beM;)I9+|Kro~Uj}Yp%L@ifoZ+%uhxqh85XA zB;LF3I!HTg?euQSjZ6sWa#|eHIt<&->a)+BXfEA4oC_}Xo*mQ>+4KL@bSb+~0!3AO zGjA5}wziTTL%{jTSQvS1pVYy>LnpEtp=Pz_#o#u4-kC4^uji<_lz&^p(eio-^@a;K zpR`RB2e*x;a!%U<-N=_>u(N02%hhTedKzCtzUsc63VEwG@udm8<(=UpRqnkCPZsdE zdZ|&XQ>Nlurtig3!o7NV<04lG1nI*h5RYH6T$o$rsjZoia&KpaLCH=pyf`P z>7W+}F3x3~87&z=ujS=9PEWo_9S`pMR;jN=wV4qxXtUP$Dq{VVJUj&5tq|Dl+6l~> zVhVn*GDk?hH^Ou><>4o$&&dyoOphYEb0s)3s~`2r%k|VG_MaA7Triw=fZr@W?KO$= z`2NC&Z+L-Xebv5c6(`qN?>Wq^*qai>*5p?3+S`!~0;^9oSFWwKkIH?4W8Ny>0$;pT zY%)B@j|JKE%2VULw3LQe>rvF}ZnW@l$+ct49X=yN3(fUKF{y2?^N+M4RL!fnG0%ZF zXr(p)4kv#2?h>EPKOZJV7Bz>~IEg)L5)Uk9fG@2LXxAht)bYZM`CPMF^;6OHGM)Tx zV86uA=HKf}C5zaHAHQcv`9fD`By)Y?Kh-(0_7dAz=#uHf(U^2Qp83u>5?E_m83C zUY2ve$zE)sZc;8P?YsHHZu$Fx$boo5GLaC#sk2gdx1sf*+R-4b6isCc3Tvsl_O-Ro zGQ@aLEE?yRhB?sb)Z%*MCEI|sZeb&JVnsW{cj117M+8SUhS(I^zxL`R$MDuY{a3xY z-n#@p(lNaRd6+@@`d#J08r0S<9PRHeb>FwMv{;;{$hUl>oxBpWIW9gm+Hq)^j#s0O z!E zkyT$l`cRLxbQJ?ZUM9G8-G!3KsH%F`IMH8;aq@>U0C2JcmZx#%V6 zt{cPOXeUWQ@X9vB;cT3r$AUW{k%N(8a(_N5^iem%4V5@_waA;(3^xcXPg?ux(6Xnm zHzw+MDCv=S3*u>plm^a2U8kcq+#tA=Vz}P9gXasvqadJXIy;20H>L5_ALPRMm0P-w zO&pUv6N8K^#+dyW*R6$>Ybp`$YDirEXc(55CKC8_oy`5`X?T-7%|N(%Pd&dD)xBmwuuy_aVnXL0oU@>6jX{G+E9sE(Tjgn(zS;^Yn9WWNSVajC*^y(Wa>mlYy=E^b5Z?TTus{Q1k}?cWz9+}4CEKz$*~x?ezWL;dH?m_FkY`N&enzrJ zf%GHOqa#6@53;Ga*v#v~5o_<#cQTw8hOI6?x%)xb22ttxy`g0&thioj-^C|yF#T;b zTB*iFec+a{f@4KQsRuR;f;ME)H?nXj-BQ-4R^us+Z&y2SH%+{KJ$Pb+`bl7H<~1DA zJ#No1z-rkgXam^5CI$vA83u;$(^}YaZSq!zt9U8S7&HTeyD0?vAqfC@_lk_h@7%6A z6*_U77%qem6r#{I^JdMDGW7yKTpC3y5M5u|uT3?MXgF$`uidM%TJo3oKJ~}=fY=cG z=}1fWxO0=@JH`_%x+~||F`2Uyc2V7oP3$lDTRs`dYBspEtbTrXG{FDY%&!4BxztO= z+_?f$D>+8wSHANu3v)`WS6tSlxr`;D6Sm3+$-d3fOPq^gFBIkQMWoW%o@RA&^GcPI z*j|MLn;59=$)T>D`E>G&<4I(=mk zGO*0*X9K>V-SRqfSs&b9V-g1-{;uu@1_pUOvS@=WY;%U;@St-%#WAWO{$u^r1JipI z*T{m*jt=_1{^t8XFy2$tYsls)b9Kr@1>Ie4UJkFTpQYV{%T59{qhBJ7B5e+>)K5Z^ z8o{O+P$atQtFnT;Spb;ZI9qNkig(FN9k{HLcm+{PE$`- z9ZuQo>Fd;IKvi_@sXM)6TrA^bOBgYwq^3Mqm5l$A9vhJJ-qTZYE!O_&N9({3U0`{o zN=$t70t&pg%G|Q3gc%vWB+c;E@#_nHlSwcPxL_Y$U?4TCTt%Hv3oKu> zDpbz&@`e2}u57x&E_C3g*-&%egNu*!oY4xpn(079vhrStdXbCWC%>ZMk`FMP13 zd|~ZrcQkWyeWDFDasH)Q$E~-66Ql85K2JhyJ$EuN&{zH2o2=M2D(h)jx=IO_txAIz zE>aNRT_bnr_PMe81rjw`GI*sc)x&t{&hu# zTsguU#?q$)+KRVpyik3?dj*QTzx%kvw(5UVVyQ}*#g-gDbX26h zS^?JvZ9fM6@6&46n;LV{XcZRd8y%wjO&Fv$pTntw$Fy!Ja_@0;knu6Qvd;~Kj`Y$x;o&opOhwHWz?`KPveYvtLa}S#Roid+p$+a zyG5h(+P7}kG27u1y#0iE$>ICK7fjFFS-A~2Y_ApnB=k6*fS>&m)T){ICU?L-rCe8z zN;A10-4IfJ4(rV0%xKo^mnV@Dzni5&;ytPCzKW{ra02u9n7X?FGAj z=FrjN0p!0Nfc$jV#e@wS_oP+J?p&*O#7Pe>5-Xyc_g;KhZW8X zN~DeHmQT?FgVz+mgtOjz1{egPn4PZMU=tNcYE*Bi!#6R3{5&7nw#-Ai0iG?W)!YR?{+{c0guNR&P zJe(pq%e`paXETv!A9m+9euE)V#e2{5`IbuOlCGDbwZ+oSIsq3%buT9jd1kK>w8c=# z+I`0x&1rdm1^Q1m?P!~f{^up&lH^}!4wp<;)Z5#seWKyc7CZ;?`f{FfYsbcM%RTWjt}2X zrEyNTiaBXOP*TV7J>|(7Yww#J7vSdaDJE;q%>rknW?+J!>D?oaxkB$Hb4FXfynj{S z{bsbRWi)-RfaqzF$d8x!$HI$IS;O@Z-@&FcmI2NhQDvNZP5lotN)O=7j00&MAM&f` zc(C)1d69WXeaOpXj#c)u_v#{b_%Zo1OVutRQq=8ihm_?2T`X#_X;|sr z>NRVTxJ_$0zIL@!HYTc3E%jxb?0b&L6~n!$S31{{6%%v`jk$T5t}3<1rnOwX6b|)x zabuJ6-|x%filNMZHW~hTPo12KyF3YTZ z8i#r&k|#tC^cYF&$rdCKcfhj)7aXtC=4kx*P9E;RdGs-}r8f|41NK@IOV}L8s%>BL zt~`pEYWpIFXLKQput6w1a+35a`54b`Q=_A_@#jR{k%hUm>#21nW`u{WE+&WPl^?tl zaih?q`!@ozJ?OX^-*;_p?S>9*$zN!k>! zC#?s&c-7S}FToC3AMgr7FX9glHX2%DB#$TmUlV5^&*b{Y@w=mRDn0(faU#_@#rY*9 zMf3DaSRR_w=^(>c8S*g9v>03G^q|7_Lmro{eU4QR&0X7|NZ=h8B6vj zC&u7R9`5x(sgQ3pR?!JbsJ~Y{S*$26rNF(k?QXodUpb>2_9Iqyv+`P0MM)ttS}`Au zDi-)zZGjEob0RDJ0dUS5RU z0PlFKjE-zs-QFb5J{Upkb}dV=)6XoXxR4jU2yx%s&of+YJR3q#C!7`nlka^5gL;xB zdq7HvNWg!Z6`E(1-bsGPSdWSP#6w>^5f|cC=xW3Yx58G1RD?4I{l$%2WhMy$;Gc{x zbF56*BXj3x3~zapI73b6h8I0cR1T?E3$-m|dv8mJ@|zlh24$6A=&Iv(~wqwL-%X&k| zfpj#Lx3PmVrCqmZN`FXro_wt5oQdpMp%2t(Y`l+y$w_QZj?RnS7jhKps+ihVj!xWw zPtNe;67leYkDQ#A7^6&|(a?eO$joP4^`9Ft(gf_Ui|ctCN7eK5k;zh3y08r-$JFWe z|I5AW!?o2=xclnD;Kle{l=}0?EC(~Y{ceBWZ?evaDpU7?hv~N;MbEVL`J!Z^b z-}G(xV^b^rYT%2*ik32qff^Zu|6fCcmjRkekI^Ql4a4G?paKV0j;qYXp(CyI5{Ky)w`|EO+a#IgLiymx;%5^P4pJ= z6`QZXl9~AP4eX9== zTtY7jqi??pZympU3e9361}Wv##+Jj6heRAP{BEr!@BLg~m-uhSQlC8H$xNUuiI4=& z+qDux%gV2azC;=h?lkjH2W<9~&YF~lI7*ZpVh{LvGmNrV@A#TaIEyco^c8o4-&Yp| zUMoL=1}nJY>%0$^GNCZV5!!MP%5m-LQ?d~-@(~XBMv@3!4L;l!&53@3D5RSf(%2#-^zq8t7%Qw+&AR(_b0@VRa%?#D~%pFee zZ3Erbbb6I$?P}H8cRFg)8FS;>AL|=mBY%8jwJ&YA!}r)(q%zM?KjkHt^;dqX7XDSb zX`p%dr(RaOtx77g5)AMFLs31Yxe|fNMRiE5ZLGNi{u83m$Lc1D4ei zM_bTRoN*9TxyMcUJQws`=1A`c(OP~U8#~99fy*8`hv_D?bUA&i2(YY^5Q@fj)7d|W ze6Gt+E_i_co=#qf8GO5&4yE0Yd##+8s3xl;^4V+&+8KKnw4}YyeQ+|p1V5gIT=7Uq z$=iP3|44e5lvQ&62x@fYY8_(}moZt2*DF$WK}%aB>2p0WeL&|IIy8LD)%SuQS9C?9 zVJN->j$3(h1htiIKht?kyCA@_OycOMA}k@XW5hTF5OM;R{fTKyXF3$vf>sM88g|zJ z+kQV~i>NR3p`=u`HfkeqyhxfpvPWGaL14${?F)~h0Lxpt#FV1fit4BdwxpI~&i1Z8 z4CtJ%_3jyKMW3oMFI7p&ZpzSyzX)P5A8xIB`m68KIPbyDN0Sp(pb=D2Kos!9TLdvT zpVBp=;0D5YTRc#4&?r{y@5zc(~FT`=Te`*dJ_~Z6-61MQ9cz;*ZNGvT-m2 zK&PEM%_EWo^W&eT5=7X-J1|^v{KfZ)%RY5IQ00A+_XLOOX-_S`|K~EFAjp&iR z^|b{ftKl$VmVt5)9tS1b ztK}k=bq_C^XYC`ANhM-?4}}n}a;@j{2eTUI_Sju-+}Rv6caN|<{@ELfTk^#jJV^BR zCXKyNg!hn0Byn4+YU)F$(<-3ZOb1;cvTW<2c9Y4pw4>(E3An#nSRO{t0N^`)cb8+o zSFu7HCzfaWM5xq6Fp7_*jXS*+O+?Pi$XN~VBkiW#o$>A#3cfx5C7DdT9Sr#nAgob+ zP#?^gVqxJKn;W9R0S^h06`eG7KfU2K7&d?p5l=r7noZR8N(U@llxzyuVf|@@g)mvDiWwr9mytz^P((dZSfIQLJQ)yW{ zyCj6^1_^a2Lq5<(r&tLZlTKaPOM8BhxYJMz9G^Lw`F=V^u_qR%4rdP+vx(Ok41{vP zXj{tG`vOqS7CvM@MLJ5I)u+e0DMy@2@V$Px!t%5v>Zkk^h^ literal 0 HcmV?d00001 diff --git a/packages/awsfargate/img/metricbeat-awsfargate-overview.png b/packages/awsfargate/img/metricbeat-awsfargate-overview.png deleted file mode 100644 index 0ede61042571b7c9d1b17fa9d26cf461d7e7ce1a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 407842 zcma&N1z1#F*Ef!m(x`xdw2Df%w1A4z(jg(;LpK8oNU4AbNH+*bcMc(4L-!2LkV6bL z!@xI)_x(KY`~SY{`VSW~`|Q2e+P@V$&N*v`sVd8n5YiH2VPTQHdHq5S3+oO73+vVl z0XC)vXVx?3>c>)ANg4~QERyK_Juc?@hKrh<3|8^r{S7Rvn{L(`I<7iOilU|fd#?9p z026aAPkToU6&9AbrzoaqZ|?e@$!9~&CSB}hs4!Zf<;G3l}Q%h zY|bReCBVhQB1y=^#3b%)W+AHf;?-Yv%#{R-m8+|xC^xr)Bl zs+&5Sn>)Bz0bIrZ^z=U(|AX_IQPtYh+)n3(HHOm#qm!f{FCWiew*TGqe`VGE4=dlZ zXa9rszncDw^-2j*6=!P<()U+Zl;joX{{PhdZ+bOz7l57H6}hH^wW}oGUzYz>{g+Fe z`^qu@<*4f@_*07s14%-0?teo{k}$@SQU?=dw;W&Vx?o{ZJ-qtA@kZ^z9u^ihma3x0 zOO1+z(=*iZ337Mu@C&6_@x{ScCio-)h@7I!bE9JsprQZiZ=!;9crd$^{-@~Jm_NAHk zrnW1GaD4+aOKZpd{e$I|)t=sg**Qr60Qm6iBzd@PWOU*PdG_k{+tJPC+==eU{`%yU zjP0%c#r^Gt#icsP*yPSyL|<)feY5emmV&8X`00^?lGaVT%BbkLA@FEid@>xqcY;FN z{P^wvAtbb?dSi3T%ReF`Gk0=orhR<<2e@TuV<|VU(9t7MOUGDMO%Dd!Xl!b+bplpZ zH>|C}T)jgoX2B51LTGs8&d#nyLsof3?XRf;gPK(D_F_-(00;;?ZV|pczWDelSM%cJ zP(qcura?+(A*iK&$|1UBX5jOeZ+M`}j;`ME@hQ~KJ}@xS(aAIWXW8t|hP`V5a&>*L zeaOziZN}rr)buPGalBpK`7tym-n-G)FYwE^!? zC^UNai+6fZTU$r}dRAR)$waq}>-rA-wY+kJPv9y9zPz=Y_qEFe}M0Hb_PP^837u`HT$5xV+=W(ycuNcxEv*zu{xyh-6UfUgmex#Qwd- z4F>m`Uq!!TYNpF-I)OjSyrL_xZr+&q@M$6}qojG9^qqFoeH?BqEGDcsFQhd*XSU}7 zR(Gs#cI~^BxQyxqm!|X?#EG?*6Oe4@fSYx6yg3xfsEr8tJVTEonVKK3yu@WJQkb?U z+MW3l{)FvxsfEy{&LGHqaY{?8c4^kf$)~ggRlJiVBSYY~NCfvvO?bd>J(I2U+5G^W zZgC-gc%F23zl(p_=h2^~04so}3}Q<9x9rG_xLRH?ADK^Jvg;B-{Id+k>moT{5b(P6 zyqg?(PZk;6y}F29a+8TpkEA!UeO_JkFb32J9J; zXpw_xe~*=XzKQ3-`CD33{-vFW2RWo>(AkCKKfL7L1B7T3k+S-C*l)69{F_vEcg=Y6TPxaig^-xeCNQ_>H0!aKZPSLRS`sJEVy^wwjVYe`kg7&S#y7P(c_w(&vw!PVBDr5A|=3=X*zbff-QH=*!D`ZI>y9 zjhuz5A-W&!qZ^2$9k~XUp63kuglLDJ$b^waX}3!GDS^>>gXlGL;w*qZukN(tJpH_3 zo^@*cz}CB=Mw@%k`sL^lhFZ%Z+RobZdkw4eySBILgx4D`mr*H|Hh#PVU9lO^ppv2p zl)Y`GkL$@{d=nMJMeQX(dVKcJ6wqQ=gc?cj)ihz3c|fn5xwq>&IrG$A3$)6?eZXmj z02fSJy?+_PE%R%3prAn{BW>_p(M9&SY(@_>lac2AOvfl;XvgD~Z3%)7IzA`}e}Ygq z6sAQ=_?#WAju=p)(0aC0oCN4^(NO&LVIGH}p)_|{&_QD920g~-#91u)^<$Qb0QTxU zFu*5eO=A4qt0{r^bC>sWzW7+)hy?$zkpKw#!sM%uR5 z5LcemVb#7X6#B8C=Fj95(4O-3-8*~Bc})D-O-UYQra|x6H?!1 zE`8t>ebrx|iJjNE3><|3OLF`*-k^_Zk$&b3(O*HY^G2%-Qzk!x;U3W^*r?@Ci;_fz z+5?m^^}ko^Wu+?eiGebC4LTx zVbRh?!@rF;D@%^0a@HDs*%@Np$e^g_aKz`&zY9ZvY%CxW27*sO%f_r-7SR&AiSr-S z$`3Qi%=WFuz76CbuXQRH6hYMLOd&@OFyVMnLx-R5BE+ywStTglkb{PTpIr=lg*e1A zp}QwvHb<1I+(vl@H#L3@*#l;Hit93rI;KejXL=6HHvJRnlU5l|~Y;{>mmWT#mLU>0;N ztd?Tmj5N;6H`Bu#47;#W_jemL3ENNM=giY^`+VD-;@BUMGb8`<_IUh`Z%G{kU)yaq zbU_s*5Q~=?qdQv#q_m6a)*j%4rf z>buBkgB~EDZRN9w&86d6+rs_rbefE`-t#$Xq)4vIOFR8dOMDs7fnw2vA~l%DDVSL> zR2DZ{EL-^G7awMsC<3c+pV=zIEP-jtMrvuoRAUv*Mj*$-#MI!DRfs`Tv)z*>fm#Gd z3Q&l`qr^|L^nr>b3Zmfi=_uC7i_GU(@hAHzcgTD>QN-o15yKUTZ2%2yBLC;HC9KPIVC5gB+73GkyPlJ za*N@umy*jyJ+Gs^X@4*6X6C-hIV+W?8_(%Nfd1Fk-(Q*Hma7BlUH3R|d3HYQEX9#Y z=J^nMjvezs0#!ZoGW`_+z2#<;_V{L;nK_5$BNtC7&vNl@fp$qD$tNU z4*I3ZknrMKws)Y&6!Gn>y#4~G4Sxm^GV|LNK4cp_JeOXYY3VbzDVN@5Ivi9H9VS;l zg+&60m_4#RikE{1?&+*A3SWb`d!tr2H-Ho+?5Z2ZxAUr28@;vA^1Zu!RFV8)*)Mg} ziVSkmjeV<6AM_r(FW7h7WvG<*`dOmw^fZTX1xXd!`Q35ZhD1&?Pe)Zun`0+WJ43)uLlF640Z7F$Pl^uiY}jYK?Qbi9IWjrzxMQ_LWs=-7PDx&7G|L2po>^zXc_b0r9pc78dnv`f#ZKJlOmUxo(9SZpz5|}c04DJrV$nTq$M+YvpGoO;&nDuQ4t3sRCq%BZ4`M-szjy~ zf!Tx*Ez4v&@a=eTGDqCH75#zWOUZDDnO2E+PV?wDzHkk)(8rYfSwz@q#o(4H;+y@v zwfIqcylB$wvl8mR9=rOPA7 zB6!~yn>}9gzUuD<^&_5XsUo1Ayk26`Y&}~^K^LF~zl5`l@@-66|3Mf%X<5t1m&O^gnd>`HiZs6dQN-)}0 z-n`*f7Ja5GXw70ZO1)5IzenseE*V`$&-_j7^+UM2G3^-QPKEkK0Uj(qFncQL7M4DC zJ=4M=V%K9T)6C9|N+Q|j2i4xgZ70-g5PR=b+x(ZNdoRJvpY@gVR>3zLVNY+jtae%- zl7l>44y(WGt0wPB-wa*;3~*tY`eKF?X`<4Q{!TZt8$R}#twMP8`(Y!FPqw?e(2cJq zrwjsOkb?|HS83hBhn?fuZ@hvFgpb=3NoKZ$E|2~U&TEfr>EA#U#w7N3v7l|fs)rt1 zhD8%khZV-MQMnOub@?p5$H&!=b-e~$999gUO_;wy5!^i_q znNPhRan2PDykqZHzdCdaomy|JcFb7Z6#R-+zZeyRbXsT*l+(u#iFv&n)x53F0~MQ; zz}pk@T&Ss1h*X!)9K!)ZdfnT_{BeedED;jTER@4fzGTuQURIEgU*&m67gLwP?>i)k9fJTl~>oNce`MD|Uu4-40RyC7QH z?t3d%BMXNXwUO3vBL2huv0pbcpB-KDxh{nQ1@LwSJm~Y(_+Ji=rM|S1{?^6mV>6!k zU>5flxP-Qb*}m@ct$HfsdVaXI`QGYz#zUp-v~>*yo?naPX^Nx7-s?%rb zX-YrHelU{gb-)DWkkYS>EBZliu72mi_+yc9u_$}XgpWhh(+4iumgAjv zvU_7*r7{4R)AP`Y~$y;O@z24p#h(l-~N0j{HZ&R-{qOmOwQD4=ja%EZ~nsf#?OPAIe~%apx27o zr9mx@gn_pQ;59$-c`pLsB)5i8ID2b*QEUCy4=IovI2#l;9+?j7=R^GVEO%-saM$(( z#uCh45*EP^7`gvhZZRXeO1pJ`{D_VPE#9?tq|olAJl$Ch>c~vgb`tNc=MZ4;et(;if;(TLto_q3QNf7N``bD9D*^^$H@@aE%!tyR z_R~=fFGfWj#FB5d0vT4QSlz$BzL)XS@RWE4mJC)gl@wLHS4lh^A?sX4@q!`s+2-r9 zkcw?Ro)MLc=6Ro&`Y8@)F0YXE^>VJf;_=D;>n1@EX2jf&Q8fS8`FK~S1<8)8#2dY= zuNQNY|@s`{A$EhjIe zOV=ePB$AOzfy!%Gi~L9o?>ydL61ti5ie2p(4)`T=0B^SY1dO5eEV8**bxUj|s!fSt znCu~1F@9mEL4(0jc;qIsXK@Gg@YQ3qAm{H#5QTf5)ca+6#))u+tgiSOS*a(CY{HgZ z8^YX$ByuL5!$JOfAFT0^O1JiLYG%6eo*O;&Oc%8QQ2D)9dnqaSL2IY2kn>iH$7Amc zlAOKGp)6$pHQUf~BeP=EV0f7(Q;2n2;J+KBE04WxbrK&c^n}pE+qziMzi0*g!M6$} zj))Bcyd~crCd)Hu23Awk2u1{9{3Z9^EcRTH%mX%vR^7G6WbHqY4d=1PxnH7+Z5yM6cV1MTxpJT885E8^B zjpf7NHKR<9G&r&(sR{s6a~oRKQho&9eIfj1x(Ww9f&G9od=@vIQ80L1duvho{slRY zNlff(hyKsU=KP4j)H`I~j|FP#@k4EBK1>xHz$GbovbuzCWEQC@fkLUoUw=(hB0#=H z%!g+9e;NqRJ!=+d_HfCD7Pc7H{G=<}%V2Cim-Y4Vd)22jN{mP%8?j+Te8HXd&bCJ1 zr8=B#XFK^=sC5IGfY<2vR06nG+j$)=?6sqKR+&-b+7FG3_+j{q*41bLEJ>e~He;%}Inz4L z$z(ifdo7UkATvBz~1T5xuR-oxvmzk6y+gx-9n zB6$;56PDr=d8g|O7_NOh2z&UIgJ@ZCYKATgdpd!kEZ**ULcBoje0m9q4DN`^jVD3r z8;_q!;`pkTR^d8jM!n!Ct{Bvt3-EUo+Sw7`W0UvYz#A!~zWOss<(QZ-4=0>YkKTA80o6Ukl9EI%U2d|u=t}4C@rb*rzbFciqoNk45)&CAnv1QRI7vA z*rQ2uSW~rI4&+E__EzcIOH}7p53U^Beo={!t&Y6euasY|7smhPR`ypo=v=j%E`~AGph^0nSbkMWNjB!$Bn^r}s&h=g?K}dj*#E42u z4!@dp)=Rx$U^a2Ew@=;e&b$*$icYU~w=BVr!43oi3|bp(bs)CHf2}LFAmPQMLfM{q z18qz+tdIT3h=4>L4A6)bx4l^ymGpuBNe@2d`cLm^BHu?m;soeMbkp#T#FowS5i#;- zjKTQ#_J_#02j;+`=mh5Ngulr(obTeMP%JzpkhLVRU2NkGBqy4 z{9%4s)iMyM%xA4mETlQVnE-^;ZSW1y_aoE|a5dT6xHXDY8?u|V_wxz8+(&xuSaF={ z^&$9=ncUxS%7O;HGnS0+NOMOuduMnv_qtGLFt(}91Y;rY7-8-VP+gH}lD^0lzaL>h z4DqfHtQFPi7LD^Tl>)&E9eazIBaxPhZ=^ja79)MdFp`K~@%QDl`oX02w>*j7NzX~y1$rvi<1V zt|b8CzFjU@qvy>m{Z1hnDbpW}5p}y$iXdF; zDPEiBQX+Y^e1Yv>-eaMezI`_@ii+>stm;fQ&KHx(Lou4@mM~Qcvs==rkzmzu5z!;1 z_jl91Z#38Oedzcd7&M1e#4|~3J26;-8vNJNA^OrgH_gUdJIonQ`TCRHFE6+ASKh0u zuGlRia;F`~7gd|&j!$E@?7vw!U?g_Vyk*^$U6wA1a{Ip3}BcF)aT<8)Y z4Xjb7k0r5@=Fuh6kLaaAB7KQiA7g3D_*89@VzLKi^s{X-WCh7QiBl5H9^*!heyd80U^ac zvuV;W%j@V*+KA8Mi6O#6G}tb#xr4HQe0i^WTjHs9KJmv8pYu11Yq;G+bG{Dw9uG<{ zjdSIiYx5=>hqi;N%Clubtqn zh7zOjY}GC{&7)MHVX~{XWs#Os^JxOqGs)>ARI~|KR)SOM9ru{y1R(=$0&Kv!S24SWCF)%?_M8i{|m$-BW6LNQ&2$p0McWig+Vn&NyVtg zX;a>EuNWkT=6qb{=Uuqpd6dy0T%g6d@({MDpAnGs9p9m;5-UiO_geE5$k}T*)nSF% z+uwcuXuJ?b=Rkn0stGP^CxPMTJ6MsjXBe?q>L!T!1PfCsQ2>jB%|fe z)4P5=;j=u`hu=kr0y>t8nsm)qGS(ivu?wXwEsaU@EZ7$K9T%i|(>mU~NW3}l+(vk8 zbcpD^)yYK4=Nst9_KrX93m&ZTNKv`Wmn8sgAyW;ewz8k1Luzk2sYHSHWUTI)T@3U) z5b+Ww303L$Te&sA@vN-k!zo0}qIQHxkxgE3vhDc~0xjQ3(NS}14(Z+!SUQ#-lkZC= z&|%d$f~x)dC0zftVNQ7@F=Lu}L$(?rT zyt+`F{&?k-SX$3?u{N>OKHn`rETiSL7O9R5QpQY$oeaM-%C$1m)H^*iO5$;OK|d%F zG;gQy!%f3kv616djf32T-2uQbazq1tAuK`a4zdG=c{NZXjN|g%gFE)5SzSBhju8P8 zT`x^-#N1lP6*>1Ly%@04DnXA7>#%gacuRoHnI)Bl@IOM(sq2KMr@cN~tH#~~bAWkm zd5O_#DyyZ7FB27MJBy7?Mg8L95rT(N>1l~E0t!>)xS@bIs+%*$_^GsUrSirD1-G#z zu#qH~J7{7U{x*p#3U5i=PluJt^vX@bjJ-K@U=_qSww_)l%;NpQmN27UvZZbxreYJY#YLvc3(*<9PFjMXx|(<@sOcYLwGb9#~-T0!ge48NIeH=4c|acA^E z4>Pk>&^a-r*=7`_859?y$VwX+m9|R?C%9z(So{}^H~|=~IRIjslbdflH6b+xkh#Wj}ybS{n*oYSOspnt&0Xw%QxD$?lRL+uGqQ&hG$s#vdFL zWH%Exc7nY6G#7+aG#qarB?t8j4Y?ltlM686$0@!ly9D}q!z_ple`UTP*Klq}>W)@UT{366gYg3LDK^sW6z}dsY^e>Kz0{l9=cNUybOK zsZ5N687pt1?UGWBq;j#w_*1OA5ia##_oP=%i}DzMhdnC=j*Qh?4pMlyU8r`oN#xlT#D~gQdsN>t`j+(?_2`Ih25ti$=}jBK4cBlfO+iq}8St zeQJ&mm1ZjaMzeE_u#qph7i^jZXcuIt4=JKxdd=TS7>uU52ju#{{kRV&CH<0o`28~B z_VoTfOsr!0kXKmc=eCULkMNg~Iw8QtDtKgWW{E>#<7*cke?y1%bKr(_!A4whXFqCw z?bPgK-9gL5$@)ps0#xn4mUx@D^$ow45pK=#TqUOzHk2MZTt-&Ow%mE#!4{P}#jYar zxF@68eye;(OSb(MHMD^Bt<_4?d*dUtjiFEw7o+I=EW=p`ZXaqrC`(?`T*z+wjP+ts zp@M{hzl9YUi)*za=;qxMhPyVuDlfz(!TjhE0=_=Z--o&hz{~IcN#~)d zXC5KIOEJ-NVIPmZnOEMOH+0nQK3Uc|E}$1@C?`pOCuycljL zb!X8G;Fn-aK|Gp!_gK;ODCzB8U_zSFTSmX*8i&tum9<4mr>T)19{&4CFd+M67lINv zW4I`+3BG!fYSv|JLiKVOCnVCF^H#TEr@`B!`^->q&+=o2dK);jiAXLB;_BNkqGb-l z=^+X%JgOJGx9pn&d{Y7iiQ)H^7|omIEyiRR-Hojuh)BtE;zlT>9%%0Zw+GDHP*S75 z>FTl|G9%mb1eg0rdmL0dw|j`AOJ!_3x4-kz=3q(lDGv<n84jc48g?-*u@@pm%J4`Z&51TMXDuVz>W=N~E>+!>gr5ezgJL~SH zF;o3#Te_tEyF|W7Pk5#CeWd0`ikJzh*}9sFikK|PN)Y2v02F01a&m6X=5+Ea9yvU? zU$v`+$;k*{ek)jx7xSwXkpkS0uvZ{$PO-?(ddxuo<~X-L@9cS=J5q@qlmXQ$6tQJ%njZ_4os!IJMaYD zZIbeWQRh{TUL~Rg2=qF@JQkOm-X7&evW20)k|G-mu3HqcM&Yi@OLdRs)j+p=C2dIc z{$%^K;8Gw{9DJ|(00QL~P9nu3Gi_WyRa_;Aw208aCFV~(xx&!OvwdcB?rbtrm})Gp zP%zxJgaplUoh8Ko$l(`*dt8MhTVG1M0t3A0s|rH-zRTLR46ol`#sdf2Ip%uW2c@^l z#n2Y;Uspm@zqC&r4pwl?byo}?&MumJAP46DD3`8BqK^tm$=d)$=B2c64LI&mUiTwH zStG9^nqo<&j(!KKNfY04O`WqL5kd-Hr!}o;cotniV%n8A=_Tt7LAig_#wr*uEvv5u zA!6FRhezmRo4+Yfa!XanCCICXr+{!=1tOoc?-NURgdhD$p<*g&d$m;)!N}p; z)ZF}CZEI`G2=0I2uw|BI^!S>frtMWBq}kb&yGgRv$-E39zm|7xXK^Ar+d_~vqrT!a z^jN;Z&(>{cykF&yt)Hg`J7ta6H|d?r@}3=D3{N_TH~5-sx( z(>-xR42Q5vUF-e(iO|8PYaOFFZLeL>eeb%>OyL?&z~}3Xspr+OKllQE{k`tI`zO_h zN#W^V#<-j|(JT8$Q4$de7grJyU0pn<@~tVw{MGpT74Df{)i50uZ+n0)_EI`l^@Csj zslnFLnql8rP3k+Uleu+O(;e!aufq{Xblr@$slvS5Ol6Pnn5}OKbwTOcG-9 zNHKj_2=uv_|AqacVsc}W5AvsT8lEV02b(B5v4tb?LD$thbzu2U)lnQWYey*iK3A}7 z-H+<3*4gfb1$YY)L-SnER_EwSE!hO=+sGsSKo*{gSMjBrxR?RZNS8o!mxx;}aF>|GP784%hkaZ<<(zoJS-v5rukM<~{)N}fZ%B?~`qOXrmu9~{X`mD*M_xD98NaaL z5uSYdAYWQ_T8Fr>g_vlTP8wXau(pql*0{0X2rE+}=k9 zPHKVIWQnA-Rgj(~l%eIoQ#b~gs+Xq7YOkL*caaRWVx3ub5En%hFex@ z{L19hLe{XFCcY>dM5oV|a9}uYkSoE*q$9%{Y_py}|0r7>hLIqhlSbp(r1?0Egh}w@ zf<^uWJs1$zC-_%{6Rd__1DVhop$sajp28YoA(+u`y2%y)4}p6exCFx=OQg?kg8e#z zNoTqsKE`m~tX})dch9R+9wN3Z@h(l_4u&%`6VJY;sV6qfjFNEPtF3)P)#g-+{ox$@ zV<6GM>!=9w+om{jABaT>XqiJvKPvq+?vTc#dqIvX*AaH-GCBsdR%}^>rW%Owru#W? zG8#Ay-*|s`_k90X)yH7*3!sV}R^wd&w3!SKmh=SuM?WkqpsmU+G=z=q=#T&%Kpk|Q zMi-!au#K6#8T~;%igrT>r8aJE za@VR+H>WL`-^_XgJCP?mUB;y1=-b1*>l-BfI}hz2{u#3YM(v|AAZ;huiMJJO{T1>y zb7fo8(#K>;5|0x8V`OR)Pl1w^LE0?iGv|BrF=|Q3^|Gh6#U*1QzLKC`G2BlCvY^N; zSx`zL`+EfOl-)B*@BqqsCZ{Go;zWEe_b|?X$F>7Cn z+Ri~fp$sTlQq9FPzeV;$1{5-0*a&?0rKxNvaa4PIPRi=(zjEl2Xu+ol_La|M^7cPG z;RQ2_8$-ovvm?^3OZLb|zeew?6mK^;ypfdfd!P>e!f>21($i~s59yUC;R37oLviZH zPRNZ4A^M78>`8_bhGRXrZ$2dtF|2z|{;+;~Ba#@M{T%J?SCP&>CQ;U<_3??wXfASu zQe6&G*K9n>KOe9W6HaZA!9MVA9k=VZ!`=hGSMe4dyD4MTo~(aVRUEC51x>Qbf~?>n z5dN6`9oUz0H9mtMpSKKlPf$+PY#}>10h>v#v}a9j(}sfzW;)GbGExbA93ZP=vC1z& zpYBVRWymfRcXwewFjM=;Nbtv2vBDaUVp&MQ6&^V178wMB2=W z=XKhq;()pgNTml19}3GbdZi{>@iAo71_AOecwp+u=sx!{1M2?lt&u^#d+81%P6qVL zw#GL79a&I{u2C^W{&zhJ;yJHUU)u2=zpsg7K_tg8kPYqV7K?=rSXI_Bp%g7Dy3|YoDFM8_*f_xy~(IrvEnLzAskM~?`$9| zkL03DJ$oLmN7X%bR05_ID&BCmIeZf^LQ)g2~|#qX3D zNM)ofO^aNsEoJJPtwl#pisO25?;r(pbm0n~a*a`4N_>b4BCp4@d^%3aiIP8rGN5|q z58JP8B?#vPHN4lJ6A|WZq%kl$nR!&rPvm8{k;wUdD6zV$B#8iB>_P3F8?bsSuX_Ku zGue9Ev*A&NwoQgkBV?uM+Gw0YUbeRqEj#qqn?u{Izr!KZ(4e%FOzrc(I?=y z*vUI6C9w{pnfRMKGu9Vo5Kx8ZkztpUR&{f%VjFb`P*`45DXBz!F{1c|(O_SKLjL=h ziyZ(*>7dXbSn78_0g=LodgRD)ggZI%2(k8lGpyam-pAP7*b~q#qQ{vu#!b%{Ap^3R zx&BS8>@H95B z)MFm7aqAPY9VvVQI#)coFnJd$;nMjXt*M&UVQP4F0169B{mv&KU!pJp+AIn{j-1Ap zl?Cw@o`@!vQ@ktn?Y!8r-;yoXE9&KAXfU$pSA9&37P9YOPdayKrg?xp`4*-f{!ykP zN^Xx+Ruo#mT{8qtjv!XbAX)3(7)4bR85ybP5-fF zLrN03A2~9m8z)8oP%cYG3XKDG`S`xk36?j8H0PJv17Nl%n9pfX8yMc`!$1NbpOuDr z%t}c4Z|*@(sn0|z#w>G22a~4Jir9w2!v1c;jicOvkviPbjhc7jTZ~VR3{3EEp=~Io z%6eOVg1Jp6w=}7d>QF!MGY$Y|w`XDkv)t^wtk$=mLBL184y8p<9o!>EE5{;D*u8u- zV8WKBm$4(dULv9~PvU8*zv`7KeEfqbV8ioRhM|OwVuZ5j&)fBRLKpT%MbS%OmDS?*rf-UC@zxKt=D!4E-e=Q&`qw|s?ku|al%8&|2|UEVZ!8uQ>3p7%kya3-0u$Na zgQV;!(278=qjR)eU;=b!c8CD|{qSY(_DMw5uY}1h7u28`PLc9K?yK5H2c?5%nOQUJ z2n$`+%f06bP675gqQh85dEW`pg9E=!g;X7#2bv`Wwc`qh%sADqqT?w-J;5&@Ja$Cg zpbr{vxQOigIoJkP(Il*wBvLlWJZc7w4v)c0Aoqd`I3hVPxldz*5PTr#`{jQpzEt7h;3Enh(9!vz~35 zJ<(aIQ5z5;<-S+Sa0j^&uA9Fr@^cob6SH@fx= z7asmStzsM}-Y^;&EFKX5?=Flle+ZMHiw=O^xV~M$sxY%YIA|h<;~Gl-D|;l1?a0)V zd++1lvm!jQBbd$PuI`e~EY{aM&rox3rdX1vR-WEuGcNnMKuxYDzNdrBK^j{4$iAgb z#`i{acGQcoy$3ov#IK*n8GGFni*>U0X1@MEJM{>%I0o=v3ggQ2E zv?}NW?Bq2f5Rc;OM9Tt~u15~z9B$^->6*ERAfpp`5HuWi(jrWrxCj^?LSXiAEu0g& zpzVXEcB+FYl62-5SLUi!zo^AjVGozEBBcXEug-xu)|{6C>q3wuKDlXjSR~9>$7ovU zN6-Awd}K#1KHLI7{@gx#40S&|E{nqddr7=3FI7u|&GF~ZjUe_gJOhTWbl-UR>N&tq zCm-&)PdBKpfCeOffO)7O0w0l<{t+|gnalX!ZIcw}^sxUD)BOJsLtA*#W`FOm{C&m$ z>e~SxJj>Ja#}KN^$Apfl53>Ii^qmm2UrnTHfkaNt0C<*f_o-RNVgYKRwMs3V?aD2`^)#9 zne0D&sT=r841by0cACH|f6c-?2O;{m0V7S~Hah*yUpvTN;THb~w=VzBOeg?@)9D&# zx&;$bw;P*QB|V+3JGs~0SFS-eM zs6o7cY=@U=w7xkEfBQmQ*}DED0JL=Gr_%R{nym^ZtZg4Y;Xs3qt2mhN+-MCqV6_;v zM(98Dd$-_;0iEt!p=qzLgto-~>s~iZEM1IeK@DGsD@7hcwIy8(ADwVsnr9-%4aI?psab`g+F1-CW+_WGENhv$@a&qGpm&kuX zZaTR7z<)y^2#xRiC3O3bptV$Gah(TBqffptB+G%|XSwlD{CZg=ygR+u&yG@7zuh+1W@55jFkj^4DiMbVi2s~v{_^~T#my+GlJDTnxin>xS1WzG!f zYVVqp;+OXg@1tkbSI2$CI=-~Bm89NHqoqav$MDEGm^=uxNi+HIOvg@T^Ely{{SJi19pPqqb(R(*)TQ3tUBm&UT5KQn4QrJ$#uF*Y9H;<#O{$`_>w)Xp*KY+oeyusb1K4*{>DrZ)Sa3w zFQ0E)-PFCs^$sVCsg>jRV+y|3;E0u;?S*dM4{96B6H84X2$$+-9h07G@SZ3bu@c!?}s^ga$3$rd|TRnJZ z58#wBuIC#0W#@V~KRjphW$&$dByMqcE3ek0=zHo5x4T>&v*pp=6k|a0J1Yomif0ru z1d-X&bSF2EcTyO$rFIfsEb>Uj+Jy^eAQ?W{W7>+J_P!3e^9y2Ap)XLAw9PV)5*!Ys z&-Qu|oy}=JAolpNrkkyanQ4sDC&4lng22%GB`}XC(jLk{>{d|M*zmxh2+FV3Nyw+h z71n>UemMmwxCMQiUW8*824mBS7yV>l(X)Em7Q~yNE?6OU>&qukiYCP3!p;%l65amm zZD1<#6O>hWSDM?v)2sph)es8sL`bu2E>jBkDQV+!#k}G`fFNkh2vGJs3PMM?^1z<|_~m zlpL@Php~CGZr;Pe-R2|f*}7{N&Xu4Jen{$=`X4zSRu=V%HBh)n2UeYJ?MKE zN%)b4){WI3W=u{=fyTMg<}=_%;1C|!WH<{fgyN`16+ss%l7w};b0howvp!b@@J^yc z7XG*ra6}L_Ljv!l9tOy!?pWC1l^8)#_w(aYHOL24m`;CCpK9`=#alRoA!c3E8c%K? zFMngzzc`=XUH|n1)byH{fCEOb2wOvDALL^9kHL2P6gC8pyhceP zZ_Vt=qG0~RGJeY9BK0^Of>$hFu5-0?bRkm`+jm*@MK$PxErq}KXgfAp3SJEv5R=s>e5r zEEYl)vap{r|D2u20b4x-^9f{h-4ghLDHJ)WU5~wsG`@KJkoYyR-8t4r*Bu;f+^W{xM$QeY)m#XqEQYe7+cE z-UW4}0>#zR_A_NCPMal|qu(J6To&%S&myBg2N37Nbo=A@Zu`y&CM~>Sb4R-sj07`o zIxjVD{gVr@7}R60ipRy%>`doU`z2o?4LeLz?!=*+ahnD(?!Cf_6UgS^eADQAsk@(1)Xno2 zDA#+srFdERc)0-DVQz1h&urgyW&wNB|A(%xjEZYn!X-k`1b6q~?g4^31a}DT5ZniM zcZWcb;O;Uw!5xAV+;y;lfj7xH_uO;edT)NrTClsjy6daz-qZDUbriEp;oVircfd;# z0$i*K;?rkut85k=@!9kQOm}-!GzfmH7(F?7(Z~>16zm>z;uP8mBQ7K!5RMHQrhcg% zB5}d$>u--BTtMx=VX7iBvq!Vm>TM-ZSlz+LVToRwyF)&bZ;*?OyxQ2XkJHC5|5I0N zq1)i|M_{>K{;sF11$mKT1rb4Q7~uCrs=2Ep@$7H-VY*|nS0jHT+TruW?GvX@1dY$Nv$z0qslCNdmg z>oZS|LDRpE?VWbg!Vl-e&o!4O|8DMhJCb-Nh>?8!vAo=-%_1ouB8bibZr@0{mm2Fh= zCP|Lv3P-(nxB=aQ+C-p+=33ns#V9!5d#jVb73=gFZKplZ0F9y_<&$V-v`g8^KgwPH zqg>HH%9Ru3UUG5?<&rd>wQj_>$yLZ}d$647n)+7oJAmt%Z%vJdPFS6_LvXJQhIlCg~!s4tr>qO8ilf<&j78L+Fr`MlBte>u+4 zlyus5z%_Bb2owhjx53U1TBo-d+}*+m`VISL*f((^ye|9xZ2*Jwt2;5ifKR8z@|U6! z@tjD&=TL^P4ZAcaIr7_RM;v((MwHZaW;x4+SakB8ImchpBn7-jLlmt17pU`dp))3Y z%02dx(2$DwP;TS;jD6~W2)cJp+@;4_!J70he{`1NiyRNiG}4i*)dp!2!MhA|jQp=2 zEP2|La^0p1zrK-ID&;tyCZm-l?pdVdd6DauEKm`QeF-KKk1t31rNZ!Lh?20t}kBrDwc|1n~a`HS_Le6|jBbs(npO9yJeo*v@)rS$0;mZAwW!@1?O$b-i)ZIiGJ(KBIaO1Z-<=O?`c?aO^qT!R7o3Wd&jFUd2y40hs!O6VSCa6ZC1-ccxc9G}&} ziNBJTN)Bfmzl>guqmPSu9kjwJ|gF5~;to4X1MxtrCP_~DcIRK(+HIC((7e9uu3>M2ZmcF+HuJZdd zV&qyrG+XE7S-PM^T`y4?THz}DccF&r>BCP78xF%ey7f7~)i@t^pYUPAVO{1ps#dC< zD?c2Nx`@MWZ$8Ch+o<@DZ+@OS6Z(%WF@mXTIdHMvZ@tC~K27H5&Ny#<8+6-$NrVY8 zqNzlMe2vTCcY=G$8A74{BAukUU(S>*)27XqL>{Ss(~8h9E;Rh*YlMOvsILDDZwq^| z(74PL3Qj&hB{=y#%i#4rQocbw^^h2qdw0^gbAD~W`211pV6x0IL-+L!>q5NU#)!C4 zzJWi!LxAJnJ)qI@x1#WHAZ%nx{e)a!1g;!C^1q?gr67Cpdu+Blk5BFv zNx)yEjVzbge7kot^u;@jf6!7z?#d~Ij zrKHWvf=XU7%5fU^BxMFIe;^c38p)y}7k4%CM%El_3ya?*$Zo`~3%14i+wuGWLrE2~>J^R$N~# zS&?bj@x|1cYwKB>qS-ZR@U_*u&@?X#Y-;i`fIV7gwvS01rp~Cz!D^$|$2`ZQc~y2F zZ=(KMG`;Bun!>tu0#rBvex?!K9X=GC6<6?~N>v0$08d1SGy?8CS`^4DKrYW{Zi1|F zYxQlqmp?mM^@mJ^+oO+Tx&cal`&oDpQG#6Hu_lL`=-~r5G9eJB}R+y7PxqG z7%pleA9y({WxQ9{!P|%ffC)S=Hk!y)T<2#S=xs3 zo)2dpnS!5|kDII`XlaYg2d${|N*G>87&Ww%>T#n;s}UAEHb*~jWu(7w0>3~L^s|TZ z?Usc|CQ9uAbOYZ#X&63?m$=FM(A6u(ALL)bH<|pP-Uc1`e*QLTuTg<^qv_MK>m45A zr8t0rEKij+g++&wj?4U@jK&P&Z-`7#)*o|F*Y|4jRogG#-PNQkmvt*1$jjB&aM7+< zYXrKpILu`M{25Va^WlPaE&H3*ai_|In*Kxj z4;?+_dbQL8NV3y9b;2x#Ii5QwcS%n(U@O>k*OCp}CDlMZbd{C}IUbwR(^%QMWzjkE z01qBAe~s@nTmn{Di@t9xV7Ug9mDaIA<07BzVGk=l@0%Zcj!1MwsEj#XC}i_+AQvxX zx>S|5?yLumn(QAZNP3-~JoGk!vebaRv>gHE?~2$|##M%|IgyLNtIGxi{-0&$MiC4g z)5lt>Dn1wur@icO+6@$UaFb^~$Sd2#P3}EeX^J03*8K4*?EJ+FG{Z@yj9qz&eE?Ua zCyUh{XTzh%Y3|a0qGB*%MahLVEoKk-(b%QNN5Kq%p3Bwt zXMUgdQ=xH6DCHUD^Iwt2E|+vGd?9jRGh#46T0{sHEPes=7ikm*Mi3gI{5##<$59TT zCvzSNJmhrzh1_2vV7$|2P)Pp-f?!}+d(ZX#{^}o0A9AnPi@yV#sO%untA84S22KA? z+DB?8lDGcq{}z}x$qenk2oS2{zsq%n{_24FJ8T-34(&cPBKxoI!)#z6LZFENNkNgD z|Lqra!uvZs>z4)%p8dC9(B(iaz5=cFARPy z0^|z$9rlC9SvxHjMTkoU}y`><|+UN5n7S(Uln`3knCnt!9`_9E#Mt3J^6FDwVfaUjZk62 z5DpF7(fX#)b>JIcwbZA(D$o@M5aXl&WL5a9w7-GAtG6PH-3m>)mVPecLtX-WG5T;M z77AcLlw55&)xd*!T+{<^89G7(;f%@5%%N4Ln#mb)5?1jXrp#<|LoFPt{__#wHHEc#vr-UdI?IeKtE1Y$_){xLJso zAu7hc_5_x%MPh5`AQu8sEB|B0HFKrEI@SmQDc1)r#6P?M#|k$KCm;}iUHOZaO3~Km z7FvTto0`Bmuc@`!vk5k#f2=%j@~r!Lkv}(;tC1^aW?4|7^5lBlhh4e$qBH&oX-ItC z|90n8IY?ttjVvh%Ri1p?4DClxu!T2TI1+0_00L7hhA^f#cYkyl+w(^p+pc~+kfOzE z_=wwhZ2G9&fYsHOJ_axsJCogM{9-iAe0<3JA#1Om3=F&W-0aFt&y$9dwf&zhcKJ-!${jpO;J z^DsdCjhN6t8H(J_L$KuCL$1Tn6Y@|RKn|t;X;cy}NcJl%w0f~tlNwNMdf^r7Uk30` zW&ad$AdMpV<%~*i^XHfA;_q2-@d+^CT8h^jE@FuAkfLj-I)rpaynY?PwU&cd^Y4ZK zb~k7XA9JT_b~=m_^;={I9Z4N+b)`8!<>a8ePPs4YxDgg@y@`J7eg9ffXi{MAjB5<# zPe}i_U>F!MGH}%k2$U6uMk;J^4VpF9DXwPry1Uxb-=z=zNOpiod4eG`EP}NH{4a3^ z=88XV471E@(wXD72=5-ynD*|yQqlcjq62>O#QKOkjb$Nw-KKVRL^E~fg>3bg1nBqv zXE~r@FN+{D>tk>Mk;=X#di#J$@=Xm~(! z(&72+&MW|FcFOhhf>rog5|#|^niKpsUZ+3zN^!LBk+gt*lI=j5jL7d_;KK#4U#_Ky z0l^!6{ABk&S?H2asEF&=>)(22Vx`@Hz8iyU@?mUROvw80!UaBt1Sf8occT4>WDa2^ zeSFRlX?}U~rOg8Q4@={(aYMxSK0pqyyU#-2ObdzIgzrF(@_ywxSWB*T^G#gu&zw)r zcy=(&r5Vsr7oE_NKkGmEpIlyKWJkw56TeN@$}y5Pn6xGR!vgu!;8);&*1lUNzgkCp z-6;=#si@;iRLBy*?+>lyFOgmTk|3|yR_Lh2fWXrir+8D$tpSEOpyZQsu_;byg7J6U zj<+_b=_7q^)BCv4Ivd?vXb@;K(DM4;er+`16IB|1+BgQ~mV?iE8J56ZxrU$@9aRT8 zC-vg#m#DSE&)?q24lRmESPLdrs3Tn(vjTFoR}JdM8B!Hh=CZXZtW8Qhr{7Z{fMhJRPOHqH9uzvFOPV=@Y}y#5a_B12WYeKxas7)?y&6e84-@n?IxQNR$BF*Ri+GlNzAXrQpTc`DI9_YBoa??oT;(Rwi4R zdHTc>r^b-_z|BzphRSoPk82LqUIKXy^Dy=mIq$)8#6{EQ@v$s>eEu7AMn%W|jS78l zt$gjW+XZ{nbjnt*)cXee;8jnbDo%ptURW>iAHG!wIryyz2Y$DCTeRMsE% z_TrnGHZhEUe>#JxK4+P(mOP1B$WWHf>SV5yvyIrK$V`xAb^io@OTJDChW6gyLehHf z&FPo!oTuLhlRj330nnhVrF;@G;AuFZvz~D!sf7Se4ETf%X*K32vPXmQc@KsyOw|hy zV@#;%->YEPF&VL?m0{g$)yo#5rBe!MIoT;-UQhbcR9C8BsI?Cx=LwZHo+!QI|txWJ!wC56I8he^JOGKE-yCd>RHQR`r~3@o0Jl-F13D zUHf+BSAYQI_n8zweKbgQJI+Ut7f=2=NH(8H4NI1|LDO}t=FWktZ4*F(SW;@OrxBD~ zb`l}Ru*zeu4pR1xD3#9m)z9Igt<*!qs?K0#j>I3Fd0{j5D;brkh$uSzba>w4kX0!| zZP%xbH`jlEf!#atL`>~!tihFSnrhi$j#`VvwVG_=tMX|@|*LCW|1VSv+G-@ry6<#-gQSwa7yUIp$|+jaEA5erG%z^c(K8Q8K- z+%2?2HH#vfFlgnZF3O)o#hyb8aAy;&ca~)9a$vbrhI2f{lnuqAIoF*$UuJwbT-9Ze zRi&BSxplKfpQ_~TNvWiYfcM;O=I-Z)i&8iLk^QHG?(V|^NQXyf7g%YOv!#^Y zOZ!c$9;&b{Qa5hS%LP_N6GQv2hJ{=$+S21$pmUXTmnjqi4;UyVN&-|i^ilFyjjFNF zm>H|@1G>Jpi5*7hyD580TDGPA`i?j@;B{)UMM=*l+Yt96TV!MXk5nw%2(auiq!68- z>L%xVB&-&>4qYWQ*FluHeyL{NoK`@xSKW?Wq2?$B9$Q4uDgB~MnVWXZ>r=RO6aGEb zZ0=}9l9QN|W~;;!Z+{^A8CpM==8nBlB{r>g92}x-d8C_@-meNd8t1z2*NEOfYWE8r z;``ZrC$E}AWM&e!u&620^$06#mFl{7;u|go?(g{czKa#OWNZdl2fwey6@1Q)Dsy(3QdPB1-Nw{k~ zpgnXvwOymkZ@$%SI8))aVi0=2A7fL8M++90Emu)rNGiIR5`gDjHYeM{Kjh9R&$q1x zCs?*H@e=O&qnB~+(BmAVXRiJ>l+@pbg1s$j_nex@E>g@-Ts9zDzI*>!Yo_F}+^q@> zm?12mKc=$JBEW-i(H8N#3@obbmgn(5g$^9|C#8L7Fw1vGBy=Z7@=B2LR4PcR*Y`oR zLxZ5spg^aAuzUmUCbQREjs4|6_n@qbFiSva<+PbTufP}&+z^FUlDLZ14@!sOx)&O` z>L!@f^vn0}ec#p;QC<*h&1RFWG?h3^quY6}Xp(}j-$B7g$S}Q$`vjfoDwmQv{!6! z-J8kCrC#Rr$v$-~=*%N8+-`sNj;sdj#+t7D!e}iHquZC>K(;ppF_`DOE}*C|{SO79v33xO)I`1Rr*$WwO^eOX;*JUod- zY$REXHBy655s{B*ugESrrvAePz$xwDM4;BH>STI1U1MZWMzWMiv}ACa2;$$NVjo^O zc4VWOx`J#+BzT~Gz~(zrNO2O85!M`aGOxyU-%qvOzeQ^8)tj|UJ?ncQYBgRM;P7qm z7_LGUC3fGR`E_Rq_pZurDumPb{u_I5bO1WI2A|rtF|Nq_m3}PmXy%X)30|DKFEbv_ zpsFLA+uXg!yC!#MgLd6O;>(ZCWz6HL+|A1_)M?|2Uq7W(n0jhN)5cch3sg!MSJ}h7 z6Q9j^1#zWp&5%pMl(ptHno~px9?^M!6ls8s`;PY&+|J1NBMzr0;UNiwSVnb3srdQmMJIfsUPQjya^ zVZZi~rSMZAEJUmzmv_2wGYv1vXq-r_m#3yX7csNu(ABSaj5?4ufW0k=*g(|hj&WNH z{vptD2V2t&cGRSe8@&XL@xg+CY*p~p;IH)<71hQrQ7LUVjB~mcgCD-s&kz@+rSv63 z6iB=KP#O=OQokIw;ixi6F$Iliabj%4z`6xPcM78#sSCCjBs4O!9J{xHWEIds^b5$I z;g5c;8~?>f(W={7o7x^!X&?hqh(Mp^f)>;5TI2_hW#NbZ4(FcihaO6AL)$F=P?&V-f>0_F#Q;lBYMTa{5&!~ohe5dTLeJ$J9Ddp&kRBvFY#lcz>6-78+ zsBgD8$hK*q2^pPUm5UvI-0cspQMU4ad!47ry8(~i%2On}?fFsO^Gu$LI@ago62z@A@vuz~+nN71XiVYcslS##4OeCUw)MUl}f zyFvf?*CutDEgGL4&t#Q?onjxM1k&fuc*6=Q*^fdH&muz+p*SP;)AeU*lH<{yaZ{~R zdz~I%wmVF3c!=X~0h4D}!a`J{X$JTvVbb%RUy)qeQ<0uwWeB`O34R@QB?alUa0Pv? z?|!B5;SDJBQ8F+yx_~*bO#Vl=yfd9ZopEQZvJIuSA)m0b9?s7<2zH}IP*3Om?dd8S zAAfQ0$LK9fWDyS2JW%nRH}l~devKFG;7%IZ4Gsa|M$U$?DYE$*&~Dn!AD->lqj4l3 zeusCBJnOIR$hg@d3iVlsPe;3q)>&+|wpJqCsZn#zIuGG}1F-{{i_GD~rP;;$s_??N zEFX(F>hoX(bMil+p;-~DJ2g^APX+^gM8M}okL3a96?4)7fM^RBCBSzjCv@fOg$yX8 zs(^do#FQVGo=NYZG~YO4#Jvq`Wy*3z-~zs-VP(XZFG(RbjuWptEHtxB*s&m2VA|2s z;f)eO@!LE}=uYtRj(FAOr&N_;KLEuQww)=*=Czt4k;rJL;Pw<(rB8iSoYi__vuS@2 z?UedrOcc-t3HV9%y+WVNL3N(uA7EcNu;n9K#(TVHz`=dV|CjgrD+edP(=j12YhLhe z>`RyvWRMxC#n=uTcC)~V>)X|*u3YWO-sFY!39GZ{D8qqan+{c;F<;x68Sd3GyP*?a zdq&C$!jgyxksR#xivkr9A>*z0O9ZWe(be#x)lZ!orDxjP`rZ}0v9t6336>M$rg zor+J5&aPpwGeRX4X!130ea(XMs0X&ucsx~;GqTows2R6NIk;qwG#|;rN#JCJvr}?A zc#>U4pU29>)wV)=By-rf(f(kb#+64N47m(W0AkHj3D5T)n@laKF(kIP zMbm3%@_QWkHFygFfQg`4e}rI{`IaU$MScKLfk-~nob|aTV|rfSRBrhsS=aS_SIml zJ^1a&)_19x(N=@lWyulvlABfhslvt{MVoN^(VS%CeIe?IL%Q_(@EU@{QBK;)~uF2?s=u>DTM zM-s}nCz6v@;`MSfc?KgfA$ijayuXt52wYHiKQtB_)uq7NH4=j%rjyL_ZiM@{6NfQ+ zI>t;j`lnGyf>{ z9Qg`z8N_k%^A{f3oNt}4L5ZL$k7B`43sE$u=BmYm;c;Pzgdz_eJ^ zEgwaNDX0^K0)#1hdsEHUqHf+AEg@!N?I>Zvib(hnfaPz}+3L(Y3D(Iz;pTO&xQl~^T3&}BwzdQ?KotD z0mk2$W1)D6Z>A03=H*&zWSS6+rdKi#X&08T+uD*^L={5Ofa|b&O;fWw{ng;S;|*M; zWATa9cW^95XH{CMXIo7pUhr)Dr=-GQSxxSkFDC%lbrb#ftaynoC78pZ#_y|jRT8*} zGE-iMd$Jvlm#%*d;Eh2M74MlO@XUzBXf>{|K+{gR&Cio5`3Ss%vzZE=oWQqa?cfRg zPVx`~KO!3huq(mb*YJj3@NhH5C1M4pkL15mdu9|jZNN~44gKkAL|HrPwKAX|Bl??H%-ps{8)$d2Rv@;trjny(Q-r z6rV#`2T*6FIX1cp`k!G}qOv+{X(#QIYQ?Yo2Q9*)_VIV)8QqFS2v#WDe_Tv5&-}|t zmVf+Qdq{f+`Ds)(FQFa(62gUQj$6#8U&|Cz;!Of>acxixA; zdN?vb+z960fsfJ?YjUF0U?^(uuwA7MV0t=wRm7LxYum3b3~bfh+ao91zlGsFp+2)Y z+wt{Xg>PmO*9aYnQqpI?hZ*M;ugXCE|rCH}R1 z{zkv}pz^nlMsgXUAQ+f_sQ>Vy$0GydvPLAPPP)h|J6l{L4G~hA#yzl`G!*kasrt*L z0I~W+-nxWbs(dZV)5zL&dwp$zl9`eTu5OqmZfrF-NySyg(=vfme2J%r11v}tL~ z42H`ebU#J%E&g2)Mm)V?h3GQ{KFJEMhb=XcPgD-sM)QW+8 zx#SSlBzF>h)TO{e1{;05=_gNHP;SoKp)C%NZe{4HH2{nhP*Dop5VYdIb=gwUC3wAf z<7aEFJy4J;x8m&1rw+btk^;tj_{Ir!9R|GK%9Y*i1L2Za708M9bba zX>+Hhcd=_t(8WAD3l z$5y%S01le-&^>+t-|`%ogX+E8)3R|}Asyd8e>gB-O%?;642cm(N^r!7@(O7uPU;jG z1PswR6m!XLJ1|iAp2|;8ltOdI!${#6VJQ`}ebO!#6|s+*F)o~_vY~Ere_z}VoD<@b?&pb?)~QZuWim|SAqZ#J=db#*$m7>9Ejlc*Dc<*U>vbyVGV5cRAcfK z$|L3=Z}~zT1}eyxb{v?4+i)ph!cSi0@DX(o#=wa@{UeJyBPGOf0_}c5bF+xZPW;`` zvByq-Jirz$wNrr7Y zUD)mE(AW#JO-4?W$3N|c$Y|~P_-jmGLj;AK2&gxkX;w2pxgI7u_mm>nhw`WDX7|M+ zO5`JDj=du;Z-ORU@|>##Vvn`U-K3Lib;qMEzT}lK?k_X(>KXUx>wPN4IOt&R!>V!G z<}$u^W-)4;Qc$%sa1>uL{0(Cvc!4d~c8b@9E3SLaLZvzn<>t{sUZfPj8rw&in2nYi zBQs`PkjqS`uMz&ihyZyS1!g*!M_d)$mmc=4uIA^yKjz?Bevh{}Qh&fMm-&5W?vR5N zvn-kh!uC$ciLdq4D%6jCQ2yr5NP1r9m~+FABN9(`riz1-ZHKVEOZR7dyU!wur-!8S zwqgk=ps;`h-2;XcB8Ya7S`uewtn~GaiMV)t@kJ_l4Ke2`IyyRJFb3zsR^HYGgSw{g ztr}lPi)&?ILWW1D)6b%oScd6XSeIGZCqDzFo!Q8zUD4n(<^Wqs?l!f3kK>uo*A8EH z+I&`H(S1b!)P}BHrQp+;n{so zKHO~1RVFNc=jLgO?az}L1)L^PRYPb>ZWFFx9=I-J!g;J4&V{>`vx~LRC8pYo3Gl6| zv?L)!gEOh_XgH7{{#{J3D=2_OCqbjic@T z)3Orf!Mtor8&}vm&MQ*avz#@uXt{45@*Ps2eJKH9t1SrA_SaIt*UL51z%y%pGs~Fr z9>@f1L2kK{sCP*^6x{>C*B|F2Mc|rv=P1KqVT}is2GemxON#FV3-OHD z-X(>7WQB326+VqgEY0PoO92%1Rcp2e>svl$?yI6e7Gp1o6J)IX0fzlX+mo~tS50P- z(k)Ntq~RvddhjkIpM!>Da0+9Z2*UcQmbdm zflFRY)hX@#l(LQ7+5ge<*@_FgZmeu#3N_*EANlKVJ5oyv;b#Irr3Brwxw z81aDg6KdHsO_R}~QK9Y3@gb^?_N;Tfgfk8PKFlN>nM>XpqxTUrFWZW3Ze8DB(%z+V zWUTORWX_y7zKr~ImXmS^sM?x=q|j6KYCXQRe5YmMlCJk5H=JZCZ;A~-c);Cz$;4T( z{$MMKw_#wyFJYPfvZ_Z~zdU65%{L0Gq>IJ1$G&38*TJ@B+O2E^Fb@jJTypHbq$e!J zGUg;AMSbq(@ZSt`>?0r64*05+yvEdrI zI5bml&8Zu0v9mbNM;9!PA9 zDWK)jbjD-h&1YI9om6f%nxD|02?b+FDG30cH6%aKgKB|6bpc78YJB0hH7%ZC-kp1o zr$Cpbk_Smn+sX6dnh$w>2mBeMwA6Hc zb5S4H?ug2Hc#A#q*o!x@X9{QB>Ihv(DMcOD9!z~I$8a`(FP%#w>COtl6*n$zO!Hnd zcdz6#Re;&C_J4qRT;SoSYri;fd59h#Y8ZU8$_K$1mV3CmnTFH!sQFn#yV|;DudO&E z{QYdunf!T#pG$dOPa5*z!n$A_f7R)m$pL+5i7Q>t4>l(!o|qriFtx-`Eak2jzuB=W@nVip>N3gF!eu#h^oh^SCZ^ zkJn}WJs{qLy(kNKcZv|ux7C_=%yHS4zcr~MV)wn!UVR%OZ`PxmZTid}>X&hV+{nL3 zBO8J42?6VtBDS$dnRcAl?9(tX<=ArKvjMWLR0Bux3v1WO1ZG;(Qot}`>y+XT0{Mpi zI1Zi&LhfZM{+cz~;^1)qt3Wc3=0fEvHSpSZ(Qi{;kgKoRsZ`Qnr5zMDN9SpKF{Erl zRh3zy=U2?tNx>DebUhy|qG+)22-5_aH6_5pQ2xdN9CT&>9o@bCeCe3cn));z)r=xs zG4YOU1P-PQSrpBM$?@5yJq#GKcf}d3ARBuE?NP|a|N>J9A9ri#HV}k7fMI1~^c-o89GtQA5d@=$M*FEL6ybho$FhKh~m!Lqu zet*gkbD?y|QVv@sw2l`rWk`Bx*W8MIo+mken{E;JPQEttsd)H0G*Hdvj5&9l}dZqVH|ErgO9s^;^w)UVM zeX2gQ)Fv{|!L3`|?>Bi4zTXSj@6TGW6WXB@%#IR_rtN;jcb{wEC5TZgz+GT|DZe>o zK)niPw#$}jJPKuC#wG18w4+NIyOC++>PWe@gEWV|>p~xdP0ZSXuR~o!2@*_Xe2&>>{FbEDYx_MtD zE|NsM{dg3~UK9*WeCHX6UX5;R#y9!- z?W>B%1(16o+Z`;!pDvO^LIH&`rY05^gm0E6Cx5`01OBknz8355-)>;%85~H%B5p{d zA!`1i|A;x}txpQ|y2^7WqwA-5v`h(kULCdaJ)gHYJE2(We%SO~x z1^r8I=)a$lT>AaHUdF$l{r_Y=lA*j8d4cpBVZSi`e|4y3@+|M)4V>#k%dNi$J3+{$he+(u1z#gx=fzQPv}qW1fNh|EdF;!;~fLKPve5NFT3%xB9nqbFlFL zQw306i@*Q;hwO>!P)zcV{>1j-{`vn9l==H_AuW^kQvd3MkvsE0)hKbm0+`@#Qtba~ z_~0)-hi{1G4n+$Wqc5j$7oSDg#1 zgwI$yAZHIdx1pF9e(P&`XP`{Y(tGq@&-z_JCeX62Jfv@)%OK=LmVH5c#LeELr6ErU z<`I48S9EZH!_M%Io4R&I!}!SV%I&~>_fegjzHKg-cH6^VRf}zrvCA0IUru$_Xv-u&FAoek;kX}bo4V>2^tn?Q6v z4NqG|e%>!`aiH0VHzFVkdFw_NdReSD4V_+=CCfp82@!W6kJD}4hdqM4^^Y0%yh2?1 zhgRIDAG%zqcxzC5id(X`pC5IGy165l1%s+vxf<4T1f{8CMcvy3<`DC8Rx7xj5(*s5 z0=agw$~AKG z3}V=zEnq|WtdVO#0A=l!t^2O%qeHi@83Jm95U^(BCv;dr?GHlxk~*x(rv4OH*=?`u%m!jbzA4kG zrR;G%@C>bzzT$sN@C;55ZRZaKSd)RC@3INJH&*_#z%LKxU`Exlxsn?X-}`FqY$52p z+5jRqE>Ir>#<9$zarFQMwlRg(~i}RCy zTi#$cA~SQ)qH}{xi(b1iP2!N%)@uI%pLIdrdfza>S))hOiFPUNqGNnsb=W{elWs!y z>0tMve9}Hnb&dOZ)TO6hk};Ok^Zq|vfQng97r)(UxwCNP&N97@ORQ`-yG6GNl;l;x zOyXZMUS7#%I60@z69<>h#SK!AZa08b7bkj|FXH;^VSr2XFr32-jnJ)ub^rB49pUDl5S6}4#h4lRQuPATI%P{$U@FX#ng4^ahKjGmGn7i4***Cob8dN6932J=eYc z5QG(-3(+bkMSb}lk{a;-258^H`tZ01u-iMZ*)#BEkAp+Nt+jgUgY}&|7y#H_ar%r@ zUA&ZN51iP^{dsO<+c~u)Kf$@Pbw%@&ng+O6q5h%Xs^n^A8D|mQx;GK1f^bYyk8iM$ zvr{>hu=lRY7xzRDwh&TM;f7R46F7TfpN6;M>3*i4a9;>q$g&1{t{_0(mCbEmHVDK& z=DXdQ;&0og+|)UAg`Rj+nLq15NW3(zGWcftJ$@0rWM&%X%rsMy`lY3t7bo5naE^Ug zx*-C8QAVl-&!iis7H5RB38!z-9~>C~KOI1SP?Y(Q`oVXM-F#P$EwRth>&)lt%{Yp7 z^mx?JXu6XlfY)gN{DkPnL^V=6Eu@RyEhU7+hc6A(C&`CjR#{v7a=uzCqhYQCHVija zC}Bo`v>M{$<7a>#pgRdM;W1rmL#~>qg>SeoT#MftVpxZR_#HgDVcw-Te(+onVqsfl z-8L0bbcI<=S+dcZ3Ts-2eKyTnML)+N>VziWxk98)05HdSSTc;x$f6xG(p<*FWx%LN zpy_lZNbl^2rchXVqsm3Z838m@g5qRU4M+7H)nF>M1gpH60jQ*y4Uptp_}GvEudm;S zKbn<<)RBC&=E4kJIy zpd89x6p`cW=td=T4b?6C4Vx9uo?uEvX#|utzvm~!w0dJ2(w(B9g0?I>uZs_Y%m=FU zb_eMU$p80qzsaI4u%IQN~VA+%gl9((Oub-8Xf+pN_Lp|T?eC{+;cD9}jVGqP`PaKZZA`lIbbL_FZjEWDJE_CpPg z6fh}t&b+)3%?n6hgVT)F;P`p^N0>vGQyAuK}Qrz7O6!&0(z)hd$^SSqX zf0945yP26iXUI!pXUwDHb%`V)0B9nKq39HiHHV)E2)KihWVCuBeSZkDm8ha*~6{%#CGCA^< zzh2Sgo4)rnG4;}c=ZFf0N)ng}*w_q*-t^ZFy~xANdYo+$)t#8acS9K(o8=B4H43tR zMn*qQMyNP`pO5Q@e(Tnx$39^qsbCgG9pitayPy7j#AWxpkQ>WfrTAxp)+c{;wPBFk z(d!Z_@)LG3vuEbORoy;#qNqH)7i^n33Zm~d=4m@kpPWe+IQfEHlCh;vHkBYix|zB} zM|V;!dA!5B^~Ush_=f5=&00Id;txlysB-ORad`W>Zaos-S#&>&*VX>N9EIfWp{TmzZj z2~%P`s6fI?FZPrJrRSHo05Y~ZB<-PS+)^Z-Myyl3f<3bkSnwFBu z@3sJ7CcIiDhQ@y=27TQ+|b1eF&%HhMY9@I2{~jN zHw99tTa8Z1MOK{;1#P+KkilEIMXeUpxHm^Sc8fq)OnMwbYeQtYfXk%1Ix|FFCgi1OJd=HB~fy&zsFNs26CfMLM{R8H#= z-Ku+y{MkapEBpsyEh98k<%CUOw`C~oEtdcOsiRqtrQHVqjtp;28L4a7)4&%|1|ULjp1$43me&yK`}%jA9r%;Zy$TZ+prga ztWC$#N?2mg*HwdIIA-Ptz@r$F5Lu^dWU8N3uwQWudyo2s`bh=y%SvDT_$<83sog9mc;befs43Yp9@c)87^O(Lq|T)!GJ^ytT`ZF! z{A84aWizptXnjwu_pU8XI}fo%Q4-?sR00Cux!S)hYgjcTRbcQpmiI+l$9t<3Q)t`5 zB^6)rwVpH?gofih`lbM09^Gf^2rO2Amu%J`B3B#-?FcRX+8Jo11BEKTRf{Kh*d-f*lml&D~#6(@oFrPk|KEEu5uz zYf4{Y0>hjaibonpekQ9iIURX zEDq`~$qU;USFQS_2Qp8HUq|Pk;u_A8vO z#u^yy`y|Dd0ze$~sAHC|-*Hu1E+tl!xPNvJ6M|}0j0Ja2{(vNHf0V=c8O{JQhEN(6 zf$sOKl@_P&^%X&{oCkB-OUCiRrS0h6o%n*!_+NOgDIj(klp3YAhWBuZ0`2?h^0d%^ z7i=X^3$=MxO$%yCeh5wcGBewJf28dDJhh~*T6_RjSX;8XTq*!r0dj*M!G+SLkGQ3z zHd6G)qzJ>xdgeS~Bnv!y@4QvXlVn)AeP4@{ryM&R*|sH=i_1g5i_z@FUFj(F$1*WK zo=QJ`J%VYBdqzFW^qm|d8#jgT+K)G%wmTTqm8`?K*I*l%qeND6CcMfJ&7so1yszee z-aY75(kBCILDe?r=p&Y;1<?1A zBO%j7W>}VT!qr3L-c_(d$mO@qT%5^jY)HgCj1$~UP@)5s<_mAie;q-Pmh7@j7h8a) zY+!ZEUcs4lWq@e&)F5Z`P4t)=S4`zEJ=rH~QVJ<29McIgVz%K_MkpU27QFJzvEmYKB0#--SQmNSGJ8tUyo#eNDVxBK8n{PaBC z*fz?3*Iq}+o2M25=9TYj%YTy@099TykEFl&!5X`9ZQ1l{=Br!4VLKN77Eb>&uw*j? z;NkB|duZ$BPYZJ9rH7{LeS%8@%%U732f_y`LdNwB8e>jL$-fWW50X|>5Z!ARY4h_v z%gvlOrbmq-aaC1x?O;26pNlPNCmi6KO+2Bob}QUth(j!KS>%^VTP;rlR9hO*wyTQ<5KD2dxqCYtFu zk@5mJ#e#|w);=*$?vnT&C6n0{Tk?cg9SmwPhk%;^y3LyPov)MQ&bUgIzuAcxqXo7v zVp&CixNlQr`I*4OmZv}IZjtWa7GWQ4d(a>Kh<~v-KQYy|Uw8$`ws5t;g{8Gi!?(H7 z)SIZWq6jAGz;&>}NZ8cIC`8Qt)zp33pXKqU+|c4ay{3m_ZBX)rW$V}Z?`PKKX0G4# zr=knyjiu5WHo;Ki6N}f``#aoaL=-`+^?~^gsJx=zXX8vxB6S#87iQE0XMzHzDT`Pc z3rP8sR_h^`PPF>{Thd)DJi8702AX_d@b-V*->x65#g_VcV=FbUXhG#uZc6wV2Kkn4 zahco)_iO|&Iik)#|DPV$CDhiA%L4g>P<|oc1KeYqW>`amKL0inoCKjD^u_* zMgj61Fn8Qc%U?yV|9U8|zcL`_vSmkvuw#N(%`;QJ8tfF1phLk(lCxwwQOHh%M9BEe z?@3)9j5!6SCVwf&QLykk6w655?21sUn?CK6n{`Xf>UQufpd~R{QIN77xt0@f|NN@n`%-vpBVwx^p@wx8lm&`2wzprrMBc71xBM@^0Gmn;fZ{7%7~ zU)?3vekf-kY#g>2Z26j`MlKEc`y`5IS`!vGBF3I_Yue{Fuy#IQwi!5@L>h$Ea5obEEsLE|A?8WIc1ofq>%y1VSwXY8$-D;GBq*lxid&zpD>9r!Mv8c ziJt&s3`bQ&mh<}pzwSKTqI~2wJk7x?^j@d7z|Ez1^^Z?w7b9B=gClEn1mjj3$D7xt?%6u@w$SDPIarzlx^!JQsB%JSf*Sbx?=> zN#bqTv;zd2FW^?V)pn)p5E|E*$AG*FT=-rH@ zi=wVv)g2)BkRUsOX{eV^el4Scl!z-XTG)&T_6(ywn4s7#0clXZy)~`Ij4#uSw2CJx zpEmo1bNAL0J#gm4Hxlp?BmstH0IT<&nB^<>ijC~O`Ek3V?lvWA4ma@g%UB@r zn&WEqLw6xlZ)_yMbi9on4&sf!7FhnFxR16dnwQ!rOgK%maFf$knJ(X0t@h$a|75>i zuMt84%X0~yJcTw^b6M++B?2@)NTa#XLj*iKG*5IihkFzX)LF-VNGEZu5XHyWrCIr) zgreO+H&n^ysV!>WzmE%ipOSo1PAK?Cp{t}aFz0>1fRM*oZ=NJxV^)_}(xlEX9li6P z*TYE%X;KoUK{PU-ugL;-+c9)ab>wWYfJE=%peAK^6!(RNn_rhC!L99gVVoDm&m}T< zh7UARQ+55%RDVsIvKFWia|W#XwH6!Q%=1lMK=*){mw}OQIf|>EUU?f;dWSEFOJhB- zrSjOaARm|R@pFpouCDwbEZ{Es4JRVkZlJ}q7h54)`F$tYz7s!%4i1H`p9{`YpTBz0 zUm>KQ27ayXVYkux1ekQXtuAU|D9Gm`I}a`tmrO@f6K?$V&Xm_ypoMsM8{8&;Ze4mn zp5M6)$|pTJ*>IF9ThG~{`QRn^22!)tG><>z(^24mj`Ix}DQMri>Qf?7s_m;lU(~5{ z_&vX~&25_tUQ~$cWyaX7g#7(uqm8KGmE2y)Yp4<1k<4J>NAhvI4f-QEO-CcmUwG)y zT6-4rdlN=(VQ|+UaUUhio_GkVT&m-KbWh{c!IiNgNJ$_M*Y?8GCvrc^y>{#V&r>tp%{x3f;AJ1iBjXfXTJ)=CSmx>&R%6kze97mENjn zsdFC5z~WnuE*B-lUY|h<6Cog=)}{}BHR0zs zGq>oal-&>GsZRii4Tu%IN)yOwMlaeROQt?f5Dn0V49C8yUVgDqoe59PXRG>!@Aew? z446JoJ%!DN+Qx82U5;x{f^1F)vkMWpDf17PB$nZ{I?8Ic-gjO-_6WeTF8zih8`v?r z^0P4${a{=;!1)i4o1Pqc3NRzx`#7mUB{;peL4XpIrfinH!%Ycvz-YfXAqfH|4~J#d zm!Mi~C2-Asnn%L9*R?d-M06>CV>dPVI6p9)F!VY3E=E{~QCgzQFh0-8`a^M#oDfEf zf%cHmamp*+e1_6sxs5mhgS<`*4qa5|06VKg2TC;dZd|^yTMi{JWa?GwH zQ{3CDaepSLWbt=Fc%@_q53kS9p`Ncj4W|Xva&tw(GL`rfXA8e9T0IS{XY%*}A8n_j z-xlPba&`UmJ193Lq`0!XW^RbqX5z%7O1O@X5Lv`#*Mlu;+%Jz@^NF1R*{M#8tb% zZ~v&hg;zxI8_7Qy1@JwZ7MfcSAJ`I3hVDY=nH+fs_sG;Z7MY>c$S-IphsJ%3UX>k1 zO5#VJy#Opqc`X+3vF8EuJ+?U%Wo)X0a?itC&#y9j)PkR*g>i~=-azJ(Fm>?f=THC$ z6qpOR8Q^tYMpeAbG=K10J4Hf`<%B@cEx{mW+uEQVjf zB~lWWbDC}0!2z$6wWEPgo{>ky2B!xl>R((%ugt5_(_MLI8DKi$&-xT~$oK0z7p4r9+5rR$0I1tRhh*G z{_yxLqFV9MIkPk6w{=e&^W2O$zo9nLD8I`exh^5PD3?w94q}|ia-mS?N9z*bNRL;P zg}@Vr+K8$}_QLnd9tqLlK}_7nKb2IhRex}wM)cj~4uk~dEJNGBtp$g366m7ROq15$ zT+{+K3*laxugov`Q-|KyJHLA88xyiA(aY;bI$_*&Zm-|~=T+qqyx7a6|Ao}kDZ(~4 z36b?1eVIBXO#Pm7sf2}16t|xZ2TR2ap4q}!1y&zpYf4I(tgjIL*R_PMKhTN>RN%~h z#p_>MUCQvYx<*Uxn3n@UeperI54o9vzAmNBE@`20eFz(c2 z;(EPQ*}WL{FrQV$w2hLu3ZeOV|H~=z@0=v%br*+oo{6p{0&PePvljeI6Tm-(#|I#f z0e&<+&@apMZxZdI@_xnQuFt&0Vd;Rm(E0Rx^JE?9_{NqJ`2u}7Cus1s=LXK)eG)c2 z-aE6DW_aST?>rAfXNCSzLEPj4>hJ4`FGuI&!#+6XA=d^chzZZE?uN5O~B<~b4@ziF_l!jLTC+R-n*;r~db??~UF5@9{D~=!Wiwe{ z6wu{|N5AS>;zGnmUSwaU>aMCcOwAU8exEPIVutVKTs{Y2 z$1w3PTfvsQuWRY`Ki$OqEA~8U*7zc7E;n#gqnr;>tv4}*@OdYf=%RF$P;r%Kv(v+Zs0N>oT<+>AX_&(C^Qj@1SK-6%_eDZlpR@A6$_FVBnIq-W-gTnC5^B7Qz4&zK! z!{HTY>fka!WVJ~nMWE$Q{Gopk0fFV5$J7tz zfu-we>b<@x7q-ILsG2K=lqXE+cRP_ad({Nv;X9Ok!7p8zR<9&WeGwOCmk#zXH?U_w z?{Bf8M2{yyJ^}_^s!6S!FEKa@SPb{~$t&%#$(u!+^pwxlBNnC=nlMV7w(b%zz-cB3L zhmD0IU0@yW_Br@dG3w%pMK2YmRk$h{$=xBAw_sdmB?fg{=tj%k z)9u4dpx(rVRz-25ONgv>nQ`EID$!2~RBu$kCmBC(h^i0$=*HHMn($`xG2Hfa{1=pt z@1nzjZX`bx%df9WJ|6#^55I6GI6wcGeX{Dbrg(f$A}YW)g^c7-O3skRT8Cw7+Acn) zZRrh@JKqXFTqd5{Ni6fm1BZ`yROQJtb_!qd4*PQ1aznq*h1R^Jcjj`Ql-}hkvO>=G zwd>Dpe}c~u5uh;DN(*TsN~g?LUUKDR$93P#`+UIo5OGx# zOzX0uUw+jWY71J%&VgZ43kE6f!7zQ8n=)t@5p-Mx$wrxF)`&LLOgBF6%cN`w659h;ZQV6}3`@8$A0@@m&tglZOS z2u{UU11Q@r%H^68(N|%6!c(Bgaz~Kk77G4$8m1z#m6rJa5g8^S?9D$r z%+7bXD-Ai;odX0v)h?d1j3TS*%POUfR0S^Ad>UcUiwmfpRr=(`U&l&bL*F+u>H~gT zTf;9vA*bD!J2&}Ni((1MsiH8l8%bUZk-q9+H9&_TUll2oDgu^YI>p(8eVPhxX_~5Y zyIT-CeD&Tx_`D?2b{xQNFc2Kj_p`#uy-_#YM#9b}DGERw0nix2`m2*fnvUV5DgVN0 zUbL?1h(K2JHo&x^JHVEa{8*QzLDWt!Pc zyoJB_5GG16jzjNosb!c=i;L~KejLtwdX{aq4+{mzh%7s|F*b?3=t+b2pt;+gvk0|y z{SBMHU3e6P9dD%|nQHKycVX2F?vKxI30crjnW2Y3jh%lxc6F~B(BRo+ZQAQUKmHkZ zd+I2wqp``2vyO>z#wp|T)*tNwIuuJr-%g3VPxZhQD=R(K6xbiE0)gsHb>9idC^rMe z^_pxXH2xWIr$gXW#6PXSdIj&Y3#WSU zAGK!ztl(SW|JO-nchdO6|7r|TbfiI}|1~#EJ_$z$EkLFCS6upJR{YQc2a zg;dfY-nsu=(yIuAmHy=rVrrv8Inbc6g0TN%SpV`I$;$8`!Hi&;1O0!E4;!TeB=jE* zs@*r`13{Mm>rmR%IgGGcXig#Wp8xROi!~t3gJ5k*{``K3{Gabs&Jq8SZ%%QQ z-Tg~uwIiW}ZmmTCLJ(l5lF7h8rvH|_&)J_k=l$FH!G9p2z5bf89;5vK_SlpFLIbY) zXBNSJC-nc-&wP)7^TjHK^9_oc=VJBmJV9Py{b@XD(2L>UiTC#sbw9eqO>AECgxfNf z=;&(@fZFfj=#H~g9R;ek_}^QeIuGu;U)|o`o_19@|MKzxbUnB$+}c~;P6neEZXW*E z%0Z2Xzl{m2sDk`-1Hn?uv(tKvJziI8{3Srbt*0AQSbpk=t zv}^44sZVhn5GEbp-&c85ys4S=&vtl$+4s=qZ#lfSYLhua`=tA;`=ZFNwu;oi=&fuJ zYp06I5J7?f+8$AHVz_5Dne+qSrCkhl-7|L? zX3QS&r|%0A9GX|uSWDyoL?aR(F3D4F<92+z<0>h-(j_J}uGZss{${(92SA9=rE>dG z9xqq2YTkQZ2O*vZfR=#7UP*ZDi?;0AsQ-h7>4NADD~Mn{J^5vOXlWY1CF!o&0r?T# zI1j)Sk2%`?$?K&_SNvtz@>SPe*hGrJkuJ!ZXXbxkJl$9imd=1V;Rk?nYY);|sBy(65g~%# zbT@!)5sT|)&di?Y1QQ9V|5P7H*%-RLGV_CkX6r%Ihr4C}AJ?mauiMxl6{-O>rou!m z2SOrEbCSmw&1LK(s)4yGHXXNOry>t%>Jo1FUH;#cZ;Tl|mHsDo)mUaI{VtE!hZYDq zyKvonTH#ZV_U8#0oH#eg1H4$BD4r}AQZzNyW%&#)#VU?-3G5K(0n(k`O$jm%$TXDJ z-5MWIHnUE#yw|$vQigTy4k3oU?<6dbOyoWH8rdrsF_F^D{ISm})_B?WYyVI$7qpom z>-L6VbnZbc1a&|LxxZc33&)En;7QbNqGU853=SN|-$z&h@pPZ?o__cgk|X-q`bz?^ zZTseuCp0iiplISWvD3`)|WZvyQ9-DSkx)8LquFJPrx>XEQWY_j6RMCs8f<(bPzTeY_? zVEmQ)^V^Vc8R@l+$ONe|Oqe4T81sd<`kv?d2>cPFAUIT*Faw%nv8hWOu9YX5h0>|9 zIFw_Rt_)Q+9vJF&P2$f2>|k`&c}}^nozmA`z@q$(O$l$^Or?O;!S_-jx%quq(_K+o zNNKfoPhb$Xpw+}5MIN-&4UwmUhFP^ZdPiCEcH@F*JBSI13Nu~T+EywNZ*FEs@d%0X z(kwbl=BO}##<1pK>oDVH$+PwTL9?P7gRbSHblkbaz=eW0-%S{kN@c_5m5fX4i!x^q zn`Y_!v$Kt?d`xY~XjY4>k{9r@tcBYx0ln3=&am(6-vHmK432{ZFkL8Je%h`tUztbG z+sN}LD(<~QrjjlRZ0n7ETyHf!wD5Ac7Gy<5Ayhyrd8nv_MYa0Fi`XX*#Fga{@_D@1&P#gDJF^fz9UZLfsM{Vz$_1>`Kla3g>K80)SoK&J)sl4^cn#(Wo zUC=Bv!pxGTibEHA|Hskh(y<0d_moghH??z8zqvAVtF(z-V)v>Upj(&r%c&zIn>6_x z4+g!2e85&nT#5 zy#1oGzCX(wQ<{wnz5RYs?>V`S^%>w_WHj*uMHtTbRh+wqP-}Qr6D(t~=wNbUO zrRT^{RlDX!n1T-@!oJ`_2hDMuk-{B@izz2-+leGNtTVdLWwt*|HPy1ROjJ2l$cmbZ z46+6k_6&q6WhIp#_POVCUeR!<#R(12x@_CLGj{i9khPhu9qezdUO4ExleO2(B-if2 zfdo}Ok;DfOUzmPmBHDGWO~Vcsaqre|LD7eP( z95Zm+(^z;E#edZn8!3~x+wIrL36#Md_;KR<`@}~M;DQ7*JsPu+8JvMo!T zYFT@#`%2uo#7aX}{_s9u7;aM#_v%hZzxob!-dBdWkcH1Pj$opjkV)^2khEX*32WaH zs2hj6?CWT(28Fz7>P^)rHf$H4sxNo#@+30hfWVS7IA7sFJ5|6{2BBa2tCWMJ2F*sQ z?h=0e=yuCqa*qLoE9p-46(k6yf(8hK8-8?t9<>4v6UjA~`gc^@sm`0@oO2#uis7Bd zL>VQO#%7|fu0i%So( zd-me@@rBtWBHk^A6((jqcp#eC4B0)`ojjrkFo5)}lZP%an_PT(1YFXm-olVTq1pcy zql)(S0@*ZiNard!$AFjz4>XY6SfAz3oLEh;DM&EEte`2TAY`g!A)i}ALAg%pKq7i0 z!$*Tul#D&okBJi8k2DWYlPxutsTuuLEaM>1*|(XTfuH?@T|@iL%yT-Rk<>eotfE#gIwagEGWk|5!Dsi)4W$|3*3EYTZ8IcA2Z2|6ZMXQ<%+wDBpYIzE7P77})2i6fnq(Nc9ZFp!Az14YqO+fSeooivup zmH;c_W9BugBuM!y!9xqSjG0x>#@Q?FPW&PiFbx=xct+CVuMY97m-{RN0``6a6k)h% z#eO>ch^GeL%ew!w(NtaqO6`ubXNfWUaZczF$K+Y7hyl{vu{R0&`N15&Va-E)9l>$Q zs8O1V;p>o&rulb~6NeBvJ34+?_K(2J%+f?N(S;o6BVH4oQK8oX(=NF&pE?swVA2tH zCiOd))S1F$fVa5qQ+Xxr839;?nvjreF+th^${s-`)imx-d}-y^Km2RynuWb*BNn%w z1ti29&f#B>uWznS=_M1&xko>AI!cTL1t%|%d=vUS@-EqRlPkN=S+S}Nv)D|T+*~!d z-hKI-cUHcQhi^`OVi~S-IG`{BK+1x?8gfV|IL9eUoP{FN%qx<^s7rjf-#>g7n}(}v z*zd=07WXv=*Z)d{!BW>PJe!!^VxL?ZTh(PyMu&a3ZLy2pr_l(6o_^2VV8ySshvvvx zke}|n{rdfZ0{%hm@cu(`Aet9Tr7cmbMApabq4F)>gS!x9XwJKXHqNO@5o)t#K9n!r zyp6Tz=2RdT19+d`1_|VSj+m-F9w7(DU*DPH1SRV=yyh%(A)DkBBU{~07%pFM_f*3? zCcPvck#ZYJsm|CuYx~han-RGR@fbhhyr<8VcUO+T;(vITQ*giM?iV>tUqFdYDHuJA zDvdaajnzkrq1Cmc@OERh%|Iv|AWfkqL0)nZ;Ij-u|NWLgcKj%g(Gb}2RcsS-8-xSXV6^5jas=-9`fVjs* zDMzUr9Qf_p9s^>|WtT;6TVaW}kvvZ9(_J3Y{wjpd;f%RJptjqu;sv&YHu=kWw|4{8 z%_($RP`kjj&SLADF9(sk-ARlT4YnDh_&?;xA(#)o_~C1}-5*NfWD%icCB_%vK~DP{ zklSxvpiRihWrzf|SF+{hjb8QCV-nJGS_?*Ax#*O-fP2_Q^E+}2qi{H=UrE0BOymbi z3}v?u*hMxuzqS(F$G-`Ze=SdlUdKhSwPEJ($%6E4OjX6wmR=0`8;CV_-%mA zd&%py>pOpVz50)OKPJ$+r@v_#3yhCe-OQPtw=WGl7`C^fLQix$@`g6;U|JcoXA>G! zr~{wG*<$ty@5$XIb3G6GD%E(y_>T4kDcEy0Fc;=A5>x7o1TW&BMb@xc{jbJ@+l2jW zo;8xJ0R6tbayCl#d=IQQZ_kEb?_FomG35zEKCK#W8;IfEA##WqOp&5`x*k)`CaSZA zp{3JUJxsID8em+&+ipZhbL+(OX{h;-LZA_65wx01=Tj6-0$0pMtBi|Y%1miLgqIiQH-jYVxPou ze)B~W#sJ zrM3sVP4yFzX5N3`bRKRh$d}l!xFr*dAi_Z_Z#I_#rLQS!D^-B#UeFV@4I$j@!42%} zJ=17BAK4A2W0XIDElUA@zfV#SUzN#0Na@%oTey%ldDUbh0QI*DN#q|Uw2|>RC)B^D z>{L}?+oa8Q^`_wBY4db!dB0&iDYlQ`!MgeuRM03cFQzH>Z9>@@VQ?amw0``+Z3LfN zDvsBdB~0$l+GjbE7;Ez6Bm5a!hlV0nf*$m%62oUexlZ*?!HU2!~JO3d*+B zd>Fu|(u9_n8_oYUnWV%`Kv|`X1dEi}*``DZwvCO&W3f=H5RB^@3E-HSgsH~@QJ^K@ zgC{LHvDVm^A12>Z6AbP*c`LLxx1%0~y_7ADJJL}a?7~U2{rC<9pYq`a-%FWy>c6Mz zRSjYkZNgtt7#74EHx!oo)49jC`y-px(pugok0<**hvXXZyX#Zv`_EG+M^l=>J4|ni(`St&&)X zh1@^D>%usG-Z)27f_wW6NSj6SWZ(SrUVK+*O3+5FAP^zD|pH3}|=<>v|1Qg7f z*m{=H+`KBWCvj-nZ~`AD1N1gJ5RYbY?=tk)!HN=|C5Q-3NSdVO3_lbwAet^rUz){A zybVkF4i*<(x0Pk-%*`rC?mXvCt$kBgoHNA2AGe*XX;`;B-L#A z3=-$ItWiJjSC$`R796Wiz$Pw{mFs8RZ(bC_6%*^ggr-z@thymHfPV%rUlRs#6>j33 z+LxGjiW_7`rp83wG>mU+Uoe9oGr|FCZ@{atx7L0!_m-44_a7l}8JpiEN>V!O#KQr& zT0A3BfMin4@W?t(v@}ykZ|dKo3kpF^>2NN3L}17M03&0jhj4&l=SL}!d6kHbb25f+ z(IaY`B^8V`+R2(sW*!dkoGys%5lVL1^O`!J#GTbKnuEQY{xfhVnFrZj^lgkX(IT^2 zF+!d3+G`-l!##G(#Dv<2b+&lFnkObK5n9YoXkGuuGP^?Wp5oMK(U-k(kAfNsHff~! zeNHY&3a>(jCk3mq2w^3~dM1Th0N6e<3R8!Xl|Vb=pejQC^sX;1ANByJ{)tiWEcP+q zHV6)w)Xw?kvv|1zanjt68c-xGcrgxaGhk?4WSjGt3=bAQc&5K5p)WQrkpy|A>AKUZ zkI{7J9LEa+fBt=He^i`B#-GY@*E&yH z`2Y`c2!qyM-g@CtG7_|tcKC=}8u|ql8kHR^cFJW+RXz42M)v36(w__Fdjbe_RZ0Rj zqfV*7BE_T7qj9?*-xaoLzUIlG;QmIL{T2>kPqiRwub}l}+GQYz=<@cClj_Ku)aHFJ zHoA!28tk9e9)2wtp#51?{ocPu?FtRr=rt4u0O`Tv;vCZvvaOUvED_T&Kms3v+1w)v zLnb4~ShGk(0a{IK3eyB>I>qJCGt1Q4T2hJ+Mn2kR+Gl(Wz&n;A0$=y&AB0wIk-l-) z1&Kul4;U=0sx+&z((gw~e*M$SG55vI8Bp3YyxT5m^@%7ljFa*U<&X!z)QXOi5gFJq z?z>1a027t+l{lCImDPY~(?u@AO=>N!l8pfY%3)J2moF{xu|()^%oDrCq)g91gPv%S zPI1C$n}&ZED0mly4-}7;&*_DYBd9Fe(QYd0XSvwY2oOWnMX-|F`V>XpUjH!Gdk6VB zg%(!xp5yB7+1J%8$GDmG*9Y77X3Tkd^9xxfx57-8B~0p)5+b^1pOLT74-}N=`Y~qG zrm(S*!k^#J1s&wUmtyPLY|9o|e01`J@o>?gYqw^9?Lh+$-&K_Ops-*RB}~|gKqP}x z)Q;Xq-nR)S80_e3j08Tmb(+qRibtCKTx&K}K-jL`gX*Hv@!imWC3hDKVtx1p5eld| z`_^*Patc&mo=R-rOcO39B%N|q+QCTG8C2SUEi$NNK%k|ryhWXKw(d-6l17xpjds+x zV?UxKdDm*FRj3UScWFMKCQ8nt_eG*lqtJYl`>YJlXtmApnqFG3PZd^V;HIfc&DZfP z`_X15pl2LNaoX4knLDhkn|#0mS5eHkYDwkc(Wpx7wtcPJdo_rFkyis@4W^+e&t@Vl zN%jyMBG!)}E<$m)-L)9J5AxOuqQTA@t`LZ@?a!RS5y7mU(_W?N(YP4JPe=l(Fhcdh zz`QH^?WIP!ylFSAExi1R*ntf&j+AcoH8zxM%5{S8RGxe$(4ON0|IHy+@PeX^F6`yJ zcp?LI%TVbM=o@ngJjZ>p6E0MZ6vb0%Ern-Wro8-?q$DueDkL9pzFu~+{#bDM(F+Zw zUr@f9_DFe9W^{&v)QB{!XJ=}GU);3qzghrAjrt~;C(X(_VX-(2)=V&hR)^`c*SsP~ z|FXS0H8K7#_46LZR>}@r(vSoVGy7xq55xL27=|SUfI<(wO#~mKbRdjwllQ_ueyt$A za8@0f@>gec3Fv;q3VmdpsblhNE~`l&kLAu8aaPM?RMu@4FllhlhQXe&Oxf1517miV5)8dhvx&MA=CRznuOwUz3p^s?T*z=?N8v+dKH zsry_)1+N5x(mJNj@$W!Qk!F`PIwg-LraZv--aI)ORKN* zdYKLbH$LyLMMb_ND%niBwk4#2ZpeN&o86xsaeC2ut8C@3PwC&aKuDu{aB0Db^;n{2 z$Z@P`;?}oF1U8K}q2#ixV}3iInFFNi$Auw2nGxiL+dr01OX%u!0kNQ7fJYk^oAKkJ4`f^vO8rprX^4Wh}e6fqlZFm97ySaH01L zpS5L6)pIiMT}|uu1GYUm-@Zwl5Zp8WWmxt;-vV8vR6iF<@?Sfy1#TDc&m;<;;|32t z3}8%wn}+(?<{CGfB+ZwSgLeOGN9@@^Tt&z!?ji9zUQi3ilrQmUhqvjr*5**(&yt%R zg;DE6xgg`&Z<0Ug)7uM`%M-B|WTsN`_eG*Tx(H~X1{w;px3%}Ux@tfQ3gAL}9A+y8 z^u*obpiwcjb5>q@+w>BS#!xD5%4)VoTf)Be7=2mc{)g>(dw;k=Gf|NP z?2~@k^M1z|59U?KvN6G2QGNH>VFh{J*@+t3Yv>RZ`jFE(m$|p;z(x?t=sv&bBjP6F z!u^{{m8k?mECXT4JP~b&)8B!s+0wFYEl#VaqMkFhKJBG<267iq#`csFgnXhF=8(6we7c1pu1&k#tNy`SIHvhWR|vd>=Hd4hzR%p}Apd*o=Nv%M%JNUap%= z=Hwl9w{yxn{S_&8(ee}+b@`34Glfc%z2yVNF{_~3FH+9k!reeKsZH|6X2%zr8Nurk zWrGH>VxK59&5uN0#)jAZd-diKbGq{ws-fxz38j?5z(y#Z6;EE}=>qVJH7h#GnR2%n)sG$;?uX0Cz3VrbHW`SXie3 zPH?{b8*{Pwp*XO)3XAj1kJTS6lew8V&C*N|{?B@%Ed{$nJ+xr=X5=xw#uLOY>uMYsD$q*VgK?A$3k zQqCA~*AE6W7DZ6q>KC3~&;ZO@negX7s5$k1nubr~ijDX=xr$%d#TL{%&%amDL-?>+ zF^fJsMwRUItyW83E~3qkhG9!SnG^XBgV-FCyIQ}I&UK67P{*f11XVBS1eP%P!wPZA zdth(EqR5Mn;eCOajZ@a@7ceyInr~DKEZwX0y8}lZB9~xz!UmS($#p}nVR3E|N0C84 z;i_Weg_c-Y$F<$xa*7{#i%$$>*k5oQa-x%q0{$0SX93k#v;FNti?_J66xZSuC=~Z% z#ogWAJwS1HD6WO#?h@SH-QA(V0)a2>+xOo4UtiW@Epp~$X3yRu=On-LY_YPgnuwoV z+f9YzF+gn31r4{(t)~RsTK;YnDBv?13iv#g!9dMzttwv$k;vK%1#RXm(7%PoHS)V` z{G^vFFJCGI%O!eE^i|d&u`_l4t?Z^Az0v)aG<(PRNj8^Tod_hC#d?)yxV%TVGD!B6 zk!|uL3Hmw~hNx1Il!T$ylqnE5ML!5 zp2K(xr0>?qke#pX5b~{=%{5kKD2S&t$~iX4rd5aWYDqoukO@x6-t!z!?8}MM2R2+@9W{_ioZzDK8-&}&nTxBM)u%e zcL4=?P4lDux`>}8c<`PqwHi>~^LZcGyiM0~wU{XTr7LH`rR&_l*CBa)jg;?{25vMb zm$nu9#bbhguiIW33u{Ulc|LwE87(^IxuzHgy)F^IK3A2#Q4B!T@FT8c)os>$1sjX| zLUbk%1;2v>C)ddGX=_K@1ey%9)>WkPSHue8lLN34Qj~EzTn4s4syyOsc#8 z0*|7vJOkrroSW_YuBD^Bm3jq8T<{9WEILWO(_+PT9PjMTFKDHB@n?7lR$u8h*BHLy zu4&ydPYZ%u>pP_M`c?8TMAJqqUCE}8ey1~mf1qbd0*GYoq*7F9_W22+=EVmTe_`f& z^K`gnaiB28?@3B}7%V^nwO|Y7ySG-s*$?2gQ2KoK{QRt(35K7*3DIlOnZ${W$4k~XC~A1f3_1X zoj>#)`qr#)QF}c`AhiD~Muh&|RoF~Gy?Nw-BymymKj=;z4X2~NUh&=PijM|I>Ibq} zp&nPhpkpBaz8&sCO@|zA6al_r+L-za&X-U~0dzr!?iEvPez73o-~ENXlxoDt;loiP z5+!kY-%Mulb5=F=ef6v9d%T@B{NpV_{0a{Q^tHxOg{BbQR5$^3x4a2Ed{e){cY35~ zuV5wk|JaZI;O}+JxjeG@`A?ly$54tV2DB^=V4m6mb?!f*{Zr-_0%HL^@cW=owJU#x zb-Fu&FVabPYYu`nZ{^N}?{d77kZ6OdKPmh^Hgm7&K$Z3fzQ%(M;fo>kFh^zy|2MIN zISqQupLVbv4uK8$kpTBckJEuS*T;Nll%Z^_OnE7{+y;CZw>Z!r+Z!S_+y0RZ+Ps6} z5&tOsHj*y$q500CrM{X4*x*$hs47pY=wDZ+tYY?V~_JaJH*?pFZ82IWbVntwHxx!B;@asn{#h{Y@dzZXpC!=_+e67Sdg zzb%N+fYO>A4paxL!CMWpK7v!l>x^?X^sD~@I2F;(M-_pdtgO!BOCuv~0j&RM4beYc zSKQusWpy%Kcn|$cr!2^vMr(xm_g(qNR=m66f34Iqbz{0v#rw;RyvQfc*ZON9REtUT z@9__T0M`IOjKaTION9dta*%(*zbsKG&GP@88u))sRmB1eO8(nAlmnXZZ`*gIXyQ$O z`y0RsA=&-6b5NY-5Zoj55mkPu+{IUOJ5Pwe+f(q5h;9X{sip<_Yrg*@b@ai@gqrbh zeF;K9A4CYrkAJHH47^le{Hr>ZNB#{k75_JY|9^9TDXNb#2>*|}u2x%9U$?v|mxhr04m80df2m9?;RHeKm@ zHd=NDc246xs8_k+KR|zxCFEQ`t+lE#KE||o;L-s9Y{m3E>2b4{yczd=)@JF97S&fW z=h9rbT?TJLeo7pjRR2)1UoWe1ev|o}MfcRBL*K?_UiaiSYij}IzBz^?J{`@vq)h(Q zbyK^17C7qo%yHs=yOZi!yM{<=<=w>?o3)mqdOHjMVg)p^VRhgt_S>x&*Fr!mmzzQ3 zmS&jAhla~1&*x`syXhle&t+j0M6nI%qL=FLmW+-P?05^K5) zjMd{~yzwfwk>yAIyiE$q!EMrjt{{dID8iu zp!%qU*DqEsew+Qz1i16aSyyO$Tnw-b1eD}>-b6OtM*2HidVf8*HADm^tb48^>YM5x zn{8xmzw5Fcez?!t6&==p+t7xr?`WxCcnfCpamVZmZws_R zjNCGB`!UTE`JR0hDN-zOTl``4!ljZ;w(P7y$PL&~!x?gKp!#^Jvm@QMJe;O6NSoLu z$QtcoY5NsI*?^;?<1%w2Yd~||U*5{tI{Ms4uj%{b zn!MOBF@=Xtxh}YLjRQRA)rkr$A%NlC?$Pco4Mi-o*B^%Fp`?S$MS}LZK^j^duf~&o z09+M1G~oDic&+Z@i8ZTEGl5Xy z?fm2P#P@JrsQV3a24K(2UT0#`rxpR>D!QU`C@jb9IxzD3Q>VfT;{AGLjC`FLaRYIu7B znP{`P9)ZFy+gB&`FAV_Jt)=r5+grNV7OXr+wn@s#w24jA_g*z%v%02ET*$y@CebjN29daP)N3aWf*nWEgSz=uyY?j9CZ9=2AJ=>=`K@lA zw3u?6c-D?>Td=!^1MP)oN*2PGpQ{^Cu(-kOr8m(h=9exzVf<_1C!!yyx-Ek%S#7pS z0u~Jl*CN}EQ0d}z9lFm8)-FfJhz>nxW!%&W(;Ei;)hccnRmBSLOI>EsuZqkcmdkOX z+l^1}7jmMtuD%pjHfVU-VM0L^E(?5~T|}x>K+5G?y8T<*g?Hd{Wu}vANCW@LUY4u< z%rSiO918zMz#@A4dxADoMr6CZGFR?ApJWrAQ##oy4NeWWo9g=mr^d(Yr=j87j7~Uf z`+M!0X(D#7YByGX2XmqY3afOstoHSHql3(x+^2UUiF@Xd%7&>UqKNj(dG3y}er))~=3}+x=Ebknv`()=U>=~lT(+jYqVr?TJ!O2DtucOe z7z&|;f-uihC8v8!^wY36?bFm=y>1N@(hFNg_In?q+##f<1r(@9r>CcokJ(@l!NL@$ z5DgPR@9|AsSXcq>+*_`3I-0ncy7adqo&T~+9I0rW|5USma+31va+%e%#Y=PY?Zdg? zBg-HYQcoy0hmn4b!(?yy7t5cmY_a-l&9C;`R*J=pf4Wmheu<61U3J@C@@vdaNDTGv zutt&`sW?hSX9=a1VWyae%kDgO#{m!eqsRWV=3o54gNv){UqCCIVvNuD>y<`L?_q4( zCfVfY4lN}P62EYzw~>cS(>428AQnNwsZ6{1PsWGXf^+659|$-;r8>BTNa9*w=EeD2 z+UC2qxZ?oIw0w9Sb34YTzf9hu!R&KPkC|ADGF*QhMqNN^10uv6NBUD;NqcUnT*D2rys=u zVTdR~Dq4M?rexK%xmdamdxU@7VPBRRBCB8CiI7`YS zlsV|%M4Y*2b(25Bd^R#^Oe(5xEHy(wCX-(VTm^R->R-O=Q8NBelf79^#1hF- z-c5p0?uc&5)4f_w-g)@AMW0Y$nX(i>SRqYSTk|9=b$6OtZS{?e*Js^sOU|gQSDfG3 zx#+XOD%yO1ovKJerV%<&Jw?UKCj@zPn;i#Q1oOZC_TJXCw31Meq$ad$NQLuwYtOv;$C$JY!a z)b03zZ9n}CTdbSUboD_L+a8I(%<}-AAw4O8B*EQHh5*`tGM6W-k){z=8w0vgI(dBg znlcjU?T56Zko^u+z&P85}_^)DgJ zJEd(D5YSKwrbnoYNJ$IRNN?F_A=`x%6?*1H|ud&h4M;FMVq@4-x$<&9^c)^?{_D+&yz6^30vKK zb+&M??pRsGt9m9oyuD8aEY^OztXHWxtZhdr>CkYb9&3^;L{Y)hRC^ShVxs@>l!sR< zLg2C&AbYl~V;goUM>Tj~wcxiWAFmMd33sKBIULj@OlR^#CjHj<(ALam0ArmW@kp5GbW8fi;Y!odnMl;Zr}&NK%hfi46uWE0+|nM+VrQE5=}g%FOV zzdhV<4^c+o?pY(jVJxP?i3LR3<;hP@_|QGl1!M*?hnD4VE$8&jf9a&3d!NY_DtW}) zFUik?bcTubLOKPo^fmarZh{))WJRblB;c{@@go1Y?V8OtP4#HIUFAuktNv z_&il|ZnRQY{an&2Pv6mueSO=2;g#P&bAprct)5HxE=~Zqjc>qd5(;~12$DN@Ls(~* zfho**G_rzl4{e3y0j0_>2h(xhXJ&E=rk{d$6R?n(094|i1?{egmt2((zI72bM2+wD zi)G%=mPd|oInYW?joLpaTV5*;@uCQVJG%=F#o_=2!a~vQ)A-E8(D=W0wqSaxfVt@X zKysr?3E=~_aqP23Odqm6`Z!HIC_YYy@tK>2q@IB9hfC_WMws%5;*T@`lgw zgUdgK1uNx7UCYEz5Dqz*5%mui4qz+g!tKlu@Py#6Xb*2Y2a`ZGcm2M_ED7obn-^v1 z#tI8_Zb(M!G^FH0GJ?ZNTg|v16W`l92r8)Gyq5irm7i7J+=JP)8+fR4r>*vq89&Wk z!U82?n~KD#SR;mGtI2*UI`BI~CX<6b6)mQ+bbc0I>&#WOXfb|H<+A~2BY4)fdiaO+ zcg~bVxn!B<;>&CK4i}|!8{~Hmwhna9?i?zvXOY>RhJsc(-2%L2{x`- z%nJcYp|MSkk2X|kUCXl%7hG*KuUDDZ^Zf@2Z5OyM%g_>qF!vdjNoLE^L7%fwupVi9` zBdQ!^ZXudEx%*;XYiX_#k^2X3fR0@Ci{f3*a!X;xk{~i37))8kq?o`jd!yZG;{4Xm zgJ3Ax(cQ>*6}2~LN!4LyuDj=NZa zKZhyf5RcieIC14^;*b%{ljwUK$s`ON~&-Ixmkmrj4MQ1pL4#7i@O z$I?$#g^iz0{W^T!z>7u4@?wJ4MMY>gRP(^x{x)SNc5yd3u0D};y)ii1tS<2~GVw$r z5X2gCLjRgMnWclXcy4S@NtSRXxO@l;d=4iM8t&>c2#y_rvnfgeRAH9T4UF+6RK$$i zU#qJRyQZ=*a7eaQQHiD$w|Xw9Ah;xdL^~gN@fd34tRW1iP5bLWR-mS#Ta0;r1=Ai% zuoUMwKgeGfjGnMfB-c+u@V=QrH%8|o5EY97{4@1YfmdYFFN5O&k4V=`2<+qgYck88 ziCM8A%gXK?A@C1HjKg_ifo;b8TGZ*o$qNqdUsq0p?Vu)ZSH(N-jHkAyTH58Vt#xu} zn$32*J;7PRUoSP>`rSUz9`QZv=4Z*0y>5sHv}e8%Hiqh@$I27=5K)Negsar0$RU58 zuBE!7hk3k8bw@zczmDUC-pdHX!**|b;_$ozVaEiMM5X$U2wrRmjv!*L`1gdsU^!e= zlE6ri6vl)nL!@ph?p>}c4$ltl2hRZRlFhi)QDYI-veM4;ro|<5P&H8y1x3#g-@rHQ zptLV=Y(p@aFhR>6m4N^ifU1&Wk^Fl?a1rq_#+g5?L-vSyMS#UamL>;)-$S5%p{A+YCi3ddweD*^Gj~UePa%8V4}4se?9lb8OE#)(^;5-f_G2OpI7OKq(;f4i z24u-#+-LdJ2}cMP6_^`lmj!9Z zHM^+#RD47`kr__skMgHh6$?749emx4aA~02A)icN1K(sajt#E6e3u#p56MKQ^#b$pWdh&&g^BVe=Z31= z!llHB;CAW|^BeH&1-;*}As46wnpT_j^E;O&@FT&eaT?$ESn#)^&|6Ar7%a9(#Z`?( z_xlndNg<)s=X``xnirYTUwRVDFl=>~23QFjld{+6{24$sS82H^L#Gq64JFRCE(HrR zW0R8kMe){U8y~tt)~F+XOfv@OLv?HTp!oB0VL*6#N3(%$`YqWc`}FS+Hx?-u1swO{ zDTo_-?C6J14Ey;~9vohJfBWKY?Ta|gQw@v@F>7Rz9ktf>4mk*dk< zu;gYwZbj`Pr^MjPmg%XTmn1z4y3{q(_$&u&y^A=oR_puuXUK@5*}j51L&+A*&KMe~ zxd%kZu*5#J5RM~gguD1L+%5X8Vte#-XP)vV&UJzCkkkWuwadGrI6v z*bQ<0wP8D@RarOnqeGDOs2b*a_EfT?vWnXWoq;QWlxs2t#}L<7|54esxZ-5BzH(ie zuQ?FS3la)angJ#+4CNTHsqXX-gy1&j187hOUR|}0^%Squ3MQB<`?e?k7$YX!g?uF#!vEM#{08R`y(5wDDD%7SpI;*#H*_Xdyn#m zZu|C@vys8qVv`X9z=HE;I>ChDa&EINSK@b|<2O2ZGJBoQtME{S$jMR*W2WQlLD~)1 zM>xuU&OWhpwLI%y$u0ON)`^PlDZ(AIUh3erN{TcXXG<=L0fPVluf`DGTCzk0D#XJp za?ZMBH&%#<@@#L1w7QKfgIq6a*#HH^jcB#G)`odxJymEXfu;scZW2{7ldQ^4u~}Sy zs)qt8eXKvu|NhS$)+GhNj;Irs-A}tN&M7qEm>-8ATlP(n+wOTE>i;4TAj`-pziyF= zW3gS-ADj5SOp6D|rR3EJ$64#g`T|@@=`y8*13p^|Q^P>|rhQ!ri$LY+>qRo;QM0fL zmfyBU;OT@(HNDz!c*h{T?X3-DaA4_!t69FRKHYi|QnaVFkl)j}X}Ht{I-QeB{Y(xD z2@~NVL#;9Wo^xLJ#;~sfj8+AR)rG_W~x=5ExvG#ONr$wLA_S7FQnoGZP z!n?$z?$EGzbBkJVg@t&re~>rSeINNHjYh~*)8_{5_dG7$7s=F66N#D6S+^;Hh~=yg zGBKWy8nG1WdOBAl`5+|sQ`DZP9Y5J=Kl6|a^A~=*Z8YYDu)MR4C5)|XuR4bJ!gEOF zJW=<@?&2t4uK%(emdO7a!n4O2p)NE3PTw;eUprzpBxilo(jbIc2xxN>rj!=Y^NQ+V z-Z<1((z%vw*7LBb+?ypeQVpiR4`c$%nZdr(@d=Vk*R9BHd%p-@2}xQE3#v4N0wN{f zdUh1Uis)y2HH7atO?dML49CyC@RLWS)Js4~F$EdY>O$I76Ysy9OUUI}h+$b==FEu5 zjG`{Tgon*z*>_bsw4snOQP46+n$goGAlk*E5{$o1u(a== zktRB~j~e-dPj6z%n<5J>q-JdGn6KlY6jgd9vhL)j`E%*4rfLd>O4t{B4)q&uWDMUn&Wla!=C@I=D zTGEd<_mQO%l?KM=*}CcOpE$d6cxZfG`l<$4Pas2YaApF2xVQ!m$>0Um?lP8NaP0c6 zdLPEEH2-7`zV}PYm`f1EGeKp&!K@DM0VV=oOxS*_*gO&!;OCP2q?%>LVl{(Mc6+zt zzh9J5(&Gr_V_Ynr<&l!rO~YX+Yi8QPJ5V6+!$a6SnOJ5)ed?zw2D> zkr=ePL*#dw&{;l290XYS9$0p3=;l(Tvr|sTHhWtXy$-qhffKVUI#Xu;^_sK``b*>V zAw>HOHH&6MaXbeRr-SW4>>F3Aj;BZiiO+?R8%QaS3bzF+*E_sa7U1h`*W2Z4P^%Fl z(nUwsnb~*QSZULiud3s@5vZ(rTiYg75e;rqLo&2gQhvdMr0wdsiX;I=qnSBs6kBMb zveQK4&=F(IDisI;X$3znjnzJ)XZD%;(#4wRTUgRLU1Db@z@Jk`T8RtKVH@5D&9-jT zolETWs(P$BS_$Ocye|G!ish& ziP9jcQJ`R?Wbst@A~2WcBZzKOMb;+m7oYT9Va78YF{@{zZzGSdBi`NfJt0W&)9RL^ zsacR*nd@>F_k2`J-cr~t7bP=>5N1swnj`T&CEtL)VUFrrt%c?{dfW2_2?Lhrz3LhdJd~uzd`Y_UPb;pFH_yidgku_s%n_Dkg zFm2fm5CRwS#`B*|yyZNj&j+q%`0mVJ5}wUYEd9C>{(Vgduy?mbWw~hLw{WTvkODPh zp+Z*Z-hgo~9zsa?LM|QUW8fjhcM%8NPr>cb?Hf9xf&n-hDYr4Iw|OYOVO~YpMrsB& zZ-`F1yT)_YpT9gVs01|&7@1Ax=tkiod+}24-DK{gk1;a^dWS)Bm-(cOhucF4+$kDF z#tv(%xT+AUHKpw8GfP5Mnezmw*C!CXRb~=?Cc(6o@s&vpLa+hyOm!2yLlC|j9(S^nf z4$s?PQ!35W zEKEUjrM*tTXpXa58F^+~X0#ov*h$}(D65x~^~&u1s)&`A{;S>AfzN&Y{DGx$U51(A zf@BHu5Y(iGQ2({d;?v?$EgX*1OX|d$PR(&ayMlUzd6$d}26tBc5}(mPfc$2}a$X~^ zQM3+;a^a1{UPyz~62^yvjrQi{=qFc|G6;5>OgfBt)}D9 zqQ)n9w_y{4EDT)#Rwigsr%|T@*Y19x>RpZ9F2UA4bDGcnUfby`SRQ&4$R_kmO{n2HZLIiOH!pm8vzsW$)4!}OHLUzrrKR&)g^uPO z(U|T}dh1}6*Grp`(VCb1Ahz!e(}XzSwmB+EJqzyEwJhBcwl1Z}gRd{$-m{O*-FF4P ze`GkESKz^7HG`iCqA%AJy4D&B@ei$Yb9zzV^xN zCq7~IH$FFXGvsWnYQUB4P&>WN-XDI>Kr2Ms^H3d9NtpIB)Ab_l)vo>w(xh$7_R4&Y zA$UDkhgZ{S>)j5hNJWOgC)0WEch**K^N0I957%rsw@Y+E^p0$dPrJLvBkqR%WjC?( znZL$&L3O`9lDHPE0ihfh3yVEl2K}8xsC(V9Q&BRA$0SO_X)9$QDdCyTAg>9HZ`+EHAi-sMk>6E$+ zx;g(1a#d62;3KLgIfVLGs7Xn=?jGTr{WDh1OLPgSV zym+@CcC;XFAQW(H?>Ru&W|gt@ZQ{I-`UH9 ztg|)Gh3D~ptpmKW<&1KdZnH|Rj}`^%=C!e6&JZ`qK=zw;9?-E*{yNI=y$pkm)tlf- zj|ZpyW;&Nlm*(&yag!XyR@TSv#K;k4k^SAF>CLjyjI&KW~eA@JIvd5aE@ z8Y2k4dvix`?r3j$vW;%{N#1o=@Din|R!V1lZmWCz5oEW^ieTzMIX#&sruuV)&9T|x z@V#2gyr+l0mLze*3>4TPWLmI6^2O&D+;yx&G`_Q!&tXPEAsPRH%X*ZD?drTj?NH!AI7iuYrVQn#C36p zJ=2M+S>Mzw_+H1^7=U9-UTVT;xS8}q?1ZnioR?5=obtljJ?-tAbU<(m7CeRL5};if z0x%qnftsG{TQEbCllxJF1)6-#_@5{>3}QUDIjo$r4^N&jjlQnVS&yDafuMq)vkm}m z#4FG=L|#l(d-##@cJS*a7t?+5cNh`}9EwQ7z%o4?JErfrY6M_uIL+s?XAF@5Pk8Ib z2|pko6n0jAIG%svokIUrtVWWEp(qT-&;}j6OIyKbr94-_n4tD%XuKUz)xeJ@9iF;W zrj#VB`VDDFeljHVr^|`~GyhRT?iJFyZau0M=ZFfet;!OXsEm8rPS;YaqJ zhi{H92{xAX+f+RF-*)1!FXaL8BOC3ujwwJWTfoDok37fgb#=|lW=>lZ74<|mFbdpI zP_4!O=MabnLXg#mKj_8{+GfEwz^12Nsolmyvko;)nXoo!w4QAFGLe#Ls#2BQtr_~2 z5pfHG>rDOaj2Ic6xm25)S~?1jJCb@Jm4Nd{lIUTjLc;XHO8DdK-1C}i654cG2{}?`B#1`Kaf9uzA5NZc*&aqF-^&-e@S#G6pu=zQb$fAvu5NYr z7teiwwVk8Bsd4pzjHrpnsYcmGGL?^diS;$^$u>;jA6TT;pbXF8=6tguOv5a*{7|Br zbrw;9h1VQ6_vyD-gPi%+CcFdH;+LMRGiaXUQw?IOg@h`gvij($UCN`3C{oDOO(o~n zfp^OL)f4`-cSgd%J!n#Mx!gZg%kqQHa96AhiGG+DecFtm7CMkWi}OE1Jh_dM%C{7cxRTcMPH3-sKX{##%I7W_{E3AAe0zg3gqfmbo0 zWq%QhA7W5`%ayXf{)J;=SGM8}t^CC>`a$!o=S`pu{fo7PzMsebpU?iE2HCHC|I>(o zH2(+3zwAZ0^0wC7j}fs`f5ta7lljKduqQG9)4RTaKd{TUOwh#Vg-mD=Ks$=zmgygC zC9_I7|FrA@lm-3pKXyYDp+_qIV`<~l7a}440Khu%UuQtYhBUvanFW8bp~(LNG4)2& z{^BzAMivHM{=sE-eE&F&W+M$n(?M0V%wijf{_1=`#{YjdKpl5B9{_k>y93>>XR$viq8EP!fI&>Zft$8#e}edIdJcW6 z_OSXhs_bo*P{HNkS4j_8f9doazgJckpITmbAvRkeN)rk7wh9c8#RQ^!v`56m>#Y6o zeWOd8Jmk&Tmz73~BNR}srrpQzCqzS+$l;;~1zU+C>#yL;-DkzG#Yc0aWtxRDyHC8g z*ic8l@OrxiT0;?L!8le`eogM`;(x(n{}J^XNdVNc3io;v?e{rpU}_k2soZL~lrzYmA7Pq~GFj1~!?@cl>jitk zaXd+E=*JlX(EG_&wANBABOUS^;`-0a4HIhqxg~D(?Wj87X_dLX-JMszoTz~uGB(PB z1&m5dL+%vVzzM&9Sie*KWz5LjTW~w}c%}MNS?_~Uoz859j0SG*IfjrIM zCTB^LX?KTQRRS;dF6h;8#vgj8Jv*7z&*dRU`DKP4=P#`4OoM4+=oRy9jhixB4C^vh z>j7GfKkW{qzhf+pX`9O-39-9926WXq6{P>NufBI_ptEA;So9bHneCOAATi&A8( zpL#ktp+tI^0ovM@UF;rA`2l9s8ZtUnG-W@@mYelH?)jBx*<2N;S_j{%5-goD+c*?| zk?M9LJ3jU2uK!SoA@3eQCI6vtWIC;*?l*yO#dWlU4jc%N3n?W41YKU&eIHont%-w( z8s)DC>W^GFZ}U8kE8Ks>o3-a@!;4V4Zjt%r*_@k&kIJ;BL?!C!-%x>n7RtIn4W3Yy z%-f5mVqc&iKIm~bUjWExSFa=Bm`4n1&%yo;(?>?^ctP-Tz zQBN`nTc3v=RMk6EZx#sD&b2U_qVnLzNjo|SmdV)aY~Ex;7e$K&`Juc)aWIRp?SsADIOQ-SjO?$J%c%8 zHA4Y_Q%$lZ{JV8Me!Gr$WNkc_nMQ9ELw<|x5h%gD!0-b+M6aiPAX9VDWCrr%qTNSQ za!7Nz^L{5%x7$0{(+F{B%5CTr0Dnp)76E2agYO+wH>r9J-{|xxiYVG0MXP|`hn~I$ zioW0xnq;ESJFyV4inF3tudHvS*0hsQt!xpkcvFuv(mQKKu)4ZenP#o$*qOFYmDOrm!^1xN3 z4zIiA990lRht&&T@0W&l7hoouxdvbU4jRu5(on$p85Q{Bnzugfx@G3(IscbrNW^eD z;44}!0QvGG2Bw)Gv^$T5?gv8GCGqX}P+~9tjhj?04ss|>v;`S(FZHo8Rrfk7m@Fs8 zR7W-9bbb*RCA73=wDh3N4G-;yx!-v~&>jvY_+zI__;PP9l(9&)ZZAqHLZ_~3xV2pU z$>Jd9!!WI5mDwAvD~A|_GtP$U47UM-CKo=Ls2&#&3oI$5l4`jDuLg~jWAoU%n4$a? zQfvhyI&$u_d+%^}y2V7prwxn^hs2e*n)~mcdxvi7J)Ac=&AA;(hqHxv+vn!pz|w4~ zvTg-MB`TthH*i<&Tg2Y@>uX5&L?NEkQT!xw&QE6H(3li4iABb!YSA zy2vYC^IMaXG*m6;CR;{^50AiwBUFv}U_X{tQ~t17uH+Xu#;dKl4;nc(G2%h0mjM7< zj6l)6C@Zn5Qw#|GbMDpg+Uj(yT%-o6``Svz!DnhJ`#t)sSezQyS;?-7Y*stvHIqdR)I}IH%xD3uuchQH_M*qI#cRnh z%#pHb_<^UO8LDJSV?K&CQprk*?b_svT5?$k&NbDvRrDME}l;nQ_FLse>iW zB0MvMVG}$WW$mZ+W!qxj(!@Z2*3Rt2*q_HQ~z9zpNb)b61W7wq$jJtk(S!i)y*IC=yRGaBZ$_s$z zNHx*FZ{yK*0+Xz5`2pxn>=y0cXjm*a4N5$BIdw)g6sn3u=Ra^w+RM;KeID}e(-`H+ zI~4xmIP};F(EW{MH0Db!QKO<31-eCMB!E+=_KDkM23Gk{Qs(7ari^gv29KmncUyPN z;;1F9ToWu&7kcYwTM(+nU|!tD{vJw{?y-*4tI6P*8s%LY6{!_<7dDGlx5j_Qk!5CZ zCK45IlTurg{b)*$9FUw(j%SvbrA=#Yd`lU0lbUow4f zm=8h3n44yZ*;AY*uZmFCT5{Q&u=3v0z@GC615)Z;%cF|H21v=* zIIFOnqh@l&Zn*akj+$3abs1cv9#vdfiVvdL;W!K92|N}$8IB)dD7@mVB+}K4|2Ryv zeVO{xB859`79j3qrJ2nD#@P){@*wWRNYwS{4R%B8sf!05n0_R0XS1zS*b>s9PvJnM zX;@5f&tK1NHT_zc5yCA7LP^2tt(mo2X?TK_XHR94Y#JsQ9B5n$G99xVo4Q>oGh;53 z96fjQXEe^vs&<=Ma^gm2FkRot_i-l`;dhm7VPm$X<{BG(1Q~9!=A+RZl-oF+?;hzU z-ChH}7y6zTxwGcj zMST(Y;A*xz%e2J_yc1{1xYjKA#XvL(KME$+Pk*p>^D4Id_q(gvJrAYN8IX`1V+} zLVUbTt;&JAcOZn8!N7TjketmowCk&Pv5#lqgnekrCH)ZPx8>s&29xR~GeY_*7)XRx zv4_nHwt}Nr>1SAQY+B!4GjWZqpQPyQWV|A^KR^S2i-ZsESN3|p?YTEcMmwpz_wB{A z4pYGJ9aj*O>blJOs$nd^Crd`RD}``Vb-Do<)NNZh{j#z6YhfZ>2*_~Z;*#V2E26I0 z_Dvu!cqxvKE=vGX=|?}J570fiS))8j%;?#!nt<1t=eSME(w=^GvQTw|yFGsO^ET#Q zSQfc_8m<$MhFbB$zyj!IzerL=n8Vmk%ajc6skG7aAtj8in4&m7EXhN1ExoW_9K5mn zdJ1Jj))`#AdcVu-wRo0uv}^7;FWC0^QZ3!4$a_lo14dXM`Nr!$-j%=-DU~FL-5|DYd13MLJh1DcF$Ma71!jJcGoS^PcwGEdF zi++{U$S&W5Pp9#X1r#7zT(U@k zQ&tRfEwxhaPB>-0RMuLn=;INhWl-`@L~+aMO{lPxROsdrcl_=ZDUGF*2m{3)98=LH zZ_C%Q*m$-a-89H4Y_W<^&Yd_+2qqZEzG36AOvhu^XD~$7CK@ncI2eTy_g*XS4vj*q z>}^gOJ5se2-8&vt_3SJ&12j(R!I~&xi-~OFaFC)H7ly6AKc+4Vg8WArw+rqO6Ofc> z*L3r#NANe+wgduQQSS|EC?T@WgT+}~%_Qvm;HhN%k1sPPc{WfmS$^fXikFhhJ0Wr8 ze(NpeZ@P#+RMmh_WJ`z3`VCg+Y3DD0kHO%cfsi4SYT8KkV$vjBbt!KPuQZr)A0ey7 zP{e#xgNpOU?}HZRjrFLIkv~H);pWN|59uJ8+LdSJmcRQ+$_qJSl3b|kdWJVi3C@uEIEBCJ1n-`yKN zj;EdLo^SfJ_fqO?dEx?5gXhgcRr3daHB2AoQmU%(?S78lTG4F3^XHkTjj}*5x3#)uQH7Kom0zkBh40>5?=o8F&^FbBJ zM$0?jzaBQm@syUU;IkzJHkg^Nh)-RA%M${UYB~yzsG#j8rEIAxT{mFbef&x}xAD?u za{y(7wHb4rw>314!&d$oY3_0!o4NmuCN~ZC5##Qpa;<1LTypue+hP0axR}<2ZTP7! zC!^D~DoM-85|gSQR?|`ew#T?27FNFTmVaAqQ49=(sW5$_3hCOxBvz7WoA z%=#aW>{N6vh?Zb4fSnec@@)pjE!XSRs~l8&M?z=|{CTgkK3aVEC`C`UbXN}#Uj$3F zIWu|UJmKNp-}_ZXQ$U8!RDho~xj6GZUUrrjZ@gj-ajcsh0QelscaVortt_hE&LJo( zOwduN#|U}|@aGxY(py_k+5|^$m9FV#)`;_Cu80MSz?FxVC|F+pL8_7kPfVHEF4OsPKfymH)&kcD!xOiMVxthV!Ah8y<5 z{8REP4q+MHqn7RuzG+ABw<9Wg#FWe8Glhq*ip1-CXaO-B7KZVkMfHm*60#YUI zm0mrC$}U#(p1S^etGA97(2U3nLzni+ngK@`y0lokx9YnH0=@4E6|c$TzMrK&z(p;x zx1nd@v8(G3j-eJ0$fK1k5@c)51OPq-SnTxPn}l^W2u-4ZcZ(qzJL-M%)THu0RJzuD z)~a@{8C(%sNvm>OV`d>DJCnw(YfxIHLq8rmDaVHAJqP~Ep+1X%G|SfHrp+q%lq|9N zSVx3lLZ5j^`rAN2z_O@X1zA30UIHv6^+@*f)?|oh3ywYF$M!ZDzy1R6nTQy(b-0JY zEg}**)kU&s;ED-=w1in&>fT9hk~)llG~~V`^(CFkS@GL<@+sJIOhfd^af5z^e4pA! zU+7A1PEEo#N5MDFyJ~6;T8u|w4pqm8rAR4{N1|{-M1-0#wGJkjoIXs?E*5qW@N$(N z_zLs$zOjFi^{r{bb~7($-Aez|H0)8wW^(RkVsLasr_SfcDt?3s)~1W> z(O$?oJ?O-w%ag~YgTd=n3S+K&9eO}k%X#eT2#+brCp=c*p9y2p^#7=O%dob#Xl)yJ z*WyyF#oeJ$+}+*XT|$8ZrFbds?(XhT+}+)Z2WcSiW$%4@&ik!jxw6(p=46bq*38T^ z?uW~<%0##P*5+T_rG~B_CJ^={sYeJ0DnTw14u8&0@OLgslcOCKJL@%9s<{91oz$8} zGm&;EAY}yumkw`oZ)%eZRR-D)n9;*zLDhl zt|A?2Ae2W~y<$@>9q$%`Df$PiXpU9nDo_ILhPxyJNJnbsm(~6N53*dyVY6;`{_U|# zGV@_x#7;`4@k#|k*UHU_7{idv9%SeBuiI0yJ2=S;^_$lWq)y^;zGY&~$A=_CzK^wp zr_am%cVhcV^&H}DvxcP@v}Pbq(i|a_!5q-^qDo=|}2cL) z!P6vhcJsSPD+j7GX}-Y(A_)HaLn>r9Jx~ak(Sqnrca`}eXV{8>U$<`N>J1Id^UF=N zW&2e1EP-zdWts{Vd+!$&JK{Q`#u{LUE@Fl%MLy^xY ze7Ym$h?1fcOiFA^8$UCx?2UHv_35XOzBY5HX(XP4xUL=kfzTuZISPpp$~ zg8?@Xi?acdGbtIUZkp#I^0Dav4J`pN+dV9=(a|ojmR2Z0Y92rENBuxEmwuhu;bkNw zJnC&_+TG`PWy*%z!?DxPX$N*nf#c-8kiz4zTjOUvDLGK%cH0*x2#0we;Db~PhkOb^aK z^sX9O`HnYt6*){qr%NQUWZF7*QJ8b8?QgL{XMuL3cENVkQdncj7Cpk|GsdU=Q%%L7FO~%>S6BbIh&dczXaig2=~fD2R^#3%nxO9GaAZt4r`}|4VZ~$NtX860 zkIHK>&zv*mgUzHMSqhywAI^9twZqTy50*~>yUjARPUQ`&ku<(?d?Vuwrzuu~2>)<2 zrCA-JqS3w}R~N+teoT}W{Q$U^2^~S&8uLv4=iknX%wIsaO2b(9S?#_FE&S#k!qpsW zRQ7HCpX3ZjF4LkyihZ}@HFAZq`I~fnQu)n=sNaR#zKs(uX4&+_YEf{f-h{WnRR^6B z{VV@SBA~~S{8YU~a!$qc6nxdu{7owkY~s}LBbbk%zjEjk+gtU@mcBX+xO(MbF)wv7 z$IF5m^JepF0zgk06+_`_&}W6!7ao!huA0QB-b^^Y4g#YRt?D^+ zw|w|@!tz-_&T{gBu53j`FT&tYoxD2us)W=kdPScLfo1m$LOr)_{YPa#R<*2Q>U11G zo?6eU9j>*00wsMuJB3B6jg#$>g`4s93FuXguSMMQueHx@4F!%bFs#Uezz}c~gjhBG z8PpcgEJ913HM_0inhS8@jS<3H!A-d1huIiOU0)x(jMD3&ZP(N59oSdpOxyHN#ccF?_Y{s2%QwO1(6f;V!12=O2Hdd-sWo9YavU)sAH%B7wT z7o?q-W+loi+Bth?!DI}I=Ns5Kd)XT$r2H5q{ht*eN zW9{!;IulH>qF1xm`LIWRpy`{vRN``;Sd*78W31NBjf)#U1-J%C`2b<%<&64ATpP<@Vd2j6*If_w>q z(TB=Z(q&!wgb3@~BXS1yMv1Ns)#32wdiVt$Z%ERHNj8&~dNCr; z#UXe$ZkqIq1jnB(KAo$F`fk{)vQJR_loAmpu7bBGoH83qWDlSkG(Nww%`9~qU;ndt z!IoV{$sr9YT8$M0fsNK@<<~=%3&18rdyxurtktTiqWmZ?KnZfT8i-_BOQcX$S_TyO z?xdO{30R>%&!%Mc!D1;P3%W+aI;p*;s;;WA{pN%YM7(M;gnnt8yH3ma2zL+|LQ*?| zZ|VHfTZI;GQ95FEF%UcBn%9xP&}_uJPyK43!u~DX(po~yw#!SFM6$Q_xSOZod#$?^ zzCb9TGc72T;-_Y$^^CM?Rn3v(^_ueN?eZ))FQ(zQaagx%5^z^ns7R^1z*W+llBg=G zNegkPFTFsU>fV4hawK1_1@%{&BTRB9;XSg*S(3?TiX16*aaqx>64Q}I-4;i$e9{M1 zPkntE(fyCBJ>h>y|LjbBpGGJCt^yy^6|)|*5o@gUB)y3|3etttL!zMsuL*~6C>o2R zoIa>;x8*pV{#M4e)(LxH%O-&6{;nws0@w7(sb$D72T-QhD;(|~0}B#hi2=gV*;t7R z5)W(o;8*OZ#Y;-C0<&guj69?v^MoHJZ=)+y7BqW0NJt7FInek>E_91<*6S2nX|SvW zvb4whO#^<7{I}MXB|wWhR$C#zE=PEvG>5c4sOapCr`s&zYk5J~no5IBS;Eb5`NYU{ zr^nwUf>{wg^juj7H6EWnhEc>UN#0RC2Mq^(Gb&?zyssI8ht1rzOaaQ*kwI{5|2+DR zzI|kRv!nt`#0b0;vV{TH)kjoVBMP?>Lv}x^%ZRRkLBg&aO{AD+cLvG|ztN4yr{<%j zd1ssW4k%`P9T+zGs79C)B7R=657g*UH=SRzK*~B_FSAaVei?uxYkuURueoZaA9F4# zqi!{+Vl{KFa=&KvXL|^dpgNUs5`h*`bLfg$78J}!`K^N)L{%uy{*9g1uTgh^hGzzx{`Z7SHpoR4}g_@ZS0rqQIDa%N zU7=zeB3?c?9&k^odPIP(Y!RX&Qrah!;S>Ifi4WR640)TOk{E~cW5k%s?ce3-MK+R> z>7i&Lv;7j3cwtj?C|8MMEh(~nVIPfAqso$Nf7bxjjO4bS+ys>1f$~$rB`!`Cr9PiA zEb>_<-`*>V|3X5q6gwgR^`#5@Dt=lL-#Fv3Q+?h?0e7==22=QnjpCLGHS|{uum9VF z?NhE`kwf~n;sQ8iR;og-o@!X~rOkvM{9|}Ro8T;y2w}qrVsgkcy*C4+9XXucBc`)@ zyK3}$%Gh`ZfOIJA7;+fQ&Il&~GidCf$z&tT&FNtALQaujE;J5xML> zaV5h|SEOT9>M2>YB1f2CC`c7w?y)@o;{$^INoOx@%obHUJltLvb>25QR~DTZ_k$-u559=8V5H z?`cZYKTDp0i!KPOPz3*!Q1SGbOS5pD%y5upqO6iNsz;|}z-vZx>!oGwVS~8nRYqU3 zQTcgn%`|{$V-)LmsAq0C4&E98?b_ZRjJ0>#$lH)tBLo$;EoxY39g59O9LLi!9KmT^ z!-%mpkBPXcSxof(u7JLxyIH56B+e?oDu(Mc1Wli;!pqPpj^F`Z(U?%I$Hw`aD|Qge z%W~_9(|DD~^7b5m*sDQ-KA~vdgh&15RlpZb9+JfBk1dM;bw6S!@#n$0$lndZr39uhZ-MBl8 zTr)PS64&Yc;Oqu_+g614n@Hg4o<;TIYN|dH?%pZN>4;Ni-aku6j=AYHF(jW6agdnz z?|lZWtg^?g(0Ih`1WT-+%!S5BQhh9Qm@SXg@xW&b$juBwo5cENEYaxk%cxQRJoPk# z{OcLHErbJEm&=%+EW`mP;w<}X{p4~9S2x+?RQ=8-yGZCld}ljJk##q#MF6+<`=Z=j z+&155`Nf%G%R&lwI!j8I2t612B`HNXxFi?2r@?oJNkQX40<=^0{gY7X;#|$&Jjk{*1+!a0 z6`ar&I#o2_rx?yA4Npe{B~T1iAKA-$S1>bFhm(UL0iUibul-3xRn;a^^qY zWB?AFMtlvjZPeHb3DV$5Sot?l$+US_?9?ZMh2!18Vqh7-L!8)Py-^JKf=y)WNoRsz zaoa`fi_ea`vmw(Cp5rwfIu$2}1U5Qyq?=BTQP8-l>;Bj&&K zP)l2=f0pO}0511RTt-8E?Mj8de+qCY{a$MR$Jnw?F}WAe*!1DbvTl(A>L!M>QKQ9f zpV})r#Q3y}DF!Bsb4IpDG#*0aJWVNrj{Yx7uVzVzx?HH(p%Yq>0P$bQ3|euiXm;c_CVIS|1+&JGZ5hWr zJVi10bPP2k&dTq!=zI7}h`VPe)}H6i8t_NRbG|2b}()8T_Q|1qf^SN{t~)Hu;5 z_$hG)*Raiv6rmSN>`N{%Y>b{aF8FXtMv`t3(v=_kZMlzJIZarhieK z?2uCcod4fP{oe-^iuc@J=WSoTg|gpt{HJ_mT+KN}G^c6#i=X6BzET|HYyp5TYTm@F z!T0MmEmmW)PJaoK7O&KC{<3X8kJI|`?m=73$%+1L%>T(cu@Za>jj3cm-UZ>k!M16= zn0No6`SZW$P{2+Yko~0}7Jhc+Fl{{C+*$h*%Kri@B`mYI)`4un?AL75e@CH~w;dA{ ziB2i~_leJwg1xnEA0D{H1#idUpRRs0aNn zFHKP-4bXh>?=1gGr1-q;0a_^TWQsmRtkRW{vQjZ?=aUa-BN^k&3sEty)v4Wp7x~WFkIt^Swo#EDHo7Xc^X)}Z z&*rjhueH@vCa3C0eW$Mgjt3E-gXCJ!mT||dUO?l9uFv*r%U0L^v}D}gWy;iA65?c- z9^W1JU4%iG$00-aJyvXe_O>=vr=l}AVgGdslUG1TmAY|YN);yBO?cGfdmSTx^b)DmNDj> zy9>AcQBXv3%@~8C!(P8^@#1I_Jihf{#e3wh?YMP*+?*X=`;Py+mU_;ko+2}MklFe< zk9$wsz26aLTh%qFyrG%GE^YcM@obFsw5t09Fp6wD5etLk?U%qHi4k&MGxu`mFHMMa z&t#Ajb{djn3HvZp`u|cqoy&xmc8TgV5Q}Ie5Jn;X1c@cL0 z59Y~WeF>}Gvs**u;LUoK4PklCPN7Xj04(!zX5xhKubaes!VsxQ@uISb;zoaiqJrDv zI?g+egDBEj2&N~`Kejvw3jAi8sLrmk=K<#4)yTQ>Z#Z8i;}N2SrOmG{IVHVXac&B) z{c13Fx8p8T@%zG;CxNO8W! zM0pIGboObw?Du$EO;#pYNxAVoZv|2bq}9me>-;#bBX1C?($%}vs!)ZGnQiL0LliPz zFQ4XJZaZnzLge9ns!N-8B^J0e^>f+BLDw5K7|iGR{<3b|e_eyvEvn=Gc`JSTuu7A= z(trJs+i5-QN-M5OghD3=v$z~SJ+{;{!o3WS`1FzWGl*zzdZ!~EfXd_nmnYXY{r#@7 zEvn^NSSCY9zHqy3S~+?*{@CeLL2I2Rv4lzr^7~bG4gIq^M@e$3{Y&tqbsD-c!ljSsM)v6o6PODWp$6DtVOn4y z47Zus4ldMpV&C%Ra-KO?4FzMUwJMsVXdNC@V5k^_u*juhI-*lNZR@ zxYzxKJjpuuY0S*^I2BZ!$*2+0%C|GNRTvHcs3mWz4Psb=08RO$VFjbOw~lGj0eq#6 zK>Vz4?&ZJ4dcn!Pj;DgBeHn=~wbmHL#s8ZQR{k|qU^IyFz-IV+1E_C4x(g!CLpNA1 z0Q*BbKb9r6o}}_ReUeVR@(;8M(emOhy;Ct^nyG`f5vT;=NECznzhd8~xDWy`MesTm zy@95#B+%(SUP5LO1kcj}9aq((Cq<`f!!bU+JvN+~59 z)fz=JxTQR!y=^7e{Cq|k?-Vs_l?KoR61_bnMt6J#3KsExTqL(Ent0|#E?bQum^0+^ z=##!Ox16>&y!Llv9PZV`Cvh$h>y;3#XphRaq~BjKhXnTYYa-xQMxHcP;2U{c#IujX ztqIG+*NNE|xH+~lZOb&F%>JiFUn8wG0r^xe7WgslT&pIUazpodRr7vekGnTen`~ z<~9dM++85@e&MQ3U-<3#DWBpUrr}n}77J3HOoKu2!53A>y5Dsh81~|E>BlkNM>aLK zoi6t4qWt%6&-TrP!T7?H>)OkLmvK~dw##Fz3$mg!1Ev!Fhv&8D@xQFFqd0BRjH$)t zv}Rd8v885JXnOxzu(2VpeQ)Z`7vTDZGBON{rhK_dc+(cfMQ+n&v$`p*k^vD1M^zAT zQ_^p4a_ya)Hl}0M*MDz(arAwaP3G%)whevFAE#wxHv#47Ff|8e?u^>~Cdn`_;Q+_? z!KLrU3Es_}8zV}Qnk}VEfkxM8_oKG}oubZ4t4(^+^_m>8j&;_A?DR^y^x*KP%|{vs z-Q=zWq`|Miidm=NL(CN2M`P;!L(%J?haW|L^?gk;J-I*ahQdk1nMNFun>y z(<5~DFV>(ZP8E_Spym!jdVBH!(VMVo zkH}6N@=ARQUjiuVa|LV$$hqBv(=3HJ9EQ$OLh%c!=hzr1S0Y1MdO!<1xIr=q&C ztwCrnE>k}UbzUSkwU3hz%|78F_3b2hv;UMPM{g-{mZEX{A_&ZyeoV~QSj?82EBLlU z3teiyS^fH~C#XUxagi7`86|}Fs%=xuk*rI2KGJo=?d|PXd!Kma^8&ZdBKm~0u;g&@ z`bwT0i+wYFlg+%TgW=P@b2`FoSfRZgD*hd)-Xt$hh<_mjm(8%)%#@^HuKZIjpf;u1 z4B|j~L)L`xKvo6ebCwk(#semOA`&uO-@INvz;U&>?#%tvUatOyuB|5~y!73em=-@O z`9{j5Pt)!42R)RPCFsL@vYuseGKp(6_U@1I#{$csPXBem7H`V!UU%;%U1dtxl*Vg{%U%HZ%4W-Xof9wFe0 zuVn(CsRH(Y6lvJdx=WtC&u;6i6pL<2#F0RfS9&V&Qb@q5$Fd|PxZi$voyDYr&WXnFSa-qT+^Q2jq$MGve}IN~0xvq` z=qr%K63NuS%NYMlmBCL*{#G#}hVjB}dO{M&LL@FY15)&5Vf)TuNE&JiBEE9U@Z+e9^)jNO0W~Sx2GU;QH{eam-=gUHjU7seQd0xC#6l#Qc@W&B zx;}J5%v&`v7k*{RSYvpki%fqxf8wMyfT?>U$AZH$q<<_?s0S?Kt7th{mDP! zzxX;y@a%nV!SDH+n!ObYN4D9LZ~XhV5_Yy5UMVe046dA7ANNm+CK}vL_&Wl!(^?wk zOt-J30CSCh;ybk;h+V_n^g0<1BB0?)4yJ!4tkt*|bFj!T$+_%r1*iu=lMH>rzCxH+l9 zspSMG0{M$%Q+aAS|32iqgGc-WUyhSMf&?tcgyGndcxwZa->yh)db8)0p zNiJfp18&f^D~lGT?%ql90O|>g6!e8 zUZ%%mm7IP~f8IMNfs{VCWIC`xom3LM36f?d%1KHRtZLzOf=tge3r}HAU(OeckNaHQ zDV83(z1;pIN?xXKlgWI%7^^Ug^$U)Uq*jY)g4 z=qJaKe1+D9W`!gTJTw=48%uRp&T4TGbJ-ZXQt8R;6d6e61w^F?Lgvb(p_AXFm?MPf zUB0o~(5@%gAmK7|=*<=w29Mm+U+|%0t~Dk(`_prej!gjPrS#xX*C@YxuYZ=B=-VsY zCjUHzk)G*xR{nEz-~%ve(;L6<{rsiB?KX;-=^eaL{$j!!Z&E!y?Huc8i)GiW!7L<~ zDZBfzVO4d+#p3bXL8m!UI32>--rgO?{2?yz{e|@~V)fy84POh}V<)Ng$f6EFfZIN? z|2tZ*%Ap0aXC=mO?U7g@;G4EAJRff$_vZ#?`jS8>VgEHO%%kRsUAE~StAZWie(*|f zup9_|^l=o}P+1x6W67q;%vbzg$D1!g&J;|+3I169{37U~H)Qxayt=vF`K(P19(%Ux zO5*8xsM*m{ZTy7N`sT!rCtW`FYWP_^T6g4?83L5l0ZhpCyV zL}7tre`Sy%fG1>;c#n6(QuvWT!F5*&&bCkUwD@f+W4q^vPftp7uH#hkz4Y*?#nD9O zbSD4t;VH$|uIXtd>4S|k~^ zYL1OWA(63!vJqMu0oEqNfW1Bf2gqonzcR@lGFV2=$0&xXF#+cVp=9kJvSTxz)BS)p4d2V!#=$M?{&Prh$w&>HRnGp)4e4mn*Nlzl|C92;nYd|DTgJ6S7ywIeKs zjWQ-Pm@M#GQo}l>;gc%J%N@{DBq&6;SSFlpkY2`;<^*Y#99VkUqmwkm+@KQip560P zxPoWm6W-`Skz^^c{&%LXG0M&=0aU>C_B{VbUcO0B@1UCt*OO#rTu>7MM#7ObKRO2K z@l38~=1^qJ*bAp){^AM6=B}9U0IhJz%oQ8NRuAF~4fc_H;H~rx)5pL+z`=0%?XE(B zO++Ww^D)yuwem-vF*h{GFt2~->$16}MwJ3`8hbaPz(-(WML*5)kkeYBo5yWMw7Pgc z+nXw?&Nu$kA(}$*6|1yacaQ$UdpB z0#jSZHX314bHtd&Ft4 zWczOD0IlS5wB@Oynwz8LStg2X`;i?_O_nyv{0GMhTej$o2BQ~LO7L*ahm~9(+{fM# zdHbIoB+Qj=cP@r3X_~$%;8t2HjNb|JWbCD!Jh1pi2^X-|d4Wd#tV|Xx4W%n(B`8{B zx`n@Y)fX_roMSK<&L<)IbL-2Z#j)BlyZDYz}LY~a7 zA{XWb!)TR4=H!D6XJ|8iXww>!0aBgp8IE=BhA;)F-fl^t%Gxb z$pjCRv*2Pkw4*ZekEMqs+AW6_xn4yNqJuFS}rV0sbMA3@)L( zaW#pf(9D1Nh6b`s_gP1NYAKhL5I-^-EtuZU7&sP=s#hX1>6yyiPM*r9 zKaTnhmblNK0aze>Q=)AFjD32s9zm3Gw2TQ7$(IkYR-Y!)I~Xh?!vKaq#t6HDkU*ZR zL{+*Cw!0GK%M%kHazoWD%h2M8oyH|jjulFH4MGX$xwnv!>Uc(3^cG;W1fkAj{msT1 zSs^3&@BTXwB_;V^U4mo04l8{AbeTV-RN6;Q_^b#-r5o4RH(qDJ>#rFaQO3(?l?n!W ze0YGX(w+KNrvE#B!BKh{D-*GN-x3Za4C3*w*YhBHY+1S4sy{g4r5e%pcOVK{KZq1s@qZjVP}55%LbZF3a?(rD=o+LH=wZ_Ci-f^*~S5C8RKrQK@t{a*5pc=Mu- zc}zvE=UlUK@@pXr7Gvgk+q)Nh>uj=z9e30L#7`=CA%NmI{2-D)>!>H*nDAkND?(rs z2zIwv1Z8jd8@cyWA%f)5cA&nRcSi_b-_H$(5z#k^!$FAI*CbvxdNKA98mS4jo zx!W_YN85T~fe;&dk0y~~+pXi&3+9RgHZ8+XJsTo8SKI_3 UY)x?Xhs1g?6#w`e z!jfcmrTpZscU39&Z%ajv0vEqHbg}GyOb2i`36wKgz!r8tiA24%aQs z1r#ptbt2k*b0eba+RbMza{j$S$v0q9BbIQMS=XVBlYzlQ&(+qL9IpIZVC@?zNSEhc z@ZT&@O_FYp`%F?2OhFUCJ*iIIzIeQ3FL0H=523RH*b$V}QZ}JTgp=AMAT4fMoqf2z zgAl~5|4z!g^{wJ`Do9qSgP;_qN~H+CyNDq+qjA9qEa%=Rkq#Hf33qp>tw8b4i@C3? z350dT4hIW+@o&eM<%sw2c(uIb+-Ts>mm{UgI~qLk{gPdv-C8T3iG)785Do*#h+*DD zI&u~a0UL(DSX#eD&L}%81mX=wV+&ti+oFGG06tIuQ@qP$5!D@**sskeJyi`Wx2Zu- zJwtZY;yo8y67WA?={bz6;DD&uKz*j4R~}@l3SmOe5GuUOGaRxd5!ZQz1an+tm`nvMN21Mj`Xn|wSFfLmnw({8n0b%Mnx4z#1UdQ z6pJkS$}#~zpGRHK`h2DR18;`G$58VV0bHvtJz%$;sLeq6$0BuGEAo4ol{BlrE~(Fx zx(#Zw^st*WuCD>qPFLx(7eeK_AG^N+@C3U-BUXP$Z`fYH$O#jOHj5m_UG4?d%Czbk zJq3q2r($H&z<+9o$P#-lR91M)n_oUAaiZPFAoa{4D+>HEn%T6P_d#{;w7wjXQp6OKLnQ zczGg6@7E%9RifVY)gE?}SlC{tHb^i_h8b(K+{;?=>Ci5LL;6G4Z`$z4U$pH0e;R9p z11IVDOPP4q``$rrD$QIR1E8w#ElBG3oh@O061^xd9ecldy!IK_bhquhp*ks^`PHPI z*yK@KLR%Be%kN3g^#a5JU9cHiW+6+*SIiy2hBWr8{X2cXiwfgu5ygW9mjS!DlTGyS z9#cV4oiZyK$ifAljOjpDx3JNtzE2S4tDR=wRQ>>=-TL=;qkoQH4~96t-u@0XdPSMS zdZgc7CBa2}z{}P^6~VzR+G%pLIihbELl-q?4x1=K5LzDRbJolfbVo=9nx62AXWM^% zS>QT}=<&Ky&oeG$Z&JnLl%jTxP_|c*$jkX73+bd9@cq=$^l?6s-; zW4~zd5AE1RJcs`bXX90S7*a!^$KV+diBtb8YM#Ej2ZmRK{-2o|j=`K~^~z-VI>z#wS#;2>dj%GS*UlL%dznS{mjTvV2MeT$U>tL zLyn7qtNJe1I_Q=}^VG>jXUod!U_+6wu(vI!NtUHWSiWyFHA-o|Ei@ez{7`LsAK|f+ zeROea+NUr9XyDh5ACCHxdN8|+4Cvr79GxdyiacXVe#EFwxn1LZdk;UcoGTyc)*_;| z8gE7t;05j$os1-&t_`7SJux@ym+;KZDBrUvs~pD1@Bf@SP*5mOFCw{R64TzYNv9Nt7kYI)W!mb$#xH0n z3fWYo8JTVz**P^k&9RK|YwB_~rUGW$MC?n>F%MDG7?TfbO=rucZ=RFG06W>AJBIKt zW1UV)3I*y5S2i)W?S_%S(b)+0Vu%&&0;*y?b-$@8Kt;`CO1=SqdONs1_Y99Sr(eiK zY||c>2!cdP$jTlp3HhcC>uu(cXk5N9_Ewi;W!z3cpO1g3JEO|zTpl~C8q>b4xqNCf8qcq@JE-g88AUf_-EhW zfn<3M^k53TAxRhV*4uWi@vwpMxu<7=?sK2L!CupL4(Xuh+4NzN+I#-~GP!Fp*rvR0 z);3LfW-vs1vKPCi)z!*$=lqVFZ7`1f@fYH%g?c~f3k#63_4sKoKV;z|%3C2yi9&U> zO4(aMujYY_GgnCZ$M)We9DZ~CGgm*!GJB66(5Ww=(?HwS)3?FUgS_?K#cWmeRi9tQ zN2-BYKp#Iv!72zE;M;ygMi$Z(ZB0J(3Pl|7y0ePd88fr>Zu!~Tai4m@4fh>kudq?( zqI1jy;b)JsK=1vHsFATVc#aaeHmgLUOEK|Y$QQ?v`Rvq}K=<;9fRwqTHMJ%=-d(KS z=@0A7B#DP-$UPprK}Y2ZG##~Sz;?E+e@Kz^Rvv|uFkcklt`=*#^t->CwiEr^PU z?%eGBot-clO*5Q-I`;#RBsEEx>F)e0AZ#BE?lSbW+WqER%}37@?<8Az51Np2;xI*w z`IjFQ%gR4skM7*Bp)QELe)U4YOHaHuO0=7iZf4U5+;87ab4D%)J{zf!=vx*GdH&(T zzT12#<7LITAr-zE8|-ZH^NB&TkS-6D8)9d5xn*6|p^y*V@5>k3Y0w_}@;3ML1(s*Q zFGNwPJ;F<`w%)HIUG5u4(kcU?4bver^2x)C+@-a0r&-q*?{ZF`VY`p-+j%P$NLMC9 z0mj@X5jnv4w){`jn;X4>Q}cPo(z(WrucxsT3TiXXuhwCmv$@7b|D|hm>i`KK1IoGF z0lT;h0YgXxop;>+C{$^>@(in%cgR6aM(blNo@*5ElA(L>DLP#u3!yaJuWbt2ZzgQ% z3#Q6}RlPE$dm*oE#luZfPIFH%2TO0pVY)S3`zO7DDj~%#&pq1O!39beuz(ymXrN-z3X}_~@HZ5! zc3yI7Ve~+&`eR4sfcv~k;k71tdFvJ7k`rOcGi3I=CC_-nS)Ge$(;l-Xal9h{YxDPu zSq4Uik^X0n7_06Mpp&yrC3SjMcC%M&=Z#3kY(0gq!2YV;5!-53o8oM(>`5Vi=9MK& ze?KQ-uaYw#^8tXJ;_g7rAF%)OPqH3cDkV)b^N)$@>*UybTU0YC7o6l~it6%c*$Hf@ zX+f}!({U_{>+Urzi9wX2q(6F!&mSK9EdwqCOWd3NhCkIz7-OZKGMs_05xi>k$gGZN zyS5v%!xLwO#!e+b zmC0OS@Qx^cN1IsQCwmTg6exFNt!IJ7ca5m?w)io#wZ&wBw6ZL^=01%ovUB!R7l@^M zXvXahP}?#?!JBZK*Zf3+Q*-tqVtieBu}JIbRPOxwR~xP{d?f4iJA?Jwp0PI@KPfWp zBy)}bU@-OT^Uq-V9V@5z;hvLb|9;w13Xe5aGtPycYutOn zOo@Ov!-~W&K*7O7?OJ_shcr1z&RMq;h5Bi+b}wPm<%o_=1TV@SvNP>SANj(^n_i^Xg?{)ggmmrPX znd2utDT{wGqW(`fSm98*?G(Yd95$8wQ_EA}!|TX?9b6!+-r+_PDlxDlRPP0JitsRX zB_r0OVSSq`6BDxVPIiQQt5>X!?r}>Xp(_o>8x}uzx(c2f&M`O@h>nErw)$mug8|Eg zp*Ym=epIqJ<>>$i{WmBCaTU)c_l&+&My5u?uP_Ivpuet>GPjUCan*0bpQJ6#!rOU; zWYK#Q1^jubE&ie4(}SbOjUhFBCTzz*uQj4YTyh8?&xG@nTgNZpH^&Rk1Nkcz{3its zHnjvqe>AXozeVFHUK^3`_{O71*X_N|n0sZ>`xizhQT`gJ$FI0Is%Sn)aWKFNJkCI) zA5OLv<~FmUTRms2Tp`xKanN(`-8hTcASNLH9SJ+WgMOGmeaCGFqz0|On*clC6; ztcjr2-cNzeVPY636R-hEK9wbncJ@o%sls%9tJC*OKl!@)9P z6G`8?Q|MoKJ%lzj>2K|Na&svTp0cojW+x>c0YLf~IC!vH)@UfTFvsi|KcAD312-ba2Kt&!LHPs_FsVw=lk3!EKiXlhSSNMsL1eXpP zfxfZgQc0h zX!|TEa24j1z;I?SCHCTvBgCz4N_@?ykp(z|-JYkeCcLskv4t0oMq&p`9gK|!vSAaN z*nuC&otxz8(hdc(&l?2hzQ@lyEw&Eh0Xuw9Ag-&yGoIZu5&!089E^K(;Xa1*K`tay zF>9c~0d?mjQGr`u0(~R<6wwe`a_7*%R%4UiCQqm&Q{6wiw8cb%0S%)*K%`($Gz_rJ zNL{2OFp1M*B7cpFQ>IG)aTx*J?9L1}yWlDy7*2xSJ5cWxxVKGn^FcTC{slOqN=PBo;Fy&yiv@<>HHZ-1o7EpIL5# z>4{Wh{RU`#jyZtiU(X3nmgm1Pt|HfGz4!Kzd{CmSHP6dQ`uA8AT%6R_>s=UcW`&e| zlSosdO|IzaNMqMnOyZ_ak#PA|wGkfTgJbzDfQ8o&XST%!D{x7uxy7$b*ng-;rRR8~ zg+J7cEEy0lQGiMuDZKru2xv0i$!6+eVw&s(+l!bcfoNUMaa-=Dcx8oz?_+$ z^|IWUbC6}|=Y_fAOpSw8F@BYXoxy=&AbbH5h*_=KS*hlO=WxPRpJrX zaPra(vG8~lE*3gYWKLAa`i}Ka!NIL|@!`6X?^|&UTGbk`8(b3dVUia}7_b_yyxj>O zX*V8SgpU`3;v!|o$ln4)XCkGl)HQu_|J-EW=`4jpP)<5~1mS=*=zZSOyC`|sP_l=7 zr@kL#4gmTL-m%a*`6;rHZ_q3>2`G8>cAm1}qy2*pF2kROZ#Ys9RHo z2_AMmIUe`sTYO>~Na}9N2F;&oc2htw?`rx&aLkGeMxhw_X6#rhWz5)#$v#7jWf+FxxksYU=lMR* zb6vmxewXXI=W^d?c`vW``+d%N-}gDrNhy=#HRzo4NU^C7)NO9-p>q5P|t*Z+|MvUzcF*cDfH7K2TIY%Kl>olXH(CK!b>wzs^ z3>`)9RaHIrr{I*>1POjQ0ht#qP8)+=JkOi=Yo=nkPw{-bn6Ql%@iuE&sEay>%km%U}bE6(GL$I#uvR4nFMe+MeQ zO)7x3yT{UKgx79s7?Y3N3`VOxUU6?}6wR1ntD$^w*Mx_hRd)V_xudAphW;L6>96GFD#xDC2 z!ACLEiD%B=V#mjmUf%os)X4Zslw3&rd+97et>*mWPnwq-SdUPYP9<~B!7v2^c6?mo z-6!FX@rua7D_5&yy@nOLUZ?eWo^*4^cW8&FE`Cho0=+#>i96gH1dXW|b~}9M3^^22 ze!(V3BIWFqfA{rnKb+0}W;Ov8hBTSFD{lHA3%5X0*wRr)i)@e>*YO zbaL-EL;5XFkwd|y8)1CMWy-#4$mj;TCUig+x?&V>=(mBziKgeTv65qJ>Ipt|S3-5) zq+&TSTxMj3o~wAR4_+W-ec-tKlzz{B-aQ40~{A?d#AeVJnXCW?{k*648;* z;+S<)XIA?Us@4UzR5)HddN`G>mY-QUYGR4LQWr^fEVe7Tb&j?{-L%RiVjcSS=~mSA zd+|AabC&Z$ZUl2So1W5!7y3g!FI-NJq5erdy!fi5wC@{A=MZ%CWLiSwW5rb1bST>4 zhJ8ORso}2VyS18Oj~x9}Y~Ya*6ZZZO26`*9AyLr$vdUZJcsk0Xx-jc0<7!_UfnccS z0c%B&;_~Ej7wFV2km1cUb!F4Q zY25KI6D47;=Vx3Au{s&uA3eT_wH|+=LH(cta5lZp`NXBp(Bzji^^C)xbo0*Gk4qeR zH&yw>JdY2lE0U6pFF>DI|FyEwngVsM`kdvX2GPgyo;}=h7&&x-SmdKq7Hwk0Z8Y?l zWTDudaOj`Ff~EP2m|S^!1yIFjL!A)|QE#EnY~b(`_j_ExmhXst@e0Tb%SAa*(X8<* zQrbmjhvckzdZ{D5OIsQo9`G+RXTAg)_JvwF3B87xWnzS%9*6c{`=bvZK_)U~aik+Z z&Vntw=ljY>ePqUUN#0+>=u+kW6jp=o%W{({RkN4tzD4t2uX=y639~qS?W^5jzY2$? zgs)xM&`e1qRHo}OkL72J4&y$Z;I|Qm1jE&l4%AKEKwATemn|v!PGWj(uJljOO$0|} zl#3jzW?@4%+Z z7R*BkF2rllPohk3w?EXPp?M7WZkRX=`LgF1Ehzt!L$ubL)jB5{K~l2M2ucN^Z&+1EZ{EIn%(r{D|G%X=7-hWc!sA@6zN!Kl$%{iOMiRQfWhr+TmZzKzc z{?!i##7;hbxaea>L}O#9;31pY0izoSpZX~vyCapkPA++27?Gy8qXl7~x3{sUp^@ie zBC}KKQenKNM5)Q3dmt<8!~m#pdFa5_>ote1gFHI{<2=aPi}1PabgyKd9FbLj=t;hv zW5AgkQx5(=&(WSDvrK%FB%EP-G{bvsdk=mZnvPYGAs_5#35lkaUs3Eoad%70tIFTS zC9qdrdrn8$Hl}9{QT?3|2phV0|Df1kH;soiakTc<`?`VvkV!)71d<~G z&h0Fg#IH-+VC$%A^3Y@86SqLI=Tfwu7)i(@Sa> zehE;Yw@3Z3Io^Zf>Y0k|6iekSwciy_#BCgD>0K(etP|r!`TT@3xx9qIOVnQP`}kMg z{-(N{vQlzu#G0o!qrqeAnK727#JbWud!|K4(Xb1K)?@1X2`~^ta2+^!Yly^Ix8=LJ zvEHv7+FjFE`d51unJ^8C*5)b^DGZkLTPxfG$x)svOa==k?Mia2ro|@$l39;gfcbB^ zU)bDSD%X3Y3bG&CW0zn*{-CLgfFrNoH{*<6dqBUVQ{esGxpQR>G)L01=#Gdhi!r`e zsbNjwB_TCOzx@-_cH`+$pP!`23y#5o@MZ~ ze|2}~f0QH8XxLwL{MBeUt}JYi4nSkddm8&o%B$YHg4$0YzSxz(U#eQN*i}!;UWp6j zTYnUI4h=a)d2hR;H=yHMB_tenNaL^!9Jah4(53cTwW0X4xE*a?OT+SzZ*}fyAE?Z{ zSNU(H|0Rm*PKG~XeEt_XfAJBH^EkWLj3;KdJRl+3J@r3l@RI+F?7w>U%-jXm{;8T> zC18SOI4A;lum5DB}dj0~`D-;@Eh67Gu0PsY@m4#9r$LGXTl-kfgU|ww>9;z;m6>?(J9#z-U zwhT{2`^cuBN&Zn^(09lfIa zE<0L}fiUu00h}u!FHo}Y+Vul{ z-wj-Xz+@5c?O^-tA)>ndb4?~#EU|FWSLpMVCeshW-QlKWmIPxJVSr#7npX~TNu(MT4NXzD=-r1E4@(~zBhGsqJ`iML z5#FVDmES)k^Jg41++w?o6I`^T(`PJnKAwGxg_}l~RE}G=x`iBtK6YHoZ2E+Sl4s*zd2o zL=zNoE}`GG)ZorH=|*8V)ii0IE%fAzmP5Whf?NoD5%{D;ivIo;{p`?y^R?__J7WD@ zKGVr^Q$$w1BZQviBJKUYkm#$bk4f`2sNdw>uU?)#1`Y9wr{8zZU4jp^qt0vI<~*mD zvJX@qxSyp8$^X8i#?O5--7Fg?XL3#i`0qc*6IeA?x1Z+6nm@2&4v=#y#LrLo28qAw6_pp;N#_{T%iOb5!&OP@sW#D|(&!dx!sbsDw1g83>K?T`sVbORvE^F)b5}z_W8+mwNCtS7IzqZZ!D;|Bpql zALPv_1gBk(0ba47Imz-NK|=w7RIr&+odb?y3h|!n?DVl(S?7xZ9|fLAUmP1UjNMc~ za8>|k2i-sB4BNcOkU+`NyP7Bg!2Kl4nn`n^9+`htg2+VzZiL^Ob0OfFqipUO1fl?n zFPLnK8ml9^ZZi-Rw(0wPb6n2D8zQ4ypb_IML+wGgkdKA%26D?Cy3JYBlpF+jE^2AD z_854a#%tF$Uaea@{kyvSxC>02y+u#=EXfV%F64c6>__W=Fi}5%zOEgvKviLc4U6yj zUI%LGJTk6NI^n-)BeTso8s#U%6?b6+sHG&aaryf6q|l+drdL!Er@_`YI2W^ej`&ln z9rrK!c)~yE!K2-3yas-1t5o4US@kh$V{uLiP8!nOmKJnwiGVk3W!$8;a(=ULuFbql zkg{Dd8s)c1wD?L@39*h70sMaU9GBY)mU)Rkb<96;D!vWgF|$Dm_J69`*vmZQ3%CaP zM|EJSD-=eG3-+NU*?+hf1DuRJc*(#s0@)1K4g~r*)$I2r7AjGP)!-j*`y7!{YQjwJ zPcpLbc*;83ul*v*Mq40mYsJ5zLePF)7}QqARO{MwsSC4FSpSI^U3gN`ZKB&Eur7l7aatSv!A5%2_)~&tK{Tj!$$;OhHw4jp z?!GSP-NjK)r(|ZWz?p{#%UVE|_kTIV@(uC5#fnne$l9y%gF~zigYM>_#2Egpa?i^t z8{(^;?%y6_Eyxa82TY%WC25CK^W-Z1YFeBt`j<0R1qY#DNPq<>$!wf)yh^d)9TMo4 zav4it&CR&8^sUrw#q_LyAG!s}sO@iv8V~KeVCnGEkkEFfAo=;JY|Ds!7HhO`?0?ig zvf(phj#4cXs4*6b&tDA!Or&X|wu3ml#yUcH?~k8SsXAef01t|6p%B;tnVhzUHn^a4 zSzejLpxu!Fx@(0*+cp)l8+Z()Ru$j-_|SuC+j3%&A;F03#WGVaGz#OR99GVW6gzxG z10-GHKl3{IgVS9+NxmA{B5@F4K#1gp09UKxCGZ0D4$<}F@M-i3*i2axSXs*1wPdo| zCwr?;pZq~4OA}c=cC)aPiNR$WIjU@_E>zLw$;0W2FWV66TT2_9Xx6{8v_8M~V`}cr z2^;O462iEm68Zf&kX2mU1nF6%xOC zVjs;jon!tKO(auvY94Ah*}U)L&q1AAc9yCJ&x1X#QZ~X7F)$&@MhHUCExj>Mtkr42 z?A}O=?ZHgviMjS9U{gPTEw6STL&2(zVSK_-H+(OPs^atZHS=mDey$dE7SOuNHB#Ul zUIM!w)c(clX;quu;IPH1iw-Ta9+eN?`Iem?)nWD)i8Onp7n}3S25kt_*0>-jQ^oTZ`;t%3s5w~ z>}BS(yI@tRT%?W9!xy=lv2^uPQw&NU?b+KBgnxMPkD`#p6ETyO5(LFL`80lkFZTTSG=OKx7zc%wg7n(;a@+-5QE>J*>jP%3drG)@cpk=S`^<~wp; zYdG$*T9mn6Kxc-TU)9BUdvB7%f;&lFh9jgA`{2u7p^KTRb2mf3Xo%E}5olIVjlsYT`!=@E@{7~wbK z6Vnr=5*6i^9+93KkKd`zeFYApl3pgLbS58#yn)(T-|Q&a_}1qU2Dlga+x2P;VfZr! zqR5k0nS&n)3wDzT2__uQMxSMYrAv>y52g zI#iNvRqf9umPvmToC7-kTy*<%GkUhaj*6_ciFFenXrx^Xbl+UhIcF?XgjSNHQhI*Fq{Xm$`dVE&=JTAaPw<+~$a9|>G*5c-Ep zG>AL>Zo#c{;m1GTJ}~fQ$p^e#Zpidi2u29I!wl$6^gt=^2?J09&Ko(s6-n%PlI{t=W3A*Dw9VXa!u8(jkP!!lVj|)bHQSE>2P%I1QAQ>Xqr`2R zA3}#7S6KVWJxQ^Dr&=)a#SGv3imkitD&?Qre*M`;pU~p!T3W*c`mo!ZgRi&^MXGB0 zpPglcY^i-6_CPo~47?GexYrHJyqtU*FwR2oG(7$yD@uUm4$=D6?!-G8T`;$aJ`YPo zWqi0{L@=D_Cs?*SxXuC|a`rHo3m~L?KHijE@@tw`#FV_OjX1RaX;Fpax&S1VsC)0y z@VjS-BqEMuB>m1>VDrzRE1{k%&a~EdkVtL=ExV7HaGv=%A6m{r-3Kc8se_e|xuP~i z0k?cwgd{jr(;K3JjAM87c&z$Gxr)@z_+t$XZGL0xg1}bwS0UiPFof0=Tv(fD;)3t% z0y8CRcQZ3E7?pQZ1jft6uQkimoBR2PUL|qnolRpXsIHtB@lfAU(9^-j`3LV7cP<}g z-9l15y;nTmk@mVR_qzCPt2JT~$^#JYX_1YIIH(~D0-Qxb%??)?k=uL|C$hco@UJmt zs*;ZII*7MwT%W8rcLw%lvPc+{PB>Ju$~U&!Ftx+SC!(pd3J?q~P1eTt5`9?T1{Y;O z?06B_pI4JIf#wpviM0t)tVakh%#X~Y%8BbIc^b5YV{xsiu+c=@ASS=TNgIH0RBk1v z=oVU_-PyK>sJrs;1BUR4MR4l1#tY{HO z{-C@oy1<@D4E}w_oN0D(NG2QMSSVydXQm)UJF5MZ_=d8jX9j$wX3YJr1Y42YhEo&OVkcjZw(vEV#0mJK$=;AVD|Fux&gLn zti9M}vayCDa-$~Uc3I7LAUsj zg!rELzZnd?^dOWxI;wb==mZS5JL72zfE;;zVL6!yjAm%waQKKd&diYEz{ zWDRMH8IorYH3zrh+B&;Vsq(cO(Ia4zF7q;?_q4oSqnt34nh0!Qe;7RZd`qVDy;Mq9 zC|v8ksE0(2nLE`)_fOVl5q*{);%zX|_{pFmX7;7tx;iJW@M=u{_0kV$m9O{gjDZtG z4PWLxE*X6JaA5d{8c0?kkkf7144?TV=4NxZwQw0crs<<79;2O&{58ogz0hV84^1d5 z7>ca>H0cA3240@sT+{@)aWeZ9g^L4u?U5T~r$xCFw-#z`ZW&qxvDl>&2Sb7IJ(0fc zU265n3HzQ;;(`NT3MC(PBic$uNlp{(_-~VS*DU*gbcJxmZ6@$hen*A2dJLgSkn)CI=w?Fl<=gQrA3l8?)$V-Sb=);s zrCFu-vJD`;D`s;p8Klh=N{dNjl#6uT`0SI+jABe3xLZG{8b6ZPe@fBD;`3(T3~&5L z^Ar62y!WP(tL<um`|O&ijxN zVLnQs3$`b!MHaE-tTi#Og7VLzjW1cPxnf!K>ZmUM=}3s{fUo-Ur=_O|z4DW)L-Lv3 z^FI;Wfl831jKC&dMqq)Zn|L`gWEikE`Gv38MGW=O+nLwvY3=!B3F>_8^FT0YI~xgd z#`1Og03P5I&qx%t*ypGpQ}*MxsB=9d!n`UqbN*9xZXIdfNo`|mZTA+i9U*{N)!kZ+ zMCyV{)Yt8K-ZRb$fD!R4)CKb%(1s3m>3cPL{oHnQI;(K%y4XAym0axA|C9kvM+T^X z@Aea>f&BOeid+Bz%-qkd1M88u*93Z`Ns@NtQ`A{!kMwQ_N%)!o5J1-Q3I8{MJZXUW zv<(--Hpkw(9CLC}yOcTlrwG;N6seSb+Wfz9W3kOej{h$81sQ-O|B?W6EL5K=)Mv{K ze>Z*S|Iu{R5LNzr&GIjUQ4wpyJKVG?CM*DI-~a=zsJ-5E?4Gt>D12M7J| zpBVx(sX4ELl<5R8MkZq^2jjmAz4kOdaxV1(u+Q=fT82$w)_VDij%C`*UOd>fT8ntb z??0Eu=+{% zHxW`lpq-QGKmR!>A=#-E>=FVKUIdm5cKa1i16TdP#p?$LY27Xd3}WKMPN!h)VZ0$h z&S%4EbJM1A=m^cTd%++e8FV4CBA+*k zkSp(MQzivHIn6Yeg3>rKGyct{^KrpTD#$3|Oi^AJi-|h?h_2+;+r&m>D=Wn@vr%gz z3JUNN(ST-H9B#41$0qTLy8rYX_VL2uzTqGtP=IZso(=$VUUDcjZTE-SkjTHZFua2K zvBZQQMsdo~`8F_8lt5^0A`?Xk3Ff4{?t^0!n&4R8y-K{xAy9*VaJ^wT!^tvI4>Hlz zYh}5pA~0;Ph)pIe8LFd%e6e@yPpufBmNW$;i!z*Ko-|Am|I--=jnV>1Q+`o9-s%4j z8DG=D2~ngBe996EwmAcu?XVH}O(3;EQ72H3uvaUc1C7!+Nhx(E4i@D87|CA<_Fff@ z+vB?*zfIgOVO?BgW4bh~K_rxEu=LwJvm!BD;(SC1TwAIDx+$_HduefS>&cq-H@{7a z>pGxcSx!g~$Tdum}3jHD>~ zxvsmYBI^g*7DC|I)s}%M5mjVS$%N=BRirMw#3v0bkIa2>UTsFPibp|eAoV@;X)w{w z$M15$jYr42a{|%~zN%$DxP1CidXYp{?5jXm2h#`avvCk9V4K?DZg?VhcgPg3$Ladp zdLJ@VEO)4+w*hSo_vEDPEA9h+r)2?&ZySFr8X{>NE=e|5Hvj=YcP@(poEV1NUq}ZF z8cSq7K;CQq$As=;TVE`9R&2*{+(3`?(5r^o=kE;^Y@Cp>ce_d)f?SIgP5m!>X70kD zY77V!B(bGm+d7(-O2s<;JuE4XJCJ2zy$W-zhe=Kd+4TO43&mGfzB6*NHyS} zoEE`6Ij+oBGd)x0&po;X@i56%`PSlZm|c<`<>)_*^KdS3bCH?EkqVbBThRo2JIQIB zgh>@IIq)>)HGHI8ufqN6d-$vcJ#K&_*KE)VI5@x|@m6kthJ5b|IdkZ}!Pn=}&mvbk z=i&_%bb3p@nl(JLNoOe3m|3ra9KF|(#XSr;%h!oih9MQ-|iL|1%jD*@0W$UOS>-ygSJpz%No9tCxc4OA@wH{Xr+_bLw{#gQE zTkmx`)6?aTCwSDQM<+m36zWkHcTfm0>+9tyGKurJY~1E!Nxn)>ey3p#D20LMJuezk z^|v;aRgl~(xOkGqODgfS01t$V0Kb1h?aXR-s1ML6AxTV>fjuDclFzXG zF42$Qq1WpF`qZo1a1Sa+BLIXcb8LH5Ko5)*U!VLv`hNEF9K|O_6;GFVFXu|lctCzqiPQv{{a;PMENDb9S^>@OV@NKR-0Dt~#tOkpP z`AneeB@)f!EVgcXSP&2FD4XidX`TTdyda7MC3(&@4-CX0Bw`8cy`a2Y3Xs(P-^xi- zHft6;=g5^3AdUpn!J#aP;l+odXoek?QzH`%4O%!HM_T*Q3G;WWFJp+`Y|Q=zyx_7I z6}E+WhO*fLx=x^KD8k zEDXXvTE~R{9uL+ZS`;JKz!E`M$9;rOq{nG4Z|KwptAl7RkWW!Uph}=LPU;IipBr(^ zi=t$!qlkx39ew;K$DZre78{ufa5$c#&^*Jb61jGY1JjDFG+2HnDM)MOd&PnVe!iF0 zOUZg=I#D#XqP~DX4Te9QY~^k7<7xd-pOk)Kk2S5XrOHDP|LTRsvT-4-gT4O^mZXXB z$D6>GtaxB=D&N)vq*TW*KCj%i;A^iwNY8;>;jqNyF5kH4?2tQUOq;)kyCa~s5)?>V zW(8qGQ-bX0r0NRCmJL65{Oq@aB7pI86CvvwE+Pl8l9fJQg!S=HlZq+Fd^#)9kTFqz z=&9cvo}|>?AiJ%4d*{!p*smL;R(da3HI;IeJehro%Vd0>$u01DxyZN2e|hmmF?2|x zekO)5mz83{eZrM~IIQyyI@*w!3V&c+^(78tgP^=c#>A^T-RjG0|YCDL)ed;kD8&% z6_6>Kpb3X9#ct91(<2rq2ED2i2CFWS-K<}0xmpOeFTz_{ z_t0uiad4kI$QdQ%1@lgbygx?xZZEN_AszfG5APA74$8x;Qm27R$iz@+?Qj#98UG}E zo$QC6s-w4nq5cILbtT|P+dhTwPW1I~xjM-_gB`d=0dNGiqh!RuVRH=!1<81=ZEOOw zQk(}D8r5q@mK_k7<7{I)Ln^(*yPkM)eQk7DXEV#_$K^fDYu_eXVzfPhOBD6BvyM32 z)C|6+!Tv#&Ne;)PS(yRFG&ovnAkj2Qy4C969ls?qaZug@76Hs@i!YPc07xxdsq|Tt zL;mp02gR*7h=;E_&fVPFcv-f|m!U-WzXCIW8%Y$;Ue-J`6HUK~C$!DkZ{PMnk@tyk?`M7&Ew$uB)L5 z>H`B*j|7;)03)S5T6HEZKJ(4x)ti;lsZxhjQQ;r-G@OEoYXJX<#+B7)!(>tEsMyMLvb#bU(T>L8zimL?AW3=`X^RCrdr-5nz5{wcE z1m}!_ex+Wh_1skB9#&p;`aQUMe!rA{veJad%DS_pqqtrno)C(YI8hO(+ zm?F{cjD+1gzkj0OV;L;z)2S3jh`oROPh5QXyNsWccCLxm9?wd_5@gxU=4xRna&iK| zXj#U*Iw)qR5n!+z0)Tj4j4a3^UGondOklS(aVGlMg;$?tqXhAU-vCJb4e~~O4e$;F z=Qha)sE+@j0Qo7&0&qaT(ea#GZvRy%%x|PRhFUHtBYEqd?18yTc~6p@XcX%IsMC;Lr~{qDVE>gl093|5!7mCoWk+=d z?!+ohp!MH2?RIkSu_};2CX3*CrGd+DtI{UA{N)k2$ZITsI{*4HGCsc__G%elW8AA8*20>b*2f)`h8_7}4OzQD72v%t`aI8$SZjb)<@ z4}i9H2rUi%?UAX7q?+EmB$-9J5DpU&lp?cm0f-2Q-h;jg;F8!mWu_SSVt2X<$j3Ex z1{2?NrZEV1ibHt3dW&Qj^6lQX*5+}&m`)#B{(2V_uo(5n)L*B;O6HMwC5$X&Du{5> zAPThJ(O0#K$p7K}!H9FcuzWRRiV1`tloFthedIsGVcp+xWzI%9y)Dc9k)70$^Nzmu zMM7JA0y@!+NUBMw@8~aj;MNXM zu$;2wHbaY^?gzVenhPk5F} z;^XZ$*4HMikA#aMD_HE<*z#`F8Vb3dM|amvL#;+Ei)Y?pg=h7hRrtXC@ph)A1=o>Y zW>=@e``a20G)B?GgNmw5@(dT_3iOS03=DLGO1f7s8we-cGA2vPT?JH6Bi{iB^FziT z2**!XC;*3_iIM{=i;PvBcs>CG(6y4%2*guQ+T+#Mhf6KEjC`ZhwZ1>o^PR$HB+~`* zNI!QKXLfsP^vO!pA|tTUw5aA}?KyhU7Z)lrsn1`QZ*#i>2e!kzTQ6d)#){MvH`DRX5UwQ*Q^TM`rlDPH;dQa=*Yc|s;e*UkFjXk{n>L&}?G?C-4FUu;X)c@Il(ni6GUEvUb07h%c#sC&njX7iWIk zV}+=0v-GH~@9nu4?GGD!`EE6?ym}Ie&dn7xc#AdRk2r=h<0uTRFc9%h2)DIOR;irz zinVsJCt2j5I!0Zrr+MbmlFV?KGMUgRoGVqEcEZ)&;9`{7^*J+R#sG!a;Ijq+h-1h) z)cC;%&&L*+h3FOH#u`CyH_d!AwzL^0FHmZ4b10or2Fqz}N9>%CLypFnb!g|JlXWDGo zGs#Pi7EhWN%m?8&G(qdH)JlFFzT9Ac+cKj`=?+#<2h4fW;aG(2wUE2y(Ao!wH9uq0 z-w+1kPR9|uJ#5os7rFWDqtaEhxTjh4U-Nihemro(I7UruC4_O%(8@$2V%WOvfpS_` zih(*)>~Yj--PDV}Zox$X==?+ZC;{*vOrp-w~)++ z)TotvfT0coD?6gBRI(}*4JB=DTz_)@Gr{7BPT~)_^7C#&km?QXu8r_AkARs|2&|#@ z=2o_F+0#t~EalP@$rs9u`ZZby>Nt-bmTi%giG!Ng+*ZZpgTz)LsD@w*eFLR~$(jl-+U5y}jW-Ki?(` z_8yn`rRVb9LHJkQ6ZtiX2~GwPo5)>(Q90AuG-<;@+ICldyK9m!!PvWZ1nB1gkZ*kp4-7Nl^YKJafd` z31U^du@+K-ixT9X{g(eMt0bNqL(n4&mK!+nIgG#VDw%n}@ix`GMKoKtI?3+Fz0d;L zY35FIQ)AFeB7B*}^)x=yr00>~&?8<<{>}NXk<4N!feQQlVq>;sHDsH}pzx$~MMJ6U z4?5@H!ehXbnq^$b-6ab=>SLm1B;b6#-M^YBqT&X+zjZyyB6Yn%UCc`z5`6<@^ zeWS+YnpU|HWAaclhm#=1AYXRMh#b-D;b)NlQBk~AN4NLQid{5RuO!LV?U!WmgXQ4| z2#jUj>19EP$q>niUl#2r_Sp8yOj_FddPS#Z>m>>~QeswHwhj~reUSX~i)WK7>Ib{+ zSnVjQV<=;uNS;Op#O+052W@|^fc^+rlwJ!>EcNNCmfvx zD2`AqoiNZh4YHrMf0W5XE-egUuB`ZbJkf=CIv16W^*)DJb$}Vao9wl&@-T+D+>C+t zuH^7F>#CNy+Ppg&R(*)Kz(SYX3yT(L`v|$)$q=*R6{PTJ#Wf?P+UeTh#r9v-JSHFUT?sf1cJ)WrrijsKLN`7gdyLtCaJo45TK0pc6#ErcrRGv{ z%)NHTgeP#Z1U>20-a&gq9u2SPD?>TqnZaVqPv&PGtp;TLP^%x$6E)-4W1b?qAT1vZ zd?pV}s8s1!jeFhs{wC8BVIX(=lmi=|#&gED=|=+tel9u#z&STmzjk2~qy5fh*+NIo zC5)9ywEPZC%{}oRhZk+N4A=abWXFN;EiWY-@SH`Ay%^1SJ|g z?Is)E8{+}R0=%9a{?{nBk-@O|h1IDs(WE8}!DbC+Dx--sU35!9VAFPx@zJ1HGI%RX{3o%1&aJ_AAGQw=i)ki*U&K_V8qA2Q`U=^*3cszKDr(!80#3P(}CIzrSj%_XPOGh>j zEYbSU({2S&7&OzmGaj$|UXCA}Tlc=W@Qv4Nan)?TLIOr`0p@gnt^eal{wFE7$(K2R z3pFn-7z#!0EOT#{>TSi@V1yTd3w4zKSe-cY*GefmKLL#bumD`BBleEhI2*6O7I($O z$O%ME8Q?;lFPJb=Qh?vb)3IMg8|1JCje!DVYM4zY(f{gEb_Io9n6R6Z-jYi4tF77J=#106Mjfd&~Q)JNsm{@Et z&;nE1XX0VdL%`_1OFFxonXxuS370!$#@x29F0hTi~~O8KLjIEls8v05&dvz5c+8S7as9eUJx%rfn}o> zR616=kN}U+blEZ~yJ;Oi(-PHF9QVDb2gqgar7Zxo7UM{_8$1YtvuhX1Y$m@71(Vt5`IDO_+*N)(^&Q7G^}T3Z z&yTV|N;%la{-;vgOXzYq8iG@Bd{TbHPsG*9QpiJS{RBO;aD-eqv_-XDKq!`@sM7F1 zIS8*XC_4*~>1;5Y8;ojq^jg*?OgP6E5u6CPwnPRvb}C+IlT6oZM5lywPBoZOTa~J` z$UdV%hYWu!M_FD5(A!8{;PoXh33ojaE=Dh?0(sIB2Rp_{sGWFkWF{NMBL7Z9N(+#q zwOh9Xhy77*&qU3HpQcO24;x6W1Z6>OMPl)$r^}Han;s}Qj?|8h4n>D%$L}RLg_HkJwqQ)a#|slS=Ap|z zOZJe-p=6}9i_F$FaxBTB!po;6p^iy$Pv!Bqi9lrc1TNGpRxvl(%6wSbkEM9^XPoxd zVtwD{ulye*FdMrN=p}TG{5j2Ad$s}18Wjrlt7j=u$Q7p)h%aTY&VTvE`6O`k1?cqL zmerDYURytKpyro`5>5x1rFiX)?=BK^c|q6Sx{bjo-%B#FtBthh3Ko+5#uS)OHz#tVb6t4M4IiZV<1Y%iOA9KAn6XispL%|`!P}K-SG|c&@ z#j1mS6rBe);zvu+syb3E@#}}qXvt~dY^;)|A^W4Ghj8qQli+nhxwdp{BzP#ouMT^l zSK(LJqBhlS_@FKyAih0+1pEvFu+n$B1#=uZv$pGadjNxI?(Sf4xI#E zBl-3X0f*Z_UAE|F{h{Qs&m+;iTI7h~zNB_A^KJKof zO&;Q>UUKWT$;(1b=~(Rzn@dzL`V1$Lk0x}R%~cgdRH&9(5B9%~F|-M{sDxTpd#o+3 zrN}as&8(%k#J6*MX(Lmv@ zR}I2R_>SbdwUBBSn(lVVp~Ax_T9~7Tv!<$|?yzyl`cAkT|Hm<9C{yEvPeVJf)AVr$ z*w&_@;1d`pD($s}XT|)w|2>prW+o|u9l*y}Pw{I#)?M&wi zmo(0u$d5$fZi+_T5{v9|>9r+EofPfX| z_m|Q6uSCcZ{=f&vzyRQnM*|P4f?}Yd)XUDGsYe}&X+}A-mWj_QXYVE1OYHvR_+%4B z$buH6hORDFZ1P(%p}ir&Zn)na@3oLsI9ia2-|r;86XW?m6{IG(m&Kn>>^lb$lRlp< zA^ynGSLB;@VXU>0=Dvjbix=|m1;3Yn)s)zLR>`X+OhN6?V-fy)l^UgV$1mFU-F3Ws z>w|pyaH3lGYrfb^3v??Fg`K0LK6~_aC_lO!H@CsAoiw&2GdtTPn!>cc+L*v{>C(p| zWUpK3{FWa$0h}S`*1!s{6bjy3bQ9`;j_Cy7X%tpQa&@l6<}~2qhae32a43A`XGjCC zSJHaw7N{dCBqSv35{{W}<3iL#gb`jp)Spw-|0WcW?->?7+o0f$iLXVSMY<1u#GfE? zUD^+{(7`}F@VlY?lu};=ES5~}@rZALrTnU_qW|B@q|JswIS(l#yEyX_GbD9%ukqFj zZHXG)0tne@s3X4+XUNvCsidT&htFsUggzH0f7Y#S`zKdT_)XBknT1g?pP9~>y$7;07v zAuxBlw^KfuZ&ox(ZNaM96zUz>yWLcc(brU!k{kD^ZLOx!D z7KS{7YNWz6m@px5plj~ju1BEr5m&?*_1;;k9!IDsn52?=v=I959HliP0`z9(R1}N| z4ho2xJC0k?^C!q&`_Pa{-6g&007)IoWMH%ULwni+WKACct=ZKwpzK?+?>V{l5wmH? z%KOu>UH{k$)mq@oX0mMM{;nr{fm~6UPn3QyK^A+qhmx)XWD!PrenoQWlkRKentV#&DCIn!9r`4!fXb!cb9sKV7#L`jzu^6^9 zhPFx2k1=I#E==ehaZWuzu8(O>Z@^hi^hALziG`NUkF>_dNWI$rW@95rDA`iqm5ji7 zJQC_3{3uG!<;eu#vGPdAj@YuXc?xJeP^_#kv%@f~M)8CHdgKRU$xv$7aGv(dH|Oc3 zfiKKkWCjGvwcb_>4GB>j5ih`?3TsD2Attww(L!yx`1rQ5cI0dPFUH#cv|X_O!F_a>T7O@xeTpq(2|As}(!gHvmp|J%dikJLuKpKab*kxVdH<~?ELsC@bL#015YJJ*QqT354O z)}RaR|Hn(IsU%gPoj%;RPdU-Br7g!uMAUU!wyDIwvsC&B>aGrT9EqUcjpQWtu0g67 zq=>o-AwnuRA8du89pt!h$Q>}L>orHn5n4#aD3OdbwA5xFX&_I&=GS!?{XC=*xiwD2 zv_7YMpLW)h>y2@PLyz=?1m-*dd!k$ihVBqL*+EmEXvu_eBXn*Jt)94_UR!qK-Psh? zzA6=GWl{t6(IFKL>!q-sLl1N2zk2O#$Q6X*(n${#g}QQ2f!An7$|e)ABon#RQ!rl} z?`5!M+(fBcs#(~0HM86n^w~qY4#!@eZHhVsShGxtT9~Yne|E$Z5Jm2wKSOv71!XWJ62 zls18a+ZEC1ap9lWQ-aWv5_CufNBTvcf9F&UAoEc$A86IO)PD$2KEI#E=t$R?X zlB55BFcZk9xgeoCB|ERglFf6)6c;ZhT5 z9r1tCYx!L^y3qV^k6e${*&7G#RY}B$V=B^$>t>f9Tw0gNAxZBX(Fxek7jTyyPpuVt zn7)X8acfMZ!7&OljFQLhVwIu9Vj;)&^NXB8hvU4CjBwXqRjfXK1(&aVm)!`S)xteh z{OXlSR{OKU?c{NV1eQqh<2x~{!Ud3{_XZN_wQG|T{*y&p==al+C&&*j+-vC`(y+jm zov$j%&zhW^7>nOH)pRe^z+rZ%prCF}ujWq79xrDD__(GE4l?u|Q5+K)Fcgv+IY!lx zu}^VZbbjkxRIN$ed!}MqBih!zGZC`5HBx^0?a9IT;YFg>>AAF9W9O`0RD4fF&OJRy zA65~EBdhC38U)uKKw-^^5-JF?_GxbVv`VE3YgXB!8N|E`>P@sDLiBIxZ2345Q-|(+1<4eU6poMB;9a?0p7KFhHsdrud~%G{N6%UUe~b(9qs*<~ zp{uJ8^p>8_EN5LiJ$z3qjNNo2(ftY`@CZ)FPyHoAwDuVEAf4oWtx_G^Cp7%2xi%on zu(Dks;2PVNkd75S(Jv%wg}M}VsU}NQWN1Q0O@?QYH#32DYc0Y(3z^}i6^33!N4sZ{ zULwTk;r6bweNqYu3hS@FUN=j+K&iUmEt!x&yqSSXD1uOs1QIddes%pK?)YUU+}U`5 z#`Z>DH=BA$8)nO@9*WGAcL zfC{u)0lkURNX33PcYud`EB?v7Y5(BROT8F>(L5q*sF0}k>cv(efdZXZ2Hn=jf(%a6 ziO$)IR`dwZU<+^PKxwFr!!4~}vAd=uI^ZuP=mgh!^!#z?@a?60hR*8QIQ z4qo!Id$+^9OL$HFn_b>NV)rFYT-1c6k42po(As%3Dm2tJRi^Ia{RBMi)lTdDfwC4K zv7?=femJd|j^N3iQ(G}BUr`;QN9HTJJonRgZNGvGjN|it98yJ2C@FaSW`>+`YUUAv zY{wIcF6U`;f=YL);!Fm??+6u~wuI|B*c9w?g(I0;mo-~Y^%f z-?!hWXT~ZavWkMf_mN5d4Cf~ZccI)Oa^ZKZ=Fm3pe*HsktaqlJgK9NU^JwOkkqEn`1w_`KfAm0rlxsPIb@H7uy+nX4m zEDGh%uj|{MhW)1|d3UPd5@SZoTFA6uFRkSqj5fK?{cRhVlO)OKTzfSwE^fThuzKI8 zyCD)cD(Wjz^o;N8VUTZ+82?2wkLvxFF|yo+nvJ^qB%(7u(mdc~ZK`BP-_jUj2U4G6(D<1DpGr#owZClrn5S04n#=?`y*x zP(`on?6k++0bd}ueqB(G6x?$%l3hULcv0AV)GOJ5no{O$i}+6Uon_q0ZL@*xCGAQU zHj$fBr6rYw`!0kGz$+*h8;8#8oLFYpRr?3ccrJ}}Qs7atag_;fQ0U$R+RV(%6e@^( zJ+eIVE&r7a+wDjcMkRya-W_?=9$G!^tF>&6H6kZOwW9TU+2{`G2xL68qY&>ZndtiW zLHZ#{IFW_YkTM~(8#jou+YX9*I<(EZrJ$)-7qaXN7gJVK4bE> z>|mYjpnZMC;aMvy*1op^-Xk=2IBwe|Tq*t2$W#4P(zyk_`28jAv$sFUrSI|8$RIr~ z7g;SfmVnw!c)$U_8GNj8N-mAmAYoM9Vgs4K{tWn0dj*3wOGCb&HrhiU{2WX=byVbd zD=Ow@%TdT&zDN(_pWQol@0A6s1?yo+)i%PtvOu#(8)F`r?&Z;q%ec|x9El(H4ky&L zpMEnt1M?-6z(GI8>4Z!L%ym!-At7@7%lj9VE?ltxMX-%f%FL)NB!BQWin^rasQoSY zX8VKE9zagu1rY$I6%w!qz#mst5F+%Qs)+rf^pb63cA)l**3Z44=>~Z6lsvV~*Vnc7 zp4)sM(a7|~K2oIg0Ves$G4e}OF$BQ#m@#tBr%dEZ-tH;8M&kCMC!@o zzA;vc*J0#0azbYgft$}9rW?F~N-t-)c6TBva@&COV$UA&P&CVfbYyzEEUgXeH*^W- zY+!UG)O&jdQjBXw)dW)^6p2Qv#D@SDA9Pn_&e)(48fJj-(ckS9}IqJ+4u=h#^)pc=~R`>l_gwme`tmBnO@r0QebH43#hI;%@r31ry zl;&NJx9E3Z+vHs?Chy9ypL*V32To7*SG_*F7czHP@|u4w$vkj^RVu@yBDLPneWs=o z;QL>P#?b@Ob~FBeZf+pjL7{cG@iof15 zFgdVuR+l#}ZfGHv}L4Rq`y3nJv|NXgWJZH4ZTy15F@8ZJOt|x_qk;(`u zTT_7t1S;T9y<3079Hx#XL23J8+k%J|a^H35=9GiUcVd)d*ZXy}ToHZQ; z_;N9#r%({~q4}S({djX5a{~+U)M1x&WF@sF#u$r?sEdfVLU^BASX;_B#@76|@A%Gx zQ26sGbcv{n3>0(W6@C6_bl4(#BhpEHQ?BcQb5Lx~m~|L)z7()Dw0wIa=UU}VOR0>8 ziNXT;)nZc81*R3&b%^c&{^+y;B;R=l(qEv|#Tmz>+t&NcU~c@_Qg%7Y)J_|c5%)fN zJX&MmHO+nECS|Fcrn9jozky;33LyMN09j-(GKU)oIxXtBEF%oa8fI_{D7Jf`Sm))& zcXoKbg3z*jFElQO8(}*XI@NhgL&|QhcJ5noMj{gooZd0=;Rc|?mV1(o?`6h>)JU^ z(A)Au(s&&egM(F28o0S7cGFO){&lA>9gEY%0L%<(*&%nF(67djRu>Vacm_)8y#0N9 z?h>)z{-|g)NRPGd`0v1^$O`l?11U%^pAW{{H|{(8OHoIB)>T&CS`EwYN3YP^NEdO> z@=>SSPJgsKw74#F3=!?hLhq=YDd9(T7E~pd94Y>6)RNa(U4B%;dx2~$KXuC{jV$4% z)ytaSYiTOV3;SGNws6@(uQzqGZLbiSHByK*#Pr|)LeXimLG0ruU@sZ@53k8Q4VYM{ zmT;`U%v)5jcYVY%LE)6vLJXRN$4h&`;t28%x6PmO*3Ql8r2SsAxCOH4s^#38x4+u5 zMNw7BKSO0sEh%l|Ge#9B;FIrc0B(S38w=|G)vDyF3(Hq}|0P|!&rp|u7l7kWs`$8a zkyi=T$Wc$N=&xk{rn&l6c)9RT<{LZ%C7I4o4Ryw| zJ@~GvkpnD&)Y+%Q)zORp=I!49C(g|MyrG5YE?iYErt91bv0WRHkq4{l63R4uQPfkb znP1|s70yu-Di%uulyhe5a%MG4DpR|bM+faurpp%V(RDTc_7ZJd&Uf6Iy7Ttc-vV{6 z3reM@MuNBgC2q1?E`6xop!fmap0DuGI6kuQdhUs|$j5nEGhGp8aj&8Fo3nqO4e>*x7Dpo6+-do-OZ72prW@tM@4!Q-Y3)`bR z627-RxaWmN)yU^3-YYKXd+SXLp3a}z-zQb>s*}>`(23VP_q)JPHh?sDaUNg`Ze8SJ zTAmY{kek0RwY5y|c$}MO0CH!wm0bJq0GgCg*d?c*Sn8GVn1&vmYukSIe+|?%ru z@P&<*?F=>c$S)M_QbC)>I~A3*WSpO{olm$e>+Mrj@-QL*N)}EQFpxX*JIlI0r` zGFzGZ%oBwk+$B;<&v^6B_B;4;wPbp@bR=Ppf6$7`ILDF06PEyWOn5=7AEe;{k4RdX z3r1ZeuXxit#uVe6(B4S&DM}35N-DyhJT=cQzlY52V%U0jSBgISru>s4NPPtLw`q;t zvAv~L?QwG7=hI=>I-x3v*EBX&1VS5*yr7%=COt7lY(l^NzL6C3W}aYlQ3b7|?q2s1 zSk?jVp674+gDG?w=!~B%%0NwfqtNIV5bvOY0)a=m?j~n;{LCicLZ*|rT?np%Io;X4 z5;aoQPrt(htD69Dfn{HXS(y{to-?GWiD3>^ge*=U`9V41HOe>}-Q1hF-ZSHEt+MNj zC~(f_4@Pb;8zvHN;}1ljE7Ik?wq=lHICQZHao%9G7NOJ%o25?n8q;-8)jADZMk+pz zK$BGZu4EuDLm0F&ZdA0@Cw|yKp&?wnoDrGYvuA~iKI}qmFUYgFMU5LYQjNQac$#7d z$!Bz;f(0}1t`|AgRB+fO8d6;a$KnfKWpS33p4c&+^prrYub*BL-~^}L`j5+3A$Z$+ zw^r6sqmFwTx#<6BXZdJ!npWHpE=%(!K^O7QZybloCFh*s)9#q-%pJ*AVd5`AWIARD z1xtI1EfpBeeB{*E82R%zoP@9@P_fV7=DF}+6^}!*wyn(VVm!tZUGkJC3hR&Z8b~nn z@0tBlv>vswPX-_T6GCu8^5THF(`{)!Wd;uWY&L^&&x4tK!5vj;}8h3{j>zO z(6#@7w_U~=ne(z){>O)xD#$t9zIq);Rwku{^I!c>Ag2?Jo)3*`P@p{f^9Sb^iPFnD zuGUUdrYkKqjF=qs#aqsq-KgZE9G?uCMCGBoWGZa*JMM#%HBo5p7(7q%k3Dib zCIUUx#R=G`f`WUbf^(y2CtlZ!y*?0bxk|f-KK&m_efm!5hN?`Q z#I$7YK#Sjk{Xy6i#Y;n&8KqaHBqHFz48AgH6 zO)O6(|4-I+rgsscYqW}=*uR+XkxHT};iQC~AlOxKHvSWuEo3i= z5=j(MN|2W>C=WQ!l*}zF3jR(fP_HU~%S65lA#(@RR|niz&8Tc-WAd{~8i`vHPffd* zVry(j(|bvr@1(0=M4Ud}N%m5~(14yyBmHv(a4T|#isOnva~~mlVEc&2AV;};R}B^1 zDm-loM6K;bnQt8QFIk@_>#R}i&o%D;$7r`u)K_|4jpA{mGh z42w%e4sU}8-1au6ywFofii-+JV)-A+><>t@U?;kN#}C2AUU?DWtg1?N%9~8M97jz3 z&D#O8W+>HzoTWbmC?;vP4kaAIo{;D5&C47Z;9UCmxLcsdiyL09gS`3u-p@Y zcAhC#1w!p1ZG(PQ2^XGRoCJ1*;Xa1c@ltaK=wSy?2Gc!1`I1q=Y(%Hlk+28S?Y#M%BD4)oBuGYdFQ+?VvQ0OezL=H4i<5fG{xsq2|u) zr7L9+ko>A3bLTvit+!HP9KV!tG6aDioakrwQVq{c@I|a&^zfc*4{urcvbp;YGcZH5 zb)Ifk;)u7g-1pLZdKrIW=KR4dnlV5W%_6U_87rW17FOwxfE^!jC7ykp;?=%ux& z`h~>}zuJ#A70)lb`r_`+${>0g`a(9A>lVW6r{)yxK9789N=Oi*e%>grIqILtl$gy< zkefWE&&nV#=WmNdvCna(ca)dRk^(S0ZCVjgOjo5SJJSkMW|r0xI-_IIZu$C!ZlnC8 zg_<+pM%|P79I$?EoZX_cBM6od8Q5X3oE5ircgU9~&*>Gyz7O_8?4mOPcX4-I%N86U z(wAhU7UkbIBRKJ@{QD;oT*u- z-?gjqVQ6_;;cL@@ym`4Zi(Gkl0hNp$8W#%$1^*_qH*=z!FDok5H)v?bxNF+Aw8TE{ zpQ1h9s!6jFPUtsAB)hrX_;U6pHma?& z4X#i^7|Zuk2g|=q>FXhK3el@A;N(U%+}EYTf4M(CY0XYG%X5*vFEGO<5TkDRHwPi~ z%Dsm+(x>Z+#F`%-&}}@*TIkzkqZ_{4xWcB5SQyclD$<-S(07nHx%Yw6k6Zw3b4ga1 znMd~%4^7RwBLXRB+{<;@tL_JMN32}-wfu}4k~&!OPS;f5;H2*DVjikv24tT1$-}kz z^Nkc%L$TF8fv-~zt5QOa?zn$cO;r;&${CgTdCz&=^u}Yl>~0hJ#ag;))q1e* z;WllrVkpBjKBL+M97+8 z;kiC_BDME#c{dR+YT-uZ(wA`MS`H6)if9~{>6O!Fp%JMe>Q|%}HCeUt2u~76Pdr3f zwy24)l^x%n8-ahxU79^CSX3m_HYrUo6+D^tiDRHx)pu!GGPZQM>{c z1l%Q?&cA|c&bGBbxU#2WXB>KF_-}W3s^9b#G!EKN2d(by{uudnnDbg7>PgL?ap=RG z$cj1GA7WhQb7Ub*;jtpa89=M%K8(n$@C$9N9$Qv@!v(J+r|GGd>m zeG;MS>RCjkQR8(n(VRMDHaWZY@;dPj-e@s4BRXpDaiQ+Fdkv}5)yI4a_X%846Vsg+ zbF=$`%9l*UYAzeArXG#>FKh{isgOI@sD4n>01m? zg=%OrAi4MCeIh4=aUSb8x4Dhcgz1VG(jg&!1@)w31Xl?1@blNLWEBo`aJujCA=1c<*)$(lj&GB=7{yZ={Nb&l)w3ItG zNrAp4!EW;Ssuwr^rPLvuPUA0j7K@!(P<{`@9vdz7X;WL&1#SE35MNA@Kp3Tvpl=)gT3 z>O|o)C8G2lhFT8UV&bEZqi_Xhx8W)(1$>&6c!gEt-hFeVOijm=a*rCa&nmuK7LbF>t~0)4eYRDf-BmwT_&id$Rny4Nkvs{`^;A{$Q1mlZ!LgC^ERV2U$qcITLvPx~{u@GK(f| z?BfLkxShV|P!ROyZ``gpH0L)_K<-H!+YeE^PzfO#xYeNx?y;RKmbbeegPN_KaM{=8lg8y|2_v9O1AB*)# zPRz$pbsT@iuH3__u)W^7(Z|XIO~?7waGpF0hC3yncMxZcic*%(m>kHmc>8p4s;%`l zhGg`ZGn4eveDQWM0I;`bMs>%o!MS-jMl9fI=fF8>--hM&%@J3=U{W zJt=qh2ZeTt)8}5e`(pWLXw#U^djI*!48r)dqU5P*ER>f%7$;4C9QBt)7xk|ywsxbL zmx*XMn_YvMF%B^OxnEC@G$`q*jGWC(M02wm?DH_t!Zq2v&Ub{{pO8%pDBM2q$e(?x zptcL0qdt)8oJmjor{|!*7~M)0-hZ~uE7an|1mC??)*F5AZhbHaA6>aBpw{Ouu{X!K z(VwE){OwyAE&|HpFBdRvId04i9&=Q7%fok#yd}vTy6-P#BK1A#;pe%h2K~$0BtqQo zWn8@m3jhJX?^Rd9|W zT+YMK))1zK+fQi{vF$T2K42yuRuHEC`XoJ@mWjkkoLgnhb@cf(9VsYa*z|Jm6=dd) zWHm`bRIGr_wV`mRt@hMIDLOgRBuOOZ^=LdAT}YPJmB3#zj<3vfkla&pEbOjc@jj}F zl0j{w;|Wv5aJ0=!@n`$lviQMb?;p*Hp;e-&A%9S4jyLw3+6!A=zM8SQ${9(D7t7`< z#poUJP=1jDeF$-UDPVtetq*nR3HsO#9v6i|^>fn62VRsDKzZqV&=$Z9d1fmT4mA^T z4c7>qFmxg8O#q z0@XMd@@Cc8GZqSe_(qy8rw&I3d!@Mz=n`FJFR&DL_Nx8*&m9a|Y$#C6K$bAKL|GUAMWr+9v-x81_#d~ajogI9mi-ZYFp{W8eoy!)Ns zz;vzC!{Uj4*}IQ#ZB07mNqI&|u?d^g^E@`rzVp7xDen6l|5$k!OToyF4>lC^c!90d z2j3KG#iO#@vD?}^qjAzYpS!=3GfWqEkc}0aFPmwaQ~av$olu==ofz(@(ZWTx$PFCv zPwvpkcBNmQD>yl^NNJgU9Q&p&vMSPDkwy#8oqg`Eh$}v@+y=Tj@DduxUfL;E&ri@B z%(GYqNzj?g64)**|7W}VMmMcbBWR};WW~1Bth5yVBU@t$*HA83ESj;OaYf316=s?w z4jIUHJ7t7@RHM}w6`}ZUE_%VOhOhP!Xgl7>Gt$$3azzAc)EK;`k%h8f4l;HR03pQO+#9YtJ2&FIJE2)j;0>nXyRh-L4q2465;flFfmb^z&c7L65VW zeQRPp2n*`fLIhv&q06Dkby;DpSzI-yZgNIG{{Nb!pKV!pK4u1&ZWq@l^w!kKhlZWB zYK9i^Xh%f+V_8r08n%*q_E^%t zc!TC&UqlaRfHrRUo*f$E#9@6VuTa{Zd^6Tm@W3m(quzh(j2G#SBtP4|`A-;*Or~cb zHwZ0_;i0cPu5bDPP08_ zMiMxkGeNJcGz6pF^0dBn>y~rhUku;U4#*AlIE0iqd%&O1DEHsW-MZiHbD3h`*tC!Q zZ%u6nl(VZM&}i3Gq`eWJIp(#Z-_dQ%@Tf3U`XUwMK^vo^pV*_Gp`Il@;}YDt>0zIm zb2I@1b{(YmLtTgIwUv}U*x*seqvi_{`-2`)&U}v+?t^80wQy0H=PgdL!+dFpr3wo1 z-7-j>PE*`_G7Xc`BQKYM)Qld&#>Oe(*cEWqb@9j3NRv$pv@#W(i~^1fJX|QF@=?e! zcX1*c+5YOJ@}>S@v_N*^rVl^|WVh_WyH>G6LL+XG=&8vHmoznTi1#TYmDg*b$rU88 zVkYy39CNu~%WoQ^-8^*kQ$!^_oBbzOgS1cZct_01UGM=y5foZAw|da_UE5R(iZT?j=tMa$BouuC5a z|DyQ=KwSTqpfSkQyM*g?AsDZ?U^l{cZ-zOWW5|7z`{=i7!l}{J$bZnP@G-4YO>5yZ zHL)->l7Y#Ufk)0z0au*9UbW8(GreA1H+obp6+_vvz_hhb5&Ik1OwE zI`I~c!KS-FAKSsdpw-l0CDNe`65n{7`CE`H=^JU4OrYk?zX$xvN>8znF)IRc%h))w z37jSeZDSR17>RaB2F$>xe)l|T(>(}A?m4fFGw`w}&q$mw2Cjvlj@?cHSb91N?IIQ7 zK%QFIl79}8h;lqzw;9R?#93D-W3c-Zfp}fD3XTp4+spt4X(f!P1IUr6i^JJSSzy8ICJMF8cbFnJ z9co&Tn=i_Brt+lnsrA>tJRq1T71IkAi}_5RYScpTd{CH)>DpFvn=@#W4P4VPU0S%_ zxyw_PS1uxm3VmcREA-5Pu-L(0nCq+xt_{&G`g)v|~Qq8Us#nc{E#}#(A^rw{U>|0lLyQLV{M7o#fM z{Gji5&W^o;dy|vi&&QqN%$Xfz!juRMwmSe~{=epGdA7jWL=wR2v?_#o?Atp7_ zNCA$x`fRY*{`#xo9b~WiGmoEWOaXH3%m#W3$7#otXDzuh)e0`Wa_n9xSAS$S}5pY8-0sqHcgZG10!r1BD=G z+PmNkJo5KhRYU_IeNGPUYB!I2-v%CtL_XZl+|O7gT#Td+l`eSt==MY3nQ+*hhp7zx z39dV!MbL#fq_l`ARqt8&^Bzf1_hy$6tR@>$1iyJxO{2LdYPH9mVCpMK>ATj$>e93j z72GP)klRY2;Wl`sNsr|&iW%D7+{HI51NYLJ-@V*@BZt!%S0OE1u^**s$tOY4*z@~H z(L*R{RfLoaa76u4vFATR0Dal48`^>wqH}NBe>3;`b~|tcdcW+c$Tt#zTKDipp>CiA znDmFS`kl$|c2Q->+?xR%aO~PL^j(|*Tb6e5pDc@uek~JZ_j(!0nJry+%`Sd3#zzST z$~O>gma)n1qB8Vzvo{HngIUE=imlm zE=%J+6Th82Me|>=ZQtmxslkYKDEu?-oUL<&c<#nS7vh)3H~*Y$ak;FNG}5K;*QGzx z(p2|e*=D-6yCLt-I0Is^a!_{dx7H!Tbfmo+>u0>QfT%$Ht-5K%bt&IB+X9p}LK?!C z3@&%AIM>A5rBG!ejoNO7B#U2I9g{gTI4YPj_3#8>d#ldJjbvJ9kf?voVKI=)`HASy z0|FA2Q(1}N--(8CMkU{d5Ibhg$^vA6$b=jo%axZDiYY(0j zd5-COMo1wLH8L-(*3-tnRE)0 z3QkUFS>PP?)3T(kuzzc9t7#9|?SIFQMVqQH@jjZ3|8)1bI!V0Grq)ewDKsIxvq!7) zrs#`%dx`o=Im27@pw$y|>Y(ml*`iu1skU+-U2$$clT-Hmw7iqOS{ym#UC3x)x9><=P7m4tgafBQnYgKlN$#VwbCc-#Nm-e z--#UBt;~N=kaF6$oMQ^3wqv4QWoCjS39D>v{A~OS_HXxMMp1;-SwZ;-befk)?DVFj zjZntjB9Z&f$BfiwBZo{0!2|UN1J)eJ^Sj`=an}lfZ!*mG*7J8xsvHSR z0Fti_KxaIkc>hU?;};4|W5Fb0^!D0sOmoj2K7v?nC0X(!M_q`W!l%VnGBFY<5O3=Z zBK02$e>JW5`*q+(jdvBF3WuMl<6MU$youB>iQuPgIpa4Ww}5yZxN1QiVXR1*3KONP zXimnUi~N8ctpg`lebPw&>Q@LxbHg@^(kRB@HLu5H`qP>!eVa5``m?Ldtvy>&8Ts+2s9PE4sV}H1X|XjOX?a~6qk)m#Y=@a z!rNHs_o}jyk3n>OTn$U%7K7Tx6495GaEFU16%u%CRkc_Cv~T|R7%&h-RU)>^4Sf z$rgHn3a;+84y^8V6_3~Pt$2nzL>IIUm-5=eL{O)>=z`#&(2DuhLs0=wYwOon3&^rF z=cp6KOZuOxuelHLb3b6z18_5P`Zz%pk$%3e?;do=d&t51M zHvw5OQjpIOs2n76j{MXRT!ZDuS;j_7$8(Tr6($8AZbA~FjckP~IFt8t>bPekWN!1A zxwh+R$O57ZG-NFeDl1D5)0YqW(5woRDh}L^|DHI^whz9tmVw!oFidvhoU)6w{S($r z<;oz1R2#8f2~@(xY7a!9S(Yfr!wJ|M8g`khr`14yav!%d$Xj1(5eNr)$r_?Nm2vnl z+?JCwIKv$5fXCCnm}&t~;6@HjC3|(wVPq)5rL#fD|94>PYMhE3A6Qur)i+ah^+Z&S zFtbti@Pwi30b@v=FuHo%zb4)J7-v4%w4WvmCp5%C=3c+4o~s4T=;v*y$!=;P5qKp9 zLdAZ_!8WXnmhF=4buE&PzBVOWw_i1byF{ z!C13Dma`SC-H29Ck>8$K3~+Ru{>&JrxVynmYFC}V->na?)y~MAA#2D zNOW)7%1W=7n>rR{3O+xtqXAg3xPWCau8#SO@a#0?O3?J^MjQX!iQ^u;Ke%EP3PnHQ zjFlUel}9;bB6ELaWU40l z%p+#BBes);pP!@TWLOqXU)jH9_FSRSD4)W0?F1E7DW1~e=bCXMb+4ZjT6d}{jar#U z1^GEUhcTw8(enuv5#0kw-;SDBs0(XVzlkhOf))b8{wta%x7bEZe{kw z2aA+P1gal2@wlCA%)?g>lHt>h^8l88m`lzQ0pcP19L$*nGTX~k;T|b9vRA?B!JEUG zm|ntk5xdUQ!tgU*@@<7?1<%TlI`0aZ`7kh8L6VuiF#mP6U4@TTq_DU_H!5hYjsIDVb*!1a%{>8BGUEt?gY#I9;!4GkVqIr!U|B zp;judvgE@23pu+ZiYRYq*}+u)SzfXoFk~GA(I-_x_J#QcqkV+KIs9lsz?6}Ki^`iL|Hn#5voz%JDL7XOQKRTbe^ZZ| z;_bKo&A$a`gOPMoh9-2*d%**%l9X!2q4Q~-Xr7zVoApiVc%0>iHwfz~%OWv-{qzUpWOQYBwQCjx_~&OM5s z<2Vh+l?5LKT?^JmI*rK*U2I^Bj4?`DT1To2*o76!2RK76rl6lMCcJFY zey;!xo&(eOn|l^>O)m|)ED;HLOE@kI(4wd+2m66GQyR%4$^~=%>RJS@J2p93T_=Ks z*YUm%X8EN6kTEAOgz6K3+cDib{i;g?D&q||{J&Ry>p&~o;7GvB64aUbe*YcM^q+JS zP;F=iJWbKGQQyp&9Hcfp5aLb`TwUVkxFW=yi>eVex7CQbMQVN;_z@ zg|I{)W?^^{83hmjr=>GJ8hES=ncFK2Jzs_Ck-FQwluE+4^SijG_=Q%D83%FCzogk-aVgu0kvn{ z^9SfE4%DiLJ-GGywY{hlzsdxLI}_aUX!;>qn>t!UZ>{R1X9vF5*THI){2xoJU%CKS zoIHJQxPGHrA2+r`B*0|-)LW*UkTN0DSbx$RaF6UM6ozH#-qg`(s4v+w;17=I1pfSr z+2W^RFO8)8aIxQ1j!YLoB{Vg+Jk@WHb3KLY^jsuz_vFG(<&71ev}D48+rhw|(#~IR zC@cWP0Cv)pst;mXY?agsiQK)f+h4K+t2^VV@4JUQJ(5>&+u{;Z+KddJvW;HX zP}kY;4v`bAE6xLdUd`6opEY&5Fzl^cm3+><0AN@T&OJ^i-FHYxM}~8enlnUs4{S)Z zm`Y2o-8j8pTJQ=kvrf!U&C4tltm0c7@=h|KNQPLO0R6P8FX4RpI!S8@lT$ISBi8ou zeR&bB4yI)bU2j8nnoV9B>)L7LS+;}!wBBp8;AozLIWe_>^|04s{%V8Amz$3e^~>%N zF#&|UF#ZKALvMw8H;{@Yg^D)W5A1Jo^9;S{X7fV5B~yh2y*F*9p!VPF)xA2sH>It_ zz>?lDVULnrK0~k#CWe$9pZjb<9lo=D{!)>_*Auy_PHK*}V?uLLCiax77q1tPngr}k z;F8F5sFS*a(DW1iJo>c!sO2eH$4lOlUQ%Y;#IH}4dT;$VSh&ADbyrMpa!Rl|u4U&;$s&4V#On;EwFihRj~e(mh?-fW zWv08)U&|Z``z{mG2SoXzO~tbH@P-92n-$fg!E0Nbw@< z(}8ni57NKvn$IMe>dRg8y#79R^WTdF2k*@C%x7Z6Qy@pJ=X#=tXa5Exe7-`dL1y0! z7o{&h115QyI0n)e2UqzRttEW`BM+DYHvzb1=Jo*{*wO&ZW3EV{NhEQC2VNyLD16S% zh`dvFcs4&Ha$&HSdOI43WzVubMoJ@AL)HaB9)ai$mkspd8vUJN1!$r8?c<_dj*w!% zb)Cb-Ftm`Fm2d7@u?>;TH?z8wEIrNE$5zLeb}45)kO;{ioyGSzkh6BCF46v0FpUms}p%-%=T3H6)@_ zxE0kVX{1zVHB@LNXI8#${FWEAWZXXXnc6Mn|C%%s!_Nz^4UV^6zI=J{r&Q)X2$kNC zLKF9ngL1y8nC~HypN@2-7GCO@GVb&Hz18dZk(ef2Rh8dteoqPu7u_@J_T=>p(k{GI zCAp6QDF0`HJG1kW#GjBk0~92qr<$zJ-Cgxo>XWKLEsz_yrO>{`gU>IfGmGi}FPewZ zyNNLZL*Y?IP#f`T1;>mwx;*^7UH_$-ND{Ep%nb5hf$Yz<^MjT!#h`gp`6XPXKD4T~ z;Tn)fS7&X`M4H~#WGJftx3ZGNcT$>A)HN15muSMF`}IxtLeTOn-cn3x&azp|&z$%d zkh(RctE{J$n+@vIhEC`3P}tyx?~Uy+77T|&nt+d%b489C8@cI9=Rn! zp97?S*!!D%IQg7kztPkbNQwk%Ubzk$d}zwL1sK=S^%>tP3P&c)o5V-24k>6t4%xCad2P;`P^yBn6Xhm?2=K~CU?dDIIDQg#L)sX#@= z6*>dLM?#{Or+^J!^FYPI5z^!}1BLo&;H@)&%Z*dR4yy`8iG_(T-N02=s^y+cQ_Je> zz2>0#NE|$I`l-0D?{vY3Ir--JYcKmeaT=QDC94%dwV=^k&Gkf?#M(O(Ev#K@tWet) zdTW^~P7kkxgd70`2eD8jr1={if`%4O0AlV+#gN)i8QfZ37T@}M!uzheQMkxyj>unL``2;7+>A_uIS&qZF@WX&8(g~PhTjP zXdWgeWw6JyO<0Y0tw<5G)xYbZk!fHy_-%(~Tl^~{hoG#;rj6}j6<|#jTI8wK1*^8> ziDZiZ*F_oKdXsie`nsZBPH;}$8zo%p(^wEe>{UEznGl!=<-cy^WaWZ;2I8a-Wgy32 zB*)fEJqSX3ST09^t3IqN+d(srhQvXGw7pqZHACde%ZBZB9qi=|eDCf@IU5e%p}s5^ zF55RzPMftc*h-%gQ`1{`GB|E31#?Xie|Cp7F`G$4#Kb z>Hj0_%>$wQqW^KNLXvDDBq3xA*^OP6i0o^TEz6WO+bG%hCHt0a$rh5`goNy4D{BZd zwn4)%48J>i@1O7I^ZO&s%yXan+~?kN&OOWPoGZu1C9Ma%sSA~%n%)(;dq+Chu`tj zzlvtA0c|U+5N<#7sjfO$4t~Iaza?)%NS`DlJvR1$Kq^~LfPt|IW2pED^>`@%@+Z_Z zAqnz?^H5B(QJ)H#Oo1B_AONExj`v^?n@z?(jz0dZsQ3p{O9sHudy4RJ&7mv&le}bg zh1nOt&I=;v1k)5?J_HGv4}#k8_W;k~X!h`|G5pC}O^Ftde$`kt7F3T{E5a+~*xCp; zas4??4FW=pAWi=HG#Edce49lyduMpsygR}1DQ9waVi~+*g1KxY7i@PLP)zq1WdM{i zG)4ob_%xEPTW!o5gfN~8>z9h)7A%c(EtE7|G5e>E-`t59mnfDcFFDz7#m&U5mT@*H z+WN5*341%h7HpQyTsow{%WQRb)Nx}_9nwAoyKA&?mWpvN1%#OOMD!Tu_4NzAA^UKu>I)vZa+IlhO-v{YzSC*q@2NpeM2 z04qw)^@YafGN@z(Vm^3&?ou7G75)ee%_>b}?{S}DBXJI3AJPL`mcCH=oeWRA&L^iR zNrceCs23;SnMrXKXLX+F;VzDdDuk#}RYKy)b*#M#j-$BP<81zskSZsu8Gc05csH~m zw=eMm3QN}qBFuQJ_P8|k_Y5|_Bz;?@ddoD|zD5k|Q(N=h#EzW6gm{>L+>=Tj45K>& z!DbYc5Z7$QZOMaRvSC)KjLz7->(O~5iMh*IKjx7Rrq~;68`IB7aJPgKz(-)y+n0sx z&mA3vhSXs)@8NF`qTR;|>1G08WiAV!k+#>{3)P&JrE0edbwJt9$y^;wcVaj}0a4XT zytE!kjej=@?6=7e)cCXN`I?5e?L)PEV(N`hCEbIOJRsFPl1CX{5*J@~7|810`bAun zHRz4DD4P;ItpwBqWaA|KV`@2&nODnv&$m8$F2}B)MwHzQ|J1-+$JcWpG-9y-E{xyr z&L}7$_^6L2H=F0|Wb_ACrYL94T2~#6dL0+4?B>Itc}P*DP2dN^+t+9I$rEkbk;zXv z7kHHG`6#T(1##@>xo{$Vjr&z9=YLChpAP1m3=uazw7H)L+vK1hF^xo0Q8l|F7RY7x z27mQV2LzfN$J?Y0cWtV4@D)X)=o-u_aR!dw%e>&c;-b-%EBIS;5pNoYz@I}eIb3Xx zx0bIL+Asn0=Iy9y5j8%oxarkJyz%|4%XF8_o7|*q4qLz7em#>n#u@ac$}G!G?EU%& zQEt6#87+yAV>eXbquk}j+|Puj?Tc_d+g>_1#3zI~{1O%bV5p%{4n^FVC(23F^TB|( zsa_K0?sN(_@+|w#jG%~L)-VYVw=~Lt*|Sjw6>guDYcWMrt_D&HCnMB7tw*L)sPT(U ze5g3b&O70@qx=|EIQ;VRC6=zVm3C;Qf*(1;%!nB{p0E3OJ_I6w?avU)KtDgO34IEG z%_)1(g#|-40KUi(zLblvsd=Wns4tv}Wd%oxBBb#!1;}i`Q?1{0_*?qGOXc7@(#?DI*G8&fuI=dM;b`HoOiQMcQNu27K z^}s+3%N8NB^@lR)aT=n}`;2UKOC+$| z)w7fMbFsJ4&~yGQ>-R;aWNOp#t1IKAw1FQhb?&^IGh5YJQ){>wIC^!vl2i4IY1fV! zYyRs%L1^F$F~_U1{-3U3+M71CYL8|kzm@rnncy%QZdptFenU|vYd<1|`Z(d7VU1Wb z*=KhlOaw(Z>Uea=)usTJkr2rGtKzjJ4Mvhb45q)=K}L6p)8BOYIjo$G;yTo4L>}Iu zZM3aTieG1BtCUpc0wvW)!QS(5ep4iB5d9^1^WM%9KqfLW3qH!;0`Sr-`Yp6V`9*M^ zyGX(B39XNT%|%<|kbw^LuzIQ86`$_W$4%8NA}Cv0gPEkgLns~J0re@o%vt>H&t_c{ z=G6nx(P0KW9~mea&5Mx8opBc|7R7}*efKM(#+gw@80TgmBx-PB)FTKnf3|DOgqlrw zQJmQU5oX25W%e1|*MDn1`G4CG+yLO-oB+G-?&|33^-u&EI=HB{Aj@p za)`+r4pQp*KYGNn0yx9e!ODblqHVm{9@GE2xoV!nU-K8Ef&-l8ad%u%F#mt(%%Ey` zOsIDl>@0Fj2%PEWd&8#~V3DJIIejLIsd4y=2g)86+(9q}x$lzJAb~(k>{7e z>1(ah%<<7qNn=6PH%F#>3{upbTpBy9h{VCSO&7bcyw^MW^c?EDMA?@YOu za7`%`=kG2@!X{39rz!x`X>qt(NR7LDhW6Nr{gxO>7op?MzOjK8V0~{ zZ)V6ro8w|@|7BavGkC-4ZbGHTKMc+>JwWOI4|2Eif}#h|Y3u(#$|X=Y5AtTp@^}d< zXHmePdTRoJ5FbC|Z(X-g3@1$r8TLj%e>NzA$qU&Kt=!iEFnQAMX)c~1Slg_B*Sb2$ zJ^#`_EAl;C9V{Q@z!(5PnWjgppP5emn17?l&h^Xr1AlUh&s|&0#Kj5lbikL**Z$zk zE{iUJGVS_snGiy__GUd75V_Al|Nk_afDTBog{lW)7MlJ`@<49`Mp~RD(v$MHi2H{H zMYsu2@31`l+&>rhxC?@+2)L>!2zC?w&+_Yp+yA(aS^+ZMnd^zfjz1FsI<9ndGcZNh z89l2(u}>@TMvS+aSE68F6aYr{^DbfDoTLUA@MR1H%?}XxDU1;BkP4@1_r}OVi^0r< zlWksv$AQbyqV z-m4HDq-Zl!tn@=b_1J}e7+|g5qECb}u#}YUEchNnskvOL^}-WijV!bM7IGa@;n9KL zmSE%K1K%N+3;`?syq*WZ>jcw_V4WYolP5RQ6O4ccXJ+Zej|8{s8!per7O=W-wo4>E*SS&Il}ViTICqt02NQ- zbinA`Xw8TCE0@LpL$TSnk+$r~xoGAO4%=2o4mo<~4*3Sy<2zWIx)v*iSi~eZe1G_V zdRP=+>ZPvwTQ}AL2evmhdVZ)yElU4ZPzdqK-&4%(tgl2xU+>w2h>5&;Wli#qs z31@;XkfsiV$jwVbSMZUBE>*orCayRC=#CNZeW1)t!fAl-9cuXR@JNw#Oz#!_Z5{a~ zC?$+5B?Sb>H*0jedC0FwF;L|^x}GMXD_I5c2!w4`GN|AAXe zZ#hWJAUJdrV4UAR_n1rmgI146R}>7BjLQ5t{~=+>dP#qgB{Q*ZEqEv;B79p-#Kb;Q z`Kymf)Yr%F;wZ1_7`tT1FJHt@3v(~{Fx_mda^Gladd2=3Y1&rwsxa4bsLM9fN2T26 zz)kK?EC8|7nr`LyaJG`Uto!zj^wPTy>Ow(ktd^Q|S8QDiw5b<=dF0Nm-VHsJm!5GO z?Un48WULVJ=;4@HTX+fK-sAmiPWg6d@f!C_4F2mJ8W}+A^%Z-IH_Yi3S3fSQ`qWl7 z>bjn-_|AE0xwQGjgol%-GvCrVhiYe^5#Ofk1yhelOP4CubLAg3W-Kij6K9Wm{3=WT zRnTrO1Qkt=ro|`=WjT$dFRBS8Z?CRqol9IRS-Y*QZroM>X7p^S82I^F@43oew*+j`LaP4 z#}V+sZl+1bq}ZUxURn%tJ5Bk*`Go-viP_{ zx0Jn9krm55$m#rD^PSkd{yf~s`<6l3k})vI4v)$;U!7dA{Lz|7j4Xu^1-7ld=kq z_B2yka+=U}n+vf9R_jhshv_%n`22irJw@Ja0LnQQO0wCpBkeHWTbkCIQ7oc30i&X^ z%pcJ(>Rt)H=xW5t$FX&nH8K$)SCn#NG`(B?v;G`0i|enJdvzb(Hn_<4^s_IL@Mlw6 zg;`fsxp`_Tjvv{eFBngV4G~47Z@m~>RkC8cA#vTxM@`nn*Y0WfPyzW}Q#wS!fW!mR z=)4kI$@do=yeW-CiHB}I_}MAH@`3Z^SNXtLcan40Uw-<*f0cLl$4gD0bx*^n46&}; zyi$*EI!x~!QLske^y=(H^l0_>)OM|N6qq#R>6V~m$ZQ)sIBcv; z-gA)>?@R?H!_x+z!JnUix&t%&W`t+rYVb3bolGv&^hj>7pGs{pM#)x9q6TB#QOhx{ zS6LHuMZ~{%I&pnR<^wiwx$4#k<$8>T*P~ERAN02l#MHDT`Th&H+}wv2$?y6rDu8vZ z0IJDrttxR*``L=-X+Fb$OOp7WYaxMf_nJV0LzfGKdEHwXt9IO36OK^CJ_hwT5Zcw; zjN$oG;%0U@Vt%OVoor?DxH(4RBSvIL-Q;|&C)N>w*v&s=pBq~UY1k>l$W~!geOR+NF>4LM*KJvPOeW$E7bErq;BW2Sol@gfp)O{ni^@F#o#OWcuE@H zB+*y6+Q#zR#noyxFCBkTTe%Qf7VmtPY(!Af!_n#bscj`I5}*p- zwlC{sX%HeBdzC*AJ*r<#0zB?@ZlK!l8@ZgBb0OFZ>l@|@jm5+LvrXCO*JhjMR3S|l z(23}sW%p<0f+Zo?L(i)rSa1Yr-`(nKX30Kn-p`;wj*ZPW?OeTp#y>QqK(ARL(ECTe z*YF3Hp%iElW>UJIu@LMI2mWzCCw_Fw(#F?UDj`)&3I1{k*a=JH(_T2fs3OI+0oU3N z=ci>xQ-%yR$+v_CZ8gi9#FO9Z6=)9hE7UtLpT@rlaTXM$l>xUta_?qjys1AFr@wu* zn)-WDvn*VG=Rub_!1)ZC)X+L_Ge7$Iv_&%AqJ zGl$UCs&I{_=H<*%{-!+AcDzryCay@aEJgeA@=EocH;Z}KxJNxahqawcefD)EAbY|F z+T7!Kp6rMARO_|L#z$+39AiRYN;d+0r1G+**goyN16+DjZ& zNUBtrszz5ullaz}B0m4)eV>Bc6t1OFx3M6{CvF_o7z`V~V7UN@2wJCLh5p$C1hFU;~uM znGr^M1|zXDK!x5OfFiR=+I%!2_(Am7@IhdLz@Hz-^(kB=10vL7_xF^52#DT%5;#_PNqvWEsHky(^#J5%(g~`si&?Yg^Rkk zmPd`T6G`R@@Qp99>eW@r?>)pO(wO^JlJ143Qf@ok13Bc*W^P z1%d?{GZ+(UcbVXL`%^bRR?*?IuV^E%kFB1=_asb^9C`K`l z4)+v5Mg9}H_~RNq4u1y2co`=xh+RKRk1x|)1%D489-1A`SB%D{nHwOO#Sz)u87fyJ zoKF!A&d4oMO_d6K1EVpl!e2{A4r!9sFhTDln|dtz15r;QylbB~ zAXH+F*n*ZVu& z*610UV_)t`f>C;bce4nDx_2zU>w z2+%NZj|e>!rY8K2CYa`;gHRJcp2@WlGEj#le>s;1*Hq}NW)MkWmm~lg%`Vy>I~580 zb<9!(VPcSoVWaqir!Cfs5a$8O{1-8H;Vz!Js=CfQg?(f^Bd;>VV8eglV|>;SKAnv{~rrV`0v=q z2^{WJ_`{BArlt>x3n#8X#k(i(oy|xjW2Z3AtPf&LCswjAN$Lr$zBu7E@Z_a{@!Fkh zVjm-9I;Fn7zwsjHKJOVxtrr3B6$G1ao>RVf`sjq;1}nuL)d9Gb_gPc0X2o+iCpr1*F5I>3?Uy4G9|F9*Ts*+ncs>C^mo2txf;nV-7X zoCIFVO1Rs3sF`+nnXlQ^6M09$=-mTS1N5YJG&Qn69J_+T1{j-Ui zcXjF5(Vbl?+|)^Yt2}&PT<;?zeq0XXGYBP=DRESWSc~JVk8RbzeC`b=G4q?|9LMBG z@RZBKWe59lst{CbN-(UI?ksS({ONNc#+hBfO`XQeE5KzY2wwb%V^@CvW6XW2X$R4N z$HUD?a216XDG4y^oMW$L>Tj>5K0z%=`nT6|Ch>JPz=i-Hmn$JmJ9@kcXO9rPJ`4Zx z`mhtSujMl^Rv>iKuYVjp0I6)pX)ynao0Of#KWh|~!kEPLorC)H%ER|Ub^Rjc;n8+* zw};^W1!QF}GC8sj3v!8G77r#P2=$EP@!F^wDR4C(8HrJ|xrED4&ZQ>^_iJx{4E8^r zqRiB+)h-3cf)$SxkF4CeJbULHHGUT}y#Z?I(9^iQGD3=?#=&6~;;Ib@er`@vmzn(%}_s6QT z;WJ(6wK0Z&u)v>8^E(#H%ZZ=N-tvK{Fo=>i*rvP5eD!zq=%3pAUEt==w!hi-I706x z3*UtX`72*pN>0qg7Q#0?T;~J&k%aS4L2Drfe8Jz_;%@|uz#!V@ITCv~-`6lsacbY> zNX(CId%gE?w`G^jgcHAbP>Ip+0>~C&Rj5ytJlp`LTAu`_tTlO>P}W)%e$7lButTqf zrb#3W6f1KU!jbQ@qm0u6VG1O0LNrcMu_ZTq|E|=#L6Vx0G1S(;_eFa*-jzrdVO&Gg z*xQlfrbCt1Y;f@6RUE#)$+I%uVzuVrGpa>&(}o=$KZ9!n@#UhD5u|~hG+4hk-0D!D zyYlds$oLE13_&n1y+po9RV0?R@Df;4RaLDN<(!!h2dlQ!IP2k?$6nc>=dew_s0Ux| z|KF^6ZhLdOqBMrHe_NTt-~!}Gs{Va7r1`zJp*Z@b6ob^%@`V%lq(=Hp1?~Iy5i_@> zm%|33hhZ3f`}e>PvK=lT?QM+tTpPOy&d#in5n(xrQ_?5KNnhS}vAnT0nuj#l^3Lzh-d0wSh0CCQ zihgYGO`{Q27ByIna99?VeJwMZb7KR4WdK1>76Rb125cYm{eR+m_age2|_ z+j?iGXFB83>ui|b0+JKfSfcjdbH>(SPNZ z8!iE?OM^ z*w^OEMZ)wfyo-f(?PK3qFeSiHfe?UTFoLit!QWUUPIL8(TnQ0CVS6A+(QCX(zC~0V z7C1|cr1PbiwGly7%{pgZ%;WOCt^SC6&EP;LZr0Z`FXQ>~*VK1#;;18y(f&Kh@G*Ws zpZo{O2&h-%JuobDJwH_T*02F0NVS_2uS4Pw!o>6twoHt=upWVMlI2q{E6B%`fY^Q6 z)eX|~9roVm%i(xqygBgRd@%IjG0**#2j(Y;JG1u;I;MQ6xIZUp0?B6fg*Q5t;Ww;i zhs2S#Em<(Xk7(3bUlvS0=7APu2a{0B?gMs-?3+6Tf&RCC3<~;_ZM~GTR0*15x#Bt7 zdsw6S%P^N}-{)m& zw4GkSk^^9J>!_v3wFOVkXqg4h4CLUB_GiE5N_PQRY(J#N6#*?PeYBl7Q^7w)0tArH z$WD_RFOWcr>AO`B4SD#Zi3&Gff+VQ^XpI`n*G3xHo74a(-h`UI7LJ`E;y0QLOu4Ls zE{MojOt{rco&TULe7rHA|IB90L?XBb%-{|mCUneN>sOmYf%VTGqMk>KADA6!^hr(T z**xCNyc6PXToWO~bC{vtCTk(Ky&dU%8>vC4X z@lpVBs0w2T+5y6dlW+(OK>&iyr85RAq3Py0`{ckvOEdV8!@MDS2Z|2)1UHQuREguce~?n$8LLjK@@fY{rkMBe{U(r;WuRb z02&;e@SnT?Q0E@e;y|gX|6V=TGbrPXkV`LMIXN@NjvP)xxLzNn^g*ZuhdB`Z<)R-Q zg>dXvz&CHPnvYpQ+`z2FY=h+BwhH=Uki7&>KP7C{7YFzmo{C7!Dq9(wF@L}{jI54) z*=-=F#eW;(mm-Mw-+K%<%Bfr%S@ZU*4&ii+TR<|{Q{(b=_38yUz=_uxYUkh!55W&= zYTm8F0P4M93rQG&-pD1uKx0C0Jj1xon`J3;PIBZAEwI80?}ONzxr%(FQlY_wH$LVx z^FQK?@F#=lvNa^9+2x@Dt=(226$l&d?+q2+Ee8Q-&I)51vhQ0r43;xts_5`%f73HK zn#kqf_=w}gx~hL^UjMUE!zE0^8Gy6}%tlbNXpeQR|4p01?rlz&%ff-9F@QQ_EfJYKKw&tal+@b?2~nHX#UZ0BE^n&;ZFA^g|Nt;)hF2lzjz z!u4!*JGE_cX7YISSimy2p_2I`wG&`QoDLws>cO!OGH+Y-3a^`~Ck*g^U+WoEalnSn;rCkOe>X?=eV%BhLq_^!f>) zhCR$-$^IWLwAaY(*@x5>sh21xAiqy=w&Hrg~dp94a z#nxZMANEeufB5*c;6&|1+UxR0_U*B++ioy-pS!LU5=c@!e4(IJw18y0JLb)^v@qJVe*GdsqKR@P{g5l@MUbE6A5*Q zf+wobvycTrfeOJW;8?+rZ<+I0QlDeURB@SdxHIhd<|0P39FsRg6eyMBcHnO&?43Gf z_ERj3IuE?>KX1-f#iqF3e#XHT2HwAyHO^1#_u}`L;vG86^^U;gJhUjp2a-`Iz4JK zxpiXN4%CC`x|^9lGnFBh6t|2??+c>{i^rt*nxzgJ;>`S$iUB6=Ro=|1L7h8jWx1{n z{%&CwNWsi34cYzjx?eQ-?iJ~~-qIq(gk3oMD6qmnHOn{c2;%Y`zC zNQ?ucCn6$xehG7atO{fDVM0P3o^I_!1s?Lt{zIMk{hUD#SMGdyKKpn;y`^_Kc0cRL zsB-Ko$Rls(sQ9a+mNcKsMt|hpQ#&U{tJ}gmt3biqCH?x4ax=#Dd7L`iU2U{dkT}4)b-lo zl4>;jVTz_j8llC)HNiTmKW+%u*mQOA2-hU(q~5E4k_y<_nNydc)DI`bI?TV7GWnee zd7$BXR~_Y9;q11Z1XIe(ZbqObjyY?{5T|Mt_TNP%@SDsFOgHfje5F<}FRZv%6`WV_ zH%X(o@Re>j6fZvT)Nj`O$Ml0cqkz&Ugm+$Z^nytCj&3rn1Qavu>!3vMQ+wig>zzH&e5|uVjC7q70+y z^>L-|PHDf7`r{2v1W=!O)z7R46BXWu{)q+PIch%FmKc2WaIQ%>i8B`F@6>>ZIgyd+ zv7&=AaOFX4Xf-%hV7kNeXP69bhOb{FS3WfGVXz2OG_;ymVpF;y|`rxNRG#+*mh zH(ISm81!V5KYhS$^fcbdrh88MHcxZB-p}Ox`oTnJYe*&?Magup+KhEUCXGc>UpF?t z(l^Ge|8Qp9s#O`c2b3}b-=51XBD~|lHH!VN^cID4sOrVdavBhoTguoy=b(1T$0>eY z#5!!on)|J4`qn;1t5sLF}dLgcYcHcf~#p|)zREI+n-7V)M*ZQ%Owso=iW2r~fB+h~FJ9`69 zT0SG)r_%Y0=fKtHvJrm>HfHykJGe}e zd${()EwjS9k5&87Il}!H9XCTTr@)7S+;y^fA-rY9&n9#>WH%_r<0Sa?T{~jLjDiW?m{oNT51%zK1{_aZVw-{G$2YW8K zA{$c=y^im@iYGLCV{yQG`~mZJUm3w4ef-*?u>b1;ggH~f?I~7D)D0iS^$8nm!VW6! zw~u5*ckhqeKTDy^eD20JkJk_}9_eB$PiB~Q`$=cq9^@8C^~w2sTLw{+%^5^&TqK98Q z_HFC#iB)pm#L%@JwD_aYWUiD^%_!k7voc#Ql}Dc4R}LfS{2jRBmmuPkn?o;0vX7AO zo?OHrepFr@T$t%!!`MYs^~8KV3AMTr_+(QBhez}1`QJ^FF@2Li`!2)8P9&JF{E`2J zn$Lt6_vD#2~?9=L7t;giNP!wxm1etE% zjEvd|+?8vp7HFK_=~&CWS70o52K!~6%)&cIZ=12$+>$gr}`fIiykL57`{4ASe?DAIq+b$=CX_Y;)7omytRg> zTsXCFuSxWk6zB1BrR;T59xNSMM#Qqzme}~8xc+*-Tv+mhoG1D_%c^4DmMNX zJ`B2Z`QgMBCJ7GGy7Q?r)5}MlN|Rrni98kLd=^U;N%W>9z-Quy_g?qC40OMbe}CE; zABN`s=XqT3*t)*%w8Xj8E}olr;=X3ul;KekO+zl2K|w#H`sJ6B>ruP&NU6nsYSy4!ELg*w6YZqeJbzD!RRCFy??V5Kdi8hxmhBrSFL;)@`|$!lXy-tH`Chl7DkYH>xY=UWg_myU8sku4d@cNA9L{NICv<==3spTd0r+h_$hN3RR7@7BHGsrzL#1Gyfgt#Z)= zj)#4;OCpy({w)28&ZNpaMWJNUy5`dlyFr9dO6v(r9gqsp^w1A;uc4A^cr{w`hQuQ; zTU!Cb@|gSDBga^#`?i$4ow|O_Kaimu`}X9+2OjuA(=xhy+zi)i&w8nS&ZdXR>dZ6U zU!aP|26Ue#El}5nzmA2@TzMh>;#8^M;9N!pla~}(%|6M<(X8LhQC!Cn9c#c4#!tEA z^tm(=wnmLku2T{#edGv1s(}9!AJDN#lHj9i#ubC1Xtbm=ru@D)zpGPdr!Cj2oejpr9_&w5SMa=%yJ zzlVJ~%x@WxgS1tD%9;?*DcUtrh_mZ+^?6tI47)*_ooxqcHW;B1;Q&G1Vq@_Esc<9CCjjtnx8w-zow zid3M+1`qWpXh*=T--`ZxojL>Gs4>0por3g0U#*|vmHku5{I%IgXNOjkLl3Nf1Pnfq zFY|Uf?bpwpofgAN$L;z%td&ktTd~ZW8%%P3dIoXi4dpw`nxVh-0p%U@k&$= z^oe3vW25Qjf)AzmS5;f_&Ymmz-V)Qa5BI}`D9nWUR{ctl9gaJ4iAo;a^m@LkC*#~C zIb0FLOpGcyX=~%AOi@bl*BpBDAeSwSb`-BHr&3Ox$Ii{8GuLWk4Y*pNe+ynUV2u}>E0Tqvg~H158M z{rD!kLgSaocNmY+*8Gxi?gcMIdpDVsA@|hgMeA4&PaW+cEyRG9o#M&)I{C=jB1n(W zzW5Ro#iSv76Kp|tf1u9HINZV(dLgm@XWpB^#Is*6xqsCRlXq&oo3*&@xP9*=&1Kyy zh|!N1`#!m(cn4yhWbG2!87%r|%E8fa6gGYIy^G7C3>&{`=EnUOm`p<+PX$K~W%rJy zl;HjyyvQe(KKHOUGhDfx!|mU_?szOjuX2m3@qatwa21GLlxEtN)Pn`QnR$OkR`u+Q zBSpR^fcy${b}k>9h_OfHC~v*pzLfzxY4`0^zX^%bbFsCKK&kuQ$k{zSsYDvr7XSIp zB3kt=!xJwtq`tXc=h$986GoTr8;qy~zL^occ{Z@e&HFkPggMU3J*beM(jv~5kChLW zg%%pX8y(f^o*-W-Vs-4&{MPTBk@)b6+VvQZcc0FwLTpVRHm!5p#=Oby2I?0H+4)Oj zGneC@7oApuzmVtsQE1}NGgf8I%&iq7dBfZO!l2Bh9u7uqC=}Mg7j-KGldg9#&a}5r zi(e(YKi*)c-ATZ=&J+$sEophA}bSW@pdKo#%Bv+4Ytc^qyfpWw_C%kh7Ro+id57 zxeS2j(-DFhIQN8*Qnldh( z{pf3`g=?cS-;U3DmN6;kq$pXG%g!?q6PgPF!=u42$-Wg>;QtC{v90I~S2p)lZq zHyi%E^0Vl!c3dDWCkdm0+xJHHPs+JB;c+mCK1BT^Danv8rQdwdZu??V5}tO>Ahc21R37;9*+^Z7kWbd(O9P+)LLDEY+L9mUgo@_j`+Lk z*}W4+ZE?YcU5qX#iG1u-e|e-qD2V6^p6jm4o8Rk7pj;;B6}xrbva{Gp>oQHZJ(xSy|D!(A)IE3xPHZ^IK{6Iac=#+pbCBXra6#LS1ew=3~Y{yLSR=ZNJ-t-gQ;6*?=w*h4+r zeJ4xYxGtc(;d)Icc-}QlwDgT>BgF^K#!R=o7Z%=2%_oROl!?wFBA1WgAyyFxGo`B^z{ij1#{E8qe{~U z!B(x8P_|M1yz=O}$pujaKUH(fxxzuM4{v_}vbxUUJU|^{$v|M|1aE`P0fm^4?DlELsXP=P@b_VdunZtj%|&n_qR$cJlBG($}<@w_p|_^X8TivMCiEgRad(7cDxh9-r~B2rByw-Qe)Yp`W|V#)ZzfztsM90-vsc(_ zyR*a6bdP)tRkE8{l}yBiQA<1qL_`5D!d>ol&sp*MDfi^-MD2?APN773DsE$Ip66hF zE+DMA2Rv797C+7%R&O&Fmm3PO)6CVeKa!}`+l$h%BcZxfy>IXRcu9#P7}I_3s>IKs z%WGcFY4Zkxh51pV@>O_~o{72xS)6#-daZE8E@@o~%B1Upd34dK9?q6PS$O{KXoI^r z!34ST_qN#UlPgwA*Kv0fV8o_&4mUO`5~+YgGt!=ysGhWcOAsj+OwUWhm+{v01qssu z{M8mHg>p!jH0J0CNicR7XbaQKOs(w^x*!!^O-0F2=3;tNXj(X_+^tw+!O+D@Y~tFd zuaTtH{gyfOq}d@>Zk=8g(MWsDMai5C`>cZuVfm4C3*=|$ZjamCD%Ed%7P+zti-&c~ ziral1x#IjZr#zi|;}WkFS6i;e3`?7LW+0>9SOCiW{%b{@*H%wYF*WJ6&YMMgQsmrx za=oZ6GpNN`+!S%ofccd2ZZg%c&ycX%p@Rm#NyB)@0{;$|hc~^(O50V{gUkz>$E`y` zEm$5THzl9>;$9eeX2{EWohY}U)T*~iX8c{9w3*lFv!~@|I{kdkc`RfYeV2-{qQN<1 zqt@b&r;~-DBtwR^qnVhM&m6Yd&m-AhPC8}eU68ObO;W$1?ffj|No;90hebK?2Npu%yRv|MpGWTtU)*A>R(X!kn$jip+v#(X*xZQUOB$Z!qms}KZ znF*iGf>TUYc=6s>@vFvtqWZ;?D>5V4^pHGcu9sz*=!TMdewHjwddaY@ovO$tx1G0E zQ2VVCyr3Ny9|q^1G!Z(FGPq|}b;hOH9A2C}!zxE~pmKM|L%<#!iG->V3~6b*WHI=p z?CJB&u&d9h9s6~lUJKWp7pB&fQOU&p?tOyFQ+pJhTh^X$RUxuF0wNlX)h>H4FjZ8p z5z`X8{Sn5nY9wPkme?3I7K2zlUxW8$mjDz9W1=hC5BVxG!XSYxrmKgoZMmwQ{@uf)7s1mL9^Dw<)}l?i}ecLjo#vogwa266KOS zRBW+&Mtot1I>v+CU3_S@w4wjv~uRq ztH49}hJ13#@Uh~r3r=1t^Lsz!znv0zMSAxP=3^(>1__Lry2JPviHs&IU&D<1)(5Xm zbTBQI8z(3+;b7yJMJ|)0lz8(c`@o`)f5{Ki9Zg(stFTOQMrO>QQDAI6IjNUy`PYzM z*E+{Z9>t8zF^$WtaRJ#XwU@DOXZnB_+*=b`05;Ijf2vQ#@ulu znrCgdVNI;~!$;_FBNKz9C%+!FEwqZj0wTh9AHv5vi9Mao+GG2k+;RARvYLC6Uc?-6 zE+9|o+!0ac7v)f=^Cwv^p2HC5wH__4^>Ay-FZ)m{e!LT!X<3~%g^nTTv#DSK<{;FLeD}z7GD~QFg(3Fy-&0q^-|Y4c82`0SrtCRiug>wB5g;hGx00y{qLH3f@ojvC7TSqB}c6LWtpy>J3LI zEv7EaA)XP$< zbdqfRckzIzXcI`Va35buLNDFxv5?k#Emuu;i%53G>#T8IAHU7<9A#XQbK58FI1rLo79A1z*&HX{PAf5G66?aIb>mlqh5kMfHq zS(s6xSd0V9J=^b5+g^nhIGqJ=t!(BykTveiS3lNx9efy0?Pjxc$=mgdOJlb7OzuKz z9cW?^b{$r0jpcTeUj}1jWSXwyrHDoMg8h(&!aTJ_A2?=*8nYL{xv)8b42-w#%ux($ zb~-=p?g((k{ePsrWkA#28!$W*0RaUGK|x8$iHI~)5b2a|q+7ZNsDOZ^bc%F$Go}L4 zA>E_dKzcA38@xZf@B3fx`#xVDKJhzo^{MMzyUsB>7R@PmnaSzKf_c8aPR>mDyJyAL zr}J%3wj8~7p2QH~BL()`()Ff}!k^a)w0>EHS0_#YAu?VyEXNpo_M<2L)Umi6%eI^-cC0wmlR#CYJYFj+Y5ZE1zvjT3^~qe(>3MGII)kRx zhz3XuWfzHUP5R4lwzcm9MHL@zYfB`)$?Q#`2EVBrZSjYMf7ZLP5=rpwasTd*Aup6P z>FPXn^rnz1*>NRi_qC=fXGHkhgVv7`uk=ZObIOFXFjQxVdX(3Fv~GKwSg7T#pT*+p z#VXp_WqeONNNYzm%=B5y^>k$%!BoccsohNPfkz1cWD62RgeY_(IvGlA_~Y#KP`CZ~ zx7n9fL*gr%uJ>D~Mf@~sC5M#PvphL?{m^7J4o3=`7pt_`|zt1$LQv z_b%JLWqQ5qBfyNRUnfj+Cv+4VtfiFe98E3p5`R^Kcs&ffxLkYZj3$@6`rLJhx78rD zl($Nvk|cp%>~IeST-6hsM7yu3*;~amd{WzJP|8K*-%D7E)jTk4g+9RN@n6Z`V|OtN zzGYJOeo$HdE9y&|@-w)`>_RH~RP@JNQ=NzC%xb)4{nZ@l zz4zjwZm6j%&DNy^Ei~9IBb!%m=SJ=tnJM;xXRa^kR-#W;OieMlu6&H zrafcbpEVP{l$h+6oBATdLuV>^k)_KZg{i}c>6JFstUBb2RKs@e<@tfq zEJN`laedExjkOiYwSQs(G)KOL7--hqy?sTLBEx+)DTT)su1>@iu3jQqt!Q{^o>(^g zKHg-0B~a7W%p>h`9!=v~`u8Z~o*;#{zjV$fGWfme{gTz;$~l=widekl6+V2z-8oz4 zz6Pl~dYOTqt5Od`Vy}g1b_5e;ME@GO_I%j!)_13Bj^{1g;@@skKfr&?un3g%rNz`m zg)-wuKheH^91x&DjYP^0muGdvTAd1RSbKpju(u)o^&DPVmmeVRgTn0&j>AH-oG)3E ztxom(O!r)sg?zTKeZoJ|!xk0T0OYFR;*V!0>d>v5Iv0+Aok`+8dbJ;7Iy@CeV@_4(uiEF|q-`RC^~perY|Z)6^4BB)faUUQYBT@uXUA zjq*G_SsRgqSkD@pr3*{%p@=9ct$ZW+E6s|e{OrSIYxyl=^O=rvJ9BAOnjxP1xw6+Y z{Aga}{+gvFzlC}SH+|odQ!!P-6?Da1b?s6i@~v#|w#U0ke3W+q*ONMy9(k6bK|wbo z)yMh-uGx1Zg{D@&PdvZ}V|5?0X)1hl|4ON2n7)+3Wy^&awrTPqN`L36RL@U49lV~X z6>0ORY}{t=Wroh()ieg+ zJ7)5Y>};hq5*ec`XoHB7(>!^D3@qLaB)PlE8P8<})+_O12Ez_cgbS%OH{2TQq&11v zO{51jb*@Pk(35k*B9X!OoQo)=z`Vq+`a}IAktfV@&1fM}FTy5`CzPiOo&igfYV}?l zaOvL@p7vRL|Th4k`E){P05Ip&JZC>wpg@f-$-QjxB(gc)f$TWFCB8CY-@ z=eoSIoN1s)cnp&}MiCu*MOH`8iser#DpO0h6%}dnomKa86sx9%!d$xy^mH~Q-{ik# z<@(a1r7Zy(G5c0NCF`q6w_c^x!_#2Y7mIju;vzkA}B==syHfB|v3QM|6Dp|H<&%u&0P8XOrQgAJtPB@&{999YL3 z*YbAcARtdU!Nq+_UZ!^+#6odFAWi`zap1SdG5naY$=z*QIsX`R^LSbbmy5_%CxZU9 z;>qA&pqg*-f@NB-Qj4;x!Ld+34+?LowKxw2#UDHZOmx~t8aAoyufB92Sa}fINq&Y_ z@P$3>D&@Bf=Sr)zev@w=e?94%T6#f&1e+tj0FczcnJu39N_a?|U|ewP?H5DM?({`n8+CH|`v#@(Xxh(E z-+TE2EpM09+__5@g&T}3TE!?c?`rF2C3hUc*8*iBvQf3q^zQy_;$ReAg2{ZU8NTP_ zcKWObJoU7zuVpQ>n6h)=mu&KVV+leZHBNL7O_Va)K%^w&4MA^n*}=D~dl9%{j!nB# z2ko!5!p);^3}W@sFP;YwJWF%@#%QtRx+8V_4se4o?!52&xPY|JnT@O1?M?xVac^>> z?-DijLUJ6Cd`y){y3Ik~v=6&^qd;}@{(Zf+7eASgyVhaZF~$CEA8^ z;_qB(3AVFZE*M8l5&XEea>Ua7dg&`TOS<5R^d>{I)HwV5uY-MxMWekR{A}N|?1*(x z?j&g9Y7o__s!tQw6Fi?vI?dA4(Pd@6bkoF=WIR({%zcIHTI(LE#M^}!3&>aAHlc1@ ztQHX%>QyWqgJT}%ft-8I{kS!mgHsm1m%YXQxJuI(&N1Y!@X?k#deJ-jTX6qJ^}J3K zjEjx=k9z_Asl)d@@(GalRgWf){A(}Yq|kB_UZeVYuxi%(LXu!%VBm}Geek59riJ@naP_TnFm*iCH$gaZHK%xu{5dmT8~#n_XGj-y zOvAEuB6^b}bW2;+X=-%7oZIEwacPn{`XqZ&*Lki^;JJS<>aq2T?!eDS(c_Ii`&zhi29K{ukiBDl~Z%=kQZC3oz#sGfF;$8thS{(1ga4IW)S zPKttBza1{OwfMI8ZF3<)bI)>|CpMzmNkW?>$BA@K;Oww428Lk4PZH%JoQCgOVj{D) z$Ax@h)Z(&oS7UA$V@QA>Y_w-#t?gB}8jVoGOIzgP#Oe5|=dy5bgRm64nih{k05!%oe(lf;c@ zYjh@hE%EoIYN^%olhCiXaKt`I#G4{_E7FPGKM-g9)c);zUpG{B6nvc#g{dKQd|*b= zTlJM_+O_=aC+YoL%I~G+2ZU2@-#ze7mv5~n|H7FZ|3thyuq62C^tI5dO5iBbA2E6>yB$zO2#{QHx}=vk4eA#HWJJ(E}Z_9HIEAM0b}+4Dv^f?)yXA2^Tr zXYYI=eCWBH&MJzdNDh!LI$`c6Q;4?ZzSU5~IC}LlQ7#4IApY^&O@xQxz|>yCN#IN; z1IeccPn0oA5bv(#^C0jV5m>=KigL>6(xo$+!iJmY=Ea_8)K1;MSfGcKlWGEGVav2| z?n60)1=?1X3XprnF7HT3eqPBj842sRQVws7LcnP*yP9t}_qe+pQ|&ODR>T&*T>Px1 zi=nQ{?v1~QDSWWCzz1}mtA}`9N3FPZ?&({}6v!3j#Ox5qyA0oMhP3_^;d;RHs=x1~ za{f)YJ_D4WG70+NycV*(Q0m_LyO3CQ&YQ$3YhI2d{j5~5e#+o^G`O<)HKn5Gy7Jg- zg@?qx!D#;p6_o#axY$|*d+!W;+1tFP#HPhQoXD9yAy%MfAUUG_wM!f2058-#Kk^8I zgVHD8fB4Dt)=vi8CUz7?tc9AGcVIw<05P9}s%pLSxkHOpA#oq^i|!>WX4I0v(k@`bqtR-qOML}GuW7n_Rl_?t370b>SrAr zoi1&S=)s;SFLd=@T|W9O{BGR+{3@eDJ0rAyNX##^-wvFJ*R8G2!oS?Ws`t-U{OGKUH_5l zkqL2gW3ngVs;(f7-Bv%<`E!3!_}Y6q#^&A0j`4xWEjF$@;&v}T{NTZJRwj&<652hc zJi4V>)KSfv^hTBDn_8vi4+O3w^l?_Tx}2LU9J7zRBq^Vyt6<(GLGj#+chWm5Otckp zH$*ZX3W**$B^NKO_2CZPF}Qp_cmNUd9kbirhB6z@q_1Vt1 z(H-rtF+NR~p?VHSZ5mI~-AqwFdq2I^EpC?{k0l{}amIB9_S@!%oDsB*d(;{|ej$7X z|Jkq*u~`m%dJ0$oq~j4Jtam`T8}$39Td z%ouJ`QW!p6G`|G3*zVrb^gb`u6I~pyi+on+`1JQx^~GBvxWi%KX&Ir1iZnIB?{}iO zeffMpzbweS)P^wRU7YNZN7VbV1v+Z zd=Io??#Dt6s4wCnYU1lZP$Ule|EuG#J;T3o^F8suzTvu&9RQ%v{Qsrye}L?$VDYa| z1Pj?51ItqjOlejQ8%8S)hM=?gU1>mi@H9V4ar*heYzEmPcg~HKlc+1Zt&LHZ*h|Nc ztLF3WNcE1R{JG)u!gD%{S8$io%c|2|?q9;e{xCM5AY>@YKi=CInecvEVv~D@ZDT~W zK^r{6o46_ESxGl<#PwAk&kEP)vKX6~>tl@+p(!vQQ8?-*wDHFwu3!v0?GMh$7W`Zg zS!hlb0HtMh)L^sHSHTynLikpF_dA{Pde^{OA1ko=?(Wo`x$stKco2)~ z+HYWz3yay!v(ySwjA5SBebqB#U$y-7l^W?g=DT_Cg=NX(+?VBL)pn2q<0_@Fm_}Xw zkxZXZq_{U&cDTAn;-l2s*2m`1<%FJEEt^T!UP{nzStB4ZKS1ZZ$_cQ-0%m5{-)i8w z+*X9{Zcx&!tj=M&)B2!!PQtD4``~k??aP*vxcPwM=O3x4>HZ-{bHPq=_*>yQYBdKF zm#2&`XLb|9i*-I#C3LO_V92Z zsG#71kJrvD;w>Sl#c|uz8yrBks2Rj#sTP{gcP^?j#mUp7&v)m|l1@j->Rg=pud3hr z17!(g$h0xhsrrCbn*-$TJ=nW3J9FV$Kc#baDz>KW>(<2ujgx~kwSzw=rt^lDP- zbQAiuHCgq_pkh8^x80JM+>%_~HcF;z;5oc|?NvlNKE^u|+4lD-tCDS+Qa|TujLwiw zZ}68#G9A)8pT6JFu$l4YF(Ue)eLuJU-ND!#2;{l`$EF;2X(e)d6X)xS;qHkEP!h=Y zwWcd2XELZnI2EH#@v)~n#@F=`zG&X<6_uTBd5e5pe>t1*2IaI~t;wMb)lSQc?OWO& zFRDxSO^(P?6>co#yIjmn3rrQ95?8adV25P~9>p%w%-miZ0%+LikS$MJh5s|MHqZHe zpWM2ZjNr{b*VFfaF&KQXb~pb^B=R`v>hz9 zQl+IlB>mc1QWMqocFgc-yn4MY=TjpCHjx`nzQw?uL~lIJBbS`XG77rgj)2_6elukmJ{$d7wPm z0_@K;<*UcDO{B^otCOLq&f2>%Ts{$3RZ5lV15v{o9DdNfRaO$o@anxEYCUA}RbBSm za-%pQM_Qioy*zf8C}Ot)CmKripEn&xg*>%P%fX&E-JhV2IAEke}UhBwEc=k#(rn zG!=_H)LqsY@lu8W4C$ZYYwrQ(_!xn1_T5=D(HDz@HVwIep*d(D*^#`0wBSgj;kG;^ z{_2EtQ*WAFT4L0x`gAjQoICORmY$@q;8mQs!B~Wyb&y0_ex-X=O`|Xf%8KEIQGX+d zw!LBL=e^3>+*wj0QYI&rs7IMWK5-wG0F@Q++vpkDR^<}Y8#v5asLb{e^=gv&a4`Dz z<#6+T@q&ke&3*l&O(9LwgKf1u_0zX1p$E}Os(l&p zO)y<#v+#|)+{}4#rA{v!ljw{P-BLX`b~OwAdVTTtxaYYlwsyjMX+P&Sb<`MQy}@Q^ zuMgT*P7HKmrH3u#-+A)F#{vBl7}u96Eckjxc-^y-kK!GWhsy%tLnK zy&R+Osl?!k*tV9DJcKtgn;<>hrq#QUET^1Gs+5xwUY9WMJ4qk(d2eZ7XdE%RiMS&n zP~b?9FN502%L}-umZY|O_h;f#Vbvar=6cJI>$OYzSMS6oThKlXe2tV!Vk~_uWvoWn z_V58M#5hT!qT-hH!!GTcw5lqV6%-F2X z#C6Qe+p{vePO12BU_D81f{s68On}YG0`U;rawGb3C69Yp)IF?D(^^|*a02|voTq9Am0ib*gQZse~E4KUf>faPv+Lq zinCQ>ew!DK?Q?gbOQ0M1e90Kdb@4Iuim)uec3Mxs6?iPo*%n61N zebk9rAlmX$ImehDp~@cE~f1mrH2U!io{+N*|BP{2qJg9Naf z^t?Y$y^oiJ+@|s)EDPDlmxLTXycOBek*R2&wl3E4gS~6f3F)D9?(jyfOq*ER~o*)ZQ=|t{BbdMEx6N|Sa!BUondpp(~IiV-lonNMyLlq2Va{6NU zT6(j9*?3NQOAFhrD>li0LlU0B$P&RUSjvE^*hW0!XKd5)W&#gWhNR06+d5% z(-61-v-@IaCIpJO1?;?`2DCXcW-noq$b2NTGFS`iM~yXzaW}w(>MGuqJG7hX+Lxs> z@L|9j><8Wz`1$ly3E648rQ4z`IBnG{VUe_NBPSLgBl(8P;0xpgHKZ&`hEEHO%Y(KI zJH99_eLLCuE(Nd&ir&AJkWQsH9mZLkBeZSnf~=>1)M3RY9VW`%J4Kgh9a;D3!;*Hn zQ~9xcOQ+4J$7&*oIJ7j~xX!%znt0a`)gLc{iw zH#XHGMovRyrKq7aSfQZy8BV-ehQ}+J+G!*AfnoDpL@bJ6K7mgBOD#EvrBlWz)q#fu zr1J4+PV$OZci@%LbGc*a`m5RTduHtXqdPOW7zPts?Ml1u`K%&E5?dVVn)-9PRiyZM zmRl$V^I$jeqoh;D^`7P_ve3(E#mf$BL1n(olc^!w@Omt zNSl+(y5d!SgP)^Md6&|OI{#c4Dbn~Maf%$@jbfbGu4-#pESu%&q#XR2!OyA4O;u#R zO7-E_=vLD97K@33j^Fei44}8VCz43ukmC3_%_$w$>=bDfh6sV`2S^zSly%R%OP#a$ zM1@M}ilA$G5-nesG|FljUqhY65JkC?|8w+h`LQUO`RYX57R;Jl)lzph2>R;5I}vkX zHm_2P3)2(d^gHbX2VSs8Oh@DOxiVR5O!=#@HwpLjbyMzzUFHGka85qB?k{Sn~G>5)kc`Eg60(Bo=uU@z9cXcOsKv{G^D{s zRN>|)!n`s#&&L#I{XpNWSIGduf?A|boQ!n5wrv4!>P;<;+`M3VNHz*NcSQE~-m?Wa zWMMLOR;EAFC!M#U%N0D-Hnj6D_w@?7Dl)NghD0l~Xzw~Or+j0Bk<9>yTcb;AdAOgj z<*x0uz_h}8#gY0gB1?~O>MSE$2CQ{zvr2_?f9U8e5|7LJ9Os;}tnuz{*&5r%jGrR> zw%wzc|MiK0#5ul!3m8rt09HRDd;>^fAbuk7M!^fV zoA{dk2%dLk9-U(;tMT#6`~5|A`qgJBuk0WnGLT>;?jdmC3#eDoB5U0B`fbY1y80H+ zh5l>_edg;h3xf(=>v+I`Ziyg0rS+{hU*a2N~{~3Fp45Yxp)AyR4G_u-Uwh}k}NUT6T&T7I|uTr!) zTJ>gj92d>2Qf_l=V;bJV1SCbbYSj>iBV)DdgLPYwQK3TOJ!-jXJFiyzjAm$u)+?#D z$*vj`w6!*EzOwgNmJ^R4x_Jier(Af}m@4b(U2gC7T14&J?&aXr*e5AJp+EOhcnxHQ zbZCC6^tfgkjux44u@3X!6c=ph=(i3YOM!4(B75Jw(~r&9$a9pxQjSv8a+>u9eJlK1 z{fgmcB}-#+_o~vlNleY@@icneGGjKY-M>5#!5x9?cjc@nDol^h_DlHquUk5)DTq8I z;0mHs>%AfHaL3lreEOm7{dS$}1g!#Hv&s?d5yf>n+Kn*^B{xlF54xh25?U9>K_Kx3 zzXIU!d`!gbHy<*iJ-O8@(fGuw@RWg^diqpsOdE$AVs=UpMyvNf{vw}|?C3!%39tEd zKRxezRwnnkoV7Bw;OVb>(8q0%sODno&^cS2L`MVxD9!NfV(fftwsF5LfJmrV@meZR zZ1S?RFS0HI9J_pePct#fxld=WgTBeO{AHf+^yVFkMPMf_S`(H*{>Y-{p`D~h7Zw8k zYw-sh2vD+}wj)E(w}}Ob?rqMjkA^1w;bo|@;S<#Qf~c3to9O&g3u5wq_&QF(NTkMF?WF+&Gnf7Zy?(y#^5!S!n1 zZnFW|$m-*L5icdiFo+}s6d>5-_yk={2gu|DgMTpKV{&rM1OvAD@zL2$fW9SUYxj_& zF))kWg5vH1t=fP2l>vIWrTWiT0olE(BWVCp)6f`YvXdiRZytW03}yU}{e%F*V|gc5!N0xhCg zBSzXZh0w+IN*m&!fQ9Drrv*2a%bA%%u7e(kW}D?EcNoEGuqdEzx7o3&rG8vre*7LS z(9(6Jk1oA*Z7X@eqnzpNlY1MzBg`ctl&&8C~ zO~jhnuV8sVpi8K=h>3yL_EIBKyl`>88$c&=PC#c~uQVcIoR$#CD_~v19g)Z8dwN&| zAo%#@l(pBVIQ?_~LAe$!7GOVT-?pSh93d(svY6^Os*C|dhwy7$j`z;5^IpUKtPH0H zmjT%YK0Muuw8wc`sBbDLA0KUA2rhV=6M{+{LliW+{yv;B1%a+EZB^FG_y3xz!RPI1 zO#sqXbv2rY#(Tr2g`1}hy)nyMQlib|3jVaAqalKX5zZ>mI(c`_{Ro6dfyPsl` z`9Pq1cGe@csawA)H0P$E7sw*FTsFqTi{v2DhTTrku=><3Y2W%IiPy3y-{%0C5x-k@5&&1nOOZh;7j|)e zq0UE5<+{lR1C2zW=MUTmAs0QQG3J1Z27Ah{fu4gb@Du+2YZu@pc3PRFugA-t)as@y z@L z^5cufGy#+H1%}&xNH$%>tJY!D{TF}emBhpY7Eu~uwpGw}1#~N|)-0P}Xmw`L;tz0O zba3sI)@jDpNdlD_?p4FdY5V;UrQFhxEVTPR0 zQKXH$33~o9)~xn*yU`Ip{e>cN+ngGl{Cj|)9B^a0CmjaZLvQ)NtS+}Leo+Po7$B{G zw#jY(LvL6vfaS+dD{6m!(fXo`4K5uRf>Xj#c5Z(U7gmm9`@d>xd&8So691t8?qOv8 zXV!DT@&B0zH!eVotr0Ah1Nv8k55;1%O~iJe2xiakGSytGYt6Odds5``vb7w1BpJ(dZ=-p zm3sQ9&Ixf_zCr=A*3)drL(syP4kPYx_!+$%T^yYuPLmJc zKR#LgJrMu3>g*8r(rd@&ER7gtN*10EzdP7?e*O$9<~N*e{SDTGaYA-@`g*_}H#IBU zR;i<)`_flI_e!=?oAVG3djg(AoCYTrJKU}MM(684BoR3*7`!w*hi=NyFroRrrAO=R z3@p*1)D!RF1MAGJP2RWS%D4iDwVwUV1YEkcokspqS%}QU-r>9F_B#>4CA)OJH*EF0 zxZx1ybBXuiQy9imR|ga3({TijBg-*7TuVzr4DTHt9(Js>WQd~{xfTpp>dSIPW_FyK zdFR&m*M3Afe(+7aw?~y;rT}`A+i?f?D->OMdR7GrD6czROTcWC`+Ke7mJtF6 zx%8{-i0>BlExa^oa#wa_-A_js%39%e&Wk8x zp2E8QnW*&;=*(c4KfFH^+Sq{kJ?!do0Dgp+HCAbfb~xE7lY}p)Dz~OPEUvRvV|=ZB z_Q%~@#=9-*2n2TUQLqC`#Z{eULF%$TSR(gj+0We0FJvm;Ezk)@FG-YqxN}M8oY|N~ zJ14q5;Ogs-p=r;_l}suhT$269kt4gzIi=;Y?v;@|Wl+6_gQgR-W-g@_G%r7*Vrbz!6{BP z=%d-h^n$Iz;cPEgMPUucdZjh&c~QIXi=n*3H4P}zL!T$nKbmXfyf>u8WG%uLZTH}f z)@Cj-FClb3X>h}&RnFM`Ig|FNrHEG zmV|q3J((q4l{}1x%$USbH+x_gtq@dJDs-)xym($)-IE!MQ-z26ug@i)t3 z^FN}JU)_Pj3Go93Rqy%4?X}Lh2^Z{g`-^PEN~8v!ipYcyifIM4ziwpg!Dg-bY7PnT zM0VUO&X!?TEaV-V9o`nTA)vU%vo=zXg*Zz>mL5!vbkb6hUd~N;LT6tjWteYBB4;EC zq0*tlvS3)Ndngr63&7ZOE&TZql#TO=K{eR<6N2hu&saBl+B%2QV#b)79t7i$c~nA3 zn7o)`a=guo9>)$1CVZpvE*w%e;}TXWGL!bCq+_bq6U=>bN?6Q;_Ib9YM})!I1u?vm z-e1Y?QRpHO;ODG-D3TKob43c&jWO4&B`?l<8P7-B#*eu4-yESjzn7dyXTI5LwRxef z0PaM1L>3}fXH0z~8?lqw^%acq^r9jQSB(1n(wE+j;+qr)+69{QNd>Z|RTGljVK}dG z{LTOV;ptv!_zBNcODhTf7+h?!lgkXGx;t1AJ*LH~W?NHWbGH>O;@MKhRoKzQR>7P0dOAk>i$moyJHPUOX|jY~jxgNwAN&1b_H8G2uTXo*lF_Gd zXeXGpGO3b2p{C?jzF9bhPTS#W3-RN=0e-%|cOq@LC6agO`Rvr|?2g%c3yb-Gk{gvK z0776uMYFdaif%o%G!r6`TVMKW5X(}Qc3kk92#vgD=$B25Ph%*OE?dmaw^*aB=Pg@U zf>h?CmEh}$9keNlo~9>eF6r3=OY#wQ5(j^Y{02C3#k8WaTF8&t&4lcx-;veMiPh!s~udH80hgIalU?VS(kA z3num|Ji65|@vC=DGseTS#uq3r3MJ@`xsH zdY}s51YME1cX2Ze3V=wQJqw0rx!O4C%gr9Pzmh7dX%SBfeR+3puPEZ=dF5}#*IAhd zlC)W?UIx$jyjN>9IQJ({w_h4u>Gbu{Qs>rJg(FbXwC?4Rg%1}Z@2zBI-h(U8la28c zxZ7qKh3q%_5#pa;~sPotiXdXsBt61>}JEHDvMHkT*0z90Y+}LEIu!eyguIa}T8DAW?fun6y z^u_!TTi+^l#6;M6#HhPoLOa$S49zXG-$*0^hQzjXsKWgzt(!6OV;`8&n?=BA@ZsBR zWhgOq&(BOrc{7(b@_d$e2f_Nj;kKE+Ia;v}l*G(P7i&WvI+0;d=3MD8{VlI^Jw`M*`=tpZY9WnT1F@kmU zZ2P_H;*4DOnvQMsX3o3jvKiEbTlEPo)=7ZIh63hZo;v0MSmSq3_hGc>`#1X!{}QBe zGYsq!-PwfmBJl~E;Z7V#G4$M+OTa)$@C6jT-TWS7y~KFIse=zKLs1SZ;!tv|ff|L? zAX={5sj?5SR?(_PdE0Qg4S@!wMsr))qk%}zX2jvOMqBy&PDpCGE1P^gJNH|&q_4+-&)z-2Wj4e_+MnAjyyy77``}T(Kqpl3K zsi8r-ZXsH^`*#FCSNoi{H+2m+koBt8O?;X|d8Bdt67vwjbF>UB%MwoqRvbY|NRu?@s3?-7*xY#aFgkmCpM$)WW9Nbs6(^swFU z6-Dqp&Vs?T^JAI7Hh~mOxRW&Gs3p;PN__fDF~vO-Wyz9^&rJRaZwb?UR6R&sl5pDAQ(=^92@*u*k@K9mz5w@LJ)_E z>6&1@=*W&{Mxk<{tW2s*V(S{`Ms{>|Z;kWZ5nIH-v=W@5X3yc|SIZZci4pY|U`a-8 znnU66F3+6r>GM9FAx>9a#8t8%bzU(FC#pN}z;-k8qHNaYfit}hlEPp&%L$q+bw~}> zx!`+Jcc&V-0|#~kjtMnyLVK%z>*~C!T1z3pcV%nx&2tLSsN(<+clo{YU>B;NfTCyE zwc-i!o?93PZP{LnpB=*#a%A-j?3mdFlYODDDHu5q192&4sHJAIBz()@t^T&=pmH+81x^&`qp?d}435SxVQUvF*Mpzqid;ZtHhK$CsW zEs&iE*@jqeva{ADJzU)dlNGu17<;dBwbfkW?>$(P?qJJNeHL!F3@m$y2TkBi&4}{- zncGXcP^7>by8i>T$h=u{utlGmSPkG!I_Oc|eUl@Xb_~|^Y1)vtrNa+&9oRWylp}vV z#pzYNXpNC#__=T!_)mJl8E*en;J#|3s*W8}!G`500uNsAlRF>pY3R_m0`oeD_8S42==`a2KP zEiU)~)%`lPLt>(EL&{#%vs#Vw+%a#xI;1iaT~RDC%!9wt2aysEU9-6@<#PGEMYKLc z;e>53Gg_SEnR#@d#(T}Zk$_t~EaIfbdcj`n%5#4rD-HLOls(v3dQ(Vf9vsdW_|@X+ z!-rcCRrf;DlY&Mo36m8b*bBVA1mw{D?z2~e6r}iJ7dP)@BK&BQ_z zMn~7JCAFQkn^UUVx?;coaK6EGO>)iP8CXR{lEXcEv+MWL(rbGX(e8@(#O9rN!bVco zZf|BWZzpm#x!iTkNt~KIbRG(qmNIG`Kd=(GK9A3FGH5p%u=JLPYwm`w(di(=qZ}~_ zP$%)emR(KL_YCv>=tO9;d_TM!>Y2aiNB^tQ43(HHHuKT5evpN;_6UQv_-b+Uv_E}0 zBGa7!2v^f zG9A<^eW%~5)EPTJ);H8Im5l7TL=cBx4)FQSJ=^1PM&CMyytMAV zbMs)qv_Gw3NT?2Xq66jv8TYjr>0`wN-d6rzI&4(Xq7s4p&geK?cpYW(Yi!d+lFz`F znA#$Qr49E3M)7NiX~01H_agTbqp23NZkAqVC^S{E#*ee~@Ui2P`%_V<+ z7=vyAQ9?agU^C>*^2etO${r4B^N6Bf#QuUl ztMBzJ@_=6 z*mL2FrMY)@5x-}$BA$8S1%C7oA|UWDAmGQ}O{o*11Q)GPWd0ZBkDUQQC~^W64Kw`H zI}z|mU%m79S8D@WBnJQ|?sXwD>_0MD z&j5g33i?})gR8Lr{G#>(e5L=e_&?%uLV3vi7otXBHGS~qAGCn_FZ~}7fqC%z7lK8H z{EZnX$op@;E_8L7=x_07Is$oJ|E;U-3$gu6mj5l;|Nip5Q2oECy0EE#!30!#Uj-0e z4&)yba6$=`{(tN2JB`;?;uFeg0A9WAOoB%pl~i#{UxR`@I;y zgZ`+#%b@HY;8%=)3&hwLw-m3%lX4C8D*kk7c&FlmWBi3>Eic0g3q7Egw3Fe@;+Lah zPFZ(8L&318zxd9V%jrcu_g`WSRe$p9R6#^McQ;4a?@ja;(rMMYmz1fTY_6@nnt+U{ zRkn<)8*&0EPMjOh12g5D9-4m4Dz;scw`t z>Yb<0qamOxY2~nfhPTDYN37FE$sP7nh3DG%#HjI9ey(i?3xprG+0aWptJmb|;2Wtf zk66>}H6YL`(Ja2QW>!kepjE4$Ig{X-NLPw-C_~V{C_K^Unc>g2ZDyLp&AeH1OH%B! zXoQ`#*L0lP+;>4ptR97Rdv(_gEC#%u(#hRS8}+E35+a;Cl`Bc!g0!u6j9~o7+*-ZK zK6DfMQ)plnJ-2OJ5%jXwkusYN8P1W%N28-rhRTZ#E3Iq-WlRX!?uHDA=kDrn=s0d2 zVqqapx9Q}^o%&W#rB+7eZw2*_lkL1W&Si>@d|&A8h^@->@juE^%;}Ao8R5JgK$m zxnwyJj(1Tl5<^-M1z`gcyp>+~_0%U$2=g_KVEeHWOKuISkUZT|HS0dNEI+G=EA|T8 ziH*)&$|l`s$}R=9}p^;MxzX zGHEG8z~J`j*{PRXj ztI*L-Tx59POaGXV;lYMaoRo_@)*o{2e6q67Znm8X8LQpiS`E)VTDGdL*ePZ8skU04 ze8emVf24bVw7s+(f?X-GL-!vf6C^_0nyYNiHP1XCd&0B6RTQ7O@L};Web6d&F=<-n z>QfxVeRcoLC%oRWnLe%MsO$UjO06eis(Huo%bsCCMTcl9A}iv@^nVFBn&u_xS{sv@XF(;GL&G; zZr4s=2z4vNxhMYTDjfuwxj&+OCP>8u>L7BBc3ik$`;kngiP63a|k`6nF2#uDY7@$cp7Z>0!ET54BVT2$2!Ww!>PYg zv|klcsJnc*85w&oR=>!O$v||PV~m`zy&arXI@I6MVf2x=?DYNA?hO7Cre#NjFWox) z!5!Tm(Q)@Rzf6o@=DJ@9DnHXJ6H}_-%1J0YeAEua@L9^g4nmf=^15oyYO)LGuBB-o z!qi~izS?TJfoX|CFY_n$r4Dp=hq50%lNn_V97S1WBc8LUDXM+Xe1W~YlC-FWUC4G} z9m)Dk2f~Q;^1eklMRKSFUvb$FLrG?*hQD>;H=Q@4AwE4|UP&EFzOj>~^tK)Fjpv=`77BD0C;FYxz$s05fBvn*lSq&KI3GA_*z!5k*MJI%&LF%bV+Vuk6F+UT(dg ze6dTAefDbW`#73+X#PQMz#XmYmwHb$F-;5(VExjn!!4?l07y{%P~eV~wxtM1oa4{W z&K1m*xVt%-FCy-DxU%Q(G{m9x=lDQ?N8ZpV`wA|qk zouz+wHtG9UHcLrhv|SfE2%h=eD7gj32n9)jOaKA9pM(_TAMVpw_eA zXvjdAS|%RE+yoRp_y9jVR&MH_a-Q>CL@WX){2=wIXYKh{kryvlv!HSr;F3`Lh@093 zIK#||&4^M03crz7YkM*6;)zsg3wr0hgO#6t;+lg6M^YYX##qt0dC3kEXOgK&H-sy(y9x76DwgsefQ9`k&i+NQ>82{?u=^OOl zH+qT~nDTm}ax@0pmO=uG=l;?@9Q@$>6-4!tM2^wZ{JS}PI*k)FGIl?sxXLt#RsJ6U zus~10d`w(%DI9klM8uoj1U3paB30-Hhem;setqDq<%+I5p^r02zYRx@?aENU41AQZ z$-iv-&Gh*%8Ru85%srh;K6{W3xNpUO2FDin>tCkhNga#ln>2XB{>8~PyV#dY`prGh zM|nRrH-)*!OYv*nl73(OeOJ2p6$NK+FMFZnP1y|~sTj+Vz|+bFNk2l|Q7D%UP=A?g zD5q>(4W8t1g~Q;8?Vkkrk#|5FkV@g!TLK}kQ}2~9;@PZK!#)g%3kjXVqz z$?$6f`DKuPndz5JL+8XEF$EpzH#=Y*oaSr^h$P-_x5dvoSa{b4o84~b?Dz*`Bf{Qo zi=qUZZRsita33(&qnYe98mMZZ*W#-LOjOU}`#k#{@RNNXjUS^Kx zu#@aDJei$#*OF~ts2l7Fx*)EtH;$mv4js9LH2FWwFLMFzx00Mz_A^Qlp<2KnQv%+C zs~Xs^s?IH{nh;$|MTlKhMJ-F@?Ad5WD~&GWg%ETL^v<3o0t-0Ht-c&}tpr*$piR@L zCZ_^uv_}Xo;kz5U8K#uEMxnEneQ{9I?`%~(_TwCkZ7f4<#|wy6nLV6Pohy@mA%=Y~ zLWpCeAK$q-Y2eQw{nq&V_H9{#?=#e|l*BnUjiUG;jTMx+}$Dx;*I zwsu5zEsXTDFt)IlLOl=T7<1foiXO`0>YeO>phTfZ*K6!yZ!-%mxdqUmwTFU4O8O!C zBNp*)=#@#o?S(7t+BKi)$NzNiGVP{`yJLN-`F!id*jOJM(w@G%V-xi7^2FWyB+6xb zl4RQqLH<2EA+ck)=a z1hEs9rR{u!Rx4eIFcp5Sg{;Nx@M1eaho_nVAR;9MJ~cQ1JP5oz5Si=E+F~7e0&U7%DU%$`pJkZpB^z)C7r8|yzd54gGFHyLmg`#Lh2rDS5 zjou?F$iv=T5f}$nJCw7NnTx4Kq&0UPCH-p3+o-}YT%)8PLBH;%s^s84h4g!GbxA+r zr*FE*DAe8VLb=@|C->a$8X4)jO?>Gc>l*3m`T_eQ_r}QBg?}O>{`s56+{^=ih8SXq zA*m9ZFFX(>{lZr3;OK_ygGXd1kK|Q1JzyP}mA}-yBk;+M=&6P)La61VXid2x6!1P!+Xo0Uoqhu(edGuxw=q z3E!}wzB>@2nsmNiH^FL%2q~E4ayt+gDl7MC8rA1`=%Zr3oM6aa5P2D>mC>id(2iwV zID%X&Sk=vX?8oiJ;yvAEy`JD;42H#FbrRz+Hli z9vfU0jYeZ4*(2)uCt>A{Asd4)Hoo=MC70Yhe`Y!Z)#^+OEzB=5OgqoaJkK*@`|aoX z{gG%tUdcM@&@yiXpO~bg$*Kl*#Rx=7pkJ*GAIS^XQ)Z|O0-Glx;!lHqscp+G71{?y zGHmPiox4)6R~5{Ex!0SvD?0Y2;&{hN&yKcqjN_(dEXKaiRWkacmKE`uocx-}mo_S! zuj-1QjB&#fknoSyXH$Kd;ZGwN`i&?%T4f%BvVqYTaQa#mle2OPbzdxT#!IIHl zHDY?^I#6Aj*=@sXz8!QmxF3aMlmO6dg2nx~9l%S-_I}_JoCV2ZuNTx2Uq*Zx+8_R% z5E0txgh1ug@Eejvd2-WQ0G8(N9(6QJK8k_!EPz14LKLBH0UU2PERj@=}FieH_$ z$4lSM*H2`_*3f-^kD)iz3d?Uc8!z_tWZwzZ=r!@DnP!@4mM~k3pr7!;diyTRUYU7w zaP`XDDtRcg$1F=LBHw9rU=y!q0G?$5Ju6h(ki()hu z`OUITiIHR1qv#MUDK8;nhxMRe2cyu>N?i16o6yl;0i55@hY24Mg0hRs_Fx%_pdAif z=m1V$&X|e-a?4wkiPM=xkXK$<#DyI)?T6NOL1*w(00cauR`r5N7Lkx5^fUDXH~L#d z61^DQRAs6ae;V{lZCh#Cl19BvmBfCl;`6*+2ll6+N7EkW75Cawp$Lc#4$V?{)uG8A zX4&XerDRL?ciQO+b@@EbSkA<2vU3BIBlX4_Qa6*RDu$$#^4^?nD^hDt$4}_o`2_ln zDLUI1M^$x3|AHHS38$~EU@TuIIU~)xbYCoS7RJ;IkvXjYJOG%b&3dq_9rVfb-BIXQ zN*GyQ1o&kQMd(+Gb(B=8L1P46mq0(6aHNTw#hPs0Bq$f1)B$X*xU0a1&W^LdG~uLw zB)bf>i%{|cS?onYCANZ~3xJ+zf5;*?3R)4NpBJZlLC~+6ytJuVEt%w;eg*^VLeQ_R zqV{xCjK4riQ&Rmzhl|wSM}Oc_HO%ZLsa}(CPaE%0?rFUmKG8E*@*@W z)*{2Qt{wy&G|P!(Gwi~aD<0bb-1rzD$`Qj$s-WN|CqO^15ZM9s_KWqHI2uTu4TAP$ z7nSXS7i|EzI{AMn*rU}3A_s$=K#Vpi_Ep-DTniIs7gd{7`yto84l{(cowx@?tJc#X z;3g6J=?iFlND<9D-Tvm(d&TTgQoi@2k&*cdb4rX&HmpUJ7?eh5rt}x)&DK%XmMe3oXos zBhlAOMuz69y%$l8wRHuPe?FzA^w5MXiDhFL`VA{O-O)X&dh^#o?!n-6%%JJ`ER0K}K?ASdK6CYE@YcNT}s0?$0 zawu17Fo*#kfqpXK2zx-FScHE1IvT`_I9-+#*a}Kf&EH1)P1aIUhp$1H9U4qC`S_xX zyL4E+eWuj%U|F2#33 zcuu^1&GVjyaGsjhzRS@3>-FAHm+#j7Of$_iOQikyScHCa5%haF^QOR*;2_*z zSoYf|;?^~d`Mrm{jM@YxUJ~F1l-q$5`ijsGS5dnG1am@YM;Vh{rHBSfHV=~hrQ)%< z;xWJq^_TcR)!hveUC9eQEXfw-x=D`b7PNTVXo3RTlU-D{XLB_u+6%nS&k@43|BTbHb>b- zXFZrR$q&lV0LLk;KU+)Sw6((wb9ToR>b@A_j6$~ZsD|@O zo6SX0vbGN71z1b>N1>lhJSHe@C_=wtQpQcH)JPZyg?=*OXsyO9j`qiaBXiARfGdF% zBm4(kJ-8m69hKui9mFb;FsypI3@j}6Hd9464_}V-$0wl3O9J$334l8MQ=&oG)eqFv zaGL=AW={_E!*hN;)IhfGhw#uZ9_zB+>8(MVZ71$SX#D9}iM^}WuZcg+G}BD8gxU{} z+2=xN>n|wIb>>Zh{%4kzR5MX+x4#p@g^|zS&srUic(zU|{#H-eZ44tB<+Q``(60k@ z77^>_UuET@if%T)Y;&_6+j{X>2e8p&ig?9kxPU6U;T2i|`nmA>snHEUpy*&bf_`=z zX!h_1K!az!?4t5LnIM2&v5r$mL_=5OK>>4reUr*F?1+ET!?jd6+c51^PKi z5D1h)zeY8auR*``ur>M2rse6=TeZIzcYj}%h<>a(89#J)&8D35%Hr5&k1b9bG}`u> z<6iw4i`SA1HOyf@LEq{2!p|Fq5OoS#{rOW>XyEyJj`|zKlNK zFGdx6cw!wi$Z_1Lc!E_s8D{4fsif0Z>>NL%FNQgee}D!Q;orj5s-pUrjB?y>bEd7j zd$f^%wvwCEF^=w=D9$Kk^8p}eIKQkJv>%M{n*}DQC%O*_EFz@zHsGem|4?3SG06=F)us#;_ zGYE^lHA0+jKT>pWfqrcf;9ifnB+&0dB6Q#6g!e)T^lQ1<_l)Kay&uA%&f}pUvZw#5 zZ1b12%#I=c78}#rtUBGt#%XBUxU_L;<4XN;Eq(Kt{ZH*8V&|@~?DLs-zpQV*W!Y<4 zi8~=m>h}h1JmfddP3!0IW2@B~>;1odh#J@+6@QjkEp+Vx9Oo*Bex%N>#7tf%&YmLQ zq(+YQ3)R=epAx=005*%d(hfS&A1|-#@U?YCH1O0jiBG_bxHz{ zhXw}TGr1cYmr*jVp~)_Uy7V`W;~pq0A2K*L`+dhX71Wzy)~Go_MLv_id;FVgW#d}D zk^jEjwp#*wN6Qj-FLo6&Ok$E<9*T<&w;FZ2dGYSop_3D;3BN?h_yISdB$uHf|Fo(_ zls^t|T)aviYu{&FscAcM7-r*JCnzD~im&^|i8BiQOaK^SHp2q06ySV(qES!3eq6R! zVzi+E{kkz-lPWd4MBRnu!Z8xvQ-l_2%c&f6LFn;iQ3B|I7!HaEZ(Mk$b;CQ}#Gk^Ki@h*(j1adRO+4Twfp2{DwXQb91+C^R!^u@ekONw z^=n$}R9mseC1n#=e`40^5pgkzZqHX3ZT(h+f~vL+MLKG|`<0rHpO^WLynB-`tcRJ9 zor{W#2wlkt!J(L{^BFM4{Qb)>6Mc2P{-A3$;iZ!*m3h{zGK;A{Q;jbFCm6S8AerEd zZ@=QB6Z);ksw_WsLH+U${oIH%Tj2~HH?cLVyVR-KvF}OP*dRX|YKML;oZRAuPj3vU zof_6~+KfI!_0rBt&1hG5CVi)~aBSh07$}3jSw@?9%1B0ii}-RKghCE-+N_X=eq>26 zSI9$QvJLhs3=}`n7_!9J3waQa`9dDKqg1<*wnM)KDdZ8RoPKo4`0!J^Fo&`o!2Y^^ zOX?qf10Vl)ns}#te7bbt+|#`e3bW>mzkjWYX3ND7-G3@q#hm5FOMXR@$?;8mjpSGK zT!*3ZE9=v1_T>oodD*?2EPFpT{0itIF+OM6*PlYQxg|%RK`KA|=@b6i#W*h>Mh2?{ykt!B`6dJ$oRZ5>u zMo#rKR%;g+vIiq6rpu54+U2~W!rvK-xzfSRX84cG+$Y?r^O6#ZYV4sEl|>|2Fpn}+ zGC=9DXp1MxRo%kp^rQ48G}F&%H?>{+!78RwT5*F*LC8VB5(AZ|B$Im2a1zko80vmB zD(Iv`WSqH42Zv{QF)Y5MyCgxsSc85{fd;>WXGV!%Z!c|}AXD%C`i|L4o$muyb;F1#1a3`xo+ zu4b^=GwX>w^h?b_D41&7Qw0cZN%QVk+6Mf*bcFwYF&$hXWbRzpLp?L`4QJb_5FCn% z^FHaPU(j#QF4yp3z}wbov&t+cKD95%L6k{|i=2#E=vTD`Uw~B$>X-NFy>7&r4f+*Q zh5@YbE&x~)G`mf;%SlaNr(AdaRKpqvEBl_J_Bu6O!)4Sv%c(^trN*l}E~lT9aHM5q z3D+N4Gu5y>nKoXc0N!U?Lp{}81 z`*$5(mMogieb8m3%THg2?mytN{5>5m%lhrXK$7M0%9s;>EAh*qnvOYRzKUVLl48)W z?;UY%w#OCi#m5uM_%bnl9fm~wRSCtP z>x)jV3F7D|N?T4u6xGmdhkkU8mNFC-Q`DIfAZAqipq8R8Ieiouzphe8QKL{?ZGZ?g z!{8Z;3slWQbs-bkHLX z`spa`U;|&(SD^jqblm(5ZuL-Yhkg*RNDZ3sDggap+nl8X^wUudu+bYF0W5|2AuuUK z%a2`4&@YCdUkc>!+Ik>L{Mv(1flokL=Vc0T^)8eef*`uLyAj&wBRODw0Y0#GqV&=1 z3-dx9$-a+3VE#hq-6w`))_&m?-pu|@jP6@)Rat{eQnorkeg_3(MON~NQ<-cwrl`MTBl1O1pf%@!AW zxB`1T2i=|)k(2XekcBFy2_pRmO)IKn5&E^_3mBc8ikR+mBhKv559+h&inJt=pP(5O z_|Ri{XL6e1kqoNLNVuS>2+OXkE)B8DYgmr88y5&DRBF8O&`&5FdE@)j3puAvkRwoz z4-J-LTKtDTfdh0}(26|t(^18v_#0qfY7_N??N-a+FAcb7CZhxTF}Ncp{CzP%KT>yu zSR-uHq$R!A;ogrC$CpEO5@_}BAfR7(ruQl@4O==OCy<&R8!BgVEvLKVlZQ@^W5IlV z_|5j@?yg6W9%P_xoL*XXx6Js+B9Arkw=+iJnB*f@)PE9k%N#2>;WRO{celZ384nY2{{Msn-s}`Y6zJi39 zA9K!oTy_e-1%{xAz#nM{wfcCoPq~QDhErnn(b~D-LaV&lEdu>MeDqLCVeO>nY=ZA0 z*_a?r-p&et{hBe0OONJwlE%FY=xM-Az5q8x#Y?`&>&1Ppy03l*Jj;Tpp(3B0#x5a=LH6IK$GZnb&fh!s~QtHqc_AC~ZrE^L9>{ zxGaC2Q0G^BNbSAwNY|sML5X;v)xz!jZe%74i@=i%3*mAwkc|L(rcK9C&PM z0PR}FL%&|=K@q7*dqXhTi`@a;m`8&7Y&iy%jd)c<*##KW{lTvL@__T{%kl2Cq`ABu zpkS{7(gpTtwKYLNzwku*HJ$4^*M{x!K-N&#P!>~ucet%>_yLy8%!$XtciV>V_TZ+y zkM3f5-P88i()LCzK|jea$u9}|NzgBZk$(0dxBJ&v_SIrMU(f!_viF~aY;#}#N@yR0 zxBB{y1pRzlpF{igxm%vzV~?&@cO*OaptL65Hq4(eX4g@Ij}Ei1d#v0ZrI$43fOp4A z=t4(6m^GDWJ$WYFsmqeH>5f0LY8=xoa>shI99UUh?jZ-Wx@P_ijrcK-84{HPHb=Ph z?wo(gfgF1Y`b7|q`ERw5ziUex6CHjX@dHpQ)@e?9Is`|53{4S%`gI6x^-&9>8g4ta zQ(_1+Z*_+|bFQ^p)WYBhfLn+(Y zwW9a9bb_1)yP zxkIhc+7m!KD>Y{m2uBx7sL6F4oeqJzORww|^x8PE(!-YB2*R2Uk4LVzoZ&8AhICs^ zcAgZ-9K`TLzc=IfG?kB!TgI^sjnQS}O$u63bKPPYB1&5^He|6}C&!`bdL@KWhx*fa(|%#JBC3*JTqZ%kNIh=@f_@}_7dluG6@IDn5z?gj&`I@MP^+i<85Ktm z$__yhfy^9)Hf;2IgW9~COfK6mLLZ5ZG4jV+KM<(!G24BR)Qok`Qx%JZX_wjtA z^h<1dG>6Su1EQcXBNafCi10$@oyv1(Bd+@nkU%N%fw^yYz!Py^d08jFHsXC;bcCyY z{T}dXg4jLER&eLyg^l`>jB6nv?{90-Xt!oKT#c{XZ+2xYv_1;I?an7axo(l@z7y2wV%2>%=(hxgP5j9i86ZnFcLga| z+LVwi-UW%u-IidFa`8teB_=8rF?dNyenpk-T%DNs6(ji-H5M|zMqaYlUhyMQzq2g+ zQ;hf(kllICvOk9qcaA_slqdJDu{ZC_BI(z{n=&y`9tyuQ(>5W^rnHC`D(LTw!Hli` zi9ZSYh0ho{{@nzUvu@Q9@@}*)BP#sLAb`@xk9j>pS3HG6rEEhe|Nrb=TSy#P8vYpr zCDAamp%9wR29ljwN>f=djA?C+5_|2?+L;GirV(;kji_iwgFXZT#)n8?wv%*-Q6V6R zfoy{5m5{L!7qfwwNlzy;IzvzTrIDti4B=pRD?gwNOc5_{#_-{emBcWwkbZ zOz;O3?zsVUGeQosgE9O6ETHJT@ z@8`2M?pq=Ka)AYZ3=9kmnGIC>t<>@3UzyEjJ{v~?ojk_>xpn({h|0l-Z^=%-XH$$J zJ%T?*`lT=$rBuF#(zIx8nVL#u1@!=RZlwi2S&@rw!@sWbJv2p8)ycy}>6IEC%gzJQ z4SBTM(WI1m{Ams46oe1rfZP)q37)Wmx+&t{;EmC~X7H+x#ZJ}Y_CCU#$!h6 zQc%T_Lm4reT^UKu3&7;15~dp6*`r-lXXj954evVuPNJliUMF#-p8f%${x5zZ7@q)* z^oC=9YS2z8y>NWx*c<0|Ucu$Z%ds#p3a-i&whMnHa~gD zW*9?y1b>Y5OJNLD0a(bQ*P9ltrLsh)Izeed{|tqiTD%u`(9>dg=}HMbOLd}lke29R zC5|lNs^3rzyjCR-fX?5ktAg;~_p;Rn(LzLl=-^|*$KDt%PO&|?kwgkkSUhN;KVhR=ja1-eiyH7|fBDj$WxUcEaQrLz+HR8HI}RQVM(0MtuIkrbYDx_`Ar z|Ca#S$D%}Im(m7^<%T`9ORQud28@rXg{pSf*9_Pj4wC7H1|*<5&SXIFNJ|V9-~$eo8P5DV=HM9c=5h!TJ1@ck|?D8nJ8;m zY0BXpIQ?b1*DFzrZwXewN_ztS@4C{?J@&lNx8eN?LJyNl?GQ$a%y^()85W<(1_re|2_ddiGEB|C@JbW@f2F-ksU07Z=Ijqn9Smu(+?n0nlgx z=x$7d#&+51g1TO{P97EW^~raq$gVf#c0)swP%D*79F0Rf*jKQ zgCGQ#ko4=8qXi?9bEw>w$0asQSgmr_4N#k0RybU*WX{hk-F48V2a9-0(7npeQQ+sd*0>l=JP5{FNk4{k3I4X7^!wW*p9e|5L$jW{M@<)eQ)lVh zr(Rs2J-UC)H^y;iCVY4IpBnQ_o4B*n69<3wU3OiZety-K^>H7P0DZhWVWGU#K(PqU z<^=Y;y;N!AbjyC|1@)BMWI;wvBx~~Gcj}zPU@gFiLY`k_Fv)(q_-2m+N074as`#zszngJc$8z& z4GK?iL4x>L-*k}ztu&&=vK|H%2i$ZD~XueMb zyPJ%iTPIydF8)x2OhVz`Ntl1{25jwOneL5E*T^Yr8A_8MnHY@3eXOS6j;}Uzb4{68 z_lfl@{rY9g(0;jCzm)Oxt=armqPt!`Gn?nL^L*t`j+@O}$k2W99VPvqWc)ld<>s=o zg_#ljZ9D1rU}kIvNxyF=#!hft;aLAU`u0`N^Zgw6)s*K9cfNn@4w+Mr`fqa=r*9nk zhws6cv;CL(42}D=kN{-K+rxE|g}C=k%J-|O2B4~S7+_STt);_KR;}zP#K}6NeSKpE zu(Sizsub?x2g!Hp0jvs&rhq@xAs-)MT53>R4ZDqS+rciY<#PQ8)l0~UeGp~*Q+X-3 z)i0;1L*3lm;%eHltyndSaecoeCkP>$tG7FUrOk?`hb99gCN>I5n?5qgHcDoHtBFkC<|3tj@!yCbc5+R1@f2LNUS6;8)Cx+# z9?M_CglmraXItCw5Jn|>)k)O`Oc+O$I6$Oj)(Rh;xgH;XJiU*D6yzue0GjU(yzcJ;oIsq^sDoSgkE z`pbymZ`(;flZhKc($9406p#74k1o)+f4+VL7bg>*b4BNTmvBwDaQzZ@=f(7eiR5ubLRwqgqMwvr~!q4B^y!~a1e^+n9Vo8Eek>bS-53z zZ~piQI)|d!s!W86S(>q>RVR-oYFJR!nnc`(J|02s{K>izky38MpCmh5u!3AnQfhso z?NEi3bU}tHFMr45h)#>rbXl2Hm>5}IAwq+`?9nSd0QPEbWJ3+RkNSn*ah7l`eE{wF zr93=!$b#xz*+j_65Af)}Or@HmA~;8}@ZEqxEr2_&wrxrjM|`dtN4One?_9! zK)kKAGNiUBq_q~{hY%UNK7EBl3-IEny#F#)ERUvKd_>NjQ}?r?3-8{xE&!{W#eEqb z_p$U|Mk29(WnsS<>6fkjdOB}5zow*LJ`!J(S$e*(2;UYK;LFEU>2-T#q#r}72Y)-^ z-b+b8g2QJoEZlk_8Fb9{U&cS@d^bK@ki>tteG^>K&ohtuC(h5j_%;*cK8>W`n;{V# z)wHtT>Bf}rm)8m6Xzw)ui}HfH(jtQWv_f|tlf`CnJwS~?6M-@;vF{!PP|1lN0I(00 z)&a;a+w=3Hf)La#Glpdes=-%_F8_L)wL09A5TvwD9M1R;iH)|TJ5ZT=Y9jwtGz zHa}7dNsFS#G4r^9zAmMnDE3iX!niO0|Lk3DNLx!9p00&c(Av0!x+SzR*S#UF$AVj} zF{X-9Bk^N@XfgPsUs+Mnszra43Pl!!P;Bi*t3n}ADr_t2miDUjgI;9K-P)|%y)A7+ zK}Dkekg~h~?~i5YnM8YQa`JIvd)3VQ=bU8boSAoK-pM;p-VZSIHkvSbZWulyGF+JT z_qn~TtwfA8CcrLjalcc_yZX!O5e~Yff<{R+WfRiX4%|#$h6fV_yc6yK1+w%z;M;B%2hqiH1=Z(mGyUjLmxUN)$Aa)~h&6+RG{50` z-|p7?)(~kx*T2W;e0~29mFmG3YB30vs8Zcu zw?g2cAE)iE{C!Q(@61eR&*Y!H3umVD5ia+-@1#E;xs2Pso*6;VJbHcp)E%ES;BM3V zA_V<_pyk&Jc{k|+x@Eibb)ZrtmKyZcEFA^Dpp=Lew94r~?0`*28zF;HS~WJ%QEO=_ zCd4RR2W?qVCveUMIPfi=45S|&1>)4W7>#9IRxyl(0!7|xT6F1jN03m}wbtri4AUl$ zn-=;bUXAoyrxJO1y)cN)!n`ZnIzsDx!0Z@)k|2+reJd{A)DnQ0FnwVnPkAp~@uNdTugMP8f*Ru(g>IVk;vAA|W#_D{%zrCfd&A?Js z4>!~z4*GH0?#ka+1pNxHU7zmmyw%6Po9R4<%Vy9I^i%JpzRTxt1Q48*RLzbiDmR(w zVb>m`hws({nsh{-ccgD~z810xDXZ34&4ftz71n@ldXZSH0jg9Wt0vB!_Ne-Dm>$N9 zO&Ggu=}HLsXGfi(K&9z`m8Rwc%vVwxkhesJSIO-l>}iPDkmXmf{GXS!SU$hc=hz{xoC@i#&Vp8g=eEY!36-DNN?U^ZE31Ysq7qRYNc}V`=|!XLS#sENyL3|?O%lNM zwK5nb+ok#XRW|JAe&kGUm-lcM(lBLdYUoa$Q4iyaIK))XP;GhTcwx~K|Hxuz{Tyh2>hBV2srX!m_ zw$Mt*V4y0EFy+xXX@~vh>o@?XMBr8K%oKSYY-6ss`Fj77cT+Ci%Xl>$Za-R*)tlab zT&Hs_r2+Apn%~?sV%>S-UAysXnIuVv_iSc2}m%em3CF(UEH(tueC@0q@RctDan;oE`skD z3n3V^io{@h0#H3Jn*DItOf2;&IdtT$pQ<6*O|nlOB3nOo#YCh}yM87ldqK{UK+w!Y zwHm&J&%3i>IL3i$yC{Wx*ZF97HVI@5hefh*E>0Q>8C zcl0mgKjHRu_jOz}PrJ|D>wSKHa)vTdvF z%knh<6F;r?Ln~sANz{W4N&j!)J(%Ioj-4LxZQ8maLMo%`OtXOu4roi-1_>FHs$(iA zVns=bkq&T^f9c*vfJ?fS0Q03lR4?Zdc+_G|m(s=JZ^ci;vupgPS1@~Z2Bg?7~R{cG& z(3-_qA`YQClBSSB;jKcu-|5o1JR$h{L>DS8r6tiW@ja#tZ{BI?D)7c1YN3NqNWNW0 z6EL(YE}++ZLb^AYtX5x6EJi9j zbotZ-d#-(;D=X-W2Sn2ExIh`Q1glq)N%bQ|a8VhwYw<_I&Gl+~)4($BlGbm+CVeUS zNFQ>ot`T#Sj5PrHqU%o!0bSLP(H*b8T^3(KXskMlRa#KNww7UePh;=3X|(P2_(von zzK(K*YNvvJM>*)nK_t!>2mLrWw(I$tK<~;1 zv@j}8Z5C2qCkWOuLL~Dkw3u1sE5!8=6!jkYA}HDQq}mXw;AwkMUJ$$sSLp~D zkn+K=$nA3JW(&R9K}ElgEqP<$F?ZU{9j3inqE~C?qIfZ7t}he4%>yjISHAOP4gGzG#5`kRC~%CvYW z3PukhXDDT3tQY{J)alK)*TEeUk2tmxTc`vxy>PsdYqBm8PAzh>34!}=U zIMa~80_+LW$u<0cBA3?Naz{Fd@Oz&1fi8>Tf)5==kuJ?Qk_?2`Yak&aebH&@L20L} z+gMAbh%WB|84IJSpOArNFK%8u7P!uZ^*y0u80eqU$$;SaMSmPPJaVolQ#pyev?q;J zE?T_nCm097tt*4&<()%pz+(b3<#a`}X|Z)IWKn4uS|4{Mvq@yP0FC1#*&6D}+A5Rm zpQ+r-*kqVRB}8};KzD7uL=x_3cCUJaZBG8vZ6XmZbg*RoL!@+w-k+H|y3XytZonT- zUs~_u?!BBiapDv^w2{8!`}e<0JrQ&C{`P}}t$g3a-51~T)x~MYD1ToK^ecKjGTuAV z(|f0{XtZavNO^9uyR&nA@&-L^{Q2qlNbmUMceLuM$0L1$@PGEMFSM=ejGuL(*VxWF zwu?ciF(eRByqkix$dYB%#@6g|Eom^z%m}uwQjO$USRT^DKoH8XUiMHNW-L7!+WBFD znnGcyY_K#eCQ}tB9Yd{NJYj6_A%v~Z$wS%sopY~ZN%zWEvYS8h{T}L@`s)1o?su-v z`T6&KzZ>uU_4a!ocAf2gUnro0HX}%#JqZ#fSddeijWmaVyb;OMZZC#&+{_Yk5`Z%f-B3U<&;`-^UQ^hB@tmd}Yj=Sm1Gc@!Z-yaA zhkAU`?belNRRbGm-6awCQoRdaqm38o&z}H@Ymo2l0lSbv4|!X$ZfHzA7Z^_7mM;iF z_|U~bW4+_QsPg27$~IfRUrPyfAdzVj45^gTf&#=b?9W(fFWkvkl7K2((F_(*yAIUA z*MW{2gnPV9fJ2w+C+-&uMuq@TJ2xp2zdp(nCqx>iKD1EpucTYYTrz~nE_{BD5PwEz z7%JQrglb4aVBm8v!-0p|3C1e!%H=VZ=>+LJBJLz)p~*;>kV87xBs$_gA`Nn<`Lu64 zFp@Y0S&Cu$-tf@Xl0Guz(r&L3^(}$MjzON?%cy?NHn24ac%VbqW7^E_0DS~f=5)8t z^fl@Zwf~Jl{XIrk{j4s%vKf>&pQN9}`yxTzzSMzU?UOnZ4Yf6oH+`{x}f_6Fbm==SY9zqud?Z{PW?MX=nU z|NQ8EtQO0!=;a5j?%%r~{E40tFTHc;_TPSb#`k^WK0;R6S$7MF+USYeV#$e99!IlN zpTkFd?J`&9{0guVy3Rp2Ehqqm{gvs&>JOEPSt5ZI)HE&EfVtL)1d^P0M$*kQ76TIT zIXGj<-v~;)0t^lMz4nG*^&`RWy5xMLnqw#k_SWE*)hr=V>goorRPcK!6^7vfNP9S2 zH|G7kEnfy$2c^|YOV*xTm-+qz37uJ`e_$B$D0Ie&CJ-2T^)^fMO0Q*_}1; zKs*=N(oG1T-;8nJ+ROBlJsb@!^%#?TfgN^rIuxC7wsMcHCSMMiDEgdpC_rUE68xqp>7 z*-c@1wr*9j+!eroujV*Vo>FPMI_uaEj|M_b-v;hg>NQq0Q!{>+qQ^gY3;no+k3-VC z+RULE{h&Fv1p19Tq1{_V!Olm-9d6lKR{+YNqvKkC1hHx%K^O66`ZQnp^KjTo+Z)Kt zEFsAZA?~D36QhYHZG%vG9jiJ%sRo&89lP%{nSQ33W}0bd$L@Y&wH@p|ivR#107*na zR5Fg+&3jhs0~4n@ExUQ^zUc(hUY^b0vjF|7cIg6t(+sd5;>AlUv(P$~!$0YTvI3p3MF-@@t$lhL2E58@T^Zrghy$%IhjtO4b z-);r<8-=>T`~m&%bbWsBtF+(G@O)6S?vYgIL;yScQCEs_ovMf<9~C13hBKi>MgoKj zLDU)nE~H7cnqLhlor9rAC(;jnk{XON9h0QNkWRFW&P}gz{D5WJ(tSkNc9FB7jx}C} z4p)6hDeX2K!|^XG3fGa1`mo8pVwDCcB1Kf9k*`gD>ffvPrA~aW6XG9<`so7Ey$7W# z8E6NFW$V>3QOYmCpsf(riS`nT(?z_*Qk9V<9{VmZEJ0y-wvn;W1uYe(mxQd@{Fjp~ zomQ}{&~>4UW&tXvCO092(M6brD>gV)ufe?0$;k1Q1X8r4HN>yWcZ8}5oU@-@Y0y)f z+K3O?y%kjEd-AZh2EoM0`24X6ttekvqCXuoXs0Yp(D5y&PVtp5BClGj^nt-w%PQEP z2Xxgh=!|M3*955r?-}XoY+f^A!L&}^_o<*?w+Z^0W}0cHb-Y1l7MwKi#}BO5dnV|2 zT6X!Xo2C;?dwDj0&lL1C_kFD#;Rx|16aa>htm6c2LF?1M=|hIEeluYwil0T>>cBBW z$Rx)pR;LKjY{arE6M_jHc<5oi?ocVN$VA486mkY*C-B;WMBF?l+Q%t>8U|J&tM|8_ z)dB{0i?-r6$YkY)Q+dHw%zs8t)&7zyLLn|zT0$NsmZ4N)amkIS3A+564FHrssrKyO zg%nQDq%WBg7K^pT%oqu9d&f04xCIhm-%^(ACjb|UXkj;&ky$sVDE030T6}%Tx$Up< zkzYR_+yb3X4{LyFYN!|6MjTM6W=0RuDeW090Czx$zsfeT@Hnq@(c1@SG$H8im(^y& zF^R|v^f52jqiC7&pwNwkOCKA4lbdWV0OmVVOuiI@mE? z04b=X2@B(Jo5l?(kF=&w^;`TAUrzw92h|G|Y&~DBik2`H661arH)Le@ZiAF+dq_M- zA8%|n5ZTyDR~J-4D)%sVS~C@OL6@Q9Q<kCp%0S(e&Ky_-n!?=Zldlk7|!8Y9wm?VIP;h_qUBQ3F{pSc-`w zT&c$mP*ChKPUcV4)Ixi?SlsJ5j%AfjsfTT)_+e<0OSK*~kmZz7fa6X{4wQ#wxLi+;w{SnHrEwI_5@FC9mctpt_%aO~u7hzI>h!b<0Pm zI__+Q;ZkGHRmVOQ8H`Z|FVfKU#?YG8tt2A;76V+oG*l=0VW&6tXm8^Dzn8y*mke;K>$jds_ng*ctLCCbLogSdgp=6Q*QF3bC1L$Rtk!hf1QFkm& zRK<2ZZX$2BJb=x>R@GCS!?Q!Xo7T=zOlIj}o%K4aaEWT55e7?LM&f5ZA|+OA#m|v~ zCp}X6YG6p^3+IkOTcRHI5bff43NV{GQHb*>kM}=Zb%Tpkr=JSM;R%BTHbHC z0}9F@I{Thx5yVC-RcVT^Z!7vE4Y1E)qd(`Spu&*vdFqX_UJtKT0OYYIAl*x6I!EJw zrZyHLMDja<`Q?pNhFc+I?3)S*V!9l@35iG?220UL95b4YFYcE(?uL?p+}n)ftC{1O z1{}zLV;QDVSWz6<1%~GC@YZsmb>PgM?&*io1#`NZUJv z9Qztv-hQ!(JjcWW2zrNt$T0PXNAmhZITq|RBF2`ZLKhHaTj_AWKAM#b_Vl`hbw*zf zQTi%KvbSDOIbUh8(Jw*C+Q@O%gG`yXC1cH_@JZQLRL;(eW6>%}*}?R}qF z)9)Eu@cY-UUFZ@z&pLTt9VllcUcGkh=avqf*Tv49SMc=a_3=HcmFdi?dA=PouNTU^ zm{$kB4}Aj+B?p;>5XWa(s_o6fKh9EU={!Nu6FRP4khB~78= z5Ic4%jM4;!svW5aRVSh%ATL(5rmCh0Y1$@v+RLI%-U?SdMV5GREsGeb7MggQ22VTx zbMB{ooiG}aCGwFF;B)V}=llN8&;O5e$B!TTzXHVAF&CkSa=?ED2V2lBVjM6cIrl4-24+T!K~`)+a8qIeI*pRS?xYLN8e<8? zl^=EPM>nz~s+t=HM`tzEPul8%;|I0lg~_ph+X;Li4~Bx|PMiZ>u~euSU1$~2nnxs_ z!~15)$(sx_w%L&o(IEbShm05UIvTmM3LjB4;hcFD!V9Z`Z$U{b6Q75?4bhy~ zw9|fGU9F1Cnp^sGpEA1%=mGF)m-{*98|A0%aCThM?_)}J$tNn` zsa%FsJtw_8(&TTW@V!f7k=173ETT4*l1(q@VWvvRebI*yqLq=fKGKefKE4gCQFW@a z9i)@;+hE%Z9uild@-k~9#a#Ulu%NtiuGAtUoy8*143X8^xKm9j@GzGHa5qS%B3Nav zHDOYe5Tz5L=>*owM{COnjYuU!=p5(~+WT4U9K^9;WU$3QS)>jIbI6=pQza4_6oU-_ z;9oJ11Ue=AN|@!c<%!&#ya^UsONlnAi`nKuE=muF=G^y{`UUA+oiJe{N7NT}JxruT zuBsZWRoho&c8H|Ck%oL`_dvwq)f&zGY2I9Z!dDjIF0k%hVzAk~p{|TJvL7H1o7BQ& zCuM#xgR&uA-S$Du=q6@GyCp*48wgtDW$auO#VwoM;f3v5TPmJkcyYn2SJ?BNBCQ;R zkV`#JQ1!!6FWEVu?x7`p{eT%Rgn51(pntJGDjua97r33Q3KcvR36bH*uY2U@Epi0cWgH^ErpV8yn!E3Cx8*-SAX)uo==UNe%dMGje_9Cr z+H4DUm%!433diGX2RWg;44nFb{*tRhVqisn`yj?DD8y%j%+z%pjgFz;zpEkM>^A8^axe!iqZ8Dx7^Kw# zt)O%+k=UqKMj!yCbm*d2Tbf9vw53Na2CE-+e4j=>p+~mK?v_DM8GiC zoJuohPz`EtfA^3MZ~=>i3Od7ll_=&ST}bD;jHRf+0x{h3F$7_36HmAj*qVOS%KV{6B!ciyV3(zn7igasM4=GhS z;%9SPB4aj?JxK;D;-hMGLaRoC$6g8CnrDtA%;M8j{mAXEO==2k&Nr4=hnEoQVYqpm zthW|A)0>u(G_5gTdeI`I-Rck}Oi40Vx)^f_iEDgtR`RY!re#_qACZf<1=;>S*pBj| zS)^9IK8?y=e8le}`w2qxg&{POY_2BO6xNiWp_^HckeMv5Z)_*i=}@Hw?4gax8OcF` zP&SuYUSD6&B@H_cCMly%&2A*L_;`G)OF$mk(cCzT1R?}MjyO`-okuA~C(WUr{7edI zl(wa;svTOd^9hL;d&z)qYI``S({~HP1WN1!D`zm3SG)xBaRE%g!=rAB)E_2b@-XhF z^*BibU1!KBERxl~2@!MnHZstz$2@OZqEpT;X&V>HN9mN_be^q3ClWj}+Al`{*7XD( zqr#J-#jM!euzdYKzG{`MaIH7dKGI381E3*k=$aL_Na*!T;|;l#0iEycVz=`&3UGc| zG)pO2LhggW*K2$J4!u03mFpbc+}ry6Pj>|23?#Unqz6-l-|U)hb322KS4c&#E8^W* z@>00Van>=8yG?{RT}IsljvFQ!_g>e*&CjI2-XOx_wOw~#5%jApL%%XaDz~c){mO9c zrEk~ozNxMKD}{bv*4F;B4E@T`@5O?CSGY0V{~ukb-VO9S&2>M6hf^H4Gv#A(-2V>TVgivAOIB5Gy`R_*Yx{0=)-LxG!k`zdoXg6uSqdN zkVtE`pC5&?35`A*d7zWjDynqz$Pgv5)Z`ksHQOfKiw>R{3U8ca0F69*!>zzsQ?vzu zg%~mM6vPRUqYzwJ4nP5_QCmQ@f?k&ya0a^CTnUIOMLu09I^6dlWN-JdYJ?#C#!sr5 z!dX%=5Cx^ou5dM&g`*ZdV8u~tBxnQAZWd4w6w?X=FlP#t%W&ns`V)2g3%XENe1cn6 zi~aX4iG@H9>^lW;>9=)&SKC~K9PqiL!K=_yV6$spehqh$&YFOAWAcNJ6MmJX%6$#k zVIw1w7pcNm`@g|8oX&>P5sRN}*1&n(f{_0qLm=X&p;JHHwB@3DR(~K^q(!R%JNeo(GLS-sx9938!O{-!igk|}t4#srjzErWWmm=O( zrOO~BvZ>FjZYKVq_8m>#HzpF$=%i#53-+;DtfDC?C6Y~zf&uNNvle>v2THrdOjYH0 z=gE;ktW6#Iak7}_rD92Sdcu8!bmLfHCE`T;rjk`s2odnfXAeM3@>`^Wan^E^MJnF` z%Ho384KEe4c0{f1GOlcBs;~Ls#)c4KS1&HW_D09otktO1wF|=%%UHu0MTKTl)uiUH$&c+S-4V$Eyteo(J@E{OZ@=efPIt z8f955if5C44fUF4$joww8?#t2yR83;iT-9VtY3wGc>2fco%Pd7jqw*3>gjLGX|CH+ zw6RZX3mHC+W=#$EAFWbkX78n2MfBGp0dcyvV(y7x6yhrs|n6`;|W9 zJ#H8ZvJA^ouI0jE4fN~gZkD0n3zn$LozOMc(LBB~J`{_^`ewT55pLcy>+k9D2nY?z zx*w)SIoJX{5Y8gh+qpXr2)~#Skjp0B+tH4Y-{3fp1GAtN1}cS4o6&Q^c9kad#ACYE z?>prp$4uE)HQa-Q36ts3ilt4vw89!N2)2PbU6jQI*`*&PEbdbNu>k5J3HyarHJLC& z9j=L!nmC^WvrrF%LNp!{K^ri_pkE>si;lLF^YSut@`eFVCH4C^7~tkfQ%$YlU@n!0 zz#d{2PQRIY`I?4wQo<*)8qN@{-AT$AqU70gv|GSD^S|t!U2Ie58OJSkXQw5oRB+j+JRQX1+15<=R>;i*nZ~zCe5b&wIY|akB|+>gIz0$LILG-*2At^Z$9C zx%QbM=!-_#IZGZ;%dhc;V$Y01B_^A@AahHS7|}M(2ErZ66q1TcYpERH$z9LT z%!mR(;NM%H&8+<;wDP2-jc`Twm1UxSn9V#PEy@e=EM7#My za3j60>>cP>S5`V-0L)60m-N<5Qcq$c1@zj+;!d_MHc{(ZAQ$VlCG>X1a-oa!tf<+c z*7jkAKGoXwU<7w%Q_pl8U$Ty&Vad$q#A>-xOd)=tPl0|v-I`WVu~a%> zHaD`PwzE_U2h6PFB@Bad>B~G3jK$v`gr*hU0e;)4?G>ft6UNP#olo*L2_E7P7`g zZEP1sMob1?xZOvl($rC^{VCmiyK+T2`=xLbrj~{MeeKpR_J*>^aWqAFTp*o65XR$U2rKo8*iex_Xebm39X5bLSqFo_ZfnGV&9i!H z55(dd+k8JIxk|UUbDp|QbB^mnp3epLSDtqm(vBjL?`EOZLVDc4bE+CJAFI!v@1ZtA zE`%py`10mnH}2nv_E%&N>Os-pM!*F^t<=ZgW#Q}VdO$}lM}A-cS^h|DVZBo-@qDaO zv&SU2_Nkz)c05pU1_Y<_*3k;V*Bs$%aWrIXkV<^t4?SPBQwjFZnU+1~8$ zP&pit%S0hrpM2bj96Gxwo?PK|Cnxhiiqnr75q3mPn!7FM0=!l$PMI|!ro?q4M_t#n zo3hY`ha#@j9dE zg;+M5EussPWrf0f7Dij!G4T09rKCxH$2_GnLQ(dF5eqOBNNYn-ESuV%5cGTXPs#e_ zh)vRXcfp(?Hkm9Iayht1=ayMn*<2zM2pIAdOO$+g%;&W8Fq>SRmP&A8>4dXfEYC@r z0@oHUs!3-^e3vwNFcg!cvdP0^*|9kbK$qm1pSRXvCCAb#9P7h)X8J^%7jYH2mod@` zx6vprqrycQ7}6L`>F>{v&IBj=#Ey0-9~~E+osjMIJ|OS@zEL*E$FV=! zW>xQSo9|iWJAI=C{AWEmLHrLTRk+dpJU;6M;s;qw&q`zAYs56Sux-yN?-2u&VCtJOqR1 zDuFaI>qf3yDReSBMqu8ZxysB#RoHhL7cbr7&~FF(eE)S`PyK`_e$FgK;l|I57Mx+* zfwk7~_95-{;^irEtx0!>J_Xm1TX@-U`G}}^l$;Pg{0L^_*>z^BW}b@H2H~h$(jaWW z+k(LJulH*%DLBFU^Wpv7obENC2}jWO#j`5(lTHd3uD?j=SB>dcg-F$QRiR%Mj{P6B z>#ucnb+A$Y$o~I*b-b$3?>`UyYX0$oa{T@2CeW{67=*RO1KR^qPLHZQ(g=mGpE$|{9YS3?Fgxp0??zjZ=Vc09)J< zl4h-pc}()Src<+#gIxD`@Lw1Et@u19Pm4z1g6xrUVWWp4sN(raz(3jK*hK0F-?QW1 zUT3H^mHL20?kV$8G1NOCvNi26|ldRsL#bI)<&E(UYg~9mYh%oLIJSL6JvmoO9FIR_yVb)lZ=z>`7S;1ER!}9A7v*i1e1G z$6APr4jA|E8gK~qm_8wP_~0Cx20N(Oj}w4e?PABO5>T#KE^3kfS{>{`yI3NzOt6T;((NQ7G)QUp)%-jz-B7n}VZ?M~L#`3k$~Pn0@S?$ch%E0I;WTE*lZ$GquC z0KC&e}K!7Qzyc)p*%`Bj*WbFeY3irkvgx-TPSmkxy$LXYTn4yaqx0Ei>y zoA9$6xSz9P5_?sIl>!Ceq$88ar3{Qs*Gn}4+VC#5xLQ`(xz%x(Hc2|zG<}mp2u*f~ zyf2Wz{*-dAntB02R%W~oa(FHf0qfhINhE&Uf{BTKhx%<-B1J;Jo(Qk{mPomN!;#8A zLR%?Ah!P-Cw4Uo#$Hfzl1_xYYGw3rwmRyZgOFF{5QR`)8dD8#@AOJ~3K~#6x9EfLm z05tUkSkQTL@y^Ec8TKc|Gvm6$pi|wWwV9nY=6xcmHM4mMRRu3vc#x+~izT4V9pLgy zg2&8`*bm5(EE+IW#DSlDu3?3xrXqIKd?5k}>}#3lrIOrpS6QVmKS6a+hxt+kl`SM{ zq&2EbQ8EveN~L^0&aO8r<9qe(@3rxumUQV zR;sfX@gZ0L$=(@;wsD?uT(n%@taeAYUfYQbLjyI5sxjHYv0^FlVn=Qz%Y{hpY$tIW zD~X&)mEFdpNxZnE*dbmiXo+h(3`EF0N-1V|qo|a97zKTh55vAF90NrNRYwsA(YFxk zL)iO&-aAQ7@}*lDWYc}IES+_C&%O8hf4}=b&ogY4sPt70*JLKW2gvRL=%$vgdC|sj zX{y4+FXQ^)m;0dm5Q-7__+amBfh(0L=7`ZKST2C+o6bSB|3LHTC_jg5vwXhDq}djq zElb4w?jkC?tB6C-nUOm+ee^RThiTKg*s~f+OocmeMTh!q;SNArAD>hYbsgd}k z9RGCfAUo)~UsaTQb!i07ZuiA!Sa=Y#4?hP5m9BAqHlIS>$$=Pc^x%FxgOOQ(bedw* z>vkr5=)@glwiuoMocQw~>!j1wVDSXcwi3ovp9Rq)ucZcoz)l_qHL#P6(kUjq<;|AReWP zUm&_ZFoUoT`(DeJe<0ZR>X$or{_*o>O}{4e`|m@)@7}L1-#rHUogQb$k4e&v1MGl9I?L~4 zj!Iv(LH2-xnMGOnY9GHsKQA(NO}aVGtZ$R}drOk8+1O7nNRDyj(BiEFqtZ1fItQ14 z;|_Yj`fyFZT}P!GZS0lHlJq9%;9CdS^S?5*r1ZfaHhzr!c*e$0NYW>J*zpZ$Fa!EY z8yDH}4`^o^x5+;^b^`Y_yCjEgyTm&p-7qwsbo~+S_u)rp7pYQp+i#>x$7v-2{Vqrw zaufPJanKLmv-$3ZL|O09xrK>37(2&rj0Y13+04QuU)A4$zQ)#IKU$e{&Hg*2(Nk{+ z*$+Ur_OR7&cFjlu4x)Tk_ahB_$56s89-RoHRF)gNvgEFf(m^0D&!(`K!2)QTskGQ51tNb3;H-c2yXl%}F@tWDfQ$#F- zt|8px_ST$Z^?s_`5n_P9Zv-F+T*>#muT1!2X?krENr3n0V8BFD;i;(wS4w>bq@_T{ zCNKPo69M>!1oIF+JdNLxmo!D-j1rNg43Y`QV6IX4dZ?i{GtZ-YC#|X}RV`O_UFVw& z@qO@YQ3C^Q*&qxcJow__P~r?|N}#b@Z5O(g*gb!5AR@XMTi6rzNx-8_HbUSeSvYKt zgs3Zq5G~ud?nAO^U|+2j0vZAv)%hks8I2AK%nF;~N+3${+6tc;;5*|YxsVvJcs0s# zHhCWQQB5I(RyB==$xIQMgGtrIWZ9&Vrfgkb?)HLRXw`D+nFzvrYHGhb+zxM%(qQ$I z?*vLE%TO1UJmjO)#n`ta7zsrE@+~rpr1Lo?nXKxi61_)I=qF^f)6LcyJE+$J`R-~4 z#ANC@){4w@uq#zWscS!KZ1&6v7uLYgT(`$JXgAI#|GYxfFO8Vlx}srcY}tKZxYEem znWpnM5wehxP{|WYB)X=QEK6&BNJA}Ec~J6sm4FS>Q||&#>GstGN;wjdgD=a~zXQeB z@ZI_B(-FWUr3$8*F*>I>u`il`C=_#!#5S=7G@%WxqpVvbl}jcyO|RVE+tSh!c`;s2 z(h3+j1Tc{m`V>xBo7{-y{kEV?6)81cl)aQ)f!f>=45JD16k1CcBQk4k5$?%qXe1n) zr+8V)ChN_pSy|>MhC*F+uWzy0fIz1R)n<_}sqT64>DSW2uBMfSoP0)Tp_+Y2`K@TX zAHOIy=UG;y)FQih?%V?qy4zJ6I&uwWDaEt^&hpoKz3(p-FvOMX9rD>NJ+U1vY1P@tG{IA`JdBiGK=xv;$XS zG9`DWXlB5~;PrTrpudKV^sSNC+dH`0!7t2#xR{mthEdrex=az!(&qD;t~on=qWmAg zR+->$1f*Ti^^6*sHfTJbYs37Sjr0E^9Y(oW`_eE{hB3k3!K{(VlKn8BEf9=UlDT4$ z&qZXDlyRiEEbkEJTiC3-Nl%ST`~9A|(DF#QuM?M-`fTeDuKT#qIxEY!@U+%yJ1a@M zkPLD2cW7Em+{>ux$K~CX>&(dJeb*sfmiw>YK zJET9gvBMV{6_}aT5Rp@dz#1fe|cPhet%}{Z~xf2^Dmz_&sX!fzR$9!z1t)3({ANotKW%t>Y!>awGJ+W&FIzUYAHmwI12H0v)yps$e|^ zwRKFaH7-duCZGQ+USET}dj$HOmrlbAAiuG30Jjq5BrPerUYN5*WFAX{0UF_=PS zb#=9}sVJFzx=j}BhFWsG`nAC%N@ixEqL&2I&?@CK?nw{sp^FhV8?uXpI<2%$1ke)5 zXKJ`k(>CuH=8^JCJvH>0k<5o%>N41>7YDx-zniPM=x~nCQI2)hXj7|Ib<40pS3AL2 zVjv!>jEqgH^}mnD-?=_ z>zP|`iR}9}0kX4_5Ik_kW2q{QHThce1e21Pq~I;doSH5aA}v5!X3vdCUX+ou9-0Im zF;WecTrOXjig$Phyq;yaCsD9W7}~7s%VkC5VNwzNGBO`0CieRf6hcT!@qwDl)S^kP z9EkGt|C(}R%Od%>l}vMb<#r*P{pIb7u4}oZ=*_wn61$O!u*2DcTHGw5UgX%RDfd!? zA6GXWcJrc7NHP6VG%(lg=`HDk^A;=MaY_c%&zikgrM1-8j0@&AHttKzGHbZQt2fXr ztrD6HQJ0q8f%Uy`{^jAIy4P#5tjWmH);5!r##|utmER(=m+4!hWnovd`+b9ceYXOq zYPS;?E zl?_f{$ixXKi=<#DMGhq!<(a8OV7OGJU?|4fSB>o&2C}hLI!;|LRels9m*ej0gNSOJ zJVm$nuFcXgM4+wCfs$TU^Z6oi+MK5An>k}#)%v&mm;zw$4eVctzKqeAY6($*Qfl32 zn#mW?^7+-6R!g{Ntn7PWpl2(cYsRg zwIFt>e2zw(cE9Ui?44gsTh|@O@7CSjhd5I+ZrBj*B(g;U<~ER(0LFm?&yH+Nr34cK zNlS4E5EC$kDhmjfY&awhNy+Mfc|l!7)PEsb*Jw^!DOFTZ2X{Plk~J%mV_DRGuuwyv zs@M7$WnEV0D)>;c98E1rmqCa7t~@g$X7|ADm!##q;6_z~~^d_8ki- z3Pp`{vlpImq^!%n(mJ+MRc9S>NAzw`)C+GpJJZdg-n-@ zL%%IKxITLpupEPa=tdrg9%i_y+&v}7Y-KH7W^20B;sNrvs8IypR=4yjX zvX-^1W$k-3R>0%>fAaG`dp~w>>{`3u&zpvm}&H?n(DD*qjLamszaa8Ai(rkOJ;u-jY!4?I$ z;;VBRi!Z!34BvQoFZ1v&XSS)P;yWSkTIc)8S46S#6sC)Ld%f=`9c&TBlD$Q+P)z%B z4iA)vl|Hi2?`bp0us%5?Sq7Ttc6T?|mJPJ6kE0#f2QTsXW^VNNXXe(c1^tg;t8;-l z`qxuGOS9Q()%~K@?Jaei`zOc?pu?xD0cioLN@XUp&#N%;N)r}HO>nH|bCLH{ zEmC&5xzh>MkD|n0Cq&xn&SZJ67tLoi3Z_on(9lKpcWYgqaSBFN$0$Q}3#X5FiL3AM zB>DqReRX3;FK@@|hy)TmWOrWs`oPM@@p&;1>k%!)XvZtWdIq*{mScRqXao zt?Lij9(6awwq{(!=#%{}#gn-L{#iV}>+79-mmX31z;Q&im)w3zlg zZ8n>U>{y{mc(y&j!VA%8-0jDhYOc_nP^Cf47BV6Q!z-R0u$g3?y%%pL)rNGIv5h%I9XR0I!tHs|hG#DDdj3u(toI<8^~$%T!z6#XnNCJ<-UM}Y+CyB9)#GFy4-?F5(3Hv6wF02XWeXiOtk~0d*xY#d@f*p57PP+_pEuK*i3i+-&J0bkPXeAz8FOEaP=AHG; z&G~vdyR1nZ?l5L!x+McLQ@Bx?h*B>l)hxA7xX85{xw{ez1w-LU2=4tEWFU-DP+T-o z1@H)!dD8NWYuHRMnxeOivEKxa5^_)S?!m`2IbHX%L8d7RDacDu%p};l?t~d2ZijL{ zO}QI3c+fW2CGB0Fm4zr)%I0eYptfD=^mUgN(^|68Up9PV#Znv;#I8{+9*V}p;qaOY zk~vkUG1r1)kyGPPY$bwasnux|gojGPWH+UQN}+nS_myEm5k;X@dlPHT7Bazta5A{K zzZb*yO^%U?ZW(K@#5R0A3fWp2`(Mp?h%Afg1RMD#o~;0j<)~;_S)fZL-H=Ta3w2<6 z#zc~4X6*==sJ=LnUcLW2PXvm3K)M5eH!wff#O8ZVUX1$gZQws$HFdD?cgzvFvP0ek zeRed3QP_xFFbNq4r0Urz1mct3dAmm)#!L!c7~c3D_AJ z`km9DU!ztegZu+^0?|in6m#&W!z_QFyz{+N=vXoj?lkrLc7eC177ZbvDRP=7Zk*nw z%c$OasI{*Ij>@3lCAy@0W}TbL-P2!*N7g5AxmY5eJ$~XHwHB{_v9}MxgBy<#_mXG+ zJB#Q0t_Ue&o;K*$dh+C#fLDUL) zOVX<+`wFtqFKb!LTGk#j^!q|GKo#H5u4gYt)}FY1qj&zkc^LW)u7iFzL~aN4&~H%v zy9<^5D5A@UjS;>mx3eM%0qoPOE{y7h7i@V;sFYykT070(o9q2E&o z{m83T<^Rsg*H+Kos%k20zgj1xsO~7&-nyoAMKTZ>PMW5>?19? z@KqM7MwWML=&{#DUj5as!|Uv%CPpkp^&MOiF;AVY=ANo2!GAr8Q0)1Q4qi+5oj)6{<-r=?SJX6m6vl^&~6`;OR1#)2LbB>IiuSKvb9x;?}AWzqYB_!h!4d*ashNADoe5_ zOb1FL<@F23Z&joec_v&)MPWaQu`%Stk~TZk`m>39&n-}*W_JXcQga5tx3{ORQE{E{Z za3pt=EEU1@r>+Umn#O!^F`1r|%m4UfqB?8sBA-_aIQQ$VmU7WizP<>q8G-qD>;bO1| z`W-pQ-|Qoe=dbp?ScZO2P8;P6`nH|GpbMUuQsZ&myU58*$s$J)Si&TdpcQM6R zSl4Al%*T}MV8LnH{U~{&V+Hci(}QK4wIKC_#4?XrGAE8fVXBc;wC#{PLnY6}ISG~@ zKAP|wSv1HEffTybe|JyHW(pYwk&hq@MceQkJR`Q%!SThBi54R^L_1(Ex-JNppzuA* zgccn~O*`V6x{3{a8_Dmq)M6W)CHY`WWgsFrdOUy+RXGb~7mV-JY_Y;w0zNdyEHI8% z!CIkE=g?z@VBKO>*r2{1K2JYANhw6qB9cG*E!m`r%j7q;{A|pg%f>S+@N`{+=AV_O z|E0z8dVPjFb>U`=61p7yWVD6LGf7#&OdB&@h&t1%ZVF14G3e*f!D*ebgZT}Ez7z#P zTa$)3vbi{q|9&==0+1l=S&r7v%d$orH^cW4l*C79_IIRFvVvQJX!%D0hj*)Kroj$` zYs+h`Osh5OWR%aTiJi#`VTL9cPC_(V#d{ADl-w+IEe<{(&zZzrB>oV^W-5d@R(b=3 zL4FHn3r1n;P{1(Lqy@E8a!Qia-7SJUN=`hH)QAL&1GHuFh_SD2UH3Zf)hUt)w&ij2EV(UdF&w;^dUZ7tu-uN^vqt zaBxkP2j)S`n9weR5ll1A8g_+&9ji!E*2%nlmo2nvTyVcARKhH*1u-%an@v*gCdTQ0 z3(Za^vb7CLp@BoLMmVm$*>IRCnQL)?61vIVq?Qkj$`IQ*OrfsBgm8Eh=9|E1OB6a9 zx&^z;nW3>Bt>WQKjcyf^$fXX5Rx4a#P$1N!-HqyEiG*QF=R56Q->RryX9#@rg<*k? z+A&D*g1Wgmm)fW)u}UcvqSX`)V%co>H-QBI0i>&~ z_2ga_f|m_gFVj!rZAn_6QFC{VXGtO*3bSGd5?Z=7u*FymCAAR$Wc*WUGS<6Dz;%Ox zlp7pxDpZu2TfhnkpcsTHVY3<;`$3%~*=D1i5YGj-yzuzfecPem3H~5kN$o8O{ltU( zk&@7lY&fO<@&%##6wkl%()rs)=y#kh{9YuhH68kCpbe6POG3X3WC?ld)`{Md(9g6? zWy{m^%qmziywjDgzIL;Z?CfUo26_T7^Cya+-v$2Vvt-?Of&Wq8k;eu7EMGPBJ2QRv zo!9>=Sl^p|=jROiy?Nue&kDj1e{*BE@W%8feqts!Jn$C{#aJ}mD~S5^t*zVx@s#0{m$%^-g^Km@u{tszYJLg zCk)U}Z&wWIy)2~`-vXC{ey|2(i^Ofv&vZ<-VUA%*eTjGRG+n>lq;+ZZ4L>4%6X3TVYS(DN%e1#9RuRZzzUDT@mVuDJodVyR_3lHIK=@R86Tg zz$&}PJ@08h)HrUa3n^x4msONkThCzMgEURLO~o?`Rih~dgeJ7lRxl5)35@z2p~0j2 zBiF7BRS+o&lpf{uDqhGu^H}hWfh6=%ky}QV2TzWMr?kS3vYS@lL&}sugHz7k5oMir zI-QOH_Aw?>>afAh_`%n=pu$+J#I`S$jggZIf!`?!JJ!FXlKyh|Bf zYf+NBgu#&rg>V6z>57Yh{!*#Q=L=ZD%$WLasXLsCt?9lZ>xaN(L5Qn*&BR(VXbCm8 zz@;+3C|08NhLTG@?D4cUQ6M8Xwe`$|)9PuUbZqUo6`N?a3hTB}n_v}kbar5l>oPP6 z6hv7Myu*!w2nrgh%FH!x%A(F`9R-_-lqE>_L*@x#^ns-&atZZ>E4D5FY+W+=xF-A) zJ$`5nHKG?@NF|8PORnBOxc97xFiPL8qE}jI7!~aVx(M$O%N-RNj0>vQ@Iok zIdbu>vzr;1Kj#bHRk(aW(zd~=Y1CyQsYCz(AOJ~3K~(UzK=vEUosN+E#q7~$`aYs( zaj;wRx)DgBQ$fqyJ^U+llHOno@G+tofys^jF^8;B{TT{tp_v=L6-o(jW z5__4_q_T1)7anVHi0o_KLBOsSVZ6f~W_K46^tohTm33n6a6lF7QTXdoOB+AB~>N}|5GYokSZZ7v>YmhoE$x+FQ#rVh_((XufD66Dn z!8%c>&QS;*{yL!F87%L|S}CR9FZovuzh~*aufT?%X&d_agW!xI9yCBdJr;Ogdwr^< z)ZXFeNFwR6Ie-+yxYqiY`y zOy55FfB43?+{&%o%I&||KK)%))n5eRgFjbQ{j&`H%I)iK|7m(}Ki`W>@iYC^+6EK! zdtUXzxP9k^A|sDpx+pt#vriDI+Xq>(QRsKsbku(S$Dq{_&)<1f7*NeKF2Hw+pdTLm z7qsroiIULIcuZ}>Emqf=Eb(@;Me21pVr?(2OQUbN#s3ul9sthwE`J?AMk9}bQ?&7X z@2Rt8==a1l(MukOn;-Qp$>DhPt{h!Zq@ALROUn~j5~|1VpNDkXzk|=_JeXLFx3;zp zH#dxLqeU_|-yjLKLm`K6ba-*nZ=!&t3zr5%His|Vj?Nh&AO}<1-@QXlSjXf7NKSU{ zClmu58-e2Ywqj)HKC}#v|4`_#ZOND@79!8L3lpGeY;r|+9t>%bd}V3X*$gt3(urm^ zKbF-Gv<@+lQ;Rmp^?EKb7RPIENCOi9paJxN{LT|`*_ZdyEXS1K90k|akJE|##(bmt z!^25Kx*(a{TrOKQMiLeFK$SVGAU(`ehL>2&8YO$8D10OM1r&!%BnnfXn`o6@_m8yr zfo-QZJlWtY#=}9XiDRDeez!pel*nZ*R?#Y?RHFyL5{xAd0`$9IB>A^s$+lQF^>l#3 zJbh(A99^&_?(Xg$+}(p)Ahwv8Z+H9O^pClx&n@d) z)l~@w(KkBM)ZuBUj`{a|3z*J!`7_z@;af|6^DCNrePv|_W|eJQ0pU%qf(g9-MTPB5 zI)#o7>~^WBYgTa=L9x)Vb>GtU@jQ;Kr%We6P7gTDsY&AHG$)kpDiATT+&NaZHWSKp z&y<;+j`hpSrO$S58jvTIh}5ois40qOFUiKN$Jmp4bZ;Vh_|89y;{L{l?AZyX)M0dM zYm?3#WP#H2$+XvWYHVO>iDZzw5XPSDFI_R-2uj}xxTYoOvngHdTJ>&4zNaQ^Z9&p_ z3c|!lprJ_rdGLa%hJkPneSP(z4JVk zJaib`vN1s3aw>AVy|p_P_AP^ybdfK7HGj+P=Cz~!HemK|pDJ_aSNNDqVj->Vm2wVt zkfi%7>-5}|{Wt3}$^MbhNt$88b$e`4U1h%F>2^yTi=A`^Jy;z+GwH#1SQWyVzh~sC ze+2QhX6M*axMBUImuIms#-%ZqWcXrTM^q$3QmWdvzLch1-w#@aco6>H@`pT*MuF!` z*&uOaWoB0ip7COzj@zXN<(VTR$4p6n=Rpt*`uu_`s3Jt&C#|k=<9I(Diu>Tuo(c^= zJJ~KqV*jD(SdSBH=%kk5QTnT7szGgiH8We=xDb;+d-3qTnM7_SMyq%qany)-7fe7t zY8|OD6bTSNp3ogyQ0)m%C7Lik6c|2tKCSDAaCH+IAsI}un0a$|2qmwBfjJ`04CkSK zr9N(Z1BtsY1AiS{RZ8;Evbs0&IK3-#1J(W^KU4*OkXUq5;=99d)b9^|5!|K`&D+Gw%Klcdi* zcv}w2r;9`*alQ?@IM`YzT!jnD6Cm9N{-miO|5s&~dgLkQPOW{uIRhHxK6~!c+Ytrs zd)fwEWJ5w4&M)zBgPJBUgVJw0JJW^7*BzY$IY%cuvKJ&nn2pg z$f%k2+AG0iNMk(iL6;DZA?vOAMLfx(j@5aevoF*21id_h**EJHIH?$G{_?y?^&it0MG|ZJ##FTE? zBH--FX{HXI)KMZtuW&+h(Iu#V*BVX?(%a1#&q2=;~>LaAU6Z zmTMNBJ3#Q2UT7l(oA7%GYaA_%jxje53;{Rg0wE;1c{C!97Q!pBA}Z<%6DLPrtJJ+T z4d!-vS99QZZ634RW{(h79}fqp9T+4neN#iRQl;W}s6x}^J@#as3)FRmH+A@0ifp-P zuaamFVVZ}Oj{<}XU@p9&u?u?G^&U)@b0z9dd99%!)I~J=Vq7SY-!Y>CC1kIXmqW9Y zfVBGbQMe%n*=A+BFGbw076vTHFKgqwd;&M{&g`Cc_G*LDto>9h4+I54tVak;E28eW zZ4h-{7!{a;!F_3ky4ZqBB0*@l#-V>LGziRiLMv+*xo4O zv&_Bm4Rm?{c_v_-k4QM^b3|7_>NSO(<5$O39M?7y_@?i-`vI#XHR58$W!AJ zr$CL4s%4R0D$9d6@!cg464NbxpSuUvFUV@tH{YPWJRrKg$eY=rPDSY=&YSjRBhF%x zjW|^Ue|ztEfN3Sfj#LYGyFbs^{K*mkm$J_fxkG2R2ot)-h6`t)J-k!R1bNjQE#9!Vx#rQ;w&jG!Gg8@>P zf7^|Q@n7gxUf*Q?l@yXc6LW1DCFHinD0`EqUeA3G0(2WP`;n9G^9GThn7!R*>kidP zk)_t`#s)}1%wD`zCCZBWI;f6JI1^tp!@({1t;X#d?|&~OcOdCZwc;mtm}hHM*1IF~ zE@Q$+@A;0Wxd_nIG!YC&5)HrN2=VsHvb(*3@?`&PzgBN` z2K#~3FB<==j%1i8d&@o(OMB%oDl{PriY z$0$YShcU8@HyXEKEFodUuQ%9Q$x0K+M<2@cV2@Q8x>_ZpP9(%@npc?X9lM0V?LMUN zd;DFK2U}!q(uz?;5*M31dqnpP&jXw{T%L+#)f(DZx5X!z(|NxbCcVj65m7R1hSoa5 z^=Nh?JVI$i+TzYC^cEs$2%HKX94V=Iav63%hmRliqd|Biuv6=QI?6?g84!xRxsi0p z|3TT6BXIV@BA0Gewfpw8m5x(O?;?&#x^@YfOMFW`#zq#SF8sO$gAfms=HUYY#A>;J zD@rcnANG_9mJA+W8ZDMeG;J`mhcojVgZTTGXUo^6$Hqw0r9#BHIxFKYl3}zYeUzDc zghiA^uN*CqxKjJw(xlmJ(JTSeB}G>PH%E}G#rKqF)$|*KBn&6ba(z>Y25OJkj{)`; zk6IL2mZ^i9Vw_DTI_T!!Gqr)d+Bcv=wCPdyhG0-J?otsh?7ngOsK3<+6{T-{XQ0QB z9%k85tZtXRD6H|*@KI4AMP$_Rx;MiYHayUUfcBJH;lpUtMA9bOKT$u_bZe6<`OrqZ zdKKdwdZGslcT60>gEB{Ps$)?NiT4kznD}SCTBQ&q)WiEU*g`9FRe7d$!=m`|H*svCuhoOeA&gUuxA$OweSvS0cMDuvkNbr-o)24%Ep@RZK;T`5= zX)_ADH2qNv8dtEhvpC^5j1=D5uFJZ_VF#)6x1rLA`)$@@ zUN$3*Zug3X_QqPGOQUo&ifd*qTmj_Oe1Q6AlHz;YtMOAkUt84Q*gc|RzHHL*`7dng zzoiM3nq1cShlY=Duc+NsAgcHktyU9hLt(DoB_5a4Y#8lQf&<&40%=et%=D|N6pB5* zKdNJ3kqci~ZG2Zt4A`li^rb3-HRA%9Px@}G&Fu%nd61Vc8CuXOcZ(~wv*Z-!9C2S8` zH!;UgU5X8H1ELdpKW*q33ivmsqbt&4vw&P3%bBLK=rF+MDh8LX9le-w^0s z+ZoJ98WDH$R^eSuV{!|lBc2uWQ>V&5Ih2@iD zI{iFeNQ?#K4v=ArN1^QkL{B0P#RcJsi|0Yt+cvY1`=#89una%nNBDB^+2D)|p}6lR z$Ldl&xDTn~QuNoZi!mMC(FcCjaHUu*k4Rf5*<4;AYp%=m^bPRi@beC5db&;=%mkCs zw)!on4e^`DYQ}oypB}y9aP+EY1)ByKv6bMO7#JtM1xcO2Ps$g90v^v6sL4vv8!aiv z1XXm=r+OvTnQ)Ed`ZB~LCI5MM=%UWWBZcJ2^irVdn>s6ag(Cle(uFJDh?Xld8?ZyX zUYpaW|LhrB1 zgy+_;_7|n2C~2d^p=BFUhPh?i)w?84Y@3Io+Z5l^Dht>nf}&a?`~X-V>QaDhTEd#Tx`z_#FQH)~t}7boU_&d>BP8?k{W|0kx8pUXq?Fl{x=@Nx(2GBffEUrn?8Tq3ndwwX+{o*RMA02oSrH&(ri%fbtO!6g=;Fnst?zTsg452hrUPiQguT+Q}@euh?3#z;Ice3iD%UTGaN%iv-ocl#x zK|hp~Vq${oN~|OR{@q}q^gL>K5@q#nWXGOwam$0|2bS?N`h8cO0MuCpZDhAKIr`5v znO(ZvvCSRF6YzYkTZb0WhK%?q%YUPo!`{pQ4pDCUtopaBIYzV%sZ}GVvUcDCIu{m zLDwzakP177xU?wIFOqA%MrSLsw&+zR!7~jzh5N!VUOA3Geeu&MZc=(R_Z)GhI@^si zHhMcWQA9oJurxdJ>R4iKK1W`mJ6pieqyFylNS@0~zl^-W5tyl2lksFqLDs-LL-?SR z@y1t-Ez`pqDZbHo5W-Cf@NP+o>(LG`-&>;}$LFiK`5~51MShz{;dIKUTwoJ$`m!RV z?PzNmEcQ;t=fTl#vl+!zZ~4nmY)ZKMp<~}EkJoO^_E*imG0}{16RLRsR#%$IS~d!h z*hCu+^t;DHKtQ=Ug|5{`{C-~_0o)f*C|*-^uHc5OrC{7#xaS4|o@A`PCHCk-TU(e_ ztRO61(YNzXk8TyX`QdzfhNjW553I5dRfRi7{-^K11}F{{#6raA$A$VGqG015_5j)y}6J)J1mtC z9LUOpP^j~z9u?65hgFk~8(Y^RCtdUlI~P~Mcpg?ae+zO}!_DQGC-5&}T!M*%*qpVZ zFVtUVwFWDHQyuJZq>`Y*y(vz#q3hx;r6aYCmf&Kd9J|AOjS(7e!Ng_l1U3|yhsG*l zb+bToJ()BDQODzvjmFHqFI5P{;Tagd_LGabh5n}#&x$OuaftWd#pr?zO&#LM6}Z^s zg~Y8>l^o3zzFe^kuIC>gunANo-|AzF7#WaI1_Da!?_&$B;WWN=E;@Oq((fH}Pg8R3dN|{Y7$)a})b_4r1Zo z8w72XDgDyKdoFs0DLP5Rer7TEb>d!X_%qGIA}Q2RP$jdbVgP&m7j!?>c<{cQ7wlI+ zzU^-3s}T2e@FXfbKcfwqyoJ*v(G}J|Bq9bOf=^^pF<(}1w>evub1}+VJcNw zW&Q?C%qGAv8CmL(Ysxosq9S z6pEG7jDtH3eiz)p4E8Myha#pHt=_OM3*GEhU1A;>xJug7f<|0BUHtYZ46!-NW+~Wk zlI@~%%DOyBUsbojTP{z($&8&w*%4g~Pm7;~Y2``s8=s29Y0Xo<+uE?$4>MLTvM-dN z&kZ(KP@U6pk;Y13$`EiLV-Qz#=JJ1-L$FjSt;6n!!)DwYQDC#7^G%-89&J485lnkw znBzPBqE$YpdvN!tqTiimbO`z92mumEE#pVv!M3mL@vVmCZ{eT%<*&>GD}zic)?xfc zuU5-qNG&a=j6JL(-SfO}{zue(xF_3A@&4Dpb#X)!ZD)$kqqnZ;OJp)a^%0a-R%dg2c8_Mt8L)|-MZ}Ue zk&2HImne3E^9nn~@=4&MMlWz*^vGAn8qOpFBsmM z@`Hdi45f_8YP-Ti3iAwY*l_gzpAX)vv?NP#p%g2a70Tkf#pPbAN|GO6lsR#Tz@xKF$eHfFaaoZ zbV*i=JxbG``m&a_zH#{ISLR5Y=cJ)_Qw%I7iJjz|62Sh+K8B$UaNjirW%1RwLl?iC zwYz*H2|lk_af2==A9uTlUsC0(rxDc6@T#!^tr)G_;5qsIj+-PoL(o^b0KRCKf?j6P ze_N%~?PP|HOoPrWJbuT2Og=&%%lU-|@I;AvkLKwQ+O|4g_|hI#Ti8{47||aOxL69_ z4wEQqZnhOpKji7}8l3ilzk^rSYz=0lmh3W+V%Rp?*U?r!8~CU){BR2kL$~tnKYbE$ zecIc)`%<0U8OYZzXL{JchNvGi6}UHcsU&v!pm@@@`m{{`{od5|&nif1Abd#{{h!zV z)|#!pMZZ_R$lcVv5^g|i_VeQO|*VC=3i3pE|ecYc5oLN17YN~v0z?+M~(hm<3FYPHG}0- zcR-bY?c3sOpvR+wq1TkpQUE?eRi9=NIKWNadXDWiASdTk;%)Bu^il{tu7-1Vg9LXU4z~-qR6`9uv)+(tzqZddx&A#}f)%#9bZk`i@u$=hc*L zHMH$_0Qw4e>c(uWG_+VK3O>1k-wtX$G^XqGgLlS~Zk9NbA`}LI&=7&we=X#23d92F zqn*f#I3d_8UY53j-CHD&UP6p@k@A!UY!v7ff}X!!_lXO%T{ZNUnZt%e8?5se%WWv| z?)lF<8`lg+b8dtb#y3iAd@o!jP{~&&ne#2LRofoqPEzW6Wa^D3Bw)43ETZ^lne0&Y z7V;V5gh<#j4!;n>foPfRbB;JJbrg1$=X6HPAZoZ*&%pSqfaiwR_D^MN3b`Ce`p-02 zvV$QY24IBAu}1D?*`)7RsNX~30|iD3PRjRsuF|s3Pf_6XE~2-0k^&}Ak^|Sk@`f!W z3>9Kuq3XH*II5npUn4wecYy0TGx+@Dg?66NB~?hImNc^TZDWs2kvm3O#nyyQxm3Rb zz>Qt>^cwv7su-^Oqqx6HafXV2H+7^coYvAY3te+w;1dLHJ+F#tA*ZinXuiyooQsmK z0W}aa0T2+40r?4>OSfqZeFJi05K2rR+5e@~x%5)&wuExW>SlF5&v1EMNi8$|tfH0xUkBdI+ zmUY5nQ@zI~gE+zYnVka&7KhI|*Iw3ES3EaWbxvr0Ef=2JHT&4;()CGyWZ%vQ=y5W9 z?QLGdciwne3fRMPJ*LSv5-nbm>#yBDpHBMgc@Fpbh_*Sv1k09YQKo3SMKY9ZPSlEw zBIgg8;`h23;7j+Q2LHcwkR>!r08)xyo*0>+A>5+HM4F$O%8juKD#Qdr2k7G(`7*@p z``J3zWh;IrBBA^5?nmmQ;k#765h47jlvtXQ)$yIIHYku*{+xe0!*;p=vukb{b1Psp zs;QdKE}|X22@BUlEm|WzkS6Lc&tMwH~c zv6V@$cZmF}F+q7}VYp_VfqP=G9Hpz_*Lpt1y?QRiW45npjz-R^y&_(lQ@OLNo$FY5 z*c$1dfCF@|TE^NdT^9e~L~>ROme2Ir#J_&;-$Qn))P^12;3RF;p8*F6p8g#(`Bl#0 zL|eKC?gp1_4*s)tp0!(AJsU%wZ)0KFB=H$`=qast+0a%DJpkF0p(p#W7(V^={JJ|j z+bf%ury8#*9;-RO@~rdrMXfSk*dAvG=V3&|fgnlgfR%T6T!(CEsLQeeR|9~&9G19`!Bg2P8nJj@10XP!WCJpHk+Bh727w_0R^c6h9GsDbEXZ&E zRQtZ4x6VJku=!F$?bqbd#Vybu(_3gYkz!bL&{AWXt%uG^&i@1Ar~@fuU0h74K4X%BldzLMDIEigAPcv2S1XzhYGV~@TuwReY_x4r)# zN?Ge3jfNj^a?s7u=R<-)Z#d(ohUU1&iKW{i_X2@>OtbOOnK@gIT;kbMZ1$JAnchBI zz5g=i8?5LNlY{|9f(Q93aH*RM!41Vl;$4E~)7NMh^8*cV;7ve3p0)$e;U5g%&#gck zqmsJ^rCiG%_v{YIP`%#?Qc967P(oQZZ6c0)r=GsjSZ_ENmN8&$k7e8l$;&;uWCC8t z@ng`&qN9MA?#7;*Ct8QXqpcofGt<*HZ6{nxV#BbmC2x!6#)L{@d4eIIVG#Z>c>>jh zxJxeqM#N~=eZ*zi|BHbta?VdKS8|FQ&uz#0jFd)wM;+~Wpp=35 z&z%fju;(Cfsp|hSaL9U{45HI@saq*%PatZyo^JQrU=;qS}&WC}_V7a>8 z``Qh%OpxvBq+iGd4JD6J@3k+hUp#@B7_Ny^O9wIsK3Pze3qV)u_b+u=IMCrt5)Hn2 z3xRHJ<&m7@+(onD$Au{;KZNRB2*}*6@v_D^Avg?vIr>IJ$iP~DY7})yqa-$yPs|P$ z&yNukQR?sR{hE4nqrB)6|73WDRoU2GVp&=u*{M3)l%Rk#P#<3|{k!=Qyne`hr1boV z;o62>ZY-Mr(|`6rhy8z6E}=&BA8oZfg|?T&qc0*wC9sxjxNnCb7e3bRw?ePG0^T{2AN>8XPRNNwhg4y19e8o_ZqHLbd}E zze4>rv60ta=C&$nj1o7rSYAN4vjY}VZK{Q`1hGGbB-&fpcAI{Iin&`|A4J!!^NL~! z3b6H*8lq#P1)PTmjFT_=-Av1Q$+R6Zr8C>j^3iZD=4ScLrSW_m`~5_Tl6Fn)>-`D) z_0XMh(tiB*4R(C_mM%-~N}K9VAV}dQ)=VOM?}4 zOv9)ux~AL@zl>KJQ@?Wj`cbfxu`X;_*q`*#&)U-#u$c5dtUExS1pqHP8P*#INbW65 zEccW9^!_WeqDZp$l_)3w(UE3z&Ui}!vhu5cX&8&WSq(~I zSvSBJ>T~7vx3(#dF=gWwiDeCLuuUm>ltmhqQvcL4Mrn~I#Hi{hYdRaGc-XDQ5L4v= zzj)OYFn&nsMaX2#v*dFBPr2j#uvKSZf z3Gd>IE%M^m6l0-8<55Vg)j((BNz#gYb*oTHH(D`N zcuU$1@ zF&ee?+VJmKx2>}QVw6h>(o{*gh47!CA2@hm&x;wMb*C=>bU5%2oh$VdBIHUORL(5< z0HTr1V_Ak2{^p^<5C$&75hEiGwS@nn=swQhKFpt7haTgIjx`eQ*(1ej8oO2?#&0$B71A`D z=Jr5w*x$eujzk`c=26FZ=-RFNjD07c)G$sJOo6t*`i?nn@GkXIgKBnOPB(8Xmq<8I zL)F3b<0JsikT%3_ud->d)XwTw=BZd133#)tQ{ zz2exV)PXHa_B02FVxzf{Pmx9|;*LbAZCrovXqEFfhJ!o*V*L51H4=(x82tIwom)s8 ziS90eh)!6zh*C%~TC~1loA9R)t`>-S82&Tizjd4Z+W+%Y0d`HNV>%K#Zu5YJ73F(l z)+3l9Pj39BK93=9Fz$rztAWu`nhJDQ75vmnvb6dcHDOo&_l$mpq0W@-;V{1GTTN3A ztCWz829g4mhthE=NvN7ZuHT=IpTu#c5b2M$boL3vMXGZEoNy`-kyXFL=oYgcb#dB` z;s_ZE)Wo&7WtaTk0yJJ;$H#v;Avk%au8jmgb|xhm_wa@K^s4&w8fKs_C5SfU@9>2` zp5A?So;J6J_}P()cd@YaWd1pE2%^=)6Ca;@VeNG4$_i4Uqaj)s6BlJl8p1OR&32F* zoi!%yW~edcHj$M8?K#pvw}f?hl}EE7X>!#K7v9QyIXp4vUQTM1jgn**1W z)S{!v1^7KFI~s;Vm#ctO7cPc;TT7mVvkG=a`Noal5RcS5i~(?wt+8gO_le( z03uYHv5;vDZ=Uoyt9(y&;&ViJ)Pt*v5zNo{*-K*J`^`^@0`0jQVhfOmg_x7ZHE`@4 zg`0bxUzPCX&K#SWdHbQ zR{wsg>?O@kqU~FQM72>yw|zzv3P5XNeT-=vo2D|V<<5t4W(c|v-({T}tj>5pT3k1+ zxu2S);36X&7!W=!AZE0^kc6oktWHQFXgQM<5x{{aw!o=kOxjSRR>POr`{MT}GOSY1G}5>5 zYoWj!?g~{mjOUaqXtN!L7c+haO6j~&>x4%4Nx!Lv>O$?A12ug(EQRirG{GJv;sQ4F zY9cN~kaE=@Zv}(3?8hggHoW&i@$TvYt3~w)P^cuv;$GX=H&i0*b=+vQ!cID5 zbp7W@2QuAiJZr~zA9+Y`eNo_lonfkm#?(VWFoaFE`=JC(Y;3U^AvG zmBx+SCW1mokS;q$+FU3~Y04!wvjojABUp2t!rnmE&V=&k1ZT z7HRw@!W56qlUgQ~*S%P~1Jn=3QJK+%dZf8IeH@1fww|e28{1(LrY?7{JyMu2KaaS4 za)6#C_>WWIy{|lnk2y9)cV@inHg=8VWk5G#ZlCD{$5a-3wj;zcy@M%~p-b1eOnaQ_ zXAJW=$g;NgQ;Hf4_bp@BySE{4_N*znO@z;qOU;1(OZDRB zZqzUjd`nj9-`(N+RIb7`qpGoXheFhWa1$eT*konJC!P8w_bU{M`b*POn$6A$sO9K=n;MaMH&A4 zh*oJ0KerwfU#3!l82zjcc#Jv_TzPNk8i;2s)W0d=0gp=;_mE`b4;GaC_5Jkk^gy4- zt3HWxV|bAiU;lzumZ~zbEGb?vkqHx34&e2~QwES;*SWm|Wh30d7_S}CZP~QN34WN@ zYj}11i-dZFRI)y$&z&9%x$cO2qZ;Ewk$hf3XnCtM#f{GXS^bd+p%+_22Uryt*L9ta z&Z3X4JByK3G?f4_jO+B!Al&8cCn)ucp3iEo$%-YO^F@M|h#Q{c{;!(Gv8J4R0sN1Z zZZyy^Dm}Gb`hS2BpPDh!a6AbMUW&B5nE#{4_HS-3$&1+2>~lrjaqLlg$AUDfCW($_ zbFs5EYn(k_dM%QsCQZ$mWKL;aqRmB3*iVIYzpsD7jCI~C4TzUVG1ys)($T(FE2)Q~ zGkE2)kwivgC*R7tYu?1-usRj@$o)&Y;cBtF-BgrhV7Bt<>q;TL^|sD8v={ZaKJj5f zIJN%!YbkBA;}=|a^_JgjInocmTcdHj!yNyb{M=vj32k1W7d4#n0wic!T)!x7wS+OL z(KkkiEZRiuuKJJ=S8~VO6@AZ&C0p^A-yJHMj4m7J+xFs5yWd!>|oKi zA!irDM*vU!tWaJCI`jt4~+gsHrwx>Dh9($OW2ks4GMg%sS=5dUrSh%y|b z;m4{%u|3*Fe9!#-{#`_Qfl7bME?*YFXTo;;HbkHP-S1|@EiS+c?u7bS^f(fHuK0;g zsJY;`)B!@t!@~KosBI_uA5TJ1rLq|AH^!WA&k#ySyNzGORp^B9@8xgLzw_4KnSZgv zQ_r?%x=J2nAGLjNCgEa};El8Y=>~*Ki$Dt~FR_(u7bS<1@J!yn zAl81xQRQK6{$U6Ye5Ty;)ahDuQS=g$rIg8*|Nf0X1+lqe=fL2zOv=|{ z?FYk)RFPUG+`Oy_DBv#v8_Wg4^1DI)JuJlX`mVkmD6TQNEBTjF|G3eX-!(IK0S%ix z1nVP%Qh&7!PD(xX;*$~Yb+si3HE9h4z~80I?BQIWHF+o0qv{AY>YAH-k>pV=0lC&KJ)VU17mbQ!A+o`PlyZ|j^v#_$ zF_^D4*o%_=6fT2jFd2(L4b%NbAiAK8p5_r@s_ST^6H)c;{=hbU4&dZd-8ZLVbnge% z*JsO@>@2&157P!rc`7U+D;WkVW!ma)0EO_pLB=sGl~V^AazBRo8>{`#fLi{3moE38CtS5NI46?wsW z@;D04{3Yz+B1sPGV_)TV;jM~k*$5-sbs_n5YAe~n-w6n)ecHmC;}T14g&iedvimfX zYcBWqw=1R;#QeO4gajBx5$!9?my+zG@hQsV>)fmOyOQu4%oOQF_=q-jbj!Ir4YOy< zVz_lTbMa7MKO15qtw4Yd^X1(Cy+V8n9>2TR=INk&+mlW2`5GQQw3R}IA%p{IC{E2x z>6pjjrIlRU08e5MK{?O3M(7{&z$MwA?{(*sPIpp!ky!a6O&g+Pmw}R1 zE7QvTKabM>Bi_eVI}q1(z)i{mZ<;)-H&wdKhF5iTy0*N5X(mtFGg%BDI$WJM6~j>h zszpVM?soxvj9Qps^Z99H3N5{ZE|tsFRAL;`+P;{;AEVfg7ra#pm#BM`=V~P}T(~w& zPV&O|aVFvG4g`Fgm!H8%)c^Px;@PY$&tb&c>>8w&Lae6L=Mm3Q~DAv zte!5E#WruLzM-dbLZ42{%JsC40$Y3$b#aMbNKATsADf`A@+Ce zm8IgH1%6Oc2T!-zZhv7d}bshsB1E(E?ZcQk;YogYJbYh|1Q2c(^w~wwY764r8&vE=f6?=$#6$vdTM=GPV0tLkW z9b)M1NKo+}s3$gcG?59-ZA0>_Vo+JAO@z>AUMLq$Q1Zl9J6&5jt^6^L>1Y@(CQClO z>$}~$zQUXX_=OPg7TqAp3kxB6zKeH`%hw}B7VEm?lz(i?k+_HeBvS6U98EDu;G8Y> zAng%-UC9DGmDKMdmlt&Zg8X4~r61EnqQE-!^mt_`IU!fHNsV+^+?TG&ms1HmDHTHHhCIB zK}e-Fgb6~00aZph@9qt|Q%e0+aq3t$g6W4Irzh$qcNp?)LT)i3SE8!3-+Ub_e(~T= z-5|(>hylDvxl;S`OdFaUISbPzJQ* zQ!RURM0S1~4gSvspRy_O{j=TQYo`~emo3<|pHm?ur+hvD`?kif1BHa+*_l3nl9tI# zFo_s0dik*-DD@9mA)@Fh3UvQA`ckGNpSA!ri23#6)|BV`^VNReCb(;mI0zkk?3}TB8#Hps<2VCzni*uU*Z*Ge zng+hzZDNji)K{G+L(+extjCM3x#!`*6ud6qBlgV%c=5JT>K0R{9KuX%yf55MYWc-# z15xjof4W<_wRE)fHs#j-Zq?(Zi;BsSDHP-$S=WtopWKT%O`9D1)jdhJ1h|Ci3D!pMcjbI;?`YYKDCi{i8Lsn73;c{eZT#s60e;9|&WVsMz@9f5r$ zSmzSpb}$qYu{ZV>=F)3rK-!qBbreWig`_MtBZdzp1o=d;U013Bgy+g)|F`D+{{uU$ ztxW1}6{#%1&knOL5Ir}T$n|9!XeYCTKEn~KSZ4M46rXwQx$*M7=g*1_K(ajiNI}lc z)xUM2e+9g=Lh;69WFnPuIKirEwFm?>V!2ND$C}JBZB1pr8EqUAF%)GWiB+fT&d#C* zaY9lL3L~M-jvyp$S8cONDI=SP>~;$?@!g2GV5aky zk1amcqE}CwTy1bWyy1y7P7(Qqq+z1i_#WBXV;zJ0^Tj>j&vj4GJbI;a`p7@EOI}8=J1Hwa?&J?%%m) zn4qd8z5>^6w@|W%^T?7JnU-nLv)OXMJ>{*XeQp}ef$CIAwV4R>eJT$R&gz}}B zLjp%c&-Piq#5AMh`(v_6O4qXv((54|>4fov8O8y@|41Yv9=Kzfqx^gZ&v0Tv?5oUu5{FF3PqAa<1Fn04r`-yoMt4w+pIR8X|_rZHy`_+ z#mqC85WwFji2s9C`32c{qG(U^KdjybeLW3@4xn#(0gI>i!*IhK4UN+pyMLa%gYy=f zEZkv4$et6Ii}#wH!YY=pQ2mNEe3Sc+M<|9kmSJB*-iufb*TO!@GyIRddzn?rFaRoZ zTwOSzW#VS@oh)PF;9lV;jf-hkJpH@!)Ile#aV6sx@{hH*UC|MC{7=@B`HU%mA+m+_ zGX`%7B%qzC|G%;AM4+t9A>g5wQ?5cloLyQ1MVr~RoS7Y$o-2oS8e&|;XMM)!HImvt z^y~cDShl&p?Qz~|^E44ob*L8=a<7)V3nN~`&Hw=kQ(yAtN?CRHd9Z=tM2f`I_IN;c z&t*HNy^$J1j()C)9HNka_j9>4JO<#F2*PJs%ID?D{1f(~*GuE<)C*lcgq6}FAFZo& zK_a1Gu^jiOf6rQbG8hm{PGZV48MVhbZHZTzWbJwu0frD4G^Ug4zg)*Q(Wm&XhYHri z073rue-ywiV&1*;_T!sWIH}-%VX~`a8F*pE30=3o`GJl)UVT|I*;(7vsauZeG3y|r zB&mMtb##bQ7hsH#>zNmJH@}_qT^=Yxo^xd;Fw|3&mHFnFK67ps6Z6fmelO0LqnkxMDAHVw z?3MlQo<~9eROTddKnqcO+TbwK7_qeiYW$Es=<5xOesVIjQsgk_~t`Uh&lCgRG6HcI_D3tMfETRM(Lz6W*RF({wn z%%5zL?04l8h0bzhmTY)5W70f{9%A+ln6Xxq^?DD59n%bw$#@(b?b1t2AT+w3Q^LtHQ*?K_uLcbLkr_84 z159tMs(K@45TQ+&*x8H}&|G!&Q!~;l%gZPOdzzH3LfOzuM_VTg&-_sOB@X5;w)B-S zJu5V7jIk*rQW*&c1vGvAjLq2LS5krG>u1+;meNb~Q*|b99kuQ#l&LqGbtKmB9w>Px zx}dP`d2eG5;C_3?3E+y>m$I9K@O#n5fdI~KC3~KKn91?iJMid3Y6QS5Hr=}eNYL7m z2zhS_YN3FVGc#4rn@5Fp^4@NFwwA~yZt(=X_bOt?&lP|`0pzSqOp%Y^|HPLK{rzz{ zwPkIskpikZ>;E4qz{d=LOM&@+rGQsr(-2oxQlZY+4(1MUGflBn?1N=1ALHr2JtY+odfcZI&f|3$fr<5hY8U*(6VM#(86rN#>Ko!X3($Y|JZUao8X?pB?6pGI23>nddD zDS8HnBD9lRF&wb5KTC@XEn?U3J^uvpbs4dwNO${Ha1|>RW?6x8g?cYz+*ylJM5)pB z$aL7#R{SucqOaLz&;*wsrilCZMFq@$FvQUy*lh1h7LUflbN*+k5c|(k(Rnp9%?(1h z{{-NQa>ewLdZG%hP+s(+hJfCt#OA19^0o2-8;k`dEK^2>?XP>7ybSf{CHG9m3%<@I zo)VE2ctjZr2xydq$-~FH-r$@VeNlZwb)hpZX$jv~M`OGD2XHx&NTh%-d0wYq$NIG0 z1k5HhQdYiB#=cWB@%iTWr4Q$9n{DYmG|Sz;`)+Q#J4LUSRf!invG{JC+z69~Oy*_% zq&%AQGDd^(hQ&8qt7SVegsm!c8f5&ju2KC7gU>Oi!K-Gu@e}X5rCFN}YAjX&=+k+tE!?QE7~g6|6| zFua(CtXc@JNUQ)Q?54mKF$;xw)f5%O6Z~NZ?MDvM1sc0kER8Ysx7(g?xtXlVY@*D& z7MDqM%7P5M_!R-6`z;3X_~Lm!Lr-OcoP~OUHLX=ny{KlUu>beA z%=omrfQ@#paYof=<8buN?ZbzAZmM*Mj;4;g$#-d{y5o|2a z%;2Sp3x?40R25OQV)^SU)u4 zbd?4VJRyn!H-zr?O^Ux;d4J)3>ZKCe&-XYN(~YO>1ztboU7(A;c^7%FIwQVt^uwR6 zlIV;}(!|7|fT8H~rVgWXtmqfV&PMXDIpj!WE`8lOlX0)KD;kpWHOmDImmxewP2>hB ztlew%dwr*6Bg-Y75cKe9j*dRFi^WK=fG&!l@Ozr?ES`qnCxRAX`Oi*PR=YlrcYt?% z@FpyQ^UH5$Siq@i6Y=w&w#z!nO^`ZrXokcN!>GT=s?Da>zZN0sMo-il-Y%iO{S4Ec z6{-7(jaYyc^e>t`>Kt{sSlT+hB!-I&^=iw$$#t2%yiprZ>C|b&?~8o{y?13rXCHrd zNO$t*dndJE6H}+Jne5C%4nL^72oxABwPSsY=tosPFJ-`M^30Zp<<(Q>09XlPhb`7j zdX|E(B#(YS#XhW|w(%p_w|hk>0rCi?xiydq>1BI$5SBDb)zTYA6#e$3LFqi7S$8=_ zTHy_Tdi;n9x7v+ifrJ}|sLYA-Yxa5qE@OX27Ou=S=qfEq?P3o-bg%Vz7^dIf*)iK& zZbwY!2q}o@Q^e{b#{v)KNEqDxl-gJRqeea|Jeu@-cH|b8F->p7e*CBj{QEv% z_!kMkIW{rpe8+Yg5%2JmdcI=?=8NfOtklFbS3x57CM^rKpA)ZP78f>Q>S+ms_LL*9)3Df(zoP0NOwR4 zg?UcZ1%?NKWrjZ~3$x~JC89yAxGQgG2!iHW@7?5t)f;4-n1=loIg{z&4mu1jYJg7~ zh#OA71Dw^T6yRt5ej2pDfS|GsZoTBl`M7fNs~_QA5m9`(RqPjw1F!JRhxmS)boYh4 zP`EAcD~f*h)^?@9?}(0bf7sp~EiKRrbpFx)r02N-JlaVr4XVTO*sqq{Y$^}!t0sKh z)pLn_sH#Uyf7R@Z#QI6!k=@%Pge@WM)Sli6%4SzJw(0wqhgyElqJv&zgX|6Ogm!>> zROiX6bHG@Kf`7GQ_fI+P71>w^L{*9LAD;+~IkQF^$FHE)TbTewTQfXy2>P0@J#BRu zi1zF9{a#O|8d~pn3b9@ADFNcUZ&Q&PMD;^98DN3+V(@`Wo^%bp><8s=XeHl75{KOOx2Irl*qHr?PXOBt(mz z7UWPu#ju*6i!-6fJb1@QN3g;yUZV;`HeM6@a%XHfJfC~_InSRGY?+g`UTI`>9|&PRT~AE3$WTTS!|xvkP;t-{2? zN?}rv4ckIqP1MZ+T&>5kp6(v^e~SM}^yy<~N=a0qP3<9*ky@h36~r?I#IYO5ma+}3 z8xDfiLQ>T4JjXf0g1c%&wId{6G^RmM%kv~TuM3U-i(r}QJJZipid-|? z?0L#Foo$tlOCV3h_`FY2dY5R(we)+d)(pa!OlP5X8UiXgM6oT^?}_*iloj)SS519t zyt8Ma_8u;ZAiOS5I@CHko2&Zl@m>hD_Zu7zpb0L-O;KvH1#vJ7wP>#*K=8t|871Am zmf4$2Nm%yAQyAt)HIyAa8+Z2=UM#As0=JoR7d+DPP$WYgpf}Xdbx+Whf`@yTrw?P2 zpz~Oqd#U;e(*qlupiIEDBj}u1LTJHoOI$OYq?e9~!4ki^!gs005{mD2M^pQ~Sn~Wx zGXP%|*o@RHOi^gk#P@4#&`{eCr{3Em1Dv5ny{OU^cN+7d171u>eRqnK-;XlOLIi?D;Gs7nXeD{q)6&Og$ zI%dvgP`=yC{diO9$|)$GYB+w~?VKjvzlkc!kxw{%JUMw>Or5)k+P`_?@Z5d7cCmDXTv0$eyQTI*K!nd>^kr;?JocqGeF9%nwUv)U{mG z@sOLdlxfU+mYsj>T7`TRd|?f{+l)D+$VT`b@i>s_vG^J#90>3}pKMjX`5{~V_RHC^A>}0Y!NKZj zK4BI>qVwce&{OdEHA$6U5qR+-d%*@yc3m5n8Au8l9?3|-BJT9Ds)wo0y-jC{+gt3O zlLanVtLGgJ{y&d+T{QVt6S6?w=AX(xh>{22$fdM^4_tqg2$XlmIDWF0(2V?0cE?Od z`)R5r;C%Z^=G}CaDo`wtNi*?VJ&}5tr};iIfqnyYn*!L>!A26IUJ#3W`uoE>&gO;0_|K3LB}0`8e{1p{QtDBXu1WNZ_H zI08N8JJio7G(X$n*h2kYSbs0Prm6==K8)a_0dHRN+p@ABOgBNJ5D!5&!x|1cCx-&{ z-Q5Z=RXw*v@IkfV?PscGNO70YN6_@QauWSv#NkvYv9kFH-MRl@T|d{-t<_#dK+%hR z_qWWnLLTJu1G8S!o?>YGLv9)I(~|7AAJ-$-<7Kz6$@(-FKdd%+MBMmKhXYKiJ_c`6 zR@R6Yb~F>kQgqHoJZwBY@w2=GmwGZfLEq+x>r#>WQFRp*|D&`OoKfPqojDFMEDAFX zoqwVbIMS+ky+qQE#o^{&24sXTaqWWXCV)911M}fu8x!-cxejt?i255u+37}T9trsS%GNM9Bna8CQ|+O zuviw!vXXP`yxh_s=$_RB?ciWQg@y@%$7BHDZMwFlan3U!6xfxAwjal zHO#R1&|l!BS4a;7DOD7pC zmHI0WBpc+-mpwkAlugKI;&2{YyEOSsG$@kfWQ#uMoV4GWIEbzA!tPBS#BfgS46Kn8 zm{Nw_xbx?*?IVHkOX9e$; zsRMB}V}fV6I_*$PU>2w?gQk0BrVzlAn;8!8)i=~K${`(}P%tXlEVG+V+uZqM9wVS| zSaj-`Z03F?#YY4O-UWH~Fnyp4wOdjZD&m5T+y_=TY!~YNvWz3V+GNTsu$kO_Reiga zrVCYEb|&xsd(ywGqnW4}-K=d7eNAN1m@}!R4^odWf77To_l`B!ZmQz@8H)d(@8$cA zak+?JRGN(23C^lplTbCk)?UfX$-dphQK5^%*u>ey+5XzD1Qh6lJXp4DWX|~IH{|s9 zD7aZIu&f}eqLjN z=PpaP^2a#~OG*Eb;2jnL3F9RHC89i;*M7uAqUq!*iK1nnu#=_hj}7dJw$ zqy^Rf2UJ!wy&i-;P~TdW+N53_m(EG!J_m+w-QW9o+RKC_L20iANfTl9yTS2 zXcT!xGGnzB=zEx)DG)?RBXSV_5)u@03tg2k0#N zDrU`8>(p%om0heEsY66Q(Fd1wMHWB@etJ(9Sr{*$?V_Ly^g!_UuwucboRJ0eH>V=e zxKu;kPjGqvCt`gDy$B*C%@UpHq;i>HS~2@ypFIB3OnRu!5Mg=#2@8Vv`JA)xz*wC( zJQ95xk_&o8u!H~A85`r|;6ByI4|(Bick-BSN7S+_zXM=LQq_u-_I`-RcwU;n`NZ?o z3phIB4!n%3^B=og4&!KzU|JFU>#XIW#~%J+F)=f%aEMP5Z%A~K)7Chk;(H)RLM`5s zbk|R-^GD8`=`#IS=yR#!L1}2N?(zF9*iC;}_U+uKB>GZhS;AK)c3x4yb|7ub;&Gz9 z)h{U4VQhy*1@MhP1IBb!?&NJn|*yfB)eLXWOnaK;Z%n38*E0Ch8t{ za|6}g08IPj*@$%0$~N*DdmmNb-yJzY^ThCnO-;;-D9A3^o_e!+YwP-h68|L_IYV#a z>tFlXd++o`WYnohc>5)#yOLfuP{vKBuyF4LCQpgpAeC}KN0csEcQ1KB9G&62HNZCv z37RJ)U+T+?N1qToRoiW$Ya9c+K8{F##HCav_>-)MA*4+GpAvq44ck>T9VaOo{g?g3 z1F4{y{yy%A8B2cKyIfzlaN1LAGLSD%o9Li+W|1?V0M+h5U;``AtxaOzKHS zSfJC>twMUvpjGu{EozFc?W$DLf#>$HN5!0SD> zeLsZ>pkr9F5x<{c%{8zHoc1^BT$8kiKeH+Lb}KtnC=ct1AK>}i(6NB(pHTNs?i7Ap zoF)*;8!I&lNX?4PHxo~1Hquz+__I17_`kIPB& z5@=wRZ76H5id3I7QY7&Yx4npI%g64-)YPdB+&i5#5C?9CN0-75-wpH0L3sklyGqr% z$KW%$ql&X8NCyV!e(CzMte)HCjUV%W% zQcB$dgKnt5W<&TNQt{xf(u;A7JdN*Zgk?)UbY9 zTe?RbXXrg8LlpNf%Cb7>$2gJ~$_3$+QC8^4sshJYxK2dzhp)*sjn*p98BHE(Vzz&y zJPL;9`=g~-Ui#rtkroq2h>4p24qOa@I#Uoh*oa<=77yIix0 zpIPqBboTfuC z?oQ_u{G6uE&y&6MV`TlN$r73Mxo%k_g#P;qKdaNnLvwfY*E@%9Pk&CM=_AJYk^XN; zJdZl&P`lllW`-gg`Zh@u)r`t;ZRf4#oagrGo(|ktHph>@@z)2W+1rw`2ipVaeTZT^ z>Rq!s4-w9g*Lt6ZR3v_Jpx7hk6-05E>IB{-FvgJD+?ayfE)#gW;rlkUKa6M9AId3J z4_6)N-3xt_db6ufbcj@){P$@Z$b9}?95eCTbW<9Fn-BD{#1;pbfV^44US8fe7<-%Q z?c;OA%gg?b(jfHhPD?j2M~8?0S8gwB{g95FkwkNg*rP;%&E4EccF5&g3QzYOj>>60 zZiHTO>yRWBYmtxs8}ucXqNvhllJHHr3?pA^`$D?YaLpVdUf%{^c9QWQWipNqBDuJv zcykMb1P(|w>#VV4Qw1{;W(RrErcPlhYP?f92f7BMmwdld6mPOj_w(!+Z}6L$KbLNt zY`Q&KuWQv|R9IxcdD*~{LFqDO7nekvzYTv0GJa5Pbgzv2NK zC2=yqeD4oJ{|>FkDlT@gpBU7138+ua_Z{9^aOsM;>u5qRU0$05?q%jnDS?j$X@Krk z+GXMsOkUl0?ug_HK<@Ip-kffR9Y#Rzf`40jAa`zz_1s+56}Uec;KQnUvnjEsAdyw( z>29Yu!3IfZ40ej|9I@kU79#zN+yNQp`?f{mPEF{ZXHZK(;L-AHrTP!lyP5f8X~FM1 z&%>nx_i6B=fr7jYp0wz_cG0&aGr=0bfu~h*bke>G+^mFBX=pDXNg6g(@R@ycf#pMx zXbGiz9%69$+&P1S#4j!d;Lc3!iMVdb#>&yYz90LHVFW~mUBeO#??YLCQ|?D*0GzMT z%bc>-HYUg7J&6Eij8vGArQ0lpaTr23$cPM(AsLBEa>>`Jr4 ze{9V}m{VHEY_>XaO2Dy(OW7FQw+eIxzY4s{=v%l51~l(Cl>bI8?yK%qa*ahsDu`y> zei(p-&uIM4cngnGhjhGl9-1Es`9@Za18y_E)$v$tt;}Aj>V>RiN5Z3Yr6@7I(^mj4 zFqnd0`ym%$bzOCE(3>!nP!od7b*%XQN23`wH8zYCfs>mxZbk_Ly5> zfA+}ITQeDh$n4JP)D|Qw>vo7@?*9M=+)!n)soukNK5(p{V zH@K!Qy_hVKwYdKB{kJ19)dNpKVpo_2e78dXUo5--mZiArzB2FaoI9UGl`4D}$sq-$ zCKP<0o95@`=H_?bburrM;g_@Y6S2d$^piF!cI#!yGTOcm&9tHe+5NVmQMY*8<7~*u z_L{>tMST2YXIjhEV$iUe>+({795vw>=5PKO7*(CSD^-22MTM!1k0Zo ztCe5>GOcmBxK!3+%$N)pKq{fljx*uJANbDrVbH`MnvvPfSW2)OMl^g;A9pj5!>4%nm9T6)Ysb)U=2Z_8F&igVETtlF-#7rASX){Gz39h+~!D+o#3m8IM5j zsC*BY$27FyF8-#ar*_Lrub=~KZ}lvHvW;s6F$OIW1uyY}VAc^mkS9jyPJE zBNs@DvRsY;_pZ2+W%59Osoo!k z==`@miKvBDkIfFSE0KH@4ID@K4fXgLH!6qAn}PB@K4#eJd?2oaNDSm*bL7_S^?$&_ zu%U%jg{+rSzFbC!sFhGs0>MW_X>Sy2Gm7azPT+$I09oV-jB%91pDi5J^ zDURts`Ev1X-ZQiP<>#Kr8z;_{VLykXlTeQM2RR19;=u}hRK(@qz-5M2L8%t_b-+I8 zE65?sklvt!MMUs_YMS~0_aG`*XV6_cGL&zXI1Nx@`X(O5C`&K@LOEJzJq5#N$BiqE zijFFxxZjt*v41=uySV5T7giX-H*hXq4^FOdy7BSzQ>=`Rq*#3mdmyteG#Ot9I*Bo$ zrt=*9Gw5^4hCJLT$o|g*bN2c;>1k^=`9k#7e}>j@dl~wqZ3Bk>qN))oTdqH1J)`hu z2dAwDiu43|=yiY3H+N@_{oB**k9$uw#9=*Ggycc!ihPiiqYd4%L%0bc03Vp#v!aQ( z{PK`mGOFJH=G#=O0L(}NApEJg({ZIv?CV?oM;`oa(apb%vj=ybKtL$mzABf3-t=s? z_oIq2OJVu&GkA|blb{Y6SyU*Rkl+V>u(-1Eh;~dOPyl?$QLsuwA5`A1iZ(f6OODE( zedq&QhC+~U1{OLm{5n>Hyx~)LQB4Zk^SQKu^grN=pB_MRNOCsYe^=u$$d}n)&1gQo zjElg`9!yfQ0l`QJ5Cv8L*jrma+dd=TaMa3h9P_!Z8Tkfp3-e*PICk8F4?^tfHw{HC zp{&5DfEY4){4}IcDcx|e{_cYB$5W>OY|H$FBN^{sun+F(4;B$j$T1??Axjjozx@A< zRp53@F7OE?AHR-T6>q%=9hDQsDx`ob(89R*T%r=NO%AL(S=m1Rl^Nz*LW#h46qH?l zw@$L#ZnL^OFzB=DO17siLebQ*Hngeyro;1f@UUYm=Rbg9?hp_qaL42Vu1zS@zdJt_0gkqL*s+a4u>^|kz48W>d1BZQqvB2za&l_KDdqD zw*8;HK79KM^EElc`$*76SPVn!Nz7Ys16~IS=smd6vk}APASLfwC!{ugLiqliqxY5Si z>sN7L1gGfwu<)_`VUSn0ax!4e8oO-neDCH+8JJiFS?N^^kQIs5%9{m*t&ggmgZy8T z4g8T2V8j=bL#37PX^oakAI?hhz%aFBd*ouDb}FoAxyrz zOxxcW6q73(_mv>R>dOTEF^gk7UWO45Q zl-CB`_Q`0+u3^4kcg_+sh+KUK)6yld=B9barJykIMq3i#0Asw?t8E>M=Wm*~KgS9a zzuHZq3N)zPzrS0rnsa#v7yBv1wvOtJI)gwefn424{K#`R!R*x1%@fX1taYt|Fp;YY z^QU#G;+&L4zS)m=W|}bZmB9yhH`3yx&3_e?XIml>Q9DX&@=&{6c~ud|BEJ{X_r&AY2C*K&#cm*t`(He4p6X$bS@ z#E(R#>qef+BBRIg55#A?l-c6g1ovdg8rny;pPK_+enSF`pvfu{+fi=Bi<4 zU(5g|d@W|!ThwqMLfOU?ao;R!zzxbXY4k5hu^X0Q^IW2!h2seR1f`v;iCi^T7wwfC9M$ z`ua=38up%`Kh1v_bHfUUUD~(8ReQ;_9)&z3~m}{7=ixh!*iwX zY}XCRzSLIG*>+o_SHZ7>d22@>d!))XD34)lIz0fdySx~wE!9g)X1FUo_pn}A@auB- zIisa4$RJI?ry%yMzn|+3%ZV^nFk?eymo?&}TyB|A2fi$!gtS*l8TN9{hP;lpQ&mje zLOHo2%jKZOOF2rX{wCUfSeVj|v*Me>lMBonbT9g|^35v~`{CS`U940^LRSU5>AQOQ z7P<1Jz4~_F1)){IIdspbye#?w1s0@Swy`sZ1AKlk-5G&*_*)9sQo)Z799C*sK<8gF z2Rm9$uUYavQ&Ii8pRd5^7qh z{On2PhG9nWqRjmV&CZ^ThMHDdQJ_-b_sw&}Y^=zFz1hWSFC#qhS{t}ecxBg*5(PIZ`NK~5Kb$mth@&lAX=e+6ke5L8FpCq->= z^aZTx(Kp|3cpLj)tu)I0{Q8{<16u{(t$HAtb!@;CUxC(E1&75_mnf(zrpk)ik69HM zF;I{6vneU}DbPW~m{gWayfs0@CnG~?o5N;PHx4^G9PkB)^!3E26g8Wc;nBB=Mc}r& zpZzk?QJ=}i(J83D-71n1J$=mtRM(7$r@(S&Slvv`dbWTr&-a)>oOMy_1hn9Xdx2x( z1h}Wo$b4}QOBdkULNfNCn2l^8V5OI&3hXoWZv6-N&R&7+5+SG;diC$#mbIgfaB570 z+1m9qH$ps*lht+9ZD#Vw&{&r)mHIPVu`Ye}ffrI~5dG~Ydo&4~!4YvsTRMYKTJ1Ko zAn6=Lg1m2S~RmE~%CU!2ZR}Vol*YYcE+g-+57qP0U@S(x>BuJQ}vc@vG@A5Gdf_T=obb=&`Yb5mkWNOm2Sqc8aHXcggwR z0FSrVE|B*MmPI)%4VFGsuq&G^fY-_sG>rlFfJQkK1j`o3N=$x$_URMchc6L}rClz@Z~B88p8oE5k(+ZdAF1lX*| z7!%xKJO@4FA4B8kAP+47r`gf1OE*&qK^A1z&7Wln;s#6koCEF&(R6Rd{*7Py@w*|U z`O(hQf$u*5^YuTnW*n1?sG4y{G)U)$eeT06X+ddkgIAx;6r9wAawGDrFPLfKT`a|M z`zr{|(HOze1*e`RUu*sGG3g_ zKxj{AWlpcZFWYDsY7Wb!VcWJB($!d)Fc@n8L$}hKo|Y!Wl21L1PGOW|MGkVoCaY#) z#lfa)atc|9D^W-=9D~GuYvQo`V;%u6uV6n(^W7i3xUlVLdacI>;R&c;j~V`oDyVCe zG__aq4cFiz0iS)drX&!}E(D%&)E9%dl7IG6)z3ptos+}{`@%du7u7)Ksc4BTxsObET zYT^UFZrTil=YP1kxk~66;L_~vAaGb4D{?Ht+_+;s21L?YOn+d{!4p|#jP3N7 z?la$)7tj)}vst~n(F#!-wtZh0H}J;k9WKrzw~mJ!sVr!n_|8~DRWBo{)-6m_kx8Q| z5nkqV$C1DMtY)B9)Pus{=YOPd5V>X}4Ob{UqgNP=w(qv^vjGQ#yfA0ShqX1aXUo*G zjhZ0U@c>HNyPMFa#?^VV!bAcB@4}uBZNepVcl0#ksccdT%}nk?b4Vf)d9lh@aeu5s zMyP{p*p9ALqiGjY!J~kI>=0DqLlbcMhX6l*ulngKD zHLam`xRp3144265(>$;zXa?%UKO`dp8?^uBT}dZ)u=m{>+^NLMs4(0G8jZ}hEbiwj z9kYKwEla@0c7nq-S-(U+=E#Y@+HZKO1S^D|mT03ME(UI6i1 zhJl^qOh8Tyd^CQNDbp5`&`Lf$BmxDVlvTwBROfDVelfR`QcU!eq_-;cb?$Bap(F$MM4CsFj*n- z8dSPtQbn|y(OMXnoXS2$oK9*GVNB`r<=8*n#=oe3!vde*_b2yREW(r9)Rk<(T`88) z&n&=#m5Y+fK|=P2EjliNN2MA^T3=7;?a)69cVz{b$zGvLBF+&HDxm3=LhwOAnXbpq zAWvms*)-;HiE!k_flAEc@$r!8528hwR@>srTD04Zr4bR~h?m2aUk|Wne_Ur}U$fgh z2erb7W$J+Mw5&kWM)$h_$@>+WT^Z_~Ri=irT5tJ8YqYHT_BnMWSH;#Zq)404!cinaL%x>TrE_!DTVR*;Pw77JVRYZl}qRq;B04oAFCc0^N z*stmCnw_%E=}>T+3H9f)?Aya$56bQh@l%b2!$0jw4;Qf3PunCy|5oe42f`h%K#8sJ zT)bHcr*2qzNOzU}B>c~{ngzB@pljo5N}h`js>2SlpA_s<%`v15dzGrQYu~0N1F8=| zr(ZcSuFLexl!+U-dV9yFp+3Pltx4rp;0V=E=}Gx2?lX*?NNhn6lVbSyW7JzLcB9#n z(;j_i=wGTvc3i{JN!J29sFwh|Hji*;{t&IuGl|t-m-jnZ>YvAt^5@edk}I!uF~prt zQ>~}7BmX~Zp>AUR?VPnDt{aDcfQzQa#yvn7^=>(O-da}|$~od|yN^t~=1@7s8O9=l z8;$cn1Y~D;+sW8_32`2%a^ihyqQ^A+m?eih7o#lONHT7<&3r2~)FzBz7g;8WvD>Hw|guYo8 zC!xv=Dk3wQ&zsFKG7EH)+}HjO@Py*DQ{%(bck?|P-kat92?^DtJJJbto z+Q7=Hf^qg<^0u_`?b;&FUv`>0>LIlG&BG-+h?({x|R#P4hF-Ped?dKC$u? z#*s(_0P(HA1vJ$68tH;QIfsB=PPOu8S^oFp(%I8Lq^WjLAb+#{l&wTmDAlj`oY-yo zEcPLW)|NLj($NR^O)9{za$bKj=pMc``xMYU{N-~>v8p)>ud`x@G$rEhQVC6XKvlWQ zj>|1=!g2tHxgkFB?vyEXy`!D02*BBehF}TYFJzTAAOGI_S84w9_zvQr{CPAxDOKCr zeK7+WY)?w$WZx~`AJT>9@!LZiS~IMZztx4$21aOynnBZ6Y@o(uYx_!YM}X}8-ki+| zUYHdmIlG6hgTlnOP5sO!gU)5eHxuAl zu*=VsH{TAn`KBO*8!$RZ{cqS4?aOb|qW~=T0?<)U@|((i#4p9vjiQvJG|?Syy=NgGjmSE#rh&nEJJ_53QGLI`xb{&!2tW4p}hM; zTym>pu#y1634z~!%&>`vZz zVT+f688pd*zT{RIoGPG$H0Dg<>Iko&3wEYLd1E~xg4*pwjC zLS032=U_=Ve>b_jUFw&bo(t}auD^@zU`BVcX>UCB-6{e{x=~Y_8~u`>Bw<%m0dhou zeP%7-JH8VV6wrBLPZ?z`r0d(N4|1-4SwWn*7Ei@M5sx#=UvFQ`#)1*hDj_T4XQxFz ztE7yRV#6=`n3WDy+Dnxuso$H^RZH};kjyM6uX1I=!Mao}HEsGI!|4xEO^manZL&Ak zl_>h(5&l9iGtCTtkNJI1aKnv8ri3i2#xh)z?K>}r10n4QK{87Fw4E9-nuqB5e%H4` ziP;$?b0--3G4{nB!j1Zo8twq^bKe^Zx8>{-Vtq=2RY>R{ecXBQ4`NE-{o-!biI6t* zOVDxRLM+mqvefvYh|Y~&^?JD--vpnX5`iXg3f0)!xMQ(KHpHDL8-W0{$89}o@nwkz zOU#idQ^?Wjb}hwVVEC}Rclk#eKFadmZfe*ST8b!R^0*(@5C!WLkurLa2PWo@M??+H zz{H~0NsOJrE5{)#q9nmxr~iQc6q366VIhH#A{#(Nc!f6-9{9&fzTW!I!LqCXLj`!8 z0{2qm(7qY}&GZ16=Lf0Zhq1uU81I5`Y%o2-co>QjR~e48tUL5P=}@=>uaC_J$>A2Y9^3XxQqk-qSbI<7h^T~r^n!*nsS+cIgnlz8OqE~wR9e?$f z9<%OzLC_$66^6Y)PAwj&@7i^-gK6|5O=rF=ZDm3!Uh0r^9a+y~!cGRdC(S-^3;p`a zrW$^&6$z6FQcOofTR*k@RG#(y4VV~Zyzs~yqe*!8hc7Q^AC;+ zlZGX`(yD*u9hlKB;&0?2c*2ua3jM`>k#3r{ZI}9x>wI3ClT{@NgrQ9)_Z6stBmduQ zgTAnhBcJN_CY9OgU?(Ik?!2gi805l(kNNs9;UfmYvfI2Z^kqiD^R1bJ1V8v}NCVKK z4nRaS=C|#RzcLZdZ_~FsAC=!`0m?aCODWwcjj7Ti$AZ*!p_))%wQ6oV;s`)ihs4?a zS}@4PY_m>{chp~)hkd!ojY%B^<>~BfqMgFr=hkQHTfT{}{bC zUpb(`qoxpi{$)WzGvGw^0cO5ad}1qjtbQ$HD%gciYLHswDd7HMh1H_MkWuCTHxn%2 zelfra8>``ivB%7;mDB2oIc{8EwD{(*z>R*orh>}AcLgJ=K+Ry9@0%nZ;;!o6Fumow z$97ypj*9`$KcAw8;|3{iWfWXNc|CTdJOeKeFVbMt23;Kdg5)e!*@kH=S7u&&ov$6& znZmkSQ#f_s_~!Q*8;TSlb&|&AbJXLx`a&RotH7S^9|%6uYwdyEbI?!dH_vini z>#L)p?AmuhK#&dzNofV??ve&+kZz>AW9TkHIs~L!x@SP7YiQ|`7DixTU|{f!@ArP^ z{LWeHti_tYm}mAKdp~>c`?{}7mR4QYL&xsLZau(c^#xoi=5R9ucJW(X!ul6z4Be&wMr$s z!ozRflmy8IV+vRt8H;Zwj?2z_glkf$vcRghdFFgxPj=N;h7JsFq;h=&PTmJ5f*~nW;M5RWOP~}KC*O!;l9S>j z&*#Wsv5k-`E)dIBHSp4R`AgYM=}J2BJI9Ni&KfA{!$0^h^e0` zxL1IPTxIohh0p3DF1|IdG#I~=58aXk<}6@~i@d3<97#`q!Qv)}A@Xj!@kd9^GoI33 zDEju_pF^V7M%8b<2;oDU+JSp@0PGxZ}v=?6QjNE1A6EOZ=FRmg5?wHS4u3q*q(+N zE%K&VDF553*nge6&UEGUV>O7((oERdec?Gqv*DcXfGB5za<{TQOEwV+nZ6^&_hD>D zWkQ=45&b8yaOq;Iih8^xm9A)#g z7c0~nXz|;1G{`T*AcQ^@ZiN{+a1o{$;uGGO60n70Ug$%2^E5K@>un+H_KeI?cE}(% zSsfl?jJp<}3b&vFu)+{B# z)1W`oK^ogQ!QqWr4j~wO$%r-1h3DChhsc?Wea>+wh+2LcqSoeWqikYQ@Q8 z$ji0BUb}O|b!UPV82D>0UIUo-{P9oQ54K5Doz6RXd;OfAhTk3J;fyd#Z}1~&&&{Qo zxhjdd$ppXs-L5!mBm4^_cGe>mez_a+BQ%q%n2jJ7V3J_T@OppK?T=l~M%_Faq9W^E zCG%k3DnUs^r;?Cz_2}#C=}^^USqa*@I9dJIEFtQhkR?RQ633T&+UK`V%(rW88zc{S zHig|wYf5yq=M|0R>0IZ*sgILShhynBcw4?kTx=q?CnS>otTim3(z_s-*JHQ#YLEB& zLujbrD>R#@_tx3*Q96^8Tu4fywt2gIwQ60}yi40#63IdHcGOTbTLBT%H{b8`2Fybh z*_8kR5r|Ea+mknGei!$MztQFTy&usi^N%%0L$!(fYrdhEBCc~quP6?j2dcPcOGZ7q zs~x-;+u*odiFpn_jHc@OJaS~^Z;QvW`yNyDGXPyXu+RMlBX=j5<}{_LIR|cgoWfLX zvY^mawr=$V;IHfZ!(*j&`sLob?T6XoKYP!Hg8)d)A2H6Ofv3YlgCFp)|Xf2yT3*;2KEUT#$^99 zzb*uhl+86ZcZZ>Yp@szZFo_^9_}RxVLEgJP^(09I%chreA-xe-hu7u&H}AhGp5?IE zIESL`b#U|&#B+f#E2S=K8uO{)cfVo)z>!ZRukP)#!CRr!Uci^^dvVi8Cclkijd-ME zz01haBJA)#Dkfb2a?|02F@JBtDBZoHd`Q0jDD|{YxRUPn$t@C;jm)1%;LhSQ&h`x7 z??WaeJ?v!BCy-R3|DQJpw~G+IAwIg@TJ5JLN6uV%9r~UV@m3T=P;JgIt1l{tv7c+= zL;!jkDH*D0W_yxYh_KXta`z}5n!RD!?ob4_2o~ZURc-8ooK(kBx5WE_J00!Urr$eE zOX$8xAeM}mxuXEZbcOfSFsK~xC-v^~=W^|tmJ~?1dK)oLv0|-JT4<;6H51!Oew-l;D`y*x>inQfUH$Q62rLy+WHbm3gv zSg|LYBX1j`0Ri_VThH(izA4<2p0$;9fgKT7kX0IZ8f*Bnu|FM>nF>CDe33zWT*RP^ z?lFXP##4C0ZoWVyR8UREAR1g?wlC+EUh=A2S1ztrg;}1bwTmZ8LG5+Qk1~_G>LJU< z0lFyb?SJ~Tf&EKvK#jt&;;cEWB91jLV3fbv8^^ZQ(E^khY46}OU){(;dLUz-$&%~$cyp1y( zkc>v_n2rQ65z|q$lDn-(Y0LfPcv$LSNWlX*ejV$Q8WwPS zMTT5WZhKvlH)p|a_uolar8&nf434<$-h7FL9fblCh{Ir6wrdLKh$|VyrAs??v6_9G@zd&dnts}*7T1$ z_7wE^p)Jc!jgmFl^|1ifhHI$U%pPgp%XAfwdrtdAIVr*;%tOf$FF3*}CLUL+<%b)? zgM@lZHYnu<)ji$cO{!A+kO!@2=aig(K!sol1wF5Xg^V0eCmt5I9WzagxGbRRW!tOK zZ}M@^l;UudaRuKV%e#|guxxaKFEKkc*N@*&`tX25hw2Wv{9)@g-&L&EGRyc~Jb~Pw znolauMKU$-ps>xLlcuQ=BjSg@=Cpp5LaMyrPJmb8)ue&6cQx zaG+MGedGJXpi_NL^Lp0!V&r|v3{IfT7W>?9PxH!&pcYb;JyZ1JoF}71|9xB^+wG}; zfEy|YNR?4_{jU_#45uZ0qvr!$1X)mri&t#XEL~b#4V!PVtXV4DBlR$1a_&V#J}T~_ zFj$MBG!6AW#rba~0$zGu{ z!w9AOwFWtquKutNvPn-UBN4E269<~2$DN!-Co_`4eDZDbk6~`H z6h=3C{;n)*or$-D+Q!1mMr^y4DZ}1@s zI3N;P`#}Zxup70k#s*WB{hNdj5mX=AcO%SA3sjDzOU?ab{WNj_m8HK(BJn1ZfO2e6hC_btmlm9r!5W0VhkSp$-(=qRO&YI zjgDNvh-)rjSvZtXXxhE-!i`07z3WFf3C(U~d=WRIfxujX4v!7iB=Ft=o_!ZMabonL zV#^x+P}=eS<>_sF3l1-ys5K4>GpN<%Igg|z-1cSLN&b&W!I)&USLg2L8_@e~xp@tv z0WC*vNgEV4Km=&oau>wNs58F3LGr3`nfW-BkrCAUqQ4hV-utStXdB2=RkR$cpfLRT z#p81T=sJI|#$)aG$w5v)EADIgv`M>*GL2qrTMkUT4L*nYcHBkKO5FQZWi02k3RzEo^+NS6M51`z4~b9ZO2 z*`-me?TRlH5|0@?VOL*z_%*s}fA3GgH~=^Z-_UyVi&)=iNieB~i8g^%gUPo{Kca=` z3-b1ZEKrcXP(zE}^19ObK+P3uiIxAGx=7P)U>e&73W;R4H7mz`|FaKM}=C@)%U-Mr*8B?5> zekht8O{8@ZR%G3(02S2d?rSFdU!$keiNZ7{3;2Z^uZHEdu$gg#MBPXQM^wr`hC4B! zTiWv7ZmPV~eeza-L!U6@Z6Cqf4(TW6D~h;wTSzcxRB2J#qG)S+dV*Qjc#BFtQhR zDfjM?K$X4CEbULn%YDKx>Gkx6E2l*;>z^^ITNJjJEKKCtk1DG=Q4^fb?~{FP(jtRs z1l`>;QrQ&{U{ch2Xh-d~7H&It(brcGR1f&~}K8s!niEaF=2 zdE!(E{?2&KHpxTwyniIUScN0a6YxE2u~mBEdBOIC;y|e2xQ!V#pKtX2NyS!~&U|We zw(92hH&?Dq_tw!!U6%kYq%@V>)6k4%_8zy7$FNr5!`1RVEEI7?VdXU${%VfwkaZ#l z$3B=9^CkW}QhcSDrm(3R>L=uC^KR)aMj1lbs-u=#nrWAB>!k{Xc0x&Ucg*MHTTh$61og;no!u9>ro| zGY^`iggX`dX=J|XvNcmpSzpnLzhvIM(AL&jSE^6kOz!K%`F#k6=1*X00@X-4nB(t9 zsi|Umk>XS-M=idyP%&Sm48e7#KqzDcG}YY8t|oP?lm**BD*v1ygLGbG3%__sNj3W& z__)oG^!e=b^^FA6e52F(+IDB<&U+_x{>9cGgs0dA!QYYs@JMThMLdb!bSB?dY(-!o zB^0V;qCh$stHvl-1W^qfPWPqB+qB;u>PNMjDY!fIfTlTa3fbK5!cm8XV1`Ipx_qXZDIMHKq0&okx z|Ga3;1-Mb?1Cs833z_BqnitAflNwLFWVmJYO1gySLXhHN64jtBV|WjO;zK!l;s^>G zDw!rxgt(S4-N=qc>-dShp?^!dd9U4zwHU{UJ2Lc#Xw-I6!7L)ZSXC>7mk|@p-kKs$ zSah|x%G)Zo-acpBn=Hc2QOxF`w)pIj$V@LWM$DrXICK*H%)%*s2oGI$0*b~svFkvT z)TaS>*&g+sAGL;|Td$)paF)7Vz-1^5RjZuYx&7(ujeBLAt>-ZDu;1HD-H%!)3(%`N znHIAD8Kp)ATT6J?Wfjh0#a781NPStT5w+4&XIVA&D>d|Y=PxrL9LDt_^lwmmdEMtt9 z1y)@v;bqP`5matdUowMAkPEP3_&b}>Ly;@oqVLwr`5B^n35C#?+pZe8bJI541x zZi-qnY_TPLR$r5IaZ4+zv7}~}B%T96(oCRCOd;2`1MhFlP6Owkxu?Hb+Z{2)geA-h zMJM+rj_IjxS+u zd^u)qsL8L`>M%7VBk6tXAvF&jJPE)5z~wI^Z#l@y`K^QYig~^<=zNXv`uzR#!)wcn zJtnKdR}Rh0EE581pw>n4p1Ktvn(jahv6R1QEH* zf-D)wMjL0@*=|JWkm&|!TVlp*da@u_ErevMR=Q%E2})b0r$$n;$GO|)lwj((h?9owaytBwEuI*ycH-O6oE?6V z^nlSpESu&RoH5q(gc1iQz|M6&^Zse|=IP4CRL2~_)hx?=>XQ5^!)=fq3vvCa&^;0) z4tZMmP+nchPftj0ClyXNjEX8`SdJ}QIxT?sa?-}uudM2yF0Di0YeIe-)rmvLQT-6I zv)dV6z@iQ+FVlUSqy_#>!uZxd%VmH-AehiESimOf*PG>SR;)S{dUZ%3H;8qoc{6 zdb=mIkm97SGaUE4YsM{ ze9RH~qb5Z0^I`8J$WW~jPk=9PS7T8%H@E^zx7U6Q+s$tWDB}sg`zB7dMEi3dmOn^W zlwUv{6!8&SwtW4Z{&?u8&F!;C&p^D>ykZ{&XI{vc(_M}0EhjtA%b`M$(Bt9`#5}Y% zsS>OXYLKHrDmCgAF6Ws3QqwN^*-Nczg-=$Fdw5vi{VB~b51_Y5L1bMgEa9z3P^#%< zz??+3_p2vTk$#}{qZ6EY@rU9jPt(ixvHxNL&Yq$+ZHuLOOo@ri(Sa33QnG4fa>jOPawn^3~_}=7ac&>SbG}CTRC@2F_-=L5wdd1wV2UP zjrZ`%KX&;5Mmc_jq-g^1H@2*ED1%~BFvx8lGPpAZIoPLR&+etgrjyV(*D2Qf)Kh8! zA2LbLn^gmOzN)kwVD(`#j1bc8(0zvt|xt}07aSK&7}9>rs8>A1DWcZrqO^voEbsK z38d`kZUcs;FS4-46s?o=K9a+Hx0hLCHjCkb2}42P}b#sbi~L9Tv*Jz z;nYBDSV=@?v-_J?1J(HuNv~?Kt)0ar_;m^9KlU(>LRE1todnrV!z+qDsP&XMwy-d~ zG?!U;h(@vnjwb$`Kx(>t4q)%=^WhQVMIcX*#}}uyyoea23@0L0^QhT;9-?LxVj+rO z-FZHgd8EgQttQnbiPTZp+@nI)<jv`@%>&s5?ppgnb<@WLSX8cWBy^H(H4!i%tC9ms2;+Gva zd4SXR+6J#jp%VzUUO!5{i`RyAPiLt-kOJFn4K#(u20O?-4Ydti?|rkqoE4J4?8Ut6 zkF0hZ6@|#(uNH9beEcB=R&Ouf&xt|Gzm%<0*a5pp9{!_3oT|T7b_{dD`Y>X5FNjc( z^j8DzEUa+9`~F+Xrt(7xxXp-8mlX&E!Mtv)UwQj`4&qs*m(Xn;|Lc`~@sA|lbB(2j z7Or4tTFTXTaxu9dafY}B=4WPGX-p?(qw>Eca<1X?BPuA?&~+M!kccnt#o>9D)%4n% z7vChLRcF-NesA(~RjFH=eHft~|2ecvot-EQVuay&&S@A3>suAkF#)r;|7s5_m9ahx z?W-`4F|;q;=e4XHu!c`@$LurXck`IbF%t=@FE;PYw^{g>)K}Y)CT7+ z5A2IzWbJ#08iF)K($R0 zd8Xo`zWMZiwdWJn@ck1XotR7CPfz!OX7g?e%)>z~ran~S73T8V>)Q3FWS6f-Woe09 zQ&vAVyr>PaSyYyq7pr6Laq%;LrQcf#b2lC?Hp6`Z?iN`lKlub zHJ?$Fh!$_x8wbAVl&e&`09Ygw@kAQi@pQHv3-#o8hp;$ANd3K7O8Z=rBr_OPsZu9C ze%J6UcE^mTYq>ff&^wW?^|R7?n_K_$_B@6-2l$h3D3(|UQj^O+N<);tisBrX(;Mdtl-APsZJHEhHc$FH69=%}t zGp-dpB)VpnSa-C0OEk3rxby4xo6y!8aDm5>Mll-R)+AKYi z#N{H@Oy^O~oMRNp^a$TriwkT*bY-EwKjREOG1>hgWm^tY?T zje*V?LBu0p)p2&q4;Smie=+!hS)#K$jjWA=gK{3U^QmqNVXb8SzI%&0Z^l^MTFjS? zB1$GNsSg>SWrYV%WYr}S87lt4^?SAVBYyIDL?{nv5$$WhpKXJhjMv$|OU%i>D(v`M zZ@WX6r5{QKOR1)`dNeupuUyaSH#T7+Oosh-I=d4WU$dzJ7b$Jd-rQ#6(X#$`QauRFYc#{Vh6p4dfkCdnp z2tTPPnmot6*$v493}f_SBGo2iFA>1v)J=p}(Gv~__!P^mc}@FCgs&)-|DZ96=eYp& zJb|0}aU4~;$V1|{_Rdnn0d0z4D)9K5egZA&3T+mo_#%U_0a0CAe!ukYv(9O*vH*g) z%vq~@Yt-IBVHV5bcz)-3uH!-7_{5m8;h(RZHpCeiVKdNz^5%%^NsQdOfHp>>%Ve5f z-`Ah6a2%3w>TrmBKt?)tU z2dbZb@tN(mH;oLX0Rp{P8UJ+tf@y%zDif_+P67|qnYL33Tklh1*Hm2xtpsa~l6Hr4 z?qQ2njj{0?A>)SU=OZoxd_I-3s)JhAvM(u+J0XK}oS)TgbrWx$R8c!( zTU?b_lmyS(XKd$hB#&y>Q+8N|X}%>8ovr5J^yp89obNaY_RT)SUXEU` z>9_R_6}iHcd;vhjPVP^eY4N?C$>r3;f{_qt3?&a@ipP5S=pMghs{>D3s`AgW9OCh| zbgXq2^FZUi`#w4z`Z}@jnPq*{N)1*`U?-(AYksgCpTaA$J?m+L`7#=@Ef*yf$y=LKK}KH3D2SJwaX6FaA9AJQYBz@Q!T`liu8)*6n__WKQxm5~+x4#@ z9Mm-U=rxOBaMitStqZ$;kZQXwwb@lS?%_SkzvHskeX{rV#olEWe(HKpkqqcsw!~d> zf^o&C<49V=)Agvio#O13<#Q)3!Xv+YSrB?SpsO|-aGiC2j`hCkqxfJsiw+r8Kb`G) z1ca{@GT&TD$Jggy#-mY73;q9$FcuK!oY431K)#=P>8I@VX#ffI9#;VxjXYC$n?llp ze%95(Ku*eth9y$7E12KG2<0t2<0*ik9brCV?LMI^(XvePV)_$9+q0R=PJzP)<{9zo z^4wX^Q^ZNgy>2!GH%hx3yF74NQkyY=Ar06FYy)2@9F@q6tCFHzS*i3hIeX%_?I0=M zkwl)~AqqDkdCf309MpeUOSwY}Z69AY_)-ZW-P6!@H~$1tz?WJ?bAH-U)iwX?@-<{N zSXUd?;lb&ZK9jxsfOUP_72KblU`OPsI%k(frFgCxxb7&tg$X8jAo`9WDO-x3B$f6+ z)m_&8azfv!rIYOm+3uk}uCE znK&FIndwVT4ocg8_>1ok4q<@l*pW#$ZLb?MjVLY})C6D$Jeg`y9wmwj7`7QDx z>Oy?=QdUbQY_-HbE$(_=&oWqhtc*eMb9W?%!w&vMt5x|NXrMuj18v|(p{{|=qJO$W z&91(~v_cmk$NBqnEl~H|O1{UNFONHHAeDst**D!V5>|zw=wSG-_^53pU`>>dGtQa_e;xnrG z_)$6X@#KB_L-sMUGTi@R$_tkk&6C0dyIn*c%N4Cb4>J}kFfFO?OPkf$z#BE zyHahNRhqOE&1wbIz1CNg$i0)h>N&Q+kzb7`y@?4Z<32Z@z5Z+gByVYWr=lG&TDWp( z^8~@afGM}w0B)RpOFLk|x5=Y=g_kOSscnXAL^vUoRSUCaj<+3~OAUL)CchaAR*IXd z=yLd(_n}V?1@V{k4v8W(LPHD-sx^`ae!l**3zg!#Yi%D@i}v@(w>2<@a?i|-1#@+2 zYUr1-;!N)^=H&;!67I7QbBZ2u5kr34CkdFvgRgVc@nvwum1&TI-2TE2-@0VMF9jb9 zs*|WHpEQ9Fnt!}sK}Iz6@TPVAS*>5(0r*QVj?`*U$EW~=M+9%Ld9j9=fOYXOwazZN2;6jP127Ke1 z;PHg@0N=)$E-H0cag%QQ2L{m{sEc9*Rx#aQ1CeRtRJ_$s$1*Rr9CLheIS80HuIJ#4 zz8ziNHS5kAW&EZ+M;>Q)f3TQ6{DmI=j=Qg~D^J6ABeW9GXNrb&(t=2!#-&OxYk*r@ zDgc)4S`-+KoXE$_%zpURCP1IlrQ9MDdN8EOafo5K2tSaEb}WJT?LOcv>;V5{{tKb1F98h|4kQr*RKz)bf-#$MM7Ef(yiufoCm ze?p3msB2_Vr{h3MhCc#6Au;Jr&VXn1!$RaQ^i!T99ykLQ={9Iq_v}3)j9JWM7z+GM zG8mk%A!|=>Hi3WX5DOWbDFxnD3=VPRN%d%_nX;Nue1U$fO#1qlC*?+bE`RuS#t_|;ghGJ4{7UGIdsZZHbo zYhg=_@!fgG5O#(!iK5E`oUNXs8*4-jY@Vaq82tEh%OWZh~FYO&e?S$Z#l6h^Mzuxgltkq>(`rfsosjL2qB2jl=`~EB0 zr4qBijK?Bd`_BhRFkn?-UbsQe=7nBX7BBE+t(wD_${2RMT%!^rQM`m6CB1_Ec&d^; zf$23EEw8^O;>>c+_q7(LM~*=3oc&vMB9F-Ab_NUj5@AfYT~GVR#I9@6Id}lch_4lZ z;uCto;Tj#quOE;rxPbWG?*}YuXk<}`Ot34M6M7GZIAz)NyP+U#Am0@asEUg`zNlC) zS&W~iN0KS zdzfP8l!QC5%Tys|i30*cWDYkmYjJRb?i<(5Lk0^$O=~6KNPEH(^i`kI0uY^SiI_}O zE}A|0st+E}4gDH`5P5zgbI3(FUBr5%xRqbF@|X#mA@5^_LhG2bZ&EwbgZP>T7kpd& zM7zA9uQP*@IzLm-ozK;%6tCTww!(z`gL6cao=!m+rQFbNRl}s$7NdPj=w{y?Yet+) zjoTK})p`X^-?0(%Dz#stAet*@xn_S<>YHJIefJtJ^fsb*l~P<66^@{#w3yI4I{X=6 znZ_>s?SdjKqnF}F0=MM*A_mcta-;()jAh2F7qDuWFq9Pin%+pu6&R}f(YWPj@tz71 z0{HSigaz8;<8k!C-rM()BmSn8<#Q0|_G-UWW%qn|jx#t%-Ibuhh1tT(qe~l{yQwrp zUPL?Hd7JGg2XkweEy;J4VO{YN>i69k@ri?-Qm!}N`-5B`_o6WhBXJQ=D?veu($qbd zkRrIa`DIa2M^?69idmDj)7Xp_TtC<$AmCKw>zC2irVkEeo9_zBwuzkm{*m z&M0epgAa02N9;|&2KR#V+zzFEIEpA0RA(j%K$uynKVy{&zLHzx7jr>7s*IIIa}GZg z-g7f0G=En|Fk)R2>9HF6on9Km$M`fEVc2ZW%UM;(drUdACjClUs_)MIO>KwW*udQA zOXw;3k>4!TOq5sn;oQv&{gwvz#UH?BFJT}oi#W5sO@%p|OH4y?t6b31%kJ=F-PiAz zHw%?Eo~%1dLuYGL9R7U%u(j=Hn|M!W8+r!%%#k^Q45jJkGtYbY%RoKU7{K7(0(#e= z>C7uOkKEdudSY|evix8Rx|`ev8nG3=1L5Yw5~{bdN3p)hvRIEOHeANG>-t(sxMBOw zrCrlK8T!cuJoCiBS$IUW#C$UW+CzL)`D5?y(jkRQuB>R7s?rS$$j50^#oo&*!|>bT zZZw-FCh<85d?1VAYh{|uPz|h-O2^Pul$zvL)+viRgHfhbIx1@J!p~TjZXGv%7 z840+KhAHs&V@?37%~_o2ViHlV^_t@*mY6!JZPqZrjbQITO8ad~Z$z+6GQbd==B-0y zIsLaVJ-|&${Bxh;yhj4uXK}AQ=qCLm@p=odQe(x9fqkGO`=X-MifG`sxj|K9onatw zZ$a(n#HRDFqxn9heOM!4PVYzXom@|Z3%RV+f{))LCpLn1S_l8E-Fo3~enL~h4Jnt5 zDDXZbp+~NO$24PIN(KZ9Trd5t?GwbpY7?Q$hcw#4M)~IG#;0(efU2<%$sAJ`(OYt8 zmSF%&=#o3G?i>{Z;wUXR>ri;M@-R(Vs1@6{;fr&9H4g1Z5pexEyCkw}8d_53wZbOULj>pBcC3Q*;A{$NTB@5^x> zsUm`xm>$uUn9}SkqL{%)5`14AWzTdg!1ai=o+pW9OF%aXy^#Pbc0^rnwVeAyN z8-1+kr%YjaV9jO2x9{etjDPWp#J!uu2FCEDi(pb8STL~VKN-2G)YVoKD>h%rQDMjC z(&r3yi3u(9Sjnmre#SfQg|uwtuVu@~%sg@1O9chkZay3>9Mp|O|F#IlG`dkB$R=R? zwX49Esphg34F|7{>GF2rkrw#DQts{Hi?d6cOU`cK0x8ketu31Gv6yGwh6&fOKNx4S zJq?kj)~HCiYt5eS`+Mu72aIobJ+GjrLBZ0F!X#56!OK~&B_Tw1A1dOJMz==+oGRV3 z%84a@YW`}$^PPl}y3kuVsS}uh?Wf1F(UGYn9>y=n5g8jxfw>etkrXaoz}ZXnFpeYE zG7+<$4Z29;AnfB)F)Jw}HX#N0fI&bCY~@?~5tguXhK-EWQVz*f-vixqhUYGk^?gs@ z=w)30F-3?@zBcJ*t`$Qn+POXhZ-jh8dSeiBmAAQe)mRi8V%o(@#H#wi(JQ)qCHniA z@-AxdW)F5gQ(m&&%FPp>lZ!^(4VxxuAAr3sY!cdg=7G- z`R;^C@5zkP@61mfSOIzxtVilUkx7UGCmqcqL1yVuvQr_Ki%Am$*6SDK_!dFb4Uj zRr)fURVtpb4}6v2XtNq4;{GK#mZbX~la~Tew0z#D0|FLw=B0BkLaemdeR#FA<&i`v zvv+dH&Ol_pT(`>Mj2vt;`YztQ`$df1s-PqE9@#R;svKs|mo9BYeo)S~Qs;lO=9KFe z2c5`JL*8A1H3a?8R`wk0u#2dCLXcJzGATuJfN@(B+&w9( z-28ki*qIiVuB&NKj|}3i(KLrHy1V3lI@_lb`KNH@b7==yr$WrHm4^L&*tMtL6e?22 zjpDg@VoY(&rCM~hHa;MU7IGxeEK_VoqYTjd6iphRMx#3IStJdJ7Mrhf%xS1y^>W!& zP{GPb(|nU0*IzHyF`x^ampR9yS^TT0Ysi4-jbY&*pu5l)&QNl zo(sr1o$GHjjIOa_C2V^*IBf=W zC`omi19NhRy?R%Xu2mh7s5V@>2*-`tIuz*3E-WlQFl&5A+*a;DF8bd@&h~xml?EL_ zP1*t=53>I|h4<&9CQ*4k6@Fur;rZ&J z-5!R}A!cF3sT_bIlQS~BW zud7k#d9aFpcCNmQ_ezAKIiE)6@}zsd!%VMDXA-LsTZLud;7X>2|Gw{4fOAZOB#Ns_ zy0V9hx?X$#w{g@p?g7}fr6ks{q-y%sH_O`U{;m#UK9sj z?Z6&GfZsq$Wh2iH&}fsB>Q+KtQN^H7GtUuN?1`l19=<`3zS`)zm5o5rl6UXfil|V& zef#tqFG`cCy4TrvGeT0<@UOPGvFKklS0#qh-Vz zssQX_<>59}Zefdj7BUFI{O7*}^l&XTn~YHq)J^VTcFr``8|V_eCzdqmw=&lv3NMRm zmg*x5rd0|!e%#v<9+BTT#hYd8JK=KPb1z|(Ka(G2@s*a+*IZ{rD76hl5J1t@quN^F zmOo0&-?z?=T8&}*p&uE@`Qxg!W`;F}Qntuqhgwy_!mrA~N?Bn9ePm?KU5l6pT&DNm z8a=rd{X9`Pxtl%AnDf9K1_oD?+y)VG%DnbVz>t)hA{qgO*wfj%?J2_9)T>#sS44MbQIuV|` zcbs3B{Fhwy*kbb|wTT0iN;((6k8rbm`g(f38h$1r-IZS#(~brZBHbm_ru{#w7GSRT zT#B`B_3~GYf;$~vVb`Uet|1V#bq`yiyguQ&8X(_^F?pJ}Ej{F_WUGm&WNSQh!<{!Z>Pwv(5JyqM1W$0rav7&4mzJ;M(2?qHFS-poF~A_EiL5$(#-@_fli zXn3LFd8&cc8{d@mZIE$yAuhLDbu!UqXv4v1q*SbTb@}&0aDqY5>DkCHI;?b)^LMgC zC1<{$$rFKaGr^nedcDn7?sOQ2T!26#!=B8LKfoeZPlqZ7rS8NSb*`Zrwoz%j%(jET<85} zT8@{TRFMz<%pqY!F8q3@_s*^_WUG0&eDwMh`{XUGH6qxo@exn%Ep=+$5IlKwO{caM z=2GXAzkh$s9>~XZ$Sx)6;352M&`aX$Or3g*AVSeJE;3J}k% z3oL|Q_kHJs#bC%~2uPRnZ$$|RwT`VVi^&V#FmZDV;;H|vB^CM#yfizgTbOU8i*3EW z*mA$CV0jZ(mHKAt>qnR^1LP`qYi<3hH)U-biF1oO4qY~$m|W3kw9GPd!HyW=-~ zM?Xju)9uQdC_ScVBj-*9Bm@miAo_F6{K*k(W3blmOCbC5>=N_-|A&vg zkhcy)$WN=cS626x_316s71jOcHwxUE*}Wl5GitAH+JZE|sha6=C(m6iZNM58O9302 zQ}uin5q0b}80QrYka|a=2^(E>M4-aAr?8i+b^DeC@V4)B_LS{ko_XolQB)TB^=TKi zf5T3QK4!Bf*$}+`aqn2&m#R#hm)Fa6{F2~WL8gW@!RF>uLvYehuDk4k+^()Y!-sTL z4_m^Nu@}jzrUm)N`SK<@B+Cg@24q`8$i;BTC(zXu1I$G-wp9godwdvUzFRjHI<6(f zHUNE|TrBcEik&h39^FZ3K-}gt^~0oS4GyYk8#?UjnS3#~kP0g`P8L@Mr-DgDMo#kV z0w4Ja-~scNhKvIiB#x|pVVr>`9G;{JAJ!K6_r@-+oWEj`lE(^vo}&v^M4{$5`(l23)7^ar@rcN=KzL!ooo#Sq@u zf7T8+D>gTEALcPU=b`k>oG$sJ8!IDKBeh87aGXoR!IzRym)XadjisNZLLGloL2y+~ z`AF=+MDeSQ>M&z(ncao!o1WxIB#fN8Q3Z{)@W-&lJu|;)fcf0zX1>_mnR=l6IYi+2 z15@Zf!d`QMZ*a0(Kx3Ga}>L+z+Fd0Jcs50--XCu$d>=Wd^o063_zc6?@QL#Us z)a9@MO@)NN%;$a;p=9kg;c3j@RsKn(|CKJKBU03sO`Ov+JDP${ot73I@qWzZ#1lz| z4d!|-Mx-!Uk~Y$<#BpjR^|qWLOF?H46j($*bDyuUdR_Xz$odPnsJpOh7^YLCyQP%w zZX~5aknS$&9+2)vq=yFSlpaMIgpux!p=+pt!FR6vdG7CfkK^Sp7}oEMz0bYYI*%>y zUnLDMN!_7|)-TnX&A%3uM;CwpKR;PnVkY$jYI)=?7ZkpSAHjeX!Ql8k10)Fcu$JGz zlminIW$WjiYn{iPsJ6F-0_k054dYYlv^kMsA5oB$(vq9V=y~!l;xP3-=s%Mt0Hr9Bhz!TaCi=4Wo4pYx{DS(7m}c4r^G)D5~^wlZv-TEUpv&7N7gW4DJ65 zUSt>|JZLpPo~!{Jest|l=bU}1WNbKzsXWT=U*w7;&-KHW>w4O&PND%Kx9gEBq42->91%-xwtI2vE~murG@d(dkF9%m*B z>0M_0^HpB{!xbx{lKqjI7Dnn3!sA?++>-2IbhNP zDjTs&gpwZoptFN(G|W+ zrRJ5f!~*s*U7}pwHDa2m1b^f_Zpoi_N=5=AT|MV)!IM=c+Ts}kXcPt#+v3jB!i${5 zuLME_tly!*CCM#5bBQBDg{ZiHRpSV16EkXGY~uB5{6cYr6VsY8Y26tsH12=OX5b^t zZt6LKoK;{1Zwvu5A`!KZ_dI+cqTOCvzyfP|vX?XjM;#5^{fNq3N^#=9#olAmJA#IOCt?pO{2 z+gzW^CS^Ac6+jg_h$ru>)99R`m3^M`Nv(sqD#^#50Bfu52d}&H>bhZ;X8w1Fmh5Y4iu<>nAHR2jDi1p35$<#^{2UhiFr9pMmP{UXN7uKpw6XMX zV`Nkm)^X+h^mNnm47&IyP~6q4WoGi}Q~sZWLtTSiafJC>8ofp|R>GN%DH>d@58uq( zcbq*e@HF|YV+*#&t=LouP?@2z0YkCoG?i;}>#z$slyHs+)1gf%9MDm5d*nUgyGb8ulzRR6fahP;&STA{NP+!WS7aKC1Km9rRH5@1P0=GM7rz6*F ziifB10&p|e=RXC1%3t3scy@YXGcphBfd3xLb)asv-*;&&3Vrr@N(s7|&u?tWxo@6c z<&-by9Pve*(^J0{e5$CYUNknu&t0W?osOcFXB^))Y2*8y4>}wRKm+ODdnRfZ3_P1@ zfU+$X^Die5z7@sRDJbyXn-k&h9rf&UXpO`#xEOFRt#4Op-vh&}5I4}((FV~5>&b75 zX_gof6bp|>n9D-tX<+W2b3Yr8-|o~3!u3{8oDL^$Hw0`^?!P`B1!1jz4fTF%I5U;RO72kjh4Q^<%>SKY`(pV?J&es(-KQSh zV<6_eeEu)5dxCjDtd(C5|8(p1(fG3;^#4IvbttB^*2m$l`8;1e?x*dlX&3BBOkXHK zVqXYXqF>Sp<)(2cPj#t2SL-t9*1$|boTMB&czZR+SwoS?zYUDZct(`x=(@59+}U&M z7rw*32tIa92BFB~f_Y?{DfR(F@}ilyi?)>*%yQ#>*7mmw#rSTFVsVn33tG%}*+{EI zynT+SUKrrUHwD~HEYVi1M&D|#4c{r$>-9Llt?6Mw;=oqDV4DXcCQ7M%icWK^Q7dk= zK0q^|dr$hu7%rDcWu1eYr&l7^pI>(TbMDg)n*AC78wEEg_`Wm%?$`UY5Hq+Qb%#Ym zEzYkpw0|!C8w}f=Khp|BPu4Gc!&9el7i}JdA%3q!dXD92GjjF35{uVD+NF)sVi@ER^5#tAA>)!yo}7k%#Xu$YHM7 zxvX&Js9P?1Wh&%uUIz6y#@C14f`7!+zjj&uP z04c-(o+Czy{6z*S<0w8y(OE2!(SEjPB-z6-Z)mJTV_TeUEri@NLQhN)ZyoagAPn!H z+@VB0-}79m2~_c()kx68>}=-68BNseIh*QHEXIAKp{v${(->$ERd}i&^yNX;9FX`m zlJwt0A@A8eL9TWow0r3XJq($mmgsZk$u{L{&1u!tX_%zfE1apy8-}iP4>@Eyb!!oS zqJreiws}oLyCkXcz$fHBZ{Ym8EagI#A7##f>Eu2zl#A9qFT6vCut8F%?16rk_~@rVGq zr;Tz9r+*KN=9pNrW07OXd1enSdu&>n(>keiA0^|8HMGQT;kP(;{xyJ-NMt8o`|+21 zTd67K4U35?f3i0J68-3C^copU*nC@cv7F2oVHON;!Fq){ZK5VXIX(WTmcHu%>=M-^ zOIF=NF&d4g=rWFB&36dG8;G_h0-#gUksh0^B<;*l&zSsk)@UWLvtCw$sh?`jV{)$N zjXs8Lsrt!1rN%|!OMlPPQ@(|+)P+Ps4b%Uo1pzE~qG8j7^TOJeHT|q%$hyl@5F|nX zD@p0PS$qR+l?polwjO)08N3q-W#F2jA;f^&Z>7o0fIAMib16r9r|_q`5_c;XNOzQz z{DE<14ia+>9F93%(y<53A4s< z7hgl7RXVOb^Y&LUD|UK$A#d6|!tEJ#znXD4E_l|-#;kkz^5VH%x`|Q7bWh64t>CL2M(XC zBjFlqSH5lSl(LI4H?a5{W|B*DIygTbI})Cs0nhMT%@uT&jdE2_59Rx=XXSAsf~vWG zR_l#U(y;zC3(?Lcg~6*8A&1Xe{`Xn%w^i<5kdZ6DCt0?a*(g6+iBP|bjgheWr^bTy z4ewez$o(KEICW({zE}a(FVy`F#2@%{J4UXI0T;jXUb6Y&Z)u4y4~jH2#)d{h%^!BK zxN462W=j}$Bdndp-zJ>kw#$eecB?lgn$cD#{x^%1vA_fxDykCn4pz5LBQ0c46(h$% zsVEAq?@WoDC-Iz%(6pg-ezM`lT@Bv61#9RfHs)S;1v!#t0W6uw`wiTF^>uRmS#7ni z31Tp4{v6=Va^PQmKbc(X^=~?+gD6U<+cV&07(JqI8$HG({N=G)O$Gqv|- z8pEV7_Zvv4DmePnJ7j9}x-R~x*V#rT7PUg~2axG`k@!qaJ}s<7JGT5skz^q3PCCh^ zQbmSjM5_H0;6}g{BjxF|tSl1nmPB4Axl*Co+z-u7A{-uVzCz0wRNZzbO7H!LC-|$q z^)DS-&~yyKaFGphxj{h{UgdK9m$#~;rCb6vrUMpx;UrvRcZJ`nj-vN{6kwnou`hFb z7X;+;_*z7Y_O2II$`4nfgLiM`Jd2((+}XYM7<(&lyO4EuD)Y$hrAqAAjnF-kIgae* zO7$Nl4m{TJ#h(QOj_ccJV2jTB+exHkSHWOoiDu(?>6xC zhV%W#5D0#MlCP(}m<(FF^OD+I*1m~&3@m<&L7uBcL83^n@sHvzaDnk(nLiWaf)Xo# zhP)8kj=$S$)BI`U*S=t~wCGsc-S>lsjYBMigQX2Je5b@CyG+dAIcryQWKGk3W*?QF zXZZWGTNF(hkIe*X%`NVKgZt`C&TxP>=DC4lNgp9jdIG@s2+uaUG(`Tr$t73gs;wa{ z=8{2-pIbPU+rld@q)t@~PA>x$^Loe}A(E$QeYa;z25a$`xYBY^o-}rYf@N!mjO`lyljhECeMp2IT_u|Da9K@0l(0LyK8r^ zSQ4P7?k(m2e#BbRmkN$BqW8@}_em7)#A0sm<9Pc%f+)nQ;z==l-emT3OZiIf4_zeq zH4Wz9kbK#jPqhYq1aUuw=vo3fsMb)RdOgFeqf%q`yv`arc(>j~dbzmDL#V#NRz3!z@JyzU5a=3X>iXBxez_Cawb?t zdJKF){pX5)QxOq=^9az0VP;xg7oWku7HMhr$*s9{e1;B6R7Zmx6<-aJjka$;BxLTA z87%1SBqIO!(m981AT!rnri=v7sJM{@dbNNC!<7u)K_^^Fo1XVx(~6F4F=~mKi=8LS z$S!pdc!;@xyz@oEhaf5Xw1G>Y_U*B3}1Sms*)k9Tjep`#Vpk|1`n zA*;aPOQIb?BqyetHm)s%ij`KN^Yv{V>M(G<$q$rN1N520o5TI>Quj9TeUdG4uo3+= z+1pC+S1Z1lQb4-HML^SU9F^zL3hxkbF=1 zuchv?*{c~BiEeIuAdi&BxjrvqTBo*c zr)5q-ORRA9%9BBFe>Ya@%RD15zfvKqnB~ipfNYj7gJ$)he^t_w7S)8>w zt#o9EJypSL5K-BwLo(Ar2YcLe)AJf4;VMV^J;vYlW-2!sS7w6UIyWlHAoB3IR7@ay zFv=dD{xQ5&J}x?8N&OQe*=LrNGX&RPLwwLvsD$2!>A)o#pvb33-QcwRGHbixisfyLx|79NBppcg7v znglb|ey;rzG4*?SsNK~zM5uSAP6)&E<=8m(-SNhuE#3Now|_bk*0Gbd1}qxQv@hUlQdwHNV|LU53_ zuCu{f(M#hv>ocU~*yI|&$A1daS<*9+P3p;ksy*M-YBgRL)m$%WhaL?Pz-9)hJWF*3 z>Xv&=1qc@aiZzQl#un3QUr1H=^%o~nX1u_xwOOQXjGrd6Ng+}hA{tldMAVBWUGKjv zDwMvTx_&yXyf5lLxShhjKw)03D$Fl7Hpb!^KDccBu+4b+9OS^3-xw3To&IH+qHlL# zVDh>AGbHMOLeu}nIN}$ph+i+^84T*sb`FZO^o;W?nYBB0fnfWSFPl{WU*==czj|}C2flrzs_ul-M@u=@3)K_~SkWx!5 zbfi(xubg@VX0c!_o<)_D3*nZegQA^wNC~9VQ3jxi2SP`jU%BmGO-et)K^24Eay}*E zB9v(?9!TWcsq4lI#6;i9lrD}k%-es;s>T42KSlAI^XJ)nAJ{v93zmBak zsIn&?{@b|B`yJ3z94`AQvYtHFJ*yX!e`4 z;k|)>b5A{dr2RTlLk{u3DqY5NPWA06V5atKKP#&ab^8y=UEx8^|K$Rtyd6S+@x_z_ z{o?BK=)CoPC>Uu?l$9|Q4HJ@+xu_W9dKC5P+>Dj>pf(GT`P^zI5%(XY1#eV#&3^gS zS36NhsOY@D-IGNz&CwPgosl-L5;Z|md?nA6rcRPG6{+QwRhz&L_YC1KNufYPhE8lN z?~qoY`|7vMRT_MgFU|T%93ByPd?_l1rlZU|V$5&HC?@7X5&5?LgE^ap>N!P0ln|#X zUnKIU_THIt)US62*Gn-E@b%PupIQ&5IWEu9?WNLTlfk-*!vgd#Nk6{vxg9r zINo4f9^iodkQTVjgCHUtUXEJtm3S%HKn^4IAS?toG$T8W?}Zpl$TV~KUO{d4{KoRY zJSmMh%)ctjzmjXy^Xcg3`Cu_gx?D5>$SkR3x! znM~J0gts?ijVA>;{*rf)Q2!>QuGmbqK5;g(Q=G4c7-f4h;sJPRGA@Zp@@Xz%lwgP| z65;Ahk%eJ29F*Ilovo!`igTH*VS-9 znvl7$C-8r%FDtns{PPi^9iyAKC>>7u(*h|3eVb2Y7J_ex+4!ulpV#5*HjXAsYz%@g zroOI;sA$NPiu=Dfe*yfM3hFB};d4QO$C>53k$(XoYA8*aJmCZ7(tL)l90(~!g#d+h zp?E^Jn$EJOHvp?j*+JV)cCLh60VLTZ45ARlwA&ode#YCuDT$!dbT#{HXFa}c=fY)< z3?o%k&*lD@p|pVpEBPc*7>We{L?GCp%_E2TQ#_NK87#(9()Z!qYLdiq*-N*Q7wH2U z{Jk-TVFeBh{WCXj7RsDhXu)iSXHte2hcfv}1_}MQsF%KBgrcB#w5{eX#Y66)0YFNX z#S0-c73urYTxFpHzAFrLWLs0kCY(>Y!IMlr z(9FHPYCLV-@yl(B{tI9)$nC2zD$KXf4>~+SE;3PyT7~Z+b2wdTW_Vtr0;*b_HKH${ zLg1G|#|HNJ-H3px!Sg@#ybt>}O6tD}eE|$M{OLe+Cvuo_3gH$D-DCXnKO_IJC&y{r+)@?8069!lxVPl+;CDcZbp0vW zN8X}Q93R3PK7gBjSnk74q^3p%B_2}{rJue5Ge>dNU}fWbWomTeP|Ja$=BCgX9F4vJ zv{SX0-U)G%RoV$Ti2y}|7*VM z{|AuQ8A)~js%WU0CkJZ4IPnuxT{xq955BlYj-|lxbK81yNjsKg^C(^xhy3{KH=igT zvA&Ln2J0GlY{iFDv2B3%*0r2r^GGay-8bIxOZ&Vs)`x!gh<;Bm3!>>rG=%+DBfuVL z_`EERA%9CT*mKF}X%M6RQ67vx%vEtDc)s#M8E#!bg?1f(3)j~L(!cMyV$C!cR_Xh= ziZRE@WRLr#JMcb?`Q&8%inRmv+G{7(^G6fGGgOrA@)dnT zXWG~P{t6U!S^tAKABb!M+}M8apSmF$ynVcWbU>v^0}~f+pX)(vKH>f&G?Oe<*1R-- za!F@}(J*XXCKF|I!1`1)1C5VuURvQ^6bo}-j_ zoy3mW3H>e6RF(tbE%eMy+m7C!6QUu+B8}K@N^hr%6(K*$?hkl868@b7j&J)3*Ak3~ zL8)TToH&M%ms9C8RF{BaovlFVcG2p~yr!gE0m!gmoK~y-RYK(Ci zdor7|a2rDoucBQ{j)$I6yUzcC#STLcpJq?3gHLbX#=q(qx#<_^3BJoYEMRjDqQ!`i zB~WU&r^Br5yK2xZoE|vomJlT*-0^@=*z=KxPGMmXt3Uk}waofk8+XKbmv0@rC`Y4u z86c?++3!J%Qv1vKj4{_h>TR7?Kr|zgq%pPdqR-6c1$TIQ?6eN zvA&0X(eb>F#iw#np9|Ul(v2fg7b$u&a#hfFA%pE`17d`lYYkEb-p%`3G@kY4Ci7^j zWwf=uRQg;Od)V53BVq6$0tp|mO7nRPcKOQ?rVehpF6ET%@VHr{!DEh%PYX0wBj zesaEuZH-j)$WUT3-ak{ZL#%TKV@iUpc2f`fL(q(9wssV#i;bW%m)`7S=Z~1jWA<3U zM{=kFsN^*$4t0}#ILRl{hLt}OIfpZ^?3w*sEIjDbT~mz##7A2BkjIwfP{KaH>H9?U zPv_ULB9raK2#Iq77b=q}rer=6bYcBo{5;2XOKy|hR^mb<&i>md^d#G}udAl-=*iz_ z;C4b8JLSF-^xum86`#TCIuT#<;**PK;3+&Z&ixCoNB9`YKn!k%f7x^VVCL=`7t3ha4*KnOk6oPVlX%+ceznW^KLFwFW zEbLlHpkm0r=efe}U%K%I0r}xhJ|){Db4AzriEriRS~98AO9LWUhP<8j2}#44Q^96; zglE4A97RkM>uY0W(!m#}db?va()EyMl&1`!MUr2N1ay^qC)h)V8KV3qnk)>VwBvq$ znl+2eEl~VF(eR~Njbdd*F<7lQT&1HBpNMWthl!_!s_91LGHo=C%1gQtQ7BQVG`Vm; zQRfz)c9i|GUf>Ct7aeja&&9k2-w3+7d|PDlJs^6xS)M1 zsM~!_1{CTd^0yXVzLBxJ`pGU2D*gOkUb)G<1xO#>Re6Zuq?uGI*zmUuqvPQ+Dczf` z`WB2*58oRu{8Zw_S&12NEj#|9w(xr(Q0VU}4YH!@yYEjyZWr+9TxR%#h?5h1Fqvy6 zi2X&yeO<|aS!gAW5q#1f1xWo3+$@ro2e~L?!-kG8S((iQcDrCXNg5V=_|q2Fr(i$? zfLYh_Du)2J?+%}zv2gE`06IPD|7Q(-Mc72PJ;J`KL&*C4w~o+*wVlJ#x<1bn<0%Nu zuN6ZSMm0RaAq@S^{fSh}^l#)WCt@VinM^@W->Wpi`pG0-L8gf0)QNiN=W_LtcbXl| z+Pg&XUszWKrGwraBR@H9+5ve)AlV`MvHC?s)i^P(BZb-+Mijq?+{35gMt>*uA^^?elch6XmCbl4 zB?1a$di}DRrDBu9j*1x4pNA|ij`~nZ{!fmSzYEMQ>oE#fFLe{-V8|$3_`84kTJQ5O ze~hp7LAQ-(;c)mMZ;G$mt>{oeVf_7hwi^SC9yye2!Pg?_noqCpjG-oQ|4 zg?m#dMX4*Db!-nY+;VNC&GAGAmnt~FQQsP`sak1!ZV9vsU!Y7|Qul_28w%KMMUg=# zzCL%29gGge&7V*J@lo^2*Y|oDQjtNuL1y=@Mm8E=Y_1^BgEyMK<^KZ) zD>PpPv6capQLbG4;loK-uuXIUz@yZZJBND6B%#p-3bY7nG!%q>=x^Bm0?5H{sTZ(; z-;y@EXw9O-7aoGR`2AFvB|QY_Jftk2bNfBO-6}6TJbci6N%)c0hbs3Mt4*ZoykqJA z@y-#FKAFi1;Tu`3SkWP*L{49^-(_tJUsw(Q?9BDkPt=-wFfF>XZs06LEIcePKtj3} z_&Bvo$cYWX{6$en0mKY%Dr5D8AP%XkKLI*5iU( z)ug|4r_tdL+qq0%4|3pEYg<)wfCDRCb_MQ;bv0Wu#w%p!h-!tJ`R1D@I3)&L~p8) zgsGNn4u|#aP||4$Ys%%mU?pZL3@ltWff%P~_G%~iCl*@qag!$De{DWT z-7=~~VL$UN#)bpZ1^e#vSG!jC8?>6B_gw1Ytl!cK$ zgC@}6*6qPTe}J1EwTAx1v|oK$=H9HO6v$1}*qlC9eF0ybg~<^^nec+Ia!6oju*syW z2lvko8sOB0`3qk{D0Scez!YL8E5o}zKcr=rw z08(R}SKHEhEN<7E;lGlPrJsgn@0RlNk_RZ14tWxdU|X%?!Lvjmhr@a-vC)mkQ^-@c z0&ZrfDivwAzZHNM80zl)(kMSnO6CZCNJ=bzjrT>=%4w%d5_2-4HK;`kgN#>g4EhnKsQ2(YMAO zEMAr0u|Y&8Px9VCL1?LLxgC+ELiI!Cy1z+qoa9u#O%3B|$ z*06vUQn8G$)e0s)>~{TB)%TGHrEuIV27IS|J5@ety`#aG6{=^7l^8*K(Pi5 zd(-{M&?h%`^)~6-x%nvS*VQqykrE5iGk*#KSL!QUa+FsHLswHdZ)myoMg9H0a|P3c znb1oCJE4;B&8X0;)^Lqq04tvl_IWMX@Fcv4rwc^1amST;UTUVT5*(n$1RycuEq7;i zCG4-@8tC0w_`AXnYKGRbM*Yzw3(XBJ9VKyim$?^0Eu&9$k+bi*8y9l{F?WU1_dCCG z={@iuY*KO{D|2#rP@`7TTKCM`DBo58#_os2SU@n$`&T2ajVtWXpzua_@g`860YX@`I<(*M(h9W~PZe47+5rKTO5s+moSwLc$h>_YWaKLoeZdwn&DL?sEME^PALP_N)`QNB&a*erpn5Td z#h9qJXYJLZoTadzVS5KRk~fn-rrKs_cwR|*WLDr7<{nP8g#_H*JoefkGisDs@)@EL@SU_Ije#`n}yNw|rz?I3xOV=n(maN$k z8eW?gO)(|>+nmvh2(g$Cid%aYAL&#<_NjRlTr=!4WR8|#{^tNo=7Wk&@>cGE*X7_V z#q$C-X@m;QEad&4I40Kfku+&G5!bnQc%(fuaWp!=m`PKy;!I;QV-o~3GHiQ$z6l(Y zQ#S1HYhX|edD5@(5t7L+OPx=QjF$PqyzAL@PksS6gNhbsU4ijuhDIMvAtLsst?O7a z`P~Lzv46EwKqpF?#iI&3q5*L392bp0$Vjk~s!K-?VtD~>1;}DpNcG+Y^(z=({ms_2 zI5aqkRFu>U-GHy)5fSl;b)2!| z3xkA7968V(!QKecjF!h&VXWCN1Enloz&Y}CwuRnz$LUsR@M<2_wWzp(-2D}|LL}>P z6IHeN)^%?A7`8^yvhw$y*wush@THk0y)w|()ys~nM7BHmwI9SQ_(7kL?Cv{xiq&QK z9%hdzabHf$OFFt^Dv2z1$CV-h!Umz~cM-BO#F%)eYZ2qE+ajE@AdN=7oi{=&n6RTc z-_mmro&_%ygp)-$H62}e%2%ybZG~aoHg&P(Vm@LiyB+TKTQ=WJJGaU5*q%>3cFHSpUbIlmE1`l&v;Zk zh||1@8P?}-9{7Sa5^$n46al#HD%q@U zQFoN>)m>HSXkHc!!7mX|i~+NyLq2#TCJS^vUmj2%ZR~Y zJy+Q$y72Y8^!@nweN3>BjR@djm+wmKFo!LKe(*wQddlzrV)g+KPSP@>7nha6kWpZ7 zFNXwwv$gq!R+blvYRQuR=5ytr$vIS#uj6<-?^!;x=e4WLyn;)jG0ewR`A-OPq(2#_ zQL4;7kx8jh%QqFMkoRt^SlPPAAeBW-1v)7&X#p)Xu=Jz@{bzE;g1y?kMwdcFD5j%) zul*F~$mkP@W79_ieWL&Fq`cikMzud3LaEY_fA=G(C9Tq_faU0Zl$Lxb_z$g3qk8^G zC0)$+(%KQ(5;6j9UFrhAVWda|Lv7+Yn=10-63!b4rVInp>-v70>FsvQj7q zM_JjwgU%IcddUKc?M_sV{-cU3k1na%{taWYdp8BuE+e2Nn|I;)Yr;S zmX^b*+|7eoXdL;!VQ>o}IS=pT?gOvoE?yAM2wf}uDDLBTqr2aqolOP(+q?08LVki@ zLI%dv@CwnxqL0nZju5A`NC3;sa`4W;-Jv&HjIZL`8)mS_aDZO%SA3XNnPrbWC>0a` zbhHLc?*JWe_@J)PV(-q$djI|Y zz>H?Y;h$AnCfv|qW%FrzOHX=Y;@L_APKHr^r4o_EEP_XtxHjhn!YNqyr5ZW^v%N_^z|VmHEUyJ1noz$p@I6P z1df@<*5O^i|8fDsfyk|h)h(Myu;`{Qm|5d7df#Hkdm>L#+BwpIv+)hQbaH<_ZCA(%?M@9xIi0@sug zG9+{eTmL}!)5|llB?un&@Uj3O5AbW=YLtaHl3ur~^*Ygt_M8%#oR#7NEnLjO7upEH zOnjsg@yqs^SGg$SD?kT|48BakV3l40G!oNsA8fHg{vvsrhl2!!R?XrmtxserpSPefzJ2kz4RL!h?0vECci2>NKoN!?rUgyW z@@8`gz4@>!<$;$NY_v8qIM|j;f{SII5J9%@=f*FQp!UwznPb%y2Qw}j6+;f`ND|vO ztT&1v&Mst29%wO`|FjnsZlsq`UXfn=<*F_ODDy+7sT;qfo0;;bVd<8-Ot>|nfWPUA zIX)Zl&JcO&>os(~uIjcaglE=jB1O1pk-*tUh=1lQDW(;ylTukp-4r+7z({JM7^taE zHj!#dYMg%-`BVF)Cl})!iqan}scQx#Dz^Xm9RGDg==Ag$X6lrjHwd1YP0_s`3EKSl zF|@h<%^Vhk_Q~?hl*_Ih$R>M*r!XcZkt3fRdNPUue=z&_@u`mG&$);{dB9v zahqtP)Cn)8HqEo=z8&9OU?mf%GT0yUc#^$N2-b$jXebOZT%Qs3Z@qocM-?w+-a}~` z4+q2|1I^woSD`hOOv0U!8^10H6+o3}`&EyJbU?C@Bx0aNAswuXKzvRY`ZyUsQK80Q zT6Mo|>>H%@ah|)#W(Db2u^nXbc_h&UbhO>s7q;B}Zvyvma~?m0W1|1+Z$-{t*r77d z&z%0~A3eoMcfWoYMH{7r37?o8_wkB@Y?y{aAMVdELe^a&fgf7~mk;h|hMz*IaXb5F zdIK6wk=b*0b>qIV0SMs?xmUnESs6bxEBL*A`|O&M{)Tq(>^v#aF} zPxGHSvZ!G-#`Axu02MKsBm&t4WLF6H^k7^LMKQ6!JK;vgQnnMVR zrt9)GwF@t?!>iKQyLoOXaPg;!CX|tSSs6g;eqi>;Ldd_u7BJm0}@@uc1Vto@PDuYEdkaKmVNQb3?%guck3-?5G9 zI;o&HXXeDM4@+oFB_HG=4+%km`1iZD^=C2K=%mLYE+r_ZEBItEjiSWj#)IQN1(5MG zrC^NA!TIh#aYZILD?S=*UHPw#qgd(5=V=+Lf911^cA!x)<4ux zck!x8!XDATm|8!e-RWGw;(;RrTXXS^xgXYl*OFxW!j3CyXD9Z*uid9#m`+J^i6`iOeq~vL?*JL@JFEEfQ9``GYbq;oKCKo_+KVl-Ot}681mZNN*I4l zeudu8sCV!zYMH*JQxd(n?(7P+Sfb1a)#dKoh1L`vDZ6fS$Uj469FO`EB2+Sw_P(#; z&oy%6!DzFjz7u}`M8cfCpN$Sr5SQSn=RZ!@1zUQB)#9VVa!FppkE6jn?X%Z)^BHR& zE!_g*T3l_g+T&1nipU0yXl2T1Z{L6$XWASfIoVr0eSCSZrF%nl*ZGLTaZ*h%;uEGmh53;O4Ul~I-lde;$^SU zfEdX_ly&n2XW9ZWc*x3Y{HK_zZxU5Bcm3(v=zO>4g{55N_cCmTRpJwW{?^QRwF-f< z4h$Q^oCryO zc|^+@*`?;fj5d2Ya!6d8j88h0gnXu8q~UYM@b>o{l2~h%=bu#CWo@u8;7Zc}K|7do z7WZ*o>U?D%r=vu9faRLpO`$>`!p76Lc&WJA#{v2k5BLG-x{rqj3qf)!+p~8pDl{zU zsx7jGsGt%I9P!8=9b?Sh-|daS7wD=H>hv&Dwg>=O{ygjnFb4ADU#EcRGDB+#Wn~CL zRn8#d;Q*nrO+&?GtYjl1IS_J`+R4dz2NrBLrX0ArE)_j!BvFxTrK}LV77~iBQ{fx@ z@Ow~`M9b-h3Ay{}xW4Ha}&-3{Eh<e=}Jg-?(h-Q;u`nE+UMhKa;+>VfFfHg_4fLX4)q3jp>Kx8`2NKtVx&5;T-4$ zdxvWN@+JM9IX`KkJAT*Q{+FToUco3o(_gpLBR3oGnPdNTBF2_E_4bq1_|{cXz)Fx6 zm}GIxUn#Xg+#^Vv;Vgux5BIEh2 zyI2>J2&E!5dY%a29YEGIx0oKh=BYACRvdTg`R#+_B)zY)Fk^R!2~f7cg?WiWCfap# zwD(}Aw(a4`;V&r_dz5b+JVF6w1igZ-9WPtAq__ZTuHb*N`45>7@T31p>m*uh-WLy6 z;e^^w1=SOWp2Y3EYs`GVXvA1ZJ#VUsaE05_GDxk5+zSFN`b4e1v)49o@1C>@ix}RX zx*>hrT_M4Ot4DYi)oEeEO7==Q6&*Z>;(^8W$R!sXt^W^GXTcO#7p!aCg9Ud8PH=Y^ zBsc_j3l`j+!QF$q1b2rZ0fGhs44&Zb&R_!rcfNDat-7^;z*J4|)oXY6+s_MEG7$#+ zQV?+6T_x+@@sX04`usiEs8g1zBU@u$>xGu@hgu@HMI0Rn2WS6iA6jTWP>=Q%q|Vze z-M{-bcN#1LO*eh?CzbNM=Co3fLi4wO|;KMsn1M61@@@4{p=)Jma$xTV}?}3 zYmpynLyCT>j$08*6pB+=q%B6@jL2i$Za>=`{FOqCfmN+BO(U6EH_cGD06Sa#E=e94 zgr?BEM)NhHhV3|k<%qFUH_iggTaWO>y?rHmiL_hD+JRrmH`FrVb0jv(?Up5OBTeh- zZ|dl5c-s%%^h+hwGw)k3TV)li>?#(5%ve)_PszVO18sjk&q~Oir8VKg;%9p*n_N=8 zCk3@E-n5JL-(dL!W7zxP>S(?K^uB!CC0$jl@#145Sbb?n-%{84WVCB_R!@w_lY`5O z2bHibrpC7wo$3pt8AytY+gSaYJP@>&s96r^uM?M%lxj><3^r*Oq*=(ug*3}$pe@QK zL5(=yhXV^*ii-v_i<_RRt%{55>xtIzrio>xDzKq7j~slt8tc|VT+OIS#FRpuC{X_^ z)*8vqOR384+DF zSNPeyfVm}w4jvEwRQzZx#FS2!AMNNOU$gSW1ycG15uggeJg%rA#m<-ypGwA$o<=;? zV#u0|z+IAa{-v%xlp{csBx!7))*%P*4!J4OVKkb0h}&*ys3&?%p}_Lz4FzcrYwKIu zcj-;_-w~jWoaR>F>CwC6((HargabD*kr`QWPZIm?=n7{)8>b#IH-Xgi&*8weTiaSW zaDnCaT@AT$A5fr6`zRc`Ik^769URKAp;CE>eQGOf!PkN5r1;X3LaHF8&$}tUY;cbB7S=Ckc_Pi_oeRXpC(rt+Gt-a zrHjkJBS6l`36yt`uN75OMJh)=5Elq<@(-4`C*roVDfZ@lE_wE{*ZZ;%EN6cl5Ed>?TJ(o0(@FpM2A&NgYSN z*-{(2O>!<>BN8w$0H(j!Cib<<5P==26f}H$^ltW-cn*4{1_SYqvh0hS?pP!-;h@f) zG}>#6f4=p#R{RAGelw(%*rcxgNc8Jc#w0r0u9AoMmj9?SZmMVvykT|+F)M1Sg*@T- zLxb2 zmHQx~`)6Gz8{KNN^aGe1h~~csrvb!&#dT)JFXWuNlYlb0KxywlN=zs~g`Tphqlw1T z;X?{-RN;$+uovnF+6W%Ua2q}=mWB_~4H0{sOgW194+`Dgid!YLnp3(EhY)&F<)49= zI14C~Q@%%sR$+)RCf@-H?t&!7f2a5nK(S-20`*JD6dhx78B6M=X>pMugGkSoCNJ_N zt+j09({y8f%fsRhbwKIJo@}yN2u{0v?iKS`QmOtg)|9aHGx5%MS{fjUVv|mV1wO4) zBm7q8lFW+TSZ}3EP$EW8f=T#k>TqN-)+`SR(!3O+aqKWiSDn;Y*`bdQS)}6=fxzZh z59ReA6L)R#epsXTm^}PUolO5q8X1M9Z8vLQF=yqaz|Xmq>1AzXq*aTp%Pykwb#S7T z{cJR8PL~&HLP(^|jlcV=Chq)%)Mv9Y`%11S&imlM&-os~j1LEeWwDI@KQ-)g11_K3 zW?-iQ#v$ad6<9W_oqQo&bq61a5H?hfZ&MQWEPs~8$*7Iy8HZmU(<<4Nat6%^T6*cr zVD4FLy2#j74S_`-dEq#id|r(cIh0f{=)wQyu1ovw`;G$w3w|hH#NhB(>|cwVdV~O> zyC+`qlvT}Nq+jwq-YE(9I(-GXOq5Ut0Aah=!i*L8|6Z&u_S{Z;9InK-CyQP`o4)S$ zovn%quRqPNuZ{^{TqmN6jco=z867I0A&p7m1^326#i`a_lpKd%qo;`*lUjrR>j!>b z(v^MR#-P_7j-(d5YaTNk+K%8ANNFrj!>}#{XgCO8IonEsZ(B`3<7WNyh2*zQ1tAu6 zdXKhGc*hO zDxk(-^N5?{d6|BT>;3sN!%{A8yhRDj>Gp@99eja?gi5J?#%p)?!{@#VP~%A4fG}_R zR*&n(i{~=#4Y=&We3VjHs=tt|9Tl#gttbH3(3$udyOxI%@>HDqGc{1Mo*g#m%UC!_ z#)r7gO9B`Ui>P1k@~D3XX_>xG9UB|gzfe~5(~IAD6Lzm^JqB1atp3*xr*x_x?pQz* zRTx16wtn}Qz>P`A!nkEySXMbHHUso#7f)d)kzeIcB|Z_d24Ks4$KZ{mVb{a{g89`$ z`D+t?QowM(qH8JuJ;~BOE5M(VqtRAm?yneFFm7@u72h|OIf0H@rXM#HSRKMwB4kEV zE-8~Ee*LGc#1EbO-R#F06JAzQRMccj^0CGmLTur)!P44?nA=F&jO;qLvsdY`*E!AD zDcQ8ZDebjq2~r5O5CP&g#s;2{P`Ip5)& z-`O-%n>Mk|>ks@2$4fKj3yUB<81rmimhc@oKq6jDiHI%~Xpd3R)A=uKvqNxx4Ko>A zUOYG#JD3ZMNn;$!Zju5|1`a0M@_C*cX2*iICGTfnHeSM~pXxTi z%CE(nm8bW))O_CIaCZ*zudaXl(d=CO*QxKH`-2DEDi2;9wm;blUo2lrHt{9*e$Bq> z>If6y(UCej{8t%^aOG7^a*>S<@!I;9z?$tQTK{TQePILZyOx~^-x+ox}%`z>`G#P|l zLk_|}gPr$NP;=h#$B@q)%)P13 z23)BS`kx#)3y^Hs*=8@Vm<(>DR#BwxxP*1qMQT3BH)$^__tzK+=OG@0c~4ZyxO3N(_AUx$d5<3Qm8 zh2yp};oEC7%)o*tChqH|+Fyc1crZa)R&dbFyH8dTKy!rCdO7SbW=L4j^jgj@Z1{Rf zt+R(x>L%xCi)J4SqbE%CdQ^P&xEenANCR^|fF0TZ2_|Y0x$-=6kj38=GnMdW@3Rsp zvR8{|>WS3WIIc5uHi0oR&)Bm)CZ|Ku2TzP?`lhQIsYV^gDh5bF}Hl;rBGA1E_4S(TkA zg=I_YpE3-cvQ1cPIj28viRR~yAwbwPV(4No#GT0iHk5_}Z$AD7_#$bZkqT`C0R&_M zbNtj)Nju>Qb}=%;C0?{wG^0&walyRqnrdixb4)u1RSqlvk`_c7pAE?T|b#2@aOh1~=Vp8U^5d;*+q_9k5q7t2TT#8zKEpS+Ij$CJ7#>5;n`lboH)N+xYfKg`ldc<(T=; z`Ql9;s=6OT3Q5WqQPPqXb1N^iGLqM9le^?^!23fzChWRp$4%If#8W#m=!@P{S#dH2 zrjs4dmwIH!Pi{RaC1wZTf<%qnY8pMb!=(f~;K5qoOrD&i(I#Aw*d49POWuRqss}U0 z(yK7{sUkCTNb%FK^OKCqNnGKMA`-UfNmU#r#Pvkr$J{i{wES{Zd*MPxtIW-%5klOI zP@(sGj%#fJNT8G~?9cNqo#8tXcAU!2U79?2Nrhv)Hi%>t<;?3bU+@je{^v~996uaG z?q;Kp^^(<@8yUA78G24^fT2LBFjTOYBB zznn->J-nmiJ7L}HqCc|5Gs)~*8R0ykdVXCizMT>|(#w99`%vs1%5jGhPM|&5N!K`e z1I7Z)n3@FTMoY1?Plq>ur-Fut*H;01N6Ro^daP|SLWozgr&skuHL4O4Hj5yhQR*Iv z1#)VV3?Jx{glhST2SfojDm>8|JHn^OMUD@Z&1+!nxzpefwjG$Mq;K2XJ>+KX^b(W&mlhGon#LUu- zvK=@a5>5lMVx1mx`r7Je5fTMzRQgR3RTP$IzY1A!q2e|3^53@mC2S#<(>h!pL{0B@ z>84WNdpRl4_W+*EA}j)3P`<4|c2;<+Vc&htJp-AdLur)~30}YYRid+mp5yOEM#@i5 zqki`>^gs2yRJOFVK8@+UZ-oJ}C%hAviLfE5Zi%oz_m7Vdt!%O1eRZ}`qY%p27{Vqe z8T-PA1$rE^!%=(u${xI$DKT0^(h};o&X$&$q}0h8P~&n5`!6QxZ#D~J`?AdDZSHW8 zskUl4T&6&^N{r+aSI4546ESREhjF)1Gx$==chE=9tFHS`hY&-Se|Q4P8pWGv*rm_e zi#26oK&h#~b>n>xx6*(=4e#}%)J?8aM?!X9=}IGGkVoM zX5y-_Y#T-7X$q7=2d62;i$Jc(z%i400WVlUj=H(bR>EO@`yQaM7v;T2G~k7La)K3m zH>>tT*V7k}3w06sV~~;GBhh>b)iSq0!#C1p;^-h_+$_QVcDADrW8QQGp>8!?^l7Kl zBj^Zi%;f^f4L*}E0_e8**NXQMR>*OdC9)^)qPFlzSSkKM%G~nKdqrl5B&4%%%XoCjv%d)U zBJb^7TvGB}u0Vcv{oLfo)kR>Wl}m2jI<6Gy6mPg(vu1S38fHh`*6dRPpoVxB1@$yy z1^^H9bN)4?VuXS)Bzs*Y?zpzQEdi+UJ@U!dw1lv)9 ze08sD)7xv~N88hhT=z)Pxlqhyq>>d> zkxtWhw4Dz(ynwBi-J|hq-)fdE0fR#u(FbO5{0-9~uKf+$sx-V~=ZikU+n`ko-<-|! z$wjpnlsqLd-FEG}8DN?+O~&f%r^XmV|B+J;^p?Mt43zLp5hd ztXJ)9LjAZ3tX*5{mvO*r6>v9v-6(TfH!Pkq$dl3(bN`nE$+a`u%3(`1VBOJ?PU5Er z%V(7u{~}+A9AVGuQkYrhisq9CaSfh*t%64hHN^!Zr@|=PaB)#)5(}oUMpyKCmr;uC zu+1&rjGVgQF+Ps_T^y&~hs#K&x?Alob*dntb1|&H7^MWeBb#3Tt_5^;P{6#!MetB8 zA)CL}Qj*Yfk$&Vr9Ev>>D#XfKWTC3T+c+sniSf2jK)+m2q334;!5RceJtl;lqQsgZ z!LKjb+MB^)OUFYvw=AiYi?JcqNm#u!e7fph*6@)=pe45aT5M))9u=X~Vxb?$gu}s?15z(BcEiE7Pb!3pxe$sk^G4ik& zrkg70gD)ZN8CL!ec#LVCj-s>a6 zlTWbN`>+tj+ANa>JyJ1ZO7)ZO-zBCEE&?jkj^x)p-uV756Yc3C{a*B{IxjcYkH_ZHCO^;!rK+!V(;yFnSntc~!OkHB|dQh(!Ji?zic zY#$OSTM!^XttN!O=;(}tX1o_@*I{S>jAtv`V!4qRVh~%TtN4)vAU=uPR4uKVAtfp8 z@+EZKf7r`UL+8gM{{F*iK=7u-kW9a|w9HU1p%yKI<9@hG^WDty^*w&qTjMa_OW^$!8sWnvS2?|>LI zg1aHo*q)S=X}hn*)~V@{tv#x`ltWZszS!(X8)L+S?yi3-Fvq5}co(ju^Wg}{AghC6 zTWj~1dDVd_08!>2SgwzFbKD+Tcx%AAJkC5z?(}&vZ5{5P{hYUp=5ew{_Q*`LyIX%1 zD*+^NO}9ZuCXfAtFcfwHbhhS;xg#UF&wo*gpv%{8H~IS7#Is97yL!Xq5^iMC{|mM# z9jPN`s)eW2AodxK(41`O&RRHdmSJfG#Or)ntBl;uaSf(k2h~2i_HxmP)>+5lsDt z{>%@$OZSIt_X}Ta{~aw7x)`4L`>w$u&_89jp&qHHc;oD)el(el(~-Q^7Q^W}>w`s1 z73y2MDqc+8W$k*okxU<&>RLloHpqBoL`JeNQmm9Cf+DmR3pWz@N|BtEi?Gn(7nMle zwbH&5^jbztXU%JJG5Cdht)%Vo!wy-7^M*IV_la_Tc!(qsxw(94mM!LxK!Jo)?`Q+l9Al*lg+V?DUXzvv^F@K>>4t< z=Hi#Ck$)nlln-$fQ;6}r0&!NKz##JJ7gbeP0ReRNg=i0(EGW$*yT}*g=e`p5c;pBx z0>5Th%y`{H0b^*2)QT?W-&n&J+UEBvf*`D9KS;svf08TSf)0O-5dyd)#4un2K6r>% zkcsw!-~Si(;~y8I&fa(mOykD5GtEJRpVV~V3sA{YF|6~X`hB{^j>1^=nG8PVzhA<` zL;&-`0K{kAT?z#d(=jDW(PykBJlBk%?jPkr)<>P#YHpw}Mm9@cMh8B8+$DZ6pG3+R zp>UQ$U@yP&wN*Pd+fNP@?>y`DAZt&>j-~w)Gr(AQE5-`NV>K)T0N`3kI5=8yE%7@X zby_c0-%nA0rp5*UjUCoVOnSJ5M7w{x zg}2@&7rg_Dc7!hDEQt=PHazM!-OfFbGr^+oa~?6D6aJPDhs$5SRq!f8^&~bR8O{{& zg3FovVQ7HkWpa7@E{r&FI`O?*Vj!SDWVnGxjK#;tr*Yq>CWPQdHr@GQ>zce_2!}CB zsxK}pDN*2=iQH#w+J;w9-Rx<%?M9SZOr7 z@qfLW(eN^~z8X23({0H&$hvL=*UY7RE0+}YX!3$Tz}Hr(=VW6~g=}D~!F8MHdZ~s0 zJM*rQ$V#bE4UU$jxOI&p=av(e6mNfq^IE_<6$BLxwbqr_zSo;W@V+9BVJH$ya8%(= zzd^~&VAFD$G$iOi9v9qil)H@i$h~YTRQr8~9P(lBZO!xQZHy9Q(PK|jm@Y#4<13$( zr2a#YN11xiTFK^*kFRDT*xn|5XFRZHBHkpWiG8~o*^uP~mH>WeD({wt`=dwqIed#7eAFt4Zk+Z6t83^b^U>Daj;Z)uY(u?hPmzjM6iy`^#3H zadX#QrAFhA9_@ktV%@W>X{5YxA*?14hGL^ayO`#`-?DufZ09X+{nDDaR9X9d@OpOf zlP{!yFmLc_v9fD!XfZ=Nspr}L?s+TOIg0ET3KL;xe6jOCKH zQ`?GJp1*xMLKSE5XiSnCSWeyKMxNd!DOnYF>e9=j80St85v=kS9NM2E9V->(1rKS} zwo6iiPer%scQDrd5*@qtR+?ddP}n5u(>i~ZGR@2K041-y|(fBr|x9` z@3T%V7WmfTM^?P2X&MhVa#o)riOa*=Khd5-ffnARA`FA~ItqCLKc&AnwAH%e?PY{% zM{pCc;Tq$urUDe$S4>!hkgALoB5R$(GUIggomx)fJlS2X(HZ!4;>nQYTn`&uaJT7t z71%O3L7a29VzxG7yb`>Hr2W$FuY$Bgz4^k22|)*Aw_?Gy3jIK?Rcl_>TKK=s$W&l* z+vC0t!M}vJx2h0uJr34-p_w{gCj>co)eZQT9r;Bi-r>3P*iJWrH<% z7U3kq-lcoCA~34&6weM^$)>4lt~cYP=$I+a(l(3jl}7bP)a}Ss^D@l#OKh6adXXbr z+t1g!k-#zg_)aJj#^_L~KmLoLi^Q3Bd^{UPF1tUbeN3V5n)+s83x1?VdkQL)=J%6E zpIen<)#H_ORwZy=Rn)%&E#?Y$hiwsUbV6nyZ33fU*Q;n1ys;V|%zpgi8S`!Dq4C}f z`tU)q`|U(JZ{faY`T2QM5;f#3_!|29>YzgMdU(pYN`HJqZFc_lgxLJ(!FZ*~91U!> z>WU7ftqROI%Z>!NdO6Akm2CRU_~VDF2!o9(OgfkTa!;MOJB{r|BzQ(CNNvmSKK3+V zMC(NX6`rCN##xaeQ{FS~pty5`T)tF4A7%g7Y=X>GAeb0WzG$MvtmxRnCN-y{Bte-Q zziE1V1ZxB7ZQO4pNB&J?hUr-501ncA9OXdKbe965`4c(L+GdSTha3G@VC4?;)2R9c zmnB!v^I5CM_xYG_8AuvOTd@0F4wNBO%xYGGWn_#T`$u`@12zacPsAK{Yb6nAf&sB%>%6PiJfQ z{;7q;sOEIF{fj<8N4}WqRtm|mNqMyd5WB4(u8i-_O??v+-&vNhn$bZOh1{r~uY*6N zIgITmLoKflHAs$q!fzRCtPZE5&vf;p9aizb(bPa^`6kmQ$B&*~+i^=pFN z(3!9E%-24jbi{sLL3DEP+{&~U4ySSDrsxa>THt3zL`=``%vk%o5Ry{yr|3VRqoen2 zBG6a3=Ih2#uwA%@O**#0gVZOvk!O}_qzn`X`r`^QPmXJ53NoMnx|c zK zC~k_W|Gr$4sw5+ zb|E$kd`ec&oA+#f+&%srl45kQtgjHHMKXyG$orsBRQrXE@jLxhn={Czj8^lUvR^Fx353I9rXBf_rA(50_bVR6K-i83jObtz#aE1FK?>Hg z8~ejb7Qc35X$QxLuOi)&k26n$9=%VZ>d_#qGI^IW2AIs%>If5 zevglj-_5ncJmHr?F1`0xZ6lL6x zXp`X|U=6f}hy2TVD+HjG9#qAb-@f?S(0wGdvXi8w=#jA7$?|LPmpIS5u z<_7zAH+0I`7q93wx)ng3qVw{zsNj;6wPi5!B=OV6bTGtx|U&QA;l zrpZvCt}+57N7=e{(G5_Cup*=Xkl0@vP@0lLBHwY@6Ip0G&SQD!!+rsj(P8v~QvEKe zLW>r^{s=yR=TM{G#IkHEq%*aEK9lhWpsK47V^T0_R08xHb-ASE>;-ukf? zrYHF@o$gUiVUx2>NRX>kq(97LumUkRz6}pDWkZ`RY>g(JpIx_7ipppc$T8|D>-%0v ziSDbS!Vv}gt1*mA`Ff){yUb|@Wc;552za+l#al1+;?6qxBmZN+7toU}J$QcSU$K1t z*~H7Tp^=}k&(YJ-ZmA93S)ITZl}tE^X-q>O5T&7abCQOsV98gpin>bpq$R#)1pGn< zZY52)cX~hL7zrnBvpM)x%!ZAe)aIE5719pyzg4W>MzuHVm}^L%;>X@RNHn5B_U$S4 zXa=GXo+HvlPD8tAy!?Bvx!Y=vfJ=KI4;Zn}$l5|gk z?{AllW^6G1$O1g1ypo*wINFq8A9VS-V3O87eQ|LW@xub?3SWEEHo*;vC=lhd**_NM zAGSV;Rq*mobl`Yc%14J7ls~9}rVU1PN8d#r>c>g}2xw$xWGXFaj!M}4UAWf_sE>%T zz`i0Jq4&hM*!O(W{To$AN2ttoqB07NPAZ1>`si2TgGIY?oAnNgqvqoI)>x@HPytdf zd3%l(qGz19Oz8!#&$n&Wnd{bOJcz2Cg2ID_G@R8OJXjgq0k@Ie0xcwBT;}EM81t*G z0HA-1`A-=)M7pak2zTSCdgUI+`EWLlAB;JwK+k}VUhw_DOKkc2MNYAw;8cQ^mbN6y zL9j?K7BhqnR1!b5iU+CQLR$~nPc&>hr7>$E^lq%j=Lk<&pNOsaBa<0Pj8HG?Xglbx z1E(_VD?saLPS)a6^NV{tLBb(x5l*f+_?122=rH)pJu^#=B^)jvj7I18Zz6!=2vu*< z$YG$^(pp+&o&Pe(#(s-jrLJMmxK3+Z)|T+2C*E=pEBHB8>&WMjmflzF`Jj2`;VM@D zrGVJ2#EjVdL*RBn$ju|7Ciyy-=2%FYzjQxG0u82M854W4S$@iZu}pLu=FngiiHG!2 z7KX!iQUOZL@I1--)2vFlry&QJHw?3zT?F3xSr_ud*cNhOUJ1C@Owg+N-UyJ48X-cU zfA2{~W{Xc^0asgt1J1j)YvHm+Y)=R~d#-_XYKBmpN{VzRW?<0v5f-jJuG z=#ijbe9GP|SrDIZnj_Xs?j8=Y4c*XTB=$Zc_>`Q6zRhxz)S@)?SCRxG*eE0{=xWF? zw%?2FL?H|&(c{BidQf*Qw?B$rBv}5MY~Tw91cZG{0SOzv{0IS7(f|Hw%OSZBIx;?#A8O-T94_70apks+1FgPMK%Zw_Dg18s#Q*9LMb1 z)7URN2dYbKaRHL-bl8f!4Jc5q89n00aV=r+s*GnW)Q2YT%mXvK-jV9X*Z>n6?SE;y zR!kyt`IG&D@awujt}B+a#mpB)Y1{39$f1*NgR0|GiB5hfN6_}IIPfCCdw(_fDG+CP zXQut)wXA&qu-!}uktQzNOsIz|3>86TPO&W5D+1_i22K=d>NREQ{xihJ59l8y7~zqY z^y;OFa;hoewf5G_Foo2_P#`Bd=n}d2XVB-02u%yvsz} z{79MUJpQl!`91lgmKE-?0YGwP&rxaB0N%e(wkWC|qu6YT3IZ=}l*#xd0_-X=XA_&a ziq+8+uNLk4wRgb7=ZOPc?bKiPNjcEH&@Tndx{j}RY02|_?}_ekK}WRUdqCy&iI(A8 z9er&S(D&CryWdVn4Q^B?bU2&|_?Xv`ErSoiAXqVc?X%$n`vAj$JW;RR&U$U`xLgP_ z4DOaTK3_d|oUiApT!Mp4@E^P^E>2GZ+|AAn7lrx}pvHdH2YhPC`e-F)sw?RCc&Hpp z$W2LIHRp}3143>{P;8j4`wGw%Ux4tcrHV$jK-d-zL=_eeu8NSKNX67jVQ(skGt?ka=HU9o86T{LfsO)CDjkULF>+;#)iix_b*uz( zp|KH~ffaz8MFL5DNi%ti_sEw9&$HdACj z;a09F6R1DP>(x->XAR*5xia%SQ7Onpx2&1~LYgv~WK2Ud$l9ASe@G*wMhqEre~8CY z@+kbG*}z6WDo=kj2HWn+R={gtRUxUt0ub0KedlG}{WiNqRq}!2P@_!MkTaX8Xc8BK z{DGM@?gyAbfk}cNe43R8uB<*HiLUh@&o|h4UeInIQbWyx8_R#q5 z5l>Qk_Q}I=T{Kv?cr)jN9?j71c;%mR(db{k6i0`D_XoJg8iK&jC-WTWNTJ5;e9G|N za>*ax5tm7QjD6E}HbPdPReH(7he%IX;ijWBCVZLBEFq(st<(QNQqv?&vYeTyZ7t>f zz$PQPtTw3icLkqr#~8HAL5bW(_$WL}vvi%DxfqX})AFkNLdJ#8wc7WZaS zy!SSx(C3T<{^)w$k4gm|LqmaZ!REiCOO=kIvl0)Hej}002q^%|>Y{VKvEoYmWZFZ3 z+^h~**a8Kwv3wge&TGVK7 zaj+jCAiiSW8iHnuzM-2s+8P;Un4u@XcTR9Zo;697Q%&vLUj%NzG35D)&Xm|)bSfQ< zk?W&Zx3toYd=FlR70FX3_$1m=l3Sn+C&Msx<1Pu84FPaCU8u}p9BAg2%F-W|L?w3zev=VcP_+==d+6L)A8+&uZ?Hf$ zhV#nFm0e^l=2-}kX8MhUUb+>Es4UKJXrItH1EpK6#N$71H41veI`@VRrR=-YrU?4R zkrpyG;8sd8d)8t2#TTN`j(VsxDugiRk83p{JmH)oTYS4w5KEdt!(RcKy32C+g-Jj| zn{-Dr$aIi`Oip;><>w8(b>(8trY%2A9PtV3b`bes)D~0C-{sD=P9CJLgE1)=zxL^R zTOgYz@^l^k!*9I+??qT?S4;l;YPrN!7Gp z8NiImL8TU>>{u9O{)^pARj6ZL%CW)9iIjV4C7|SQ zqqybm;S_PWdy7Q!@^^cT?;j0695D^ZG;2~s0`a?2{;Ebe6-Y7bCRs{((Mmb=Fc{ni zk*yMbO*7a^#9##PUL&=u<@t2N9 zB&mq1<4Tl2uYrS(3)&9F#6$Ir8)@l&hcdB#?-@Sy9ri>1OqvTwKv|m;!@Tx{=im(N zeJ3eg#+otYJO07h`yV*o45JVkmNEo$#l-bV@9JRQe& z<{|0v=Sx;D_T1XSLxMtsex9amyP=4NeER6)cLt%fBbH0P?o+>iZFNoPeetz$xqN?f zBZwIwUi|K1duaB{yTb=z&`ju;B$H^wF|x&m0)$Xttu96#OS$PXMz??KL7qzNP?-tq zksdC_{106|jMBfztIncTx}*#TN)8-6i1a_5scp`Yf3*~5CAAp58a6+9&ggRJObsXah9h!0x1sX z`9pxpPl(~b6gqTf7$3GTru);W^hLTkapD0Y$NMmn2AaH`NX6{${2sxWz2gR%6w9JI_5m%HarSXO5)i%U&gbWENS`UUQ9k^)WU&%aS>X>Uvx2--_pIDchh=7+|5>% zq({pIQg&2a0(JGB1#E;9@0)U{BM+|*57)}CnMa1T;{fQNG-HL=njhC064!h4HP$LKK9knenBjc@L~s z3hJFYQ9v4x1pJP|xK+gfnX{%`U7VikUhEP?DB0LkD~#kTY3`g))1F_;dU|umDOe&- zR_@a8>+fTKa`6yy?<^SFW z4HzVk09}FEJf8>!BZ#To#g#<>B>g%*q(_t6258BHTnZ1=YD&zMWw*FAE;*mPD=d$) z)ZVvM%GCxwpS`Hcf7Vyi&RqEeTV>8si5=A3S>@Gv2gZzd+0uRWL!dP!hU|}Q%_xBy zGdOh|(}yJ#LVMgyNiP&i%rue0fBB}XXXh6gZWc&0>k7bB>o2iNx9<(ou)s*JA1C9jOogU74hM}0 z_=FBMzW}w(s1bi*36Q~(|LBc#dnVN{@BR8ws{i&OI}HaOQUJX`_ZYj`eB!K=ydb5d zGwBunT(XazfcGJ!; zI`gvsaLc134?LganQj)4}j$@b@1bZCWY8Bb-q-$YL2gsnkLm8gDmRLyv2w7JcheQx{zr zkbe7_>N}K{IZbdtT-F6rfTVp^d82yN zY+bLnLGU!i+7#NqTW2k0VO*9)^D?k$P16oJ?$!~?gdGk9*^f_@t^s@a@Gg#e z`th^=4=y-pAP=FrR3P_=3XUttYmIst6&upp>oJJm~9Aq;7g*Q0Tur z0j)&;sLBL=D__d$d~g^WD`>qJjCWRrS)I63R7JV|_YQptw#ufKux>DhUf|#EIZT=) zZ9rdT#ptQNPHz}XUV5AT^ghQ5c%9wFbY9-9penH8Yzz)KgQ$yNUYGDsJ;v_*`xbw8QDR1_Z`_Oo?MJ5eNt79bZ;Tc9*5_Q&o96kKc|2VJHJ`+e$sg=p+hm3%IL#DNDy#S zNDvcr33}ln7KDe=xUAP^&5+O_y-!fpI2rNa%4X(?0B(iS)vnP{S}K)#HwpP5dSIUX zNuGm7&SJ`*40d76N_!+gc?2?d4Km>*t!^rS>2Z+iBhVoSnfV-mbHyb!!JD{(Rlw|lc24p)T zR*OywuEo5NR=1IojCDS5pHqjmc>M8U>r@dy&sJwOkK+bU-x0c5TdUYytRo**CwPu< zU`S$6&J=Mm^(rc|Q#))8Z!OUVr*w#ugj3(9a~2)2qExP%aroo=C&q=Sk=Q2TE>V_j z1(F^qq_6coHTx6^SP)Wul5Q9FtdcZ zEHBtw{2SVwkOt_+!U7c@(oR-JBeh6z{YCG7enwiSuS_+u zi=nf?Bg2wPGMSE_k_g_(6iXqCfF5g#5R$=znc;6LGiHbkr+4Dlil=#RyihPtW_5_x z%zPKlf84wIx(c~gd#&qwcsIELba^nrIm-hk)W87tGBoMxb#fMRZxRe%AsAx$K}o8Vr8{AQ zI8nsx;JTT~A^uvGT~x#03{O7AFGd0j$54lWpbyV9oG#|?4yU}t7l!MovDz#>Hgq9D zUAGdapvEKp`Et~c_j0GU>aQ($RDrl^tqMmKk|zkLIzB#}K|deRo(|sov9@mhADX_x zE2{VVnr`V35RmTf9J-`II#e2@yM`{2knV1zJBN^v99mj>5b2=?M&9|X@B3Tx2i&#h z?t7m7oOAZx^%LS_C?#~jJWcAsOLCLIj@ zgn8Z$4Q|S5vMq}U9S2Q*28z>Uh&a+!U#Y>;h?J@_o&p4L!Y~jSU1H{KvRR|NHgaT! zC#jOmJ7C_w?-f8IY2f54&3YxH&t*s%W$#jV#Z65$6#yPggFd2YUGE6Aeco}#DX9CI zDk=J#xUq!GnIBUN8o=5s6##_3mP!yzS~{{5+vOW39bL}m_BMX9VmhW<62XUnVtIN6 zh-gIddg2ae7)Z@bS~_f(zj*f3O<;u=(z5S_64ZC(&!_4u$`hHDjD2PsH27uZa8aA@ z!g=vE@LXX3^;B zpa~x&Y<(UV=fONSr+-zDGU>YEAF5i@nM1rnii&)oo@qd(jN9CS7k^jCLs_#Wf({vn zQA_LmU?8YRg1#HQtxq5FwbtMM$lY*|_q)BW>442dciyC)?Psoe@`{Tuc6;1d_dR|+ zzht)0BAC}UoN(O(={SS|`jlY;@hiVE41b+>|Gli$- zm2@F3GU*g;cU=t4_W|b)?vd}o-@WS7D!(gF`VVX05fcl}B4uMBa>KsCo-zE0-+yx$ zM2tkW6%g$np@SLE_6V3(A1z--(KrI55X_Q>Y2NoeZ5%YP@CH|WWS(CSca>SoQzU-i zdSs;nhL)ISvdjD`R7o$iKIt}U6N6;Bgj}L9Luj0nkuQWI)3huMnBqg6W)soJJB`7k znhDs=7 z_dgwL<7%3XxaI#JQ~*cFz8)KxZ%16Q>(!*PNWRbDD0fgp6Dc8>2PYX_mHv6YBYooP znar7)a&GtDqgb$dK?tkZbHw+HoHiK>d}T-#YrS=sMs8%qo;u^AP@ z?t3DpiP?Oc*%ZY^Yh=A+G`8bIh5vQB1k=ECYXS9xF+fb7>@z1SXk?p-9G}i_YvHJ` zBdvZiC3Iqf)g^S*IPhL%cs8V-r5RItZ2}=rUkksjc-teG6tf!O?9EM&44I;pe=v*! zW~A71{$VKxeq${+e;Totd!7lUIY$`q_kMG4pM8+muMnC03|k z3bAqVq}fJ--+Jzn$G+RSE~TEVCG9E5+`R{Hf1ip1Ub|=^!^xFwS&+s8mpVnh26=(X z1C3XHin!g?;)-VI({dhvuGR_psZ$~2#fD4e829jON@1N$Js_&{EF$oSe*i?%Spd4& zFL*YI1SXYA61a+nwx{)(%pOIHYDSt7Jn8Hn`)~VESi0g*lQzhFj_DMQu@ob;*`X=y z_PFrw(164e(6x^IS2s}iy)fW<$M^j#pqS{fDe?T`131@s{i5jcw||s$I(P?;Bn!WX z$iW@L8g-qKEdVpqq{aOt*$A1feJgBmvM^=K>)9_#g_t?N-=#>-p5_<3E1CRo8g2~-6BpH@ZydTrup@+oVIeS z0tg2e+{mwM2^6`{9aOkiL#{2b6+z-I(?}!724g-r6pSsXVZ*K}i+9S=;NVifH@eMl zJ}eN~jSbLhLRP0ptO&{#yn7c)tVYplN_zdDt4Siy6Z>0Nh-{&It|6Vyh@4Yi<5JOY z9q1Zzptst8dOksG`DUT7_Z^Q-qJg)H{Qg*QhGiI-m!W&zNe(1VdnUN_r0DpB-q(XQj=a=fI~Y*hVkmpakyk(yOR1b&egmUi_$fR%j>Gw2!0!;ypJfFZH)Sl;CAH z(w%Gq-)sAK7n)0Z=6MWO9^jpOUi}2QSq5GO|MfpQez~mj{q-Nwz~Y}M-r;?+N;`S+ z+_d9i73-h&m`hp|)kj=;&Ai_{tbNYk$4FkNU*a0qL>9{1Re+SQ7KQ`ayx_QqB)WwOsMcNU5VGgPzVu z1FNAV0*5}<>vCNp))KK@Oy4TWp$Y7%vqLgnMA08{5L-stDu}{p7^hL~BBUU5REMP={-_6f&pnkKAPBeFtS%N}WMqo0ITX6OJo*8AcS zzrW`JBM^}f*rbKn!SmZP1GR#DVgh4iVq5l- zl4jZOF4@C%MP;Wp2a}%RcB%^OI-6$Zchy+6Tx-O?q7q4&!x)qXm9W}4nf>}F0Sh;U zUQ%9TUynz`kR@*{(Imf)A3OgQ1QgzfT=z%Yv+@qbS#tQdqG zORf2D8kLiXno!p|MFTZ4N_LDWTso|1ofhk8V8X&8h2OiF49Q@J4#T{I;?>8Bs`6QX z*WJNLoQ@wZS{!*6mz!kmN5>>?f7>gC~yIR)8)OdEj7cU1pnhxE5$!!fR#2ZO^&eB3CwR)ciz zQ0c*a>zB=LrpA;bG+KI3qDX2Vz@xTtc3>e#55IEBj*je|+R*8x|3@16wLx}YZ0bb! zAIY1W6iTumMZ7-N8ZR8jc{85Nv*YU(A>IC{iJEK4rY#k$pjh*#FkJ%`@=5Pnm|Z5VpKh)#a|b;v^{Ot*V(CD_t>8o%fv;Oxxqef&12k z{A7^@Y{mvy>4HcTw>>3pqFW;G&iVxBvc~jt&l>jZgKX!x#3!_l(e~=@Yrhi7b8%zcTuw@Kql{`p!lw+DI}Pq9Z?Xrjdk%jXX$6?K691`^c|^&i*2zHX&J+x6bD`EdP)dV zY5q1Q+|=`7=96GoT3b$WGh(bbF{a7iy!TqBtJmQ%P)9@)&BqDMn`v#=G9&nvdOy5s zb~aL#XS#|w?7=i!hVZLkX52usWlkVCnNKysbj1HViVagW<^po#`^q1;7)*OKN2~O0 zl*zunV?WqGLc0FK$(gR3dIb&8;BUU+hj}x1@1c~+Y>_g``>1Lw_9FlA@TY^ezLYj3 zrJKJaz%n$rKbk{>O5QZKqb_;=d+f|{wvW>H$_d31Juhf2@(+Ibvh@#kx4(lWTDS?? z<}#m?Ivyg0A5VOeJWTzgh@$W!{{|*(P4;a4teKCMkicI#- zZdMWXjwo@{g284Wf_+?lJI9Lu5@tjS>o3<9$)B}A3azshkpXdhcRkH9(GeSy;`$>R z05M9=6C_yZ32+Q8Czs{u%>H;S;6N?zZHL)iDit%Od7<&DZ(2X#+uh#&1g8zdnqr@izK|K@p)*?5s74h>a| z^qT!&-zW^NEYM*Br6hn0PY-D6c3@v`DkdA4t69y=j`#Yy^83gCu+@9pKV#SXPz6fu zvVn1ff`Xq;HW#OFyfjZcSM%Q73#9Q{YS=a43`eha?(RkgJrpD0rxF1_o!*2U1nSqH zJ#j(ohxqHP5Cb%)b}NJsvHS-q?NJ6St z-0wm=l;W5@W{tnEN+iVs6*sZK7dby5cf}kCm6O9G|~*Uh>*rE0;&w&Z$Vt z1ke^;s4zP33*j9;XZ{Or269J6fg^y+y%&OJix;gRcvHvSc<8^RAN3;+fitoocl3F> z419K5+7JI^UH8=l=#@euLt2QOln{+VbeLRy_th8tb)k%!sO^#Gwg5u)M_Z@yqXazn zWPV82i0G0&Sp?8RD7v#i4n*pxc*8~;K%e>PypB05iVY$Q5|imqhy;Epf*Dr&N)gP*4KoTtPzc8GcKEi z4C@q{zeralziQCoZ!zD@#3UdN`fHKvdMUjoBv1TO8*jfm#`(kjVmhqC`};t3s?1rQ zn(s8m1d+6qQeQpZ=yV*7Da2(Bg{i=tkqO{q?zlaVCniRrE84bY6aGkKC#VPAmPHAhOne&fY{tkLh?P}Y~oP-ufa ztyI6R*OLq`%*1{APZm0yW1V+U=O!U`M^!bk0N~PKr37{(;n>7x`YG%tD+n>Gl%X=f zyZ^j;f=EJ|#?WoRPT;*=h;&rG8WV7Nse7g6H4Ci=?uktkOt3gA)5p=c zKMD@##~9&-yjResrHTb6^yI2?BGl-VnitZ3^S)t11h_B{up6IccWY8DLJIK-y>gRD zJ7p7quk{`e_KnJ_9TWbcY4B%TFa)z$lUjo^ffN(r$hV}DC|FH$zCjuNqG$ppcnMs3 z4K>sA0kg>h*nVdYvtIk(%K;GbcSFFfpKv-sU7X>z*6VC-70SHw=7lJleEaUDs~dmg zL|KpxAseMCzx{1$xSF&=t2)SA^yg%iHZcPZ3&KX=L>5r=pO+FI$qdtw$ni4bv*F{a z!sDF6IG@6&_5K#MgQh1KG6ou$^8S3s9K1~`MO9RZe*dXurg@1x;E;%wB9`#}H$je& zi{N+g8p^i9pOInm2aA(3>>iS43UyYhy1i=YYj>Pv1CP{L;3aJdjfuMh6VeHz5$+37 z_Wl5$-G!Ey-} z^9W7P2i_C{wxEmnVR#%o6`JygOA9LDtqCnXCAl97POA3B`R zwdF>^Zu}S1Zu><+2xUi;MyoSrZJ?U82*TTcg2oC#vS(}O$Q3>TkyK5 zJK_R9{(dBqeu^^``&CNenRo$p-r?K?ju%yfs3#xcaBLpzW)y}V=Qr}df|0lFEC)i3 z!GlX|VM@$vaoriNf3A@Ooyg1l5gQ;QJE5Uv8rL+ae624K`w%4zF^YKIZwP=UpxGh~ zA2|<;K@*IyV94zW{8@=8(07Co(ci-_oKcK8hZ*ZriSi&IEzD>Ce(yKh+YCi^2t}zd z20Gj3s!B#IgFJ$}gv$Xa#48J~UMnn!DdmqgW|@%WkJ|&&gbEDEF=?~NtCMY9DVTgB z_*U?vv_K}U!1RI&Jaq!tE1z8x2Mkq~+~A&5lMP48lC|q`cn}GF`(j|jXNB(6gAv3VwrA?HB>aw_44s3k-Gr%%qN%Pygxc^5 zg@~9qy4F^do-I6Kd7)U9XctAHR6TL&^qEn5E@(D~An0#SbBU~kTlwz~bK{TMKXZzT z?n5}_Kypi0Y5V9FJKx%sf^R|u<0NYaOs$iV(pT}#5vH=~f9WKXvm$_vJQz-QWs^Qd z5kMmgd63o4zh&NAKb4_wYb=ftIzpyvEc}~ehpn`E`%8Jv8)#h<5nZWAe7vb}ueRw=TL0DQ&*BhF zCsF%|*tBUJcnXJeQ+MhN^0Bfa=U?*>ZwSTnTvt@An|+j{Dm(Nvz$UmLylr!ZmU#G< zcii}bkpN7P$?OsE%KGD;jv&-}!fTZpH2jJC&hJf&<#7Vu2SJZ-R_A&>?=F$hCDPGF!fhU^lDFHqrB9 zD_MB}`%KV#TxeN6fe6hRyKhvR+hX-+`v_n#g~}yCLp5|GT;YP}I_T7wo9r2)`49$q zk*ML0_SLol0DNzEQHlBRC6cl}8^L+p?)Ss!vV69V*Cxt#Yl)8aTwNy{y?ymy)ZN@bP%4J**v-=7f}15Up1 z={}iO!Ti(q5QPmZu?X(F?r5Rdkd1F%i~zP$eymT(H_^yddFBs}=>ZB5W+$g@)PxN3 z`^FuZ3U;75U;eqgybTyA!`rD^+WrQ2jg*E)N>!&5vq4tV?M;O+sZ+w5AI<3X-wdTk zo~jn%%l3IIbhgWvBEl~bqw8#{8*&p1Ct145^C+EfwcY5~CzW^Ws(54xtKtAk^61oJq3EAW}yi2@X` z+p$Q=osv?_Usdv@OKV=ND}c~#oy?8FqnSd}Ui5om-&-u2@^or?gFle8;1@a4eqzgu zoEiQ*Vo_Y6!So|x;?!yryn)K)#3$+wV=Mp8sH{6)s)|D+rjEgMd5cX)Ti?7#Sscf@ z7^3#IOGZlL<*Jo_XW$<3-lSwfcbG3wK`Ey||IU}tlWT=|zc!0VVDGc9MHr+8+#pe& zV2SoF`i!jcs6Sk;JxRxdZOJZ{^SqYSRZsb%XCkA1gJtZ!3z5|4{@%wQ*sx_H6@8x< z5p-ypA zK=YOVs?UxWGCbm}vq5C@v7bm35ng@E-}|kuqKnpD2efc4v|E$R-k*S%Efj|du4H~( z3aSMsr>l~82?r>H8=EG6>2;O5j5}Zi`Ej_2pUNZ04d)@IGocyJaOc~7{v93fnU!O|D28pHUcUM!*k_V(aIj_7D z>-kI;NygyV&V&xV;o+w$u(Nw>sd{&+ATAd}$@TpKC(c~#tZyoR?Ao!G|Fw^)bHiQ_ zpBw<{wS*0;AJbqTOr$!^BZM|pJhQ-Klyz55IlrukCA{{3ClAt{Y}C9LOIq*#PP7;f@S&f-T>fI*z|d+o29 z3Lw0`6(xBg@>f_u6}9%V=hXO(X-}mMiKDO5*1w6-d$xrWqgvb106EI$cH(tgF;wcW z0v`AbJ-ONP$=G_{Yu0=JDD9cjYPHAO$Dw)HhI=S2Kuwsmn4j#l2UKEe=yAu z7ll0uY`=^6wAgrI%Uq2(MC0~UhF6(Zn=bff@d@-a7B}}FFuu8d$A%51GFH;|_KZAZ zBQh$;_9QB>qcf1uw10UJ+}0^iy(={Q7|5|?#(~HzAMNg#*FWR7L>0mX@9*DzItd@GcYL_7sNw=J@Y2WRL@ zHkD8>q03D{%a&W~>oFKM0L;Dj8#Y@(OUs;wv33pxmCY^buOVmZ8V71DF#5cgWu)*~ z`Hhm{gTW>$A_KWxt1aGPYDEC6H&UQA0*)f+Un>o5U3U?BrL)(jQPu7rj7AF0OTPRW zey5gYMnj2$k~?0ZjU*=hA$ftDvQhJ;O&~LCLMImsGq-ZooI4sAtbV8UrQq#jF6n}1 zDJkQR_@?|~Ng7M84LZ&mRa5Iu8Fb?|SpbaD@HCeLMXPu4q617|(Y{0zHZ!(Yyn(&J z=_>Z;hL4AT$kSYD%tJZAO20miDdV{#PFJf>ZeovDbR>1~Oq60W1#1HS>G(0jo1?=6dGVIRZ^Y|Iax$|i>C^#=}Y|1K?T5+BPxk}KgCHX#q? za$pAYj?l?0mSa;-6xtct(#t$q$%78}4E9_JGC&iMdr~bjFz>`T=Yo1qHRY(!*h@6) zJ^uTMMyVr-AV}6MXNZw8RwZIm3{DoMA1KCs&K;9Jl2Hk;&ozBJ*s>bNDW~^h}A>5`U!!GeB4u+In^TQnmNb zZ6ye(A&47lKZmSnNZH$rSTQUe zq==t+Q+sKUdJLDi^3&HcNo747np07zU2qy-v6pif8|A8lC`c^@i8SNsFDuzW9Yl`F z)_JieOc3fE{vpTl5D8A2F#T{^J=Onkqqlf51qi8r=?2o;pD6$U&zBtgt%YETyKhyl{dzMRK`k-1D(=6n|CotixBbz)EPau_&0p4g}FHegC$mU~5>n zvrofwg$U-t#r{RLGeslqu|Ln!i7qRjvLsndfxoP2I=>cz*89B?Mh`$0Fo@2-E<0Oj80HDI9F5n|}H;78lhe z>;J1IomxKohILV`?uVU@W-e~dpJJ9H#;*YCQAqQPBgAbW4f0A?Ccq0`B?wb{XX8%@ zR`apCw7u_?A=DDB1f79s<=H)MT)mT!P=)21_|Q+5>Np{mc4_&)AiuM%PEQ1#?N@szhIC%lBGCs>k1l z_*yTM#{&zE6>yLt|LW-@;E-Gt}8^-?4XOjOQ zidkSaQrh=pDz*Hrf)|8>-Z{dsfr!ZA>aC_EbK&a}t9S|J61ul$esToxN}TT~be+hC zJ~}j%^yJd9&^2Zfh|xmr-26w4m4sb63^v1E6me;MV>u&d=ljPR&Y^E~C1m&f5xPlnYA*py|wwQfr^kXf_k zM=K5N`j{Bj4)i@*sG^v4xEt@hTB3#CObgCQJ*`nHM!79n{C>eH=R}%w?GcC3MgyHv zPf%IDo9)+sTgUwj30rfJZ_GvcE(^ezI@f&*!GqgSmH@SNmE1StW(Kv2F3X&NHBx4jl!kO#?>yBKUHdco2Ef-X@Zkeeq4)aN7kvn)S6Jl7+iOvKAhKuRpxoQ04|O zuzV?1u8RfESD%g(mRKd698$+GZ*bp%dG|{V==J;CVt}r7Gy+a4@tdcNPW3$3Ht%X2 zJ1DA7atx{6sthaR%Z|yUky;0<;NNk1vQm*!T+pRC4p44Vgi8U+VtZ`SX{bOtpyxmCDwwP$krO`Iik=cCunRmC_XP0aARk++PW zCc#mQENgSMdhY7Dyf!phF{*}pl5_t zQ_PPczFq4+YDQ`^jR^Cl4TrmEm0SUmEdHWU~?6o5q7y z0y>(fjpzC_!MuyJu`Ga* zJ6$OFm(9+oNXzw0&GH7fgsZu>*h=8cX-7=W_m-Xr_Uc$eO#a@OO~}yg0?kowSfoUV z;;d1qu8z)wXk$UHWT*JOScThJPA}_6uv_+#loOZ$mOt40Yp64Y1=~!xjS(7YMM!ln zAP-PH!anSIQ(~3wC6p=X90oji{FEvb4pqc(uGQaDB}dVdf5Vi|vNqeOu82$%6%}!9 zS{>#1Wgf4*W-J(DcIV|T&#LF_n8W8aaus0wUPO zv_%xCetN(w5kh@xc1jcOg3z>~D+L{KI!!%o4GY&KWD_TSj|;cxV0pY2O&^SH#vuItWI?Taa@dp3;z;6;XULn7mFvlZjo_bq9sm;J5KRYz|2}?cnLUtiXp!Bi_MOH%LdS z>F4)RhcA~hx8byib=gHuv)N%Ls?ng`H->BvKFLBq$OvF({*e23o#4j9JOF&)E(@?T zFgguUME6n5R!KhK}!+$IocZ}kU#79DtI-f?jd+msi{`sfp6 zOkMDYUmheX#~~9j^~puNE$g#=z6Rdw5$?7J`mz@OI;@ zQ(?q&IzBmyOK!XmAf+k+ZJ$$C&O0VhwOhm6^?YB!J%!l#T%!|HT{|c7V7ohOYG(l} z6PA+0;)_IiiUt^PLWlQ!(mzC(!0sR3vY;y`f_ZBfvD>48k7xvMKedn)%LYO)4^fur z-{{k|_ml>|J}U4e1JC)zJ+!YryrUAK;Asipoc**?X~017h91B+B6Zf!EYV{d~V8)8COG)T#UeQ)EJ0`#B1;DIlB|E0+;T+tc zOj@b!NKm@supY0KPD|?5`FSxN?y|nZzk_lSd`aUoxgx`*<`y&J9=+iGkL+N8DNdb# zaIJP{wXBj7M_p{}15>D7hTI$a{xT~kLH>z|jjwzYg8z-a{HO01}k0n4D?SHD=)K_ zjWvt&4ch&K5(YGCz+qiX4HI53IAjU`ZL;>x0tF$^Hw%Q^=Y#0hgeWwXTm$uT61dnX zc9>>#iiB`dqqpQi8yiVrZRk{NOc!@h$4E)hDRkSbX!V9-r;)Cq=(+~%=5s_oke~n3 z;o}A83=V=m*K)l$+1xCz<_V6c^-{trZauNvj{}##^+ovJRVl5!M;JHS20$k{>d1*CJ6W;%eS}UC3yXH{>dzBg3cZ2!2#35TP_36><|_=TQsi5vO8If^igE z@mG%0csO5VOmZnYCRG5m`5~fJh$;p{romIy%Sntk*wlPm@JG3*G{KYtN?p|rL9U#5 zRs;RYV(Sv2d8M|1X05g+cDSh(YD3M<_Ke3~f&T?#tNf`l%`;Qz1IGzDEW9In_=^_K zk_OA~EP8;En{&jMC{73__g7!2L^Lp!8@d4zlm%(^lb@MuIyS*oTZ-;x_cLXQU~2B>HM~0pP5Mc6yAZ>`SSfSJJb6 zX5G`wO*mTR@+&RNM7@4IlKHYi)Y8cF-hzf4PRMDe>*ciMMKx2TX__Tbf$buv+*1Z@ zzoMK8*lsb`BFpe{>B2IENy@T_#ywC@-bj?Z%|8RD9i*%ozF;`6j>5fr7{G+X<07m+ z-&8o#E0FqqfpTA74f6gd_c1QeV{+N#$(JD%dPB%GaEA?u1T{Pi;rw(YL9Wq$!)|Sp z4$sn*Hm_owCGJ}Os2HPg5XP5dtygDgFZzGG0LIS3R8?X>B;6aXO@5|nvn^;NQObq`=wJ9+M%;ROVKuVd|=ylZ_hwx>pe)|30(%Y?I507fLr2$R9=4`u=Z* zBgFsvrpCw;%ttd6atuduJZ@#Vs+}v&&a^vp9Zpc!OR0_Ujed$ImLbl?y~X zJgen?yK(gDVI2AEv>YmogigtAN%92-s)igX91F5yC>d`Z>r~kel+uJk=G6msjRLk_ zb_*}28~l9x?;7?CdB)F}aPH1$|30t(oQ*vW7+8P^h?E2O&xmnFV0;c9m{LH{YdWrI z<`$8(4hrIFg-Q|?DO!zBRB>S?v+d_*%OcT0Qwfjr@&~V_XdurUuacq-9*U&yv+GCK z21srPnJg%FdAW6}B|BOgy148pcXqT=*o|H1wM;z3nVI>@;{^?>U*LW5{I+-}0u^$P zqX_t}ak^sHzDEIBgik7?UyqsLmlTDb&MRQMM5rs$8|hclOZa{p{;9nk1+@(7%cBWbw!%(GwdbeZyOq@PyQ2dRXyqehD( z;bD+gYN*;;C$o9ByZy>4bi#YxlGT&i3}ZU08Zq5Be%JK7R*tRBP=YJXK=maJh_;qW za35F~8nk~~W*PR#+^Cw#VfGonL{y;A zyz2uOIHx)P;j5TSp%NsbSn6!=^}uoC@v2S)B({5Tk)B*VXem&4W}z>ftB^>a)Ep8& zj!Kh|^Q<}Fz%#x-U%_Wr4ft?lyjG^};##uCul)YkJ8ju&RGQpItzQarT3m5F(oE0k zE>+AA#BNIX1349qE=gA?qI|{TR4@g{S~->>am)EOWZYp+15L}&o~}Xy`GJvo*q0dI z0G-J~!7OY{|C6B1xo_C>zPX(=>?a3&boYtKlM$Z3ai+`viof=qw8cEQbJq@)nQ0bc z#ywTHSm?e=9dK>?yM-$<#`+q?!R~JImQ=olB=(X$J+wt29{-Bzc6?Miw^~}0JlQ4z zl0a&UPc8BKk1Vvja$n z4U^e534i?FQg9iBE?=eJ(Rhv?!xT7ez?=vMQDR76NkwSJ!S@ zo($XTOLi&<01xV#MP1;zXlov**T&&6f2W1a&WH*7!WKeKfzDxfw*5t)*8=PJpGg`~ zdmrX4d$r_zSrB(5?xjF1uy$yJ(-{#3fr!M;*D-xm(2s8|eYI3U_KW+v%`3ong+II3 zFZ825CD_e*G+wJYuh0u(bV>*-c*?r3C&}tt1wM`S`h>3QA6X;^ONKm+(Yb!rcKP>! zF#sqG{7P5E4L5#Ddw4ipvVUkkJzt78+qaS$_-9fAAAE;d_Oj@hJnm%^3Ket7MLFhV ztHjI{y#>YbZsyw+ipzmW)R7%C3k)(wqldaPF0r}6jEPl&= z9DN50DZ8ETaZUy+1_#efKhW}*&{$lKmF(p`AD!p`f%%o1NKRFKEpe4|FQwYmW2oO840^kcYGD>_v9JL%PWJ`xv>{F|nd)WSqr}p1r+r2w z5@;HWoou*0GhiKuTD)o`yqDE?N~O!zBL0nVVg51t&F0|rUl%lkQmryfMht9Hew-At zS><`p?Jj*snc!Pt5i-=9qk1WvU4lIE=#RDW!(M$wu;QZ!DPx@XWp#>`^j-F>d@^kG zLst*Dy{#VPR9u<1U+v;0R(iXl9U@O6S`EH^?EbXGy<3*jsj5`Ai*$;m&UzZqOI1vm z`136aeT%OP)zG1#rIi-D=Nezs-}MTgbfrYyG+G%;-av%ahr$y*#YR_LX?xN_6=gxy zZHx8GKfH+J!@3=r;6c9Ek-@VRvjP-rz$F@gY?2dDGWS}6(n=3c4EYxsMK%id^E6Pdan>~ zYkB7PT8(@=oIFLg-;oBVnUne7OF(^h-q@=>HMzwbpC}Rf-qM6>owB}`zwSG=9fHuO ze%i@3vTOIHUEH1aPrR+N-0fo5u3QXs!S52v0 z(;^Gb^b^Khw}Ye3XdCdm2)57esTyOqT{cS%AHH(RLg|~*&$wa3zeF$&+#TvinQ;6y zKtvB|@fVHw3oAXpKYe~g{e}~Z*$_SRAX=C?jtl0sBUNYDU8Q6h7Zt1&vNk#@=wrGO zOB~?%b>236P(}tr4~oAcw3OxCWmt>099z_o(*S^(Y@08^*}sIYkV;~Lu)tj4?cKZhs;)G4#=_*O<2 zFImHsJ~<)%od3#%!$W{;IIMNTK1y2gMR}}?k66!G7KH7i7~SdCe^-5)OZ5$3Gkv_v zc#dyW2&dkz1pR%@`e?*{IJ4+GYZ5dq!D90Uw)W5^gV@8m{P~A0W9unHPGio zqu{17;WL`!Rp?ipx1vP^!Hs=GW=hH{wZ+haHginDFmRk6XUppNCaz_+#dM1 zU3lBu+rbWXu6+&jxFh*iYz0Pw&su%_51^N&)O2ShSx(6$WqIDoy=nudw%C7}CKc36g~ z7!Xk=|M|z&$NAik*feY9t=7n6Ew*x?4%SEnF8Pje4Ur2vP==VOVtQ)Kd8!3e{o)|t z3&(yzNS1C&V(1rz>nhBDg0C~G%T@Li|y{;(bv1LE+xtN*yzY#q6Cq{B8zXcN9 zfGBM!73@a(gNrB8{0AO+%2$5g7e z;K%*#?S|lsmse29=kV31dB=+rfaT3ff%vXGB7?jeJm->yJHF}b(c9iK8dP6QH) z(*R^4>Ad*->Q=qd=xxJCl3xvHl|xiIvLH#se|n4utN-`e#ORj<&dDB~x5aOJt-5=V z7Y=;g&`pApx8A}6p4MEGvVkg~?0*b@Kz!}qA;GZ4 zG#RVqp#4Rt#~+k}9Y4Q6EpzwBHMcX`yeqDqSpdg(aJpz9366dsM-;GFI88|87gkj;_lkuUL1m3fD#Ct?ERf@opn}L zekJSuHSaUe%-nO`awd!;qCo8$Cx}>~Vh?w2U}iXIzM(#-(FauPoM%f5=pZVmXj2Ph zL5m>sn<uzB?RwTsws4Uff8RSrh_MXAVNo z!Tbh{JFJK}aEb)6+~F;J-g~DJEr!GBTZ9TNY1frOXQ~Y#|8g@XdLnAY zL|sXFYXXe|IUbN)=k`cDe{olnlghZxD0P(iITTZaWLG12^83n`mBm8WY{E7QH2Ogk z&)ryiCP#r*ttk9`*v+d2o4MBl0huS$%|35_HIZsTmN@<2?7W`-$XDCW&u{D@YH439 z1$~_G3CVFW$6s%~eohKuu(`9apDk5Q`%!g&2YdJT|xE&IRibtGhtzZ zqE64i#`I%@|0@y305e5@Ns6xu;EVHt^YgpYQIRX`jvadQ?MhjwY#ZW99y#5FN(rjSdgpV!YxFPZy4UUnPwghJ!d!VdSUpP{nyqd--b! zcwf5gQ>wx5;s>g7<(}klXRx@xy)yz6G7;HMfnC^Z{daN17v)votMYv-+~kS^OgPue zFBNVs8Z%4P(3#K`F)TYxs|maoH`VCPY(R#4j%`Y#tb3ut^+X{fBaOw6v?|6yla8C& zubo5i7k^=Zh%DkI{PiCM2dr1*og(>&R@6gv8%+isxfD#NGw{S0KiZfK3C(BkMeus_ zQGZuM4I|U}wcE$|u_lm)SZk?04CGpF{sE6$zwj*$Rhj0xUCo@aaT<3MH*}yT#|NS9 z@8^{)ELgmdU-Z0U1&YlEgA|n?c>3iE%Pj-_$X1BP*?;bie6lr;qD(xJtJ6e<6@AF0 zQebr!)FS0}3e~YPu?*H{^0&fGa$h8cq3?diwEiumV>GuTU>R&Z9pE1Zk}@vqf}q1= zKV&^jWILGZnk}|cBAGav#2e0gzU61)wG-aTaAKpWjh!Cq2tyUT^~{bT??Z>xb7s{C zO^nY%f6an19FGaWE^*iG>(qK>aG+ezpH18Vp97<$UqNLcFPTeQY&aqc*)^$cx&xnG zFHhunS{^(b|Bw-vFZaklS*8T~Y(_P1G*%$e3tDNzPTxlAW6kt5a@;b*bfMJ!gBu|{1jefna<_w{zVw1 zs`rhI8VGuhZh04sDukQ2T@!N z)=7AhoZC5USN^W{>@$W~t_2KuO=G|p?KN{+*FB;n4usdw4993g^ovsi$EGnQr{iq{cDr$wC^~c z%rzRK@z?vG4(`Kj`bz(8j7U7jif*Vm;e4;86V{b)Urx2)!G*H$#C%A18`4vrp)r^5 zv0ilDS>T}LW=Hg1lkUZh$_@}0H^Sj{igmUU2wnkCSfwIh9GA(Ss?S>O4Q?w%v2W1}} zE=2L<;3x1C+v^RaoJ+J|Pz0@N7vS}K>(yGl*km~>%qBkZKustqUwh%Zf<^_~bT6of z+)#*`^qpJEA1oCz*PvTUMQTD%xgNn-_OZ%bF{q<)AwyqCM3b=NI|=UPlbT-foof{O zR7qW5i-DgFt3#JGVZR(#bY*~$EFS?2xzz1Q6SHlCyc&ZM0Um)S`3oHK>tnWWRCe#V zPqMy;mFsLjVG2~G6_oxGepATs0>*{XB%HWrWC)wP0ZLL0`VsXr^6D}?x5cTI{Hvgl zB-9kk)NIvjxmppB-bQaEgk2I~Shks|%0SHolNFJR z%#WV+eem0`ky*R+)JO#;RO+LWI)BANjX}4Rg2T!7YlgyI{H~8^6*7Khzf(MmKsUxk z^?cd8ma)o<-TitxzgqLAmCNiBBbvHBar5JsII9i3iF$B@d9=1Q-Dt(GnNsvtOjGgM0Uo9=KKg*;-_s#&e`0U$!eIJrrW{w4qMjVpX^QyQm}v*7W+r`C6z zkiY*S(wnpHeh5M=c=?lpYi|Uj+c@TfE6wG40_B&nU~~j%a4p?u0F3%Z>KldS zBK5wOMvw^aLi2AFJT(rCU=UbbGyN3&XE0g(y`6!1nRUicD;;d=5+C$gl5H8sQN|e< zWI3Cr?JEypl$E*SAf&-^nZp)_uIZ+?Qof5GQ%(qbKkcoiL&z=wOCz6zD+KUdP=uF96LmHotvDSIzvN3w5dX!@c;)lRyOPq5fdxssN(aP&I zkS?tC!b^>)yiIH5_-P7pCU#!YiBodFV<*P-5LJ#G%=PDQ{nwGn!2r?>qQ0{ z$!z`>Z!UF#ux>_onm>+k7NxiOC|;x{)kYZ9Wqr{V$m05Zs)Vy2@ccdC9Fg$8zp;0X z-|&B8=0ls02%t^^D)A;uE%OU)56A?|!yjB|z!#P0d+q9Ammq<%&AeNpvfIGlR3-rG z+QUZ=_#aUNokIoh4a8_-@~RL-&TG<*50f{^KF5Kj3|D@VrIY$n zB0*ilR=)hI+x67lz5csCEx2|%?CxYr<8PZ^b~iqLV|z9Q0@>Re`OrKXMyXMnfXj~D zt0s*crK5pUYtgdhbQ+$EiXu_O@RcPtfLU;p(HG(2N^>YWOuLCnqHA67r{`qeZRq}+dXwWwfmW6sH-@`s&MItx3(>D-i?IRv-km5_&BmyRoo z8;fE2BR)Nre#wW5jx9L*yQtI5WjEp zxFj%p7B*Q~a9C#@sU9}Z^m!6=wI+2jQ4kh)z!_buJ1`Yo6Hf~KVDR4@XHmG>7S{uB z_dWBM>*2R%Cj9SBUO5Cp01Q7qnZIKSX#_VK>BdF;bpME-Q-SK8Nn)33Bv)}F;@mMtxSEH8FsebRG zh)Z>V3zsvjqUI2|{4?%5jT-9ij(#)~uZ8?NzOz~L5DAXMCmkHD&7nTUt=UbX5=+#} z@Y^f#Y3co%8=Kh$BC0wdsZ=ng*99}a?}+u}yn!tkTq2s5sLfqHuX?I81ezm|>{v+i zul70-_DcaZ%m=2Bk;&i-x_fN+2jGvk6FaRx5T-(g!+1$cIk}PRmu0EVCDByjL_*5O zB3f~LKbB0ifIS>RnrL;ivFlp3Dld*Pq4)0EUiJ!S;@)y80n2PzxE#5kMD{Mr+K21S z(U|Sceo;69-vw@KfM}7^CgMC&9SbA7A=Qs6l7A+rPp8joK;p=2?RlNiypBdUlhRV( z;ios!n^k|8;>v|3xyBlP8j=V^J0X`;r=RK$MYCNSF;mhEAIRew&?H=jH-^%?`*b?I z{$#kzmwzo$T}fGCyGo?8SOoM}>cZl>>ytCHP`rVTTYx`Uigj!o6czA7_~J$yDh4ER zp;pBC=I{N)(RM`;9MOFZgpF}5ljKoOs{E>!pcc{fhezLv3Ub(yWe8`go+OuP$7^U9 z^0`kW=qs)bx=HoOGw<$I*@p2Cb#>bu&uEWj)249z462aOkJ)Uak9);OgW) zNDPbk^p0lhX!y%oK~9e!LUs035M-1HKe=840%e=IuXz!Jmz=frgWocXjO1Q$%>cF< zKnd8z=vrAG?$^5UzW2XP+B>pPkGhA_o@c$_ zf$bMo;0rlk1oyMR#X@H03Buk4$hZ3 zz7!##cR28>1udwC&>}+FH5%hB&|yLl*6a>x5n)bb8@$!L+tnSky_g*(a;hIgzg=)D zU=>iabJl4~SxEzf1K8xlh|+s#1#NyV62KLx7xH_%sC#d`<{cN7MOqp@YXN^^!$Mg2 zMvFFm0eL>$&V<4bc`3Wh$3zHjjQgd5NLWOaT3!bKo`1>UWH8o0g>gRCF zIHjC_ecBr<@8JLdA3d#hF;?cxd+O`4zYYA{1jw$qKFa> zkKq5+0$gRTo_Nc=H}L9sj+j!sBWBj~S1sD4==d~pliF^cg(1j_mPPr1qbRRHi4|k+ zmD^BSwYeSE!&O;U?mtP0-jTnlzhHZ=5)%7EntTT4k8*iGR~cG#9)0#59Jgc;0pigWV~O6&WT7SdKpg?X zBPYS4WSC8651$WzM_)s(PP`p&ov|9jq6?p7{Y>J}K~*_u-7V+cNJkj@IW7x(f6)IE zmes_Uhkx6W&>VsK>{f<;xJKb_>3g>&#=o z72e8HZu4*aVCR4=xy6pD6-qSUSeqpx5}#xWUM@dJZme* zM3PL!eZ<-$+TV;@% zd_Y#t&R@=^y_6(c8}7EoCku-MWN+jhcjW<3f&Q(;mg+2PUcJqZo6BDF&5lN^1VjFo z43=N9uBXj$;EO(N!)I|6#}n;^o2LAenTUWi2s|o!EXngmDcBooFLuhBpUv_=!A`NG zh|cbG_0fAo$dpQdyaQms>HB(AdcJrRZB8RP-kTqNSS;XO4vhoIESu}BvpmTP@v zH^|R@#g?61INH^jw{dIU4@v>s@Z&QySWMYXtkxSLo-oiMq91Z(ggr&wK(7%xSrx63 zDdCd6I08n2y9<`Go$ZlEdYFZSo`XMtbfQ2T>@2$=8wp12+Zz(iPXutNj!YRTwzn4& z(}zW?uhug@I8i2Yi#Vv6C^iFc8l^FF0I4Fc6#(Kl(ckE4`og_e*6oG6cenj%VIfYH z$Z$N_j|vgf`Xn-z&iW8leCSS zebrJ?c<&quIudXdPS+x&1oOM-E*p>~Jid90x2U{2so=E~dP^WG*rlB$kVluR>2R3~i^1Cz;Qj3Z6!q);{uHk_8s!0+b+~?` zhbThNFoe24TAIw&nf(Vv*kDeNF^m`q1Ma&?9}nJJN(oPKdgtXpSGZXxp=)F{Tkj1K z)0kJ~|5gNSUJG|e12VbWR@9)Pc+I_fE4E`znE3fu9T7SQ8&3o zKWLrkN@5`TFy|^kv(r-*jtL6Ry=H*(jev4{5j_0*Yrnw-RAXe=H$~>Lof9N@q-We% z@W}<|95M&`>kNxt&#i7Gv6~{@1gHge@ z`7_8wO6H&MfnpLa-0VLi+Es+Ttc=T&xj|P;*!%ZXP=7T&>xGT_-R%v(X5nrGw>eQN zCbJf{V2Zfy2?VPeqdbe6WYcU1!9#HobaFdRrKIc_mL@>*<30D^a@T$ z!fXTYeM2l8X~`U(S}K~PYhWB~)g9Z#LP1=eo0(WR5L zZ+3Lx@}Y6Knkp__j+hNh2(i+`fLEZzVZo8^yxk#L{ivizRe11tqgHEd30=Hs19FH_ zVs@=QctRkeoZ2O^sPlaqCQvISH+bUhKnR47r&wvGB$k+rw?PaniQ0u+%C<+{;j6WS z7J0}>CuSk~>N}nV-3Ra$*6fKq;_+{O0vLz#T85eZtoHf~miPmrG0YZ!UJ@qL>viQD z6*l10qo(+uA>OQ%NbPv0smn!m{eK#-1aP=_Yo@-}q-gPmfudcPRB4t=J&*pwLD9sWWatyiJ6o0J8U;U5rs=U|l;)=e26~=M4{2izmnWY0-v2)ql($(={(|k_i7=2hmUzzJ;>0J4OC2-qLjb zK__^-B!->!lNlNoFqn=3({;w;mqT67tUXYyWu8A03<16MYUn*URKAA`#p_V*Y3F3( zzn}iJolWXJvQDDA6-*RAAlvjVS&=MT!H?vW+u1L;NDN7fw8Ao&`%1i#FAdE^4fi9k z!0)F?f)fs0lKqV@Qn;uM;K(R90wj;|5&F-5tfug@%lV{4^4d^9IAU%ea}?LVC>ME{ zZ!MQ(RYwmIL*Wl1c7-Naq)(y2R6)!rm2{C9Q$+>btW4phlQ66t^z%0+Z=KZ6KR?v% zG5?6T77YP?t!2ui8D=go7e{K=YeJ)DRCw(L(M(pbJu57z$qm9|F-)%fV@)~6Jc95@ z`zs$@hX)rTAQOt>15wx~A;VO$d(0qFi03Fqnnaj4^|B~Am_RV=eBOnC=8-50fx~35 zN;WyRPnSTlLl_+}jY1%8l2Q?GuwQc=>bX{o ztg3g*{IDkyIBp;VM*#k`~ZPTdk2>{cL+9~pbxPo%MtLBbUkRnQ)U zYLiv9>ZzM6uK07A>Evre&Z{9PyL2mnPIB*cvK~6D>5D;4^|wq18N=xpJ>LZ!Yl#e+ zvaFtTnl_40B;idvV(9Sa`=!;M+h(}5tiM7Ch>*`bIK%#{y~PpcR} z*8kzTECL*cYF2;U_!2opJRYYnLrA#3%*ZK%=<~x z&A(t5`@q2cUmuke6?-;I9L(1V)}Ph@rLCXj5rz8ZHtSz2Z(hc|M1!w-GeC4GjYd_? z54u*Gdp*VqZX*K_U0q63V0;#`zQD^J^_HOtDx3g5Ysdx->$I#g9Is@MPrZSWeg@Z$ z{E_RC-I5IBi^90l6*ruB_Ql>6;^MMZelNJJzQZh6?HdBAWpM}w2`lYohny~Dcbl>V zf(U?WLjE?#t;`I;QN#OTYf&wyr}zyNm&1P-rV)0^^7v5HAWH+L122~DeZjg7K>{f1 z*sC^r&;zR48b4(QsGC?|T12iVC6%7TuBgB)L5KJs+kOYG63WK0Osi$pPBjKh^UkPg zCDhSA`;kmvItrv}kVj_#aY{}m)7_Q#IY_$uoLweJPmtEvdl z9;J@^&PaR&=pXyuzdwt0C7&UO7gh*%^|&+y(^LJKOJ4JUd>)%y(~mK8Jb2_Qn2^vP z82YvHHi`=YIVDluq9EKrB-F`tkhQ>-JMkiDWt+3uqB27WI)RZawGeVa${)AP78HmC zKT&VI)UhlI^CeSp;(?ynpiR$;v`9XqKDiz2oX%k0P;Av2bz6{!m$c*)J~?_nD>S0RYe4^( zb4OhWJlXM-368~tA1os0Ivf0KZ8K`lU|;WO2!I!*E=%82u6EyfA9eW`MDN^^Z2pB2(W27Pc{B}_K~%6l5d%onh0$D!0;L3d5w(SUc}f$T)GlrJVD6W4 zWm;J;9doqaaO2%iNJ0dAcRa3zz|4yJbSogoLPz|X@$A3cD&&%HdvZMqcoCpL1xJ19 z@+xHGG6vd`e=!x{KXy5|99;Nuqbx;OPwCP?9gfKPBk@L6S)RdcRC3a%mANr>!}rWd zwx4Ymd)ZZ>`t*ANN=V)x_0&#E_w6K|13Vy@wAxe#<$bRVX<~iqPVI3?`EDAx5E(m< zig`EJ0Z}8*Xndq;*`lpXUlIO*Xx}(Tc@KpgQja}p`rA;!kY%PjH6|#j65a8DA$@%2gvY|w|- z$L;i~e3j&(ldZDIx2N}H8L1a7@#U|z@M!HrR-^C_s@ z>OIv*;bM;JjsMxFb zo5-%)zWlTv!&Ow^@Y2^S$g~!t@dRLnMBTTu7HHPp?j(58hw~?{M-spyyaHSzpY#Zg zPL1edWq4PjC&uXrpkcuz0p|9+v4tfoKc+Z-F!SAc+I4<+J0w&Wc~Oa@*4uL#pt&if zJ7r}((_m))>d8aIRNNpF_1&v#Jo+6`o7HKtv=$+J3#u2)^|VL!@!d7;RZ4pIr8O^@ zus3y9z(t}~u182h%MFTjYp!F1neS?2pX>QcHIf(4%@l#8nyhuHoPdx4l~UQpwKi$L<+fE^jU)b)*(wSo`AmlkPwoq%jvf4JE&U^u!;}GR-~lO@ zvv@*!cZS}wx>wi^W0I&|$~52d&SPH=Wfvty*m-WXOMNbMme{Bu!L&~NkjR4)yFs`h z(@?Fb`pgMj43wEI^P|(1wX4gI98S6&y<5}?ZkQXB#>gv4CZmPwx^dCJ(gP9$(STL_ z+N}Vo&7xqSTI0XfE7T*=1_=(mwA2LkU!{A)bolOX+b(;w`MWf+PY^6sMF1_YSdaLo z$pxlp!MB1gW~@dvzYB4uK-9R+rrh$QuESRs$w3k_&ye-7hlfX6!R?wS?`+P+|4UCf!zK!>A1I#%|juOKa30$3%Yb|QSS7t(M02jl=m2dxilf&wvK zMveLt%5|AmvaC~nDm=%C>-exCK!3Y}gaKtmQ`W#zJWq|vNPXwGE9|g8jDvnYi6FP4KZedfD@KB> zZ}KTbKbH<#no6a{ZtB5NhrSIlH1o!}*uh=8^#rGT5J=H^{Z|90m& z|4}(f1;crt*Zn-MB%W@EhB!lCT>z!;AIdOMZwR$0Hy;Vaj4dO`4L{T;d@?udzT1{+ zUz}}v9jo0^#o^NJU;CV!G?>QBHq*xU7-m|G1!ruh6zy;?E>hZrn zGv&~x7jJvn8{_5NpZN#o*JmCsify&>P=j0|yk(Gp(mYU931HG#Gw#18he9CcKvz6C z$*oPZaZM9Q4z5-Ff$A{K=ZW$g&Vsn=&1oAKpuj7dDoW3HaS8MxQBW}9uVhb33HPbBvS?<+C3~R_Mo_Pox~=}ma{Zwh#>D!SSd23gcir)YMeGlvDw{kd zobZmdvW?O)GhThD7v9ZF>fSsQ>{HT}tm;tgS)e!0{ZLF`ECsdVeQl%hbt)IDd+Q%9 zr|!vdEDC%JlSx~U_TeXzm%u!9&m!}yeT;k$6%Mqf9u0WM*o@nMkx6ODd?9ihkV*LQWhO{Sl&1@iC#1ChQJUUSZGz`zGiF|5?*h~d# zhL4lwHI}%g!az*YG8FmZ?ak1Wvw(a-Y1XLwL(32%+8AD&D5YT&n z1jqMlnBOcXG>6slO;-j8DcWzUo-Evz3Dt&7(VZtkuR)0>2_ts0L%wJK>qQq1Z38{H zmbN(G+pAUOpXQrgym%@*Ym8rW4V)O&;LqN-RMK{fdfB2nvrf)7TH{ypcnzV31W)sv z5osZS7QxRy3M{SvJT-+J>o!D+Ri^tjX{7u21}e@U5;o%+#YYUfkWRYbAJBe|r+~72 zxu+bX+rfapYKq|$p-BM}@IvSQbOp`w82NnIZdS=MHh$rLddZkL8TjrEd){|kT~QaC z-ZeVsxA;hT2@SdklIZOAJ|&X9e;DEiT}^CrX@~g$4V0r!)Bc3@Z8gG=W4f~jOJCR* z_iFD~BW;s$ANFrQg8!s$X91~Ua0g7a9^A)ODC)~)i(pbxJSiINw#7El{hi5JAuvy& zM^X+DOv6*lJrnuf8v{PS)N9esCD-u7w-a}l+NeEdKVj{o1QfO87X`H1je$`BKka!h zC6C1}Hz;EK6;wFJY`KmZXBNc7IbLwyyh+pb# z0gwKXN^m|F{Bq%y0-1yA1#!`471BG{*8r)GDjmNvhfu0t|Bi{>TgTtxep&DJMl7hE zYQB-#XhM|JUv1c08hR@jbv+VZVu{+SLQ?T##kvajkdUsZuwhe8$nYv+2bwau+US!i z1n#*|rYnFyI69jE_rn;+4ifywrAS7E4wBw<@^?J=q?j;d32mNMJtvrG@})}R&F6M7 z`MqNh8XNhd-J$PCr$12aEr;(u#5)L2t_V;i8x98{z4_ zk{F1^$B~>gekRZzUp7y653pNlrwk<}bPT^hXNH<`X1kGmF1-l-tY4AOQMv5qjI=^x zX`z&`HQ35rie_F=BbDc->Ja~^6WxJlmtFSB4Pj!8je^JI-QW5maI1_EIy^T=)$#dl zoyjp?+Fd!x0sJ4UKz?V9+8ynn&Zb}Xhc0HYhrBrk;4}U2D%`k})fA7G={ytD3q++4 zeA=Pt>AVA9JaDTYUH-GYyqz#zV~3(TUf_T~$1(DN(2E^17;%W9!GQ}xbr~gtNk;m5lt6$^tkxdKGrP}F zb_>`~zvyw*@m0)Niy7 zZ1x=kMIyf83g#~*t8c6&SgalLe1buYGdxg^m_3bfkUBFIHLXF_xvQ`MZ6x+9IgE|$ zYlQ)c9y1z8tT2S{(8K4Mgjyszy}~CsUcCPJ!%#)WWjof)qQm>ZLx=Cb-K25c@uJ=f zb|yC~9t(Ip6AA#d`Vk z93hScKqt1tKq@bDD=QCMdt-oso+NK0{y`{Bci_Wa9q4W`Z)ixW<=0li`NX5omu-d+ z77J5T=~{auiXPz0>ERa!*#8_>Cj@ZsjLxODC#W8wlRC-E55ad@nX%2eLf7HN z)LD)PHtd@y`F&PB_g%#Hq*W@1)sznsOz|GTbFLKoXEeLjCrK;< zDPn`wN91MxAXkkCmy>hlmvY#3#+DS)b^8#8(En-y>Y2~q@&l=bi91X7ug-Pi9e*_Z z>L)={lr5z$ik_S09im9~uC$N_7Ps$8x<`Rn(jByza|CAAaa=iKS&Fx2_@gLc@T2PK z=^psaP6x&2(93gchaaHZO=+(C1AqdIV&qcubE6d{P49&O#7cRUroyl@=6M=++svR% z*MBJ6^AC|3B|O0wf4MsrHAf?_c0MZf__rPvY_6Xe6>5j}b@1n3l#HzKyAVJf#eQs7 z#%;<%q#vGJN}o2OKvMiFTSSpbYRM9F2cY;VCvm-o+^XzjWfW)_V@NeK^d`EB!Y2e| zsc5K}k%}UxUj&pM*V|F%J@pO`@5edCgV{var_XCIh$9n1maNAG=>@gpJ249xBb@9l zIo-Km4;Zn!Jw>}>qU23wQaQ~{vG`K~V(WK$iM?!odY0twWw>CRa;1dGq)00H+jmlGMJ=E(*~ z|4^+lhpg&{wzGwy)d%z0aU@XO_!dGqdulBDQVbXLi~yFh&4(l8Pn|UVJdKV@C6VuK zi8W|i@*V1ge-m@>S zGRjEMvnm8Mdj<0ij;s_Oh$cZEReth-A3HbUptLZjBF*tJp5E@NWsjTw=z5SQZu10{ zQ=hxk{41y;ALj(}EVJpg#k#+ixB9#p?L?m#-QY~k=>S3*JJv~V>2?wMZ2*-FL+(Uf zwEPQV$CsL_M9+2M6CIUI8W)rX#YZ9_zBI7@ZCx6%_2kq}vnEXGXp^;fq2?QiqT!8t zbxj8GuI3K+bbGdISK+2_?2a@hL@fT%U?O=D<%7lQWxs zQl@w2Bbm>p<2Q^9W6S#15D{_2%|=}8-erfOT7STruh*i|#DT=yz)Fv7%Mx0T8*gJ@ zWYbRdINkqcrRDle0U%I1Qzbr9!gOvSh}tl4)Q2P=Q%YTmGcrE|Mx*= z%9lxCVZ9X(9!;MfMuiMZ5W|chtFhutHyhVMl5S~}f#Qbo(?I5Cza<)rk~)F;*(tyA zLTp>s)xg@dm){0wD_a!-SdEW#=8

^Fvf zC8r{QBu{$eH%qm%nS*(Q<4o1;UBbQ$|_$ zQ}I=f9^U?FpBpQ5!yK5)hk3tK$PeSHeFS*sKQs%M7^^0x4SRo%R{iwT8_{i5mSPAj zIHU=@gwEkEV;?$YaZ(V$;9$9)7g8uHq4K5lyh6|JC*Xjv+TxZRDm+%BQKbloFT}gu z62_^VE&d~GahMOKinum!9GBwu8(G3nBvr28)mORN&r=9e8QpeU-6))mB?Jps4%eVV zBMju+ZaS2)(#TWJCfB12>c8=ldm}r3;Jv|i-62A|bG-6LkCjIZ4VL%m0t+$7xSIbR zJs&%0gL*cR1dE^9R+pgFBD2>nyrchxUfwq@hzyhOm(fEV&CMeCm12*x9hPlY1UUCz zP5CHK2@PvKm3;kht{DPCE+;A4JokifprDq^BKEyzG669We@M94W;4J1<%(FtJWVBw zWsXs5rgiwW03gw{sJl;4SE#b&(HiX+vIJi!4}T-dj=hL$)Bz)KPYGOZcFl8J`#8)W zuC{9%>Hnx(P*Fpohzro*A6>szNxO2O!O+76V%qKR$?zePzouR>0Y^ex#CZP@99jRJ zm=g#3)nY1qbb1Ztj*Fo*DshCDt$kLA)em!iBxX%Hz+)rk3yHqt+^mByt_JL&Ot6P>Ie@+e z!qmy=s0F(8cz+S}HV9-(|2$0qXDl#lq(j_~5|!skxKlo?egpGs7BT!&-Rp0CXH}}1 zg^}y3-iwvbGE6p5UChB2W<}m)Os^*{N)G#J@HTP`oV&Sif8i+pc40O`6-BJt&?zWF zfinr+2uGH2uvrKXHk6^IS-43~JK-#^CtK|@0voJa29#zcBh-l5cqlmfJKKzpS(IIv zpnlcO-y`DWH1obgou>gRt}K-mR?Knd4Bh;-rbEM zr`f~8zy_~qoAZ%k#8SPSkhTh~oYhkO^;X(OjCyv47IMh$SG_^sNo*fFrVV8c21bIW zRZDQ~fd*?KnE?4sShS*39S;2Tiv4@OiqPP3han$Rm?~l@({##p4Fo3|N6guS3A1nd zB;DMcB@HEozY3sdI0>QNl1tL=c|0Bqi6O&9m1u~uVd&TWmk8AT4C}NeLUwX{-_OXT zAjhSKrp@#fK29rXSjn81EYM_wU_extJB`MgN{Wm+ zWHHw)C6F|Dp@;Z#O%=SvFKMDl;#?>aa_s;q5 za*1sd?cbK-rl_`lEi%;qBq=E9dYk{nohIvk(xV{63Iq1d8xdQpw+cm@Vw<3svo<G?*p;Cl3lC#1aP_UoCrBXdN%eo<(|V3NU8%PBv}3|kuzxkWmE>+=M`z(#}~K5 zRWQ@Yd%b1dCX|?QA-v$3T(4}p2>Bjo&rrA5P{$H2`bazl0esHee%ly&j%idl$=iXI zOo5NTY9!oAlkhPLxR&2VI?T!ymeKzu6VJE%8;f%sdEhGw9jKbXLAc9}xEtn^!dBw; zbNAU7_((O~IWj=YtBN6@kEnf@1`4Cel_8+yabvb2wu5-Crw@2 zWP=zbb?n$h3i8M_Dvdb4IpcnnENvCYW(}A3MT!gNHk)F(f%ukV% ze*&JYtsM7+9Qt(UKm?rXeno+n3?WZCH<;hu4T?7X3pPU$Q0LYFr~F4eT4C^?rios` zxnC4GaC(3r^j~Uf83h`=n;m@NLU9G6g7`ESZgy^W)v^5h_opQY^b!W_DkgSaDFXI0 zRS@j?qAN|Itvx;s^0^6%Rbq$cnoObS4tIt9b_v5->DxV{W0#pLEWr5LEbx5?xjRRS zBvq#n$g0KifCjlQVU@yQX3J5VH)5V4ret>{ptRKaYB?~=v9=@!m=9U=y~O539{aVD zW@fP6!n$ED|M#0=h&^Kouzs1YXojs0e*`>{i3^}cYFO#(u3rU>Xe6Bl@;Ys;*4 zI%+Y#ctsNvpoIzV{5^OTNshgSAk0ktq7&4o%N4Eb56Ks1b7PDG73Mp>;pHxuep;G{ZS|uNhjB&c)$4!0NZN&i z%(jsa=QRemXoyVc`+S_oS@(2frzS4p)m*qmCT8r{R*-e{DmNM4!=11|Jr#)wu8kj7 z4cM^~(%ZZK{92GO-kwp$f}$DF7-2BQ%rqznp?Uf-`2FpxFLe<7Q28Urip6wm8%)hzi%}K!nYiA42~@lEqfL% z#)o&0OkVU^A%6V20=~fXQ0$3V)4ojGya=Kb249@opgJdDCJ-S^@5f`Sn^?BB4)9Q| z=gYp!O#b6S`)#Q=^issV#Y0RO0y3(G)@wsIog^vHS$eHg5qB3Z~Q}nuHi?3rV&h#|HIT-2DSBlZ5wyjQlL=Wr8pFa z;>F#yElzO@F2&s?xE3hx6o+EL-7Uo>6bJ;~{Qfh~%=;-{&t$K&XPv#*eO-1#4j$Th zR3)P6t{&8q?<<1dK-1qhrQ<>Gq&UbtJX+-`$}wQSspu5Mh)u%okwte>x`TiTlHe>#YR1CZvgEWre|1$Y?`!_va%nxirj0mkIyE(vzUztv+`u#uvohQQvQwXxf8A^Z%SPuFJiE58P92q*Cg;~<=rVkyicTKq7uW! z9o^Sou~!ZGuXfkP*&(-?divyaM3B@wmn6^6X`ii@O|KDD=h6aLf3*+W`pm(wY(iGv zSRp}u8@Ex+NTha`=@*nvT*pXgk=sb4_T9fO=VN@b^aC%m!wp&=X&|Sc*K>&6flMcZ zf`*aCC!O7#z4>K3O-jN)fAf3K^1LmcEi^TPA)%DKjo(}&Y~$Voxg_cVQa_=)Z?J&F z$A$Rv>FwS%$7W2_30nY<)9M%lFEbuCc6igJe2%jCOPQqKuI9`@1 zqDeeKeKL*N{Jp!38wN;*{YKh<2s+E(b}&As7~Q6H^O}t%@}NiRSpfr&P^_|&IUN3R zsGlS-roZ=RiS&ylnObtSL9a>E8yb%k=cZOmUrL}tE5<}3))I5dAd@+cllkh!YkMxb z7WBKV>yLTEy>C$AeIC6EpIz*&1bNH6b-w!+%`v#U@HVi(g~}E?C0ZC|CphRr?~nB7 z4+Ky*!yP=Czk=d6W^2+MGP%c|>a#8UF~{AYMCet9(vcJD=Qv9(O$LqOAI;ST@Wo9! z5bI#VJI>-_;s_5#fu@%ytC5XI;M%yGkro_uH|KrP4n1=X(>0jz`OEE4rQD5nQ#`oj zXu}NfL4cHeS+OtnsKM(w#D-x^Qb`g(Jza$a1MPfb>@M~)Tu@{rKbSqzYA=0x_^7i*&(s5@~Fm>=iG=5{&MY6#B?#iaa>^`^VgQO778{e&C zATp!RV!t=K)dW^Yhbr@Urp%H+Iye?HGVT4u8%M3mn_qFSq-wq!-=lwxeO;9PXQ7{p zyNjf1JBN9gsNi1PT|o{t%s`T#2$S%=VoIQgG}Y>J!A{Qpb*wI{8j=$;sb=w54xqw% zyMi7z3BdPlnQBov!qvwTaIe8KJ;WdOiN(YEcB2Ju3=5YD5`;&iqxjEFA#ao;zxDeX z8?$CmB@V?&^~ojZMeir!BH&s&SZHeCD)(;9oQ87t;+cQjeI2saW9V2a@TfoH2kVoA z@Ea&iNtV_z)KZ!tA%GU?Zy`l8eGEcpoC66r--^CzB7b+Op+z$i@vOY zifBNbV2QSah>rS5X(v14e!Q=*uFIHU@^?B)gb{!et=ExRobewS4v?!i`#zSeB;lIQ zw^{(F4JnBO%L@`m((AtmQT%IUI50Ak)K7Ts;*6=f^tk1F^F=ff*}wSh@g~$P`aj5$ z_|@iRNkWVpDTu8R%aM&G_&&;G%IKHT{9@h2_;V>v1&JMXn^Eo*AWJ)yK$4OVCai8O z`+GR3rjB-Qdb>2E;D%GIO__^kWqC_(v8k9aoO>yIy!P zl0H)C|p?=p)4q7k^oM0+l#jq?nm7xULfn z^e9LlzFo(W5?YGaOB#Bnb9W*`YY*Tjf|@Wsx3Wy@DoJL5>d|xsVGQNF!?ju<`0?yO zPUt;4pPr3D)4vvsm?L|$F|m=hRi?Yq)u>z#vW-zwX_JM~QQ&VYeVT3tE2#A!9%@EQ z)3lq@9l?W-PH(ag*la2(4FnUlXTXEz=Ag@`pl+Wd$X2>oUp8zT{22$rXE_j#N&K34 zeXup2YEJzQx(Oqe>Z^|{pB_pUzrV}f@_$JMQR-jMkbmy(Bk#0*_X17Gxl+87k^HUv zx1ITv{3ESrp}At2LzA3oFebZary!$a{E8L|*MoAeQuenU8d{?4H~}<1Ipngs9BGAR z&CL7ecllO*D%gj~Onyb%GM~9}>PO46Y%ypWaAT+52G^g)5PTLFW^|x}?jE{DY9UC1 zGp}X(;>^b1m4;aWKQ<4C;GA}L1_Lk!Lg-fAs7&xGW z7(3JDCZ5ZMW=hmJfdUL_guwdPY&20~Or~XFLpZ)YApC;}c?aIuJivSfNEIqo6!(jp#(ueN;JOhBko;2%Y zhI?*^A(tRx_wG5XPlr`MnGAo*Xmv_v*6ti%>#VTo-G>+J$x$TWcD4B- zKQ%N2Hx|3p7f55lII}P=R&2F}AmcR<1C*Z_HZXzga@1Mti!nVs(tB?h_;892&3_mtHCjA`4Bs;K zEW>MvDS`iDyT@T=hL2eN#qDydB8qF6yf+Yj@;Yj_qeivrZr*p%vn+ub=o30Q-S$t0 z94dKr`b9_*YD5+acv_FjUFS|VmwY%JjM`2y4{C;84KP064mZ7ibUSXyxJc93OE-!Mkc@ zY`tAZ%<1r3$9lMwn6b%11#fNVbghWD+_wsmmCYtee47-C`2DK}vu0M9ZdGhHa-fPT zd8Y0@iiG#7O)#5qwHgV$m}&ZVj~K6r72EJ2jRdTaAP_D` zDy{KJGoZZ$oCOU52%OyUEJw`C1&-ktnp+!b3M_m4W-i3o;H=zZYiA6dB}u+49k{Ok z>0BJ9w2q~$s8;H;S@+=j@$EK(K90r`-VVD!ONmV1_q0Ei#inPH7!dlNaPC8_ujc`4 zRRbm|jGc3m5ET|CX~l7pbWkEe{WrF)RFF#?^mF?$%})J?4lEOD2}cK(-jDH)GefNP zI;QSnvXV!Y{$IhFYF_L87$oiM{XdbKv2E2y)6jplG_RY6ZS57S=82tG(;C+BY)QuC zo|6RVYUayOtv-vRgaI^G-;<#w=qsIgJJcaF1^;3-fJ*(4k^Jc`)hd+nPh|o(9KZlG zq$mxHvXvb?ckoktW$2k$Gjo8NLgl|+wn?_uYOjBhDQXI&xj#|JT=w36$_u&* z%gtO~=H5nGxW{|(yuT@-F<4UPHhDSgL9gIA-T0DQkw61cxn8Kdjw=YqZaHGppx^5G z6xltf+TTM->j;1Q(&4MdArpE>o|K|{9|c&Fi7{FeogK;REI*F2Alzq`Ygk|F2jSPp zEtivkN0&MEv&&Xk%G%>8|LcL7g**6gO zM!&!gGawC)@-#k_)$ENGS7&2HrqiPJNaLq#A4i-=>ArA$NUHAL7|VWOIvpEiP#>f< zgbtk|SDI4GB+>@N6gr@Z6r6TTaKECJA1TZ6H;dKN!wz?h^}NC4JJ;{IM;s9!C_Oxw zFK?0&&2!7ebX!@}WR09_%w5%(4g$wUPvum1D?jSCKUAl|TFOt1J5h-njFYi(goqfL zy|?*UAoFV)58g z?zc;qmw9;k1p=U%|Lt8LBwilppUTM#n%ZITITCeMg)HIk;AIEDOLmuw2moxCnS7=@ zB&c`u($YN8`~Ik9wceY?q*%VVa>%VKl4c1>(5=Gks%_LFM(cyXx*JWi5 zED&Q)MYRSz31Z{(?^cJ{CZ8ACwLA$fc=?yN7jg_H>2hzpDJ@$6Zx#TtYHvT`U1%^N zE4_p&$p`Nry1&SwAqLSlrmsSv`pGk0ykLMFV;aU5$tfu`{maOx0~h?F_fFy0PN=_1 zHIGL#gEnJeyVYmC$r}F++#6}M{)e+G57V5#+sHOv%ioKB!TdUot@&vpX$5YC4;ai-3ACk$^Z5*5~lHx4H%s&EWPBudG z4JusV>Vw-y4Cvgh1=ySVdifK!vBd4~q3bY!{$=>*LjUu_tEyGXB2a4x;J+^2trT== zu6{{5yzEYP-zVmKa}WeavK0P@WKln)yG8mT*g|5MfjL!{EJMz!NE>&KVi`)m{y;+L zf!A}8B8*WPosUsngO{Hu*Uta#yD(P&2BpXBd()jgmQET?*$X=P7(bUBJ^dn`J=FS} z)@S_u%gM8gGe2@1@5=b5TROwbvx~`(w`V(#50BTYDf?TeX{J$t^v?UvOW0@6+seoJ zqI1Eg>!#5!otsaE>fg2dmeAFm{XZ&XR3vtBb4iNryIp1*_FnYf9o)RszYFMny_uX? zJ9)Yx*TgUcw?+aOQHJerTImIIo8>=ARac@yCdx%*wSJfgx$d&ekfu;JoJ%Xz%TqCt zX8O)6bMd?kbRT8GRXhGORoRi7a>^#H_*{IFtcw1Io$7Hlc6?#QHJiR!J)Sc)*(7XX zfVlWl{uhN#0uxRXIB-bS%b=h;LrA2NwqS@a{VNE+_-xtA7BMx!NUD#6FV-({Nuk~AQcoKcVln5ULB12`dJ8O{YCE$O(r7y#|9|imvC)hu{P1PxAKF%W|O?9 z@o(&^m{pzhGoZO-Hg#svcJQOLpsX(8_CKJxV#_~j{5cACqbqYh2(ejl3eJ~!Z$sI> zfI4xCH7e*V;9qpLR$R0Pr5*^s+o2TqvQu*hYMLu8d8si@26g%gCD7hD3$IDHHVu*4 z0o&adq8qVS+LPO5JMr7Ru_cT9gu56}mOQE8#}Dug3E4&o>>~2*TJn&UZu{EIu9Vj7 z4IH?hgNhE0>C_?qltr9?IHITR0RiDe&U z_wKk!9Q^oWH_8epr;0r}PqAKjT|W(qVV>?uNmd9Cvwp5>UkD7cTKom^pa0Xg{SeU0 zok=AvY`a`!UX}rHzVA`*+b=S$<9F#=Ef=49*Y*U;A9r_@e7xz`e)hf}5xMN36#6yZ z#Rm&}f;M%vajS24iMsa{Vf8(Sn2_e^fWO2E2+0|IU*;ONP|~sbXQRCY!bf98;KQkU zKaT?3jwV~5s!hVw#@xkI1f|Da=MnNA-QSg2QRQ#4yE z+?eaOp*0v_&+~~b#i!gf0}qU_MlZ#MedYr6N=CZ-W# z=dHkP+WSQY*#cy)OmisV&>0`)3KmqFF(ubtCp5-cBNCvxJj(s|y~N)?L)WHl)Q|~z z3#KoVFc6%`vuY@QQYcaP0}(Db!XB}a2XWiu!&t&%Cl(M zqudy-I`*W!zk$Dip{=o3kCvFw>sE{B%mBg<2lEzKQXa=a&Y_i~&Q!LNqH$T9KFM|6 z!mWo%p5UlLjFe=Kb452FnZ;uga!Fn}j?!D*OSaiQ?prI=cSUb!kGzyyWc&Ec7pQuD z#@y%pp@TU&<{}`M_2FAQ)8p>N3RPY4I-@Tp^;7M5I_vEx@9OFRruu>VbG-`fcs|wc zCjNk-cEBy@_!j0~bux08woC!-aOnv;S!D1)N4+9;ZmB+BRMGZk57E<4v4zEL%Wo*k3q+3R<5bA9MXxdFmClYa4WHS0u}xsGR%j;nK%nD8g(l{% z6AhFRUe~IFLQ}_VT96Y^;`;tSL#e*jH=5;tScr~IZF%^J=y?Z+tIUW@Se_a$7Be}x zYq`w7g6fgbwbr~D|Iq`t*^^c>vUs*nlLAi@KO5RKL>HWSVcl-%qEdcAe4R9QhRWFj9EiMio}9ksp&Mez@lL&o zb*6Segl!px47L$KOuB;r3y%`Icc9C2dFSaz1DNkEq zH!=u6AAyh3<&;tRvyMDCq1{y@-Sjv(6U*kH-2?tnU|p-6;%-1z??c4GR(CeOZ|#KD z<>Cc#z=MI`@7TjJefS?AG3w`-BLo)YjI(AMTcv(~($*w82NEx`s=$G`31%ek83dW8 zZQX`}Sp;*frswu0R&ZRQq0I5^;YysQCs}ZN_T6*w7>Ux_j=e0}1@0B}y)o0OhRenWJrCNO_ zWyyw8i8dBUKmG~eX06T0p5-9FkX}X_m>|H2!Uj)}O1&M; zOqDf`2)+wcDoYGRU*&a>ir&sHEXhhtBPBK-N0<3?MYq~#Kln$sFAWU|FKQWI%6zzK zHb7UAU1PrpsHwIBANTsIO>8|a!|)*PJ6XuEJU94Osb92xa-wBw+Jp?-Vu2t1&II%Z ziGgNVyYON5?BRe4?(Sur6Yq;LyjKuh$ov&LD>98!s9rD}q+fA);oBL27)7(;GtJ$_ zvABX~hs zZj?<_K~i1wQ&9aRvxbLCmp4^4w{%XELE7_VsZvi34uZj5&1p$)KEm>&PSZdCLzf%t z3B7z1q>`0jklvid{2B@Rg&R~e(W35GMNUGLpL+3|EjjaPp=gFG69)%JNH7;)GtmzYJ9BHr z7=k%)j$3CpVxnuUmI*0Qid_^~Ou*648Tt1ziN_a3aSd`G=-XkWZ#KgQt6$c0RpWkc zuy9(T_9vM_1_QPp1Q`#9?eQcLs&2O$re&UOCx4dujVoHC#-fJuL!ItJN$zQh94H6rQ3V;>gw`A{Ga~Npxi#~)x3^-2cbhn_P_6B@zn{TLt$U; zhElrL;oW8va9gq$^4R;h6ax6X>Iv4*_IH`@xmWLbGKUB2D&h~~_UYx9j24w##Z{QG zleWQ`H{KC+Yy z=k5{I%)^D-NHI{nKf2N?;ktl`5C+%Fpae-)bVyG>20l>=C^refynT3#7U#a!LxV{KV`Bv98;7Q`++mna zcYV!T^`+*TA;vmgqwet~4y+{D*>?F&MjV&`K$Di4HMA{^xX)Q>?jM-X`dY?qL@1g$&gwHjj{K@`XzzhzocExFEVTLh@ zXiRLl-Yo#ookT4V7 zvkq>KiNN05KG&!8(R9%P*-Y-w=c6U|$~$zl_m6Coo87)JAAO3RdOw4H2-nH%HPl5w z{p5tQ11Chj%De9u>#uMs6c?YHx%PiM)zxzEiLmb_0NZ3s6pW!b{*KD+@WCdizDz!v zfL2f?pCk0XJ#+%M^}*?&XU8<=V!hWj+Cd+0{Rk3qVUAsn!glK|LBMU;%S%^`_`FM@ zbf5pL(8L4K-*kIJT{;4gL~jz z_OWk*6W+1&?#%dl$2i}Fy0dA=1?%WA9&89tavQnl; zCiCwqLODR86!nJursk1G%g;f+5+ zp!BUvK*8jUeN?x^nWe539a61fWL&KyD{sb0N~jL)A0OHD-8gu zeJ3;8ZEuGoeh>Ik2{#Y(9RurDT$ems^jvMJZ`NP8y7Qf;nI@g@m^V^Q@gLl*u z<)b&Mjrt{4iBk~gIE|L=GZ$NayTHW6UZNlMYDM1vwoBV8*yx+zDcsXYT;Pa|rK3W4 zx38f#?J<5H*WtsaxxU3|nF%10Q!wD-?#|9ut(TyVC{O&WI)tHWcNkEr-%P!vO{@i3 z!NcX!yQ|0erDa%O{*9GmVptWyjoR(hY!Cm6U~lk`fPM87W-e@9SEm4`*HTebs1@{b zc84GIdZ%Ci<7x#o(>f7p-D>)T0ktgOHvXsD7l;Zo@qXO`T|qc0p{sx49k;pw=(48J zNmv-twc{!*(Wia;3cY0?q>bn^?J-R(6zU7u((uwmRC`&sL&Z`LpTg@8jEe zy}J(;|92DRYKuLOV@t=7r(}U-U5|rZu#MXaP)!vM0S$rKX%^&v%0 zp)MR`j?1H5n5K>N)ps%Y-uki}Mp6HgvK{==! zlNI1SdaU`g9ntdgvz|sBH^cZ%H8r2I(9p;XGb=hf%oZXkN%Kd?sp#3Sd6O6T@0p}1 z0nYy{#t34sYZ%sy>KKCBN&`d2><01}b?4m(|EAb0qJ8-x&nHWf#l!$C>{}3*1kx0X z(-6bnpfArhQQBh;SE)bT*|B#$Av>R{IAOS-mr^Ck2&#lcseNF-5PqL5Gkl?_j2A2> z$S^65+ins@aBiv-(OonCR2jxGCp)W}EP#D8SjH*UDaO`YOUcH-^nUZ^n-X?l`|0rq zr{ie0v}!^QbzzH~e*tq)RVyg93kft_m3 zb}h)ocQap#UMaD?2F>-wVphCWbLPQ*WV#PE`m7b{(yjBy|QdEr!i=4DR&TU z80!A5X( z;hNVOoCP=zYTI@FSow&1bp&10ZJWC>y~sF)Ea5H}-LcP@*8SY*H12q|v0EwmXl^Qo zBG}#vsQu>Sd$Y11<&O(>vQl%&!QCSw10N$bU|<DNth=KR5=?G_*K;QU+M zLv^R>*lFvhT}^3CSUeKTDtiZVnG6P?d7T1Fw)MC~aI_fcQ!_C*6!_mQy=6RUjyoKi zlOI-z#*%RxACOKC|MRmvyo-c@UgwuWD1cZ7pkD)~)m%>_NfRu)*W$L3K?A z#}x^PImKv52?oFi(r4YFJhlpP2k~~lWF)03IU3$3bNx_~_{AZm+*CX*{m|0LWm&k$fd-@Zo8O5wO8#d>=`*re}M!`TVOHl{q! z&EnutCVB4r;W+z6*>o)oX;V!USwAoEUsJs_G%ty=tpA{TBNx^7b&~t{v(H9lPS)BnT%__YJ zKtFrS;@y!TQPc^SbU?@hX;C=*R_b^!IM-l3zw@O(Heb~kR0z!)5<><*ao-Ois+v$u zYUP&uYzkPKi{zp+;jdn5JYhnq{f~29xb|_c`lB+<=W|~v@nBbZ>#5dE>s;$~G%=?6 z{(p*JU%Fn+vhPd8lQ#Sp@L$clUT*3mC1HaX++sa`VEy={sAImU{eE3R#HqX4ic#u> z`4+Q(pr0nrkCx7!u#xff#dN>r1AAvD&djbVmgy$Gj=Po(w$Nv4|3*Jq&E6^TUUBz{ zre)wZ60&%lfg!MP{S9T*$X!!fQsM=ZTs}{_tb)IG3@MbC&2vCp7tT%!{o9lwR~&XG zq2B_kU(E6uYoO$_Qe9M{8HgGO;j^fW3VV>$zipvJ+ExNn*VcWZ-fb&>8Z+sn zf=uKV6&4z;RjUQ_|9dN?uB_28tlIs?1(kb>?^;V%HjpY^I?NyxkWcHc-HnaHLP&sV zz|SQuSzGYVPsu@yTL}C27J=ScLY5a}n&}KgmM>fY+-86S<2nIxck{tLYJVi`i=D8L z;?hF^J*=2K8R`J!RHGvE^$VbR!M5yzQt^gTN?Awo(uO!dy90{T6KBgr$z*#1BV>@L za>J;e$mznlQ@TJ^0DVD4qkv!&eIB+C0bmb5V8|>ANJ)NlT7&c8jl`@xeTBOy!EO9y zWCA{)oKbQ{bcyctYO&}J-7*ps6iB%#-Ii3(|87cTqC)25icQ}vCIl~6#BO&MZA<|R zr4Z4(7`?tVIvC~dwEYN@TZ<2< zi}!NNy>6a9q4A6>x0)OLC$=CF3g~ZFD<{!-bvMFpI7JT`cdryO(S+w(MhE zhDG*moi?xcf3834sn5s)+y!|#1~8%V4feSTUo1>_7t|kq=W7f4iDQ!GyHv^_s1{VW zDVKer)Y-wj7ExPwb<@hS=95v6V zzG|;g(;a=6lMl?4^1t)QdHzl2`yX%Z79{o^=h485yPMt5E1h28NGO=|(Q#Dxtt;%CUxRc{hTMh=8v9Zw;WwC2#Jt}ghYFMfM{%0#>gvYalT8*f7 z$l~c$)*z@@U%2R`ED7f)T88K$A)!6K(a($ejy1zu5%a*ISwkDFdO&hDj0)gngEeG< zv`L{MWNzu2xJijAAt+#dP2e`!ptFV@KV5!+$$$=}ba>v%6j=x}E<7tla`<%43}!?& z8`evo2*%Trsd5LmQOWVnIiwR9Ieymxuv4Dds<&|>{~S+Y$APW*K6`=Di~9LIIB3BV z4E-#GXMc)lBm(eO_bfzMm3gxGc=VB>hr{%iAGmo)dCC4xMRqEfSdylu0X{&G7pYOT zJ4JqKxtdOc@O2!@LM^pPpztVW6Kx9{8hPTE-@&+cdLlc)AQy{RCR7G)g?*M!7p?eg z>Hg>FC`(rZv>if+LUfh{2$zf54@ptKYc|UH4O3c2%{@$B-VRb(mXtQ@+QY30-&l%K zUQ<7uQPib!OVSqPeWr#-Z__=~$UD8jf<1d~&sw9LF&fTkA}J}zs)sRHPsEN`@U1_0vVis*Yi`8lb$&DN}S zQ~AH>yxnpkc1ElTdwVAV;qp8Y?-po(-3a5s$R^cw=}?gwS2Qrd3WMPliw518I5651 zk%jt!P6-Ee-iK;rSnxLt@G+ut>lQm27rO;X6aYd#i5wEh7Ir2?u$F>x(w`21qFEB^ z0t=%jnC{-Qj2Mkc@mq5j0#cUnwEnoE2kDiW7O{OScLPV+>Ue2ZzfEy0?EPcA^9S^C z=&jaIC+S8B5{9+L7@)qFfA9O-xOju!w~#O*5h~W7>x_QF9JzTD$Q;cBTN-r6r!sw< z-+Z;5-}DQy!Lw7OtfUM@2`5Oc&%^q_aiJPxQZPDUAw1OfRVWiTict<&*g-J3r6B8$wmjLM$&(f~&hSI3kF(;@hZU$A@{X7NbI(HZ{I1Ci^Twxiba&s!4s zzgYmX+8qU=D1b!D$a}~1vQO;aGqhM(Qb{ilueIyttwHtMA5{wGFKs!_RJCl681%op z54sOV02C~4muVrl0iL?^TtP3Q;rC{nOU?I@InIseHO9m0@5IGb%nLetw7D+L!gX|I zGrcAb^JC3eh}(>}x-Fa^C3?D^jx^WrJC1T3>IAISKYhCB0$o0A{*!#3hyc{}3XfOU|BS@F;EQ_GMjL@y z(eH13MVGFYz~8{S}FhwZ1JXAftl6d~FX zmJX1e(ei;62+UE7+$3yHk7D0~TfGL98w{a*wo@FA4|Zho;N55W zVw7G))9(#`-+Qwwg5e>}zL=_BWbknw&ren`x{;iwL6{!?_)pMdcV?w7ap^Xa_Hh)`re_Lgcg1(Rg^EP#mm-@L5WW~A#;oeUt2W{u-@ zjDOK0JdiN#O<)Vc2yuZhxqg!I zqc1jKJ2L|fjyDhGR$ldsToqHiX7^dC`i~i7`oZ?sj&@v*Qik4leNn523*B8&qR+W~ zXhnth&E=+n$jDuF+|w=&nUYSe!wL67Lf&5QIK(d)@Pk!`_ohF0_-HP7U5gFhFq%sG z*E~G*&!PJr$L~e(DL8E(!%L=PDX!mULfmXHs-<$i_Lh+)&<}ryHmFO1NzCIRuwdE+E&5V`Ne+ zSbBB?s3^*^+jzGIO0;>L=LET^#NkW+>BoRP@yd*RHC?dUx~z>)GN_R>h9^C!C)%0c zhYTPK;RYN< zo}KH3U;xhL89j@X>=+K((R=^yTr8NYN2l_R4mgv~pP+K8xYQ&<5Ufy$M+FtpLk%fO zLHlsiT4BaLVrecu)ifS7~({g^FrFaQd$oU6o;_UTpd#Ihdy*NTn!6(3K z$MqEFlsp5OZ*xkVp1d4wm3YB^MkTIq_ujYO&xLg@Cv5c22rQep|D^E$@Zn~FI>P$P z>&wjc%Wgub1Gmfea@<_~KD4zp@EGdy*~|RtDu4UiS_g6c-W>k@5qA{mEw=m_AGL8` z(v_+T0fNsC)%6k5Q3aWrizun4I-15Ipo5nlONMi&ZD)nC;KU|S6brV^IKb*y2_1@=44?^XoQTC-5D*rWL&P_@daK%^BUQrR#EqWh4uOuc;tNMuXT@}(_Lm4UkQ$FafcW7O;$52&}CS@f{?g^^Z#v7 z9m;+CUy*}epuNUS%PpDh|4E(v;k_knUo59Q(Bt^B@A-LyRZYxu@QIBJ2JeP|R#w1N zVXutp#_xo&y`&=qJaI7`#wp^-#XuNpIFTUun7qZa#!#W2kuy68cNj?^-?f7yI1eGo zQphD(ek}#R{*QBw4h7#@O+z#y(Y_m*^cE0f(%r+F@DxuG>NW! zVknugY;fRJcxfNO$)E=b4JK#0bMeoU&7@gM@+&*PApD{~CYs@J`J)<}jg^UAtWkvP z7^y5~tpr?+J)~Xy7Q*g^Ur@?porJ$H*1>{6lK!LV^m^PzUhZswK;+Z6qsfr0yO`ql zEgbtv!#J{iZ>_3C9R3pjZM3j|xkP`*A)gyYn9y_pxZ@OO3AZ}(#Uffkz#Gs_V2w(7 zlVnDW-f)4sr&V>*OvI!Lq+w5iYaUiqleS_aF(H&+9b7Kcgplp8%~gJyZDPSjpp(+4 zHJd@T5c+L?3q;EEAZHCoPt-`EC_Ak3%;-ie7{KZ;dA?IJM~uB}VD?JDtS4ZyggjP-&Q}FWnJQainO#Y>I}}s#wL3$~E{v%%cNb75=dzA1dJQ zcB`WH6xhV+*V%LAUKV(a_ygD12!JK&yzx~2v^uA4z(AfMF>l`0^7t@2*H!2Qxc-kW z+4kcAZ=b$n>617E*0B&k8XqH%#9N(?DEW49s8LNdUpRV=km-=%7cZ}qJ^FB^NNuD> za=EVia0RwoolI|R8ZoCbo$j*iVY_U#$4QTJ89NyI?(qD&{DcPdIDK|DeO9+0Z)&<{ zdyI?e<>d|VX}TSU$Hgw!FFVw4cAoA-N?~NFrcdeN0N*@-2yCqdO}TFdcP7v)yPh5$ z|K)ciEQWuxUh>sneWY#0qu0z9{DpB$_QdB(yKPAV5Twu5b5~^kSULkoFSS=|`>?8; zV~t_hYImMt!g(^hwfbymS+X=~%keh)@o*yXQhZycHdWKlf5krb#^AQv*=CPC;tE8k zQ#9*JRy-&tHkebT14p;xFI@Yo9Z_swzFbvx6|h^30RpNT;Kk93FrTU4_U3>tbK4~{Ak_1i}nEE>3CH5yDQa4u>y?IE6T;iF`WQ92<0rqoa1&mE=sESIs+ajkeTgv zo&hChY6VcvH+XJ6@YWg>v2O3-PsE*SL_5VaABVBY#e za-}3Kq<+*kDmI^Hr|Jd*5uqU@T0&A|g^RL%Tqyyj@jeM1K=Y*{8Wh>D^T?XJ^!uJg zG}_Q>P$C2QXjOB{VamglwcQN~l*05a;uO~h#5@ET4$KO>fn4{<18e`>s9On){&%E( z#_XIT@O}(V=LM^uMo5p&D`T_Lt+28J?x9H!eTQ_Ivp!#32f@6Z z@6*vf`*}gP_8-$r4o+JPzlZ;duTZF;N$Aha6kKAMIpn61cs%-Zw)UP<;$ErX_5rZd z@*dLU-nW(qXi@D;SgkYPmXN$J3=}*g&##AZE%PRdKY2D(0RmtCN;W8xDF?X&gQe08S9^RRfYZ|6L|;P+;I;%Zq{Jpt zk090IM~T6IM;>fG34a>v>;;t4H8nrKj8?K)7h4Ju9T@d^FGN4BFAZQn~h%e+ZUs;m^w*d_WVE1>gX4K&2Ys$8#p&3PBoePxP`93}uHxF`C z@)$9SCGz~lq4^B+103$mM}@y`nmlNwtW6g{XQvd@Uo1wCCD5Vg!%J?j!;!Vdm~H=CA7t4}@2H=jM4^WhyS`QGKipW!h-~23@_> z^^o{CvdU{J7Fam;*tFLa;Y!G4`1jH`sU;5HZ z;P`h?=_zNpa$yP;6`568;%Omts@fx8MsD?!uwshJawx!;O$v#WmHDso)yKzIBp7Xz4t|LgnP5^Y28^W! zPAt`=7^kOy=u+;7CfEo})l*$GeqtTZRcdlaffz>sy5APZ{Gip0n-iHD>+by=4oE?S zlD@g!{qEr)Bl%18%}!QA3!~4(u+|9tlPp}y$2aq*tR$bK;xkSOlPe+K8yx~ZhOo3# z@mlihTr}tu)OKqO2leetCPFGofME=HK~@aod#}+&N>Z2fh1gM@pC@peg}qnLI^dhd zpW<0>Ue3}~6jZSxP(uVLDd+Yl1A`jHi!zDK;5TFlyDcd=isSQ-`7=aV>3v=2rnyNw z47$=KDY5I-wJkFLTWP&w`GV_XuUxNLHVozeF?E)4QAW?(r;+aNM!LH}x}-Y<>23s; z7Le|45b17Yr5jdK8p)+=B^Fkn{r&6nyuIJfedf%Wx#s%*?G*q%tbUJMx;bi$C4qKj z_uJJp?e=fk-fgV`zEy9k<(?-iinwuaHPa2k_D5dkL*X}8CO7Qz-gjYPBVcgHt5;hB zCgA$`Z&Mv6u`i|D$pO(Yiw1N&Gdn-l&6`s}f767wya)?|(VsKx%83YY)7u2tukST} zV=B}aeW)#Tpg{Tb-pv3H_Nr_yWmg!FiCM3SjpLq(@31Ve33INk6{xBr>~6! zY&A10f|t1D?)0qQIVs`fm1W1IdkFEt{ZRyHzhh=}aJ3b_<=O!m3mdm3%Tg~hIJmmhQFX)*C45ae*nI4wjN`Okoz62cGPi7OaT1%H({-il;lSAq=bIV%@!)UETCv* zcs-En!{~i46HVd(i!DjYs~AL_W}gB2$tN0F@n<4O@7F0Q)78Oa1I1A%^tLdl!9<`-wU2H zXuC>-10ihIUR^w7JiDe0pNn{<|+vYI<2^P@V2{-Hs`5q~*Uu`Wfm{s|qhJJlM)=`ddQJ8+(WI8KD z%TSkVR8e+7@jQz1S6|N?l$arfQ2|Kh#d}2TP;Ne(ZpnAGD1U}apEb*^-;|q>CJGMRY2Z95gJ7B5TqbfkA4@>Urk@Tv6W1uh7c)`=7rk`e@SytPDNK0 z;aoqDX+b*@XpoZyoh2dJ>%#{r(SUVrGa71JwV@!HxF|G4bK8i=N+P)2Twz5S?&I98 zh6|1COIrDm>eCdBAq^>1957`xu;r!50vO6LIru62IWF@cs*|-#Q_62Q#eT|0axbyp zW9jUiTetyvhNd@Qyfdwlm#whR%4G|vP`!SHcMSF(ypQ*D`zR^siD=kp$>~V<-1V&lTEbF zIm~sAC3TP^({Vt`0ki)o*ES21Mp%%(<-v0ws5$Nz0}@d?gkMz%0|tfr#5!>P;H|W2 z%}V^~+tFU37#-|s)PGj(eZU;j1#Qo9@d zT=V36Y-*b4LA6Qm?e%!9)-lo8pE|F-3tOvZ<8;(4dD$@Q^)CwSeJJ&4x4iH40+zu3 zq|)ukdH?|{#m%C{fJ@jI1!DEC^XB{-Aon~pZi&}UawlM*8hZ5KX-NWfE$JMDeEH7} zs1r?fR>G|_7V@Rf4&$wn4sjU?tU^}>4j6K|;82o(U|@DUvx@8PC-XesIgD7-{lx*9 zxd$~TGOFB!;0*}H0%$W7e9*5;M>5PrIS5PC{Le2gt2?`^W2STE*i}XQh~znTDTNh) zv;#zz6DOEX^7NDt5)(f+Gu)NPv)2kLQ~yg9owLxL5)t2aInDvQnkq zp!EcU4^cs5w~@sWxp#B$U+*27IGF6171siNeKA72wgbm63{hSjEs53fTL;PV$0+kM zK%-xPX$-*Dj+Ez{Iyb!EU{4!QQBG%IZRD^@@J|Y3z{+%UE$OjKlF-=7 zB#}Gkal^l>^0#iKl+!iheztwz>P0#pT(;xSGxpT)_%_YuHITqd`$wSsF-CpoTnqd* z6@1b@PM6|E?i8z8y1;~0bp!qld3suW|8!7^1q^LQv@6x2ZG@$MzYlg76hC-^KzJD9 z{OS{Napp2e-F9e+`7%DTDc^0(xXv_iBv2|6xlQ~+Yp!}HlP4Uc-@+dwB+~E!3+@O& zp7Xg1#~vdKCsK}{jZUQhqBU;c748r@D0uz)>Cc%8mz~>3S|8m8y6f2i!RDQ3@Qc*$ zIYG_IgKP;TH1sibUesK6%fF~FwVMaN_XdEy8|?+0@E=C!?rsI|+|ML#mJa@1W3vp{ zb##Rmj|KHUUT%hF0@e!vCpFfV#xEXErXnx*8sHk4DYo4c!j?bLb{}ZdCOAuPcrQu9z0>-KtA;W!o}ep!g)1NGFaQZbJ-+c;K)c~ zpKZ4b6~;kZOQ}}U`jMS{g0)$RWM;bdl2-$Bn}UU>tDZf%*^^>v@~Giw81uEIU(BY) z1yREBSy^dKB}&Q6fcoR>Z8bf_JnCay<)N>Pu`2=$B!CR{7Thn{og>W1uZ;t+^O5`K zj6d<`ndupw)Wa`(Ssv+Xas8!n%&uPOI+B_>7zHZsy4Q^fJyq+e##S>TUa3%dO8AG4 z*@%G*9ZLPc{SDHus`KuyOc;{*9UW3w>Dc6g8K-A6UVkYs+p~D3&8+rWN44kZ$^zye z^T*RK?CjV1vSvwaKYuZ*T>`Y`@KXh+4L{-A;L&Z_s>~q!dHxwG35C-dMWCtO%zJ`; z=~tn>=7$l+IKaqSQyYMylFx~+`Nt|&mR8C>v84!X{RMlhyatSQzD3Sl@E8SA+S>AHH!st11 zxbsdGnH>BHBLH)JR^_s*JP>K7VS?c-CgsXvJd7%PAMm+aa26w6MP)UR&06mg&E z_u@)>WY>HljD0(2VN@m0ySRkz45>U-dEqlQBV@nXsxb$vN)}HG)DG80<<}K}9zD+? zbl|o35Sj4y-r$p+M3wNXF#l^qokRFV}f%d5@VtOBSGE+(!T@--s?_{sW3GX&Q!Exc2R&*?YiBsSh@B-W5CjW zfh)yZ3o4@ zNlg0@K*@vB`SD%YYnBZv%;cdXsP~#7(a%g<3H*a>)C%=dzPDjA2B@g*4Gsjk()zO1 z&LmQMboKA~!EIFor<}Zv^q6R%LoW8#=hpa8Lz3gDMzw7HqM~u9`srO;F@Hu->iRV< zC07RvB#|@R<;h~1lo_IrUOZ!vBWY6OEFDbh*ltEBFi_!F%uo8pJ-+)>$0X(hB8Ar7 zQhkU$6NR6WJTQo_m12piy$2VX9G5T!_Om2A5K++y5;jZCK4hu<72!vv;jOd^6U+kO zSFap4IHSRGOh10V1nJ0H{9=j0DU)ZSnvi0cx}(fo>LTEh3~Y-Qw5m7|XPoE-r=Pho zsD6wVYAB-BkLBO>&A)TSK&cS7_QW#(nzJhU_Fkg+$|mE4Xf}gsW!c+tnwK_Rr|i(V zap5$Pid0u*{(5e=R$i9PC;VtTwY$XHhfx&RPvOnDs|gJ0z9V~>{gbV7{S`Po^0E}j zl;ZpQxIeI4_O$CohRTtTkrcWv)_-fw4!ii@zrjrlsGm$F4;E#PSKs~io)ydVJJ)4< zPa=%~hxSJyz3hXw9|#b;>y4FGW5EUjBCbRkT1JoF=NU(mhUn(6RYKVPw#ZU#%?1guLta)_V{@|Eup*=rQmQ+RU_{f2N9Wwfv?%oFYjNk5_3DrWqzP#21m zM3^C#2Zm_IYM@hSl^SFKaa!c_nkFxVt=wcRIk|7$=Kb}PD=6Ek+(a!2=LY}F8ax?MhB-YK(pbAC{ijFX3< z^S@evDiIi3=HkDxI6!q>dKVY6kIGVwN@B3d-+f~=rt2Q>hQ&^PZIur#jUV|yZz0Gh z7MTZ9dj!pAguFj*Y69Y4_ci>A9#XTnj{EbgSPjrmF*L5aKkfc35Z95MYEV?Zmr`y@ z5Gt|_@5{0=9j+T2)~`dJv7vH2IlhLJ(GAkc9z3G|jkz?G4Yz#rO1Qd7_1`~$00PWy zx*)lo!n1w-;xT~S?N^I;#$y-~^p6QRkTQJ{>uRWRgvhC)LnC8D#;l-eI4$t=l$C|M zpyhGGH+iseo%dS{N&nUNOyOI*1Ki03qHC{5ln_Cm$V&DSBa~Ky5MLrF%_1$AQp7Tt zA%`q_uyj^f|AA(iN6^GK-~5crbw@w%-}J(Y7BzT=?X(B9gISrGhz3z?45OzntM?%n z5I`!BUU7pbh10Q5V78|Wo3K-cOZvD$yfHb1(VXt(SHuL=IM4%z%R zhhaxab6A`PT7Fjcqc}_rhiN2sSkTlcB|RTr)ez6Or?4u+yD{u2V%eEF&2vn9B>OkB z2VcY1=II4-)Fu~$vAzfem{?fE0UDG)D!o=CLZT_uTMr4FWv^#@LZ#)UYnd!_VhYO@ zr-{4#L3n!lc(1V~iSOVO@K`huFKr9}@vog6uq|MpG8PRM0b*u~L7H3p^Nch(g{}74 zyF#kIVGV)jfv2x%?ilIAuCn~*#iFT+bE2z1HcS`6;1pW&$?f|%m1Df(4+~3)2YFL9 zIU?xK_uKBp4;JFRo=mu~F2(G6C@RLt@O0{8y$_=_kH+MN*sf@J4JJ$m{GW5ppSO5j zO@mJ5D4@G^ef|H1HO#(z*I8*wHF}$r^t;eQroF+Y3f2L(?SXj|gthrP4iScMzN*or z^d1S?X*ioiyZtA12N7Zy?C+gxFO>WR0|q*&Ao_hRP^us|t!l8l6k4M*EqsjW7XKIu z?j}M|dW(Bu;?7O2c{LoX-x3T`26^_7;=;(EKJ;54L&t(hLY+e!zPyODLhK;i!!rbE zB%jONKjYLnxiB7%x$jIZDw9$w%E|-yKG-4gKLsx-76^DclHt5jklkh*>rnZ*A8$yU zG}RV0cYsIoX&U?69~roHtkv5ow`mKh@TVK{f|}`jK7@`@n*XC~FBGs1TJVNpPT@ zR`5QCE`|e7*?uvExjW5$wCZLAH-aF315%+Ol|n6lX=fT3}NccnErNOzN=*J z9{Cxh!lsMe^^LU}(>oGBM@vbuvdkNUsEy^xhz^0-vj^ctM{&2x0u4%z%)FA{v(V@V zo>*c1qyguVl$TDU22je&J|#YU_HVs#p&5zr71RX}5JNOjv?H0F?@_G_6YxR2vh$oD z_@OHCR9j2YT@=W>a17S&)Hk86eCkrwzk&yg@4l`gLHR2q=^>IJD?bHL>hqgN)Ez4) z^{W5_P6SwhCRo&;k<+lop2{!(4_+crC}NziE?(y;s!upaK}MLcrOh1|#>itnpm7ly z1yG#s8pQ}T(UOz?%!2GSdoxp3@ABR7vR4_@ELJB~7<@pb07OpJzEds*Qu@9(^%7n^ z6dvEVIglrGhx6AK9VCJa(?`oE3c~hmGMF7x!$7r^?GvB(uK!&Wx4JUT&`hxPn2>$G ziJ~OI81Qm_6^T`hF>3 z3!w0%U6K6WFklFmJAN!IUe8}?3b-D4KY#bS7xd6xU7TNRIv4s1gAF$6sD%jY?Sg9v ze2-&$DLrQquQqhgT2wsEFiO%ow!hW~>Tb3?FM)I>5>tQ!!LS8uur278Wt>(HNCy!E zgUXp^!b$_Kx1HoLBm#5EJ|JC;o0=|-?)x!@ex&(TL(10RHekSSr3ak?T_gQY4lbIuU=d0P<&xPV$Y z+4G>C<2>}88l-~nPH>L`)*S+;MFcvV=JHolMlvbU;l#@Lb^*(rkX4XpBwnZg{$!I@ z(PuwA1%h4PhayhKB)B2TJ4urgDhxE3{aRjp;g2#p1MhF!k!M+nYcD4Yz$|eUH0kk@tuKp7_G-LuXWbo!h2zUlke< zFoIsZ$*94ErP>_Bp|WoFXf|Df_Ki57^eF+vi;YJh$gCh6a5RmODS-;96a_y`6qjDh zgjLh3zPph^H)!fGeTN`*!av>rRzNc6`@-T=`E2R%xN^%k)bK*}-o>7lytcWSC0^1B zzs+Bl0gYiyk1lM>yz7Nbn9yg#19Bb4QEe`?K))%5!%;oDIRyf8HknqcK1}3xu>l12^1w?e$xh|Q!7;;Hb>T|S`?DF2eXh=?giF!Y}B+)NyQ0Lx4%M=P5R8I6dAm(G)C!jK;+`}i!f|s zd-0_+8TP63BWz<68T@$i-PrsS5YX3t&(U2BgXUl5rtk*s)+~jHQd;UlF~pA1%=&Nn z`4chwY^Q?R1veeDp>dH{RoZxkbl7%CZkDv^MIKC^4N&Ay8ny<#zpvt$JLf=OKw z)@<4CdO8Y>coK~T!P9x>Mda`X(|Es(BJXMAn7kU9aN_74OW?I&vLTqQv`s!l?-Mo( zz>gZ)b4nHbn8W9|@&@WB<^UvVquL2JJj>ntVZjtW=VKM%*^m{ zHvv&VWzQRlNVJW3TRmdpP7?~ytbtydEh5)3kpYok6_@n~L6-n11RD2n$4I@9&Z0LsWfwcr6=w}TPHrth8luT{>Z zNw|O?)Ogr5=KqzYM_S3Yn;$)`{v8B{@M5JngC8}K%6EZD)~?{1-+AyDUp$0Kd=IQd z6wi)(5Ap;V9r_LjlTL1de+DW^XD{sF1ZXk~r~bXyvBicOzSM3Yozefxs6_Q9#3u?I zwwywBQ2(x{5d|PYg~AmkC7tvudND_w8fr4Rc=^7MKPP(!*%ao9Vvi%=;SCN+se|lcx0-xskOGEMU>E zM4pF*R9On0Pf-i#iJ(&hEHY0EQM{w&C51f&!bi;E#M$RgBG2djNn)rsjb$9}?`QH* zmW>vq{W7`+eE!eElg)!Z3QQLni?{%%=PuRR!12RR&UM^7i_O1Y;J^VfmVV#eoL9bt;%)1r`+*Gt-?fQ(JuZ zvv0Sj7wr_S+5!d|(x z5DBM*I*UDIycojA1L0QW)Jvf2;L)9(Qhca$b?IljK5Geqtw-nTU1j78@f}nUud16x z>tf5V^lcsMk5_2&^Oe{zb%@PHX#hiWPK(f(0gV{UTXdR7g7f;qZ|{^I{Eo zDx1yzgDdjW+e7_s01*yMZZB>GXIb?@Pf zAHf{Ac5q7QNL^^dQrd4&0B{kcGs3^kOG9z>0#C+H#Biy8ZCWeKjsW+jEJEI>jKB*P^BH00zeTuP$L&jl=0eqWRL(lvby2LmW(G5?7}-FJ`0?I3_{gi1d~z)g5i*LpJeI`J96sqIODt zM^fUWQQ5AZc(CZHjwDH>lZ5`Rong6JTcv`jPotLHd-QJ*H9ZrJ334%iT17Rfawuw&VZr^zWBo+sQ| zZl|3GkrPC&uDtTzd(799H_^l;X`aI%_ThNc*#Q^!>D{t#GKNA&w>KQ;oP}*aG+7-? z`jB9S2b*SfUMN$1tSzGxTa1TT5=|yiN}t~OsZu34x6wgEotfo<=1}+=(`=-4!OD_? zteu>r+r7Z{rZ&7RA+4QXEj;c7O|K?QO=`sec*N+VwZ>a}_`@8-D@&Di1wUYfe{WfZ z5O1xcXR|c7=l3_II}CwZQ43{pU_#U(KVeAV#}_iR2_Z-bPkH(Oq_W*dZ*X^g`7Ucz zNnoxd{AyB-Z{(^~KrT<1N#>+qSUW1L=dU{^|5T?9XFNz9Z440px&4gvZ%i2h7NMga zVT%pA6|g!Ly>q>fq;t3>Z1|{%MEUfwR@KIHe9{C3Qcn-j*Cn(FTgRA{vFAWdY9e=$ zx@&AF7Sn>;V!sTl8n0IUG&dgkY;^o2JA}~9KtOhk4BxG8Az|I&c=oc8BNwhqQimQXB2&%?|#NW z)$LZ2^~pcLQ5v@&ZQtabpZ^p~d5xl3UMhkBCGnRP zRg3~;dVCf1GXPBmv4Z0cX8LprE#Jh1(8}hj`0H%me3}uEa$8E*2gtJ|cjUks%7vBg zOz;UhP9rX*n=XcsaR%4I32SLR>aq#fUt)-U-!gQ!y}CNQ)4N zLFJt+IFAZ}hK>HTAv+*E&6rwCER^Lr8|s6ffxTI#$5%-%Y4a}awm8LdpIRpM5?&O6 zs%Y=t&5bf97Iz$N!TmkRaR~yzxv_FX+yz2s=ukvsu9hFeS^_3Z0jlsUKKOQu^f?kR zyZqz^!qX9jtv1d0gEYYwv@3-)I{G+JteL;gGdFXM8EnEZ=b`vNjUCFH%0c7Y8MRsD zS@K%t)|Rw&)o+acb6ntll-o6a6ePMJozwlZ&M1Joy84LKBgS!{qCAjb5)Jk>`BndB zyz_F}`BW-G))v#{$3X{4cc~+*Izc1}lqA#&C-g1O#uGExc-CwLDLUkv^9gc>x3W~U z5SqxQ{eg*pBw*W;-64EM-f}p}8AWvV;XT-KuCeNQ7?Ft*?nUW9U%mCi^1AB_4nO>@ zsvvQrZP2ps5^^^K!BCj$-I+|Dy!Izw5q!LU04~uairVC&`(io;9_#ZONYTOgSA6 zc{?5%26PPim3aoK;v5SaJFJ{{ekydC>$pa$dvzFEvVv98(%Pul8oA>Pq(_t`O^Y+1 z$y2(0h~J#t0=at#ibPf#PzCwHt%>)@9o||^|0h|g=b9nF00ugO)rsN~;l2Ln->1JB z=;=`&_bp`XNJfqA?pkdRhMi~}+;I9lxkUYaW;Iro{@?$X9@_Zb>N2_=)1BkeL2PwuP&gsUY`-VW^wE0zJf! z?b1|TaE+-2Ti;tzaPCDsm#>+YH+wpO{;t}!X!j<5x|?DWoPaa%%dZo` zchd{C8~XY8(Goku8$-U~U)x_gt9L-nCN|XLn}bMY)~*N;WYOO^{O^kA>9tXRAQ#T_ z;DON{X|-56^3gkeKN+1!?fygsuSvNR%EZXAagc)J?3g^5q5&H}LNJIwiN|)h5pX82 z?d!YII(_}{^Z;9J?zQv3mxDE z;uUgovqLup*WoN0H`!7{y`Esv(HKeB)HI>OR*66lgC_}H;ni5O%aZmjGY>LnLsbL^ zst}`r6yT~xxl?{Aeg{t(U2?&FqIAR`EzC2$hYf&Zuu?n`lza7pz>*M>SgjlPev($9 z*8khAr((>H<3%3L%A*)SXACmbPz{e+3yi+UIE~!O=zM#uy!u9~&Yo*1C(OS+8B~V@ zl@FHRb}Ap2=6(F8pRjDdVMzt4b4-2(>Q=36+!O3|2*c:strio9*dY5acrMgUd; z>x?vpfpWmXoaMf)aZt=1H70TzdeerrG7r7FB zLVAgCBpLc*`>n$wjxHA9ik0#KrBsdW4>%a^YK$<#9RWD6fm5Ec+R0tv3t)Dm?uYON zbtC>DW8RzRY9XUUSyWgSkEjtMIM5Its&~t4Kz49VRh7`8|E`lOR7-k0_~kczq$wRh z-q-C5`MrHRFPYT*uj76s?jNNd$mD}S5er?H;c*;MAM=)i5E=Q{G${30#%!d)Ck?m1%{FFh zS(D320Z7u0Ys)(lTpMTP^XA>}dbsC-mht{4bmxKCSqai=?;+`G z0`RDHwXj>Z?P3)ITPn%kyDYS=v(XrO$;pxnb`;QRD+HW=JzxKnX0mZhbL#lLC1{=R z%~kz#L5k2#8;|d|x>jAoZ;E-;^9J17Ul7dRgcKGX%U7}RMX5m|yJz%r?kN55@;ViO zJA){&rj0T>6TI$U#1E)2r#}8d>@*gM(|8=A`^}MIB;8n(2vGt8gI|RWppVq znPd;nB`DxE3I8ei8>g$``>^{hc*X@$Ln0RdLC4BC_Y~FqX0LC-HGZ`u2;j%qGxX|2 zc1)N7b=`kg0F_$T-$Oz}Pt?IzGjxOHaci{HGPs|wq=LMV!vjNKIf!39UT!c3Lm)TM z#N2Mr!H}D!(LC+ss5E0m&`Ih>LtlIH+^%s?{jh{9l~HAjc0V<3w>2;WcsL!NK^WVowjHyit$VgS`p2uS4^auVC=r#`c*Sk9~sJG zS!TT)coZ^p>-JC^y?X&~Z6~>eF?7OXMMbIZd+|=@+v!!+|Hu%+ z_vj2Kw_>(MdyvnU_DJF0CP#w}Hw5EDIZQ>f=u0UNvPmhr`j`%UVz-)Q%{Nem(SlX& z@$T+v3>IPl^@9rNjp=|ZP^vQ9@EQ*1=F&P(BEZAi0!$XqsF7gg>Zs7)gbfWcQ~|aH z0(jl+Ll9&ij}=I-c(j;7=Oac${bXm_w8ZV>{M{cm?DNUj2oIatWZ#dqdu7{l|9xYj1{itAGbFNS-P;Wq+)9N>w?V+GTNe$-(Xi)ocEB}$wo7h8}g z@td4kc)Re#aBL#lB-T9bK(TnK#{sOe))&QVcpTQ~kfT{&R+_js>c5{cRfXONHYS%j^t*6mV6|Zi zax3DG^^C)GBLPd!%zme7rg1fNkpP5^1t)WK%w4=|k7MPkglHM9)TspB92y}ru5n`nM0jCTPfvx66qwWiQ5xWMFST+NfwbkKLSYM zRd$ut_O_ZEJ%*9{DV$*PCh}oaL$piWz~|_t0CGf;5T_v94FIG2-Qr9mzxSNJrsIL@ zIk4M;o`S)SoKXP3Ff#)MXUlm-4}$W%IX6jD-5lIPLB<0yyE->k9vdNq=VfHP#3=M} zgrd0;?sJw{fYKNE#`ZmgxrUA7j0ivy65H}x}%=#Xgnh)dJ?JPP>5qp!uk8K@?|S8mL=>FS%nD` zXg+$h6YVH{n zZ$l-(1Ul8xs8>V+91XFT?7+`0Ems{fbhss$G~@p!Fc#S zWaFz0dUq}Ks8|7Lp;nDPh)^wkwck^7rCS?vR5!ZFpE8B;S`C?U1ye|tdDoaP1)mXs za`CkjFjb2+yAZ^O3k1*9Txz9;2OANA7|?3)ccKLiYcgHZo6U90b_;O~wI3TVyxI{I zA5#BL^JcP}B3)cLyhyVyRqOe{vKQ*aAP1mSMWDklhip>PYea*LSa|Uz1lp>Hv!sU(WWWzsc;ZGdm8hZ-xnV2SY3qWG64bb~$jf zzP_jN5Y3m^SdT;jrF3=4Dw4*-_E+CxB(1~EOTj;Ugbp6-RLLX+-|NfGBFAl0u*(;q0*rOOrm4RZF}R5 zdUd6xK`qA*n_fVNg|C^^e{u0TF6}gKiEHt@a+^ped= zA+xB)D!1WHSCHm14b4^!**s!zxaSh|>qSL_K{jkD%VV~(^`*v3c zA~tP0nB0MOELAH$VFn3%DM~sUJZuP;>|bMX%rH-%pJizK*Yz8H7=*87vWY`Y?%5Ox z?=l_jjO6zFj1E8aZZM@q%Zqe*Y2ITUMNtqWeDXsy!bj~lMFJadND&YcmNm}?eM1h}*)eRP3snhl=KRj(%K!n@}Hkn(mIW4Q_Jr zMG6)j2q3>CrfmuMBvhz8EK&Q6Pq`>5_U*cBrIn6VJMhb3P8rfwibpSt2Vc=2l81~> zP}8BMYc~n+55XuLA#DzdFAe>hKe^A5q+mA>BDA<~cSp6Q(z9A==}Q2pWa|n}b_h~1 z%s7^0-7V+XtS+qR?P|||Az3b;)Eoo1ZCCb+5k{Lls1f!yhOU!-$s~1cVy5Gl!cQ(g zst5mGr`4AzvfqyMq=%SRk4*gK=e83Em%R}5KMXU*%+)b05g^6R~M#@^{SiI@WTVjv40L^po(^%4?=zG^TH)LZD5dG$lFItlPS)N_*JS}0b z=e^8jT)-1$eKyF4=rhU^*yB_AHp6Sf#ny*F2S_;AQv<(Wk7iygZ*Tj#r?0Y&4-T50 zY)(A0>h4!keQ&IHTy?DArnd(^E9Lj_MBe88pO`Bu0K>QY{``gymZ(#_dxONo!NxUt z0PBA}L0-n|A+7BR){e!^#wEY5c^y?oKZbh0p6<9Nrn81GAu`7-WAH`< zj5_~fE@h3$Df|>Q+h&iD$q*BDL2QrsHS!eA$s=jwBuk7_3fhmSm*$xydeE zNhle;Ml^OUKKU4#uQ-*_wk(3GGF(;)detQn+26x{D{yPF(o^m*D-4@16)9NR_)BCI zOxKih7{Y6aDoTv3!q;R1@Ci?kGBut{kJ#7JV6+Uxz=8>p7NhBRoSKW^Wclw2#`0z? zKS#+MsG6Xe%t4f_2YWH-{ib?|;K#i!)^I#Qq+eI|xkXy!erNYBlOcvPh5jtJ0fRAM zCM`T2g!9={TU7=55Bf`|gx&1?wKQ3omkK-wJh@-dY15C4(I#wiOW3qiPHU=eS5hQL z8MgE$Y+hwc8hC%B11+Qm&Jv_%moI(ykd}!06sqj|T?O&&mtjVul@Aapm-JU9~~dF@U&PzINegy^`JdU`IbyB)apTNlz@ zyYF5L?ON}^NK0S-+B`a+JUxU>oJ+^S!;S(C`_Q_TMOVU7@WT#UW0bVKAJf*cFWdVp$R zUuKgOxmMF4Z--r7e|=xwhZQzp+?&w=&PQ3BI(4w)J$v0}Pfq6AT6US_xG^baGS*=H z8-&RVOwdAwo3SO5`2yl2F)jMJJ+937BSZ&2?3^5zJm+~XM1YMVie>6ob43nN*+1If z(t83Q+Vz)sCRsK0fKlt!+IsM5`joNASzMV3gLrbYGEN-8;s9EI`elEepzgaRKLND2 zxe-wzBLy}cOFE$Xye{Ge0Nqe z6JB&ID(-RqYJbG{oU@0D zU4mwDnJ2y&IsK5j$jRzkLu8GpdB)POlzL&mn6yCPvwVRIb(=Zx?y;VEm7$Fxj%^KRYx|kZLH1q}iM3i>HLo#T5#H5Jq7K@gdBXJ0N zG@Of9nENqAO0cPb_gHBMW#u#>eOC8$mqT7wRhmoN)72*at0Q`~eLujmUl#)^FW`tr zf_z5OSBTzy3V<=f!^hn~vB8TEdH3q@b5ht0iUH!)>(yn}pN*Pd*8Z=U<+9Z*1kKD0 ztFc|FkK%VDO z;qgyOMC5_)fjTcQkFw{=wW)gd{&0L;S*BDrh<0Nhcy>r@HGWTZdm{HhOL}8_wkdl6 zXHFe^ieLRS6$qAa_NW;vm5vU@a^aCHqhp3{t%UY+laH5I>+HL#$Q`T8b7Ep`@*%-q zVZuh>SdwS9o`kYl1`cD|vQkb~zN#;bZ~ZVtPZinOMdOvy&Z@U%wdV*zYY;y5RYU>O z2y>Q^dt3|79`5;nL%u};)%cdGhpQx?QfxXaE9`_7frxBv^K=ZIzinucc%7XjnA6GG zjVHHiVgWpsV01ud?^_=IS|-Q37yw_1AmL_;uDtArA7bcQL{Q3dw}R-HnbUEt|Hsr{ z#zpx)VdF4eBHgv5bV}C}5)vX((jr~b4GWUeCEe299V?)OC@kGwOV?5h3(tOk_j7;l z|J!}B*EMm?%sJ=Gam+&qPVpXuPM=%O1!oA~iU)p+8R@^9_Wzx z@HcnmW57kY@;Tvd6fVk<$*NG+vcpCBSI`e~eGHc+(xozzL2=dsl)h5$d-`O;nt4nF zMr^-b-RGH}&%3B_`bjeH=sD|^Bo$&IF5&m&Fw%=WVwk#Oo56?z)2St;t6!+bPmsHc z@TAB78)KnHa^1hm;UK)HSMop+Igbs;eYIK(he(jRp_NP*8Wg(`L1(RgAO~#cgQ3rx zPRvLv^x=WV61a*03{mcz5+kOTfp{P3ZZ_)@i9gz5rG6wJ;gg~fH}7w_`c0I=e!`Rg zRsYa?(cj!I&WP#SiyB%k=OHSIyo(8;7ogfZxI_0yMsXkb`}K^hVuK75#^QxF@XuTA zBWT}*-d06d(70ZS)vTcZBRW)U9NzVkGFUSVwD-;x-)NQSM{9>z#K^yhMVK_}*t#wv!o({idb|GmikaUE>cS3_V~n?ou_pW|ad1z38z6IT#mdGxz4dUR&pBp-7i1h5v{ErSv-UDW?8X`s@kj z`>8rxB!apVR)IRh^PK{YnMTa}Trg|k@hM_!f9S^v4XvDP^2J{$(49M(Z!u7&ZvM2{&NL zOJNG*{QHU^k9t!Q&dOLr13u#TPe~gQX>E2%i}&XU1#|=)zX$it*vfVoE0Awu??^WZN;543I9}i#2Z||()>teJoSjStj(&j_F8x8q7tTs z0e{;IEWIQhNvBz2oJiwa1?D*t6R0t^j>?IHO zTfLvvJ=uP{Bg_%@Ec4N{rheJ=Vjel8-`mR+3EKw6fFsP$QUiR(3Hn&ht+(l(Jv~;e z4g;@qX1|yc5;i9&FwJtm?)`3CRYy{_$E8urb9zNsTnxr<#-6llq_(M9Zg(Mt4(DS` z$LEhZ$hySD!obsu;&P{NebeetG- z3u;@i%dG%zbz`g1S=v@QC@dI(&iP-Q;r8BMpb+pZrZ+|MgUr7{2^zBAo6hUXb9g(YV9|+)_%WR6^($7N{(FsbvOH0?=^!C9x zC~rzVD?bHcyS|G-XK$93>btG65)$B50Ip!l{xNN1o8&I}Ab&Y$=0pijOsXFl@GY8w zWi!BD7`#9*6L}H&1eM9(sfB|8u6cQCpm|H7my|EL&aWnqpXQVEr9`d9KJuhgN6LYV zL!6qhA&GzP?9-{3vFKu&QQ-8I%X$T6p}%t9GkYYBQ*vI38q9^aQ9D4z;@@jf!VTS* zs_mCCH_5+F{`37#5vF$7o)93?O%Pv5bLHq8CwG}VY^{MU!9?%#w^()5w4G+r{NLQu z$QzlHKW0*}FyA0$39}y(ur0-lUG&t-sG#n#LUXS!bJe_eYW$))n0H>uU@AV=(M`2W ze9-FBIOQ5cL4G+N#YtEFcC5bc{Mj>nJ^1OxJi<(6IK#Z9$f(QI92I8l4EAny45n^5 z(l%~|PRn)bmS8o;G^7g1Q-+F!ibx!0)gSb!M?R5{lp>sIQgwQ$)@!hdYeR z#~4F=L@sgo!MPpymJ~vFXsa?7O3ZBUEtmMVg(119;Sr706C5ACZV4 zxXvuy+jsRMo(l87?TIh}O$|&KJT`_abzFv`6zQL_4X2h=Ukz>evnVZ~8GIO)47byM znJoCd#Vy)0x}kz9a3q`SmJ}fKHI+u0qa|B=^8h+` zEjVU;XkHF(GhGM8XuW*+?3hTq{IIVtYH$j=KCX#bw>?uw?AJ2(bUJ_oL7zTBQ&!y% zUAp^xMZ|ob5yWW*$~;|W>1{_fzh#Ya5FiVgZm55dw1De%lgNpri&A%_@G*@AfgV@^ zn7$Tp>7TC?1*)XJ?07c8Y#uF+<8moe(GNX!KvGwzf-Rgv`{VC-H+{3u$Om8e2sgda zD>4^GA{}Mf>p=K-QB@fZ4aUfQg>Q!AOU?do-h^4I zyoB&GDSX$701+p9d?x68?SKbo(<=hJV^S`(@pNKz5tNf~_gOhq{zUlr9hXeh zoTg@yB|UwF>e07KCUe6hac7{ZbNggy(y{#;_{oSz>T8=qz#6-^u)ta-RgHraX9=mz zbk~1L0kG!SvOkLhD=sM6xzZ74Bv)spxPEG9XHQrE1WA+!Q&@w&?{>a+*n`0C^WIPA z=aK)~-1jfYPqobH*BU(L+X4Kk^H1kH7p4z?Hm_ey{1OGHpFe<}dKr5jv+jbVoO=Jw z%zNK+zyeC_=c!}sGRRN5?Bu(N;Jn73z25+ClQx>&&o!P3u`x&61q}9(_@A|#Ltne2BH-yl!JHm0ahqw`}h+H@L zW7XyD9?$FMHER!z>W`Nj(r7ahuRD1B{n+|Z>aB4VWP)2X?cEzsCjkax6=C(8x7MzO zfB;s!ZYSL=uA4{RD8G=+1j*ougT3sEz{Sb&-zfKU6DsVlKH7`^h=UC>{%qnbpL^#$ ziocj$9dhD3L#{PdIzmm8hk-~Rc|UN-IfoA)O`BZXLgHM#q%)P)M1MtZcGkGYE6{#q zJzhYb2dJ}y5!Jx#ACtStBV_}%@!*?fB1yb(!|dRWaH-WiU{+zHsMUnUe^ z4m&{v=%C*nm;dC>p^|4UWI{zY$(G(8okH2 zjoF}8(vx3B;h>R=KW`0Z#Ulhlc}$Sqd=B00=Rbu2-qZ|Z2QO9ok`Fe8>w-2lRcs}k z$CstQ%aXpGSh;CmNJ}U!o^PB(Kk5_0{gj{?V;l+0lq}f(RirvxA*>!f1NndMtF6k= z5Dl?MZ+HuYn7w~$vGU4ny9 z);t;fV3bdCbduIRCvjxSTUzmy{vrzOyE7sRzomj5jrIe(fMT~3w<0H>A@#w>P0X-|v&Y9r;KvekFwz779sY+Pp5FF= z4_`sFU(W06Mn8{|Dde{5#{y_ygcis$BUOHaLOtFhSt9K{`qRM$3r}4e$=C2NrVB#I zM37FbPEOv_Z-y5!FjPz;D9#&HgN>kLc2C_a#zKfXsD9fn3)O?R+d4!tQ$F=(Bn?St zmGR<#XpZTS&B?s3G#Nl5mvu#bT=heat*tdWN(Pr^DMKmskTeOxvYZRT#Vf)vTDFJx z(w0>exaBM@I5Ff?Mgy{=>?jDjoF*W0r+RlenSOZgaAUAvOWrQ^x}2@ z#uvf7gp==@|A>~Z>pPB(q=(}tP&%wyPdH)R9D<`H3czDuB9Ts3b*piAS|hp+OufSO zP$AS#WOMDPs37s(v3%R<#LUuO1hJ+fxRDF*H36dM2Y&{Pi-{H zV((7W+CZX`g2>hs->72XU`)PPWbTq%z5+N`w3zfvYPv^01UW*T7;)Y7rhf0 zCUGQAyEOd;10FvX^Wmo9b5j7l#}m)aqgP|Vnbh&^sy`>rdV?xBe`fx6fA49auz>uy zi3|3St^~i%F~x@qUN@}|Gb6g#!$DFj{85p0`Yv0UjYnK)J9>?)3?b$>Fc}7vd|9V% z@2?pniUAOQ+=hT8F)YMq5Kc`1DN1zB(pbihw;pm#xgvUq{yJs|rEHtYuvb=ZRvrw+ z(8?jUY>)SB6Cuxs{d-C zSL`?e@L!tNAQF;6*QKz)FEr7*1^aKMmPG3v*+m}&P!VcY06sM!CPh3w*;ao+{YC03 z`U;nqcPp>^XRWlcnyGYN=T9_BB?V}3`gk<5Y&vS~Ms9Kx)g?g;pOypqLK71jVF#X) z9{CNC>Tqv5xRPX#nW^5dB1AT7_Xh+jVs2+d+}+C#ioW+~IB<_76rqLhl`^i7fL&_u z1QsT4T~3c&h~f7O zick8Yk`9X+HKH<-6o5QI6yLRp3tq@E=&35@1a%lANr#;3rtG0&#~$+2 zrLN>M(=Umg$W}XPym#xq5ZVyKf8!HQMm@aO=zf*sw)Dw_W-&?ceJ8<&*$c0Rx!e+U zc@F(~|ClAcF9@gVW+TYN^1y~*zl8n%ia+43`J(M{I2pY5V)khu{!knikU@S%2yO59 zmHsDX9JyAq3ej4_8E|Yn^8Y|7J0AnH{4DAG5*g-F{{45T-+z?Fg(JSngGmj97EsiQ z)^}0wN*op+^{i)7=g|X=B-NOOKTh&dxOl0mqnzdnCKw=jb(IKT@FIOF@@H%RDs;0e z8PpPcq`}K96h;Q|3We~;v@TdF4n*RiNLbG#hVfKSucN`nC{Vqna1kS2U(uy{v2u1o zB=y_%X$R63svv}mt>F7#F_4KjCsJ14-`B0f{Kt47r2mB&cPV2P6Xq!|&tzxI;^?v4 z$Y4MShW640*bLEv=)Zz2y+3z>74g5s2D&$xwyI3O!G)i=YB+PBioNU5(q0oc=2Djo z#)o?;0(yzV&#)KUj+7Q<3vzP0M=7Ez*^$8=DSs3KDSw^?*P@(}Zfvj!F6#%w%n znS-MUQ2JroO- zh}P8i8L0vflRVADE6uD3kYNQzV_DJ@^s${NkyKW$nIBJb$D=P#cNAC4$)j+91-`*kg-rbJQ(T_E2z@7_{Hl!9^9dPv zLj%G7EI2NUbw_XivpygPyDWbuhfIZ= zE;*tlV8#(EZ18v^1pAX#!M595F$~k{1wsYDpI<8*w+`)akqRZDF1=M%a9EZklv4BD z3N%+vD>czpDMP=tNq$?bqylv>Y(*ou|JhgG5n`50S_LhJRYD zP4`L{H|JiX(M@&T7AlS!AQwM$Eo5=-uk!bc83$6EhGnc4Hz8+e26Meeri?KGBS1_W zQ(J4-Pz{zH9=@cn1f73)TN%WNe`t;Dl(*ypu@GHFw`+IziQL%Ims=!M zP+TaqiZNDm^g;-*0`&I>BP*lJHe87v{~`*Ir!KeczO6fMK8~b_E_pIfyCNouV{bL$ zXvkrrPcm7hok7*Fx(XssMQ?6>G(D0O0wzZ*#TF{HXv!YD2wc2~h)=1%DM?+O@m?}X z@CyIh`KSTymxXz^Ngh-Y>D@5r@RzG!$Kg!{44w&WIcH4Xh2b*mzJK|X5b>8EFL zSz{Ot!e#mueQl8{ji>X4mPhkTpk!p7I*G?sBq+03A4VnJT!Vv1@^eVSE73-_wzdc- zdrDgy_r8&S4~#BvBmTy2gNnF0jOceXNMeT#zKeW%x;#~mr{$Lihe`t$;`|{Ky_F!< z=t6*49z%-}HiHrN)FMVO2BPNulTz)?H}5>&*7L_^-9w4%a`r`cACMv>@eT7u`~&>2 zOLF1*-`3Xz_-a!+-r89nx!yZzwKdiGiV6-0do(W(2tTLH;87%KEVM4)h6FY(ajmHL zvD}yf=xVt|hen5_`6Tpc-P))h$A?FJ{$V&+nf#LO@Gw|9f$@?ylAE=?PKD^9jim8+2GZ;Qn##6)*aMQz$SLq(5@spTT2($b z$1t}k@K;lUAk=3eZ>>VqZtn)B7yT8OiAh98nEt?KSka7HC>aJt!4N4jw{ymaONg?z zqwUo%WtuA}nS_PMO)&ZpD+7;03|*}P{~l-*n%fJXP2LZ`pak7#4<+bDf}}2L=Jaim z!8s&(xJG$)m)xfr6hiJV@!ra%92=4AV*eo0OY|@6D~KT1mBf^KfgcHt_^mX>93SrY z>*T}E&Kho6%@F$81<{sflkPOSxwCelSOdU>9mw&bs&(?|vZs8tY!E$!$eN2El{80x%w+6Fjd@ zD$*=qM4}>_G0X_SxO2ils0au@8G3Ma-JFLeE*$eS3M%QS_d;_`1rj6BR$h5+w#HMK z7P_w<(h!K!z_tDQevSjn6IKKWYZ>~5#0xJ>{WEH}R?G)w=THD|hf`!A>(CoR_FNh2Euby z3xj|1v8gfjO8j-r3xfv0dZdI&#Fr@ z)ShezA-4gO2YN({H~0 zo*151ZB+JF=Sw_t6S_lJb{N%LUD#FMU4YiF9#TBt{PIbG*34!8FD()pxCQ7UP$5Hp zn+fI~Q8viwQ~K@A?hV05PUatUxe&ov7N!4ZOj(d_bx_Y+q@Z09kh8Dl_~7RAI~UzBnE_iE zKAIeKe@)ww@zw3o#}-eYQEZ~u=m?rGlfp@X`jq3YRAHcak=-fXZ9*guPkq8`K`Y0G z7CQVk6$5Jr=>FAJ1Sm7lJA`fYK{*U4O5zjvGGokW(6EHFUAb^wH01q9w--cWLa9Fl zsDj*<(hAqtoWj85TH;QJT_c46n}65S{K(@;99FBiStnzr+I1RkQ32K@8?^kYPaa9u zb+wULSilB9)ULe=7eY8i>w&IZLP1xX^U_aivV|JJn8Xo&rO0heaoRkrlsLUTV)5l?w=$reri zj<9+g8Ian0N;YMc$Z7whv2(g2*0|$6x)=vY^`v{QwQfMEZaR7y#g@xKo0hJ>H3AfZH<< ze2{7Bf8J}nqLKwlw-43}{DoXC`a&m^qswBMUy@7BRw9TdU9?{H1-efHl+n?p6_G|8 zCXnY4GeXf!q&^Borkx5i@+^9eH3L9Pm^SA=LC{XZ*`$2{)a*WQE{7Vy^ptIfed%setfeL#=d zW9!C$VGrE$|Hqi^{}~gc2635FxNDNeLl|Y+w-@R2>~sF{@D(7f>L-VHeyp<4qs&%E zq4P)eCbLLDgAJw!o<>q19lFUt>N&oR3DNlQrJ<&ctP)=}G*_ zYIcHS+-p5xF3qQP={U0S2nP9Xn6?CDX%^z4W z9T<1R+HH1XTUd5(kM_#F;RERfIMjsO3mO-IYa~|yr&v~w62mcH zDuU7J|Lw6t%irN#^BI2jhwlFw>O{7p)oN&H=Da))b7amGz4o;2PGfF|6i1PVk6wH0Dr#te3u{f^LPD z&_G!@I?7>d@LaM`^2@qOlHraTR(*F(U&FwwzQI#8xnEm|gP`lQ5&8Q-b5m%pqSE~H zC(U5kP|-e5p}D}I8(jl|pphdq4!QD~*(GKA<(fPk4?5$HfIuy3vWecDb@Y| z6Tm5uZKHP&;|WHOqG@WqZ;#}fO7lyn3Bg6yjLE7iTYb$OXT6@*Ax)rQd&i?lSTLoF zle6h({`Kz0>(Tn(KvRIJVRpd={|_8Q7bv9FwACYB`NQm=I3o85kQ2(lS3Y6Aw8DaX zzZQJ>2^tQn&fLlCl+;OIQn!}~Jo2eJ_Z+FcLwTUgKQt|>q*09vYJ52EN};)G%i>rn z^Wpn@BE~P!xRB9PPZHR2gADA7P_WC@HsrIGYs>9-$XUhMSeHzq{tt6PIOcxSR`?tL zwEwEcIq1c%(McYTv$Pam(Yh&Igk|wV=E3dD-J+EL^j>fsCY@`1d%6zoeLC5{tuqJT z_6KZ@nMd>2uLeA8Mh#x?2N<{nw?kb6FR$0v^9nXx>QRVjk6fc5^~KpqND})%6voYM zBuc!QopND8L;W`7rzFlvjonEd=eBq8tHJ`7b|5#@U?y4NV-^K`mkKsLE&6`{AzC!{ z`FA(P7w^9?W0AHdCyN(424PW)Z?X$l0kwfDioDXqh2*8wl3(%V<{B=T(gSH%P0oB|?H>BuM;acd+TQ`{QOoJJ2K-DPVV=p-Y0` z%W#m{>L4FiO+UQ>lyb=S?zA#r5t;pBx6|h2?tlUN6jQ3{Ll@0fMcLZlSPZkJTZ&h` z!>FxY-wyd6q}{~KdmBgNti4?N)bj?QP+t;D&nEDTPw6Dx+Lb7LG`z{CC__$C{U_6L zA1{=T4;H36O}NY>CBTD@=<<3eY4-WAZYft<)zaBBgj1(H61px}0c;ON%N14n_+1sk$6E@p~w!hW{5UlJtiI+9>?;HPeghU3t5f+2aeP zn(y2_dYhZdW6EKZU+6J|_YRC6kY}!jSLTJ668-fSER`T6ht6)p!{{%dqyqmb7@Uy$^w&@QlS-5bj#1ry3%NN%kc9Q6^}z7S<_Ym@Ky zTRAr5&sAo2Ty=As!PvY%ZZ?MlpgM%ET>70=%?mtK@YJ@9-;9pP=J%LfLyIbAb(C1Ru!-9$T&H4)+K$a4 zBp(2KHyx`tmEBU@jHg(egn*=+aY`|F;wuA@VOj0!48B2kG_d=?Ag9sg$R0MFlz;h|+2CAKLX7#J_^N zq8~^gXOwF4K+wt?5{OH_#Mbja;7&qzLMDs!59vPMD%Xqz%q%8RVTVbi&|ka(wD@x# zmV`#(OeKU%Z=e@cuec_5t0sO>7KsW%>K)}m`0){4RYXQ@Z>w_s`1T?Em0%p$5m}Rr zS>S=SHI_>jJ=DNULa=(&LSUsUxmG`i>?I;M?NR)D($QjPh~^Tfj=gBm+w}X|tCOtJ z7Z8`o`oN`lW*xYD%4oY8+sj`?1*UEF!D+V!d$%w1;6l_dBNcF-Jc<7ke9vdYw*0j8 z_U=JHN@7Bj=JtA81j65ap`Gxcp4bPw3(9#mKj zP(W0>KiH~a9I|v<-kj5~MX3mUGwr^Phl1}C`?(=n8h@~Q8s^)k5+L~|*VM+!6`L2lhHyY&^b9i!ae zbiOKFXL}n7D&uVG&rk8fg0i3Yp+X2tE;qCcp|&xn1g{7RnvzvvxDpI8mr*|Flgh%L z4dX!lzs*{nTl^Hx)dEjlHY!?_IVX#L^8@PNR zMxR{M?;u>L4+|y4CF4m3lzHCBW-L!A`#1$wAOHRvifi!wIxwI4?lqN2trmWy)Z7)& z`2BF-dF&BURr~ENlQ5fsR}Fh>YrWYEt|hIF$xBDnKC|nhOPlaN^Q?0Ta$vZ@;Q_yk zgc&Dy$?#2Y;3yJGaa3I>q-JD~G2iWO@}Kc&UrgYb*N?v(<(nG5!2-H;qp- zAZ_oU(drzkj?{jHe->bm-Tnn-`K3rgl;txo8@J{u8bV(JXl``Ce@+gFDk!FV6qERZwgwj;{$PfFD<(2UgGUgN(4An`2%dK~;(pZb@?VN%2!MzQ%*3sPlP5&|B#+A67`cpOPrH8&nK5Yv6Wc#H)2)p{84209gFcWgjI6c6vzB z8JgF@xlZm6y8L!_K`M9~-;v*bUdEnQ<7xII&-yXYz68v=y6;uIiya3>GT8&ys{C#-sg9B zj-;6l0aeYk3rrJkP~D+fW5N+aNU!*Ad2eBraF1?7*gpFQcx9Zj6lP>Qu*$G^XUM9b z#C+FXWS>TbKNqkc?EO7J$>i_z)+uy-@y!UIdBo`&`A66EpT(7eOnqC0mG%0cR~wLM zoOwr2T;dOoJuizcRTSzx_$;9YdHquQDLu5!O%jaiDa#amK*J&I;GqCR$JXvpmDxoo z*DZmnpNdpIY|eEs#nimX;aEc9n(%z`C!K;v?7<(Sm=E{a2RoWlfa0 zqCa>?7BNeRf|&WHCjcA6h9a|DJlsP|YXbPG4DeI%95aO;&e>PKzVR)MrbO}R`vIG# z!F$D`k#AYfu(2s^a+E?K|{pI8K%R_zM}tczH@KwnRlm>X!)og zv^jYH?TpCQDNo=h%$6mE1XZ{$36D-O=)KKsg%ent1uTMxHA+a2xkM~+<9~VkWcyPjLz=LO)YV= zl8A|3SK1TQtO>f$o#M-9oBp5h-%3^F$u(JvH%g zjZ=$wh0ZY^Jbw7S7UqPl5F~nshxru+ZjBtm7%wW=$A??c3tfrH3{HHgvE>$}x{$3< z<{o7x)nZE(-zjJYiMwrf{=!9#n9wrOxx1t_=LjrSjvko18d#-*_da9|yzLvowfr+M zv_lGbQd<=;z@v?y6OIVp`}Lbby=5yclGsdqllwqoTTeYhi&e&!%xJ+ulWRrhThV%H zMrYsoE@e-d>t*!O3*%{WQ9NEJO@ojAv8B8`UB7D>wP`t|1Yq5SFHt|#sxcK#alv%l z%hr>sqY1B+Wks~hnCIX8RBCfQI2no}2)z3x@~s`djDr#R;geObJeWrC)87w+&m-$& z#IRxk>7^QSR0PA@2!ZKqt}xJSAT|tl`#=2&nJ3DDhc7kDmeQ?Dz1mtkE`973OVvCe z_45humqDQ)$E_N=s1?B?*4(}IG97qmUuVz}hs1AzaOdnYNyS9|vq;%$L1Uns-;xiR5l%G2o zi%Ou$COr(A+Bi&^W{-o;`kRU5#ixM%7@|bi&K2k7>G#dM*;q-v44ZMkp5#w^7fnB9 zta^Ea`V9LD=qbb7uhwpR7Z=Y0eP3_CQ;`2^`~pvyGxw76t4*Vy{I!ujE++RgCG~Eo zE|6Q*U?H#X{76Q6g7TNM+9+QAol=wjE5k7?zX%p5RqE=$1JQX6OnRH4o)N3=FUC$9 zts+njF)*3#cIctlA^ICwUlMZ|G~m}>$+WQ}TuYOs@8NH6Rd{E=2+h8AkA1;@Vr#XOP!SNM_(EYg z;p5Rit-8ed3T3#+)@@Y3j<`G=6-5 zaE6s?HW$&%!}jlo_$Vsb0Lg&?1_I?hZZZe~d5O|1r(msja7#K^TJWJs1McN%`@z44 zwrD98he>Bi&1#0hFM){}aj0jos96k4-QOO`(<6Tiu14_NFoT%0 zmGL^-j$M)1EomoT-6@ag{UGEkrKwIOMj-z{uDFN)6~bK}o~1ZEs-d<#&b)Ihst(s1 z1NVmuch{&RvZ935fLSNWCF|6fUM91?Wd*E=1oGD?&UQ=)(ItH6rZ83T7v!say55<< zI2aB(MkFo!l_L}u>w8WV@uzp3pPh9UBd)|GA~y-z2?RT_je&Q^dwGvFe;!QUz$HG7 z6}#Cf`{v)u0a0{?*m3$Tno9suXy_;?i|MynKK}I|YWNT)zkhd*mHo;eQH@)yB3g3F zhIx>nx0~vlq}Uy<)OY<^TD7x$p|m|aAK^X!C!mNG@qMOZOan|F-$qWkY@%^vQQGmj zF0uM&&L2HYx3u=cpdmG28R{8moWU?}8`DitgD>F)Nkxt7lSUFqY3*t)Z>2o!q_*~? z{W;_|5U}1ix8(19F8+j25d+(O&fGR%>05*+ZXN%5Q1~H!6p5gVhh0iPW5{MO@^LXu zx%~R_VYja^p-a&C3g_F4Lg};Ex8MvpICa=jT5fKWHRnk>g1Wa0z39-{Mh%>bZS|Wi zx=hAc*C2Xc$53g~*ZE*gpI2v^D;>1#m3h!E)krGg^KKlza=hH^M$1EHpaFOO?Q)cj zh3S?j5t)l++l6f;oCZp#sn@unHKd_z7iBL;soPE=A1!E{nsDnk9_kn4Ix+%@FFA}p$qz4Av76bU%(m;ke z0QoiB(u#plM*N;H?@W%r6|R$gOi^(f8IWc+zG4}9XktH$l>jp*fw1WDU#WtJBIDNl z$#G^qvpEqTR+GfCVAC53jo07bg1d@U5*dJzlsjZlI8e8>yVqrfZm{gus;6k(zCJ^Fzyna&R?hXC3VKm^gjd@3_v5-3R}b1Z}r$L1gGh%&s;eB%FUK?D&e zOQn&dN}ZqE&ccik&6&E<>Dbe`+)61iKgc}fYM083;?F!kl$vuY4F5^{<>hC99!Ht>;D?L=yQ2VAV6h$P?>)}U0~HoV1mjsTc{)AQ)I>?g zH`il>c~J1u|9krXY`~SSO0v7m!-{a2HL$O)eyCf>-YzwPd)ad%;9V&uf&?i*Jcu0J zD}B&cyR!iMe?IUP_BsY78KjA{^sm?bS29kQ9ddAa1`EEyH}Kso(s{Z{<5`-=%@#il zRp7T50Uxr*KRS!9=XJh4G}UQp!19}^`YyT@ApF}~ zFuJc!Wt9%eeE0aYfSK;8m>eASJ9{uABJRf{p)73M7u;$(m-jq+c@1*|*!}{1#f0B=D)yIlVT9CTcsUG? zD=|3XX@m?-oJcRdEgg<%j`b5z7v9R*xK~GJs66BHrA6;Qxa#+74KX5jv-u48C?Q{_ z&M=t~X5l+pKJMuMnB|z(!}QTA$U)l<8hPncE?H0Nc0UTS;rb~ML5eSMbW?wzHqR^W zK`F+(rVeC4(DFe>>}NbDf3mIroGEry_+WVaE#S;^Xk@R?BFb0T7p2_*HiM$C`QPq`zwJez=3;Wv~a7%d}!e7E8Li`pS{)yRRr}2$1Uv6&x-L)xUHOf3`wG1e%lVK)o z_(Jp9Xt{ORM`I$lP4nz6m6B%GHy60&zkqxvqgxUan0UO# zx%64o7ZliTbZd$EP6|l;0LIYWGA69r=6>6B%JLQWMQ$H@eIFpfp#2^D}_rw#8rHYeT)rs>lB}Nr%MlNQ^g_J zvv>jG_euYz{W)-j&_-mVF?Z^TkDL(+jP5?hC1ONvx3XM4psiNiDYh<`g$CE4H&7>^w;oItP*IT0H$Gey^^H-aGH)>BgHT zfFTawOV+KI&{x+ZlBR_Qx8OFgv4Hg+H)KFg#Vs>C8{Kqc?X(w z*)@tHT0fHXBq}zZ&Oo>Y8`4j3|-vOn*h@Ms#$EOB>5QgLSSrA&@dGO7+Kui2p-1a+iabk1T&%*Vg z3-P35j5+i4^-rxsA>OV=w%l@)sy_wy@l4KTCk zZmt03ffzd9L(}rC!upM5EYfCQv6gK4rgKajv$qAsLJYXza@~Pei@Fr-l=EF`y|x|D zjb$;q;ct@61a3T__ns#396AN^wc%Pw#e-Y}hNx)wHW!C(UPJdyou7!{i^?P)&aKaK z3lx-v7@|9*>VyHYCq1>-5i1Pye8Y~$COV@+X>M8RB~{oci=lxUBD<9+@LfU+hM4zB zTE`Y{Zp|DUd=Q8jNpyH1S-$zqZ#|u_p~IXqW(ep5GWx&k-&z|89wV;5XZrF)RJeXi zPige{eV8=M3E_VcrtY&|yrt`Rkh_n`A7p^y{kYPpO#}2CmdTe8qpwd~XYK5s7P}QU zE4u&16XAE`#NoCln&##w&3+?r^u@~N*l9}xXFlM)#eZ__KZ^4iW|tB(|MQb(sY_5l zz(+9h@s|!)^VTsNlnmV(y7xE;%3AjFkDm*!=?);#^R5*+a$c|@s$_kACUP+UD$uCp@g4%{sI($%bwr2JD3%K?0AI*QxbfKMeDjs1sUWt9}qQ{L6AAN zbXohx(YK^f+gG*;a=?cP{$yby3(PBo54rDwq@1Fk7~m^p;y#5@MMU3{7(TiE&`?(3 z%%w<~m~!juLUaJq}%^cVA(k$9k zzQIn)Q4n9G_@t{G;Y_e2v8#RY$!ubkql*|8n4-kWBNOcZN7!4(Mfr69!>ELSfYKqL zf^Ksb&B=q&AM&@c}so6Nc{EoMna|EVPSp3fw{l_uybUk zy4~nS3Hy%Z4%1IxGdo~nEnBO?m>)%QO@{7(;eFCJ4!+`i`-4$-Ct(o6h>^p7t-JT|{| z&iK%Q4oUHXWO7t1{?VPPUdIHUVF{dhC-gxDAXxG}9-(x7pGZ2+vqTq8zl|S}2^}(A z#d|^Y^%Vg8Ne*iy=y7k2exk7~8nuyAZHRp#B?>HYMlyDFj~8|MS@`0l`5P~x6q8qy z2TRt4kWjfi38K?e>xU>+mOt&L2>#L7xUAPwgYgd8GOtY$H3Cmu$jdOB);FG!U$KG>9g(6`HXlnjbj-W(3cCke}0&tlX%14`~@#RRv$*z zZ$+lr^d4rs9*}8G`{PQjb3+BBK(Mo zUJ?J|!l??p=jS3Y@GdHx?fm$egv_U$1+BQ-2DhV!HEa~B3@zSjU<;zx)czQylY)UZ9A_`mb8-ABri zoJlug6Ad9O`Fz{cz;e~9?YKn z)rtk#H70^H6p{_c2RJ7|zi2ZFg%pf(XK$jsejDM+$V=CrzEE9D{VM}?`Pg+EE z2DZ`5oSr$V*&0Z}bgm(TS>=9!-A8K;Zk=UoIqAmNJwmuHQws(9DzU?Y2~*Rshc5Hg zZ7@5{L^0a8YF^U^P;craXJ@1jcXvb90M&|>JvOXwbvk)I2Vw{{}%}$ghX`tQu<8EvsL4}U{HjxVPdDH5f;Mq(|1ypt?1g#J( zr2Tc*wFHQqBhw##RoW>WycF+9zC=v|CySG;cIS&)ssXCWw%a&kJd6nGiGX5-b$=>a zoev*?wrH^zek?7to#(#yT%AFm5u<+KJq{7pak}iT<=5nVGa&5!C|QnPB8#m79sB3f zeX*^QR>Q+%8;aCEsovp+A-lYMdiF_7Y*9xWmo}EBa^H}jZ6xxqzY(pxB^Iy+_B1*f z4!Bhxc62fJkg>^ssiU(c{I>ji@V=+*o83(@48cmvwM*j%xj)s&9*A*^QyKfx({wZ` z)KG#zNbg-S^X;O5Tr+sIA0uMwhf~uTBbM7hkqJOkx}XC-hlld9=Pp}34FT)>nE0KK zt_PL!@!e^AiTC+5{&c$7*qG|-VHg~tm%v?Y^0hr3?qH?`AG@Mmm!hLG4!Uj@Z(Y0) zc>pm!F8ZKCymCjZo^B={uD?dEd8~6*`&)M-V)SMX3pEPo9jgJc>)`1M8j5I@k!sPZ zhH;hvw$1f{5}{JhtY<~_A$pEj*7=PZLtU=rHv+O6eC=D?u@uB81)jiwsCX$7(Vx0( z4i}&1<_mmJoJ!g?!dEM5P)eYsnzQi!vt3=kF#K|^f;T=rti}qjq=8jt-J;8|ihE^~ zHpTZKy`H^k6Q_F5ql@k(PbisEUMArD+Nt3yx9CkZe4cl@8(EaH(`n3s$D}vJ#^bhd zM_gC(qj$jvlfB$}Un1Q==BI+&??hUXA#278RJ6Ca#!BO7Seim@mVkpWaPnr_^5w6h zB(ZOGKm>y(PxMTpjkIQedlAjNrkhxt{8?-29L^}ps{~Uqj=kVCvGC=o;avHH-hG~^ z5_BwtU=C;QskoqVKu%7N4LcXB-r{4*cts!po&CA`0U`(lxw1gXNJ5UU$WD=3@Fd?( z9t(ODEb%C!i(Brz6g59i%j5e->u9;D;c_Q2M)a(wQ^iyKd!M0X8@FMj1D`TLzmASO zq+e+JBvMtoYFa4T(O93b(QeeMRoO%Q%|jG=4do^+bq;)_K5gF@KB6O_T|x*iOfb1R z&jAqqlDjehe(~$S@n2k|zXsv58u4oHX*yfy*Yk7eY-+sZoeZ^hsEr3u(q#%c9(26K zVAQY46f;}>Nmv-Ek(lt2VmE{d*f|%e5M7>19wQCPB4%baB)??OSUgyM{V@@6wWkqi*U{9p{%2irWu~K4}lW zm~6veZN}tpos_WMSsdNS%=e!P6D}CrH5hgmr`euJyCW>B8issIRhtk2@s>57+ucl&&@tiooNlb>CXa9qCj!01~uwtC&y zw3_X7r1pDx?8I^R{u@*o8%`@>AQNS|`K z&F?aQr*$)S%5vvi>vwjOx7R4Qwk)ku_DO`j%B*gA`omI-vLcb=E|JP3P#wkQ3M~u; z^$a{mEYhbm$uSKvm^REJt^Fy}lsc&sQM~hc%_ySA#P8K7eXlKMPhSv)ft7WL!wx zOO*7j6!Tk1Lwd$e&&(Y&qa`R`n`QQ6O6;!;l0 zPfewOReXm~n5EqA;?ns_@dGlH_()vykAgz@)cYh?(DrOGC{xzN@_X^i_OPDv(~FLR zHv+ZgN00XC;)2aJunIq; z-{e9BqBj<^P0^6Z0Ua;1a&20|zGDq%{}fF&leNTMRIO1xafA3=-YOx*tBWZ`xySa+ ze#W`x$ql1@xK8u_j*;V#0(K&3<+WJ^$gHUqemM!XeP!9Yzi*D5b_8%|xTt&`iPbqb z+wOe0-7NY_aAI+v2J%b#{EfaDRTE*u7Rh}KjBFVQX0lschwvKy7|}Y|q-y#72LjR8 zY@Ca>hKST8Z5naPk6#7ay1}aSjF~#Z51>Nk~gr}D2YT248>nS{>>aLe3pEc*F{(wyt zabhvH^8*yLVXb*lRIYK#_VWYB=e#k9ENhyhX@Ysf+Q5nS4K1#jh@mjU$p`Zz$bqkm zUW%=t-JnWjN=$Wb5Q(Wa3-dcNS3Ll`gk9Q}Wt#Afa*f@DGQObQZfaJ4$WifFMn=X5 z-MP!lefRLG_BKCpxj3cByx#s~mQuZa;!`Cx&BI4uAF;jp@+e0_^xtWug#TN z&+0f|w;OJpE0R`QWG!Hwk=*(a(YmV=sHkao4k-HFSXm)1Qs)c(P<$0`AXVTZ7w7a|AHI?Dv6QkL%+Z2HR z+kF^;P;%mEGKlWlF;VFdhYhJvs-6A;CwC8E4buKkW?>Xi(GZu(h6zy7U z)eF(InQ+E6sYTmU%kp!yKnOKb<^%Q1SXCuo}~%0F=oY`(fU>Z6nb9Y6#&4^1mgB zL^^odJ8})FxW@Kv9#e|74oEz78I!kJ(>;s8pdpe>d00EZ*>V)=K70ivStNJIFUHB% zpPZV~h?6r|e1ad|`ANe-!vHvWzqC>`z>#+9QbwQbr(<6oI!=}pH{{qz8w+hqBxy>P zylELEX4M#MLknk!mx$s!@69WE3{bg=PE8Ki0Ku#Y!+><-m{`-{cx~%$YiohL(x%Ve z*9SL6uyK_mMweh@Jc)3`*Kg6EGDKb5+A0u}-5^8`Yv|j(r^rxCdnt1HBUaa!@k8-- zpxpe5MAmX-ja;zg%NDbq`H{|fEs6NVeSmTyyv^9+a$FNRtAMxFLaIk);6FJOomk6B z%ZUy*kgs5w1%B|5H?FTThg*H{{R`Trr7>xJ$mppC+o5(W$&s%*V0mKv<6VUPqqG+W zyaA4Y0<^KcejXFC4mKQ@9ad5{G&^d!F{Yr}je_o09%g#HwqJfq*tx?QAo_rh6XmbH zJ$PeQM<(pyftZv!e<q!J0_cF%2^vv2Qc@%!$B zhtnu~&I&eGNJ|OhDfcVE%iciK?PhqeqJ(>>eauq@oF4|msFK|TB$+1+Qd&)?^r$H< zRIRTDkjYATE@0& zc^{H~w~t??y1rv(Mh2hKCW}3(*28A|bk05?fufc}twyAm`kLH2R}|D{wooPSZZwuk z0tnn)o%S+AS`KMwasxX(m)n9j`|;Jp7Yt!&IAmXc&>D`-=h1k5^6%tgxL5qf?jxPcksE?{Rid1-VYMl{XOPCA*I&PoY2i*G`h90c4^X9EMy?mN#{f+_qd(o2Pov%Q`2scf!z46k+~OZ&?O1p0>te_G+kW@u$DELRBqWvFy)N zVhc|EdA*7J{B|=}HQaO~tqA4Sn)B?*caIewzR^nP<6gL=P#94zusy>PRO-pkk0pFN zyD{@|mppvt%N*5pTi55x(zy%VrJoFrGPmZRvZr5o(ZwhVN+vo2bhwW;sqKcYACQ<< z^FdFJ-!}es_7z`&j_fZioC6^>Vd!bf zKjvOeKv{r^j=Nzx31KH2i))(n(!FkA$qw98=dDzQW089ka^L*as>t_OSCc4Rl-puS zo}#{xeUzKTUN$!loq^L>u0b9k>#h2|KZJ#auh`SjOHBGdFTZl4k^SC3=%v4Wv!7u5 z@KyIP*)DJQxMEwF8t?D_W4{5{Z>1uUe_k*Mo&T(Pv*H!c(S9lDUx?5Zd*Kew-)A&* zw3g^k|2|`ch+YN$^ZnQ{5=lB%c`x^$=Emr6r2naWCEN`(gB1S#j3M0moBplTpSpf` zweFW3{oa<87ISNl7RuhIlCD?m#^Q+0*%=vQimgh|D&&2eZdV>xsuJOO8yHIeY$EdO zw|5V}qHiH^XXBG2Z7-poV@hi`4Jko<>p%e#3GCs7{ni^Nv6LnvSVxby+TSg(9N5F# zs(E5!A&LO~Q%Dv58+euW?-zGWU+wcZ|Ln#z6T#TSLB79p z|Fy?8IT9kp@vog4nMEA<>U!J1Nc?})YX861TK*4xhO3VMlma>c)Xw9oci5~3pW~GEY5p2JjAPVrgc+k9s3Jyc5)aU#NH5Rpx(Fh z@+I=#D5l{_s*4GI?1jU;j|w(CMr{;&mb!?Sq&a;72U5O+@ym`^s#I#HD@l@%&pK=! zlhK<#7jmoSBzI@*7juDmw=8J@nWa|;9e$gONj#(WA+H)Y-0PExMyCruh!1fYTu;sn zwT6x_f&|}+^zW-tgilpn+~gFOyVt6wW^GSx2voLHw46fNv@)@~g?gB9O!-nN#WXa?BlPA~MP_4_CpMX=1Dy?>%`py8p1$$pMI1r}T zf8RQm2I_8_v=xagkvIT6FT!&_-Tt8Ohz^7V&~M}Vj_u$|L#50Y&I zeAEt<9Xq-g0RrStL)DCPNAx?+wtc}$K9{M8o_k{Ho!Bgf+aIEUCSykPjZeYOee&&! zPwnPL#>Dvvyq%@BzNT6k>72+Y6Pa3dAqU7O<DR7Ziz`Q37g_- zGpypu+wt4SX7;#aCF4;{(V7H{uH8aD0+rxP9Ye>l>CARveKw)tHTFtF(MB07M!p;$ z_ZlaYWI)@4uTEBm6r_~7M~5^Ye69mBiulS6u5kqTjmq`RJ+V;j_Ng<5T*G+$lBFX> zcz;B+-&CpK@UpSgiQcB`o%j=o5M1N=`{X&o>tU z%JoFfI_0!z8ub{8vnArC0l9t%wqWEbkZ6s=D=dqDJxa7+h_3AgSE^2Lk3Q1bo_UO` z?!UL-$K>|jo#2&ERQU^an4R>gqp)~BLpYuDk3-%h`893tMChDRFoCJsB;!)~`9=Ox z=l4q7Gl7t6tQpBmXpavutxw?fdG_uG*5g^W29CooUzqugCd%(J5jBlx0zMy2M?N!D zR)P+4d`xl}!9BU8ggI)_ACvPFcZ-)gW8S4I4iQ{A?ST&_DMY;Iypr7w)d+B~mvcbm zQVp6a>WLJ37q|5_Mh@5O#FCso6MkMRm@>F+p5JGf2KLL*1S&bNVrNCa1FkKL9iJvM zajaS;YQ>}H6?0F{Ih_fF4hsijkqEAVTY>4W0oyP9Wh||+OXE!cU?Jx5Ip)g1RndqD zyZ~%SrFQUT1$4ZbR`F>Y9A?ZT&i^UM8a5%2mRg%N0Mr=&?hK%Qo{_J9b@HSE%G`<}*DDo`+&BqaB1)}go6RtviVb()@ zfZAB@sO#80D08I|NM{w_X<3L9vFdw-qUL-vfN^DA_GR+r{;%F`>Gk&v8G|x0w&lzS zE_@{{?)h%DkK~DCLG5$JoE)^iLs_+ zxZ~oNh_1^Y7fcl{f*d&Epi2K7+(@t3gNAXO@0+SDh#`&!b%ltxOGl8fv{C9fbjt8S z8Rzz_(l?@nS^h1{x6*{l)ncwd-+5U2mxu7<+g$D}%WpFUuFE>-`9jp8mg*`^f+u;n zSE*7R_3m;9*d401@P&$cg!P@#D4|;P(*67FbZ@CA92i^-xJ{nXBh|Tpykdk{S9(2! z`>V);kOw`>>}^42efj&kJwJFH)5ZG*^@LJ$&9(D%Nu*M#gRx{GT3e+=T9Vx3KYu0V z`*SDGd}65#k!-=qhJh#ZGTn>BIhtg%lMZSD1Kag@{hwc3tNnB}c(RkuD2Y zum9SD<+vm6&$~O-s7o4W07J+#d#CH0BS-|v3In)_`{Du*++ICu02B~Jirj*QvBt}Qzr0HTDBU)~ABXi(;0nQNjZBGF}|hk)0r`+E`IFdDl( zaOSThG&;4|(?bJ8-(fZ#d7~|dJpveII6UzX+^yZC%0a*87T;AIgMB~wSI38Gv*H!D( zY|iz99l<=BS(wE6%M)MTsoJgaRL^3ymxZv!@BSmWy&{;QaGNkD2HBrXB&p1y96CP0bt2 zEhXB!*%oT@N1rC8U5%gNU!`^s?muwime4Z?r{>c(Jz5F+^)${L6HsF2eeRO`STIf7 zk30A!EIZ_1DB{f31?x3iSfE;9+%d3Y=~Yp({_`6u)YuM*pAg)8&L zGJaKp-rK+1cyKdx^OZo}Y4FtQ@gknK;mEg{!I;_~wDw^06~!0rna$-l{oCNqAkz@l z^Zhce31(Xp=WmM)LfVF#wW`|ZEpK204`KHna&3Z%p&E@U+8$5JoF!>}g<#&I<=jvq zwqMgstZ-gQlV7}F%R}v93xSndxjX=(vN+a}S1@aT?yCy?TD9WW@GGXNWPNQaQ0Txhkz;T)V zJ0aAtvsUBMWx8u={OtGjl!qw`bY}1{H_Df6*KNFY1N>v`Pea7+)vpxNId}!V0zcwQ(;1VKLcu{QVXRm&oKS zd)A)4ECBy)fRk03c_c^&bC_^9%t6O*bpq|a`; zu8^tr7tM0)_BEqDV1f*mPanLz27hNSf3K|mu#B78*8`d~!d~c>r(OTKv_!T3J-uNt zYg$lTmOTBMcOjU{JY;`G9rda0T*Yn40$;L6%nH+Qe!%F1oqZMl(zH{Q0_;U>ZJd|| zeKo`+I>_SNY;@MAxaj6BpdSQ-{Z)vjD5F8WA(3F|cBuW_c*NG(HFet20c!R$@8(ow zGQ__^VsC!kcNE4IdG8jx$(xwZWrZuUW$?>tSmpQ42kFi@-sU#H5-NFZ`st1Re4B%_ z$l^fF(W_!Kq%t#GM?w`XUb z&=pkjVxtIsLX>q*9=S%%mY!=R`;WN!b}Zgg65X>h*=qRJr;MS(oR6Ovv-1s|P4fM% zXf~vm5hXx`e^Juofr$dWfuTc;dgBDVfvK;;!ja&Ew+RT|r^_^O+QrBOXyNO}j%XOT zuP_WX5xKVIaB;+ykc=Q+ju6^49(7t0i8e(qK`p8<0zr82Cs1G((k~_x7J+;{b7ql= zDxB;xmroVz66>`aDbLPvSRRd#JkIi%$Kq3j?PHHMr{`=)+MEly-P@^X8gW#KjXB=} zCpSns((h2;`XPH==%GDc^5Y+yDl_ybPeh%Uoma{6_M*9(@lZ`itl5{BowXzh7HJJo z3iTFshRrk__#!%plVdBqkRSjOB-Zn6`Bn7t;AF;cu9qIem+a=h3}$|s7)9w2OHARx zY4Q@Dm1nd|wAD#)LV5{S?Gu1Em;C`$z4ZBamMsDv z3Hi80!hLl39kQ>V7$6VNxIa>0p>&x~$v<{X*Gd{rw}0>G4QSIuOj_-+Sle%x2@+cN z=*-X6rZk2So9j`w+pRe~Cp4T?}%L%#nJ$ zGm8sOJk*_)|FUPHVJa3B6!ZA&(PZg44duDs z58jN)-g^hX00zg>Mo}NWLXv`nr#0&*w$=9Fok0BC8j`8}yb303;au*nhfCLiFQ%R)nU+et&^isd~%ReD9rjUK_*!LcivuN``Uc+hHgnDxN>&P*|QH?V2t z{+c9~O&F4pLUKF<$+FYX|Fy!NZ3KIW2DadcH%8~9;tuP`&gw^-st$UG<@?t=nT?f` z0+ZQjXE6+VD6!T#ra^~j;Eq& z7ZOAH`v;Gl0rVf>?Lg9V^~MnvsKJ|6aByBWmlL3vU3_l@*m2Na8-UEbZ*Bi^^e7eS zlSOTe>LMb7wTxsh=Zzn2W22Z_UxRkc`v!~Lth=RQd5IAIjGacqd~sN{?jpZcbnlg* z=chhf#BqFGKEutBiTJ07E(0oMi{*G%d6AVE)4wumd|k5U!h2jkbZeE!5BN(%nzzS) ziUnEd6)R$*y1zFhV?Wo9ik`!MS7_7y40ld$SKYeUa00edT4CgjN4#zN^yE=5s@SxO zhbsF?QQKf)Mcrh9xsNwbhoCauMRU5?0}k+u&jRIjinpowUu~Tr{1X21QU;Xg?0k88 zt#hImwG{?fAZAp8;3jZq0@z5{HlUFbj1CdIESPgfeg1m9A`oJwzOe7|_*R!WEmK8Q zlj9~KBGP{1=cl;LW38m48{#F;@ve7v%_gMhdUSCa=M*U)Pn7PAyU!^?g!yW-Rhl0LgZna<8t-_N7INl`{S?B1`0CA1eVY9&h*%*caGt#Mf0~L ze@xBDdL8e`&8L4MrS972kD-~Ba9pMeXl5I!fu7!B%;YbjP?m7#}q$M80*tZ2=&~ znw}M>?KT~gTxA~cId-9L0viQ>Oq(4n-psqpUo>9nHN9!D-+ZOGb;uWy7$!>@uVq{3 z^AJ6gW;p@5`|b2y*;A_7+5xu2;dK@48BWB$6ZNR^Nk@Tmir;ABQc|}X;?_j$!a(oJ zd$2vNoqak>9g5r3;NL?UF((fZC{5^0qV^}^^nawD^6;n9)k$VkGYS8+H3<3S_#e4y=FkV)k9UT>jdNvK#BO_ii|XKVCihqSRSkN#$eGoj%-c z?{Tc5b){!6xs@+ETwuwpf#56{?jp z#d~cr|gr&+U;3of)dU{?A82$V58e86HcTo^x<&^Bw}x#yr&6HX5A=G z`JJD&8+i`a+F2>xa8r-s$#9_ZnCg6J$$7vS^_%J0*yB#AXN4(`WvHbe`oDg5=SP0+ zyQJ&QOns5Amto=^jr=8TK{dNvmeD4qgX}@PBe=-8Kt}=V`ySKz7b$+wo&b<<2hfFQ ziwcwW`U|%toYr-&!`Yzrp1u=cP*mBW{3HWu7lG{0Uha_Cfg7xjtnPpA$r&(3SThvh z%91UQT9;}NtX4u9pNWX~^mOXBPbz2b+)S$uhJ>u3*9aw@(XLu5-{L2YzEwwsU5s+O z6yf8e>Ek??JaCt_EirbGveao1avlWE4?5c-b(f% zeeaHWEv*!_P59=@#;brG#H!pj-{%2g65|oKrjpfP#z!CCu=_XBj{fko6d|bmsuT6w z>;3|M-20&N^ZiF1FK1kZCj{F2g}84nESXwqt+cdoDbDxpw5=#bxMIrjI2U*#N84f2 z^*UV4XD zM8ijsfz%#7lG~K5WX$-Obdb&UbL6;hj5R(Mv7iXEX5@&fdy0HP$JICN1TI@0NS4*P zuh_B%CZWe20&?uYA2`wDBTxkJ=a?B$|MmsA2)E#FJj%Kk zaW3G#+JhE6-;Vq85)!y-?-%oyzWLtem+^>ke=nn_R>$!{BCU-r?3FSK=9 zZ$(^Fl>k~W;D4aAD63E$fnG`~u8)Q^;6{Hu)&1RYIXSqH-SQ)N>1CFnK0C!nGQHh~ zUN>DF$rpe;w^?j?`KSjmamApL_t}(U{f9rl85^tDNK6SfYs7h=#b~{Pp&r)A8CFHOTbZd1FiO1M z={I~UvQHj?Q`7^#^m`N#2}mBFu)^}k!$SRSOpVL>n>f4GcgSal;?Hh7T+4u0zVlnk#?7hKQk*v$ykWS$JWH~} zVoRRBSoLIksXWHP30N5#q$0#_tlf!e=i`8jJq@@M5d!rUs`VUw2t(G`vLPANttT&l zf|WZ07O9>#RpLoUB0q}B&FSp;AOD%b#|8X`d)>UrGJ$B(S4dkj#Ls4i4Ws3+wJM42 z4%n6qrWEP|*2*O1IKtxM2WR;VVl6O5GbCt;vU48gyF0o1w*EQX{#5;Cvzi+M&JC@!=npP76@ za`TF}7RAFmffc!E^V)JK?@eY<#oJx*#2dP=(pvggX$9u5pgsIif-z7@Qa*51IEpcA zwwtmUkgG<2o>ASG6iKgHt(N?i!=`}#29dP86%tv)l~>X5YKPg|P5fFv^_Fs4zT_ii z_wu%XhT!Y@+?c+?m|Sd>Up-5i-HuyM(py5G&*alo132PLjKTy-p`Kiq%R`-mr*D+X z8%&5Rj;R30JJ-6wy`@F?)z5LOqm0$EL#)o;7-6{{f4r&uKL2}rsW32zTFHdk?kzN_ zBLEbWW=f#5>0SL~Bc$^Z@C^{Pqe!Q{qtNwXhJUF$1WLeHY(-pw)_~)>YDI&x(+88T zE6rXzqyq1CiQ z+$VY?wzOR#e=C}TNq|7v_bnK|_+CNR8pqYkVGwZdj7ab&wh#&@N*7UCXv&-u~l?|nM$Mgad;b%qHs&rpN(m2V2~ZjE~$8_Oyy)j2b+KcOLRMKZ`N3n zZUWLgh4#@&UTBNA2)vC{pi}cb6fP=w^WpX-Pu?&Yd`j7e@fG|e8xXXjs{WjylS_pa^FJlqnpr6JL8q6V%`+0V4T4}CXtd~lU)r1HcZZ$ehCh#Po1b1=xr zawA{6omA^^uI&fXUXBU#%bruLg98|ff+LX#&&XxlX$E}FpEvrlc#%#E9`#^4-q1xQ6=-~wv{kEAz=m|#_oDy=Z~aocruYFh*I z-cFwHzV;J?FMb|90=L0i66$*darrYWE6N%7=zmPI)}@cBt`8*KsfKi12kaP27IM6c zSr{8#=Z=Kr_37c4C}oh4$g^|Oi!c@one|wl|6~_^-vCJkDfe8-8-AE!sVG+pQ4cC; zw@qStKCmCTcr#;RFAN<|!GBOux>dB1!6l+BEo~qDZb5fx2N~&a;~YsZYcPH@IKR5j zP|t$+dRTQ&MOW>M+PIhG(;>^|=9Y^ub>nTTUk2a`Pe0`D1x)*%T)${==`JcgB5OXz z^)`qj^a{P*6xsPbtV9!?-Vj&e|E>8c-obCAvrb3N=`5SXQa9by7&FN-)QfRjo;E5R zwEl&-l7+5qT0zc0+w)UJ=ms8mCJQt$|tk- z(dMp=@E~Wdy))D=Z&A^NvwTtK53C`@(=a5LnBBhkf&iNJh|M8S*Cuux@^ld8U96KDaDCG%c_XhKx*K zR3L9ZNp0p%beFrqJ(-6;!et%do^Xx4PVGvV-g()czo>f1(aK=xflIg&gzzpans0G&5byUw(w^G-ypTFIt$XFkLM0FE&)XkuvOE-xf8S?_&j>zW7MmjU)iy_>EnVSxg=Gc96W+ECUrWY6FT zm;Gi`jQe6qCHo!7;N2FA$vO&FsdPJ$6+9M$<9)3+qJXa7zFz}stbnJ1_2>nSH`ilw zmbsr$KyT8PUJ14!x1Nwf`pR_RKyU@oqJ=G$^&Id{fOonCxv_ZK0rS3l?K1%^^$h`D zan+nk?SO@Vb;^qtH;u^1p*`?*v-tv;zDy1N^7Q(y8mY9u;s?`ffvu;bAc7WjzmkR##-OGhO1djFs{zB^e2!(z>-vN8Hc5VGRQPkyR!7^W?ph;Oi zBt!2gmrh3in-m(rf52%}JNMvu@s&E2>rt_Vhx=EL+3)u7#dk37;EkNeU4UkY`EDbJ zd*k!4EKD5 z%9rNiv$BoI6{4HJWr9ta5}aP8e7+dCVIk&AP=M(GN|b$~63Ph8$pB6vJ>DgS&ZT|dh4r;NS z$m#-g7o*dYiYsC4JpP02=9oV{`HPVe^Bo+USKgDvtBMi{7k23zwk^!<&+L7wtw*yKwirPg7u8-TOD1evCvoJfhhR>gl&t;fbXY3cL zH)4XERq=xtcUWiBv{suZuHukfT$hn0do#6-$E|$6!Zx5bHP$51JUvm1*wQ(+=%S;V zVJP*H+ayfp4_xJu$oNVMDT>Y_J zXhd^P_RF+hw&|Z-*U#A^krHF6P=Va-PhG#f9_QK|^h!OLlUei1k9~iR{VL1uD9^o# zt`9LlzPQt_wmAGjswRO;DKn3q25fQ8E<*~K41&HlnA?F-Ke*nK3C?wBsg3JN?}yNr zJP_`b)igY4D5PJGr>F=j5+5)KQ{Hx(X@eiVA@jY|4plYKs^o~~ET(*5#V%{FO9`#~Z9) z-G3DP4>)%u|7E;Ic>;rrpdOWKUz&2qEQ8yRAiZq(-U(qMF_6S>yo_|z#*-g`9o_`8 zSI?~XR?CcB-mE6Zd}g9ulrSu1Hf0|PQm3+xVwf|uGb+AH0|q3jHhdCMJE3T<5UuE3 z%<2K`1asB{(*&IPL`bqO`{ng*8OSs<-Xiyx* z)_8WDD!%zTLKj1ZLG#xp{|C3N-*B=6o##~ip9l7}fxfj(6w$&vYvGd`V^d9h#j z#oO-(euD=K@2cG46=7wz7~LXW#~dN*@9U~@%Q6CZWOa?hvD9&i?-Q@%^peWp;h#JR zNS3*I{W~-$fIJ35vl3@WW`N1ta#cj{u z+}u0^_9?0iLH3)xXleWDzC7PG=2cay@Kb_||Mq~wqJVjadsASE@kic%aRFSjDmM?VcNAj18Qir1Zt9wfa zW*!4hhIkdO&fokOKjdW$g++*1^ybVj45nj$WR=akl-Y z?D~0v>69t#Q~&4FicMN2X%OWgUyH%!E06GnA(VP~;xH}a>ZNlOM2(3qfy-O5GjBX9 zT2ge_TQLoK+o&+$eM6?mRO&hX{!+sF(*Q@m^?)V=?rz!l$?m6HMG-Wn$| zyn8u~*K5f2Ss_(hPnH>K&A^v7x;|V4Mf1;rscmEW%Bw_4 zz)71}H=q;n#{AQlshS_<%l#}bPlAcO_<9DDCrt!fykgC#qy-rto>BYe1@hvHC~mLG z*3?)H#t210T$ZI~k433h^X{+QtjEazTb);T&`B$?+Kt5OF5#{N70Z+)0L7aNx^lJ6 znX3iF$##EIO*i1MQT5bu&cgX_&3E0CJ52pXqD=g#5$H=vKciRiK527v03mUkN-}3} zg%i=T6EN($E>r~9)&-_#I}1!2-;ny=k^$PDiA`=zASLYVqtnbQdww@whn_h`y0$PN zxt0JGz`3MKTPg*`^&>kjES=G-mW!Kr{G7hh+e!nzB$+7aX6^lzga2Y1Y&3p^4jbsl zr%9(9WVci!Hm=GWB~@HuvKws8hA-5xB-B;2sVqHX`cqK= zcQ9J2zwgqJc!W-I)vafJpy{&Upv7j7fUc&%AsjM%((ER)?)?17Mr(QhcPe2P8HNSD zuhO5@%Ay?n-a|Qf^$+^T*!2Ns@Jz-!y4b!{>!y(TjEm`sD;j~=YVLLJYjd5-BqqTH zy9J6cD;K^P_m^p{(e%EhHdfCKep06$?Aupd=~gbrlPBqkb^%tuHG53IOj>_1!q$6q zG%)7IblF7)$RjfM1}kuieoP%(Pc#&p-|6x~aQt+Vx$L+2Q1X*iD>m(Wx&*OQFD_CG zjVs|x17$M}P&A~t;x=8mZ#hD;tDH7Nyp!AYBx#y}o*ZMF?!S6~6$g_4Gvt@gT&I;A z6M%E*hlv0)0MIzUC{snr#N4_@t*^Kg|{stvMHJ3Yi#mcDM#o3px9GYEG>;r;TQ85?8Z! z*3!dK6&tNKDvZc*EwZ^8SHb3U=gGQ_Pa_Nd>82Sdky{tsJ#$EoN_s7M^P?fFmI*WC zQy)!?bl?r|F3u^3 zUbwwYGvTyd7*mX%dBag4+IPhmzqvPJseo5tuKT#L6ln0O0EOHS);m+bF?c6>RNAyN z&t(AQt4QzgmN?eA=Wuz_lTZH|K8EJg&%uSh0e(NH%0_pIQ43P*%1Yk%)LUwdIgy|) z{`ARpEoJ92%=so|+<79VLX(wgIp!wZyRF$zl zRz$j4x|VKOVqsyIh3_oh_w(HM^M3F98-KEU=A4=TT>qGvYxc}2w?4JVTxxqc9a^z$ zAZT=gcgr@`My9R1I3-pdj!$yWg-e!#lSphM*pQZ<_BtU)5Ovha&8X@k-a_~Bm)fl_ z7Ziw{kh;6iYhqG^)}0u^TECYID=PKum3#Nz{U6OxKwc3SEB;orPqMZ2)0DaLpw_;B z?-|*Whv!=-);n!$Qo-zrxgH&Sy^=KcBZ0*02Oh4etYY9w*JCKxh-%g{T+B00 zCMpYu*~?wz8^D%RX0ba~I8p`_u<}nyXw6%5o33EtPT!PI6{lFb8WkJSp4-t&DW7{} z-^=;$_N~05F=XS%G1XBx=qw6_!L#DWUtL|c;F^dW{~DAA^VsVPE8?%!-)vj9NTYBn zrBk*|2&QDa?UWZOVal=klYaF|g| zRoA*imGk$;$oJVd$A@TiFbnjy6O2*vZ3+~n*DW)T(7&z2r53-UjskS)peu5y0m7ekt8M|W6f9cxmf7x)` zR>KRvN9hdOpiF*^&{su*$DWCY4?L6C?jc0Zs6ji)Ei@5O5I)`j9aZS0yZ5&*XzD^Q zXIye?vdqbapPpoY`7;3s2>hq`S3q8TnFo3UU@{BX9`Gy(ME4cnp@Trb1|Urt2wfn8 zfj|kKcridApz(xExW@C(Hm7*Q1qwK?3Ajo8F1~OO2p9!?l7hiv@l$fXGko6(tVRL; z*L}?Rzt@2F{JTaW{9K$?^1mfN$BXihlB*kl$?iXIn8Y&+|F{9D`Wn!V9nr(>?22G6 zlG*AOD&Jq!35v9AtkPP{-U%8WV-iwY?Wz1eJWbwK z^862^X$_mQ!)3q_hUX~8Md3}M{nw=wz!@F{JbfM_{u&{#^1?WDp||yeh&Ayq}Zv_Jka`sFaTFOhvQ<)B)}3 z5f=bc&MWjdoCK6|V|Nr!BIE$H5-@3goBDTVO&9^_h2uPu;ZNZRZ&sYZJn;11QI|gy zn99-~ZpS|Z9{j?48s2LMqXc#t24q4_JL|a?9|4y|PVtlSya9-BEne6w^L;?wDG#T4 zC*j4+ry$UWVAxDGB7qp^aQ>L;gW=W&mD1UW3!pE3;)4Q$+xLO(v(e?-Kv9j@8_Z@4 zWq}>PUta=|CQFr$UEk&H{v*Zdc032t(m^Hs9?ebA3y1rI-SG*!J z+O#`Gm!}z{xd!_}H3SJDG(v%913czWDK=h^Gp6h_8 zep{*$;V@k$_$F;mt8yR_0NhOT&y|B_7-J6S-Y6VDLo{sW11Id?CcqYH(FS;fOdM zz%%8>v??)f5EJjPERVxXJ^^Ieoy3f&#f=!i zZo{hict_Pm5QV%Z`9g8{a&AwPCFIJDN9Z8IP5dB`h=nQqK%k+c`km+$UUz^R zV%U*456JeACoV!F0C1OE7hW;Qz?!%45(7%h)o2`I=z+O4#IIih?dZ$IbCgftTEl0u z3_{X1TnEWOUe)!{=Y_FMqtO%GpnJ5S7m`cPL+uK9U^1}sL&OAn>!Bc!N41~z12i7) zJO|yL>$)JX#|p>5Y3rbr+UXcDQu*9gMW+csZv(aoyWG3>@&PRer0<`Xla3X^RI8Nh zI=uyIyw;7eKEib4Gk(uN=A>bzC$-a17y<;E{TySgP3@J6GG6+t1#~zwb?ozz`*_0MZU+FNL~Ws1)nYr`@?76($i`pS@iE}W@4upsb#1+K&Hl)ddwogmz7-Ny zejH3f4w^k~6^ zwjDpyfc|nMSQa09wtL*OiDv!Ww2et+Xhcj;v(g}>Ng%hVJ<4!hw8DEdRVHnaBpCd( zRTQyQ>>ft#29LQ6vPsw-y|&AHVl4sNdN%45{i|4EFaf*Qf1z*CM3*|}x1ej4Wd;H9 zA*?}(`cNG+ZZ5oPtR|m0k=lm|} zLC;%Q8N9a}jQU}+);GDo6j(_H{GL6&ap2&f>dY}Yqiy<-@dAj_`Q&C-Dgs$o3^9o_ z-%o88nWiEtq7s;WhZ(|MigIDZ@z<(0e)PInOo0-+rDGoA9eE^N}sHDV}bu zsIA2ej$Q=qoYo?L?#MuRsB`KD_kmi+`;i&e*Fm$@ z3t$>dqC31FEQ-aaP-P`jds}>4tPY~j-Pt#&<5FFdB>dP9I)106AKZ;rNfxfh*}J?0j1<>~ z8(4L^A92hY!((!moLM+d?3La_SOjzcE(*Ko)>H(pux|9Q8H9ZQ&?tQ%b~7MfbTLx} z2x!b4cO_sHFf>1tgfoKAEgU(r1YSUz^V8qkohPB(I-BywcR zV^@BuAL%**CFA+(>@twV&KQd@t2&FbCa7MQ2Am6h+Y`vIpm2?pfE_kl@LN4aO|n*P z)@cyoiZah|w!+1~Gj}AR6*Dm{N8k#PcB|o%cUGIF59O)-tFR(i+-yH`vRVBa&`3vM z7?2NhT}4arbOJrK{%>cbYa@ewPUXNs{q_A+gid1!!x$@%gQO%ra``gM>xXv18b=U5Y+aYsQ!2MT{j zL3SU^IG-tSMj_0S?pFds zM!l0ct7{s)d~QtBIqf4+OFO?10}8hZ9{p}|#kd2J@UMGJI@ zdzf59iG)0q)?qL z^&zqU+|H{h4V!Vg27L8+1B*4&=5J50sH0dBQ?akzFe)@=$gZEEkrrje0pe1hT5;f( zUz6;q2~j7_@;t^3YQ2&VD6?&Yooq~Zz4To3LR3H6Q4aDi6uKznqJ1R2#v9~&8UsA} z9c#rqQ%7B8L7a&qoZFfcm$mcHMNKL+{fLC_S|9>*kNN}kjns(u#(I*y7CxKEMfYCO znILXUUualS0S3cUQb%u5yFZYXryJwXM--uk$PkFQ-~2XF}Y zqq<7eWC8+f%1W%?O{`JtoXFdy5NFKFRH24xIC;`qk^3GaEZb%;qzieF?FHsta*xYv zboq{K9<@BMYL7DTWSr#$VC+%L#zJ z_Q6Sg@tU=0`{w4cI4z82TSk?NG%UNXGgPEFw4OByJK}zO@6-!!J{Ov)>&~GN9`rW= zl*r()tq;t_brhRxF$l-0bM?0KRVCKLRdH8ocI3qw-_ zeE77GtOTj)lBhGiS%^A2SmVXxu>I%+Qij?fCLY*g!||TlKSgdogGCI^9y?v5*&AWE z<*a(Hd}w7wtY|*EuCul|L!1p+(6hnrIW`|XNCKD7v;Hxf7{E1o4=M(&R|A!udln83 z4lDXBkiyoyqm33$NWCA#KN?(7AFCbh_ZL4h3F`whrk_X62woYObu2%hJMdC#ys_Cn zdKgAJ9cRP&7{g&e2Lc&%K}L&Ebu!YzATOBc32tpr0RaC9)(y!-VYfxkigpM(WFXX~gy5s+dC=Qy{_6rdbPIncg61?57?V3LiYzn$(@S4b zp!0k|RnsR%{m*asUhC^WiXy;Y=pgaL{}HfD-qrbcw)?-cg#l<;Zv1t#?i1X^zp{Y~ z+j#JqL{FXof7aU}t-y@?KldlY|Ml%(W&OKi6JVJ-C2c1gKfz@{`0c;4rB_Drq2>Q_zX*XV z=)X^kxC3|or>y^h8Cd0i@p4W9FYD`V)=WeszGM22j!f{%_-D5BzmQA*EcE{ZHu?X7 z)e0@iKUDUA)N=_xgj)3f+Zg^=O5uNJC;bn&mjBAeqm8F7{)6`aK(O{NyZcvJegCSM z3r|_#HHr&uD07!HlxjX=+m^Z6<$dP^!o~L4DhHvdQwsQ5jNQcux?Z^#SDjm|ui25- zUn6*WgTBM}<0o&~?}XO(ulroKW31UlOuFUgRn*BDC-Ox+U3R5~(;TR%My-{@T-Vd- zu6?4t_DSa|T0ev4vKZ-Qv3|l&qTivw2jCz0Gd3w;4XxSkww!#lQTX<;S>a+&`61KY z39TMjgr~natWl>US{>#mex}xg-A&$8urzs&Y^(AlX;AOMzVlhcRmZVUUN79-x7Fsk z$$g+TXMHRuYC}^^GDWcMzBYx{e2g-F2@C!SnH5=;s_A=d*$gRKLqE)-nf-G=dzl{Q!YRn}!aabvv}d#Xo($ee zOFGFSY>Ow!T%3WD9DQCR*v3El6Vk=;9Xcywqq`$2;k(>d_@e#?kFFjp=`4DqC{Y;o zAn-Sti-Un1_^*?rsbYo_&@+@Tcqn_Csw(khJ=gSoh?@ek^n{@`%{CtaoMqgw21%HwQkj*sUrHyX@HayLPeOhOKsYdA49l=X0Ox3cw=>h&;j?UTu8PSzKcRc;7E~A@e;)7K}>}$FXFR9Jd60^ zmred_&lQGBUOp}S)<;$;rc^^ZJk;FH2S)4vS6zg7brp)7jE9G$)#^T9Sc>bgOvHnw<%WYp+IXI?S>(ceDYl$!5>zum$}zj*I|OjN zW#g?ZTALI16O!Ktxe+x{S5MKQuv<9JoolepW%hEhZ^Bh6iL=~@V)K1gGNCsMoha_a z;Fys0jSaQ9h5O+`()xppz%k+_IoCreO?v~MOVvDS4ZMLi97)f9M}0pP(phNsndna^ zKz_;d{_%r)%tgLzdx6)EMrUzX(hWFbU1h&cMXl5{S*6O96=PI4fo3=zN}9tRT}Ll) z!Lw=hJRX@LZr@aB5%bH*BHPT@8U9jRUz{z4;xC9}s=YlyGnwB$tHYS~ZM~E}{e5lx zkaUR4d*2UD#-I0zC%W~d8?QtwlgI8jh&raI?|or?zwJ(lkn41irn#}uK?PssVD01n z;Qh?#*TJ_{CGFQgOn4KM=jcd2+DP@q3w zTba-OK{a92$05kRD<&SypTXWXFUL(f!uwNIh0Bv{PNZOs;5-h(*QS$cM4%@-ZFTP9 zkE-7Jnab<|;d9=|_5GgG`@I;++<}~*`V!Z@uUKL%rL8*KQzBamBI*2}C=?#3hKcQ^ zFp)oF0jox+bBVe4Izw@%h@YPb9jKbXY!Ix8VvM@XK#2kW7 zA*KM!rP4>Wnzirx)rp)rD!STYb0!%&tuT|1Ta~`vjldlV>#GW>OR7B)trod@s)xag zN{TA0DQ2)O?uHbavItImFeuoNK9s(Gi<+OCGMF4`C|j&A3;T4TB>d`g>8=E`A6nk1 z3lge`P0wA@DW&icx7&>FwhhR3+;$SpT8N?WU^+t*CEFcyw?ZQWjM2yTz@3Uqc-Y36 zbtE~Z0_I~fVo6VEQ1$J!ra2RgXCi+L zwo^|N)A~(ySUvKLduDdPauZY=Sla#ro--l+03+L6|K;x8lguw7lOGzyLV`q;v*%5d zZferKrq`Q!CzE-36cuRn@dsVnYf1M_;;i`(mXkjo4fDPf$-l4o)Hmh}CZ3-611&dj zj#C`Hs%q43^piWKjNA7^!wd*ZUT0w9G=*3tv!aZAzZx|L6$hKLl=Qr*8qoXB=k(a| zN8-q}YEmFFeg?Wg+Eo+#yQREGHV^oJgo|ysttf zP&%Vak&g?*Nr<;3peh>-q&dussEl72PN_) zlf<4rGx|hbtok0#)f-@TARV1!lq+jit>aDEg=meF{B2>xR>F1vnj&8pus}(T9dG^v z*+!|sgJHdzfHhU#ImhibibHC^{?+Xw4oHgKR&h?n#VCnSeZaG?B!r;-*K-77Mh$}QHl@LR~}+W0gPPbUMY6i z*Q5D7`$Uv25(-zYSRF_e?h5Du!}MhHdH;3Nm=sa{ovH@oI zHfLIf)PTRuLj~TPZqohA&bM_jD#Z&f-`)yJHWR9cmat4xFcn0{wkK#sVmSv%@MF6a z=E3A*Aq>O!ycIaLF1wFwI>So2$(v4t8zFpp*D%qe7c_f0FP*ZG} z7J8m>@7iR9l)Lz1UEaPs9e%`h9!dL_MJ{Qu4-4kW!nU4BH5`10&Y4zASSmn;otus6 z9hmqj#D7{=$N?UdlY{M~Y&PEb{T-Ue<7|OB2FwC( zK5b&*koAf}x#{S*2->fzG^mq>shK8nJ!%8H(kZJ`AsE^|n<-g?0r zZ;HP3#yS)Zc7?5tE>)r85^^D~g=ZzsSHYG-gp{5}SL#lMmQPXCc281i?+HnPPu;DJop{IPM$#UA4zo0cHdt-Y@}L4YxgLLf z{W>ZkuWm4v8!1yBeCkC!?$i1fIAT1@&tt5uDRGe|MpPVFSOy(U&+tCP-1DUXexqcu zx>8L?c*7rBnlcZwAC_14$+6@S^_76BCLI;ZXj1qh5j&(4rxFaO7KgH@%9z2;ze13Fir=t zV_!*nqvd3(bq`=WLbYRYzsH@Y>pnd>k|QwxVISbvG>OaLHsbw4VgojNK8bw;q&Q zvg4Pqr>!SJ?vvjHc51soLT#&n(at9-JUi8Mv6j21bx7#slRpA;oO-*;d-Q;Cvvb6D zE)8nSApb!E_L6QUUnGly0`u}NM?XA?OlD+5_&4{S&(H35O5iW6Cp%3FI%H+uC` zDI}pdj0pIt|MrEwXrr9hY;5W(t=+v_!A3ptDQU`?esk-uCxC&qM=1c6;#0WiMO|Y5_shaTT z<^iKNBoAvD9_EeO#PMPeHElDNiZj=Ve4%bDsxuKTEo1%Q`aWpWYwOx&=3mO1PCUa` z=~*2lCyt~d36oYTsbA->RY)kQ($Y8kdP<&N!vQei(PB!>j;=5??gGAo^|(=8$Iav+ z3KO3{y;&XIW3$S)=Td7o=+kU(uCvB2y_Xv;P{rn86fiXd)6w-kIx|GC)avaIEV>8! z6^yK6X5!1NELO?h@#!icaxYF(LMT+NXkF`4CpzM?0~|eFXWv#N#U;P0D%y{jX-j~% z)9m@5(0M9eNTt~``E)Yv?1KCt!A)j??N+W5**~pkp6l;xytQ;MF>Q?^BQ3U^%N;ZG z@!b$dCNJdfeAEytux$wy268Xh!=*Uzby}H~;LC~{ACHEQg1V?>`qX6DzVJI+RNTXo zR9%;3F)<1Cgrou^gBIw>AYG==l!kKXy_pAQ23gFtnulEDK2;LKm4*wwn~U37tGSht z%9PcrDkL~3(&-kO~AQ8l=G&3fR=wLsnld4k22z&G}mq(~(+QyhfDuTD+ zM~mC*=^GHRq*0es%i0w_XMNnf6gbEfKnWS5TSFxPTL@yibK z8#rkJV%gQ))Uw1Qe!vS?Hr8^j0Y8JpSL8pZ8lN`Har5PE6ER=)zu!D;xIv*{=Y);W zx#zNErnqj{Fc?NPW0mPDiZpNmpM%+sPtG~+Fk>;{grVpf z@Aj&MKwS*F@4T$tq|2-V;rwHYdS-6WU$o8xz35s z+!ZuyTngtUv^#t;8LpF=p2Iuevt~kb=p*{!*UH|j`@HpQ;UvQw?*}5fR6dHH_M(-Y z)W!p@!`6t6O{h!$ns9UjYF>+j>OzA!HAh;>q&RDR!3WN9(UAU!%%r9xww zv-xA}U23w(H!D(1l>gmc_{+9?r~tJQ<|jUi3d&5YY)PE`Y&f2Fe97!sMe_)7%X8yG3<1`U?)ijn!3@={zgU{F zY*A8BCdi*M%ukICAspVCCHscJ%@R>)eQ^?|aN8*ImlHqhExQN&);Dyf(ReBd``xblM!6|@m8fpYTqLb z=(Ljff#09}`7HpTs`Drt|L{EAT0e9}79yU$n`zsb@yGm-%Y^$Kf?~A<61mGv3D?R~ zTZ?+zjJV=?nB$E@w4_q4G|kl$qBsKOitD?#OT**xv`bq*<|s(76VZ;i@HeRwHAwA3qG$$+?Onc%z?N z8zYyyHB~0M_ifd6%&u_twM`|Dgr_D~MhnsOSg1EWtMrs@&(a4D)&57!?p5s4c!q*s z`%lUL?05W6nq2>(%gravd{`5|N1ynjuPHF&zzZL56r~hnSfc(cE&bzVyYjIan z5e(v@i|6hElk)4wf6x>9-?0@-DI33_e-$WmT0^ptpPk*$WzdB48XDCK`X9MTh-A@hNHlAi14JNO?uU;h8m`2+lWWFSrn zKr-N$h#*dinKp51;KRSHr5m8?|L3Oj*Xg{-!~YCMy~cL{*?^Z1e{$O$9iltMoK`li z?x|WGzG{q_>YY|`$EkMxu^(CTK;2$XfrGSJR^+Ver9q13D;R#XS+VXWrrPFaz3mpB3*(kc@2CjlT&}oe-l=> z9gR&yXKgS+b^b9vqB@p|=Pfe=`YrTlhZa!@`sGS$yEEUok28hF5*8I0w<_S=&KVZM zIi6wM%tx`k7x%e&PWxua>zPUyZ4+8>??NG$D3Tz%KZrXxyt#cW$7*i;x;+1cHjvir zwHSuh!&X13gGT4)Z5OGKEgBs*xF#aV zo~fXV^YR5A;JT}7q4(^$2<6+W7FkLA`gG}aafZIFZiJFjEjj?2jdK=M# zv1d7`GHj%A-c?{v-Kjbo9h&rsgFf*PW!mp0ejkAIIJscGrHbTMb>$|}_F8c9y`8~Z zE$cSq=DL!>3i3>^6z1y{&mlDA^N3wgc=yGHHWnwhnG7fhCT{K)J@OI0 zWYY_3y=GhT;_%kb=AToW=2!1%3rMPMp3LhazOJEP^WYww{z;8SKutU7^||7kCM64v zSSB5PE;yLPx455w&5f(C&yLnZ2uYp5@YFG7F%TDhoRLB_Mt%42CHs9&Sy6;OJhbLd zLOR;e#6!Cw#YtF668UZk><3fFE#oYNz^BO<#9AE5og$WpVsZW|FLG4KuMV!tm`LKf z9~9qMY%;%=&+jjo?rMmkBZbPrLwWb~jttHdHmfCzrdd~f7Ksyup6o5b5u?5qg54JH zxwML9jAF+}ZHyn-bx>6TZ@oOfSb5~}^SbtTfgPS9^n z)r%V6pg*bj6Lt(`uq`8kmQq@$dH;0b)zLCm07Ineqd|T$UOUrzC$7>WSbGq)f0MIx zdKC>@kS{d)#C5I2I?}$?hI`P+fRnk)&;qlWgODz@GS){h7= zc28Rhz+4x?waRqIUo%og$uNIqB;Y1Rc5a^h_+tAwd7*|dr(ZNMnx5NGEFFU zqu4iUXO@WEjsm=L>kU-^Ng%&Vpl_^TrUGPD(oHFg&LfgdJ*@B}?Awq1i#Z%g;_$xx z#em-T$z)#N*Ib{|QP0t}Lf?cB!taoPRM=9K_ZJ%?MAZ*%NIOxJy|8;$q>QDgE z#zlJsscq=9iKxz5{>~2!1r*ALjdiGB-pBK?J0XK}jumUp1!4uMFK%{@z3O4xD@b|vCs^TWauXGudk1p3q4QB;h%u36L|)B!TPdOMT#$n zIcmMjzu0X@zw&|*_JL(5fpL?LjO|V5r(veay((i?PRSDd|Puo4n-3U`HUsUlKLSc0EyePGxD|rFQ@7&*7vT_AgE4 zYXpS4Ljrc3#>o$Icvg>_scbg+=I`lek&|SxZjQn}1{-CqZ<3?TO2ePwYJdE|`|F?N zPBjI%k-hF-4T)I3k$M%kW_*bzNU;3D2dGs1h%`cG1tn2WA@8fxGwGzK*O1)%*zras zSiu*)+k2gr z9q8Dgd_4J2ocDtD&AhVTSb0}uuQ+fK4>8*Mkz;~7W*}(8tgQUNH(}8>!_RJsk*D;v zeB<3a5{8UZZ*DW8U>mX1)6<3@e8wiHh2Ja}HngD)#L*Giq7^=kG%%U%0Op zGuh?BaTjw~#&ovl%N=KoDgTYz+g3}Dwy+#Rgto-@0{Vm>e9uA@LJwN#-h{X*Y7qrA zx1v-!l>#dB@}dd#2scgwI(dDZS+fxQF6EWKSlAva9V+)+ELogVS?G{VtU}%cM>D`f zQ*3VZ2ccbWZMF{d-`DkVadb>yc~djmwaNUEU&?>5nX*~!p*NusX88HLe;DnJ>d=|c zj(RR25H!A!c*%Fqtw`YrWcf=V)&eOl!bTPcrP6MY*sl)HJ8AP($V!$C9L%(5SKiQ* zeX*=yxGe0o^*l>gIo2-tWoYLmIV+m^H)P+Tf~NeUf=rt7@zC20g519zWL5bTAltGCa+x@@;_wc84b;g}BUu2kg zQa^Lk&63uNNIi56TZ@4gi(J%rZl)WaMcq?H;21y$YCF63M7|o%c$?kZLGR8DAQY(j7!^C^j#r{ zuSGcSv5G-#JE75{JdFkBT#y#&tLU3io>^Svs8 z#_yo_?UV|$Ipts`*OYkVL`6M%;M^Zm!k6orlnjaQ7aGtdZMW*bGB&~-3w$)7VV=8} zba1coTK&cT@DZ(k*N||wbb5Gk8n!VQO@5j5!$A?<$m1768-DA2a*1&8jhxj&2`GZC zp5htqE9bK;HHX#K+x+WxXyjGQik$1~TJ8#Ir=H1}dlKJ|M zUGMJ{13T_gporjool?g`ZI9~3^~$%xYASnC_F)stW!rj%Yh)W-*N)~GKHa&rd(x3o z0?Ckw;KNEi(0YcmBi5>U>_v#)$=m@#4Zbq90z@2EMGi*KcR|W%G!7bli9a1;h|y2U z(_C(Gy7!aSQ6w%45q1$Kkx|i(A`IrypsXK3ZP1IWSbtrr$kHWJyd<=BS@ViX5dU;{ z%T8xYpf)?f&`qV3YD0`;>fo#G4e_R)hDhv1IFjUVXff<_*25@@cHn)pkyvQYSw+3G zg7G|@MIuzi`tD6Qc<`s%3D?X+zcqjC*kY~90+zd5 zZIQonl(ooz)qp>>L^dtgy4vLlemshA(^;vr2sro=gwl8oEz?!>Ed{d6DedHc;ZiB& zdp@mXKirFmxas5FNB%E}?XQJ=YOkh!Wh-VxT+`w8*yT1j39ajL<}KW4KfbSn$Xnk& zS^YiT{e8e;$@PJ(tYd9nxV*(EGgT*QNQ3izPF(04om{Nn?J>QYWHWwv#WEEkTYbMZ8(T9b zPJR5Mb6H_T3#_&!L9R)P*{U4Yh|Ei3o1Uyao3-)@G_lyQ{E(WQd&2bH**MpHbyUM7 zeU>e5RQ<_}+N0d(+6Fu{-7;`Cz6crnx>Wl{*4$YC9&u_4Ur?Aw>Ymyk0>EqKu(7w_ znknG{a@8eUz5hPOlHh(-tvf=iJ)M$m@m2yW&Z98foX13Yw3!uma%i^SWL1m=Qv|wg z9vky4ANDI?M;vz+3lPsy=J27n3TOv!<9T|4Y(XS}>QOKOol)8B<2ZsJDGNP6w421K z>%7rX8A@Z&0`$vN1ot`L;Gz2J%#tqDWtCSws<1p3RI^!I{Bk=k-nR-}`pkT!zhRJ? zN%PLOgL?7VGKbWfM!;}vJ4NQZrqTu`R9*P`#)t;9d1>9On~a;Y!TM>&285^1oDlb` zv+MoaS9V*@Bsh(Ypc{E}Y#!r&^J~xND}h57YqeaquDlFmROZwfp0CviZwZ<);UsG5 zTJvm5fX=8x5sqBwD@(O22TO^?k$>jDE>_45BHUE%-N+HSqE#0Q2hH^)3PRkrWSawF zo!k9}OJTqAHnd}}qYrx&&<*W=je`m`1HE5?l@5pnC-Z66U;!bcW(|Lt60)~&u|aK> ztRPd+ILohh+bJ0iSd4_QaDefgJAyAeUNdqqE1Mlz-S9&B{aCV%LRHWVUCe_vW z;D<;;-82$c2v=j8@2=u0T-8nYE+&{11JSKlT|<3Iq*)4c5U|XR@5_c4Z*ER#Its~8 z)});H2v9R`3Q=co;c{}5(1nsaYMS+Q$Wk#rZAz&HUvWJ9 z8SD$yUy^4&~MuaWo>Pe0|el6#~cO}mqvDESI{snB_p4d5Qp+%CgZ)G zl-LvKsd#hr_wW^s!*w%orVUsC6^JV7$fV{?<=%YESrwO8=0vSpTk00At|GUm!4CMS zW!%H{wIZun^WHUTNvfH5J$ZRNmaZkAX+%&Sn$+nz9L@QiX7eZTM% zdeYhAc>qu!B2jb=P6H6{4}yD3Amg`@*F{Y?6HZL?J+f2vgLBihz)mTt($3O5Qr%3?w1iK8Dae; z8V4t}$4=LAt&gv)8~47m4Ej$H z^vSsC#493zjq$;MQ>?llT;})`oeqfrK8;>{;D$JC>T3rMH!^%kN z=&!*6`a>I4cYUDD;eE9;uhUy&=Cn8)+yPedFK&$SB0#+LT|Krx!wA~JU}q1vb}7sY zpG60X5WF7e&^&1zIT7#DD&`@aDd_WK)G>mYs%^`A(3JBY zaQ<1m8{9*mU9kdV{5>KzLrOE{^}Wuq+r<$| z1>j3uB7uJ|g@T{r7h7C(Z}WeY9TMULxM!WeSV&3yLeV yeCTDS4!aKm#eL6=2- zxtfpD62HoDPF>3oos*3*l0~5=1ijb?Gl9U09Y8t8T)PGcA+rdM>2lTKSou|k=Y#*^ z;8P^d8R>o+hzvFoB!ZESImPp;+kVa1w0>)!Kg2flFJk)v@!!NY>EFb*jSCPhac|CPP(9dR z+%}Ov`ep22U6B{=Z<3S}k1D{3deQyOf6ncQ+&@1m@B#flYLJI9e^{(oFx=!GLq#sg zP9F2SuJGmFVs&56q+H1a0s`y7yZEYomxSY%*wTF$2deXSy0%Rq+nx?Tw_wTrCwBEV z2~T9s9^y%1p;Fc`t5oNt@aIz(nr8Q~f0&N{iJ0d<*zf*7 zYF`Zn`di(&bB-Fnmh<B059n z3qAW&4sa`lA>MixNiYom<>^1;*H-<}VxIM(zC!=B@BfF8fF=;=Q}g^E`+B8SCbj0) z>{}C>=7@?akD=8GFRD=f8SV$%fC3g6#QOkq26kw%z6Jbm$yX2f5T4ccd-K z&cyyCHF2}p>0NX_0I&hpRJ<;ia_rUM!raf+pHTdG^lTFD$6T5TRf&d#iT5vt!!UYf zZG`lvdv0wyMJL~^m37X4&+&%Ekv}NlI}8_j&=(Wbckn_va@mzeRWdIypNhRsCyuJ&@PD@z_qtC-WV6S#Pn`yRcCFu$+*0QHBg~RQg z9VK`nnNWJW6q;M=keqRu50(48^X>yz{LE`Z)xLR^8lA}asb!MbnSp@%+I;(e!d<&K%vJ`+lO`eLnuk6RQSN^u8 zexKl7W3%5nQ|&_DO~oPgxj%3mVA@-wX2oxLzP#2zs%1#`O6)hAc+jJ7K5SD`w2wGh zJ3gF{`KgPxTb)L$Dz7+97WOj5^75MI`RQ%&XXp23z>gQ*Yu8_3IZGTbu@Y%s`QdpJ z?V5&wNusc48uZF++pqRbY|#=WM@(^wGWP>>Kc0^3&kgaU@js_1ZcF^A6H3uCUnj|( zt@3;0X&jfkV$de;R&m?>9sfqi$?gF*w5@6b>UGO1+)caUp_+~`BwG`lVmTSTtzyY| z6jf+)m-~HR0sQB1q|gDEVr+iC6jT^q{($i`|#!1z&d!i^MriI!p*C z6dW!3DPC+9&e013Dg7{NGxA~_=o6_L@u3>+8Y7#z1kss_9JV{Gw~qS){RR1xir3su zNPB>x=ymilnn^sf$>g*`T~q6BLy~D?GkL1YMHml9_>p%i`=lP3jA_HqXL;J1QzVsU zsw2;uu0VfY^b|b$OikVlS)Mm4Zf}$CW z2Ea?+R_ZHW-3?Dbb+rFIIQU-3~cB$mIOc`L1X=5zLvf`%R&J{fY6#}Iz zFUe}nrz)!8X$=bt%b+xn+o-kfPaEPwbQI9Ax~d%c+_+Q$Hm;R7HDyXr8{S*S(TzXz1UE z@E7VU=V{|Isj<_2yvg<5MwIMO-1g2r9_X!;fK}$HKM6g!C0a6u{n#s8tx(;^b@@?R zUdM79zuntpU+z``^w?o%T=j3MV3GM$bhTEZKp%&T2Xn}ROdIC3^5ffeVyRoNVriSM zY~$(W!*oxfEh41{YfM64-%D_;_OETSM8v)GYUa>iIK7>PamlkF5MhlnnpI@CDad>i zMw7cz-uz|4kHD?Q_>}N%)>nAkE_hBv0X2DRKwX%sGqu#OgHT1xeX;=i$yR8@OzKK`;GrHYBYNl2PXrSlYc!zaCp7a>JapF^h!<_+z zYA|NXIjDMNP{aJX)@vCHA4ldlB3Cl!xd^h#_-$_=k~;>ks`Ao~^ru{9r0mE%Tu(ue zIwZy}Y=D~BiA*hh9`j3Y7!ZUi*y(3be4xx6|0XGDA$bN_0*?Ov9j;-eT$+sJFlpycsq80jPisG(ZHrV3NYv5FHmbq)SaV0$-RRq zE%~SJ-B~1iAsX5?J>&KX*v@4Jzb}9%sx*AfyFf{C_{Psig@eRm{jbQEG zZ8H75FQo@poH?;5IEjO{OSP$XF1A-vKF~-mV*0Jf*XWSBNuiU};&)OsQSB3M483 zPDl&MzGP&^OpmREMD}H-Xb3TeWXnv+7DdP&B3t%-XOyQz+4p5gwlOlcVKQTQ@94SS z=e?fydaw8V{=KjJ{Ol+w{MUe6iU=L1ytF#qISL~s@~HIx5(6}H0^D2HaRw`HaqZC z&#W(A8>i_md2zU-OYr_gzj}q%-J8~Ju@Tg+~e9mlp{@y6gVolBv`N7tk5D9aXZahDMs7Ah=bwzx*`N-uvs_TlT$C*IM#I#6KL$@$;!? zD*o`AN&dZ@Blc3?nb*nKa3aXwhjRR~Z#be!9+__vk*8|j2X0gkrDf%$w;b41fjlSu z_ub4x*r_8@%~LfA)?QHU8|0KHj@hpX!y5>tNe9Pd=8FrMFUUzn-PT(t34Jd*h|UV|KAXoHgCI73A%v!A5~198+3 zZgQ}BWW=&JBYt@mCk-4=H*_N|H5 z$|10774Vl+9eqvv8K``tG zZyL>GDW3p(?DWU@vR|(p4o(JV*!p#TdJj!wK^MZlGibr2I)~1P+V8P)d4>q*hetE(G7gcE-Hp{1<@_L@LL+;Yfi!nbS%m~@{%73~F zDigtHROpc;SHwftNF+`>g_adx8|}Dn^o&snD^A6qBG%ayZod@aW;M=1xyA~w-zUYA z;R^euY|0+HvugH`2{>DfA{&9xoHQODQR_wRIW9JVZJu^pFi~GNMYD%tScHy=qzWaI z;qaqy2>_K(te-+_lUcUOf*-Bo3kml)fUVgyFlmzwF8sh}w-s$}o$R4xvpsLQDv_C< zxL-zKodE@zQy4~%A@xNN%hg*ES(XWcBzlONstL;nkHeYiC@}m%ksYU7Ec?7XT#D*? z_+;#Pkfqc?lS_V%37u35N(hS2xO!x<>EfVr#Czx8y~R3Aig+VtRG)@AdZa@ZCB*m3 zR?2s@wS=GiZ&2Bq;&6=D`Lbu#2tz8HSg+hs_dnW(H@@^m@}FZvHaK2HF5;mtMk)!z z?7l^sDR~{lFYKmAbXc*r#EP@jvJJUsiXdGeBL#m!Qgp)4m;>G(Tq8;@0$ zOo=JOa@`*mAJ&iegY9V3f%gKq(P1OY-q-1fm?&@k4ofwJQI$%50}`1$I1l1=88?Bcxm96_UF;H z$mWm4Toe`4^uP%RxTy~=mlcl}l z=0%gJUUNlLolK7mqE$iw9vT_58SfE5-_3(I-`pcJ2IYT!;^AW}++Z^9=W;t%L~@eS2wB@wP~~UNFYv zCxecO#NSz(&~N808QQM(&N+GEZhZDDIH!1!h)Ny*6`IjTUMHNSo zU_P2d@YG@T`N?)uf}`2qoJP@&QDwx4nu*IRQsP_r*$lISTY6aIzK+T!BTxpy&fWH* z(iKv;Z?tMj!jj(7dUD@IgFjWuvMO4UN{khYpL8Y21!O1Z!U(rh4&ThSWS4XVkXS=p zn6p70yp)@LXlGs{Zom+lI9H6kR_C5`K~+_0rb{}h7Uf=7>s)FfFAdaC*vshrV~S}{_*&QCu-kt zpw7l09wuqcNjcZ(C*j?!p4lRQ7*I?^h9?SEJYe^mlwFgu3j%#2I#cZ_Azc0l7J3dN z-Hi`4LyKqrE;Th~@R^30k4sI-*}9^)5L@%(#^-VWyzMPglv%nc9f!f!YUVF7oCaM8 z5F^jn1^r9`m{O(pDOSS;)}W2u@X3$;sAn%JUWzzh4V*R9H8k>O4FQauZsA;IxXcrwl{dC6C85=n!x;#-{Zoj;Z)^SY^+A~;lx4%REw;Ec7 z`(#@Mxg!jyk+&Zz{rnYW&F`-y35%cX8_@Kg1mNH=(k^n3DBQ?d_cKDyazCq z^=~j$=NC+!_7Sz;C#^sZ!Si48+t$CKPorP*TL8H)HT{wt+yCVCfJWH;Z_st%0J`!= z{@?DU_Q(Ob6u&&|_@5pc?yG($#C}0&AlU%u=A;9i_Q+paVDDC%S_UHeKZ*FkrGf_v z@vUEK-4^_6^K}B{=|3+O=tBX|3k+y2e<5|?1_?o!W$%C9L3QJ^^4?i;gRSDxZvR`k z@8-+X7RG&Fees2hq2}W2oUzhlb+GusU5jc@taJ!GvCOj{QUx2ULvA?t&o56@9<2hT zc2wV}u%!r^|2-_2Bkf&21p-mDYTINO zwUB^-s)rrmYk;`x2<)r6pG<%H_xeZP!TN_h>q<&;Jt%q7V+f;TbIkj!kvE4lcsiauVu&s7)FB?KR`(=JYVUNx#i`aZ$2qxjuAJ4go z2|-tjM)s(mJw2~mR1CFRs$!Nsl%QMC{oFOd;nj5K&CP1LcmC)zAcR7N)a;Ve(w z4l+lPi?X{$860eHk6zv@1d(7^5NneFm{O8^v<+Bm_#x>BpN@-b!!~oMaW%&+)Yyr! zijMp4V&->VR*|W*L6e243s+z+8{56DB_9hPt{Y8{PW;*QwiG?`kh0)pQnbrJLTi|p UzvJEp8vl^4_I0gdjaz~L0;n^DlmGw# diff --git a/packages/awsfargate/manifest.yml b/packages/awsfargate/manifest.yml index 040d722b4b5..37333441ffd 100644 --- a/packages/awsfargate/manifest.yml +++ b/packages/awsfargate/manifest.yml @@ -3,7 +3,7 @@ name: awsfargate title: AWS Fargate version: 0.1.0 license: basic -description: AWS Fargate Integration +description: Collects metrics from containers and tasks running on Amazon ECS clusters with Elastic Agent. type: integration categories: - aws @@ -15,8 +15,8 @@ conditions: owner: github: elastic/obs-cloud-monitoring screenshots: - - src: /img/metricbeat-awsfargate-overview.png - title: metricbeat awsfargate overview + - src: /img/awsfargate-integration-overview.png + title: awsfargate integration overview size: 5108x2522 type: image/png icons: @@ -30,5 +30,5 @@ policy_templates: description: Collect metrics from instances running on Amazon ECS clusters inputs: - type: awsfargate/metrics - title: Collect task_stats metrics from ECS - description: Collecting task_stats metrics from AWS Fargate instances running on an Amazon ECS cluster + title: Collects task_stats metrics from ECS + description: Collecting task_stats metrics from AWS Fargate instances running on an Amazon ECS cluster. From 0ee2c30fdb19b0b698ea5287b1b6378b2b3eceb1 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 20 Apr 2022 09:01:51 +0930 Subject: [PATCH 02/23] fireeye: move invalid field values (#3099) * remove event.ingested * move invalid field values Co-authored-by: Andrew Kroh --- packages/fireeye/changelog.yml | 5 ++ .../_dev/test/pipeline/test-common-config.yml | 2 - .../test/pipeline/test-nx.log-expected.json | 65 ++++++++++++++----- .../elasticsearch/ingest_pipeline/default.yml | 20 +++++- packages/fireeye/manifest.yml | 2 +- 5 files changed, 72 insertions(+), 22 deletions(-) diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index f828603684c..ad0171aa23f 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.4" + changes: + - description: Move invalid field values + type: bugfix + link: https://github.com/elastic/integrations/pull/3099 - version: "1.2.3" changes: - description: Fix typo in config template for ignoring host enrichment diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-common-config.yml b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-common-config.yml +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json index 82d2fda1aeb..aaaf3deabe5 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json @@ -13,9 +13,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891947350Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-22T08:34:44.991339+0000\\\",\\\"flow_id\\\":721570461162990,\\\"event_type\\\":\\\"flow\\\",\\\"src_ip\\\":\\\"fe80:0000:0000:0000:feec:daff:fe31:b706\\\",\\\"src_port\\\":45944,\\\"dest_ip\\\":\\\"ff02:0000:0000:0000:0000:0000:0000:0001\\\",\\\"dest_port\\\":10001,\\\"proto\\\":\\\"UDP\\\",\\\"proto_number\\\":17,\\\"ip_tc\\\":0,\\\"app_proto\\\":\\\"failed\\\",\\\"flow\\\":{\\\"pkts_toserver\\\":8,\\\"pkts_toclient\\\":0,\\\"bytes_toserver\\\":1680,\\\"bytes_toclient\\\":0,\\\"start\\\":\\\"2020-09-22T08:34:12.761326+0000\\\",\\\"end\\\":\\\"2020-09-22T08:34:12.761348+0000\\\",\\\"age\\\":0,\\\"state\\\":\\\"new\\\",\\\"reason\\\":\\\"timeout\\\",\\\"alerted\\\":false}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":520,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "flow" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -82,9 +86,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891951511Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-22T08:34:44.993228+0000\\\",\\\"flow_id\\\":175370876476591,\\\"event_type\\\":\\\"flow\\\",\\\"src_ip\\\":\\\"192.168.1.15\\\",\\\"src_port\\\":39808,\\\"dest_ip\\\":\\\"67.43.156.14\\\",\\\"dest_port\\\":123,\\\"proto\\\":\\\"UDP\\\",\\\"proto_number\\\":17,\\\"ip_tos\\\":0,\\\"app_proto\\\":\\\"failed\\\",\\\"flow\\\":{\\\"pkts_toserver\\\":1,\\\"pkts_toclient\\\":1,\\\"bytes_toserver\\\":90,\\\"bytes_toclient\\\":90,\\\"start\\\":\\\"2020-09-22T08:33:15.122031+0000\\\",\\\"end\\\":\\\"2020-09-22T08:33:15.193693+0000\\\",\\\"age\\\":0,\\\"state\\\":\\\"established\\\",\\\"reason\\\":\\\"shutdown\\\",\\\"alerted\\\":false}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":475,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "flow" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -139,9 +147,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891953408Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-22T08:34:44.993227+0000\\\",\\\"flow_id\\\":1285126005631046,\\\"event_type\\\":\\\"flow\\\",\\\"src_ip\\\":\\\"fe80:0000:0000:0000:feec:daff:fe31:b706\\\",\\\"src_port\\\":44535,\\\"dest_ip\\\":\\\"ff02:0000:0000:0000:0000:0000:0000:0001\\\",\\\"dest_port\\\":10001,\\\"proto\\\":\\\"UDP\\\",\\\"proto_number\\\":17,\\\"ip_tc\\\":0,\\\"app_proto\\\":\\\"failed\\\",\\\"flow\\\":{\\\"pkts_toserver\\\":8,\\\"pkts_toclient\\\":0,\\\"bytes_toserver\\\":1680,\\\"bytes_toclient\\\":0,\\\"start\\\":\\\"2020-09-22T08:34:22.763974+0000\\\",\\\"end\\\":\\\"2020-09-22T08:34:22.764073+0000\\\",\\\"age\\\":0,\\\"state\\\":\\\"new\\\",\\\"reason\\\":\\\"shutdown\\\",\\\"alerted\\\":false}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":522,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "flow" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -208,9 +220,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891955258Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-22T08:34:44.993286+0000\\\",\\\"flow_id\\\":222460015300681,\\\"event_type\\\":\\\"flow\\\",\\\"src_ip\\\":\\\"192.168.1.150\\\",\\\"src_port\\\":51082,\\\"dest_ip\\\":\\\"67.43.156.15\\\",\\\"dest_port\\\":5938,\\\"proto\\\":\\\"TCP\\\",\\\"proto_number\\\":6,\\\"ip_tos\\\":0,\\\"app_proto\\\":\\\"failed\\\",\\\"flow\\\":{\\\"pkts_toserver\\\":799,\\\"pkts_toclient\\\":544,\\\"bytes_toserver\\\":69825,\\\"bytes_toclient\\\":59808,\\\"start\\\":\\\"2020-09-22T04:48:48.282697+0000\\\",\\\"end\\\":\\\"2020-09-22T08:34:36.067255+0000\\\",\\\"age\\\":13548,\\\"state\\\":\\\"established\\\",\\\"reason\\\":\\\"shutdown\\\",\\\"alerted\\\":false},\\\"tcp\\\":{\\\"tcp_flags\\\":\\\"1a\\\",\\\"tcp_flags_ts\\\":\\\"1a\\\",\\\"tcp_flags_tc\\\":\\\"1a\\\",\\\"syn\\\":true,\\\"psh\\\":true,\\\"ack\\\":true,\\\"state\\\":\\\"established\\\"}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":611,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "flow" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -286,9 +302,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891957082Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-22T08:34:44.993501+0000\\\",\\\"flow_id\\\":1463569002949603,\\\"event_type\\\":\\\"flow\\\",\\\"src_ip\\\":\\\"192.168.1.15\\\",\\\"src_port\\\":52147,\\\"dest_ip\\\":\\\"67.43.156.14\\\",\\\"dest_port\\\":123,\\\"proto\\\":\\\"UDP\\\",\\\"proto_number\\\":17,\\\"ip_tos\\\":0,\\\"app_proto\\\":\\\"failed\\\",\\\"flow\\\":{\\\"pkts_toserver\\\":1,\\\"pkts_toclient\\\":1,\\\"bytes_toserver\\\":90,\\\"bytes_toclient\\\":90,\\\"start\\\":\\\"2020-09-22T08:32:06.355299+0000\\\",\\\"end\\\":\\\"2020-09-22T08:32:06.439495+0000\\\",\\\"age\\\":0,\\\"state\\\":\\\"established\\\",\\\"reason\\\":\\\"shutdown\\\",\\\"alerted\\\":false}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":476,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "flow" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -353,9 +373,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891958935Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-23T05:02:01.175635+0000\\\",\\\"flow_id\\\":1136872856843530,\\\"iface\\\":\\\"pether3\\\",\\\"event_type\\\":\\\"tls\\\",\\\"src_ip\\\":\\\"192.168.1.99\\\",\\\"src_port\\\":53918,\\\"dest_ip\\\":\\\"67.43.156.13\\\",\\\"dest_port\\\":443,\\\"proto\\\":\\\"TCP\\\",\\\"tls\\\":{\\\"subject\\\":\\\"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=fireeye.com\\\",\\\"issuerdn\\\":\\\"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3\\\",\\\"ja3\\\":{\\\"hash\\\":\\\"21536525fbf9e289f79e0f98af64bb59\\\",\\\"string\\\":\\\"771,49199-49195-49200-49196-158-159-49191-49187-49192-49188-103-107-49171-49161-49172-49162-51-57-156-157-60-61-47-53-255,0-11-10-13-15-13172,25-24-23,0-1-2\\\"},\\\"ja3s\\\":{\\\"hash\\\":\\\"9873b112313d7c4e5e8ef6207e6c6f0d\\\",\\\"string\\\":\\\"771,49195,0-65281-11-13172\\\"},\\\"fingerprint\\\":\\\"2a:6a:46:d2:05:4d:7b:22:1b:68:02:f2:ee:f0:09:c6:ff:15:e9:58\\\",\\\"sni\\\":\\\"cloud.fireeye.com\\\",\\\"version\\\":\\\"TLS 1.2\\\",\\\"notbefore\\\":\\\"2020-07-01T00:00:00.000000+0000\\\",\\\"notafter\\\":\\\"2021-07-01T12:00:00.000000+0000\\\",\\\"client_ciphersuites\\\":[49199,49195,49200,49196,158,159,49191,49187,49192,49188,103,107,49171,49161,49172,49162,51,57,156,157,60,61,47,53,255],\\\"client_tls_exts\\\":[0,11,10,13,15,13172],\\\"server_ciphersuite\\\":49195,\\\"server_tls_exts\\\":[0,65281,11,13172],\\\"pubkeylength\\\":65}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":1146,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "tls" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -460,9 +484,14 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891960832Z", + "category": [ + "file", + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-23T05:02:19.906154+0000\\\",\\\"flow_id\\\":1444203537876422,\\\"iface\\\":\\\"pether3\\\",\\\"event_type\\\":\\\"fileinfo\\\",\\\"src_ip\\\":\\\"192.168.1.222\\\",\\\"src_port\\\":47220,\\\"dest_ip\\\":\\\"192.168.100.31\\\",\\\"dest_port\\\":5601,\\\"proto\\\":\\\"TCP\\\",\\\"http\\\":{\\\"hostname\\\":\\\"192.168.100.31\\\",\\\"url\\\":\\\"\\\\/internal\\\\/search\\\\/es\\\",\\\"http_user_agent\\\":\\\"Mozilla\\\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\\\/537.36 (KHTML, like Gecko) Chrome\\\\/85.0.4183.102 Safari\\\\/537.36\\\",\\\"http_refer\\\":\\\"http:\\\\/\\\\/192.168.100.31:5601\\\\/app\\\\/kibana\\\",\\\"http_method\\\":\\\"POST\\\",\\\"protocol\\\":\\\"HTTP\\\\/1.1\\\",\\\"length\\\":0},\\\"app_proto\\\":\\\"http\\\",\\\"fileinfo\\\":{\\\"filename\\\":\\\"\\\\/internal\\\\/search\\\\/es\\\",\\\"magic\\\":\\\"ASCII text, with very long lines, with no line terminators\\\",\\\"state\\\":\\\"CLOSED\\\",\\\"md5\\\":\\\"548d03d3e11c009da833e6e59c4adfee\\\",\\\"stored\\\":false,\\\"size\\\":6394,\\\"tx_id\\\":0}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":769,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "fileinfo" + "type": [ + "info" + ] }, "fireeye": { "nx": { @@ -563,9 +592,13 @@ "version": "8.0.0" }, "event": { - "ingested": "2022-03-26T18:20:15.891962649Z", + "category": [ + "network" + ], "original": "{\"rawmsg\":\"{\\\"timestamp\\\":\\\"2020-09-23T05:02:41.077232+0000\\\",\\\"flow_id\\\":206535698492848,\\\"iface\\\":\\\"pether3\\\",\\\"event_type\\\":\\\"dns\\\",\\\"src_ip\\\":\\\"192.168.1.176\\\",\\\"src_port\\\":60269,\\\"dest_ip\\\":\\\"67.43.156.15\\\",\\\"dest_port\\\":53,\\\"proto\\\":\\\"UDP\\\",\\\"dns\\\":{\\\"type\\\":\\\"query\\\",\\\"id\\\":28224,\\\"rrname\\\":\\\"time-ios.apple.com\\\",\\\"rrtype\\\":\\\"A\\\",\\\"tx_id\\\":0}}\\n\",\"meta_sip4\":\"192.168.1.99\",\"meta_oml\":289,\"deviceid\":\"860665216674\",\"meta_cbname\":\"fireeye-7e0de1\"}", - "type": "dns" + "type": [ + "info" + ] }, "fireeye": { "nx": { diff --git a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml index 265a574a53d..011d76d056d 100644 --- a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml @@ -1,9 +1,6 @@ --- description: Pipeline for processing FireEye NX logs processors: - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version value: "8.0.0" @@ -77,6 +74,23 @@ processors: - user_agent: field: user_agent.original ignore_missing: true + + - append: + field: event.category + value: network + if: "['dns', 'flow', 'tls'].contains(ctx?.event?.type)" + - append: + field: event.category + value: [web, network] + if: ctx?.event?.type == 'http' + - append: + field: event.category + value: [file, network] + if: ctx?.event?.type == 'fileinfo' + - set: + field: event.type + value: [info] + # # Normalize protocol names # diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index 494e6622d88..0ab24a7a190 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "Fireeye" -version: 1.2.3 +version: 1.2.4 license: basic description: "This Elastic integration collects Fireeye NX logs." type: integration From 0e564bff6cb7b5031c8aaa3db22c8cabdc88e948 Mon Sep 17 00:00:00 2001 From: Sai Kiran <85323324+r00tu53r@users.noreply.github.com> Date: Wed, 20 Apr 2022 16:16:25 +1000 Subject: [PATCH 03/23] [o365]: Update changelog - Add PR number (#3128) --- packages/o365/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index e5c960664dc..8ff51621643 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Replace invalid field value type: enhancement - link: https://github.com/elastic/integrations/pull/xxxx + link: https://github.com/elastic/integrations/pull/3095 - version: "1.4.2" changes: - description: Add documentation for multi-fields From 11e01a0d93dd09948d4f714d91183ab717761504 Mon Sep 17 00:00:00 2001 From: CohenIdo <90558359+CohenIdo@users.noreply.github.com> Date: Wed, 20 Apr 2022 11:30:12 +0300 Subject: [PATCH 04/23] add first csp rule template (#3081) --- ...late-41308bcdaaf665761478bb6f0d745a5c.json | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 packages/cis_kubernetes_benchmark/kibana/csp_rule_template/csp_rule_template-41308bcdaaf665761478bb6f0d745a5c.json diff --git a/packages/cis_kubernetes_benchmark/kibana/csp_rule_template/csp_rule_template-41308bcdaaf665761478bb6f0d745a5c.json b/packages/cis_kubernetes_benchmark/kibana/csp_rule_template/csp_rule_template-41308bcdaaf665761478bb6f0d745a5c.json new file mode 100644 index 00000000000..303bd09adc2 --- /dev/null +++ b/packages/cis_kubernetes_benchmark/kibana/csp_rule_template/csp_rule_template-41308bcdaaf665761478bb6f0d745a5c.json @@ -0,0 +1,26 @@ +{ + "attributes": { + "id": "41308bcdaaf665761478bb6f0d745a5c", + "name": "Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)", + "tags": [ + "CIS", + "Kubernetes", + "CIS 1.1.1", + "Master Node Configuration Files" + ], + "description": "Ensure that the API server pod specification file has permissions of `644` or more restrictive.\n", + "rationale": "The API server pod specification file controls various parameters that set the behavior of the API server. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.\n", + "default_value": "By default, the `kube-apiserver.yaml` file has permissions of `640`.\n", + "impact": "None\n", + "remediation": "Run the below command (based on the file location on your system) on the\nmaster node.\nFor example,\n```\nchmod 644 /etc/kubernetes/manifests/kube-apiserver.yaml\n```\n", + "benchmark": { + "name": "CIS Kubernetes V1.20", + "version": "v1.0.0" + }, + "enabled": true, + "muted": false, + "rego_rule_id": "cis_1_2_2" + }, + "id": "csp_rule_template-41308bcdaaf665761478bb6f0d745a5c", + "type": "csp-rule-template" +} \ No newline at end of file From 0cdc828ba66b745c61411e40a0e689655bf2177b Mon Sep 17 00:00:00 2001 From: Maurizio Branca Date: Wed, 20 Apr 2022 11:45:19 +0200 Subject: [PATCH 05/23] [awsfargate] bump package version (#3130) * Add changelog entry for changes merged after version 0.1.0 --- packages/awsfargate/changelog.yml | 5 +++++ packages/awsfargate/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/awsfargate/changelog.yml b/packages/awsfargate/changelog.yml index 18d1b7469f9..9a85746c8d5 100644 --- a/packages/awsfargate/changelog.yml +++ b/packages/awsfargate/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.1.1 + changes: + - description: Improve description and screenshots + type: enhancement + link: https://github.com/elastic/integrations/pull/3109 - version: 0.1.0 changes: - description: initial release diff --git a/packages/awsfargate/manifest.yml b/packages/awsfargate/manifest.yml index 37333441ffd..514057fa480 100644 --- a/packages/awsfargate/manifest.yml +++ b/packages/awsfargate/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: awsfargate title: AWS Fargate -version: 0.1.0 +version: 0.1.1 license: basic description: Collects metrics from containers and tasks running on Amazon ECS clusters with Elastic Agent. type: integration From f7eb45c4233fa1a7569647ae447186acc33ca7e2 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 20 Apr 2022 15:43:49 +0200 Subject: [PATCH 06/23] Exclude ecosystem as owner of subdirectories of packages (#3132) /packages/* only include the first level of files under /packages. Removing the wildcard matches everything under /packages. --- .github/CODEOWNERS | 2 +- dev/codeowners/codeowners.go | 7 +++++++ dev/codeowners/codeowners_test.go | 4 ++++ dev/codeowners/testdata/CODEOWNERS-invalid-override | 2 +- .../testdata/CODEOWNERS-invalid-override-wildcard | 5 +++++ dev/codeowners/testdata/CODEOWNERS-multiple-owners | 1 + dev/codeowners/testdata/CODEOWNERS-valid | 2 +- 7 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 dev/codeowners/testdata/CODEOWNERS-invalid-override-wildcard diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3556140f8dc..4abe7d8e9fa 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,6 @@ # Everything outside of packages is maintained by the ecosystem team. * @elastic/ecosystem -/packages/* +/packages/ # CODEOWNERS file is checked by CI. /.github/CODEOWNERS diff --git a/dev/codeowners/codeowners.go b/dev/codeowners/codeowners.go index 8c0d6e11b91..08a95f53672 100644 --- a/dev/codeowners/codeowners.go +++ b/dev/codeowners/codeowners.go @@ -103,6 +103,13 @@ func (codeowners *githubOwners) checkSingleField(field string) error { if matches || strings.HasPrefix(field, path) { return fmt.Errorf("%q would remove owners for %q", field, path) } + + if strings.HasPrefix(path, field) { + _, err := filepath.Rel(field, path) + if err == nil { + return fmt.Errorf("%q would remove owners for %q", field, path) + } + } } // Excluding other files is fine. diff --git a/dev/codeowners/codeowners_test.go b/dev/codeowners/codeowners_test.go index 6a1ec32fb1a..61b48615033 100644 --- a/dev/codeowners/codeowners_test.go +++ b/dev/codeowners/codeowners_test.go @@ -99,6 +99,10 @@ func TestReadGithubOwners(t *testing.T) { codeownersPath: "testdata/CODEOWNERS-invalid-override", valid: false, }, + { + codeownersPath: "testdata/CODEOWNERS-invalid-override-wildcard", + valid: false, + }, } for _, c := range cases { diff --git a/dev/codeowners/testdata/CODEOWNERS-invalid-override b/dev/codeowners/testdata/CODEOWNERS-invalid-override index fce387f1adb..38ebc75e541 100644 --- a/dev/codeowners/testdata/CODEOWNERS-invalid-override +++ b/dev/codeowners/testdata/CODEOWNERS-invalid-override @@ -1,5 +1,5 @@ # This is not valid because there is an override that would remove owners of a directory. /testdata/devexp @elastic/integrations @elastic/integrations-developer-experience -/testdata/* +/testdata/ diff --git a/dev/codeowners/testdata/CODEOWNERS-invalid-override-wildcard b/dev/codeowners/testdata/CODEOWNERS-invalid-override-wildcard new file mode 100644 index 00000000000..fce387f1adb --- /dev/null +++ b/dev/codeowners/testdata/CODEOWNERS-invalid-override-wildcard @@ -0,0 +1,5 @@ +# This is not valid because there is an override that would remove owners of a directory. + +/testdata/devexp @elastic/integrations @elastic/integrations-developer-experience +/testdata/* + diff --git a/dev/codeowners/testdata/CODEOWNERS-multiple-owners b/dev/codeowners/testdata/CODEOWNERS-multiple-owners index 3df2bd60d50..b13c5e1ecae 100644 --- a/dev/codeowners/testdata/CODEOWNERS-multiple-owners +++ b/dev/codeowners/testdata/CODEOWNERS-multiple-owners @@ -1,4 +1,5 @@ # This is a valid test file with multiple owners for a path /testdata/devexp @elastic/integrations @elastic/integrations-developer-experience +/testdata/devexp/manifest.yml @elastic/integrations /testdata/integration @elastic/integrations diff --git a/dev/codeowners/testdata/CODEOWNERS-valid b/dev/codeowners/testdata/CODEOWNERS-valid index ea4fd56d973..c755a2c130d 100644 --- a/dev/codeowners/testdata/CODEOWNERS-valid +++ b/dev/codeowners/testdata/CODEOWNERS-valid @@ -1,7 +1,7 @@ # This is a valid test file * @elastic/ecosystem -/testdata/* +/testdata/ /testdata/devexp @elastic/integrations-developer-experience /testdata/integration @elastic/integrations From f459b9da213b737209a743ef5d767ba2605686b1 Mon Sep 17 00:00:00 2001 From: Melissa Burpo Date: Wed, 20 Apr 2022 09:01:42 -0500 Subject: [PATCH 07/23] remove exported fields; these will be added to Kibana docs instead (#3093) * remove exported fields; these will be added to Kibana docs instead * Add PR to changelog * Add more precise link for exported fields ref This page will be published with 8.2. --- packages/osquery_manager/changelog.yml | 5 + packages/osquery_manager/docs/README.md | 2525 +---------------------- packages/osquery_manager/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2525 deletions(-) diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml index 434ab0ae71e..952eea523a9 100644 --- a/packages/osquery_manager/changelog.yml +++ b/packages/osquery_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Update readme to remove exported fields + type: enhancement + link: https://github.com/elastic/integrations/pull/3093 - version: "1.2.0" changes: - description: Add packs and dashboards diff --git a/packages/osquery_manager/docs/README.md b/packages/osquery_manager/docs/README.md index b8e82235645..00ff146e20b 100644 --- a/packages/osquery_manager/docs/README.md +++ b/packages/osquery_manager/docs/README.md @@ -16,2527 +16,4 @@ For information about using Osquery, see the [Osquery Kibana documentation](http This includes information about required privileges; how to run, schedule, and save queries; how to map osquery fields to ECS; and other useful information about managing Osquery with this integration. ## Exported Fields -This section describes the fields that can be returned in osquery results. Note the following about osquery fields: -- Some fields list multiple descriptions because the one that applies depends on which table was queried. For example, a result stored in the `osquery.autoupdate` field may represent a response from the `firefox_addons` table or the `windows_security_center` table. -- In the cases where a field name is associated with more than one osquery table, we have made a best guess at what the data `type` should be. In the cases where it is unknown, the data type is set as a keyword object. - -For more information about osquery tables, see the [osquery schema documentation](https://osquery.io/schema/). - - -| Field | Description | Type | -|---|---|---| -| **@timestamp** | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | -| **UUID** | **system_extensions.UUID** - Extension unique id | keyword, text.text | -| **abi** | **elf_info.abi** - Section type | keyword, text.text | -| **abi_version** | **elf_info.abi_version** - Section virtual address in memory | keyword, number.long | -| **access** | **ntfs_acl_permissions.access** - Specific permissions that indicate the rights described by the ACE. | keyword, text.text | -| **accessed_directories** | **prefetch.accessed_directories** - Directories accessed by application within ten seconds of launch. | keyword, text.text | -| **accessed_directories_count** | **prefetch.accessed_directories_count** - Number of directories accessed. | keyword, number.long | -| **accessed_files** | **prefetch.accessed_files** - Files accessed by application within ten seconds of launch. | keyword, text.text | -| **accessed_files_count** | **prefetch.accessed_files_count** - Number of files accessed. | keyword, number.long | -| **accessed_time** | **shellbags.accessed_time** - Directory Accessed time. | keyword, number.long | -| **account_id** | **ec2_instance_metadata.account_id** - AWS account ID which owns this EC2 instance | keyword, text.text | -| **action** | **disk_events.action** - Appear or disappear | keyword, text.text | -| | **example.action** - Action performed in generation | | -| | **file_events.action** - Change action (UPDATE, REMOVE, etc) | | -| | **hardware_events.action** - Remove, insert, change properties, etc | | -| | **ntfs_journal_events.action** - Change action (Write, Delete, etc) | | -| | **scheduled_tasks.action** - Actions executed by the scheduled task | | -| | **socket_events.action** - The socket action (bind, listen, close) | | -| | **windows_firewall_rules.action** - Action for the rule or default setting | | -| | **yara_events.action** - Change action (UPDATE, REMOVE, etc) | | -| **activated** | **tpm_info.activated** - TPM is activated | keyword, number.long | -| **active** | **firefox_addons.active** - 1 If the addon is active else 0 | keyword, number.long | -| | **memory_info.active** - The total amount of buffer or page cache memory, in bytes, that is in active use | | -| | **osquery_events.active** - 1 if the publisher or subscriber is active else 0 | | -| | **osquery_packs.active** - Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0. | | -| | **osquery_registry.active** - 1 If this plugin is active else 0 | | -| | **virtual_memory_info.active** - Total number of active pages. | | -| **active_disks** | **md_devices.active_disks** - Number of active disks in array | keyword, number.long | -| **active_state** | **systemd_units.active_state** - The high-level unit activation state, i.e. generalization of SUB | keyword, text.text | -| **actual** | **fan_speed_sensors.actual** - Actual speed | keyword, number.long | -| **additional_product_id** | **smart_drive_info.additional_product_id** - An additional drive identifier if any | keyword, text.text | -| **addr** | **elf_symbols.addr** - Symbol address (value) | keyword, number.long | -| **address** | **arp_cache.address** - IPv4 address target | keyword, text.text | -| | **dns_resolvers.address** - Resolver IP/IPv6 address | | -| | **etc_hosts.address** - IP address mapping | | -| | **fbsd_kmods.address** - Kernel module address | | -| | **interface_addresses.address** - Specific address for interface | | -| | **kernel_modules.address** - Kernel module address | | -| | **listening_ports.address** - Specific address for bind | | -| | **platform_info.address** - Relative address of firmware mapping | | -| | **user_events.address** - The Internet protocol address or family ID | | -| **address_width** | **cpu_info.address_width** - The width of the CPU address bus. | keyword, text.text | -| **algorithm** | **authorized_keys.algorithm** - algorithm of key | keyword, text.text | -| **alias** | **etc_protocols.alias** - Protocol alias | keyword, text.text | -| | **time_machine_destinations.alias** - Human readable name of drive | | -| **aliases** | **etc_services.aliases** - Optional space separated list of other names for a service | keyword, text.text | -| | **lxd_images.aliases** - Comma-separated list of image aliases | | -| **align** | **elf_sections.align** - Segment alignment | keyword, number.long | -| | **elf_segments.align** - Segment alignment | | -| **allow_maximum** | **shared_resources.allow_maximum** - Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored. | keyword, number.long | -| **allow_root** | **authorizations.allow_root** - Label top-level key | keyword, text.text | -| **allow_signed_enabled** | **alf.allow_signed_enabled** - 1 If allow signed mode is enabled else 0 | keyword, number.long | -| **ami_id** | **ec2_instance_metadata.ami_id** - AMI ID used to launch this EC2 instance | keyword, text.text | -| **amperage** | **battery.amperage** - The battery's current amperage in mA | keyword, number.long | -| **anonymous** | **virtual_memory_info.anonymous** - Total number of anonymous pages. | keyword, number.long | -| **antispyware** | **windows_security_center.antispyware** - Deprecated (always 'Good'). | keyword, text.text | -| **antivirus** | **windows_security_center.antivirus** - The health of the monitored Antivirus solution (see windows_security_products) | keyword, text.text | -| **api_version** | **docker_version.api_version** - API version | keyword, text.text | -| **app_name** | **windows_firewall_rules.app_name** - Friendly name of the application to which the rule applies | keyword, text.text | -| **apparmor** | **apparmor_events.apparmor** - Apparmor Status like ALLOWED, DENIED etc. | keyword, text.text | -| **applescript_enabled** | **apps.applescript_enabled** - Info properties NSAppleScriptEnabled label | keyword, text.text | -| **application** | **office_mru.application** - Associated Office application | keyword, text.text | -| **arch** | **deb_packages.arch** - Package architecture | keyword, text.text | -| | **docker_version.arch** - Hardware architecture | | -| | **os_version.arch** - OS Architecture | | -| | **pkg_packages.arch** - Architecture(s) supported | | -| | **rpm_packages.arch** - Architecture(s) supported | | -| | **seccomp_events.arch** - Information about the CPU architecture | | -| | **signature.arch** - If applicable, the arch of the signed code | | -| **architecture** | **docker_info.architecture** - Hardware architecture | keyword, text.text | -| | **ec2_instance_metadata.architecture** - Hardware architecture of this EC2 instance | | -| | **lxd_images.architecture** - Target architecture for the image | | -| | **lxd_instances.architecture** - Instance architecture | | -| **architectures** | **apt_sources.architectures** - Repository architectures | keyword, text.text | -| **args** | **startup_items.args** - Arguments provided to startup executable | keyword, text.text | -| **arguments** | **kernel_info.arguments** - Kernel arguments | keyword, text.text | -| **array_handle** | **memory_devices.array_handle** - The memory array that the device is attached to | keyword, text.text | -| **assessments_enabled** | **gatekeeper.assessments_enabled** - 1 If a Gatekeeper is enabled else 0 | keyword, number.long | -| **asset_tag** | **memory_devices.asset_tag** - Manufacturer specific asset tag of memory device | keyword, text.text | -| **ata_version** | **smart_drive_info.ata_version** - ATA version of drive | keyword, text.text | -| **atime** | **device_file.atime** - Last access time | keyword, number.long | -| | **file.atime** - Last access time | | -| | **file_events.atime** - Last access time | | -| | **process_events.atime** - File last access in UNIX time | | -| | **shared_memory.atime** - Attached time | | -| **attach** | **apparmor_profiles.attach** - Which executable(s) a profile will attach to. | keyword, text.text | -| **attached** | **shared_memory.attached** - Number of attached processes | keyword, number.long | -| **attributes** | **file.attributes** - File attrib string. See: https://ss64.com/nt/attrib.html | keyword, text.text | -| **audible_alarm** | **chassis_info.audible_alarm** - If TRUE, the frame is equipped with an audible alarm. | keyword, text.text | -| **auid** | **process_events.auid** - Audit User ID at process start | keyword | -| | **process_file_events.auid** - Audit user ID of the process using the file | | -| | **seccomp_events.auid** - Audit user ID (loginuid) of the user who started the analyzed process | | -| | **socket_events.auid** - Audit User ID | | -| | **user_events.auid** - Audit User ID | | -| **authenticate_user** | **authorizations.authenticate_user** - Label top-level key | keyword, text.text | -| **authentication_package** | **logon_sessions.authentication_package** - The authentication package used to authenticate the owner of the logon session. | keyword, text.text | -| **author** | **chocolatey_packages.author** - Optional package author | keyword, text.text | -| | **chrome_extensions.author** - Optional extension author | | -| | **npm_packages.author** - Package author name | | -| | **python_packages.author** - Optional package author | | -| | **safari_extensions.author** - Optional extension author | | -| **authority** | **signature.authority** - Certificate Common Name | keyword, text.text | -| **authority_key_id** | **certificates.authority_key_id** - AKID an optionally included SHA1 | keyword, text.text | -| **authority_key_identifier** | **curl_certificate.authority_key_identifier** - Authority Key Identifier | keyword, text.text | -| **authorizations** | **keychain_acls.authorizations** - A space delimited set of authorization attributes | keyword, text.text | -| **auto_login** | **wifi_networks.auto_login** - 1 if auto login is enabled, 0 otherwise | keyword, number.long | -| **auto_update** | **lxd_images.auto_update** - Whether the image auto-updates (1) or not (0) | keyword, number.long | -| **autoupdate** | **firefox_addons.autoupdate** - 1 If the addon applies background updates else 0 | keyword | -| | **windows_security_center.autoupdate** - The health of the Windows Autoupdate feature | | -| **availability** | **cpu_info.availability** - The availability and status of the CPU. | keyword, text.text | -| **availability_zone** | **ec2_instance_metadata.availability_zone** - Availability zone in which this instance launched | keyword, text.text | -| **average** | **load_average.average** - Load average over the specified period. | keyword, text.text | -| **average_memory** | **osquery_schedule.average_memory** - Average of the bytes of resident memory left allocated after collecting results | keyword, number.long | -| **avg_disk_bytes_per_read** | **physical_disk_performance.avg_disk_bytes_per_read** - Average number of bytes transferred from the disk during read operations | keyword, number.long | -| **avg_disk_bytes_per_write** | **physical_disk_performance.avg_disk_bytes_per_write** - Average number of bytes transferred to the disk during write operations | keyword, number.long | -| **avg_disk_read_queue_length** | **physical_disk_performance.avg_disk_read_queue_length** - Average number of read requests that were queued for the selected disk during the sample interval | keyword, number.long | -| **avg_disk_sec_per_read** | **physical_disk_performance.avg_disk_sec_per_read** - Average time, in seconds, of a read operation of data from the disk | keyword, number.long | -| **avg_disk_sec_per_write** | **physical_disk_performance.avg_disk_sec_per_write** - Average time, in seconds, of a write operation of data to the disk | keyword, number.long | -| **avg_disk_write_queue_length** | **physical_disk_performance.avg_disk_write_queue_length** - Average number of write requests that were queued for the selected disk during the sample interval | keyword, number.long | -| **backup_date** | **time_machine_backups.backup_date** - Backup Date | keyword, number.long | -| **bank_locator** | **memory_devices.bank_locator** - String number of the string that identifies the physically-labeled bank where the memory device is located | keyword, text.text | -| **base64** | **extended_attributes.base64** - 1 if the value is base64 encoded else 0 | keyword, number.long | -| **base_image** | **lxd_instances.base_image** - ID of image used to launch this instance | keyword, text.text | -| **base_uri** | **apt_sources.base_uri** - Repository base URI | keyword, text.text | -| **baseurl** | **yum_sources.baseurl** - Repository base URL | keyword, text.text | -| **basic_constraint** | **curl_certificate.basic_constraint** - Basic Constraints | keyword, text.text | -| **binary_queue** | **carbon_black_info.binary_queue** - Size in bytes of binaries waiting to be sent to Carbon Black server | keyword, number.long | -| **binding** | **elf_symbols.binding** - Binding type | keyword, text.text | -| **bitmap_chunk_size** | **md_devices.bitmap_chunk_size** - Bitmap chunk size | keyword, text.text | -| **bitmap_external_file** | **md_devices.bitmap_external_file** - External referenced bitmap file | keyword, text.text | -| **bitmap_on_mem** | **md_devices.bitmap_on_mem** - Pages allocated in in-memory bitmap, if enabled | keyword, text.text | -| **block** | **ssh_configs.block** - The host or match block | keyword, text.text | -| **block_size** | **block_devices.block_size** - Block size in bytes | keyword, number.long | -| | **device_file.block_size** - Block size of filesystem | | -| | **file.block_size** - Block size of filesystem | | -| **blocks** | **device_partitions.blocks** - Number of blocks | keyword, number.long | -| | **mounts.blocks** - Mounted device used blocks | | -| **blocks_available** | **mounts.blocks_available** - Mounted device available blocks | keyword, number.long | -| **blocks_free** | **mounts.blocks_free** - Mounted device free blocks | keyword, number.long | -| **blocks_size** | **device_partitions.blocks_size** - Byte size of each block | keyword, number.long | -| | **mounts.blocks_size** - Block size in bytes | | -| **bluetooth_sharing** | **sharing_preferences.bluetooth_sharing** - 1 If bluetooth sharing is enabled for any user else 0 | keyword, number.long | -| **board_model** | **system_info.board_model** - Board model | keyword, text.text | -| **board_serial** | **system_info.board_serial** - Board serial number | keyword, text.text | -| **board_vendor** | **system_info.board_vendor** - Board vendor | keyword, text.text | -| **board_version** | **system_info.board_version** - Board version | keyword, text.text | -| **boot_partition** | **logical_drives.boot_partition** - True if Windows booted from this drive. | keyword, number.long | -| **boot_uuid** | **ibridge_info.boot_uuid** - Boot UUID of the iBridge controller | keyword, text.text | -| **bp_microcode_disabled** | **kva_speculative_info.bp_microcode_disabled** - Branch Predictions are disabled due to lack of microcode update. | keyword, number.long | -| **bp_mitigations** | **kva_speculative_info.bp_mitigations** - Branch Prediction mitigations are enabled. | keyword, number.long | -| **bp_system_pol_disabled** | **kva_speculative_info.bp_system_pol_disabled** - Branch Predictions are disabled via system policy. | keyword, number.long | -| **breach_description** | **chassis_info.breach_description** - If provided, gives a more detailed description of a detected security breach. | keyword, text.text | -| **bridge_nf_ip6tables** | **docker_info.bridge_nf_ip6tables** - 1 if bridge netfilter ip6tables is enabled. 0 otherwise | keyword, number.long | -| **bridge_nf_iptables** | **docker_info.bridge_nf_iptables** - 1 if bridge netfilter iptables is enabled. 0 otherwise | keyword, number.long | -| **broadcast** | **interface_addresses.broadcast** - Broadcast address for the interface | keyword, text.text | -| **browser_type** | **chrome_extension_content_scripts.browser_type** - The browser type (Valid values: chrome, chromium, opera, yandex, brave) | keyword, text.text | -| | **chrome_extensions.browser_type** - The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta) | | -| **bsd_flags** | **file.bsd_flags** - The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND | keyword, text.text | -| **bssid** | **wifi_status.bssid** - The current basic service set identifier | keyword, text.text | -| | **wifi_survey.bssid** - The current basic service set identifier | | -| **btime** | **file.btime** - (B)irth or (cr)eate time | keyword, number.long | -| | **process_events.btime** - File creation in UNIX time | | -| **buffers** | **memory_info.buffers** - The amount of physical RAM, in bytes, used for file buffers | keyword, number.long | -| **build** | **os_version.build** - Optional build-specific or variant string | keyword, text.text | -| **build_distro** | **osquery_info.build_distro** - osquery toolkit platform distribution name (os version) | keyword, text.text | -| **build_id** | **sandboxes.build_id** - Sandbox-specific identifier | keyword, text.text | -| **build_number** | **windows_crashes.build_number** - Windows build number of the crashing machine | keyword, number.long | -| **build_platform** | **osquery_info.build_platform** - osquery toolkit build platform | keyword, text.text | -| **build_time** | **docker_version.build_time** - Build time | keyword, text.text | -| | **portage_packages.build_time** - Unix time when package was built | | -| **bundle_executable** | **apps.bundle_executable** - Info properties CFBundleExecutable label | keyword, text.text | -| **bundle_identifier** | **apps.bundle_identifier** - Info properties CFBundleIdentifier label | keyword, text.text | -| | **running_apps.bundle_identifier** - The bundle identifier of the application | | -| **bundle_name** | **apps.bundle_name** - Info properties CFBundleName label | keyword, text.text | -| **bundle_package_type** | **apps.bundle_package_type** - Info properties CFBundlePackageType label | keyword, text.text | -| **bundle_path** | **sandboxes.bundle_path** - Application bundle used by the sandbox | keyword, text.text | -| | **system_extensions.bundle_path** - System extension bundle path | | -| **bundle_short_version** | **apps.bundle_short_version** - Info properties CFBundleShortVersionString label | keyword, text.text | -| **bundle_version** | **apps.bundle_version** - Info properties CFBundleVersion label | keyword, text.text | -| **busy_state** | **iokit_devicetree.busy_state** - 1 if the device is in a busy state else 0 | keyword, number.long | -| | **iokit_registry.busy_state** - 1 if the node is in a busy state else 0 | | -| **bytes** | **curl.bytes** - Number of bytes in the response | keyword, number.long | -| | **iptables.bytes** - Number of matching bytes for this rule. | | -| **bytes_available** | **time_machine_destinations.bytes_available** - Bytes available on volume | keyword, number.long | -| **bytes_received** | **lxd_networks.bytes_received** - Number of bytes received on this network | keyword, number.long | -| **bytes_sent** | **lxd_networks.bytes_sent** - Number of bytes sent on this network | keyword, number.long | -| **bytes_used** | **time_machine_destinations.bytes_used** - Bytes used on volume | keyword, number.long | -| **ca** | **certificates.ca** - 1 if CA: true (certificate is an authority) else 0 | keyword, number.long | -| **cache_path** | **quicklook_cache.cache_path** - Path to cache data | keyword, text.text | -| **cached** | **lxd_images.cached** - Whether image is cached (1) or not (0) | keyword, number.long | -| | **memory_info.cached** - The amount of physical RAM, in bytes, used as cache memory | | -| **capability** | **apparmor_events.capability** - Capability number | keyword, number.long | -| **capname** | **apparmor_events.capname** - Capability requested by the process | keyword, text.text | -| **caption** | **patches.caption** - Short description of the patch. | keyword, text.text | -| | **windows_optional_features.caption** - Caption of feature in settings UI | | -| **captive_portal** | **wifi_networks.captive_portal** - 1 if this network has a captive portal, 0 otherwise | keyword, number.long | -| **carve** | **carves.carve** - Set this value to '1' to start a file carve | keyword, number.long | -| **carve_guid** | **carves.carve_guid** - Identifying value of the carve session | keyword, text.text | -| **category** | **apps.category** - The UTI that categorizes the app for the App Store | keyword, text.text | -| | **file_events.category** - The category of the file defined in the config | | -| | **ntfs_journal_events.category** - The category that the event originated from | | -| | **power_sensors.category** - The sensor category: currents, voltage, wattage | | -| | **system_extensions.category** - System extension category | | -| | **yara_events.category** - The category of the file | | -| **cdhash** | **es_process_events.cdhash** - Codesigning hash of the process | keyword, text.text | -| | **signature.cdhash** - Hash of the application Code Directory | | -| **celsius** | **temperature_sensors.celsius** - Temperature in Celsius | keyword, number.double | -| **certificate** | **lxd_certificates.certificate** - Certificate content | keyword, text.text | -| **cgroup_driver** | **docker_info.cgroup_driver** - Control groups driver | keyword, text.text | -| **cgroup_namespace** | **docker_containers.cgroup_namespace** - cgroup namespace | keyword, text.text | -| | **process_namespaces.cgroup_namespace** - cgroup namespace inode | | -| **chain** | **iptables.chain** - Size of module content. | keyword, text.text | -| **change_type** | **docker_container_fs_changes.change_type** - Type of change: C:Modified, A:Added, D:Deleted | keyword, text.text | -| **channel** | **wifi_status.channel** - Channel number | keyword | -| | **wifi_survey.channel** - Channel number | | -| | **windows_eventlog.channel** - Source or channel of the event | | -| **channel_band** | **wifi_status.channel_band** - Channel band | keyword, number.long | -| | **wifi_survey.channel_band** - Channel band | | -| **channel_width** | **wifi_status.channel_width** - Channel width | keyword, number.long | -| | **wifi_survey.channel_width** - Channel width | | -| **charged** | **battery.charged** - 1 if the battery is currently completely charged. 0 otherwise | keyword, number.long | -| **charging** | **battery.charging** - 1 if the battery is currently being charged by a power source. 0 otherwise | keyword, number.long | -| **chassis_bridge_capability_available** | **lldp_neighbors.chassis_bridge_capability_available** - Chassis bridge capability availability | keyword, number.long | -| **chassis_bridge_capability_enabled** | **lldp_neighbors.chassis_bridge_capability_enabled** - Is chassis bridge capability enabled. | keyword, number.long | -| **chassis_docsis_capability_available** | **lldp_neighbors.chassis_docsis_capability_available** - Chassis DOCSIS capability availability | keyword, number.long | -| **chassis_docsis_capability_enabled** | **lldp_neighbors.chassis_docsis_capability_enabled** - Chassis DOCSIS capability enabled | keyword, number.long | -| **chassis_id** | **lldp_neighbors.chassis_id** - Neighbor chassis ID value | keyword, text.text | -| **chassis_id_type** | **lldp_neighbors.chassis_id_type** - Neighbor chassis ID type | keyword, text.text | -| **chassis_mgmt_ips** | **lldp_neighbors.chassis_mgmt_ips** - Comma delimited list of chassis management IPS | keyword, text.text | -| **chassis_other_capability_available** | **lldp_neighbors.chassis_other_capability_available** - Chassis other capability availability | keyword, number.long | -| **chassis_other_capability_enabled** | **lldp_neighbors.chassis_other_capability_enabled** - Chassis other capability enabled | keyword, number.long | -| **chassis_repeater_capability_available** | **lldp_neighbors.chassis_repeater_capability_available** - Chassis repeater capability availability | keyword, number.long | -| **chassis_repeater_capability_enabled** | **lldp_neighbors.chassis_repeater_capability_enabled** - Chassis repeater capability enabled | keyword, number.long | -| **chassis_router_capability_available** | **lldp_neighbors.chassis_router_capability_available** - Chassis router capability availability | keyword, number.long | -| **chassis_router_capability_enabled** | **lldp_neighbors.chassis_router_capability_enabled** - Chassis router capability enabled | keyword, number.long | -| **chassis_station_capability_available** | **lldp_neighbors.chassis_station_capability_available** - Chassis station capability availability | keyword, number.long | -| **chassis_station_capability_enabled** | **lldp_neighbors.chassis_station_capability_enabled** - Chassis station capability enabled | keyword, number.long | -| **chassis_sys_description** | **lldp_neighbors.chassis_sys_description** - Max number of CPU physical cores | keyword, number.long | -| **chassis_sysname** | **lldp_neighbors.chassis_sysname** - CPU brand string, contains vendor and model | keyword, text.text | -| **chassis_tel_capability_available** | **lldp_neighbors.chassis_tel_capability_available** - Chassis telephone capability availability | keyword, number.long | -| **chassis_tel_capability_enabled** | **lldp_neighbors.chassis_tel_capability_enabled** - Chassis telephone capability enabled | keyword, number.long | -| **chassis_types** | **chassis_info.chassis_types** - A comma-separated list of chassis types, such as Desktop or Laptop. | keyword, text.text | -| **chassis_wlan_capability_available** | **lldp_neighbors.chassis_wlan_capability_available** - Chassis wlan capability availability | keyword, number.long | -| **chassis_wlan_capability_enabled** | **lldp_neighbors.chassis_wlan_capability_enabled** - Chassis wlan capability enabled | keyword, number.long | -| **check_array_finish** | **md_devices.check_array_finish** - Estimated duration of the check array activity | keyword, text.text | -| **check_array_progress** | **md_devices.check_array_progress** - Progress of the check array activity | keyword, text.text | -| **check_array_speed** | **md_devices.check_array_speed** - Speed of the check array activity | keyword, text.text | -| **checksum** | **disk_events.checksum** - UDIF Master checksum if available (CRC32) | keyword, text.text | -| **child_pid** | **es_process_events.child_pid** - Process ID of a child process in case of a fork event | keyword, number.long | -| **chunk_size** | **md_devices.chunk_size** - chunk size in bytes | keyword, number.long | -| **cid** | **bpf_process_events.cid** - Cgroup ID | keyword, number.long | -| | **bpf_socket_events.cid** - Cgroup ID | | -| **class** | **authorizations.class** - Label top-level key | keyword, text.text | -| | **drivers.class** - Device/driver class name | | -| | **elf_dynamic.class** - Class (32 or 64) | | -| | **elf_info.class** - Class type, 32 or 64bit | | -| | **iokit_devicetree.class** - Best matching device class (most-specific category) | | -| | **iokit_registry.class** - Best matching device class (most-specific category) | | -| | **usb_devices.class** - USB Device class | | -| | **wmi_cli_event_consumers.class** - The name of the class. | | -| | **wmi_event_filters.class** - The name of the class. | | -| | **wmi_filter_consumer_binding.class** - The name of the class. | | -| | **wmi_script_event_consumers.class** - The name of the class. | | -| **client_site_name** | **ntdomains.client_site_name** - The name of the site where the domain controller is configured. | keyword, text.text | -| **cmdline** | **bpf_process_events.cmdline** - Command line arguments | keyword, text.text | -| | **docker_container_processes.cmdline** - Complete argv | | -| | **es_process_events.cmdline** - Command line arguments (argv) | | -| | **process_events.cmdline** - Command line arguments (argv) | | -| | **processes.cmdline** - Complete argv | | -| **cmdline_count** | **es_process_events.cmdline_count** - Number of command line arguments | keyword, number.long | -| **cmdline_size** | **process_events.cmdline_size** - Actual size (bytes) of command line arguments | keyword, number.long | -| **code** | **seccomp_events.code** - The seccomp action | keyword, text.text | -| **code_integrity_policy_enforcement_status** | **hvci_status.code_integrity_policy_enforcement_status** - The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered. | keyword, text.text | -| **codename** | **os_version.codename** - OS version codename | keyword, text.text | -| **collect_cross_processes** | **carbon_black_info.collect_cross_processes** - If the sensor is configured to cross process events | keyword, number.long | -| **collect_data_file_writes** | **carbon_black_info.collect_data_file_writes** - If the sensor is configured to collect non binary file writes | keyword, number.long | -| **collect_emet_events** | **carbon_black_info.collect_emet_events** - If the sensor is configured to EMET events | keyword, number.long | -| **collect_file_mods** | **carbon_black_info.collect_file_mods** - If the sensor is configured to collect file modification events | keyword, number.long | -| **collect_module_info** | **carbon_black_info.collect_module_info** - If the sensor is configured to collect metadata of binaries | keyword, number.long | -| **collect_module_loads** | **carbon_black_info.collect_module_loads** - If the sensor is configured to capture module loads | keyword, number.long | -| **collect_net_conns** | **carbon_black_info.collect_net_conns** - If the sensor is configured to collect network connections | keyword, number.long | -| **collect_process_user_context** | **carbon_black_info.collect_process_user_context** - If the sensor is configured to collect the user running a process | keyword, number.long | -| **collect_processes** | **carbon_black_info.collect_processes** - If the sensor is configured to process events | keyword, number.long | -| **collect_reg_mods** | **carbon_black_info.collect_reg_mods** - If the sensor is configured to collect registry modification events | keyword, number.long | -| **collect_sensor_operations** | **carbon_black_info.collect_sensor_operations** - Unknown | keyword, number.long | -| **collect_store_files** | **carbon_black_info.collect_store_files** - If the sensor is configured to send back binaries to the Carbon Black server | keyword, number.long | -| **collisions** | **interface_details.collisions** - Packet Collisions detected | keyword, number.long | -| **color_depth** | **video_info.color_depth** - The amount of bits per pixel to represent color. | keyword, number.long | -| **comm** | **apparmor_events.comm** - Command-line name of the command that was used to invoke the analyzed process | keyword, text.text | -| | **seccomp_events.comm** - Command-line name of the command that was used to invoke the analyzed process | | -| **command** | **crontab.command** - Raw command string | keyword, text.text | -| | **docker_containers.command** - Command with arguments | | -| | **shell_history.command** - Unparsed date/line/command history line | | -| **command_args** | **shortcut_files.command_args** - Command args passed to lnk file. | keyword, text.text | -| **command_line** | **windows_crashes.command_line** - Command-line string passed to the crashed process | keyword, text.text | -| **command_line_template** | **wmi_cli_event_consumers.command_line_template** - Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line. | keyword, text.text | -| **comment** | **authorizations.comment** - Label top-level key | keyword, text.text | -| | **docker_image_history.comment** - Instruction comment | | -| | **etc_protocols.comment** - Comment with protocol description | | -| | **etc_services.comment** - Optional comment for a service. | | -| | **groups.comment** - Remarks or comments associated with the group | | -| | **keychain_items.comment** - Optional keychain comment | | -| **common_name** | **certificates.common_name** - Certificate CommonName | keyword, text.text | -| | **curl_certificate.common_name** - Common name of company issued to | | -| **common_path** | **shortcut_files.common_path** - Common system path to target file. | keyword, text.text | -| **compat** | **seccomp_events.compat** - Is system call in compatibility mode | keyword, number.long | -| **compiler** | **apps.compiler** - Info properties DTCompiler label | keyword, text.text | -| **completed_time** | **cups_jobs.completed_time** - When the job completed printing | keyword, number.long | -| **components** | **apt_sources.components** - Repository components | keyword, text.text | -| **compressed** | **virtual_memory_info.compressed** - The total number of pages that have been compressed by the VM compressor. | keyword, number.long | -| **compressor** | **virtual_memory_info.compressor** - The number of pages used to store compressed VM pages. | keyword, number.long | -| **computer_name** | **system_info.computer_name** - Friendly computer name (optional) | keyword, text.text | -| | **windows_eventlog.computer_name** - Hostname of system where event was generated | | -| | **windows_events.computer_name** - Hostname of system where event was generated | | -| **condition** | **battery.condition** - One of the following: "Normal" indicates the condition of the battery is within normal tolerances, "Service Needed" indicates that the battery should be checked out by a licensed Mac repair service, "Permanent Failure" indicates the battery needs replacement | keyword, text.text | -| **config_entrypoint** | **docker_containers.config_entrypoint** - Container entrypoint(s) | keyword, text.text | -| **config_flag** | **sip_config.config_flag** - The System Integrity Protection config flag | keyword, text.text | -| **config_hash** | **osquery_info.config_hash** - Hash of the working configuration state | keyword, text.text | -| **config_name** | **carbon_black_info.config_name** - Sensor group | keyword, text.text | -| **config_valid** | **osquery_info.config_valid** - 1 if the config was loaded and considered valid, else 0 | keyword, number.long | -| **config_value** | **system_controls.config_value** - The MIB value set in /etc/sysctl.conf | keyword, text.text | -| **configured_clock_speed** | **memory_devices.configured_clock_speed** - Configured speed of memory device in megatransfers per second (MT/s) | keyword, number.long | -| **configured_voltage** | **memory_devices.configured_voltage** - Configured operating voltage of device in millivolts | keyword, number.long | -| **connection_id** | **interface_details.connection_id** - Name of the network connection as it appears in the Network Connections Control Panel program. | keyword, text.text | -| **connection_status** | **interface_details.connection_status** - State of the network adapter connection to the network. | keyword, text.text | -| **consistency_scan_date** | **time_machine_destinations.consistency_scan_date** - Consistency scan date | keyword, number.long | -| **consumer** | **wmi_filter_consumer_binding.consumer** - Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event. | keyword, text.text | -| **containers** | **docker_info.containers** - Total number of containers | keyword, number.long | -| **containers_paused** | **docker_info.containers_paused** - Number of containers in paused state | keyword, number.long | -| **containers_running** | **docker_info.containers_running** - Number of containers currently running | keyword, number.long | -| **containers_stopped** | **docker_info.containers_stopped** - Number of containers in stopped state | keyword, number.long | -| **content** | **disk_events.content** - Disk event content | keyword, text.text | -| **content_caching** | **sharing_preferences.content_caching** - 1 If content caching is enabled else 0 | keyword, number.long | -| **content_type** | **package_install_history.content_type** - Package content_type (optional) | keyword, text.text | -| **conversion_status** | **bitlocker_info.conversion_status** - The bitlocker conversion status of the drive. | keyword, number.long | -| **coprocessor_version** | **ibridge_info.coprocessor_version** - The manufacturer and chip version | keyword, text.text | -| **copy** | **virtual_memory_info.copy** - Total number of copy-on-write pages. | keyword, number.long | -| **copyright** | **apps.copyright** - Info properties NSHumanReadableCopyright label | keyword, text.text | -| **core** | **cpu_time.core** - Name of the cpu (core) | keyword, number.long | -| **cosine_similarity** | **powershell_events.cosine_similarity** - How similar the Powershell script is to a provided 'normal' character frequency | keyword, number.double | -| **count** | **userassist.count** - Number of times the application has been executed. | keyword, number.long | -| | **yara.count** - Number of YARA matches | | -| | **yara_events.count** - Number of YARA matches | | -| **country_code** | **wifi_status.country_code** - The country code (ISO/IEC 3166-1:1997) for the network | keyword, text.text | -| | **wifi_survey.country_code** - The country code (ISO/IEC 3166-1:1997) for the network | | -| **cpu** | **docker_container_processes.cpu** - CPU utilization as percentage | keyword, number.double | -| **cpu_brand** | **system_info.cpu_brand** - CPU brand string, contains vendor and model | keyword, text.text | -| **cpu_cfs_period** | **docker_info.cpu_cfs_period** - 1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise | keyword, number.long | -| **cpu_cfs_quota** | **docker_info.cpu_cfs_quota** - 1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise | keyword, number.long | -| **cpu_kernelmode_usage** | **docker_container_stats.cpu_kernelmode_usage** - CPU kernel mode usage | keyword, number.long | -| **cpu_logical_cores** | **system_info.cpu_logical_cores** - Number of logical CPU cores available to the system | keyword, number.long | -| **cpu_microcode** | **system_info.cpu_microcode** - Microcode version | keyword, text.text | -| **cpu_physical_cores** | **system_info.cpu_physical_cores** - Number of physical CPU cores in to the system | keyword, number.long | -| **cpu_pred_cmd_supported** | **kva_speculative_info.cpu_pred_cmd_supported** - PRED_CMD MSR supported by CPU Microcode. | keyword, number.long | -| **cpu_set** | **docker_info.cpu_set** - 1 if CPU set selection support is enabled. 0 otherwise | keyword, number.long | -| **cpu_shares** | **docker_info.cpu_shares** - 1 if CPU share weighting support is enabled. 0 otherwise | keyword, number.long | -| **cpu_spec_ctrl_supported** | **kva_speculative_info.cpu_spec_ctrl_supported** - SPEC_CTRL MSR supported by CPU Microcode. | keyword, number.long | -| **cpu_status** | **cpu_info.cpu_status** - The current operating status of the CPU. | keyword, number.long | -| **cpu_subtype** | **processes.cpu_subtype** - Indicates the specific processor on which an entry may be used. | keyword | -| | **system_info.cpu_subtype** - CPU subtype | | -| **cpu_total_usage** | **docker_container_stats.cpu_total_usage** - Total CPU usage | keyword, number.long | -| **cpu_type** | **processes.cpu_type** - Indicates the specific processor designed for installation. | keyword | -| | **system_info.cpu_type** - CPU type | | -| **cpu_usermode_usage** | **docker_container_stats.cpu_usermode_usage** - CPU user mode usage | keyword, number.long | -| **cpus** | **docker_info.cpus** - Number of CPUs | keyword, number.long | -| **crash_path** | **crashes.crash_path** - Location of log file | keyword, text.text | -| | **windows_crashes.crash_path** - Path of the log file | | -| **crashed_thread** | **crashes.crashed_thread** - Thread ID which crashed | keyword, number.long | -| **created** | **authorizations.created** - Label top-level key | keyword, text.text | -| | **docker_containers.created** - Time of creation as UNIX time | | -| | **docker_image_history.created** - Time of creation as UNIX time | | -| | **docker_images.created** - Time of creation as UNIX time | | -| | **docker_networks.created** - Time of creation as UNIX time | | -| | **keychain_items.created** - Data item was created | | -| **created_at** | **lxd_images.created_at** - ISO time of image creation | keyword, text.text | -| | **lxd_instances.created_at** - ISO time of creation | | -| **created_by** | **docker_image_history.created_by** - Created by instruction | keyword, text.text | -| **created_time** | **shellbags.created_time** - Directory Created time. | keyword, number.long | -| **creation_time** | **account_policy_data.creation_time** - When the account was first created | keyword | -| | **cups_jobs.creation_time** - When the print request was initiated | | -| **creator** | **firefox_addons.creator** - Addon-supported creator string | keyword, text.text | -| **creator_pid** | **shared_memory.creator_pid** - Process ID that created the segment | keyword, number.long | -| **creator_uid** | **shared_memory.creator_uid** - User ID of creator process | keyword, number.long | -| **csname** | **patches.csname** - The name of the host the patch is installed on. | keyword, text.text | -| **ctime** | **device_file.ctime** - Creation time | keyword | -| | **file.ctime** - Last status change time | | -| | **file_events.ctime** - Last status change time | | -| | **gatekeeper_approved_apps.ctime** - Last change time | | -| | **process_events.ctime** - File last metadata change in UNIX time | | -| | **shared_memory.ctime** - Changed time | | -| **current_capacity** | **battery.current_capacity** - The battery's current charged capacity in mAh | keyword, number.long | -| **current_clock_speed** | **cpu_info.current_clock_speed** - The current frequency of the CPU. | keyword, number.long | -| **current_directory** | **windows_crashes.current_directory** - Current working directory of the crashed process | keyword, text.text | -| **current_disk_queue_length** | **physical_disk_performance.current_disk_queue_length** - Number of requests outstanding on the disk at the time the performance data is collected | keyword, number.long | -| **current_locale** | **chrome_extensions.current_locale** - Current locale supported by extension | keyword, text.text | -| **current_value** | **system_controls.current_value** - Value of setting | keyword, text.text | -| **cwd** | **bpf_process_events.cwd** - Current working directory | keyword, text.text | -| | **es_process_events.cwd** - The process current working directory | | -| | **process_events.cwd** - The process current working directory | | -| | **process_file_events.cwd** - The current working directory of the process | | -| | **processes.cwd** - Process current working directory | | -| **cycle_count** | **battery.cycle_count** - The number of charge/discharge cycles | keyword, number.long | -| **data** | **magic.data** - Magic number data from libmagic | keyword, text.text | -| | **registry.data** - Data content of registry value | | -| | **windows_eventlog.data** - Data associated with the event | | -| | **windows_events.data** - Data associated with the event | | -| **data_width** | **memory_devices.data_width** - Data width, in bits, of this memory device | keyword, number.long | -| **database** | **lxd_cluster_members.database** - Whether the server is a database node (1) or not (0) | keyword, number.long | -| **date** | **drivers.date** - Driver date | keyword | -| | **platform_info.date** - Self-reported platform code update date | | -| **datetime** | **crashes.datetime** - Date/Time at which the crash occurred | keyword, text.text | -| | **powershell_events.datetime** - System time at which the Powershell script event occurred | | -| | **syslog_events.datetime** - Time known to syslog | | -| | **time.datetime** - Current date and time (ISO format) in UTC | | -| | **windows_crashes.datetime** - Timestamp (log format) of the crash | | -| | **windows_eventlog.datetime** - System time at which the event occurred | | -| | **windows_events.datetime** - System time at which the event occurred | | -| **day** | **time.day** - Current day in UTC | keyword, number.long | -| **day_of_month** | **crontab.day_of_month** - The day of the month for the job | keyword, text.text | -| **day_of_week** | **crontab.day_of_week** - The day of the week for the job | keyword, text.text | -| **days** | **uptime.days** - Days of uptime | keyword, number.long | -| **dc_site_name** | **ntdomains.dc_site_name** - The name of the site where the domain controller is located. | keyword, text.text | -| **decompressed** | **virtual_memory_info.decompressed** - The total number of pages that have been decompressed by the VM compressor. | keyword, number.long | -| **default_locale** | **chrome_extensions.default_locale** - Default locale supported by extension | keyword, text.text | -| **default_value** | **osquery_flags.default_value** - Flag default value | keyword, text.text | -| **denied_mask** | **apparmor_events.denied_mask** - Denied permissions for the process | keyword, text.text | -| **denylisted** | **osquery_schedule.denylisted** - 1 if the query is denylisted else 0 | keyword, number.long | -| **dependencies** | **kernel_panics.dependencies** - Module dependencies existing in crashed module's backtrace | keyword, text.text | -| **depth** | **iokit_devicetree.depth** - Device nested depth | keyword, number.long | -| | **iokit_registry.depth** - Node nested depth | | -| **description** | **appcompat_shims.description** - Description of the SDB. | keyword, text.text | -| | **atom_packages.description** - Package supplied description | | -| | **browser_plugins.description** - Plugin description text | | -| | **chassis_info.description** - An extended description of the chassis if available. | | -| | **chrome_extensions.description** - Extension-optional description | | -| | **disk_info.description** - The OS's description of the disk. | | -| | **drivers.description** - Driver description | | -| | **firefox_addons.description** - Addon-supplied description string | | -| | **interface_details.description** - Short description of the object a one-line string. | | -| | **keychain_acls.description** - The description included with the ACL entry | | -| | **keychain_items.description** - Optional item description | | -| | **logical_drives.description** - The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'. | | -| | **lxd_images.description** - Image description | | -| | **lxd_instances.description** - Instance description | | -| | **npm_packages.description** - Package supplied description | | -| | **osquery_flags.description** - Flag description | | -| | **patches.description** - Fuller description of the patch. | | -| | **safari_extensions.description** - Optional extension description text | | -| | **services.description** - Service Description | | -| | **shared_resources.description** - A textual description of the object | | -| | **shortcut_files.description** - Lnk file description. | | -| | **smbios_tables.description** - Table entry description | | -| | **systemd_units.description** - Unit description | | -| | **users.description** - Optional user description | | -| | **ycloud_instance_metadata.description** - Description of the VM | | -| **designed_capacity** | **battery.designed_capacity** - The battery's designed capacity in mAh | keyword, number.long | -| **dest_path** | **process_file_events.dest_path** - The canonical path associated with the event | keyword, text.text | -| **destination** | **cups_jobs.destination** - The printer the job was sent to | keyword, text.text | -| | **docker_container_mounts.destination** - Destination path inside container | | -| | **routes.destination** - Destination IP address | | -| **destination_id** | **time_machine_backups.destination_id** - Time Machine destination ID | keyword, text.text | -| | **time_machine_destinations.destination_id** - Time Machine destination ID | | -| **dev_id_enabled** | **gatekeeper.dev_id_enabled** - 1 If a Gatekeeper allows execution from identified developers else 0 | keyword, number.long | -| **developer_id** | **safari_extensions.developer_id** - Optional developer identifier | keyword, text.text | -| | **xprotect_meta.developer_id** - Developer identity (SHA1) of extension | | -| **development_region** | **apps.development_region** - Info properties CFBundleDevelopmentRegion label | keyword, text.text | -| | **browser_plugins.development_region** - Plugin language-localization | | -| **device** | **device_file.device** - Absolute file path to device node | keyword, text.text | -| | **device_firmware.device** - The device name | | -| | **device_hash.device** - Absolute file path to device node | | -| | **device_partitions.device** - Absolute file path to device node | | -| | **disk_events.device** - Disk event BSD name | | -| | **file.device** - Device ID (optional) | | -| | **kernel_info.device** - Kernel device identifier | | -| | **lxd_instance_devices.device** - Name of the device | | -| | **mounts.device** - Mounted device | | -| | **process_memory_map.device** - MA:MI Major/minor device ID | | -| **device_alias** | **mounts.device_alias** - Mounted device alias | keyword, text.text | -| **device_error_address** | **memory_error_info.device_error_address** - 32 bit physical address of the error relative to the start of the failing memory address, in bytes | keyword, text.text | -| **device_id** | **bitlocker_info.device_id** - ID of the encrypted drive. | keyword, text.text | -| | **cpu_info.device_id** - The DeviceID of the CPU. | | -| | **drivers.device_id** - Device ID | | -| | **logical_drives.device_id** - The drive id, usually the drive name, e.g., 'C:'. | | -| **device_locator** | **memory_devices.device_locator** - String number of the string that identifies the physically-labeled socket or board position where the memory device is located | keyword, text.text | -| **device_model** | **smart_drive_info.device_model** - Device Model | keyword, text.text | -| **device_name** | **drivers.device_name** - Device name | keyword, text.text | -| | **md_devices.device_name** - md device name | | -| | **smart_drive_info.device_name** - Name of block device | | -| **device_path** | **iokit_devicetree.device_path** - Device tree path | keyword, text.text | -| **device_type** | **lxd_instance_devices.device_type** - Device type | keyword, text.text | -| | **shortcut_files.device_type** - Device containing the target file. | | -| **dhcp_enabled** | **interface_details.dhcp_enabled** - If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection. | keyword, number.long | -| **dhcp_lease_expires** | **interface_details.dhcp_lease_expires** - Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server. | keyword, text.text | -| **dhcp_lease_obtained** | **interface_details.dhcp_lease_obtained** - Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server. | keyword, text.text | -| **dhcp_server** | **interface_details.dhcp_server** - IP address of the dynamic host configuration protocol (DHCP) server. | keyword, text.text | -| **direction** | **windows_firewall_rules.direction** - Direction of traffic for which the rule applies | keyword, text.text | -| **directory** | **extended_attributes.directory** - Directory of file(s) | keyword, text.text | -| | **file.directory** - Directory of file(s) | | -| | **hash.directory** - Must provide a path or directory | | -| | **npm_packages.directory** - Node module's directory where this package is located | | -| | **python_packages.directory** - Directory where Python modules are located | | -| | **users.directory** - User's home directory | | -| **disabled** | **browser_plugins.disabled** - Is the plugin disabled. 1 = Disabled | keyword | -| | **firefox_addons.disabled** - 1 If the addon is application-disabled else 0 | | -| | **launchd.disabled** - Skip loading this daemon or agent on boot | | -| | **wifi_networks.disabled** - 1 if this network is disabled, 0 otherwise | | -| **disc_sharing** | **sharing_preferences.disc_sharing** - 1 If CD or DVD sharing is enabled else 0 | keyword, number.long | -| **disconnected** | **connectivity.disconnected** - True if the all interfaces are not connected to any network | keyword, number.long | -| **discovery_cache_hits** | **osquery_packs.discovery_cache_hits** - The number of times that the discovery query used cached values since the last time the config was reloaded | keyword, number.long | -| **discovery_executions** | **osquery_packs.discovery_executions** - The number of times that the discovery queries have been executed since the last time the config was reloaded | keyword, number.long | -| **disk_bytes_read** | **processes.disk_bytes_read** - Bytes read from disk | keyword, number.long | -| **disk_bytes_written** | **processes.disk_bytes_written** - Bytes written to disk | keyword, number.long | -| **disk_id** | **smart_drive_info.disk_id** - Physical slot number of device, only exists when hardware storage controller exists | keyword, number.long | -| **disk_index** | **disk_info.disk_index** - Physical drive number of the disk. | keyword, number.long | -| **disk_read** | **docker_container_stats.disk_read** - Total disk read bytes | keyword, number.long | -| **disk_size** | **disk_info.disk_size** - Size of the disk. | keyword, number.long | -| **disk_write** | **docker_container_stats.disk_write** - Total disk write bytes | keyword, number.long | -| **display_name** | **apps.display_name** - Info properties CFBundleDisplayName label | keyword, text.text | -| | **services.display_name** - Service Display name | | -| **dns_domain** | **interface_details.dns_domain** - Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'. | keyword, text.text | -| **dns_domain_name** | **logon_sessions.dns_domain_name** - The DNS name for the owner of the logon session. | keyword, text.text | -| **dns_domain_suffix_search_order** | **interface_details.dns_domain_suffix_search_order** - Array of DNS domain suffixes to be appended to the end of host names during name resolution. | keyword, text.text | -| **dns_forest_name** | **ntdomains.dns_forest_name** - The name of the root of the DNS tree. | keyword, text.text | -| **dns_host_name** | **interface_details.dns_host_name** - Host name used to identify the local computer for authentication by some utilities. | keyword, text.text | -| **dns_server_search_order** | **interface_details.dns_server_search_order** - Array of server IP addresses to be used in querying for DNS servers. | keyword, text.text | -| **domain** | **ad_config.domain** - Active Directory trust domain | keyword, text.text | -| | **managed_policies.domain** - System or manager-chosen domain key | | -| | **preferences.domain** - Application ID usually in com.name.product format | | -| **domain_controller_address** | **ntdomains.domain_controller_address** - The IP Address of the discovered domain controller.. | keyword, text.text | -| **domain_controller_name** | **ntdomains.domain_controller_name** - The name of the discovered domain controller. | keyword, text.text | -| **domain_name** | **ntdomains.domain_name** - The name of the domain. | keyword, text.text | -| **drive_letter** | **bitlocker_info.drive_letter** - Drive letter of the encrypted drive. | keyword, text.text | -| | **ntfs_journal_events.drive_letter** - The drive letter identifying the source journal | | -| **drive_name** | **md_drives.drive_name** - Drive device name | keyword, text.text | -| **driver** | **docker_container_mounts.driver** - Driver providing the mount | keyword, text.text | -| | **docker_networks.driver** - Network driver | | -| | **docker_volumes.driver** - Volume driver | | -| | **hardware_events.driver** - Driver claiming the device | | -| | **lxd_storage_pools.driver** - Storage driver | | -| | **pci_devices.driver** - PCI Device used driver | | -| | **video_info.driver** - The driver of the device. | | -| **driver_date** | **video_info.driver_date** - The date listed on the installed driver. | keyword, number.long | -| **driver_key** | **drivers.driver_key** - Driver key | keyword, text.text | -| **driver_type** | **smart_drive_info.driver_type** - The explicit device type used to retrieve the SMART information | keyword, text.text | -| **driver_version** | **video_info.driver_version** - The version of the installed driver. | keyword, text.text | -| **dst_ip** | **iptables.dst_ip** - Destination IP address. | keyword, text.text | -| **dst_mask** | **iptables.dst_mask** - Destination IP address mask. | keyword, text.text | -| **dst_port** | **iptables.dst_port** - Protocol destination port(s). | keyword, text.text | -| **dtime** | **shared_memory.dtime** - Detached time | keyword, number.long | -| **dump_certificate** | **curl_certificate.dump_certificate** - Set this value to '1' to dump certificate | keyword, number.long | -| **duration** | **bpf_process_events.duration** - How much time was spent inside the syscall (nsecs) | keyword, number.long | -| | **bpf_socket_events.duration** - How much time was spent inside the syscall (nsecs) | | -| **eapi** | **portage_packages.eapi** - The eapi for the ebuild | keyword, number.long | -| **egid** | **docker_container_processes.egid** - Effective group ID | keyword | -| | **es_process_events.egid** - Effective Group ID of the process | | -| | **process_events.egid** - Effective group ID at process start | | -| | **process_file_events.egid** - Effective group ID of the process using the file | | -| | **processes.egid** - Unsigned effective group ID | | -| **eid** | **apparmor_events.eid** - Event ID | keyword, text.text | -| | **bpf_process_events.eid** - Event ID | | -| | **bpf_socket_events.eid** - Event ID | | -| | **disk_events.eid** - Event ID | | -| | **es_process_events.eid** - Event ID | | -| | **file_events.eid** - Event ID | | -| | **hardware_events.eid** - Event ID | | -| | **ntfs_journal_events.eid** - Event ID | | -| | **process_events.eid** - Event ID | | -| | **process_file_events.eid** - Event ID | | -| | **selinux_events.eid** - Event ID | | -| | **socket_events.eid** - Event ID | | -| | **syslog_events.eid** - Event ID | | -| | **user_events.eid** - Event ID | | -| | **windows_events.eid** - Event ID | | -| | **yara_events.eid** - Event ID | | -| **ejectable** | **disk_events.ejectable** - 1 if ejectable, 0 if not | keyword, number.long | -| **elapsed_time** | **processes.elapsed_time** - Elapsed time in seconds this process has been running. | keyword, number.long | -| **element** | **apps.element** - Does the app identify as a background agent | keyword, text.text | -| **elevated_token** | **processes.elevated_token** - Process uses elevated token yes=1, no=0 | keyword, number.long | -| **enable_ipv6** | **docker_networks.enable_ipv6** - 1 if IPv6 is enabled on this network. 0 otherwise | keyword, number.long | -| **enabled** | **app_schemes.enabled** - 1 if this handler is the OS default, else 0 | keyword | -| | **event_taps.enabled** - Is the Event Tap enabled | | -| | **interface_details.enabled** - Indicates whether the adapter is enabled or not. | | -| | **location_services.enabled** - 1 if Location Services are enabled, else 0 | | -| | **lxd_cluster.enabled** - Whether clustering enabled (1) or not (0) on this node | | -| | **sandboxes.enabled** - Application sandboxings enabled on container | | -| | **scheduled_tasks.enabled** - Whether or not the scheduled task is enabled | | -| | **screenlock.enabled** - 1 If a password is required after sleep or the screensaver begins; else 0 | | -| | **sip_config.enabled** - 1 if this configuration is enabled, otherwise 0 | | -| | **tpm_info.enabled** - TPM is enabled | | -| | **windows_firewall_rules.enabled** - 1 if the rule is enabled | | -| | **yum_sources.enabled** - Whether the repository is used | | -| **enabled_nvram** | **sip_config.enabled_nvram** - 1 if this configuration is enabled, otherwise 0 | keyword, number.long | -| **encrypted** | **disk_encryption.encrypted** - 1 If encrypted: true (disk is encrypted), else 0 | keyword, number.long | -| | **user_ssh_keys.encrypted** - 1 if key is encrypted, 0 otherwise | | -| **encryption** | **time_machine_destinations.encryption** - Last known encrypted state | keyword, text.text | -| **encryption_method** | **bitlocker_info.encryption_method** - The encryption type of the device. | keyword, text.text | -| **encryption_status** | **disk_encryption.encryption_status** - Disk encryption status with one of following values: encrypted | not encrypted | undefined | keyword, text.text | -| **end** | **memory_map.end** - End address of memory region | keyword, text.text | -| | **process_memory_map.end** - Virtual end address (hex) | | -| **ending_address** | **memory_array_mapped_addresses.ending_address** - Physical ending address of last kilobyte of a range of memory mapped to physical memory array | keyword, text.text | -| | **memory_device_mapped_addresses.ending_address** - Physical ending address of last kilobyte of a range of memory mapped to physical memory array | | -| **endpoint_id** | **docker_container_networks.endpoint_id** - Endpoint ID | keyword, text.text | -| **entry** | **authorization_mechanisms.entry** - The whole string entry | keyword, text.text | -| | **elf_info.entry** - Entry point address | | -| | **shimcache.entry** - Execution order. | | -| **env** | **es_process_events.env** - Environment variables delimited by spaces | keyword, text.text | -| | **process_events.env** - Environment variables delimited by spaces | | -| **env_count** | **es_process_events.env_count** - Number of environment variables | keyword, number.long | -| | **process_events.env_count** - Number of environment variables | | -| **env_size** | **process_events.env_size** - Actual size (bytes) of environment list | keyword, number.long | -| **env_variables** | **docker_containers.env_variables** - Container environmental variables | keyword, text.text | -| **environment** | **apps.environment** - Application-set environment variables | keyword, text.text | -| **ephemeral** | **lxd_instances.ephemeral** - Whether the instance is ephemeral(1) or not(0) | keyword, number.long | -| **epoch** | **rpm_packages.epoch** - Package epoch value | keyword, number.long | -| **error** | **apparmor_events.error** - Error information | keyword, text.text | -| **error_granularity** | **memory_error_info.error_granularity** - Granularity to which the error can be resolved | keyword, text.text | -| **error_operation** | **memory_error_info.error_operation** - Memory access operation that caused the error | keyword, text.text | -| **error_resolution** | **memory_error_info.error_resolution** - Range, in bytes, within which this error can be determined, when an error address is given | keyword, text.text | -| **error_type** | **memory_error_info.error_type** - type of error associated with current error status for array or device | keyword, text.text | -| **euid** | **docker_container_processes.euid** - Effective user ID | keyword | -| | **es_process_events.euid** - Effective User ID of the process | | -| | **process_events.euid** - Effective user ID at process start | | -| | **process_file_events.euid** - Effective user ID of the process using the file | | -| | **processes.euid** - Unsigned effective user ID | | -| **event** | **crontab.event** - The job @event name (rare) | keyword, text.text | -| **event_queue** | **carbon_black_info.event_queue** - Size in bytes of Carbon Black event files on disk | keyword, number.long | -| **event_tap_id** | **event_taps.event_tap_id** - Unique ID for the Tap | keyword, number.long | -| **event_tapped** | **event_taps.event_tapped** - The mask that identifies the set of events to be observed. | keyword, text.text | -| **event_type** | **es_process_events.event_type** - Type of EndpointSecurity event | keyword, text.text | -| **eventid** | **windows_eventlog.eventid** - Event ID of the event | keyword, number.long | -| | **windows_events.eventid** - Event ID of the event | | -| **events** | **osquery_events.events** - Number of events emitted or received since osquery started | keyword, number.long | -| **exception_address** | **windows_crashes.exception_address** - Address (in hex) where the exception occurred | keyword, text.text | -| **exception_code** | **windows_crashes.exception_code** - The Windows exception code | keyword, text.text | -| **exception_codes** | **crashes.exception_codes** - Exception codes from the crash | keyword, text.text | -| **exception_message** | **windows_crashes.exception_message** - The NTSTATUS error message associated with the exception code | keyword, text.text | -| **exception_notes** | **crashes.exception_notes** - Exception notes from the crash | keyword, text.text | -| **exception_type** | **crashes.exception_type** - Exception type of the crash | keyword, text.text | -| **exe** | **seccomp_events.exe** - The path to the executable that was used to invoke the analyzed process | keyword, text.text | -| **executable** | **appcompat_shims.executable** - Name of the executable that is being shimmed. This is pulled from the registry. | keyword, text.text | -| | **process_file_events.executable** - The executable path | | -| **executable_path** | **wmi_cli_event_consumers.executable_path** - Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed. | keyword, text.text | -| **execution_flag** | **shimcache.execution_flag** - Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher). | keyword, number.long | -| **executions** | **osquery_schedule.executions** - Number of times the query was executed | keyword, number.long | -| **exit_code** | **bpf_process_events.exit_code** - Exit code of the system call | keyword, text.text | -| | **bpf_socket_events.exit_code** - Exit code of the system call | | -| | **es_process_events.exit_code** - Exit code of a process in case of an exit event | | -| **expand** | **default_environment.expand** - 1 if the variable needs expanding, 0 otherwise | keyword, number.long | -| **expire** | **shadow.expire** - Number of days since UNIX epoch date until account is disabled | keyword, number.long | -| **expires_at** | **lxd_images.expires_at** - ISO time of image expiration | keyword, text.text | -| **extended_key_usage** | **curl_certificate.extended_key_usage** - Extended usage of key in certificate | keyword, text.text | -| **extensions** | **osquery_info.extensions** - osquery extensions status | keyword, text.text | -| **external** | **app_schemes.external** - 1 if this handler does NOT exist on OS X by default, else 0 | keyword, number.long | -| **extra** | **asl.extra** - Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h. | keyword, text.text | -| | **platform_info.extra** - Platform-specific additional information | | -| **facility** | **asl.facility** - Sender's facility. Default is 'user'. | keyword, text.text | -| | **syslog_events.facility** - Syslog facility | | -| **fahrenheit** | **temperature_sensors.fahrenheit** - Temperature in Fahrenheit | keyword, number.double | -| **failed_disks** | **md_devices.failed_disks** - Number of failed disks in array | keyword, number.long | -| **failed_login_count** | **account_policy_data.failed_login_count** - The number of failed login attempts using an incorrect password. Count resets after a correct password is entered. | keyword, number.long | -| **failed_login_timestamp** | **account_policy_data.failed_login_timestamp** - The time of the last failed login attempt. Resets after a correct password is entered | keyword, number.double | -| **family** | **bpf_socket_events.family** - The Internet protocol family ID | keyword, number.long | -| | **listening_ports.family** - Network protocol (IPv4, IPv6) | | -| | **process_open_sockets.family** - Network protocol (IPv4, IPv6) | | -| | **socket_events.family** - The Internet protocol family ID | | -| **fan** | **fan_speed_sensors.fan** - Fan number | keyword, text.text | -| **faults** | **virtual_memory_info.faults** - Total number of calls to vm_faults. | keyword, number.long | -| **fd** | **bpf_socket_events.fd** - The file description for the process socket | keyword, text.text | -| | **listening_ports.fd** - Socket file descriptor number | | -| | **process_open_files.fd** - Process-specific file descriptor number | | -| | **process_open_pipes.fd** - File descriptor | | -| | **process_open_sockets.fd** - Socket file descriptor number | | -| | **socket_events.fd** - The file description for the process socket | | -| **feature** | **cpuid.feature** - Present feature flags | keyword, text.text | -| **feature_control** | **msr.feature_control** - Bitfield controlling enabled features. | keyword, number.long | -| **field_name** | **system_controls.field_name** - Specific attribute of opaque type | keyword, text.text | -| **file_attributes** | **ntfs_journal_events.file_attributes** - File attributes | keyword, text.text | -| **file_backed** | **virtual_memory_info.file_backed** - Total number of file backed pages. | keyword, number.long | -| **file_id** | **file.file_id** - file ID | keyword, text.text | -| **file_sharing** | **sharing_preferences.file_sharing** - 1 If file sharing is enabled else 0 | keyword, number.long | -| **file_system** | **logical_drives.file_system** - The file system of the drive. | keyword, text.text | -| **file_version** | **file.file_version** - File version | keyword, text.text | -| **filename** | **device_file.filename** - Name portion of file path | keyword, text.text | -| | **file.filename** - Name portion of file path | | -| | **lxd_images.filename** - Filename of the image file | | -| | **prefetch.filename** - Executable filename. | | -| | **xprotect_entries.filename** - Use this file name to match | | -| **filepath** | **package_bom.filepath** - Package file or directory | keyword, text.text | -| **filesystem** | **disk_events.filesystem** - Filesystem if available | keyword, text.text | -| **filetype** | **xprotect_entries.filetype** - Use this file type to match | keyword, text.text | -| **filevault_status** | **disk_encryption.filevault_status** - FileVault status with one of following values: on | off | unknown | keyword, text.text | -| **filter** | **wmi_filter_consumer_binding.filter** - Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received. | keyword, text.text | -| **filter_name** | **iptables.filter_name** - Packet matching filter table name. | keyword, text.text | -| **fingerprint** | **lxd_certificates.fingerprint** - SHA256 hash of the certificate | keyword, text.text | -| **finished_at** | **docker_containers.finished_at** - Container finish time as string | keyword, text.text | -| **firewall** | **windows_security_center.firewall** - The health of the monitored Firewall (see windows_security_products) | keyword, text.text | -| **firewall_unload** | **alf.firewall_unload** - 1 If firewall unloading enabled else 0 | keyword, number.long | -| **firmware_version** | **ibridge_info.firmware_version** - The build version of the firmware | keyword, text.text | -| | **smart_drive_info.firmware_version** - Drive firmware version | | -| **fix_comments** | **patches.fix_comments** - Additional comments about the patch. | keyword, text.text | -| **flag** | **shadow.flag** - Reserved | keyword, number.long | -| **flags** | **device_partitions.flags** - | keyword | -| | **dns_cache.flags** - DNS record flags | | -| | **elf_info.flags** - ELF header flags | | -| | **elf_sections.flags** - Section attributes | | -| | **elf_segments.flags** - Segment attributes | | -| | **interface_details.flags** - Flags (netdevice) for the device | | -| | **mounts.flags** - Mounted device flags | | -| | **pipes.flags** - The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes | | -| | **routes.flags** - Flags to describe route | | -| **flatsize** | **pkg_packages.flatsize** - Package size in bytes | keyword, number.long | -| **folder_id** | **ycloud_instance_metadata.folder_id** - Folder identifier for the VM | keyword, text.text | -| **following** | **systemd_units.following** - The name of another unit that this unit follows in state | keyword, text.text | -| **forced** | **preferences.forced** - 1 if the value is forced/managed, else 0 | keyword, number.long | -| **form_factor** | **memory_devices.form_factor** - Implementation form factor for this memory device | keyword, text.text | -| | **smart_drive_info.form_factor** - Form factor if reported | | -| **format** | **cups_jobs.format** - The format of the print job | keyword, text.text | -| **forwarding_enabled** | **interface_ipv6.forwarding_enabled** - Enable IP forwarding | keyword, number.long | -| **fragment_path** | **systemd_units.fragment_path** - The unit file path this unit was read from, if there is any | keyword, text.text | -| **frame_backtrace** | **kernel_panics.frame_backtrace** - Backtrace of the crashed module | keyword, text.text | -| **free** | **virtual_memory_info.free** - Total number of free pages. | keyword, number.long | -| **free_space** | **logical_drives.free_space** - The amount of free space, in bytes, of the drive (-1 on failure). | keyword, number.long | -| **friendly_name** | **interface_addresses.friendly_name** - The friendly display name of the interface. | keyword, text.text | -| | **interface_details.friendly_name** - The friendly display name of the interface. | | -| **from_webstore** | **chrome_extensions.from_webstore** - True if this extension was installed from the web store | keyword, text.text | -| **fs_id** | **quicklook_cache.fs_id** - Quicklook file fs_id key | keyword, text.text | -| **fsgid** | **process_events.fsgid** - Filesystem group ID at process start | keyword | -| | **process_file_events.fsgid** - Filesystem group ID of the process using the file | | -| **fsuid** | **apparmor_events.fsuid** - Filesystem user ID | keyword | -| | **process_events.fsuid** - Filesystem user ID at process start | | -| | **process_file_events.fsuid** - Filesystem user ID of the process using the file | | -| **gateway** | **docker_container_networks.gateway** - Gateway | keyword, text.text | -| | **docker_networks.gateway** - Network gateway | | -| | **routes.gateway** - Route gateway | | -| **gid** | **asl.gid** - GID that sent the log message (set by the server). | keyword | -| | **bpf_process_events.gid** - Group ID | | -| | **bpf_socket_events.gid** - Group ID | | -| | **device_file.gid** - Owning group ID | | -| | **docker_container_processes.gid** - Group ID | | -| | **es_process_events.gid** - Group ID of the process | | -| | **file.gid** - Owning group ID | | -| | **file_events.gid** - Owning group ID | | -| | **groups.gid** - Unsigned int64 group ID | | -| | **package_bom.gid** - Expected group of file or directory | | -| | **process_events.gid** - Group ID at process start | | -| | **process_file_events.gid** - The gid of the process performing the action | | -| | **processes.gid** - Unsigned group ID | | -| | **seccomp_events.gid** - Group ID of the user who started the analyzed process | | -| | **user_groups.gid** - Group ID | | -| | **users.gid** - Group ID (unsigned) | | -| **gid_signed** | **groups.gid_signed** - A signed int64 version of gid | keyword, number.long | -| | **users.gid_signed** - Default group ID as int64 signed (Apple) | | -| **git_commit** | **docker_version.git_commit** - Docker build git commit | keyword, text.text | -| **global_seq_num** | **es_process_events.global_seq_num** - Global sequence number | keyword, number.long | -| **global_state** | **alf.global_state** - 1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0 | keyword, number.long | -| **go_version** | **docker_version.go_version** - Go version | keyword, text.text | -| **gpgcheck** | **yum_sources.gpgcheck** - Whether packages are GPG checked | keyword, text.text | -| **gpgkey** | **yum_sources.gpgkey** - URL to GPG key | keyword, text.text | -| **grace_period** | **screenlock.grace_period** - The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake | keyword, number.long | -| **group_sid** | **groups.group_sid** - Unique group ID | keyword, text.text | -| **grouping** | **windows_firewall_rules.grouping** - Group to which an individual rule belongs | keyword, text.text | -| **groupname** | **groups.groupname** - Canonical local group name | keyword, text.text | -| | **launchd.groupname** - Run this daemon or agent as this group | | -| | **rpm_package_files.groupname** - File default groupname from info DB | | -| | **suid_bin.groupname** - Binary owner group | | -| **guest** | **cpu_time.guest** - Time spent running a virtual CPU for a guest OS under the control of the Linux kernel | keyword, number.long | -| **guest_nice** | **cpu_time.guest_nice** - Time spent running a niced guest | keyword, number.long | -| **handle** | **memory_array_mapped_addresses.handle** - Handle, or instance number, associated with the structure | keyword, text.text | -| | **memory_arrays.handle** - Handle, or instance number, associated with the array | | -| | **memory_device_mapped_addresses.handle** - Handle, or instance number, associated with the structure | | -| | **memory_devices.handle** - Handle, or instance number, associated with the structure in SMBIOS | | -| | **memory_error_info.handle** - Handle, or instance number, associated with the structure | | -| | **oem_strings.handle** - Handle, or instance number, associated with the Type 11 structure | | -| | **smbios_tables.handle** - Table entry handle | | -| **handle_count** | **processes.handle_count** - Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process. | keyword, number.long | -| **handler** | **app_schemes.handler** - Application label for the handler | keyword, text.text | -| **hard_limit** | **ulimit_info.hard_limit** - Maximum limit value | keyword, text.text | -| **hard_links** | **device_file.hard_links** - Number of hard links | keyword, number.long | -| | **file.hard_links** - Number of hard links | | -| **hardware_model** | **disk_info.hardware_model** - Hard drive model. | keyword, text.text | -| | **system_info.hardware_model** - Hardware model | | -| **hardware_serial** | **system_info.hardware_serial** - Device serial number | keyword, text.text | -| **hardware_vendor** | **system_info.hardware_vendor** - Hardware vendor | keyword, text.text | -| **hardware_version** | **system_info.hardware_version** - Hardware version | keyword, text.text | -| **has_expired** | **curl_certificate.has_expired** - 1 if the certificate has expired, 0 otherwise | keyword, number.long | -| **hash** | **prefetch.hash** - Prefetch CRC hash. | keyword, text.text | -| **hash_alg** | **shadow.hash_alg** - Password hashing algorithm | keyword, text.text | -| **hash_resources** | **signature.hash_resources** - Set to 1 to also hash resources, or 0 otherwise. Default is 1 | keyword, number.long | -| **hashed** | **file_events.hashed** - 1 if the file was hashed, 0 if not, -1 if hashing failed | keyword, number.long | -| **header** | **sudoers.header** - Symbol for given rule | keyword, text.text | -| **header_size** | **smbios_tables.header_size** - Header size in bytes | keyword, number.long | -| **health** | **battery.health** - One of the following: "Good" describes a well-performing battery, "Fair" describes a functional battery with limited capacity, or "Poor" describes a battery that's not capable of providing power | keyword, text.text | -| **hidden** | **scheduled_tasks.hidden** - Whether or not the task is visible in the UI | keyword, number.long | -| | **smc_keys.hidden** - 1 if this key is normally hidden, otherwise 0 | | -| **history_file** | **shell_history.history_file** - Path to the .*_history for this user | keyword, text.text | -| **hit_count** | **quicklook_cache.hit_count** - Number of cache hits on thumbnail | keyword, text.text | -| **home_directory** | **logon_sessions.home_directory** - The home directory for the logon session. | keyword, text.text | -| **home_directory_drive** | **logon_sessions.home_directory_drive** - The drive location of the home directory of the logon session. | keyword, text.text | -| **homepage** | **atom_packages.homepage** - Package supplied homepage | keyword, text.text | -| **hop_limit** | **interface_ipv6.hop_limit** - Current Hop Limit | keyword, number.long | -| **hopcount** | **routes.hopcount** - Max hops expected | keyword, number.long | -| **host** | **asl.host** - Sender's address (set by the server). | keyword, text.text | -| | **last.host** - Entry hostname | | -| | **logged_in_users.host** - Remote hostname | | -| | **preferences.host** - 'current' or 'any' host, where 'current' takes precedence | | -| | **syslog_events.host** - Hostname configured for syslog | | -| **host_ip** | **docker_container_ports.host_ip** - Host IP address on which public port is listening | keyword, text.text | -| **host_port** | **docker_container_ports.host_port** - Host port | keyword, number.long | -| **hostname** | **curl_certificate.hostname** - Hostname (domain[:port]) to CURL | keyword, text.text | -| | **shortcut_files.hostname** - Optional hostname of the target file. | | -| | **system_info.hostname** - Network hostname including domain | | -| | **ycloud_instance_metadata.hostname** - Hostname of the VM | | -| **hostnames** | **etc_hosts.hostnames** - Raw hosts mapping | keyword, text.text | -| **hotfix_id** | **patches.hotfix_id** - The KB ID of the patch. | keyword, text.text | -| **hour** | **crontab.hour** - The hour of the day for the job | keyword, text.text | -| | **time.hour** - Current hour in UTC | | -| **hours** | **uptime.hours** - Hours of uptime | keyword, number.long | -| **http_proxy** | **docker_info.http_proxy** - HTTP proxy | keyword, text.text | -| **https_proxy** | **docker_info.https_proxy** - HTTPS proxy | keyword, text.text | -| **hwaddr** | **lxd_networks.hwaddr** - Hardware address for this network | keyword, text.text | -| **iam_arn** | **ec2_instance_metadata.iam_arn** - If there is an IAM role associated with the instance, contains instance profile ARN | keyword, text.text | -| **ibrs_support_enabled** | **kva_speculative_info.ibrs_support_enabled** - Windows uses IBRS. | keyword, number.long | -| **ibytes** | **interface_details.ibytes** - Input bytes | keyword, number.long | -| **icmp_types_codes** | **windows_firewall_rules.icmp_types_codes** - ICMP types and codes for the rule | keyword, text.text | -| **icon_mode** | **quicklook_cache.icon_mode** - Thumbnail icon mode | keyword, number.long | -| **icon_path** | **shortcut_files.icon_path** - Lnk file icon location. | keyword, text.text | -| **id** | **disk_info.id** - The unique identifier of the drive on the system. | keyword, text.text | -| | **dns_resolvers.id** - Address type index or order | | -| | **docker_container_envs.id** - Container ID | | -| | **docker_container_fs_changes.id** - Container ID | | -| | **docker_container_labels.id** - Container ID | | -| | **docker_container_mounts.id** - Container ID | | -| | **docker_container_networks.id** - Container ID | | -| | **docker_container_ports.id** - Container ID | | -| | **docker_container_processes.id** - Container ID | | -| | **docker_container_stats.id** - Container ID | | -| | **docker_containers.id** - Container ID | | -| | **docker_image_history.id** - Image ID | | -| | **docker_image_labels.id** - Image ID | | -| | **docker_image_layers.id** - Image ID | | -| | **docker_images.id** - Image ID | | -| | **docker_info.id** - Docker system ID | | -| | **docker_network_labels.id** - Network ID | | -| | **docker_networks.id** - Network ID | | -| | **example.id** - An index of some sort | | -| | **iokit_devicetree.id** - IOKit internal registry ID | | -| | **iokit_registry.id** - IOKit internal registry ID | | -| | **lxd_images.id** - Image ID | | -| | **systemd_units.id** - Unique unit identifier | | -| **identifier** | **browser_plugins.identifier** - Plugin identifier | keyword, text.text | -| | **chrome_extension_content_scripts.identifier** - Extension identifier | | -| | **chrome_extensions.identifier** - Extension identifier, computed from its manifest. Empty in case of error. | | -| | **crashes.identifier** - Identifier of the crashed process | | -| | **firefox_addons.identifier** - Addon identifier | | -| | **safari_extensions.identifier** - Extension identifier | | -| | **signature.identifier** - The signing identifier sealed into the signature | | -| | **system_extensions.identifier** - Identifier name | | -| | **xprotect_meta.identifier** - Browser plugin or extension identifier | | -| **identifying_number** | **programs.identifying_number** - Product identification such as a serial number on software, or a die number on a hardware chip. | keyword, text.text | -| **identity** | **xprotect_entries.identity** - XProtect identity (SHA1) of content | keyword, text.text | -| **idle** | **cpu_time.idle** - Time spent in the idle task | keyword, number.long | -| **idrops** | **interface_details.idrops** - Input drops | keyword, number.long | -| **idx** | **kernel_extensions.idx** - Extension load tag or index | keyword, number.long | -| **ierrors** | **interface_details.ierrors** - Input errors | keyword, number.long | -| **image** | **docker_containers.image** - Docker image (name) used to launch this container | keyword, text.text | -| | **drivers.image** - Path to driver image file | | -| **image_id** | **docker_containers.image_id** - Docker image ID | keyword, text.text | -| **images** | **docker_info.images** - Number of images | keyword, number.long | -| **in_smartctl_db** | **smart_drive_info.in_smartctl_db** - Boolean value for if drive is recognized | keyword, number.long | -| **inactive** | **memory_info.inactive** - The total amount of buffer or page cache memory, in bytes, that are free and available | keyword, number.long | -| | **shadow.inactive** - Number of days after password expires until account is blocked | | -| | **virtual_memory_info.inactive** - Total number of inactive pages. | | -| **inetd_compatibility** | **launchd.inetd_compatibility** - Run this daemon or agent as it was launched from inetd | keyword, text.text | -| **inf** | **drivers.inf** - Associated inf file | keyword, text.text | -| **info** | **apparmor_events.info** - Additional information | keyword, text.text | -| **info_access** | **curl_certificate.info_access** - Authority Information Access | keyword, text.text | -| **info_string** | **apps.info_string** - Info properties CFBundleGetInfoString label | keyword, text.text | -| **inherited_from** | **ntfs_acl_permissions.inherited_from** - The inheritance policy of the ACE. | keyword, text.text | -| **iniface** | **iptables.iniface** - Input interface for the rule. | keyword, text.text | -| **iniface_mask** | **iptables.iniface_mask** - Input interface mask for the rule. | keyword, text.text | -| **inode** | **device_file.inode** - Filesystem inode number | keyword, number.long | -| | **device_hash.inode** - Filesystem inode number | | -| | **file.inode** - Filesystem inode number | | -| | **file_events.inode** - Filesystem inode number | | -| | **process_memory_map.inode** - Mapped path inode, 0 means uninitialized (BSS) | | -| | **process_open_pipes.inode** - Pipe inode number | | -| | **quicklook_cache.inode** - Parsed file ID (inode) from fs_id | | -| **inodes** | **device_partitions.inodes** - Number of meta nodes | keyword, number.long | -| | **mounts.inodes** - Mounted device used inodes | | -| **inodes_free** | **mounts.inodes_free** - Mounted device free inodes | keyword, number.long | -| **inodes_total** | **lxd_storage_pools.inodes_total** - Total number of inodes available in this storage pool | keyword, number.long | -| **inodes_used** | **lxd_storage_pools.inodes_used** - Number of inodes used | keyword, number.long | -| **input_eax** | **cpuid.input_eax** - Value of EAX used | keyword, text.text | -| **install_date** | **os_version.install_date** - The install date of the OS. | keyword | -| | **patches.install_date** - Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed. | | -| | **programs.install_date** - Date that this product was installed on the system. | | -| | **shared_resources.install_date** - Indicates when the object was installed. Lack of a value does not indicate that the object is not installed. | | -| **install_location** | **programs.install_location** - The installation location directory of the product. | keyword, text.text | -| **install_source** | **programs.install_source** - The installation source of the product. | keyword, text.text | -| **install_time** | **appcompat_shims.install_time** - Install time of the SDB | keyword | -| | **chrome_extensions.install_time** - Extension install time, in its original Webkit format | | -| | **package_receipts.install_time** - Timestamp of install time | | -| | **rpm_packages.install_time** - When the package was installed | | -| **install_timestamp** | **chrome_extensions.install_timestamp** - Extension install time, converted to unix time | keyword, number.long | -| **installed_by** | **patches.installed_by** - The system context in which the patch as installed. | keyword, text.text | -| **installed_on** | **patches.installed_on** - The date when the patch was installed. | keyword, text.text | -| **installer_name** | **package_receipts.installer_name** - Name of installer process | keyword, text.text | -| **instance_id** | **ec2_instance_metadata.instance_id** - EC2 instance ID | keyword, text.text | -| | **ec2_instance_tags.instance_id** - EC2 instance ID | | -| | **osquery_info.instance_id** - Unique, long-lived ID per instance of osquery | | -| | **ycloud_instance_metadata.instance_id** - Unique identifier for the VM | | -| **instance_identifier** | **hvci_status.instance_identifier** - The instance ID of Device Guard. | keyword, text.text | -| **instance_type** | **ec2_instance_metadata.instance_type** - EC2 instance type | keyword, text.text | -| **instances** | **pipes.instances** - Number of instances of the named pipe | keyword, number.long | -| **interface** | **arp_cache.interface** - Interface of the network for the MAC | keyword, text.text | -| | **interface_addresses.interface** - Interface name | | -| | **interface_details.interface** - Interface name | | -| | **interface_ipv6.interface** - Interface name | | -| | **lldp_neighbors.interface** - Interface name | | -| | **routes.interface** - Route local interface | | -| | **wifi_status.interface** - Name of the interface | | -| | **wifi_survey.interface** - Name of the interface | | -| **interleave_data_depth** | **memory_device_mapped_addresses.interleave_data_depth** - The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave | keyword, number.long | -| **interleave_position** | **memory_device_mapped_addresses.interleave_position** - The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc. | keyword, number.long | -| **internal** | **osquery_registry.internal** - 1 If the plugin is internal else 0 | keyword, number.long | -| **internet_settings** | **windows_security_center.internet_settings** - The health of the Internet Settings | keyword, text.text | -| **internet_sharing** | **sharing_preferences.internet_sharing** - 1 If internet sharing is enabled else 0 | keyword, number.long | -| **interval** | **docker_container_stats.interval** - Difference between read and preread in nano-seconds | keyword, number.long | -| | **osquery_schedule.interval** - The interval in seconds to run this query, not an exact interval | | -| **iowait** | **cpu_time.iowait** - Time spent waiting for I/O to complete | keyword, number.long | -| **ip** | **seccomp_events.ip** - Instruction pointer value | keyword, text.text | -| **ip_address** | **docker_container_networks.ip_address** - IP address | keyword, text.text | -| **ip_prefix_len** | **docker_container_networks.ip_prefix_len** - IP subnet prefix length | keyword, number.long | -| **ipackets** | **interface_details.ipackets** - Input packets | keyword, number.long | -| **ipc_namespace** | **docker_containers.ipc_namespace** - IPC namespace | keyword, text.text | -| | **process_namespaces.ipc_namespace** - ipc namespace inode | | -| **ipv4_address** | **lxd_networks.ipv4_address** - IPv4 address | keyword, text.text | -| **ipv4_forwarding** | **docker_info.ipv4_forwarding** - 1 if IPv4 forwarding is enabled. 0 otherwise | keyword, number.long | -| **ipv4_internet** | **connectivity.ipv4_internet** - True if any interface is connected to the Internet via IPv4 | keyword, number.long | -| **ipv4_local_network** | **connectivity.ipv4_local_network** - True if any interface is connected to a routed network via IPv4 | keyword, number.long | -| **ipv4_no_traffic** | **connectivity.ipv4_no_traffic** - True if any interface is connected via IPv4, but has seen no traffic | keyword, number.long | -| **ipv4_subnet** | **connectivity.ipv4_subnet** - True if any interface is connected to the local subnet via IPv4 | keyword, number.long | -| **ipv6_address** | **docker_container_networks.ipv6_address** - IPv6 address | keyword, text.text | -| | **lxd_networks.ipv6_address** - IPv6 address | | -| **ipv6_gateway** | **docker_container_networks.ipv6_gateway** - IPv6 gateway | keyword, text.text | -| **ipv6_internet** | **connectivity.ipv6_internet** - True if any interface is connected to the Internet via IPv6 | keyword, number.long | -| **ipv6_local_network** | **connectivity.ipv6_local_network** - True if any interface is connected to a routed network via IPv6 | keyword, number.long | -| **ipv6_no_traffic** | **connectivity.ipv6_no_traffic** - True if any interface is connected via IPv6, but has seen no traffic | keyword, number.long | -| **ipv6_prefix_len** | **docker_container_networks.ipv6_prefix_len** - IPv6 subnet prefix length | keyword, number.long | -| **ipv6_subnet** | **connectivity.ipv6_subnet** - True if any interface is connected to the local subnet via IPv6 | keyword, number.long | -| **irq** | **cpu_time.irq** - Time spent servicing interrupts | keyword, number.long | -| **is_active** | **running_apps.is_active** - 1 if the application is in focus, 0 otherwise | keyword, number.long | -| **is_hidden** | **groups.is_hidden** - IsHidden attribute set in OpenDirectory | keyword, number.long | -| | **users.is_hidden** - IsHidden attribute set in OpenDirectory | | -| **iso_8601** | **time.iso_8601** - Current time (ISO format) in UTC | keyword, text.text | -| **issuer** | **certificates.issuer** - Certificate issuer distinguished name | keyword, text.text | -| **issuer_alternative_names** | **curl_certificate.issuer_alternative_names** - Issuer Alternative Name | keyword, text.text | -| **issuer_common_name** | **curl_certificate.issuer_common_name** - Issuer common name | keyword, text.text | -| **issuer_name** | **authenticode.issuer_name** - The certificate issuer name | keyword, text.text | -| **issuer_organization** | **curl_certificate.issuer_organization** - Issuer organization | keyword, text.text | -| **issuer_organization_unit** | **curl_certificate.issuer_organization_unit** - Issuer organization unit | keyword, text.text | -| **job_id** | **systemd_units.job_id** - Next queued job id | keyword, number.long | -| **job_path** | **systemd_units.job_path** - The object path for the job | keyword, text.text | -| **job_type** | **systemd_units.job_type** - Job type | keyword, text.text | -| **json_cmdline** | **bpf_process_events.json_cmdline** - Command line arguments, in JSON format | keyword, text.text | -| **keep_alive** | **launchd.keep_alive** - Should the process be restarted if killed | keyword, text.text | -| **kernel_memory** | **docker_info.kernel_memory** - 1 if kernel memory limit support is enabled. 0 otherwise | keyword, number.long | -| **kernel_version** | **docker_info.kernel_version** - Kernel version | keyword, text.text | -| | **docker_version.kernel_version** - Kernel version | | -| | **kernel_panics.kernel_version** - Version of the system kernel | | -| **key** | **authorized_keys.key** - parsed authorized keys line | keyword, text.text | -| | **azure_instance_tags.key** - The tag key | | -| | **chrome_extensions.key** - The extension key, from the manifest file | | -| | **docker_container_envs.key** - Environment variable name | | -| | **docker_container_labels.key** - Label key | | -| | **docker_image_labels.key** - Label key | | -| | **docker_network_labels.key** - Label key | | -| | **docker_volume_labels.key** - Label key | | -| | **ec2_instance_tags.key** - Tag key | | -| | **extended_attributes.key** - Name of the value generated from the extended attribute | | -| | **known_hosts.key** - parsed authorized keys line | | -| | **launchd_overrides.key** - Name of the override key | | -| | **lxd_instance_config.key** - Configuration parameter name | | -| | **lxd_instance_devices.key** - Device info param name | | -| | **mdls.key** - Name of the metadata key | | -| | **plist.key** - Preference top-level key | | -| | **power_sensors.key** - The SMC key on OS X | | -| | **preferences.key** - Preference top-level key | | -| | **process_envs.key** - Environment variable name | | -| | **registry.key** - Name of the key to search for | | -| | **selinux_settings.key** - Key or class name. | | -| | **smc_keys.key** - 4-character key | | -| | **temperature_sensors.key** - The SMC key on OS X | | -| **key_algorithm** | **certificates.key_algorithm** - Key algorithm used | keyword, text.text | -| **key_file** | **authorized_keys.key_file** - Path to the authorized_keys file | keyword, text.text | -| | **known_hosts.key_file** - Path to known_hosts file | | -| **key_strength** | **certificates.key_strength** - Key size used for RSA/DSA, or curve name | keyword, text.text | -| **key_type** | **user_ssh_keys.key_type** - The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string. | keyword, text.text | -| **key_usage** | **certificates.key_usage** - Certificate key usage and extended key usage | keyword, text.text | -| | **curl_certificate.key_usage** - Usage of key in certificate | | -| **keychain_path** | **keychain_acls.keychain_path** - The path of the keychain | keyword, text.text | -| **keyword** | **portage_keywords.keyword** - The keyword applied to the package | keyword, text.text | -| **keywords** | **windows_eventlog.keywords** - A bitmask of the keywords defined in the event | keyword, text.text | -| | **windows_events.keywords** - A bitmask of the keywords defined in the event | | -| **kva_shadow_enabled** | **kva_speculative_info.kva_shadow_enabled** - Kernel Virtual Address shadowing is enabled. | keyword, number.long | -| **kva_shadow_inv_pcid** | **kva_speculative_info.kva_shadow_inv_pcid** - Kernel VA INVPCID is enabled. | keyword, number.long | -| **kva_shadow_pcid** | **kva_speculative_info.kva_shadow_pcid** - Kernel VA PCID flushing optimization is enabled. | keyword, number.long | -| **kva_shadow_user_global** | **kva_speculative_info.kva_shadow_user_global** - User pages are marked as global. | keyword, number.long | -| **label** | **apparmor_events.label** - AppArmor label | keyword, text.text | -| | **augeas.label** - The label of the configuration item | | -| | **authorization_mechanisms.label** - Label of the authorization right | | -| | **authorizations.label** - Item name, usually in reverse domain format | | -| | **block_devices.label** - Block device label string | | -| | **device_partitions.label** - | | -| | **keychain_acls.label** - An optional label tag that may be included with the keychain entry | | -| | **keychain_items.label** - Generic item name | | -| | **launchd.label** - Daemon or agent service name | | -| | **launchd_overrides.label** - Daemon or agent service name | | -| | **quicklook_cache.label** - Parsed version 'gen' field | | -| | **sandboxes.label** - UTI-format bundle or label ID | | -| **language** | **programs.language** - The language of the product. | keyword, text.text | -| **last_change** | **interface_details.last_change** - Time of last device modification (optional) | keyword, number.long | -| | **shadow.last_change** - Date of last password change (starting from UNIX epoch date) | | -| **last_connected** | **wifi_networks.last_connected** - Last time this netword was connected to as a unix_time | keyword, number.long | -| **last_executed** | **osquery_schedule.last_executed** - UNIX time stamp in seconds of the last completed execution | keyword, number.long | -| **last_execution_time** | **background_activities_moderator.last_execution_time** - Most recent time application was executed. | keyword, number.long | -| | **userassist.last_execution_time** - Most recent time application was executed. | | -| **last_hit_date** | **quicklook_cache.last_hit_date** - Apple date format for last thumbnail cache hit | keyword, number.long | -| **last_loaded** | **kernel_panics.last_loaded** - Last loaded module before panic | keyword, text.text | -| **last_memory** | **osquery_schedule.last_memory** - Resident memory in bytes left allocated after collecting results of the latest execution | keyword, number.long | -| **last_opened_time** | **apps.last_opened_time** - The time that the app was last used | keyword | -| | **office_mru.last_opened_time** - Most recent opened time file was opened | | -| **last_run_code** | **scheduled_tasks.last_run_code** - Exit status code of the last task run | keyword, text.text | -| **last_run_message** | **scheduled_tasks.last_run_message** - Exit status message of the last task run | keyword, text.text | -| **last_run_time** | **prefetch.last_run_time** - Most recent time application was run. | keyword, number.long | -| | **scheduled_tasks.last_run_time** - Timestamp the task last ran | | -| **last_system_time** | **osquery_schedule.last_system_time** - System time in milliseconds of the latest execution | keyword, number.long | -| **last_unloaded** | **kernel_panics.last_unloaded** - Last unloaded module before panic | keyword, text.text | -| **last_used_at** | **lxd_images.last_used_at** - ISO time for the most recent use of this image in terms of container spawn | keyword, text.text | -| **last_user_time** | **osquery_schedule.last_user_time** - User time in milliseconds of the latest execution | keyword, number.long | -| **last_wall_time_ms** | **osquery_schedule.last_wall_time_ms** - Wall time in milliseconds of the latest execution | keyword, number.long | -| **launch_type** | **xprotect_entries.launch_type** - Launch services content type | keyword, text.text | -| **layer_id** | **docker_image_layers.layer_id** - Layer ID | keyword, text.text | -| **layer_order** | **docker_image_layers.layer_order** - Layer Order (1 = base layer) | keyword, number.long | -| **level** | **asl.level** - Log level number. See levels in asl.h. | keyword, number.long | -| | **windows_eventlog.level** - Severity level associated with the event | | -| | **windows_events.level** - The severity level associated with the event | | -| **license** | **atom_packages.license** - License for package | keyword, text.text | -| | **chocolatey_packages.license** - License under which package is launched | | -| | **npm_packages.license** - License for package | | -| | **python_packages.license** - License under which package is launched | | -| **link** | **elf_sections.link** - Link to other section | keyword, text.text | -| **link_speed** | **interface_details.link_speed** - Interface speed in Mb/s | keyword, number.long | -| **linked_against** | **kernel_extensions.linked_against** - Indexes of extensions this extension is linked against | keyword, text.text | -| **load_state** | **systemd_units.load_state** - Reflects whether the unit definition was properly loaded | keyword, text.text | -| **local_address** | **bpf_socket_events.local_address** - Local address associated with socket | keyword, text.text | -| | **process_open_sockets.local_address** - Socket local address | | -| | **socket_events.local_address** - Local address associated with socket | | -| **local_addresses** | **windows_firewall_rules.local_addresses** - Local addresses for the rule | keyword, text.text | -| **local_hostname** | **ec2_instance_metadata.local_hostname** - Private IPv4 DNS hostname of the first interface of this instance | keyword, text.text | -| | **system_info.local_hostname** - Local hostname (optional) | | -| **local_ipv4** | **ec2_instance_metadata.local_ipv4** - Private IPv4 address of the first interface of this instance | keyword, text.text | -| **local_path** | **shortcut_files.local_path** - Local system path to target file. | keyword, text.text | -| **local_port** | **bpf_socket_events.local_port** - Local network protocol port number | keyword, number.long | -| | **process_open_sockets.local_port** - Socket local port | | -| | **socket_events.local_port** - Local network protocol port number | | -| **local_ports** | **windows_firewall_rules.local_ports** - Local ports for the rule | keyword, text.text | -| **local_timezone** | **time.local_timezone** - Current local timezone in of the system | keyword, text.text | -| **location** | **azure_instance_metadata.location** - Azure Region the VM is running in | keyword, text.text | -| | **firefox_addons.location** - Global, profile location | | -| | **memory_arrays.location** - Physical location of the memory array | | -| | **package_receipts.location** - Optional relative install path on volume | | -| **lock** | **chassis_info.lock** - If TRUE, the frame is equipped with a lock. | keyword, text.text | -| **lock_status** | **bitlocker_info.lock_status** - The accessibility status of the drive from Windows. | keyword, number.long | -| **locked** | **shared_memory.locked** - 1 if segment is locked else 0 | keyword, number.long | -| **log_file_disk_quota_mb** | **carbon_black_info.log_file_disk_quota_mb** - Event file disk quota in MB | keyword, number.long | -| **log_file_disk_quota_percentage** | **carbon_black_info.log_file_disk_quota_percentage** - Event file disk quota in a percentage | keyword, number.long | -| **logging_driver** | **docker_info.logging_driver** - Logging driver | keyword, text.text | -| **logging_enabled** | **alf.logging_enabled** - 1 If logging mode is enabled else 0 | keyword, number.long | -| **logging_option** | **alf.logging_option** - Firewall logging option | keyword, number.long | -| **logical_processors** | **cpu_info.logical_processors** - The number of logical processors of the CPU. | keyword, number.long | -| **logon_domain** | **logon_sessions.logon_domain** - The name of the domain used to authenticate the owner of the logon session. | keyword, text.text | -| **logon_id** | **logon_sessions.logon_id** - A locally unique identifier (LUID) that identifies a logon session. | keyword, number.long | -| **logon_script** | **logon_sessions.logon_script** - The script used for logging on. | keyword, text.text | -| **logon_server** | **logon_sessions.logon_server** - The name of the server used to authenticate the owner of the logon session. | keyword, text.text | -| **logon_sid** | **logon_sessions.logon_sid** - The user's security identifier (SID). | keyword, text.text | -| **logon_time** | **logon_sessions.logon_time** - The time the session owner logged on. | keyword, number.long | -| **logon_type** | **logon_sessions.logon_type** - The logon method. | keyword, text.text | -| **lu_wwn_device_id** | **smart_drive_info.lu_wwn_device_id** - Device Identifier | keyword, text.text | -| **mac** | **arp_cache.mac** - MAC address of broadcasted address | keyword, text.text | -| | **ec2_instance_metadata.mac** - MAC address for the first network interface of this EC2 instance | | -| | **interface_details.mac** - MAC of interface (optional) | | -| **mac_address** | **docker_container_networks.mac_address** - MAC address | keyword, text.text | -| **machine** | **elf_info.machine** - Machine type | keyword, number.long | -| **machine_name** | **windows_crashes.machine_name** - Name of the machine where the crash happened | keyword, text.text | -| **magic_db_files** | **magic.magic_db_files** - Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc | keyword, text.text | -| **maintainer** | **apt_sources.maintainer** - Repository maintainer | keyword, text.text | -| | **deb_packages.maintainer** - Package maintainer | | -| **major** | **os_version.major** - Major release version | keyword, number.long | -| **major_version** | **windows_crashes.major_version** - Windows major version of the machine | keyword, number.long | -| **managed** | **lxd_networks.managed** - 1 if network created by LXD, 0 otherwise | keyword, number.long | -| **manifest_hash** | **chrome_extensions.manifest_hash** - The SHA256 hash of the manifest.json file | keyword, text.text | -| **manifest_json** | **chrome_extensions.manifest_json** - The manifest file of the extension | keyword, text.text | -| **manual** | **managed_policies.manual** - 1 if policy was loaded manually, otherwise 0 | keyword, number.long | -| **manufacture_date** | **battery.manufacture_date** - The date the battery was manufactured UNIX Epoch | keyword, number.long | -| **manufacturer** | **battery.manufacturer** - The battery manufacturer's name | keyword, text.text | -| | **chassis_info.manufacturer** - The manufacturer of the chassis. | | -| | **cpu_info.manufacturer** - The manufacturer of the CPU. | | -| | **disk_info.manufacturer** - The manufacturer of the disk. | | -| | **drivers.manufacturer** - Device manufacturer | | -| | **interface_details.manufacturer** - Name of the network adapter's manufacturer. | | -| | **memory_devices.manufacturer** - Manufacturer ID string | | -| | **video_info.manufacturer** - The manufacturer of the gpu. | | -| **manufacturer_id** | **tpm_info.manufacturer_id** - TPM manufacturers ID | keyword, number.long | -| **manufacturer_name** | **tpm_info.manufacturer_name** - TPM manufacturers name | keyword, text.text | -| **manufacturer_version** | **tpm_info.manufacturer_version** - TPM version | keyword, text.text | -| **mask** | **interface_addresses.mask** - Interface netmask | keyword, text.text | -| | **portage_keywords.mask** - If the package is masked | | -| **match** | **chrome_extension_content_scripts.match** - The pattern that the script is matched against | keyword, text.text | -| | **iptables.match** - Matching rule that applies. | | -| **matches** | **yara.matches** - List of YARA matches | keyword, text.text | -| | **yara_events.matches** - List of YARA matches | | -| **max** | **fan_speed_sensors.max** - Maximum speed | keyword, number.long | -| | **shadow.max** - Maximum number of days between password changes | | -| **max_capacity** | **battery.max_capacity** - The battery's actual capacity when it is fully charged in mAh | keyword, number.long | -| | **memory_arrays.max_capacity** - Maximum capacity of array in gigabytes | | -| **max_clock_speed** | **cpu_info.max_clock_speed** - The maximum possible frequency of the CPU. | keyword, number.long | -| **max_instances** | **pipes.max_instances** - The maximum number of instances creatable for this pipe | keyword, number.long | -| **max_speed** | **memory_devices.max_speed** - Max speed of memory device in megatransfers per second (MT/s) | keyword, number.long | -| **max_voltage** | **memory_devices.max_voltage** - Maximum operating voltage of device in millivolts | keyword, number.long | -| **maximum_allowed** | **shared_resources.maximum_allowed** - Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE. | keyword, number.long | -| **md5** | **acpi_tables.md5** - MD5 hash of table content | keyword, text.text | -| | **device_hash.md5** - MD5 hash of provided inode data | | -| | **file_events.md5** - The MD5 of the file after change | | -| | **hash.md5** - MD5 hash of provided filesystem data | | -| | **smbios_tables.md5** - MD5 hash of table entry | | -| **md_device_name** | **md_drives.md_device_name** - md device name | keyword, text.text | -| **mdm_managed** | **system_extensions.mdm_managed** - 1 if managed by MDM system extension payload configuration, 0 otherwise | keyword, number.long | -| **mechanism** | **authorization_mechanisms.mechanism** - Name of the mechanism that will be called | keyword, text.text | -| **med_capability_capabilities** | **lldp_neighbors.med_capability_capabilities** - Is MED capabilities enabled | keyword, number.long | -| **med_capability_inventory** | **lldp_neighbors.med_capability_inventory** - Is MED inventory capability enabled | keyword, number.long | -| **med_capability_location** | **lldp_neighbors.med_capability_location** - Is MED location capability enabled | keyword, number.long | -| **med_capability_mdi_pd** | **lldp_neighbors.med_capability_mdi_pd** - Is MED MDI PD capability enabled | keyword, number.long | -| **med_capability_mdi_pse** | **lldp_neighbors.med_capability_mdi_pse** - Is MED MDI PSE capability enabled | keyword, number.long | -| **med_capability_policy** | **lldp_neighbors.med_capability_policy** - Is MED policy capability enabled | keyword, number.long | -| **med_device_type** | **lldp_neighbors.med_device_type** - Chassis MED type | keyword, text.text | -| **med_policies** | **lldp_neighbors.med_policies** - Comma delimited list of MED policies | keyword, text.text | -| **media_name** | **disk_events.media_name** - Disk event media name string | keyword, text.text | -| **mem** | **docker_container_processes.mem** - Memory utilization as percentage | keyword, number.double | -| **member_config_description** | **lxd_cluster.member_config_description** - Config description | keyword, text.text | -| **member_config_entity** | **lxd_cluster.member_config_entity** - Type of configuration parameter for this node | keyword, text.text | -| **member_config_key** | **lxd_cluster.member_config_key** - Config key | keyword, text.text | -| **member_config_name** | **lxd_cluster.member_config_name** - Name of configuration parameter | keyword, text.text | -| **member_config_value** | **lxd_cluster.member_config_value** - Config value | keyword, text.text | -| **memory** | **docker_info.memory** - Total memory | keyword, number.long | -| **memory_array_error_address** | **memory_error_info.memory_array_error_address** - 32 bit physical address of the error based on the addressing of the bus to which the memory array is connected | keyword, text.text | -| **memory_array_handle** | **memory_array_mapped_addresses.memory_array_handle** - Handle of the memory array associated with this structure | keyword, text.text | -| **memory_array_mapped_address_handle** | **memory_device_mapped_addresses.memory_array_mapped_address_handle** - Handle of the memory array mapped address to which this device range is mapped to | keyword, text.text | -| **memory_device_handle** | **memory_device_mapped_addresses.memory_device_handle** - Handle of the memory device structure associated with this structure | keyword, text.text | -| **memory_error_correction** | **memory_arrays.memory_error_correction** - Primary hardware error correction or detection method supported | keyword, text.text | -| **memory_error_info_handle** | **memory_arrays.memory_error_info_handle** - Handle, or instance number, associated with any error that was detected for the array | keyword, text.text | -| **memory_free** | **memory_info.memory_free** - The amount of physical RAM, in bytes, left unused by the system | keyword, number.long | -| **memory_limit** | **docker_container_stats.memory_limit** - Memory limit | keyword, number.long | -| | **docker_info.memory_limit** - 1 if memory limit support is enabled. 0 otherwise | | -| **memory_max_usage** | **docker_container_stats.memory_max_usage** - Memory maximum usage | keyword, number.long | -| **memory_total** | **memory_info.memory_total** - Total amount of physical RAM, in bytes | keyword, number.long | -| **memory_type** | **memory_devices.memory_type** - Type of memory used | keyword, text.text | -| **memory_type_details** | **memory_devices.memory_type_details** - Additional details for memory device | keyword, text.text | -| **memory_usage** | **docker_container_stats.memory_usage** - Memory usage | keyword, number.long | -| **message** | **apparmor_events.message** - Raw audit message | keyword, text.text | -| | **asl.message** - Message text. | | -| | **lxd_cluster_members.message** - Message from the node (Online/Offline) | | -| | **selinux_events.message** - Message | | -| | **syslog_events.message** - The syslog message | | -| | **user_events.message** - Message from the event | | -| **metadata_endpoint** | **ycloud_instance_metadata.metadata_endpoint** - Endpoint used to fetch VM metadata | keyword, text.text | -| **method** | **curl.method** - The HTTP method for the request | keyword, text.text | -| **metric** | **interface_details.metric** - Metric based on the speed of the interface | keyword, number.long | -| | **routes.metric** - Cost of route. Lowest is preferred | | -| **metric_name** | **prometheus_metrics.metric_name** - Name of collected Prometheus metric | keyword, text.text | -| **metric_value** | **prometheus_metrics.metric_value** - Value of collected Prometheus metric | keyword, number.double | -| **mft_entry** | **shellbags.mft_entry** - Directory master file table entry. | keyword, number.long | -| | **shortcut_files.mft_entry** - Target mft entry. | | -| **mft_sequence** | **shellbags.mft_sequence** - Directory master file table sequence. | keyword, number.long | -| | **shortcut_files.mft_sequence** - Target mft sequence. | | -| **mime_encoding** | **magic.mime_encoding** - MIME encoding data from libmagic | keyword, text.text | -| **mime_type** | **magic.mime_type** - MIME type data from libmagic | keyword, text.text | -| **min** | **fan_speed_sensors.min** - Minimum speed | keyword, number.long | -| | **shadow.min** - Minimal number of days between password changes | | -| **min_api_version** | **docker_version.min_api_version** - Minimum API version supported | keyword, text.text | -| **min_version** | **xprotect_meta.min_version** - The minimum allowed plugin version. | keyword, text.text | -| **min_voltage** | **memory_devices.min_voltage** - Minimum operating voltage of device in millivolts | keyword, number.long | -| **minimum_system_version** | **apps.minimum_system_version** - Minimum version of OS X required for the app to run | keyword, text.text | -| **minor** | **os_version.minor** - Minor release version | keyword, number.long | -| **minor_version** | **windows_crashes.minor_version** - Windows minor version of the machine | keyword, number.long | -| **minute** | **crontab.minute** - The exact minute for the job | keyword, text.text | -| **minutes** | **time.minutes** - Current minutes in UTC | keyword, number.long | -| | **uptime.minutes** - Minutes of uptime | | -| **minutes_to_full_charge** | **battery.minutes_to_full_charge** - The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated | keyword, number.long | -| **minutes_until_empty** | **battery.minutes_until_empty** - The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated | keyword, number.long | -| **mirrorlist** | **yum_sources.mirrorlist** - Mirrorlist URL | keyword, text.text | -| **mnt_namespace** | **docker_containers.mnt_namespace** - Mount namespace | keyword, text.text | -| | **process_namespaces.mnt_namespace** - mnt namespace inode | | -| **mode** | **apparmor_profiles.mode** - How the policy is applied. | keyword, text.text | -| | **device_file.mode** - Permission bits | | -| | **docker_container_mounts.mode** - Mount options (rw, ro) | | -| | **file.mode** - Permission bits | | -| | **file_events.mode** - Permission bits | | -| | **package_bom.mode** - Expected permissions | | -| | **process_events.mode** - File mode permissions | | -| | **process_open_pipes.mode** - Pipe open mode (r/w) | | -| | **rpm_package_files.mode** - File permissions mode from info DB | | -| | **wifi_status.mode** - The current operating mode for the Wi-Fi interface | | -| **model** | **battery.model** - The battery's model number | keyword, text.text | -| | **block_devices.model** - Block device model string identifier | | -| | **chassis_info.model** - The model of the chassis. | | -| | **cpu_info.model** - The model of the CPU. | | -| | **hardware_events.model** - Hardware device model | | -| | **pci_devices.model** - PCI Device model | | -| | **usb_devices.model** - USB Device model string | | -| | **video_info.model** - The model of the gpu. | | -| **model_family** | **smart_drive_info.model_family** - Drive model family | keyword, text.text | -| **model_id** | **hardware_events.model_id** - Hex encoded Hardware model identifier | keyword, text.text | -| | **pci_devices.model_id** - Hex encoded PCI Device model identifier | | -| | **usb_devices.model_id** - Hex encoded USB Device model identifier | | -| **modified** | **authorizations.modified** - Label top-level key | keyword, text.text | -| | **keychain_items.modified** - Date of last modification | | -| **modified_time** | **package_bom.modified_time** - Timestamp the file was installed | keyword, number.long | -| | **shellbags.modified_time** - Directory Modified time. | | -| | **shimcache.modified_time** - File Modified time. | | -| **module** | **windows_crashes.module** - Path of the crashed module within the process | keyword, text.text | -| **module_backtrace** | **kernel_panics.module_backtrace** - Modules appearing in the crashed module's backtrace | keyword, text.text | -| **module_path** | **services.module_path** - Path to ServiceDll | keyword, text.text | -| **month** | **crontab.month** - The month of the year for the job | keyword, text.text | -| | **time.month** - Current month in UTC | | -| **mount_namespace_id** | **deb_packages.mount_namespace_id** - Mount namespace id | keyword, text.text | -| | **file.mount_namespace_id** - Mount namespace id | | -| | **hash.mount_namespace_id** - Mount namespace id | | -| | **npm_packages.mount_namespace_id** - Mount namespace id | | -| | **os_version.mount_namespace_id** - Mount namespace id | | -| | **rpm_packages.mount_namespace_id** - Mount namespace id | | -| **mount_point** | **docker_volumes.mount_point** - Mount point | keyword, text.text | -| **mountable** | **disk_events.mountable** - 1 if mountable, 0 if not | keyword, number.long | -| **msize** | **elf_segments.msize** - Segment offset in memory | keyword, number.long | -| **mtime** | **device_file.mtime** - Last modification time | keyword | -| | **file.mtime** - Last modification time | | -| | **file_events.mtime** - Last modification time | | -| | **gatekeeper_approved_apps.mtime** - Last modification time | | -| | **process_events.mtime** - File modification in UNIX time | | -| | **quicklook_cache.mtime** - Parsed version date field | | -| | **registry.mtime** - timestamp of the most recent registry write | | -| **mtu** | **interface_details.mtu** - Network MTU | keyword, number.long | -| | **lxd_networks.mtu** - MTU size | | -| | **routes.mtu** - Maximum Transmission Unit for the route | | -| **name** | **acpi_tables.name** - ACPI table name | keyword, text.text | -| | **ad_config.name** - The OS X-specific configuration name | | -| | **apparmor_events.name** - Process name | | -| | **apparmor_profiles.name** - Policy name. | | -| | **apps.name** - Name of the Name.app folder | | -| | **apt_sources.name** - Repository name | | -| | **atom_packages.name** - Package display name | | -| | **autoexec.name** - Name of the program | | -| | **azure_instance_metadata.name** - Name of the VM | | -| | **block_devices.name** - Block device name | | -| | **browser_plugins.name** - Plugin display name | | -| | **chocolatey_packages.name** - Package display name | | -| | **chrome_extensions.name** - Extension display name | | -| | **cups_destinations.name** - Name of the printer | | -| | **deb_packages.name** - Package name | | -| | **disk_encryption.name** - Disk name | | -| | **disk_events.name** - Disk event name | | -| | **disk_info.name** - The label of the disk object. | | -| | **dns_cache.name** - DNS record name | | -| | **docker_container_mounts.name** - Optional mount name | | -| | **docker_container_networks.name** - Network name | | -| | **docker_container_processes.name** - The process path or shorthand argv[0] | | -| | **docker_container_stats.name** - Container name | | -| | **docker_containers.name** - Container name | | -| | **docker_info.name** - Name of the docker host | | -| | **docker_networks.name** - Network name | | -| | **docker_volume_labels.name** - Volume name | | -| | **docker_volumes.name** - Volume name | | -| | **elf_sections.name** - Section name | | -| | **elf_segments.name** - Segment type/name | | -| | **elf_symbols.name** - Symbol name | | -| | **etc_protocols.name** - Protocol name | | -| | **etc_services.name** - Service name | | -| | **example.name** - Description for name column | | -| | **fan_speed_sensors.name** - Fan name | | -| | **fbsd_kmods.name** - Module name | | -| | **firefox_addons.name** - Addon display name | | -| | **homebrew_packages.name** - Package name | | -| | **ie_extensions.name** - Extension display name | | -| | **iokit_devicetree.name** - Device node name | | -| | **iokit_registry.name** - Default name of the node | | -| | **kernel_extensions.name** - Extension label | | -| | **kernel_modules.name** - Module name | | -| | **kernel_panics.name** - Process name corresponding to crashed thread | | -| | **launchd.name** - File name of plist (used by launchd) | | -| | **lxd_certificates.name** - Name of the certificate | | -| | **lxd_instance_config.name** - Instance name | | -| | **lxd_instance_devices.name** - Instance name | | -| | **lxd_instances.name** - Instance name | | -| | **lxd_networks.name** - Name of the network | | -| | **lxd_storage_pools.name** - Name of the storage pool | | -| | **managed_policies.name** - Policy key name | | -| | **md_personalities.name** - Name of personality supported by kernel | | -| | **memory_map.name** - Region name | | -| | **npm_packages.name** - Package display name | | -| | **ntdomains.name** - The label by which the object is known. | | -| | **nvram.name** - Variable name | | -| | **os_version.name** - Distribution or product name | | -| | **osquery_events.name** - Event publisher or subscriber name | | -| | **osquery_extensions.name** - Extension's name | | -| | **osquery_flags.name** - Flag name | | -| | **osquery_packs.name** - The given name for this query pack | | -| | **osquery_registry.name** - Name of the plugin item | | -| | **osquery_schedule.name** - The given name for this query | | -| | **package_install_history.name** - Package display name | | -| | **physical_disk_performance.name** - Name of the physical disk | | -| | **pipes.name** - Name of the pipe | | -| | **pkg_packages.name** - Package name | | -| | **power_sensors.name** - Name of power source | | -| | **processes.name** - The process path or shorthand argv[0] | | -| | **programs.name** - Commonly used product name. | | -| | **python_packages.name** - Package display name | | -| | **registry.name** - Name of the registry value entry | | -| | **rpm_packages.name** - RPM package name | | -| | **safari_extensions.name** - Extension display name | | -| | **scheduled_tasks.name** - Name of the scheduled task | | -| | **services.name** - Service name | | -| | **shared_folders.name** - The shared name of the folder as it appears to other users | | -| | **shared_resources.name** - Alias given to a path set up as a share on a computer system running Windows. | | -| | **startup_items.name** - Name of startup item | | -| | **system_controls.name** - Full sysctl MIB name | | -| | **temperature_sensors.name** - Name of temperature source | | -| | **windows_firewall_rules.name** - Friendly name of the rule | | -| | **windows_optional_features.name** - Name of the feature | | -| | **windows_security_products.name** - Name of product | | -| | **wmi_bios_info.name** - Name of the Bios setting | | -| | **wmi_cli_event_consumers.name** - Unique name of a consumer. | | -| | **wmi_event_filters.name** - Unique identifier of an event filter. | | -| | **wmi_script_event_consumers.name** - Unique identifier for the event consumer. | | -| | **xprotect_entries.name** - Description of XProtected malware | | -| | **xprotect_reports.name** - Description of XProtected malware | | -| | **ycloud_instance_metadata.name** - Name of the VM | | -| | **yum_sources.name** - Repository name | | -| **name_constraints** | **curl_certificate.name_constraints** - Name Constraints | keyword, text.text | -| **namespace** | **apparmor_events.namespace** - AppArmor namespace | keyword, text.text | -| **native** | **browser_plugins.native** - Plugin requires native execution | keyword, number.long | -| | **firefox_addons.native** - 1 If the addon includes binary components else 0 | | -| **net_namespace** | **docker_containers.net_namespace** - Network namespace | keyword, text.text | -| | **listening_ports.net_namespace** - The inode number of the network namespace | | -| | **process_namespaces.net_namespace** - net namespace inode | | -| | **process_open_sockets.net_namespace** - The inode number of the network namespace | | -| **netmask** | **dns_resolvers.netmask** - Address (sortlist) netmask length | keyword, text.text | -| | **routes.netmask** - Netmask length | | -| **network_id** | **docker_container_networks.network_id** - Network ID | keyword, text.text | -| **network_name** | **wifi_networks.network_name** - Name of the network | keyword, text.text | -| | **wifi_status.network_name** - Name of the network | | -| | **wifi_survey.network_name** - Name of the network | | -| **network_rx_bytes** | **docker_container_stats.network_rx_bytes** - Total network bytes read | keyword, number.long | -| **network_tx_bytes** | **docker_container_stats.network_tx_bytes** - Total network bytes transmitted | keyword, number.long | -| **next_run_time** | **scheduled_tasks.next_run_time** - Timestamp the task is scheduled to run next | keyword, number.long | -| **nice** | **cpu_time.nice** - Time spent in user mode with low priority (nice) | keyword, number.long | -| | **docker_container_processes.nice** - Process nice level (-20 to 20, default 0) | | -| | **processes.nice** - Process nice level (-20 to 20, default 0) | | -| **no_proxy** | **docker_info.no_proxy** - Comma-separated list of domain extensions proxy should not be used for | keyword, text.text | -| **node** | **augeas.node** - The node path of the configuration item | keyword, text.text | -| **node_ref_number** | **ntfs_journal_events.node_ref_number** - The ordinal that associates a journal record with a filename | keyword, text.text | -| **noise** | **wifi_status.noise** - The current noise measurement (dBm) | keyword, number.long | -| | **wifi_survey.noise** - The current noise measurement (dBm) | | -| **not_valid_after** | **certificates.not_valid_after** - Certificate expiration data | keyword, text.text | -| **not_valid_before** | **certificates.not_valid_before** - Lower bound of valid date | keyword, text.text | -| **nr_raid_disks** | **md_devices.nr_raid_disks** - Number of partitions or disk devices to comprise the array | keyword, number.long | -| **ntime** | **bpf_process_events.ntime** - The nsecs uptime timestamp as obtained from BPF | keyword, text.text | -| | **bpf_socket_events.ntime** - The nsecs uptime timestamp as obtained from BPF | | -| **num_procs** | **docker_container_stats.num_procs** - Number of processors | keyword, number.long | -| **number** | **etc_protocols.number** - Protocol number | keyword, number.long | -| | **oem_strings.number** - The string index of the structure | | -| | **smbios_tables.number** - Table entry number | | -| **number_memory_devices** | **memory_arrays.number_memory_devices** - Number of memory devices on array | keyword, number.long | -| **number_of_cores** | **cpu_info.number_of_cores** - The number of cores of the CPU. | keyword, text.text | -| **object_name** | **winbaseobj.object_name** - Object Name | keyword, text.text | -| **object_path** | **systemd_units.object_path** - The object path for this unit | keyword, text.text | -| **object_type** | **winbaseobj.object_type** - Object Type | keyword, text.text | -| **obytes** | **interface_details.obytes** - Output bytes | keyword, number.long | -| **odrops** | **interface_details.odrops** - Output drops | keyword, number.long | -| **oerrors** | **interface_details.oerrors** - Output errors | keyword, number.long | -| **offer** | **azure_instance_metadata.offer** - Offer information for the VM image (Azure image gallery VMs only) | keyword, text.text | -| **offset** | **device_partitions.offset** - | keyword, number.long | -| | **elf_sections.offset** - Offset of section in file | | -| | **elf_segments.offset** - Segment offset in file | | -| | **elf_symbols.offset** - Section table index | | -| | **process_memory_map.offset** - Offset into mapped path | | -| **oid** | **system_controls.oid** - Control MIB | keyword, text.text | -| **old_path** | **ntfs_journal_events.old_path** - Old path (renames only) | keyword, text.text | -| **on_demand** | **launchd.on_demand** - Deprecated key, replaced by keep_alive | keyword, text.text | -| **on_disk** | **processes.on_disk** - The process path exists yes=1, no=0, unknown=-1 | keyword, number.long | -| **online_cpus** | **docker_container_stats.online_cpus** - Online CPUs | keyword, number.long | -| **oom_kill_disable** | **docker_info.oom_kill_disable** - 1 if Out-of-memory kill is disabled. 0 otherwise | keyword, number.long | -| **opackets** | **interface_details.opackets** - Output packets | keyword, number.long | -| **opaque_version** | **gatekeeper.opaque_version** - Version of Gatekeeper's gkopaque.bundle | keyword, text.text | -| **operation** | **apparmor_events.operation** - Permission requested by the process | keyword, text.text | -| | **process_file_events.operation** - Operation type | | -| **option** | **ad_config.option** - Canonical name of option | keyword, text.text | -| | **ssh_configs.option** - The option and value | | -| **option_name** | **cups_destinations.option_name** - Option name | keyword, text.text | -| **option_value** | **cups_destinations.option_value** - Option value | keyword, text.text | -| **optional** | **xprotect_entries.optional** - Match any of the identities/patterns for this XProtect name | keyword, number.long | -| **optional_permissions** | **chrome_extensions.optional_permissions** - The permissions optionally required by the extensions | keyword, text.text | -| **optional_permissions_json** | **chrome_extensions.optional_permissions_json** - The JSON-encoded permissions optionally required by the extensions | keyword, text.text | -| **options** | **dns_resolvers.options** - Resolver options | keyword | -| | **nfs_shares.options** - Options string set on the export share | | -| **organization** | **curl_certificate.organization** - Organization issued to | keyword, text.text | -| **organization_unit** | **curl_certificate.organization_unit** - Organization unit issued to | keyword, text.text | -| **original_parent** | **es_process_events.original_parent** - Original parent process ID in case of reparenting | keyword, number.long | -| **original_program_name** | **authenticode.original_program_name** - The original program name that the publisher has signed | keyword, text.text | -| **os** | **docker_info.os** - Operating system | keyword, text.text | -| | **docker_version.os** - Operating system | | -| | **lxd_images.os** - OS on which image is based | | -| | **lxd_instances.os** - The OS of this instance | | -| **os_type** | **azure_instance_metadata.os_type** - Linux or Windows | keyword, text.text | -| | **docker_info.os_type** - Operating system type | | -| **os_version** | **kernel_panics.os_version** - Version of the operating system | keyword, text.text | -| **other** | **md_devices.other** - Other information associated with array from /proc/mdstat | keyword, text.text | -| **other_run_times** | **prefetch.other_run_times** - Other execution times in prefetch file. | keyword, text.text | -| **ouid** | **apparmor_events.ouid** - Object owner's user ID | keyword, number.long | -| **outiface** | **iptables.outiface** - Output interface for the rule. | keyword, text.text | -| **outiface_mask** | **iptables.outiface_mask** - Output interface mask for the rule. | keyword, text.text | -| **output_bit** | **cpuid.output_bit** - Bit in register value for feature value | keyword, number.long | -| **output_register** | **cpuid.output_register** - Register used to for feature value | keyword, text.text | -| **output_size** | **osquery_schedule.output_size** - Cumulative total number of bytes generated by the resultant rows of the query | keyword, number.long | -| **overflows** | **process_events.overflows** - List of structures that overflowed | keyword, text.text | -| **owned** | **tpm_info.owned** - TPM is ownned | keyword, number.long | -| **owner_gid** | **process_events.owner_gid** - File owner group ID | keyword, number.long | -| **owner_uid** | **process_events.owner_uid** - File owner user ID | keyword, number.long | -| | **shared_memory.owner_uid** - User ID of owning process | | -| **owner_uuid** | **osquery_registry.owner_uuid** - Extension route UUID (0 for core) | keyword, number.long | -| **package** | **portage_keywords.package** - Package name | keyword, text.text | -| | **portage_packages.package** - Package name | | -| | **portage_use.package** - Package name | | -| | **rpm_package_files.package** - RPM package name | | -| **package_filename** | **package_receipts.package_filename** - Filename of original .pkg file | keyword, text.text | -| **package_group** | **rpm_packages.package_group** - Package group | keyword, text.text | -| **package_id** | **package_install_history.package_id** - Label packageIdentifiers | keyword, text.text | -| | **package_receipts.package_id** - Package domain identifier | | -| **packet_device_type** | **smart_drive_info.packet_device_type** - Packet device type | keyword, text.text | -| **packets** | **iptables.packets** - Number of matching packets for this rule. | keyword, number.long | -| **packets_received** | **lxd_networks.packets_received** - Number of packets received on this network | keyword, number.long | -| **packets_sent** | **lxd_networks.packets_sent** - Number of packets sent on this network | keyword, number.long | -| **page_ins** | **virtual_memory_info.page_ins** - The total number of requests for pages from a pager. | keyword, number.long | -| **page_outs** | **virtual_memory_info.page_outs** - Total number of pages paged out. | keyword, number.long | -| **parent** | **apparmor_events.parent** - Parent process PID | keyword | -| | **block_devices.parent** - Block device parent name | | -| | **bpf_process_events.parent** - Parent process ID | | -| | **bpf_socket_events.parent** - Parent process ID | | -| | **crashes.parent** - Parent PID of the crashed process | | -| | **docker_container_processes.parent** - Process parent's PID | | -| | **es_process_events.parent** - Parent process ID | | -| | **iokit_devicetree.parent** - Parent device registry ID | | -| | **iokit_registry.parent** - Parent registry ID | | -| | **process_events.parent** - Process parent's PID, or -1 if cannot be determined. | | -| | **processes.parent** - Process parent's PID | | -| **parent_ref_number** | **ntfs_journal_events.parent_ref_number** - The ordinal that associates a journal record with a filename's parent directory | keyword, text.text | -| **part_number** | **memory_devices.part_number** - Manufacturer specific serial number of memory device | keyword, text.text | -| **partial** | **ntfs_journal_events.partial** - Set to 1 if either path or old_path only contains the file or folder name | keyword | -| | **process_file_events.partial** - True if this is a partial event (i.e.: this process existed before we started osquery) | | -| **partition** | **device_file.partition** - A partition number | keyword, text.text | -| | **device_hash.partition** - A partition number | | -| | **device_partitions.partition** - A partition number or description | | -| **partition_row_position** | **memory_device_mapped_addresses.partition_row_position** - Identifies the position of the referenced memory device in a row of the address partition | keyword, number.long | -| **partition_width** | **memory_array_mapped_addresses.partition_width** - Number of memory devices that form a single row of memory for the address partition of this structure | keyword, number.long | -| **partitions** | **disk_info.partitions** - Number of detected partitions on disk. | keyword, number.long | -| **partner_fd** | **process_open_pipes.partner_fd** - File descriptor of shared pipe at partner's end | keyword, number.long | -| **partner_mode** | **process_open_pipes.partner_mode** - Mode of shared pipe at partner's end | keyword, text.text | -| **partner_pid** | **process_open_pipes.partner_pid** - Process ID of partner process sharing a particular pipe | keyword, number.long | -| **passpoint** | **wifi_networks.passpoint** - 1 if Passpoint is supported, 0 otherwise | keyword, number.long | -| **password_last_set_time** | **account_policy_data.password_last_set_time** - The time the password was last changed | keyword, number.double | -| **password_status** | **shadow.password_status** - Password status | keyword, text.text | -| **patch** | **os_version.patch** - Optional patch release | keyword, number.long | -| **path** | **alf_exceptions.path** - Path to the executable that is excepted | keyword, text.text | -| | **apparmor_profiles.path** - Unique, aa-status compatible, policy identifier. | | -| | **appcompat_shims.path** - This is the path to the SDB database. | | -| | **apps.path** - Absolute and full Name.app path | | -| | **atom_packages.path** - Package's package.json path | | -| | **augeas.path** - The path to the configuration file | | -| | **authenticode.path** - Must provide a path or directory | | -| | **autoexec.path** - Path to the executable | | -| | **background_activities_moderator.path** - Application file path. | | -| | **bpf_process_events.path** - Binary path | | -| | **bpf_socket_events.path** - Path of executed file | | -| | **browser_plugins.path** - Path to plugin bundle | | -| | **carves.path** - The path of the requested carve | | -| | **certificates.path** - Path to Keychain or PEM bundle | | -| | **chocolatey_packages.path** - Path at which this package resides | | -| | **chrome_extension_content_scripts.path** - Path to extension folder | | -| | **chrome_extensions.path** - Path to extension folder | | -| | **crashes.path** - Path to the crashed process | | -| | **crontab.path** - File parsed | | -| | **device_file.path** - A logical path within the device node | | -| | **disk_events.path** - Path of the DMG file accessed | | -| | **docker_container_fs_changes.path** - FIle or directory path relative to rootfs | | -| | **docker_containers.path** - Container path | | -| | **elf_dynamic.path** - Path to ELF file | | -| | **elf_info.path** - Path to ELF file | | -| | **elf_sections.path** - Path to ELF file | | -| | **elf_segments.path** - Path to ELF file | | -| | **elf_symbols.path** - Path to ELF file | | -| | **es_process_events.path** - Path of executed file | | -| | **example.path** - Path of example | | -| | **extended_attributes.path** - Absolute file path | | -| | **file.path** - Absolute file path | | -| | **firefox_addons.path** - Path to plugin bundle | | -| | **gatekeeper_approved_apps.path** - Path of executable allowed to run | | -| | **hardware_events.path** - Local device path assigned (optional) | | -| | **hash.path** - Must provide a path or directory | | -| | **homebrew_packages.path** - Package install path | | -| | **ie_extensions.path** - Path to executable | | -| | **kernel_extensions.path** - Optional path to extension bundle | | -| | **kernel_info.path** - Kernel path | | -| | **kernel_panics.path** - Location of log file | | -| | **keychain_acls.path** - The path of the authorized application | | -| | **keychain_items.path** - Path to keychain containing item | | -| | **launchd.path** - Path to daemon or agent plist | | -| | **launchd_overrides.path** - Path to daemon or agent plist | | -| | **listening_ports.path** - Path for UNIX domain sockets | | -| | **magic.path** - Absolute path to target file | | -| | **mdfind.path** - Path of the file returned from spotlight | | -| | **mdls.path** - Path of the file | | -| | **mounts.path** - Mounted device path | | -| | **npm_packages.path** - Module's package.json path | | -| | **ntfs_acl_permissions.path** - Path to the file or directory. | | -| | **ntfs_journal_events.path** - Path | | -| | **office_mru.path** - File path | | -| | **osquery_extensions.path** - Path of the extension's Thrift connection or library path | | -| | **package_bom.path** - Path of package bom | | -| | **package_receipts.path** - Path of receipt plist | | -| | **plist.path** - (required) read preferences from a plist | | -| | **prefetch.path** - Prefetch file path. | | -| | **process_events.path** - Path of executed file | | -| | **process_file_events.path** - The path associated with the event | | -| | **process_memory_map.path** - Path to mapped file or mapped type | | -| | **process_open_files.path** - Filesystem path of descriptor | | -| | **process_open_sockets.path** - For UNIX sockets (family=AF_UNIX), the domain path | | -| | **processes.path** - Path to executed binary | | -| | **python_packages.path** - Path at which this module resides | | -| | **quicklook_cache.path** - Path of file | | -| | **registry.path** - Full path to the value | | -| | **rpm_package_files.path** - File path within the package | | -| | **safari_extensions.path** - Path to extension XAR bundle | | -| | **sandboxes.path** - Path to sandbox container directory | | -| | **scheduled_tasks.path** - Path to the executable to be run | | -| | **services.path** - Path to Service Executable | | -| | **shared_folders.path** - Absolute path of shared folder on the local system | | -| | **shared_resources.path** - Local path of the Windows share. | | -| | **shellbags.path** - Directory name. | | -| | **shimcache.path** - This is the path to the executed file. | | -| | **shortcut_files.path** - Directory name. | | -| | **signature.path** - Must provide a path or directory | | -| | **socket_events.path** - Path of executed file | | -| | **startup_items.path** - Path of startup item | | -| | **suid_bin.path** - Binary path | | -| | **system_extensions.path** - Original path of system extension | | -| | **user_events.path** - Supplied path from event | | -| | **user_ssh_keys.path** - Path to key file | | -| | **userassist.path** - Application file path. | | -| | **windows_crashes.path** - Path of the executable file for the crashed process | | -| | **yara.path** - The path scanned | | -| **pci_class** | **pci_devices.pci_class** - PCI Device class | keyword, text.text | -| **pci_class_id** | **pci_devices.pci_class_id** - PCI Device class ID in hex format | keyword, text.text | -| **pci_slot** | **interface_details.pci_slot** - PCI slot number | keyword, text.text | -| | **pci_devices.pci_slot** - PCI Device used slot | | -| **pci_subclass** | **pci_devices.pci_subclass** - PCI Device subclass | keyword, text.text | -| **pci_subclass_id** | **pci_devices.pci_subclass_id** - PCI Device subclass in hex format | keyword, text.text | -| **pem** | **curl_certificate.pem** - Certificate PEM format | keyword, text.text | -| **percent_disk_read_time** | **physical_disk_performance.percent_disk_read_time** - Percentage of elapsed time that the selected disk drive is busy servicing read requests | keyword, number.long | -| **percent_disk_time** | **physical_disk_performance.percent_disk_time** - Percentage of elapsed time that the selected disk drive is busy servicing read or write requests | keyword, number.long | -| **percent_disk_write_time** | **physical_disk_performance.percent_disk_write_time** - Percentage of elapsed time that the selected disk drive is busy servicing write requests | keyword, number.long | -| **percent_idle_time** | **physical_disk_performance.percent_idle_time** - Percentage of time during the sample interval that the disk was idle | keyword, number.long | -| **percent_processor_time** | **processes.percent_processor_time** - Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks. | keyword, number.long | -| **percent_remaining** | **battery.percent_remaining** - The percentage of battery remaining before it is drained | keyword, number.long | -| **percentage_encrypted** | **bitlocker_info.percentage_encrypted** - The percentage of the drive that is encrypted. | keyword, number.long | -| **perf_ctl** | **msr.perf_ctl** - Performance setting for the processor. | keyword, number.long | -| **perf_status** | **msr.perf_status** - Performance status for the processor. | keyword, number.long | -| **period** | **load_average.period** - Period over which the average is calculated. | keyword, text.text | -| **permanent** | **arp_cache.permanent** - 1 for true, 0 for false | keyword, text.text | -| **permissions** | **chrome_extensions.permissions** - The permissions required by the extension | keyword, text.text | -| | **process_memory_map.permissions** - r=read, w=write, x=execute, p=private (cow) | | -| | **shared_memory.permissions** - Memory segment permissions | | -| | **suid_bin.permissions** - Binary permissions | | -| **permissions_json** | **chrome_extensions.permissions_json** - The JSON-encoded permissions required by the extension | keyword, text.text | -| **persistent** | **chrome_extensions.persistent** - 1 If extension is persistent across all tabs else 0 | keyword, number.long | -| **persistent_volume_id** | **bitlocker_info.persistent_volume_id** - Persistent ID of the drive. | keyword, text.text | -| **pgroup** | **docker_container_processes.pgroup** - Process group | keyword, number.long | -| | **processes.pgroup** - Process group | | -| **physical_adapter** | **interface_details.physical_adapter** - Indicates whether the adapter is a physical or a logical adapter. | keyword, number.long | -| **physical_memory** | **system_info.physical_memory** - Total physical memory in bytes | keyword, number.long | -| **physical_presence_version** | **tpm_info.physical_presence_version** - Version of the Physical Presence Interface | keyword, text.text | -| **pid** | **apparmor_events.pid** - Process ID | keyword, number.long | -| | **asl.pid** - Sending process ID encoded as a string. Set automatically. | | -| | **bpf_process_events.pid** - Process ID | | -| | **bpf_socket_events.pid** - Process ID | | -| | **crashes.pid** - Process (or thread) ID of the crashed process | | -| | **docker_container_processes.pid** - Process ID | | -| | **docker_containers.pid** - Identifier of the initial process | | -| | **es_process_events.pid** - Process (or thread) ID | | -| | **last.pid** - Process (or thread) ID | | -| | **listening_ports.pid** - Process (or thread) ID | | -| | **logged_in_users.pid** - Process (or thread) ID | | -| | **lxd_instances.pid** - Instance's process ID | | -| | **osquery_info.pid** - Process (or thread/handle) ID | | -| | **pipes.pid** - Process ID of the process to which the pipe belongs | | -| | **process_envs.pid** - Process (or thread) ID | | -| | **process_events.pid** - Process (or thread) ID | | -| | **process_file_events.pid** - Process ID | | -| | **process_memory_map.pid** - Process (or thread) ID | | -| | **process_namespaces.pid** - Process (or thread) ID | | -| | **process_open_files.pid** - Process (or thread) ID | | -| | **process_open_pipes.pid** - Process ID | | -| | **process_open_sockets.pid** - Process (or thread) ID | | -| | **processes.pid** - Process (or thread) ID | | -| | **running_apps.pid** - The pid of the application | | -| | **seccomp_events.pid** - Process ID | | -| | **services.pid** - the Process ID of the service | | -| | **shared_memory.pid** - Process ID to last use the segment | | -| | **socket_events.pid** - Process (or thread) ID | | -| | **user_events.pid** - Process (or thread) ID | | -| | **windows_crashes.pid** - Process ID of the crashed process | | -| | **windows_eventlog.pid** - Process ID which emitted the event record | | -| **pid_namespace** | **docker_containers.pid_namespace** - PID namespace | keyword, text.text | -| | **process_namespaces.pid_namespace** - pid namespace inode | | -| **pid_with_namespace** | **apt_sources.pid_with_namespace** - Pids that contain a namespace | keyword, number.long | -| | **authorized_keys.pid_with_namespace** - Pids that contain a namespace | | -| | **crontab.pid_with_namespace** - Pids that contain a namespace | | -| | **deb_packages.pid_with_namespace** - Pids that contain a namespace | | -| | **dns_resolvers.pid_with_namespace** - Pids that contain a namespace | | -| | **etc_hosts.pid_with_namespace** - Pids that contain a namespace | | -| | **file.pid_with_namespace** - Pids that contain a namespace | | -| | **groups.pid_with_namespace** - Pids that contain a namespace | | -| | **hash.pid_with_namespace** - Pids that contain a namespace | | -| | **npm_packages.pid_with_namespace** - Pids that contain a namespace | | -| | **os_version.pid_with_namespace** - Pids that contain a namespace | | -| | **python_packages.pid_with_namespace** - Pids that contain a namespace | | -| | **rpm_packages.pid_with_namespace** - Pids that contain a namespace | | -| | **suid_bin.pid_with_namespace** - Pids that contain a namespace | | -| | **user_ssh_keys.pid_with_namespace** - Pids that contain a namespace | | -| | **users.pid_with_namespace** - Pids that contain a namespace | | -| | **yum_sources.pid_with_namespace** - Pids that contain a namespace | | -| **pids** | **docker_container_stats.pids** - Number of processes | keyword | -| | **lldp_neighbors.pids** - Comma delimited list of PIDs | | -| **placement_group_id** | **azure_instance_metadata.placement_group_id** - Placement group for the VM scale set | keyword, text.text | -| **platform** | **os_version.platform** - OS Platform or ID | keyword, text.text | -| | **osquery_packs.platform** - Platforms this query is supported on | | -| **platform_binary** | **es_process_events.platform_binary** - Indicates if the binary is Apple signed binary (1) or not (0) | keyword, number.long | -| **platform_fault_domain** | **azure_instance_metadata.platform_fault_domain** - Fault domain the VM is running in | keyword, text.text | -| **platform_info** | **msr.platform_info** - Platform information. | keyword, number.long | -| **platform_like** | **os_version.platform_like** - Closely related platforms | keyword, text.text | -| **platform_mask** | **osquery_info.platform_mask** - The osquery platform bitmask | keyword, number.long | -| **platform_update_domain** | **azure_instance_metadata.platform_update_domain** - Update domain the VM is running in | keyword, text.text | -| **plugin** | **authorization_mechanisms.plugin** - Authorization plugin name | keyword, text.text | -| **pnp_device_id** | **disk_info.pnp_device_id** - The unique identifier of the drive on the system. | keyword, text.text | -| **point_to_point** | **interface_addresses.point_to_point** - PtP address for the interface | keyword, text.text | -| **points** | **example.points** - This is a signed SQLite int column | keyword, number.long | -| **policies** | **curl_certificate.policies** - Certificate Policies | keyword, text.text | -| **policy** | **iptables.policy** - Policy that applies for this rule. | keyword, text.text | -| **policy_constraints** | **curl_certificate.policy_constraints** - Policy Constraints | keyword, text.text | -| **policy_mappings** | **curl_certificate.policy_mappings** - Policy Mappings | keyword, text.text | -| **port** | **docker_container_ports.port** - Port inside the container | keyword, number.long | -| | **etc_services.port** - Service port number | | -| | **listening_ports.port** - Transport layer port | | -| **port_aggregation_id** | **lldp_neighbors.port_aggregation_id** - Port aggregation ID | keyword, text.text | -| **port_autoneg_1000baset_fd_enabled** | **lldp_neighbors.port_autoneg_1000baset_fd_enabled** - 1000Base-T FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_1000baset_hd_enabled** | **lldp_neighbors.port_autoneg_1000baset_hd_enabled** - 1000Base-T HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_1000basex_fd_enabled** | **lldp_neighbors.port_autoneg_1000basex_fd_enabled** - 1000Base-X FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_1000basex_hd_enabled** | **lldp_neighbors.port_autoneg_1000basex_hd_enabled** - 1000Base-X HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100baset2_fd_enabled** | **lldp_neighbors.port_autoneg_100baset2_fd_enabled** - 100Base-T2 FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100baset2_hd_enabled** | **lldp_neighbors.port_autoneg_100baset2_hd_enabled** - 100Base-T2 HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100baset4_fd_enabled** | **lldp_neighbors.port_autoneg_100baset4_fd_enabled** - 100Base-T4 FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100baset4_hd_enabled** | **lldp_neighbors.port_autoneg_100baset4_hd_enabled** - 100Base-T4 HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100basetx_fd_enabled** | **lldp_neighbors.port_autoneg_100basetx_fd_enabled** - 100Base-TX FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_100basetx_hd_enabled** | **lldp_neighbors.port_autoneg_100basetx_hd_enabled** - 100Base-TX HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_10baset_fd_enabled** | **lldp_neighbors.port_autoneg_10baset_fd_enabled** - 10Base-T FD auto negotiation enabled | keyword, number.long | -| **port_autoneg_10baset_hd_enabled** | **lldp_neighbors.port_autoneg_10baset_hd_enabled** - 10Base-T HD auto negotiation enabled | keyword, number.long | -| **port_autoneg_enabled** | **lldp_neighbors.port_autoneg_enabled** - Is auto negotiation enabled | keyword, number.long | -| **port_autoneg_supported** | **lldp_neighbors.port_autoneg_supported** - Auto negotiation supported | keyword, number.long | -| **port_description** | **lldp_neighbors.port_description** - Port description | keyword, text.text | -| **port_id** | **lldp_neighbors.port_id** - Port ID value | keyword, text.text | -| **port_id_type** | **lldp_neighbors.port_id_type** - Port ID type | keyword, text.text | -| **port_mau_type** | **lldp_neighbors.port_mau_type** - MAU type | keyword, text.text | -| **port_mfs** | **lldp_neighbors.port_mfs** - Port max frame size | keyword, number.long | -| **port_ttl** | **lldp_neighbors.port_ttl** - Age of neighbor port | keyword, number.long | -| **possibly_hidden** | **wifi_networks.possibly_hidden** - 1 if network is possibly a hidden network, 0 otherwise | keyword, number.long | -| **power_8023at_enabled** | **lldp_neighbors.power_8023at_enabled** - Is 802.3at enabled | keyword, number.long | -| **power_8023at_power_allocated** | **lldp_neighbors.power_8023at_power_allocated** - 802.3at power allocated | keyword, text.text | -| **power_8023at_power_priority** | **lldp_neighbors.power_8023at_power_priority** - 802.3at power priority | keyword, text.text | -| **power_8023at_power_requested** | **lldp_neighbors.power_8023at_power_requested** - 802.3at power requested | keyword, text.text | -| **power_8023at_power_source** | **lldp_neighbors.power_8023at_power_source** - 802.3at power source | keyword, text.text | -| **power_8023at_power_type** | **lldp_neighbors.power_8023at_power_type** - 802.3at power type | keyword, text.text | -| **power_class** | **lldp_neighbors.power_class** - Power class | keyword, text.text | -| **power_device_type** | **lldp_neighbors.power_device_type** - Dot3 power device type | keyword, text.text | -| **power_mdi_enabled** | **lldp_neighbors.power_mdi_enabled** - Is MDI power enabled | keyword, number.long | -| **power_mdi_supported** | **lldp_neighbors.power_mdi_supported** - MDI power supported | keyword, number.long | -| **power_mode** | **smart_drive_info.power_mode** - Device power mode | keyword, text.text | -| **power_paircontrol_enabled** | **lldp_neighbors.power_paircontrol_enabled** - Is power pair control enabled | keyword, number.long | -| **power_pairs** | **lldp_neighbors.power_pairs** - Dot3 power pairs | keyword, text.text | -| **ppid** | **process_file_events.ppid** - Parent process ID | keyword, number.long | -| **ppvids_enabled** | **lldp_neighbors.ppvids_enabled** - Comma delimited list of enabled PPVIDs | keyword, text.text | -| **ppvids_supported** | **lldp_neighbors.ppvids_supported** - Comma delimited list of supported PPVIDs | keyword, text.text | -| **pre_cpu_kernelmode_usage** | **docker_container_stats.pre_cpu_kernelmode_usage** - Last read CPU kernel mode usage | keyword, number.long | -| **pre_cpu_total_usage** | **docker_container_stats.pre_cpu_total_usage** - Last read total CPU usage | keyword, number.long | -| **pre_cpu_usermode_usage** | **docker_container_stats.pre_cpu_usermode_usage** - Last read CPU user mode usage | keyword, number.long | -| **pre_online_cpus** | **docker_container_stats.pre_online_cpus** - Last read online CPUs | keyword, number.long | -| **pre_system_cpu_usage** | **docker_container_stats.pre_system_cpu_usage** - Last read CPU system usage | keyword, number.long | -| **prefix** | **homebrew_packages.prefix** - Homebrew install prefix | keyword, text.text | -| **preread** | **docker_container_stats.preread** - UNIX time when stats were last read | keyword, number.long | -| **principal** | **ntfs_acl_permissions.principal** - User or group to which the ACE applies. | keyword, text.text | -| **printer_sharing** | **sharing_preferences.printer_sharing** - 1 If printer sharing is enabled else 0 | keyword, number.long | -| **priority** | **deb_packages.priority** - Package priority | keyword, text.text | -| **privileged** | **authorization_mechanisms.privileged** - If privileged it will run as root, else as an anonymous user | keyword, text.text | -| | **docker_containers.privileged** - Is the container privileged | | -| **probe_error** | **bpf_process_events.probe_error** - Set to 1 if one or more buffers could not be captured | keyword, number.long | -| | **bpf_socket_events.probe_error** - Set to 1 if one or more buffers could not be captured | | -| **process** | **alf_explicit_auths.process** - Process name explicitly allowed | keyword, text.text | -| **process_being_tapped** | **event_taps.process_being_tapped** - The process ID of the target application | keyword, number.long | -| **process_type** | **launchd.process_type** - Key describes the intended purpose of the job | keyword, text.text | -| **process_uptime** | **windows_crashes.process_uptime** - Uptime of the process in seconds | keyword, number.long | -| **processes** | **lxd_instances.processes** - Number of processes running inside this instance | keyword, number.long | -| **processing_time** | **cups_jobs.processing_time** - How long the job took to process | keyword, number.long | -| **processor_number** | **msr.processor_number** - The processor number as reported in /proc/cpuinfo | keyword, number.long | -| **processor_type** | **cpu_info.processor_type** - The processor type, such as Central, Math, or Video. | keyword, text.text | -| **product_name** | **tpm_info.product_name** - Product name of the TPM | keyword, text.text | -| **product_version** | **file.product_version** - File product version | keyword, text.text | -| **profile** | **apparmor_events.profile** - Apparmor profile name | keyword, text.text | -| | **chrome_extensions.profile** - The name of the Chrome profile that contains this extension | | -| **profile_domain** | **windows_firewall_rules.profile_domain** - 1 if the rule profile type is domain | keyword, number.long | -| **profile_path** | **chrome_extension_content_scripts.profile_path** - The profile path | keyword, text.text | -| | **chrome_extensions.profile_path** - The profile path | | -| | **logon_sessions.profile_path** - The home directory for the logon session. | | -| **profile_private** | **windows_firewall_rules.profile_private** - 1 if the rule profile type is private | keyword, number.long | -| **profile_public** | **windows_firewall_rules.profile_public** - 1 if the rule profile type is public | keyword, number.long | -| **program** | **launchd.program** - Path to target program | keyword, text.text | -| **program_arguments** | **launchd.program_arguments** - Command line arguments passed to program | keyword, text.text | -| **propagation** | **docker_container_mounts.propagation** - Mount propagation | keyword, text.text | -| **protected** | **app_schemes.protected** - 1 if this handler is protected (reserved) by OS X, else 0 | keyword, number.long | -| **protection_disabled** | **carbon_black_info.protection_disabled** - If the sensor is configured to report tamper events | keyword, number.long | -| **protection_status** | **bitlocker_info.protection_status** - The bitlocker protection status of the drive. | keyword, number.long | -| **protection_type** | **processes.protection_type** - The protection type of the process | keyword, text.text | -| **protocol** | **bpf_socket_events.protocol** - The network protocol ID | keyword | -| | **etc_services.protocol** - Transport protocol (TCP/UDP) | | -| | **iptables.protocol** - Protocol number identification. | | -| | **listening_ports.protocol** - Transport protocol (TCP/UDP) | | -| | **process_open_sockets.protocol** - Transport protocol (TCP/UDP) | | -| | **socket_events.protocol** - The network protocol ID | | -| | **usb_devices.protocol** - USB Device protocol | | -| | **windows_firewall_rules.protocol** - IP protocol of the rule | | -| **provider** | **drivers.provider** - Driver provider | keyword, text.text | -| **provider_guid** | **windows_eventlog.provider_guid** - Provider guid of the event | keyword, text.text | -| | **windows_events.provider_guid** - Provider guid of the event | | -| **provider_name** | **windows_eventlog.provider_name** - Provider name of the event | keyword, text.text | -| | **windows_events.provider_name** - Provider name of the event | | -| **pseudo** | **process_memory_map.pseudo** - 1 If path is a pseudo path, else 0 | keyword, number.long | -| **psize** | **elf_segments.psize** - Size of segment in file | keyword, number.long | -| **public** | **lxd_images.public** - Whether image is public (1) or not (0) | keyword, number.long | -| **publisher** | **azure_instance_metadata.publisher** - Publisher of the VM image | keyword, text.text | -| | **osquery_events.publisher** - Name of the associated publisher | | -| | **programs.publisher** - Name of the product supplier. | | -| **purgeable** | **virtual_memory_info.purgeable** - Total number of purgeable pages. | keyword, number.long | -| **purged** | **virtual_memory_info.purged** - Total number of purged pages. | keyword, number.long | -| **pvid** | **lldp_neighbors.pvid** - Primary VLAN id | keyword, text.text | -| **query** | **mdfind.query** - The query that was run to find the file | keyword, text.text | -| | **osquery_schedule.query** - The exact query to run | | -| | **wmi_event_filters.query** - Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification. | | -| **query_language** | **wmi_event_filters.query_language** - Query language that the query is written in. | keyword, text.text | -| **queue_directories** | **launchd.queue_directories** - Similar to watch_paths but only with non-empty directories | keyword, text.text | -| **raid_disks** | **md_devices.raid_disks** - Number of configured RAID disks in array | keyword, number.long | -| **raid_level** | **md_devices.raid_level** - Current raid level of the array | keyword, number.long | -| **rapl_energy_status** | **msr.rapl_energy_status** - Run Time Average Power Limiting energy status. | keyword, number.long | -| **rapl_power_limit** | **msr.rapl_power_limit** - Run Time Average Power Limiting power limit. | keyword, number.long | -| **rapl_power_units** | **msr.rapl_power_units** - Run Time Average Power Limiting power units. | keyword, number.long | -| **reactivated** | **virtual_memory_info.reactivated** - Total number of reactivated pages. | keyword, number.long | -| **read** | **docker_container_stats.read** - UNIX time when stats were read | keyword, number.long | -| **read_device_identity_failure** | **smart_drive_info.read_device_identity_failure** - Error string for device id read, if any | keyword, text.text | -| **readonly** | **nfs_shares.readonly** - 1 if the share is exported readonly else 0 | keyword, number.long | -| **readonly_rootfs** | **docker_containers.readonly_rootfs** - Is the root filesystem mounted as read only | keyword, number.long | -| **record_timestamp** | **ntfs_journal_events.record_timestamp** - Journal record timestamp | keyword, text.text | -| **record_usn** | **ntfs_journal_events.record_usn** - The update sequence number that identifies the journal record | keyword, text.text | -| **recovery_finish** | **md_devices.recovery_finish** - Estimated duration of recovery activity | keyword, text.text | -| **recovery_progress** | **md_devices.recovery_progress** - Progress of the recovery activity | keyword, text.text | -| **recovery_speed** | **md_devices.recovery_speed** - Speed of recovery activity | keyword, text.text | -| **redirect_accept** | **interface_ipv6.redirect_accept** - Accept ICMP redirect messages | keyword, number.long | -| **ref_pid** | **asl.ref_pid** - Reference PID for messages proxied by launchd | keyword, number.long | -| **ref_proc** | **asl.ref_proc** - Reference process for messages proxied by launchd | keyword, text.text | -| **referenced** | **chrome_extension_content_scripts.referenced** - 1 if this extension is referenced by the Preferences file of the profile | keyword, number.long | -| | **chrome_extensions.referenced** - 1 if this extension is referenced by the Preferences file of the profile | | -| **referenced_identifier** | **chrome_extensions.referenced_identifier** - Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile. | keyword, text.text | -| **refreshes** | **osquery_events.refreshes** - Publisher only: number of runloop restarts | keyword, number.long | -| **refs** | **fbsd_kmods.refs** - Module reverse dependencies | keyword, number.long | -| | **kernel_extensions.refs** - Reference count | | -| **region** | **ec2_instance_metadata.region** - AWS region in which this instance launched | keyword, text.text | -| **registers** | **crashes.registers** - The value of the system registers | keyword, text.text | -| | **kernel_panics.registers** - A space delimited line of register:value pairs | | -| | **windows_crashes.registers** - The values of the system registers | | -| **registry** | **osquery_registry.registry** - Name of the osquery registry | keyword, text.text | -| **registry_hive** | **logged_in_users.registry_hive** - HKEY_USERS registry hive | keyword, text.text | -| **registry_path** | **ie_extensions.registry_path** - Extension identifier | keyword, text.text | -| **relative_path** | **shortcut_files.relative_path** - Relative path to target file from lnk file. | keyword, text.text | -| | **wmi_cli_event_consumers.relative_path** - Relative path to the class or instance. | | -| | **wmi_event_filters.relative_path** - Relative path to the class or instance. | | -| | **wmi_filter_consumer_binding.relative_path** - Relative path to the class or instance. | | -| | **wmi_script_event_consumers.relative_path** - Relative path to the class or instance. | | -| **release** | **apt_sources.release** - Release name | keyword, text.text | -| | **lxd_images.release** - OS release version on which the image is based | | -| | **rpm_packages.release** - Package release | | -| **remediation_path** | **windows_security_products.remediation_path** - Remediation path | keyword, text.text | -| **remote_address** | **bpf_socket_events.remote_address** - Remote address associated with socket | keyword, text.text | -| | **process_open_sockets.remote_address** - Socket remote address | | -| | **socket_events.remote_address** - Remote address associated with socket | | -| **remote_addresses** | **windows_firewall_rules.remote_addresses** - Remote addresses for the rule | keyword, text.text | -| **remote_apple_events** | **sharing_preferences.remote_apple_events** - 1 If remote apple events are enabled else 0 | keyword, number.long | -| **remote_login** | **sharing_preferences.remote_login** - 1 If remote login is enabled else 0 | keyword, number.long | -| **remote_management** | **sharing_preferences.remote_management** - 1 If remote management is enabled else 0 | keyword, number.long | -| **remote_port** | **bpf_socket_events.remote_port** - Remote network protocol port number | keyword, number.long | -| | **process_open_sockets.remote_port** - Socket remote port | | -| | **socket_events.remote_port** - Remote network protocol port number | | -| **remote_ports** | **windows_firewall_rules.remote_ports** - Remote ports for the rule | keyword, text.text | -| **removable** | **usb_devices.removable** - 1 If USB device is removable else 0 | keyword, number.long | -| **repository** | **portage_packages.repository** - From which repository the ebuild was used | keyword, text.text | -| **request_id** | **carves.request_id** - Identifying value of the carve request (e.g., scheduled query name, distributed request, etc) | keyword, text.text | -| **requested_mask** | **apparmor_events.requested_mask** - Requested access mask | keyword, text.text | -| **requirement** | **gatekeeper_approved_apps.requirement** - Code signing requirement language | keyword, text.text | -| **reservation_id** | **ec2_instance_metadata.reservation_id** - ID of the reservation | keyword, text.text | -| **reshape_finish** | **md_devices.reshape_finish** - Estimated duration of reshape activity | keyword, text.text | -| **reshape_progress** | **md_devices.reshape_progress** - Progress of the reshape activity | keyword, text.text | -| **reshape_speed** | **md_devices.reshape_speed** - Speed of reshape activity | keyword, text.text | -| **resident_size** | **docker_container_processes.resident_size** - Bytes of private memory used by process | keyword, number.long | -| | **processes.resident_size** - Bytes of private memory used by process | | -| **resource_group_name** | **azure_instance_metadata.resource_group_name** - Resource group for the VM | keyword, text.text | -| **response_code** | **curl.response_code** - The HTTP status code for the response | keyword, number.long | -| **responsible** | **crashes.responsible** - Process responsible for the crashed process | keyword, text.text | -| **result** | **authenticode.result** - The signature check result | keyword, text.text | -| | **curl.result** - The HTTP response body | | -| **resync_finish** | **md_devices.resync_finish** - Estimated duration of resync activity | keyword, text.text | -| **resync_progress** | **md_devices.resync_progress** - Progress of the resync activity | keyword, text.text | -| **resync_speed** | **md_devices.resync_speed** - Speed of resync activity | keyword, text.text | -| **retain_count** | **iokit_devicetree.retain_count** - The device reference count | keyword, number.long | -| | **iokit_registry.retain_count** - The node reference count | | -| **revision** | **deb_packages.revision** - Package revision | keyword, text.text | -| | **hardware_events.revision** - Device revision (optional) | | -| | **platform_info.revision** - BIOS major and minor revision | | -| **rid** | **lldp_neighbors.rid** - Neighbor chassis index | keyword, number.long | -| **roaming** | **wifi_networks.roaming** - 1 if roaming is supported, 0 otherwise | keyword, number.long | -| **roaming_profile** | **wifi_networks.roaming_profile** - Describe the roaming profile, usually one of Single, Dual or Multi | keyword, text.text | -| **root** | **processes.root** - Process virtual root directory | keyword, text.text | -| **root_dir** | **docker_info.root_dir** - Docker root directory | keyword, text.text | -| **root_directory** | **launchd.root_directory** - Key used to specify a directory to chroot to before launch | keyword, text.text | -| **root_volume_uuid** | **time_machine_destinations.root_volume_uuid** - Root UUID of backup volume | keyword, text.text | -| **rotation_rate** | **smart_drive_info.rotation_rate** - Drive RPM | keyword, text.text | -| **round_trip_time** | **curl.round_trip_time** - Time taken to complete the request | keyword, number.long | -| **rowid** | **quicklook_cache.rowid** - Quicklook file rowid key | keyword, number.long | -| **rssi** | **wifi_status.rssi** - The current received signal strength indication (dbm) | keyword, number.long | -| | **wifi_survey.rssi** - The current received signal strength indication (dbm) | | -| **rtadv_accept** | **interface_ipv6.rtadv_accept** - Accept ICMP Router Advertisement | keyword, number.long | -| **rule_details** | **sudoers.rule_details** - Rule definition | keyword, text.text | -| **run_at_load** | **launchd.run_at_load** - Should the program run on launch load | keyword, text.text | -| **run_count** | **prefetch.run_count** - Number of times the application has been run. | keyword, number.long | -| **rw** | **docker_container_mounts.rw** - 1 if read/write. 0 otherwise | keyword, number.long | -| **sata_version** | **smart_drive_info.sata_version** - SATA version, if any | keyword, text.text | -| **scheme** | **app_schemes.scheme** - Name of the scheme/protocol | keyword, text.text | -| **scope** | **selinux_settings.scope** - Where the key is located inside the SELinuxFS mount point. | keyword, text.text | -| **screen_sharing** | **sharing_preferences.screen_sharing** - 1 If screen sharing is enabled else 0 | keyword, number.long | -| **script** | **chrome_extension_content_scripts.script** - The content script used by the extension | keyword, text.text | -| **script_block_count** | **powershell_events.script_block_count** - The total number of script blocks for this script | keyword, number.long | -| **script_block_id** | **powershell_events.script_block_id** - The unique GUID of the powershell script to which this block belongs | keyword, text.text | -| **script_file_name** | **wmi_script_event_consumers.script_file_name** - Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property. | keyword, text.text | -| **script_name** | **powershell_events.script_name** - The name of the Powershell script | keyword, text.text | -| **script_path** | **powershell_events.script_path** - The path for the Powershell script | keyword, text.text | -| **script_text** | **powershell_events.script_text** - The text content of the Powershell script | keyword, text.text | -| | **wmi_script_event_consumers.script_text** - Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL. | | -| **scripting_engine** | **wmi_script_event_consumers.scripting_engine** - Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL. | keyword, text.text | -| **sdb_id** | **appcompat_shims.sdb_id** - Unique GUID of the SDB. | keyword, text.text | -| **sdk** | **browser_plugins.sdk** - Build SDK used to compile plugin | keyword, text.text | -| | **safari_extensions.sdk** - Bundle SDK used to compile extension | | -| **sdk_version** | **osquery_extensions.sdk_version** - osquery SDK version used to build the extension | keyword, text.text | -| **seconds** | **time.seconds** - Current seconds in UTC | keyword, number.long | -| | **uptime.seconds** - Seconds of uptime | | -| **section** | **deb_packages.section** - Package section | keyword, text.text | -| **sector_sizes** | **smart_drive_info.sector_sizes** - Bytes of drive sector sizes | keyword, text.text | -| **secure_boot** | **secureboot.secure_boot** - Whether secure boot is enabled | keyword, number.long | -| **secure_process** | **processes.secure_process** - Process is secure (IUM) yes=1, no=0 | keyword, number.long | -| **security_breach** | **chassis_info.security_breach** - The physical status of the chassis such as Breach Successful, Breach Attempted, etc. | keyword, text.text | -| **security_groups** | **ec2_instance_metadata.security_groups** - Comma separated list of security group names | keyword, text.text | -| **security_options** | **docker_containers.security_options** - List of container security options | keyword, text.text | -| **security_type** | **wifi_networks.security_type** - Type of security on this network | keyword, text.text | -| | **wifi_status.security_type** - Type of security on this network | | -| **self_signed** | **certificates.self_signed** - 1 if self-signed, else 0 | keyword, number.long | -| **sender** | **asl.sender** - Sender's identification string. Default is process name. | keyword, text.text | -| **sensor_backend_server** | **carbon_black_info.sensor_backend_server** - Carbon Black server | keyword, text.text | -| **sensor_id** | **carbon_black_info.sensor_id** - Sensor ID of the Carbon Black sensor | keyword, number.long | -| **sensor_ip_addr** | **carbon_black_info.sensor_ip_addr** - IP address of the sensor | keyword, text.text | -| **seq_num** | **es_process_events.seq_num** - Per event sequence number | keyword, number.long | -| **serial** | **certificates.serial** - Certificate serial number | keyword, text.text | -| | **chassis_info.serial** - The serial number of the chassis. | | -| | **disk_info.serial** - The serial number of the disk. | | -| | **hardware_events.serial** - Device serial (optional) | | -| | **usb_devices.serial** - USB Device serial connection | | -| **serial_number** | **authenticode.serial_number** - The certificate serial number | keyword, text.text | -| | **battery.serial_number** - The battery's unique serial number | | -| | **curl_certificate.serial_number** - Certificate serial number | | -| | **memory_devices.serial_number** - Serial number of memory device | | -| | **smart_drive_info.serial_number** - Device serial number | | -| **serial_port_enabled** | **ycloud_instance_metadata.serial_port_enabled** - Indicates if serial port is enabled for the VM | keyword, text.text | -| **series** | **video_info.series** - The series of the gpu. | keyword, text.text | -| **server_name** | **lxd_cluster.server_name** - Name of the LXD server node | keyword, text.text | -| | **lxd_cluster_members.server_name** - Name of the LXD server node | | -| **server_version** | **docker_info.server_version** - Server version | keyword, text.text | -| **service** | **drivers.service** - Driver service name, if one exists | keyword, text.text | -| | **interface_details.service** - The name of the service the network adapter uses. | | -| | **iokit_devicetree.service** - 1 if the device conforms to IOService else 0 | | -| **service_exit_code** | **services.service_exit_code** - The service-specific error code that the service returns when an error occurs while the service is starting or stopping | keyword, number.long | -| **service_key** | **drivers.service_key** - Driver service registry key | keyword, text.text | -| **service_name** | **windows_firewall_rules.service_name** - Service name property of the application | keyword, text.text | -| **service_type** | **services.service_type** - Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop) | keyword, text.text | -| **ses** | **seccomp_events.ses** - Session ID of the session from which the analyzed process was invoked | keyword, number.long | -| **session_id** | **logon_sessions.session_id** - The Terminal Services session identifier. | keyword, number.long | -| | **winbaseobj.session_id** - Terminal Services Session Id | | -| **session_owner** | **authorizations.session_owner** - Label top-level key | keyword, text.text | -| **set** | **memory_devices.set** - Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation. | keyword, number.long | -| **setup_mode** | **secureboot.setup_mode** - Whether setup mode is enabled | keyword, number.long | -| **severity** | **syslog_events.severity** - Syslog severity | keyword, number.long | -| **sgid** | **docker_container_processes.sgid** - Saved group ID | keyword | -| | **process_events.sgid** - Saved group ID at process start | | -| | **process_file_events.sgid** - Saved group ID of the process using the file | | -| | **processes.sgid** - Unsigned saved group ID | | -| **sha1** | **apparmor_profiles.sha1** - A unique hash that identifies this policy. | keyword, text.text | -| | **certificates.sha1** - SHA1 hash of the raw certificate contents | | -| | **device_hash.sha1** - SHA1 hash of provided inode data | | -| | **file_events.sha1** - The SHA1 of the file after change | | -| | **hash.sha1** - SHA1 hash of provided filesystem data | | -| | **rpm_packages.sha1** - SHA1 hash of the package contents | | -| **sha1_fingerprint** | **curl_certificate.sha1_fingerprint** - SHA1 fingerprint | keyword, text.text | -| **sha256** | **carves.sha256** - A SHA256 sum of the carved archive | keyword, text.text | -| | **device_hash.sha256** - SHA256 hash of provided inode data | | -| | **file_events.sha256** - The SHA256 of the file after change | | -| | **hash.sha256** - SHA256 hash of provided filesystem data | | -| | **rpm_package_files.sha256** - SHA256 file digest from RPM info DB | | -| **sha256_fingerprint** | **curl_certificate.sha256_fingerprint** - SHA-256 fingerprint | keyword, text.text | -| **shard** | **osquery_packs.shard** - Shard restriction limit, 1-100, 0 meaning no restriction | keyword, number.long | -| **share** | **nfs_shares.share** - Filesystem path to the share | keyword, text.text | -| **share_name** | **shortcut_files.share_name** - Share name of the target file. | keyword, text.text | -| **shared** | **authorizations.shared** - Label top-level key | keyword, text.text | -| **shell** | **users.shell** - User's configured default shell | keyword, text.text | -| **shell_only** | **osquery_flags.shell_only** - Is the flag shell only? | keyword, number.long | -| **shmid** | **shared_memory.shmid** - Shared memory segment ID | keyword, number.long | -| **sid** | **background_activities_moderator.sid** - User SID. | keyword, text.text | -| | **certificates.sid** - SID | | -| | **logged_in_users.sid** - The user's unique security identifier | | -| | **office_mru.sid** - User SID | | -| | **shellbags.sid** - User SID | | -| | **userassist.sid** - User SID. | | -| **sig** | **seccomp_events.sig** - Signal value sent to process by seccomp | keyword, number.long | -| **sig_group** | **yara.sig_group** - Signature group used | keyword, text.text | -| **sigfile** | **yara.sigfile** - Signature file used | keyword, text.text | -| **signature** | **curl_certificate.signature** - Signature | keyword, text.text | -| **signature_algorithm** | **curl_certificate.signature_algorithm** - Signature Algorithm | keyword, text.text | -| **signatures_up_to_date** | **windows_security_products.signatures_up_to_date** - 1 if product signatures are up to date, else 0 | keyword, number.long | -| **signed** | **drivers.signed** - Whether the driver is signed or not | keyword, number.long | -| | **signature.signed** - 1 If the file is signed else 0 | | -| **signing_algorithm** | **certificates.signing_algorithm** - Signing algorithm used | keyword, text.text | -| **signing_id** | **es_process_events.signing_id** - Signature identifier of the process | keyword, text.text | -| **sigrule** | **yara.sigrule** - Signature strings used | keyword, text.text | -| **sigurl** | **yara.sigurl** - Signature url | keyword, text.text | -| **size** | **acpi_tables.size** - Size of compiled table data | keyword | -| | **block_devices.size** - Block device size in blocks | | -| | **carves.size** - Size of the carved archive | | -| | **cups_jobs.size** - The size of the print job | | -| | **deb_packages.size** - Package size in bytes | | -| | **device_file.size** - Size of file in bytes | | -| | **disk_events.size** - Size of partition in bytes | | -| | **docker_image_history.size** - Size of instruction in bytes | | -| | **elf_sections.size** - Size of section | | -| | **elf_symbols.size** - Size of object | | -| | **example.size** - This is a signed SQLite bigint column | | -| | **fbsd_kmods.size** - Size of module content | | -| | **file.size** - Size of file in bytes | | -| | **file_events.size** - Size of file in bytes | | -| | **kernel_extensions.size** - Bytes of wired memory used by extension | | -| | **kernel_modules.size** - Size of module content | | -| | **logical_drives.size** - The total amount of space, in bytes, of the drive (-1 on failure). | | -| | **lxd_images.size** - Size of image in bytes | | -| | **lxd_storage_pools.size** - Size of the storage pool | | -| | **md_devices.size** - size of the array in blocks | | -| | **memory_devices.size** - Size of memory device in Megabyte | | -| | **package_bom.size** - Expected file size | | -| | **platform_info.size** - Size in bytes of firmware | | -| | **portage_packages.size** - The size of the package | | -| | **prefetch.size** - Application file size. | | -| | **quicklook_cache.size** - Parsed version size field | | -| | **rpm_package_files.size** - Expected file size in bytes from RPM info DB | | -| | **rpm_packages.size** - Package size in bytes | | -| | **shared_memory.size** - Size in bytes | | -| | **smbios_tables.size** - Table entry size in bytes | | -| | **smc_keys.size** - Reported size of data in bytes | | -| **size_bytes** | **docker_images.size_bytes** - Size of image in bytes | keyword, number.long | -| **sku** | **azure_instance_metadata.sku** - SKU for the VM image | keyword, text.text | -| | **chassis_info.sku** - The Stock Keeping Unit number if available. | | -| **slot** | **md_drives.slot** - Slot position of disk | keyword | -| | **portage_packages.slot** - The slot used by package | | -| **smart_enabled** | **smart_drive_info.smart_enabled** - SMART enabled status | keyword, text.text | -| **smart_supported** | **smart_drive_info.smart_supported** - SMART support status | keyword, text.text | -| **smbios_tag** | **chassis_info.smbios_tag** - The assigned asset tag number of the chassis. | keyword, text.text | -| **socket** | **listening_ports.socket** - Socket handle or inode number | keyword | -| | **process_open_sockets.socket** - Socket handle or inode number | | -| | **socket_events.socket** - The local path (UNIX domain socket only) | | -| **socket_designation** | **cpu_info.socket_designation** - The assigned socket on the board for the given CPU. | keyword, text.text | -| **soft_limit** | **ulimit_info.soft_limit** - Current limit value | keyword, text.text | -| **softirq** | **cpu_time.softirq** - Time spent servicing softirqs | keyword, number.long | -| **source** | **apt_sources.source** - Source file | keyword, text.text | -| | **autoexec.source** - Source table of the autoexec item | | -| | **deb_packages.source** - Package source | | -| | **docker_container_mounts.source** - Source path on host | | -| | **lxd_storage_pools.source** - Storage pool source | | -| | **package_install_history.source** - Install source: usually the installer process name | | -| | **routes.source** - Route source | | -| | **rpm_packages.source** - Source RPM package name (optional) | | -| | **shellbags.source** - Shellbags source Registry file | | -| | **startup_items.source** - Directory or plist containing startup item | | -| | **sudoers.source** - Source file containing the given rule | | -| | **windows_events.source** - Source or channel of the event | | -| **source_path** | **systemd_units.source_path** - Path to the (possibly generated) unit configuration file | keyword, text.text | -| **source_url** | **firefox_addons.source_url** - URL that installed the addon | keyword, text.text | -| **space_total** | **lxd_storage_pools.space_total** - Total available storage space in bytes for this storage pool | keyword, number.long | -| **space_used** | **lxd_storage_pools.space_used** - Storage space used in bytes | keyword, number.long | -| **spare_disks** | **md_devices.spare_disks** - Number of idle disks in array | keyword, number.long | -| **spec_version** | **tpm_info.spec_version** - Trusted Computing Group specification that the TPM supports | keyword, text.text | -| **speculative** | **virtual_memory_info.speculative** - Total number of speculative pages. | keyword, number.long | -| **speed** | **interface_details.speed** - Estimate of the current bandwidth in bits per second. | keyword, number.long | -| **src_ip** | **iptables.src_ip** - Source IP address. | keyword, text.text | -| **src_mask** | **iptables.src_mask** - Source IP address mask. | keyword, text.text | -| **src_port** | **iptables.src_port** - Protocol source port(s). | keyword, text.text | -| **ssdeep** | **hash.ssdeep** - ssdeep hash of provided filesystem data | keyword, text.text | -| **ssh_config_file** | **ssh_configs.ssh_config_file** - Path to the ssh_config file | keyword, text.text | -| **ssh_public_key** | **ec2_instance_metadata.ssh_public_key** - SSH public key. Only available if supplied at instance launch time | keyword, text.text | -| | **ycloud_instance_metadata.ssh_public_key** - SSH public key. Only available if supplied at instance launch time | | -| **ssid** | **wifi_networks.ssid** - SSID octets of the network | keyword, text.text | -| | **wifi_status.ssid** - SSID octets of the network | | -| | **wifi_survey.ssid** - SSID octets of the network | | -| **stack_trace** | **crashes.stack_trace** - Most recent frame from the stack trace | keyword, text.text | -| | **windows_crashes.stack_trace** - Multiple stack frames from the stack trace | | -| **start** | **memory_map.start** - Start address of memory region | keyword, text.text | -| | **process_memory_map.start** - Virtual start address (hex) | | -| **start_interval** | **launchd.start_interval** - Frequency to run in seconds | keyword, text.text | -| **start_on_mount** | **launchd.start_on_mount** - Run daemon or agent every time a filesystem is mounted | keyword, text.text | -| **start_time** | **docker_container_processes.start_time** - Process start in seconds since boot (non-sleeping) | keyword, number.long | -| | **osquery_info.start_time** - UNIX time in seconds when the process started | | -| | **processes.start_time** - Process start time in seconds since Epoch, in case of error -1 | | -| **start_type** | **services.start_type** - Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED | keyword, text.text | -| **started_at** | **docker_containers.started_at** - Container start time as string | keyword, text.text | -| **starting_address** | **memory_array_mapped_addresses.starting_address** - Physical stating address, in kilobytes, of a range of memory mapped to physical memory array | keyword, text.text | -| | **memory_device_mapped_addresses.starting_address** - Physical stating address, in kilobytes, of a range of memory mapped to physical memory array | | -| **state** | **alf_exceptions.state** - Firewall exception state | keyword | -| | **battery.state** - One of the following: "AC Power" indicates the battery is connected to an external power source, "Battery Power" indicates that the battery is drawing internal power, "Off Line" indicates the battery is off-line or no longer connected | | -| | **chrome_extensions.state** - 1 if this extension is enabled | | -| | **docker_container_processes.state** - Process state | | -| | **docker_containers.state** - Container state (created, restarting, running, removing, paused, exited, dead) | | -| | **lxd_networks.state** - Network status | | -| | **md_drives.state** - State of the drive | | -| | **process_open_sockets.state** - TCP socket state | | -| | **processes.state** - Process state | | -| | **scheduled_tasks.state** - State of the scheduled task | | -| | **system_extensions.state** - System extension state | | -| | **windows_optional_features.state** - Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent | | -| | **windows_security_products.state** - State of protection | | -| **state_timestamp** | **windows_security_products.state_timestamp** - Timestamp for the product state | keyword, text.text | -| **stateful** | **lxd_instances.stateful** - Whether the instance is stateful(1) or not(0) | keyword, number.long | -| **statename** | **windows_optional_features.statename** - Installation state name. 'Enabled','Disabled','Absent' | keyword, text.text | -| **status** | **carves.status** - Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED | keyword, text.text | -| | **chassis_info.status** - If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail. | | -| | **deb_packages.status** - Package status | | -| | **docker_containers.status** - Container status information | | -| | **kernel_modules.status** - Kernel module status | | -| | **lxd_cluster_members.status** - Status of the node (Online/Offline) | | -| | **lxd_instances.status** - Instance state (running, stopped, etc.) | | -| | **md_devices.status** - Current state of the array | | -| | **ntdomains.status** - The current status of the domain object. | | -| | **process_events.status** - OpenBSM Attribute: Status of the process | | -| | **services.status** - Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED | | -| | **shared_memory.status** - Destination/attach status | | -| | **shared_resources.status** - String that indicates the current status of the object. | | -| | **socket_events.status** - Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket) | | -| | **startup_items.status** - Startup status; either enabled or disabled | | -| **stderr_path** | **launchd.stderr_path** - Pipe stderr to a target path | keyword, text.text | -| **stdout_path** | **launchd.stdout_path** - Pipe stdout to a target path | keyword, text.text | -| **steal** | **cpu_time.steal** - Time spent in other operating systems when running in a virtualized environment | keyword, number.long | -| **stealth_enabled** | **alf.stealth_enabled** - 1 If stealth mode is enabled else 0 | keyword, number.long | -| **stibp_support_enabled** | **kva_speculative_info.stibp_support_enabled** - Windows uses STIBP. | keyword, number.long | -| **storage_driver** | **docker_info.storage_driver** - Storage driver | keyword, text.text | -| **store** | **certificates.store** - Certificate system store | keyword, text.text | -| **store_id** | **certificates.store_id** - Exists for service/user stores. Contains raw store id provided by WinAPI. | keyword, text.text | -| **store_location** | **certificates.store_location** - Certificate system store location | keyword, text.text | -| **strings** | **yara.strings** - Matching strings | keyword, text.text | -| | **yara_events.strings** - Matching strings | | -| **sub_state** | **systemd_units.sub_state** - The low-level unit activation state, values depend on unit type | keyword, text.text | -| **subclass** | **usb_devices.subclass** - USB Device subclass | keyword, text.text | -| **subject** | **certificates.subject** - Certificate distinguished name | keyword, text.text | -| **subject_alternative_names** | **curl_certificate.subject_alternative_names** - Subject Alternative Name | keyword, text.text | -| **subject_info_access** | **curl_certificate.subject_info_access** - Subject Information Access | keyword, text.text | -| **subject_key_id** | **certificates.subject_key_id** - SKID an optionally included SHA1 | keyword, text.text | -| **subject_key_identifier** | **curl_certificate.subject_key_identifier** - Subject Key Identifier | keyword, text.text | -| **subject_name** | **authenticode.subject_name** - The certificate subject name | keyword, text.text | -| **subkey** | **plist.subkey** - Intermediate key path, includes lists/dicts | keyword, text.text | -| | **preferences.subkey** - Intemediate key path, includes lists/dicts | | -| **subnet** | **docker_networks.subnet** - Network subnet | keyword, text.text | -| **subscription_id** | **azure_instance_metadata.subscription_id** - Azure subscription for the VM | keyword, text.text | -| **subscriptions** | **osquery_events.subscriptions** - Number of subscriptions the publisher received or subscriber used | keyword, number.long | -| **subsystem** | **system_controls.subsystem** - Subsystem ID, control type | keyword, text.text | -| **subsystem_model** | **pci_devices.subsystem_model** - Device description of PCI device subsystem | keyword, text.text | -| **subsystem_model_id** | **pci_devices.subsystem_model_id** - Model ID of PCI device subsystem | keyword, text.text | -| **subsystem_vendor** | **pci_devices.subsystem_vendor** - Vendor of PCI device subsystem | keyword, text.text | -| **subsystem_vendor_id** | **pci_devices.subsystem_vendor_id** - Vendor ID of PCI device subsystem | keyword, text.text | -| **success** | **socket_events.success** - Deprecated. Use the 'status' column instead | keyword, number.long | -| **suid** | **docker_container_processes.suid** - Saved user ID | keyword | -| | **process_events.suid** - Saved user ID at process start | | -| | **process_file_events.suid** - Saved user ID of the process using the file | | -| | **processes.suid** - Unsigned saved user ID | | -| **summary** | **chocolatey_packages.summary** - Package-supplied summary | keyword, text.text | -| | **python_packages.summary** - Package-supplied summary | | -| **superblock_state** | **md_devices.superblock_state** - State of the superblock | keyword, text.text | -| **superblock_update_time** | **md_devices.superblock_update_time** - Unix timestamp of last update | keyword, number.long | -| **superblock_version** | **md_devices.superblock_version** - Version of the superblock | keyword, text.text | -| **swap_cached** | **memory_info.swap_cached** - The amount of swap, in bytes, used as cache memory | keyword, number.long | -| **swap_free** | **memory_info.swap_free** - The total amount of swap free, in bytes | keyword, number.long | -| **swap_ins** | **virtual_memory_info.swap_ins** - The total number of compressed pages that have been swapped out to disk. | keyword, number.long | -| **swap_limit** | **docker_info.swap_limit** - 1 if swap limit support is enabled. 0 otherwise | keyword, number.long | -| **swap_outs** | **virtual_memory_info.swap_outs** - The total number of compressed pages that have been swapped back in from disk. | keyword, number.long | -| **swap_total** | **memory_info.swap_total** - The total amount of swap available, in bytes | keyword, number.long | -| **symlink** | **file.symlink** - 1 if the path is a symlink, otherwise 0 | keyword, number.long | -| **syscall** | **bpf_process_events.syscall** - System call name | keyword, text.text | -| | **bpf_socket_events.syscall** - System call name | | -| | **process_events.syscall** - Syscall name: fork, vfork, clone, execve, execveat | | -| | **seccomp_events.syscall** - Type of the system call | | -| **system** | **cpu_time.system** - Time spent in system mode | keyword, number.long | -| **system_cpu_usage** | **docker_container_stats.system_cpu_usage** - CPU system usage | keyword, number.long | -| **system_model** | **kernel_panics.system_model** - Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)' | keyword, text.text | -| **system_time** | **osquery_schedule.system_time** - Total system time in milliseconds spent executing | keyword, number.long | -| | **processes.system_time** - CPU time in milliseconds spent in kernel space | | -| **table** | **elf_symbols.table** - Table name containing symbol | keyword, text.text | -| **tag** | **elf_dynamic.tag** - Tag ID | keyword | -| | **syslog_events.tag** - The syslog tag | | -| **tags** | **docker_image_history.tags** - Comma-separated list of tags | keyword, text.text | -| | **docker_images.tags** - Comma-separated list of repository tags | | -| | **yara.tags** - Matching tags | | -| | **yara_events.tags** - Matching tags | | -| **tapping_process** | **event_taps.tapping_process** - The process ID of the application that created the event tap. | keyword, number.long | -| **target** | **fan_speed_sensors.target** - Target speed | keyword | -| | **iptables.target** - Target that applies for this rule. | | -| **target_accessed** | **shortcut_files.target_accessed** - Target Accessed time. | keyword, number.long | -| **target_created** | **shortcut_files.target_created** - Target Created time. | keyword, number.long | -| **target_modified** | **shortcut_files.target_modified** - Target Modified time. | keyword, number.long | -| **target_name** | **prometheus_metrics.target_name** - Address of prometheus target | keyword, text.text | -| **target_path** | **file_events.target_path** - The path associated with the event | keyword, text.text | -| | **shortcut_files.target_path** - Target file path | | -| | **yara_events.target_path** - The path scanned | | -| **target_size** | **shortcut_files.target_size** - Size of target file. | keyword, number.long | -| **task** | **windows_eventlog.task** - Task value associated with the event | keyword, number.long | -| | **windows_events.task** - Task value associated with the event | | -| **team** | **system_extensions.team** - Signing team ID | keyword, text.text | -| **team_id** | **es_process_events.team_id** - Team identifier of thd process | keyword, text.text | -| **team_identifier** | **signature.team_identifier** - The team signing identifier sealed into the signature | keyword, text.text | -| **temporarily_disabled** | **wifi_networks.temporarily_disabled** - 1 if this network is temporarily disabled, 0 otherwise | keyword, number.long | -| **terminal** | **user_events.terminal** - The network protocol ID | keyword, text.text | -| **threads** | **docker_container_processes.threads** - Number of threads used by process | keyword, number.long | -| | **processes.threads** - Number of threads used by process | | -| **throttled** | **virtual_memory_info.throttled** - Total number of throttled pages. | keyword, number.long | -| **tid** | **bpf_process_events.tid** - Thread ID | keyword, number.long | -| | **bpf_socket_events.tid** - Thread ID | | -| | **windows_crashes.tid** - Thread ID of the crashed thread | | -| | **windows_eventlog.tid** - Thread ID which emitted the event record | | -| **time** | **apparmor_events.time** - Time of execution in UNIX time | keyword | -| | **asl.time** - Unix timestamp. Set automatically | | -| | **bpf_process_events.time** - Time of execution in UNIX time | | -| | **bpf_socket_events.time** - Time of execution in UNIX time | | -| | **carves.time** - Time at which the carve was kicked off | | -| | **disk_events.time** - Time of appearance/disappearance in UNIX time | | -| | **docker_container_processes.time** - Cumulative CPU time. [DD-]HH:MM:SS format | | -| | **es_process_events.time** - Time of execution in UNIX time | | -| | **file_events.time** - Time of file event | | -| | **hardware_events.time** - Time of hardware event | | -| | **kernel_panics.time** - Formatted time of the event | | -| | **last.time** - Entry timestamp | | -| | **logged_in_users.time** - Time entry was made | | -| | **ntfs_journal_events.time** - Time of file event | | -| | **package_install_history.time** - Label date as UNIX timestamp | | -| | **powershell_events.time** - Timestamp the event was received by the osquery event publisher | | -| | **process_events.time** - Time of execution in UNIX time | | -| | **process_file_events.time** - Time of execution in UNIX time | | -| | **seccomp_events.time** - Time of execution in UNIX time | | -| | **selinux_events.time** - Time of execution in UNIX time | | -| | **shell_history.time** - Entry timestamp. It could be absent, default value is 0. | | -| | **socket_events.time** - Time of execution in UNIX time | | -| | **syslog_events.time** - Current unix epoch time | | -| | **user_events.time** - Time of execution in UNIX time | | -| | **user_interaction_events.time** - Time | | -| | **windows_events.time** - Timestamp the event was received | | -| | **xprotect_reports.time** - Quarantine alert time | | -| | **yara_events.time** - Time of the scan | | -| **time_nano_sec** | **asl.time_nano_sec** - Nanosecond time. | keyword, number.long | -| **time_range** | **windows_eventlog.time_range** - System time to selectively filter the events | keyword, text.text | -| **timeout** | **authorizations.timeout** - Label top-level key | keyword, text.text | -| | **curl_certificate.timeout** - Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout) | | -| **timestamp** | **time.timestamp** - Current timestamp (log format) in UTC | keyword, text.text | -| | **windows_eventlog.timestamp** - Timestamp to selectively filter the events | | -| **timestamp_ms** | **prometheus_metrics.timestamp_ms** - Unix timestamp of collected data in MS | keyword, number.long | -| **timezone** | **time.timezone** - Timezone for reported time (hardcoded to UTC) | keyword, text.text | -| **title** | **cups_jobs.title** - Title of the printed job | keyword, text.text | -| **total_seconds** | **uptime.total_seconds** - Total uptime seconds | keyword, number.long | -| **total_size** | **docker_container_processes.total_size** - Total virtual memory size | keyword, number.long | -| | **processes.total_size** - Total virtual memory size | | -| **total_width** | **memory_devices.total_width** - Total width, in bits, of this memory device, including any check or error-correction bits | keyword, number.long | -| **transaction_id** | **file_events.transaction_id** - ID used during bulk update | keyword, number.long | -| | **yara_events.transaction_id** - ID used during bulk update | | -| **transmit_rate** | **wifi_status.transmit_rate** - The current transmit rate | keyword, text.text | -| **transport_type** | **smart_drive_info.transport_type** - Drive transport type | keyword, text.text | -| **tries** | **authorizations.tries** - Label top-level key | keyword, text.text | -| **tty** | **last.tty** - Entry terminal | keyword, text.text | -| | **logged_in_users.tty** - Device name | | -| **turbo_disabled** | **msr.turbo_disabled** - Whether the turbo feature is disabled. | keyword, number.long | -| **turbo_ratio_limit** | **msr.turbo_ratio_limit** - The turbo feature ratio limit. | keyword, number.long | -| **type** | **apparmor_events.type** - Event type | keyword, text.text | -| | **appcompat_shims.type** - Type of the SDB database. | | -| | **block_devices.type** - Block device type string | | -| | **bpf_socket_events.type** - The socket type | | -| | **crashes.type** - Type of crash log | | -| | **device_file.type** - File status | | -| | **device_firmware.type** - Type of device | | -| | **device_partitions.type** - | | -| | **disk_encryption.type** - Description of cipher type and mode if available | | -| | **disk_info.type** - The interface type of the disk. | | -| | **dns_cache.type** - DNS record type | | -| | **dns_resolvers.type** - Address type: sortlist, nameserver, search | | -| | **docker_container_mounts.type** - Type of mount (bind, volume) | | -| | **docker_container_ports.type** - Protocol (tcp, udp) | | -| | **docker_volumes.type** - Volume type | | -| | **elf_info.type** - Offset of section in file | | -| | **elf_sections.type** - Section type | | -| | **elf_symbols.type** - Symbol type | | -| | **file.type** - File status | | -| | **firefox_addons.type** - Extension, addon, webapp | | -| | **hardware_events.type** - Type of hardware and hardware event | | -| | **interface_addresses.type** - Type of address. One of dhcp, manual, auto, other, unknown | | -| | **interface_details.type** - Interface type (includes virtual) | | -| | **keychain_items.type** - Keychain item type (class) | | -| | **last.type** - Entry type, according to ut_type types (utmp.h) | | -| | **logged_in_users.type** - Login type | | -| | **logical_drives.type** - Deprecated (always 'Unknown'). | | -| | **lxd_certificates.type** - Type of the certificate | | -| | **lxd_networks.type** - Type of network | | -| | **mounts.type** - Mounted device type | | -| | **ntfs_acl_permissions.type** - Type of access mode for the access control entry. | | -| | **nvram.type** - Data type (CFData, CFString, etc) | | -| | **osquery_events.type** - Either publisher or subscriber | | -| | **osquery_extensions.type** - SDK extension type: extension or module | | -| | **osquery_flags.type** - Flag type | | -| | **process_open_pipes.type** - Pipe Type: named vs unnamed/anonymous | | -| | **registry.type** - Type of the registry value, or 'subkey' if item is a subkey | | -| | **routes.type** - Type of route | | -| | **selinux_events.type** - Event type | | -| | **shared_resources.type** - Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices. | | -| | **smbios_tables.type** - Table entry type | | -| | **smc_keys.type** - SMC-reported type literal type | | -| | **startup_items.type** - Startup Item or Login Item | | -| | **system_controls.type** - Data type | | -| | **ulimit_info.type** - System resource to be limited | | -| | **user_events.type** - The file description for the process socket | | -| | **users.type** - Whether the account is roaming (domain), local, or a system profile | | -| | **windows_crashes.type** - Type of crash log | | -| | **windows_security_products.type** - Type of security product | | -| | **xprotect_meta.type** - Either plugin or extension | | -| **type_name** | **last.type_name** - Entry type name, according to ut_type types (utmp.h) | keyword, text.text | -| **uid** | **account_policy_data.uid** - User ID | keyword | -| | **asl.uid** - UID that sent the log message (set by the server). | | -| | **atom_packages.uid** - The local user that owns the plugin | | -| | **authorized_keys.uid** - The local owner of authorized_keys file | | -| | **bpf_process_events.uid** - User ID | | -| | **bpf_socket_events.uid** - User ID | | -| | **browser_plugins.uid** - The local user that owns the plugin | | -| | **chrome_extension_content_scripts.uid** - The local user that owns the extension | | -| | **chrome_extensions.uid** - The local user that owns the extension | | -| | **crashes.uid** - User ID of the crashed process | | -| | **device_file.uid** - Owning user ID | | -| | **disk_encryption.uid** - Currently authenticated user if available | | -| | **docker_container_processes.uid** - User ID | | -| | **es_process_events.uid** - User ID of the process | | -| | **file.uid** - Owning user ID | | -| | **file_events.uid** - Owning user ID | | -| | **firefox_addons.uid** - The local user that owns the addon | | -| | **known_hosts.uid** - The local user that owns the known_hosts file | | -| | **launchd_overrides.uid** - User ID applied to the override, 0 applies to all | | -| | **package_bom.uid** - Expected user of file or directory | | -| | **process_events.uid** - User ID at process start | | -| | **process_file_events.uid** - The uid of the process performing the action | | -| | **processes.uid** - Unsigned user ID | | -| | **safari_extensions.uid** - The local user that owns the extension | | -| | **seccomp_events.uid** - User ID of the user who started the analyzed process | | -| | **shell_history.uid** - Shell history owner | | -| | **ssh_configs.uid** - The local owner of the ssh_config file | | -| | **user_events.uid** - User ID | | -| | **user_groups.uid** - User ID | | -| | **user_ssh_keys.uid** - The local user that owns the key file | | -| | **users.uid** - User ID | | -| **uid_signed** | **users.uid_signed** - User ID as int64 signed (Apple) | keyword, number.long | -| **umci_policy_status** | **hvci_status.umci_policy_status** - The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered. | keyword, text.text | -| **uncompressed** | **virtual_memory_info.uncompressed** - Total number of uncompressed pages. | keyword, number.long | -| **uninstall_string** | **programs.uninstall_string** - Path and filename of the uninstaller. | keyword, text.text | -| **unique_chip_id** | **ibridge_info.unique_chip_id** - Unique id of the iBridge controller | keyword, text.text | -| **unix_time** | **time.unix_time** - Current UNIX time in UTC | keyword, number.long | -| **unmask** | **portage_keywords.unmask** - If the package is unmasked | keyword, number.long | -| **unused_devices** | **md_devices.unused_devices** - Unused devices | keyword, text.text | -| **update_source_alias** | **lxd_images.update_source_alias** - Alias of image at update source server | keyword, text.text | -| **update_source_certificate** | **lxd_images.update_source_certificate** - Certificate for update source server | keyword, text.text | -| **update_source_protocol** | **lxd_images.update_source_protocol** - Protocol used for image information update and image import from source server | keyword, text.text | -| **update_source_server** | **lxd_images.update_source_server** - Server for image update | keyword, text.text | -| **update_url** | **chrome_extensions.update_url** - Extension-supplied update URI | keyword, text.text | -| | **safari_extensions.update_url** - Extension-supplied update URI | | -| **upid** | **processes.upid** - A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system. | keyword, number.long | -| **uploaded_at** | **lxd_images.uploaded_at** - ISO time of image upload | keyword, text.text | -| **upn** | **logon_sessions.upn** - The user principal name (UPN) for the owner of the logon session. | keyword, text.text | -| **uppid** | **processes.uppid** - The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system. | keyword, number.long | -| **uptime** | **apparmor_events.uptime** - Time of execution in system uptime | keyword, number.long | -| | **kernel_panics.uptime** - System uptime at kernel panic in nanoseconds | | -| | **process_events.uptime** - Time of execution in system uptime | | -| | **process_file_events.uptime** - Time of execution in system uptime | | -| | **seccomp_events.uptime** - Time of execution in system uptime | | -| | **selinux_events.uptime** - Time of execution in system uptime | | -| | **socket_events.uptime** - Time of execution in system uptime | | -| | **user_events.uptime** - Time of execution in system uptime | | -| **url** | **curl.url** - The url for the request | keyword, text.text | -| | **lxd_cluster_members.url** - URL of the node | | -| **usb_address** | **usb_devices.usb_address** - USB Device used address | keyword, number.long | -| **usb_port** | **usb_devices.usb_port** - USB Device used port | keyword, number.long | -| **use** | **memory_arrays.use** - Function for which the array is used | keyword, text.text | -| | **portage_use.use** - USE flag which has been enabled for package | | -| **used_by** | **kernel_modules.used_by** - Module reverse dependencies | keyword, text.text | -| | **lxd_networks.used_by** - URLs for containers using this network | | -| **user** | **cpu_time.user** - Time spent in user mode | keyword | -| | **cups_jobs.user** - The user who printed the job | | -| | **docker_container_processes.user** - User name | | -| | **logged_in_users.user** - User login name | | -| | **logon_sessions.user** - The account name of the security principal that owns the logon session. | | -| | **sandboxes.user** - Sandbox owner | | -| | **systemd_units.user** - The configured user, if any | | -| **user_account** | **services.user_account** - The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\UserName. If the account belongs to the built-in domain, the name can be of the form .\UserName. | keyword, text.text | -| **user_account_control** | **windows_security_center.user_account_control** - The health of the User Account Control (UAC) capability in Windows | keyword, text.text | -| **user_action** | **xprotect_reports.user_action** - Action taken by user after prompted | keyword, text.text | -| **user_agent** | **curl.user_agent** - The user-agent string to use for the request | keyword, text.text | -| **user_capacity** | **smart_drive_info.user_capacity** - Bytes of drive capacity | keyword, text.text | -| **user_namespace** | **docker_containers.user_namespace** - User namespace | keyword, text.text | -| | **process_namespaces.user_namespace** - user namespace inode | | -| **user_time** | **osquery_schedule.user_time** - Total user time in milliseconds spent executing | keyword, number.long | -| | **processes.user_time** - CPU time in milliseconds spent in user space | | -| **user_uuid** | **disk_encryption.user_uuid** - UUID of authenticated user if available | keyword, text.text | -| **username** | **certificates.username** - Username | keyword, text.text | -| | **es_process_events.username** - Username | | -| | **last.username** - Entry username | | -| | **launchd.username** - Run this daemon or agent as this username | | -| | **managed_policies.username** - Policy applies only this user | | -| | **preferences.username** - (optional) read preferences for a specific user | | -| | **rpm_package_files.username** - File default username from info DB | | -| | **shadow.username** - Username | | -| | **startup_items.username** - The user associated with the startup item | | -| | **suid_bin.username** - Binary owner username | | -| | **users.username** - Username | | -| | **windows_crashes.username** - Username of the user who ran the crashed process | | -| **uses_pattern** | **xprotect_entries.uses_pattern** - Uses a match pattern instead of identity | keyword, number.long | -| **uts_namespace** | **docker_containers.uts_namespace** - UTS namespace | keyword, text.text | -| | **process_namespaces.uts_namespace** - uts namespace inode | | -| **uuid** | **block_devices.uuid** - Block device Universally Unique Identifier | keyword, text.text | -| | **disk_encryption.uuid** - Disk Universally Unique Identifier | | -| | **disk_events.uuid** - UUID of the volume inside DMG if available | | -| | **managed_policies.uuid** - Optional UUID assigned to policy set | | -| | **osquery_extensions.uuid** - The transient ID assigned for communication | | -| | **osquery_info.uuid** - Unique ID provided by the system | | -| | **system_info.uuid** - Unique ID provided by the system | | -| | **users.uuid** - User's UUID (Apple) or SID (Windows) | | -| **vaddr** | **elf_sections.vaddr** - Section virtual address in memory | keyword, number.long | -| | **elf_segments.vaddr** - Segment virtual address in memory | | -| **valid_from** | **curl_certificate.valid_from** - Period of validity start date | keyword, text.text | -| **valid_to** | **curl_certificate.valid_to** - Period of validity end date | keyword, text.text | -| **value** | **ad_config.value** - Variable typed option value | keyword, text.text | -| | **augeas.value** - The value of the configuration item | | -| | **azure_instance_tags.value** - The tag value | | -| | **cpuid.value** - Bit value or string | | -| | **default_environment.value** - Value of the environment variable | | -| | **docker_container_envs.value** - Environment variable value | | -| | **docker_container_labels.value** - Optional label value | | -| | **docker_image_labels.value** - Optional label value | | -| | **docker_network_labels.value** - Optional label value | | -| | **docker_volume_labels.value** - Optional label value | | -| | **ec2_instance_tags.value** - Tag value | | -| | **elf_dynamic.value** - Tag value | | -| | **extended_attributes.value** - The parsed information from the attribute | | -| | **launchd_overrides.value** - Overridden value | | -| | **lxd_instance_config.value** - Configuration parameter value | | -| | **lxd_instance_devices.value** - Device info param value | | -| | **managed_policies.value** - Policy value | | -| | **mdls.value** - Value stored in the metadata key | | -| | **nvram.value** - Raw variable data | | -| | **oem_strings.value** - The value of the OEM string | | -| | **osquery_flags.value** - Flag value | | -| | **plist.value** - String value of most CF types | | -| | **power_sensors.value** - Power in Watts | | -| | **preferences.value** - String value of most CF types | | -| | **process_envs.value** - Environment variable value | | -| | **selinux_settings.value** - Active value. | | -| | **smc_keys.value** - A type-encoded representation of the key value | | -| | **wmi_bios_info.value** - Value of the Bios setting | | -| **valuetype** | **mdls.valuetype** - CoreFoundation type of data stored in value | keyword, text.text | -| **variable** | **default_environment.variable** - Name of the environment variable | keyword, text.text | -| **vbs_status** | **hvci_status.vbs_status** - The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered. | keyword, text.text | -| **vendor** | **block_devices.vendor** - Block device vendor string | keyword, text.text | -| | **disk_events.vendor** - Disk event vendor string | | -| | **hardware_events.vendor** - Hardware device vendor | | -| | **pci_devices.vendor** - PCI Device vendor | | -| | **platform_info.vendor** - Platform code vendor | | -| | **rpm_packages.vendor** - Package vendor | | -| | **usb_devices.vendor** - USB Device vendor string | | -| **vendor_id** | **hardware_events.vendor_id** - Hex encoded Hardware vendor identifier | keyword, text.text | -| | **pci_devices.vendor_id** - Hex encoded PCI Device vendor identifier | | -| | **usb_devices.vendor_id** - Hex encoded USB Device vendor identifier | | -| **vendor_syndrome** | **memory_error_info.vendor_syndrome** - Vendor specific ECC syndrome or CRC data associated with the erroneous access | keyword, text.text | -| **version** | **alf.version** - Application Layer Firewall version | keyword, text.text | -| | **apt_sources.version** - Repository source version | | -| | **atom_packages.version** - Package supplied version | | -| | **authorizations.version** - Label top-level key | | -| | **azure_instance_metadata.version** - Version of the VM image | | -| | **bitlocker_info.version** - The FVE metadata version of the drive. | | -| | **browser_plugins.version** - Plugin short version | | -| | **chocolatey_packages.version** - Package-supplied version | | -| | **chrome_extension_content_scripts.version** - Extension-supplied version | | -| | **chrome_extensions.version** - Extension-supplied version | | -| | **crashes.version** - Version info of the crashed process | | -| | **curl_certificate.version** - Version Number | | -| | **deb_packages.version** - Package version | | -| | **device_firmware.version** - Firmware version | | -| | **docker_version.version** - Docker version | | -| | **drivers.version** - Driver version | | -| | **elf_info.version** - Object file version | | -| | **es_process_events.version** - Version of EndpointSecurity event | | -| | **firefox_addons.version** - Addon-supplied version string | | -| | **gatekeeper.version** - Version of Gatekeeper's gke.bundle | | -| | **homebrew_packages.version** - Current 'linked' version | | -| | **hvci_status.version** - The version number of the Device Guard build. | | -| | **ie_extensions.version** - Version of the executable | | -| | **intel_me_info.version** - Intel ME version | | -| | **kernel_extensions.version** - Extension version | | -| | **kernel_info.version** - Kernel version | | -| | **npm_packages.version** - Package supplied version | | -| | **office_mru.version** - Office application version number | | -| | **os_version.version** - Pretty, suitable for presentation, OS version | | -| | **osquery_extensions.version** - Extension's version | | -| | **osquery_info.version** - osquery toolkit version | | -| | **osquery_packs.version** - Minimum osquery version that this query will run on | | -| | **package_install_history.version** - Package display version | | -| | **package_receipts.version** - Installed package version | | -| | **pkg_packages.version** - Package version | | -| | **platform_info.version** - Platform code version | | -| | **portage_keywords.version** - The version which are affected by the use flags, empty means all | | -| | **portage_packages.version** - The version which are affected by the use flags, empty means all | | -| | **portage_use.version** - The version of the installed package | | -| | **programs.version** - Product version information. | | -| | **python_packages.version** - Package-supplied version | | -| | **rpm_packages.version** - Package version | | -| | **safari_extensions.version** - Extension long version | | -| | **system_extensions.version** - System extension version | | -| | **usb_devices.version** - USB Device version number | | -| | **windows_crashes.version** - File version info of the crashed process | | -| **video_mode** | **video_info.video_mode** - The current resolution of the display. | keyword, text.text | -| **virtual_process** | **processes.virtual_process** - Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0 | keyword, number.long | -| **visible** | **firefox_addons.visible** - 1 If the addon is shown in browser else 0 | keyword, number.long | -| **visible_alarm** | **chassis_info.visible_alarm** - If TRUE, the frame is equipped with a visual alarm. | keyword, text.text | -| **vlans** | **lldp_neighbors.vlans** - Comma delimited list of vlan ids | keyword, text.text | -| **vm_id** | **azure_instance_metadata.vm_id** - Unique identifier for the VM | keyword, text.text | -| | **azure_instance_tags.vm_id** - Unique identifier for the VM | | -| **vm_scale_set_name** | **azure_instance_metadata.vm_scale_set_name** - VM scale set name | keyword, text.text | -| **vm_size** | **azure_instance_metadata.vm_size** - VM size | keyword, text.text | -| **voltage** | **battery.voltage** - The battery's current voltage in mV | keyword, number.long | -| **volume_creation** | **prefetch.volume_creation** - Volume creation time. | keyword, text.text | -| **volume_id** | **quicklook_cache.volume_id** - Parsed volume ID from fs_id | keyword, number.long | -| **volume_serial** | **file.volume_serial** - Volume serial number | keyword, text.text | -| | **prefetch.volume_serial** - Volume serial number. | | -| | **shortcut_files.volume_serial** - Volume serial number. | | -| **volume_size** | **platform_info.volume_size** - (Optional) size of firmware volume | keyword, number.long | -| **wall_time** | **osquery_schedule.wall_time** - Total wall time in seconds spent executing (deprecated), hidden=True | keyword, number.long | -| **wall_time_ms** | **osquery_schedule.wall_time_ms** - Total wall time in milliseconds spent executing | keyword, number.long | -| **warning** | **shadow.warning** - Number of days before password expires to warn user about it | keyword, number.long | -| **warnings** | **smart_drive_info.warnings** - Warning messages from SMART controller | keyword, text.text | -| **watch_paths** | **launchd.watch_paths** - Key that launches daemon or agent if path is modified | keyword, text.text | -| **watcher** | **osquery_info.watcher** - Process (or thread/handle) ID of optional watcher process | keyword, number.long | -| **weekday** | **time.weekday** - Current weekday in UTC | keyword, text.text | -| **win32_exit_code** | **services.win32_exit_code** - The error code that the service uses to report an error that occurs when it is starting or stopping | keyword, number.long | -| **win_timestamp** | **time.win_timestamp** - Timestamp value in 100 nanosecond units | keyword, number.long | -| **windows_security_center_service** | **windows_security_center.windows_security_center_service** - The health of the Windows Security Center Service | keyword, text.text | -| **wired** | **virtual_memory_info.wired** - Total number of wired down pages. | keyword, number.long | -| **wired_size** | **docker_container_processes.wired_size** - Bytes of unpageable memory used by process | keyword, number.long | -| | **processes.wired_size** - Bytes of unpageable memory used by process | | -| **working_directory** | **launchd.working_directory** - Key used to specify a directory to chdir to before launch | keyword, text.text | -| **working_disks** | **md_devices.working_disks** - Number of working disks in array | keyword, number.long | -| **working_path** | **shortcut_files.working_path** - Target file directory. | keyword, text.text | -| **world** | **portage_packages.world** - If package is in the world file | keyword, number.long | -| **writable** | **disk_events.writable** - 1 if writable, 0 if not | keyword, number.long | -| **xpath** | **windows_eventlog.xpath** - The custom query to filter events | keyword, text.text | -| **year** | **time.year** - Current year in UTC | keyword, number.long | -| **zero_fill** | **virtual_memory_info.zero_fill** - Total number of zero filled pages. | keyword, number.long | -| **zone** | **azure_instance_metadata.zone** - Availability zone of the VM | keyword, text.text | -| | **ycloud_instance_metadata.zone** - Availability zone of the VM | | +For a full list of fields that can be returned in osquery results, see the [Exported Fields reference](https://www.elastic.co/guide/en/kibana/current/exported-fields-osquery.html) in the Kibana documentation. diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml index 5f81adf456a..c8c99eddd68 100755 --- a/packages/osquery_manager/manifest.yml +++ b/packages/osquery_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: osquery_manager title: Osquery Manager -version: 1.2.0 +version: 1.2.1 license: basic description: Deploy osquery with Elastic Agent, then run and schedule queries in Kibana type: integration From d2b6e24b457a412ba3b20ae1947f31e1504f30e2 Mon Sep 17 00:00:00 2001 From: Kfir Peled <61654899+kfirpeled@users.noreply.github.com> Date: Wed, 20 Apr 2022 17:07:34 +0300 Subject: [PATCH 08/23] Cis k8s name migration (#3113) Co-authored-by: eyalkraft <63912106+eyalkraft@users.noreply.github.com> --- .github/CODEOWNERS | 1 + .../cis_kubernetes_benchmark/manifest.yml | 2 +- .../_dev/deploy/k8s/.empty | 0 packages/cloud_security_posture/changelog.yml | 6 ++ .../findings/agent/stream/stream.yml.hbs | 2 + .../findings/fields/base-fields.yml | 12 +++ .../data_stream/findings/fields/findings.yml | 81 ++++++++++++++++++ .../data_stream/findings/manifest.yml | 6 ++ .../cloud_security_posture/docs/README.md | 28 ++++++ .../cloud_security_posture/img/benchmarks.png | Bin 0 -> 274237 bytes .../img/cis-kubernetes-benchmark-logo.svg | 1 + .../cloud_security_posture/img/dashboard.png | Bin 0 -> 333959 bytes .../img/findings-flyout.png | Bin 0 -> 499215 bytes .../cloud_security_posture/img/findings.png | Bin 0 -> 505337 bytes packages/cloud_security_posture/img/rules.png | Bin 0 -> 315772 bytes ...-9129a080-7f48-11ec-8249-431333f83c5f.json | 14 +++ packages/cloud_security_posture/manifest.yml | 57 ++++++++++++ 17 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 packages/cloud_security_posture/_dev/deploy/k8s/.empty create mode 100644 packages/cloud_security_posture/changelog.yml create mode 100644 packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs create mode 100644 packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml create mode 100644 packages/cloud_security_posture/data_stream/findings/fields/findings.yml create mode 100644 packages/cloud_security_posture/data_stream/findings/manifest.yml create mode 100644 packages/cloud_security_posture/docs/README.md create mode 100644 packages/cloud_security_posture/img/benchmarks.png create mode 100644 packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg create mode 100644 packages/cloud_security_posture/img/dashboard.png create mode 100644 packages/cloud_security_posture/img/findings-flyout.png create mode 100644 packages/cloud_security_posture/img/findings.png create mode 100644 packages/cloud_security_posture/img/rules.png create mode 100644 packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json create mode 100644 packages/cloud_security_posture/manifest.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 4abe7d8e9fa..20ec01ed9d0 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -40,6 +40,7 @@ /packages/cisco_nexus @elastic/security-external-integrations /packages/cisco_secure_endpoint @elastic/security-external-integrations /packages/cisco_umbrella @elastic/security-external-integrations +/packages/cloud_security_posture @elastic/cloud-security-posture /packages/cloudflare @elastic/security-external-integrations /packages/cockroachdb @elastic/integrations /packages/containerd @elastic/obs-cloudnative-monitoring diff --git a/packages/cis_kubernetes_benchmark/manifest.yml b/packages/cis_kubernetes_benchmark/manifest.yml index 91f4f468dd9..3d107754be5 100644 --- a/packages/cis_kubernetes_benchmark/manifest.yml +++ b/packages/cis_kubernetes_benchmark/manifest.yml @@ -1,6 +1,6 @@ format_version: 1.0.0 name: cis_kubernetes_benchmark -title: "CIS Kubernetes Benchmark" +title: "CIS Kubernetes Benchmark - deprecated" version: 0.0.1 license: basic description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark." diff --git a/packages/cloud_security_posture/_dev/deploy/k8s/.empty b/packages/cloud_security_posture/_dev/deploy/k8s/.empty new file mode 100644 index 00000000000..e69de29bb2d diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml new file mode 100644 index 00000000000..ef61ac2fcac --- /dev/null +++ b/packages/cloud_security_posture/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.1" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/3113 diff --git a/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs b/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..6b3ea6de9ff --- /dev/null +++ b/packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs @@ -0,0 +1,2 @@ +processors: + - add_cluster_id: ~ diff --git a/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/cloud_security_posture/data_stream/findings/fields/findings.yml b/packages/cloud_security_posture/data_stream/findings/fields/findings.yml new file mode 100644 index 00000000000..f21b3aa8de6 --- /dev/null +++ b/packages/cloud_security_posture/data_stream/findings/fields/findings.yml @@ -0,0 +1,81 @@ +- name: cycle_id + type: text + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: type + type: text + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: resource_id + type: text + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: cluster_id + type: text + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: agent + type: group + fields: + - name: id + type: text + description: Agent ID + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: resource + type: group + fields: + - name: type + type: text + description: Source type of the resource + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 + - name: filename + type: text + description: Resource filename + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: rule + type: group + fields: + - name: name + type: keyword + description: Rule name + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 + - name: benchmark + type: group + fields: + - name: name + type: text + description: Benchmark name + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 +- name: result + type: group + fields: + - name: evaluation + type: text + description: Rule result + multi_fields: + - name: keyword + type: keyword + ignore_above: 1024 diff --git a/packages/cloud_security_posture/data_stream/findings/manifest.yml b/packages/cloud_security_posture/data_stream/findings/manifest.yml new file mode 100644 index 00000000000..7884911b1a1 --- /dev/null +++ b/packages/cloud_security_posture/data_stream/findings/manifest.yml @@ -0,0 +1,6 @@ +title: "Findings" +type: logs +streams: + - input: cloudbeat + title: K8s CIS Compliance + description: Check CIS Benchmark compliance diff --git a/packages/cloud_security_posture/docs/README.md b/packages/cloud_security_posture/docs/README.md new file mode 100644 index 00000000000..9134a8a0f98 --- /dev/null +++ b/packages/cloud_security_posture/docs/README.md @@ -0,0 +1,28 @@ +# CIS Kubernetes Benchmark + +This integration compares [Kubernetes](https://kubernetes.io/) configuration against CIS benchmark checks. It computes a score that ranges between 0 - 100. This integration requires access to node files, node processes, and the Kuberenetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. + +See agent [installation instructions](https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html). + +Additionally, In order for the integration to be installed, The Cloud Security Posture Kibana plugin must be enabled. + +This could be done by adding the following configuration line to `kibana.yml`: +``` +xpack.cloudSecurityPosture.enabled: true +``` + +## Leader election + +To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. +This mechanism assures that the cluster level data is collected by only one of the agents running as aprt of the DeamonSet and not by all of them. + +Cluster level data example: List of the running pods. +Node level data examle: kubelet configuration. + +## Compatibility + +The Kubernetes package is tested with Kubernetes 1.21.x + +## Dashboard + +CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings. diff --git a/packages/cloud_security_posture/img/benchmarks.png b/packages/cloud_security_posture/img/benchmarks.png new file mode 100644 index 0000000000000000000000000000000000000000..a86a0ec483e057dec9e68e75687c563c22db5a48 GIT binary patch literal 274237 zcmbrlcQ{;K*El@7s1c%z7DUt_L~qfeB}DWVz4zWb!61T&9-{YN2O&D6_udDiGZ^KY z+|TpAZ_4kl`4zt^38qLDERpXIBGDe2=#Kvg?MsREFNOEPhG2s& zenY93$_?BNFhJ&I0889@mKI<=5UP0RV5Z>QYr`-YoOq-+g81 zf4}VAvNglvx3=V0-p*}|%mKJZCV=sLol+hOK(yCu@RM~D$w$%P`%ND%>7D_;DBZ_6 z4Av3p{4kw%e8R+R&)?}ftcUz83WJlob#365!f*4wXi|!BaDoSJxK_9WcJq7)mMgfgN>lrk=v${)F;Yb&E8nwMCftRx zJwUSRxIRLnBW>|in)_iGESDAESuHdI`#_KNc|UX1Nm$Jr6G-Tj z!4pO$)6dWz&FU(nyG~`+1qZl0(#C94-_}3P`0%Pvr%1O+N0em?3sn`H2qQ*Vj!W@r zA2Bhf#vzo(z`j$6gef$oD1`#>!7cjuVAtllO%Qd&?j|?oP7rXbcyn_j1A@?{0A4KP z#`tycrBM+AY+L|C&kxr}CBEUQ>tG)0OAw~>NE%?V22c%j-ba-Xe;ke`M}w>2 zuSWdchaF9|4TqD2C`hH8vKVQ%-LxEc5810-{51wJkZ>8N9+N$2cbR=&IBl6>8|grd zI*{gZaOg0BWG7CAG$jFFa0Dt%mMqUl{~TH}SzbEn^&T8!5tR?cFDL1>YUbKO$3@4s#p`h3rsLf(7>I<%s5diM%nEWS$&xb9JiB0TCKe6R|3SSfe4&mUZJ=QP_~OBf;Ag?s--#riWkr<-*?+bt zPyeR$U63v=U%8sWv!m*>^Z>0A6FaT#<9&Kw!nuf;h?d6>dSlmRkC}datj|GKd1gUn zfnN~e95OCyU2d&5w0`zsjhUs7F^zEJO zM3%tonQ@1={4UHcOf|`#DOZWo*)zj|=8$USSrx5^(8o|DXb`$?hg48@`_$)>H(76r z9HiC~7&XVV;=l2WSIJf>oWyQ24BE0)CPou$M;1MoFOnz{-_3nj#;fa<<67(rI)4CN znBA($*o}3zc9w9t5Wse>g`|#qD0FWpI`gK}O6oyF%~&PmSp@*f?Rp}J(}iw5=Lu>ozF zody~0E635IZ>gXwSOX!Em8QL>AUO_Qw=rkg$hP( z?vjv6s}itQYh6W+T#cr=s@ci>WLu(V=Uwi0D$ z8A9WnZ(qM2F5t=kfs#+4R*)doJGE0OL5VM|V2E`~V#{(XjQxszg#AQkM@KKZoIFnC z{g3b}dQhWh<7R`cTZ^EInelp$2R(%h$ic~etwF6`*D0?dtO4v==H>@o*`__5UU%q^ z-{+ro$})@GBH^&(C{T}9PpV6B3x%N{q$uc`Qaar`NyTqxnl`HizsZOJ>4DHd7(REW zPUrn+b5NM~C+L&*d}#I~xb}t9P2H6nDkm}*axJPe>K6=06c!X}G)?rQAXijjqnRp4 z4KIzdK;58k?O{PnRX#J^GlR4mvhK2SvfBAd=8oG}!x)CdhBJl}hQcf9D`Oog^q2&1 z2w3QB9Ti>(DLu?%8WnUjT`zcI`S$(zRldv!-pJ^7*U0vE&q$HlX@b;$LnTh>!)YA2=cDEj=Dy#0KQQ7w)_amDTtqC z0DgQg*KNGiYsCnY&CU@t4!3SD28ogQj@R`;*F}4&iP4GP5&3@p$h9&27Fw`cP%=iD z%a(p#{G@n033B1Qc$!GI$-Oz`{v!Ul(=My=yUpUnnZzoRf&ElM5wj_szWMov)$x*6V)v~c1}%Bv-Y)&?|y~slTQ+fmvpx4>`&;ttypZH_SX{BJ+$>|6gGj+=znf~3+0@B)40~JbTkCiz1O6q=Ao_zmNHd1zUNRUJ?81sd?OnTQMc3PgUe9t0c;nN7WTNc8vva8}`QCoe{;Fv8-SlDK{zRD{`pwKNcW&NE&8f>>3WFW)(*AY- zT3O;^{UXM}@zPlf$ECrA;grl~cU6XpsPJyeaq?-yb>vM_SJ@l=gR?CdOuk-azby}d zj`1Y{tt}-DFgyy#>;Oe`y_>V)}o%R*? zRh%yB8Ue^2Bjq>2hhImq_Ae;*N`?4ft%&>GX-`+hy+b-Q@$mE0H}ShmvfaHCPb0no#8oBbw$EF>yAeaksIybrNtF zru(Ob0HXY}nuCt!pC-;$!gLynuW2Oh98G9=**V!c=|r$-XlR5SjZFnqUP}MBJK{~4 z&fMAAUVwwc&CQM7jho%h(Tw96KR-VQCl?177aO7lo0EsFv!OeitrPu!2Kk?HUYa-= zIa=5|TiDss{2bTty`77*Fdf~`iT?NZA2?0iE&gvNTc`h`g+P$w=NFD=?3^6`J2s-L z(9c?d*B0(3)|xLZY!Ea<%pvlO?>U#yKOO%1^nX+S(pBUCx^h3`eerA8Uq1cWRn5u7 zQPR!^F{!i2|1H>mJOBFeza51*e&YTME&fC3e`*nw7QqtY_}^6%!D8c0i9;+TrNv9- zw}>Z#&3^t+tP!^-|9K+HC`?DC9*tlCKnx)FQv9tu(%u3_>br@wyQ3u>DpS%zOk}Q6 zaq)r=AHtF8GLgxvdTl>O%k4=I?%&?^ZYKCurc|a37Tz;gSTL?i=|m^~@I>*oz$ofB zw@@ygFm{}~lctV_)CQ-FTcHka?u;smbojjEe#3!wSHMXNQ=WXC-d0E;02!0U|KHv2 zzo7{ONWY{Y{IC;%ynRE$;nU-n0I!!)qR{r`c%GsFO$ zfcMY-JsrgWL011B{QKdwVgP#d`;i3ymWBW%WKtcJf6WH|VmOEap80D;{W~`L$$j_R zmdXD;_^9s@1B4@WzW-M&^bhI%0q9fz9(-sm^NWaeUjN=#1@_B!t=)ot47?2Uh(7PKbw zHw#)8BZQ0GYlq+dxBfpH=9eOqgSKB!i?iFgB)f$Ry6%1Qf#dfa8FlBJUSIBbPE(Tn z26*hdfcaEPi%&^RCG1wr(7C#koy8`*R_nRO==;)I-wJU47XN$!WK_<=p@y&D{$@=v z9b{brw`1wn7aqr-ysKT)K7IPsSwqD_`#b%EvDde@`X_|FWP{MpTHbK-TF(=K=$!sv zl2TZMz}3>nlmErvxLP2yX;mKzplxh!_KccPKLF)hkN~59;R)ZZ&s*zyw#zYqLke`6ts>;uc1!r~ds*{AWD;uv zgM8v;|L6aQwy^x#Hmq%Tgy(gh3bR~YaT@q-aIr45ix!r(&b_~>X8BpHDA3apnh^aB z{?KDI%S6&*At#;3=B>=mRKbQ^>eXH*5|hcabbG~5^DFs!xR87g`YH(}oc`*P z`3j4OrP(Zq6<|yUFB&v+J7Bv*&`b0ab%HJ&g$kdwfC>4jn!(~m8D}CckE0?untQ@Y)6xC@+V#W~A7s+M zRuq_{WcgKkb+8a1HWKaZ5&p_D|A1Q<=?`>0;tQJXslP2@U}6%Mak*{o$@wOAoP_4Z zCGu4I9XcnE_t7>zzULQScSA{%k#KclmlNVS8uV<#mt*hAex2tZc;3n&2_UO=SM@#n zRhY$i?;U!n^QPg>{%x_S$u0K>&Gn&3&gQYX69~EDzQ4BJ$Gco>)@_%vfa^h!aHvLB zD`XxW;~PLKHx^HWBU(>I77l;($r&-EFNf&Qgxte@fB!pX;UU#u_*n)5r~)j%Yi^SM zsx+2WunxVZzKxqL{l;QHMdtNGw8q+@_`CzwPmgR)SiW8UTrcji+Py@lhqo{`tTKc?j8vPgD* z;rFbivLdbLFhhs(A^pT*NJ2R+4z9jAW_BYH6+*;;BM`M5E%8j;-`IZ|jC=>mw zwn$)VJJ3xq8%+Ndeg25qO-r@|QXOyJf-mI8M1kTdGCV+J0bV>f-@w!5KD zsQ}TNBe&Zm2Kgkll#>H$BEmmm4aOWMc!CMC!)5I#h<*YG$ez@R1_Df;H^X1&Grnf3A{ES|3~Y63&WRz|6Hwl8Zj9f zcC=r0l^9JG^7UeZroQDL)5-x_wVKI-xo?Dk+8IE4YSQC4 zr405lHFZzGYYQCdeZyB|;xkh5iToWiQq;rvE!p^~Nf{gSl{=wzHt83Pe_B-DrEXg?|s{!ZE^d)`n;XlkcjsW{hxo1?2KA?p7$B$TBCC8y#J6%dU3aDa_IfDT&7oV0p%wbzXJMGiZcbUh6(Zo($#?XeiiCUIsc`m zN{IC^@gFF>Mdjf!2qNNjC$M`WRyW2O+T`Q1otIXer)6o+ux%zu`kcZ4XrtX`!>X=U zIk7^e77k6NI_~yp`nah64VCkKw134vA}{n9n^BZus`mCVBq*ZRuwysR>t6AWy%Aws zxNELv=_pZONsIymY2iUan+PB&@Th+O_QyaXv-Z0;3Cv(Kp|}`WT~kz z6uION+T`~k?}y`hQrf@ad2Od&N-DZRVB}PF+!@Xxh#j4Zo-^jP>Xz$ zH9_U9-Skxh%G1&tbb=Tw-$y$~`NuuPkf8rlF7k~76kJisg*|hkKu$S+FI96DVY$!4 zv!psmwVZE1F`M)^lO=7(Twe<{Y$T>IbYJT?n+$%bskDK++MV@t*fAioelsZ|UgyQl zypS{ZBDr198~E8no5)1B#WaRIWhNL&fQ1cF0&_P03&JdtX3R%4`>gdAGr}@l49EdMk`7eQ%`sO+~U3Kt6EUJfONq5v7p3 ztm)7fDjS!?pIhpL7EOGso0`=NJiK4|?7kR{6{_`}?Of(tWK!2)4DBS}E-do;-N|6c zmj`X`j>cJ0)WeOhQb(r}iF%#J>KG>`qtG}5JNl+4A?BnQiN!FGE9fvVhkmW8&&9|t zAtAo&RT6LBUZKT}F=|w`qiHi2GAS98DaLOq7y-^(8bYdo`DLkM`w(4qnIFRh&)7H2 zN!4{mq-`4=UQ3vHE;PoN49Zxw*x1(lW>(wTh1#~fUQFZH#-kE2ZhbeK=bCOan-fvj z%B-5#d$h*%)MjZf-xIUiVoZyCyo}@9w=I+1S{qHD*Xqeb`{c<24y!pt(1nx5lU(2lIn7Mm|C-3~zR?*=afGT`$U^+Dm?G1N&?kx8!{930G>_Q|ipqXksIlnk)k;y2F1L7KFXrei&ktK=Hkt{@HeaV6}2RG1Y=Z zq~LccjSGpX5tmlPz7H|3;V2ETGRL0>-e3Kqu~aB98Y0XKtI9OA@z|wCH@?{>sT~x+ z>iV3)7MIO5G^^?0XZqNGMNhVDNSg(lFQEkj2~|>DUu+ldf3Ac=Mh+Twd_VGo?@6LI zGp;_SK@L*IgQ8)p?Ft#{W7u?!m!032d%r6Z1QUd_#_j{fbQ_%$^D?~W=M0N~LT$_K zIZm}0P6`&{TlpBmIS=Ua;OE#HN~=7ofvwXl3h6oBNa8%~yCeTpwNZ%l!}R7uVsWO}3fEp16^$!6 z)^4s*SKn7#F7v%AJ+<~o0jjfZZJ9$uV``NnTe~UkyQ8OqkcDtR*apV+fh%1-hoI=F zS*6XrB92iI;fzczD(80~L);qXiQ%K)?F9gGGLfvCOlDrjQ*3>qlfB^Jl#)4D$h_tw z&-IAlI>l~uTfo|39R2Z-AU9ztFCU-!@$vEcn6jv%`<%0l7}K7!+~m9`ror1mCvZy! z)z%=cf%o+hQ>Evi%*;sn3vELb(ydqE-l8%k_Byo^t(qK@e&Vm$>&`pVBh3j4-5Ja* z*d%O;RD$d{Mz&^Oz@BG25x3St9>+P{Npe4Tv(0-sa9HUVrXGUd109$;PXm-EOHN%& z4E+O8uDWqv|J;6ei;5{MGPD-Ds2`}e6XZ0X#R#)v-qps-Xqw9q)!6_+|0BNC>$Z}%el@AMx zJ)|s5(FyD}N+Bg5PlforSKhr>eYxMPpm+y~X+0^#+Z`ywK1J86bk>~blM_OUGVrHe zG)lR+j&!K&m@Mc%yU50eOXAF2R){=*@xBA67SAn3R&QUxRlqtJXSa0s@v7C_1MqFl z4PpA-H$Tc+VQ;$MqYyOq1*oGl1m>sPaa>nJam;8>^t@L{9vt+LL3rh50Q3tsuX05M z44JaKcuNuCQ1$E`1*ZeE?uNo4#LEkCFz#6^?N7ZkIN8=kVW$uW7J(1wMqB(Oa^Jmb z^AR2N1^bq%eJ4|*Y%=b}geo%*Am*n%q;Ds%QscQc*FW?v=HsUZa1W~`^|_;^A*bCB z#E;5%f6NZC$K4HlEq&LsF%>mr(h{tl-Xi7m63e_{tAiFW zTN1+eWg0(^LgfUV!SRi)g3=xMawb;>kNfC-7#6Y(>Q^GQ)4x1s+Nn)kM1!x_Ej4so zX;)+O?RUv&zTvp-e&q9{k9>pV$6T^#JQ9vgTqx&!r`F{=z3W8T*DI^cWe=1JzFhRYqP`- z*$ys&*I(^C8ZA^~u`m~y+R+Brs6w+k!hY`iS@hoZ-K}-zWw1#%VbJ&Qc%#*Fgk?b0 zJSDj}&DzcEnxDo|c}KkO&6RAG>0oo+H*m&XK)x<)e_^0GcQIvLR8Vyin85O`H-gme zEf@@rS4tCjbz(Xwl{axYUNBZ^1joDV)W{I^6RF09d@k6^bvv*c0Hw$+G`h5`O~k34 zL+9*`VypF->Wg+SHm9crXvFbda>pU3%iec1&h1qiRab zhEktR$wm|}mA4D(HKoI6jtV6p=0nkmKjT4cRd*8HWs19#dcvM9RKiyU#TpeVKq}FF z+ox;;6{irV5i|meVleT+`9{5 zd$TpvUSsVyY6)JV?n}D99xMlo6C-#-N$E*Ga9IE5p!Pr&G}bNrO5q9X9*s?zIlbZ+ zUV`USPPbY7`W4cEQLB=$hP<=O%v{ffbP*pdJR*|*LNzN1Dwn)=-dek=LYs+!IzG?7AyFaDMqn}u_c2CmpIqYhw-XY$4p>a^( zl3+;Xw^b_6o zd2K1+6P94SA5`x7IZVujU^s&|B!uea9o&AaRQDlXkzq&ZXjVr;<-&Dc#-h>DCydr3 ze;qg789%dBzB}l}1>q8%KLI}F?jMn(xAI7WT9V~=)wuH8;xbsc!2$Ji4Ya7bQ=x>; zjg7!S0%qBjMpWSroxLk@$(o|4CNIkpj~6P^#%AZoGScEbtXz91eKJ0PG_vjT-Z?6U z5szl-L96$-{^Qqf+zHc7;*Aowl{1NsAS@GuMw#~MFK{&o|FX#CQi1%&6t|n_3U*Uj zAEsfxOwM7*B8}E5BNj`Az-c!jYk2Klxexl51;uk3f|7b@c&%QJ$qaFu?792d&Wu9)=t11@Xs|+GFq0 zX}{M-KQAkn#DIuqmQ9I^S}(*izBt|=n9=KbY~3&yAZXp-YVYUO)%0-okq|~>dM!gS zrKrPv^N2_8QiG351-9BzW5l3Ci@8+_smc*WeJWB;II!@Udh zWE+7P{AWuwH|<}kdelqw)*-0e%X^-~{l2q2 z989v{+a4(Ou#|gY(I(q<^I)+grDPI5UJG4p>CQ;ntAVJ;t_L?Q#VBIjOjz}avKXm( z#ov3k4W?(iDt139DR{{15adc8NycIatnphq{L;$1&@0e5`+%qt5A;)aK+NmV5 zwyEzI^8@p|NWXr*_d8KWEoy1UE}g$0q~ zi=Mg=hC(-}ugFh?Ch>48`Z&_z$>SyJU~LU0m^ zz5_^hVAN(efHv-QApCa5VU%MvbHr2@VoQrqVkoP?F_2&b8EqBH7s5Dpl-pLV@F2|j69Oc8q z&HRgxmVi`(CM#cm?C-0lPmYj<;D77l88BuEj0V3$J>ulIn+q;7R(;UU8kD7Zlw1_o+5s9xDAnJRh|qczE$_8KajeWH}|#+dwboI~@8 zN#d>xL{Hr_b@rZq%m|z3&F&MKbAj3|ZE#v$47MTjjfm4E<%#tZ3Y(5e!#VRgv#s5R zVJqna3_%H*r&GBld^6y;D5Rboi%wwDJIy-Bi5*9z$5a!Wn<=)ZU-Gur2Kn-?ra1Nrzy`{WySYEx6YiU&rx zYSUIvN1x66&b=NPQMMl03U_OnEZMRv>aVqa4%cm*FWvOXbz}olyTvTccunr{XVHJ! zrhs)vfyU;N(zDg|)AlenPbnc>H`P)ZCs(ZkF1w#jKJ#1E`YF!25H{fN@p{v}rb0W_ zED(>-sw0zo`E?~^`GjI~OSSq=dV98} zO6Y9;huG!a^?^PedN!epB0?ub>?fW5n#=eZE|q=P=6a1E%394)%s%E@PEI77J53`| zZc8D7Iize#JyWYFWP5&51Le&z1P6Hu?PN1dm(A)j&E;jlRg@vx8nKC{rL&%5p?-PS zkqyT?Q_Lh?7u{a)UeT!53%js_J@?DW?BjL6GR6E4)o7f1XwUXJ9)=aiw)V z84_Xef;OGtK_C*qCsqoJ>hS|s*>%p!EZo|b_F8A?qf1Gs^!}Y z;P25He=%OnoFe+y0w|=j;_5PnvNE6P3D)|s49ruizCEmU5gC)K9#+9f_@dFLViKsV7$ zU^$w{PO&b{%jGl#g>fJjINB2|xKHU3rtju(B%aI-6ZTtD{6f@YBWZUQ9Yhs`jV<`u zsOci9wMe0RS9#LzFeP_OeFK?<#P zB`nKs#$}&Qc3Tpj#hy2pfyvU#RohJ|*>bwfe6^Wa{^SapQqh{Rv5}`vk{)1hjTYxZa1OPm5v)vTghxOoYRt{VW3(T_a%#bxei6GYVOO! zl{z`$v5Ey^Ty=9<2^r0iudrG@d|vl#`mt@y=e6541xVDmw&o)z&%K6p{DL3(?9Y3T z(KPH;_BU_LCi{LNyKD=!bv7-JzPi?Kb}yK6SeV=XPFzpS(wFp;e)b6$|;AT)(Mcs4hEV;^Hh0gDk z&}RrzwN?0C!mi;q%KfaS_qK|8!fIpz_K5ra#C0q|k@G2ouq)fuz-RcPke$|C?mO3U z;99QgMe`-~1uRZPnFn>|^gEdE%wC3QdcG4B-}Yj%pU8&hjUC(A|4gGRVRlCQD1u)5=Mk_R0BiJKCHKxb$|Ob zi&ZN{O-$Za&JYK@wlxr|iy;!QpBkg!QhD7`OB)Av-@!vCe!$=5KKEc==5eI?*$*ey zMjw0qqti6{jVu{4f}4EpNhd~HiUQ|4vy-sNjv zYhBTU+aw(~SDT-KJ8;+mtaa`lbbjfploMR-0j`1b?yOX4W8v^_XD)PVXtn+Ql5;6- z?3A9@g8ts4)}g5JBfjY@T@)-hOdm(AK21J|Dh4`K?Nl0yx|ebqMCB#ww&V_eBe)4V z-g(@Vd{;o_Rt9PeL&VRwqSFnRCilx?*E>rjZJ$x~XnSgtPzyb&QouMfuo#}8To zLv`Ow`V-&#>1{V_R&9OZyVJ)pg9!Qfp6)NmGnphomap0|uv;u{I&^bk8$^VO4w9;k zKv$(HD^;1f5tVAUvH^r+##iE3Z!>Qr0BWTkJ<^?$KbsvFP+_(ONXl#tE1i#g5NYKx zxX-$ei9g%>({Wh^cB!bS(2Wg%KN>*H(^u3};+#)GTGj3mlp?9q^5q{9PKZXKT2Up5 zP6L<!%2Q50{9?d^D{nT0t>J{1B zszLX)9v1HqBgY#3xKoo)3wo1l%O+qM5-J$Dk>1qpE;{A{qB!0i{Z^&pW;4^D?d+U| zNSeUg$?Nc7WK=k1KfI{x&z?n#xeyJPpN}c~jZxgJMljvAW6ND%$cV<84u0vyzuk~I zK9tmlN%-8IABe`=%+>aj+-~}k30*MGG&tp5Z+DAE%W^q` zYv2dmaSHhJ^oE$){c>@C0|T1T>z6=gt>N$I9Ch?!k5%k=%TjtAG>s^}_iV1cs_OFp$e%C(wPAz|T6IzYV8JKoScn=S?Zo(jB z(YpPCT{%s?uFz6Ywp(zG=%Q;^RjceSDvV$fC_6WMc_h%V3qi#4i)k|c@J`g;{B%y7 zQE{MR0w#T@pU6h}zev+XJD`vrS=YIwkomM-Hj&nycvSgoNf3DiD(5P{scyIH&=h2fv4wrMT_e)#`bu}n)^Azt5^q*O zKN5KST4TChA!6!MUlLG@5P6qVEUI?eVjV;jt-<7QaFGt$bJdlidOfk<s?+<# z^+;Gs>b6orY5K;}-*jiZj^4EyG};{3VAz4KhXEPPJ*i3D985`m^E%XXOrX&poh2{; z)h_GOXc{Wnf){$VKvmEtj1l*psZsIHchi$At-7Z8IX#uPvtbU3UFc;;`kKN09(IJ{ zi@>3FZGxR$M6A6z@S2O$h}qasXUDtSL+5n@4Z+pfY5lKh`S{n*BHFaB-(CcaoJdFmTf0dHq8Huy99swky_f{8k(g#~} z(uV{;gpm;oZP`+|j8h0c1!^k`lq%MNjB^(diGw+-&q|Um?O#`@Tl^dc=jPA!Qf(wS z1Ox(M3-ik4A0r>`V@{HRVaCX$``jCA%9H&&6IRW-4O4!c{tn&YhAQ@kIbUt&>b$a( zJI6qX1c8lo@6KKcd9Me+RTx<(|(zeXDB6U8zXd`*}7fV3g`G4dA#!~B!pbGuuQm? z3;&r?I>MUvU2La$nR9tGX*Cu3RypU=wW;uejLrT5#JyPZDShCk~<;syoG;{BID(2ROT+j=o_zRjmHU%kSt*1V}?JNAtTYZ5Nns zDQaA#{v$`za~n|LJOR->prhQdPOd6fu?6wJJ#F^dG0?)$jq}oNx+Op|roiK5^K04{ zY=tcg=(MTen_ZFTrsZ zR20U~JsNT;Dy&}C%+;&E?&>&^eC6s4U2iq&9vZHThEwEnjto2RjVU!~(M3<*FS$w= zZuGJ%nQ}pxT^vqJMbor%wo4twUeO*MEyQ&wm0oyC=>p7lApQwkmHjavY`7`+hyKcq z4MCDFEQ5MD2fK*5^;A;P(#_YjZxqk1*9RTTWcd6m5O(B=^p5Vn>1{RD!^fn{$ z#ke+WfiFdOzW`G`Ie4C>bz>`FC{vwv0%tP=9^*33th$PUH@%h?-QpzpJcZ7E1y7Ri zB`f%jJ^FeF0V-rt>6yJiiaJ_5h?}jk^xCxybB2C?R8YU$NXyY09l#m$izJ15N@Jq>Mt(s~Gb}HVgZ%RqAYkV_XZ2=t|<1a$@a3NOX=<1B3&AF=v6@QU#lSlRp~*}{Y>8k_cDtb# z7K!C4QEeQ_P=EA1>z7vg;F20Sm@jsB7A7jC1BEbAC$W>H%aiZ8pH?u@m!=E^I^QfN z41i|Pe?K_^2rx#q2GC6F3m~>J7(qe0>8|51~i1S@PR`)7}<1aI5J+mwbh&^!F^xN!5-opBfoMQKo^2DnL!+rZz1%h8N`?+h&NDNOu+ecO#?ZsOZ`v# zo$G0ADNu~OjnrpL)?+)4NyYXclH*z;S0UxmS;-ai!Q&icKBD{HUS2&r4^11=ma-9N zLegF@dt*K(29`RQy{npk#% zEK<~RI8nR6&UgVmInjvY)v1NYO?2J0n)Q}S+R6nRay^ z0)tPakw=^!u+H|nf%oa`#>33hyo2U`TLhUVsg z4;WPrFWA-=T#>HrhKk$dXoALhdO6&p&BqZ%7E5Fk-G=#O7aZc$fqkU~0&9dGY!j;TF8+rb(j;7$rz87srDhRvUJ7IaAw?Usdw^J51?j=ZN1_Diu~NPD6pWvF3p6HMNk@ zI(_OgRg3%bOY5Zw)qfc5DlqZ2{T}XXa|gk@3?U0?eRme`Q#4(5!3GPNw`}c0^N0u$ zd*s8m;USkZj^?wAi7Cb;iiNKM$$lM~yWc{{+9hEmtg{5yH!u>}k;RsFDLEgzrP8!{ z`wlU?xfU;2uh+>Y(_3(KZVAF@KdZg8|M6<3-a)k!O7R7+->56|Af4lF*=efBfZYHUsu%P&XJ|5=Za`fT!6B%9ZV55~9G_JgXQRv@!NOKvq0Fp_&Rhp9ASJ%~P=`JAc$r8B6q<8gX#)b&&`9&u9_~k2s zQmKUuL9U7KA(1BCLusSMn%rcr@YiMh`&Bcw;Qcw@n5~nls*K(oIlGIZE+^^>7VZEs z-21~~g&^8W-=Hf!_ZLh|>UdvhtgAK^2e}!iupKNoHT)8<&%UV-oD@8MD-~3(f3uTx zV*(bvd*5Id(@GN(;e5N8Ai+IN^rzylN3-UnA+0XY@_#FEH75{wQ&H1evCsEHbYI$R z<--wWJg#bRvKEUlk6XiJ5xv2*?{wT`zr=$wIS%0wnOUA_JL56)ZqC)Fc;k)Dn~!GF zHJ`6rDwA5Jv|GL4rYd>wevs5l%`w(n|0kT$7sF1i!*ua8piwftn7VXzgHc%{4qgT| zAMkn~&BL8cMj$4(3(&k%4}@AFR-W z?)5rv#+W%rx=-G#Rhr9{vQxT|m(kwyh6`ViA;iJuw99t@2Zgd=yTVGd+1Ns*V+nOP zW*jIBpSnDHfd-2o;E$X{|L08Mufp(p1{t!4Y1~0r5EU2)yf0H3Iz!oJzr-$bcY|*X zPX8Jn260tVeC+?GOi#FBYyX*V%T=Pmg7TXYJ!TONRt5$WKfWz=Av(l9LM46kibH|N zYI59JrDYKAia4(@QWre;UNC6~)?3!fj5u*n5&6`6(e2;`$3@mkY?8ij$#=&zgzm3Z z*P-?FMWpWDtk~?@nyn0Dt)@aA#S1=_N=@l^nbKwX`R}23ON}<#5U>Dg?%@t^^Bd3 zaDwd%>)CHDw@WU%rP-DJaK=FFq>EGMb8vQ5B%EDBsNRIDIrAM(3j1uFuDp$M3Gzz*OW)7r2m$7X=LOEl>-q+UW89Bt6d>8TTcH%=YsR zykU2}BiSaj&)hoh;L1xM@j|GYHO&;4FDjVQT}kpx1kzgFzI_va`t%SnHS z*#{e2#dZjGTP^1M+@?kyOwQf-!-N@VOQ0N-Xeazs`4;wr1mj1Qq81A2KAO{i5{y7! z3QMX*R+zr-62;|ehTc`xp83eMe&XIs`2WY=TZToww(X+`hyo%i5|S!Q5NSziK>?+t zyQO33oMAu&loV-cDUt4GP)g};W(a8pq#1^p**|>N^Zb{t^*-Bu>@WK`_WR9XhC8ml z&g;AvRF?9Npb!7uK_J$SS;Le4Oh#g#L7oCb?-B&m?VKmwl=a!OnY*nu@VS`jG@J@N zP@e@r9qadXuHCrBtm9efQHyrY1AH&-uO4mWdVrfJq0dQvIkm|T^c}JKq~LsNko}y; zZE^6oSB-mpJ#VUR_lJ(5#No;xWE^j7HZ^G<-3N-#51cY4rsv<>vcy^>cn_x+8gmzD z7475(LapgKqF{0^y>!s3Kd!Y5Tt1lc)(s23ovW0t>iCEl6o6_)(lfC6XQmdis`w4l z@wPgy_;~;YKA)qlrCt&6acSe;76-HpY4DMcic{}4fIRq~P)Fft@~HK;2)?XXj`yDB z{p022Y{%Jp`1)A`VX0fYt-@x+-R=1sXY=jDF=7wt$ol!9pe=!G8z&pnHBm>F-m`Aw zTeG{LE?97NhYH~RukPNjVx0voYj%me^rSA6Z5R#h{mzi z)muOtOuR-pRpJh)k@rrJmMolq5U*p_GdcRzdR$YEeSezxeMC6N^Dwl*bh$+Vhhg;$ zSLjJTGtI2qUIZ|0sSaua1}V3#-ugMGGcYAZ^Nzi{djA^Rp~#TK+a@X`cE7nKPQSZB z)}24nd2uWLESW(VC-3_NrDtx*-}t;egJXy->Dp@&JGIVMazq*(n-^`63!i zE}?U?Thf5d7=z}1Vq}zdisI(}`ayL2&5IZKgTAVAmUN!|hC`*Q%-r+`pShuiky6k| zNy!~uP}?QLjD9NgLahsX?(rP}pPDm4FZjzSh1AVle`HSy#=B}5rvE--Vy>84kf8|f z^_j%f-EvRNj*?S26IsJ0!a$YblpsgiJb`(vFL&ge-yOqDYH{j6#wKLG`$7pQikCx& zF{hk{ODp8Fdc}QY4dmVOd{1Tb*xz-v6eo1UPG>V*x?@ngQ*Up3JD!Za6jZXqlR4T9 z=Gl~|p>6hBif%S)9inV5l|zkB%lgLDhzUGV9*MxU0g;nqN^zJPDAEh<_9*nx@L~BED>Dz8awnxcO_pA|prsI8&nXEED^Q z+CeugRA113f`-}(7%W&i%e~l!bGu{Nh8L$;X4x%V@v_W23$oMK+)9@C_Oy)1Bv$Dv z1DDeyxLTp zdr)t3&6jcjK(R6PIwgg^ZlhS$FJ#u_f*#P7ALo8xDKe{^Y%0VFR4|kRvz3ws;bIVq z#^$R=Vbxg<)9j5nhnd>RmpYfd_GTsBvWXd-r4{aHY1X>e4Lb^31nrPEU`N0AMKeDl zpqtXg0f1;9%~eliN&yHmj@RA566u4n;S3;@4Apkk18Zk*{4{1NK$6&k+oQP9SdNnbiq9Dkq5CBVdYqMQ%;j*vwV5wW@9Rof4;)}$k)O;A&ApFwGgqj@3yyTl%tC=}KT~du zgG!T+(;dGkr}Ld~47n`DSrTRhSTN%~rgO;8+u5-F?58Ke%d9$am4C>Y(N zBLh=eouTqku|*P~&&kG{6%!lrY98W@twrV1_4XH)LlcIg1LHXhj``HILAEbgQ$;;v zfsk0+OAv?_g&Uq<3$SI+$eag(7tirY>%Tr-l!SDO_F4HIf{eZ_pe2tp#dZgTzLjew zd@b?A=)P+YDRceCt_;FuvOL zQ;)^}8ZMn-g&$FrrlJDp&(XyWIJADok6w3^A^e1#!G2p?&tu4Eh!a3Cs_VSEQ%E)l zc7rsCS+9)ctZ=|Fb<>)M`)9*`4d$YGjnn3N5-~fHU1HfekN#|pd3V1ztjwg7OUmyo$_#Of14czY;RRMd*+~9=%H6cQ=B7g& zEO?DrVs(d{en7JLs?cqQWC!(9%FdUkTe z?#uS{JLj@qdi8wd)z&{GB@tRo0%yYn8q0mDD^UxkLiIp&XOyRpDQ566hGL3b81@`i z)Eclr-S(ULu=f}za=MCwEPSHey6gs1@RVXN>#$jwRUz2^@D?Z3^^He82 zuoq5oh#8Slsg;EYwv8vLy$J*$}2;o^vmD zQ}wHcQKhCbO;_F)*V>NSqT1FHnN;Z98#GFk$exh#Lp_U*l89pMJ0V4)X>TKe=~0f3 z@Va3p;x>szy-I7Y8Zu5_-vpyQ5DXJZ932;H7f&?cW9V8%ERlLBn>5Cwb^A^lUT~U9 zlhFET(Ta8xFf}s#wGMpq4>i23Co%Xpc)^J^4wKG}8$t7@T|F-uJ0k+Su(vjkohdq! z^r-qq(2&zw-yV!Xw>~7{M$&R%%NKqhW7~mVED+=RMgsWT{V|o!D(mUVHn9@9#1)Uy zMi9IM=6jSjXTSY!$f}k~d<(TF@#gm4-VCRRNDPq!zkS|gxqzX;4Extd5~Uk^uch26 z2d?(|?YA;{h2-^zbfCPK>)a~p>iW7{qx{qvA>SU>O}(7hhgI=!iujDk5BeT1MoC7e z;}%dZ90*JwF1i{y<+In9D78YNf|aRTT040Q%mWRL3aj-|H}){&7OsQs)P(0ZHZ>=tjZl3wHg7$5wyOd++RzyIN_=;7R^FoFtUfpMxl7ad zz6%GwET5@8Bvn?7x1#nl9)>?C@aXO!$jM|jdwvg`=|Bv$SoTSpR)-DE&XbPJGDJ&H zXM76tntJ;bk9kwLic@dqaN^)SiZChwFIaQ&mysI0fK~h?Amt;VoWf_gDx*-S%DX9; zaQlZ6R}EjTnr-kLep0gf0e|X~I?&W+<%h6)IVu+$ZbDeDwOovJ%ski=6ICww;TRy(?AZ!j>ioy|bM_6b7J>{!4|wRv9|XpJXy>sP())~|WnC~Gl~ zZzwUl(PD78Oou6EHebDXL$A_&v(bAgkPH6eF7(Wv14#J!qRiAu&rJ?dY{z*NJb7Vn zmut&+$80zgiuQmBIy87(8M$1m$Nw@D6g)1}W*1`bkO0_&mdA2moe+ZQfVwto*6*Ds zAXB_fN$HK$wa3B-BHiYz+$(MDQp>AtznfG%NDt|;{v(2JMPXwsLE#MlkKB)HLLYwh z-R?bt<+1zo?ncgALL-`dMiq|sCX@Q_g*Uq(nifx;)FwVK`nBRyY)u~?fY;?2M0+1_ z3Jm*%p9rG$>MR&Oxeo(=y|PacfvzY2q4}BURns)%@x+xxDv03f7f#XY?fqPRLysi4 zyNyH8;Gm$M1)Hp~)b%QFWK~m60r9n|Yhc+4RJ6n_UdPuM)+Q_KY

A=5P7o4tXv zHDq=<;zb4`D$#1^5?}dC&aJy7pH!v!oia?tAyn26p5vRGq{wGa0IJViqvUQo9u0ux zpU(QYWA>hJjH0FG%8BFU&s{R?XW*6JPM-BW^y)|9yGk0H`e|9q%g7N9y=TbPEXT713)02K=%iXpf=Yaw;sudwrkHdoh9yTP+g3UbU*V97&VC=U#b@ zEb#F?k^3PYBsGtb`x7e3Ej^Ulm52B~K4f--t{GV`>X^6Ne3>RrP>(W1NKc0)CGKb& zx@*?S7}!hKoz?zd6OCaHjGL{}D5!DM0GVTS|9W_DlZ0hr3?!UOS425Q<4g zBoy!&8sA5qxpn!!x%HRC6PIzc;RElvB`&g0t?1x-<%}(#qnW0utK_C+HwJy&>Bv~D ziAkxvNI%XojrEbKO*HS?X79Cz8pr>Fd+NB7ALO~ii<&p4?#?Ff z!YWN^z0-z8f+5ejy`Q^*Y-UO~5tW?=;DRCxYII))C>@cIAh5H>IB7)~q> z7q{gGDT*xa#(_?>CwM4zl^4rogb>_5QV%0gUAdP{nFUF!tu$f9B8$X3(|V{U*d- zm^J^g0VvEaGYz7rQ}#@53?RhJNkj>)63~qFH#)e&^CCQEV~dsch}_9iC(Y#2OA+Rf z`g7qr8&gY6MTV?)y|_w38Oak%&l-Z};H5KoD^wP|Kd7hMuw@R?Cj;fjaMF$pXBgaW zPh0V-9$YyRsQ@`ZbzW1oSWlMc%!oWMWqN;c+GxcF&tkdo0TyFF?wY#UIG2ZQdBW6`pIePTS<ss^*fM6N{#LIA~C=>s=K^$h!nEkY7xO6(C%ZtLG zVyROSl~2uBjTlBH0VCo=lUnQ2f0^??E6TP|I*A@O>>(=;OUAB_9Uv0TD3KTF9hwyP zMaLLsObK-g zMsFQ*ENlw-9$SFu)?M0_?mutAEPWgd^H?C|4#t{W*HOkCzZXg%qOl)@JSL%;aDR&m zr)-hG^C-HjdWT-2uzFgAOB0V-eWizy`d75bMF7jLFN$v%dPP?AqRHxk)2w?_j(TS# zmaY#e;IcdNB*{V~|Bw&*wTM~V+F9-cFxq!AA{2PkST7gUcQh5PiI5s;ZER{-3wrh_ z8;B;c=>opRGk)lzp%126E)64n>nFLpb6==E?$o&Ed&G`Qy_~+GH$IFf4ZujfahUV) zyH`E*k1Bxf1$_E&W3*resFhX`pmr_T8wc55kj`GE+@}HHt$_t?r^TrmAbPhZZ&F`{ z67}YWfMD6NLaaQH18(+l3C)g#Q@LPT&SAe?-jYT>Ycgy9I8fd2Fc8Qm>S1S-^9N)4 zK+7bIIeyief%dag7}4`$rU_#b5|Wuocx9R$!@1``bNBtQ;}am$+^`3_9Q#ZIH3oB5 z@Y5rVa=gg35RcN4A4sd*{_nYq7#SIXKv1))UXn73w%jSK+1vO?0GORO3h`=EF-msZ zK^_f?WHcOHse2Z0-)^^^`qdN%iwFIm7JFE8Kh~#_r zOb)U@TAapACTR2BabwJ3_w|j;PNLM$>*4MgArRbvC=sZZw|5lDY|H}1FmSC|j%dS7 zB~hu*QGExKz!xqJ3Npih}lXin!a*_w$(0+0AQ!AN9=G;|zc7|Ta6)KI9 zl_QruDlE_}s%zNIrD!6*r_pkW@XB4*?-<;XAr8i;@~&l79dRPL6rZ=JP!04%`pmPr ze(o6uth1XC5PV{G6GhvluXZwef6;FTpyg3Tn4_EM7d}Edb7OfMM1dq*yB`G|dS|Y3 z%$S#UBb^H-Th3Vo5N;fA#}ycCzeCIuj~oJW+a9Gkqoz0V4lHX|Q0 z>BZb8NHyB3pu^s%rG!>Fe5Z{l!6N1$AbC`Dd+x8cXK5*}GWAdru7;RcJ3LUlU<|3) zdpMkLD7vg=IcRQeBWw5ovK)THaH-V#!e;6Fht$Yg_y<+y?bCJr4R`){`Hhg#=ykEC zv3KuWA)Cj%u1)dBqwe>a{q~!97UXnZwHfnvJeq`zOY0@Nx(pGT9wzk-p6Dj!+~2}< z2{VdcZZg_`kky}P-l_8CQ{V+)5KE=n5SWmhl3;i&Lm;SGw#vKV+Q;C|k{l&7Jv~F1 zLo3uLlm$tNec$9uVcTFNcak!`=dt=dbKolXZ3d`?QJAU2fRz>ng-L;7Lp;4uDvUfS zU7fZv3mETRKEDsENb_CJGs6Wz2j92vhDc&nIy_Q(VV)M78Tr3(tYzpCPh6$id{{S6 zD#{J-FTEmL!#Lj2;2o#a@ADXd_M1q{&ER11$u#y|A;pc;+eh;8di!av!=w;LAC&8DAF1;nb+$M6U6A)lR zchTh4QAX(XmWw_X3n}d)c^rSM>Kfut!mrB9&;V7Aw^nJXZ;EAd(=HJ|A~E@+zM&LP z_Pu*{Il$QATY2>lwfuAkc4H|yin`sdLwMv$4@3n(T0TQXm_+?qIC`Ur53sAm@@8%C zPw!)xPI=tE-GByNXD!DZ6<;Th>iq>9W$W)xMCA686f<&-P3H>vV;=wLr-nP5+iHd8 zz(zm3?<~xL-S`TpC7RCJu+8ra2%F=rx%Yv!1YA)9k&|_D9s`db#mpYkKwCOlUUYx@J#mga0}d(j+D~fCyz{N7a%^KmEI#rn^~xKbho1Bmzf-7P?4BheMulOgsU$9E$>08!C(I=Wwi)aRN0 zkilj_C3L?sc)q<>&T8Pw3p%L*qySizL4oJ_H8ELn4}hYh8{i1L#8s?{fQi)>fste7 z)HW6y0XUDoAGBgmgt!+0MENJkPEz{UI{55cN9$}d*!T+3+F+&k7$7CHKqSpuB&1$w z@{s4*n=e?PH8k{~eD6TdYjZGUbNmC>Cp=l;P;`{5Z+(KSoj&TZ|2t{G8!~{=s4KYQ znfTN*27DUvde0cU;<_o(Tk5&WF^iol8c{Lotx;w`aU>fkC98pfrr$e(ykI-0<3G>E ziH-2MX+!Nph04!1EkKcYq8VQ8hpZ?#qpaEVM1n*CI1(t0u5sXo$McIIQvpn?yBY7Hlv}_##D6B|f!pJS->4nH|ndDdX_Y*5$Rtf20%A_xEIoo2Q$HpNqk<+sh6MjYg zoTe*^HM#(2!|H>IPK%9;(=fvh)?eX_acltNUe`!59R2a~x$po2v_c4bNo-7>a#u1) zxd_f$7))=dtQ#AD7on>>|8wX6rXjv# z%T2h5o%HwHMx1}O<->i^-nQngJA2H1wKcVAWkOp5xDZ9+wf z4t6)FNrcW(()+Ysz+v4JFr*yIlr$q?=2!)|u2$cAy*M9z2nxjig!gbY z5}(h(*G<1jGVU6i;{4c+HJTas%}R%4OmX^-@Z^E|gIur3_N|a#Zu=bJeNNyI6iLTZ zPO1XYhUT)~7r@`=Zh7MZ&p%-}1@Po?jg7J{hnu=dB1mNRx(V}Nq~(9)o^m6#PMyl6T@mm%ZKb}ac_YiX*6LA=NtC$H&be<~VOAm>8X42=6dcd?bh7kbRy|}2 z-wGTu?5t)TT?`c}%|N~qTFuOIop5^X;3}rr}J zwH(RrNU8{R$3_OsXRU7lYvywm0?=WV1MCkOqM2dlycI($duS{hK z72>(V5-+*R5D$(GV>(C_CNN4~*n}l8e>e}IdPSeP1@m*e`DZd8=Pk0;r|URGXs8sL z4^m}luT>h?pK_?w-FY3NBd!H(LDkGOr(b^w0k&2lNtcj=1_0TQ%6i6GfopQ(a@Tah zVfP?~Rm?}`!3ZuJyjDT2K$>bm8nlTLuX4L(lX5B~a3-`X#GfFLKEF1fe{fi6Tn8le zF~#!FgcfVp0m*Q)Rr{I4_=lL>1SS{_d@an^{2r&dSx-LG6Ut{*q8p7qakupr%aagg z4T*xXJeE`Lt|nmpwm94QeCbeyPh#rvMBUd=JXxLA#E_pmU_ZX}O>GNj%?wACi>n1N zDXI2xu~6+7jT&NklN`e=6MQM&H792m?z=av#ZCDSvUO2|3?SpyTofC8`VVTr70?VR zjsci&EHwtnbF#DlD0a~KiEI!M35kHyQ}7z11R!EL$>+d1JqFX2QT=pR|56vJs;f8s zRUMS?T=*3Q1Z?n?8$fR{Rox`*0hI0mq)7nbFWxf(KUKu&4!{E)1N6PRfgE>8hfnh# z_jCSiKl2=evj4Cjvwg_UCZzd!83ES``N5f{M?_@nd?$}d zBJF=60X;h_4fnGxU@i^${ruUpBe{8Vp!6ZZ+Mh()HP1UEQ_DfPa}WGB6JygPnRJp% ze%cTozA1j)g9k%*xmENG$J78S=#`>!PlVrOwR>`ku=jm?ioaE5f2_b2Si$Hip{v&~ z-v;p2@}1{@Ie5l*_Va;ttu&_3yBY8&Ys+Q083g9M-? z|L}q}g5_@tjEBEN0`|tehKWN3-$Ie|U{`<22=Dz-?ANk*> z8~*p{hI9X4c)H={N+TQZnCbtE7d)P20i^yTtHb@D{=xeFo`M0c3YgtgHDma@ZT-J7 z3IVu&cxtDv<~WW3+K*S!lHq^z?gIW6TCHx`NY@5vMIc(ru*J;Kd z99YG_<1DVT+frC4&Zxb0u?r8M54QJUvB}k{j;DpkHN=~d(RKSldjCqw-h+NutK*f% ztz_Vx5W$%2X)q^;4PIw|yD0^jf#3f_20QR!L)H7ht1Z9(p+A4a|Ni3tJ?j4| zZvQJ>|4)?h|EKB%nLAXmNul&?-Zc}u53v=K+~`f*8Jn@Tbu`N5D=GdMN@-_nUUiGC zZ18(@*+Ex9+sD8Vj$v1>f5^XA$u z`o$P)8uz6i_qc@cnlEPA6-`^cpkedk&2skZu{S8~Az-I;4pe+0MNQZdQ5Y6nf6hWq z`5pfQS~{x)sqKr|QXK=CGUn}++E?0EQ}yQxf7^Hi4=>-_mvNdUjag{yWc*k= zC-pIWC+I-%^=wD6QKk#$@H^~sW1@tepV7|y_pG)qgg!bMmL~4uOzOZJ0DaRF6Era_ z;>Nk!eCP0+IG^e3Qveh{Ve_pa2ZtId>A&p<_C?Q~3nyt@N{~c9KV8dzO(|S4#)cF! z#Z372R_W8-vvydg+gljD0n!`@R}7M}_|L7Rj*R4&JU%JAa`Rc;S=S^yPK#Exj)I@> zw=bfUo&?AaCzO=pxcgF%O@ewq?yb?6V{<9BiJ3KN2$On^<`qpBwUz zklhsx04Pi4%ojJyF(QD^Gzeqh(=t}b8~ZZ#drJQ zB%@x!iyALl06e#OoTk?6Pk|fkrXtI~Z!F?{e=MWjO47x6W_O5`l0WOQip7~Eevhcu z*>7Q_*;&}H+c_yji9506-7E!P{Etc`{zoNT&Igm}^L79|$^VCkPYfLXmtMtD?#Nn9 zFiBGHg3@A-gXh}8J(>!HZRnGdzBRs487h?tYy56ylbJ8|)*tAe9TLW{C`ER3Oj@Ab zuiPAHz#knQ<#n8~RW&vqZ=i7Y`0cwNASVRG{~L=jb~9!tFONm*i#-*H7OkWsd1&N{ zY@g0gmQzW6z-^R@(h_1CoxjL|!xtbZFh5N^`EbuQKO!Q6*JfzX!bgDO<}>2|NFT8} z?}gu9L8$@h*#RIiScqqv%y90%R*)P{a|1DLmi(_3q=~S?Qz|l&qt=}WPeNK=1wZ8V z(NUTVOBFe&l9!~yC%mVgk!dPlSUok-m6D=+^}o8&zeE`UOY%~9S<;TnnKcG4#7M84yD&aR?mrjsf>r4qeMCe>_u{I?78Aq|IQYT& zi~HRFNAl}7J32ZN`PWeQo8A#$S#=0F7&oq|$(uX>{^ZfoGZ>#pf>!@`LoMGDai_oubI~%Sk`4PZSz>#(4Cl{4_^cIyx!RI z7Gwmk$0Y*5Y%e?PiwURR=&~(aX0xVI?NBAw!Wp&=W00R1qxa!xIX%lOsUt#;TXldMcHCu;Uit&s(D_IZv!8Si`U&! zI^Yx^Zs;&9c8uX59IHMpPPaN-Y%#@6~U zu`bOT@f*|zn3mg}MdBV_^w7BmbNShf$B~9w1ZuCAgVAZ-5+R#avYB!(D(Q~B>hJ_fO z&PU;DzQ{!Oz5vNFpblsxz!SGSwHEwkfKIOCJA9fv-1qFKDP}c2Y(X}CuED5#Lvon@pWdz= zxn*F()S}}WF}j#d5v9Azri}V@V`pMfrSitG`nhld@?#BvburSR4|BSwz7Ud!`@^yi z%nXt|Wj7A@Y&P!}G(Y(qj3;YctH9}cy=7JOs7sOfHwz6J+h?KLmnQxAbKye@VDnv4 z=U!8}w$mC|9X1tlVp~|%>H9QiQ zaa9r~2vQm4b1hj}r*7C)$=6(2 z5$tH|w@IvfCHtB4ZO|8^fM!;KoFv@abFG*WraOeSO9$=r~b9M`Uu9M&zX1=T++uOxO38h1#L4%3nPd zR#do<3BLEU>h_l9+^Je7EnCalw;C8zujQ}H)kBj@#6@x~j&_?_jUp57FS?~UvzI)h zPhRpcTgcAmMa2m%M0C`ZEhn0y>Vhv9vqi2 bu|G}|xTbxr)?B4?W_$xX5s)178K z%}$R6M8!2pM8QYCtRAcEggj{wN43V?t^#k|%N@J+r|j;HQEYd4cgi~Vcx8ylBO?U$ zyaZyQ7K|A& zuj_&^?qM55!uZ<$_9he-e<@k<) z;+H}pgni6$Kh*K{9``B4?;SUzi-|pKR?tBi)x+1{UZAdz?Hd~z`G$_YoG4(YrPzms zDvb+U_07;EK|02Ct)%nPtA;T3u7-G7q5=$IznzY`aRC8HokCR2p#~na;l%Ky%qP!u zRM;u4oI|f>~uridw5*puy4X< zZ&aay`TVtJuMWxGYW@(n@S!`J0m8_rn$FF-J%wcR4GzUpq-;Tl3O5D>ho_zkzb<^d zT9!cB@45B_{f+Vw2^rf5r;hZkRi3<&^x|!HUr^kI$0UoxXnoy*Z=a!JG`RYWwV`FO zcn}~znVjWwGGR(xW4efdbm%^xxAk3F>ld!#84Gw@0k58?^xO|T)?kn)l zc0HY+Ag6ASbl*knqDlbY+z8zucJ?^*zRMwpgeloqs4D0%&!%tVw#GQXycGk6V1yvu z-T?%W6yzD-{8VWtBdqTJk32F?5|{lXCTj;NHEzaOzxllnpGFi}3!&df^?TH-kVt1s zJwoSPX{kM7!bM7A>X!Bnu^dj-I6o#kNq(%~0c@ckca+fBG?O@#S`WP8wOPix5Ubw* z#dE_RySLIGWsEs_QM&=-gu!w;nfNT-=po<6Ma5c-FFwkC)4?iHrjp&ogiP?*-_uAe(B-JX^?5DGg-o8xvRN^#~yiM*1<>a?bVj912t~{>qV=%u3Whz(0 zX=v^8J35i3V22urHa&RY9Ium!-Q0SLaXM2C!cW_8)g0!jk#dR|4$EUBG=I7>E#bej znibWapNGk=?H`AoEKLB95`<0*&3L&Qcn!95CS~9ckpNKvQKkbqLPcpq1M0@P!=$-(=K19db zac5lOEgv#XJRG;A%-F##kn+IJQ8ATQ6hvDl4Y_3Zp?AFdJkPs#@AlSdY9vN@!K%WJ zK3{MbE^O1=h3l3LTvwoI@sc2=p~n<#h?0q9Q)CZxhHr`t4FN*z)+jA?tH{`A0p2dv zPSLN@z3e7q%hiz0)0QAvu6g*(b>q!-GkHxh5{0!HQU_K)zs`y0ryuSXJyTm{Z)9EM zYi`spe5*ON8i^+>VuW^5xaGgIyy?AzG&VLa{P=cxzz_WKipz7Vi4P1K5`?OW=yI=; zulH)s>Ns~s9F&JA5;f_+ex!0+QM+goZfw_ENb>cxuw1Hprytd>0vt<7<%3b+wfV(2 z+|~UP*cIr^PTr%BvC;7{%3>@f ze?)^~z1M(gL-E*j#y*v9E6EDzX7h9(%E#vkCB2{f*7%*W+pfv$T*%GpQc-FyzDnanHJgakN?dDAmuL=2FPF#_?pjs|7b2$ zE{KVVdlmxnJJ`k?=F7M$b?U`a(V!-UEZ>C$&)#p5?KpzkbpTx=hQhgV<`(8aIRxzyZcq69QKly`>&(%c3jQQm4MOLmhfBmqGX zPa{c>S(jcKiApX;zva>6UdGMI!lMOfzjAL#vH`gkvm=I<0SM}4hP*O}XA zO4Hb6uTi6InLso9c8qQN$Vs?8)XJRSDco&Gdd^TrN$zOCtCwjDI*%eBd{lZI3N!Gt zI6VMqFJbcEwFji5HO^`_@|wIuGMEI+QfMQ0?@Fb*%I1|<@~La4IBp9~HbJ;`;AsF( z0f#^=bl@t%Y3k6m1C?Y!@n*~{Md&C0rb8bn*aTp5iMvhI7Dz5}4Tixmg?)Ot7=`vw zq(SULrEmGG3L`!l3*Qu+c3bqq2C+HIP^H`@lgT#e4h4mvo)Xa5AjBn)nj&`r%BWy@J!iX8H`roTMG(^G!>^w{ zK*cgq_DUr5-Z?M(G$E@QV!&(gcDZ7SDtYN>eTOy8UOn|&qicWP78HfZ95UxxtHW`%#QxMkhXvKB&QN+^Xu5EZiG?&^`BI*7Hl+Ws@1-u?IWP53ktkdGs&}GVVok z#;=>5S@~E5g7!#kOwII`W~L4_A};<*p#ff2}jPI4|saoklV zsCJ|8u(LPrEfLRCnJZaxmtLpSSNj@4GM$EWU6N z`uKfR*{nAOn~lfM$&l1$XDH}ZPkU7zkNFiL_|vBt)5SOoXa?07%yTF=7KP-h!L2yM zDCO5o*!e^LKRf_-yyK}(cv1-qh`! zHI?ApC=6V+tZ#~97yH@IhFSCDgxQ`_7`iu2JkL6gw*PpLEjlti{(8?{LS402H-m_u zCQLiR`1}qwNOyCkHD6T%ED$A-1BJ5D_@ajyxg7Spqa{q5mlWuegA~Vf^DNTN?EjSq z>t9N!RfI4HJsE4dMhSG{^=1g ztt_-y+6qe&a@W#bnh(KI^I7(VmjMO1f)WX?DJap?s8NOue45$JRhqvBA^){vYcdaX z)k%-m%HU^m3+?mXIktdymu%1G(Nh=L&mIOGv^RanUTG2Dd7r!(z-s)}X6nKpRGkGC zc(NpSz-yg2`#PrNh%n|uh<1pKgn)$)J*qqY=3v@%5koqz#S)cxhsb!TC8ngJRc43TlcaP%>ND z0XK_ibdg146l#3$`8xw~dz=6I$07AjC33}3faeR*hPrts~!`k)570K)5Dn3JS_9hh4aH?VBkm1h*wuz7xN@hrp`}UQ^9)JXHZ+=z0SOj zr|c1T599RLY=JZoHeD>*X(fSqy+ClBPtqpTjG8?iV8RYuSj<9$?;3MMo{(>+`*rm1 z<_>i+~Jdd!~Xhr=)(`g<7h#J$F+o9w>O{ z+`D0OL)hA+uvWTz+hGmGCA>|o+a4YeWVm}IY2;#ax@SDTykU$TqBcve!Ev*Z@q^c6 znEGYz=7^>_E#&X)^Yt$)!GzJ_W&)uj-)CH77AF>A=|{-Q#Y5+T70Kk11Yhs7ta2fY z+af(iAyiZDGJ5D!*})j6<`cmBcQW|8F&0}x3x`l!6-P$8CQI?};iPg z3057i+{caXy*`s(ba}(#Sy?kxEhtFC#`H-%kPdl@?MkPlX$Hx6=T&@fkr1sGGcocx ztpjns!l<0s!7Bl>Qs5$m~(wnuf zgB({sUO-Jf}>Q=ZB7DtQ0d7tBp4jQYWIWX_INuPOJ(fK`c~yBrIl;H zFMF-7#rrG5lbQ-e%5RYiHrfShn#b(0dtQ9F{|Jxy{3Eqz*%%irg6S0ufqjl%E}!m% zIEGAsk%JcK1ozJO_%v&$6s!_(&S7h&mP9cWN|*(m92Z}NIEWP9?7pzFk(2pCI_{Or zx$sJvkCDzRhMbvMF)F7vrL_Ph>xVqHs^LOg&V~Oxc0$yo2&#zde4$faW zi!qL;DWUz-0PiZOgJ`29xr7OrOI^qTeD*lhbFf5oQ@hwyb){jxBYE+27+0UCBBbfrJ2`tw(?NG0q#q0qPxq7zB*05*ch`@hppYA+NSpM1-6`;% zQaQ<;WT2g{&{8-6D}y!KzM<6nxb0a`#KQ!C8KaAOUx10m_^)YHZ2qSS4a zU_f(_B_aWa3E#xr`akh<*yQ0xTfjEL&G}WRxhSbg_C1RHsYiO35i1O3-SKwUI}?gG z_nNwQdrzhUc0$Z0Q%bl2DGPztif{S2J@pH(sIa9l7tI%RUcu$I*+3h`nJWGOtV;hp zNV`V)YooHyApcD@$ne1o0C#ml@I|<-YIshcBL#H@oC{DRk_PI>~vc- z-9ewwMxIRsoh~(*yF&qItg`3&$oOrHTj!93e{`hoNelKY%^A5wd)-)MlMc1kQ4Bos zeG*9VqZ+dXoy$D_nk3oZiNr*Un{P*LQjQyWnxAeRC46%Tp$D66mO`d8q~L>J6@Y!W z5J*rqY?hmcsFpN}2sFEY<843O>k}8X1)4NWxJDK()G&^{n%j0sTvszl<2*BG7|A0y zs+PM&BLmGRo$vdaKJ3jpwJJH!gK%${EOjrOWy!mxolwX6s$mqUs)k~|t1?dU*rub&8&QM1lC=13CqZ22xM38QLizG+MNjhZ?G`HLkY z)M!-sy*po!Kyl9tN*h!US}@YE#(>Xwo5SB37sK88gu05}7hx#)3gbD=!=!(5zrxuO zymdi)Nr_F->2w92T9QD-)7*HZRfg8Gi{GN^ZxUmU6h==qIy6LRhk=meyJQDBaeqXj zdJfA*eaxpe69lnIK@5Em(almopoaV(g#>yIeMcH2u0*M%#UB~C%*eg3&RrzHQCmKY zd$B=&dGZ0dODyBP^Sq1@M_aL-(@L+od~LG@*P={+&T$3`1bXwZeLjq$MV?YcZ7F8x zjyM>zwrzZMEhQ&2k$+j86~_tUre=9!8r_W@zP9>gK6J1(B$lzh^`uJ|Dg&`I$!Ybs znBaMD`YfDrjMl&g`f=-$akjZ9RZA_hT69r+#pq4?i8&KS-bi!qh#JR+;3AXa;PB^# zVo#5EwVRV9vn4HiR)sMktnF-)!pw}mjY~)S<1459qKrrFE+ouRht9qb`(_f$%&d^|6m=bhRT_93A(b9&1X06%4 zdr2~MMdaj5NvABG!?PJj*xS#yRKzigz@ut>ygNIci*R2iYrb!%h*L2li_A=mx{D?p z3Wl95zYVP51j07T-6yO0cpWc*!pS>srmKAE$tlJtmUNt={r9g?+*Q(0;7fG|uBT%@ z#i3*li0!w5thT?=b5R*dyV4WZ+IOnmlPDmx4V#;03O6NlNBIET9&&2$u!{(dxx9Yt zaB?JpRRiNZIT5GW9ggfW#PqF*WTq5)D=fkgRi;2d74#Z|hV{3VU_C$~SW)bebPBdp zbobCDGivDG4e_fj@|sd=0&gl)Qf}DC>c(>AKkXQV)k~y-O?}`q64}uw1ydGgEXqEd z&AwX^?XB5ex7awMN!LXM}^XyuE63|FKp3)uv)~N?PC!eZ& z5ItOe?+=>?_ef3bhr>oWcb~+1=l|IT79A7JVpRq=_8ty70%igzd)F+m8;jp3S1Bz0 zJn*5QC_=;ZHfPSK*Ff2LXd(>vedYK_U_5VBcwOH(Y`Fhex49Wvy&cL8*~tJmv2z=e znVi)Fy?Jgj@M%g~nyJT{DGDEsJHm!%XWH_!<>Esfvc{xBr{eQ9d zmSI(P>l!HCU6YUor9lA!=`QK+Qb0mLx;vynKtj5^yC$8|AuTQ4UFXH`TWha%o$IWH z`|sJmxTeB8-Z{n-_j5lnj(en;!aVN_sV!>QAVZZcsTRIIhV{BL6vX^0)0}$~*hZI! z2L9uWr|z>=TSvZ1!!#aZ5q#T0KTJE$Kn=rV4oLb8#c6j>WQqj5z!^ZL7@p+>C8Z06 z*U>CMhZ4`!HV?ZTW#1-lS6ZPgQM%JRcC@!Tx6(rZ{w?ZRNyA=W-OueQtJnO%q>5GE zgJ(+{>9-$%lt1geop||idm{%CNPPFEgu)0Ar-`fV)LT~Fl-Km6U+EaLf|32-?`t8i z?C`hd{CHRxwg4Td15KpdDxngwlt=^4;+`yGD8&ODN?t$fkU!Gxs}YVkZB=uu4roYZ zm3?!*+%NC`g^QfzOdUM7dM*O7Iu)1_LHckt`rrQ!iqW6*_S-%x%cHNeh%npL{cz@5P@k>9Uozvhue>R1+7oT zTPdWri(xM}i?3c9>>gg;!oLntmdVWhYD2k`kzR5}QpNA-sMadc1K9Pb*@s(C&(E!T z3)cxUmW_K2N{-TQ*zNUH6WT z+R&Srr!-uJ%)&)sDFDp$v5~is?06>*iDIXOl|1~-aZq0VhvMGDTz)+~wTIQEE3Wgq zAL53kyh}^jCui>DfSy5+T3(skUT7?n-{YmpPjxkpDNj@GUCt`!oSDkPQ}I#sDb# z+Lg*&ZH@Uw$IUaNOQf@-6vrYJl*wm~_cE6I7td#SH2?tl7(|N|cqypkad<_Yb6*7C ztfV^fCX-V5v+&)egc-%g5`KCxuW-Ewe<@var?oi#!jLxF(jdNAkD@2Wh64C=v;GtV z4L|0wK0vZ`-L}>_ujhKI6NdXeK9}Im*@oM^U3u|R zU*IZD@(9MN6sU`Mj{cdkt@ zkg=7!9xALC*{5p)>O5{Ul?;{fMx+NahNgl0P1t&t^lo$Abn|_B0?)4nLP;t=Jyt(z zyKJo=wa0)?T29A^fh5W|ATyidz7al5Uz)YY%U>t{()7sCAtK^_=qR5{?|kXNsC*f2 zN4%otp)GKwpI)nAGi&H%=*~F_EImN7a05)xY)%P(x>Ucx#sL3%n+=+6;Pxsnlg5vB zAHP0-L4w`UU0Ppe5HdNf2ZfLL{(Sz*X6n5o$QOA%O_2KZ1Y( z;#Xt7mrD=rvd(oGb|aIu`~;hK&DF2OKP=@gHQH$39>l@70kZkwZ9&OlvaMCG}| zIa*jMMgI`gX$$AFCYFt?rA4d@{-aL@te$eQ?9uj`iYj4NcgGEG&3DpB4LnIR)UDKr z`dLUs{LQB&88$boxqEi=U(jc1yG!2`Rqnr^Qe`cB(;bl?QQ-g0U}Y{A67SW!&kcZ- zjkU=>jLNMpi<5khND_j1q#2TI832wF?qM&uaJ8cKwzzKT=HdtM`I6Prii4Uez(s@* zrnZ9uNj*%9>e`Vk1Au!B!;Tu4^u}_E@46o;?8W8|hpvrB`=|nzfOi7eww2B=9zUMD zDe@f7(WhRo^{l!dEENA}%KL2*CmBTI3$zClSaUgB$6^5*P7%exP7Q*R_#tZd#6k1C zo}OWebA`VA$~b8)$+Kx~>~gcUgwf9a`aVJK0CX_p{#Ev-p;F<0n>=?AhgfAMy>=S3 z`nF)O4-G%v6ZtaJsEd6%h}~h1R?MpUy>hD#Z+gd1YKvb$VU9=)ox%Loub8^ynip?) zPE+ZWEvlw^FGtRIHqeJ_U)){k?S}(N6ecUaO(NIMUznEAgwu;B7PnW|4_)T0vx@_# zWe+BcwUVl+86|h*lq!{VFAGl(8$EfIi=3hg#CMyn2sI`{%Dd>$4;C%7pOqgp&hDlT zog@LYNn^zhEyGs&gD+p527r^r6=8#_-0q>1x>DwHlnnOcBroym}!=hd2CP8YKhm*sVGePKLLd=EgnRyoE#MF1uxSuV0#u zq{*Utj(@N1#?>HOi*>*aR`d@<_q_CV7WE$^Zato~>KaV2>O`VP2}@127yF>rq6_eo z=kb{p{m-yxLnSvQCn+A&EU))Iv~0O)S+smeIu}i5{{GN(;`#O9B(?+XvtzSuq1zq* zLp}BHs=I3tIu}a~FnZ#35AW96c{9O7P33s_T#sPtgN4l!PCMtO+9v2ihM3-D z@{PmH`yPBg3-#OWdF11Az3))W2S3b0-0nCw?_PgwS+8-s3oU98CtUK-m~dl$*io^$ z($gwf&kCl_m+Bo!N1a((+^Bmbf`aKw!#|AY)N)z8TJU^`=yKU98P9RoumoZkdW|0H zCkI5uP`r5HA1-q`TEnx*=8tu^%-^baa(97@_4M%69p#M{M5ZzeFPI-F!ID59iy&ra zgHvWMG8WiMS)Wz{8_g2gR={6wipb!_Nw#@6Bzmtq(rhIF6>hHsw@vd7ZoLnp(=An( zzTK%d-EYj}bEds1omHql{W`jFDP0legF_qo(o;|=i>xCEcRRxj6I&}X%-wS1+pgwD z=OIJUt502RGkhU@t_5N**}2s$H+YKDYsQJk+>A|Bgx?^y*)?<+vgMe+HHfz(-L4ps zNOaswgAB3p+b4SSJ2F;PI``b+77-9sGO)5_zvF2=g;B8i_-wI-$#7K_RFH6O%>!Z(On>^ zvjX_)TsggnK5Pjf!sUa1dLm;6sC8#>U1drZgvgYB`yL)qKPG!rP`~`|wwB{qj%%~C z5R=p-oQKOz_Lt_WMm(24JL)A16c6vdgzwo-lH%=gZDf3^PhU$1recggu2WSh5sd=~5W*(^JThqLF zH0L{*LFN`_{BKgeOhnZa8t(nsRV{up!Uis+)7w6MhwZGWw_ctHkyD#X%z_N#g73-=+RP z-gWj~F5=BGEXpqMxExP#9c_GrU2szlq#WUg`3G#(Ejkp{AS8yN6VmUEBnP@Yegwyd zNItP()CtEshRhSGH(=0K`+&}h(-+8HgrHIf1M3=*B-<@qSE9Lc7A`-j;n=tu3H1;`;c^5zDhyUNmA&=;KU&)Uk6A6uImzfU)_(EeLsmvr?1SO=Y5ysO4#()#>Gmr zR_)j27m4Pzua!q;Cpb2`3RxEm(g+fey!)~6M_FjZ&5g0~?VJbYfpjI&!uBdEZU)UVbS1~4H*@iH25(c@`8S5l&6eIL z3AEzyl1kT;CC2el%J=6{Z4@o*#6@V21VB+7{Y<^|I1NunSfLkKOSOCN38I8^UpPeCwIlbTo(c_Lt1x28)UOd&)iKpp4)v=xfn`d^<8Jf z+edlJuq$y^-BLo>g3axnMe{M8`*Ww!`?wr3vDNvU_%A9Q61XonIM~IN&W*@Nmj1^g z)%<0VT(rqxncz_HG3@QDXXJDyrl*m0PcL<>g`VC3r3%=l;y}hH|G~eQ9RYYiw9%*t z|3%>b`|14Smn{KCan|Jr#lJl7si|B9JHYY$63Fm=@*n(*2@0|0;Gg0C>isE&3N*_Vn$31IlYSNr6u)%%DrG z^o(j2KmV8{p6x+mW)64hcJ03R#j`X3xJ3D0P2Ic|%k<;WeM5_mBVBQBc8#%q>nrQ> ze|?Yt^7cTSB5%Lsi+%D!02$ryd=mNP!Ma*n$y7(*z`?@aoSLeh+ITH9c-K{x%%AzV z%m~k(;YzNy##nxMsAJ|&)D0$1B5gZeJe5HeOrzXF)0Dd@GTxElZ+XBN`;wEvH863P zXqk)I)ueUF@}UK_1eB+q@gTWdCE*S9wXMVpAyBfjv9kw~$whS|JsD5|oyLZ+1qBr^ z=3nsLYr8;kQ8V^4UtgVqH#2K$25Z4Lw^z4}U7K=w8Mmnpyu6h1ge?*#3@|K;mlTXp z_*}lAKk%~xUC7G3_opXaNcaj8hVO>`9L~RA`rm(wMLeygg1xlUtxuod%xtOI*n^M0 z%3k70O%?U@@S~%;hop=Giv&3!P^x~71ep2lk|{v+v8E)kggGW?d- z`Bl}Y7iPu-Uj=mb!0S6c+TRrsogm!vFL$-upk!oZEREF=jBpAJv&g!CUN^ipviP%A zas(!ohMQwlz^27cqZ9KJ`$U(>_Q?J2tgZKot*0!Ob4YM*NPK72zGIFpCw(xQ#Boc* zJs9Y*Y8${%^6i)2Xp_ui57ky`oxQ&JGcMQswFbRENs_)`Ke;^P@%S0)1twX)=*r4< z=E8{W7$%8xxRV@9f%xPGx;7k21PCjirp^w=FmqoKBireb;PQXS`wVOeo|33ENr>wwOiR)IOdrO z=%wnxITI#w8xRII9ITwaV2h{}P;@DJ=6HTr?!w`j^ef{~cMR7bLQMA#NH0~S0{4D)mf;4*p;bN|cmtM1J{?Nsi*9^k3XWV~$Z?1V zA9ZR(!>mIrlN%r2%}KhV=oLSQ3&N?2_t=Q&mdmnBa9c>xwdnPi#G3I42r*(i>GYeXwDW$+=h^Ew z(v?DtlJabu!5d#C_17;3v{mce9}-Fctd0~W4XO^X<`p|T`}#Nos$teoQ8PJyDE!z@ zpzpqa5So-(dl!Io6LmFjC`cFXmq-0cg{<_j^9mXB9Y&$QsAXrsM<)9~cU z!Z3P}l#GC(js`0Q4ca=Eszpu@nMi>G`TrDMZqEN8s0wN1v|aNja*3c^Cm;2(tQ@%XCnLZ81Wqeb=OYW;u_RCKc8?f_n z`2ytc6kMW(v|N~Pv+l*k{f^@fF@kAk%!W(P*$~a=~72G)?hCqgKHy}uHhtj{4iXTqHM5I3>SGa z?F{&#vOyR?R*qfDp~MQ@Mq}KC9n+!2^ju1diGRG9L;ecrjHOQY1`4N=M1SUgD2PF`_dOty|f7RV)R?YvF zeF746`FSh6Z612657_+IppH|BgQPARM zDfCrPng2L+Ep>yus=0K=+@CA>%kb(B_0xM8gi|f=bMg=<5hS%3CjZAyK9v@U8=!oq z;9c?`xCZ$vD3x&&w%4u6Wv0oN(iva}L48DC~I

%`CbZnZp+QtP~Gj%{Fvfe_2AS1)%5PdRR0DcW>AELA3|xt@bohV zU>uAl9RM}HnCbR*o`T$AnDLIeMn!=~dQgo_OiXM|)>z5S0mxL7`E>XZ&X6`A_sT|O zM*YDKJT5Y;3=T4t)Ql;-9nrfX0^rh=4lB{4DE_kd7K+Tc6Pc}LRxcwXjTXX(!r!a5 z_#+b<{^)aCSeHnW@})q$VtXQw&$Wf}55`NDX#(2E5OlI^{Lh3Qnw(FLU*od8QJQ#q zwGjXUdAy6D#EfjE7eY3Q?nPDDOde)iK-;=iR?HU6{C9LZ%8T$5p^xzUGmw0Uby6Gr z{0Ey;W&sNvKou2>=J3RDjY^{_Pz?L1p!%aw(nMfjh+;VG$!4Kfxv3fD6ZQ7D#l)qI zR001b*lvJekCN8-Gtq6Zno|6=HNfzdtd}1?n3?r2jXP)#d&01M!e)M|VE`8JZlM}c zgv@0A?nJvmXIGBn;1Ed<5>p`0c*zu_GKjInW5dMnozu_5>5>3i zN*hMNq0_=yoRe#+S`po*Uyub_`S!a0Og;ks!ekX&J9Pt$?qzz18S~#Kej8e8%HJ{H z94Wm&gVYUB4Mpn~bz#B{007;g*MFo&u>X{BFNLi;RNoyst-0OD6H6OL#%ag(zc>d` z0Z;Axlc(xmVLW1yz*5od5I(n)w~w~XT|Nz?iKeNx6$Uc&oZ^on@qs`9YGjtzXYY&J zsy_TC#(v|f*;-JIYl~iX$ogu>CLQq3BOq9$wvcw$8*>^ESYppVb;BYTkV0|Wsn;&2 zdFO#;GJk>wsape7c6@p$2gss0V6;zX$}IZ#T9mAOwIb1vRUIC=d-ev>oOD)&m> zTKwXh|Cj}U%|`t+pXj3UvtG>vxaCqN#5E-m^KnjJPBRxXkVJO1m;Eb6#t5}VF!I<1 z-yVPc!>m2HeC|1=VVJ@hZpS#FE`~YduP|eo=yn6*(SSF<4gv!Wn0Z4U3{TWNQ|3q? zP;349)#awU(wyVWV_yUSK7JU5MA;nf7v6cE4?!^nmxOfmFzxQ|?|)R-W!i0*Ro)e7 z+owR;-EZ&g+{eRhJewTeKS*h79NZn;9b#zovfjTrNuE0zOrC)qdPuP*?~HT;|4d)fZ^@wC2(r0kT4zMsh`0nN+AFf1c6Bg_4r?qPyZm44Bk*;)^E=d zIJU#wUi%>M_@`d>2x%sv>0z&gJECce$J70rVVuDNzA8#7Uo6yR+mVqEp0QK@wGuSs zv73Q_Am-Co{I|CZMPT5&gxR>^W9!eR`s?j)LttDu-+6_rj0Mb0P?NAg_{89uk+2l0 zd<1bg#52ajJ^#J3caSJVvu@f2GSVM@*Sf!pzpf4m_S;Xy2;ebxZ<$=&+~Ht?sSCJ#z+_^gQ*n|4tWw^Q6j!%eevJ>_!qA z>+xkNh#^lsymeV<{^Yd(=eq+>=!6j~LW5XBF7495dGXhtA_#%gtzY3Uy>iVfeGY6v zBow97Ax2K$oG6P_Fy`+)^0Gwi3?iAVftEk`UvB)ZEzHP`=qfGfq277i@AGe=72x&` z^F{J+0HJI^u412fVXj^I+*FiN$z&k!aU`1k{>DLGX9$rH9WD&{FaB53hN18eVGE@h zNVorM-@Kr_Nze$=jAE;hsA~q0j=c;F9;h11F#ajvg_vZJ0h98I;{U5}OV*C@Ys;Nj z7PcvZWhdSL?=`;(^z9-V=zirnh9cUK;L*1p2IZ6ht1d63l~D3}kLSvDWOVUa@BXkc zoy~e_xBCO~)jJ8&t$GXy3jJURM3%Rs>978GTfl|L8OjY`%I_BOEhJavx71T0dcQj| z@;T_uNN<=WL&sP65%2jnbfAB=>+|~zAIp&Y+bd|3p%njQZU@1icQ@9lcdjQJj8rm- zFpAl4Ve4%-eYPj}(% zK&w$f#b)+HAUc=*=;p$z&Ti|~GoD{B<|A_DQjspmftz$9nJhJX6WNiKi&b&yRB6y1 z92_(ovw>N5O`Z=VNO;jL5OgX92z=6bci5rbjrBl13hCP+cC(ngNI%|MTBR(%+p817 zbRk%BDI7OQ1v02OY~cLXck`$*$$rcDZy|oNp$y7{k*fRVw={Sk1NGMfM6{t45{Qqt zB(sI=y|K{oAq1sR_8~i%KJLmVhmPsDw7BYzt>t6jVB>N}CIL~yJS`R-Y}Z&12vdGy=J zlWr%o=i|Q?j79`Z^0aEh`&^cbS(+Ao54&lrHiV%?kHgI+ln zlXer#bmwZH z{Keddyyr&^g~Hdf@ja;>#z4j|kW=LIXK%R%qgsoH=rGcn$!t36}C zi*GttQ_UH&@*H9C8yAuBP$J`mKm-%^i#qRScXml+YDlr9*TwqZcGM-CM`Zm(yu5Ag z33xCX91rkj$7@V^s3E(XoNdz_iWBk9#KVNdykPLjS55Y&_&x7@NS9i*inVT^MUYU! ziEv=4Xj(#S(~Mz^RB{;ggfm{D5quyU73x6sKG@~G4r!LF_ERr6ykn(MZAoF)YdOs8 zqjwqaI8y*LitH1H)9J65%7wbvd>*&&KDAw*9Ee=lJl~Ngf6`7x0_Mz=^tUupz(5_@A;k$|3z|d94{dqv1_t<5!C8FBP+;_xe?DMgJ zt$X0})@{CN+hCkyV}w~ky$nwSWa*#!`v0wqN`UAY1f#|N_SO_=-V)4UC%}@#Fe%9% zg=eI%uSsH)TP^Znuo}NjAKIIPWN|*m5siW%^gLMFG-ola4S-nPnJ)Fpr3kD&+?(T= z*(wY9dg)cTSsy@_cE^KuG5ra-9 z$j~uq(npb}oS#8%N$0ZzcBMbpHY{k#f5pRo2~ZY~jzVd&y=eDjlX*9#i)~k~82jog z48E=LuwR4yjznC5u8MX5ihrS6spRp?<=uHwmy2!M0k!_JsmdT%7`cQg+lEh0ApNu; z_%1ok6iRa&an+&J;UZW60s5hT2?oaO~=#BGdsXPPvWmM28ng*P!N#XGt} z6b~?Tk{fzM$83Cni~j=8b~q%a`eofa#P@!YjZ3qXVLla`BaM`NHgODhKap{p{ z2sxl!Z_F?hA>j!7r%RONUf0Cu+ZZG_oV^b?GwKfYIp3QlRKp!()@|~$-7}zfwghMvIgXf=ZPg}vXdOY}m!8dTSEB6ZczL2~UPA-G+ za?DmgTHFKckbca}v~8=<j3o%+4JN+&`@6cn6b>(qAxi7M*mb2Y^Y z@X^{$pRGm9ry(}Ig|sDkeD+vPhNxmzZwg#5J_>1nV2)wZK?*=8qKgT62t3FeHR=wo zB-5yP=SA_HBxaEodwzjTr67jIe%5Ze%3`0u^dMy+vg4PCgeM07IDhr32bQeMD?T3hc%rK+!UCVdir#GCiDK8WXTLmef88?mcT>-tkgTZ3i%pKUO!ETFG>Y4+~kb3Vac(;+MY#{EDdiL)>q9{Nds$-(bu8Os#sC<`%xcS`N@K7hBi?Tz6| zs!K3?=Fhn~l;Q&*R>7p2z4vEs?vDNY@T%=MFBfG#fJr|vqtt5<0VV$vA=wNkF>Vqx1p z65VyB9f1)7jpt)Z+E;gL_OXk!G$R6Su}6)@7bSad-D0#%gAc;Ug#$ZOpYy#0xt#B! z-QAp_)-D=_ZpuNS7*QA`q0vLa>DkMjm)H~R7R@zcSjkNXNdrC}^I}n~Gd2o>@>hwN z2qYZR&D|}U`D_hoD8*3%Ws~3FPYqFq7tcZ_I=%fPFH_p9U5 z)VyBWPFcir+13>8+<3R?5)@rAq;T3`X};lBXt(JQLW%S&AOmy2ukgFxDKjzVE3>;%;n(LHP+u_ z-%LYoOWHj4ry9~Pg6&U7jL%WeQEpIzkLGM_Jlo>c%BwBusxSl?~a;6$}@estNVu2+5e zb5nTwY2x9K&~S-~0e!Ckqp>T|mzRPb$z^M7y3ntH@#@`h3TlQ}SbxY{-CCA55q@GH z#KnZ@X)nM%3dR;pI^*i7mG>YOyF$a4DSM^A=F&oBv2J>4q}^t+^{Q{=SNZ#^Po$EI zKtw?1>D?a9^EM5##a9?rqeU@bOgDkm_4!1xmUw;xS)$-kC}$cxW)m}y`iTaEPQx=E z*ZXgdjP)5{@#4X`0ciQ37%8y$(Op4U+Ft2uhnv)h=0J94lkroyZS2AuXE=@fbfC?qcpaKJ*t5X@bncu-!FoHQ<&!0_L{g~LL zI$9|E&_Vb(345kN+4~6^6*T{7l#ScgM{A!Uu{hjZ3tj9tQ@PVnj}(gV8k;Va8MxD^ z7R49fuL2HVzQ~C-K`p@T>bRYAy4-6TSg3ur+S~vLb}Q0rtmdGAlppI_roMO|5dz^| z?T0-CM6BmHJkW2GUU!THh`*__f(L9WPPFDZoD~QFA{9czNFTLsgk$?-A-kwI zHmoo9c?HmE09Xitvl0YdQfrmED5QFdKT1Bn^hIpcD_e4WW2Hdoc6L(Q>*S}w!#(s! zy|fw-PFrcWLfNczzRZ#lJw;%d@MAT!31Uy}0x|0f^(lU`V)BK1Bm9*qnap@Fez)EO z1~9#TnLSxAN?u#YlLG$+r`PJ?-xHCFfbhm)n_&WUg8$MDKkX|v%F$|1U<|Di!VxS< z3d@Hv9P*)uT&m~o6@S@oVrTZ{;DZ!f6FGuoz~47vz%sk05W%n)aE&3)VFY+TOqK`iAM>hdRxxE*&!;gnO^ZGHs z??l|kpq9cB*2=yKCgHh7+sEEEogr$fj6`6O!eK^3#v6oXE8sxW++_LK#Lb{dh5G}z zutEx>4FBQ^V4!GpGuVJ6q?lrrQ+X}f?azcdHS6IZU#El5CzC6hF!)O??!HDncLp%n zZ)lvq;cvcyo2~l5h>~tMTn3Id8C`mS;jD>v{lsZ|4MQcDGGCVULN0}6_!)E?QwuSb z;R-R%t9RcMyI5Z60)r@^VPNK$C70h=Ek4WBk-m2eh=a&9>Oo_%>(x(Cm+3=B8p7T* ze+Gyk6g>L1WJNtZhNLm4v|lVlhj}_Wb|YhTkl5zX9ys6DHDos6LTp*mOChs?mq9n{ z?u5RnGW*Iu6aa`q-4U9BOn^&f97_3 zDH)H4#7xMR2jA>!KkX*rRevVW1w@|zO>{7h9%XT5$w>2eh!627H*mqs@_yuKhLp}W zEz~xQaQgu2ig7kEovuL*C8h@fE_(&Kq-6EIQoY+&lYU(o>=cfEk!CYo04fnV(XitM zT5l}jyK_4s3hI>(#J~kPRNWY_?(Yx$9$rc$ zzlr4xab|KtS?^biUNcx(T$uBzMPqdJs)=tx~}mh4Lc35VvDB7(;d ziR9Y3$UjmD=R*Aw?*oJ01~h;>z6_2kKL!>;*f=lsFZ-KPX+AS`y6ZMs<6%)tQN7bR z(devRz6}*_gMv-7-3*tn|3sYt(OXx-NxTSye|dW_U#@aobaX{$(`kZ`O1)}*yhdv} zS`kY{%kzKq5-{N~ z_*CGsL(B~0*Ay6<0O{p^tAX2WT7i7>6aTBp_;1zzuf#zjaG=7hbOjQRnBX$^_kj|2 zhY|9MIY2`nz)Ca`^wOCQ0+!(Z>cph?ORZN?Z7hA9AP}&;yFw@7@e7VE=smu;-1qs$ zWs7hH9PMBVD=0@Um6m{6IN;QJt?abZMOU!T);}9KRqSS3vW{eK$F_4~?)PvvZrVqa zi!Fps4Dlu`D5ZL>nA#0)8ruE@ik-eVw2BhPP82LGk>dXJQ_T)%(HN<(>eQe_WbxUjMr8TL%CN#SiD^Wg&Ik^|pD@M!Zz>6#uz)%i0y9)-h6c8mQuQeuPJFlZ z{{Dkc$;CbV=6*9rmjByp(!Z43^!X!>Yjk%{cfHVkrEW6(&F@`bbl>rraXhPa>%&h- z01~TA?ExeexpW*u#jVv+i{Oy9^ZP6MIOg|@FZz)lPdM~%k3di=Gak`a>@Y04AV5>iE~$ zR3{sU=90QPGyC)@N24J>`&a|Yk)!*&A@ zp_eXlC35^%qw3u&O;!YpFMGb#*2kB;3unCy3o;C%ciMAB(Y+!0TuB4q??(d47y+=g z0f~^;8KR5w)l%JUj9kD0AW_>!t42_A(V zGJsIL1&wi9yZ)2+!N)DzoNOJ_sd9e^-w}(dHM+wEjZb+NlZ%DDby75}9dH`Wpwoi(?d$-i5SHXL?+T*y)4O|g) z)Uj6?G`wWAF$3>EPjlRP5ioWFu$pO%*t1Y5rI-picW*i!C;rSeUk*M1iDTK{~@8=C1e<@a_N%w3jdX4Uv zsm;Y`=bt8+E(jf|3P%fHSrmkljz2R%q4ZS(P`{YR4E=xj$# zfbt_72}a;!Oi@#uBtxjUOqw_lR}Aq;D00B|#4&;w+?ygzhI&a*X^=s*&p$+b4kMZp z9L*4YcV*h7UZG5&aer>9Mdo?$Ce#uQVbpnOFj8+TuE9<1Em~D6~MpYTQ;d zV@tL7m`J!ezm__7GQ2)bU~wJNPQfY3fgy?xW¬S|Bue>P0UUn}YyWzm`hw+ppQ; zz(FE0z=P}WOvwnbQ+J#Je5Rl(EIQ?ihcnM>)?@SOnlOC?_QmhX$+FDs?Tkt}Y(<*1 zXISlXi46sNVPIFtSDAI2!+HYwV}c~Io$kT@Z;*L-492o(R}2xP(eW?#7kued3Z*xE zT@8kI6TC9;Z6uQEa4&C2V~e%4#c4~Zz+l&qi_}2V(F~#JEJ-raW1L8OHQ68_vjN0x zfY&;PJiJ@kbVNWSIrYVUA=|%5&_vRTN3V(l(5(Ys+EqS~4kvNIn@tzc<_98XH>aIH z%Sc1;7hUn9h!q2t#F6oN$P*x29JXic=0NjD!h>+VDe&o`yIp)g;N|1xeuLhAw0aNKBaTkm z0VHK+BKxAL{efJla7~d0*xNZuXjsI-p+A+Vq8o{T99KULa_^kDQGc$6*!rt`$zmgj zhKSmJTltYV&+FxhQ7KkLWWc57M7Q$>5?uY)9790no&1q1i4HrN@877i-+5hUa}u}f zVbT{(P+>9v$EeAMyI-q1Izqc~W^tBiZ~f)$vu-t?M~sJF&y5Oz%e6dl1v!bo_d^kC zQ+X`$yRFe^x46NQ@VYSUk~X1Bxe{)E;j(>BqgKNZL#u-&uO3V?!GOxSKU+P^BUB$o zN*SbhsZKL-bgGHa=zc-7PvrJdJnUI_A+j1kgM4IdyBbUwOMO8FO;7bq>$S<^-5UQ1 zjq+rSJ&^0kTPn-XY1n|l*F2CeQZLuW(!6JXK1S@Y>uMdT`lhLeh1b@x4CTN5@_)c*U_&SaaxjK#bD4+;=GZx2M@GPJBj_0~kcFrJ)1BzG1q=`gi8&wx zllM9AZRj9Tc+#l5c!hx9TGLVQ;-2H z(9x!l*%K7vU-xiCId~{=-}CUseh2x*eF#w=fk(*BVcppL&DkFG-SyeB%Dd^POtFsR zb$aS6!>Ay|)bSh{Zy+*|nl+V7yMz+OU-5#w%atVo$%^A{uIA@AyPWy!wR#d%l$Yf8 zxV7oShcOYpHZ!DI#l)e=GU!fS`FY?8^-QZ8(**J8kO2%vq}zkXK|S4_(W;2!Yj$n( zf>gxx%JPwVjIE#|fMj4^mHco`S7qL7!eE>dy;iiw_~qoWM)*0KQu-!zfKvogLGdgG zSXOk}qnT*?pj8%tm=(OF8bbdJ0gb9s`R+UUzHHDVS4nX4K63q`kO080k(U%}jlb!W zWlQxMZW!~oZaw$Ci_B$M207a7+ z#u3(&r<5B9#)d_6@dd&loV%ZQ7l)@)>{d8Nq4<0_+Z9|pxRh&y$$G}tMOC`BM@H%H zjcEr|mqU8xhPZEyd~|qFb)t}*_6q*hK2pp|CQlBbm#wrBWFAU|V7e>tP;EzM5$mc}Zo?dA|{M_|3_;@p?qx1e)IE35B2x6YMm9?cC6 z4I+^9y2ey{m39Q!ZOJ2(acUoDG6>i{&damxs~s=4?`$<6Z$4Y9)`X?wgd@Dl%*8l$ z>+=;Zc1c{)SaENgJ1I=Ldmpx$5@GJv<;w2q{o>ghw@%N*5Zm;$($Qf4YVZo8R?|()#@TWQ{Ic!)&%>{DZe-@a@?vY(02C!Iy-Jz7MWIQ= z=L<8_=8n!CmEhHjHI>5Y?fdX|^B|=DH;&u-qnnjBdNF@h9sZ~4A^o>xRj~NlJO)Fn z{zp7vd#JC43mA0P0Mw^p5gHXf1k63F; zB6ufjb9%-R7*Szev%Ua>rF6bEAm(Zzqu$@6qozd=^HOoKUjU@aNRxl&Tb3w*c|YW? z8y?Z_D}=>M;jww9m@V}oul4~fxPjZz7rB914k2uL4_Fla+zqr%8NVF`hgZfx7L3|C z9tda!tcZTucW|b0AeXB_>xS#%ZBLogoaifh6G$>?HHhTpybBF?w=~TCLPYeU#pMhs zM>c6lR-@WTOz#M`gPE;pS?HVjbcyiZo3qQqfSr+ard^mrrT{je3?mtSJm-7lT6%6E zkV!*ycKY;b>(x5ddOX;pjGyFCc?-Cgwj+Dst8?5kVH^~S?IOE%^zWhs^GFVSz7O+r zR*Mp0Z0_!kLM6cc54hje%#m2E<<0p*T+hp}Wk`9vGU)(jQ>XSLdkhW9uH+*ru;DKR?2SW{X;iJX5GU!{)_AVIUUSaw6(V3yZd9>& z?RU2SAI9D?s;W3z_olnMLmH%8y1P?Ax*HMcPU#S&Q>D9O!=^)EgLHRyH@wRepYFZy zIUis!hGVFk^^ZB{^Lw5JCl!IVD@9rbyhJ$shLlgTCk&a&EF`Rl7xhXtlwmJo&y*E< zp!JHdz&GKwM|1cpe8*Fm2aX7pkTn>Pi0v|INxsBU^2=&{a-(|=;B@IM{@82hM(Xay z<99q&{KJ_>q;eq291!kM4F#Get@Is*1C?TZaQ78dsQIZoF| z{O+yum*kpA@R3rCHv4m&yXWB|jkIjFm&xvEF53fzo%8rVS!>}=lkkUGjrEC-`zMyP zEvC(tc7?7;^E|J$*zm?^@)ApoFQ|pIsdDWfR)G(f;olT>dzT+jd14eTa~Lgw zt_|h!?xY`Xs(Y;;zf7U-`k2x=Dy|3B;tVla^^IOqDk!)(h2Ld?1b7EWF%NvduyCp0 z+Ulnsrk!Z~_oHYI&#-oD>x zcRKuzoXDs#0a+Yym`e$`xTO1XybnjnJ{&mk_b(<&ZU=}!d_xjG{LqXEj5O@-(lPs~ z-OmijmZe@SAMn>@G>Ly9f!%;aTugHHl`UX7CNglg@E{$&EkV{MZ0oEd zL%qL@!5*XxVEY&cZVKMti(tp$1Qcpy_!M|NOi$EkE6S6IA@qGCR!LvRY`UF$dxGvH zG!BLo6rVq2)ph%g^IVwvJQ+p6qZ@ohtrB~+m5-r;=kAa6>DLrDrvEOVMa$P0PmJGL z6F>=iMbV=O2)bb~2CwYp^{epoGc*oE>s&G5AHKfAs(WAC-Q#^jd*+ou*;4GJiI%K` z;|%}U;rB*v-)h&4i@a4D>2(jlMB*X-Pv}9FhRsYpeJNW?-x;9==b5VCYEzD0(mlUr z@w+h3_G>*~@B~s!!=Ww1BFru|E)n_wJwWf$Cgs%Lcm}#cGHnDTuM3=BTUFznvpj?z zmpR#z5!oN}Bj`wgA5e29OME7%Y~*u=1#zLXp{{rH@%n(r=#R&!FKwM4cj9xsj{yAp zA@^Uux`usYj|GvOcitdzU_3r>0`Is^4899B7Cvv7Oy@L5VZf#o{0yfqU5K~5G7wy3 zp;WLxoWh{ql>N+O3AC4{eNkpu{LV%N6uCd=zaeYJiiG6r!@^SuYgd_L1_uWV+qJ}- z$!3gY@`Y21b;6RYC0O-@s*Ro-187P$V!gF0VcoPayeai+=;7_mx(N5;9Y7ZZ1qp3B zqg_nkm;$9Mt~DgXf#`?aY_%b52Dgp5Z2V-H|H##Yj*4Z^p9|(&-FM@2IL%E^y_t~0 ztS7khTVqB9Xz}F7vL4N*TPo7${0S4wIx3_t27e~LA6`u7 zdkW~T%%gj^Cs1ae1|SNa^giyy!V?^O=R~!DC_##Al5O)Yb^;0e<2p784B8!X3NNW& zYkR9?dsC&yimtGZSI`yJ{4g42CAnf6BgWP4IF9Pz++wpabVS}7we3n%(d?nP{l@B-ai|V!4)rMh?%EHj0wcp!vYGR-(r1 zSP~u;e5mt>#}^y8b!=D4=&lcr&5h^^?du8DnhG^KqxkuGx`U=RAqCJ%iPY-%z~&W& z8&jxvcxfnQqB=RRcJzzZf7rhqE##XId8jX-xauU-g^5iRz1#Fy_?SL_wFRxfp$0 zH|L!g#jvX}_3z{Fs#2jBbre||Y?_|c{mzkN9zSpv;Ppif7;)FE`)=^Y>O1+9;>Xa_ z+i$B25XU;Fjd7@HB+*81#;9IZOM*ukm3~#4x2dw5JQ06ef!A@HP|eFRi_{`X5}C4XGCK$;1E=0PyN8#~ zDkh!6_KTcrw;eIz7kp2_d!UyB4UN9TOjR+Xwj?`;;KD)SK4^DCYKQ&m z^;M2q<#77nTvyuRmFb&;YMH1%ev(9g~JJc7$z{~rw-3R_VOYuq! zDoK-vX|d~)BnOxwwkJ6CkAJ>CrxQZC4;&GIn}^~2+NQ|4pHDN=t29Ev&){bPZR}5O zO=NfzNJ+%7hU(IYh{(nRgIzAG500ya?~$4;MLZ6tVGr+-EI}hm~ z-yY9Fm5nF)BW%OkDEmW_G8c6hrpm;jrtv-m0-M*5KKe%ouo!ry9qK?{FIE~=IH2@S zMoa#+XV*Q!#g|9O#uQiiUr*N0mVFj8%SnL^hIj`HF0lU8;wJU6!^L@3aR)%7ps%kB z2^{UDtNWF(NwSOPQ1KAvxmw~VQBRf{Cq>|VEbS&rN>9Jqqn~Gp9yeny){hkq>ozg|FK&lr_IQr=Bl~m~Qv)}N?>}-W@UjBi>L0^VVxaP7 z=UcAJhIswmjLhfmU{LkrvRO8(62J2@5}z~L?P(BxEHFXr^tXtR^1zELjT4fV2)(eo z1yf+3I=ml+`KPzv(M{%;T4G-a4_r~MI8C@gM_=>J9XVD4kY_uYIS#v zPPIxV51?EBEY^zD2CCK-U>$nJ>mcefaooQ9smVH8Ur7f(H`wp(z-A49CxgOCb3km? zSrzC3({vjYEc?Pr)=2EVIlMfWKmo%uG>v0i1L;7)FOP`UARc#mTU{B&O}lQ7{woZW zH0FcxRyvbVUl-iXP1 z0Z&P}7jcH{N3Q}e@>HB^fvVqXA6I%xYt@8jdTgHS*Y;(GL6<^w6yE2{8FNMvFRmFK zSiESzo9z))n{N2@=uw`pe4rUU<7g-Eq8bE5;Q+*4(Z`yS7AW$JeU0B=m<|+3erFa5 zRO4J(M;Sj>5Zh}vM;1eJ!`q;GNgyJh(|Np^g}#_|@+PGpJB*d>9NXm7MSHx9h63C# zgz5#FyygD7%sn_(x~5`6RYn^Y=RAze$uc*7O=0~)%EB8!UnH?pHX{{B6YoFdQf;lK zv)QWozqmKkg9w5{TL50+^rgpP%|eBO)fLT|vBD!DE!J$9S7veZm`MH#393v2x| z%ow0$V5rfPB!V<5#WmCCKSaXe`_Rn$9-td_zDW#0esp7$5h^0oTEKbpt*1s-w4m?r z1R=V^pfNms0gIHIW|Sb*P0(n?@AdR^_RxE?NkN|A>O$5=I{h~7j!J_5!gAq?NZ zU~y&UhytlkQ~>5aQE%g-&{_)xi+b_%@#~3DCZ1V7b^svd%_9$3(7qhto0?i!a++`3 ze#+%Iw|oJ(LWww%5lI5Puh)k&gsORhG#PmYFnc0--d$1TLQNGYB!ns%Tovw7&ag8$e$3kW+jO`eEMWSyeEn*D7BBB8uEWQcyY8imX0d`QDohs*pkR5^6 z4Ip{|=SFA3^e)Bh18{$?e`veehjbJe(PGOYIhV1*1Lucm*dedI1K+a&M?CSyY?)Yjh}mQhq)|8VS? z`iUsAI6o)i9!20U+k+RxXE(-cax|!pdjB4t2vxYlv|~xS-+SR5?wSi?`ka8fIlU;K z&*{g_`dEhEV|!LiA|Jy1>*c2h@{n04p~Dkq>6?q3E{8z^nObpaEYs)L7t%$J-;o%U z$k+^^xWQNo=uaQAx_+zqPcd;XnsYiLsuMFQZ!2iD;EC2l`)YSPp z>sZO0EtA!`wUXs=zm67pN;oX#*_vniUXA9~!kqxX{3mrGD#vDjJi?PKKI}DpPwzp{ z-Gsx2M@A4lNKe@=3zvBpU6kx5&?G=Ib+Y@m5x6OR7xWd5&5@)E#DCvZ{BeCcU=VHC zFlg5QOtkVoi`qZaoABHR=pUr}iQ!0|6;$=qZB1vhT@QK&^n5udFx#AMN}(8e>*H~Vs=8^69k zj|0r)3+53aeN%qLkaXnodAk<#YCPMCgyNlMV5ovYb{#rCDsDi=5ePWB+|sb*wq(!3 zW76fKtdd_{MdC+Y?ExF#e3O$98rk+cJBM#jp`QP6p>&AqN7?vI-t*5Lz*`gIh)KSL z0GE<@ERh7eyIZS3yzBwciwE;M%#}t9O&rP0Rej2LT;Rf@i`MsKIAvlCIGncA2lS}p z`Bo+4q0bZUGMEExMuI!IqTVz{d4S#LAG8j^sq(O&gSkdZq*Eg3Mny(}?c11E2<#Qr z@92};moi#SJeefs{{5|<)=lII7d_nn?l|~h%0^NgOs*i7F7Ra^%5o%KBQ1frW$?SS ziu34w7yc3?4S^0i;>R9L$+&6(y4^oZ&$4Q^z%ZH|0heqfesTC&qNaA&Mf87X0sK;| z#RdCHF1JWjReWdOJ$%dy{oAbgpQJ&kWaC%*XNEJ!+{j-?GW& zf`MqMNVEuJk@k#=N?_yGrC<>hPOd%F7gHH`v{?Hd&KB`s2{cSOia6-G9{$z9+9BWzAyRa z>vYFCfDdjx-jJF?;9?5M)%Bx%8SSUnO{kd1Hl`1_CraGhe-)}jP}N{!tyvAaFSZyY zbAp@aU`llABOI5bsKDnR+sGmkh*%8`Z7s>>n@IuxoZaV=^UD?K6Y>Fugs#AmtS%(A z!!~O`7R9N7)ua&fE&TF+>xR-zH#)Za)m&yyYv8OJj)`B);sP*yMG) zMbwQ|UaaF^(nbK$0TPFOwN$F3CFj>&F0R{)hUr~<*tYnl^PJRDT^};S8X2NV$pbjp z$>u2i;m%$XHb~lY)74STpL4R#!sj^5J%TQHMt@J1OBI(LP-$HXV2P>nn8n`Z1%|Ap z^4Hw25G0h*s+4S@zCzl;kyx?tF)*s zPcyBO!FUgzBRuQuZSQi(`m>mG->%l@-Zs=xp}auCc#y!5+@FB#Z*LRici=`bxq->z z^>l%lZ5ER4-HEv|HD}UMw*8@AicNl8z%0FX3)(2)T;jaS+=Qcaop=YaKG^>}dg1Xw zgm+ZoZ!kLUGswP|n)cHhE&u>o2!qanjUOV1{0!>~jO(doqVW=iy}61= zHv5%s&)~U{o{#{H92@OKt60@(vZdM>WFF`hFt(dRrru|!s&8s9;Z^pQQmh8=Lal(q zK+s_u_ESvD;@h7Is#hjb!q#6Lio1VmMGGO&B;nqs zwE7DI___Z222QF#9NjtzjKu;r*Gt|RZQZYr+nl$8sj`5^ zeNAM3#n;rrX1tBeI~sM!=d_9fdb)15^%9opbS(%u-#Oy%ewxhS-urUre$YcaGd0&6 zlSD(pSPe7)pPjHZf`U;y18zdj7mAy_KoNDe(+ka>YTYqHAUK^;tzrT%w)FB=Q61X<84gnxPXKqf zRHikg`1^FHe*iQwqvPOBR6MhJ=IinlYy<947m5$#?I>VlNmb$%&UqDBA*zBws>r=Ti zHGLT+K;@WN57dD8B?^W=N{sER6s~QOt_QNnBT?sumflxw$WY7lP)T_l7quM`TXVck zY2z|x3qpH&LL5r!vyc^KU-7^11H&wdz!}c&RcF*pck;18n^DP9sw6&m zKML;RhYexO{FDyNk~=Q<&bsom20dC{?`a?~wLyJ}OwsEB<>1>Kfo)UsxL=NWZqV^9 zXj?6EX_Nsd^`4>}Y&d`ScdTUcV6gbp>RukG=?NsEvDTidU+>86<1w3T7C-z1{OCB_ zOuNS`cgj#WxOG3#R+SjJn7EI>n>l(m{U|5oaw=*M`6gh^Wd@50dt?FIKnoaHxHmw!i$ta6~T+soEbP0Gv%l-?2@R|PfJ)Wjlgsd26P*sK|8mg z`1*K5S+XFG{d719DmOPtFC8S(SVktXxjkAUMIji%{8(=lo+lQ7g3t&AJ=jPJv%Bf2 zT%4|CoA#Ykmw8Oq>m-@~;;GK^cQ zlZ7x6!6(|z`yKqnxBdGwiE1Awp>nU45S8Ox@OZJ3@c4Fx=5*YWYz_bE_A~_TU@EJ^ zrn2Y!9e97b7F0u7Zv{cQ*c=G;4GumIFe1o30(kQS182aNZ7OC_Lgxh#%e7U`24y`J z#9HAm1*Mm3iuc|Tc@74!0nVynJ}kjcPg(vOAr7OQ*Edz8ERtBUW1TSA4lS*+V1cbJk_n1a4(d0-h3f zLXi!d?<~H~gsit3PUYG`=3BDpM=bcr-qa6{$YY-KiDonz&6BBRM_7dGcL;dO>)mwr z-GKRq$7xluQa?E%PlLbOWVS(!4xLHje>66(vqKxAatHW5WnhD8 zgs|n$!6NuPf~Vfb;CbX-dW9A95#d;=DYzHKjtzR$bz<&NjayYGx3O4cwW+_sgp($O z4)E-9`soC%Zv;0l305#hiO@O6Ts^?Zj4O&AvW$QYNfN>J9G%ZrzR zYnoqDG_r51fgEkv)PhIQCmNxu{cfNTp&~8OTkFCqSA4pUw1WjtBR?N0lnEN4YQYNx zPz0i4_hfd+Q_X9UI&yi)I*mvi>PWTYZ>{QU*-%A_uRl3TRWN$Fi})yw)Sd+OXx|Z6 zun?H~J-iy8I~L6%?j{(xBYw>Zv?`098M*hJu_wA`^9=2}O-+?lTN;u5jS>IrI$M4H3d;-$h|LMAfA{>SWlzy+(ZZN?sb3C!gjT=u}TE!aG&Qn18rC9JkFu$ z&Al|c+Ox{Pkx0lyCXm4o>Yj|w_M+_ON-5o9-p1TnUt6DzA$OGh zJ}OD-%?AY2nYQW-{@Aa|MENuIQ7tsUT(Qhm;XwQBF5KWQpC3n&3vYq@zIMDmnc=xFtPubn zU!-wO*AHHfvP0hjI_@?dhz8JJIPcqk@DLS>1>T__w&dycZRv~hqLpL~t4BmE@121n zootMuNly6LQgNa!6-*fik;>lz_c?X@+B{B>Bm%{RDdnDfSk8zEqZW*X5PUT;(Gg`8Hec+l8R;ym`())&f z_~7MJ4a}Oz%YRzsDssuU$v}_2{&6v-0*QFfwU%q!>DrFaub zV8dg|RlOk!jdz9x0bMVU*0yiNN-mAd^e$7ai`J~BMozRTA>@obnhxXB6Xw@kUw8m6 zArKaF#iaK`(}F=W-s^8at2w)L0JEUPPQW6@hi+X2LAtB1s?ClL2+!lMz*9akcHY`!wrooNi;n={Tl%mRIMexezM64G8_| zgFtPeB<$`AZ6E?u3cVIv51{Q{oB~$9(LNi(jE7JDs0t_MNXz}puY(=6+O@&_1ifL> zfcZ7bRQ)^P3rNHz8d9xT0W3lGa<;C`-ctxOpP8v(HgbZ1%jWm&Y2ySU0h^J1S+xB} z>Dw~wML^1TB;~e-6T%j{NBzz06&?bhYseJzc+r+0D-9d*&`Pb~nTdf?H-uiruHkUs-4vTSA=9X)O--*j^}j%8pWq9J!G zsWz#Um-K@bHqX0CUC?i9H3Uy*6D=O)#=aqqqk|QdOhG_!Vd$UYBQ|NXq}DFim1&GO zh90=BB-M!@q@bSzi3>DEb;op6k=UtwrWPyhdKfKXs0} z4;liq`byU|6HvfdRkh{a>)&v0KvmQ159rIV<;mqtsS{Fi6QKz75(B%|i9)vYly22t zd_2q+r@uu%CEb;Oow-_ehaOn;AWe5Qtugo!{qUcegWS&q zc0JwuRkN9Nxl&U8kbqjJ^bW=C=LOtEE-S^g89Q}B@TKZ%*=UguJN!!nN|`*HPQ6{S@(=LuE;G<+5UVR95lUkJ9b+DY_XiD;J8 z=Us)3z3Me}mmc`gU@;dOf}DJ89}x0LA+B+ri37d@Mipy_Q%0Nbr$}zk)hqLuD&T~f zFRd*R7sf(Cn+P2oz-2d`3!lSD+w}Rp323L7CjQ~FT5R%dy}t2xxro1>8r{^Xhth?I zmL7}vO$s(>?I`EJ%J+^={QSbaiaxsXqK@T5#H9}>Qd41*tDl}GhZI=_3J+FtLB43I zO^-}=qeHW5sRWt_C;=OaLaqx0pU=aI@A)8H2hgxAni-p-rdhC$5FI(%Hf?fOpn zFd9kvD@<4VhFNfk3?9gsD(k00O3&?yAr-(uB$4A+zES>5WjOb^k~9qJ)=O9=UaZr) zIGQVmt+hZ5)Y#s!pSvY*19!e0t}=KDU5B~uuZxOfhvag&PGISStaBFVb3Qa7&eay- z9sN5fFutBFqrjuWmG9#Vy<`d6H?X`nIJPK@{&_qZDiqD|EAZ(S9R-isnximtXTfLM9m^C% z2V&+*^dmBWr^sr^6I!Z8Uv}G%3IzSZ_&;K-E7a>%ZsLj{bdJM5_5{5yqMJX^2EM(b z10g(Eu_=@HynvmdW9YcibYqhXI?{kfivfJJB6dFx(7uG5OADpwHe4nU_XHq?&SlM> z!0#eB5}h1P#P`eAuzGvMFDO`0+n3X6i75jhj0|0M#mBxZCbh}g7_&bbpVx3L4F(Mm zB+N$VFRb^1@NbV-F&-{=X0(6k{e7g+xMI9IpQHiYJnzoNkMTtm$V5Ji>kwHjcL&1; z1i?UybZ7nt5M_TQ>w*Cc-Sf^Vq#-bh#^1g#-coW9%~sCQH{9JCKsDOWsvpWG-&F&p zh#wy?b!e?;7(>w$L;}I+{wE91*U`FNc2`eVv1+!zfhLk;hphVPL(jejO@lW4wKO4( zEZRoiZv^dc|1&NH4;ZHlFc&8;=%|4Su_Vn_$`PuKDp(bQ`ASOT6C;j^u$d@ej5g2T zmQH=N3yf`jX04<$F;~GTTc7x47;$9xE3tVw6TW>;danu;o+iI}Q z-)ao!ueHQ!lAvEs8iu*)uNFgXs}iaWy+}6BrBuMJ1L-LmlpKaAGZ?f0{VQ936>};V{an~ zpa)hp`l*nwnt~)0_PY^tCaDR(Lvr-xH(x3_E*r31v^dcL94ko=7U*NZzHb)5C%F7s zA8O?v;#8yT4Za_~mCM*D9z`*nzBOn*Jb*vL_H(SgN4}B--8~Fc{D$!rb4R@qvIJ&f$y1dpwS9ZC8~a zRtAqYZU9qeB7=#UTbg|bP^*G*K{pYf+V8{(i%+ey3W6;6;#s3_fZ^d>sTQg*;i%5B z9258YIC+V7Ynx`0`D&a4A+-cdDXDx#$=trj)o%~=LNCsK&hK24LXyCc@_V$U_toB* zxny=*ogct3wIo!1YK59ClKXK}lvXe(;Ff)4yFXu$W1!atM|3n>5mslVR1WOKYoge~ z$@;eosgBa&qo2cCX1Cc7^hf7CuP={a@x1_HyDOFe%rdR&q+K`VoW)9;xAmZ-xvDTO ztI;*W#^D3+(@EF1x1iumcy$45mO%mz@8tHybG|W57U+m`BNI@`!VpQnXzL~3#HdcW z4U8cQM}yA~ahlf`U(bV1$bJsATE!gBghg_#t;UhfyR)^GG5keNw_meC=9NHr;KnLQ zyix`HpIa@Hp|W5zGJ&!{|Ke}v9eaQ$_zY{er;7?KUaQy%v)ixkS1DzLAaQ2A+f{z? z=rwbdVe(VnOk7PzQ37J4q~F<_jo1dxY&=R$%TJG7>qWpMfy&^5fBS1t`_Afrj>1EN zhiM`()jv!MAw@aL$;%u>cgTOABtkuUmOMByGdsm@wj9w8K>zWv?9gr&vbdK3<;S2+ z%qr4XDw*5I0rF>)BBg`Cb*R6uyYJvOytr?Bt*wU{Z8pNqD~(_4+y}K zMxk#Jb^sOk6iY0^j5msBaxR&e;jK25wTe;qGuq)i`8=jofl*L83#v%r;QOeO6hW`{ z5(EUJM;XBLll2=Q2br!Zufd=z{SNzWr3qa{M`Fzw_G!MZ4gP?A^2Im>gb4F|y-3h|4x$K?BouBam%!*-LGtNPTc(DbxvIkn&|KTtE0p_m` zc9DpAwopXLyj2k|t$Mv{qa-@Rb3$Wx^eUqdhziMYOuhXcAkaeTQPo!e$1*pqh^VqS z{cf-3Z|4^&&pfbOe2oqt#2+rL;_4+5k}QCv8q?l3ojOrvs}?k33>MugKAnE`2y+U& zn-X{t3J%pgVFbIW-x^0Fi2ysHHO56CUN?Shil@XILPe8(v(##dKsKX^X_M z3i3s4c18r}iadd*917Cxh!6FZ08het9w49Y&m~9Y?oq^jz6kTHERcNoT;sQ3{t1Sr z(%+#JKz7mamO}_uOU;u*WVach-@G?w8XI?zzO$xCIyGbod z1lr73F45B?cN^6aX|mnj=Fc-EM8}1nIP6%VBY1Ot-5t2~UU&Wwwg7g?Y+(-)zz9=t z1j0&!Bl^K+5^T_Tl+|m+C>D51`%^ioCvg^Mp~)Zd%h{xyl8zZ>5tRbd{)014+F8xV z`n{fQrm564Q!dPYV~peV$ewT%$<>ZlYMnAu{t0?g&HqKjDhrM}H%#*^7PdlAEtm-t z4?=M4VSaM4cfPs8k6cDSnlGlZX=+Gj!H&q9!H;6In;L>>LGw8`0jS67fqD!FZ2BH7 zFe;6Ik=_Cm%7lri&&G!|#{!neWB+jNIs|nKpG*>aT&wmgUoOb(y|qLVY&5wf4zP1# z2fH5{7_&$ecjOt7RQh&On&EmryzOnipJ~wrdJ)}SID*}gI2r!36dguJ?qfW^w+GUD z_ZS@jL}0?rRpCQtMk7uhB=F&;1GhlJs8sMeB+l*f=YBMeUdc}VEv16TC3J&EX6NrD z5fcLJy$w}~2#+(vwnV>IvRPbDlIj>sh<(Qq`G*`!j<(&<$Jd_n5(&gyT3lS;h!88? zd7TOW@&MU5iiwN=nfwlfoBhY0Xm2D5j2Nhxj3Prf2kdm8<7|a@UtbUlJ|TM0cx^q} z8kO?rW1Rx5c4nqX3uV3+S38B2qYLCgy*w@S_l4IlbGi|5z0G1kq9!n}6EF{sBs}}O z-Ds2GJPMn_7wVrve(-+UVtc;8-;hYmIkpOWm;D?Lm@fk_;MNMd*zYEv5pfnKu7oi7 z?1{6J8-)B9OrKT;Sc(vQs*#aeVDDgHH-=M+d%7YMD7pa~1h1HjB5o4^?f;fS*WU+; z+aZm41B2NyfS?1SC?o#i?LA@LT|84$t0W%1ia`Z7CRZL9WIS-X)gK1|qqi9=cw%b? znb3ULhNNlg(Yw}a%7@X|=rG)LV01y5hy%Bslk^&?yDtYGVKwqIepyt#@&Euh)(p72 zd@c+`)vye9=;(#J1;);mzTWpiw1uX-wdqRar!3zS4`TdiK!~c9V|9`=&6Eai) z-uX$Sy1TVq0%62}e&`=H02vk)5m+dOt@ck?=#n#tm^4Bprv(N@$=TrQUl&P7Z{1LN zSrKLA<-fxzc)5uF0+yH{2A3|9zne%Tp+y=32o}%-|5+VU`R0)(h)HBE{ODJqyTHX& zl!&#J*gXb{^!;$NlOV|mH`<(6mHaulQ{kTPCEymP=rB&Rx%2g|9~5o31PE*(D2NLx+wfJ4hK(%TYS~VbyL_KgTTSzmXYxsIIInFYffCYBh0W#jm=iFh1~271_pKtD+dM_of;y%RFm!f)x zH>)~lW{ucj*IFbN)8*RyFen%#Dl9~JB-6gCNNdlK<~IArGU>XXo|+fAo}V{DIEP); z!Z=G^n@e1{SKDsJ-@11fX4hVyR@#SHP8RQl$&Q;XpN?t6QeQiR1=GLHYthI37)fP8 z@X%2cTT%z&NSuzy0)bbnkbf9a6N5C&$gPP|4#lu$E!mTf$aX7#)-I1KnUM}z`2E5m z_2Ko*$*?$#IjEqMdUdVY{;3VCT`bROsUbO6Fx_xu?~eY=UHpaD%v$?h-9yM6X6D(R1tnW! zhAA|s-Q{R~Fgfx1_G)%hs*9^$j-tPW`-@BAY!B6-{jz&HhwI8^jYX^kdDXtKc~Kaa zsOy%I=0J;{DgJH?(9C*WW9do5upHn?%~`Fs8J-~UvA<6c zPVaU+d|15_e!I)HlBxV&*i?eR;X_jJ!^i40%y>HeDgIM(xS{G$gow?~S)iKI#xaxS zJd5XR^Qn4u(8dGzsz(n-moxd{cG?g7ZH}{#FH`qZHnTl6Cn>|M!#|5`3U63GDA0obW`341$;SMF!t&iO9^{=P~v z1Y_%0|J;AnJ+mOcf+cF zSJX_|C*#qpLN01ew;r7+$od;d9?ziKrP2H#X0b$;Uw(Iwp=GwtV$~m*L0xZiiypo? zGmQUUW8C``19nLJ!csWi~TBlw%CAi!z1=emf_Ts-A$wC<|CmXtz52+iRU7 z4jp@njxwaR!`0qab~i~P=yzD>uvX9U(*s-MtA%kD5!~G)S6VZzS$?80986kIE14|DLoySCy$FazyVcGg+*) zT-86k)b(a8*0J=FUM1Ilt4hX)xLl-> zQ`bLwgkUrpt5Y{j!vf*zj*Xc*PaT0{`lf7Ve7ej=)diCz5BG^UZ$&B1Yv`b0pYq>t z1lacf$G3F~tQw)(XJ^Jm(M%=aODp1~Y3<%6ud*rx-Bj8N&5+QXM=_T+`2Ax|HcPDQ z{o)^y?^7Nzw~uR6=h^8OqFU-1|#Buf$^`dx}_#O*-7mpfm`N|{?Qj9SA zXAyjE)Z3cbZ&hS7>U91}&KOjni=)93t#3#bIX&<)dTMNtOdsvScW2b!ci21Uke?`% zZ{cIo4aYJ4wEL~I{AOzGGAzD-r<06nw9cS=>t9Wg5i{4Z2zr%vX37zZa};q^O>+{W zi)qg0S+Z13(YGdLiPO*eaHl}iVE)nYrsxA+%BHvG$94^4Xo~~69Xhuj!__Y0vmLf( zJzh5tN4!oxNldH82`NixG?DwCcSY6Cb$k0Vb{w`jM>PTDBbBOoGoLS?b>`f37%kyy zwWMo657ZyL+(ygSq5(j^M@$P!HKGF^>Ul4d%pq++B^QiCkTdfVp%}-iM4Tt&CP5pl^)Bj$&v>#xIq92yN zV#*)Dl>S<2&a%4cvU!(^Ngq`3sPj@j_U*||i>0{1_x+EfOu6Sylg> z(~?vs=C7aF>?MIBfFYTZ2Zr3KYxUS5X`>UkM6VtCjd1_Y2p*2sov~`kxL;*cRWr}n zV@<`noHXn9oEw=*HX`E*s}EMHu;$iuy!C$e#fJab@(|W>wZeB)^YEzBUa0vSoTCE; z?3)tR=@C3N2Ntc8wp1atEEY3IF)!m2#o&tJos&oJvEjSfpPo8mcEi*U+j}CwF&_*= zbP-3YQ7*Z^$3Fi>@=;}tj$wQy!_=hF_QSzKN&ZiT02b}S5610Ju??KL2|29lL+>Uy zL1#lSM6;0O4{{<$vUwG___P!J___~6NagxV-MBw~-OObzhlr}Bjnjfi2pcko0&S|~ zooHN5ou<}UnOeE&8o!REGIi!QtIZNoFbiLO9?MQvL%l1B(D(!`1)rwvs^ByTG3E`y z3~XN=EUVHPBm4V$v0S$QuY$6lA--|9ar)DgmmE*i+;&qG507Gc9nhICtihZz6E02G z&RE&Cc#L9Jf-g2e#4^9nvh2snB00eJVgExUR76Y&KF6uLy5zs78WjTr$6-FF6%!8} z(-t@AlMvyhq1&;iO#S&H8y8|h``8oFY-ge$utdBR-bPJl^JX!&mwj$PBnX|Mlhne{ zfkJ$@vi$KyfS%o4Q{&oFJ*lli23NS_(jf@$cUSz$t6vjuCwfQmMdkX}CU{f=#d?C< zP7&ccphSKHu}%e~o7w2gEiSV_qlM44PPJb?I#hqyB>Gqk$B~WvFCbKHu^}$Q=I|)v z3B?qS+f1ZxEv0jy;qdqsL+8Ze4+;?{ai=;)rzk_I52Ug`hW!svLBt$4zM{sRuG)FL?ws zGCbD6`eM~ws#InX$Gh4IjQ`8A{a^cm9hw0K)i{(0Usql-oLw75jqM^kh8cS4Az@=E}H9*@`kxUYIR?=9&|4zF&# zdN*=oT}-D(UW3$b)eA%?Rm30Xp;n8j`mVIR`y_-*(e-JJYz9h}VatFNh@YEPnKxU8 z^t15O=3(DXz+%qc=R%|DR96ob-p+`WANjfs$xg}50871OOKa6<2<@e$uCX*RzD-Uf zy(s>{hY|-|GyVUu_m*K*Z(aK+ASlv^NSBm=QVOWFDAFa}NJ*D;iy#uBbTFa`7i-Bc=9pvL;~w`MBPdBrxv|pcCk9!& ziohVyt~FFE`vKl^i_n?&u&0Zc`*~*P+f|15s(xbB<-ya=g8C03N7yeRf$a&-c199K z&nxPSgc{z-Ns0C!Z{HS#n~SKGEy;Wy+per{uz{P3CkZ5I8%D-)yUO2SRbNqBhy3W1 zy(|F)X>Js@rQKj#pt9febOWvhWRhWw%YtOijNIziSrx@3qF9+i_!LAKWMfQSi#O^( z0vB}ZF+WUQ4`DdBdemtb72KY=c5qHL^2VLmsV17A zdNMDdJwGim4!Ox&;4#v*<F~r@9ut6A`5Kp)g{}rowC{e7t5m2SxrD322bgO|;l*GMfCm=fn1xQ(0_lIV)di*JODa*h;TJh;cPZQ1oE zI_}f;2^J@n-xPkN{BVdB&6Wly6zG+56a}EcAg^?sT)iE}AiL`fPmEZvg$v3PY^J%| zU7(Ak7s*I1n9}NPKLn#5PriK`_=YNZJ&_!Ht5G620ELI6&ti`=Dj*RtQtZg zX3pYt?1qNYwdb7~f57}Y^@v^A8#w%qt|X5Q*C#S(n!Fs&&coKmD4^iJFVQS909RkU z(!a#$tvvN@OtdVXHNjDpjTqWW<*Fzee8RmjwZHQAy@ZnKumBr3D!U&RT>S|5V0e#9 z13U0~l}?Ug{w-X-4X+t!)X)hK98pwGx*qgZB6lh&wwp%dIvu6iToEYpb zaoH~POl3LD+E32=2!6N><)2oPMf(-wfrR3KntInOCBGE}&|>wgBEB4{#o2^hqk|oW z`MFby2amL(=3lQtji0ntKDlC{wUwKnK`%L~5mu?>mFhM>Yb)YTf3}(zkAHt*q%av0 ztW==%}m#O#mStgq1-*Nv{!zRE&2*TiNa%>?^Y_)u*MV56C3hbQ#*#jlks<{;IAUF8N4XZS2bRC$9#2E_) z+AVVPr{IQVOQ-v!Q&GZ#s~-%5(M29SX;KWp{bqC-KiW_32f5?Z< zMvary`LLLhmp%Ft={_Gs$X!mtqCZ|JQ?i@$<~AbH?BgA}L|hZ19q#8-dr6R4@oup@ zN4tKmf!>UYrUsY3{f#n(xAoZ(?1{I-MvVP`EG)8Y4UE@qbuQ^2F_ljzQQ^QrmQSY?Hr-^FhK?6(KZCLe&1&T#ltlZcovO z6ZAoy8U*bD|GNP}WGu;7DhTxJeV<7PiPnL?e3-OxgX_aKRPZcxKJH!x+QC3nQs=YX zECooNoJ+F&H@0+r}dbR%bh(mK0ei=1FF(1HEy#KjoUzt$p#c< zJ0mUUaOnWRr6I4dq*V`yLq|B1!PsE1!1|C%#zYdd+(KO(N;%%ClHa*KNqGHQTj~_N0CmeCFR7|ei3MLhpzfrz1a6dXJsgkl0Ok#BGfeB5fz*&0B zI$i4*$RV^|Q&NB*ilB-G9hcyOM?FQxD+SYlZH&sFSjjU@@o31?s=K)mQOqEFs6FZN zF|0vyBPV1LsRbymXHQd`ebnKpaL8)9{c@C>%)*crdvt>pyY3k-V~4l^J6!itYv zi;vc4L)ky&Sv}qw>zQthyrVJut##R@{|FX5T+%d8{E07Zn6h!B_ISEg*57ut)VU-V zRwxg?#(D;K950E58K zLGd#>acWOXekM}|x5BuiL60(Z;VE+_gAja0)vE1MX#3QsJu{G!^(qP71k}6jK|i6I z!Z@P?tb7L@B_i}GLSruC87`coO9@q^Zc__AHkt7fyxaUe^GDs7+_c= zCQtU&YChB-Vd$Q0L%FjLUnGb@m9U?i4qWDPU?*tPXZGUo_)NFhUlmuasWCRn#X@J7 zDOEn2BWesy2s;iO*6=nM=FyRusGful{6sMErzpgBbEnLCW3|_uuZUunbu>c-We9X& z`Rfp$%fYeH08UVB=LU8H_6v{f;mlqAAI`=xNAP=44a`bG{Ub#tm2#;@?i4;TL;~yQ zBI?kjG20mtu_!2YbymM@V2G`ui~B5d#MJ!W(ojW3>5Fe&mUdMh@M^_u^}AWr3Q||V zpq8CC5|L%@AtfG%-}VADlRP;TFMFJ1=hZhcc@??0%4Bc0>6fo*aFOyFrT6EWcn(~* z@4ixZ+*UZ1rpVDN?aMbT28MDh9EDl^jG-FU?}iu?@^3FzjLcgl2Pz z#8gD?@vni+MdfC!sr+_W7gbf=y{a8TL0BY$2=`7nn&;t2 zh#a5V3%`a^@g*9&$B9YiOQ*cF)wuoL;8Q@eax(HK^3K<3#u>NLQ!=yO^-Q$9Z9xp% zem{MTU>8;lo_Z2&!u7fn_93<7qm!uc^^a2T0|=@1mO9QCv$m~{`GkL8uW40QOlPCD zz(eK1Cb^t+OLxN1X#l$omsbiypKR=Xsj)i162S&|=paq(j=~NhH7<7bxQy!D!3h?)T5A-IoFICpR&UT*eRM~nJ zm|-w<875GH$_i+9DmKBGRL;uyeHom*$x!PfLMi`-TYsQHcDTBK=n?_5y^qG8PttHK z8I`Sjyq}DrlZEFuu?jLfg&Zm8F-YXSd&*{{CyT8DHI7Fm;^r8-3rJ7jk>eA-A1^bj z(55J?wL6{@Q>nukM!tgoUs*S>%4=%g(HOd_-xGzgAlhiR`!in=C2A-tf8AK|aYw~N zzg?KCgC=f}E1FWi+)_+^$!H~Vk>y>b40AlcFP3wazkygpo6`PaE;>oYLb6%Xqm^rj zbxXXWalG`~NwHuC1a?}kV6b6v-Sc-kPLRn04&HAPnhvOb} z>$^|0TU!Gu-*3GDv=U*}a_)1B@TsSW#K)s`ldte)I|^v&7h+rng)=?-*sfvKFuxsL z(D9a_KFm}Ja`2E&#*_Q%6C@G1^aHm8|9C-9?d}AA#`&P35@TrWG3enL0fsuZk?5ao z&31CS4$6iy8%iYYFR4|5;UUh&^>D9|Ol*infyeBF8^^yWq#>c~mkR-RcH5n>^cJ8q zH(_~=zJ#@fuZVLfShQ8uYj1w9723ayHnV6OGjW;Ime_Xh2bVa=hUg?$PU-86gN~lM z5p-AWGJd!5ov-YVDs@8vE5N%vtR)mMAt3 z#`w#oAF0fC+@2kRXbyJWmY~Lebcsy)A}){ zZtdRDnL$g4pli~1`7n@5sx=Hwo^e1Js2YZIg1bPI$26j|8sLC7&kI|6`w;@wFWq%o z-o<@CGjb=FhanZzU!7bGM)HFriFV%jI+IpkXCW9`GT+?}e-bcec{aVXo?$-HTR!H= zF~dT_Zv8%QZ@TqeDCk}8TBa2CV_@b$mzywo#qhQKH3qTo+ocFBW%N}iT;vVTF&||X zXXYhh0!HZ%j{!S>2?8w#@f z-)T)oXPk#Tl3yJ;-+7k*JeeV1-&+7yMJoR*KZPgM7$RhTRrjEZF9%s9*%p5gpZ8+6(QD zL5ALx*AM8F6{u$vOT{j@qItW#k~xpH*U>b;9D=s5?}HVifyc_TEwq?onj} z)GKu$Y4@SU=*z`}Io?6bMinl#Q5f@6e0+R`BHIn&Bm}}lG$b#2jvEaT(qymq_3WFw zlUo1eEY0In-b{*)8`znz)R0B^Aw-E*={ogL+d>x1ESVKQdTo=lYA{*5bG|Y$;z^K_ zoYCoyNV>2jyjIR*E?Xflb7izlV_iU3&Albg;5B=1hU9!n0*3uP^PN|#8@@~F7I9G- z#<*uR3LgdIUIUM{5cX+nr%;*Xw8bcLD;|K8ojg70hJX% zI!|rAjvjs|TJ+)ISK7l8y1Od%a*md_U(*<~X@gx*zwZWE)E^s7 z)4k_WFjWWG$4=Z8QjTaO(PWQD&bd#vGke$5aN!Oko{g=X23hOk$EPw&lX)fg%#L0S z1rQDee{T+Lh>V4gz{_>HT4vr(r%MpRrhMgOM0e~3fjA+nKCZ$^{8Y8DZHOJLzCoQI zc4C+Uy`&hJy)m;D!Lqg9P-F1LU%vQxM%@5TZntMNw;FReoAGLO-9!HN4@iDw6;KM0 z+k8sG{Sb1+eQui^+5xPtJ>+iY5j=7WxZG%hCvQkticxEPpMh!%;`~Uua1+t1=UFNR z`EJ_-?~}W)mT%TkHliDSt}_G~WT@)C)5IH?cN zfw45#btsun9@zXaSUi?LOMZls!&U?M2^70Qt{iIvK(oz$ZpJLuZ$tBvEotFHM1SPqBkRCxr)#9w(^N=Zy9A z9wu&7t^BUSq}X#7KnNz(M38b(;V#AfxP#24RyKSIHyU=+V`rE{t--@*b>LpEKtB&F zG-fvpDsGx1eT$J+U4N<03Gy)h&B9 zh>r-u`JRnB7B=+0J#v8Ktm;IlbD4=n-d3AA@!c+V-KQL>-le+hhQETUwv5tr$17!R z*=N$7ZkW9zN<=W~V^WTB(d(04ZCqVc(8ggy>EMxc^nOK|#gMkq*Tm)ZLYT{L$?p5j zntP7m5l~RN%CVrUQWR*E^v-vP4sNct(4CNm@ENVPESLcYkXr1bXh%!k^L^wa zy-I$3=0u`@osqRXnqmL?rz~@aOT;1#C!$BYAx8nUOQT1-t9QV7k8S6el#?#I-6f^$ z{eHXRZ>m){8Op(<{YE4pFWa^d!N%+b$hz!>yvF%J*ziN zubqAt^w_QTbdB*C zXE%>;KMyW7`l^1nUw8HCY?*x1<*kvA^&;dcr(J2vLD|aF-?B94v=W{H;SA>(x-SFh z7o{s`GwV29xk->=7qy1G-kj|N@DP)}D6V6U>(P^6C3}@uP|E+T%Mt0rk{+Q&>YFcdZ(ozYc7-=&tO13_Q z>hT79*WfYK`w>N>9K7PEHpcE&>z`W!`` zUJ}508S{>+gsf2xy6XL${+0G8p$2chD!b0!h8s&t`L^tWWS(6~jDRklc{rq_w^Dhv zH)Hwu6o*&A>Ub1zNvsnt!_|I2bw}o9Wu(5$k294COol7P+dQ@Nma%pop6yrJp1J#8 z;+i7!6vaWy zlNloSnr6^*C4Dw9&k#(QD2GOd%+1B@rsVON6MvH7Dt*Ud9>J63*}7Rb4)e9#}`If!(Hh@u;S6oeD~ZvkP@^IK5=J5CwC>A+T=HflciwV<8&tk}!#?$-q;HSl zHL_Y?5SS~$k+*Y(33jD6Q;y=~$F}Tjm2pz}Kti9V20&|aJa!8`disV5PuH2<^f8~9 zT@T7|Abs*{)@>YYg-V-3L|Xeg4`|j3-Al*Mm(VK=#gq`MjP$Zb7shbH_thDtLHE@1 zoyBc$gYIyq1-*VAUR=_h>@2G^2V2)tW$DAcxD>!Fgo?efdCr+CkVSxuHE;$RcV;}B zw@g*`vo^(Kcrm?0_f)yj|AgrZz!oJ}u*m6junw8G-kF!nt%uaRyO6*}C;A6TrpOx+ zwE!@*5#~VLjG|F|fZHC$R!~M3s)9mXLHx7WOK8}KAW5wn1~_`RJr51btA2>4W3Q)r ztAG1`oJ~Og^xcZ^e(L8Cs+~0!fB=Ygs*bKMkupe=vMiMer!m+7b?6#xG<%!}%)29y z=#&-A`@rb`Vt*U(@-9ZQgPwy9l}%j!%F&!AwTk(g@{lT}ms@wC3mp0x$H#TGEm%sv z7)Zh7r@>${@Tfx+BEK{Q5T+lrx=1%Ei8LZ^+LIP7n#%eB>zEGVCv7fy@F(Dp7wm>L z)$@w|XEgxh?h9(IoqxSi9$ERbb@-6-JO@dm9ISrgEKT5p2W@4-IhV3Ex_o9gqv3&Y zHao`)O=2qMh53E$?f#}%A5n;NtakJIXhnk}wd;@fv zy*UBzCmv1h4Oz3qL}j}5^mQ=JHhL(exK$-X zXHkE>Rop;4-pF`FfpA|Q2=}!fWBc^Neceh{{^W0ULI6EsBfVmD>lrlzsLGGoBxP+^ zf?;GD3h82$#fx?lmOvM&l$T1}zvMHC02o%mzEy zr{g98C1I%a1WX9%I$jC$7ItqcCGGl2*`|L$W6!0G1iDOjK~n1FL94=?S1x%7z`V7I zw7vgnv}_q&_k~Lm_UWU`?wqQSx3$ARl^3FuJw}*7@06^FKFvtT$Da81D2|{jlVQYa zqE;IeF|3wL!PITysZ4y%xf+`-m}jd+0zuY?qcO-UYttXjS=@x5)$5;UNU@);bsucb zi`BTVjeMMqaIi>!@$IIi#WWC+Pkc$_$8Uiy7?-cXRx_>Eqo+!~HG$cid`7_&P{U7` z*%jvzpz}joOIxdtKn;I2JPJWF;5XH&kl7vG4XOSNTFi7-G>LY65f58`=%1pjX)=(L zQTk$1@fxFyIn{RuNr0vA1NE<^Es#mKFbkv^0-%$dQ{(bAn!~4de{HO{(x&OX-|5;? z>V1-5@V4Ie8KNS7FQTDmnk+}I||2LsbyNFCj#1uy}} zWa0CWJs5MV4JJV7OZCUyged3j4ScamsJ7%1E^{u)45blqX;?*}aB671!fCqW=p9@6 zE>Epa6EyQ$8LfDRZd5$oy&BiN7C=znB4E3d<#q;tsgJUu`rze4VF81{a=1Q_BxFp6 z*=HzbUkjzifVBv^?rECz<<~(^`B|P~orx~>dvujN{0^!;o)Tf1cP^C|;p{mzK)_`C z(a~L(Jdok$S$V4vSP-3XK$qP-2@N}xN@pj}LuFb`gXQ?rkk#-l*?#v9pgwyC!qY|+Hm$<~Jh>Z0SCb*=&`!zf17*VvKn0B_9I0_Na zOrPbiDId`;V=V4|1qhG0bc^6AAU?KSaasgJ7P&MVhmwrks9v&nEp332@>}rIMNWe@ zmGW1_OODTXmj(Inp<#-qlq5s2VY zJf!<5lfZ$3yh#sQK8GSEt;W#4c_6GPeN8%!+u}aw_%46;+cNx?3O5bEIaCdOl%!Es z?MiC3;&F^ogYI~7TLUO7y+q{qvG?oh{FV;M9tD*A4pMuo6UI_fJg0&F?30*R4cF`4 zjk1_D%FT_~AySLIsrCGE*xr?_$;vsy6`l>`!=8<9Nl60kqgZNL-&2l`Q%}2RIwI~$ z2;Y+>t@8ZX;N)vl^wk$JVuWc?8NWmh9TRFI}1KnG!LQlaDAMZW%PbcK1Nv#W@^qMZ}nkA8r6FwzkK0;c`<)&WG>_r z?<)UUPylWr7wfduP@Y(w$tOQJ?Kj3 zm0~6*`dhBFay6dMBsX3+_ozq~Zk%iV474}SmamJg3oBFhJgZYrbjeIno^DY6xHrxD z{9x#m%o_DqKKA@iQg>qlUTZt#JsE-lH3uQIu=(-NyG~UR!qr+ZgfpY-E|7-*tCZvD zou_g3Avlg({P7oo=?3(X!*$k?I@gMLUdPEiJw!qMu(vssRqJ8Jkr3}tzD^YA>(Zv< zc?Yw<%RX1+SS8&oYG3pC`b9?fE8g|9Y_jIZS=;HkuNyTSYv_n)Xr#vz)aFxrko?L_ z@FB)#zGhvwPSnDCBP_&{c;CO1{DyU>*y9;0`%CPO-xk%YMrg>Af2O8rdV&SM62YdT zj3DJfL&Uwl&vi#7pLE)iWiQvLTplLdvGH`CIuu1#w?4nvZ}0m*?vgqmv;Wk(?8I?T zLbCxo|6ExP$bc5bw}xxS8J9}Y;WQ}3DLffZ&+m%;`njDnD4`HnUpBn39q=Stx}RS8 z_U1le+3!Gd1FLHH)2aI_9030j?UCeqpMG~1iVL0MTgIEYUg z`5DjO8ICZL$WZcy*?~V>iK$urQk;@mO}RUPcin?Jv<~E=lB=U3;$Ubiy+{jI%i+Ai z+3BTX`(@=r{ZFZ4-FpHjdm0q8c|5!>RLKZa{?)32V+pyaqHr6b`q&zt+_krH=Sntf zq8B>66{Rk8Z(K8)Tv6G{FK4=*zr78-i?_%7$G4}U+dGrJ)m@WNhx=InD=7RR9ObwB zH${HU$00bnFRz8Z6a{XLw=O?_{-Wi))a=jTO*MIk#+j2oF!P%wwg?ifdKC#4;sL1h zF&0uV>vCbZ$XHrF|MK+T?^v%M*_-rdz0Fmv>NwWD*YCzxm~_uM#pYhn7rg&rZG@AL z(n zjHzL=PjVBzxhJ}A3w1wsqh>2NUpr3C`X!rkz82_`$YmI!O~T8wKw6^b>^XiN7=U#F z#+MKx*?Q0UlovYiN6rL|l`1g%ah`LlkwbA=c*M4x@W&fCMZ=-wqsvpT2m^=m4y~?# zrls0jW6IMuCHYLbi1FtupO4<9YV-K$w2&oVlXd7V;wg1SlE>^0XJfY1%uBJ{3I4~8 zLtWU2NLfLGXRsB%eu<|xFzrdeI9r{|OT<~k$tP^_0p~C8SO4G*pc z?dzY1vT8OTsT?xnU(`wKg|EMZb-owyqEOF0@VfUOoO~f;p|R}iAaX8I(cshW$*bJz zpuD71?XXBEJK(8+nD{-775g8M;1757y2eZWY8q^30^#4R8$B!V@FzPGc)HIT)IWxwkenWS#MJCHY}CuIAw<{ccfCjH?@9n61-)#h z0f&b%5UQWxTO*%axsC8eY#6=z``F-}g^8$R;gH{_KHjHz?_cLifAi)e94djEU_@h7 zU=*wPseC<;{h~zM=gCX87~P|M#b#B>~`Z;+I`Jcj1jR7q4vUpI7#4 zGx_J0{R^4?+m8PHr+;4AKdqI~1t z#Z>H@Kz@YsiNCV0Q(D7BMt%Oli?X_>^N9Z1AK>1f)2Iz^ASj6!VDpvkiAkW`!z z&tqr1s9KP$$oZML$byW|?xU1uDYQ11X+1K`P3;wK;KB`-D+B%(6~y{OefmFc#MI3B zKR7L*Qj9ERy4E~g#?B5{3*HO-2e^yhrBi=EF@J(_KyCEP5|U_j_*;7US5BD+!JsZO zQw6bww@4Q-ZYX@^+mc8)v4vy|O%Z2Pdrgt^B4f>)FM>S!1oHyv{4pc>lPmqKget;vgXW&)X(%C|rfM%MQ7OUAQy`o3>{L`OzP`4eTeJ??>8#dHBU?Bj|G{wc{Y zM#bA;yGS1|{{im*x6=N9`yHM(3Zh=or&HtcOtDRGDHNW+^wugW;?;;k^`3q)s2M+S zMAj1Ben4~{@CAMTX2AEpPu5sSDN?Z+H(O!<^y@^xzVZ7{d4U>l#O8+XY$ZN3SVcy!dv(n*e{w;VEdot3Zfvb2ZMu|v&NIo`~4MRzT` zDSg}PEGxF$XWAa_5aycsGQz^?x~rGAR=UEmMq@TgwEkPr|dzTri zQ_b2JMe)8&G|6=L{grQj1)oq8gbK<$Sc()7Y&=hn;{NiA7Jn+DU+d-85W^~_mU&+0y&&@w`` zY#>99E&@7V;=dORsm&H)?sfF2ovGJo7qAJ&ssL+)=4tC7>-R5bWGq*H1=4r=3hu$~ zI9bAQqMVsxP!9nVVBT8F9#pG(?qNRBLqW$RzGG{Lx{kcsBiOU8(Te4nYJAI$GDGgq zw+Mnbdg)|mmaW6Fm7-HWyJCJ7SdRG0pi%&PUnPpyGJ1_TJH+r3M5Cto?BL0?zz{g` z>Lv);lbwmu5=ClRnjXSsCetH^4XrGNqk!BC5A=OR5Rv(RK=6MGU4Mr?0VMX{2FI`N zyGW0k=3}LFTvERgM%rSEGnlCy;H1|hQSn{4BmHWISiWNMahr3++f$LTi1)U>y=ot0 z3v{3p^l6?U)&ul+mGf^I=6<$5I#C)a-4B9zd@;-DQXcgBX>_GhDo!eqcYPyZ}@}-G&QdR65XSw626UJe(%2inX z{MXw;AF=Ax(D33U+LhgozT@jQR1`$Vsoc_2QNz&>j`22w{=w0v&u*v%5%OJQ@Mr6L zIH8U_U0L+G^_hEA)o7N(QaoQwSdH`I4OI5EXZY6<k64^wXwn9xgke|;&YN6s42JW2ropm18o6f;k;e*^R9T9@ab$}S` z1*HnaruKntn)!$$%NO}UbPqQZRG}Sd@U0_FlCbtdoD4dVoG(Tt`YlUTw4N|puto3f zD`n{!?FWQ%?B-49DEN|+;;2rkKS=Y{+m={8$zSHvBlk4xPgr(3INjl_+!e81W_`Ri zCs*K;Q{$grn7HEFR4TyheWj9c8}%%{?Le!fpwHIE*S4g+4Gq6 zL6Ml|HlgS^aJ(mhsY=SdpmsUhehr)@_b1h`U~b&hSnn95*;Yb4d7>FAUnsppgNJ>{ zohxT|&Q=7?68mzLwP|%fKnI|Wi(`hPy_e=ZvQbQC$!H({sLEy+s}pckPLvbIBSe=U zn;>-o)i?i)QX7iIIE=7nFRpqS;FjNjH{Hdi~(z@{swk!H~J# zkyd%y+KrjjjaTaQ({H*7HCHJYPd`>2`KnXsJA?#;vd$(9aA*bxeXcEgIs?C|(Urp} zVH}~&cKsXfQ}sRLtSjt%msnjs5)iG2eG**12hq-nc&g2%ytq-exS#Wm0MvUQgL?0M zn)Bc-aO3X=Z$11*RrorS^X_sP*p_=!E4_zR$0q_A%RH7H^=GUd9=ov3z+$5zCc6l% z<=1HLIT8Wsj><7kU^9ZoT{+J8i}1Ug@}J{mt8hcEw?!&gvN`A_EbRdwC0eJg9xyAu z>M%a)yj~-nzd7%z`UJ5nDQq!yrJO6`XF7k>-F!VTjG>+dkMJ>#9$2a#*oEA&n$v(- zNAn7tKF}}Cv#-fhFVa{4xFw)Ik%Q3!_E|Vvyf#3UZN?3C3|0{%o>bf+*j&orZ#lZ6 z;phaDVX4x%hG?lLm2*l3VQ}mCD9z~18-+Mf zAcq+ol)vidq%9YhVrBqO>@zB}$K}OM2xCafCL#Zt%{dtT*qSe-5vD|fo^tl7dp zi*yM&=qKo@*)>~z$sVLaGH4n%RuY;nJL{T(V}IgF%iY%N`3`cEMK>Db1ZZcz{WK8n z{|5$gFw;uGY1r zP52G}Q?|DGyN(??8dlOr`zs$`8U9a)VW(z_rTU?`N(KL zi;m5=Pj<+!L*ca5lmWb$q5M=RJseUsIvJcYfz;9|qTJcye|Ik0 z)Z8BXw47C+r~L%GwW}%DYfAR53t;fdF2dFQzZf7r~Y8EFIFZwv{R_al7 z#&Tz$jKlTJcxG61yH>R2i_@ilEWt|T8laq@!P4LoW#?sOB0^Sqh&vzr8)u2h$fL!X zP6v8ES-Vw;n}n|;QS@<#xbOXbhYCNS0$q2n5WitrOPE7^+`wt;*{wKtP=D&Yxjj&9 z2+J!32wvw=KaH0c!9@n6kNOv1fD<=- zF?KDK-Fu(&T3)^Cow&Wp*dD4|UV6J`bve|2>RL@0o>I$-+P20LmXtWV7{or>E^;{n z@4u0bt}5ZmE%an{!o!hM@%(3P@+>`lIgxPD|h+$Wty4KIR6x?fc zXoyTlpbWN+#+3=xpRT>%JjjH-g=O}TF=90z7osRS;-Qlt44PTqwKh}Jn!HK=)LIrite{DzI{HAH~Yn{Z6FZMkVMPCo~) zGu*K=2I3S=I4Wp2ME-%2prX)k2znw-iULs~D=Fn|%h=K3x4fSPN zqOx5kMaFX1D4R}ydEk(swu?w!O%qOz^z68N9b3%9={4TfEbW44lX#)Z^s)9>ibjQ3 zNv{ zn!Bot%%~})3UVlk7K>PBzqsbAlHTc2TCd@_Q3y!5AhecJM=erTBn;0BrM7&MN`o%rOD(iFK@3_UxxIYy|LhQ9}%|WG33g_MCD4h^dxT&K)^Z_(83ndv!`%LvL zYQ=GPT}_Tf8IimgaDJvqj8o5^_M{!`EcTRfqO=`b@BJ>|ocYM1;$fK`j~}9)m#T~E z<5gEnlTgM`(`L>NC<|`P8+2VKj3RJ2R_5wC!4mTH?_%wE3|%^Qg&Sb0t`SCODcvj~ zkr1bdS;lqqnb#zp|YkDXUHx#o_t5?aPx2 z<<%aQ+csuhh=MoX^9v`b_qUy-Ju()fb4Wtf?J?Z=yKipA^JhQ@Zk_}e+{Aq&qZ#VM z$l3v-WyX7(dJOBw`}FB7Oae@~xUDi9`%PtU zN1Wc+&j7S_dFa98moH;}U9rVry$JI>+Oq_WC*6&plfDjXiMfZUJ;mc+>}7Bk?{8I$ zyj?-dN$rq#7lkZ;nTr=H^G{M? zq0*~-a<^PdgEKDQ^uo^@$MQq`Pdt^2)Nmbi8~Yn}Vyz5tMM?e6yYssc3csi-^41Vt zB0hpY``?!@)Vv7UKOZjITAfqYG(WXd;2MA9-u_Rn68uvn{vAX37k0)!b@hL%>V92g z{zI|s{{yd#dH3bmZ@mEiktO{9NXc<1=(>+gsT2dZIY}3~CXtmQiT|Ei8f}sL|3 z8t)Ccp@vF_l>myOsQ|+}l}n@6tM04l0a^DjZ{AXJ!MwwN0<)Xa?v`Sp5#pq~3)^>Y ziywm>SKY0_KZaFX`_yS(|=egdcTfs!@vxAU0cVP4o;!=u_j zS2K|OzYbZ?5mFfQ-=r|f@u=ntp9lABQQ31ZbAkB!-)exr{2iVKD55@JcDCg?|BthD zx*|m7zrc5aHmziWz?U-j_&36Lgov zacsmR2|c(v+~b?KI*YEWif#HA@8@4mp1K^Un!XJFrfTXCZ}ej|w_tmU)MP66FZtqM zeQ`wyS#)_KqvLru7daUe?w5LIt`AU%m3>J6b;Z9JYW(j2g;ddR3aNig><`i8zr9TF ze@yIuY5f0~*k28DKfm{niT$^Y_h-NR$He|86Z59PTxcj^prc!Hdb;=fFMC(wWi5C< z1!0rOO2qOS;w|esqMgU{+Uokk!k+xlSFcd4MqtVdk(d?!8cA%``SMLc@8N2{|11A} zah|JDGZqNh+HKJf)y-82qODQM1s?MZt2%t2{JozAV}CA}hFv2_mx!Rt&hb)l+$bqaD9vZ|(tGkh;{xwIlm}I4#Sd6iii@|$8z9v%_0~V$ zuLRBeh0nw$*-Gi^>Pq6-)$=~Y97K&h4T;ic`UwX85+96qdnGo-QX4vJXX6a?9qL!c zQk8eux(UxQiNi$zmlgeM0bB!(+p;?%n9Po@A-PB6L!@%EyA88i4jrR}g2GLyKg4|@ ze)G;orfv1#w6m;{gU;NFZLo-=p_=)q3!Q z$*m%Ovd&a+a@ZHx#EuaT&{rt4i zZ`N=t&&!YFUVol&&}-BWJEYkPeP|qe{fPU=q>N$co6ln@dkWvl**g8|?gMuXIe3Io zUdF`t0)|E6?l7;bQ5vAMY&V-V#^4;qJLlCxgN*O$$)ylBTf%$v)J$CyD42k)@?2og z@V|sTztnhnh%?){M-tVG6~r(PXd?Ms94Gk=^Q{Cl8WAh(*=j_D_`GrvSi zlL^jIpl@$hlpy}P^s#-K$R2l(czaLN+2-?2aS5sSZ@Sl+`NsyYmOp{qV)EKN3}Km# zHTK-fwEcviXE2-``7QRw(77~z82cQM^3(q%K)QMReV7Kd*^ot~+y0p8Rh=)}yxy)) z{|)StS5QyzL~RvP`?IyA6>=CNCfX&PGchO{d%ACoPCYknt(JBURiKye-9yUiE=x!9 zvxLPz`)ErcOi~G%{*u7(%A~YG0Q%Tdl+X`)!Qm zU5wZEQj5JN2~7L^8RW`Z)jZSHESgwWpjvN%!{cRfPge`=LsjYAyEXtX>?3 z-RjQ!H5rp7hpjqes1*0gE4lV-xyP0TY`zQF&t}2N+6w}C+Gb#bZ8IZg1|rJ!D}CvH zSPP0eIFmg3Z=eqCvF6T(Kc2_H=P#?p#L$wIDWqE+yVxouWfr&FSKePL7oU9a?m=?V z_)Cf7?`|yP_4=^m2@QdAWBri^=>*-lgkyWg@-Vmks2;0|uj?Oum+5KwpFF$=Vfu*u zg2CQ2e4NDKnS*!j(eCq@)2ErY)xzkr^U1`Z<@PfN+S2K2@OvcdbNTb;-{<&G76w0& zn{zlWiaNr}w)$R49lDP&WNX#s+=GgRg&lK8I7pj~YGs30>>W*Xo-UI8wYAko<2LWY zhv${PZ15j)MB4vdx+HXnaiGOsI;Q=VlxfzrsIa6}6G^{|*KW3%jmWv;uw#HfL#b&= zJMZn$rKfIF1Ec{j1`1xU`Wqw(|KH1Oc#^b!U?JF#o-X>b{d?7i~ zb_zf5rp5E~&Ie%^$x_K*a~F`trLs7B7G7D?A&Id5@EIq=@AbdWNkQgYY`0~oWfYm7 zq5Q$cJ}072>1Gl)>m_0nCh^eOYQ=>fq*tdg4bMx=ySj11{m94po*SdDYNt%0^2Qn~ z+9hyp84et2TG{8BD!uyt1vI-XZE7A3u1fWO%N=ayUvAX@;7DZ1^L}x`LfJ}>B{^g8 zDR-sdgtA~=j-s7sj8>)X@}`S!^Brdu`&UwaZzn?4>gPV!uV0rCty>BWzkW!R+ycS=y;&fk)UYLc!c?nV z!su!mtnQi0+3m|#5*Yh;f>!b`vcA{b?Gdgzq=>{l;e&6wId6Gx*BZh%XA>^f!cPe8 zqAbJv*3Y_i!Z9_k_=g?cix?fK@T0y_>D5&DMx;i01vFz|vwghpXA2i!ef41Bkj=$h z9dGBp`*&^I5e|!2hX(V69ohRHERur;uFFUExr{30W6H4uvfGhdFKrJiLGQqQ`%fGn zP>6jj6Bp3L?qzKbKbgqTfUMF4E^c$qzIvMJ(rR`v?W1v2&13n5LXF^-#}e;5B+T%^35lO>pmhiVlbTDSB4G5M;o|X z)30_Xf0RV6u~F=eCi+($HtWnZWp~zDym4rMU-RbW9xkSK8D@)og)~N_BbQf^W7^VI zuM$5!-{{8lD=CttN0bj;O7ri8)OfuXoJ=fMTq8b%RAhY$7%JeE%VBtPdIK3d7R!Nx z^Td*P3K?s)IAzS9d@|2_+{TEppj@zjfBwm`q3%4^gIu#qHV?2bBWfty7dvVC0wmft z3>ccV(tB#8Xbhg+VZGG`JE9^dGkU!OMTlvCN&cLFAUA?`gYD~%r8knOp=W5<@1{|C z2e2d~V^Mr1wX)*I3m#EkKx%o1R4UTMlZJ~il6Mc>>G;N`1^m&wZ6fVc(;~i&L2|3j zy}J)xv~IopnqOd$tln3c>{@-}Ri zn?$`25#0;xXHKDc_x;s%1WiPK4x;XOQxzA2J|=&GD)PSq7?{nC@T&78(LbTnUM}FC zEKZ5|IHfb88uNEd_Wjb+e~hu*d#Od)60$(JH6uaLI9&0hn$Nx6gQoQm3|lOg$S2=V zt8g0Fv@o=8Fw(Ab(9b95ur)Idz;^f1>hHjVvi=~~!_j{Kjv;$}|^OAC~uxrU$ zlnzGW3|`+py7QCV&6WJp=K)_fty;;>o4QKY7+qqJ7Qfl(ILYyJbx2G!aggT6X0`3) zmb7h0-Lu-&8q!9m*`>tZ9KButA!5EG4d8?AJ|Ky%kC zu-}>fV_7ex7VhN$(#8WD;Y=)dryL&1)qs?#pdT&0Wh1uZ2{5O)G?K;z=Yjc2E)DK1 z<@CE^2b#E5n=B*I2~-?jDaWRb(#_a3fAu%7WX1g5J%u9@6j20+L=n&2Yb z)BhzXr;TU?7l?_YJHf`PGLaTiKShS8DW+YVA|^Q)pw6 zgMJ!9Xk;jz&g6sS;X{)stkuYrG~vAK&ik1H+7ydVl`Xxc;O+@0-%s5R`y|v#nOTPO zO-{G@U(L?qfv1&3;0Xg#r1L|2|s_P*ot$4rlNFbK~Px3E+;8=5PT{EfWmX zh)s}vk0u_jiBuNSR@pU|Xxl-Cr`yx)5?Heb7d*HCD{$NBkQ10s%B>4awn4NG5mwry ze9Y?dSoZ`d=-?-LHyjqO%vyx&Z6}{ESH!9^o;*^$t6gmw{jQnu`SlZjog=ohBf4kKKb1@4p#qD4Dm%dz2Dzu!>@6VmoU#+A z8HhU^>&K%^fv6dL9W&KW)W8WNe>YJ0#=9{&SLG@s^+z$Ase??56 z0d-2_1Q$7C!&yq}h?%tm`DZ5cZiSCjlp<@K?QR{34n`$b$?V%NJI1YVeG3Oax{F8U zF}2Sn)DcJG#a_PeUnhRoB;sQ@W5=MWCnA!RtP1X1&qGRI`%#kbF|V76rF~9Uja{I} zgwG_VL|!tfoO$t_W~ThpeRGpZLxU57@&C&&v3MO~P@>f3xrg6tOWO2aCDfLOqy|-4 zDl&q51-2MQc=y5WM|TacN#6C^Sib<83&0*STM5ro0P`#uFcw@=b=zHOFO{id1lMH6 z9|SO?5hlb*PUpqb6P~yRG{pV)r6GVP0;waYS~B{NA`+tqfPW?0TH81Qs!sbAwB>7^ zld~NuGL<0nTSkop=vD)i9V>q5UVUX6nTK$Mm74X!zyZK_^fnu>*zLcY8EMZtO1Lok z4|;U?JH)6H(!D}|lnY;yfeJhPl&<9XDr_>>p*zVNabxR_9Aew@X}U_Vvq+9Ep2ZWf zr=e6LSwlDh$tH*CO`F>-gjL?YQ57m=uEizzk|+2 z?bzWDgLYk8zE=Tb=}WhbM@Q+rT;N?J+i}Icwi=#l6jExpLbu^KB4xZ3Z>?Q$Q>DO> zFx@7KdIEC|{F3b$6=zOw>gXA7sBL}ZqqjuS@gr;$ni=W&sAm# z59cWQ@ycd|@${cK|Me$uJe)f-+4rI*qd|;eRoKcz@N<={6#8=6rm+l~xovdK*3H~; zZu*+9o=xSrFMR>PeWHGnx=7+ZqjS#(dPUVFj&ee1P=AT|`@3WCot=Hxk`R_{K_Sz$--|0HfSD*5JHTnJ}7QMiK$n*fP%6ZHf z-k~0Hu7+%G63*pvsLZ`@Q!%M~*BOb3ak=~T12g(=E)%*mizRb+QiYU^bCpNH;TX)9 zPt08G+L>yW(@z<7a6<|%8|-zrx%TaO^krf!^*c0vl~d|R{n$Zd$ZfrJT7%{U@{W$5!%M#^ zs`-}#EYI|mL!lYZ2n3(WYuABTRdpeF-E20HzkM@t3U26LSv$vK`=P#G#-dv5artH+ zVToN(+HxmYGP1koaHMhukw?$_p892D?|9$@Cq*hf_itey={DfOly{Ae1+{?l^?Y)I z!|ZZrq#X}{bxPox#R*t~xWFz(AOqQtQeX3W!`~h)INf&1FzBl25N5FUMdbzZ)Bpda zmFEB>4Shd!YVNNkZl2H_GGLRy8FGR87d`{yGnED*bm&*xixb5UvyOPFJo=#Q-a20v z=1o$8uL5ji0iXX9F2sQ9{C5_nlGAg@$3OAtuF7Y<7w-7{?S*K6?2kiUs<~_H>(ILF zOSo6gQSCYb6U6^uX0@R}46&jZw0g?DSMHzU7U`c4@&_&d&#~zSr}_l$l^R(&6monv z;yWsqun_WotBZ!YAs`vV3m=M$!rZn?eV8opGzR*dO99tbO?{Sv8ON8Kjn}BDWf|1iMj-4Qtn|HC zL2Yeq5xeN3m?PBMO{cLtX!k+8iNX&1mc?Q*uq9=cmXKXnq;}zg2mE7=VZ_f|T?L)B zaT#Lzo)!^y^74QhnYA@^)}7hX@-36564VQxg~5uagiB7pd_KGET}qksk*IKUO4y&_ zj+^OvTx>~R?$gLNVKhYnT#q*?UBej8elyHUE*#YeNMlF6VfG{kUBgK7a&vDdLR^Tq zcJ?#j(Xe>Ih}U=?DxK5=!O68bZCzavZw=HUx_?-5j1@F_Vx7lJ{k9iN>>3xU zc%5KXTN5o4+81}%c!+3z#v1q}&1iG$R6WosM=558q7_?qZN|~oh&#_=FKyQK^@=@m z@7fMY@2-xi?jk0de%y2{=SuN!HG9ExdX31nfL@p;Z=oM2!dN)C-+>+-UFtIe+ovi# zDoTa10n2T2Nc!`9`|_v1X}I+n#7Zirj}|5EA5VHg0IYf8tiFl zqD-Fgzv27g%Me{=<@gbwZb?1*+>wYGQOs@Q6aljdeM{+?>6#Q4B7tQa1B-7&G(znX zC@D@FAzJ~f(%6FxABpPkgxy0%viPwEj@5_g{SEy~jmR1JK@N$d!9=O7?6uf1s-@gz z7isX?zSnLOYh|z&V#ls*o*{D8mpTpU`BMVE5`@-s*`JgMUVl%$=(hAhI2a~1jtzN? zy(t00X$)Q8Cog-|je2Z$vC>>|uCBM#tz&SyB0EsU4aYcu&?dxlckb5^VV76~A!6PlN!=>}?z#eNkJlco=ddQq9C53wz z^*8sGw+mIWU81Y!_r2bsF4#Y1O#$v z?3G*EL2kF7F`wqDUIT&ilV5=iKTqR|o|;bw4TBg_?}42uNZlaT-mrAZ?y>`RRrd1b zP1sQb*7$Yl9jX6_LH^B8ua&v40(&yE`d_xLPieI#6B}0D#qdD4{IRY*j52;92L&(Y zIN=+Na04E*3chNFtGi7oL*v{281$|miPW5n_ByziFHG3JCJvHC$hwEcFI}MoCOoGJxwC{eXU~8K! zj_tFmqg>v3E)ghY%`XjiS?$wM72Ch3q@uFp+WV=NOs(eXdDC5oseoWmYaN5ouTO|= zn4uWI`KuYsZR}+k#tOAC+ayrwJ2F-gk+w=G103#Nl^g`boF;b`Q@gx*n&jc%4ILwjsNnIkDrV~-T*tHZb;_%6B(MLhy>SL z+|5!rK_EpVvjB-w`ceZFuVcGXOHcrlv-#JhsTK^~8zo};A%#$>`Ac>QnCFErlg1>M zQ-68e_q>{L9I87?pDzjb53o-L!Z;$G#d|xm#u;GfQI!q^h%b4q_T~zL121;(2U^^j zE2oqZt4;K(@9l%Csf~{#9&EKOkV#m92GyHag$*)H`CUa<$ zoXGuMO*vu3+4uioGrv<^|1V)V$ukWdv8T-WuwaUX$5)dS#fbDg2e9tr=jyu;r&iF|A_smr6iuGDOt2ml&YcnB<3t9?JO@z}j}3(W1yH zh!lHSjDb1M)H7kNn&3t$J^Z(WxjJqM9rbM&`7dsZsjG@(6tR7E*)AA_Mqt|~*#rDh zp99kpaS^1P-SJ{XN58_K#Ft&oOZ^h;YNQqyQwpx(>^w-3^F??W1-gDL zTPi_UJsn}2$s5fh5DLVn<*k|Zf*Yl2=YxU?$Z9^oC%h(gGg~HoI-c^*MqV%I-h)qk zP@42w$gOnVQy;E0b%GA^hq@Z?&5trvsoshuVW4h6hfR$~YdE%Jatva6tViC3%ZY)EoAM2BK8%W^#E)G`w|d;yPK>W%{ji0 zR26k^e*)d|LpqHaki^OoFVi@nfNq}hcK_MXBgkpAAxE+2#3UTJHqtKZVnbILB2m!*f7hXb&MlU8Q$Pjqly zxCJ7G{q`_nBMPiTku z60-}sLgV3D&c6n%v{jjz+^oOg;UwF2Pf1`I&b2Ga;9#KM-POh0=l*F3Z!BQJ!0Sg{whD2;)Fh-C2=6eqy-e3{+PM@^6F(C@Ja30N0EZ~kH4Udz5dh(cB9 z)kZkt)>Vty`MI_M-o?+dcoft{>n%Kag-sPdcJ$%F_zIKLP~M$vqKglf^`}x6m&^=y zMKu;Tzm7r)E7*r#HAvc^VuJa&58|F5E@+mc>RMor$>DRx2O%kQaSJV;=)|cCv2Ex3 zQPc89MyWY^NO11OL?| zI%6aq2SHv#eQ5Jg3zo-ezH7_15>aB6?on*nM8DZsMmf7+-~+6-&$XRgZd%h_QF=FQ zzaOLvL(=Ua;2#q5U_~Ec4@$~-w5&(rKHp*7iHA7yN(N=6NksK{R6Z@|#h@?jSnDs+ zTt&>$vI80fAR%{vcLW!30gWy zW;B+blmfp2dfET|r~*(fo1+7A36H<7!J{O3DCdtkQJ0wO3SM8DC)}}IUWwiNSBhG@ zuYa)02-|dt=UTPKw`WKLRL1m;ZCOF)hcy;I(}-QuYB;Z zGS=CODMFu~)R*s<9a~zjP0SbAj{w>b8Co{09=&A_vgNz&Si+QD;#d`$D??GZA;V6X z@Z-pfu;a~ScmRul-m8}x2p=cX~~40?1m|ecAAnV*lVp@vBxLEG>PU75ded~xM9@E?U>;_W=)v+boaUTiC)m|@ka3F6 zgf@&sg<=PVXL+}p1nTf{)gxdE z^+4>E21SZLvvA{aVd^-STLy$OmocwC(w~GfUMETG+{Gl^EVw zPbB20*kfhor+oL+iyd-ZwHvka#NT$-~yF{NG5WxcpFCUap(r=m# z(<@%51Zj-M}N5`by6$>GV{C zaI7hi$odk@OU3Mh__@1$YS=Rn-mhE9ge(6+@kcN{s3~&z7)4ISLMXy7^lAn{&>lX8 z*=>MWxmz6SVr(6U*NytV&FR-UTD+U?qVutK0JbViimLh?hyInWR=vb@Q?jK9AJOHX zd2B3pRm?+jlQjpDgAVl$3hlKR{EMT9GE!Ctas3Xzy%^@pucvfBWm|HEK^#D$&(lTQ zi=v8b<9C);nH9hcQVH%aC(6xNAt#u@bym!H!1XG%+Nbng!6l=;*TfQQ$tymoa5w}~ zy)@`)+R*%{;#MY+q$=^sa6|TL*n+;>BcG2#{kj?B1ia;oV}?%i2Sl573Mm~xx@z_k zrLFm3kwg9?LbU(p!4Be`>qrmZd&JN*#%sHVZ`Kd%jpRW~0j`UX0<%<)Z%{U4Ss99h zm+`Wb8k3jd0rP6iy$>cLlGbx=%V*v?^w>mgwnHWfy1Yk+W7q2iG0fP`(C|W{XcdwtPaDZWTu!IEa;_-}74PH;&mvKxQNDDVumEjs3h# zqKigsKZRR~DT!^DiZ8C0l2@3bCh5oQT3S(qf|ehRz?pxPN&l)#|5Hwg6DAE5o`vpy zuLN-&I;|qz+m~_ko|o&$SMrj(@9$4=?5G^UJX~WvToCQ`a**~gsm{n@WXA^P5_TGU zr~7^E(jCaIP$rNX9kr`&pB(V)Y-@8dpn~Xai(F`{ba*YTr@c9j@nTI|M>Bi0SkgECL|))!OyP902p~x8q$uFOE=%D`cQ%A$yxIxu8dC*otpOx8^=Sj^jXkNd z=?bX4$_L)R0Z&syhH8tFI|iS@$1xD~In_T6LrVRSYObC}C6*TzI$+q~4W7KEq@={O zFj8buxaflbm4+zJd`!c4U)YssI$D^Wt_Po;8 zdwuRevBeT+&NtPp!c&pEz#W{}&ipEs>|n2-U=xX-LJ^k$>NTAtcHF(euHv}4yP!T| zcwF*aJd|=uVwiBGV^pT5zW2P6w|~@hJ4x6L#OZur%tTM}MS5wqEV^V9Wn|{zlFlGj z(1TjC0lz1ZQ5qqauWX2Zxw1Hh5qU>wxaci@8+jpa2SE#gGefDLwYPWe`U>ypNgtC* z!rkv6^}mRsVS<6z=Kcfs1y~rYiE!K#2C#Dg*LE^C?Am5I9>eBz?J6{ZrdpB`i|=A7 z{^4ZbPYasTY*&GEBA_RIe7bXOKww?6dWMT!SQ)L^dL|t!& zYxK%c9gOZwdZAgM2!HUMd4)82qGOQYM7vtr4chV)Z`IeNFsyms5Z9D$kdhX=a~%8~ zZf{v@1Nr~-3Sz2UofWnuy;whhv9xdTRo?_UOFgQv8LmWbSHw_vmu5xJt^5E^DoGT{ zvXChFJo%_QdqR9gq-eBuDsQU^$djn}B81e(hMr~?04Gv)T*;9J3S)-NV%pB#&9Lt8WNE4xwbtdFT174=oF-FoXCL7AnB* z3**^Ky{Knq)u#697cFdf9f@_SVBw#PUqdw6%Zf%+bqdSi{IG(DE zLDS!pNbQFF0BA;OhXhz}?ZVv^%z?kxs&d4NFRAJ6ZLci~?nrTA)WOcOGLT5WR;hm- zoC|W`MCw%*=+}tldvxk(R|@raiYZY8xFZRDej_fAuqg$?>tytXr!Pl|C5wFUHPbU> zVLG~pvH3EkrFO}S4^N;mHyM_$@-9?Z`B>Rpj@t|K0rY)_q3( zzq9~OFTn47-v;M#|3r29#oIt<2U7IKkL_o`b}MgSEux3I+!doelokc_z-|oSMjARo zb~l04-8;AT3x(jdIb;fKEJ&()}Q`3&|7Bc^5x5O`;-PzK+SP;u+;wkdoGNF zPpc&N9|hL@%;VB5hkIV|$=8(TIGx>5KVz|sG3FfA!4+e{HyZ#^h=8&K$(ToihN+O{ zfn1(!c+Llo$?ou#l@&uY8)XugjZW#6nA84?)592w0!q@m>5}kM(>26DVNRY@XM=yv zt5$%{S*XvYnX0XT*8EhnmLF-}tDPh!^^I+86Ka;0-}LUSTmkZuTcjxClVZT{lk7d- zbpOaE&;R82TGi8z6^pZG9iCq?TrB)~RUU-|y#OS%Q9D~Xle57Dldbh~D!!qV1KCfb zjyJd+yNhFtDYmqz;QF(D&CT02VppJN-8ezz@3PxlUUm^7~H@iTR8c z0z`;alI}>Fe>@=0>&0W)gJeN1nG?2Un0eYo_~48^2S7;luewgJNm%8bw&B#Oo;LTq zJ>!A?o3=z2k3l_x-}myg8IA0J*J&)jol{PFeBwCg#CT5nI@r(J*YR%}gBP`(*iO;J z^>mO#?ZKJr6#udxwzqIz`LwRFQgmWB$w6nd%74>w_}Q%U!|%Ipabo5Y*Z$8C|8M}O z@8%?5_s8stkfr(^dV(@Qtg+k&p0E@Sy`)zlKToEOxss2P-G-2 z7kZT+^5?^RH9U8KdjBC?Sg8PwmM`*~1ezCz5?(KzIF=_5Pfj{1_kS>N@p`~YSml{( z^3S{vH?ug}Htajb{zU9c4>TCX*bN3vUn=QXl4ogU>Rg9%%iyql8`C>!@%U75is46R z^_(<9^NRBU)=Dbb%*B>pnz``)9C^SwH^&N0QMIjea+n zFrB_@U?cUJipt?pT8!Cn>&W_go=6R71&|YM=DP5o|Dq|kI#BxH(z1(eY&@T(Ra%k$ zM2T~TE80u+92FZn|1>*^dzv42KO3-_y)KT^F0gRo1@TYsKLR#<{s)~=CqCzc3jRG2 zI%n@6siuUJX2MW%T1feIIxhq4kvq$``*R}JqTlKZkb&de_)+)gpL->Ji?Ia>Zxt;;~aJvav8lR6cAJX#G{js-DKEYRK=O~?iG z33|5!}vt2%DT+CtukOvz+}2YX|( zx{6TmWeRNuizaWou849KVT$2xV62iYwRNPxzyY3JXgc++vnlx=$L;&n1F9bY35DbC z_P$bM*w-J~Lj-b04Qy&Z!mE7ie<`!?+H(3;2wsYrDSjRi$5L7?u5$Tu>G|`N^u5Xz zYap@bUw{*R$8vI_cUaF7|NnD34Ukbeets?XBMwychVHegP|u8x8oqI8>%lrXFgDt; z0rn=V9?`|@R{N!qI#andoNsIA2)Y-j$R!x!(D@d9Jb%e-6Z+Og0(u}mD;Yp!$w686 z>3&rhFl{h*`2Ddgm8}>o?Jz^3A>0KBbEKP2BdXyuF}J_$>n{ue^tqnA!wHD2@p!~% z5uuU$;0O&u1#8{p4J}iXBQo5J@^*A1SsE#bsiArd?B-#XQawi%0eT)REk}M5$L*7z z1<3x@Uya9UCV(Zh7PFUdJ(GeO2Gg!or~yNh@?)8w@%b&&Z+4i0x5MtC+N&dRjZw$%=1ipZ*gMumOhiCvq|;Sqqtp%UuAq%T)NbpaHhg8KxdwLvTO zI_EjRod8bPnFd$>#WnoY2kbF93WyqQbAZJ^@Hz)90+*ZT9ls7d(N92tbmd$*>iuN8 zeMgL8O;>0C@sMR*fx%&kN!sB;us`NAYNQeb5^=1NXF}9dUaa7y)fTx>w+ze(v^&MF zGH|1t-lpB``218G_@oD1J83pQk4R>4pOAWJ512Sw`zT1`lwte+Tc0?~qfp1KrQV8? z8r@dJRtjIVh>Gw_Pz|a;JxmTOSuO){fm@K>gGL z`A*(Tliz(JoF1l>s_J83D&_eu&}jgu?Go^Aq)7BCO#Obh4eSQV&0-tnLoX3}nFHS5O^6Fd=E%`Q*0#GL_5Cml&_ca4Rka`aacWp&<+ zrByFX#1}mA0aew(6ogdf=e^p1xq?TCFUkNGwWlJzi_^?##?Av?{lWE)%f$_jALKX_|-= z*x}NKZN@O~y+FuE)WPCpWgCX~l2OY=N~(LP6se$q zOYdl?h1~4TDJ}Ha1x;eN#vG)0^cZqzda|k$g$((QXW!~Xb&D+YK=jmu1L)~$5VTnS znXR`)Ocl1FVEs{DfsUlteXXTxusI{ECQe!ap=F4>r>%Vsk8?6Oaac(++j`A)vr%Dd zHY;oaztUoFYL3gZoq)Gh^H;LfUfELguHz5f_j7YliVi%xPJ+o5o|LiDIK89N61kF2 zgYVjTw8Djo(#^={9T%jL5~YRaUz0!=~!W5qH7O6za-ntrdI?ACN-l}Fx%Q6Ch;>ge`Baxsv z6WjX>8vi0%jWN<0mkn>hT%&r3&$*6a+M%0WV3pNx%*8d#9qS2--)FY1GTSLR-@T8xr7}sCBdE8U;)LzdKqA^1nBRI_i zSd2#Xp~VM@Cpto3Z}RCmNUuvCmJ%9>ANZJuv(Mrbe!A(Avr7Cz=rQxFTH@2Z8vozL z=F1GVUsLp-KFgiNT-ar)5RM-0UZfKD&q+KdGW!K8d^N)Gh1R86?cBJu7$7T$Xj%8)$w>|=y!gbKmsHBeaXfOXp38NvILki zVBTE-n0trZb{jaldx>nqMm8nTwXjEvF5@=eBcPW^Cj@O$4OYblRzq9D7TH`Zt%;UQ zDpCD)!Vhl=uzPn~w7!TZEMHt`ASOyMUwi{laWTFVUSf8pl*+&2CF{5$QwpUq-`9@l zzas25u(KtYx>&S9(st$;y4j9tRBgHciGEz!z2}+08}9Mw=_HdqM?Gaw4>?MZ0<{FL zF8nm67p=+Ow$;+=AXRX~No!0Rmp{@x+E*xwuJcatU-!p z0rCiX?k<{(-Xpg35%oCK*UKhcY|Ixbf)4Et9NqV`o8+p~A-^SyCNg64I%8&#hs~-D z*>)1Sezd)55!~QW>`t$^`=r0}O3$i7#r|^8_1d2BS|YzuB@Z2PcdK?%cf@FhobP!O z;#FpEG3!;;YaFjq*Zi6Ag=2A(mOEPdwOWJ8D26%QiUa7jeRgdkc$dOV~R z>=^~GHj9hAm~9MqT674*8jxf~Ml}GEup{ zM1%k9E)qh#aaRuoCHq_*TaT&OaQ8)6wewRoC|*E~(QXROYz}@6iV~((T(&mm?dK9J zep|NMC6xiP=w40l9S$dIHfRA_OrlStw6HVHfc~2!Jyz3Dg@Kh7O9MMXZCEl%hB`b+ zTPAnj1ByO$;vZ`0h8|dcVe4>8;kz#g`euzg{<;7fatS-$hlnBcc!=D2YJm0r${P z0iv5;7^L&{E%A=%b~E%?9IbQ(+k+DzX⪚CyyI0aFtEY8UBbkT0$VxkR`md6<9aQ z6<`Wj1d}>}fGwr#2$J|(do zfY7Fj!U4vfLNPS>r6j{OW&TM3VP7DqIhLDv^CJ~d58H$vmAXc+hxKZ$9_Cw*@8Z1k zQ8K8>fwE{){c6xX2snRPKzPBO?tT?s$x;3S6$ZK_0BBZKYFj^Vn*3zsD-~n2NqMXp zb>K2K0s}_HQkh<7@(uG1X$3R*7_d`H2=SPViv$*hW5q1(>_F)_&G*2eT}VBQ+w#o* zXY}w!Z)^2uS4$9?1o@^A#ER9gP3^aJ{(2M+Lq@hzX#m-OOpz*f+nAhqShlm=rZC#Q?3G06msxe ziL*r<67w_iNC!?J+WcTF?!zTUbdg+Cdun@;8zKy=qRJl5crH|UaymVC#> z0TV!bY9e*Y=#|dEx7L=@9WKWa+4>5ZAz%f#76B2bxuKC6Aj4p+UV71SAx>A!dT&8{ z&6hE7T)fv{TR)I?OfP_8d?XvN?fM2*KCf~`dJi+(RuSt3vhnq9FeDc1b!~)>P5jly z(O9v-!OrA6=l)9~-?ahxxYQ{UqSp_oGl&em?iQpFMp&ju| zBqd~ad;kQ(*ir33kPJF)Judv;gq^NcR08v!`z{*+(gro^nEv{mx&jK}q&|H>)yyI5 z92M3vi8R@jj_go_MNnI^GOb2@50JmJsAq;0U#HZ$Hir9hI`?+YseU z^y)5U8o$14`vjz4{Vnssva-hP`KFxpO25Te4qumNw#k5dehx&^=wZLtB% z4R;;<@#`UqxFK{dwYS1>npdHRoNHdCcRy-byo)?X)f9(tSD~q0T&jo<86O;A^^&9> zEXU@GWL!2{{EjhWJroB-J8DBu>pY5o7ZHH)bkBUmv3$wj;N5^45U3J>iNZPC-U0-a zTR(}7eT;78=?tLS)SjW%6>W+r@Ixd@+VhpKd=#qN41L!J5K{34@om4uf?IbV2mo3I zYxEwV9rxCZ5y4!JK;ZaGWtF@JtJi!wfMef(i!7Dxi3|tu;BI*sRu^7;G_1$VFKNWNA4-* zW-q%E*W7KtMRtcOhvLYm+Z@8o#uc+e!OxWm3?C-fXzLIq(`C|8fBvd1TB?^QRd@p& zY7Ql{ed_{jyczi7pj5uGNjNqT@Dpx3%syjw#6`AX8!cz$+J;N^BM5qUFlohIy>UeW z=XL8j+r|3a%Ex52_JUvk$oBqohT$*r{zn-Y_(&b8;%(dz*}yR6q*(SQPosUFr(12o zr3Th0)fzi&3=`Qi|CKC@n|JM1TdzipJ|elEEri?%6#Awi9dL9IhSlR5Ve#L6c+KXm z&?|?Z-1+xg3{3k&@tA_?hrh%prbxi_#%&8$2^wg$VJ5swqn{H|cfYmFUNS7&cS}Cx z-xpes~ zy^YRxdms&~P)h_Va{)V^qsqJJ@}E+g|I8!)pQHpZD*yZ($IVx%D-wZx5qviTFS1sR zr^2+Zw|R2kx@LnjGn1m#Mw5o!rMR}B;dhlfNb%v@o3Fmxpzbe8ym;#+{ihaH54 zrVCJxDqP09;$9IM%^lv9Vuq@2aMbFaH0{X4i{$X8Zi{4kucsjzJ87%{sJP$k8fWeH z=5H~`e0F)R?N$ZPjsA?1hK0N_rq0PjE|YjPl#@G5U+X8a3I`ye74cBFs>x14r$6D{ zuHtk|>?1}~z2}T0aDo?k6rftDp zom?T5j!%-bIIR0l#kfBzFlIe?uNdsVHZqVuGX}}C-U?n37@Z>rixn+g6C9~t_#`|c zX_=5$$qmgJ$_Er5$7lsqQ@r}V6`0zS&d8I0onE6TwQQvOVKGIx-Pgk@T zZbM*PW8bN|bjLAkWgK$PB%UPY8*9d8dXmjIA+rR4Y8Th90N$|*F+AKWT7IJcsA-(> z9be^seVx2k{otiHHrgKxbU+a5Lvbf+&GD!jqnNCI=40M@m-Fq>jvm|b~>1@FGWx4ujW&ey;J0EFXO) zthfiE7*&x^^cMi`8R>OMB+$X;x8jr&~>N_!WkRwQgg zCxtKo+c#DO@C6j*uwHO9U2kCry0a+DoX2^~GrLn9JWSTLb`3J7<%Totf;S^EW5!HZ z=@J2J7#V&O-)R72snW)5dCYYO7fQV#ukHCDxw(5K4ucYc9O?AJJNU`!6;1WgBV@|` z`jE!a>~~_uA4o+qw#GBqteTz1>waF7W>m%%cAgp>A0{v?qXvHeFTeEv^Iu;Z5+rKi zhCnm(1dW1v#4usDx}dI(m@X~2di|rM%+^qez?J;b?1k7&JMQ@~czf;ljyaeEmrTGT zgtk@}!41ciwk}xU?6;Dd#vA>cUtTzBb^1C4u-|0_3MT>b??B<&?bq9xGYDUPu;QF0 zBH(@loe7M?wg*b(MzdLg{lg-QzLW;PbRld56<=14xnd#HEcFu-@I%k%aQbMgFf%s7 z=9~Y+G_^ciVeOJNkwp@yo_OFkWKR=YuGM?BS=TtGZFWBab{~_rJEoCoP47NC!YoAf zD~$hxWjB_VbgZmgS<*eLw+YEgY9S@=_UM}XdOYE(bHwh_UZ~caHw2P#Wjgu{#dl50 zr_e`9Yq1@_Hn?QI#0{0ln3J&TIEy*Q8`WUQ1Re>I>6BIX?Qbr+$Yl%$lgT#k*y^k1 z-Ad{p4j$BFPcD8@DL!Q9(OOV3@mM}jfQbZZJ>f1*?HW%yojH?i?G`Zx$_!7kM&#jb z_I78_1-D@v30^E(@zfB^jcFIYTAaLm0rz|)@5!yLeDHUjirEvK8Rs5LD89?+!$=sK zBrwOvI*^N1Vg62bCJvEO&S-&}(CR(LVS$VYFOfTndEBY6mv8Pe%d73u-?J_?J}U8! zWO=N^5g}E$=#RP2iBCcoF_5s^J~)n_p`Lstk{z*ewI^;wbxSjb=VpE?^qP0>^{yz5 z&4dX7-(s__C*CCp>#HX>(njp>0#Bj9D~F+U-tB3R)f>M+{kqNgU%&*VPpWQJR&AMI z0AD@vwXX~HPTX&-|KGg$wc0mo_gv~;T8NmtR(WnBD6^Gu$+|wB@|j-*WvPUv$oFuC zzkLp-I5Qu*DOyV*d0}PjDb?RU-pzW-KYb6_R|Y_EBJ7lAF`wtxBU=8K9_~LAtN-*7 z>HPCu?KsUJYXyT^fC_&}9$O)3@D5vQVqZ5Fy9X_=q#NYL*hw+UpBg|mAns$S{)hPY*^t|p4d}6Zj*dD#fJVhrChGEct?82Cc`HaC z^+~mz>eTe}fDJ-_%b^0Tb%v{Ir)PPU<Gy#+WbB>g(PSOW2SWlr5XlD6) zeEU4VZ?Tlc>DHf+QzO#?Hud~1_W6HCcD8`;H`Gua|K)4u1Z48Q1?I+5h0B z{hyKjjX3(>8(G@59{7)UAFzrTuLYHnq6PUo9oiC|NC{8Vx_Y((%N-r1B+(Di9Nyor zbLs3wf26%=M*l4jQ9 zLQ9##p$%$cH_Tj~<9ZJh$K!8h;=AgFU+0ZKFP>k2-}N@@pAz5y#jn4%fu8$&N9b3; zI0wKG6md@pLV_ybp%lHmSN7ftY>sYhbbaJ_EbqSg9i8!NiKm{+8N zd6@NBQBxjQ7{Q3ikB|4M$NQw;eWd3gY=8#SLVL; z%mQU;C-%OYxU%M8njkam1E2O+xRO@K1Boo{<_^4ffPPW=C<<*_wPFSFFpu^YFj72KI?kCV-- zUcTIx#FbfY=$Z5*sZ=qBS9ggo-wD0I>baY<>#j^<$o;(N$<2p}%%;i)+{MtZ)1?~^ zzdg9j=Qaxdc8;pjbuEH&#JM=z#(wpKqxVt8#7)+{dtl6q8{)HD;mLQLzW~_)=L3SM zFMwEq%Ivoat=6Wd;N?$IoQOdz7qoi!3rN02D3?_$kCwf->W=q31}~u1YeuVD&%%8X zQ#oyI>xgdF#>M+Dj{l!|-)j?KVlLuJ5ci3s5aZsdHSn+lbdfa=Q&nE(Q(E3y{V;2K zb5XW)HZgx#E9XGL1BS_?6>)rEYpt%f49~X7R9wOh$$yy~p$5!Vv-Do|i-~08jZ|rm zi8eBTSf!+V!wH~y=C)DZBI|MgI}K^K6hhcKT6KIP-?;lxlzjY{Lt)5)ZKCyXg+wnf zF!3y6w$3);k|Aqc#Et(!isAKRKoNc>+ObgJgkMH;o*pCp@iA`i6eENb7m!CQSNNo` zQf=V-6G3-KZXA4gm~va|9R&}onxscf(oOMK8adCeX;-?!071WpuB#I~`&&tT87dU9 zS8ntv=zS4ZFE!fen=3Hw5NeC&NW0z&c^wD+nCR5CaVrQpDTRsW2_&YABz-AS?zFJ| zvNTN06Bv8y|wLU!h7_#}ImI`ojXA_?+C_bH8M5cwubw&x! z7x!c+Ksa0+ZkMBwqpMyvV!IDDaT-S1{V&g<@EED7;|0xLCwd~wo4+J_17!oR58V0% zKZ<~%$LD3QymQM&U4GTx-?y5l9k!HVoU&0)kxY70Rg@!Eo{Nx7+)9a6eOz0Wr}9z% zUf&l9;jSVij<+|@T__DvqDg1Gc6)sCv+bQUXmGKW@DMz|I;NOb5R2W1bBnmGhwJH7 z7p1Fy(4pYPjABx_%v`g~JTUehU7*U<0_=F1cF`k|&b#F8vEQM$!4*%l;UAN&2Rlfl zR146$aER&ZvMVWS?N%hT63}LAniquiajO|fi8z@=y`Ti$x0JzxISrkjomwLs1R7p_baD6wy@f-m-V5Jzy%fT)QnxI-uTbmR z2k&~V8*be!0TY4C21ytsnMWG@0%+=kFWyde-@M;uRgbH0F;Ee;D4MMWdl(--aeeGF z<;O58i7sNx->`x--`^{=12jZ|tzF(8OT#;+V#q=xmbq9Ch~j;+J@ca#W6bud=uXLM z* zyUj8}DL6n?)EQ}vn8GeP9_*Sk2;7t8^QIHD^2jF2d-KCE+5EZDdSFV&cAQg#LR+yG zTxcp?LSVQGdH3UHjRLZ`zYL;6G69M8TJPl-F|U``*|z&M9;`N8u`9DRx4vdF&DX!O zwGP=9%z*MhuTX8jB^q_>9#=pKQnkSoToEO!eOo)P3v5P-?ZUBNtEpQrlcc$IsI*Up z*VuEOfolBq5$TUWz{-C$`E+XGs?w=B=$x8^H+r|@4qvsUS?h;8f#n|$s_(&68cXk@ zK0CnNKzvm2;HF~A_d7H~BlI_&_37Z{4Ne%j^@+`k)!3{b@e-4g131#(Kl_`$Um}v_ z8-stQ>@2l8N@tMVTaSXyqNL157RE)3OZwfg+lyk-&vFi1B#B6#EY>cJIu~~gOz_1E zmJg`Ls^k2B?7eqTlX15$ii#p4BBFpIAVpA+j`X6Uv``e4UQ~MT1QH-90wNuhUX*H~ z_ZC7C5Rl%4Ktk_HD1ksA$$8Ol-*fhyZ}$H7z4y;=7-tw%X7YRA-&)Ul*0Y|~=J>R_ z&}iX-=jQ_{PcCBjbH|NFV!xnB&H1vSd*PuX`XxrT1%n5m%Oc!qQm!BADK6V#UlX8P z4eX4I%KSjX)4ChCJyH6EoOBwB6D9} zq960M?skQB@nydtoeg7_d}c(tg#ZQa^p|@^&|-##F@H z@p*+Vf2zIr6yT14^mY*8H+L1e`|Wu-@)Hx}HLdhac3Tz82ZIL0YM6)@lI}{kZGhq_ zjK+LdCzfHAzTG6V#v+@j9iy`Af9Q-14PfNsdt5E?r)y`| zZ(y7}1^>nyGyVDDRyKcQGm8Gj$}dP<0}|Pi+cgYaQaK=S@8$-=CylGDN0K=g4><#? zcSFa`ZjPHi2Lai}I!nZ)Oq19s`_sHI&^*(02%A^1cwIsjn(ccCkHJW?1O9!cbsoR# z&8NtC&ywHu1YMkq^CJ<%X(9I(%1_qg(j4eM&e}JUfnuYH};)o;Yrr|5(~TCceGTC zWhOZ#y-g&VF2LCXvxCjBh}Ysvp8fcCveIipbLX0Wzm7QohwNWAO1}O42>NzlykKuH zTQQ+=l5C{0V{!2j6wYb|K@8|^4VC97MIw(7T=cVe$h?{I3$JXdjsUQ9e0S2v3cwCy zViTvj`g@oDu+r`G(e{XCFKN8CnlL(!Dm@g1HSH|sEprfTDq=`9=i?6OlHOG>at*hs z`fi)nIooN^d1GjZ%GCp9Fhz~PlS(f zbx)^`)91*UcD5smSW(?ZXaH1kPf!+T5Ha}_aZkEr zAyQUDHEK}TQgn{$D@y3m>BoP#;{U5H_RsMI_gP@@IH>i;--yt9`VU!Ma7^R!7BvMN z>Kp*k7FbfY3Z$m!*buu~EA(55|L_9%d;pKi^Xi%-yGaMRyAC54w>1|@?&go6rv}VV zOqI3*|9>%s#iA;qQhYWd;yv>oAA{eBxlkoIq5;?V=-czJcAfBpJ(_a2EwtWIHr?VX zMe#*g0I~gSio&k$uw{@Df;QnuETB5We0ew%3elC3@Z6+C0cJ77O`u-cMu6S81rs(Uk+`0;$cP?K<$%7s^uK`6RMmDdE zHfO}A^%nMAw_c{k2V!7aqc_kU7l*E37b>T5ER*A zoxRELBAQEDS4l>V0cpt`qEqH3#9b^a|GQi|F#Fx#2|R~onNJ(XOi{Ei+w>Mf0lm#A zuX*b7wcLTB?~ZI50GcieqYM`tjVjgh5Fu0?!4uAQhX!5ZETU!3oEDjrcQO zHoOMLKn-_OTB_EVpZ@lw$xDTV9jWvo* zWgjeoekB;579|o^FS|=9xMDKe&v=p3)*dhFwJAF`LT3&6Gq%);{}n;8C|J(nh-Z#Wz(cxKcdOWTrd%f+m7Qd zr7thIrW2B{pNMo-jsCdB#0M%)m(8_A>Z7t%IHqGGLVY9~bK2=%@GiODvT9NI|9%B` z9x!78X*|Fbt$QvB#oy=jw}Ix=mb#tr!>)#5TH~)Z5130S0ruyiw@@42cdj$qub(+j zd}z~e#yW&-FP?@jgh-iT7IYOLS?NjqH7k!u#t^Whpjt1izfx(eLAA5G|0j{2ZL#RJ z%Emr6-yld!r-Ta75ADyFOl-Gwwq0^cF#lBIQXn2wWXjJ0+@}_HE&<=Vp7+;pEzypg=+$Db-ckJHV0lW?UW?&IidD}T#>Wnj^Z*f4V3IEMOtGZz6^kwN;cNOs z%^}RdjwE}r>;F7{{WJ8VqY7+{=vomI`9r%I@%*XK>45DEqv~YhKjK9h%Q6C$6YQtJ zzYtB?nyymTV_@wuC{D}_pqY%?nA|$um3q_j2Yp~3$l?GzZ&O$9<6VbYT0gRv1LJI= zi(kAST|q{4vG7Sg{_;YJN!WKpXMQ(*aAoXFxy$sK} z^{E{4mH3VA@?%soHVvD~yrN@Gr9zRaRHMNZ&7ksYdKN!+H>53&hXs&|j*fa<;|YyZ zL)i9$qgh)Ms`+=Te9PgslM{PrcN3M{&&z9F8NbFWnHe($%Isa+gG|}EqcikA`=_WU z^n5RY+e5Et03M_&Y}Zf&+4s5W?G&ypxHBw9D$$0 zKM0x#^f@rF%UKC;V69Y6&9YR$l(Du~cc)|G6`}fdH*kLCF9!AMW{D6F%xD$Hqmix? zlvw-Ie5EO%Q>U)%zM^Lfv1|*~9WN0yYhH=|ZCYu8e5=xWT*X-rgk>RHfY*M?C6zimX_?})i+zh`$ED!K9*hF$lEaZH)K;G|SY&NX4 zN@?60JM{5`*H@QuF@OV%E$W@}@P0dr^0jJ7NxT5(TMaOz;+qWry26RK0x0>c&RDzu zsR3L53W%JAfUYhNktog6*}YGjfH~i0vUy!3H;3d41o7uZR(u9WM901LD5jebQ^ zX$Ifd6X!GPRF;*>-G`aG67NQM`PSv-YC~OqLc#*Y9t7T1G_YG8n)T~S6pBy|Y(uc+ zS&mB|EgJ()ZxoFty6wrA*CYp;Uz(|>$feSD!&t|gYCfVwt>=eD{)Bgp-z@DP25S1ywxiH*8%2{fQ9zKad;U$ocqXcx ziy2dO9|SOx4<;9NFI(q1cV?Dbulsy`m5BaT$Uk{$^$pp`llfthZcI&kHkR+~+Q}|K%$JWzB+=Tm$id14`!-VvP2HujOb|z4zn7YI=wx?!h@+bmG%5B3aaL~N2f;QtzQfg%_?!xV7qKFjomqMa#)cNa@&l*Le z*vJz#Fof4C3LW~iGGAw912&v#;d4tg+uDjnk zq1q+J@Q%=1c$^`~*N(qwaU#4|nOanVmg8UNm~V&y9#EHZ+AIIuXxpMc#g{O!uEBuE zefKtkbo1H=w}?G z?1qn1%DR*(4wYJ|{)K8`>ReGRDowFK_o<9&-A7s+$!;DGcoFtkI6!W!SVFkpJ;R^e zyZw{`D6W9W25e;SfB&4K9;0;XNSlr@b_0ZD$-=9gMZI-#WxT(7LIs%*fATA{VZbrp zZY397Q%&~VUE3u#kkPLp_U;tnH8a1EDG!wZ7)OzvD}RQTuO$Ji2rz#dpWhttey64G z1v(s;*qVPgfU_#46+3HtMnA=bKCGFiC znag__gB6KKM51?IOO=7cs0g6sOben46MFA<%xQL)PFv z02Teu^n(bioYk#QFJAk5*w^VD6Xt$tuuE)%{joOMU)2jgvOyoZxb9~goq4QO%Kn$KF~sawh|ov zkDiyRtieK15HdoOqLjfcybgc~Wb+Te?$HIBJT%L>*z|q2!I(f^H}cYT3+r2d=Z&yXx`_RaADKc zqOadwpSlBhe8&ULRE^B3x;c9D9~ttC=Lg4ED8^M4Y*YB?w0UY{9cxgv3sRU!kzGP4 z)Ol*!Fx`?diP*C{Zmo1Bi{;SkKlJ$BWLe;ZYJ7en&E9kI7niJu)eiJcxFjh&boU>8 zX=tdV!iNvpFo2md;-6G`M5f#BpfyRiOPN&ZRFZ({42O<}| zQH7OwXPBuC*%JQdt=3PbfBjUBHCw=fIqIHQe*)8+n}30tCIHmV><)8%f-{{58duNY zjjz%&a_NtYVP#>*8=#$@)d2jD+3(Y~BS$C*4cn zG!C_IDdWci(Ep7K|GV#Q$N@=hP*&{E+P7w-zkKZ3tNIci9g(qmwknX|$4%%otR z>ZoSCkO{LpwX3f1v=s_a5-ei{l2fu|*yK zYqxKId6OEz=llD8lGj-~2G)|@K$B{xX%5`lar2P_TAT9WmOd}ao;A+nG(a&3-~#qj zeu=+MWBT})(lI-Hm>_!Le{^D6K=5KctNS;xy!)#slRpN2!Nk=|zu~qek?hh>mVTMs z0-(-@t7<5I6%ZG^8N&COI5Du2&kDR|8n7JHWh(dy+}9(HCzWy6nvPildw>S3`(iiS zT$Og_A3Oj4g(IOlS;h?L+ZWy}BhME<*O$iH8*{};n%|9;8-{gVCP z$@Jgp^55z5pVoc<)s&Czx8|WdSWhwz7W@8+@W-{$@7=P?>7My60?0p>z!mjby~cHod>!8KvGC9^^2;B6db^nZ zwsr8+RuKoLbhVt+O=>+>=7E5Ryhu zs+0HUMNGyC^ZG)5y49>l!OcbjGaNZs=dovNV?|6Q4-sVC&ny^+d?3Ik?@@4DYI7NT zUNLUS-GSiV-YC8|p3yw zYaX@epCt&Lk0J=7F>^})YEP0#l0VBrLXSv^l`?cpRC?yNX{}qg-7kAocS?l~2;JmL zG!dK02#gmtlcV_Mc2DdnUG55cdG@eb^r@b|-ahmV{+=kMh?F69|i&;T1N$+>hRy-g*?l z97i1I#YKgN#<1RO3yZ1zKH^>JN+>VdIquzDECQ0FU0(8^f_|ou`H%Ad(J`_3(1NnD z^K$!Fg~+}{p=sH}pr7sL6zdQA@&W23s$WfOj-NvKGwv%ifWSYBnSdg45C>$8V9{JYbN zg7ai0t#;~+?=0Jdu|ZwFM6wGQS1b8 zO%0kARaeWP+qtyy{JPk8^i4Q2jrG(%C#E)(z9i{{DkEzEBjRYAKkCN@&W**)w z>wL!~BseyINsi@G&n{(up4#3AeTpoQD4fYpY-kNXeyO~;={mTAn!9MVNY1HKU>F?* z>Ytlu=GJnsy%kHyv+9cAiBg&m&FJ$aUX#L7#^lFxU$vhTclco-wj-N?i8RVF6a}c{ zhpgQfJ6&yZ>DVc4U@6n2JA!V^@dE@jGlP=~dM`Aq`j6b> zq0o%kK(Pd1)^S446eqKo*tXQlB7~~tSvrWz;SOWqEN?p&cV`?G7Iq2%jZgen7M454 zqWqgp5lMGG)*G15*Lcpob$+nKeW`#bgC21AI5O3aozoe3CeynCAK+&~;DSUNRhovO{(D;VtWtp+BfDHmgT6 z4|BV%QR5|YIl!$E;6d2_=7)WS)c)bEsvh{hK$Csr?6r5k;ARtA)RXZvrKZmPldN*^ zzy#to z<-x+ph9~)2DY=<`7G0T&&=I7sRAYf)M|+;|mdLA(LHKvcy7lNUQOOryOPI~z5J_FT z^sd_$^R&*m1YHHbeq}-=psAOo)rJ^%HY_vh?8=fjX-?@`+TytK;D( z5Cp8e$8=REj85SxMrT=;^z>@8Oa?~bDM9f#J8{#o2qk`BGh+*Tpqzx*JgRUH&Dsch z+eGP07JHg0DLpuh`Uu=rqg1K79V>&B!kq?$h+4(W!ntxldZn6X4}8>zK%UXbZIk(% zH_1$Y!o}(B|B!$z$eoD%DXekz8s@Ymv0f|VJUo)unk@m!A?+^)ciA4K!d)qW_P%XGcxo)$qTy4HU;w!M2Su$bk;)EStu~oSyU2jIjV>xVnHLqX9EU&6Ndy2S> zp$OQfhVTrhe(ZEP9*4+tMF*C9j0(WUiZkRjD{R1r{Rw)qPpDLqmIJ_w!y=U+O=JoU z;BUbXi=G%crIgSfF8QqzPz~A$)PbMl?mMMa|r{dZ)vnz z@=^Cuy;cdkpwY(W`cW3x?q-q$eiN`T%dA)LbsNbxxzP1AR~IdPv}JsiyesQlsp}bvB!FmG-zwC{b7GeAZgbPF>deL zdNX1v)$_|$c!BN0{OWl=V1S9o;*!(lleQo4^_vIG`*Q$Dpm&9U<^z3u_BDQ#Cl!aV z-L88@AXsCcL5Lj4X=&6-KU#7qs+iFFOw%cxYDbigwXe(l7Gx zQ#Y6axZGO^-9wco&ck4T3IALK<0LXTQQTS+6vxeyI=Pj7hy`}e$KTAS2^TV{)?C%Q znfD+Bbknx)dME$;f@=SRa|hPjC41iP8WZArD1WZ08dro?@@9o{XVv&Z@QBV;v1KuYiA$P1J_l+ajdwiWYzyb_@Z|o z0Oa;_-6t<&0^e7B;ywTFa_Oe9D&WzVs6Nd5^7${|+@74P1zbF-RQI>|CoS7sLn5qJ z^*jgH*hp3Y%<~b%zk1Ewi>vWgjJD}X6tY_1!yx$)WI4bU)LaPYlEi{UghUpFZ?kQi zGm5vtbiLSi=R)k4k_*8x@Qw0wdX0u+4e1jV(Yx8X>qFiS6J?fRTB(u~V^0e-EMw5f zYG)>lhyUu3wH_rEqBqtk;`>M>Hd)R)wa~CmuR3+!39C@&Eb{1MFMHQCon=k{C!Mr* zG!P5(y;g_2Mt6(F;Xdrudqne(QqIPQ9DWnlS5&Ge94#ed>S4kH=95`?ObsfQ&DCy2 zdHlWHT06J-;J98cM;abZ9%xbVDL*>cnIK@V2NmjtA!Mt}2uHcMklrZbsk?^LKPo9F($(jRaGA!Ebs5^kXlvB$Z~BwH58| zf9_-yN;1{!I8%>*6N3H)riMRt8_a(6%Xa>~hk52aoDtGF@>WSVtfVIZYd&>!tjWhgc9YTa{xlu zKS5w!bon`Qnd-cjh^h-Urd3Sw;I5h>fr8=h#wZ!hgY@x#hyua zx+|9CzzvJVXDbDk(t|UfZn-djULI#oX?V1@r3Nzc6z12{RdQ*l_gUrb#o9Y4)AfmE z(GalHjxh!-X#_gLPPN&K-^#=c%cWmNOKK!~z0wyacIwI-SDOz@za`cC8a zhJ-G1hjx}_Dez!aI(r!f--e*gJr12aT|DLkZHD^QAY{}2iKC+(UeD;45mU&G%viL1 z0tEF`8KDb6vO=?lzI2t}j>-}r1r5eBRS4A}PTfV>07Y<7Ry#}rnYWDH^^eIMR!*T( zy@Onpdjj~r&750V9_fDW@Uz}~-I=GYKTnM*GJ3Dkxe^VVCY;07^lkR%L0tHb8cU^` zNkYYLvk#Wip%bwgNy(l9ToQ7+bB6&FDLB{(jhgSn8^3`}{ss=SXFqN>-xH@@33Di^^>$5GT5|)c zMs=@U0PoDQFxgALaYlkASxU&v~C)RDIRqZnd-dCDN8*MCKiD5u4ro9S%nTKr6A! zJ>)Jz_!On0toF(baN~L4tXh^gtLh|o%Et@ND%hVFn||35p8nKK*yL?`@yHi&gkncm zY8VPt03Y<^$*qhVptZ8Ohn>9BA2t&{KrR78jN>qtfVwnjOdad`s17@~c`|-inr8uk zoIg@BDZ*~LO8pBZ1^OfqA3@iAyaZMlD9kT!K$xxGu8pRiby!`>p1(fv6f&MI+N38#CNjFEMaDqGn>6iyyR0!ZjUY%W&i5 zx0L7j)>4vR$HwLw_^%Z3ehV}!SHYu`> z)$I8!$wh``4^SHfpP!OMzxqQ*GpDl;)ZTKYJ>ZklZR{VOZJS=kwi^IT9OW?IGa9;( zxbu}2tL{Eyk(MmX&>q>rLvzWjb~EL1F1_(R`lSt%&%UeZ0X;H;| zKNf)%8KH4A6AL1If`1|OvP*-Ux0A@uvdBfa=!6iYadby@^t*v44YEG8AK%w_&F!p+ z96FYP26W(&^fuBXri3W#J@-RnJE6|bAcBL!EF{B>x{z{vBRq5r&y7}J&c?eW;~1{7 zdfX32_LV-GD3B_CdJD@QT!fI0hMAdn{x046xU!R3V^=BT~Hlq6v5xddwv!h5p z9CzNPB{BSO7`)RL;)_vVlM<4=|9z>K^S!5zg~}aiw118Q8Bx&qTpf^q4mL4l{E}sW z&3^%I#SLn_zebnd;!(97tJA`!$UHrRH2hHMV8VZIM6Yh!dT*+BY`R~Im{Rwu9i-AX ztF^yMbNfkSvW|mDw)Vz>C+XKng)L5IS%2eXuQH@B*A<;frbp{|xu`5_6nhehN;?nM zljhRLeF4gdFA}Z`%u_LYkM0=Kel)C+_`EB@af12{&nIbmxBiSU3#M#1|2ppD*2f>| zHNa5a#U?G>VacKSENSd2xvtVVjYYcz!Vr4rLBECRlXXpCF@Q<>1@&&(E3o@7Kkf%w z`0&$FE=Wusg?^QO9<@Xm`diX+I^c*ed z&dQ6&eA|tye;sOAirN5AH}1jF96&)uD^4oE_H`v@7@>7Ei1L=6q%-iAWs`D>RaahX zSRZJ(8c1I4OXFZ6zx0x73Dt*7TXloJWJVTQOW?bn8JIYaK~Z-GYc*UEOsm( z3@Jgw?|}@mS@ON1MQV-f!;B1yzfC7=9OreJj>A_1B8c~y&gCzg!h4&L=1pc;wqK*Y z??bBB2`uk$)JA$SSHcgiX-Q*G!9ZeYHRY~tF`hL|ryroFG(Xu-j5IV0h7idS&i5(F#zeWfjaa>=Dt zD~|^yG#Ph?)^GVwD5%}AJLz3gh~s3qW(q4he|s9@Ts$SiSNe#d<@gkVu*oPQ~xhnF1UQX!PLCt z{$a9C)?+H3RL>{%={VJxQpHy*5Wr0xIjaQ83YmVnH9AeeNstt$Nlvir@u=!5VB_)7 zLb1G4MGl-QPaAn*n@poJms8%hOLF^F!=r`cTh4ToQ{@KSxujfC+>63R3ne-+;Si_D z5<8JJ%g*Q>HEGGutH6Y8}c+yjEs9`sH7BEQF6YxH!z z7YD3F=4b%mzvh}O0~iXdnY`D{!g|2!5q7GBcDt0ChT z>DT2||1T`fXDKe6_Uv(e(6u^e#p0|lE6|pAu1%HFIr3MQ@l`cTNEd_zO4}o5b?}Vn ztBF2e=?{zmzo`EDLP?_lu1WfLwYD-(Uz+?=IWSh>6k1Wq3A?e%h_L1Rf6xx0Mu*^O zpF5vdt%98Ycy+j7A~P=mqSJ1ovv28-5NQ|=p@goUCSD@KpC!e8piqu_1>GYlJ&a%ku&blL8MkaOy@ts%YBx_guI40gZoM`T7ij_+ARS(4j9iJF}{ z86-~AR)kY1EYA7&CZvvBPb>!{$gATNjEwT!50>UqK`F}0X|w0w&4o|XF@G>|t?NRa z9)weU3Z_-CGYALu`gpIShAo;h2SzyfD_6QywP%zmty>L#jvk169M4yJ&E z5#i`6=?f)xX=ze*PlrnJDxmh0nIF`GK zDzupIvmaC4Z7rb7z(_qOe?M`=vK`ncZ`~D-$OHI?2f`h&weU{NWL1PGMgZJ3l&4pK zy-Q|Z6)PMa)>V&Am$e?s?b^G*hf>Fk&ehqPOcp?9AM6S`gdN=@?_0*G%MJ$=3qQrx zW0?uLR{P;fuJx)>E(s4#)2Rb<)p-xYFX@%(U4b1;B186Cy|&s}dL%uk0`n|wU8Vf+ zabd^2HsYtCrkBrCFaBwi5{dUh+#+wCMtHiIA zs}`NBVhyf1%M%NBO1jXV2>goqbv6qIRxE?DOYNPnofsxKOYH?0U=jOUSGTraGBhF3 z2e#VI@=Hvr!T)fYAP&Ko;aDa+E?|&9gN0IiUNYr=HT?R`bs28!cVU)ADUxGX`)7MM z%1Z%QMzYETkc|Ku6IhTT&ew|Rl`pjWoU&wZ-n@)|Q+CHlyysn9&e42?w2pG{+P>e; za?h71Xh<-oj;)4pqsB}wj$;`A%1V)CyJx|Igo1jdn@8>;M=XwJ(vS@?(c>IX9mfi} zOlq9U(5D(BkY4FfupeRn+kB;+%uFa-aSdExg%Gv>J~N`esiimY%aelPO%VOCd?)^@ z#3KBDFloNR1y@^!p6qXyu<468lLvQYXk)iniqIww=1Xk`SA-R3J+br_Ua;z0 zZOCe`Dk5g6;w~ecky21p7rn*G{*N=FUYU02uy{zH%J_Yt7@Rq4ck!9X5Wf4UPGZBB z5$9JK6Q?AxYMTSx;E6z0e|#K`_3%=!h8*ylRoGHdtBu(>Suo&b>|xcD|Z2#UI^U*!YO&?4;ul zfWo{9i3&GR;t)3k+FA38RWTZ}u57&o3$t1P`;d>Zj~CGbaiDl@)gS9EW-wMH#7XaG zL6gSuE}D>B*q@_VkUgv_utjRx&^i2RsrxpahiExj5-);2Ew*}s=PO#im7u(QZAwv{ z{dLf}>oUIkwfnh{97)0W{HARE5X_gJ z2Yt8$9q}LBY5{sVoZ?Nx-_1zw#s@3&pUJ)%(v8UtH2d@32Nkycv?*3Ct&h0om-{VV zbh@IO6s>COZf$&7J@}CYp04-in)jXnsF_)3aj>9#{i{Vyn0d)7VO9Cbx*kV0PP?t2 zgSd{!-7`ov&j(Ug2dHxIh3t0FgAO61a!D)H<}O9SJzkkytqMNaG1sq~9L$ghAIx9i zQ1Bf&DqW6|p4KAHwvohZg$c%lJu)Ywo~jkbi$T-xi}Hhv8RIrn_3wc~@w@ld`}tJ|ETuu5CAccTF5M zb$gJrsPi!{IVXlNg*;k`W|s#TV6hW1Ir#;lz@Ibnfd|`HxaN0da6&n=Q8l5Fpp}3- zQ9{(J|CwY+ywVUXZa(o3`xu8ojECJLE6$Un5%SBKSay0@ua z=d^`*oJ%Qb6U;a|sLaMKV~Guf6-nd1ul}oivc>4%4b846jzstn{$Do zh5GPnN}XW=5&?t#wACUZBLR-BGiNg!M}tD|sKh8>W5z72q)j=e`wsw~vJ@@YxMg4# zkfEHVe~GBTF7E!DiR6S6GKk@K8Qfjl>R>C0fkOzp{2ImmbH!QfpAH8Ev1K|nJV$U1 zAvnehO~4<9OPdn%Oz;iK@_nSh1syd&(W8@fZ(mGPxn>Ov!?_y7gh5QlJa7R*N3+3tlnfa!l4llSr#obGn-?nZF&ECOq4}VkX|jqoPmdd9{9&(B zjh4~)jx%@Hm;=bj_%V4W9eKSUiakUfq6ny@^<8#O0^r_dn~0OerOSF|q9g0=vPODW zSl=Eh!;ZE(f!YjzokaPOz;pCDsyblQa=t_NY|P@4d&Pw?`?We2#vV@abKUA6%a?Vji=FR5lK-dujJLTKdZJtR+vbH+;6u$Gshsea0d$!tso#=tQ@yrX|u zmO0)b1z%@dcT*z2r2oy7>9_vRE487{!#SNB$!ac(voh2-O1&9t3&7}7=l2A5iHXUF zhgt;X0ay-YY;CyI@`T@2dQD9ypB7t9*RseH;$Ff5d4|N!ss5VB{Samwz z%}7VVc54Ile~Y03wydKv#U~O5@YiCU{#kdGEd`7deft6}^i4i!B=FHts(KBOSLFkX zot%)F!vwvoBoYTQ&k@X-9t--0V~@Q1)^6+Gi!`nqtW!%)ZgiacZVZ3FRupI2S?Z%= zVlUzT!wZ1FX+V^k_3Lg{{FN6gYW-h^lSC-9Kdzm&Yn(c7z{##4sbE0ghHt+^LNj=XZ=zM4Y;T%W=G35)ui?xTdK5!Ny;@3)T%w1POs2p$)bNv`}z$FS`Jm8 zjGj8*k$nI?CB*)2_qzAGMW(Y6UZpZ>UfDry_}993x!=NquD;A{PqLOVVHbL%!0vi5 z6}8@t7c@UTF1=W&D*B1BjJkGiAB`}1&TRrM=A@9^r~61!J)7TPloMjJ#5iRA%8hLH z50MwL>u=6rzRD7-=t=ltdofj4;vlMiD${asuja-i-Yz4XyZOt{O%2O;Ha(dM%H5K2 zR4T)dgB@Yh#%4$pZU8U{iijaGJmmZ%obo|7I z@%-LWOi`Tlu`v3=Rid14;+&NuJb8iNp$BzUkyaG?ebqqM0y zqjwP|MWW}&m(xWMF1yn|f??0_xj=YljwJZf(9T3HT z5x+I(JerJ7QbXzpN^WiSH_Xh5_L+eRdo3+vS>KVqmeOKzJn|;<5{i>G7UhyY;%ry8 z4f&p^;M31P4&0yZO!lnm|CG%oeJb$n^@fYLOsTV-=Z+5O^aNhuNy?~X)o=65;pd)R zwB-7lxSF7w-+r{D7UL&vB36ZSL0&#A>}Ebd1U<`Afj|T-Il{Z||G9#f2HY>9v3Ah- zZxsQ27|NG8*O4m=wFP^EFr#wbWW&xRi<*oEuZS)wGfN_aqJro`{=wRBg!g11(!+?y zj7>xuc7If&#$V>biL+MBucI@H8IU)e6N+vWFJr(Vos}8o=;{v-zRg!dTy$^<$dr=c zMvac5O*^d|-@1RIsZY&lmEvMZ z>w6S$4bo13=#9XxOYN3(t`YKmU(}{RI)=NC=nx;-tIUUoAx;lPX5(3O_AF9eJ|`uMaxx$cVHq z(o?|+GISJ{ckp4>p|6W?Iy-USqo>*2iI$7DLqxnkkZZueLD1g z%BLHv!XV50JL3?eAiFrC9jU}h$-M6V(4O$>37`g}L*)!8;-{6w|AlZu)7T zP7pT~^EceZK+$1WZ*Dg3x2k`A0#B7h)PIchBfxLyA8apL;gKb_@;P0L2Ja=b&bDI8 z8#%Sod6VwiGk0X|>@JrdVjIE^$8tbah^-~0xMhb{ikPR(R5^A%F@)m3R4{8_r`VaT zMVGA|Gq&2(U(kbs;;tlWD0V(Cyrh(XZCdxKD>oWWp0C3k?T%aM)&DAcS$Y2yXS`>> zto&3>W(^9WmR<&Cm4u<3ChQ9`eh5qWZ#`mBr_daRxNnGeU#oQ^OY7yT$8FX^ToCiZ zSH-=2FD@OPJ*bO$b;*|I;Ipe=OddGb( zc+;@430G-9yx2%5B?QMJ#cl81F351#_jM8Hpg>*S_73K3?lI`t`)PaDVaC!db;b!a z0Wq6>du*QTx`&=~&d!IdxLSr`pXE^l^ADEMvT|nyem2!E7topjbyigzcDmjMYO@EM zQL5XYqYD`Hm>w&BYOvIAaq&mPK|Y6v^LpakLqQLRX~=9Hr_Oc$JWY0H?EGsg>T@(F zkgDDdO%+~tXsKJt5}Pdi=g!g{OnzapZsv*UhFYQ-TKkj^?_5=|yEhZFcZFoA=3BnA z5B8vkexZ;&21AxuYi)(1}T^n?-v+QB#+(RHuk(w^`Wev4ggnon%yqa68e7gHXV7t4g zpXQ0vA;c_g%wwKDE%UZ)-setZQ_muqCoeDdmRBuL`-61d1^Z9m2h8m*WL_oLE*}02 zB72bi(lRTQbh0sH`&u=G-Z<;-pZo4c8~*Gp!lt};9kb@Zi*Pa5uCh)JCM>77*1_f^ z8cE=&D|FA&5Y@}PM9V49|x3*s=q9WJvKu_pt<#g8W;`!V9g~=igrQT=Y*_deX&Qf1| z1{gJg>zK|bULX3QcXj8T$=Q=YMkq=QlE7ZB$+j{i+~CWbT~E}POIRfb@Tq^ zGISDC`=DDupQ7C6OWBQ5l{UNZrle5D^v>u`$tL`zIvfhsGW*bUqoN}};U~^H94})@ zAAXDR!s}nWK~y{vC4yCNsHksHy*|nJ;t|W3YsD5f9a|_>+t53lu71$VsBnMH1I8C$ z?k8RIxw&p!<-}Ek^03@wR8{WyGR)FHQK6JXA>m+RU6JhaI;m!(+~;>xX}cPaRy7=~ zriu=uX4U3IKg(pkx%lGC%l3~3W=#1?o*kX#7F&ky17~b2-Bw;&x5~)9`xgAQYvgvp z`ei=DdmOHjFX&g#-Lj7d?nnGFl=&wAx(%eW@<|xs{78q>aca9(ulT_tuV&5dZl)N9 zkHe#%I#^d#L;RJh?`l>A$3L+=jUGGPIogYshjz_ywH>*%I^U-i-5$>8f6DJ@8tZaG z)vMIF9mb#O`{sJ!55Aml1!@Yy1?i^z3l20OrhuTQ!BTgfc66cyp0UQS1uP7|qKh7yxnclaE3E}1W4`8 zX1>iKP>Fh&j#=9cq^njEl?s|or_kfgvtrZR`(O0Gjl6tGKCrLxgfw-`&)BdhmM;p1 z_%XnoN=M}9@ovh}G1sgcu5Jh0p@Lq{d}^7q31?{C@D#79JWkC{<|nHeY)`XJ(tLxB z`H2&duE8f)sTpp95@TbOyDptEiMv;67Bf!S#Vw@%USfVRh1y{T)+jxnXwLK-tDCd& zVQ7UXBYUN;^W6C5qsQC4CpceK61PGN#uz@^`JUR90k&d!jfdF<;o;IfU$}_TFAkQT z2bJAb8g@o2p(JboC4^p%{@Tg&n6NJwJB#?@H&ef|s+T03YjMAL>pb;Tg3G`wsYx zl~`~_zH~? zHnzSfo9#v}wJA~Gh@GI$K8c)i_>R843(c!PibgJ}1uTXc#) zWQlzgZF$!jXfak6>)GdW@yBD~y$mz{%Y*Jh>mJv52wU3%&FZ^wl^x5%mZ!FK0LGy@ z8R+S$UVl;3*;EWhA5-m&);zqmFrP;l8}?A@8&c&h)ouUIr`_^noz$rL`{AYj>Q-^}2K zEBSFz^p$4*kPKunQ8nF-Pe9P|CV}vJMbNJdz}f*a(!pQ7&Pu-Qu!65&#T8j5hwtME~STIoOM_?e|l0 zb*9Rk%KP%8tt+OS!ci+-=Z~|CzLX((!43Ba(*&Gsi?p2|3}mNIT1@qh_NYGSbmXG+ z;+~m|tXAYRvYiqqG5Gb(G^6D_-hRE(q(W|@RZ=0i$pTTEm#!=&DR|~u>+0MrgJ@M0 zsxZr;2W|YIU6=5!sJY!{i>)DUpDzjYFB}1_%8Hs$Dm5nvF+UV5_*#3vk3tpLv{z;5q0NFpo~`hP$ic)QPy{ouFNiR*viJq4 zT$+iUVRkWFi52{0=c(-b+4{vV>x5&v>tJ`?h|a4GCz8YAeZzctUjXB|T7N7(S*R8G z4E|Y&dh{4#=fvud^9prNJIUeH(i$X)n13Y7&@T#=brkI7N2I+XLX+g*H5&+^K*#H~ zM4##f%_h&qZCN!XPTN7QAFx#y*IKpwT<)@;(md;UD3}dhIp)lb{uW|Yw|{Qzb;E~9 zee_99FB!G{jK}TWRDXW5?x{zCw=8dwcS~aNo<_Kr?rZnJ+^a-?%e~lfBk$(g?#}}Tg`0U+?<_Xg&m=Q3CN9M7B?4+8#ll-OrD(^sCvn4{c+s~ z5_LcaXE%EsM*?(Ima8LRCMVbWgN4|bC0XG1Ui6;WMFsul3duTn`*hz|Sd#F|3 z&WyxWs&sN9a)IM5d-fj3&Az;JoCqFEN6p$*;-!gg5->f47s?Mo)5v7BB0GQsH&r9};vo)9PsXpSw*hBI#}Tc+u`{FeuUNh$GM*R(*H#Xv zBH?w{xnIE)fk#|6JYrV$&=a^oRobpe4R(aZm38fEA}@(Hs8jf44;j1T^(+QW0I!!4 zeYHC*;!?=0X|eLmX%=Mx*+S?yI#uNdJ+n+1t=2qYoA;Qge!0tA;+HjURwoA6kbrpm;N%eI72d|kM9=4yrzZ{**Q1TL^DEo zA3UQ$2QWC$#^N-$VEQ=wx5m6_+*NbXaFfyEjS3k^aZ}@6q4Cw#?(9oUE7p~ohgYqi zAeyvHr}a;*RlIO6F;4h5mPZU90lg;9mq#qk)Vcek!Y+b5n<)+KM^_6s`h?6t43Mn; zi|%<^R3QZkUO#efnXNyn5@*#aPn8-rma3qSGMdnUQN8n@0>5zR8cUQeFmWUv}OPRG!C zU?hyzzQk?nr*+X5!c zP}le16JZ%%D2c(4nWC~T@A`E1ld8jd;;yTRQ|o~5Y}$HX$;}8ITtw0aW=lwM_N045Wo_Y)}bQ?%?1S6ew zT@P4gj`dg${@Hr3v5N8tdwmIpofe(y0vZN~9zwYIiv>M_x=h8#)m z{tqXHXNUWK#BUljXZJ>T4g9c5`g`{BSjqbWN;UXjF8uLf9fM-bObMN9A4*( zCTelJWFy~G5a_SLNe6<>3a#8ZoGOhMNr7VS#f;$o+567?{3^d3Vs+4`kINw~FHSGo zMEyFcm0Kb@Fb+j1J0Hx{s{62BjZ&s-l~Yb#j1r@XL#U9C3-M&T@XZq~e8zX`yu2Z> zNw`ZKyYl3wuXo#+Lp8`6^lsgRFeT;=RUOK)`3k`XQImLV;*}~6q09Ta6+*khX7qWF zbDa3yZcTyHSi!PW@b~$eYwPv=!}=EQBW(7klL@xBi5b7QBy3DLfk5LDT1TJ{=qE?m z!9M!}K1W>%qQ=z=W2j<~VqL9Qh1VNM9-O*(tBsgq>&WOHVRBv?wHRVx6xIB~=ChZT z=7+VSRsO|-Wq;NfVbg=%y1q7MCB)9ikQs^BO*sYftXaH6JR_Ic0jL_ab~%OW5Hvh! zfi1AOFHTB#?HFH8AgJm#f5<-qVQ}-HwdmDYRa$)w2b=4uK{$|Q=q3pJ9hMjJY;I-Q=J~{XjkANLf z`zu0k*XT2V%6W%%S3vIr*#LLmNro)n_C7PoMHx`K39nRz@fLm|Yh z3Q_}mrjVQGHa~SToVW@=ZDX2>TBg@PmACQqeG|47BN7-oe-uf zn;%}W6tudqP3f0mc|Wiu!KhWq9>dmM@+%a*MezV&!{2xJx&O9?58;*|@d5UlRb>5( ze0?YdVtW5(H~MNbj<( zu}KFeJC@c*oVBwHxy*3B?O9d=wdCuERAXgz{glFEdD3ma&hC)(iY4r6J)cs^~X$updHaLZdF?1Vp z#n$FFk4KQR|a<=#0sLK~VbQ;{KlcbD51c2Y!e@Zq_Nta98 zd)n&)b@Dj$eE2BMzsKuM?3i)*V?!L`i^x=u;n`(x!4WbS_*2tgcnqEF3^if zAs4C%oby;$I@YR_LRqS#pxt?z=)~G``rUD>ntt#PS_g5=@`eaI{|izhe!c8nxbLhm z@>QI4UW%6Q=Bw3Za4JlF*5(q?SgaNjS{s#sCCqd2vEzZCI;M~fOA z07aN3DU-O(mpdestKjtP#)62wDxfPW&mQQ^c~hz=6ST9z>eH^ z7&fDf!10`sidl{T(OW<7vDF&@z^}Z1K*J9RU_-uD$H_V2a{6s z)YvaMy}Un^smY@*P9hSa%@J%i2TZeWn`ubvc`NU9G2!;+P`3+*nYVY)lO&el0teAA z#ez(WRI|LDr&-8yRC?eB*Yj6$#O#xHiaaD9gDw-b(>2b>0z<$Ab8khw-+*W$+mIW1 zu!|p7P6;%WXN>W*mMG546TGzRveE!Z{|hv3T(O8zQBe5JJj`yDdA9Y8#yy<7^)y;v zTSQUePZiQl+#&lF6CDB!l_i7>=HzDGMoG#@3Uu?#?X)ul+k!bSfCy0Y`7~k>TEo@& zirOz{@6WkAf_3L=TDa*_amE^EO}d6I;tUNk+*jBOv|Pq9b;1NE9tXl5{j!wuSnaJ! ztq2V1_QLEPI3ka?w}c#xPb}7u=RJtb#1d~hwWvTBHQyfwI%Tkz)>Do?yfcNOlT}n1 z{U4avjrX7Z&68%D{H?_Jc8?gq9TPH%mmtaRM{5=tBS*_R1y)z$0;gqdh z&tmZ6T!${EC2)oMKNQg?pi9C5h(w^(&W(|2N*k}Dq{RV@BT@G^wIj>D zCXTfiu4Nj|rczeC>6(uVEk6AUBZh)c@+mOU9y}99@2gcB3H4NHbON&%`x5AXUb=Wl z(Yr2Rh83X|QA+~IEguCuOVI*OGgr&h(xt7@LlgAe zKFl*E3%l3r94?T~+Vzlim3(3p3o_<$#-`$r2*)h6l?u24dIN5B{x6YQ6-?8gwlN4? z=IylPz${7UKJvVAM<dU>u0U(*zPmr_t$qt|t@Hg%S~nh~ zVj?96@>%wSEhBGS!HaUl&HK_b_a#)Ty>w@Y;mZ1y>2Z__(fOd6oYeT_(aGh>3k*%5 zuGl6WcPS#2M&93~A)S8TsSRDErD}WUB8249zil;W(9$gT{qZgQ!Y9Dpmg{tzl(b#vwDh?rEb z`o&B^G-z@N>-Ndfo~>+W3cEs^!6IsASLSdUb98dP%N)aVG08^YoT>@KJ|6{#q-vDJ z-@j+Q6N|eR>4yt%%DUg=1>1kYsTH1%7}{ffopkMF66k?gpx|@}r76V*d!{4}k z6=;U$OI0*3&<|Y=F$7}l(5Pjf0##u&#(ZT-ySWf?i~E_m!X6t3Zx!X-cY5o4nSe-} zO49#%8kxH3{{F(bu-j@_U1ePTI@gdN+Tc^*9`d!o-YuRx*#01UtE<=o3d|xU0Ab{9 z$TGusb3FY0n{I#@DIP}f)GKisSKfN|gs>t5OO(ZCjMvrrO;e%7d(y|_vz{db+kElZ z;$g`Sl5_C1H2i`4>7K zG)V=dnLH?}YTu9n9b2BK>`z58&r5B-3s|c(S0&py*_3p$yPF$3Q~=uY^>+n;iGTm# z0X0O@3@nStgMl-+=*1neC5p24kHdJN#Ka#9^6S4?j0-q_-W7Jvcn+U^`jAakJM*pi zt^!|;E}dLB{3yE$ljb9un7SGSAVty9f`<=_6c96w3|mgX5dh8ScfztcYjDX0nV9MV z3&!E)UQN57Xny=YoS#z;2Y!!CZOv0L6y0BpGq>+@%(C>{k-A1Y7bkf{dqZjGV3;o_$V-}ZUT^gpJLMK z{4F@ziHnPk;c>EQN`$>Ta|sOLpp)XyE(S1#U#2flHivN184W~8BfMGxa;|?MQ7ZKn z9tIE!@X!d*1drAp5S{Jp&YI^yH|De<91tT8Vs-#`kY^gz@a>j<<1M^cg5z970)_AA zc2Ble!f)~vGl)uAj2?gF3U71_-`=f~>^b=Gc^PrT|8hhOiMVHY-7ldtiC@&qs1TZ# zBI_dLFp#l|=i4?VtN&}9DyQc$PY}UxZYfB*xB|lGL*W#*gb^H)ogR~4GHf-^op%m3 z${?so`_>MesL%~&G!Ex|rS#!gFgKd+2T&GRU2pMx`-~`^x3*<8kV`!^uub*`0S7<$ z^VfnE$n63994dQQxXgYvy1yw>SFf8Ged78{8#i!zLN~WvQUNtU$Dut~OYn7$ZmII7 z$kqB2cb<`hy=PGC39qelJF_YQgLD_twvZEVXAc7yDS|6(pTMN~3NrX@lo$z60(PJd zaZ^H#YW>o^@=l!5afgNJ7mZyZ-~?cb$GZaMpe|;YEOAH4vWzsl6#kNs+^83I_Urw= zL5t%6frK3zbz+Z-|Gpdc1W(_xfKj9s?;Qw@pkNy_t_40P3t#jot0yu?6j)sqP8J!1 zSGsciEiheXyb<+wUiw+w3&Z}pRVGeKqWTQObwwU~6;kD~wz^~QHu&OI+=XE!CGvGn zm7I^IFte=$1vJc8OEjz0T3rI^8RmY^TF2NG%uDtClqG#&8G=!5Q^+#++~)>~t6b78 z{W3aLSOE!~j3f#vMLI)43)W5h9S)D?VxTBT@BS)2h?S1S>Sl%yj{m$AsS^LR3uTGA zi)FQnU^Kw}(rBh3u)WS{>B8>rpeAtnu~yxy3lw^JtkQ!79Kh zD=}3D#S0yMcIqLan<3U0?sidG6#y_?DZcQ!coxlD+qjcgCz&4#4z#D*nQ_CrfRrbp z22^7?YtIMd0OJv%^Fb9iKtER&@Vk=vV>Peq!G6`qq8o$yo8ygq(>IFnm%wVGeihkY zZ^Z!v2OrCFdCG(XX-)hrUwt*sTpw^7$Hw;xgDc|ULkhqchjvPS!G0>r2JbL6LD1W&tTYI+bfkcM6@`f0x@Q_%+bX@{_j(#Ti3Oh{l?!+mTNjJgMItCB+JrvmlJP7p# zgE0tcuylbp&H41VW=?lw(u1C`8_Gnt^LEUGkjpJQMOZ7xQj}EZ(^<`-P7%R?ufD{- zmbNhdE41B8nxVC-5%7cl9L`|*8%J}QuP1Mn*s;*iZizeTCre4`&uCuV;v4UhMF7E- zG_8X8U(wPnf&S-1xAnr9!W}fpxhFAbe|~9%{)g_<;$f{UH+aCt6gGIc>m+=B9dh?5 zpe$;*T&F-;LbJv^4nQodKj#0 zW}rXQOIOx_sqsxoCes7{xHR{H(|(O^QHxO59Xs$qZR8Wz-4d6d#=EI9lQvc_M z;k%*RVZ?gmhHTHvx~Ho@v+ykbmUo`F>v0Ww2#~ozoBdWqALzrSPl~kGKSm=EXK|7V z+NlIfCYuB^PKH~%#sBp`tju}8)0Q}E` z)NPzX{}MseVt-NX5v-Ln>m&HH^8bBve?IAofv5i~`z_(0w<1FMw(UDhF;r5_*TBrE z)n~SHonx_4{zo#~JS~vjz5?p4T>W_zyO8X|?OQ2dfA|^EXw>&~ z)-6HD2*@vWo?qzx?j~Sq(ckXFr`!sER4f1OTK?z52X4-~RI)Z_~p+tLL9x z_|KmC4~5fz2^#;8NKwa(#b)A#h>`FGgd(@_>Hi@3+EELFEYV$?_ z6bxhyEylk!8U+Sn{C&V{@|VH-AANbGE;>NA4J1tbs{o>ZQl9l_w=UQ!1RYz;2O!}7 z=NBtN8S}6lU6MvmXXo!_-jn>BcYOcJJO8t%`Ttl=|K#ug;i~-SIsTKs|A{^S#Ge0u z-u)+1{1YjFNHNolx&#-;arsz9Vg>CtxN*|({9n}-(K}z4V(jL8)rbEs=#1`s0j6aQ zG`l_e`8J>u5Pm>RMZ)sY|HGowq5^n2tU7TC0ZKdK)x(c6v-PQTSlow+F4w#j$j?F?`A1FqPF8eZMprje5vxW4@Fy z=7PlR>0&YB%RbWb2noreE?u(U6x(G^0Mdl_@tg|*#23S!Nk)V4N6^FkA2DR(3@6&Sc@cqZLHA z5KmnjYir``k(NVcyplfSu%E?@F0bkgI`6x=w&`oudb;8L!Q>5txP!Ac>9qm(Qs0}| zir(ZTdycwkdBoN394n^ODU*}6Q09vzAzk7QUXay%m^Rg7x%Mj?i79(t z7LA0@OS^M1lVs5`!88oM9B*GbEP#%Gr$GDaKqU{A%~f|P`H&aL<0OVWG5uW{w%uL6 z<58)MUegROdOh#6npivJH<`HbnEp7%{@@P`HVbjtr+;2>B-Iy~&xO)`A%3QB4%@F^ zV7?6`RiqQge8GIBOU&K)iY_XgUWncE{YwTiiCZ8k5`+#6&5QvQZwvs^9w(QAN@CKk z*I-cR7v9RtuzlO*zq)cczy-JTQgk(0I}u$XNZ^UjUf>nR`S)VH?FGIm0)Vb3i~k>l z>kh`Jzu4xxTWoV^(+2h1F^TV{j* zCz%}d7w4#VtqzQDR%be5SIM@BNNMBZO%b!(6$g(#=IsB4Cf(@!WQ+ zfTG`GEDz?_Ug3e5r+3(*5H~1`jJF^0h?k!u_Z#%o)ARmexj(wb=(CN=UFpENo{xV)kFBgC)rj* z0*o0&unzq+=qTs9)!8d?zII*_=jGCD?!#tOw}Achf)_r=XS*|kvE$^Tr{tS|)3fCQ zhA`q<)@-)W>-|Hox-pmHj-_ZfpSo4fj~hI?9=bBIA{ttRr4+_MoIaLX8UfwJS})i< zrh!VwjxqDN#5fF>W^CDh@%K4w53=_<*ZNxRIM`}3WPUH2CHTMehfa1F690P^fCwf2 zL&~<^Uqv!$e_F@Pw!h&BXf-v6Q%1@d6&;CC5|PU_!!yk}ocz$IIB4DRndx9brvU#V ziga@7G1T6e{iIpYI&1q|TW<8w;*iMR#Bx0CtRY>0=B~FO!UfL(9ggizdUmI&*@q$f z4W{M%UBD(W40k%1P-C%jRJxVOMC=}65UMN;wvh2#b9AeXik|!jWYCT3p#M=096UWu496wcX(fk$6;wjae7CaV^xS_Jg zE9YB_nk>yrsXs@Uv7eLxGnA}!Cc7G6%O>>9L*4hcQx5SU<07T6#uYa~P zIrc*Z_p-l4F3-BG1sKOG}=l|p^zy}DJ zCh^M{oc?8+r2PYTbG`*=083pk@wDZIY4%>l08R>zVGId6_FY59qgQP+GAycCU2;Zp ziEov)kn~#LC1Aq1y?}!a_p-)j`s1*`In%7yxx8fIKs;-L6gd%t4fw>G5C%`@kwJ1Q z;+{{ S2gho&fwsw1Wo6eNw)>a^r}PXx+wPBr-iXR+R*w_vb)s zNl_yMJPE_o|0xrHQtOO9cVlhq+*wZC z;&B$MqPS4~ed~qZVDxilNMKJ8u7@~~Be~~$?*2h!l0@|_p6hQB{3cLWFZoD7NN3tj z@aN^#D(Ej|8XW(M8Nnb_5L%~hxXiV#gjhEPY5;<T40oGM`r=(>gK?sn zp&OxfuQfc6w;jzOr55kyxiBaWf4A@vTensvf(p@_Fc(QMZQa=(0SzEndW5?+ z4lH-row|Eyfq9<-6i325wQ)e#Y(Afhps(8K1QW^)G9ru@M=ZXgYx==Uyk386##>aw zAapZOo>>XMUh-&gnV8Siz=Snbom%LMK4(FSH3}UW;|1QyF4tl2uWERZui?=9yT@ZBm3jR&x5cWL+)gY*hT+~5BtLw2I7nOMlHWc-1(yc7iq`)gMk%L0p*zT z`AF(bN;CXOu~NT}qSCq(Z2t?@)NhybUAn{&9u@6DFcg0n4MoKVEhfJ3&(PbyQ=n{8 zW@&d@g5jGo$FROAjV_xn&XaJSQNWpXdBKGn9hz?nlD_Py0b>q$RgUPT zGt)7sp=Oj_bg^$jRFPQ7Fjy|RMv(U=oTjHAZep^#fh+&QIL~^+&&jxJ$LV;gIzvL@ z{v&{xS3meI^z%p>b3nLhQN~Ky$i1X#8g-rg`7P=WE{0J9sW_)Z>Ct-f?fX&&?upc$g4} zy96Awc1X{5n@YRv-XC2qQB?|b^t25YNhyePXc&jd#?z$3Nqfy^CJW~r4$M88o`gA- z;UagDL7~s%GSg=|JEcjBA?`M$E*cd}x}oQYubx_<8z^v+Lu5r*&A}VxqSDbCc`WC&S^A()AfCM8YW7lyzVAGz0*Hz~yTgKoVOH?O~Xo72yAf37xqzYgjcA$gAweA6mJie*HCZmv}r$n`{bCJJ5y zLxp2Ugb{CZhZ5<5;d*f#QnB&)MXCzsIe7Ab_u$-kYPxD27%u2s)waJe4ANG}*Oq2b zD~>Gr&VZ4;(qH44IX%cIQ}<_^n8J@ ztIz`#m&O%Md!6b$Y}14#?7s^05JU?!6*An| zJZ?%so@N3n6s*$ye2<+zqMEB9aBF};(MX-cLGsgQInBH3wY=G}j)Yfk@Z(KHf(eDB(i(`F(WPu7i-(euvl>?4_ zB9lO<2VeD#Rtu*iikeYJBcg}$;VEzzJ>(YcrDZ!zRL`(%!8w*nCu3K6+680@*2&5< zg-oM2sJ8RywfS%)&HrJlJ z%W1xU)dsh@r}6IyC2m;rS>+y}{DEN6>^uZ=n|={hjBjI8uvjVJN-62B|<9Y(-!c%9`#Ozh=D7+1SxX>5m68#p!=&VggP zD83Q|$Rr4B7pfOM4TaJ$wq2M{S&rISdPy=l84h-R->1)6aJ6XRQ~-42A!K*ccx+lp z{K(0kl>p6&wk|CVQ!bf@@X@b+Zi)l(k$F01>dj z8iAg57`pxGX~^DI)oR+Pq46RxyE}-&CpzrFP~Pr*uSgduUZ7JXIammZQt?|@x^`K_ zH$FKT0lynf3u&}FT3tIGSA5vLe|zpo5@Nr330b(kt~t$-94_qRB*QN*@7r*yW+oang5*wq7-|u)z<1V1?zMyTIOf_l*STNGJLC>Dze)L z-B>>8kcscLo-rJO#$TI@PdfLS4&T|CuAfw^5G`Zu?_{JwZNu*jw6l9)hr@JCIPz94SfRKxU9 z?lH(1z#PWYUFbPadnIsi2=W2WgZc4pF&G4<_?7dxIq{|D84y+7+;{3-pdVDiy-MS2ITjRye+Os~%5znh8SN+P0 zo_)K2dqFWWnv;jS0PgZjmgPa!`f1cN2}nC9{$hqZb7Lc-%wXt3n`hdKkgCmAGKz7! zG$tXHT~|=Oajlf2+Um8^U9hWygkVCwW~q-(70cqX2=(tGGrj`VMvdCll-;YH8u#)p zyUHFGfnTxhn`P7M+ruAz9(iT_YRUNEc@&9Y-Vw4&Ye|4LHWv#D8B`3~-A`6hhdg8> zH+M^wb6)vT>sN(=Im(+1$8*8$;q+8p?#y)A=wVLD&0hD(l_j7RhcMG$_;4&=smub~{HoW0&GKdTTiZk63;L2M|v}*g6`!BvU^5W zn?YW)t(}-T!lsm18V{Q@6;(?lr-Ym&#%1q{_AIm;!6?GC((8ujU zhAUBybbn}>tqY$wHD5mt;~cP~A#AR^Iow`&%A*m?Y_t(;R0x_HuEA4pd)HHt+!<|TAC zH}AQ6R=Hc65;|;!Vqh!O%r4x5y-Xh`y5q6nRkT;5ZV4f0WifE0%FNpAf$BX={h2lA zkjk4SS@%#Bq?N&`a+RL?K6Tr{eetZ_{l?TE)_Ls=6>`S9`o4*xJ?1UjL5)=%RiJF^ zq9t#r6WmKb`p62a*4A}h?%abn-p|SD+76n{ z^!G*_94beckF8g*8jbpVn%dR}KWZ*1&z-nV@A5%{>7Cn-pKmz;WFN?B)bY1iUZ#rdZ>pSn zRd@6-O*I?Vf=lDcGxg>Q-YTXb+)(RY)zI8Zvbl~Fy0Uf!u#~Fx43Y#_SnBN4KRP|2 zc+W)t+82{|zk$rYw_Q0`Zo8fj!roz_RTo)QYWb8$SK-So5+(pUU^JYk<~h=K9AsYf zmttVr^3c1{=SX)o`>X*BjEch9=Lt(HqAN4VX8gLve-y3I7TY^}1bgX65xpA0NFh1d z=Wp$}`h@`}bQ2CKs}J>bPuv5>I33|^66PANo_pojDa(cYx7v}r# z=g9268kqn7y0%%WDd}6rezKQjs_H;t)m`vWpJG8j3}EAr?Z)b4h*sX!|iJUr3N2NMH^lyF>C(i^tWf&r7lV9f`y9v9|%B`iO%n87bri&Z?a?NtpU z7wFgSnQbh65gSG0#9gE1z89wG9j_(jZI#{NVY?|Z^RvkE!Xoby?5q+-sY5XvKXT)J zn%FIWsx|I9Rj#~x?r{bY(Owxzo8L4#+Zbp;T|w;C%RKzvD6?}%Bs36U%|kYa^=Vir z6hVbN;70lKA_~z{v2OMr(skSyGu*mFr=3bwMIVDGJ|yedC23D@B>THQ;vbmEDhX41<_jg$J?N zVlM$y%}=bcu~R|dfKFX!a-t+tNkG!~2L(8uW#}p`|Jx7oU|{q&@yDZgua3T#I@`^z zGrt{9P9mPMnJIs{VVIJOsK@ueAYfQ@s;Y0{arR`B&BOAXFeAd{yU1+Qt1%~NxX3y| z2ct%DBds8M6ve-n@17Y>346ep_4xfH5J!7w>KQT7)-_Ld_sp4yOPxwLOdM6(J29=N z-oqpXxx~ZyIo!lPA?&yo&kncELDgF4S{=>61c8Ua!`ulO{2!?jzBZ@3!?v-V__ODG ztl|8yQxy5p8s4q>(vLC)+yXl#CUgA#rQOnlKPBDes+~9eWjJVs6%a!eZMy(K(s7 z8A9mNoBE%y9s{V{ZVoaBJbgnlPBAJR`klW9q@M=klt4U$ zf9%577e_4j!N(8W4Z@oR*LyM_@MwF+ZWYoV&Cj|hJXAaWZCJLbD)fU;V6h>%15cm& zmDok?TmAWq;IY*}rlai^FIY4`?WCNBlUJ^;^W|jwk+@g2Kdr-G?GN{(FRIYE8e6_F z#Vrr_nA{535+-@QPx*0|3zXTm>Z^@AjF{U<eC z=i94Db>43ZTwNg6>)8!?HY?hCalC7bt=l637*a>|Js0B9K>vrOYm0yBd&h9VmR9`_ zd^*$rmo_o~T{85DUKyi*pfvzFj1L+T=}#hcH%Ho-T0ut$r#QsoZh|S5_r@ zsI(p{uG-R}G#tReCiEeVsXO|suYn-xfaAOpx4f_TAgne4g{s3Qs}j+@8d;L&3q8=} zWGg&(%YQlR){+}2_i>8x^^k(l8@AGMUeL`|LbXFttgB!7Mjjc>{_x@(l8BO^?rDzC zUIV0f0v=%UlWyG|^}Ilxu!X%=ZxbjkSog^Th2|eOZ5E6&XW8)K?|Z0?y5i*Dp)l{5 zTb%#r?Be7qgL;PRLBUZ-$86LjopmJRKoq8RVN7XwX5ik=DT>s=qeLWsX?!mA{0A`q z>AI=O<7RA5v)ig)#gy@24?}dZP0#ehf%kHhaHCe5)Ea-)oYYzNIgUw&TBo>^`GxD| ziNo6dHW&kOgu!vy(h6?yIP!F0EgbzpynP9Uv4WAW)z31>i5VpWG)J$`uDFXlH0rUs zEbEdb2GBUs*#p$F#@(cP3GzsZC!}t~Va8lWp7SNKtB;wWc1~csU&U;#?!`}*Khlo< zc9vJKf1kHPK;Y(j9)n=sW|~8xtXI?yMiDj{3sq`VO5JG--}$^HD0S9XzV2XNj9106 zCP6<=lpnWGZ}!EkR$}i@YMk)#aMtF==<&Grt{%@E=6yAi6h28LU5;lRDGQF+7s+bY97OSUlAE#EM53u!- zrm@RC-f|3fak{G540s{cci1C^fw=l%GBGexA0d#URyevoo1#0)!CUHcU(i#J^7CQG zy)?3ho-m=##>W)!clw`~70c1FA2%&sSLN(GF#~fXT+WrgmT-OleFrHrxmyZ(yNb=_ z@4cO)v>YTB#%b5Fm1sP1mYq_{R_S_#>#o7?V$Qgk25BQ&H+{I_*cAtHhhv%GjIRPC zL*oZh-YDB_opz>sFRA1escXB6PDwSheLdOoazv1|tna%lKK?pV=pz|9wdi45l9|~N z@Wn4Mm^eDWNU5bz@InOE2D{PrlpfDa?Y|!Vg4;VPWn-?sIhaJ^=|5h7_2lHzG~+?Q zE7Y|(#0Z0sQ5{7SflbW7;H#Xs-UNmUEn~_&92P_1mI-*V07$9K8;e%N=}N~|afrybC^G;m2S;SuO#yBd81#`n!qKKA0CcW_bU zJMN{LCtSPv$_5GFJyK$gzz#81m-_yl)AJ|5M!X0;+wtC28_H=&+3FEsq_c7C3mDs& zv*=*|l$O5<7w`yT^q@|T?aec;Yb=!PlpN}Cw`gr_JW2O3@yedEGaxHFU+rc%cpnwy z;@<3(qL5{{vokDo&eYI&NlmZ9ypDMY?*o*r<=5=g0g zw6=#CB97o^yF9%yiea&U#RYflw{&3OV=~GnfiIZP76`aMDwlQP@D zy^H`;sK*C4zWsV+hZn4`07p37I)*?$A8mR@z+zxH>citxZfpA+S`GwaQnYe9RjHrI z%!(uY;G|#M&3fg$y&}K<)dNSLiSp}-6xx6yEzdESDt#r=x!nM08dj9Q1PymnjJO%H z3gvc$SWDhnTE(^d8YK!dB5Eu6EjF;G<2_KgO-U72fgQA(U&14VEm#E8nVd;ZZJd(I{j8DTztU_;K&~nb#$Wo3(O$`&qywZmbqD z*?!gIx+z~p(^B#UhnTkZ4QMZs3*2@kEPwn1Vq9p`H=ANA_@3vDtLjlmsqaz$1V!49^@H|)`eo@Gw~5ck)mk+7 zJe2NEe7=mnEYa+gvEVJ-4q3iHcY{7( z1H+*hKD%CaJ*ga55a^=*fs7i~vB6IGGEKnbxQ+q)2tYl<&0K4vDEsRpg6ki)781n# zkLJX1;g2IU(Iodja;>#`z`ipIR!BZ^KhE|ekCh>)x>0a+W=}JgTc{erP8iFPz2}YO z+^fjzz?D7vML@iHD>wlBx&p|SEU%rc<(!VV-0CS%!gn=0>R;OAm{>8v#aX(5cWjMD8v#S zXjWm{hN0zR+5d~ZFOP@%ZTCk-8!E{bDn%tr_FW}}kc4bA3L*QxjG3{7WJ{7{3!$>_ z>ljh?eH#oT>tHapnX%2x??caXo^#IgJm+`L|KES+#S0(z=en=^y07c~z7|y@p+4q- zO1Y^Zuxz71{G{B4pM;BY%NiVV%i*6N7)jYrE4{B+`*o_ahE6N9*@%9RXlW$@XJtxx zn&sw`N>Y&X@wt9yX<#qfLh=GU(vfl;m=6~Q^5-yLY%GYpy`CyJnwt2@-CH0MMpAy} zu~m)JdXWa@ya1)lRmPlSwNP08dAvM&qQ!>S$&pvxC~B?Ih4+V&`YFwTv(BowyLt-P z&$3pHZ}v-XG=>?Iv)Y}qs-HOu?pz5qWi1=T%gQd-GCS$tKA&uRb<(DUe3Y>g8ugVX zQ&(xv&W5-zYBqQO*!P=H%2%hPk#PWmPk(ne`ZNCIv8gi_=Z~uPk9<1u)bg8A@*UFW zBhn}8G70^~c}tSIr-F0=;<&H=>>rDAk~wg{UQmEDt#|#Eu2Q0~<@lR-FW-J=Q93Wg zi8j(dS)=)`;MKFqQ3(YkzParH9&h?e!>5c-Hi2CP%uitBgFAckHzPl8O}+o@6W%QC zE?65~xf36gd4&$X+QO?F=fzz>ss&`RATzhnXBliDv0LT+Dwt|&C!+ua^2!nqQaN_+ zo!O#53d63@nP1!9^1~jRs*(HIn!{U~bBq$5;`d6><1)Cav%{DjD4$$ZxU}YT90# zgy=O#?OpoV`QXS__4dc4&aV$*^V-z>uX4w{oXED6;pc_IzHeta))w6L$lny_3k`o` zl@}4cgM0PBNW#$}^LN-ka$kXouRsX}?Sj<-)c}-G@X~URtaa}~KRQX8DbqYX$gO{k zH#%aKq763p;DV_gG}*ta ze8jt}v?qRUHgcx)K3|{M>=OnqX=B>vawoNC=7=k)rW@$V3^m;)kBU8%bHQ1)&1UzP z0g?oae&Y~b<8i8Q-pFqN-ELwPc2Mjt^a~gtmRXPdgc;F_^KUsJIUUY9Pc1PNULxzg z#f=&eV{Sk0aWWnnp;}He!Ix?*V@{A z9W#*o62b~(dA0HXTt9|ee{XvEMe{og6z5};BW>7;@5f>MFW{+@-?#5Eo*(j5LPkm` z?wo;NmzW<2cv4VklkNGasqX&0)I=w#)p+~ijsn%ngzwZYP`>Zj9&W{S!eS3Iswysb zgmfaM#cu1fW3N=BJVZp`oYBbS561)^KCDrPQ-hUpy|?;`iz;WDt`3@UHT8S{wOs!i zx)v?P?;(ATJMYN(zD?~vGTC0IjhZ%Xaq=2o@e)<;ynakKp+Gu>H(2SDn6Mq+W^zf% zbeIpoF&U**7DoCt58gVlzGobgaz`a|4oQUbD$24k?}EkhwpgWf;&` zt_7+7GIgwPAQ&odUtI9+_TY*8gNtv@GLAo9Sy~#(74*iy+<(WAS|S(+7vP=pg|GAu zkh8$vp$pTp_UF@cmFl+c4S&DbSG7C!Q2FyWocH8}jzsBV^{h?zpjh4JaK{O}fPCg= zM33^dFrJ#Wr_vlpq9GFwy&^Tn=|gj6FN0XKzn;O4yDu?dpBCJV^qtGfv2Nj>IdvwO zWn-=7q^O&`wvDp==(OfH{T#!{J1TYjC8{D`0is?QG3sMBR*Mnr%bU>if(;L@_73~2!`2Yv z@-GYgvWx~w9#5Vq&lj|%ZPu_R#ZypLY+vnC+bQppfO_l%Rn^i8PrWKq*`ecTo` zxu*>ArW4U8Q(gC29PgjY_+{8vaR2MuFXnGF^{h_y@!v2_e>D2;(UbFz{WmjI%U*xc zzNwmiT#s_4ghIh?B2s4Ddr}hRy*U8y5S=MMDZA&JTD_W>h~L{=0r)w)Z*a96_*A(S zl4jZ-=^+Igq%-gwFWE?Yx^{ATJV$Xc>WtL$c3mgs;?=?)B+1ekhe+t(xJz|+JO9p` zYlp-@dph?n8F}4;>(*%KqxD-$gNQ)_ojv~Aj8KOMF#D7ya6<6y0I9tVrgRpcC+E3( z!DCkxm+6fN&EBg~b>GFvB$Dt%#50+I*f>)1dUyOHFgm&+^#c2DYpcZ*42!M;D0M?k zX-!>Bhd2TwdscJZRY_3ZTjmsgde+{YoVpi!VZ~~S*)G#H^ay+L@Cn_4v#$sr%U{V; z7l$)-McY-j#Ya4G!)+mK(r!4ru)8${LPzMC;(^{sP1;MC{8BSlU#Pr%mM7PvLX+~6 z$csu>M!du9u*kS}u>okv6o$Y{@mKrSI8LbNJy+h0 zVS654&NBeK>A|R1;N!8t9U4B*3I~qE(XaRDq&%MCi04mOJdK*gK|yPr#?Vj0tv3ys zOA{S$=*?V0KhUbwuY7!>y28*-c4a{&NRLYl4J+Anq)~yqPP z)~tl~H2f%2Z2{0zKigw0L8ZsNbl7=}-?Ik3u++i>dax@I#hbdlfL0EoA1974`+5*L zXTi>#v$c##yf90Vlv&>3#Fg(<2ZGNQ#a-a`M9M#A^J0W{d7tgQCBP?;qJXgb*D zGneKlpG7F@nOJr?(st1tEaH$w%O$k#=k6uWvR|}U$*23uXdTX`$*TA$n!PsJ^ z7VS+go`tw-_ZL-m#0Vb7OfwhQ*d&d#_}0v#YtJz-�OoFa?y)<>%7kLuqR+)xmH2 zTJ%1dXMf(@ocGPt9rq7Q8mcvtuAZGfWd@yTMrJu7%0&7B7W}5%JN3GaYU!X~pD){8 zj$303Zj<mW8HmZzXu(wQu zK6mbMydK93{QIfsldRDimCenJT;h=ww{=ylRw1O;FEHN!M~SRrOERd3kxRPWmmuuk zqF)H&UYx8na&c&T@@|5PM;6BJGIG{xH*;C@C6bFD`q45vymZmms-i{en3n81+il%3 zu{Ff=31Cu`K9&;;^W7*2-o*@#dofNKJL#EPi`Vr{8cA%j2=!vxNX@x7t>TqNk`Rmm zxq*vunJ7^2#qvC=;VqgrvL2OoHNjAucVom;;)-J^{BoKI2+NNcCO^F4{q(M}^J>CY zwN8xDGNLrvhu{}u-my!1*hVk93@e4CRlFcysQzqZa!J8|+3Qtl=c@HgigVrKQPJr( zQ8Mz1=t!;6r?tl>U%fWIB;3afPP3Bzb9WOxCma~jFBd)p9gJ=*@;*M>44Jc1PU{sP zR?87I%KuT_Hciz-h z`24ptX(f4B+577tg^sXqnKrg98YXgHReDag7>QM>X2T5M0rw>nl&-W{|4$`^1TiGz=2C15mlZOq;y}!TrlqJ>$!Q zJ#vrzq?9m2xs$R@go=yKh^GSt(&A2ct=ikxHiG#U(1%Om(n`5)jNmYAMqBFzwWdJ% zon}UW%Jw8HJk6NV;vvplUn1Eu0#q2zTlkja)Nobkd#}`d8|?Nz0eXsBP5sLE+tyN> zEPYeDBeO}pZQBOyk#w4wC3S*4vZnF^nD?yoL1@naleQjMCo?tlJA!uw3f~vcoTg`J zME7Ee>|52aDaqBv7VEX9ChPgmGPPf0U+X5xq-IBlG>0Q$R!7)*p`zMMGMC8qnlW7> z=Cy>4ZbhNaS?Sk4?i)|4k$4(->=#~w)-|%5hE@%YTF{vXb!um)QeZoC{&wC2j!q?v z79**njkv3R1$U#ewfog}dgtERHKZeQcfhCl$0}0TR)xBw>nsumQ0=2O2Bb!IY-^&8 zp%&YlqK;p=XqwPeqr6LR=v4;So$#NW$I99qmzt%dTcaFJjwW?2%Fb{3E#aq!P+y?m zzE7nkja8nA7E07C*#p-SnXA8044mSQioT20cH-covGsD|kj=c;cUll5JD>EMGNtYO zsywp}DGu9#0nKgXYzrWtMq9Nx)du&xg{ElKbnto(G<rH3|OMEFlby2PF`YZy~f3|;rdQ#vjS3}WW z*DCbWYHhVQ^KO*4$am{E(k7#4snLeSx84OJ6i9*BE2&BgCit0#*2|Z2vA%(>GvN1A zd}`I34+h0^g^Pe98d>~4z0+u@(O`m;xqPjh^5M-+th?h>XVksCc>)S1bl2iLARtTB zu~YS0KK&FdBjui~uXA$e9?1vK=)RjepbX?mZ|3%><3FcXM*H4a9uuYP*hKgPBjLmdE2MF3EX5{vYGq;5g~k$H z;pj#QF{_nL3z#AKU5+I6fSH;uUq z%>0J&hN!&YVhxO5-f;{9%F*HdwLI81`A8;UD&`_PlfiZeT75-AO+My?2oCPVB~^^u zCDfA{+P`QxSLf(slCNLWv{HOK;~b&>$Gtgl>5@+YqN~1adg$|PGan!64arCA3j{oq zd{>BWmfj2<>~gdG-N{LI9;q`A)dt;)Q!?j}I9aN0H2axs#w+mm3F5=L&V&*%P03|N$fDb?XrKfd+uG!&9|z!RSqj_68R}k8xhW!+M(pXD=A)`O3l@PW1@(&#bsU z>_F>-H}COe+q}re7i?(7CnGoZY>s<>314cj(NDu<&rFS}O9hG_0XaORN%Y3++v!6*gS@ z&b$Y^`9-gDR&S$8yfepME)$kr^tt+6?i&KZBphDizw)9w4=>;}O$*n0PIAfN?i7>{alE_0`1b3HuT93zCv{47RIUa1MhV;N0BdEB1A~@x`l> z*~|wNqmR#FA*T$iSY-j~`Q}20nx4f{nRk{Ep0YaF$e7-UwdW$eAk@p&38fz1hqDC% zQ0Mq~AvCEyTq&)W=2w2@B6Qy|?H+a^@$c_R8s=^n}AhfI6|e?5ONJ+r$zFV{}d6IpVZjMkgI z{c&EqD;FDjdnV*C{l;73txr{hk0nVtGtr$cj^3L}=bH^-1AFD}{a72yg(q|fBb&7c z`eMuDfVSkyC|~ytQzt9ruLw(cn3<5_9pRdFrD{Jj>(7G}gqv(p%#OGy-l z`9@jVMH5?iWxiF93R^U4q{DGxl6Resz1lUeCc=u2ok-Xj%r}^Q8?-m75@{*|-ndlA zwjWulPnIjAjXYI{8dq@zx%*k|LUOP4pcXcsiyU=- zxpU=l#r+=^S1(bw-2?;lzL}l1gRl4XPZf&a>J&;jW@+sWZLdyT>A7XIX^9Ib}wy@k@TrqTkhgT3yK-T4AQBjp5mZET8q~1w1(Q z2t(=WK3%=CcDA4lGC_tFwD;O*$Cee@y-~@sQ@x5p@~WGto;YBYzi8GpkvS;ij=>v+4~n0M)%fZ3+y?QnRl08Sfq)R# zdjNzflXy9Drv@|8mKX0UIZ9?}XdM^J)rw3ie#ir}bp2pB0GUc8zhuBIKyxtgm*1d| zU44Jn>P8#QQ?_%;xDtupHvt7-RBXp^Hnci?VSp&_nqkFffA%v(Ai&=Z*B@~VrMoFS zUdPaD#Ov76nlggyY0x5v76pYqv?wHU&oKAnfm-Y!#1j5RggaeVeQCgLXjEM@CU-y$ zdpwHId!7;K`?#7PxB8Phkkag z(Ish&V9TEWJ&0tXIX2_>tFjzIsF4}JK(b5nMbFu@ZmpM9$Lj(?e3)>MB}k~4j@>Dg zWZCgS=w19_Boafyhyrm4*>e6Ya7af6=yvfhwD9ic$Sp)+j+x63U&?@k;@IAvPg=|_ zR|WU2kR$B7uzQn6wtbI4n=er9Hw4nI0#Sr(+TD4eGpKn0pCL^X#T2fxncZL96opwB zDr`OD{KZbFiI@B8Q1{pArEu6S@Olzg)?#j9eXJeE_M+F-X!TH~t2V=5KiCp1Qlo3q zGo82RlE-X1scSQRh;eC2?o*q#a-F;Sq+h$q_(vx%N8ct z&1F9)Kfu?3JLP7JPo}+lW-gz;nW8wG88c9?oJ3i@dc&-$C`B6>*ZnsH#X=fzE=Ib3 zF9Y3|0kh=Afm3r23-sRRx*arcO@if2px?hIV65&C9)-&p834mx6 zP)2{(lsHq^HO@&(Q)0$z>aQ`&-pM9lh8~Dgcm{ejfUqQ#*JX{1vSX?-U#{S_E5<>b ze_r`!lB*n9PaVPj!p{+8k<~eVJbp?h^mV(Lb!*SYa7+9mXZnbZ8%{OkbjEW8@5j9E zd;zhOTsNL|H@Hs_2BEmy+jAlExozv}bKMMt-O8dq15`DJ$#V}TVo0f+Ht34)TW9|B|l5PFwEjKo;uYna>H zxKWXC4>SviolD~3T7q%WZ+W|+>`aJXN7u@iQ37hWG)SFLyYNoX8W_jqWRgMC{92u% zgTp47C(mBcuRyZvvac47*h5o~yuGw|v{9UwA?vJ5?7^R;>D~jenj%;+C7D+zqY*m#WccDWZFXD~^ zP9T7VjG7){m-Zvka@Xwz`uqX~lU56_{W^)qV_3FHtDK>!m`cOCp$TZpm|b5lR>t`! zBl2gh%^PnKD|{0Gcg*AWR&6e{%7Y8MbiwOtr!Febu=$b)%J#BPn19Fmyt)Thrts08 z1_!lJzXve#*)MDjC8TZ2F}@~)3W4^PV)nxq)d`&=E#^&V>US<|)Iq@SNJm5%cufkn zoU#DMOrZKH+31NIs9YoURs4Yd2DT?H@NEkjI54fkZQPcifoaQ9QT{QPMT#p#t6V$iQ0RDFB|tZ}q>j`C>LIcH29b?_s$e zq%?_*B5xfmw3`wl_fv4}M^q?Nxxd^VxeC8Ho!@f^K_A+dz;V_~0kO5I4vdF(CF2h+ z>)}}gqqT^DUC;cLRyhD!Ef0UsEniV{6SB|myCq^h%k=N z4qS{6>dMoGCjg2f7V+9K&j|N(S}f0Tl{jR}?5{aLd@lnFR6YftjAib}fdv)sb&CSN?tQmEz*&=6q)fUHO6i44JuzPUr zdQ%E&@h3PhC40W`Td)D0m*cf?;FVN+U6UgWTa5ENtlV;lMM6F~=iPOH zzvimh_#&O7ISI213=tGA6zP{$`}y}?028&IUg+@}&s;MXJr$C5EKE;oDkNvXm_eR+ zQ?6g_nX^PV;I&_jgr#qK8_}qcJRvy+8*R(FkF&={GZMeoZGI|%<^{IT-M~9?lcLPALe|V7T+d(3*al+DCF}qCN&cte78t_2KF0`bTuanNxu+_>(K!hD&emU%g%sSK%jMPF<33Fl zdQ(1^plp1Z3^G}GVLlzTJXkoY@#8r+5B2d2k^KQhRP3dPc>Y`en0` zHZmEL`Q=K$`p>Q$ts%=9_-!5~b!s&f|2h3VGp~%g#4QeCzsZT!$*-jq;_=FEUz|N$klsySJR_YZDnj*H*-_l`TbTtw6 z2^p2AaPCi7XmE$xTu&x?c>BdDOFhvktivf*z`F&F3f^^aNxABl%DE*V84ti4fXq20 zuYe#!1i2A3GsU&C zjaBRBJwI{+_8&EDcdZTZ? zi`puS1uYK`^&r5Ixt)*b6S`$-SvqjM_6@VIk9^Kbx0gjr9~ZwN zqqza77_Yze30EFt@S=17!75R$XV`5j1Y7;tDsS#%=-=_;OGSG}k6SD&*%N_=y2mfQ z4Ljzr&^WwuW9RZI`6wVfd~Hq|%WFS|Q2I~~cXT~fhFq|<^VZw(I7KafmTT5;V<@`Y zgj4K(UvlkajrFu7lb`#lW;JOCKQ1=MBzV2hLtekp@l&e5_qWK88*!%Do2;z&xhPhZ zBWh0ob_0zgH+pY0=Lk+@mj@1UDRyhJne{%>0o?egOCITec!h}}abm`#lxBqbe7Mvn zl2!(wx&ygwC)`vCeEYv9GKmlJqVo37@!U{}(Tg#N2z^%OJ+5+(u?bGB=<{jFx!Y8Q zl}o!U@Ih%Lp9ODHm6*=E&IuX)bq;`({PJqjuH{lcs4;)>eL@Uksh~x|FZwxlBe8rt z0Ma4-4OO0MAGK8=m$|p?Y`uid9TzjGQ}faFi&`%O3@1Qprla)Ktxia<;T2xg*D1rJ zM|~0K+bOM*3TIe*B+MJ7Ix3z zWmKYNw(h_;SJ$5vhAq2NiEp8+H?CPdz-j*2w;~pv!hfR)U70Wi3+{d@R;6~;I<1)* zli_w$;ZUwC^Ue5AM2mbKSmAtlkSTHG-8bB%5;wm&B)=c%2yN`U5UBLHV7!1njp7A> z*6HKkRF%7hAV+718;&N@B%9in`%_`*F_GuVLH9cBatz+VfC3%>5ZvE*fV{LchDhMz zH%k~w@A7=TX{D86xmH;WV5fF&=D5!c--#;BZ^_X-}t6EvOivHHWMT;~N-<=bQnGp{J>-f|+ywYn{Zpfi$wM+$cQsT%)4N zn27t9mMnMoIQWG(z33L9uiR9`JCE~I-yx77xEo|Xsf>)cj5`xE89gspa^L2YhW%j z&&Jn>J~z6ynx%wh0qDDGk;05nUv}+*ZeSqd6JLz@qk%-Om<<~Ne}LLZM|!h>VdkL< z3geC<`_>jfaI4412B8b5W9Nl!g^!PBg_)XB&DoV49)(V#Y?>8C_|%l9KG^xFLKlZ6 zg%sW|Q&!l171tLHV(M}pLQTIL%9;z4{F*kwsG6p(Bx(7kG&ty{k-2ZRZH!mNf(Q4? ze6LDG&1dbt3?L)IYv=kP?}nO|-}>a)Bsnv;vT>igyO6ClSqizw>)R;dh_o^OvJ%H5 z0rthl&;n0d#%Bu%lG5H6N9)l~+QPQKsVf8D{vhuFX7Nn@-ICAZ?f&_FH#>pYkTfD9 zxF9=ocG1?iV!zz3)@&)HOxmx&WDr~!49@N}y{4F^T?_6%t19u(IHQ%8;y|)hVer$= zCMcmHye0ODKBR}?tCDVhY4g0F>zVT=R)T-;?=M#Rk>Z8Apjpa_IWfamO7+y;YD9+B zEu2}m{U~(R#f~P$nM0$G7Iz774IGy|J*jglc9A%|IbC%CJySp3(K&QwN1_Ft zY6<++1$HwYWxMrx)Zk$2{x6k5i&6ox1BVf`?iNN=052QNl5s!-F4G3CL45$O$BVhp zJB?vB{~Nw)$n$7cx(d%pxpM>Ia_=4$Dv^VGL_9w+TG+NIN!o+I#?394+E@9mhVR_= zZI>V!Bb9G}Xe{GN#ty-7daWG$mODmZca=2`pKWnC-2Bf) zbr?N+71Gc~PT;yQhu>{{4PZ1MsZr#nV>jfpC(MC@@q&oZhOtXeI}%%XZ!&)8p1OCE z7glSS?O$=zmIi(gNanj+g$(nF3Z|@czP3Li${lzoLdvCnd+S{W4rhCg*9T3W-BaH0 zYCS~x(&@E+bY8t#an=B^b9aO68DKX#1A5(-r$T0b2@mxX-0UHlDC@z`57&b>aJ)%# z1H2RuYdhm|2Q#t&bUwyQZ=spEWJ(+5|Wh1 zSUm=L_EEp?EO&(i`i6VmOz&C6eKm^~pG^O{UStkAXP4sg;bY#_MMmjDCLK%(1&S7wyt}Hk9#O4H9?lgnw)+LFC-uWOmw{g9YIovheoKRtLD$#Z&A;;<4l^ou<`m^7nWiksj zkhYl(;xQupA*YrFJGo@=_=AkN$N@Z>) z-mDMqwKhg^Tkw^WHEQqA>Zog8N(thr^~fxLnK~D8RcD>Em+c)ewxvxP^YxgVTOhbh z+Mn^|E3OfNlgh6k^aGCNPDA7N0bq>%Rp{6KU7Q=fBbHYc;<}}kD5l=_)VVBj4Yt2i z%)`PRYz_llN3Gmp?jVgRk$dz^Jp3#I^%pu(BEephh=ac7vuFHCC8DQ)z42|?jsobmTRR@B3eu**48Xv^l3&2} zVv?d?`=Z7`l05@#0#l?WHQZ%e=p*ZhSh(2LSi8GLhjUhsq#Wv7rdmvVPIIJtZWYeg z^3*pUvtw)uyW2CP8Q{U)IXk?TuA+@l+v+6jG8dD@D`e;3BqN!7Jz~XCr_j|$BGvv= znG4lxaRUgWuX=mw*f%T{@|LS3LJEdFU!0*yU6LFZ@oWuDOwHzAoc=K{&=GeHf8NF=GczG>?FBg8xg;^;YTZ%>(b*_f%yqZg zXgw?fJ7IKTQ%$;K7>q{DEMP0nco3*e%~)j1HR@NyTIf+qiD8<<1tQsWo<)lYC{8AR&7nQExc?UwF5S< z>kG?(&2pPTxW2$oibI?~PLPs`$%n}fwfc9s7I2C+RM~16zo*J3Kj!j2+EO(#SoW(0 zt=)1|V^aJ%CdCCCC$?lTic4?zexWOsleAM!^({u4b2aqZd3{N*0bovGSc*o7WlZcG zh(XpJ3yocMcQ#i7fNSi8n|;FX&Bst4rfUllrpxt&5w1a?0gx{@ae;Is&36w*j=J%~ zX6XoT4Y*rYfNb;C%d~<*CMmZv3ZZK?b}0*=nic&>CChn9!4@(_zx)^-8jH!Z}ppydJtV%A?1S#9lpjq zIz)3xZ{~9)qW3P!wU#rs1-)t>byG8LENiAq=VguKeO4xm1$vKHFV@rNj1g@RE0dmVJ!G!nlij}v_7xFygrU6#>RTMp@f{b}XCah!<{c`z?ex6LW z)h(-xq}(*0@v1EV$4K71n_)jyh*fU3U!LnhwRF<4AKLC1ZL+Z%67dsIu%^qrDcfEB zgnoZplbKPEQ(>vEApFClwVR%{N7%dSKv@F*bqYRRAxuMx+Jj9+QX^dZyBSY&vy!Ch zChXjZC)y4ohtK#tDiinCriOohdU&-O|tjI znhSEHY9ueM?{dXW%=*wq0!+$f&a3R?pHFN3YIcEA`V}?yUd(QjbyIUx|9o?jI6?|& z4Q`Wo zOmu4!34svey)n>9@U?kMnLF>6DF8U=P&ipLfOf`R8vEP|%o^J&s@omAO8xdQQ9)1h zyvS;*y-0u!s^-$i9K~ZyTymFucz(Sh?>+h(lCF`G?KtbCer(f7#{-@o*hDLxd~w|U z7htQr&N((s#wdm2^#Ct49qmL}v)PDZTdGh!QphbL+pP1(v=YzlarF$>`{RXQXc?f) z9&W&p^V0kHFlXZGgkzCH(>=_q)To#QApb|KDGzWwiM!r*PxU^f#!(QDbyf$K@7^Lq z<0Q5kKf}VMZ>A_K3&ar1+m5r###&9(34dm+^V_P^RodN-tIEk>4B}a*bd%ZCAa5cX zP6J2DLWHfg4Kn9Lds=Z$nqNB>MrOFC0CDtRiecITsNu(-8wx&q=}dCj5GjhKq|i}l zPvY9E#Bjjl{PM`6FC%TX=7nQPT^Nu?XywbjvOgOwUn^jSkJgc9NXrCLRww=Vj(FEq zyPxrRU4EH6YYhLBUysJ}Z?yFf{?&S%S9M9>+>cF{Ylf|t>mrqq&8M;#uIucr);i~n za%3+~#@CbS`S+KNn-+o2v5VcN>Yd!1v#(F1cMfs@3dk$B9VH&!_8+-Zjhv(*`TFP4 zggUwOC+QV$`_D*R)1{Q8x+InCo;$z^3mDykV++kABDsB)o+b$bwG3@`HBe zxxS5lDC*Jw+_=hLg?`d4jP<>ewyp@B)>h59$E@%OnMs@rkgKz3bATZ$!CfVJTx;Ssm*bjmfcmt*fN zex8Oy5)9Q!eMlR(4fHEUQD?vdM_` zq2p*ZdVQv%4j7y;?l z2IkcokR68=MULe4xQ zdf(+`mi`xvujiK+UE%}$&D)6&x9^70!6_jL(^3H_5g3rTI!)jimRJ-4FQ;F1KTX-# zC6T*@6@%3rr$WaL`ifjuQEx>%>ynIIW8~b_lZLwxm)pYlfjv@Kyp{+QiHkj-W#OnF zvGXFAW4^MYw9@Y}WTC^LB`;P?IOK_=9+|=0n}o5i2EiS|>!BGvSY5A}TKRx<`5}-@ z8q_JMZf#nSqfv18nBf4wkw%<-p(cA?B9RDjlJVs}b~mCxdXs#kzzO~^O-VnMgXABI z$`#h9_D3XZjg~BOUD?Co*uvyY!d6(dv5WODhvf9-ylYgMWWT&d`aF&S5{JsXE8c~% zCU8oAZ~MiTf^WPYE|r?%-kBF0fkXm#Q%!R8*lo(_iPcZLnTTy%+7iJGHI>aZvA{=> zfIjr10ule%nH=|o)q)m7#$^Sm>1WPglFezeenr4Ppz#Y!esKdR{T%cFL+zHN%yM7L z1mWUZFZA(B>AEypj@%-p2>J=glwK1A88_6=J@Z{ldRdRrGwC?YgK#B|29M*B}hsHwv+(lP`{Ur_N0{e?wwOKL!1eN}aViK7CwwJCrZLjRAiA zx8dZGpEm)D{9Scn&nnbpTZYpoGkkvu!C&@DUHgPcQXEzsp{FXRC^_jkogESLp@Qv0 zPuu)cwm=1;&m==#g`Kj_{ogYlBq2X$pKNdCzG4+q*@e$#JSLl4;cjaHLw@Jyv64NI ztR9U@TN#@ZH|Hv z({!utg5y&nZcMvmX|kDg4dHlkPLk3;Gltd#GH*jqQ^v})%g$O%(XB&Tj4NGpA*l%>U+c=`U@0rG4!5IF8T&fOgC!9{7Qx3=OLHBwVD z(0yvV)JiABc|otQY!0$l%<*xFj{1o#9Uq#PS6?bQ1l&ygbE5*&{1(%_9Gr;)M{5)bKC%VEZ?ushY zhbCr`#p-5fniXetJcFmXyCIPHNCZjQB$5$NOZO5K9J?#?aVD~ z%$0fwl|n9ZNja=FYJ`m2U$0|?MlB)@)*H1rZw{1DDT^v!r&iV!_UNP@eoqH;S6|i} z9Uxub^)|z!saSGOV4D?Q7bxaI=%O5jK-GQ6Y$AL~rgK_6SHpas;jMrKnXy#_v&=>> zopC)@%M0u!dsy~k_gf8bKv3*i4#c*@c1lT@79JMQqh}s~?ofpbo)-7lDvQJlfBd+A z;pw?UPeJ$8L5BTP>}T!=w~Tiq_Ar_L)g{Ke^08b1D*~nR;6^;hQvG^3@ID`-53o3G zx?ShIdS;p54dl7kOv?~H%<@hiO6aKGZQ;Vr86Nmk*ja~<&- z+dHo3k{(vRrq_}9k{;Nc)1vUfDHWR0QtU^-uZp{*fPUh7v1^a7l@1lZpAZJ#@K5AK z6FANWki~o14u1}05Z&&xFtEc!T6T;aU~*X7AfD*of}@$bsx*9~&{8vrV~@`^yv{yv z6LLV2011J<8W!K!q>@GLt3B4$EF;)9H~}7?W25-B?P~(_BRg!#>O0%jx=dn6dw#KGxDM_$;pr1o!1JFfI#}+o#0a zC`v?%QAXM3mU1~Y`!d3QD#TcKz~XZY?N;Z3`3dT~q!m_oS^g^r$^M5AniT@_|9x?O zu4RYcLmo7Q3Oh{jFadR3vC=rX=RW~1<;CJ}=5b}@`%Sfh&zIhs(!u@s9QG;ruY7Gz z`VbA_si;Ty?gHf4p|pr|%66Qrb@yqH?guYm0Cy~6t*zeG4lR=s_IUu`} zP3m9gs;>a$VzCA|N-T~Z&hLlModbZvSsCZ6q9^~hx_`XueWTw%TA5}Cki5n+7`qJu zn5_x1n@%_H!_DjOIU({RxU}!9SNMDei#T7Md%WmX{%l6AdTv;FBgGqIvRXHD!ERi} zaVy5-)W*@jtrW1VJtu(7Q1^t$BWefBA7S~E1n~5@#Z$(mKjQh@0`7cj(9NZM$PS)w zA6}84cooDjoA62C0*P~+?H#u~MF1?kqnwCX>j}WUFJb7Y(y=+(lWDjk!XRp*v{8MF zYFU~`w%2ko?opsT;ux)WTTA{IFQ{$-oc8{;cHHde;FIm|u5|>l)aGE#-Hgc*!C2q? z65mZ_pshWrHOC!$EDQvAGP5I=F&~1CooemRLbl?ZAI54YNmcKtMqD7!3H11FE{urK zWFA(${H?MB*yrtO*M-9utJVFp&$I{idjH6_IuygTB8M)1w#Jb%>z0D>+b@ltDBr7* zRss<_kh+o8eIK{Lj28QU2!&t|wsinIwF;8n{dJdNHOWa%_wPsMA42A&+f<@Hmh-6N zn`o1$Cf;21fV6lFY)r=qnN~bNts<<4^JGsjBh{kBzvvb^Wn4b}582$20Jz5cGjeVh z4i|mn!eIbXdkskb`cEY+2Ya-5j51zjkead{@sRwyJkJ=Z>b1O|HrrDf1KeSa%Jm-4 zs=vBvd~??f-x5?^8_flpF6WlQ-EE}4&fR$YeIf9yLPuoIR;_mzuiqSlG19K~{Ee!@ zL79S&5^|fzNt~@!5(m!4f4tP;SC>xGovJ5;K(HOp(Ryg@c@faV?r-M$H;oF;hv>Uw ziyYBji4@91U;8EbjV9)Z!)&MB^%jG-Z!pw@tZQM!?3FewlwR#W4$qm_(EwtDVZyA#;od#IdI))WtJ5^Se5C&G|Lk8sKI0lt$7zC!D?Qw;2eF4_$^`dc0{ibf z_;0JV zoq&PN^U4)1@B1{Cm2RcthgVbG%|AskVE}{j`5=t>hqL;>`09&c0FBy9=&0PEzZ*Sw z=-P1Yi2#MpJNp0k+v!%rady4>nq;nn=iMpzb8T{;`Rm&J6PEmwvi#*|{F6xjeh>ZY zAN(b-e=V1PE49A__Lso^`C9)gR{A#v`QM$RzXbM|!2Ve`{t7Pt*|hwRuIyg|`%7T| zq#*w$R{9Gd`*$YyFM<7&4*k!^>Mw!)p9D4nIaW_yXS)H)d;NZmk~3@e8#%2(!-p+o ztvF=t)_Bhx;siN5|91@A0)M`@sDTvmp*mPT{hqOG`twA@=AF$}z5E?ZgujFh1>P7( zqsHT_=l1as%77UDp@>-j?+|w&0-%>fwiaFveJw*p2d%e+I*NI0JT^wa>}iba)+qhd znv*{^5$WfoqTIfQ&@^M#-psHcMhis0KMlx!|7k!5PAGhPnVC7J`W}!R)OMnU7fUI8 zy8aZ%9SORfV0ncOQrZCY+7v$BcOo)cv>epMEI1sfYbg>es?l z`}adD5(^#`S={ANa`>F=zY(4&+;PZkb34_m%y;dH4XAK#&K?I%Cf@wNERLmBkT&od z()j~V5Ba)s!T9;j`=ntYdCLKGJNiV@?0q_RjeEuH2bfO--1Kn2z8_#dZKx*N)5;db z?pPh;YPa${(@NoqW;I3P>n8BlFo2K^NM`_ghOt}`_y{O2EmP^AN30!|36ghq z9{`Gb6`dN?O@h75ikl1Xi^(<(6*#_}PbZIGEZhuUJlkV_l*Uioi;# zQ_0R&E4);;O6JC62jx`oiFf$IG(${&i=iRJLbG2A&^cn?sjVmem0!&{x9 zH(((V$!wzo47^mhG@&yHr$|q>>naPmcCZ4uBNri^edl;w4>;Y8sj$-V8r3)FW4{{+ z=AgR|IxRZat=IysxQb5WL`;dfw?O-GN$}2Mb*<`>Mdy>iaO0KeshqTgcG%vEU|7P< z8$;g>VgaVN#`E3IdZ4#I8ZmRr=h0o+QZ-3qBt_()!-DbbN~O!xJ-2aJ)`NoP2URx+ z2Q^eXqw-AV$mb!JtMUS;hiaa)ea*?dY`0g4NsoG{`Q$7 zJctLqG=!|pDYs8sX?$?NZ^E{p#pWgm8mUS6zg33A;PD@0xTGmUlThTNdMbsX5?O*N zULa_crKVy5(%K4x1-BDd(25Bx6TVJB3dekBB97?3)i;;rzf;0NOl0MQ&vDCpT~*+L z%Tm{Slu>P}2@-C)ToP6H{k-tgJ=2Fd7XR$=|0`8|eCusOBb(;4|JUA|hc$IY@4|@l zthE+I0hKDY%AkM6xgBr;YpbGBIkKp2Y#F^&c0E2A4ZwlNi~`TK~fI=5s}9%NunZf z`vSej{qTWL?`&z%kT?b2IU={up@`e7)|f`}*>4@GqIvJfr0)K4msEv-0zzX))}~xjSNi>`grL90sWkAVyGuo6Y^8a`6;kzGgTs!& zZh_j?+xZ=m+ea|FYAx4~4_)&n$2U6!0Y?uWz+GEziY-+rLYR~dP4Y*uo;X~XJkwxI^2iXK3N+g1ACo@c}Sfh`61gzSM$Kwp?UXQ}NZ<5(1nsW1;QF~4s3 zr;SQ}y@9Zm`hE0B=9%B#U~y5ldJVonvxe=~5$n|5CGY3*{WnF=_4R)B2ZNm9Z;wCH zw%-0Qup4xZCbmtd4cYrW@P}!i<$5%3wtt`^>TdKT3}#_7lU{r?Ss0&m+^hxl!i~3E zUMU2;3zqBprSW%*mav|lPI=+s^wmp8&dcp1ssFxdnY?1ag&!t|I=@*~wzpA}b&yd9 zx~Vo5KB!61tMnNAl~GZ(v+^#|SGnUMH$u55*6Ds_$J5AO?fzl&N0%S|H3`@K*+I*X_f*;2%DWUZ~o;CVcZbps#TxWc!?O;O`2bIhApG-G-=4*W?R> z$JGc&jg~Bo@!cPtjyt4!c#$ejb7CULx-i;cVy*A_s8b$>k0DxUjIn#?K69P=Z&o;; zuXL@Y0Snz3@{`#df+!5V!T8y`2yMd(y))?jN@@IP~nq z(?Lh{O*6r7cxKIGw7A^HI|kTh+VHq`x$TOxu4A8oPJ>qlOm>f)ed;~#mQ}a%pLF!! zL?h2HR1cjI8%3{KxguwZv43Hp;5{kqmbZI>-8Mj{l|6gjlmN}rViw)d286};TYg`= zxK0aqa*=a)-u8-N*_I|?$E2)(srICN0J?xtl8GPhS$3G^T@i=(#W?huns0FHn!okC z9bRcc5_#jbyt=$mc5fF2xB{w_W zt9=aLlxah27O5KAT{rRmb@wTXhO1p1=r>}bt*Z^0gT{U+lbcYTsxO+E>+q^v0f?@9f^jY=! zC2X5vM{rK!<)03;=KDUt2mj!8_qM~PmH0b?v*u;*-zqIDUEW+OTaezIj!}3MfQ0UHZJ;^+R4K8}y@J<(_zhmR7WqR642VSig-himsSkdVye(SpoEYS{ zypR)_`*WG38$E&^5L*YI8I1{7g6>wd{B-A*)@>@G!R*`9MLzMmrTM=i8dtB}S~BEQ zWHxBn@bYAY*CKM#==d$o@aOK$?rxXM^E?Ut&ClMYyk1aLq?}o1ITYMP9Nk<9wD9d{ zys1UhoVyVEsoyYR@9XUiuapcE!XlqNELXuk=oH22_G$cZqTu$4A+t~09LBeyz1z*# zm$?GxCiQ>W*XC1QDx@y!tLGT&TbgfqU%xo_!^U!dMsqZ9+Wvv&o`;)$0geeSGJ7&) zKJjdENf%MC-?>&>Ml88!mg{a*rB>nHU~?mUOf{>r;PJl#&`C4UpX7F0<+@ zYqvjI>M83p0|tDd&M5>K)$#rx)c8_=VRz&N(6C z75@sHxl|Y#z*VOLqA>OB>+17F5f3qEhq7{aWL?L#gFqB z58ty|LKoaC#0F{V)4bDAluuy;k6v4PoCz9T0f4f8A<4US;~! zk>CzAVFu2t+{Zv!OElugo-TJDdl)&SG~F)7lFS?ko_OKbxYZwBabu(v=2Z1cHTW)Y zPFnypMFZNtoQ=HNA_9659Aq1>EZ_pY$BWHghIV_Gmm2GBc(m!^iF-9aDPGq)wuR*P zUpK?~rG+TFh00a1?pl}NfF7$j$My1xH*q?M$pJ3QHtXG&ZeloC>N!_Y9doq==q-Qr z`N*4Cr&yqyF@p5K0iD_IjVN};oC5w}!`7UOwO1M){ROtt&O&|kff(ROi(iU^E5VUq z*g*8s%6tb%hQkl?^@{_5ejkrMuI2W;sK#9(sSeWY>z+cu-*Xe*v9|8~CBlLF74kcYd?3$r?o5dH|; zVn<1)ha8TlpLj^$@AfF{_hi@28^7PQ!a+mh=dw+D+)u0SSlY#J-F7IMdZLIO+*=~5 z>kGN@@ns#IlTmI!gte2zgZzn?c5I~RJA8_L!&Ut5I&|I@2kJRF7ypQ73!8^rfYy0# zX%&ne=wR;~vG$MK-}hd8VYXaNBe?s{Pl~S;@}g1NbL8hOTD8$MMDCw2%6|MV?n=u( zH=yb_=un4~O5eBO7$#M#O+tW8v-}OxNQ2}$@_kk;B!hB~? zh4RzXm~w@M%J)|ob?P+7+c^4f3Az+3ZdRb-sqVLOC1T;@H7(zV2;ILn`?X^Ph2IBa5^>hz?kE`1^4i@n%uYLY2eBv2wLO42os3(rD~5 z=a-e}-fM0jkR(r*)>GHT&fOf7Vwc12I7CIVmU7!*!Enm@EGuY$kF}c8oZH(g!f`4O zUay7f_Z2?c^sMW_X!|x_CdD^(f%g5T=yRiMyVeKC>d`b7nvBqDJd0PlhV2+J94z5j z^+DNGO%KYVMxOy5eKfRG)nOv*!KK8kB%_DVI0=kAlD!50j=TCqf%~U!A1d;Ojk(N! zuTpFR1bw2F?tY@Uoy^C%)PRAk(Vd^>x-3#tMO&+tAS5E4bc+?x(K6kk_t&0LR{pym z0T(A7P4-CpwQk~qWYFm+xfG9Wk8}Kh?cJMzj>?y0IOse%?_BR@^6>6C;ZN#^1Kj3> zPu%^$Os07jKWemI-yS#?-o`poiM@O*4?R|<^=RJ;$M%yC{r9F6xV}kstNBpw)b6#u zVUH+0r!m5$sIbTg`J_OIK^?~$w>_%XDt=0Y zpZANGWn`NTu;ynsngzelwfD@x9EJKUHaREP^(p$bQs{N2y@TM>ElJBF%|VA>&CkV# z_ceN1s|RxL_EU05hEV2cy|R4={!vn;iX>>fDQ#tj6<>0d=reLiU9+#jFAD43f7^#s zdpsRsVRz$$|GAMzSKM-HcUz*zUaK~S1erK>;9o8nNDBMj$0z2Olw4|f)?KSHs{bOnik#P2LADk81vOoFJDl^zh=eysQR;dF0 z{#&}ODaleVy>FE{>57WH;?a~YZu)#}71ZGH=u^=OcjL>0Yhxc};;AnvSRI%rrK?N0 zn`D`=XSYYG;9{-FNkYf>>0qIc3bEJL6n5>a-tF6;JIal*@@mZtR`q|gsc-4RpsZ(T zK`*X>u~P9ve_-3HgT@Aa?fk~OKj0r5#kPOkj4X0(J$HJuDqOfiqotg-Gh~=*hWuq| zooYgnPhUexH-zDMd#hzpK1EU$33rfN!AEY`r;fPJl43Dd zgl83AOn?gOeaiOUu&G3Tc<43GDun6b-j-iyTOWR1r+QTR)|_w{#(y`r&Bc^MQQZ9& zeZwXa8>hLUbkCj`t>5Q__vpPN#p@tF6LvFsxy*d_kwSZO^Zbtr5zmZO1r+PSJebl1 zw<`g!VK>Ux?S8PYak)PAgmU$qKQ=hqo@@(>$Wjmhe@4ON_6oR9X%$v){XbLZXI2e8 zHc!QWl;0Qa1f?cg!I;et!SLe>CuT=t{FZx3&s zu2cZd`Y0*moHRnBu|DKh#$!0H_+db=kjiK2o*VP8ol^&8ztSCE*m6Qxc< zp8BKc99gX|0WML8ibfOr+xIRE-o4y#)tQ+#8S?EKPcEs~*%(OR#h$h`XhAsO-x^y*^P(| zqgD2_Qnt0ivh{Y&7Q)qY6$M2Tjzoy5%-RU@`?I{p-;E^^4nMkV;y&29JY+W?hJ`u8Cg8? z?9`@P?a*^65xWl(1-0x3b}*kL(d~h|$f>clqK*aw2VL6rfreLFCYvn_Mo{<8=H=W~ zEnI5Os;GY~gmyO+@IdSKjtm zkA&CYwY%Vb-n~^nb@p05V}Z&Qp9BNW%l^wO>TSr0j6AYkZFSuqPFwAY`GQVs&mv7< zAj8lFXS(aY0oG>MN6W6Q#2cz0M{;f?Ax{Og6zAW%(Uxg1uPDGcKJYl^OLk?y!eOo+ zQF@LXkUO+uNg}|IsR7*#M+F5| zIh`iIZ|HVi{62TNbGLy&A7&JArt7rB(Cp#x&YCC(XTswwu1 z0pa4zT`dh1^EtAFWw=1wkBx^LGMjLC6hgd9wAQ7Bg(x!n4(@HmjSUlmT-%iGX4Uz- z<|@W)jkMI?T@;*~ak5$wg?@oHr1$Q1BXG$c22B%CAcIOplU-rZ*gn-GmCDEyhTiXO zo~<%t(XVhl~O#LaBHAC(^Mt zIkQrvZNvyv<80!DW(rY%GazX6R9Wx+oVt`N_2>qi&>IPynmI8WPPZbl){ipt+yB@{ zy0ZGe(A^yQYR&h%uh*k))gEVSpfrTn9IrtP?d4K*?2+gF=W84O(XAv42j+aK-dJrW zr{-R=+gE%{bQ~RQs4+J1%VDqkpxeD`+caKrR>a1!#DVHkomb?gxbrO@OO zmEHdl+7YI(H^EdY%v%tVaE~S6B5KR+;I(=U9WcHJOH%x8QoW!5;5_a7=Cx2M3qGgF zRKD7EIkTppaleJgRWxuhL4J-D6qc0Az@kfwhSVUe+foi|A_(mpr2-t^Zm0&G7|Q5B z!>Wib_Wtm1OOL5p-=2ReHo5HC8KwcrDAu!h;3fU`Ox`3u0)*_NW?coTxt~~W4AVTP zyztveldUSd>Pu+zlGqyZ#$H+whBUnVEtJNYIt{!wu5G`s)i<**e5UUHJYeygRTXGn zhh`>CRGY3)b{OL^y2Btax^Je;Zio9KTX0l>sI3sbq246g2a89)xnrgCEq01)^87N9bWn%c_CD_+P&f_=__~q`y3{}6Z&G_JneUO);XJ`7)Y4Jz#brn zKHU13IselL(kH#UWn;)uazMgz=@(7kuiB@O9r=2(^Zw;}v)kc|F_U)yx%&mV@sjkr z$y;S%w80953J8_I1qBF|uTd7rDqo>25Go*4{+55g$U8Gx8-xl76%Z<*tewFCC~If9 z@$<$1g)1Pjs+^oef;0g32*{brNjJ_7wn02k%vrVnXwIT}LZ_|TF2;Atw`_u+KU{gV zmXqd$U9qA0hL)2mPOEe>m4p(Pl$46a$kukJalwQjkXK*bH9W=@Fi|8`EY?Ka)HTfP zVdRjo#^Pa)@eIKJ%SDNG=*lIEY>qbdcc~7h#+q6v)CN`K?;ODX;Cy1=|74jqL6l#j zC}A^845Z7liG88>H4}tOmMAvg{+}$y?SVn;`MI*S-iF1wKK1Qaz##y8g0=v0F)b{? z82KzEL0f>f_*xkd#07{85Ep-|ZGKkTz>mNf0b>M=5imx+Aca|8?}2;)@&(8jAYXud z0T!je0v#xzzu*B-9Dw2g6bGO<_<|I`#l&Y)0Br%<0(=6pf&0 z1VtlQQ35MUU`6Q*9stDwC=Nhz0E&YzNCB*(d?p3Z7N9M_iV|2+0)^6N9sq3t+5!}f zplAd|BUn)aD@tHR=?fkJ#Q`V|Kyd(ygD*(o|NAP6R`P-2>0SWf`W;-qgJ}s&OJG_8 z)6)OXX$ee4U@8Jr5txd=R0O6XFcpF2)Bi`yr$b3W5M6n>ki8r8CFDG!>2ie|1A4C0 zy|-l50%wadIhS;6nzX}SS&XT)a&&q8?7Zu`yck~yR=x*`4YEJ*0lcWH@&@o6f%}+ zKil*_={BD~Z<%)f_^1plMvHxbhJA<2AS^zk0c49AG|XIpZ1EW%AX|X2_>2aSEoRU# za{;o&XMBKc0m9-l8bG#~LBq@i$QGaR0kQ=Mi_d5P*qXA@# z88pmXfNb#@A0S(Ru=tDykS%7=FmnO2#b3gn z=G8rTIN|O zXP5t~B>w&#kS##A_zF-!Sb(qqVF4x)Fo}S@F2EKj;QNsoCHcQ!2%piOptbtPZ}UbK#YJG0jmLES>n$;04}ipB&=jf1GETek-w{lFTVp~1jNXf zi1_^(P(x7vX;v-_oQ3S_HHRSeE!dD@*9jGg6n6(`OvozxM>V zVFBcnzsoL=WkHq&S@!>oWkF^InH6N#zw#((5zr#wCR=c~@0UCP7JvU#^pTkcvV`Q+IE^_OX2qhn$)EPJQ8ZKYeAW&)gfTGH26ml`SsQ^$_3r z^R)Y^nK7$@w-IF#@&fq)a^bIXX6{dj>17nQuozQ`So4*0#h*jfIXC3z3fHp()1NXn zH~(<366EOKst z>ZT!Gy=>clTdNS3wD7yKgUh+DzpBbR zuSKn`itWg;S~VxU>F20br-jUj57h}@KH=X+A2N`CrHDl+V6IQP>S}(7TtyC>*0&gV z=H%lWodQXQX;LEwXg=o^$47CJKD+em&z`t?Rl}Z?iz}vn+8GB7xKk@dI$q~PdBI2^ z`Ryj)a9}?G8~!e?u>HGEJToPBmQl-&&%3^K+$-TE@m}=Q(}bqT%PX3fhpPi{2sK~Q zZP96~ZU&bKII!I!URPxlvD7-qL^2`fMA5{TBqBVSN0UqlV~0zdR-YCoH5q&qsh{;D zK3yxF)Za`p^&O)FroEk5{n~EqR=a6y+W?@=T9P1hQq-y{h1WTCukn6!!oT&uNZ<*d zBp(%ATFa_jH~sOi+Fnt8DCzYwnxM6^1j*w8k$3Le_^SRa5Z?=RWDWRXT7GMxo6mt@~iTbpG^KeM9%Eq1D_SrFBN~ht@Q^i z=|R49#!sDaqVJ5k-881ZNpn3y8ixPu182>jH41)a8gYap)BeAF3JAB1M1Scs4s8n! zyaFBA@5+={{NWhhQMf#?;U@95PVk*r*rwUW4Jqr8U;ERtwRM;I1iPro`~MAr7Xbvy zjQrFF*CA3*9F4&;pIP_hIOOfb{_~VWO!Y$3N{1wG8RBkOI!}mHnY2hJ2k@b>B+_V; z6rh12rloQiUt>GCLfOG+_DNjFfI8+A1Uk^phL{K^c9c%D%U4}G1f5sv64D8Qa*zRJ z_V6w4-ARuF1iHvMaD;hvxAdN4ilKpSMgxImGKbPq9E(ZTSI4b`@~wlitP6BVvm1#2 z&6wuLQ1(zF?c+LP3$C&8n@LY$w`~j=zKQ=7FP&Lu*SwKmIT@V2_Qi5$zX$pe{G!+a z{njW9eds1>G)tJR_4QbthX1k7jW!adm(^7Y^*L4{ zvZuh>;yP#$3~vplXAS0~GLQHD>`&1l&t9flf?yYRsY9zLS_7qlE1lArwX4bsesndK zUK{RIfuYa=BOjT+`7LlHw_hFAgDCOFZI7h&7~m4? z&q#gtkI_KgK6GeP2-2t;!mC-2=8FY8rcXJSIRKo5JY;u6IWrj!y?WQQ^g70ObFPf&f(U;4DVXlH!jr8oP0AUW!X@}TLf))l z@?QOCX8A-kV_i1yH$9=JxaBBzWCPLop4XJ2LoWc&bU`6g_GPC+Xka{KU_+A(1$kTw zA^hs^(Ws!7yr?}U>hc};5SckV?9eh8wnOIMFYNc{=XF#Yx~WB{agQJ~ zWAv}IBmn;-<=YTlNCa5Jv`%paKp(tNHs$1f8=Y1FTrEp4>+EqIuN{i11hMi!N46QK z5T4{XV8d<^o~f7>ls_NuOwwZ02z&?N*Xoqv8wBNq0HPY{;*P1uJOex?gGz{z1;892 znvDj|{2>c~f&k_U)`#J&Joafuq+Y^Xhk+e}$TKK66OXT3begdgw`hO*RRVaTh+520 zB^0NVP(CJI)80S<4~Y6{T=r!dR$g$&pM0}Xip}#!2y}F%r%g-gF3G!gK`YyCAj_9d z(jONhgIM*NpVjtM!XpX5qJ&C!_c;MEg z5@edR1w!aGdBIOea^VpfaiRM4*r-zyyPkd(8@f|GWZfBuuKtNW1D>%{9*K(Ro$cPH z$(S;TV*}tu2-y|ye<3LcL8^mr22eeYFbrwK)V&R)_b!C1Z;{@6sl4FRRdV5Z*}dW1 z1Ww*bbW)IS)OHTBtKEq!7W?(=K;!<{JZ;ghBC1R{j}`b*^3KkNzMGK4A=MSXVAQvj zj)a@@cVVVN`uWz4A=z6~CN;)&(^6-Q?=nHA%)5es+Odh>iFGAK;(G!Z9TTsUH1@6? z(h^55;&38!Is``KS?}Lz9BO^FRh$JYa7ogEm$=vY48V8~=)B<4b5T^-&dA9bTzw3v zRULN6Q>ni@lTAx|lYBL0?(PmGTnr2@$Hm*U5Ozs=+f%yQ7L#fYHKubAnf_33roi!E zw8D{48$u%57i&W@DWcU63*g1O^jlh=Ib~Op#p9D46AA-#gOO02B(sO%{E?pF3`Bs; z>IiNEyRcb|@x9PtQwz-@#T!`m43-cN5T6y3<8cF!KgaFg3CnTQWk&S`jBKa_^ENO< zj*j&eQW*6FZ%=DzfCvNA4*Q3vKaZJy`ZEMN$}SJ@=pMi!cTnjD*f)K(p%Bk2+-_Y7s^+6Ei7!PrR_X&HsvAm|~b?K_I zq4kp}QkEAqAjt-KG7uC7)biWi8LyT!0$A;-O0-slBVGzDx>FH1&O2^Ud; zskn8p7KjeJDv_FvjI#G0>~L}Ogclp4Jske!=2w3$Q`Q>7+PaJ;Qn{$gyy88({DP4- z^tzS=G?0P=wP@3v15oPR8A{zXO{oT_aD^)NJ?whm{=2;1e4y%~Dn%OJ8au9BB(|fT z0!gdEnDTeu|LHqVe$XB-7j7R=O@g=wvWo~^6s^9h4--8}NwM&ZX0;Z_w&PPk8ag7) zCe-5NGMe2R8h8|-*~d~J97Gc?Qi!i;YPgJM2p)L`^$e2@b$Pso7s*uC&x8bFl3JvU z#AL_JmZs;(r_5so9Fhzgn$tU=`A7ow3Ntb?Jc%`0ljz2xGOF_UJn~eIF_JFq4Uo)7 zQj=WXyU}R}$uRbkG_$>M!r8J&XH>5E5vcxHqbz>wG1f_hHz{wtCMP2^b$Y4tRayds z0`BTd@jDfBy2`pX&m7pq_R4Op3>a+#4TTXTV%RWDD$HS~ToD7H;`@)2&va=~clAeG z#$A~bZsR6&@iKa-+u__g<~n3coZmZ0OF~lsIkAFgyf4z}Srn@RtdzLA zVBo?;&cJBhfO5;SfQnM@8Xqkv%E~2;q=R@|Xpc=HcTkS2PNl#N(iGU97bDffW%EM= zZvwt~A&U<`0=)n_fF;0M`jT37Sod5K${d8L7fA^QrF;WAf;ARQw`G55QJOVMN*p^+ zYBge88NG?rVPwRBEzGONQ8J-$<@`i+HYbQz8g&NcH9A_)mig0 z;}#!A?oUE63J7_;@dqENaRhP6jiWAzD9m^jVl)G`Y>EJr7cX)iQ%%mEiy3F|a7&fyWLa!=FacLXlr7>)YW>g6c5O5N=jDxdi^UhZJ z6sH8@3vqlQ6cJF7>r_rHK=K({NVaWVWUW7x8_npoB`HqH#t^wM+GHH`0_B2|oVur( z4svP-?hoh@d+G-=VdTD~96ir;9F*BBKGfZB+-L|T8AWuoA(UE#{`>%fP-$9`e-%8Y z&`^j|u1U@*b|T>lO2nk|DoTpcc&Z`3iSvLdS78C<*pxUR}PP%~WW7HPV6m+@Hs~ zS}*QZB6RU9A_i%8sC3*qCnnogjqUA4+|Xtpbvg&>)irhd06_Y1Sxq;kUpj}BO6Gj7IqBR zkiY7(X}fh|0UX^mDHhiQ!GRl%N+`}_opLHJCjdhUZuQ#gRC+Zdv-0wyrdEEP>!gaT z0G1|QX@}mD=O~mgXl)~zmU3O#_ZFul8=70Z&u3z?Q7-x8Y!;;0F{Uk{tAZ@((qu|8MxGN}4$SL?bY3={Thg4&N70ZMr$`?NJMBgAAUKnGSNg9# zB5O3SkVzt!I;oY4+aQ{Z-0{H@fuRM>Jd2Qvot-Wn)wM@12y)=6@pyf|bP21pxCKu9 zB?oRrOwI%**~h8+;8xeb0Q7%mX2hhuuVMiH=CImt%Ch?PvWZ{WfK$%{P90m1eA~;W zx->`U1yryiYzLg+UTFr6cwN|2j|RgwJU_5;T&<#qV(XQ(rBWsf|Ct=#Z@Zb*Zh3v9i&e_c@DSj7^{(P$=`X$&$RV<<#=5EnVfIlC}c< z;B?6m8YMB6mzvM}V8OKTfVRBp|hS?^hPoZt&Z6GG5Ti0y|LgFP561n89Ay-(x ziVTEz*nu^pL0*Hc;yiz3u2yDt6S?lHjgV{?)05=lU7OKT7vs|ObxTeAxnT2q;ZKsl zC^ZhR!jp^RD!ZBN%1`1%4x6`ppy)GO$hA8O@LEPUpBm&HnJ~pU+6t@6;%<#u$&C0N zfVv0(bw2=+>H^h%URLxW_k8i5A#`oaxE(MT*!X?=j=W4}kndo$Af}pkA~&)Vi$^HLcCP5skkRL+LW{;b16p%GRZ~Am(Pn|j%FRm&k0a)@_TzIIO?Z8z5*}Zn z>p5;@7@U9{<(w352-2Kc$$!eOZ;Oe=zAx(zlkngtec_o;xxr~xIO#A3f=QZ6jmsEy7>i3u7V6u-HO=t#kE z7Xyn%OW+e|35UJZnj3#S_EG>g7s;X)WQtRQ;9ap4S~EE?mPd8Rvd()rdZ9@wjdm7T zlu)a-etISJ^&}E{sPkR*s5zY#(b4ZT0BI=I<+1WF23)Ak6PUBy-6U?}(N>*{O2s_? zN+mcPK2;BJ2bPyjrA}$m*@r#=0B{qqu7{L%0#-S*f4qOBg+3VJ05BkyPkyQ>U_3J1K*uj3hg--UwCBvO+J*!`e*4YjMX;3m;Ua15F)QvUN>L+ zzEMjS%xln2Vkh)Lazx|`QX7L7OCDIK!!%KaNJ?|Xl=d7Zit|{^D;y1MC7!}2;qx(5 z>FS@zJJJ84xGFI-+gwPl(8}ZIa>Lz-w{61h+hF6rYC>NF*y7g|B!<~J zVhAOc9EYzZ;t^O62*m4!V*-(9WY262Xk<`|j!UBRyz5F>tuW)t={ruVhc6$)eQ~?U zdm@?}0OTFp0eg314)ZwKo%kjd79af3J_vmF zdAex$gd>d#%ya_5G@y4y2CL?=>KWS8<(z4@`U1nDK>*ng1^Zwz!zdT>cr1l|X}~re zcBGgfC=l>dcfvjFnW!MBh~Ppg$TYElwJYJKm*!u-n{*cc!k<9dKhA?1gk+z8QP~E8 zd9~X~l$jhoIxVf3lv7t(L)5CZbq6f#mf0t`Pi|Kt>f`WeC4I>mV2!tDX1)DYW{|2O zdXGR2!K=vPs=7HTLA)NIy}sk*6WA7r`xKU4T4sm1rbXy38fTxPQQO^;2zrmNz_B(A zTxR-IB6$LofRAzl+w zypah&02`Hr_F}~0J4B)y6)56}UMA(m?K|M~* zo>A_9stq}dy#d{0|3{uBI&DiEpNBhlgozIFlE|Bd%9%l`TTP${K478gi9f&-gea1Z zMuaWA&7IiLLbpQGFCG`Rl7ROl!VUCU%kq~UoV%;p=49&n;$~tKzKNVmXL8t37dpaG zL}09om6<|Z;*>eSL~^YMYD`)%Fyp#u)-qiK)bk*d-c$xwE~S7R`Xnl7?zPH@u+E| z(-`n0z(OaM&aQnc&hurs&}n>LQWSqGjIZXGNf!EM2G12Oop6u?{yTKQYJb*G&cFOG D>ZM5n literal 0 HcmV?d00001 diff --git a/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg b/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg new file mode 100644 index 00000000000..7f3e86f5482 --- /dev/null +++ b/packages/cloud_security_posture/img/cis-kubernetes-benchmark-logo.svg @@ -0,0 +1 @@ + diff --git a/packages/cloud_security_posture/img/dashboard.png b/packages/cloud_security_posture/img/dashboard.png new file mode 100644 index 0000000000000000000000000000000000000000..0502f3fe3f2db96128628e2522932fcff020c31c GIT binary patch literal 333959 zcmXuK1yoeu`#nsED1v|pNDk87T|HEN7qxw+Qle_ej71dqSz8knWCW zv5iAuAiJE~5U{)wfctJ~wSlVY>J$Ks^f%9o&9DlT(o%z7yR#1Q>;-m_Yt&-Nl}|RE z*K(hWHx~Wmm8VfMksT{bMY-psvb|9JG7uYQRrvD>*88q?wb$4M#syx%qGIHgijNiM zwR_0objRf9KXa{}>AEWfy>Zw{@xl<- zv8BZci4OzgMYpRNSueBSb`#P)f6vU0bEUp_d-a3wv0gQMkj32dCqZPlWZX%3$~po@ zL+W2_===GU1jKAD_MVqK!kvqgG&w5e*wH{Ul^EADE7ZJ+`_P+XlV}%gZW8>Pk$0_* z{K^MUuSP$ICq7H8cj|H=X`eQOkvCbH{ciU&PFTq-k?xU<{#_=TU_P$dB(jvDcST|v zeW5(E|8+`S*+aS`AMn-w&1jjkU16+|L;7oA*YN@8#?+Bo?-KXrdQKkAFY#_+ZBN8= zTnf(z+6<5QBWUFEC%D74{~=h7HF}0wx(wtga${G7WpjBp7RJ6w%}I!3@rQe`fj&02 zliiR`F>CfefMR(noWA%SF3I{Ar(lqxows~ifJ_4Gw=33Inzwz*(clXQ6#nN9qO|vt z6A$nHyfDV1S;I1mz(2#rFueHio}Gl40-Kj4LX!b|_>X$^)8`S4)#OJH?5)7!kIFms zJZXg^r`M#L2!BOo7d%#NEhK;04mg<2-@TP`*``|U4i@_(dA^99$GVSGZVg&drk7V zmYPFJJ&EA^Qzw;$q{UCPL9wAdYy855bhc6Fe;!zW6EGWjJ>opVs!8>OdOD){Q**+8 zH=%WhO_{OzPmzCg!+m|$`ZdGVcyrHOS+1F{pEW#@iU@;tuM2zah#Q%a@X}{So4#NC zu=u&6zkW^93*BTbO<$GJ*cYra+Ucl8^%+4(I1w1fNsXlJ!LO%h`F-TGJX0IA`Jy6txN* z^u+XCN-0aBrJ%HT>J93yEO}GZ#oomai%r$5(qe~x3~6pF4>b?546&tou)_>qmVYU$ zHW25mFdQ<}F1suxte7%5HtaSKG88MLf74!mr%6=h@MEW{Pk-1*s?=Y;GCz7E-iez! zvmwv_lYgveL888xkz++k8D$yB@KhHxr9168^=Wcol6_XZ=;f@E@TlW$b5!@OZrKd^7e2r^35}=3jOF=lY4@D!*OsBko3%Zzkk* z!LID0n%S<|Z?k1hwH9?3r59Bejq0=<*hW@FTivdWq#RobTNV9pj%SXdjxUa~k5|Qw zB|Pbd=uX66)8W$2ii=8g_}BVxNFDne`2CO=_gh(8IzaXI&M0rZ-WA+)-uSxJ(qA7_ zIQGcV)yB-LyXCf}(o5?2dUCl}W*FUs1ksDq@6*S~1=v%F z2=ERN1XQtAu*(eBJ>KpG?l4h_FWv5{VraxpD1IwgN* zB3A8y!V?yr`GFT0-%>177tyA^&?ggmc1UST%LUD*Yveo$Zqsh#@8H1BCrQ=K;&1x{ z=^VqujU9`{i(P&)O1Z<`)}rR9*Y{26b2_CDMZQ`WYcDIE_T9+iO#{#9)cL`Xl$a*& z6W)_2dBh(09!aNzd^=#Rb4?EIpp1j878yU?H6C`-w&%4U?7L>2n)0kRp`6_1PKdeqxth4%8d3i;YpnGk_nCP=GjXsr zQ|S^vyH!PHOw-g5Oy^{N*J24jg2!E~R6@;HbE-07qA(!)kB9S9Z2xwbu4&0r2R+55lRcp0t-6}3D)@s%A_gF?ZYwG?pJTbL^sRoSq z$uNZkg?Joa%o{aYdO#*II;&4$r!pjg1%+Kdzily`SY3Cr#n?QpNB=<-{&-zdTME}m zFIBgo(+jKVtN*c6eX`C|?^*fN|4eNoIa?K-C^|F$m#%d7C!gfQ#KA-vKw!WBWb{Z{f`MmMTHWbS!0T zC!bC#GsL|~c?k{=J-EgE>#e-u>oITg@xt^bYP`(+W%jfwv@l`b|0HfVecEWbDzBxl z>0jXTcCccr4|32l2O=@QJ~ipteWfz3)tEh+>mxb70`Ks{G^`#E2h0Wh3K%^+I7&P@ zIevANd;<^8Umk5j-dS9?Pa<7FR-osy20_MfwHv+Ostnk_Ve>7=JJj6*NL99Db^I7| zo_*Okj(e+9s-vDqEnOM3b9QuT^=EB#_kI<&k-%PrnVhvAoQ7DKwB79!=YtnwHliO| zXjnko=P%zN-Dadp0xG-LyP+$N9UwXmQ~|p1j%m|&v1Cq1M>R9755kMKxh=kR8JNYl z&9b$%N&F!65|7094+jTUTbY8NmvlL~JC592{;~=-!mlWbFAQh-fv-b!zC6J)r#Ydw*0>rn-tDbLtOfA%yfIYzwe2k5oiCsgUoM&WpsVd!~nJmD)Q=OW#?D- zU{~DU_?3f}78d9I_z@O%j1$&_`w{m2L4AMRW8wmw|2u<6RDk<`W1O-7K1}%d&Ib!i z4(pYYyg?xLQ5b%NqoLnT*2?f$#=OOR$Ig9|-jH6g=#WWcIgptzqr6 zN+9pWQFy@d%~x*-r(ZVX;iH+34oM?Ab*D@^GA z$!V$~*Bdn#mu&a~22u6xr&;1x33CECe0z{BKj~zp!!aE=I8@b8RXw~I0D_XhYhQM? zFyf*8u<6y|EI?g@!0z9X#MI=<%i%l|?T`G-NH*g63x+Br^6oDIbt&-V;>mY>xTPBl zJM9Lwv;6R-TnBM904I9n`{tCi0p`68a%+nG#<;(KuriDp9v@fb437ErWu||r8h=uh zNIrjxfOZaY0JMEm*grj%U#$enFvA}~&*4dD#09}MM93%@1Ub7-9F2KiAGgBf21sG( z06spn>6^E_iwz!z8Q*#?&l{1TJTP*2|8%T3`j^2AbCS$CP_C!n$ z92FIoMdu8aY^fMMo<`mzt1yw+eES1@>VSf=`Q(re# zaHr_l#v1yg`gV$YNB>g{5x6l3KN6br6wLBzmmEMjMSp+7PSZK|APS9-?bDPiO*sW8ovsMfp<>pf z--OB`VrBr`ZsIQz5hw{WlvHTARd1JU2cU8PLxsFW@ABF)`WZ)l$(BAZ%-2&BuKxjV z5Y-6in)k1;?vfYtG#%%v6tZrK1{kbNA=l! zDQ@>Jag*!C$~CAhDC!V~!@z9OjCLG(zitY-#)CnU&U_#l;V0{L(EaVRn_htVbLZKr z{66TDZ0#ikahVw&5{*J4Z&pnK33NB(p!}2Dp6C55cQN1(@_ayFk!IZwc1GY3QRm*JNlf+W&dp?Dcj))>y9KT#ot-QxnG zIC*Ns&4}H_m*;>r6jm7)%$Bck|9)uM2reair$Hq%!9Qap_-WD79nyk6-h?ucxEd6{joQF5dXf5(9R#70 zWtR^_ZEx~{AZ4G<&K(`#U!kyzzfNk79TsRaz*>L?1 zL;sw#LV%44mv*U|KCv!s<;L)NRS!)<*G7+tdvVx%TzMN|?1IY}U*uvxNEQP>FM-0!K+AxY;$unsC13+nqIdz@R^6P6 zcSlyX=B-G~v|&*+y$ zkVbI}pU}$I>>ce-J~%d4aQ7qXt6DqX7wo)&`DI)NOS|K6PdCV}^Tw~L9 z6vhu=e>=`+3&?ychGD?zv`O+*L4&`3wTk@hzpowa^h=ADa4KS;Tk5WM z3LH@;Ratb)@G|cnpHS>MFfUg`|HbRy$H|J0&BouX_Kn-}J zB5FQJp!P;K<=$^Tr4jPLp#6l@*ocxqtfQ?W+N@4W}pU4_vvw^~=O8 z-A!b7idnG_bNY>JoW&~igCBS8>o|Uq0Gd&cF|?U5xgHGzV5^%$JQTrSR#}-2hYQMd zj)hl$Zb^<4nua{wlu{@MM_~-Cf%b-#apgw)c zM9-?Pa6GR%0q*nicjT}b**Rl!c+TSg+8>#i-bb{?wp-N=V=`v&1fCz@0450|HXm?KAr$w7IQtm zO?!hXy0*S$&kWnmckr1D8J{NKb=uer*e0uO{#Y3JW3M;TFAudR$~OrpRs8~xhnEhl zbLBm!NrX&9Pg|}L(tS@&%>m3XO(??|(&vT-vVjk;;5M`1Vtf0kr76x)EuI5fM`Cl} z*%RLTZ?&Qz9D|TC{&()qDKZHOuiu&-Tvw?}EG=OIkgNS*PU6zrWz0*8C5#tx_qGv2 zfJE-i8U+94h(0Ku>7-mD-)SeX73i3Vje;DUc1v9=)wUCe6ul`D`)i_S$Vv&jlMY%| z-W@paA4{ccy%{(TSYiXWU|8p?t&1+LsBrkYjQU?z$mu6OK*Id=uH$D1bBY#9TQ0HL$(7Si5$Dl@lUCe^;ns2uD z=H^P{l~WCmi_v>Z-`ZhtCO}(S_I~HigMZUw7Wf621F+CbaHDut1$)|biQ%9`-GSZ8 zoHx}QJ%;0Dbggqpt8`Pj-brAK-aj#4H6vmrj$GH6bzrFV$Sw1xYOzUK)MKIi+k8*$ zSDHI|T@N{7YOxXKE%EFX$Wtfv;W+!9%Y8xjCFA*em(1Ud0YlrFIjm1uf2F7VXtlF5 z%>V8C$@TCBlT5b-+iHh32kj?fHOdU8cW5fl7@YhB4lbVLl$6&_?ye~oZ`F~_f5or@ z=WIv|Zlg1quq-RPfGb_Gygk?EKqnzz}xFl zE9yxpmaG|OHy&&bOv)BGd=Bm2?cke*`~sFSLHl!%qVl-y^b6-Lq9-Z?zmvDEg1yCA z-Um(jUekWN{(Uo0so_6d1zLW|FUvi)w=8EGp!`FDwXbkvPN^L^>ry33c3 z0}th%ma(gEC5u#4SIdooH#LKH&nbtByD0}yEnb2E>RhnsfR)PVtjQpw)(rNXeEXHT z(`SQA-sH!sxePj0$H{Js0nQ+|SnmjB%3G2((<0<{o6mTL#>%CNNt<2l@A^W%(r6)( zrXIt|5*-yGY~VH#98FA)DNXL)Hms7iEJ(Rd5c{&9ra07Q-pQrBk^`>^hS z`{$Sx_dD)p=q{xDL)^Th38uqfTgT8oJ;gx7Wnxfn2Xk3wiBmSMQKTAflRcFu54Zqs#mW$^P%6k=@h#`Ab@%O=z-G1^k=n)XZ}9;Ux$Re}4;^ zstx*`ma2M6-MqDqMFgxDV_I#M)N;xHGQnp2>x$y zaa#+cq!qIK)p5spyASQ)6T=)h!q1@=T#h;653h%L^ng?%!ss1<>L)rM>emIi*by7z z5d+j^fh?U@=F9v-8IizY&n7hWVqD5JVZRWOe-Eo0+T<|j@dDoKIg&zS$+35ozzlvd zM)VH$LSBPNR<>`HPM;M73ryjDVd;REWM7H_``Op(1!F%#$Lti@J+m<8aF1uwbu;<2 zTlC0_Y%%V81D7S8*KIMLptJhR3~FPqO06f~=(il%oZ(`FT;o~e8^OJ7ZJ~!Xal-p_Yaj*E01_ox#c*YIJ#s=)YAC=!myYX^! zJ|aM!ZRuFQbS1xBCQPRMffhJJs7UrmW?8ni&?YGh_Lo{wA?}rbU=|Ban_TocMXonEUqjvUw7e(P}=!?Ch?AwkBgjl#-ZJd zf)QDTwg;%DWQ_q+-Q6k23@2%-MoY0L)tpcGt1Eu~Qjlt`?q|x(vMwdNgYh9;hdS@T zB)~jocYQaPJM^Dp*dh(^G#|uxgCsLggly^;L*>t4(;$BGE$DqA%4gz&7(SL~Ez5}H zE;$*D!mX6MAcbg}~A`H8Ksz7&FkFW(*E zn=uj*wc0J;X$6X6(GygB8Tpt$1Bn>|d>lsmqDRbYLvP~>ihj16+?qacT)Cv0whN>S ze`T*YLD;ZW#`1Yxn)@$0H9z#gNw|*ke4AVyz>=0_r`m?3jsO!?NsZt%e((!d{;~ic(a236)mG3AxVlzUKzN zgi8@33|VgB4XFo(jJFpOedaGHb#+L@l)l<<*HpZSr9|zDhBmNR=F!S@C{SqsN^8wH z(KD=I!M6uC@IxFDDQOBp%I~>ona}YccUZbOs)Px5FxbX%t?S4jyl|!FwV!Kon)_Qe zN2p6`%dbVHCbl9A=c(+)r1*#_qFnpe|IAsdf@UhVu3N*QxOy!=Es^gnKV&_uYFm>I z>YXpq@H4FUwJNwQ0fQM~s2Qy(>~71+o*Ggb9g?P%_YI?2LQh^st;Pw`h`FcHgkxMx z+WjjT%O54SXZbh`^-{uK_u1T++1KJkH6`lcq?@f&jjdm+fc#46AdNi+Ra8u&J-`>f zKD_|>2fTN|7_w@8WzRH&&%!S^SiBF91Dtc0Ms7!hbW(lBWHnR>tMqXW{&ey;E(K>V zg`9@5zdBmSEy|r6pOgKq{L=jl0Y!>XtC&z7bVaSI%CA{dBJ+t+7mK}0F{g-tyZ<%b z>7+{VCn^}{kY|Pz)TP9{_Xqd?i8^JO;)83 z(`>K?+0cvDk;OFD5X{2dA-eQuF$@;t6zDpKM)1QqP>85w;XRg_VS~BeBha?(UiHway zFi(OGO))AMB&36h$E{NJFCa*$kqn$1XAa)^9ombdWN%h(B2WjjVuKZyezJLD732H+ zC7Iu3`n#?}QPr1#$#jMNff_AEB-gIg*FPVA%0<{H;)~&;J<6?%8-A*3=f38-sd|@k zO^-58+>@V&m5PcJ71fH4vsk~KS>XOa1&wR&_|hklSCZ!)=la6y_tJulVK7Y`mS@uz zaaH;Zdeqx_Sz+I8l>x6D-C0l?Epq0(&yyJ=#hW@FTB674qLX%mx!}G%nC*C(>q$HH zWGKUK-N$FE(Gt_>iDSVEmA!r--S6@}{O`NwyYicX$unBW#&mvq;!|-tiB}Ou5zV9} z)$^L&{2^H9Rm}*-EPm^@P`Ez8yV!V|Wa8s6yeo@*HKP7AeYLC1k>`09p(6u6%cTL7 zN*_u^x83qe$kF~C>t%jolXbVVTvAn%?8r&eRX~9Al+?<(fAhw1=1|@b2f{TBHxG}N zYg#-=N;|(NIw*uRa(b$RBE;<+7dd_zww~{2)m5gY%;FUh{2RRhxy%}u6RvrPRkt8K zx-NB(<_1W&$acY*VB{27-bSH8;fKTJY8@Y>s4sqMaV_6_=#}?uE+nmw^&mYw9pK?{ zgAe3`(i=OjMr#peEcfk}H2W>sdgFngv~2qp)&BbnxBkT33Fzj8k+W;^#0EXA))On6NjJu-`R_%gGE z5>w7gOG-+N@+?{mMBNs?mzVwg{Q!)Uhev11>@xc+(=mh3sQtwiXk9=5SPAVi>miKN z&!5D|U6exR0Y>qsl)Pr8LeKW)%xdk*T<4nPGeyR81oTwLgA zVP(tnY?Fo$FqV~7_7O*lu-Co1LVNY|PJoaLlllFWGKF=#=0FNXzRO+X={r$%Cc5lP$D6IFsoV?gl1!EqwX83L3Z-?hT`Zum6dS2;)*iL|t zL7EhPXy-EPSbv*MMqwx|Jby`J<`{1Wufzt}z~PmWEVEV1>{nM;@I)BQtS^y{3pg7K zu=V4$7n=;h^6^OIYbV7{MG*XId>;l{!M;GhlX2AnjI_1_twmx+_+1CCBAyZ3$tp7^{ zVkNgvXRkACa9?3nr4zw>xL`M*D5wH?#~+Wc23E?wD3BXqlK^JCM& zNhM6;j<}t>H{<1uA^F0p>>m%+ApHDfS4FtU4aCb^Pu-(ksER zJ7IC=*;f*8NHntrP2QTCPL6Ap1M^io{~Uf&yudH2Bj92q*!u9Xe_()=sUEsbUhFOS z^i3=Jy0u#GH>ZA-MonSELzYj6mJHaG9@jGQP|pA)?gty`qw86#Bb}m`DJhFED>gcs zq-^hP2rY!F;XnEVJNBNEO_r4%WKu$CW(xd?~R&XNLhz+hxSU)4@M$q?MMMTvAh!ofMBXR?N{!D>Ze@8}T8A~f0A_F$ehpxX zP@A`PTL8T&n~T5jU?%38c~r+-VNuFrX)(z(s_uL5Q+HHU{-G_4t2B+3;ev4-U!m7a zdF1Cg3%h~-yy!MzzGpvnM203=xVDgAWX|}=jfRY}0SkIJu!+AfG$XpJ8NTUunyCX8 zRTdSoabV<9!1qt{u@d-Lzeeo!AXX!tNjo=7+9}e&usb#MqLLc44!~z&$LD=`Jb#xcmMt|uTmgeQW$ar?rJ=Bjj#nCXAW~63nEHMXEDgr zv;D09ScCug)1dvq)s8%Olz6`k#*-zOa|VLD4e364n48s)hKx&J7)YRhPuod5?3`nz zH2dt7C-)W)yR7Se&!dg8)X4ryT?0M!&ZTO?-_GVQy6@&mBk<{-Otu7HIlI!qDb3+h z_Her(hke1@>2Bx{npm2F%jj3eN}l%CalhsuMKgej+3Linf0*+$OVYkpMDn-P0w|{} z@W82Lz^NpU^NH7;nSH$kNwUe+s=7FrM62f$-w-lF(GxG@$BKf)(X@`>hKAom-lKI& z)HOLFBDBR}19ha@qYl4i7|Rn;Ms+L zGn!ODexbU#${j*ie$Qt~L;&RZV-R)Ao}}S?IkvziRBY3K62i@P8Kmj!?*|xKOhH(e zSN{+vt+vzzX1O^8`b&Hr3Nxpxe4Uuis_Kmr3cDkujhOnJE~0U+cx5mcgGQZH{K}x3 zhNgIgUr50ZS5XvPX4)BIn5)BTx(Q*#Xz9$;FqB?Gcl7+A5@u5FqfG&Dh<_u^VCnv*h9CL=+v175!>k@V0uE*I&Z^A6IGkE%Ii~IT8>zSq@|4NfmF=QP?th%NVkXTf{}EskK$*Dbtzr#AArpo= zPjc(&whNqqwXT0FdH54=8-F#hT#Geo3~xw*a`E}wC++x)>3>^V1( z>=(?hM&qz$n3ir^<|U9pse}JP`h~Ljf%w+zq}WY1H7#=@!fNdi2JXJ8O?o$`84|Jg zKO}p;;kpvPju1rnk&o`bPqeIe76~Z|T9jJQ^?>nyKIzQkEH2M{{1`|AU*{h$;)JOm z&qZB(b6gKdI>?D2?mM4&&9D6O#8LZ-l5TkS<;AxD>2f!M-BmlGtJZ1Lft$+72%lw9 z;tc6yBBJwp1rPNs+{NefPuCig%m=~~_p~U@JF?Z@W8!De*$IfJwykb;g5Dn$^jfZ5 z=g$L51>ate&f+G3bATKm{;j9jLvIX|!hdy{g|tnx50F6=w!s>W8o!yg1(wk#H9o#} zZ2+X9He3xwMf#O5{PXVo-!*OmUy7b3lPOn4t|R~JGG6o1qDomj2M$PmrUe~N?az0`Bke^HjE7V7U5 z8sC`~xoSN>mdO`d>>9c0#{5v=g7e>S2|P%h-zVA|A?HGZ3bm{ceVqL>0AS&swO7n~ zaux4p$x$);b25?e!?@p`Z&yN>W;6snOZ?HlM&@6`$_c$plMYWH0$v$*>kWYc*j(?%b3sn-l&K24uByX2IhL2{V~VkD*#uqS?KnQkwi z2JwkjnN{8X9D78r_pWhcK=OT6VZ^%i7_o&N4QlVkuJv!(C!M}z5`2R|2d@xz1Y2nE z*Q*}wu1A!M>H#mQde(7C6CwY#X6cW3Ar_kO%sW={BLk7Y)X)tqsBO*ZN?yp+5Q*aH(`-MMlB~XLG~BZ*vhLN-3aKt00G&32 zt{z{bD^eQ%J>@=r@!5W$-W!=4a2VU`lbBbTt?8maxl{@QpIY&eP&cX%gEB zpwrho-TuaP4!91=za|t%w7a?0=>rvZUtU4(o>X+6?j8K$9-u!;5GRZ&I+}3P=s%1_#Fp)Zu9f^>Ly(W>(*AV zOnf(vkdY1KX(vFA<|Cg;pJQ~)Yde%VEjnj{^kIKYpF7!cvBX5SUF83ok|Cty*J+fdj8X<3XF>myJ zu9bGOf|I4!W~j}%$g}#P^PYwa^Mv@>{=m604L-Ct+WT?%aP`1Qjk;$PQ=~-iAg7)F z*)k*Ar!EGQDB6zz^B53l%h)YjVNX*-#>_%?I*J}c+L^c#IA&`9HrbVP)m zcD$CoDuWK1uKItx&gahpFG4Eci@hPt5g?{Z%pvOJsN;T?8zmequA{#=CWswQ-TAw4 z9b6WDrdQL+K>dQi66^f>-u~oM|)YEe$BZ zY-3wg7*!=3b-<-Z-mOM=D`#x-r!Lnz_c}Kp!5cSXe)-iph-6^fI;?hH>L_l~X9?O9 zTp9|5hq^!+_RT{*>zA^zf{kE8kUNB^53`ZNF*Rz{2jUb7yl15D%^u+d zsBo-r7eQ{0+y)q-J>Kw{`A+LkY7SPC7aX_n*kbh@C;k&kc;5W7;7^+$e=pl#W6lnhy_a=7 zrid8*+oaCIjlw+7TVFS*}E>?AU=Oed~skG|{e3VVLbWF|kcg2Ex}8zZsy2y4zxn|!A7h0;!JDyz-)<|Ds% zwc+#)Q&VlP7A0McD;Fp~dv#r$EVoVyPFm*9S8a4LEPcP$6458nHKc=^=#*s&K6{0)eDvU&asEi6(yflN~jftd%Jncr9&U@)C?#fd zxTS0BQeS(rayQT7?l)@OZ#A`|Dj3>!I214-G8=Aov;9T|jI)_fHRlu38)qm;P~q0x zcs+9(CiZmcqxtewVtPrhH};zTucHARW-_gLgD@zTL?#cS>C6DnN`?I-$ za5}`91hCf(&&~#jaU3wV!%v@q@P#GC{zs#|yh@~&KV{`tqGFkP8M`fOU=TKT7g>mRZ-+ zmjsW?+T<}W;xQqjTUDZ}cvqM!4;L32+He|!ojRg4Ajb=VYy}F&YH7o&LHEo{RxlU8 zVlon|cGWlOeDE`Rwc0CHlFcNO*R~+IA0seq%}m~zJR8G5%pRKd-FA}qZ;T+Fc(c0% zZH~0D@(s_^zK5H&@ZBuO3~UA)-A`v(eU_h%epwV*AAhDc9*9&ru;e|pazBw*E3qV{ zjc9=p9TsALFdODKttBa8BoocOzl~Ub`iQdarlUuz>+k%oA{(go-QJz1^y(Z2l(2M) z)`)hMMA=$i6Z@RyH|Y5=flQ+X-@LWtfgW0Zi=GqEY)1K^Q;Q(!(rKdcr`LRdCISEQ z?f5oyc$GG6^ImN}9Uj2U5wa~A!7!H9cmYFc9I01-+VjyU$|>xa4Z@?ruzw~c!(qfS z%wS-i&-cw*@^5exd{@gOlRA6S|J|M2axLAx zRY>^#k)#r`q_FaS5nX6E-=WSOioVhREBjIPkpC5NOwOKEJ;#SA$){vUvN}Ss#zD(} zBAwx4xl()Q#0QO=(0M#$)>8(OC-1CNBK=6nW40#v4fh8Y@pbG=o>wh1M_y=se^AoW z!&TEj`rZULXw>CCH{L(8ua;af6_$WXss2_*wnr*(Bj%BE2tlDAU{JO?lNd62(XFm$B{FBs z5I_}P=@D+;ac*hZiT|D{J@C&}6bLZrxGb)6`2wl~3DI77N%{&_&*=cKaA~WLhymtL z#>D4k)4H~m+?oi)bns=g(f{Ni4Ma3I1(j%g%A48qbqCe zFZ}-!Sw+Yjx48ykRqjssB>XmVBmQ<#cr@O6hBJ?fezMiaJA&A(;W?km_)O?>m<;^n z%;-aTsF^6&q#a8tpP+83n<)oa2`%gpxSjd3VPCnWG2+~V)W5PDZ*2Ihv4tMyb;bXo z;4c0u;Un2LLbi=T(${9ilwNmTj8DrXi*wmdXK2CsMa#B05{eEF*RfYvlzWxEj|47? zY1x$jL1|fzzqmDd4LdZSt{`iA9uF5k2mJ#!6J;LuJLEH`r>ECC9KUT|--V^LSa)wd z$T=994$d=cQvy@q^D?O&$reUD}D41L7)=&6Fp(LE$)cz_uyB%Z+g6?LBPP#dpe^oYjX(X{=5gH$ z5nKldT;r@(2i4VF`Vg)j=i@?Q?DkjQ|G8PBQ-0msFg=lnLBGL{e=~>h`Mxl)Y5&sh zgYN*?)+wT1`_3Fho6!yKPDdGh%Qbo@#tTVllcD(MFem$_T;DDnNut$%Fn6@*e4C#J z&L^rzY}CYNeTu4|C8_q55+09y`iy*Nj);b(}sh??iw#fVtaccnyZI4|6qwkO(1 zKmCu`+2+@=BdVS1M1X6vFD#!Dyr=kY;`?LNUolj;CDtH^R=4hF_!eUj{08vzS53|L zJ)-SDb9GW)NHj0xQ#*T|a3~29+dAEV zk&QPE@7~U(GM=3Ti*Gv#PEcpNaC`bDpaoNadQ@2iT`W4qio#HR}?+hx(Ee|GJ3 zgdO#q27N7hF7Z!z48?!uXZ|lQcou)UZ^yTihCv(eQ+(dR!9xq|cIFuR77SGa*-8_$ zn}#QKiiSC$=SUNvLSLLw!dQY{zf}FXM$ngdv08Y)#9+G?7$~&_4n7fu?ab3_YD0H_ zG+DIj&_7apt-WQ2DK`uA`D?>g+8U2s#J=x#_d5Df$1b|nec}MKYR!IuhQwZf0b}EDe`M= zvOUpZvK_6AmN}5OIJuf-GZUjz&)TsSHTys@0FqI=)|Avly!9(xZcrT8Oz=gh@We6y z&t44L)(wU;&TpP=-ODxISjC@*EuV(Q{DP=#GVr?3)Zk`w>#H~sO_={JlTUT{&9)g2 zWja3J|DS>{C5(}xMT)@-E>YsiE#E=Ck&F3OOjeNtYdj0I@0$ngZ(l$R(lTupzd6$y%*A>=w9N%@;{GH2{O%_< zUV!Fvhm`Jw%^z64rT5~V#qZG5*uuKY455EI1H38KCoe11tW%T|pw(X2TdpLH|30S5 zD@<^X4trFl*OP956+it*!d8`BHsAFz5tbt7~q|6C)^iGtHie_hL$l+zbuinWREG8cqFQC!oo zx6DRB`QL&Ek14PChAIM;zaAWY`JwZpthvx*WcUB~=c&HM?3E?*-$_*iK^iU_au zg_Ohw<%Al}37Hriy9Xn$2O~c2d+C0A4Rxhg0{uUx&H}0pplR2|-Q7xqySoMV;ts{7 zNO3O^+>1Mu6qiDgQlwDa-3k;a?oy;kfRNnu`~UCWdvXpZhb+rxGrK!G^FEV=kA+nc zTc%dg?*RCEwB5EV|JAKF8{ap1Jv=qf1AqUJ{{BWa$T^=hJ6qL?w+%A-qq^a*8a-8Z z(ZMI4A?LjOiaFii1u&&)N*g2>&uF3fdGt|mi#yJLMe^I@U?>#%_~ax*1gg`|O?Bh_ zw0ypa^f)pCrZsZP`jOi6F62eltm_sm&bm`K{5u?tZEGa~x&vd?Qx>`>Sc9WykwY0K-|C4AlSe{;xQFGeM3cu?wW9^L- z`%?K$y|g#N0`V2q)U-fbf_{`pH2?!1t(Ps%15>D>eHYw6 zd(3-D88rQ%?U3+K;`#+-0ssC?L|<;)0J29}~I*Rc)beY|eoy?`FA3zkiUaqb^%j_Z;( z?=d>COh@mcqC<%(y%Nu8M~^GKAco;+=fIb^uP{C)U50#pnPaG3fvk+X!9Mu^BQxo{ zPz)(TEX1LN_CI5cB=YpCiCLqseYJQ{>g)NGBvMr}aIVeJf9^pKk~MjRBvB8HfC;f= zVCcl_@J|CA_dPH0{(z`6;PwAB%D}nB6^5z$sg?nNQB+x4D_h_M>}^;L)-V_KP-oDw zb7jG?d-r>L%ra`hlPfJN6SkqW{EpT$wNo3W0JD*O#FEOV4^4KHeS4>^#-x*h@H*&^ z`w$lrt7YI~@fVPDBO%e9?-QfR8+T9y8}hp}DOJW6A;Sp0;2rO$OcPJUWCBIPnKIM( zZ)WN)M&%G~*UmlEaoc)+!~CC~_H99_^pXXY#NR)g$#QFmArEjh4EjX*!s0}Yi0m?m z`x$6v{<`Ym30}&F|I+N(O5hNG77bD{)q1k0L+~>C2wo=J7lC2CEP@-z?2S{6r?V*` zz!^*Pc$5AYHjyvo$&M_Zj{z|+!#cJO0ATJ?6U&u+cw#RTV z5?6{^ZIhRKowbID*|j4A9C2&(gz>aE1#T^pmV{N+a*Bi%zi{0_FKFCB`8>=v5XdG% zRNQ0Lbr+ywj-#a=YXTN@tqgh0q}LXgR5{y?S$)NZ@daAKFTIi^F?_vHMVAwK_Sv(* z>%!nacM<*F$p_x?%pXI8-L`s7I|!Di;S~IQ@+V98&XI8$u^8UKzr$jZ5zy0l>hnq3 z58*i2i``uy!|?w|nb#Z6JfD2viTh~wAkfjk@`@G@)bf20@-H2-2TdF>bt+`;8}7vU zX`<3q@&lFnK#9;xK-Sb-VTq6}fc40ghtT#-?xjw@=rriPUHB*#sAkgZA#;a8hu|e( z?^;wTWiIm++^ZPa4&yKId`4V!*#Oyv+tPX59gbrzt`G`9K4=viVk4-_XI7P#wNmxyo$TzTj9 z%UDR0g6P6z^LBwcvC<594x2@=c)Y_N#a>D;rh7JhhI3qlP#%yTfW&M6nqp5OQcbt) zhSYg9eqzG{Mo7a0vVc(<<94a!69*yqF4>ZdZWW6TC>q&+A`#88iP>xln#1id=9lX* z9jMWcS3^iPn-!AB`n&Yl57eH3=xwW^S|w|K%gN2CHuESx2a9>r{Gr{Z0vgZ#8HZ= zbcwWfLht3J12qQjPL)~Iqw>`SgT7I(2c9&)32tmd|E8>H9vZm7#ZUjWobRhmoJXGK zY*}7n;I3ej=)@^R`-(&X;mF{<8hA*R`nRTdk6)?B$&!RrOTBieJ*8JtuXQ9%5#X^8P>GiFJU)5EeV5xL=SdUE9#Sl#lq(p(}t zyw`6+B;aUu;_wQnazBz8aj^WW`PBKWzu=}E#3eLJnmG8Eid#9DEnsJ1U%R(p0&K96 z78afpT}&8%Q&zrz&FX0qi5aSWNv3yh(?kSHzt~xL;I*E5;N2Jf|Nbp;vj#Ht$GzpY zz^^MNGV^ajx($xCMTI6AP;X+AFg5J(LXi@P7>PXci{?})!8vIA@`h$8?j@Dwv82TF zv@)0SxD_V+A&6nZNWLdT#Mh_>Tsa^2nvZ^>9OSkZAWt28{BxrsM5sXYnaB#sRSTrf z`pbOKpu7{(BGp^C04|kh$83{T!@_2SQEo%4OnSM861O=KqfEsd?_j88*c_^IK;9^V zlai^+wWF!4ds1GFU>*X8klopha1k9&gA{ev2xF}NTMJ;CjGyd*M~0i^@&H;@t%Kdq zt)mw?5D!!qgR_%+YBbqGuuTxVN~HIf_?l6~Q1in@4}nTCdW7x~8N{^8Q2zc0?WS<^ zM6vOsj>HsYF5Q%>Q$x;0~HV&}kC(Zx2WzoN1C`TgLUcT)+ z3^axE#E2P24-hFwd^Ev3AJfpG59gGPjbe zMEiZinag?lUGau}e!zyz7EM$k@~AG#=;!Cb*M;$|95CH*Z28Z&f77dPSG57EcHD1y ziCa)lv7C9)A^S=X0-=EkJ3XCM<|1w@Tt9yNh{a(DhxBGX8%r>HuQ$|;Dp0T zt=x208)v)E7_SX8)-H>>V<-8+Kb^)p$f`UxKyX;cO-4ogy60praZ&8NaTRb#c96uf z_btL`6ga%%OK+wSM+Mj-OqYE1ko!ObEoFlKQZF$j{98P$ozTDdh6SvWI!-gAy8|Kd z$mHaWBK$qVh-mlalztf)R|}eQ#!S^mq+vfVa8=wRy-)bcLVqSYlq)!3MF`%})5^n4oqOgB z2cv@-^MLyv3eQ%dfUz&FFOUBy-LBF}aN{|;#cs3hqBsQ!IgoKH`}kZemv4R>tSHuN-+08Une#V?Ztbl zf1V);!|DE2K@~3Gh_6yg0OzsvT@I}F;^mWeJr}|*Qb)2Fh+M;nVx~(i7StmoSmUY(x6#{ z%SM3MyIF10*!Y|02m5sehiKVK<#w5KdrXs+d>uW>O1W~klbgpL2*kW$NvN47#-=XK zjeo(WK~%-w4mWr$2oL&pF z5)R47ip%rqV>4GwnmZvwB88V5J`BI^_ z&xsW!WMV>c;+H-Z)^XzUEWLaiC8-gEg1b_VeA6T5o)RYLy=$9LK)*t)tI4~11LIs* z5UJ?c{p12;_pY&yfwNVDu(h%v4GfpJ4i8fg>dK%K#R?DafrZghexXXx<{a^`hE9YG zihQ2!TpD5=1`|L&e*B0aQQQ%AIa+0!-gMnOxqd!>bD^w69)a8R0O0PXXNTE+Q?EkT z+0;wJ2kxxRqD-RhA-t?BWd{8CgeD?wtbXEY4R5h$3qdnRaJ^;txU(umfvkew*%eF^ z{^ht_2{Ul>BY_``&KIPmYgf)u-Py)&F0b*f6~3>)(Z2JCToUQ&nbieuRq2JidP#!g zC5k(Qq2JN9!c*DTQGJ2Ls^&kft9bIq*4;Am>8!tSp*{^R>AgUG*XrLA7j_`S zP-Eg&ULq@60@qyV-ud`jS`RuBjEKMx@{WL*I=IYEaE=p zvDXP>xEd8Vjl@^dq2FO@UUGx`)&kwH5Oenm1;NYyQ`ao-^Hw<4>X&}P<=+;59q^3s zfbZ$(g#;xWTRk?l%Lsa<+5ckX&2J@p??GC6ugX;roqObob=4Hz%(Ao7 zDg8BovH$236*kmLR73~mgq5GD*Z(rx3s7t@CHBKs3fwOAa{G?l`K+m;K_Oyu^#e9? z$j7l*Y&#%BNIh?F)%Gwbgypq-9-fVOQffzCXwLX>vvN+UAWjpM@htZRlx2ElusH23 z$jd8z@#jx_cD=P<_)ZyZI8D*`;T*VH)}}G;xAiz!Hr#&!_L@k1KoRapa?enQM7IJ z5C}J%z(=1KvNy1_MM7Ofi*5|6dfGSNeEiOp2h^UR#SWP!Ho#AbF(t9_0u9i0Dt;fx zm{#Wss;^PjPU3oll@+8QyXLA@RdUla!&29`jB4xDgK5R9ge@O0m*zZ0_p!ON0!JhN zsT^JKSa~VS)}Ibv$Jssi`?vu6a34ie7g5SLCXwu)2hqR$jgnOq-dFh!9GhB2g`NE5 z#jF1aIn{&aZuO?GCfe3;u#5OMF>t#GpU~anMQzEH@jWkJq+XPN zx*e`G|1b#E62o(yz$wQKtgfxgT3Yf)0Os=e{Rh$q_~)o0654GZzgVQ7SMvFQR_YV# z2(Xm+iIMzhd~Z;$+K>>Noa*aus5@7x+0!LafT)nFp<#B`3*bX_X8rv40JjluXIjO` zi*G9oxg{{YcLaYOwrMm^LEsXOMeSEh zVg7N@++HXDA;VAh^Q!S00?t%F_`h1F$HdCR2f+gvkF;v@lgu$j&b|7o*SX)ZX(5rpj6QGas*^sMIFrK$T>VR@ z-gwVNCSXK^8eyNkCfu9m1}9~qEFHyy>Jope*`P65X8d(5ZAn4*oMo%EUl#M7%__ z1PzZ#PibrjVJc>%qOt57KJ63x9oh$Oj{8yu`?FwNqX6C>?qH5ldO+9f@>XU02afbp5J12ta+LqAo%(UfhlAu$xY<0hGEes-SS3f9BAe{_ZCeOENsjG&QBTl}kVM{q|3 zoj&AT&m&I;o@G7ddStSkEd)Yaw)OOlxOyHJTz;+2vPkC*1wym7o82_Zip1Y@v3TE& zf{i?u{m+M!hsn%o<|d@_`M(>n;5N+qfBR%rHABfvqTK66!}IY^F<-jvwBxhQ_m^uM zi@$i+3OXHVwe%0pI@1}IM-N_`-z;2bI%91m1TLiz_XHyNiOjv~;|2S}6!eE*Gw!|4 z1K+&Yy++1Xf1cVO3vxE@b?9hGIF}gMlJBH^T-(1=((dEW=lz>n%<53#5G;SyN+;NJ*vv8io2J zP^GM@Tp7lgm>BO9c2>66Jf`1qwWjn;+x&kN`P`W{zk4DNa=8-BgP2w9zxTw%eMl9= z3R=fOfySOOc$~Z%l4PVB`Gh7k*hc6abM|C@(;E`|I9TC~rciOW(wWkC-6IltJ|#4< zO)|tTPYWN6TL4p?i6>J8u05p2k2WTc13&OBwnNL_8qcfkCjuNiR;lv-DPI0JM6ctI zh)Y(|g~$Hzi(iBHy;9Tt&yI+s%<-Z5N6=w~3uq3WF+=km*D)TcI~s>v%9-hKeo~x2 zXM{tI1bwf}YDP+Sl9>2shO{E2jxUAJBz1}GDf}?rhQUrbp|_@ddLZuQbT7e_J(a{7 zL}Cy2)#3<)Km0p{*U}eV*yi|BkcN8iV&)_F!id3G`FEF~88n~$(_C<+M#i@(wr1Lt zwp8eijcMmswXnc@?}z(Bay4_Ow)Mvq^k0pguTL#o+;gGML-=BpPkTP1K!7OR;p2Lz z@8|VEdi-b`AbM{D8++DcEir=MFjG&$DgV}~QEbv_{^jv5v^m)PD|8P=cD)(Eldg3( z1u1(n9{;WVu3zAUr{ivfV4{F-DkGH&v~J!=IFY&h$1Pp5c%AKs$@Cg_)i#~Bdq(~H zRR?z3H27^Ht8o42HWe92X58M=$npfq+tZ)GKvgpxdcvgEh?EuOE$aI{y*R&KAQ>q^ zuJfNQU(GLU4LK(T)D!e`MIqivY@@ur^E>KP{I>0rMdApAy7-mvM!nfLWtqRfc*pNP zuI)u&&}Ud}`X;pmv`%O@z=h|R`sLa!yRUzGoVY0?x4+cdzdc=^xCO#vxXf;tRFO8n z)F}Pw+I9bhIkFG8xPQ}e-r8ASUr)DvF(!R4!)7kxk$DkzA9u2{-tChcvfI;;S#RDp z9)-{~Ex)<%nO|Mv2-vuN|1cc@GY-rftNrGRP@+DTxWz?Xf9Zs=C4u|LHldDK&t4)m zFak)^G)H$`Cpj1|uE@C<*B@gKg>nd_#SCR>7dlNl-gMddz0InsnZ5(j_L4)?E%Slt zGrTfIJ@9-eLtG4Vk&(^p!zT?o<@mEY@FoXJHAR>zsWA2saY{v{^609+;Q6HV6oh|g z#UYc-=RLy7-n4gsklcn)l2pVel(G!AL(v#4VCXKM&t>s}L?>3?*L}4WPGw^!*wJ){xo4fQoMBo8jdp23$*Iucf)0UW%b@8zo1tt^fDsblTgHFtxsx? zj%D-5`}`swsNzFzQfm6h(nVS-{D!Dw=PZB4waNHoZdjjB@-jKUZ2N6pdPN~kIrUdU zs~^^pQjKory_`KfW-(!3PoDExOw0EF5hW%Ki7&Q1}#SK+9W~B^Fm?8saa*se;@cm!ErK=1=M~hlRxYL z&9!8xN5Iwl4Phwt%2nTt1EcXdc(T6Cif*Z0IlvS}{Cdf}D9eOJb(@zfy!holr}TV} ztBdOgt=_2))s1YgQT)PrzI%-bQN^|M{52{JK+3JFDdasTM2VdL!<5xr>BUXo@?C z%g9WUE__xPsR}S;(Vmqjh#e_j&CSp>5_08i`6^%7HMZ+HaUyLBGh)u{9ow|aqFP+w zN7I=5xw4a}34oEKL(4ekh3sWiu81@3T1_}+l3(n-(d43ehuL2FZavh8O2hgsKiaNj~^uqo?KTy8F=6I8m{r3(7S z@MXa6X>Gfag|e;xE2r<@0(Qa)%KdNO?$6_4(5)@c|Ezz48Rn8ZFPyqI4w9#c*cRgf zLeRw-n-I{acAkXZ!H0%ScE->4qWF~gNGgmCW-Z(V_?i;JR-k_Sj=y75-UCseE9yIq zH+%p&ULsriu3qQ~a~+uslg<%YPirMVTB-4j60Yo2DvQ)qQ{- zKw)8W=O_OB#xt?~of@T;xQGPFRUseq@c8j2SGMO-c>S>13Q=QK4XG%}m%;s_ zzc??RGkW)Ha~J8hR1J+~Rose@-5nrTh=L5EbzQ5{NHuTL40?`z?R|RjXE1q0!Z}Kz zk>H(uu#F`kN6MISo%ds&pP8u=_2`HI0?FoTkd-+nvwng7ICJr3oav5eGwq4i1uVQA zUbypf2UmC)r1k~3I}4sh=)(rP($X1=ftooa@7)vJWbKWi(}qRLjsSIuYB&iK7Ql0H zI}xIXJ*og6kilsOBAvs)7k5g3WLax5fMFkdYL!`n#4JwG1|(k3tNk!9Y(2(M(Fupn4-Ynz}s;cYf5<#dO;y_wcv zVjO~x6~^+FL$NzfY$=Y)E^@)I$#PLkPv)NNt>gkDpOkQXyTTDLTial;Ny~2q$@d0r zuEZY(y}JIf$(t=d$@Dq4?2pPlcT`!u$#kA!YRFPf8EZ<~ChrDYl4xp%3cq;+?tV&t z^UmrxamTy4;G)BMUV?^I7QvC9H>%)RUI>6C}2BaaA8`^&kt%hNoePqEcPhtO~iWNW6DCFTrG` zc9RDFFQ3yeIjI}lwpXanoG7(iH_+p3B(?hwl%h}C6!MCfF2}?ayiZ%t^}<_uESnYY z&Ndi*tOPY)g3i>qnE#~t%)F0T551>%prDQW?b*r`9KwIMQS{*%d(BtvnyLz1`p)jR z?^2T`bon#gK0RoMol4rV1^OqYb4!f2asqtO^_SrK5==jLFMPT*hIaUo69J)Ri!27g z3N3j-?e|DR#_wJI%34FtN>t-^>{7Wi{7xJ9LI#w7wK#ljga;GJq}mRXZJ*K{Q>iYr zI@fkr=Gz{WTd+hv?0%LxXC@Jna6pZ?N&vo2)y1agRf}D>&Y+qz;>mHOvbZt?=hFf# zAEFU?x^`q9WEWiK6cBS+maITae^z`QQ(nSorE5!tL!=fQk!vCu<>x|6MvxbYo=T|u z=p^<4357RY*2apJGJ@jrT@%1h3GMMmN@Aae_vv+ap-v%LgsQPddBh3KSdI+M$JFnf z^FK|%5h)t1J<1#l7^iv>d{n8OAz}|5@frEXcAE5lQPq5$+{3*30uN`|VJM~84yRrQ zDSr41zS5O{MP+8A&Xn{2#uQfx-}*YcKPIk)g{;6BwWhGy;z!kwpMGa8B_$r}dvZA+ z!bRuUGgLj9`RjU1QR6KGsYBPBsPKkjmc5koL~Wz+U#3CJVe*fh9EyQ#L&C;3E_Pz| z;;n*6DI5mDRQ8<&$lb{3)h}`hEQ`1uwFH&`*9ZEkdQ~d{TVig*5sa+UG>qV0wUIS* z313t035$?*Mbns2yaw3Pv!3A_4)|S8j6iLzCd_4<>0$jt(jJbeH2cDdYxxW2#I5k} zk2`4B9z7wb8um)$)+{!bJE7{^6pbKALp|oZ;HP{+duiIpi^qod_F_fR;BI?><2~8f z9-<@~_MMuW%UPQKVQMBx<%iyciI3il_zFQ61TV8L;0vbS!^y!9J2UjT&Y9a%QFdve z`h;gZ{kOvV*Yw6kJm9WvqT^m9`ooukFW(JwNxqBT9`v-&a!66&oX{4itW~Y;;G#0N zvny+{HL~&spj_4Y0b~Qu^n852LLn-^Tx>DDLwac|7@{W4xFT(!zL_2e2(l}EeWe|u zJp6$!EfDOT_U%!vklQErc_OI^ft9X{IzgfwkOmnJdQVhY*>` z+v9yiDa>4E>}bZTS9$ks|8(K~(KXlk+90X4i46g+gH&zDWE+`|s_nz>aA~~b^@#f@ zCY6R1z=mT^Q?!Tz&cRsQm#2b%aZJ~F=81y5B@N1}@qX-IOc#BUO^&UC`Y$?;EK2T~ zdyVT!X&rNj)R4M^Kei}6Umx{<-D|IPL8GuyS_v6$huE(((yYllcV9IdOrL%&c6>}N zl2VLjj}eOy?bE13QaXNn(yO;^%aw$fwonWSfH(lJTi(^1Z6RuZeEl;Y`2F^=pEbmd zK3izc#(^IN|J|HFW6Edn``KY)v6WJkr2G!9@0jnAt~>qh@;v}Fk>6J&%q z>XHO$?NU(bkzl=ne{94MNy)p4vQG2Xt;_V36#ROy=L$$tXvkAO5dDMpVkMrMdFk=n z_XJvnJpJ>>CW(H&ezzy=qeah76y4ZIEN<+W#PXqv#5_i8F;s~$E1P^c;LUOzzuew! z>h1fTwWbRtrIR>bR>Ya# znsJRAOH_lHqOVB6B-!px<`q9JnEzs9#x2E7?7$Zi#{g$w*%h?)xo{Fu5ux>wKos zdB0)8Dz}FR^!nwQxjaIX`rs;YIIwIn@b2dNrw#E>LOSJy-PgyezZnYLk{#^HvMIob zT5K7dn-BP9Tz=nBRn*8A){pSARZ3~~>FSS_OMMHkSo#AL>p1@{^u?i3FST25O$CW{%sL?0B z2)9CIWn5FkT=j}{T*8GS@3GHXbUe@WJ8{~@*ThMFnH! zUHS@C5L*Wt=b?VM`-JC4cCkv?4e%hka4rM(*C1Io#CCx!BI7REhe*j43O zMoY7ss*%fl{8mwI-UD3FDVNnQbew9Us{_86V~es<#MmR;`U<}yIZK7>{6^xDPojA5 z!fh|BMp!>qV=TzjkyeE6kMo~Mt^s;16=BqfunKMPDg_kQ;_0V?fA*)pn{s%=u zq&vTW0K`6fe9nARGN3; z@_xnkKT}WglD%yrJgGR&-_WrDoF9|RZlX;RU;SX19>BnSoBDH$O3=R4*0g?S>#{1# zXtV%-Qb?0lusYK$+^eTe4VUWlNZ33) z?!?S|!R6#0j9_o&>iF^F4Rs;)9B^m2$O{Q@7MLjNoBy0TsU>PF(-lkvXH)mE?ghHY zhsK_V>u+&c7gpm^G=1>BWjh!!yzh_Dj$>-Ltl&Vj&E|+3*!N=&?gZ-26Xp2juLb66G3i|ZZuOMQY_c> z<=&%;QhamDHuF&4#AdHnBJsc3*Ly=#9`{ezSUPM-Rd7VL+`}QI|IU_HfyuP!)M^MV z?aG@L-n`(Mo<lp8Iwgi zd@HbAc#;ixm!#)JBT<$jGLh-eA4ev{Us$=L#7OLo_)E=PhJle#~cl& zypt@ac|vWDQuiLD)0s_Wo)}DuMTv#HY*Grj)ax=KOc=zuBtL%9(P3TeN7)|_+R1oP zM@W8bzJ-Pge&Sg&FdlFo)vwO1bP>C=vO+H>l3e2TU*S1-48famgMYm>wVb$---o-s z|21$)rQk7lSAYW3~T6+MOpWW3VZuiya!7F)UoJD2iJ*BhQYM~*9<4+~#!$r1gBHWHCg*xVl z?~>vBAi)QP=S!$`n;HSYYaL4E-^dy$ruUlZ!-ei$;u=)rV)H@KG)nmJRp+IUzCvY9X`Su|H9!x| zOG-{mUT)KTJ0_c$N|HD7u`|qL-)v01Me%8lk1qxihW1zQTIjbsnk!OvaO=}ExP%ow4$bdCy z-s-+>k8MdHpWi@j{R$i5F_D-6yyRP{*OX&<8$B$Dcfnpv8`hg=%kqh}&x+hBIfQ4= z3SzNJ8b=RITKHFgACdCkN3P~mReqvJi#`P|!#`oQffgNA@h~pq)?CR?GO`vYasL zS}j{ue+HL?D&O*iYoVPU&#_eK{*HkYuESzrN3hhVjw=&m z&F+}})5d>Wwb*tdYcPQn+l6a@Ya(t#Xq4%7Uws#o)woyWAGp(nSd_kv!;sESzpY;A)H&`Eow`YwM*`wy<*&djI2*i=N zuDz;Kg&baCKNyrCH9JcdqdJ2;i*up8cYeH5bV2`E=OHrnda5$X%LK3_Cl?qJe%jN1 zxBOB3`=^-Pmf25DHoKX_&t1>I+b-GVe`9EyWf7((2Zad==C$?1)vL~axQ(-AXWo4R z>tI5o;HB^q!DuMf!)cj(1d0-qW->4j@2w^eI?g9~NtjUABPAz)hWusl%;9Fymm%oD zTI_i`wT4J*@oFl$Fzw5rjqJ_DsI9ik=f3g?(52N)&k-m?FoT(y900sFa9lAj+x*t_E7qpa z6K{+fgMF!hwkY(+qQ?grR^+bGUw<{#U(VFl_2|?r0!>NG!kkr*=}rcSLFai6_E7fM z>Z6fPt_9&;^v6!npxtKU0tM>|SVxNZj_n4{Pp}t7`o^wNWP(o#r6u+8d!>`l`nR_d zKc1d>%P4O?ZZERj;3l&yo!8dDpfl`nw#h^E!J7?mlD4aItW30?s_T8)C! zdej7lAtbvVlfV_KXnDWVikJQTf(KTHCMQ)Uf3&)9Bl>6K3iCiro|ulwzyv{CXu_4s zJo6s!dqu<9+BhA@L5O}#MOeI7z;!(VX)Hf18n*jx5wyjI_Xj6iLaB$CC-OK^L#+1) z&knIDPhZlN^jgbOTne?sAI!(w_N*;*Si)%}!sxSq+a|aHK+WxV51j18yV{QNiy&Jl zGa*0x6=nkSiRHh~EY5`Cz=|JUn~CSKm;7K%{+S=1_&^b?F$wgEQ!QmY0Hf|a3&Hou zXmB_orb!_|80QaLmMtE|#_BKl>I5?dha^X;>RYN71DVZ*OAje;A{69VF9V7(VVsXT za~`E|?&KGJYM_cqtOtGD^mdE}dz=UJ$XzJuuJ(yy;1Fb2iU?snz-g?Cbb^``TuqPz80TM?vjd#Jz({xwvC?GUe(t{DXDpmXrPycbeJWg<#7%s8M77SvW8?Ia{m%t0}TSARQn zf=71qISmzth1V4cpIvatFFT8zgUiFBp&zbP=^6+j4X+`eAVh`n&sc@CH^xnTNrafds<%dLscs2#lQnADERH!+hwvJGA}a5PR+!w zLaFh8@4qW{(qgZ^9v>+>Xt~vIxE?0W&}dT4UHW7tHxFQ!Mh4juL0L&p^2@9<*Q-k5 z;!FV0NsP8>dTNN9;x758J6UdtMdJ&P4a4jo^bxpA=8d zU}pCey}A(lXn~np;Ukj8U?Z-kaUJYnX?6Nkv^K5?P=sbHDxA3$5S1lm_)Wr~4@5fo^Zvg_JI=A+!B9<(WQgW%MYuK3lTe{CrzEQk9A&fT76EH z@t`~R>}^A-wI9lP2gfYLP57hyQJaZ(aE=3b|1c&Q@u zJQyDd3NUix-88-Ws*9%PFpj3*F@YWQQODlsFvX}w`Rf7st|_S1!AMtB*cLsM;+c1kVBdChlM*zqXU2!} zfCS=)b=Uue6KmVj{NF9>-)h7dS<3@)z4=RUr*X7L-Na3WD-i$-VZ+;AesQjCp7bm7 z0n^Q6S+V9vl*e=)bm*bQRn)$WbE@i-dcPlsiz^3Bjjy5!i8H(O5CBs^UZfnW^YHkh z4phpTty?@{UZp*6U?NbZ*`qE<5rbwUPOj8LWUY3UAoluA0bxfS#$Sg&de!~r<3>yL z{!9v#KFlKFG%&PKNREHa&R(o&Y357)bbLF*9qhb-;xLlaNpy>NnJ)F~rKR=3)u7*7 zGmqvd5SE`24!LSC($V5k5Z#G$-m^=Szkv&AC0wm(fD^R@1Sb~fE2y+p%;LlY-($R$n8>|PCe}+#95~oXeh&#B;OARGF zKpZzo4_1>P_GL&3+25W#cv$-(d@&RiYpbaWjuEQ&Hvnm@ z9^_}8)ZWbt5>$4>c|{~zr7B#3gGBiY7tE@9$f#$MxAmP`L?tw9MW4UB+1N~iP!$b7 zTgTJjc)_Ye0Do#t6Kw70>=JpcnZGMXhB$P!<|pz>1D{Q6?Gur|Th(gS0$uG`;(ds_ zk{&b3Vdc?=bel4d-1UoOyaiz-jqluiW40vaHrGINH>N%UGm?gIrMZh2o03nwFaF>y zEv=eu_xJ-2pac$=@=(?WgX=+ZH)B6SkFDlsQ%Sh~LO%~mf!W6~3k#nwnjhg&GU6L(@_CXsU?Kg0#N`m2Ho}G`iVHO5U<&XHd2vt%n~b`{^x=XxC%T#unC> zk2nx*VPt=2@<1a{^UcbuXI-rZ;Q*+07|4@)klD}TW*HOXaB4`e){$+rdh4x6WX2ci z`s!Wn8cME;t_bc1+C33R4#S%X>H(Xo{$z0%YdMR9eJ|^Vkg12>-LRoog9hyQ6cqpk znXNeD04~B%7s;krJby^00bMAUf0lq&jI7k$y@lfDL`(~pJ&`fd<*QKbg~f`wf)YhT zKLe1W5r-D@LuyZ>Ab~YnTwQX>i|Dd5Gb>fm4+4&3>9O$rne4cmfs-LxZGHnuWs*?s zoiGN?=ESNxMKC8|EkPLBZ0&osn`T3NNPsf9Jy>o$Fga0CQI&;+gDu!HF@n$Wvr-KQ z$t9z;8&7Ny{;`_zyJscFxr;iOI)rCo**d<}uCVp9H{DWlb{178dK57k%)tLABS5Lzg=vU>7Kts{#x;LI~!l`R_Pq{b#ZNp2UIO`Ca8yplR#QAa}G zGdxotme8=Lkj<3CfnY^(L$cNwyuSfIdD-7nS7_X9F|TUYSY( zVZGp>|IQi2Ccoc@R<9u$%F+Kb$8F{gt(x#8?tEo*Zs^IQhoumRRR z16P5oU`$ka95nT6Mp8Z*UT{4OC7?rIu!+!phCyCU!R?@jM-;nO$#8zy2;?I2RVsWv z0r!jN13{q?_4j$~&$Z=TvTY>-Nl)J5CVPS>)eEKaO0_EGvKH=#d+KdS|gtC?9}bdj4alJO-$29W&5=gwzebdpRMzfkN7HK8)qpC9k^MEbr88Y7-sRR;x35CQwi=*U zE_$7O%Vv-2BZ~%@9QDgqYS|wbJQl}Q3E|=MRc@JqX|hWUlpP|HNW17S zA3-Z?z!UiPANU+>4n}`)#R~x<9-D^~!Pi%S0=P0f6-NIId<5R20N@!XOnW^y^otI< z@bZs6*7$6AZ+*4@7&!pGWXSR_ zfvt*=B}v7a^&=D>`C6J4%XxWcRj?sr6hvF4 z-_*g6^h|Cp*F)K2&8ZcNOkW}tjK;HWh;-p^Ovg;PfCQqxO7wNJD{~u*i%Og?s3wV> zvu%wQ`StC!E0`vDhgcSvLyKKxuj`~3$F)Rp5+4a=_lFAR8pFog=QPX{Blp#bhAQ9+hoC&rw8#glV)akJ|-u(9bHECR@n4YM<@sJVdu*GFa@-u&kZPmGM_fq24Trkaa(u!f5U z2yAYWcsX~j6@q=s=oJMf5cV8u-q8&x7h;z(wts?k71pcJNwx`5)4-x#7 zWj9NB9hKJ;=2^%ijAp^T{KfFC@0^Cd-Jpi>C;INZykS;N%(#jus#mTYbWN88&Q!&J zvCSuWUe1F&A|zSR-Bj@m5d&Zi=w z$Dsbkl@`-_L|7|hdUE^sAGPRSu`8ES9**X|xYm~`;K3DUt=AalJl~gJ8JO^Hq*?O6 znjzp|kIRx{p9U)1x&v9KvLx7(n7- z-FZXW_Oa{CilQfPmY1d7c9$g?eqe9vB+!IWDlZ|CZG?g9gAw7V}x&_o_CG4W}T} zzNfnR3Bv+Cf!SPYddNsNtf(u9D=s<&kD`fROAJ;1j>{}5#8pj9saE~BIF9<7t{tgU zoxJJr$Em%0E7s4UaP?3?)6uu#@pt7F%sDFkLd($y9u4D*x$D={@Lh{*k*80O00?jh zAa|dDNWpUaG}iw}x&vsDptl+W&IFPF2h#?ifKK4{Ggl{&TNVcAnuaog0j*l9?f$wK2!z;btK z+CLY{cgtjxXf<#fWYZl+%TfJ_{#E6RR>``OCi3)9zHe;M7M{A2mV2Uy=BWBP2=@_C3i0guN38us9nqAI|dx2u|^7-fb$No5Uu zCSO%bZZFx2%aZX17t+Pv^fVI<<}9!H14#SPFlA!KOwc5kY7mW_h2D)2&rb=PV4OzK z9!kQ)kee3Q03rineSToE9>%Sfk{d=@>U}(I&kL)@{z9|0yO|r6K)bPqKUjXhtP+8=t_i{`#9K*)1A^ zArbK3*YTdMA@LLk3FH^Z=>}*v6U0!>pe4>h(>WQ||FJd3;_vtKxDh`u2%`ob;oHvg z!7n~_y~$E$w73>z{Z#^|?*xe9ZO~X?Q(>1!HG#~{P$i5htkEji?YlgU{}xd0w1&b5 z-vyfvE(JU2VlU2w&jml)+4YZf)%bhW*Es0XF7C5o411qZCVrIP>LEV(@_8-(Hb9tp z{m%(uY*t32Nngm{juJ$iQtQ1OAx^Id867w}`aO6uw6c-Z2nnP)8iRGpmUUBt5q9O4mksa|E(N6s3WepmOI+wmAJRJH}wA6d< z1`By(QLwn-7Rt`r6+6jfKx`EZhQAv1hHVEwH@-pwFY3Cw<)32b|t zaJmHjA6Gi|G%~twq}Hz!<+azZQn(g`AinKpM@+p@%LLC<0dym^Ad5wa}NcJKw(LElCPu8yk;K!_7C|R}` zJbJ2;*3{XP`G~;54PiBh=NqiA0e}T}=6cT7;tB8NvF{UaJk*jjTwK4*I5V=*SDJsY zVts9>fa;~J$C%G?_$KUiwsJ~G?2DpLLT3M~svmIf2x&6bvihPak9lZ;tUQdS#X3XA zJqi7+4nO5c=$nzG$cz8zNdPxo^YhE<65XJj z{*z*Kg&$Gq__FOI>%mytW)hJRbx+KfESJvrbCz)i0di@5Kz`)T07@2Z+7oPgZG85~ z#BUJ2QJ0T*TTdZ=rz$MK4&tp(0R;4oWt`6xzd7N={;h2ur#D zHl*rCl{;s}a}eR#YP*b4#n&Aohqu^u)&hDzA1Eked3e77%Up!-cnIp$$sp3;y z1`X>@=Z50i^%qfaI*ElKaF`=y26(_k<<39Q5k&bEe48lA^@XCCr1R0T{08g(FA*fF zui|1Y1L;+_uyEn@;{4WKXpH94egvFVB=NQ_9ZyK+GygpW`6yH-zlZ28R5r+VDhN|) zAo`xtK$ner&e`XN2&yA4!N-&K6ek`=&;A(yVlE$rFe8@aOsJ(!TjclF^*;S$ZBU4{ z1^dmrU>sT9OB$5l5@^&P$=R0OoK35}HGB8Q2Uog)QwX^jrm%0Uc$2Ia!(Zq~KG*i_ zWE3adDX4{aoX=OoH@lS51uYR4o`%^IwXMx5?M39Iiy z*qCbY<={detxkP*PhG78NehH(p%d8RRr9ztIV}S34{_7+2wt#Pg_T^g2B`l*K21zG zcJL-xFD;0TSH+>rZw8V7PRiyIkZu{A#nD=~Jfh|5%=Z27YXW(qzU*|xUcOc49Abw$ zHo<-AJ<5~_heg-b0k_xn=&ksIY=Wj*rUIR9({n*e=|?ANmT!r}Rhm5{H=?3gXL(9H zOzf1hB=)j-#l4NtUpQ7fgIA6=@ z6hgPeBmy{&ZI>nEqHnBzs?T>*QUj2rf}#RVzwU>CU+KC^tFA(COE-dX_9kQ$rwF0E zh^B*p2iz7!+ve+~ezi;2iR-#C%cr==n2&R0xHow%dTQ#OzO8G#N|J;|xf;>w0!$@<_SRXRUJ__z7MxtK>8yIu~7WzxWWioBbo)$kEI3KWH+zgxqjT^1Kh2 z_a%mxhS_$VuoYqfVHRQiXBXfnWBR)QR*{qliwg{cA4#4Zz4+~#OD)9c^la7mHd-da z_Ydk@J&Tur24rXq_+HRU4VYWMxjy+>Jt*4N^qydK1k)vxH0kZFDARZJca9R@JN@O{ z52>w|$uxs8=y(gMY4C=V%@)?=7vF$gXLO3HEpy^ElJGn$RdcFqIDL5(+ zpvJUHp*R{2^*+5C)5Vr=?Z#Y66XMO@ovEZVXatyfi&1kO;`)kGrsIq({r1|-+j_4X zJ2lz$ZKAe?Pk7acyN1& z@Pq~%ea-$k%tNJXQ^K$P1xhYdf*b3h0BqEZuxVV%3T7V3E5n7Kb z+`nFui|nO{F5)T(qXpdAM>EFf=c&D6B{w(QqxPNufex1}>*8qCy)@oV#gqF_m|);a z5R!z?Z%feX4-sK9-xZu1V~;lo?Q#iK^l?a0Tnk<)V|>_k8rn!AHR$-)CIz<;%5GCm zt55nU$&NlnZ%TTtb4X0D@x3Ae9Hqnao)#ztPwNoh*WHDZPR}HX>COC>@K!e-YQ$V> z{+y4W5*>f<3eot56NQppzt&RC@JnM6Lz;G*mr$^Uiu~=JmgNLv;ct~pR-B{J50J6< zvsRo9Oc3{j3bMk{%U=~N9H~Dg00nOz!QbGc9rSxXlH4~GzcLZ(s((k~e@WNd_V9+5 zdZi*NpM2EgiEkDEDe7+;?~z{XlDw0bv??46Y&s=_G8q&if{9-5Xg&>pW7>^}kQ}fL zr+^XwT7g8$8Z$_s0S+pNS$t#>qo3xkHEscy@>%VJ(6W@zCDm!hil^Zs1YlC;L+AXp%=`ePC)3S-;7ze-Y|E@;*rz zGm1I+xYzRE?;5jl3Lb@we&rL9=si#nOXvoIUxcyDX!5cUWLEEEct1Wx7*&PHs6)BA zYSkWztK`f7wqiB2H!zhdTJa$1?ZnqK*KvL$wF2VaX-2fjqW-%h)>C#O z^AF`?efMPjqSrLO?PX9~w2X3$(L*44KJtgnjZG8PY|YWT$_p_@Wrolo zhnHhg(gGEfMt(|}C;*qt;G{?e_7x4V9M~)W4^L$)lRw09uN=W6;odK9{rYjjU$ zRqvGdTs%k9)pKok*8QFqRqB0d7MMC^xO7HzUALN8u9-S*CjEaixZoyV3MGyIy$+}W z-n!PObTTKsE7VY5J5-b|e7FAqF9870MfB@}JWOFPGB%$s{{e0`X0(9UEUhtw2Y<#K zuC?CHJu*}G68AB2#3o^|hS#fTetoi&AreCGtv-Fif`rtg=8U4Cr1(=YeWo-O!IfjX zLPg+2Ta3qkMbXBI(3kkhmM6qW{}L`49B)C%^f|IP7rmHdHw5uRIq)UIa-BJYLE_DS zve&onJ)FEuja@ccjU6;6pR~!464on8_^ZyIA4t@x_EE71!x8<8=tiY5A(2j;8$pEQ z|6#{pQkFIhC++up(rYHPQm>)Bv3KZ=AN(cZ><-B3Jc8`_yKQ24SpSyG&+^ezLgJ&v zb*A{YJ(Ip$W9sL#7x(mLYgZ)nEubr8mgP*Xw-p!n8fEhg8wFljW?vq^w6k+)3`WCT z{#{v9sHna_o^6Ndyiq<`u5QOS4)8cxYL7T%1Aob*kRlyZ=50(N^|-n{nD}Lmj7B=0 zER@w&cMcrSFV7suMt)Y05V9OOxgVQFG|AVh47A2n3s^q|gRVy^B~g}B91}2_5QLB_ zB}^}an@|I%v|PtBl^9IHMT?ZJ1yb1Zyn)--mB44JDrq)>4GP#nZovFNtj`j5@QV{s z>sATSYC~uh$=zver?ZEu7Asidxq4cML*tpt2DX6&xey6;4 z>3GYY;dFDrq00PBvjZv-(5_Nazc|&+2t1!Imhu1;Fwf}BqzR>Tx7s5BcT6xLH>(q5 zujP$k8b-aU3Ua&-G6*!-{CxGPJRz@jM4hGW2Zn18gVOj{Luc|getO>^ws#`(Eo@b9cDP`|7Zz+(M<0vnpmLA2yC zdpV!|cJ*+b8(SkyQe+Dx9+Mqe_Yppesl|Cb~s za%IablT*CphE`dkk<>q4EuP_3n0QK)x}mu73wO;R9$8 z;3v zxZ=L!HbYx8n%LEX2(G!u!1mgvr2|F%ZeJSbvCscz>83m66->=B(Hh;yM+K-Cv0&>Q z@%F7bRl_sk?3>Q3R~z-{Hw7;~oFA4MKlY&9PvZ-`$Ih5ILOf(zofRqunroCPRYWDL zi`#6xK=&s-nJtTtTQm_}vDh6DFcAk1^VMF=r~xDN<2D_hICp4nc?T2Nx`4p|lwi|~ z(xVOp_wLytq8o^9PD_PU)+Yx;{?DaEE{Wt=lQEW|uAna70pq;Jxj^9C%NF$a9``Wm z+qCeDybMHL=JxZTn(oK}&_sLH?G&vsZK$E+@nk+#klOr$$C97Ur9KC!RG>#99g~$w z=)YS=dg4$kF7G|_pbP>+cLd%|fx!X37b+{r&hs{2t4~hP!|{P;qj+TH@!mDpCkswE z+DaS=>al+^HH5AC#MO>`KEq@P{iPsPm`w%#D!I39U-JaU-&#L6+U7$Ho#FkSJNUpR zTB-0w9WaEX>XZLKP3QjP{15k&+Gb8|%9>a`?_cGTMFH|hY@eyiqp7RVNZ0v4gq66{ z8H8ZQ)Jd=D=$iUGk2dL;k9ra25H5`yd2gY&UylHE^VS3GSI$7mCi?1-#_!_|3&udh zknThUa!xadCiOU_mrx&Ai6zZY44EWQZbIB$J0%EqzW^1lqe zlr@l+hz7&YzBBi8Hj6$ij{p1wRXy1NiWeS`1MYS;Jje5DwNTScx`I$@_>|mlDtRHf zYBDP)N{~IwcN%_wf3Ke-XN_|wIR%(R-^<)uNn!_#=ON5i3srLDod&7Af@Y?84Txb^ zZw6Klrv(=)YdcGml2q(oC@5b$$FsFn7}Eexxj{#z*&&$UT1txG$xJHseiy*5&-2+|}- z<129s2uiSsdMP(V)1zt`!}=M|?LRx0#Y-fT?qdm-`e>8RJFvlb-S?<2Eoj^$sb)^mqIC?$I=N!ph2RyQ&RIyb~?|qb2>}%Oo4-(V5lHy9HhT8w$ymK zB}?7lbFE2k0#Ft&Bji6+OxYhgGhT_XCbGDy4dTn^s zYRfp(ZOM2}k%BFXWCEr^D}hYa1JGTgy!yrou@%n0r>@WY^@Eiiq=x=c4$Wr-p3e@5 zIwBe>8(C@>zGI=4{jp4QtGs}kW5jG8+`#?!V`J_~H8?lmNYVI@F$|&uni~WqUEdBP z)0)4LiGGBb@M&G`lB`(6&$E`>RsPh(aNb8`T*2ulCR zwc7>olE^=E`E@1Fvk>ufkQ%t! zi6@45r%k4gvXV<2j#sojYU6Hla%PZyyKHxVg3H;b(DB9r+Jeo0OEO8{i)_)JP`-y5 zy0&taQpA`m?BA25G1s|q4p~TRObcv+w-U#c5|aOuhs_PJa6kQ80hcLf+CBgt^Unx7 zVGnBv7l!)ne>0POl^4>pwFAeiogW?ncmHPZ_oN6K)i9~-^8lA7&&z5Xb(pI2_Ukr~ z;>JIJfHiJ+RCin%9i<2zZoQNM`Nw#hA{e&h0W$^y9TCO*LQ1mGP3EXi5Mq3;eG&g8 z%k&j%i3~~uC45Fc;C_QXAXkF>koAU&LOk5@>j5;JIY!;E>}WXCIFDO)Yv%OZ(d#( z8npn9+zbxeyp}T-Ipk3sMN^C8Jp%6Y2pv-Bvak8`sq>$+!|9^4l@0jMII8DphlV4@ z#Vp}{}%!L^&RO}TN^w-5T?<1ky2cav1QDX^eXu8nkMmO+3^{s>J z2UPx3O0Rp;*ts!cEctVXVtw1;Q(jU!k!W)Qpo?|@a1hr=>1`>14Zm@mIYJh&SEiXy zVL2MhZyq+aF4f2n6F6nye9upwEG#J;{j5~XPh!9`M&)+57v~yRz!fNb^j{4 z>{wjY<@(RgPu*-of^1|Juk<~af))5&c(g%RQbvlDpHI1ft?NeAHw_N0b7`uafg8EK znUR?Ofhn+)pTLzem$x)`;_T9;wdy5iTwMxE&3;rq!eQ!EB7^dw$>8N3(u3GQP2%zH(_+7NqSW!4S7$Y~t&nm9790F2QT#XTR zJ+4#vmS>5w)ZMH@clL{Qrnv$DiS%2i);sNYH#3U56#_)aKigj>bnAX=DP8j)t-jxV zGr7nF_*)jRb0WJGV{X(J-N&_pFSu%5M6gJsQ0=0pwb-cRWFNOa4_b6pJeg}OyXzOY zNd|i*i8>>s1Z-wL*q?~~6Ik9X@}wF0X8syx0Bj;%c2L~CiF5K_)6;8PtSHM3o(rFK zcv$mljCW`Xi*s!6t^o)Bfn5;-8^#4!#v1)%po4u?04Ml9D=(`F55%5$DHzNr=RC}G zMU)wZk z6sPMXy1BZ*sFG{nEKvb10~l7v_>v_IlPjCnh#1-xMnkUqo>vK&0{PaY+=r$=9K{nQb=K7uTCwfDZNF;NaQb!Uy4*YW^pu)Wa4ccrCIb?fb zzipRXMGkB9s?F7l8h@-9P#B4^Dm7t6f2xk zZ3AlMkc@XXwpl37tX9=U3KSQPhB}RqLV5!Tk)$)Jl&a-ag|0cYAgKHo@Ga-&tu`1S zqQPzSU&dq_v0e-<5G!j9#UZA^Vb`npr3wtg6fT2Lk6;nIJf>&jM-u`n<4tkG)yw-K zw^aEe13v>=<)q^?b>jrE^`qLiw~1IG);s~Md0BPKE-#5q*{bS7IGR^ob*Ja&7|m8r z?P@!t|MA`39)-@iBZo_ttXmjT*H4GPTXr3-wQe`#-&q1cO~b@y{e*PLI&wht7qBCh zB@GqCLJb6VQIOv%!v<@qeyC}`m_P1szi1nz_CHknM|5yW%Ri~yPRa(|-JHD)>ku{@R|LU){_3sz<$xL=_w-u>1>h_w^YCUjurX(i7y$`FM!jdwe7k}}*Jy@Ib{Pv3KRWmNH=g#{mvF0u@ z$fEi0>pD}ZvzDEo{h5wZX9iWQA7D)jdWvLTy+Y9{-$i&>#gr8#&bt}sbvXK_7 zrV~QZe!qNDuN6SR*{y3rD0*GD{#AFWB89I1Z7Cb_m4uuB@yuD0v&@-cAyhdjk@#*9 zEzd>v>ms8mY!|rRzlGx8W(brJOslC4}fcu)YL1m=m`>k-qCgP9Rf;eXH;## zL{IeU(t2(=f~_`|m%4olO=0R>)NhF&*fOKHqIXtaOH)KLklTiKAa-ueLA2a`{gQk8*Dv7Z z$)pZNk^r(lpysQV&>hk^V(GSVDT3K9`XpR!T&&_Gq0}%&+miOC24$phhf~@4}gPy&) zx=%B!i^XoQ2F>)hVvl%Fw<4$ujPQlr#pRa<_4M`K>2KU7k+^Pbos4bUnUSn#tuBZU z|DGMR6!=hlvEA!00@}(A%C?c+Ok18iMbynWqH2?NUXP4|Mp)U*pAUOgMb2a2rOKLm z%!~MW^n5vq&@ypQwGfc1;K$TY&I7{H^#fb?&c0V2zl*=nsLBC<&1U{~FmhEMhRUk%uiFNHJN{(TC{ zNiA4xSu%^>Lh7RkKn&14DfY?E1#q%bR;$g}gIn6IjWU5R$hXMG1*Y?7Qt??ED4Ynb zn`>#po%nM)KRzLLg2$Ym+s!c%zvNW#@@e#LVQEkdR1yH;&6BM6w!uzeQH8kn6E%Yx zPt6Bnr?q$M7hOfkR}y{bJxCDWStW@QE4zKoEBSkW!Xb(39m;v!RBRcg=3yF6CW<5^ zacsXW=;PUG5!_TK#zkXkgl^lap**4T!b2THI*}|WAxF}Be7>_aWLUkz-x3YrLMfaK z%0x4KQ-AMXivF40aQaJCDOXkjL!n)s$afZ_WYZJm*ok%weSAug>a+m2o;ItB$7uy* zz`g?8`#&r1a7@}`a-}7I-P49?iSIpaAjIr8VCyVMYkFw?kY}+|t>Avfy+zG1f{R@#OA2x-XxZci*TM z)7;O|7yJL7K>(N+&Rd_2gz?fl%A1Jfpp8%#9@Fo?wp5%{4O`&1?z2A>Rp$o@QRrnI zt-ZEnUkq41PyTqFtbgfe+W!%st8@!z@ttD_id8aCn(IJz(^=gO&?ne1>P8{{c^|QD zR;F@{i9cY%JjwI-Y5Fjv}Fnqsk?q%nAY{vV2 ztSkEXVB~Np;qJgzX#_u#{w`|C%_^8iub$OAR`hw}z_2y4g{z1#eLzu4=y|mfsEz^xrN)XmnE%4V9;i6M*UI)=iAZmK;uSfUlJsgV2v{lmM2K`4ujQ6fqXL*w3 zY?kF-QOG_+i}nUh20_!TaC3{O(O_~yAtZuawU@;9S;+}*nRRUw$saOMv{#R z-TkRznvpPknjTHvsgJoMgo3G=2EQJNQ_Pt1T(ca)&j#KYQI$15X&VRd>s!ug#Z_L^ zgu0&7R`Ki#`K@yLuH6+mEEsy#a|K+9+tVA;tdw5-!432X)}}U!JR27EyYKUfv|AkM z4Mz#b@H-DXIP+ry(o`NZlHC4fXT~>qGf@Q)oB2!K7a!)(rtAb}^hf38gBAB^^ zsC2jfMp9ZKaf2fV^qu!}?gaK|j^RL@02rSiHo*ELkV3m47g4%1_|qxyW@Uc9WZZKt zfYc&;m!^(YV21S0inF3&sH!h7^9F3&BlporW;thLEBSDga7!qBA#V#_L>M2I!E@*F zMd}-w$|HZdXdwLN=By0xj2>8(Sqs&q5W|6->0S8`kXx;EEZv+A)dIgZ1o7GYemoE> z5y_x_Yg!VrH^ZH3rn!E8aAo)R7eXWWvpngo;?tW)zezl}6iqZ7sd?@?#R4dK&7u7% z$S5=JWILa_>oxk$jmnc|hdDg;i4jc2CJ~NITbsi(!3codjgxIkzF_``_dC6tcFQ`? z9|SvagbE0kPcJ@RRuF#nw!3>x$5q79F1t1M$MJp=2*cICuSt@$osAO&g(6wh4-;oQ z4AknLa!&Im*^X`8#2+?h=DT7zJ5*P$Km%`u9BFs^Up?>S^kBLa9U3B9NB1S3S{97_ zw$({iDPswpauFVnI^bxBvE)+_aQ!=}*}HxCqQc=pMj{@lve3UumMf>9MT=(lBMK$P{)$@=xVv(Y<+Obk<>3-ZP5RHw2tC4r|vwnJ+{m-+)m5VwK(D(aZ zoc=dwm}Pl3US@t<0E9;wKG~-i%?vbEsX$egC9&u87>5jk3GbDmuKbF~`oleFL=O=-{;}GN_^QjN(WRj~%(>&Ux^L9U_uH>R~EqvWkDJ zWQ7}u;fN+2y5N@Moe%=&fomQM1JRT8XA9s?tdT5ZYyGXC!ewfXthkP`>pJ^)cvTWcz8Np*WJ2pfSr4R8@0l#E%Fw9NLL&q&d%Q2Tf$(e zz(3W^OX`(8*sMo(3>N4J#ww*%tGr1CH6N5S!#S){Y7Tz6VZAHs zu=7>sxN3AmigsLo>>DEU6XN0zO%C?D{u_}70yi}ye`1gH66cav*LlyaJR&zVp1wN< zUHXns?Q1}q3Fns@NzD~Xr(w9ppk-IL9J|Fe_)T7W(@5;o-*e^-qGUAw56Iy*&0 zeKPi*?$<5o5OWmR$YMFwGf+qF(2Dtr?9S`P@kU6<`fTlS*>Y7|ZY&ZQEHfM^;A@hlf_J{aG~1s#?@^H={JXnN!O0peJa1yA}NO9apYf91_V zg1TwIo8`L+;99|-U9j;cW=b3_J!sWzHtdoKQC3*~vN-Rim?7Obm^m5q?OPwxE76Es z_l+E}X1~A#2qvrx@K`(JGUX5rf2nv5h*ooN@1eV(3uMU7QB=-*HVl+SD3*soai5IO z#Op|vbzKoraLkuD^%}a8@E5@$#y?~NTb%au*u8Fqcbz0T{&ObTVut*6?n!!%_tm2H z#EI#Md2Bt=@^^!*UR*ziE+Qh)9_X}R6x#-yY;jeGY^8Ii;uy@8#5>ZWTH;ahIgduK z8Z3nfo{n;Xa{}I3*<68kY!;K2mX}K#@!Ge?u>zj&n_(!DoG($3?NZ}t}S!E~5?K;0?wfs;AbDTLzuCK1i*2V$R=E*P*MD~=c6`dj_ z8azjo+}Or`UlUJ7Sl3z8IArn`No)G@Ug7@7x zeMRwN3N)8vKv8>^b- z-@Vd&-U>~{roLs9Rsl0CSlj5jsvqT(PW)pNNE{s7alaU#!^{V&udvo&rC6*v_~iz2 z1fB;A*ac@tGdEy2Q_y(qZnZ=~UNu<_05gL}7wZQDG|qb6AZ-ta=X^o+#6Dm45XlIv zD2nzP`1aNh*#Q8UNSgtJX=c53uQvZzIXnLAm?i{ z`NVILQ#;wWw@jw`PpLXEwP;JOFdPkLt+~miI{s2g8WC2MXp2~Ww|RHw&Wo;ZnJwSm zg$s{87j5K0VafJoRGw4l02Ps^58CChTG6OE-yUO@L_Hj1hGdms>?5Y2zeXgGREVEK zFL@T%dxW`rc5|Jy>oyo=LgO@~QPSsr)2ZG;7vrhnOh?a#p&hH?`({^gxnKJklK-j4 zxyKdox;MBw_{XAgrlMmUr`4Wq$IlG(ejgcE0cSJUx)h8TqJXvHg08rx`uQ;fu3in7 zOFT-1U5B_@?G;F!y_2Pha+vk9^SfamQkXelpwH{}smylj6uLeW2b5+g-;Ld2{#|wc zGh@+N1Z99zD|hU=0_KecM%;(chSJao9w{vbX!BQa@6Hk=?}E_4FLQsDh_E0QjJ-IZ zk8YWPx+W|B@SA6e8miFjgIb;YMrZ0{%XCA=5>rmhnEa&O`;ZuEHDTs4npUX0580?b zq>b%q58|gT>Nch%2o}YeK@X6ieR+iitz6ZzBZSjaSJak>?bqy*!fF$kuyZBVEnAZ} zkOaVsN5Q>>W^9t^?k807jNQ-u ziwj}ra$=#%0MYXFt{WzR(>0%X@!_NKq_~&0T-w~gF~au0v)t-pZ~ed|Db;i>T}`a%UUo(qxgNz& z+KA2MbqOB!@tkG=CvFF`eH2`F4pqJ?n@I%n&~?dNd5+&Xg})AomWTV$ihSns-|}(N zeA(a_ke@SVsXq5=K9WR_-Hzsup(8>&=cZ+~K@)?XW~vxf9pfGZa;y-k>VVT@Wo-J3 zz}3_e@sIrQzWBd;oIC+J!{kGw>AQ;}(t~clsiYQMPF7#g?xHjo{En1TB2N|h_VQy) z&qslYvc9(}>jqS9h#SxL2JJ6s&6gXYixHFmXpCi3gXN~&asXZT$*jzOR8GZ3Av(@LsBzQ6QZ!YB`RYE{BF_6WH8r}61{ zi$AA%gk);zBZySFzgOyl(%?p0`BEabP>cky|0PE~OK=vEQ8u%cIJ=OLRwT)G$du2T z@$&zIoH$QJ*O+vuJ(`6L3F&w0sWbCv3|?1L?P6K0B;Pc4b*{{nyMgF||5Mif3)zHG zG7rQ+f*A(#n*E?2C8iYpLL#`&r*GGxi{SvYSJA)xcznQOzw}IX1G9a9Y!4gEQczlM z$H}qXBo&VTP4Jsy%B94zHo%rw`fQ(RiMgEXcV5F0=XcgxMjRI%D!WPeW1SU2)EDcu z4W1d#Cm!|8L(_PHownSI{$@si(u$Rs!TNXBQUe)gyE;;&E5$s}9%%inZ`o|loD z?GD#Yoyza|l#$2El8ZeCgeBzldenf3!FxU;pG2{{Y{LR2BdcFce_&}oRuYppDk?&E z?)Fv#3evA$AxJ&gSa?=u=6qlmtp{SOAN^^H7<+k;S%2|%bH&@~Pkv4utJD)_00cB9 zm*unypo8bsbeDFmL7tel;v%^2P2ax#d!urUy*GtL;}1@z3uxJlx1EBGFbZ(eH`lm& z3_HQ)>dwq(Td7M8U;fBUy3k#Z*1?cn8I;;g-I}9p9FY6+@}S!?j+__0B5w3v1tqpF z;R@ns1tH>4n$e|fm#1Z3ENfV6SBt(mjJWS zPbKxX|GF;Cjo@C(9xx8Fp(_v3+?Krl`BHxXd*VNjV?Rbo9|N+tz<**wm-9|i~r2w-2A(wU*}7u>;b<8_vytsF2Q>tF}<3z*vZmKH_w-~9-xbh1e%CxOL>aJ$Fqbm1wT%{`f8-` z=Y+`dJWdAQu-1lE|u_suvm8F=} zxO$(ZOe{cg?lDFtcqRe06Pl2M8m#xmMtRZRfax&wMV_Oj6l-dGvZ6jFG4@fpi3znY ztyuM=`T?es=@u_kqCl6@Z z4RL|>75nYW5g)zC$E6RIUi+t+Vei%=yLP3M2n^b$@mIS2Li#H_3XbaZ5pb_}@i9Ew zMn0*w|57G+Kb@Sq{bxDtpUzutST3%vN;mNC1VtuyvSE-f_=E@vO194ZQ+0GG32`TI zbkcs1gc<1Ugk^^|9%jrNYN7`JOcT>S$zx6aor*iExhg#|>Y5XX&gShBMjc1|Cvx!S zdVlP`x{KkHk-&gj5fSk1z`LZhFB6Jb@pMN$ceQY*DLK5I(mePA4uGRp{rJ)ID!7CBH_@*KH7k4yVyA%9(?*qE>G$uJ zeGXv%yx&@jBCcev(p>_#wSbR}u!kkm(`!YpzGy|qajTyU@FXz1xYZpKJo21WE46~` z7pD`UR!5qcP5Gu0p$%tHCXxCFU0nCAwb*-1Tm~s6jqQm;Ub!tz+HDmDXPF;f{2DWw zzPn5a%0r^YN~Lt(@;^4LY7^;q95b}0N8wJ&HGIx5kx2)86frC~vahBn6NILI$U4Q9 z9yftfyN@}aZ4dtn?@433`=_=k_vinT!3_HU*UqevZ*=zmqMqhe;nRGb`zRkGECX2v zQ(ZfPjbp*$`5{{2@lzdfJ6vEu0iRM_LA>YUUA=I-y(>7??E&2xs#$2D5>4T1N%7MEN8MWn#SyjLqJac=*WfO}Eyx7-3>q|$pusg*fWh5e5(w@N!5Q4$ zAtAU!aDogor}Mtwy>;*Tb^e~BsG_R7n(pb@dp~=v^{lmDL=I>w_#UYoPjaNpSzxu6 zv_D;@M6bd<7BfNJVqZi}2`}z)!@N5p1g`wAw{y)tQ}NK7y$Q#8Da^#44G4f8-==*2 zsPk~{N>PQX(Agq=FaNb+h$`vJ1+{96uEKJT*O86Yvu&v=QR{lVS4ZEYM-?C1`B%MN zxB4T6oda?Wh91D*UX!G6s7Xt}TfQ%= zKgs1xLL}@oBSzxuN`&QMp z%JHYjy>^THhmOQfgqQKe=mw^Di{=lxTuiXl7Fa(u?QBOjsYvxla{&V7Da3gLF9-9V z2O~3>P?R1r&r>h@>fU^2+li1_NwMMX9@tGJK)1@sA@h2pK&F=B7UNFM9m9?jjz~Ab z_SEe4Q=f~m59(6-frUg9Iq0Ockga&J{&D4#VNoxSJnS!?LIlXqd0So?UHhBVPP`$i za#^>Wv)AvaIQMf|wv}KOpl9HW84-y_#1lO;koqUj8kg~BlC{7#E5v(W@OtTLWbj~`JKJ0eTB@y;DXf<)3f^=8 zxBju0)#qaVSq~hY1OIi!v%C)XAaXsQJr{HQ<<)*WwN$kA1!06Lg6j5}=7Kh)SuKC6 zYQ8{mJz^oqZFj=$%&`;D@;uI}(o~f~D|mi7U)^&6L^FK+_wRtQ4|^+6=fly4HjBQ7 zy?Y3dejwB~UvPq8E7HSFAq)!H~RY{k<)FsGp1MJq75l z>%GUJ{Ov*?uI`g^u4wHfPuF=6S)zYASULCSnDyIzOpPq#2V8qT+5;B@7Z`+iRN2J1 zFT2);rAv6k|M4d${?3t+ZdWzD5UkA!X^6)RYT!XL5~;L*wblK&XymwvqWH_~_bBKq zcm&JT|04S8bSs(%P-7iZw(q7vmSZU9h*0(-Lq1=-`MFjRt6C_lllpLLK8n-NDjm*N zjAwt$Gy^cM=op$D3E-VZ2L7v)xO?u1F2lEy`Gs$?uQBf{J~Dqy9{L80y9hr>kw{tr zyk&sCeAq;ixpEiKp-yke2k)rZ=Gj=x44bDhON&SihG&-Q27JOsbngg6H(ZZIw!{>q zh8oN0Qy`J2=hlV>C4AK4*eb|?^3x}%^uR8nG+Hwi0Wpr4eTO(qanfxYb^tqL#g4LZ zb58AC%ehNG!QSJ(&mEc9OInp+_hed5aGiD?Th&ygc2s=%6iW$*Ue}ME#zEHEEhhl_ zXf=b+{4{ciwwcUyOND>$P^_|UkkbG7jBtA0HF~11yp}9QR3I@!vc6|h?60Diu-U*i z=`Dw2>u&4-&&MXiCd64wpGV6|OE!8nu1~8g7b-~x*?V`sR|XVzoK=lUk`Lzvw^QPO zYQ_lDzYXpdvZMU7Hm z)r<= z#rM^yUb~k%4m>tBY;Nn&fck6N@wk+J4vjM>Hnm7K^x^YJFU* znih4&g~DnaaUfwN6)2H2_FpNy$6bbg0`l2ls-rKf06RSaP;MqWd7ncj#S1etBU%Fj z%$Y(Cwoj)#WqjyTlCvFtL`wecjmF&HhMB&P_&NFWJN6nCW*_O7%Q9={)b(3=0}!D#{1$W8wmid>igIs&24 zoV<;M$iP|XI4<996>q(Z`PcRMk9)nMiG>c_T0qH>qa=Ml*iK+I`aj(5grk98)35kt zGx#NcFL{wHC8LdQu$BhZn|*<7464P>SqjCKWJ!-%y_P<@^N(|tT_ z%HeLy;livw`TZ{YV3BI^2XpWXmIR`0RNZ#p-e#0zY; zu)GbHU^moiVI(RpW{6dRO8Gr3N3zn?oOWRo;3xn9;NaAg6YsldzuoEJ(-0!Cf-#8U zL+_nlk;UcZra{WoF?4pc@B8>8wQHcXGZgOU(C>3>o_+e{%t&^p?(g@H>1dJHYYj3f zhZJvKucW)+vJ!vnptx^4u5NZ|Ar9Hu+sID^`a4KrYe(12_!*-Y)GW9*EVyk({VK4sxNIeE-(2JmB@lP{%^Y7oN-0d;y-8d`8 z7^NH=(hp-?4KY>Ce|%ce7qNbRMU&S2yV|c@ZYTaO3%+?|cftX45Zo%b-M6bId~*1) zGWZts#5EONmbf$rmNEx}ZW@o|*golt&uBlTHY&+J$f?%dC4F-$nrr2Vmu~;@J=b^C=GKobYYu&bJu!w;iELwwIEP}TK<|uUC<#g$3u13)KioHK#gnm2 zbc#C>JSeK==RVf%Hx9bx;lGZVCF&YxI$-^S4nvab(KVxJy+emT7oI^ZYeyijqm+ce z2xus%K9fmspkwesQY4sQ=gzbtqYUc|{&7T4cnNX{M)VoPyf{ZE=T7_`!xgHf!V}Ci z;Sgw%k0L^=OMuFSs09O_Ol9f#c+|4HxdA%57t`FIxlo^%qPE=NkanlGOjj+ zH%oy+Y`veewlmncWpixpTbFfEj26PKSEWu@&uHz{Yef2D7>W5xEnJb>JLBebsfI0C zcI%qTxnTH#aj{{uFT5b$4aeL8VeKHiW?}x*ZECHmsz^Olh50XXkiWKeutVca*y8l^ zIEs7I4dgjYm5ujfW!~A!7e|w94md{tR?|Ic_DZ6n|HQ-1A8l38<`j}_<2kvoea6!@ zD=19Hc_pPzTI|u1s&z)mu4jM^gJM_G5oQM%b2d^S7T&!dzy-lL^~=OszE3$!QnCA` zhaP}##^;1BkBDbXzf{F9r{mqz+Vw4d%zAk6L;`dYYp>TLCY)_k?-kk$G3U2)@4@=? zapBqABA*i8`}W)e{e~pd!aCa=1zPZSZ4CV!prLR=3cBtu|Ddv&QBU+B7L5IzP4D0f zrRIcufnL;CRgC6J%T)$BWh}jEFwQ{)ld+u%b69WYbeA+jTf$Pm_y$Hmct<2H-9Oa( zgqITtJ$E5jp-C#?Rek22@MY;j_ZrfxWv1tB{1Sk<`paG;5|eYvsM5$siQ*FgL25r1 zJ>*iOX}X2xGM!p$G%f*p#D{gE90Tg#eFDMHlfT=n-7JC1JZq$W;JmWg7;@>kZuB<& z-i*EOI01&ZeYy~>9SQQ4U}JWtnGF|!VR39RRTas+02{Gr%VAV}C0nP-$%W%S1VXQd zldfpJ!%SWMv-y5Ykl~*6i!^WYe>GAXFq#~g{4(h}GGrRXh)_9c^Lhv!gX{&(mP|;s z^`KMnTh#ve>}q$c_7!F5ZE~{ER`JflJEH}ui^%w&1d7yFK+{fV)A_q?YNW!m_P_q^ zPq_#g3i_Ch^$Jh$V{R~XCp0LVb5M9lEXvQN{j8Bfz`nNyqs_VSd(cBoZ7=4JeVX2mk+HXHmLN1d$6J>ZXfz5X`4Uxg)MIMQ&-%P1tx(^vVe;Zp~`rRc-~Tf zL9)K_&Tgwu@W$&u>i*`rG7=}bNA)A}74OGtM<27@O<+onH44vm*eX;Owj3o+WeuN$ z@UHp{oi;ZUb@^2~+|+SPvdxs_d$9HHo005Y0c{y>&U3ECQ&mua#%7(dUI3_nb+!vi zcbeU6o4IbN{S)rIH}fOV^J0nS|1o9FxzE&rWAsg5^d~8J~Ecp^V{FJm0Z~%NZ=2nBq^uuRC>H*2pK;X8rMmK2Ez?&&e@3n)oaIvmye^I zqUO%XlbF;ss{E+eXHL)2xXs7#3{Cb=KcAsmssCt^4~E(~MxOXxXrbEF2B}n{c>5>|G_uGEtsE!uC-eonnJb^$UfS=r;SW zn<9wC77a-?5e!;>EH{7T6|f(oL(03cf$!lQ-1LnOo>}LYM1o)hDTZ#K0T3Vox+a>0 z91X4q$sc8w{_Y%(nECIa|Em7~u?m3yx!;cN5bEkNT4L1WvJ;JJ(Iy)kPWb9yK!7|- zbcAqyXPh(ThANq!BJeyh(nQ|Mm_UZbU4hFzA|^ay7?l*WDP$W${ZqJ_5XjC379~(BqDv$5A)MBN zrRV{hx^x9NCn%$TVaNXBhtW9`5$iT^mrws5Vjc?!vq1%FYBisRL7QTb`AC$wox6DM7S7NC2G6`xxJ>aq3eeQ!v{+ve=>IdM3_}T4Cg|F>Pu$U>Ud5Bbp&x}Q!TMc z5jZOCYV<7V!*osPi)w5Whc}l~fj|O)whg;INy;xC;PV4|_5%+fOZpio*|1|(Ze*muk{27+rNA?btTw-qE1_B{69}f3G z2UgQ5sf+gM9!m=W_Nsaqy;T`BiBn%geB{<;vW_@W&nHH!m$;EW{f|-C+tseGNoanG z-_BcN9RPImCoFwglc$b@vfzWkot5}KblzXD3R7d;{>o(FZh^Q7c6PrgIc!u`(^CPMbSWYjWk@|Znnf!w(V+Q)?K1W8OT? zDnDHKQUmfkA7fFo9QEsIS~wG~(#sa!{6J2mI{kA&tJlWLM{ozuFrjZvRpl2HT z?Q&u4G>1jqXM^NAQmJ>O2Lncg8|{yRNL>b&Stcy5R@P9!bBsyw+O_>keb`hP|II(s zDDYP?GoT5P>w#n&9I5_4zFK^U*o$;YCYN9n$G`pnqY(q0q~Sx9UK5>BpN+r@5+Aze z-|J%k{(>x&|H$_y3qXOZ=AEb8JL{q3w(?$NXv98YDIu4mStm(Rj;~~R8~%0Pk5Ftx z76l+$?4YolK;xrg!%2RL=G<@&s~<<-7J72R_rn7E5$tvygfBZelE+Ts$#Wb=>F3yB zWS2@9LH;P2AuPUt(T#N?RxlzWs1N_C=0qTp=UMC{@KD(yFjh>*uRJPo$}xo7@pM3+ zMK6U-N+37}>fNv2$u?+;L{Dx8<9<}z!V1{-{}Xq?`Z*gpov@A^LMR->G?2LcvB)CN+V!xB{2r^5Mn}+*-;Uq|`wd;HgkNUnJK{akVNQI4T&9+&T3+MKVJ{oN zP9NBPEUyX}XlmDgKkLRM*d)7)E`V8!@=do7Kn&j*#YjX}Xp*P0ibczc5;-k}M4eI4 zh4IXJ6Ey@E8P}t+z9{+@*yST4pR9-zn$jHp#Ze5*{1!<%x0GbqBH}q@KOS=m1!1{2 z{JvySorU8rLerJDL|2(3PmJpUI?bLilAwSf8rqq9^BS<0+;je92CEog+ySRGlpR}8 zU|A2FnrSH+=o6g*k7tZ&;hG+G5sv*l8R?%5K46bEOu+~EXaNZXlpmj|8fq!2YVGuB zL(QD!=?fhc#g_=S)W2AIP3CS<7aU+2S!k`bSBH;LnmJo2i*xAW`QOG0cC zDdLhn0cXq-a=_l7Y0wlsl^nusu>Dv=ZJ=UQ)j_ARQ0wUfvzcEB`Jhq#YP^uDL57JP zUSB`8;F}sqcc!GE@^_c$o-UA+!iE)L?xhjJM47aeU~-A~5Qvx^hJ5&4DZ#`j9v^Je z@G)Jv7~2heLve!=uMyVwO-gP@kLvqy(GtQO2<5tAEB^s@bo4osd?9ntNhVJ$r-_6D zBd&w^Gngr&w8K53P*9LailQ+&B7$^~s2Do`zM<><`|B1oCFW+e@8{;$sqCl}ATYA_ zO{!r^Vt>5D+S;?=se63|ALhoCG<^7L3(mp46Q2vJyaO!@GF#tVB|4>ZPKt%~T#pt9sy#@OzDI z?^^Z9s;oFVYUn3b*?h5g)lMREg+kM@<3-X5g9F!rB+)V*b%x*>DQ7I0bdq{3WQToa zBA9P&rMj-rcMtj~#LrH1M`4jySen6UFugD)`&oq9`mGJR;-efoBoI2w#ur@D!8_~{ zMigw3L?cj?qC`mr6L80lNq|m+UQrq76AIxkG9`1;NU{PMVeFU^Ou(@EKp18o*7#=f z58ao%48-LsU2tlxwEjl{V{a}EY&b!+p&b6=@KFXmcLElipyfmcAuhsiKq!oEM~GJk zXTpplMvA%zYi`hsZDTw)z_L^!84iWJbYD|H47DbXB%QBZU*nxZVhcqOhi_%CJ7dFS zgaBLNT8m7x+LuB8%7V@_TuMUa_b!pPYV)F~T&%HCwp=p;+vHXzSNin}FHbp3!>l*( zg6#F-6mH7kOT750IgOkb* z<~6ORkE(FQ>rve-?Hj>r$dFyR5!zt+y1aD98;dkE`*WTho@?-dsV#Ho-9nVV|LnbmOKCah;d+*^eii%bL~!_-}m~GhXOBCUVJoow-Ft6v+>;` z8c2ku-em9)?~A`AMWC<_`6;K?Z3ON`ebqO)Q4JiJ2qi)k6*fnpm1Bg>(9m!o#8hld zt(D3gW?(QuUUKnQ&>wQFYU>GJ7)U)dCF|iViHYa)hxs=0S)=^C15QwR+a3d@1B3BKT%g53+t{Ay2U;lzR!U*bof<6y6}j(TiW6JJPN0UZbRBTqsYsF z<`*_AlTC>0j?~M3>iLBvO0{GItllYZW9Iltlj?XSyM4^v2|$d7vTV2lDz1`!^g%g% z$e!NY{^T^6#L{W<<8TQK6dKL+tIch57C9Rcw@7W!Me6kXypRY`0ZGS@0C%1Nc5y^yh1LC4iQA^B_9W8bgZ*23R5Rs-Ysnnhb~; zTvNCoMs?*>MEZI+`hKY-I|J}`4jt})=tE&RjMs+{M3BurG$aNYQ-1Z8tP;l~sBN_H zkj;?Fs`#W}VFEAX-ylHfH8qYFAu`#at!{C9CxN62*aysL4nq1;wP)mG;E?$sYt|}x z&4ve!qSFq}Rm6BIco=iuZ!b~X0+{7npX51>cEm*_7(GGla@FwZIR08aPl!$ak155x z6;LO#S0nUzx+}H8r??0I;kPPHTAv3s3u~8cke~;ct(N|^VfhAe1$}CRkIj#>&+j7NQB|E$4q>w= z{+@q#WZ*YeW>0b|Z!kNys>?_We2FH@qNpQfdjM}st-u$`JI>W~!q?!UX!Q?(cu{#W z59^8Q3S4BCe7!+@1xYHvq)z^-kI?CEA;fsfUaI9o^ux4k_;98||1ehx%;h)nQ)`!=DGvF|45)3z%^65-|1qvCy?IWQXp5g-#D ziTyjCRs;WoaSxxE;{wrwS+eh;$*1cg4rLPPeH)i78Jsg=$N>VLd{X>wnG&x**9n%q zk661?|77uLp>1WzJsmAkNxFBnxn@@*>-1G%-ep~x>W=b>ul+~sqhDc;&<^;5(NK}o z#xX>!aUB(&EZ1~bjQ@5L+LqT$=N*pSRzbqo^qE&i)h;KCbTp>?)K04+D<9BQsBzx+ z*0yh$4x1k2R$A#1B~L?(*}D_7D2iWj?9qPE3C8Wkp!@2M%5&kmHs*FNQ1`DH@#1=%3cZmWWK|h7URt7C-Y`FYQ=|MNjBpYwz85(h)iI z@oJ_lk8f$1Xn#3XcDP~5qlZqJOyV(zJlgv;DFRM@Z>u}3fH@VuP|weEXNbJMeF zvRI!#2#&g-#iV+k3afP8?U(Gfq3w^*WZ$GiC0muMVH>!Y*dAp5r(kVMc)gYPSashF z3wA`5Y}=>XAd@#UQBw-XLnh=p*pXnB5FS5@FsVXD9xOgpy^VOE{HMu{nsZLLiq8;q zML`7(*C1+Ug1$%uO^qaaL7T?L&`ONQE`Oh%rIruti^)rfg03>U*Q=X7jYhCBGGfD& zUi%e;XuF!X?XYR5R#|VH?xMJE62lQWWd|wd6VU_fwbM9=4>516m>XnV;$u4wx=B_c z@u&orjW0?Wn3P4yZo@5>dH?2-*n5$^^;kZ{C5HJ=8>ROt#A&Cnf~dU%Kp;rarh?E+vnHW(scx314|A9IzK4p^aSABnewj3$ymEdKdpgE>C4#fY`hfE zhRa?9{I+A<^wKR8WoPTdU5iF7sk8<0cg<+n}C5v|z5JI@vEH4!qR< zx1%M681Y=~?R$Bx^$Q15m(v1RyUSNJX%t>dn>He9$ykowCLUSSrV6+x-0SUD zYHO)?7423dPg6XJOL^RX$R%!8t#{H`_s1Hr^oF@Qk}npA$cC$l9>pn17y!spP9_l~+LUT`Tg;f^~hQHVtLXvzR-csEQTJ?+(Lw=F| zihKQaFqHDv_nFJ9j(6D$mN%FBmgkG*jU0on^p!Mm5Z6C59uz~^y5EYH>J=X2;^+_Z zkhN92XL>%%5iFj_n@kbjvCgAwgxVb9zzOmbK-S>|gR-G&20>=KCSyRh;X`-~TMOaC zk{r`sZXri0JI6OIA9Fap93MhdJcgHs!##?b?cJXyAkV z#lPtyXZ$jQc!!LfS@&x0*}o!(;@cUqRJn|1IHJ>9MfMZKM|vO*<Sq#YvH_4f9=_Bg#6Y0>tH)8G@V6m$z?H$!{ zwS*pCY7^7~Q(4(y>c$&(* z2NzCtmatcI58>cJ)A|-m)oF2hMBxj|oTPToicZnQ!_C?#6H^>DSTGo&y~>EbeJPT| zSxKGS4ecHBiy}ns0o5}Bl_H+^#%!W!Px4W+N=XP@SA#>S0$t2eLQlWwtM`+vucY+> z?f2)rGKeJRJcv54@oPdBiBPyQIXP(_B=Y&!3WJ;1PF}Y!K(a%H>$!Qr5OXPJ6UUFZ zXT?ZH-aaT4&5=Q{U}HyXA%qF3{Jt)yf9Cz<(rm$op~ea>1^6 zH230w-@!J1+=L@J6U~z9qt`DVIZ$TMP<(4}V!T$(jySHi_|MoQ&TZ7cNpQb&KH{C+ zFk!M+PDypV#JEG-!;B9%34wl;7P#246Q5vXdLZt2$p$%8?2{4hbi*)INfXF(u8g1Y zM~t$M!e(eY974Ic$Lq2RxCfDT2WaRg4~a%U{~ojEbogc|-5@U~UZeBRXc%t>HZ6V+ z$-T3FKJBwbd+JFD!A^QxjsamN8p6IiUUvS4IaFt~W>6^*xLqx%V!aPSVbYv0e^X~n zD`8?nv{K1p6|b-ldnfzaurfXV7Rd3<9RazZ->Vuj0)_p$D{`Lwodk0H6fI?H$+wf4 zgRkpjBy}cId%6G0Ct$eTycvfo+YSD!qQnAwbA!+CU=&w8_`_pyC+zPikGOHe^0)VW zhNki$gkx>`hzy6Za3le#qoJ0M-Lv6z!++itiH3z0^nk)vXyJ*M?B&vu05ZJ$%oC61 zsS`W?8T2#=Z8xzj+M?m&$?{jX$-`z+v2K;?!jMNI_@$t9o5;~`xegKMB4fmzjM%2G z`EEUtN6Mf{>?N0!aPMEjdV&fm%@^vmHG)69ANS!;Vy&i)~fFL!WZPVDOSj*Rxh|kNH zNW_}ypG?K2>y1ah`}ImswYtAuBzIkP^{UDNrE1-CV)h-275McHxYXhUn^zJ{OMKi& zWmLSlNm_*$2;xvm9qgJA!(kxZ!DW&*T^wY@vO#)TqQMsItfV$d{@OnV{a%~cxm1I% zgV2^9@}hK5OzV}W{|~ip?j3NR2I^))Mhc%hj2z(e*)}xt%)FTAW#H%-$lNmTy0h$PbV2gdF)?fE4{78TSSf~s|h^(2`;Pi#L zob^r(UwTLhRr3maZ)sSr^q?|MD5Yv}8buTNP?+IoJ!)~J0@_P+*>A1$(eWnd_%vdU z34y_1h6BZM)3xK5Wl+t@HfV@YH_TbwcAuw91ige*Ew2p32S)rk`r`A)^R>owpA#~8C}PD+99v7@Nm0{n2ASExW@0+p-7W4)-Qs%N2|1t)C_boXSV9b~lcrA0QKnPHc_oI65<$X`8sCwpZ* zUeb&F64(0;`5jzO;h}o;`;BbN?SsKD4JDd)_AT`_9g{CAcgHeU-jM+_q9-QA&o@(6 zGaN#bOI>sFgU{RpJAXHj);k5FX6X+OXm*Whlv5wfTeCO({)ux*ufMMN6KIkMPpd;o`*US72$nU4$f16^nc{RIkcX^J5O1)UcO4QYGtfymi z60l2MH8k3Sfp8F3N>+G3tSqnnS3VS>2FrtviW^i!-R1*l8B)1I0&Rt zy_f&AaKV~Rd9EnH?Ya1)*K1-ZH9IT&Vp&2e4;vPa`!eRjFnJr@RZd(BS$E~(7o}r~ zGllL$Mb6YY@o8Z{k!oT%o=B4ZG|b0cdHwE&(s1K6KQ{p`$jP+!-wOspBn>GY(K`6cul1DL zrnJN-x4oYud>RFR;d)u>9M&Yb=N5T<9lAn=-+Z!Zd3iosI%`UQD5ZKT8o!SNJD!6jE6`i{? zLv8v5I`=FNAa|w;gH-)uQT^Sc5rLSUjUuz(`t|D<6E`n)(zm`3f{nK}9+uc&P}4hC z%rEX+itp;39dcGRs?llEV;B@~t-uCv#&)_Ei*&x#a2ru^V97rgXJUrbi+oY(Mn*aeR6${<4E7{KT%nZ{qq zmMrQGfT&-L@7ehO$Zw*LzDh}e{`--U`FCZ2b^70qsleYp{2B=wO2#1jps9)j{%H&w6kMa7;tT_w_XN1{Caor_NS6}zTXE7 zE@T8*1cc7`CE~h|tv?qg$S{|z7Ru}t+g+?S4wf$M9UfEZK&KHm{XyMMmWqg2^s?A6 zKzUAcBcKMFJ1@DkR<;k-O^f?TDzJZ<&cQ+GE$>jtxw^!Yjs~~DM$gw#mQ!xTfFngD zfcogJ3E;4$ zbppBWn{%}IO6CSufmcfi0}D(>O*^H|4=)>O&AR4?qNy|@gzWY^)!*&;2NfO8_-}v- zJMm%9_fsH+If*}mnc4*i%7k8N3Jt7$;?uay-6S2JoZYRs7RvKAHoeD-dwi7HY`Rs? zBG{PXI@wxC4_RI6`I!vj9z@kgI=ZoCE5H7txSZc*K=d;DU!g*~%L&w!@rMtUqOu6r z#enF0*1h$AIK$ZQArm)&H)NUB%=VEK$KY2j=1*1g-6@n%(AHl)7(66SEi54R=`nl# z@L;ap`Y6t06jna?xv--lvZd@e%MqF`NtQnRKu;`?;0&UNCdWV;!wwjS-vt=bWy0sr zdn^pGy=RXMkZk9CG}zsY8ixCret!&Bq*W+Z2;8op|7HN1lSwTCz;gu39xXbK!WO~q zPRjO?NLL$qVpG=OCv}+^1%~hY#8sA=i#W8;k60MPZk94`ag}{FjMXX9m=^{Dyraz% zi_0jhS8G<^$mH}?Ec=)?#`9_4Aw%ZYGTl{DgS-a^fX(Vo3SYOy3yv*}mve8pU}wXj zFfm_x2t7nuAM>U8?=Ahp%oyo5V8x-~5W)%gw|^Dc%hh6gcQph%J`&gi;yBIWx+t2J zd{L=G(GP#)W9_{Kbw54C-!`kjKPM+ysr%M)>V2U(^=kW_&)nbjG3GNWDdqSmhv54P z^9;U#S}G7_U~+z>#4m;6N*}Xoomn!j!-{TfTNfJ45`|u1QULq@T!sno>%CxhSSzD7 z)Pr_Abi-4lQquxTEf45C!O)Hi|Z zh|jlPWPkcDN-C>$G}{+A@gFidVT{bkflM#F!=tKK3E(EBz2h-Tc4-XQk!AfQ^Nq^) z{GFFsplhcCQ&$-q;)iB@IuvGAy@T~>DAgN8@25{32J7PJr|P|B69nwO&GZxDqKBC~ z?kLq!IV_4&U$C(lu4*e!buA21J~Dmvzhkoe(2+@;DXo1&d}>}tapyz{Q*EY+?c6B! zNvUM2Y?E6{u@dtZjJ!}Y2_7LaA3@0Z`e5oUwCT$%Sa)i& z3QntYM&gc>ra=|Qgvk|AvXr<0nifyMc(|Map~lT2!J&~syhg{A{|7Z#s3-a(v<%JQ zMT-G#!%=;`3w(Q~14BqiZzn0PEZ*6~VFQ_%8=5Yx*Joi1(8f8T=~~6%o6XI4GC5(- z64&q-ArXZR34_wB+U_F(4G%rTq6 zcz)(R+Vh~cg=A>&OUE;OM#7K(T9$qUk6skl?QvPDW)|KR;89CzD2n^#% zJ0Hn_;q7q^ge?h2f^FJ2ggghk4R!V`SUrMdN z4WyFy-SpjqDa)b)@sbbYhC(HsWSX+$-5ox>2EfaMXar3zoBdi&fN6K-OBV5F%{AP9 zm(X`AZ}f=qWpCfRh+(rL+#;|qJvVAH)G`N#9<=cNEgAw{o>`0@5_&YuH9{_?F--gr zt|UfxO$tYri zJODCc`Uewj8?&WG47TDAz|5ybX(&o}BJWul&5Wb&OTsu_eel`K!`h=IzdNU$2=INl ze8=;Q;6qkp(V0Mj)I{!46foq}6Cs(< z4Ns5IB_&7p(ZBpbGo**T-w7yFx87H}-bDOmSdAG2PX=)0`!U!}_Q(u($iHy&(wLGc zB^|v81W5uaIBN$bI)Oitx>gujcYlR%<5$&0;%2ydEev z%8WDDQ;eLtqT%_!B*H*+(V-}R@Z@iXe6^)dG(ivw%=}IL2a3q7xW4<**_4+iIcXPO}N2ZiaNj1+j!<21~Fj;W4 zIxX~iD$X*3r1y3>tddWD3aPR5lc}dYhnDCIIFBgeYnJc}boLso$-TO~AtF^Ll6@)A zKH=|(+|2LQf8sDu2C$a)7rel7nP7b=Phix%lYt1ubNHRZWK%FckamC*|tiay1EK((@Q+Cu~X1aQ=AR@fv*N_V%U?c7igk z??5bL(jrX1s%K11{Vbz%CApwHBW2=$``^6^iJ;};X{s~)uu9#kF)LIH#5hw#?OtPy zgb%?g!Ou1lmRFr@j=>hns2s?GOk>{{k4fm(Jn0$T8fou>QK)huJNe>89NvEjMB8&= zHI?f{dPIUHkH1<>jPlbE?`qONOwN<$cT7+Z2~HU9Oqu-Exg*P2TXYE7bmWalim)r|gsn%C+GPcKyQSZw&I+oM) zDUs$pwdXs`a}_-Kt_8;GX+nfBIj~3!Cl*7BdpF1dDk_@+p+ncLU&J$PJ1&fxy}r$5 z{irxKGQV&?CHfO3=V&4MzN!nTHqeOPL~hVBGmJ!HDE2a;tV#l!;acDoW|7cXYaN*K zGv(#6UQs#y2e&!^LZs+fS*QV0lzP!O>b@C}EUZg3beqHPo`{a|RFuqubH<%qiH-rN z{%Ph7ryb?1myC{-^EGsjqUF21IJ95z!UQ087ruPsQ4y0oY>k-g7?itdC*>r5)RZHY zuU7G3oK^uu+0PJn z;{}Z3ics+bDa!=07`2taFAq$YZ_X_V$4=%Mx^Lt9EH>2-SJ8!1;{(p#%L&!5)+v!e^AH5eXi%u@A$TE!*na^IU#`7muw-A z5Ii)K#%CaWbCk;&_i|r^Y$sV$V8#~>z*N<>s;J%3cA*Pp9~t?~HQ57C5?J7b5enAPa15$@;<4))YKGf=5A8c7Ahvt z&B^)@_3GYq(b^lR>!|MZ#>;(spjsv=tSn)N=qqIeEo~owiG%oI$XkmOAoQexCs9){ zgM(iS9ZnNtK4r5chA4`O3_VQU*oJCOxPQ$DKn5IRrX#Qc6@5Z?9$L z0MX663eHu}0Az@wjB>B+IghO7M?h*hukl6((GsHr`~HhuQLtKA`d&vq6dr#+w1R&X z&zP9%2rQ6Mm;hytu2Kmh3GGm*xRZ7^gVVo`Qs(B3dF5|C0F3_{BBni4MVZi$@K|2N zY|v7-$7hi|kAU{hTCC|VA7s$D2<23;gNprv`-{yxc}q&diHoG`)3As}q(6h1!3v6$ zWOHcmxG*n-D>7UX+bIhC0)Tg82xA0~IMT!%PI|;L?+PH+Y7%X>f^(%wRe+=z6;k(` zON}-4kxXsM-We%^Uek>lL6z|hcAjy!ubcgJnT11Y?954ns0i$r&w<+QI(|%nG))dC zL}+9u3Yb-}=^;_bcq0^Vu`@z8|7ms_#D`7T_MjcY!ylOK@!u_D>(O8l2SY+CNC`rO z>R($aVeJG#Uc73bMoh-4rG?=1X7$Tff+B+$QxqbL|Q$ieHK`gCUTYuwxN+O{+ zq%q}!d`i{panZ2MC5bfq&x((j<(m|D!E{tz{`tghxiAoXXiWphlG8g%(LVbR zubhF^_h43Q^MqUSK^umj=k96pd7o&9U%(58SVlk|TrNM^C)r+OQ8jbI8GA-@_%pA0 zyP48Mi7ULTp3OB@q8fa$t-CF}IsY&-Bee;{U~?14?CfJOVZfP@kbyA8Jc!!QFt~1+ z1}}DE1|&dfF;|ZDFm{!wsr+?x+`S&XD!J~RF5LiZd!rvlbmcS-75>=|t1y)Qj|vEd z;dQ3-AG+7dPK!CS{aa;x2o4L30!-)&qOEp&c<9F(P36(NK+ObDn|ICp>W}tfhvEJb zR!Xi!3P18DC!gsxLnZ#-cHk!5swrWbOHIqcx-4P8YKoihj*lvYKmYBo$PysGsIu=A zO^!%yE`^ds?Ots=Yy((Q!|{s@NaS8E`P~CD1NJB{>O&?YNni!zp)d!D zr@78N>4#g}6dK7ky=%dwVrK@2Jx3Ka)^hhHXfczJj93nnX_k?p<-jG2jjfHcPfDuG zMlhlWk${+nP=OH+QI|uWRX4ULuR0&E1ESQTM84TJ@idl}|4bPUC2jhFdNo=Bd;@$9 zl|>Bd%H`ix+9$p1>cv#<&mZJ#pPce3S2hb6se`LK6XAUzIfk6S@<*_-&;LPY&(j|` z%Pr(}=8w!X^S-D;P_~OGota1$vM!Ff9~VHHBybG|WRdzleHyc2#ujeZRauD%ww;${ z!r_|lT10v$pO2(dj}r&#O#O^LWjxCiKV`zgeJB~`^*KL=VqTji{(un*1sWzLx^nHM z3c(z9r*@L3jZ?Ui{C1hxr)#pPH;1nvey)M`Vjc1Je3d*=jq6hF`8S&uL}BVLeQ-`H zS#8(F9U+hl9k>ZDS|6>M_LiB)ASL_Ba2F7>xU0|HwywI(6noiy*3N|}EtW&Lg3 zt6xM70w6P5*qEzyCjSch{ZFrl67{UCEQ`td)Y%#^_;4Lc=J>%?=k>ml_1MG$@}OH& z{+h)?xm9NShfG0X;bj?4>!=GnxVg&44)v8&CFo7CJ|t7BNQuj&ONEsCJ$+yJEg4+H zVd}F2pj@r$L5BXE?uN;aSuR9b9WGR~yN3tzFGBw*eoUth#*HJWdoLcrpF_A;aVU>+ z(-+Q6mw&z69Q-?rQc(z5H<`tQ;I!?%zj{blS~xcSUu?a1G@E}I_up1aTO(C!mKZHc zQJWem+G>kxt46I_ z@@0kry$4c8ZKR%;$GOEBKjRouc+w8dpR0428x~`XAd!9ha-BP;fp8VU3mp!j@_C0a z-_0iLb*hV~*q5F7f~dgm(%B+NEi<3l#ZBqtGJ{L74TF^c*fX|q)r*kfIa4SFRg`lh zjCW|U$2{@+D2OS#GnyO+wbh@!oqsB60ID!_CSAC&yH}2Vl(#d4+J4i8tb*<4B4$27 z3&!Rh?DFRw;hs%pHqhbc%k7}I;#dQbVW@EWT&9XoEFIT^4rTc0!}?7e0B7*`eaVBAg%6}VIU+w0 z$K{JG|JAUye?eO&T0f$1rpQ9tv^YQ|t8&}vCf28pK1q#in6keNow5AX%NpWK)nLJU zywLPCvKm>Q=|7&x3h>boC6Js9HLE!RfRtKp%l+LP0`s+2nmLSdh1#2u>++$6^V%Lf zQwid&x3Zrv=Iz3r$CBB{WB&Z$=;?T$_^Ai1{>5n5V*BZ1ZDEFCp_+>|f9L+@`naV< zbnJ~B2}Kx`F!uUCbmzl&4QW;}`^1a}{~FI{#gwj*5dQ^c?96zq{o$UzNxLhXVIt3A zQKD?TeSE}HV=3L%qN%=2?Lf^n5vxmnPlmwb_X00|`;xhvXtOw%CgmY-xGU*t&sAH@=|1qAeZ<j@BQ+HcXN4k?S4%Ur#Ly|JImq!(E?Cp-Dllm zUTQ~5yWe`!nKfkWaQ#2-31IhCX?wlB#t5A?dkJZ9i@dhj~2_|asv=@D3PIEE}12RDQ=-`4j8Gw%XQ%tGn*0ulSm^&IZk7($S) z6k-h=ohi!LOA)$AtJJk*_sgf}`Uik7etcAN^Ka-a;Ydoh#c`LN``i^n*u{7UQal4; zYLtSaTYPt?GUo@94S9JYl8X8?5$753`Km+9`^WL9kX!tx@993Rm`)HVafSsay`k&F zCysSTyjRF6;g}0Q<&0A8d!LZmt;I3HD-ZeUqE30jm~@MRRnvSo06Kj%=bWNaEag9e zON3uvWQyQJ9|B6_X9E1Djq?jujuHh~2H0mz8*Uy}+NhdNY?j3s=&(PGFsK_qkR|n^ zXKa%>2uqNT&Z@(Wz_r<6ksKQQF?p$>aZjZUzCfbHw{w}9KR@sOdDzKvPF2q#oCz7e zio?P41~IUqiTzUuT76BI=5>rIx}nCsX0R;NqsJBYNpgnc=JfT;g(ZQ$@a)yjhvR;% z=yEA6m7_cao@Y!O4y_)a5e@IL9R3j)EJ>aKXzF09Q>K;W<}blI)|YBxChq5|m2YYX zd}4mUA=>h=k1v7XRz-Y8s`30UZ@wO`DPLUv{_VBxn~r+au>*z6;M)araf3A$tjC*c zujEU!3IBCTfc$30#Cb*%ZDqDqb)~v+t1)saHLI3!f8Z=#B#V4mdWD`~DkE}Y63Rv& z2<_rsbDT(phOT_Z?lneKkB_;fy43R%cfG0?)Jcu{2O;o`#a*O1CjmeTC4`dZYfdwV zho{Ef=9+du7pk8zUR+iM)hJ}SqfScw$HK^=0U3-F7XtazRPHa1Ru$6mSrPD|F_mV& zLvVa=X)$=t5eRWp~Aq&_PSD-ZK82@C(s#LlJk* z5z`-lmmiZT;g)Czf2NN%2Ty*hm*&brj|*9aOYyexdSqIDe-Ll$dQGR`Ak8@!e>JPz z;1xCo+X4cy)nzSt@p*q?s3UKvgVa@b9oJO;PLTJVH(17HkaBq^W|u~W88E%Bo|&g} zrNA~suO^dcF8;`X8+&Qh#Ph54*M|yC8%1;~a|*%T9Y|`nI#B}!(t{*cVXVP~jUMDv z93sK^CAV|YlAgr4O63iL2r;f2N^VXz@Ik9z**A?n6BY(elG?V@Vih*sL<8dz_amJ zyrIEDAq2*FL#X`yUmkuVkEi&UMb3@b*WT!K=!rAq1y!GYzia-B*0B%BJ9oNX&e&YD z-^};g0odcV3F@XQ{s#9go>5^@1CbjrHyJ|IjO3;&<4Fe9yi8~ybO>O<2G8k+wt7pq ze?w>rFziOb5>J0FDH~o6X4bB{evIixb%i?0X}Pl_49<|BDi%&>e3kTDUVRq(l30JB z^sbI$T!&%NPspABY=ZDbZC+D`{;$Odxq9&WtgRMM!ETfBxcy}CXv-;1Nyek`7hx{E zinyiXJag7*`FAWs2q~bB_B?s&`+fZc4t+O5+@zZ|CtQl}&VJoOUA!>&7Q|_c*xkf* ztQ9m=e8%b`@5n6Lgk2x`Ve@znS#wlh7(|s9n78?Zd|kjA)$?SETtxS25RFiJaA&qu zWpeb-gQ&J5UqtOFzLvdQnNlT5nENl{*tv^fI2Doj*LYkGBkjH;>YmnCN!mynb)>2`xOu2MlqV9Na_9IlTGgx=r{ zeH!b$bhLNF&+qa&xOrtC?**B&<|6g(G7y;vf`DaV@7Oym`PMo|C-|dL&f}*4_Tr~9 z`9bf{>-`{zd64q!Uzf%dai)SO%*JP-U&efCRO?magM_-RvZUN5BXlzk_&Epuo|wkrnsZ-UB1y@^n(v zH=>Mb*x8LxSSGAFQ&EQWeQZ#q#%rcpBb(k9!xGw_`BC04x;c}I+{HmSD_8+sQJ{mN z^1B9V2Dzg~a58H&5tw7jaquHTVVoCN;h>)x;tX@n3Vn3PA+F6YlZFxq>{p>Eb(`|F z+(_32;$5uB<6RMG2Z-UT-7G@btw+_Q!X61Mn$a)0}lhYCk!*5$z<#eZ& zd>Y_u3;U-5S;>{qnUMBx-urUNhI+EsefCP)$J)pfe!l1QTfCiknE@-0;n+=@Ib)a>o%VeHKRwhu#Z%cQQ7FK)BT>aBuA6;NE5%qFG^K}7A0j5_IGF}<`zZt zAH~nxJ^-lmDf8^7r;c8?4>fZt-ECba}cs2T;mu@3*rt} zagfk!qiXbht`m6y*vZ^aCh|C|Xt+9r-Yf&BKuXO1QA;SCd|Y#w^hahn#_p5)PEq22 z^m#mwy0AVQ__lojR9I@gBi6a`yn6kz!-GJ+Fm*LagOzo5M#BGxgLQzeyhq)Au$i7I z%Jhwv^niJQ=kDz|$&hFuzZ!}8+FjxQA1#ZHr*sG?XZaKkg8zho>oXA;{MX!HvL?TO zE(2pJQh_SLq_=DXor7lNdyh;Gv9o``)RgyhSK|}wC}`$Nf|2Fo%%ZjGUEHjtkTA#1 zeKRF`BW$P7tTeYqOR+we%Qvbl(FU#7!Y{=c*~fCh`GJMqjG@)tMqEl&M04yPw9`dY z99&6WXUThs%6a7LsHXUyKn_u3S0{4J?%lOH6%I>pfbV@=PN3ixB3{S;e+DA`JZ!w% z__Hr#y_uj$kB6jD9H8IC*AypXOrLn*t!?Tx{DZa!l!6G0>FvLWpi z(O5x;*j!mH_fyl_F2ttzaO#Q3aku|^Oc>dSia}pD_P$R)2X5ATAq1 z#d{>^Gv{&*5dgjM`wCN65JB%>wbQ9i_k5Wxh$%hWcpHD$w5yv!dRdT$ugu6CCl%A; zeBSP6mOL7~9GrO)oLjnxpV*}(+DnyjSrE4qr2=)*G7x4<0uUp zR$=1Ae(RwRbUqo)v}O;c%nSyd{&QnglC~Q+?EShS{QLSNEo+ZJo7Y;OQ+}j9SWH`) zZEO0}sEg{$b(07K8C-febjF_1nDa8^%r-vb5r>`n!|&vWf6vlK>{wn|CCmD33$JMM z&}2UZB_H>=9K;14jmL?%C-=2Iw6}}J4H{YQwP)z3==J4&fFzl~^%EJ^F%zS**idl` zk)G`UX^$H6-{sN8TzYKwVw#p+cf_y8h}yzNc33rvX@D&(OPywSY^%M*eJu8$(>=&z z=V8z1e)zp-lIBA^memVJb43LYj41q6suo8Dg_U}ryW?WtkpA~S0?N+$e-Tg|NQ4ks zuZ}}Wu}pDJFzInm!IirIcq-in3S*_G{l6J2w*Ln^)#iEx^`28ok@gc3E3q#lujE_z z$)>?Zo+NlCl78{}H02TTH}bwzpKgAx7MueRS@CcS_Wr+BsdZ!j7wYBV_BD5X?tuyA zn-&TDFVgFf+5wpEiN`fc+AdTSbvy<`9Ay?>Z?e}q>%~1ZtT1^Vb=R<*JHlw!{^8F# z^z`O*#k1+P|L`$w0eV9UDpvFk(@42stz~u{$KFf|AXy19AqW;=8q(b%5jccogiNdrpLFPUf$*D*yM{8pqHbYW2e5O zy{4~5&>rwVa|S$)2K0LFkC7m|6)suBB}*(r1Eu}| z`^Z32$ml}r=)n&QUHEW3ge!E>YVSAq z^{T52)D3>EmlP*W;Hi(tOU~|50t2+1^LGi?l;!^2FB4r&>aj`p6UalKtcH?aj9mJa z^dfRn{v=MqieYpCclKd!r%I9~`iw~^i2uld`IjKebrQRj8i|gwsnKfo3jw)-ph2k=8cyc|}CTS0w6(|v0oDcr5BFYVoQA3XlxegO1NJTJ8C z(*y!EU@BO_0M>qDF&#q2om&?T+KKGE7q_RwiC}{NCOj%8Y#4JAT1ygUPjQ>X(vfQh z?<`F~{yaBBqGrLjloFOmV(#z`RIo&f_j+gG~COC2Ty~?fG*!#<@lMm2Lp^n!qnI^BwM6 z;A^*@^8~At?n;3;A8|YXlKhAvWQ%F1Q1WTp^oi}WiKFAm`}_H{(P!a8CO_i_nDD&~ zvF!h9DJjZ>eaWT{P`AbYdbx0A+es#aD*8eSJIdQnH@uV#y{YxPw`!{gU(Edc8%^K6 zZ=ZW`F>5=sn>FJvqVtx1k}pyfUZzaWH8q8?+Nts z6B9UtkJ`N+`0nYbW+)kNr@BM^-NJh|{(0_WyElWojl!+dq;~I9CZ5mYD}HL9pDDcH zj|$3bn&lwc;on$fIy|VM7znfbwg-vLo8H9a_Gr{}rDFU)Pj){Uu4$KF9A(>Q>TQRj zj&*w53;M=C-WuUM-Lg#$`pyLE_PHS%C=V4Z=uYZ=U!9o!H0S26ug|^ne7+{;X^iH* zyiTY;D@}Q?TLb>{3f}P_n`}~{Mv^rpQW4iXC-36{B?!D4Nu88#$V*NuBe?wCD4|E( zKL(yaleR$mKYP0Mlkf6GoK&O_@}HDM!^xz|_u^j@b|q?=P~}?+-%Ue6_VhT9C7c2_ zX(rK&<+y%(5UA}k@=-BK;|w{aA&7wAqMAcb-t3=eAw95Kyw*4H&c%$2HQ`iK&QChv z$Nf8b+p&;wCYRiw($tb>Q9pzV{hn8TTz5U!q@?R2A6|TFwy&zhTIYyjKX{dfE*D7} z0@mci>GSjBd%kgz+4Yzwc>sFo_d2g7bl8hYwO`@!^+l-01RJE2SnSBrJ$-NPUsU9P zp7s*HTkW=?&t2wPj~W1t`OTEW9t~6W)E6=+p2ZtE&I1fial8YPfWbMxr-``_ zr9!MZ=tQYd!)#r2sYUse9yihwo6my&TT?2nUnQIwReMjCBt7golKqm-rG4rI_;wA- zr=lEOyfgM}eBJQAL z<=UIR5U9vOPmVI5SdRFAoCQ)8v$*dj?>*?hK(;SO7hf=Ldyw^0yA^quvormR;4H&H(cBi@>nte3-f^K{)mZvqLa;?hi z9d*c*J^R-11EWc`0VvVQ=oq7#IV`B!Jouazb*A%Qsa%&g_s@@2^TTJa+Y%W$oN#x38H%M>~f~w1A4Z>%~-99&KT>SkLr{ zj?45qrIG+UV><9F>P#3H7bMI#5-?39JK|;LU6I2lfkH#KtoZ?0m_DjkDKdq(kcG;H_$ZTX0}AP$Bu?^%ST^JhSydJu7OD4z#!;B$Oazxpl>`^c*!@+@_4d0XC$dOu@sqpbFf z9v^I(XJeqye!2{cDzuOinhq%!l3QlqYUztUyOZCZdG)gSzx+lyHu59$@*a>@PY4KW zmu7il5`#;#`6BpJF|B>dQ9>rg)dUyTrWYb@d8|Qp8L9IBbNdcwP?DG_A3%jrv4G2L zw(N;y|2H-!l%}1^!zB1RCf$8THH4lsZ~sJN1MUb{Cqa6lHLdmBZaI1Jk9% zDxb#DmKgUkxb2j1~BQhaz~(kGpTx%l(IuxD&8UWZJ8(KkzY$B zC+KeLTuXGF+40{OWgkq?*(>(Fsup8g!ob`Dl7#V* z%80OzItiNe>;IKX`_x-1@)iI@C{Q}v%08wja`&%xM_BG*og|(9KAm+-;#8s8>8(6G|4|syB8dHY;Jr0)^Sm z{$XWpzkG>b;SU*XaI&xp-LH?kOhs+O1yDNr?YkP6>8}Lh1C#!3t~Zb`p5$Z5+Hy+| z0m`Rg14uNG^xM^OtITaKOQZ~>SI>d~yYbBBfA*+-4OLCQDS(xRSwGFIO(zeo6bds? z{uiT0L8iiSKTP|eaXI(o3Vgoe;NQmiw&p|E%bE{jwa-+uE_U*ltYY!9iGrgXt>dTnZ%c}}# z&uP^yd5f@v%uSrQvYeO4he0BB%Q5Q;-9&WdJ zArbhd1~)Lb-Mv``P~Y0dd(mU)WW^3G~O$cqAd zW}9w*>n6$$1U1Kn9{R`mVh9#bR~v38McfFPce&^N%0lK>l|2g|i|yApb1?@B$)j;D zQ(!j0i~xrZaI7;GCp1=-ie_NLkQuUSA=uYZ4iTlxvEORvm>W&En!3q6T8n_& ztqbEif#r!%!v0|@kqLN_{H1QT%N-4#-#yg2;97y-#+pJfnd^Jiqrq9&x9_bX)~(9k zXEAcEX!>I`%+IjySBsUb!+h@Jra~Gn6R5`iCdOqINlOVw+h9QIisDlpE;6_V1uhD} z#6aOB4hO1(vr|WHZo1)DThYbkZAM}jnDsnxjH-;{TCiN`^GFWfP@sFV?=cEEm3BXZ zRrGB($Zd=w#atM;yPuS#E>Z4CS%bf<5no07k1;d~xM!byqmR+h79k3tnbJKik(> z@4EhlXzt97*rL~K=X}DeFa7+yR)UYKGcyH8$3I?A*$%#@4kr<1PX6U;uFGNHdd+Pk zlW-@j1q&PAw7BY2L@BW-ut8uy+0^CWOWWk6&*%wq&H#5P(CU2_OYx@vAmG>-tlxOu zBmA)KTm^UbAm5^QjjJ}wdvPxyFyVjmuI~|}y;+BZbJOEpqzNyaggLYvX;CoBM7&uA zyNsJowz-e)9!qgpUr0YBY?V~6XK4(5l((F@HS5&Nl|$pME?fHLXK~q|j@9}q=c!lv z*(3P<*79&Id5O{{zl}bnLi2J9gB zKs7b|`ua8+K2)O^<~0wOT5F3wNLdeFV>P+j>KnXTA>xqw3!m;dxSjt?IFlk=?82WO z2TJBw=2zT=SPd`D?uqgZxJGU8u7T85rSEEj_}@;%enuHH@%{0KTReMsH{<`DfKAHc z;fT)tpMbFs8VyrETk6!@R8>BySn16y-&Z)ahR2^|L9K^UbLG$W5eE44PH%QNh*jK3 z2o67frGS~7u)_Vcnj0?B9e;LsocEnvi$DtHr@J>P9kU_)8_XjyVB`{H5`M)VPVw!2 z*>=<|z8j}8?RePwxlrtRw%5!NHa~HHZ87}p&ILtmGU=Irw8UouIVII?Z$Dj zb|8EfgSK2W4QrZxJ3ZRGA$@4u%b52T##)f4;wcRil%$^q_1G~3@D>vf1L!tN^r`H- z#L92-=sRF2nIf5X2(&JOrD-ZMn0+bha&MvIFx*NyP8T=yc{GXEkcDH`M!BGU8?0V9raXTo7Fh#g2M%NHghStm0vlv3{B1gTN5F zMCJ1tF7)D&kYn|N=ZWZ1eg6xkfcky+dApS9L|LWBt%e!CJGPBL*a|u}T*9Jl{=KKs6%o=m{uK{`Sc~~=6(F4KM-(@cJh|I%k-C7Mwn>y zT?I8f;4aUieTF}x?035Cf}Y=d?%s5(Iyl8d2XWJ3 z(X??rzF*RE?Bfdmoa6Horv(*=t7njRk71C&63Z zv|$!?(QLD?8nLUIYh;xpl`IoyZE5BnGP~60{xC-V8l6dcsm~)Zp}+Gt)apX$*!kww zpwZo^;YrK^mYEu%VG{Z_hGm%;cD_jdUh+NqV5++Q3!JDgNe5d(SK1ytg|1N+q=5T8 z9ha<0UBK(qOSt_wy42{5Kd8$fpTMofJVjDt+{QTVxH@BA{STMSOqU``3!#)+loJ6C zxB?F}cy7(3{Fb5}RL-WC+%P)IF5CN$^83$Me}ahX8jDYp#3g;4-`|O=!ns|{+Ks*X zEk+yqowY0+QL>yS_(Lf`P|DAFLi^%j2l63Z<>MCS)?l7!#=^hf>gUA8W{XSoSzWtdR(#A- zxlJ0X+00>71j@~Sa+$R|wqy@;GpC}i;mCa*2|aiqUVMTA%e<@IPytmx$0#27eGX`1 zO(G-^V7tASc0Bd7_f#yTT2B`xW-Q0nW?}Pp>2i5+nbdkUUfo`^tBa#SZ6)@%|7?E8fEVm6s0ZGwMTGqSt}b zW-@>KJo0vB#NVaga=cx+O-C6M@_s)K31{{TE z(ulqrZJ#c*nc*T38DBlso*#1Qi4t__%HC6=0=ETDX09XprF>#$n1_0X@4xWlCPeFN z{8m7vHYLHK#*qNfoQUSn54BQUW-1t+hvuUbVUWG6+wn7XST>&7YEh(O3~db^>Clm1;2~^sw)~2C!(<8}Z(ZXp|#K zCJO3BbYC=^wtw<9%vq~M-#*KQGRDGGopgoN6ZV64SD7@%KS?e+d+TM5?Nut9^6X5g zH{8anx-U^H;8$RNkwBlpkL}Rgk1N@!+b%HAuY;w~8=Zh8DJVhxLjdp>@`41=^AP_~ zr39C10xkt&mpr&cfR7KTBwe@OByb_fU&7^hUTZW)9E}+6^vbR3T?3O=H>WqgAp4$CQ0?ON5az(`+7wY(F0TW~k(fmG(Xo7_TU1kjYrd;o*Rvar9Q9@Saho;0? ziob6j6_3>5Q8=fJnPI;O5zBvH1k9O_QdOQ|?IHKnoCj`9?n?IBoFic5+$5rr@do}J z1yojDqU_^*^=>=A4Jh|q)`^Arp2ish%G>EPXx9q(VPl+4nHL0Bj1or(T)ASYnT5Lh z^McSJ#Z~OC>yhds6+eB)+tqo`#unj9WVJm3xS``ewzg730|(wr#ce6)qmJ@%&K=+K z^U;wD1&7CgL?#vAUj%GPwdJ_l!jphqB)r_0O0ZckDNSACr#`cJ&)i4lX8b8ota*w*1`!7dR?eUkJAf)Zwj26H5iMem%VJ!bTXXx^XW` zE$MC6ROHVi8)0Vi8l8u9Deal^Y%H8<&^5V>Kc~-k@E9Q z6m!P5sULW9M!`yyFl)NU!;XH&ei6Nq+mtF&y5UEnVIHcfXVpTu_wI@NL%dn3BD$>U zSjV~hko>!O-^^vXcpQ17efkusaM$f4wN{RZbZHIWu`eeBx93&DgB*znhMSEo<6xY^qakRbKK36n|-sJ86rr3 z-U@b)qQPD0DO$s=e)G*k-`+rRX?f^obN&FbQa3K*nHcq~VB7Ds!v#YBENB>&AEh4% zTb?_~ggAMg{_5!=B-}ML-se&locIH=VE_HSmrzTfl#dmXJ}=}P32ra@z9*K%?sE^^ zErx;C;qmYh6OjE{YVgSGX~CuU>l&Kau)C=G8E2Ok*q!Fr(o77uY&6b(h>&>TU9b_W z!NkGonH$Gt9&mN=Ke+4oCj~NrmIq9p#1CRvX~{Q1Kgt_c&zs_6<$x+KtAf9KH3r=f zluGp#FMiAUuXTy%t(&G*qisI@YI_ci%YP!As+R@!OY6yhxX43B!Gb64YWrMYgOof> zpntDFVPml$g-$OQ;1#CkMhb`CqCwd6e;r^q0alUyCP}|e7`fCFAJXScbm`k|G%NcG ztzY!$Y=+AjnEDF3?>W`G<1SoSR8s$@Wi?xb@*=gHi@ff;?z$aQ9{g0Q&6k!v19)O4 zVePKWP864vkr}bbU?8SL{WQ=GOy2NV%QOT`;P4(dRIXz?r97FMRH-dCfj%{sXvvaB zKLJV}`n36E6nRwkRqYiKIytWKJBOXl>#J+|j3W?7I@gH_emfH8eXZTNC=G z`}jiuN&HLB$z_Ke-&}}4HT|LxMeAM=RmABQnoR`P`=dBuM!S>6|-r~KF z@hvBQg_uRJQDsAMKlOti4MT5p4WbCR68F9;ouI&nED+25k#D7VotptuJZDsZ5$E7rrin}b?9W6C zpNYKBD+v`NQhy(%%tWc)Ajrv+BOQ9IZokFRm^n|ph=9baXETX!3zljwagddl-ql9> zV6;fpJb)2rEY3pDf)JzT{pxR2fX*tKMwX%nb`{Wr`r1fctmaX_*EC;N5P|WS0G2e( zecTj+hGoKfXUiJTI3PpcVKIKBlgtD}+Xhd|J@3T3*i^*IcmuBKxBMAb?-s_zsq?3M zg&#V39Z1seBm3^jqkQx{>s?lZD)DSz;cdiFZmn4_ zbGW6Pq6Ti5c;6Z}U==h5>iN#bGlTs8Qp6dt@1@;&Ujf0fgin zBwJ=W_Ly$Mk!OJID8-h}5QfBa__;DAazZj>n~R(5sx__x3|5>dn!I^wCcfidlFrx{ zxT$g|KQfr{2)8{tC|Xa@J_}Vn{pI2(Fsc%$QRQR~CJwN!yOo2k61+Klv40j^4k4a! z)VjBITbk=AN++?6l{$}i`+LVQy=wgI2v~d;(UJ~*EVv4p+>F+bnm*y zOGmK=O%L?)@_%YSP^q`D6(fs!E|3Ev#1eKL8n{6*2LW#(!rY)v*4avu!q!yz^nnrQ zo>e!rtvCVPv&QeLvBKDRjtb?(NJCHQ+xZ;`PKD90dVdVmB22}R7ag!ujrp$dxU~|g z(J|9jElSN8x~hSECF;Cpy!7zU>#*5L>Z2H49IKFiUq>TE$8tFF6P0i;$e2U!A z#N}l7YvdL;V2Vv<*i}-zZQRrp2EaHMkL|?(z;6@MJ_((-ezYc{HYs@9T748$WEv@35!SoUPOQ2ItV*=dyTp+n*(r zLok|68>D|paK7`!i|-HDP%WMbS2G!o&rC`A&gpqvyCE`%p8HvUQw+x`ZJp-57TsuT z3kdo;hA|X=L+8)XPyWh4=Xz83I4JP~?0m&tU#x?Fwk50Ez?iUk(ERPIOKn~!nz5Tn zg}}S~$iT6nTE{m&rKg+IvEhbXGVpKq;^KOj4#XtdZ{E04;r9)gC-jOUEtywt$yG{L zw1vxS{^&7hn~%w40k*c>_gU(E>UurAO$~fm`tzQA%j+91d?rJnrIN%d!Emmlo<@in}_Y zU76*IMi~wA?|B&YQLSJ3QC}#*$b0e3!EJ?Ye_m&|J=4aoqH@_-*EK#4> znGC!D{Y&0EmUG#7*rI8l*F)c>XncmW1}W9az5$vlE`KMQzi-k$XgpMbKyUiwJcsmo zzs+`Qd`$v+AE`bJOO-)pg>wJU01DXYm=RN{*8W6@cZfBt?`i45zz)M06wM+0Fa~l4 z`aKXH;zevmQC%s2LdGs7SQSJNR}ND91lGoI7282N@8ApKe~ zG^Ys$rnw%00Qu!R&OD^LB|8x|v(TO9tGKXhNE!9DZTu>uNn5cFmm6m}ygf5&H`&nr zYEk7!ctiG90Y5SzI8}Lokg0f>m{M)c*Iky`95@rd3-W7BgZZ}H=}~QRCMd{)FOFH) zWXc~u5$j4i!7e>j@vgc`{r8!t5_%Vjm0jwrexnl5z2wX03!DPvxyDfel%CYhdfS)o zoAz?^GxflxJcf^o#};C-25oV-(--XqOPPE94S94rngR74e=r9=hkDt zJFnmPbz-)YDHHlYb16LI$FoM2=}6LOH$yj=aLngUu>dsKPJu~}rYdXJCGB5lTP4k7 znOf&|t>sTLFF#&&R8h=p(*0?5Kb|)z^jh?36{gLwOvmp2`4-lnvj1zvz9kD-z zwa;*C^ecn@PBNEn*(m}&J~>^O$yRhBRpb|Wh_bkTlEV)F2&pG9%F&rV(hJTutKOV>R+6_1g*LE?-goCrtLC&JgoR}6Q`mP<+RS5)90S ze^gnNXL|13*lX{kKlwz!;WKY|nhtp?MOE)l&#x|qm?)P2OKW>*QV#W&mKByNC^AO3 zJ)zbbd8b?44-WKumSS(wR-RhkBTxQIyCzO)g-f;w2U^YMCp6qp_B!eR7gp=YR2HtY zengzPIDo@cWF)WcDs!mXD*Za!lU}&x(CyvWtQ78s6#vKYbpLW$=HXJFgtO4MIj7$A zHL*Qc-&=C~NLOsyIwslUY{r5Wk{Zm(?OK{XsWt>sNoMHVK><$y6%>(`8;Y-Av%@}U zlW6ysZI!4xf33P2XJUXmHbHgodiO_**sOnzNNZdh4F688z zC+3bbQmYxGPFlm>j}3jlTcT+nV8Dr5%AnMyXxR5a4ORX)8ZnW$evtfec|rtTolXX4 z>x!VGNLjv31p=aJ$Tp}q=R81PRkZ6YooofspOkc@<-Y~APFJ?B8|rF4z>)hngo(affV>e{81nC>;A-rQlQS^#vlgl$l0)XEIOZ^zX9*FUBmw9MRoT+-@a*rt4S$b! zXo0Vv!<%oyz*=$8<+rg=!ioFTGsXQ1u7hO1cV@&LDvZ%gn_DF65K`+NCYV}%Ev@be z)#Y24<%f2$`S%t-$T{pK`wmN4kGx-?=%DH9uIGcu*9O=$PdkOLYlli8=FjnA#FlF( z=#>-b~N!$&PA8O`hXUB^V^s^+Y=A(nVn50A4zZ((XSGZA7H8(c>Pm5mN~ z&l7V`uR6u0#_4W($zx)KuLo~A9Kh`Zl=Q5Krs%$Bp6$6Tv(fvx6V=f(!!LX-{iA_@ zRzmO66*?UEf=D-J3o!eV)D}uJFt0~nnn;MQc(XCpYzW~)78t~280ylCOG0h?i=0T6 zSZ%!xy;*u2RzN>@jfbH&C%_6aPRfe_HL4jzvv%%2CJC>(VTko;Yt|NGNCcZ9EhTqTL^*`4|ORvmURMpc7KO* zqUVB%K~1ik>F%coTMAgb0|ei>t)DyUn{L)F=bc#8{DN3j$MAV#K+SOv=t( z1xoH|s1T7*it<~3ex|Coj;|%9e1wJ_!bl3!ZmxG7z~rNZTZEbLa&u1^-*Z`!Po{)h zW*)u^L8$U;jGGAB^5^K*`JxlFVrtKT!5+N4r&@^%Ow+lzBl_t3v1w2O2fCOWH(_92q;bYEzuj9kJhO>0yck z;er`qoP%*z3}#GSZYK7|5d;#zVA}|0Z@3fLK}GYR)%r43oBaimd|}qIv9*c6+}Vq+ zYzLmCFMp3Ozx9~ZfLhz{ZK-W|FeNX&(&N@(U?uXW7it3Z~BPh2I5cF z%z)x8+IF!zxT<+}JQd@+Jo;}g@_K>64_e-vX`%Xq(r$+fHOFTA#i?`Kdiq~}qY>!# z`>M+7?`Xg2A@|>Jl7ml#J*2#SzVObKA6+NN-6FRu8n9W)BDp>hS= zeILxQ$Pba!_ue(`zzpmQbtp80r0vOY4M)<44fY_92)Y2(O)sS@3z6N_pd1P6!%yZD zggG%&SVq*}^Xj4AW(`7dn~oAX=-^&XR;-^Hz(*s+iocD=B8-;Bn-J!(GEba`)#qRXV|ERxGx?hl8>el?_>}YfTkZslt zEXr?G*`qVNrPr3fYwQ%*mN%f`c}KH67@TDvTa70D@;QX-ps`EmuO~d-a6iW1@}e)> zHd`2mY^{W1`0q>e!9o}lz{@Cu6Yd6b#{%iDl93BnB=y1_d8+|S$kh;Pb3d-M=fSyH zHOVxywomNbQlYT`PwDnPtxjv%->Z0A=8lO0BS!$6hl1>Ziud0e_*_*$n!96nuWrTs zTl(osVeNC!(GdCj!KU7e7%7)KdIM2T}^Mv!+%))=I)>cUqE3bGzle79A(=tq+?iWl-FUI*y+{uUT;4EyXgPU-x5P3P@8`UT?|FEcQ|-JsN4(>uu!t z^08VLm02y4rzfMYu?3v^n?(kTod7po-F8RGEu`;C`nww=!(UI6*?M^Cs91=U*{mt3?0@?DO4hw6TQWhytzp;yTzU2OX-DSuL=e8Z zKC|_$UIov)1ioiE9@lTFeUDl4(Gg1$A&**r-fShBy*zM6-ea9fT9}trtX5Q%azy%` z?=!F~J#F(BS0fzb06Me>GmZR3m!wE1#3Wir!au?za-@Kwkn9rUaeZ3NK4VmnI zvG0s$&)=%M6OC%S0Ct%Rfu<9__X0gi$|QX+K`s!)^KF;yPV4ln!<)X(Aw*8(WT!C! z*I8%cHpRN$#iWuG3fJTV8`TZ+mGlTW>oJ+xICLvkF@U}Ws;s3I+(Sx9_zcePxRSCG%Id&To|47vo7mJ zZw>n-oP#dOdJ)n?`$+;9gC3>l^8|#)GX+vQQP|8z9Sc< zp5!3a-&D^E+kNd-98GS#Na7h}?CAEe#(T4sNd5d2#83xlyrBDGzbEMQj*f$(hMOW-5n#KfTVON4Bg$` z-7&<##GT*!Jnwz({eRD#nSJ&-d+qi8uFu-qA7e2|9qqRE*G>vIo{hfX+!*{(^r!?) z&*m+Z7UL^(#W;JO(-O!%6}0XBFW6otf=VbrZ71 zXz4RzCcVef;{N^?MGF5$^s6SHVdM&V9}D~KLl3+?guWbXEqd1ct@b)vB@5_68%tpw z+2f`C(cPo#(sHG>TyBh1w@UmFfHu1PZeTAA`{tHnQiVQ91Mu1Hu^f4O%kXKahkg<4 zc)As3A++BkP)o@ijzc`DAlpC^awTJ?dV~#YlMFa_a=u{+q!;kJ{yVr=)9>uowuYAH zaBmBpRiYRnb~{wR(vU0vUlu@s_)y39p>ZByi(%X5N1Zz$wVukd6;TzYb0ffRMZWq` zcYRK^Ms_p3j)X=PxhI+};aDR5GwW4|$ zBr8^-6Vdy+;pqci^A7ZdZRww){D9QsD;$!^|L6j!5f{i{m5$r9ixD9$K;i_Q z)NsdxNRD@@MarOzx9?bv6z=9hsOO{OkA zYWoEHSG`_8ei(k=2XNK8!;o+Y#UI_w;ajoQpQY7EK;BQkp4$cV$$c{++nN5po0^y6 z@ak002`QD^#DHYPgoxRcOv!@+W;6GL@aeiY_^+Jusi1r{^g44_4Ez{zI*GCb|3H$9 z{+_5l^MwWdT+I9u2i_iXQrPL=fMy+X-RIHaNl5Nmcug2k#~Y^r_L4W&872S>hx>^@ zStJ@S8BHqJIx|PPK5|0#q-UCh2+*|6fNW8h1@>j`I_Diqk=?MJTfi}4?zgmDK>Vk{ zV{CZyed5bJX|QTRuXK5N+q-*G;Nwtfx`R~Z+g&{#ldC1cgSY?oEom|=Pz7=@TRvKx z`;`qi{Yv91=LGmNtiWkw5+)XaoEz_4U$6w;QPnq}Hd5Si;y%~cEcn{5a?AMFXFZ== z40)C4F(zV`y0lo6!^KJ5GcUEO;)BsdIc-ZQiL7!pIxq;8VKaL3^+qGbH3_M(bz+?Z}^7R2*YvgVt}>z>nZb%!4T4 zX${5U@OIpC3VbgcbY(kPQe*x^>y+yW{dGM9f@u>ix&ngUX4HJHSz+dw@l}5W)uQsJ z{TpaGyvXD|Z2Z{);HMmo{;aW4*gME4lCGpU!%zuTTsmv2Vj{JWvu)^vtbI>$hL|Nx z0@B|2Fuk;j5tuZtiue;~rcaIYJC3MTyRi9lOU32!7|Zgxog{Cn^_@Zu zTa(@uzEkS*d{C!l- zG(1i?om{-!JHj>I>tczH9WOCezt(5y9qr5O^ctXoOaHU{i}ojawpX7XoXl~ZwgWkX z1-Mf+A2fVzPyGb#x24{GU^e@AJaU?GUc0we+YWyRF;8^gNk|!B0Af@ukPipr(pOiI zQScZSk&>OSloA#eEi3>;{n#N}(y~qZt~a$!0D_JJii`hYmCZw|MLRWUq<(5UK(x&Kb>-&xyM{fo{HV=3Qd@UGi%#w21Nu%#~TLmwFC=hjyES%UW{cZ@oL0l>jg$@bBi+^65O`Nao>56aeid5od zKg_Q@FzraR?#+XT*v+4gCQ+BmYl&tEDV@k-joS1Yi+0uOP9&_T)xmnI3V!gSX_(Yy z%gcO!24?0YLRR^_-vSo7(yGGP8R7_XYmjP)oC+i@`uGN9X^5$|>$31!VZ1K9F9uyH zZ-;RlD#lL#Pxz1TU~M2@xd@_EMree09yiq;teze ze!swdw{ZZfSV$Z3xl}m0U0D03AbmPue~$Ed{9SsyT0T+Iz|6X6ewI`h%~Hv9-$9}#$HEoA#gvF z@?`j|2dj)f4oVcZ?|T1k=nI4>4A8MZB`)df>)!PSCK0Jg64kU^t4~*{puD-3TF1eg zOE8)ipWeWD-1)1DVlJ?+h@MD7-@E(Y{^HNC=w-fg7l_DMoi6rx#S)BL_?4{(E&gqm z>Dcu{uXu@lvk$*x2v5&h)wE+jRY$~}Pdsdo)C{AnNR_ytf5HWTm>ZRce5+To0e7*+ zTYEc8#!zP79{Vi$*K997crLbN@i0Z^Ayp|uM5m38&*tj1PYqrMS!P|Aouk>VzW%uO zW&Ry(L+~26bBw&EqrwMR{>XjnIH8h z`qZ7kvO(5jwAAvpr23&eX0;k-4vv?O$4M3nw^+g*z8(OIg25FMzQ#N(_dRo}9;@3u%qV1v!#3rT-sKNQ(H(A zWc1p+dg$MTa;zgkh|_~%Jr@`dB_k}saejVJS4_2;r4>wX8rhPDOO zAj66(ul2X*4@Y10FJs4L=tXr1p;O}uY;9fcZm?RF5nFdWe6e|#2rU)mxJ5&KUtY5| zW4d_tS_;DaQiaIp{lS71p~!)*4@Qxs)wrtQV0dTdQd={zKJB#-{ds%8E~EnvUMMo< zGEA6Azi4}Mk#VwS9MD7;J62Fk^bX+pmTwA(yaXg}y2l`gu;tcSdVhz6Kf!j;Y781R+q{pH z5@q%}`39AA`@t{GKBQUh84u7cV?Bq4Zzyrgo0ub^J^cDu9^jKtf4Ule`(LX0B6sIG z7~q51S-9Qw-5nkuAAXI48T>yIr?0q|(r1Bbe>DAl$&UEiSK5z?`ZYUz_b4uz{q!q4 z9V5cGmA^!+NsgxKnV+|4lyq-3;p2v#;;F1q*%m}HTu!8)8zetq1^?OSlwLk30Nkoo zO?(C1K!mOZgCDj6VSjpvK9v@KPJe***mjxIzHRo{b6C^)&i>-*Nozwk2(sDE^@sIC zjj0ToK8?6otM}N;QIXdC$$*(l%UN{XL1}Rzu5!`Mn`1c-?)`)S%bL?hUvl>i=kw?> znHgJ4*B%#>zj(yTuw(t2{$nV8mf2m8aU;Y2ay^8fY`oPLonj^Eg)gLagtzZb_^oAU#Rj*?42<6Nb^y@v=)$I$g`A6NcR=GEZwn_V3^;L=!tphj`_ii(-33P~`QK_&ktmts2?II= zKnYZl|K1n~zfyiq6{G!LsYpvUOr(Fi7s0f2|ISyl^ zhs*<~r_^o}L!?QvOKaN2{OT%I@<8inp=4HC($7knsOw3C4OdBXAu|Gf6XG^K?!wps z)Z_WhZ~ZOJde^SLj7DSXcX+GN_zajD)4{F2e2t_ylzzB~`iKnJ?#rN&I7!5Jva1?d zsv{roy#K=)RodqMOA{#0^3?Uaug7?i9PB%Nx$UZKLH3>6Tgmh9un3c+7$YRGn^s!IEaTq%LUFRD0 zm{G=8Zm-9|2~r5k!$1zx*ZRlh?#JxF=Zl1QO#su&EG=ASePTW{behTf(sL83z+OBV z!nCtzsj*}G;BC9@st};Y?2nC$`448XOwcD4-ptlGvO%qawL=3r_G@6pD0|Y=2>7k!8O)(6c9Bz|r}@f2q-Vp`q#@;~48diL-o&~0GvZ$;U3 zh`A*?Nxo{0AA37W1H~q&!5>9$MKW(lk?){UBeK?Tqkgz`^_Y+56O77my|Q9~>(X&( zzY-j(#;I%fO|_5N=mdD?9|%brSuC#5h1|+4 z6gfLyk)qqDQYmMqGYL)Uud^U1R1i)KxSo{Lq$TV-^5REvI~=uXQa;q>rIiUVCHc1G zH+`*jbw=deMxhk_F0Iw`)e3K4R$XjYau-c#P2!DKF1mko{S;yK>~UBU{d)o*f-~2I zaEjg8lq6`t0vp;+y`l6_6J3y7%=7bN&oB$q#?bJm9#RcdA*X)(C;oZ4<~PexHHwv= zphqQm4dLiq;KOziuOjKA84df)I?p*l&xc~mhIIkYPX8pge^rz+Dj=F|uzvgilgj5z zWEy&t(n>0(WR7%Y6w*|c{-)+_#=jR92~E6kJZ>EB!TDb0!v$>KQ8ft1%)fO87)aDM z`ni4BjGOKb@@^Kp?nFB;BO8+(KdFu=BK{B1o2%bWtQ$Bec4nwX<^7lb%%upHit2r- z+g=jv*dr=$_VoR;%+IQ0@^fGj13^sPzs>nxRB`zJm;8P}0kT(m+IPH6QfVw7*}id` zxGiBht^>=`U9iupZ@jv;)$H+hqyE}dYgYn0p^wZ8N;m)H8^q=!-E;=UxRc!tWt6T( zgg%{5@v+uPT(cdnNXK}N`YYlZ_E7`x!iD5qNOdo01(VoIpN&W?l|0m3$el768BR|I zN7=V@7mGu0lg<#9zTCYC`2A$eu{z*A;Khb zC6Ia2p2^P{><*}2?LhDM9IG>QOw?5C$)D3>#+Ne{76~wGNRy3j7xq@5<0aw8z1c`u z((-Lt{r88QE;43CCaMr$YUjH_HGg!6;0ME;2Zr6qx?1l&;&8Mg&ScIkri|#ejD-&O z$!<_jg(qA1%m*HAsuOdZ5J8o&e?|}}|2}3%S9G|((jkOuWT$H=+#~Ebox*7ODD^AP zBi7(CRl~Ya6ca&@Swd4%haQ?nBs;EfoF?eE|Dl+87gL}z4LdklKPF%YqV5R(BL!!J zfPUWMLzajx$o28AK046UPdZ{TWnkKf8+`c%i;$wZ(Jq+te0YQ9)r-kjwgRN9`QA+Q zyYL`t#KDz9 zpmn^Ul;^aSQIbH)0f01+S^?05>eu$niaES?2)Dnh&i}Ttv*Pvt^EZ18w2;xA?pC)i z;cc{xp534ut}Ecmpc%qOPx|p;s#}E;(;4t0>vaT$u|5&OT)S<8Sq#2ld!8EDw^zDx zL^O<5tQ*fh#kK!qvt8YyF-mdMx2MjTdK0@<00j{F&@yh`{*) zIzKs-N8B>)+BG!2=J@eqX9m|=?)Mj+=kH4x4*fR?b;;tsD}M;kW`7h=7nFGqb1j1X z-HhNL0tvi6GAoRTPp?9MI{3QKW0XSn;DCSpg}nF^8XqH)>_g{EOwqR+$6|8`To`>X zWQSd&=zGqnIvtNQamYZE7|=m=KcXXDZ3wR(3DQd z{JW=?c}LWX&KB@R>REu;uWzhRq_K*1fKVE|6nJ6E{4|%As4kN1z3y4!j7`>IMM!ye zU)4Cjb2q{z4(TP+R9=XgNFg9J{3)!Oq?~rYP`H_aCIt9qp~S5*Rg_aW_Vz_pf9;SL zj)RW-AL&=GBX_dV2ZS-Y>t4#eg!dw=*nphDoWNnPOz=Ajpv||IP@CTxh@EI19EA^} z`2x?_i8f;_>}NkRco?Ju^+{^7+<;li= zT{bevRK!7^#vR|A&xp#^^D`|-v2Q&HxvSaPEV6I5s(YDJQIqoS)ONk(Q*Ia^dlOC& zs!ilV&kvsHU>DI8xQM;#1j9Rdf8?7>4n>ETD;pYmF~Uf^73L&p!}P<9`;WQpUo)Nr zb3>)sgZ%^~=1?QWztxkRBL(KER|E5soJ!-5lCxzO);JY?z39H5{ZtnfLA2VkEQo`; zhQ?hj_9os=yyCK$fF$d8f7m(gQz|=JECb#`GWBMw#Cx2qjRL9qE*rpq-Rm z*GaQavFmpx_5#zhH3X$ocKOQQPlL(rfj|DTmG{*FyZYInVy#+_Ac&bn(y3W&1CTOf zdl}4lK2{4f6&rjnr*m^nTi>MW_|tk6xU!wp+!6FN*oltmmb9T6%A|%!h2=JIG8C1m zdDiYTC{2QY_(XC{{|;H^!AYHu&-evg)(|7HN02C2SuZmXX^FqeCT#eyLmx$Mdsy+J zkn!pVMqZJj_0(upeDH_D!Rx2xBh^qr*dpS$&lT`s*Bt>isEplF}bC?;xbePcKqntnlJF z_mj>Rd}X{FU(Zvs4`*7l^Zm;k@zb`M%y~Q=NLdz1d0Cg|?VSn`PH7-YR94#Z9VDok z;7@GMy1HkxKl!)z8+m2m{>tyy)x=(pC8w+1Qh8M~bt5R8La9n>c;<;dBFc6mhv?9;m7D0sjkj zRKffH>?Y}q@;|>7l1KNgiQWnw8pV+2CdG1!w+zX0Ed*`h;R}uu+){pUWep|Kf(%hz zhUsqu6vO^q0#a$x^Q%~ZU-u0tiRoTtt|bj(IHx;c)Whh;6r>Bv1LCMX+4JI>{@vNF89)-XJ#a4T3tdv z@E}vTuHdiSCtu0!4dIC`;P(%pLlxRLVK8*16u?fgps4O&?xH0U#cg1JDEVt(!_dRU z*NvXBMx-QiLXXzacILr0oL95@3kj`S?YvQ!FsogSS8TnS78_?>1g9?xd^uxShYKU{H=@5g$kL& zgzFzvQhF18?fD^#$1hq(ck(Nqi~L$)t?Tqq@UD1gXT^fjFE|B~u&X^H7`Kq3$pBIp zGWAr`zqUfmJhe1AWtrd!f4f#WL?LDjdUFWJ>@=^9`wh>_?pn#fvORKviev>z6JkQF zTMW*=kk6fI7K0px8l>L_JqcxJ-$8^r{CXw!0`Dh>yPDB{(Dw4UO;-femXIQca6AT4 zmTi1v_3KiPmm7Jyygu~Q&mS^&wG0bie*2vCGcIBrV1o*Jc{ejW`yR+zG9Zc1Ia~5{ zt5M@#JY+!r@3^S{f86}bTR!2jy>*2-&J9Z+oDJAM~xoNS9Eb^o1H zP_;1Rk=20H4$tktL+(du@nmppsRA(&)d`*9-k~yP=NCt{V8gIqaf7!oVqOEk9#Jcb zkoxz!i)Ts;CPva7^m)Xr#E|Wz+UO42pjHV0yb=!gvA;`_k!M0UZn(`%#u9XY*NfyE zW-d95Mnz&}xra2QFOdY_c;6}3W$f}@vTi@~NI~o^*E^qT@mBX0f}TmLh%MSc1V$3B zrytm%S`!-@=&{8>sL4b_L8GVu;YeRbXz^ zX@ylh9P>oQTCyRrw2$Ur$L|fH(eHvd=$>9Y`xWuKe}-L7_D^)Zx$Y9gJ7DLoOm4IWbOEisz10%~M>gjdu`Q$6ej3I-dw z7k)YT%>s-MK%~ZwFXU}ekEFie21^ib<<~vloq0awEOziJNAo^z5A>nwsF1sOedF(u zRT}56j2A^`R_~rj#k5IVG*A6 zAzNy6heu%us~R%QiUk@g(wokDWTsvV-~=W6jaC_IJ7B%91ui`$>Y-NHPvom_s-40) z5b&=A({S@gWgl5xO)4ya|%Yv4MDPMq;S&PVuA|PTjh^R>G#rm%SEKA5<;IJDTlcDgC zSug2fvZIFQEogQ8InG1DZX)cvFI~}!JVG2EIWzhBMWk_jqZFoLWO^iC9S)A$*KiQ$ zN}q-}g$Ug@_D=V~R$UP9FRZ?49bZy8g)5FgG~tWl43bP%!wl4~a&?Acwrez5T2l7P zU@iSqo^e@S)H9Z=q#D}=EfwlS%3?m3s3xi`)4w^Ys7B}GV0r96Ky6v3Y6uMG6a)ve zQ5!t^)WP!1wGL=*REIo*W)>jr5%s_JLB3s{GnHC8T5tDrT!2>yih|+F{DFFnc$O!I zo8l}O@dba3>=j_hjN8^v`p9gYK=aS)uE++0Obc08wT6n*iW#&3TB5km7D#jaCu=*~ z!$-YRsdtVa|9lEF=CE7Zq(0t6BQrg>i(aw~V4!A$|H$_K@N2WSQ`%%A>o7Gj8o8o} z@OrNCN`hKryY6{=KsGtkRv5!|d*r-a0Vl6QAL)h&^T$$UEUdxt`*RN`y%HbXnb$0$ zN*ja!?N(`(-wD_#*<{raDTr1J`=LAB>yt6=7I-P=9E54eMB#j1&zGP661SetiRc zRWu3PPXL3F+K(wP39eIqOki0&%>vr?1F?AGE(&dz z8wY0Ba7H` za}^728jX_gwDQg(Zb3cSz>^_Rj42y1O?B8TeQ$F-W05RctZ#OgK_G_bo1wKnQ{$x7 zN>QOk{&9|_T~(3ZR{R@b;nR%o=Y`^(jChYTc8|-Mie^-0mL<(`J<-Vi7}!8ToCvkr zb>@wNUou1sv@wKu%j>X&{I3YCL<7WR&H78wZu9Mu?dbY+v#Tpc&WpykPdD?QQ+Kb} zK}k8~$CtA^^;OCVG6-=hfxxV0;}y^@NP(*0Dn1C|T6o~P_lOUjAk`Y&9ZD5iqVBlS zKAQbivFbfwa@|-Hq}1kf5m|TWr=JLGhfI$MB5oIUXLU6*P%I)*iStEE>-#ljYR#`= zu@SxmN5DD&Ep1!^aZ=>%C_qdAF;;-QwB~bExj8xj@#k*(-DgevrU2sXNY?>PkcTHU zXD+BZgjvbH13^^>J3qBf=ubsB10HQhFoJetwt*otlZs)fz0?|Bt%BMMv|*Hei3zXZ zteC{u^u|SQP8bzeiHNs&Bxd4Njg<0f+4Ur>X!~Ai#D4pql`sq<+lK$=ti=grYks9V zjCvdA2v#r6M!YC(aVWv()%Caj;zX8Yd-+^Qby#es_m}%Z?DOuVqc!uh>bW@X5#jnj zn!1MpD+U9Qx)&5`Sg$4ChgdnQLAtu-3+!XW_Tt@R?jQRBSAd0IEI{m+MK3LzjU$bl zxN(1>?v#qG1Vx_8*gPONNj%jv7Z)S92Pt&{&HVRtE+yzcYX?Oc&I^h1a;uS5r;8Pt zP3^41$l-J@>&IF9I=3Mmzq_S_-N|sG6c?Gcq2W2Mp=%Z(&qw6Es{tSJD$-S)a3kHs zXNe5lmZ@5*ng0`rM4xUpGg~TDkfH&o7L0fVUEjlQ_y*&}*0>oEm)X;$S`0@Rw6FAP zEJ+rm6%2*p1Uz02RAY+3r!8<(nrrO8<8fg2!Hy9KmW@ZL_!Sj4U5&n0LuzQA7Mv!Q z8}a96&)eCsacsfsj~;DXOl(tO$qZEb$&4yJ@3Uu9pss|swN82P#ty%HU)a)xp4Vz^ zQnfsNs>VA1SgyoN5@Np`J&lY)x8Ck33?oZ+4z7^xBGQ!an~CVWXc>#_>VTdjE6Fc!5bs&Oy)+V2{*2-F}!GJJrMSWyR7UCqHA3JsS2`*07OXhL29~enn8} zsL%C%;C{3dm@{^bmc`}10+1iG0C$zA0p&_gJw`?Ft;8J8zbz+9-qp6J8hwqEoef4N zPmX3XuUugjoMMA6f6sWqh`kA`$I)z$)hqVlR4o7(d%j!I>di#Ju6?i1x?ffvHtu_H zN6=nGrfC`&4ktQl=pphr9%3KK3cAnuRG~it{`2Lk7AehCta8Cr3JNZV9IyRPHRnin zDTsG~-lqYExECADX>{C6)73z5sQE3zcZ5d}h>({+JXr1?7Wb>2=vAeA$)~$1w1~h zex?8J*M%iKPAxo^?MvUC%%f5<{s>`4pqv-UTfN*e;Kzva@^=#ZS(dwX6M@Rh4YeX@ zeC@Cplq^@yZP+AF9|Yn3jWv3j?P-11Hs^t02Qd9T6*MO2F@60XtLzs>g39pJW6V1a zGhN=9Qmssx`&AS21T${r<3Z50=K!7cc5k!?wbkXJyUK8m2&xjd8D?k-+#y`@OkA_R zJC$fFstr7ogw9j}<@`%f96d^jgVXw-&VQTA1OEMjMhR>MNg%hsQ2|>HGKT{SX40-~ zKg~tF9s@^Lb3mR=RIth-9RLe)N8ZjV&MmV*I_*EPg1@^BxynX*gb|y%BW|~(KgE)Cs)c4QV? z54g<&I2J#1pL9(yp|`GNddi#tm@7HXEmdCOCXkKj4?ZlIhKFBL{dkiu>b%lf=n)Is z7h4$W>Z5)ul(@Mwv?Wpc zX7%QJ2l}&`1HW|brq1a|u=QXaSaiBkH!`?&jg}Vyc!Ki% zB9@H~e#&p&qI}FB4Y|24nlNUoX&03P=)=c-fQ)<{4=*1bwJ0p}Zvi%P2fQY`)dA<} z5d;*&^%F7`A3aAPw~6{n>I;>eD&!Z3nU#)XCJS9Q;tsK(Hd>b!ZM{ee`(( zoKH4g&%Zz#lF!&m{!KwRe?$f%Zcs3nr0mag958Cyftv%qBwQvg$A!vdv5mYp3no6{ zX-%BzS34U?8wiBIA$~S$1~QMcT*?+1wPdee;gnI2_lR86S~*O0_tm*|y%w)WGLdfh ztLs%8v6?+ji(HTYz4*^X`Ud#0!&66^7o8}3odvsf1!l&?++O2~|6~Z>wV=X@61Pue zKpKh0#r?eUVN0Ts8#$f=WY{cxWkoiy+GsVvYnd#b&G=g$l{`)G1&NLzUdq(iOpDRl zBk1DG>VArvW&h?MzQB{b+IS#4f1eJlYBD(je9r3!Joh1}1BkNqr2ulQd9fQ}N3h(d zD9SBsh#UBMLir}q6-d$4!W}fbb$ShRE3l#GYFN~i@A_1}psQLOD$dSD;QR*Z8H_2K z8KykcU=+V@Al%j36Zy_P(4&+sm}6E#=w~RC`W&NPmPC?qx`e3!osyk$lj>6E`~I|# zv?ed=v|FlegE3S_fV<6&ub%?oN2O%BIe4l2DOWv*>^l(>ahRe#2*n~pmPd5U+Fgcv zAxZuJJi|lH;3pZ0Ero%hGMT%O)N|`V)ek(e6ue=n)|h#r6T^?UG*-KVCR@ANd}IcM zUoq}p7}r-D_k&~LdzvyR`Ed6&JojOr#jwto1$`B z<_vq?l97C$)p$5z)X1cTLL-@NzF$e;)5^jZku8qv#bV^Af$3B&SsohBin*Z{`k&BOi_dS zV2|{`eIW{To2GwH;{n&4dCLd+PXf>>VlcZ3t-C?{%>_E<$Qsp<9 z#tQ&zBbHwLP%o_Cj9(q8u4^tLm(#Y7K$gq&kD$c(W=ZOz7oR9`v1+DaAdH>o7Q!*P z23!Zi6h~#kZfT+D`_|D&l9Si6*a(SYw6xvCJda3z>ON*R2j1xq_PzR;qa#K|FvAnb zIiXU$m=Ek|qv!s4;SQ?6d4|DzpG2ZgoquRfD{iY(=gs=RIIFoJd&?w;lL}N*lU7(_ zf8{>gXun`9Q#m(h_tKLI*H6<-jM3$Ol$%0D1i%=I)+AK62b4=K^7h4da#!Fsj#wW; z)ExN(2m0w7;s)D)wrp*y;i<^jcZ=06=hNoQ+Ie@rk@9B!Wa^cKJ7FFd%&FOPVH`#8 zL};5vq+YHET%;o58y8<#7hJtR8E~A+9+<(nv&Q>VQUtkiDw5L;(g*#zW5`CF|4i=d zxt)5SuTni4^HjYXL7QmJHotv+toJE`A<)t4G&yPrMXTa0-KpPNZx5KOL5>niAFTwi z2RgLpuHJWIULOJxDAY@FSx~@vY7}PA<}NpvGwY}Hbk*&HjcJ|0^VN4ml5W5yA8^or z06LbS%ONkW${)h=ov~apz!(?|{WGx?M7#ABkz6%~^GsX(YT~C-|0UPQ=_*Hkx@paP zsqWt+SKYuv%}?*ib}OE1?&81q%oA7mV2*XR(v(hgCZ(ELZSt|CeCq`-cKoe)$gfwi z&pE|D_GIIg@|#bH?+8=L2HKjy{ZZ!G%5SSdXE}VfEpOlEruBmdcNo0VSJw_{uNWjCDjtR zT=%z(!W4NlkREZ%_sU2W0WKoK2GC=twiPP70LD)~4_Di=Z-RYTWdw41rvXlz)&6m2 zzL^e82M#mq7P7?nlQUJ$Itt-tvXktW=Nz0!C-5ieZW#zzktKJCDd+wa+Z8t=JP*V@mOUl_g0(F zhOY=OY6m%9Bcsbr{@xjwwERU`-b!~Vzz^vfdBV?*WKiVp?7OOH*O70}T)VGy66Oqp z_TuWtBS|lWj{rXyWGRA7^F98?({cd2Y(e>wU%L;$_ag;v^5?UTDiTM#q`Roal-%lh z@I_?Dib~XpG9Y?nU)Oo1A^k(~{j63LiX+Hd({Y{SbuzD1-F6(?cCZDc55mywa5$Cn zZ8i>G`emRd-tD{i7P;bm$oO<2rrh!MOl(%oYxjet^;!AcyX2?ktNJ;1kU#YkGkvsz zm}IA+I8McsslL&|hFfZ$Uq4kFupnL+6K4Ar6XNaNq2n2XmjR8`VS0UX?}RvkCa~I`w(yO>EwdwDAFh$Ro!R_h+ff0qx(f1O+a9`5KQjFqZM3oWFS>s?#UhW?N=HurGf1GpI2g%OuT zejuPx+gL|_=jx_Y60*1o?xU)l*LWO4h+{IBs7%FysVe9SMhEuP2zf}9W}c#MrWN=H zTGCEIbu3H3nPQtIfSaIB+nYAOM_e(rB@|iZW{mEV>$ZhC;X5R6K)&T6=WgX6y5AkZ z3kRJpbZI8a9(KeMLGo9+M5%ycCwlw)_J8lX_b)Y!87(;#+1|Jh?GKwZ779XM8Ntfc zUW&}k>6n;c3-EO*N&|u>cd5~^dksVV{1veD$;V#nM3B99od2}R`o~1iM4c`(DpD@_ zkOiQQ**P^AITy%R3F^r7S8bs7F{ZbHoZjPA8~pAzV_lw@<1v0;Bto(vqe@1fE;a=$ zJz=U4iR>uyp*C&(`dMUyfKGsG&yW6wpUc~rzV0pG3Aog2vfabkVC-Igb`Z6Pj|_Y2 zAk!(v)ro~7*%8fH@QKK9y^)CKI|KU;3Ku`9Sx32X+gBHmSXDNJg3pXu=CAkYmA%u= zo-2tgfL_?{$7%b$o%pEo;AnQe_phxeKw#v#^8*f1(&18lsWDd6Hh&_E2hV}IeW4I2GI8QSkqaRQcqmNH&+RO3BvB_1H%T<~qdfz#j;DlB=D+RSSz=~Hk`IjDuP;Kp4tVpeIz!Mo zHx7W?#N48V{ZA`5OKyr5@Wjk^tl`NHl;}PX`uz+ZUT%NOS`2qhMI`=@Z}}3ZN6j z|Hfh(xQ;EY8MZwMJ>I4QL7n0}eAb74^rC4L3qw1%bHnQKxJj*(m4usJ4wYfq z|D2LFOzR9Xm}M>JJgC}rT_uWj#SCGS?K<<-;SI<0@0ZVJ^-*1_*__=x*g8Dr7aZ<+ zTApl)GnNyUS!4Cu;3kdUk77Tn^Ak=R4UGsNMIO~0 zh*mBiCbDD|I_}{NBQ)YN_w#_YGA^jbsRZAZgvp01u)}h$UP$ z(Bf?dmk!fI)rQ)dVSQ-_%P%?ZtDl$u!1i9)! zq*P5FS5Lg5G2YVwrQ`U!jnY;n12SGt-aVAB6Qrz69$Q6(C~NkZJY~)cEh}jHU%0O_ zk-~+MBOBo3%p@zMQ60R(na{YMCr(8;L25Q*4ta0Gosy4xM)_R?gb>j;t|JK}*?3ArTd!HnSn&67 zq(RDIIPoq`t9*w9m=xLdQt)TX^}q~|I@4+%>{&ELr$dJbhDzeB=SGS_eE3K&D z`h`J1hwA2C2l@1f(;q`$Ym{H^{&8k#df}UL`ba42y(nb@BC? zW`8vt`2xLx`64{=^k_Ul!&eW_;dYeT) zqmqW8=q+po0pV-H>zhLAoe$nbNr|2IO_S;}*!MQByH&@0G zXd}=N@i2~MsBQ5?x`Z`}@?zHee{>z|V|$qUl(CDn(c!H}od}!5F~V4?9+? zE$-DZ7A+ifa#7Od7XAqE#sQ!S)gIPO#1nQU`diR?F-(KW!j8v;`|0BSxRw6Yz&!Vq z4?QbF_gxC?1APiYjy%kszum1^Wq&i#n%ZUO03?RVRKwW5{4g2Fg~v)R?1WrAI<=L% zpne*Prq?&V%2bdURb>6PWaOZ@$zs)N=rgMqRXC$!^7G7%OjpR6v3#LSh=jwtX!qe| zP_7XR!j%;o{#hEY2A^jyG4qPSy4B7>HeJnnQAaMAhrI)(5sGrXP)hl zcYYyVg!DVR5Bc8HsJxYc6pJ=MK7aH$)8IOv5{wf8KQ9st+U=|HQ(@G*{@&>lHl( z-?Brv8gkngjbJF#$!RZ8x4`%y1tv0$fYSClbN3FNy|^{tFLVb&o5pkG4NRYVC%-2BRyspMB%izEX{PwokX4*fLP=ZFU;V$6b{$ME zgCm^t8|Po+HT&`IFd0$Cnq%71L!E}J0WKY-_XF1Wzo;Y{5Jb7`3Uubr$Sec(=0aMx zYoQQ@l~50|yEicCh}MwFMLSPTO}FylF>M3AVevmXG#k>_2TahSyGTZE)Fd7J82RXy z_9?s{RfC$5UITuUe0+tPjz&4iQ>?UUmU*7^bM9V?f>%xZdr0OeM zq<@0pxF~B?kUWLBIFwA8$7)f0_xZ$t8M^#jFOmhgl8b0P@4rhCY)5r-#v#1542)4{ z=j!}y^^^KI{^ z!Dw23krcU zyFYu=kosshNVXshUakHN@}v>suFik7-@3Q7&v?NoH4%PNU0zC(Qo5f z>EaAhlJjIMkMgFqMrjoh^eSn4-v4;K9yh{(bd=2rS*n`JHYtJpRXG@uVE^-DQSH%! zXY2s=|W!WmTaicmF`+d)K)%S6fJnpap#+K`5 z9VEdGoG9NJ0a>gk!S+<`y>1>cWIP3Fk#omO2(95lLky_=YL;mP68w3hB1IVSs86RG zd=)E}Nv8t;!CiW#J_%TSIV7E5|L&M3_sBb4OK1T>T+rB-1r)FDLxz)(neyFP;tPdA zr0npJ7Df@siD=a!AZbD$a{mP6mervGIapg#dBk=-(id2cy62HZzqz)oW(Kb@;wB}=4TQ-TfcJXx>`MwxY9 ze8&mj9RaFZ`KyE^$Iq)kQA#B^U33-<3%f`mJ6U{55J((Un^9{~A;kBpl=gh4s-1EJ zSVk$~5{z>=C%f|3F{H{hb<`kI4ri zaBQcU=<_5kROV^@_??#Irk;5C7shX}9_TT<;}XUpMvOWY(V?h#f#U`#vmGK4{;_F>uqVSnO?T6g1D?PQ7A+l2T++#vkye5+WT&X+Zjy6{HY(lp`k*<)y^F zlbo%IEBPhhhA?9d96IX?lZsD7bkf{R<{IO8?0@|+S@Pzg#iuOJcqgsY;ZC{o zy8fMr+c6o=MJvt`wqPC+_2VaNFBMY8>_}++AG+%_=1SR0krpyrQUbqP+AE;LP_80( z|120}s7J2#f-adI#9qXF!~RG|UQd?xX_cy=LNud37=7u-)AXlu&+k*us%pgEp|k!= zOCXr}lC}BW?wV3f)9!p{3dQTN8CAu7XGQ{*&iPU1HMq zr!*n`ghZhk3&lv}#8X8vU+XiV|f>y*cdq_>kmrVZ7V~_Rn})-eIym zZ=i|_9eAU={Vsp~aLZ?ZITd^WKvs>V3C_NH%bUCZs;Ro5Uj8Yo)oriB6rSP>X0Sme zA!l(&{2S?SK~^lLjMn)36>^%q2&0>F`5opDhYq8THvM zXM1!@AKx2vRVfLISs=PpSV1k86M-DbBdAqUrgCnl+KuC9Aqm8U4{87?N+M+XzxCsg z1D{?=V<|r?Q4ktNEF=T6fhUwB$sZQn32HeeR3Yj)X^g_D$S>xIvxSVRN)GDrL=dIT zG3fY{@ym*Daq1n%#4HF9@PLNYkqE0(&<7TQL4zl*)pi+>J3*LIwwL#FI~I9GU&Yon zd`tw1|5C_-BSVyu@APtjQR5G~)Cpa7as&4z>j-KBl=|QdnMwf1qRVVgqAOe4sijVx zKC_6x=>u=ReS`OXmVTB^SwE&N^&Qy>p&6YSOOKXGic=aQIOH1afC3!h*r|pX8_OCx zQ{>B~Zo-d8`GZ5Tu_B6+{QIlJ?+o!7-ga3Ul$IC0+TDYAWtfLVGCQWYOevkZ4* zchRDA!?N7htQe={@#L$%FzB2t4E<_HvU8aF;Tf0Ax{ltPQeZ)o1$DH#s*Mb)vaFGI zv(l>~>;s;=OkYYkX!TpZBs znYhn8H}+ihFW+iyWWsXB(j_P!<&b@ZG07LcPbZLaYyh`7D$Ipd$r4pEm&l@?f=i@N zRMAv9jv59=t$7_tC^hcli4W-@ue~JDl0WtxETRrsQyu^L^!o7)r*NJ~)HwrqQ;?yj zJb~m%K>F~Tnx#A8VGyoX5R4^=0Ga*z55-9AY0ukJPqUBJM^?+Y03;Rb72y3F9J>@a zZ?nyPAF!e7-QsvX2yE#Gtx3sV!`;;-txYjONeD7C$bwPRdJwywA`%N%U7`Gpcf8>V zQx5SS=~SF(8Hs5UIiLD`Y+a&D~a*Va1#E1TcLG>Zc-9~nUNY@fWwgVW|7ZR&9}I;Fq9 zUgKK-XcoZti2s_(sM~>v#*xD9I8^ld`8WO}p1{QO2Op>85Q^F`)9&JbL^l^}bPV7{ z`CRtw)yBc?0oc0_m<`1GpdIUw9B=e%goUh;!D97{7qYi_m-=a_W7R2z3F)Wtb^t*7 zxmur_zXsXrPTE}2cr;IP8(p?xA+41E`sTH1`}fEoz84gqHH#;NVoIpo(alNcnjKda z49F<6R0z<{2+qj9)5Usx>E&Jdqxzu9uw{e_3O;W;F-4U;eJiGD)KNaF6+bH4Ep|wq z;Ms3*#?O^HDNipuq0Q7o)B9#VqXjAWrEBRKw(`^D?d)hu}%cS_zA$J=G zcftG1Z)Ajj+%r6ZVyQ$h7C+>Qrv#BmP;)>3;KoN_JTTwA`sPzV`MND~{;>QH#uEuc zT}zC{C-d<(ERlF5vT`Ph!h_E4GHL>O<|*qR^IhLG6ZPBYQW;oRq$@v}#=@C6w_VtR6T4ps_~t~Jr)-JlC(b>Oms}|$YpI1mvm%{e`c{68`A}!cWB3^JQO8~Db|6lO=`y7-J60Keqdx&Fs;eKXWCPj0er|~<+vba&ZILZBOo<;iD%MOI zI0w22rwpCy`|8!!JAJcke4oNYZsk-f1}v z|Di-gWo$_;HazKD!7*ZWjNipB4urGJMCKmS*QCK?Gt~arLmvz-{>(d!#qg3KG4ZJw zH=ib&>aT0*JTN<-yd>gY1DcVSO;*^`WGyQ4Fr4&4i8gwBS>lqZzZz3 zEX%hwIu#2FM0Y#jCUSV&c_?7S^^_w*ZV2TmN+65@=w|0fD&>nj-{K!8F-qCK!H$$J zVB0lq_b-U0(=0)uoU#ae>?P)z%p?FiS#`+}67Otv$VvQu`GplnwG1fVQ1q+uD?x5s z7F00U9L662i#!Fm#=rKf8#$}W4IOO+%3~>+23<@$0H}WQ)1!K_*cW>4IE2`LMIi%_ z)_=3^3l+`yL}SF60(ZE1U_ppuq5zY}RU`N)@IBYe6K1g1q@Yk(ZUn1`;jLlrbH+X# zG2O}l-T|42y#^JVcjP_w)XES&6NE{>^2zs8!F>G&_6W(Af~dNWg%QZOBu5_LJ3SqJ z+y*ng&Z&RiPVX)*NkWNOf8nwH%!fIopo_J=N9d+thXrBa;2FQE?zO29?z;Q+f$xXf z5Q~64{b7`PYz=u6$f#>Gf2P>+se>kFiB~X4GCrldXP)qh>Q3yeaHh>c_yitd;^6L=Uuhe(p%2yW z3H+>-cYw^y9(z0^W&*I*4lUQ~p8>LO%v-+}{`toQ$5&yLd4BLl1fRbvzh$ET-{rw& zW%?irQKU;@@U)CT21dLhK&rAQz^ufQj-pSLDeK?E_Qd`=-b})s`{$6lYo_n{sa)An7;^a%}L-mGxFXDHO6gS>TxVvE5~C=iwU zcg=qV933%@^GP1kN6?05yg;g&c-{YIQlOhUP*Cu;BW8CpZ*EKSg1e8Ql?i*?B z1Fy9x@|G#)Y&qf4GLE?W%2y!t!q4;;I$95nPAxi-+O3q4Ex9-(b?R2?o!8GUb)&QB za6evq8y5Vcl&*D~h!meNM1%wVJ*#1ZOgXmwY$mQbtp2r|89eg`2Sq>@~wLktU!^ zMm>(TKVXG0q;@j`w`394I$^3bdG|CEO~03cUG0DWKig2>`>LXPn2w(AA$z3`kXF%!zz{Y4eQTAMUU>&^|-AG6wVuK)8L zy?PxMjLqRwNCS&*g;QJ4I3yvG`&ksi0_l+L9%r1Gr+`rKv5{o38gMzGn9pp7aZV`R9J#vN;F6Pb z>NrpTdC8_`Ism=s*TRsh@H#v4;b~nfP)2(pCAH8k)Z%apZH5?cauasf4T znD=Mo^EYj(7x}y2l3;JicxdSHxr7_}7(2%Mi}15no|m4O71U5(@(OtB|0&zeeaHpJ z{@e3D$bX%6#oV_}&h&`VEJM8_>gsbIoyUe%C6EE10K=APS2^)TNU(GQ$Qv9R^;$16 z2N}nf%)aP@k6z6PoX`nXL=J_VDI)8eL+dP_GOrOmApy-ZarNB*R-A0V&tlAFfDZS) z-#PnvuPe>bUKsZ3gnP4z5PUN$Gu~1eBOfc5)TJ@6H!Yl?D@-E#FIw-vHStYqhOL>o zZ3LKThb4@Z4z$a)UT(K{)KkEtpq7aoaOyKlm7=S9JA-e9m!Mkqs{1!axNriZQfCxA zpty?*S`emu`f! zpUE0rpMRMlV-Y@?A48xvtRL0_=3^>!E9;#YRH19Tmn0(a2LvW{%CY^mZabVqW)~Gx zR*_?EmA!w#nfPpx>?~z&LU=BDYq0{tQ=g4GI*lT zCKRb(5LUlAnzO@v1hY&eqr!BR7m{mcJ*)IXI*O zs}MB6JN5nE+_`p{&Ods{N-GFX#2Y>IY9#Tfe)!MbKu3uBLuuWl5Nq^tNao^q-;%9y z-5zbajO#Y~YE7JCc$0rBHCrD*d&o~Y>iOl#q+Bx$rJVDEzj0lehs=$H8|c4=x4q7N zni!N~z>4b9WbxVIU-&H-9iMY1PKswqAxS&?M|bm36b(OpRRkJx8<+uAqr!|Q_l;ad zg`!&SUjUgYbZh23YVT@QJ9HQj`@xEk>BXffxpm)|89x?IKZsN*8Kpq($fp2tgXL~Kx zAbJ6;vfZtSkYd?*wS_6bLhWOrH&A+M?%2A3v(be1Eu3p%I@Pu9Su0P$4sI?j1<^Bl zt&y0x7du7xoR#ta(M(j2g+bxZNx|wEJVUu7C8LE{#lJ%IDK!e%w(q3N4&(OnMaNzR zs9)*~zB7t9P%U~*bL?O@^?HBcGyg-tzvrX3P>zMFM2b!S^*;mw(8!bS9KXGAL~oH` zGvO4rR5(#`*Zpd52l7FM471Rk6xA@a<`BgR+y~jde4Nxx8miaJN!@T^Oz}K<>(PD$ z|ItQ0aKkYoJY-n;?4~EbvmCD!pF&#!zv{K+{1|ukx$V369$`XzqTleo%ctx4lKO|vdn-Cv=(X+oV{Pylks)( z)XWXm6U5af;GA$jP2f;oAeLuu^xq*!@u-gLz*i=4-C#^FmRwWYhAa-KDfZ<`p&{9F zzGX!;DnPL}`vD(MKpwSMCz$Go4(>p2K%Px1h-uQA8Vd`o3VjBy;ak~2n6-XK*X-^4 zBhxL{dcZJZA8YXg{Kx$4`y-m=+VL~|XbwdC`n8MOS?)xJJADeiC#PhS+g~r_v{&=w z)7kd^-6plra*#rMCd&HhP0e3jbfpeSy{SQalCk&;qBb|FQkjpcg_bcp~$;Wx8 ztM~7)teUzsG7B-RoaUxkfzv`Z*eJY4N*9-Cu6(En`cCtiyZ6yY2I7S9|Iu2MFh{FL zeyKE>~zjEm}LfC^n;*18$3W4(fyrI2P_o}Be~HVd%jk!Q)YPH95y`ZMLf z8MRFP&4(Y)Yvj)AG7)6LrzRntWX|nyr>rzs(ac#)klqBcPZZ^tr0{PnPhqdl!q9DM zI;8pg>++8MrK37G{kM;PH@jpffQgo zmM+$S539X>Kv&vfRF~d;E4DeHpT z&=ar5x6e_z6ZoH9(a)9kY75$y32pFgntIW#~f!y|LKm zv2ycVvfci7TLN#6j}Asf&OUTkh4#0WyzltOUfD!*zx8Q2Fg^J&aTc2TQ1fj`3sRap z88q9p$CEgz5PtT9k|Q5aA4dnx0umc{Y4WjSxnJcSL5f$)Ja)+?B9n}k&sUS0SMXzQ zDf%Y=9#?}WT>V=$n3h-97F&x}(S8A6;x4QND#v%UN|0{6=IR2^V zfR{z_^&Q|do?sm^vjB8b%>YLFL#Wb2Wn?zI?j;QB-6L+!=f7}2fCnwNx)CdQ%?C+@ z07d|8ng@*X12%iwDn^gx2G&%nKuow}UCg+-vqI|v&E?#K4 zhJc4D2FSvf3-)O4Z1GW4y4c>5MNA6(eia+DtFg(`c@)*=LFh+;2`QLpI{GiNRhS8B z`9U8kxdohPgx>J*+>-h@j(i3p$6u1U?|>9vi_8bW6(J-y;aV8fg3w1~*EDDj*u-E5 z!v>oYT7Pm_7q$XgTrMHnjAI}}*Dv=$G+76zwNV5t;Xisz%mJ;MBQ#ycn8zC?h=Oz> zB(D*iJ*j?JtTqWE=(0RWlT1ZpGg8V>UGmL{rgt2sZ`cWZ!rv&m|uf>NZAHiSFcGjsSu@8JLw9{9kLm z*^!prx;Q0X!DIh6pw9htP7_b!;Tepo?CeW>wb7Y+J6`k3BzZI(Rm;StXMF3G&gYRa zmcy@SF!0@^<7fF;wy@q^;OtbjG{OfND-Kl?i=XjD#B!k9~Qus=**n<5raAJrV&qot+#} z2i{Vo14uX+HRD&6IZc~YtW|Q^cs|_M8+q*=fXfPF;}*OXA{FCy?xcndYrjJmq%o^O zNE1U+v5l;+1+noX%Ws$Ve5LDiu2|xtsV!(U5GOKM=xabv;~M&P&DRk|fmng)uHE{Def17$K0DZ#k%yC4M0nbgH{=d058_<{ zh|d+$1N-IwV_s|WEL*?M%}C4^Jg7ZW{bKzB6IA$JwK*`c{J&VbHM7~zw_F4`(&`Vt9R8_`z4J_=CH5Mu^bWvkA@GB|{~yS|TtncH z&)iTp+#2bnyA`iOCeRDc)vU1KU3`myM$~TZOI$i|>G~>`oI5PH!?LdOmo|H0J_Zw? z)0W2i$;4JAUS0WskCi-`eM43%k#J1c{H4#_Lfqa>MAhy@y8;`fK5BI{H3A+A88lOQ zNaonM{SGX`?i`ssNxgqBPh@-F#dXT9MoKsQpg$3=96TDWnD+k2{+`Zm5vwLg{4Q== z96uSwYT#h*+Wv=+3?=LN>c)i5s?oTXeQeMR3erOOAFLl6F@~mfSqQ8xAdipPTdxMb z>@^89+g?>OgpL-InwzShE+bOA9l1>uzd^qgXXm0DWHm8jT0DnDNE9Qq( zMbX!hKZ#A`0@U-(p}OO510(}-y^p=TE;nQI{G;6um!wc7#tb5)#WgA!0%Tz|W5V)` z?B~F(E>sM?zbT&R1MTHf?L>~Ce93OZHHfsk^;oess=)9Z)))U(0i;*NzS&m>wOnV2=CO z010FQ920Zqy5{>NKn--|<@%LGJF23tgg;K(HAP2R@PoG}l;dk!v91KPL!V!UJS37W zj|mUT^MEkK%_@FiPEQl{8V2YwPyFvjsaFN#*Ox*tMR5{|)U}q32{jB|LP|nE%n~!3 zKiZJXzp_%J5*rkmkXjK`OVd!6rB$*+lpHqrZm$T|W94>|Q@@x49G-1WNL0cVzO+ZG z(TKizTWQqPsVVdxwQF8tnP=N{y~Ef_D;G1Ou-wZ51*X9E%7gzwg^iozr+7WFwQ1 zAD}J&Y?-zszqdYS#I;%5*Yui?L&POvuC{*6G$k9l;RHFEi|0?~) z)Tv!Yw^|>qIeB<`HzrO7U-S)NKWXTsM)jFVB2NO0KvI@k;Afuu#fGYhzt;!K;uE4p zFq<}bDWh->FVQovaEz$QDm4)Y#- zO7PI(v)eE<=FLbT>)nXyZws9G)XfBUo7QOlDJ^PyHw}rl6Fs4P4-U38ahk*q zo9V&&o6?Q+m@QGvH1V_C^r23gX?C<4m;};~=6Fkso$(qfU0Q6{Ta8++j4iuvV;rQ1 z$QPEX=Q4p{x3@DOARw9IWa4fasPp#hV*)T$lS)xNKo|;>TY)%c_1cm+!+5v9CybXm zPs*o`3LuBP96r?fDAxj(^GXlY2O{@Jfm1qE`zdhPuox;d(Lz?49QYL6{_~oqYw#>kB^-fPbO#Bgne3Mbd2{dy5!r{aymL6=&OhB&H3^ykm zoOSPo?6&u$Lp2cBNAY4uM00gyuAP`-a<4oBzB1{x>l{I(o8JHh>n%3RIE>Coh*#J4Pz*Y-+C3K>vGhY|DE ztjQ`t&w~of)`m}P!nsICUlfN}z@6mX=HTAAFf;jP<1|yi5vRCWKW)2yB#`Lg9qjhC z^B-e|SAS3j7Hq4zLkY_W z=<{$V(pQ7IOZ4r7QW1~I&4k3kH;=Cg|0+cr;*^KqqGAB#$=>IIv`B|)aT=qd#^hIT z(J&qRQ*Z21A&A^v_ksYM~k2Etm+9SKzCK6;N#tw zBk4ZpWokVf=joivx{gy`pOMv$dwMo!oD$-V$+@r}&1-i%zDG;v$cB5WXWm5f2%9fL znU=FY_-|fiv&Pexg$G0i{KCb^HTRSBo3!Z-mCW5MU(!UfA8T)$@x0Q)c&CX zT_bG=`E7YoL8zxe0EP@AK*0XSRxnjHvv~*~anCOLRBSV1-RJe00QpYqf!N#)cnv6q z>g|r++0bHnF0Wo4z+)Y?=)|%!c^BQ{EMygI$=&HT9hR0XVP~d`$Zx<$D9PF{a_?qj z_9H-&@&GaQ??we_U)?@>4J`X|K|5dmEMl$IT;+73-^qn-&PnO4VmKq_jdnk6LdmC@Kg$<5uSmZZ@<+y=sm(Aigu_?6Z* zoW`bYeUyLC;ZX+gO_qW_cC=ztiXGFAPyhUJi@!0r4gUq*lL*(WbNLErBmsqH zlU(0u?&)wW4*lqQLT`mB>!I4LC9F|7AU{>o1f)uKC4MEDYJXueN}>>P$-BjO+y`)z zn|Lml?wxGHsz2Op0l>T;#C)G94bW3<`XSxU4~DJ2P;{5OMR z6WMgHjv93~m0k6KPabk;k%F4P@iAirqOD4TrR3It$WQGg1)lua~&I0JNNv~Y#Fy44tEw$_!VSc=l4I8~T`H}WPz&XhGxCF!X;vcU5dn0ZdF}Hdc zB!OX1mOoVSLwpj5i zEKy5;5q>E@?dcnL!ZQ;b8_>C3u&AV}`hdpf{{Csxz34vr3e#Kr8AtPc-?FdCWs@>5 z%R>|+Zv8*Mn_8qdQg0}7&4<+#_{sXIH@;bE*QX9Si4ZmgdjAFvc7~B5t0T51>fx(V zYJqYfiZ=yP>2OqqJ$*er0w9?)X3Tn)rB6F|gmFOmpr<+*`$1^TsjW(LMNKFnGxL3T zmdks4-eA^U>3|ZcZ>H+azA1+^$MJFQN%4C&@C!*8nG+ST4?xpf>XptFEHaa#I7S>+ z^0OW*oK&J$LD84Ls=2r2pG5K02XV5h?09r$-s<=vongWL#FXg~*el)_zC;03vZiC) z*!DGhGX*MfeJyfIC$^C+T>MHo;wOOXsOR7^3*q;4lV`b=|N6VVe5fiaTiJVx%F4J$ z0f>iPaCk3%BC0-pZ2*1j(W!UUsa@M?@G1LepK&;=g}9f?>2clrA5c4=-TXOWL?Q*(B%K2O=~xfcdm@XNw~&2SW- z>d^3mv)<9y(m;Z1=e2ZnY>xOytmE`6c4pM&nW-;udVL=N+!w9sd=C6<6jpc`bU(go z^cp5wvxX!HW-Oc%gg*^ElHQU7oet6RCDnozq8$2|z9jx&%$2lUIeaO4R-4b~sgd1r z3;qsCr#KiUtPmO{R2Cj>9gI#X9M~OvNy$Pj_W3*$q^XuQ!>Y=)y4N%qn~e4|=CSce zW-s-gC#+z_>L$-SUDPfPHhHl>tm?Kf9KtV8A00x!QFcAmY@qDLJ?+#Cm>&$>0?Oq) z5|mT%8R^0hh6Zk{<1;S9Uy8{9|Hd;x8rIZ57NH2$VzV5%?iws z$+O5trmhw#<_C1#A7m@$47zL$zVkFqGPjoS3pyBC zxW`qTOpnwwubB};AZ?N;nwy29bm_xl=IlG<#Hd$hoPKV{*ix26u?Kr@f&HIWgtIti z5}sTWIn7fUid&3J)e%Buxb);ZOQc@lGF~hpijYZ0^fcm>hJUxFS!ePB47W`MB@+mq zDrNJt7X<2$8j;5F0IYUi?vBgnWc=1i{F){=0QOuG*>HY*;uq3L-_-5agKVyY?0YRD zb#kp}6kKU?opHUF7gVZG6~#kBx~vWtzSKxDl=ms{ z$`o=;;pn<^H0ZRCwx$-pw)Mhwx-;q`*mfV|eJG1s5PUR!gb+dCG)7#Th>82}vn|G} z+P^VIjxebz7yZHq%?OmyPa2XrGp)r~KY!~9VxyM$N0YHwPjzAASm)`qg!=HdKla5j z%_kvYi};tw7EKoix6GTGAfxO!z2W^5U8)IdUmT?$1ix$*WTJf^qJ|-L*CoTGoYMZs zp^uRA%mWS@hoa`s-+Sr~a;e{$7R}+u4UII_j^XCLSgw2a%_26;LC2i;DYtVKS?l35 zgS2`yK$4;2f45iG%@Fw$NnJ?;Gf$5+#(XAugf6A{fXrQC(KoTksFN&R204cUul;dJ zWIS`9LKF_R{y%B!z#QQT=%%jZa^jsQx8N`CQN3a*iMdcV)m!VfITdXh!Sc@r$j%-b zDZ{PU_I{kqKfV;`0cjRej)R4aX01wvkFPzH!bGl|S5Ng>-u+?99A6&sHjJ<|PMoBe zlDdT#(JbI(roZxR?y#chI$ULk*D9+vNc$J>In*>Ak@FWPc@%$=^z3VLTDFvYj&VbD z3Ow7A!;O|&eA*;>oPTiXwwv_H;jT9Em>1+bs4Ep4vZ45mR+CU?AwP_905USU9dRqh zy9k?OI9jZ<0Vs3ByM4gqzD555@C!WbUrgN(lgP3w&jnD7pu! zf#iJUM3lBu4Y9dwv-sj7JM?_zZxC$-z`I^JFootN?@8`6K?Rlvy|tI8?9JwKpVSfv zRdjVSG*Xv`V=fPB{vAdmxq1L#$q=fLP3X0Gx?q!LSLpp)YJopecogCv)kH1R)~=Sw zTcKS(uD3|(^u$Z}YKXn>t>Z_Ycs)Cl2W0u4%Mpm&z_0jDxa|S2LQo#rTbCkYQBbWgUA7zmqWlN+Jh!gO=cMO}?K~ zv^ex~nmi^Ec68bLNxxNIab^r|>ZID9JnID<%=8etM6=p0&kmSKdrs1qBdoNerN8PCPn5tkuzNQR z@fr>=z;3Bg-ZFJ7_2}oDHM5x-uWXh2^qL1u7AtEz$;iwFPMp4x>}C$gV|n8A!z(!p z)$Ga`8X4XmY@y2JUilbaPd~=Z<@%tKwvbEUa5j-*loNa$;N?<-SvR_GQU{4_&(cH;YVs1$8Epk=egw;_s8O z@#2L|uhWd691XMlv6RJD@GAvKyLu*TZiiD2%>T}wEEc~AhcdXFjM=ylb7APr7m>JazL7%AgCgLhYg{HoVjI+e8Vh4x_cR1*N-h4Nc2MAU!3li@pn zU-X$v_I# zwQs-buJ`X;x@@Mb-%9CmTFSmG;qN=#5q(`Bp`+Jj5B7Hb+#;ONOH$r%;bkC}eOGRHIA*Sm+_P(@a+JI>59V zDlctU(hUB^eP=3Li!SR}&+Tp|%{mS?TQj^m=|9$~u$E`7 z1)4#KWOR3RBB9#P<}75So8=AbhlF)SBnR8(&*bknMWG+QD`3HW>O4%aeb#`xIs?;* z-=9q?+3%$X`BwhMaHy_hu0>k7vg{%s_(v@V8tdXs)z2mw|BgBUAIiS< z?+zn>Tx~F_;`KRIfg5MuaOs1SJ?+* z?C>jvwi8JEE;8X*%48C*p0ddgE8bPlx_Jk5e0W>!c+Fhy*q6mbi5d^$gY$w)hSF`a za^S!&1RFc_A97Z8{7b!DiRxA&;p>9+9@`=9#cI&%rD3+m$={JB&7Y7W`~%>|2gfwQ z>cKmkju8=WEt#CQ1!P%IAJSnDl6bAx<+Fg)*G_m@SCumtSGtDmss+qCP$P53kOfs3 zOm{a>2aO-yiDY={_CvGhgUDHIz2Tljx#yJ0@xY@n?mab`GTe+AjCbxM$z}9&W(;zH z)v7ArWQdMwDFraBS8Fv5RGz{x(x&(>HLxzVMFUeu@M#>Ud>5DwI5!32Z%w^mZ@+fu z?x?GfLBMPUh5jj(s~QcdsO^-w7Um-SJTo3!yO4 zZ6VhSy(QT$$oIrb-}>?Nt8`CwP*NTmqT2s%kp$II%3p#*okI36u6ulZzm%q*o@?{( zpzQV*e_m9eJSA0yZEX8AvU)_XZ7PYpBP1EyzEIv(b3EhpAZLW;{nuxn)M_3=RR2Ev zGY#g7lWktzDWi698soKicge6|AG!@bo!tnmt6&b2_5P_Pqs*vz0^rYL*^!&SMqm!3wxC-h|NVGl0kmeI{dYwohD;<7 zfvq;J_eEbEs_XwRyWp&LEH5mW9&Cfe6x1Yn3W0mE{9EEb+Me1UXQV}i4ExLJCi zXNru^pYFp07$I{H@_SuuAt^DQ&imO9zI1V#s@I>es@_c4Mega>&_(c>r=gC?ghY4| z60v|V>u<@sosF~@o$+GX20{DfOnD}p($xdmsbK?B%E}E1BgGh+h$-mH^s&rP);{`% z#mb~s2i;-MZx#`I@dQ%9xGw4m(`SK}EkzGB=hK2r;~1Wrbwr&2?l z>s~T3WdM{%JK(rKdAGZO{x>RDgj6{@IgE3v@Bj*A*${uoAyG>ZTV0}R5!J)?T4-)D z!ngQ7xks|j?R~*CPltK^^-(E8+a~o8ETd2B@#_{ z2;*HYQ@}DY`#$-l9JINdJO7CYnC~rNvK3Pb&44nqi(7zi{oC=AuQyH-2wxS)qN?U3~~|#m-um+I%L_Yf2tUxxD1mL z+BhH%b*g)mzEYaWCGt6fo3-C>!a?;obC=m$u|4hBA z;l#oV32i`~hu5H#78qjsGo^Q!dwN>Ph7y4hw^Fp3^v+KQ*t z7zX{rIwQLBMM_Z-*|Hbp=y@Tv$A_!@z^hw3xvhhb8o z(eQJUpGRX9a}&^48RWg_6}b$z1PG@U#s^LgU_o(>XYo3#n{h7M{O|Hzl`RF7P=<`s`cCPm{w164!DeQ6#zk9% zb50-E2{{=Isj=Pn240+apb<};HiI9{IXTRC#s_h|UWDGf$k^jJ3V8>2#g4R7Gw@#k z21a$F1J?p5&Q$}a{vDN`agO-GDwBxc;IIdyA)CpGTLOi)Opk8gfoxg)WD-*s$lN4L)&TE%?39wL$>%;U_f5B5I1* zY$lIrnJRA{D2V^jq~uieW4L}tV;`SS3GiUf3}z8HI)+;LRM>bi0dlx}h&hikdn}Im z5AD4Qu!i>40=XZjHJ7^v$dERE1eQSZHjj}Y*4hmo&T55Mpu57 z=*6kOGNd!(85#i!W(J(tY~%R%xrW7ge9b8ncQ#P)@{PI8_-$F}`XXTPpF!XE2-kXq z&Or$3SfGqbSRn{Vze@ec^ivdEmaE+#qJ8N`{&@zm21rZ$+9{D5`}ntOHty8dc3H}J zE=aHWjwE}UDx?~Xli(Qd(^SLnHCa-8&bUMJi0mYMWv&SQ%-=e8hFqh<{nqdcFW6D@ z3b?-f8OArlV9fUvJ6r%Zojmz&3IujpLy#_S{PqJrhS_~}>5#)B#&v7uDw($5V zJ?blvBjfKdK24YD!nb8}oF@hUZ;mW*XJ@;VWDw%DCt3C1W+|FEX;q{@A8d{!a%;5z z$gDjzF^l^Kp!I{^baV_CqIv)SvH<#^Do6wWsgDaFHu|O9FFpeI5?_H&xCpq@G;e53 zx_@Cx{9Bw(4k&(O@+AljzMe?KZuNMcrAoJqOg%2-SVTsF@&eD7fGCaaqcdE6_{)$_ zInYO%YZtJ>&)|iisJ@osh~d>%{oqiZY8Q^Hny-`t#E=C)mU8@yN3%_WX2PuzfwEnZ zJ2du@fTJxsGi_Qv4--7IK3#FiypQ?h_&e!$B`tr*1_tW5NvPhgXclMYysNOpv)E54 z;#Pk7618YS<`_Sht{-+M40@}(+<5XtKI&-4AT>UpyH34MN!kG@+BdyJvH>bq_#ZLx z$>^LjzDKd~)`0+3Cfup(9*N)9HwZH4Ng%2;wkSQMdEeRq+CVc@QhJbv^^+H$F(@XD z4ZVaWu;^r@;;s^zJ#1q#la+m!y91>eYQ~cFrb6V$mD?iq;XPtG9bzRBdP*AoKiW#s7Z;&-CXV+W#lE}94vptH>J-AhLG-g50K=Qf+j4d zBy2v<-`56nEXi{)bRO(+iP7tB1!E|;v{Gs@j$$nLI8a_aBKp=%zUxt+>j%>$*}!bH z1*roszC(!XdwV5MiO%$bSNCSgx2h~8ZEr@uHhS}~lvc+VEUTx{8A?$1t7Kh}3CvoW ztfhY|dyFo2#rusA5M>T^@9oe@HvTyuUEh5Q)c(Zp_dzr9m&+BXaHkb{J5MKdwaUKP z+kTzs9$z8t`rg%0PD;7e|2V7KuIy0qfaGSG=oq~JQ=@vTe&6PT*|q9p&G9_SyTpNp zLm}tPtb|cqK49OAB*hbo8SdP4?XgFETKq_UAnmt?(nbQeNUFV@k``|v3!9{_AczcNhhb{711sM5$hoU-IgP>a=G>lB zV`;zbA6nf;g2uIa7T{A;_!8#ywckvD+?Nx)YWGdv#@p{Xy%#epG&b@2Iz1Xo#8rQ0 z7uj-dk4FZQw1!fy{$ld0KQ1+ClQnTmO8O1*^hY;bt#~q4ZcR!jXeA~aa-L{qlTZsL zYW)EEAK=_5=8OjO10k=y-j#l1TOllEL&ue?bsx}R3Tqh;q5WTe{qk^5o3U&vyWU?#XLQ8>1-cFsN8ERoPAd&P1QGp?iua{agIx1xDtxv}m zX)_94CG`BOSMhUz(~ehhW$~P7?pY@LXRb+cLe*ciQgbe#%_l^EC`P(~e4pq~p^SdF zsj2Vr9u6}3ZUyoB)1?05hqF|U`#u9#MF%Q3s+=Hz2sX@dAvgDQ`g=j>npN z_~#zaGjb4)WO6Fl$x@e=IAeHvM9nz)41c8pF_kmgMOtIUWs zGBoxCwd#CRfw^VASxy0_%{RSl#Gr{byM<&GwuW-B4<)+Rd9Id##BXSPe4H10Jyj47ohHAY``d@PkI1-aMg{1R&a>7OMq!qxkZg;D`IoR;kyfs9OzHxdFHl?mj)%( zy_o?7C0~J8K$)|PW9lwMJ*ho}zP*_s$}!3od-BDK&y9>5z3Uz_jdKf0-xZ2D_i7v0 zgBqO|D~+e$`J)GmW)^^`X9c%T$&Xu zKRhXY^SNcRnckbI>&LamlDLm|^ZTQXp5Ii`5ZwM}cYhoaDc6<5N*#~ac2f~U5{3f~ z2L@9TwL27jvYUS-K-}p3d{=aY!eZzohsM#*trF{uA)ZWe{tDgp-M?kw$a#Os!pHDwzeeV1- z9ml}F0lc#-fqhhvuD$m(ci$Gn10>stjdH-;R=B2OyNhN=t=kri8w*E&bTwc4rK)F( zsD?kHf0lzm8rt5JrigqTG`bmBy6Ov9Mm?gHbu2&*&_C<9j+6aK;}Enw{mYzvI}^*Y z$hy}u_;sxz_E#+UOzXw>f3PYdxRRQhOp@cG5wz)NT~C^N8~n};u=FV~Wjpgzi>S*I zuLn~GH}&5meUX4m0G5XQnCxbBa@SoE$R%KezgTaZVRqNNGGL6&3J)8Ez_(04rr9(4 zL=Sdr_9kh4=-L<9x3gu5n%%A20_zR?@Y}Fe3rf9S~h;UCa)lm{C9R9q`!12T?C!EAb$I_YV4h4 z_ql@3)TGvnX%Wp*5`FtZpu)+?>Ha$CUyGlbS&>cPgcm^1msB)dy%^A`ll!2KaxWH@ zf$y-#B^tIMog2@DzzNMqEy_wUw47uz!t_mR>xGYk!iinFZgIi3xO$OWYsqcw@l~9I zobr58P?lGIP7FoZO37H#>D5d4dpGF}O;Xh?Zpn8w7A0t7h)k0ldf|P}fPu>!JZW)MC7J8FM4@|mE{`kv7Mao;%KNd zHc3qO3XlYQm_)annLvs;csi`Ukf+$I@9@df|Ij9(QKG`2Bmc~5^9x%udJmZq8xJ9* zB9lrzR#bZYhA?ja?af||xpyk?=Wa1N*N>i3*KZo?$i6Z1YMn4+_A$xJQV9Ow(AjbS z3iwq8=Dv`B;|U(`n)`~=&7sRe*s-t~wr|nj4>02jHusuGzdv(+ zt?w11ez#gw@DW~I{Gd>$fB7nB50Rgj2R-tCdja(wvpQIpCgC_7m-LN~rUw{Ims<#l z>5IJs0@<;2Z`b4auQ7bqq@<)GZsQz{dziq;uvSCs*T?>T52epcOy{7lAV1Hlwsb8{ zD9rIBZ)e%z18HET`j4>Y2d5RZ(!^;3raZ@>o{Y*r^>13wFs)n_JwMh^WO5uMpN~`# z9n_h;SIbvlkgE_3(Vlp%LkwcMx={6zv}aSxWgT^IlE?OdR>e&^gZFhFq6mOC{@sEg zF6oqCw#~WbhdZYXWi<3U9_Y0^u4Pwx6vlgxkkQ}CT6aSH+`6R&OKQA_tlh&RGAmsl z+Zqvx)HyucSsvoydFFypm&{M#+({8GoZLJ6-!2(4I8m`Y$)8v_=X zR$)BUW(|B;8WY*w=>h-79v6@KdrQ}dStc4| zjuoXV2zm4Cp5IFg@ee6&&}swKwdC_0DPy!;IcA66#rYRk_~CuNkasj7d}(^Hq2fIa z!xKXwkShsBri&H?o-+6mc-AoX=I_7V27G_LxN&PeV)rE$wcZlh)vo1ao6;dNUU{GD za7MryxGFVT85ud9R5gf*y0M>z;&5&VEdcG&T%TpWwRSORspdAykgLi}Ooj4fOEC|T zaXog^Rq11xkV&3C@I~3nx{Dt*Cu-&VYEk`7YKemH)PqFU5;ilKa^rGM4XZW-yr;o1 zU=VrTYohy|&fukUFcx14s`*_<&mGP8?1$$qK7cW#JD!Yf*tYCfd}s-u7*~v{U^DG@ zQ*=@oVxwY}MS=CK_h**rV{#rU79Mu&L4hmN`w99}^VT)HpqEafZw$+`A49&B4OFC3 z+{6&u<6PlU8ni<2V6S4CuPe#IeLn7>+3QO^^dv0LePNEe-}K|%FPR$Knp2LN_h3W0 zi(;hp1@X;l`F3BqTaxYK7bX7tW77)Yrde=nU@mdoYl#XoK@F1a{z&>jfs9l18;2SK zg$&{E*YiO!B1bh3Js z9!~1~$sEbbeOrN!JA5ZZlAN^RjS>*zK=+4nB$$~cxu_MIJ*M>Ob&1UP+N2D~AbLPpT$ zR*E}fl%rw!gCUhp@#pL|0!$?qwZ0`tN|NBRnewq~TKiUQEVsp`%;Z%7f^X!cmLzdm zZEuE&oXzILbwJ!(cxi!pKbb)hW}n&{t3QoV+$_jm^&K{>@GLyvLRBs#x>!_M6-Lv_ zs+F>Af8b|W?om`&$Ko4NQcLg zPs9Ax(v4(>F2_5RtG#OA_Wc<+TEPx%jZ+D}oFb&AH)fS#5G<#lo!1$D~iD?b{IZ}s|7A)J7<8Rca zf~w(5D%SsS*o8T|5B>)BxX|3+@17Jdc1;2BN z*U2MJ99(5%9gYtF+B7wU$XBaIGiruYhY`mUtdjdQlYj|etWTAZ$d|=3Axk%-&6@ll0 ze)uF{WCx<&0CXt9AiW1RoiJDfzF-Qn@Yw!UeLxLJCRn*^a`s2&(3Ba_zvvxjemHu$ zhl6K3SSFO3$CVX{-}YO1<#Oem?DdKD5m@u3Ln`v{_^QvpW#eS|jw$);M$fLFH6bg_>sa!c&QL?BDR>FNFL;%zC!9tK^{=b5|W~;1E1H1IyuYkwh&D1%` zU>PL0xL19Ds(`8OUVGB!leEwGqaxYi%7z%xh!C@+bPztQyY+6m1Rt-y6_-y${u zl?Oz=&`3s$j|im1^K{hR?ZC{m5g8u@ER(ISj9-tV!djVSsA6Pn zbg3%>Yy7oBr{M2lBWW6{<+t}*O)hfKdGkxexJP)d&k5Cs-@|lPFRDQn+|_7O+w1h6 zPYNj~K+Y5UHcoL;FrAK6a<}3$JkfW3BkCpw$??@2mg-^v1JcjJRuo^J;C>H6c*2GS zqM>yHPhSdrz$GdYBz+*R)H4aY$UH6Tr>tP-@2<3mt7*VS9k8u!wBHh*%S z+1!3%6~QCeV`PtKt*Q~5|w zHUJY=(fdrMAGBA(HLwO@4)4j=O2%Ae9q&U7sjRm-H)kv%EGt!i$T#}qZ2w-0QST^Q z242d4m2Ba4@;BF) z(UqkGZ%`%(3d3^Z})6WS62M0fB%H55IMl?o4KX;-*PLE7YucL(h@4q~QHdkXx z-!6kx@4mSuReHcT#*{PmgB~vuoMmvA2ru8>-fb=x5gAhAnRCB!niUnF_olD@mMQ<% zI5(E3z<7{Y#|T?=S@F59Av^xGOOLrXD$XBy@_gaYh{0)Y*xXzH+Ug+wor-_I+a7C` zsk>1SHFlo}Rl9caMC+AY^!jkR%ce8u3$ z`mEJnfz|f7G-~!MBvckMI1-C}3Pt$}WF{22V)H0{t01=BP4^6RO=Eh3oi6sfq0lud zDGbu%oSj?K)MVzJ>B$i`7QL~OsC1{Ig;0U-#EOhvQ8k=10{ZjULbNM~r)D-eZ}^vE zJ@`zV9|(=8=p%=Wv^C>by(hXcd(0sG{)?Prc4YJBw6qPnB@EFNWf7*>(sbfRvEOCT zBAvkABP4n^Mw~G_JsGN;zhCu9?d7!>+@(!^9Se=TI0Qg(hny4upjV2!pFV~N)V*h| z0sj@EVSC}C{hhmy$Xu#q;$;>@>3im{wkX+Xd`?Tnp|H=)i<6&;MYCV%sgwuz&-*@wnDoysXoyyeA^ z_Y6ykO!;prUPc3lUVNez*WwnH#7!=~a_xvc!F{OfNzsWevSgeQY$T*-L-9xQVWHA~ zNdy=}&>y9+^Y(*<;c3?RUaBac*Zg}6J2s1|M8sIqn6J$BmZ3RY&fh!no1sN6c;C=0 zZSNKRyFXWe-zN~6Nz+*KFyxta@7Be5ELq5hG~D!gsoU-fowDr56)w)nu#IeX>k;tZ zN$YJZnM-V3z~)uwk&Jf+(F%_*nm{OtT%oh$x2?}hG^v@e&5)-$o-7`-F0&FNCRvvY zg=Hs5q)j6{nPAKB^xXKoKQDip_|NM1zk9L!cPI9z#HM5^NBCLy5 zf!>w{7DsefVMgvi^F{fWIjc#ePf&YLQB=hDm=@L$dOSt)NlRs3vTfB?q_$ejk^Kyt zwAVPssE?1xeZOj^PA~4jmHKuBk!M}%BQyiprlVv8Ul^)FuMp@73f_6}!zPoIs|5w( zj)cRJ^Y_~a;9^KL^pnP~)eFGw(&s632gvx8929vM>xs_ut}WXKL?9E)w(~B6CHk)i zuJ=D_+1?xT(ArwLYe8+Il}X{J4N{Ds?axzo)jt}dCES`+pDvc3KiDu4JmLYQeBmC~ zdwI;{i(1cXu0D5q^u2AvJ@=K<9}*ohPUT>MhjoXYTs$~D4tu@{Y=ZTROSaO!U)-DX(>9)eT$ zFs+W@Mht`0st#qs`zh8YK8$@G<;2goM2$rh*%ryG(0p`yNPZdO^+zXyyPufjS(*a!MO1toNmbb7p#EB>zh zVCV`sZATNWL}BViKR<;ex)4E2En})hosj zX+!j^zJn1mD~S-RqZMq~dky(f!vSxjP{mBtVW4M>wum zeAyrUZC`UN~;wY3EIKRZGAGyS|E zxtSMA3Lk3GACIWG$_^aOLzJH;!8>SQY;wiPas%42nUjkeDjCt2%r=T^D*3+jObr&b z4k0pkf9yB#xEqX_wY6h>_DH2JeQ5*d-xdbWzkVn2bm7NE2-kGLrAk297M7;Bva>%l z>>vHoe*p$3j#NC=0>D{zxTk>Hv>te9qoZ%rjKTk~a^X1({*#9h6oJK8IsT1X};X7(=jZ*3R?~n_L(`#jRk-OTVrhIHU85mp73idT4u@ z8q9<58jJFm(7>gW%6Hd%n@Okdv~V20WznXy_19-PP2 z1)Vq25kRoZ{^=3@Zu6C9Osz_$va-$nZ|lHCWjq<02d~Q^o&6-cV|!gTqz0yy8kf_e z|GQgRBk+6&4>5WxHvZ81BP%--QzAsXOpVFB&P-E!ORD;^!e>1zjQu1iX?q}ox>el~ z@+hUWDXp}7WntINq0mMJ2npXI!He{fL)`oK~ut3;vUBq}vm{0D7z%w&fmn%vrV z%?1}ddU*QnP1m6^Dc^VV=!1FmPEsF{KFvjC(Phz9@U4Qo<=*>+KFh}Cz_fi!tq7`o2a>&~%iz)!)+XVp4ozQ^!spGWhXukQz*^&C`Hf)_G?u~0%@ zcEZ4OT<=ec#lRJz1KB4L+OW~USyoB^RTjVf!6)!_>udq1hL5Sr2EXDVhJs0j8Pfy2 zGU)lm`CwxGcaW@*&Reo%cICK)Kx?kPwKO1)SErJS{`IwD`;_%T^M$uELf8D@E86}> z&LEbQvE-XWN&E~Ra{F}Tn(G^{9fmxe%I(ezx}TRK?|2C)jf~ud>b0M$ZO&n*TNjTO zJcqvYz-aXZcOEV)3>?Z~&3FcL>ewMxnwi_oVLw6w5f>v**Z!Od|KPHL?=$D(aVD=| zqymd8Ko|nXFzJt-THhM{m*uv>qfx?bDIL%wQO`}i8-v$sYa}G(PlXD?cr8K1yxg&e zZA5?z`8>WX5d2$UcCKeQo#jtKYTjRUKw5fpj-UMby6wiTrL6la_d0C%)z-C`bGS4I zPN+|5&ptD*sLc{ad248tf0h@iu@;#KfNcEvUuNjaHZZ#8>JkQ>z>HRBWxINDe5* z7|SX1>;pDN-oH|a7JvQrs06eB1M{`o`vc~~8_A|kun#xzZ<+`HZIi;yw7kKNx?GU} z8UHeek4%-4ou+egN$2gr2A}wV!vtht{X*kY-jsW<3g}bu1pAm5*`|-p+W>L9=)4dl zG=zO%MGWmNhi0T~raxb)Hvdi~kSyNf^e1p!4|UIYESA>~QBq_(h4pbNw`b-XNaasE zy#D@I!{`$VMi#!&6GH-Q8QFkp#R3Qe(#}R0Z=tw6oUN@HXyq)+eqLBWBv|~5awv$5RzYXO~k&5jhy)`qL+9G9=Xdg>Gr)Ry;d?qti`uHrXuO6 z8Nb_hO8Qh5>F4&$3u0*`TswZQ{(Guv_C3k_e!ZInYHHRg$^RgM4_zpYHB5@1fYIOmsG(x3`VkrAwS@e%YzNMuu`8`mizM+4A(kS6TPwviw zQ!H-~xAj9CVX-;1oE{q|$(PsgW&}=u{0^pAdVH6&`9vxVCY7qlyALh9T+zM5zL4O9 zUs|$ITxlX*7VFKIuQ#NOzB#0kWzA{XS>v3-lxOt-x@6Y=j&}e_!9m#$!0zPz=Gn^;#4{RvkL?C_KxM-9L$a(3Wb2I^x_|e&Qw(~#=o!BP>J3Lhf7tuFl*9h+35E!KL0kN4KSWq9RLmv3>m>%hd zlL0m1{`l32Wz77|By@|%DoDNV{!mr1Wi#?e>SLp)_D7B!b#vjTI)TZ|kG3t~G-6_w zscTP*bH}iEE`oohF8;z*62c^czE3Q>*i?;bR9dt@utoPQTD1N4gZ=1cIvYE$z2YhE8@O;!5z6rK#zMn!|BulhWR6XkDTHRS;S6FCE>F?eex0 zm)`v9i0`_bruA+I^94Ycy7Qiu+n)wELs)scHq=DQ&m=#ZVOC2BTs{%%J^AcV*uv#q z2%(D;Wl4{#GQ6fRtfHhO5obr4H1I;erD}hnZg)3p2N3TY!*~Iem;pu#x5{J`pf+!t zcN6BSEiV<^CmXOtutIq6;>c&UX>61fta&&$N$&w^Ey&>rN zhkSE1avR#`HM7J*N{Sb3V5T+st>;SQ&c4(0z6<{g^t-4$ci%r^#*y2tU4X(8m2m%a zO}XtAneri8upe5BPfNIP%o!uvbb!H10$;eMWIrhnKWIINme@pH<$*l$qr#uwJ1HS$ z8zy+_?}Fa_k#m^zgM_OvTN@_HYHGtqrarjF4$Kjqrt4Lp&Hwha!Mgo96EFLy&CMvM zXTk+E1@}p32flDIji#qP43*^^Y3nOxBx<$LN@!{mx z3z>D>AY(E(pYFT}_DAO5i`7?h+dExl%D+*~SvwJzBA8Amn-9*0sAEkO@Z>CI2a{A* z-=9(8XD06IkPwGCqNV*h)lA^j(C2Dj5nlmye>tx~G-$rf2F_^Ekpti1rbA0rZ>_J^ zGPIcZTrx-s)dwyqeO(=`?;*p5=pI70*2Rk8s zBg{rTLq;~BJD!bX@jcSNys!|Ip3&IoCzgZ?z-M>VA;gD73pB7$5O_fIiX^HtsYq>L z-iyuX)z(2^dq*fGw zcN!)`vcO{5V;|?I;hxu4C)jF#lR-~jLul_eo`Rpt|<_r=xPA1*{ z=bKM|y8=9_fj?e9qhY{%v>XpL|7$_a8OGiX&T6pu-4u}Cve~!+@3hyXDu3SZINA!Y zTtn>q7((1b&ti_z|5TDjd>K_@C-e+dwwXAJm|vQ;dfv(VS#25^L&ExP%Q9?msn}P*(;PQb*+wIV01J#9oR~x_H>lYOX%0V1UJ<@vq4h?b6_nO%npD2( z&4Pr)${LiO+(vlVr8O39#bkFd$Nc=m!qb~i%Oj6B>=5zF69*Z8ELI+U8Je9t zh?sb>AK-O4O{?4LaXQ+6eqdt~8cJ``dqtt!`sw>)|>PQ=O;g-KS z`kd7Lu{Vw;;}np|qFRTkqxnhN+StwuyN5|3N)O{r4n&$y6H?swt@q(A)=Irq8$^~8 zR$$th2y=Ud{moFGm}+8?iCX-dAJp$GzJ0b{v_gHW5Htlf5)Bn{xpxJ`; zj;rji58C+L19$>3`|ct0GxgYS(yQTs*}6O`+)NhEuLE$;Rd=4#0_WM1kG_&Q8T_NS zMqm2yTgltF_qj4O@w}7p4x+P8!vrtJ(2HJnDbI@+SUAA2@^M!H6_{`yH#fABnU2VS zvfZBzh8ISd7fsoJQXvx=IV@7bblpV}RnSOx{2MvBTn*yZPkCHt_7GUQi#5wlk5-%p zU!COaNpA>k2zBGtRzc@-hB{W??qH-kJ8b%7Nz5RkYk$8WxgV^ocKA>}V%BE2XOxu> z7n|&}^nG~!Vw;ISr+XMWlIc^K8MFj`!SygX$IP9B>X5Kc=m;oSfxL9S>9lq##A)ss z?zy8l?vUT0^bt(B#hEf1rDx42oa)0;ZBOE!#3g5Jm#30IFDj8w<3#q6BqFE}-7U`a zRDuhS>uc-OtT851`?KUC$wG=?Tp3Z#V zg%IPhGp3Y1b6ux+M28|uG;zzZ<=}Rr-m6B&Z8rcbF!fGHUizqAwBeYzZiEk2W1C6o zG7g~j$G1?dNiVidO6op5Cj=X{{7s2JTVBR;G5Z_N^-!BL4l1A7e|EEijs>@Pt3A(s zwTrsmhfxqQcSJ+wX-lI-?nW-DAHQQoQqI>K!GL)Q(SRK*U^QTY%IM*Hf-T^Chi7Zd z;VfF_*9u=hx8dkMu-OX@eiF@M!A0l%*uFLMX-K%23&84+g~$`gQ7tikOYHnpI&xb( znHrFpbDo|f|2}imY|`}vr5im7L1o8mLWR^LbG*;ro+d`m#wKrG+xxY(xT%iV@p&uB z?O2(yCzKgPI@bt)-5xNYGIs2S z*W=5#%ncopb2(xv2~oOh9;|KJhv|apdhH>?Wek{1_V#1Gg&oXms`Wv@2j7tB9%i4% zt=l(AaJGXjY0%<5DLbqDXxd3F3%>&uKThu_7GF-@A3Ov3_SrQaB}^gKYJT?n2+BN^ zzPG>03fEt=Lm6+-+dgMvZ^eoFYR@3`F5I%+75)7e0u_+jr#M0@umb%M&Jb)KC$Y{5 zasCKsdEzFxlheW8t3Y_3q|if_$_^td8ADzO6`BvWD{Vc}?27_5eOjx9*gfVTisVQ^lNYmJOjCLwtt)lUJYL%wM}@#?b3) z>`zxD*@0O7;1O#&7(T-aEE9Zrg;;yL0wK#i_wiyAtzDp1jdqE43Jo!5_};(4oUFHV z^rZ#u*7~q^w()8P@Ylo!Tfp-0NkWl{CZH-hgDhLo_?*QqJ0(_V!;2O?%-g>+x1~H+ zwCh~KrmMJvHsMuUtx^ojkO9dfT5?P;|B0)Y zQOxw9MMC(v(O z>I~Cb=tI8^_{Pjo(p;4I>SqX>^7`qT$z{+~#~Qi_(3%X|*4^KnpDPo7TblTKmfUyC zQX$2W(EAxvxDOZFK`{xrP4dhUg>(H9(dlb;BSE(Qw$Hb`@d400aNz4k0gg1jy~fAn z3?{529jb4`y{9=g$wv;H2|{lX_#XJldNbDdRr%sK-WumEWs>cQ-8X+<{P{I~T|(xJ zUr3DHMb?&S)bfD}<~KIzamC9gw-*Rrk*z*xT2bo^?GrhEo1<{GP;gqjVKct4%yYIS zlz1C>A>z3s9L)}?(7(u-4PN$AfFCC(n;v zHpjT=`THN#e=OXHy_LzHnw~F}bX;m>jEi-dxmE$`k5+B6CKv}kwN>OVbig^bUYue`Qx&-L&PQczZuy`+KnP(}n?S55wN*5ZIS{Vdn9` z;k4ag7ip$5O5@f%g1GxL>(7@R=OW?~o!gHp)@E`3I9f*u(#5(Q6fr9qfAzurJ-5hv zF^iI*I|eW;exW8$WrPn|i^-{X#3ea*HRJb?9mWa0m{B7QEab%aAdwG1DBrThv*q+# zTbuDS1zsnKhF*VAxy`|9;BBwFz-6U9uw+xFeM%=#Je zG_p?O9XZw+CD=w$Y^HuCt$RrW>F_)~EWLXFxa2F3iuN46olW ze0$&T$kN6WuVG$I0NPDIR7KDhN7bZya%+lQTB1BAdV)F2Z1+Ofc7)w#Pj@si8TEC& z^Q0OgAN8y!U4E228jPxDGtiu5ym2t!-mx^QZI z{M)Sru0sgC+L(QMc+o+Izil^ILLZDp0Do=-;c9coZ0&|ns=j>e_*q+ubsW6|wn-rt zt`B0z{l(0a6hZ#dlvt(ondj@;C&AnU+bYfSxuxY8T%iXMdI~BKghrjt&>>xQKMNf)sn@>z;Hj4( zMs=!f7I$-llwb_)jw)jk*1p{siL1rDuxDbQ_^CO@c8tk=ookCZ6#`-y9&78sauiff z*JgO99-kzZ7G-J|_2XN_AzfEfiF0Kx;1AsnVN zj)^H+F@p}%K%eXx9`aOZq{*cZ|I-`W1Uy0G8c|}x$E#}uQ%$ow=wA8kIQ_Pzx|Y}< zXVaYhE9tHnz9seKMQVSq;c)2^KQmqL?a1}OCADmv;w1rQqcuU`C>FDnfZNN-WvSd5$szMmPx4^HmxE(-$a3+X`l*WY@;$1XU=M+CT?L(9UHT_o<(w*O@s@zg z=XPPQmP%>b-m6WF$QLtRgi^|TeKO;z#Sr)!QN{3OMBhm%8I`S@yB7bU>z+*4j6@iarXXr=RbXE z)*LXsTCe1*owcY^H9Fsby-fsNObkhc=*UWU0y(NxV9e**vnJ#M2$?Nb$|AR!X2?$+ z0f8a;e!es+_bNgldh{v zaPL4Weu9A-JAAHe$0`DPFIK(|$Bf@b<5?u39wg=U=Ke$Nqf6KxRwI?QS4Gpqwh#8% zh%-7@$ct=`h*u2i!MXq>5GzOfbF4D6NR)}Z6yhv;ih(t7b9yPlL$p$l^Qjh-A7RgV zupC_0+@RO>P_uxZ(+P^$U7J$Jh|11S`ne&Eo7ZK(JJ|9* z!#U#5bd7Kl>se;Q%}YNaXH&lk;#NN*!_@%{F<2VipH$XNufVGK6_SD@BZMu&2zsz@ zuEIllwkUc@U&4>`I4!ba0MVdd!q-;559cg1%Z1@#Z;D_ zri^D^m>NUR{^ZXg?!PUfaz4T?ee>CbLoE~&%a}E0yA&T1!T*MTSp)OL&Uc#1Rrl$r zY8Q|3q>kJ+U=E`rVJRwFDd~|8HH?8aOwdsa(^6y+N;8A4*x~?`X+1e6y)#f;l4!4P zv_3Xp*iv6@80%)><=KL^!PNL%ulQn?!uD5wghdq=HW~}w?GV8;)3P|VVp#9lO_H~ZqaQoj=n-Pr=Bc)mys-6Cr2h;nwc1D9A z-)0NJsvo^%0&0JFDD`B5AJ`{Yu(L7B{Zs1S7Dga)`3QMhf?A(}{4XWHo z)Q-Jp6}TGBFo5e>(#GgW?jMC;7u)X)7$SErke<%K*d&c%rRDq6~z!w3%*;s zz61HLoB{|Kb~Qt;9tNgL1>#H3yyv=%yYT^eWjA}r*8JTNMs_ef+fDu{O}r#={YZFJ z7vF~*hDXBDq-4eA!u@|0==*Mx6hA|=w=oW;THdIZ;4V2-<{s%ZWPRYve%&d!4tH$! zp(P>u#z7JM+&F!ct1zqAP>nialc=ysz8X6<#QcvL=Fn;vueXzYzsYWcLG@d5vDSst znYF_MqN12Gj^)Bh48eRf*f7?ScVorPZcjU&^ZtUzb=)BjtjzG54C~xS^7$R-Ke4^F zAsPx7IA1!2X0487Ywu@+pv2tG*cRVL&gn`zs=}yMUhXV?VAJ(Vj-@EuKT!sCJ|SY$ z`}pPx3~qK_S$>9<Nw2W4pwMJquTKxoEDDeNCU))rrx$<>=zOf_;pU@VPxROW z?C3?%FFS#8Tg*n#s0-d8z)A5%9kC3DGYNGshpSw@f^$Pd-P-BeV`c0SXhK!ZnP~45 zkM=}Ck9EDi@6qg*h5juPQ2qKIF+yJxpD3*AV`{|{i5&&~^_ST52t5*KAkv1Hp6GN2 z_N!_V;P#P4nL&>=Z^H`y#hK;)ZY}>khMJ3D=b&?htPL%bT8?Eg&xF7?bMFidxAox{6#;dNo*M#)G9XaM5VIm= zvoQTEUBosKn+x=&6}jo!=hJ#dS@Nso`E5CPN}&}KmPSIYdF7+0E`|Of@MBQt`*_dG z=p7th>)`kVw%zX3na?-nhGoCn@O8jTIyj4gy#$o^NuE5bYaJ6e4I)wxxAjFf+! ztk^R|(Xvf$jOkIw_jn=PF8(BIn2z3{f_6KEgAnwKZZ8QkBTzl=FPkZjgLo9I&_@B~=XRsP|F^Micw*sEAKi?Wk`31y zNHEQR3-za6<{c5n>6DTM*E29KVd0Q9(6d|cpx2Ij%n$QM zRiwD(_w>`FH(lKKJhb9X1ZjR=D<7t{z}2PJx{MKHai2|&pqST<=i``oQ&&{}qUYJK z1c^fUoe;O+3OGHDFH@uKe#LsAUK)e<-1Yu6 zjvDXn!W$#5PG=lmL{vS9hfRpfJ7uhao>%t9Ex3Xt80|(@-Ib#Wno{ed_iN1%{C940 zxeh4}GV5j*q#!^yu#XsaKG2jm)uOW%fbUrv)mO)dw5e^R^Y?1H-j9iV^g=cgsGF`8 zC_`g!OZYd*mA}1n(_iJeWHrcV_+PVd4n4?skcEZ-`Oovq&_4F)xW%SJjAQAi7dk~V zSOC%buJ80j=@UEEYI!T*8pv^IqWk!?oY+D-@$my#3a z&nx6Q=a@UYU=;v76U|DI!8)_bjl>8L%O?5IzV^0P#xO$^8353f;YiP(j(+-+)_QC4t z#~Oo)Qs+Ems@0{6%6y=S8@KV>+sgP5J#pnqsj~I<876+ooA+%fzJbxMop5DvT7Iq@@Odf%0g;y!k1P9^r` z`;su}qT(P{J;npmQQD_``*ldNc2EJsB-G;hZy@>T*;VdeA3&(qt5BUviuI0ynfn^@ zO!!(hm@Ca!Sv<~c^OrY9lCDWCSMoyNS>P4z_~%YnMD6sKXxT@H)QL*C(`gE96!6POLP_aljM&n|-cBlB^&l2lukP>Vy@Yj+3XmOeMqUBkt zm+jEVd-P?#j&6KemZz`Ybio-=umH(gGlb(7nTufSWM89b@>BJwb&wOLNC~8ZUm;EYz$y2 z{HJavjs3ssW^98^A}PWuNQ7bPnCLm9f!f2#ozcee3sAg>T$XHFS$@uLUx8jh0V6J5 zKl56~MgPMR^Kq?JBQAQ*Z`-AO>Qy}QQlkds?FRh5dZY=LBe1G|1%hhw0-pCcQJPVk zwE&s3tmTYFuInL8aFGwwKcOfgROWskg8P(hkskq}BQ9FNXb9Pd{v9vjn~+KJxcE1^ zk4M4P$3#9bYOZcaNp+zrEJXR(0ALb2DG&i0rQWi!Jx%;$jhQ%LfJDGazw-*5niidT z0_BS_VT?q!)(yxSdyOJ11_1vkUJ`2Pula^ z__P7;Z*Dm9@ucIS^@nBQ9B(84!1`VffHWmqgPlh3%m1uQ>}Cu-;cO5%{u<&x%0s4( zvEzQf0LIF?pybh-WL^a^S!V}RQ@6iSM2l8vXgT>G0ui_U$2i$XA7Nadxx2l}u4>NM`N3y&)G{GX z5wSA@R^J0_8G`P;fn_AwzKX}(F^tbdayyF>Tg3jJML5E{Qhi8d`S#Y5OLkCSS>~8k zx`6J%$CfT9sh3Zm;0c`%Kar_zio^@^Gvn059Wi{9vfx|HRNU&3O0e7cT)zLu+aqj0 z!T&h3+%LkOSSb|!HiWbIWZFlo#f-Kb-x!Shmo~C>G-WNZ5kxd6>_|y*Ff;zSn=5Lx z|J;9?r+c=O&VT(W%MM|$I(1hehiU601)U=8TET%076>p`qa3>8l4-@d4zZR$QXxN_ zdZEQu$t9U5h`wb;+9vqFRHq+Gr0yJmtY=*i*`K^_pawdJAYN-m&-x3tl0{BN?$%n+ z=7u}g)7O@sl8jf=r`Y#UuO(l^k`kEFb)j~ipF!*MOHFKiy22^pAHdvo!o%{YzBHqS zo|+c9%bpOF&*v8$t6t3nl>Q(6qOORvZ=PWWL%1*l^32jvv9>VqdS zqc)!}d$Q1eU?ur4U+wFxqH`v@6Y9;;T!X8%S zyI(6LY`3S1a)<(Nt^^kK%Mp56%g7twl};&hUw{>OFz?aaqQ z@5^b01C?g>yG5_+bEH%iA$5Ny;ZZ=@;Nj}CiO&i%#^PT^^erwA~ zEHHpD^!f9-UQu>CX)-_(x6zm9E$Pegr;*_g!lzof*m|s7z2*8Fk+XOZK{8`tKzYdW z*(axShkpXb4(9nw5b7wYXbc1JsaocbM?ghEP1>Ddv~@@aqa`QCL$;pNE^j9${Pnkw z7lskF5KVs7i{d!k3c}0e=9KG)`y?5Ga18RRO%0iOgDd%zZcfYbrsD3|;St8{sI2kw zY=)0W5UoMFj3$kgr%u9isldB|{+pF(7RHBzFES`c#k&2qF?B5G6?1#K+}d_D(k*V18qCMu6Ulr19tk%HHuka-0JeYtgF!X&!Wo{UmZYH zcR^(zNofydCgbA~N{lKfsNaz1^s^vj2?Mnky-9i5%{IJ=9nN^GtR;XG4h{%c)Vb-hoaas>JRgFbhb_jh?MECZj@lKnMi=YR6*MiR;nW;`FU*cO#pzapUu^c|6+T864UZ zk4at{N>3)m$VO_K+f^2fbv*h6hT;_`Qz1f2}%ukN!%>5 zpNWJ{XCSdNEv2Xf);5n7rAV=HjdP+2-*YOkg*#@)j^+UnO!LnR96^A1aw^Zv7fE24 zv{bzP=cHP1Y?~`wU=&T@8O^qtj!FfFeYUxI(7R~d?CR|VzNgN|o+7P1vPLi?|>3>a0T|*ys0suP<8*aW!JREV@9DoVSo(A zVh;oR96}s~fVt?PBXKK4_|)boTCi(tFe>o2(1n$Q5HGlus;_xR+poIY$;i%XJX)0= zHrz%P%T)s3inIIFO_@|m+%H^{%Ff(jqGB_U9^!)CVWoVB!&-?42>s#kpL&ia`y#_2 z$&vIoC6?WtoTFa?zi3+DPl?x=98fILCrRW~=<3dT!azcln^QvMEJaOOf98$K8@>H2 zLEXd(o{Kut@<~H~v?*p5roVWudXjOj^h!MR&nYtRn7HSD?fP_&^8h5>h0fUKP6fp=f_OC9p&umviSa01hzU&m2+4L%lit~5h31}L z`20ZxsluiD;gl{bx}l<|`t9Y zbg7!ieDNS1MRDs};u3*kHfN-{EW)P`+)_kKAG`H{8Z3owlQRwjvD)NbH_>s*eoehW1%@JR-fGgXHY;9#5E2{wg$}tl z(Bov9k#EDl6Hbz?cpA~;lPXQdPmMAfM7*9p>wIv~)m~{BG0($?Jg5)gv5mk=oaG1} z9HiLIVy-JQU_w@x9a#^tIEAs#M%kr7uRz3)_44eI)E428!FO0(j}+w@62Dnp2=>=I z-c!#ghH1$O$7AC|7z1`k2D9KUOm>RE8v0Bs*Gs!5#2^Z zp$6=k0(-?s0iNgnp+~OX+r!|8<*KDOeTj{mejX_>HhL@uTUeq;sOi}FxczmmKCB;v zQV2!PNtHDgs~_-p>@x@LaKB5vyOS)##615o<92zOoqf!IH@6RQGJ1L%fO2ck>B+4| zMRh9IB$X_vU0S+`BY^fsa0CS;2%x0w*T0PJi#X!v?`o@;n!jH3R7ZX!w62CH-v%4- zZh(SgC39*n0?bLVPhF)ww8s~RT(#n&dc1Lj+p|1t3LReibeN|Ekqw&BkO4f&{$WA2 z7938ZY=wKbT9qC()?V)imf_Xr%wPV5kg%~h7^KyA6osatAF1zRL+;?xMN~gs;4F3e zo)dt#FG!Jw3SU9HVgL>7%9g`tz^atU&pWysj_h+IRZ8kX@4#MMt?iR>k?>1M3uswh zI7H3$gR5PlE|r0|fgNbi83IE*Kjb*Bt1F#5Yi$FU(Lteh^rP>~D=SRhdBxFTZZuSv zvc*#P{Si#dU;{tATScdQFdMS!l5@}&ci+X%>5v(wc{D07eh(WT@)SrSs;t(CGsEbS^JvMUg} z#nBUf3QC18%e{Z_VFm;-#nmdQ&no2K-3}iXE*CbRn6D=5U`!iQ0bE$5x*8uIpgqjRW%=>(3C12hv*%rue+vA zc9mNvzqv+%YMN){U&@}NE205um|(9nkD4YPq}3_*Q`>w+e4iB~Ne=UFGP@7C(%x~2 zH4}+ic%Em1z?=a&!O5MC%&u2#!=qHwK#@95b2nBL6-c&>HN%UWzlgY7b}o3z6@r)VFo` zIr<&qAj=k3T(k1=h53*2*vKAaYm@*n;MZCm=w55^`Q4R)uP{{QN!KT0; z7xuWn$#2}~BlujAJ-R;g?ds}g(`)Ap1La+~JG;51QFgB{dtd8+X;`nU7bEho)|U?n zhJVl9OGc-o4%BDe`mjO6%ZcEzCO4KRG?lQ?y!dG&dL$h8YWAOWB4!Y_{g1Kt;@Iy>! zIBhUxotT;NYFfx*2{avj>7))9k{ZPqUxpgTt*Y&I><$9^(#-J2efb=j7U0!a0B>=5 zNh+Z87jd~58o1i}G5gk(Y5b6Tr_p|?EDU4>fem=ITWfr57SmHzvTf0ExyYj>T>u7SSJ{cjs)2^9Om!n5CHj4xPyw-#+zMT7Ad zy4I85nufuYVsI{;U`nOU#d5jO8~oSZ3ehn!_N%S*jT;dnPB5x}rbhhrLDx0g_TT?8 zd%QoQwLfU|M;yAZrIZXO1!W6<7n4WozN#*CQc`CjnRP~Q6bwz5Q)#sq6!*OpG@#(5 zU`6+FTtCiPB}zLT6*6x?UiEc#X%*lTPAVoorZ}14TQKPE8(n{~HO4b{mwP`1 z-)qDYIkgcY^)Sl5K1*R?!vusxW!6x`I`IU6%u_8=ro%H8!| zSO{RUiwz3Sq32L*QzlYE-FEZ}%S5G?`17D5o#^_5jpUH43p-QBjZiuBe=mpbo;G4- z^_WDLf$wE-*bX;ArpXE~33ncqFT8n<$vg~UC!%D!wzd;dnEm!Af{(FSIbLHRdVoV0>3FJ5d64;gKfgWh zsrQKI*}qrb)AeVmmT0s>Ow zrWPZ!5rg)CQ_#84?pw!r;H4608qj$f;c!4rlL-l)kD84Qpg=!96EN#3RjlS#y=LL~ zAZwWaoHDP@=T@EEynP z$RHBj(4f|>X#}LTX{DXo=M}cZ;053$3ZL{v)89kSEt@YYnsN_OS`Al_qiPWtXgatE z`FG27J1Kp5BIeNU+4_tK-n)SZ6u86EPp`MWx(P&NbKAA+KeK*}YYI(BY&E8P0Lye63}4#LQrmCpRPac|0V3>#@n~{*>H1 z^RbrREc72uxf~h_3j4qoYjz{Bp$g@v*SXv5DCjFBXW_L~pfGZ^kqOH^mR*+c9|aMd zEzhs<_;IkPn<<%+A{mft>-Lq|*!Atbd;(s1dQ?c=kPj@`*H1;uvL4?yHD&(n$KIkh zqI`U3Hl9B#`NQ#6V<-yyVEBE41?q5dWcn0d^#`(sg5~W=<8>0A_?2gf(IRvYdkzJ! z`*iZlP*Q4O_jQ~81XK-sgo4-EW zRJ3K>@`F$3v6KMoeKLXa-sn&95Xm?R0D24{TLIeul-W(_4e4wwQ6b%3GJpTraOqtH z!R$p^_SnBy_kPU(W@l?>>c4*dNs3bfOHB?j>+IVsM2eQPGy-fSQR`QI3vx!whtZU3`k)}36oiP1qH~HT#)yQl zi;%2&9Z7oHa@(K;G8CG>Nor({Z|Wa<=_*9|CfnKe7Xoy*iy!;ur)7xrvJC#uTLNz- z#xNY~NDw8gPluHPwO{$!b@AyFPRidKKg2hzeiKB`yETxoRXSQ~DYiT3XErkk`Bo)_ zTv%tYf)9Y>^=Z!|Ovi(u>b5a$pxR^{e=r>x_0+Z|Oub~!cwE`R&~LDZ?=#EzF|$qz z*W=D_OC-jOpS%*u7JiWtW}AEG_(G+tbX5Ge_XU;%e+}v^zD+j7!nou}FzW~MR6Vo2 zaB+9eeD(hJ@SXKF8=uMai^O_js=>|_r}~M}W2n0l=z`-nae&|qW#OL%d7*oDZjUdB zXDdBugTlj?oZ)eIUiTFkkC)t6RUuoSf>qF6`_T1`r1MhX5({9{F}L8$B!^c%Ocba5 zGc>RK5nAFtcgJEs;#jbXazjBc`Eo-H0N}+p{C> zS4dGA2k*=17dzLTOK;k`zbd*k9DOT)XsH?c)1=+sujE*2A(?+UYea+Aw6vww%p#ts zq}Hu2Ly7Qaw0elkxsvDCEo*f2;ej4(&jk1v%?ipbd`?CiO~x?Yigq>lnvRD)f5o-D z9k0i09*21UN%{tE3;%WgaKnaa9L_eg*mar-oB2pIUeuoto6YVv;_Erq;SFdu)oP{{ z>I0TffsiBcDEn0`%@=+ON90eUR`P~Ql526YawY_*(i#g6jf5n9WXc@gT(?|iMSh`) zU{Su&@(udj0oW#PPW6oA21ewo>31=0{|Ju&;rx(wJd!IYH>Qfs;A^%BVBpGs&cP2z z3NA49;$f`7;qEC`orDeMBsNUUm_7}PgTw*?Tl9Lt7oXZ}azC@Z{A4O$>%gLR={Z}N zqxja-GQT7q9+UCycUU#GE*rstbaK@Qf4{9V8}gY1&Ey$KR76x20)%z*$BX`GE|I@E zTg92<{-u;?`_z2rq%3&dt*Y5rTykPxd z+{*89))7B`Y`WMd5>FjerIu_r>>G30T(IUxc1F(dqyBsp#=D+o2tsE$o)=61(P*JK61-2Qs(hoQ z&JjD5|H6g?0p9;aII5R^%nvV#`I$3!)ENyX|%t- z-ckV`v;GqFL6VeGqv1>>)tR~Wg&kG!LjQ6e@$d>S1DeTc?Y#qHL(`}5WF5B`wt^ob zGPb1r5Gmu`Rya$C^EGzEN%U>YJiq84YiMZP?Za;JS9el*lgH*fLL|rBNW%P8u&p7W zBm3IGL12~y;Dc%ukO6i|GOEYCbLyEn+wug}>iSBvJzG&=12*KFN3FZer~T!B;llwdb2zC+QHfx(uol0qX;Iv zkFqcV{`Aqkhz<3f`VFxccHJ6Ma_n^Q>IS?>4CkbNMEKTy+cAP`Z8Eg8`p&6Nn& z6PRjqvZ`Z4YggjjC<1G)||3kQ;>$nO=$`PQ%yWZ z9+YG|;DpX8J*C7Xlu|uCeR;6ZrNY-ZVTk;gF4!atGMrkR_%EUKCIKe<&39Di>lA$q z<-0EBn=>$DvdqnA42wx)Ha0(o_S~W$2Nd|)px&65a@~tfG}1qS3z1tN@#xJ|=(6oU zPq>B>7SRsgDWaoru`r0K&ZQ)zr^&%ukvPOSt3poRJcXJqdFw7^o76=Gc$Ok(x4T|; zGx8-bvZrd*vMUrvs5!luw*o`$1ly#MPk8DBLf4Rt&rvobM0A(*!mV72UlM$~+uC4{ zzITPOf^FCiKyYQa+Ra|KkdF*DzW98t(<#a$Jn)PA5>Jv09`9&--9sJs5-~CbM;I`~ z*%lrNL_&r&v8wUijkPb%_Y}*zNYT&Hf+;)1ZB*xu1dAoNSd%j8z$wy@Qz0?!4v;drh&?r%!k!osu)aqGKhMHp>kS)N^kxDsGP ziR2_{$Wovw9^B=azD}DAb`TGBX6nkZ4Q?bhJf#P=C>lnjrsG9R_8o6nDaB{F)w0E& zAl&{vIa=g)Y%MOT(=52}+B?LXt~u8qm~GTq4%ugtE@uOJvID z0IU7M)1Jd@4Q+j?08v7wdVm#N8OdTPjbuaBn2=&d^o~E#amNt4o}c37Cy*bZFz^+p zqcw8!PsA@Qd@LdrKn1{sT-rjKU;U*vV!b!~Vo)wl=8DeWg={>}-i0`$$6eoeVfeP! zV(M=^O=1^8C|(nGCF%35z^t3(57=-b(!NPBB_1__&&waUFg)4TMx3f8wvpcJ2<2K0 z>)Ei8u`wl6H{TV#4`eycqVyHL{|yW+W8veW76Kn1**W_ed)mq-z44(gg|SZMR5>85 z8PYHGBn|M5-+_aQ(nt2{!0&I#sWYBZ;vr%MDDkPsE@n|HE0R^c5k;aZM2vnGp#^av z-;D(cLmHjvd4zZae^8I!w(cUh_q?bPrK11+q!v8B{Pht6!7%hpsGIU02kk1W+UE6LFl+;~B ziST{_C72cwdY9YA~BYRt}1-!&iLr3-(VZ% zFy_K6>z1YSlHngQQd!6!;HWy{ln?)-waXqmnKu@9P-7d*%1nQaX229?nFi@gxi6YG#pc@(oN+ zk!D00w~s|V3D-{YNf=Vj__8yh87fPf;rze1zjl;F1k$!UpR4m~p9rK~dE|Zyw$f?Y zdVS+lXzOfEp;I^27ZC}bkLMmHrxmHCxz+&>>nxT*Ggnmcno?k6Ud+_7B5Qc5lqCYs zn;P?8@5&*i*$}BC%wxjC5{kC0qeNWe!f99a9iA8@MUEQ*mCIz@S?A<=im-V4WavNL z1`qp&mfuFl)g}H##VsUnT~L8-Sb1X1ySxyH5M|oP#Dkd^PzHAtGBvm)jluG=p~f2W zjXnRJW{mrPr`Z|&zo$u&;0NQJG&R4(#3Py+5yO7G98C@$V;0DoOWSGZL*-q8ggsB! zleKQ{+U|4mf43!fLMz14MqgyF>Aqt)sb3gjjcl@|nX^xWuDCj=Hu=L!-nxf@qem4) zACy_!zePws%DCiICsM%(D7gL;P#gemThkXKO?{*vQ$IQ=YMZ=2NNePjMk{AOFrdo+e2>*bHgLghY={cgxzOaQqx*G-J~np(>JoXxCm^#7Abh)zdl6ky~LZ!q!*k^kfo2V?&ov@8+#nb=E}f=sE~ zOHelGG)oBmxk4Gn(n#C@zZwP~fcrl%nEzIro=FLTocSYmPuX|i=ZxMkGF(X0kY!uH z|JS>m4yg1t=Ziz=CG_A9JmyswT43g1FuU1w3TZY;|GW(~xg-@4_CiXeIU}p8JVj=7 z6{>c*hf?f~@O;bvIN>l!jB+N=lmeB;3TEl?^pM~$jseroNOmX24Y00CBjEE3-E@)9 zlXVVtwwF1Fs_c<>QDK|`>HhFr{HK;cR+sKx6mpBbFsjFE>l45v+l2^ZkqcbFvh#~F z9(O%=$pX@b)L}2wcp@2#FJ8anq)W%_^+7`*=*n~`icOW*?kRROZ_yKq{1j{d2exlb z@{J|NWNFXOx_&4mK8#5)CE0eAOL)~jtrz+YaK7&O4EuqT6A@AO!p`na3s!=SuhB#W zltSk1832~Ids79rup*_?OfmEoEiA`9c`Q5NUFPk-Yg@!%(GLkze{M`&p9pL`*uM72 z@=&6sd!;#w7LxfnedvsJzh(y!9UzT?i|x6Os;SjEK9!_uMV~0ZMWaTf_xgS3m2@W5g?u4XF(pMbnWd z#Uq*^>3Q43BwqUaLEWgHt$q{AuHlJ#a2qhZn9lpn)#$G2h@SHL+g3_X-_e4P2}kL2 zQr}zI07m9H@^ql=({<`iezaSqC`GgFAA^x6O6Cf`#>QS^_Gxep#;xE)4oMQ5+yCUe zR{5d|{@qA9{k68a=Wn^eR@=NEV?Xn8SDsCCDX_#Y!-cYC-4nTw7`jx|wY0hoF1eag z&w?*xA{tr**A^H#W(Lx1MxbYCc0_sjWgrrF3;l~pLU4xPREsWCs^MiDYFowmYi-7w zQBZiZfxfMdDf4P)@>q}iUuLjWo1sM{5|7rTlm^6R^7{t72EXl$vf0o=%#dpR1(K}Z z{RWFiva_x)KfvBBdYM8A37lVb=G6fyo8$w%j&giJ`)va3uW`~Bh=3G-%+-I>JK5CX zsEwBxoNH|YrKO=i*t`dQ;$a=IMmKdjOICR};yE*+f&`)R7HDH!>TMn9u?(@RKfzqf@Vau6p-mz$BqaBd0xLzXUd;bj95{K{sB5lZrPdev(- zjWT%hnPS#f{c#$y3zmlV`Cox4<_G9Tfm+AlTiAVpfNQ(227|6(fJ&AX^#{GrVnR)f z)YS#BJEc_uWCaV@^%u{M>s+E~TC#TTHELS;zin?0@vsx{q4l{hbr-7qU`jS@2Z4ep8idvZhpMomaJLW*&LB)xxp)1@USkfe_~7bfNgGajOck>2lx?N)mZpK$*4(_L z`TK&hz68ayYv?^m!SL1QijFa_A^$;2Kk7r{$$%GPq~vydhu7WvC>O8nYqdj2zc1^h zZ4M$a${KKS3;m39zeS2KKqlMG*OzGfS>^K|z(6l!boK^2V6ma~O$3T*0}Xb}3x6z} z2UmaEPUvhblb;+Dmu?qSQu|cN=W$fpLo}XH4$bsS=+v zEzs)>a3YQ#<`{Nl74{2lm4*|Ku|<%LJCwq>C;wN}uZj1Sp~*Hm^ZiyYJ-q3YRE+ zj&T!eI6c>ht(;eJD|(h1o|F#vfh^;c{Y8al|5I=nFR_ey{$28`B!BHNg&&kq_(ID| zjK%PI!~W-OT}wUnS>VqG5tl#GdQUkTuwKUqIV7;@p3xF9P{*1@2U<^gr?{3~C{x%` zvg@;Y5yrCE^*9KE`J*yZMbr>O&lAk*pqzBplCXALBaQ6q8R`7b`9+wUIepV{^Iu=m zKCt!x+4mzKXQ$OXdHkl}ow4B>Bc;f9Wgq>_-HyZ)fc&jz^JbQUzEzC z<>l+abMUtBJ2)yPOUpA^sV@0u}*pWHzpC|3SOp;foLsp@yFA0`U z{!K6JJ1=A4R7?>9=rpa2=9lfp{!5r z@45tOY8>rL@!O*NV##$SbyT_!U;J-;nu3@4XdNj=^Ut=jQV+?cOmG!9LrkzNOUgowL<|Az+FkNtPFv8Al-v2w;;LC6m z8?;e+LJ2SzomL4gkMglb1}#g8igVltYmW5~OYSV1%VyE z1K&3@0cl@4!DG&9u`I9n?5Jy;-eW2yYZ#Hp8nj zv@QXr^oojv^hXr`%-ERWIA_YKgALaD)mcD(@$1JekGkD!@$L9t59wu}f1^6+tgTc) zUqr^|ymPiA(>41m5+#W8@Rhu<&oJ}C+W4e`-AFgcGFGK93^qQ+X?uv->4kyOv_dV8ewe6VN5c;uNuVM|N-tSK8W zCfm(!B&@M_^^H-tBh*6X$UD6Mo#yCdd*r8ozT3mC#&`*H#u*+f=cigKz#9yf>9I?q zxNb%T6#XJuUVg9BO81J#REr_=(W@Ui#wJ{@M>M4+UlpszPt2p9ePGxZbJA+&w!rJZ z=E;lr%9-P=VxH?92dZE1B;t2}m#*J(9VoUbfaq&g+V0ymXs@y@GmG$PV=U%7ddb6h z|9!!!Ch(g@{+oOLR-l1!z=Agrpfy!Jnf{1o(&eY*dNm3@g8$d7;f(I0H-qe<|N5;5s7{|h<)uH^4@c9B*G zDN@}pX9kj^gftwsYntD=FF39!k|{JYk2+>g$o=$gh56h-TVDD~=Y56}y~%_+CbWH0 zhw1aG09!NGqq-aQj)6v@iTR-c>qo=+D3s2}sJ@$An&m&O3N+l+4W3VHWEtEQc{A?l zlOfwtYW^AS{>MuS5>Bw2;lC5)j4nf4V~bW;sg~BEFgPZJsDZER?3=ko^Wj5d16`a@ z(ZZnbRubC35iyW`Fi0IF%e|FJ`gHin^18a2ikzN@-sT6IFA(^0CXMMVdMt=3eqFO) z_q=|DS=mWe@D05}MpjK%02inR{}|fl7p_*&b&`4C6_?X`1hUz}%N)kPt_KrR_X~|C zN5peNXfSZ-$IW!~qfI=mQD8>yp}5mTf@@m4%U}Nq+K%d(!|kR=*_BpmF@G+i!Vg0* z$%s_JoVjQLfH0Z;Bd1dIt&+6sw?Wyz`XjV#l3vH3zhN zIILsswy7~1=-6a&efW=CSSb6NBjf2vdoL)bhR4Tj0KC{ZtjJ?3pkl^cNkH6L`jgYr zfviGCCz7^yh+VH0zoiG)ekkAuHX3uMp!Qhd~Ep|J^evyC+6Ot(|ciIemoN{u0kqfqGKLCoGcF_m%4f-0mxHq_m#K^ zKj5(dj2?p{`lx>QpAVLsMgBJ9-oE`=tvYW1gu(b-O=arGk3V3pU1#TLmYAI#SFw?~ zth#|dw(cf%kT^FWU$i#@SNf{SE2q&p#eNO(-7g(|Dv}Sz?D!aj{$u_FY@si}Ozsp3 z@JQtI@W}gE-C?2c-tTUq*_ESx6ZcR7bu?v%@*=PedGK)?k`ClgT|1JInwId-UgKyo zB(u*^G;tS+DF;|ES=;+J*@n%VGV)=$*eZLR=Eo9d6V#D0r=<043zIrk9#(yzs^0CJd@UCWzczT;#EC4jbv zu@ZaWQN6Q2O7{|9V&l2PSW#N@3>8;$?<&NcE$W~_p{KX2y34|ZtJ;q8UlqKJK6(7F z65*K8MR&j2#fUdOL#n^A@vEU1xc_j-+K)I2P+z27Z&@32L@HpD@#GraVhc+S^d{fX zi@8S4=#sUS>)(LeF}2zj6stc!);8+!=UU*%TX&k>-)JEcmC%`6_*~aMm|d9CZ(n`y zu4GH~-X}vMJ+jBi=eK4b5V#(5#dA?%mIi2{EeR4d*^OvQBw~X?9zLTaMz=wJ$~Bw< z4NgwUdyy8=`H@_uk3prq=ERnST02xx|KyfKxa?qxt|1&hDV~K|Mc~D^9`vG_%F0Wr+#8kd0f-plb@Hd&F((h9H`g$YDYkTAU zJ~2I$ZLcSb@Ctui|622>_D)l+eP!gt!DvOE+2^Pb*r&z0z9IXEFRn1nOXi&P4R{o4 ziPX>s2KImb#0q+d7fA$?Vt(JLrF=UQD{N>m*79|{ti9t|CvvRRjQ_0z{T(l>SjIZU z*)_8LNhi8p_iZ}iRdAf&$=z`7L@~I z({&m)w~k(`8I0^0N%NFhKI}v^0#%1l-{Y3+r72llC$P71A$x_KB;~72z_z9M#*#XX zvyW`swL~_c`w)B$3RBsFo@@1_-claE?%N2-10oUCE>>Bn3X|bDNx+~!GjWEe4m=95 z0oh1MF2Iw8i7s9t<Dbm>3GFair ziVBWR+DwWSlQ+={GBPKX>u~c+ITO>fU{#5CHM;tLUI71fk2L6~MvQ3zXODkuc`R*A zClD_hWeI+f4+IUQ=C)|N+=;n=Q8jz$@GXeVEi3K^*CF1&Pc$$ zVU$J%@FuO^J(}jXBP+uCHJ(-y=kQeI_z?5ZTFwxJj5`SD{(idxCtzHDNq)4Ntt$zS?dW;Nz3c{&l)JLEv=6dL>LMQxXw6z zxd$Cl&PO`(*$zz`QlXRQjK*UAz?$P|OP!RJs~4K|ZUN>a=kseRmlZ&^p$UixR5&dS z`-2LiBf-^78<2~2aFYJN^ny`9@{hnmdu4eW$&5cuV^edmKJ1mqw()ilU^3 zJT`qTDeE+&kK{c3{Vlflt@Onr8H|YRQv^asnh)Q)oc~$xv{<_JEh^G zb%1rIC)1Rh=#n%|J=o2Q=i|vm?)D<6pvmf{Vyn*I>DBE$>-cotm$4+@j^`@60o*Z@ zmD4{F_%Osq!&sw^v4t-8*CqO(%6h}o6X{5z?{pc4wLjhlFf44ca1|XmRkv{R^ST0o zT&)CUMZBtetScTblzWLc@dklyKWdYT$viJW9=z8EnD^*rvi`$!l^_y5k1i1VM{s5Ie$`Kp=`n`+z^oidHHa>+7kPeK8 zL`}EO(;rwnY{e$FRnzLnKpE|gpGE03p{hz)E>+#WMnX(N6N{>Sx%P2O)%!8JkD{uh((e6XE+2Vk` z=!v%Qk+>b)(CRQe!(w`B;zp86V)NBH^l5ULXsHX{P#;1e?xD=K1TDhF@WrHw7&oG} z*4(;AP70Oh0a*Yx$HbOjjPBe?j6(4td&OvpO?K>ido7Re(&6=lU|(dcF9E)?nthbC z>$0lzkYS2zL(L2YUXXdX1M;r_i2Nk4759G8m8K5dVHGRQX7Kq}7J+H)v{if@O@DYz zf_N(E>1HQU&R~seijtJJu~5cza#L-sM@D(I%ktWLo$d~w8f3>&p)>?xVw|j$L)#GO zMDTNzCogp$Lfj9w2$HW7S@dpxA3P&zjGD2YG=Gg&8t%_EAp=Tkce{a}l@B`IfgTme zc{RS?VSh8|%mvvsU}xBKg-v4@>onLTk9ABz2@BDcM^BZ z!Ud8#1%hmj{1G4!GNtQ~oImyZj~xQ<#lN>0NjiLbyB~xu)U(xW!}u9U{PQ!*;yFlR zJNXL7^3W^5L@?y8vukbA&vF~qrcF(0QulJZ8`K#w`T4cL%Eh`YFu|b@ErTA9@u%9F zE0tAu=w$JmCV{ND>>h*l&Q^XHMq}fYm6hp3J{z~z_D^alo=fKSpEoHbGh~)$IT$y% zrBpWmFf2M^g71+SeE9@F@*GKCBw;Twzi~BQl<4C|A(lz4r}s#|Nj*b zkhbU$kuE``VT6>Fh;)obT2MMhhcrmXB%~YZ?rv$MyEkfsvHQE%=Y9N+-?4x9&+dEI zb)DCFKA(@Llv<`R&;5Pl_082t$%_$uWn zFaPT#D`s75zYQCJdH(5z#)uioMly9 ziEsPDYbls6u})XYzPKd5Ep;F68%6`m?kRNTN>R>O%FhjMiDJ0`?Zw?MuOE0I_P-L@ zs|d@_9D@dU|LPP-h7P)-N9SRm15sU=h@m?P(BA#py|>r)3}}%FavfOrY3!fLc<4!1 zAPUmz8!P^&L&p!{t>dMdS;zxvT`J%NP4DHiA}=a|_LF6cy$(M`Y9S-$q!H~w^m2Rf zfm_5M(3#vJH1s_DAMa_ig7JMx%Fxg=)}0IJ-BT7}<{IRWksTfPHBK?N}7otk-T3w^V)4ng`dHM~?-r{}|KjDj3Zhq^s*6s^WpKp~Z>AXpV z-Ufc>vgyIvF8bS}(1EV2{QF3?M~WK40I}`9kAYerLhSWjV+?^JqLp9IXMl?e78Qvc z*RQ+8WKOB)MEq|rL93m;i~$VR*yj}R@>dt!k+Glo&R;yBo)Ksa@%fh$j+G3HHKami zVg#YQlqkz00j{vTjkT{w3Imli1<-Qwbq2v-f=|xRTs^OEqn5GWuZjj@2zc#;Y}qKE z$l7b~j{8ycmm_RX*fxzd$jc7XTP&yjG%y4T1wRAb_F}^uNKrD9_uJ(6H5EKBYwJF= zOkSNyG+cbYtK5n+-?&Pv`*;U>!_RfIVb=}pO?mG?>sOdSl7E!F6hbXzHERvm+GPX< z>r6JPs9PE_NbRg4BglgF3C*ij$h85l_3J(cUc*)3>HWcjCd7nN@f=q5MlU>VjE43H z<1Q+GH@rh6F7_s3AM2nX*==#9{k`a&_x7_`5Epdu8ebAMJz)IBKp+=SaQxGf6YXW@ z6OU>QPHuJ?=H4jDzb+xFpVsb9teK?SE)>!DZWVqvQ#_tm1N6x$_ai~@-*=>XK)@qO zhc0(VKV(1;+?C5~!qwY!FhX?`W zL*#5l;$9LuqUqu>gbAVhY2=-HlGd3=N}0#K(}#<9^QL*dBFiSU0MtQHr$ zs^?C>U3!S;hnCl_aXq^TvzZ#!caeh|JS%MO3U-(oo^()x1@KuN4k1VwLP0)8FK0oM zvb{12fQGahM=`$mCi7Mknr{-fNy9t0i;4xjYyC@2w}XYS22*@5U8!4!zE}Wrb|sYx zfvr3`CzFy=MmUYH&6>rVZrbm*Lko>qD}7H&w`)dt;u%oq1Jhwfi(;^#p-5wdxM$Y| zl$#U;Z)`oStBl)|JWE@UXf#mEK91)(COhsS>0la&QU3NVvGsJeGB}EJyDO|-5tMC< zTwn!pVjx-E@au+l=^c8I8`rS4#Toj3dS-^RVf9wV^MVG<>7cx{bG>{PH#bM_`R~Y> zeZqTutj2Q0+~v4EVcgh$Zx?{fj@ZV|?rhk5A%x zRs~_91Q5d~7LqZh#%AoJ8Y(Z9Whe2oI(EoLZwHnTXP0W(n5Fhihad*o4<_lYR{cWd z&>1uV{V6c*T?|!|su$1lb?wTax{Lq_|ayOG8YSvR8`%o{MbXZ9%}H!vg`0~ z1<0$%`-y`;)XF4@*&(Tb&A|yF@%j1GtPykd@ks#c0OE1F-zQ)6{w_t5NtpmbtUSZ4 z!K$zLeuke}RO(Gl&tn`|Ey(C7`(0zi@Xywk^9UuJP}}6lcjV}~2CWegu;++eK0Emt zbNivVvRjrh&UXl|FYc)I3OErH+vas##yB}hkB^e~&^;0^=i9%IC0BW&9p9in=iV*( zc@>`yIgsO`M=H*jm4@HRe&j(cUyz6xO?(7A9m%b|C;p*@41Kf8Jm#I0ZM4dxI)zAR z#a||kz#5%94`Q;sw*#;2E}cbBSy~SY3QcuP^NxFnPfkEhvikZN`SdNuT(9qGnw?b; z8R3uhr`hkppLL7&3e%RL7bB+dKX6Po)`iNB81yx0sTXS&!oE799~rwscPxG!RIs-- zpguTsD(P#V+JZxK9&;2;Vf+%?VPuQe=HJrn^xPZ^XEJZ1AlGhP-5*6yDh3Jq zDLYP9kxVBe*FKix_x5qWe{GTS>y}OA_TjC?Jn$VDLQXHR`^WB9@DFNV$cUTl} zV};k=Fm;YSWi7@1*y{P_&6aA`Zcu<^a8fz(E_D}MQ?gl2R4sqbn^aCjT*_J`qcZ!@ zYNfJ%GG<*(Fr)FOoDmb#TpR+`TuB??iyAB!E_~_4n{|Q&;pW#^tWlLY*M1f71|4LABNnYA8Z!&tq6&aN0K{_f0_2cs(?6+8k<#isW z{?VBqX6CM&HjGjD4&#I)NPnz9HJ@kOO#JZUNAB(kpJ~Q}Tz|0#N&~N6_dM?7>Vcs6 zbR{Jo94kcnBR~Fv2Z5*QLN8u-JjFMP%s`X3+F4Vq8eC`nLy?U>^xUm^=c1%pDzF)E zUd4Cu8nnOh8NPN?PFLgUo9A;~p7KFi zwFxCMjrtY+D(sdd;DX`)lhB@OiA^r;nd%{3GN<HR-)#e98;F7f~xbXKb(JWN8LFYF$y_+adGBg z6lzX3j@p7A#ZQ1v3%Go&l9TTit8O zYshdvF~z1)xkHT|W|L^?02DmWyn&CdjqZT7Ub|V^@q0fx%O=U&(hE?oR+89QH_>4%u}+?B%E(k5MO4b9oqhEy}_7%?+mdU%)4mxjmkH)qP$!3d?Ls z_xaG5>Mcu2dSVuF6%aqveR({A)cD*DwPoUXr_4=$zs$B9dmL53{q{OKkFIu7Bhp%e zg;BHq3;xkptp08Ztp{v=bP7#=m%-o5LU@tXCJHCYgQI^RNn1y*&4?&zn5l$zO|Bgj zXqt1IOY#cEskHwr1u%19h+JRhW-Q^tZ7I8RDdO$%(^U-s!^#vOe5@CG=C3!#DZKq< zC;&0jC$Dc& zzuR}HP=6Z-TDu4D!@Ut#=3Gx5Mcm%I-DJjXc{F{;mOQV;sQOMW;^Qk)_kwW90DofTf&6&`MNnx8c$XkJdsO<e@Iu=rKJ?#Mfjs_V)c=YoCM8VT;OZ$pht zTo0Z3J=~iA#O&1OS8Ny~C;M;M_I=IS!b{@?o*KHy5CE|yar<#_IGOsOe`}m>T_ZwW zpwe;2%$d9lEUvFkae}B-UV3yy$n9)aCAoVsae&5_#Y5j;xFC)ihHgQ(kbJLMjuS6+ zr%J!`VDJO(=z7UecPAq*;L7(b$@|P#(eE4zN+>kGd#=}J_1l)eQZ;f08@FS>8DsE$ zC_CWCJ;W3ZyC8%dm%F7|6W1R7=S9Zcu4HODiV@I4BS@CLw@VA^NCCtyo2ndRBD7xK z(5^cNuF~dN{vP3TVz-uX=CgOV;3^zAknA)So7Zbp>jhYU*_whCl4{um61vkynp{g+ z$$9>6C9d>DU_u;YJ(52E)RL!e0P+-KM_47V^te9e5&=9-2(#nYWhoPo4Nf@v2FQxq z^nI-ZuGQ18jzfeBwW>+pAMg&+xudbf81Z)8{r2b#dH#B0F*I`$#@2lO*SA7Q^An}s zjK(wJ5WRmR1{@hiT?hj~DqPf`9&{E`zR$#cFS`L%D{_E7Hxg#Q^5^e=yvX&;(vJ#;i<)Lbe;M0~uzL$o-N(M;kU+8`p33Tr{IT2%A zTe!+ceE}SsoQFO%J&ELXy-ivw1M5K+i$azGC28>yjui(EwXve{t8?tQ0qz|%eI{&-BIEZOF)N$Jq~})AZc$}tKJ}~ zpWiT?{ZIft@BVjas{P4-SQym>8-x(hq*-C89rj`F^i!0^3%{ZT&qno*b>VP|%(KJ8 z#1~^)>Bj#)a|7okguiJ!3foV&Vh1}`s=IdUzemewGmUjGCzi`JC_2 zT(*Ui9!s!i=)7B}3;pL2`|P{?RiFR+>Pz+P!h?<%8;ZyPwPzTqhxy$68tir;6E-R2 zm}mstnl>E=0m_F$4uT-OduZpDr%$ls;kp|9(f2mRgZ;ZA^@EQ)V5? zC#9d`Wj1Ns+Li8bJKd{__+92-ZaS|uFX?mj*C|r@+563@3JoWvICWEOtFQB|Y5N?c zik%N^*YiT;C+slSDsKRBqg9M@foH6tyoyUJbB;^nsFJXvc*dV3^yTo5S?d!!ygl%$f9eL4t;FK*Py%9O9wbQgg?^w|jx( zvNHt6+c@>xU3WrlVC;!cWbw6X*$Y^f;fVtn7>Lp|u-MBGKr2OeS}(3t<*oeY%_Bys zciWaE?=|SoCuG`-6Ru5=UVj?rzRQfn?)vj{rnUJvK&rRBzb&>;TAbkCeTko(i0dpa zg1@b|{yCwLz#uZm&aig-hCJ_UV)RYNJ5%Wp5M&{BSInQ5=&7V*=s$f|U7zCQygKZK zD>uXTCMPk;)@r<1pNgNQODTuB=8woC1Mu7CJYNJ&(7Ykt25yo`$m3m+IhV+F18x z-n9w_twbAv5~d<@IY&k6Ttkc-a- zcASixq@9&jl2W3FEIoJ`ove&e8+iF`IiF5fy$p@L9Pr$TVulPP>*RR8RK{C7+9&vC z`MPY$jePmH;?3Jkka81^GHwgHW7(wdx+)My<)UD$pG6$0I zdjcS)>b)b1#fYzy5K^CdcI~#;b9x$KvM3Gph^EzZ zH!i(ReFMZbr~;Vdwc=?-h6!D@R)G*SLQRXy43%c|2|zVf#1WGiD}ZMtyiZo#y=kPN zKvUJz*TnVHw5t*ul*!cvWmL9Ss=bqdNDYcz=G=5IIHZSKf6L zhcnO#3gz{M2_77azM?y!gKHj>p*kUe@|Zj7g1V#3JR)i%_UawOKtTbnO)vDqg1JBC zPhK>_H!J|oIeGenp!EmqN5S>1KghU#hNbWiTm=BEI=7yp0oZ8M;;RH@Y9|}{UcEaj zEp_^74LVxXkPuz#wf&Xt`uVs#80{!%B=wg`nAZcHARJ%Pul8elQ7r|CvKf^e`nf2l{DO|1p>dVx};NXG_ z1gj2i@*-TpeZpVh-8Paccl|;^{%w0w^sw>Czc!9G= zmA6bUtt!?cJop{oK!#~bo<%!QHTNp_q=Xp_e$J*FV zGs$<<*uk%pwHQ)2&ho?=<`4(huVEy5m5&B{mDdRO0=#49K7ar1xEbB166pq8G{uTXL-%IW!A)^MBRn%Y0=}04NbHxrsji6r4 z4T+mcgUL;2k>Q_wdB3e6Zd?R&gYQZYcb48E6#HP($CAe>M{`0$U{t@pO>udga?0%B zR1P0iCzEQ1&fgKc^YI=&#Ci}b?v**~Sv#hV+TYYZ7+@Oq2x$?&$t5rDbL@S41+K$+ z$DMo>OX5svP4h7ZHaY;QzUhFRIa2kJq{rtxJXmhh#61`KA)?Z=qca%mhte#rw2M1( zYSh-6{iwrAVU{vV?-OwG(8n~5;Q?Z7zJvN~TR*FxL9P1?6dn;G3g{OhKz=pq=``om zj~Z!j$~9pfiHmFa^o%EG47hG5zOAD4T}`}y(MNLfG(vZ1RunhMUCZ@Ssl{Rq3D@WP zk&LxV(bh1s$`Cdz^bCSG1}3C{m#5RRXGqA@(AnQ{^o3!!!KW=+&|yWRw(uPQph^8+ zGCM&A#0HYfbwk`UQBA8R)oT_EYsi9h6XQwzyzq-%Wp{EH=1FWtkAt0Y4yy|*9F6|- zffn&h=d-<7m+IHJ95j9T7QbJER`BtnQ>{LyO{z}=_OOAQ_eJy(A`g;y^LIvaLaXBV zqOv~fO7!M8hrDO3lF30kNOzCiXJ&YXa%_8^e{Cq!j{(;T@J@^zMT@Dw9J0otLYC?J z=AvHyW&1Op|AGlGTIFSRlyNI-M2BC}mQGvo^?zQDXSBe~P{-Z5A5xIK5TOXeMX`N~ z?t6C2QmVPoDmB{U!t3iV1^RBs?g5zeGrx5U9M5tOm>*~R^UO^D|O-#gW98_#l~*~S}#O=-?v3as$gF3 zYm6oa?7R!z`k2Ce@pWd!r~fak!PULcu(5!cmY@>g%TnTs+UeWb28N(0rE8BG?&*zw z0wG;5?+_$MhW4-#UF+Q@uXAgYtRb?R7`25{M^-R7SYL?#}zR zN!=3a(j{d4^yAAeAIstgwGOga1Smb{R)@B|sg6>O$l;$t``KudjL0X3ZqhH9*OrFq z^=Md+fGoV5K^=F8q*+Aj&~2!dQEKkI8Qob&!G6OE@XHW1ibI>q`x?So=v2~6(wKbc zavWNkP`A+LOcog?hM8U7$GUEs(_O(cE$z0alihxQqbr7J7E>h~N@jp5$p;YL8R~_Q z)8`8jv1u#LCb8l_NGFM6h>kW-Y<*Jmh$BO0J#aH4Jy0-3_wV~JvyB12`zgD48eE!y zBXysAT^j3a>$p0N2{(-~9~4Ck%4NT#yhfke;KVmf-ONz(wwIjC<19s|vW4<2{*TdQ zg?_hSziOJ~rSyof2B2^CQ=C6>k^1i*pO!dE%t_+njR8_Xkywu*vtg%^sPL_Ap-2)6 z-l(g1J9GzbG)W!W6E$NeCt^(mQz4pBF0O3(0$QVWXe}}l9^mu6PO}Il@On+)&5Qdr zuMxuh=apWmL=bd%*3nG4gc%7ICLNW7FF{=njr6*YOcw>8S1NAQCFfA088V+@K!NP( zUlq}K*JN!3(OgClqsKppC7w?Kse#d)n~~HIOx*T}{TV2t+r@ZcC{8(K#YWDae@xcx zg7z{r!x|;@V5{u=4@;FFQ`Bm1(KN5tcfbl(bjzoePVR4ae|8y#EmRDG=Uko4Fq%(D zJq!-_sJ-%%{F;Uv{5@Cw$+X$+mIh)?v`bVc5rLS!iHehO3Rr;YWeD|CqKp65hy#TGJ z${?rB3 zZ;Qa!%l=rS!w$tqe(UhKeyH0wM`Oqy9ne}2zdbV9^2~&$lc06APSTzcin_ja+5*K? zT2gnZpdkI;uVS}>{~;kQCCzfd2Iv1l7mRN&-z;C@HCwb>&fJa-yxnkp_~hy)-Olgt zZqai`gmjZeyyyx#fTef8X-HGO%;HMdR>;xfnd6Qwp24s{(st>zO0Bd_!EioAhhUui zYRmpyA3@ zQ1n8(4^FsLi`#x-nbi@ZP*-P#+q%_-@oenFc7^SPW^xw$)SUNqetg9fU(@x(BsW zpec+GOqB%{LRg+hV2xnw)8^sa096u2^5WcW88)Y)!Fy&lsAuSal0Z8@X|s)Wh~)0t z+?|Q5+mo?B@6^=$(jhNMo1h#jt_7oaoM=$_}~6^sZa%9Ykbf)fP7U`TQek zHIqip_pE<~%_aDrmj?bM+uv9w^faAUNUh6%-hw;SYdbu-OaUKJ23n*yKoXRiD|h0h{mfgc#nHNKIpV@AJWn7 zO@uTh_WK;vg4$TuJKO&POr^e{E>i``TDiH2E6%e9Ifso?b=s zhg{4>XFdLo4lxYBxju_)iKUIRF4yIp|HJdHp%<3N!-_+4x>yJKFe<~hjTeI?p*DDt z_fK9FY-orKFff)%a3aAjQMwI#`rlT|O$KBjCHqG;4nC)8=-Q3D@-g8$wBI~@Z=DWM z7Fqy9z(bi%Wi*^p`o-jK6$cCYxI6JY<-B15W<8gqAoP5REJ?qXG~x&xSZOv;J=% zo`d22dFn%OOp8w2K>Q9lx9z*MV5|tFq*410Z| z=e~i6(4hAJXE)R)t2fcV?C`eu*xq>J+;nkn+|=w4QC5mUt#%xb=Jce~zbGpyteo;V z2eIW=YKp?m!BYEZ^$bE_!2PT#@dxUs!~SEv_1ICQbi|IX@D@`OD=wZTDg9L2(YYjY zC+B{_v*CSq1gUyiiNjw$(DK%qZ)!BUB`jGK7#U#7%QQ_Urq4(H~if64I4|Ee)pG`ltF|G>a%HzwA_+xay^mP)6yZ` zQG3c3ZXW%M#eWMk*Q`DU4Zh8(O*uQcQTvi&DF5W%iSJl_ITbV-hE7DOU}Hd{Yv{Kp zJqM$!=zo8cxGQ%o4$_9us#F!Rt*2C^w}od7I-$=8fKqh~isI{=@t5F?z#f~uwZ3Nb z$JDUk4q-vsihN*m9fX9Mm<$2kMOJ&jb7k91@lN%g4+m=2K0w5>DHnC%qfF?k6zAI- zmTx#IMMCpAFh3@>A-*bhJz3o}n~u0QInlwiqU377>b%x}!<%Z=Jonj$bS#U=wZMPl zIk*qNS5mGPrnm^Em0!woS(^+Izs%sXs8MewR(y+qk?U`x!)u(<)$w-?0F=+_B7h%mf=Fko*)<( z$RiB0ryqb~fD&E6ek=z{DeK;vF4JQ!(Jk0!WPMYQaFuoTZ}a;(qIbjeJ`Tu@3MTmA z6i-wBZ`BHLjiL7DlU-^b=ceA}krD(U7xB}#ln{qFhRn2V?)b=TXA}}v;>hJk-%k<8 zAUw@}LnraNO}6J#Y*sK0b%y2R_D%z^adC!#(d&td800j@J(b62bf1D1sa#^aeK4Yp zRV#7ZDB^y`Q)(1zRI?y599P?cuWhk6`P;&)YV>1j9zODIJtSovWz7WTzL8`+%?#u*kd&$H@r_TO(YueK);x0;xg}zYlv=-j(v{E|x4`VquLH{0|u{ z?p3B-(XA7yGyCq4N62RcH=wRbnc5{YqMy6#v;=r;dFd{SMhg7QQ=+Y@e;JFA&AyoB zzXo5eBUzvXj%=j~%7>hmmac7n&dA4qZeZpL+kpjE7-b0$O*LXJ-2H(|PCR@;&_P|1 zso2y9sB_?AuR#yh;E55CUYSne$CgU^q|Y^il1z zxQ9C3vm#>@hz6B5Zm>qppw!Q2cp`!Iq+!QDe3D2csbr z%i#logQLeCovbf6#`9h>xID!mzxSwsgWJ9SgKJ%!yLmB2xT)ebND~;i<7c1)Y35P8 zgAc9AzX;!>M(EX9!pP*E^Gb#K6lr)@{g_NxNhkCkuO!E1SZ;IT1f05M)NT7=uh5;NKQ&Ph$Kl06B5bvR`{u+tmixcGI$tGLs9M7vCv@$UL83Hy#T z(DX|pocB-1lb^)IME<=tqv(@7##ceIveWaRDE9;sXZDBXH>(OkB!;GEOXgm&lMHkV z-R<$%zJX4SGygQ=#!P;Oz|-74e(5-hRjJm~iLp@3Hz;Z<)m>f@+t7jHdJKmOiD)q8 zhaktFG)tnb9Zem&9j$3yO-3W#bDzs~Q_uBIM!mU@tU3Zb@yb)N^2bY@U3r)!d&x;? z2`~=s3mo28vF0+TT98e!gDM3XxbyTk;pIGr!SOc1`+hYHfl1 zQcOe=HRvBzWJm|FUqU$Gi@U{9AkTO~j4LNh#tNgZzEU5Zn}xZ{u~7m>dxPPyVkC%! zOwWRrE37F5J-}A;DNpL(OQ;R*o`4;4l15913n=~dm)whipHwdjZEfhPSm1GAt*_Lc z*Z;k+M?e*0Z*Q4FxV>x%R!1xF>x%U={GUziUd zS2s7VIaGMB$s$IxBuB{IH75>P z(QqJF>p5OqaE^$%Dto$YKlRk-Sn(Nwm9A&M_SUwXJgTtyD|y+^#EJ3%`x$ihGx#E1 z>`+d;aZ^E?>=K9V8^71vP#rg5r%r_U#~rDo~=+navI_E9RPsVi+j{en$Lq z5N<=c9J7{{t}~E3!#vWM53BD*`RiqM5DGQc&ig9tp^_FPQ3ly4l>8IE?z_s#SK7Kf34AqgPg z``FC^nQ_uD`l6_={^#j~*Kb|LJO?$OcL7aMl5Y5l^=pPKj{TJMs%1Wrbg=%L|7|{< zIKH`$Kw;aj3&rK0oI@{3=~(Z@N>JjD&tSP))erhi|9WobRncbLm)|3o>IGz*wlmmYc7>tVu zEBV|`czf70bxXVouY0N4OgJU#^=!h+M>v`=_BuS>#av?5Cis!!vQes1wfhgMwXdZ9 z1j%ZcCV4&}G642>Wkd&fZbERtrqP{5!L;OZHlYS@1t%Il#d*jJn~SJK@}uk?I%y{@ zkTU)*%yix>DtH9}(7ycq;;)pG%{ItddiBp!;bg0_4en?3i`C{~mPk`c)?@;nMcI%y-I4+&5~OZw1T^0OrqLA!5Q18N)mTmT^ICpIbXa9ZaM`mn@OZIV2+f+ zdC-QjR*ut~srcOXl?3Y_pdMb~hlVkhmZ$7v;&s5cNeX32q>6&1!M}OX>pPOHD)Jtx z1vQ&-$XD3My$3P2;{BQX1q{P@SD+7KYJ?xc{>^^YC^NavQ8#@<8m*lj6(l)ygS7q+ zhD;PzkbJCuk7LyP{eEI8$w8D<5JRf&J$IB=_ z3BwdVXxGJQP#Gxi?HIJv)x{`WiTfh$18T!hu*^r4;l*3|ke5tSGhgEwSppSmpQ1Mn zA2mLn%Nr&G(hRno7sIIiALTD8hVn)^RdQFA%0JLsh0V^~p zB!DUGr=y!5^nK=e&}mh{$h)$_XNhe3#7k(M{N<;3T6ifaTiV%k{)5*~q}F3CU0&7z zoPe}F19p(V3vhp6;X4xa4cb4&aiCMY6PA}3@kJ2Kjt03CBcINxde5hlp4Q9r3O63)5oK|2{ zK-@D)+=GX01-7rHu6jsAGm=5hrB_q;Gx^iWopG9$UYZC1K)-GFd#C9orJZS6CUZDy zt7UZCJ>Jk%zmlBgHl67j>@C1C+=lx*O z_1t3Zx8_KR6S9C-zxIh}d0+&a^xE;??Hx;ST5{#qm}JrT79bkGMu^S`O)hxn0a-DP za#$N2x}0o3Ij9b5nfY&)V=z~yq_Yt@qD+-9r*pA;Z@D@gxm3j2-^)kaWxmIoC7N7M zFOiTvz%-~Z5w)MkqQh;FjA-xP@z7yR&W_x`$s=F)$r-4GeYrKv#{CYv1nD}+7^U@^s4Zv z(pdH=ZhNRjd~!u>N`)gPa0qU2I?O^CH&F^NMHl+x{=m|4{$4WJ&o`rmssjU`@30jM zU=SJ23}EMi%rjCHWW`Cmk~IJ<`!YpD607htkcSbm$Z7wT|3|w+bB75w@G>=m1!yDF zv&7%N%>+sy-7T9=g6P5}a6NyZf?FYzk4MEp=zV|!w1VbkAg@?M2DoF}|IO|7V;?>L zSb#m6&goD2vwCY#BW!Rc6rOKAi6^x07Cmv3z&OFek2@W&`L>;-;}FQ*B-JHPpzG{i z6UL4hw6iShqOsYm?`o#NZi~kXuYNp|+)MAufluwt3wGS>`w2Y}(~;L?N-sxoR<`nU zgR2c=6M6KSDbL>0D!Tu3br+4O%pqZ%tp6Fy>i!ZcYjJ`3CH=h^FEl%_XdX6m)`5sx zg2gW;wV@F_x_wRWj-Zbp;pY772CDEf<+Gy>Mg~U zGT!nXq@x~+XSX^R36)b(eqcRkOt|kUoZf>Cp6@*oZ*@kNe7{*zJt#=Bn@Nx)M2vq1 z%yp$3=@|GuHzy^17Ph~Nz7Y?MU4QMv?5@;od*$U*Wci?!s;OkM^~NU}(tZWrQ5OPa zaLT)n<=FLOH`Z#oUCZhMLqiQ$qD#_Gb~gbT`-bg-SYl?-k==sOeQ2Qwt{bg^(nRah zn;hcL+}MsIqKQpW9mAx=VJuwWt2GnN;vb-*oG!&k(USY2FU=>A(Wgyefd?& zDM8eceI=xvlx}zrzkAPp=N5tiCSm?MoM?;TS+rOydYhQPp4{C>5+J-iKrwh;9dJ-S zsJkKk@vfV-HAjAluE4P-jpgl08rIO30^ zxC{xpo4(@IE@-fC=K0rZTPIOJ>WC0Vt^d&dsTQ53Y7k4O0$pqnYWoiVD(ZJ#*6!sq zGdzn=N%GrI{F-)5#4pB%F>39+Z%P+Z^xgE})j`K_;iu}ywikyv#dhMcWmgIC>cH7~P z2>KCVxZy<9$ebMl@}Wu%DC`s%)>0a+c`TTlW#Bfd`uIb+;8}>%Qw6&O9K8H$cHKPw zWIVbV`_Ujb?ssfi)joEZk+o2aMWBNqyvZzeOIwUqmDAWHODiiWyfaKd3~9a&|1FC* z1Ko_@wnTUgmU9XfbV-7vm3IrCGHmApKoP_C-9rQsCR86WmrB*!ZmS%m*C8t0_wMuq|1$ zhq3>+&@WJ=nIq}Dr@$y>#JfOZ16pn&J78<9c@q$BT||I}uQk5QNg}n7=Q-W)h36*u z;hDc4eMd)T!-QupAVM(kj?SGyDw@@P-YexsLxl;ygFzvX%Af@kV%k7yqI1%5i`iFA znKAD;^4hlEXabVbi-gw7F^CcZ%C;FhL+F$n0H6Bsnvz0ly$op7IKR<@nT=uLe?&60c#$O1zG6ZH1OM2Hjo!s@Mb^JU^F8|6%<#cGG$q?i&Utq$lGq z_O6Xr*A@*cZP>Q*7288tvjfKqx?abftCxFXU=>;X=c`ffcf<$PhU4iYVW6~i0xJ=! z>mb)Tif{V6kmr;^=&M1IVwr~gYrn;SRs=)u37WJJT7>hpkZ5Obb84)=}B z%IXfS^+&JOQcg4eP+^|psR-Vf=WklxuPoK(R(=nL~{?#87)g!-Ne?n>LJSAwo zNSRUM19C?mzZDr%X~(&%5QB@vV9vOX&Di9xl6RHY^IuGI5DcEYtDMcOiJX=~5tFYxp!gbP{x|n73cS;_9eRw zN!~AyKjcc^Sz&+Vy82qb1_Pv>;D)}}zdw>VQ}jDs4vB|Yq3pfBoQ+@RI2g>3`wZQX ze;u+UL39e~#F$vKop{J6_a@(BR=~zIU<&NWe-%WqOA*eKN#$t$|`k)+t)|WT_ z7dtGM!7@%WJ1^4NP-aVKFK_MQ7cinJdD8i&7xvbg@>B61FD7sq&mvF%9PR$!0XxBq zF2#Jtu56u7k6zubv7b}SV>l7B{L;tFq9QFv>Q4E!gfn9itSxrr<_7p%dm?#P==s~^ zn_7BErm2Xiqbo{s%K1&533v~>UxX;Vo=4y}M<$nNpz&_NzRj2dYoj1l4LU5OV=0vC zwf2(0t1Kbdm{-S2tOAEIHn(<@(XWwMp^07#mv~X-t1H=4)dx@cOHn0|jh$B;>akte z4Kdb_plqO^R1-m|yajA!jXV-01Z-&27W(^Zxp$Rll|`e1ng?Q`kH_zF(?{e)rNnlQs;{ z3PIsU?JhK*ng8NxeGt_0cVGe;F;>7DtJYU}iR{qbqWF0pK)V>!Q|O;`(7b@xYv#DQ z;0UQv;Y$w!^4_uu9!&^jeQW+UOrg7CF&t1*4&#nA`gAHi0RN}UocH`QrWDo!f~6lv z{s2+QuWH@panQavS^vtNH3PVI0Si|Y!S0%p>c_L_cR{o00Gt7Bv0g5a>W*ADWc^Pm zLTAmv&=q}zns@;;cjHFE>7I7I|3#qxtp#m$sdnOe5|!yeP(@B_@zL_hDzeX|{kF9D zW<7>tzkm77Dc#d&2HQ-JiJs<4*q~(orD`Gdn6-dM?YpE9;(p?u`kG|ikDF_U;|;8p zZ**a^7AfVr>nx^2HPc6}3g42|1q;;QUVrMvNYA23T~V{ADbvssk0-I4UY&8AJCv`# zT!0F?htLY>5GGf#+&Kj6Jig?vw{GVrd*LcI>Nhfv*z!Kf5gMY0+XKFz)FkOz3g;7Y zUL#$oJ6LozAB&s3IzqI7fUG-^{$H#skPE>qFwDGE?4LMW)0Vrp*4mNv^bldNE5YxI z_SEhQ4JzaU1xXwbYZLwjTpt6iD(SWvcLTC0 zWXT)tC|6go&TGte#7XV=#Zg-*V*%O^~#CLIjYh4^%1k`3MHEkeh7qCXfs+3yU4VJ8M~>~{=T-m*&axTA*H zzHl$jeR0@Z&^>^B*)%YZYfyR~ymEG}9A#U#1}T^#VE<4wIVIrYILdYhp1UWjc=j$Md$Q$XX( z^5L*=*eykA38bj2&hW}{ucFL&nj!1(0L`6+P~s_Jog7 z=ekdwk^_tBPUN#tudxS;gp^{qLtjaEvat%Sdg%`%{~t|X9T&y-hO4BMD2k*mf`XJt zH%qsKba!_*OGvkL2}pNKD6DjMcX#&!yE}KkzkBbW^O?_lX6DS9_q^wMp7(iUOg{O0 z=Z`vsx^buN!#knT;|IUcZkUN=jrf!s zr`@Tbm5{gnd-1Z54qLVhGFuM$4BH@zw=$4cM9XzTHVc(zGhZ9-*%!)xQi=r-u$Bt* z?H+CF;z zXhe71hIV05KjOy@kXKt|dMl1}B6S3G2OP)&66Y-*87@3?8iVMpA^hzqB3Hdc5Z}iw zhBZ30Fsoey3^jllf+1?ff);vaZUTHv{9(`oN?O>=rU+3qgZNh#knJl0S)r%;kaCTY zs%E4unNc<%DMbv7OW^Uvdj!ab0Fo}2<`_@wiPWj1aCOBSq(9;O7teJjSh?X(Z9Z1; z^?=0U1YhB=JJDFs)?<7)&k_F`{o`#7g|pgaJ2`NHb8ulbG-OI4XK1GD1UFx89u?=^(-gPb?@U zl9<4~f4==kz+~}RdL{hLqr-`A$_s(~)>;VN#YN7)N0<=&Qtp7=$D@$DVkOI7w}p@3 z_ImLXS-L8>9G)edP$lx{9*0M=JHL&c80Rd&GFgIx=pWDx4+T`@Q<3;L*6KSN2s~9{ zNDb-QaPIJSr_!$~-qC5~0=1>tkts_y_uu93ZMn6Om%r6_B|F&57Rt;R5e~Zl5>2r# z2P}m8P#GdZ13rKY7awsw;$nP^i~4R2WZ#4Jgck%{#Q-P2H$uxiI#ruFi%$%7l1&)C z#i)tj@Qy(`3O1qaaElWcbJXOIjRd3j_%4F{%(!>1Btm{q#@7#lAM$)fD$fIO>5Orn zy9MZfL3ZerZniIyPhIqz8gd<1UNX_R*w6Y^88+}`kc5=UnyLAJsyxggr~0&u38@P< z|BPRK7@Oa+@|t2%n7_o&MmD;v8$uyt1c`Z?r`F~Fb0-rK#@zR8=s8z@%wo}pUI^@3 z`oW~)i|^+6s%u~C&B37A(2bj$GO9q7w?<T9PKkcCsZCd!qE2 ztyoZefXN3D%jMROYh+R+V|1YHmE^Hnd^HwV;OHx2)B*=HIq{^kSYRmKW)Zq^EC{g`(kR(iCjR&C@;5Joc>)0G?8XkUCYy?fxgu z*U#{$e&wGT|A`+lNme{@6e>d!e0-_ePIlp?z@_SG8!+V^Gqx z$#Tqc3KXPcQMvSiyt+Z@i#Jjfk7d9($c@y?FN0|7mEzPx@dl#-URk?&&Il>5Dfjl&x0ZI)pjM`aowpBnNGdrd`#!KYnC> zd|kOcfEA)9#EGuwSpHvM?kE`h@-u!C97w16a2V~!nxk~zXX1|&#b2ss8h@oUbV4Ue z=zs8reaEEAD!uCWJl~W*^WxXEY9MTJvfa)s+%2+9xqtuiL=6(Sb4DSQEYy6ma1E~& zJBZ~xn%ey+_cFu8@p&L-|L!mIQ3x4%w11!Hw8x87WZ38ElLfzv_bf2bZWrJw*&$*i z|Gj{&kHO%u!ny0>+ zL5^BL{(dfg+cLPxLj&-KAPyFzxubiq>gc%`2>>!wxYxL+Eg57X*1s{ZrkNy$Op7;y z`$SUVIeF!B$gt5GR7arwtZI%1`%8Om?zO*$8vh6f|3Usf9nQ^r?)XK$%2>2F%6oa@ zE;mC$J#dMTr4LcUpt<)|)7Unt1O-J!5agP)U(DrB)*L_jntj+_jGgUZHqLNr_|^xu z73K=ej#V%9Yp@8tTC;vDa#pz+8E)DxfqG4;a!G!=7ud&HDjadvI~KIy59Cq(AT5g%Dzr-JM;k88QTTP5Ro`d%F$TPg#bA z=_O3?RXe>=dAMfhz%)oI5D)=vqxSLOiAJh(jR2lI9KrfNjhO*TM8Yi8lo3K) zN3|`#KL_F#PqFYn^d#GctH=x;-5ijBbRs`aAY$psK03eoP{ds)RfZj3%Of13oenQZx~jLTuUL4V&=Ujpq%+8R#e%W)+Xr^^BG*sS z^^G$lqW}i93`jqKem&vk*Fazgm!WWOk_*mk{azi zGrXn9JuB^)-sJYyK;dbi;lE7p$pFbZE5qpMG(%bxX=Be^FfB z{BQXgdxiWii(Nb!>L0q4cM?~Pj)+GU)J!jDRS2c@WX zf)6TU3WZfTV&6z4Xn1@EfAA0!0=L+oJ!z;-LKIRi*>dPszze&uCmjR;RX%>9lv6z@ zePt)jz%`{2P@t+5PvG>12>e=`H;&a``qtT|14Nw*ff_feg_s&4sA)!@-(zqmnz*R% zi1~~sA1vIcqDFLYmu&$#{G*OnMuq(fVr$~xX{X|KUf&sNR-}@k5r+5!AMPZ=#Iu?1 ztfXgaT_*jjC&Xe|)3Yz@uWaHb^0K?Pynuw}1Xr7dgU_bx7t`8NzQn-Tq}>)>TX>9y z%vnWH?f|u!>ue~onoyGFr|QGC^=~EJGb$Gr^UuBuE6QdtCqJ+eI2(+6=S^r)ylMM! zte9^{<}4>ko;CuzLRp8Z!_&F&vKg#2+1g~4d#ZA8CKvX>q*|H(&35Wv|5STG*G}n+ zpwJi{d+H}7z~u{RsV6J~+({-5O>898&eIFvtOpFLt&O?0BBe@d)sI2(+fm@vg3bIF zy!%vSv%d$!7E6}PARd+R_lA|wC4Ev-Xxq<$jQ^-VWiSPwr&6MXwF_%?h$*O zu$3}41!DT<=l74t#kY>cvqrH$Kk~KyIDT7t7+!1G=1VjmLGug`prO74qe2;^XU+B` zPJO3WdEbC8WwZ{5e9KsO4GW#dQiz0@<|NP&m+Gs|HAVa2`rqw5WzHE@@kQA|< z$@`$F!9N$~ml6;0xWPfb0yV{9W8Dd%n6@Y1X_efV$}h#ZQF~Ajq?_SptWtnXOXm2> zEe3aUvxs=MVl#8|JEVYyG-UxBIYLVA@HFO@~d#pOs9N!>Oz&Bwh0lj`lA+#@_z zfZiS_TIHh12>X?yhGwYZEmV5!LndPCvXt}cNl}7kvOHo*A}U-`M?E`Y+DMjT;?zR_chSJ{dx-6syLY{O{>BG;J;%);+d%;P*|L! zF@C>CEJVM)XLc9JC+&*_M9GK&z3v=?F6lO6NDOm|XZfuMJuC-q&Cg>oYSMQHtOw`5 zPs1U;Z3bPL4trpy9~E&F5kEYs+_B1&FJnYX1U+j=Dkj9jt=ys=UKEq`(teT80A5y^ z0pOd8T=9a1!uC9Ie$!@fpFq&BkOiz0980O}a3@O86F;(+~re3{i-4I zq(4)oqL>W6wSE8}=Li(XgW24<{LI%r`(AGkSrM=5d6Iy=gNQ?q$p^g9%~q~Q>+l6G zT+oo3Lj-Q0*kx1FfQ{N~@CS7Y7|0oq)3Z<2B7~rrVa@gZTa}r4)b=Vd5?XpP_JznZ zVJ7roP}8bhe;vEt=)K$swL_n?!(WR%V7$HjlGXZx1}lhFAiPRu9=hK)V+ArT6W#q4 z3(_mQB;Zj4utHHfh+vdceg!_JSwfRZ%bmG3iUFVjr10Hk04G3&v}Hr!_H!R?igR18 z+$DX}1E5|WF_0XoH>L)N<0dIzNJ(Ib*FiZ~RDmUH8In8rtLl@@>!cs~iWyuBSNLO) zT($A|a=P`839RaWBTO0WH-fWQRC9^d@g@{rTbY?u2^pimmEK|Y+8A-hB<_%~dQ+NO zQuB3U4D}-!7(UhAC4*os3R~F3zMwr1F+2%(O6JR(OQ<3Mm>9?zhV-VE@3+b2k_u(V z)cvg-zV_88E%Y}j66wT`&i|4cHN?lvS!rVTJ1?}DnvqK__L;Spm&1O@`wVmhnuPc+ zLU?K4Xs3H&?P@v{9v2-qHmB;b77ZiGJh8AtnfUBe-$tQ5v#h#}7L zB*?i4<>q*yenIy(8Edwrx}hQT7n5H6ZSf;`Gr;fE7kSg=$PRx~-9Xj1CU2k5>95sBxdl-=I{9o24EYa-< zu7;_IFFypGlGYGZ3_42R$A_ihfCf$Zoi{~n| zqofjdYHi_$om}s8TBIo~uE0rl?b0|(8z9r~fRW!RDFvH2Q_br^#xc>$W`+O zlvWPQY(b>Ar6;3_E+*lLv7?<7UqV){!4pwc1Kh%f^3JC1Qg6^IK9q^pg|g_d1sk_p z`Q-IEOwI@{$+#wi>XmLBP>$Xa1}?5sNCu=ly51EyZ@e>XemO)#L}9lr06|y{9hX`1 zhz09assl&i%^16DK8uz2(Cu@BzH0jND@B%hRB!u!*q+w2D7>zPEi4d-#qd2{&L4^X zBM>ebg{h;`9`?69eJd{EpU~${g}>^SZCK+m38b6CS&GDH%8N1JfuY>D+aqqVs1b+e zb+5BJz}Vv%JVSoISQRg~ljV6Tm&Aca>+)5E4t})T&&U9!*D7RCb_C`E~ zjpn{L>Tz_(;*pNuet&RaV&Zz@?b2je6Ewa`tCeZxue04@mqkow;}9j@qwZi|i4{x* zmQx|_@1HJvc_9bt@70*o8X_(F`y93ee(fF10G^E%qfrAoiIhLdztlj%YFM0s&|SFP z)x@khgn`D1HoSoBQ>KIptDW=f;K~MwnU-Zi0p?fxxXV&_jz86>(&=2Q%%!Fq7ry(y z$QK9rI}}bSn{R*qfiJ|O=;&Tlc*3;%CedR6i;a#ZTLimlp5$m-e(9!cDuth2Bl}Jf zt$C0UZ1?&^2mL&XOS|j;2F44En;=G-SU|^(KaF2B9G}N*???7U7Tkt&WB$c@VprLlw0P? zo)Z?yR@pEaV>9(!J#)7{M`P~+sNK$!e zlZROv{vB9B`+sno+W^u~#fyDvNQ-tD={$J2xZk=1S)7+ur@P!zBYnVZ$o7JPC?=A& zjE(3n7xax;h=H}Ld_E)}KoFi@S4lv(QU?L=guQ-Sju0W(6(?`gbw#+m;dnJ0_I&3k zY~v6j7o$+B@kSjkhI17Q2)vT_gfI>G-9Yj%th=(ibWut-&z|l@y;Of#@D|nF0)N|eCs}c$Iu_{`o7HLF4lfkb}3f+AK*-e zH-pT@T{n9F2wI`QtzWqUI!Z@@&Kv+MlhtOy*F}^=N+X%#h=NDAa?U^Txpx4EovtvcXXbYY;nEW=0Gzs+@9KoT6z7s&Hf z-?QJnbt$a;1c)OBa6 z`*th;@!}#3Vs%TYr)vtyw!d;yn?|so4=_~rM;G#6_O#$#vI+}PdtMJqKXj%3l*^fK zqgknS_tS3j#2LJoRGI!m1ZyMO;rzUhb!*SCvCkU(la2uKbS3bU64e})|0kCF_jUqI zjwM{yeg10qs%kUPbj2P6k7GqiTL!xo?D25knXE1#g8DcIk+F%kbiy-~IS90{d~y0} zK6**JTCP9qL6$@|vY#;5urx(CBrY z0HR9s_;Ls{5_GHsqjR!rf4V!tjkWu#BkY%>>%27fpvocNh#|~MPFJj3rbT#jIa*t$ zbJ98`x79utZdGzyQUQbjt0TUC93eHCb$oby3BTv3h~(%kqr~ta_LssYYCC`Y z%D3j2E0zzkHIfZ(pf4^`^VR%i4FAoox|0F19%3G1FK&1yxr{-kM(XKp`xPxH8%DZU zxeCOesbNvTKz^I8pxh@={w&cf3Otx z{J~C7Fl~a2a2|A}HUlWND8D@=?b6f;cAHS_)>e~uzR8y#CuP1<`ZLgtlFhM7oG^vs zv5IK*h>;UTD~quP8pR$jk{dqfxfbA{-S?WY_j^HWNwu2~b)8>Aa_=Vl5Bv3cAnKTnFWpI`RLkDE)%SsP z#BDybNT^GlmLcmIN@B)+D3wdSr$_Vw%OoB480IvyJk;kRR#n^=j4i=WRzs+WFfUU5 z%5dSFQqKN=cV$4T4jNFDN6dR>@Y}ll{IcZrc3Tm> zNo3Jfk|*EyZdT8ry2cXAWo=fId()Lt-`{KO&TM{;OZ5jsVT6T`a|Q`jl-i+EKPXmp zvrO9P8iBg4AmS(D^kKq&Upmk`K*%ty$vuL_>noPtvY@<*4VdqI8FN*WXAD8Le3Zm6uE5Jq_zw ziM$giA#7qw$t9y&V4G+z6xfz9 z+ver`@A@>GU=2#Gyvk8XxokY%PNTY~m#U~2Z~Cj25_+e)bz-SGAsd~j_^94WV*Pi? zYW}k-iT$Oba_VndqfKU@HtWg3;P!g{UBOt&f=Sjhr>qS)jb->QW|Nad>em-uTGB7P zl*!-UO^A2A_}jKiuKVlVVTYZ~@dr<(pBt0YhLzo|2+UJ*KAp zl4NmN1(&ajeYJLB*!>h&%sLI5Yo?~Orqgfl*QaWIqc`OGo)_;aW=U7C)zDXhw4-z0 z&d>ECPx?xGk@SgXo$SHvlrOki(NYq=;UrVzY{JNb8a5!GL>sJ4x+}O58uvvn_vLV_ z9_S{~WQZZ=#KW2!DsUG=+I3r;*e~b?tc$Wbq1}8k~3$ z4~)P?wE}z!`Iylf3hjJ4dxc`j@e+qME0A%*I0hQD`L?mhI9op*OIQ~(SO`QFW*e`` zF`8e96OJPwR+34;B=>>&sCjIS*-&32n`!5b)bEcdjP$z>))$V^Pm-dI&rowf5z zFvt6g-Y_?E{N;_rxkM`df{>!RR_+QO?OSqqVsPV|rL+smeIu1Ww}YzG$C^T9Hb?UQ zguhs-^;-Da%(jxP+<8=xK-O<`{AqT-s14RZM4~FEEl-;lwZMlC9prJU@rn5b6fcbAv|k|N#G^%=iDiC>G6bd-G+@aj7V!#x4$NQ)=WoI^jhSDkBYi;#fp?ce5y z>dTNKEbhQ4nODw6=LRiYYK!+yp zH`bUOkjK@7B-G9I%tfMopA8`T&U*$PT~*|F?^<6t2rx1V7I*P(5;g<9cFlHq+J{;q zf|`Ym4rx|uit^GG!We=Qj>JZ*q_3&6PrAbzQzWbfx@9vm)b5Kkt;8S7A4q;tw|*b) z>CExV>)Orl;BeBnMXTSb{96*khyHg18pua5OvcHE2E6Z3AD4J8#Sx*-KtQIRe8=n- z;v2PH`kUsy#UKPR#C)H|LEXPZRTYnn==V|kEUzIw%U~@uWA*@ST0&QE3HNVQGY_> z6F%y&#M?b^y}BPQJ{KCL<}0rV)sVI{Rmy5~6n*2ll-_@*uI69fe&t2mfcsGc5ypla z&04xC%1;a_DzS!$N=ZtlY0@F*IF?Xt%GQYum#1oT*#Qg15^)PXDy)RQj$iQ|1=5j= zCFNHvC#ECcWm*2g`@g*!h_jDPVZbm`zs%#m#z;K1e3xQHeO_IOYX(l}%k8q^kGd@ZF@<)KFYp$N;L!dYUaWg=jt*8EHm9?82c7z6_}RC>N}z zHQsp1u1%A%4g9sc+otIHvBtZjGq>jeS8L}`8YRKwu&Bz!iv*`C@BDe+isEG1VetX> z!x7t^DHY|P4S*7fe8v1m_y=H*(qIA>jArbcx&!0w(`y4PgH3vJDoPeX0aO-K^AyA` z3y&a%jbvlUJ7^8>&c7NrOTfK&G*fORog%2>#qd^dj%XTIR%g1(?e}+JbB2faqN?$r z=ifm{8;NMX!%DYemc+)EQWT{}LX8af@OXz&M`i2S)RrDK`8AuEL3lL?2o+7Js!9K) z*-Nyux!3|vq*EwTggmHNjh(I>wBU~T7|e~uf0+(%{o>?Z^sHGhu>n4c)32# z@gx)?T!zS#XzJP6lz1(Vi!m-ap0*kmI4B9Ew^DsH3(tlVCT@1?p)y5-3p)OIATN6Z zQhd8N`^MZt>(tCM#Vv6-6B!zR0OH}Q)ohm$pmTmtt=Hu1q@9Vb2BM03t*9jIC zyR{#8x0=^;xu~!_j&#!vy*|rcQ~2CI`S3S=Pwpjw0@L&ofrR3lzyJ35`)N0~7)&F; ztFWc5;q4f<3ffJnH)Xz(Qe{Y%=g3^^&2$(={fuoWwEokSj<(X6?7QK2&3mEW>_W}T zuZSosxXuPdhivmXWrBj6f(RA{B6dXjI4G_R*#^mfXGOsC`(gv-6uq|)cl9!h51m&B zMVa>B_}uYFlP~*bj0QsssRbv{2fp0m7$gS?D3Etc+Mu;u%?^Rrd* zZTW(@L=|K(5#ghgU?ipg;X52hU@{9bPerz5LsLJb(JmQ#vE+ST1~DqyWXTL0HjTaQ zyK=oU`b<5-l>y?;C{ErbO48;#OIH#*?mX*BkgsWc1TmV4!E5a{0P?ZPxA&%Ciu>ct zm`eW3f$BjAK|qPFXlLLG#3_L4Q(Xp+1gwFEAos_7_3a8Z3%*XFNG%e7aO|(FV^oh@ zW~}+fdkB{@aqJATG)i)BWfJ-o4<+eBF=eErz0G^-Cu7%+GO(PQ4K0`f#me;U*pUMU zft$?}Y<%f`Fj@%iv)q@1C8YVRHP3{8neb0PnuM74{tN8CNqD_YhCcNb99Ncr->Z~X zV{M~?%9GKFM0 zX5kYvv5z8Qmt&}EChrHsDM3N2fgc|aNQ1%~z-~BF_JzLPic<$0Qw)uX5+4>`y5eID z(Rtsz|FC#WO~z|8Z{^%Wt0Se46)Vv9?v@2@N%?c19H=%tP$cHh+$B>nu<`QB$WNSj zp_F&g{ewYP2Vr&=$$inCLf=}x;pZFI(gR4@#UrWXxUa$ZeU7Y9;0ysgfe^nmY+lk? zWD|gI6@R_WdaJlqLx?P~aPO;Kc;ntr8FopW~-r!jsS)!7Be_l~LcY;D!NLWWD<&C8?H zNo0NZ`S8+7&>!hIAz>$CKEo!cxL4UvM z=4CQK$L&#Eok1hmgTu-3F?`Ax84z_Zs~0@8Dg2I?kq2L!)gHM8Ia(X1(eX| z*&GHkTn)1)!E!ZSV*7HehVsry{g?3x(^=t3vVuA6E*c;G`>&XZ#WY^PAN!!Yw}#1{ z#K?=qt{Nk?M@-Dh(DIAlDSM9GpL6}LC5Jz6O}ecaCKOVj&jO2uD&(2C2kwG|Dm0I! zzI=zUuMFN+js{a!s6W2x41MJ2A?Wb>#(a|A;g0pRtoEXogM;T;^3q+dJfLoHs47cXirvUf3?^jJ4Kyysv$EvC1B zHkxQ{HHP0rza5v=IeFKyUT|Q#iA&->Rh~(2M{I1WWInREwBjKZiviiX z51~|XDuLyn6@bEMm+{58ow8mbP0xF4{wrfC1GsIhxmo{rSBmwlV@10dqeiIQ9MUx; z#wrQ2o8`<_U#(twnX%>kOJ?_Z8`G{R3G>(Y9IpRKzRLnJv1JPGGV-FU-`N}rHg93> z#7KBu*0{MO{iAw+tCbd6Q@^2luOu-839P>FG6;4W#^KV@io#%6JQ8<|eS6SlIHL|@ zp{V(HGWNr)aIQs_Qh+nUyfx@42Ekd&%Q z@M?l!r)DjGtVc|+zh1m95AbKb?`+kpHGsDm_M;w(mZ}Ee!Qkayhv#sO;TzQfK7hmm zx#T}Ipu*~bs4uje0h&KMS~d_Z^4=v}n;Vf_JQVML`(M%{6`Tfor05ILYr2W+OXQ`j z;T(0UN!IvO&xhwD-kq@_+TIoa6=o5O?<2P^i5@aP9~nnouSpsILaNk{qlZc6JY@E~`#pDct^DK9R2G+i#4`)`>N26*O#Dr_Uo+$7I@~igAnis4j@u)efUq9YqSk)bT(u!DVLSqWJq<#D=K9o_)-Ne*Q<@u{g+Y+)tIW!{ zj}4`H9As;f^ZxRQ3jXf5UQqIu&fSee^q(S#e6e}M(=fb%?n)bjpM9_|ra8HSRFSN=@BNYxupF2f?^ zBuUi#@TUrJzaJhG0gP3KAqzW9o8QI()vdd$xZVjnxWx|D#8YHX(Kuv)Ycg>RqP*3I z#{`-f^4TE@HZ8xuKh4XC>R2}?gpG$quRC!17<7xeW z1eTb1q_DTpxfE$1%}dNytw`{-Jhq#{{cZNzqWRDZhF|~5zYm0kc!y zz>I8)vAFgVIfPbLlS85a7S7Y|?0JKl^$WDEY5_oI`GXQC6`oG|5j?dk()Ik<6FD*B z4#<&RMF3TgAd2V(LE>5Ym}xRT)m@?vgSlN$FiIhqUVWuVKuW$lgX}sr9S6_*RvE_lUhel(R~de?Qu|7z zs(zo>PzJFM$W0@G4?NFk`SO=f(ut}lUwt79FV(E@Hz7PsCJE-zN=1LnQsRbh#6y1I zJHY)2*@<2w_8HiR+95aONN#Gb2!xG45ujxf<%{Y^pp}cT<-o*pWC4TNQqom{E$CN3 zYoHKW%n$U0zbQfTrWhlOZ=vjD5cNnpG+jMXu=!fE+YoU7SArz!LdwC-wy0_7a!FNn z=Z|Q~x#)pJ-JdIi8x{gpIK_)HM2pC9C#oNXwU(|5Pce_l7aQ|vEZNr$9r=fAja+z$ z@(`<(NCGuJ8p@0xs23~TtX>2;Db35KN#B4~@qd>h2xs!gLKk#N}&CRpP{lQ{~B^vGh{Whs6c_vPwRCNL(#Jm5@Eq zSwH(36#;hn$clX|OrPVmgx@63eP!Wdal;HFiJ1#p?nNiFJ#?FmbZ&7|6uOs-b}=)r zy7ckRADfKywnnf#+V!v^?FUn}br0olz{&9M9)h>mw_0=c?)}Y_Qi=BGdz}(w+B>y* z1d&nf{)kI-=utcM9lF>M6zSoB#JiPt_katgy&8?Oo3_ZG3Mq%&{&qvo*x+w{n}Xzf z6!GBtNXV1}oDBKlgAewj9U8Max7KlP^Dz1nnl?Yh@RAa!^5ZG@Rk(4t} zaZLXh18fLuV1r#YN2h2k0@@6`N;D7J^+(dg!Dv*5U29_Ulk12m_E;D;H4$seH;UQc z;_`;dfJm@0nvSsOzs`1AI>kLd718>R{^Y43KN-7&nQE|VUH~=QBB^#Q zIUYw)#{boCn?&79zKLUGJUf|}pO7V@(c4jp8^>%ag9rz;hJ(A_adzjr*6Z=WaWYv! zpKFqquRCP7?jpk{x|JENWtiY3l<~v7AAYsL`0&}@>1r0;{e4@(u^6_@!*x0G%|(S{ z2p%7PTLzAUzxR!4fkM}`^nCBV@MVYfkirlHa!S&1hPH+Oa_PM?R2;=`Ab8F!SwT>8 z(-O56lJ;L@4MU3BQ(7=W938*h++qD@d-0L&sJsx}B?lNLjM#^2TGaBg+T6GKA^y$g z?sj{+k0G@~&(tXqgl&CJzaJbx5JL5u$yFa89}39CWT4kLWQaExMGV%B8$7~>^34Ax zg^*|hg(X8@g&@16@7^l<#G)k5Zz&a6Kz!M^IeeL;mz!)3dTEfFk}HE;#&T}Df|DR> z8*ml1C}hK9bG{Uy$6%%eRNTuJp$$fO!iG}M(|JbSkZy=EieBS#7-LdGVo|a+q$=$5 z21>h7+JexHBA;_)dI_Rq?EtuY{K z!1LIsU~m`XIoc^{v56$(i$)6V)_ z*!L3#PXDU@hyD)j&KO6{AT23QZFD74uIfV8AsMAA3^kPg+_93O{yu?{0eUwOyfr}Z z?}_-s{49;tSnbroekm(Pm5R2|d}@^ed)lhodv$7i5ao230iQFUhy1M+lq9U#Hcj)qE8>X&qmeH^8u)la-fAHvxPV{dtqk?#&>?Wo^kj#T^GJ9wXg1mlp|l5P`p zyOa=+uQB9dd<*-_?~7|#Rif3}#e}*#FE=N$CFlz8k3s>v37MtVtW*x~4HsHyElb=hJ#xX;)_1UuNftzrWBDkzZ>pg2cH+9H(S1!S`JIoTXBoC zCV58{DZlW$^B}+Z=U^1=sZsEX8uNYG5jS`TN_qRj;V}|Cg`TH&GA92ug=p7UqQ}4L zmV~Jcq4r4gh8*Y$*WY&YqCT#D2f;sl$);;=Ki=_JFZ|ECif8)<@8E{V;uVFsOiOK{ z;CXr_Wu@ggygl+isrVoRC=ykJrgPAA2w6RsQnF@CvK-=sk@z;+><=bwOC$}G3GKKJ9SOpI##cUg+%%y58Bl}w+$-`~z24GfAPg+W zazyDLawOkYRgAx?8!uLCVo(QZzH&=FpX>C;x@;>x*2{)u(v;Rn#A(U=eAdSGO6V<8 zF^fzNfH(b=0l#Bv5%~XJ0O!dXMII})pY8Om7;zuZKd9H_J~)I7Qwd1xg7Tv_q2bQYdL-gN)Ox+nC}D3MQZYgh`uT} zkxU^a-)#K4-`0@+qY1}DK!s=Dv z-X!+Br5t@8fgk=y34RBDpr!N{t~TB~7!;xLQyy}=-ErOj+XVG^@SSU~3QB?~TK0q4 z*I8aJt}V}km{z1e7$x#I!GlV*$*PCj28)Bp-I`l>iy$lFT(7qN4vL-IVKB^?>g@2d zl-rvvZy&Q1KKPd0 zlX=HlhWklPlaOBGh8j_C2U~O1t~BqM@cS0R8NRDFFZF2tN&MsT>tb+yrOw;(_pa>s`O?t5^4>JX=*WrE4mw{ zq(uON#lRG&tY^r1qV3CrQ3Rxm(W8BFjRU!d$XUy7-}v2l@Rhq_nzA7W@V+P*;@-O0 zW-&}&&0mTueyrBpaNX$`hp&INIe#)N{%|vP_7zy?JaS#}f?qFOUlczt0>Ku`C!1Cp z=~rs}ty=dEcla3bO)%F36N{%7>R(yy{6IE%JAqd7cz(LSd;66l^{%i7(PnjrgRxNK z=(KhD^ogl}T~}F8qa4;$F;3v?%>-B2e){#FH4mFsM5Ng|X9m`VEsW=<=%R})2f_7Sfl&j06l;aS zVrt4pf|Gr|W^Mn>cT#ZY_E{Zx z7|)UL*4Pn=24K$yAH8S#0^235Zhq*W>tn3ataB%%JijR-h{8T^_D(%EXsfHee8IF#=&h%lmTKS)?aN^#ZpB zjNbtU;Wiaq7}k*q=gp~ae-EiuP_pkG!~UykM06wX87o5S0{gVb8SMkXw3H5u3dVs- z8!;xn$3ktez=jx1x*TwkjZV*Ca9cGyT6nD9W{ygi$*O=A-PNa{nL%w&vG4nUsF88aAD(;h)A4V7E{R}8&h#*uJ~bPepS-N^Y&&HeSZ zdpN$5n))r)blG znGVuxo=4i(q;pOCw{$t+l-0Y7lV`3mMJnN&et7EgNESl<5Y}3h_0;%&n0w4bugnSZ z;??7%RJ-S=Y>6kQ28aolgKFeX_Q9M`6ANOL#^_?y_(c(_iY_$LC{T|3H}9V^RoZ+hj+0QowYl-cyI5#3Qtfd0N}Als1V)Z5~0WrBIC_; z-yW zEWPK3F0;4IWCkc?0}>I{!A7%J4ku{BD2oQ5|GlF{CVjyJgfy}o&AWx?wr`5B%Fq~V zyKF^ksV8p6sE|b3GiY}9`db_WcgVBPk(m5(%!x;@7+RJ0Lc|pbHQp~i(RsE&(YRGR z$nB;S@xM}y@z$=1XyyK_h9M`384fJn%^Wpfm5=BlqQAKZkGqtHN$XZPZtN8k3x=X2 zCl7Xp-2XHF$Td^$$+0b}WdSRzJ+d2Y9$H@4|AQ;alhiJ|{%BEG)E-v@u+7%NGmYaX zz2`vrqueWh8CD`@5`l}OYBk86$<9{OO1%&w&Hx5ZnaW-@QU`JSUu^l75MHUfjo17G9W;}dd4+Ou5Y?w znmoAdtl97Dp;S%6CFrje=W4Ad?c0BUa9D>MKqBM$&q$FD27YP}9oW_KPy#=}#ywNM zaN=a}Me5RI+nmyAjFoWt6P)G<4z#y91+lf?F2AUQ?3dgG1Rc9BuR%3GE}7EWL1zw> z|A)A@{%ZRD|Hl;&kVc+#j8H+k8z$07iZn<`mxMG-x)~@X-65?=!$49xq+`J796ez1 z-RphM_iy-|{q)$`<8iLXwd-8hJ#Nu^j=4ijh(>MymoZ&mprjjs1Pn@yq~IG9chq?;b6C^4noxE)#vU%TLy#$Hns=j6&i#@7&%w?# z`>2G_w`~`(M?W>2Z7mlm0EENA^Sg=n7IVo; zrApPi37WhO=(sBBLzwu5Zu<3~;aVxVcY^sJ%oj<2gfRZhEI@fVuA z>FAv@r039uE4(1!yMHFf#G&t1g#{*;kwun1GIKHaG)Msx^0eiD}nt8F4#OQ z^H<9Hws}K)`OM#8tu`m4oM)b_Y;rR%upsEbe>oxD6&jfidV3$?{02NP|Jy+_?={7R zAIo}7dSJ)w4KBxlN4|8VL4fhO?17QcJ{&#YPa#W5I`E=K9Z13id^Eq|oBF*U)lmT;sNdOm|gQ zFG3z1$o0fE_Ia-N^&r%{!0omYQ%`>;Fg@{u@RJWbz385gv@AU9jee3LL_ExxGac8V z4hC>}ZHIQ*+7P@|Xz=sp?!bY}>2hp(%+X9l{fAn9eN{HltMDi@irl{0(Sr$|49*+X zUM)h{HL%5RwVgj?ZQSLY@UHz|MC0iYY`GwW5}?s5HUaGRv%Nnws@2BaxGjV|izto{ z&;_2<6#~G)AdHcDRr+^7i!SyM1_fjJ=5gvIOHB6ML9Il+3P7SXr-j$ZTeuC^hkP?H z3A0mzkes-GaZs?{@!diQ{U1ep8cUZkUX9DevGz7^ZMbZx;~ye5v099RT}s?jJO3~M z!+H&IoF{M4Inh@gW*;Y{C&qU9sT+g$iAC~byzf6i1n;T`McH(992=BAq%}rW)#qb= zpkk~IFt-}#m`+hbv$J>D*k7E|y)gXV-h{7F|T3SfxPrXB)fBNqqGenZ2 z^8;OawA=LgpKnjsK2=BVMhc&#G-%z#e57&(Gt>+G+!8jsd-<>R_0@L~4ksuYS2AB6 z7Z>G(x+gt=Z}uH*$5A<1eG;rSZ{w~tZYEJss`<(Uz&$~W3I`KOJPmQWEY~uY`ozvG z6{vXw30%u=3U0I55ZP$-n{@BI+}C6{KGR{8aM$3dP@UkidCfpuhgWy z5QK2CjQKjVg8TdXnIc7kqL}F>pM#mEP-c(FK!px2W|g}}80Tx5{Q08b^Q|HuWWV}> znQoDy-jyi=9RO??0QaN6WPGcAyi&Q!pOOJVk@7;x+ z)4&CFpnUu+Xc=fSIDYgJv}n z-3H?A{1=Ss;i@R|5`hQ?7{itKf8OEbw7TTj4nDSv@9aKl^FhkqrU?QOs5R|+nS|po zq|JmIO7k?LpQa*wk48&<5gKp>q(%?2VOU+a5S~`VS%v7JFicm_EfG~hSncP1MW_`d z{6tkq9!=@YGX*XR3u^+1iwF9O@ts>lYv?iaLQiG@!6(W19vFB-@nt~> zTJ4^w=HJ8e%6uvGj+do&hvuVD@WJDO59=H_H_&D|QCN{;nSPsIzW^i!xaug4$$P zEK{Ije=%I{Qk*Qam&|KSp%7-rRiHZ(xF3v^ZArr#hX&H@L3)((pO1g{HHowuW!sJ$ zGthXC)mX(+cha0O7mafm>QHcNVV=(^X1Hus`U2P<$&Iw2MFPU3=U;qqh4(%0Or6dK z62jp0!?WL+^5@n~hTqMmXA83sauoO332QI9M$=@dnsujSFR1y-7ivB;etf`Hf~~AV z{IOCf&rMY|c(F;ShG4UL)RTJFjiTOjC>cJucE7r?!OWn#bUlo_2v@hz~ zJgIH*=2EBc9nw~HUKH4=SYKEMJDDxFUkBg`&zEL?Sj}*6+u3cheHe8bzrQ9VBeDIg z3~IkTT`1dYcGqH@uhRj`-8-6ggj)O`2CaFaljboPw~Aar0pD;?;j+EsRB7YX|4@0U zj~tjQ?rvO=4?;&>mDl^To~(AMK31J)R_-~iwS4$ZR9soj*I`d0)V%-ebLa(voP!W? z3zm(3v|flK&SO+>IOX==W3U}zDYFz-3Fo}MgF;lQj&)XFM?Q}68J>!Eo`$003I&%5 zPId|5*E-z>><}UHN$g)*8NzB~06}rg3G=$>k(k9(SF@myFF=((90ZY`ne640x> zimb|LNa?dy+h=C^iaRxjE@=`IvSfP!6Z$-eV zp;SeEz;*TP@URmezfO5(i<{BwjNbBbvu4&upI_$5YV%%~HPQ~v*4Br*F)+(Ts4h*E z?^y=x^>X2B8L_c#uvy|5fl{z8ure=+XMv zf`9joh0Dn=uhpu$1DT=hS3>AtgvWB{2$=DSXf6%MelTK~^7>&j2B5z1!7m983B3N{ zGdf(^uh-vXy!4ERY`>@_9*R{KA)Ti2+HSe*SLiX4!N8D9y0ehOz%}({O9-~s5 zJZGb?jzuQR9{~QWU4*71mQi2MGI;9Yh1Mb&^almMa9)c4pesq@9xUhZ+oOljg_*#! zpBFq?W?;rYbF@v0n5c{>x4q++Q^~P=^IDt7Ghi6>;4**M_W}Yxus8^UXC1~XC}k`U zVxSmzP8MqxwHDVu&XDV32be*JwF%j zKqnK{vvBDzu_0j-wSl?n*}dxJgd5l*p7fG@oL1%G+G}dveIy6^42&EKo7@mO0C{2z zu(iKBjWY#7VblF#MjT;0xiatcjl(&`0|Ug!mEUTYkX+RH#q{@96bk*!1JAlKzF&ht zGgaVW=}-k-@Y)u*aaE1M-d=SNXPs%EBDAv|0O-DZWa!SX+~du;p4m!Wt#wx^4oE(sD5dMZu+QfJ?jZ=UVC--luA&Qlsq3cTb*l?3wi`o-`(i zXAGMw14IoMn%p)++lDireX(57od1_QM6QkH-18m2hmV-nA|mjyedK46q$ll;puv?^ zc8ha@9*ZA0F?UB>cVN>V^61@TdhTrvT$*PbtLOLz7~SC@1{0 zqw0E1rCTx-`y$5M4z?_wIt=;rW-fgnrv1L$n@#yo@{84AdTSBnZ2h6>aG%hyYVGr_ z+(Dhphs+Gtec|vq8{5{Wix7u;oXAl_UY%R^Lf^S`vzb{PV9A%s6TXS)ez=QUaPWSG+jH`6=;Ii%fH&c<-w@sfV(YA!UR~yl= zx{g!rdX-NHtcGe9310>o*FOPq9E{kqM58^ecGyOASb%YlW~+Q2+*-;y&bo=iBswcY zZ`XaU=gekM9>E;$ucK#*Pz01pQZ-*FA}U%SH}gIsI6ust{#wDxlNc$}Ov4#jbCi=5 z{@R~) zXW3qf@lJr~nh#8iZbqVMdIQ$cw+V_=0Y*lbi=u*WbAow9rLZ znXjySr5U((bgJ0`4Q0gngz`U-@7|@yRcP_T=!u&lr$fO-9z2xhLAVW#zH9h+i7|~{ zr{!0J59^f%5hRtK*V~kMYd0rLF&qCzuI?XBXEi!4dWf$A~t@X&_c{;2J ziNa8J?0+(dU|bgS@@vO-icrNz}x7^mf5Lm`NfB#hz7RAv-O~}flQ6_%6)wu zZYzxk5H-$T2Ziy+jc?WLZ8)B!IEPobjN+~uWY!>b0Na2w~Js3mUic`?~67fNuFuH+VCohGb# zOABN}d3L%tdzo79=r9z9J?9o*2;hrHkbxmdmcY%d?kgARHx((Z3<{mL#-4u9EYGP6 z6T0^(X<^V#8^N`NTf7VAKw!KdQ}iJ0{+k5eSwHP}Xu#0@)jGMm)){)d0$UMn2UrTs zM@Zg(A&M|G|Bezfmh;Dz-}aXX-lgr3TN{&a17s;FJ`W&sMfe*PNMvZ1%L0=IL(m&MTE`w)R&wDbT(`|B+}3us`~ z=3~wRMrnd|cdYI!AU8W#RG>y?c@R5a?;XrCWXIrOP)qS(h{8YkET*~Ktp1O)M`b<1 zNg4M-QG2xLs6R?4Y@PYY>-5WS+clM|OV#e(?5j-yCN=1-nNGz?%;f&j;7xz5*wH3| zRm0Ny^LH5CSE2p~>cETL>RE=GV`M!bKnmM6Rh_xcS%N&B6Br130b&5Zggi(<63H7# zDggeY=}z>Sue@d>Z3!|oxktU?hTGoaW3<3RGzZK0I}ACZbx|Vd*KFzFT3l51E8om{ z1P>b9AjMW;jR2K?qL66tLlf&oUf}*ywdf- z6mLa+gIBY9$>b+S&o3!I$TPHi4a8qz4ZxopYP!Akz}(j_aQw8qoNp=TY;aBtld6;4 zIF!TB-C(moV_MH)l0E!?^k zGxynCZXp4(2pN_P*I}z!r_H z$423ck`X1xARtQ#^FH98hOE5(L!3_V8?XyB>d_%9PTE=zRFdW4rTikNcG-b54$qZg zDQA8#yBw-aph995ga5>*g|+fw(H5-XDzFQNmAh9GC%ZkWUTn?&{7TS|)X+r!Zd*Ta zEE_CIX#dDN8RA>$Li4?mT_j#R+aN&HB(D3V2uZ}15VE(LMq~@4{|7SnIcJ1r@)}3tyn*MsE~bdEB{G3P@+4q^Jwv)iQba) zWx76=n$PTN@tF34d}RMmQpV z>GpGS2a|~795L*U0GtIj%r%b0Fl>*OJ)KR`@|>S_y{-q?3+Q7q(+!7o{1%+O+**t4 zexMXoXWkaoip!19qa%CcAx4kTv2mw)m{^gASLx;fFCL+Z2)Vg?NCX@`{|S8kk@1Xg z01IL}q_m&A+J6%#cE}wziialor>0Mmtp)GmBBYbH!@_a7mxKj z?3<|!<1AmdE)lvz4)lv^29`yYl0lCOZhA<^ul9BLUz>=6`<+WF3U)O5t!tw@NUN6+#s}&(crYSSeC7=P0o$(qSSRWK{uHyj zIopA2p|gnv;D5rbe}>YN?SWMYv=!nvfF;WMvQ z^R*v-wtwKQ8eU68_yErc!nIub-c_q7$B((9t4(9hjYV|yR{T11#aaDt=R5-51|o?q zr(~Fo?t@5k&>_iSFFJ`ISU-#It^<(*v}XHBv)OEI%T}s8 z9?spw8+>%Ez+nI$&jTIT$1ituhHI3H!Ae=JdqMQ{Oxqo=u-R2KZUbW--bdE6of82V zd9`JubL!*am9tLfu1`>5MHH3Yz&|JBZ7r#O0=vtuX!E~UsbF@xq`Sa{j`bH^BCK!B zb~+eztmlrLI&ZI@C!4p8oP$eF@eG6c!;&b7gUPufdV`f8LHYis7c5x%F|*jN#{!rP zt)fo(4$3lH;yBOc7*UxKx*ax1Cd*$-j-%gQ0H7&t0jN~QBY~`@QSwmVxlyGZW@I%n-g7K0D83lo8`pyK^!V*jAVm4f-H1MpTl7D|vx;&=l?1dQ= zf4YkA1f^i{ssL;>H2B|&dCXka&frC8nulpJAhQQL0Srx5e3Ll|$ibX#@OSL4mm4NaP>1bqzc7 zTR+M_3tWj0_Wj;7>Eo?M!&gGQ>;$mUn$sl6@7 zFqp}8zek6j?~TCufi3ZTCO`Q`y?Uw5*#`g1AuEce(clKD;S|02645C10tv?rOQBQb zD)Lj?e_@sVYOrg|UH!DV#{RR(8EP+A#?SudKs_TrANld9?#lN*Z%t%xeW?q2%zxIQ z!V+>d?QqfcwnFywoI6cbnt0(tDNv_Vga|G?XkwC+<8L0@814|{AWL|i*u|7uzJEB1 zSNN2n=))B`LO3)G__WCz!KrewpyxTe|5p_%-urY1JgNOfQ8QvQc*2}dLD4F{h^9$D z>thL@QETmoUo3zkIwNPt>!juXoN~@B^C`bt6FjuQ;8X*doST)cr|m~G z!)GbztSh}7H}dS|Hb;?9nnl1s`lnA;1`I6ZT`Xs&os=MAGUJr;jp;>YVvl!0BiS+D zUFhf|&(o5feRH2#En{V0GwF>lcczVMdw(qu@IKdIco-SKh@p6>86$=UrY}% zNhQo<$Um%p+dTp5Bt1emoDIH)Ak-e%YutBW8w8u@Mqa4H>T@~< zmWVtORYoA|8_j)x)1M#J+bPMcL$9LFP$k}9v(}!P?~h5td!Be;HO zP^M4kKX~fj$$5G9hU3mK`>hwLen0rQ?FkJWa`Qsu`^=~xOvNyBquLm4LoWVu?w$8M zJuXE5k^-h&##Gm9w3Gl@F4O+%&qmRHNU@(>Gs`XR_NJbA@u_oSIY``4=0nL)!h(Wj za&%ud0vdMNwXB`FE`Epb?{ubgAY7?-pg(4iMf-~L9?SX20_CP0(6LT#aQ0`LbP5pikhU#HgT@Nt z<{X>FTwROX;Gwv6A3BasgJxH|EIt4mafgrX#j0KgLYO^@a3;ZL?Pg&Dtdso&+O1nI z2NywCEQ;cr@g09Z-M}MAZ>D3)oap5j1?hPb?9Zg$PPD9?r+<`xDeW-9bnPX;vXUD; zXW-Y@s93?CXM*HD4wQ^{AK(@_d|3D1JuIR1S#-SgKA-ZEQC^Ez6Z40f!JJGI$Do2XZ#~;cL$IgvPW~_ZLr){=Qh&7h z+|cc$=iK7Dw|yV|fFHz7t=h2e4|kLL4Wcq|DJ-vm_|I=d7Cy5b6Qi`HN&j3}aAz8D zM<=QzhP%gL&0OfOpZd(^(D|nGo2{PP=_Fh-SDhh2W|Lsm9Sb_D&~g9CF8hO2lldLk z)K#43-~;z}&X zDu(5R9K0-%E36$rnajE!UX<|564Vtk#;8JX|2)tyVSZ5GIu~EgMao)Ad;WcONDOe= z&4PO#t$4DSZw}4*&GsnPv9Cq?sd<&LU4tc5%>$$;wbi%@jl%c`f^b5RzcMx|vvFOE z$2Z-@M&^=zye_(;emP8HA&UviSSd2?KSLj0YBC56i2*m>gcP$-g6gu&!^wB|QQr{Z zqSpmLyicFGg!W?0Dn?Nj}@$hy&IWu2% zP|^1$D5eOy{v$KncT@0!$yEKf>aKXz%jJ2%`&GMuMZ$yst-Iy-0P}y?E4BY8SBG-} z%#Hivi#u&APMH=NF(w<*ody0&@xPtUx&#YcT)0K2%_R{%{~O=o|NGG{zlYjfMGyE@ zJb5^`b;EV#AMGpGkf<)#4!Nw_70ng%E4Z3y$NqgS_aouwT|OF$0;rD3YcHV=;!H_psG*-4{8HoSS!k4z>M zC7&W5<4NlyhS}(4N+e0ujqR#NC$#Uhtm86byLtT=o=K8AoUzGSJ(w=1W>Dd#k)@Q4 zjCc^eZBo*(6yv=2Xj}}&!{=gV<$)96{3&}}q4f4Sf*@1P3In-KUsmcXC)!D>klZ4pA18-2McdhANw@m211#z-3UzYNDX*;2TGzyI?I zz=*|AJBe>nnz4TMwp8L;L+$ss_`~nwE^_`n<4c_}8jrh!3=}8G>Hlw3)Ch;lFAIOn zGB<~q7I(t+Gz&lrLjzx*gO62@H3){^S?owey)b3(g{)|YafbCiElIa0`%6w6y^<>2U+%;B_tZ!7xmNXiELvm;^MlP0 z{J?eq@G1rYe%oi^fTSk!+8uD#pZrgfa&IsqQgolZfAgd&92Th0elRA$5bY6;oQ?rIiL)&Yo)hBt5y}=Hq+}^J z(DFQ0kd^zZq{8rYDLTho+Puy{Et@!{FO!ek(xmcf*gP?DEp2z2+&w2vv?i8ZM3S(% z3m{V(V!z)?Nn8rZt!ZeG=OiGU;=U}Pbm421-@1z%;WbjIDvOs{1xfwbhp;BZ4z#_? zezcQ@lfdX2Fr%FDBcLm>YGK7e(91Vg8Lt4`~`u7G|e`qK}{~A0mQm<6F+O;njnSt>5;dpC))keqUP|6%mVg)WZIA z)8Jq9JHw6i)}P2sUVBsGkhUiSuFNP#tnv1S&hzL@P;i`ix5Rkj3-1ot`%yV4V(tCd zlkXT`u`DtC&mtHDOBrWe@h3@Mdo;X1uws(-Yi=2O4-T+S6M<>a#u-h;XyOLooDfw# z|9s^|p-sS2_&*{k(67WiThLga#K)WZ<>}yjA{*q9dE z#v=upa0F>ZS1n&zwE*2E#^R6R$cUq}3-d-DH@vsna^}>P5y7bwk=?sTj(^lEsbed3 z;ytOYmo`{a!Tr8p``*1}pFdjrAt9E4CSB|SA?_;de(#KM{>nxQ;Q0xgMej(Iv9~XT zDXx{&$tWAiM#Njd(zq>b`y~jS0*6OFMrAg6)ag2839Tsey+N2NlVU9 zF!+b00OjcswIZ3E-qa=~EuimsV`P9#GkwTB!pAT(u~8%a^68n_P5K%(VIZk|=?^mf z7+wK{<@xjH)|d|e)dJL6b<0-+iRJ+`Sr0JijoZV0X1KixoooW>Pmp->IXN;fW3#`w$uGhmi>4b_%!c)^&TEZ z==;N8ksO#79L44UCZ4HwhL;3^iM#VHFMm4??C>+xZ9ICoV z+J8Elg&`cM^FvjX942Qbi|m!r)UqxrvD-B-(FgdtDFx*~e@iG(|Aluo7OLExe zgkrLmJa?l0y5z@zYP*bAd7J)QkaNiVMu4Zj_O}z5<*(>+%uHtB0RKJhvoN4ld(!OrpA62yXs<9)@ayKyxfNr;H)LJ&G zr0L`Ua+B;UgjSl2;TR&mOeI6dpdC!pT$pD5NQP%MPXQO$w%8NWQWZ>j51} zZc9NozKNhNj1r7s{LXvWHJ5HB^>UKa?cElVxGwU|C)RD6%X(c3nr33OST=!LVN^r| zFx`&)@q^-{Qpu#<;~wPb(V3o7I;Lrc-0RMr=pkI-aRqLwPZM=`VtmGr3PVG{o!86V zKy`q+g4tbMeNtN^+jk^Oc*fswc)W6`uuS~3FlqRP|N|>BvJ&u zMbR49JZQ0E=KJa=k!$>TYc5qA-_Iqzl1jrC8V6F{p!SvVu)2?RO%W)Gy+>6!%pb0F zz9f2wf#3pHU_%_nx#C9V_#ZvK8O+{LI+~E=91OD zgxFdJC8Oh%H#`z47{w(7xkU5d*Eml^tfA+Z!zI2XJsUn{6&X1EcpRyFt>B{Zhb_5k;4R_35q!i4j~CFEl@ZC2rz zVBBwQC;v^ppI91nWB!RxDZ?pKa-lk(;p;LOU#@Ssz_5S&Q6+tB&%>bYwokXSyk#B8 zxRd{n|K88+KSV*3plOn z2*0;Fp%4qwW$veP426mG-i^S2(M2FdXON_h_zD@U0CbT0&$n=npo{=xW_+(79CO~H zK6&G&8U|^lMG~W2=4_1SfEJcFK*<9*>mG33)!8@c93+?s5?TltTd`8x!x#!~31KKw zYWx+eK!28e1Q9KEv3{S?fBT{%n0`Kh%t0;z1(gc+SpqsfMSfu>$SWjaXIheHca9d` zyCl~!@90n$K|JCZ6H={<$BHZ?JN57vCeAJuB{lnyUI{p-Tr~ESgnevaj$r57w=752 z9{Z3jRaV!g)w)?}aG*QTO#`u1xNg{avrOXSG=cUr6r}B6QK6{1dLR^0pM07(EcXit z&vl!C?W|8x$pn^}))FIrRuQV2vjI%J@ zdv7q@H1u+KQq9cw4(~KN@Nb^kS);2%+@E52s|-bjiZJv_c-ELis*Tv$kNXIR;)IRd z{u0huDGBfTX;9cJxL+{|h4g0%X-oR*^F)?#CKsOUo|9e6)c39eQCOl`7w9)O`(R}9 z=eqL{M7@1?RiL0mabuar`aMsFbfvatjR5lo<4gGfLrVxRw3*e&CpW@dX&An>*kA$? zp}jMr_0Q8-WivEYV~BrGb!Mbh$WsIcREu!z$16Pvlxmyqb!_AXgE?m@&OuiKk$CSn z1oC5f`o~aL?N{xrE?59%!lEUFLQTlo4e1f&C^M@h_a5b!%#RH^ zk|>0GNe{9sEx7P8rfMUuF=HpQm?;Puj!Ypaxg&@T_+wG3rEJ6*{GKQ=i>miq(0aMGE$M;6R8!%tkjzMqF-}rwd zTe?<-PyYVd!+5Vc$I%!48e@eO5{+JDZUFgUWjCh7hLXP0^U1M>V`|=qq{%))dM6c~ zkzrt9_#RRBL0}B>1#-4~r<{-%)D*J<`DsI5s z2}>}p{gA|}Hd+woNZj}h*F#RY+yIvz3VlP)W_y<6Bq&;6G*A=%XCJCSjEsAvJ}tq7{AOKkYaKk!r2JYtsOswrgRw7mE@w!; zbjQ1b>VR|`-ILV>*E5nLgCsQb*YH&KFo^yu5n_dLp|KRh(%zA3JdCg_-Y|W1Lmb2V zA`n^Jk(8J_*F!biR zVv4>Nf!H;K)Wf?1i1u8Gd-9|kn1DYw^iBqX|TcCWJ|N6KG59XvP$<0R!w$uGP?i* z5|?1rdk4<-i03MpFi7kd3%J0Mz-O@8T$?z{y~F;0{*h^B)X{wIh6^Xql;r}Ozl$)6 zt9r%HQkqSBdN3ihc=;0+ww+eFFR(MkXDD(~j98?6GLtPqmUR*VCXQ4*MoDkTO=1t| zu}>sOUD&$<+RGnZZag|;%L5@(Y>+}*y`ZT_E8?Ckr~khefO{Rr6TR_;5ud!5=x!hp zQ1^;k`OmI?>HCecnxhl?c|@HkW@{kI|F$rh3m|z6p~o%ft7qzFikB5~-+lD{Bv-(J zHT!A{+&w@UD8N)*%vkO%qq1E)CZL*#jw5-rMS~!h!SrhZ$Qjee)^fSRM5JQ^2-gf9 zmH7^n_ZgpdD{@muF#a$jPLM#O-$cCJ()!QWZ)G0H_x=EkQ;dlxXdpx~`hJYZ#}HAx zYr`*6dBV4F2MataIs)xOrxpPgMpxSa;T*jsN~G#_q6VXcn5{+ei@`d3h8)+?~TBxv>2pYDd!>;#)QF33D5vHCmAwS~0S>pEWZefahG#(SH~ z9J>3Gg)9RkC);X2{gk|#Nr1}kmpL%>Y@x6B#$&4mg)G6yk|~O!!+?~8XnJy2z&*5h z^SpKi_(1^tF`X?RvkiEKi?atn#h7NM0r3=E)_A^=&Z@caCM0T#Zvg~MhCTX&{<9u7 z-}Rg{h}M_}l;ez!kDDajtrlZ?ELR^ZM(2Ri(+77t1&mY%jZ55;J9O3*M+e&y`$3Lp z?Mb)PXo>Nhd|h6 zl)8x+MfKksijKsO3ZKkQCfh$V&d{yq-atFMV5dcME7It1FO#)+&Mb_SqR~`D$tfj= zuyj>Egk|d%rRqq)UQxP79;gO(LQjr<8b!uE*tr2nrT=&B@G^^{pP%EE=jsU;CPTmy z`w+&y6$v*MQ=%?62aN9lP}ps;Qf4r?^RBWFO;6rJsA&G<5*yLv_d=or zXg-%qp2?D+DZ@@$K#FA`mw690*kJOy`$G^2!y$tbx@yig2g~!RkDQbpv7rqt#;0W22Q!`77IOE`q2I!8`(AUwM8AX-;=B zhD0+$eFK1Wsf%qkz$jwIvW{a>OObQDqnoQa!gj$z#)@H>4;X4C_E;kw7YIN_9JaVl)} zFa)}))N@+hPj$MB7i0gP*LY%!^s7DJGmb&a5L)b-IX~QaOi*T0U+U}w+ZsY{JYa)b zPCN0RotFQpJIXX&o^k1ktgy{|+d{RgY0DkAj;*}p3YHqUm)Ik?)GHXJzNXwZfBD@` zwMq{Diam`&pIznE+Yn`Y|<(=A~v=7b$hWu&AVWWY7BUg-iJ%9Vdu<<2#u`V@* zAlNfV*2Gf3Ic@o8Xu*8ZFOeH(vLx&@fLIZ#1kItppL>X4{#pn(Ux8Z@)xl1YUYb&g zEAxMT9(7mch^W2+*lQQ0&DU6fAxXwdKUrR6ot8>`$NZx|d`up9lBHAwKEs=%Eln-r z{s$Bv7|~QJ1-Yh{#((#Kd#sZr0J(CFka(v3N60p4CebNqpM_$+cnSL#{w!({lu6>zA1)BH{aW|U zsJ>V0lfVbI-Us#Xs8)2+5on6-6tsmFI0Z>`U;uJN-O*0pW?O}tU#8rAc3FVnEebE(TvwU#5$!y zlvll*#^TpS_}E~KoIi}1oDTEIABaA1Q9XS#^fgk0@`atjFZ9Ym#FtQbQE zkltXWMC6!0ir=uDD^l6y{RJ;qS{}*sZy9ti1ufP2Ub!)z2!O1F&~2XL{|zNFd>_;t zD47gF==Ya1Ci0eb>?HppK;K8i};FFq!S!-|WQ+>zt^B*1_TsLw9uE8oAw zwHoe1Uz=4VB%@SMu%p4Y1Y$u#=w8sLLNV@+5;See(lX@a7X)wGs!0w-U=DXH-kIZ= zvUkH)+2#3p`{fr#A2Z&SjJ(91P!?C#dQv96z_lDU^J;ds&p_8VY^{n8Mb+5@%G>}L z^FH%_EnGl<(n1X>zOZOp#4#)3oMA5g4rG_$-g-Nb`)y_JVjp6|RyfKJ7tl>Hv3U6e zLnK)QVpUu$Xn-_56T%Gh|C1UZwHt%ryzJ9Ek2?a#D}R4S@L_o z<%KHZuLYpJSoLG={uq!Y=sHSOlAG+u^)GY~{LBCRgL@H{J`Kqk>H+!RsU8|eyl)!| zZk(^GW`Dlgmvz|{brAhNO6!-Qu~RK7{`J`>}`ka~er6YtV2~17w1LcqL>EsMIqyBt8Mz_?8?X?jSS^{ljb%Dni@L$k{d-=5|I4M)hGexwi(dx|nb_Te zHcoA8bEhD+?O9sWwU*~61CsgV(n+!ZwuQw%q0QW=^cdTR%L6j>HF#%sxmmD4fKnAW zIqPeVHy8#*${ST@HWaJGe?q|;P5*R5%fQ?V?NamD-`z+Ydu%?V(|a1ZIt3}V@I+DF zsN(+;WVie!>g1?tP%uAZ4;#H;`0c+4ZGdb?I{tUlqQ@Hcu8HT^V-cEX1sa9@MOza- z)7E~I249QzfwJnVd9^>zEUFkyMZfl^Fo|(YxR zw)efy_jmuU>;Cipm%XlyZSS4;InU?goTK#{O@HBB|I`(usuRLf13Nk(+G(KCkSjac zM8z43Y2#}~iYf995DzMZyelIm(TmcJ zG@FBxB)_(*Lo{+(KnPX06ZfebQ0q^xGQ}b=!a*J+N!q3Bk5e|NuGo)~$XRkJUZCdF z>tOe7uIphPY?DzbHcCiB{%5wj0*`&SP5xT9avJh@lhY;by%(Z&_|BOy={nN@rDYyn z=;iD#%+mQU%o&bJso%I6n@G!!*<}kyJ%ZQ(OuHs)c5Mjr1I>U?RFd z-WFZX!bshY4ULxmofz<;*riBSNbw+FULX}8zX5u%KYf`&KO-=Xc4_f34~}JaKyDGy zztJW>6PlSDs4#?!mK)71s3@+I)T4jh^$G4EPi)~Nh;=fS4ZmobV?T!kgGW^e$$p$I zZvhF9s??Z+I@ZHp{WV?5Y++*k5)@ZR`J}Kxj;u?z_9Y&hph8rn_`|>mmRY)m4HAjR z9IQh-KCcP@!+xf~GTqdyB1i}&GVFQD?^hR^0V8SKXJYBXN;Y;&-)->3ZrseK&tgB? z(rwTlRm9{PHtRYeKuGG*=9D$iL`4n-YBnn|<7H$DUWAGTBsvYR=Ocx)tS;}Qx_wxc zUbRg(48IM(JRXXB7-y?)2j9o(E_A#?DkY{Rxsz{et1WqmZ>MBu*PdP}GPoAqDXD{5 z$KpNt@3-0;(HH%adcUlxo=d+zLmF|+7w8RN*rq6_X40mmC<;bKqwi8YD>GiQ3BRvt zZ{H zpb<(`yvwO*iRFl<$+X1oYyF{AWAT=I1^nuc0`~B?HV46PJ9Rt@%~!L>o{CUey0VC# zO>=F2py8niiFxz3COFsz-4@}-oWvs2^VtOV`JaZOxzG<_Lo@OT!}`zOx6ls%7-on) z%SgX4`yT7Fq!P8JQgSjAU}@QRpEA1*ghEPG2_E4M z)msk6sW$!nIFvqO2CtQUEySQord{Ed_5dK%B6wu|!M&R1dgF+z%h zNx7%r7;L)1_x`=cqn%^m>g)U|pBw+fbbbkUqkJmgTaS1g!Kr8jPrBndE{iYHAM47; zJMjWXMv8cM!|pwpaN(AgFC5gSLbJ*;3MGe()LSn7|Na+RHqnQRX;6uo;+~ri)h0mr zL;pVf@&f##)6?Jz!H|`O(=q3kag_F*QnCL)OI_f0CUpC2~|H?o3%I=TPHv8b~k^u`vJx(Yl zG>>!Tz6anyiLD~%B2N5bEvg4h?0{r}eCcAxAY_U&qnW1-E!wIOeef2*&$80cl43$q zBt-JD9i*&5S;jx_x-7KGwf6(;jD%vD7Oo47cj6=o3Q_xvb{mHevQA=&DU zIuWLrbe`%eN=(=56`NYJ-n&3iU?tkI3sh`a%o|5+O zK`ZD4Lcp%CxN)L_*ki`Hy*N1m+g;a&o*q;l19JsR_Th}NW#I1%&aMALK}^8bDUqq~ zv)SV92NvI(5mpDI%*}$t+9>?qFkINg$CsUND|kmN zZUJE|sDu4`Zue+YhTSM&EpQGRJ0#bOMU1b`P6o%}Us75Za1d{`)=$}{QAN&oj$Hh4 z;d<8I@pXJ*;t9u)bZaxUG--lmEY8E{HGuu+;`f(dRbA(EH-8tH^I05edAIGWTi71< z{fDyL>mAq-{4Dd`huvo?GMvWmGqkw2&?5qFVSBLGeQRu%A&|Zv+K(L#!)xZ-YJF@7 zzM~{vwj(}^ii_egRXr;KZA&cqbACW%IQqsw`z2yW&@)D1QMEp5+>)`N99iCS6tz;9v( z9AxN-bS*_{yZjbH$}kqU&Z;jX*6)xif}SdW~k zlj>kHW7bpa?j)^6)mab$0bQoJllU9zqWY4-txXn-IA$I`5re0e3@E?W#K$a~BXFc{ zR<5cVt;mnkseZ=9kNpZ!Ib0kJ>~cn5s4>LXzaR!1AcIl5+`m?<4)KxS>dgK)W)Eix zIOJ;x*tMXYw~dzfpuh03=|;j-=uejlQYlm@(zYq>pFw}e!FMUI`h6#-%j;lY6^9{Z zxcf}Iws2~Wjs@i6`IobgyE{Lz?(N3>2WtJ|k~^S&jveSs!EZEi@so>M?oUg=barW9 z+f}G+vyG%bc0c75?|$<&nelAKU)B&K1Ea*Dky*9-Sb2e1o=pFNVDE7p4v-3@g+23b zw(e(XOatK(>+{%COEl|h!q1In*F34wT*jIw&BFrQ%$dA~%f^WwUF6#DTRsTlQaZd6 zRW-b+>kt_0#Lv1g$bB}1=F5**o8ji@vpR4Ys|7@qHF8h8^~r_#Fl;n33&Qx2LvTc*GqgZ5;T!<_`uQX z)UTaIAYqMF%*}&vvNa1_XK6IhqOJEBgNJKheLg>pR4n+iyhJ;de>}*xO$^Iky$#x1fs*3~72@gMMr`5(-IFzst25(-cc$ z@ZX{PK=?gxU%|XA<}duf-H11pk>Z6A%c#>Hte7Z~k${j=)c_*azxFQ?F4ghsV zb%2L2zh0&ivg8r}&bVZR;P8>|X#O<9vgrdvBI|#`SOj+B&A?vPh*nw#8*Z)di=)~L zR&&@Nv{fT#^KV{bv2qm~ORVtJYwIT3ccf%Qn<&;A*ak|+i?s&4i4v>sKl~dYw?F!+ZEsD+`)2N+SA5zn#HQ-Ebz|Z@NU!mQy2;xcQI+=^ zlyj7cfe*52r8=ZOdf2*HDtduBe!q1nxrBQDOV_j0A^D*ytFoHD_orl>wVZJB8D7M8 z?qmH?1H%b$rj3N(Zz_{D7zI+%Gy#GydNY=Edk1nh;iHaB?|#nl>8@b2Q5zWOY|<~% zal8EX$bSEPdcR|=Q_$>9qUJbtp{K=r3h{c1v8cfXtJ^wH z;u}CG>8INX%&OTmiqyW}QhdylklU77bjJ~I8Te)YQPlKfBK>o>?Dr~FgEZ$X!Pgqn z`UA18rc))yYgu(|t$aVMbkC21;_<_L+t{bvN0Ra8PxO+ocmP2f#FRewM)Ca@$i^qH z2HJXc-`|VXisH=e%|?F2IAc+v#?0Nk?XVzyf5+rh&8ja^`C?~SDV1GQHuK$L5&gT8 zXSC9GnBpsDPP1W4$-7Cx z1Q|N4ElJ0QU+>=hvWJFa*S>VYn{y`dN3t2$l4kW(!9yopg76{3`Oa--9JvR)YJQR7 zu!#))sAbK3C#hcUmQ+XL%f(`xK_zlYj z2@R8{s*^89EV@bDCw&|vzNKnLo#B3VV;w9ZH0e6NcJQR0=}eBq3RSFQ!{^PPh7SGA zNsNO^?n5hOooyjcxXrpam;H9X2vL#tMuCE4%XzkyPsd@02?linO7qo_bRXexC95cYs>!rui@u)x9@Ph#DU=R*k$jXtA|M1f>f2JlVZu0VJOalt?9-S($9)Ky6vO&IvLFHBz1S!m=m5Hc!RiB&7XfVf6rZ%|6^uYW zSIYIXabu8Go85knkUI)l*a~#toT)!~lCkUbfbQ+GLe6HSxA9;&LVB^UtG>k=>2iL#{9W7R(0n`z)|rrs;+U8Q+q7Dm z*d$L1O${D&`!;iTfAW@djvYS~)Zc6s{vVi7y$2Gr_OL`JP%tOESHR1LI)?K}7&(10 zIJ(1p`;9GGXiu?mmiX^4rgSK~tUIhxe_bz{^alK+NG*8CuzLTOq>zojA;UcnP6YWs z&-0?nl>LJR_5$_U=zp(N6>6ph=L?HwM%q>TJU(~UtPaJsOg+xP0)!yPXOnEBgGag+gMHG!JZ+BpvAS!G*PvhKEG%K44UddWqvOAa_h65P@sv z^KMNBr`++yY6NvYQ~@P4k`P<4aA zEivuvX}#6z(2oB@Gz9yI;eZCq>H3$ZFBB^YEL)%X8XQV2eyZHfx*@^hk#$p|_}(Tn zp;=pEU$1svuDVo62n(Sy?G@{YfrgAH5T{4j_a+wZFZHKA=ILC`xqem{>$_J|O-{gG zaSix9hmSR}yyh%lsCbP-JUvKWX}W6c!=@RkBATA5o7Fx+53P}ZjkTv2t_X$jyy4N; zC>`v{v5J27T?t;xyqPi%8wazDJ5X=ncDp2ST0j_{u*R3u<-Q|H=F04iZu%zb*{Omn zX;<|TNr*ibUo}j;FxD_@`45Uy{@+LC2$7Q9W~+OU4&5-(6jE~i<1mlF6n(a69C4%o zDv?S`24UH&lfNhzi~j`(I&nAC?Vj^58b z@|B}6Hzk`-v4MztaD~@sf7Rj^c&j)Ip_Dl8zdn8^=>zBYAKU{gDiZYMN!S>!y0!m- z2wTe6XLZ{A*j=ATYM|l2AD8Tmg3b*|J*Fvvk?a~*99vRLSqNAFKRy6)shnK7_Qo1% zA51RCJZp)#&L6vC^z21?C#NQpA}f`Bg;4BI5}}LIWX(m!l=pxh(Txy!W!4R3eT9Z( zMD!r*&+dWh{`*i~;ek!%ZgCxi~ zn%N~|`hAn@C3Y%}`vYhbgdS@QyIAR6gA@oy-J)=zQhoP{xz&yVwOt;_HR%#Tv{)%f(&jzff;; zyQ<+{=4y0`UkIrg{1R-Iu~mIxSvq3$mu^&}7HXmZJP=J1d*^g5)#SF8!A1D`NZ`xL zQd~MI`XL^f^07WHD0Eevcae~rQYgq`Y&-O4$JgRyE;3(=enq?6J#t+-y{!ks95n);|0-8Lc@J}v zwV46=cSCB&zWoPXtiBA#xLnk}j5L3`kTSoy*=GO?(w%;{I(SfUtQ8FeXyQ=OZ)9q4 zFap*PUS9`Ez_@P@x+f6IsTbYb9;y1AiY-hqrn@wiht*A77LBPhIp8Q@Sn3O;ol-b< z;*}T|D(W9K7s)N&OD2aaYB_o|-_ujgAbR*3%;h0QRDv+-Zq^(127#kEX~*;N7d0?W zKUa*!bD~?-KQvl}$;w@Zg;`-{Hd=s4LJg&_IuqMEcIZ7_W@(+FXLcXR`5?RBrflY^ zxyI`UR2ROEE3o=5rrqkU*IP~WCJT5_&vYt%b8QVT2^Hp?I$H!8GvTXx%B~Qg?o3l? z=fl76Wt>2|0kOk2gCMpzbYNt74M)_?!M-m*>>qlTRv8L6AEOj$%ls7X@|dL_5$4Y7 z2(?s78$UW}RRClF;zC|EeC>J38cLTx4g#|XKczPXl->_!b=N>hdd1%{D)BvSbgu99 zdL9758WF5=+hQyarQ`rY)l5TSN}LgalK~e9_vQ6SIMrbz$11{NvD4Nyr-4W&fn z-_YY0ZPV3L{bXhT)gfCAAN!^dPZ`c9$cm_)er%924m0bsnNUNHlsa66b0Y}vuz=p9 z-!s%pviw^eMv6r8smZfX0^>r?(H|)bwF^6l$@3BG#g7BOMN1s8;s{D_M=b4k;?|-3 z{Hmgq0@ND)!OZ=SP7LKc|GlGLtac{6h4OYx@y78YJIe7qqj>Qf4Xk9r&rrm>r zZ+`R``h^gfYw@cREq3JWhoZyoYG}@$)ac{3rzmz=Tmfz;72vYCDp6q4g~jc7#pR}r zH(w8iYrqoF&(M8Uvo3zb!Q&&FkJM?2LtJg+==q8laFd3Z31gT!wDm|QO`9) zN2Tv`_Nwsda!?PfP^%mglV?BNEn2YN{(I>&)GexK&%qOZh4_^lE%Uq<5wbG@mid&;=qCHM&B=^%LonW$o%1&;`iD;|_evQ}xd z7wzQbRc}u~{uGhKK3jAE?m?0{k<=(^+@lEcGhKP%H3vL$5wb--gn z53WeEikJFFT|~OJr!qpyN5cyj4Bt3jo!b59PSBxQGY`Z6^QIXKbz0zHyRBa)Sx&N4 zLJ16H|N9ifyks>`#;~*d-OYc~RBx;8@^aMr-QJRRC`^F$du?xySI!-=o8+w@4q&Qh zj75=9T+ISPl2Qlj zOCOGNFi8mk3Vzfr@7g+0|7R(^c>IwZr@;$bKoaN|B-QVeKe2##gKp#2Gp3SPXktRg}+& z9mnD4V@f7_*-3+wC9h&M1M3*YYnGO(TM>J3&~zBkqb3rL+~z^7#@o-CPqEGdJ!DDD zx(UbAU>)7mca$wk-w$#xf2J9hj3nUNZ`NReS74-pFeie{kT5({c@7lTQ-dPnW@}Jg zG-onplzoo>6Z@%O63G`oxaPI?NwIC_qdR5NO+O7A?_HcIpQ5luh~a9CTZKeoD*LRx zas5C4*ofp@ur72t$~*qENQ--eTTHb~@;Remv|QN>k2I6x&*gh=CE&-7|F4DJK(7vYTER+7wwBH- zP@9eM10oIqA53vk8@Kq0;|96t;i!X;v_6Nc0#gpA)~J!!(Ga%sx@NZ{HxD?G!Mb7- zf1OkUL03-4u_MHo+8-`eSI~<$+oQ6xkoE<%TrO_F>4F3zcG_J_pbtXd5B;cj#6+^` zEXqr_ZEG<0I-4KMj~yk|4)dyUQgJPB7|dUTT&CP$0GCC`QV=!o=^lnGD&Q%jKZ9G1 z;Fg_(D#3t|A`_8&xk{s3>X28rB z4I)HuqF?i@qW10A$UflPL%ba^Rd21ukTBch1;iAzAT@*ADCd;%sIrE?xWA;6U-4Mb zJMn0BPrEn*5C>z7{EiO+4#y=Qb5si?5aM?*Rgm|6eaBtt6CnC|DQgtKJlJ3OR9j50 zKIS(ADyN+)=c-}+K$CcpDL!^T2D^-8Cb^wrv7TFv`i5cK6>Tx=hV=A&GRwNRU^^ey zy$o3U*f?-}O1rNjAWd`m#Td`R$|A5zXWLTB=attT5Akn=ilsDUPid*@?&mgWL04!n zV_e`ld{w&i4S(`tApSG{$X60{NLY#*;`Kj)ftg{64^5qDR%I>#^&6b3iTGm*Phs)r zGGVu9{Z@=F^D-fGWy<$wJ^nfIV;}qg2vM8^O-6D*Is8rEZJDiP(t7G04jdJoLozo( z?8$|b;Jj~T1yTS_tQR((LOs`r(rWO>65zWFg^r?9Mu3WzMqx|f124LZ#ZX7 zl90mmR+*<4cnosb56|%r48QpWIMM-?>DG+t)94HxhqiQ~Z_QvhL$eDU99Cd;A z{W<|7%TFG#vI{x&rUG8#SV}Z5efSt!X$m_Gx0nVmxH61snF20(zL{3JJQV-Jzdj6y zzIm(Zmir5u8E3=XkS)8!5SSOwT}x0E>7&X<{V-9$PA)Bl$bM@AJV|gP?LxDYQ;N5o z?0PQ_d-vTMYzi4g-#3DcO0VeykEg|1C)5;qt=HP@c9yA5ED3ltskiBGvZ6Q%|91mx zhurc-C03H8HH?D7CcsVWy1Gv(&e7BK3Z_+SWiy<{KV7u_Fo!EyxC!A@>K#%U(q-z( zLz%T|^rwr-ysd}^L}Ck|dhkbmPO#uih$_=5_Vd`(Yvy`JOx44KmMDX5V`ttBX=ha+ z@4YXU&wpQaszC5sMbLIs>Gl|A4yji;jmJiz(5<>R7f|3Gs!y~lea6uc`gX(iCRvVD z!+SZHaLE>S#HI9uCxj{%U zxEfh}!6d^L>3EdoYJbw@KDC#^IwfpKJ^<>W4O+tksa@=jscQQ5P)rH}NLqVteHN#q zPCn`5znZRVZ4_#PF?&nNqnW*J!dnzpUNicxhGU>TML;IL_ZJS-M(!f;o+RwQY>ih^ zG}G3$H>rh9-@lAHM|mq917V@SkKw|{o&@mSPQ1LxId`q~uN#?(!dVO)q)%TkN?XR$ zlT2@n4kh<0ere@jjP>JhmDQ+84U83;sKY-$X1jicP`a}0PyUaM0N0^=uYW0bVbMcU zdNRVl^8?>bofOE6QfhhT3|~EYVQ2fGko$ln_df9Oe|;r9^N?+_QtWo3sa$2)SLUmc zNRrAXyQ`}*QP{pv_2^H9^h7Z<95K-dj#vD$TN+`Q@7=e!k{yJNGcWt|64)OLDqy<) z*?@&^L0$dGP(BF>sXC;T?B0l*C}6XfYQD-(Jm>igfU zr574`$-G^Ncj+MCe<}7G$TNEi2FsRZFO#;7SgxrfqsGY;GVrqmI(yjVvfG8Dgvg-Z zoJG`LRA(Gt7k2`as05>@*n(zOFbM1-Af}3y#N#&=yJnrgSPey_+ zqod00b;>s?nBxuK@k;!3o(dGpl$51U0pF*C4)(lAn-Wlq7JFv z7G*cw48KT^!;QtJH=big{$>0DpT|Wv!)Yf$h$HE^~~r zvFGUlA|?q!q|vK0DbWGD3dSQ{>n`)WJ~R9A9Ju*7xV`-JQDecCkz$j?}M zKvy7dP#*cK;F~he!(h+CDg%!`f&53PQLq5Nk?6a^Cm{*hJ5f9yb%gRygr4XzC$aIW zV%%+5M7CLVzct~U8c0foi*3}6Vra!TEmol~)gdXp~ivFZ98el9zuaZ$`dpp>BLiw*su zhMGRkgsR$3I>eFc?a1wITA@dHs%>PE+F@`F3@ zTnDNF?LBB=Q_a}Z>RX%G?j@C!>bz_cEmf2`PjP`?mVkl)#r^MgdD(qQxyc1U=ng#yb3)oSlmdYw!`QJ+yrc5nome1FLulCyIP zgX!xAZLxw>&C%xuQ-MEOw)!rhEvFqGsQvOX_JYqz$O11^_Wt#*`B%!oB;VoU=1FHv zn`fvS40ELpoR11lag^s(Uj?vliG!utJ9h&?X%wCmc>!W{)ox3I7);gs?Dyvz)a5a$ zF9s@oPFi6ar@$;kmD(&I=0NKg(^PrcY{$X$ekos|c8<_p4I`1A3^@s6YCdD`s2wK% zqm&sdDW4;&{sd)b@CCx-#2HeaEL}_ITAK|0Am@`W1MN2ht+y?_U&0 z{B=1l2}FpCNMr0Z)pviz3{O{_29C8)HrZ*YLT{I-Cn145?)z7Z&Ql>5<7813D6>-u zK}LTBf2G}Xw+eE&kbI%Ylp$yL-zAPyaTYa7rH_q2G0pvT^D1^u6aa=tKEC zTp|T4PLB#i@*gzU`g-~ue=^V4-{^;Wcik@U!+={8`{M;q2TgJG`nG57Z4{!1T4wA# zn%?^H=l77+b_YFF3mKp&aa#;jf>aA!&NrvpS23ePZvT`I>7=aP}e%>IZryTB;R)p`n zS~f@MPF4j^q7PSP*ZvE*y9?EsioC;dMpxsvc#%F7yqQCdEoF6w8E@~S1)(|M*NHokiT6QM@4AEy8KbqvK+ zohM3cM0@P9MCpze<#A1|T(4Z0kaYpl`+BvgMWF<~NJVxKumvgA4A{_d6Fb9gOAkWC z*!TQaHda6;0f;ffhu0>OWlN`Rj}F)1x6VudE=#4$)FzbCce!p>5IZd;wUA?a`yB+W zaZ2AN@`f)crR%!$G?R6D>5e`0W@)#+$4W)wV1RW>ObnJ`S-P?~8o-`s0Mjy;@~**0 zP<%X28Us37(Sw<=j4pI~ZJD}D8>9O$>m&u#Csu!bnWTKFedTh+WBHNjR@bAEKXFdV zP|UF1)Ki3XN)>lX=f|^=y<0{fsX2x+FlrTAB3j^Q+;%_)(dxt%T;WXwc{$!Zt&)Lv zNPFCaubhb0XDOMvp+6t399UQE*<*&xD{6dfk-)kG#*R9Wg@bLJ+z1q zD^5&eyok=|u}7gqJ2*P815Y(qZ%(eKK2|3N+zh?{@;(wKN9Lc!d;ex&B^x-0Ox5y} zdVFAl^wir!#oZCSzsU-rjiWO3Rx6o%=)fU+XH|1lk3o|gd@l-ouS!`nH1(_t(F?-7 z%y;dRoXq!LdQd|{wdC%(c^w4rZKC3$Xl;wEdI=-4JDCS=&O8>6Tgp4H3sSLr+DU4u zNcrno!vZcAPPZyVyviTLaHnO~HQsAU40yUsfw&*Nq`u~qGCIjqD)DL5cjBc8+g zo*&#xjrsSg3U{#xeHZTrTdW)UiM_-O5%Zf~3J!D{PLEKYo1XPo-(2i^e^&ei*yna3 z{?raw_#90nDe(n#UrgS;*eNxEht2t~+y-@AT-lmIU9g1~8|yW_WP;|Hh1n@;7*em~ zwy6hxSqpK@X`X$*59z{~VS?X8txqIhhf-r>^wV`#+JRGlo871r^h0BreT}9a-{IbO z3G6*1a;g@ft6JiR??~UbFyj!*uR||qq>_9Gh+^Bh$=ru<8R~55{dXD#POstr0h~34 z3cV%TKhv7WL+QM^rMb6FcA?S*ONe>mQ%**oVF4qb_|zV_suW1tl4+Pk3T1|+ubF6sq8yLo5z6z$jxsQs7`R5e^!eF;H0T+_BXR6zkhpL zOYR!&xwa<`ZrQxXL6cm}5-fl!W!y7boSPaoGUV~_cJ~VQa^Nv8P<$F?Oj4y3odQpN zs_LB%%Z1NT3HxyBx2xxnlpC(-l7)F4o%QRcE7CGLLy^BBxIJG6<#@ZGWSPsqNu>`d zUX<|#?GNpMKJoMScQgq)fsuxY}d}EpHvoZq1BDL z^KWWi=oguLiZioohFdDhx$pu78LGYnQZV-F`jwavfLX=rB}qU?L_?s!M&_B}!Z$>M zbC96)zOts4SrGSNUi>Sa&t)U$G~17MsypqL^^B*(Ufb{59}DfO^TlnPUGc#r*rS>%_m3I@ z!DY|cWfvL^73W`r={OgS3EXqu0=drd7?W0=%&h-*#v#@R?e6wHekA((AR2Mv-N`C_ z#m`n4;1zql3de)Ci=6A)U54QKPR3{5M6o6eh6CA zLf?!*(y=>~-ep59oBd#{dH&(1rmrb#S7$Y?Ons3x5K#=$1l=Opn^n#TT$s8Txa{1`+Yv=Vj*N3M*G-uOzK zWEHdZj1D0UY&I%Vws(gElAIUOR_8x5fe9E3b2T2&)4FC}3@K77u4OwQZ>O+q&M$`4 ziTU0227TU_-fx5gp+Q+UI4MarZvAL68f5gUxU5_nQ|T8NL7LhBj@R#YvZd>i(MA(0 z!h?YtV4;Yg{ZbNUF|E6}oX9pu%ASbHe&v_K0S&|jSp&z5>n zwW`@qCK`3%Ndv@zVrJH-83IUdE^GZgC9ufNDVw^|)m!W}+#!J$3W6c^D=&Eeqro=gW45PNI6et!*i}ER1t%&K@>#(lid-PaaSO8 zog*P)OyM;-hyFpieUWF`r1;HnWZvsMV@Z|g69wOb^10nf<8-}NB7phaWs=yPw6jphTQsZ z^sBx{-IH<<5tL@+`wm>Sz@RhT%KeJYx9|dKr_V!;e&?xB+{7=g)2&oZ4KT7hsrk!k zfqzCR<#o+(i{cm9xpEQt1*|xb*iZB)vkR%P-#X@N+jfH+7JEZ&7T&*5GdT#R8ECp& zwU@!$sW{?0^2?E7MHz|S1rwO>OT8NDz9mQ!M}3qIRkLcbo`2HW>++BxOlmOjdR|oe z$>?O~dRCse)mzkn5lEwD)vJn0&m zW>f|22@Nl2!vAUpJzM$iBa5olgzyIDC%Maw#`+tSln!N-(K{Pw)kNW4tjZu|I#gZX zOI#bk$f=}@{nlOubTM7xwzU}T=bwrRE{9$)fnD{*gJ1bd#DiDhdUe!x0e4D6-U=@46R zWtL81Z#;12pDw!MQmJ~bZ}4@8x2MobZ@UBAj?gH}Jk!}GXGej}XgT=u%;TuOUxnMd zpUGVfwF+Q39Ii?Yu*cw%U72g6eQkCrPRueFATp98O$_=>E61PnMeNqm9xEJj?T#&- z&nGe~hIjglOJA+W2+?d!uqW|{V|Q{`7i`oehWshnS68ry0IJvpt>QN1{>Oz8B-~H^ai;DP@Os@M$8LVUE#zDRDX_U_A(=zpviwPh$5{#&3Af19v45x-KHu(@pAC z#y>k~qToh8@^i%G=Xio#`pdcc-K_%&$aaiboZ`Ujce7HxU}woqo_!uea-aG1%yKC9 zRD6GN^~R}<7F4v(I)?r@GIVvLBSjiezu?BUcE5|2oE{=2aVBq$`Ky}Q|K&i!ukQK!_LHt(5uMPmmOn=gdOeg=o_duY)$)PFLoVr4{O?) z(tRC;-+;Vnr5yzHOKX&`H>@6b(D{MVY!eg$cAamUBM5sO1_iLKX-hc-OWm{n zaaeJ;kw2bc@76S}Lm}2m6X0L`)hGg!A{z#uC!dez&QR;o;NNE5zJ%B2QA}QSK_uD1 z*L7}FdlOh@OV(_7eFbcij4R-j1!BF9>j}NR;j?_OzJ*{P^Vit0>feO_v1tLMu4R^i zvtjZ6@fY+&xFy`D6VgBr@#M{}S(g4rR4(7z#4g`PQq>IfHqUO~tj-;tgMSKj9GsZD zD>CW8bJ#uk0MgWi#u@+B)pd|dr$uf2R~A4RWKwd~Mw%Ft%JXeztMCIPAl};)uopcN zj8EP#OaHK6L`6Yrz;a;qqG5bkzmhRT|HBNc}D9KUaHcX10WW|Bh1y$vMod z4SXkH**UyXfm?gPhsL3Vl2 ztQaXN&T)3YF%4Wbzc#;RZluij5AfClT*=pMq8;QK_09WhVWcYPJ$#V54Q>7#(N#A= zw*8-{Mh*8tdxqtyS+AU)F?p5=CSxwfP%V#Lo1;jU=jSI5lRaC?4w6$1WS{+|i=$fo zLi`T5-cqvJGNqqCXvt?8T~GSOYm+^SwaWX}Jd*Dr1TF{Mjat|9OWIJyA{2b6r|(IL zpjE|IyTY!XCbw$?PX~eFrcK>S2}^wt!)L*|hH#K&cie@+xKZ1);|Q{^O9YCCIA?^c ze8cSLJY#V>kKnpinopDDMf?=P;>mjm@{{(SZhp&Y*TEb1)Z31=P-1w+(ry}Hx>P5F zm$V^Gl=K{Yj@(?U$Pd1L5u{{p-L>C`>oe>~f`5HLP+E1?HMqDwzC{F+zRD`%dj(*x zsb4zZTgY=+s;5&83e4H`pIwIkI!C)o;YMYsU4Niti`uP|1HCY>F$X>l?3r#yUcmKI zqyTVFJA*m;3-wU8L%;J+a-7)`q;z!#Spn* z7YQm7Myt2~`~KGWJctCyUSlWP$WD=qdU(fV1}@O6G3UO){dt%B*ub{+K63lWQ}`B0~h^|zSuvnq3}@#z)@VF%76?U_A<0!zE0 z=M~QClSiG`YM&5R{hR^JhiVvmJYUn^!+>(DYa39~0x%Qi*OiMX0#x-ecl$`d?1xTgm*~_F*(M z;YaSGV+TMxj(vllp?eli``4gN$=&G#-rz~Ee) zi)c|N&wEh>`4GwjUrk36c9az)w+ zbLN*p^D~n2)f7oGC324B)9m8Jh;lcv^Ui1(26N*gv_A2kaM%CLb|h!|6n)WM*a4uc z!v1LV58Xd#>L02;4T6GJ4RdEUi2GoFs6%ep>?{ZLTus-@p-MjFVSrTO$XWlUqfgZ4 z^z7QFiHeJ1I~nQDlS?4E;5?1J*Z#*_u2U7@$@+(e>t`a0b9WtzAwkN%Xyn5K$i#-i zeuFAsSoQlr?rl$JA059#lQFebWFJrxv&nuyZb$S1@K?*vDM;uqf!@TI7mk$f<5Z=f zw!I?NGanI#+PQ@bsFpgwA?^(X{T`E6 z8YP5cfc|>109Xr+FV%$xR<7?dj4e*Wfc|-7PhTOK`@KO(F(jLqlgz=$&6+3-o9~o0 z4^Pw4(7z?A+F*dJ$NxaTLEOC{8^7U;q_}y=4kk@Hlon+4{Fk!dzIV&+6Mq_+>m&q9 zYaUg9v|5-A8C>7mY?R&ni`PH1QOR9^hZ}@~C(j)oeQey3HI-rWK(5BZa8NqC_ZLXk zdd*lW{gQbdde~o=06EFJ3saJ!PXd_YXJ5iGRZTFiGrayNxZHSPR+zjZox$1I&T9J^ z9pR`|dFS@9$3z6Rh0S{7RQt-!mB)g8`OYn@3lUZIiv43n{LdvACVuLSD3U#8p>8|w zY`v1KWE$z3P;26|nX9Sl+)YprbQ9-3755&=zR&1$+zam5(X$^Gt69)Q-aS!iCdLx$ zTAY2@hLJM0tM%p~E(E$>>1-DaTg1aQ<hP$ulW`UuySmLJZ@N(MoV^}1`_tsvRe?Qf?8%XqUW!T7ov5O3alu{;ORN-!bB^gO z2Zd*Z-1)P8Vx;D=cR=K)7IQFt3V2fyG?CiYBY=+dwXae5SxOSN&VSJfdRBeUp zttuHW5Prhfc$?{+pUwMoFVv&|*xP{;-@pZK$Q%-Ke+&wP_^mWTZOqBu?!=v0B-gI9 zod-O<{H+L?F49R^y z0{fOVNr^Lqm|TY++AqZ0@7q>OY!xQ-8${rA3HFWr0H@aBhWQ&E{T4vkr^J^*|Amur zvjk?Wr7Mh2M)Tk1EG&%T9hfQcbN?M07wlNBMP#6t+Ic|qB#qR}l>y}J9Pz`uLsg?q z6pEti@P;?;e;MMX2(of1_CM!H(zNPNQfFs?aHB9@8@EgVcDhzQ$>+DWpFQ@E3*C7Z z)MfDR)z6>aIcK|3Mv3C6_5DdzUQJORVe!?RRpOs-ef9fB5Hv{u z^A7BCP6RfCri`C9^IlG2{4Q<3B6GX8rL80>rcP=mhB{>Fj>FZcO7A&?KKHrvaZhB7LC=0X(piBd3T;<(B%pC746p|MG(&~Zj1`MV?P7YV zkdg%1m*MOMc}y2sioLGahaMdI1CYxqb9D%6gL;T`4@FV_M{qMq1s5D<_l*ORW4zYg z0+1IHXp^*@zn*r&N4yC(0hhgHK-}C=J-`@}Kxwi(X7ror!j0V&=Y%`5{TV1u7$2wNAnq8qGc_=ElU^iw!q4p@XoM35-BF38W4=%&$- zXo*t?LJO>mvZ#MEyx$cVnTwwSPU0aFSX$^;*kCFiu_b?LXELm*#ERTFa9anC>dNp| zO|O(+!T85sqtytkRR01G2Q!a>?qQ3c#eI=_o(BLMOP)j;jd=@CN%qn*10gH`b9Rc{ zl?7xnww>0E+`hwUe|oz-?Skgm{Q&z6RO2#d1AzLO+hY$eZ$}0i=gZ1#F`qHarV}^>@T-t zJZKWbSR61W9n=4lYPttqno9Ey?=6qd3?`=VDk53rg5YD2K&!$2;;q)~BUxVal1N|wx;}(Hv|s-n z%quQU>IPS=x$kDf2(B%C@3!7l6}NK#G>W==uLU8&U3)%bq78h1V>_Oe-Gzvp*hsln zDa*!?96&AbZ`bq^L}lylyIYB}?BBiTp(U-JcjM8$!l&lwbNPV;0NDIu0rZn}>=+|z z-4MJ5zfObXVn=V7+1JS4X-)*+*3XPuz{|SBRdt`@s)ySg$hh!2YP`#eo;>0nTx@uF zSy$f7h-g-{T*6>LHDeS@LqC7NPvX(jq=Eo85l0oN2ly$RoX6W&3+?)T&yH1U;sxSl z{AW1>5!*KQ+^apKM-!wN7#+qr=Ul;Ig1t5D_mTB5=-gs0+E9`q>25%)hx>$ZS_K0^ zAl}vCB{7`kpe`rOGqw6ubi~@xiXaua&7o`XueIgV{s&ti^4~-;#<%HlCDj^l&hXu} zx!XoR2HXVZRfnGB$_CV2hf&J`c!nT9#k!UjF^95f&PXJidoSv?zG?P;Wf?Vaug4RJ zA(;s-DC*Tn+aI8MS(D%W%w+y)%MK0*a@?FiZ`M5Qj;(O~XN6OQMfp4}#$N%uJ#FgE z7W9*`=g7!TZeX3jm$4SJKZWdjHH#r^i&_1DVyD887s^~1k}co`>f&{z%elD+i56iX z(3skg{$lRWTVIBRrFh!F9(0rQxcwH$rRa@1{l(D08GozbiDb~HMclKni?$xnx9CYs zK~T;T8uC3r&3_;*aZPMT@zp|k=yeS=S<8${NYV4VSr)v(E{!(sVS1WPFCXk~Z^P5j`lSr^X1-t>xTi*K2=E;=g0^+a}u|CF&(M zigcHAsgOVoLfkZ^+PSS%`0ko&5#gCZWEEwY_8Ey}W>NO+(Y*47YXaJktIEM6mz( z#7!Pl4VH}e-9gXSGxnf9=S)52 z_GskphTuxkIp<}17#dDYKQm{DR6wr9^7D9pzWu$BmK4-C_2Fia{{v~mMK7BV7Kx)^c}39e@-!_``cxwD zn0+aTzSN5_5j?IJJZp`NBDR-XHTjR`v7s@B32iLauh*ZzrbP_r;s*$HgSpak-B9Pg z;75klyT%bY7wtVIF)+^YFzj6`(VeO9SN!_cMa#gVyXIO(anS=-Ug(OefvFT@7TS5~ zRll^5bj%+UCj$l~HHw-O&m6A5a%>Iz#!H62lgkD<91!wk9O>15B>hYYL{~P`FEg7OMd3erp zUXZS61Etz3(lRX%I&$_|7o~PQhsSqLqq1rer4I3eA`ZI}?n>hLx^T|aI>;K1dy_tE z_aB~=`xEyyLy=}Hn&e@FpS;CR_D`DEqDZyODh&Oq%< ziLOs!eAQyUzT__a!O8v7K;OyeQ~W?5MUi04PECy3v6@~)~Isp0+Yu-+AZR(ws(UvdmUXb)_&l^L(x$YvaisO zK?9*7(336K&G`Q53U^}C41KfVNybU&f(59v*lhN0I!ub@@0$PUpP~3=#HTRke!k2B z!eFWUZd`4t>3bT&+my_Kov%*Oyg~rw9xqV>p@fn$_i3b9k^oiWxjcr|O1eIg|5T6J zo-7(xbRi(lj~igL^SJm)md$oT6h30`8OPXnBc}vVf|q!vxb?ADxlU{DZ25c9b>I*% z*%CO8gR}!mQO=_+0%g^;V&bFP*+CS#vZkzXP4~-KJY)(lSCv-btFH&X{nuANI6k%% zUBu#g8mU#wSX9|eOB37Q3*eM)dD$%JMm$7FYpv~BZ(!2N`OAI_ogd9YJFYi9r*D1~ zc|qj|rY333h8kE-R5H9>xw}&T4Ol;<~0gX{= zFj1$1!IcV{N5)ix?0W6*&@Uz~6p2gEEF~EZliaj{*>PmW6Aj1Or#>`f(-FMM;2YrG zr|sg4F&x)~Vh$&@Y?dAM$-5J6l}^>O!9`bZOEqQS#n;$19eC!{+(IMdXCgmf@L8MR z6ZlAM7V!YpGB!GfBs!bb>m>!=W>+o}IVHfwGF)0oA9!EV0BOtS7_j^F zw6H?aS)K^-+srAL`hx_yU+bXd<6AvV{>MROGjELYwObs|pe@BGGj?>T4<+Zo-2_)g zi1Y+#m*j*L2{?x^*q>Oy?WV8$rwi4*Ka-(LSMG1oJ5lr!Rkn|xaR+m)L;rAE+jKmv0?gj=f4k)AZyGD<2hg(;zkO0ZHHTcCo8;8+7LP=E#m2$B=J6} z*}iCjh`IyTZ+xC*(-ZO#n@!~8^ z^3-kpIO4Ou6{AC*^{Byh-w(@tsA4q~spq(2b zCH6C*LS$(0?2HaB4vOQQj*$c-I2E?GcaCdDTkr|+8T8b)+!LTU7plk8rn#&}VmJorG;fMJ7B-?XY3xAv16xJu4G9n&IY z|K@Ki^bRB!PjX7wLvd1#5o<%A4{t=B%`V!GdM=A?y-0|#heeus%LdyT?o@N-3VA-R z$^@_M$9N%ZRyp%!Sf}6>J2+(D#3#$Dcr>uk&tZ!JusFfQ#Hp?r`Me*He&ptiS6a5k`+ir)4XB0J&1`;D zRNE8v((A6x>#h%zGg%?f5NJM{i{POarBh@w)d);eXR|-QI@9}p|1_yzvK|-VHD&sP z{^d*lnM$GU6$V?bS&8EQrL3M0SPb9tTt6ejnxdl)O_nxOmTl#p!q*wItC#gMrzl|- z6fl;dYiOZfs6C%&ML~D62I{E4S^(VJa77U;kkejRb*va63@nSqMT9?3Bp%6lfsW0> zv*?4=;WZ=Qq270Qq$|C)zEo5Wl}_R1-bxi$ZX30;ahO=*Z0?0b4W?wyTv(LDUjL=6 zUfz_4KHv{(3@S?HE89yX7d2JVGCin01X=VE`&3V&zOpg3J-kFIqE%LM5Ak40u-f(u z=v$(vs53#7N1hy;N-m zZP^iry=@#?I(Ha`#kXHhM+$=s0PPy+^zuPcF4b_Ht)ge^Ws6MObRRmj%R`lx5>_Lj zQ*~^EpxkeR(x4ZCB>jOu80dby;`ZYxO_3)?;29z+$%NJ|jH$LEvD$*<*8s8&9IgU% zi&qYjhoDwlE@={D8W6k!?D*(F&C1D|y9n&h4W`V!T_VEu5OJK>R|oT*nBeZxga-sy&tReW_E3>|a-770=6^1BtfU&*{-hJT6X4~{ghQ0tLzv8zw zvFua9xnHumkF(}Gz`La0<{z@C0?pngKT9^71d7O(QlDezQH#=lPl*c0MrU(2>0Gjq zpeLE>)Rq7!C9vl%_2-CSpV}7K%miiLK#ig&wZJQWf9#;Ga63F-au{^)LWSmmEe799 zc-CJTuqb)RA1FN2ru~OwM(DXhA`d3qfF?oQ1WR*hbA6Ev=t&sj{v~WXf7;C4;JwK6 zmxo&kpDOtM(Iv|8H=H9c1HBL^Pc~XD*>XP6peFQ8Y0}`b;(JH*TsL5?N@qpnu}}_dAScn}LkZ(P4-^Y6`}tM~rC&SX z9rG*xg`($%p-%36k=c%ts~qb(#FXHYREE6&YFWL%n1psk4Y$Foy@-2QNNTUoD_IJ70#hf^&>yIzhrcY$Q)N2E zXQoM*e;%W8RIqrMUMirz&%Vq1l&vn6@V;LW-9Az}JLhA=Kpkxqw{AGdUxUWiW_o)h z2d%OUHqPqYNASvfCA*4y9)QLlg)7PizI}=2L?+6f_x(q!#MHZ2Nt^)V zpSkjYDxoe;+~K5d&}GE>QW{KHhaF9v7CZU3{Qc%1Hw|zv@VgFEMB6`W%|VbR^*N~v z&OIsotn3=t&z4$Jj1XR~hVX#WrC*W!(~sW}48npa!;CU>D6ao99s!D+xq{^6wi@Ij z!D!4mXpKcl2TQvfqV_Hsc-d3bdl5l8$5E?=4_C=1uQc9C-lK;I)|ifbMl_n-)KKqt zDp}CCQ!fGb!?8or0dG-Qmij;q||czCsy&n zgjU`S>WIlWKH-qh4%F2HkF19W0nTyuZTt*EAMxwpqWmnmjj76%E!aVqlpX7oFzCWX zS*F(-V4f!mw3i5ACq><1*|E&hwrCa!AMU?H1!eB`4={pLc1!ef^ixY<(N5<;bL!xHo1@psbG^pRTCpNwioqQja< z7D~k3L3X-fJ^-fe#U*hohI%=C8UDI5`_;*FMnc4AuF>>J#mA z%#IsR-WG<^*oO{DynA!0g5pkFNjv>njq_7A@42NabmlUtBeY9U;r zlu0g5;&YU}c%0@5Wlw};nS(tCniMjVTe4=T0+ox1wl~F@Ck&_Jo@{;^kq5-T01lb# zxUQqkdjSgN-wP67chR5;EIRuSQu%tJUrGr{V5I-8pQJ;OYHSx_tUQXd*C2C+E8;M= zQ;RQ1%9q9cE#>jwyQ>}GQ@7(5}=IxfcG(>qtRZ7FQW#ECca!pXd>BX^Q3`Hclml(ve^JA%uuR@ZxQwK4V$i z(yTPe=xOVTL3VB6SY~1BpNa|ELW9?V?!R!)2WcCm979^(BOd3*0()f(w6D2?8To?n zD)7oIbFx<8v7W+-qgSsodRs>Zx+2ktjzC%ox8%T^9UmcQxW4^#LyXtamt2Oq9Xx0B zc8uOO3YRGpd$BQv@FACDX9S$_&y#vcgCF|RN+ltKAcIF8%pyHnUUr*&xidl+H>}(u z_pr(1cakv82%zDzCASTKvVxH*K&q8BHg=3%6rkzgZ z*H*{!6!VO?6Z^Y$_SK8M1qU=n6}2#jTEvrk;qv^izA-V1ngBueA;=813x&;?klE%M zc{#z5r!a|V*N42qSzy~aH~W@pKq6|@1(Xj-HzJLgM4JcrB_8wL6T%2#S2S@D1yt&# z9SfcZ22uubVqIYmeBMEWH)FtN@8k4Et)v$-p`-l-P_m8$7%>#8HWxqoI{Z#3-Zb5{z#@@E+o{ypCDTzSSUW; zlNDGazxxNmA-)VF&6cpKYmm(UIa^~v9gmAHIt^hd01^C3`W=D)+-A4xU!A?@Dc=#` zRI9ZT_V5E;=HZcK?s4N#NEAD?IT?HK+ac;mqa2Z&=5^ujs0KD#8*IPy?A3)X3>O7c<_AKg1$iSZ=Ivw zFAw@&oXuE>p}q@j>2zFJgq&21xhyvH!ojw2%dbpcA{+vGAJ%>`9Ju+%`Jm4x;2c8r zwcs!A2nD}xO-264`sQvtPw4JC3IqVp2`@H^`;w!Evni;-+$M}wL^smse^mt1ju@0= z8Q1_er7UC`wmWlKKb{l{%txKdTiic`K{+l|UP!-_wu-zXKkj1R&q^Ovn2Yq=!t#7H zz)ns#_Fr^h z3_d42(cb!|-?Daimse%p`a#O-3#Qm7kB45|CAka|tdPlP!d_|cGlhV1G|dsCETOb2 z$;bbpLzT&YU(i?pRNy6B5tke6ukB%C4l07^m+Ko#G5HJF3TA?*iUx;f?e$9Z1{F&@ z=0*lUV^O(c&UJxzE6uvx?G0WM`|{<6HPr*o10kQLi_3+)5A|U)CHD2~(-k%vTsklH zN+-UtutX&#M-kHveQR{I`8RFj0o(X)Jv*eMi~Dr+Sofch`=&LQ@kInNm9bTcS(v_nlNH6jgnQkwPs)$B5lcf4!hQr`}Ftz=Nw~)I5(i zl8bFciJotEAurZeCqbs67lH#e8eqPX=@eTdn<;W0QEtPEeD8#NlaA|&yCRj*7I$Dv zGv8gu2zc6NWJE`WiA&T$Kd$BN-~=P+j2Oi+hz>>N1)!ZnL(kfo6|Kbvj!_Pize3Y_ z^ggWmohi1SYD2-7J3PM58WgS8<#3p5w~j>vYNqXtah4V4QH5Voxi8+ zQz;sAeNZhyCJGovoNdC=lnySfg_GUn3ciUueXP_-K8gHO^TiH6bET7BO@}rT)Q^0U zFY-#|C_2Z0?4CAK65$|V`NNo2hbiYHnC@9NaMEyUhBU4l)X!|u5`YD261K~WE+$r; zRpGsQX-?cYHTt^fS+!188M|e|O20&xKn!R+E5ZlRiylazx4BF&hx3@P#qp=6X~{i~ znj(_?welFQ*mF2{RBSz*T8DoyMBM~&`q1n`d}?3k|A+hE*X*yjOuqTczE*GlVJUvV z@F?a~OQV$kC^1nD!5fcuG7Q(!&s5?w;lzidHqb*J(F(&}-u{eBn3c9#9Mzw>zk>=r zK5N7o!LHEol5xsn&%NG^-Q$0r+bJrLRLZQ@tc+}~6A~v5D0=0+Zkd)DjX3Uz2Bz|H z)UfJJCt>l2#zPMUi02OMbg*3T0+a-NQuJBW7QKM&1Et^LKWag|8oaGFTjM&X zR%>hP5%D$R6cF;tU}Jr!bz^%(B2`?$)`dWTZ+YTAa29u?~!=<1fJ z+uWalP~|dz_pbRB3c+CZ=X{+xY3DsplHeQe8*8&^Y7QZ#QzB#n84VVDxdu0S;MPRI(bnJws9>Lt7T zIo`8EJsO+zT~R@WQJG!u0~o2o7^foG3sIbBT0rNVZ=sj6k_G%mDC`#-1P2ZeBz}on zEN(p%S{r0q+uGXCZTg5*;Grm)&_Opl3p7yZi$Nc0sRg&k7!$2|dYKP+GKc); zmo*vhogyyymBPWYsXl~j2Iw=rEs&$_R0F`sQ0-mmrlRCZ&}1bUX^38U!s@}U4Rgbf zA7l}izu(H5mI*{=qr6t?OQ$3dhb79i+u>%I*lYr4qDcb`+q`CynzJWb@Sa7MNr|3G}7rJ~9Z>DIs~0Ci4{_?G*sb3#hb|C4qv zW?(~`-O=?tLx+F??c@t1+cCh4>dxC{-5M>%Ew0bIJ3DITa{k&^%>2u(l78PZEd%kZ zqBkyo6eXrxCCL&z@W^rZMiYZKvMyA%mSla_2)8U5TemElxsmiPuxJb;i{)VQ;)V4@ zI2pg8!B2A*JBW81!|cW*8tDZ!bFJ#JZ?YzQomDlz*Ao^VhJP{lia2eAMP3dMLNuss z0dl_Rm8=a3y}Up;Z91r|<9b@pc?e>munr@rl4I) zB(HTI*4@sMAg@5NOfN~nBUP(oNdYoH-0TZ!JXsaz827^yr1Q~O=olevy>7^eYagk{ zK<&UP$w2A0?2yG+LOuwOMtnfm7)wP){<<~cV!>q&Sd~=SZC*fHnAjn^b?Z7n`m5|( z#yB{r-$p2~@6O`{fadM=|IQuFuxxG~crQw`r#x&K&B$E_nb%NH=VdOsDB2mV>4>_} zZpvM)8< zY9dX{`2$xs7rN~BxB$f8c^xYgE^@aTREBzioYvsiV2Kaa!a^PhmpLx)fX!d}tOe9C z#Aong)Jjv-DS3v^f&)s@`?ym}G%|++5WWX~Bf}oQFE~^U43vG*XSipOKawWf z#itxYbB1PI*+wP3S{x`auL*ahU=)Zx4PWS^Os=3+6sl#yHAR`2{*&%+saDd5YE18; z=oe~mPn+;;K64pR{T#FoO({|ywSxq+XVi|^Et78TEZ0w@vIsC+dXC%rp(4RHtWCC3 zG?if6KiM4Oza^l4!t5j+u)?vhi*{k6Tf0xWc_~kc7Q5dIPGD>@J6@>h9I8fDv>P1& zXNL^mL26M`Ny5}rY>TAlWmZk4>Tt6x$XX$;4}Fwnp2Nw0UUAIpn= z#PFY=U6Da?I#;flxQL#f;li||3)d}Gw-xw^yw&a}{;Y)AH09iYZ&t`EoA5#xj@ZRsG&r zzx=20FDwT>l81Pbd%40p`QeL|g3lCm%f2wS?uU8q^li1P^+plDhyIKp^Onoht_f9W zl(8iwVStsye;3el9wemV3k!97l_>(YebUoTBnyjlHjfS^7|oTnY6`r$X&w=$Q!LZ| z&g^|OKgYJ@D6oIeaT~jRSyWlw_S*mBvrg?pi(6XwJAUsMFWk$M#1rb%J6ttTL;4z_ zFixvN0q+5uAJhkdOrD4xxNpx-zO zigpWh>WOqBaDLR|!rb(_294VM!f$FTc^eJL?RmYuYvKwXMBk;SzcMsn3c6PFyZyIk zBWWOmK<=7cSnYo>v%i=uO8N~GRKaK_Km@*aur@l(rw; zOF;yRBQ!LWcH_CPCf1`T#MgW^xHmtxM>7S}fRfa_d3l0Q{)q2T(y;DX#bsRaw-GIM zYl7b!*?6qpQx7+k&*=K%B_$>x?(7ayOFniizu@n78>$`eRRbn(jaegWDx$quHl+E}HLb0cqgml1TkO2FJ6EPm;g-W1*k5EUYJk9dkS;|!c z|Kh$9Ee-j9G1YI{@X&It)Ruu~=;;fKf=^G%V|Q3)l@+@fxnF$~wJG}L=T^=VL)CPYs06fqGb6ugXM7B>1kQSX{GYY6O` zl-54_00=I|4iy(9Jo`;JAzWRE2;@EZGdlVn?Lb4}Jy3o7N;CNDL^pZ3CNHzCthz0D zThXJ*DXP{5yMnZroJhcwDIq4(<8J|D<57JrQC85{zl4lm6#p{CKZiukt?N28i1QF? z(40HUp7e#JY=4~mC>%BO%VLY2E5lelQLe3i{uMvJ%8@*L7AivJ{21zsCED6Rh8P}F zTaa=q7sp+3UTVs;Kpv8hB{DF3?vAH{Edt*k+?@o3<_5U9mh`Kwjcc||?5`Cj1Apm1 zM2gda8n+ttXg7j(RYwFanmP7sa1C}hupQ13l0uGu2(pt(9_rUEa2dvye;G*WSM#A= zLU&MiYoQ~%8dA5uBfqO+$=^Gw4%0QVwOi_OE!BOuPUqox#x1rW8tdE`*TP$UvQW{Q z_?I3*dd>ATfD|2yd7!2UTK^NX)5ceMbRE<;{2-0rS-15QU6X>?q73@e2^RXXs0F`zcp_;vFmi47C0TlF~aS%C1krS(Td^+4bYt8tnk3E zCU8e=z&A?RI$e%ZQ%8eRCG{G^GupBRCgX^UHu_)vqkfl178ZPZ?AkLy-&*UePM2HT zg5DZ;47Px8z_5ZQuE7LOekJtGP&6p_$*^(KS=U_`oog2gE`2b$@nU5m+r;AgSAdpl z`wo@gdV$JEq980`_Q4U~W44thXZrZ^ORuFYz(D-qas8H{a<6Yq04hE2zA>4m&l2X?am@^pk1TekDxw)ayHO&PgkXtB-1^a8wHVc89OAN!aj zor;$|M%Q*WrgeoeE&YoXwb{2Xf<~lullEg z_?x3XH6^PoT;Ysa>V2LWEc6`(3U8VQl-sJ5n~Lrrf<);7O3ApGh^HD#kF!SER7=Bi zU_Q3N#eaRyCy)d=&7avVf^S5{=z_J?!G8uU0dH%seOo#%Y=OtxMtW`E-FUyboNz?9 z+^zA{bnsOQ1{`Kpn+ZBY!5JXv_6? zMK}veI92ZO_c?Wvu_%9<_?;nyGa6BzcI|<%kN}ZACGRcPJaD>4%qUb89e#Q?+2qY5 zUm!n{e`?C4*KF>LXhT(;zRya*XR#{e{|TWDF&9bdB?zFoex_vg`48P3Tf3KVThDF@&V@WSM>>7$>v{h!g}WyO>SSr1obK3Vg)v>(y{zpREnW?t8>dof$K>iL~% zmR}v8FiJHX$c&rByki48&O_3DoKu4@y%$J@h z=7>hcsOty*mDYxan1V27ocuuyg6tL(*=!T>^n6=j{uEmJg;4^UT0#p+ml+(svX=2w4jHd4BsV{Ph&}*{ayxp?0*XrS^MIp}Ktbk)#ORBT zx=&3nZ-IMaic#+&Dk)&W zZ{xVVil6*zebWs?E?XO>Dt&_y0($w{av@})==ENgJ^;n70Sp6M5=Upr>~2)F#GgC% zoNA@FgR3>1nYm(2gVW>Ch$Zm(#AD_=Xtu0lQ{eRm$K_BjS`oYFi2yG>{{oY&*6(tw zx9;CAjOOsI71+&3sLcbJZpi}Q!L8=kaRJwcUB%%CW^D{HdZ9TzNkW0>dI`i%`U#n` z=!AD&4wkJR57$BuCl@|(Clvd8=hTUV4|Uw5 zG3B5z%@mMxe!YW%9*6JuZswjRUwK^ZG|XuAtatKic~uuf4LpW>-y53oh_4_FCF`!p z95_1;&d_B9VBC`Qns-{&Eyv{dk4NLW;D_`yfQ1p<^?w65Io-Qh2aAnyMcTg~l2LPy zDg9yz-!8G;&vadg^Gxsug-ukmKCYW?YZyAH-!~l#rb#Fn1U)!}1h!e{6(!-asOj85 z?|P3`p}wEVgE&~e2X{Ya@e>en?bC%N)Y}cmx;|B#t6nLA+wZAT1s~iJPwlpd)h2h& z1?#KQlkIyJZ%Ie2q`RFdBcA+E_JIF261O&iZNbqtqb@zC^aB4b1a(tGjvD%VvtLw9 z8f?UH{%@~skeM`|UevaMVYNKXP0h7PS;Dy0hOqVclBZ;$T(-n2I^3OeiPKC$m+*mN z^~({X5J0$D4z{i+*>ohRi^U`MP1G?l2p@vkGKf>X9nY=!`54g>F8TxU15b&MMvIb= zq!q8sR{i#55j6fS*OF%pW;%lIm#m^=GUw~PmqUtoYH_C=#=X}p2omc7wOa&y{p_wm<#tBKCP z&I-)~LeO1YsMfNFwV9giytKfY&|JcA`6rC6N z;f@p_<@KXZ>wb5@f-WS-GOaGJMr5(Uzu%-w(ckLAjvUc^MTcFRL#FnMkH*I)gd zCOZjX^~X32W-a?Tt5@fd)%7G8jcn*Ut`J#OQOnKDM*?vhj;u;#MlYVKJrM#;5pe01 z;t(m@h!DqVS~mw)VZSVVJj4G6)e@13-TJN3L0##1!?0Xk3F+N@_s?!;QuJhpAdXpvx z=98r>{ar7~N2A_gUh@i|u3P@!#v`4!P(jd++|bgKNyJxrRGK{8gp9>kAL9( zXI%f~J72l|bXDzXdCTK~?^Pcf>B9HeF>{t!K_ioojIUL)Gr>Jwz;P&WLW* zQQh*^#_GU*B&IE0g7CWXli$03?u>VX3`9l_8tqNEpXntghX<6m8yyz<9w9mJZ!(~| zKAryFCGJJaZL?ue*g}nk;rKvTd>P~m_xW#th3|Q1M|kxVq%m! zPL%80D3NazBVobl!nfh54?wHBs@IFxUc7_2C?U777G%X+^3sA^g9i}TwPg55QQOD- zW=*>DRVI~yHa52(WOfQXpY#7$3t;(;;p%U(&9I76+0M#iD?<*}Iz>Al}w~je-R#B$D!GHt5%NUqoQyRu^MN>J6 zmXKx3(r7b~Y@pUgz`T;>YVXw~_R@ziWnqNdXm)sRs4wDT@Brn4`!QDq{dI%ITWKhg z`ZndM1Z&AmL9~P471bD6Ztpr%&+^CYdwP6SP4_frZ)`jB9}|@7O<^d}*>$e6l|*-V z)-p82C05#d$y^Sx2zD($3b%ZIf5+IoF}VJ1vD#R8Z#}<#!@~>A=a2V9JKA6h=1e01qy+Po!DZNZBRn0{Qw37-5JZ* zO7fC59(WgpGH&|Rsb6VYstQB@+k>br_6PBE{V*$gEY^XHR_mfV$q2b>F$Ttd(eimW zyJauo7Q_1&S1?9!XqVg{I#C?VZh-3|RnNyg;xyCCJR_0bHrRy#>iZ?PeFMw%_0v2HBC5sk(;|8_ELe2 zwLCL?**beP_;1v9qbwXa0J73w4z|dfC_=ry7S&G88cin>5;y7egrnnJl}EW&q}o!S zH>yblnfbsEMlUDcD3mMUTl~&eMWv1ZX_dSjpT)mi|Iu@K;^FjSViep+eBX@I(yQwI z;iv!Q1XY&t#Sn-Um;Q^&eXdpI2FGas`$yq{{kPGojd~LqLVrFu8dGhZk_Ey3S;ma2 z7{B`sc4JRP7pGt+^ zcX?`AWP;e$)ri$$?+6aVwt z6rTTW#E2SWKj6iCdTHbY0O<{kUKCt^&4I2foK{>r53BbVSM z+@d$7>CqXsEeFy%yDJNawlveSS9xShTaK$pIk9JhqlN%%=vg)2V$XB`u!iOan|ait zvT}-h>OACgD)pND{9dB6Rnz}3T5b38eq1uh7?sV*_P=fYufw#{e`loji9(4}Va=fg zLC|oXyJ=TP1l66$(0dUY3uIdSsXcZ1Z}tvtF)xlS1~{ ztaubq@UKjRitpa{`evk9qxG~-^un8>COaL?}|9+VfYiwYVg~c?ie%|JgJ^vSU|%m;QBt! zPJLPK2S`?Hs1gGQt*vyKUh>1EE<)AgnhP_~b2;L}NS3Zll|c}H-18pwoN6XvU9qujE^q#>44q7?Hke)<}C-<$ISxvpq)yHBRTyRL0Te+_2 zn5|s7ijU+&ym{MM<}}803BoBt4dh&oaem%~{DNo8=V}0_N(j&U#fD{fhS(Z7Vx0lu zd{*$E;SLH3(g0u%oymKFV*-3!6S7xX`FjnA?%WHu+6%zv3EYQwq-r>D!N7FtyfYLn z>`dZa1AGEQn^UufY=U&_3YC=;ImJl0m`?UclOp+D7_AyL20oh5R3%RGF!MO@S{D^k zv43}W?405wQIMjsDU@7_5i+J5)i?xpElE@#2g1lM%N#-c#PqWZ`o-v_%3y4(KbSOl z?dV~|@{g3JvLlGHf(7X}rHuO4W!a1_s(oSV>dL4GRqLeO6c&P5MN=WnPNM9Mcb$fW za@=c&-_QHXXPtHY4vIWa#P#WR>L(Vm{QX9FN~puxG4fYAzOMq5Xi z7ohJj$$Z_C0p!N?5-A7vPso;^%w!01WpO7tv40I`3AC&{O7BVxW&? z<{W2ir=@bND4qdZ`VZ;$vtj7R4II~J{MmAA)XS*dj|ji6lr%)oeH3-!ee#r?jzY6-`^GXH1If1`9;hjRaIPH_g>q>u7uunv38EERhvl9>EG z2YVB1?9&F()A7E#@v>(EMeNb^!NA34a$YQ-@sIj!CH5)gPv|I>=_pSJDfiQ;2eL7o z>K@@#1nD5XL$x? zDKhTYF_-=|S3AGO7>i$1iJcD|#)h%i2ErT;K}>yYPNAkuj+SH4== zY`x&>q%lsAvNinuDlbspAn+c4-pP`RX+)T6>*p!{uS~knf(CQWGk32pwAZSBLNZ^H zZecW64U8Sr#d>wbzE<|UbHoO{0l2>L^`gYVzF1SA#xX+WumC<8tfl474Gw*6W+?f! zEb;aJdRv#3UdT5Bu?9R#f6rscqm+5LG-30{BKRU0#uaIyYg4oX3%t z;V2#+9ADLIuG&$h^>Q?m4;*kBWTfc(apq#sr$5+Kgf_8PlLACKU=F{y|A$ZCKDV96)xnFgaf6^TXaAf$A%o0BpO z3mqqpP77*$g%g2FY9+tcj-ZklW4v~q1f@TVej1duw9USc-u#KSI%#q?be}|bkth{` zX6(;A-R8tRJ+Q~VQVrmd3@}D{o08y{i9?Q#mIVlGm54f=CG**Bu^h07e|KA4nJ|yp z0I)KpC-08g?7Gvs(VdCFtUgBDMwJE&-#9X&WPHw@+XkW50Km}p9 z*p_KGu!mwB(y~q@%^@%)Ovxe53gRyLQm-2-At4iK9sh*gygEi-Ef+`duz4->@n+%cMw%_HSiSIk^s}ra+N9AI zfR!~~L}q`mf$?WyaB>Ex4mo`SxG!~;*KEErnC6|vdXl{_?UTyA<<_|Egyz+Z3<=Ri z+ryR~QC(5TMGE>I09&-jl?N}GtsLWk0M9-tlaPKF4a}wwkok5%`@0llK+Gp?J!Gs} z8WRWP1@*P0Az#rlg$L06wj z*$n=3HFMb^>6yfs^G1p`w$Cqg<5wKYvst_RvwsR=Pf%%u>#E%rQ$qmQXPA2anDh-T zrU;8=$YK(xfPRXkUj=clLMh&*piLS0%Qu zYWKwL$*%-LVSZ>yvA`=zyAOS#0blrlaKU(9CM!WQQRfB( z4@|FwzG7dBDqWR7h-BOdgjz`XEh|I?1n0{=M9p_$pr1IQ7+5lR4f!ao+il&a3h9{# ztDBQQlqkYq*Go-H7E$mt1nSx66VeM6xkfYwu+?d*se&*0q-Ey^i0i*Snom6Q^OcD6 zjCQjPm23)Xf9pY={sNF-Gr}U^RLeG}Zu;&cU}SJE&QKv*s<~M9cCF#^)~*R3rt358 z+AqxOqBtEfo4QDw&32IkmKgTmDA2e;aAoDK4f<@9HN? zdQWbtmo{*+Z*3Kp!tV_y9vfa#VM-# zbVrsyrAjR_d6`sn@Rc||t-)r}5M6PSSXyrt9-Pp<#AS3Gd2Caknpw&PyP6qM&9**t z$P08{ez+p8SAoe`h{omFAs+nzoJI*80GzxaEwjsK5w*w-8FQHHa#NzkJ;|0?)ZH`xKtpQk3XD}u)W{=r>L zH6EA8T%^rlOc{c0LY2K(M!s!AzZt&+maxLdF=}6KFG-ZEkl-QG{{`)zYy=0Y|(SU z&%Z&hp0jF4+=6B&z)Zw3MW2NDf>2UcU!!YSwkV;1X6sN1(QBj3BSJ~{3)Q=TPg87N z_dilf0*cc0^YFq896?F5QCkz7deRlSzm-qTknhm;hmF}5`p>V8n%%cl3@$f{l4A_~ zKdPCDok1NWtbc25PX0blA(WsglOBZq=cYm%RO1(FjmSZ6`?W5#ZD)&V9bX3Z^{O36 zxfbh{HXH4J^-F~(GCg~H@&2@`(SMw>6dVT8DKTzu@ZWQfBEXqI*U(Pimd}<#uCx!D zSGputky<~l#wKmKfA$~$z!7=ALui-7R8GkUb+|+{2M=QV-L+?+4URUj>0>vI05JsQ z)8fjpp`*?9zt!D5MdaIsR> zriCHE;2mscOQWjSXVzzy2uz922YIWZMC0}>4!TTha5E_7=Sd+6N5n$j7N(ioXFmJr zf*87SNW}j4Tx8TP!=cwfR!1YEHVO;PwsQY&Iw=Yngoz|)~`<1_3| zR)&r4Am&)Bj{UzEIid|&8cUJ{*Oaw_TGziRqDrUgFOF_{$BlyiU|e?HBfLJm9%e2^ zL2IlEXy59lm8y%5|Uu-BJUoi{{Ia{b<+3W8_D ze6RS&r@7e|EA-NYtBsUS&ga(uq6E|~*h?*REj-{BrSmEIS}pIo2BQ)_WQPjH)!k+A z7)hCCox^(V=WUZSGvhxcJIe~}G)gzP?~|?OG%EH)VI;xwoZ0kxXwo^BQ+ax!YX6OG z(X|M*8qzgAr&{GYMcCzSKF|0+(?#m9pJ=I+4Z3tzqSAcxT`6$k3GS_(5U>&jhF#q@ z&!ycjA?Yo^I{0(rr=>?dRMegP932eI6pK(nVZr5tOpUK*ELs5pgQN+V3xj1~6k_mJ zcx68E4Ib6KMguacKqD^j32@*`eige4jW(xX?w=22*?j#2q6@l7vocycrTEE0OQivw z1CGQbzhujmLw|7o_YgMzO9>~c##SE$^{kI-$dLA`6_T_>nnanCTU_s4l!ky z273WzsHc~`PXQ0xK_V(W(0}g?8vUEUh(6GZ-KNrMHQIWOkN-*|+R(tm` zUi9284Z6pO0)vD#dLH(a?H4Q19dv%lU3U}N{EpL3Y1L@YoBe8G1kDQaiT!M$m|B_8 zKFgy}Iq1(!CTndkGF>H$|6?4c{H{iX)svev%$s4HDp{_#TS^<%3}nZ9)Vd0^X@ziS`u>ozD*<$rm|VB4k=YLVWWNWsoD zjL767f9R_eL-g+@3o-LG48q-c*Ib#Oo*9)0B!FwAy9{gvb;b54XQnaeHJ!1sn)mkO zJ$n;l*HBn^p{(?JtV%;uUB?vY)l~)NH#Hk2c;Dc+`r6=bcvS1GDkjludA*kl<^-T@ z{<4bOoObdAyJ>EI-e$AI%VQ9~75DzxMp(*EPtU&oSiz}*snm)e5xyrSN0arVG!fw% zPTQl*DEos&vC!w%qK<$#AWe9C=`K0igia`R4IC3`$E!|gdtK6S5Q1r_&?Y*%;Q?=SHZ=MXG<6xjZfLL9#uZA#1$Nse)5DDeK?}BrgHEX8V z8jph4nvqVSK~1}qLX(p{u1xbgx6itVUrkQ%J|r#Nxs(jb&nYIHsC)8lU2E`Q!w#6+ zttB*nQWd>Y!QoLJbR|R*!U-Rk81cx4WD|SyL1ntpxTkuA1mdch3*`oi6V~g(;y-oH zYeYTDNz|ttG<^q%PUyppl$toQDT5v0ahyp0Ucm-<_U zaf1;vf-Y@ptc`m%d&(h%atdAAb5{lL3-Y&v^4*@f2LHr`q$Px+WS=AP^khf=^#dk_ z;FMx}gaQQPpk(zqyO6<_0Nzm3KRmG@fTKE@qLPb(LDg07=h>(KrJ-!bb}Tx0C_V;F z9F$*+*=}wGKdNfgN(W`~S*4Evf_+(?$&E^#Z>FG`*S!`9f4}2h)`LMp*d*v5EaS_m z?-=(Pc(u`PQiDQJpbmcX^_LjG1)P~u%f=i}7uWWKy_*td zyy&0mswkCAeuH4pFYuzMA)UbYKT~;3W}w?@&a7UIX~|lVSSntJaQ2tv+^Nf^LCSIo zbVYJ;WL()N6j>US_k)Dj380Nge&K!D6|FhK(ym~jLlYc7pi;aADlR4X$y zQgd7-3!t$591`$yz~l?$)8Pz}cLJnJORMpInE$31l^94T7pAQDbEMf;q{KxD+x7(1&^1`hg7p^`0u>5esrHY|yq#eORJ z!akPzvswO&9c3pa2sn&-54xWK?SMXr>f|v(DxduAd?@l}lRzpqV`N6jV6~rxtiFnAR;N!U5 z)-O0N6xdNWAZqNt8dcUx>}8f?{Np<+^%E4>_|TMxy1Gw@v#?U_RNe+qFxweo(8m)h zkg1W5eE;!sS3!0#lpC?zITZBS5Lb0Xw&Krcmb;Afg2R52a5qWS%yA;!KK5^JLx8?w zBD9W0eM<7~`_Se$AW|6DY5s|f{}6z7sN5tlEBgwbe{g8^>j<$P{UzEGPCXJMfHVXB z<)Y-b7PZ}PPHCJGr{&;yS&Wj$v_81p^|;@>A2;zqWbgf}d1}z=T^$>t>B2-ndh88% zpBM!M|DbD)U>#%sBOX2WB)xpN{_kJ2}ozp76-}x1*CQ4AK!pR+*VI&B0^(0fmo}VD4 zj6=`#mSZ(G#pI&nMhfcjJHx{*D*RxKJ4*gxdCuf9CI*?1@v>6?UoxDi_Ac_N72DM1 zRc}Pa7f0S(SJ`i~>0^6>-GsAavfl+wY#&Ds__Uebi#ck2D!sKj1@A}?N@hQ*n@xIq zY5QF3HhfKWUXptY*fdGU_a)SMCIYbuPx)%6p5~P@s$AkA6en*w%Yv)YP{RA-rt|ke zQVqdDFC{+Zlc4PU+F<;j#YPwv8ANgh{@3N?^j3$(Gh%l6(=8RD;|LqE^ByXkP6+DZ zlfiS$-diRI0>f0$^y%l7vVt!&ZxMk3(W@`Q2LW2m zgX>b*T-sl{h}-x7F-@eA-YM|%IxMJi1H&;`o8bHcCIZ;sW}F8;^tex^6fB6DM{@BX z|L|FT4-R2U#PnM+5XJV92_R@niiWz?8ybEi=n{HAm^7@j5-UhWVfWoqhz-3dA792o z5~XJc|M~zg^$bZ^^E0f!0Xb!?>H_fDjek9lc=a>-vQ`u5*Vv#>Wixi|C_Oc+cN zY{cxVrzk$D4V*w&xv{r_*(T~N;>Zl0FJ!VFZzxGN;Wu(vtYHA5*72`@iG^Y_9=1ky8Gw~|3_OaR02A1 zCiFviK+BSfW4XpKMw~>!#ii%Kso%arLD=&Tr{6^`VF~2~C(b@*2CAbb70Ua0`h8%h zw{u-ndkdV`y>OvIM_HWK|67yua(Zu183rR}q!L|mK4pC=M_l8gqwc2*G75%eXMLWu z3hm@o0o&7H*W1&j6ef#HdfFClazAk3sX->tr-#PlxF41y=|f;C8<%Azmmsu%q$xkP zyF;CJFA|P3Ne&KT9j}=L6V2<{;o<9b zVX=K_`QFG3j6%{-RE=<%?eXvIKCIMh>4=qUa=^up@ID#MvQfcm_>3g=@k!$VL*ZqX8)A!tJPE&!f9@&-}UvXUG5vnfH08-AB6#f$eh1zfs1ebAoZozhu?K7?500-)W`!U z({xw*4Joi%=oHc?&;ml$}RW}dYF3%h&@&8{4Lm0AD@aw(0 zFDml>!qgAt@!MGYIx6{`o`k?rwGoQblXBG|LlHWi#9f4-&jSN_F&utGGR3n)&3FuP z-TBDv1Xp4{z4Scft%f#B;w`qeBrkM@O8FLZGP*uR^+zy{0A4~8SrSOSVH%}|>Uiz5 z8KyZ?7Hii|UUtGhek}c&pT3Gt{&cSq-2?T9MXXdhwl`h;Hg#Ak8_C);%Mu*q?3Ih7 zs+d`LDj1TYN44PL;jxfkrXpQq%o#AX8jERjjr(;n0*8=}Q8}G6EyL7b4*ho~ggHIj zawo&Xu$Hdjx$>7@*tH`RaZ#JhBo6pFX}3M%vDN+~)c1xA2HEiqij&9qWYmghET<2h{5m9*(oVMm$T;(y{wj7HiA{811+$+l zI>MYj(_2bd1v0GLgL1~(TclAUdZurRMq-JlKjg*!CHQgBl*g)!1{J4%Kb&+VuO0Np zLMQVgyTXDLyxJw_csKp0EdOnTLYmrI>=#t=cs6XZD2U#oq?R~Lioudr!nXLm^nk*u z^?ai>bAzip7}&-x<83ss^?)My^ecLe`BK~&9W=+hV(N3PX_K{ke|9c2MUuzon4Ze@ zNjHNNymUq~RaO(8)8!37R>6mIr`$6xI{r&arIWKt`Z^J!K60TR-y$vZ{G$g2#>|Fd z^Fb0EVaRA3mSe!F%qdzeOe6mH$0kCYWJ6GFxfOS5)))MwDg1#sxq%!#`Te*$~X zL|)}LOWdB{@H-rQ&NUbx)IgJm!^3SO*${7eVa_3%*5idN{158|{u;{Yoh?2pFMWQW zagfqT4)*)=ky7xOg1%HpnFrh&(Z5CoFooK1!)8xbw5b(^YLLeUkt0 zLckJVoN`-IB97YU-nTDbnNRIn4_Ow0oLlrY$HCq&49qhC<@Ja)Us2yA!s&86P7)H9 z_u|*frKPiO(^)zV6p{Mfmq;e2$sOjct!jc~{*444KTZ_)v|*V!7`blsG5_U6HS?z_xZ5u zwa0KR%(655ik}Kwt~=*EegGYOq82&zFu#@@2Pv~@RobeyBVms9B%q?xnAINa%R764BV8guE-_R=aBdwETU*-x)A$s;YuG8E8 zAuc;X;!co2?KES|l)mcXB~SO;`%TZNFXB~91gs4R&T7>OUuSR4otajkze_2q=%M>- z@B3|c`pa$EtrNgah)CkuW(lavaGs9s1F~_#$V3|1m#p8&(y8O8^A*jjN38zFqp2kcK24RNQ@YO{uR z*fDfnHi`xW)jfl`os7TwvxL~BkaNuk)GN^LDDI&0MgbO1jXGnf1Dl@bsPZJu4?+s{ zc;tl-XnG>0^qI=lAZQcjRr~?^y<@?P-47FJ51&$ObXczP5Q_LBBlHetKs~0Weo(Js3#sK^&S!`2u0zHY zJ)irs@b}lk{9YdRwfsF`UR zse1Q$Xx7e(jK`Fb5D58!2M>HD_3-W_dI&uUPqh(Mz0LL6mhYTjO`fi4?VctKJ0Mm^`P z>wfVenz>=0z2(~ouvK^I!{AtvA;bqquxu>JFn%gkv3Zpqn=!1V{4S|w1)XNascE~g z1bgwkE|zof-)dn8X>!uQG%YZsxE@U=J--B9Yrp=(p#s8BPnp?CHUqDO*2w2Zz9r8? z^-LB11f-qO^r-frEApPQW6)$&nPTeL$S|m`{SY*`AN>4KmZ7D5W21lEvJTGLFNK;F zT1PGnPZ>_<-FoSCu;nR-@SMZ|Fq{0_q$BMgwx8zqA+Y>N|MZs5*bK|lc$a+{PRA%1z!`Iq{V`xxKKirrbjs1JZEy6-M(P1X|JsgRJgZV${*>xJx{z3pYuTx#!D z4_6T$CVa^=<|t~P3rmnVocFE3SV@8Ob^t1hEE5<<%#>Ewo}ICF8g*;UJ%bUw!`*ic zK)6!I7OfA0c@{FzKBsnF{W8nmqqOT>yqF@v#-jqB=$XAC)B?*qg{Hq|AE{9Yeg(gS*3mypw=%7-js!}*r$ z+N<_#Ayb%hlN~SHZ?FMzB$nrmhD;7oXOBD)A`59rUS9Jftc(TrtQK|HKV=!951um0 zDbZO|2^)LAEx?7w(9*Nr;Ud476WvGbE?STfDupEIxE|avIu>}NY<9qnb7;}Fj5Dks z9g;BXa{}}EpI*%WV84fan%T{dm)61s+>)3%11S=d(%4Jd;IIE)pcn{LD8;mFfBm2w zM{TsYPbF7EBBlN%jm(D|nez-ai0V+z-bLL_WeOO% zAbLS3p$yga+U@tNrGw8qu;khg{oguDRpCiI36&erGndWf_saU$FHFb!##7gF{%2f0 z%7EQK)RkyWQbyOD{qh@8%aO&etmgNlw(n-!5~EXopm$*a{Fi04ZexS1Y*3>8=-=bv z^t%fpZc4CFKsw#O_cGqyFt2*+fFh^WCM>1U6uF4R_3$54** zen0=V#kRsVNWxY=7~jVr=lLd{*FoO*RIZQig^1ygC_~A;;P?cF6EaD-XH@OifwX0zUb(L_bP;Npx`6U;&Loe`qvo@ak&nK)# za=3g#G0{{w=QfLFEG%xvFX~4o?@=QsDaB8)Q4itiFN_(bh^GhsE{DB-(V`4|do{Xl z*6Q-N%+!z*_Vp2TDh(_fjsIO6LOFQ^k@~c@SI4|;7~~QOpBkDvlz{&($f$(~!$72W ze1V8tpD*t);{(=ce;ca(b$<=%H}r!piZn|dFsXm&J)gTNF={Ph<{%a)@-pdmXvU-9 zRj_-K5?_zrqARJTl5+LTS5NshR~zUE^fhLXmGcK(iI|pIbg1y~`M!&vlxX6u`A#pf zNTFhXQ}$(4xibMs5l*dSfc3Fa%IZH>W$^~{Jj_?O(`6{8uud-aB7|&-gp+sCj$)x@ z@e=IyUf%zN@jU*u)ons zswaO!7dm8I@Nb=gSDviYe|^tYc<1sLu46lnfMPbbH)$23Rnn<`~qo;dvp$ ze;mVeD1o*k;D7|5nfmtoT?5YteQ$oDdA%>JMr|o%9LEc2-<8$>D=X?8t0Q94T;llQ z4#lSbQ94=I?rKR)b600gL=elaV<=~?=((+2qfx}Ho+`D|*Wz*6Pg_@N(LqCqJo%!s zkTR0+?jrC#ct-N^8D4=+u^53p6mk=~^5`y}u4!77C5|&Py0t9cGzUG5Q{FKv0XT z(d`|Kbrm^%EBW{r+#$;p%~IEU@i2p)Xn=}r$0-MqhJXHp%bn&uH*`S_>UpvOjce?dY@ zOUZIT)rO!!my=j*B*kE=LP^5cHe<7aTl^OMhl6<@$mr9&fj}WOrrJoZXV@QV4|j2% zMG(%Jx%-)k-Ne%Ia&sq>@(Kn62h`?GJHEUi&@f;Zs?=%KlAeCB?^@A;BS=t`X2xis zB|aK8PDo!Sr#<`V4qewlG#Xu9V9=ht#Mi*zyPa_ zlc0K==|r6o0mFzUi=sz0VNf>^p}xD5SqR2(ARVoQH_VWM)q!`z@6pP18QorgrhT{C z8M|thaQ}+|qvAK|WG!JtwYag2f-sXW<5+LImFr|%ZisTf0PEfLD~y^QbU1e%SwQgp zX8u<=V3i@o0n)l&3w4Tf-*1X!>8yEyNEH0zg$%~G%3!@?Wn(C zj}X?nNFSe0N5LP3{fH*}S=EL(`I%kT$_kAA7DZu+)4oCATU7 za)FKqtufr>O+^EPxfZTu4+YiI+*sZoe(=l}B-^!iZ=RY9duBUdXT;ta%kuMF{uz<> z5F`lEy>&ICj~ar^heGjko=w4yAF0v`=%x(nNgTfWPn@!UnlW-#e$it&$CqRG|206JtC=a`q^LhAuWEOzglKoaafx#Mc_&iL|#e z{~V=-c_$P4<4v9#>0i?GfrRl=fr-x>9K--BGaHA*|M1n_apEl7P9Xr zq66`rWFFkJjqvO}M*T*HfJA~X+wNyVK=(_}_Y=C`A(i4?p<7$SS7!e&=hWJ>;eVql z{$t6kRMb4bUwsrG-gcmjk$tugrZjvtDlJL+X8zLhBLu5L?H3g*?`7K_1bxM`%mg~A zaaP$hqSnw8ViY>J9IBk-?t#yj0iIcetz-~lzcFe^k2Lr~O8UbPpBNi6aDrU_b>F(j zemG5|L1bJew+=@}ioZ}L((-b~K(yV@$h>SX*c`}>I?&|C`)**|gC~Oc!~1V`(xwLv zr6&e#M;wBPZ5{b|;c@nO>_!3NvGkWpo^Q0h3m9>kf5 z(}0#eg@>=kfH1_&g-%6_*E*vQZ#s9j7i(Y4Ll5R$buFM{pNP7OYMW=zE@}#7I$slNQiZL z2Ysz?^#KHN1$K&5c9$mHUNl@bm)fk#yPo0c3d?UF@_N%gd;pn$(j4h4ljZ17YmB>- zf6;ov*2kbQc`((;GgQ7~M1#a-Ccd~ItV7Y;5w?cS=01QER>v-^V!|`(&w=tb;O4rk z(M3Ho?jW91%r}K}WmenDwF5nQ#BqhXT=-F03kv}9_#r}a8+S(Wd;Q$+e=)a$k7UlR z#PRHBg^Nq1lLg+_w*OHQyU!6&xij9ZPV+Xa_h{aDNHF3(qY}VQI(jzsulx27bs>N{ z&-c{8Z!h|&$*R%(0ramts$LQUq(7bnLO#0W%)z5ag!&V>TQ|ORqjmg^Sv%F1AeNIy z5_XGs=w@5h$^Ktw0JGrh%ny?vi@##Q%#ZH;dBznlg#XQ!a&MrG>5P&Idv>@>#%@ab ze1qGNcI6U9$!W{2Et_V$st&i8h~5hb>ds%1fDmyJ@NNf?^B@;7NT+D78HvYRDz^Ysnk#pK`@NKN@6FwwgUb3h=&U6)1XE;UZza-pYY8 zmm{<7X#Z*WI8L1F>2z)O`U*D3jPtS?Eby@KK3|N85PoB=GqnoygTxddccaTQSM{}C zgtJn0sUk)ZgotJ?L`DQZ?r*}czY?xN@BXSkg6?WC-`5rzg8v3Jj{m$jRbYBgpZYud z`!}qYVGnimY~S=RqyI*mkdSJ>Vt*P&KNmw%()#tw2mgi>n@=LyPTN7-KGRd(J|an} z)rz*s-9Br%0-k@~+5MA5k>rHszO-UE=|oL$_utl1`#fiJloT_U;03_newr$9o4d3B zDMx-t<5>rNK_@tI@brbDAzKl#J05}@ZDfC2qjBWvX3rb^m>F0TS*-+0Krdc`%?mL~ z3p}%5iEn}^CY`98y#VVdQ%I-xUq*m0DpU08(fySS&->_w4{x?|#C6hZ^~)Q-K&ct- zQAVMX8kK&Q9k&%r36HPy!sq8sBv3PcD1#39@>9IK7kzcMe+}DjTRIQQL6TA3dX4Vy zHLL%9?4W#9HAMVolkeRQ>CvwMb|m%lt_CB`-2rzTIb!(OG7C1Mv7zK95XJLd2b|~i z+?$=d2R0<*;)~{!5r-Ul6|-*C1c7S}elb6Zyr4gHauQaPs-t`F_j+}iS5Z}P7n7%F zTr22)1wH`?@IB5OHUPnEcsab$AgN2xnZhVw=MIFACNDKKsmOWFB$?(mFd`;(y^F8z z%@2X~p7dR)FM`NrtJ}Hh;g}Ndb=`4lDP#Wc&VPEBfdaO_(uFFQ_qvC+IJ6zE282QV zj83f!CLQJ=%TL;&=+>TvU1104{S2l$s+}yKa_RNQz!c@DXS2TP-(*}`z_vYQByR+2 z)4wO%)Bl!FO!A4;N|Fwu;DaEj>)}=E!Myd~R<0C(g^o6VVcrc-JG?Z?ipLt@EB#|m z0SfK8`Z}M3i6ZrKjsbow!7PO_l~EZ+Ylb`U_aDZ(MuIX7iZGGka7=zQmpW0D$gvoe zWLfm_<}hKv-exsTc99&Xnod*d8I$|wOW0J{VR`(wbe#x;pH~I^)hb{TYQ0ZqugsDm zyGOM_4>ROJw1c~f{ae{pprPa-dlcQV=lDMs@MA1wxF>)1-4pEljx2G5X8&fD;k+n` zao_#{7OhZBrNWjrVH4CDKzZ3^c#URzidbD-Eq?UHepM~Xyg;oy?8*fVnEh|CZ_wse z@3a+$>Cj|0>tZ_+Q5p~STRP$QA9~Iu(Bmuh;#5!uJ%l%a^RChRwYPiF-2rL&EI(@t zc{nt=SiPF>JxuSNh^6#AP?QkyY;kVw3*4;JZl?$kox8||?d8YBpQI$RJdzoui++{z z^b_P(yJUXtW9Fj5`x_^~(p%KjPm1B#w=z#I2NH^w6oKKt`#C|CtxIEAtvyT$-7=C{ zsgWV55LA3LYK_atde^6iyV3pIULoo+ehNA;tR>~j{hOKtUYh4m7f_{ z*_u;N6Fi~&^?v^oe#48&iIlbei3Y*fmX9WwX*J6f>FPy>r3m`pA@g}9bjqk%qK@0= zBioPx#?8Wl=3}2h9>jL{T{ge}6kE159t*g5#{W02T+eZ+J+I*1>8eZ*;%}wR`SGmz zx1&VAPM@Ymv5(kz$5ELPn70gbJnZaA%DoUB=%6ZS ziFi6QE+96ZR)h+N+FgzhETZ&x2^A^@3y};BcH11UyHzS;%hipuQ<3o0)iA;3ChTr3J*o;j5XRE6|CpI)Vi|YbF1I5qL22m|1yg;qH)#25ka1 z!JS!$L0}JGc+M~41q(9wSblnY9f~Cd0#4uRCEmQE9fKz##eAk2vh^xQsgY8z(34(F zxxNqCyM%bIVZhDW6vzwpC==h;PmkOkefEHIjnO|N+-(@RXVV{;!e%=nw=)Ls-ZqDT zt}9d@!3g4qZOyBUoDw_BgRjwr`&|JXptrF!lb2?3*03&)p%)c|!yd}*)>Ro-Y@^(e zM)Sba+*~H=imS=y?*iAB?bmD9{7YoPy2!9!Jf}6is z&xuD{Ta-IjOn^btJq^ z@HA>LCSKGs=O4qE-CS01W~VnkorHePaBP?z_^3ejll8wYtcIX7Z^w#Ssek4Aj}mT| zPbek*Nz`b8s&DALMAKQ;FG}(>6?N_XKK*pi0-JUpaAbf8Sd)*81pK@*{SxP9g0Df> z`(RU^M!rT~#^^7!Qf{aRC?JV2=+a63=jLN?_Z9iE%xe-Lfh>WL6iF!CbyFY4Tp{}whZ9~3vrSBiL4=e$@5kw#ht zYy74S9HYWs(?_wMoOPB}s(aoNZZEPcu5ku=mTq_dT?=Jasm$^`Q7PtKn(=RzoRK2=8uBDh;7gj8qwW zzZ};UMlticS!c7hLyOZ;+uzI4@4F!HZH#}zhA(e6ewSufq9lSG#tLL`#!Ae(C>kH6 z*v{&3cGtYlYy|F5`^fTkQHFNvbcUN}H~%&}EdhOje{0)#s$7s0HRs=Ldco)#-GkV9 zwRHS5Wt-a$uMRN1I@ios&D#8YjSS)YlZc@2bt-N236B9Vu(Uz4U20L-j`fr&Obvei_@yob!MkTUcmM+ia zZPe{V8VA6bbNE~5Au*H9V7vnqynZxM_pjaKJpXAsrQD#p+9?A#=eLYYuyga2v8C1W zl+OC0*@aW`b}mo_Ht^%&daqi`YVxL>l`?PQ@UYm)D6x?nZ~z^lZV0-gyoZ|dd~<0xo(l3 zWtZD)1!Ovuo;)w4>qaeSny-*;f(uf!(z5eZ!Bef?*9s4ZCCz9QeDMWP?BF%Y@g$W1vJdgr3pY*PefO zuF~%w-K%7$t95;P6;;Sq^dOI%KS{7YZLTB#w>f(eD|szP>XS06o7N_Nm5J@=>>Qn{ zr=ygyA@S8Dna9lPywJ*8;5eLwdZ+T3t=eHuI}YD=W&lmx{6<+1_D6umpj*e=E&o7WLwUSS3Tl*F1`U@*Q|Rvb zq;if)8~k(@p3&sP7@(kb{5iPx8rY;BI%TTEo%x`q27r(<2{s)|Yy`l5IMFh0mqW%*nWT0r3Q)9g2KG}VWof!)!J^xARPRpiYzJv!v^E{AH1f~wPw8-0putn zDd>2D5<&0=Q>s^%JY;Jp$sxB=@22A?eg5u$omL?P<~v0576)cY|ITchW6r)AKJ5)a zAj7+w_RD+r@hY{KjS=7ECCqk(Xr(41g0z#K+A3d-D7;nXM(2vV`7#3LUgo_c&6Fmy zuHCwPS1Q+lRxh`AtGlo4%h_k{j7VWBbHlrK650nMNzJ=_lk3@w=n9t zCOHIv6Jat6{s!C%?^IgrnE=12NPGR#McaY1M=idH;F-)Xs&yA2g1uP@6t3)addgUBioxVSeDHYq=DyV@mzA3i|R+tv8 zY&L^jPaLDG`%v$0#_E7@0#FKqPn!QyJbZf7f`huM z*6Fq{TBtJOz+xIz*yb^PgFqhLXx;sxUTJLCZLxSv&YDm3BR zc~>S$ru3&<^qp`NilW5?+4?Vcu!WG0;OgR2Ik?-T{-m7tV`(YM!9ZE-{HKZEnV@98 zsZ?l}ePjH2Hq%G}#y%k zN!*eTm!sI;5^&1(YEvXa#*qr&IE%?Wdfj{mrpr*Q2s2LwzLlHbvlBz6btBR_yLU6R zkpG;@jWrobW5|>og6Z)7us6J5<PP>d zcE$2PR`p<-s+;#_=yv(vKD;mBdU88nzyS}>TR?r&`@|T(| zyt?OdsMfD=%>@VoBf}RS9bxz}ZEjOG@?IBd@Tcuxkd20P66Z#J?tyj-!-mI2VY|o4 zgO#0yKCm4x=Rp;IgNIQ2VetsC6?PDFrAuMiqW zaq)fgCj#(5xYC*o$AQyMJj8gh17jFVXWeD9Cjnbre#fRqIbWc+o*X3&KTYKz<7qMR z=M0%A?AP+=%Dzy{mxm3Hf0RiHRG|+;rq|^!Hd%N$RD<3Ay@KxUD<7!PI??5761UoD zpFH0RhIB$W>b#4`(P``Ax=%eMq^pn9bp_#dGuQNY^aRNA6fei6$wY>5>zzI%3B6;g zSM48r@ft(xV-&$WibTHSZmE~{ThA(>FNMq(Wnpk)n9rX{7WCHY2k#jSjf0f~e4U2D#w;xgZG=kO+-$i!)*-xNH zR}R=qdLB3 z!$9dv>T5xIuIo zh5K}f2n1;qDI%AJb+6;Va@`(=lQsj!1w^FMA zc#>jLOx_x|yRxWvk=lH}9i8&bv8r2PPv9iCLqQGbggYHlsS8<mP+Fw2cQrY*eXE59*_KS=A0zMW;V4CX)9e=AC56^5Ja7Lf zr(V}m-9#^0>M(f9i-T{bW3O%<74R{*^9+ukFm7Lv^|y_Y`w1qHzP9_ET+0OouXab_ zLH`lj@b)mBdZ#M;Td+E#qia{Ro-1R!qAHoAVuCKfUaKDO#Y4?bf`vOr%(W!+0g3)j zdQcaW3o`tGayQ=9e(y;`xdRE;wqa+`s5^qj#@-H$gufi4$wE8`+Qn$x^P0Ho7TdN; zs|eWB8NsHss%2?21;0l94^3wo6=mDDZ50Wn1nF?-mhKt>kp=-Jq`Om)W(cLbJEWys zy1PNTyKBf9Cce4fXMMj}i#0GX=Xo8+zHb{@@)v8=eg#M)Wo4}%(7oyXsM#KrBTcp^ zp43P*dL=jp>#nRK zKGN%Ha{|e@H`;qabXkq~0lqXYUw%FgDi6c93mBaCtZ{byf66JygB_h#ogk=JWAjZ_ ztnq)PjvMJPAIj6*;BSa$9Mua)N~NlTVy+I+z=hz@+``>9PRa*U4#pU^j3ealEdKET zEBYO+8iHdoyokC9<6&pIuU9@bd}IlVyp_8RM(inn8w8MV3+E}1f^pw{db2Sxwn4g?LJV7 zQ1E|^?xwz6|E~jk8G*nRPVR)7o6qkg89aMyDfq&iKb9EZCv)-)Vul>-43rSuU$CQE zIX@@d;-w16r84oriE+g8K-}k#p?|&gJxj1rvE5Y?kT8DMmR$t!lW-Kf^DE;Jk3%fC z)In2Wa}mDO{U-SWDcWZe9XzB#m@g2Uejc3_IxQNA!-OgM#i{{bi_z6OU&w37e^ZJ; zH0YQNH$^ApfJkKjUn2Jt@T)CPqKz1iPZq8`#432K=`!x*kL_}U7riA%Rnngb#j>)> z_}bkeMVG_L;aQr?PCg^8s&7Sn#ABnQNmgHp#VjV*P;l6DQSyNO7xZ#5apd)uBSwyG zXnf>z`z$yJ@}*#NPH+X+dR`X|9)<85j5s1xrMYrk2K8)QoiIBa-Fn;oSiK@AdB2Ts zmgsyY5ZXsu^>oc;{_l!FaqhJ1(BNV+Zs$Wpvb5x81q6$p-6Q1x198Yl6%#ZuByZ`gzg4$F&CXO#Z3(h=|wZe3lJ47m5b0&NHUj z=qs4~LP3}%S-uHPcE_`Xx-X${D2f-?7pi1QVu}8&95Vtj?;`aJJ$Vqh-s%?*d>?0E zO*mRkI#p`_(KBV5vL<&VShub| zo_wky08v?16_~R%9wagM05=NNea&A0?%Vy)W2AJo*}R!H&kNg3Md07!f&-C63uwbZJ znt@HE=zlkgK(u0_HTdTgAd+z71r)IR8d30}z3kd7-LND$c~d-1M&zO>N{Zse)}t$_ z#V1E>4g0jCgj=t%l3d$XqI8qg&E)@NtsWm?16`8oy|fLuTPI3en?9`QuMUI%QX=lW zKWu|m8jfAhuI0*m;-oj8nbD|i7Qhbo4u@TeTD}6-84o5>~H7suGr@B~Tf%gom;PRwR zBqA1k5d`_HQ`QO-!43IE!I9XB3I=4zO*;@v5lZQZ&D9bv(UW4%6I32~4DP|9XZu zZJusAtd8y7i(Mpm-H?uGHSAZlT_(Gq3JtG$9FE`$t+AXgRww#gw2&e)Z(GRctVaAE z)?;yV%lAi69hVZs9S#&{^gdv=>kMa;av~LYs>=mh81mPNG#8ygD!KrUzZb*5%H^^Y z+?+3-V=0sIBb&?v*Cclx$^rtHhno4}rN*dma=F&~RNUANW&z<5)H0cAd1;-d1s*D2 zQV=8i(^(a_S@%Qt@J%&2=an zq!|pfVngoc5AAI{z3az+)2M;13%cId-j87KdPV*O)U9*VrFZ=}ic)U9H+q74?Ad9r z0`@&5_fQP(PFk^151OHzCuA!CsUc|3k}L-ReY^14G9kOw6`IN$G~A30b2nU|+xGo@ z*?yMZ3Hr!-L67i#|C{2m*BLp$@!$eTnkj0wU(4 zirhD)U9PJxhwI$e>n`^u276bMkgU&DbwiR^@JpSZ%%P4hOc=_MS=x;b$7E{QdXk$) zI+P=c`~RFR$A0{dJu_rgh=5hq+kLL$%HX;bHT%rE+Z&6kQlcdg3;@0SQUah$BM4Ts zNh0Zeogo|7!%}`wH*}(#D^@dVjlMPW6 zVhO&m#Rtc0-`tG80m3kGDL6^eu^y|c`;6*-&FchHO;qzh?I0hAyF+L-Z9yJy-r2acLS4wtLww) z7$Dwj>3c0n=0#L*Cu6F%Y59WhM=!HJ|-Ka}%y?C;ZpL^o4TOj=cL5%|-TlEo&fTF!vH%5ySXk|M7a) zobTjIP`dx2{}B~ApLfzNfct}?_qD|_(D_+Zx!4{bsR7L|+3dYcZs%z%VGo2j`LFb- z!(5~~1PdoYTOWe!0Q~d2>WxF&UVZM2N_KN!z+Y2{;__dYw>ZCJM~5WA1SoXS+x_U~ z;?at9;rDoBBPdT1eMz=!0u`wDx~{^UDkUy+yFtk%6>FZF8q}E^g@#35+8!V}xmA2E zITM;rHRP4sC0CXc*2O2aju-=_p6Rz7l#YOxQ*+!fnAu%0EgKBQ;Kau-WS$szV+IMi zF3?VfA#K=o7w_{ywqs2r(2{pa4tym+B%rhx&rdW`V$*%$omT=16O-YkgE=YrYQd{$ zNKYL@uYGsj8spltzvd z@Mxj22GoY-g(dy>wq;rD)L~RF{`LCxE7ss~80=7JmN6$TVi2A{& z(p)z!-XK_aa(Suw>saq@R=&ZAXn>)m775r`O=pkUq1FCkBmz1gO#YSlYs7{9IFZWN z$Y*#hQW8s59DBQGc3Oobdek)&YdDC?=8`dH$vgG;k))N0L)l%-8hS54hB|&vaEbpW zCZ$(av*xpJ1I57~%UqO?kimbD4?FN&Ho@C20Kp3c8X^!Kxv_n@4exWwv)JhBXt-Wa zt17yUeXsW8SKXHPZ6P_9xI(9Y-}atdXTSIUA$uNx&e!EmK=avEeP(qwO#B*^EuW_u zbFMBRP$4}Gc#Aq4o6!+&S|pYaVs!ho^9A;(0gVfSgVJ82=Fq1K<6-?;}2YM!7G z>;Oky1Gc*C?a1*P_Zb9|k)~uhS`|9sO%yoMiSYP!TJ zMstS0b0JH4)2H4R=LgF(j3SS0UiZgG$>!9|m0wX1O>oDncW!T8g2e zeD5IJ631x;=@pZwxv%7+hLi`0UB@Os@oO+&$W`c6yyCd0FL(r$ubM`UUVMA8tl9Lv zz=90W`s4i16acm9Bm2^9TTQwnve2YtMJBjqdnGPlTAd@&fY9gFHS9EC`*9Yx!^wU0 z+{fne=rY`OSyJY6gmdvW-;_kC#ZEc5nJqI;@~Yb_Fp4u>goW|Nk+$d1roS@y`Oh`h zqkjskxxx1?Wmd#E2nP8546-7yn$|NAI^Z4w_hAO*B)Yt+YN46_ z3s0d}wZP?f1RUi?k^83NkTZgM&ZK)dL^cy&!jr3!dRCN%!UtH#DRz(Y;4a3axlygg zAITMqOb2{{j;Ctk&%HDFyWXy-YTO5#atFFRFy)ed` zq;zbcd*{OGeyUNT&_){DA?Qq>>~T@CdZVNE?n80bkCPEsSnbeoh3=*GL~8Z7vN1?( zx@V!Jkj0AfIKqG-kx9iZX;>s)l3NmwnpYm)Za;{#2ZG(GlSloP1Nc#iN}E$!%065! z%1uh1x>5Nj(Skr*>f?eNSRIM)#r~4AE9wV$yBg4gTpQn`x!G}RM~F}!S*OIzPlP?ko}X>p@9 znf|bDP;6`-sPFOZpwZlX?V#k#L8HZ`lsJ&B_PFU#^)X8lfY^;Sd|wzwW7kc@(P{6> zl)?&NGm$J^-j>s;{-~(jwwgB0kb}xo|a*VuK!%&?>~eg^``v7vWhk4X?**rD=5ch z`%M*2e<;_(-O~feFpgU6$LQMfr98Q%{557obIC+pUo083QOC*HY=@oD5jojBw^B(} zvEc)por9x$BgkMc>-%I%wcp)qcBv*N6S*;FIE(hfksD1mYEhQFzK$*JqFh-e zug54c)A}bkuG)ULAm&a&V^ZUMZJK?~hwU)hgVSIS6X9<`$YDWKLzcX-N%GcLEtpQ) z@`(n~gkzD>+}24Ptnq4DpibXorQAeS9W9k{DzCklD4jw{_fQLX2bHPh*1!jIM^(P(WNg4UV9Lg>zTK(*D1Gj0DbKEbwU&{ws$Kluabw$;6IFx+n_N)% z>&U$bdeyiB(HR}8F`!ry-?+cP4KCy^DYeMWs-?J@!7nGK-E5|<4tkMkaZ`@`1UX<4 zTREH-l3g0AIr8Kf8p3H@9xz&Y!D+; zRjIi>(?V!`PIla99~wFV$-x%3P^-s z5ee_dPsu5c(gs4TevXXOl+3(2H;8)f)oTLX4qMzNfTx1ho&S#6p-Hhhz>AbG3$i=Z z$)v>Al@@$UhNrcpb+*Y?G<3uzaJ}JI#b({5&&B$jt9vG8Z#yse8I-`OcwmU?{ z#9x>q16+4qrJi*%2B4Y-iHywHeA3UAig79a8BL1r5-pKx*1qo}@q(aSQMspBkR`dP zc?WD^nZ)x9QNIk|H?1yLTY-7e7T0HJT0imL-873Mq64}H&zZSi_zk6YBZFUp2!2a! zWv-zi%tBs5Vy6lBkTmf~vh}tHbVw|OaIed6Z_}*C;xSj%Cs&~V^#Wjkr&6Aj$}Whx z^fC+9--|5?)7d-#{tzxlB>GfhN#0nQ@|wC>{Q`aQ7$W5bR!pQH5px?-EZm|qiIsKQQzGx|&1#RAY?BKtz{ zlNXIZGLu8RI$3VNT~GIOakD~;8jsVc7t4n6G;7j1t;P(N%r1*F5e(?RAgHN`_ae|0#xw71VKKc(&-#a6Sh*^{VeGz*RpXI0fz8hP%xrm}}?iCeRZtN4WMSr7X z6utwEuUNxPI;QA4(k)IcSHD3g&m5k#n1}??mA&O_qn4+0R-k$`;?`pm{ zamp@PpUnSx@74E7J~q}cpid3#+qb@Mv7`nap=gV#V|sgOPjumS%>CuUjk!FL=mDlY zfd5?or0o^P00Di-ag^@F1h!Y`6B*elDVH7-Ff`}rIhx+3q@M}RlzIH8m@eCH74Z`+ zc%P^d8MM_b#kH|GQ4$|p^mS`Njpp;wqX_agi?k78(t6_9K@+Jy=bE`^kO?P5fJQ0O zKs&&nd3>cPu#?&H`ugg(g)r8iLi5Hf7w8B#nTD1u$?gZb*0*ZnTK*4hnI>!cOu5j0 zIbwQc?WP?=oj7)88KJ%XgAoO0>QDgXficOp@KO52Gzk9~AA|l=RDazL1?1llkjZ27 z#=~BSTTk+P5A$8N?b;&`xVh~z)n=NM)ZkG8#$89;>L_^c?uR{A&c{vZ%I=1u<(g#% z@5V@Cz^Ec*3NePG)5uk=?u>W8ks=l4DIMXLtAL|=(icd43fS{$rp+G~m#tVH_>Zw& z_d$qP(5YAQWT4+3FXqW53!f=;s*szSHtxJJmkE=kxW&IyobEDg`&98c#TgcEfQlOp zIf!Yzv4G~Qyt*nN!2nJM%}hM5Q#MSnxDj_NiOyAi^85yj@}VfY?RjS2b;Tp~GWO8)_7(VECR3a8K48%hzi_ ztCl{4yPw9)G^>6MeDxH(9vu6RRdX}N`+iz()S>@?J2ptzK|~(nhZ#FxG^&4ZU-cjPQnAwP8$}dP zY2rP>>nmtz3GLibDg39MCL)$h@S{Jn&B#Q-wUP63|E3Uh?$KGK+LN>e z!TK(1`TrV1`i6Ogbs^AGP>75sTTk#>7~*CM_zS_ji~%{v?JC3s(QQ61d>z)y_Yw$# zlD<3H>1mTImQN}_w{mQpZ8lmnX>LbRKuH+%*d^C z`0xZAx&mjuCkb5WK;_8Gqnt_kyM_1rD%u7ZsxxeZip4E+jzo}HLu}Ev1TIeo$Hw@x zEae*zx!=yPihad{MhP!9YW|P!#GZUxZhtYGzqecs8fcI!gK3*gwWTU8j*i5x(Hl|l zXmL{D7JTu~zh$kF`BFnU>@$}t`o20Jp56iqK zZW&qUq{tMNbdVJ0?T2jpY1wQFN^F&0@4LT=gj%oMalKhJgS2Cqf0 z_=oV$*2uo#sAqjtSKV~rZmVUtWc$vPBodDCE)(yn4qH9MElj8?A`(nzx0m*Jl}}7>w2K~x(aM_qr@z(g$pcM)evDO z?A?x~pkPtPdcmCF6FVp4sUdXX_T#oX>Uw5C5AO-aR`3&>Mylik3>(Z&x%h})WsLZe>fNh zj!vhCaKt`=KRd61e9A(o_>JGvQfKn=MMp`C9U_3wGRXM5DG;YN6VF+Q4>6n`9rez!_dRnIM2m;7 zFbXo1>bxLG$?hYU-UE7`rYSr&B$;fcS* z6`(88&}UC}Q_xVT(s7NdVr0igo=b&bcGpeK^U2?{H3e#BthgceryECI;*((?pL57W zQxv98cR{#WME=>P7je5@#U&c*Y;@pZgsGu!Zedo0u2M)>qxypeqt&du%>`(#iVZpB zM%*IY`Q>XWo~`TDB&#XV1R92*9Ab+6N7`D@aXHX;*DJl#{cTv#-vTu?T-D7^6r|g$ z-8?^Q!749n+JgosRF=2>yY_LQMMpZfMs2YGxAXi?lF7TDQpaU_^@@KME8=W9EH))i z9hPg|^7)OCpV>D*6q0H1KM$ps8w=nv{N;!9RHu8g@*AE*a=vE|eKYQz>2{{>x(jej zc3gKD3o@(aqP2oMaIuFHRG)G_GPil^jO?n3)7M)~&C8@g@6YLFYR(qK?$bs0-*Ya6 z6QLUqpO1~>P*l_7wzKk*V^YJ3>Pat=Pe2qwHuUW6K}mibybz2j67%j?s#3XHw|^x5 zcK@vk3f-$mK7FJxv_B*6`;+e#CO&y7FzwL_LeJJL>-jjtTw@?(MRm)o*LhP}J@V~L zOdjUK9$KWs+hH>&C~*!80j|9W-r|-JFCw)RaRtmjT_8)$O-S6Rox7Lg*Lkqh#eGhW z56z$96tinp4f@9=?h9YtwxZ&}4+ywa_WT5Z|4dH*AI5o|Xrm+|TH_xz2@YzZ*Av+E z52#ArAdG-T5WU}297>J|7Q%G%q(nzUBx_>IAnjy)kl=l}EUpdn-0Y%*u} zFp#|4ZP$U*Y%sEE--EH9qcdr@SoU-);zQ7e5%(lr=PgsUs=~@`KgXZS3~$Z z1C+1nOiy|GegeY8UFz^ag`d}c)%&N#Pu~4PKWoio$(>4YM$iA21Ya00TB>F@g5LGY zT|W;)W(!xC9nbCyue-5(evM@u$gUwk(qw(M9Wxw>leq38MXUr?gOE3)Zjf&Bx5QtOUzhGR5Of4hLERp_8)J>JdmT1` zBhIszIm;?ZTzv`7zhE*2!>4Jl9t#$c^i$PF7PsqLt)j4j8DCl~hA?E9~u-VMXC&gpQ<=%?l~c9Ax|n044%-lP|Nf>l`E zi|%&uHMyX99Ov#Kp&1IZ5S|`;viX7O0=|k`r5)b`QAZGStE@Qi3 z)M`J&zSr<)UoG&Ar6HG(qXl#O8yTR@OhEuQ0`>ILld!Lm9x0P;Yoc?&dWPmA`owlt zB5XCe#^U(KQ;wS3YO+nZ(GNR??x9cNjNXM?iOI9^vz7Y~){CFZGXk!+{RPvO7tvVy zO|%HVr|f?(QJ=n;xQLVrj$~SRo9uM);bQDHOR4=gnWCSUkUq9sR-e+ zTNPwIoha2`MQ04gO^>gzMn~Vd{Y2-A)SFXEL3%&9z=THn*h<;EPbdO09|9dgnL+gR z9qC`b6iyV(9p%P|LrcchHx^hUg|AjBJ>QU6e_^7z$fkWgKv%$i`v9{zHQ(FH3Fr8t z#T4tp;HQGE95R7Cx9fb*nwvjUqXulb2n9L^MRU%Bou5m+_Cf=GtSttED%-^ikPY+T0MI4xXwb@?4tu zPq&dziTf6nVrMe+v?%u7a?7%oq;p zl)(m>98(+1J(zOY&xEaRbags%suH8^2>);;1`Zl6RI*#98wg#$6gjpTx6Ty9Zqbn{ zc7_$@?i(wI2oWpY_!zmBxrtmWZ-Wp z?64oX2JHfGzy^Vn-%eMlhOAA&zg2pRUisz9p7sP3+gW08=teFo(NDI6Pbk3;sNLrX z_b1g{M2y?%%GXZtz7jX~>V3qm!<=-(Fb0)|23xApwY%35z{3vtc=FhOM}@gGabgPf zCW}J6Ih{-BaB!a^G9DM)zk@6_cQW4o<=r*+smO+IYWFp7_KtFR?%oS|z#3z)QJjKJ z@S_n%!SE)J_%frrOz{em;!lw{DF>de*aKM zuMqjN`T6dnVyOKBEUW-BU}!nYVEqqc zPZ%+AMqTg><@IlDsB!D0b^c2SzPs4+XYA6yaau`{(ZU2ie3nxd=9WsyY#ip(5zCKC zpl@1%d${Cmev&@v=J!YRtim+($NI$^rkj_#^ktxPMPQ%aYs=I}uanmDyST`?9C(bjZ}pT{~UkdsWV7al}<^!Z}U| z!$q8P0W3c#jWFD&6m)Ks9L%4qPMEbq>MziloE3jQ6U0 z#)qOIB2S;gw~D83L{z@C4iD8FbQ4Q0nVsNJUVrePm?|RhykYkMqDLH>(8SCcthWP68FWG;Jhh)rA1vB{N z5OHzo2k&7Wc{8tNN{AT~f@NRw*xBRPc2zCgrFU(Eb%2GWXkm*SERp20U{enPsVFfD z+aEl{p=5mPeU~gpI-UaJGGeNB(q}(y0nqY&+T~)6qi`ym;)hb2YtG{-TmnC9SgOjt z`6Op4^NlG*;4u0fJNjEDg&BfG2I9~+WiqWLQ_en3sQRW_SX6&b(3&>)PRS|eIkQE3 zn=r!4%Bp8c_*J~5+3N14@phM0wTtWJK34+}Wecs2>pM6F(Q$88Uq9rgs(N@ptLdY< zq)KjlNCAR%3 z*vI%w^iDqzI6Z&u=s$`EBs}*0^UL?Ki=kDS2Z6i$--m86!p8~j#5elw6M|({P+E$H zbv()ReMT+Y`VW=Yt)q^o(}&}=l922@FuhtFJ{~1~y;MWotu=Q}55YaS+YZ z8^wRsEsNiCnbBAJUn4;(m@L0}{%WW-V z8{ZVr-<3oHKT_f=z}01*R20jP(l~r|xSjNl+lTtSSjPC=xI2TNi*#99v8YH2y}MQYocc_{5WSw};wJaW7h6Y(G1i(){?|p|0+a#%XTE1a9aK{{`o= zu!T=IH@WlO14A?N&6#!@eVK??Lc*X1rI0jF;lz>7`6Ao#fD2ufb=ID5We+k<9<^6# z5J2@6Bv4^DJZqS`Q%7jz{I}^YY8zN|8^Z6Ln!+QCgvxG08+(B;_TPTH|g4yhr``*&HU4mWTL62 zfyLTPqNEb9@o62;1DLlqAFFW~&7y4xKqH`+FAyV{GHQsg-R()T(&k{98M<%cT3Mw7 zLcs|k@PcvbLl3oGOS2Wn*WVvC**f3+_*F3b`&QlmlXnJD$)SSFj~twnHCag!*Y zOgg9hXQ5%6Zyz(Mo5UC_e4Y;fMAzq~uzd7fO9|c2z-tXlf{OvAsZxx-bY&i`fZOA%R|Mx%Bp**m~eb!Kjn5oml0||%yBD^Tf;(O(X1z^)h>}jm6 zzcNU4lkQ&uZ3#u9Q>Z8pL5{0ZQjCu{z&SKG8AqU~+sRd9t zHhS#%OBars?0(FB6`m5v_0cT?^g5c0YYR~Ee;f&u4=v6?Nz)+F`t>pFU-H>wp{t!E zxu6Zw-ItoQN2BH%z2%Sga!?x^n}qa?7?q2;vj+ZQ?8%W2WR#mFg$fw4%PI>(%l!to zYP|91XOHJjP6$kBzr0d3=s74__|4wb(oEpp<;Ez|@vHN6m*@wdw98)lT<15pAo`a3 zz-eSYGSC74CIG}mc5y-ecCYK2Qj3rUCh3?JQ8N}msp%KD@u{i|p}s0ZC&%}wHfLsw zhD+vFf#0D%ust)%lc_}z?i=0@G&0+Zo#Q7boeY_NN$sJl4?8)2y_iTlUj5W|O^bmB z?*?HKSiFRVbT$nD%8rxVHm*s=DbnPFQeoDJCuH}bpAjg%lIT>W2!cJ7}Z7NQOeod!cRL^SzeJq@xuIB3YtVjA>8 z?k#-N8iOu<{}=89JQZl9oPbnSuKY}tLzBdi5r%g=QV*X21tKvD0=jgN=nzf3mvFNW z!riyk0Frjg-F1&589_%EQ0r13=95Q;YlFUy_Z|beJCLHTSby}7}Ou0ha8ST z(?+U`ujdb+DJFjF;u!DsC&7_?lOP>^MuhuhZ`>_`Z}&UrC~TJEbL)jtDdXG~S}Z7H zZ2BKK418V6$H*N#U}y07A@4G6=P~q+j|vhM-5^0IpT7kW9KD4tzMF}hDOud!95{)t zbrht&xdzx2+>{ z7F!D09snLF6vfK+s6myrN&go^c_vA08w$+h?#(rw+nq6eHMcGtDWJf;=0l*K`G(7_ zzspn~?K#p|>A%X;h9**o;4hODF*`9s1ZiR7F^AIwIP}*1`IVfMC+y~1DPfpJ55|RC7X2jr()dxV|z6KX)5QiJ=%^b0Gg}??(;WtvK6SA=d z_Pm&y7$o3XFO3+5(!&_P)JRvqXKn0=wT2TK@I&kIjGY)H>}$TwT$>e40={@C-qY?R6XmTkDJ@7=X&{S}drt+Qmqt&?jSUzBj+St!ga@>fa#_7DJ5YQSLD z$tETxzit@}IHC+iL%Ne;Jz|4NZ)4{w+o`9aq?hiU2t>!!W@Y%aH|OulyUklvp;zf) zGL@f9%KOJ?QYwj4V)j>eaQRKhFzKZpgVnnQ-A=!6$WlawlU_9Fj@wX@zx)eobiLnR zYY_d_L4Nar{1r3YVIILSQ3#y20`XtM%ky1JDxjz5b=R9yii%n(dw5g~Xq;^tyid0R zi7&|z{fVf+`i|-GT8q46`|*^9p<$JLX<1qF+8W1ym4Dg}p9ebe-ltsG!8-*{WXx?# zkc^j^Wc34l-E>tA=>z@8>h@j$Q93gn@sf+;UqvWQ>4&l#5&+h7bqt{|WzU5xAoxZIYW2{;!8Ai(SYNJ8j2g=UTnwuVVX_`5-vkMf$(6>AMFcy$F9R8IZH#|93Bm^gw( z|KyuIA}N?9?)RbM#$8IDEI5OQAhZ;of+}7vkv{^in#;FZ(tcK;L$INT&!)RB<{hUl zK@Js2R!Jo#c82%w4c@_fO?XR%{T8p2@MkyIc7PPq*C3<5W0>k`*Cq34FDmX_WsAf+0!8Gd`-&u! z3<>Qj_~fF+RsaH=c?u%DL)ulV#D@a>^?CVt3xuC`>YE3z5Y4%pU8q;2f4Dv9U!VHw zTuQ%!d6%m8a;qD(_73X%WYDIU2e;&R(`Oh<>X59seMYDwdPa%IT*8e;mHNY0946W~ zO^zc_JM*ikxYs_cjpX+)TQ3f!$~=+*DwG1iDui)}lAGnKi}+fu!n<7zHekZk@-g&S zm}u8%cjsj)Unc>wzbQzsz=Zqd{eN5=OgLs>-kCE;Kxm&*A(FqW)_5SlBNa$E?Yd4p zkTFF^?lyTSGaYWHGz`kSgi!G5`?+vm8HsE`h^|QYrjA*7>9%)1PorR1GG2syOg--} z?_7!5vw{tf%B-x30C9D?)zLqD?Z7U2(9@aq_}MCr*q_tACoBB^C+1I0-dE^Ro)*hm zkohj{(TG{L;~5dnPLF$(nx!<6@;xQr4>PZ5*i{*!m;15S$e3~}e$+YLV%CaLmA~7o zxD2|*4p82nW$|b%iq#;nYP+X>h?f$2XrBb^sG~?!rr4{=@p4_q#2D*3a7tJ_a7bBM z@fLYl@YuV@{`A`F6XK%iYn`cC5zbi#{ib*a*NHj<$kV-1{Cd)Iq#JsY&bYddw%e+3 z$w>|#j*8ApW&(O{J`*uBC*53bYXNw}H`88)YCY9+2iG7Exsu0oB<@fQo-6J$w)ek! zsLI_@(fEM~;)LXEMzp6pyMCrgUf+Xd(AZ33OcLinwnrpVhaw1p3tb!|HYP$VASmY8 zx@nwxle4C#RuJ8j#^Uxn&gKnY#3{ryJw%AjC2@yzesCAp6iV%XHbZv0-5W ziPmN@*7CMhA@w&$%Sl7$YzMcd;6-V&%A*;s+ot!I67%mxz7WK~tcaLQr;8ilWD8KA?`*SbH_JV}<9C}&x<%*l*<&LHDWIvm%D?s_)@ zH=kc%gIv5FGk11r@_ndyo{*kGw+U+hXj_w2=_VK5UjIiq<|vgbHD^ukov&Y|vaS|q zYVML=)7O8a03$v2D%o6H!GHe&AlnTdI#~&=fOb5e(Zf@B&t%@u=sT0I z2a!P=8nrNRBM!FIsjI>T`{Ky28T zesbD(c1yc{Oyo3{(qb&;$j-mtMq`*urG3n*T5ry^B~Wm@m!aSkEj;XV`?Jll^?iJ z(?29jvZCIt_Y6oa1o0bqz(0@0@Uj~aWL?+DKg#ZC)n{Wnwb(si^P>FJ+E!API_H@2 zzGRbMQ_}ZT-^*r3>o~H507Ct+l%=8(UNp)7xNlW7`q&AXeuayYjr_LS-AZO7qh`M6 zij(H}HQBpqKTekw4hH&}tBLq|l9FM5ubnatxn&(qN(^;RfKZNFxF4&QRXE0#m5*95 zTl#ghnTkaPxtIP3jyl$)$<6(z*XidC8W~qftjA+dn4(_Q+W;2pC^l=4Eksb*CD<}; zO5$2~_?oU68UDaclia(J4M2BSigf*XJyrX=;1mfxv1Ns<<0h<^H@k`2ChRo5=5t8p zFyKTLTHUv55Y?5H@td#LQi>Z$Mo{4g|55;}ZYZo<1)?#P0opfJ@A9hX4^pZ&!4R zJMvn|fK=$v7_>knj~3nMQY)uBlPb!;szh``#+O5n(^kS! zbG}@OT>M}L{F92l++_1zUn1it@@^1Vd}}JsN}Dc^VDYzcmcMZf61Q=_4l6YMpZy98 z+!;&J+a&NF8FRjB?z1dNKE27M(sU0*!XoP|CqzXqWdH%uL6)|cc;okS>k*bOVSp8| zk(xm)vfmBWijNF}%9^mzw(`*ie{+stGhqzI`7&$^{a~o!k=(6P{u?vx(NzbiGTkuf z1K>q9Ro^j=zTi+jOw^^KBsofqL$;^qJUUt9PC;J*nBMk&D^5$Ps~I|Vf7NM zB4&#w*)Aw1LXPOu9sLmi=}mYGc-cRa@RoP0pYHZ#?p_N)HL1**s2vO3V2$rI{wb_l zcJuHd_Y4d6pxkYc|2*bQ0h#FHtgz?xg=ga({{P)u@%IBckBq8mVSd0tKxedZqbTQ-php^`tJNt_sl4<_O^s|Vbo(6RTo2b~ws2S4UGnVpnsS%y>icbl)dKI!=D z@dWJ@`{dLV`@~hCgoZ!ldfOX%9U0jy|2)b=?tUaSmBc>T%F-cWM8|)eJZuf^da`+8 zME0%EaJ@E4T%7%VFVLnaA*9vC=E0Uj$uK58I=J;fk-(BC2fJX8s}_IfF!q?yD)xj! z0=o_epH;v0U^C;IX8Cu;b~D}FPLpkeq=k#5{lnf@K6H3FnTY3LZfhMcE9CsH?)$te zIk*GBs(SL{;`3kojc-f>?(P~<64)K94PKGrS6c<(bGxeEkr5FJ>RUClvg?SC`M*hP z6zV?@>i=wmFn1_JYt|FBPXn(IGLlp@;84kh;Lo>m%xo^cEVY{=H9BvXdKxsJ7DXC$ z3;eL?W8dw4m~av{9uwgD>S<0hL&p)~)8?|w3yd&OxX0Oz|BoEuBnD%>rGpW~_Zwvo zY>j55DRr;rU0f+Gy%>)$m?$I1T|IEO*(jZqmzMbN)Rwj(#Fs(}%p;k6+W&C0qAS`V>q9-$9>)qD`!S0P!#6jABL~@yqGoYGHy_fck0&+N z+tg`1k2v>SYqj;N7$*1ItU3r~4-8c+#O_#mp}kdyFYM~Vb5W&dn~@bPih>*rHQ>&o zD;1sA7DDPqI`|Q3Qt05`w#+@sSdJ7UU+Wru{<0F--Z5dz;ko{JKt;ma(Cr2*qgPr~ zfMhMwD>4g8y%~y0QS%6JSK*rLT z|A3as0?+Jnj|Y0s1TmfG^VRLoTt+CQfKeeN1AdDX&QvX&w3dDOdCR^O8Z2%cx+N`q zfOlV{eUt7#Em^aNOzRzKW%Kf7)z%%`CFqpYB<$QWA2m4M@ZK_v$ z1RJ)D@3%kW?~jyt7Q25aF>3RTxGso)z`GlGCmjdkeGZaB!ad;l_odbZoG0pA+=Z$# z?PtGW@r#`tl&KV{7L4EUa%0!uLgwcl$#JiL+oU9F&qlb4Lhw;jd0g56?C$svVRVC> zJR#yuFussltgjjCho}Yq@Ibp=|2hrGJO<&#fesUp4jWA{Fvam&28;VRLCh{5mp>IX z^C2e5*JYXTIFeAf&YD6Y^b&%HxuRilm&b4}0B3fskns=iKfc%{0FbA>_HqzoFJ$S- z**VpoOzSVWZ#vN)sUQ=%S2i}Nz#0{K=c#sKl=R-OMu^s+~=k{dK4N-eU zDT_j}Mux|upy5kkKg)NOU%wa`$tl?>14ox9!Iu!iD-Y{2fP?$Hv59$L|Bu!QZ`1r5 z!X0e}wSX_&o{NefKe0V0KubEoKM1 zSsJvHqb5L<4MffkK|q!tu*c&oHQ(MTY^r0s(7&QK{P{|>*Qy;UwB#y~Ye)l`cB#b3 zN8!m<+()PHki#)Y$RviBi)E2GOu8k>!6~ku`EWQ?bvSWHnq!Bjk@yzySXd+ANeL9M za?vIdgPo3lpC}>!ru;uV${GAUR3VaQA>ha|rx2$(35JPE6Fdho{k(oMV(=9FBI<<$ zmUA%SJOV^9zWj(oTvAW4o$dWzhEQzefy)xL75u)NUH+$9YjtLEfz>FZsf$HO=CK6t zuE0b!J$y8JVAiaX-jvtmh;oh+GyQMz653w6-IpMw{*HKsPZiEh`kLRu2{rha59x4- zN;0^cvA~@;1B5(Rk7Jbpdj&)=cmF@;zWS|=F6y=gS{#Z?f#7b%J!pYKvEuGhptu!D zDehLRrGx^--JRm@?(S|OKuB)h@4NSZxIfR6$$94NGkee4Yp>OcOc3cruHT{)#=hC% zq$w!I-)?;+wN>ytq!?)tTOcZwy;0|fDy`Q~lCzXAAQxd@yOy_jk2J{I`ww#j^T;xOU9R7vtjaDei41snJ~?4_BxtbZG#h|&k@ z!X22FTJfsn-(ibI>dUlBLc1DsbB$c)2q!V7SdyG1jg)_H?g&I9tA3^So~q6SqHH!E zD4|qmOc!~Zb8q#^>AL5rb6<5{=`Nk+4G#SSA?4UF6%+fRjv6qw7)+@>@v9=(0=W;} z$*-oOgyjF#JmKJ@GHh0UB)r7mZ$xTMd=oIJZC118DNhEq>(VimmXxbc0uvy^k1P2~{GdBe}~`e1=C#pN4ytvpqU8dlW!)t#n<0*-3mLA zo&*Mz=gk_i(9~R;nV7K*;Bx%{1iF5U4b`kJ#(u;n$9zmU=B8tCu0*J31sLOuUBU|k z3Hkw5Tjn$%(fHgHBUyxN){G>sPPEfc+Sk&($-ylafA}x9{KuJ2UL1uhL(k;Y(|H{~ zl&Bdrsyp=M*(kUP6&X^UG2pTSNnXnd3e=z=8~p5-opF~DFRjR676qkO0N*_)ev#St zPfXoBJxMA!Unvh_RW(~~SmBz4*j6_v@D*b?S&uZdJC;4Ow&_C}*T6L8ttUIY7(Vqy zHRUgBsy(ts68@DEhrzUlRG;l)a&Kd>1st#HLvpY5EE%>I@W-~-*! zS0PJ^P&6|SutrV|11<}r-;YtZ&Sw4EA36v(|!UxI(#v=!p9)827Qo? z><=9e7Mi=v+lquIzC;K0oe9$!#rI~Mj?<>MED#Q2coO`4wQD`d(c|d~ILU&Jf>=>O z&P0mw!DmYd@U_RtK~M*jyg$W$hIGx~KX|sYmy!F$+AY200Fj?DWZ-b}wb=QZ&tkw# z&-I*xvP#eR)%X2C-T@%Wf zt;E!TFb`P^fjZ7%oSQAc`AbAO55iHX`wbNAo+;F*HS9C1;#_|Brg9jB{*Cw^_4VDx z@|{=B7ppMUuIs%mIljGI{%dP}U?W=ib9o^7t(oI7h?>k$3tlJfZL*4BuEp$n9~v$2 zD8kQR(&9Z_eKlbr@A3XQp-uDUkAO6%zqL4lp(4Q>*YBi(HUOI0fi>gmAlQr(X$1N+ zDS)yohQr7uxWh^p*?}|r&mjG0A!sJ2Oy{pw^YqymG!JWOw*8<}a`fQp;I_Ww(qVQz z4rtiFKI!8ns5KuHn3j%2gpqxKp_gI7>$IRywC2sZ5WfBlqISe*<4K@7anqisQ!mTK z6qzr!r_=LEsxMhSgpIn06!q637Qub`1zj(2}EMMs+P}5>q%!Gg4CQcd?Z* zqy7w!5I`Tc!itMNrVAW*@|0N@B$iCj$Z=^yHs+)R-h$A`eTzjH;8h#U)kRHCp}>Uq z>D}l7%%Fr^LV|!%bT^jkD2q5OsIXLBGE7fLc(B0v&K(#VR{3$@^=j&*ur?h`Ipo=? z{m*aEb-wY@nxM&fpnGe0W$EerIzx4$sqWAsrw6pSh<1KPmKa|Pbblmg zXKAah^@?C?{|NM>=n*WThGEj}NNd^RZQwZ!bAsu##tFgXph7{D)A&b$Q71&0`HrQuD+AN0;rj z#p8j&QV}2^C5ssAR@`gH+h2RP4l~tTWSU(Rdrtm+gEUO z7@JnxE!u-)FP=@z74uf$#05S{E$IxfdQ#|@loZ&@uV$QEzPZC5{`t(CvTnVwT5d*$ zkcO~;z>s?8l5Si-Zdx`Y1aP2hi#*^C0=5smScW6=%z@fqOk}A>olPuX9tnI!J&E1) z6*i@as&u+}A2noO{+4@c1sx`3cB%=8Q&qj@-t64l1EVi<8hv6w{M4f3QCngYZ*C!u z=l6B^wryhPM>l>0GN14qrH}P-Fu&(BW4}4+N%NauWzTGELe4e)VmqKp=h%6Ns%bI_ zD$hl{jmadUc`u~qdflJxj+rEUEuTz2&@>QW0RJKx?Km<5R7QK$J_ z?|J5k$h z=3V*5x6E)gb-zO#we|mjRE7}qXLs%wH+$E&9O5?UYKpq3bXfPD`ZxK$UWYFvDR5tY zE^*dxIBn&c1`ZCN79bMwDcDO-_U;@~ub-Y8hlX)8q6ZHMTvU_<4|Cq!0yH-yo&lJV zLzEAv`egw=@b)y|u8*yG;Pkz)%E#>q``%)L^8ZL57Tn!v5-&l!?`2KtEAN}G)IItL zPd|mgUOjtApO|$6H_e(SGe}IkLty@Dq4xZm-n8c5dPG!vJ!d0BAY5hkdA_EJ7%t)#~=KwtN1RsIif%hH%5E(qdh@^&Z1CBM9aOF^uFNb5W@L!kka!NGL zcOSQ*yP@pGCdS$+Z#|&KTnwOM*n2hIkd)UJ@9RXE4v?f*Crej>p%^b!xcD zyJ$bktu0O9wZ8YrB*8L>b{Ghn)5o`3Pb<%OSrq*t-zULSbSIQ*XoR7tYL~n;5glJO z{UWefiRM8Ezj=Q~VH*93!q%=}kZgkMhkwwlNzikgC54#Cr|Fp~z+uK{thVTxFQ+0+ zszYDy&gW{puXJkW5cFWQ=Y{LXjr@>lYj+tlEj5TT99rd}OZnkD3wLG|cYb5<=J8Gv z!(_q(F;v|&gWq^j$Er>5ViF<6a30Rr`)}vXftHDq%S+I^2}^E+tT0r#r3QtWWxT?- znWAriY%b>f|AFn$n|JHZ{?8yuB(UCIxF5XrMo+CYE`{6~DhxL9`Vg7B zTy<9Q^KfR>myMu3G8YLG^QOk789i55!uoyq3XE|p7 zLAUzw^OIPNHEhaahsLa1XtOFM$=}o$usfgn3~5TZv6Yv@x;yv5wk$ zu>jQw%yrT0LqZvHj4}Fbl&nqB|7LzT!~6nQ{$msf^#Q8Nlyv`_`6(WIqnq`%ZHwiL zRavWj&cYLhZy+Z@h`_7H3FN?!#4A|HyW#A#R8X7v$aQ`FyNxLq4!wn8Fx-Io;5Sl{ zxicrlb66!Q^{Ic6%eQ?1%?56&HrK z=LFq*0&QwOJL9(eDC8lcrGMKvJJN!%yO7Me6{+B#5*M8?|JG%m=wXT0#~MYf5G_N@ zHZ+{ZWK`n>Tp0+$8)$WWdVu;a_{aM!Tnq&{9*GX8<&{x!aZKj2ei+rnp_L(|P2%VM zH)?)8`qXiu>va#rK;tEl7UVTK(p@Vt+Gy7?0eK0+Z5^g2m)w7jeo=?u2aW)K_d6ii zhNGr{7wI|u-QeK@(pse3QmzyS`!Ou^5VU>4_jlIqRjty~uicAlB`9{zH<4txj6(AB zpT8Mb5b#dQagpSw#}$ms#r+s^awv_UxkMs z;O7@{j>gHyy0v}Zt5ps=04{y$t1e4qY05${!j<8eAZ5g=1oIQW8-%QZM9-~buqyoR zSI;Tl9-{p>0_%O|R7K;q@Ud+U9qup7Bt~PFjXCU_N*p#Pg6RabKxlPh9ajKvB=PL!*X!Y8j&3OfzA@ z!yu-FvP&^4Z%-S=QAg-4f(}qB8!2EL$MiJCM0+Z-dhSN6#PdA~r+fO?G<^ zr2NVM^vuQnlUeLJpqk8#q6!{V8$Qohy6-qx1@yut@y_x1XS(*z8da&Zn7yZTgai_H zala_UNo5O3pvIf?d&r>ay=q25X$lDKAV1qY^Y%Zk1 znm>ekO-lbW%Y`b9diK+$VFRLVB9p|{uuY{lr@E*^@<_?9Vp7w`SbHO65C7X~ej*SW zi+SlU1{0b0TkaU?y|ko$(LP&m3AAT(#4!=X(IXDIw;)6k!O1bD`wHPM;A}#@t$02D zE`AYv1>K3nn-KmCs9VwTJ!|?~Ol3!w%U%Uq4fDNPHhfCiaHh5gVaOTT%5y`hj{k)CVe&Xob)mRG# zF~Vd5QmhdwI!jMczX!5sB~PXo2Vx=GNty**OwGoA2|pN>AbMJxT*lli zuc<7W?C80axVLz)RKNV+8%kkt47v6B=QGMo1C@gtU7NGWa~QoQru$dCQZ@U6tK5HACu+``@V= z-uu?1|Aw+Ws58Nv7`O%irU1MHa&}!PiPGQuE#|BUebIRP&QCl_g^B2vLLe7L%IHvp z@)Ux_j51Qi+d|+iQkh`6t(gQ8K5`surVF2$psHSQDXPX_UA6Cg-ZE%Fcf(#OnYHV@ zB#N8YGIOY{N`#h2#4n|H_>6w>3oH+OQ7KeusO!wrF{%fa#3uD7A35zehxq4KGfA;S1F zD)rmakzwSa|{8uc#h0!fOfW^9fSTM z_nT_m(xFO%mKVsHUi5>Am@O(k4EU_CyP~U zRe$Esh@XtY<6g(uG2&i;`b zCn>?J0Cx4AgfG%Kmb2vQc4{Vn;|I3Rr=ma(2svJEwRED;AG?4Tj8h_}e8oz-+*P5# zL1lA#Pu5!6My-gb774Kvl>98({QSq{C+~C5jf;pZS(rN+F8m}_%0Ud!JVjy?z(pbT^?{5OUpY5^ zdyGx;yNt0GK^l4|h|^%kLb!}UpO#Ua_^|qt1)i*&-1*|wtSS&r)&BC&AH!#CPYqr@cJ z6bxTDU&E~twCJZ)`KoGUh$|e84;nQ%HC&Mymfp<~{+>THn%rhA59uy4nqoAo*(FaZ z^>gi58he35X1s403E{^4+iQCS`Fy$}!L0v<{+G_b z^D-kXhY>QNC9jju&g)KrQj;yiie<$et3R(kxZ~!Ql#ZMVuWwia5#!AMhf6^x{oK8j z0SZ;@*$#tnJP zrYABkInN2VC$e8|gu+Xm6y^v~2XN7Y@P`uX!bjA~`xZHJH$&Da2a6@ts9U$BFrK}n z`O=;?)~K+n?GH$2BTJ#pe=nINau0B1I9ShFb!%U%+pYH^ohk!Ub}yPRGf)!y6M)}U z5n+bHsyR zErQteXKPfW+<%LIdbS!jMoI|eghx*hwO?Dnhz1rmff5q2342gk0e*b^Jqz17g+9wr zl6l+jQ2#J&A0ZxN(TO2P&~9pT6o@&R5y2WA+PT`RA(IRT<3o5ZW+FYBhTt~cN)VoC z`lU`|y=3Hu0OLTPgy70o%;RwF>-tuwAK2oUHv5-`d^6CG#MifO8l5B$avG7h5pa9* zHLe}yD5cGAJR$Y1^Jar&Sb$^-CPoxURSj03#>mF}pw10PIS(78hlhSxr3DR??wAGA zQ?*vlSVunOCuaX#(-BgESX-LLY<2_biQp{S2=HdsV%}TyQ;vIYBQKrIu`k6{_p912 zm7PuVK~Pn2{a8trQDsH_6PTuM0@RAV$cXp;te6a|QUU!1->CX$s{^e)V%l~Q9^&Na@-T&$6-1YroldXSeA5hwJoMt?*1gIWXj=aaT2W{gg zX~kPrGJ=#C7s|A#WwpA^raNzX;cr$3Oq3CH$@z$>a|PiZ<^N8>ZzPFm48&JHF3CRz zcSO}TZND1rgq~`NiV=D%P1d;m?%iMsM<;-)({CHa1YSD4L?fUitO^^LD6zCPR*MXK zZ|174VZ$rQ7|m@)O~vHAnF^H?QHJBCev2CF0R&?hpAc2{GNAMV$BP)WnrVAgf*!6D z6CTjK9X>PO{JoQ?y!>76UNsqtXwncScm%y@MV|w8^};Tvq*@VCQWvtGpG=%HO+d=! zW6tmVw;d+Ci_Gd9G}n+uQRmgD5fNvNQj?Y(RV#@Kr#)YK9+%yX!V-$w>Z~TE?jG_= z&VeX^&{s(WPjxrEBtpi)$e1TGN3dBN|E1jjQ#;*hscfNP_n@g417)LQ()3QfM#{pH zoeikN$#OT(d^tTb^zWkd+qEAHJG zX0{d?LjpM(9KX%pD`B$F=f6I{Qs*a5cvE3Fx(6M-8}CS-n3urSA5tS2bf=-{&vfSQ zQ%Zm6!;M=d1U~J99pIYF;_HeJSwaQO&k4zx=OWplCW1*HO05=HNVn?&02dQ=7GMgy zt_JT{z7VnqM)}!e64@djk1T?AxeZjc{qn8vE$-<^H7>Klay*8UHRZR#yFfuG!y*bx z_xv9Y7(uZrLs~5wfQ@+1G0f_trrO(rE>0$6&aCtUWhhwx8S$??4x(o!Vi~f08xfS_ zJdOT=(fw(qlB(WuVPVmEL10;BCBpe4*rN67nsTMa@n6ubb>-P|2oIx~u4B6S!B)3l zs!;6cs?Fl8#upH5N$o77;5lW?GU-qa;wCyS4vT8soRqg1cwl}y5EC?gs-!+7ssL%` zO<8E^%?lpdx*A{1{n6Gp?gF7aBk7u0jxLUkt(`u?hwslO|Hw7CZlRPGSJWUqCRbYR zDs^su`jEht`AVG`ktcHCM-2ShIIH`W z$g-zqa`&3$SLQ6@6Bl9@K647%rFG9yhI;;1yd*^NH;|qOSX!_DIldq z!r9;}&8JDl-d4}=(D#L5$wY9I36>8Cm*$#&?^DMrr1n6Dl(n2@Z6_n>R?%l6GVpjK zVR>S8*{KtDZoATAhfztJz9Oj(vC^ZPV5X|)S@Xd;pwwMjaVd(3>dFjvEIE6NPgSee zu+t_VS_>~Mw|c?Bqi3q?eDU=YDurKXY31A)t<2k$=aEZLKLkua=2=XOFm9i9(R7Ka z8y(^}1_a35py(XR#_1lnAm^4yDCE>0h1v!rawYu zF5x=Mtius^mJ-x)(>d{X(o}6Y#fF|lph1)yFe3;h{97Vtb^cxEKKTdR!&ycQ0h}8v;1*8+pYj}SRtd60(Rn!L z2{Otk7LY;6yuT^wv(g0!Fl(Qw@-DCMyfM+8Ti$1V<<$8Y=VBmQAOV1HKAm*{V3X%a zkxweR5Mk*T2XmzhizY6uW0aItbkYlKx4=6@>o+Tj0 z>+Q@pPZySHWqxmoaIR>cmLJh2h_Sx`vAc~4c=#bfuN2gTIXH)rrC zkp0^V-`~_{5|%3IoHJ@YflqkL*(R;dx*pifB{_Ep0|Etj{ak%y0%QX@=vsd?VBJ(v zFk0gHSpyB>x5f{f>UTxXk9ZTk$Lft?{(;JpKY3sy&Vt{xynB`aW0EJOsX$il;Kh&7 z5aJwCLnrk|VLu4^`;QQQN?L<=3o=Xex4}+&t~U=0jLRU1`0+bu7+p;57Q%mH(Xz1| z?3}(`bycwknz+wRtEjPTv(m978KN>7(R5%PnEZ+R)!yBKaV`7Jbqsv>psYP zW^3U2ChB-$PzShBCLu;i>nC%x_Xjg+3iM^5jX(2!>7(dwS*hJ5S{@HZu?#%~= z!>a*FMJLl)^yCPw-vV2}!R%`>{->GmJTxGT7+-NWnypeJbfyJXQ1tIgul0L(@WJp1ok~-k<4wLt_PNY8{%4hixeM(mG=2X0J^q!hQoBe z;LEWf^V!cGY+Y{tczl8j{e*kEU=$?jjHL%;L5?pFe9d{w!)|@}evU<(t~5fT44-gu z#8f=tZZhiO)51dvIik|Ez8k&+>~KU(Af5-jhyJE7x5az6o;4Vq@gR!NF zh|-CzZfbUWxUP60Uw)*ta+e$1#&SieTt{5yI28u&)%?J34DGzZ1`*&AkWP6;=Jd$* z4m|?*S)MbOL3sA>K)Y|(*tYPQS$05Z;wV5b1ozV{YHN9U@iKg~T;+_*(eSJt95mkG zbWzi}vJtbxHwxd3|NGc=>jQU=S-XMJ8O>M9j(Q#-|YZv(vrg4Vr#;ibNG<9v1x_|L}U`hktid3dHJsGt<_ z>B;0;6HYbb`*9Xps36Bf_?fVAcoOGQnF7zudAlz{q`ie=TOYrT>+h95M}5wMFq8DT zs5C7;4Lq<}qi&Q83$h!V(RQnUbQA@8lY-5P%#v3FNbxRj95`P9Qfko$Lw(BeuA6rg zmy(h-IalOPPl;V*G(vtVmy;x9MH%W(r=$)|XC3c_a~>7d;jgXRgQ2Sg;?v4T-5iSm z{qfJI(}uPA!{-AFiJf1~5=>f3mVX|PlsB}D#zSHku`4aQ z^$b*3Cw)bIZK;T#Fy&c}Oolnd64BF?G6W7G@JGd2L+|vACe~unqt+yG$tMjvkmKFw z(Q59@ImuS=`<-_{IRfhX{tChmc!)d!dbh!kE8!(~x3`Bn*6`^G4}6}ML;AsD<5s+( z1E&W^*j(&9hcMCd#WOJQS{+tMhEPTVq%#hn!nYtQLtD$Ih<73Z+vwt_{0XPEKBnuo zZ|`pxT>_45o=Wj6>hF!`zW|p#2X)6?s*D!Krt!f5=+lAI{U52;=WS8QV5#C63;dYk zX};3f7IAZ44#|vwESjW`)vuX^G~7soxn!hF9bjEe5nTbykWMir;c+4D9_38LXfH(A z#O?1@!op@S>ip9+vt#rAok&R51d45?(~_;@Lb>k2)mdEjx#`n(dgmAL^C?-mRZv9x z9i(wl;bh^}V|UgYzkzWCa{Y6Ir`}t4pm|R}ttS&ij|Y0MOjH(>-F)ri>p?6xoR^ms z3V(>1Q*{5*$KwwTqsX@4Y~gs`Tl7X^^_aY2SI#t$zOq!)r1fX~_Z@d6YT_=c6YagS zvg{9Zn+c#V^io-P2o!x)X!>XMh6DeP;w-QN|2R9VtoHzl-}?bscym5?el@8Ne1jd4 zy0r3Yb>rx3{a3$KlZM=7_|-=1S>IR)B=zEU5g1TE0>?5_gfDe$a7Ydak8T90W2X=v)9??r~Ot-9Ix6!2RnQ*tq-dNJwlq z$@goQZZM;^Yar>MB+0T6aX$i zDXOhMyYqf(5%oS)>XdA+9g*_gGcFxCN!R0csxhj%ah-u%K{!dVKsRZ9kfHnX2GC>X z9fU)eyJ}7G^=Wna8f1K7thV!^xE^wFVP>P^_BuC+R((gE5`_9bY=|o3<%j~ywir50 z`w+qEO?Cd5uCC%}XbNg)7l>^dGiq48CK<^G;fmNjR`|5deQCX8e!7eZnlAZVWwEJZ z)`!=dHw0I){7d~SLd_ZUL$LLuI>PR>)-CY!mGCF%z`@4$H-4Ju8wI)ZTutnr>}c8* z5fRs!6mRVAIa$ qW-1AA9Zc-^S7y!L)$+^i?$IjJ%h9Np-j zEoO_3hiB0p@v~Pa-5w;pz9Rk^{P;-FF}K;QJa8WB|2$U@3I6pqRwDU%XY!pN1Q<_F z^aoUAFa7B}YVBhJX4oiUrhhk%co_pjVmmO=~8`;!Cyu=%W%8wV`f|TKhA7m`0D`rG( z$^Wp#%kF37z40=HY?#?_T7*e+awUK{;eC($s{y0S33^e&01;a=(EhhTGJuppXZ{f7 zXFrM8u6Yj$2a9c;0N`hx#o-3AvuAx^<$4fg`9asjz*Z7f&U-GGx!!@s)a^@2OeJ%Q zNB73iF8Ds|sh|bH;|uq7bX#FTG*SoM5*XdybXp5~9LO;G<`uQBh~ZN=q>iN9V{8qm zeQ7>=-+ELayv2E}az^dbKG%|PtIsl?50UyMbJMw4>;Tgqq1GqILVA7Gur5cgJ`%}X)myE6AXZ)Ad%r(^R zPI~fkAE=y+6_n*UPm;XzxwwS2)@N{n19iD2|WVdkH*M!SR;(Xe{32oBFccW zF4ce<4qtUW#4PYok8}&bVXj;);cYIHAQ{CX$vY%OMB-xY z?LrW3-DbxK`?EU#d#6T4eCn$Hk`E_6ndBqKZ_nCe z^p>1s(pSD4A_zF(z8AXD;do&-%-F#2bHmn7m{Bou{d~}<)@Ny=Jr;BE3BzY9D z|5{h-2jaJ|JwkX6o1v;x2H_sR`F~mfAlp%BsonG>U?&j1)%0=VG2k<&jJ}STyPBQ zZE&uS@aw3DB22Z!4ODG8c`D-!h5;ba-FME*38B>V1V)&8FnnRhis{1dQ@itqxD(G# znJl-l+rSr5v5ye+6nh{K0kxbFiFh2GT)R6`P)KhP-Nmt{@66)qj~wF?aL{7vSyc4d@iqJQi2fCoi{gJHxUDj$wGz=ug622;Y zlPjGJ%VRa3$Tf~s9DE&h5C-2HqZEdV0uCvus!#*ly>mJTAoq|Zj&qSl~ z0jVoB;moantbzkw`@WVUuhS{H`KUKadXTpccstjJ=}WKj7Ou@Vjy5pm{5C=&IF}?# zuwQc@ufg{Z6r$BD3ZFz8w0DdpmSq_@wa@ob8xEl7 ze>A7;r&UHgzpOxh8{GaFm2AM8y-1VR+$G(y^4dmIffXtES~=vrbItzuz-#A;E>olL zeM+W7@J|?oVG>inP654yVK0YN>z|JT4ue+U_#nsH%D{GN=y_uoX!barvwFU9^-HVI zg?5~6eM8C4@#hoQ0*l7LYaS_^bTjWL$*0rzMh%|D_2HiLrgvmsM_gNg>%m7q+ojH< z-VN0mP{l?ynAsBEms^*0j?K8Les};n>cSF7InuI#T9c>2VNW=_6@5T<0u;^{$Zqx= zzOW9#LuM~^_@#Y<8q{VSu#y2@8j5*`EQ^2d;!h&=sh}#HK|4Ou+Z8Wm=qxkIjzc@9 z*4lBtwsm8KLNnwD2v%H?xXc1ueeon>51aig&qrVp0UeMzIl4Zd9)IDP$U|O2|0VD8 zn@}`0%`EU)(X1wZPvq^D)rEbHu<@uIp~WkTi6AwIx~os@C)PyLJ^Cw6RC4l&XFG2b z&X{zvidO%=kq3s%JcGytQHeN+_N%JTjGU``xX%;oa?^F7kbce{_F- ze&um~$y@FT#j&g+E!e#@zx*V8Puj?M!zqUHR~bOu)|=*}Mo(j&2>sqrP;2Gn*)vR9-vk_HpUlF`o9Lq6u)c=dU$*Vd9>j= zzD0Z;;A?MKUEjU=2@Je2d|IA)a>AGLzTVg2fql2ykA%|A#%h`ecrv<_r_If7GU6l6XUYNU=qD@}-BI?k> zZ$&$-50`W~ZCj8Vz3N!sv*P=G%SExSP z+w&lj3zRKOdi%QCL?aArL0Yat;U$!)=u7f;2#!kw`4GLELlTZ>6et-nyERcwcBNQH z1nO{NowP-J<$C~)P>)g6&Q_vbxa)7H!;R5w(`Y+YLiVh=2uJdd5#e)!kcdu^5h(W%68)c zlR0%b0Y7s8=>BpW%c+*$4}^*w|2|~z9|nGewa?kV=%DQfZ*tc`YF!FG!T(!g=60pO z{bV+7`UgT}}`lsResE9`-vy*XLa47_0mQ@ivd^ zH%Lh<%^2!1j-Pf*?y#%To{C_ZQ{B^sO6R~OI4q3C`QwdKtK$_`YeS%vH=Dbgl0puV z4Vq-^Q?n&Pe`^t*X@yWhiEp{H3Mrjre9rK2*lY zRZodkm~$*IN;#HoXnJ`^l5hdZ@-I8au!_)5+6dJ|8Q!j_Z5s_FT#PvC-|)PuG^?Gb zygZ=&JL?V`a|Am&E|j6gdlWY`HZJ{kX`Oq2*%IVu{KhWLb??W2EUFiM%>|(4F@k>* zFCoJIk_IWnXAN6B7_VQIJ-XR%%6?dke);wd3xDFX(;5NJqq*Nl>&vkzmqrN zu{OQGX?b4PEPhUu?k%$7zXQ!)9sL91U3Q6v=FKN~)PAk@ZLBYyp^>Ok0dOtN&V{Xo z2ztBSP_@#uqLXcsY=0i(nhePjc9gb8JYmyqbS zm#S-IglX#K?RH}PTkrmMD-d!OmteFo^X$C>`wM|6lsfr+iXmkyZQ|8-_xn?ApZ5D< zkL|Bsr0`!+ri(J|_d}uyvIkMmI!~~)Mj+95`FBJsX2GxIF5Y^QmAv(jv}#)Z!|Z34 zs%T702cePV%=2XfxX`ewhsPJ!~Hfl6^LQroZ2PxH-8P=AoPZ9Qdg>-%t zG`)j3_mvwvQ3VbnNn*>)UHK7wy5YElh?)d`9|N12n;G|*5cO#6#dG*+7;JsQ_Kdw` z)Vr&lL_}??%jI4zIOdAA+(TQ)&L-rq(8(x249ZD`GyY=DvAor9L8?6!KObJqBEG&2 zt|YlQ>k|zP9H{cI8t~pWE_3$P@n!LT)JfOb4Cs2@+H6%E=&OM0O|aegz>Dw-`}4*P zc|RJDKju=1vDp=te$Dm(DHKDvZy(16R;Xr&BFB75HTG3W!z{g~N!nOe3+_prautXxJ7?_GIC0@{F zjqF^E_5!vPp4Fi$k1U^dgfp4wbde00B4)CJ=Pj6J?jzVnr$o9tx>7^-1cQGY_vQ0M z6-z>H;<Bdlo8J*mL(m+OZ_R<4r!D85HrJWbaZ1(1ouKN49O*VGU9`~Qf0C}hm0Q~^?nzm z*Q0<7??osvVm^%IV@`ueC-!60J7eU%`ng(7XW-x5WuYlM8CjEec7N;w zUqXSw#uS1}(4ECVa%>kKz*!wx6|{ju9JAF;$YR$-&%mO#)bUg+OTpJ_K(@4}+jw=Q zuSL^NKO9`ym&1{?KN|K>Ns2m0J|Rz(Q6GmLJ6cfIwudjRCWl9pz9*AmHtbwk+Jo1t z;C*(965#rm4EvXfZFH|*1TPA>0x z!@o@5;*S=lB0L*`SL)CBIFq`sKIX7|lEbHcb+nU>$jUK(kEDwrd6Odo!P#2RJ0emt zkBXuLa@vJk`!CTJcnZZD}==eI(JWF_R-rG*2vu9?egN7{q!_`9rW9U6@4G^o22U zPt;ZAV?VOPzv+H=;e?YDT&dt%*pN$2rAof?eJ7CF$EK};rLJu-OF^1`sXp~TyMo-2 zE23ghu;#4BF)eMR|CVg1w%Ge|0k{_=jnbq2KgOQv(ZQV55uve1FDhLDy}MFH~1MOVK1rh z-b6P$8doxk@h97SOleGE57^_DvaQ3|ECW??AEE-A_e`H-oWRP9sRhwUgL>HI4JW2RRmhX+ zLot`^g~A3ILBT3Ff)QBfcEP}I+#2HJP!JmJmn|)(?X(F~ihlrZ+erDTv0N;I{5Y8= zd8sE2P2>wLA|DY?u#IfgeU9BhsSx;za>tW)`pBXS=NykLnz`hVd_N`tFUtb0OA7p> zUTyxxK5vll(N13{F25n zTX8puu3CC)-D3h?^Ks{&8FTV%P&EA=s8`D~IOav%%`}`DmY&faiimtVWQM6H!xdku zzku^1CdDxxy@>Yub010_L>x5wO=74&*i}BF#09NcvolNBWIXexJ+#01DK-8@qR96_ zl4nN|>xE_}`^MYU|FS&=97E0WCz0=0Otn8tfmnP(%%pk0wI8g;W4Z4K3nNf@RPRF( zs+P$BKwWO+f80eLo!YAtz(@>qcvgrn>PrEbsxUg~a$vOYuq-D--#U3f!OXMPsk-d2 zgA_!W#0w`?B1w1n)X#WhtutXI>p{P9NQ(74>I@i8ZIR_5psQ;mc-K#2nC8bn;WrZ` ztIf7L`5Fzm5vPy1GQ7Hpz+b*m#9JcGQeNa2 zuqV;S;Tl*lkII|>Ng2RtT~TjNSB7U%G2#ZJgBu9&a4){gX%a!)F{)$VnCXuBJSXvi z5hb)FTTIb-!Y$|MKt_e2nIZ6*OZRwp>HcUfZtY4r(e+AT*$T~aWMh1LsB&sAW(B}ju4Ahfc@UOgOe?}`l>DWgl=`>9n6MHdrr>(dj7qc=aTA!Rcqb| zn#qCw6XyD2RHpEa_4JUH))Q0A;>8qhJ7|0hcn9hRO@kKJM+a@Pj~YQ`SQTyWcWOJ~ zU)@=Myh<>aC1K(HGSYpE-Whs*XVIS|q5JKIjrs+d9ziObn!m`^Hkm_vzB}=0B})X# zW))+fsPcbliwQa-lD?%*vlfYPLLtr#^O9E_|2rV3GSNlE}_es8LXQ$ZLvb>O^tw)Dw@H=9O`V=zYlB7m7NYx0%t9W8+uZC$8; zr8ZX0!bKFaKN$AWu}}PdDvU-1J~gZqntdHNJ(994r8GK=R~R|PJ;QdU8MiBCtz*9L z7uv<&JP1M@Jd-|Imh7rO5&PL@&wbOT&pGR?b24*gX7BwxzpdB$-1Ev^-{OILtV9lpLa3O z4v_M|V?d!xbp&=p9g~wte%Nm8J^k?hE8CdRz2xp4Zphm}wui9CEN=wVFFOcOyHdxM>=RRlJ7E!{5BBh?bhGa?!=GTFJI%O zDkqR%)gaxo7kdOq!5Q!MQ_!hfiMCJE9%h*nq{+8)r zm4}6kpBli zr?p`LC;WjmJ8722jb)8%b3zk!KHU1)fkIoNPBXHG_uJfL24glGTZjn*H(W03;DXzX zyHE!(B7;F|$c9;!20sN*Y}UyYP*9ij*Hw?0n-x5{NHrkd?9{F{^YJTJ>A&KrKYj7OU=$7sU$%YZfjqnR z>VrR-5(9-uh_49LO(d9TBnhF3!^Q%|D$d*i4q-&`q{vOS|K#4K4qz@QRJfB()}e>1 zl~H0UhdlYS#X#N&f(d}X*D@+*ruyww)os7;-4;`|)c3c2-MPKbFs;^O@yf0MB;U)r z6XmW{V-$fvo)1-8CBBpUgsRBbJuks(VeDjJ*+dm+;yW2AD6X1VKvtJ2JdfYs^(O#( z5FB@-W&PEpr4J&&`L&o08HH;;5?VKvc9mzL3@4KN@({Z%d!{Juk)554vNoVoeRS}% zy~Rcq*8U{4XT#v9yKt@|%7TGWvjgvU-TdfzL^KoM2PIfzXEtyE)Av7o3^qlOgtsL zT=%p&Ud{hh2!7o%863)YKBjkxPlc98bPeXOnJj<3#PzYza3!KF_hsK)!=(JB7NY8( zl{>o0=d8v=RQUZNTzW^npC{!qIcTafQ!R!Ph_vTDX0jEp0V)5SKW7Gvk$QdgYj`$n zHe~!_av*|6F+LM5!EpKQuW*XhJ|}qTAY!58Hh0(Ign_jjN|G4{UtKjkEteEI#-ASj zVdx|+Q&ZP!ojx|e;{3L@&F;3v4m@Q#l~T7Zgq9CmNK}X)OV!2u<^WE-CS002Lm_WR zWslP=*)(YKdAzYKs55e=Xz~`x6SEE`e|!O#!XtP)o^%Zyf|J6p$}f-^2;4Vsh~J@l z40-^bnCa2L*YmaxR8w1*Hf8n{`iz6434&o%AfjpJIeHMR_MLNxZ?S9U2brsYX}MQ0 zrG~*Bts%A&iRmPiSc4zV3_X4@icQ4o6QL}SRr#}#-b*V9T;kpI#|MM`??`&G>6w}K zEaErpHg(sN^z})>nL1P)yBRy67R0uLJntz1_(}|Qi}mvW`4kJkm!I7%OEwW$G|<3; z(#XY?EyaByFqHWc$$^~y^qd51B%%tfu$nX?>-3zKGVL|HwZQ>NDvMxq)-L`OZ6yT_ z>(Cgq6#3VfK8%G_ z@)f+|y)S#%=00f`uG08zFRqZ3|Kc7jFV&;(1Ng)MXb$FS9NYZcPM!n~<@@-)>1f3{ z)Sbw2$r%4!Ker^|se1CaooM1KN_Rif@We7kPDAqxQ6bc(4>;6$3F{{ePyB5J=wv=s&q01|7?sGZd(AcZOb(a=*K2RfUXbC#cFEa9)q9S z8oa86T{qEE|3C?g)4#xKgu(-me_Ts{4kBl$<9OZZK7-~^X;NwFlvR^%S8PJHD+iH% z)N#&RMBQTk3EwzQ)elvssqr$#byY|OTWmt%JD498mD+?$+W)h2Y*uSkKF{C2Do)y~ z$2#&VvCE|mo8l<~=&m^&n#!Kfm;c()w%2XL?)iM@)bQr`vp|&WR8-Ah29DLvEi~3Mf?i?nO88%1>84e zVK4MBwy~>^%{y@<8``nk;TW=GmeC+2N@Y6Qha*8K0etka2UPS5`trY^cLtuGqA-^UDZ+$f^xg;wKhVtn{ZOkQE*8u)q?M#v07vP+>Cz zK`5%sp+7$gkuRuq`edOqbUTTfWN~pO_{gex|6g!sORG`vqMQ5W1L)=ye6m5~g#I(9 z!Kbv{1y~-fPtg7mY`;rD{}hxfF!bcb!#@?;yR_d}fzewwJWmCquzB0fu$AliQ=^_| zxb02E2FJ0}+VS@?;oV+d*qYY7$0z_wpMkrK1I?J~l=!>Z2K=lMxSZQt*rc))UA&wt z^i|JyUo#Hll1Zl%Uz+Xg`r_fClQjOJtc z$L_H>3L9|t#yfL!Qx8*e5ynb=2Wwd<8Bp{HBckQ++x;;){7ytIhat4twuUpkcU<>R_U~!tuF{w7JBJ=Aosd&)Yjfo_>!d4OP&?_n>jmAHk&U zY8i`ywZ|+;x_8wqT8-TJe8qrQ(aaBi-=7}6hh`uwT?f&hSAKJHoh-F5czYQ}F&rG% zm%ccu&1*wTHe$6!-}ZJ1D?9Yke67E@KKgvP`o0m;l8z_+Lf-F^eDJWv46ME1zGW9R zFP*3YcVXE>3vsl(e{C~F{vLP_tS^G)m}L)L%Bp(+#|g2pKD34t z>{#djonS#ykc9K=YhgT+peanY+_P>q?kmVDI=IRKD`H(N5)1;jcz`2Mmem>w(j$5l7Sk^R=uqDqP?_1gY z$d+WS(+qE%rJ{+m!{+ZTk>7@5A|oGr30j{%R(r9%+)?CZ!p$u*Lx?OMf}aV>W8B+% z^ty@1#HMK@?DevLE0kjI5xloU((#2i?j^iey!?+3gL3(lx6gdR zZ`^3tP&oKaS{)Nm5-E%2mSBMsjC!V_ zpn{x8?6jWhH%C8xw4wr{qqd{rlE15{BczD&uF3;SYLrzGr4=cdn1t$@=xhP1q`vU! zm#<{N!?#bZxe_qniCMw8H!)MxIy3A4Ieo1`K@Y&x?(F_88X03$Uu?Rl9@fa!9b$F# zD&<30m*B?uvE!{I2QciWesev3{=@ld$5>~hQ@yacth1A9xi`bC*`K7w@348?nVBv= z^v`%jq1#`F?aApbe0C|_OOpiw@eK=oe2+^an46vV4^!r9#PlN*ZG|?8_L;Yorq4Em zCF686TgtAF&T`=A7zY<|QAa~9iDWV5LgeCQ1z|O4Us8R%>S2fBH?af0s6*z`PhnD0 z0RuId_iYYdFok8u-@{Y1xt0Zp(jrefa58tGd;sXpP|G}&Zd&i$r|-?Ppf=Foo#re2 z2d}zz&Voc&*rwD@)Qmc9FaiB-5`FR{PZBqi;$%W=<6Le}oxva`;?^1=DI!LYBWZJw zo3Pl_2(iE*n%T3$7$7d0kiTou)x{qBF270?t}+HbP@x_MC(5R$%fYG9j-mLh&tEmS zT#LzIx}$mB2UIQP&7fw`cxc%)d-lSS(fAO%@|fZGs&`=266ngsJl|Cco~PXXL7tph z>X3xedeGEZ-}6;2+0{ikH+X9PZMOa0xu<~cRULPngeUb*KZ_FIYi?U{0tYReCnHyU zzevF<+{57C7q~-Dkm7n@K_^+1K#DD&R~a{H=bPi*4q8 z`f`zi!Uy%J)`4eA?9lWyWQAa@PrNFTuZ4}~4PcrTJLf9p4US)Os8Ot9^Re5eY@KJL zm?&nb2cR+37rW_$nojARHMF)j}W{e6039ILA@Nx3;PTH{K- zbMBu1P^?~AoYocL`W+no-8<|7k2LWnQt&Uqnoh}U!7+)gNAU&U^TJ(8j6CL z=NiQVc||u1Ifp{So!eFJ1!T%#^I{Hef}NA?t-t!u^xAuza}qC!q5f(G1Zro?;W+Sw1ASf#DS;gZ&L$U@Z?)#V02(S#TOq4 zwu=R{7y;C8D5(fYM2`%yv>JhLQj{=Dzc}L1MDMFYM+x zjx?~hLR+KcPZr*4kVDU@)e(a@G+m6l>f-;U->dD=uzBm^^zDD3-wlZ$KPuBuDSRyd zD%H|TMPb}}{Mv3!dWevdW&`5rL{a(2+EuDy%&Z#!!}KG}?7tdqWnA3jUqs&4u2n>S>&}Fh5^fn{nOJI1#^T)^_^Jfw{f6g7gU>IBO|Z}Es$GJHgPXyn#!;7# zfZb6a5EMoxj)X}>iQ9P$r>7p7{}lP;Kn;Aq`Os#;>f`yDmzP zU;ld%zd3Pkr?nCIN2guHkHVYAWVW&Eu2$atxRw=uv1SYh8s;{&%zAmV$xL=%5>st> zjVuZaFTB$Y^H{vHrS0vAXT$z9Po?yt4mHDyNem(*fAiQ|Pat zHkYH_38EFPEsAT*cW$;?(b8oE@UCR6L8E5EbY2vPG;!hO12Bd;qy3)O^Y#+=UM$zaUG3*{ z0b71_A5yYCH%>rIv&SgWfkSqN(=^sUyUfG2FR^P4yJ%yFu`k4g%!RUtkBfZkniawl zm>ely|8^>TZ!!;)SH@i-X1)4Ai_&ZMZP|L(+P7Y#q+0r>N7d^YQMEWq`t;A)XZerM z_I6Fp=(92T<(C-HH%gTQUjpYGaXm3QJ*ltdsHiGB%zDY$=qqWA!X;wtixU0p=)LS{ z$OjJ5*3w!iOa$4W51UZ+9d}2R0cW@SP7in2Vr_(PCU~nS4=?to95Q|DkfrdQF<3vp z^me+Hco51exD}oV!jTHYMcu=ld&_@ET^M|>{7=4?6`@NM)~{)~b=>*G=O^csb-~ei z3og0`8MaFCnLFlHlOw9TQKS8d>~N2!ub%HkJ2T1nA*}jWMW2$y-U4lQn@D(_FZ=em zrP3*;uK$q+`B@OO);*syzmaxqEtWTBS{ZkpV{kjjn@&I>7KAc-xe|4WYubO@Z*;L5 z0Sb=zQSEXQPjINcozUvvW;yjKTPaFGZZk8*tL1YXJ`4Nt*Cb4461s zWM`t|Dn)zoz<6M{apA?w^Ki&E8`A?mSsh+7NDmS9QH<~+H$H*=hyY==!m*6%`uUpa z#{O&iq8|V1>h?GMzN8e%$1AR7e7l=E_R>L*mHrCfPy9|sc(`MV$X^j$a+IO$Np4fg zy5BUFsv7IV``%FUjSZ0*{iUozB#lRD%4Oe@p_rf1e%nyye20$sPGCyaj8g3`NVirY z_xvV-aoKX=Rry+4G+XF=+P`A<>B`%>d^#@giPi`d-%5bSmFgQ6uQsRvf~8w)BJsf!5rHV+nE!ngZ(-sZfH zv*zp-)c!dZ7iZRmf+xB=;ycf8($L%fKG%1DcJk=&!95c1nb8a5q@vJ?KK{jrJbq69 z6r`X%M*61lKH=eOaYi#9I8%%i#q^x;6Im39UQ|B(Nva!%JpB`B4BoUayKrH4PwDy( zzR00CnPc|J>$zgR@9-aeO3kHe(+ zW>$C^6Fp5KvDPPONu7S({%(;0(Mi4(y=(eK-WA|L8Geo_>PiN%zemSNyswpyvbWuN z%cJeH6K>w9p*)61?8ow8+H9BKaT9dj|DspmSn8jBkZ(s7k!cLW0M6g8jh|z=(u1aI zGEdMYdo~xt)hy`FPLuL#u4(51flhhD_kZiV_VM_|TWQ|Cd&~UsLUHL|8F5VV6k*@s z#q;wFC@pM#Q>sqYVCiJFT<4gT`sHP;9PZu}>V%bz7EM!K6o{1HC#K7G*ug-u_~@f& z+6%itsT)Nj`~2hl=^OdOdlP^N|EH0T(^D9;M~C4FQ5$2Em)QO}gV-Px9x>`@ZcJv< z6z9b$RIni}%UOUUTNLa3a@5GW2jVXo7gxVMHs8Y;m1n{Qyi0!xRv04ohnw^kkkn zB@ecXgT|UepmLX5(yyQ*e&L6_9n;4q7Z?TyhQg7R0^M&oQ9pc1yUp=bJi){Ld7)+Z z@gql(ZGxDwTR;La%`VPUpv_Ow_Ryct`jVq}Eor|<67r)IYywwtvDG!}>f$%Pej)p? zt4WhPpP7UK4eZ=H3!J}v_h0UT0Nh2#n*&syR6?2y61&mm>FnC-Wkd-eqrO_dkFP4% zd4-$Y<0CR^jUnn7F)071G{QRtT_^wE`p}#xkB(uBc*lbu-^%%53w0~w+@!|IkNb9r z9@rOMVkH7uxU{35O2!b`R_M14Q1X~Ks&7#2KHL*6gg&{1PR7bQ(<4;})&*-p-)4fx zmEhaQrHKp+mg`H&UMI{|03x;biUZJ9La6bThm1GTlVSE=);ZmkH*&34#!^JA8?ub ztvR&;-Atf^Q~juI({jO`jYDtwvJ|M6Qu3}YvJ6%c0DUeHdkT(60lF-%Nlw0;^p)oX zQ<_uBD0)nacrnz;`_B3XJB9J|VhY182P!!VW$VMwVH{2GK^u}8JLeK5Pv5IzPMH7t z@Mb}uaWs4d?ngaMNa{6w+#hbPpbMsHrjw8%)>Lj=&ReQmMYIDHy`~yM#6vqNSNPn7{5(H{2yVd8=?$rgFm04U`SYO2UZb~L)SWQ*A5=AKy$3%w6_AAg zQ#=kt$kH8(+o)xjIP>TlTkd+9e+a$p$$;FcNyb@f2E%PJPVVi$hf0ioJ>I8_mJF9m zr%Mi1b$*w77AB_LT=!0dF$v8>fFs@$MTpzocGMPmFGlmQl15-!WJOb<6||cp4eQ7E{!G+Mp0`iu z`t8wV2|J`$8n>P z9L)9uwiUy|u%czX($Y1UlyYDj%JKOF@jhS;?Z^jA4THTc4^Fz+I+tKxqxzFgSDys^ zyI~qnBwEoEC8s0Yw8TV?CZ^Q)@$^}4@^P${{Tue9wreP{jJw+}+QE%+OJ(x#WbnP% zTJZ2!wUqXRb9Bfi$@1#5b+uXd9YtV8craW;)FhT;owA*MUB}SY#jpWqciupllHeth ziF2vwQUgULff{du{-rj5?4=TZM4xJ{?2yOGVKihdS@h$x|W5Ls7KPU;dqsDLnzI|&CRc#e* z<)f%wLDQPtGsd=q0xvk`D7dT&bg4B(^(Pu&petI@&%$bi&Rx%k2iBGE4el~7e1f;n z1JA%Oh@^hterCpJiJx>Z*CIA<>3N$oB~Rg{EKjD3a&>e6up27!nqyky?v)Nj&>zNX zaX~`QA~UJm18%k{*PaQdNJiij>lRM62y2Nfgeu}4O75R8^#33Vw+&qLVf1Jmn>V&y z((b;&ii1*GvGnM-V$dASz6Dx@OxK{bGTvu=p?Lx9e^sp55$pU~b_NvB^{@To)1eNj z)UpbWk-TGmkDM3aTw_F}X#13+E8I+6CR7f^z`&pDwe>WBN$v;ok%z0%xH+{-*{0l0RfOZwv{YZaOJ>VIK zHmH$n4?m6XUtLzby@V<7+`4XaQqia5;()S}?Fj^&_n`Y35z82>On_5ig3Dolfysm` zh>{fdq^0-%^gf_*o2y^Gk-*lhvo@&KI4oix-ug6VG(cpCx#1Il(+}2Va&om2%MhM} zq|lS3*`Jxyqm%hm_p^$mI$GDl_M>p;$$O;iStgRCwQHvuD(V1|`}Kf@?d7<43~)H~ zDppdSV~AliO5Dwvw^{% z$bT&IoPHSo!aU<9@4+l;)@*(Q*l8ZZa7fpPiJ97*^cEa_FfI|sHUAkDJYU*-XW?hZ zL!C&#`mV?61h`?EF$h{C-Bh@|_eX0H*clumJgc?90d5{;#Cb@WqrJ~DOxJTTE)Kdr ze1I>&8MEf~?12_OTi~AYfnsG_AGHC*@#*+7i0uLV9OHdJA$wokB#Zs@NVx|eT$np_ zI)?Ee4iojoW!^{i7M&g>=GDv{yEF*=9rZq6bBRi%ujMjn>b|?bJAsV?>r{a)GfT_M zj)$;*c;-alVryF>M)<&AM!L_LeyPAm zJ)`U>OVUk8Db8s!wSz|tuY|A*kG{O|@T}VGnh?)qOcZ)&P53||m0sw+xj8?jOm*vk z#oqQ`<%jbE_hPE-Ee6+s4envT&~J}k-3BJcKPrfk*Yd27(%S;4kp4RSZ;4dTev8E5 zx2|}Wz`E)0cLyHJ2hO~juPpPK8oMSs?8n)d2)%gwpq-zuPHp&e+y-p^-3?6mfd6k z5ca=<^sjkg+D|qyhc|G-jdee(ve|M6Zwu=F)`M|RD)bxPE`ERa6q{ct-e>}uT%=GC zbHDgNo=1^l@Jn3q=^vZpAGYOA9lkl4`^>1(@`**42ZT~%WB%}2-&vPrdPU9WIQl>e zWUle@>HWgyaP_cB-0IhiO{tz69>ZAR_#M|cucZOSNFKwB&Bu%Ew~~4+CO|D@PQa-x zgaW8f!y>itxQkxHk!sZrY|li0$qbyf;4dP&rJ!(%=29)f`~lSdsp6x6TSXrgL?LA@ zD!JOI4}JXY{seuu65HsnQGXinXPI#^PN9pa`Wv@hW>k&fElM{5maG~Zx%wave^67p zI`JMxO58_)7p-^*7uZ&HY$2EZ8BS()eLoy7hMt+joH7^xr0Ilgiv%Cy1D8beB+QPf zgcpf&L3XBrfqBx`lDZDv7r^ti7-;^=TF`2sa%@k(a57BEjl&V-*Y_dsFG?M0n~lt> zYG3+M-TFhh-aN3(;o@WIEU#(qrulKBQ=|JWX?f+Zx%Dy8^`iLqs|ye4i?Bp}Rn45) zdCNDvMqj4!coWqSS&H|uChuTi!rR`B^o@*0{sNlZS0II)0YquXp&z!)uoeG;98=Uc zHC|3wJ^K%z&u`^uAGH&wQ$-+Hag4Md+vhT8&3L$e(lS%#C}%~|kBJSd{dZ2J1 zYQ0bULU#=;W16k$JGT$X_*9ti0R%pq0c?sSr_k=_+xZk6&nk7uhZ}rZ&TNDb5oH** z5iQ?%JJl<}&%3F@vQFmbjYD!G^ysbgIlr$2UX3FXY0&zoVkk`%vQS)G>fyVX9Y68z zMHq*Q+*8vT**22R*a&k}K8%{?dD!43)8AwIT~pi^=kKc_f<%%hrAkpwk|x5z&;#cC zZq{XJ@gDPWmwvda!H*M2gXu5h2;`e^e8K3@&|R;D#=QD2{1yz*Kz$C4)kqN8E4e1v zjH_+~ev1{$_u+njkBvIB_7Zfk&;Tp_fh*hRJ$*Wev%bCpS(fqamAfx&(^(+)#*|q_ zP5b4TonAT}L2qAiG^T*VdTo^MBTqQ0otv6WS8UE91!Hp)4h<9@pHIL+K3T@C&E3J+ zZDdW1XZ1i3mW(KGV`3;=_Cy5Pi`iiT&WEWFuLp@#h|p`ojgH>&BfF>X2LW?~4v~@Z zX^?-eg>;Wej1v{ki1Xb^(fEp}LNS-^t|s)D|IJCmEdcdwkLtUo8Smx4QQ-1FYgGou zK0*{@5EAcx8g!3OM@!q77>IbJ6TA8VC3Oy8`w!6cM*dfbc>Y8DLb7m<&AoiUsH)h2 zQ#)Lg-flA@9r}^(E0)pK(o;F}q&@j;lhwB=5E}y0Buz$ok=q}*BIIQ@71_Lg)Q7t% zlxVkK#KJu;F>hPGLR6o@-oc3Y+=SGGP*-r{CGc-<$|tgbhF^ z+G+5l`eSF5$$3UT*{mdm=nue@a9E%jccvIgjnXS@7GA!4x&a2xXoqa_{gZ28Dozwy z-JQZ$WSfk2tDWfyMBqCq_(@&)3d;O| zo+G-3OU8ReZ~-U2qXoqxRDjdy{kql%d7>#3ib3!kF4)?CnJMl#ncs$|P>f34gkK^7 z{rd?mharvYM%!*XtReev?_tmFIE0qaXi8{QM`XM%go&&(v;wZ$N$!yX?g4bUt{nqv zc<=YqE$dG6=v3^fs9V!$9nkjMcEctfC?y8#KW>*P)YJhKzP~<}P;F5^Z>=VuY<`f; z1&u+g9(6P#fBWf}swM2gzur_>iQJC};%a?G@cnwqCrjix6diu6HVZ!%1vXB|bPjf2 z^aZyCnuk67Bb;q)AM-J*eLI5g@91zHJ?YMnbXv|g$)1w5r|f0dqqBbSl`S>}7=67N{78D|Qof%GJ29YFc9r zfz#=T&Fh@R6vKV%6qkQT+;4!;>@X=qXVb-QhT@y;>}z6kSlv?*cu^Q zMj)_sbgxFI*>_#0JH5{>jBf(5-$eYDN{`s;pt$-kkrCdjwUvnJ{eXjl@qLqHIdt7+ z{+Z@avJHDYMd8xvfb;ktbIBXi4fX#GGiE|sJy`Cmi$3*_$d^`wtv39Re8`VCrG{P^ zC4X2;;@CeRZ@>KU0)>gY;@LAmrpXV3JQItnl1)o&^?M6+`#g1vVgTi~r5W825K?M9 z9G~(B>nj4Nm4$rx1o2y@02Tj#{CJ+-vcZoLpq*>qy*H3ocv8s`G>Ag=>dz9; zsHy7?YF%3Drlvf;B+IZpTqGK ze9syvek*Y*P&5Y+cPDSd!*vVZG@=QS4!Bu*L?rWBblo$I$Fz2Z^LP1aZoql{c%hPG z2sG`kei}mH4||C;{)pf@4Gb@7LJNa=XF_M`5+AM=SBa4;Kp5PD`>|DkP8(=Q{%tP-WZ)2xieF}(>RsGvMqXT!l|+(SBN3afj7dc z2k|+`!a=-dm%3z|I*3BfWTGRG*uF1N`Tc*FT_d{HIz$>)L zn4keP&&JYy4g9Q=`d+qlr&uv37o~AsfZ|U)7B@OFZ?-t}d;eE33{jXuuXx+FubsC5 z*Cc<0h#pOZJ2$O^k7Nzwfv8T~L(VL1&FZ`dE3j;D?k0$#xvNxjN&SRRBggX+Y8w0H zsPL7C3TTd|lMfZ3zXsqIM&ja@-sE<5Dv6k2Qb_-y^6=HsHPYSjI455M%5Vowon2y} zAJVMTuYWwdH(fyJnTdKK)#p$nBLV^IX{T`8_0`X~Q08wP7_f_*ZK81uLl`*&*ltt5 zL6^tAu`N%=t_cYSHFkDuEO)jIj)*iYriTS#4BWv>YqjRQovABkIjawI(L}jg+Ud)` z{Rk1nDv1x5g#jn4bW2VYBZ!{ffIrV}7v`J;{Fh1Y_t1VVJNc+km%1Hr9b74)Rufa4 zwAg}z$adGScede29O#+7)!P^C2~v(ZMC&eTl^zvttNzRNE)YTj_;R)mcdk5rudnf~ zW13;@1dsFK4;=_)o!zT-#UjVMpEQ4=71t}D0UalM`9{WVja>N)KsZo zn-uztRb`SU=C!X!kfl}j%9Bt`XAGJ!qsu2vdbwl+AFG;bzhw4;pY1Q!2B#qwBG7hJ z$08^=fcD^z(hUaow06}X9qxgDZq)vFZL)KcmaDuD3YykK1b@p5AQo=w}Eb{0!xva z+grxUbjs%B;la@t$tGE=pQ@L3u0y;y5Atv{rBJD1>#Yg?F};bCU~p^Clj}dmq)*2pd1oJ`X@esClCw5gD?|NWha511HmY3@gNO zGh5<3-bF=!gXumg)kkZzy#Fw54kkrsvZBMHS}Q9lOmT3-2OYrYo%f)M6IQ^(!a=A) z>?!1-`<%*P_^arI&$c^Z@aCY|spJ#!%QxiMUt=%*6Q1x3uv0))(zX|sO-N0EZ`fZ{ z{SM@gRv4=8(K7ijC6D+djet75x0&=tVn4b6WeYqy^4e|i5?Ks^5D*<|J`Zm3-KcJ6sRe9G< ze11i@C>0RCuk@+tYPYXA8G)H@;FQih(V#azV)@VN}+%m#G?=Pu!G9fS?$K6MJQn*D~fx zh^X8DJ_cjnChuZ!(c>Rz2~gp*NO(zQDBP)7T|P7EYh;7zlxV|VxNELIXv-5nTzP_1eqqW~kFg+r9*;!e+jo|Q0Z@%pT5eMJDY3>t zZbAsAkJ&kCl)#D{k$J)2epvvKz_^5a7O2KUi4~YGDzwu^1#N!S$H`ojJmN=ro*e3I z9}mO8U|Ieki}mYvYNz;5oT0haAsnCljK+m;D1Pk%$5Pl5;}gt%VsE(drIJUs-K$!v zm3hGS>D+#fo&;@%?Y8!2-ckKaK`m%)bt0N zDkB|3uP5ZHzuGL>HO;tl^B-wk3K)$3qOCiBFgT34Zj}11I=5J4nB@PCMl20$+TgB{ zhiS3_>L0g0Y~g^~yUBN=u8ZuK6z~3z`^h^#AvYYt7cx z#tjxG8+*^z z)`*d*FCsN3ZnJS_XuTI5I%~L| z*riV%{K%aa4Cs6X27mk{G5DH9LB&=g2l<*V0diNIF#BniIA4XCscAu^L?hQxBkl(4 ze8PvZ2C{e+$8dDs^;Snk=H2({#02TnZrl9Aek&hc#bG4rMw&fwB5?$x4cu0o`?f*Vw z7>1t9QU>I2L8$g)SMDuJuL%g2C3&6dIhS4-r7BTvp$?}y#O&IJtMr#D*j6w&z^4~n zNRU*WA*5ON=eWbglWx^LQ3J!E;s&eT+VXvKIpgG$b(%%Y@d%n6 zF!2FhG%EY9xW3i8c#nu8gk9B5onHqfIE%*HQXgeWdwtn)U+M&Yj%+Ek@-fW_vKhsP z&pH{Ndyn2J&PTK)y6C)l|MxPRRzK{~qpQ(4kJPq!YfTiIIpaPl}q zOSw1U^4a5OFNx&vccp#9GjKPdOr9ug7^>lA((`cgPs&X>W`o`qgSC#MjTJW6jht-; zPNt`w>*v|x9{YyZtLk@iOEmW9SK@-U!TWzZ_On`aZD0SYis0dIDfva4tF^6^*dBJY z59JaO1Cw`leH(iDq?UQHwE0V-;6IPQ>YBpY`=+{bWUQ`zG)1UG=zJ(ZQOy;f(H12+ zo}K)}g<1u31ys}-c_S-_=tblY)~(iO!` zdXYLo(|}u`x%23FpaaJs`*p=Y78RG-jlW~W6CvG>_W&u5yi~zVG(~^j!&Q-oY`DRj z?%x_FIG*yko7wZey+0$krMK62AZ_Q($Oj+zFc>{QR%Z@2wPNwR)m>lWIe+L8x&0>? z)!jE7fySm5TED+Ng#p*kld4_BSRmK8`#WA>hzaB3tXe=c{Ko3;+|V##2oM~cb+t*Y zJ_k;Ef*Q2aR2(lu|Dlg~_Mt!8>v<`^iI6&wRw@&joSw#ahwZCiNz1u3d0*#cLt4+T1cO#9-z9uRCyRdM%tX_GjSQp1?2HRsr_{u6 z>zVH-y^tgLmd~oIz~8}d(e$l^0_PXTs&U0Fw6O|stgXr&^U5&umb1pg}RZHXem4*fd z#^qHmkl%w*X2fc!X&CdxCc|J6$+_F5M0SA|T6UG+rEu`I#+~+|H#t+bbGYcjFJwZz=4~ zPJ-3XPSYkpUe8SZ$^543>|rCbz8QPech5O!$%M>&EhnKqwMXmjLwR+>)Mbd6e--wO zg1IFEM!dH`s-O>@;}A88toX}nUw$vk!vwNE?;FN%K<9PtV@b&i=id@7L7Ntt^9!LA zR1{3#=4@(FgL_WqI9`qhf0k!fJMo2D@Kp+!$)Nb4sj@=L{jSESBf! z9Ky_(c|$ZnRP-zkxG)B^E8$DGhsC7h=%CV^bZwcPK6O>(Y4F1Q)VfA-sXaeA9Ho^6 zqNNT z2>2r-;@ZJ=rAbxB7j5z@3hKg65DW-1%M+T_9v%f|v4Mluop1l%5Dlfp8t!@=zZj}7 zyWyxd<;C@n+~ooI85kTnSW};ZH#*Jjv(}hEf!bNfLCvULbfA3}x4p}kDQI&bZ0eEw z1kjkRQqAl6Q+P(gT?O92sK}%d{`SVz04+^lEF|%oXf&#`1NZ6J)0WS&-%d_wlZXn{ zMK|%ovQ2aRCXpw1FK!=zE*TV;Kdk0Av2S6TN;~K4?VohUos$9R3qgTLr?7L&^+hf; z)xeBym2>RXyX6o&S;&XSXnL&>^t&j~i&i6;61=vh2KCA^+2+#HAy+1zvoMon#i}ro z|H1(yTF=k=?e+bH$($HUvT>%loZHX8GggPC*psp4FfUDDfN#1N`CBY(KK`7Z)-+dV#L*dM++?NMNmO)T=bFluMEd}*g-w-OdJD+nF$ zwz>UF#sHgAdQnDlUVXmII-T`-_YxFP{5R8tOZ1^%VpA8p?N0Hd4Wu3GdJR1PykVUK z0za&TDNyr+>Cc&qN@i&k29;_xFSr)^n;(Y0ti&_K8p5xJCfa>-XD+$wdsn32?P%eP zXl%K>75z&6^!JYPc?~UxX=91n+Cxl#-6O?bpWvsGkQ&yMHoE(#38TREPUW+9_r^d9 zA-gYHVd>LKS(+cvzq@DOM#c_@?@aXZ3PnEKCp#@oF_h~HIl5*i3971=z~Ur*QDjAq zH0mq6A|xEWAv({1EF;3>u#&2cnzbl}r=uD4e$M*xhY`w?m|1z&p}r|1q}5%dJbfC* z315cMV3p8XY9t^;32Ak_&RL$>@lET>e0gW4yaygIO@|;VHt<(yt`d(pkGQ-zmDx3E zLH!R@urjcPtQJ=m$|pzX^&NF;0?+h3p2*u*f-1cGPAEaNAd2N5=TGo|8{0Uh)#v9_ z>xb<^?6^p+`u3<@c`Rr6EuR8m><*_C`2mS#k^O5EDWccG$b{i^VT(lO{5WYdrU@?A z9Iq?DKSgELOM!>KX#9APlo?r|C3NudATUJL+ze^;LJuw_(#yu$5rO|-$8w$#g3(O? z@>e8yS^uQ~3fr24xp@A~REc z81#tm(-${PJ){ZedT3O9`e?V7VfAkH_$U7?@b7h7;tOS}5k_&5m*?TN7h<#(k%}vxc5n8%k3fH^;)M-~u15K( z5xFbwTFwyvMkI0E7w-m!{tz-$bdOAavv`h!Yz_(a^ZVTv`5@RRpL?A;cil0@OiVIZ z;nEhE9=L%Dg8fn=8d2j*StDR&$E82C{OhO#tSCD*S-H!AnfHWZOM-^OW^!VY_F+~z z?_O2E)c7Yv+VD<&$0}VFH7W~sj2euCP}yz(&K9`VSK8#^SMVWx+wpYa`lVX--WtL? zdKDuuzc+ZIS2TdeX7yS2%ZYZ=X49IRraEX*`=0GxCb}=C zDwxxU229RK@fx9z8rMO;Y5PuBi2e|O)_(DD?77PEP!n1f(`&VKMEYE>V7&JDBM{nd z1P)v|Q-6x`c)lTk{`yua1NxGWZCky&8(-g?^vCYGpD&uujG?0f9C#}phAK?qCPP7A zg(z9ARbag_*C3QwP`=>JVBWiZd>a-}+n>aT3B@Qy8GP1g+{V zy^nv=dmQc5w+LZy2NSkRFT%g=Zd9*YDEly>@+PD?9>Q2*N@6;d|3lMPMn%=VZwp9>q)5krNJythjz}pfA`K2H z-JK(i($YB~5=w(0ox;$a(lK-nAj2^6&h!7R_uG6pYt}mF?6dcM-S-vwHaex>F@(e; zykOEt7CpOB5BfYhcq^IoU@7mj_ zNlwW6jBZ{-6>bN2ul?V6Gzvfzl&YO_W45n+>=X17kDtRDps6I}8mSBN(@WRIsz@wLAT-=u0`8_w1iY**4X;H>T-3{2?S}0* zQ!04lSqrQNkZJeZuj0gdGoHve!jD^_sZpb|u}CfShVxD%yOHiFKT zf%UjRcc${?;cGP~Y5DmC^~|zQz=zh%JIkg?TSnsl_^enY@Jp`BzF}aG=_y1ZXVdY? zr`hGy5u#M7U(()=E_(tWk*T5?AWyGYv2~y)#CLZvuzVl{b%Bhr9UFblqVj>;a6E@| zOeEGTO=ef*96x1nGwY&ENoOAPe9SXvoFs3U^=~ZPZb+qIMv>Hy)x_n|*j4&$Q&Mf!mX?@@KTfS-78T;&r@i$#zDoOKvn{HQ1Ac#S;Pw+@!kv|ICT24^FE4E?eJ`qT+_^@yVAj z(kAc8HGOx$Yt9bc#YT05JW{n$ np`_vR`gMsmP`Md-=ZOov_R&~H%1GvWR2&#< z>W5Ece9kFza|ObR5<$;*m-9kTxgK8mpI^t7@h{U&IH&z{XhfKJCZH~Ih0||V8`Lli zXJYMm09p=6F4Iq&f4^jm*VZ220{sFz1XS_{+Cgn0pM&>{I^gVylwB+!>9xP2_qN}p zx4RDs++G6ApFu*l*cI-F`7v#Ue8xVA011+%pS5{KjbryLvMQl5+G~NA!7U-M%0&g9 zU!=0k^b;-_bPU*iq5c@N(EFfwyY!i7t${|NSf9+nAdg?j3-eX@I;cfiq2aVp!qUzv z$U0vjZ<%+7$q{B~(R|D*lgK&9>i8J_;5a(?0M3ZmP;YD}m%xUsa;#b+rYru!et&5C z9*LQq?b3Z2PoD+OlpYU@nb5{)()lcyQoYR_uY=p2(6yw@e=npo$45)tFBVIP0VN{Her=2l&V%+JZy7*IuL=_rHE5kS2p?sY8d`tr*RIDnt=3{h7RT^%7-NP@!QqKTaNT@mfWY%SQQAZS!#%tiWlb4jWLIRyqp7rS zoO_v=qT&$G=1T_qaL(cQ4PtUltxCBf;*9eTh9Hh2sg9kLjP8zS%``v%x;Rd`t$`O~ zgqG4It=a}V16QX8VNvPBInyoJ9DV-)d_)Oj{W~%6CMj7%wJ@)g@?x z6s?>Ifbm+mQ(Lt=0huBirkFAD=+8O{Fc3d4C9`;O%_n%Lc`JYcK+T|#So49sqr-(8 zHCZZk;<1xg#ViwQ#un;aG3wx!qVjOp1{L8^&91|PC3qnuhfnZ^CO+1VA1l9TYXs8c z@F37YtaWLBxEW^t{1_GHN0SVcpfdkU zb~|A#nmPTsBssmb!6wH}astNW#OYprbw^BOvs}jsf4#>MP;Q+h@qS_O;m3*80CKJU z@XY~N_Sam$&hED~GB*D!uU^%}r@QU(%Qf=+NGRKOTh| zH{b*QNi^x$qs{^s+|;WS+MT>)(*MmF1sb^zbQGRF`L2UZX1J4q!ntvggjwNEkM5@a3dpt*$5z3;xJPYKC(d~FOUdHYU_evTk$q*vj5KQurlLwg77eZ8qFIbS zu|kn+LhhmCw6Ms)w+Ksfc#KT6kQ;fbwsp4WiZDlML6t$qyR;|o+YPw({U|60 z@1DyExsWHod;byE*S4r+8lR*a&rS6ex(!rzQM(IJ?<8$+zL@r4)Z zQ`0Ao_ZIM?$S`kd)a?4K6ZSTdUegyeeKIR@q2G-18(yL1usB*81}!ulOrkmut`^j^ z^Vej2f4Z0S5`Rtkb|N4SxYXiUT(BMSl9sL6hgp{1!JH$zvSpq??z;%ckj!k^M2b(YzX&9N!T>X zbn3zGr9B->OS^S_-s|T8U6ipWd4}R}x1yaZd4jgf?_VPqekEPuE-_ z#L>fB!k55H;1T2%DZ>}1KEg>XA#Au3Xr~5(kRI=*t+MQ0#w1c{U7#_CKd&dBGXDXW zURdIl_`ReeG&So46K^r}Yx1U)ciVt1O=^(ZJO zX+S;8z}p!r#D<*kCZY1#6D`Yy%F>K7^@W`-K2M(=9Hevv-3+aT+}T*Tch9P@r*EA( z?;Bb&yUHuHNAw}>p?7vg+Po$>v@WVzMbv4Jy0k3CS)SUDa5V z?1Lg!x6zU4!1Ky5O;C2$t(*T4Vg$a&XZ;OV@{$St==5&f4k&GAC{`8UyON~)I-!px zl4QuKRSgb#eJS)5Eh0B_#-`gpHh2r@N*&$y)4t!Cd2c+U{{^ewgOuwYb z*Pwp%Dv7#YS&~XD9vclNY)v0Q5bM>Wi08`GMUH^O2}6m8z+sXt7;eW-8|2BAl;LZL z+TiP$uBR!Up!W;LctJ9+k08l0Y{75Yf}Hc2HV1SdVi6QE3fn#qrr9apwycTW{_r#QeSLGpTTar*j~M87Un+q$!axheNKBZ>QsQ6&;$r(F?0F zuMNjy`U_NMe`Osk-^Z;cli<-OXp`L>&r2mqX=ppVm6sxCKR5lzyE7wGBCdF9@#?!XnJGn4Qf}kp0ck_RquK{cm{+?;<}dKh{dzDEh-DM|H!)7=p0O zBN)FL8pE~SqJZj2MTTxC)pw%4;A zP!n*SEE}|%gC~0L=nLuOeOS^f^r?B`sZ(}>&-9} zAcv`aU!94*RV4RtPItm%eb68UO%HWp06IX(L+G{;OO*Zh_MPM>8#;8K;xWY@%@*fz zaHd5#|J8NLP;%>$nlF>34Vh-#d|`YKY<)W+dZEBqGEx5wn^03ZUjGED7Coii=#FyE z5a5h?hdB~SF4YeB68v}Ve>W)fbM>|#=GKQsuH8>M@HWW6Ljl#0 ze?K*i;{I(qKx{aF5%H&d%k?oF zRNT&${qPOMniI<}hGEA-W1>|Yw{DoX5zpK>-iZ;*(C)B`)Yv9d!3b$3^!G-&wJ$|f zy>^7mrzEdbkB zAM)pafkn;(*TBXE_Gwb1_IbmUY2L`-V8%<%7^ei{SZ)Alh_%ReRh*l;AGpb{F*hFk(3r8 z6`%AGl{%Gz-LcBRR$||w_tfm4y`o76hWJy~JIB%A*SDQBlr_D44J2(Hu72R1BWLhO zknJ7RW`1k)-xo=z9Vb7q5;8Cdmg7_%)}vGvUiN+c?Rt6IOx&~`zKl`KYisLbCiiKv zvWHNlz#kIx;|kbeWAX5q$rRC1Zb1Gq9VoI7t0zg`w+p7I@qvE zS63IMmf-`a8(cJFdT1N=4Gf>3$TOisHUn8$nEr6D==Ni?f6#Fazv{9-%~OJX14dp@ z_Sny_tORR^@Y18bp5#2nnV0l|r$xd`Rl~(T%ar^Y4Vc3QS{o@MWo9*jwn_)b)@b~o z;|H|T_c?Wo1!TL9x^6iCZ!di)!#A={xBx_M`xrgrsl>Vi=n{F9%B8bcf(ujCee4Dl zSM_6+nT!w(P0wELUMfC}QVNiRn{dX{0611dAJ~O6I#7LzOQ)jP`tu!!2Y@dl7%b1* zHF%Bcl{ru20q54$^KrA?eV^n@yAlNBRl2^$9#B62$@gs^EI20#~w4I!4vADzY2un?Y2b#(l(8W)~p@P+*?-Xij^n%8{pmp`XzAm26 zuj-~=`wV6gX)|-tCp@`6hysA654=#b)O%aQZy?Dm5R6?C&p7snT5dk6VTXdss3WPtl96X{7K>%`r0d7IF(3x`V`bd2A)6678nLFaW`e$>isB1p>1( zF=UNwU#VCMeo2tiN4G!B>5r31o9&G~-(|Br{Rr;V=)K$KRi$^}0l>{I6zjP6!f;Wpt)=nUZmFiK1pgFkx>Y!9!v_gQ++`tX%S+ag7L3R%XBhFgh7ItA6nlr9ficK zDDU4PnS%nYK8?k6S&gPMf^QE@<2=^1SwdK31Kx%rRck%3%63sla$8%x)ht+kAof_1 zt!u3BO^uBlPThJZTCEh` zZkH5qi4bGnUsCvbPh@+sCfvWi9`HlbnE#LK(P3EG-Nhlh@wi}neHv;O;q#Upl?ax6 zWrN};Za~?g{fN*tvdbK{id*5I5)3f|gJlm(g%lq|JuN?)d0GrGGN{KSGG?pjOaiUd z<#nJFvJV#8PLmjy(ini5Uw=Fgr5TgMDx96_sGz)bvjnzvGUH#+)7N3Zi5S;q6PjV=8iw2QPsRS30D34CA;FcnqR7>!@Pk$qU|r)U{=l%|f5a zUSz0Lsc6mtGhmQX>^?T(E*m@iNaYcgf58QG_xkmd5KfkAy0|M1aqFRTdzvFYj1Tqm zQ9G2~?F4edW-|@BuEM2GOF)y{^^0}wJ>gzG6Wvc`tV!5A>KZxp*X!TEycC|2^^3{1 z8G)5j3aYH4hzz$w`|hU@s@PV3rIWi$d9B?66YFV-~q5FR!>GcrEgqsVjK?I z(8_+Vir$k;997$}+66+5-`xJMmGzz!<(rlADDyhW!FFMceg+Bstl)>r>?UY_Hm?L7 zURncR(0po|NnU{g{?_M%pMLvox4XOt$}X30Vx`O?O*4ec$g){VokLR`xcMFMuCsBJ zsd+j6ilyvMIRE9kqMjw{hXrlOXCu|GMFEw3e8Vz-KL>jiSow%ydMIrTGr%hMH+z6q z{CroW+kpH{pzm*BnFX@2=NuU_1C}_=$bQBagw+BoDuw=0y{Hk)RX``CvK2LWB?%&pc zhXPuMdcb>5yIq_YRv=t2uO4NK)_aB?ffhR|1Y{wlc#(A?G+OI86X(uH^%UsLGj*Y(e(M({LwHrwJD!>StO6W<4!h8qy5^ba^0IJT10(h! zz#C8=PnXj_nB$WhtiK1xntZunxbx{T_=^^VvcK}0<37#APEUONzDL%p zn``dO5?ZVTz2nnuK>Q$_vepJ&R_`u`1|)d%iQ|sv%#LrOsVaY{-EZes*!wiK%mpCa zs-K(8GJ|d&-U?Hq2L@Cf939mIsrCbb+CRXlaQci;C8db-8h6|e#RVn$428V{ zhS+9!fFJfr0hs0URLdUXp`Ya~X!3e8ssscA36G79X|rIWN+47eJr6Y?UciH0fY{zq z%u&cqah{c^xHheGoX7q4&fNi99wG_p3`(smyB{Cc4_YAy#MQPq7*pa&V5A)IsvD*j zr(73@htpim_?Bj21Q`Q+ah9YmtL{Pe?UX)e7ebCD_0t#ak<5tm|2kxj%Hgdn@pqu8-#q@;aPe4XG?&d?TWJkK{ zU)fP*3Sdjb&JY}_+C11u%*~FLKwnzBIrZWuy2QYrq+P_ z(u%){=wDO%s3+eSAL1xD%##R~K^Hd`M)n%KboxbVN?3(w)?!XIA_*kvQOTq9SkZl< z9#=S^d%taK-+O76Gm}jU!07(82v7gxpBe?K-kYAt>B97b)HWIEZ0v>-;e}mtqk_Bo zCli@<{ff=EsvSlj;<)JNmAEmN@-F{D;RZ~E<_6Z`8hDmGcW@Yv!xs~#BGdC%4;CUb zQp+f&J+l>-L|oA^t;0Q|*iSr!b6FbUjqzRGxsg1thY;fO%Dc^9-j^%4-)~Y$f(eR` z0E~29(FF4!F>0|Yv$SFHU7myMysjCT!_HOs9cW!hJoj*?%+-v&ro*bqS$3Ak4?QCe zKdCY&9MO1{jfHK1JF&BKoHboN_cW+;e;(B^l9N*+{l7nC-$raJvAQiakIlNSTG%S% zeY^~LvjZ48((UVg9-B5>SIUZrH&Yc9%Ud_pg%WKViOmpm4pPDmZgX!zqA2P#8Ac`s z8vgT|^EnM&A#z5HkC>9@0QkScSi1tt@vN0DO%cP}H=kktERu=uo1#z$%Qsy!4Z^nA z{0@{Ia(p3tGaF0Mdr$s4Pv^h6YCT5WMc3Z!%WLWpf$%Q~IcDSvJEUW8f7-%(0LENEtS~bSGs8gPva1IByb9ep zV_W1`L&li*@M?6nq056q(Ut-JLBCi2VSM1nVFeF8v5hD05EPD%@)|cdUx~X2@idRo zqCP){cj2fq?I$!7!|7)s%JXLjm>Y*sm1Le>%eZG_csZt|PIZ#8DvpD)nY(z`NK?ACCg+XuA%-wH1N3rxk_ z&_?uroK72@l^%w?DF9WmPA_nM9&%p`kpiW5u#epuB$x zY&y=X;q?fDQ@9>=n?Hax*Bw30xihm z{ls~;+^}_ux2w1*U=pxico+!o2Je+UAE7Uhd#YxsnP&jv%twbFo?Rhyu2mFIjxVs2 zO~tsm@o}38qUIOLmf3m^`gHn|{ntzT;9n#gcD^q8m(@LYGg3eB>p5S1 z5V6@=OaQmLIZnQ7^3M3>!;K2@Ky%#21^EtB!-^X0-gmyS7W~`hJ0uY>R3bjR>ruOm z$eT|3quqnWUK|K|3MXdFluLKincN-vhM6t43 z=Jq@z|5(VIYRrqnVLU>QnQ?Oz`yevRl~b{6_s0Smalc~s*uIB7y|q08G+HCQ>2pfb zTOgXO_@r;jQqiHfjK(w=a0Iv$u68@7WrlhGuQ}rfsz^RvqvKQLgP%~+mPT)b`gWry z!`Dm0;8Hiw{9DSW_hJ~qY0jBt0^q2`&xgDZY|!G_*TS%+l^jxv4?uI4h;(wt?jgf3}zRefIcMoNLiG(Jw)r%lL*zFzaV zeC1I7;}H{=AK*A05;7Fr;;h|Z_WZXo-RLKeN3Pppp|^+PF+1#J4! z!gVOm(q(H3I5V51hM`@*LD5M`gXRlkQHn(-7*y^utkLN&td(nq6Ya{taTY~=R#c^C zYoe5};$fR>*5b|t|A9RT)e$6%|JmTPS&)zqKY&ua)-$h?n4c?G^zvIM#E~?KZLQV1 zD(~rFMtr<%Ts5l9y1a8{_4`Z|G3DqU6PbHT2MZACCpxD`Dg3*QgGV)af-Yl{Ik(+S zLM=gk)C?Dn-|gx+O>$NLnzDer35Wd18PX}ND*O|TvqtqRjyUl+bK zJ+dY6{pd@{mMJ?wp2ANj@zC^apY^MbLM!MW8*7?WWq#FFxiH;mxuHTTR3gW7++ft< z5A|iS=Pk>>8rHLl%6AIjkUq;zp-KIQT-!jsgwcUEem7HTJ(-{w7(_8>eaaHYgHB!X zm~)=}@t}f_!D3a4XuohE2^f)U-q=H>d7&1r!a^v9-l8k(MJ=fP5CPD1V81`Zl?7@q z?e(9%3{G+S&Cef}dB(mLCdb|$@7 zij;Q94FeqOpdS#XIs5f`Hz+O3?@cX!zvN5Fr--o*^*8<^zXUKJp~NbQKUxEy{;wHo z^kOtCloSoZf*Kdkp~|I{maY zu&z39J}V!c-6I#y+^Q-0uu~;9mJV(PL*!c8h@+bh;8N>r{3jx@tD#E*OP;u=p6JK3 z7T}Xh*3J7b5xjJ-cp-VTz(5!fK-Ih2!q*`Bf%U0)Oe4bVp=X+LOB^ z4vR9pz#>lb;r&oqn>iHS?Tdlh&~?#(i3(xGARO0+Ql31*vg(S0Vx)T`Rv@Y;4efzm zrVM12S3-pLl^-84B}d@M@pEMqBO(Pb*ADN}U_{%U&BH`V;ha@o*{P&6=aY=C&>3|G zz1*Elg%(}5Fx}e57Hte8EU~ZFB;gHb5-{34-K{;aNiMPlUEy||jQs1E{UBlkQ*Hjv zu+3!cUf(8^ZA}=AfbIR#f%w}4$#^;8|CZ^7G%TCZ{W>mRdHh&Y^)GW^#grDBFPhM5 zHC@U9)ge4O5gL17Im8Td&1kC(!8wy>Q%dRjLcF_1{Sxx8E%v};AL5N!N^=boBY1E_ zle6>4NI$sTYig=CN8!qH0o*7O!EtEuP&A*}h~xM0AEn zO$^H)2h1mkcw!f!`$A)~V$Xr@2?Z+oRPqJmS~vb!eBW^&UA zbr4B62q=#~1@m>SeQn&U`f1}7WR}uynbz2U5Rq{kQTi@cjFXdZ7ECPELEt-$b;Z} z?b<1O4%t|{0e~$%^YU!ID|*{0Pt_fud!FG`yuF6zI~Fl}D&G--r0Ds;Fswjmz5J7K z#)gXwloqASP?iV)q=Wm~h#-B2IcMlOCzzfai1T-qYid^;xJF`be$eFjFo^DqEZ85a zd(fxdi54k$>AgcLTp|>Y{VP(LEndFg`ku6hb)wVGq-?is4BmhWWdd6+-v!{yqI~_x zm$F``KF6mr%q4mkf(Fktdck6<9WzZ0Cz88DF8O{`{T!%nm4@rMb(mo;pu(Akpk*PQ zvlBYDw$c=@SYh_}6pP(USRG5A9RTW_^mbpzObCn|7}=@t_u~YzUoM0Ga$nj>3@)q% zB*>wcg){z|Y_s0(T^aWA-dGFg@n4hc!*AR^2-X;jo4&T1T+1em*!KwF^3__q8(A1O zTnnhGT%H%qtt0T{|BIc#jbPn699!ftrVAr(UAvEtXm|Hs943B(I$JSd*nKTSPYkOG zAvGzc!fvTx%o^SSD?@rxs9z0gM}uxq-u@1=?jHuXXCN~A3u0UJzpqwe7hYDe69KF< z`S4lT9v3~Iy$cY0%AhED74gg%lTK};nuiV7%P2DxE{#|H!|*~9k+f-5#<6JiE<8Wt zK1IOGO^(Q{o{GMqcf3mi#j+1uqTXghGZ-RYb|(=%a_N0{wJ07g@g*vwl0uSj*cL}? zrKbRscEkdod_@#%KY!W4v-`-Od6ppbfhjGUaABwAa(J`YhN=&FgF3Dv2dl*5$NLW= z-6}CsOWTbb?@1sPD8(jgekRSW(FgaZmtCfP47HKP&3Y>hc9|>($6s@Dn2hVJqF7{o zHUFJ1^Eb{(idpY!W&^>BESH@jcRL$B5sO7;Tq7BR3qmI=ElNZ&(YD%m&e^{$*g`v+ z04U#+zg%i!P?z;K zzu$>nI5SQ<0V8%LC8c^dtis8BWz+L)al7i-jjSn=)8v~lVYNh-lt8&y0h3=0H>^AB zuB_Nf#*Mk&+jpjV6-3ZP0#?s`i{x1$w(Dp$?Uu|QhmJ-Yfp`-Dnp)E_QebKsw#1t)Ap9>w=sUN z^!-t+taqYoO4E~*_bMkAhAJg^j(<4 zAlTeIe;m89QMlDbbSddIUl|KNbv@|zmywa#LK!Lvy}%MgD9K<{H0XYyW;V1@exE>+ z$w9-oP}R<39BVJ}`f3=KSyTN2^9)N&v9aou#h(a%fP9m^))d0*t=FjO=91o@Y%Y@s zUZ~EWo|`Lyci}WfCi%`w^~QT$gzYsrO*T*>fMI_qsPUYnPg7<>r3v4 zc!4kbiL1Y(;!2isZi(C4TB(CLNCmg|Yd3+VO`a!pYo_|qqa@a{wC=1g+9G8O*pMH%dMrr<@=zn9+O_!EUX zS!0G4?4(CUni7596|whZlkU@ar;XvLi^2>Tvfqiot(;|ltx@hluTFbaGE+87PE%Mf8FnJ| zTaFTCZF$JzG%^KKgHAiu0RL`Iql)k-Cs0Mz%rFNdB;2s`so&a#s&sH9<;FEUq3tZg zsiwo=pUbjPNJocA>HDE^^ETTaQ~(@uv&vHwGUhbPn{xFw$T`!BOyRkPVl~lL`LE_o z>4l5480ww7q^eY$rD;XcFPZ@wCcNe4k8jMai=CJ2lw6xnqw0yH(;XSceO=Zca1J|5 z279x~^PxpT$;c^(t`4f|nTZIQbSb(?=I{xI=3SO;h~l+ZdHooon_wdu!vk8mbA#v6 zfKH`^==1_?q7pIeGta`v@sgK_l&l4n3@-^H_RI~`2{^q6=0#Q4D^Uq~s=r4culahr2768f-7;tKhFTs>-_Pqw5p{TrUk6 z;^>D%nI=%q3(lr~C?{L7bx zMbm$%QC(8s!rqJTJAwq7K-ZTV)qGD^N<7tz?d6eoEB{Vpuq?nm@Lm(EqX;V-TZUGy z2N{*>e08z;7p!3J^8>V%&Y5WTa~GMNLs17ex6HKyHc5fb)w{1mz%me5C}F z0TVU^ffHSKUfH%#h;=^n@}?S4;>&W4cbNKG^0RO4YCvjOfdN>-zD&7>{bY6%PCwYR z*Yw6v>gs8CC%I=Q>Z`_17;&dy4H(UA;lBEi^M3rjB%n}*LDg5G^DN-=Q9R*-0N-M> zps_iGE?(gln70}}4wU3zQmtsu_!asH4GKj*%{~B)qQLx}8K|ZtAb(A_c2|k`MRC$M z0Wl5*`qKAE8pnd}Ze(C(^l4}+r zY=740ItJ{pYh%;LObeR{&Rld3eoLDFD2D%4DO8}Sqb@G}8fV|p$HZGzj8k7vsKZUB zkq+l&DjGs6%xg_0g~>!>=rr^3;)czxUb1wbR`={dR6~N}^7WqpJh+F_Px1!8EZ()k zL*UbC_SZk&_K?I*i}15o%TikVRfab?%uQxAR`&aRXaA)7W<5UPKSur29!S_M9c9Gt zCmD(lBk?(s5Oy+p))chnvAWv9ZEY}d8u0%*YqE`)-~FonulqkgDGB4XRs2JxhP!Y) z%QFxg{wf1t!jIEqzmC>+W0RyB6q748cd9K9;zs5#NrQlU{PI3{*MiK!X;aUR502%&;f%ZN`9wmQE}OT{zVOcv zZbikFw6$rtHeaZ=T&PIBS&lari#Lx^z;KH2N<5b&g?5q1e*I_7vx-3z+uXu6-eO4^ za4JRn8{Ok*hRBQSthKJn7L+H0no!KtaqTZnCtPKnmXYD0h}BNK-9tEZXUhgvUtM1h zGL14q*WV|x(uky85YH>dAKV)liTOQZL1KK5)0pSHHVCIQ88`X4z18k#Wp}{tn}4#t z9+ug#&>P#V>i3gPamjYXa8U5~N;s>*L)&tQS`QyEl*v2B;zbwou)^Y=X{>pZTG)is zPKK#l=D%zg+}_798H?2(<$!|8$u=)*y($U3bU0^T9V?rXZ}X7DVrm<{2EXw9uAyqd z&_;SW#@YhC5c&zrG~;ucuMCSn`P$Q|C^>3qf{_koB3Y>Jc$Fb+PH}sZ#$VHEQr)$w zB39v3%7k(^tX7?LWteqf|3FY#W7P7_x3^H6Q+yA?P}8Sve)^UR6O?$pRijp|Xv%`k z&@%o0+wJ9Zg}chpUP>}wtnSh+px^a%B9?*d&q86Z=Mxzl2hF7~>bAe7u;PI=h~QVZAB%15IimdU44xg(D)uK4=qnN!62lGueEMU_IK&43s_!P70{{1W_ySK(zXdjl}!y7TS zFp&a6kA7StC^qxVqzTuD7YJ`}bBa72i@>X8$knwDK1NTZKQ#GHP1L=5*9xnW67K$M zElXe=VS*ox7a-b6XBH!djr2Qm=@nh4RA{CLJvy~=LW)v_GJGe7hJ#U2m$jVLjKDPp zB~S|!06l5JAo%?8tAqpHwLpe*g(%A0a%u=AW}hK02XE|}=Fx^fwxq>AIyc)sxIDrY zcMGp~Px{B9HFDZ5AMtWtohQL0#<%oaz-P_ zmTlWH#D>J7cAy36Wlb!$S``x&P5t*ynD?16SvCXOCln38Yc#!x~G~FWxS*NRxXe|Bp847ysxeTiALx1R+hMsZ4cPZtg zgdNZNhQb{8Z>go{f#Iy5C5(v5o?4Nity(XoCWSBF(p`Kb>ScMHZ)tFMP6r zJW&{q+F2upGITx+*345_{y9(NBlq&jM>*|QReSN6OXXds#Yc}fhDkGu{7sonRO0Mi zs%q3y9d+|?Tw%ikN^yt|6a?jnFlI7Peo3gLy*omgvvD4t`=`3OnNI#_5~z z89=0NB~x1oBFc@{MJ7}y534jNsZ8o$TW^;jRRVI$gV{c;4jWZe0NeP$c5(um4@)WqcETA{5cB= zkHcF(t3Gsi6H4O9=pyz^K00$8%oeqUoCuw()p;Sb`ehZDAF#?!8M4P=OvJgT$uiYR z9j(kZ2Xp282T?N~B4%RqKh9_`kMRgQSwVcG?-7aK)@NWFkqCENX&C}WJ8hKR0Mc22 ze(}=iXw_q(Z8J-jb?{Y?3}(cF#pFH#N5U&y^o;?KE#~5q*GoQL%k0eytX%2Rr&d8h z!PcPKst`KQ^KU-qQP8!3yzGHDr^9V$n7c@5mT(yLlo@On1n3meeO@4gxEAr18s61n zhP6?G=`Xv;+C=R77X6~efzLWlM? zjR3ok(R=(P`(7AUEGp#_qEy#sVANo6z@uL#;Vad{rREFckn5hS`GZA=7bHpoejStg zu9zR#VAM5v7MP*646o1BV+X;EBdxi%T^q1)?Iw{rUF(y}P`D%kXV1*Xxf zp8NUlV9F2T1o7EK!H+7jT=}vica+2Mn)S}dXK<%X(CsMqtw>^tLR}fL?2dDLJ7&!( zxEw<$4wt^RgN(c@JSghkym3qDT{OrRj2JA6Wi|^ zM{HM5t>N?{9~yDf&aPW{|KFW@V=Yf{g~7VVpqHJ#qH8g+Nncl*t#aBa+MX~YrW+zL zEG#YP8mX~N@}Rq&d~DN$HsnuRNwR>k>p7(44%Z2J@670>ho=8Ch4M$N#EIC3vN_8= zwlnZgn~TxFfTOB7*i4e|AOI(yJo+GFNH^yANvOORYIJCGAyA1Hi223%V!G`y2D0k$ z?CRU#S+Hd;6A*k+5;wbl3j(#jT>CfO?+I9=MC??%-ewyLWc2S7%*IGh^0=ASZM*5p zcE*x1Nt8~Dv{A`EaH?w(=pCP!=U#)pJYxqxNL2Uw4U$iMj9s3nPFH9bhtr6(cHXLZ z*-Ce=j9M>iT{j|nsN@C^c9Qc$(@P9q8{i;~1OYrsdo#3TFlu)X)T!L+ejjDKs2@PE zW;)1Kh?fa$qX9nYi$yGh7WrJN8sSAa&nN&n=bk!ZVs=j)ld799BE-rp{6#92Sg^)} z{J>T{3G#v)I9!N*yq8i%C7~Ys_sIi`5K9iXGwOj5?Lh;M>F^vSPV)Ohfsv)|dNHk) z#WQ8BwswtKDNh*RGppRq75768^In$f5ZPiNekjWx1w3$T!~D)C%0ll*_XnYjNr}8= z@y!h?rLi&I{lItGVO{@WNn>ojGKQT;7n`~AR>@hLif?${co_0Ie+X2r%K473h3kH$ zafZZ_!R_3B)=10DUW9;O%JmjvGxRugQ+Bl=82(27=Uv9{b`^5&;4@1Q7{X>LN5QEl z>`TqsL(viN;-g%oxvjam+WA7Mro+J0h~@VSqpeLPwOTK7*~fKv(Pu=aq}vbHi5C+% zCpkst8^`VSIZ2lceq3B4&V7%wj{8&0P7}BKa7k51*Q-IlSACh+?3(UN4a~`eo<7|k zZ|f{jI2f2Ze%^kT45bPROx$#9J?(YOo_|8X(7+U9@#(nd0>=4b;4hid{RFa|%)_%6 z*(C4XQF01x#BGGqnCkK3eLL}ZS!N&TKC9mfhu7Zt%xWQlKP5*%f56efX%FZ(Q|w>M zx7&y$mM}{ar^kL)6nHuk?JUrsoK}&A4*w);PBP(Oot+sSprCN`KSGhp%K3aF(hbr? zh^i1%ce7G0{pIkj9pLt~C9{2pt2HhW0SHg2z&rc+6eEpMU}-54&A$0&o}b^^_BKGm zD|!o}%C++O5Ov8~v=Y^H-BMM5-@g^zv^>YYoK#$w&IU|q53bo19o?J~3KGQIgPeJ{ zUyjS_1Kd&Q2(%+_MIVi`)bKT)uv{Q6AtG;mZB60VlwjsqGnw!-;4Nw<)}KLEQ?>`t z$((j3{!|!I4eX@%yh}W3Rcf$8K$ZRou%wr1vh}4nZb9I+4l~>VR_Ijtp<$N^46?nK z;x#Vi_mPsE>>0+iXy&kp2BEEXTDZ%iSEh@-fYO|5!>Uaav)gF1rRZydHzUh7fag&A;OZ>R@TRP(Gur{5nVRvaoRK?mV*{LqsnqLa_ zQ#YGRLc8a6S-)w$>9(6M7ZlY367X^MGt=uBH{r<}>FKw8HF0x0+3PKeTrp=AC_*Ne zh@cyOQG-b!1#@?wY->qJi|X3VKzjZ5;3pL2aV*M`A<@H>2l%Vh{6o~uyMNZQoaF7N zi#}y%4p)+6;%|9jT^W~k;$J1c=~L-6G`4@JER@pVdo%Zq;Z=60IG#e5x8-e(j=tq1 zZdC}*l&qcL0IUOjSOW4ra#9sn|Yz0k3s z6^fkWG@3OJM*1yN1W%nkTG7;H2+ks;7f2(SJlN5(m1E#Af7PPL6>B$j$Z$IYa2wWy z_^&12q{;tVwD#P18`Hi&z`T>9#x_s9Z!YV%x$2dB%^JFX_y5{^&#i6jzl8Kutu~b08OX68GT}yvN*y#A#$ymmM*4?eytOO*&S?kvmIN~H} z9>r|A!NvbLnRh;iP_y=*FaDJeti#H7EKY1a`AYe9w3Q?|4$|IJ+4f?2t0bYQB{>Q3 zwu@AQ7SJ!x&RpIQyaYcFfK29ou)2a>^vPb@g)$5acTD?^b4}WN7tlTNuO6Abm3%!A zg1~rRB8KO0{gKR43eglYEDJV~7>SVa&gQa^RR9kTFn_Qu-tNlcvqw9VGV5sXnv}vN zDJlEqm5R7z&za^a+ot_k=tk=5)O8m0uZ{IIk17{V3 zY2*bU{av3Q0&2ha1T_5l)olfYwK1P|?g|eG1rcz7jZQ`~*5cU!C8A81VF8Plwe~5; ztrDKelG5#C7kiTf$z(Dk8_6~aLl-$6N9@KYu2OP(z7(XIvZ)%AyMTqnga)9(gGAASgqHU{B08 zHNJ{(QRq1yFqf)~_W1Ro-$z$u^j>oFgI56zm>rvFvTyT`+~3%IW*ws`*h!BDhNW1((S zgQ@FxLHa0_XQV%@N`1I-8wJUm+S$(n>z4i87a@34-X@A-7o}7r85Mb|*!EiBwQueC zHr`G0ixHstVc!&HMYX|j4?gW&89%o5QArmjAbzKHCa8LPrPe2Oo3&7_r6owj{dJb_ zJEjI?)c=4Xt!`5Tmz7yTG0CyPtw{Rgdg@olP=#Ac5NIz$;Y7RAC-%DgG6jFaG3WpUyl@??dlqezc-h)j=9J6L)ykPq1FU@vrJH)B zDv9u^{rUI}6&%*>n6B|$Hk@^B4@MEVO+e3(P&4p*^!ze;Y?m$2wpDO#2c|JVomSR6 z6SP}^FUMaHzMGY&aAdt5DtN+E@PD6NZtO{X*uf}&kR;q`=U|4HRc9|vhxOoOB(3c& z%g!E5;~a+u7^Ct9hLq4{@izNqxS6D|g}fwL8xk#in|Ivm*G%3kQh7;w>o{UArbEm* zPzAFfkPY9?fgP-PCZg^CI54udKB_22x9*%qiRFXB-XQ(*SfO3hHX$qmL)pwTPex~@ zWYB%+KRBlN19^wMRs`W6&HWYWFb%>V0Wl%Q%}%dWKrQbtX}LGZq5MEr=pH61qDNMP zIiNQUd@{_jYz#kD?%f59o<=(}hnm%WIeEdUHAT?s$ zS?d*GV8&wt*g6;}L51FB8=Y-!ds>DbniCjSl|wh7yY5~VTbrVZAjm;p z{@qyx9TT8i{uARGsm^js)r>4bNzYNa^60C zeIj5f)>~32x8ySDvSd%$Jjl~;F|^%<{cS5`T#ZT@&ppOa;T395d|7MxuH)oIjRJHx6-BuarEvJ^H z?PAsxLrSD(gXZ{^u`NyL?VOgcekP{0k(?JqwLfe}>V%BcJ47h2)2!RSYLwSH(aQXk zTfn}3lmP~rX5_{{h+6eu25d@v`tkpOU@{#{Urs#{ zVr+Y!StVOo>NJ9B7GY$8QY|qvG#rWp_U8j2!;rQL7V~Y%F`1Tyz9%w za&t+$d9)T-^z_9YMe%nJh3W_m}T2v(iD28e>xE@l_<&gRXT!-C1z`l;35Ze9$?V zpTdG!W2HnIJby&tjZug;;Q5aG~LvXdZorI|+_d5vJ} z_twqy>-IBM%h1*9DyZ1+$Q1B_sx3I|o8}Xjf5pV5qX_-jH7=GN44B60{-C%nA4T$r zmp+VT?;tq*b3p4Jg_T3tp;Yu^sA)ptXzOF9hXtbo$8)V5h?6IJ?KIQ0vN!URKeI$ z1yWWGFGcsSq=0bV~;6D&6O?m|Wwcsm?DjH7HB;tB!O`mXChy0XH`m%8p7u{GLa9y82$>d_`>X zTPCXsa1$t5nO{rEibYnLLfeU*Wsm$@m-eniMn>RG}HtcgrQ}}CYUDDBcDC9cH66sb``Ytbv?$yMvzO@J0RId9%MAivIS#XA=~l;X=d2^6(Q5pyO1pK9v}v3>a?7QvI~g202Oh!6#azSiBM4ZXy$cd@i)(o-w_G!L$U2}u&1&FJ8Jk(OuP*@5>I zp7M!_V}MmcD-Q<3I0eq5<}T6Y7SHgQJ9Ow2E|3a6&MK2su>e&hlA zA(PFg=ios{Lgs`i4@xT0iUgL++vUl;F^fsKPIz{kI^- z5Og5wxBR&7hHM7B>^yI;`3f#^T*eoMCK^(a9fbrk`KDGzrcbXf82=qfvxE6L#uvc< z*eAUYUef3MNW}e{*0UvxzmxQ1Fw;XJ&}TatJDEjkZYLCV2(l8($}p;qu~Z-qcr}_z z|HtZg&W)kSvJDwsaBf}Le$d&*S+iTG6s8L_JFdClexBnE>J`9*X2C85+wvd2f$`g? z1yVY_iChho&YG&=B9BhWEJh_q(#zSk6oU~@G(w%6`KG88^IUjWlB=fBQ(%qgpUoHm zw}Yr0mV~b6DVpKdlwk&eA=TQK=kwy>XHhpg-Dh1xa5#?v2QkD%A{JS zD!@VO!V`(eD-w8bVG~I0A;10?Q@(NYjXK8u%ltpe!gj(w2l1%LDn2u}!=H{XKOZXL z1kr}f5I8W=V@jX|i4LXsuf@a8gf0P(3tnM33-dz%!&%_Xr*kGo@e+*Z=>3+m+BfXr zrPBT6dnJyNKz&3SdyGr~W1|nb&A63PisY@}i%0eqONAcwH>PuMrz&-8OfWP`@HXcT zM8J}tae_7}87l@$W`|m(@T&lhWk%j+8&Z~MX%;csN;$CojOa|faMN-`6v4>gv`t$O?;h`E{6?Q50wKJW*< z%?L*19mREq?=!v4)r{Va@=GEuBt4$ZXFXJC^{Pi6@92e&*w^f}vHa}bEV}_dxto9c zTmGkHB0zSYq9i{f+U7B%;=+6czDAiayvj4rz z6yZV*^A~Q>n>vi6kdnB~mW#q%vJSE=)}4Wb+Q4RB<(E}6YMe8wr~_aji3+VJ?%6jf zMkTqzB}jugO>n7KyF{2c_hp%Nem2Z;ln^!eQ8T5eN6Jx->IH)XYyb30+XKJOn{~<6TVnsot^H~?@ z-Tyrk-keUvz}WCVvc#RifxQ!l1t^QzGS~u*wL*R#gfqPS?yLb}5MA)9mKCp9k8|^e$Rw4b^1nV{5aHqVEqM8e@$tECk_zPx}1~*p;0ch z5iD$ZKN-&sk`PBFS4$8%!)GtR^Apf*g=R1xGu8ZxT`qcJ0!^4g?wkeu?r!(_4li=VIF;?#2uPWx-xb%y>;QJgsEZ8Llp!aE53Slmw$SSiN0 zs1GZG>j#-&gYib@Bj*Un9y`7&tts1o=V%Z)_Ma`YjqcxIdV!+{0Xwc|(&Yk<%1HBOvS0!h~{wf(splFrCT9t)I_-LUsEILjOz-}H5yiQ2AX zK<*e*7KP2AeO0X1hJr+it4IA|G@!;Rmq=J63iu~-li0g%R`k#Dx^JbZ@U|dHN-4#^ zR+=Wlldq;r=6*&yXF#^4`p%tCHM@7jj=*Hp(j>*w_DNMvg+VR8#y&<>4w6+tc_-JN zr}nja=QHZKVg#1Xk!|l%V2d|bD^4+@L~;}(p3`!N{}GxKdmosLfHy(8U==*?%xgff z0U_OL&q&x@Y3_C7)-VK`n<^!Bz}u?Dta z48;x3L(qmI(Z>D7xeP9TPi;LHMstF_Y=NfjBebNjC9F;nf0Ij%*6s>LHt*kkb66RA zuKb8FjcajkD_R@`I5jD42WVa)X=GkVs=a&AskSiR?_4p*3UM`h2m>yfk@Hnz&}lqL zImA0&G*?6hLmy_Ii|K3nBSW4i>g!fUFu~gC&YHC!?||S1du2)bVwmnzR@BXT93%j z1#}g5ln;UJPdOiyJP0dfZP0)}&>zhZW6(%=fcj`)U%AVk27Wsmt-Fdk6X|)#!uX9e z?8L$E>%uGpwcDeQXS|aO7}dBdiXefP<6#pniqH{Am0ey`4^x?4TAXnY{qt4#*tSq{ zvdxIW8k4TD?;HEK0X#vmm3{=K&!O5Xj6hcZJ*yFx$$LRNt*ZKTgEx0%gbV!(_g)w1 z%W(;OoPt>vBVB|GKg#S}XoGLxKi+mLSn?hY; zrN=HIuFt6Q9YLyW=*hw7riw)l6ARc*Nvg{Twq?2&A~R(AW1A%qql6;h<|ad#khAok zWj(IYo(suTcbv+5rPJQ{Xc2Iqn4chUnJnm&ZLwtDa5AFtY3a(5-P(eG7HdYEh#`v zvwt4dncUA=1FblLE-MzlN zn(Q@&t#yK#7GIRgM^U$Yu^1m64i?fKa#GI65d3FC(*$-kF~*}Db?V7ZIbZ107#|OH z zyiOLI(2gE;e1bS9Csm&Bjo1Ims<28L(Y(NFga{K+bYnqGtmakJI())c8~!ne{{!8c zN`E*fVRuF9cMQs7a#WpR>}nhjBd30POLCtF2Sou?9ayjq0Ktb2>9`nG_DViT@Y}Kc z#?M(Kg>|$z-xh#fEG^5)eY zh_XB8(8kuICQBmZY@=Y$nT^U#S z(8tu3z%RXC7|vOV(m^cR&UYWmHtll|J_3+U-0wP-L_0t!vo$=Eiu#C?*+?tw=t z7L&S_LQsp9*+L_3jMl_Mf9|9IN1aF%#?z=i&x??`A$t08=Wcb}4LbL(wQrBsEYy>b z?9=QkHMn6g^6-Nw%SFID$r}1ub{*+u!a2?-G?f9%u$-Y0`8R_d~%c(!?VQsj})z6{N+1H-Ds5Zg*w_NOd+UC z-(}iuft=6F#}N3}ft05&ZAWWChU#oXH@$+^)Fg=rTG zGxY$av=|2wP5ck0j-BkGo-xA)tj<4j7g{)l#<|7Ac0l{U3g6Om4O7Sfn9|jB>=U1s z10Jef)xFhVweRT2qd>OOf{tt^j|u}1ZR~M9V#)IA5)zm3U-{Yte7G5 zW^zlrAAzWJSHn+E^@$6FiW{#G6%=IvNZq#484q z0lGktjPs6OYP4Rc`|sTWE;{Tq=9DbZs<}@0mwn5?q3`)iKNl(P`V*!+O6W$YTmzLa z05?KCEe2}yq8aN;>@$I{2mVB;?)qi`l#1h2tF|sDe=|^ykk7kg1?f8GQu)24w2P9i7xn@n{q0+< z^2U^+$l81j3n5WDv}#xqxDnX%I`%p~fE`6idhsvE^N)SEcrAGhsMGufF$i$EpIn*# z^8;+MlDb_g(2O~^raGdot>um|&d0Ij6nJrOc8<(B1zz5FK8-gPsk3PmoCTz}Viu0g z4LP!&i!D;I8jM!uk|R8<-{uP^Ygq+UQuk&CS0&mR+=w^_-Nv?ELg$ELd>3tW=N}A& zMJb93CH1`0d}(q0@MDP~XJT&a>-X16PqSU|iWga82gKy62S{n0+nBxcOAn&~PTKou z_y8bC9v_To=hy~exp#4*$y(nyn`%CjoppRiV#eEl)S8s@>UCpQT#to#r{@UzJT2o?lUX1MSghYnLT&+s#e)+#N301$QoU<~R4*3e}aMH}s|qz&dFG0OtM`U=>stPe1V= z5Ce#u__^s`^qVqMEA*BcE^P$dB|Z7lpJ>JV_S`m$=i?N>)af=?cbNhOmO}T-oXjQq?-H|)*)FQSyE5LYjD>b(_?A^3R z<1l?a1&1FMe)YWM)J|fXq6h_K6YU4DeQA&vWfrZ%Qf=^Z?F>r$GdOPl*@4e>=U<7J ztQ_z39|YWwq`jFHF0$+$kBP)-zAnwUPMl^B$^fO1g3c(=auHPEabSR77P1I2#GX>= z8*N#exU@0IbqjDv@Y=Zfg{?Y(W;Fw^m2xZYp*U^<&jq{Dv$Me2#tejUYsIoXdxEIu zJ^c8HVsp8sqBLnxoeki=TT%Pq$L;sM6s?jA=-F*`P|1;&z|_{tknelBx7WJAf{dH> z)TXj^X}QZ(ddo1rC|M9#23A|;;&ne(5%1#1Z-^X$&`x}pdM=6<*$8~6A6&DMGqPT{ zBy)@tzX?Ezu~30Y<95q-LF&Y)+#4D6axp}uHC&fpIEoOLi( z(K`4A?j9=IsUQ7_?Z^ns-CKjILA}w{Rf7|(gY6buuz!I_2X3qMl+Ca3xEU(cThumB~PpKV$aXpH!o2uv_g;I8^c~afg$AXn`TTYoNn(*j=vdjt<6j$ ziYl|SnRFc)kwjxzI#G2$T#A2-x5XT=q<$YWEqyfvJ@d-XM4DB^+Px=K3f0~G!Cy0V7vRhkfA)liWfetnC(lA>EV*kS!63Jx>hkFWt!%smiO>oo?whYwqYu) z$^pxi+W+|oZ7A>xk2e67B+2Vz)YKd{+6X`bNzh5d-~Fh5=mkKnZLoiiQyg&DC>+J^PGds$ zEzlzQU-R^8y3`U&^%mv3DqT+g*BPz<+Vn3^A zPIRa)n?tugfG!=@N0N4#^d2w!x9_73gO6S~hn2HwMx)Qzk<7fjoG4Q4c})}>aTrey zQb!PDXM%+BX-gYDonowiKmi!KADAI;9h^=fXN&0(9)C9)oXG)1zpAT3g@de&z(AY( zuUuO@VPR*dRNHg5oG;6;dphx2>D@;8lYJw+JgE>wDvB>PPc8+ItYt(u9eTE&>6amX z3(fNDD_)KzGR$KsFY^!vKr5A4MD1OG7nv{-WhPoqL6_D2e0-FqRIF$Nkj3mcJg^EtM#Oh=hjB#$>tJ_ zkyj=btU3`915Shv#Zs#-ID|IxG)?$;jsppLqKz*gG7j$^RPBPqzeaGPxzVh`#hmOy zBcpFGv}K!w;J42Ly|q!a8oD$QSAo;e_1>W-8|pGB-g(hhQ8aQMWH*?QL0=TULkuY} z27vat-$~K0xw0zkD*Ua&;V&U9vd_P32QNN*bGVjiN1czcs%R2m5m;||OCcB`vo9V0 z2w>M-F9P&=l=)UFhu>}IP0KXPafGs5SydF*F*C)^t|E*%ao-4bTb_iY`?P4dj79tPc%75IB%1fSwp@%A$AqLF z7_I5UcYUBlOOXFo3bSLi73jGM7R0$Y+!=cKxh{8Zkv_ezTZ5zY?GD?QRYsAxZ5r(7 z6Q%ptCvG(P-D*jWc>==}v;$ep|wdnNk4XBT^$8bV%Cl9;>>3#>9En zHHm1)NK)GX(>ZUGjfd2Pvc#;r=L`{j85@kciGWE}5);9F#p$RSP0;Z9YxGeINk*eO zWbI2)`KN^o{ji*X$zW5|G~1K)zkj~9@k~iFr8h>&h$lS0ac(}6bP5qA;Fb>|lXzq!9_M?t7$b+YI5!msq z?_OR0_r^qMeByWZfBEiiu~&$eYT&VgE3~T1aAnh@w<(GOYci-TS;iW zf7@AH1^)JnQa|CdhOkL8(Ni4r_l?awQn56Jo9MjD*`-FEh>V~x8TpmCs8loS60Tc` zq2#VwrO{()Zctn{A5_=pvo8CV*a4GrEUVpv&sK7Yb zI6>o(pe2>JE^sq}FtOhq*H=0Ayh=P~Q7rjzGJ53KeTyr2^WWbu(+lGhJV^WRgN!VM zoq6F7LV37E#e+-Z%BaBKiv}CcNd~#@-v8WN#os+{5K>Cnvq*dOH1;lGLve;K?-vaq zdRLb`_W|gwtHHrFk=?EFnD-1~03Zm1BRS~965j82)BYC9LigT|NU3}`O_JJQ&o>n)ziha?)5MqXYvm_w@Vu$ zfbUh?f$0%)h1cgfVdH|D8;abCj4KZwkV?16`tOw{Dp!S#Cj6GE-*nS`d)8pH?PafpDwrZ3(A7q9sW6cRaM61ifsMdPto1;i z=ln88V5WFLU_CTh@95Noj*#o%plls1s$58Rq}|jten0Bki-rx_EPt`?Q4e)9*ogXb zTvsymB{cNfPUaq3I!o_pMR^3ri49Ozk23i+{_Dk+k6V6l4`z1DW856(*#w}M4p29d zf**Fi%(UMja$c0ueG8HQG-K!*T>;;yRbM%-lb5Dn9;$r4=6c42IZkb!x(%gNGathZ z1Gr?wZUGE=8K}U_64NBljC*zg3!LyW-X+66^ASlyBQUPk(W$+<8KavK*v3ab$q0-W zW2brlGvD3zLGi*jnd{mi7jKJUOb?lrG7*0H83+!K2b5JA(}E^9nm@gEL4S^?50dnR zu&u#6ErCHVnfvJMYc6Qds1q#7KOV~lH<5#;szE^av6Tw&f)e7$xxS9tC2Z#*60?%J zGXMMV5zQXfYUYq%!rBx5`_|PrFp=4w;lBPbCIJRKfkkuu(~cq$=zbEG7Lp4sNUxc;yTQX+4{nkuk;6PD;g0x=xB=siC6G(zXD@%vYLrwU zspgT_(W!6buI7E%b_U{DZn1voNt|^C|8;GK{aH55bqQ3=1TpyrKWE#b5?%HZgQ>DL z4Rtn$ragSR=ND{E9Mbb#A}`g?hbsK4JB{M0f1Txc)($3JD+gMp$3&$P=MeoFy1;Qq zfPk1`!J6}DscJF4>blu6hrM&S&_aGIK#vUoMUl$ zxnY`{QwooIX0uji13r@`OD?~@C3tx#^6TMYD$wiZo74s$E=pBgf55DX?w~(r)v1b9 zNQy`RU+&4(h`op&0nE=6we#GiIpZ2j&wjjQeN&$lrHqP%{8HeQ4s@Ph^8aS%`PKd_ zDcpMK!1@9ZzyC+oEzR~{7*+Imt1QF7t>y6hyRHr+ZWL4bh}${aYo1vJvf`_L@pD&9 z9Ivj-X`cmS=A|pz1sJMCJV@Rj+gACNZPZh%6x76j3mk{Ks9ZE>Gouw|>YP_U2ciM$rRp>ND4Mku#S(ZeMjmkBfn z(0=C-1+Ly7G>g-3+_m6aP-i~*#Ao~ISv>~x$znc`d(R1(PR5-^3c)BaEDvVPB%A2? zT36l7XVBi6;Zv4Tw&sKc-1T8)I`ZXfQVS+PiZj1$YkRGC<(+YKYxdd<-|W;Gq<@+c zRluy0JA&_6@SPJ)jmM!Dk%^AQE>cY5VbP^y(tfm?2`0@)>;n88#};6mXijt{agN#d zLcRt5aRo^Oo$kK|N3i?UONv`GYFc_6eN_ecwIcnR#v_{IlukbQMg9?77z%!U=3|xa zY>kT0E=pYRF(_R(S#n8ydn8liMdaM%=NcAi8H5jhxI4QC63e^dM4z1pzs{CMCqvoY z45KpAB+cU}dYvst-zk5JZ?hyGG zSKgRhentDm2cl2zO>qh#&9FcItWwo8h!_Ewv=FZP!vvB+b6Vj{);`3ngPSV$%@AZzF+oJk;RgJ)r2}wjR z3FZ&`;D35rz84|{#xN$^Y#)W9Xn=nIe#f49v2eDN1p@*2mMxJV_-rQ#FocancJ%c= zo6VK-k8D>ync<3+*-NGU=y(N@0K`D)Mrq1`bg}3$N&P082yXVrGcM_%nhhG3jUX6# zv%T1p#FZA@eSB_17?1AYbCB5_xO53q8>4tEd`*!u*s@8EN;SmTs1E9IDjg|*3sT+X zwqzSF&OrFt9}4pOe_!fq_i_xWMp4)Pr#C#;wGt{v`bUuWIyt|r+=d_SPc3bbO!f{h z|GVy}`5{c@6xgC4{j-<CKu3+el~@iK81FbnSo*k0~e%qFH1ieI=s6*CEAm+ikM(}N_J7ts~`~< z+Vk+vPEICSy5?f#kq10oGjK@kSXzAmH1!w=OL%!6_dR=kO7LkIiW7CX6gr$s(39J> z3W2Z(eC-dq4w>t6tt`5P4d0v|H`_0Zm|&d2%DI@&PEhyL)O)WX{_{?A$+y2PSBG6# zvcQF^zcazfwByimXbFJZ>k2kM{~axLz=;;7OJ(iJ%>>gIzcV`0C!p+ED%)1YjDWtF z{iO>8V6(z1=V_^RZz0%oRQ~c1`-K5Y9d$nl6_GK%(^4)W1nBIqq~2A1dl^CjsQ&w8 zZY^A7m7tUToEUnu|5!R`qIq@{!XrU>fyRUi)9>_$pfFy8i(NPXa=GPK@uf1t>{Ro+sX!)hTobV=wvSeaJ7$4tA}Zdmo~~w!QI!0 zJ!a{%ptB=`;s#tL`uNv9Y7rTnBj7KNo4+=`JE=!cD~EfElVGFH{dMjYyT342?|LDU zoMn9SucN`ns?VMY-`uw&cRWyts z?4}U-LNIEq%^Wc$Re%%$XC0B^7 zG`a}W(|n0UBUSn1ivwZ=r}*bGABQXdr9|Av@jpai5^So`x^CLD|?*)HA6VbBFd z^v-Y+UnX+RA{y@GH$j^PCNjiiSqx*&e-E25#^ijx&_?N@xH!noGQk2E*CqEt)cDo& z?rpH&J=;^*w=tV=V&d>hpP#!Q4=TYjEm-EgYw5B&=$C8h>PQF}IY8sr%{ErBv03Zo zlpD(oe7MMCpSV}_=XvBbJcxvU910yRytc295zYpx$MOo1!d&U zwR?!lVESi}7ya||#dfu!J+cAE%_)Dkg8!_nu#Q8MA=SHp792ZHw77OAI14b&fq`5{Aj5?S8Y4{*#2u2Q_Fp$FO+`c$q(nrh6zr^xO)ZR&kR$_R)iBkSdx_Gtq9P(jP##D=Y^6~` zm3)|q9-)gy_Tu5om}mH3f?D6wH#p(_3@QtHT^DPNT*(mp`7jur&`4+Er+;5^gm>9Z zA8ZIV*a{j-xsq>WYlI;3jFZo0Hem=Zc?NDeE8~~p4Y=C1QY4qlQo&Pka!$hHl$08G*L|?B*o176eTLf z6&_s32Yqkca@7?J+NIp@i61;1zQ20ogMDm-G*O^k#!iM5>aH;Sdc#QMdFU{1bI=tv zD^ijiF6Pl!ZGq09nbeb0x;HjFolYaVD6AovENtNQfjctL7Or4?GXK|DSL|<^-y~o4 zuFKsBN}qyh1?2^HIxwCTDUe2H^iWP6sUGCKM$db{z&I2Vs4_vihC|&}b%2yXkjY1_ zVH!?)YG|P@n1NHtkWTg#y^^(4f2}0}7%RXgP0;1@?10FjsK7fKtrEF27_DkVGm>-7#d_@+OJ~0e;?auFpR#oAxb!mDJ5+4#g0)fa^q*=zAcup zZo_+P<g&mEeIxbDw!3IeETkuz>vtlIiYHZ?*$uc*T*>&Mdy!Y*7QDivI0)c>UuxcT##l z6$1$^4h?1`)JwZ?HDi^hGppbncCOf!#PiYmVq_rvZgyEE9p_L{Q1f$eg~*J?KAO{W zK+q&I#?;qIgVGsR^yhOr@)%Cj8TDU%TSQGD73^?O2UjWuK9Z#)(h$ed#@PGZCu-Ucj`ZH+r?HECdi2(ZVxSw_1z8Xm?Y;2J zZ|G7~*fQQKL_a*4(3QVGW+5ixVH-{V1|9cUwPc{fXNrK!nDAj zxOqJj2UZoC-tYY`U6eD*=iQ4xOvgTm*XA`z+ItIYLL3x{`_UzvpBvo?XW zO_-%(@)^XV5FqCDQ|M2mys%w^tpv8N&KdQ$abZUKN)|+_Ut;xR)v>1@q@SvkphCI? z)Ojf0j&M%o-hy?xgep0USU#g*mev+|ydHIz4E9+N_9|Z4N zGeatTZ4zuq({km00H`Ai%7Pd39RQhB?Ao6Ejak#ww24cyj5j z=={j|$ogoq-uRx>4S^uepK)vQQdt`cTS|RzIAX?Q++*tZ_V$SO1on>isLy%!Hur8O zhYJNi-b+qq@+!A*rFY@Vyub_CDIBm=8!IaUn~sCQ!VGzanEro zacaAG3SFGru1$wTI9NEmcf91qa;V!)nQ)cq-idSIOqEENUzQV;J)EH3o7=NGl zgzeSsUhM4dxbEcc$W9iI0P?0Y!*}O*?9Wcm;&&-0z?t`^3B4>+EbSFPJIwrbNG_H> zH3&!ee9!3ol-};>EARifL!m>vgV5j69~NpugPHA;{YE@FM2^f6XPV-GD}}4Y@Unf? zIYiL_a~*Acw`)E`E7V<9M)rs7%U2K?xg>|=y=08Ut%Nd8eycenaV{(t{KQgD^LOs; zBL)@ETtn=--iU`cR=R#|T<|D%O?FN9D;2By$rtQN1Y>*?C)5A7e=?3Sj$hSSHM`VU zT}5lL@|6}_so#`&>98iazOq)TRs*PPa=I|}J0rE(~+Y1sJ2>&6pA&c#~?z)SH+>6D9=<4P?Ydb|C8+iW|4>6&Sj=~R19 zTQ{_VG*aO6&u`Tx9N{Fk5Y>?yg?`MaMU{J-~Ol+H;m|cJPI|q>H4Kq*j3(&~E2?1XG_#e^!4|pMN!N zb-W{)<^i4}9s{+NoeVdh9AQ4)7{JbWqwuxa$Ilbj1rnoAM#px#Mt634MvKLlgDb=E zx+i{qQJ32%?DQUt?HHe-$E=5NX31na0g(>%7*Svyx*ZuymX}k1_3{;#S>Q+hIY+N<*z(ESWfXTFW z-@-y8c+ftz-fl_nRC$|=iA96OqUA8^vi45B%_+4An$UIyF{jq}$KQNXJCX46dZM`B@e_#}KS4pv&Q=0yXQ} zi<$(LCN^w&BudO~)yCAG)KYAYZk|I*rWo~LuB|rk^PrU=PqGlMw@XJ}G@$iZS>a?e z&SVRw#aq*0V1H@ps+Ku}C4GM#UOl0edlSFW&8%Jm_#>2MPO)jdU+#D)Oy^;I200?fQ>?;Jby zuUDfqbDT6S8j-UtP*GJU>gb1({ex4%>WdR*9(aiY;?m_L!7Cng3f0xhgbes16Yp4txQvOZgtP^ z22bldEOjkw<6D>~^)4D0W(11hm$Ba&=*s-H`RzmPp=;*}5GYra^+FTRfpItEUFmlH zsTH_Q*(Lw*AjSQwJ1wmCAfBJaOW~>+et5&%!W+i_*mdUm_3`LpcS|>OdQY0if%Z|% zMa_QVY<1DL)o{3zpQDZ!>xJ01bZ>v#!J1&r{mfC{!DKlI13o*)mY088d**nbOlyt3 zd~n;pULLp9u!MPdvV7jkeDe_CRzyEwfWZ> zHOe0e6Y=XQ;&918`JcBR12a(n=Ne-I@eD~=Swu<-aaK04GcvNW2UasGt2G*8L`i9n@jhI|4ZGQEG#OK0`xU@8K(5G^- zw6L=0b>XM};|*TK^{?B^)Kq`G;$Y5CtuCuTC1P!7M8(O(!o)%?@Q8|viqFo_m{&j1OxAWL%&a^-Jj^WbnBTo)M7+Uh?`q|s@4{$hPxG%% z{-+;NBYOioQyT|UYb&Z>{px?Vc68vUrv5e1e?I@B)5yj2e@C*i|M#>I6J-ANgqf9z zh50{yBbxI4y34Cz>SAP}A!=%g;2B~J0ah+{ZoWSn{O!^I4*931>i^r6jg^b@&rSdI z==Y{7_C|Ih)|QAt9R&VYVE=CX=ZF7p$jAI^?tkLNzZm_;T?D5E9`P~%M`{9(#Dnkh z5P~E(6_x*pI3v{T*9X-M@%8#&XT&wC%7P_ulQqU%w!s zJfQOaXI~LDLQjxGbD%T0$Y{7iNdM@o0tJn|0r#J_7DDnNKz{(tdC;@2G*!9)g{aG5)a} z5t7(INaCe+cicahgg0T&?pP@?4bX=5pXwxHGH)K>jz}Vh%i{e*l|(cnq{?V_{D-UJ zSF@bgLP9iRLYxx+T&fR%HrW3+On8J~0$#-6{{<6JNVQS_xh#c(5Gz{=&CvdztCY7l z#`Hf|X{v}UB;-&6PqzkhY_r9q;^VbKX}KN#qBvBxK3Q4Wc9%VPZ{G5Kx>HMVLAUVvFUp~ii}nEc zv2eV%{l6@p}PGYWGxri}6RX0)~D(?QlWQ}6$}MjsGz+i#WZFI7u8LFpq5y2Jd+ zI%NJr%D>+CDPk59%HB&i2>UPI@AV6XdMlmXiNfrfrjp!Lu;skdY_)SbIl%4XkY0nr zXPvg+sQZdF(bF60-`IHJTzmnYpN&0pF2*L~>?>5x|H1W{>A$!Zp;#iS48>e|X3T)U zvmu6{hn3WT<=whjKlMgRt(W6RzjPu~B%o)P&BX9v!S&dx%k8&!{`jdPn$d^Gj`4Vh4i)o^ z*b^&LHwb7AEkZt>lZA--M30`iZ+k!NB+{aP#*ea zE5rDYiSWO*oRrN_S#Pp~#)fX}G1%pb^ka-QN$Hr*Rn$!s>x?U<@Y%~fc@CgK50LAP z^X%RnPn9sbnxd)NJ}R`!FFHfU#@6S%KJv{(VA&-ev8)evAGjL?*ND2$wg4B z-R0$M&Yq-0_6M>Nm;KRzeIN-_LZ#a%gPn1AI`r7t)PBsXY+hy9>-q5RCqc|`_b#tJ zNz&ogBWfBmb?m#pMH4=IFNGvB_Z;eYRR64i1rLzD4vQW*Ui_WsDq=zs{g=t@mWCep zQ&G{;Y1vIS!iHmOC|CV0IwX`T*-9Af>?y}R9XRTi!~-^&A?o>`T!p!sXV5vG$%ZXH@g9Baq^^e$7pQSu{tRu z85l1@GafDfEw;$ueSn~bH^nFn@6XiGDKv@v5aY(daeR4>H7W zmCq`^l$W1>YmOC`=LyolAF*kF3=dI7C^5B_Yt`ywwR+02%Q3aKSDIY^#l;ltp*Ro} z?U^L3i~Px``veiKz{-LIQ1>bSOw}K}q>ujIqszFNjsRFH71^>hc7UXUZl0|z)pmL{ zDp5)4ga~!jxrI@Bnd5w#-O#WDjy>JASyj3=@&rWU2{y79i5IOtrrUf^N;)(WA+GX< zx9^+Y!Vb+HU*6xDZ`(_Y z)Xam+v2~n=VnXZH9Q{z_)*C2s?&-ymf&Gh6*XZ;Zb1e{2o6=KzuIbC7vu8HteD^=f zbBfSNro5V{sWVrj!8a%H$U_Gq1Yd2Ua9<@(pbVCe;fY}Srf_ZAE>0fa~(7|f>f11NZeKu9|23|RpiSk1T~7r zUX!A+FO)vL!Ox!&cq{fN5g`~-kn~G-N!zj6e|E?|`*;Z1?eh@Vp#7O?xI$ELlsTA| z^u3oSblV#lzMp^b(`mDjShvQrdeK=R7(FHRB6T{;xL3W=jsA26jmEt;<}eJR{WzKy zbZ2wo=4!Ip7Ne!Sij2+W*0lxpWZh~fPa07vBXbTW*JGjIa_fETkPY zIN3B>SzRr%Q=yalZQ*7sX_eh6)fdX_CA0w2?`z zj|K$az?u%5KCA3zr@k%G{9~bT!5BT}S3GnYi~O~`9Pc^CS}k>}Qb-o92E(XbSDcHL z<|Gi)Sb|>!kGZ<#_#sGG%1qJf;xKu8K!YMN&dY1Y+~^9(i@^ zZyroYg#h6nRQQU?@&C+R!{}fBVSF}&@i+fa_yAb&9i35|g=T5Q+bUll8+21NA`j4z zubucLJu>XaUL-BF-Y+uOH*IB_{??$;0yeKPzY%Wl^s=?QTog+#GBhXj$2#+Z&nYcM!!fa)T_L+S5wT@q6jg+Yi&t8b8N`6bWR{TgGj zYH1v!R{h*0Gq@#ofp6m#!1H2X!_{&Oa;zFXb$$(lFw7A#9=36b$fbTbV16_{_nKY= z$tMKM=FlXCyNtr2gk#tKsxs-^k zYzZUi+_~L^M;E>4%|)afMR`>*0nzgan8`p$E$=UP>qE~N(YxGS#7_QuoE^b|QULHH(;V#7cKIb&1iz`zaos9%GrCJEo|A5|$P{jf7FuIx-0}{El!VS0^EWkC`ACIN z;dlEm5IS#gz z{s!|2xs6^wR2eYMX*t$;VBI%iYPUagY&XvZC?Z9%oU4huKHuxTIwdwdjbqgCR8UJC zIwCFP^}78^u)mZ#X*uYy-T-4`B-ewtr=uTRoVTao7{Lzsk4ut{9R*;G4{b3C!zlo- zu!xxA;5V>=CEcCHuv+G+OcbbB*ajn1#E`&S}`2oem}U}bwNU97+9tzm!=OUkO| zW&rzwmFDLABS!d^%Rs$+5m{tazHk>F$C8V7SzRo;#(FfiR#7I%s2X zcQr@bb?)CH7kb_AhwBtmq{KfE0cnM!Lt0tAORtja#wuo3DYd@7Ujc*K7`ncG{E98W z9=oI<8Ovhlg<5W;_yO63_;ZTUOr_M`|A}2}lKc5HR+*?RcUzg?#@fpQ;>;ZG0)wqz zoS~2v6Sq=dZG-g8799rEbw^||5b?JvVav|ABB;d?jZ*dC1<~P!Rcmc}nN9SCIJ}v8 zneyu3)t4K)(`?UI^Kli|Sx`Wvr=heE&A$3mo-h{5t>43x2q_;2X9Bmq-Zh)9@nIR6 zhS?@dge~4|51^EHnRl>Q!DN5(ocHBn+l|+c$*BTG5j%VP&7Me_ht|nu*gH9?Ouc(r zILM)Wt_O{<>h+c@pTVGS;Md767ts=*l?o4=1ZNrMV$|EYYa1}5>p5Ll= z?7M%QI($;6K;(u-g3L(tM$x=bhQ{J{@6J5OeV%XrpzowRi9+n;`=KiB!h#((uoHji z0pJU>cI9|jNu|da_wLx1;S9ah@M#B$7cGeHOTV5a~nj$^JMzDz;7CdTkzV)!HIyB%{V5c(ct3;hc9^%j!g`2L4-^;kl5N(t>^MOWkY=zh42s#3%o(Lxyoj5@shUvz5LuNG? z_w!5cX*%@oPtrdWKnb6YTuvPdMh%|3cP@@3VRH2`;J{)X!n0Nb*sQ$lqR7j~HQl(D zXu$BH#X8GMru_yoN&~T0p68w$?a$0(v?opiA+Q^(yuJf7iZV-!;cSP zva(9F>IG5*G>vr%G1$*!*Xk37ifYX!qkjB&uhHb7VVE9D#uep*iaB#wtX3Ym*bI{l zV3?PluTzs8&y(G}^*dE^*eEE`X_j*$BoM8`N*>{ggzb3MF4pO`x>0YTZ;43+8Fu)~ zRvAH5r6lMq7bS+%7IRgKRmZ+Nv`yCMndi@=V&e1_sT7MyJU9*qIk#KgOu6v4-QGSK ztC7Oj>h6uE%l-aV>%7;D$N4~eW>pI8<(Z>VZG2$~q4c_pELfaWb7nhDn&YZW=h0aR z+w52EIexd)lNKM(kjm>Avo)9$ELVKm8=Y@BKV^B6SlMQ?`W{F&#;QCld$=^6;K>!u z>$o?wJ{hTTu|I1*G}-kIR@&_@JDe6Z{aS5rqRaq*@m$brq0YTKEHzX1F#z*A?*;+X zN%a#k<`|bI+3oMJjzR_D7M6j$XDK*joD*%kx`XB$6BYfngJo|ynL~M8j>eq1^vYLt zTV=FDE9=hBcE`6!-$d0yre@b2Ay?@X<$dvCTMNKMe)q5m_M2g@)43WeOUNh$dbCPY zWie~V4Z#2)8% z4oTEv?tWgpR9&nFGRyb9DSiv{I%;daJyE?_njC$~lme!5zc`3RNH)=A9@+idwM@_O zA(dr0kVZC%6OUus{;rZo&nT2CXIj(QULJBPEPLL>@3*I&0?CW``&Y?7jKzI03pz zi|EJYOPXDC^2Ri8HThN|TG)(Zs{v@;V)FE7l|dx3>E1Bt>8vyluRhaH<-3yyne zK1`i&)5m&&d0I#9cA12D00a=YxU7Ew>_qMU9o|w=`W||LyDtd+LEttr`W{`M>dwha zQh3^N6+N}AC>tn>rFqFDJj_B|?=_+TrI#j|Ezb3D*50n+giR#czcZP9GTXBKZ6}!P z+R2P|+5!0D95VF*;^oEdia;)^Hoy`wwZ3*(z=mL&Q5%1NH^RXD3f6PGz1=rK`Al(o zVDO?p+d^9(O-|TEJqUlS_-J zUrJInR-m?+uiDyl-l2kHp4C!Zc1-c>f1y2W6&&|h_z`zQ(b5rTj(J(X>{|YD-gjGQ zdc5vytU-5pBG-E`MN@ZpGlRusPfPgLVEt-X&to=4Rjt~N+lBBgv5WP()~l`L z4Lf|Kv3KJROq6DA<~P1#fP`}O#ybPJu25$ zInmHit>sEu@w?+2%Nh>iT29h5!x#LP-`)sYO2*UZ)+r_}(P%L&1aebFMoA)a^U3d@ zhSPpBuZ(^A39)V=oJ|G6t>*%URWPsjVaauA|xvG{RCqqpU$MO7DW%`_4hMm*3 zFhv^LxnZT&IDsp}&=OWb`;HIqrn4~Ot)AOOmmUnvvb{4MBhy!zcXbYB!|teA6>mv-k1uiW1b zr%QYx#o@nn#E*j#@|>w`xt36n_tAr0E=-j2t#q2_5C(ixLh#O1Be}DdPY3M$vzATu z&*;;yWS$Beh3OeC5sHnl@23Q+w8f^o_1!YAG*7iNUZ$g`L_)SqbK-)y>m`nDNmrh| z9giJb`xMfi#WLe#)W~Tmo0Kmw!30ms$oVzgVzxndw?eMBWk(>GWFB%kBYlKPzO@{1 z+zto0aPvcnXS(K6)-GD@cr15Ok41hIs)Zq zCfqvez`DEUg)t_^oY>z zF+-kpTqJ%|o;hx|CxRy2Uid==2fST>3pXDaYEtP?_@%j>u+C59rza-ZMc0-&=AA-g z-i#}kF+@JZxTa)f-w?4(wr{Fc*qXWQDTsbK_Hi zI&@*_6+ZqLTZ5+umvxr&OsB+e&z#dwYQhd!EM{m$7VE=aXWmRivTG|&BQmM#)Q5|F z@RlwIP6un?^daxqH>+|lFS@PPn~T6Uj%DUMo{_LYD}u++efNt2jb@NDbk~XZ#5asL zLrg?)ZdX@&(an)Yd~Q}T_<8sKEM?p?icE>{gR$}3VM6zk{Gj>0Au!XpBKMLf%(FfT zeuheV;AT4y0Y2b;8oc$M*wqe}kfJ2?34!n0GqrzYG zy{k=z=iob%q(d5m%bYii^t`0ArOU#LV6JNDk~1uoQ@i!tZE{_)zbP-esM*9}=?&W> zSx>gAFn&GbM&0;3$K3A1)U)$v@T_TYSky+DfpgpW!mOwEW93~K0^WEx?7ue3t4&cB zTIOlhmWI`8eCB0C_*Us07FMG& zJq?jPG{DwrFsGkmU2uZ1jE*X6k8Xc!)rCxiS`_zlT5{g#v`my53o17f(S?8kVO#2hzi%#pQBgXnSYmyYJu*V(F*X;5kRL_#+ok*FX;kbV_zZz-Im^ z5CIL2nB-!-F`Ftfx+Ckp<;r?!xyy$wb>AWArRBfODf249Bsy;0cq0UZ*mu-AAzi-m zjx5uBdgx>WKOSZK{uB%fBu$Z<;6RuJ+9tiJzj-_jWa7sU{8?(4OPI#JDo9^S<~3xz zudpIkdN3q!OgUR8%V%|PSqo+ATpjWS@$F^P&XmvT(aq(x#&~465jRr(J&0nQMoDyH`cFWgQw_U7H8~t2Wy<1Znmw#MHt4F>F7JXMZ z@j+_ffj{vYiT;acxFeW4H45*k+kHio(y=XVpxAY}kjc^IjP1IIUR@A^h4?A_VIHi5 z@Wa0u24A5j-bcA?8JQF=jsyV?U-_T1GL?J#*GT~)_vSBjxP<|U%T5r+NG>19NpCq= zBkRg}fmP|m?sT7ztEm$KI9TM%V>1B*7N<&?nJZsyuK_CO9XF8S>s3QjPk_MpZJ$||~5J?jt9o_X4RM@P)F0N5$;fI~HQ>8sFY#rkY zX@cAqXLIed=?6H(_`kZf?Jk(7aXehsdtGe|!ku-FeigborC%=^;!6>5dJ0G|Xg-VY zV36tFAD$`;W|ti^{jq){PvyxbG0wqLI4bAohF$YgBl|KZeL7ncI1FMEByJ$ zC3Lcd0R*sPfXXw6Com^T0G+Rm7S3Z*t0^Td85_FNJUInOBC;9kRliR=JvhLfYtpp@ zL=Mo(b=HibNapYIyI=G@ zJ>~R(A{B`NG{VVkwKkS?nyp&j>a|giJqG(W4Gna;>&+9k9I~I~tkN;g&3bfx)5w0Kp22ejr&#o z`*u(Z!NHJ}mG?ZnY%}7XcZ}K%Gfo!uWIDGrljh^)42h=qJc$DjNSoyEpG|x|+2Eq- z-UXm_knQp5|5%K?VY*BS+jfb12n=akcj_G+teqUbvMD1V*smMEJEwdMJmaL{aD>cF zmN`ovg6u)fCXq|9Z1KI>7>L#vqn%IrI66zR+vi0SD6b z(^ZMc8_9G!(kKhJUZx(yp2EV@A$w=^o1@6H46iDJd?u@ywTG>4M6 z53|Gh30=KJ7heyd?_Reu3@uiY{+^z{!D{eYx&uDZEKE-S@a;Va6NEt8_JQ$UJydD9 zB7K;u!i3!Q8737xR{T)nGRU<)k40FNN&(#`S5@yNv!00jfZGaprKrb zT)xDq>TjDS4v%t*vqyrNZ{O$1B&WqGGP7r}ZiOkHtaQXL=_U^ugsH|;j*L7>EnBy( zIp?yNc}>P?74-H3&~3gAEgWA8dwU8fG|PwWjxWDCj`P$}T&4m|ry5w$U4QDn6b~g$ z9Ay(1-Agv&tvXz6<~muF1#aIHF(x&aM*)ShwWgWuCRMKLqLb_N0MVGi?#fO6qPp(T z^PbQ5myX6YVeRct4oN@FG{cmHejIv`?kDU!<)u1vh^{PkQtn^gG`iENOF$cL`ii3$ zj3ectGxOCZ&TnQ~yTjU6moA=byyy+o@?WyxO{lNYI%IwuLz0K;UQuIex#R^>J`Ohd z;=kU#Ovsa0I$ziO1wHsna!Qx3AU{DJJnPxb6EeOkY zjYPyMtu82}q+7Pu-g?)^??!K4sNc$M<;x|9b(Mn&HGbj%fj71IRZGrZ$MxYv-+LT{ zL=L4}Rp)BW%{$NzTe&){vr?zRcIS3Ar87y+SK%;|Ia7G{yM>!Mx%;;HHqQX)QQ4^u z0@BQFNGImC?i!di-td-QWlYT<4qs|@-_6-)q4*?t4QxxD61+8X)01P>Cl&md3juCB zwsJbwJZD62cJ5E%v4_^&t=8M-?>-ac$}wmui{Gm)bj(q@_4W@t$V@#lAoTPyMM98{ zM_q$|he%vHDF<^43MBIq(`nnsM)^A2lOkQt+B7R{BFXs@W~8eSHUyY}0FBm&KV1z| z++X7eQ|HXF`VL2zWbLYk{1K&4miwOM6DKylUzfxYDYN84= zJ;>C5fsJh{b*?!Pu?$qMC!#oi-$B`K2h%Zt4m+eC1|T&%?7p4W(Ym#JLy-#Xo7jz9 z3Dpa@4|(E0zt)O#dz~PTD8c|H+!W@wnMw@1+y;UwUIbCz?_iFVXs}(igKs6DyB$F| z&tTT~cWkp&M#Ubh)(6oqM66<<^Y#7VUbo`~FNbA4UOmlOv=Cppf~5;kI4+73H>77@ zYiIm*I~f7flb~rUP(6G7jZ-kvAc(Nj2HwB;;A!AQ@*w1uo%Ya-AA8kRLzLxw^YZi8 z=a2~*r_&y%d%&r(>mJun(DF$%7_8XFn`L5{C|9!VC~0*&r3Y=%a;uF7d)NuX4yNBz5o^{~04%}x-#m;u zC3lx-nCzdph!0gT=-wI}gK<8X3(?HX3Pyesw$Z}Y-5GrL z_80@_%lyw%e(q}t^_z7|6TX|^IyoCkedxEk(qzi=XmFa9v{1*xli!MH6iCp=CKV+m z5UW2=IZsAD@kMI3?aQ%ef*E+jPRaENqgXBA;A22{_ag*|!n7j*e^RV0+dY^~47j-9 zq7iSX_vzkCSZJ`NY4qI4rIMgV4s{9Bn6^!YIbPRFl?OWsO|4Oay{7Be59igYQ0s@L zv$91uww+m&KX)LLKDGII=uwodxAOp3fAgeYt9MYusw%i98$xC+7g*wS$iGgLE#m=P zl4~o@psIQsjc)}etw`iOhZay&m$O?tSdC<~L4{gJ9fqdHT3p%Kg8EnhrP=tvBkE`B z64fr zJ_+kB=gs-du>tF$`}C-K_~xb>6E-sxlieW(m%@jpq@hB#CTt|}3Gi#}8*X`25mN23 ztkgC5sP*lWy;+aL8(3;s$SQBgP4`|&wvHBWQE1q!EHMeu(MW6UQSU^I!J4;hG$AEy zG@)M!?@5UGw!O$4C&;;q!t~^M%VfcAhIw#ralU!;895Q>_N-N^R*+djeLJL;d;IHX z2M6?<#RYlNECz;Kyb`vw!(KG@Ta&*0^wQW^2DMq8t7#BRhV4zy>e%I)q=Z(TRc&@= z=Xe{W3}PuhyJw*mYMhV7v6A_MnGxVjDEgj!w}I$a4iNS>+tK`+WQS0vTE+TBw>hn3Ux^lp{I!zEe4Qn4PPyNI)!l+ z)^BLNN;wvMm6K`IaR{b&J%_{;orN9B#^pj_Ggt0+C!Y#81BX~ZV$33Un`2Ol zbaw3~x=3&F8XJGmr_k{9DC;F|_NNmgMx;|V!l563kZ8suHU!Wpxt)xkf-Y0x=agso zB#YEbqg+a}5*h)bLNwPsv_`X)zZXIKSl}YI0bU@C-Lm1$85_Q`K#9deU<%kqV5_o3 z<5XiKbfGD0nMXhsv7ZJ#vy!-b@Yw6S{^gNYuEuztQ!TA@To7d9uW4itd`{~hq<$Q z=}`8yy^-Nz&!LbQ{X6;LNrrNnptmQ0_B|QT<|cn6L?ZwEy6&XM|BVbg3&nlScv&1U zo4>QDO#)U7)jD)c{T27_<9u+QahiALg6JA7MU?+M%-B!&#ix_+Nw$`AOpducTV87$ z4MC|kH0>PmXWKeD`zx6SEwjlIqv^>fkU3j^&Ex5Fkx!AF7(WEO_;(vP z;nz`#7pSCrB#gk#Jtme_pT;F1ja8eME+XtC;aDdH#id?|;N}wLad)I{SEa4rSy?q5 zW0;QT)u!g^Gk7kU9hcvK5?Y^IYRxGoar_w@oiB%Ql$^bU2@Z{y+G8W# zG~ohxj*EswIS^Qx;l&{5@2TWVniUk3_PepsExM*~;JIjWIuJfv(*|LqBo7sxFJLa1 zj$he%2X0UZ7{bCb-8u0=z3xZUl;OH&F4!}-JWITQ^mXkzptEBLo)gci+i)L#D7+@bZgu@uW9FEcx{1j?G3{uFK&i~(qd|g?0+wG0%w4x%U3aaf@w?490qI87 zX*GptxUuqG^s9_f@O>_x&aGR2l5T@d!)yf3mx#NOe^GjQXSdvOPqI;tZ_Z0GofVdpt&c^9%V&-9rCj&XgXR}Na51kXz&0fm;8_-4>pgTd4 zJ*h|U?j-8UI^6Q2F()$^D3&gTi1WnH?xw1S&<4}IIL}ua!C(jY(&lvU-*#ye32ZXI zd=lyy#K9u#oPSO%Fml)F#qwhA)&(*+b^h5;F2zLsfyj-xIg*I9O=B^e%Ru}2m;UO_ zn}0=q1ot{JRhDBJott_tteJyqcPG+gMN-GW;)j+yr5T>OF<1 z7EyNhU&n-f^22fi1{63#rt)uW45s1-kwXE8`Xt*oP} zDkK6}o@~CH+CX3e+MgXlu8r?9+NY(l*igP5Fss*OUoJGB=6r%3tYqc1)mu-?VPKO2 z>la(y!#!BGJHGBUw%61m{%hcr93IaYe-7aiU2OB&9pQ7@2R7f%R2sZ9+H(Lv(|tcl z_LRS!^!8s?1us?Q#WU*RHI_3d3mF_`Kyr1O*X;56#If0T_*cq095C7YAP5LoCl7^` zNfN(h**EQak@AJ`Ax&#~P3L%*gLbl$$(!5A1MjX+r`o0_Y0PE&^sggu1aEshWp7O0 zA!8HgjCBD&$@m&*enw|^XcS21_?SH`KmA5?`^M zbxDGtOpEz8og@zPSHD8d07;3FzBcF7*u zE68NINykqf9*&$5G^1n=YqK;~4vQXX-;V3*jdJGJ&uQ{vne?PF@I5s!xyHrqDRZ35 zg(y)DOC+M2LJ5eG{9B0^6>hyZ))O?}XH4u7A8@}<;_Zi*!b2Uw?N_#3yjW@>+X>n; z)B_V5yO~%0wYn6-9p@ckb-F}RGp}0zKsVUiA{7lNI(iP}qBhB3AIeAw4NhP|dQXVW z;l=Y@(Q_Qq;1$Lx&UT~bCuuP^UW#@O*DJj3hX@#TgrYearUky2Q1dss`|Mz@k3MlO48A3P;?xz&o-WqYPAnO6+AUad4!nTh}g! zQ3^6$$JwfBZ!5zEuFknO5hVv!iiN}Oha}d%FG!#NDlz-OI88#T33UHSn6+JR)K8SV zGPacpP~siyRkmhlW23h7V(nP2Jzewl7NgeZJBry@=zRbAG)@KNIk%0_k~=6b z6@dbaQ;ts!5zjaM`m0lesj_x}>(0n(&sE7=Xqq9{#e#(48{cG|s&Bxf+1HW!^KywK6-2yRm6ZrY02L3-YGV7D%uScQ z55IUf4bihb>Lq0(4J5ix8!<^2K*fK9NGTjaUa!k5Dijda6Vg@<`Vnx~?0&T}ZCYN^ zD7}R?j*m~RzsdiqoFoXR&UXB1PkDJ`Na|Dc_UK4tIYPI!Ebs<*IPqo|unY&;UE0`w z8(2QNzZyt?jEVVK$wEAT8#SC-ri59s)PH&&RmHwta(F zOX*v^<$0ww=Oyp54YcFdcAg!x19!JNPC7w)Zj}mr^Zy@v-yPRvnuR+kC`CY|gMdmE zq*v)uRX|ikIw2wuI!Lbpr6^Ja1VnmQdhZY+NH3ua0RmD&?>&LskDZ;pt24VhGxy*7 zANld+%Ue!+&w0-CzPFZ#!&29Mz@HPX#{~yk&tOMBGAm<|!lz4Fa$S`)VK=&>k|4lQ z9=qGf-#+S#t<9I1;GVG(VnW=lzT;22>%Z#;YLpWYZ=Ci=-nD-~`ushRcv!h8XG*|Y zzOH+n6vihLtEBRcaD*w3>C_i%d5)p+!r)JF(XjHh$+Mzj=^+8Vrkt=KxcNz?hP%ae z#=|6a@_(Z4+V%S_zAj&7vF9946DKdR#|<}hCyE*XRa$#D3FlAo&@nUDzCQDkW$tkDPaO?+@ATgr9) zeS|Ex?{$rQYlOXGE-T~^Y3*mx8|-wlJo~Zm79J^X3fX8H+?`OBI<)l}BXba1mb5s? zgxEYtp}nsy zGkLn(SfrPc-Js$k60tSA5v4C`J+@J#;n^_M_Yj&HIsHkqu(wp!2xB^V(QLTs1%B>J z`PtU6ITUV9b^oF4F(mociF=Lr-Uf`Vrlw{a4XbC%*r+yQ5VyPK$-mrgH@nfO#UNq> zfot(&w@29tchQGCeKMx169|H18%O?Fo|0!FpfjjyNDugTy~UkW4oN2!az#Psuve^G zEbe43%1aYX0!b0$JN zcEs9WQNG1#9PEg@#iYo&tG$sNU6ba@=;mTfDui&KuQTSuZM(fvyQR6%W&M_TZfq%m za=hH|Jj1wJalPo`RtLi;TG>hQqA<%Hjx|IL=Xw0pD~iT z(Pt3knnxld1t9xoJo_%dJIsDx9mpz^-fIDZl5yvFAu~@yWTsb^4H?9F)jeicIBB~g zQP6&G*d(CQUrM)dX-x49BrhZt>DQWi=lmLDlgn(yLOm}~GI|`5@JX*MdqNnTh~c)c zzs)Z6(vO7a#8pcsnq;ttdy^V3a=zI(28dX&ZMWACZFuG)3)j10QGcPfb zF1{uL0r1OS+bc)AitfjW{T7k2JVhd`grv8a?{JMkG-N_SI+PcNw&UqLn!~b>pZFdK@m(n*-gq7Yo=rVZlCR z_T6NBp_kV+rvp1JxMfhO5Jbwzol@uaa&@vyr}5wfAeBl#SfGU+9<|q}oS@4}!SL4h z180p)%t4`Z#aqvxz2L~`D0vGxI_vKmX91vob zK9niAEZgJv&0x7y&Znu9P7YzDOc|%FjOZ-dXR5h>f86 z?ivt~p##p*@=ZK?bUh5va7ddMsR|@mm$%MsBbI#O{nd(8%R!D8$O5ZzFwa<7EQk5*OzFu0#r`xafhy-o6zj{0Jk^F?pC`j&$Yv=IBc-q0< zD2lt^5#=K5vQlJNb6-|8$@*lV(MYOa{tXWa&BsWwN}7oB8Mn=m@Hu^$tK`937L~E` zvHD@3t*okA>x&y_D9m91&pZl^p#hU67TyUhzz(z7OT6ra9zA}J`QAuCV*dO zRhi(>NDwLMdXOS!E8Y}rg0!#Oqp<{%ibkB@Zr?TnG6*Zqc6No6ZK^v9UExepYvs7M zyH30!g7(=X>8!r>xYO>(cgS#ti!~#?Q+%tDfKs_u4q+5lplcNa_W5qMBeS3N%7V6T zkGRKSP4YQ7S7;x3??rnsEH8-h1v7XYr^C0OL11w5?KEls$Ei zC!%}5ip@ia^{SLd`QTTr}$|Z9BB~xIs)*Nfd#dteCQ3FnPg*saSWvF9}rS zn(3tW!`tuPSf?Kakmofnx?4!t?nfwQ%}t{{|C3UgNb1PS$7BvVm(K9V1>gdu`_g!% zGAW++Lj_vmkN0Z#7}Yr!qx>TwcwrnG3|;LM@U_aXZClBtUCP|Tl%7|`FY%oQmzuVz z>snYjx@&D55Y29g9XM&!9g_){_Ne+t+U_e2zHWgUJ8iA@0+P`hU_!vp}8sxcjEsC%-+nsK$_oFA&phZlEoKqVI(sfVvugX$yEW0)k z6G5tJYDpAf7B>=S_II94%|}Mw5cwo%{q=z!Y{Pr;HA6hH1;pSb9x2m_f_;c{Towt7;{CD>XioV2`^H5Ze|1-?7ycx+{^6g}vhp8^ zPKZ%c473A>zH!T7WM0vFc68<9C;V}|CqO})Q`9HVJuH#IuH;0WEtTRblj6#xrQ`yO z7!#5YXpZy2_%zghwYPJVdL#N0IDs-ftOBraUalK4931ikz0TFcRjYNSmeEA2w`!=u z5l29J&_Gr0;Nv3!5w?e2&h5jqHbd2qGAZ30G6`{{$F&9F?!|D4waGdiKKtSOeD;&~ zUog@HlRF9oYFkNIf&6*((vkQzbff*~w}sZ<*84V)z2_Q@Vvhz#5!BR%Whtao(;VaWumq8#YQ{JnN!qk$xq0G2b(=dy6$)M2>=nphLVvFtk z$V$7a!2-TIb;&spy+=@BAmY1a#z@j~g~wV&LslLUL+urBmFlB@*%QCkH{Hg$+pw9!g$A8Xg&w?e}jbvjdGjQkEWiZ`*x5wukO{0PQf5wk|h@ zt^13*ftR6IAe;;|Z=X6pCtnj;4;f!7NfGk@$WsWhJ@4&FYTfUYnh|oudeGvMgL1Mrb&OoJ-zXYF6zXt$!E$ddjGyj-8ZDA3<4%!>FOTeVHgMCb>?yVjz6pmr zII6Pr0@d>Yu+yFmwW0Vz{&;KykCAOA^N$_Ic=*luhS%g@QR?r0B?K#DuCBn27Q4a? zai#}14j@Q~jDC?_MiT)qxaoXd>Xp-(RcvbD3Qv)Wq+EWri?iOhN=dmzDqBV)af7a+ zb(ji3CZMLa4rDs^*lr(|tnJ8U811)XDRlAJ}jS{u)kYjbW(wBH)=w#?44p|-P zXUantI7+Vd`>EVmyXz(om#a5fRA5nI7$D?nauKFRa1}YxxQ2HBJ0Zb8V8xW@;@7z{ zGb|zf6r$yepBOadq#lhF@EpaNy3Tx+DAP-XK5dp;1RUR5_69vRvD^;Af_Ajwq@i>UXQ zbaprZ;_;VF)X;|BB+2^#Mtw|AQsGNf7CR}>O=mXri6To9eDOT{R=KuY`Y0T^AYJ1S z+^eP|4`(@2UU8Wp9_8q&aYC=^pp-W#fTlD9X9H6IPxs2xT^5EAg>$#*i6D!$xFqC&Ht*-7B_%yDNhuhZJrLT;$hB1bY^$QHspGLe$-6y(H6qf{0az9qPgc0tm`-qcLbAg$Ot@pH17^83!gsUwoeQ@JN6WgKIV8UX=(P|(Vx5wZofxLaiz2KcnctU`-| zt0b~{3-x8JyAopD=ffC0t`J%y%%OYraP2__Ql2O5~Uxpq(dBQfB4KvM|JyBE?SG23W zqaXhO!_d6>wy_3uAo{Guwh~@H#aX0LyStCoWg0s144RTwDrfy18((JL)##H|RHr_L zIrX6xO$AFfmKih+12zS|Bj@RKK|I6nyrrFnhpBiO{utX~IA_C_ERt>j`h%<=QvI@v`eO58L{W8@X4nKDvX}tB8Qnx^*sqy?H1+%EVKc{ zd1d)4Fpr%Dp)Uc{6I>F$O!^zy8VU2WW?d&^?AfBJ!*!#gk&l8W6hr|uGQi7}ej18! zi3U<$zPnl}2W}`Cv2B~zZY|VIpR+P*$eUk=9%BLC=I=1C17@g>t7JbW^$9^Y&}Dk% z90~_Tg<;(mh$y*ywheGOE!)n%9V4i^0guq3z#j>f9=Z?!FfaE2Upje=k{m#c}N`HGq?vlf+1aqxH1?02S5X06}o5-uOzGBWE`SIGasr`qCH;;zD5pAz@ zMBGan$y4MNDc%Zmq*T;WOJmFw5T5!)fw=Bn>HZA==n0$9u~PPVhOH3*l?y>Avnaix zLfxqfqltav)}XZCQ~Ptw{^Y&9m>X5@>vt;3Nx@17c}bZDO& zDB1Ku-;T$@Po+Yw-F7Fv_Cp$nWuLyGA^QX>N-nqc3Zw_82Ki9dUf?lQ{a$?BESa** zI9m~ZVS)5SRsA9cplN7ZbzT`wNJ!x6`6w0xj>jZIG-Sk(NbYF+a34Xzm>Q zDxIku9&!O(Zt4XDU~5OiRZ}YvzWx#NJl0_k&jL|V^zmXz#)2nr$dl2IP`ZJG@2{_e zuSd6sn5k2t+;}qsZ*y|0KQxb6k}gP@*Xx{};*Xf^pGB-FrwAX10_~gCR5UcLtE(wC zbx}296+V*0!5193P5Vtp(1~(Z8e%NLl~pxFk43HCTd0uSz79YpIfq;u!gp^Mq1V1N zolj#mSCTs2uBU;Ir}pJ@a7;hVd#Z8UTr!wNKrTn*wd$Q;{JTjOp%yZjUCpn1zvvd5 zq+w?waM2}97CRe8^imLRl^uhJ$0;6Dc8Tu=)X%Kgv-N1NZN-K8((8B(qF6+b0$8yM6m|wWc zi}{$fwQ!4`Q~CY%NuAR$lZbx`=R56lKpSFIiRt?5@+FMiA$YM}G?MypV*5T&p_G>X znWOX5g>wvC2nwNHEw%FLJJM85ek$B9U&~-2x@`a!>z#6h-Wll-YfzKxQmuaOi)*az z-31JzF*=Q7qYa9z)e_c?E10hJlcUFDPKQq(+vaZLh4qO-IA$-B#>(B|VjhtF_}GI$ zWcN-M)2UH^fL6JQp8;ooU*}Z>SKeChjl~b@kQ-Az1m_vzB`nsf50!r0G5KqQ083J5 zxx?OP7&pGiM={$QtU)Mq&GCQQ#$h!6(;3zVpE(Cho2iFIti<)(%bDEXnOA>k~LCn1M!@udOOSsk0u}v~f$3#^7mLU&H3Ji3};o-6nFb z#eIg}Pa*7d3Pj8q%yr@6X=dM@V3+s`pQ2#WnFZc!vEONJ%~t$zt|MYcvx!Xi#ESq* zsP&iF?}KvDP7QVJKG*uiu*NBO1{y4P@<}0(x)iU|ujNxVW(4Ff{a-2Vr*u~K_eLfZ zjW%aQNG~?FIul(Gi6YW?KR?HCWg@Ouv!#0&&iOMEZ|oXC#bzTxqMbpieLc1RWZCWo z5HhV1#S6K7yej2dZI!`6nfryfWdYmyYtMGR+?& zC4Y6I>c*);-?g$lWjKTWgxi|El!H7}s*l`!@sfCHfRU~;ZZl~}={)_grE{p#gO%S- zAJ3y-7`Xk5@dy-nQDoPA$a%QT$)f9}ma3NIhvG1t=L%hX!y^0Gi$-_44*;{qlulua zC9TVfF?QiSWF^bgS70vH#VQ!e+i$1jLQHcYPtwcJ@69$(HbS5b}Ej zemXh5&hCfufC}-aCuV`yu(LzQ83jccLSz-pr}#ua1=QRdZ&wD;eIc9{!n=kkDxp=O zKTQ-5zf;RETw(sRQN@8a^*M&~7x&}Hbc}DF^~Q>$67?%IbwzL2CMI63IY{0zhpb-J z13=g|leGmOuig&+4Wv89_GQCp%vlUV^5gyh`i%WWq2A?bu!%}NO}^W`RO=PPqn=T( zcxYdZ2tQ*spW)@BWBaF_<1dGVNU50-57ou7J!lK{dwI6K$tT-!{NBpGGDm`+2R&Ve zYBgzh-`R&I00oTvVlvz#Mmn=Qqj_Gzd~Z12FWchy?q0q`7qHGHFj%2lHGHgfv%i_f zH>p3o3Dl-hS6Q=hOdk<#AQxjAg4Uhz{V)0jlKO(W?OHA~4V0>d0F3=TCTs!RE^=Zb z=mo$<6fe29mbq-g`ft+mpE&pYok<`mYDY+k#O zYUEr{J?TMk+WASoeQ2GfmqZ0GtZ zm^zJ1u8z3>Gvc=#(>fdd-3cxR-0nb%nZa9?n=FZpGH~s=h;&DYj*k>(yb=_Zc7DBV z5Omx*df#Q*4Qalu1;3>Koz$xOT@%18lFreEMJVL&Im65XZ%&+Y$l|)L$TBT!m7i0V`jGxeh;i#x&qLK z)v|rQ_``e%X#t`(2ik?7;VJ-M#vOkfLd#6y#I&|JQ9RPM_M+>gyq|+auns}4?;-$3 zkNGp>_-51JR*3-n=&6+OBpVdB9JT&^bYnEB&?j&>rLgv7|9B9L8JdruDnecO9W&rv zB|!1sKuUgOd3{$65Sg*twbJ}#lz|=q9|DzqtD87)H;ayro1j-Dv`W6a$N!+TD_@te z1|r`ll0r=YTGE7EAm&{wnn5Ib>(zy>9eymgP-nnMK^7F&xUYq4k2O)ryrceehXF8S zdKzGfg8V--|N9c#S=X-bU0i8tE7=gjhXj+^Tl zIEd5`KeLI^#v`@O0jL}Mp(l4LE83&sq|2=m0cvjxixPM=CnSb?H{tYgBPPWE{)@l9 z{L|DKFW?k9CF9@QFo8%1u-6M=W9NUgG=M}u(eURdx8yk>w@oSO7jYg6MfFT^KoiSY zP5ty}5eU{jMTX-^0?}|P>W;vtyw0(_x4rh&!X`0UI6vP=lh$-)H9C4Y-tW@3z?<;_ z^`QD?hUbT$d}n^fiYUxA{4;NipM1p?2*9d_?U@!6YJ{$o6Nrj@5VUmk$C^#?odpLf zGG#)kGvN|+Lk<9kk&u;&2>rtE7&3o3_Z67`_xnGxj|%YshBkgL%k_7A@rn6d7~@bB z(hI}^uN9A5x7~@7TojcGdA{&b!NcpT@ojIc&0`m~+DA_>icB;?9>QY)Lf+0_gr5b4 zzfUvUipnYl0DSFkRm{ITOrHr#7QrIdlktEbxmV>S0RzF4^zrAD4e&hSYap{VYCLwg zuu@l)VY>y z?{rLtu>Y{BXG6dCjs}k@Nraz&H1z&)2^BSUR@MXVJ3q!_Tr_9w$-oMJKvji*MAgMM z|IvL44|~oysmmyPXMSg1uhg-20Hu2_k{<2;Ghvf_sy+z-2)LW`fN7130if1yAX561kEl57NPxv z8EK~iBwAvb{mZ4XmAPkh(8&#$xo`a$FOtcWK5v))(5~@>(w~9j7nFdw4#2DpAd1E^ zMov-KwZow)`M_*OR%|DbEkt}vX+jTtI5%KLa#^j}fX zuk(1WGTj|tRtl6S#wzmUfr4dheA2@oO~*f^%ujxV9Klz`iIv{P0sA z<=4eL)7$_37uyZsdIk#KkssrnAEx@h)3~!LlK=JGe|{<8_JNv#e*W7(H|9T@ zRsgW0gg?{t{@>|u;>PMIC8R>mL8nD6I68j0*G_PqEdcWvpZYy!Q`g?PVT79evK}A7 zqbF3FPw??036!WN1BYYestt{=eYzG$Coiu+NLW*?;1{62-T}+AIL<=PH{3>b*LQeh z;OcHV+B(`$4ExT}r4u!ZYw~`-;GM%Ky!?lM$ZO)`i+HAI@&4yW{`0p}1Av7hqEh}( zFaOWq^!vp>nUD~&tE6V|ABXl|zAaCLhZlB*E95^+>c4yw_?HaDWyIo}*vh{(>MQ5Y zF|a?R`X8(M#{=-Zfe7E_;0LQ>Wy=v$c^f{=PJrv zE(-rmDE@f(gqL*uKe}{?8QM?zQ2wDX{fF=UCVAY~0akw^WuM&wfV>dN_w zYyORaKT!ZKgt!uN{C5T&RN?2>TI`FpOa33T`=i->I#UpKs=YgZW6+nZ0T~CM98OCA z4b^;jrXcsZmS6piLDP)@G7dl9s`L0eLUyJgF%O3>{*6Hk%NsQZI?ucZp+v%nHK|EqiWWAXX_iu^y8_XpwsNs$*p{v#tJ4-E{Euvd#o zf4sndxT6mV0M*joynHMf7|7ezY}6-9&Fl$&^Z~Xyzd4W_1F$^RHo790_9{e0!DX!! z;Jp4G@My^_e2TJ)&>);)a!GVpf2{O{EktjaA+|`L@hKaoqF_ZqZbzFZ(1X;;-?4`j zJn*5ll=v-;49oYpFd#Irib|n%adAoe{P||+)iJ6whK^O${Y(B&%dDZU)}-UpH3(ucUB2k zY+_fv8+q~ACo42O!_|jIXGFrPZ4#cQRk>cfb*<8UW_}pF)n(nBD_ZbMf<%$>ldOO1 z@wkBLcKbsub1Pn6Uhw+Fk(m`WdaBrTR_=%W1|YJyB^o*Asl3#p;feAXW|4DOH81{*mBI-SFR{I9KI_-(5|1XfWG zQHNUz!9C(Eqoaj}f5lDGIRitu1I3p~kT<+N8>I)`7*l>Vbi9~k{K$pJvL!}1+2fIf z={wmgK}-tgwA#c27qV+hg@Jw{V~C}maiuYV|2lEYyVjOBl=+$cMgnVpD7}AZX8d!h z0TVW^S~k-{Q+bOdrDi7r5MzWcCQZy^X+P12j2IByhMAsA3LT{}*6>08eB!*3aB@bOAMpZ}RBRWbu$GRDf@mUH~!_Wxie|K)j~ zya9ry80puA*;_qc8<)s$84qcf<>sS&CJr~Vbk>AFIVBumLpHa!D}Eh8F0ciR&6$E> zW;rlO|IT&aF~VJKlP=yW!UVh8d!RZ;nLqxWfBoRU|6%eF2qP{8HlSZIJ0Ue@0%LeQ zeZka*g04zh)$TC(1s9G8+2JcA`9|WOoCGBN({2g4cxyrIa(TQ+oY1`_yu4jqBYD>l zO#T4YFu-xP)ivj{*k1??{BtP*g{W11?5V&~e-wnMwS!!^WMysD+(+(Vy~N0vI-o}q z8+g4_TwWpQI-*A2)W`ONpvUu1HwW{xve*G=3rxM>*||wdIyv8+%P^b2^2=#l4@L39 z8bEICsmGHpZ9T6feRW>JaO9(I!IsXfkFjrYQD}1n03aU7o2-Xr+DUWIHKA9 zyv%h1AzV59Qm|husPVV}QR~@rfhF)bn*u!4LX_sw#oPSe=YU9Kw$%=iT|@vEOxFjFJDeTBFl+BanvdO2W@b_B@ z0psHzqt>X%l7HK4u7l_Lzp5F=sqiK}V4!rim`SM>GBxneX?(JdbIc zL+J-eT;NB5&z6w$Ie74=O-E28ptcy{tH8yxAm+-``RQKS+QBIYhi^O8nn6Je{Yj!L zk0u>RAlUuFwr2Lx$;2|+Q@cB5Lz5DS} z4jegkyinZ6T(r1bd;f_m4WfFZ5f;2+e`x#d#!=nAB8w*!!ccO$;deh&<_QJ}yK*&q z>;Jqn_U8hQC`z&yV=h64A{gkWeAf6$+!_ljM9Zb?xNg;-^g3(=%5lGsK-r=lHgBWI zL|x`V&3q#3-%YCVMYj2ORik{|P~7#Vs5N*fZ(C69_{U-(EA22UM-#+i>}Bt6IoA1P zt>NMtm8|=>LV~6lDul#Bl2?#;qj^GeLmNO3TEeCD3JtRIs=+DRe-o`oe@T)or~ed< z-2p7srzu?!qq#aWy_F;lZSOx7k^~(i-40afE3T;6qo?%bGpc;-R!4~-HmjQ7PX2Vt z$Un>gP`=mFsMAZ3IilEJgUfc(>zT#bC!j`X&rQxC+bL|2ceF7Rd7NMC7W#zmmf`LT zt8%0mW%CltB>&Lpu$>8w4scDx%Y=dL>e^OK*ycXsUHv9=)jDuTReAm;a_N0T_x-Q2 zy97sXOjQGQY@}|AMA+QLv_lQ*os~cA&83$^kZfF01-g+HdNrQ5he%e2VH+t(}&gB6HR+neME9c zdncAIK-*5f`{ow9c}ecbY23Vzi6fYwJuj5XK5sOi6smbCSuZiaHnQ6uYo0N1TLWk? zs7W>AOYblwx#+A<8RWfMZKp8OAzJ)WUZp&0ryNh`@sJ& zBe}aH34W~~MLR4Grz-m<7ZM^!ki8I+3-eu7AEa-pC)H}}R@&%&I9W6W8*d-Xw7i*x zyCQoCXT?#Qeafz&f_v?2Gr=rG03Grrp6D3KY)z!(YWW};csO@>=G(01gM^0ffTz=X zAbY)zt=nUDtJr;uB(TE6f$YFwWBsgQsO09--i%pue zI(%*s^4D)Z1I{t(%M=?HsbY9x{!wCNe?EFbumC62leBSiA2I;>``~1Y(U)=k_JQ1B z-G^dK;mouXY!EHQ05}M!?B27(Zs_UtigBCW*PE|2VS+^J@1Y(iFY`8t#QVI3Y@wYO z_sNP-wt2hNd48?hP*1iqyT_i=(T3XY+^ih6A5B}&_DUwCJw>4gN;OYbtegG4oV~{+ zFVM((?As3E&0KEO6g@Nf)SAW>1))hsKug*sNI&@}jPFn!%2|4ksrg&~FE4>3R?6 z0PrwA>$uH!--}nR_nL0EF)>t*JyX}+oEUIuK7gi(-F7ZonyG$1@qLZb;zZJjlr7xx zYaB}N(=x19Ep~#*8FBMS}CCFEsMey!PsU(+4Wq&xZ2E~ z92Djw+r;33wjFWO{-(+DVK!poi7&S1-nG;$nayE%VVBs3hWza3oMf^b-x(gul#8n{ zdx_P_dFek+~`ymZE z2PZf}lli1%v!bZ#frP!Nh#hwC=v=A4UV|FWuI2!2$vrrg`FBzFN}k7eCCQg`sz@Th0{)ZMTKf_HF4XY zm+15o#>&tEJN(rWXP%UYd(}yu+vF*yY#e# z-FT!A$*Wf>bj#DyLtn&hFcPf3^Ln?s%&*mc!}FHmi%Fj&J245_naLuuiyOBK9x}e` zzVjOwz!YGFv21=0%U{LgE-AF&J-a-gH7EQ1X@{T6DnE%p%PbGf)&07|)*|+6N21-E zuVz(ru@d`6UV$G!?rA)0zg~DQ%J!(n!VH8t!~-ADQ!4ldM(6V(+fu)dwJ|eP-hI0K z31Eub*SYH3agKqXAH*b!gC~&WmA2fbs*2zV^%f&?4ux>BM71wWv0z%C&&Sb6t7h}m zykCZ8vFnvQU&lVyZs1!f@@st$oQFtgDhoKYtX|~!%)Bq24M)=Eez&3*l;3KJb|Nu5 zdZi&gnR(fL(Ndn(m{DgM$g(^}dQF}5ZuYv>XDJS^RiUW)8s|8fI=49i06TB~cqBPQ zS`uBd8D{S*juM$ewuV#_w^@RuvlJ6fB`6S!t#tq*^L#>q;Tx$BMhS-VXM z0nVN2A5lV1GW2#L4tL71aLfIA!CMqJJ)*tHgkpnrN^{~_>bzD*VyQgbi+ud%)l&4X zfNOO2=CoW2iCpbzW3xAIt=I?-qXef8ortnvmXk zqp)ZevBnuVC|3#^=ktA=7wo-PYB0D%ezjK39n~a7yZrqQ`#A=^;FPLbuVI5u7wx8dJOD^fQweSLrxH>0^SP@ii_?oy9dkv(cCZ(qRa>-(JhG zc~ZR)Bw(q2H2jQ)*HgBo=)UcdUn@Q8@Wq&&X*;;(b>*~{Z&v6F9!N{Lxs9-l_i6@? zIr~Ao`E)=6$rii7PyY zZRW@o;db=BZFPWGJxKWYu^D>R>G?O?(WJrD))?Hz$IUjm3Lj?E6HVxgN1qA`!h*q5 zSb~{yejgc`aMX9JYnY9LS`oAOD1NPOy@q>5~uSqm4Ti{_J5PfrB%9Z-_SwItcf?ST&l7kg8dITds^J<~g zxbXvCzM|M2e=>(~$(4O{b~L2Noy2Wcsg6H|9FB035ld+x z>vhcM&oLZrKgN4!ZI{60yN|p$Ac#8rXxl8fF(E9oZY$5q67@mE&iQc4F*qwv{JD6A z&DUjzT|F3I06RA|!hIpoY$iViMb8X6d?q=BAs=I}$GxjGQM&Y{<(m40F%0>1<~{jp z60-%$yw4ypU!uRVwsj#P?2_EE4U+i0n_RtsH#$UW!2IHRiOcJmSgh+HDw(k79@n$+ zxt@U-!O~j)vm?OkgJ{(DOoZ-1`~gf%kK*}B)U~|m7`q43xK@R0^JtLAXlg+^1zHBk zWIWT2g9Vbc{hG?KPwD|QN4PtS5fKpR}qu#Tq5>{8sh&Vj;um~zKZKbO9U1TY1 zjz`Ie%S8A`ko3w)$r#76Wyo%qm=do&d-!~LXs=ITB;{ywr&*3UIi_+6a8;R_EVRZI zZ9K%LXB_C>+j6qn5^|V);pP^i*})yu$tn3v2=2(t6MH%mS2U=$^R! z=`)$%7e8Vk4d6rqamG$ey7gy)_q9he12HL%p5LBrg!7lX*-Y+@IS@j;*K(?YFlgz7 zXNgV|Y2XCj5!l>h1>%_I=vu2XC+v2MgVKa-WWe=g&8P2P^T->XX1O`L>&cB2*&5MK zc^waL38*JkTOOXivA-MP#fYdjTZo>ysDp~$r+_mH?mntN*%gP9kDku=msgA9g)wD^ zlNfM1g&~(K3a$qUo6FSrW(B%$Sg?WP96N~V9qTrApd^Co6jeKNd#%OVrNk;*`)ghH znop@bxOp2_N$g1y!k8(x!O^-~GvezsWS+z2&hug4S9Z|nsS(xND;s1k6)SLBM>1$5 z)J|ff6P7)AwA{8&Ui8iNL~Up6D%5vSai&wQlHix)?f9fM!1<$vsdFS0OjB5g$Z;gdO-CXcOFOuxYeKVg3(ECxAJ=< zH!@%m1R}=0*O`m(5&895!hm z1Q@LQ2*teN5ow8G0Q?X!r2cR_WOHj{;+^Y3=Nd;)k+(B0%BXFa^*i?!$G6wRA9dtj zZXksidY<^qjJnCj?z^;dl3kM0w8q3855C;DKf0`H57?B(kO)(W*#uQ)y6^Yt#$2%; zFcK2lhQ#DpV$qh66x8;9NH1y-WkuSWR z7`)xrdJTdmEz~Eju?b$r3!}UC=1$c2wKnky7Q1TG2ab+oJA-nypl_yi_smu>b?JG2 zDp#Q+`D4`aDzd4L-JDW|RFNzu!E+l0TM1PK&j*vJMfOn}doz@(K5QsuPwbw3BK?_{ z@We)|;e>}qM}uLfF6M_#&{F|k%;-Tq50NOg>%!=~;#C<^$ehkfyPNm$@Mw^Ap)ICv znj{6M{@OpJI%#`su(_;{_kKj#<$In{7}uo;91r$r1eVDTI4o8`#x1<-Y|Y*o?p#LK zW9;ezM(aKM1nefhd27R%NFck61>t`osepHuaa09N+M#9L3_OLfE7?<$*BjHvPr}M+ zbNIryjYm?B5jdiBL2)M4$9)my@oRNHhu>iJ=}zy3DzeToI4!^~%erm#EKvuq-sZiE zTi1!JKRz?!>+X;{`m{QT*F2WHVyRn6JnMvK7J6;vVuuyA*8Tjaj%TR{VH`TVTm#r* zN6~jBYk8(E4*(xd?Kw&M5ruX9 zwsD{%)1yw&nGi;nTLBLSF4Wiy9=_Pd?2{#gTHSh2W-dP)iaS*UPVBbO3nY}wbJJxk z6P)#Sqc@Yv7g4#t=2hEK-5z$#eG3qD@)Ku5AOu>uiNo1E>T)6)4F{%Ac=zE^7Mc5##rr*x_)wZ*)O+0Q6|-s~OU@>KPCxuKVo9Z-%8z z#zu92d!c@~E*N~4N-b3q>~@?4F>9>IVY4TjuX{bvj8G#Gc~(8Gh^po&K!KO5Hvo#BU>N{C<)%6CPP|#26rWUFJw6kklWqw`oDe}t&=XX z2FC<7xF${j7H%8KcFFOc7hO7F#=ZTXz3Nq?n$saXI$GKwW@Qk+gm1W?0HZa8x$NGt zM6jZ?%e@aflxO;n-oj5JWEcTMFDp`vCX0s0g@3C;)N|s6RX@9Lc$*zop!S#@ciLmE zcvU#)QQ_gX6v^nHu%E&@=$A4)nmCq9-CEm7 zq-3@OrOgef@eziFG5XT86BgO&=UjQl4r_K zsXL9dAP@b|X2C9v~4`wMgJ=|n;<4L1X=n5I0sdj?W8tYdI72rD1D27%M z@vJsLeM`P)lGqVz%APzP=V)AH0Uh?)1IH@raEaO4a!8J4La@Eh_tf3P5m+Ay`gD7J zSAylsU6Lq!7;Z%l{&lo_BK5QvdW#Tsk|H&@eZXArbU2+>_dJej|43Wx!j06eK{jtk zTdz;^jA!SKNpl4--`2IlQb()Of%ZfK{>=HW*TZ!|TJPiIMGuZPzp9;nsEj~uR~iwB zBzu*xdvC9zGDlm{TcDf<)}eWY+k&?!6@?vFEahhlpYKHpM{BEp->+dyE$O>f7#{f` zy}RnSdUVTp+Ft(tw0v;0Y~m9|`PnRXwPqqtU$KU_OqD1x@1^oSTL)Db=7go08aGH2 zw6fvX%3p-lu09PyWjjeMEJg&6!WwxYF&b7&195OiPHzq=Ui!+{{^=hlSl&^0^u1!i z9m1N8+)&ZRZijVKK;=Nk08xZ^^tWPfpuqON?%)-vlKkuukN|V@U0E$&{hTxSCOlC< zw*E+!HXvxB7dL;pJ~0eLTS`DiIfc@9d!-VZCY#K1cIIO=7S4dHVcy0S5}u`Nnmb7` zuoqSmOASR~J%a_nb-z*88>FxX%vQOEApvV)P$X)5w80w3)J$PNE>n;UR9{~6Xg)_~ z~!`W;#;vVby&i>#|^_nC{%4FM`P+%q8Aptv{e)}eE)QN8oPPe zOgl&|^!+~lSmleoaUeD@1QCw3yi=~c^7VX#9BpINVGD2JwJSPTI_#|tMgtF$eO=NP zhsYcFRvUI=myU8XQ5)<{AL^o0l_xwI5beQol~++$dvC873*2xk;?XG}%`rM|D}FZo zv3L#0D$Uw^nAI|ckmbP-%s`Rj5zRchs*r zNG&*Up`*%1H1yD$4>LwR)4_=jdPB*t%X)#D5C%Jguy1yjj1| zz*tE27-IPUVh(^hKue^XHwdX#xiV6CRwKE@FMHZojIB{-;&9olK@m~9qAC>i>@|bb zgXo5PK$`q;xxOQJX+Uqdxd$+td?nnieB!pkGci$5WMD#4lojL`h8!(}7z?g#8 zAXu*_cMG*hX+aKfmxht-drCzH+-cBcGfjec&Z+p+PM-rV(PD7jly2VZo*!$~;T z*m~PPQrrw(;r%Q#p%S_k_#$@oOR<}%I9$2|&R$}5y10u^Dlj%S)}aS@(!vRvv+pLK zQBfh92yOZbUg+M#E13lDGEo%~3mS{)y@{_}+F=g-{N$UIQ^T~==~uwH0*S6T%k#}d zjyWk9#+!Z(pPmY4QnGlOMvKdt$ zuI`_VTY|eomwv4}5=f1JT>d}oy=7Qe=^8IAh)61kbV_%3BPHD+jdXXX zfP}PkcXxMpcY}0ycf1QH_8wMEH80n zA?|1vuNraHRTLWvrQq7ZJ%4NA6#&$Yha$X>&Xc|)9XOrEywb7I2}1GnRaS{u4TpXl zPT^$x$`eiWrfzErfKVzatMz1ulqh=l8IDzZMNLH%~eeCqpUx(%S`zMlEQ^1W9Fikk%P0bPvI zLr+;<;L>PVx9V#N168D9U!v;?CdTUG2AqYyr<{(@1VeAdz6d}r^)nTbe_a`dfT;xf zS~R%aO@q|Ge(sz&v{(N)R_g2tzYE~FG$IM8II$$8OiV|O=<=z=l*&d^Pg@rf6mgKi zt+xuJ)w|1H%e8aZ-*Mg+Kh?Mj=K@|IPTTpMW!!5{K^Ha>0Xemva^@xvfyo1G338~Y z#Vd^-SFLGHpPbdwOfMG|*wx@3Vfe@Mx|dL7y6qE0uV%HBN)0>1&D&9@GE7!;F^C#2 zE4+4BT284bfFkfiqq&_W*9;Obh+yM+L=P!u8m|fut|_)#A6eU+T9fKz`rbp89S0I+ z%|T=NLv`CFl+OV}gYldt;!wl%n+GG~)-Q@M}xIevX zz4tW1^&VZ%nD`+1KXKqJTH#dagEwfMe|3e$?J<0F=E+5<$^rBoAftDB5 zO4NSv2%r^sPyYe`h)E5?3G6I#f4<(MCREchW~y2AwJ<=CjgL zZdZ*e*LR^rejQ37fsAN(2nO>0A=zhF*AKtdCDBg#F@tXD;zvFuld^uzQ(&*!x|UQ> zKqd@WWdE)(ayFWy0xSpgVLPa1x-m-_D61lo2;z#rU<(MI%|e% zu4aYfq5sFG=4K5@AZ5}A1muT;=FBhYZxrMY!NBE{foxHKG&`+zq(KaW(M7X(ul_r5 zGSi0rAoDS?sxNN0RhM2I>gT<$NU10k-*Dd6P+i)ue|wbx(+rr3XE^BpL*%f<1Vj$D zN`U*g4aj)P3=|bDK*EGKj~|Pr)a2atVzybF2e_9W8pprHz7xDUm|3Kvci2^4cxyXn zvnd&uA9>0xZFh@lmqDi04(@|xDS6cmk4;`)kO{;vhK^_(|HI70nJh4Ipeo9pmW7>= zSb;pe6%#cHmMisV&(!!Ay53Qk4;^v}>Ij837gGsA6>S%D-dc~V2%qMwOA;#4^MOU< zEul=5|K1G(eTP7}EW4u1xWUP3e+v855d6-;A7}?&-t?)rk=*1oYAL1Wy9S>aSOTN{ zvz0XrF?@O`mZ6R>C)NF}{Z@)kTffuc>&wMQZu^TGeyZz&fJi#gARFGa9jatZPk z+325Bx->a)z-`t2&bUHjLHQwK5juTDKukk|ICT4U0%Cu4mm*dQrd_ zS^sRfy(Ea2iWJ~~{i1T-(!Y2+Gw$q&bl~4-pFlt-o@QV$hf?|!?{>bjEF%XG?3Ai9 zFkb!HUMZvetM{Guj z(RT|GJ+a)%gZU{;j7kg!N6F18pg}zP@vgVH(&l^eVA~RyckCZ**efqc{O#p;c6M5U z8w=j^^18e(8jt_?u|19?CIHnYjxlN({IS`s&8qjeUwk)IrU<-cEcE1E6{sh=vSj1 z_SAd69D}Ujl>%?kqiZ6evGixB@5@R@0Yx-KjH@Sf%@CldrPL%e;}7mETD)I9=*m&>F`qkSP=~ktpCtx84e^7bBre#pml%XO`r< zoB#HB-{pYgRi@W*W}JmS3Woo_PY?nwoAZeiPK4iMrBsAgM+LDU3U+giD12wvbmr1* z=Noq92Z;p&$qdL{9mGCXWL8x7vH4^EOX55!96Jich~;DMxQ(oZ7NNE z$>^K%t|*v5wBFw5s0rd$|C1$kB|lj5{cUz$9(0`XXuPw@8-ZY~iGe(Nyno+>3L)DB zn5J{CG)g@bPc%D@TUq-pFaA#trBQ7ndGZ&xy=WF00Rw1)UkU`6d{n!FUONFL>25GO zKOW`KWP!fi$ztb;*<#$8u3~`*3Q=ixolUSC{y#j9@nS2gj)AN-u4LFCiDW@hG7 zV+aa^p>`?uOb=r2zi-+F0p*ne8r1YTnaci`w(dW=taCpAvge28o%6>x{@;`T&j$4W zQTyLl_J72r|4+jHy&?Qzp8lVN{r^b9l65zp2N&g~UPnXyk8J({6g9emFb$?gP`CAe zz>R-Ah`R!E9OJ%6YYdTowy}aLQz}ff?4J6dROXfu>D9z85N#@(xOMjXa94q$q3zU8 zh^M`y47r_AawgiHtdPsRy;z;p=1MI|sm=k$*#2twfpI_Wrp2w@HP+oMSyl47B@gHu z*8JUHV`~?rY?h7b)hV4%0n^I2b!q6f@r~r9v62lVUzX7`a*8fBZ-I+hBV;{459uKsKN10Qqh+&Iy{xR+u>UNpe@Vo$XqxpgC%%!s_0;Vevq2c!23kN+7~PLPJ&i>FbY z?&b#PH`-%&u^-l--q4mC{p}_GBrYO+Hp_B*SSS;>QRrpZsy|RWvguL0by$YI@(aj7 z0CjnjooA#>g4d^`oxo!Dm^SySHBAo-7FJ%P=Yf3YGL8Eyw}5N;l{C){9y3xUc9D^Z z*sCe8%uM*}%)eLN<%mLF5Z=(16y9|2_+QRMZ^m1R+v@*%6cL5qJr;rMJcd37UL9ut zNYkznC$IaW$0$8PPH$juPVMdHFq4n<1Sod(xf{1ja_t?r;5tf<0oMVQlLa)%-&DrwQ%l-1#Q!Q-fODO|54opIE3(?jPs%T}PYOisdqGbN>-4h- z{^5o-s9zXzo^PWJcgyz^#|qyB>ECSx9#JkrAS>o<0UT_s+-lphW`>4Pf!WMzvY2uWfnpCntXUz>Nr{o$|F&v_J*BV|~VDp zAIf2aU3hu#kE*5Ygm9qN-lLju=}eVrQ^9MSXnxRAH9CnPGFDoghW|sQ|9I(S zKQO4Ksjby`;qx%6-N9o;y@ZJ_#p+)Ncf)q>u@XslGgp-Qr8ds1oJdGbc1f@bDv1es zW(eKvewWUSXE}L!Vw`%I3g$h7{+GM=v$J`JTh!B>pvW@_#YB?$A<%m5u|Tf{N^5s) z6?T#GR4k((6;?YHNFYr2&+8Vl3EiFbQ>ji#CnOs4>$*VETpXYZ34VpHNeLuRx5GH= z3JHbYXg`LfX^Ez38K)f~8Caa)unp-(Bp@G7R6)M2)81_B&f)+FhBZJilTbUe32 z%r2KZ*4w?ZGTonf{|BjoF1P((%vcy1-B`8&vHxil+u!gvOf5H3PPO_@g5+-`Grx=wJxL@X^zk1baoZ#4N16D;Tyjn&!|46YLN{hvHb-VQ zQ=W|0RsGp+Qk-|^P0Jly`!pDYH6ff^G?Ix|=tb?Gj>pGDETZ-8lFtI);$?o4<76eU z(nUR4P0kLN^&vL4!JX0uU@1nT_b>MrxHm$L$DhRv74$76QCUYea-cQoFkIZY}s<31i?+35sUIWjgoJ7(j)fy=k!+3r4T0 zGzx{rdxM~H@>f;VNJHobg^#E%k#kKlQAVO1tS1E<3&$klE@X@)v;;uO3`6H z$>n0kB_{I!;{L9~Wyb8@PYKemMErVba zvrs|>#HN%(XDwgr@hPH|0FZe!v@ew4A#;*o5HR7~Cm!6cWbqvUjbyE1^wX&@@lBL~ z+3&x0phVx|5U-X-F1*Q(amhfug-X`<_4NP*6nOV~64`4NqA0#ZHPG zirgaT`wX-ZtQI2Yrl;9UB?asf%{-g=FRu0hL^e#}e$FKqwm|@jsz_u|m#)T*hfwnK zx|LiZ9B6?vUGX1BAsf1|*t3s!iC_gP1_KC|us=KLKlmeQ;2s+m_F3Sm+4IT79vy)=Q3(^u9~T4dClXDoMuVZ_q~VlQaI{irjdG@$k5FX}P-q>lQr3O63<^xqKG?_%TLfUZOTv--kEpM zYT-AM4D{nsr1C#(%00m_R{Iv*_=nEkrjKwwl<`$fvLV3M=##Sy&vav;3!o$>@TbGz zP!j_-Q1#6G>_9~!SFDkoE$H^nB3@WNa{mRrP$y-OsH z1VNy~##CX4oviP0)#4bad`l#S{?Zh4yFuUsOU0|2xMKO?{4QsT0f<)v7@Gbx`^Ay0 z#zsaG;;8EG*^7b&L)4hGr?mv&Qa~mR?ig0=56=D$Xk_2xK=YiH7agc6%u@oGB5Jm) z)Y*X@Xj|Qu8U6XJe~RbUYd|a{SZq{lm_MJKlli~xqCDAzJ?|k!F2R}WZ8_I!kQDGX z0`RyyDg2fYH=a@4UO}=H!O#%>pEUgKgZq1k)U3CP_NjThesemTGn{Hkn46c!)lZ5_ zW^(>3qtVO_G48xkwoe9t3Es53-dF2yUZR^h%n2huKZbDR@|F}h+*bjXqqsjHb*sH0 z#>%Q@=P(2MWmfYWfesQ5Q!I|$YUs_M|GGN}e7CE_NLWj)lURAMMv*5NVuQ+Va>4oCceDPY&NcVLq-tE1C# z%WO;D*C?C-Ob%Q^8vJtG##t73t%pD)Z#Os^>88OJZp@ivjG4MKI$G%GuRpZF`wKUk zj;IQN_#DN__si3{~;)Px6H2W zgN=SeTGuR_@nc~IhQIF9*g|$!1GKjvPlQj_UR|B)ONd)9peGKmx&RiS&;pej-VLc3 z;-4NVDS(3=L_DVLxss?7W){a4l%TtradBM=*ezhv`H1=LFY~&dI3b0}BT1{e06yA8 zL6=#4kBUAvW=#dS5e4@~aQc<=0{LN-LTv2IpVT22(1!PC+O!-sghp}ur>ojJ85bqw z>WKis*Ir=$8rBjFuOiZeQIbApf1xEc%M}FNB1|T?9VnVXoOb98^ot&zWp(Gb!zle( zdd5GwOdP1Uu6iTSgMfFe7`V9pR9Y&1`!Ui*=QIEi2?w4h3jL{e|NWtvAnJjhpZO*` z_yTejn16tBI=Jo~{_Z-8NRPI&^Zp`LAESZr+HbSt_9JrD%E?}RfxOFxR6W%Ne1A9J z9w2DN7Le&&GGWNig-yJWp=Zg;PRWx;W?g~Kd*N-8pB)+a`{birKP;HZF{9E8Ap9V8 z!wMEj*z6lyOu5D%VdzAvQBDNsr`L~0Y^y2q-1{sSu z`x9?f#v?vU3Mjna0S-o8{sM|i_65E7g(v+_p)+;Bi<1=J1KP8-*nE@9q2O$CWjxF5qh`WwD17Z0zpG900qm12ooAa z;ee+4JU#7A`QhwHB15dd(q7{VQoAW>t0%$kGS<27&H^KE+yU?vW!wVnLyapHplDJp ze}lJwaO^Gg8KM42oKdL-kP!F^b?8O=`yd$%y!-nrTnC}#@yJHzki2d+N?;Rg3iHn^ zMZo2L(7!*mZc2N<)Wy|zr4#_{I$i5euO0g9*RJQ507d37h{MKX6Mv4z(4+XkAidde z3D@7vsr1A$ltfUkq%2?y-|6$E!oOOdW&xZKFC0fpvhOv7i@^5mKp7RJp|aAw>UqF9 zW&S$Z68>gO{3w;pMEE>`s?0+`EiJ0+J!-=jt0#-X_}+a1oZe5JR^P-#Y}8}7b!#Mz z@jXEm-_KsDj2p>g>j0x}tg%|`*a3q~9SIOOJsm}t%EyJv#;NbyhQBm^Ff#6gpeP9w z=U;&4Od_S4%J--&Fg{PL41s#vih7*i467a5gIUFqeFCb50xZPJA$lGm)n_ z6^7USJ$D-Mmv31Be~p-bj;C{_aKNz~OKm0^WnC0>N;r+e7LlX$01Lq3pgH?GQ#(|Kx%GO!@$8mdNAb z6$X9h`eQETj1dDrHF*Fa!;aHq_Q^VP+W|%1+O+haVYFlcsN!@A(djPm#PRhx-7bqH z%q|w4C!0)^43GHBtx4Pppx5S|9mt7sj8t-ya$M^>W1j`Yq?PS+=vlB{ZNkFZtc!;K z@J8-xkZ)Zh38`L(&nfxuj7Gt%^nv%hnCW|QtVE_Cjv)JUwfroK`^L!+%XVRgfg`7H zR`-@U&|U=qokJHT1)l|Ei+>qACO}#vwQuDYmT~&;dQU*1$@dYv-u=KU$)TWL9|fc! z@VEr3K+$^6fq6Uw{WOQO?7Q{9+ogNLkk`D{b|Hg>+or0Gs>c>Nryu3-Yz}Hn9$V$? zHVZI+#R2Miz)Ux9iN_U=Gv0g#Xs>_`@&g`9lDHQFAuTED_3_i|i@Xr}bfL*(39OhF zwEQ`V2IKqV?SsZ=7{2F_nT7!Y{`KkAYo&GyvZ2E#%)j(Y%-{AQnW)7-v7CaxS_+*0 z3#~ARq0W;Y4lh1!qM*ok`>U*RCv&|x`Q&>LH1?lI%{b(&=93@1ps&4cFaO!W{^8}@ zM3R}@{TEciaxy^zW7qPJqzx?Nfg~a{=IAEkAG-jME2@er9a{qSAb+IVnl&JP2*Hc+ zSxtirX&(8c#I7jV+1=99E2{UMr5ht@rI~;8&+e{>#19Sp3Z6ETjb*jdX7Wk|*xa4>hAy~_wAf^9b;E^&+4s%qQ%7ia(^1!3(A_atmRQ)R{Ub#D%kwk zYx4psgXvx1JJeyg-mQtvwjZmZ0gwvJMW$0BedI|?N{T%At3!L{uIWw=Bc-BtP+xZO zy`ZnE54($I6>#A|Hjem`?>B||C;5xvhS7hT_$+Eey>?wW9uah*C)=^+(gsC)kD9|Jq@)ejQjHNa3n1U~=gizXxJh8+^AeszUK?pW0B*mM$SaJft(BpPX18*9Kbyk-b$ z(ErO9I7A3A9WYoz9lj3fB^TP?ew_~tvn&(aedh*y3Q2;qBvfvC!kES^9^PDZUA6!4zy9H6;1nUiV0k=+P`@#B z%v1gL!p*DPpCQo^ zN$N-`$KIJAE^weRx#HfR4sq2=-)g&qUT?=Z+U%3@lMDsp(W|ulos`^P;D-_3-EH?5 zB&a6T^pjBa?N<_yJ$|b1rsHW#iqTU2Z&v-4asT}@+L$O2CvNvp%1YbDNeq)+OLMScLG(%=|KC?304c$PispWJeq z28KsQ^LLIfF@c7HE!**qG#3>7<)rh#N%7d}x=sH3JU>2y}8XUhAQSD4;O9&%{gj%d>9KY9n{mn>6MDaKbDa` z|2hp$$D=j6mSer%i%1Y3hA;HK!O>P>G_Xh59bfc^R=qiPUDlv z#PlVcl+K&_)81ou`m-a@%jyN4|L2(hr67O%CJrsUy)is}bU1v>Show^@8Zq?3N8$e zK#!4y7YzxlY^BOr?FwcKQdR%<&c)Giv9X}hcZ?ANEEJ%y)^lp)f1ofN4;VfOF8lZD zii$iLk}y_NT z+k9RFH|fTOv)YjQAwm~!D$c`IJDd`B_#+1=I_~sX;_TV>t8_uIQ-a|}JV{R%Lts7j zZxZL8E%2lOba4G(fxx{dqf|}C(ySq+I>IvRy%FKoTBXuBkZ9~&G!6vECBKv4KdQy8 z{SN0V-17F~ldLGjG^%C(Ce?dCWTos^vf{qw-@MOex7BSXxOKKoXMNWW$?CE}-VuZt zH<}?r7EmT5(;0x8E!hGZP9$;gfq*lf*+LqrmXK0Y+ zTDQ0tG~(!qV>y*tJztVD<7Xsjy-?}ia1ws(`pZ`l;Rpa)^3485IES5y$U#L=(i)l9)|8D#+138=jG*i_0 zD-D_ZYx+`n2<9I)ghOZEO;lj%&I`I+Z%B>R?f?UkT=KJUIJtOF7(sAP$Pqv;9?xe8 z^y8VhfTXzHpCgM!Gshf!uiJE_K3?t00&Z^hLnakcJ+BTW4grHr#8#8~2i}8Wfe3v* zs?sa6wLMqUxp9oCoJ$pb^eJf@TU%=Jyyt+K)ceWM{~^cj`o7JcFJJ4gq?4STC!1{# zCe$SgJ{xWGa46$AzmvP#@0Pkb8v`jfy$8?8EYlUu5RM?#uiYF>$eOiDw7__5Ki0~& z-H#Q%FMWdtHwJ%Y&>_6DkQPhPvwBuRbK#FnH9C^kMGw9cxXZNlpngdr z)yfx+FZ4zjZ#uiiay^wihE8g4x&-sm`St>Hw$>yrg;PA9S+-2ThIb|`l*Q^I-#g~P zzEpcq^aa$~6f#NHvDDtlVbfTSOjgBpwaacL<7E zxWFE6Zq3kWG}BY0f-qRJ4Z=FTOEm_Jr;EQmATil9@q8@FdP9)fzS05#a{_}(3-=Pu ziZ@`_0}|xkMfM})^efnm(PD1WI|&pxZtaAjX72Dba-kI>vM(ys2=vsik0fc#9za`P zzacVM$j{kWZp}&TYlDNp=Xu_6a`)v^AIU%1c~JMy*BoAkNoxChI|DkV4vJZev18qR zw1oQEgBZIspx=U<4_DZv`X=}B+ypgWlSrp0cR+7)M!Fn}qqu9l*Og-BI0iE%c|mc*{WHMyV;Gm8)T%awc&ZM6wu(WET$o1X~t$k z*j#ST=s(Tte+mwto~Hg_`S@^4#enD?b+mMdUrgt49^ooJp)v>o#sI2ZWs;?!=HRJu znMs z{_wKZ{Ii#OC?FnXLz)D=%%KU-M#d_PM!p=Up;EXv`+iHS*o{I*0q$*1Ug_|w%`wLW zJTx&5TnYqQ3mnDsPc5!9<%)O3)dvpM5*+7mC-N0NEul-j6IAN0zv>Q@K6LK@leKK; z`s$T>hiXb@nn&JW){+SW@0qS1SBJO^fB`8qnl@+@d#ob0f>;4CcOFiEG|;Ap8}x#Y zHKVEX4NgqLq`n`dHHJ+hHMkwdw`da8wg*-PtV8@fSQ4qs)U4zrH$81$d7zaOX_$LE z=y`ar27t5iJbx|-2FtD-&+gD`_r0}&OrbDdHp7x2@NV1wv&tuKoMA9n>%mj4&(U=M zpxk^AAVTIxSqKq~wyYbpRrNp@Oj0MaPRxAjo)DhCaf7qREA={Vw}m>f#|NtMnwLRg z>pk2!;`!6z7dh#&)N;C{Ni7dfa@L%qr<+ugHBfR`eeVFAr9}79k(_Ncff|(OOEc5r zt9M0q`^bX{FsbmTl6O3xH>a@6KO%#FtvPvX{Q?v#WEnDsAJct^6Z=D(V1T7b@u%-Y zvsJtb8N|7=ipa*GewTK2qLOj&4ftllvv09bF2x5UJQhw=fHncUgj{df&9oDIRF>FyBl z5>u{9d}GwH1#~=~#Q5!Q9^kmTi>^MIiF zUTaIk=dDPEE4MdOCRik((-)cHhuDkWi)Ba14hGB8`Q8gkYF~+gq!!MRP%Ke+s!%ne zZK`tMOV|D0OetzF^Qrbb0A*ENpWW!EPl~jc&sLbMo(eBdjB!1(56iA}1#f2bo-;!5 zf%EV-p(kQNBuxuN z9WIo6M)W0egVExPiw{^vWQIc~#uL|y4%>qwlVVGMf&c8Yu3TkWck%pn&sV;12gFa$ zAE?6*=4(VQ4;NpP6$@pEM$k&bmKm++ z8#IIvkx)PS*)lmE96rR|lNqlz5Mec6N?yd9Ew`Xp@Ba4v(AE|?<-S7fE8O|Fq|&2u*b%E;fvKz#Q;b_VDz`CTbUp{rNic)vxvGh&)?S>k_j=yi zNdcai<2=#&1)sWSnmN<ZgQRZE>IDS$|*L7^as;psiR!c({sb^6>=pGGkJ?}U*l zRiX`BmXxRbAkiKW=;2tjX3Mu(-`N=kqW1{+W(ogpks82d%70#BblTRrJytp_tgrujBV8!S3G1-zIG zEbtZPtkj*oJAptuys`a6Fpi;MyOJpcA0tnj$>NU_{!MR}fQ-9E?JZM zY$ED;Ht%hvFrFU3ylBpA>t}%&421d3gcYXy!o6W^CygUHC?6S(W~03yk}vXGPmSol zs;v2b_WMQ&fX`*Cd<_rpAE5>x322$_P)d}#L)#$@80(2z$s3)mUc|I9`3N4^8%LZ9 zqq*6v+|gjwa;yj=E(CgKYAalDoM)RW5qXo=9MUQ;FAf&4OyYU#utdSgZqMB!Hu@6| zXZx5u8`CRIlxqG^M!=7AOAn(*_BvC)p)>#B^ZHR3*j8Z4Q7fAx?QgDI1-S>*#ix@& z)(0_>IAecs4T(}sG)p|O)QeeSfju1G;!UmfHmz!-bB{cc>)q9OncizZWTrwB4rC?x zE9Ly{I3_dc*l`1LDUD>z1PC<1&84sP@HTX?J0FD??Q9(*suI!g;RRjq?++er^P zZ;=K_suAfRQnp{p6eN`qh6&I$1U_^Nn=;~xO}5)}|Bzs=qMiM@=q2=tX|oIFN@nDPnWlTNL0*)bJ35kqhn z4Wz8tSP1l~r+dfKc+en(`g};Ge4@j??8Y^lTkgNH>@G=!Q2#0zwMqjF>m?|uK!@$B z{&+UfE_dOn8nLKD>b)eMP^j48aRRB#N}`tDPpcz5a#vGE4!%x008S0gjum zF0x>D1hAqQuP@ghs78#6F6{Dyg%Hu1OjCjHvS87svYE~odyi&_?Pj+j0-~Gj{h7c+ zpg5FvZF#=Y%BM33lc>y_;sdG#m#Rn|b2BgF+D?VhSzo4DB|a#MkKMueh~63&ghwY3 zQjnO!g~DPz+!hg7?x0DR)420DYk7?p#UVz6FP|6+45D^rMqfg07 zgo18^{{FqrcI*Ok68)XETwC`tGj-KXH&G-AG1A>-lI|;t4X#Q}|E|1?rIzOw`4%p_ zGB$@JUz3mf>CW4OgX_I{d1WJ$__s>99J54?pX9xkemuN-W7NY@E18G3h4}oxJSX8V@K2Dtra|0VGawM-Zmqml_F_j3G3; z4rZ*oQ*LxY4=_lT*EpGQ^r^dd)#3|UxnMCj3k|m(0f-9hY@9j{EmzUrEp?xMGTxdP zprL0=hwgcmWn*-In(bf{Ya)H~GZ;68)v%05eEty)kIt|P#%q1hC*Tk2nWjo5I$X@_ z)u;IeU^!sHkKFjFdD`6it6$(9F~doIWp=kX+nEWZ)$YcLUtCD#aJrE0iyX)S;tdeg zm3~F5tq6sNH2dbt9Hk1N=eZZShGOIxfk=NLJ_a0}VS4p!`xckt(ZEZ`*x__7#XyEg z8il0VnS}lDWZ)R3AVZ3aSHDn_iOp>+#SKEK@73!g0N`q zZGDrivE;Wx+(ZQtz`=Nm+%<@Fwt|f|3sukhsN&A}l~{xAsdG-PO_U|(u9(Y=uO+Pa zrfEd#A}N$5Bl}}2PL2Qvrc(3%cX= zr*yFfNN)rk5r23x2=9%-Sf=ttLD#qni^&a)|FX;Z&P29-iKea`h1=$VDl7gGhr!NtDVVo}xcnDBM0Zp2Tn8@C~O5`GKeuw}?hGiAE;Q?#oDpKgRPF7<_}#^zrOZ z&rP_1{0u_?$j5U1k$Kw&kG*ou4q;DDT9hOxElU7=Hfn_?OvBSl`Zy%f80=ihkY-nf)3cIQtvS)#cU{Up%1)JRx${Vm zZcDXY-;tYbdVF^OaEom%m%i?hrvL*9nGzC$F5EG6a zrRXZ?fOutn7aU6$H_3jD&*Qn-^{gOLDly49cth~Z{y6l316jM0+_&--#T?_AQPSK> z){oFYP@5LF;&2TxEBK&fQZI6?Crn1zqDeH89F+i3s*E;W;?S{h<{$tXkpI7?gqjgR z>bYJ8Xa8OAoolQ}?r)ohKjbaPpqnBz!22SQF*YdH@|P~f4-yRo zTy_c*f!J1t?R4ehd7(a~L2;7HMc}@r@yoX~EeiQ#@{Y zmLs4=Fz8CEClVHOS<#}+Tm1{>oa(?=v#)PDa>RBcD;YzE6>2W%c%FYKX{QI%P85%%_M~_vt?(Fq+&9IsmhAtuk^DK#5SG6 zfRE7d=gtRa#BrR}HI3{1?^+=dh;Csr*B3Od<_nY+gtt~YW=Ljvf&758_viy0y~dX& z-2t?l^Qpx(YK*FxQk^u%^PN$dudTSkAJ(s-kwyXDYs=654%G~ad3DD&2FkU%#CaW3 zJYMjRhs=7@2Eclsbp>NHh40d3h(x5edmJNugFxG)Qb}g9+SsX^7#)aZ$ksGOp)v<0{<$ly4Xpc1@L`lT{TwI;B0 z-o|aRldCoFs(88W{JY_Hp=uHVoCpq^?Ln#-ZmGW-pehttg{#nbHv>1Cp}Q?cFrGfn zX8N1qAW~ThLs-@udy27KZtnaAT3xRquRo6-a5%NU2HkZA2BqiD=fl{Je3IQ6uRtuf zhTqMo%xSthS|92XLyy<^iu3e-tTBw(WOb+ffMl~fdCZ>)GGgeB)06G{P+y@84J0>4 zKhSS9iu)UNfLaU;`^QTt>e`9%grmWg_D{tEU=#ty^j$OjH<2I+OTVaa3K{R-C@MXT z3#W>&kmufUIiBC1Tc=C8w}bJ)_~wVT!_??_bgts*?;-GYPk1or;8wgihHPggLcLiv z&oB}Ks0b!RvzO?$+{zC?WwvGKOF_UCh(TDyQh$2y7R$1;(DaCm$!soJcOlZ6oK{+x z`u_Svw$NG8@7|Xg^@9iakOa!`assx!VUA>phnee<2dI%8|9h}+*}xJJ(p>NaXb<9g ztuD$yW25XNyfCE@us(mA7qlkD0-UF-<{u;eQ-Ao8mV$r+>pvut1z(pyXH&I`QO2?< zRco5adJH?1#o89I^XUAH=`WY*Zj-11wm>qr^_7_wv5mxe&x`;gn_u<~k*lBD!J{-^ z-SR~McRG;u4(#>>QfuFQC@wKLevfJ%t$G0EqFF@>;MT@_c3VGdvr~5fUTGM|RA4pn zRbQuQVQ6GjhpWbx&UyNB{3G*mAi30&65*8&Z@T`e{Wf5!h&<1+c8DYrHCbw*5J}-+ z2J5vmd_SA>*n3ThB-T4*TV@Q0u&aR|m14pi=?x^B?D8w^L|0Lhn~l|0_^N4~nVaZ| zQox=JxMTwwvs7okj0?}PT3%B_5S$IKD>41<9ZR;*Dz({Nq(H4l9d2*S7LAq-L5dKD zktg^$Ng4z)vf8!7Iofi^W3r{y9zr`PTj*d>6DIr@L?dSAtU;cuC$J4fu@hOTwT#0! z^T&Dq@8n1Od1jONKUP|fr z<3ge}TL3?g++x&qalyh5^~QZ8LhkYjMq>457Xg5{$<#!RKqaE4o91x^dWgl*%iQ>_ zyI(fpvpwW55O5i-WH`nZ#v}c2mb(@oC{=4ktu_a$=CNgOTl}f`J~-~=@ZsKcF~kz% z;^si4YI5K~6o|K;BKV2&ZN8L>U8*3kSZSZd5CrFW4lY9^k&wDSXE#c~GYA{L#lz!L4Pynn)slhYfFbMd6ib9bWwHdQbfDw$}Ue)${^0}OEyrNugOw5 z(l25evN_)K14ZHB$LnF1bQWzB?{yO9kiabl;+ReyD7;ORA<;Boihwkg2}+^OyLUT4 zN=aMKI@t1q-&+!f!xbD>99;f7jv0PT?($c1ZIUy=^E-HI z*@dv>uv9#}2UGQdJOJ#W@kP$pSSj}I zL+wpM!PuX!4;W=pPBshQ>@#V7LF2<|ss8}ER>Q2j#|%$-6tp*6?8TEUql(w!I79#e z*CIMhjS)bJ2T=D-sy6aOo&uBoL)1Er4dC@EVt~9EJP|6-^DpHC%9UtjZ81g^tqHn4 z@hmC@!B`xbUequOTB>*SR6WQjY2!eSEt0h~9#8*@ zEiE707=oGyubA#cvOdZYr_qF2i2YdYooPI?x1ovxrTRkxrJrxIFVxMHx|__053hR3 zQXMltd}~cc&+Z4f)A2xQ;O3@Q^Zx4_f^<<-Iw^0M?TRM* z>pFDvt*Osnc2su06-r=5%#fg>7E2PhGDqm5zsz;HP4m%;y3CzeaZx;Mq^f3oyekX# zDr<@a#|#)dz?}Xw>8FTk_fF}=0louOT&{Q$!T++lrsHNXf)0N)p5S|vTaqjCsr%N* zG;saHZLoBvs1Qj9ON4m8U}gTNSEn#94?}s9q#IGL7y>bwcyvvw`l2XO*)tDg#CInv zpU1WO;L_d$6^8QI-6=E47|RIb@>V}I#(W9SrhC@>B`H#=RKCd4E&3+=SDtBv{rdzK zgQ_)_5upTPxvEX(gBi$H##P=FFYlwFsP#VH&Q?5(^1mbafOC#V^rO$$gB3Bak7k?RB{_Bow^@>}x3bs&bHK zN8IS>K$YD}CE0)F@RI8xUArd~axR%YoI}vI?|P$LJzR@o73H0|?Q}gqI>r83kzEni z*^LpEaxR|bA`>+QNq;E2x(A+-AQ*ao&?7>bAzVaSz8rb&UJJ7646ypsHLn6xQ}r={3^lA zV%bir69zTsV+n4f9({!C{!vH8%gb>qy`hnUxvGjqr5G<01i*61lYa@vRXI&{~tKk>5cGLF{);oPFL5ouMrXz{V?G;F&JStkpcfMTHU3}hr z8)bP@EIMi;4;bp&i*faZ3HDQ;E-7Cai8dbA0MUUhMK{@`vVCHU+>vjtO&TrZq=PdA zADKsIN}G>Cgs;b^NMvYfdOvthHS+#=mcCH}%5sUR!h-vc4ev~k&>4-( z&jlVuIX;CXQuX6-41)y%SlHj^a5wT;XDBfN3Yn7JwD5Qd8>?UQd3mm6nqJW1Gk$_GYQ95vlQERN2T6=v01Yp_(%%E!C=*O=_q zzKkZb_;J^j`?D1pXYU1jL4EXbQA9>k`O9B=0L?6;KxD0ruvlq-ydvA6Bu7zH%BbDu z`-c8AA}-yMAl?TM06-8|`N}UbcpG^H;BqRA24S*6@?kbC+4n_J51l z=+u_z^_oVPiVEC5i9~jOpk^JZxOj2B>1F3+AtM9t27xBt4m3gHhiu}iF$b1>1(yL< z{*ua-f-S$e8c=3p@Ej}C8$x@<1l-~wTV#sa>OZYqWoBRljZ8jycJ3#aC!d0`(nW|5 z#G>JR_LM$*(=~mik^9{O!yGOGA>&9WLWb2BK$heAMC`Pxj5a0&CChtDeQfqZ|6M); z3um{lQPXtBg$5t#5Xt1>sHDP1_Svf1SxN`qN4F^Lf6vSE4xSejU7+RRHMwZuMB8@y zN&-)R1aEx&=Flkz3%!bdaG+3?)d>F0{8_(^)8#=LgV9use_O&!nu^S7JBiY-uDVkO z#c$|6bX;u@XGC!1!G(`X(i~1R>5Z>GWKi<*r5EWA#8&UD_%L>dy?l*jIRVW_kO+C) zGJD`-gLAXV`Bx}`;!cDLVlclnL~}FNDKw>W5ZUF!NFx1O`Pzpy2d^(W`5pYKi8VhE z^ts2epy zQ0s5LxF11XFz6jP$FiD$w?G$1X*9v^aN#vRx4v}IIx;*3vN1VgbwP!O*e*v{=X)~) zaxWvSHu}?CshT!&nGD;5$CF#=kP?6(Qjkqtq$3Tq;nNln73wc3c(z}@*}bgQ6+<5z z#s+7zNsG`Lobt1aLm(8*wAp2<-f7h+cd27sQB{y3CB>}}@ZOtq`@F+s?iQ6E%5IHJ{M@KkbiD79Kct54!z`@Wg9yGl1%y7#f<*&>Nx5LVs*B+SKkFr#|Y zgsdE(ge+SpFXqV;qsrzC?RMGldO!D$)M%=b0mx1#tDB_L28ff%7iNBg*H*L#5Ntsi zT!@E@t3|%k<$e~4Oy#-d~Q5E`ouj97Y|T;1`_%wVfVFMBg}b(KpC7h3e#*$O$D(Fp{4 zZYoPAsdYvPKZcy}fiA5yS}i&3|Z>;El{+Y5|#ej4s&wcn^&# zi+e*6nFyPdrq{}>=ETotOgsB$W~;c0cG+-Kt4!wn5_1$3%3LhAMy2ylFo=@0G-T_w zw`p%q`pk@zZW|wVp!XBaW`v$WnNu}4c1c99U5olKOaghNeTN*&3_p!mYwx_)iHMflMZ&-Da)5_1Dnb9Z~sTUe@rUR2Hh1z1L+>&Y;oiGTLod&=-D7 zB`&1g8fpIR;!t@Q@Pu>*tnOt+v?QdJGfchRL!$! zg!x|Yvao>Di6^8HUT1(}RLBczJtr9FY&=_Pzy>qb4AB8&N-$#4p)Zm$U9%PI%@i^F zb zA0=h_2YgoS^88lyBblOrxOPA+j%Nwi9Y|T5v@xwP_N`%Cp`&+x_=FFIE+L)mMD> z-yY-5?b%@Sebp6fQ|q2VmGShI%-5Hii7=}(IMp4vT2R1w;{}D3o|RNsfT-GFD^~w8 zF12WK^xev*x^KSL$$ChwdB?zV*Mi!25AgKEEmU!gV?c05;lhHbF(@2GNx*)HT$Viz z&zZcKBO@q`10#M88Vc!4?MNb(3MPl(eFR68b_)J4u+>#wv?h*jzjplBrA$A5Z$O9PSLwU z^WsZ^x|8&fN#6V6=I02}6~IM)CGl)qb-=B^{~uX@85LKcY;B`Kf;%C&HNk@fcWpEY zF2Oyxdt<@f-Q6vCfChqF(BSUw?tClzoHOpY`~BNL7!2rDtE%RlPc8U=m~?Rrx;V=S z--XY2J%PHL*~Db|-M#77rf;%YF2V!VNIH5;R?B5rSgZ<2!DXmSZ}*`?=0E&!Pp9!+3*i8 zd%EAnOZ%9m1BXWw@SP*jyI%X=9Z9nj(CT+8g z!J~J-BVCZZK98BV%PMHjtVHCWJn2kE(gHzZ<7X|e2E{J3F5UWM zCVqiAxrRqp+};{D4zI~2KCk$RAli}&bAkS=y@|vX?^`(a3jPQ($zfU%CgKd`@_DR7O+tlXR=bXV?uD9^;F?BymlrE#|9s4snUgIgkIj ze=z&1x_yZYUo=4#Y>rW!d2_1v!c(JspNW|NkO6G3RMRo4#w^#V%{&G7_=yCz5V@t% zoG*7qIk4V~WE{;u@@g5j=jJl|TdK*g|NKn?qgGce@-v$A7xZnRys5mB-Q+m;|nN%p?+o;$-%+QaCDpZFam z*Z^3AB7IHBWLJgSy#73j;Ba7&2+#>URew5-;&U;p4m_Mze*!k)@WZyyUJ8!?cuO97 zqwli=`;Ebb3V5tz7An=uy86M2)Jd=Pet>_>a4#?EEJ+Creq}`kz5lUanhfaSmiV#> zltT!8#z`lBSq>Lm9= zcv$&>#P!`s*6Rw3AdIRkG_?n2Ozb5fp^?gr;sGvCMuberQ(q%mGw?(&d!^0OU>w$+ z8Pu~?GBJahgwzp=SWLnTovqG2qj6P0SLgj@cvJg4G&F#6m~$hrGzysrhxCw(20SiOj~dVxiDo`s8+d~=Uw-=9 zla@gva6?(|sDdKY-WeVhe}qfcthN~Q`S@zx96h!+!+0;cJJAj^>>itiqxefEvk>!zjZ=eu8`qW!f1AKgrpr7k(Hb}B_cs!3 zGRnHI8QwY_Bgw9^#w=<-(%K$Dg(I=OGSp(*fToY-8Po?n%Gr#=N7eN(axjh;HHR`$f;@#2 z+8-XYiY+>Z*0&!wqgR@!ML&sBy^|$y6&}6sy~G!w_P4`Q>}_!ilg4Ct>|@{H z2MvX3^$;X_7s#cu6`DOv$#_TNk48YQ4sc@*U-03CuIGgZKJ7O#+zMcEtR0m|lsB$} z>hS25Qi{H&?%^wL{7Ge>DzvP&Bjz45g0C@6V9mJhC+5s!_^luyFe~h)ki~Av$D~~k zrn(!jpR?w!c%0`dOG=)gcnFh&N1w~S!s)BW_KNCkzS_hT7of`jPkCE<$0bBz)*=He z^C)zk@q@D58pBK0H19%x&8}+|gst%j7;XXi#qzz@{U1NLY>wzqMaQcmld)Nlh|1NN z3tvDRM4-t)DViwqe2Gc6CKEqNI*`jOYT_lhmw?p6ZE5$HdzR{j?je@fkDN~)Hv*y` z&{yk*BFy6@>Z@fLy3h9oY>rgCcbRl~k`a*DDw9Q9I^ZLpJzPdh(T*qO%qRk4aWZANZjml=7sE{M&cgf)>Rkqv)eD7AcTX>h~ zT<*17pu8W?;a^(^@F^+Rsm#{&?Izv^^+%EYWw!b5@4c5o4S4ptJ_m)IU^6BZeDdo1 zB9qkUT#`{TsX>(R_a|Gmv>O}9cey)w4xa(|^eIo-8SMp!ASTuvd(vQQUrY)N&eL?OeYZ(<{I?V2dC z+%`JyGWRQZEA84_`N!s9r}kI!35QT1vYDua&$@BjuE=UNxf9o=M8g@67|X;@uKJb0 z%g4RQ?)*vR#Qgr!Xyo-@YA;0*NZ*?!*Uw+rddX?T*~MLhrimc?ixK0i!YDj?jy}ux zT3C>}$QjweL!q!I_9um+SdKnV2|@=`sTm5!Ah`nc_#L951+Q}&ysB-hdON#onzWaj z3~%>>IhKp;T0kqj`0-o+yraHcR+8BP|!=A;)(tU_mLb z^~LD>l)86+Hp}ZiUuB*}R)3Qpmrmq`>y0FrFBgA@1%6@uoJ=lMB(N=;5>Az2>L(dM zdF7mAnDGe=M!LJIgIQ-&N#ut-R&ocpUXR-<)&7ABx}C**$07z;H;x^S-{p&eRyZ}h z0UEY0$BM-P+>NHpE6cv+Ncl-+2D~GD`J7L7=4akh1d9>KV!R6)_l?n~F#D3mn#AY2 zPnO#~4>iw>t7{aAW8eCr6^b;m>M0nr(GyA)UeAQfA-3+8aT#uD@v5$ii9{$XM}zjV zJCaIi^(HG$0%pF8l^h$l2&GuX_Z>lV6rrFteOS-l#O7YUyb$Wv$^Ni!HfnLkvDKqW z^X|HL126`w%P%x$9-=%qOLm1jG?BG|tj4Ps1)q7GkbsF?T5l`G`#zD|Z03kJ>RK0% zm8V*z)X%g&D@A1dhf$Th5b4_6R0lyM)^PlhVyL?Vf1{$tUqG=@4*P=x=$l8;EiRZx zEjANSdh{2Y7$!7qP*3 zTJF7n)i-M3gBiG&*CxfdH)56#%uO-odbpxhBjwRRAK#}KNi==T__a{cH*@F|+TKOy zbr+&oG@)4sJV$oq-Y3ZB$jHK?-9L?DVRQkj zW&z+!nheFI{WIO}xhWZm#BC%Ej=Y=bzZ^py(*X7C451V_lgB z3JY^nq@`vX?FBH|eNFK5+ zw`OY!Fz$$YjEp@$-X`ki@W7A{+}i`K8_MucgBdzUxlJ*54eZ8W((7VD$(6r^viO|S z)^v^z8p>@((48|SwrJfZ4FB7BMgU_ANaoZ~t#7L)JPqdui`ury$tDirUV|Ks7ns`+ zKZHr~ppp(pkw^V_82_j*( zwC%QN6|21>J0i6AOnZ>l6>Xi#%a8AI8_^XGr;Zf6?=GP8d8~13vaU(3dW%}@v)p8U zv}VZGrN9A(Q~0o4uMz^&-;QU%YMl!DmvoWKd^GcjugkToOw|$_$|Mz3fhWoAf)Mqu z#S$4;=fu_l}#2X8!yRIUcDX zbO4Lr--^a800bOY#`k#q7K1K{JSmz}sIxf3Asu4}OMkh;Qh=`q;f>LGcn|{HE|5;^b=+5w z^J4)n2gp*eJI7~!@@M=0EDw& z%AD?m=YHBSp>%|V1?ka39518Bev*6j;P;|bWuxcg`9RzSC^xp>!m)LN?^d9|g7Kfr z`|wRZ3O}%StAd+VefT{7hD*Jw1UTn@Ec@BdjL)QO!o6OjpD}v%EQP$4&Whm{qiL1P z7J4uD8@c_$ZOPk6a=Na3h^I!YY zJt)#9v)T6!C$1aU9*pwKW7p=Jo96i_IsWk#$N{FO^z{WKhSy|%gV@+)i=uGk&*2!7bCw)@{4%^R7g zvgirfe=09e#3Vk+w$CnPR~#>PWsyx`rDW22!6g-hOyvOXKv5>o;#>vF%?7S39k3J- z2#EY~UY$(DX@Qjg0^$G?IeeB6ZsSE?Er(Jl{dJewNy+>WBAl_GVGR1NaR_%o53ifi z!tlse%}BxS${qau9B6v!9Og%@LDIc@V&isQie$kAQPUdpk!VYk&;go>Bq~DBx zA_TvPFDl0%SY<1L@*@OTEt2qKBKRR7Wt$8o%z&&5rDL_hRn79V@b~NE>v}qaQF4gW zD%$xUkSFDKegK8$IJLQ715_YPXEO@s+G6%*XN;tPmi^EoOzAl)sb>Pzw6IwZz(9;xs1Li=3 zMVM)lp&BUfDEj{rm;XO2J66yew7qA%X)ayJ4x|y*?qs>2)FL^g3*rZDQ;B6x zRz-!XQ5wqi_q&qgF$X@&?Vpub2tUW!HVdErG^+4o}Ew; zAQ7#Twl-(REAm{e=@+>T)?#x7v7ajM)R_)T63@I^g=hi+k5D=NMw`oU!ID4rZ4Lj& z0??KRvEgw0bNW2?))`bTi~$(PD0j407po#PjMV{yaHT?v5ovyMeF9|6OJtl6tZ0Y! zE0=qA1d&8}tk;P4gJ0EhGkhOl89e4+2Ie-7y>Z zN|CC45iAanhmO(6Gt_}_oxe2mx2WYK#@K@D+XA%P1y#e>P|^&^GJpoF%L0p-Ye*HY-P*DDR!PbR1sJ|tB zh!_Y+=88oTgiIc7RA_kp5rmfXwt(I`ma`a@qu5}9$DolHP?$*ylOIDt@;hAEczDLT z-g=QsycO7^D4Sx(&B~p1yDi=v2bINOnTiFADjNS34mgc6NSCfB|s~Z7YBIoO;#!9 zGK9R+X6fpVlk^JD?r~Z-`KcYhRJ~qco9l<+oCni!aG|#?eEGjJyX--+p}yciJw| zSDq*{LG5~;l3~_s|Khka+9XiTyFYvZ{0MOG(;xhmcDYcGIN`~%#FXrhHkX&JDcSDc zWAY&sTO5u^j%c>=e@*|W5Ye0j+F*AZ(_)edjCTd6XD^$yd54?vUuz5C?>Y01{MWvx z#~A2oKB&|vSnn2^R?Y63EI@k+6pL7r&1J@azc(QfrLvM#9Ylc`b~)m96#jYJC4e)A zkIm)6jN;ri?!Bhvw7*BM$Om`tyD^N2)P|-vR$R|981aDqrTs>MI=S{NB`|+>~b_G!8&t+6VdQb9nJ{3 zK$D6CZsuXH>Zy;r`ghz4$cu)-@s7&1I33HBdp8oT&hO_{KpM&txO6o6T&_|az!YE- zUxQX%vRgsh>99f-1<%c<_zBSDkQ8VmEP3q(NQNpi#0Y2an4!cr%p#chDr5RDsFaf5 zB|b8t@Vc+1TQaL*mmFVV&7#AM0b)*K}@=QJLD5NGqXeuyOZErPZaxy189OrIPrWfQMA@pM;7o(gL|A;uZ00G(TQ&4uTlB zxE@-Z<$S~|`kI|9ffnO#B`$V^-mPf*zO^QqQ9X(wfyGqqdV4nH{1|_8Dm)8pIBUAh z=S(uc@!6xz8*V81Rmpi9h|-* zcGJ;|=|S+V%`$wW3}A5YD)9l7&>%KrztkMx^Z81|7?dPttssl+1V$}20<7fQZB<+s z_(;>NQmOlkAc&OmF(M?^o|*5M{6mm%V1GO?#Lnw_jLS({$9mm~kIyw*Hk}FK-hc?b zC_tDq;Tnx7urq3+5tE<6NJI<4ho_Y+r7bSlioS7Lf@}M?!{&^z-;#w4{DLr19AU|I z@??QuL$ORnri=zDO}F;-x9G!sH2#xYUnxsfg9~ie;W+uRaK-$7eue*CCnHrf?|u#m z%fJ=OpCu;~9U!}&XXt%~V=#9Xi$hk(1R^TLC3k{u0Z@sJ%{h(^X(Ai=NL*mb?+RQY z7yDF|ClRi6tU0r*-TG;hj6Qq&3@v!T709C22W+skpWy^q`@x^nYt2+tVe=k6?6Cd! zmW>8P5sLmo)+*b2wzs!9Q12dIllMiB`7dCV&5}{A?W%7=n9Su&Z-{z`c+>>fB5{hi zoz1RZDNeJ(^+$94DJtJ(p1>s4opj1Y^s3XBTVYw9Qr9l^!iBWh(uUD`x0ViUsSD?? zas}}v4r#Q|H9XvzU`tRn$SNxdes3LBK_)T-($Up>zsGV<9r-aJ(I_fRma`_mh75^B zskABfiP``m3UW9y>r8DRgSQ#MY7HW=xH?((*Z=KrE7l)HUJUf(6KM^H*A`Lxg`eMJ zLBrAuzlE}8^=Sz+X%!F#r!9hBYgipfsUvijjc+Qj6NSC%dfxt-2z-0+oN;Gk;$&>nhZy9(>UEh&0Zm|2H=lU(&~cGgyuLRxLad!R z^^Na_?#BdIMDx-X;8IZtzOi0b@pNWD;1n{6y}Qf5eaoBUcY|>pE&TEhKVK`@gN^En71)7d)=oc z$06Zge<)362W{L8S3@aDBu~ciwI+oy}j9`NeS-syE3L}%te=m zy*}V}pf>+8^~v_+%P_Nuw0nyU+~;PUPJF*DUt1=7r!78$y|#-5;;dcVh;?pTP1C)Z zRS&Wdjxpic;ES!1ugJX~H~$QC1@wQ-ZjPFRyffMIr7-dzt}9nF*Q^>8VsWbOa^Hx- z(L;YwBShqYC?OO5V+BlCDeHCj9+OMkR70QQZjL3Z5gmU2fYGzKEM?&?wjb+m8~gZD zWnPb%inVKcvcwxm1$Be3o(aYvpUFCB2z%6XlW^9__u;uFIlJ#i5D>xgdR)E@%v{tQ zqqJJAjjcrjG4e;cpLkH&U@i?XUALo+z(xPgdlB+*_>1>P)r=&I$5q+ap&Z zZqFtF%0PZ>{9NyT`QBHQpmbuk<|}M~9N5JHM}U2*e08o=lks%*R08tckgVej(wzT~ zKb>tV)mK@sKbnlK;w`Np9@VA@@c2KFxOR0_E@eB1cn5iMOULvdSOmCiomU_r#*=$r z(br~OER;X*Z@=W83SSK=MgsdxfoHeazEe6ZM*COKyEB+fJg&&Q$ZLlVe9u`lpNHP- zo$xW?LLBNa)c%edv*)U!r%LMln7tZwprzkO@BSVNS#~YAGw;|J!;3cq6~{l>&$3g!muVH!H2S*cskk z$k&6)#b%v;5?LLTCXblHZt6UvC(L#2*1(%-^$icUHC6~vi7)Y)$1`|ugfSRZN<>WH zyNM=n3)X_?YK;1=LvhCUms^v+?*-Q5i^B2gdt|?pG=up1IsqU6I^CsT?HjK>-k;>y zb3uV2@VS@`#`t(}nO9iYC|IQ;D7rRGnpT{ie{nf7`t-!Wo2`}^(ixu1q}8|=&hhjK6YD92 zgn#A%2MV+YMEpuzPwG$};Iv-jjlX=-ptTAP2Q<%7Kf>eYr0|-?_RF`$Tli7P{#=cJ zh)wQ|;+IusfIxFaJm7eK7mB;#`$Qv%)i?Ai;3ndO+9juEaD-e<3bE(I)CwhEOqKY6 zPVWMbUQGAiMe)`FMg1hRD;?n5fW_qf=Akljcnk@)^_VRZB5ttb}1=N>Ed zc!Uvdh$D0E%~{+?Z+tt6&zHG>p3bDy9D`ou-A@Blzp~wtvsh^4(`41F-F}*( z8=KEs3~7J8eAKa^j#~g4LA!M^m0iUtW?E7&UV)(Fci8zV)ZdVa6gh?6I`cOsppclq$k2`kAf=bGo5OA=enukPEob&9z^C{}oZv zhfl!z-Rj^Y(GVGyr6HA_Y<~HEQzErpyC^khT_ByoIM64+C{6UM#{)>sv)(=`TH5}9 zRh|Wmu-R(SN+A?ZyZb5=y%vWXKed;krPu^MOUYr18TkxxMjy0GhcF~UYB0GwV?thq z#D(G$7@5i1xHGja*j%N$3Fs;eU*DD`6p~P*D&tHf$L~e+>J?5-?Om_Pm0hV^6lh+d zm#$%o8g&;m*BkDEE9q|(+Y{416)hz%CLt5q?0q|gl^FkFfCRNmdpnzU>T?(SPcn8) zq<-BTr<|&np%UlK^WPaTf9lg$z#_!L5jnAo^Lc$vE>o$LxGUQI;3E0VfWXx$IeusO zyO@Yq)b^*9(08{>mT$iTn&)DICzzm}|MCwCRb#+R8^oYmn#)pKuv(B^)AX8B=J-o zgk7V^gXyC(q=`XM$VFIVoyYF`Y*A`HrBBic{7-w`w*jQG>Zr{y*Sh`8k8Zoi+#G(v ze};i3^RU4(?9ZaL=x7Ruea7)ip%AD;_*G0ewPAUovK2@`C@z~u+#0s_u}-G*dWF5$ z8Ptwm#nA-AJ%#QQ2JVeCtz1VG7@78*jHLy2e#$eZcu+M) zBH3~|S{kXd#DaZjyYf3;@TSY!)oipVU%p)8BjWX>qdf4_6_Gpxv2EzGTJET5IlO)N zmx6IVG35L>eTryaj3in%MiL^)ZvSM~eJyjc`E-w}89-G%ph01CyhL^&BGNc*3oyol zf`;5Tj3daVcirX`ONv!yDW%15-wq;9ARogwVz)gA*s7b*b+;LALM&A(O8VrsU9$wR z1oY6KHk3aXaA{PpmfdI-eW6d|G68jZi?IO6kz#-f!w}1HM(j3vwErF!*W2gz=sKg= z3x4Nrpc?V2b#@Y)msYdU=2QlQ*ZoO-gn7DlQ|fJX+e^~V(9CTWrX#~jNvUxictfVRMcD^>ewYxbQ(ZC z^V@y=TP%-y%As!MjQ#e_#G3*hY!YL5^gZ7rgDAQm7ZqJ1%`fcNz33k(*9#B%&f(rg zSk?XBBkUVfTFW)=4nk);T-^AMK;ybmjPngsaTD0@z^Vq34{v^Wk0i2lw!-9i~&m_hkPJx2db+#dKa7{eBUw;;3f3QU#PKIJJ zU9o?O;dD4-4FCh75}1^GWk_Qi=j86JB0b>}Amhr^H*joH{GwQ~uw!K0Juf3lI?%f} zE)*&mSbg^tG%2A}NaiR-g7BEI;#MH^9E@jx;++3N+J$wU=09&0YOu}I1TG`K<+QoYKr>SeNLbIOHNvB_SEM|^sfX5F+a@yN1cWG z1>S%G!X3^qu3u_^t-pKL^TjU^KAHn!4+<99k^qH;v0&WNHQbpY`*>AtpQ50DDIldzW(!?O`5rxdAyAkRaJr6 z?Xl$93(8@+?BV~%_({Qvl(H&Qa#gk5eYEhU)* zT40mk80G#&XE&v^jPFWyQUMEQ_xQB%?Mq&-UUbg#=UKDu`Ea}(-F$ImLb`FO+P$Y` zMEEW^r+grcNo4UCw6B+)`m3=m$21_W>{Z<*FO^KcZKhxY2wvT3usoV^HN0i zbqkeb)C{!#VED?M7V{WF>NBY*F>c3J7HhQH^!jGnR{wQW{y-l!`uTT{oPJE;t^aKG zD%PrWwPmb)Rj92jx6KL;nFs$bJ_}KJOmLb#uIE^=x*cukzx8;A-W-fdmF8b$m&&DM zz6#rr!*BUCOji;~S5emKR_HrSVa#t=(OP2U$Ve{K|_!r-;<1acB^dBt6v){3JnnJSx2L}Xz_qeS*jXI z=dVV3T3pq%V2$XH=bE!~EFs7tAv-h-TjT0_`?R3At4n9cr#s}x`fWx#=|9=r;X^1M ztlaL0nYZS(Aqtx`ay znVaj7HK%jyzfOY5k8+)Gzz4riy!vMu-dK*H&m)uk76&8W<1=<3m;D{$_pn6{U_ zz|E$|_NG8a+^2hyw;-a-RGq|sh}Yy+i|X6SSB5bQisyBWkuP+UW9x|I-W%q-8}AyZ z%Vr|IpE9Dzkiee-ZSJxdN&dnWtm1!$;(gcfE|;q?mg7N@((HGR&(0r>t6W z#S{{|Y0G5`Wm1SeZHD;xKU_=fZT`e+2#NSp%$4<|Z2 zXZ>BQC`Qfy#<76C+HT0b01H%~KQvW;tH4y9%*;=cVoajxlGU;3PXfpUg^8q$^d3Rc z9;@#Qd2>HKTU1Y>fjj!%w@Q>99O>&9F-@Gb8F)Yhc5W@BPe7vSzwPM=}= zTDUS#{W*DJB7Zci=1LHr5m1?TOheDs>{YG)`MFLrZ>-@w1`qr0CV=8^D`H0E}T+>qhr~l z7(Nqeh!5~fVoGp#>*H;r9a;bFYe=Aya+xJ9ce`l33<{MqaKnIe;`W{R?Qz;(NjOS_ z5mQHox0#|(X~tt<8mtiYD))7w$ z4^;c25JEC0+A|*^oK8okl7Uv?%&O;S7d#ldHAa${w~;uC?pT@qU+tJHG@j!(ZQ174 zIJ^GbRCavJvneGwZv+D32tJPuOPQOEKx(Nfc71$&A1VfLSAK|Z| zF+|~)+8l}9pNm@D&T$gy)dwAKSG^t+Z~jo=`L92e00nSU=lN1TEg#J5Qe7$Ap?j;4 zX!$*jqttvgi?ph{RI#qga*LB=rPZUA+Csr?4Ebu;x!Mn7tCCx<7?3*^AnPAEv2aw! zst8(vswXv$l;jaVRF`y5(wJTcP`j1pFA|T-JWb>jwel>M?-2Sz&HP2`KbXB)W>l}9 z+>rQ85*f7o{f#1*CaTduj~{C;KAs=KRkcosTs+O!8E#eCCbJdo@OlHaAp49k7+qh# zw|leQ9YksA$V6v5>?T7TT1J-Q;<3JpBsMV+WMoBJvmAiQyTBZ`t&VgHa%**-5CddAY}R1yRXf^0y)sqgB`hyP0ZpjqWc zmWElUQCIZ7T2xMv-dM|VDijV86NQB$cLjjBEjQ+b%s9-wOQp?&M?cz?$2LLQ&FC37&9m@c!#)Glt;TPusG?A(3l4*s z>0QjwdyQNkVH;ov!V82m`J4|D+8^x-v9I3-Arr!<@>Pa_5^1c7;E>t0Gaab@Yn%N8 z`zJJ7!MEoLqq`JX8DvJae<>Q#I*Laok{jSpeiT>R6MAwSq94FfY8=y&Lq!ZCLfEcW zN=k!XXH-l!=6kelQ+>T6vt4{()EaeeTx2 z(qq|kXikm$14#2>nV{18`DM9O$-{Q+vYpiZ1Hemzi7Dm70ybl&@@_=+rCx%9ZwTcsM%n_ zbCauNuj8rL;d$>00H7=ENUn%0SAWI=65;mz)F^@WD&7Coyj8bLQUf?vam)s4L8G*m zwt(6DqK)$fwl~V1GuDfx62px}O1mFd#MMi+Q^W9CWCH_8C4FJv3Pkc9L(;i@DBJEP zhh0?L*;K{Qi2zb)ip_G%v8AQlZ})GXGT}bq`Gc==9mXDYc<7ll%AoGaK~SCgAOAyC zJ(+dDGD_nI?{giA7<=Q*h5+XLCGDf(MZ%#{0;ec)?yv&^oyFN`Wmqom!gqOjJcM!O z1n9uGQ`|%l6QD1eU`H*h7+=lVS4}7Yb|ew1AVR_U@~VBR4zlsQ*wP3p0X~L9qQ1UX z7n|z{8oy`%H`_Z?7^4=~hsxW0PrbX@W}{%$sA|#fqIz{6MyL2@$L~n|rL_onK)=Us z|7YBnIUlF6p9u#Mm!s>q3a|XpzX3Wbm^2U~YeFjYs!i??9#^=kmA$K5&>Oy-DcEs) zqBYed&!ShS|NGx)ugpQR>O1#A<>7dx64mSC9FeQCI}9rQ?WcJPpNZHvxb%dfCHSK#gSIw)xQM1YoIV4NZngZn2>c3h;D zu`7p=+mg2W;-OtMz-;PgE)y>tgmo*M-L;*uG_Tf;H%2>vS+~V1wcXM_mql7W-5YH9 z1^8z<9Aip8{5AyQ^g%CTVoy|NIiG%ht8>ZJi{)5L?SNccB=D=7y@R>R$Hx**VtNc^ z)<%2$mS4?X3=j>m@=WKJ&t4u+eSk&!_l4%+M{4qiw^_fZHudNC7W1G#e|cx< zMvrkp8{zSQ?<6OU(;{qKa}$lhm%=PZ9E`0|?-t57U*>s#kwm^5j&~b$_O#Y8>^S?v13U*8nqN>+kX`|vq-QQRfhw|0pkKJlT zCT)KOf41$L^0B2^EB+ZzL1Up2ye5Z{HOSzW*+gNT-1_q^3gPjXx-_(VLxB z@@5%(S-02`F`8nZ9&eGe2!ZAHZ0axLQ;Pxr$jchBo(ejRHHD?@^GCu$eFkKevdF*vOlkH53X6kUFk)J*Ji&L;7b5pq&j?^?NEt>= zuz_9Od@nHiWV)V}>>Ny6s?@ugs|(Wl^)0!h?iG4h|7vtD4}f7n6SfF7YY*8Acco&; zGt|cgQahQ8+?Jz!(5TPTc3tJNJcdIrYUm=f~QeykV&w6>Yy2s?XSq3V4 z4HiuDr$;vYzT6PE5J`^ci|t`0sN4C{R71-;mE?qJHm1`wJF$BU!=py2VL>@$tef3A z$?E2Y*x?(Xe*A+=cJ~>qwintM+eDKK0#0V?i(`aC2(jerja+y=tORCULH3YBiL9I4sb4|%UmHDDWq z`te6-x?3zY;Cz%_#k`-XM1>q*H<`8kY<7wVw5+q%Ldg+6o7Ss}?q{?pM7tF{1{HAU`%XbTwsS2m)(O%4*f@DqvE6!?N~z&nK8G#3O6`WBS%gpkG6G1}h`c^80>@aC0xUW$#&f1-)_br2 zJaVN<)EwfiJT*p#oyb(gWTC9$j8#{7Or_+vb@%l^qMkq_ zspvqw1Emm8#Udxd2~#zlQqE8S!xo?*d1utNg&kCm7dQa{0s-b>A(C%4e&|B3_T(H$ zkLFv|55@H`H@hLunYMQ?74igO(ToW1)1`l2Vjkpkd^EY?j4L zNp6j>H8K4=0MH|%4Vcb~#VlPD0gUVKx!?0cnk1Dd6bD@UQlS zZr(PZSD1fX=WWk7&En*c_xxS$>w})bXBql5-UgAId}rBi^jr=Fu_FE&5!_;I@b;BZo4Pt5TWxA|6%Zp?_JV#LG?0)Kb7EDNA09 z{v-U)wB@YXM$aJ7he82`F>(hv-~X@a=v*VFih<~QZv~*~EnKSQJZ$|Jx{Sa#<;RbE zuYjRX<^NYl!#@qydo%v6)!q50NQJLcGinRE#dzHzKHs=P^d*nU6!7?)^WTGtNtpW4U`Ksc$~^Nfh)BAI zeP#NVT$#!YeDhRBz_7ndnYZs^t%VD{kW#@)eMnSa4Kd@^^jIp-axWqiTx`xShp7+i zJpV}^{Eu4<%f{?T>kHk@wPnfkCl%c+#$zn?z`Qn2Ryh%|>PaZgMh^sk}wfISX|1(ncx zI$-QF7QD{6(ZE0ItLOdfb2AF78&($C&7y-JYXg=zdV`85`i>t6%=7c}v-7vQo~$fy^9nONUI?0Iv9oLK`sljX`@}X$ zRy&M{=fq0)9X>mxJobFfiABG4+aRPFLv|!>=f7i`w{FsjCuZjiLVr{k6@2ab-D2}e zlJBbW&M<>-eS~=OG1X@ z4dLVm{mfby6|z&EhE>+vgxTFlW5DzKffRJW~ViVYMBur6eJ!v>R17uA%6Ejkz@`h&$bk&Q;u8kFXL zZO#PVy?xv8_n^scThF}?ZJjQ%?WdDdC-g?kto>J& zT3gx_msosSkW4Si{&m%5nJ(v*07pri=1#RN5p$kXl-j$4IW^73GSza12J~d29f%Ay z-6F6O4ng^7a=mITFXp#_)0Q&?vkk)qkOqss zL>p1fu~>@7!68GE5y7VK*F=Y@-k1_2!+wet&HVQ^HeY05$sHcf6?cm1qhwkz(1B=QCp>&F{-iZ?Jw z37jy`?X=TajbCda-rFwiUQ_4u_PY~Ni`!{858eKf{~vpA8CKQay^U@WL_|QOq!py3 zq@_Uwq$QLFk#6Y*k(BO`?(SZcf^;l;(MT?OQHw=$Ca8Pse?RYs_q^xBIoEl4rNDcrk6#CCLfOUR-R`IPDHi73K?*JzbHBXL6Hc zPhFq1mNtu(P8{T=+@JCx(9|g#oSskAZn(#)Ar!{ z?-Wj#=UCGdR%;Hk?jncm3765L{(Bs99kFKHjmShGc?eK~tAL*aHMJQ(714`LawzY% z6M-Do+wT+=pkNS<#A@uhkN}+@RY}=1o75}45Qp7$S7vHjvToikJews*q~ZE(n8cP@?+-C<4WS$; zm53r4c56=Dc8dTEMAw90s81cHxH~+)iq7sqfo|{0@C=BYT%~HbiFCQjQO ztLSD7b0FR^VyW_4kYI>YSZpKmo@8oxV;mtNvbEQTJHcAcYs=o6bLt7A@%h`20g1do zUWnm7VsIYdIk`1OxRW}ciA^q^iVbd+%_?_nZratbJ6X$_l+hK(qd)Z6+*RRGeKGTT zOmYFEw@2)Wu4t0gAh^Pt7G2#iu}1Q^tT6Y{YSFBm9Ii^xh0()6+uy zLb&Dd`x12tc`oZvGnX-Ed9g#C4Qm@*EC-=uNm$zqG}BI5qXuW4gL`{;4r;s3eF-m1 za$qt$Ps_|MD4bTNH{P9V91XP&nI$mlkCrc6D?`Z2B3I!`w8s%1v~!jQ&&@KapL?o35{*5kPn*^Yw$1F}ahfsng2{1S*tl%wO_?n&HZqa? zD~9s$?T=I?*imm%(>ObbLk|fwT~(I?`L!G`2nUm_W*+6EaGG$bBNMHkpMDqVF+ezR z3Gx=9D)#?x0cobxzD zC~G@Cx_^3-yfQC-qKXctU{Nu9fr8H?HiJ7%*uQ4y>H4hU<(IWyhxR$L1CZ^w4VK{> zy_>3_GS_~7%l(`Zrz-I@b)7l<# zVa!cOLnlH+dNq~$JjE6>A?&l+Ph!S!w}9XO+w_OkAWzSUdh-uH-TGbLYk$hS0U++y2}Y$4MoONvL;-)G?8NG z@6aAsV)1HRjNuHutyp<8qCZ55VK>f|Fu4UyTX6iwn_?=W1h@+W#^OV-4W_!z4%?!i3 z>a&2bP$Ufai#h#EFTK4bI%CQqn0MrsLZDD9aS7xjUCHOQJM4$EhRrWiUTf*vtdP16 zcZf3ju z?bqjXHdF5c`<6GD#UDrIxM)tl39_{4)`taIW`sp`W z$9*`h_kWsmzgi~F+1-wPPSYSKNu0NMajbTZ94R;=-Yx*oesfY@7DVG{RaH%LxbxTX zVHJXbQnQ~&9+a%T(3k$rT4K{j$|4eN?ov;m#9?ZAXuFi@jq7aG+TK#Uvg*6wh{;bZ zc=89XM+SLw<*J46`?@`r^K6R4xp8vZ_s%Hz$(uy0XLIy+efAU2C!g(?kY7aLj!cbo zTi;<%v};(PLDapmfA*HVBwYatIEx%Dah|pW3~hIxQOKjQlTa7IB%99GO$k{RYzX%k zLsxh~&ke04cgb=RA0y@*ra_i$4pk4 zN|m>D+-7fBb7qX&%a1P>TJ(-|?&O+th3XG=n+~KlO}jz2nwInMSNZ%j^%8-VI|XmL zt~L=+3YgFn4~5PVy#-%xRib^!Rg5^)R;4*;A8B z5}VCW+i7iCc7_+4Q#GMIQe5&bk&{DpiVY9ACTgonSTdTTfv!I9^=c@gp?b-%aI_TV zKpf98GmwdW$*>9WyJ#<;STR2jC_2kUAv!Dm&gXR>T!a zs?iL4;U?op8dyJ@JE)s^%0g3Hu{b2}eEEsZ>^@D(kYdvb=taXe6Xc*2;n&H;3tM^} z73MIt7tEGk~v@Z z^n-#(jLjC;{`x-0uWR~RHi~HS6MY1pzJ0O~lU0`vpw3^ZiR@S=_3eb3joJEpxG;J%q^2A`e-;-9vLOTYQf z8>fT#hUlwT*$(#HbkzB^N2BgTdIe*`GD}b_fk@#R{&%DD%!E1oj*5j%&f`Z0-|ro- zXMK~oL1aFwP(5x=!@cuyn4yHYOsp;3&H#0Z+%F^yTMjF#rEQm(AlEQ7hS!2o6TI;V zL%qh|be#`ciHtiPXJ&$l^{M?Co3ZtBIn2^ecgcz`VRyG7QA~!QO z_R4dc?S7s*zbT&L1NziHUbeUd40jGA_c-BxFJD%3+$5h01#)2*x;iW zct1oN;1^F&6H90w|05!z@LA&4DHg#)nl<@`rqfafg~#ZSBbVsZ&Yzerwah|0di8JC zKTX-cXY?(b;gR)Q$jv1mXo^H9Rsyi+)3xVx4jAW7*L;4MKsEbPzrqLMhgprhp>tZX zA$mUhdds&ir$N9{ug6po1eQ(6+kdcPQv|UYH>RZ3(t^kg#L@OJ+(0IZUzV}F*ZBmg z0@@qSHS0KRBdu;xm$hmk0$L3R+_%Rx_i9GI8qVKD!aye4rk8MdTff?ZK0V>NmWxaT zYeKjimD~ck^a;013Fpsmlr)DA>b85E_zF>y4WG6Ogf(9#-%DAGlvL(paXso_wV!@Q zUa&i{c8G16^|EKaMz4=PPnpPHrZ22ERW6G0 zO{fVYa%u{{hZH;zD>f9c#-y^xsxgLyQ6hkjuB?`jJniI=k{Kvc)#xI=!=mdRWijK$ zpRw^#R+A(@nd0oDJJv*=jq15&&J}K?4u_IFc{L}_azh(h!*VfNqZXwCc*g?&$ zR|xra?b2QQ6f?TE&6z#L;vn70zUt(tHREV6a3xmYqV*G|C77(MeV!67u9mB(*1|BU zh_QVf)q`j7yT=PXB}h}JjrKgm7(@pl8qUYB`wP7tN02aP=+2_Za%c_~dmR^c-L0c` zH?`h8x>5wIb<7p>NovIGMend&r;Z<4Vr7CJOc#@X=`G<-FAfVY7XLIvO^CQ>$KP=# zlx&p25`k*V|E++Q$#O|KrE4XjCZtEo0oyV$d;u9L_{EboCRU(0r_0xcFZ}sl;!{YP z8lm7eSDxmpdq(epGP`ndzYtHm%AI+??O2=;L8dp%#N&Wz{T!n0PDF)4%<113EH>0g zvk;US_lh}m&I93fP=|0oUWUv?RLi#YNU`c>Il=O)TYo1A2q1bT;K^)uBn*d?Wv7|i zj^{jV$oGu&eAya>9@3)~a`CeDC3EyJglRAoT%1EDb@KYD6J9o+z%$(&omIIFZlQRZ zU3rhwy{p8Br8lsMW-|dCay?ly+?#^UJJf={pY8WD8ICrhE{7NJ-sOiM{H4t-vrT=Q zec_Yq;W5Ep;Dii~*{aiIUV8n8HwMt^8F>R(eOe8A!8ow9?if5lWe3_VXK_9VrE?j7 zcJ%$G{^?frKC2V}g8zh4oX$wX6lj9abfz8`5GW;w2(?;d*w1)44(uez?AiGIg%rGM z@T9wqPzOH=L@=@z-}{+E-8Ri!M<)&Uv*;>)(D&T;`f0iR!OF!7s?OT)wZ2REP1LDk z)Dp<9Vg_$b!U&Dj(IXj4U5~=u_nJ`y`IeCh_to`?mebL;nk}0ztS@h3pZ&R)0UwL za?mt2GVKRSdkqpMP}uk=%Vo~Zsz2AFpsbMGrw`LS`Q z>zOwYlf2sv1#nj^6Nf<`Xb&8M;zIpkZ~IlU%o9B!4bv?aOsI${Ox@8cw2J=Ouw|a5ZWC zSq~VgF~lPFi%HG2vmf8-G`gqVS#cJvb|m09$_j&EvBQmW<@026nPGf1y>_{8S{zO9 zP(FXHuI+yDsnWP2OROjiWAmO7Zl7orQZSGV>;Yzg>t!8J7pIJFfj3XM-RpqAVJt35 zHrZyNwd^+K=L^CctA?Kej*kYP$2xIVrhC7!0Fw>~;VzPer}Tdy7(c4R?foV&;{Yw- zK=L2j4m+RA#66RE@)?8ofLpoIdC%_c34en-ILm`kjlE`8%4bdc^fR!&4$j|nxC~Wg z3o6nm@)Dv{HVm;6xuTz3My11d=+x^33MqXsq^2mD*x3q~=y5 zW2`oIL)iFAG@WOA6rCb4lk|Mcfuq)g)y?GXk3=QAS(F2}*$BGq{YN(nA$5(*t@Gqg81yj&K0=g*?`g)21Hzvo zVKn=cXlX_x&er3UzKyuoU`jL|c{_#3um^hZIB*YaDCs)IYFUSC*ue41Z1b_Xr>AO&zoJ#YIVRrhGEw zwmb6@@%8*xFMtqBSK{zwzDDzWA>D%(Jsnk)^eqkNg#@518r~Oq@1~Y5>Kf zK7;!`BRIU=?MSiSNfSRAt3f}|8gbg$yGRFT2_OU>hVoxzYVz-_(hNAxx5X~ECs<&Z z75D%oyp%=5JWrlRowbIh=8=7uzA`mlgArx3p_FlPpp?uU5M`2ZQ9DrdQW)VeZ$Xw* zh2%7}z(+$tGyJl==SA39ns%dhR=V=x?X6e>4^Ox2Lp2%akG5SzvJgI0>7Tssv=RPd zJCfT#iidRk&H>I-Xm{lJ2em_%X9++C4X_jr0NfrMe1kYD>LgEOy-=E6Q>~SXeoI9+;s71~NP{?IYMa(LeoM zWmbl^9=4~F4& z;lkMkw?QJt_zZRCS@Z*rdwGUS{q-lceE>-iz5!s!W_>DCFXo}i`x8N&taohzR@HW> z;L-#e4c9@GvCwr;sbx8~@M`gLm%XrqeGHwa?;)YVuD7+@()?u?r+SSYCL2Ch{ZrGk zaqT{)tt#CuNt{8_Z}oP90(oefZ|e|Rq(O$EPtwtO?8K!I)A`}H1S5_Z4@o_Jw?9r~ zo0p0QY>Sgqos+wLE0Cgxtr;dqPr>}Pm$qL|nC=!=Br|0;<$%utcd*tSab`5TDn({KvrxH|}4Wq>B zeuPS{#}&wX0Y@OOS*@>G1v)J}!KIn~$*6j2W5w5CR86Oqa=#jRiBx z{s#a}1h(cKt~)JDA~T*?ufaaqEh$FTd3emeef=)P#&97p>XPTbA zOh=Oze)d+n`;w~_^ZmRQ(ZKuD^hTCv>=r8KjiY-z7p~gC&e71v7I>_v&VU4({}$j5*PFP|*jb$enWsu` z{GMP0f!h}5Vqj1KXW6EsmIN1n;|stie-TeD#RiW~QJ_ z+*>1#yF$k8+Z-y5IWEao)ym<~2!OWj`ie@rs!C?i;aZ>8pCJHE`j`Mnba#=#;PyaT z>n30rVa?}~YSm`g%CoS+4pE0wIsAi0u;~iF_i59einyuj^O+iL$$}WhExpYL%ccr( zkZ3spBI+sg8uLOA!zG9PLcXQaj6_wm-5#b!mExxLJ?}GGwtk*dzT?$JIV2g`vs1Y_ zpW=RBz#V7mb5oc_)b5|Pwzq2d$*MoW9Yau$=D)5eS0)0hJ>gT7Q`Ko%j@6`4)^t*R zKDuW>u#$Y}oD%V#qBtmblX^tDT`1$ttnz;iv&b5k*9m;wdH>?F*zMuBTra_i^V&{r38g?SH=j(O2Ymue_q&*Jf zhPl@{96Hm)k1hTJ!fKaz#C_(rS>h?TyTpfSi7ppD_N?=(Rb@Wz0^9DrXiakxYo~J# zes=?0z)^3Xg#wJ%(x9I8lWPv=l{=947os?bV+}82& zF|V6yu+6F<5M@TbPDa8Y?FwXWq5#?~gUFSH^0SWL6;H{F6DcoV2x zdg)i;;5uls?s+Lm_C-gE>l4t%>$vw{E;RKF_k~0L@%OJ>|8F?&J+QE~*OTu22!R>* zpVaIpcBIzEOk6qs$#T{ih&=h%z;tBU6KakADa;=zX$%x4CTtRG)T-krkVjZs7Lfaf<-7qMvW( zq$$@bLo7x-m`?E$AP8LP*D%K>wM6M5nl4r5`6C^r=&@TNwqLh^0hiw_2aSyJN5UG>4(Y|XRY8$DyiuEEm}8019JQa?5toKctn($p<8{0 zfWw?l@QmyROE-kCDz;ciWGWv@SD)Gn}!6wM;(Q2j>(19Qi~ z;A5hIPj_xA*$&$ma4Iy4VFWHiD8&Puu?G>ax>}B`nkBYAeylZ-*BS;runNT_y~#hk zYPYkv3UhO?9!ttjadsA(e&BUK>2QnIymwzz+cd)IQ~6dd^e#Mg9@9j(hJPW2Yn!M4 z;6jr}%5M+&Fsi9+ zkOE_rXn}1>4CiES40+E)RO_|(0r%b%NN~ylbwedG%Ya7@-e_;KROCP0K*UWWzIb`| zZ8yWn)~vcE%6Lw+EFd$y$W1xJ2>ANwDE>F&MX0u;gazohI*zoYlaXugAvC^9gjhr< zwTz{g6?*$R<)|d5zf|8p-&J)uR@brD{LE$9Bz+DgKVFX2 zj;uUnI>a$rEq)hzD7PIkT@C8ku8$`#Ihzrkg1;%&pki)33s?=I)@iZoAfqf&quSoY z$!4_sE%JXD1_qL-BHrAPQuByW^d}J35^G+t)7=2m_;Vod)VrxblYsVc;H9N~x>o5D znJ5Seqbf3h0NtTkXSk%{AklWMT>H7*jHmi3_(f-?kVwk0VX|GZ>)x6_D}NP0H_-(5 zAyVailcu)FYK2A$N~D7Ef`gR~KrZ7z~rcG4C0C zEgoJ0!rvz%v%3Vu=ekY%)AhOphLNwVN|FRbI1ch~?R7vEPN#=kdaL!8ycLCxoV_Ld zw3<f4}FMp&I|65OHH$r-EhhV zNSE0Db^ZIy=$^iq>^LyWk;QMC4zn>|sJcy0Aam}qt(bBLn6Pd3&cIOTV4l@5%7}pb zGn|SN8#Y-pOuR0fgPNDjjhm9-a#~jS1nXV_I7_GXR`N=^tIYG%aQ|mBqU~9Ya^3sC zJn^_`$yy@NGgSh*Q=dIOf@q-H%>qc8hynHzsfk=0Qq-BW|NHFcS<_>zkp7|(KRI(L; zf~ZPQ?hyk_r%MhQ@2u^ujBrB@6P7}!H3)ce@hd5 z^bBye$?PQ^3|`^6$GvLSa^pTfP;@I;Pd``I3U;`;r9L5_+7j``z@d4i@3R`O^tq`w zVTD0oM4kZw2uRC3Gw}_j7;6KfL2n$L%XXDzdp}hI3X!(Qd2pg_x3PZvJ21a} zEKmv63USBPVz*_nE}w~I1EPz_Bw(t%?dAy8vd=|Rss@U@3%Il|#qQ8)Z?Gd}yz7;C zvnYC&=Bvd`J^(ZWnHwp%rX2%^mEykvRWKtq!UbdMS<{Frh=#rs;$>Z$oEJ3NL*Alk z**-<#auXP}P8>S=dhv-~>)GT@g(e!rD&b_S*9_C9d^0`SUVnlDkmxIwaos3l)8*f) zWLqvM0U}g7b0G4?jA}%ze>bI`+4urU&G=q+;kLYLA7L}@`aJ=5?UfCQi86Cs@?5M~4EI)H)CPi^1GSN8-{mzNj4kX13g;IFSChxAN7*ij zr<=l*1NWR(=bJb~GR2XJX8qG~jf}8BJre*G(!ksEmI(>Na@+%$OhN7zHHlR-8zUJ@ z{CMD{LlCc7bK@#1vmK*)&*n*0dg*{hprYd8m!WcfDej9}T}g+JmA=1;s!;O%(l(5| zM6Gd7Vfe>xTL!i5*B$*fWL^tu2A9hqp~bo~?XJX@tUPHvyM2G5NHx2q!Y!WVHo`{( z{weKP0uPuP`!`5a2!$m*ohm?2Eb?Y=66DF^Fafj~cIF{(Yk&{buY%Y!U|e46jAp{q>57llO> z0RyY#>?f`KYB?vKHuvA?i)ZTq%~8vR96BH;O~qKC7pH-B9{I>)_dzEg}C& zhr-0JiR*AMqzeUDzxW!rXX}LT;hcRcwk)qr|EM>?uhPSV{3-58;-B_S)QXzY~@;6{Yh zWk>Rek=i^E9}<_`!dU)9lX7Sd(|T#B9JBx$fS%Ps4`o#~j6%P{a+}c`c^$)ck(=WU zqiNeMh{@PiIx=Cpl@_e?p<`E>;1_Kr^1iaC_Uz!V&`j&)Zcl?)22~1vS$@hqBhCST z@igZ(1xrogN8OOefd7*@tf@!R=BA*9aQu;}Yo#x#RjSl7ZuwxC93_G!apB(BFfK}! z`JOGH+oJdmdz9ZDdMw^__3zO8Ts5U@4?QiN8XYifzV_ippca;p+?StyZd4%7UeSSU~az-V!scR*c0eJX}x%Tgs zv4of#j}lk;UXUJeh2qHayawh|hjvQ4^eKkz((?BnG=1l*1G2HMC8M!StBG3u}|Wi2;GrE|UL zWYV2X66^PSkis9fyI&F%7?c5$>t6ifrEJ@!C(Fv(ifWs0#{vQlvbzFYo! z<<6gKq?af3AYtgUT1-0*y0GRWm`((g1#45tq+%ggLfv2c zm4K$@HbDbl&E%D2mz`p{j3DlT1rX2Q!V5}38cg*E3o4{=Es)eH|2yO6&ZDwsNuX0w zw+$h<6Lzo#5d<K2c$y$-GNlwRqAp9l|VQjXrwI% zMq<2*xo32w`-DB2>YyhR@KTPHB{MQBj`t8fVf$o{2L_7asJlQ^E~AT^WeSuBsrStL zkt*;|{%PIGZ~*JBBgYbbB5chRF8Q`pTU8+sfv-e|=A%C3p!bJ~b`xZOu4Od1;(x+T4WIRn|d5%2k|;KLR{< zK(Nm(4Y1GPkU89wlOawb+YSqtoW;~OVjUDjuMTJgC{Qx&xQ>)9p*`Np#2v+gB8v%L(fH!YN&>9Va8qzN zdqS0t6yDedkZ@5~WjRD#cV^$yubZlIJ*eM0tat4wK*~jTNr9*qeZA zg94xDkk>YcuI@Jj9a(8p<9MSYp?64!+^W|$)-Si4l_x9FXfQ+fIM6(O`2(psYzYX( z-BR@S$e6iLcgjj3Y0gx`U=+xlqmH$4foyJK2)f5XCyMJOGAI^;plZxh=AieHAspkURnWdndB4 zg(uak<9UHF=(F?9-Cgn4`^X1Bi@;J#j_Y9{&HiWSm9^IAWD;D~J1!+dU;N)SpPk`M z*bd7qPA;1wd5SglGeA+U-G0KW^fZYDKwc%5i>8)+JuBTiF}3U@saRBvng`0NB0NhP z$+{mS1;3THf%Zjy^_mOrl>)YMGZvEDd%2(4hS0_fiEM-b`65DnciV0yqshuVlHo>m zN%Z@y9GoYfzk5X0_Xd1y^Su8J7hXcTyX(=cjzbUP6>Hg}jWaATab8)8As8JZL8B%s zJF4HX_~(#`Od-Y5r1mDTQ_AY(^E5vahMUPw6lC6Vl5O`vrfJ*7WSq8>H5nw1-*1dL zaO*gz+E2YHX#kDe9*L)@BvjS*a1;eb+OowjhVs5K8GQnx1`yx}xy)vz+(t_v;}{Hy z&k;Op<~nezcxd`|wQYdM5}M)=vROS=;%TzMw7NHTp z<+=U0F%)A|(vjByYaB4Xp{)dnaN@y<%eT$PXTZjiuFVOX&CS}yaB(swP(rBgP({Y4+!FMvy!y6+oz-A2)KA+Azd;ZlSi`ZA?+n7))KaX_ox^ifnDRXzA_D0;xP;0 z<6hodF^lZE>H?^UWdsQBXt<8$>Qe~^M8Xjp&R|lOZEV^_sL!d@ zDzo7wbli0Qa#61Mp-S?oDkQzIrG23i|he6~9vP z-cWCy=MOx61?H48Stea4UXP_^O-ulhWWHLJq^g6@AAMm<>^BgIdtI{BKM=TXXgpS!$8I?$y$&gf9h2?PB9bO#ADf|v_Q%uM^ck=pQjB{jm&B~} zB}fF~_hlJJQpY^VszfhKe*kK7Ut5?5hBR~^0Ik|pgoXfPnH4_~m#N=_KU8bANDJzU z!#H)#PT1HW->-2!ww8x|xmu@7Eko49Ic1h)3q8oaRe&yG(D#{&EgKxBYQS>fi?JaJ zV`&^yuQH)q3rJERO$kWMPGFJdvS~1zUL&~m zB&Lccqq<(jl&I)vh5`?@tXN`(Te}49ob)+?Dc4h8220cJaB0m1ed`E`pnR2A1XbW9 zUhw2o>6F3I-s1#^v!V1lCjkO&W{f^pN5%umcLJp<1Q_}LO4^hMJh}22Ab8M>!A3Qq zVKLYTs0}nK_EJ@7);dpzP*dKOY~y|Ny~`l=RU6YVV~kC&27cqpSpMrCP_iA`{dL$&4h%ev)XteZ2|{@$qCBaWM&Tq+}YF@q(Xz&1k zLr&hqO=J7MVP-09qobR{%(HTW=Sr7%$fyo6NkBac55hl9dAom~fNX+t1ua(nQfX0$ z?6t3mlN4e||5^~Z8ryaR%jML5I%lLl9vLo7_L6YRlEcaJ4PxXQPLM16g z_ti8LL{|WfT_K)r{rNu~pw|`D*Bp*3RamhQrMA=ipH_<(sKs0A*I-fj5$C?UGGeay zf)5Aoef1JM6HPQHBeJyxsRkzQSy4vF@K!bLw%&%>@APb=?4Z-mK&L$Fw?6X*u{9vt=18PzV(2`wW!9Sc(W5EcF z@!DrV?;a6VP|TK&9@KT0e)4#?JcB826uuv`A~(~E^Lwu1FHc};hK|S)zG(V+Dcoz* zkIn{SmAzF?y zNJ(Z;&@Jv4U(}A8&El8Qbn>|00J|qH*wA%Gbj6Z*>@tBtI&ZWvlkSUfAS=Dde3$-I zr-!j7%0iqJJ3HT!6wezMAD@UtA`Lr|f%!uH5r>Hq7e#8@igW%W4%3k^q7@L(wVln* zwh%-_E%STb|6j;MlyA|A6^xT46H-As-P3l7#=OPi%>b{iWDo=TB>;a*IN*{$MBIKj z(AmhX`|bMGS1sZM@ zzEa5kUa1d8UJ!LOr?B05cj9q>ZOCAJ^`i3uKm@(iH^@W3jsgDo%wNdXp+HIKbOM{$ z-RoCHf#Z8m_45)b9s=P4l7Admxr?ZViZcWW-`rZ z@Wg`2C@IC=7yAL{wAq7TLLZvM*VFksoBtPbdE^I1vzPj|d6j7S8_Fv{Po`bal_|*3 z267Wm*rYUnuc-NTN?|TnYCoIE^6vUoT8a-sUi3G9DAv6jfGS}NeM3fmcu)N8WaSzV z@V}Gt2PR?OSABPZ&!qN1SsaH^tuhR#5axU&NSjew`bx`PKb7k6cD`Y(oggT|tjWog zw+s6ZJ?*@KR9*TgIxTyMI=5Imo^6g0!oqXqZny(ZQC=^D-S3TyzY_66+gBYcE;jA{ z*RQ7f|AmB6jQmq3k%3!y@fS7@P*zCdX_(^j)v;TJC>9z!UggHSHe#%u_bTn9cC^aH zt%@&eTQ#UXz``(Hr!ES^ub4N4+HN!nMA@vVQu}Ce5ulh*;d2pV+I9Eb= zka(p6?)v?%&9xyArs4mG9`S6$@m_bq&BeWz$4ajT8&nmq%#q1xK~Hzf^TkiP@xAQn zK|r&B4-2+3^k^|88rW+0Z8`i;9W76}mcqH z)`s6j33asAP-*eiWmuC!LTN9%w@|E4gEK+9Ei3|KtH zq|1GriIZhKOuanBmGmd%W?dPs7PU|1O(~3qP1+hArm<^-%pm}Z^(y>F6#J!~e|bt@ z*+(Bo*MRR5FSl#5R!NNNLp9*IyT$>yzF0sCjv;acNM={ZpUgA6=dQ;qRwlG7035l8ym) zpq~N$3;X^Q0=7o1-`(rvK>{{IMX(57JOaS!gUL37Vg7Wd~V;lXSJd7%2e4vp> z@cbZ9n*DijG`(^*Uw@xkRm4@-BA}s?8DbcU7IHWLF(SYdeprt--r`%D5meq3%jl5I zwiUGD$YBl?Rrb3g6aBCBWkA!unDw^Xc%@y<}L8W;Yc?@Kxocc4^$N|8t_|Jg(k2Pi$1#~g{aczC{%Y?PbZ!1; z==#mvT;VL;(80~?Uw4uLZc$5)nFjTri}`r~opeamxsRfSb0(>Co0Q{u!SVL(cDJS27fyP5wiMOs{0f*_oUB4>`ShyO1n)sVIgHYLbat74b;> z&qq~l4#>nvZIW0jw!MAczpw9iRTiSYITb{>#4=m)m;To0W~i=hOz$hI|KkS$>3T?TCGKsiy1hRD%MJi6y_u+| z5C5fFU&N%oFgm`xMe*O?_2R0BB!T&G<=?{A0=fl;nx4 z1}V<|JGwt?Xd)$GL!sG0H~w_Au6}PX;)D9;y_Lrq7K{4eAF!$gSWbgro_}4MsZ2W!eXKE4;l>jLU(Jqs!~3!wb3axT@4s=%i}?@B8D~wYLzL&Yx>un5XI#Npe>I9;NK_% zslC$vZOAy^T^YRxxbii-<GZ%8tu4Soq`Te)n} zlOdfA=b>(Yj&erVO9;jBc?yMRyVWUsEXbfR?-os<7HXAjmDB9lMQ(F7FCOLc%~Wh{ggAKdBT0z+B9ueQP{(Yz+WjI8CaPyhSSVXc-rm|-K8r&^>CRKR4US!R;NpwcAf z{*>%VOhPTGy?I4m<=i_(Ue#@&6jq-Lw{$n4{KXV*2jL7|q>pIUX&a0ci%Ad0Fkiwpv z#pRC((F33#*>w2la+ANDsNXRL`OPIj*ULv>q2i1cB$FIrHj(5*F<4)udDn5cr8Da!T1_`taGD`JXPsPYB1Hpej;7WJZpJ(m|(1syU3`8EV^h{JGx>?TeVa-Z#Yx! z?Z$BKgQ>E~mt?~-cfBjGla*yFM@C~StAY=r@*^1{7^U2XEL?`%!^k4)s>73047=i5 za`K9S0~;A(I@;B&>dorX!Jt~L8-I5=^C9l0LW$XMuG)fe^U&80jS>s5fY_qx@yoG& zL3u!Cd!jk6i5Oxkx!KB*_EEcO;nMEj#>W-QR_5@sbU5*mX?vtJ_J{M!2v+@Bsc8My zw-W*LpWI^Fj&c!iSZ#UrwUU__HRv~`#lxg?I+S{DrDjF5TqCotlmPaa^y(UmCaq)s z!+Hx}ZMV+yLgRlSu-iBPJp^_iex1x4l^^A)Ege)Obl}mGYLn)a^}Y0Z&QgvLaXSO8 z)h>3tqtShH$Zrjdm#p?#0Z5l3px1HCqDxwz>tGc}##6jPAht6@TtdFmB)&w7Y4&}r zb8!lRNu}4jq~uu@(Ii=f!yhF{jswL|va51ZDz*!!uQuzt+XPK4KuM z^P|)BnS^=BrmJyIak4xUszuNf8j{>JVK4a@oo##D%sgTf+=Y{poMO<`IWlWocA;di zUqsL~&MC7w*y-5)Jmuxp8G0#ve`jy~;MoZ8&UGx5`MA!JMU?TR9|<+K$w+{X-Bn)X z*9eD>9?cwbho&3!YNoX-;rF0JEfB-&CbR$btA7Qu?c(SlmVUXlMAUQGK2!2uehqtQ z4|xQWgQjk+KF+y=LEN+C>^-f4BpF3jUH7kG_l<%gHy;ec#>OvVX9YR%92^ zNd#y@<&2pHgIWoFC<7-`ve-GbsJ7_kVo^Ehem*MQ%~ z+8BMb=^x3>=#RdrnELHYTz^r!mrrlYCaq!f#@fA7h%eYm;*TfL`8p&BwQ6ugSUA9?m;RYt3|5~W8OF4cf4f*5vJ*W zRI}#>2Hgj(y|H5qPW>}-@0z&imBE# z?Ix~v9-igonjNiKH^@L?+9A*X5t9yik@Vc{ zI|C_lNW&j>oW~hbSCM7dV*h-57{s{DLaX!m(y@-B%8lH{-w|&BXe=2#LDk*vF92U(b=* zkh1EYr|ZD60Q_Xkp9;|Yr-CLd2Ez?IKI)4lJexEx$|BG)BP%)Rsq|)ba1QZE$=bVZ z^J(wS!fgiPw>19SGmYz#siinG=#VBzdz$LZoe+NkVxm|aCWB;9+xF13)7fK!!SSPd zsv5ag5^Q;PJWn5KA6j7jMge~m&hdWh@9gnDz7Iej<*3YSTj%~qD5pW3reDSE(_OF7 z8&5tyGAtCGvr-!CNtG`m4lML7hTrCbZx1xX8Gp4vn=1%|s?zfh_-XV;xhuy?umOl}WU zr2!sm$&FSinVZ#ECfW6P%9U{>U6r}3%ezKKZZatOUD7;p1NSz<;?vX4H=;GnezmUL zUE7rh8XW(p*Wqi~sWvI6b6^X2DzYqXvHZwwRo6@PeT~_&+Cha(WS$yhiS!g8t<}1b zSPy2*QmfKsLJX1&eK?B2RjLjpFf^O`R&HkAOl*&x{m7~LGY2a{hHy&k-t<7G42PjL z6SAY=Ko@bs?xt*exP8~?6ck>FJMjWX`h+*LECK${lm;tR~oaW8NfBDhCe>0MylY(yqKmiSLU`F2_%si)h(BgpC z+O}u`X3y&0dMldS#hZys>-ooz>PgRS2cY}kzdqRWEs6Kzh#ARys?Na}%uF`sci@_Q z6o(GEZ{2cZu}rskPb-;5BFVZHEmkt(H#j965<_bnb!j?L)c1bCk7NJ1q9nJLIc78z z!@`+t7AMC@5hVw9_iO02zXVOO;bB#WCRDc$lWKs6h@5yPG;&t;YlSoN2N zJQE!vi_>DNy+&4!R>tMB2W52`V2I|mOe1gzcUsI;Oeu~lw#2S6S)yW>*%^LuD_c2m z!toWRyMX8||2nTYHyzWrZeGsVpqV98BPD1xMZGDZV~L8|I_{}cc7)PXhW&mywW|e6 zyf@G?tUDlfQWqoXHK~|~tV5FTHUhn3jLVtDFvG|0-_vvj zOH&e8)Yj9Fvb)}kC(SK?o!2ax18ePlMBVok@3yl35J_N)!*y(K-F}lY_BAE#Wj}ry z7R1ZJ_+c!^{;dAYlYA>@s0wsm2(&Zwz*7p69kDcw@Ow$p(iFtU^jz!ZEE&&Gr|Ad& zk9JcfSwt+%O@-*V86@E{Q(VD$u~AMU*0&Y5>rT&viXAiu_GIU}|r^u*WI;ld%2Jj@nRxoZ?Oe-*eGWp^fKe|;ESe|E^mqFBk>9f*z z~D!%0NkqbiV#HeW96IsFxNz}HF|HNfck?&PJ zTLZjNoxVc7Mdu13T>!;DxjXcRUGH)_VB|JXrg!J}3j{1j?oB=Fe^`!ZSIe<)w8(+^ zKZ~;N1CmFLU#_Us%@U>NuN9n)UKo(yzLOe|S+`*6`4J=F#bT5bb<&!KMRZ%Ir%_d` z=E!W7dca}cWj2Flmv7ZcBUA(+Yq~S zOtSRj*EXW8$bj4gP@q^*l1QCt+<1}qaJG_UPHW>*6{CK0!9lK__pJvRb|z0a{5Qj| zR>o)41z7^tot1Dfsr#}uQLbecK&A>%`r3mgCe=CvQ6?YDW>tDs!o_nf+g>}5!X0P6ZtyQWK_ul|{zofVv2@}Ag-$JM zs$~Xl6zx9t*&Xj|I0Hw@uxDnUPXhQak8Cu2l7q49k}hZ2l6F_6&-o??|Bl&(88Rap;08_l7|ViG!Dmz|py4&NH&Kib>l$m94I}BA zv~NwKz29%uaQ_xCs^p1hWk!(TH2=pHHUFCw`Y7|qcOoYAW6Bo*nHaU%1PH~WVqQOC z+MEpE@4uF@2vgm$0-xZo+#NDb(YTr#wt{(~o(NKGDSq#}fP9nPbbdVm#vC*f9!WLHfz7TeSL?;e zW*5<&lylVHs*!tkYP0#*X58r2Hv#GTk3`fVs!};**@&L42 z&Ii!45csst@MnI5Z%1a6$0z}jv5s3^CAR1I%z107qQKy2`>Yh3=HYIxzWGUe3BvVO< zORJcD;h)~N-vT<4$vTHvQoH0Xq{Nbv5kZM(;Nu;PdOzLm#Z!!|hsh`TH*VZ|@c8~? zX@%S|A4J)S`;qgADSXV7B-ew;MYILekDdI%eJR55S(p20gL5;6O%?|9u~xx^-1KKX z7plG8TRU;_@P!VSCS;$PT>%Gu#jg5looTi*t=PGJE(?_R_G~uwiXZ)~b?pO>-_Z4G z@IQYTr%s)M1$&6AwzEA#zi}V<_@|ez=vqeKx2E0-Os;-{7@kC%*H}~>otO1Zl}ZbX z594e>Poqo9N(YmzcX$#BIULrL4YyB+)ANAT#oDqrJ}G4LsHf^H z~@LGk-{pJe{}mw7bo5It+c z4XL*+?Yl|dx5GB&Fk`XFU;6Jo)HQb9?LaGmA5U)mL|B;isU=-!#fZzy9C+{Z|jBEA8PS zo;yR3k9GB>`%kamFlt^lU;IY!%Toj8hz6B3gB@ZQafN$Zf+gl-+vUBY7q!w;*Vq+2 zKmM|&Kff({1T6gM&W$mzt55Nx(66yC?3Y^){MePBUc&j%*rxHt3NlKpFpl-`VUYXpPm=Kc(QClMPg2f1|M=2^Jg_Sovz$-K ze%U&pE>p*c{6W0Nf3CxSuEQ@^^pCgyxeot-@(!Ilclx0&)b58xwZIs~!BR=Ws@;zV zshTwi$FV7_Swo=ImGux(v2@S}4Nnlj3&ZXeQU;nEskwbHe>F~j+S-N$z+M)uZh;Jc zxGkH9!on#OGjGy=HR8e)*jH{VgWzv&OS##jRhG~_Qdyfkdx)iII7?Igcp}4lYos>X zZf9DRm38nneodPTj?Aq0?s$(@s1WaR&$lFn}Xck`Nr;-24)1 z>8OZ2Y1d=b(HSU9a2*s{iuRP<&aWtV20xf}^w(c1V0;~C`C?gWFw-D=Yv#W6v2idB z5O62X@c$_M2776FxuZP<)*ht|2?p8+x)Q;NWi9xu3!M3)+=A{E^^C0Z$p(#Lw!)Wn zQ1fDoCaMoCDPxfjUVlX~`|A8esKxT#-<%6jO${uH>x`_y52sb=3s~nZ8mC#}U(7Mu zHS{aDSeOzn{zt!yX(H2`Ovq(jQRom?`|ivbSUn5r!0jp^lh(2FP4Vp zZAM1Mux^ubt&nqVeTzStJ@LRHyR^|k878_vq~xQzw>A~g8YhGb?>>q~;y-!vWU$_i z54x>*PBAMB%raTzm>KgvSe1D3;zd$WYyM3QA*bws*m~Xt5i;)g5Ukz_+1nsU@ zzddPZ5a9LpZCRpkULC9kDgf;iVeNrTfAzBXyVtv|ykJ#cQa>-r^3{@DdBK-TPwSQ* zRJEz%ev~h62t+4)=N`|{mS|NhBz$1d^I^L3ZRougxn{a3t#$XDx|2ue!H1_sDYfaS z^MxcD8yEubYMw_$+F1sF78}dFrov`48*{g2mZi zr=mgP;wVmd>nR14s_l4GWO&YAW+~;Vv9ov=QFubh`z10pBs9b3zG56*Z4W9LZRcAgdHsE~!P0j*H6OCH zQ!?oj_?jNQ=3RppqRj=)Yj4t(7Nr5q@qx3f8ymBlpW}d5CRX()ikD|;c1*>^t1mBy z9OdhrkA#IF@g%_G9T>!U{){w%V=2s!4Is7EnzphZ5V<)(crI}+4xEI|IB6=VlhkH5 zRXrjwJe6TyQIFuD73i7iqyEz@{?~63eu#byr#f!tc|WG}JB_lx{U;xIkcdnDh!Ss0 zZhRcM3e0g|>ZhusV`Sv(hw99lNxpf5b7;I6rTwVmGhmS##r!{vbSlbMXlYL5fY^A> z*W6oLk7e8s@*J1?giwbuHc7U)^vK0)s-;FnHG|DxpD#X~Ijb9;_dSVhx-Fn!GM2wg zm2+Y~nk%$a0|#4G42Rz}o+^jLE$2!MB#B^vYYU|e4ANcqJFHGbbls?#A>>@4UU-5M zfdc8U+sYv-)ppUf7qb_vZs%_%3a!1ipfLBrGE+mIYS`Q26pz+nKqL|9BYtS5imG21 zm$aoaEBANa*dX>NVR0y@8_awwYCKb2R#FzOCEy|v!JvqqQH$txVRbn+1BQLY3Kxn~ z2MAu|vQ6uatQ`)W*Vs?h%f$2A94RVaYds{}I4sgT9-FS(DN~S?4r!H+k;n+7T&mOy zvWJH_=ANB5c;USk5vhmSFML4-WAIVj2gK~6;Na7@?&roIFHUmIr`*zH6K4n04!$Fc zmecMK_kZ12fawlhShSK=IrJBJA|r9xmJsUInCG>veI;X^Bw>+Vjf%1Q+pQW|iX5sj zW3R&&@ht9RmF2Ee5}#-D1Y4%(2PYa9go)*Fb@|z=r>d!aW6ukFWFD&&@vfR9vNZft zzik~r%lS!6=zaIGcQ9&({>YZKomUV3O!z+6%tcraXF%*6v zbB(<-CU);{RxRloKqciGXblOnp&;?Mg?|d#Jv4HBW>*wz-KRLfZmP^59Ut$1@`9y*+>dMI2cnCXhZPgSMg%Xqwp%K8} zR8Y%pB#{KOsC|A&bRuF>19J~{n)9F+qc*5N$amQmojKNz(t20{LsCn=c`QJI?`#v` zAWqib-vzhcROy(MziT83_#t=DgHuP);)*NJ$(Jw1IwR?K3~Ob*>`0v^JO`gWe7M)t z&0(_|%l1+fpN_~422Pw->s=doco_U%=xM~oY&>ao-zI;K;k&A{@KLQH@b+onTX#*y zHb;y5CyDPWor5Ywy@(C@dB2-h7gQw9il6g+$7AjT^C)9NzOIhe3Hi+StM@-oH|0R`0e{^olyt z*?tq#VInanO4GS$+HGvxQ_twHLp>f-gr4(dl;znAK-k}}&O~C-7v6fFWA20%KqVlKgxC7l8e|nz zOuL3@IBqL?>apYN`m&&7apT6P2zHxA#@{qrlOk=4w~`0soA3aK9gLjuE=nt}v5Wf_%FaM6=4&}zcFTp=w!het^RCxLq{ z9|^+}w>Dk<-RHNsR*5U;1E7&u%4Ii81|leYU=x}fin4o-verrol}5rH->Fdz+YuMN zvjyWD#I#^dnu=Q99zpg}x4jUT4vw~M!f|CKG{`xJ{D+qFxCR#x8ZK^091?mn&4;a) zP@ONw2&XzdOhFbqe|&e&rDO@ia5+Gt)1!-5A_&pwg&h({ZQAz9?N}2$!(np(wPZSy z2WAYe=SIrUQNPPmQ#78ft%8kq_PVy#qGr_x>!xUsXAZ)mLf{kADWz5jpq$p4Z}eI3 za{O(J(*4PZM7;NCxCm8!->q7Y*0tw)uW@K5$8v=Fe89YK)G8QmiA^TvTw^!mnEVy1 zgtGu>c6rmCmHY>l6L^U4beQ}Ji{|j&0UAc#u(>)m^sMV&XvZ9{=W~VFPm!}9pwZLm zZXuA)=%DxuqD}fE@P<#--@n@uf(Q%)W)~1ql_L5&pqFd;pF-gLPA)A(V^_561~BLH z!^uoV86exZr7Pmqba5D(TmW65w!~t;q^wb?LX@j7WizszygCCdu-NQB$+$2txS}$W zQc|HEVHr-E$jx0@!9!?~+er3^jY^*&9pLAcT{J%HkjEU-)r4k?fh_^Syo^#Q@vt)n+O;U{XUp~cdlutXodRR zLLf(VMCz9B$WvIgNGOlxKJ1j1(lRm`tlU`2h_M4SPreHV+1fvlf4F3_ibbvN+9x&fD`bswZH@B?A z^@BRWIDfWK|BAHB2rmu=rRud|XvTJTzlmmBWdSX8Wca%gRtd(T4rF0Gcmm3i0Bn{A zW&>?BqLrhv@cfXgqu?4(G+Zm3d%FSr$mStWJ#jGKAd1t9?_m;FxlvKY^kD&5sw7={ zIYL<*Pt!U%_JDaqS=+wqL#p9t%$wo?m%O`F8HuCX39btS(1KS5^`1#z1aU4_`jyjw z7|VcFsihVZQzWM{@wg_QO=K)fJN1 zqO^t2I7*n9WV^C&5uPAHZ7v10^%OfW@&Xnu?bp~wW;4~&N*3)QUrNS0XsLUi5|@Mif%)HOO$|JJk@Pu?DHSZXgycD+|62sf4)9-vLZEsjA(Hr#Ks3xWAj ztwwCfc+72HI7`UCn7>0Q+Qt-4FL+z&K>g-ChD>u-C6ufsn|NKX%ag>kXb9V*uI*TV#ub9(G!wm=3D94Fh7^HN~7u(XWdup8Wd%t`9(HH^2paN^o}Vy zdT!?H-r;UAc0$W1VpNjI@T$4)uz5?W@3!ltw!Sf-%DHn(dPM}~aw>8Lwe7X3k-B9x zz35s`0l=*2^C?SKqyE?XIVB8Xs)x4r?Q^S$eBkED$qT1|N(}Z{Rt=-wF$(}RthQAb z)g8|T9p4~zgxS}u^~o?#OvI*MystwS;X`a8^j6?I?uaI&23^wpkle2ksHCe@&*P|y z2uYf&`?h7_`3+2EI~(oMy0fy1_*)`Dr{*fNarZB-|6dm?gycX({sIl`#*GSl53iZW zwR~BIY?DM_Fe(_GF8F}8R;hG@lH)Dw&SDNXR8Or+1#>5>r3d_QW-EnUxzu8~SX@s* z9ieH1%fU^xnmak}7#FXo>o-R;q+_2V0(oc(QNTfUP!4;>*A__5Vwh-KKS5`U{QAh) z*x2SgdbJ&xyL@l_1X*J#b+RLdcW;#&@6o1xu2$V6D~(jZ?bTEQ3XdnTi(~of^qcXP z!SK<%902(gRo z1pA4TfVL>{de%+(GO2G0IiU}aOw+5;0s#f2E-{QpXNx9jwmC7ZYa242^%=gXCk26O z_-i#2s*nXHL&aOn`b7QQIt3g18%J0dIc{q%>wZ)-mQ;i{($+SJ^{6(UD25Uq;#YjS z{!Z|`kEYlWVF%jF0qr*`+t!KBC~H!tXdQ(M!!Y1Ip#T|NI9cByqlRf6p3T8OH+6zY zG?-GvA-6To7QDecqpjM4hL(v<7ewku53E9mREjhE_m`Em!ua6TT!re&y;t}*2@Ve8 ze}sW4xOx(uxcwdt5+-}@%g?s^1a+GBI!baiUo0`Gx(O#wY;jdoMOd^cASHfRVLu?)&+$Dzk71jH!*}z^xo=IL?=UI zAp6;CTpem4;Rk@1ok&)i-@yyb+$Fin+W{~E_LIpRRHb>Od9To%$=g=~XN&s-&N+|zx1(ZEi+@zR+3M7~(3zc6gGL`nZ;f##xn5Ydv zQJsC8k2YbrMn*{@UbtFC%FupADw(yx{;6$fpp}xXO1*_YY-g}Kverp)zLSYgvrFq} z@MVxGtTu*X>(f)RVTq%@69&;&d^x7BcQiB?_xx`MH{spL|At?_@Ddt$v^;-+?WF{q z;{K%1nBv{6hQ^U`$o6X`uVsXCzg%XZ>OBQ*(qVt5ds1Z8N*~*!z{;ro(5~-C1>ul+s`it^~w=%RVaKjw#E! zooxs0K46p=DHoCt+J|Fgr1Qdy5S-z3_{4$cRF#QWB}z_1D{WLo{U*~p_W&v{WKc`NZFR#-P^98 zQ@hS-0n(_pGlCZ)3;s{}wSfseI}Lm9VOH7$7-U>=)()Jh+=Q$7xi`z4Lreb}uZk`H0Y2C5@gYuJb8>W_Ii)orF`oj%!Lrk#{ zWZXNW?@l7voY`+4MvQWwB~$AoJEhYo`J{MEdH273z17WP_dU{p+7-Lyu~zJz7OkZZ8wucDz3q^zrW=DQkyn)j3NX)Oq1ONObO$WSv{5?-rdo z2RNCX(q-j?ekdCn1dIASk^kh<-}At6__4o7>p&Z_$!%@i#Zr?}|FD7<$gJ>M&bspC z8d^pCh9JJoDPUkP#2|YQJFGXGu;Bre0>N+c!cRPWNKD$TKa#ANkno-Ww0Wtk2JfJW zbTTSBp1#hKI%6dMDetWE3B^hxmvt}i*=lfBF%ZXuGiKQg(mFObhuE9>`YErmUj?1}jvp&*5A zw6)Ra3rP2W!erM1fr2UQmk3%6N~{;ftG4!YFgzP|vApf@`)`OO1IikIL1CV^9sn7` zkJCo!U#<*_TsgYuD{3hx{1-vbsh{;T>RyKw*Rccuq62?5He!T7xcBAHamv*{x%d73 ziQV^udkwcO5c4Pj28_g;`M0g-udjAsoWK@$#)O9ZwGo>aj4QQgZke@|XDS>%9i2qTc~rNFP?d4dg7QgsM%WdiMu>;pgTB z`x~aB%g1~>$1yvmKyr%O{q(I2-(p-t)nxx}cgQP>r@;Kvf{T76Fol7dJDmxgj6}mJ z%N5b{80FS&8F#`L-+7e~es_^*?C|Am4k)Mz*~F5KupUyz3P|TyJcWHho}Y|g)UyC$ zxj+HbxA_|dYu51=kE^LCVd;{JJl{kG;K6saP4ypkb7n^Y0)6%x6zs_Oy;tSbm+;se!hRJTrvvmM!v@PJHu%dj-u>; zb^@YDY<-e=3U(+4;`5HBAH`LK_4cQaZ1y}PJ+1S3)4eq&E#bo2#*h+fl&Zng$u;WG zkeJ6LhvqvKuXEz2GE}QnMDze@!a?{~LiBg$K)5%6`~vdu(Id?Bo>s|>xJQKa#AmUL zjn!n>2xUbH_v>QWn@Ur>O7%&~$OK9W(~=2MH!Af%ev-7e^bTXGs4bC!vu?J| zSxVWkES=L_tt(YBY&qJ{EBOUFSxfucuT>pMjW_W7GoMw&eEC7W!_zztEX~ElP|M7z zMg>UPO4S?xOtzJ;Z@~m!vTFUDg{AnjG~y!~1R&Y#Htp{{g+Eg1Vd9p~q$q1g^EoCc z&3uEU=i{xy-%L=VLHYzQUOa{F$291>3AvYUl_?)wt(KtgN!Wz#%C+0k{Oj~t+AOCY zuBah^Kk3yb=v3o^)`_Zs0h}0%POwv|W9c1uEr){hA@{J5AXD>OVl)VVK$W%JmpM>w zWvrKBcxmr40zK;spY^%GYoGX1P4)-`dWf&1;fkIAk?BEG#zhNoPI@&r@2)8#syw(W zrBe8Ps-mQToO79vCR7oC#|IxeVtPD>`nDz%EO^q&Tv^{oPahlyG}L3qCpFsBm*O0{ zEnX8sB0Axo^=vNeA?h+SW7~YEt(IvzrUUSD!nkD~cc)ZGoqW;y1eQK`q_R!`6o@@V zu-IM4DJeDkN&|<=+PPK0C{RUk$5q zhXpdExh2G`MwWjRAGiOFw?_9*Er6Y^K3^b^I?m{8bSe!NA1=^_L6-{gvCwc6eg9TE zNF)O|ChwZ%H}|g0QxelPKcsOd>CCP7PVkJjuXy*2gwSwheU<-ex`3~K_VGZ}_)4?} z`~;xmz5b{leDMsJgubeM?;#%lX`vFrrh5SK;fnV?ud8BV5a7rcAl2Z42;Rz{u9r88oc3vD64;Mgo(pz?sV2_k|!Iw+E=I z?b}(JIpr?#945oTzEst+hp{v8Iyf3B`{}Z-9zXJwHuP)o+_A5~S`Oa>Tq6yjf};bA z`t|`VMJ9fd)xPs3G%uoX?h|EyC19kN4gfG8$K^80E-5REeHdXN>HMYsytLM~6dgg)5H zcz)n%GnQCL4^#K|p|54N*GkveJ!H`uaudkbb322bZBJW$_IcSI8mFQvSf3Zmo*S{@ zU}@7Tcrb9Y*yzaM;2CJW+AH;)KbZyW`3bT1^Owpol?!Xc780TuRF1XJ1@IU82`%~Z zAaM>xdX53B&^Sgf@owAAS?c$UMr-wpa8$C&+7fiNEG&hONB|!^KNPk!2HLDko*n~G zlXbzXCQ`D&XI&8b@;h|~C6}Aaun$|MBcbzObKGW3p6quXeea_@ICaW_BG1Y96Q|$| z4inX6gTT;gMrQRgJ0Wc40xjACJU3A)@WQ%oTOcK(tkkS3Xi5mMf&+@|-TUJycwMT! z8}|$btXc}+Q@<9V$H_?Sz$G7!5@8WsrMd(0xPt6kZ-i4s+j_r=Yw;We3@z=oAy+x* zgoL!&o1X*vd@|ZK2l1^`Xvy>3k?!-h6%0u<>W`qHwm3gsjW{{1jX4NM_YW=8BBfh4W?#6jB5bM zk9NAPIW06x+5i*QqibfW^B)hCy*5;>cdf#?I33cxC<7vkttmkQPhN^9N+8i}qF79ef<1K{7GzpbC2vu;4BI(9$3la&qmw~-7`fw63eWB(GrkU}hWaYV zvfwm#tCWiLg7{Bip;Wd51TK;nb=e&sBVw1l;8E=#6=Pk&d25|SWQ{6yG|GXsrmi}P z3E&>L1$ML98yuN^|#Sz(69V%8l&B>2ZakCxT3z8&UWuG+0iu{!|}S z^z5ZqOxFJLj95;C#=$~?h04Qc?Z-Y^K~>d0pl*QOy6!gJ0qxcS(S6>Xd92|G@v`i8 zuUi*@tzd+O{a`kv`Iy}%TntTIhJ4W z@Lb^f^@51u#T_YfE$#8nyR-F!TC~7YbLggC4X{YVC93YbZM25b1B_3!T`P*xcK9-F zziPfyPdTyK)QI9Pm_oHSpMNd6P3x%f?wPgHu7DJ|CW0l8eO%o zv4n`%!($U_I!N+-D4xYSgMHk{!&+AT9p@^ehKB{D=hX%t2ps792!Pfn)y}=W;iGwK9fnQ5 zMCvW{W@!nO5Yzldf;^Abe5C7mG;pOnEMD1;BCfGNc)M`#R}b2maa9}#(vBv&+Q9}3 zVxT-J_B#krz5fNy-MHGpWUNni;y)GAYZd?LYMq2rQWfv|;JAwf@|-_DsdY8f_jTEE z6V?K8RDScW89EnjBBicHm0t~gfR&^Kdr;kjc=!Y!Y!1VgF0r3JJ%(&o_dTsZtQu6E zXX~iwUggt9c~(2Rqg$X57#}JfjCjXhsv8NUy3QTn3e+PF!a>eS?f|JEDk;YxWj;)pmv`d3s`G){wn<_V7iVe}eb}r6?w^@JLY07G_RVfVR+!)Sc9@Daoh_h}rmgk^7 zEv(S;)e2I+y=CR$ikxTzzzF1Fk~NS<#r%kCfd8GstS6?7btx@sIj;hSi)(U4CT+Y+ zI$yR0V#Q>f9YIu8S*_-5_qS|WPTkZ7Hr*G#ywV?N6th8kM_mJ^QYSq(ZB@upE6a9~ zQBo?$A>)5}g$^3-F{^ED=dW0|EJsQCN19_?%z{s(*Jtb2lJ#e@U^h?zE7H$A3ND!S z&wBT$di9lV0Txhda7KdJ5o=kum|%z;0H87td>R!7Of8nnR(Ns?-KlMBs@zRyB=k?O zHEVIA=*5ENuyJS2WeJSe!DE<6y5>LDdgPVSSqaSVi4t1Qs`o4(t2{a~X4T!lRj^)9 z1*`I$2KOR81qD`?Emyj>(o{X&%^%V$MPi?GM%g-Z94Oa6!y8n5=7XqI@NpH;R`An z@tY@J!BrWVBezI^g}F(W2-h_)sgt;}#JKUYXVXN){r3*!WU~^8ac+PXH#U`4N#F%; zHNvy^>f}ZZmSbvOHZg6VWUpu)0J*m7$I%c{f6jJn?cT6GwvQ)6eB$sCeS}&#uO)ok z$$ca-RtUi^GV63ec?Q%MC%+r$8yvbwWFVWJd>hTNiAT!6qz?k}>7sabTZ8_~K)4T> zP;(1|cUAAEg^OIJksQMz<&HBA(hEi>P$7!U#PnEbjt>+5{9A-UWcf$Eh5#HWc> zcfK+^cFR*_Um z$*72eG0Ubiyi?P}PF5w1;XQ(X^IV^)fppEDZ9%2{)sH;y0WOZ9iOcu3=r1TG3H?X6 zTL$Gnft3Gmy4^ZoBrOWPifAbeAbo}YE@6ZGm2y|wuZ0U&DX9N#{dJu$fJ3aB**f+W z=x*C|w=VljnD0l_?>|jsf7YV?r>F9FRQR8s%K!9K{-?$GU+&|7nfmdQ-L3x#UfJ;uFxBdRn|~d>&bP+mgM_+aE@{R}}rx z$Abo8l>sfFXi~snYBX;rc~;Q8=4iWsblrHz9r+7|yL$V80La@E()Zr1!Th6<*!JIS zByI*O{;-+0m~>s}r~7Lyh)zl?T3I5udd`sen(AYr7{}Qw6^@3>HKe8=5b69VX7UlK z2pMLR%57$ly8halH&QS!ZZIzd$dXa4rTl1r!6!%el)yxTj8{IG z9lDttI3MxIUVizj4DR%bc2~(&@&;5hJ%(|T|1@5G1m|$z$4Y+21%O16HFf2!Uoi$l z^;H?u@PmJ>5B$IP8lJa^`sFU)3o%EGklP?G`s<{bC!iAvsv;?+9^zWxIYHY~*L#Jy z&!QL*c;-wTLt%crnLkRangcxctn*}XK50cA$Kc&t6PYR}#yqNZn{?Qm(q=b`AkEKlk)I*Zq4Q&hr*Q|1;5h6TJ*%L&Rpm9OSki5`9PqJ0}>FC)p~} zNPo147}VVg8P1%$=?H{)%PEAarLg64o-!6Oa22{)39bj|z*A;8ltPuq&23%R>G8x3ZEb^159C>>x&7@h0LGxUAoC zO&cHI5vmlw--`6~*LC=LCw1T4-@zce>O;Ua6|XOD{%V{P51xB+iA7OI0x?w%8HKP; zPZgUXh@;DlQo#Q5p?6*?!`d0gAH5zmi}cRntjbYK&3IUu9E^xn3=41WMD96=LEBw+ z_RY>rL6K(DaV%LKH|3$?ex=45ihx{D_#isjRrn)AXcW_D8VcgbQqFr8z&fI;s+U*N z=%Y-=jcFdMK%_}?RbO1JqgZ~hYvQS3+xP?$=Vl(~md1QHbdi6HcPRQ|uq>9&)Yem> zPr@#rL-E*AX(w~*&E5s6X==l%!G2_KC$03R!rtsGShI@e6;dN+yPK;o-d3OfUW#qr zyoRrqwz$bRFw<3&O%ngjyND0g2KtwA&sQ_sz6yESQKR9$Gip2Pk$FbzVw=CH^f+Pd zl0wG8U5ozFqssT)QoVT0Js&W4+5&x-Z~S^JIw3#uNRNnr#{O7Wg;2?cMU-iU2Ki3Aiq)XbDHSESy;1EJhE!t-i|=8S{1UMg&=k||0%H!* zpl{HL`mmbZpTawejr;k7c}J8i{ZmJ(2R#+Cga`vT@Nv`tH1AfxRH{ri#ZZ=~%cTuH z6YJ&bvZw7uX#pcMd3udo;v1DmjBK`-h@K6_kmH`5uGL-_p9nS54x2-fBe5nr2i0N+ ze^(yks)HcaW2zAL)l*vD;V@aS7V$X9Dko;p8ouG4h$&Z}P%S@d_V^a$ln)}sNRKm= zqZu#X^q_TK0pPfvl>|3jKl!*N@v;r*bz|Y!*#MduG{waoHw`{mGFp(l;c()Q?f{IrYV-@Ct8f^*R<`JjDHu zpNJyGua@~*u_q}HZNz{7>wz}srPm)MwIN9lht<2@# ztv1^-_kL-uC$7}3%Pq%&z1kG_w?roLi;nk_AGPqn)5vtPI}mkXK_M#p{wjw@6W>{_ zh`&vSt?+75M#H=}OXzp~$2;{8!Z<+$z7hb3`Id90xiS^9$4UkijkTlfCVZ2UzR^7l z8Ns{HbT&$_k;9RW%J08K>2fta4W>8eiN5y;1>%-Ntj22XZDiDr!7v#1 z<74Hr5d8MNk)iIOsk&w+J;fs5xGGLNx37aeZeBUNor%WA>8ke>XXraZ^)Istsky8^ z1k>dLoFCIBs&<-NN%pjB@-_R+UrqJ^KF1w1s*RSo1?`#l-!yQUGwzC%y-l7RNF=O)8DR zndnNEEH9%k%Rx@a$6G^=a3WNG6tJ&Z`)6w zK+#^HjZ;JlyDr2hpa}G%uDF9H$HlkoNiraTOJ2|Wi@fL+2mHT=gXY^suy|WBE?|jp z43B)wq=UjCQzce0?20xn2|lev-0oE$9%_ds&;x9nZ_mKvZB<%WvQT$iR97B^y^bx|ZLE6=x#(Svs(VKxRM7<{C8(0d6YVSS?1h6N|m)U8Twau3=~H%qO@_X+hWL zl=CcteGjd5;sIUqot1h9dtX;SdP#R?AT4IJtRN7t!tzA`^uRL#^PDj;8H}bIh_V>z z0coDpa9_SXwcy$5sCcJ~@M(X&Yo`MmLb@re*v+f`FIMu;qqD|vWrq$5$q1pb{X^4@MhvJ}bb*9ROxXO& z*XGx%#3Gg7@3`|ASL`n#H?=T0B-w%q*%?~08RE*BmwXm6_g~4kx-~oji7yMWMWyQU zLh_R(Jg6bLQO_0T_`n#DtOqDh9Zo8IkVYYGdL5E19-PrtDl4Ae8Wx9U1O*0gco~%k zS#+1L8xfj%f$6yjIvx}*^%hryx!`)B z6AHPe6_S>3&-TlaxOoipEd-JZUY~wZ1T4Me*5HPOQiuppzl?GIp5QD#0~W#sXk~gJ zk~nzfyw?bIiTN&Cz$x2GUu@$2*v6J`azj0|rR$?Ia-TK-*i6v7D=MR!d;9kgnakv& zo7b{cY+MLPK$|K;2J($m{k2Wov7@zEv5cOnau#Rl+dO*$0^c_!g!xy=8s-nX8_Gxq zqb|%!4^)sRp2b10j3Jc0A|9P;Nd8dvvfY+V|&Ik{pzRqFofU4z9t69r=dgV=z(5v*#fOJz`-ZW!<>HikXSP zTdK)q(8bg2rAiri)=7X3eULr!catcYY{Ie}uMc<?Y{Gfvp7kPERjIKlM}%!lmO1_-qnfaro_EQ-L8qVT&z>ubGNETr>12QZA%& zA+Z(D-`FPCv@-{#J8oxGB^A_g5PTJG)4B^$AQ!%8t5)&fABjYy)BWi8k4 zUdhy6&Nr%-6hI3jDGeLjrY+;Fmjq%RUgCRdVRIi2ShA_S7nMav$%>(=$VARu*Ul4r zNvcq_^iA(hrpODwD{zFYfdQQ@#>6`v4uS>Dv|^>c0GIiJy-E5~>J%YWnFn z_Xhu;Ql_5&OimD>faJZaw<}}CInL*6SjHw%Q44JqQkXLlF)FTKE)srUpy{RBYt$MN z;G#k_xBSC#D#dpg&ao>hug7Hb;Y8mRT*|l;M8cF~`vCDK_E#=GV!8-@v=j=87a~d& z1nTmqS;<^M$Sc14iD~{%3+?wEPtc^73bWvxDAF~ieJ z$qwZZEkJgDVw=GL@CWoCa35_x!o?kcbKem1>%`5+?4g>ZQU~=dTn{uxDySkEKRX$k0~}dfAh}<9+;XaND=Y z5_a#>6$jrvH+LITpbIpz@P~_GeQK!@t=x$ zmhU;Z>{-T$MMRZKuMDO-s{-4-XxI{+3Ib#>dAxlp2rg$IfAQ|EMP7JFljULR}GJvv~hs+AQxJz1kTkJxaf= ze4{1&roo_U%Zv~>{|!WSfPWQ6Lo9zb`=hBwBuk2?*<1g$3~KXC z(f|J?@HYIPUh0oef1w%+mMcVuPiv%13@E5)1H~bJCN?9h8;fa5ECL3-X){JFNiIj6 zI?U+bg)JzdS zF`O0QdN}WmEmF3w^wB^l6=g_NQ}dy)_q&B-Mb|^h4T8HCvvvwQ^g)4vayhdtQ$GP# z00lv071IA*R`IjaaiWolav=)Q`MvY&8%gOw5v8B2#|sN-g92lzfRI;E)}naOl93vi zPYE(n#SWsCm8#6Sv;knhnqdQ~pC%%w#Ss0YkEes&f7(C#MbUO(xCn{{IX<+kI^?je za{M4HEZmi@#g(p@=rI0`&7?I{IM_A#9tVesYYgYdsc{K3RR8pgn8-wU6ZFhaPVXK~ z0KyFSenLb4TQy>Et{!v6Gde6{2L%T&s2K$alna#=SO_YBk{6e|*YRf3SYYKa9&3&N zydWuijNjPsO=bpa4PO=)7Y-b)EDLey zbZw2LGwjQ;4B*&}#{vTk3X68L16Kem+%rp|RFKtpaB4YMiKSLGB+-2G0vCq$+@5II zy)YKTK2e)(s-}*X;CJ2E(q$99AjVy=YywB=RIPpA0jZ}?Z(1Alz4O9cXvvT@j5btQ z@-2|S!NGY{OKqcAOfQYkpg2<%z*7g#>#~|2(1N4vv6n3GNAja>XUy!&vMl--RH~6k z!MOr7Z@eIeg9=?;8U3kW&vb731rVDh`YVs?zYwSXu{>IJeOe>l9GeCQ+Z=ZxR#)f6 zEMh{~s}9WH&lwPFJQlb~iq$U(Xq;q4LzuFMJkD~jXBUK*hCT*1_z|JD_dRWVmD^b2 zTqb!#Lb1%q(^U*ek3EtO`$aQe?-aa_ub=*Nxe_}o3eE6ZKe2PkR z+0Q^r<+G>eeM&b09Fa>euXMGT1Ia6Z;9X&CYx-+d2D=J@Zk5%6w)!RMV+=Mi> zH?Q}O8qwP9wqYvvBVkrDaLeTe1_v)y_H}nRWVwz;D*`tDq-5h6Jx)Fb^!^iZA{+EI z9%?9$ZR>LRkcs+=K;vQ9HvDj5{+uu%`U}7R6C@4*l6>x~y$Fd{7&RazQp|j)=ZZI< zgI!hpI1@6b$zpfkyhh;;A&(fO^8Mw^Gk- zUIzJ@_K5kV4VQ52mabX3N14yA;ZHg8U&Z9vH9pu@&DR;i%H^uCON-{+QgIF2V`_eV zi3qfy{Wemf?>R&d6|MB&Q!X;u@nSjmUL(N6qhd~j%QhrJgm9>$s@<}Fn!tYIGAWqL z9b{nLkmQ&Z6BZZk$&ugFY8#ZFR*?PJcjG~tkZxP_cjJvSEzkHJ)I~Fae%ZQ%==i;1 z#_|=Da_35H(hc=NYQQ~#oc5|`cn(6W0I6!)ex&e2d_E4$#RrBr;;(>qfW>S(cfNfK z@e+P?OblhM7uH%0ki29i#;Z%SA(d2QbEyWM{a%{8za7jqdnUF{RfI<{3KJ6PwF8Y49pO_&_ z!T5n;MM7pyNw>^+-cJ6R?vPo=dH5+XZ2TXcg3vTKuWF_2bI;VOB)6A%X&MJJRCfvXok}@{24S-ss%MQhGQiH`f!GH{dD(6##cWlm1YJA8=!0WU%maDn^)y` z;25P8?fGn02I!t-=Lt5gYA|h8Sibk>+1o4_4dZ){a*K6+V?%q{^Mi)JmzUsxv>g33 zUWk>=vMo`4pj>`{hw<6`I#uLa#c@7Rgy+FADP~=0P;>X6uHBNK2{QX5F zKfc=+eyW?@rD@@=Uyc2L<@%)wVRaj_yYh?0-^fRBY?FNf32?!YL z>FL4U{VOuZFR0XVxy~${u2$XyFauJD3c0S;>bIKeyeS@n)JT4KbbW%E9xB%Ll#H@` ziwoA^>XAfp!iJw8e+qx~L^+=;(|3o1f1^~(W^Bafz=45trn*oPTvP%*6X#C<_|^#2 zWN3$l!_XhiPg^7h3r48e+!WzaSdOwk^P@V9-v7v_7d;#Q_ZWc2`1=Mjnp@zRnB2X z14Xr5y3JDsk2*THhc7b-8ym+IJNG=4j?f%GXUer0fP#kA5^0_5;Ehd7`%aNL}GPP=(|qMQB&9dW$2MN>1nXtAbf!ubDRnF@Xf;6*EXW{vHZ6~hiI zR3feEPs zoZ4n$B@>vqhy8>2hv81`5lj}^!sQ!d4~|nFtZnAc?bfu=GvRSbRaEWq_&iwamNHe& zbbwk1#M?}LVT5}eFw3t8#q*0V>X1QS>tojMvLjS`(9PxRCioU#>-6z*<6FPnKjD>^ z>38~M-uUlN=Dk=XzlH`X#e5@ss{~R{Ita;!`7Pso#}2iXek7C&U#7#_-^h8TWoCxy z#iU z)onv{7jY~S_G_do!h8afy$3x9y{sT>S(&yTbb&-Ti^e&29!R~xQiZG_1Hq#8Z5$X> z;M>oM(VP~tP06jru1RMJ7!W8Pu`M2{8uj+yV_1S?T10axz2=DBC&V#&VzDb0^FNO&w{np<{+v(YV}U)>sY!rDU$3n95Ha*Z_i?rdjR zYU}7Ub!y4x_eCqq$}W*EoXqL-3Di<_FsS2UK8J@5auHDqVA|VJ=Y;I*dGrkow&{c8 z;;4yO*NBlY)je!~N_*l>(c!yJ7x2H@^-&~DM(pp&Jq(VweD2f5IxT}E`$%{^0c3Pd zy3+cInXH!k_Dppz*%phmX36ZGTZp%xmM^uo`a+*h`LxgnfnsgtdUoDgowR7By5il+ z-?adYW8`O7vPd~B#N=|6`UY+Vg@oK8XpN+D5U;)pTcxyv_x=7%d-g-!NKG!5uiM4p zLgKh|cSekhb9WN7jzs|$E936*`GN z4{YxDLeJHxRmy$-($NtjjN2gm?3sII=74n**!o zz>w{Yk92b_yq(>=C{n~@?v~qxMO-2X8O;d>GO?)MSfq?Q<>Ceg21}wq7Sson4v!$O zf`XXt>)t@}yN<>Avz^9W&8x-KARt|_^q8@1T&yZz+TP-^YIW6*16K^d{#=7!KHVGu zS2<7&;cEQ270MZY(T*mW@_S^WV*}+#<)oq~dp-kQ zts)7EjinzLP}Hpws(+J1rEg>ul#xMX*&h`Y7e+@YhxaC@eQDXHQZA-c{pjJFoX(u^ z&XH1fveR1vI?Wu2L=5kLn2HE$%C%+vv^-#IH)9c-@AJRfe6VN@A&Ni6aU|6JT=90Kvtru5^<(i9Di~N?#yfn|3{`l48VaBCc2+v0N)87-2PUWe#tM|4D_Kh4OLNS7{11F6s4+ zdOS^xC)=1=n;cCz=2>zaGF~a= z7#KbNx&_n=zHT*Hj-4?HZagy}bF3TtlSRbC-C?Q#pTG;k18mtQM%?zlK~CPbBA=&9 zVl*=2;m6!~3oK%TI^-h)XxSum4~J9mOSsv<-D8Q`w@380{auNQ`nvGt8t%w#C7K%6v6v*_ke(B8M zG$q_GUkK9hl#(%XIH~VOg*Z$~H?bg$c0UGz@<@T&)m%sJ%;O!?!Rv`ponLC>qhk^n zyIqMOt@t#CF;VMvR(8oQF`5_uI(G0eU4lgAH5?1{bjAyQNKazaerm!*zx6KbwOhj- zjhWksJvmZ^JKfm(|LkPBxB^wfX)t5R^A^U@=p<4*|MghMT;Ki!V&Fq$FTNB**Xq8ctmzBKgR zLrMP{>4VLpZp)E{B+6P#y$z!z_a@jX-HKcEK!-+W-JJc=)_jgw2Q7FR^$*N05J&-T4KD9x?A@o{Lu;vSPI)goNVRNsEW`Dr5<3RVrjPF}_51dDK`-KmLpE!{u zmF_;~&(8N8@{uUwnF{{;nRFbJA;m?_gp)p$_gEgA2L6q;#^FIt^h54((Nf-{eB6Fr zeOPZLk@_-qd?zkT`wvOtPgh^P#tLV^KxHBQSPd@FsjxpRu}!O%JQ%eZax{@BDn79~ znvjQGmwBhrMd5BamK{Op^nwKoO)8} ztHf`44z4S*pMB-u4T~?z%>`S^btk)eqj$_XPQuTvVScl)6d`Hl{t|ueg!!s5D&+k& z>hcLR$fe8ql$4&i)X`bgzn%9#(%el~L{?$)YgSQ=4Lua{J}?@3e*9Kss5EuphSb&o zT0_m5+~?2Cvg{hWDiAc_OKb_afc9f2VIP5c=lD5T)FqIAoViS3DxzkRqMekwseS3U zb^X&c#tU)avDEazFR`?W7`EFPa1okz`ESC2Hn<%k@UEnX^>5#dhQP5CNHa}9@WpRx z7YS=^l_9+EMoaWMQ1=(de;eWWrGIh!&TR2(TF6Ar4}aOuKhoKo`f#glOMHIo$KGsm zBY;s|>n(99(he`KiId0Cw zA7lBdY!5_4ORGSho1BYIwM$C+qCSOxRK%HsvR{HolIea;l1Bi&)n${Mbh%*3>PR4i z=irmVzdrY2$f*k}RcKE0qU!#868d3MB)^~KB~;DhMwu3FR0zUEy%8pw^plAmPsnzr z<*><_iU1b4wr-NJl2Y@$SWV>_Zp%$rg4;p4Hx_oG&FOZ5Y6ct%CJ$R=K%Tl?@^${Yl;%AB_vc5uB}MLfZXy! zqUPc{>mP2ycoCQ}m(MStz!*>b+CSQ~0~J24rR_v1my*wp@%85knGB_#g<$ww@v5G#DVfBPI3jPQ53g)Vrur(`wTUb#0gRX%T%B zduc(8_8|SqOPsgocP14!51zDQ#!`VdlxTa=D?;>s^dz1rSmWc`O^VuJqPYwzTA^N^sW%YKi z0J7I3%~eSmKomqNFUhbh+7hs!^x+j9b?_~iAu^-;xg#{L`1!P>^C;X?ZIg|alGb$`*3{lgg7=wkQD*O?=%$6x@Gd9u2EMLr=kCJQYl$5kjKtK)_B zzs$FyD?ZKdm#^^1^VecRTf?8yd~KsManly|vn4b3G708BecD z?>V--*QqtC`;f?!L;qOg=$q08WY^;t6eF1aLLy7b+Q?~;=>vMP( zLNAEK+wP?heKiO2`Yf)Nx_ORY=Gig+@X9}|$=&7F`0?_sR`IPVk^_Q)rIR;@bwX&> zRQd;`!c!%|D^ImZ4;8pfpSN06}l+{l@V?jB;yG*#d37)$q@Oz~H1D}FvA??^= zYf$}UiP&&Z)>S1lpy&uoaLjeL7LiB%r`};?7HA{}S6V22@Fk4wnHCr=NmWwox1yOT z(Z+zzAuG3yAs-*;wN&^Jp@{8Ip~(AU;yrv_T1v4z7Z-IE_UggSyFt4zn!B#ddGU!+ zBrdfeEzhGuRIcv-^6Xbkk$4MXG4?;D8E^grWc9a*Bi`CPe2J*c((akp-AGv+OO>ay z*Z^^}b{1`==Zf#_cTx#8^+#pDWYML)zgrWowIpFIkXccQSAeDu! z2K3#3?IluJsU?w)(Js1UTVKKUktEDdr$@>@>2rBCL|Rt+6^G3x%!rVMg1zLuI!^Ci zR9h)Inx1{g11vc<;epQ%cerF23=;Z?neQq$M99mFtFkTT1PQQ+cfqVwEDEHw?KD!} zMSi~_u)#bSLv~Gs-KhN@SNBav>>hi|sVKesHPNm!uPQ#7HILR}=IfZ&=^b+jJR-HZ zkru2vBiq;ieWdTY)>9R`Z~F(CM3s)ihRe_BGSa>(l5c1$e15Gpc&`^jCgNbIFjd6A zn^ja+^-WST#@oY1NQb!J3)+&Bg-la}kfj3yo!Mi~bYo~>M6l14m^44-mm1XUc8#O#ewG;hQd__nN%y+$q#OFz3W7#K~XaSZy(}bG*d1`*E!VM;#m zmP@S@LBWAI1t*Vj73_@VL)cP~LaQrft~%RnyIXb;QOx?cv$;o-ult~XLH$UGdr7Cv zzBIeu2|qN#T0if7VrX290WyTV0_NrHTUoWBiy77!JqzTfK`<)=Q#$OED>I{5QRnHbYHvzrWnxsga_fbor&n0p2)8oB%s~cHCkeLa@NNY98OI0u{Pc+J!TImE zM;8q;6T__#J9a(Yu2WX%+r0dCi+?kxX--QjRP^Ub84CUA$;+b-`W_W`hy?e>@wA4-Z3}Z0j}L1`!_B(6kK2aJ>msp=SO{D2tAJ!LQ*4;!>_%+}FdfUOn^@Z`oNl3|w4EgeD&1 z;Vu8p@xY_XDwhj#eQkWhu@YQfXTDK!b<`&Oh6Xaxe!VLu_b!shMnmMKYkGBZb1=vK zua|YyX!vt8dv2uo-g|2`884246%gff>4`yP8=pm8R4j>%3q;m5lq@?M(;iZM{eX5|^(>0Xdw{Mkc*VlbOD} zWGgJ~>zgfxq3Q`n-SiqOig;d!gZp+hia0(G<%&ZqaE296{ah{-5;b3rl6YxsRjoET zNLZWPFB1%t`wIIe+epK9>wEre_i~k;NaX!Fms67dR^1f5VFDRbegnI;lu?j2OZTw$C%5luE{`$b9vL z1NM=-#L0Bi(js^-3qP{sE~rbtF@T)^IHmOr)PIb07Z7&nJNGFh0QjUcIW% zriC)`Q6^`t0 zl;Y-U(PdF>s0+n#{6S%j_l?^?<+$XV5vjj^?o!4&t?Jx3AytL>Yjhf@Wv=V=Uaht- z`u!4dx+EimOsK_cbRlRxdi4O(t8X=8(u$fT)h&*FhKIUMIZ*4j@jf(u4RclXfvfF# z9vG#^9zk;?MC1J`a^%X*nK}(G--oZhc702FyL7Q4fl0&8znU(krV&5`cWczk z7{DG%ZSe%{(1IJ<86MDS3|SI>FSv9O+vHNb=Mvy zMS99zw`=rFW^6Q^wH4iYlu1%y`xz?CGJPKS%>G-KvQ-lB?k?I?qjPt&2qKddN9>ht zc-lIeIJUiSnf#8F#50vJUiBf4|)g7GU)keLDryg=mtI7f!=6g#)LOp0l z>&NxMXb0tkl`9-i84O2Xfs0r!VcXE~y|~#I^&NxXIE>?@$vR||zFg@GF-X`zOsg=r zb>`nF(bC8@MdNQLil8QlvHYgCbgqs|?EYtL*Zw|-)|Xt(LmpT*=dT`wqlv+idQl}f zFK6sFW*&78Ql;mZhSc`>y~l$b=1J%+6x1>vs~ndbGisWp%!O67U_Y)Qd|axZlJP{} zdjcb7l5m5hC~9_s?I=2qi&ov|4byu(=|krVFhuta4r;ZBo&|A0Wh2k5pLp<4KW4sc<|L(P{4T(dg4RzNQB?t%0X z|B!{WxaNy=+JvR%4ezFKje${{{u_WG{Ck}x&4QX|E-72M?n(AseZfpT_(9{__19aATZTkRQ#&1k zwALjZy{JvbiA-EUOR+cVEc!c?7IMzPLM&r)g@|L7}+yF8z^rR~faW<1gET!fz7 zTKw?NvdfYo-=oYgyRwi)EwAtlrhUS%@?PmO05^26L$5m=;ztyB2Ckp^u@&^kj}4hPcC^ipp0wKqubm;Rg0fRW8By`w{0XOf@sCcr2QpD(8=K;aa=vJ!^5{Dx zlt(7jM!rcY7^_t!F0RUyz9it*-~e=; zxURv1-5QjnLuzwd*Fp(vb&}E#VKMmI`;~++D9eqkM)9pH)sdc#uJcr@Z=)h;iNZT) zyzbPX3T-|ZdU#+`eh9p}i=96g$yZY&4*JX@vNfJ!{#!WNSQgp#68y4)npE!rUzr;p zcH;Mn^-o0PW>3Twwp;fvC6GFu21_38p$ZK zesJ7P#y>sS`N?hB=Z6BLmQ6HGO|P6T95Rkx<-5s)%ovCPgiZN%@PF?7fXZU72x0RU z{|B3Yg5)>oC1(%vlhF@*1L+nU6@e)kf=Pp(E}xH_QwASLraL6u6XO#IaGdEu$#+)I zHfi?T5d30Db#8rslqmPapCg$&Ll71NG{NR32wJ9}%O*XnMa#KPM}>P+X<%YG)z*ID z`nxcCw(yTu#h#c#iyR6J0lC?mDa8WxI^IN6afY`wLYSXSHP_E#&G+KesEuLqMe96d zBZvT3doG^yHEdpgT^OCle%%edygL&1hSZ~T@?^6{jYDoI zD{8%WfKo~&e8PB$chP`q4P3>@(ERpsfk=gDTKT@=*XM0*Dac|DLwfzh7;6Hx4YhLD`S9HZL$BD&+}(d-TMrl2ezVKXcjl)8|pSc zzuxRGwB^ez<~EK)$9IJ_K0)^4=H=tT6yK&WzZ8Q@c4OwZ@8i zgo3R0sn*HTzV*KJ(xk7@$AG-Pl{UAA+`){nDeaUmj`U^$jx*rLPyWzN1)o$h{gHh5X7=8GEvm(tZaPxBEkfW1;u#yJECVs}ig!bPv;uGkw zH*e9fH`WVrE*sX&c&we8TIcJz)UO`Oz=(I%YbxfVKgjo6VNYwS$T2$^rWbaV8E68( zc?gv}JQ$1}vJ+yB${-t*61%Utzx$9-E__0ExZg2N4N}+Hjq`z~Sv;6{)_>K%=Y|Ff zPRw~op^ul>b^nN)uZk+NWO6NDt7U?iWt5rb=fw<}TCHkn5K>ZhBVXKd1l(hXp=XN4 zM`^aEN{E-?VmDOu$7)>eVj z$~W8)u}x+cP>f(SNrs^`Mr!xDbKb6c*Km%=%0NZ6Q9 zcfo$W2iw>#JJwB$9Z5@SL(@?0b&@j?n3+l-s{bs7_ZsKTt|;K)8|3zenk@k6=$A7z zLi0r;SZjv)y?EveXvmf7`a};e-ab*~fG>1h{`RVv<--qLlctKfJJ_~+n!m|o?|R$p zF3a)FukzV|*{lFK(*DXX_|Nw8Z=Y_qBTBID|3e8DkUdI0?M+a@u^nA4QR!Tv0rzj13{K)eTgYpWKOGw0somLzNZS_$6s(n%l2p!aVq22lXe zon4A%T~#j=o~Im~{&a1#B_x06=?m^fV@bkbhTtc&Eh}w%gE)jR7=sIMSw@YFoc?A` zNL&o<3gi}M^%Bd8SQey54NI0~PoQ(hBN|ewz5dn)PvJdU9uQ772aWTq1cFq*v_0H| zufc(f)Svnd{|Qa+ci^J3D*qsCDUefIoWFYLUjMY(820tihbK>4E+^DfpIQX?Rqy+kmZ310uV7))hZKIy@N z*m+OTDxwOFG$0P<$}Q^51UCmDY`78-g%kVcN)h+g{L!$1H>MT9Y5h#JY{h&U)B9%q z?-{zkM|1~c9Tv=c>wN@tNux64ux*eCF|jjL_Vw0!BH)SN0vEB|S$fN-c?v`m+4jH9 z+Bl}^4h}>QlFF(SzY~#v#!&tAIw8IC#l7248TtSlrCBSMZ9mPjo;<4d=!g8VkQ#yxgOz#_QL@($Fu!Of&MIn zdnAKkB-Q`74!pMchno{}052$f@+#@j>_ygq4MiDj9fZN9uJ>Yh2;a?b=}Fx6@h?EA z9{-Zr^qoLE)kAZtSD3_xDGu|$qWj@A!M`h^(Et0x`0jAoxQ<< zxGnF`cITg;;$6Y0?3{W>aQP1}G5!w38}{Vkk+OaR+-8N1hE9_hW>7L->7K(UL_5Q# zpm+_h9?Fyca!qcTFNIZ?DOc@(G>z>(4=&Tz-p-0xFYRy|*>Nt*el{Yy3S8)MeJ ziW(T*3OBQyFT&#Zx&UoVDDufw)mOx=tC`yGu$tHX?-*x>CxoyRhTO;ryHsE--+MD{ zqI303r5%rr@D441jnLxseY*Yvha_6*wh1CceFQe zVTy1K7bz4#X6fNx&T&M}Ap7VAK2d8p;|HNbKEd$xMKkZ%YN(BH_*eD|XG#HgH3Vu* zfcr1@63pi&(DnEbx$YjVXbxvKm4WyCK$@TVY|*@?KOv0hnLhd|LbRvf*%;4#!t6@e8pT8cm{`) zQc5PFz%Qka>i&4Ar^Ue;+oVR&rmFtZxp>xn1gTePDaU$efD_HkH!#Q%I^wwfg)X;( z77d%sXMmvFe##WPX>`{w{-ux<$O0?5S}pWU#*iKDB|RxpKhmpEG%kP zzi}MpG}&%yOVqu)({UK(v@d;v13CZmP}m>O2#)&EBXELv?cWYx__4#4w}36ObxW#j zrfj|u97z}G|)-=a9xc_ zrNN)@-erbrF)E2@Sm(8b2Fd!_JKYc2FP?EVh#%d*!sT@JSKpRC{;~Er;KDBQXZflf z3-TR8+U&LJ=Vc*IuXihNWS9gIu#);ngagzrEQVlN^kQc)=K#Ax4@C>xlNm{7_gBTO zG|N+S{h6Rbi5~nkpkNV{qNJ^YJ*)_Ym71?_2NZCEM}lbn0kp3*4zVP)(t2 zq)v{HkFT8^CT$7JeH(YYNUvD7sAwzy-1TtRd_CQD@1=_C(QRQ-(aR60pk`a&S=KYl zS3;hU+24iQmVbEsCMN`Y)V#bknj>+9$8mi8vjCIz;9W-=UB`_Ec?t#w2Hn+yj6&7f@KtO=j0VbBbX!-lR4X6)lW4rXfifM9L#|aK#;6IVVK-Bz^Zmy~}B3U^RD11^u=*BS;)6rK$|sx3r)vT(Yke9eB;TN z_~F=-?67TZ7K(|xy};v(N}Y8)eaV^g$B*Fg>TwPH8V`=TuL9-l4FWz zj~+kN3JdOB8}pwht;0U;0p^MkzD)eDr;=V90tD`Gmzp>1WWRlfQ)Mc&ZGn>fT@lGm}^M0W})>^}Yn6)pq^X_EA3&Le>BAne80oS+h z-`}>C7gJw(jB+!Eqb_>fisz)%HB8d!kepO*Nhrmwf!x(mX!OJ#`%TWBwDad7p?6iO zZm{sj-v5kYE0JBZK5|l4(8AXacB0fUG2pbz{5|xYL%s?Y-wEfpxE9|Cckp7iQq=qW zz97F-gp^ZohVhb-vcJXzG5#y)D1drBu!}!}nvprx;NvTGUhCU-<8Q>sf*Cg2$rf!T zzjG@h6YV^x6pd86jTBJWjbyPr=X9r8IP5NN(sdS!7N;hmDK=4wmwdxl1m%%1v#UCX zarW3cRkYaZuXmk}uH&1Cg75slif?uRji#+3sNU?sA}Fn#Ldm^<#yzwN+;9)9oJ`66Gn?}rtDT`=h}P%yQFJxonV zNa*g}xIk#NZGWla{);~s_4KE4kgblt_&p=z#((8>uMAL&Q>^*EK0CO4!Qo5PjA`e_ zsI_u6^!fg%IhdG2a(xqTi_H4~iTBln7Y$C+r21D(Pm1-(O2%RrU+g|eL`QNs!#Rw% zHPMA73|auzv3C;JDYySBjn;fX;IGd%8tkrp5!wwY{Bi_3xnaB~(Vx}$$T?v}3Fn!b zv3f=MB{HsQH#*?L%s$SYPLKJXATO_wadNhkogTU^llxtl1aY>VCU~pwR+p~WlG0oB zwP!CqMC0A>lysEgsI3$NGsSmR58pu_V-}AbM2$7Ox~$PHn+5EzILwN#kByy3jF+CQ zc=Lv?IG>=oACz(JuEg!J?QNzWCy(eiff2Q0cD+wn(2A0E%F>AjTaG82SwjQN?09jh zvDuLYrw_*;#Q-}u$WWrmIwHz{6n!^uAO@9+5 z5D^zQ9>2}P{$W3Pn(;u*ev74aW^h5PVc7oyLp#sGU43J2dbp~TZR6%_Yw6SD!&EfQ zhQjwXo|g1MK0eNjlQw!^-hQ?i@Ho$;QDZkyYMFX?jP06lTRb$nzrSxI3+b&q^ie6E zTUzqBM%#2Lw4TzwaWY4a-BP%bIw;UZfI=iID{C=OlgZ_Lfsu{yeSuX|Fq8hbx^QxM zNS^Vq`pbppi-*su*-&8omWJ{v{1~pwGop4LR+U^_ol$_$@u<&W7sP|nVG?!~(ixnD z076b0hRqKn-1j??{APODrk7J~1jAU2A0`;}%TkKp3(R1`6|vBs=+@{wiZLe1G6=#f z&#dsd0sJph;Z1=CjJ8nW2zK< zYhe*_pL@KUAZU;)R?WY)Jp?qp6;;9m~PkU%`m$KG59sDA2-z0q#dSNssPggF^a_wkm9Me)z zNO17eHZ}84;_j&kW>qEhbjI+9>do5{8zv+_c(R_#dqk+X*Oh@qU{_z$GCk_(LRfIp z5H&_lCs%QuS=Y8|&o8&xc%`!bkj-eSI-Qt^Xv)=Pm3(i$EZ3D}x_JbHI)FSOV9o59>RoBa2n=EZezE?DSH1cny0o z_Lgm{?%|4G)c)j#wBA5GG`*p|E0wzA`gu`tJ&B^t>E?_ePs)jsJYf*=(!{a+DOVBF`(O2c;nqLpjZR}$wT3#OWkWZ& zve1wNL`Ig?ozNpk+l&%cu^fVK3uWYC0la$vPcG~NHD;KXlHzA4PWYwD)*nH-4v{f+ zoQ#k|28nPmeYw#At%n(=Qy^02*IFC6q~_bqF@wnG+!~q9Q*T4-YnG?el8!G#{T=tZ zHLOCi_!l|brcY0z){d>5e(`Oa6+zp)t9m;zo+}R-TO>i>?;Cg)(qBr@skyV2AjsEmo z$GbJM|3ssTOH zsGV~`)=_)Kso0a#^Yr7eZumglcR6q-pvIemVT3d0q*oO-3~ z>!Xg8+(0Q=8~H=)*b{jDwf>5he20YZL??HhC!IZ|Yd;b+?!BRWg4r-yBui1AzB%ya ztts5qpDrEs;C{TPdW+@!^{ zf1g+Yv=|f8F57Ivpqx-lX#C9CxW#rNS&AaVSN^xlkfhI?3WOXp;MHnNvT1^EeA>v} zLhJsy+|ALr%^B6u#MEKZp7sn3nqU@!Xvb5LbR?h0g}JwjnF(A$m)B7soK4bNy$yGX z#{{?`mO}l<$QU#W>-3cO1zS(Kg@uKbS~v?k30XUu7$h}J=dmGySSxzja9q4}C_me{ zu{-BMEySa_Yr!AxeWbLNoz&Zk50yYHvjPeQ?X5NI67zuHdonxUb-q2xU||kIKJ)3* zr@=~%Ww$;0yZ!*Y_fzxo>3@IYS7E?;q{8pci%D8Zb4Y6YH?^~GWwtC~kGSsf+URAB zUXY5BMp~6W4#__apXKfFH@RU5lNd1Zi7!iF-Bvo*els+dDcWZ&vU*`*#i&ip1~3M@ z1@^sI*$6;X-sX!?VA;sk7ji5Gq|xEo>6&bbp!(;{eyK(_AiIomBV`aAM#>Kye5P_$ zp5^+4v@ETQB8Qc9bs{RKJ-O>jp~chwhrp)@#LspZ;k?~5g-foIuL~1qJ_wpztMsv0 z+L$kj$hY(X_(FH;uQGdFoy)Y{BYqU*#>wjIN0nk(kZ1Uss9FByD%LiCY9j3)yHc^K zz2`gqea`1UEh!cCRWzkX5C{sZ8%n~~qGYb6ay4%!c6_{0qL%GdR#p*QpuaKl5+?(f z>Rio|P}pn5I;)Umu7WJL##~yTDa>Dp{4?8Z*2YFo; zm9UDxHFQ+UJML1+O!Pz&w-lLbZ#rN(CI@BKwNh@I;9`G+I3NNOaxw0 zXOl2D4?loej0o2OqH#!^_8s$ykpI(c7(;h zm2sSobs%U+Y{-tjI8e4(A&0>refWF|T(yPGKkpDWJl`eIjTgTOdf`1^b)10vYIoMz zdIrx@;La$6vf+6hkII^&~MQPR+fn@F-Rw zaDreLpi6G;bLE#{#YqA5KBFU4PKv&dvt)3=X062s%~YBPe-wZD5w2y74ey;Wu(9-e z`#tm+*l&g-R$rB}(xPCCoEXlj`Vr(s{0DbE`S>im`W{eB+_-=X%t>k+{?Hv*5`EuS z>*j>2gnq{Z~abSow@9-6yGGooAGVjb!+pY)?43$(KMcOqBuO8GqEQi0z6E|a< zttx0?9;q*6R0^GTk*+RUvi_k((}TgyT!;1_a~)vlLl=K{jt+Nk?+41PAq2wD(0Wny zj_6_|-1{_2-_f~=gxMIR)Y1Dag}r=-a~Xe$tX1A5^YNOq00vw31K29&S8?mw%$>MyB@KBWSY7;+YB-`U_Sq(U-iBUHr+ zQwb7LIeGeBJ#V)%z=$c1eu^&g%1t4k~a5*X&NVZaYINCQ8SX9IvNiBA^DB z)c53fqjDF7ASF^7%GCMPI^~w`b^NrQ6FbTQr8|KsgGyw)R zGxm*5up(8_**#n?(j2_b_XpnDS!H7Le+azY6{smr1DQXBQr)+tN5*4qUX-mmwo35> z`u%RrOiQ&7D0EB^>0otk%>{Gn;|F0<4N`~pDm?6Um&e2m|b3@ zG!#FYm0iLbA_B@)zR+=APmi0sQ;wlUL4p&M`y6t*4Hux4BG=^4lVx_Lz)Yt~_U~sEKyHdk zwB`c{tDw%p?HVmdLwNRP>|0i|BzRM6-Fgn`Kq33gflevJ%<$PZn?AHY*H$2&T)_Er zM96_#zU33&cQk3J;^xNuUYQ+S+N~pPw7zt2p$^0Lyv$WQ`QavxkX(4X*2wUXlHw=S zns8D?q)5PVJ>G3`T=9AwiT~E1(7R?8;407{8#03(IRB)tm)aVMK0>u`(J<5O+^Z*WET9mj`#YI`qqHr+3 z*lpo|#DIrFEMVU`JGFA#to3+EVx|p$IKyup*8~=@s_Sc8$5+05TQLn7$*WT?mrEdB zC#??CN|`4M`O)h2V3#tdm{=!IpG>;xT`I%omX(sK;&L(f@P$G6&{b(Fw?Oh5d*&wm zvg77*_^s3L3takd+S-7o5Xk2h4s*A|N^BLqVFTx(SN$wYr{@*Zk6cdT-yyuhOjO_{ z@?;+N*ZMH=ddxKAxt4O9ymTrL@5*=4X7I61R{Qy%=vLegVJFUbuU-g&vXGltFM`s~ ziJk51LY3b#^sx4V+q1fUP7JCWt;g=b`D6c9vCN+7c_(|pX27^RU#2_P0CmUpL!}Mi z2dxHIErdPWdn-IwWubskCCL$&T>2rz_4oyU2pNVhrMo5|6IM%^Crni4ZedotJpVGz zv8A_d1RapoVd{Ka=F|b209!92e4!(8BM-hWFRx26@|^ccyF{tg^~jujTZmnHlT`UR{i*B8V2XM31kC;uQ7sQ$tD#I6p3!hFmH_hp^G&~t`b*jFxSr{S3PDZETakFLfvYhmMuaW-qS36;Hh=*#{~g3^g`6wSljTX zs~U8GWEWpln&zo8YIx@+Yyl^%i&RQ_v<| zHwZ8Y-WHi_g4ajAsl6CLAuE1vd@5FVtnw2)mDtJ_!Nr&;ajFjio#(q}C5~GzI{1+{ z>P6&>!Ut^|F#Ez{9rCKaj#Cq@xfNe_q{%eBJfT%QRWT!opNjFht_2&J=>^NyhF(r; zYx8=Q3A3Q`in-ATW)Pp3s|TYJe8URh7>#zHA{t3cWdOJ=gxW|F9W0OHv=b0b5?;~v-MTDyz|N$KI0XI^_DOqE=OOmolt*(- zc)P^vl(f#mT4ejnWv8iAjtR;xTbZe|C<5bQ#uv|{W$q5f^*Z$3%jDEA@F3XS>nwG< z601|T(nqr}1o2fIu6ojJN+4kKJP~1^jU12$CvYzP(Ev$YE-SgJ`7O_Iav#+dV~+6)3)c-um@bwv&XVM<9hbv zah(Fm5J|6{rwV%`##Exx_Uaj5;F`r0-eXwvD+rTMl{YK(@jJr5rcM?f<SV)ME|ebc?=63{TK9`Eqba)CJ+_SYSeaI?6}*&pe5b7cRz2j+Q(9?ag7cfA|QGF~gzvNLDfBs59r77v@~z z&f|@Jk2I~kXo1d%ok}&eof!`$}#)nwKEM`$S zun~(PIuox#?It>~7G*=E#W({|UGY7(a4?M?3c*`opP$6uv2=$gufEW62=L-=7dgY8iFKZr-mE z)qeHk!*H>D;buhRkMW#r25?T0A ziZdR+Du$`gh~K$UoWxKBOEI~Xb$hDEmeOgt%Y2(s+jkN#Y0|bCACFx^Rj-KK(5*H? z(<@~LC^7R`s5z)-Iy-7u4?3+^`vy43GZ6IfrP>HGrqtcQ}&V4{^y1-^U{;gYk{U*8QojkHh&Ps;1Y7H7?pv++0N zWV!T*4?FIpB}(99(8TyM@jGGh9zolc3M;PZo|x=dcfubeEY`Ip8n-O4E_A^zlLJ}D z!L0C$B{tDcaL<=C0Vkg(xHju$-aV)^A@A$%OoM}!OjbLyI53T;q{9BAJ{T|S`ALzGywbI6V$A=?qwlMd)GzA2@ z+~8;u+GYCq=5v(DPI}e|gBChQ1#gnl+3<5G<@SuVF8sBem+Q+dJP|y;?NURW*2NS1 zLdRH6XI0;d}|Fwd#A=Bxe!r{nRst$rqX1rkp)Aj*fhhx8#g_8515m}unw z`j0m=5+Aj};H}53CY@dnab_ja&cuP-=}U#p5{00c@~}hRsBqFdqgvH_eKP~sc3vDy zrBA!_Xniu5X=Qv@8J0lEuxwR+v_sm-%zw-FJ=8>S$uJ6WfdcMZ1hvSM13QLg?V)&h5txnfG9diAxNnJx z>sW!C%-X`(sIA(iv%o|2TD8oPj7gVFR_!W(gr#4R!|^8|3`v{&EJPhy3DBy;S>Piw zA1?ja<{fdug1e^d3*oDt?OHTlm(Xrz05AB7S*}Iq#ivM1$)2kqeVv&irk`@;wei?`hmTnl8Gn zlqKg|bWL4@-#e4!QIhL0`=0DD9vvW9(M?{cYfBY$o)UJOUB0srB9z&roTVCFP| z9PDKka@`sHVx1jiZ4=1&0zsDKG0~l0-ZA zCDA-3Z{#Yi=2{XOjpsje?zT2G8J!bNyOsTB_Ve)a25IrhLe1OZh4Hx%LyaLb0OOwe zs;nD!=rx3k*dk`8juE!d8Kx4|vjh$&ulkMucRytYw>7kw3dfE$PjZq!7rEqyy$KJBV zp1?fj3$HY@QdqRw%;ay)th^|}S zNRpP})_j$u`Razu>s#4pMP6&SPVsKdlVXxmdqAJ@Ytb$BZ5^TxH@dsG#p#PhdTtCAvy!g_+?m-VQ4o^1@3P}HqkkqeGO<}yq?LEQ1XKq@AWRLpF>|57Cb8c+-mloruls)5~*`S=+`o>vxsWZL~ z{k)!=#$@xuXR6Aj(z3el%a@)~Q{p}R2e$rv{Eu^P8kpS*zcVloeo!3!upJ;a1WydL zKFajviQfV0`2dmg?)@Kr3S7dp$6yffE{WmqF@)PUpm^h-2mblhmkQooT8^)cSy#Z3 zx{J8F@0ZS^;rq{n5+SZ*-``*QulINRFC8)edAxaQW*1X*$N0;aJ{p1}H52ue=4Y)) z@WD;L^!T@a>EBBL?)$%&;NMH|2TSy?C-~PBe2WtP^#uRIp`YQ+S9km`9NOf~{)Iyz zkoY$y_%|l_eNOLdSD$}lf`5XTpI`k~0^_QzoAQCoym{pdu$h4}mGxz~d@j3Zd|G|HE+oOtEZXCVi{)`Gx^NM*i4lz&U^QcLC=KXhU~S|L8myIbk*yI_vPv z2{+I-E9J4m)lQ6|*-cA za~F%c{oB4ocl&v$gn=&Ij?D?--?VLDF{K;!Pzi%wzm4bX;`2?Lb?T$BH)29Y{59Pop>a)DV#m#Y++lMJzjm_wrkvsBkyn=GD_bzP5-ZB;HAIn)Qy> ziP$sNSZ|p}ZmnpYw%r$YfJ449f2(R4suPG_!FC> zr&qc>T&8+%dM`IZE)uLKiYGD82vRT4@go*qpVM7>LY!G>8ECQS``Ftydiq{R#;qa8 z=9;*^7{cdcfAB6KL)7|hm5r$@Ts%4PGoc7doi`0cNx<(I#Vfe*Gh3O}Cn50~H=61NPWFlZMX8-LobE-sMTNSUH zB1>VoZe?qR=-DEKhII=BKR2V&<@^`NpahbPJVK;~bat2&8EYF%q>wTnU&uQckpq>I z{F51{X3AP=z8Z}GX&ol~yLEVfFqCayiO;(DgQ)v8cnXGnEZ|PHtQrht8W!3{32ERi z?Dhf;ToI)kT5EWrR!)6JO(v1gv}F@1dl@SG3e19*W}!LfoLq8t={Z^12C(tLrv0?R zFKn!@goyeDE%EIpbs7lTln=YRk)9!TdfQ&8Bu}ZdC(C*i)L#y2xPT70_aDRhgZ+FE z4uoJK?TxLYU*30Jv~*QAJyZFvWYkOkqZ151>+=eP4}(x$Xlsy9M#LGMcPsnP&K0>g9K8o#zK&f*T%77hR&syXx^J9yU3}4iff zRU+48FN7e(QIpt&%N`~@u^gjqwF!!)@;vzK$N0^}P_CS*_vLkUcbCm}$EK^ND+@w# zo=iZ+f#Mu?TxrTuFEG7c!khZ;-s)!;GwncN!|U7A8%N1I*+PM|N2xSOtI_~oMPIm0 z$BmVm+{?O={BR$;fN~{yoh45UjpY@^90zHZsNMpp>t<61<)&TgAY&4&*KAJeEm}_a z@HNf<%a$eqT6tCM>zR3AMP0KCtgOGT*_F*TEB@1(h28hvu?Z+iiFv)fBSh zi3JdXs&B>o^Fqu1nj9N6?7HDPrZL}(NY`6z4YxuUUw?j>=WHGcza3lf5+x@|c8y$` z^*LwvSyY^B5!({k5D_%1e9$-@Mdw9knjFmW$ISLk=SG1FI-)av6pE-&!BtLc8{T5` z9u;sK@5OGwpn^tye(EJQtR>7vIfQ-xd&59QP=7R#rQ3yZUz9$pkLxALJsg5|(ul_w za*kbcy)o4-C6rttv$3xFa%3xl_Y4pvKO!{JqUaa$+CXh^kn+gs=8oBc`JPnz#-go6 zF8x@YvAN-DYKqVSlZaD;Ml(h3+GF1N=BBJ^YfL24c3>4c$_OQut2`s5@6d9prOWet z=laZP+B;f%S&FM%LMuj8qA^FodRpr7AM{<)?}4K0L(u;ld-(tKw%zsJpPbWQlB+Uy zuJwOjW5YNe1$1T?vQtoe8}9EgM-Cy+LqE;&JE`WDzAkBsm%vzsez|JO2o_(mXRcm} zYUH^!b?9PqILy%7=BXq=WN{@VQi60%K(2Bt8rn)TCocjZJTZ7vWCYRWH z-Mm8?so#8GzO#68hxFFp1HrUHs_iiJKK-S?hja@S7B&S9{&HRR2i&hbmGFmT=>Rv= zc44QeXZa?Lrt8SQB1@%$f|zyGw%I*xIhKq-sv$%c*}8)+@?MA8s`F(5+5OEek`QX5 zdd^FWhbPjD`_uEoj_~bIj-2*6FVk|V;3lj;!Q9HwZ&FAy(gV+W(lY+OyjH`rEzHFc zgA(Rm`7Fq%eHVBfv0s7n5B47T_&OrE+Y4l7A=xj$+Tr^58BnM5n;Fp4|BDQ0umtCs zzmn8qzJfdz`hb&3ZEtUCQ0-x4f+d7B_IbNH%;{cmim!{xF#o*DUrgumbgH0XX+g;C>sp@%L5!LA($7uT{(4}( z8U9IpkKg~%ltPsUwlJd%p%qk#!kv7zjYYh}a+fw|;gcK?Uz8F>5m6zj@?4j6p-gUT z>B;SBN=Ar{p%0JLOUTjQXbB}y<71&`YxqZW4`ddP61RSN#Qk-}V2!Oh+I~%+pFBiO zDcZ99E~WTnfZKkr`K85~#RZ^z;=ESuR#0F}DlH)y2$b`eSfS6VU7AlzOHWs-56u)) zP~z6ec(DYV+Jis%Ofbp*R-WZ(ftcfl$8>#a(4{jd1JU!z*0_N+hflXE82SoB!3c)V zVxEKjz==!$rF2zBbMmy}f8ol4$jzhnw+Yx$)n|IrMjPw2?VqbIOrDmola^Xr3?`;s zefAj##rRMv_QA-f+s;4M5pEI~M!)mc2&W177T$t40ZenKA6q%bwjXp5(eKL6JEvDU zV7sUq3X0SFx?>rC5&3+L0Plldr%4-oN*torQL4ph}Lz&iYgy&KuNc_T-s%( zhdZx)J!S?CZzY}`7U~5mqif;CyTkrOCU8@w0AoJezy?v{h~rcvlW(h__MeCT7F|45 zrD_{0eu$U9znP%glg3X4wiH}6-EDHO-MYUp5@kqCJaq2Hdpx6wv{CmPwKO#h4Y{Jg z{h%M{Q&6lEFNOMEp7$+Q0kCwC3T{hKQN3T{_TX&rP!17MvA_Jdv?A49|m~i zZCo24^SCS?fHCNRBeq2}mXi)F-VM$F4;BxE)~k1iFL7(M?7Mt>0k}rjO^QP-Dl$DoD)BRk@*Lf5I*&<3XY#h~t$4l*5Tq`%F2%Sl~vxAegH$Lp^F>lInGLo2jF^S&IFg9PCc&(&bVbRn~sWsv9 zC?KLDd2*-XZJNd%t8Y(AKkUvl4PX}Z=q`M0Z;^f{H6umB_@zk|+(@q0B&&9^aqJ4#>SDb2Q%2R989({Bw^CtrUFKA0M@12wJw z)3di;D~>fpq}_gZSLs1pVttNYNdwGzI$in!sXa+%tC9*&Ncg+arDXep=1I?qKQ#8L z2k0l{7&PIl8%hA(aYMKwLzI4Ia_kzY#LU~UXTJ-Jw`~9AjePSW{|aq3iz)sU+5i~z zuh8aSwb?KD_6slj-%*==%$t#Nz3Bbu?$tm2o9BBD@#~(+65>h<(e!5fLZ`mZ0?N^m zPD3gApKYYH;Q^{S#vb~uIbJ;s6n=UP@{j-V)8D_!q6+lHEE8?(f)YW+UJMVRcv)dpCxdIL z;q$xgCgMMzv$&K^E#aY*-&IHLM_iHS@V2aa`pr51=rxZ!gAnVK+3arfQ?>D#oB4}T z0kD{ERx-cYqF0++^yJ?y0*m?J-z@?X;{U(iqU%*oOP@lU^@^3(98A)0BwtZFN)xn? zV-94~>S_Wo_1)I}V{^&Xp)R^Hoq5^{&l&mIG9*wxUhy(Msv(g)_uJIz|D7Q@;4M=k z#$RmPSE#e(xERUnusU}jOY_~s@Vpy_XT=qYEN*SJEw;r-u35Es5=>qQv5179y>)h{ zA@uBpslBH;6e@V(P`tCBl$|s?x7M4Utc!i9Uhhmu7_#Y%9iNue)*)h7dpn z-NWQM|BY&nEolHbIR}J9_C2GlAyRzvtBFQ+$2dd*aRm?M=f0UzT4-hOEg#kKL&EXE z?o9^t#edO=#<|MG6V4b9SIG(5lB=%q0}iyf(AqKN(7D^^hsC|@De=%j$9}*xa?(zr zR94BFxm3XdNO`p+Ua1YVPPd8g^WM-D2ZUUnCuyF``=V^EVVH|;82JXEjs4wJ>TA2v#G&sBTDN!53g4_0-j%d^wueyhk@6-lyd8NN9?ii?T8E+=) zAK@1};)IlR&-?Ib-ER^HN##Esz)HwvaOoQ^G2uFwLIwfm7)Dmjrt;p6E9h*`jb-&{ zv1yGG_xew)X{OE0gW9_j*9l%VFQP$(jB<$q7OK-~qh4$k{doG-_a_(de$;AO^l!E2 z|CjzEntvjML&0RKb28s_wuJlyCUj*|FrAu|Uf9URn~XqXN%)3vZca4ZAaw4Ew;`SR z#7B&WZ9a>|86Cmvx#cODi=Tb&U`8}AwlOYHYp6_HNT<+tLVL|;1`8Ahy$D`y!S|1N zg&^FQEpTfk7@N7R2Vlgi^eC6+Zrpxcv%{(%?w9~M{u$2Ttak1x>puN6=_(NiLFgARN49L}m#ypc1F2{1c(!}1~=GPJ~aSr1%2G3;D1c*6e8&l*| zNbd}~3*efsH9zDz{-FOTwe>iYN@=b3I<6C)nz8OEZg>0^nX&%(Y=Le`9T^onoETZ#I*k=Y#86W-rYZ9QX3eL zlk>`(af5bZig_5~vprd2I$7e26!G@JGJ=cBG(cKl;Yfc?Qrn1dooS+3?_+d2`n=HWq6- zk))m1m}V6%sN+4*n741yr&zDVg4-;v?S^~+8way$gN3wFdm4AX3;G@FJ&Uf_CzuP7 zp%H+j_hJ#Vc)_qwd_oct#}LyuIy09HO4b7otM-__W`NBrV^wG6s>Oe(ySeDLc}F$= z%XbvXXlT!W22%NEaf@5)HGadTPX~L;@A-QKR8Bxj?M@H|=*)q;(=N6_pNX4xCv!1-=YgJ!6%Mhidgm_S(H zU~Phd1FZuL@Kr1%-&hGsc8*&FK6*d!t)alViq}^zKfzeDvy|aS4LlR@^Mt{`QX7Pq!=X*k%&>*>97`Pa!9g z4j@GC{2?|Ch5<@9v|xogQ>H~@lP6rD&TML8>>LpL8|l2Ufs`AsIEX0P%FHZ0XUL~k zu0Gl%#L^(gSbU8!e=fH}y7uFTNNJRZt!W~eQ^45z)1vxwS+ z-u?6(^dUl(TCe*77gFV)2U|96j#1?1x{*ZKbrv*0f*0p-`jAO7kj8UZPI6wQA@iz% zmzm^p{Qbu;^U1#SFwHz~_n{(})EyGS#y5I*2fK1!ldfKZ;rc4o(-aTnc~oKPrAWu~ zDlZIJ?`2p}n(!=lm>Z&Bz&$3A;xEovI_>mtbax5MSMB+5ZoD-!$b5)d)H_9@d`k69mSt4SLRR%|03X515rQj(qU?BcRUEF66-u=Fq9!#D0WMQ zGQ`~0{(~FH$*rUJ2*UlDkig?M_tMI|LkB@b2hQf(Nb81dh$L zEx2mh_Qg`{QY97FOoI-sDxYW03S6N(cJU?O(*viIk_k)WuVkJS9^^ExZHcdZBFT}; zID)WqsaXYRw&EjyW};!&B)lJ=M_Af&S_f$RM1@tWwh5Qd$pSBwt`Nj0k6+4UIDL`k zh*|A^TJ?Qwol+ayqYIDOyJ)-NE0oA|N8N)!mAWzwS6zPZ?z0o_=56mEfwx#?zueGy zPiVAmm?Pg2MX=c=*Y8|D*un=}lt;sgDjEw&(Op1kAy6sFmOnX=6%Y6D>n=EmL`Js&t9s?h=QjofW|b;Elffy1{8ca?!04VLD-%jDCkfQDl`Z@{@;ZLHiPB2Y7mYy zCCk$h>BZeJ?SS4;4f)tD^wpbF^689Efg+^txS72v?vD}(VQ${TRMrr zrJT1R!M%^mRPO^a8W$JgI_yeYJadLxBBv$FYr31IGmmGsugIl!nSRk^T?VzhNSuU% z79^3}8fFt&klabf^l&Ga^0@{ozRxMCh2QePJ~>ZAJNxQHfGTUhO1kpl0iyZDNOoRj zWN$5$fUKF`Ngw`jyAR#_HwMIB)#`1KAErm23I0kY)iY@;r2>HS!DeQn5%?rXO@OaUtuMZQr2OAPQUQ> zcq?RLg&FrlF0;50vd4sN~g)!;)E%$}U@&51$Q(LR;n@$_6ltgm>rY!U*F()GR9o-X~L% z-b8*6U)H|Wn*QGqQ{M{)!iTu9V|E0M)@8Y^nK(lzNvPS4Nh&Wqy-};~1ye!$b%jSq zy0R1b)~nol^G({l@FFkyGcD_eVkEW8B-mUr9*Ow!#RP;#6)={k^o4vrT#S>uC_pwkk>YR8-&fT+~U&-kEQq=Z=XQkack6F;uAozJpHj)t(shFjW(tmxJo-_-kjbYbqWl2;b#l*wv0pg z``rr$P^ygK1=$Ne)sWzgJOcn}v9(_PL9Wu24;;LQd9>`Rc+n&x=U?jI*N{I5JN-AM zU-sqBA8L{Rqp$NG)1)<@pg;_ZEQnNz!N23jwF>3s0^*=ENI0p{^x4I4j=dvnLfY=XK{Jr67oLXLmch-;-={(_hE(@P6tFP>!;TqOiiEA* zGeBHj>0yK0<}m1H28Z9DU|fF)=B-su;-uT&=rHuYy_0IyUo2}OCh=I`(_Wz@k1TMf zYG*zGSvDKK(>qU-YRTZ%qutVgpW7ftb2Uch*+D7DV!kLRr!AoOM;>%`eULWJ{1aP{ z$AkIW9(xAk>27Nq6&rjKSVtGC$t37dsR3cz?#`o1>l%(IKc2i&&4wucD00gE$mjye z!?fqkC)+CgHFI>uhR)h=5!*SsEGiGf+_OtY-HPJWkD9q(gWZb=c3YH$);bM8VN?vO z2_Vgza3&3J#N9LN7XUZg=dT*2Ji{oZUO}dvIWJVizMpRTK>r|;5)|_XiP36=hDg%< zd~JboUGPqQ6lM>%>m5Y^`a;%vsnH5oY6mA{3NM@!QQOP@C(1aY0eRq|Q_GC_A##$=@CdI|yA zUg>3-1od2i&g_H1q2x;)sq_ z$15P+GSVCmIJpm_dkO2)wjlv6swKKD7gLjgetfW3=|c0y6H#nJzrJp<6-ar{-}p5% zalC6g4mO>@;45^AgVu~R4e?ogt+a6pQ2O3KCn{DLmnPa$^Sw9Z+gOixztO>BUcD=j zeJ|IdN@FOnl^J;HP@tT01D))04J)*$5k$W!K%Y?q&IB6tlj8+~GtD>iZ86^5R5E3< zqY>fsA86h8z$@Ln?c`ltU-F5+(5!a{R-fTSm~qHpKc?^rWMx2SwstKdGvV=Wb7Auv zYJEl4pdnbc`I*spCF+(MT3q)>jMbN{c?es zp1?x@;z!cW_Mg^wU!A+-wiaP@;-xR`v`YU4Mov##?P~-op+)ysIk{$+8T7>?n zyxqr@b47Y2?dIZf>Opu=ehwt!V!8~lGp__pruGpy9V$kaTU>0n?>%B?o6vE;#>Fhk zzXbGRv`<*E+ z%BhP140o@lM*qaFSN1SK25G=NUedB(TUT7d$~HEO(h4FPmIgd(p1E9ai*1UQfE?k~ z{XEz@n9iX?L%Y!&*Q-1?Y(9h<02IqIv`|Stt@2+SX?(l9UWLp5PM%#>NHu zlxd^;qG)GYYiV8YScd%$_`n3=2X3S8@@B-!{pW}k9Rt#REeo1u9dGYckF8-L4t^3= zJv{0~77-dI6EA+~v;8HnRVTECtB;!lGy>eNT+_k~0@}q?rJsVLr#3QD_TCH>z(Tv& zn(x@-00ya`&pT=FVGx zl$s+~@C(DwqIs<|m##@0jlL2{k%*n}C!-AdwHL6h?5-+aG_`xn0hh0?TFBt*1}a=I zp=dY(){2Z5735(qZ~H4S5&-nDswaDiQCu8JcUtszs#mxdIl&Fh;l4qgH~n$l>gBEi z&>3r8$V74U@F{B~E8oKgDp6W}b5JBAE>Rn8U&CX1^eWU5Ox-EZcb>k$Bw_PV+qs$r zK&QE%L(&6C3V+BS-Q~a@^O@cPZI{`;v6-_vEgO^yo#-+$rOR_|L5w1=!B=g=?sG}S zcc0t)4eyzrn?SD0P4Mh5wr(+#go>(ED7;L8f12W7K(d~ng&;$8C|<;sG76;<6m;NR zM*x5j?+-P%xhHh!V!c_$lvzS ziSwkf-MLTV>2Q%B>rMHM*_F41Mw~Oy;_*Zkcmws@xPt8$JFoxXu{OJ)>wznI0+92_ zKq)awNb5$YqgUJeEI5jla*gNazy?{9Y*bx?HwG;WafbkC50)1fc%9hb=(Qn z-cun7+K+9}zov#k#0fzY<@&CQ+&a6X>+BnTL9UG(m0HbH4)dQ_8FH6h9Fc#^_^sra zw2x-t2%vB!w6IW^;Q8tKEmg%4BSN_cLB;sU8&7sb>9_0Hl->yrKc~}fy+}U4 zmD#pJM877;NBguIS@D86B{yA;IOx=|?65X=8O?~R@E*s;h**wIW+sM}IbzqE*KO}; z8#q7FchR9oG)t}lfM`5{j4~c;=pt(yzzsi>5Bf$yBv)*8#(fGeJB&VcL>S`Aad15S zBpI!2>o6AKrC%U{FE_}oTvw)4%5b6K5ZvH&x1MdN_s04*gU==RR*gSCZL@hQO=(v0 z?~C)mi7jM9(8Jq~Kct{rk1dV_NqzP;ak5#&^3S0ZpcBW0Ow%ZD&Zs)EV!Q~Kb&9RZ zeBdx=OJLP8#{ow>*FO`Mt`b%6*jjOX?~!v$i1wnH?i_#6YMIC2xEyMZ-skA&9Xy6! z%W`g$>DmK{>>U&1v9?Y=bi!|k57U_qBPn-K4UX;`({2%td1E|S$Yxk%q zq9O%(-*t&g>cX9=AKd_r34x>sik#MQ${EC*vxGg)c#mol)X>0~%=5r=W!qUU=wNyE7r$qE_`(@@dtQZn38Vvf(> zYGN}6P9#k=1Nvw&j9(j!8R>%|e9?RVIJ(3ZavNepC7VOIi>HzRinhpwZ(HC|jQ_LfRy* zED)9v0}gs7VWWVH9rJoxg8$*7m*f_g4%T6kfFX=BvLB`iC$!(T5P_nBbQ5q0RB8M! zY|Rjyqs63rViiR0U~<5&drV?u=1o>J8efvxDv4iw0;V)&5Y3|P^bqdK^*ai(GCaJ- zEmw;q`WO0)3G;UK?WwflYrUxPYKqi#Ob#5jkD~JSN_OK1Z$>~+E(Q_At{&%X2_N{Ykc^wO8-Gb_4&;!14RUt}x{n zyhZbtV96-udW3 ziW$)|re0aS-1V(xSsr-R8O(*j=m%1SA-vV)7iZ#fx*Z`dfy+z9A^M0x!qO8$*z0*z zCW;BL)5gb?wxXSzZ%t>m(~Q^^?akve>%PJzM9|JttPw(tTMrb{!?fxHAvV6tT5IlK zNlW!yD{dM!Z+5x9ZNX9*%Tw}>#ffs5ILH$8OEgsFq-0_ZX`|soeI4Z+nnRSxRxm-> zh;%%Nv?V8Zi1&En!;{`?_G!5z6Kxg8S2l-2=z$Ua*;YNMSo-aP=Z@aM)CXLAtbE?c zWCWl9R2-^Uf-I*ic|0zz9X>PkaU##%zO8NcFd%_UMA1$z$l1i?Wg2VE&J6nf09=2j zyNy|Q{_Ql$h(^KzlQ1_gkS|yD?HxIPPP;gJS!ut09fE*+p&TtT7`?^pC&rXr3_N=>ce5ne&rMe?prK#%CWF2%oqCll#LNztWx=G?}0Hnm?-5rAn91&TB9E<0)0T z&B3;K?#(g><*CciK1-tw!eKVY)897_nX9v!mw zdW0E7JhHzyJ%PXM2@bj*U`Zx6P3lI%jq%)r+@`?M3`KQa?vaK=yzmdGbrJbf9@m+N7XRia|};$#_v+llB||(?_0gt-(vlaDud@PR|!^upS1~LbV>H z`hd1jUE1|pdt^m>U%^Vh8Rn#cGh5gWK@^8A42_>zs9C~eM>}y^iO|H< z7^i+6=wQa^c&L|C^KZvlqOQ0h58N2*c2&C~BQ<*Ea>=szE?=bec;>c_oFmTPEbomK zB-paMEIx&|Pk(xS6?E^AI_xWw=NEc&8aI5gv&7;Lo_|vdOUJ*tA&8a*eCUy_v50HO zg`_DtX~TptQF()dlq;-$tExi!=J4&mPUXD z$xmUQuMBuxJ~gyja_(bl%-^{kRw|<41(y%K}q+^+|&L)jQ_eRkgO0;Mg>1`O~`*A*oCpae(Z@!Z~{%v z=+F@_R^^)n>AnrxMYNhfcKhkgGe;yg13LnxAzXJML`J`MFwM4JWS_t=G1=?6Wj+ zaILiSDca#a7}{`_(REooRy18QiDxGF9lX6zw!q!OT@yBs$99-yRj`1;PnZTSykhia z894t4J_rY4qg4{OpzAb!%yIRTAac`(TjGM(E%d`$ z=wx(JiQ7qdc1ykXBq|zRGO1fMUC+)KWZSBOtm-;!f^=RG2h*}2CpgcD3d)Gk{>yQt zos@bv^Jb#~An#})e`WG;baOUqIX0s#&O}I|u{S3XaFl+~dDy&A`{LyELbfS>i(~_A zde_3Qq#}wj1wH*1Vt6l%t(sKz&Een7%L|q4E;*J|mw}B@@OoV1{lsPx06I%X8+5iC zlQ)z>-JEn%GH%~7i%*1N(~wx$R(pmM3Nk1zi4UJBzY2n@-+H>bwJM9*ibkP+@9eUy71Ha{^_W(iOZHh9jH+!0sB zns9lf5?iEdCOP{yuhrJxu4Q?yWqFW5n0~uDV3twQZ7fNcEFtI&&wAXqVcxpB6wxjW25I=m?xlR{q)fG#M<1mV}C?q@0RVftA(OzglSF$mY zb02xUa%<^A$#_Ut3yE=*wQ2T2LmAr!*LM;#RbXzNrf#a;IIK{FaZpEw0w*js=FhCW zk>4ptTE?AZ|KXyWFF`qiPq;T@)KuMh@uQ+q>i&!6+62Ar1JmmFHQ z!t#VGEz5kAp=bHbYlI?=RjrnIytjz$B#d(IP6u1>$0R+6jl`ET##Hcqq@tf=?7FAH z%OGR-47$luORdzcF6TY?*l^D{G)P4Y-a|u;T&EzT&D>}BYtb*xh2%i6!u2$3+j9YN z0ZM5XCl%YyzPOOM4XwR-ahJ;L{S>ZL5+iMC*vD=H>1WAkLq?bH$&(DmzaKnT9n(3; zVc&b7w9h%Ku*!Kx^5uZ-W=tyyInHk~4;86z|Ei53HOD|s+eKmjY0AWY{oyFg@zd+9 z@toRNp5bT@9r{g@GSPLfp#^8O>$Mfy&BvS1hS^iZl|L79KXUi12$6V3EIn@s^a|@o zem?CvKV#1BYmbz+KVYA6=jhx6o{f$4l<5#QldbhpKbr+titwDfMV71;0usgdCWjH+ zT7{Q~oZ&AyG?yIv(DEBJ%ZpQ&9`VXiS_iRhGNLpJQI%Cj zzP#ff16f{QN`3k4RCPu7eOITwq7nJe%#A&Q*b!%aj&oo7WF)=2EkOS0#K5Kb)gPDS zHMKH~gssPFm_uUI7PrE*FpV&s$;3<84iPf2E25lPkBk$RblDL5mH-aQgY*>qW8LS20(VoQ^9YMKsTuedPoo27cVW%RK&HQ1sQs|YYE)Ma zUA}y~kF_`F7CdC$13wvM8?v$h*RDB%&OA0=;ZdV$9DRY&<;(q=Q;EAv%bu~FE|%A1 zGZ9<-;1Dzw*8_!eSWi;lvWM255M5)GK6CBSnTEFba7C#S7)+t<85R3)I)5zc?_f1k zFg6sxG3$!I zj`PbxU%yVxr@g1akU0(|RAMxLx6iexTa$aeqcN+#+;O>i!v#$hu<9PQ^X9=x)|G7^ z;=!>$93rqTWu+kd&>f<%A9TUaLk;`$PYzoi1rTBXNUKT-PDOo_57o=|Q5{3J;`d@X zrDYIvBTc+;3r~sp{PvE*`IuxKx&Hhc3CM`>Szhni+k~-p6!#m0y^O#PLBQG-CO4G>F z?H6wsFbt2oWH-~eR4a-9sBE#dE)RI0O0Rb|J#)pa3MOE#_yNe&mBSM2?_LOOiq^4p zgT~j1lRPX1qjH(Cj8uF)XUTQ~U%&NWy^m$bW{h8Ldp5u|aJeWSUTBR2Pg<$a*9A;9 zopI)NGJS1qHv~eXOXaBp?8a?(Oz!bE(i1~Yq6N{q7)u>y#^Yg<@c43})nmK`;Kdv2 z*~tUIY~-uen0} zEbcXV3pk%YD1ax0>ZCHm2Pziejlnc!=m*P27(;w{W?$QF_u!ZJehqM=#(wdXmd zM_-Df1F&dkDZXy%kP94rX-;x(omPD7?naef^WUK?adaH zZ{BxC%!1RCTvWQ|#mQqe7Sh;g7n}3=9)vE}VClS->iFiyY3b?%OFy8wzX~>s-aA;K zoVy$h{R!#V*d#S?Zx#`|t0?fgLR;@u%cGs!^(BQuss2O?O@=2-(#(CB>@edZhs7I? zmP@Z5dW+7rU5gN~Ft3#UQp*V2U+K7H3%Cem9V!QQVHLqTfcGMMe{{@l8S?K`ET4(a zx?sF%Tm4Gx5OY0t^t5^089{*Xyk2xEAZ~HFRkAVOive;xRaC@eH;Kie6)-wzigt zLvf0`BFevjfr2{wflmVZ{qRTPz}{$A|NPTz1CQufYpq(u$nE|v_L!BxAkh5aL&rR*Mw}e zf7`9bEakpWa=#)CD3ciSEcQ*>sxJHMk~V@hr;_FVdDP@TxiKo{I0{CqnScd}>!TZ& ziqN6B(oA{%wPZUgur!J;`$JtRncGXE2vAi z*0}oE6+%X9JJCdLzqroG+ub5sbZ7z=KUb(_rmmN7l7qBqL|mahwXz%n$ITw+r4diJ z6~nJrr9{KRYZwXZq~y~Pw-}gBCU&rQwi&YfVGrJ%VPkb>~|q+%V(}gkLG$L zX2@9$zZ80*iFP$AHZEQtzW9;G>AaZdVR}ddSPS|JhI>giT42@_B4RfaR*FYd9ON#) zW7O=_*`+3ISbT^<>>W$gl%1Wcla4qSVv9<6{qr7`K75cLJs;nqoX(2STCe`t)^cl3 zwQ;%R;)nGw#-M0@+NML1eV-x?zi<0|5$c?p_-g*NZ8N_{3hOJA4!^HLh>W2eTG@6h<*xW(~My}hFRQINnBkAh1@Whp`mAf|-&>Y2WODJe=AI9n;}L&>wWXJE341|%E70IRU1>c%?J~B&3Q^QoAWJPV7ce{NMM8ez zqv($=ig+ddE^fu%)Yb!rT8klTtpb^h?9$aV=OTggGaPNYwXKZLwI7rCoW3e9&3Z3#%(M8w2AY~bhS7Ew2Ivw*_>A=Kf>8KaAav}4w2Vdy z1>TPilP$K~^x@+0yG)0+xLsAMCp`?X^K`w}`mvK$stI6cP!K2{T;POlE#j^)HuZo; zl?>w;Vtu4hc`7}XfgJiW+hWCyP<>cwo(ouE8pT)%uYUDmY?Lq~Ntq#%D}rR00lR>@ zCHLY4n??WJv}g6wg{*R;&60X{q7l|9vk$nCx$Xs-WH&K+h~L_~1YFmVa_&R59b;}j zT&3?;It@H|TTbXlneT}n?K2K#(dl*Qa_-_fRw`33jzMy_N?^6`KJau}TR^FK9y-Y~ zU|D8S^RU!beql&Hytrkdj+vs>BrMdWe z`iSC=i~+pBt3~{fv+Wh=-1^z|1Zw9gny6E*D*;snUJ--Z=GrJ*+!olgEimO=KAj+% zJoWP8buWCA1b*EiZ=iu5ilqJYFhxCe+hz?mb3C%ni0ytfhqTpS(Zbz&!@gUjk(z z-Dv^+D$G4Xr8QOvoN5IBfMQ{vQKWWr^)d>E&Dffh)Qf>AEDE z7xFRmF^5(m$GSLEZl|h>AS4`2o?OBtT~DOvwa1*bh>L}7*0Vsnvh*aG(^KdY9fYRTHkiO@GT=5t=3^MRA-k?G>CW&*}?xN%4RV+xd@|@ie(^5@eNLGd`koy6w|K_+S?)?76Pa)E` z|75C^LVoZrp3l{BRKgn5_4ozF4g0)Oi6-&QwVwEjl9J_;a+eE0-3$3j_4*e!_3^vg zXSU_c=KnuA`+D3JD;)-%AO2q`*n2DE*^*2HY94cEt=3Ogwyi;NIVCn)-F_s#oXd%V zUtOf!V-j*0wy$E1dqjKdQ16Jv@ zU7la_VcI?mp|58xWe)7i1NHWwH%#p!IdGP!Y8A>m-n{gGYSPn+i6`1x0c^Mnvg9if zMF1JF;Rb@Q#((x**}(^hHayh-KQU$JGl4%Gw_O0G5k_d{He=H@1Mtg__K_P3|6;V0 zx8<1iKN6?s7l2XPKsrkn1&o$*A29xw(=C8Rr4@+{A;<%^GX)MwInX&por_+rWZ zokkFdtp_awws!@`eHRMMKJiT!b;CiZa(Cg>@=pYey{3C}UAO`)#38W|1GA*Xj+*8Z zNi38h@7*gDD8JP3sqh^yR5^B|nJ-4fI3Y#Z-Sd-jgD4rTVhMHAo}Ev&!!A;u29gas z0BX}aq%OU7uK?Hi)h?-;0|n${v?n=!@taaivAZ=TLhJ0k^IQ3H`8ymSqeh2rQ0-T` zU!}{k-$6fujrQO`%7JtvTD552>*{RM)uwFYz%wQx$tK+Xc7s3s3CN1BFFbSS5q9EB(f_eYBABd~4o)=g6KU zXW!$dA}PP5Lhbw1LjCDYUflSYS>XlwxMT z>PN8DjJ2Du(p7PO{~QSm8F#sT2Y)@#x>Turn^U~RSA?#@2H z%CuViu7))^hPLibY~g8XW{;;ooZ|LR8dGO#oTTdG3Rnx5E0m+LDY*T26zQ^#3%6>Z(a2l(;z=}B5+v*Sn(=CBYL7Xew zS}{F!A5V9xg+g21y`RHt@U0t1>y}Ec6e=aTrUYaJ)cmdWYiEAddLB@D;XSti!u@g8 zi$6@M?Kl+TX>6VZF1dWHgo`McQrF3n7-)Knle*ORoSf|xU@sA;|_Km!xpvc7Wbgy#&(`R2ugb9av@fJ}&JjA@LJSNO;h-dlH*x;xgBpLpx;ZM@$?_iUu;KZ-an4{AIH2S%K6D~{1Y90 zMV0>(qHYJw|9^$3N6~-`Apg#gBh-FuZ((1`^R72q8Z)1=xHIf6&lQ+{dTuViou|aD zld!2oa7b>g>yN!B&O3v#${>3CUTHv)aiq`4)`J^tQ3R}|f++y;RuBTn;LOq2lGn8I zjC{*48k+V_`0I)T0=@b7rFssV;l@PJ6dN)gHw0$&T2h)Mza@m%7PlMmZ(4uXh=2E+ zH1t~yQ_5zqLYo4*;=a+>AH<>y65IEK3BtCL{`Enzes*qv%TOWJRiwsLX}gi`mZ9}I zM9V4^jL?j0Us;}LPR7JnB*FZfLjClS#a;$rbEQ#QCe|(hJyN9yYzR4WQ5IR%3yY187H}qL$`QOwY6*@5D|0g_Jz?`=p#$>toRX$2m4cXY_5)^awcZvq;V*YCcs7NZ8HS zr(B#JzTB(nFPJr03}odo>yCs_3yrRH5{YXem%g^8KeB#iGkG-ED-D3I0~`;l)g{015A zWHj{U&CH`LCPKBy62>~)pjZlKoZkXFnBKO%Q}p!Ko5~PCo=^v-!;@79MLLqKnU^zW z)?B)RJe$MkJAMH5r!aaC?PSs<@mL#RTp|7W z-fwj)?n+?I0|3`B2FMm^`t`(8$Q!~IfcY8eqTb?f!wxV!7>d6yL&U1NKM9GrADQ;P z)DG1cm|W#liBl~cwAX@kBzc>o9%5fOANdqYL=j!vze`X$(Ya_(l35R~gDVk%SSZ23 zmPN0t%@vQnwCTvER-wZ{jREBg*akXr(v^m5t7!}0O`UOf{uH|M2nY$YDh%px*jnH! z28ylqAzdc&0OVuwsQ6ATfOK&}2VJe?v~+6QsJ)1bWI9_uDz@Fh%@^f9*f_9Uq)6~g z#tZQKD4S}RJ9vY6Pl^dz5$NF4D})q?c28G=?7?)6EK4C$-;6ssH$ph|ENjeYx1!VZ z5HJUc*Izbr4Rg=0V_(C0p}q0();0tq+11nEk@zJ%^y6-(`IFc7+fZJRZI9fR?lPZ4-cE>-hP3T46doT}ZSTmb7VA_wB zpce%+BBZIT(Dh};Hi84BFIV<1B9%>yITjXib)?rU%iiWr?9jwkKBUudf-Xm4&pt6=rIABLruWIttRaVp0ymX_l;m9IdZ*r^51?=l6ESzC^x25x)rt8ejN zjxlW6KEYyAOz~u958Y_2)7|4-+F^EqrOY4R?ZQ>-oXa0(k8KJ{jSUYg@QZ1Kv6It9 ztdWmcl`p203s~Gu$B97u<(*c9gv^7$T*{!descu>aPi%2GFqij7#9IH)}C(*OTM2S zSrg}m^YD6L_9S&E?AY7Mf{va}Y@1AyE4HFq;^_8`P(BNe8)nIwjyez>mt!z}!*ML2 z>B`=oM2koPo8Dnp8#c%~8SQ{zuWset)muVc-t31Im8hBkxWCL12_+QQ89aNK9hVIN z#fq^*UY@4~rDdS=*=77s$pwzDSoLFVC*;_YOoF66_9-kIHNUqs>&Xlztr35(ygI#(K!?KPGI83!|M0tCHq3y;n zcENCSrH8m4dbotQRftnrwJqu8MpaSVYhBh9bRAnxVS5Y_+2OqY*SUGb3aO_ z40%D5IfLo5O5I(fGKAZb5YfLcG*05I^t8D^z4qANU2C)gmH8oWq&1 zbobo1V&#P=ze5<^%tsLlZ5xksx+Ai{KhXyP%-K+Y!(yP2+&*eXeyTQT(*_^Hbs7PMFn2Zj)tH4B5Fnj~x|=y)tP57~0!jJwV;ciQ9H zqAyF3*&k|8v`&=cc{D|qGM6dOI57{MyToQm2w$IL*_cZ7Q?Vls6X?H`Xowl12W^S7 z#g8N7awcP(!&rDK((sl9K&=9()r`FmD1J1X?9nsQ)i|9u^@oh3B;)`XmaZaS80a(@qA)t%{w<5nAoSgWOfnZQ`fe?sC8aN) z$1I9)7ZeUFv)(O+YlOfU<|bAa0tcg1Y3(0;fj*M&R3mIGy~!FI`n-@U&bLbz+WFn6 zx~Wia3qjL=O$eBKf|2x0x8L4@*uTtnt%(x3`&vWImABZpf`Ns*DPlDxeP&OkJiX(S zb0~W({cus{tVh0%N0JwqfaKit9l!1+;qNqP*W;D?@__wfudQDf7lS~t!y*-MDYX{2 z%+DwiCud?rjFPWb9j9qo{6IbG@g%TSISGtH+9+hjv}gtpQOUsQn>^UOm;;k3Ma1ZP zj2*(+Kf<()g|XL48eVpq&x6~gI7bje>uc9QoW$JobOnk52AItL%Io_P$InQQdb7tK zfQJGi$a9=IfDH70b?Z{AmL++rh|Pz3up-YR8%>iy#TPN3uP$fvgpCVbZrk{lj22&f zw+FQd_k{|et9LKQZ&{WRE!^9jwctgiQ#9a+SD5Y2PLf-+F+&TCgCj(|~hoKS#*XqFMiiw+`JLSen^(->3J<~#K`WQ<}AHDBN z!iH+w7kCe#GLMtq1BUR8G$W0`P}kUVFL(NIb1E6&**)kZRYM{Pnt@xx=(u>AHZK}U zFsE`aG_}<*9G!ARjD^O|Knbu5>d{OCZjs)P1m_9%$YQw6Ac-%Tnj|xE9Q|d`o4B&e z(_FW|XI0sd-J1v%fz`U5D)oJG`C8a$-o2hSG-2g+_-iyU|I4E`)FbojvQnlA= zCFNrfBMb2Q^;68b_fL|@`%37}`*WFAKn-MW&9;d&->f^yZit_R zfg|PRfntgiXOVCZQnu!@kX31qILm$umn@w(DZ+XIghgsTkw+$sXiDN(u}lQ;wIryQ z5<+jyhQ~uatiHfRSILJU?725-1)vCM3!drbEnJc(vKta9 zK87u+`iECKYZWp+$7^D~K$C^$vL$jgvbAJ^%F+s&vdDN?K_B^ndB@Z9@q@71wO~MF z^3j4yGX`bxY(U!7mTj2It6h146 zbC`P&M>5dmZ<3nZsMY+zM3^Cq$qKps?!FAWdXaoWu{Fh0R7hoy?)+G`L`8FU2?I~J z99pIcEmLOnn1irx`$^bBtH3m*`+wQ%}5Dt^{RuIuQ9O=C9IKrjy}RIUs- z0Gd!?`^ag-qGK$}r(=gpnEiyb!5njES6+s?nkD)$?WUk6L0~q=wlO4u>_jrXlhsUD zUuHhr_W=`tHvr{^kw*q+cN*6GzYVK48Lcs4=FrBV6?c>4qJ~~H8~Y(~VKY%GzTA$7 zyT6&|pKHcv4}fg*`G`R7{;zhkL7rHqDhUmVTLips4fBLjbujyD#TG|l^YR2NQ1N)% zyHGt>RuJsNg-Y~dT|;iJ1|H(um1r~G0LVsyv!gkQ<$wg#b6qgIMi)qQacmNz=QyvA zB5hj)aI2>^L_<9e&v9)&&U7v&W2P;_t;7e;)(lY!So9QToPs&TW@p-#57$IiZ>E6x zcU)86u;7~_^Y+X84hcz|Qab2E!yN!DcH@V_4DfN=mFplZGOqh9O`O$HLE;mahqCX> zq*I(2C@d%D6dT7MQl9~uSmqKH~YLV z2%PM!as0MJ*KK_poS^&Ln%n`~v8!!qI%OeEFyq@T1PfE2|9?0KqM#wy>3rn${E!7OQj6G_1(a0OH1A%I6`%tjTFL|wV z=lZ%xe2Y*pd0nTC;A{l;Uzu!oK$0ocPU^O50@f#-8W1e#tP2`tuLC6x<#J+de9^(b z8#YiTadf%qipo})@dFiF!4`$Bi}V}Bf#I|MQoshz_7GT#2Ju;6pq4}@03vJyz$bGl zZ(}`3Z7iJ0v6%rZO$pdTF~`<#3H#z~gTVdV;kQ2b3%nU`@>J_UF^nl9e#(*WF+Vdj{GL!Lnp}J8MFG0-0f-fNU zPbat}WKO-fmnqqPjOCkC`MElE?E}&NFE$%O zzB-JfcbVqfy*MZ?o6uo)?TPM$d(iK1`qgRIgXbjd+R}p}SwU3As|+|E4l%r^Ke^?# z_BsXMQkDl6c!gfRtiso87m7eV5VjxUnjA^1^;c<8&%9$}K>i>FJt((d6^L zAVcMvC!Fs$+;p_k@9-j@v70|-u8b1o2fPx#TVMb`AnUg4vBQa?kgh|pO0em{-<}+E zzi+%zqt1gu{M6d@fr{N;SF2t!`$%Z9fGtFaTJ07XT(q`e;i%(`0&&Dr^q6KGC_Ghk z%`u&R&`|Sae+FjGI{VQ~zTa`f)gn{_eHH33p>EAtP}RMLSPZQuz*v+WI&(xHnQ#M~ zd&qcIHAG-oWwg)Uug!Mt8DI#oz!^~c_K}ctmX)1`bW}@VAMtsg1yl$D!nPBpL0^PM zo>eDXM2f3aP?FI`2nk#3+r(B(S%MaaoTxw`Ncihhr2`XjWvQ6UjGmp)?)uoud{xnk>i!~$6YQ79 z+Z^T#rg@y2riCX{6`6|g%W@!BQt39c{bPV)L<~?i(76I%ZQ}tBkk<`AmfUauCX8>o zOS+7==pau7uqCz{xJ#$Jq{ z4B^5d#mZ+Tue_${DLhQYad>V>9GNaNFd!4e2NH(UjUk+Qrl-jPGy^9g&J_BC%mLnYywPX&y^v zZ=Nk*v}Y|8=YgtrnyPl)oGqtrN%qSj>;;Tr9!1*J#hy%@>hj0}`7 zQV~6a%mWK|EjopJtMpN>qDmQe3y@p^hB)VBGPX5hF^6ve!cHv2M+c%yu|p39(5vWo7Xs652#kMPlRnTqpaVtVRz0%bZ_cZ!NRtMZap%|Fuqd36i zb@nampv!#W)*x&e7UtYq=~Ux!-JD&*M+wJQSj35%PQ6s#Eb{&id=yZVBH;f(qyh31 zB#AGmg@sBIrgL8?nk0Cj6#{0T0U|iQ-b zQnp@|gsbD{a|i7Us;zEt&mY)iN{8*i0tU%&E3qO}rS4ruaSUMZB0;58)*zuOGijQ6 za+zEc<*>4K(2q<4E$0UXs4lruhUgwoa>;N~(^0fb{Oom7*Zph-3@{17Pcdtt4Wztl z&@c_OwISZFS|aM$qEQepk&>MRgjZjn?*`*dlxk63_{}oxfE9wb{s@S)LIEL=`3$9_ zRhDfB;=*Q82{08CR!T^OqGRl#J=+63OxLdL#v4;uhlK3JChtfW3rT!E$%|SQ?ANEN zF$QIy;j^V)=sUw`h1AJ}O~4)jwjQBaZWil*~lkgxAFmr$@IK>*Xci9gn2WFEzFytekEU<0M}Y}N8CKZz+&>` zD6u{9W8M;HzD@R^(Xz8<@qH}*S{SpIdyOojL@Kj*h7m%u8pLs&YfJgC*t&nd0KI5_ zD5x6L<+U76?|-*I7u*{^4~mpm0hI#Br#H8P6kAn7Byk&7w5p{rZm++$+QMHw3Z zGoo3FsgT&oFH-+qHSXN_&Ye3Vj)NUAh&Zb$m7LYyGfrldQ5Y13$d#KBa|If8OVd#Wxjx$UcQR}S`n(rn_6EuU>SM5wNO`3 zS|8~_(P+iBrE?cSED=Ro(MBH63&!v9tZNc9>U-@Ni)-O%7ye_T_n0gQUY^^eYO;T| zPkSlB?f)z7koPb4Dw2bU!Jq#vz8qN4!Y6xG+QLLuS%o3%Y54~!X!)cv%O=h{Zh0>* z&D!GG=aFgZa&@s>h?}bPwnph>v>Muu1={fHW{7LqqiGH`3B1DHrrY?*t%KtzKQYrc z6BSmd#PN_wtBd1q9$pPEPG+S>Gs2cGZVc!VUV%4cekpQ$2o8S<;v!IxHih+@gzDT) zUd;&xyGHsStY?b)PQ7IQUSs@O>7`_kfY(ewLb|`cr_?S$Kymh8=ViW{ryU=E$F@C1 zA^Ka~{@JGMcin3|W8on!STwgDY~xn{N0c*0*2g;+e0~@(VULb& z=JX`_8eizq7QKzPR@p=!v%Fj@Eq*w7uWsNIbS7xkB{;?OV9nZMs8g zMXbLMp1(f@!tAMIwYu;`ZO2b$8?=yt7CiK;zziv|skk&eDYaWT2PiA;)f!ph>lIP3{&dJCEn)Dz z#!V=dwr3Hs^K=*-y38_EqJqMAAj*En+w63c?{0&6hnm~)gPPyuahx5z+D4!4uN5v(-McZ%BvjY&FNc&t|%VAEQdCpH*>p-{Cncws7!5exU?e%QD={{Jr#` zezNqr*tzpT;S$z|JHQ!Tfx6vX#wKY(^@O2zm60XSsKT&eEw;1fMW7P*h9n4N76z=O zYS4_9?lp|u1lx-U(az1Om-Jo?HVSv&=09hPn#-1{?udAJ_(uowmp?gso)}lo*yo=3 zR`|LN^f7mJ!t|E|q2vVmccrNA#SdNo?r&ZHvrPejVJJ&v>D8sBt%K^hs&Paw(4xhg zY}6c)qLK+92`z0buh+35s z_vG8%MV!evD+%&}GjSAIe~!*T_Z+M@Z1@t8n5TO0o1Y+Sm1kAfUc?~k6suMF zEGC-5FL*Kb37T6Sgde2h@+9@9K`#R4qlUKo%t-%pDA<7Hcp5W>;5hI-viQxSrZI2$ zAj}7#MD9aevx=8YOF+Z5^TAz^&i=KW=f6J<(y`8(&IL^S`_T2TMtBa2_I#QLBmj@SV|n~)F5Gj=!+3WWk< zX|?eu%O03)fz&6E**)nw2+!)?YFgDRR?9a42-oV({!8#7;#wU$YOKLfYR9bq%9TR{ z>%dqkEXX+56W7H8gutCle68Ku&Hl2;xOhqDL5ew6pxvrwogi0lU%bm_WjO-)xIz&) z+|`o#HPOy~$T+UgO3`B<7`lD;r${5=7%;*nR-6aFMH*j-k;YKig`EaqTXg0uU~ zvxm0bYQf2%sV)d(_(gn9z5|dPV|JAg_1dU_Zf?tuDk<5n`wlal=QS#~d=t5a_S@(k zRcipzI-~H*%n|@s)69Z4)D169O6nZ%3uXHCDz-htwYS6vosBls`Fd5a+`ugxK5k{~ImX0oxCN2Ny5_=A!VVM#>N73N#wux#2oTz=h^l6Yvv7 zOP^&3sQ$3&92ye-Gz1KoHRgnDH8VgR9j5_o6XwM*Ae8>&e^E zE72ys51qsLtljw_9YQmFmws^rUmZf62@$Q>uhsbe>w}*q&fh&1oH+2S1QKJOxDJ-{?Ltp=pN2$<9hqf)&>O+VylmI4-M@xFkZ2BwkdA_3>07xK|ECj^&w z3lwfuGuN?tNnjszfQl|`{MJbk^DAS*bf;`*&Tbg3ngZ<4ijE}c7!w&k;hW2-v6eD) z&Y+U3RbRqWv6VL0js(Z$8w1unalRgtSSJr%Hux4^UJGUdkwDWnyJjB z!A_TW>u=@q3FQdbQ@UDrVr!Z8AkPE!)Jhga$rR?k%e8FV8d(~=6@Wyhk@&*3U7to> zH1M|wT*GfR367zi(LrR?F^WC|4W}!d>goZKrFwI0=(PS&YHWkAAYPrpb&hOcuza@V zI5D6-DP|HE1;txE02rNJy3Q7*NX$DS$IWSPfmdslM1$O89D5G;a{dCqS1O6h|FD90 zhuEc^1)_QLm1wib*KqypV{oN=r3@8*5rJLw97`;~@Rn4FC$YH%3x$%L|I-6qn7A7L-)I>6xvsstPT9WWtiY;wHoA4&W zr=^x$n?>s1 zeGRjM&p1qaGBfX@Vgg@oZPam6%q!|2b_M>6%>Sn^sYIrGK6LK74-*E~S0_XI90mUu zdv6^S*P5*lCpbX@1gG&3ELd=d(73xpfZ*=ZG^Byx5&{GW8rw%qp$$i zwDWU=i2nHCfYc|5#NX1WFh3yxA;DjMh!LOaE?`~wy;$rj6|Nl^YP95z+80T@5lw}| zP)d*f%boq@rHBWrQabih{c6u2pGt9oKsSQ&fb00-Uo6K69m>pFU^+qa4wuhEy{X%h ze50oxa^Jx7GhB-ga1npKv%lPEyDV_c$qTS_HV;@x1wCsZj)hC4DO_4x;#{ zXY~Y?;~88{9pw%pZ9{~iuU%q_`?ww1H0;f}zW^dJ@QnZY=Kk>=*a;4BO_Os+^dCzt zvh#aMZ|T>bNdMEbk^&|Nl>NXEW#JjMy}xztKWIvFJFmlxO(fr-9|4~6zqq-7+*$$g zz%{EWB$45NEcIJOU`a<5v5}?z#nz4R`@m#};?)*nw?3VwYqq^umDKH;K5$Q=2t%S9 z`OCxk>r0BJ-}~Tr!QuTMOO56Adr5slc|`uj?){Hx{l%_;m;W&>VC(+JwEo!#{KvEa zXY-#^>mSdnzyJN8Qwun2{&Q;mjxPV_&;J$>663KTnSM@w=KyoDoz5ef*f&&3gJR8qx!=-#9nJId#;+eGdte%&Q>Gv!bL;TNxq`D?$YrS_=8rH+>C}ga7M|6bK$)}ghmtp|7$Rq zrvSfDW80X_<0+$4V?i17Dxy@CJicJ`ND#7lvYL78qM9rBd25hb;av!iuYo~Jk$$bH zJLmfoirtxVC{=?gIU7pykRWww(^&&9fh6cou6iGTD5j{$?Nz@bj>QE6X7cOLOvppi zp<-^0xI~k=^2KvyPR6J<{0X#o3b=a;5LdaFZ-P2BR|u2`#Z?CxO)a}wdTI*UWxUk< zGGSRcl%U;Q_N>6FSA7gZ8qS_?`zC2^=007eu0yGI@C@@ttbbf^I(s1Vostlyt(Xrb z;%L`!N%BG^)84n%Y%H7;NA=-65Zp^HF4+!NX#IYQFwg3PPYZ=g8sqlG+R?0*MI%<=P?z#*25e{ zOWZbvMz2Ag*#_6f67T7hS}7+dr?SAOR;0p?K*29WdpeoV_4CE?G`9$&Mn2k89zwy3 z6B88;jV(?^85x!H#Fw>86*G(`eh5+`RXiQT*j!{u2SvE`W^%b6>K;Xr2rG3y6;9nh zbNW_!rb^CPiiMej6!G>eFI4$^6v?l4gCEQMp&?FzLDkZVU#j?y-jipgRU(?6bwVUB z>QD9~85_rUmoh1FzHl00(3@2#iEDdo6pJmL?$f$OUlr?k+}yresCMd)wL``GFyZd~ zEBtVgx4QJy>at}gXNg4gAT#-`r^&hWa>4b`9=-J7*B({IsJ$JcoU!}zlx*2~sQ}D7 zp`H9r5SG)ZkRaUY*4{X=x^4Hy;~`~F-9Lgc>wg=JO->*?wFHZx@4!>-Bh@UoowtcoY;a4zmoR{ z6k&nFxq)g8=Ta?2Gj4MvPMUa@`S$S~G%F2s9bPqG`koLhoob zf2x`8IJxuHokY=gRIfsZhPhqIWCe6VOh1AZLURE?yGMo$k<8GjMh!yI%+NvFxVIB% z;MNZ`oc2`LLkIce)en~|Nyyo1A$;!y`Lg;Jlpl|?&c#igTFUgoxNS~@pyW#F%DT5{ zat~V0m%YhMTBSg)2f$@hkjvmS(YYV|QOj(9p!U;$8=UQNh&ED~QcAXaw!G??{ zN{x~osJ{KfwR^K?*I01J?of4OZ!~4k<*BdF;RiLnB8VEzlXD&%L=LLx1!ZPoRf}cPRa5--X<*yn}i;pjT-gYA-8}UuElxz$fL7V#RfinEpiLxk!C&OiD#K7z7fcbFVymyb& z+H`;FupzARs7d^DOrcw_u;W_nfv|%JISHG09xz>P>{<;A85bX4M#8HBnC>)E_(Bcn zqietnOiho8$yH$Ny759koHJu+Ny%2F{iPq!=5qeU_Ezr!Pcr$gCpvRaC#r9Eynd`$ zSCa^GV`2YV6o+d+-P!iKuymc;m6Vox8de=09Zk77sny_iSg_Ssq93`%OeW!l@lx5^Oe;*7xrwaqql zVz2$WR|$3_3u)pW)8&dUe<%#l%{`Mb-G>P*<^Zt;(KxrN)6kcmmi3QLQu^=>1{~iC ztCUR2F&xzrafz$ws*(FIPRSoDne;20fYT6vY%Uq`%#kE< zRW*A7Bh71GR5*4C!*A992!)j68s>d+BkJ{Xzj@Rk&tbWKvAvkNb*g8Sh#RLNCF`Il z`#ZjwxCFNz%k(k#-G%a^+lIsRySbtpW^P&(bN9|o_tq+F9_o~_kLoHK=ki7=PPPaI;@j!ke!hPN3eTz!(*$ z?)@5B5x?x^k#xz2L2x|a@XkFTVRxXWXpPyYYU*egTr0(<7>FFrWl<3b{)9Wio#V)>4O|Cur z>$f5LSsBq_ z8xnQ+>uMc-)!Hw%L#Fm#Al;jmq6Mqnx+)M9AveiJrZGl8`;i}Kyr3ya0?AMNn#$@5 zm6*LA4mQ~H%uM}A2=6n5XP^Yq-Su=^PSeD+X8Ez#(q6g$;g+6(DgNkC_401IMR@S; zLCP*9_KT*Jh6GyuYko1|Og*(zz{DU@&9w@tETh9{0+2Gd)1&SO`?PsGld)=B5*N9Z zU!$jRybc*kSdN)Z_a?nc$Gk<)S;H?=ql)~g1e**<$2f#pJ0N|J3R$x{%ONNBEYlA5 zpi!F%_l$cLDB(8=bRQ{Q}gT{ z&tHSS55$wiMVwQ=q$l6ehQrhTPi*iPsE`*eV)8KW9&_xy-8lJ+MJA$73-%{3`~4Nx z<(o@KB@z9Ja#D1cM5l`Bw76~|4Nv{jGxp{&UR_PAjaHx*}aqEBWAAvWyT-1AS)mAu#Csg0mi*WmEESe;ED9OqFHf?+~85akp!K z(p4h4a{jun$Nlwk-5S;G`HD=A}Lx5s)BhfrQQA|0FC-U-h zNhe(w+5O$;gaak>la>DWYXOcqe8K=-iwgszaM%RR7zye!!oaG-vr`|@b0_OF`P7|# zepr(aO%W=-_BYvZU2l{MrTLDs7mTsJ9C0_aTeAAo^RDV>$#Mn!_!t?S$qh#Bh!flA zpD#%Lmglj3akS)FUVk^n*JRK7ALF8S#>0yC>uIgZaOU-G(fiSk?&c(BoPH3f< z*H8kNGYZE_(|w6k>{VsaRPP&mxos=B7ZZb;k>@N$gQIYWtu=K1<5!n28Z6il&MYe5 z|1f%KLJX=eCB$8(Zv=dnGjx2zM*B)M5Df#^;g?1k+^GREb)yujnYTkMM;3-)&4{&mn<(O-JriVRg=Y z$>W3xt*$g%8XiEfjiY%p`MjASDv=BcU3t_hD?6RG)n&I_HJ#7aauA~RUE zQCY%GTBb#4C>q-DNg5#%&+Q``t$!${E2rJfm_rD1Z~!LFTM-{>tfiAk_d0u`@>Hpb+q+84?V1A6OVA z&GvWdERC4m4t)1iK=ZH&2YVK}`uGD1>hEn88m7B@Oyq6yZ)#=d-s7D$6r3(m^Ao-n zs&}>G_Pk%DHb8g*Y1$H6I2q;DZtVWGtU?`EXKvHF!%1vkGUA($b8o~nGj9 z;n%lI5kp1My}UcdrMR@Li+;rvv?&lGEBuS>z<*~@l&E1{x3%`qIIQ%Di~eM#I9~)i zL4g?0>|J#ctOv7Dv-DC&6e~JqQCvn=X7hU+gJl1HX;LY*jt8E4Mn=Y4G-Nq7IFQ&z z2ri!Z+D5*riXO1Kx+f>C?B^|rWpR2d?19Wy(5 zf(e*zccI>71%>!B(K?(cTAHGORgNw2ilJS)UPnwa5+sIaJFDN=lg!JWWjVe>x_fwO zT!Od{7p?LvEHpEKHW>Yl`;gptcGKk*zlwndv$=W}27A=Igk;d{Zln9L!C0=MH?3$X z`zxvRXe_BJ5%{5Lv+X-Alm}3RKML*$xm#q5s|@$B^0+JOrE{l5V>%qh#3j3K`cre2 z16G5W%iZKx4v`qfq9woBDEMEyj zd~m^9PfwqMQBI3~TRn#Psdx3bm%zF1a|aZkwPtE%%>MG*glEw~PF0vzM}+IuN#CX< z467w<#Hu2;HORy0hge-#FEF?5P-wzwjOEiyJ=UH%GkdQYw0b&mD{{P#q&$;+UH&OQ zridzy!VgxiDE5ch_AufpF=%P%!X!q@DRjE^Xu=%_$)X?wLt=7k5|w2sla5TR*Ioxg zSb|Udn6$)jEhxO&D+{e!x*ee02GOK+I_P`t2c9Tr%;2o(`J4hN5rwMMTcJ!FSm5$) zIL%1jZer+V<>9-HWocmU<0A=`44CSTSt*OAoWJkUuZLoPwvSFZ&%H5w6yhyqILwQL zY}X@DA2hegp}t9ME6!Ivk!uo29ek{C5o(vouM5JF-q(g@Q9rz$@$1pA2{xup&E$VQ znthBVG`0K@UvXe6TJYe?Zf=O>ZY3d7X)B^lG94B_(knl#M(za9VENmMp2}kf$^7qD zBnuaDX}^qXG2!&BjPDQ9?I(8d8UKgrk5S(y+*n2Mzyl*`QXOp{usJxMUr)bK6e>)a zqRdEe9|ZNPD4cgGqzz3*Gkpq@GCIXT6MXt4XYCO0xM!*P&efIYhhnQ!D8a)M%!k6* z6O-;p{acS#AL#qJ2}T#i?gNjDTLo<>z?0{LoZh?@9%cYE{ z0KfjV?o~zn@kF`5T;dz);cQJp3gzYcK&-8sY!(k^Ub_PeqJpkjgw(7)iXQE9<7|)s zE;hoYrZexP4rAVWNqoL4t@JM+sH2qb(CLe_g3thC1d8)*Lz+5+c^kGdjIffpfdQ^7 zqa5J4ehn9bZ;?=f>^iJ8w7qLZu=T29TMOo$=QdG$xTGy8m^*P68nww%N`8V#P25RX zjRy3>^Q>9%b3C#$Fh-4#5%BDiRIKn*)u#cQgb3kD#tfOm;!uM#5=_tS2qMvOb9&_8k zn#Z2GfJdHs)PGaeA&|jpGegpB!hLI%LX2JXZE!zHp-;$q+V_C#IU8KvcHZIuwrJbZ zr1v+crjHa)jzinWoS<{vOZjuQr0q$tIAf&nNghbjX?2>hIMqeibE z>9%I!;@&Wx#;H5$+^W)JcxW<=j-X3|ep_ooOzjESRI6MbmAha4hm2SiUQrN5ARTMc zwWfIL2X=wF8USp71wWpp>Ii2OP%Z0@=92c(D2B*WfXY+WyD=;n7b{gRst;AHJ5o!B zY<2tm%2S$+03QKTYNrMtvrcKCI!j#HG3n3cpdbj6OjaMNUstjf5d>?6iUNT+-ZFZX@MWb2@Kb+S1 z4HDt42ES91=|zar#br-5mb*`|n+G{52Gl_f7fl~Ov7Ee2%$Ph6>MTKO>NlO7*EE>cq@Pp>~gFmM|*erO+WU9Mo$rj-l zN6Q(HIo(tRJYgL*>v~(e-4&7kR5^i^67KD{{>jE1fOma3{@l!qs63iRfzl)|9*1Ie zRWDCc_N1SKGc9-l=KhVz7?ij5Oj$OZW{t=cjYF=rPP1|{nN!vHlNx6!mhw+QRm!do zVtRGBg2SM*OX4@s1Vt21toq$#uW4K1_rN{+o@I0-i)o8clI z;m~*2F2H}!Qc(8MZ6*zw2aM`<#bL_*qwEitNGxresvFEW=x*0n+7ikn1A>_4e^>X3{{ir)l+h=HkA66AdyZ z=&eeLzC(5735+8{THq|IJ9@%xJYu>~ifq!o!yp$-M#62&Ik}q-AQ4^f`Z4VZM?5anV-DT+dI*%SFzPUa7A!SG`oecr z3sdl^B52bJLd`1PJx-35n@mR5U3n3)dj*7pc$;*{$?cZuff7lHctZdNp@VoR3NR6g zm3a~sj*6kirsePheVNHFa16 zN)#f0I=l)HV;XQ}l@Abs$Edu@^L! z=J3q-XK@b%57B4)H)kxs)&ZuGAS?jc>>G>TI&KpWO*+g}yQd-hq9BBeH8T2@-54j& zJT%4QD9vnzqTf@s%v>H`2*)~m!kplO+N6CdHa#LL*0*IgvR%8Ym5{90Lq)Y^Is>Sw zSW1Pzk=9Z3M(?Y|`e7DC+Lo~Y(jRY>mEE+#knQ|hw*5464r_BIwRVsU{wVq`cBU`b zamv?4VJhF%bb#gaGb%!Xb02ju(?oR|a?d>G);p9hC8Bbb2mYYapGQQ3u~@IxRu4+> z?&?1U-_4j}Aba!NPEV~MV77fIx1s53gIWkf7A`ILFB%Wo$79}?hu*#$CIk(UYdiM5 zKw8ziVxMx;=w_R4BQs^*FMnW zP>pRd6D>1xgoNjr9*46!i{v=ZxM#rOc33wA*CvDIJdFr`JslpBs@U2iUKca~{Ss^* zJBYQOS{k6I9}C}NeFTNW=PtZ%Z1y38ZkLG&m<=2^Ba3$IHU%f(=6rp4@`Mvb8Z4^z z1Uj>fy*3!f#QgRG6Wm>a(JsC~p1>%;;uu8~Z3La`B6)$J?9oL;GFKTVr}UP0{$!|= zlcZlRY{C6il34}v1;NaJ{6l-M45-)@Ubi_;Jg1JQ6mu@wOS9rthj2I(e4{ z7eTi%@Q)IvfARPCTm?YIqzHY+^W+Z~V^N1d(Q*OG@~$m)by}#rsV9;8GO)l9yT2vD8ZUF`x&`b-7>v+fP_&Cwy+~jh zAr$fs4sZ6ZVlF)_y&bv)`X3dG^97GN^$&(+iHBKqtFWhv1x5B0mNHGx0&ReMe>%n| zi7ES~&f7IB7sp!!y;K|MSM|%JO&ztxl19kDpQjrsvt*TrJ4FRZ`=8a+lEU1znrfW$ z^mq#A*8>OGt{@^FkWgJy->SoH*_9Wv9mv0fB7>K(Bl3PmoIki8GpB~SW^oBWxK81& zrt;NX=N>#}97!xZ-+=40sgH53dgfaYyr`EDYn#T3n3@!4|7RS=Y?9Ny-ma})-4Y6K zbj0fj$7>s2)brZ$e@rqGO*iVq#BvweFiJWEP%a{IIp~_3K6jFn;qyl}NV8BeNKr8@ ziU;S8HzSGb%FB^7Ql7L`Q8yjt>UO?im%3hU2vtR*^(y0VhLMgsM%8KL>@h8StB6|! z%P|BzO;O82(E4P2iv6&0G-x-Pm0xIOTAS5<5K9${!xx zr6BpeMyU)39*G3ikxBgJ;vQLT%G{vq>A>au=?Rv-AO{M!%j|!?OpM385##xHhlEg0YQA(d)R&r zA~IHRx*b;KG~(Ve2e0lN-8OVuPkF5Yvr3kEx zmfuza;X|be3agg**v?{M?)C=x{=u+Nt(-!d5Vb=?>s^ViiF%l}9U6zwU1Fp06#LM_ z??g$vb?NC|;(6w~(G0{s>8@qO5`Y*;g&rX;4&l=mX;&)L*gPo3H;xj!e7m%sMJw$& zU60mxW{DG7Z~yq_=1xrZg07;`4LexMc(&Yx_w2FY`Ne9zvzb(_-7KFi8b=O;qs%WE zN0}lY<2aHj*Tj7^0_MDZ4>k8i@eq#^W#d#WGec)unytjrj0!@u3Io<@--mhXhTacP zp{9Ks(mC~yKtA*tGW$!cc##Z5;!`S#8HLOmc3)BHdZ28sLwUVZ;lw}I#AdpN-YRHk z53?kvV*ed+f7`fQKqT$R2dULZ-e$RL<+T2(t)B7)9R0w>7FvU?<0`b=?#(1cPg{F6 z{<-c(q|ywT3GsC7sQTu+`sJbRtNK+BUkP#gUd_hrG#2LZ#?|dSI>fGf1dOyC5fj+l zO=IQo&=s-*es3X3f!p_5_uSeas1ABZhPzpIC8OR{I8V0Vw)j9vd_HORcDyu@NO91v zBWNGhIMbl-hPd%0DWz|*W(K;n6y40#c$L&*vwhM~gsM3Mw<`V`;@mII=p>_y$4f(% zT75GYO}5~JnNNopOlW)n#5p*QH@{~#CWqgj=L))i;hMlB$b<36QM~nt@K8l?<$}=WzDUXNsyZJ|_ym4y?*JMdq zRF6MHj99sNmeK??3xamti_5$0)A*OXSG3W}gV|8FDboFC&()@Zlg{DZ)YjBP(buu@ z?(qVmN!rWwg+LvF(Ij~9J=Io11!>SZA~w^zBYuu0y+e)RzS;@)ajui2Wg0Qb`(T36 z!r!RBcS|_0G1MQNw5tePeKg^>{ZJRWR_NtYVc!rP9P0HQlJ^Eap!t{hw8Re|x806gbHo2H+({|KJKRJ_Cx~w1cV?9!Hrk%#i#!X^N>2 znZCycf-m_S3!REW@I`)yqSuMr-6YSBF$ zG4%e{M>Jty*;D#8lB)usx!dd> ze5P~`bCz4J8}K=1j4?FToB($H^JmcOu|!_QkvrC@uUhrgnx%;2h9kp9%{u)7Pi-$b zJJ=SqUT=GWgmXcD&Jx#(G$rd4xaT_2IY ze(K|An(0rm=L;FeKA8_OW}778^F32oW{%Dy$uo}{m!H2u+axe8#pyl}_?!zS+DlA- z)W_R3c;KQmo1jG`CWF5EtLXbLyP5*`w+8$NhXd9hWbp_qD)@$!aQn%&ic+^5>-W_t z7Kvot0k#d-hBJ0SrpevxQ?v7PwD;>dgB8}A;DD9SJEP4>a!Fj;ztiT7zsA#kl@wAo zbf{|%IwegcJYRE&QUECVfg5XqX!UQZ-I#BDAJrQ+F1eRJ!y{wvUO=yxDCLv5s;wkw zHCtMBYV4P@(SYNEn)^Cj;QXLs2ZqoSLB{zOsK+d^ekGG`q&00?a=1_UH>5>Gq+2A* zHp-{Bs_^O3&m1tr@}7!h1S`q!cov;=f`SI6HL6wuRXB%V zh+2x(u$Q<&1RgFnXer#A+@Z8O=f1hpt1H}RwT4N}dgHJ-*98IRI-%FZ{HJxdEB3le z6L&5J!(J$MT*9rWkpEIpIRdeLKATvcsxCUhfNGHMtwNzH4SPTw+m`xQYae zw(;eaiokF4_>_Q`7Tt7)EU`cG7CzjRhjM(TVwZFoIi`gq15AVL1O!Vt;8|EdBfp9- zr}D~a?Tfe(%V1+hwU?~VI2f=`{r?Xy`}Qs1Wk1Ow1pSwnjTY%-OLy8}6W~zl<{?b5 z&JyYPgz~7ZtV~I(nDQltR-x~km?Q$`W7onCD&QllHa79p!d%|%O_jt9je*n-A(TkT#EO16R z771v)-vZzzox?U~5^)Zd4kV~q8+9^$lwe)YHaF@3ZI+O@PQRHGkb>NDfsw|hRk+;_ zS*5&QzpcHz4UYc+pWV3bQFQzJj5t>HRUXB(sUhmauD8#1*x`)!qR)7pw7#9IMGlv9b^Pcg_=hLT)))hiY~pV`}x7 zBE}Ha3)IL<`U(*vt`x7{enk)@MGrL*0YM zxCFH+cwi50YiQ=1fGng_&5a)gk%EvFUojn<5vNlG)Y~2_zJpxxGkGEk$m{L-uP2}+|=QoTiNN>MIk1!gMa5tYiQ3- z5<@@TQEkzLMeBOzAet1>ujwoLa2prHnLH5Ci}T}ot_Si&b00u{fWJvkuoqCGa-eG> zkn(vqNVQ&{4hXomOn}aW>{CB86{{8wi`&k3>6|nFVv})UYfwzG@`Zf=Kr!XLamdiN zJVAMA`XSU0UN%-l%st0vb z@XVemcw?ejEYwAPS@q3?duDj7S;d`JOVP6P7dQ;|r~hXJ|LJ!G|MEqf(Vr2#*vlum zD8qCkCrWyu2%W^G%{6+VVbuKlOHSuh(uz?$iG)F(;p;%~a0PxU+HE@57>%=V1-Krd z6J!CXpSPsYcdLazJ7jij{*Xe#XT58%!tUV})MabHa;(t&`SMo>J)lW@F2Y;*1jdn> z3e%*bn|IAZZijw_*}%jQKHFb>zCwy<@=Ew>>5j_cUN`-QD;#zq0Bv8P- zuu(EaI$9`r4331pvS4Wu?vIsZ53~wY+}(LrS6-MLgV=)JFU<_~jg~dAKbRboMW25( zZ7|SBBrdfRphQ*xFJW`?ib3EDOxILUIh@W}P(YIrZS^k{=1XRW4uJguv#!jnBiz=# z{wkb*&s+V7r40}F(j@GaTU?Pw@8?oCcEbuPDy$!Dx&iO^zA6^o^sP9~IWBlJRit$6 zQ;moqB)JP0H4Go6&C6Q38FFWadOsdU_&a?Qz?o&{XB00X8mDh~YihUN;>=eN!MpQ} z72z$tN(; zJr$dKW}C;mLCZiR`c3$t>asLYJAeH(w@FbL59)yvZ*6wYXFEUnN3U1 zZ2;XL+N3zur*dTr(*L zR8P;yBH0Fg~|7Mu)2A@0(Hbv-^HZ$xY|UaW?^ z=<0j-W3>8k-o3BydU|IK$my#2Y)*1t%tRYBd3>v~JUsSxIoqJ8p`cfrp3&B+DRN=} zTtsGzv#lgWz15Li@6b`GY=K#!29#o6XyIEwtzs%gJjTxPBx;4hiU1fE7!;0*lScq! z1ymt69x8`lpgHMs;tUp){*AQ-Zt^wj)?x2AdjtfjYWzQ}E0!Kz?>#^GLaB;m?&y&V6BXq+9i~me5%i=s<7x=o!k&nS)f1c_NqlsT$V69o+_jL#yr)f}DV%t_XG{(zLB~@`8-B1+L{&|OV)i&3W-N5_phto(Lr+2h>SH-$J=Se+y z_BKNFS?IM70sV7*WvP>`Vl9miRW`!7 zArt{Vwo3qRIAr^6mL)$Tsc=|~dkgf^}IhuaIX;vK=?tu1D;*-%>&${Psv#;9Y z9vkVUJE7_{3I~?uD@A=006Q4`f5Hw6FBrNphmpy}@*SyIgM>>KBxe3BGN5|5;}p!(^A@XYV>DO525rlbhLqp! zR2IITnSROMlU1=xwsW+#NCLGiOz?Nst!Eq~*UrPOdCyHi(}u!^I;LQdrILpfs(?W? z0vW*Q1HxaWC69I6MR(dCZbQjLpOZm{=wIXGS%w7~<@)-lhD5^fnLgDdCN{|1A`sKi z(7;hjSW4%k6TOj|tIBuUC_L697svxMmr8<}gFiTSWLU?2dg(=b*C83%$5`6*ts5hf zd)Wo5mO`f+DxOY|PbTjjla-@QBTA*0U`4=J^dWZN|R4 zy{VIAyo8Ew0Ca_?YX>Ue)&R@@;D5OsXX1(2Bo_BA&AQ9w%fQ9U@oF+^DleePfx|+0 zby&l651>xMd@L;zUX9ap_N48#i(lK6Z+Al|31e?zbgR?gy>%~ex#;F~D3+ZD#f*Cr z4A2AmEg0!;If=k)fMj_Mnil`c8R7Q!nlCs8Wh{z+s{z<4&1?0O-A&OHeefAUgs`WW z8+6?>*?ppuS|b+pc4|28DH+1oK8?0I+|u?$j*m-OU_t9xlR7q@PaWmc2j8DRMFCw7 zLZ85TfqIyPy-WPV^vvz)jUGoDIhfJm5ZSD*$f z>MYSAaC5<{6}+t$=kGaI1sQ4zM2Ma^72-4zhHV$w?X8@riKdsYW;$264Qn4)NL<@e zXWqT{`eoJzyMzq)^5NCD&1lgGh;>F&n3bYUbbAkxPAWIlMlFbWxZ2G6Doh=e?2)fU z&F5$gN>ZgNV~D21uGuph60Yex5o_i5k3vA-pSKU1YpM&DMtsN@vK_T=;yg}$vEI&( zc?==!YSa82RbYTT9sr)NZ}rms?(1C=^|p$Pux%eTMjFC{s6 zGUi&}6P zAb#(k!J%);LDIH7zO=57?>ASX@^HxMjZjPAk#c|O+SgOctT>#kP||=rWXZcrQw1BO zhYbX)zOOCRpI7*FyuwS&=;4nHU>y100E`OQ-aME+H)sa(GxXiPW=>lJyrKx0^H$U& zB8}DiTs=Tc;YxtT9Zn{wGFNTQND%iEVY|kduTb8zdYmawn7r0*Q=Fw`l z1sZQR{|C04evShu&#EMG@xdlA(IR%Q38~%zo6PBFw+4-NnL>ev!0ghvA%=nwTY!k$ z@`J-jA|8LKNELeqGW?#yBWp#A0nB<4wL|DYSlycAVmGgH>=S8{JFJOH ztVE9a-Q-rH)1_zny#rZorbfC@GK=cxuc!fxU4CzTRd_EtzL9c)PXj%EBnXnz`C~mD zrFtgQcX@Oq@!ojv4wYj`li$N$P-!zSw86oGR5-o(Vqaxb$?7)vk|-+;kkmT(@XMf{ zVa2+rQzgXW%UAPspeQ(?Z-r`7Wk0ssenYkTfC#40VhM`XLQ%Nw!g_$GdNHqO1lNVM ziVh|+Ba??7@H`*t!YO}65$NT#i7m>3VPZRZbb1)~GbddOO0K+yv91)cj%D`UbCwI` zox}26AcR@GoF~Z;e{yNU5s|n=s%xU7vaRJ>j#miCa4FTcTstaF@x+rpziGZxx@l&0RVj>7~wnFb+m1=K{aVk6`e++A&!FP~P?<6z{lqi)sF1nKF`;pE*8? zh@M&!Grm_-?vveOL5p+OKDuwNr)Gp{=IyocV@g!3s-BQpEIJ9F7BCy~_29&^%>U8B zBZLxY4PwkwLGWirI2M7587VH_4kD!WcaF#S83%gE&$Rv6C+|$MpHOJXqrh(sCDLna zt79hT97U2gZZyXg%1>RtP-c9kK*%Vcq`@2c+g+HSA`tVmK&}n6Plse)uFrXIUOaaU zu->1tSBr$#T`*=@Zg6GXovm!NS!$AxuZP3H-J<)}iN>HJ`8tW$e~7C zf_^O5z0|7PuZTbZ9;ng^j6{5?L<{E%(A|-n03WH3KulP-pGUNB9H`Eht=sZxZWYoS z+Tn)+?}H>Ny*#wLG_-q(ZISMK5FC|9&Z%7*ng2#sT%?SY+uF*1{g3<*f~VU9f3ACc z>_%{=uF@9pefgs{`a^A_dsMGH<%owW-kE1u`~;NH#2$T)%#x6UE9mCPRZbzXu>VC2 z9SjMnQseMbtLR~@VT|YqoRO>&zou3W>6tCIzo9PAN5f1i8j<^VByKZ7-`ntLW?era zEn6~V1T@zG<~id2tsyE^3ENr^h8Z~c=cbK)5f>arRsJv(6w5huo?z^0P>g2cqwKiC`Y_h;b2v6@ zOa6U})0X{m!N=XcJ9H-|EygffQ%UiAQDjcu!lan{N)(P0MLBQ}TeR`OWqsO8HP)z6 zEWD2rkhldKdXyvvbNfI=nvk*6(k8cwCY2C~gP)uic`enivBx8C!Cgbr6fBp%-Bw{# zY+;Kdj;c}NUur(HM=zdWcZhDt{rq)ySqd!4UJxY$Py4;n{^mzAppu1VjPpz;p ztT^O$yuaHS`vlS^rSc5k1&?*qBqW495-#(E&1Fd!P+6n z|NAKn_q#C>D}%;=C4U`I!SzB)>8oqfQa;B^P^;V@Ov=g>BW$2c2+({Vb-i1<|4TV( z^wq(GR2XO|EozC0Bm>swkMs;jS-uRSfZM zm{yIV_}mAj4pQL&BA_&TESd(Z7tU>Xu~r&5$qHTLk{}Xj>R9z1S~@xf;UxSLw->uK zvSiSTA-ISztGh8KUEx?@xTUP4W5}+7uW=++IsB;f=a@`VK5Oa`o&u`urpK=NIkt`n zH{-N2W@p>Eb-pqZ+D>LuQ+0(9p2$4X;16(HKKSpOCti-sv_Nxn2B<+fozUOThjvTSoc{bUmgm~ybH)CpWVoNiUP#Jq6O`I#$_n4yQygBm+FGe^ zz|CvF;2&NVYz~?h(pcL8O1>-i!%L|JZ-d4UP4zPY>fO+1(*YBZ-Fd53J)JM-r#sKp zB)!b=s>9}RFgPIm6*#9nzr;zliBG^tz`!{hU=d<(xZxwT@oPDI3LAfm#!Zyh={ z5yd!C2i3XGlX{Y4&wbl&ZgxGP{AR%MJVbww`-qInIR0SZsk!;?$+S_1 z$fBh?9{UsdHM!;*vdPuat?0Cj{xOhXW8(s&c!`C`J75G)l!=7AzDK9R5Kvtau_Z|` z5`25|Ub3ZZp8_Mg%W857rQl#)f38}M|DZOeNMm%FT$y&~d>G$C#G4E9zKU>8h-_cm zD2iSK$UMuDe%-tSMR0FXIKyv0KEFzi1|*i5spV#JSRxTeG4xo}z#wPmb)lf(y=r+{ zglHw34grOxqLhmo1mr8nn38?=K75N61ETbj?qRhgK8RK5Dc!xP_qwyTF@AF+}aubN)3G#Z-hGke2d zk-#vIDaMXvHa@q#^!|fZ$NMt^;Zbbfrce#z?76yi#$UG>rC9)r>sOx4!L{i68?03bP z(f|r^oP*UVEQJ6K4J}Sp>LV~3n}LB?On&j5)ksZVo|L4)2MV|~n5-p_JFFov3=i+t z_saZz)?Fz5eOJIK0WNOdDS>RInSAxRPo-HjY45{cH$$P)_K@a7m6RQ2u)t@j4r0k= z!pyTc<%e7;FE5>HDFRnP+Ad7Y!KCiiquU|Q0OEK0I$om84Bed<7i!Y7g>w%zCF|z= zKtnfQJGdE7a;k_7v^~=703s~&6>Y+a6+Iti!S8QkmEbT_)3V~|Brlo(X{8t+sLN3S zEGZR>2h>@T&Wy*g=cG|vWDNQ5_Y5+|Ib9YFSYq#V$w>>4rOdE`gHk&;`v(EU^Q zV_Krh@lV20&TPKBt`TYExYgOmd{whH%MqkXuTt}?)YvnyiB|h{35qopD+oHS_w3Ww z4}+V`P*5E{x^3bHD9&UVY_ubI@DIz9RCxNh?L3TJ#XTbRBsT9cS2ltzKFV~<+<^2` z1nDb}z456dS`Ff34}tE}WA*{^Bl@Q8wZyyYP!HF^axGg2mUUje^wi9J8LZFwso5R` zb(e>~8=vu*C+=Ol7=%QAnNSg=)?pO=eA5?j+xmF<|JZxWxTw}OZdef&L{LCNIz*Hd zLAoSGq(teEZbmu=7*Rq%T14p(X^`$2rH1YvLb`{Z0fu4T#XjoZ=j{EQ_xHZf*Yj+V9DDq2hO8*1O2^^Y zNoy3dVTJtA>$k*{+*&-(v9@A}7XLwyLkYod6Hyv$(*M7>x@nI1r#EpZ`T)5<8ZFl# zZ2iA=@|rBun#C10A|T4O`QjDF4eP^Krlfy@u>8!^d}Cw2uAJtiq}mhfV~RfslfW0z z_zRea6Y&}TfvgT_Z8jEw@gs~h*$cYKzr22)`DqKUA1c!}(fq}G#t#o!n2+7#OJ z7vR9S9tMiI{WQtb!^~@si;X1m3>U6J_BGD}*oLQrxI>Rmf)38ll7Rtn+VZo9MLhcV za2!Xds#ESY;rqgHm8!|YPNxX?hZ7Yd3Agi*{|+2D6auiiTVt!jZ%M#(ovmFRw>Nf{ zddh74g}e7>jkv#B7;s4{<&heyUZGq)vFz4g(e_^dL=3oY1m4YEUa*pilzVWr$B5Gp zBBtFC8hH^CM=DjsVY zzy$BMt<&Xrl!@05BID=-TEW#)c1Fk}@BI}@w@Gs-?oDc&GB4~)84Nd7Y(CUByLA1m z`}6lJ{QJS0G!WSkl{O>)RRr%(;D1L6Ku$2A{QU%e9}vF+?v(gN%-TIU0GYAe>#y(i zHwffxg+2(ThC)tdvl=n&${TLLAQ(ljm03l%L1XN$)LBm|UtJAm`m#9&m3(}d2&!jV zU9}N4R9C+}A|>-ACVgm~FVv5vTDee5-z*^2iwH4C$&B|EpmB`>{Gd zkXW&`Y^M3WX+8n~weZ5#u)jYCnKRtRK2?>5OO^nprThDT!uydCCf*ZpY;={VuG^|r zfo^}Z`dm<80F0gErWJIIHiJ8V*32fk|5QGQTGIYeSJ>e+8p6d3+pU#^?oN%e-Ocst zs)Zb_%kBnCovJWaWtxxmKaljmNjT3mL_ebSqc?dMd%JfaxF|tP*>4*QI(}~U3mWqu z>WR;=_oM-^LVWxd+uyf041h9fBoiwC{na+Ayx2@Bb3Sw}VKCoPwYi_6z5epr$4nx* zGyF;0G!C}E(&;Z$$m^<|ot?3t%8G~IU?#L-w|tNHV{m)LGw*?3NZSiR((_V~9kcef zwjB43(_V;@pu+@9Zf@=_Dv?)9%#n)A@HpmV8!j~{55uGycdTfzx}J3r?0%zyW(>}p zE{&Rhf1ST+IXp1<#W)i#V%mJ~XnqS~xG7BZ_wE1nlhpO!!HQfJSZeE28Q z{-McyhEYnw^iNQffiEYZzLyu4^tbxoBud!T)}xLSoi2-7_gU;BW=>>)TI|fVZvB^; zN#b6Q0WcMAWric=AwD5suFY1bHVnmWc+v#HRd%IF$YvXZ9cp|qby7pC#wRC=_m4tD z90zkw3ae(=&)_kDq41qV%BgQfTd)32M*bC3QF;@&6%8??0+nA~crQrPq?=xUzx7X- zealujdwcY9|IB*j6?Q^xFrOXc%u7P%ZA>*=DPrbBIkQiVG?;0H9HVi^-CGNN>8!O3 zEH)<(^ zSsTS=4nmISLHNrdR>mhY#<33=3kIJ{>R`3%^TdClpZ+Gze>+gWaK@PDnwx%qT5<*_ znn)b^kCbj8`UiBW?qBhSeuKXfWOEyzR{G5AOKo5B7=Pslyt>nD^Uv8}i$`=)elp0~ zslcidM6I{*RgEYC$7 zT*o_in;5arvLSoxsqNKHW+w??3y&GhEBhI!=6!zt#o_qWosLg`O8&oA9RE7bIm2VM z?S04nn|wKd+x(vOcS&_-S6=$#COygi3E`F?yWyw&LtjGgYeqh*+9)!bR;@o85!*cg z`KVDDR=rH|nO}b%E%Z(&1F&v)8wc1o0Ny$iKR#O+sgXt4@gk(HnQ-29f}!&o6sH0t zWeaQ_HeY)YIlc$rm6Wb)yq$`$`6c;(-NL`!p#K_BDwop}!1nvKoj-eR*Kg$iqaO9i z_ydZV{Qn?Z5cL*`KB!aPweN156S^tB-b!8mOF)BEev$6y$VkA8_S-X-+FLtCjKVm9 zDZxcO#kvPyfUyb9VoSHr&=dZkz%WL?mB{;P5UJ$p3UK74(=t{RyU6SN(6Pay1ToZU z<{O@P&u}>#h{s7`BO&MrzW;9AtAhcNI+Su#|2G{z1AuSeDE~&6_^bY8y86fc?fjdL z|5J8~0cdrUMv#04Iu>1~40*2noSZ1aSj)90$Dz#Eb8PR586Z=__BRn?T0*PX|3Ua+y^nJ78ar;N2uI|sYNknp!pPS#3) z!Q}oXvVS{Bvpl<_uD1_3qA5J)i9dm=xv0gW;PVvb}$`2I4+ z7`H1@vlo%r&5S+jYl>`#;852@u@%LBN|ZBS?*UdQ;HWxpx>XSb&|Qy{UYPYLvL)92 zM~U$J!|SoqW)#*ZxO3;u;c&-=X2!qfqi!@@eq|`{{RPXMOQA19WD)R)4DUQ1v-GPr zuQsn&H^KIi4V9xQ^cZ9Qh&sDsiBqbriS?a({x^f@EZdx5Iz$1*t2d1oWRZhFq zIgS=eR$*MxaZ3VNAO0$}=gE1Z&()G&)*Mgo(K|0E&tL}b5lElIyZ-7Neu8}3g2}Ok zQqfrPW7s>CZw&-eI?V zf?~ZM+XF^{XHI)tfcfK+mJ(nT*HYZrSCco%klDDFQV2#0XV0GE>B9#DFb*(19$SFl zKK-P_v0>30g9SnIt5fmu|8g(?aVQY}O?$IytKbI7!?b7$ii4kDFA~0gbf1MZ2(&0q zEm_PBRCHdl`G*ISp!_Y2l4ejX3-S4YDn9T?n11;IRoqeJE`fj?^9*Vb>}P^QLAH2E zb~A{2%XZ+AWrlSgi2a-VVXq0EA5JIFR4DU6({x7JKkyox2u+`;AfUeBr>^_`iW6ST zDGt8g=+g16-V#LyY+SLe(Dci2Y(L|v5g+62(@{g5C3*_?vSei~pQmcRHN2u?eFOpc z4Yn@JJ<2FI5N!@E%|x4 z;4gj0u}w7Pah1|KFAve4lW30}1IHfYBB}LT8K}c@k0DBJ2G$9T4jlKse4H$Wm91M^ zcvj=iD zksi^(fBXBN6wGwa|Mqq1w0?YR0so(C(xlJ%U$Vmc&;0@ycrjfMr7exf9&i{q4(n|6 zNs8D@2<|vh^unjf=(}$}Q7*J;3=kgT^~JEqm&5^67Sl>!b(@s$vHNFptpWoJ+;K6^ zq-@%+ST2XpvaA0~8(rwz=$0E!^PjAY?|GM>Om-HKdu;%Y&XLsfQMw#h`khz5OUn%R_Ps&QS7zYwt z$&buT?yvY^kM&X|8xjTlDLAzzfCQGq;kL<0iCOUNgY*>!pb4oIIaN0fuvo&-wlcX-&H>6ui!Tt6#a9Rvl?)YjDLGx=5JT&UG!I7?<#a*bE2c4D zq5j39f7=}J*qC4d-!6DKP~ZI5Dkk*VxnBr1)8DR2dw%_lRoD&w$14B9Dvyja9;{b= z-b(u?>32cq59ueZIU!sjSAv;%&zr|hn0J)iE+}Hz-IL}%;IQdAnbL?OcM5V}gS6w~ zirVeKTM|+ntFSB!y>+Rl73FTG_5bwlev(R5va}s`6B8x2bz-y$^EF?VSNX-ZczA5r zG?#BgS#lJ*-Mce%=!`qPHH*HR`q{2>*ibavZP>Kqx^?--EYr0A{QYeTX24F0vd~kp zVJ!)$ns_!9la?^^$v)O>WTU`=w_pAc6LP;DM+D2QP9_j|d@tsg0{fGGf3wSZf`t!f zq{~Bm;TI{VN*A*F)7stay)Ya?&j4Km2)&q&_3wo3Q$f%SlQ92e_*eG1e5N}v2hL#$ zGcU>;fYImACQS<~PFbIa8Q!}@@~15Ln;0f0vo3`Bl0VG+uKDK5zwX#S2oQDFA4wnl zmT-SEm+&@zy>&XDV%}c`M8^LF#Qy}uUr75u5C5l2e>qkE)208@rT;TK|7Ujor)hDf zmj7pV{?9}EpNIB;>!Io0@Heb;AKzW%wC|p9tF%HhWfDjWQm3#CY3zL;DxK5#cna$AxtcfXXOlC1_xwIK4>QhPDGwu$=Q zs1iPRuiAs17NQfWP?7FzLD*$jJ`UBX;9hl=!|@2Z>r{0xFaIJ}i?XAHm*=UhitmdsclOW?R;_p%6KaXMZz=as%#4c6A3vD* zK2c?nnEWmDKy0&Jmotgq(z@avzTK$Sb`}mz?!0Y_tblr6VKU+m$Y?xss1WB7!mRBle(v)z|zL=$mi+ry2XF z7X$=xoaKQ?P0@!p-+!*sqx2^;P8lo9w&cho7p2ZQ?8IVX8~jptm1-^Zrvj@M*Nj1j&??e%P?J2e zf9kTkpd@&_t#MONBkL~y!i)W~RH+wW)W%)G;=DZPbzKV}aI8}D4v2ySV~JS1Nh>7< z-(Xxz!_*4axpa(aQ5LLB@Ppw8pm(5ox`@sOx6@A^S`#r3#9~yhd4Qs%Fk>_CR@6XW zXI7JDEhO>~`ti4+?UKq;w3Wz`;Ax!%I%SBXh}|7kv^S}Jzxz9E87>>%wQGuj+d88L#vxHFT*fMA3xbjx9YN0p0 zrl~M*lNr@kZlSb))p&J)@PdPSu}nb3wkS2SnU2iaq%cg{2P?FwtKl8tyNXX%v8+Rx zu(L%GZc{dcjoQhiqIxe-GoLi8mHCk40~}6p7N^c9{~0>{{~A4dB}X9-;0nw250DcG zT;Y5xJ^v%QJzuM^ggwRQw#biH=dqjngY0^d$SH@d=?04MQ0Hw+pl9mk4}$k#O)pvq^@&?k=#ARZ&&3mpgrz%$j{7wdB5M@={#K@scZy}Kw#SeZQ zv#yC(_Bfw@jCWxn>KXgQ=&wL&dsMWyGr%qAhMbsVy5<)BL4kN}4&MN?IW{}BE*wwA zsX!>-eq?IFEE?q=E?GXY-=$F=mwCxU#TK#qe|X-&-i zw?%;+y{E7~a+q6(-6a)}`<`kRj6#0YeX+0__?p0Yq)*VXtn_xm$SVeVWqe9#YPH`V zabe&8E7g-AAPvkFvYxmcO%dBFL(@F95F8J%D?GzFz zln2=?yGH<>iq--L3s>m}A+Z|IOW&mu(CFT&C=gYHH4Jl~9ECcm}=1-sUUby|p(CPm#yhN*S>fF$7$T)MW(@!VD1`jxd+Aq=JsnEgu01~4M+ z;e`S~`?^iQ@xp;l*;{bq66XqsiSqVZ*HzO7FuIggA@Z>UqdPSNWN(SPokwH_?PNyH zXZn$Tu2nNN7i$_0X}_-t7RlIO9~}+4#%K!wm6Qls^^}UZEU_8-U`J>Rd@&P3&Bb~Z zt(05_A2-AtCw11xO3c>MZ;^~uIwZOk7FC)>h~(+8=S!Ob94iPprK$wRguy+P?*~mc zc#A?WIDC7xUqukMiecTXeAp&XG^XsnhxAyNR-=11qnuF zX{RO;zSb!2>gc*TF&tD|Lg&4b?pWA3QL)-9iJ2TJGzKM$xs{ql(wiZwKvfh-AHx#U zIERVqyCRAh)Vf)4q-a5pcW=T$k;@vw%5IXcMPJZ);iX4}o9X~|N-vU{Ph4s5GT!w& z*K-1-=LZ+{!y;-}k3C9Av0{ib8>2m8v(mbo1W^Zqg;n=6d(j@hL@Vqc+ixySRr+8_ z^c!sA3td)G&m9WD%N((pn~z34?7=8xm5`*~a?({Iu&P99yqo=uVA0a?qzxl4x42NA zSY;Vurd^=Eo#0lf2$2xGL#>;m6??>*4X5BnIj@#uS&Jjd+Hqb;u-;{%4}H&;2QBm+ znntFSl8uHpRX`IAL;108NOg~^CJ13{G%ezakitQY8+>}sQDg!v=3+lHr(ZA2Zoc&n zX4Eyh`Et@@EMf{%;4zA7M=UB{_C18o6-Hn_>BGYjs4Fr#eS(?hiz!wimNvnKg zjJ%mIh$6uFmf+kZ3Bg=+E|U;X`XTndM@4)de#NfqY$FZ;ijJM~ zC}ajnABvt>c%^bkZq%edc~o2%f{cDcAJ0lssEQOasUn)f%JkCdinAMoO6scCQx-S( zGr@J%Y+1c*5|=G`#}@L(+B3my%MVWq#Mj55m7|8Er=QZnD%wJlhQVgR9%?D)TU4Kt zsnkGP&HDHqIwK^M7UC}ESF-g6w3{7|y{IBde}Do%^ucnzRxnGYm=zhBmJcB8HQ7wm z-%Cypt1DI$uD9Bq9Pxcf=LXA1P6~d4N584dnl5fSIx0U!bS4(P$wGSZ3|4q7{FvCn zgGTi58D`F9T6GsmfT#4TT+pE$VwR7D)}QT3$YFzgG3C7IBlWbBE<@b48O#Mp4rPr) zA@0#I3su-d*}v$=|2UMsjaPV3wIz$J-vd|RLSqOi;(i6y-x9tT2fCF5zox8tvf~+_ zX1SEcANh8$uO>LSg}YQ1&m>eaLQZlUPFvrV65LL4jtRf%;<|Qv=G?@pN!ZaQ<*;@G zQ^FjVlfjj4z%&YTk2`(U`!PhDJI0b0XXasU=DVboUWw%bxjPzG*__rZhd`ld>ELY@ zE`(7=$Z`r~e59CH_*DyB*kRyqrOn<_DPH(^+45LH)r?Alp~q&NW6DMLlIm0p5;6ur zmavye$UI#HnmOSX9~kk|Z&1 zMLQ|jTsx_UiJ(mg9$A|U>)|E+c364pqmj(7nra>?ar$}YdFilUGVieJySdG5^rZHO zU5Y#^!6?-NBWBB+lene z>B%$}vxsuLf=^w-YAK>jJgKFDilLr zXjO_txu-$HBsSzzr%J@w;uAdo5JglGf3Nd_u_q{wTc@I768ZUrcA11%G%dJ`tuJbC zcfChLwENf<1d2}*{u=R3&TUcnWT=25M4GvXgtII3k&*UFJf1+z-`~)pnQD+#{zyNf8J7Q=D z8njC$ATD8N!4h*<+arUVY*kN*pHLwM;_+O=^~PxQ;qq?mWwxH_S?J?r@-}pNVj_*YM>$mLF+3QwUjx*TmXG-~(LB z7!9N(UyH~hoN^j>t3JAKQJdecCg{NJ8g&1&zpB0Fb*a^ADIdRwI$5fEqXVE+sSH&w z9j4juWm^ST!`42trBp9`mU$NOvg>(|*J*@H5Y>9Hou+CUb2e&ut)_MVUCobx(~(}n z2MMNYxN#4yI0p{CF$$#a2%PX`y^^%>15f12Nl2idS`DV7lqTD^LJWQA=N1q)TfvE% z5eLcb(uEci9^m@QvvSeW;cBDkD9J1tLaC82(^B(%KHU=945=lP9*OqZ@7C=yFHu4f z+H2s4n*VYTH#LK(;JLp1k~}_EQQOET=z_kZbynCdDY>B`%1$D+jZ}{NobEcY1dw@8 zdnJ>ts|cbT>NCl7QEfcKbk*uPK}qAHI+#Y zwi85_50^3Sspu_K{*jk6;JQToUwr>h1mz<$P*Q7iQHdP= zxp}bAOw#iWwbyUIzqveKlw4;&o1v%J$q93}A?wf3>1RW2BH{@y`#i$~Mkt1;@`N@6 zvjpwo5y?sid3hYMcOH`R)q4el7wg>e-J>}xZ<}6~pNhK9w4sS9hOS*fQz9y%UZpA# zxQ#HS1!7ocd>BXi9in`#;=4{Au-W7MlQOpprYVgCN1fbELF4Xkv=tNXZIUH;C-rHR2yR-u&S zf*sz(VHE)vj5adBhrND=w9hSf$DaCsIu+A3{rGZHu{!4p+2sJ#cDcouJ2a*0Lu50F zw-lbazIXnzqtr~Q7-8Fk4aPs=lBO<%>yS@ek_QzpDAH>?MKpV9F@p;r}ZE(Kko%{_uXlH2e1_&){Mdho&sno@56g zM(@L&W*bA6P-Py;nPcH>FOc16kur<^9p3212inFOH_ln#HA+5C=uU+(`7mi3Be zQe&k_u>48e^O=#7N+?FZLlgIdToY?N${)(OoTEPh-UT6}5P&w}1 zATZN1LfD`^qe1k57_(8<8(V)Y<<%Gx@=fNVD3nFN>k~ikIHTBR{&vM^_BeZLml_Jw zb~XL&0`}U{gg&Stb^{F|0brcb$SG8(v4r6biYH0J-}yu*Cn`AW(}AM3O;ksIF=BTy zu!<nCIlUC|S$x{{ zRO36x5{BCOk`sLM31T>o?&dx83a#VewPg2C&6&NKS*OBR$ILAqBv7~#RZ_A1| zvQ7Y5r&F(<6)dJmfCK830K@3K|6?KnpHanYn+f$7>%!|!rSzf0lCGekYnu@+!TQe; zjSVJSP~J^NULG!_mcU!`Yg?b{oxA~WL(rq&auCtd5E!vp(qxq&3!QkNmBzfh=fvu* z2cd6!HwWaq4%_lOX60M6-d;0;oOEpUDz$Bt^BZ9m*)6Yn*IY;s5b^iZL=vW zHij3zWCXVl7H9JIUuQ(h__(<8$wMc{-~7-Hz8I#X2;=&>dc7pGBE?PZ3=5t(J2k&vRH z*lgJopJF!_VyWWGlVc}(?YXD*^L8!5`G(D3;K`nx0u}L|eFz3L7uIQ;i#W6Q^OTfZ z(VEYS?v!K=h+{3>`0_!n_0#NXa8%XOwA5fLlfwL@#1~K%2@d<;cWY$Iykb(tH%}D*Lq9f3I=84fK_DGg*w(XoSd#TrcDA_ zgo`&$0{<;G{maGpRoEK{R2tP6;Lra&FPFw+gX&H5vnK?vd1m9mi2Q@tHT>$lIw`^1 z-{CP=fB;Izt#fZTW7U=swQlPUZ^QEVJhy*jypqW{C(_-yKmZ8|i<+fJ`Z5BY4=(+T ze!8w*u*IeIg3PcYW+Hl|8nskUYot_<5T|22x4vUUk+c;nQss*^MNZ zo;(+y3NSF$-F~*QG0}<_wvlnGF}Q<5Wp3J7JjdL0)DWB%wxEG_7z2q#!@*_Chqmtb zF4Am4(a?syo{fdElEcPp)@_3ce0Wu}?We1v{zKl>a3&8X2{MaHYvs@_ruq#kS! zX%9wEp<`vk=|m<0r=+IGgl)j{FnYrJcD$i?^ud-f1~s$oBeD}Pzi~JZA6}hr@?u2n zuky$44&F{SJ*#L}q6d)FgxjRkjPOdNWl0hbbj8^7q6k>Z$8^00`Wqa&`W#K-$ovD` z14zb+v>b#Q?jrQ>OmADLb?bd1U|M)v3|&;`45OFiWbTV{DajxovhF;&{-mdh?3Sl8 zn6?256&H7~(fCXXb(pTo2XQiY()K86-G)Dx?|xMF(QCuCP>>8D~{AujKP9qF1*hc8=}@ zhg%iT3wV< z=Pq6l0RN(p8iSs*ukszw-eM{?w8lZUm)+@f0vPuWo+h$3@xJd?yEOF zeY$+(H0BSZD$X*AFBpy+WL_s!B-+Z;P>GogGO;gkSj~dy4hRKqE!-8if-Nf>MQY;00hJ$zoe1=jUTJyH7{CaIUGwy^l;I6Ej-j0 z{#)7oCBie0<66yL&sMwfjbCNBX*cm7Gkn?os>~PX4af@GKV(Hd!BtrG*6e2)VB)z7 zOJJqLx@gnqgL@7WiGszqMT1yCSLt-tzO5qc$4iF^1tt;V$=c)J&SS&o{QG84zt9$! z^du|OGY=ctd7~r!KDbgSe)}kC_Qm&b7TylEE2?SqcHK((JTFBSFOE8lRVv9)q~r5` z7IQj8sP+Xa$gPy>+@U1s-qr6kcnf9*Ct+X6ag!7I2y_=s0iC`PXM?rkgqH%}5C;;H zncSHO;kse{j#jAkc9N^i7?(?JjUD!fY~*bgdU=}~z>z7C4SouLDizfd7C*7aTc2bO zkC2#96*;;E%a`kO0e-7?FKehog+d7A{yH=G%4=46vgjN(0el)};(_acOUBig19Lao zs^X#6c*^biIF5AzNJ(;z7r&#Ef*kK=m>!M8Q58*7h$V~AD{0mw)B6g34WFdKT1ZmU zS>4B=e53*$2c)8HtvzM4C8kzOVsw!laJH~OlCQcKX%;`Od*XIZ@X+tL>5lNJX6KqU z+>+a{r+s%PBcJ0D^SVb>%d$lF$poLi;qJS$TrGu=_xiXx&4lC@H)c#ODOkCexbzl@ z2v`oIt9Da0FHuipzC60F#`tvZoMF*5k^ZnOVcug_u>NE*bEKLiFr@@6Zfqk8nh)@lMS3kh<39n zi4pnJ=)j1Tj+vF#G;8*fz-9M|qfZ|GK^d-hp2osjJ3^!cwiFHDCs!mAMI4a5&2f~a zRP=dNXM8NlkXSM~Vm}dQzBma%j0aj-av42cxDeuKKKrq@7Cb;n<)lbCeYwe+W5<`% zPwVjlYl)h@=5i6Y!qHn+R{`|t%}8cCuy_Q(f_FTUj#DUR-82??f)UwQc}X-dmetlO z)B77?^0~(#eF-th&Kj9cn!pRbk-E8%J*>a11f>RGEyHl%z+ z(nG_X%mwo{O+)&-@vo}m|4_+)B#otw2!NJ?&d2viezq78-BO>I(xI+Fr-Uq}i>ANv zcW3Q;%M{n{P5R1Rnc(HSu+MzX&D$BVkWZGVL*7)NlXx^S2?@d+hcD*EabLSg13Tz0 zjxStJ#sJ2@8Q@_%m83{PuM`0(sO59h=dDey*0>QwwY)9v&(Pgr7{D}9cxBudT~nxii+tCawQx!G6M z)A+_iG!;hQYIYoG7EP8pcIW}>7|}g{`g#4KYO_lT`QH1ompvDfJ}y6{ifhsTuqSVa zoll)i6cCwvtKr_d8tb!X9wwcMfB7cCkaF4pUidMKLI6nNTJlj9a#DY;Ip=)m-2>}o zYOr;&s{G~Q@{ned)J3}YvWnIs0@FTAeWo7itY4DaA(#`=7GIM&pmMwmt+Bw>&N&cgByqmY75C-O%kHnbHAs`0_o}hV!41%PUo(_-PeU!|d;O z4zQ?E#)6XG52M1>wKBmf{aDi6A`z=P}^L6>FJ7+ddTy=!(2#~NekFOS*7ivj)Nh*Ev zKx-x;Ze0ur`wxU45QH>V5N6f|prz>9ZwLg!i7!&yka{#?ZP1}#i;o9pT{4p1ve3D3 zeIOdOtgdVA_0VuO-+AyQ=YowX^|0?&Sa_wk*+c1QLG9rXZlu%=o)))xJMMSZWYd~z zBBk-+w9^u#@=69QgV>dV65mZW_Mw=-0tyLhM31l1krQhj;w)}&gAGZITSTVLdb~cI zrb?0hBTirKJ&^w8k%Wy_`_{$9CB2!Sdd&$V(xl8HVk3Eq4h1R-Y!fRfngx8p)c_8y zsJ6(SLpe;+zcrud{>TXh!l1CRnBBW)MOUy(-fndZAMD)|;Cq*T+3l(^6735$4I{T1 zlJj_&#w_>WTR61O($uyh)K`C|sV#sswbP4HyWzYCD4@Z2NaSrZjq^SuFe-tV!6(P% zwyP0?{}d+dvI7txqa~Q<8)O$3KLZr<~$*t)m^Y{!Y z*1bn|Xl`&0#R9YE%WQ}(%#seR=9&o)h6L-jPJ;n3vdxh~{fe*^=jSDk0K-JcNzPrt z3uh4}yKYV9-*;1!euWrGth+I!*TXD`WOo%OzDScN)Fdx{_)T8&5x+=C2jO$PH)G6F z?uYh8(yZ<%VmNsyedBJ>0F~JC=J%cuv9Jfgcqmb3INZ~7;=VpCYy0-0fPYZZi)Ee( z`_x*Y{jD*>mmA@j?V~=@vH0PtFHqGF4j=qViw*|d#5PuSIm3bvfKhP7=$0!t$;dY4 zj3b}wuZFLpRSZqN^&tsvTTd71Z1Tw;%HA1yOCJc50OtTxtiwwRMons5OcPwXhHLtC zfVmbPiJo%B<~`0uXswsXsf!t1voGF<25j8AW|aKb79kt{IV_#SrNTaIxW>H@rJ_**Cl#MD)<7nA#Jiu z2F}~S(?KM#Z*W++r*OzjRb{llT}oc&Taxi|%5`<9(ugz;l&QK#Zf#xYhMTN{Kz2Np zSiClTY^Ek_1UlsFMZF(YW$3VOAhIhC7%Q|Py`s!(mpmZuVt@vD98dS(sxf{Dsh;z1 z1^EzC|MdUT7Rl~7S-7a4xB2pP>)8)9`NO7IYtK51PAxD9g+aBmUnG^8G#%?>c3=9G zt&c%nWM|&Q%}$|j4d0lWZ6xXqPZaprJNL3!wS!RLWQSHzL)tKF zpds9$yG-J+>5RU8;K;M)Z+{wE$fluPpYz!OQ@*>DLS9_Wr<^mWBi1Tk8%=FCnu0|Q z#uKT|ubFjJLwl5}MJwtKHxGYWK%DDC?Uw^*b;RK>Jl?c__4OrH9_lZ)EczNpdxg~L zQgs`D=l~0+n;dTKiol#5*C(GKsagfLO6#_{(=B1EkIyTVaiE9?i5}x-gYi^#S9@{1 zS`KAYGn@eAM-L96nPFFu|B7-Khn=9nQUJk0+(d zBADsW{wGF2<}65O-H$#I*Dx3EWw)8h7KpJ`WUsATEZAL+0cAqZND`L9U)*hI)|tdq zV%=U=kMf^xm$2dyHF@Rc))@7#FzXQ9kG)SF|DJr*k^MNO{=u|aOOd{5##s_W*?_b4 z>VHXMjQ^3u_`{_bJ|%i2s5SJf-IR$%efQqM^sBpW^_u=OfznN}ZP2MIP->x3*@#xL zoxwLoRXb^2-suYwdY6{IWgz9;Pa;!kn9RDHbAGs89|6|V z)^&rsQ!->{5eWz^<2)T7l4f~Ys}k$hRR)g%bx*W;T2?T8B5ym~6%PhpV_1_QXh#2O zc7w|_bV|gj)3r$IXe4y*)J~1oUhhq-PPLXwNZ$Ru!2>}|n9L1Y5qjg7GPozfThFJa zZwW_ZnSOwQD4n2*YvD(ZjVCha2`|+LlB{uP-XeiGeh6#cIqGmg4Qxzo6<4X;w4~3w zLb7u(MaAJnZ)LH$tnG+d*|!KWYd~eoXWbd?i4WeypjTdKC*5z`$}5W#ZdYs<>1r^< zB{^YZL<{B5GVo?<7e_y4gg=TJjarpl$#9BQf0V%-h!40Z zRa(u&qvoloZrfmMx(IFjHrE`dG^!y!Q}UzHnYe-@+Ks6r+F0+}o)KaHRy+@tHU*Lu z(`5#2ote+yu(?|a+ivCD=&O0nSpIeD#+}1`|HD7Hsx_N{#;9)vz78oqj3a+oG_CX2 zbhyke&d}HP$eIfper)|HEnPIPc=;Vm=}Jni57r$)CSm0o!FgYAtV+#pU207Yj~J$g zp21;xJ#wpC^iocvZNo8Bi;SnsQV-fn4WGvyY>kdyx=Q^bTUC5Kh?vty(faG`!=mjs zxN3wXreHsi5waf)iIOvuXp^0N`MaX|KdKMT;pqagi z;L&7rs6~7lH7RU8w{gk++|zE*+JOLqC?B$qGY)G5f7Gyo{( zG6NqWv3ZH~{2L%|(N#6AgfjFSmmldBQERTW8C;UH&e$!$BNk~oS%FKb)zXNM$=|I> z+tGN;!Pd8Jm-Su1y|Bq^e`9>A2)Y((u4)6h(Z1+^nNh`^m{G8~M*_WJ`amk^xQD8c z0x*>B1BMc%zxWk_MnVzBhiEMv_ig{cs)r3?6ItvO)2C1y3efL5N1x|u!}H3Q&u4G;NAbHlNryjq?-CJS*S^MN1SF}`L+FMZ+I96+ z5hZ~=8{CFz={12G2CCxq*~u?;y!tJ>GHQ;(ktc(+$VKaoO^)RPM7BN{F_%=lm8f_9 zt*!ALnO!%m)^a^&E$Sm396Oo;C>L){>^d+3%?jr0?;?u2++B@rR}QmBPdEO!gkCkL zN)=|R$eQje$`PD4^;f7?g@rj5HRWXt_P}_`#ta@|aF{*9< zrFvVs0q_on!h(~3G0u=;+K;DCHJd~(e*W}$9wM%g7Ojw1Zog$D-=$*)WdF+e;B*!a z6E~*s(T#YI65gE7CB6Sd1Y8OPmBq&;tdQd1y>4Bl z_9PR5vU&isN&#RU#;&72%N`%GRdiQ-_V{ct;|CzpbyhjZru^Xy$ibjIvN3V^xm8>k z$r%*U?P0cr>V>&IO?igUq;vurfDl?=UnJVhiqF1Xr<`u+s7jZ1cRQuIZRlXMrXLduB-D+V;Ku+uGe<34OqE!A3)fv;A0^rvwa+V)5~O&5QcsZYK9st9?}Of6iVW90?>>ZX>J zYPzgzFsdi|Xv0K_Uc~lv`{-iJv0_adja4-PZF);j0-$u8K@u>)EgY${!)&W7=|z-n z0kvOrTVguK%Ra>fG&ZWEZZx&8`$V)H7OE31nIpf*DMvMJajJ6t*wpX2DOGu>f+Qvs zP;~}5F>Ynt7HE-y&p2b7*FBqV%040KEE!&Q%@^v2EKM8n#>$>>TM<8yZ+olaqg5>w zqb%M(Bj4Ls$sBtDYf8mu*5LB~1OK6}8HSQo^sv%7#kVgcuwI2>5FSBiaM-iEr%g$f zye(EEv@kO_{hl%M$!LdW*_Djv2kBMo*EV#o-+F*f8mn|kox-e{N(qP^D3Hst<%Jo8=~GsFKCvdr`q`(e zKkh0{(s}!yv?|rpoL9`e9t zXKSH(V#5u+Ik2%tI~{a<;uMz6Xs=L=$dn70T6@6&7hkt7T#lx4EESS6Vx(kSHB)r0 z3Q-(VaJ<6W9T2zmGTJL|a!0n)8+SGJVd&?*?!6$YIveDfK6L%I4}25}uhPE!+Ev&8~|5 zHJyajzAtUU8uE#Ey`Qzrk-(kY9fA7h@~;4$KpQ3S)N%>%70@f#T3%;?c5jMO zB9Q)YM^4(1nQlzfbhf?|neg7vaa*uM>hbC=$no$}%JGE0ayob(FUG92nz#|qWoQZX z4LyyXKNvOCeahZ>lmWyPqL~)1;U}mtT>~_EQs>P<1W@oMD1T}DOBK8`cS_8RbKuSN zbtJcs9jxOv{V*cp=18}%@z>_)og)uzHXCDDE^wXB%sgEux;?i4({asVv;PRcCx1n2 z&Rd4*BLkK&v7VbL9C+LFgjHclZ*VSK1ss%yJ_F}yC+jr%w#aqqn>*$E-qPzVGI1%I zfD+cp`Qs52-F3dvS%d=n3f@3u5a_Wi} z#xC~zmmol^lGp}N;s#iz(I3}3G)cIx*tl+rulH1j;oNlR+1$C z1vIw-otB4q^~k4;J$0GRg>wBr?7d}FlzSUKsx(ppN|!Vu-HnpcAs`?nASf{)(hS|* zNP{4ugmj0}NOum>2n;-SU_uH&lu;z*1UDtiz*Y&r@SUY`3 zSh79SBoU%P2x+)8y<|~3)@)+b$MITS?wpSU;*eJ1xq(e3s}nN2<&teFcfvu@MNFv* zB50i3K;eK~Ln)7UbUck}!2|Ph#Kr8=w-pElfUHqLzrNazTD3vPA3UCfD}%oJPHjwJ z?Q~*oeo$bhXz&%~nkvb7o6PWc-E$C8#8&zVITU(Q<;WO~*hHP)Y8Sx0C#9T2!;Q%p(dV#yRAZ!D{Zeeuy$5$fp_?(zZwC9qZv;6%@W zHH^)7N{vNk&xJ26*6zi*EOnBXu;U9p(5sxnL^pg4-x>ru@7Bk` zCLyiQmphf=0}T}hW}&{L$)$I&c;7(8PNzz(+X9uFLnA2ND;?6Tt+pmXyfWV~in)+* zs#0O_27Y&VS}s-yxr*ST%hr5D64ZH#upbx_kf`WS#R6SW@mhKtcnqI(wDHMiaoL=v z@`E5uk7o^=+-9_N47IoALe`3^W>{~9y({acpAh=o1g-!|^qx8(fo!@kELZhnuUkPP z-*}hepSbEVtVc71Q5X{_If~hiyR7RLOS1?Jq7i?bSih}bv_fDK@2{C2{Je-zy_-ll z-zbE+vFCAJrn_PzU&_W=r*pV!$t(XE-p{I#TwrMoXMddsYvp5;= z(Zm9dK8wmSo3)EzsihCCGv2aaKJrRwvP4ex!++uTLrR zMpE0*H&!YgBTqAkKSZz%OQlkkC`{+p`|n;-*&(lj1Egt$jffg*GQK`uNPXueZ$_Z^ zKxt@-J}rh>DzYv+!T~f&Yykphc<2M&TxK*hd2v8Z&*I-Ut9Vp62Azp7wUZlW?xc2WUl(y-H3_EvYnRHNEH#dH*>f;^Wv^$fvrR7a#4|E5$9>Z zL0MdrzgSd#&3w>dtfcaz(A6ykpg&!s$`TP7Jz@0E%jR#FyewoGGZfvD39BZWxF`*B|R9>p$ zn15edbqjjjrjUNx1~%cvO|W{<;s^;Q;Cf7f`54xVsQ|#LZD*zw52Y@G&JsX<*V)Aw z$f23oOiYCVm5j{c^}Lp|d~-$n;2_X`5V|P`z0iZ10xdWoo~n_{klYu|zcpDsU?SEA z7r8kX>o{xUyqETUrqG6V3iIc{%*DXDSvt7Bh;bxxw#E%^3be!%^SyHK1OFd?>*`BT z1i8S>`JjYAQyOhQ{oA+jPSzc&Z?5JK#^c&xr$Zks3r4XP!v%3@mHg0!?wZu<1 z2;EI*QXPBSkYtJl9hXq7M)Q=*1c994{v^}T(50$GI!MzfHP5WcsnFpxNszX>X2Eq3 z;=b!wTl*I1x~1Y!i;qFPylgdyuy~);e!*nOcpW3$J1wL+P)Q1EP6!qQCP39PQ!>|d zGapMj3J7eCiPUx3#=yJfO$Ex7V$=3skM-_u$en)rsw8fMO zo!r=T5@3~Lz|Je>n>&(Ok5N)+fpGg3fNFz$y@4TKpB65V!P4>c5Pf8^y#n6+=nALj z!Wcsy2J%bBhdl*8;~fI|0&-c|moQn6rul|@07ikyc0<~KRal|D6WfKwqov< z`_Nh4WZ<@sUA_~g3fJ6ry)PQ6`gLD>+v83I(5sL}j*=c&eI;=^w7I0;1ond2RQ#|t zi9p>QoRi&pfmH#s&`$0=S@|(F1L#7njp|Y~btuWmOiwoaIWfz_rJ$j?!ZhjQV424z zl!`VB8cBM5 z;6m{^riR-p;Ng(Co5*wRG=SmNV9yTDU;Cs~j{0Sm$*wJnQLQ{V!K?P=Bu>)<(zw`ef>5)24Hwm^KlT^v^=fRvv`^Gma6tgFTph=h zW*J1u{{_hK7a6g5;kyf<>neV2Al*X5Y5QoNNxwLT)`?m8@frL*Zh8d17}+YIJkCwAX}QVorm>VxhVddUn39t@3~B)l1tT(e=K zd3({37i)=}ZR)JO7B%oxJACtAwhu`lBl>s}#K_=a!UdWXyn4QW0kj+RW21U|i;E#E zZ22le9d2PcMaKuH)i^Lhk@@TXeXRVA=3T+lF9L()8G=V=7oMzgD~RT)rvz+Yb~VRB zF@q2fnspbFET(Pk*GnfU5z=vgX8-bwa!54YoyLthVFzm?!msG*$De0`SsumS_(8W4UYPJeub!zoy?4^H zC#d}oW60PYXv28pRW9886b_?5WL$4o%&+Uu==7$^h{AorA5|UCo{; zm|p;oK?49V+IBU#n=|LJZWo^koJY_Bvr`m99Rp62UY2eHjb|r;8eA5y=Qx0LwNs{X zbA|Q+Ol4;{8$$|we7)>4>D2rOt5ky6F;l)0a2(P2&%>^HtK7RESK>V%I2CO^Jh?pqrV_4wHJ3;?J9`CT(YT zDF{D)6wwFvnNxV)%mArKv9~v*kt3$l3E^bdg!ybK{FFl1l>RmQ!mh2cLAu%_+*tGx zCt=S67tyX#PAjiU?B|2!d%}iYnb(gy zkG4{n)+hJ{nw@seLT9Kq4uvu*+G&B!(PD?a+v_GphYd67)VgUA<4H5DZtZXb_hKE# zGwH@V)O3o52$YD2T_EhX2jGtbKFyJi>>E@utB@?$O)8+nOKpB`Xeeje#992pL!=?DQq(1H7>do(y+~ z7UK2`K1S**I1tutGr2{-tE`WbAt=USkk4XLNAvHw20tGQE|QGG3zfP?5bxQ58s8M= zgrql5*LJGVodz+9cO;3*3z6~}xBXP03 zKs@;z5T}Df7p|nvV62*9=BorcMlim!*_IPU;3UA!iE1El9QTt|onAf`mP~P|7CC?A zo^L>^tqQT_1H_*@0AW9_o{k63Gr_3vh`B*Qh`WIUmze^=1YTbX}i`@;dU%wf>sO=5&EmLqDvpcz-;O zRM5^_?6ezMCR+wb@E1;@pc%Z&zaTv z3M#o4l4VcxeMI2L%c&#-wvY7sHF(tj1xHGjTyqP<4&o`F{k*maIV$kn)XD?2|t@ih2U{gY>Jd%h0J@rY<)@m+X!o#1Gn2_^hB^5+{Yg z-HL~lm%V`MZH*P?%pb-z%vWocLAOd(E4Dz5@82RqoL?x{+(bq@E)qkWW5FXpmnr}S z{ikdxo6|}i#a@rRG|A;=qdC*KLBV;Q3YjpX>B9VUt-dp963q6bvj4I-0kEK6BRqj} z`gLR&y!X3eGkzSlth)fO@o*?{X5qirzF$iN^d=9UR?WZgD&rzGsTqJ;_tttk%97U< zYTkRF)y)6$>=(H{?lnb+=hfxKW5{j;z}6aX{ktHI#&~DbP>s3VpDMugJnVI=s_=J| zvsF{Pq*;S}kHHKvc-R@$r>j$9FI|fTtI}pOATKR{YKZC6S+}lKmU+1n)FBRD8oX=~ zfv!tj1q?FI@~B7@(+kV>sBr)5Mf`2-YKhl4IJ-zU@+V}U&YRu}Nk9I0=oFYxwFFxY zg#Vkr+m-$Y_j>7{NU!aTi_#?NwuV1^Y?uN_{mt8g@IH=8TLIz{&r?O5Gn%eGQ=Bb@ zp;iyclpJs5L~V`1P|+V{?W4C`HNY(vE+QqQ?a$g8ysW)olkf2#GOCDnP`Pe2Kc^)4 zFSigK0c^Qgrxl?7x+}?B0CyIP8uRaolYjKazhx0dBYT(@|MSwLe$mDQmo9`9Ar5w% zoxj@O&BGuoQwBpF&kiM8Mu~v26Vq);4BpGxg^Q|rI81*Ndl_Oh2U@tOxYE;z{5i|| z*D?S5>HaKulCOM+iT|~o=GWOgp$E9;Gq=7J{PVAVKKkN_A6)Z@KXJ`} z@hSUR*V-bZ<60g)yjG?lb_cZ36lMxDGcS*W_+RvKbsPZfaWf`C)CPTLC`dS}zHI;b z5hh+gvafm^vcDc#_uXrHdOch;?#O>wtjpkc zL45@UZBOWf*jZBfwkR8bD67yL-$Of8P_px!dLTWWtYbMZ6;z><->f~d>vh)9Qa#)3 zsrWdV8*#bhdA5^zF&TRhLZ}L;P1Kj>hW{Fj{fAZj{gGD*xP!Lvg5P2xlB7WB>h;bh z`S*$R@l*Ig<^4x4_r=zy?@`HKB87<9Ue#Yf7tYP?k;wV2Ke3k9L&Pt(E1oB-wj)JM z8fCtiTzIPU?A~x!0I{JluvEqtaunm_0YGN#`u_@+e?=nnNWkEcyAm^gy?-ND;3}IB z6#G#A?X1{*e;j~s|KR`tJF1swSI3#~(ku9`Bbxh;kmh#0Cgap8j2xJQznH7Go!8Ef zyalx00barF+&HH96IzSiF?8FoLJndC-4OFTn%~drugm*w=91sC0A_r9HG79&#ILP7 zVZeo#PPlQC|Lf)?6&bF*>Ol5CUDIzx3&1r2Q}QoIUrbd^E{v^w?gVle^f(ofuS9Hy z&#DKb)|)^8JBTtIxSp^O%D;a9@Avx4HQ_P?2NL}bNBXY_);t4*YLBYPr0IX>PI|X~ zs1Ee~=M!ofzxvM7pXc}jbQRg}VU^gQ0#kYVjLA39sTpwd4I4{e6*mKt<*1q$01}he z8vc@W^ipL1K1jc8qxCbLH$cKxwkH3}0hM0sl^E4Am_Pd04fzl~{-Glv`A;JB-y#~o z*%R{VM6Xz=hBUeJea`}XP(^-*XXoW2b+ZxEL5KZvWEIdMo$_4QZ!y<-=Bmu-6Nt9| zIjs&Jb#)BBPR+N%zb{n)lhlAMW73@)=mP`{h8L~(`EvxMR6Au4b#fyA(SFz>9xe+pF2Cf zBgol}?Xm?P)6k>DMn~WN<^`!s$*Ie6D2;qmTH7@u(lef%%mYgnT7PELjPUqNFpS<# z8*^$YFpH9@A=1d*HY43>*_P~3GUJ3s*$0i;;}U72I5$@szRMApb!1!EnZ2VKPrIzLk;Z9wSMGY369)v z<-2SqNq|r$DH!=Lox;Dh)O?&CUMu&d+m&w}SFNv2zZBTX#v8d~>5YW^C$YbO zC|>zrD-bUlkVpPj{(7Ve{PqwBKDzuL?h5Mb&1Q=syl6JLZ#CFoF={)fY)aM5L!HYq zbORObzv{i+B*5SR9^jV-ev02pl>QmOZ)Y3P;zs{LZE*(mCLjg+=1Wh>@?=J;MgDwk zYNu$lg}A(C*3Dbkf1iPWzM{WA-!=q<%KV*e1b?flVqB}|J!+Arp!vh|sKolAQ|2FM z&{ZlXFsRaCFA(8MGw2bWCy9KA`Ik`KpFc>tTr1>3susI{T?)<7^>1Gg*n9usc?_{*TpI_WiW6lEd`?sZ z+Bwg=<|BIeFa?muHU9hj{7Ko2#%B*W+;ojrZ85*p_#`*3fBTeS>Bhh1PUW)^HO|<2!Y=|Qf$BZ z2eCHE2AXTbQW5;0Vg2jimd&Vck~X$Prb$kq2NI>XG){cQBzuvb@yiI$~T@-SC@rpTl} zxQM?El19)6emd(MwCjm*$GL*zrx7dub#|VjyratNWp3r5srlSWqp?)MWAUavO-iq8 zE2>Ut+EW>9d%!$&Jon%(y28Ia-jFOtEg&?VtgW~y`M~6nRFQq8R$tnf+`Pp_PvGfo zgQ=EGn(Qm;6J?q7TuHiHbcBDf!+)Oo+j`f&!Re(S=P%!YA>o52g~T^Ol8DZ{OeR|C z=p%cq6G`_cH(xE&dI7!Hy&d}xFC}#CrNsS`^vABy{Fc4WyS!-59LQ$?tr@T_aX2#5 zA8q^hmzJ@T?ibKhD&CYivIoDfQW>zloR_i>{wQrZbczygnJpy7@Q--w@bFi>{h#;x z@lOBez5bUL0IA&n(gKwKr3HV;HUF1y-@yD|zWuMt;D7lx0nPsk+22Xn-&y4U3Rxuj z|DP1HlFXQ`1x24Wvf>lt6|}Uf%*@SuhO+(M%SG*EQ*faFB{?pMWD_8%t{XuitVj3$ zZdL3=Va`$aVD!G<0Yj5!P^+e><0+4jn%koqP5XB$+@m6oTXvGU>%B^BbBYdfx5b{Z zNx54nA{xV6p^SP%05D|3`u}pN{03ut!H7o0X=kKveK3`cloY4)QL4n;{rB(X=$SaC2qEl}Tjd&ldn24uVoo1&ES;9-BUWy9 z8eC$pu=m7@aH_uakrT1bciTW%Pt0Sf1O0}t@ij*J&a&Dd;RhD+>MUQ%UxITT+`8hU z!jJ_;Q23!NNf!*`^%b9+%FQ=Fu^V>n54Z-9+`CC2FYLp!>D1_^S+>m<`7G55-IysdW1T)lDh9qNw>7LfY~0|q?#El0h(MWakA854tO4zGLS zA+hsyagP~2Dm!p&Oe|5B$PAjza#QLMsXYcDFc-GP-%mD4S#C z?ReB5hpU90wrMWv%}=ZMzPJaiNcLcYZR6b#MTEmCQ9+H_;gbnctNWIpx zyhEOwp3}9pQZ|Xz$TIKw`CBg8q8kp+JIrqp$DIW=s*_4E?elM-FCZL$cn0+hlRnlP zC5iokWNuNQBB#%6ohfE0FaG9|6WFkt_Z8<5jlVZ4VSi}mLPLwtHF3(E5f4gR(dCp> zQ!-Xi2r3?FfHRr*zP@S$) z%9W0f%gzHoamm!nXwZOq7QU6aMyip4X41^fPtN}eyT41}A5cn^q|=LfVpSP`U?y74 zBJ-CM1|R^ntYKNA^1J!!8XETpMH?O=I8|MXNCceTu)-(ajNY;2?GI*<&*H;O69?<< zT+K_>haDZgsoQwRFp}>K5(1yb=e}nc6fEUikKU|i8Ip(Hl15w&U*2-PSf&%Mh$FD{ zu>U@^fdpfjr4dU&ia0ZZusY_`E__=H-x_|dO7(EYKEjS=Xm6hEaZiyNsO)O_6m5|l zyV%4oz1Mix^%k#29l>@g3K_=v&MNrz!5C?JOvc1RM(lwkTOrce_w8NJ(2BEXFl`Tc^^!T^D!AjYK`~gl=5NR+jfsVvj$){y={{)&QJIjE`q#nr*{DH@)^S>{irPTk0Mfg-drr9+4 z09o50j&+C=-rpNXH#>Zk2I`pUs z%R!CwQ4zP*c?)Dzvf-8_l6!$SUwA5VoiHl<1m3$-LI(imdU%n6{~3|W0$(GTd|RqM zvaf0@bbjIj{IWC(u@8M@$@S+~l!A~VR_x4J>4&s2q~{6OGMJV-BVMvA~O6eb1FnP1{w2YC&xSXBPfy(Ht#!YC&qrH8OPk4k{Tw zx2&a4JkV>%!#?O2y2VRN(FO+|#iwG7E~$TkTYtT|p$q`qjY%2L2d;T;n)OH3B1ujs z>C-u_KQuBzSMEM&$ih(?J({noI9Xzlt5cdWQVOE(8Hn7qN0FsK$GxNQ&?NiGlP8;} zCnqPsq30kK_jsH8-ti#4JCd?tMP4`A%)-29rHAl+eZ3wo)%`?2^sx8mPhHKho7{T~ zV(4Z41q?5T-e7ZH7pA_l5HKE)YPW64=7zWLv#^S3}qS*~rK!JqL#lu%tx`2*YSOfSxtg)=I;-=Rd0UrEwV)&yor~@puZ& zmO_%cNK2!bmw-Q7A4n$`FkY?9_4-(!ChVxty7g%j;bLxf4jzZ`JTgH3wp?DhmExi} z*;02ldqlh&yk&m|H+X$CrCwNAsO8YDh481^tlwdquXl{lsp^hzF0G=7LN*%~src|a=KQx$;zHa-s?`+gfvM;UAIyz5l?s{Kr-o`yM)=a+%cBfW(gy$v!;V#=Rx;e*Lb zlUTw`9cBSXy!en#tT+eaj{1I6Bp}6ae}~&%zS+>CK|&x>tm5#SeU;otR9_SlG{nw~ zE?NO>D}OBw(zE_>g`a>4tO4zh!h6ztkFO+jQ@F}Ym_m>1cwSp(Jmp?qKif3idR{=A+zA|iTc#{a^j;4kp@Qkht#JK=yc!Xt0r@dc%xwzUe%g{(6~t5`dYFKF}0)A&M1g8K>ui_YM%hs8&K`URlQX<1OU{mNiWrpZ1qpi74HjsMy2uE2^XYi~|M>+VpnHO5ftxOBps%03GYj*9{ znj6){$7jZCz_2@;1wMQ3BwN(GQ>J)~*=OSHi&}mov)pkYUzjvSJ-Rp!MA|*F!P?4H z3^n~6v#~zn|9L-CaRVLEZWEAjdWP4G1vtE+NsML@oZVD%$Eep`@2?sFTV+_~J9Sq! zhrR3>*k(T2gxt&%+uEJYql#Sf1HA4cn`r?p&=PnhBuMg~vlAbu>wq|BeFF&gZRt%v zTN{;JNa}fbT-f*2I!W%n{qB_)-j4q}juI}Aj8%?OMH<)GUZB~C?g%UZ8HsMAiw`!L zVC!xr|D301hk}q>p_z3@O9+OGH5XBb>6J?`Z`1 zmSYnWy$9>26(~Wj4i;96;Q~{q!Tqmi##qWvS9NkipSeTt>TTdBkkXjch@3S#j2&yA zOw{kpu)bGJ@^D>EsQQu2nztUmGY?A`diU97^L%UC$WteU}Iak%_n+y%jy1!_v^1G*)^skX&cl z@+iyCu@PWg>VLUAH39xULvNEbXkgcR47Jzg8M!3 z;RPz8`^$U&?(Fhp@1lqoIN<(Lwv-qyC89MgM9*s1qXT1(dJ&-)D&IweAD3uMB83ml z8}9;K>`|G__MN9BXWd5?)^60Qmga~6F{AhGVw|l4HxK=zJ5fj|B=%oe?=TB^JyP|t zuOZ)V)}tM|F{))hfr3Z~dvP@U2)_a3ykJmV5|F>}pggR5iKVGhp5{J}#zcJL`=koV^Je&AJ_44Yox?aHcArrrv8JyK+`lEO8iZ?r*9)>#6ji3qR$m8Ljo{ z#K=k5+dyLQ-p9HfDfV%v;kMIpz<0Wa-p347v-KRb)oo(?y$NBv0X8b`<%KL1x4?=Xhp2UyvXyueBvMWI z@Z_yZ=Aqn+$jL%5URky~|KJ~@X=k-A@taN zC)s8Y#F@u3gt7d=PU*j-=+FcpLod|5t{whw?&Jl=r?Df^O@9}y~)PmS241r@q>ed0NHu}ozi)JWh_cgJ6 zr4C+PkSXm&jyT|`1|LjjkVnh5&U|*q5DlTp+AS&?=w*LeLq*$8m}l?&fN6(jZdcT1xwysbr?_00wqgy6Jn!s^+`8nA>qWsu&O1I zWg#vNU`-S077AVN_s*IfM<+CgS4$(=8IvfpmSlmeE^)4n-vo$UZo61QZw|@}7=lT< z4Mi-x*QlhQ-jv#z?v)fUw6qo3(Ubb5N!s>w_Q;BSKSh+JTpaG^Q~Iebo=eU}mgFOZ zW+CmyF2`V_)*a0>lNsNKV$x)LA54O>U?xRaF`@fK#xtJ~vJRzPG)Ook4tN?Fy0^ER zIjJU(Aw-tEK@Dt3`>8q(sAPMdH`HaquNpZGHt4X6?j>@5o_8kgwZdwonz~1dgtO-- z7yQ(8yT~7Ok+4CN5shUtSLY%h@0^%uxcR92hG%~0Wr5$$i8M0X`EbjKCi=p$ z5aB_SAGdOd5DfVlww$!>l5fneD3U+6=U^0o#N|hU^Y70AOx85>Ee8KR&+v~~u%BPf zT+dEvRKV|8<_3zmGyK3UEKO0~^CCfRQFWD9y>~(%L3O$(F0&PCx%rJ6W ze9rcivkF+KVA-0m8G20ea>4B@PVa3^UAzxB)~pN-cALtms8|Ow1!j3XgC2I}_3N)R zA!rTRjjh2Qt4S{F!+|#EQAfV03MkyK=-&xbJn4jTG#`grWO>ycwBJ;{<>Vc_oNS@9 zQRMpJ%HC9NHs6uLln)8V%$OZ3!Q@1;i&dU`%?u08);dtq6k0zi#=)2qzj#)+-Z!?~ z?qbr|vOkaLaJjJSxX-*?p2oBOj7^PeD}b8~)3!k|i9Pn7ANuz^l?+jqJv}wGp}h%9 zm+q(KF4+Q37+^!)iiyKdNIt0kM2r;7%wvWeN^ai+h&LR$Xd?-kR5t2J@z`o0uba#) z1R61C)*|>Bl_@xQ5}bo7D}ymmXk(JJOJmB*yMgV!6O+xc$9W=;E4_;P4_OW4+Z3ez zIIocgahp)4Kp$h1`P0d!Efn)}QA_&r%ZCVoQ``ITQ~)Hwrpm9F_#oayD#&GAK{0CM zglrgFRHKy#^-*~#b>;LNOgfzgff8>TtV}bFgflvN{Mq$1;(&78!Ax%0{>0MD&l}5p zM;$^lveoqPTmLYk7-IF|73en4IC+B!w%gJ1hhYgDCbG_{?ho@gh` zlh1t6uw(MEx9%In8g9)Y%1-Vqy<@`J-uTjUg(|cbD%8%O!Virgeao72w*HcX+=b`tOoWa~ zs?W7@oT1_Ko(C+it$g;t=|+xoFn;SrmKzo#Z+=xBv>DWe7L2)fxA+4*-WIO9g(aHf zfdT3q4JWV+QqAgAMM{ey^ zPc@zO$Vu8X{Vd$%EDpa~QtEEg1#A_!wtX`KijRn);Ta@)E- zv2^oU7N`Xre*v6{Nn#;h~URbbV~&Cx497~3!uz{c@i)~9nO zs1Twq-IA^6&6U<~r<|iE#n}_05CWpepK2JHquBN^yzAOTVz;!~?^@E=DhLzfrmW8!)_ad0Z>!2SlWtLE3=8NMpui=v z6IhsEWfkKfB{r(ejS0qtRfBZC6vOZrC*oNMSJQNP-Z;R8YmPFaH{71nJlw%_Ydt57 z^JX3LUbJeA&Xc~&8D8mU)hePxilJJG?XNyTBu@kGPrIC{CADwFr=p@)`qV+rhzBwX zdWsx)Y)RfZjsftqrkpxmaefFGZo({CWRu3&v%VpvF4F2k<%>edcprJOZrSZ^uJ{tw z4O8WCteamVtX?1{_i4On%&sx`dgk!fMZPwU+P=kNBv3{TaywP2Z3sqhG#-eGGgRQF z?C>56QrQ<8a}2kh@aDC6@h`@wc)g!yP+G)yyj)9}UcAkDs-&T$N8k&TQGD1?P=m2u zJU-{KM5R-U#Wu90s-JlI*@tkmAQqEQN={IvPxb9{(PrrZ-phuArsvb8?Ocq{iYJZ*CNJvz9xsU?&sF%PttY67iB- z0w>d4GmVqa@n@W!w@f(wleEYU6!1kt@>@+0T*@R{7=L&xlNKQfv0}ex0{Q#1TlXyW z-cJnpvnJHsAUUS1J;Sy6MrDbWr_{7YHSdn+kGCELIv%*SIDuTc9rkKso{;(QTM8KB z>A0&HVz|!ljGbF|hPmwSFpCe6lqLlVE!TfMlRj#C6-3ZeG(Bfm>U;YJu)9XGC)H|E zA~#2D(h8FJXjl0BV%uu)hZmZw3WcQ&`PnY1lI#$cNVdJO4a8GV*x&SCUrb7{>%=wR zOaaf;zpxqhHz+Bry%0m0oD@?GLpr&&>G}zW zR(o94wweIiPq~pUMP8+Vfs99ad^w>B4odmZZhoTsy&ijp6RMVFLWrlD22A4@p~^k_ z&k(vKFxQ#;0uO-E$#%9Aesl)1BJc}p{KEQrpDqeINRygM8>^^inaH<`?*QnwyM$y2 zsRD&h&E*-Y%VY1)Jdc1?1Tp-sEpkY#s`zx?p~)S*WtWy4co=wM=WoTw0era*p2FJr zyn0`v(ZS3@j-2A1u}lEL4N)Te8%i0x4+q4Y^K__VXga5+sAaPj$+~7E7)({FeO%Ri zI>|xJY}DYRLaJWaq!EKbgEV`e}OtMW+YDwDOj484)+Tfth)wsuG*jXgQ&+IyJ&dJp$a_F(fQgIC0bI!q)f)K zo-Xp0jX=PrbiXKhv@*Kw$tTw~hpta1QhkL5%Tjm}_nB123dAUy&~t8e$hU7@jaO|Y z)S5+=xb}}HDFW;RVEr;N$69yJVHjS03mE-{xwe+pS30loBF!sLh3(fbP0PYqaJd5O z_Z3u1+{i%}p2~38=m@NGk~L9>k_V6K0&^-b=8}PI-4j^tp;MmqCYB9w=6LC0Qy2>i8)UD5M)|vi<|qfosl!Oe z1=qD=S{Cijc?{3ztShPD>A9`B9f^r1M#u#vIMo~03hu|@3!V3~B5OCsVl1@qK2Y-i zq!ZF@=+W{}v_jgIfoyR(0V4yAN?mr35s>9G+eUUSelEtObX68LNUWksbHb?!0%^|Gl&}w;FQ?Tw zY-tM!x5#uqwkPh%270?+LN}>ioq87#8uHV!3yQ~W#Y@t0e0*pf_B!vuW@>GZ!1eA8 zlZOvr%*B{;(*N0*hdh6z3040`nxF=fAW2RrqkX*=%-tE>ng+lv(ZOI3i)Ht6*F$ZC zZ}nEC@wW5zo$T8VYu_yr6<@w=pW4Sl%t5-XybTz%b!U&S6pb23OO`rRGsW2uS3CF8 zsd!%G_DOh^IOG1dT&`DR7`nB_hEK>D@vYL<8o}XO6F<^|DH{U-Fzt;lE6XN3MGMQ% zbT!0lgFo}eZsTTU)%=Fj!7&9=8;h(ETg6*~MCqD|ApwP)rMEH8ENo@$SZi5r0z@Hk1-N-!|qf!(2T{I-4a9fdo5>y^Bi3;6*#? zj{W-L1k1%{rz8o3hl#>~gRDA;(B1GMDjB<`OJh&JLPf*T67{xt-hy!yw*JbuorbM7 z+-NEogtD>szVB)6AV808SiUQ^BQ!dYnwf~XGm2sGdSo^4ki0SUE%%-zimEim{>07o zRQL4RIsN*~p;F3M@j4MXy=O?$cjZ2+yo$-FQ_W6e%eAkYai6y(+?O+AjW*T7-<7GB zq$53RHT>u@i0Q0kJ431XVTTY7qyBmr!P;ttM*WLGEe8M$mB{J;Bgj9R7lvhwF*;r*hUpdO{hch;j zlBT`{mVNdpWKWmh`31!@h0Y_z+z>TrzqOA-#tv$TxXWrd20n&XNuLThILi<_EimHl z-r3VwOjLez0kxusT=FjmJI+;u^NWmH9%eSLEMb|qdS8}>p01_3(!W*>cD|TO@6=bl z#cQp>7B(9gW4Snis_cHt4kyh9*>KWshDuA6?pz?D%MUMM9l7O3n|UxY4W}K>!F8~+ zK?R~1H?E9+_0(tEhQj0by_VoCZbLi*0BsNMI^V|$K%&z_0hUtQx%3fQ-S98VNO(8) zA5EcE!JY*eqy{p z+n%aZ$xz`dVpl?!u=f&&OQIGGf~2%-uFa(*@omh z#WBjYUr_A-3_%f3C(SewK7)RMQ4HF6AR_NR^XXJx$0Kktc)j(luJT|$&^-nyP%Pd9 zkMCgrQb8zBniTdbEYP<2UM&(%nwzYvR;cJ!u`jHOXGEmijzOM6g4xJ*!jgo%(^8yS z!ADl?Q#2(oiZbnMC-~oB`IH~9yyyQ3%desQ=<@No0INCQBR;vo$fg@O4xA2LK$lVD zBOuSSEb+Tvt$Ymz;S&I3j}8`gExs?wm8s2OB5*?vp%%teR?T@vsk)l`&0x2$t4T)N zcf-c3btGkQsoB+$eC~^URBr_EHg!X0-%2a#TV-%x=)*Rk5Z$u?u&)F`Q`MX@8afFH zorA-J_gSChGo8ge+LvtvNWNxC3}5!obfh$h1p->>8u#x<3J_Sn<=-w>?tsE-N@Jt} z;&|{;NaOyRNc|S;7-TaC{?x%YS?)Gb*$!q%2~(${kF0}se@hYT&~dL!+c{Qek8H8tw;5eUQAU?fVt7{D7l+C7O=y(@AYO&oN%LFN5ug9JP-5naztIl`JS~ zyq5<=T)3;X!%X{Z_ z$wUlj<%6nXL-kxYBf2XHP)m|Wjoen9C(PsQ#rVzN+MwOdfBNYfAQYIO|H)FRofwd@UYiA zqzLKK!>88sLY;(`k|=1|GDSBQJ9;#65MceRvdbKe6KOH>+s}68Y~8EXI*2UkO{r0I zS)D~aUphZ1tXHih_L1eznB4*4!Rr~Nvea`jlvSIw=(`f+k^^sF81Lj#b<0kz+~QS3 zUx!Q^=9MJe%CvBk4)(D)1qS#;KQphHi(C2u8=n|Pz(|sZ)ffC<3!VSi0sd>-w9@ED z83P4|)Nq{PKiA=gIx(b^?~zzZT0{aHYL9`IwdBF$=H^AV>t^X`ADe&?laNpu&a%gc zFfM*oRn?@1oyLyR;3UL|qLtagWiZLgfQW5kcsMqgJ$PSY0&b1T8_SjNg0@z+W_21s z@_&)`)nQd_Tl-3M-Z3-l|G{B=_Thb-)zqOovwmm`hQ(C5 zfwW8RMKQi&M*V37#&Z=k_7ZNcMqxGw$DM=>gn;lR;EqqZ$eVqJo&$w}Wk$mB2ELAYV zws_=?f*+&SF>3&pFZos08L=dXvA2I{aOcSBKkgyMsy!%_bH}t;60RRo9%1lS!X7|V z?mgZLOg4$c6R>-0$DLZ*az0TgDR3G4YS#xb)T#7M)p(qMI!27h^ngBT#J33N3GPqY z7UlCV(jG$D4l8kaIF^vQ#h9vtm*dGf($gMjrC;eQF?#`OG0wW@UE;apKpgohNKcA{ zXx*;j{0S%_i|EoN4aL!wAD3V!5Cr^>|hW?$ds`WP`7 z8VVDcT1=khV|Jiy(O{hW#yV8?plKg!ruac=Ek%-DQ9oehq?t~($1#B1+B!&lQ`irS zC)6sg#c-{Q8{Gea!noi@kM;&ozgVYgM0WKF^Go1rysmR)>#>I{aYF5uRCK8@7PnuJ zunHYXC55X?3Sj_f_k7)h*6f;@j%~GLT>7er!QR(|&j`(!asnr6z@Pt-ymQNeYJk_S zw_0lT-n7F**Jm%IcI`PcOukkV%;@d+p1-N9x>To}=;jna()AK2NUcNMW{XvQD&f|! z1X$NxSQ_1%j37Uczt_+ij1q{IkazY;jP5mS{m##I{O=bgO`Jzo+oul)zoY|r+oA$4 z1z`0^^O8|>KseA$6f0wLHGduRHL0~|_PC;TpD|`FkY6W7NNgTD$GcIn$J@NfG(rqv z$RN!$kCnfT_L85-&0F}uET>w>Vc+!ixYN8$v=Ds%jd0*|Tpr>LWK*PG2&f0{kL1*x zv#fj(dVlCOJ4+0;IKn*+XYI*r=?T3^lh2xsm#A1o?sP=v4m?#&1Cw7~e9Kb?QZz?& zbnUt0e9UK2Wy8enfW-)V^;9ST1>cc@gKu0>fW^<)xGh5RQH~RPov}T z2wiRS4gWwLa*^@z50)rH%1(FvVKKs%iDG=_lV7?OWA4jhT)B}rr~TFW4y3ABr6v8# z=~M3XlcA{!yP7QLqbD$n`BsBBb@fMj0!BR>CeO`rzBex^V)I;ZMu0o2Q-cTDQUY+= z7NrW18I8q}%%t;)uJEK6?qXYp3SDLX7?FMGJQH-g_H^25<>lF_%)Jd)@k;8J|ckVBIPApV-cJ_XIMkmnMXI=+!b9v$pfW8qGc+DibfANGD|}SBFPoY0PC+ z$%Ww{cXG}6hF>U*J-UD!&)nJ}GwV52YE%NE_1m?eTxrv-QeKKd)s?2(aY^GGjT zADqf(v{@>8jJ8Z$Bv|(HM;oMgh_02+W6^2rM^&)ObgdeZc1MgLag<8YT3oaT>Qanl zu-<2W`{R!&PtKrbP8zXe%EvbTzVFtL$)?O-Ijz8r_}Omc`eBK8Y8a0ZQW?8%;>VPk zKMLm4@jzsn97ImGj{(610v*+ngLmemz}a9i(FFD4-trp$1D16p`(3IbVy zSl~jgCgl7=Ih%nks}IwFoMFlhaaE&D#b(pgIQzQPOtf(@`Hs)fW>~pu2y|Mo0fin# zy!t3n)S<`nvk#r3o7BA_x0Iju3BS7_ywGo-TqK#6Cb@q=cJlzS@D&L>39RsZ{41{0 zg~u9%G1f9`_Gg^@j1_?)ufD&HcUl!-W)=Lx+8qrGQi$TX`z2{~R113QXENXDM-k@& z#@@NZANO2O-&v+ zP6UDh6UhaSsbTxfFlV5?D**KvsuJXgc_RtHib^|pokrhCF}7Sz`$-&HS5{Wu3_gkE z+ikQw-hcV@{FKGqDad{A4}tkk8hNI9t{5(z_$co!pL4l;Z&p5aP{7eVT*Ad`sT=gT z4Hmu(K7RD*cGN+3iB4|t;*FqB?T*cRuO_8<-oJK}Nvfvs-g%#L$RP0~W7pLn zAZupjGBu4t-c(nxkS`$v6DLZw+zqDe4?vJMWTjgD31I*0+upX78&sD!bnX`>)IJ+Q z3m~Eveir3_iEhvF0}mFOLYZa@jDE0SwaRd7|I@1Z4k~Q&I?aIT{SRUdy!UG!lY7-C zen;zsmzDUZ7TvnFDOQ~zHW$1`U~1$XyY-!3f;x08ie-L zL-;{MQ{leeYAkhG@LXeE0R?n3&OgEIlq_E?Vgba&TQ;(OTG0cR;()7i>jYRIbN z)r-Vj*3DZ{SjY;P5*1#*f&H6i?VmXEqCG+wxYYdG&2dQzThF!FO<63*Y+KCDn}8|d z4w<*;-uhnrCDeFIZvsk|=%>-3_23cc1)!G>{;>AZ1Ct=!Se{h680;}7R*kBxy=Tuv zVWZDi2rhdUh_JD;hS^P>i9IU{wCu`SnT$c$cpsBA9@3am0x2yDecQ>{KdgyD`b?6RskR zqB-?u&n7e^B&q+9#PgFzDR~I(2E(nMysEomr5rEznO0JS$_Iwx!)F_Oj0<-s4I9bH zY=0zI!JOi^_s6Z-?T3kWIU=u6-FI-O$RbBsoWe5;Rol+(~AY zD%Ow|a$3sTgVl$MhRxqexqMA=z|}67tJ2H29?h3x`>S*1LkbKyeS2xo71D3ZbP^7{ zWT_2@6wM{#67uL2rZkhB&rB^`6jy*Wq@2aWAhr;HNrk$3np+z5+}sjXx2#f6ydmWM z{FB{dsmO08)bfdLw&otMQg2Gu#+1w?B_-~AGIG@kT(Dnw(k1KW9ABgb$fg>iT-1=h ztt8MNJH2_4jmY%bjjxf!sXGkkm*vn<8`OQdr-kdU05UiV>!uIy;bIwv<$iDP$G9(l1vs;MT279ks(aI(-PA(|3~fTBn}dpEB6u2*UnV~Dr{=QD4qBim;Cg(uH)b`Ph$ z!HLU3_);!0AD*H-|BZjj@73h>@DXz!`W`Vlzs}F#P}#50&DR-5lMmn9Qz!PMU*+Tf zk;X|WDh3iCWqs)D^DgnPF!D6HPNx)|CMgEwAA9c_=QgfA4$;Io^Fu(6?;~jPGAQvZ!Gi}W zlMh-ZebRE<;E>&t^{>Ufn{;bemPk_h$F7!qeYM=BwSZ(FVF79*t2!vNW~DGd)T0y zc)6~Q1ag&+E00>3R^x8eK!?R$3n3Xnar^}X%bI$v1a_T~5sx;h1-2R30&mi1SN=d{ zwMos7B-78(_3rB!gp6U3vBi#L_MX>jJhR`v_m*e2w=>(MFP{u^f-)a(RqML{mHF8U&G?-e{L9|4nOhXO zQ4h?doqvg}aamLa96rNP)z{yg<~Gtb4|r5bAH#d+VUKW zXFC9<4$b14EW5QKea4mi(9=uqp5HVMk5b)Sgu{y)gDBO@4ry$imk&ygNE{rfBY~YA zleC+Zr~1e_ND{wZo3a0INh0@;B=PtkNg|MdJ`+vDL)ka6#6QxpB}`AJM_ zVjj~MH6^95hzw47XwCA#XVn1#!3!qrXxigjdB_cbhJF&ARQnX=1PB@vz4iqz80UJzj~HFyqNBpRTyUvGa&SgPz38 zp>c6+%0fp9KmqyjW!uHM(~yEcbamDrwD7ftHsP*G)4*Kq;tmFRtIWrOGDu2uFz}Wc ztzRV22?z+NEUinL>4@5%fF*2fEWOZ{9^c=z^eu*ME?k4kdy&YMh#6!aB;`xSt#E5h z`zNnaCyCD9JO>@%lLCT0S||_9vwdV}+E@YH^K@#8NDjP$GCJxGui)P#Sa~Ae#9D3Ik;u59TTkO6@zU&P-iQrSlCS>?r z9L19=-?{kA^5p9m0z|J=1<~9%z@0dg?KEr#zC5IFAv~bcSqxD0?ib>hBh(BG1W%e5 zjVji<+!5EvpU!WoH&M-!k@b&V)~A}WLHAydCJ(IfXWF=)+Y#)TGF=gSmKN+h=npj5(i#o1PSC!`d^~Zf6@wyOl&Ft%^)37kgAufDmi- z_3gz*E(*RBjJ{puDSQRO2B<{#vgqCuoQ22G3$-_HM3hCqDAK~RDxp-*KM%u2OMm*w zg?wTP>VR%2`8roBKfZ1!r@?+{{jT=$xUGw0-k2olLeC?+<9ksKwZHqlzRU6M4Pv-X z{iOa;yhD)s;2=NE5nF0lIcFEul!QN*-uJ6Soo>Awt4AgWZdLm;@kZ?_PxcQmc+!eK z^l^(yIHt9!PAMx0-}r{Pz|?ceYa38N^(729i2gG^6+5|bP<%BM|BrOF5iiO4aSm@x zo4T}-+Osre(7oJSNmq%jrp_Xv{)CO4zh&4+s`9$QfUd4?wm;}ymCJdRlEM{!KW3)U zkE9({ERM^!o0u$&k>W8gqoq(zz)E+lNH+f2-tHTEw(R_y8p(UOsxY$4RD$X`2ZRC0 zinnc|nJ4MRC;ahJ4$QeEV8;AQo&D^p^KAe+Lx}9~?qT=JF6_*``LY>4{jsZ~!)*V> zfqh`=>aia`L;Q&oafUkNu}{8XF_*>07f*6RlSA_4mXA~ca@`qQL>!Wyq`pIVyf!8S zF%xU4>Qvl)_W{BDJ|@exq^Y5mUjv)rG+-!fkYLd&HCbKh^KkhRvxK3q z`}+uHX$e}H-ul|M~Jk+;C)_=WaG;(b|h(G@hwPpeOLGB?Yf%4G~m2>b7JZUggG z35t{Zy9${k@Pr7hJJAzmMrtrs_QxW(`f6iArLmyEqy|iUF-Z_`{Ee63Pul}GO<*AE z`!LOBkGaQGxB7M5AIdc_V){`nZr{ec>*Rj!#e|Z6*F9JtTZ?uc{|7^ue)c5#6 zHwr@lO(v+uoz)pN83l`GD}$+SYS-DdrZobfzt%bx30>`9`RoRv1#{stBKoA3EUtm> zlI;jsyibr-yF|a!!e>7>G-CSca|B^()vpG#SN=4Z{l9F5@Y^0JfqY-fW3OO4onwPm z_4f8B?6MD=tlUfj=>18Vx;e{KNIXj3k*eo>2n~H4Cu)Ka;4-K$&EQh_nFN9hG`j8D zk1$Y}47eK$Ocp*UuB8Y+j~d-3%X8>A5OB&GdfryB0()+{^_u+~7Isni593Rz-x>2h zI79(90@@@&zW>EW;OxSLmDlVaHUfZ^;`^Eiz6t06-Hy+9fM-5_q&ffX_5O0mMIXAX zvT~SFOZ!5-8l_j18@HD zcwxue#tJd~5S1yxThu%27@Q`ZaW~;;+q&C>pzt!3O(QQZp5#oV0wy9p-<_8&Fzu}$ zAb3yrPgc_H{SQtO7YNjUWg-4v3@Rvx(wP&Ei1rK1h1L)*0jp%G?jn=!&At?Af|arK zk^lx&;T8=2%q@F4+Uw9$YeTqlk%P);_ z&@M98VCZ5V`@{Nq@YkLB%kwR~*^`l-9bq>GQ&v8YwSMss>T=q|?o6*Nv=fd;bzhR& zewu#eydV4I6yDJo-J~ zDE)?rljbpEgOyGS@1Xf$NE^~oQVrLQb6(H)LC2`irs8{TuUfqq=Q1!M1RqEUj~v*{ zo}eF7CUWD@)d!;_!ZLHK#lsGlT+XXI!EBO;YRMJ4rIw$&4o8R2b#lrUzbuEb$;_NI zqm$m*%N8&jQYbr^q&bQ=TKrCT>E`Sd@=TN|w`YvP2Dm?v9S!E5XR3&B{}ZFrs-VR1 znXA_bh}^!{jH{Zi6jHHSu4suTaj|(b|G^sl{k}+0I80YZ@{I(e+0teI79)OUw3Iq) zp`$WRb*36U#(JhUGXDP8jfeTCtukS?B^dOXTe&uO`OaUV^WfXj!EgKsfYHBQFLZ+VW_o+O)?8se`1>V(b!row@ZhL_-Y5V(|9&q9N zbaWCH)dII}%dOCU7x-6PBNjuq4bOEcl(q7X=4m7sMIKc#ME3#9mCtqm2!pik`{HLt zar$C+&pBJKBz$(Uf5@@)erV^|$l}UW>Z?7&*uU2JuibRCA|U(nIs8Ot@~hjo%B?@$ zzUxW5z-Y8niDfFgah8K|Ym=*<-I-!@lP)KAPj~8BUbbo1AWv#s*n&mRQx~^Ik$W^; z&ZnhJ4B2rRIU+YBb>4j1Tm(-uzcY$ccty7!i?q2Ei&aA;Q^@8yeN}K8#dsyu|8!9Q zEc@P9m3{%K+(T>sLHDLYYVf|rmT6nIV zHFvnGUSc5F<+NLC+Wv!2-R3{m;wXn(nvijp?#biv@07~H7D;N*p+wLX>{l3;28??w zU$FmK%ZL>VU#}-Ji26)P8vjwdtEQ4OSh~0HPSQU;>S~4$#^$Re zg79aJkT;8%D2E#zb<~`eTTmYujYpFI<3Y&KMx%A&8X6XVf9!@aD(_{2kHce_{d{dv zHLHGaZJZ=PUg54?j)Kn?#H%sM#(uJ)))vMp1-Ve-hc|c4faPOXP3!4WE!6fj~ zAvTW^Q1(82i1`T&=u*)mpm<`-1x_3Qmcxjt-&%JyDh~lq1mGLHR|^XBDd3p3Nx)4vL;O0`}J5QB|+efjcbzE3`P=qYjw zIl+1{p;uX66O97w)WlOSXEb3!`Zx;Pl!|GGTnx@=C<8P5-bBIO4-D^{M##kiq`33 zQvLuhjHW0-6Fza8xKUhm1D%46K2lQ{Xq4w#M*jq)i9p|77x>fv=+_HEj32WA?0LI6-tEvoXZWI2Vxen%e!927s(<9ZJN|w{o50a}qI`Isz{OtEc4Krd!Y$pWgS|%0 zqWY*=$}mv=Zdo5?q(&X%n~h?PHjSF&rO9aiNqhNkNJqW^%~j}y zBuV&~8m+SCln!)ohtQl(OBcNOrWFlQw!6hfZLfm7MX&biUoVD}UI z1l>}cT~6e%+ViG&Pu^@*A*uW2Wrf_NtgP~#<|vUG{-$}6&hSiRAI5fCHw3m;p*3yQ zbS<)N>h#;N!dJV~-r#dZJ%<(Jy3vb6Yk2`OvYqC%Bp9;a?c$s}?tCVl;KB-*C%QdDK8JVMON>l*NOPj6UsK7zhq7*gu#mE z&r|9$MG4=I+fAYF9^6mw-GH1uV0fp745pt~0!Q ze(QWwupCz-vA1ungF4rb|KjSbe|)VYfIVbx@f%G$u&>AbUi7kX7;jUfWYQtb!CQw& zb$f8!Ugcf6{V?z#`e^$9$kTkFjKC=H{DlY-t>FWUP#PEwZypi;u-tge0NE0)fYd)BdnL4d; z=mSS0>(i%C122)eVJOw+kx5NB&ydy}mMO&E6Is0)@TKN#W9!vrnE^jwIN#y28|JbT z(6zx;b272DP=`sgTkwqbmE_G<$q9YraZSpk4D~+ETZ8r2l$#Cjk7>?lPW1G5Zsp{2 zwU6Eiv2A%LZd)+NJ{p_@+J>`2J zKCyKkR*4w(&Je0W8+mZU&<6zJHgMpoLXQ@B^}Y&r18k?ejZGY2z!BhmQ_j+Zh?W+a z-$FeEag)9=i)T;9%EQbqq_id-9+@|0OPx}(Qmr!5s2fNxdI^3$=p1OvyLbBQoR+`4VH)Rg5?3Vr41A_Y&%n52b`fO#$XF-}3 zU>gdmpis?^&HM>WCOSY-uT*-Z9xwO(yV8@v*fD^!iB+8h7h$&h%PPD53Fn!$9v)Qf z9UTj~=c|;QTPtZ}Ovd0lZIM z$kJ>D;=-tm&|s)ZT9wO-uGqU<)hE@E8p58l!xqti`*y>+`mf%cDS8!}FF!wC2>I8e zH*tfIqh^f$q=sE9b0V!39M@Nqh6DigTeCFI{3CpC03pT&cpc&{FJ9-SzhPzrF@>lN+%L#EP`q6)}nV33V zbk=nOAz)Q;U3BkDeIoJ#O_P5_E=!B{=(_ zrVbr9+-gG~Yf?y0+wpO{(=PLZE^QwpUblhkCh6u`iA&@)_N=~SEMGcM2B|~A*af_J z_Gy#;VF{$f?hIaH+VHv(dX6c27?1eiX0`?@QV1dI+Kxup!P#ie5Yv?xrnnd-Qzw%p z#=Xg2f$g*@85uGbWeay`;d(+XFd77}(&?qtzMIO!_#Q=zcN=kmRFFG?$G8PugbxCw_2i?(v{VT@_ zCYxQ~%L?42FB>{nV5&ytdDouH42P4S%`u=-a< zb1yN~wR#-yKhe;=$v@@ffpE@uJfMb7yVaNlU%R)$7}XPzm8%%Tw^rqr^|C)+Ws;pj z(?miARA7&f>j*6N8p&OdC;9+QCF?N?8 zbMAgU+>_&l!m>GhFwKX7jGA{+p%H1jQi7@g?7COwe|1Zsb0^v3_X9>>7R&8Bfi1wL}=jR8IF!pNAYc+!{Ng53u&d1m} z&cwDbpx9b!?{8AJ5yon!y}@0F7?@uAw3OcxAD*7ztWKK1yJp-y*E7=~{d^#!C%)`( zwyvE6Ih-a7D{A@p%1w$TCzpealc94D`(Ou9davAqCOmhh=WwcKVJ}8cOj_TIYmIB< z8$QhKI6FDWJn2V^^EO>x&6I{Nt@~DOG56%Par|SL+WR{{7vbdpW)X7W1@Yeg1(NLj zHLfOA|DFa4KHUw|p{&n!}?ZPq4rBJk}y1fz#;2!3W#QYt?#H<;VLM z*z9TEvn1lThmJw68m^p1&1NZxwcHvdKtE|$y#U6j>63_aSX?~MOLxBGk|rGc{(C}J zVt9`~Kc>%(r(y=B)n?AuBMaqgV74DiFu7TJBqZjD%P<7g5Yjrf;*2j@!C zk#@Sx)eU?qhv*=eld+Nv{y85!$i^G%rRo_d6S#>SwTwq~BH45KSUj&AtVQ$jDV!D} zq6=OPlJqP?k_M2WJz3hn@$_OXzsW9 zqd13i^_9VS#z{Z_dGm7qg^h7FzW*SZC`Uh;K4vRkb8g4{0lu^zOr@<u+z6SR5-np+nxBIeI7N$O`JWj+V{HuQ*nvMF;nvMv5{EL8K)2>S;yMT>R$073wo z?Vnl$h^y#JC%laQZ+a<~|&|tqpsJZ)47Ug5$*jZpoB$IwJg1F5bb!fnzQfVm8k1 zT*=W-j3HpqpffHtc9l_inWZHe-DRY^v3kG0s?W;sIDTp7+vPT1Jjjr%kZOCOa2N<$*k z5$_6T!%HO_rYrR5@l<(frmUg0&DTvwHpJhf7|0bpYrJw%_wSYsv-mJR9@lOpla$eV zy|I==QA$cGWX62#tD+-W-ABc^UvcG;@(AmK;upxhlQW5{QARG%!4x9+m-L342szq8kHTe?2b0v`a4pLw<+wK|Uo zX83E4B8csDvkY&63HKWDmYc&n0Ej*DLw|?k9^fYb1vD3J(kO5Zt;u`%&2=CS-*gK< zY~t(v7;q3x{v0W`jWwfEw3H7^NXHB`Wo@$l$I{s$=0JAcQA)h5Tm_i$fTeu?q4RRP zEe6%JaoT(F9l&C_ES0j%95^)>&XE6kjAAJOlDIZQ^LJAbWu|Wsb0m9dmdpG))zAG; z>v@?P%e!b42+FoIA@q@}v)4>@teVKqn(ZpZZ$O9-aP4DGJEIF>_#c(y?tiM{5;~gi zFQ=+-217;%V%pM8A!xSMRP3?`A^ht@hc{NbjKl<(%FZ$FL!ILTw32D|_j z6On&V(XtmWFJOP`5%-5Ni<770vv~a&0Fj<(FE^nvuz!~ZjYEn&nvPdZ(dHT-|M}tx zFRT?+cD8T->u3GZZ6}6JbTKEfLgCk!_t!|qKVIGiE}?g}e}aKe!Bm4hgQO_k*K_lR zQXZCC8HMj09l%aX=YlGVA_J;nC#?zRZ*w8hg(lrNX!M{3=soyl8IhB9>)hBgDSP%p z+Q)sscnmp|JvJYvtllb3!$xW^z+tezoEe@Tg6zKC5L9{vQVtp`;Iq=A$JGH;f(+}G zahg@f@<)>g52$6QWs|L!f)FdWcEJ2pIdygQkW=t-AvIMpo7I9vB7T)mh1uDan}ZWl zTY&2jGTe6KUG>fs-T?f9{~f=LJlj$|=Ba!nbh<5?>HvSODzvT{%ZY%voH#x$TBZW{ zpaf7pG?nE5YNc0dc;@)X)PIry(P}3 z`K-&I0DALe+Q5iZCi1RzuOI1dV!*|iy#RKObm_kJVsNyn%Z`~KD77br$k+GR4+Dd&@1dVV_-H3*4R;$;YBu+T1ns&LOvGiA-^CgLV2 zRLscd3RRzVYisL!2E{k^qb+5kXDhi{p6(>Mm0XIihI6RYF|h5QyP9Bl{&D{E+Kg|l z9RhvF(ZbEkEf=7)$ud?y-*E4>Tl4yNc6r;cH6xetvvn(!wlQqcDq)0>n{OLHD5e(` z)eo%tP-NOWE}Y#Dct>|)^;2p0EI+m$j+3{GodWILbspu}&S%H%H0PEj0Q@A$=r@tW zq`7F>l@hI%dkhw^7bqsCf}QtKZKwi=b^zqobVd~FuiisYERve}4!R2I{fHsAoaBy= z>&u%QkaVfH443kxCzHU_snD|BJLgjd5J<7TSHP#jW zQRnN05pwqqNMPq6?ufd*@4#MQO4E!14Y}f`H=T2RHJc@BEJoX4+@xak6ewZ>Dp# zA~Pvh`|h4@g|xjChG{2>(ZPO>NM(BX3)XO5fn`tL`1F6m8W)3Z``Cer=nkl`vgVSz zs6BAgx?suL9@V>>-qdqz4j?ZK=X8;Y+Ub!XV3HWPYcMgLy~5G;&~l3B++TnEX2%B@ zS?~KP`%B^zB~$T?fF`C+HkkP^mfEl8bO8b=bhGw6JKs}8iQQF!truiQ+GMWEF^Jbh%EW{< zz)&sb%}$fYC%K4Zsaex*J_k?~c9DN^X3?GpL7?iO z<$TzH#1@3KE5r*u#5J3ieO|Q7M9c=90xl|16g(NZ{>YYd-GWgKeE0w^LA!qHxnN3-q?Rs4HHc+z6vsg>= zIbS5#7{dUHi~}`2fpg90HR9v>ufJoWC}TRG@T#Nkf(=XNB)bLZh1A*OcL(Q%FTO?Y zPHcHsj-3LYES%FwYNg7s`t=pSdP1IWPy6pP3nJqkH$(mJvaH(N3>8ClXT(Y%Jl!m8 zbpfz0A}YIVe*P-OYfvzklnTW0tB?vHyIXTS*sU^vD`>YF3NjVhbX_;8%Hhc2(ra~9 z`S%DY_!2_PtFvx8s9@O*gsrnB@%jmWD;%{DrfM}lAx|C z^=V<+DmlE=?(U>X+P9^6$J2x0vc=qLhwyP*ZPQ=}DpJXHlQ*~GL&t5S8U85)k)Qut3Di8q^kn)l9G=;^X05-DP$__aIBxul@aCroC)M{-K=6Ny zjfZW@&UY^k!?rNScAypbX2^IWS8NVYKC2ruC9gc3u&_ZQp|>(x>_2I}Rf7Z##pi*W z71m2iyMX3p>olEkCOJ!$C0PJ`>hJ^HN~rVTm%-gR8l=Lo7bB+q+il#hK3J7)H_U4v z(NLp3GaV~1#;tjEpZ&U<_l7PC1`@n}lY7m^Y3M`^Fjfm(?&sh>2lso0&}2AXq8fAL3cd~f*!@8}-q zj9azn-uEl6*=d$_(EE`G7W<%k?_+7^o@^mKg62Aa>qhtaZlvgN^X@W9a|c*!L{V-FX8R(UbMPkEng1_;S^LBts)N2k`-TRYbOjwIf%}E>kN{A2s6Bg9hxTbH7Ms zz!XSsirP&=OT>gcwn0@u&Y#1Q>LR&wIh{L0L0}kIEnQ2&9hom0_OY?X|39WOntA-wbt&=tkkU(U%JK$ zmj}fp2Z?O7<9)+0%;q<`B!FFn;e01)4q*f9kjDI z9_I7?2^~#Q4AKaQF8uxZIK&=0^zK{E%wCal{^iP`yW1=xkpNx}MKisT0YjbP5(! zSO^_EyuFl&%s|5a8A|gdBYjV4nzMAqV=;=^sEVy~556ubin_bO`-=REA0W(54hu4LnPwImM*AnfRlpj z8?`VAsMQWWA(yaQA9b^rf>)f&K2R|q8se;bwXJ~{hd`O(c7aQeRMv3h%J2=*qj^(rQO$}Y0x5hah^U48rq^6@ni95fd2pD{r8u$|NMmbsYpaf!H1e@vu^DrtnmUtb=H5Z_^9A0B3kaXdD&pMs!$n>TF z%tC<>M&tL!di$`0_=6^%Q0Am0lJBKTbe z-%k3oD-A*tOK_b|citFVQWHCf5u(82edg1ttE z@gf`QD}m4~e4o|ZI(6J)Q%(K=49s>~Xoje{hjMh6;##WRe8PvawV_a3w1a-=-r`!x zS%qP;N=nWnvo|S-F9yS$J0K5@&eGiZ96-jYQ)4wXFMWSh5AQ{nQ+}(>bMBgxO+jP8 zu|E7L_anvv(k)%N#Rcg`bY3%PbJQg$U%#n40+~AM%6^C-@FX^B*2x@R0;KW~HOF`p z7m5e4byaXqLnKnt-a7_*oa`nFDKuBEQb+@CZ=OM9>65p|ts!)yDGl!ExK(?EB&YL? zqK}gc)5G}#6{}|p>~q+4Xn?m_X&M+k(?>~i3otTXHd(})DS)i{G)&SRm>%ySG+X?7 z^}#(46Zf4F52pbyU-Ql=m3DcVG-e9h0Qd!^LPkJg)Don!c663^u3)$`OW(fMvGukO zv2ED3C-cv2$&VO|CH5lMvj1u}SCTm~D|MX@Hig}Jy-ROtB{&Dt2-+$HlP|3fe9oRk z=#AxSYEt7>^fE3+#l=zCb}4p7b8BE5pMPoLGau!4ASgBNdO`uoo&xfXO~FtyCatOM z#?Y7wRmX>ZUTZ*2u^<1fy}b`+^8D&M>1251JL}IQqC2~wY5+=Ij3BSSLL-u#yCE0B z61TU|1j8JrKb+ONQofXr`PE_~O;{MM?EIS~aaFZ~U_SNSglIm(D3brc9l%G&$;9=& zklB&K(&6E(r-hm-J`+;F{<(sx`46AAze!M9T`aU~N~H@5<)zR&I)~nO4clYhTES<9 zLAkebo;VY+A;9aV(v5|HPLUK~9F@GFe*_#joO>qrb#E zAin_}pCw?9q&;c2}x@%on2PQM(MfI#u@Fs)gH*R&#dj^&Fe05Ax!_wt_%u3Dxcq z73ti5;WrdKkP`!%KIBuM_gys&$1_3vVPN~H8OWbhnn|PjfAb989zXaYdwcWyTL8@{ zegA_u-}D8*asS{yV4V!7E51GrQ8gg<$CDy)%N@5DLT-?McwHq$6=r8`*T|oBm0rkm9&9#+{z-?hn!!^X8|(9XZ(|{(o0H*5qmJ7 zrlAh)ci;6-mXw+9k2RdS!l)(sxWYmN_+^HK%Bm)+aK(Pd{qc)p_1fZOv zyuroCdq7`(zRF6)d7%LQQEqWojQA*o!z1_Yu~p)~?=@pj*OL+-+WvRxL1zcS$u8K; zoqpRUp*>SFI7(WdYzn>RR7@Tq58A;te*REZ!y9x~<(qW>`{(@pA3qXs5LtFazqO*% zEZxS}ZT#=Z-pd<}g}iR}k}(dr_38Fi7KxmgHZp2JnJGlGD-ZEd)&aGYvou_EH8D~i3cvXdjGBi z1M6WN>*u%o^yJq7^uNA`c@p2j ze(x!)i)s)k@}4=Thkno~e)FPl^j-Q*z=tF?-~ai?E_@;X^V_&kDJ%aU??Vv9mpe_N zOx#i^5(HRlS^hU;`-w!+_}zc*f3asEVxvhlx&OSUUoV#4|9BXR|LdFB{f(b%I~jQX z?IZ4Q{(cUB|IJ5oKXmD;|566~yOQ!h$L2@B^LQo)Gf$<+wI3<{Zq>;#U#z;fIKR^J zLVwfpAfEpZ>%RRrGklngKx-6}5pMg+&p`Y4g&6aX#w(?pzXDRspMVrJkgfa=jiE=s zX$&>KknI@178juU*BtT(o?`lh_S#CKhxuP56Jmd=I8!eyB+vePuh;)$?=6Gk+}3sN z;O@bL2X}V~9wcZ&f=h5|+#Aw32`<6i-Q6X)dvHQipbQ z`O$fc1ezXWJTmU*x*7g%)+-F>>9*sKS+9S6g#XN+{+N;z3jEu_qDue-=z=!4h4V^iZepE8Upge~X4%`kAEGK_-%GFS8eC&S46{WpVoTu(<9*B^s< z|N033d5Ww5A%}YY@0sbp$)NzgjL&~YbH@D*np3q8u%=e)BZ!*@{LcTI=2uPWKX)fh)bkYZEx%Vc&6MdB1ju&U{VSMfdgBg^ic_^fGoo6h z=xK9|5sGwjVw~;XNpUf!6A}$1)ff!dw{AA4N%gBJZjF4NYJ6jAnGsvIG$8J+z;_}@ z$4aUhFEq=HV8=h{_dibwp#Sqk{QDPC?eI_1JpY3!HhM6U2d1nnq)+hE5Zynz3qur7 zDePKu0+blE(yTXEww77Ixtsj}NJ6u!CJHjj;#yn5>Sb1M_vR~9EHjw;RbVX@*8%nh z*W+klwe|dQB_~vCe&uGz4RhEen*oMM*r)!+a1u|=F?p_xT6AgVv$|iw7%wDV2XnA* zMb3r4jO1NxIjdFb0h`9^!{D^R;BS1dpUkG3pE;`Kqy~pdqs|>1p3zDfe#`f-b~)i( z`EYUjHqWahS-*dB%p;HpNF(HhAQdx5?hl_=sy*Cx7i)zRxk_c$y)GwX&9`Pvn;d^F z5VxQVmd8-V2J^(OAiWt1yOw&KghA-T7>K^*t#bw7!zkshpk@KfOmb$jt@ez&7jBXCBY{ zUTc5|a5=X{O`o)Z^GRT{jrT@hNIuuHjmgpUME2F^YNasvHzoWbCxZ5p^TnzgB9^)> z)gZJAaI0edk!bmNod$@I!t)h)&2dM_DZ?}82F3Kn7ggq#7|k!!41Ds!caf=I3BTH0 z=R0rGj>cLA9Po~W(0$_nL7KA~RL4}(@B_&g@1aS;;^gKlMhT#p-lJa>)CiKprG)&% zd*A3-;oWpEA01?EZa(Bf$jcf-!MK?esI#>jI#JWh=JaYfd8)&N>_a`D!8;q4=drFD zuw_1ElKNB2<~>*bDX+teiCwu-zKw!8zRLc4?%DKLSCr^qTk4-3xPN~^34ZdzX}9i) z{*xOou?Td`XpRyXw&0dq_*KkWh2$bPskf@KHTt29WOxW9jNit`UQ3Lni!w((UK1-* zb8~C3wb(TB*i1-lWkiRC{UqLrH=O~}`uY9xMNj#!-c>4C#o4$P%RAVW5cHU@vSW>>^k3f<(PVo3<#s*K;&3ky~EC@pqU=OW~;xoCCsQ7k6do z`NG>0?fe%4p4$0s8VnOPC$EodfciJ;S9fKD4AB6$F-9y1=xY!ei~Ma*>|cvj!t-gR zip~e-{K>(9sJ{Zr0re^+MzWWG{!S>5kPnv<*x5U{6eCNdf?c`XCqC7Znlxh#07A{x z5~C`q^5l4`D=ST=`WI-uz-1jqw7ewNJaPhT_`3~N(F}QXD?}b zIXc5Adw!-okzBB!NG|{BPgMF7x?|jBqwvpllBo$`C~`DeG!&2kosz;?jT5fCFs#va z0OUSbqX5&Azt5Q>3b1n+GcB6}514v-KeqtZ4<;#Kq2~M^Ap!zFl_K%5p}_^-!vsau zYoW1oOY}aF;f^|K=H>(3nrKc*wA|&!6h6}^(3n~#&W{1mf2(Z%Ypo-%1yp*u2SfI{ zf4&b@)TgS*@k?Ang9@MBA`5T}8v{rr70R@E^8j7ORHK?yk#?Qc45Tx}WT~DEpw?mv zI`3AN8|27hST1C?11eSpE-t3qIfDi}|HI+&gyOfw0|Q);h#L zi<762{%Em2`eIC&y)>MxN%(EX(iRZ3fbm*0a5-eZ!l>s~NWaC^c5kA+OlxN|Qfpw3 zyWq+@nIA;gB&uxF*Kb@}HN8zjR%}=Mv+?iBw4ZMn?l-e+$QUj`$vpMO3O%q$ zJslR_E4BTIuxnYMFzk>DuaFExovM8u!K0ROcxctkNOXP(AUj=+$Yu+GAgf;R#&&O} zs!g+8SJ280;AX^M9qVjQS(636~mgL{{>kkYKF)e;lX@Km|=kF#>$(z~Tg!lRG_hoeP|>c>tWL5Cl?$x`*r^fPbgUEqrJTHe(bI~a(E zmhJ#71X|z6hmh-lp%3wSUf1Pn{iCr|u=PeS9e?0hl#Ys0FI_|&AnNdz(gATW9z104 zw6tncZF=G$=mcfna-dPv<|$-iou$_v5O!8@yoel5_op|__^hQ48thA{)hXuFDXCwv zza7!4{&*!;hb3i>=v+z@&x{Yo+}h5-Zp|a5YHl(7i96wA++W}8fq zN&nI=>#NrY$FU_B^yy=sWuspLgmiW7nhcHn?a(u}Z~VP4OoQ}Q4GdXYY}Xvpe1Fe; zDAH+*;VILSS=6z04;RF_YqD0miL|0Sn2Ksr6Xx*j94CYn{Wwpn2onws{c*Ny@uM^V2o@X za|u{IZvlFA8$6rdY0=qe*;Z_&SAFGv->mY}v-drxSt~Kc-6Z^Jr;GnY+gs(L94LX` z3gO&~`NwThIfVJKV>tReSJ!;q$&zR`>-J7?PdQETGN)i+W2)dqou<}>l`6NQ5Pu2I z*<#hT$T1R)*K^OiP}i}`FF9t-S5b%RCc;_e(Vwlts|em-+!p&ffxo*fd!d*2^z^F? z2c^lGP9NuZQeX*or1QKz>Loe!Qekyz12oBsD=KfSgLIx#gjJaOTiv#QXj2Gz)cQ;T z6*{gEc&93!xIS6vb)cKZ3h*$QN%?gc;pVh--E_|28lkw@3K zwI6Y?pxq)^$)Evgwr!ueE{UY%pvZR920Ut~F;3;A0vn5_J;yWK9dULD=T&Cx@g~6K zFt)PdBBoV^MJI(_P9=4gW^6TcSfA#e`~RY1jl(X0~(U-d@jZtv?)NtWUGFs~x&(FF>^vJ`{{>T_aZ*>>l8;bvwUUi;z9mC|(eJ2j! z6axGYE^F71U)Sv?J0G+KHZkfcjcX1k+fqh+FODjy=XJTY(L}qs;9efO-d(q-hJ(sM zWoPqY(aF5l13DnqxKW*Yd`7swgzy*n0R(}4vH95WuZ963KX9&_RDXU!%4ob}{Bf7qe!9KWVOCqIJdk3cqQlilI79oQIqufPh;!Jk^q@6UmpZQs% zZ9Ybdf=(aG`6RHIKhjcS@2*wZMSEz=bZ3LSt96LIDA0zT@EUX%)rm)gq~Z9Sh-$ib zAIVI6_XziAOJ8bT+389f`c-rM&bZ%rW6N@+Md-otf?{4=?h93vY+BKm&#QM1V*zZV z)&nwW2g$i7oO7 z{`2>(Hu6R~T1?Qc$?EyazFU#6C9-?p<>;gzS_dvijL-e%icf(vdGAZD5^EUQUAxL_ zK*Y6aMLYJ1)4rCY+FVM-!t^>&)K@dq%kUEjb{mB%90i-A?U(+?V+Q_4MbYubg_)ko zV`g#)V&YhMHC+x z$@Q|~IecKctF&gpgx#1O6E(K1f_c3r%nbp(u8s5&dpehHhOJL-fRy7X9h}V`MXf5o zcfv|$LPjIp&G`6b~x}{`G>V`_10>c zukXnEOTbuFSzcs|)L|AoN-3ct4QER&jh~?A8*UKXgne=8Uz!%N8p=UJcXy!;^@Rzj z0qIiMBzntr`tOxP81>b!m8Q+=ajld!$Hm~e*>p85=ry;kA?x{G2T=lh;rK14!MMhm zEa}78$!u$xK4>0J>Tp^PBOC>9zP3L~76zR^x3C!b{U1rwL1M0-B2?h9mYX9_O&%-RMK z^~~-hZu70H`Lzjhw5T8|PauDsAx&i-u-lT^_;nVgh84EiuMdugntgJlBii)MRYTme zo*9^v^vmgwu*O2px2Z8xj)Oef$HoB?AV!lzWyc>s8IQ_f=r0%IcQ6C!6jZ00G?2*p zA2@(19;`Qpt*7wMRIqc(o0Srjo!=PwK@R-9CO*k;)XndBIdvJXd%&*BbWZX8?(q5H zK5i07UVF>M!b#u4(wf=n-)Bn0&Z^!&6Yk1$lpSW-l8h@bTc#uDCBzA)s>s4s>r6oz z>WUpS+LD1K=U3`njOf_5x`OUZq&O=-+@1I`WK^&`AEBf;2nW|np^zw1jHd9%N7Do) zS>0M(^xaA^1Uyt>jThges4&t|`c7SK)@fnI2Afdd=ZFF9Hf}S^aSVAH!=rUk_;hLP z3AcEr4@1mDI0g_|>H~`5hdF=7ZR>-%Bd(M1hF0}PvvmxlZZvm#&Ma^XAJ@kL8M>m# z!B!t*y>S(B9Y(L2U(_pjz!(cHFaVBD%8vH{4@|^-`qkAMztkazLo@|d(`P!wmd^Zi z&haLdr!k412-P?-)DsY5VmYNe9qG1BkG8A5<%nuClfWAl4XK0;TE35m*wtcN3m6w;Mau)y$8ad5Emw!g!?@cNk!h&d#^8h^)0KC3m@()_~Zo{m2hmhVIme|dh9jm9U znE<2EYT2C~?^P#>jVuW$;}Fit-JAQD7{bKeLMjy%iSD?HD1zq9L;?E!2a9p`J!lG;D3s6<=^1UWohXj*q%qB#G>417+~3@&q5KcJk`? z*p!Zk+rR*Fs01ahhsgu%;5b%W6Gb`&AWyJrj+MUaUmQv2R)I3$U`PgI9_5-x+NBdA z`UT2-NpPP>8T#b`P}1-Hk3pAux&uIuqvCzK4Zz8GuU%)e@pgE4sbI%in)_59X8bww zV7t$RS?NKj(5qt?cuUobXW0u-EDs^ifvO>!S+=OkeWhrBgB{0CT05glZS z*TndIYl@27UR}Ne9R_jkKF}0grZmsnh##g=Cq&Wv=J1e$kF!FS(xq&2ET{E@^S@7t6*NPuA^bJ$1{CK+#$!2U$#11(QwCBx zj3aGoTgf_i$&BIc*NRprI*d2FD*3N^OyGLq_c=>MXj3Og#X8(u%;T^&lnY=v;rc#v z%Ar-&Z5eE(NT&>Q#Ro8cj+KC!EJj(DE+ zMYIe^SyFZnD3GqhJ?>xMh*3}L{qC_}t{**M`z}Z#xXW0S!($MwB?w0ZaDsFTs>9kV zPgx(4BGbO^DZ08}byaHAOw>8cV)(Q*e?7E@Nv+VJ4j;k#3AN0TKCVIrT6#uuRc9?|Q#kWcKVASzKI$GtuB zZ@-6<&E=(dN`dc5KJ2?K%}-Ujz9S;!-u@BcBl~ztJ=ydD1CqGzw52w1MFipO=_Cao ztCC~AW5SZCXTSs;W%9l8ezc7#gHu`t(V8<<$-UN-8XAH^2iEfn-}YE73Xjv(K^u3v zq!3}Zugjv#dfUBPFJ#iatLjdPKef%uc-TN1ut&&Nqjf8&pDc^O>kaRs)A2m1)!L^v z#Ej5*(A}0x9A~c3R9;dP?F5h3M&RyseL;gQ*YLI%9j^-Dhk~h@YqGDy=HtEFDOq}5 zZUWDjFHl;A3O`+CeAM%OJ9`fkiF++nn{hQcmZhwvihJNh+ToFd;7(S3GJG`y&Z_Yw z=P!KwK~y7RSmEk!XJT@K8}I1y;Jr>W6AnDANOR{BF03cS4PD2%pv^^4Uy$-eZ`*X( zf#??a5bbxLI>tw{)PgpGB&T`_DYxu)p+YYu=Bw6z-g={XoDU^F27zXU?X$WSZ>f1* zQgV?n;KG28@_+4|{U3jo$9rm|4NBS*{nbb#K?y*ILzN}(!iF^s>w+W!6wV;&pET&D z8Sak7TI)fBcp^ET>>4sQJ!iwRm>TIAl0jL*j&4KN6>V8xB$qku4lRyoJIlWatoBCo zpVR2N8?o=XcHIa?urK}UaH}|;k|M5eF`6Z`{<-3ouy^ju$$`Lho-`q!-=b$z~{Qd85-=(M~;X&?v=&{=6tV<&{}<)zfj3$A)eW*-1J>?ZnM zmzYveWW zE3N}&LO+q|nrx&5^Cb)^SU}dx54Nn7lS}HVdK73sN|4euk|Qni8Ml#7vY`)T=(LVH zQICUSP854$3EU!m2Sr3yKfuiL+4tod_j!%n!V4UvG!?#ob1MSe13!_#M9|?`3 ztN<<7PnoYfAnlY+Vdn(T;C$iT*0L~`;cUA!U)3dI9k(HM2fs=~^R1C=yz14_>0WfX zh944XGW^nDuyUuKJ>N7+1{dlgZsdIeZc_R3dOgobqChC!p*d+mh&JZKspUo+s^l|d zSZu>iESQWYatDI|n2!6>?!3=e{#7j~|2T)r-{$TF?1?XOk{#ofOZ1r8^LUCoM0 z#2D`ZF>i#CozL&e`~`$YR^tn1UxH&1Wi;RM3Zue zJF6bII=mk|Z1dg)7PhVkXylx0X6>Xg_DH4MRd!Hl-I2oFxo0+uQBFvz7R;=!=%oBtio?oAl#306mTNr{2a` zu$o91FhVFoDROa$cB`2tRJWDvkke*deG&N zep@qfVQV{uj!}g+t3lffK@;BE z_b-&X;GS#4_gToH7WW-(_EoqEHdDO);bgQf2Xkk(-=H%a$6eC%;=2z}vc!0g%U#Z- zTV0DZM-t|$;dq&EZ21DcMEgLKxq5b~91Ut+U6J8FKdoOOukSJ<;(keQNGf}qz>s{G zHryS~1GvZ&jrvLvlQ(zq@{j{JoA-zoasGrzty?Sbtz;zWFZ=>5f|6YCfvr=&QLuuD zo|Zt^x+NTg!#LD~*26M<*U4`b5<0Jjgk1lLvQUBs*U9;MpjEli+hsRTMEBB8XU2Us z)eV8M5FP+q)QI+yVS6l4g;aL4Q81D}9T7;3G&5sEEdiwOY=jtwXGp&(S6&||o-q1v z`e&Kv9O(7L^-r#{b8PpgGq80c6JBtLoCP@@I`OBz+giPKj^t{`U`3b42%kxrQ(J?+ z-0WYfy*l@5swM=z)q>HN&PQi$-NpqD3NsN{j6*3RvW#HFR6|nFo=Tr;T=|W%Uv`xh zoT(|^4&3A1fua?ez=CL8yJ9oC21VkKGpG_!?Y8^#Kbv0)ToL zie;D-b!g!t!g&p-`N|K)uotm>jG1dqpr)nsO)I{+Udpw1!nb@d2avmD(l-pQDr^kT z{W126(_x0Vak|ZDskzA!qsYr!aqG^`6yULlH3;!Pe+FC^xuB4ir__YVq&AA}8bt?S zHK1abGN)axka-Th6mk!cE+U}Iu8&YdCvD(5SnTci3p_eZt9%4QJ2LmY z<1_(IAybyh!UMo)5$fwC`PhX$2L^8L+U4AK8- z&+kbBMVj*mlnDPnHQfqSFhsQOUGH%`h_jG~h;m?^KEq;2QJ|0b~MW1t{6$A_3)rF>DOuZFu|#SagCQZwcUIKt$5bxefyFj>h+HN@q}AwB}+<& zSi~aJ4KwmI?QLAm9?gh#%Nl8guTidVo+sPpG1nwV0 zKhA)>tRdIv?vsGi(Mv(+Um-6<9W^mu2v8pI+r<3-ec!AQd90V`c9O2|lEU9Bj&1l0 zVUw7eghGS;>w|%}WzgXo1y^_T)z=hn(TvQMiuPLtaS*}X};()w7$G>jU7H1_UaJn@i_oQ& zPw{x*ao#1~PDZ?1bimk>V`fJRM{9ktVB3PY^3=m!zd`6CDD7lu0z+^b^(Y)h$gCmQ z$_zPZ&%HO4FF4NmyP(~M=h{oF-umpjV&NvO+saJ4{+|k(M(vVH+F)W^cS(|jlD7FHKAa5bm@7mM4qhiSIt*-B@wRp+;8CCc4Z?5Eb~BEP;X%4{DOs{ zMh!#js=!Q45qEI5`dS9{7|_8KL2qj?%OJ2=7kj2g-+iZG5dsdLXaJLaDEjeqMP#`g zY*oBQg+1w>UOhvhK)Kv`F?I<;k@xm^k3q9`qhor=h-!kETh^-grBGZ2qAEzBkQXk`16&%hN1gz z*2=RIMZ!n7(k)yObX=5s-)sq`@p??v4Qa>@G)@pb%5f+6FOoROaKV!t#m|RQ4c!G8 z$oHk%z+C{x>U70gBJ~z8XjM}-f@nJpv)gf_+wJ4ZZMZ&JhrAo@r(F{iO21lQsyycl zt_8Y1Jjwgb<+PSK`p@C8(a%Kmq){i~N!UOw;lTCsp4e}wHuZfzm>rE#%YW+Qy>as+rOL<6IGd45iA;fG-+QnDG~ zmci+HEiYY@B?wXwv==QS^XOvXyQcm4u}1z~A@n>u!7-4EBd$!n$oNuW?n8r5?oHMZ zA1$TFQBJqu8&%o6y0|kjNv`sKcL2H$%^DVs*})4VOUE?qwSk4lUuZy{+{WKq{@T|6 z@wmT5*$EPP>gZ6$^+^`lGtwat-Y2bz8hvS3e5$P<06K(M&Dk-$0or;l|P| zUBJAxSp|3^KmXC;8Zt%sWSvgh(MA)vL*=I_NfYpH-)$%lAzl9WzLG&PytJI8Y06v$ zOTsle$|7ZRVzWgF0D()Zx+g*Fea_DEoee265MFK`!=_lqUshnD!o+rOsx$~txX>TC zk-y@#e9x>{en@6D{j}_p=PQcagp!;DlE*JjY+|R)fsP^N&EJv|{=H+U@YFHXBf|X4 z2}J=8!Z96;9E1%_2{y!B?660T>PUjF(GP)^3ou`Y{j z{2PlVItKU2g?SQvgl2U9(wdu@ZMDz{j+l4fvEqGheH$!OwfVR{Ew+G_IesWG4$D1) zCKKfvE>AV3Uny$Q2#ewV^?j{-D6Y8;6Bhx%)Qo23EuN1$5_Y`unD3F}S#|Y~M!&^7 zS}WDdZCWx(gmx=B?oLDlzP!^xdi9NsZNLhT36U^)LX;ePQS6q>m9)*O9#y^fOOnGT zh(1OMEvN5Ogvhd#Y#YqsTX^qOzk5K)`AIkY>H3Rp@Rq;JjpKP77j78#so9R0En3?S zJa77&Ac@VrhK8Z4*h#?FsV8C^rHj=d2KY(Q602AU*+-xlvQdU(39b-Ccm@^Lg?-`q zA6z+Yb!#($(WOU%-;kw7ZUET{xK&1!JI4=H*B1O{X!s;3J)VKXP9kDP3$YD(u#x-= z_sAR>!r}0ik7Xp{RI?H9v~+aNk?m$Tv@TEXAZotB;^MROn5lMd4KgwBOv>J9%BlaV z$$D2ek&2wfyJ{}xfxH#8jD}ZX4|qUn?U^QLd@#nDECEN&fy_#cfXx1;OQ7{>fqpAF z|5)eAN7=X@rh>TIBrt;M7Re%1h zseM9}7J7#ecYH(m%ALx7KFQoz%p@TnG&!v}fLsnWfV^$?B$aK*e<2pFe)pmgwCwKS zG&mZ}!TwTUxF`pnyp3dtTVcV-hx_UX8`m~7W)FaXMYA0l<7Ih$=|=vaXCMEV7s(|C zWTR6yuLNHFSq(8L|C9H`DZt^BgY=XoISfu+n_lg+yFgygM z=+F4f#k^=9)UTT4ZRMv=!UW-&>g0gNO*%% z#rI>-PtuuFsLWQlu>pktvnMa}>ous$NK_8F)4nFo7W_+91^~9|qavCwg1-Q&t|$+i zTH+h}+BbAs11L;BYK>G1}p4x9XKl$tBcDt=TLL6HVuA;O+BItnwLG9Vo3nt&FjRqE>9~Z zYPUN@;uSnB1CeHmy~F(NRMzYIH?k>OxlY2*r@zl7hpB=Zf(t(XfQ7c7$>Uy+Fv{(VhF94;gjCZ(S8=$44b7O^YJ{GR4IE zE}H+i#3lBgWW0L@Qe%HfP1R+e$x7=3Ry9)5VIj82;O_%QQvj7ZF_|~$uF!cC125Nc zYar;eMn+1x2>*-eBj1C$lr|qF(znH$|Iqawh1hzp{+arNg`zm?S7dqMT)D}eu}@NM z%JIrc3q&L|uluYQ-FB?QM%6gTL3D+LMYgGmFaPlH4HCU}Fp+z`(kv66a(y(MkYJFM zR}lS&=l!_XChPZR-jB#GfD?xz>lUP!{Sc79nT>fWXE-8|K#6{Qc+9+80_nQ0malky zoGYDoc?ZZvh6BN#-wVEkr?mO`?fkf{LNZKjn#Ubd%`}Sr%$^84#h^ts-cXaxxUB5#}NW!3>w<^CPje@>>`dfHuYkhKBXbBAX@AfQtWE_4S-DkZ) z#)yY-qVL9%0mRk~5@oEDIf+FcHm23ua2>@K2{>z0(r7t6)ZUu%;Mt||0yb0>O*QeD zN$xSDHKqb}AqnJXCOQr6wz=d?AAa2*Cxg##wx#qD!{);KW2G_nCoLR;zUOadg72?K zS<{2zJHQ_om%aw`_nvUQCeAB2Z)GH>(l&@5Yq|)b^E?xBq0ajNq{0UxxH?E03w6Ai z8hU%h@T$lec47=1Vsf42fs|b#2G04neyZqxFnEV;9j?K+G+=!O+2&#u8cQIvXWS=K zNqtaA_qP6$Q2&pGoPoFcj9Pm6K;-Rp=sERMKCu)+_WP@I`>kH3rOK`wOs~Nj(VRM= z(?P1>T^+90^W*X3GHV42+IQSW^AJ2Prw>`36)ri&)ec$%ct7%1NEN=^W{HaHtWdZy zZV>zFA$C~P6k2BSJ5V@>ow%XHxdQI=0ce8rN z!DL$rkL{v#zqr9oVC&;Uu+XaB*7e@Xbi>2;sE+AF3h2NI_~IBvHuA%GZp0NI*}42E zTW|eTi5$?{s^hD9w)|qZ+NBUW;O(aZB1doN4bzAELmJW5FTuJm0c6-&pPk(LYhysi zI@Rcq!?A%h1aD;7fX_poyCMxwl3&iOUDx8(K0ia z$nOE@j3MC0bVkRk5Ctii3Zhp8hqt^;jBpoB>1VBaW9)WlJcc7L_H57iA_3|Ako*>LC%cjs zsJvfi3}>CwIFlJF!|4Na8pt>89b#VO_}ZcA4e{KPU$EGbwc_~PLpn~YEVZ;> z?PmGrlUyES>#7H1Y1SwC!YC{Hku{J)1;vuM97$nAPYacW0Y@d01|Bd}p*An; z?v*%ROB*Q3boi(vS9{(%E`7kf*i=AZ6TgW7Dg)(*rB(oacXXP=U#kf>w`JEvgmW}4 z>&lm}uJzuVz~DXQNN0cSP7)ojBEx@ zy4#Uf`F{|o4)*a1U@!~@+ zJ<;zRbXX`6G#RC0JdJ&+VFz_v6sWRqEygwy3tG)b-d*rzLq4MM;2u2!t#E~19z{$t zRO0tW${Zc2_>%85%*RsW^Ay)&>kjzbr-6_aTJAe>9}XiCPzC5Az5{OG&K7HPc)Cel zZ5@YFH@`2~opJq`+)InzS7i&9MFtV$O0g5O*e(WyHI83hnP5@JtRtE-OjN%9MyP@W z=xJt+YVEoMUTuKh2Sbi|wqSaQKJ-k(iHIc{cBD~wU{g7(8N>gMTlngxw9UFk2Cbpi z2TBJtcc~W6Ole^)s2vLj5g&|6fE*UlHg)H~@01=i1lWAt+|57h*S2Y`;)ZYhR~|av zsyTb|KtFcZI}8`4GxIzAh|6}h?x65&ZfG7+Bv5;`tqi z%LBW3r*^R;QU?SewTkmQPZuy=-T6H`h`&Z{(i$yh*u3S((Un4O%wN@7erLyci8|Hf z;X*vqls<1-3tZgjv~PU!Ze+W>BMiT?(oyuRD zg5yS9Hl+VyPRw^AZ|3Na`sQWbD*fl-~Ui6Zyj;& z{LJBnw0C2qREUwES6ac3zcze}uNTKb2#tt|NSnRl!b9K=MToNULavBW>y2d=Vd7yi z{?_fQ(Gkm&Ux=;F9(N+nq7od4>36!wCX#Rh$;;UsE)r@iRH&~UA$A0Y+~Ca79$bbLG^QtVdRur}P@ zC?kC}1?m!Xi)#EEM4EAj!ZR^fOQ?U2{!`f1hMm`1Gr{xf00kZn*_9M%Kry83KE>rs z19zq*;S*MAm)+T#79Oi*RVK!AFX&-B1}XnAo2h2xv$@!E3ify={Ps3sWJNu}zKTC; ztI9SuiN=X6u&`yJNOP))hl1woE%jx&^P0{dJ>S;(GLeVLuar)CYG?ur|DvKp%)rqtXjOY9^A%Xo zAk@lgt~9Hc>+a)pKC8B>|9RqcIKL7yo_*@@L4OzyKr*)>8H{X!4W|^9h_YXiQEtl) zB{}V;#GyvTqqOQ=x;-etLf^k;+O!jXQmWP#8dyYOZdwzqA!3}N@=S=ensiPqKO{X3 zSr+A?2RV%KrOJ5_`Cr@V{Ca2oQwFVk9yKnoKZ+>{AE6r`&yOqe<%EQA{VU!nZ0b%O zco80(apB`oC40;+U>E-*8I{cOjPpMe4ZB&|3Xo18U}k$70pp9518m$E^cAA|Qhuc{ z;3&nHqH3qYz`Yl4ls$q9cKjk`h9aXoDofmP5Ck*yxN~#v{0_jnczYlI4jdQwYs)(C z=DXH9#N^vmeG_#=Co>^3dOO4#=pXdLmA3-;N5ivJ(yk=N|Jzmq(Y0s z80dD}rB>cc{bQdJMYfH}_j{%h_7m7rFWfKO4PN#6f#HobM~jm@#do$Tuynj?w@`WB z6k6{j1uls=ycqh0fGiO<0SE^&y{Z2Qy_~OX;Mo=EE;Z*ZDRzXEufW-@$UK#Zp<)f; z3tgoJUcF#qYMK-B{D(rw4qva}uX|(Y%l%hzNGCe7sb&pzb~{EMcic{q==Y|%k+=5~ zdZFJAIYmm!1EU7mHD%Xo;u0{fDhw+GHPT@Lugq5EuK(PnkSKa8;ff3--~6+LlgpgQ zl?d;uu}7xB8Y1$Ca|$BoK@a^A>EUq~hxF;Y8d|r!S8rYdgVZsT%nZGcVaU%74jDs)BG0TzQNW*`+XHOO46`@EHH z{60H1qalWpMU8(B`;TlFz?-X5XWYajX#H|^a0@#fG45p)jYHmjG(S;#Rw7j1;)@=l zY#c8ULKgO&)2t4I&oHbDFeY=DtAD*%Ynj3pI?boNl>2&V+_Ga^vBo1*kNpg_zN)IK z%N@psz#j(A45`Xr!Z;fKVSBltDVe|dWKY4f6Ynp<`wP3`>(|x(bvmzQ$fm;$OGO_C4%x{JQswFtK{e59jrB(3GZm=8#9`b*j$~ zp`ntV`{A)$@0-ubI7$R57AT5JGXaZAIaTQVlkfM9>4>DU^LhvgZomvVj6E$g0^*m< zm9nP`9+WtfBOvpOBBFj#es#f_r3dj9eI`&vq0d1JYlcwumsIm|`ntycYFl1~K-m&` zb5GwU7vphNN~42(;djm8MKLywws%*yS4`M71lO%KR|nPMo0n^<5Lu~;i^YY-n|$F6 z^_6KG9sKvtm3U&PV?7Q1G}UN8pi#1 zSNb^k)S|a@UyHM)>9sqY(s6e826aqNh_X^vGs-A)v|i~Xi4|L`lj%@E5P_D!YGvRv zc*cw>V?7NQUh9u>17eX^JA$ygkA=D+2dSeyfIan+C z7YhK+B|8$AWp{y{NRT?j3|ndB2Co2A;Cc8l)yMbxm&U70UZEXSmZXBv?X%Toh!^!wPaO_#1IVgt8X_tf6}TI`S=BU+~M@Oe!(6Qd>vH6>MuStarv zZM2)3miAQrGW`3)#XAt`tW+T4&;&0&cWafmn>swqN(J>-;v6*pLL`zK3D()g;?2uL zT45Qo?`1b??`%ApZEf#=MVw#1*(19lI5)20W3sP=#_xgs8Ho8n4J5Bk_JaJQG1vB& z%c2==;t-bTj^B;<%UE9{Wz#$|+X~Z25E;!GOJ`s*wv_N35hg>29s)cah4a;5WuXTQ zx9@zk3O|pkrZe}OJo)(j9`rj6!?er+bhwz6H_3_&zcoy-A+}JWx2|y~ZHdlKXsnGs zLSj>yW?$QYc7Mu(V?Nm{&>Ev@Y_oFKWY$%Tm2*BBIOfF;>Rj`h<_jl=SMRRUMH|gW z?+Wx4N!{WH5ib}8)u~vMdGW&Qr{brS>z=r56OBxB2e#xz3;r+(lj{*hN~}tt016kEDa{^8!_OA~uXyR)0B+>$bhnY7c2Q>+h7m5D0?$vvu*|A~}qhTYN5 zpj&;iJOy1$6yvl7JKTs{Q!u%wd<&>{PV|hV3ra{nu0; z*thGlvtj=_a>O9H!9||y(urTS3t(GFAwjfi4P~-;0^SP()yZZ@=Z-WqX1NDyY0Z%@ z1aUPjSDNd7CW$2z%N0#q0yD$BIM0~Eq`XPh%+G@slagZ{S$M}T=~YsZU)(R%4aX9& zS_wJwI{SQ|c>qS{98V2j+hZ18_yTHjm4h3n;z$rpxHG33yBieNA;aIA(O0(y_qvep2<+|e zCZF(Q?s}3r+oaGiSq#S&aVR2aTd7InUkem$icEMZrXGB28za2{cW|oL}^xVTptc1|KybU!NN%KX1;V^H?_1==D?NdczA7-dXi~GoH(4cU__v z+eIY&{n;h=I8w{)^$Bx=O4^IJ;avZUZ4hnbLU*gQ(1=_d(|q(3YLcve{&3l|fs~XU zWHKqGfc)2V>UfBdAly@5uaIej{3YqDorES2@uM9VOl>pqWVy_&=N$j~@BZy4{_~{- z6jvfMy3M+0;Ln))L51>l3`BzFVEzk?WM&bL05JIf|FQR#QBkh#zlwl>QX<_TA*pmo z!_eI=(wzg+B2r4HG}7H&V<6oP12fVM($eR_t$XkD*S*hL?>S%2TJN_3W`^gw?<;>- zHS?W;d0q0=IM~{&d+3roAG=EvaOiwyEbET~CYd8I;joagehNgFE(A)+|2!oMGQXe| zyZD7AI{$87=Kd(cEHr-A4RQk zDPNqJ+QAgh+*5<%ry`cIE$ET%{`IxLTK&itL@W!Fo#{tE&P{k62O#NCw(SPxU^c47 zK`5^?EZP?8_KE}N1rHFe5McDO0s{lX%M07->Ue%T$kb-hN$yJdt$Tmc za0B5XYVo9(6il~;)zWw0Y(=VLhJ@F^T}38BgLZ2Kg}Baen7ttMF5k;xyw@++nTIB6px7&!ed z93IE{SIxW2zy^(;+G-|`qfM3s`35zeI=j?bGJeXxyr5wmt;V?wCLK=-Z<;DMhXGfo zu0b#5o41kuVaos}=yN4tC=7#Scsk1I=#Eb6o{o&jS-g{7o!;7Pjx8u$f)1-3 zQP0tzxyUy8Z_Gdn`M+g`8-6GV>w~~1*Q#KF`yzkwQ3@IYU7rvcYOEte=WyQjMb+jHMecFJDxrPgGbZURaR%1**LNC&%+UkyEmO^LbQ?PVN84A({x>L?qINh~LHf zg?$Gfpw!O?*5ma5zrB{fF7LZ%>_;nd&6cSSf7c6S|EXR8h#P0czV+&V{F9p~9H

^Wx@@FuuXkp&<{@R^tk3ZpAZ6y zUt}gj`a37nrTmR4{_i!!Un2D5YUN+PV6+S7pOdQ#S^sGXo?Kgk2w|~@{|6gDb8Q1A z0;7JAT$u(CS8PayjPj=p{Nx{tdjN}z&7hh$%B%VMBqkq^_!z9bGd;?3My39$u@zi+hiSf6?>8F%;KIRe|UKsapC=a(+Bu65>tG87#Mt ze-{~di~ov@_H{7&Uy=ErLHgf>!Ef{bFOf;C+uL(Gf$sPS8I!`jCrH_V9VnrPl9GQ~ z^Iv3xV(>W%#h}F#>(5d@%(b@UHCHgB-g^0~B9*>Yq%1Fft9wjf;bZ~~w~#S1$ho6!|;#8qiCO z5Z23{Bl(Mp`I83uI6&FuHtqrM{QljMHvvt~b|Z@Ar^@@=Ls~q#Rv2|v|3D|8&e9$V zi2iz(Ka{maA)xU%#^TIje^B9f7YlIsZU(#D{2Ocicq#0UdTnS^O@F6oDfeB^zd1H+ zY@eyRHaiT>6P>+&-6*|d&|(#9{Q+2vCJ(d#4|jUs|K~?}@qSAFhF|+sOKUI2A9Op& z0A3PL&hs^rU+=~5?X}kLrSs;pF5OmWVZ*k49p4{HDAD*rr%BnII6<-tpd+&`}W z*0rg)L8bp2%QE=%n)mF?f2+iKE;N7=Kxyfa8OI54PUMpg_&4f?<)otPbAn%e!d&tX zcoTi3@9;tDWJu`BSjly1Y=UlUq?a0Uk+X<@zY|!qrt5yTby8`vHY_Zj8708s(UAZ- zcyX7MFB`-U`2y_BVRIg5+}m^>=*dejjRQ6UBB`UH?U{}u;dl0N!zo6}-qHdCXO5Di zgZ|{WU+4z>I}{G83?;;$cmD+VdEPM-?-yU<20~u^wVC(K{w)ip_!I#VpQKw~4R?3t z5;-0E!F6ks;rTfvx|>5)S((!N46{)AvP9@4*K36pLK=I#ItFRKSDf^0~i@RLnooQzX1FCrK8wmBFoF; z+lmthlJkkEtqVTe{R~j_LBWU#2^JgMCR_+lrN9R?VMlk@Fq&iz3<-S&GnJ? ze43BjMXI&=jco;HZphFtZ`Juzr$y?<79M-vyTWWEY*f9%KQ|mvcb~o7jxwY>gio@C zEeWZNsb^GJPp}XQ9L*E;?0$3}=ma(cM|WQx(p|A&UNG@iwgc?|F?GwWc;i6b{40Lr z2Y9{dj2EYe=+-_*Q^<)NraEsUlIa=NX`SJ3nYW;I5ztp2zj@N1?hlDy`ySLS7k@eB zHu<^Fq3>Cz%g({=KbX*h3Ne~2xBVeScXjpj2MXnd{TMp`SF?F16#6xNJ+{PS>RAuP zGKMVTU;F(}E%RPm^!?QqWq@@j_Kj*%T{R^K$fX?V75_me(vZa77NBbD`bj z*Ha6Xx0{P{^8Bu z8Dyl*;1>v5`ql&aRtrpoQmeI@Vh}o6gUCAW_Lry1d!5K)c4A)6opCW9&t6F+o{cvH z8JDdMxX+$(BAaO?hqY^X^Tm$z31_^Y~k^-@3Fwix@K#v8t898z%P2d5YUkM zW+G@m6r>;Dy?oaPkI+@0lUb0$=jLqiEk?1a$Nm=G{^WNHiknw;K|Hhnn=;P;yylab zQ>QnD@TV?k!0uH`$E=$6J@SHe>cQuyiSV9u?=yaBYxZYt4v81tvPM(=sr;tB^{7TL zTA1gt?b=9FU7rktUpsLbgi0*%F2;uCBCrOvsUT1)D}%x?-s_tmhdoSBMdJAR)>tB& z*SGR=R(U41g@04Un1DMOugM?IR zv0u)nGW-QD^Qh_5zpLSfpT0DphRMIH;k%@Qh3!uhShVT&n_N)4v&2cVBqO2|Sp}0v zS!6OCCsONr6n*!yvOSVc`s~T0ZbPmxIlEUN7lA3BcE0ZOzUk4B^M3e)Ey&#I#vK2H}q!)!RoC4N~cbbd5X8H3yUmq4tLr$^FO(+~YY-R|{b1$T0aafj)EBns$|I`wHnL{4yYtO?vAwJ|s z{Hbt_Kjfu7mi(LR_48$hD{wFGj;2G1{?2L2RzIRPfYS{9+M}o?7n?;s#UQ5u2BS!W zC5A>ezAKCy9$#(Wy(qo+ZHG*OVMH!gm|Fe*9RW#?Lqesjh-)jkcx^7rd>3^0=4IKf zH_K!{d;%N+y~kU7jU4Y-esay9hyPOu{Ak61Lyyt6qDA{dd3HVl2uL)SiTLHMH&I4Y zuMIeq@3*0C9(zM6>2aC>o7F)8z)bGzj){-vo}C1dpDSIiBtWF6h3sYs8obs=vnySIB9?mj zMwf?DngQOwd9I&Ef$7@ya$QU0`Geeyxoe*_g;L;mu9w4i*USFzH}Plu%yTi0<=3uj z-@<$hyUNKHxf*l36g5cVmDMOSh*4`jjWHbt_S|Q)^@*c$w4Q_s#X?Rtc1H8hKE7dJ zB8H!9gza&!G&A_$#*Dr?eq-1zbotdV`Uvg=E!iW#x-646HTkJre{#mp+W@X0!{=Ji zBZy0WzUL9}vjfp@NQgxLj%Vze{LamuJJ1zFB*MkTWjj9~Qqj@D!)OLH>(TZs{xYW{ zP%+-a>T_u*ZOVm1GuYYF6L*Z)8*_f%Uz-%0kkE6;4P#)`D8Acc^X${<*l?jbqjsf9 zfu7qZ=31T^mXojE51E+m?kD9xaTN7AUr3kH)=qTUoK)s>v9K2;HEBPv90n!;WjFpC zl@ua3{E*H6%hiVhIV1%Tj*(g!Icr z$*8mHa!Q0SHE-VwVt6#ZVN&AWTV?+1P~(V^Jtse3chs)?C%6CRS>FSZ<_F84)nurmZ?( zz;!z0Bdf13OB4;-M{4Z!`90~p-6st zlW>;{t0km6u$T@qUs1qv(iC7OufZYd=eyijQg-#1e3oN{am;3SenfSD8N8oV09hJ< zDyf@+&whp>RzMCV%M~>G*E@cSf$*16oa=;0MEq}Yj&{o+Sy|Jsk^9znFRcwPqR)Z- z-I`f5%u+Oi1i*S+r4k_Y9xuD<6(6CGOB3*v0v3PR)T*qMz zljCz+e=ysGFMW2jWo;`96srB?@?WUPzt%TNNDqI$WnBs|f~0=Rq`$!rR7I~b8Uf+o z;`u~*7pomYQCH_>=@SI!z4+;ILs^nz^lo>oa4hPX8yLfAA)1^KV! z{P=F+qigs^!1{yKj|U112UHcP&g3q^FQ0MHxOaVfbZ>uudq&CJ_VK6*dhxF1iccWsqmH^$bGq3{TQDE=NK-*;|2Msy1A;dRlGDssrf>T*B_( z$odaCF(C&`##9|`=nqVB&;mFZ3l7=O!oPmTobx;ApZQz;W>7wkP*#Vj0DG@30wyvRGV2(wIfoN1i#t+ zY}=ycyxmUom3OY2LbUvtBrz>P;j%yhavbhkfF4UcoYw$BN_)A0XUA;^8} z7jN*q9{`p;N5AO_029a+b0rpXT%{f_jwntb&Fb?mIIRKe8*&@%*e>$3`acGccfXD+ zie4_B4_zC{qm7I5yMag~bQ3&&@my6pm3EjN5*8|0XPi2%#9M`^VJG;2*fkC*^@y=I z4%>U${OE@EBy{(644e6s9j|4Ysuep3SEeY%Oq*v|RVce9sC%h}^X%oVB?9xyqW1e~ zr~Z7B-&U*q_vRXJiAV!ACY|_shuE{vz;q77DgDmzTha1O;iDGk@0Yxvr7xIvD0aTN z_V9x0^bLseh9*>6eRMAcaFsQ*3J ztWK)m9AZ!}aKbEj*XjDlzqKF#S-Soi`q$%uR*Ksgu~H%;<_&A@8_#OG)N%l0D0*FB zvmJPs@IiuHGrg)lccPDmPo)mb*H=00#DHr_h44{^ZX2L51)iikGw`D zYI+j({#h&1eH|G)0qTcsYb!v#$&;3+x;!~&EE}^XshtyctZ{W3o2XhT#xB@~$wRD* zPJH(uzHXja0-wk>8h0gzXT`1FuPc1nit}6?vCZKma_#Pkg0hCNa$L?rb+b3M=5<{7 z`62eV8=gCuYuCF%n4n6`?Zi`M{(2nw&PrpD+U=xK+37mlIaje$j(bvd8hMTc(m?=U z)1ZI7Z+4yY|Mc6K|X~3~HsdfY6ka6kf56IA|~!(J&Fl?et=b zYVcbhadLJh+b+7@$H;RJ$-Ur_h#hgDu(TJIL&Kh*XkbP7xbFKY$@lmcdYrlC zW!a?&>cIZ9P}A(}v&Kih9i*ft%;E@00W3i7#8mjWEqD8S0{Nh;o=S zMOl^fPrm5&t8$df^AEbtR5kxL4*QP^QZlt}JsCj=)AG+&kwMVN7=rj30@&7K?BOJk zKusY<^zv&b*PGhee5*yBiiCiUNaUz6TLYC{D#10^$iOyF8I@LidNt?dzC62SM8jPu zp+!JF2kRJ-fJu+x0-?1DeUPwdr;;W{DFu}s)W!DCBqwRie_q1n=ngJh+SHdw@;bqKBe^l#|kOwkd3aTOsIG) z*2Qn9LZzS@oE=ys6ra<_%xpfJg-)BV4Rx1~yU*@_Jcz~C|0sn7sQ;0#@{cC?R0npb z);C+g@S%)zixbo?`w6ySyGMg-)SJDstBw`Yh09X#65G+9m=X*Pl*t$!RPPhLLMQTovDEYBcPu_% zLVaj4A%lEuV?JKp7+$hr!0w?hM-pxCMx(Dt+Q-XrIuo85MOB;R`N}|%W|?HeroYc_ zS&wkMspX^}m#aiGb7tn2hOGb-f8QxNo3en;5(j4cOo^(svp{VDm=wGvH042G4`1a0 z3wjI?D#a2z$Z+NdSRczyRp5NsR=(gzo_G^3vQj^*7X$z}cc{?OAKwMHmfEtPfzc27 zYK|3V;YG5<&RaCwq+%X5cc}F1x6Th<_t8}5WzVEAcJz7YQ_XC_xHkocgjj7Fxc16Q zT(CI~n)^q+6(hFNWZi9hTTYr4J_snKGkP$!kk_&w$ETSw2OU@$Zg^Ow9};Grk&K)r z2=;JovEX=PZ1O$V<6Bzl95ZgTJf1J}=4ZDPfYe-)?QagBNy1ATKAf0m^&n2XXfU^b ze9Vv<12fz@Bym|km#))LsQE&soUmdlHr-AdL-uKJVkIPPp`j#MHg6`LZ8T-%vgT>W zV%lx=7JIdnZ%^vsYdWiLAq%*4;seaywBf5G@A?PKHD@xE#RX^6o*QiNrEy^1+iL2Z zu|GJkhU3g|b#Kpdj=@!FF?XnfA~ZS!=h>z#`U$=96o@pQrU`Tn=(KQ`upQHS*KT+# z@UHLI=c^`v@p6fHM>2a|9qa*tTeez1JibMnIxWjTD08|U@;OB2C(zR zt1GIgv{@9U{k4>YM~Mn3@?8Qt@a{mZ=9e@LVo3R2k>C zJl*$!iPIy?B>+snUQwFj*x<6EK@e~GY^oBs^4ljGktxzTxXtnq%ghd$=Wq_rQp1XQ z;MvTp@Uz#J2}qe}bx-Vc2w9&W`^Sy}BV3uO!=69rrc@q)yYItsabvP8yJG0N-|r)j zPNs4k^V`KwRl!jZ$$TXA7YY*Oqqk?@eAKTA(`JM@A8$SUOlc(f0PrtCk`y=y=$cFp zK5z^W#gH6ci2zoYC~0IF$t?4IqDh(4$*V6T7nuvvrt8_BBNDSYVbt$~H?)cuv>WH1 z4%YDT!uWICo)dtbeC!V|DasV8sL#NWCyd8|XPk~#qp&$g#iWYXY6r070|9JBQ3 zGQVxQ+qi1&8jG!!KhkWy&6yS6Vwg0}J+rl~n&%3B;^S!KSPz$9<@BDdr&7LseERma zwSjJBkJnX%U5RJ`G0P?k1KDdfaJ6AA<)MHibe8R1P&J1r1>EQGG&gc>%($tmGVHc# z5O$sT6wfEc0ETfGCqiCaGEU|r-DP`Lwr5pQ%RWi{F8X7rf~m876_Q`xZl~jyqEOEY zLXQjTcP!!CCz;{f351l>jO5#Qr=}M+G$hm}LO0@7>W3pAHy*3C_$Cl4kASHA%X3$v zUw<5(sew4j8GUV5rSpKRA#xh4y~8FYyR)r+>C;zqLuNqv7>-m^BI%u;;L&_qTVg9W z?M8BWt9O6h2^d}2CxA)h1Xr5-(DTL(`6Jd90hez@L+wG6j9wK)VAU;H?N}O`0NYWU zG=o|+RGziqJX{HU^Lp_!=0Td4_ks##Dx;NNwH<^BzB-d!ScDw3Zk4t%!m>)_!#X5- z{MKiB8GM1C+^R{qYxq&l@1dMay3|UoCCiAUYut5?wQ!xIUtSeh9v0?YL%{hjxLF(J zpqlR)CWIHk>1_3yKag+-2w)*oAeXg)2Odc*T`a( zJWB|vR?>)fxZB71GCtY95hk84Gy4&o(D(iW7~VxDV6RfHa31 zf!2+|dK43#jCb?5&ooZd9)K`c=@;Z;(I)0m?pL?+eT4}WXs-4Wby%uFKjQ+u%Jj}i zL{(v8^&sl}zJ5;oFX?6}Bnw(8C%&d0@b@CxXU?f1>gAdC4;9Uojfe8@LOeaKv#G1$ z39asWq+??tJmKY{sfJ^yT&ZI<O< zAwFKf$CvH&gFLv$0!s^}{-!D0UPD~mimPe&FC=EjA+ z$WTAX;aBWP3|7dJzmI2q+0qY*`0Q?AVR*T((z6b&t$l0>XA$emV{2KdS9Ys5&>!&6 zKMNFUSL>MA>*=e~&RT4He6c0+Sx@?92nV`(C<})&eIYg3dcB?>=ygd zrh-eB+i0Z~3vEoC;d^IJKjY#{y*t8n6_0&oX;QV0GwfosoUkewHGXT=y=Bcm?~^fS zyZCphaV#NV|2L_j{vkCx=NUih2Pv5S9zgu>8!!QV!~~Q5SQc9M3hE@oNuu)7-6`)2 zhm!Kk1Y!_ADAA!w*-}X1F`_bTCI{KQbv-cwc30a^zT5UaYDf_EYs(P1Wpa=oWfU7C zLw(~dx336Aet8&>qp@fKz$O_WmG_c%X=!P1dB(lc7K#Ctz@jvsUQ$I63BV)caTpwR z=fBU``_`x7V0)Imc<1$f6^X&}xC^QKpFt*j)7JKZp{49m;*Eq+QhLxPd&rX=@ujz1 zwyzI1pma8^ZaadBhkMpWS9Ne#RV9x`vkA!T}kU?(jF z1OzM|epEnUj2@zI&Gz#MEhnPfTj^{h&DoRwR=X@7#+qn>#j8F_q(@(8Dl{I;N9Loo)_lvYcf6y~gp>aonL!~X76@2Bak~`7d`*qHH^3v`6eX5P zVs!hkH^y%kiqxM(r2Vw(RJ;v~A8)Hj4EickrDvH5%1oTX-L?URsfT9Fyul>7Lv?49 zL)V&{h|U}AG*M<@+JW;im~KT=(oAWtFOuQ0fA|=mF7)WKw)Engb;(5y+mH_J-R^|* zBW8)LXI|xIzAEB=g8I;;VCJ!*+5_~Rfy7S2(|E8o(UkCp<^9{rSxx#ObHwl35;~>EfC_^jFu#>`}o%l92Csr>t6BV>?C_ zytrT}wB5osE4a0yHhWxcf2=p$oMbSOaJLKJv=*8Y zmt*2p8o9^Ls&zjmr|;I-+~u&*Nv^>i=WSAq?FA8um53wGaTFYIOLaIgWd|g1xI|Jc zEdkv!*-nnH?__zZZaO7s{2(!ZKK5gHiT_!j%sy#GTgcJ8WJNF^=DG)bkY2AeSX6@I zRBy!Ea(|mm`zh7LWWKb|17`m1{1QRvp^vfrgmrI2YPMTK?FRu5ea8Z?>Pz8#_f@N9 zAAf8UZB^G&VX>Y=n9qYi>cXG10DK@vDub|YLZJnUtj`17sQ z#NLrpV>NZ0(c9_aB4t}quvDK&zYQ0%sb)Clz9&@Tu73q@X`vY!Uj(P{AjS& z-mU8J4Tp>-EDN3&Di73!D=bIMv;nMv;#pe&et3!U{AM0+1RHilPE^n_P;+JD}K`=Sd(f2B{#EqJa9=U8fb& zI;kdCcWH3#4t>0)fx7^G)3^CuHm}J@2MD8z6x|>J|1tuhDI#ra167DDt-%Aa&|sQU zOBZZnnuS8fJn4ZnRJtd17r@fvu*jv^j80QM0|Uy4C#T|CWB7)Xq(u5+SvL8Hn^XFw zjeBTKj1OOej<;tQlZwn=o!LA~$BufUNkb(~^IkZ^$g(0pc!c819gb0K&eWPmnP}ip zaG#q^Di4QY;IZ9~hV<*F@Azl9GweBr5DrRU<9fS+%*m!HZ^xunNOx=O!J%qJeU_uO zWkA)q1j=c1#(l5nWt^i1<|{e>0WVuydO(F>e1B8e*_wD5i- zsdh|oQ*$UknAOgkdsZoz2>T;gTvJ(?bwz&DgXt=%L_T8(##04f^T+u~1XI;-|IoOx%;@G7w(Un|Bhj2jyf#EXq+<6gK`1Zu1N z%)_QTf`Y$pvYE6~eicyAl2d~nyb7W5*+{ADR+QkmY#9&=gy6Ntw7zClQ~HwBGiXRx zQU}-b9B6J5u$g~N`|%?Iuwd`!!fGV)_!;6dv8S(nGtOv5SX-6q^1qP?| zlpDQoJwf;(?6uJ-+hfpGTH(t~M-V-M>Gt$SBaEF_yKO1mlQe8~Ib0U!89y`~WTI93 zuFY(z2UMLupjqRxF%)@?4dfEXpoOJ*jV32m8IJv$b|deuqvJ0!p74~rwIDw-CxC|)pdZK;2G zcbv=u(wduwE^9Z92P==cz_zP&ry3B@TR?|i4iX8|3Rlb*UuXK%2Sx{I;KA&r+;EA5 zW(VJ^=e~V{)T648dsjXj$Fj<8;h+f4@cHQM6Y+{sTOgY4xe-z(xQ7OMr$2F5f$6pK zV_Ca!Sl6HTt@|d^5^gmWJr29}4;={4p?gliN!(KjW41CSr=pya&YnX zVEsnFt~_G6m83E>2p7fTK57`-Tr%jE`+11@%Xw_-z-|fr@H<6qxE3=&C=O))`?xvD z`AiV06zLGDRw4*!l||#fK2^vp-VA=S3ki7)W@VcXwl?GOjEP}*^q8(vAz*fZ#OC25zZ<+g%IPupS-aA0=Q3m4`xr)9qDz-DGSgr^8s&3wiU>Xz zf_R=k;EI=gj@!rD%N?mBb@Ex_Mb^$0iYeC`0WTC>oVT#87WfnFS znUAycq}}?7{>!>UYrobt18PjIWEv9y{`NFG%(}^I<_s zMosIE*Cov-YRMJ~Wq*vYwBXai>oLlHw7`e&O zGN~p7$F#LlJM~AL^#|NJuk>6}3ofib%;wp0Ci#QtcKg7&?C--Q+s+P7sm80&FD|C84&_-~vGI?vcmDEx8Zv3RaXBc1h0Mmrm2hq_K z4z|vHP^9UWE477^k$;jedegvztCYf?{YpyPk+3fO z_7+!@y7#uLXw~V3dnvS$VX)kCRuI7DLK?#k?7znkE)4`+{}w+`{D>bG7BkR(MBQ8n z>X-f@R_gs~KEx%)q_;N(ufy)yTA)%93->{6TwG!&ZcZhzPfgh`APMb}TCma9)QUm$ z#Tkx*hvDV0H!$wGI;()s_574O0;z8pmBY!&Y0-~$#-Yme++vRMy6Kyy%326FORX2tZL2MI zB`dv7x-%}o69x}w8^>Js?znn@%Q!_Nsi;wuombKr5Q4_5q6C3SU_dRha}XX4P}%i> z#Dv0O9H+Bdm|DLLWujm#tX9dRScS~j)B2t@SdG+*%Jg7$hSo(#zECMndWBLbm zA|I{PIDcnz`{=Q=W5wpA8xy^iITe~5LCVfH#z-990rRN3LS*hJxEY->M`~0uBPzUs z_#q{O%uD{e;L{oV%vchxC|sFvjn3K@$(%`^D&05tINGo^CXd!?9j^hg(>rgn^HoK& zSC2{*^2?YD!aL_%6JfZ;`KlN18CIUwwd8`g8}Y1Kc_`^aPx4sgICTO*dgXYyv!Aw| z;e$KrRf2i>`}WY*tUaeyl$7VtrX81Nj}4>5t1j4=$jiqw*124MfsBzA3lm#C%koFv z+RO|uWy`7OBL>!xoylC@@L*CUAxrddk;DdAEM++u>Lc%(gNNayO~x&iZ_rN_T?S4uw%M0+rSVK zu;wj`#Bn`N$5UKE;4=|0ziZm9KpS#vS#K0P9@HxF^nt@R|5HvmuiX9tu0OwA=OblFbRLYo=5xMU8H&G z<6cv{GVW#~W9+%>b@3Rs$+r<|M5zs|;qBrCg$xtS2ra-<#V zBpC>|;FLnCBl%EG0Q+EAG280F<*)aih;MD@IX&XQfH)Qd$vv0eba%I=e4Kh<9Ge)a zD`(Qj>8%{6>T~gFO0#6)PvA#xx3}M577L4gz6WuoQmePMlJ&I(LEcZ*)p|5STIK3C zd8x{L)R>tXoK+5?BNq#e*pIw+#Z#<5njfgM3ti=WO~kUuZb~yF#_ltt&Q%8bBR}DP znGvd~tG1k)k&I=7JRNIQ@`_4)Cm8TagU5AcPAJ@acw(3dEbNp5AH$4~Niyv4GL^H)EES}HoKp%}C>k)R%B5qbSK zqSGC*3-o6rrPRyr+Eo0QWU_~<67x#APJBS;8`E&7Tx&~{M_B_mX(_`vHQ%x+j_19A zPiL-?cLp|M4~Rp~Jf$C97Q!_+rsXIEi@R@IMHikF_~c0XY`joTIAX@O;Q1!~o6_%} zMV&VgEB$~{A}*TxiR(HW&k=;wFd+<9ZV;wNrG8|IaT?JzpC zpV0~&Kwj^YEI8LheOP~%X)6Fl%#hT1W=nl6D>{iW6Io%JrD4F3HDx$@O)NqkCoI;{ z!WDWW`k+TDBP-v1Q#_TjWjZ<7AQc!w=IG1nh(t6UBq$Vb!$Yz3!Hsz&DA6!8Ph4l? z?#74$%wx_-o=eBN@G7csh=t%cb*q1R>wY?@*YWv)`_~UUbeFn+uU{5sK#;~%-9TSe zALlFmKU zRCIKbWZyo{8VM<*GA>)lAcPHY*~B(DuiWOzRY-lXae1}@mh(&s8J{i`XWH1ou3X2$!LU=L9{4Ej32cQ0B(Kow;SL=qxF@lJE^`=^^V zHee0%VXKG*M5!!(fj;S{ha1V!Fb-IM^N^=--IIswGde&rSju1nZ=R2t+tn|y|HRkK z{_c>qICiS4?fA!Ljb`1B(Wnxevp_axE`=Ue!WC2Ni7?jaZ8PRfo88k}l_nP-o+hx8 z1Ut)fnE3_5@Xc5Xmlq{-g6Egwnf00s<8AZ9$72*?xsDeEDoeYK8r6Hu_TG;Q8fn(> zu33Ms`oqiJzR*m}d84ua@ixDBI;K@Bv?dlxdxSEaNRZ`OCW{{@g{cLwqL8s-jWG4w z`V-ZJl^k2+IZDCx$bvMK7X{MLEsH1AA zID#@)Q*V{ITbJX$_xoVuE&E4iO`cQEN5NrE(C?G-^q7$U4Mqa?SpNYd@d@PrXuFqE z1PpM#E5_F(K*fC!cB3BrN+DsAz@pDW?o-VK)Qo%#xSoARR1>>F9dTKvrluCmI{5r# zX~G2PpUCI~rdqH7^SBCz4DMi%@&QOus>63KO>J@oxxbT zwiH{da5%pClQVLfk`w?fHB) z%X8c(4lXkUJFG~Zoe?yOvCQYy-heR@CUGWfy6ycW&e@ai_Lhs5fB#%e_B$5?hlu21!0nF;st*qM#!+xJzGRIZc#Ll}awVH?*FnP~MM}h=Bn?y5 zJ<3P{#taPJC!g9NahxO)z+m2@TC!-Qq9gUg(*`e751|UlUEixgnLmai!D=U*E>=%{ zYZuC~Gu23e?&mSSa-bUbpW6gXu1B6sRpEsq{?TkPxQapmd11w_a8o%qr_|qXTqFZq zf}vrvuVLThQ=q)a9R4;$R;RXjE%bT~nfu)51b;sL#`~RN+w=q1|6*ex&dy zU3SMnz+|x#`(_c)hSs&u+KVI)@phR-c>s7Co=CwXWQG)QsbGucb zI0$G5!U5WWCN}HVl*@jp!B*^+ zIU|tfdG}cUXkG1F&jeSXI#5qT7ZZs4%3c0jcn;t|6?57T`}Q;|!>3D@x3*4}nYUZF zcwJ_ik(%0gd}^av+D}xeEyQPrFU&+>fae;1YMBQ5}9ug7uhP2{BWJ(>r&VK3h;gTx29 z^WkpVI}Yjmc1u~<%%kpggW?0h3vJ1$xtIg9Oh9qMYXq=LtGSasPy*RYszX7bH1~q@ z>Pg6_F7tyi!V4>LcgKLcmyd^eRr8?c9mPdPkOQ!m0oc>!H2IoT2%zu7S1Ptj5> z`j@*h+SRLB886XT)n3d^?=EyK#c3KQ08D-RbE|Mx_G09di{5>sn2pjV88xXdNyHMO zJp(|D%vS=8+tYaMwjC{U>$cQD+L*oa_(|h@?9E%JUD>j9GC=JuSkt1cKaCn%yM?l+ z%9{LOB@N0tbG+%y+I4wx`{j9kMb_fWJN=l)mZAe^KtAD(lLoQCG>R!m^NuN&1)|nB zAbT+y^oW^gmRSm)gTpoeK zR*gEc!nX{QG?=ka7;~j;xG-|7gbH2JAZB{pYl(*JR_c1o1&BngRa@xo?k&lV26eg4 z-j;J1Q=asc+k<=be(hI8<|<+LGBgI?<;*-ca&nM|yf1&C6sL;jBk4iRKTb!qF zTFmnaR^E)9PA;>32VoL|g);-zl>|TXh%(A@dP7@l>n0lG;p{nei?xMhVzvsW(*sjj zA`5EpW4#V9(_F4@p7#;l*mlLX+!NWL#|~RQ)ZG;;;@}$U`9VpaigMy}E(U7G;Nj}&z*JKgYBw$9MAc6Ll^MF4f0Ou&6%VR`= z;4ANyw1+JZ%D`{hZVaD$FMWEpuTQm0nqwWLArgyU*Vw-mwlwBkWRHk`Q3val;5S_n zY2o%J3+~TNJkx=f+J1ry#g-e~36Y{eg-s-P8tM1e&%mY5tCtOR3+LYy?^ev*(F zZk2yiK3lOTlh{zM6|PROn>-aE{7K(*_+LQu8-DD-bhq|I!&{)Av0XJ{p*~;l{ZLim zSjz$+eFny|5RZ~!ai-?5SPU@w6ex9^nfV^uHX;O8?r})O>yYulX7LV(OAw=QCs1N{ z6Qnm-1o+fM9W2yD<=9*{bmqyz#tZH8d+o{ln+J<9&uuJIOL-)cvQ|Dx*ZXv^@tGQH zd_p@Ox79&|qirZ1F}EGYXTt8CR?i)&dkz*ZVfY3qG?EdtB*;NPRl+Ug1N;(Q4Gr3! z__Ekk5J~1Z)FIvHvs#tUm_j+Q9b4vlIPJRVdpE7n5e+2N>$#@IL=zR9al)T`Ra;=w zqo^vR7-Oi85h0~>({aXVIf@CjMnm)9+a^F&*e5UB5Mb&>wW0Uf!T!#U)M=8+Xaksn ze#qNXwh#$j$G7)Ic&7bKxb?clCa7f4mFRJ{yn?gx-0Pb9UR6|%YH~LLjxtfiFg#@d zI;1;kZYur28RcTXjDGFJyQXf^J&aOP<<9b02v!tD3vNm${F4_?YlR z=oPMZSwdMN3c>ii!ycijE@BvF=r_@kmTw^?1swN{DQT`P%D`)daL`t;;4>3-0}}Ej6>6Y81Obln}G6 z=!))^Kq7n3KL4oU}(G7chD5~%3kmxov zh^sv@mtPsn%P3iV>%PhM3{A6>VDxcEks=@>VPZ%H1FewR8UMl^`P6+Kg65Z6e{4-Gf zU5dFf5I{YOwb77&%zm}-LR9m@PI5#GW@84EVpL-wgwd;XnReS;^6zv3+1nU59$wsg zB)m>)K(mneXQcnd-kZlm`M!PQA(Xwcge-m936(8mOK4FDNtRJEM)qxlW`=|!v}?$o zEg8#TFvc1x#*$@>8Cx>Mj7gZm81r1}b3fnD=X>AZ=a1iWKY!e>-}fIcyylwgy3X@F z&hve|kN0sL0PRtQwtoxA{VDZ}*N&b#KjQFGhh87VbFw)}POqnKhYYZY&+pDA2TxUj zlh!Wm1@hq&KYn%Zdw8J80%!tJ08(|v9X)&lG2X!bNnTR7(G>n{w;DKFWq%<-@{`{^ zAhabZ3sldI65kHg2>Kx>`wLvn`)(JO8@X@C;_g@zZxu@DDGjXDg2!YRp}zv1Ar6~L z>YimlpcpgQ`2iq5PB>oJ4kt3%6OPCNJn`4^QG533qe~^%)+!XC}_9yEfbcQNV9D>To*1Md3PY%GqYj3%2QRTyX@)hU&|0* zym~p)W>9o*f4R=hJ)=jygugM?U;37gOkR!iwq46#S16Jh{Nv>H|Hz&HFWiE{JyH4V zB&Lq2!7BS9$M)(GsBP?T|3M=RAX56pT|Bq+T-RNH6UD$na{XQ*5w)YW1eWn=z`xIQ z>h@44I{LhfHMej{sr4TQo2z^F;IqLBxvG2jyR|=lX72)Xw$0i#*wI;9FG;m|dfzPT zVa2%qrmdK1PK32KP$o}W^Ic)&w@LGi9iPoJ44vAO74{5WICAx2kheYtzA|qfy~!sm zqxf7keJ{iL8uVPHs03(vo?xEuY;cG?b68_{`?I{xX&_Uvw$1q9V|o4f+bwNVhqSe| zJu}mYXb&J6;x^KIv~E;I zZvy_TGfvey1UU9@Vz%-ZUo3-XPutiQv~STE#X!=*pB)@pVZJRA5GURDMzM@LGYhYP z4i25>?Ve+>Vq8h@er@vs2bXlkT#Eyi^-G^z96(MtXrU0LcZIG$e{iq8uQ~q4!zE2J zu;<&Hwg)yTdmT*W&u2W+J$ID|ojTXpds^2_C(er_qvPhE{B7+}h}9*E$pOW!Abprk z^+T21M=GFj_goPh9)Y%eA7-PU?*5)56lV85#qs2g4pK0i5;>s~Z;Exp%6jd*OX z$qS!cajUc6$7{YLRIDNNBK@s)8L1%wKT=;=I1HXv?q~5?pK7`P?t$4CpjftRB4lTs zPM)Yp0RZE3wDRrGsd}*Po5yVmL4Cy{|EQi2lu(Zp0Rs* zBX8*5c$rJ-!b&&}Q^&&j(r=7^s-jqfpW#&2*_Z}zb6UHP!{EraeYmjDWO@qMHIS!AM$ zQhW-1Cq%sWVUU2y@c?zm`_VCP7ml~(GGj7AoYgHJfj5*yWL33TT=GcnY9QbCsP47U zOcgeXE~3{3J}#oAC|C@BULPxU!m0^`#&Et{dC;F2_QNS2SN6Rg^{dJ1AxD7diNf2D zK7=CE^CrpGiwKV;{_h~K*7N<|Vh4}kG%^XL65!5#k#xg`TD%>eO-M@C@1_dyN^UsZ z6mV{hhauu|lty<;C+0>^0{F^mk=$#JOIOz!fyelaQy(E(5-@qemng=`@0xaWQeQ2> zqdYeXqxjCrq64O4Y-xg@Yyg3XzS;zk)!NkC*pFvr>VM z5+8By4hHsfobz_CjwD<;5V?(ehvI+nE+L`eVK#!bsE_``snXco{-B2}t)&yQa6Js$1kiC{Il5O8lT^q+RFnW1;FQt%FvYJ410R>C1A#`8B>9>)RHd-nsDV>g%~~+Nr@XX_s-ra>*RL zu`a@?ASfa|t;W@Cn7?xmOjMM#!dhOC5Z*@b3I!P_M-Q!C@BB2IYCYcgS?K5_^EB13 zmT(Ek3gf3JXH9~yl%@EiJ6xWVnO7Tm(re$OR3v*EfJWDF)b46IsEpxm-p`8r9V;?g8|uHIZId43a+?FSWYOJ|S>n^$Hrrxt29e7-WI36hvZ z)aAR0}c#&xYK5gXKNaEvvV4fYa!NnJz9%)v1PVR3PpT`(w zN1D||T&62sP~5=89qe$K10GMRdTqsD=l%TN0gC*)c|IXuef>SXPXu`XcI{uEBWii; z?me|xNB+Ef`Zlh_3O)DWy??u8_8IVR)$;N_PjUb3nC^P_BFrNaXqZB1oi0PUS*Jx5 zUNJHe5dT;2$hG~8vXRjN+)Ql7{$CdHB%F&|rpVAVSnO}NIr<2=&9f5~&*jB`v^peug&)OJ!o%TfbW~L+$DGJ zZ!>)HkFo&5uBF9Tp1y`T7W3pKaN^NVaNtgG+( z+RH$>GvLNi1A@Rrv5)0M|DLFSTxk0sQo;9pcvIfkVPC|}G>~XYYh99w&qB5?m+&#G zzdrNdU*>!%u%ebTWWxck2KY{+xvde~6z?Fzde}7GJI)V=S}C1 zY%Qi$dStBl(SLrNe>~V*dtfbv_Xz8o{JOE?3NT_<5%IH%|GelW_D{sgK9l$Vt0hiZ z{dZX+Fm~}`TdP#G=KqZi0%K>oW6S#Zo&IeG|2BhvHi&1R=3V8OzYEl}T$cJ9Zv6{-QLHt}+x*QiVQM+F z1GQ3Kf1;b+7hfkxDwB_ z+g`ij=!gf(lf*Mh?CCCGAj8mkX!l`D?LBp&s4a)FHuU2_e5H^QfYc zQSLS&{C~R4{|2uUBwO9@#$WNo^*_=4S=~!tBHLvm3 z7yO1l9MJ0lcQJAR(EicRezSsqUQMUxe=VkH<^Kw2?@ylw+BQ<~m@&-)YEXF~t%~q^ z3>P8g7(@7vVgFC}|9l+)f6|#}>V6M&6B3w~fc&0q^yI&e%da>8DCF1pWP+6@y!~sTav}?5{6( z{NGN*U)J5forwRlJO4lJ*!a&b{J+uDztPkG@6gk~&EPM4yyCwprT->!_kZ4LVC@j> z-;-fxV`JlX$BX}kDWZSm(RJ4*%iJIm+Q16o!qp(*g+%=Ry))an{{ z$&p6QdD+xl14}t)uk~evBh?(B^qdAsCOI{h-O;u9>N(h`(E$9pkn4W^E!qF51pr>2 zfcLFC(!3(luDo9A7)afOMRY72pe3@rIodRXTZa>8{bC2~3i7c4|LR##P1nBzl{*cV z5tYNtRHjJZ0Qux67i-%wHs+jA=$U)xeX67l-ygK`C`&&}PzyDw1=kL24b|t|kIjACMamURUZ29qkwOOd5Fe?e^VE`$M z{=NiCHE8HQUgQ7TVFk~%G+D>)OTf`gCkiedmeEhKc^Y-xX|3DNt?S2n11j7slkIO} zE~n$(^Rz)UEmY1EGnXuR`C)fwDTqXdsy1o@9g@9OkHs4qjXk}1Aj zH3!xiw%{gY#N`!8Ev*)6gup2E6c|q|9?3YxVk&3=ih+}%qhTb^yB%c5jrFJFX|G`9qhv;XFD``FW_)SgBSIu27YT1Nmfc#*mx7qL(oU{>pS#k=p)i(%=y4+9uU zJs2n5cQ&N5z*Ahp&@mr+UCEbDk+P6bb5RT&5SgJvEWs0-VT`2j399n)sK6U@b#AQk zJx6kxGPmh`23ZNAzLpi4Y`hA^($B9`o*-J9W+fRKZ+HhL?_7O|d1y>}X8WO+DErKTr>>p}J$&dyV38+r7PM1Ge%laH;%S&<}q~ zW6zy;5gpx0<+o@C=x`I&{C3b=P48z9xMAM6OuU|Lq)SW$z%KH9By~ z+E>uyR91QTN&zKW)KJUL&W-}q=F>i4o`K{lo`!aBY&QI8Q3jJ3U2@)1s&D-AEvk9i zs98Nh-Ji~EggBUOi~706M5BUM*It=WXle|z^e>UDMhD$v)zO|iA!jz`4)=daU6Uo- z^~XWO4ksUE9V0}xAJN*r0=L+4F|@XH!R8*{lkV*r%f{t~gA9=kw~-i)9gq+3M9A?d zqrHlXS$#UTc!A2B1!=-XjShD__}! z?cbyBN9Pv0pqooPd1aWGVf$|VjT_jaP(7Mup9a^eFFcXB`DjYp&--KtZOvwf+vek& z;8>{^#jIU@FTW*UWGfV1yx(!FAKE{>t&siINcJE!lyZF3R5kxL8{A31MxVRx?;BAMiB z(z@x^*JTYWj*lZ;nOQs}41wf78CM&BM>e&k^z6OWDz!qZd$;pcwYI$G3eWoMD0a|( zahxbuBGk#*w{QT+ZR>RP{(JQGFGRzW@TiMyj2{pR=0Ls}Z*5sofnop?CE`&uWsvbb z(yT-OcH%8=)vS~5pAVw%_O;w9{wc$~;|(wOO`|Cg`SjZH)9-%jZ|9crus1qTuUyah zWc%?u);@71ZA68|mAETZi4IEbl zu3_!`^?H@@RN;TcwkTfae!1>94um|HkG)m<1uETvIQZ1^o4TQ)YiM6KAKGu+AZXUg zM&sez#&ngNfW95v@?bIFGIPvS?`!oqE+W~}_l_2hwhnakJ7v?8?#(B(*EOD3W2l7H zPOYMo8uQzo?k$>9CYnvatR%jz7I^)|_G;?B)V=CM1^{R|2Rj`y_o9zQCD(Rp44a1l zIh&_$mm%TJYx$r?MksQ$$}5>z<7rb#JA?*PO7=7`fi`bBFf9%0DSpv?8qs{h8m;C+ z>NA)131hIj2u#Lc0|CWury7=x@6&^l)d)Eedex}H3&Cc6PigZyXp2V zmp1>t!!?3D=g8UAEGMx#;NQtQ6q27M5=h=ki;YbO_hhusl0W*6tl3;1Z-6Z^$_WkQ zbt~iNd@^AS(`6@{{vL~T-9y;1H^h|d9I~?uTCEH~SMDlS@saH#a(E)w+vnyYC!U)# zv?FLnZ6y&&ukjH{sn;S3I5$^d_z%0-_=BvY*JMP~Pv|k^G_j)cz~=(1a0%55C-grp z1jUbrUcYg}5{YRfdzFSE?NN2E55L=wZiaeyG`LZUeHhw3uSVc7KszMb?d{4T2hG;3 zdG}`*y7+kv>%teP@UP(B!nuCsb*hh7W#f0oUNTix;K=M5DdqL9 z_kNJ-%)SGCLQ*&t)LAh%+M29Sa_zfN=B8>E6V923QJyFA=laf;O4^U~%wRzaozVGB zuMR1i$Ct=hgWSdlw*;Mg)Z3MQFp%%-^fciDajwK}xHg)fSl#=Qo`CS_^SDSzxr`N+ zg=vS%ot77dH-s%5MFYwR*2k_>iZfnnGV=I?yBWqSYSmiEbOt)-s*jb=xFTelB~xNH~fQ|o^gr*pHkxe*4t1eF@Ez4KVwx0IQ#;z(Wb z23iXAML^o6SF8z}->Z`YSo0SOP%i!MlLnwT>SIY*aX88A7LeBAZ^$B9?TJ8b^wbRX z>+~_#Xg#u*J3sm1B_n+F;9qS&5HWQr$P>qxWZ#V+;4QbkC)lVT-p4vnN1;^`>PO9U zq_wFCrE_dq&vEs8Hcltn!JMaWA=gQz?BXWLEEI+mJ~gy}=-~iowcZ z&#G(GR4a|xSN2!4*E=R&tx)A}*mFi{E+lu4khRuQPBSg%c&73S;;mBWbJPFCi2v_E z$nKrCbB(Y)z2}z~T@U@nqVa;aV|^-1rp#{er9tGh{hM&hC2|&7UtMhUZ}>)_swR0Z znoV@7HEJneL!DAlQ7Jzt^8&&0(MGPXlbuu85}L!Dyp)tSUyz-hyKmiM_|g!G{+i7a zO$D+kUSk*P@#Ew(%#BOnj->QHFMF2&WEh1gwd4}|k`7~vsQbI(!e~|6UHN!N=OBgy zJ!DEa0bgic+Z-1jurk-v#jgMtFA1gVkC%5?r;N5E=)8n3ZOhGRB-Ly4{yL2PY(B>- zW;`R3En(7F_G-(kV%{NYj6`ke9Tr7fK}awes{1bOG)f8`fDlB zJxzhT50vNjsnz*LNvnf{8F@+T?qgm$;|OJSKB!ZNzFnL1~gon!nd)i|qN(Dgwy15xH$-R%oc;cUnx- zYl6;0xbhK|6V>6{TYq*Z`mm^mAIh_<0TrX5lKKP&N>qo1wV+3DAMi1)^ zvxuTHIgw|{)pz<`hv-f^?IQ1K5+yl4@Wy(!AG#68SJN(hk4gAWg|`I3=$cbq>dLY? zMvodnD)ZXVX4BR#UM<(%_8KSbLv=%WGFw9`*=O}WB1VRtj1D^;xxglLYI%&CaPjbZ zZhjxc6ECY(Mbl?SqFQ1u0^3bB!VNFKv{G&1YQ|HGsDRvpVn%mDf>*HL$LjUQr8q$- z`U|kvFoZt>o5MA2Snqq^!6RC$(||aYidR`OGv(<<3y-z5miksiH?M#M4zG`q1Hu;Q zCIz{rF7~&i*z-@hWe7yqp(Us!uXfYu`1$NV;g^8s*JM8 zj0Y|GzE=NYv2Sd%F%A1uFI!~xM!^rG?40pCY;f@d0<&iP=fb@V*a6+?f7@&sk?Ysscq<3kJfi1 zr3fKkVimTITPB=tZ%;p!sC5tNB33V3--TUJyr&ReC0b0UhL*uF0Idbyvf&O;xYIWwO;ghrl;% z)ET-^H`;CR6v1@FxBuu;SNrBuDlM&190RVgvi3h~%Jt+HmvBjLNL9v|AJ9__njhy( zoQN9%vc_+E0F{VKv;)8S_uuxI?|m$b8Xyo-fvw_7KQ?qhbvkT+3^$jsPwA7EzT6J) z$lM_z=`+Lo3<5P$-CJl88>{77+bTZT?J@KtR^a)ryL6&TnbMw#nu4(#PCA_WAbd-V zJ@yVGtSw#?UyupQC{d2gkydBW#}#5+$b#DA!7z>fhsEBnzuA1}-GRbgl-u(c z(5kA1YCD320OLbNA5@BNHCz zsPl&4g)XG-$1XJ5cJNO%XQpG3M9EjQU9sr2n8{odHi9IlzoZLY%b zA)!+}!$w_6IHdHxmNKhV1K`l9_vFz9jS%oLQ&F z?dO&1wPKaJ5N~s2_b+AmUPD@_FbfvyIhEQ+9iv|tBz4F5Uoi&-;U0m0@;}4UBkqzX zU&Wl=)c~qV1lg}P;oB!LURn>&HmhMW!21{ZC#B{R9LEtuYvJEkoF0Bcs5oV4p|nz^ z+p1E&6zR=4v-=)fTH+cHu-1ZLLYXVryeF~XLH{;GbA5^4*)C1XOdgoL)Au?01E4r% zR(940z}HL|Q>t(1aK^%v35_)~H9bKdhH9-oAB~&Oz5FpQ-@-hT&Xw3hdoN9Q_qcfn zJ5eiQI%wgDV1=HdemcGOxBV+eWN&hR8*%lSN zrPl2T%aZ!dP`}6n42DO$Md|eJU-VAO4#??8Ej>UP;**H=B^%M$0V zZ$~;%$-4XAq6?G~dniFF6{wo;9$HAqy!-RJx6v)2$^y8X>Ogcje8Xp(>sp$hd6WRg z+8i(+Oz`(V)C0~^x{J2_*-{lpU!Z5-By<=4N%`%?D(kGXi2!$0Hedf#SeaZFT#h`k zU%kw{l(j$RtU3gu|I+_(JfG~Tu<|HXki%fW zA18Zdz!vhToAg>13i3(}(=r3P=RO7tHMJe2?iYBtsvh}ZGMNsaf#ya&R^BWx_Mw=n zcjZB=lMG;|xFmU9kx8QdK5 zHn`m|@=E$HDnydh+iEKdx4Li&=sp#qm6aW}1e~>}czkwDyq4=NH70*HgDB>&PsQIC z?WZ0Wmgy>LxN`!%{_XP$W8tTbnfv% z_1=rAKBk#*-LD9Sq&?}DJ_S)k1UfiyS^5j}Cb6KFC@+3b8q89#*WJ@=HTwa^(6GVd zgUsDSiGz`5p$%!_OABz&SA&_{xMg(a(g?(iJKZwI#ny#=8?%}4FSMS8g9hUPM8D|W0_(!y|=rHjr->`#??ZxSV(IxoD*bmF2OC}mAma?}F z3l%>?T>z21>JaIJGfYOO8P?>pAgMMo)@5MDV%jbu9XfM^0K#9-2~1)ehC2ULY4Lxx zzVaUiyNwBVfZn)h-*d{MA-~TwXAk| z8$KmTBlYE_JU=@+bv&$2H#!zh0Ii*tTD5O7Rfm7qX5H<)fDWHBMmKjK{uYmVzT_d4 zxK8J=9yt!7BOqzahC3SbG`fu~)oZ)PDe;X*{}tK%oAtV}9blZNEqXZPP z!Q)Zruq8>o8qP`~%Bm?nl>AIPD8{8XEQ~>vLaUnwi}$`p3<7=M9t&2`vtxkl7)p6Z zMpreAGe%FXt0Si;uCy@Zgehw?proPNpPxIsOr@^$py+Yp0Ar$>9`Ok2!*lrNqRDRi zp2ijn%>GwzP0J)l+{Nz#L;!anBDlk6AINaZIx%q?@vdF$YG)ioXT#@uMwbw2@;52+}Xpaa-Y-$ zP~T6B>-JXJ&Wy!$U7WOyU)pSW=L}AeJ5B%W3>}KuRb2|-X`*Q8qOm{1fZbE0(Cbe! z^x)s{^ExAA*V=@1?7-~ckr5D|V>|CG6~04g;z-c~Y698bvd8x!*Gi7I(H|I^Tp;@; zj%n970G#C2EvSwIy~*Pa@3~8O(%G%x4YrgXSQwYDggII7pajTn3+76UD3$h@qs{0Z zcNT`6sqhYBFrnw2U)K7J%^rR7ol(k>wEy@`kj2~~!Iq=MF|@DVl;w(F~+}vS? z`99G+Ep}B&vbGa02eKv))-jJ0K$~-YkRy}ZINGlo)6<#D%5wf zcfYLIn$2Owz{M`X%T7<)O6Cm}4DNl{*c3$?Bue|V?!r`xn%AsIoamcK;bIK)3wH@+ zY=B$M(B8zfKBb@;r(2XRPX+nD1YL7W_KHLQaE;mxW}GP5Ykj3t$Y43y8J%R2apvTW zBO6ng#)z(c`r*e@VJ5~;%1(36awYl0=5{DrjREZPflqxK39?6KN+_Zy2D8>ORXq{x zJ|hySv04W^3NUm)6^7AtyWr4((LB=27%Aa|g$3GNTSkKL+%jg~!l+eY?;PEP$Ih@K z`juUaaoJ}0q+(B|L-M<7>;u+(8$eFqf6JA4mNJ5P7PZDGIHYt_(KJy2Qd1Ufn5B>$X9l^<_IZE8WVW917Clxnf(65Us81OBfW%w@3Bz#`C|Jk{h4D+M1`({-`QI@r$5o&> z0#!&Y_3~L$<6LX#;XM)@^|3u%iATI$vlgu=sRi5e&-w(6?~ggHaUSHJBW$E}nj#hY z*m*5|*4HRkJagv9Qs8*YVxPr{&69W5LOU_3lw2h75_wICL)%YoAB;Ga)mJv&t%VLO zh)|ZTk@1?NS!ltn4OfsG`1v$+<|k8V^=>@nt3veFk$A82X5*R@I=U(y!UpSaBqQkb z2I{L{JQ#M5Y1}_6L;t~p3I550ZS1=Fr~Fnxurg7!>-~gT)b?U8IqkwG+&RF}4PICS zyLU=U&lSc~FeSx*25u#7j?QKgDwE>DJ-x?eP^FSBVS(!rB8kTP?2YPsn^_nRgUUxTGyM4Km?SmPEm?g?c13e=q zOCySf??0}N5|iKz3*wuySI8C$nwsn`9_Dy)emxL^OpX@d_P`kx@yGzJ`c|hq)4DEP zR&h-*B%KAqs7qMwYKnu`iFF}8qhRV2ncV5Kc>`R+!UpUu-UEgO;_3iXFQ4GjKRQ-g zrwAX49(rCtbtUT)VPrSD6NtLELU|+xwOu0~$@v`->vHX{kv8054mEYdps$`C#%?y} zs`NRNWT|p(&W{8&4kFiDd_Yv4Pg`6RYdRM{+q|ZJa8_T7=wR%!el%2jH4|ibEFvYq zurLd$-t8y*Se|h?^gW^0>X_tLG2kC1wDCPEZot7krZRAjGUvNAmui9{J5XJG;*475#yz9LkQZN<_Q72?CNdC@fhu=+#;#3L zbYnv!`8ijjrS}j2JYkpGK=z>n)N^uSobX$mr{_4FlCU6r2Gv3~CEf5NpY;6FCi{b2 zvY^MTgK@DlKb4MimbdCBk$pX8?#^b%kx4J7gYq_$ZQa8vW;On<8~?{4Wc0_M5x_?V z^6ww~Mw9_j_51mNS#}Fq9E7o$X+Wvo*O$|(Uq|z+^9+B5O7LkoL2i9~(tOx=h!>&Y z8ygEO|Fe_ZXdO8FXOZnOT3G>hM}P%5=E!49KK=*5H{8QPaX<&U&_80g`c^%bOOsZd z!HPRFJdRpJ&ccq{25-6`rb=d~+Y%&Y@WDWHCyf^Wi9&cnFgWG z9k%&KdwXlf$L#8Iuga3EYIC{reGzSZlZ_r8XI2M9j2z6f=v3wJy z<)L^NERMKOKj4dxBt$1yj~ zYM$NXoS9!^+-J6tol!<8#Q6}8 zVnmr_ATpxk7hHnW3CQXL_S$1r&l~AUuSPZXg`(MzzU?+Pqu5;hk_&xSeSx3vE2?<} z={L!VjUk-D=PUMfzgpP560E)D2nC(Y?fnB)s@f}tk{tr}@kLbnw+VW|>YV_{> z)2Fdf^n1t!WF}{RP-|HIT)(ssKg?DVI}!N7AMF`L5uqHQ{sbBrzHuht-(?}?G+Ir{ ze-3A6l&J@4q+Jw%+}m7Bp^P%GnH>ijEj^dksbDL1-U64_R~+{OdB^Uixy@J8C~Z=p zL@36!`JOs$qp0r`SK>pUKCe;Ma{!Cv_B!V!(5kl<8)=KqTxuISj1C+%2-^5?408cH z^Fw4}GLm{WnsI3t(5ZRevFqtnn~4xj*IV`%aa_Um{NQvjp9WOnv~R|Za+9f(ZV7@1 zYY0<({Gq{D+(P&DzrJmFp(i98D9CU$S(UVVX+cg~BCSo4d?RxTW8f#0mN4YbMjxt0 z8jwE&$Y|e&v-4o*0AqenjF{?Pdk??UD-LF^(Bt!C^B! za4DRyMU&$<4Zp6>aSKn@-NXUAhu^*Gj`wKw?r$j*9eVF5nC~)o+bWx_#aeyllR9G5 zmp5vJFUslP^dMDq+L();0OVT$=!;r>{EwaOpMEpCxV5Ifo$D3;b4^(*`kgk8+NJx; zN$yys6?GY1VW!UY1(Jejkz`kS%;h|NIuNx#vqViGwq|Gq)FU;*a-_9_3yX@2HDT+w z7cR023^|8V9S#UVYI;rW>|U;YN~U)%9Pw?A(NQ{R1QRQ?4^1 zHq2n?(bLo#H*~|<3s^c3-xoPvvyiF@dd(c;D2B6R^Ahk6c24EEbIb64y3572J$}dA zV_B1RwVizY)g%WoC{<5Vc;C=Amqq}eo=|tY=R9ERZB@{S2f!Qc1UT1d!oVOeJ4X~0oi27V;S4K;9`H)k+D%<8Buqz%1)5-HBfLl4$FSMfhGNK zmB%bu$a#TXC)?}K`rZ|a76+n1OZMLRdkKd6rPb<-@5^{L?Z`&dQ0nN6rp@Dc@GYw+ zooXKMO5qCR3d1K(K5byXK4*H!6M>5NPBC%4f##Wu3)?kXyv6`U)j9N2@wrRGDB6Fl&*EXf zuww>2n=@_BQY{9B@&p1vEPt)GakS*qxP}__Fz`%sw`eZOLz@pH=)KaPU)IB`aT*Y# zm%@H4pIOX3n2e0ksajFlQ)nMz_05$*O1Pfv9(Bk!Z-?LEmcM7V|AwrJ!dn^o{*tpi zzfWv;r6<}SwyGuceC<#`+%j;g(jA$xvv>AYeG_1eWqU=o17&-gD=RBspU7Gy2dN?D zg!OWLe-`IZiJnRdYIu zMHdEXsk*BFsSJXa_5(Y(M~aaQk4!@u9}P7+c3Zs6-@U6BPN@#d&7EsLph8LZ^93H! zQB4+5W_TLD-c0uMQRf%MoSP5P%v$`?f$hq72E;GH8nZg2>?^8oP?53s56irv#`C#* z`9rU7aCJ?~_x6^rsfRe-p^F(X$;OlWLyP6R4`(%(o6uYdXWd)7TkCFy*^;Ten{}Ro zkX6|HEY=~Oe#tzVz}~Ex_8;1Y-?5m(UZ_Kcsb*?@a5|-9xFaHeeQup<$m01li1Lp? zX$Q1%&Lk_ixcO%2DczvCN7T!bPbi7+(p_^r@STiW`E2H}K%jS-FdWr{F!Irb} zBWn)c=VwRK=Y5P4OqDp7_j{ilX++2$Nv8VoGm>qCuz|zfA|WlQ#k1NKb(W<^pInb0 ze^k?JG8_efE`ZBm_gpHcpK}5^XYHp3U8jGFY?pErMTRyEr@=Zi)zZcB(5F6Sf^fsF zIw3S57jH`<>Btyv93R$-*)72UQ0aWdzuq*PkboXBfYQUI|9f?2c?0s+WpYu34>1sZ zvo(KK7`~CK@Oo~J5zWh_dTIbJe=Q^(U?Grt^qNDY?7_@?V1w0(+(H8n#&Pw~g+oNb zMhw&bo~r?inowBuj9aFF`mop>vD9&toD1_ez%ScjTVir%7m(fQcVP50!6Xq?}WQuFCT8IE?p zFK_BDn@sVa@UZ8R0m==f5e!G4kFGGO+uE}ksFj<*S$a3PV17&9W0|t5p{PcUshs#~=UUA=}cMWi5f<3j~3BAz?IV#PQ7Oq-hX&coTMmIzfxWHIw9c zH7Gs$Bf2!1onAJ8 zL~gXsAHEGrkRfe8v5ZcaHVWOX;OWuR8}zJVE{%uM8dBRl7h`b17vwi=Tnv-!&g7HV4fVydc#v&!N^aE)3jm$cz-!O5XGn1*Ec>?VXIqaJ+!x@?A`C%ogc4tpd?1kJ35zFXTgJg7Q`bEoPWcQI>;Tl2 z8}k%EvW(AVoDMdyqYO`soRM`^9;81|2!AM;^Ibo|dHm917{gF)dT%eJ`ev44JyMXz zIiT4!XmWLte1j{g1YqtlLXbS6vB0Xm;HK*DWS478G zCtnoV97)?!(%>Ry_#Ey`OS#-@^Cndv81d~35$vj+q40e$Sp3!x9&hN%>J9^9l_^ev z0b`phwFrRnPkduX=_)ry>eOZl0ZGlOz>7SwQr!1VR@-FPH&ZmKmjXV)b+QCiZQ3UetRzCK(5YoRF(7LBV02LVP_lMF%u1)35z)nuRbUx z_7Qd6^(Gn@y^>H2bqC?x$BwG|LRb#P&r+oXAP=H%YIa8Qb=T#%0b(1G{<}xD%k)*V zvbl2Ok}A#8JQX+6Q<6{OB4S#fkGcpN9wAx|&j5r5ki+4d5pKAo_kIil-iDX|f_Z0O z9ki8eP++fhdp;ehG7UuIPsSy?8x*ivBh4dP+pfMpy8UOR@Sd98B5#?EvInR}BrMfi z!1)*lVq&pSI`o^Bkb48s-eh@2cmE>YFRbf`ikj`;7ZcEOb=E24Q$s9lxzv22iU@7m zaECV4E0bs*%MNt)cYx*PAWzD}U}#TIyi@UVoq~XsGa6H0p}Q1%ad6&y_`88@c%XY{ zMlL1BuGT8*e!zI`EpILHy!i=1#*MrmQ6NBaupBl(m0JjZNAF}a>Zl+CaWbnjqLw~i zr5=~&>E@M-QI4@W*3FtrrhzZc5cXx^8CDnR)-Nn;@$UHZXmzF|&l0&1Yz@yoFtV8$I z2>c~B@jYlx*s+dCv*qz9t#4EJJ=U>pUmaTUA0}%NGrhvwGBER0-6uN>J}q2hh3?=L zVj~O#I>Vu&(uSMe*COyAyK-_A9*-7h4yb;vw%szm>LZVn{-yB+AKlW1UpC5ZP3BYn zt#bx=b>AINo$Yg>x8iS%W^prtgoq>7tHjJ~V|6vByOY7{;N{ubq_GGpRTuk!n`jE}uL&(B)&vA;z1iQWVBqiP5@~|=ItHVJ!w4S@2}JxAQ5oGf7>tFIJ<{%O?)#1sQ+&GAON4 ziNGgibG2@QY|KQzOYvS@PDK>JOU9ASKW>0{V%ZML1Nl*Xns&I{=EZl#2Q}5idwUHw zma^;kO1-Kd0u|%Hj#GW!AJ3H*ec;s?W8W!V^R@v`_<&XR2-o9ojfe$}z3wu)LvYz5 z`{IQsR+!G-e8MF&Jy&z;_=J+H_PPMq^TIbfy2qse7f=WTR=upJknu(KU_?VYRci&8(wm%DKk8|DSu1PkR zbAO1>azcwm9UsedeqgwHg_U-rVp4#!@)nRAEit4ba_PAwmvPgW{AKw%zL;@SUfBWr zmsfQ{nDxbKYNV`AGugWVrXAT$X=kN<`3^8s!2*3NeJ_&?rT|iJ7S=!>xjnW)?oR5x zwk%sbZogtfIMXOpjy^l8Zzy$Et&RTST7+sQ=Y$lak992TWOJ;bq|1w1Pa|^za{;~u z=W6*h#IM1A;%G#%EVlhFS+SDpnTin&1$|E_v1$AQYdjZqR3nU3-`CfezRH1redT<* zb&#ngr>zFGYOMti3-SXC{FC~>BK&|FZGgi6Y0{FB+V2#LqnD!U&&L|3e$)fNlDydw zNzET$w~8is5m0J1FYj*$#4MVC8q{p^zMgNRj^8MtoL~A}T*z-N@+AUz@0HZqTA&Lh?W73a?R3D`2f_|#JT#`xXXjXTd;y%>hpv))N*aOA*Gu0( z8OJI;2T&880K z4q^B*FI;-Y4%Uby;Ow`gILzj7**S;tfI@S0xzm7Fe*y`SJ@Z3-gUvhD)wEelw5zKa zMT$TQdnN-Ubdzf6`9rjB=ArL1XHb@@5))~$`HHaMvcS89QnIw6OyDZENm+k+7n?J^DCR50N-p-6JuwN2@Nj8v5{yi#>tO+p-R5tn))32aa+eO4UOsGpX$^9*w7; zjDQ+g;&uptOSWxD43T}incf3h<6XRJ(xqX(I*QG-6>3{Y$sJ^Ka-45k`1OXXkGSxs zFig+X_SR50^{SjA%%Ga#&;Qx`7s27X8a+PMhXIGL`^-q=%g`C9xq-qKQv(_zp@ zTx{pmp_r3wus;Lf{X19~&krEZ3Co`I{s9*l?8(x~`3UH?(a;?elzjYsdA>X6RQUc; z;?Nt8(&|SUej5O8%Ny|t8V=yplTxIvdC8@!?m#>1AHRDe=L0`5wqj^FJa&A^Tgf>% z)_XlCSv{tKOy$)S^+%nvcV}LiyE!1DXfC3IrYJz&M6~FQWJ^h@THW$^l@}E3FG;`U zWMO^pbR_6Y-(-$ZfI`XV8`9J~gS zlHVLU?0L9z#i$}lA%LT+FwQ8o#N5kg96|z=)RBYAFrZ;%xRaY)^{9o6?OpZi9`br% zza`|&_*+-gK>nRKkJ&`cWoT3&Jmad8srYrW$O;}#sEsY#^tY}ZQuz2{qwI~?wX><`yx$-m zerb=8RL=VRkz;VaT?F!BT3XJ;{L=d^mJK(8n-S9yhR3t)Vduo-shg3*mWXwv%2lb( zbLU3Uf?8{pXQK^;NbKXZ@*zLQ*Spiy? z(iT+riRza8DB>Ux6DP&>oqQ|9T-67SUa0%r`;B7Zy!_T$l#m8Ksd}dg-p{?88R(+{ zN%Gr(64T^_3eg{&l7}h;#iY@4KzeRvT4$*Hp1nQzt_E^-q<_QmH~m9W_`=LMlktd- zVhz*Ut!f+FxU)6@gYEn0$x-+F885;_?cQ-5DF6xySfNHyVV|bH*Q1PTvXb_#Y{ECh zjCDDk!Uv3Zy8Jqj&ieq;uLR(kF~!VL*#}A0rS#i@H914?o(Lwr&64!aM=r40yWzREVi3=4NEKXad<`V{c?nD}O=FSi7Aq0)n{ z7?%?4p8`F9W_EPjnAbx0rMxcL?KY0gun8^zmZlP{V*0t#oD+f zRs@zFw4+_sV@n5yH2es{{<+Cd^WwjI``r4~_%Ht~O#UTUpKqz9pSNbbqyRk3M}ylf zVPGhz#@&y5MaXcbTk|Pe85VFac;6<@?Q~;cV8E`2Pwq)>;iR1Wj_(O4t_p&4^RxN- z0lNoK6pGWu?$k5%=ukBmcO{rqAf)*fXs0$aH_KI4x3shz<@S=p@BJ07R~AoKc3^f+ z3uV<-UCHy90vdx_kBYHkW;;cn9~I50z+q%LU-tYmmT|RZ;oGz-ME~8<>&BG1GpKy> z39CZS%|R`%e%XHfr%;&j>b=FWMU9qn+|eUuu6%hIMxn*dUz`z4VOoq_Zr7m;Sv|;< z!a=$1T5z;NvXfHNXalTd%cRJ$B2(%IX0Nh)y7ujWU~-UD!1m5ppa>QuV*p*JdjTNt zlGn=i#qYgtf$D-S7doePaHlOf!9;2hL^%jWjom1@y(feFW#{R}4s^=52xyVwKGKUU zB?M`6XYO2cvWv-L!?za}`*OvPD&*JXl zw(~Nd-rLokMfa}DwC~r&Q{(8F^!Wv z*8hzW`l|-|Qhn7&I|3#-hU`-u80KFCcpP;vIS@?Y8JDKwz>lP0{55QHuLH|#% zPiM~`3ZZLz;BkAV(QJhMH=J9eKLT?7--6c-=3xdlbdv4=!-j%mYGYpm=lZh^t1)z( z=?!N!CX|8S5?lU?B5b-p0HEc^vHvHuJP3OJ7f1F#V>$m9NA|yP%KwE^K7juCPjJdA z-7gQU`u%m@z0wiPK4O0zb{**LcEXXRc9YTjbd`>M0_Zkigbst<@&u{Eb$?uGPsxr# z9vMQi0ayhnJ51Wp5PYAyzp11HB=+Duh+iMKo)WX`bP#*gc+9J(Rxprs#kt^rQCv z(-1$f1{aw`F1kOHY+B?ul4<<|$=VgN&L;sqvMKqQ{=;|Dq|5E&2e173H-6>_o+w8E zca^>P=*Ul62wenx+4z%-zrX*lss?x2BL^7s6p=r|L;j92pKX6TkRGiXbAFxe%h!t_RnYw7?dO05-^Mc@VcjKeoxczO|ulpNgyQD#!!~X>C z|ASjFYYMpc3Z#zFAGV-$5wO0rf&ApBe`fV8m*22Jb^jI;zensX7f^tbfZp5YoUz_3 z+8=G~DlQLNB))t1PGC4x_8-Z?1mM@tK70WAf&ckw2*B}}bWyD3;{5YBrY{`uzy|V< zK&-zHObE*m22xP*jk)Np^evzLz0VM#{Y@qq$gO7j9b{4b4|p8^4r?4-trY_}s2S_F zOFy}O;D90L`#L`Vh3h4M0s}Wx_{a`M^Ak77Z~ZHylNR622|Z%?1GB(3t)2~ECuTAE;5X1-H0Hi<4DS~7;xb@n?k#AGKOhM|a%5p%@$Fq!bx)x(S$xUpzp zm|v(nU?6B=Sx*UUQ2-|OwosYHZvJI_mvSQCsVL5NZuhr@ymj{Euq|nBq6AaYR@}-l zakXrZVqtpmnXZ7AQqXXBY~vh8m|)16MR2sF#;o<|9qLXe2lNhK^_jwiTLey z(qv%rsiyTrj5*}pQWoo9holDII)AVRg-;0|J)9x~DPb=~FTbQ6*u^|f<*Kx^*O!}v z|H^|9r0lDuWv6djufX0qui!_$D0r+gqsj-DpFC9f_7=0#9J#ePBQMpRxmTqf z;uK_Gp%ZIbS=nQi6aAgSV*6sB7-ZlfciMsVq07rV25b(y9q7HDJ<8Y~^mOw1r*s5T zS(otT3&6nD-+uG2GzP~00YfowO^VGN`!PB*c=DC<=Y&r><)Osj`9?;jmRjY>YD;&4 zqks8{R-xccM1*I!>71k^waNCOqHc>{*G=2K+}($$;hY(%vjCtN>Dn17(~hqI5XGgQ z*IUB|l6IZ5vgb18{8B`$%X11au$|R?r+qThzE1tZ+A@o4-@C4@I_9x`T>pH-{8qZ_H|K_{*Z{-zIPH5t@S>^N=x(m-(Rq0Yo2VyxV` z^a@wY(muv|FATcMX-zSO|IN*Re>(2Z0hX7(l_hiX2LpZcz4%0V($~Up=I5yPKZuEg zKdp*~YE5pLck0KziHcu&^C#X?P{0-z`JCZ?F!k*8#&D&cNvfo4 zR6BI0c7Io4r)7V&TQPNPl#*&a8kG6rOtqn?TtnA zqBNR+=Aly#7Bt7iIg&+Dsz10m)){ymOPaRz{L5y81yuQ1rC!R-{*ll;|048|@zSnB zssyRYjIMe)oU~B3KQD)UZ;-#MSkloDCvUgEtVH#wzj~)mY2TI9n;TGHz_qL{0}hN3 zvwm$0Te05j1gy`6=oLbAzV&1D=2qOQAM;<<@NcGZUpOE*q*#XeC&8;P00gf#zbEiF z1b;z0b#+X?=#TWy{TIDaYb#eEBv+q2o-F%r9>_=)Zm=g?)diR;z5!&y@O6Gmd05o+ zjOdWkUc(sM;uVd+1S8@X`geFBtD9I4ArCudUNv)xW)mqqGuOadTv(Xf^+us@d;Nlc zxcwKle;qi#bIR|>=BM%l4l(&UWAbB{!IRIG6G*DZHI5A&=RO(w4LEREn1eD`w2*e@ z1Ldj}nM!|0jVvyjWe}6KTI$E^jen42c^Zbh4)QEx1UGb_RnYXn1;uBy%-ssBkNKyL z$!W1z2ku)hRXCT{U$z!0(G9YH6PdZY837r3oBYx=)#>l<^Ye_;cLdnuvd+uBpGSVz zvnOh2{8Y0NG;Y%Tb*I5L+6NpHF!lEwg9k)&5g;+*lJ+Z}-e59%2`A~dB2$Hb7b$vK zxF`PCsh#~5h1%I1dMEDG|HQ=75ZY4?Tyj{h<3HBmK73j^%VStXnC0j3@dw(AYtdv^ zXAd90kJK@Pd6>SA>+`T$)qk@u6sN4p$}tA?-rJ3BW$t(I_k&fP_=ahC=o-Y>;{kx<2=M%Nj0LB)V+jJ%Tq*e=nNXOAK^5Vw% zzeuEV;>80En6CVHT6lbLXc#dw)WD?V6sNdRZD_o7TjBf1_e6pO&cYFA0ZpoMB}i7q zp6H|HP@=XmEq*}QT3Z-uILdhT0Wgyop_Pb%7nRn1@n4@mXMBO_-?H>O zOa5ys*1+H}4(n6CjPyS~B+YXmY&=E@GJl}t&&w3WVEtizvdiTWff97})y|eV=`z29 zPS{J0tn(*YMj3hJ9Y{FPhnQ5!A*_gbv1&^!wo-$M)R!M;Xb6_yI6U#}Kk!?;DZp$={z*YQNBP>d4PU{^d)* zZ7|;QVCl7z&wt;F-@(?@c<`#7Qzo0TXd?Ky<))@$B7P=7eWb!L|VGANVOZufl2#?>6r+OOFFJ~v$S zG)Atx<2twXdd5@9ou@HdHdgYbh$>LujZ7t@NW)ahU~Q(WHX|^ucZ@e8rGhrT+#n976QI~u zH_0Fqvfl^${p=}@b%rXk*}ly~o$)>QtJ31hHvM28qm-LMZUsf4m^otQaFvI&vGYW0 zDfyiKp3hrkY$E)3r#bYeFGus&kij3k*Vb!*Z8&7fdF$t=TIGS)F$gu!`pq^y*c+|~ zQ?28Y>$`0+J|A9YAY4YAm=xB0D~QqFJ+S#XqDxl__}U9qxmqe*H2?Y9Y!uvWWJc{* zx`j|SL6apbg}Bm6fl>dN&LOzVR=Zhc_4Ev9ap7gk(HS#2VPFxlGKV6?MmK%6pT^4d zpsrJ+#C9YL7?L_JxPOxIbsL0By&wLfpuG)tPR4(q^T7_a#{|59UKloC6qPSAc0x5@ z8?N(0FM@T4DoPDqiziRZ+9daNW9JV;_KS*E47S^kJdJy^>a&-%e(?+V96n!_pZ|Tn zmbwqfgS7m~xo8zSI?pvPC)2WR?gOwYK%a3q$D=2js6`R%=K=FsOgrJ^l+P8&U=gpI?pKj? z^-e9rf9QzwSU84OKdoum(&cNrWKTO8PLA6M&Cb$yKRvjBIY*nL;M>T!vb(e#)B5?Cgi{41dHEN6^G+;Lob#pj8yzxa{9tme z=MF#-LiYTKY{q~X-KeVxSY--sDA4OCU6i5ZrGUFCP+>k%5Z zE~LmlY)T9Hpb|UIY$V>VXjRo`WmYXbwlK3wXO_%Zvg(&9y|C8{0EqICzLp#I?rn0Y zXN^aeyPl+Zi)pycdxcf1ABW&IATo+Xm&R=49buL&T7;j0U+VIGGUa@akbP3Ye+oUG z+MEC!!p(_6ug5<;S>;5)Wy)QCr60?FO#GCC_~<#K;nn7t)P>%bjN2#j?_@j%Ahs`; zDl^iYYCRcjlC?~iobmcixkO7aUk~7_ixa7@(svevaYn@2YVbTCsef-!qf{j;!8*j| z#WNgL+u*1fq7eTjYWpaQBGY`-H-kc6T8_7^`lBz8`yNtNozefJr=*H1SIuIQb&z++;9=ARq;Q&!yZ;Do`>@tU&q+&~4zl3_cKWw<;GnNjDP*QR^ zaIkM4rkeuJZsY)u|LpQb7$z?g0w@-jMdUghvM8G$N_NkuLL z^Ad2NEIUt^;xzmGJ@u$` z2>v}hfI?2GG6NA1uH7-&K6;$jck|4yvWaZ>f5blGW2+b?`$D(ZZhu|G!z(=|n*|*A z09`u7cS?53Nlk;l$K>NXS-(^yK65ZXcgOof7v^r@bn^&2aFR#PclJYcbuTu2jr>4$ zB>x)WqYb)bsG>#EWz0U+5~)LCYcns1Kq^Mm)Z56pfB%5m?zN+EwJpj}rpVY*oy8qO zib#MCC?eUg%GuUFX5p3dw>`Jv@@_>F_=Pqfa!)&kYqSgNHsY*}U933c#yGzn?se3} zTdCxRJD>3tunFot2a7qjgH0&(N9JgS3|y0EEcI5y@k)M%+qA;QpJZND&Z zz|khaG&)5?|Lpsl;A`?F$!%Hz(=!UOJ3NHS{rL6S{^p|_E}#of6<5;Lk8}H!o42^u zG7gfV5yk1%J}$1gN4-5)9gXh?ECn}gAZ@N0aDpD;@|{advDwc?=BK0-tu-kghhGN*kyVf)@8)W~Uttt$+!49F;tI{VKE(vj9Cz&++U6y2KoJ$#9 zDn%4RL`M8Z6=k}$BY$Z>;~?(Mz~PUXI-iu#Gpy+Cd_h+Z!t0I;(DqS8RMopNh>vY! zB0f-ceHcg!y%N_y*wguN8(tzB^b6i5=kkB;Jk`niM)8Go=XR*AOnih zHHlCb5MSz}{_(qHfpLHj1Cf05E#`u?v3Uuud2z=zv6g*ac9m@u_9ehsdgjCaCP&GY zknqyr+apR6qnm>o0kAgVk(1p9G!OAGam0_rF!v?CY z@(xa4!)HW@Bhq)>v%4YOtaVr1XYq2>fIa!#TQF|*9;NI+)4sl$o=B>#-%DH_u*3nF z5|t?OuHzi}ylgjkpEONo+B0R@=!>_vH9-^wyt*U(-nrsdhvY)VG$%x`g%e+Evy%QP zx|J2GLJX^yb0B=7rfRQp5lf>#1{k(plxJ$Veg*kFBl1z+syVi;L>2Ak>bmv`vlU=J z*qp!WidYnJA|PVnVb`HclDVTB8l)LLCh zQ2CC}t0GZ3YU4FBPahszyIkT;{G8HNTVfc^hHbdcIfTw-ahxWzJCO)Q>3Y#E$dUk0 z92Ikz?3c0=B>ur(j&lkVR!c@|52O}L;Py2K9}`X`SBj6Kz&ieb*$vovRB})Jn3T6a0 z12!j*l+KDm00beN*nK_nVqN4&cTiAV_d7RG_1?Ui{0pSmTYb{{*N(EJG#h8Zmo>9F z@74KVe@F$!jSMB~C1ph5t)T<9?`>9|i{nkgn zNnzXcw8~X*;4nG`n5Mm=7o|B$aUiCJgLQ824@A+-B&v~PS~A! zo8(cIvn%{mj_~rjLR9<2^VpI2poyxz6~DuakqE3nNLV$xzeDf0vHd8vsd}5Z|VdbUrKCHuQ;)XRFNKmF1KS!>& zNTzNi8AeJMmC8!#^29%@zc0w;<(turbHG!puah%53<4J}pp*{$SvEV5rA0>x<qO826i{z-G>Nc{-aqWtg>G5!lcR->;Wd zv$qkWoV(}sl;da4#Q!+!@NtU)<_y+C7TL1}2DBVG`iMwV;o#xjI%lzK*OijUWmgrA87E%%Zp|9bPB-rLGr*KX7M;*XqXN)d|Z3TIC zF);q{I<>6y_8CYcR41vm0d)jrL65t{<{)I&QhbDS)zWcSO7>kgiyM@&#cB9d@GWz} zSC=oTEFXTekoHUu9Fj7~CQBT_DGqb7ZAuA&ickw*hR{xYUfJ%dDto%Rk)cfZmb z<8uNOMHACp4U5uyOJ-t{8Gn^y*KcpuojT(0)Kxc^S>}VTt{ZjMUDseJu5i?)H7X4w zYRPn)MxGZ{$_15>&kRi@NX;va4SWau64`MzQXua*I9>EP^PcHB?3tnlM%_r*Xe!x& zn%?^1T0+itbwgzD7fs3Yi6&Xun(Cs-r$oY4vEY)OMSyeA1bv=3t&N-u$_EK^{scT*7p2WcVqv5}iz26gg`bxnw+XN|^nC)%` zr=S0vzob8<`z`%&j?sY(Isk7TyLTJ@Qn?|T{*_2K>bN;0B`WF^{e`-|pi8tILB8yF zI>u|1VgF9+0tC^sLwZYZ4OwT|Q)LuzHvCj~TZ$mtBaj3Zg_AxL zbfyb0Q)lAK{29(Tv>w`6W2rS`Cw{EK$*d7)9b18uI@NH&BZ5Sq^{BPy3P^^ zAu@P@#LBv-J_LR1d1(F-iJuX{$bbYGKM|Skq+Av`ACAyJ_N`;;yIch68?DP8k%rXDE{otVH^^HzT&B}De0yDOS~7dK4%f1%yMg( zvQk+0N%c!=uf!vu^;hoI4AZGg9C*Dt?7VI)iWocpP{HCcjrwEX)kzWcgkJ#v?HfOQ zt&P_dv;-TJc>o$Ub^ny%e$UuIK?b9}`~9nmV7t7@rct586CRjiFFlgR7%o7dPJ5mZIkB5?(i%&!%zHi^tj>_#~UlFY#n|8s127U_bLf zU+Nwm#U(RMFSD9-z3$dF7-VmpIUqVVvN1xp5NvErB#_c@oU358^sK<;TjMBgTvKwI z0jw4qCN&x1TpC-&!=VcEDW;O^zr$-|8%X-j*tzod|fz%IR}ou1CZ!FH3NY#c`7M z-U~Oi7@4XrF_{%5hs$j7)-m_S8ROCF~qPmr=SZzCmH zxgT}CQfTvX$Yr7RtEGlakTA*luBtOZXpDrqzNfaWHg?JL^l8XUxB5VhZ(YFNny@@f zoK9VPnONKSFsl7VwQ%C><#&c5E3;&E*E5S91kDzhSr7bLa5(u=wq_ZWz!oX(_90-;WyJ3j zTgi~)6{*GdbK72=v*e*<*@PG@Zh!Ce32_U@3O5!FZ$!`tLH1#MtrQGCqE0D{EEvaY zJ@ATQ0dH+=*Mor=>-?`Wx}xk4weL#$1BF~0LxNnw`LLUD7R0@A^$dxosXiT57Jk!830 zzyyz0e|ROWx--u#>3}XCKE_d4^o&_BUwX038r{nSn{YI|9?4a|os`<8v7-Mt%6gcZ z`ZzO`-q_Nw20YuN*cJf`qKvm}Y?Hhab1E^i4Z2E;{k!CQt0t9@bcOYPFD(W2`uOh+ z(L5_LmMRIi&!f{GTqJ&~_3ttZ z*q$RMIz95Hf{g{apmON-$@}%J7Z&AKpL<9K?atk1Gi~*4pVE@_Un|I=9utppj}KOU zcf65?K_(VwTVj^+z!S+J;(goL56`)!8XP)r0ds?q24pA#{wN9a(--T)CK#**@{N!4 zO+70^P&=~kv&l_2Gk&gz`Uc9pY@Zu7U(mdKI%M>vsC{qG)N_%WAyP79x;!Hd_K79+ z_442Gg>{;$Ut&nzbJq9sOP_~cEyJpb#8)D6?D9-IEqX7rR`H8RDp>7iohrZCD}PaF zS>XJ$(HxO-6+8j!vn2Nz?SGxZebe=8>~bahtLdhbL|HZ)?!*h_p4*W)Gfb1GJL6cv zwLMS8fkE44vxvZ|{TIv71vSAt$8}r>BK9w*uq|II=6%-yUZ#mL(a-iEb*(w(#38w2 zsU8!1WN%Os$b9lUx~XLPFy^|<$M0sV(_ZYZTC~!Nq6tx4Rj4ph_N*{7aTd=c;tj`D ztpwzg%^6{A}FXaKKFZI{ZtdeVrw-)KKPf1RKU++Q&j#TD15$&V1*Z z7pDJdx){uXKDk!&BJUaggvMUmFA~Obk)jvB920py&xb`TO*XnCnn+gjiYEO+mw*81 z1em@k!iJH1a?)9xOT%VNY0`$bjXDn0`fj^VGZH?yS~Cyb%8^`WNg+q>?eX^}HvT%w zTK<_{n)SR!Z-z?ZDLtCwJI|9U@NCDe%a7o~Mds{QhNXc$agHs-nO`>)p#shUtxVZUYg#f=j zD=sCk0}tdZB^{Cp^J$Yb|EBf~iCsJSy}SD(Ts45*y3c8+p5;B*=L_cu5o)fJ_flCE z{cw13hSUT@#$I}I0_`<7MgknS&qgj^6|_V;kDuJZ^9f#EM#BK6grehr(VQX4&+yau zoz98P4R|${Zy&UR%9=Tp?=_q`vF)n7evyBuJ^)?vdPn&y$bi~s0f4g`Sc*0?{B8R5 z$5F7(;!p|(egu7FVJNxr1u-t zucWtm7L&XZPHHb=_gibGlF>-f$nRO2XZzmiwiydc#NozXJEM0-TC`B9Zb-P$WsUlB zZI|Cu2(!DZf`o#EuvX^FYhNNR#AKB}Zo9#*eo?CB<1zlW;E_x!0PCxEs)9UHOH}77 ztKWDBUF#Lp+B%cm{b7$vuWO_Auq#s`U}I1LU9Z#zUK;HJs$%DN-MTf8L}3yHLWat1 z@~Inp5s8xdF$zr>#huQ;fJ>(wSjYJe2j5{i#_id`JOkCrK>*g91)&jEd- zyl*lrfBp98ZVA-C=wptIZ(r)>I(FIfDx{r(JEUQQ;k3icdDW0`ALr3)*2$}$3m135 zExA>cCnxEWUNENPI?gz}d{jz?tqtF!poD$0#4JLi#Uj|#zEj7kK{B4rY_b=$htDTy zI3&5hFosR9v6O*l<2hp;>%G#_IqSyd<*j-BZK_=H8POT1HE_pvj&&zvFui6(H5oQ5 zde7kj0)-chsmSmU&UYB|5st7yTN5^S3$?Sx)%hO=yp_lZur_s+a~^%bE1P)5zkSjR zHZR`SiB2+8e#>W82 zmTXWfnJE$RwK;cuKi@UEMubF;Jzh4uynXBJ^|$?%7Z=Kgy?rxgGs;Mciy7QeYW)bb zl7k{M(&^Yx*z22rQ5?1OHa?bSX#glJB zyPt0E+_J>IQ;HpXSA`OquKz}AA>5;h8Mr3f*LTx9$&nm@ImTXdL7W<3*|NW`eZ}%+ zVnf?C^>4`8kE3oQo=hwHS?9-}@kjZsf?pvWE{oP%pRy0yl4mb@f2$GExtN+ObX|g~ z!!aPjo6t!w-k-URB$d_%;&eO-2O^kgarNkb5<%P32O@Z(M~JkR^|Pio%Z)|?$p77z z&^_!yKd_9U`lw-nA<3TGMK|GEGa2ye9J>Iu~9DpBvtIZvEZ zABZ)|I*nOw<}3xG4^d;!&AmUoydxbqwzF-#(yMW=5b4J{!-ZXc-anH%R(+x5ePja= zan!2-^%sl->A)sZr1FI`oMES0F9zSH7oU$hds@~Y98^~}8qgD@U~hXm)6KBN^|{wc z?j95>K+c<#1AQm}X&0IPl|y#84|bX&ydA@D*+?wPQ8KIo zC6%!YjC!5sXH{2Yi{k%6LYCUU#fO2lfe9j;zR`1OiE}}It9~`lo@m|d;#J4pdnsbd zRetfnkS^Tm7`o!py=QUp()6Ww34@Q_yBW3CnAx)m^9I}kLSoL{w>l8oBie`|^Jw^V zoL_!u>fQVN`;gb%C&Yjsu>OqM z31}%#MAuEHA6>bmr2?*74IX={+>j`QIwL09^UOJh7nYLl*SuL>Ewq%rapioEw9Oak z)L+Nfa`qZJUx}D6W=HVqMK#B9I@@Q+oY(61n=>@8+pPTHWI6}h9p&DV>U@>bqJZ8j zSsXHOR}smd1Y&=(4?EP=4dZ?jIcJ~I88xxFSOaxBh8saVmPl{7=!m!FhkVG&w6PUJ zPti1Op?VRUYLWMR*t|^p`iX#J-Ga0n=g)mTbVT#q{96?2KoMAYXI=uwxDF<_7r2}VpkAuIb+VQsI%~p*f2)@HV(LctoSNZDj z_Z<=;1M-Mn&i+0n&kS&PtqhVZo+8PD>oJBqHs`yIMY&uS33(bXv`M0F*7Je)2}!!& zSJwzf^0!3gG}cNn=PiveDcXFQ1rlslbe|B`)$W- zO8mEd=2giVwKX#toQNdN2Wsd-wbs0yo2pmk^#sy~M|62pSX7&!jUg@3Efn}es4RXZ zrgm}2=fsz)YRmV56kXQ^0l}+@NyySZ{3`<~R)<;t9`I>G!U=Js>MccsmcSiZk1+@K z_s)-5n^aoL4q{KOPmv?Y3F8Vh|N#gkD1h=Ks9$Ci;Nsr zrP%H7XbAPhx6Vujhq1E(y3SgD6JHp(pRKGK1`-*4#ET>bVTOl?muPFwAq%eSR)0ln z$O&F9tO$TDH>Akwc>QJ>_F0JB`cG7#184!c3_$Fx8-BcA>h>&&_Hd636b^setk`ZwRm(zI*8f zxrEEA-_e3L?0LI_@8)rePQ5QnALB*rBS)Vtah3JCOvXYtzLUbF@YV-z=k%zN=oR~} zIJ)3lfY;LjW$VAxGe{zzW#io)^ZS{D^x955_WDBsQI zgt+)SFku6)&FfNV;E-FuWfm=+qV7Rhi^$^-v}8Wu($|&lxgu7mD>nzqq1v@o;f}2s z`l~aw4xFoOARWk@b;wxtRAbZ$aql!eBV$6XHheG$I_9}Gd~(DZ_7%ApzQq*L;Osd! zv(5WHWmx6mqyRbZOFV*(KE{!u zHs^Y^N19YDR;)w9Zp=G_1Y*o;*Vb{Cw&`*{w-@uc@~OYBG@a88y?*}GLzkiXoJaC6 zqoX|9g#`&U#I$sOt}~@psOF3yJG%-PkW`Q)ua#?=*-&S5^Iu1HZ*3M*TZtO7~-JW15UtR(t$M{aQ-u zrNKM9tCg->QEA_%W6MTg5KW`*4r=)-p8uV3<1Yn==Oads(;3wY9rIMPMu0)1=depm z+_(;KJG4#x#O5ICj3u_*Qo9yvHoiD8E&ZZ!RufP2U$1N-iWBX-&5;sPN?5`5|)#z-7U2Enp^gv_5xq8s!OKK!zTLR4-=T^a1#Pn z=HZi^w?a-)h@$TKjI{_Le92oxSK6Df1fgU zUPW2o7>#5$8`yvF)$5Z+fH2sSD96A&-S6rW9L^hC%B$XFLaNs*9<9iq4JwueAJ-m$ zY=v94`6LXO8{m=l&rJNUTTLjc~JEz&n?IG%9gIJ8lgTtv)1O@nVF% z<(CVb*!CM*7X)e%64?Cs9q+FapN8?`Q$ZMQPXNdjo^T;taE>yA27%C2s~7b%^BurU zb1Mmv_OX}Dyz)Sp4sN%I%*(yEdW9&Yai!;rS zw<`$P5WeclqW*Sj0PhFOT8N-4dMifGX}z}|`deu%v70{d`t7LZfUg9lKAnf zb?ZyLn9`I%(YE$2YJIZtmL=q^mnQEw+N0$ol=jPndXnO14|^QdN#gN zg}hxfIW8_Krx7G`Cjh872Fbm*cD?&x_Wnr!5snn+*?!o}GdD=HmZd^Sl#6QcEp}q3 zNIoo5fX5&8$qdwO{Fq)wv4t(R>?I34t%3cTsPr}#IQwR2q_Z2jGNC>wFL_LQchrgR zG1}n*4RN(w$29un;vZKiy4a-1VIbf{-Nhc+L zH%G-Mp9+EvB^Ueg`&fPN=SQ@?Xx<@dIm{?M8$8krw0F&;OGhd-zz7dP$nm12I}yal zP-|S0?_MLWjGd>6sBamPbMI*Z2^mXxX+QypGf}RUxB4Z7!7n?!vG5`o-7|DWH!C+h3_j{JYZYv8M8i0vhe3c6NSXh|WFdGgOYyvYs zZ*MaZ<5_88jB-p!zX(p_-EQ`Qc{Pn-_dpn+Bp+0F%*msx{s2d>nFguf*X5^RZUe>yIkD9w&>KEsoCa z-yDzGgMG^pY=nI4A#PN@=~!t3ibMrsy&pY!s3G8cEPYXXouzD2gveAl{jKmbc0GJ| z=vvh0N95$Lwj-4xyj2pc?+E-%D%dVhG@GR~}YU+=VAP;t$fmAg47An5L0)yWdPHVf|t?M zj*^eJk6=*2qFVj_w}$~k$7NU#Wf>>Kv1R79ffwTd+56!;2QkwPo0!Y7l~d=N&cFk# zV{LaNMHa8HGhUl0*+wb}SA+nH3vyR$*uwTU)2X?y-p~BGi)LY{5IK z(y}vYn$CQzd&C2)q``41w_OOI>TsajRNrewQqXK!o40TU8oR^F9dXU`6anY~* zOQFOPH4o;NB%5)+oNXzca}T1-fY3A(rCMed|1xaSU@y7Scxs9JsecusqkFb!!fYel zs|V*pwIZK;=Y=YS>T2raz}!CfbVr&2UH&Hj*?BX%5hbu?6WdrKDD@Rf*W0RfnxkV8 z_}kvoBCNwnz=w9X*V97yT$H;ZRhuN~4$Hha;uzr@5+eArGP0p|NSb1?ZX=C9#^G#9 zdm5_IyPmTon0xg8^bQuC4d#MMnG`MAuJY9xk6sD%oQj{Hx7_%q8aEVtSSI3= zR-yoY(4d92`~>$tP_<^0Y$=Np`r1rbs%b`>T}T8 zC=^mSIb7wu?7`!|=|QNlb-uSh?1iZ?&^?z9Dr&5U?koh;@m2vLW`SwMa3G-4?_Y9M zZ`6N$5(H$t-aDdH5?iPC=y)gn3l`KgR&C3j>8V!HL4Wjs7M~5i@v>y)o)*ZF5{A#3l->E0^&TnNByTy z^)$t*#H^Y^<;3nEeD2Ofdf_%xhRg3xF!_RG$XNb=0i z7I5&!Mn!8RV@)imrCy{+tUl3rpiG?&hF{vtvOdC40rZ(#{m)ZIZ=&%-nNG|hv{ZhT z+U)PpmBNy^B9EB*SVV<5C^YP*daj*un#*EsV?j~X6)laE(nmocNU)G`RlAaVLC57DAG08wI3%82B}s5PvJ7hKTzwW-dy2Mt zY}-A#e)$~OTe_VV*Md5XTc|ArgAqbNE=DWHEQoe=3P|zW4r~$K{F>&u_E9Uqx(#=* zyRNKD*RcbPJFEn?ao~NplI4dfvxVg%@iFvtgpfOw3>A>xQThSLu~}Ft5D}<%{U~;$uhpQc(AfB3Y^T~r^!+?~tvHm4n-UW>59D?NaA4m}v}+2B#t*%G z>{uw3t>3vhVCa|+WXtw#camj^)9)CsTz{;gWpu@|qix`=QrEWVGv#v>;UVl9YJzKX zkF=RPT?Qi*3yg`LSsptZecfy4UIQh&;b-c?bjiu50me0YwZs-F^Ie+(Q_3T=q_W5D z%zngWg2s)bL;5H9&f7h=u-*IG{24{RZw}Jv3=fNGQkKYPrs%6aU*RR-Ax<7r?}^uk z!<>$SP!aqs*N=zV4~3;XJ=azZa@GBs+`g$BAm!%d?nDHT5JYzdpPNuyxk{ycSuHn` zz7rI-gG$am<-@(3)LY~SyLtO9ID@Bhp`8M+L7-W3)zs=R|4LU8w{A@w5YlWs-Pnu{jqrL5<&Bw9m(%qpYmDWq7CW%H6=yG9H^FY8ft9B8i<1eoSJ zNRjR}QW&-}X1?MV8E-tm_rwNM8LE~tPR%#W7u76K)4PH2D2N&mj|n*2@Ud8~M%8@b z3Ul~Y=3LU@ZYk432f)7f_ptN&4$qF|o7VI3<>=ICG$yfiwJA+}c`bP*#|S)` zHS1U{%=${b(ddF~IMZqv%Ox8`$QdSU@4Rj)7}I`}>VygcDLd`Ua^`ILgOfbEOaf}J z#xuLOb|NFw-K5JCweFRjKh|#zeG`Cva@xKy!enwW7L=QpdhP92z_IINT-}rmSFAgL zkQ>X`eSLQG_BUj+u_#r_M>QPfZHu(6VOk)0!0aFK!iwB#cNbPWm}M1%&0VcmddL+K z@TCN(v@G)VfJaDY1MqW$k#oJm$Dp~RZd%3V9klUv^8p1`Z#3LSsz5AYMW0bG_{_mD z6X$yvj{@hBeAW?70%&yBYe~w?P8`=sFLa;pnegl30VUA|+%Wc@A>r9! z960-k@Xf3{rXI9nC);L&P;=V4g22>y8ls(IkSJrjfcMB^3S_8 zUjRDaVpxI9kOKsR2SMJukxU$rZsVRBgiJD^sy`p0&TiPImn-&JAJgP`w_qv*PLd^c zbXY)u{5`@-s~G4LUlx&9U3C8P%FTYGji=9(_r?*W#GLNlb3tGESJ)|ZTq!nkETNTC-D76BPlFSTRTkoGHY{ja>=#Jqp$>H*HvoZ(C@ND z9%N!>)m3)=^yFKJhNq7F!@SrR3*oaTD5KwS`y3V%q67}OUG9Yt6%BDl@pb zPg+}>E)9Mt6_YM#Q5fD9o6+ogiSV&`Kkq=WxuDRt5^#T8BAhE)UXj$Qg|TV9HxvQB zKG=+P*meDA|Fq4=bv0?hKojme{%xvYepp9%9Z1c%iiT}OggTT$KX_aQ&cB(Ktm}vY zli;pq5TsN}%S6x%Z1f~cbyZV>-Soy?+C%oBG#@O(Dy~+d8JJ9MIX64%S^)QW(F8wt z)w{38W!)!u&8b1pC#eZhRCG-zghnZJMK?kI(OW+vsZJ@hYMdw@kXN;`UpdUPMSWqJ zu7Zthx+9{DPSAU-ow8-Rk6m75lFbounwGTUT4sIa*7f;}{tNXwH4E3isfSl0DLMJy zstO)lci7dP-4J8xJP%LvzzR%6#!61?cTQ0^=e!|x^kSdhm0+Q-t3h)n*=}duKgObT zp3p}KS(M06rk^mEofvLyOsi&0RjiHCUNGG9(lz4i0y5FJ3UhnLU%ry3t(a4YO}^7< zMGK0@ub+?K(CzXVeO?<4RKHK3PwK5Nm%AI1aYp#YZT?re-^=6v38d6wrJm5nNh1>mB&h)&VCCYSlxWW1a#9T6*>|aF*ND7^6X%pZ zpY*wLod1U5{$RuEOx-z(Cktvv&Sre9C&<3JSEQcq(onvh4~^=<pZ0KYnrd3V=Uj zbHeyuI7Q^v?Qpe^D_9u4{dVN*3foN_2GtTREmRTf`sq+o<|lsO;C60*)nK%n4ye}s z;&OfsKrP}o-H&n@Dm}H0pH20ONtL<8C#k>uHl)MfT#L!!yyndbwgO=0s?#OFq+`5Y z+H=V)GUu$8kRfx*SyBMvzE~__%)N0}uITkrzqt0yrFM-DEV&Zl}MPdAhs0 zkcy9SONzzZDTHraaFc3hbnPm!$(lP@wCflLuC1({69~CUeK$38(#pn}Yk{VXQ7zL++A5MWwI6ZW*pnR7%w^ zDl>m;t+sM=^Mte+M$W;;P z`F?FWzx{^S2x=r5U*C+1`@$lKPCG1cL&fDv>dZ|MSDL+o6I$N%m_~#HD(EfP6yco{ zb-S$HWXJ4oPtChZrXwkSu8ekU_2w8tUctarr;?$)&B?Pji07GgZbrB?)y`mmE}DJ~ z>T6G-0(kb>-ss93w>Ns{Iim?oEF~7s$H07N@`;(mRzt@$)>!sI#l@+EHj#KyPt}Ct zYJQ>C-I~Js!UX5edum#{+0eoM3)ORHx@PO+Lt_XA7#&CBhkY_QaLr1p9;FoRbe)5j z69$2sZj^FCmn-DHWiv&56@O-b2UTDE^-X)dGTY>yKDJ~L2AbQ>T$HSXMkI7WFJ^D3 z79tXH)9mEF)AL42IIIADJTnFX=8Bv+w`x!w@P2?tkTG#_dkCde;M1bC`xKf`>!o?7 zk0;{ku}a3i>!uikx@I{e9isnz*-^GG$y~#NEAf8Dd9khw@jS>k(+8uV1BaPUQB2+< zux~J5RfBl~XA~C;7YlMHF3L`7dGv_5lW&zxR5nXcSI9oT?Tfyho`K_hc*YP5uN{g% z^g`pFipu;F9HimiSbMqjPHE9h%SmOVBqsF`&koB?xjhM{O>%lv;M8*1%@DmUiOdBd zPt0rP^W7j8owjK=QFn-OZ5+I*n%GZ5>_FgA7it^|0rmzpVdmhlKRnzIBk-4@si4xs zVkitSRx(fpH{Lb1`_iby`>R`VgHnmHkCiXP8PWS;GL>;x4v5@7m7uX01jZ9L_6Rt6 zS}g8hz_l6#q>y&Wz`$EOvrzus>`RM-CEqOWXl1jucBS@bIV_4hl5>PJLvOXRv;KYUk_4u@Cnf^t0|k z9=?-W7{N`QOM0i&!QZbt-QN!zF<936@HG1E+j8f+EBg!9=S`Q;XrFf{>?scP(~6$& zQgyQzz7`+uMNggd&R_)RI0CjCOttX@}yU!-a zpbI_PKV6ja=kcu}i7Cq((;Gli^;D!U6hzCp3S);$G=+4Oj3*QNwza&{>;##-Y-J*A zU%Xw<&r5zujPYbxkhc1ygVF}izLTbYx#*K1&1XLw@l{PJ9y@pV(StKB;>FG5KMildVioW62iMVBB#{kq*- zVU^L4BGt)s;)17__L$$d+l@v`6*M;Se*j}$xmSt4(lhdM_L(#&Z@5YW?qq`jSZ800 zzq)XD;QLIFJ~s{BUnK1Bmkbw>Mi8QMde67Jp)^08((u8lz%&V;XYbzJQanU;Um^Vk zW#qYEV)!d$vtB!Ri&iXY_fyixgA*9eFK1l;imP^LAKlcqCa@@52*3tw`1PgV=5#~* zah|kYgX*t1FGl{wdEiukoFRzjC%oyO-+K)JiDj0`u=OUh2>HKo=xsUn6Hk@pC!Q)r z@V~1UfCi8N#E?sc3_L&YvPc6ycZeLP`a8&6&?8j*2gjw85;tMDECv1oz7~}C z6MXITe>i$2&kX}G1}wZBPM`U47x()9=YWXQ+<*TTyCP7QjybzDcRQo{?C|}oe+5`$ zF#2Dgwf`-^+PBk8-V4hfmAH@NQ%|j8mn^A#%Ryl(PGjM8%?#5obN-6p_zN-9>>q~e zFJct5#011NqZQ^BKgFlx1n_yA_hH~az7=Gtz`c)eIsQAe!v6&(N}}mGn!|rt%8yHH z=I`L2Ckp?&mH)mK0IBvDfa-q*?7zD5cQ5wcvHX9tV7eD6)#C-rfIh>(+sE|Mo3DCa zFT@A@yYmy3k!yVk!Mmy&<{9kJ3c|F>4{^|=)l@^<%f1!}DP zD1gJ2GNgU~gW*olzxqOCJ^&bQJ<#4g^>fNaWgkhkXEpQM-<=Z>&AtAP9ll)B>(ILs z)!yiz60@EZ{$*Fi2RJ$$cpsp|h`#mW9oKK4?RS$*4Q!K6P*ve)8jO?&KC>Qvw(t)J zK>^(N9qW|hw^*kS-UFC8IVaWr!@h0|6e9<8i<_3#+J!6AWc|K=;9{9e@dkL^@hu}hmA?I~`;}$}_RAkzVmKbL zXd{q7ByRY1YJc20m}~FTJ}l0DKbcM3UIUNuZP(oPts2GiF7}sM$!Y%v0Qiq>ec6Wx z^4IwgA!-OgyJphv zb7pRqpx51bd*t0bL|Hb}N6wU)4^AooRR|PSiwSql^3H7qLx@oO`QGX6(#si-_NG+G zsQojmB4YrMoTd~+Sq>V%)hP=SvW?RXzxwaea!hp}95$8y{V(x&r2sVP&pgke{A06! zsFZx>iSO?)|M%~Zo|<*E)}st4>|daIt@?1VI0Jy)5g_(3;=VBM72-%A14zll^=%j7 z1?5=IQHQpd@0FfJk^NAh!67SXV$tjg0FUG|2V4Prh6tNo(=mbc6jW12|Q^49Jq(tlfeYG+2b|!gu7C&s~WWYY! zgtPhyY5Zr<{_8~ori5W%OvgK{DSmEAo&mtNOQHMA9ltIug1$?s%XUO zPPGkgH^ zvzUvJM&O;6CbgOQh)}BGceNLYLCHwyroO{mz9}}7Jj_1c?mR|>u=rgwq zq(uK&OR;$IU2OdSMQr$y)oYRJ%V^9_-`AjkS;(%F-%jFe9JpJKR1CD>g(}kMpgx{i zq-n3c3qxdp?*{F;x%D|&;zTJELhkr`n1|0qi_zYXsk_JZM;xDK5O9g=U7JXwsWAY2+ zv6=kJw2h^|XnK#I_QQ5+o4Ax^XIHvsuYo0zXx zTl)ZZ3BB}H)4fI0L3I&CykP%gQ5P_kM|WIkV$+WlU4ti+dZ4_`kW~yh<elQQOH^ zlgbD?XUkuzY|N}Y?)|L_QGQmDW;%}t`8kvOm)8EqfIU1IlZ}D1QBMD&`sjHc|26dI zjojMlbLI;vl)W17sSgDkMRzlDY5fIx-#||@3n-q)>0kP1t)i9oJC#P3$9aeI@hiHj z{lb54|At?La3eerlfaeJS?GJky^HYR7WA}+dI_v)=3d!6~rR_NV55uz3%=8rE z$8RO}S8-+E2bWYo_-)a~4`u9?TirIiy1|tTz<}-UvLGtCc31e?l1L=Xo_4bMa^1^C z!XI)-g!m9*m!@=hUT$#h5kZwzm;ezq5TT=K01(}mU?ZQ+1bd+E+_qQa)KPgtOY*EK zOOP@rHSIr)*B|fq6pynEz~OR?|0dGb~7ej~gNb_Ih^w%Z(T}qR3HGx$FSVJb6O-GSI{}-tBVS1TG@qSn3)*b}8Mem@*=gQ7e)Z%<#S0WIqS~_7 zLI&lkYe4KlL7aubq3>{Ylj6iC2r>FR2ieD^O8}n@!7sn_Zh029RJ7M>dh-4%CBrHB z>M(uoB)_fvzZ>ua2LVzbtf*?tBzAq5>tlx*&1r8OgZbg-+_cZr=Y*_pMkh=Qt^>MV#=&O*lTng-&1}60W@Dlzm&ruOr4Jq>A)=l6Fwl+lj{Uz>&+R zSJw2Rm)g2=vAGni@|ztJ?-lfP_3m4NOKaIq&lHs!0)$MXOeGXQ*`HpW;7-@k3fufU zF&MY=CF(|J#Q{_SUe2a93KhEPEmgQEQ{F|+(UMoB+ZNQPVqNI=L#!(TBi{GhB6dj# zQV$R)`A=FQZCmmN5eYCa4NZ#bDbRL(2C&@Ts z;7!=Q8ItF>k3sMD$a^4iv#^nWK$|!j4cSEiGm22v0n$zbbU0sMR6Q*l7`OPxLId~z zhjiQLnUZ+K_>*r<@`Aj4usX#*_=(rJkA<<7R%QcVy8b#mr)3WkeQ zWflz9Ih)B<_7#WV1VW`9s&L8z3%qjJY74KpHyb>FNI;ZKw_~)^U>m(rONiZB z^4G_nQF^9+O?%-G0xr&hriK)-Lc$GB&@(4)F3vV`nGQmT;n2h_uPZ za$X>YwEDGAeHlVpg=pBuUC=Cc8Ud@6`lC{-^ub_o^~LtzZxz_@8GzEuBIKdy&&|$V zl9$iSqqX}B-r}E%YGByOHGN+uB=U@Z z<-_;jSs3Vp_f@N|R0r}3Cg34JaFvUeU7N!!fk-&A)TR{T&Uh?@3?fMb05&6KR!&!w z!x>$-_<*h^xqqe`)Tih3@6>NW0R0)KS;@s;5(iL#@o%R8odE0rWwr|U5eW+ig$jb2 zv`L+Cervmn@oa|2o{9%0>z&V5^EUE|R;xX&&|wg%4>2fE1RtAzhlLXt@rn`xEl-d0 z)XK0FA_Y%_NJEI>g?_uH{%5I0#3oGE zb}26I#x5Kbdxs=`DKv&T07NrtWZTMT5hwVn^+j1lp*e*w0E;*j!yz394rAc5Jkb(c zR$E)!(Q54kddMc>P@2`E%qH#m41m8DS%=#{{a5L~2naym6W(9)kg@;7pOi@bLs?Qz z23;O`zDfO|UVC_T!oytFBxdnCW5GJ;!wKYb%75jMI}o%BytL0w806I-KjA7OFV90T zzDf0i&hLk`?Tg&p2}<+ovx~HPe$evC=EX+eI(C!?r@<`b9$)%dYPx?c=nvAo?Ni+8 zFEH?o$3KLA$^>}MSlCmV9|VSfz8NIn!F{uIqVTt7>EzER@aKa5xLN~v?|2Yk#r7Xs z^0^*(Mk8Lw8U8M}>Dq_)b%xLAw>tA5C{m~NfF%bI!{X0=U+r^0z#`S)&awXet;s`= z9d2UK*RKAp4Z8ggCH{kC?sE~af_>YJGbA8+h zV99G}iSi@gmmD+#&@z4ov-HUS&kax<+zHv&Cf~;XF}`K*)!JfCkyZd3dtjTZpVnG6 z=wH1+pnSmolB=Ao&-_?&4GSPuMB%qVf8Xl{?RP~8$@{M&{8thFE*#wdRfPYe9)a@N zn~%S+0RD%S`akR)f;efd)4N*${P9*iM-+3z!UyA@yXIE|NyW)d+5&*esb$+*eczb~4%1A$Dm6Uu^&ZBLtcV5xaTqwo zJ`2}cujcyn$n9KmaB#qHh;{?VxDC}03VUL$pt1-Hj#CGZNrC|)6^>#8YH41F>O!n- zsgl(ZT#uZ+k#P_s3R`jCkid7SKfRs0FHDy}?dn~wxU8}~KaF0>VY~OiwW-lXyciBC zG+@QIf4vgCRClIH%Z6yc$XW89%U%RN<1rgukrj3qBp=Y!6^!pMi*i*1~mdcuJYsnd_8ZUM(nFJ`f7-HO?O>E zrR8Ffur$cop<&aiJO3iSIn+&gurbkJ!mA-tm%ki&LV_#g>Cw9-2Kzxzw#QDF4_HY( zL#WNKbfu+kCZ$B&!9GrQW-Jd)V88X`^kkUCuwFM;f}mYE;{eu0A+NFGnvF$fXYz=V zzgFvBn|8pRRrd8g3sV3Y)(6Kj9R6={tMe`;c+(3*3fP?_A0uVAO{!RE{|E(kKFGHv z*vKr*o{p@HIK=NikL@j*fZmnWm%|Urc;8<0H{DaTB=7b?G!M^oBtF(Nahbn3Z9P=c z4gm7Mn7XDtdw|qR-gyTcU~cZ5LRu3>iJc$VmWC_Pp=QGcP`0Pyo*i=^xDfG2w>J9J z9Xf|MjgxklokndsJ3E0>ACwdawPFJs&lCmt+B=)JT+s0Jnul*cSv^x_S(bLV92NwC zh*a^yHoP#rdodfUSN3-B%!Y`1XMhCdA~DIWD79zUUVwen41rfxZPu7&ZlW7pUK_ZUggK(}aU+7q!8Y?LsVC z#SxAx67OdzyCK!1a%kl6VZr+T8g9Bd%1-%i|XOc=R`^K9PX*B?rtWCfln6Z<7T!Ik+iaOF}HNAskHYuUxlB+0?h@|a<%zVJli=Thwv zaS?X3rI{iGMz)pUPN5Zxw3OA~+7`82UU|_NefXsNb-RVzY*(rql8laNnV%-PZL@S2 zR48_tPPi^jS$feos}fDm4`{m{qwdgGaIev(q9}~{ReUVpYh8z9v~64tc?u&kv2UC0Z*H+ zNL%b!a3Bpubevb{YfhipE@omMluJ{$D^(g@SiSqQmtnul<9Ki)um#X+lmnWEA-}9g zk*#(#hQU|(`D5qYm|OBq&(4U|nwTCGt4%7-@}=yqrWiN1AA_$*HcA%jAtw*Zp-rstBiuuC6*+un`lr&#R{9Nec-~hP3dwzM>!<& zM923m!c-1(rYmuwkwv|0IYmuiBp@&OwfbgB6U~L}Z&04}o;c3OhJViz{>*x`5I}0w zhdEUK!>I=)0okO>TCEn4u1 z?xWVb$!u0rSq|Wmv-*b;n2(#q@&#GgNsJ_!tcT1cdV;0EC{k}u?U zP4-$I$2r^-rFixkWl7+tcv&xifg4mayalXsL?)2PN8%P-+~%Y5KS zf75aWJF0>Ks5SkEJTHd>cxx4XdgUj7W=XXBTQGjBaAuTREQWo)cp6vlq!Pof#(LFZ z_+Ij5xHI48YXL-Ys*upYZBwTx=G27Y+souG>GtKh1QmzgcM-rbzjqU!LNL!EMMl|| zUq#^7C8=P%Kf3O5o&$h2C-%m48Q?0((S*wNU(ot2K4{k(lUixJ$%-zsD&mlH9|YQ` zmOLsk#iCtr%o!Nwy*weiMcTtznuhtgxjk4IA-NeJN^je~v&m-P)S_AGg@aG!zTi<{{MT&7*WYXnP>tIKsXnvuiysfCeDI*ZYxOGXPkFrZT z=NDBDr;Ym2Ih>Xrw(P#18Pyzl3YxrQKvR1A%%TYZ?Ayp;%yvk8*k@Kq6#&HsUbZdw}jp84Q;6J6Oo zPVq986urqC;JJIJ=f=3w9ClC47(22q~jeYi7S#}oys!HX|B zWA0I%bm%N3Z#Q1kU0=q#7yMYdy+k9cM(=be=T=rEd`7y(PPD z=7_nZdUJEs85=o$+|F=Ce}X7r?rgBw*-J%5)+Hndj}HfGUH5mzBzuRUsibJ7^J2+rz$ zj=fcl7@G|?hCDkx@{PudvE&6-7OLCWT|JHk*Uvp0&pN|8083=qI8)VHp+t=F!kKpV z9^1RG2Ze}$%bSL!;pHA!u;<)L&lE3>_(oN3COxV^j!h(0;*vfWT(?@z5f$LY0hud2 z0UlTsb;?O5DWG1Pn4;FBu-9U%QTOy^{6ZLPKI{g>#1_>SqGCshny5V!iM-a2I}}(^ zTeFD*)B;vE&4{=-T7iQ{O}$_55j<5k;-@Rh{7PV)=sn&s-e#3M%)Jsxr(nmCGh?_8!kJBS9jX?%E z+^k(S!&>_V1$VjzFtqOAul<{4XB|N#j>#h^thZ%+T0nT1!-uIXyKhY%e)+t$G#fR> zSXTbs`kQ39P|6E9EVkNC2P|M`Os_aXn0|AXYT4fEJ)+O>tbt=I#LSLM)M8@ZR204%+u0%fAl^n{kNZ@}|2r(fN! zk2TrQY1`H|x$Z^RW@Nia1&FlWvx01XEL#*{>xgBS*=+-#=o(qv{1jGy46VF=EA z^W#9ATP1&ul65@YouR|toyrUIKfts>i~C$Oc+RP4$b zXKYo(p=Ag$@}gt96Dp|Awi}k`$p^EMUkB@HZiW{-U#_`9J6lWfPQ<@DbE}RS?$`Ns zVsRm?Kei6uR*99nSE~6yNB-M{sEUVFw{x=dcCJ@d5)D%K5~$kI*M&R4y6{*yO_!~_ zo52~`{06vZLx?cN2?tm=gFkqwvr|p}tb=JmUm#XmIPFcy*?TBCgh{1I)Z-``eN%D7 zWi!}_vaGDu2nti@Un;xPGIPH87$S`3jj0RXTDp%~qc@VKW^eU%baTVZs`xPZOIhp5 zLp3ek33=h9m&{0{*=jLVEFFK8Wp9-t3KH;PJ!UQe_DyNn%sMpMeGD$+yj=be(?St# zh`8Di4@cCW-h9 zELw@66or3Ql6(C{N%*NZw&a-7mVpiQ44pfv8Eksd`nj%qCx>SP9XV-7xTX{AxYavq zm4v}^rOnkT$EQeCo=<0~bZM)3wESAzE8gF++a)6?&-kf=Qbx*qoKxNwIOlR|A#La} z@cg`&^da4B$L7^Icp2)d2RLXc#N~LT&;8I8MKJYj(4hvcH~+vl5e|)U2ouu3T(Ne%=u?j z`1h-v<3M0_tyf3v#E-yAhVIpoEBvBK%IGZx>OJ+NTwD-AE+yl205afxB3~(u7!B;>Gw9A5^)aB#;xMb_g_?g$&K6!*A3eq3zX%9dNV!>V+pgs#YV6^wvhCXk9Mp`>pRG=|)=CEx zw7Vw1H8dW$G6W&vi-x{6y!VnMC=ctSt%(_m$(m(Pmq5;!6Iahm6%!wQd8Ot#$)N7v zKek^QnK7yAq;{@*)axnX7XD>r-0|D^gi`aezWjlpK9SqYfnkk|0W^WGRte&VrP{yU z;wTzocv{yQdRdJ70WW7culB==o~k{2-Fw!Jx!aeQ#}BtuBQnMIA&ne#>IUCoZiT;BKgO@0Cw z1WggY9J!7!O7@hU6UHS)C{iWB1oSRVjbmM*0Lm-VAu)Hpbt??oMCR2nL{F?*qCI^) z?Vy-gdk}OreXFsj@x8FBTP6M1Pt%GLb}j8(*^F-)tNQ)+3=_03hG}dVc?EC8R_*I= z$g<36yFN%ljMxz^yup;PG8_q|U!)7)9unN$DF%sE8^7-*20WuzDnOGnbc$4;{u<);k$PKyH2Ut zP(=6IrSFD{ed#oE@pEVRL=l}4yl9WxD-YBduLgclZ1|fc?M1y^9O$t1s}l>g@S;7H z4~0zm|JtmX6Z*3@b9)alun|8tE%QU8B-=e+68qe1k-IU|0e_`GIiycoVhV z05dkEfP#>8>g-YFEd^r#Ve2hj6L9~uxZOa7zkD?J zfX=CIdq5iBaEL2!nD@=|e0PY<_SZ5sq*BJyLs&#>5w>SC8(LV*V(NQsNTuN^pmqbw z&*tjNu#vB^>s! zrd6QtCv_snQ@#m0wwtSHKM-Om5quM5Sd-f?=Neq!v_@LYG9(2yS|woLkovMwC!qre zdgw=to3EL90P+7+*BI1sP|ttQfW`OCbR*-X)pSxh#rCl9;t|$iU8Ufz?$j$IVKoXH z4vzAWaU;Q+MHr&5y7KOdd13N<1*)We-OiYF@om>sSlm{}>U#xAve8x!#o{uDibHdY zuAkdubNma70}H3(;yTOo70Ti77zWa$Yldbt*k2xbg&Lj2Y}Z`|%*m`F_CXU(Kke1GU9cvE*cdipW=QQc!$B{a zQ()`%Q%@fW1Uk2k=!n}|2iquzq2wG&Mv2m-$p$Q|{T`ph0qD)8&0?3%|G8O9Fo{H*BB^A!%`lV{cw@X{7pI^uIVkz?+xpx{9o9y4hL}5>4afM@# zpfEy(NUh^Z%T-?X5%%u4&ga0$KD(BxS$9xNF!owrXK0yxNOkvX?U5w`_}sd3S>7|YF>5w2PO(r<{6SQGqYjHE0GqqJ$M^v!C?#Q z6)Stv)4%=eSkg znCXtpZ7KgL>$S}8l2**f%ltmB1;);mcUOx8LsaS^#+lEYKyh0ef zf{xbfneM%72FEjx>G_)AQ1r9!y3;aeNjQ+ZF;RX7XJTaPUo?jku+m~p={RQqG$I&e znDLThXT8sn5+ls%rWfsDlLM8j5@^_dlrWL? z@|Q2DW*)oag){(6os+zLllm*jD}9+@Wu~qNwH*LqYr>MG&)Q8En(8cdNkwg4I`J*N z&g;Qpm8fS-R#``eF|{5rV35W%PVv&z$|%mieOH4sDRIIyV0Cdyikii7dstK4`nLJE z2c>I+TwLJY-1@aIi)zb_^xai%0J6uHd(HY_xlfer-d0?jXVUhK21YJle(VynSl?4Z zEr4}wzchGdypN9^dAM8W5F9t=#H@I3oIce2C7VaU`hPg{1bv{Bx8{ap@t}T& z%lCm)L60XrBdE1Dua>4i>~VLH=UwiGgmP(M08|9x?W1_*-SM%AF`VAKjzWAwOs7G5 zV6bJUsz8a447VYXe`$5(P^zf7wKyX~7+y)?Sm(jF#ZPEHj=Ar7lkctNP)s8H3s<}j z7O46~LuJddPFq%6jPVTZ5YC3Xlf!5?@YcG97gh7UFEFy zOkyh@1^LuAZ%%WWjLk`CayAi?AQPLXgwzhSqORSBl&~!=sSk1`@yd_0*AtqU!j5j3 zYzNUBZ{OB>udvg<5L_J1=eis^>wY!<8gkD|#52J0Jk`#qpU|#qyD zM}9iv3qu=&%$@kB@MdCnZ){1i;={YH92K@P_BXaEuBK@XpI)u191MFz)z=r3;n0MN zq+;Fa@R^P3`Zic28pb=Gv2sn!?}??(VRdavR*0KIj)(BEY4u_Fctzea7GY`26yJ*w zg>d?3<;HGoABTvv6lDaqoMidB!t2jvm)gieXCA_va`8sddM2A?h_>Obi7;W58LoR8 zi3DaWxJa{a#*%@O%=;-LcQ{>4s7dy@beAalPyG2z34mBFO>X)*ps|XM;t_jUw=+1K z-r~-aw+j!vcp_j<3o^X~4v%+JhtXi8M>c#T&@o+$OL^ zX*atlfCQ8}%Q2#hSEgu-z~!rj`oMV3*mZ`V#n(m{J5dE13v5}(;*PdMN%vR1E2@$E zIxd7i;%)glGx=!aVvC0DeMBUhNF zxh4Z!P9>P$x!Tt_rFLTZI!jkho;ueXL*c<=@P`9HqECgX!6oM^9OL+Ygn<#Xb6#pg zQ^MFO?gBH`7UsLj>Nhj=xXrf$f*l!ZbKMPp!bjd|$6OGV0aAs$!n*uwwVHKr0OMjg zGgeNs5=O+L)h(y@b=wnbU$URSTlAmOGqQD??Vy9ojR&@TxNkQicrMgUBU#}SVh|X! z*F1ap^$Q*qW<_>@1T_h~)@IeVlk8O6a6wCuqx_Z3_}+K)$E`dJUq5i$V5-;10`yXt zOZkm5w|Ajtc$AhN@SWXg9loZiSM=u?oG60I=7B)+Wni6+z8$k1e zFCwZe3=*2GFHaz3V3pN-K$mN9DI&BXq&B(6(rrb_YXUV|QTECk8Bn8;Z!UkHvz+TF z|A1Y*w6bKiB&Rof^6wZYh2vS(32RBkqsRZ z{lah=6*Inh^=s$bw|3{$X^Bb{3=GZ?Am(nCLwdNOc;hr%H3X(<7{bvlD82WAVT=(W zL_2-(9-9|o6YN+?@%n6`EUSF}+o8LhK47=fe9%Oq-tGxH>Kx4Ord!in7xB@~tLaSe z>eb@K2C;hf+99&ql%3Kq~I6&x)jirFgt=ifmJ2exQ>oL8fAapktVfu zY_1MpWOBJ>Mq`0}18bUnxjMku#o2#%=rla`)PcLl1cg@#V_rssf=8aDSj+RIQLB`t zro6bC9A}xeRk7#=@MQqNTj3BeIfszM=)djZdvEUcxZ){lF3#$#4IG<3La|AX4x!## z7<3IykzG9tLt};Qu^J#Z=nAWOB(xesXPFSZ4f&o{LXIC-d4+OXCr~B+Yqv-WN#s zCj=Q;qNOXZIJ@CTAQf+pHX=4BJW;pm_mdEVd9LAzf9nt<-GbmdFehNP7oj^y^&@Q; zrld1H8O61H-$>^HQhfCQH6`ouJGZVKvF=E_)(3Yd0|UwZZSkz1AWfUl1B=B9sXTx!f?)RJq2MT`;Q#Am6{Lra{1Uw%_^gVIibI;X-Y!8WD>O6h?=+h%OZ_Kdg zr+`iW*#kNX^TMm^qZ()8l*M`5r&lHvh|@G8;lb|&sKt7*7FbhakAws|E7d{mKGm>C z>q5CJ(Ar?zMN7GbTB;+rEiMB6t}unbTQlQbs(Ceeo+Fwetw>jys6fWj zPZTU1nMV3MdzEH1uU|OQyf$ykGUo;i(Y-vzQX|pn;et&xfwL4;Uz*!{q0McaNbtt{ zd}7!l;4*LF`dt}l35>yFHt6um_0d3Qt~H>fM%;$S#2%-)+-uoS3)LpdAXghvAHEXS zvup94A|baYJoCM92t@7Bb^kV2Thbtl}KeS5}4>~7STwxiZY z?lY>=UcTdQja3CBnE@Q>o;LVP;CM$5QM>%HTEtc&tEuUAtpOa;)zJneU*kVLSxaLO zV@xINJQeH@=#w2wj5evT7lZJBQ;bL+ziHm(%DYDjuawrOU@-R6uB&gZ6yi(QDFi); z{WtXq{5XFM=!9PX>ZAFidFmSx$QInAf7sgH;GX%#Bi5h74Xan!Vc&K`R~KH^a+PDg ze*Hcy@p9Im*A8I6Qkorlt2DbaS}RjozEm2%x1m}ZFz!RY^n{+7x4m1$uT8gb_ia0V zv|wwT5i2s5S~cP$12~)-ectPbGCaLBWI-Ma7A*EPl@@&`7_38Px9SgJJu(sty(ENv z8geGOAN?vu%NiPh$D8$*%DQzg2;k~x9VPB6j~Ak*pEcGuEk*T77xvrSJNpR4q%TEtYwFcwc86I}BB30Q|=Fum^ zICg6VWB042aVpmy4~eaR>&>450?>G`y-M4%Zx%7+!U$mhnlX`@?RTYU2{ypQjy)ov9PiUKgXHLdxa*qNr zl_Tlqz)w)m3hXu~KAC{X&SL~GrB~DfY>Oy5&}3tM;^RdjIHL-t}E*waFl+Yf0RH# zr>e^HV2J`FN6xO_u{?#ev$+kwK?Mg+Fnk)%$C-%sCyjI*)Nfbk!U@uped(l`j@?|y z#!9y{6zfGO8tIRpnsK0VAued)yNXCKK!F?Q^6-MKRLCjFPSd4eBZIoB|k$B5wP1V zDUdWFqX%;7B~GS!B)k_RZxPI_!5=m!5EVC_4K=Z~8}K}8aS1&*7lDJ|x9xcZk!VOBtBWT1L-FC+r;fplES>01QYi|{rp{<{2CzofEoernX z*PiYg$haJSgX0n)cswDf6BN<6!yX^B)dsB4D_EKDdr|sB@41}h62|38<1f^dABGO`u_BQN zwprvBj^ws8L3*Nr*B!gE4w9L$tvd-Yq%z+?;dnIq!Qv zyx;B@zrBA6d++r;Ydx#{*MCjg>bqSaXq%SBI^oW;bFt(a0~t)9u+5)Y3EPiU?FJ_H zyk$2i2&TYNvwboaSUr;T9rkMl>b|OAfvxF+&5`Js&o;(#UsU|RIt0CWzL3ScF&o9& z+gpKqja7gA+9LD~Rf-2RKQaCTZ5LTFGlan>`|+XANidf-0}V39vpjaHi}gVO_)OW$y<9M2Kqkkd)NAdNyTenk-;$>HM<(iA#B1Z{(+8)R z3&8)@o6+2e+1Nki69p*SAI0(p?tP9I=!RZ;s~|_3VIG@!VK%*`;G#vcYc{~usPoWR ziAT(C-0ZXh(7qkQAW*v9Z5Y9uUzqB(rCWNmi);i_QBk!!L498=K0@F2!C-@JHzu^9 z$MC%&=Hd->MEf?mH)U8+;Sa0&yr*)*sZE2uO1sGa`1WAxsn1ajkKEOesu&zD;-U1Z z1zL;wJz|8(Y3PkKh(LE3W6tJE`QJVRs+-VeVCiK|5}`E=48@t;Kk<4_f-b-hHMh(5 z(?A(kKb~p+s7oSn(g#=k50 z2NTXAFWChJ>&_-ZfUFdApMgC9fVdXuY$KJH?tI*4Li-7PzE9j$XN7pD?E7ctS|qQ# zG)q^(1=C=faw(EA)jLXJDKg#Jp~}7}2ad89YNlTHSOJ5QnRt#T->PeBxY?U62Ho7wIn^c=(*O+@GU~oZpOL#iz=F<{B zaj31+KA;hed+n5#OBF40M-1JJPbn;@!xJM0XK5b}`zh8L-{w(R2|2?9?Eie8GxV_y zjVNuq8$|J^Kmd}WciDS(-#6I2uqgu~Q+MQU)DWW^ zYaFNsJ!DNou#zMF^ZGV`iF`JsZL_gdA}-uoZIiW$n!|=E{XK5VS}hHCFSzhY{m=^P zNrkv@84iQglWcQZzxGR0;11AA2Yd6jl!+7BwWCg+?p2cmHLI4RMZMZtG zC{mUIV`&qHhFt3hwg7f<(^Uim@lkZ*=(I32iDCTvBcPt%4^Fw~Cb8E>!tP^RT)zi? zSi9As3h7?cZQrWxoUE*z@DS5&_${T?w)gE=lizC-XlowJhU-TXMoTvG7CQk&r1?&n z60u1SF893C3|IF3_@sIB5aj;$z?+S6jGB!tFMv5gG#&)5Pa0S0qbG5j$NX)U*4E`% zG!E?OT}Aur{wD_AQ9yBfer@&6_IoKnrzA24lwGerrt&#ir(izP+7l7u@Q$Ro_+`FQ zz^+6Ji;Nm-WA1(4k23dyf2w^871NaP!4>QRn_si{u0NeIC_R0w2lj^UGi6F62Nsz$v>5E(&P_^7N@v11BC-bQWK@283V~T7 zWiJT?9m$Z;iLR%4mpG`@j~&)0W{RQ-m_ktE{5PD#rcJz1(Z|6E4UMq8cv~Y%aLi_N z=nMt;N$z=4(w^^k4>@jk0|>`a0*0z~Q!)##UO(sE*dqTb7Hb*3q;w^JW_C9+j0STA zI-HIsQfFTdNFk`;rZEW9=W3ZRmDzl4LLfkFBb&PCo@V;Uqfk&*$mw1n%G>I2&HKAZ zib&eop1KG8Ea`45wX;uJWf=F1rTgB}O&8plYj~o4fbo9O~~%8w6jKZ83w7S=zfb;7<+kRJ?bFd zvkpJh*UQP(Q8A}FDslZ|S?#g@Mn#X_TK&*VJl!$uB>-+$Ev-^Z90bauL7&tY;X_&T z-nxlGS!#)`0ZW7F%dm4R)Jv5!g$J<$bGx4=3O&uFf}jsEEi(!|1b>ee5#cDQtbh;O z+kI+QqZ0MrT4J(v+)cPAo8b||LUwwbq|pE^OSjyU*{O3=g)L$X-M?nFhqzYNsz?Jl zUPxP5Or}pOqwrcne(_R&M69tpT>7|5(DNmD?4roWRm0Dz?tAX~^)-S`IS*y!Nlt1c zTbJIOvWPo8U^=-APH=>;o?b?&PlA`s2$+U+iuOZq?HJcJEiD1?guEei+*Rf87?^G zR^iu`vKgkVJ^a`$Ensn;?Mht=spShH-Yc4(1n#7kOJSqPJ(kj#VK*_Y=B7bi!WRFH zX;jCBseLZ7+<{nkt)P($7SYFdF0+mJ0tGcC;T ztL5d{7Q0uLgSd)Z4KK$Zo#r_BYA3k=K?wRqfGxA@PR#5V+!MP^mn=WU=Lk=#n3L`y zEj3}YFACC$s5L&O=ThD9l=L>}E@Y3C{y64Ibfj?C(>o;NV>*E^brlInjYTbUdge28?F||~6A=G6$`03Xg<6A%# zMJUdDB+Y|a*ftI5oOqJdp3%>Nv)+}90SZgIF48_|bjit@XL2gD4&OynXD$(_)x(QH zk&CPh4B(Den8y9CcW&J~MY!)j3ob8p16(#G`Qw+QeTg}XwengJQLtm7^1DRT1uslH?Z z3<(#MFP(e&spW(0n>%C;fbXv(1G$NlYL3N@TP#eO3eWGmPP=Bfw$b&zTJPL-zxZ~U zKkdP?WVr$RS0HF`(CXm5Q$u_{WlQ1dEtxC#0k_RXo%}+P?<~#nj`fzKl4?E#RSgjJ zu$o1+J{Ehc8^r-)`cDqr4=v0-BWj0&)MD6595aH(mfjhj=$opg8i<8*rS(zKYFzo* zfvEsAWYTBNA~{(!*@Kz&^f5?w_QQ~hN(N#gBbUBs`VM97Hi}Kmp;g(C3;Or&Xl{`o5}_=tR)Y85o6$) z1&_N~zn|bES7x7Ee`DJA(#Kc|_HR=FJS;=>)8U~ptkqK-m4NqI^xo zt$J>TV!fbj;bko{T|Rh?#@B0vn$1>q*cZTz)X=I<3rzm(uy^W2*nxI+o}3ptz_GLO z?_vIxmcCoO-of~?jkK7HfGM4_lXNgemW_aki8~*^tifx0tGyl1%@`r8Mb&ZpdDRu& ztavuiY@mRQFSrn>IS7znN}6vWJ)C&bm?0P;%CZJnX)3BPL~^U-dvZsGw(5fbvTXn2 zhTPDEzR#6Pgm)Vo%{;70n>OgAi%>pIDbH)2dl%v8qQxjJw1*KtDJ`37C*ayUj!cV+ z$?6h1d-qjK&!E%lP3$@jB&DYpTr`>kn{|i5Bfxa-@$uHxV%gK{OX7z(i_DX>Z*MsngAcD@$e$<_s0z! z1%qMxh{a(&?7No5pxgFNfyX$ko{fwH;gksNM6AO?@N-|tEa4d+>|=C-`n$*ZQzX#O{j^G{da>OWmq!~JB;+VX5cdV@W#8z|nU*3OAPJ@t6~qb_M) zgt@GJo4(gE^|d^dI5>D-Rm?Qt-(XL<=>=~malkl`fQU-12Eby1CwU*>aIr}fIu!5O zhH@CJ2Jf?c!wNXu5;j@}9-ZF%3^VV9T`f;D38Zlc3`DQL;@gYh#gy76MM`!wcylDa ztKrjA)5WxQ0174^eCa>d%QJ7|2OyhM&C0pJth!Lx*7oDChIZBS z`Ppf~0?{ob3DGmJxl(r%#|}ce%f8d?Fd#huD&$)4Pu8K5h!*4Lu0kq;SeK0c}!_><$<5PTv!P=@7AU<8;^Kfyl}R@sg`NKMyl_z z!p%$}ARAXZeQ5I;rAF-QITLS|JXUQvEiU>1pHeKKAS>(ZgvY9(R)qX~%h!-d>3cWY zj&sfCDk)CQh0#kTB5SSFvXD5%nR5-(=;IC5EV*SLW~m@(UE`OR-1JqnFIBw6oT#3& zuA(`LYrokDV%(sWCne)cXs{II{vs5c$O9dfG+v_?%d7GNj0fwZGE>V1|IOmdbc&*! z{^z7BO*Jgi^4XE>aZx)s>=ctjjSlB>45`OUGpOTrD=;#RyX|LD^PB@5jl6vB=NyW|SE>3OQ`QIHqoGB|{B76y?TdG|u>Xv$2g*d&O6 zslkPTG*^+`tQzd)sg9XdXDI6PLzmDDv6DaKrli&TSlkF*2Z_a134`9l8l@Q&X&9Hl z?AAO%GA=3PET;t_=LQ!9yHBly>IAZSy?^E`UJ;z>UL}LI6 zx%och%kt!o)7o#U&dY>qgp_q76#wm}_Xp{|V^5m$*gCFq4ZT-I{Zqat5+}0~eZMjq?TNe2Ok-JAF6V+la1qEET&BFo5^W5=s1mMG*2CyPI_HIwk z8BnQDu=Ywu5uz!!{U8iF8SY8rR!`j06g@V?Ou%$lIicaRMVG9u7E7h?Hk#s160eYv z?fI_t=b8L(B8T6v_D6+-sH{rcXUoE+miU~AKpv_ZPHaE4J?C-SRkyQYCggha@)w(L zTuD1?ohcAZxH3S%G`5Pv$dn@{pG%7S5${a`r4>7HP`6wl;MF!wcx@*SGW6~t_^LaO z4=Zz`7J;lAy>ZDm>7%9DXLy&^{bCK>KEWlO)yK4yY30lAyXf?T36}Z2N&x6twyt0e zkCm{NB|F?M9d>~CLPq_f=s}|JmfZPjZ;a&RjUch3J@SI1gXuOekzGdse&L35)zR0| z(u!S_abEm>M{M!tB>dPhFY(M(eiWk>cGKf>+F6Q+N@*~nFs`(lgH$($*UmINVtS9R z>@&ScN($IqG~mf`5-wI4%*)}aZPAX#{yr=JBd}?3B zZGiE?ZazQ^oI*qvTDuXLo>laIBUBi%KWcJxxc_MsrF;?=!bM-KCY5@P*5QM9#C*bQ zq=&@ns^QXdvHj!Y@m{}eef}g9(;#~AWin*qyt5Kw02QmwA3vnj_N||NjGu+Wx0Ha% zBN?D}+2F&l-RG&{ykO8z$=9$0N=sJ`1F7C;L2tKhhaV=@big&~d=*z~@0N+WLf4JG zyDuh2ox7V4+MjIP%L8<(Vn-sp?o*y>$(Krb{0nDvv~7947QX-*&(QN>8nYXo;IEVl z(0XkEaepr~^pKA_a39f^0hW5`r+JMpEqxbg=c`@K0HBw1mFGQPKdbKW?)i!UdeJWT zSQ+>7GNsn)f(8TWS}DukeU|jCbR1(=BK!q$^k;AaM{lWTBV?kX4K!z>&7LGBf0qa( zWWa6vTeBpT;F>)95ox$37bK&3`st;AsYB-(Q2An+YV7C@F|8MGz$v|y=b!47SaC|60xv!}#XK@zKeBntC_F}AtINu1)f!B$fFA^% zaPJu|(w{WXe@)kh1ge}-9&dT436nEgxFy}nUBqE)-Ogn`l+4;ytDdn`<8NRv`Mnv{ z;*kWA)i)Z(J_ldj7RK*PnPntin_IR>(Eu|mQ@qtqD0&MRVL_40HH_`wMd`yg?vZg|@ z?seN)3amG#`n~|U1lD_wD~lP#Z<1&Lci(b;xO@=Jl9u>} zSU|wIBF8Mv`gzV?!2(Tv&8J)W!2!fVlp$!9<1SC+TJLm=t=X~o%O{|vy{KJmBzvI% zqLK;k=!>L&WNi=@H><0Cbf^-JV&$T?9ET1KM(PqAeVWzf_IZxmF(W2Bsq-D=rQRqS zOO|lZ4SX+V z(A!|@%0v9D>zM@`d35W6=%V;dgRPQ+h#+aP^Mhm|snc@l*$xXK4$OQ!ncowTlfl_7 zi(EDF#QZ6e9f~v%QXQ^NUF;P~OKuZ4T#MtiHu6*fjC;gx#g6z%-(h`wHH(Y?t7-J% zFt4^@pSC z`ehY@s|Nc?1doC2td+%E4fZuw>SKhbTajn+SB16{I7RYF*n_2;l-BExWv)kiFS{`Z z^*UaLATx3#Z3}n z7YO2CfQ~M-{B0+cEFbBmq?NJ}GG=PC>VwdE*=%0gSHO)+ z7CWV>`j+oU>}MUZfDhH#nC6d5cTim3-00v#q;+JV<=tK}%jU@?bCs1>)b@CYP3=Z_ z4mP>hFQoaSd|?)lfn!+M9C`uHFWC3ocJFNgcF#;QxvjfCcm%zE;8jOBcnwmyfaxmnAtot{3*KDUDKkcoRThdYGjo^V^iya?~ zbTKm!2bS#2dCDP<*)R=O&H(<(N8Zqvs%XZdPNr?(VE-F)qFS?Pv~otmnoUSsEF|pq zTwc8T#{)x##;LOy2_y;{S>#wBbJ)m*TL{+)-O#K^&q2r@VaX>`RKlb8ls)->qsMbQ z<%=^saoa^Mf2t$`x!6hS=|NVz>-EZ~|Y3_T^)s6?0AhRPl`_8Vh$BfhA*Y zF%vCMihoPn*pq5!#dhMJ{=zc_Y*R}-k58669x8o$G7e2LY5?YT^N%E2b6T=x6m=Wm zSA8bf&V|_SrCI$WfFxrb9$o7-)UW}5-A76IK81|Cs=Ob5BP%|lNW$~26@5w-x5M`k z3k1EzNcw2_rQuX6b?8zC;FUcM1m;o z%ClP!=d#JT#Jcn8|DlEZ9z*X&QFxVRYctFZS=m^4u?x88+L?|Qt^?W?1)6_TQZA0E z6H|95QlLqnqrK=40j{hMku<8LC&s%fV-fOfO9;@F2um!4aeO=c+lOT}kSCk5Or`|;_f>gJ)(DrV6r>C_VG4xwX^@4+Gpd;_X!e+Xd ze3;q(%w6|yZ|v4%f|_Vulpp?ZuV7OGiO85HLpMiUU!KM1Flwe zN8eSlrAz(T6(XnPg`Bmaihqm{+peYgDf)^5=ms$s2IFw(L$;vTLZxLd0d79e$Nw$6 zAnBYMkPDvhc(L~b*FTsE?97BUQKry8>`Z{OznJa^H($}Oi|{)?=szgDEQkFmwcYTQ za*|V_r*Q&gB!gy^eU`tj!0B3eB>!NxbNX+Y?fxI71~8$n{vb$<%KvW(5^29B0#d2l zC0+l~6PBxd+AKK=`AZhw--zo6y`aH=OE2grJ8=s8DO9qgIkg9}Y5=EXZo6GZ-!I1D z$MWn*{2=F>`*mmizpzx|6Kw&suUG7)?s)##_tp=AMOSlU4*fG6JPkqigX2->zvX!3 zh!6v$;=X!zEbw&aXhs2xZe5DB1pR8@PQRgE{Rcy0^{=PO?{uL5z>tXNUk9*#eA5r_ zWjozD{t4#+dfq6MV#c41)spKEqRsaIsRF^@7?A&|!v9p^pE+m$cPjkG=KW8;#s5wP zz#|4cFlwMaHQ`NCxGS5;Dn0&GNkXDv4*Gx~{b!@#@7e5MZXMnb9abaqm<5}dn24Wj zrztW^WVSP{kR*N3={e~Hth_IK-<=;;o{5(GAbiHINmj3K%)!qecCfY7XQp+Mw9>xy zscoS-FmmzWXYa!w9J+6pX;0A8E^AT4LH{D0mOCY!_P&&sZqf=%_Jo8}Sp0*}@~x~% zkfHygq&2r36+#*CUc9pUMSq?;XSrXS0W95n$h{cvujcf>c#%K-$*H-Y#NuwZu~p@F zzi%e1`aE7tFcCg6+ls4O_{0@h81>l=)+VL3?|ZJhH|o%M%a@NmfAxE_@lpBQeudF! z#iAc%0;Zpn@cuN2jA#xW9(-c&>PmPY%9Zhp2>&Ej2MMB`+SMyc5^E;tV;R5 zCw<`wK*IQ8NW>WA+{!8D9MtjR=4acv&1Ml_^`t+!y#KzHousuKt)CRNpNvXc`yzci z3J_F-W4&|C4@q(9`uVjg6EAH3S#BH=%BQ~0STp3&U)-sBG2$PJvuFde?x$^GTrvAw z3UFCC*?xqg3}Q=npiNiadouA-f}bMX5C*z<`sEzqr|$I#Px%iN)-S^FZ}{nrdjG{6 z-JQ7DJ5pjEyFLo-{Ru0fLRdZglO%t+%@y|#)rTU{^(3|<5uAy)eeS|5PVO?_mz}+P zW|aM>_yL@HVCOGS|7}tJcB+7fJwVH~_cq#Yk1`rSWa@ewPS$2TaoYO(Oo`?;!Mc)! z?bnr-jXDcVvn~jTBaW_hk^NALIXS?gW%KYC{fmm61{EJ4{8j#yXFzV{;4`O5sy9RWg+5JqiNekX@RYXipd`Q6@426T#4LCO?*O@wzPRyMLC~KH zq5}V~ah<2W?CflG;{8VB1R2i{y8~qZvL$YdT{-ZWBz}`7JfB&O(#7Q z-gscgak7&WM%oXrj9x5#^}{!%6utNs(lm7rGqHY4U4y?J5`Y3zn7bEaTGs@9GKxFv^Gybm;Ai?P-2 zzN0-hGUZ(jAPv8u8xena?LR!?6)^vT>ATeL(<4SGfKS3|{dEY5<#_@-2l+v23(v$7 z+=02>gz?_?7!6;U0Guu@o&4&by{UgcafSzYXRn^$Cv5DUe$w&zzs{#%dg;eJPFwML zbb`~?*C##^6N{_clkZ$p-6pckCHS+C^6#(s-!lAf8UDQ+POsAb|7wH(4T3}{`#UL; z@b)zHnf@D%R?)k94o6=WKkULbc%mY&%=cd|&O7gFd)78%m4;pFQhsH$N{%QzOJ^}g z@4d4!whC4Svc$wIoarxEW)w$|AgAiH+RRo{ghoF#@^V`vZfFo=EU!THMJTo&bXTKv ziW+JG<;F(*uH3rY9&Ec_)JwxEdZP9Tl-(t+WWBFE-17dG6yC2X?<|Mx>|mAiqo10p zPJvGVQV$szF-d+>4=%Kws1vz0@j|s#wG8~){|?o#UmTm|a$Bc41})WJ^O%QG(#_?* zzH%85H1HEJyRpTDi?QTBaQ1MszMer`Ufd`8sJp0XEA(2aU0b?I4vt*Eb5j~p=IM74 zy>5A+91ko%CAcmRnd0BXM zKzy=v@fEKS;sqzwaJbU^{MFwNCaP0A{W;P3?r*{d2--n2zBe%INP)Jn=uSrPT_ps6vW8XQ zVt1lIXG|gK*ydL(`uzetF|~j1%luSv{c(&f5@x6ev%Q2F_x3bMP>=*fpG~k#Yy!5n z)7XBro!_$&lSjU4eO=QorLLiDMtNSX3tCA1ibl0qV4Ob@%1Wk91=7fG+)3hpI>=F2`ljq z(K;kLhQ^@Z_q?HNmX#Q2b~SZ!E^&XantpRv-?m8$Ll?l)JU-$m(7ENa^>X#1G zkM~5MVz)cT>l%+r$(Z^_g>7q|ndw}&O$E-oGt;bpvW7r;5)z7kgoPx)h|eTz2WHj3|AFJu*=8Y`)m*P2A&XrRJzs(d=sk0-6!m8 zb8}p{zo{-Td!*ky!w1T40AnTes^`qXyAU@liTVIvE=O`@*Li?|@&A(=hMz|ui z;bu=ZV9f(Zo^iVIW0l>)fnOEaJnb`Bq}+r?dcJ;^=t(VtsPzEo*E*vWGFre{!LCnZyZg!|7O{O{xZ-&Zr&fK6W4O;Y$FzDtI zX>vqnmK&|VA?~343kO@R`gXI^S5LWBZP<+s*Yg~*8DV}@CF1x@RDNBTXm5oQ9pQxv zBROHEC<^z=-{N8wR-QEuGs8aG%Scvv+&0f28WRl z9;kWgsvHgyIdtWcPW4`Z8uV+8ReWT6o++$pJL-LRtiq1IM%p}wD(N*-S~`5p=qBAm zF=0Y={%obmLdy5c0~OH*;x~>g0$mo9@ThQ*yYR>pNowe7iR%x~L&VrA(?F$bQOn{^ ze@{-#Xe?U@9+gg#`9Da53y{W9HyPhgZ;r#_R2qOU)w!+cr^u_Js**w4dvBTpC~*yu z?&C8VHJs7L^3@^}cl%rc?`8$Pjj@W5opmH~Eu*X}S`q3rcF|o0oEefguk0HqNcj@vyl*$5Vd-s5Ew^Pn{xbfOBKF?Fcc<$s+T7lUJEF*q$eEdE+hdm? zW3YE@Qg1SqFdxi(!&rG@*OAa~d#sXXh;G!w-fY>Lgku`E+nNa=tA|-QBFjgY(g9;4 zL|PRHuF!)JfVAy-s8XI6Au&9*5Tin~o@Uchcf`}ts?}F4GLHRSRqq52&!Za_qOY&> zi*q9P*xn_Rgmti$jo&U--aNnC08Yih8*q<&jxxQfoWdE+;+{B9>#}AkY-jt3l=TSp zaaGyeuRx?d8JvR(0N(h(5yINL;T!(c5$~m5*1c#x7&Rp%EITm>&{4_nVi`$>^EXR zD{0)LaJ5h73iK?$iBrZ&^YF-AFAJ^aM745O@Dx1Pt4mqMM}15Y(ASx?sYxwi1Z^dV zkQLSQ)zXl-xw*xbVauty%RF!U>K4aWe9c;5lH!%v)FTOnLQ(~!x()`o-Y$ylX5(!_ zHPw#eszr5dZ`{=Am$_lS-~|%FuJ+}bmz?mgZ$&NkqrtV}Bs`+*@B2$ijITc2e#HIOtyq$-0~sq57o;%UHDkk- zOfRm|qnPD}(V$;FxmgV7)5Hw%HSX}(&HxhH55h;)?-EXds1=K~V_G|%! zn5XZ6XMj;-a#w*es%tk55jC-TG&iBNYb5S-FDLB{_28uI)Dx5R)TfE#o{655ZhS#I z)^rAeZp@f^e#FrOXBz#AU6alFG>m@z0tMg$p|gGEyDF9@S8WbQT^i|zY;%{Do{%4w zjC$F@p~*&K9tO#e=ej-&_t&Z(Zm1wE%}(~3>-CVilRElvsBBrbT0qYj@RD~n7@k7< zgdm@l@-b)fQJ%Fvu_M?pWU9-e0hCrmHbWZyxyZMepU>Rnf&ZEy<|$4c5wE76v~Mt$ zuu&-thdz?o{)krh?I-%U1bulpw(*94$V+F*m&>O-d+S)NW&A`h9=q=`5acRJeP*&k z9)7?mo>qUb(Gn%pc_0pM+3a@u;zeUGgfYkYNOF~g%k=?SMlf+8C+xUPFSVS;tiMfegF32O@nSy#tY6%y_ej#3ztiw z_Rk_TJAyc!`}RLMH4!Ncf`D%c=SuNX3}d-Y;dTI6L?M4#_hWS65&6Ke?uB&(EX5PO zX;wcovo2(_XE0j1AzRvITxHvl$r1O34>5a!#)Ok7Tv1HoJK(&ykZ}+)exunbn0kHg zaJ7h@iaY*rg_#pC(+RJju)q~Sv6Iu0_V?4D*&wpabcm3{^S34{J)1U7OtHkVMh{QC zO5%PPjA)M330u)Ncc}4^fg4unluIo?WEQ5ywthloWzqRf(~LE4M;bNzL44UImR!Eq z;N%=v>DA^_Ue`xG9{0~=dN0^Q8IW4-1$C=*+rQ5D1ppzghuz8|Yq7=oDFGc+BWh zu<9Ct&EF0Ql*@rNoJ>r_jf0A6Ed^h2q88d26LHqp51!T|I~3&U2+Os!Z^b8|+hh=x z#^YMqK95+4-ruUFqTjU$QSCGNhY{7$LBYOeiC&;W5wq5LZISXWZ}OA5vxZ$9i}Iy?loHgc5}Fgsl%-TUeha5}PxvIR;kCxQO}_JqU_pL%VW>;dTur!Jy)*4Nfr- zMN!}5MQGHuRZJ&L>h%fCadmlX$)DBiJsH8PNYVJ_WBa(N#{0?}T!=WECt5YmMyMJS z(`^lJRIs71R5&a7mRWa>=lWBviJ^l-ikcj%kN3+RRa-aSs0Ka874@Dhcs?I%o#VY4 zrA9k%yDc0>Y%~HY@wDk{QpMSM+6~7{VHj%A)Z3`NwP5|Z7uYiozZ(iocokbug&MU{ zAUsZzSq2Xbx^K#SPFhTIhIDczQeQ3h#PL_z+$sLDq1Gi~SS+Wy!H2wFdmm3V;{Is& zHG!)!&O4K>he{t=qzpmKe-}J(1jw4=P-6H@XZfi={*3iBlVv+DiVAac@LJ_jUv{9w zXDU)$m=9kNc%P+8S9ZrzE%|%8R!&%{MYwy5#n-NjdOio{Q30c@F1o4N;@*eY8gBhc z2u%R7OSOHf(IF?(Q(%(CY^Fj;2bZn=Sh>Q4ho{H0`U4$88FF~nIUs^^6P|sc7D!AT zK}N@4Iyz;zdK+`3+Rj1FH@IGrEP;GM%x7thD1rzQzT#I(mXlxQ7cBGVH7dQ&VBVh@ zGT()d3p77T1t=5@-O%F~&QH3x!JF6E6U3jFJWBDMjy97lFM#N8mp>e6toOv^5Jek6 z*B?K8GNO=Aq+D#soR;og>VG*|GLfrcu`+@W7_$7aKVOIDI-iIJSWJ#XPsf6)Pgm6T zq~ci|J3f>09iYSwhzv#u0_`_T-;_a3e$H#M`Jj7J}ZUp|UG@*f)- zLhK%9ZZRy{s!HCQM72Q}b}5NzY;@ntO-Wp=)miLl>Y8U(4d5!S#Zu}I_skd0dS(+X zvxsTDL&zqs6tS|}8vES-UIsNJ0DTx|2KlXi+&&lBi1JyoJud(+oOndY0dmL*t=6c@ zyL8Aje`J-oBka=lHP7D+?T4+oHMBS8T=-#P(j_K|M{O!xZJBu0LQ*z^AK~RHcNQja zScLz``v&;aDpCaKqi^Fbbog3jieUpf;KL0$ zIk#l&Lr z9jAP)qf0xx`Te(=-Cru!Ky~I5kYlw~TYI5Sv5^fJ5qDuugkuV(Zx1R{&6IxmB#d_V<2oeXMjb*E_ANi-ye7^SF$c0mM~nafrmI5 zu-MY0`cbeU_D8lD)5%@Q3Qp|zo(i-Q$*|F_swfwsGR~!_?!|`{-2C0Cl6A!hs{1gb-ISgW4Is8-z42trw`)J}HO0 z_LZpjXF(cl#Q<9*H!q1{ugIS#5N2+z#_^DgsTk>aPdm=Pby#)PK(yZrOwJ=COhO%-nA2{rHr%(Wf=N$p zpIvxSB!XeU9H${BAOJDCg3+^929$;T&Th4CG$I-%XA!Y%6=1cacWCQr)j@YevdbNz zywH9iT1|+C=&B{JIIWMG9;!=VyW{*>16S=ncgr{L&Jc@Q^~NNB`a&h)U;!}JaY!}t zbnRB{mwk~^mZ3N#@=es67gOy{n$g=Awj7*KKwtxWL?Qj6DfVFezMgC&Et@V2Xa8!< z*a^{)XY#~0XlSQwc_I~u7uwS$g<*Bxs8E)HO3X(3p!ZmLV;>`_JHWzGFV#G#tTuyv zjBK4k%kN7GTpWK;lgMZn7QYdBW?^E($4xRpHe4Uhdu`~Nl!mB@YG7r-*L%*By&EoS z@B~q1A6S2~b78ENq4y-NK01~W!MLJLLeQGeu4j!!TTK68*RyoY>!NJKL)1cdTDq%byspen5}TCILurxJ zXq*LvXNfCec!NNW>-vx z=JqkxcvOCV&eIfk<*|AS?_VJ9zauVamD4@}boY#)%Z6-^e#-=v$v(R!r@$(C`3v&y zDs9?y`rU6U1r*`ZduEzi7M@jm3Hh0i^EUk2JuCw!1A1|3GWa1oMICW5GQ>Z+1Z7}qNp%d$*YLfmIRU1 zcC4^8We3P%J|?jku(snW6b$_D6hdN&6~rc<7rKa+g^b+w3yPis(y<>-lU@=}Kw8#d z;tSTaFA|TMBWB@Eb7gQ@d$DT#b9z1lFHwR1b2V!;HLihTF7??ui}o}G94-Luy*|m1 z^%lvx#T9_w$;rr94r9`5;}G%2*Cnlr`07YzpmiI~vRPSk?eYHBS^-}>2Nl(LRr_sx zDeHc@4ECZCxWh~JJ-KAN zK*0J67mN`dU1@%M@%ScCSdbTro4#Xub3AU4Q(-jRw@8FzIz>58LrUjFrlIk=xMUD@ z%n%+$qJc4At(RH)jxgZ^R3>iNdxTx#GuX>Lj@*dNBGp*P07v?mC#gGM6Wwuu--~l$-{x_g;qqp?p@Eh$sIwt&wmtQ6b8>UmrNfW-+TrSxakdXfTr0j2)$tlaWnD_@jGWOH*O}E_>-UcE zf;a@5o~%y!CLZ+!N#;ro_<5lwa7B)Ux7HfgYi*`Uepri91^RfrvsBWO9&2VD&*@&3Uh2CdsC0ns1?|_mQDrYmx?r$iEy&7f;3` z!mpFV+&7y^P^iUmr&G1>PUdEM`@5e12}4P%`$O&VLchh5Uib+mx+jnps2$lJ_C}Td zDt$RMJ`u+igLY{3tGsj#=O5H{wvwrke1D99tBw?|!7{ zy=4|apK>%%)+~zdqPs4c_sv#BSS~K=dLe}#m&KL?p;&7eE8piHHYQkJ{L`6NWOL6s ztBbPnnRv8|B6Z6ah>^kWBX|^rX~Hj;-d++>9#*bA*doMm67r7Yg$@_$w;Mty^vo+g zyC|;;JnE7avK`TNny#YwIOy23IL~=6QzNybxgSV(PJj4Ux>NX(s_yPC4>oHK)f^#V zd912+m|1{$E8}<2?_5Kq(T8xA2$7#zh9}U)JGd>Ha0cJy-)=lk!`T9v1Y|HVXbI0) zEuQ!ymav;$kj=gInu-(2OGT>Qdlp4)*meErz|9_EVS^>QS)7^goD)g$m;_VW)6}@) zX4bve<8JkmCN=4Vprd9aOigu|J;FWzoLrpVf>Ci#&&|LXnybWot5LnhERQY4RNbM3 zZ$M2gG%6~22JiZEdRFfX4hy5wz=de)lwtoKJw!HlU=z;9HuB&$l~CEkePxm?B%`hi z%AE6_Qn3Q-QDI;cq{ijN!R-W~jeo8(3pmd`k|$)UH99z~JnQ1Y3yjI%KXVqw+Jl=m zEf8e2#OtC0U89_})K|fjeSXnc0k!d9rVqu(I6f^&h$jjP74(86l{&6hBkEvk7H)lM zY%+yH_>>Y?US*4dMG0^$)*T=YV?^zwNIW{V=p~l1cvYkrQlebHbG*WpJPkhV??{8y zaxoEF3^ScTin$Q?0=+>T-!zUf zEA^ala2lfTm5$r!oBgOxq2%rRt1H{m1>O!g5#L%eH%sH26z>)wTY>VZQO}2CmIN(D z-!=_DnR(AF5>ORXWnA_fqUl}I9}yzmDrs|@1kV2U1)sI<%bBjR_O~O1D8h-2mneohS_aoM53cUN>%mXIFg(5wOQfxQ!(Okg{24DuH*?85T9Q1AHO@&5BXzj^1K`OYxT$~}8~eLmOO=W!nAT4WV=NM|Z~eVjay*p?_L# z^Cg=H39e2sXS(MvyNW$4xfS$?l|z&gU%V}f^#O%}v7U<^Z4pe7t81SZxD4h2KBNm} zamoqIz8Gx@I-mnp@I@5J1+F*|b<5@zyHDV5CW43_S|r~4Ot-a6y1>IF%B@;&B5dlv zQT|Xm^^yP{+}q8Ln$uQKw*$x?2=5%KDp!9?5oyw`TE9bFX5aOxjkq`ehNk1{5@ws6 zO@r_#oA%49gK3;Cd0Irfq2==uRU~QBb_>1El>6P|$pKTBKCvv!rwA8B8RiW|67E;Q z*982@9XKJYT}q@fJzeBgDYQUG){!g!l7tiF-3DRd(x(M!@%)~FEKGmnYHeTiohPih zPqxD(ij47i>;@28p9yPLz3Aj%uHakopCAp)9gJHn78uV0ay(~uunC{EhE{OWYU0+M zW3jXr&GpN%6MFYouBP3q&`Fwm>UVlS$%F2K#cIjC(1&$yk*E;I{J>01;-|!tIiiKp zgcmgV#bHe_`Oq7p5q61$Z>_eJH+za6NoL&K#%ZtHXt+nKQdxUod@lg+U^jI+HPWu4 zI^0^SQQN)A)`mQ78uBgCc-Po9&~7F*l+<`%josRK znzJ(awqd`;zqK&~tbUZiyV9<#qthsVb`Gh54rN=LMo!FT@8Oe?!lS}g%wb1dQ~XZm z>CNbv+TJT>N-rt9Yrr*2VaWcY>?C#ff_N`xlT2JIB&_&p_04A7yox>k$M@67T>eSC^IS=^dt+CkLqmpLE_ z$-~u-GL5Q3jZ~=8BDfDT07s{htrYF&OOEHX7mshH>p6Kvit(MlsFn8Ws>Wb}A~wwx zbT?D<`tX!$cJr}o*9Rhoqy)0hk)+}9?>HoPw}|F|x(n0br)NT=Hw#miJD~JPWdO{Q z;NY&{3AFWi6IOAI=yD70a01jmrm>Ek5yK04ha2B_qGh$rW+>Al9I~UhES~JzS~!&} z3re*xe6WQ-_JpU=(QPH(vF9&WuV3y`h{%J&pr%O+E(M-6b;@dl0bnb_!7-exzU++> zbWN<*BOT(+o^X3!qusj66CXGb=dbC}nLnD^!tL-2kM)ggV6cnYNVXLfN=i$FQ)#Ax zFhj>dD+Q7o!By?bHbR+}NqyAh6S$~K=Z@COMWCppO_YL6XU%KG<6rUWwl&#n5&-tY z-{?9h^)*SLPEM^2Mv(S7VbXBbo|P*jD7%k_eApc1eAv*^&o}mGdU&5#52J3Qu2eTR ztxGN16#&Stl8tk$ih#&|z2lMK^xh1|M!>JK5_yx|`^ z+kiRn;qhubHrp62Rh)d`niw4yN3@RwyIDkVr--&gk=~K37y6uD>&oH;)LZ~^Ane+8 zwXs#wpe_o|@H~Xh2Sl%?v~*XxMqW zZ;D*j!6UPK$6JDKFo(TNqd~S#O>VFaVm{2n<_Ecm0@;TNUeuSn<@i`wQ1)rY;e-I- zmFQ{fR7MjA3rEivV?p1qqkA)5>)HUEn}uwk<{(j*#_aAu*IsF7m;cu1HT!no3AbmU z&GEs4?eFN0HrN(%Z%I z`I|T)b;i5ssUSz5$tysVxEe>OJhXU;#({yq@1BNKW>1-^rC6VLsc3nWcf*{%zbsG| z*q^AAj5_3_I9kNY^L0k|&}3Ps)h-&^Y=~=(=jy0d>}B2Y4ea&cCa|(HP)$BIq=X`E z8+Axo{aEjs<6AuvT^#y%ux(m8{`o$u+t#5!#*qC#S>FaktT~i$51sd0)R8QpqYYKU z=bL!ZA}~&) z!l;5v6KffK;l`+qg){)=Qrf$-DB{$oyx~8Ti%YY?xIV&_*db2NVR<9h;c2P(fvbh! zJMnAfYHkj2L+<*Mgj;MC|pO9U1bF3lS%z*st`?H z+_P@5$Wr|taPyA)#(HJk$IIw;I&3i?W5y-Jt$mc~CzY;%rw+cp4MFugl->*{l+??&u>)zvoLiU4JY_AS-E(s4& z3%u(-v0a^H(t6o*EF}o~A zD6H6iBrSN-NMF9`^T+_u^mnsD8oIH@0nM}LFlI!mbjx}mJ+p??9Be_~*c585eAJ!P zb`p1RA$A|)Cfk0|;%0~Mm!eG`*tfQYOTX+VE=@|;C7J5`fXtp8hwP>}sWf@;Iyim% zE={%p`dTt+Z*y!EVT((%;xZsM@c=x@E{NhJ5yU)QF_q9!ng7waUSaOn{a24obAf+k z%9k%tHiVm;{U_VQW$rXQ!N|8bA4aDenQ>7Z& zD!xpks9%+&;idb)#)KFG;yC=`GUEfM;}jC=@<( zFzyhks#6r3r5Hzqsox)=%>?TB&1EM!FEFH@`@=$kcBfe1`2qPj&4gzUb?W$HFQ+}* zfAJV6;QqzKKy5yf>&kFHz&%TDjUuz_sQD-AJoHTY_TKi;Jbk8tQsJ5#>z9!}_%!X} zX=5?(KW5uXAx}pB^m|TDSK2tKf~I>5DR5_fi(x}uczOL8dxJ|d zAzA*mWbxajOPq--K&uD}KQ7pP5Px>e)>gzuaeMEfhee zNQ~n0wx%D`D`F+S6obZ#gc1-+#3wU0yTN1(u|Vd<3h}E`sIo(_(+W96a~Y6J@*J$f zb-Yk3EaF~nalppC&gk~2Tat$vV|Y56x9{AENZ^xWUThMSGV$H=miNRvTAK@&X)vM6usIZoi(E{6Dp* zfZs{^p8v8An%eLGR^od#?Mn6o>YstGz!^F*=&3+%qbuCO^JpIal8cZ;M1$3kSHjKK z*JS}%71+hlB&wLBLRWy#Fp5KhJmfHGEbj0^Vz(v5u5~G-yKlfyr0u=M=*(FlJLENO z4R#s0gk3@w1fStN3OY&2zi%tZ_&*lf{f4rIHh%25SCQJ2oX%%8syU7mk|GLf?<}sT zU$fXdVlqEs1jOSoJ8HW9+mfGx3E!IrS1C zQ@%&>=AnNO={ux#YF|@z#YC58I8TdLb$82KNtBdCCbxi z%My`m?;mvf%Fma*S|Vj!6{Zl{F|bdR={oMS{G4!PFFUnS$f2zvCzc{iqZ6U{E#*rBlV{IV|U}lB{e>+)GB9_UNSwjp|!U^huHKnwp1CcnCf++2_kH*InZf zr^Gi}O7oQDn$o>huDu~oIVE1Ib5}8h(yS#93ZERCQBP>B*h#(X{DO*lB7+fO4Es)K z4?O<7@&bA&8puPTpeEa6*TPkM7p{r#fj|fZ?X@CL7GP%vR{4gdvLyl4zw;Qom8#{9 zUOxse4~IKCkg0BZ?xV(Mi_bi5`$NtAKGar+x@{CKe~6@wCpeY3nu8PaqfTlwLugzh zTg)}eZQ#KmPl@z%?wzxf&9fI{ig)MWY$|Dyw5j;MnFBg@z`gnPU*F{*S;zYosg3n4lKUU zGTJQGwLW(pyEnwQv&Yx_4hv;fV83m}Wm0!4Q9FAup6QrKWcvsaHlkPVQFMIx?Uco_ zL7Z!aRl32zp-~Nc;MmB6tkY_U8>91`HJG|bc18Y}yDN4Wjv4s6o8`LrrFU%K{nEkv ze=fR)==kG=w0dtW3;)z!cS=BedtO7maI6>Z z7K?B;2p`tFO?XM}lGJcBr>fYI(q-m!j&C36V=hgWjIU_WnfR`A2|J~^;KVST)sHCm zW~~rv!kD%6fkxjIrRyFhXe@9+it_S#2Fz4O{3=1o0=Ki2_yDvjFD~<2|Ikt@psjmD zm@_N1>NJpS5nr0yg8-LC`y~kf@|%patahAA@JUmh2Q2U=9|3Vq;1&;mz_}LXPyVc^ z_649)ByVF38HK8nSL02cG%ulFfkkT!R&6hTzFY2ivN2vSdaq9_&K^j?f=HRcc3$&# z=jtE@y*vsDNU8B$KCjV(rL;pg)y=AP=P98LUR7>mUE#Z^m40NVWlpR^%v0ff&pI3u z$w>^5)pEL<*ycLCmamd#tVU=6$yimkG%(-#{!than{uO$(t-v zmeXS=Wl!zR>A+j=wHGvBj2aFKhAhEVT1hvo%G*JwuCrt!D9l)KNsOUH*^c$t207Y2 z=L`_rvp&V`iRJH`cjxm*oUGLZkhKSy={gZb+E&JPClT`XjwXohl@|p(pzZc|OFCvO zU}61amU@A|RKB>SeIXga7{Xf~2B)Ox+`x;0uUyNxm{pu-so{%qUk<|KMGbZcs@#W_ zCl8m0h}SQzFNVAxH{XSRdFmw8ro>_XL-(C`6Trs}A?ki&&gDbia4psspC-W-ZVAha zH*z2jI5NIKimYJ-^+cso3o8D=?v6#Kc*UFT;PHR-6GWOGO}*7vqyjKi=Iy2*L<=&G zxb5QVA1@VB)8J>|Eeb4q)_6a6v^Kh@@iw*={@$C^Ek)Uxv~O!u8FAJnSxFDlN%VfO z$^F**<$zzkUsIQXktf3lV=XWxQ|1#1G)n?|113Son-|3)g4YuLvsO7QE_B4;ghUa} z0th*FXmxK^))DuRMDnu@eSE7?zN8dX4WSi~&~`SR9!kztlZhMVgkrnN8hNI$Bk(Nw zs18WZ$F;4c{*0Z$Q!K;Le6b&Sme-ibDVpb$0{{IhEdULo^qTjdL)SJLU?#?8yYRPS z)bm^6*MrpiuY>sG2PJ+c^|cA5Qc*@ZM^9^K8q(b7akxOR)+$4NeRiG%J$|>K^U8Qc zq~W-%=QG?_N6J8(66AMFhsA20j3Vd9Y?~O77h$Zsbz49MY3D30E32|6HXH4`*}T)2 zZpm_by_ip~e!G<)pDNtxc9c1~$3GU+QV=?2Pi>tQBYRH=S)& z-Z`j1y|mwlH2QkUPx<*~0y$V2_!L*K#_H`25l!K6)m0$5FSqE8xyGTroX_~?QK0-l z7K>tB`|;6xb?uy_qZSCA>ETxTK!&&4(;CZOW4&s>K)bOD7ITx|u$J*>^#Qd+csir% zp7n%aZQ#w5=G>~##vJ0lEeItv@Q!;cj;{!eG;+e+0`4>jKo1ol?*d}=p?EXyPA)@0 z3_*fy>IvPRNw&We2!KGU&ZpKDtxibK=$jBNt$sq~wnHi(R1Y>!aP1}%25@*ts&x+% zSS|TY?52B?JnBQ-auYn~n_ol1+wXqXL$d(aeY-RUy%ay>Rn#T*oaFZP(T0^ll)JC) zyD|vS)>$e=>M8ISr*OPP??DuGopO=^6!5JBzISwr8B5Oga!9At2acxe6>!Qv(=9_#0@ z$7gDp(&wTKkAKRro})aDifiw5lC z;r*X4#P_2`oQ#S3VDfk`C4{2A*)86buF57RTxpG`zB-{fevNkPAaQUwNXH%^RS2 zVYrK3G~O&gi+?OHTiTyCc|Qj98y|Ll^bzDkLMq96<8dyfAilCz4)tocPwzzcmP5&i z2V9He3@`Qd`5i4XC83_dO~TBh2!kpe`Z?pbKV#fq8uDe!d1+4M*q?L=vihMeSM+zi zi8+Qk^`twvrXYez+`3|LNbGY6KNXF6_3eGy8=R|zpm#q-F01OkOZEvHXULnmo>mIX zY8;`3PP>k|&7NuZY@2Jab_SmAYV3ML_Q<|Dk+~foIvGyKU~cgC z;*|UQm*(gA^TVI~rN8;xUxnE(S5Ns0QOr_H9#4l|1s7T8GP&INso*LP1EP5}z(bE@ zz?DF|vr_Vi=FRpoaj_;Wu+;Q%rxV}qE6Co3;JO9|M(37&9mP2Al&Ik_I#Ejez?yPH zW*u$L3OmFD?k1lyH}|S?cS=q}&i7PcyK=2bfzb@dsmU_8<(;P~3~A}Ow+yOSQ^Sj- z8EKp%HmpO5$YMKyox%_?+0m|>?J*Y5eu2y!)MCslM=NbXPk^bXYxEZZG@|Ue$_ssc z(xD>W0m>Us+r|JP_LDFyWxHNtjY`-!Nq&dG?|Ly}HW1LO+B0fsE>%~QhRb3}d5zgp zFc%o{+HftPHY-+jDdt}OKoFN=aQ%{3F%$~JBEvxKiS~JXqRVIu_c~pdR9dH6Hy?qO zPaQDcrJH&P9q>iV6Ith{q{uLFN|_c@_njmQr5T|3avujM(M*1wG9UAaJ~88vdPsY3 zs_SWKTbG%d(Evi%?XItKB=&p(pOf8`&QbJn$-4WK1Cj;#d72M%Ia&sa^S*rLuOQrX z{W64!wg^^|o)_qr?sh#gyV}!@-leB-9=$j;g{OhTl>23GphFS~&mc@(Vw}rur;~&7 zDJ%)Zapwh#ng$y1zeQ$OUg&Wwy zW(}I9X`<$%^+Y!nDr$3vmaqdFgP#0lL8&ncj8?1t=qyHj%#!R~-dLn~w-xe9I4 z^Vpn>8s0_ZfE+#7hpDn21`kQKmjoUoKv+X#pFH%G@@xAf=vvO{J~^-%Xk1+zXoY>2 zCj4ixuZu3DLlef~w!%4n8imB!A9%*(5nuq2ziW9|@-vTqg{GjxnBlxX5(bKL?G zzxJ`CpXZie1= zWk|>j6PhC3AETobYuvyNxwJV_-YGKvhS2&jfSo4Zx&13u$BKZhIil>Ew0pI^i0&e& z2`qM-fq$thjllzQ(2zNoCU&CqT&nA6F@=NaacD_F4PK0@zw=oHY?&cmkWmp;>hy7q@aK&yWiVdtdW1 zm6Qw;@?+5?0J70#vmvI|@nlq0*c>AK0T~lE?^oxD-JS z?%A)ueDCQ9=*4n!)cLyS)tvx77p1gDS1~wM-19OW_o|>T06A_ZZw6KdtPb{5CE*Z& z2!YlDz0;@&z5`(v~x}piURSo3d!!Goy ze3UluGP2r=IryeLjC{;t$t2fxF?vH{RbPq!8?~JThhP3W;HbOZT$>CwyPQl>;uRp; z-Gt5CVIq9#6XKzK#>UO^~bhx_pBDH~Pn$#HNJq(YQ$c@sH7{+p=}1 zlHG;Jj^ZTwU2aYC!v5_wQ*iPi5b23Tr&|wSk!zS1!m9^p@bRRQc8O=eRV!AI0C01}j>_je4B=JKapr8q7=i)R& z__886NWbw}Q*Bc$b7Q#@HNeIZ(?9{F)3aIdh)i7xhImva!eBISGyFH8{SMSH(Xk~f=-3k*XC-xr{ubY zN#<{4AtFnZcJAgS1R$qhng`T{js3(%!AXMlw z5z#%~DkUG7#J8|=l11M%)bn+-;>Gqh9MwPD%WU`~L9@E)w3_7PH5SNudcb573l7Gv`zO*?yNNTP8ZI@-4( z+aUgXdP(!lL5;{K?P8e*WBml%tU%#lfm-yiRJEf`52WWqct~%kX!rz4$3SlApk4%!^hnXoj!u8UTbjuj_v8w+QB|Ywxjq5Sb*bqe}noddjlPXsoeJ^e5Slw0CVmp@Xg7`?2G?{7 zDn~M-lR5IR1cWLNsnO$`KdVxI9Ol=jz9;9LF-XwE{Un@_pvZ-vJ0fx_r4-}{acOe) zYeN+mNrBxEFZm{8eKDl?%60p(Kz9Y>;cQL6{yWW>i?;u#K&u?m94nQf2aN9k2A@2# z3a7xkL%k%Qo#0o}uFS9G`=$VAKb|)^kxKPKBP!_nzrUHnF2oHJGA$KSn4B&^vXEiW z!%5Jo5`SNdD$x3gu!X|fc~lm_+h8!a5b}jDFGJPV=qxz834>vHU37K5B|m1kH-6et z$v=qa!M`j6pJ4^2;3s;1(OpY11_LeCw)Ci&S!G{KG{)t-)Y~;Aj0X_~Y^`Vms`xCs zoIgiJ&Jv6vG*oDh4E_ajs@w$M#!~H7I zO!<0KYIa^HyQ8}Cq@jW#W89%Z#t&P5ssxj;`-((O@ND+RQ&+Ly_C82poB!-=sxi`Z zFh;vm>F6Vx)zvMwv*kFy)0tf(liq1N0*#rS|5i|F`~2JkLNXfNtopihKqg22T>PH} zG1(@d=41nwF4l86O$LtU&8|o%?Q;H!t+=0puimI6soKs0%gaJ%J{I!z+c68TT;*rr z)TyVcaG2M&tc@VPA*{|yOvM$E@iUHv?>A?4Y(x?r$?+lKAbP4Hpl9Q`*I4 z%)f;U@?0O1_HwgHXh?y`dVgN#7fEoNk0$OiDOVNTl(<@v0j?f#acJ^zw~0E11>Y9! z{GH=tZLyL}-@+u(l8{6z_e=^xFim?}2?srU6)DO4&E5mmj*yDg7Hv-b3SDRecA-Q| z8qt87f#vm@yt?%h+?MC>01MdD(kkosK9}waqU#{=^UR=X7A@ zHXzJ&xQH7+ei_ip8GhAcn&6o(7455MyJ!{vpn_)J-;ViPhJ1cV>l2B?o4VrvFi+`c z=II>2W;#~=#yNiO8vvo;=Oqpo_a>8DIC;%*yl>JDYTD&$y04B6mPA_uW6$3ntlCUb`tZX#>M$FpWl9jN zam-H1xfHcoV3BhqG52+@#Sj`6Ji#u3400b@9@~Ov9 zxASS4Q_8<}*~ep<_OG{J%an#UZkt&4J9`htb3N=A6UJ+_Vgm55%;x&}w*rD{KDwo5 zO|}naI8K=G86>fWTk3BoO<`5AP2eL`g_fYBA%}7zKOj8z2Bk`gKDE)Y^a^*vBA2I{ zAQPV7>|IXW;R<2&$PBxyc|f%zB0l%kKl{WSpq3J%@uoNZCoH_pJs>)r%$o3l6&=Vw z;NWOCiY*X2{(Ineab))&=IbuYd^$z84(ov1g#{@>dgn<3+5x zvowIsO5lPHivoq4=cY`*o31~r!(}TepkzyPIqBig(Rio23zyTJ>r&LvKLIm;oL|b} z;u#yA_aB5+e`cc_G7%ZZrEy*8i863#;Ik*P^xaAYm_OLo(MlYX-kZL)i;YAB+IkgF zLxG?r2nzQ&nK!{ooheM6gw1pg`ST~KF2IMpL0m`| z{;4E$!0Hs5TDK}Ij=zdcPVo=sxwwC1p8IvfFWS{>7shA@J)Fi2irf3r9}Yl!E1m;W z|8r1SQ+!p&1cEP1r#RIb&LH8V>xY$W3OB*72wAT_GTLrkEp8KT=?&Ev&!WerxpTwp zpT(Rp2vFKDTbX^o$n;!f0Ld{F)~NWwyZndF;sgvDoY|PM!GEza19_ytCSUiY57gdj zW26%3wudf===L8HJ_kvS-8|i&$}ZYLBwhnRMDHtB*WZfdCEaVCeL4O(;W22 zHBr`m`8=HN-A9 zo4gv~0@{uR+T6qd7U4;t06+_)w9tJbXW@5WaiJ?ADbK5;&U>R#13Sxh8mmsp^3Y$F zf@S5;vhs)Qe#!%20JEAau693_z{L=F3pXSK_NAK(TbAVg}-W}+)rPiC`=mI@iATAH6;`46-ByIMTI1H=oQs>C6` z2LFW4g5QwcM;w2BL-&yc6W@b!eg7aa0|Fd|vjB%p>fyB&9w00<-A}CKT^{Hh^eD^C zP3lSzc(}8(Gce+;6CEAhwnW^TlOhgG_v`INxGfI|*CKKXv^(eS=&%ABvJ*z75KKyU zJkxjlCL-gEz%PBZao2Jxx(Vp-KZIv-FiSC|T$=yu<^R-%%T#AfbuO${L_d{T_$&k> zP38X^HWxrg{-889{zppFC*V7PQyhbF6xXQ$Oirm)8E2RP08nsDbQTM59y)i`K?IvE^kz_N^(a!*CLk9CC>JhLWs3P}YP#ZZ902S9r@45H$AorDl zgWXqFVMhM0M8A9^;1RY>w>(yY!83~%p#U+?nVSx#`eiyafE#=6_1x;$+(<1WAj90rEMxz=2bs9f2G^tC#t-WcMPrLB*6m$7!L7~@zmC#== zJtyu*v|{;h(Fy>KunMaNaE+(f+0*DalLUPZf6>hvW$Xgc6cx!puC<8s%qsw5V6ZbK z>HS2zSWjcHI}iwX+!k~XDN{N1pkrsgq==bI2v!lJX^wT4WZ@e72h>G!*T@% zUs4s_{o2VR!LbMd8)tVH6pmNgR*Ri}e!p`#tJ>D8oRnV(A|@ocaT_%SE(QSVl><;C zQIJ+q>^|CibsaQ^B9mkXW*`*Dd0?(2gw(#+qn&j}@I%>D(a)6d<&&8UQRc|H{dCL= zY;BI&8iDBpxY}Q3;WyLGAAKggpyHBFZZuD2UJ|oc&+3xQBN7yc^&5S{#UxGm)t(29m_^7$RMFlb@d znd+znep%R0SLBX(1p?1~j*QhNy(>3#cs$qsv>7_+Q)0Mn+*hYH3U$f;fD@7|ti}JA z$NtWLWebeDoMljnkPT$9%Qwu|pV2Jm2t<94zsA8)4NoIRq1X~HU?GPo@ATyTWiK-Q zQLFpg1w7{f-m#r33CYiQ%!oY~gLgs6VDN)jp9t1Jcu-u532PZj`B!V> z{v)bBD^njup`G5pn`&Od1d>VQeicsoF_m}ls^95fqz)iqBcNH`Y)p{O7*hbKlwywVY|K*zh!#@I_{>wH0U&{agZeI9JCI0`{24TGJIZSWFz7gT ze6<=@2Xg>%j89Y+fBZOl1@}tCWD=v?CX3qx#(*b{o(mQ|DSW7jq@+1Q?gh{Ng|4oI z1ioESu8I2I`rCXAb9ef12xu;ZlS6BK!HxX; z7p2}ZK7CI+lj8Jo9Djc?7U3zhzHpB$I)QA5!pi?#2)>;E|LG?(4tSn+Z-@K5R~d27 ze&oE)QCKmb+?m0V|N9ry9$hZ^O0unTzu*2P+O>17KFMP@o~WaX$nzqV=IurDQEqO^$`lQy}V^SIB*@b7m z5GY1KlP1OV<6(b3@<03;FvkKs&rT|B=!ajYk4yy)Di3~lU+ULE|NO1nSMcqeAJ&tr zxFw}wCwN6Svyoy80ld4?spm+Zq(%Jw(*OJ$shz99^LX}>JpSzhb)^NH%HYjnsptmM^^ z96%&ojRn^`BWafBGu65;-maUu7f4 z^EH(s3TQGF=iiyTOQgCwpzGAD&yFR`{J(mvkC`;zv%3wd8t#~LL66}GpGEx>1YTB6;*yNnd!6&iYV_wPkUI2G}>yH?C{2ASm8te6`GoMs3RnXh8Qub+<~Z9S;rP3fMkrBE0!oSjw+7jfhq zEy%Ep7c?DmS2r=@sZu^Ri%agfAkMS4Q;?(`F=?OQY3z<{YI19;CRXEjSRVh>$@cJ8 zllSgRG|~DXUlk?@opq)AOMm|10h=iyN^B#T(c4K^Ltafy`gzK3rKoD#XOf%Fj};K= zJKy`VrHzcPn4d{L?*FnvCu~o1A}VdeGBY#VPEbgISY0VV_O9PW{+G2S(fD$V@qj&R zHssb>wuJGTW6@0LEnQ#i^t3Wwa3m+dQsn{h=H8<C_ zVY7Z}q&QtuQE_`GPDCy85iyH3^lf9P;F|CqS2*1WGL}b2e}i`7k%AsBe_2^CFj?{$ z?hYt=mhWtbNQW%mwU|7cEQ)zf?wuxt=zJG~xDJ9{w^e}2F2AL>NyofLO+Lzm*b^ze z%6Rwk4Y^Jt!u8Xrfsh>e8@}E-eaPdkRLpy-2P$F~3_Btz)yf5$_tMxXuLS`&_B!3edi+V6v$f~06|++o zxf1~m9MnA(QStn!Oud{pgYw$9+8n8e%!z%0=R#&`W_C8qncq?ZqO~izOHk}Q;|5K> z@2(=c1G~Z`p>r-&*z+9ep3gV`AoZ;0nOo>_SR~_^aE=t-lq^Np#OD3Akv}d$_J4K>fH%6+O9gm4 zPko=jk5Vncfz($S1ANZcoD1PGfpbDACybJTfFeyQgHh%CS5L0QM#V_0bms2i=dv;mLd9+GiZI1$=hQyrmHIoeOPG=kIYu4Es(J3m|^KOTOZr6TlPgwQs3K1 zlW=u)HUHW%?4>im=LQVHDL)Y~icLx3vXwB(8C=eH@Xq0Gt#(~>Xm7ip+ZuOA_?;=s zwITvjyZ-tF&D_iN&o|y(D_}txLWc?r9s`ueg<}i=aT=;XH7HX@C616}MLrO{Uw@P= zp2R^!YStF;;gYc1R!L@7j=a6VX#v!R1>lhgy)H>Wb45-U2#qcW`mgi9w|RZV%5E$! zOGoT6#=@OFPgO?PWv6gW!cE_Uz9ZIkktg>J?L0w&laLlf*W>e}f?H4+uhp4tEF(L>> z2dg9xb2^dHmP70hT*oc?tJLZm36*KR4WezaAH0I>C%o00sJ80A3P7~e3x{-eZ400> zC_R%t??FGdmwKWCVT^;WqeUAA`_LBmz}Z{*a-Ci=na)K^n+i#4iwj!&oNek=ePZ_w_C*Y|b_6gFEioDgw6b`TQhiSdc*Dq1 zbpw8B3lE;{E&d%*?&JD~e5Jy%Fx6xQ`Hc1pm+J`K&bux8)?J3Ca?V4sO%UZiDNW`i za#53d66rnUinn;rNPO^eR^h`acC^t4m90$`_>-XLC$M*3L>Bp_ad)&7Y_z%9_6xMb zMOG35QM$RtHR3xQRrFDVD?S;%-tNBH`BQox7T-as8ZI+?de(YE$`%c~_1?Z1` za_%xI%%rh@jkNzGXit;ES6Bf}WzqZYm2R1cTzvH*=J!nM67Ezd#pF5MAa%I(^vrAG zx@<&ny~?8fVDz9E*CQO=#jX?{fR~Zv(K$8gO=IzjCoP)y!Pt6Wm%*bbl8H&5L0zt` z5|G1aiP{2>t{v6U021aNp^_rm3dLjkkpX)q1}OHUr&8?l8hFRhO^o%(a?*60Ep#?vviZ=XFR zvc31#D0EhGckO*$u0{^2y7Aj*vD^mMI{nKw!})C_rjIY+vuI30vhf+85$S4By93lr z>8}{CDMd`Gr%kssU%C)3C4qnSW?#wIb55UCxOB!`cihOPa#F>LgEJuwD~be){?j7sQ^IKx9-|%@f55!j-^}S$$TOeYkPc~JuVT9M=t4>~`SFB% zaKnk*gtxuvW{s}qaRUp6`JwRSW4`nFUe$S5?)6&jOB%-99Orv*uFcAwo@Qjob)zbw zrJq`*d{<&O46&zC4nUBRMaHk9?i{rA@12-qDy5o-K-F5;qLRGeRBvuRwc71SMmh+X z(32LNjJ>{5;VW9GB#m+I-CsYU?TF68RHl7d(PrC*ef1|5$O^d{k57Fg0^l6h=}9Iz zAzcRicmSP^bq*M0BIbEtLDeK7J;fw&WtOH9YD)*X{VdSsRx0iMjYJ7qw> zk|R?TE?qV2j!v_*${ADJq`sR{b&DxCk2`SGG}%kyQ>k#p zjD;S!gxF@Fy&GvP`hynBnoT&PJwm@c8I{_{L;@qMP*<0}98nHT81=)(Xc|om*nmMbKxu z6|SjM5=h;X8j9ZOmlAvvsDY;}X;xYId{xsZisQ!Tm*5>Z?nPsS>0LwS&tgrzM>Jm6 z?kMynZ~&oxlFt6e4?0cnm5gg1_vC}FG&Y?dm*J|qo()Zr72tT}a~j~Khp64DLK}VY z4qGPu-0)qTFr5Nl@&Lsqr<&Zr!SkR)X1REBxHI}YGp6ur@J!r2^X?VRaF#*SQ;dm@ z(hLI&(5jR7QMk|l4~2t2iUuHMd@^3_OF`$8Pt{Y&F<@IPBAeHk$4FzZfyqIq6Z_De90Kz?Tglg;bd`nK!0fdPk-&<+1R0v5LffmL#5^UX#) zeSUwpLDrCxE4Mk(s8z1KyyUxiHq(vsr)8xVoW$^SWy|^NIUpRrS5g%(+ zV3L!*n|Q)6?pEw9r+_93Gr(y*?NNF=3kI8>vr>BV9qjq96Q}w!zWIKPEH#x?ND--g zB9p|`_bK_qlS~Wc${Ft?O++~elE)74qJ$T6R`SBG2BdL+3}WmEN|0nH+|H0{dDw;z zScMz-SGoH951R|)8P>O?dm6USQ}i)t3pXjgz5D&edDoPK_w0S=_i2s>DXl&o2`5I? zBFkR8ynEH+DMs0Q%s@Xm^#1ZwQJfY8L(gIkH3_qt>P9eHc5b0(@I*_JKcvoP(<^k`N!k$4`eV} zBk;K@KawnceYx8-VdVFdOQ#EM?T|f6df`;vU!n=@olPdks?$|7U4a@3S4I2gSU|b& zMs45byv!A=FS~aB{|hkGA&bY)lxl)EmNuy( z5u_-YY0XjFUW;p+yCiBZP>s(Frv1tL7#49@2!&dHR%S)3R{WuN$v zUbPx6Tr;h+egv&idpql7G;U$S^MY+mEpE+=mBbn6EWpJvdeZ z$DR_U+eFUWdLR-ZIpibGV1!E zuGhkX28E%dbH-Z!FgO5(h!WV3aCihbYDJxA5B%_d%7fB|-2wcsq=2c`um&8?)02bz zc0A+z1o?^XkxT|4Fc8Uyc)V`>Uwf?(%@x_M1h5-ipy}#%iTJZ^Rd74H-nuy&jpm^9 zh4miIooDr=iKVIZ08@mF4Q@`cCnuZ@B*MF0WP8)vRG!x-M`u$|$j^L_C)p+#KvJf6 z@$~dv?n+s%Ey$x=Lyd(eyHm0!v!320u zTQuo%kygS|?G=YLw74wQRu-znbE9sPx)_E2WIu1woK9HM)MYI zXazqzsxC%eUnYN=zax`5@xe;dFZ%8kDJHbtP9XZkQQxL|ceEf+S%KV#a19PGA;i?g zCA1Sai5sG*fN!qyt!L82@fl)h_hhk!`73)YJW^r5GNb)V#8NZs&pO@sr%R)*Kuudq zH{!I4HuHG$#8ah}(@a}fTWV@DHyycP79$wf;4A||k0oaCD7ycx=bK6*I0;D+;_xYB*9moCK^34RvoW6&B2Ii!gaT-Yh6aafIjOpmh}23T%JN^K24Z&>Yag z>KUpR5=UtR(p>$e$K*vKlZHqPd*>FqV&*E$EU@7la7jI=nhH8@d8W7%oT!kmsQQ7P zOlpj}l4zIEjHIP6zCOObS>XY~J6YH-Aib3x=uETQ&H&!y6(_MW*mcRJNE=uhYuV(a!lOQ ziIMRq8l}?Oi5;5U(x1K&waP72wl?G{y^)isIqPH7mIF6_&rosnoZI7Zkw6?x=;t=~{ftY(EQ_{oN4HpY2wWfH45_LMw(l5rLeU!rC`f`P_mHnD@X z<2^kB+`jBvrNps@nzs_@toP9EWhjFJ>Y@j-*O$8poRxVd`%>Fe7D(qrQpEZ4XXo4@0xE7`i%YAf9$%dIOamgXOmP8KCW#~SuX(B{m_akRwkuzt1G)N zllV(^M!x)wr}JCIrA9LD=c?uQ;cg{oSm*ZDIfF>oLe2K4cVzm9FmVDL_H~_4?LRCD zg6z#KN9yNfT+rR*pQ{Yh254hqaMVB{k3v$XPZc*%hx1s^J`jWlq-(4?KK*8hdP>ap z)C=HJ^D_wI*#%|@#$Jz|)6Xv)Pmp}JpLgF)7rHn0C=z+{NkLmCq!uf)sCM60c=3|= z@RCOMTy3@T>s{1#uz&_3=Rc72|7y^Py!{F1LsQWw*1pO7>QkU4J|cV~z(Gu=BT5V6 zv!O2zL+7-_|7Iqx?Xu(z+57@NV>LdJ2Iz=-s4}zDsjESwr4}l_nG7klEeA)~vRBqC z=%%j~pq^k-tz7K{$g~DTp@>%Eeg$AQ;DVzzCrmE$+T)VzAg*e`=@SNvKcR2^iku`njg-~)ym7=?B?pCxI&w9}NpZH=J_C|BClY^Rb1!(Oa6PD;E zH1sM@ptH>y3Y-t4$oCCNm2Bq3J?mKB>J*%?NosJnF_ho*Tk#cE73P*(MN@6I9gpkB zF>2+Xh%%OmGa#5wM?Ky#e$$3i*Z8F}1GV|_&1WIx%uc9)hwCrxIuk5suvOkzb^rRC8KHC^BdrfYuLi~$V_ zHA$0|yq0bA24lFbLH%LEj`V)8_z_%UI7AKoIexx0L1m2s)-D`# ztU(c)dIPIPHuu-m9rH|#`T~V?8lK*jgtCK7aU1&WiVXzZa#oR&fa4~%^LZceJCW-I zH)qB`59Q(ou1cTQ6RXPSh-#?{0H`09P^AaKB~1(_H7vTr#v87<25nFy9eceK=Xf}! z0LHf%$2MI|cAIxIUdAml6h`5c6(n)W-SB7Q=Y#FBltpPLagb~Rg zE`5{1+>LKi{Qb;$9*(k1v|=EJA=>QZxfNK>@fMk5BG_aamj3xI37kSLE)~*Ij!G}* zENt6NFisv?`dF6CqTzJLycw0chpa>}LPIBW&sabGD-$Zd4>0hY0rYHUR#aW=o_hTH zEzsKcGPep3g?wf*i~DRyEMtsGva8N|e+mQ}xkiH6>*BH52+vJjl6I`we}en8FMno* zXQt6#^ONj>NB{}}+UHOHoJXiDb zHDOd6ZI*oNFGeVd=F(O2vDr=agmoKkpz*V#O_yTSXm*}Et-|ZlxW+foV?ftS(r2n1 zkpnXFFr9|lSDh$(z6p77m{T%chqYCZRKS*=;CYWPOo-z(DY2v;2m$=e7fc4j)(US$ z?Dm6LUJqn30mn(Nl1J-2=V~EdC8Z4gvFeCCvfO$>^6F$CPoYyNr8P$S>&s8YWt;%f zSpA!5B*;jxo`{7U^A}DJMA{^H>zQKedcJ!LyACvOGS!AVg~V+|IAIN+EN#Z&1bvH^ zn5mV!4ni{(-+AKul;@(wfETw8WdoI-m@fF0fH8kj2g4A!gRs-xTyhe=DL>c-gtem0 z(PTFjKAD9AjW4hz0|M3ze5xf;5l5JqEqNx9imn;d7&N%FKxn;h66n~5`l-oV8j}v9 zYU7--1Fh``G#^9Gy3;UC9I$<3t|7>Rfz0i1=QgwoY!eQrwPx@dS(7kq_ogNUIs&?w z(N3!?72t8v(4jvUk=HH?`M2A3b$VTEWA0pj<1z75TXoQ2HsiK$Ha$oClBxsz}pORAYxV6sDUH zcK1mjGO0>@WsaL8-om2)h_KH;`bx<_g2JP! zG*(Wa5Yw_WT+~BCfp*2eZ|~Cv0lf>_Ad@fl)PMaD2pZid#K)wEjiUvKok|cWK)C^jCr~3Jw(HF%OMqZaUym<7F!6mT!B#?AVf5O=}KrCuj zT2lMLBD0Rw7kb{j*M>w5eBpP!er<4`+`#U6CB?^Yxv6J1%~_vL34YfpG54TFI$z6L+`+wQqEBV6j{cU5Fpg(Bhz2OMZN@z0(mqxOo4}g)lVeM?k z4lk4{8|Zndaxd;ww9A{sr2cYNJu-F44uP{HPa5U4pbOJDiC(<9;zK!>R67VBvhp4 zDN0EYy9H);JdrufN^Wrcz)OuWn3=E>LUQnNw``+|isJ8BrlI@jUJ*+RK^^1t`t1f(PeCyXO>vVg z6UAsh(!Gc)IhO^-Zql#h6Q>uiEP4V9 z&I;=(rs`uN$a%AyG+NHrbGev=js%j_4pxoWdO?MSC02IL)*w1WP(Vnik?}_(hTT_- zrc(N1n6xT)h`N{?A=ysp7RP!<6IH9XSdqVK$4K>W0^|dhv-i>C!VW) zhLL7kn7hG@Ml)4^@UbuL%+@@= zsgA+$#`c$-3=;9+w%wifaCU=p^g;W!qJykGL(0FXDd2``hB|1QvJkuPU{Kjk7Z9kA z$7U0{A4Uo5fn%o@g^tIOSQ&3bu1GzhdQ~u1sG_npTc7vdkEBRs5l5l82WDq198YK!vo@ooKE}GRGwETM`6S*q3wtpZXr5) z8z*=qJz}Wd?P`!$u>41P$EiGVtA)?V8Y|N0plJUG)7 zDEqevoJc|bmR4*pMEN{^fa)@VZ2~%<0N9t}St*LmteLkHL1f<$?4vMaK_G9iE>&jK z8LnNsErvQz@z4jJw*1!8Ug~u#+0euag-i(B>36y{CpKMWo&Oy$rOOH@RZM%47uvM* ze64HwysNK^hw^*YVD#+l5TNi3!iF+72 z;j|b|g$_!og;+6RYntgy%&2w)BPSI-QR$aU$h1W>*HsRK&-Z7WPAlI>TJzUFGiJ zk%S!E+NIS}65r{6kY&EUIDa*RCxo6<(AxfbdLsPRLu?h5XAP$< zSSwXw)Pnea;KoKJ0NYeN5l0-;Wbng+a1gfXq`l7&+hnZ}jbURD8%bdqkCW1GTxBb)Bl;A{5A zwG7521$h$*+HrS`sw5GelTiBc)FmQzZvZkG zTWi>g#xG*1N) z!n6JS@<(fg(MHi5=+G88&VdwR78Y3#SwuRZiAcBd9+xUGf-t6PAvqm&EYqH5Yx)#_ zL4WWIKg(bf>o7yUPD4Vu)pt$vytA0^->JB`o*f!4rBfYEnWXHvJu`KwjstL_^b4qN z${|)4_GlYDNU(45foZs2%<(afM-v%%FA^Uj(&{u)6s;+_uNofQab(Z<{B-`!Fm3p% zL`IHAX3~lBK-{7F?KYM;%;TV5W))~;G|#hEBB9DH8QP)J_X(r<$$3OF-xYhW(rMmq zK_T~D=5Eb29Q%ODGu6r+k!;2ygZKoJg zFWt&1n0I=?9YnRt=2<&qlo-+7Q`p(Ctd9O-Ub9>t74z@(9t?V&9(8mLRnAai1 zR*TEwaC!Q=BrbeMMR!{nIlQRSEJgG1?z@dL$Lvb=1k2c4!8m%5Js6CCJ$7tyFuV&l z9MABsjA$RRl@5JkJ`wS}XQ}T^`4`Cw`mU}b$342W#DN1|^Ck-e39Ax~$-yh26gfL& z!vhoJPvp_|D}VjGy+x;3sK_fy89TAQcetKl3JMT}C8YdJdSvLxWUV^ES>RDKV%HSx zrN@X*QART3l1$;`$!$eK5rxhfe9fB#HVM!_yt)zOTZV~71^Y%7LMNmg2LumMa)9^YT$};R(>NKU`5Wm)jkWZJGjcSRO6p@T7w5p;^l~MGypCbp zv6P;pwS0#Z?oc8+Kqf@5e18egiSmvxnocQetC8Pvn^dsYnQ6#YwNR6ySFK>&>KB-R zw?ysys7BL3mM!;X{2CFsn8dWCZLh7kyEh29yA!y`Xo9q?iD*>vFVx)Ty-CI9y}fIN zjE~o4*QUQcAt$%g%O)!Ehe8eu5eB3MAESMC%JF;kIj5g3hpk8ILWiZ^rS(sKB_t;+ zW>syH%nRMpkvEY~8i;vm--=R^;XeB5sf^y@H07FuJGr&WbqfNgv3fqF^(EoJa!}guqooYpo`{{}FA#P) z0tQCUpNJCvpu$2IwJM)_KqIR<93N`V(D3x!B{$E_c|I=)e+|NBt3DQe_ZahKj)#mH z5eUZdujGCAz%TwlH7rbrR^UE2TMRMqwS#-2FsPmmgMT>ixHIrgo47%)Mokhi1TWUJ zVUirXj6~}^f%QCEn?`k7NV5Ezd7L+*0>YEh8suV(%iLQ<_z6pk^j#e-*Vr*SI%i)+ z#PySN_{LHf<8`NocF(yt5?xcCv|7%?wfa;EqoA?s+VY&N zHlPI#nTA3Jl=(DyU_G+K9f_?6T%zu<)B+>F3cA9i_9w^P?0yRp{&*XqJX3WL>Gh;2 zEM#{(<`oR0%(M1^WI+a=&fMInCW^Y-WFtJ-_So#%;Ci5dJx6M(66zWN@{y7Ya>xB z7`_w!w`k_gM>xuB=Y@7hW*Nb&O~Z>`xZe{6sc_I9EJ`l?&~Z)@HfL6=Z zRllGZD$EZSwY%=XGqrAOzOby|+S2cx$;Rd-MS6h6j>@x-F!cEFmYb2Fkpc~+m?HvQ zf$P~7N_kT)lTngl&9%idVVVzoo zRfYrJ(ELH$y5tmXfk>-%+CBE#s18MQ?(Lg(JdLtj|IvcCI_7kpn&Lw~E5-uGh@3-D z<<>=wk8RXes&?d6$wM<-6@<~)(g9A}?L4c2e!6+urW{17FSmagax~jVq~i=^m0AXx zL1y!q!lIkEfUiuT9CBp3aXbTr0k7iIpIam5K~K(_u-m24M!i%)f7vaYe}s0QyzlE1DZ zN@WLW5vZ%9qJ5jE8e6|QnV5L~wUm9gVoP8w(~=nH(g%k3VAVmvqV5^FdD^;)6b#?5 zmm14_eq}$V>~S18xND)-&63h>2liDr7^x0C02}C|$Nq%tDR5^zEbVV?Bglf=OA5*~ z9Uf=9PK@vMMZ*w;yR@&sa$$(egQ$F!6d(;u*Jba<6Mk^$zv6^m3iQBMZheb_A6kZd)qy|aa3I~Q<^|2DRzL2~>$8ZT) zy0x~P4t`R4Z6h6>)_ar}v8kvfWyW?|EbA|_f_b_>UwR+Cy_b$1w5SbsPGV>gArimH zNh5DtBr^8W6%|C_+%2)Qh_rt?|PSgqZ)3CIHJ z!tGr|y#U6SqJ3KLi(Bh=fL`?|Tlik~xz&8Z`GVbX82gg7_t{wgfNB$WuA6n^X}INl zsl?dYTGU&S)Twg#fQdrli}PnP(_dKxX?LvTc_Ob_Of?IogL~NYHHrU$K{vo2qmU6 zef1yad!&(osUeKksD@unI*}mCMSD+HVpSCQ(ULEy#febJu!&giVU~sBV zGZ6$S)v@)R0!q78n{^E(N>QjVwT=Dp@a7!l2Q3{?@sKKti83X7&9dQ0rbgM`gw~hw zoLs|pz`>fq5um|0PkODH-p`NRQs+bCA4obl+hn5i&Q!OF}?kWcl)nkr$h zV=K^k&#${dpVnf(o$!1-R|9LyQN{7oY307>3g4GHdth!S9qHh0r-e0SD5B*(Q+_v> zIhB+B9jU{m-sNNY6Cb|HACE6@`kW}G<`C9;HoG{eKf>-?!F_O|4|Fgr>N2muh+|ZE zfoWKc5}0FeERN5c7m?e0-n)dkWZ@_t%QvDt#-TcEuU)p{&v+*w&;jW9WD*0m)_?Sb zX^QjPZWI<+hxEOnLr)5J+xwz)eiKsG-*ZDIIw(y=EF%60cfDA(-#&^uhLkBoy!(ZrHkMRe!4ADya zbxFcazglBg9Dmc7t>4JaO@sqIy^tL~$QfdJjyx*Jrw*Uj6NB93eooS_I!Jh2*CxS) z-F}M%NV1Z`dh7OtZNQc@m2=!+sm7B?LSe5LIw>~+kovk{8FOfaMk3dE(x^7BFGZhI z?r%)&R%EL#6W)5y!MUz)(KM98AYym>p$abtJ*y{@gE9z?jagjE8!z;5_YFsmYO{be zQcgtFf3u%H=TgMuIlMn*@%|V!5%FUWVH*|eY=1s$XU_dz3~)-a)J-&v|9~ij4rUHr znhw-kJ=DD&eu*X{;pv!XL#k^X@Y!%00!EI$X7$goF)mxjjrM)3W_3ldz2xk ziT$~wMKRsa$OJ;%+7fd@mj_L~lWZ9o`x_|#z6Alg0Ez~5VTN(aznc^`aQ<(Rju5Qm zW%7x)7g6&o6;k!TgOdk(dOkWUKSLG=`&5{Zz0jmZm&}xj0ra_sGOQ(Pg>kr7t=wl3 zc=ipWg-Qf32P@ytFq3!_YDz%t);P^l&I1<#-&_|4By!)jax)Gi-T9u7hfxKTy&0Jp z`k1vJQ51lmi=2EC2&`A7Mn3);BB6X>jF$0qD$1XIGoS4+;LS+jo0P;ftX@$MHqRinlaf6&>J`F?b1?piA6qwoj_Q7h1iB?V_CWPRI1+K08wU8J%)^*y`?GJ z2et?uR~*%3Ab?zgG{WNcG1VfQ!IS83Z$%$>sH^fW%#YN8aIBsTEJOMiD6;KZ23mQr zfsrT<>TU5Hsicy?JxZsY!p)Pa4C?WN@aol3+%4K=)5q)5uslc(Zh7^-oUo*0d za9b*^S0;zX-!#A7f30CEvHDn8+_1$RNr6M|YTgiM&5cUaj}<=PKoM6|ETh^|cyUxn znYX#_>`V*tDofLUxe=Dw$+^3f3h`^>)jV03uQ+mlBKN1`jR7e*N=v{s^T)+{RU^Tu zksh8n)}X*C$rc2Akrms)QoOraeFa^SQG-(+|2dM>SNLtzPWEM=76gK!PE_v`%nIBt zO3D>>u%dB)QdVPU@Y~%LDdD?ZKuR-KeI-hjgerbwI!b$TklivsA^ql|Jp*29eb*7l zK>Oj3#F4tUO~1O9;7A=;p)(B$rC0jgaAaL~RX zBbj0-@0^6CQv~9vKIyoBXFv%iT;5X-3M1g|opnXrO9ykR6Y@RNd>I231}DJyK$nq2 z0bM`6Q+II|R_tE9vC(hi*wB;coW<6_4B@ms=9apXqYmfewZUyX!W7;3GX55_Ic1;J zufQNMOR1;=@K?8o*p+t5>|f%MVo4 zb!7x~Y`DwyBsr!zV_i8QqonAWq?Uh` z2kC%|)!qAU!HsLC>D{x+_u{Z+hNqP)rSFt@5(4SCwRlRni!_Goh{-tN?f9Ob&K2%S zhl4Sy*VFM_CeaCY-45Bq9Otmk-};fWPTI3>U2!QI`3Jv)()THO)lWBGQKc1BhQ>?v zIg_?z2zSlnJ%6q)0_bT6py4GR)|^)zwwKF+!x}D7C`2gbXX%0827bfk8t!9vAu$1% zv_J-5`%bQlZOsurkxf9hs|KV9d)a^un*x)k9k>{g0SB=4I3)Pv&+0tRj*_(XZNuCM z&jHeVnmgRXnNlVdc%-8&7`tH9n`tlpWPOo6(~9>3)lZ%Q-raXAt}Zfx*%RurOOASh$fJLNoY`r{k2_a`wTL*nVT+W2sROr6V-5 zdyy0V#-k{6bUdT)>-}d%)gvUYJ=OTM=h%vB3&j7uA{gy8AO_ZBX8cPo1Dr*$pU>bI z;4>aDR#6XNMfh&5hs&I+eGZ*y6r!tERI_eQghg&(q9ZCdfEUm0owhrPu0vPu4M55D zyzxeA4UOz~Yk6FnLwW~3dg-EmZX?;ws6?(U^CsCP>PAyTkM_3_aIIOh9Om?0P1lJzwkiN)WY9_bUg7e2)dBDKn(bu|bm0d4E+kYHs`D zd$#x2UMbqBS1TQ9F}Mn>r+#>))(ek8kJk4OtE9?}9zT$clh8ja<8k`FvqsacZSxPe zTGs(;broL}v_|tO#rQ8XSmM1bL6VV5TN~yv+gLqj^Ew){<%Q|0wt;0H83{{pkATbo z7GOIlYc2gLcy$INEG9Jq10&YSW>`HvfZiJvw5N^~cybM~GH@n}o6jd_Vw`f}B(H^~ z&+rx>F#S#{SZpQmfvmF^(*ROy4f#sUa?Fjhcd8oTthU$5gEqVbj9Ggs5WPV`?}e*a zJ`0$mIfXSE9$+G8dadg!vgl&o7glP}V`z1}(}`s|E0|M4oIOL6t|vmOzY7c^J4PdY z;?^oyY?R@xnntJX6Dlx{phcoS`al=q>@KGr@z7*Ct&_VNNHastUMynDgKv`?w%kbj z?sn?LzuYki8dSfRKYc{*E4^BX}$%)J1B)ncCON~Y&0l>`L(79znrMUG5mK!Rdk}Mf;cA zN4{9_MmMRFA3x)}MyxwqcN}|k9KRp#plCGZH)eEUJ~7qS)*LN-7wj?Pf}3`)wh?e& z2&-UJun~6fh~BUX0_#+OcOewwIAFL}7NPQ>@)zRxG3)BI?quC1J9hA_HKw_TOF)bb z$7=gk7(eWDqP`#NGw7T@~Zq2_ae>@xXYk5kXlLE_sF#D13`Fb<><ufS1^CY@7PqGpLF%s(ZuZaR=R1er?7V}=aZri@h;`}|+*ULfgl+U`i zSI%h&!);_GfHcsv{ zhIbffY6VA{yY%2t@S$+ZMg9Iw7yd#3h0YY2)w=u;2g;@f@RId3;Nx7qxl6?Pwr zZ(HA|6eW4Ho6}N5HEmgm`GGORT2=9$&;3n8>A|G6(q6;QXIBhhz8QAPFQ!N5spOk0 z_-h5a{w#|?zUa-{%Qo1;o@e#SDlJH04g+58x`tM^Q(rgcY=$&w!r+kacB6T_@!9q; z`DKO@9)x8Emp2RihvD$cAj@_#SzhPt&#&G#?H{s5P{f<8CfVu9siAbEEj=4uyg};R z0u#jj-TT2@3R0YVWrtQ*5aK?_{Res^;a|t4HROAPqH!@_BPi(%!2zZ1`foOcAUbHeLrvShF`?%Jc;O%m#K9+UMh1tBC~`s7XEsbr z)4hV;qIs&XhnG3rlVka{fq=IRH_r8j&9zt75v)3_XGl@3ZT=o~J|8;9w(gTd%v-Z@ z%B84b+hL#nRl`>3frzvL91u5Ve_EwD;Ux#UOl+RVT~%3Yeqh&$CLS%@Nhqh|1}t@! zdCMdqW#*^&c!KL4;BcLklTu(GfL5&ck8ci_Be6}`3MSv`r+}qapTI|^=}*Pi;!b*A zjZ|6@=q84SB5jQ@IWW3+0>fO?-X6=&+n)GdX)mCG&6E1WPqxKe*sKQ_=QyWJ*kWVv z&XXQyQuy2Cy{_VJ4%&ls<|#k3Xw#ypHK(7NK;vii|1E`hcZ!Wpk2cp@L7L1nzZ)SO zeZtuU_k)hA;9_m1>Co}8E0#DqMfi+E`?=#br|T+%?)je7`T^!0IrjqR07Ivw!=o0^zov&;ZR-UZ1+hNYb7BG%vVYnG`TR0F zp!IUUQEQ617dj0+5HT~0SuLx`A8o-%0}FyjrfOwr4g9nZJB6=69xL~a<~UmpoC>W< z_m{Du_>P|9p5nn5-%#&$#cP-OLt*RnEg2JYBI8I;kk2g!_O~b>2eYkzth&JV>V*~F_D;@JyW%}5}vi+`F?leeb zkJEkPIu07SB^u98t>X*kAIKCPk0lKVBOVOC6DN*!Dt(DjuPPpoOPn@kwG+2TCAGnR z&dEg6t@ho?M$_fC@bQWFDlnpO-4pk_$oc(pe?Ndz0B4QEG6UJ)q)DKU{6_$yiUm$B zliFOJm{AQ}ya^{#QecgqbL-{7g3pk#B@Fibmz$MH5V^>bs7H2U((+21CZ!GUPw%IQ zlz;MmdQ%^egP>h|8Vsgqy({8h4HCW?cm4qgo5OPHKL%J;zG-HTpf;cUF=d|nwx(2D zCHwwITgvLe{Y4d|-u=AjXh7?er_tfNbRzfb@xjcb;1P3zqN;!}tw{;K+m2PWOlL?k zAJNa3EEz^jlRx3H&Cl!)15ht#G4XxCMkHB9YX#?(fC@gM(TRuEE|>Gpw=a-%VcFQb zX@`7#pkH82toMDPaSm%5WEw|TAxBUF^`blardvT*82#;h_2*&xo5p4ZXzjneUH)=> zB1Hk5xY`~EsbIVStd~-{f-vLlPBz&fO+dG~D;0EGFYquv_WR!lnuj;I+eIfNS0Diu z>-Q+B2hlv}J?3bNmhr}1d19x>8)Km^rPRj=?G_KZ_eAR&3gC|ua4?=30=a28&+Z98 zPPy)hjOVgXC^xf@fe7d*_?ex2Ik+FFOcs2IOd8(zSvKY62Lvq29EkAk;kn%gQC0i!t9LQ)o|*O~v8hZ~SP-zO zzvZZQ3N`?iWpl5>F5Js0)aq&dK05#Pfp++z${x;6`9$+e@0*VPqXtl)`->3Ge0wBS z?*hyW7yp{0r&k%hzVw3@S)8r0Ke|C=xz-yk(tZVurZXG$em;%i5c}8rqI|;x^^CZ! zGwk<~t6mUn;|LJ1g5MrwDm#8Z-EWBU%d+jmaz)C`3ESmD2xf>wWU47L4Ax7Jy`6=R z&I^gl1f5n@^W@&Qy_i5-m>ov&Yz@s6nusI0X39}Wt4>iuvyfiY6GU)<)lozV>S&AA zjUl$YHL>0sA;1_Rc!kL_2n@#l=_&T-v&c60VT_O1lI zYhWM>i$SdyX!?HjxI9vXyeBf7ug{GJ1pkxa-QmBD2c%QKqQ}+V_#|~B!{@qJ7EuGf z7PMw?%Ly#J?H__-q!&wn8oQy8{*$p=+67XGc=^F3FS(nzXvE}$$cWXu@}MrnH<;4v z^1^yGH#_B&s1{g7d~`*5PmbM)pa8rEr^x2CY6?@NMkjyE>G~;dKP~G94NXq#eTIbyeh6N!b2kwey7nE3!*OOc-iN>azO@ZrIoaZu2IP5b z3@JaVgnOB|7dB(KOrLcFq+l2x$v`wL$yMnDcF;rl+lnf<$q*8Q$C{erP+MzQKtC(> z_bdA&P<}-Wnjes~*cNSY{(kc!mJji^-rDdxr2c$}4e()l4?YL~8BqeiBg&*qIG)0J z;aKDa$|Bz?jxyzA+o$6Am6@3;AJ=-ZU%F`~Xfx8tB}GC!P6_PpT3jIlg^CFR$0wf@ zYaPt!HcMCnMOKpCNg^Xm1`j(T+WedDUcRqcqt?|Bh<88mmNxEB*vrS4orQWXf3wBX zSli%!8hzk#ov5P$&~W#66VNsKySNZ}%F?p3OrxE%M)r5X+sX?zR z!^>?o;=?NmgO-JRI{BMn7WN!9ND-rM?VAaP&5{rxZ$)*R?5Ms1dO|IgH225RH&@(E zRUr;-0MPPOl4>t@CKPaxPIg%y{FvoWAH$HHFK+}CAPK+@D<18=nvHv!2%)oAbwP6S z3Z9NzBU5T#Gej#!-+Uz+OMjZvpLG6E2bksIbx^o(x&f(MN8R?tSv|@9nDttdyxEseoV({=xf-R9j1=p6j1ROlltNXl|rPU z`1Q#C&Vzs6J%2rmGy?rp+FB5<&7n?(|L3^;>nsrh_Xdwh+`nke{|1NuNW7qBibt^9 zzM6k}IFkHwYkjed-0}#F@wV=+7X7I2yL@ds=n`m30J|g#f9#2I1`LiDj<n`V}b1~h8 z5_Zg(E~6i*pprZrlK*h52p^K*6O8=d#|j$r4`e5(U2h}mYZ}24hcAvAqSx0BdwiEGB=?LYgUKs9nDL|?Xqok=<1tSYW zjJly+syg(4Nb`uGB9LVUE#;+6jusI*Ukkbd?=+3BCa59J%ZpANnq{|E*Dvr7=r zf71c}Ys!O~rLJGM6Y16iX>pPbe)3yS@ULSI!Vvw5w3hw}Y5lK}^xx(5{~AgEPZ~)B z2UQ08Cjj;TM*wR2XPxv9&yn>&o|m4tZ;kqec11=o0kFFzj}9yS55)zQ??a{K-15KS z^+&e-U!V4e)cpTTpZ5Qu@VaBdww!#1 ztWc;hhIM7z)c>ANbkU&poly^8=d)UoerCm%llc7md*i)F9sY283(tOaKjchrP6LB4 z6x#P2T>kTe$jF0xznMHT?BDMF-SVWn(y1Nz?Z=NC-v$P<)QV7C4iZZJQ>xNs{P|t_ znE!-857_e(QGJ&DfFIYA=5?IUGQ+scHc4*LBxVQb(|@n7{`h3|Rq9u-^L{w|OC9`z zzbUKBhh*t3Ss?lkxsvkD4Rok!8mW}bpREbs{|`RQ022DYzPaFkC?fv%!uh|n7{rMe zzMgLjS)*>BBUiB|_+~S3f%)hS3W*RoA`WwuO1^N6QLmbejEu&Xhb#@SF7^y?#PQD6 ztdL0yKV0gI044{H9cJw4)>d(Z@4Y{42ZsHE&VS^ye|?gg3ZM;ITDI}u+{6!{u=%$| z4ExU_28H6!2>!j%1o+|}d-shDy|Ivwz`$yEsF^jE87;rl{zn$?wHdqJ$&zL-e9jyi z@9SO?z(Pk7be(}kEZ`z78PU*R<-WB%)hNL6-!s_1K6&%@;kz=I?#BKquw)(qO(2=( zm+Q}d=Stu=yAyVIhVpJdxwpL$O9Nbi>13v3x{6GtBtnAEK6)-(e)7~UyEf`ieiu>> z7c-RQ4=&FyHyu}*aTsqCK;MWdLqc&m$(|0YYG?{Lv=I{$=juQ*yD;@GDr!=WcE2)32t^RwZP_97o23V|cEE?tHrM&-2go zUC;Wh_51$Qau)G^U)SERJ-zncsa1|E7fX>YOwIfSVfJgoJ^q$+uu8HlHt$TYm&UM4xI__Da>onz# zkQeW0H$7417PH}Q_O)9iRFj$Qm91#1vK1MB%3g!|cM++?cqAHcx&M7zdAf z4a^S~C7vn)AMtlRN=5!$oVfgE|0$dP{VBV|KugTkxPWc>>DEoHi+g#}yE{l77S-%b zYWHof?u}&fWZ7WXA0yx5+&N&uNunXQ{Vul9x!(xAa@$X~?(KzSwH~JKpRZ5kBV!@Z z$XwAsZ9l8j*{{Uyp`d`;{4IyM>D!yp=5B+QWcOt-OwzQZH93&^O0t7EDXjn-Hx&I zr4bmhjVkC{N@RGeDCP*CRprf$(z_)iibcuUWIJOxto3V8B7(SrE=M$V5th?wU2-Nx%~Z51g+IQJY*DzdBhG5{`eE{5znn;nDWny*p&T3DsZ(7 zWgAEo#o2EN_nLaDwJ0?-OqWI8`M}$lu66|bAlBu1Q1ObCWf69vIIiO63{kq~X8ah- zK$%^J@b09Ib|ZbNS5IfWn~3A`8(%$1TF&ZaAJDN#Y}m-gDKd|GVC8Q?BB1G>Vms%M zDlio&wsQlfZJ(7B2<>L!wQzeoyzCCYyY!V!Rg3(@V?Qx_<(?P=IeXU(H;5YO*a+y#b98U*t`s%GUlx$!@)dD{-c3P5`yT zQ^zhEjxbIg-F6d)@io;rm@9^TVIJH6C2cCJcyz7Er2lD7<*AnQ%;)p0CS+{T-^c?) z8fZ&9;2osK#tzTgBKf9WdOs1ih&nH_gOvJ*)HGgxGcXx3)LdlCd1Y4N;@Ui%58^5x zDcl=Xd@s~%vZ%((1)^C3F*Z&EO%>rZqN{Gt`)`q{ykVj-<1VsoD5%Upn(>m3OYnn&3Zre8e&cfy!zSH zAeEvykgx3yiBIsS87vN!;}q1n7j|QIt?MhuWu`2aQnUcLz3&WWcTeFkEkV*--gT<^ zvGu}Q@#_;TtCuWW*1EG7Oj0we`|(J!MjdKAbs z2>y$}3WNEWS9DwiwMA(JWk|DB9`jx&69yv*nAtVrOd_4vgolV8XpY%+J^ePr71ttb zjtzZz%BT@ia!KSM)Y z|JPyhBpH&ah&1~X7tU2OB6<@Qt7B>c{WyeGw}d1}F}VbkIM`9Rwfh9~VX;6e&D;>` z_pI)1)6X-b0Ry_V3)?N6)o)MSdwY?c6=<+ecDB~fBZ99w%q;rLag@uXD#Vy8khpCMrfZd_!u>sb z?nvPM@m7Z)tseqG;do}la%fm1fnj~QE?r9Z55t;<1G-hxZV{#zRZpX|&V+f{Rh}`k zaW7O5m%6ar0a#WS$$d6#Hmz3#m*y=DetffNBl(`LET`=_J5VA};I`wmsn^84xzaJk z?Y@hDna?Q`w86vQ%?_oNYub)yBREkW^|=W-cc+>O>sl+_YEPJqB*vInbp1GAia`%O z+d^g6j7aEp3&a_f7I;$~BN{$1TcvkgD=Ka+ zS)OWXxHSm+S2Po{onruV!q3M5{;tkh#D#C7 zCyo0lKm6(29c-keF9yEfWEd}8V&4^v|LYW4=XH-Wp&I|##7=jrf80kJ7Ki52T{%94 za>}L7oOd;j!Y0|_Q+^^t=*^VVHAetf5bql$(%|D? z-?^fKv6H}z`bGG9$ebo3`48{+Z)6A}#y`eujTa$z;3YqJaQvk4`R~jvt_%nE>-P^< zA46G6C9)}E!gDuYn%RpyA?;feEo|HA62c>S{Cb*8uU=ko?<-qHUCi*Lw8>!Mo9~%c z;g2#M;?J|Ie~-3-hMhdYtL-*r=eS-CTwQMYsyIlTp&ZX&@lHVSka;z{)v0cZ;x5J<0w*tdm);(| z8L}$2r=*NVWJGCNFFB^ZAiQ6gaNAE=-uWjir#kk9eSfEYvEokceA9py%X)PFYm3n>$L=l;)TQPKS+p%I@| z+G;0zYrI~<`prbZi-S(wyU6UyR=Y?+yf82-pRvWXN<=?gc&lG|dfN`J%@EV^+@e`I z?LN$pvs9?XYDt0GS)LK+YyPksr~cCt9tuJbJ03pezz@Bf2j7ptS%rc)F=*i5SAOWh zJlel_(|iBr;;nkxpkRc6PGp_`&Wn-{Hy&OwOeiqix#GH|r9U|TJ^flv#cC!T`N7ak z-jY$<@<&^-PxF_CI4-@d^;r%It^QG}y=69wTM)~Nr*pLgiRFu8aN*J-A&c9XoMU9n;Rfl2}zJT z0j60QRBj@^f`aR9DK?zL$4labwi5jDdMj1fs9m#kB^!&#R&(RfT=gyX@+q5pn5JM> zy5y6QPhCs&C*YAC!bCYxm3+2FhlB5P<06I=VlL)1f8eR-Nuqs}2>o}IXq)JTkGxNd z9Vun3Yf<=_m`(mAHxPtSO$IO>w(8d1HeNykN|=sgr3-f9Jh}R%rKJZeCV_A(3T@jI zid(XL@my|S;noXw0#WH1Dk4u}oqmjmdwd&H9sQ6N=Qy&8TTd`-JHa=i1kj@M4U@vQ zN_N>a6Hi*UZl{f+>}+>Rh3O1tI{>l>1Ny{e7RvfKNLOk!NCY!nJ0BujL)s?4yY46L z(@FTpYyJAz_!$_67v$V{hjPOP{@iTEdP+pdH&Egiy|6+=lLzTCV&r@wO)bcC1%Dp!JXUC&Ca5-J3{!BLU3@* z%ppvQd_8lN3T6n+=kRP6_w79CdVg#)asCVk)t<9?{P)Z}8^Y62nl~=zI%TEbi2fJs zGzS_qd(lAjP#|P+0wMCk{KBuJ`nB-*B=NpLMEn%iysE&*sC$At^8Gp?<*YfT%&waV-Dv_zL#9NL=I&M=WI8c>$?Jv)f zoAP3HM85RK>4bUZf;s3fSQ%r{*_qxeS7{ec^3P${!t)112bRI0)2&qdq z5?64DOGtm%x6d6Kra!p|5EXl|I23**S6ofc`FS1|E?O;}7iVuE$&h@{% zC<3T>H+!?o!G-Gw0Z~8g)IZGnCx)KAxSv+z`PZ}>!~fJ z@=s9Xme`Mns{h@KqyBe^$5{kvRUqcJaU^U~`%*%`436x|-s>myf1c6h{oG#V_`fDj zj+6fRK)-J!5eF${9X_E4J_wm3P_tln=^JE!>eajb3Zjet-0w0Y2nwbb+qH!5@{@28T9D zca~WCulSfg%U`nqe*XvDSM-egh$#^LuQ>6=^N)x7{ZZT&cgvW8T<(KIy}}6&a5?bx z@jr7CL1*#pOBlMS6#mtgj~(LGe?Ha0Eti2?PQ<==a{1s;gDJoPZr=HZ|EEXYcyix2 zB1vghIPXL^IK68Ow3pTL-*d6JHzCskx7_8*pLu%!&wDl!g9F@VeCGN4 z)(*bXf3+Ww`Skp2Kz8f582$Ox>uhk#Gon-~hpI7&JG9-idE$RcBDdteYSjL(Y8)f` z|5Y{qQ}F&*9sXAxK#KkUUQ6-6>hQOT`(NwutK#&3o;pN3OM|fhFpH`fYA4T1%!pib z7(3fkb67C9!8)vReUPn?&i~{jp(k#h7;2#U%}R4Ht{!3C+{A29ih7)(0_NGQ7!2f3 zB^vDP(m9AbrmHNFDYskGGat3!@n80XC=34o5m&5TBr&wT1-V!)=2A@2X<0v;R`da6 z6&F5p(vZD=|7E%@%HRh)L?1o8Ig-DM9ZrJ^F?<8E;f zMJD+T8PEeXt?^6+&)=JvqUmE-oU^MOjN=;NEr`+fCej)-m&CwFJ{c$rZakHwq&<23 zh{MCZU)^*X`sM2k8E6&wa1Pgsq{X2F5e;U}+e-}yhRtOj<-PZ;I-)l&`v0wye`Lji zg2YpIix)*soG$6bD40m9+x|+Q#(6B#rM43j==y#xQS3Lu&je!~Qj|g?)aV#^iC3|LoK1@wWrY^oJ|ylfAa&j< zbZVhA?ZfqllAsrqeoN9Vu>ov}iiSP559cDJd2|=F1pUY~@y=AQlvy8ewqQ~I{O$v% zs(o<}yNz()Em{qJ3!s_y>Np+bns^b?-M%x^vX>F#yfG1&l5f|dV$vBOJE3*UFnTE7 z6pLM~zW*3%*GXX!mh*%qLnWKrGZ~a_*$KhkDQ8rkFXZZ~&3vC3E}&JLeaDV+SeQrA zKFoXOjR@#**37q!aI8slDYc%CFdMD9f01*yR?|of=^Sr*5^|2ux?!$z0WCUQwdJ~P zypg6fO!O?qW%;gBQz;CobLoYG?{VHRA-H59P)BSp8Xn;Ni>cj(u@x$z zF%&)0yn&jNAUbL(xh3c?*~?DG{(rk#koqlc2$2<+$`M^(vEqiJT?&GD24gq~sUNg| zSfe1h{f?Tio`^AXZE#p}ARj9?uhN$CBrm2s^u=hE6fVteqptIQ5iw6aN{s0-YW+qZRYLy+s$JF24J{C{-|3@j1_ZZV{lwVnaEhY7wf%@u(sp}3H|Z+gabc4J`)D& z;_Loc(*^a*LaPKkl|EcJ*gz!lug{F!1_id~IwPvPKU$W!joO8K`tqb8m&J4wi-}(i zJ(N0SHWbU6axcs_s-go2%Aj5wd_mzRqXWp_OM@1cXJ1KbY}{|CvFf;RjS!zJwm}^!j_USUMzBD5 zb*rA(*oALNV-ai9eYZhwL7mT*a&)N$rDO2*m4&xfNgyy^M0pCNeYS4jfFG4DiVe0BNz%mMl7-;heY5Eu1fH*si7H1GLmecvrQ$}?uUP{gT6T03b z2PI$^BiJbspE%%p&5E+98aLK-`p)rjRjjk_pSe_w=4vC?)(n_9H*J8iT)7h$2 z5If;o6l&c5yB5!C=@4crwnvfV)r|Rdr(*<^>6gH6-iIR&HXkDt-MfP1*5=+EH?NRT zV9*wy=n2+~))ET~M&>KX5 zse2ompou2Efs9>aRf=4c7M~%c+zb%nWICmw z+P4Y!+N3%yR<2@pvQKF^{g9VTQNA?*06ILT)r)pg;i9~y0Co5XnAi<(k8TzCqy zxllY>6h%EN3{MIeEY0vjt8h=oU@HEqXYhT*g;DEMTO72Tp9CfM<%N1cJW%56HmzFU zBI6`GH(XbDgWFT*$8lcXk3UZMZ^aF@6c_kGin8~-DRlTAyDDgv+gdB8O!bheT_x|9 zwbN9;*mm{Eed>pM>^e*2-}#k}vsZ)1M&S9!?4^;~of#@6H_Gn_+CB2~zpsA(E9v_n zNA^ATr-*wMaYkMZDnH|*;tYhsc}9U~tGm2B zq)yN%&H&7qjk&1l_m3RR0)ky1i~v1|$xWo`167=D z#rIDs2}Hri+s&zyVzdNTbKypm(K@_j`4~}Wxywe(fuL8sv`x)z5YHcMY;EGYLpL=K z0mkDpcJo$`O4mS2ynlg)C#`*FqI!`O;E#m3)|?`_TmeB5Sojh{3CWzJ+imRO3QGC< zMC?qq{doS?Q_am0MukgSP(;}p(}Qt^z8s4)ERT$lXc{L40{#qmCKtoIuinJv2>GF0 zUAl;}ooE%I@hFVgMt`BHY=UwFPYgob-oGclEy{vq?dy4a@!Bf5{=3y@88M4LqDPUy znfw4_RS;(mWz-gD91+B-uVW@Eb}JW@O<0(zKFfY~SHIZwAD5gf{^-{3OMP_BHY4{!W>1g!USi?7SR&@S!99Z#xq==0r&XK}pq z^zje>qGK&Sth$;5;^!}~3cNp}Ep6Nn7+xkUM1oLcx;26gkaTK3Pzl)MlN-W_l-JyF z1h?h3VrBVCU~3Y~*=M*=m4U6q7`M&F;aXWozCAWu+^IniVG?@w$t* zo&|PkNgE2rI@ubJs@N9$IryUQ4IjRdSHm%W|9 zR0OGU^7HdHp699ZPwCFI+(Wlt+S;+Hw$X(-?)Wok&osKO>+av(dgnN0Z-IImk{!u5xo9hE8_nne%PmJY-ULuRXpps`w9=Hz@Ad z$v2Z}X?5!R*aZ=KcopL2_cY+y!P7l za2OmhF>k@tqA0fW;*(J!M2qxRe6({jc3ZDW=`z=|!gM;TZ{yYgvhEMK;Z?THW~Dr< zBWN?H0uaf=xjnx&ti^@1z#llY?rFQs^6}VL@7!xqiy3r=cYbANlxcc@4Wjc1syGu4 zXfBNmgsN84Ib$f+JYQ#4bQ(=(<8$9*2ni`@cW06ulGM<3^cJnyE>c$kH4W=gG@Z@N zNwh%vNAhLJh15f!rw7_B7Yk`REv4v2n)Xgnws!{k(B6-xx%*rQ5>nCt!Ycid?c@2A zz%jP&WmPLM%mVLGNI+@d&zOPS9f}^E0yxS&vEU)|NoGVcU#*cfKA~r@#xFCreBB1w zuN5SPHALpR2fp&=J!zzW2bOmP{gMwZMfnI?%84@ur^)<-f<)HHiT|dGI7kQWYj=>* z5BdmF+0rR92Rif@J{QQ&Ka=h5drHXL9LmPFHrKa4y=&6PnU6D&7Qio?@mpW#dcOKZ zt;8~KpH^1TB6$~E$daR7S&s@!2z}m58a&;mz`x+WTPi6^Df;yT6@MmYk!f#`z^D`a zy9TdV-7&Tk)mvfdaSmVe+7-wRTz05vdOM?SfEQ8oA$?TPGgxPsX%s1;K$fUhz?9!1 zirpBjWi>Q%iT{$tdDhf*1x3WNVd*fV1Uxnk!R6*W^{K~^S zGz@q6Up#Hz+7{b&NdBnvvlBZCDuO1T2`KeMv69mrI>v(qWwEhvHz$A%kNjJuO*ZOC zRA3-wN6T4&~&Y zQ6tTPISVoZcVQhcLTcQPcd9bcheveV*yy$7yb*Na>NUBr&P2gfg(!}mv<}{>eH@9_ zVtt8=-zs8m1_*A+nskm?_T1JX?V>>NU3%~twQKEAS+-mUBX2F$7U|%Zcss6O`E(#( z>^8LLx=vLl`Im6>_PFti^X?ui)-L@CE3|M@om=lr(h@o zkdX$vB;hG|7e$7jz7AW^Vq6t`l%evNmD<6B{4>k7+iy`53m1VO0amTDDDOF6M5CF7 zV6HO?SIRVeXzj(N;6ZPLMWFW0OZb%Q3Rl6BXBg{a(zm7G!RiHrNx<8$bXxn=z50QP z%e5Qv)R))RoP>Z~tIVc2oH6hP{T&)d=`zmCLOMUavpW@dkCd~5@bJ^O2M+6U$LH6R z2J-ZLRqe2|Y1kxYuLS}^($)IO21y*mxw)uhUOpNj0;}X%agqLGFkI1NexKZPl{F}R zZ^1bbkHCDbQaSSarJX~|^%QnAcX0-nyFk(@+jf{BKI~y{Jgf*G;?onGIL>>%ZiIb2 zcdmExgEFPF3h_mualfv(C?`fERUeT%=t9c5^PFuaB!h~*b4K1dY zqb>6`0 zO{ekD`Xlluxmb(Qs@h{zyr-Wn=I1@Fkz{_i>^(b}=v@G*XCNG^&A*Yx6Cd1blMBtB z0rU!@rOu+9C$HqhWAux@U9t;(A>_#PlZ{JLH|)B7N_M z)H6Hi4Zl3$Jd98U;m0Q#bj85VJBrS55v;&vv2jzIH&SP^Slc4&eK=8McP8o^*=MADQ&J;{{}reWmbr>@b1RM<`$9BoQ~4e zyl?%Fe^eFqJf%nF8Yc{_9dWUN=jn@$-}lz=n_1x3H&a=Vu7!1_*buU4m3>gvsWkLIO|>4Z3V-U2 zzBEp|GTjF2s1LBom|mFyq*lPTh*}0CGN&przSwp`sVh!OUesV` z?pDy_YNghp6?-)esajCKPAx{%gfE>@Q}L(**L`r0J*oE<#HVO-OmDv9?s23I*(L5X zW`@KEe+q6-8Z8E?wR?_6m=7Ryg{LM5I^g+_K~wB93;`E8w9@p3X2}!YnM7Y9;3@TD zTq*+uA9ZT+gxwO8gYC|uBD=&%ZS94|kJgGkhjH+EPEF$XwZi|KEfaqV`%Bkf>*9xf z4NGJMF`iJz%g{scT*NUkhZ%>oK;mV)S9P?pqk8-K#fN!6JiDh?`$k??Z5rlpZ}fDe zW|!Z@k!+g<@dBpW%|Z8=u*NRPp9w<0o%L<$@()<8H_>egV+RwQEU<%vaRc>4oFDki zBI|IWpF+HD6g&-BDQn}RPug0<>p;np>hcVM;`^*q>tOYk}S>W{h3fI6@EI?mp{7HZG5U)8;|Lx(;I5wy^@ZqJ^K-l&nj@0y!5Ap+N z|Im2X&UJPM)kRq>46@XYq)6&4Z*2Q5wUb_4DbUmholjGfOw2y9bh}HkYM)VxHVV*d zoirS%J!3BOZRyQ5xZnsFNY!p{AJgBEVJZPl-B|76!ddnz`|?DaxWO_<$#T*XJQ5n^ zGTXZaJia0@4bj}Su!fG!Q?N-g?b>#tN&zUbkUWW%<(?qsWyP-p)! zB!x}@Mv{?IQmw+_ZmwUtDlYSE>XbiGKEFE2(&JL&rDbG)LS)$E{>}J=9VSS*{tWtB zjg%Dk+FWlii*glD8sKm~dWVV;urxY1_F@13yR1D=dH8b?h3TnNE#75Ep|1e$xSuoh*zk$}QI)UL;u9S{#gpiq2t9oG$CEY-7 zRRQB|77Jq`0!ly&wzMaSm=IyZT%o)wi0)5H0cmve5KKCQ-)xW3R;(772s3%C0X3m0 z6RGvUR)8!9;xL0Tn(a2o*KblHtFw=txj z%@NPFV>urtI)v4{i!Ni-ss%lmF>&{mGN0tVlDfR^1Pn?bTB|J`P{*6L)~MvaBuKwG zM}&Z7--gEb=NtGDWt`{K7Ureb)q#ZOS9;Y0hVxwzA+@&f&-djB#NqO}*&4Ud-`i!b zx9?;LbeQk$VB}_Yf84+2yl%k_n53zGX#Ru*|6E2jMojqyepQ7+vylq5KEaO4u7jc7%ygg*e2>3P4;uA_R;9oGlGS^uIXPyb{5?^sY{TB z=FNMqVb`@=7n+&zW5u6{*FrAWNIn5ex?o_AFi5LCaEn~?qkd2oJwtkVJ)!!{9YBX4 zc&ry;f*veNGL}uIr>@!aXE}-aCURhP4tdVjz@v0NV!{@~JY=jpqDPL3!TyhuiFm%G zbh`c#bD`3Lj18xrr+h#>_Hv23l=whNm!-c@Gy(l%?w}9hxF^oI+k+!Eo_0ivbZOmQ zy)`-3tdt~UXXN`P5eI5Gs;e3(Z3(J=dPD?>upumW)?j0P_a167&mUEOPtZ8Dyh!%@ z+#g?!KkL7EF5{>z-gk68SBcISK9!Ovk6RTnG2H(hxgbpW-2p+*0&=Z)t-1uG09xCh zDX|=X20Bw-3d87u3X4p5&PHW>r$f=jdHg?)|<|aTjomORl&44oeMIz1knTGb9Z&+_Qe z#e#jiyyHyT7|iEb4+Cvl5%`D!J6~nZYRTVvD4nx^O19fd>dbDs`s|_ z+RJ~dFO?$r|I0bzKQV5*l_3>cf&q^69lgKrYuQ(v)!qD%s#sH&Rj$`Snlraf>{iA= zY6g#MpmlDg3ZWy8*n&OUTvE$3{PUd7oo$@IDXFa^#+LLkn=NCld*A*BiFnHISd0QD zKc-Tb_W+(`_O-R97$5H#H6CUvLB8P&Lr*o{@L_K-cpY(b;^bwcpTFw*3;9l^VJo*n}IZ$ z9+N!&lJgwctS9atVPAcGrpt=$Hw0e364V?w@VmCU70%5QpZCp0YW`79IK${8a~}Dp zwLaBTp*1;8V1Eh&81xnti|7beh!J{a$9~f+!lC2%^tct{@85Xx{9m5ey^k$FV|TQ= zk2MW}!;9gP`|&!x5l)ETu@xL9z0Ts!>Iaui$VmtM8klbd`SFiIM3^TYv=qfhSQsA6 z;0dRGKcN%jG2V)X%jqvg(^!<#ni}W=gEm)?EftQ$`n_|Hl??Z|t;akGWfumElI=3W ztWkM)no#%^(~^W!mU(`VD((a&2uQ%im`Iod*DOHrQ3l@Bks{^#CmE zqmq#IJo5A#-47&6c3wIt9v?5YJagoPl3BqkEggBK(TGc(ueWrRT!pL)g@2CKDqPna zF|Up^X#Nlk7VgS{1hjRrYtkUYM$C7+>3U*D|0rGnmKV34fQh9{V2P=3P8R)R?(tY` z95nddCW>cNuY77cYO-Q?$HnZ?QFMxbdUA5LT5Ni9TTl>Mkrt&2_b+B@-fCeE0y{Thgme{(rzluItoB#XT4F>n&BUA)KQ!u7VA?m}+BPXU?1)e* z^9nVe)0gL>))Rcuuy!N6)uIc@_n3xP9FaOV^y-h{Qx*?j-RW4+2%^1)Ir>ZiC(jpB zU~HD%te>Hy!+AnE?>*`ZZXUdht2pbI0WaW}KaTq>b>Ib%-1WIa#_l;LC)uU0wcR_3 zENZCcX+M(8@(>sHe6*`Ye~_QA%P=w&*L&lb2~5#DjDyY2Flbp}rz6?BH8pP!Ny{jR zs*fqn$4WQ*oxc1L&mT#E=dUeN-l7E^x!4VHy^qUI_;FTBy6tXK@R($Tu}{vXooF6$ zUW}>olYWsZUt&aJ{EqY(?+L)K?iUE2`t1YhM~a`<-sqU+OLpG1?SM5yIZm0%8X(@` z1e+Tdb1469WKK%U z04sw@b(X)fava+aIwiX{gh*VW;hN5f`&Jan6S=keP2JaUJ@;zs&gg-($wFlf14q%f z%;>VA0f~t^RTsJW-hwFd&JqMXOgXev;X#sdSE5qFS5HB^H;ru?L5mT9TVG{<=CHLgiI(HpL?!0kvq3MMu3q;l-X6r&=~G*MG0?=F)k1Ecj(pQ(x_l1E`vAmg|~tf zeYtk?DlC($y>Yg*LW|nY3!$BU)Vg^7u_9$n2q+@<`}@`MQnMlc4wm$qftk!|G0=Uj zix!~jX$0cG)&_eOhd^him=0Dr`T-B>1ysvsXFH5tqt&Jv?I*e=LX38h6la9fF;htI zBh&#*!H?%-7tiSux4#iY%qN?oZQCZY*}6I^%FGkzljv~9@e7CN$DQIuEw+|{?q6DN z#Myv4Q1kQh`&wS@KmsY`o1P*-a>}h)cI?c5-=}t+-EO&8@YGEr-h=3vyM@fs`f@F$ zmpPD<8t3>Uv9P$?dD-=jA5H73Ar5+9+m8?Z=tcbWcBNTZ+%+yAYA|bA#Pe6P37a#! z8#8yI)ku2}*IU`>iV-_s@Q&Y1A;g!qMD^_jKi3-VxF!QtP4+mKWs}wtFrWE;0AxKp z+}`X-)idu3%m^X(^HrneA&Y9qaw}@hl(*E=uO!;%zDq<3SVS81Kb&9%rOR0~uSn z%+qgDV(?{wdjcC#rA!g+o?U1@^8`+KhbI|yh+s}rp^MB03!9dHzCbx+>g1huYSL%&*zpx7kjn-6E@v|PWZ1h2{p4Y2N;Lk; zp2OK}I&@9;2p7z=l^h7x91yIoe;2GhJpXG>8Vce`iJPtSI*~=j3&&1RW5W{0ecq5) z1$C#$VFwqQ!Cs3LiQ0bpdJ?z}BZZbj6{1(T1Ex)R1B$ST%Mr;;#Pg*%AwosT?SL+o zu&yp}_H`Ww>%WzX70d+FoGr=+RQq!4cofAr9h51vU^>0xVNGk#h_a;ap;ZPVbh zrpxRUmpR%IyOK(k6S9k3_aC^H42|2>eqFQR4t8wZ16ynmpI&8IwObTS4%=|PzC2H2 zeafkgxP8$AFj2{w-54n}ZQoEl`WaKmN-65F)zpw;zo4!%-~OzBkm(&ATUv~pOl!po zvYp?{9@;_a@lgx&I^6VH_svSwc2!Dk z-AzDJuxsC_#70wLBE+z(1*m^i^`AavqNP#XRgZ26%`V*clknT(%0-W*0R2T}HI zPyIdWxEJn~$bY>(Fc^w;R?rsitC9s>=pSo$YU@>PG=OQNR0_5$*2|*wn?JBrt$^)c zk;byMqUI$_hL@My%k6v2TXIO<9!BztHo+IwnB$kk>EpYSu!74qzI1i3@LdREnz`-> zyl1ee=0FqE=;C>eUCIItxqwK-8Y2`}IW#|DLjxVoTi(jxybJuq%4vl6g+jf4O3sQg zVMnxkhx3a5<4(j4kOnIW?!*_DT>eg7dc%_4!d9LAK;sykp%gWZOI8?WF}gs@gehIXQ7Okou#($`=K2FPgY}xmUrZ zi+pLeG-tl?wJKm8>RyOgnD{KR{Mw!H_(Dir008aCslIe=h7OpB`LM%mPe=8TH^=i~ ziX<>Bo7F@u?gV~z)$~>}vRg~I>Jnt|*wx`0N_j9QVA$r3i|EdzxZuvJ@_qOx-+J_^ zv;4j%cvIygXJY1ti=yOXwqjHj3xAI7U}TZ)F%@XntyqczVjpyTSHT^D9K}S_)e}#= z0Ut7$D@k-|VHhOzg-u45c{5a>-6r99w`B|Z)YZDFf?5ZscXs_Q7neJaR5;o+LyY@7 zR5;gbd}~8U6K6`mu7_ru4$<`6i=7@_5Gh~BHGN{r&RfMgar(Yp2h&pyvMuknWiV`7L8I1)jyl0Mc zZyH)lq|uI(ja~WUizFjRKJ=_`cq2vwmv5jx6&2&CL=!bv@~G-$sbkiozJ^O64?wSsi~Ht6 zkW~l&P1eg}@$upf?d?8MwA^v@HM@q>BEvSQ`0?hSZ^YYy`$RWA9Qvapnqt1u&$M3k zwL5=xmcTB;^5PMfcNk~wx|`PFkT(KgE|Drje?vA98my4h$WE7iao|wc9s#A?>HENo zYBSQ_UH;zF(aabqiq??yCO8w6!yK?ul%fs@I?0;W1EE~Cajw&M1&i$Da3=}>} zUfE zlJ%lBlvMzESV)l$L5ES$Ju($3Emyx~5va zt6;t9{K7HbdP00k=&f;25Z*Yuew8Gn{J8O=HO<6-S0C<^bsCMt2D$&$Q+ zd0~gSz-QaFlvywZ(=o&j+WCeAGy2FyaATbpw%&1+O&Q%`cL+N)=UG7F=fIoG`3TQR9@WKmxyz?@=Z8-CWh=h*ul8)*JcFT+T9u1(En2Ri{5 zU7d!7MYl57!fdfKV%wH(j=~A^+m7u@J=*0?-kmF@0~<4Xim!cmQAy8xrSvn&|B`L6 z>g|QsRpe%`xbr(nx5`}++u@ZPj2U2=&gZP&5EI;-WJ=v}_lkuP(z<+y-ytCGNp&GF zm}r={sJK9`-dV+CB){fgjU2)1;Zur~nTk)S=u}Iy&BJqGki{zaz}ZQH(V(#+?5YSS z?>=Z-Xco;CRpx7yEc8WzMQya^y)MshjWs3(_z$E{qRY)G5Z=;(42uz>SB!zSY+-ljOtS+wIc7I8 zqt17D9rWmQM6#rhQ8Py7nv7jVo%`c2#b1GediaOQN?BZ3-E4bWnjU^^80KKT@Y0ibs&CC^UdVH3 z<&&eUs|CaPBl(!dr#Rai`@%iNUw{dvnai%N)lrIEP%H<8!5ODzXK}qgcRYWgvnP#b z+KG!1Zm|5VfKm6T3*_-X?PPPi6Z9xH-KNh}jgp8jw{m*ya5{<1nD3iGC4zRT(Plj(_J{*#5FPO^N4`bE7tuX+MS+X_8H-WVbd9- zevHCSODLNWbfvk*xhSqz5aHYchO<^ysdp|WxpCG8@C?RX6WiSgSv-$NLPvPvNJiND zK7FzFNC(=^+Sw%^F88^5$D@F!FP2$bP$2v4;#Ty2@w)$-xVRqd__be`qXaJJ{ZrdJ z^swW@6i(Kg`P0^=Rtv)=GMyZp*_Sm5_A|P_5cnhofZurlzZvyZ7jv?a!z=4) z2y;N~-U+@#OVrTFoQ0#uvSoqPer%4zWTVrKds~0~b&3D3w8Wz>>!lRcZ<%1y7kM;n zpryW$dC0Pmyac!F%c37_%)F*m9z6waEG8zXrck_bEMJZ@EF-(3)s~3ZxX`>;Db{tG z2zqMKX0UKE*#?f*MzHG(#3z(L1`A7qI-mME`{ycRQ`|-3WS=nHIJVUE6N8HqxM2MV z7r54*J2$ElqgQ{e=jY%U3^z4OKXZCB-=!KeIu!r;hd zB(ev!!*-M-*h0Cojq~+v%BssbcI4O9*ZZZL1x4Jin8qJ?K@j7gG`}iIFF@U>@dT~Z z*+vOG%v*@~ZEs=Hxq5zMgPF$$7?vdJO^Xk&-&idD@8|t#A^34orkp1H&pA0Eefcoe8N| zy|WIho$uvaJ3$f{Mnbh~Umn!~ru^v$6^hlur&XL*=h#MFc$%^zI{^H1Zb??q?oq8u zwvtk2X%vBJh5;nT`gRs&kk_um&Z7iiRE^gH(`?rcbpiHOPFMQ&8eE6z#?2L9I}@^oj;vKVS|o7!*|mh+YE40iyQPh$j4``b;@*_|^~TVbGg;M>9+_B3{6Q|Ri0 zP4hVc+=@Dr!A!f>?CX2bo;7RpYSDxOP5ZiD?q}a*M+HfYSLcU@;4;4=?|mRrqGh)`y>Qx31@)6xAy8`Bo zp^1e{Ez`s0CMSz*tj#ep))SQIBI}8Qc!Z*PxE0CYa)Jxrr#jkx`M>jmn2H^fVv0hK zdcck#ptSphbQRYFd@XC#60;!Z7mL*$!;c!p0WLpBAPPU9De9DKbs@VqCa1yjvN-#K zXd8QqQf&6neT^vl1z_#n)?%vB>Im2P>YTQ$SCyyTTiOI2bbs2$F46}*ZK>Tr?nb^EK#&a z{i7WA8=00^vtro}T117YF2n0UF(*#&I}vRZ_Hkv?scF$av@D?BAoUDrSS{h^O_^;m zP^hUbb`}Yy1SbP$nyXy(;{+IU$4p44S%*fm#W|@%HqF`>tN0OCN$S0ysy=73-u6Q= zia6WDB)w1Fg%y-Hpys-BEI3Oy_smbzjHIs!aswZz%0^&sbPZ%V0(1ON9W_^z0pbc( zg>i^d<;!uc;n!D5oSU06*B@g^m}d)AQ~l-hc=@;c7z%<~8Bs zZ(xb@ZD*AP)9Ol@pU+MH@e0Uex0-M+_4-wuTtL#pY!seo_hHPm-Bk}aSa?uF;%pZ9t1`+BbT zUap%#{;zK>)d?!-C-N>j7P3P4-k0)K;WW}6OLI@S(~Qy)s{qO|lE9Hdih`E=Kgc79 zkkL=P$u;1!@Gf$LV!KD9rYkxODZ?hJ|9#}7N82<1#?!E2j`xkGX zpFaOzAOsl3-6)7o>)Xt9S^^)!aE~Khb}(rBTl}IEc)_S+%+v0EUuS()gW$?xWc3Q8 z)OXIGSsh3hU;zgCwwD+jIoz$rH73GYv=UdH)B;<4{#vy3Z*ux)l79w>I1tEo9qmi} zM;Xj2la$fz3GxBGM5Y7$aySQwK4419>MfPI=`T5LW3DHijtBJ2H4Y@rdx_E;^WRw{ z{kO^__Nu45M8pAk;rcI%r~n#NemZv)cd9FK%!;XX_ZbVf1J}27_+*lqTO*o>z{#Bn z%Wm5JdI@#i`bKwTgfI*ObY*rhDGTd@$w)XGYHiD`tn=UZi{GB#KIrQn1KO>JiqRiI zD}e{WB1c?9p7H)-feF+;vJYTCf5I8Kr_7E=x9C7@Z)-tj?H30FjbB_5Wt7-$vo>h- z76Uk{C!D-UO2>=oBmvn`f7@#JA$_)a>nEthE@nQvag;0WIv_6kP|HD8SBJhOqR$Ef zNYRCFyOoX7Pg^B2qoo_4)Y)Qn_xhBU!ms>(PJCI0rc4#HFg>MQ_sVf+HufqMini!) zU-9wA^g+?lm?&jd5TGe60wBptpfVG;VxuhGvp!jVIe+({m!ulqzm^UcA&vm$@Y&Pp zm;2yyqDI+)EDm)x0Y@TmKq?W|+@48P>U^yUpSnZP1mIxIZo6SB+~{+iEu5N~;7M8? zM;^rgB<}+ZHecCymFGvGO6s8a=C><`m*UutQzO!ywcZR3z^rZ%$zyVhmL(wBqa=;} zZtOw*g|4?&6a7b+&#w>U7CgS<3TZpc$rP>t(){gSOCuTxZ$3MqC&7?zL)2VxYoY`B z27`9l$W^`d4Usb1_*tNtVBSW2zJSDR$5FG$uvX1h*tTQyGeMEC?|b2>1tW?AdI z5lV5DkEYLBba@)}Su}bl{l;9nykX6xl`g4~ycgj3uJf_0f-o@ykwzClMZX`O*6A1@ z*RRAcT5&>?l`BQpObQ9^hN~7JFCq-_q$mNS)O_!$llqcos*;zQe#&jVFP&dMu|8%} zbO=8=cui&xz17Hk38_6RxLEWP0752o`XmgGDuiZuT?_&KEf z7^~DX3x^*g5RM&ZJ1o<&vBaqr zS~D6uyn0SCsL|r-)9v#cl@GJtdH2`thcdI;)*%56#d{;AEtL>p3iVA%S1coe>f63% z4WyyT8+paWf3K;>?3$@zV#LfN(+dd!_#PA8FY#E0=v2{xwYTm^wAdi(CvzzkL0E-a z-&&8Z0l`|3?WSkV1;Y-aEs{5#$GfN4b@c7#!HJx7{Uby4y}%8u?2l(9e6k!OaN^Fr zOYAC;;6e@o=?C{rXOm3%qTh@(!9Xdt>M<*lx;97Rir1J!~(BY$ihf8f?W-2OSPsJx%sXVds1Z9}Jb|)@uTw``xRrB!_|Gpgv)v!M6si-9y z56t@I>~(Z;Ny-#|h@6nH2_EFCvR#}}1zH&sW%$zy`J^&TDIzzG)Fy-cT|=M42cQ2g z2V1~lPjMS6RS;*w+9vs=j3%NGs4q7z`kSXS(VMBUVP8L($=3UU8^l3J6`$NvPjfDQjtHL$}zi zw@J=sIA+L*|AS~{K>P!p`JeD&cqhJB&o~qBe7Zx~$t>1v(tIC`EL;+GQjgX?C=1im zU=STB%q{3`{#l$<3AmC0Qywn^C&RV?U(|rn?XO&AMo%5$r0_XTC-|yL`K1J1e!1v@ zv${Xl4~vReB2mk~XDJ7pjn)v+d!J&`-9kSX&^n}HYsXSLMoKG4dt|Fhmx=C5uZgXX z9>X?a6}GK6yx=%t6c+0F=ymJ*OrB=tlYYyw-LJ{nth}okdO`_8`+BZT9)(~~aPzt> z!jAUJPj{+Lv7;-2P1k39C}RAU?M!Y_hWGvz7F^L}GmvOfc~IsngF<(xH`KfDwmJFF zZ7-E|Tb1C>$TXLmjC|PlaxDnI8NubXk?s~7S7a#IU2Z)Uk8q{u7xaU-0;&B8veXrF zyC^V9q<)9lE21__mEE7ZoO~;+#q`CXP?ddur`UHNO)GpX-Oru?B;W;ZxZni+sV(+0 z=lhsX@m}*J^dysT`Uoqe!9rcYjHGNjk5_*%y*ns1kYvuc3gZO_A&0;fP1-SjB=41R zv5DGNgUx0hiGVt+qQ5=8J|eIh?KAfRXm7gZy^Ni|P|(m|$|>%1m-u<=YE-gPyjfNS z8r{#pcAEM8kta}H0vUA+z`SfPdW=Z0H#hoF7&L$O9LKQRxcxb&7;Dc}$8Hbo;F;0j`g=J4lWWhqd8IzPzID9wzHu=@Bf*cUc~`}dQEt0hZHIFY=HL0W0C zsJkh};v4gm&E)=U<1)+C=rR2W@Xm5>b+y#_$;Pxa?!~FrOtL?GYgwN5JwbOaV3qGe zT#3E~t{}(trN%V zGyzVu=I8$F@Hz#2b^mzf&rn8&?KULiRir^e3}%o$}_EJmH z5rvPCsE{QR{)iXh2c0pjQipKZy^?Icyc3<*8m89yPU7;BCvtdwUdFGx>|h* z=-lOc3v2p|rU4yx5$cs){QCa!2%945g+v=(<**ZmN zm)$y)$?c~a^T~Ejz*3zR&Ymgf9N?dSDAfLkmV!?FZcNv(k;Z3?^xrWinA1FnpNhqY zdvIO*BZUf2TfbGa>tc;*(B-4l2L&~Js1h4^#LTuAE`Nl19_Hoa(nEkKb@_$5k@D!+ zSKXE1_udaPq4&n!4BG-O>d&TD)DldFs`(Idz-DJvv6e$}s{T9qDfEvM53}A}7SB8L zh2=Z=OXu%b7v((26NV5KHa_R<(IAkgeaF$;{xNWlMAPz zuV4jVk+9ctG!N)dZ!O%C-5o2>INX)}VTh3O31oP5(2(J!rKxsnN)#n^1z(?r^8L_1 zJg9{6Xuv6rU@!=jl{aBIOW!;8HOtYUC150p?;za#GmS&#(QHvs69pG_u~-}5Pvevl z_7VP(CkbV?JvrLiH(N%1O}$DaX9~A#z-OTV8z=!ANPLTd>jNoQXrM;!(AIqbBbcUq z`}KcbM&N6R>NSQ_4EPSYQ;s9=G>9FYUcH?PmMZlzIpkM-=u%^6-ti*{2+6900Pl0+ z^41lfws%+XUIX>6h8=}uphe-&j%#5VZNN4%>An>HKi5ip21({ecNDF}b8zw$lvT~Y zB^i%4r+N^vS4T1tYC(G1f9;4{pi_$03w=1 A(*OVf literal 0 HcmV?d00001 diff --git a/packages/cloud_security_posture/img/findings.png b/packages/cloud_security_posture/img/findings.png new file mode 100644 index 0000000000000000000000000000000000000000..6aeaf1e429924f02676610b5ac4cb55c19108402 GIT binary patch literal 505337 zcmbSSby!qe*QXH?K~T7YFf>XxQZpc;bV`@f-7wS;q9R?=F`%S$H%NDPcQZ5$FbsU- zz3=yZSMUAno#&Z3XU;i$@3mL$-&%W}KqZCO1b4~rqM@M?NK3s`K|{L-L_@>ryMu$e z@P4|T!DLPA1GT0(+a$1A?Dk5SCf$jdJT7mfS=id8-rL84um zcfLeL>PyxP3zWW1bzFh27mI5I&S%h4_5r9cbyR2qD`W+FiqI!II(bVY*cLREa(u${%wDj~bx0qBD+HI5r)jnChQeoq2o#qj`XR=h;IsB;DaP(q1q4X; zq=^Bf2;6GLx&K{>JTk2dFmb59pYaqs>%|<~KuDn482JhzZDZ*^TH3>O5n3&aaPkvl zYfVrZVF?SAf*8AmtL@!NeY|-LkVp1mhu1KU&OOfvTZKabp=!0}Fkt%g1^TW(Gv3&HBU{(Px855rG zQe9z>%OiV89v4l9y^b6w9(L@peO2&Sm9IDMal$#LSXp(*Qt^#ran zlkqThsj;WU(2~^>n;+$3@))|wV@WO%e#R2xFK2gqtB!Uz{iZiU-Q5L83$yGaCW~XU z>gN;jhh6?n>zH|M5(_FnNOB$^TZPH)Q-uf+-fzEdnk2Mrvd~l_DH!R(73Jo|WeZGi zBQnI|3Na6-SVpe~P!SY~+gC5k&6#nA+ns;N{@~g|*W&U5clrF~u*f!{au^O}1V~OT zxbMKqZ&pk}QREMJz+S}T$<9z;o_%y=@uAq(G>PT(_v%M#@2-C!tL`;=k~0gJvOH!W zq{EGbdF$pbr!5P%ea$(8pDA}F3cj&BALNodcP z2*Q0@1yU$U&}>}L2KWxwMqXsz*U-IlXz+q0l~>~JT~&1cTf5=F>D3grgQ2KEzlahaAOkW+gcIMXpz%CZ|b={ny7PmlB zF^z0^*BtkX7}k!K6}D}(5zo`nHl@iL8)ouO#hO(8eayQUO@fI#&=a+M%-s&)%FE<1 z9(%KDf4W2CzdMrO3yRCFQZ>Pzf|q)?2zsNcaC;w&jfeYcM#))xu7?< zQse1DO4DNwZv zoaZ398pEhHsvVsvC|)L2CU+9C!O(BZRvH^hsuP^YC!6;oPkc8^y@+4WGs89Cweg%7 zHb1jj0o{#owswBuav_B8T)CY*<}TN{73<8O@*1kRr~r~b7-QI(*>QAsa+Y<0?^JG| zZ*6b6Z)I-DkLL{uXHBMuZ_jQyot~V=Z3D)d(r+!|yE!K~n~U39EkEf!K3{lSEgs?b zBdzT%wAsa9@zcFlrB>b6N1t3i!9(roaKE{Id-f_RM1jJEaFTLgAX%W^_@a3k9HMN5 zyNb2C-7y=Y6Y421C*LAZ&$uh6km#JWlZ2D75nsqJYCB`{N&ugeB%y%circe!$f)=a z_YlX9XRpF*O58ux%z5RxC%HpE7D$%1iv&YR;cU-h<$76r$79)IMb%B!zZIBjs_D#^ zFzWCWe4MZ<7}Rd6DyfjJ&@xvwJDHpK5o@GltYhOj7-mXlE-+mtnXs8@%B*rw85-WG--z9a z3%NaYI`2K3g~7ePz@9eez`ju-bS|8bRaamvP7H30N-SrrL|jKq7EA!P7S55sE0(Cy zbeW^3r)JT6J^#$+0RP1@$TZJ%KaHl8o0PPaPL6`P?mN;SR2Xe>I%yWlrcmuKGL2)GW9u^19+t_V=2Q#8XOIaTJL6imiTN{ z<-5v4_NREsij06*Bw)<@rRq0y`2I^-IsB<#6{mu1v; zMsD;BLs*odbf@uRw-qB?>RX1e@n`G${6;Y{@3E>L*czxCK#KEF{h@b!6!-ej8(8j2 zZo%l2EVk71{HOU_aoZQp3#YMpxVjwG7hvu;14BSWJvmn&|iPvoW!gaWs|C+P4?R%&-Kj1NHel)L@n!J5l34 z1qsy~UJ0+KH!8kV99K}T53ir?=1;I0z}*|{k!L|mK@f@%0oH{>Z#tjV7;eO>~YoR@j^ty8Q%b(4t)E7WuEZ77vA(d!eObSIme$ZAU?p-yW+;B_1)ES zly-)zwvA#+ap5;$L1P0=X?o^x(b3_9I6C3*L_opwEU@*oL(dU*Cn6~*(IbhWf1asS zQN%W3$`QU6A3dqi4z(1fbh(;KDCS`rEFIuaIRSxB>klqJ;rHRYkTtMRRC-iW-SnSS zwc6<0RK(SDj2oQS%uNBmBQIipurL*V(iL?Ib%L#&#qYudqU`2s1@}!m*=`Cpt4?g2 z8dcr05B8HiKX@|0EB50=IlYxG>yQTsp?aY((R=PwS5J?I=R4~=IiOvsUi-R-U(U<- z5~j<(Z`uxqyMA=h^X592+?4I^ZQNf0mETSs_Uw-r`QRX@XLz!*PbyAbZj%`72p0FR zdsmBM7pfO<4~`el8aOWBUc8%pz0p|)RRM|aCLJf7)?5c8<2s6z4GzvW;c(e%mHi*t zXgIiuG1xznQqYD*(9&8PL%G$b@$cXHx@Uk(bfKs@&2j%T85-XqLbQ>>dwveds)1|AT}HHGqd_Tu`*D&MAgl8*byrJ2r|)>HkFr0 zV@93dLBm2PN5e*)p`*S)bc+8we}(=O4fD_I7-(n#7HC-ic}4+s{P~GMeSfz3>xdck z2@MzZj~MlJOT+lzr|$vNF#q=)rw?@xOc!auuXD_AY zgoZ}S@bilVL}Oji$4vyqu7coeldtV>?3=b~hXQpZ%bTxCx<7ZA_fsQM=h# z+d2ukiPHZ0gb?cd=VcCB>OUWGwi2b)lvkpbuyZt_=4a<*=cEPRrKYA9aWpm+QhE96 zKh079L}|^Po$ZAw1e=q)t@ArKHd`mUzdHHf zeqNe5897?mJ6qV8$^B0{aZWjMPlC9H!riGdy$Im+)Tr{G;wWKfgBsKs`2Pa?PvgJe{7*v>j-PY?8!!H1^q*HzoCe+%;rKtP0qRtx+g0j zTzW^Um$9ytnHl5mXWzT#ee}^6igL6;ALgV?(bC+3Ju5A= z%)!3YN!IU64|sL_hxT@x6!^|^8j)%!vm z4IPU}?7#ZqR-z7W3%Do3;*9rS_mPhlNa#iMUlKqhMs0*G<<&K%D$)60cj4QH3&gxb z?Td!--~2?BV9*1N_j1#X{+rf+4l1^S3H`76N7SW>P7L5a9~unydw1UCsz|aM)Y6mn`#k*R-e2nE7ephrBGLYQFogIY z^W&CFd)NADr1%|Xu1DU|VwWgRrF$j6e&zQMZkdRsd7SNxRN7EjIO-YA&g#{<_WJn;tgQu-IBp-W zb8}+Ue*UGAuBV@jmX?aJ@T_;0<@onZScG@gOsPp;vZ&|z3^;=7U*>WrL(jJ@pgekn z`k%xp=~DM%ZJ3Wp^pZ~YZjYL+t)5Y2q@|^~NlyIMQyW`EbTplw5I8E4&#G%*)YIm; z)r7cr_52&{zjUjPCFS*$#Vp91_ILXbOCU9$Do%Gkm}n1scNr8ey9O#Q$$4%rTHIGkDcyc{YvHzh9C^IHNSy2XhB;!A=*iRD!Hd9eiCb~CMp;Ku+ zPnst*`5?hr>C@-$8o>p9Kd43+{;l^nC{{^HhC_ZM4mBgc=UB{Y-|3N8 z^UUMl)nhJC$htCn<5s7FnSayfqq}ckhS24~G1XdR&rS4jpCDVC+Pwm2{cMc&0b(yUI69li6sVO^%-7 z=uL)$va-_Ep=X!I2Y6ZyC)H1$yH0SCKWtfvNRrSnDtK_Eejodn zwTD~57cDtNn8EqZ-)ZYfKwGTqnZ`4D{twb3zKG3htF0~UPj;s%5M-(bCuht|6=#cW z*mlKLO+NWzl+8{*{;C$teAX6_4dw2>Z|aI0cUbJbZRO~F07Ye01UUNcO_vwdLVUPc zCL0%kmhU0s2>`~%Ls}j&O#<)V%!k@nOpBNrEt@rk?JDT+7Hy*Jd!T1>ls|0t4}nR= z`3~$Kf{}^6TMPa4EG(i0`i-pIF7BzU}vj6m~|R@K!GZOOR9r6|g;!-YL{ z-L|fHM140z^1(L$oOB=t){^mxR=VQfZz-i>T`Z`j4lo-1gRy=uv8Z5+FQ_Pnm~HR~ zn~kh6+ImmG-2k#ZJX_`pxP`3O(Bmg4`Mk_o?Tsxe?j>PrFgHME1dOW!BHW0nUWDpt z4Po7h0=#FgfBidF@I%=Zn!-Qqs;Bg)%#NqO9sHffKkX_aL@dB``gjjgGmZV8qnvzEIu)Y3T-$T- zcL}F0vMTz-SjpKzU#c>~)&?9e8gxrTU9=m&&L!U-elubF)#Z!1KS0r0pDf++%L8eMbMc_#j+KOZ*Tt_&s_zx%?j#ZZsvu%sxzEKGzOgdMKOM2a; zTu6-ajrMV3ry9v$5yg*w?S+~L`_7NL-8vm$>hKANi+ddXmQh>PGjd^riJC^~ywud`=+9mhp z#=q7NT%-wXH$prD6u{g9VL?j|F${n6tZ8$1h)FPzgpy9I4bF?k-Akb5$Ny8pQ5Mp2&{n<}(4E&12b`5FP^EJw5q6ZkMH9lRj1I z{2M7xhr=?zToj`;F;`%HG>5VeDf`Y>ru4Z{5*0jLsoJFJ|9@r$t?wtbrV5WJCI4o~e%wE0%p~&~zJjJ2=_HFLk#;LstF|ysMhEfS{<0L-SkG;|jk5l?c{LJs*%=+_ghXF@$fM#Y!&&;0rMb9MCe5vGbL z#Ydr*I5TtcEGa@RaybPbgGqbMppe)h zAcLBFSA=JVM}_6Pq{&5_Y(;47dlDw&)sBA0mikvLDDWLoX=7Wic6<`v<>|EXDsO-v z<(t!V@xQFW3mpkMmwwSNbgU7^rNPs*(5$G7B~#u*VKSBgl~u+`8IUM=4eh08cZxnp1h${anE5;}xBdp1wXKq#brQG+uKJ-4Cv|0{rc@U)v_Rc8i@7;v`nL};-8mSCbo5tXwvaKV7JJQ z9Xz+dL9y9!XZR`)&t_@vSR9{z-#&uXH4mR+xwzDPcm zypoCq1(N-OsFjEp>zLnD7`^cGc}|fE7PKE2Ma>1zmK!81GfxNt z3Ae{sFDtJHBd7`_I`cY$=D7Ol*D z-Mm}ctYWX1n1H&my^cpKl9TP9i*_fxS(EtfN@jP*^H}_G7ujM;nWvcyn=U6pJ|kk* zaNa{@RjLfjkv}l$GG3jLZ!lN07Bvbne8WX{ZBmsYgO)bl}1U%@LfggYw?Mp}+4 z4p0NsdUewi=>^rSUSHxffIuMAhLN0~16RA90enjPMAl5R z1-fD17^kvOYh09W-d^&OeAj$3G39E9;=~8nVgAO`Eu(a}EsYy%6>!9=6oNOYpJBx0 zc<XkxhDBT`@ehhldYdK- zfR2`<6@f7oyLWFPv^*YUb!6;E%PX0|-0sKaw8C!+b+yO^Z0Utq$EdGS zsH9U)SF_gI-8>67)M6ZRtwsI5VJOXqjh*JJ2=+N{=l6q@>@b}I-UlyaIWLyKL* zWX(nFGqkvP!?b!Uf&`mJ#y{x)?^>M>DRfyU@VvWr6gQdKK;gguylCEujG}5e+Y9c8 z&m>T*D?-F(1V9vpG9$a!8MsXkF1c<(x^41|A$4`PCh4LjIP+Y~ zadrJSjF@(PH-iVwtnKqV?v=)O&luS2Pj?NZ>v<$I5cwH&M>O*gnJm%w&}d~NfB`C> zXYg&0)d^Qh!~K)gsTF61Vrf1c`c& zpV4+dK*B8}S!xJB6y*_t# z+wn{v(MPkc0OCx3k2JjeoUxb6?G_bMDQ}&7r19C^S1$2LOh&W%y)|UL1jpNOA;)K8 zBv{&+GLO0k2jgN`G(KMGR@qW+&sK#)n!J%X(@nR&<&Ehv<>n3zV?_oA?0Sv#*qw@9 z9id6a2KxHuP4@U#YkLDJLNgGnu^bvhs%ky^da+9DX+~k!{V&c~pk1z7=WTlVMBYek z#vC>1aY1wb>oBSqm)(hgl;IY@?M*%M{Mn{ZZ)rvzP z88?2}mrzz}waI=trfJaVC1?#8DNz}ehwtn4mrzJmSdQWy?Fj(KIuD(W$3J-KZr z8=TrZ7)Dvv8^^961>fka=-s|f-#p#epU=>5s8#u9O5n6@GF`I6SLcmnausx|FLi|B z7S(0RCrw#tK=*wvM@$6m57VsYYy0PB!=`9)7D$1)HYsT^n6vuQ2FJEtXwI?3E z0$HW>@fE;v`Njuf(`9DsL(8qDrv0_WVID(o0Xh}d7KkBKPPhB}7Y2`}=Wd4)>I5;y zz@+q)Xk973qjyWbH!92(K!EL!S`T)9q#=@wl`NhVs`HR&A{GJdPBqO zY0q$rQ3#cKk-m$I<QHfj6>Y|&RZB6Fk;N!S{C?(W; zW0oG+hWVQER|E75d1zlof`z%S7xms%NTt}j8vPP+*?g-#$$-7(=$>*$qk`doKzw>{ zb7cpYV7xH@OZq%{FZ^|dtQB}LwdpDT1S}GU8x{ zHZ@`g-H;KuB|S-f`!bqJw{t{vxAi=~Gs9^yV11A$w%2ZP-X@xAu0)3Jve~`b=&H!$ zo%wJulWyQ6DS)DwPx)$qu&I5@xiSgK*GEl&;T_4DSc^cy?l7i_%OGCwiQjV_L<-dN zfrLg-FUGld#MFD^Mnxr_E*$##_9vSNNDm?x2TowaHAv zn*#ggFEe`|Z)caf!a61SFINXajxWQg1TCZQ2fe91euXKtXi(gR^$fsT=|1KUpMB|v zPsY)8Y{IfWp@W$Ev1RzEKPX(DIFK>w0}HwH_YHC)vchDbllFp#m1!T=2YW<^cHC@j z#p(X&C{9N}p63j`bvkB17g8tGG%0pe!@J#>U||{JbdQ% z?eGs6pVj1a26dG@Nr7!mO`WIC-dU+`tcF2~iZz6p#W|Txr{c4lLIw1ILsOG=_*=d% z;>M+F0!t6R=&KLHmr^!J&jZS$9dDjaxeUEfFobw zK>~}3%GP9{W_gm41qfInCk&Bq+0t|Th(*$WpX6B}Jc}+KDXw{2= z6VUB!rA-wQ&xRL2F`nB#P5LxPW!!*Ld&0Ovi^q&i)_dfxM^m-klv3bn-5ZcBz^7iE zKYp=hS%w=bDSxLH74=otoRAIlj^)~Yu$n2X^I1C_vi^fb!<$}5ZY6?c+O#sn^B~lV za_gWehDCka_*GT7r~IjqJ>n=x%>Chz=ipRllWBCAi&x@X1oZY&)&Y-5F$7sF{Q^cx zekJ4tn)uwU9gMA68Yu|vs zM2NH9iAlz04vKMI6+EvfTqTxnVQ_s;2KxpzUy*ZeNW}-m3eVLHdzhq$0Ag8;u6Sj2 zG&YOo*}{=4l!6Xf7x^uV2rmQo4Zp)%+ekUwtiR$!rZTHG$cloO+t$ZNjwRx=p9v&q zA_lYo*BJqL2LaHXF$U090I#~QPX_R{Hh_IwES%@)BNNB(E99=m^_9@Z(kaKyISQ32XCO5=PV3}Oe3j$*6>?bwsEUB zgpVzV(n%>hQL$LCNPm;lrou@3^=1&|?sQ9I?MczB^TcQHg8QIaS&{dOKcc=GdA5xd za{9nhtABudMGt1X8aqqXz&M$Y9y!wwSlEBEoEoXmmpmBPn*;EBFOmC-&dqrtf8La6Mm zQ|9W}5}5Lv!Rbj+*;VymiSVMw{vKB${j+TZ3O4Y-KebFV=u#Ah7y8(u^cUH;b+%-h zA+=t%JtKe4heCr5qyR5_<1PIvkNz3jK#)*yZwh$Mwk~^fwO_#O0}zq;gV%BlnSS!< znFH<26tTS5P$d;P5A!KPoP_VRTKjtNw$etD1Ynt{b^p}@NMuZ-pa?3^5XP6#49TJm zT~4jT4IDUM4qAAtn^kHrHzdHY>GPrGfkLC{G8YM~(zx%&gw%7U@3EOro+n5I-C z^XSCv$%)y^=zE#Fyq6cki%6!&UW3$+jrQfW6%rDtEcK+Hd$(SD2c4UJxKBCLUDaVA zzjkwCa6`^TBd9#-3^|ZFtseVrBP6H#r(=kpODoB#m0wlj69Xlz5Tm`fsav{Tx-t%n zv_Q12Zgdnuz}*k_MJ`sA0c_3HrcDZ29Eul?X4?rm0&MfTWypwomz!S+%XIE@;gm1HeUtOTzfe5dsR)mO=TNtrFxmf61!F?;3v zcB$chingV9h0oi0h=e?Qr>rtxULAIN(7InevhV|?_{u` zF{Pj!z#n;K_cQ1MX&-zWL1kNj7WP>{$^~qs)#14)nDCxxjdqoyC$gV*zUiPbJt{iI zXtHLS=rpjBoIW29o&3&hzSeLPREGXYe0GTGMuQ98SetkHU3XNbt&;ef@zC-Z(z`l|4O*H-CDh~6wM=*01jKAZ&%X>%Ne?w6ZFJqkP1AKd4 zb!R-!EYEz_&LRyKg9gzPbl!TKt5J2xp;Ki&&x`_ZC3sJ2*=DgC33wFoz~U7`vp;B} zUq*zf%+jmP3G6K>%?1!|_SRn>1cd1o>Fd>a4*iI5;G`BnA;8D8<4xsyMi{A}`RZq5 ze47|iY>u?u#Q3W^Pv`)A?BD~i?7ZlD$`^A zH5e!Ub)sOpT5qgll11+$SRNy*#ZX-=D&QH((+F2m5#vngRP-9UN_@iQbA#b&v*jsI zJ*-8|`&qg71`~G;2`8H|x$UHbdUiFAXWWsemj(|H&Mr0kzi95lz5nFPqm6ACxn{1U ze_X)*8YX9$?OeGQ3MG^5d;(k)u<#tsOnPG%3ClB%WYDsaw}~2e&8y5~eX08@O^}$J zRu*JFY^4K2?Z!!(84f?z(j6YmVw^B<`9Laa;I!FK*e~@Bo+5m(#Wbl0PMI$h-{a|z zzR@cUF1&ZHeBgshBUYiWx@NP0RFKwJHVkEZi%ii8N8;hz;o@vr@}4}r3X3%H57P&X zIz;}c-G2|?cI$|iTWLK+?8ofwSPP*l$ihH>s04;6OfL?A?**I=;FkSau zYh_1CdtJPC-`Hl#RLfK6f3_c^!8EHiz2E4WR->^Oq#fC6TDCY&j+NcGL5z(K ze%c2-00%iq)HZ_K-JgH|E%8A8Hk#se(fE2A_e(qWN_JFo+G2XA=w)?^-Z0@pIFn#n zek%DU>FK?&&hgP|>w;aTKy$rCmTEgKkJ}y|(F}Ja`7^NKL6>yRCX}&vdG#aV*yXkn za=m$WMrwX$+ypt`^;q~wbh^CikjAnJvGKO%c7p#Iz-e)q=eVl~C{sh( z44&E62qn)GIp2$Be_V-!`S&>E0+wS#4KXiC0Jb|r`nL64lQ`iPw|r8_x>{1gfga~L6XQg zjMQV?cbZ*KNP6K0)3x#r-1%7PBRv_;{pwyUTY*YXz`$UfAS0)UW}*O(qE%Dbp#@C5 zb@&_LPN)ScAUa+S=zU+8^mgHEnU?wc5Mjk;r^86RhYQvipZwRoPrjTb^4-N8B7+n^ zf5^GF(;j`1Ce6JcxXuF7X7CWj3I^0e&Xe($AjkrxN1!8dL{W2t$NXjcB1pwh0=3Vx z<&q1HK{0NM8VO!ZSp^TXTm7iQ;j!u#D0^5BU(l_~2lcd66d_NG>gMaGsm(Dym{l1mb3_7g=D$l|8?JtOlj(VZqr=9=<{rIf$BX6Ppjv3}d-82^JU}+Cd-z+Rs0cGkN99#4M=}CoK|YH| zpxb6dIh2)a7dE{CwiS;|H>aIW^TXWh13+!(tWAMkRkM8V8#j@y5-w-muw`!ptFNK5 zoI~_aD9!JB%OEwHsl$7o zaTK`*@@5xy-TT6EJx@2%bW2(43Ac6MU-TxAG#+U)_(1%oD(SJ&&1&}G>-?lG9JuG3 z1N?tf+{sA%z+S?|Jfka6%upOAexjS!lypQL>B>`MOS|gW!G1{--5F!OxNw=>s8XiA zZVV=b!Q*P6U1d!y*N7;e+aAi}aT>iBv(E2M8VA?H>~8xDDW(cCuVK)_8>D??5MI3? zWdG~EOL!*U-h(>JKva5Inh<*13s`d;ZSnbR?Q&7=Wzwaz{if*<@CmiGCtIyWt-d}_ zUlpGCwyKk7)W5)Oy)y{95IfNp@RkTdi;if9@TH4$l)eoVNCQsYixv zx<&3_g+C|+M4r3suDTrWZa2~cpNs4NwkJ{eQLGlj-nj#pU@jRIh4i#aZSFk?bnZ~} z`fSz&6Yd*5Z)lP|@*nud0DLKPXUOQvFO5e|Y%P!ly{w`C9`643_%Md|?nD6{{C-0s zb)?jagox3E5c^a8xNJFy9&fQmFvuHHr04{4&M|*mUO4%+jC^gQl3&))f1mGS;SnfD z)y!(>F@8%7Dv#Eshdd}x;`KcZ703?wE_yw*HI#n`zkjqGzP|pkGG^_)a3N!1U;L44 zo9`w?AIWE{@$VLx(N&3QW^4o${G4Up_ey)Ocp>uUcNj6ILN_{>JaMLf03ipUghdc; zWE9XDy3o+K*^TwuO3N;F@AfE$2{HRa zPw!UMKHu-fXLy~lTK3$r4dTl9&_*ZPiC4Pw5lC72U|lu)(ExejERqWs?u6LQgPuN0 zo@Pqj{b3hug4L7fdy`<+!r^Ti?Q#Zhe-Q09m7^>nyo&OwulxJny1+^Yo~kxz^W~xn z)knVikPag(s=s!dC<2e%%tsFlZv68#kCe9{-|@Gv7Gf+xQ-EJVaN5e9mv_g)%Yn)X zQm~iWP;*4W8<6(b*BRbI0dGtvK99LF<{KRPdv6>Vs2p@x$&a)`<&XVi*>2C&x^uM( zG{3=-Zxi$9ynYmd4kt_6E17Crt{>H%-p1wK@+WNFEbnxpAV2y^VBZDNv+d>sv3XT9 zlWR)M7kEUq^3l|~7%!Qn31?zadjZmn#S8m?TrA@b?}EyixG5y+%Oo=#L&U(r4KAC* zHg`6OeGP+a(H{VRF^4^ys8`s zdc@L>-8=ip4{$R&po$6!x%jN7lz8K-3-Poke7VW$^8?0>G3AAZR>BR;EaOFLE>w$c zBu`ouxt~3KdNt+<%5mDruL|xDS)Li19E1$??Y+Ip-rT8}%=*NC*_>Ic0>vq8KC5$u z-A6dXhQgk)j&Y;Akl)K=7}>)bPCS^){RWY#n-H{LO6&7!a-%MvZHmsF9TyqaLuvjl z)PK}Wp*P8Hz`pLG`x#WIalB8v)X-!&tx+?O@aBjRFd$G#5nO)IG)%odQ(-x)cC$IG z=%rb|CUJtbA$nt*ZX$sHiqoM*&A$1fJHC#e7*b%0@$^hP$LxLOZsHG_l=aqrm9#*y zM548zzYMKzpO&F+%Wdw=b-!MEKmI(6!fZM-heX^sN^ILW|Y0i9e9#q@gXQ5#kv29=jRgOBwT%pF7i=jfAssWT#?`>iFGTTF@Jsu#Zu4UQ(tTXrMbF zm6ewwE-Qa{OfetP1F=YWY0r4}&{uS|P^qy@uGr@Ra(ut0|IxAXf39G>NAKDot;T!N zgBh%dks=?4QL}-dtB03g2#K@ML4SZQ%8xn6gA0!TT*R6CTfg^)M=4X9cl8Zn#cWHw7k&={gl%K*eOdwZu+xx!Ly7>j_-Y%n!u za?y?DO*^*BPLPIv$`fsX?YprYM5gw53sch;iI<+QgMvb3%H@ke>0)zxSYv~`YplO{ zb44@KumNtCHe~E8=(O2BliB6!LmHwf-XBWN7gdK#P>irr>CCTMEa@Ev`d7BZ0AO-y zZ^Nmoroi3wz|(z*3l4G9yk;*dC?tcF){%ma-Ys0iSKVhv!aZhy)32O|v z749k`u@R(%N~Ww!M*m^GGS3k0CU9xFk^=R*m^e+~e=u;?NjcjPzNzM8)^OA@{y21{ z=KhLBoX{OqomvW?tXYKn%2AQ5LduiN)!S<=s%oDP31{i4*JnjV@gUE=QaFRW>E}16 zsk{~|950LP*plQhCQnFI6t~X9;|dS-yp#S>VM-+b1A7-`)^k_(;@877Csj3R-l3ak zm^X9CiF_C-}0kRT$DAG7d?HO zOkc(vUcuq5l{m(dJkOI(+0c_csP~2DwsA}+`pU5HF+dmXat%J&YjCayIQwj1-Kc@8 zpDAlgI$aWot+v@eQ_!6-)!pyQ zrRyxlD;Z?-h0hvd)mJ1ApLZvheZlD&_$Amw#eP^=BaeNf!#-fgiKY9!O5(SpFzE()(F6gqp&)0u7i>lZU z?F)J2QU7)rZBH_oRCeJ8*(@*JU^iZxIp?ZlP z{B{e(4!7EjN^Wai%dQC2J0&JpAzH4}Al&9Pil&k`sLGedD_DoNeuanpRxP`1AR*GW zPEEU#RYahf%krzQKIXnt{C-=&NbUK&iw3HamR+2|tpQi`tl{>hPea(L#|W_^VDxCZ z99MSvbuH>mfCPk$tdoy}iGhA9tL}xLXVUqkF)={*eU$4fk`i7TS=sV7-1$Pdsl56y zA{(E7;>>%xc$q{Cesnd&eA`%rhwH(in1KRSIh`kFhT5gZxqCAWI^?|O)cyyLjq6qy zlk{%qO6C!6`hy0~IaIS7AABbtbRqiQhk@}(OpHYQEHH@Aa-vwePD?9>evv+n-&}KX z&WL$>?U{Vn_#%Uk=Q^L05A&V8uXs5I$enNLHXQYbDv_Rw<`Q@Dx33psUI%;BXJ7nGHelqL9nrBKl{7zGZsdGGRdtBR7+ z1=z~lP%;A*bETQ)471=9kdFy8r-Ns~*$OGd5avo2_8iqkR8m%65Ii6fL;u44B7K;D z`9(ChKEy?4N;~o1(8|@W&LhEIC-{t%KPNS&(#L*?VU2SJ95yB=^YIq-^vg)U;o2RtA1X2t&`(6zu4RQ|9b zpr4q4dh%~3AVdP#8Ox=EF9<*XV!cs&wvb%&71|W_G>{Q^(Im{FTTiW;RZq2}p5GRr zBw038?O+s*HvFQnuCN4RSSMRNDzw{||Cpk0@3Ho^)r$j&2cg`5j3Ig+_14mQgW$>9 z`K(=8lbthSregP{*}+k;a3!NvThfzk_!qj@cg;kHD^WiF+Nd-Hl@N404z!c1vejFq zT9I@TMV`QKp-+U>SwUmyI64g4HA zmN2%FZ#^l?b&7hMr>ULwL>SanB+Kdj+-3$dgd#h3;L1kdDpF(9stQl~{R5xY&Og%N zKyBVAWYsJDXHQ{$|9VL=cwK;Ja>jKcVfsm-tOI|5n^3tUg6r`uNCQw!G6*c$X^Xj7 z!o30gg@O(NIRC@md&V`nF6+Z~!~!Y`QX?IuN$&}Y2uM>AkP;B-(xsOW5j7%JdN0zX zOD~~_G?5M>B|zvsgiu2u$@}15d!Myj`+tu6e0o2eZ|E<1%G~$NJ#)=9SITkUlq$Y1 zAitN1$ocF>k)xo&%gxdjotOeDP)v&4#>szn6NFYMcq3ha*zFNeKg8G-!vf16w#S{= zLMCl}7`TIYOi5MfyDp~x#jk>yf3ML&wJrQ>(1pf|^z9}{NCVU1rsn|TU;cWW8J_iX zp_r82FUZE+OeVK9zd}TOtEU9Tw_!duO5; z^6R-XZvJ~y6r4&x$6|8cdSIeV*53IVd=(6 z^hX(^kwy63r!bP&&Z)-1gQ(gr>@`P2NEV<(8DBLBifk8l$OtMRsuBi93YLY z7uAh>?|hwZ0nsw1)Ihd+c^DIu*MIbn?y85g>6&b=@_SqIz+~ zGEIF$#y&zUP@2m3ZdF1H!1sOuXM&ei6xbx4x(zB}Pz>UE|rsMZE(#8S&X zv6#p)!apj4?eDbT7KsSqCBc9U9#i7ea#@CqN)duIY< z)el1-y6=b+8uv4GFr(tvmxcsM6{r13EO3*4!PRpYYi?or*Zgc0Z)D-Q#?i=!t5nEe z*eQ>W91YfG-kqH>vApqCT;Ud9ycMQ3g5yFSQ4O`0|ACXwDkUjU0HJEQUa6!i>C_ge zqZH~?(D4V8I}#~mhohyJDPBjLLEyR+dvn8nilbv?yC2Vql-@3@tFPa}^gbfZsS@AW zYR-2>ntKYH{Ma#b3$D^M44|&5OgWge@a@e&w9lNeq*vDM_g`7!br1a%_>W>@8e#&F zo82|IK29*B;e&zKChi=8Hz;=ivtd>Al5FMJA1h7=)7&b}C4E9RDrRFi4!RTkrrS-} z1_Lf!qssbUhS7kDz33DD%r9mvV8dmerIa;r197`iCOV}aeUp_Rb|p{el+tSKS$TO?*Bam+Jom+~RxQ7j zF86Juq*;}Au0WN4T}g7^ikR<8K)DiTongmnXfaBGv_mK|kTyLFSE3r(CQ&Ep-Lib# z8{WBk&ewocl5)A^8~*kFLEaRs>CHQ?dsblw2@YMK)EB+azZ=X>w3+^jm5o;)_QHO*Q zs?X`#i&F|ntA42fC}pK`R&o#zPoOlJn{1q3P+6&#pHjY6AL_HlTEGR=PUXZ;4*mF< zL$J8?)nX?{{N>Ah1rAlW2s;=%-E0|LnrI;mQw3D{QZ~$V7mAMJR+mVCwfdmQ?) zMU^jSi2yW!+DmZAy9VGJJluTGz81m2bzQz=p5I`Won|p%ZMu82MU^Yf_WA59;kuaJ z6?Yq}H^=K7tiPmouTI|slE9>qTb4yq_TdcT_G7bdly!u5JFk>J@AuJ+_BTZ)w)hiq zT%)VElY)&YBFwVqv_v*vCJ38s!U!3r=@Db$Y*b z-)VulG68Mynp~J6GME4O!GU{*PLabU@MyUWJAiBRxj6(aNUu}1vmKk$k&kd~zy-H; z2AQ4Q7>DC6Wx5yOB$|Y=^(GMUaWd2X`Rc-U*Np@;$q3-ovHPDoAJ!u$dzXquk_UpH zYM^!Mv)K$ZKJc*`?;$(Cv>hoC+X6$+0%Yl^Lf^i>PLRKl-=lTBwbhski%CsQr>4sQ zskBf}P_Jbdf42YOuSPu@Dq273CBYT!t<&_FGd^@}rGf%;;I^IE;w=kr=r>{+EhzSZ zKSD-QdrxQC zGn8LKhwnd8$Z(>_Z6S(B0V&(`3zkQyLt69>zJ{srLH)YV_K_4*~bsjwnT3y?d@fceK(b=02OhYJ8PWJ2l|(sYfyKj;VfG`a4*(AXbov z5J@C#ue1YA`jSTMnnl%@nX!hJ!ETR5Y=f<~&2Ph-JNsk)(dc zG61lL0YLkxYhy+rtHRoQ!uIlr-9mRND`!?aqkE^2KvkuyqoZk6*rm3v3zMTqsxlpsYLXe@bZCH4UQ~ z_waynrLadj`CAk(ea{y&x=Qd58@O|QJXFe9HHN>^?<)yBy4IVv`|8qz{v`Z;hN1e9 zHmEyi6uvk077XB#jI-8+g7wXh?FOETdiH4-=)>D?gz6ZUS`_#!pKNX$P#QmMZgFvM zi@|sEhvK+SRlo4GlSvK_0XkOpSEV-UdpqgYScU*_y4w5x)Ii~u2zdvEjh!uc$u{2K zTx1VL#=c4~b<;6Ze|ayX8R+dTXcYx759T7`C(1knDFp=L-(I|qO9Obn!Y*H*ARVS8 zC(2c<(po!ThRp2vz9zqL-N;aR8TTOea?a3xY#(*}N_9y=eOqVq#;qq@v~>bvjh)2q zL=pF7CUBy|O7=|YB0;ZbtOyam@AipLSTh9;a0MO9iE2x7hJhj8Q!lAGdJe$5f!%jA zC=e8YtJm6GwLDYmE1hM;2$F*?ABD>;{#VpWQEoecC4eJ zY8$a6J=F*`rE?%IuP$EzsoCf-uDkzgZl8Pr&s6N7bsLw8P~PjrV=s>+7fNvA>Ug2B z^j~ST8@v|;dM64tm6-W2{3PS6X1&ekAF{}5s1e!=V7G^6%u=D-(LKR~oawJnXbjR; z&nJMku*(KFnqlu6CtJUczM>`POTrBZZy<^~e$?hs|DdcG;jesOyVJv-X|yxg5JUAN zV3+t0-oE8b0gG5-x#3G% zpLor+pC@2!*aD~$oO~v6NSBM#}`^$)T&LPTwTJOc2HC%XfneQKt#U9|C4uav@OgvlU+QBQWaS}`hdK-EI8?W3kckzvlwBL?p3?$iDidi_K7 zEKNVXKecVqY|R+j1yc*0V06g}hswC4=D3ES+y%}Kr^lPVaJsh)DA~yj_RM!lxW`a& z`SnCi%6%ya-CE`b1KrEf2?h2+*A>^hFOSb(pDjE`?^6j|Zm1`Bjs;pK#9cPTS)M=L z{VvUq6wi^pdyHR6Z8~a#`_gp*+^wGX=!sz*j?OSMR04X za5X!{gx`zGg_aMV73WcOdArqTit=6S@2D6vK%z zpxFK9K?tL(4pwj4{=c|G4 z8&AqHfnFn;OJzac8@Nx$2V;$i5{$6ZVS!{zl{7YaivF4`MIL25p4%R+y2ecwoEtGSm=D`mYjG10_5+Xgqdp#|YNkT4&z0-6LH z+a}|)?H9*0H447KBc7weJ;wog2^P2~R2X@8oI9tP!mjURKSVft(b!B$PX8sNakclI zW;tN~P3Nkk^Vz-qsn=SG+0I!M?(0vc6;zlMLZhsv71)T53mw7N<6a%FbXXUQ?M#)R zSNA=w`_eUHNr{hJ&fYqy)X~)JZ!FxY6ZfQ#C|SaLKZwX%0Ti(0l$#I4?QRfablhg5 zKtnh7SO;i8kqc|Lj;meMHMvi`QphIAkm0*!Wy1E#UKuESS60x_*$VrDz>9&WKGtwQ zSP42|*%jebj=#0bkdf0^46tay#nOhRhcvs!S_UiNjQ*&#vN+($ekBR_WM|dg?o*y| z_CH9iba}Sp73waovB=>mkgM=4u{L%x>qvZj_x$INZ&o*us=$F4MWArJ7wT1LT znD8ipfQdk|0Q zIgkb}sa5oG$L;%J<1@q$sjuG6ZJ?rFN)Z&*M|0m7Nx(l3`nYRUfOds^W7@y^zS-3-)kmb^r+56-QT-43$H-7o4qM#^wQh+$htwLaxec=^P(g zC?mnkdDp%_O<}+HhI){Gt(o;Atm^edo%c6@)ix!5MUT$jBJxh5KU*;Fl;86ksUi?p z%;?A%yFhz5Cx}+%vQ7W2^xnRp?*wT?3e90bnuC*dR(mu6fS1Em?Mo~#c?SzAS3$19 zq>WVx-n!EJ_Y8hP;^$O9Q-7qE5LP$rrElCuzkPZoxG7ktNVaPyb>_Pn6|?ir#>Otf z1^Wb%t#N<*sYJtY#VWhPE;Vo1Y{mS>_pl$=yT3+4_aN`Oi7QnWLNRegCVI@jVZ z)+I^>yBek&y{f9~oaPn|j7d*!URR~<$jc6S#h|+IC7=ss);eryHc_H$)|MG#JFu{M zCZ&5|jUZ$GBt_{RlLjOo*X?`XtW9!aQ86>%c;R9(+sPfIbbD>!`swoK3szX&wkta^!w)tht4-ly(i z^veU89{M+Lw~sZ(u^4g!4t4yy*u_Tb+dsS*@Nm3iJ)eHraQC~(oo!>(SgcKofH5!) z3NMHL_>4K6X&AZsl95P%!sQ%-8bqZNuxI2S>VS36^IY~YWju$)rnWQu94oH0-PWbk zD|E1Et15R$=~X*Lx_jQtsQj7waQ*&KQV#G+xaZGH%qKr1Gc1DhL|hhEFUKED(y6Oe zmpeG*7*rNEj0&t&|DYF)7Bs$Ivl;_*Osx_M^eZAKU|zH;WqO|+AMjK?uuSg#e3$=_ zdFA}W7RiLAR<~G!FJStcPc+#)_cz{B+4RZ>lJjD}MXw~aIInGMY~Qg4qT6A=QdC~6 zW6X1Nt~YHu1sPtuLtGJfI_*y>pdAQIi-s^sv0>{ahColP^eit|7pvRzIHK)(uX!aE zD-^9vE-0=v4=4>q*K_TU*!HH@C#lO9aVHf|byZs6yIKu3xNs%~DxdoA@ba79gbxi|f0f?GGiyCtj3;2j2JrwEkAa!T>{ zGbkNUmDn)Nt{_o?Mjim80+Rt|P9&I%@^jbdbY&XG9#sJax;vxBP%}N6lp6OHhIr04 zyGJzYZn1!XSTp*fzQjn+2bqxiWg@AOLg~%gd0h8}4np@DHp zI1e&$(e-}*Q5|5O_aZ=xXuu*!iJqez&wN)iyvD$e+&v+nI1rUCp{ixKO zYT97$3Y(Hm%0wrlAYOLR6m-7$YX0PsH%Ca+_m2R7~eGIsOzADyku@`xV?Ipa|{J)aXYx$ zfQHuag?-h|7oej}(_J2{KOeBsranmk;NbLAr38$HrR5=Tndyen4~NfwR5yFOg6Fcr z59&5S_9h%4qb1!zeZbseANQ28uqNA&%?v*rE}EfLW4Flun9a6I>mFCE;qj-crHfY? z67=qNC(Bq`&`8~2z%vzEy$m=NG*k#hB^v`QlWy>(9N#MOhtTYla>Be}ilpZkAEUFk zyUN8x47X~9n-r^NgYUOoJ^OkH%5H7e-EJN6;`!$joGUig(fw6Bs;08iRK(gv*j=m; zFyR?~aB%SP)>iutZ(L8-j;3XBZ*z3XW0y{^lub*$_E{$@IAi>YOljBWovXCjoDO8t zD?(ukdtJ|pr_A#$@nv<)75_2y#7m=)P{OCl)j4X!22+>DHJ+@22y+)N zCCo4@<~6m=S%&(sJ_C~J!J7WZGW!Z_Do1cTjYSKsD?d1CK4Eu)w-|WuLxvG|S`)w3 zzbC8|g;o;#)qGCxIeX6JG;Gv zfDoL9<8*Fcd1&}`3k$tY6*~TFnfBtvspXX*Dnc&jLwUHY0wotXqhCk14N2>2IPI@` z0f26o>@1Aj-!%GKL;2^V`dB6Bxm@!)Y|yJq$@~|`5{0na)kf6h=b4AnX?F;b#R1eQ zd4uw;V?Q)W>rz3SuAJdw*e>@H2BKV3*%X2W`h&NJC+A+rkTOp!jC5>()=?E zJwMcdkCMyVwM442UC#f(bi1dTs$0a;KNJ0h`@yo>1E8y0eo0Ogjl35b)B1}cE?wx= zJ7YLm-&&+W*j9DwxtrQZ_ML24D^j7JD?Sk+^V0Nt@ro^#{-F?DRrT#Ucp3cc-stBq z6!*=SKmSXAXT_)=7!bSV{cP;<-j_{CMBungR-He&sLifF$F~WHO}$4oy{0nDjP4X4 zBl!Cr1TaCOV5UiiyLyh>AGUd8@nLGhxB0k-LMMw|U}g2yM2|mf9v!|_D#wY_pRZF6 zz8kUdRQ6f?j^kPyEf19Q8?fw*1S%oz&IrBkyK)v={ttoqcd5h_LFf5SUdwdTf9lZP zr#+NhqwT%~`>Te@jSzXD1U9uOx4QI-cGqYIAPO(p4ee1<*L>-E^+Y0i08}3lZ}mYz zF}{oS{Q%*Q0wiGd;WJl>)$3tx#zwjy+5oO*>!hkd)fd?i$CNHMpl?X=BQvj;a8%|t`dW8Sdfw)R0yb2VI03o}CZ*E8%X<%JhCs&6s4GgeRbi0lZ| z^4^}388GBKGhVJ-2k@dIS64@$PklKVC$x!SLwWfB*Fb~3-eo`~Oi$M47cIt*lE)YZ z2;U=26^`$i`ifCKwv_G_22S`iX})V0E?@lvm!4dHF_D)*Wr(#UA{sUa zH`h&$blye9Q-XgI-tv*I07IuaoBMt64<9 znpdw#*z;+BvMBLU1TeNsab7l*)~5*Ne~UP@%zh;=g%eOP!Y_xfO;=(olL}2=+d!ap z`^4>-CT6Y5m@OwF_*X;UF9yO?&f|rIzCSB{$uFG+H1f8(r2eklYAECPQz(GNmRnCR z6NTuAQB3xRm3A6=e|$up2t3=)5BPKVjrMa@T3A~!^K7XkU&eb;sNaltaFm`wn!!*9@vmilbJ8^OZ1_W9JWE(b*J zAi(RiS~aeY|9Kt!gt-rO?A*UC-u&xM1$JMC%48pjf42B&!9Cj@iln)zxjp1;=-Hi& zoVEaohzcNGElW8_#X^rY<7V3Co)5Ive2dN}A~O2@nk;A$6KSsyfEMLx5h+R5zm<;i zskMhsGttd6^Jk38PmKof?yRJXgg?3bA1;)6y%#{9_mI9_<}O$ZYt8c!HG-w#Qu346r2G?8-$fVa8D zj(&*(*Lka?fa~s9y7iXW?w!#C1cw&u^4k9D7C$v|fN2-tI1ROo68dx90_Xq(`y-&%%mH)_uw`OBlq-#8Y()tl+e zougO!CJAE#yz%qBjk!nhX2yS80wBtqyL=7DdR+4i^lz)@w{iVG0H!1y^v>3_y1f8q z1fq{qP`9_!aL-=ylbYMi5V`T^3o0Y!IU^n$$;cRNA%U4qe!G3b_`L|0?qs=yoteIC zfA+9H*64FN-8J0QXv%S~KN;!|OJ7k=1$0dgx%bwi83BN@P3E!S#I!$K^vJO#I!QR` zK+sv}kN?|l_@k=$+qJH39%}j@INzcErKtGZC;yGF{=Cb_Pk^l+4Qus$ z{@-5VtIwg!lbQMy{=7YY`xSr(yK(r-23K~zi#YyouOJLanISqMN?RBHUzYlRz5gH2 z>34<~aP`-6+vk}6w^#VT?eNo<|NqzypE)(Itm#g2;I#Dv}`lJ;h?Ap4>_iuvYZ(Zz)^0k$c>sPF5&;6S`^EW;1 zTNvPE=8I;1|4#4!xAy#v_(M0v1c?~^Z{76&p5Y&s`?q!=LA-aFEtT}J)Cb7x33l>c z$5=1irn_+BN~F=9q9;f5bzAay*wg`4DaD*KkB?NpbRkZaL+{6bxb|_2_RgJSucE0q zj$SIUHt-cGjf*Hv7&q&XLME(wdtl?>jD|V5xdvJ=5=k4(~WS7)`B9>}{Wg2ybq;!=$hKl~V@gGcwG) z(RGuwov7V=PkMaXMKP6aZ};i?Wa9&E?JI+W+7Gm}lJfJA!mj~{<+t6-FZ}draOA6E zn}`fQgiVU~jkS20JR6E=>n)=h?&gaIwx!)CuF-P)Azp8vFSb%KrFG+>3ACon*E&X{ zq^k%WoTMu9By7^1Og!z46~r9i>GukN-cSA6?9dIZI6Cp&p(LcKUmN$d0;^)JfL!0 z?me1;#&RO%d5G<0e5h?Tlu6t=&q&VFQd8Vv>RoK5qo=6*&XJkZ=WhDFcU3SQTmMFd z_4;F>wjQOjQFa8g$lU<+c}E6vm^6PY!vDjYALqT8Y|;<7CvvS|%W>&DJldi}xaawn zo5QMm6sZ3mwP5{?t^4yz4uoy_C)10$AM+T-rjpcB!0gK_F)qVJ{_>V5``4R>i%lQ- zF7m}X{r=97uRM7IRHHt$cieJFFhmf&J7o3DNaER*bN7rah>a}!EnH&dNe%77A%?a2 zLi6<{vcOVA;rOz+KKY)0L`8o&qD@yxk)l$|*cddB-LsmiE8MKQIp5XeE6tSZFHd*k4KExd&M+x{Yar)mQG82a(pt43GOg`saGEwr(wne5m(T zK@g=+yXXLF0*yk}{qsUDi(%a?PnrG`Bd8u4VS1S`iI#)#`)+rBF9Z!!hv2_PqgqTN zDwYR$<0`EbYY#>@z;&m%xjzY<`LC6rGycm;*j9`*f6U2Q8@+Xx=0Av)($}xydsRNJ zQORt+-=8i%xmn}wk-}0r@U;)uC4uS79=d5t>i2-Dn5G!{N6HNbFfM=9P0&kBgi7dp$BJBfpqxt#AU)4zt zyfx8wYB!?To~GA@3=TL0GnvJn+f@9(4!HNv6_^?Zen{*Nj2KR}?|NY|=riCBPl1`f zB>HFP{uAqW99o}iW%MYhjyQkl4aQ@jM-MJG$WDe8jynb@X(p9R{&-M-Ni{Y^e)q%; z#JP9vGkNJB{F_!*R!j+7am-uKxO%1h0F@3!z!3kz-iuU7ZEHk~quu1C3iAe>C*W92 z5(|p%IOHHEfiPXhDYH;SEn8;h>}vUe+d^Qi+a!clK2`aN*?8|&iQ1BnncMTVo}28% z;tPv~FD4b-=a`g!KLWYj1@^tjJ-Msw_}=5Sv-cYj$$L`q@&Y%VT(rMy1A@%Mki|haLc%t{JL#(KD#fXcUEpp_e$4s;-%A80{(rlUOX-M2o za%@g8ZHhO+gse~pYj!=p&_G15BHYDvr%)?C4D#4{V;uhLe@Y_vh-RE=(Ji7`y>LblK*w3%Sxno~>*#K|untHo`l zL~J4@vRi#s zUl*BW0$pabYD5^U!MOzLa3C8|X{$;V+{o_gB?Uwo39|Gf83X=MfPshIY z%OS*!?n_965~aE8y}RT_-lzBsY2fPXD)d(PB*sPf3lEyoZI~+uUtPpuG%?KO+6qI` z6^6(A*S|4`)`qD!KriX2`13};{l}ph!pqf}AOY!5dCspy8d{K++unm57zL?)F?64B z)iiY5>nWMZ&CQ+eR~1;?Vj5@06IKFehG!ZgnMth~-;<%HU0BO;0JE4TF z_r+MSH!b1R#+%6|d0)a>(!YYq|MW+s@uACY7*E&0-aMoLiI4d_J=H%pd^ymfTmO8v z+YGK4?P;lq!SCc<%6I#$&v5GD`V?IyiMNo5iYT~~i#Q+9)#h+nuoK1~&1bNkusjg6 zuPODsXZWL=wl>1=vX3%WhT2V(1KlFEX>8n;E!aeDT^@opbhX^!gFK&PoL1O(KrdHQ z%_aq;=Y1&5b+yVK213ZsJgX|l4As(zXg5&PpQ+`B;i`tM($AYNm6$tqi8X{&J1?}R zA!>QuM&^QTWD74R*_;6%%z(&23HJ4z;u@qv;&2<7NxMmh$bA2ub5Wl2X>fj?X1D8a zp8|fa3P42Y?8%92M6iktI^oYZTsL%b*3$akAS!5qb~cvXi0C+jNp~Lu?~oha)1NxF z2};nNDl#`sJpp=W9I2_YGiE*DflW4On^nKtJbCL%-`E(_E*TI~*?OZiUEb0mTu!}K z3H8}ZWj^!r_;tKv=e}F8Ke|M5YGNQ54uJ?h^xrEguN5U1yRTkQT17(hgzCz*4rEV) z^z(H8nR%?te=&l=U_d5R`pNiPuq?jUAd0cZ8v|Iw#l3r*DA|bECQ>3HzkUAnRszxA zd`Hl7Jq_Pa*A;uElEwX@X#RmZ#zAVYd3YL% zi|U?!oxGJ7ml*}ps9CJYmn%5sv@J0~qYy#YK9DKW2&C2>)5VrXAu&b;Jw~!1nGakO zRdZDz^H}1$9vl=u>FbXre5uX1?%;UwUib0WHa>&CtJDxFZWMF%Emzyhy^pndpNwj1 zS+iutB#aC{NuJ`~E$wQ4Uu?Ir*&E?JgB%)*2;K*V6W;A&%GIZ0L&WWCEcFfd5K5(M zJ1?oN+ZvK#QW|v|*pXOhB|QkOmix2}sv|1e3Ze0*qvOzK3twTZd!X*7KBF{P&OG{z zJlAYX2s~>_P(5pE^<2>OO}3jUJB(^CJV92<^wyZi?ttE=K_!}FXQVpw;XV7h4{6s~ z5~XEUG<#BN%AhP7LD2Tp5 zy5z|fGXCkNczZ|l_odCJt*U`fA8f302ZNH6Z2aTDeTl6fzN#l7+Ik*~X85D43=HAeb#{I<@V-hVG#!wI)4Yxf5z^x9+PWI)p;D7_lD>Bj*qtBiP zv6K^10uSor!`FvtG-c^UEW1L?Rm=la5*%nzc9rUU#`SC=awOG}PZIS`ZIXMc+_Q-0 zGRx%PlV^>tZ_Ql+WvO|J?iq>Ru~S!H{nWHm{Iunr$Ii$?DbCf^b!04|D1TThHoxnx zsi~=3XN0C4v#V=)F-F|LGK$m42bbx=n$!GV0Oe3=XZz{a3WT>KMle*bbe>~Zh}Xz- zZt$wmQ;+%g6PgbEFRAM|F|xm%zdw0$2B_=ys&{qPS?hu=9qKt*2z_KTcTtOM=BH#3 ztfn2tEQ*;#~`CQ!mAo zp9CF7H(a0rd2mf+Zwu)jqJXZ~&Z|eUc!7O4_7SBOf+qyAiqg#&C|v6-HNlk;kFZ8N!oSv+79zW?Nh(YHwj!Uyt2bWMe0Jv!OfLq~|+ zLHYPGG|Sy_v^S{{w6$)1t0T}11zr#d^KpL zbOrtF%UgWtcx4cX8;$VUTUOeAE9YiKsglvN(3yfxdc{IJKmK|f6)t3aFli9ptJafO za+wP=-P+uz{XlmRx0lT=I672x?xCyGG8Mv|8-LTXdkjA+QJ>UR-813cY8fIej1sVi zqrIsEmX~w!gGIWq-Hkx}Fx;1C!gJkk&)y{I)QNiUZfeuDF}kyMORad0JGkm}$d&A* ziH%)L)MQf&q>gQ^Zr5)$7MtR(6T~bcjRF&51)KXbRZa8wx!VvBACE-Wo!!!%>Cn1e zFK?fXujHU_-v<3PB*;^mPQ>%@uk$?M`L|8z1ntD?HFpV%u58~Gn-QrEAx$|keu3J> z@W)k-4<;Tx#zr23(Phz%zLPkthHi(Y<~1U=hRdGbVR&if zAT_+mVkQcay4^xe_9!~&nPfH?gJG6}Kk2`3M@O+Lef_TO{VQazwYjR*EcoTZT?q9k zD>!T`yMs3{y7j@rSfX8aqn~rA)HSXk6(c^)T=_BZ+}`b2vzUUmmYkF^Ud9;Tj6s2V z=fR{Ak`k4Vf{zs$a~8IA7pN=tUZtqli&(!kS)9D}Kub*YM#K%OY@@wh{O;yv2`koT zWmeKB#m=;IJ)Y0@dHZ%~Gm)GewO!{O%0DB5SPR!2Tv_=elg&%`M<)A_A4t_oyYV`R zfvhP%lP3LRiY-yh(z*CB4N=cP6-;8T>rTNh}+!4>H=nOra@-8Sk ztxv@pA4rpY0Abl;1j|OZ2YH`LJy+#XtEylf6WswmJXR>3v+ALb+SDD+3Bb>VJ}&(Z z%s81WR`O3RfPZ}6Pv@8%6?m0Yaa>=07$vidMs4(4I;2#VF05cCn<8g9N310dSdq1` zdUvlN_-2B%cMc}xa0ix>(BruE2>vT4yGg6Q#pCnoqvekcOqCiD(>psauMDBLA04bl zx0NhW`*zSe0a;^L1(MN+hYA$LsK*GAT}#a$mG>nE#uUCy@7Y&ieRV%~vMI2LFJ#l# z(^yt!e{l5?2t0WnH+5Y97=`sGj`Oh@9VquPQ4P}9wGlTG?t9QlmDjJLpIt~7&kgCQ z@84j=fjpkN`C#dGEt+=5%}bRP*jqa6fP&LiW%$V^j?p}dX`_DP3^-#KIKgobnR1o) z>kpXc%m&*N`(ow zq1AS|HS=gt0FAC(QyDqYxhE735fWn@NSbU?F_smWDC=N6yYRTg%-Uyd)0k%!POdF| zx*FRzLP{YW#Nb=VBrcTiKFU4RG=$`0VpxNFbjeq8b9M8KT?^|Qhl5@BGf@KFG7CXh zCG2fY##S?qwSMPL2?4765Fm5XIURoaRHTQ(dRlX87W?lb9r~1~!DZ7tL=6WD5XlKQ zhx=YWWGPXytC!u{imdc~P@Cs231ltVP?)8xG$u1>{vW4(?eg4Gp~n>pCIO%X{Q+}DQ>~0NM2=v7?zymueLa=8W@Zoj zSfRcfNCf-&>lq!djU^?;)pNzmpofL9%E=%py-jVjr08K@)xsK5HbX;!y}Dm#y_x^; z4r(TF*P9o=jvAm2ZS>c94Wvl;{q%vE12i}m+U*W5cdvEo&=yQz7{Yg;SVGaH^0^j5 zvd_ZCo>xgBlQ2&Olkxb}<(~+Hm+IULDhk(vI;tDJm; zVDaTh*aVIfsfuxn72ExA)uJHpwQ2|oynxJZX=M!UsR)E<5O?%&2WJOLv!*AT_UK3) zhk39K+81dzU5E8_w{0L+ync46#W~X3U_EW@%RKjQ?}Fn7KkLheN`Gp1*h)|=410V8 z%Dfc;YWZqcvE0Xem_CFS!Fbj@W?y$+FW?E&p9ExepZg6)NAMZ8@4t5|9 zO<**VbYztCSb#$$fFE9;=^<-%ChvMxpo|`0!{FzPNz4s(GXb`pmEdaKTI&_3_Xit9 ze7ClHt7%Wg39XXuS<{F(&n%)9eju#?@wLnpPMa8yd+pBD~RfDq94)dYn#(OkR|ypjO(ca zr$KwhhbBF=U5?oUQQ3Z*3F|hAW`l`Zn;<5s4^?@#D4-Zl7Zdt@_%!UW&$MULi)ut9 zKyV|EWi9R9bg_GL+7IL`wqquc&pVE@;vKtE$XAAl#CF9zsoS z%M4ywBk!(CF2J!}tuEa7FrA{S#U=3y((SQRV#VVY>82~{N*pT>^c>j}WcQSt&MNt= zjM`SFf07^FYuir==&(Of5-+TJ*b;7j{;=}VKJ9FF{2jPozC8w9=52dlOV0|^G1;U? z#;$qb+oK`=ug~f?wd#Uvlxpn&$nffeiNZe+9M_lABHcgHt%rP`>uI^UHw5ZtUuvk2 z#7#DVy|MHuQp;Zl=WPV>jw^QV&1B@f?#OUDcspR&9bKm*V?Xsp(di(7+Y&QJ1)k+% zKFQS|ST#@A5CTDuZtN;Mt+Qgh4{+QiB)w9D+{_HS7FGQ|wgTG+Yl{D|_Zeh~X8F@#*^RA0r`DdeZya0>!m{0R^Dho@ zP=z>A4yT!MO-o{m$3lqH=fa2*3;;6#St3YghL8^j0_u!+3JQX<-^aZ^>kv#Y$ln_|&gOB9X9UUPCWs$#}~ zIc9Av{M9)DD82Ba#(J7$?5ELLjObzF< z<%MqJ4Q$7x0>fp=h1$(h1G(98Y!EekalN9FS;V3YxbNt>X zR{Z^AceH-H<9qZNGXM>^C~L)s0J({%fB|hKi}yo5ACtRoQ!+3DO)(Mf`>{CHVEN!PP2Lv7V0QF@QuT~ZDc2joOlsJ=sG^)=JbixMj1>xm~?h( z-`3JuX~3dOr^m>3f;Qwy5~@v!+DE}x*#v5MA5+N3CSv@lg z*|id<=w3tnFWh6es}fUq3bdw~YnK@DXk0m_h^rAHNB9)4;C7MO=bybZ#veNA*@Zr= z4ceyEZUlw(sq)unXI{}Xgpap~8#vITW#{tp#{2%2HQ5NduTM!d5TRo(oBSiyAyR|^ z+)icXiP()m{j$Yv$+cI43rNhHtNp1OihZE4%=QKfT|?Yv71<9_GDGD}PIDUGM{C8V zGcmrTp1Uu`{U3zbv!}tcm(2Bd@2;DWXf#`4mT(AdPh7&d;&yBwuCPPkU7D*6NqsY^ zdd}~Hk23QgIAApTWAYk^m<*j}c8D8WHpia?>Zo0~t8rTY=Ls3jpa?Mjhl@vr%VnRc zLx47#BDt$ILz}UG`Fx8i&Iyb5PLSM4k})4Y?3h?*zVfL)ut79`J+FV8b}4ZGuzK=v zYMjnTN?sLmC#^WyUh4iD14?qdZwt0h_mLRwMlm)bke~#52!5M5BBsWKG)dguJO1JM zVs0)q&};EInBAqeBqoHSd3;?CZjJ0bM3VdwPW1W97o@{ zEIk9l$D`u*#TtC06Gh9X58lv9(K9Px&%^ znVf4*o?OP}E@D!_i@7bu<2j#U70-B3Iv8fQitNe7wtY|xoMy~U)LA^-5{-zg=1@U` zwHrU9ebp@=VxI9kbqVMm)UaMwpl)?J|D}TXwY{%-5&-a&n?htW@-XoNupTZ-M<33d zMcc}P2Y*=RyWiNu4&$YWT;AGk#1<=ihD*Snnj!i_4jMH?yj@KM#v~#qTE?%#)1Z~ z!74ecE8?1xt1O{2P;Z^1A7reacHsWQNNNBIy zxc;H)-Q7`qBe5dzB7i^1Ow=l}c0OOe0(aQ1b&r=7ub6PTBP;2uk#PmIk$DK!R84-l?Kg8mEbMI!?MJdAUca{;<)-?tAnsP5bY{gVs911Xf!e<_3fgUvgQwC z0MwdrQ#xp{@zt&(yEB!+Yp2em6oGbyA)MHSd)SB00SR!skUh9e+UqWo3b z1J_$RKx;{~G3eUm*NfBjp`cn*!_5V_xjF!olmV)Q>%ppI2B2+LfDik!lPqHw|C+o1 z&BSSN#)97C20oHZb=JtHk)}Hesv&vMRZK2Spd<8uZnlOXOYfVf_dY0le~PC69Tm{! zt@$W6y_GV4h3r9S(Xq4U3=p*q6R^G#5CPwa(IM_>Fx>P67poF$Xnd4;?=*{mO+O9?Qq$`{+EXF#W*oEi$}z-sQJ%f~;F(O??ho9rzK+fq*GOiQq!lu4@Kpt^SC*v{(ZreNNR;_gyfzRvbCQ z{*kOmfn5D}Ij zb}3^<&f|ea)Q26f#*21Y;bGYHWfM-i>7rXq>>?2*tCUP`a!5xJej|z3P-5gW@w>Sl z1%zAoeCM^_RtNIh4frcfdq!p?z}usa}{R>Cg? z2^2aT$wRy_d#~EMdts;_V8gbvkKDSxc)jr246~Z>ve_(hGwJTJ?)r5J`39)JumT&H z*m;aiO8BPad6;K3&iexNy9kiZ)xJn8!iH2)R{k>jD`R~?=+eV9=8qp5zsZ~?&ysA= z;mLVKD-8eLGov5f`0-Nqn;mKX=0{dyFddkozC)g2l;j&XJ;K1^E|+Y!ap0>t?%nVS zBf4j@iIVD92W0X+hq{7&Dbm64O(@IqhsN)}qZ;IM%UWqY%$-xbN+L9Lj|QpU6mfeS zNGr;ri%o59<(ZvI)W3qAAc&X2fW>G5K@m$}o0x`x8%;iE@}C>2s#=HdXll3|d>v)f z^@r6WRM@`w{-?Twf5Z3%ph!EJCH875C3xrJ)~DD2&nMog=P&>IyRgVeUOOyHH8G{X zmCVB6cSqG)(5P({3u#+S?0OZ-VqQaYW2DY+Gb-N;*&4;GBi}tsEaG82ka? z$;kcRN58MNk!Bc+aRKyFfl80qtHs`=Q85zHIjzb;)`G0=kS#RT%=FB*7 zU5^d^Dn8V!W5G9`tL_OO0-T$kon zhupC%p3Z(a66MprSp?Vp?oqqoZ*y~Nid~2oRN0vyA&hTjnDixn_Gt$gG0ZNj3b3+< zQvMw$NKJHgcr5j0j9B#d#gT=Gk)FSDpXqkn>28`zkC~@d5C!=D!sWcGpFnxWV{*CET4hPTha?;kTiDvD@1XZR> zLCdCZ(;~{vZ+aJ9_}7j33X32t0noRjeI%U5^Ne6uIr~Sr_}Ev|Rkw)i)C<)SFvYt%M!AuU~&uvMC7~D*@R#25PJCI6!4|B=dR5;%^LD z7k>h3rpNbBpQtFzmK#Sp8Eg{Xn-AL1p3Or2JotKzSG~o*qBQ6HjskJb%37Qg`Oxm9Qam3#-1^ zzbavCU?VP_0`pNOn@dw4TnKzuZx>Ylb@a1K44k^}8HLiiyDxeFt{3nJy2G8PWf1?i zIsds5R0z<oYTUzcKKem0{H!$Ety3KNY@jFGPcl|PS z;f|Io;?QJZ=eyIASe2(+KBFs87ae$-)p`Iq|9Z6fs7AaRx3r}tkiueBb&E*e!unUy z;@Spzwy2X#YH9!(wXBTo%Fv@nZ+>o^^d78$d(hin>R$M}7?-hKdCm84F>HZ-v27Ro zvp8G{m#phXMR%EuWjP#!600t%_oVh%2$gkSF!ncKHwQt4ECPAB9NOwmb;^AQ-E5 zRF$m>;%>#&G%9{%DI2=~BrA)%^&maLX|t$NOAB*3Aev9wNcHeSXe3_0{Y6soKYD>c z?sYK-1uI;*$SCsk-|YiJ?vaMa4{QJMP5>O%&RD_dLeRVqOnJOS^>tA> zD^a(5TBvTRQw7LdEx$orNj1V2-pYUMjVSBdmHi{d%UzXAd*Y^CgfpGbf|(!Rh<*`_ z%;d_yDva`1-r6P~DQ=F$QP0JlOTudE>Qc_m>V17`tjkOM^vMAyuwP1yfc@I~{^ftr ze07=48>oRje_3AQ*zWA#7aI8jFkB*erYEU-|JyXYybUuQ|1l{4=?{SRQmZn0mQ|2%fA;xXrH_Bomv1XM02Vqt;!EiN;KOWD z;tfO)vAE(+EH^hnDa@LW^%gRBcbk11Yos;XH4_j6?;gpC7`N_5Z-FdR!ie5_6}H{K z2VY=9zIfFI}I?0yznrO|2TCbiUY`iU=L;z6DkK{KksfuaJ2;=A} zfvnYSwnJ>PrPfuKg3AjCvVQfti^Pq>9gN&dNzgDl8Tkyf*kJ0NNAm2?3p~L)ciElk zDUjS$+3ajewCxztK+PwRQY;DQuY_=cRF~H43zC~DXC3(c)-_3@#R{ahs7+60RqkI( z2RG2GJ?HrZ_^I!=0)_9As;Z9Xx~`jB|2Jmh|JMi$T{pkwU~Xs7(3g>*m`WuJaoo}l zgXTe}G2jqj2ik{AR_=??ek^hpX)boS-N-_{u!NQPoIL9}UA#{2F9}*ypQ%Og?S%69 zfM|U|C-4zKW89X~^M;6CQ)7S##;n-ISHFv&5r4Wf#_YN1svdm5b5JX$ut-7~n0)O- zW4f@1S)^JqIl9wNI~fHzV+!>kZrBz6{`w2!PyVBY{I9P*z!i$1AGxLeXthGSIWBJE zrvhA40FeL(Wq-J2vF`cJ=G_IiP0x2=+^M&t^78VzYrG(d8TH#ee>|6WR!2T^Inj?* z@`Rqf6FynLk~1Yqnt}6;w?@0dbv&dzSSyiS1GyJE z_Ie`v%p5(;P9va>^BTyoJ;Nx5<;%pf?McSiBYmmec%w%$pOhPj{lSRyuVtKb8= z)z@FfV48RWffi4?MMm9;dRQ*VZryd&i7oqWsHWGi0sQ`5jCa~I88!9${R|f%pQ9jw z#!=ihquVfI%^FKvD10&Je5Ar{ ztsj!84p6fs$imZ+#=|@dU(o%*2UHQp|6e8OKS)3lEAaB2ZiRwGdD1@Nz&)LU@JV)x zS4s54CHXokDNMit!C-u=hRsjXCikJFB5BKk%X{MbuX?KeO5B+H1~VW6ADF@u8yg#M zqPovE)LS3Br{w4%ot`C)`-6JTYF=mJl)|bP6RL}1U-fS_RuR2tl|`+GTIMlZHafcp zs~KeRo0(b445_oDQxQM#EK2k)Y!e;p1()4qvPIJleZCPELnbA8jO9-tdJD1Q4U~@| z9US19s7pB!H^u@uL@$zuEM?D_5Y^pdM6hq-p&&~uHIs#5$fMx<1#6Vo5e)w2y~1+X z-cZT18eX8V#8YPU3==O6(|>YL|K+i~dCr&UZW=bOxcm8oCY_H4)+C?^`sW(v!U5?Jjw5|Ha}tlOv;rOVoT? zkob{C-Aju}BzvH@g{rhPo7ZW(6J3AqvQ~h2hA*gDEMak|#7#j`QnHL2S3vW6{3P$i zf9|@bSLSCyGq2<+NvW-GaQujAt5CjYD5`N-<-EjU<^1EE%p%F<`53YJo&7Q{Vix+_ zH(oTC6(9&ZvEud{$!@|mNn8t|6pa1@K|w)bq(C~s>dw5;PbY~YmLtR)0*ANbbl+T( ztxnFYlh~q~&nC_U7vp?MGg5s z-MLM4(Bsc>Mc(ZjxVYSju^E(p_lGy*`I1XQ*VpF_5j*7jE_5C;#I>Gqk+fzJYJEaiJZ^dfLmGvbjikS$dAer23{?6kou_4pLoX@#Vx3!xLx zO)o|lnbF=PNk+F{gYxo0vJHqU7Ug~?vYZGq>f$*bnL8kEyEe_c%X0^p4vlTlaF3ZN z1`W}~Xgdi{0zZF^?wJ$><^=+<3`v-C*C`l!0yriV%LCxRu9A^x4KEq&i;%0(1p!d6 z-wD9La)~$~X8OammFaboaHq_?m(MQBzDh5184@CGN1*)D^|f4J3i zZ`_UnYA&-EcZSK~>5-EF;|8tD-&nfIEC8;+c{Ac8eGgz%77Yw(9_Ya7#<{ojBX{Ch%)u|MV@8Q*^2{?*T4NlUf?Bjm&zt{EPH^!b#>@3 zPBG)<-4b*qM^;Pdgd569Ejc-mSVtw8cjVRZA>xddY^ap#BFTwp#BBhG0y*&}pxzc2 zdQ1Bxo(K5NY(RRZ4fXUhqG<7iJ1bq7#L#6Haf92GB{w`|Lsna=LGIkEGoBk7>7`sa#1;0TGZK5!n}|<~#GP^mHkOBUgm2 z?f{Y)sh(6bS)aW`g=`_uwQS`C=Kuxd%%2{mo?&XiC%ppZxc&!o^Uo#bxROz8yBY3| zW`Ex9L0XhBFIp&oIm0`5(mS@+G%v~3T^!cl+BT_@nuoymtSoibN@s(iMNz#kB@8#$yx51o$t{V_ub;M0!Q#Ekkmt#K!@H9yjfMtL{O9d}U0k)vBI4|#| z{u(4I=9lBO(=K|t!Z{QnKa-DCuq%ely^9(B0V)O(x?Wyhk_)`~Z$x9GbS;9u`6NH7 zM0R9x{Ua`@*MEpMz?dfQ`&4n?zV@iL6r)bA1$Q#wot)#OP!Azr6LuRY`!y#snS`p0j=CXx?jUXCPaNR zS*!WUaj)&@#OBGU^Q)uDnKXE)o8u1Ko8dNtcwKUb8~qGhcJGgbe?ZI|`11U1;Wl3? z8*J~Sq+B{8+Tc0htZCl;&#s6Yzy;@pvfYxz)Leg|$p?T7(L$f;`5`&lCF#+0RM4@< zchEJ&hAZ%bKOSQ^{@ZkElI3!MclxDv2Dh_Ux*&;x%Xa`7+dpFG%&bgLVtif6bvVFI zYKw+{lu-&h&0Edf1U{W3My7WjJY%E|)q*FWg-x4C7XY zEr6-Ky}7&k`ucdpNB5k>K;X1dclZ$s6181faGCFxIj)@iDboDjr}Q?H%UrYuO9GE9 zu=lS1ZP3G#n(ney0M-nL@*M#A6pdE!@y}B{$?51oBW*`W!VxW0MC|Z)Uf>vZO2zeo ztuD)KKzXns!s#_C9-FUKc*jb0Gg(y1=J+1&5AQt6iy!?#9Kue-fZykUZ@%~(U_-od zed7RNIPUj!Vb18NLo+}6n=6p4syggaY&=mI2tnQTS7P9wA&HZ8QU*{`HaBN(ZLYML z{CKGGAG>voKM1iOxe2D%N9>B2&ET>UxtH~nUXa~LE-ZZ1N|lW(AbE+6(VpNu1jqmd z8_{snqS*6ez|T=m=Nu^*;HI9{Q1bP3d0q}eFNu&ofKNwjs%O% z@2`iw4mIa|bCR&VOPGw9Jq4KIn(eOmKT)g3jbEohz`=e58Wb%&Nxfg``-ZwMx66(K z3)4pw3{UdqN1OnlZ)(q__*f51_2#$BY&x-?Bl(q*Jm!A}U@+!CBTybxG!XetjdQJp zKAA~IaNP`B0VLeXvwBjJ^MUY5&S&jHi5m1*NS@4-9*E|+i{1w>Lj-;QpAJxnMJeoH zl#gvc^Ou*9h@Tav%vYYYUIKFC#zxz>n_XvSWsXcexf}nPcA(PCS zN2u}-@3jj+R#H!}=>*=He1OS2Tmzb!%TPx8_5IqBU@fS6m$XRgtk#}{jJo}>;K+n6 zQ2Dh`jVn9;IVdPcUc3}hdVcXF=hKLZ!G@*iEyzAdl|+b6-i=WgYIlQz3Ho*gMbLfo zE0mc*f9~tB zn3QWU64uM@UOV?w=Z@f)J7Uce7y@Xxb*5)8(ebeXL*!_Unt}r2UB;MQhD~BJGi9!- z(~yZ?1}Y*>B>>6c<9oX0F!97QOtuxXo%S6S^Y;u9^8+n{9y^&&m)jms#jlHeA1?%n ziQEgu{Xl3edy*LJ*7| zZn^c#OP15Z7%=~NEqb62U@f}i{A<_M^(i@4xJhX(cEVB9x_T4$%#)7XvT6sh@gojX zKKEpay(u*3O zoj$vCs@LpQ2y9On?S0^#ZLe!^aY0b-B~VRYfsR0 z@Zqzu!ymq@6Foe_=trda6v{U}Y3-w{gIfBhIy0(KrpGi;Kkz(V%e9DW3I}h-+@|Hn zU5E=W!1QK`Fw^UY_o20jJc^?cg9v&&%2o`~t9YnDzyB%3m4NehnGESbKjis7S+`Qw zd*MDtl#t`rBur)5&;_(%USm4c`fA^3k=wYtr=SQ_OP6}>A|aoQ#11PaP%F0a`9OTD z$b+}9CWIa?3_z)tVgW7gJa`Fnk~A{P(Lz=C^}1M~lB1$lHEgsB-$>DuyhDCQvWMi@ zqgKl?Jhqj;D>JjRb*7)jbCYFR(P`<8@;=Q<(7{K&9%id+NG+A4IqfR#EZnP=cLAac}#~LW0p_E}pdoZquQX z7>4Pl-~jfJ0~SX2G-8a*k-*ndtOYDBElo+<x$Vg{|t24Q4t7oK=Ccy{VMk$Gp-Ar&_trB zew^S@=`0mFfvQ91Rr68VUZa!C{|$%lFXLJ?(cM|C`*ZA&kWMB?r;J9b8HopIkq3Jt zW{3QwL#;K(=PF^#b(CJ8*YnEupc*XQ#}0G#t}m1V{eQsDB%uEeIo>K)Pc@(5=>p8S zq4LAr{EB+*4%m!Rf`b>nXEzs)O5fOW1L}Q&#--|}zOEp;y09J{uieyyI7_8bpWnL2;0ai_CaFV5dtfw4 zh7oqu4pT?^@}!3#1Ha{DpB~H~1W|=ZN*eWye-$}o2Ko}rU_eXsVPZ{Ha7+sR@F|Ho zYVGPpaq=|sG{T+RcOc>tmBNwNL!-|sFRq1OJ$>esMVcgeMEGUdQ|!u90%rT|4s#vW zW33Z4l+}%hl~~7)uY%iO$Nj|SYMQwQQBMK_`)&G*{lZDjb!z>@}T}S)Sea1tUkNdfu2A^J}Sg90|FOjGc@7E zNlkL%eh@bU!W51*-2CrZ=lbM6G|KiPx%m@oXm+M@j} z59p8Yn)%=@B8rJ?+j2N1cGd80zu~}&V3FHqMl>qF`s#g#5wua3s_@bmfgB85@qAlY ze3eVZT)NM>{q6afB|8-JY#^l4t83ENL%gPES>1YmK)zl8rC*V~>b>Vh#LJ|9xK!ur zyqYNJC{4qye+QGN&w>b{cOihccOI*Je=Ff$k8@t|IYarf?eimskU>tnvG2^B(QuYT z7^#9@1gfQQieXaectg7)`TkKjC=mQl4S7{(NEMHJ9 zYwN?xsXb~sk3x){Y4V@-HY+bZufAP zb;{WzeL?w=@OE4tvEjkPT^P!$i3W`acf^y?LMKTg9qV`V7>+f<{$Fb`&IO8h0o~`{Nh;ZF{Vq4UQUB@WW_2ruZlE?&o_^dG~(L4)|ly)|X3P_F?;xAW- zulnUr&B?usS3pK{-*x`d2P&DW-(wICG|F0sr;NA`gHydGBD?jZ(*n%j6S zeaI-SdFr#CaCvK^d|VI(?$%<4LzJf1cIm2D=2>U4vsCofK-Vl`Twly{?$nj@;7p@R zXHP{M9vy4OH4k-QepGaObfq|qrauV-Eq+;9O~~uSep*7-X)wW`*4147iDL4)Oby;N z>lG_kSoga?-BMM@{<~?Uz%Z51y6>lo&4glc&!VtYZZ>bd*6(`J_t#>{5R`MjH zjIdabUpF9Jj}cqAkvto##ja%7ue|81UQ^^ubpg-Uz1S$2zVO>|a|U)rh>gm*JG2f$ z_DKTo#Ee8+VE+=0mi6m-fA3^G&Q6qb!Qx6jprsrAtuguLRVf|u!Y!k#BO^=onojQJ zaVtZpUKPD&H@6Dia!+*6+H$SKw)n1r=Pn(;6tS)v9p_;{D83hPZ(Mbe3-MGm%^JL5 zyJ)_Gy9QPA_P#IwrMYtVRvnY=s3wyBJ^DjIK@Tr%L`@fx;a_al`Lgzzl#Tq74r|~o z7QkbdmhS6rPI!vWMx5E}zb?X%-%;VvFc=J)gzpXC=qXe+Q$&m`sfU_Qy+5x~jU!rZ zV{4Mn23T(-zgkoY#!`+~}C$HQZ`=E_B9Fjbn079%Bv?db~R9)Q7mA_r^m zr#7y`*+&a03SYSd4y5NFId?Ir>=KsHExA@H?nMK9n4@&L&oyLKQ9|$Vb9ZXcAL3l+ zXD5Aiew*wr+1bPxpJj?P${lgGK^6{Cb#bUYHJW;FAB^-hAAgo2v%!4V*4OiDGClOB zux-jkdoA@AQTN=gJR45;d{52X4=EAiw|zllOss}W$GI8tzc;wtxpO&kvfg9bkR%-x zH!@dh@4G37?;IoCgXtQPb3jG4Y^i2<n5;?5?8A!Vg?2Q%^J3NqE>?({1(cd%8 zfHaG}$>F)8QC3}3%*2nsaEXKx=qm`j1a|wPqIQOM^w+KaZd~sat^I zSvMZMTrAjfARU~^zmY=bV5I?Pq2*1(j)X{uiJxWqE>@j-qElv6yA5>YN(IEo4Cam7 zIEvy%JFl`T(CfmUa~`;VhpkW4sH_Ijl_jfwd&SIj@z(ueNZb9Rl}V>gpA{x~;DIa_ zur$5uFv&H^_sG&V12c(jwmH>{-uGpz%U!(*va%g3Q2wS6XSoSr5Ii?9bgt!Tu2(W+S-xg|@Ll=v=Nh!=_lLg`OmT?skXr(lY%s!}%PL`e z;vooFobFrXvD>eCkEp8Hyx5x&n0hOLzb#*aVt*% zTk8CEAAw&RE_JM`;8eh{o2Fg}j$~JT30xc33okJay`W`P&{fS`jq#N!FZK0Uo<>U{ zU}|-!DxAd31Q%(cd9J)3CR*iM2_2*OVBkF|X+9pQL4j(`_YR}P{ ziS*^!+4X1IlK=6cGTTeoO{pa&KU1Kp#RPIbLbmb2c2h9J==c-Y3Fu-!GQ<Z>T7XGTC-OAfFd$F_`m@J)anQ6fCKR^ zF(3GaSp%t~l|W#&Hplsn)`H(G#-&&Ayqa(&iNp)Dt<9c|^K9{(*sF1HvLmZo>;OL~ z&bV=s?MLtQ05PH1MILY*B-!EX7d>FcEhG`GgvXkUqxs?j)=H2GI68kd@@V-miAXWB z1RpAI+6`FFW)7`I>?d-CGKzW(cVOH7^Y7}GSx4h_%WdU0!_%!nF$g~?5nR$)4Nx!; zLG|u&Vzb+OHOg%n+|dvSOX!u>@pKp>c&p(?>lh*Xq1%RdmTFaWy25HEWT-QmNLr%G z=4sv5Hr`#L&R)==PVvMt<`t2eG+5ZKk&^p?opdiZucq(X=52-5qboErHs)TqsP zB62Y{;ZBO_j}b-Hcwxjxa;CoXeJ!-ptXjUDc*`5WlQ`$r83IU7!SYWq_}t!ca2~0; zA#q0JD(&x6rQ^8y539tRUR~?hHHR})YOvd40ZSu&2X%Jt4)f8b?O$XTdDCrb<2GQs zL?udaX6K=1E2;oG(6%omnB5tQ=kmjp*^J&VwHz!~LyAkSPhjh$qd#08Va8p4CQ$$R zB^x z1mct$gX0V=;QO-&M}eALyqGX*;uiiU;M-@~Vtd`55*=Y|a>E$G=X|)0=@7A(>4QkE zj`aMrsgm%I4kWL2#wLnI?$Z{+3bhou!)EpXpi(J(b4C-LiQ^Kg!S2Xrg{qSd_S3|@ zW6}X^7A{n}?Ww|W&9W9TkgM~u+;)8_W}3s(K@D@OutYrEeX_#Q%%=8%B2w~m)B8Fr zHNeVdQ|)ip%;3eY=j|GPmVE950zy#s^HWWr1(SxLTbc=8LXzT5#t%Emlo_BKP*a@~ z`T5HQl;rnt1#cQ&T8w|oU0o4&wT)0?R~=bm(fPexyJgfAESuG1VpE@|SNxLKq{SGC zcHjPH+#X%8A?Dg)&8}aa`R7%kV3-)~;(4tO&1~cIvHVsafRnbr5Du7HFwP*@3dNDn zAne*)j>!uHU{P#;*`S5$eYs)HwKLBdcYeF^<2uDwW85~UWMf>bn#1oU>U3!4>QL|F zQbF9#q!pZp-Gb5cCpe|#XYR3l_SN9X^p$n`J9JPbR={>D)FEWru)8ITkBxu4lZdW( zKBq}ynwg+trw7#Rd?bC#ya3MZsxPr94vIRhAAWus>`$VE$(RD3y}lL# zk~#Q;f{F3!w-=^g$e9>pb({Te|ILXUgFp#+e-vvZFdig;o&DcOaZg`UAr=vbAJ5;F zZo8R>0y+jmjhiE6*8r6uBs3lp7nn5(fECw6&oGjnTS}eTrCj`74j4AT9uGlh)etxak8uC&G`(*HH+!?wj8*x9X9J6>E09Gb~)gHS7CO;|ax&FQkk-%CC zXFKV@0`PZHgC7JHw7y;z1f6U>auDzJDUV{j|MdEm;XBu$Zqq^8JuO5 zM$i)P7_Q&F6n3!5M$7LJIQyNe(=4nXsj0Qp79RqpV^3`gS&><%ZC0EeNekk(vhoK@DgSyQj)^g@_#83h;8ro&!adx3O~Nlms&Jzf`*^h3WYw$Ek}RHLkL)2~izp$0e=hRvymL za7w?DO}OKirV#(K$h4i~{I&ZJe8>ZUH(cpk^ZBms4h1 z?G6=|hYD+c1~W8?ek*_WEs!?-O~ZwW%IBWCKxE>vkZjR=wkJh9)g0Z3upk41)u96W z2w=?8&j%e}_>loR>dn0a6>Ei@bfWL%C0J{)cQA~TSc4(q0 zp*&zf=18(EW{{B3~I-@y~Jyi{f7js`N z^$+J>ri|YEGeo1&84N~aGc2PHWzz@sqpXK>yvJ?{*vicFjIW*+?lbO8ke{#}97%3K zbL{F56`3HvKDAdNJ#}u;a$fjuRhqSNmLO)g`cdn>dh*kxhAje%G=Bx?facg$*7^N=6AeFY7M#DFB31-@(@j(2^nX$?Akg``T)J`KWA$!T@4@JV^h7 z0ub4xzIZv?lJ6MTJc4<*(1UI1o5A1M}^Szis*AHyEay7q`UmxG5xWCAG+LLHXRNI{eUG_IL!JRdv?>kt%lQBvFE&Ek9|Cfa)>F7f!Q^6=<#|T+|?$o z(s`yP@>|YkP%(_q{toh&e)ym)@kRGZXgC0r04)KqCaNs$-hBzl-P@XR1G%r!dv*%S zqC-{C{R>Th_$(E>b}C>ceNaB2Z1^@!ZXoq_l)4o58>7fXiG9sc2(IT!*t5yfMh0_d zhIZqeca8!zf?)1c5?#5?IG085#NqB7KPE5gTf6S}kjIoB8@0U$aZfC`YCN%gAp08I zu@Y@MfOG+PT|+|>aPv!7Eu%hd#Oc&X98$xJ^>R5j&>a2NAfIeVTLS;`gs+nV$QxN0 z&7)^sk#E^nJm1lbU;*=LoRMMsbd@#y=cj9OMQP1rr#>^m50p7-Y(e$aSbYJD;gkwN z?!o2Hh0`i(Ic8pj<0XKcb5D+aBepmLctjaWe zT0OT>B}eN@v78L*EC;T@vlH9%&4zW5zofJ<7M zY`jk1bL9;QB7rcU-9WXK7JQ|Q9dvZ3uw%zM)qI#+Mm7Agj&*E?#~~Li_4gNS25+g zRQ_gPpr>+`Xw+r|lvHpTH3f#vG)FY=E)S+d(4->s&8x-3#B9d<8X)Sp(Z4|JTpmGP zv^rBGTqd3uF#DDLy8*3h(z!_#Olm`SI_381nbfRDzeV*Sbv3Wve`)@n@5!iF1BRZL ztL<>IzOr;V-M-g!E;(AW)Utuo(C{j&?Q21YosZT--<8$e>Md@Gn7`}GQXTEzX=)Zr z)B2=RX6tM@7@i>NDdR)Fsb^#9_u*T+&XCVNj=RY|H|8|%=X|9X_2>hP``+^4i^%v3 z967H`N8Bdi@7i-;Mz!!-&eS}7p8;vqJe_Ud67zr+4k76RP=Jd9#Nd?p;sH4@ce?up zi^GKNkOz<@>pgb?cKiG^Yh)S#`g~Og zAo_-L}V|hgPMu4flxejZZ%yl?*1g;J>emH4>c5& zCBiaC)V`Z;&1{xYSEnpN0|WlA;r9P4=m-H)7`~vTWb6fM&Sr~gO&m*A7RAgBuFvyc zIIW;*MIfui1_8KRhaYZQf+=wx=iauLBVVJ#Z5auGjgjlO>~9}GhX&Hg&IKNmdZIYS zVeTV2^DWBM%ShmcUhZ~WAFk=$y6pwTuFU{xZBu{u)n{>s`Hp+=Ls)<6;a~7}WQY``iPd5`|4+YNxtTQW+Ad9L;gdB0M3>ihcRr29$ zSx&(=$ttv&lak4I3?-`W`hc*RAd-jpR1^A!8|7IqCsD0LA$1Om30?=dreH-T`hh^+ zp+--d>~!Bsp>1Q^a1YW|EM)bHjS?s2#TATZOLWyCwy6BkGk)A<4y@Ty32jd~<`28~ zS1di*6>Vb$T))lyaz4ZeO`JW)srquR4ORXuCc}#Zh-tX@jce~H>XB(Aa%w7QTfT?- z>@!>`XnuV8_@vqMxIgcm15R8Ou$ah+YC_o8$Y!cDgY_z9RMKBrEY1N}&+rzvVaQJK zhokj#5)DYzf+{8ES87_+y$JDCDU2G}(i&~zB_KE<_Fq&x+yEwN3)r8qHbLL=?D?oun)rhWmg__|f6g^ge*^TXhDjhcB5HMe$^`I1zP!>0~AuDTCdwQ3R5 zO(Am4DhW(oRA`P5UY9uDrueWXlx=X{a$A~LV_KN>6?*Yk0fg&_>&~*{P0|Q}hS-;4 zGIra0IWCwcZXoZr9U6P@EOfV8@8NW6@Nq@P%^A^q6qmr6wO&AGKFb_Bcc;=1!q1x0 zM1h1S{Yi30TJ)OAp`Z_%-`gj^qrh5&y9EgdYNj05JhKp6URWcSGIEXFK{eU;Ucekd zbVgB($TiEMwpE2jGXRN&+Z;;2J8ArD5lR(e6jTT1@4Z+^qN}Yns!e-a-A$=bXU9^) zHRw$~x6grz51aEh$-1*#a?6c>Qb?YDblvFqyulBnJC}DReI3*}#hjM5@(TUybkMQ= zzV$G|PWbarSBHZ)1#n4J2eUDdG^v0mUZP*~$<9Ww$~#>Y%`8+%1l#0%Rl-W zMwOS%Qp^lyeYEM^)iFXpVS^$|TnhLHlctXN-*NQV`ns2`ID4bnX4b@#QcR_@t~9{0 z-Bo zxJ+xZ@;NM=)mCIX1cjbQx=qzoZP-= zFNWS}c&SxMeg~k2)sXspRuetzmsMX(0~>5CaG4K1fGHK)eU`9I17A&c-D2mWES*c4KGpI(HF;n^eH<*V5F0dDu* z(nDJ2QplYoT3jB0Tg?LDRkN*-ryHz$kEX_kd(&UV_JBRQPeQehUHce4>HF!hoq{|J0KA zOr`UZOuSI(UHLD3!A75>1Z>Abk4S|?E-eFXKM7G8%r|GwEJ%J{j$X0CmnU|Hj8h)! zyQj}q+X1*ZhDR?vt5Fhvl=%$I$jfla)!ACBiU*jGm?J7rJNOc1fZIkby}@Xi4R0+j z3N!Axr`2Imh8#SiFy^?wye!RDzpL=|sYgU^4&zxM^VMlmTPMXRNo^U0i00OK6u=QV9M+W9YpYFu+cZGi#0Vmr5szEFPN6pqaB`4Breqw>`>aX9*PVi zPF=jgBf|w=K}SixG7t6S2_pr=6p7P#xp5C?`jE|x9(LSA_a1U~2wn<-RcUhrRh9a~9BJyq3ww+51J$(Y~oJ{j^VA7Y}b-sf^5dPZ-DDjg9NXNSX zrx@0kr9ul*OAiNpLhLvhDZ9gSu1$OTu($Da$KXBvYSti%F;%&dlEpjD6Gs7*-}d~y z^e>+N*Qb`fz3gtJc{Pv#DC^LC&f>0OLYrFwSN-Xr`PJ7RaUPfT;x#Mo%7$wJ)m5xn zfy-^9&E5ncT#1TRvbc%kmQw;$bi39mt{m8+YomjD1pb9UK^ywOF_)g<# zSAcomUUn;vC=$gJ)~^npdkgTC1NLXm6x%tWNB}m<^R(Zdlb1EDPK4GxKwKh-1E|+H zZmT1H^sahKWEoy58$h$l?(vT%9G66)?QWe%h{YHv>#kcjq&9zQ22JR1;dvDFR>5)_ zhD60w+Z@r55v&R_;XfN)KX;39pwVCF427~g$D%j~Ut=s51F>#SZ4DM)S8^$x08^K^ zA^Cj0jz~JH!ugSsA38=1gT++3tgh^C3wZ9m1{OjxVNTPEexRZ?e}7dJQCno%X+kNw z&;RzF@G7Q!bQg=xFjSvpH(NVM_yQY1A_joCRga2M=q{Y(K4J#9V_+-?VBUr^ybld` zK<^X@Jju85t`?i{0a^Bk(hEZTyF5v&F1bMu*L0(Af5Q{Z+DDvu-8SCtuO^9pUtD}M zn4`}Olx6Pry%Ie>Y`Hy2bMDimujiBNm&I?Zka6&-?L}>sQQT;ayUU`I$v)Z^F?<0a; zd7Q!s6?0oC;L<`Pl|Jd`vadhWeq*G_R;fLwh1{D;KtY@l{Y zjpHCxz|PhOM75TXeGcpve#N4}1l5NnAZZ?aWt9q`*&H%lpIA@Vh{p%R6Wv69nV;L8lyn+P#9yLo9dW)@T{t{K z^We(^setQc03Yay#;^jp#efasCJl55h}+fjw!XPv$j^_`_f)^HNVi@ZVp;7)tc>I$ z`a?KBW%e6N2OV_He|Gw(sOK2Q})AerG-s^pj`t9@M zoU{H(IiF|TBd#&VHO8IU*BQU>^I~~iE@x9CS7Fzc*|r@t%|Ur2*o1N3(q#K-h4x`& z2)Cjnyx0q}g>qsQJH-PTj5);H1Maa%fZE|nP}PLqoUdL8i$TCKKCx)snTt5>Qz);% z6uNnXxBTPRMV6u0i97Z4@-^%7F>mwKt1N1nPp8r_Kbyo+H2(1FB8AY_wGcXGS&^6r zSrnpipLb(8WbV)?(jBef&f;N1fQt*2M%l&xJ!U^nM^(u!RE;z@bhDog>Z=@_utzuvnq`i$L9P1Gb z^0J^WyEu3-S5%N{6Ki*CB#zd2z)|cm^nPzv%R95lq-18TY29YFj8^F@kVgZjhc6Zv zwj_@wC7%Y^>@M|3XbGZomU7Bt5i_d+F66h~S)~O~%+p(D%i2`9-8}O_G5e3k>~PJt z;w~P%+LqFS@pbmI3YyKC=1@SY7#z;}6{WaC`*4Hot@e&EDJm+c|K95x&z#~21uR3c zF5g7q?!Dq6$1B1w;lit3xvOEAH5Ps?7Gl7zdLQY8nJPst+%x8naL22xc}~ z6Xvi$b#l8W-`7mICW$97kAWBNoajSs_XtenAQSS9V77Cv^)lKZt6Y;xtUc8m-id~c zwPQ`>t1t`|8?b;M!Zw>}Xq3v!yIl0)%Af;MnXlSu9r+MV`KVO80%F+`Q9U2P+USD) zlJcWag7=gT@$-0yg9bZZ=NqbVD!T=F@d#G=LT0+j|6Z4_y-I>BS+TAIL=4B^Ll(|! zu5<3#G6qD^!51NeeGt{kCzr0<4~%+MtDf;TzdHqWSMY_SDD5`Sr%(Y-_3A@z}ub_h%Jo2?I*m1ljZ6E>EWxXAuet@zJ< z(%`G42RMYR0sL_C-)k%QD@oo;#>0UYTCa{3tHYbP<{Q%1(;r1>)ZV9hD;SrQO$zRo zEq(6K8_7ktA6y>E$aw#JyjL)1VF~Rrff(qd@YsD(f#>Jy`wRZ;#;t&c%SzVu$;H`8 zWLsZ?$8O_Gk;PZs#ome>gW?SevHQE`5{N(Ah zn|<+pf;mwCr|>9m- zO2BPCV#yW;cO)eBW_zb1uKxB;-F)LZbi*#dsG1R?O2=3ir%5tgu*FyhqterK=qspAz5#vRd5jm_)mp>| z2?uinM{~J$N2`-$fEu7tu%)zz50ysm&l`BsZ$9|V((mB|cv@7wZL136s2r)64(89d zeeK&(!KGCC>~U>EKp%;(19eQc$+)w1e;>gGIN0>CJr^j4pl*dM9J?T(MKw{)1>-PqU7lJE zZHZA|==%QYln)pI?KFy_ui}*OZ?^j?dk0DLyH*Wvw-ypJoF%^YL5!Q8I?RRN zuRB_bFEtxs=riu^&*6!<2vIWhy?&1#5NgX590y~W9o(xG-nn}#boKpd$fNwmK2J6p zc*OG#Ha|sbwq(msw6@CUbS%BBbGZ+F-J7M(GC9Lc`U^M3I0}En zQE+)+hieqjPOKj{aFJm<30~NZyl`d7;rXsw%}z1n?5Z7?<62S)4)n`?KkYttqt8Gm z^1_Mt#@7c_0gGWJxzBnRB)q9Q8Tkp^&*?!xdhY$^62A$H`+XvI(}j+Aj{*2?as*3P|E&Z4pFfEFqXB&!1EF_hG$2&IH@n<`zI^(+b5bxgo&FSt z4;wBS54lQ$St2tB>3phwZ( zGI@Q$yxulp$4+Ht6A^&)*#=hbQ=ntrvY)*Fv0I8j6zKd~;!E70moe!i>BEhNbDp$t zpX2t800g(w{fCL?8qn1RDS(v6D)+-Gwju8%Kevs;oU14uwsbWdm0|&mWN_FfKzK<55eBPQ9hf3)k2~xec}8>H};m-JEx{ zuP(J6R1JG_b~ck-i7YdE%5LWXcVRz)x)Hx}3k?IpQ6%ky2v}o4Pu?D5DRoJ0G%Q_> zZ}6s(OBbtyozKJDDjLW!urnOX_5{yDg`X`wb;%W6tEP}eDHb7m9H5>H9?PgNmy9If z#(bK0N!G;idA-)&#ePvnrv?m2R7RcCe!h4-7rDTC7uM=Tgk9B(2i}wTKmV9G|H_tt zB7mF`2l{%A`x!4E=rszzxIhv>e5&pniCGM!s{zNy$Ndspv!POsi#7#|{i`FgRJqlF z#L{b^S$rP2=;`t0G_gnu;e2SnD2bEUb=NyWmk74Lis?>ZAJ3JD%0t1$F7}ro@Y+W0 zNDgTRm_Sx5%ow&-wV8^~{tV^)klQJ1L7`uXXreay?dys{Y^cz>Wcr+E+j$J5l zZg0BY5i2?YfuWnW&)EO`fw(n`y_{^Ev8k(20Y^BQ3#}%QSwo`R6L#0ctRx7E9Emkv*rl^s`DyF`+{_eEtXBkDB=9pPr2x_O)kjkcDR&TlKFGfY_ZGsLOs}zp zRjB85*3)<@^gx7xbDLGAcH3b7H`yaWDmy$3l?QO@GQD!q(_y<6ZSxHoIlu~|QO|xg z+Zrv`o#849%HH&#Bu@cI5MhKY2FD!36+?hqo42tcP#V{X&e>aPJR&;2Jl>c5NyP>X zP|&EZ$;%YLOfJuN1>;is9`=MoembI&ZrlKRXYXeYi41@vq9TMJBE4tR6s0qytLZderbHf{yNiAAYGIi*&!pJkeDGg?*;391qYfIgA-Fj*TuAhYo1_4M$ZrYjjBPy0?6-{<*x56*K5 z9wj}iKC{BrJTU2{$|`@}QT_Fs;M=+TWY<8c>@gULiF7$dSD_|&Sp!PLt-<8Nr#C@~ z%OIV_pz}#fcfn^+edMw8eIzyk;hj5$d7N-{gA&q}B!w$7Io_yFIa_tD%r2vu&k`fH ze?D2N7X+#B6j_a>I1yYzw@{UK$zH56gD6;o5kA=n&+$W5+&cb$yB({5C{fE9VJWY~3|y(B8_` zLLKzhRu%!#Bjh1w^Nn9I4Gdr!m}bn8ui;p<9mS{*z2xY;>JG>u3Xi-+f$Lgo4Zqj@ zR!?=P+_2atBzSarAR`h?3<)BT@l_1Sfj*brTJ?LAK84ct!NscLNMbO^d=IZFFoFY& z(-e2=uUPVdyOTPXU69?l*}Z`RP3nWm zPiuhrsyj9ut^r_NFYiqj+iLL`9(iEl`sIe*a&3b}E219t)tsmHXk{OPTT{+BaQ4TAY&jvOwQ2 zJlbe*bQJ_CyMBgCiR*kWC$rIx5~nN7-R1*iPZkVyg;E8Ce(=0h=?EG$N}CNVD!T62 z^UvAM$HUAO@ih10fxY(kDE^cWmuFX_l-vF z36bG=5tyHk<Cx8b~Irpy0bl5brcQ*HSewEfgQ0(TAJWD_js?1PpZu)lzQ&tCZ5&F$BRBh z`xg~CsM9trPC@C89PM(gN$)3T4u;ptm1tmM?hd6`-SqgrLZ)Zr2!LVI$E$D0YMgGcKgNK>G zD`E6;H&!Er>V60L30Cgdl^66tG0LwV%*D-uJ1a+x8?m`5(VX?Q;$Xh?Cg!3zrPcHU=%pQ>9D#y2hWn%u;=NsoMf&_RG+ zG#TEBhx4@XEjX-ZGi6}vVD#;aty1tEPrc0#4j^u0s>WvcvVh6r!%N|_Cx@34DwUQD zy5gwx+9KZdzC%=>Kn(jCne&){XCW@-Zh|5V7ljrn3*7Ir*r1etuVlz+ds1FtmcIuu z?UQv4UJCv8D9G_dr8D5onvza9m-PW)-Pp7{0eCOb?dlpo?*c%gEer6jpuZ7H3vw{O7w8hb^8o-wBP$#HOQV0fPJHbWP z3u_w^#QS}|xMJ5k_6H@;|I~{kvFt`6JZ>qiUE6*HH?P;Y=Xh6=B6mZtLcg%yC4c#n z5sWmrgaNwM@shr=BEKhCViEe@utyX`NQ8o%99)D$yOjyo`u+*UPjAt-Q$aYYt^5i{ zh(8OLUsVGn8B`}Ej)RCrv}gz!bct;6BWAN;7}Y(sp-`}?z_s$RNFoZ_R@;IYfpE(p zrtdF&2&yWmXcT_pBtgje$wh?DNrimZxs$6L&PVUVXyqi~2vutT<-YRXr;HFr&GDCk zZ7+ZNP2jm15a??xn@(g#$&7SBc!2ecI8Rr!J(oHuI69eFJGWd0IH5E$ZHNxvWLh6knaw-J9l#LS)#y9U zzoMH#@GO3-?DfSvaASIu_LA84OWP6WMaZ|CVOJlLzC~%4iVFffr4ZmQgmZlxW0V29Ps{X$!r15^#%A)b9q<9i9v5Kda&J-@^_CTJF7Q#-xbwdM_^{z258Z z8i+z;G1GK~^RSu3>SXXDr_1!KTimv4VA6vTK9z9-Fn$P#Fe1S`6`L_?vZ>;5gdcLS zIfHI>$0cV zA;i}L;t#R8zv(%HsW?P9{>d=&T~Qud0Lw)kh%H7WKd+*Y7WLq}Mg1he`TqEBlkg~> z&u)Oof-#top4$)?>A8PFBjC^00CG?qHS8dyfBQ1%q!ytAf2UfgM)Q^zjl> zr}KpKB&160rCw`GP-D)J_%_IRjdoy_kNPru;tPp1*Hr>an{MhmJoG(x%vNqNS00L8 zg}`KZpEab17QyN{2j-jyDat79@ARiQW~qTy3a^5YZt>dhxbssyM(mbqe`+-YwF5K$mMALzS6%t4D>r1QJ~Z=XqwhqYg+hxL z{Fb*AYBbeCs9tYpYS0dV_)12Bj3Gk58$-V0LZ2ku&;Q7#z%4xz&wYoW0CulzeY8Z~ zVWy}{G)Iv|#Lr3HboHwY{|4Do??uR?czSXGzzvXYog4!Ry8iP)|M#DQ5b;QCL(3uY zZ3y!w-rBtyV_jlcwLQ3*U?$s7#a2o3)TVK)zewP*p~@QPzRL>&04v9CgGgXg>Iay* z2}mFw2-^1u@cOG^00*}L{WQdUto9yxomenn;F`sdIl&R+y}Q_v>wQ&*gLkwK!R6;z|=sm zNMhLSx>L##|1(!EOQC7Lt71iv@Gl$?58WqMyKJkopL3c8u7C|4eWf~&2rDe+GzVD0 zmofqI6=a5?ykwjSB6Q}2I;l^t4On8HL-pSEvk?c zTU4W=)c3pLXs61_>}3=lpe5!SzRYeeHboF3<_R^Ntx9D0TzP&$cVJ3vOE*rbsN9&p zt)kaKfpGunE~n+5*NMT(f&;_5r;eO?vmIei!BkKAApak3q)3pKnDCn*?cwJOB%K=90y__fD}?wCpkZ%%A>HN|Rbd&=}}v!0UXY0NQnso1GCIXe&5 zkko#8KWg0#^i8Y;49LN3Ar9tiQdaZRd=Zd&$!1#RR9hcR_`n!8qSM88>lXHL)lg{VNw9w3kNOo8|BNo>wLt{7gHiv(y8k7}-3zT9P!O_rhr_OLYtiMDnh3(_^1dLzzo; zUAcm9@mh~8@=)aN=tzYJyc=Qx3|Pb2b)k!R{1e^CmZpa zF5$7CRn6Q~R!(J7Xn1W}&9JEPS>A4H-8F3~C~pmtEqi-gJp14};~3~=y$Rq0-7O3x zT+E>QT|dzc)^Wv3wZ87cu6#5s-%59-m1l-_qQXfr8*_Xf3uD%i&1WYoT0VjG1NuB$ zBL=JZ{SQ}+F1N*tda->rWUJ6<+Z|iMq8ERD8d4p`lvQ;KtVu2Be&(g!`!HX~Ckor# z8~L`p2T8Q8H+1&1gC#(3YSlT? zDtM9L;z}%3L>U<@vHir)DUuA^C=<-rLZ1droencr=JwUr+QjX780%e>&rnFZp~mQ) z>6AXNJt|6Ac2d~RrZDjZw3U%*yeLu?t$!EMV=PWK_G`jI_T=^}9vNNlB8|_{w+!!V z+*-zt3k7q_A;pof@GSEMypm!5gVhq4s@griOz+jYCHda5ld5+rA5|Oe%JWTg+!et-uU8y-IeOc_@)y7MOk!n!r5_prge@48nr^5 z=BSBP4VblKUB`ERBT`-7f0$!z!eJD7VzuSF9F<sjX&UmQ-G7QBXo_ug19EV`fy32Bhj@w|f7;%;p7(NJ>ExJuzC6u` zeWIdS#lw{|58`b9NkMzEJy4p+MkXCy!rx0sznXNArg~rtcd3QOkl172wVyG%zvW`_ zZ2OBWF1xL`;(m|oDft;ub)URKgNM1_WJBnbJ9p9ePYL@Sm2rF82RmHm`>xREK2 zluo5lroS`ts90?9j=*OY?Xl{LmWUWAj`aIdU+-X|0eP;NaA&PY9uRpwm+ zO9d1qbOT}<#>9cLV{D^{!BOEf<7;b5Bc2N70} z{9_QOslegcr`w~>yY9gCo8>+T-X5X=k34GA@3Mb5fO(h9XL^jUj2No)JojY~lLX4X z<Udj7uk8!}*>{e0ehL8*ZpbG#U> zo8OIvPtZvqBetSmbccPEZxt>{-@EW_BwFn3^TG%$4Bx5qb5@<%H;GcKgUQAK4}!F@ z)OFL-rx5T9+{2RFZ;8-^$pR$HfCdBg_h;Xw5c_{3g_Dyc zx>0C1W%u{EuPTg2Ff27hZ4~alp_&`TMB(wSvH>&`{wQ`HO9}~@^ihh)Z|>9x4Q|6~ zv*Xh&?2YASgv2X7X6>REnQmsvK_P|??(rM?Eb96A1oXIAbeVrgv0IJnk!eGNy!o7c zbP4=iiXGDliE>lBZmP2@X|ZnwZpV6sS=l+@2)cS;OEj+p11wk7Suw<6r>29IP`Xx( z{dt(Avm!=$vmq3B7nC}lBc1Fvpm@Ox-v6O&a@IWVTrVt>=X}fci2!a$5DJ;w7w&Gf zbBnLlWg5KDxP7(f@XJY`ox6O;_sS;*Te`t_N!Mf^R$g1Iu@ew^vK!CRhH1d=DNz)? z;x#ea)d2z9=-Z>$XEi$3U<=>NLx1^nj(d}30B`QlRZPC)qogMvx%SoIvUD*)rZQ%( zkmtF4qeKe&<&UCyqE}^^hFNo7LY4*08qkehZSsYdL-nSP&NJ%_L551tW>>EISWa!7 z7Var1CZdznl8kHM>NKv-I9-qAWfit1;W1}_H}!)LSHrZ$db8MQ><%j zWq0Ka7Fvwnaep8@^paF&TBg_d1(FL=YWgwR)-Lxa=?tHiRMT3kn>iaMpH%G@RsaW_ z|LDP;mk*f`I@K=)Mq37wKp*4RQinMFjgiU5Wj@oOeU}LnqX*dv8W8($bgJ_O;pn>c z+-FhCc}q>LId&ysL6gjTwmIdebDl-eH_LB!4$(+*Vg1V=cD-kl%g){j5@=!>QnUII zQuJr;ygqD=MMXB{rc)p1u@+*^ddgGoL5Sjt8bC2x!Eg5Y0RlK5BSX^X4x~1;;|6p3wu_ zHE)#h{Ddl%a#Q3~-_{Df#9W+yxJk5~|HF@{})b>Qm=gM;h*sj~2d=E85|$i+B}rrO38ev)QFs0di&?TLJsbdL_-EilTVW zW`iG_e2|(?CiA5ySE33Rd)D2qiT;z1*RML;zWU0}9=_Hgbu<|7r#;wwPj_jWSHH(O zvOhewD@&_ih;@hU;J)21zr$o69np>3lA}zQ^9of>71mS1DMDDh6cm+BFPP z>2^4FEZFUVgPhD?XigwyXMlD>3--xe)S)T}rnzi4bZIQ+Q(Kg3%+PXnRNY?E=&{#w z+fG@$s@z&ddBBM6ZrX|4I%6o`*_e6RasxUqriE#9Hglok`Km-(7|Yi6eQ_ldFY?}_ zjPoN;##&{vcMkoqm!cY-*hAVz%DvgyRv=UZyzEk@Yy@4=WG*V@s>H{=_}8S1`NfH? zN}u{(EUt_#s5>iG^l~X5&GqnT{k-2eA_je*BPDaC2Fz!>sC%DkbtQbwP_=PL66P(l zT;sA(GjlX_qabN3909`&|0@y^1y$SHSun_Hyyv;oZZcH95M?qLeg{1uy-MAAX6Y+1 z?aNN-7mQODOt1(_M8i7$XDG9@%X0^zN-j!;VhX0*+BWQ(AQcGl_nyt)e6zY5S&~I} zyX$r2t0?J1rw)D@H#eKAfS8eck33tu0`1-(A2~LmFW0xGiiO(K=%8LpXBeXIiCisd zL}{HmMORf-Umf_WnHSMwZ5y>L(`0geUrko{CY6v#MDS=-g-Ie*yZwe1{mj~PEj1l9 zV|ibrZ>E51Vc~1ZM|@_I=4{5==2>aLN-NY_881Aynnfh!sj=e;4^{sQ_LTI<9eZ4D z`ii<=^f`u{d;EH>v%{w;gsO9MB>i)h9Y*4Qmm|l}17mY~5|{1-Yc=#!In1~9ZSATl zKCd_1x!Ws#iE*M&pfmTjvH7On2HA%jQrP4h8;6M_E5N-Pd0oJFe6kVM!M`iVBFD4S z$;WKacdlz}wBK7}OxiI%ezred!B<-;2u%GCJa2Tef{Zf->!syf)i^YRN%pA&-YDh? zfNkgqFuROQul{3*`a780dFeoCgKRKrjJ=qjo&+c5U|5ze@(nQOdRfYCm% zT>oS#-Y#Pg^{F$D2$X7^H$*Uz0z9|r^4No4Hz$bMPI*&O`d)_BXjO`-mz@Ew401*-=!(p z6734PRef_t-(+VTMqiWj(B<)KL-BD8$z*z|GJRXP#Ew=}Sd3Ww1n^hLK)yog@4kYl z&_;tYGqOV?9fQ<~0kFvbx8f@pz0CdIIoe=>L!g19`|y%S@87A=fBN3bV$dCn`?J&L zg6OoVkRZBtzY*U6;j#F8mm4U2%2 zQwGh%&hL%Mb9{)#WFGeR3rt9^Qk5X}ufiL*o+n8nrxbOSATx8Z;l6V}q<3KyaqyH3@I+FDAe zmj4%>DWY)=pZ5AYJpOOL#{v4C4a(npr;`TAgVg$6Km*1R{_HiMAbQOu5OH`4{|l3| z$S0l51%o37-+S{f6A@+Kes4q@_BR0eKMv#P*$jX0F#b`lf0G8r0q(&+(dgd@=YMG3 zKg#t#MDm|R_m6V@N|oUs<@!gt{)%%t0mmSeckLUVJCi4FaKu-!* z5614@3bk_`p=)C&i4g0`ren9wW0*>A=rnS0DCNw-`uuS*mXeZQEPq{1oxv>r+g!p6 zMBZzm0;lGdK(Kx@U3y6l?sa*LGkKmIL;A~HQ$A~|^^EVl*`Hk!l4&>M-BhWvrM=3~ zPv007+tO=j_Gm_W--L2^7U<HB3tH(K`1RuYxGYOgz~=NeS{=W{_EB2H z=pieceLrKu%u#Zi0 zXe6TA;&FKJlTWfh76Ve?<21ihwiKm1xIdK;(Vd;Y&qBttIV9TB3hU}ORIGDX8%{5( zsI{LVJ9O;Ca#DTqNLi*>C^c2D<)j2%uiw|X$gx=_>l&WXEBd!{!;*ce&vGdb;^JJk84ks=wn6yDmR>=npmARS$8P|6V!L!;R-#BkYf zdDP~U}iH1-;i)u9x22(zgq}I72il+tzR@_CMc5(qs})sDXlqd zd+gw}MCIi4NU2bq*s)ZN_sE>nk*CM3%r|ob#{ssdZb2UyzGRKLyAGS3^C38R`m93*+XJ^l&_Vm*I>tM;CSmWEZ?UmYCKL&j zCFYmM2nK>jy7COmR`0uGoyC?5D46qUm(3}_%j<++t7K}){6_au;0*f>J7l%5{CCT@ zY0L*W3T#iZ75##2sw6veCtI>VT$LkUy}Q(>(u;Xjk%w0}Bv4ODf>T5OfIrbez~-*# zMzV`+n8{G=9YaED1HBC%!<@=@%u@+0V=;<^{GPGR^cKe3YCb-6u`?<=lZ{hh;){lA z=4MkkT{>Ad_~X)KSl8jk@c>zpDgajrBAPkBT6L4wZt#YTWfQS5e4KMAVV!PF(-%ms zsUc;7406Z6EuV|KX|dC%-<6i4S}`^?)*s zqzw=6!Ny)e>}-c7d*$j|_uKSF&7a@RC|7i%Y|aJQ%92Aqn35;}-{to3I(#lAPZRGq ztD$hmkx|*c%&i!DPO-PF3ZLr0qWQ37);;24k-bh)_5ShvEq*tBR-M`SW7X(|&+SK2 zT-fo^I&9wCey8Zb!^&upZS_o#ZS^kXtS~7H$#`HJdHE(QvW9u}y@fYow}ui&9(6#H z8BZB<>6aXPi=fs;qp;RH#r>{4FC2ImZEQnQ4fNaK&Gi;*D=&_nNx`#=Z}b`}1&_#P z-!z!6){B@Gi|*8=28<5Zq>n%lp~4M8CQ_-R`b~%ZFzX8BeHIDz%yG$k*0Ob}aE-3^ zk^%Xvc*+XtkgqK!u~kP&JRAMEWvfQ|=UE%wYOA+Ls2pYt_LXscZ$j-svs8xVnNr(8 zQ!ZZDjbf>9Z!SIK8O!h)dayQ9vbC6NdZfQNmKDQeg8E=5ZQ?*k|C^wB4_FlM*k`lc z20BWSo&NWRCEoOtgv}71iM*(IMnfW_FrCs!!Av(eE(yQn5w#K#3QsHHJnP?Sf~0|# z_mWqWl~&Fp_KpOpuJGIFva6+Vk6|FrZhdO46XE%8BDbV0YdYBYrf8R~h?%LdEX&;J z)#A}%@QMeE?*e4sK{K7(XLSgzU^=eD%h_K%ZeiD)2DWS1)SDjL1-_4L#s4ri3{$F= zx=>r!o+p6~figK&@vuAikJy&TlF>dLW_ul)-sE?~pg$n^NJNJ7=nI_B5_TQwAa?%` zf{=wmjS`3^5et2L967#+dagNwBW^u;-O!qHo3}ic&N{^|+mZfTd%Y57Bd#~T^5gOZ z@Yzo@N53;k9FxL^RI}-MRP&h@*GS;6k59CoY}Kizyz4d{Bnb(L&|@c{JV@%|(jxhC zw-P&%QaI3HSi*5*D&6w3?(QD>9-DkSkyF4(rAmuw#AV)tLUv9G23Mm1UA?nN9nBgt zTAoLslS*;Qm_^>|2ZvjCC6M957#=PTY87hrS~t1~CfckX{cYbz()^sO%lg;EW?RRz zeha_|`hf!UaPr~?yZ+=D%VR)>_r$yVZnE)}lZt3grKLt-Wl{rrm-4kgrXXSoD{g=%~+qE-GT~fQ94TtJpP|OMSSs ziOK0mCn4)MFk`qF5`LJNc~q~rQ!uo%G+_>{sc123=iy6YPtxtWvmK+ z<0d(EiaT_Jd8RE*f>r|upUg}X8qiB*PCe!d!jJWai+GEk3lz3gm^jJ#I(!tMwMq~9b9j&torB`m(Am#BUH&U)t~ z#56h(@qcGZl4d*%V%j!2%(RkaViRZ$x2F2TGJ9XhIv@ld#{MM-_`j<0J}+0XQEu)R zT;f^bjU)4xW3D0MsR22F0m|2_WU@4sD~4BJk{(#xIk>Oaz~FFF9Bx+k2+qO?W`AI7 zd~7^-j&P%s4ztK zwuDOklYxUTOa`~!S}f@Ny%;3f-8@>T4KDMI<@44pcQ6x|hD2-e=rQxQMY*vxuH3wJ zi{c`Fn;07TA2M-bX6tXfJTHhnQJy)Kp5ebwM@f!DfTzq%J)iqm`(nb#^bXV~oH%U% z`~bGbo4_C(kj4$$Ur*MFF4}&k!lZWF`_Uh6?if#fE{6_&4su_?wQ#-&iNk=bfJVNU za7U-*`HAX%aYJS9eiKEJ_wY;v^zkcqt+@{FTOUFQcVNtAOs~SPguqQ`TZKvgSn9G} zn@%EZxnDRB+{WM`+%wmyNFe6BNo6jolAfxkE9T8Y3pfa@W&1MbsAVKPjT(wV;=0Pw zM~|q>*!~9qNSWLnKNS`_-RGO(qus#4lap*EEJ$whcGB}JJb(Ew$@{ZK3%{RyE6VAfSy5?4uBx<~ZKm{qKX{eq~w{f%d7>c~cgK}JjN*}QM#WOD3 z-tMp@sbuvh*xd=Q$iaTH#WWE5Y)29(8na)9o*fCK4fEc&8EKoR_OCNhHAPh-7O1Sp zz!j0^PSGlS~uw?7Xugt92E*UQ8yn^Q^_-pq7p? zZ~l z9~s*v(irqvcf1TX7iNQ}mgf+Y>nbF*_-0>5;Ao;^V5zaOgB$CHR*;EIviD#VhRQ%?Pa!tpli-^4l|FVXEMWFG^x1K=eoedmgP`m?E38m`WgQB*s%I1msNj=@! z7fNaKKAerZ^|1`FO`yvyUw`zw^>t{nvORk1uoTGIvE8xT1J1aR#R-D0Z#W$OXm7~{ zQjI*j_s7FPb!UBkHH?~1b8c^$1(8*o#i^>g+*?KO3W8TD7YiLT7cXrNx8K*6esu5*aXn?^-v8oG}UXh<20y~Q;V+ugj>pK`|J>BXDdCEkd z_t;T(I7n6vWw;-EY4l0sYKu*r{b8kc{|W}F#V|6pB7^JScwbgCi*8TKH^(V%9KWsF1g+$&pJ_~VoKkCxnYz>)K&nnkar7z@5>u(ft zacGvdg|46Bf!3|-{;R8hQOC`Txm3IzH`U|%gk5+6V{|wd z-zIL%JD{!8V-fed%Hx|9;gO#U}Q~v%KJ@EjK=R-wWnx5!Z@C+_KAp>iU zBcH0XnL+V5fj-;)xn%Tvh@Q-Rd9>EkAV^cRUoVq*a$2Rg zZpj%DG53wtf*GLf@|TVW&i)ok3>VB(`8z;}F zfCcKJi*5TYwT*^H`WNpJQPc&l&?PtBLxjhdVu*OLCJ1P38({N_R++B8zF1%DJ6Q;G zdsY0mf3w)a^EyXRyC1e^gIr?SD$q~?0rym`_>UiMeHd?c)O@e)`Q#!NtxlQT0epAr zStW_zg&$#E+|?%{5|Me_SVyz#6D8bo6fAA0$2py9Xa-`w z{YDdP+1MnqzVIX5+~9Nb^P?Lo)YA+;gUKtFS`lGuZq#wNzsC8jKIvx^Tw#v!MZq2W zoa0Pyq2{4h4U|Ktjiw+;;Av*{3j=FIrIHhxfhXw^w;j%%X=M02yrpIz~H4|(tA9h=cj=xyS z^lWBlS?7H86iZo}OVg4KQ|oyb^XS#)`_+&N!8lMEJW)qhk->cs0NR%vy=44+upo0f zY?MxxUb_A7pZp~-c5~s4=E2YPJn7#(*ZbFyUZe0{Wku zWuoMWjJ~d(*y~N*Rc1X&RTPF>KzMf%v+BmDqzK^|Ew|`jSD=Z-k%%ffBrS!u_9+tDXQJu#-OnG19@sXj6BC9{H|^m*D$v z`t88ARL1s-c+ibbpTAeN15u#;Q4H*k9BV`Q=795Woj9Tv4C z$!UVMP8*(gnn6|xJ`J`1RQo+rmb3Q|^vDT-p7N*EB{mwksU3fe6n|O_>Et~i0MAGY za41y|M?)tCNyk~6{&F8yEe>#`mxTh{9zFw`%`tM1KRric#LtQdO|OL)9UH4+z@bb2 z{h`+@0s&lN6!}le4K#|t_tts0dR#E*ueAT>E21Gn8dQL622mrd30z{j9{2a|_hkVP zz%`8!a44%NmQvtQ?FVkK{HVYO0)X?$c#ZP{iW~fHhr%_26yyeAQcYx#mP9Hr;NEk7 zz5JtV{@3AX0s-8urT~XBf;OE14s|o1N&heI&l9+I&AV2Zs3>4#u;8;X#>dEuBp=oy z>p$^G?1M^DZT8bv(^`Uc(>f@&tS=kTX(9Gd zF~l_!-&NlY1uk72g7~X<@qxaGelnfCgOt1l5;r>kugR|6!B3^4K+zUZ9KrCoS~IdSfcF!+S0zn!Ejts!?yP#?gx`T6UYfrRBz>-A&*J zc2~9jvZPJ`uw2 zN`I59QY^`4I!qf|wicAzE-oUPO;=(p9|^9#7v0u3ctW`DrA+H|T5OVbvbmtPJ#1Dv zMeF15!w^2uBJ_72pd7HYE%xtzj^RTmVYtOwKpH9gtyag(jDp@Mfq0z~9Mn$1Meds@ zODrk!IsH#OFIk2}MZLWEgJqqAo735dUdQNt!(q`Xou1+F_M_o7gQ$Z3%CUyKlFgHX zj*lZwsvHt?CtRfWh(&`xTP1fVIieZbJr0o+Ttx?>IGLonkBYP;C?&#m@qud_fLp2L z0I4BF9JXh0EOzSPpXyRG+`ZqwOv%GTSHO@~c^bR!8obD25Iex};)}B^=ht0yrL5ZL z41c$p^C6HeEV5qH1Dm9Cl!4^*oq7zB+bf8As1+(+uJlJn^5J=>O^4lL{ZMHZkxXkI zgI6Sy-k%gff>xV&XM2JEL5mlrgVG&xa!K@BwE~$Mu$dH_Z-_Wgr7TQ?m$9v6eZE6= zcD0OpzOtkEoncQ?cU74yFVk+cK~u~?b`#fLMMkQicQLPb2iFh6bAhj=+E-0M!FC)Z z+t9?kGQ_+s->SHhkisH&*JgwW?{{PNv}N9~8@IGT+rmzcUElJ|^Jycg^BM zYSt5ZCtKUnaSCN+<@w4I`Vplrn3Uh1__iTm#&Kka^KIx8F|o)^bMdea)zYDTGDxla zVHzwci4@$1Q?N2#+%>KMp_PTLH&mqxsO65?R$c=TA(Fep2I;*2l25Op)M7wP#$#!9 zYKNW?m+R#{uh>3WTBGKC$7a4t7R{kkRkOOc)|YBCcEd>>{}?NyP0`w}rP{{Zk4vzd zrI?cH&Lbo0$4?4MeY(>%a>H75mijmO%p+XOh*<;KSF$TZo|28O4%TXH4orIBD}6R* zyI}03dA+`xIt}3^aorw$;gS`s^Ff7FuTlc|(@TGNjG~y{@?488A)oU$9-LN_p(R zVZ!irce}GrTvk@Lohj3zIf)-T{F^Ch>jBe;D++~LhfOu}l8Hpc50y%cqE2R8f^03(NnBLRMKq3&W+&9v6oai- z_rz451Y+%4nQh3l)epEtUg5@?;~2iOz#5!Wh1MyEpUyZ;S0JwOOhb70)pLhMw{2@R zIm725q}*J)Gk`ph`iqFe=L-6>7Q|@`mIKflIUbUNOZ%}}^fhPOUg zp*n7VOwJhw9W>!fk#Vl5GAAj6WHerC@a~ynu=f8EyCMJohmz+sQArd`c<-DaS2ZNA zcIen*-iwISe63Nn9mTWJSr?L)fT}~6xAds3hn+2il>XyJOYZG0*iI-m6BD=NNhUFg zS^IqpucxnRm){As&lC)=U4r=475nrS;6|qeG7_Ee9#~{Q6O^H^z9M~Xmj_l zwVrIO=Wo>ATdBa+s-A$2^sZmFG43^>o^Ux%@pCX!3pm}r41pdE5p1>I!)tfWRxHr> zO9tP~^I|hq5j%5Qd#`XhZ8QBb5ZpyQ!MfU1b6+Kf)p(jut2v{J6mwT=n~kJ% z-Ngpj#&`ukyf;RJcW51|<2QaZVn;i3sFeIICEy)Op*%1iKCTXLLZMTdeyv%Cph2k**V zuSoEEeuZ=JiBK3L!5!}a&~=|TuK4oIA;Xo$ClCwVXVq}Y9s7xKh z?)B^Xnss$R0w;5l_p$zb-g-W`wXD6lbf4!aV0oRuToC(kOa`=Lr1n;gu!VV}rt7Dk z4i#<(LC*$Ms?_nZHO3xSmcDQ;%vJRk$ZglCm1uI=E2~*}<;@uJsvN_KHwZkh+lw;E z0I;WB*J7|AwJj9x=BFSh4m+^H#_D3D$ z@}=Iivcb|^H~HFhhqn5P>?T}_&1J(MWyw`}y*IX=r)k7BIzxK{3ubL{*jpK*&dSQd z)$z+STaD?STIttc<$PjuTNAqLk(!n!l5)W&%_e8QNPF(4a-~Tc=lGW|MPO?{LYtSr zs_t5~P|*m7l)irY)2uks68|BFn~5@-)7m;bRd2xU6T8YK`Zc+1uqwS}+Zm52=`4j3 z-xq6N`lF^R1p-bD|1Pn>5OrRP}H()|}pkqh!oyF+v z9WQrHq>4v}HqaE9-?_aFE?^9zzC!db(2WYubnnz+@qS|w7I)do);{DtHl3n!SY7tq zd$-Ni)p;sBH*Q%sc*@0=LxsI>W>9ea_F(Kr+X0@Aj}K<(zSo5{I%{B4n?zG5Okj@5 zyps@NPA5;0i8>gzg(vD@hJDHJ`~^O(uIY{T&tw%|gw;gRpTSiEb3+T7q2x^~I2H7? zYL?snieh72tkxqYUigss9f^eFoOrY9{K)sbIcXy>S~{j@8#DT`mlSpN^a!VX(rgn+ zbz0e31wBhLVdmAR$%HC}!#j$7n*Q7E*VlTUFE@Cf+n=CWcRi@M#S@mhZZuGnU;d=h z#>~7x?q5adA3P0e{zJAm+7 zdJ7ObfwbQX9QX0uPwi~9mJKv_ALwo@4{kn>F9 zBq^g*RvN76!b(SrOXkRnu$QX91po+km=0cd)o>?PY8}gqZtk-gHm%=gxnPhTeM2LS zd$eugnt7phtlizK*RQM1wnML4^<{>H0vvE?ZR+XZK#?};=BujR(Io4^yuuha<-Gur zF(Gh{fX&{Msc(?%NbPK_N5Saad**B*)(EvugZ7M^x1fH#QH7OC!r9yA{;m`<$>0Ro z4eIP?JzA;=;PK56NK{1s?bD;=Ze?`SPyse6er-IC*>0Xkx6nHD1Py&7Yzoa*#nx3g zs@+wnX!YpHle_KTSVi-VY9DLonWS;^u|`~CWMl*GL=5K2o)5-aUjpvl`?%1pul&AZ zcNWVoEZipT~x!4=)`J1nMCb&9im3_N<*qykk4qQ8*(!sNn1@TCsQd#rz@ep z)~t*y+xk^%c))H9Lt|35Mo0-0e{HFdAV-_1Thw;p3XFdw8E4+xv=f)qY`V2rkk?o| z_RN?nC^3=q)mkmXWsrRn$${Pq`pbdc(ZG?%S7)DqIEfwkPV9`X@(f7Zx2(1eR@Bgz zE5ZG_``h?Q=r1KYkl4}@N%fMPbGsIJx;jj#SWx+nif@Zv-h)D%#I@V?0*Ut>#a^f< z#0zE`+~d^pZ_4#L4V-Hp!yV;xvpJ8}eQ7!Tb*5c^zoUd~d{b!X)Iwx@i$4+)+1$z? z971YL%X`_Xq+RS5egzVCvk2OCpQ+c8LO^{r&QrF&R2OHmj!Uk{>%5Ff*7r8)_cWdr zVy}Dfcy6{gNzN#LY&6q>269FGiy7-2Mv-9Byi)z?5}5tT7VzZ)Ok z7y=$}5#bEp^grXe@~+>s-JqWvWQm@iU!SFBEDHdg>R~4K@f*#1U4V9a$Q>8L{+Q35 z8r^&6?X3{7_$aS=fU-Jqy>F!pjp6CafwQ>lgCL)2PX(Wus=ic^`iIw-P&QG~hwn+a zBW0A7ID}Q(=5wLXLB5}T>s+>(jHSaS_ugpRU|*M@}R_GpF9EejoH%8%1vFIn7Y zO7~#j)aEu?w;>`19KGpUp`8hF&cppWsscu5+)X~}-hE)xj2-BM_gMiR5LrbhRM-!7 z@3e-`je@3GuDb;HcU8D+xxVU2u#E}{0Vz<(pvF4IsL`P;I#W@Xjz7ev{NHPa3}cHh zik>t5}0LH^2S>jd7=(hFmhAzZZbKTIJ1- zb!u+dq2%*owR?}Y4ut5(=Kc|3<$CTKtMA)CH6$_otP18v$U*b25okzAx@~u>En0(Jbmn`$;D^tJdPW2ttjNsFj01LcjMj}uT&3G|p zLNhKEIW{aMD0u}3xu;eM=BtJsTjtG_n@>V|1pA#!GvSLGC$9EvfBC@Y<{;Aph*p!r zd=C$)Rr%qrah&3T&H%nz=IuXJvMlKs1;=e2qV~SQL9s5D(NgaBd5ni_3lK*4 z%SX)@afk+xG|4u*$a?Hg+p=99_b8yPC;&jTx%U}~rVjnxVM~E>Yr~t;GX!wT7e&rz z_Q><`z=dW7sn`fHt3ViOxqY@&ye%TdJMzfsUSM_gxY11E`=Ji+)@rg|7Ff2augyw; z0ld!!onyW{appDb-}+zxO5ypP{#N#QH9k(HxoAW0$O(4A?J$8B-a>avMZBrs6S8~w z;7Fxmrer6<mGD zgL}GC6nc+(gVpCJ5~THTx`8Dn!TG6?8!!Az3}lWlli2aAUCqeG#7EGQ0E2f&?)!U_ zQ+ZcXqFw$_@;+4}V}+7BpnhYLo+9i8`2Dy>*q1)Vu;TA8xTD3g+u^ zBP9ug^d>}{ibtbVn~M>`klyYsh#JKDNx{9i@+2msf96&7R)2)?VEzlgwXq$TP(wCCVl7&6N>FglyLV_idmzIt)=j3D^&po z*!o)81tz!kW{B&%i<`hfAcaB+?@xnn+_=%Ox5d0fhz~^IDx4z)o<5sMrlf`pPQ}nrW*Fpi2AY+ zfB&7Rwr$HBL$S1NBnQH>{o}X3-t`4@Xag7W$;+(E(!D|%k=*JL_d%b^DPzoCU++nk zflvG`p2#!;yTAsl+VCnL2U#C)2bQ!Md>pSX50x<4tan&4bf*IMaD#X~#4uyATB;nk zHDfDLQBuwKRNsO)U2=ybJnun)E>pw$#K4rwpsnxC=%zpq`K{_Xot?!I8C!m{xEy-m zbVjp!pTINCd`cNew=8Wjxw>uXei&H6Zf6J3yU`f7I`0D|UFOJPwaR<{P+Au)AU=I< z6Ze?4-cTULUiT46&amxE3{H)_YT5TvO1lviqyt^UF}ZGx2DK^*S*eFm<0`77O{-A2 zVy&?-#i*h$tvjP089hj?;Y^M3=L>nE{ByW>uNqvY;NLww*twUcy;=I~<@~Q$wGq!* z9p{X_yq42zP4?S3_2miQ>-dgb)#!5D z<4l>R1HD^`R>nKpPqS=-7*Y3Iw3oloP4+pYH`2!FgVu8j-7C#Z$Q!aY7v9?d72u z)AG41W`${tbgXyH?&QSQP)3X56kxCiWfXr#M8oy!*t`A6lH~9a2WP0U=E?qQJN54q zjVW~vNOUP{m%#dmiC1H;a|48Qqw%kX{O;R&8#ENOB5BM<*H8-xQ<(-8nzm)66}8xS z`5?a;gctQ?+yr%89@3l|nEb*3SEtX8i#=6KPMhhFXd;aREP!4` zirWn2sLJ_YHXW80nZ3O*ux9Om*t(8<37jXWLQ+5Xyr0}b5)YsuQ2IpdJQHLXwP5x&>|lBXEM$Y-Ml2 z_`B0Vmu3xyjwSyy30#f*zQ790sVs*Aiw5={`qweK8~D}5=@a}mon{2<5LTS2WVBF& z9<&r5BuO6QcGvZDJN2q@a4XR;;Pk5-?E3J?qI>X&incMhY54oDxwpx)r9-j7p*$$^ zAm>Gdfn{M@&UY@5zQs-u-`iu06ZEkHkkqr5!y5X`j{<5e8XH>Z=`ww|z;_-nhKR4E z^AKi&Ma)yX^Z?<6nY4v80 z<@AMTW^z094u#odG9P)`*wiFQ&{Ep8&*lV zg53<9zUAAF-fwc*bfHx9nyg7@-$qkYFj7y2((>d%{pqKrQdhlndUD$q7WZUo3buNr z>nri^tw#&1m+-`SdG;GMTUGv$DKGO|_odTMYr@Q0B)^5-i5Y6tkmBtW8Q#h@zMW_5 zg$0G`$c&4P5jKaWADj?M5Q%N0VQ56I6dKGX5;%9e@7@ z=>?j(@5L@Ox&=wS;1j^j6-R3kIY)T7Q(17oZ^con0vE~5{1{uxm+}{OqwB(8NVM&? z`_xMEQwg>onWrGd^DxGT4LCFWp5zHyzDxNCc>iRpFybU6_2c&*OmZ_Xns~El1m@+4 z?PIU+pb)JB&#+34SZe{Z8wt*wxqW?Lb?P&;rT4ZpoIN*p1tqwz{=_m9KJ6wE+Uml| zTv|%`PC`%x;9xYfqj=0m`O&&h{Y|EFc*BN|-VTxj97wWe87s^MPhtI-ku5IP?74{Y zAe=3k9g50aS)XA5D}1V-JFzjx%Wo!o*<{;wzRG=O$O@THn4?o#Jp=JaY@HATa_Vik zCf{aoy~%8gbZhTEv0Us)v$1IsP&afIRlOvH&uNIDo3142gKVD)z$HmN#wAo2H*+hu zX1Tf&KUh&&jjEimqmp!tn>#n-4TgUzuL zSnILzD%*7d1$Z>d0D?D-B$aiQ8k#aXg;<42Z_$;M)hXqoYcP56_%ju`73Y0lf}#-+ zk0jVO0X@s7o-;xE7Cu;YsuxfAp~z3hzMI|l<(rw#x+jM2pJoIQ#GrUb@-}#a{6-t< zzc7`?HJuTe(Xu9(YH&|(N1{G63k>9RCaLHBeYmwW7u7$6HcJS9{7bZ-pd4G}oy}v_ z;H6cR3z&TeD7wIn5qZOs<^ee(c>8;+RY7)VWe+we%6$Dtay9jAf~q0_C>RH$?qrX9 zy}l`ATt$3GX^^fvb0(@NIvTk7Gu!NGaS?{6&O0Z&CeIRK-Log z(x`ihRC$*NW^8MD($VRuHb?L&KTZi;Zq*?*Unt`^qV!?NP`39@ z_OO!*m2!lcUEJzwt8BnH8Il>n%=+*7x^~d$o zH=ZriC(%8-Wl>guE{J=5C8Hu0nQ~hC^Pltg^h415^p{q`U)ybGY4CcKuuX89S_&fy zYkC~x6fLo&%WpIEgb`wtSdne!Rh-vv+LdSO@WDrPi$U@+C;mA|G|p%ijA-ik z7BndJDys9xScHP%3GnA?J2iBBl6Qma9Q5Yx+qb)#B7!G0jLoRpAG8+3$S1-hTVn;7 zrs>doGY1+-}o1|EEyH8ZqrgX z?n>3~=H^y90+&ZPB((>~olK%Mo_mbL+6HIo>VuMf{rp0$vRBxF8)xb0_HKprA90YT z&H5)gp9M05Te0J^_9r+qp|tJeUcIpxY(<4mb4ixfpgueXt$GuNbvu_~sqXo{JWT5* zZ;tuH6*C@_ zEa`6CH%^&|DBL)Y0GyM3W z-W*az?eQlK18+zWB*wa}=Ic8Bvm?6MMn z=Sn|`!c~>h0}5Y~yG91syGe@(^K?-X;mP-ok5_l+tLQH(ZSZcGQCkE`I)smXq`!2LGi$pgri6NS+yu2mt0xDL3fEK5Fh8gnItOZ}aVoay_MKH{ERJ_r3F6R1& zQyg(kFKo1s$un2JMxiZz=_GhTB7#= zBywwf$8SCG+#Ou;3{ZeK(avuMr(JD;oD>7?1!_=wLsRK61V*wwrB9>SY{@}+Fe;2k zmyNUn|87updS>jKhlJQ%^qp7RgElloM(@{Geo(%NtfFGW~BtYt^IUUTu7?^zltk!08YtfI;*K*00St<7wQ1Y8e&!$~A0NiO> zDC8|~T_PF6x>W_uGg-EE_jd~h)K7h#o{uY8mNR#OKu1T5ETYnn2WkM&Ry`iDvc7FL zaACOi`#~r9qV(QO`MbcvEHdLUPKN6O&29%wp4ZhQAk+>)L9eUAmj&x(?A#Z&K9HD5aY0PzGqMiHS** znsN}|eGq!it@qI*jYOT^8<8T2ZzZHYT|$Gt^Vn>kmIwVB(9+Qu4u#pYpPA^Zdd9f1 zbZem}&C48x0rvJY^6YI_XxO5cldtrD)H+t>-Aic)PTw9>4I>;wbh+Puc>m~MVIB7# z|Cx65?bVa?Dl)--OANA`}m+y0YOAH>XMwo>; ztgo1bL|eC=H4nk98nz3}@NC3v8940_+nDQFF!_(G)8eGq$2MYR!@ms~x0Axf3iFOh zEaiB>b|f&CPJ=ZccxyDYpv>s@N|5gG_K?GlC}Bw;-VOuFigEJ)Sk0N%5ZPp0VLZsYzFPt>@y72CHC`}~`Z^g)Fnj=FD<=uQ&(#C1R3)l6| z+@N|oY5XI5(YWe*IYeqNq>GMu2)NS7iv|pt^%-zYS=LoDeMfjf5P-O^zmgSwAv0w) z7kj?KZA;G(t#sikFtmSI=kOQ7LYWFLkc4#??;T=?aBmcRJxR=dl1>pU`UyTX43~>_N@)1cDF*&xqix^^bPu;M@n%JAP}u zR?_wj$@UG*;c)(naoMW;k#Sk}bDfSFHLd0qCAYM;T#`JJ^poP6*4!!!&qz;upjp3p z!$#yzLiA!Pw28i4hzRABfxre$I+rPC=fLyVg#*6H_WRk6mex);s!i(SAbFw~oz;ng zrZxDjd>X<=@25~BW=Mq&m39^W>Dv99BDT59qF;Up#_8f0l)zt2W7#9=Z?>rSQ4 zxLA*qJzXLvlloiZq@`IsHgjF@6Y^7mh*3Haq9mq*nV6qa^{gNp!nnfPK5- z2Y0ahw^!+Vd!x$WD_Ghk{UsWRy0*AF8@}TkYk1@S+{;v)=*p4RNtrqcNn|SM1^jWu zbq77Q7e^|*?1F!ftv6TJUIUBXDV~?$Go19R-2#&uI&(>dx^!DO3cerTjIrZg+^L*n z$=xw1qkrAZtCmuEVMiMO(7LQOto8meMB7n1gbR<#8u|JdT^Vk#E=&BPo6_bk&8=(PTJOE3GaT!(7+E}>mn`i<%UW(5{d$i>r;M8% zl4ZG8A4M^UmY5zds#TH@Ov*R`)|q+r@n4r--(U0CpftS&y_k~RT=fDQT_}=@2EKgdp3~Z}Q8t z3rK-iV8z=hA~mMr`r0FXJK01h>mvPb9I2ZC+a8>oB!TfS?NhU=yf+EB?O}4XM}u0p zqfc)(xbePdO6>M-gz$1`JQ7MI4n0GV3^PWNXZNA<01Pyt&uu`E>9^hpGQ$az=2aP8 zN3IO1X&bcT$XG7PEX(`daF_FtnQ4_baj4w`7v{q4-i*|W$u-}t@dJ*Pj=C~!!Atx&IGvj% z{TyswC8*it6fm5xV@F>Muw`}I9|u1T7+Q3r0w=deFq$J4ek^`>wV2@1w)i#^C%fLW zf`k)Nib;XVl!rj6zyUVnm!hG?A0g>#8BHiiHjUVDh})e$l{-Pzis-C-UiHJs)aM2A z32&XmCX1clv2Aw+)gX6bWAT!2hTq;B(oUc($hPv5Bdax@tRWpB&&r||W2O5Rv^zI3 zvmuk@h*Ry%b)jW0^kvsPBUhRu2Z{JTq`}f~g zJ^1DO5W9-pDjNf-rFSr;$=pt_y$B*zS`#FltG2m3xS2dibT$E#R%F*krd?}yi3;Iu zF-C*{LaiBg%Qp%acg2B$J3AITR^XsVT4OO*LEH8ky9QH%w@2KbXAT$b?l#rNpem*J z3Ind;%wHFVbF_1Qu`8O{%K+|^fb*7)jVIZ0KZ`lreEP;`p|-_mJt&*&$H8Mx-zEGs z7z>9i{qUV2^zh=czB8$Pau{PPzVppEDDa|^XtvwvM!T|)~6xINn% z#Xwj_Jj{(kq*K}vefeMPXJDqa-Y~R*9W0LD^l|xyzT%O0$3P>}ZM#3_IIA_Fyp*<` zNe=0f%7J#RBMn-|EJ|h&Az~zd-kRkijB4~=ok%598E$(vES$#~eVrOiChzD@ZI}yr z6nEWDiN3P?_$p5klsGA}7T|a1_E{u1KBv5+K^fs@tmigJ_W*3}LCzNyrTLa$2oP+s zm2zzC<${esJ{bOeufl9=vzE(c<{&BIJAtB;IY#e3EjIT1g30ssYa|?0V=0D^gfgO# zc088-fjtt3v*y{a2K1=f6OY%o`Ops`xY+01*OT^yq*EUbOWyF=z4|fy`E}E zFgTCAhHj;A^@Ex0MqUsu3tLw_%XxlJa)(G`PdOI!CwtCEXvBMZPTCEP3)y>*x>NLK z>c{ftvU6KCqZlT9)|4gbcE|)z7uTn1dtxAY*lu*YTpUmyp5@VU7%=TQTWfg%n=NrS z)^&Tgc&?Iwa($9{Mx(rt9sf}zTGG@Kwu}we@S@eV6XPEvCdU}dP~dB;36uaro@-mQ zP}ybUgbC(LY=K4`gll+};MK?fg`u2#R(8DUG~`Jf>Q-RIw5R2piGb_WHCoceo2|_b zv%G-<2=P0tuGzP*P2v*K6VAlS|LY*?d~T7#BGLy=WB*}%GT*QY5>7@fSK zW3XztG(f4duSaBFHr@!nKDpkEX7nIzzYv~vM&j@3IkYPK8Si?Kwnap;yL^wch~Yo( zO}B3^W@P)&ii~_++-R3r@mEtO!Cs>afFmyeqT_R&l2UAjCT)MBn0; zfs-m7XszF^+Trz66do*oRq7HWjex_J64kE7sa1MxqvHIl$2QvHEAdg`b?xx&jCjaO zF{suaELNDx1zksH#CU9nPuU^RNurKGIkiTPnTJ+MJ$vKtsZgl|_I8B0n)Z4pY!BZI z9I_i0mhyqoc}mIz+ig9QGI|h_3e0v9WvIZpPRcmE(s{v(qg<$P#9|c4?a(XP#T&t= zYT>MAqRaE6#@@kLjrKVT4`O1=Sqs^ytmn8sY}C#Dhw9)WpeqpcV#H>uyr&7-x94X76rl7*BmO*J6!sV9pAt z@@_g!OPBxnxuHgo){xea#$MVLs2X(mI)1e(A;`Cqq*>lo-zKqqZa=}QawE}72Pxdy zRZ^YHfLw8Fs9Jk3V$A>qJAZFhw;S+R%e1{6vT#)={_b*vc>yRB< zznr+)Ave87-bf_k^1gvD?pT*VG|b{1?G3#FVlM@%%=+E!ls)6~?n8idfwh#P~x zD2nd~j^N+L?FEU=7P~AinEPh0KdD3Qhw^~#PGb@(2%CZOtgOrk(y;WTCp9al(%gg(l(JaL zo!GT0MIJ!Z*UCfI(V@w;0xbkqL6=dNRZnlfUUANLdz7Nc2P>rh8b&;w<@VoUe@GwL zlJ`NBmM5Q`m{Yo}wRNu_I6-M;hH>qK0{Q7O9IHrG>spUvju97P`66Iv7)`1ko^1Sp zR7VclZ)_RW>|twqA~z<<_0aV9C)a7l%3G=I_o$tb22l)KXCav@(b<&Y1p6uJFGp|f z5~(&9&f5*SkuDFQwInyEn}d;m1>5$=ZmleyrUyd8llrt1VDUB-zuNxlu%PxNhA)Nk zWO3E6_Y;f9WjXWKO98)Y@&QQ-3d6Ueq&2)wgih^RwZ}>U*o*~OX{C@{;J^*3f+rqx zqm;lXGEAYI-=mIyZe8U^*;%ox!VQ|C7B*#+D*34t5h5qhIoYw~$m)Ve)U(nRkv6i6 z?OMEQOL_rSh{Ye^TX<9YE|-aS;a>tmy>Ay{oUksG^EgiOcyR0`*h8V7e_Iv>@?Tl2 zytg~P6uo>@E@}fm?>OLCVbED&HRp1et%4Y;UoVW@&K7s|zFevlw0*fU86q*{3kv;u ze`c2RR}K$T^sosUm*vr{XLWascKKmno7A0LaUpJRb0HYHlvB=wP;;LNm;;kn`S|t{ zC`h*#fDNc?!I@I?sKJFKuuQ45O@Hd)T@3 zJV2u0ICwpKJy%(JYH6{82T5q=EfaNW8uLM?>&l;nOz-T)Q6yC|w{y!05L`3V$4>v1 z>)KKn1FU$h4q7LIeyxqVvpry3RJ@9v6O!2WmL9n@=P`qA4J;_^9zqpg(~X>3?AM&N z$WnxJg9>3&Kae$j+Vel;e#Xs?%SYdW6yju=33 z3V294rZ=+t?K{7zjD9i~>t)I-Q{Sx0SuQ=;VuSuvfG%yuZ*`DFL+^a0`t!ilT4oG$ z;Z+ztRz_U;Uaa>-@S9rFyUd?wHdnZ@(+GKIp;45k2K|sW2!2n0NAEHzPnnY`+Ji}T z49YXS$tYm_<1dD(-lez+<}-dr8q;YC@}Z$t>$x}0ccKuyvkp(RT%Lu(^%Q=Z;b#(l zHD~s;pe1no@+9So1kVb*d_i$o!e&T%8)Mk9e#d5KiiHQSVt1~}yYK^?oXJ~@p}?(L z1G>j$$1KLmUG2#y80uR^D6bk_uQz+6sTr3}((om^9Bj%Jgo0Y?Qthf?vXa_>~s z8Rl~gal}GE?RgRl5rMm6jqSUol!YZ?anoEkuT<`6+K)%c{TZ~PA0`&pX6jYtG1aA9 z=@DsV5Y5j8aawEbosyO$eSDT;*S-k1s$Fb(0jG!K9h`X4<;&<+&CG`SMx1#WcgOlS zud#EoeJ{vkd4fO+;@(KWFS7*IYalH5&W#WWlM40AG2oTE!@|`B$B2?Xe$^^(ozHr* z`)_NNc|b`v-vde@kkM|Rh4cv1Xr2EzJ?`8y_v7L^tKWiS{l}}NYNv80tFasUB^I6W zE_(~+C=fdG0yaxTRCvfDVZJYG_cSfn7j4$BE^IXSp2P|!;oroz3J>3~!q_}e{1T&E z{8IHvv?!n3_97#emhnOi(3R~}S>e3CD@|D1=qz!VyDaYba1+~)tngmCOKOjkMxQL6 zzPY=2%EncAm-=CAtds;nCFx!;^@Xq^AhRkt`DpsvXQEf^ds=2DKvC2go9Ug}#dNF} zhTK$a`XRYt9HJ))?saSNE?KCnD1yy4i{0&7z$R?EotMZFMes+-Dj7X{|H zecA@w-+EDRavnV$gX$H7B5hvJ=9@HT06NTu@ALW}5B!X)*+`m9#V!>qs22MZ;HDm7 z`a|b2Kg@Z69(y3?0dgW6rR-}zJ?rlQTvg!(Mo_3A3>;FQN{4$=GBDaZ(ZDE(|Gsi_GxY$GhXPkd*b$Ip0D(Vc@? zbWj`X9K@=xJcnvU<$+pZS>-(xt@q&HU`Xbx0f5Uk;nqFl)#fOfA70vb4ZXQHUji~x zj}-BvH!J)Vw#LZcczf(F**uPRIB>vI=j@e^lw+-Z>ie3=&j+eV1243vz4$>!{yZR= z+){3mJovK=?cper|1*17uCk#MisIarhwZHCbh3E>q36b1P{wM&#M7T?Fkt4s{rMAG zv@c~mDs<{3q^D;3+QDBt_>Lb4i74QJVF1=ofGr(f(fy0Cd@y29H{e70`gy@#pj~|u zzVFmp$ned45|vg5KU8rNTW?$OmaDH^?JdY^OyITrFM+@3Ca{4oDkS4%<|DvpR$bkW zz~KUb%-2VgxF1an|1(Pi-4?^RC(V7wkArp8?EkI{0P1|fJ(*QQ8<(b)U>OJC4QE-m z4~UzLH~quvvoB)CK99?$tLg%QVSfz282=x$(4zp5yX8;7bQWQKcmQrSsU~3li`f?0 zfZ>B4c$}Mm1`MAC>l(>(V4P>)4p1OJ`2QaNf5!R$t>@^|LaZVAg;c+TYnkT-$CE4g z-3x}0tpO*%ec36z_#7uGJLg|`-S?-!l1-xLJZj|!oZ&aLo;b>}zq&H%4goOg5R*2> zW#<4D)vtAZygH*m=y&jR#dI+3gx*E?Hi0Dp6tjsI@7U^Vjy2Hz0;hi?SZ3H8I`B|iI5k+@ zlww^rlOyc>iNfl-G{sAYX3)2Li4opOFeK0bppDKw{|oS0NO}U>Sn5OCl?;~S5E~K~ zVHV|cR&vL~IDkkg$yk3Ffv69SG6w8D2hfv*;eh%+@C&PXU)}cs?%~$c*P!vcG39GN zUv!Ks9H1|+RWJy+t!6IYpB-bIab9+~>p_9y%uc*l-||I$ap!baEx|BAhccD|q1gTo zhcaKUcmj<|H4Yb3dS~V^_0Wime)MRawwi$Z`$jKyTDYW}i79JcX3jNCIYC2$#>v6% z&i=VS#WN=lf{Fa0zr;n}cj4)8qY{$Nfi#>#4*^A}YA+a5zVp4WN{=hgx{ z5DeTp7nI9Iiwsvf{{+mZ|9m>u%4-Fprd-8wz z1yEAby0h>(>6xLutW=v=mg;_RPI{|u1%yc_S8#xh- zREa=3J!_9ca6E|t3(RtJt|^^)@aB8^NubCpB&_G$svE4nYN%03bC}XvMIR;*at8?n zw#0#BNVDxUa##FfTqh|6JUW)7MGacri0o0@oHyuk%-JPC0r5*R;7Sgk-93&qJkZG zH!jP<_xcxpEhBrHTYKFy_eV8Xchr5*^41293&l`N(>*Ja==tdUv#1k&;0TY0_Ho%( zH$2CynRcIzUOJd|&X4a|y2NdG_fga>hBrK%66Fnc+n%RCMz!f{FlYtfXgsjRCu8gz z{jc-)bIjb=0TeKO7$%k@>ONJ!G)Utsf|$13yUd?zw}#_q=$nvf#`tY7bW4>wZWB7h zJF=Y^0D`TUdh8eTGO1rh1no;IP#UQg9ss`@1sLiQ7igH&Yw}NKdK{Idatx{>Eu!*X zTwgo|5u8-x0lCJ4{qMu z?Qa4tQ=$W8zS4UNxh8oxk$|p*8|C{@@m=Tk!3@-%1A^#~!CZ5_a^ul+0_Lp&MDIJy zzdZk+)^EBrAMJsEjIOLO>JYC$flP1Dh2V$=`7IpQ+`pLhd1 z7xR-me)RZb`gu&5)tLnhPpR{=-g?6f2-vn?S#o|qdVTdg%xKj1HAqc#Y*bRSx#_~X z*dVrimnN@gH)HTI=yrOw;BHic@NOPx|~J1v^umbBGq@b5lY(9CXxBfC>PBh@32*ay8BlJWMz~Wt5|uQgrjbYW%N%`KwHv-U zx8LbRYlRnFTUA-3gQY%nIp{1ZczQ7TzHETsrvCcef5yar5}1EtIS}to1CWWe5!^SF z#ofc~SrC8|TA|pqe2XZ6r&4USyNe0&Zx4+w7{;P3*^PtaMK!TKA z)VcqsuT_VZ@BXd&`#%iL^A*ru)3hbbwEsVX5eN9__ytIR-+%e_wg2fozZnQnJIw|- zMah`lb-;X{R2L6|my+5lTd&H+|KLS_IzSVk2;Ax)w%Gr&j^~F&^u=kQ%f|9w-12{Z zqD%?E7G~U-1NMi{^yF}jD*|g=R`K^U`rB8#r3EZ%J-dW`t|;Sm>VV^<-2Ojj`9Ej* z>8!u3ga31u->t0wLze#?vV4YOMBqAluH9F<{dcExMSAE*OTS+#!S zdH)?0S_J}0{g(~y(Np`do`3HE1&2cSxw!#pG%D7g%g%twCDnAg(+c1O4V7O=30nwn(r+)tCL3qnLj0WU=&2l?S9x9&9^t|C1C;>FY&3VsT zM@~uhqAP(*nN>qUp#OhiCtB{S_>S+O`ksR?Asse$UZ(*<&a&EEhOmF7^^;Cl-J_s| z%&t{gII$^2F6*hwwPl6>MJOpJ1Li_f1nwSCR-l{pK=W1G*F1(&SYJ0`d;_s1k7Z4_ zeB8DNA;w1zrO)M%j0EhDehWD)@UqaS)d=(k?@Tg%H> z0nf`y6Fs0MRsjbSdkJXb>P@x#htt5*=N(&W3H?PI{cah5f#uL1DABdA=a>24EB)sr z%5(c7p!`egO6_w48R~O~Y(f9vd!!aWqv==*&2LRqu5}x2ni~7s4{_cLm&>uorY`am=`3W0%d9PWGGa5ny!LPVK-eugcu|J})5YkSjmt@M}rp zzc=I?nR#&YQ2-nJMTR(BsdO0~ zz;BISjA9`Uz9_4k#qQWRWoAjB%jVvR5>kTbTgx0*F74>&L!(NEc3Osw_Lkl~7!Cr9 z^F!7P6}8gh9J1X7;SM`A&H0RCnaV`s=ICUsHM`G616|b{=v&aOiT7&GSq5mVIr%&d zJIK>bw_=)K}nW}*Y&>7|fcpCEMfd61f2 zTIDzNwRKPH2k+ECn7q6)9b~`-Sc8^Bgpi%8J#U4(JK^TcB6m zW1SRU>(sO4ycl^&*x<7oi=P}AmZuFsvXpsj5q*7g+uQw_QH6j`#$^y$akp?V6|qz? zIxcDwZm4RtYB=_`cCA^0qYlj)b>U)iO8{gr{i0plTL$2WSi>{m5w2~ijlzi7tr$D7 zw4(`Z+9ryA%eQhQGHYy=;BMga0>w}h6Qr1BP&y~-5tfd zEQIbV*6*|g23d&5f-QLPA2HZ|gjjYlIfw$!b!kOge{S8OjXHB{duI^-@=EbW$70E2 zK8KZf{4Ps-JxN)Sx5dpQ!>!!4`Sq0IASJMHxESHMoVWCfIS3+hJ-cG2B;Idi8UbQG zZyf8wPG0}sY+s)c;@5i*zPBJEPZ`tasy@i6{{xqikp)Vbf<04r8TS*qTe=5RA`aT8 z4v^RE_`9={By6`~Kt=v*J)k)89bIW<1Y6t7?LCGj5n0!|hhzP)D8xpV!kp3?l4d(# zMPEV-`9ho9VBIo$H$;ANmXEhUQez1heB#X5-g`Ftv49{tf@>TATp0d-2!3-DKc8f5 zR29$O9Njz&Bm5OJ>2JkqFf(3#Li^T4Y5$6OWFS=HWmB0*kTIt8QEtCZ@wcw*0tZ)_ zsSXE=31VfR{Z<2$7ytgcRS-##K$K2n2On>B6m z-{0-1o3>FpwzIM|RZ7Oyq+Rar2cjn145SAtl$kT*VLm;~1vZ%}y8gCI*G5+?qNus( zvC7vzI`Dq4Z%ZX}eF_HkU`F#Av|wVu50^2fu=OWbZM!mtNA4_EO)7*6oKCHK3D_Mb zv-I!#q<%-tI#dA8@wZ~$bXb&Wlieo+%2MKl&tyVu1iePacZn*^`%tc6dbvy?-!r1=gi&}+k zSpcElu*~M1gst$^I`mzM%Gj)-yRZA+0{@&U1l-TH5+5ODrz*L%9*rMxCaWz^`35at zVK(QwIju_>8;y4ky7OQZXo9Hyu%uuGw9s-1mq%;Q4wto;p-PQv0Mllgz868Yzk}*Wd z7fCWRkoMLVbHji>Igc@A(_t8?(!M&ajK1naQ|6_Nk)e%eqqS7e*6p-v)?i=n z*e03~NqgyM7^9K4#z}x0Lc*J}PXh^%_wt_bL@wucnH@JGQ20)vv!QI@!sP&+> zv1sUEHm|^2B?c*fvx*@g$!VZ>s?c?Ck)h1|n`cwsc`uOb zM>de4dZDCB9-J$~WqJ;Q?@s|bz0Lj~dv6{N_5SydpBAZvv{1x^B72Eson+5eDr8Oe zJ?k)rIYo$&Y$5xe#=egsN%nnTX6y`OX6%MB*M)&Js%h12$6_%muD3T%5_-)g*>*222ip13y=9T+L77-)S|5WN8&jS@4Kw5EBAznW|Dcv%&d)$*MN_IJK)g(DA zYp}wA?FV>*_0oD;PfaC^3n81!n5-I8br<=Hwr?J-{B+hF)gEV-hf&Y^*__~V1P+OE z=*o^Yo{5cN`6;@d(%ZTQ*OPmQKG=#!HuESz^>+HXKmwrKlLmFq4rCY6KZDw*aUW#E z8X|(AKY;KZ-MW1c3{cQvhgM<;iocSwkI^X|A{3XKFNIvOT}=Zbm`n36xnk)1t;5v) z51xwH7ohrTlw$?9FaqV5=r4HM{AY8TU+>c&qfNpx-qYSIWmqVOxX2sO~Cpt4_nR2fpm^sce@%X=UB< z{dsEK>_9%pXTkx#-TAEt`3|G@6D{gq!P~VaTr)FL$e)oGz83D~GFCe?k>+dw?xIXp z#8|c05_}dMZ~1P2oAFXPBe%aaDe_~{Z@)!!r@Z7C8$IFTVd>EXxT-+EYx4ilLH@sA zy;5cY+S^TD3%|n$)l={*B*^~^2}3bYFWDJyr3p0zm31bRjWw<(EBYJ<5qx0=0M^j4 z9%w{ZYoPdiH?1oZ^SZV0R&S=t`2Y!}?38?MU)Lp9?Q3iQ*eQ9gQCEIO?g}N$=f#TK z?NB#EMk33w??R^%dR?7kBo`JjzbN%$bvn6&8t|RU1{&prTIS#R;=mUB#^es$SWcD3 zs+pxh*FQt%d$2%$4x%7X*wbGnTkfGpPu84!pda%Tr0a1aMxw5e9$>%S!85_` zQWAn@fl}=0661uoO}W!EK-E`EJo;Ru5`U!Y%;vH#9f`CZI0;U>k zr3ZJ78!_uYGU)R;>nto+sa5jV;FGtVLxGINOh%Q)&`~$vpwi*Qg24^%was?78KAOwCOZU#SR9h)2TLKyP!`_D z$vsOtb_YSw3(=-bHISMWG>^R9*Uz8@#X>-2ICcA@l)b!*p^wAu8^Y3NIc-9Bd{9`4 zh~^I~l8&X14laqmNYaO+lbgI7f~+(=|B;KH#r_VwT=vzpc+tbKHK6_L<-P`9Zm*n& z&+!ZVz6-ZG+}5c0+iNFQJl5aQxU>?RS#FPesSIHHO_^{69#&+~5zk5JLy!3&0cSt{x{Vy(MB{$oy+bSo zp3B4`0wSHq9R@@S_Pz^8CT5NAQ1_o0QJb@NJ`|d`-rsg^606@1NlXrb(ZsaHV)CaH zl$!owT4z7Z>KSs98;A3_S2e#lF4Bh_m$95W=l!xvzM~)Q7I)c@hq>JY{xqbvP@q)e zm7Z?oCEp&a;`W7OdRcVCJV$wrs3}#}69Y4<9QR0z!`p9@(a39hf`-(U@Kb9sDYCk< zF0EMhS)p+T;ce?K<0oHEMiyR+bUKVXzCIpdu%?i<<#RC`Kq^xw{tkJVC>;D6epw9 zoFP@pYG0t~G-J%2eAa~AvW+pLDG5mZ*+ruro2{v)X8c)lotdf!T&Za-F8nRLe*4|J z#O&lo7=_Cx&uP~5<3&?)Q`NF~%z1_3B_x(|xQqvNcfr&15#9(S7AL(*&Gpx#g;#LfTzI0_FM(0M>9>0wo8-l)~ChpI@T! z)}INej0m0<(#=u@Hn8ovhZ=SPr$n;<;Y|BpBS4uG+vgUQKYWTdf1Jksc!<|{d$j+i zD8x-CGmt)@Kdg~hel^+8TdTvc>RJUFU}0g=jxoF+3j{;fvHWW+f8i{DcAvwa{A(=#8q2@N@-IpE|6!Xz zH~%k5_fMq;5G(&>bRPmee@Y|&8q2@N^5<#UfAf=njpbis`EN|)-^lV;rt#;8_5bxW zG<8r4;awFSJODL=v6F$i_d{*8`IR{FAEKYMag1_twF%qD3Z80B5GuJIX&ickKkGvo zQK^gtA3J#ftLvAPgAh7UZY;Omh`vdavyeq;YfAEB2R2zcWoP#<#KqSxUL~D1bq)_a z+;jil;^>`~=i?QL$3b6CIR1Gj`G2e^|BsJX>i{|W8C+-Y&t2vpG`yCJzz8mLrJn8?%}`p;nYZxzvH;mIam>E*)L6id;js}|NX~T zBtX(2xKKjnr)G<)=n*#0BFAyf*NnRUcmBNP|9`%|v!;Ne?%LLZ&CiQg<9Xi5P~nJF zTWzrGQU33*;K*M-$(cj_`Z~-N`omveZ9VQV(oo?jaY{~~e(WzF$<_b<((b_kndk4r zi5Z-Se{(JVcY5iO3Or8(ZN5C)Uw`?Z*3JLls}C;xts#g6brU$v zo{QW3m44Fya8?8BYYg|m#dBzX#2}#i`5fd(3gSIoLr@Emap7lN zm}C0s89saeJLh-J`Auo~nU67FS62ea@H{Mdn`5f<;s;LBSv>nU*iR#p;r!_*+R6W` zP;ifMsApY195b`>Ww%(oA;^Y!M9z@&@@vLk3}=VRp~1GC{~52g=l*wIGp7Z3@xPb+ z(>DLtPkH(%5<-lGRMzrZC%e>K5cKjQy-4PL`_;J~A05Uv`GHYxU!O{v)#iJY{&67p zk!A=p--m0mnQZ?kroFfM`DSQt0LEnc#gI5wt}aK}q?07px@F#bb+p(imV0RS_N86R znbM1{fQju=8jOCK7}qZo19>)KY&WI-x^F_(c{| zOmz!t)}g1P%9})?2Mb@oT)V@naR$kF{i`NmJgL%DP`v!dV5t`=pHM8zzS$ckH%14Yd-JW7p`C z{dl}Efb24#VTH!(rxSml)b1@DzvJwuy&$*yi zQQJ6($pw%mI!Z(xq;(|7cFQ`u`uLw2rU@8kJ}#}5v4-9Ow|tV+ZUw=qOG9?U+gg(A zEoHdt6%O8$`HkMg`3>IMWr0(h{n}g0FT2)E$Zp(zDhJ)*gEj@m2(=8BNS48TpU_X9 z%X|&rPMyzb(*_@KHH8cC3mJ-?T2Qg8E%go+G_K&+e?pFBn_qEX7F>VevVA)=j%G{z z$V1k!S@jEXo{${l!pI*Be9XREgAzJ9CfIU;#|wh-avrdv{Y1pL#eP65!JAT3S^ZqG z=w>)Q;^KIndC(Qp^Z*D3A?iNY0XtDo@kG`ZuQ~3vFycJ37_BSk_ zM4CcbLh~4(jWVVnJ_eW8o@)paJYRC`r@?&^{AqCAe1){2Z9F+eBT?=#k5+=!GoA86 zglGB0WNGOY&k-}eSX+5m{!rStRXG$=t&^=ly;z19yt}_4lI7QE)xdY=N{`_HC$H9c zCGmX&W4NlzBV82q>E)h!y@CE+4DzM(I6-cA4~JkH=6klTcp2=ONzTytesSieTLgsD zt+QOhTRy1=#IpGw(A=xK!2jf7tjukZ7y7&gmDD|)bNo%0kdAodLBzwFLh<}KrSWSs zFnSF!dyKN!`)Tc^H#bY{eCG!x?)vv-X~%lIWs`$6w@AIsDXOzPWRbh}gEb}uVy~ov zR-R|unZvvOn_7Z5RU(Z|%HfFyYwK!~j|RJDNz71zF|TpWmM4l;az;K+Crc*~`Y|#c z=Zm4|(JO#yDT75hn{II=ZU#roEPcPQu@Xh2EfT91p;=j~Q)XCc$HOXG)Ncx>T$dPj zvaoI%;FudMd6N55zNmnpu=BKJPHlbUdvC-3>W`chUtvfk?n*~pS3c*`NSb5K)-mtv zq@GzSb^RNi{n3<7)|@2IkPg2W51{!?WitDdOb9ri?#kUt$C3ftLHnL3zzR+QNnA(2 z<&W8@7g8edtaq>z9*J8xQ((s+!-jOJ5J7$4b#~u5y(Jdg5r5?9V;D2vgx3_HHi)9#~H1R71pjp&x+mcLMnU>Sj*^R@BHfM^_w3SEox9q}1{W~#s@DE6V^Z{0##}_xzURAlO9gb%eOkNllI;Eue^$Sb zH=Uv{@VPn^afFr8%v^+x6wgXumbCknA9{-T$efA3yaPjLJxIc(?c@dt3V0>*OZAza=vC zv)pg7{8fL5ZMd$Q5o&4HS6furgG@9SukuBg^Oc>^&Gu3_TXa%2|7p2RyoA247euHB@S0GI z@2m3b@Pi#VVYeQm87oAnl|JbiP@nAw_E!8m z7eDS=`n9>9!X@H3$#3Yl`>5^!rw#es%b`e}bQ6aCt$HRz z{qc(PWS#H&E{kbfFq8Rfwnui4wkAgV`%wLUA?)+hylW@rzN{(7c)e_)vT4}eoF6d{ zkByL{4z#M!$-y={?+_Ql@cw$%tEqD7;wPz@5+J#sH69v4OR^*Jui*$|#C_5n~8-#{kL z;Vipb7@eKogDV_8P(ohc-s+UWl=!?GHC;QZ$>@wv4-!i8!HoI3f}6{M+d&`uCT=D& z6VOOKPr}5~a?FZwRF;+i2e%xI(y3crIw;$)1X*&A0M_xxG`O)x&f7Y>$29YR2@A$g zrtcSSBlLnZojIR%(Fkctfcn#hM>U8%9DL_bSxdr?1NYP zGHEs?Fi*f$kN5L&DU3Q8z=S+9{T8>p6IO?Z^?6ZIieTdXrz#3nbqkJ8CS_BNj9}^w ziGeS(L%rZ4jYQF|Fw&IO{?06rc%!X^#%j!P?n5P68;{=|e=#ik-jQC==B0ejXlZtf zZBFus>Bil(Bj_T-;c(aX&hktr3J*bx?J~Wb`!cM)ww7>lI7pzdR%7Uk_h@+rU_tF; zU|L_)LT5Z7eCdER8v)MJ91oZG%5xYM6&+%$zRu14f<&HS`kSNyRPlL7qrfn|4(wQj!A+O)6b>@1zad$cmGmpk6emWK*4_p9?Ejed%f5YB_6s$7QZ|GFO z2PtNsb&PG?J>Y-%R)-ahceVFI@mC~;Fw6r@L%d`wz z652brfbJtPa63*UIXTYCRDHOBcfJM>;^XX$;TF_zU*)_XH}Sd%85{sIa{DNx5q$lN*1A)oVe&+IC|TdO57O z-WOPT#@%){9cLgP395gtU})Oug4bVLPTHco$d4U5b?|0yk9D{W*u#8-=z!re#E|b% zDT}6(^U*r4qgio)#$-~IUH$ZJ>UyB3(bfu`)3|dznh?k%Jx!X;dJq$$14usTgw>>G zusCdoXZ5pdvSvPz!tD>{57$h0mKh_)23@t{OUvS4jFrs$dQ;zsJ0&xJiIWCz2ECha zPl*Ax3qCo`EMr7)7!?~)rtrw#L0`v;+<+t_)f*R6;Cz5=W^9-q^a6|_TO*0{Jg=r(GtL99m*-&~7K}EjwRm&pidct`J^FKenGNRJ z40Ne;K-!>oz3qgzMAey)*SQ=Tsi3YX?n`PuDfPuWs%_-Io7~+ zZz-px$1G!F!=@oV$xc0x3JE2flr3GzF!?bm@v3ftdt`oRu-@vlFR>QsxpZ|gMQ_N%aiyx& z_5?`m$;);`CDJ28YFRaY7F~M_PTk)wGcvTl=KehpDDOIDO{=EfK9R`KDDQ>e-n>Nb zTz`AnhOx$=Y{mfr!uCUoYJqyi$@#i^@-;@VnCfX34A|g1JVF}Hq#p{MlVgiJFaM; zO%CwA(9igBNYx&K4%Msv+0>_;47tY9K#RyQsHch#BPtw;XY5`(fXij=x1-WM9Hqio zB^AYb%yU-8w4Dwdo|P(AoRYhylVbi8QoCk!56-m7JHEZRl+iV8DvHl+g(mG=l4}<+ z$I8~Xj`jKm7U^bX&BTrp5hTI&Q*Dg`x8YV9{ab zX%Uiu{lj!)a#uskIV$Yn(J@x@X1Px@TwZ^aC}{p(>e-&}NcC?)7^PY*kL3xjgwKpA zCm1+{Ls^18?6My1HD4O2K>L=s%#I5`EVgUvZ?M`+&U06Lx>Kt*yNBuV=MCYZa%)PJ z+)ptOB6`LiN+COz%KnT}{B4dN#P>jsZ$jxML)TqcEYyGne8xj{LF{YtlNr8y46c-( zjX@@39`CfEbfu7y{+z!@q37&g=_^A|(zdL$FkU`&SbpeMmus0ru&R?TxVj%QQhavw zZu08-;y`{V2UT8;lzP>_=c0} zUGm#jCi_#{-c90+XD)HI>&dXy#rqWa65NSs;oq2SY4AJ05l_6!uYHYIjbirJtIkZf zc~qlyIWKK>Cub6uBY`Sj6XNsHiod|knaKj{afEJhU_B9#>|yBvmBefv zDzWr(qwoa(5}sEAUhzUaq!|iK4AMGo{hAo){+bw!FiMPgA2x4m7{Yp6KHEedPRTuJ z8`9c9n{$QGUZZF?Zkk(O1RbxyJBe%7+P^mTKRXGpKPWi0*Y1^RT2sHK(;1dncG}N& zh|W@TiaKjNP`5qC){rJ(VkFP89dd9$JYaC$SOFasyOuglD{Z?54`Xwpw_5Ux6ZRAJ zDxgQL4teaSZ^g8;sMf)DC!~OW$UTKBxh%2?4GPc(lVyr}*vp-V4Ok~lCh`5$p2#bJ zW%PD^cz`iJy;%!WN9TYhS~`@FXm7y=+WO$S+PDD@uu~>l<|$Hh+(${oYxA2`=dxv9 zY>v1B@nkPGxvK%B?hcab3#_Y1ob;VUanztp#JWGqHB|4BacD^DK4o}vy(!ML`ejhp zFm;bR@(FU`b1wYG+D_zzv9?k!cY&+;SFi<@F#o*d9%122QbPw>+=RQ>Gx+}Vc9_b&8rzCrkdX6{+ zytcu?sk?DH^=7v#s~$Dh^i3zhs#O+v zpNvm&YyH4`!sBRsURsMouLo4AS3plzgj*%d4b36v@cSnSL6XXs37yy{`1EDjJ4+m3 z!X4*pmWMM9cws+4@O{28*705r9vbm;o@mvk(epf7F>gX+YX-|=Rfr*l(?J~?Z%@nZ z?-O{QjhC2N)d=coBnvfvG89%Aw-P6%ii5*gD>c@h_0{lGuE4iPSui(*Q)nrt7&$Gk zlTtIJ#cE~eUCNWK0AZX4Yg5KA2Rs^yQYNP_+&H_bz*fP~VVWu-FbJrX0%vxtY<(lN z_K0r?D$X|(Bl${G8dRHmQiqZd(#JDWJ5nTMm&0ti9f{qcmf-5G(s{OP?LcE;;e8$Z zv*@^Y|JPW_dfjzZUL?@4!j9!7w#jTGJ8ZtBo!>`c^diGT&fv*|H+shyDSO*zPJa!VTqc=vhN@MidI(2;+{R0z0vtgZGHT%lsIj$*CYZ~$>7lJiMynCqoPa2wocW|o7#RWy%#ckv9Cwn7TR-r)4*3cl4LvS zTbJ&%%rKIZABgmrfsaYC2GuD`je>2IPRm*3czCUv?ah{2Opsa&Kzo>knb9Puo$byi z(0^bdfBtySgsG*&hOti5O4+w)^1KQ^VP^*sp&o~DFF!lRAzGDUF8kvfbK48SG2}gSkeoIQg^gd)As27^ynQj_&TNHY4+pjRr4nU`(%hR-3 zPx2^*>fe(xZ`}qoP&5_x+F9rpvwBOhp${f?wA(zi*$3X%y{USnw4V_BRDc;OftTS& z3_cd@Pe@x38b54~unV|g2KKSaQ+9do*_6tkMN)yW)CqEn!>ZXZv0lA&!SVI;9^ajc zs6;#TSy&*Pw5FoBSPE1=1pOT^i53*<5o)Sx&sn{3-0=ALa7}R_&|@e*h`vD>>Sg=1 zTz{l4v`Yh6u-u)DTHnrwSbPh}EAbewEPx{nFr1ap*vs*vB`Fhoqiw-@GDFu%XBjQS zUmZ?f-k1HFwKoEAVJbst+?V&SFgIUKN15!KxT;;RUg>K~Z$;Zg3GEHhb?2l&?}tnB z%(F8NR6WJ{yq;Tao7c|KR|y@bJP%<0YXAFH*cdQ_fS65+U84D#oz$%T@rqHVW|C+Z zo73vb^9?HFnMliaz3NBD_CtpW#>AMha(f!w$Rm~??>K}n3h17UZDNIeyy+Kh6oU^g@4Fyz|WA4Ct-!Y2gRxkBc26XGQ zXe#`M*K}d2c{4-@x6spaVHy&>I$RvVD%G?4N-LD5bBiF%G|qlx#oIRBcc`P)Y2YN% z*>`ecxZ3(9ONb|=@&nL-k32oc0qa@4@2}kHA6jQEbL^ntZWT?6+qhIL_Q_QKn+-g{2`}j!?CpA zQwr*zH@tSugSdg&Pkl?-%#LPl>EY8U-YGCfT40MFIf?nV3m2Y)feRph!$gEf zAM5YUJmHaCO5q;e_z2!bABp!@)`AnWe240Q_UVM?e5gpBt9E1K6{-~59f#;`_8O9Q z6hGdYhis?ecg|8j6F<`#Lt&}KqZ4*eWG+5jPWTS znY_zr(Jjo@!)qa5Ro=nGM&eF52v<$jPI+6g0x3&IZxOmn!HL}Nx8!?L68$8xUPfVj zj0sd$mt7<=BVVS5%PPxmN-4w4Zw*gIKgDz!h_{HrM!sH{JJsjJ7V}x9!Ky9cquw*>vjw3M!n9t26*VTGvT>)TaD%V>e@o`(q zY|V8%XB#hq*j!rcxhkUS`qprNKF(APy{Bm`T?_W~ag^BV8}U26e~%U zUE`P-i!naR`Ub+=9ddSRzkjFJKf zl`~BjEjqXx&1C}&wQ&agdeuM5x5%Cp3_4}gX~m!n@i>!>YY(Rcy>bT@jSW64wYAc# z=2Vwwl{u)>S=wA%Z*2{U+kGP7ecOE?*uDVOI_NS&EUDkM%AYXceS&+`L}zZ}sFH+qIR^)Y*Qc{;suO@EKk;*x<>0w zyKVAoc1x|gca)<(&W;&0_oh;*V*#u5l$n*)-Mw17L4i#BMTSV`CK(YR4JpNa;yu_{ zt`NOFFYxmH#D3et8Am&R#wEwxEiL<6xV@+pdOT0%S zGcLB*?mVZq5arqKC4ij+Kf%`33UE?0A>p;@QGpz7(UR@ujqs5@gx3jB9Wa^{vv+}b zLFQZw8NQ^kKzsHo^s_q%yp?_xFK&e{0&3SYd7Z_-S|_c0B3}D{_{0WuwPA+@7?dS2 zeVPy%v^O;%b~A8zh@D{POa-Rs4Ki#n?2Pf1!D{@%^LWQYByMTY=l4W$=)l7~qoo(a zLuNytq0`5c4hIN7BG{J3BK>S$QzRbqPB{}!L z88_6+VKrZ*JAGJ1Po1&7EsRV>UaGp-!Dwid5+CYWn(wXx>p82D1l642=}fru;SQv{ zEHTG!y!XyZ)5Fgf8?CUo^uh=&sy$Q1gH^Hl8nVcy`y0g*pf52dEt(s`dn?wBRCxiN z)dr`Or?|4$jLXrHVAZ8PjlWMEPG?muR^=&WSI1J^p9HKf?QgWTac2azn+376*4=2@ z0Ggj>n(K9BU=LjtHD>trYg-|$AudaJpLE)!`v#TuII1-jbIKSe#ufH$$~h4Jj;G*ycg_ z_i|Wu!aCRx<_F}qF&k;bjDs;|E%}a4hO)S$m0eqC1FftzIQr}oVTczYyL<&Mx`Ryl_RnEx0D?cf0 zSEqlKOXdJO=?AsKM9lu2@96r|606SkhSxP7cECP7y#HdaUmAlhsjwK(lv~1-rubO- zGggq0Cg`!gr8)|kVKPXr@L7HVAP+AkHuH_9)c@%pm{(wykLNs>=ITB#h|7Qj4= zGd`bCdFDEtHynf)?r{7~{`{tRfx5Q~3!vS-&&7?69`+*RJNs%hZwNX2Gir+%aVZ1_ z5~`kyaIIAM`82gHDiY76K8E7<#ua_`*P2u2_7WJy4s= z)$rgJRdN|Yq^?M?Gt?efrpQ{3F7mbwi=8fXjwp6$h4C4b1=rs&YY6hioV^M0dBqIR zd>@aw`2pbHKzl?S0X(Qh3%5F@kT0F67NgF8A_HOrw~~=-rH{yU9yrppeu@|J#ogP{q|#p z$kBA%rZViK6#i8FVl{4)RJNv5>vd~5d{cpLl4vvZL#WRnexcJTqAVeC=ld6L(T%s> z1qg|!Ura^z032Dz%f&P5$JTs$sBrZ5j=KlB2V~wXbB#5)wIe!rs?p7(Aa1grDtg;E z_WpHswesDxgmit#a}}6=`HQqGzMGGVomju*h)Y2;Mixw-qPZN>e_bb389GSxA0sy~uL;l%fVjz2jZlc*TE5*AmYZr{TV|DY1&ZZ#n*VYF zB)3O8Z#$70Gakp|Y$(PUc4x{;ku*I?F%`+wMVvIgxojtb+7EFjoO^J9%cYlsD&!-j zyfS1QnBj^iq(uWbR3aoSuq{{R*_ZCm-=hI7fXh__eQe=L`)31v&P@lg3vu6O!F$F5 z!xndRsK6WQ%c!B%NU9vZ$fvM=I~^>IRynw|6t=R_33|%)h+9tZS$H}vsmF9leh83^IL1*`WLs`We7^LzWv1qNk*bg+bUNc>4(d1 zU+RtI2nW|GhFEUDMer4Elq0szEhZT%Zz@Mf*bwF+xWfdg!lrj$pwOwP)V~7r zu+Y2ohp^Y#j!jl5_t)#{aY!yI09sE7pB|f@4iGl>p`o184M{5|WIc6V1wcrWlh1xt zWP17WULI+FB`dod3{O_4FB7ejW`AgVqWvs3ZxR>Y<|s+i>|$rN=aU)IuHGNNBQ(!L z{1F|Qog@uWOM*hGl%!biL4i^;q~fljGj()28EHiM9iI}uf6HZGRmA=AjXtyfPjP^C zW^+>JL*JzRrkcS1uBd2JXe-l*gC;cjzjgua)G@^>ro;?RH7;}#TV>giC(3oVRi&V9 zqt;2BAQ;J|2!;<8c>U=9wl_Dch5L6}L%3x`j0w3bR&%~9Hf`slX`@cTgtw^e{oHK6 zvF*xF-1tf(@y=ynl@}os`oL z!{V7RXRZB2(ag)%034PffxW>XrNsK`>$a*$fq=1VdE&)n;UP}Wa*|<=fyB^ipaasd zpe{Sx#}D4!g;9E8^Nd(`%yRHE%R~|#M~d8|0wh&eV*PjOqv>L`G_#2bqR%xab$O1=x@e=`1g@cSS7Pa zu4dJ=*KabdBeWWzqn3DDkl4g($2Uox)O$xDXDB-e!-%?uTp>Lp6Qw|U_9<#Ell$wx z=i$9qr;(%LS(Z?@E}U(_@-h6xS=X^=9D%geh$31QR?YOCaV!+T(Q|AmM^G~-H%vSR z=S?^%OD6j1ReD$0_x#2V>Ld+T8z!j$fjCBph!Qaf26U%HYF=2vpY=<#zGcR!Bvv?) zhtPR`{n-%9`Ok~~T#m-@&D=Dd>b@qY$3Fe7%{iLy@4qn@$OW$j%%XROw*%j!k!ap> z=jvMqao>kdS!4%tl`0J{g^^MvF0$XWslq{!NW<1JU_=XLP>(G*vwROaIjJO!Ds%nr zVcqdbpwtSy6uXprR!T|{8fE$kF&%ihpEolX)WarI0Ka}AAkS#`#nL#^Fc3$3?jnq| zi`Fcuux#Aa0?(`q@N~zTcZG3ezb$*D`)Y9zd~+va)^0^`d)6Rpgz=cP5ppXT?M7HbM`Y z+S2wAis7W^-5DnSR_g$1q#6!lk(F&1ZhI(=pv(<*>jwTlQzY6DboZ*;$)6;@xr;w} z8L~sW3DM`8%3vu}7 z5ut42WMz>1($Kij@cmVwFhp*L#B{4o`uQ7^A30;|Jn_=V3ig`LP7<;C6(9+=Lk;Tt z;>`xRpgCes;vCC7wK{C#(J@243%HI}gBzkfLnS|RTq&dmTlGnyk8#=WI=9sp)i5t{{&z2+hx z^-jVo7%R}(c+~oWVdBJ>i|x!+y|yc^^_0#bM^~I(!ivly zyvrfO!JLfSI}+M!HX`eydqH$;`l>jFb0P)a&uTn~v*B!c^`79h({d}Lr78)PHi_T3 z`l5(+2e-U@w<469ulPnAYO1id#)+iZTgQ1A0Ikn^`Z25<`-g`rY0v+@^jLrWbxMaJ`*|wbUX#et7ySoLhi&>ZQQu`! zDp=|pkd_TCav)K)Z1zJZ7sdm_Z=`XnW6S=i>+S93H>8QR0!`u4TEaEh`x4z$5)hf@ zL-OyFWdI&%$;$?ZO0RYw(DBI(9D0H5#eGUKVUxVw6dH$=o=ovxSo#2l`&A~O6zZ6F zy5Z|CdgrgEjrHvm<$8JuKV>bXQl*g_L$d_x!ed1v6-6gr33i2^P ze_eKflP>!}G&RiWbkF(4xzK(9L8%IibWeZ2NQYvB2HMGSA=u=Ic{JTEMbjA*E3~v* zF`u6no-tM0EPdIUmB!Yz{Hm{HkHEuV)EA%zIv@r=_mK~IHWL@=na*dao~&pxW# zr)j{Rmx9;qB(q8QmE6fv+TiH}n#Ey;gIji+cO}+Cy1<7nj7HX3B~A4JICG=|gXA?Y zCpK0rFt|T2p{^noFTPRy+{F{G0{J)&HaueRn(a8~-2Ty*UOz+p_tQVm)0oTy)x1f| z)52o-$yz{TR5grs@bznlNmclf0gJlqZI3=W4b2~WeCuU?Y1=z#5&0llpyAGRVpAgDPf}b zf!wC>+I{FO>yuX?;kOxtDNtL?a+{6;I zgPh_x&jeHLeI=GW0=DT~{l;LOCfTSHIZX6ms?!GxaXHh`97Dsv>(iF z$@BN%pFhou%e$PV+_EG=pi%4yCjpY6SG?UFa`k-@SZwY#)7=?SQ#on_*IrB|aLSNg z0*5IYG_T^rgebm;-LOuf{Nr9CehX=iD)pi6@9GSk4_FpWR(*<0lSp;&@}a8~K&@q9 ze$&bEB~y9nS;fx_Ef4b<6j%CLBPNY;nUHTFnU@DiB=Q#gVQit-kWjz$Pz2N~7Z;Z} zP3e&y+rfkNli_}0V1Xq-c&473y-AR6+0v#fDwoS{DQ-Sap{(VkWcjm5^^DOco!G25 z6|TE$$sW*k0DvjA!#AF|Cr1K&iSbRq{F8vWuNSv_fbzvdctA;kwU~Ju=fl(cSdbfR z;h9N$Fi~<2Hd4DQYdiWmY5ZxB<cX z#m+}#aw}a5;=;>Q(EF>L@~c;vf1V(d{529LuG_83)4P9^rxzzZZVDA>iP1CRzpgE% zMx`z~JAV%lIpnS@5-&_?qmdYaa+K*gN-On#{###7f=WW)X*ukkltu=_aBkEICIj@S zhL&Vj^vXC=+hlw-P|pI~B-9T&|0Ci9oyc7<;Eff*MvD>bx48z5PjV#6$ewh?N=1HS zk}}OXb{Q~!u#{(d$45!MM5n&UBS7;OfIS<$r*a}`rR4$;)< zi3-fyPGWn_IBLeOzAAr!z>Og)cj8TmS3Cw{Z)F7K)ZEZ`)A9F59InQlgzb-utoLmr zO6KE0^W=J}yS2xJS&;f@Mrh0Yb*<>z;T;B#AfCtn!0ktk3!DusObQ7?I%)fFgpaS* zRcb^`)1Gn90`MA=<{B{g9Lz7i0l>-BN|#x~k{9!C@;B4X{H6MUIRiwH(hJaOeva7P z(9S~6--9=5kJ_Q6_t`KNp~=sfFK7hON>?~fPKVv^)!k3GqE`lZA^e9-zuoWoN4)Um z5);J~|2Hg8i6d)C12xrk^&?5c<%0#WC5zFKAU{$A+GxGA@_q&%Nx(8Y@Eb9uK0+VV z9G)l`8Yc+J*G?8w){spKI>Lm!OIoDNzZHWA8tkR%8YuVTJHJw47s@8ZiI z&oPNydIVt0Pss729@#RI@U+B~Ll5%T2e`C;_d=UYeYZRyXM~(UGP&B{>i~o|!s4Wy z4aCn65(Pu8T;84Tq+f5YKokVgXy1Jl5?grVx^tCUxMbz0C66D8&rZn&L@cDH+(rcT zc7Fr#GyZPWYWf$`1A`DPOO;i5NG|ssYzw{Al6_Xjolh=5Y)iQ^8sNu=1Y&tkV>PhzUcA&$K$yFqC!V(uRxuzLc^+VJFS|MXOd|nwKhsF~5=^si zOie`5eLW7pk?b?=K8l1yBigWpPTY$)GDsg)WyAC4YftCzhaQX+5^!= zflp^*n^bOROgu^pmCrhy$l|Fl0Qy^H?@NEU5t4B{+%xV3Qp*6}q^{fYRlc#$K*5?+^SOFS+ra9Z0`s zm+#tC0mrpO?VLAHgaC&uO6fSGg$$LmwK&+mkPpwo#1)_{8gXp?-jS@pAv<3G6WfvI z;iI7Kks7?AZEuP3S(D(hq^^9u$_i}K3ZoP@^+LYQE0>HPLXSH_Hx(P14bE`LAq;mu z9}bL3D;K(n$jT%cne|5!A^`7zR+N;Qv`5(i8|6OVSPe$+vbOY&onTPkm}Erj zE%ouXXGF+cQwn8XgWx%U!JzZfP(}nDf0q99WSiV2ACY%u0Kb410Apn54o@!ml4UQ| zYHLd9h$0CKT}WyH_2T~hTPJbvR3qG)%11MQ?)V_=x5 z-%RvWoGrXgZW&9r7%e$&{Bl`jV)`+({vjEl4$k-&RQl|2#P5E;B60Lv3OtbTWy-lw zZAaShPE3A5ZAZ$*wO$iN+>PT>tn#GHhS<-8cGckDY@~MIEHbNT0`%J{|49jyxj%zs z4qWl>=6eO1o!NOKV#IlXIPkvQepro#s6~;oTu4WQ1LcXH&@`x-!l-cwQ53?E&4c9&{>W^iesD&M^^`u+wj*-(^{1psnfJ z&tYy|4N|s$ywH`rpnS?jyM&|=v@jrj6H7J+h;#8{i4^~#j>}PV9k;c#-N4U^!vU0u zeFPw?+hW!UsUlIlvdieS*-ulF^nZ(g|Msfm)Cloyql#in3rBgZ<&O@@bP4#G!W4jN zEiUn((b!SCCKB|`pAmY69(;HZGQZ(toShHiSaktZ+;%iw?YqHSJf?-NKLP%?c_$c2PK%6eZo@DauGq(?GESQAH=^}_O zp+J95Sms}WE|uSAgMAe9t`XEP8o|qr1v65M4|W$#y z)#+2(zpn}!QunU+SNhf(RM_FQE?nnf$%3z=%2Sz#705q%cuuzvH}DZ_V8U}%4%W99 zu7_H?z_)9MBMvuaBb?`=?d`%dVU>!x_6L@`<`Fjhj3X|XV1B5&I*d4s^=|~>|=}>o|)^6N6=Mz7Mma!AI!^h|C-oG zc&sDQzULa;(q7`RIdcl^iU117w@WIg(3N{3S<`FLpKMs#ygYQP6Sz|`9AjErCG9AHlR&4sD9c{o78Qu_Md8G zFtR-Aa~npIU9+_8jwqBl(r2LF7`spn$cr2jjCqc-rbqNwk14|(wIfZC@SMgPH&}-+ z6nrj-3m8q#eM%s4xLXl3S2^t$qis0G=ultI@dCMDk5R9*NB>9O>iF3FM*%s9@Tq(K zN!Kjp)L$CPo&la^_+QV&A03H<|0P;sMcieBe(}{tQt$Ti5iJ!Dajkzl)cdCcea{8_ z?q=~X7S&Ve@~@#}sD29E)Om-{YJ2-rdJaqKa;(a-_5QekB@WzRtpN8sXO40iohqx~ zx`T1lRtvRJHO~@nsd+~VM^2i1-lU_io9O;r3}v5Cc<}$#xAianI(O^ThoVx9x_Sy! zNV4L_FF*;vpwW_Z4oGjdZ~@iF_t)#maTj^2#F6?5sE-7P!K-1=6P%=Uu1`PLe&77h zzEn8v}c5nA%^eoB{loZmh<#=w(f^!o2KYO0?DnmNOU+W#MV9PrPi{4!mtr@kB1^FIn$ z)ha*ZF0Hc;oVj&29BK`BVMb-iz%&m>YmmbgU zw7vXOa{wr`|7S{JEQUZ_m@zu-{kQjAtp|Lt=I1L4I_55JpU9Z0{eHy1ax1@2@n~q_ zw=Mer|N6QB+A7~tCI5SA$S9J1!W0|}310o9^+YL=G3unDQ|-T#oBNZL{H-+$#fmSFz( zRl6gX%LqCHsKW~A6mRKNZ@h7KZfA{UF{<|&E7rqAHJ$N0Shm!uGs^`AIQpCoc5R%O z(t{Sh3VfwZwof73_Vdj~0LASl%e-x|E{K#XV z3+T8yb7&R3Xx>dYrm7=L&jLNFT(J5YrWu9XPETI0H=NFz`}kZ@Y1g(COCbVuXWR+7 z!R_8UWV(ZPX|T1#MgUbSc`Q9VVCwSiUNzN+n}I*QJZFn4(DUmJ1ou+fY2;HtYw@1X z_0)f(vK{%6#Cpj8$;w7A(`hPoimk@i-?o7IU=`0$UHZF8cRjTHl+p*U2Esvpip$#D z$403sAf-Hw+}jUxq6E%V*x|I+)`vuzpyE4UrOgjV<@87A7slP@!bFg+xFuI3(&}~O zWf~*{?HrH)Rf>p%b$lSL`_Rd&!#Q$lb2c7 zgG!s~ZA6T@5_L<7&byKQ)l$U#7AK6XB458cx+_`W`H?I}S7{iPsu-*1!Ou^mnF=uz z0gHnF;9&lD0G7A#4;}Ph@_JZlllYOt#eGt3`CXDoXSRoM?JRPjz7Xhv5MA@#px8Sa z#|lkUdv6po_{q<}Lk!8eg?Q#8BH5HTXrs7#i?#E-60qF>jH=K>qoMvN9QHp2U0h~d^bh= zK0APRm&PW@<+>>0?c>dx5go;?^rqAUJ*P;1!CYi(00A<1ajIYa0S5di9JKa;M${xh zhFZ7T;E?(Z_EnqBhASp18mK-&L_@S2(P>U9d|lR z73{tqhX%P<^)bfr7|^E}yNC5ew*3r9?OLJMYEQIGp-+jQX59O!wDJD0s2s+~fivGx zkF*M3P`a_WidXgnW!dx~`n>Kc)po%dY0t+#nLh(&0O2hWmCh;>=dTyZkNWG5ZdvAd zk#7)gE`UP9b=!8h&QJ_Fz%wL<`SIEhtqVv6sTal%SYGjI+vAkqU@D;j#MODaWR6mb zHf9n6Z>V=og`Jww;`;W7U34b(?USK(tk-Nf`dH(OKwO<7t5cq*ZQNwnQN&QPMsbgo z@V4{lDVlNI$&`tcO3!2&D~Zd>4Et!1W$RjY=PA#O+6POs%L6$wl>@v{VCwSB+{qVaZ3j5CHta=r%_$ov#Q?a}admYI}*{`hIE%;&R z5ml*j{5$V)pppn&h3q6_-)a9A@K>@eCL+?vtra)mE`@C$(ucS z-q>|MJc<#;B_b_=VyD-8s#AqF;KYAGD_2bh5TSS;UC2 z=TU_)sk{+O>$2cFOu-5$i8W~#=(Fl|;{uU5^28`MK=^~+aeenPy^=W&la}Q?lpyVR z1JK^HfIO5|&r-bp)%naeh=R7*XNe45hI8~)&!^G+GKT|@KT-70^W5fZ>Wc$7|X@swY{(zN1D$vC;nj6 zFCpkJ?RsPS#(CDu&5(Du9JY5;9F$wF7E@&Qw-#gGuvvUF(n^{}UrtE4!mXWEtC*)* zNcmOK$4@$hd-GfPKwAP|hDM$S-_M)CU~^6v6bGf2)Bu#I6#yN_MlrGCwV>S+uWgF~ zq;xcsw0FB#(d*M%B(7r5fVW_V`7ZKf+)9TYU^j23*caZgQST%Kq*|W{=29a zU=%$d?XYs+~lFy3MwDzc-^@jVb59LX@4+4ioitQ}lokvId9 zRq#2#_WeYK)$Gov#}W3$sI{X`2H=+5NgtBl|DJ#9aNmJv2K^Q5f@m|1kXThgId|_t zx4ZQnQuX?xnAqyD6_dIJUqGGU!-ZsrEa@EfIV>dLCH!o5G&@3t-+AxKV#sT8Bb0Pd z*vFSZ`>rKuz;5EG+3?FyPa!*y6ojPcRyy(F}AW$ zkA~kh@FK%z9*Ab+3%VEc^e7gSa~QJ=HOKAUC*scb*8##v0up$$?3mX-(;CbN&Q-7E zHA-@g2cPlgt*h)4@9|p&zxw)&Met?1+eAErMp81GDEaitx_XtAJ{&?T ztk;#9RC+Xa`ete7lh)0*Mli(Z)Jme@mY(E%_cPqL}t^A&;%L)X~( zI7r8Qb*Wui-*E5iF>Tm8H0?vJ_0-<#AmB+?TRuA}WEj%YN2X+Ovh0Zb+G{p%al_lt zN+gMPFLP<3$h_bv_jntoO{P5or5R~Q>XRKEEL5jJW8aD&!r#UcO|xE?tRR2~j)k{msvA@CD6- zrR(7Go4a!K_ME&Ai76t}(}X}a34IR(%uOS)$>tzn3RYp3?U_+1{50-f(!6-f1ASk& z8xHMX`e2=}{R803#rJ)ve4!WzbV-iv2zlRTD3?L-YSWY!gPvf6+Bu4q_3jelURH+k z860zdQNg+qgUE_%a2X;k?CizKRbMI(q7? z5-c)YAq2x}@7<(ND#M51lI}Me*aO5*oo{) z6lk|hgDkUnRZXlozNe_PMJfC3Y`$9V-6Zpfnj9$z7PK3G!Be}+zrWFx%kMVs>Y(%0 z?2-f1^`r0`MUu`U@et$5o+yqJSeFNOX;9LA-j-sKSYl9GvvGup1ZE>W($=RsX~1)-m~4CC02cu>l?Hp1)J{<%BUDz&-$iW4VMKUVkXv4VZA*}(W0`` zN^UGn9`c$7!zcv){Z^1_1|0SVFDwYI086$rot^+6r4f{GjoO)+pxk)_1e( zJM$xvAE3yOmO+u_vfgwGeGz!aJ~};+00%`TMQ!h z7x(B4A+#eSae9;o$&Nm=C6{kMVAQL$r&f8bTk&vZ@49l1kDBYsPracDyRgs_cc0~ujhOQcqpaSMG^+m_6a6w$o{o-VPxK|D%}hV1BbiK1YT?`sh;@H)d_rW4ySE)i3L}!4Aq_b zWGq}iO}rKm0+6>E{IbAhGg($Gl9^^viom&tZ)d4d+q`qZ*V1~?^c|diTsl?GVm=d4 zQ5v)VG;M2ZN%BIdkK4zKe&z`-TzH4RH|r#_xxG=`f-$-wQ?&lR5=nh{jGn^-R29)} zbtkjyV2R4IpZ-q2K@am$EmPwN86qV~>kgw!QKgo|=+mSW!Gz)-di5by;i@aa6bG#> zVA|90i+LJ9&*HWTvTOK161^wQO%%T9C|sDe`eo zi3@}X3|7Qr3Fj>uf>?IMN5}Yx$EpzjG8pQYkPse3GUp4M{!I&@N_CJBraY2wD(mVf z$Ljz@ARt@&Qt4H`QVxGM!~jIKi?{YlO1U`vq?PiTgDBY5-26ImKwdLvI6weIRJ_m- zEIc@yxre%LnLAmyO;bC|ExUZX+-4|a1WKH`4GdAjD(&^1*xgssml#o^ZX6xbb^C>fA9L5hOIav?;l16(zZ*WfOPdZuIC#O7l$(`_{r z)bmRqfvtegh%C6X-&7L$i;Vr5H0siNwVo{ehWLfh9;GFeK_y%x#1?Kjf>GMNM&)YA zBEj-LEbKV*=ed3g|7hVx?OM-(9Q0_f%xLMH1J!*iUR#Lu0 z%6kO0;cnlny&x5e5#8Ye1NPl@o29{BNi-g0`XdxsrX~2vWhY?->V+Yl={I-S=3n0J zoS=e&I-uD(uW40a6Jj&|4OSbLMU(sRu?)GekKkKR!o+^{=zlc^9AI4*h{OJktiI8s zsn`keNyGZREl$fV0xn5x3@66dW_H+cFn-grzQSepUAc30?9L~0U@Zspw4cbdPL2vn ztA9O9LUju7a3mmzuACN)u`a6mzOyy;;&3rT`jJ)*-ra+0@mWA9!>fUwTvYLH$fdJD zMp<cU%QK&Da^gYE zFJ`2Hyv&q^&T7l3JWta^#piql1fI4I&ERNtfv|hVHo|?p+7?T{JOXQ=o=8V6 zuiGEslH&k;vS%tuN!7XKSXSb*Kh5r`DUDe=)hbzoxqhSvC=6XyQi|?w}tB-q>c9s6vfJq}L(QyF^a6 zFohR&W{JS!1O?ZfkWob-m%DX(I8%pwK-7_a;G2o-Vq-CSTRlN-rYUQK%lYy#J|(;H zHHL1r1};s>@G7hqmG1Xzh_`IEHSy=6;&nK5!pIYz=%gViuN7ck9_s6xvIF)q4lUn( zpm|R_TFlJ`6nw?HKhtS=)3O8s-F^!!)N*OWkW$b^M`wMOw5oyIv1`r*oSU|R&ARvT zvR7WK*F0jJEHQ1rq%)mnWij_2qX?OJ|26OZGn#6n)&Jp)t36HWX+`l(AanPG_oK>)mHD|b>I(7iW8(qY|%~Kiu{qmJ@F5;_w#2sSvdn`LUR5{G|nSypJy1TAs#1nNC>hU4&=1wX=RZ#iEjrV+_5k9E-$Ze9<4{AC43DM|aMwnvvGp zuSWy=E6h6p7X!1{u9eP(Z?BzkkYnwRpHh=ZqQ8HuDa6+(&dH&EzR;zf5}N^7W}!8tgkIM-(gSR6<*L*sxfJ4CY93mAuSwi|A|3OY>OIid`4NkUPXiazHt zEpyGmRHsgrI5h0O8!U1QB5If@L&O(ptp_ksH@9b#HfIlpqB)*tS82VZIf{mir$C#J ziBG+>@n4vp@6wB)GL`~)AqXn(ujEmCPfNAL`_2?U1;(1nViv)Yw5SyTfi0aQn0rjQ z<#eUu6DxU-{`>p!dg;X%F?4ld%JWj}z?q4U+Oxa;l^OiuucXw-Kw9F`s-@tyKhKnA z7DB4qS+_q8LfQ5=lOrVA!;*!mFCmBee{HtTjak-!-0-})5NRdlnWomXuDCVv)Lk*y z&MlhE=xf0g)M9aOn}ZnDCeJ2Z&jsvoU*$o)lMWARpOS&{z}o{$Gy-2_-DfIl4w_5a z`GgQ)mN*{v29*?2C%IJ-Z{2B9_#If-hn^c)%Xr&&b$;#rpJ~3$ zB5zVH`onsnWjMrf zUV8A_;rq0f-2f1VcMGqJC*Ctxv>Yw#GERbI1mjS!%l5FaL- zHXOPaI}d0KZ&grewI{PjOgc)38;7KL5$2AhTa~x94M%9e5bel25JJ*`(#*>0>mQC0JU(Uq@ct`=<%~{~((9&`0`CjOi(J zp@|F%i|jRG`8GM$E{i_P%`#OJe!DHJuSX*?375JFm-y6Dlg+*zR07g!)_u0&L z;`AR=lzKtQ3N)Qt-!ie8it~zVOi($T$8%Yq^Pd#@gXL9xtLr~@yV&D`!f}03m3JH zglR?Xy{QoH=<+qLu~JKz>*}G|Ba&vsgkSVv?(^i={U(NbW!OK^GL1YKQa>ncV%Z4+ z1+iD#-}_lOUZ!A5Bk}612%7lj)^u}FEB*T1?q$R3e)QHa(mrPMrN=k8Ua-I#HnUyo zT$cyhX-(xszcpj_yHfaMI%2tJ%N01q1SiuLLOc#!mq```j^v72${zu-!aL=J7Qljo zUiBSH^reeTmH4zMT91Co1#vJ3QAGU+%ODybv7FZK#M4M;5K|)|BTGE5=g$lmG_llM zEf!eRa0u*dipJ#SORYc`e1I54BSn0$g3&i+=v49Pl?+^H_Xw$60-2dBW*Gr0Dt%V@n6b?Rb`%;`EZ(S{s{z!_u%kU;&T`hF4SuWt;@DN-lMw8)9hdc zs~48t@pw|nWw-~O>xk`yeoSwY?fCkO8E!4I`4}`=m;Vip^nnB=5iU># zkNfP_;x=ZU$la@=-aAc$9*x**E@`e%TmO`Oy!-NUF@8%9eGFp^Vg3t#FYM@SoTS2 zb$L}Mfp36#sMdAp(o?rOR&uT&?KXQ47SL+P7_EpjX3z+3n0tMa(fFg_a!4Gfho3{D z-RM?E9}6rqcvV4NQ3rukPbO+qK)k`<@KQ@_@&N`yOPV3} zSOAr(8UwRY^s%t|)Y&37_jmYj(m|QdvA2*CZi46Wl&BkY+)@JQDgIwmm6?h|9nLEe zl9|%2>~j3Xg^0GS~D3#2Ik9%|gn0$t-QeZ=`((8rms5JMj z4bXm5aI}Q4x1}y@9z!SAnUm(XcJm|GvpcdDItEYW9 z&UT+C)ji5tvpOah26r1i%Y?LXvhhhVRN77OV1*nwa9D?-q6|xQf|_>3NY-;S)H@1j85kaq({A{^Yl<$V!xU7e2HfJ^2MIdL_6SSJ( z#>ns963LvX=DUS)*ToW3AG}&JwjM4kuH_8oRA5Rk=5j(0h~E#UC~AJ|8+ybs0SOe8 zmW_o+DHc6?if+@qJI@>_%3N3^lkY+qcx)g8vGb*fhDeajU}S|I!_G|Sj+>}?hpRw` zBK;x(VDir`dfJZQ8BL8C*c16JK3=Ayk2$J*EEp9KO_cmL*d-!&uIyfn+H))}(g;6} zl2@*h9Gq?DcAtXgM2MvUXojWiV84DNRl--dV_HiGsK%_UK9wBg(Y=o#`!Pb}(6F7l z<42HLH@?+qRBGWS>US9ELuiRV^{uGXLN&I;Trp&=)U&gh2jrAxbIRMg-)sAEQ`%(>(>AeJp9rZv~PD(0tJS{ zoN%}z#l$qv_ta%rT=K#~ zzeK&-fnza>L#LxVUE!l^#qLr^-tmC+wu<7w9B<{M4lGstiM@4(QkuQ3xVfO*2 zHdnBV>un;#Jxk>@uKCVbHxIP<0r7nv`D8OGKIJ8L_%j(bP#3TwG$t9`;5EF%pqjdZ zmg8iWyLcVXTo4Ch@J|~b zLLFl+PM)Qn5h*jM^-y{{kyjP8L2rt~_t^nE3GJej%2&Kl@tk_Hw*;${iug0y@`KMY zPnd6h_KHURpoQv;3lLPi$j3vV2{GPoD0vjA-jBq+$lez>C>cnqcvqfevPs-k1PU;! zR{C-D4s-b#W*eMMWh>Ww!}QZ;y%RUqJgc`lIH?Yk_e^lKTyRi@Rq zNd-|2kNgsa?cNE10QXnZ_bq^Q9-#Kmv3QTR_8v&v>2+=+uopHA0DfSAwgzGV){VJ~ z^g~@*Bo7o%6FVWFfJC8pb`-U=vt!Mm_;zc)?A~;DGA~8htJy(3aT&f2tUlQ#FkV#z z+@UnF>I=N6OCZ?T={nuFBi!XwNSP572e>>}b^_8CFd>6%xB`$_e$q0%reZko%x}`H z(vd~NikWhY{&vP@*T2rgj)G~G*%`oQ7D0SC4@r-yQcHwllnE<*8jui6Wp+&6c=@(7o% z=jMQaEUhZf3P~IqOQirOWhZ5#Bk%LHy6tXM%HAg_G60~bJLybR*u?|h`2A+{lC9DD zDS(2+$(cDpf~M=t^EF^s>1OADyt3YsttWX4cRyNmR)6?#;jSR^!pnla7>3CQ71qz$ zy!h-4Qde1~Y9wfWXvrYc<$d1QEe75=X3zqk9aHY^RPsJwg`{9=X?&ez7H*a2IwNXs-zE~=N zJm+4Ry}Xx^N3S9GdTDUeN#MehtFTMOnum4~oSTp3HgomMvqk#*I0Hx@U>&C_3B@~w zmB?78rgx-ea&k9UreOd`os=n)qvpnVjYICDhIh%9$63AKPc;QaJjh@arA;I*_+rcF z5b+4;#l5B|wlgaX#&}ky^=|~<`+vQf%hCEgz`XZ(Xng|=K6%j_8|8t7{c5}vbxm8Z7wHQga|F>3O!KYVj=#94nRk~}N!yWv;r@lUgyEb9-f{GB6;;^d zWrC{+haLd~Y@t!UR7QW;@stL;Fo6`SK`*2YgXliZcN?`OOS)~bSUx%L@GiGmBu)mT z37VDwXagRAUGTX491s$uAzEyhU8$uToaHqprsmV(c6~SZUwD|nY>60f{oZGrA=}Ql zLOm${z(^@y8x~c2YZ680GQZXGx%j!eLYu>Pvan9wSF&=za>e>n!BY0gR0rN8BigfU z*v@e`$@gqb-S_FZExHo=L}eBwH$T;fGiQyq zQxJrscCN4jNR-%NeCvpLVbmcTZNKb3CCdm9_Eitu@Q&cUjhCXHOJ6fpV-<@U2x9G# zOif<28UBR;go>Od?nyf@*7V_w!S$CS7$nzT<+OIEiq|fY{(RbzC}61!ijco7aBado z-rz*wE3VS`# zR-HhxkG=2L*rmTjV2}8ztDZKb(>-*R@6T4@Tpq|G*LeYHohY}h%;YcT6q)*{r=BT) zb*o}rbcq18WbE#GC``%uC`y^?%(z?}R!Jox!yo&hBzf1lwrA}rqNQf-(V~Bdr^B!T zq!fx3uf|9)SyXZn^f94{{E8i&yc938H%S5Vr0&b+sZ*Cq*xs;80!Zl+kfM~G6*>m= zW_OL*L8ETTZvcoCaOCm-HGn*3i2mUZ{qz2;7OtVcmi3Bq-Hv~CI{)k+exKOy6Z>Z-^V^U8v)l4lpZ&jZ zVr;F=K@62^rDR|JO&9zB9StAxQ{GJ>9=sRRqhz?VviynfIAH!dsjN+11`@kVEB{># zWpvCXkKA+2m2663I0|)*5XFVZ??tl4&e~?f=e|?pKCtKoVfVFDrq+CEN z3y^=0>HZs+cJz|Y!~O`S__e!Wb^KdhWjjU-wTVCt_txNFcX0pj%izCp0mz6A9m3xo z;e#tLPaZ5;;rE06E7$q^#D3e@KZ7B^Z{=@4_IExbI=`|1^o03rG2D4?&|wQpBq$VJ zj9>LK^3%D{o+J#v))6h;VTk~@r?RsHzL%(SijskljG!$%mN<~VbJDC^d(<)aDf}NY zynmezMoyjyPZMP=t$=+z4M|b9&q;lS5W#8EWW7Z8M~kYAo7px7GrxXhMh3Wi9Rz9N zF&lio^v~4mzsd>a?MWOQ4pTFO<}jJb+e33f6>smcHwi3$y!wcd@+`ohHCw(FK4H*Q zP8hV)M-1A39NSsg{j*3bIxA~M*m9mP=yUt8h>|PpuX+`VY8;X5A%R(t(J_Byh_mEaf)=XzSEQAx7JxwCa+PuO*G!d*#?hPfKY#V4vi9)5!Vv8W z#=RYgxpg8wCPg*TrTh#}1J~P~yS_O>LHB?d>*#bw-lyup+U@H{_k~gFBqJAz_-~T^ zN6wT>4JPi+Vg@}z?;A_a*DmnK>i|db$P+mF^Dq&)W4WLA_fL$do8`YUq7>ly8UXJd<;pZM&mW%(EamebQwo>&wK`e4M# zx@{Is#H*QYW@nU`Pp>=2kF5*QsFT`vX*8dIGUIYR*zQ9Dd+594pYo)xQEPkO5_!<1 zUT&q;4)LuC={Llu2!mTraTo*D#&7w+0&5;cfd_a0=dpnM)qDrwHn{G$TL}X-)}{6Z zjjQjCfh&1uuRY!R`01$)PcUE<(4{X#pxp&JAmev|CZbRpe#MA2HCfjTN&Ko3Fg2Pu z@B<0=KGH;wGDADWq+0A$_^?uOyq291Swa_#u}~q zS7ZOzUdoJ-`e!fMCB&XI_5+#|MV)&sbXKj96An9SHM& zEF*p22!|fd7VLOB1f<|vpNJ>(cj*Vvbd}2oQ|`eGr~)kPuU?w$@2_)K%{An*9Smma zBZ{-Xiezpe%&(%;LC#8VlS^6pQpZ$Ykp!uxMpeLyqTy`6zVVC+7%>^uJ?%@qZs|Kz zF}t;tAhd;TfVp|hgB?1V5JKE{XX_7Seh|P!B`E(}uA47pcAj-ccel*AjA=eX645@eUKHQZBjX!B;OlA^sdiz$>&p6+icy_*y}obn1P{?oTOk7M zfXU7U@cM-U+zhw`XkuRUXXIgQSxtsex zo2*r77kl=f0PWUkW@rQ3`iJ6MR+g3!1a^&ScfBCS3}+$dPqNqpjY%rM)t37_r|zuv zKz6L_a#8dcgBqXsV4n<>RGL+X%<8Apz_(}Z2I;9)=Ms2m)wu_Uba+!qI8}OKv>SR{ z9=8h+b+0ZFBrLH(MIpWt@uOYRCl)(Cz7h6 z-s*VmwcK@O$9c(~wNyLxr%4)JQ5v-tlEvo-mrI{sPJKXSx_nyG;iElvE`m>T^rA}Y z7yS3{#vx`q87=b_dPQ*-3*t(0V8_m6Iwi$rpG2qv&Mi{7d%nc#siubzJ@1=G`iLPJ zt8kY#`BwuiB|odksL#*4DBT59%nKOZ#VO>uVG;wE0K>iL&Fc}79{k}n1J}J=9-udB z5g8-gk;93pt#zW8lkmyc;JMupMJ-faL{JJjjfvs3)!qN1{r2e6T_GdM={e*^d8E1~ zMXzjKQ|EWcej;Q$w`#YwHVH*a&=;gCrPhJcM4&)lC)%KXh~-PTA(~E6&NrbSo+6_1 z5ABLP^^erqByLZ^jU;F>7QHbw-w%KInfASj&Uh-(o=Rj>h-F)g^0M5aZa>_qguy#GFt6|#$67PYvFL0rcy|1 zl$#NR7w0$5RtuTDBjb4w3U1FG6FvT+j6_A+L8bbDd$ysCN zScJIb${gW9~M+!;i*m`1 zG(%;_zrm>mHh;BmqRa^Im{oxhqStfJ*zSumWtl{HefAgDO|^gVC`r4W##DqwqM4B_ z;VQ?-lSdgd35=Uems5y8@6d^VF`Sk$>~t}7$r6O)&r#h>mg>0PcBi^DYd5Y%GqKz( zZ3ns)Q>my^YB!}mHn+EKDMNKvu-APd8ot&4QKd(W2Bye5U9X{_p85VlW4RG2i-cz= zbs^=5i(Bz6AlB5pxN%$L7fHI0z34Pj8sFtnk7pU$YGT_g2v*>7iJ_bwhn*8^z?m(7 zYOnrQp@-il^J)t{KgUa^;A17^^OlT-C}gY+u=0-guRbPuPQ4a&YCr_Ut@xqmwEOLc ztd~f+Hhb<@tbagW*enR_M?$*3-X8+jZ z)P88bjy;|Y9lO<*9H30{WbG4bZTcW2)MoQZV~NDHT8xHv^HlW^<~qu(e*h0P3wj+^ z7!0Z{igDqqbeWey-3ja=dnZwBruc3#zR)fc^~l|om9>a$wG zv~wsSQfT*#qW-AY-p5r5AKi{b?48;XC!E`r5zM9?HHuxIv10MwFR=1qT-0cGbJ}(A z`JBeAguRVDl&x8Nwkdr^_*bB1__ni4xa(F3Sq1$=m(rz0jmki=r2gs#BDTTE5n8W*iU(FEI zE`k9tSvdQ&T0(lh*F52rc&2>V2V_}8$;-7n`x}XmPn8P2WbD?oHt(EiynMsvVZVM} zWi3Jv+tvf;U-(vZii~PxGNDPKYqZA9t?_WOg}k$A_MGR$0TqM&-D_B@ALwbi6+2sY z3A6Sn1NH3i17voF){^{nLjOTIH7lf=k}wvW%C^ZQ_;?m4IDrBNMX#*A&_mi%6HX+Q;6tCH)rAjP^F=ufv0WpUF4;s&LPfFV?2W|H!nBcWo`D}7 zLe-yTOG~L3-at!BV_pz|uTm2pDi(FSWK=G!x2m=k?IzD<5HjGiHYIH_3!^k8Y<89| zfcIQ2)^cB)6q z2tIoCGo@0=$Dr-|pDgF8qhLdpk0Qmnp@uuNyY*6-Ciu;JSVW5&RM!f$^<3pEt2!jv zG9Z03StYJxier@y4ViU^&ei)1B2e5wQBa{-Mg`m)@NWe1h6 zjKG*j%n>|F@jN1kA^t_L`a&tu<rtzOSHMGhE2;VPF?->=AEkRL=-ki2-@h@nLgq^>&|uV4DcdAdq4+$!(8?B366?fOIH}rj4Zvc6rn(!!palMxH$6ac$GOY6XjkT*nhf}M} zdf9^N!jKyrF_NVK$cXhQczVxP83rAoM#l!QBii!pTHz{+^POB{{IZvJCu(GQ+KKB{ zx7{6Kv~zxKuksg^l-HB>LWwG4MbV$D`P+PBUAz}p(4*QqKuYFQvGv-DcT}#+uMFEu ztKxvZ)M3D$r9yjXzR|_4`p2XQFkgSl>Xw;)x%}WZxJgJ`5m)2Ho{)>;w2;)5Fmh`I zJy9*S>(i%!TEi`DV&5N_?qE(s=LS$8zwmSdtJ&@i2XjAfSS;!cL^x)h!RP_8izj z4`exwHf)g0i*5p)ufB6DS8GRiTc7TRuXurgp;tEwGMLdal^uBa#jfvlDfdFE^UuAs z@aJR$$uNoatSyVU&KWk3qSD+2(TNff8{9?f=ZZbH{fbZk-eL5L$ZFt30=ED3+xeYD zmmc3I>n*kr(O;7RyGeG2tT|>|yIch$Q$GwEM6o`;VKrHXxvTb?sWu5l{5eW!6&$BG zitfH$Op4fcB^Uol$hk_JKHSrmH`<`xi`mGGXQy)Nov<)|YvkI^ZMS!LvG+jBlaZ-W z68I1+N$*sorZRljWG&vCg4eo8bV|6s#eT$1rzkSqV<8sbO1K6$9KI=6h{7d?tEa=i z1UZKWPG+oPpZHGq;#yM5gHli~i|LXnrjq(Nw#A)QH-;MKN~_xPR;<^8H_~d&;NV~Y zSA+BbCJAv8h1e?mg4hsFcmDfG8#F5;&1IxVxHwJPqgsM(!7nk=PTD%ALJ8=J^EE>@ zV1ErP91Je1twU7qAsI)^&ikoM;6@r9%e4f2A%<3l&uhDIuaKzzM3#Zj{v8bM+}4YF zq806qQ2NN1`iP|lBQ>ZSa^gY)f&`n4#Tc)jtueSOGrjJXc>`aUJ+ctHkkrsq=b**w zUbtOv8<9D)hL8}!`WnLeL>G{iRw_WN%cKopU{DBeDIjxnA6h7eJ*1BZKFU~3o-uP5j4>9wNfjL{$TSV?Mu38h5^K(LY+oDsjPmd5vjirLhy5zurxT9_46 z`yS5w_Z3eT5r0QEi7)8fn1=SqbLhIOmkxMRS>tm;3Aj8qnYvw1jW^QidDqR>e-s)@ zHI*8vTvO5Ah&Q5Ohq%jU1cP$lKbE`SPi)bh!;6tVVH!+)anwKLI61xwsZwA`_k&QeZ{ehmC>UCqrb zW4Pf5$#2QyA2_K1gX2-kKuZ**@WVt4cf@jX1Ds7cHR&L_DyPI; zDfkEF*nD$v46q~5W~|ODf1B4l@1tsp8lao=z6dh5@7Gx3AuB$1K5{SeRjQ5ZwPRxT z&yFOwBf4+KC~dbdhu_$E=ZX(O98fR`n1mRa5?@&!%(WZMN41K9+9|(j^=1YGo7oh4 zQbf*hRZubffJ>;;zuHbn5p%m|Ob6{f^ZxN^oZ`!v*H;Qs*7uTp`by=r+5MSDfr(A} zXr8ImtN31qf}K@l3yaBW6wscF^zw*4rVf`wm)DhgXy1@73^ml|#_T<<^W^K>c2fez z2oL77OmlMH94z_S3>VxxxNQz!xaCpVlL22p#oNG0#jdjXZe`%Q;Hc4JkZzA9-GmEz zjp(zOju=|%Yhr;btZYzYz5Cp}cfECWE4-TaFpy$cQo zg*y&9FIIH@>u#lN^-Mxfp+>20WlF53o2dQ~EiPG6b50l7r_52&(sTIB0%AY&o^CQf zn8I|NI{t>V_L=g5KPvblu2bB41v|BjZY|>bwwq%rUUAO8e!4uAs%ouBBX`kIPIbh_h_3%RBcN-WaOY=)*)WX$?NwG?p>gttK1hEUh34 z#a!Fy3cQ3Ab|o7G=A3Eg>nbbSWtcNcYenE!`nV zw=_daONoFq1JW(s42>Y&-CaY@00Yc7KF@x?WA7jHm*bfGX4ZABIM+#Ij{8G=4SJWJ z`3d#=lqm)Ix8p!#+g2(9gIzHJsL;Nc-ck0NBNDMImCUJ}sHg ze-m9^X0=v!(Ejm+&t^TlE1nw}`Z$wi39Ua>bBeT2Yqh|WXdAn7IAzvrx?GVL(}7qu z3I4F}c7 z9@l&okd-AU;*`G!=x!SE2-9$WsyP8`Zxl(v!P;(AxgSe*%1DJWo7qeLR0DQ&%{3KZxC z#%})SSOUI9Son!wHZQSU0U%Cvb9q@Y#ZhJP_ZieL=J<2pwyrJPpUCX0`D%aDFwTR( za*^?N7lehytak*p13>!ZU6hdpApTB7)trRx%1v$0^{DLu{^l;-8!|Yl`ne)7&7V$e zO>7QaA?6s^Fb>h&Q)W(JPQQr`=)aj4v@=iYz_h=p2k-CIVH+!Awm0s#V7LFc2T^eJ zdoeo(HZ3K5gR3+)21Z^2%J!rc#HNpa2cFiBz}QvBtCd(`CMrX~Wkn4&W#9?= zmPoegzW?s{_E%dm)DXsH&%^qPs4J(m=?djeubJKeGFRB2|DIkN)TUpKA~90A~Z0C$OZ|>x?e@)voQiPO+O=oLuw{^H*8*e+9!}#^PkdM4d3fw z;L&a<#{svrUkBK$d#V49kBU{8L_1jvl)xaMcpa@AQCXdgtePAm$yx$NpQy7tvFpgJ zQp3_4hfRG7=c18&tVOLG5TbmqHxFprcW%!2n3&z#aFI%SxnUD+SCEbway+H8qEOru>n8Xa+ZCGLbMGA$~FX;g% z6V5wfHF?F~nXeP4^1$#e0msF@#AexKu>>=84NiGjvV-u$Lu+{OHW=te&k1? z8|Seeb&xCjy%)2+&TPKyy@gj}KS#Sq_=rp+xo?KVm5$#Bd!p=Vlzwux*23|+LUl~V zxCdWC=YuBLkCBg_6Lvekr-w*>>uUcSIhecKJPSSHXRx)Y`C?x>0Pc(V?bJuYt=eXDzv5*TCr2ICXyRgR)PH=_fhEn3Umsg;RKXF;B zm&M@+ld{+S0rDeu8f7|o&i-sz$h%6us^7Re!SV!|dF>UZ!M<-UdhmfS<+r;8Z0|-i z(PIfBku#||uV`^S9^@>xd!e;&AYnq*%{!ki+KKGlG2LmYkjs?>rcDF!q)R%-FMZB% zf%SQOfEI~ZICunl&ino_nv4wt{hUsqE6L;TEe>Upy>pqziSb=X(U31n#oy5yv#|rQ zKX5OScQlGmHqe;Q%9g~`LE`tp07}+Ucx0K)MHq(Pk}S~S*j`NM7BAn+mY{x-Nb4`y-`eWL~mQ%$+`?)_!WzHufTa1 z-Th7u`mGw|b-GN>pt5H*2ng%|S5|FBF-IvZ9g`xC6hq|eS#IXPI*AlHGgUPnAPkW2 zn(%WKg;2jLdgO_b={tr88-m_kQn-&x?897mpy{K8xN-J8FzF$i{P+%8(jZy2)MVto zovd#a`UK{2Bu?QByoZz^r=J$U1ftzcoe}>ty38TsGLd}Tu6nhan>Qoen z$Th+g{u0Vew%CVgsY|&%LR0>%l=VG$&F$f6e#(=+MQqJA&c}HE& zAa28*4rbgnxLC{hi?w1Pmj;GhSjGop>>qd~yZ+3$*TNT|R=BSR$hsW{5DLiRG599J z*&wg-b9OH0M{nKS5frhk$$j(!8>P)quX3Ho}?QnFaB&_n;w_HtW1G*wps^>BEIVbg?S7hnVr2 zX`R>o>JH@GO4ngk;?!nML!$sYhU{GDOq<#Bh$Vyct=I1EYh&f~w)wu8JHnORc<1Y& zLFAyY5Q8{qkgsBarjQ?v_3shCBUX<>e9t ztQ4E>C6q`xa5*Ti*%r6NpW0N`usiQGv9;=HsIQR4RzI8p9*;&KyY>{C8`aT})*q1z z(xF|K`X_Ale)ivFqWa$y$)>LJa$Nz*vr4)TrgS_;IO%5YjSh=-vdEsS>9pzfKovmK z{hG4x!#O03%=AZ9$Jaw!-H;K}!zCr8?FuOm+#RN%0GP)NBb8?!<0>cigUfE7)5<>l zPjhL)Y&~Llhd{cVz(=15ci^2q%S)*gm@o9TtqUy6z~d`mj}uD63JN^0=c#~0mJhfF zzcbbHR0Q8y^vA*E?9MQIjuanEXx}0Scf0l1XcTfJ9{p6AYfb|<;hLYO_XRR{P6Hn~ zdC0iWCBbHOT&6P1`O%fe!onE3CKNCHKHvN%^2t>T)NlSAJ0&WHz%<}>%V0xRO^r^! zJ>B#5NHJ>u8N%3}yj9EyZJy7S-x1(G#pAE)W0|Ei(c zkQD}chULKa{m;f@G~CYD=^m5yOSP+HZvshMva_?cd2U0z7}c_uT{HQj3Eu-yAL)0z zvRRq>oQIxsJ`wpau=2~bk9rgfJ0&BRUEI_|qL3p-k=`wZlTwQ>XYax)BxUf2zk0i} z{jYfFh3Vt&TUF;m(<(969_9EMr{=O_kI6;s&%#>Zb%8Q{u1SzwKWAx}!uAV`)sK|((GraQ9=IpM4mVm+o? zhiQe^F#V*^bN2W1MUtynWBoq_d(Em=BiW^-g*JOMo|mp zjC7*s%NJLzM>`qy5z7h_wC(lnl&tlOF*;|b0wR_toa*f>`-+QG70~?(Szy!L`WzYH zeh|Hv#%=e&GoAkD4qKw=CPaT#-|V3X!Wn^7`FOp3qR2!m_r~|v%(mVhXaZ3rA0_Bk zRM9#;v@lMR?>eJ+xHq>dP};|IUw@8`dB+elFAF5A2aeBdhhyxfvwgY`0Ng}e2}t_- zzHPLr>h^jLp3RE6RA;BH_hsy;n#7BB@Skot|!GLYJ9*e=){3)8Ebv z6u0;h)=)V}beEa0oFE0@nVV52k=e)4IN~d<%1cU-XCh+kx@Aj2 zEd@=U%E!D`9C~x%w=V|TlVtJ+C;AR%CFPI*( zEAn#~w~X-$b_+iHNeWks#DqZ$rM?^opS=LqAo)PJ(rCK9E}GF=dTmcyQ4~7}+A&gc z6xbpT6TY^(V_Sr`{Gf$6p2?X{z+*GK^Fg<~=hD&s74VRQErUWadT}#3P1iMhcheKQ zogZvrwZdI1WyAJYeS_jpmj%GbZmnKM#^ROcbW6r+5Op!-?-~J#?ll1eRTmRA{;RhK z!s(p_*aoMUxtGMi_?k5mk3a+WD=L3Al|;5M9%A*0K*-Lc$Mqd>)+q2U)4#?K>}OX= z7dT=6P%SJV1c|L35%x88QS!@{gK<3!=g69p`DTS{Sg|j#_!r%8SCldcAJ~Yzz%^!v$2}e} zHVhlp%o(0SZpG)D56%s>|1b&FnjF-Xs16>F9*I@YRnJAzCnJyHsDBub(zim9+D&*G zXEp40esN>ewB|Nd)JcxaH9DYS-%hS_Ql0e63mQuqd8(+geW3IS8L97FGqdW!K8wL- z#!b!|3iIgFjzbxQ6C`Fj(R`ZtSAVPG<%?21-J^YQnE72-ALp|I;(|Edr9Cnvp6!r6 z#Buj9ihrshCVYUY8w)f5D_cQk@m&DJ{k^=&-E5J-9-_21Gp|l~;;A%b=I-{<&doW^ z0zjZ_`20agJq1n@L;_@g3V%y`3Q_ho*>I4Tf(ZD=&(5`UsM&D`k=9R62-oFvd-$&| z6CZkPi+crbhA{8hf37lg8cZ`0p8oUZF3ngRamX!Ftwyrs%(do4GGzjXH;N~emMNIc z5h)*k?w;2=x^5Rxl24t0QL#roAp3oj{@DhA43Ygc@dl0l@}$5te5{D&%U=TBQlO_( z?dV~6Ze)WIW6wTkCv0AqDkK7oGw;s&Pj-G+7K5cdvd+VevMyW5#}@Blg@5MqSiCPi zWFm;I=$^7Aeg7Nlm`3y~d%w|3&axL6YLfRgaFe;ZY1CqS)2u|A;BIAF{X*n?<3HA2 ztRu2{nX8@0Ahh+1*oCYEgG$p;fcVF7KfXgTYmIpIj=`+cpEBY|Tiiy<8uO2C`S-Z2 z?9YbjG(US?AgyY z8b3aYu#JxyL*vtCRV@*Z@XQ0*%fRnqhC0COPx@=MULf9<#xS?jk#zp=PR1gAF5|sH z?1l{rVHcLl{VqbBT#_LteB{Q_7}H>YXDAG1ZeQw`)=A=FRpbYmkpnb$k2clcfN9uKg-%>w)7TxmwYM)O7XcQ z6|7yQ6Z%qW{H42pv{tAcgNudXtYnQ~D%O}!4%ExXMdpUbQ3#>*; zC&6pDT=-?CU(6xlSD4{AoTXjjK3s}I4#VyEp3*lqQ&^Tnd2ofBtI@7iS( zQ;%>A1FiZmbm0x`%rntXJJjL@Q0gIR`KWlbGwb4bEuW+RJ=6bOb0OVrO01G#DbIIb zPo+azoFPJExWbbr9(?QPI6RAAjCtu@FJP@%`iISbB?<2}6HYyUSi;n2FL2-LPl`f$ ze>?z`EbuHBgD2jnT&B|wINWhs1KpwfXm+)?v;!o0Um)4}V&pw>-f$$b=frln0kh2r zJLR@j>yh7yx>iVa9r{v4Eqy404I1g`-|`W~)`ZFGd$#zvJeoV7s|1L%(S|!b&U^#o z>IO}Uuk(a9@zVw=9^u^43{50d{{&^kxQS6e*S|yA}fn+hUmK4vXAq4D^9k)MT zjL=9V|J?k1C{1!PBOmqTqiHmF4#9Fd#8RPh5o_FmIFA%P-xYSAedG95al|n1JNNg^ z^l|?quDar*PdqI_fxXWHspyi7}mb_dxie8tu6O1ZNvZjz&jJJ4L z`4Ai5sJR@o#(CIt|8@dkacV2;`UHM9^>j<*G#l;8k&go`EZ-YxjZI;Q867dRNHXTQ zzEr+h`YCx)t1MCAPcZ9&Y}6E4kO41g)toB$f+u922adI54OApPrOM0Jb^Iab8-wsD zaJ-p3?&+vH@G#tJeroch46ycSlF!FFqw?VrGciJ9qvGN}S(Z`vU%gDmW~N7v7Jc=~ zXtS6GdDrN`stI7ks`Rot-j~=9+kCUS)$tY4=0JcUe*Ec<-W;&jLV@L%_K|{Xd`*=< z;?ZM~1KQ##QQaCR9;AV`V-3*kQV9J#Mqw<*BMj#Vo_A|GD;yh9GH~;uZjU;schR0+A z$6UV~kML!6x5(4oYRlh8t18-Qy^OeWB27-pKT&)Sd{_gY;NxAvYXZoAMKkYTff@!g z3P8r!mldS&)!aE&+h1qQ|6#sy2=?armtIn8y)2GG?Y8 zg)iJg>ytZkwkJ!1T{jH0P9LTanJAg_D-YAMr&?*w6@8C?QCoF$nY9Oh& zVyua?YQj8ke!Fq>^g{&{!$fc#H=R^O3M^7m_d#i8jE)E`Sx1Sq&)lzES5)D;Da zci5wl#pPMgHR@GJtYvVW<)g}xcFlW<+S~K3fr6co_@P|sh^#FCvq!`4oTgfv0mVSI z($sv%rNAGY;CnezPJQMOWh1T8%!#b!W=D$KL%p=CE-mZHINLjMpfw7I?DgZhE>Y6y zcPAMM#RDBenS>9A1Ye08+#~5HjoIkwvnCbEgWO-goP4#gwcFa~>TecI|~?PU$& z(7o!|^En+&OVhkWwjGQu`-AuTUgeKzSCqu(Jv8A1ZDv{$Ij9C+rU!Xu)(z+Mp?C==%UZBMu8ZJ-dmfWNtzDqe3vfboV!X>AS(Nuebe!+ z?PQjyPr7QRpaMY&-69T|@7K-#Yw{g8X=q=xmFA&VHl2kEz`>P3=|_MLT@BEIy!hF& zbs08q_gpQr`s~{Tj9+)_?eYF_f)88F>{qmHG;LSrd^8Bp35~-A`=GeSyEB@T;B^zy zsu5&~bMYdsN4dp46AC7zXaI977VT$PLG+&QgPtwld)cNg#Ib%Ndpy3;&3L{mnlHqd z05f||MRXcyT&60`9uTaX;7mH4!>I6GP^Z=N1jBCXl))dL_N9xd^7@12;7_3>w&X@G z)JYoMhjP^w#FT!HR)l#LCK14el9&uN0sR<5Ho@9&U_ES|qJf)BU^>`!>ab&{J?54A zWPN0-)?=QwPHy`nM8Q|GA}8ia-XacNMZ@SvkDU&c3;EYQie}L+(nPHrVG5KnXDDwb zyT`|A8)#dkoC6yAgr9{-TGTnwXc3j4>NiZW{c-Uu<~I7=de=(DAUJI)0N9q}Y-2wI z1SKmH;e1k%N;H&zzn=R{4T`Sv4yRE>VmGEKj1r^iT`%9qqwygf z(=YQD%LMXQuUm;K72+$}!R05qCcx@-+ssWp_Ux)>4yLwquj7TnwfkXgYBX4SU1a?Z z!>WUfQ)OLrnyC2buaXPmM3%d=<$zpL-jsi^n(-HSJ@H6EW?S|c2ba(Ik98Vs~t@He}whn#=vS#?T#+&9P zC#T!yK#5Fbl-Uk_loR;9x^@c9F*#AnyZ{ynGef*`vE| zTP=0Vf|q@!=&R?`75rfky~zFxkv|Eu_vRO|(O$sr1t9Dqgo0Cg@Tf|~&!I;!hHF^i zLnnk}adbe~1TZT31oLI4n2W3Q_0NN1m{`2R`++gZ&c^k;?dk@0q>xhfs@>$ zx|JVA1d(1kP!4ORYSWCWX3RYcFhu7gn>iht#bztN(UycVHeEN@sN1fpYwJg_0$Kvq z?zXKKol%u2=7?@KK@96NTR&{=6I2Db=zPT)O8A{e5>exM=NBQE==IxF$kK-}g48OD zRST(^SGFY}UxW(|LV!`@msKFgjUc7Xum{@`^_ClMs|%U!are_A2v;Oibe)OQ*Q*x! zjeRAkP>=Za=<~!AtQ|Opz$;-X)WC<|0VjUcyO(6s?J_>{3ZQNV*3J%WT!E}vTB%COn&dvnP2R%ZRj(iMSnLD2~3DXG>j?fjXSv04Hb&A(HnvNlJ9gJ%eUg0Bh~00 z-pvqG7zz4*5AWE#WfzwXcb~ReO*!>{XBiF%VM^K9WOX$~?5 zV++A$j$c6j?WhJ013AMEeYq6XY_5n3_QT4xA~Z|ySD%9;Qi%b_`t?!tNfNAc`TW}c z5DyxHfe0)*sl3RiCLcjHZhKC~AGQ!>Y7p=o_r6q*W#V?Bxf3pr)s+jI7VCvq@Tf7M zVCRqSq4{xxHleq~a!`=y?>`~c*Im{6Jj@ym4*EB?QMf2zbeWrVviQvB|2&0YgfI$+ z=elda$}7Kh-Y?NqTfW<0g8kcd?bUY_UtoPTHswrtzqDOXTIaQf@`VdN^dj1owYU>+ zLBLUOqn3jw0ohu^sX{G2RN6Bgk2Y20U+|1S%QVz^twW`X&tGZJezK{9`w`am&84q) zr8P)E~>BOw1|$!otI`Gt+Zk1X204dIowH#~i9GEbmTNA*=s47^)qI$Gf-&SVZ_ zse$IR+@k@S{XWW>V}0Wjs@aL=xj-YZYBI=QeGbj_nGAOaD%c9H^a8?}A@I1Zhkojj z_F4N{2+N4xeIporJdz0ruCX2)Qd2U*>NP;!AO+kQ(txNi7Gev2rQZ}BHCDi%%- zN*T@2s1iN;qv?#Aw`h?r)z9HjdgS;KD-HWe0`?&OL2>SCXK)k+t|84yws}wz&33(8W@B>R$ zn|DZD88{ZsG4UfL#lyr;kV5Yvu{)w_nr%w<)Q9pHWyz~Ifg)-Z;0r(Jt($O^7jHw< z%YVftHxQXcE}rff2|FR4;MU%8jgF{i3pAyW0DWtb9_SQ$o;t1KYiCMMHVf!aq3^Q# zQJ|tXvsPi2AIOK*?h9%o2J_x@s68;;TZ}eccuEM5=bI z(ZD|($UM%nFrd=c$jHMVqp%?@m~G*diA6--Yc_#R@_c}3h$;@-FzNjOxqG_BV*~X5 z=uY?SBB=ZFGtqOHoH-rBPfXWn{)vSx{A=HRo4B;~Ds$1z!_`eEh>QHiX0tmE)$}}O zk2n(5JcdFnpw{DS4?$!E7Q=sJZ8ymCZoJHo(uGPCWY@%H&gxXxw9kSxwPID6V{Fc! zCy(s0>kW9x#bzI=5Z@V896y67V`WCQn}%|mgnyqi&G4oxF%(Ag@L{U*Fcz(WY}084 znr(Xzwnv;@Bn-^y4Z~YjEHudK?;eTkalqJm3+;u(g*j{8}`@2V}jVEEym5w~Lamei52k&mX|C-AN7X&GJo z_+B&vIND`+a0y#RRYl&R`Ys~zjNp<5>!fn6E!v#AJ-GP=;OsHH=J@gw35&q#wxX9A zuz9h!IjSVbKMepKm#)0ysrEx|ixyDN(|u&FNwievUV8&W``! zV#q^wYD1_+rRC7)#r{tsQWVbP(0wfI`)dYxz1s#FC;|>-@iMoIlSLvS3?e>rX)1Ru zO>zSS`*WdZ3s6H|6{;@a{0I8}#lhft)%5^uI#gGGH!bI(N*OF>hwR2AQt0Kp*ET!+ z+060t=KYtGF^&_1#0+hG0fd%Abk|~YNnz}w5}C_x-|(FlRhLpK^Kl1M4T@?>eZQ~X z{AB5CZp13`_##W+Ab53Ib+vTi;qLv%d6puQ8<2WV!K4I|quc6^;9cM*YU8@W(T{$f zlW(hGP!w{0^DCfVpw4?=FssqGOrXTQCtXJ3IFw%Ep zf^4=!|2;K&F;I<;JGbr^Ws&zzbh5Q-3o<_YbCV=xLP=ys*(i#BNOSP}Sh03ayKV?C z$H?)QP}Zlnf@aSa)W={-d$;dpKZR02eU%>oJi?hl^iR5(fAUrq0u6A9QjgTp&uhO0a(&6vBr{eMC`n_C)3OAQiC9=qKoQ zTi8+PEC7NMXPZg6 zLUJPRvBJfUE;chgv>KaKZ6H_wy$u_x9Z`KDp!0-)*#)g@|0+tmmE%KMbq7e&)NwEk zKs0iyX9NmphG7T~wW&XIeoU%z=mjmMJ_m$u33-a_-nQKUS(@Hqm;FJ^=PBpBHQDnC zAkV2(&sOjY>%zq!pH9xM4x+k*^Ws?Bc{061d}BS#zHvW{_K2O69eF!2-+@yOwJJ$#vsAuJ zC3HRFG-x_V;_v6%q%yq~qRV#$A`xJqV=;7Vq8+h8jd?#}`%s?+a^u;<9S|Hla{oG} z;kFcD7iZs1l14mr)i9Q7T*clYf97xAUDu$d*`b^O!ShdEpT!z@haWK49&=&-VvKRl zP@p@)P1jldT5V4M6|ShM_oz3P_Kg|Y&|SLjPgU=>PGsEYQaB~Y!ItE3MPjRXki_Q5 z%Bd@iKy~x^^oG(6VO+TQL0eLWB8w;OUe1ymzrscR%ZG1a)}~eu4&`$xku^0XM-d_;~hAhOK8~ z*AFtR*0XLe)t|Kyag%e#m{VyX^6oW5?35Y>R@WYxxO6z8hH}8rGhI?~G9=0QNf;?j zczA86_OvW%M>gy^*@pDhS=XsUXXgg5*Q%89lQyatI)U%R%*uons7TZa9oh&pzdo$5 zyMkNRIWFOUjf^~7U~WCz7|jy7GMY*8pnV%8vUl`a$D{-6_^V|!tNN=kM4R%LH@eg2 ztj--OENa>O5#{X1Rc2~BCFVlyW|baNucX##QHTKVb^im*dMZKDG~SugL>p*DM1ItX z)7T_MHZOi@o+8_RCyG|YFVeRGnm>Q4;y9y&V#)WDMj%`Q;m53Vm9i=>=71*rJF_=i=Dc^>~9S6;qR-24l~M5s(1hDu&fC z;btZjxL6d2YzN2mHqdoQfkx*oD!z=A{`%QBb9ktikW6*g%=H{Q0?8+DEoR2d&_s3J zD>DYP`32-$SbtZX=ZbHH`0tni(PDEsbwcHCII-xmHOmNla(L&TKxkj!e zuYZEJB>w2i7Gs$INf+`OwJodjCy9}OkZ;fuBKBCJK40BrrcM;Df;OT zWd|^aq%mtKjOJs4rn{-JNEU{YvR7Vopw=iJ0u!> zzRa>&e9n6E@EnkXH$lOvvXqyRvc}>x?+jr;%OK6M23?e2SRHN~o(cuUf9x3A^C5z< z_;vb_2Y7+1Gx(3&LyZTXbWMBjJYa1_WVq=2&+$^<*Yc@~>`1OXHAEl9ggaHSQ$LVj z-{MX*BdalwtNh?Xa6v*FRr@hW9mHysEY5Yc#3|sowZgjOayx4_m%wCLLFJ8gHPmPO zY(c!lb1ioEf(tw53&DlWT zpXsXffkL!oPb1NU@A>#`H$R+mq6vrqO+nk=J{>nH@Om!G_+voX5?SI3>umiI@$@>_g`PhQfX~#k#jvEY8_R&t11LXhe4P+r~KjBwBKNI&vs@_V(XuGRNnN zHoHwM)b8!~rC(oFAI_A1fT;-|H9ercihiwWJ%L=#VPL}KO&R$b1MgTxzxLB^1QQ4P z`%r>O?0;D*y$;E`IVSDihrcS9jCjD&Ec;?Tkn;h$#9`3tiT2RKa53Nvw?ot)@=lkU zz=!Ug?7b|0$JO{@(|JEIB$e?CY)p8cv#L!6zE@kBDcY57u(i5vs}vNm08EJdjz(%JOn2WZa~i5>4Dvp3@@XD9~Y-%kQ- zVyM)u!jsNR>^ADOc;&f=vN>LMeM_&Jy)`8SOj8ja#G;hNcbGD;aEO_){@@YnizV^y z^D-IF0zVc#)8QnR5ile$&NUvWJf9No$Wc=09$IOllQraQ9BnL1j;2f|IHe2Cg+`4W z>f7J;>6GDxtg*g7H!f$)=2*y^EgitabS^~7J>sm}BdMuYb-;eMc=_p{LRz85oC1_` z!cOg2QTSX>i#4d*U3Z~5}L`h)OZQec!@mz=eh#5e%9Z#bAd_9(-#l> zWzR()h=Jl2eewMK7l9hGe;6L-N!?tET-}#W9LF`JyEd1+06;BhUqil@OtXHa!~utp zkv|X;f#XJ4LSva_5vg`!Nm){!6vY{0TOEy!F?_WN>kXlyPi8`w(RLDVCRftKV?Vijn2+~oz{BwzE zTY22XlI+J=PDgBe2Ou$B|?pj^71IC6Rx zqc2w&?BbrfVs{@X36%K8dk8xLGKaprn~QWy7|rjhg|`rFguf;*Y_q5{yUbRo_^RGj zuHZxb27iMm=2j($CA!Y;F@(^Dn$PEd@eIkTcH-y6XX4EIsiqz!E?E*s9mOxaPVg`s z3)@*lFV8fFM5f4wlr(?6G&vbAxc|$r z5NyGik~e2lH~MuBSG=(|gNg;Lfd!LsO>@dw@`RN1ycCPE7fBq2TZB9k(?K6(!Zq&!n6(D&j}E zTQI|$CrgE4{_>M!xE*uXt`lJZ!f+(4p%W0{=9)`tg`#5$1h>~IpdCC;@-Z%>`yt>WSGj^@f+mW>`KOHAk;mGjYM6`$>UNXJyB z)o8ksba+5zy#M0@z3=Y9PvO%eG^ijZ!Go%Z*J+_?gTtK1Mco>En*3`G#=Qte+CP64 z{2yLVn*IJFy@UfxXCJ=kXmjLQ@D!G*-(IB{dLH6W3g?j&*(gX7xl?+|70_$~?UDL3 zzv_6x4EDDS1O}LPM>MY4svx(}%nb^Z8_KzE_EuY8w<2b42CsHfv4vH@9UwcHy($HA zcY(9-!Ok5zS^#?M*~g*jw5x?Z(?d7!+d+`{;ZQ$v*0o6YkZ;0v8HaA&snUIcO;|08 zSZyluBbvKtYP<_J-Eh0qO4sTU^1GBCd8-OgRX(vENiE(|r98+#Pi86%|_!s9?wRTbov6R;(p9AI%+dr-`wG&t9)6kYBJJXgwQ=~&~YVNmw=YIF0 zLd%}uA(?1xcxIrYXMzY|_7nlAg&9~nsLS;i;>~suGH@~Z%?Dlx&rmfD+Bt%mZ%gbF z-sicxeWBufBnu^Q>{yf(f7rcMjc}!kSvF@gQtvM_4S)c8Y=89xH{10gOzd_7Nje^yo?E)>HPeK94vfj~e{y}HTienqh7e!_3t12G zE*bdq>#e#svG##bvIe6a>7|=6jcEfjCeoDFl%C$qC5m_vUci7UTANR}m|TWr6Q9c@5vb4UX>A^IYL-(`Bs zEY{!@Mj%SCspkrAy@*3j)(c`JP-NQ&qI{_>TB`i@tncM?kXa9HxWC&s<_f`5f~DK0 z_6C&)w>Vjm?R|k70;bb z`}{Kx;j)lxe*oq?%cr#~{N**OPM~;nO^iu?-7f`RNjEP)2>P63%h(lL)SaO;h)CNt<}0y?;hrOf9(v0m$ngvR z%QlG3M{vU34>9d}(e}mKia3ZdoJYlWN^?N-(|h@mfvf0EqK(B{CEf;Ema=Rw7J`C- z%iSERxyKxnG5(qs$xBYS#%#Bm0X*`)z=7P#ZyE$GzqnV0N@ZASl|Cv7k07thMo7_p z7xtJ5ty(j$-#dv4d2P{QG#eoJ>Xjc>+$%CX`n}Ney!}BxpO81bFFgbuzB{o&Sa#UF zL&f!yJSRgZ;u`c#1I6P1>c)-T3O7L{{ZJf!0VT4rg1L-_{B}4#AvEP}I!)ck4APP; z@d8QK*%1 z(-pOAlL{5rt^U~WKFhj^w!?by5;!Cs4D&(u2%49SDg}J@1q@W-QVKY z1@thpY2+idw$v_RG-uKg!?r5eOF8oEKEi>h`$N8?5@R@r4xsfc7>r(Te+g(W6P zr145ekq+bZHgy(&l4fbK3HRhA&J3PxnR2|3Y`P|EFMgK6VGNGl7M78}ae)r8`*y$$ zG|_JjlIhAepgO2g!zILoZ8*qRitGq^GqqaSOg7)30i6JbYR_!jMHn(g6~$h`Us&oLMsB z=MIbHHKcv2`zZ0$_pJ$ayR&JvmkxY0Nksb9n~JE;cYzmb1FX*By-5VH4;0rFXab4- z9qnZ?Q-R9?I*pfJGbtHbL)4Z9-sIUo4(h&llIDKB_%(s3zZZ^64xIpykb1Bew7aDG zJ8+f(Vzm25a0W)okOg3ev|Ak?;OIkD_ve&HLL2?_f&*xGFP{Ab{Z0z~S`5zy^jX|p zeTgmFpGpIk=Xabk34E0`N1ji=zo4N@`;v4Z>Yf#Rl+$0w%KOL=Cn4O}9pNH6;1olm zvQ#Y#+{i_h>lK~Xjg1&c4uIXEsSV&IOb`gLN@9zCo4-sM&iEqNp`B_y;~MGTxr{!# zgoIUv_`k3k7;+X2Y!8xLClDL@a1XRV1M9@ZpG|%_Zw(@TFGkdvv%I}CMjvy*!kg$cMoV`ps=T2&CvI+nlhd)4Fy$zO%X1s!6Uhh(;Pg@h> zR!JB((n5dZzL~{jGi7OlAvGbFjYUU;yin7KQKPw48sFj<*Rc_7iHP6LSYJ{HL)8w& zB{@^Pmyd;=#@k!e{r1`=u;+1(cGMD<2v}j7*;qt_PS?^!%9n8@|r+I?q(I%O3dmjaJ3lNKJ{R_CL+ zUho`L%V6*8^y1yMO+@@CM%lag;UB)9wgGANs@IJO$#_L3rH4nB#&7_DqcjkkkB)7eYy-Dg_A6!jC|4nbem zPX;tId+aB8(~4x2oB$2YzrNyQBU!u_uOHu?sU_RLdhBuEm{+LcF7>~`NVdJInX7g= zMyf<&eIw$|xv*8(mF_lW$#MAC*R2^Yp)T``G@>^meD`1h54ZJ$jdm|XVg3q_rO`U4 ztUUoO({9X;;-dj$;SW`-*?qbh9jlS60cHA0pFak=Nz8zy7j%-@v@^M_BJad)-s(il z+7lg4S1Qnm)P2>6qmFDx+M9$xNV`$z*a^w@UR&H@S9>TyWD+O~kU zvP6`NzH?@|7d!7K7Mjyai!A$^ldQ{9_;`u5eW~$M-gE>@gdOK}eVcw~GL=!wxyxhs zQ!xc`&*M;!c@DpIj*aoS63u>Jm7BS8Wp3D^4ga*1BNeDQ_}!+Uh_=#^bAQOxzTiP>B!dwCEc>+n~6~ z@i5E^&n3K@q}W`O1^;$~j}$L$yPN8e-11HP$~aCoZp#c%ii%_7&framY5C!hw0kJQ z?=|-u(#3$AuN*l2Z$i>Zb8wz&7|P~VILAdQhma&D>!Og4wO|L9zCipbPDZHMXuQU) z*T67>BCuQe09QL`%ec_?rlEaMAmTF8uC;K$p{#UcB$ed*cn~bkFk! zAW=AGf@`*us+<;q9FJJ_YB{kMfr82mDfdq4O6=36gX}YOrtHu^5d0~do#t+ICz(LL zO?>Sen|h&wM$@{tGEA3+b$4f}5Q3@Vf`r?I$dup*A1YOiG5zdYDrjw?f&{4SGrhx? z0o*H*Eq&BIA|&(p#y`C`AM5(+P;$NvLG1AXhDU3k8H&d)?=)pAS~8OdL(b`|w!rM5^i+)~gYM~a-pfPbu4 zvbkYMVtdu%z{i-acUXPiF+q^H+#v>37`=9*JI3LKqKQ8(-Q!RraS4_HFXw}dqFDb% z+X@2-+3&Rbd!L@_f|X?QX{&sv$#iyfJ*Gv(r`V^eWt&Uw77PEmh)+4e`KRG@m9Cv5 zZGEer@Qx)R)8ehRc9SB1a+vN>$Ea}fD|OL3#Sy&ohv*=PSEStfNiRB_JXYvke~bi5 zw!AX=g_R^*24^zq+skH*XQOCOhnf00MSdoBElsqIGI=aVenZ_ExW)bxKN;!FuqNrE z;!nBP*h`={LARy^jFTUYnArX5a7t%G?J%okcA7vMb5OVBbE9Gi_un>|@g$I*q|LvEKhws>1?McBWb=|1VjRtfhkNJ@JZ zTjMOhoX?rzk;8)-fAgnwjPGCN!Kz@Z8}ld!^nMS*toieK_S#(2S(h5Af2rhJToU;6 zfyCfX50g-W(_gNJblc>-zXX!s7!Da*k(G3ROmv4s9oaN1ODikf4~Ti)UDjCnI1TP; zuJ;$#gin=jo)F-1uGCi75SRTPJ|JNQLd);J#UbiG<9QrUs|-Y!hFO7c{37QdVS-%N zr&5&fTvAo1uD9^7%wz3@Iq0OGAmN<;;XiR5bH0DFD)>mcof!@n6cyw3X)j1d!TIQo z_dc1Msmmsyo?B1AY0wNy+`eDt4f`u9ey2hLLyx*RNm2Fu-L$#N#`Nl?)X2%{i*Cvo{%3Y$Vh4h z{5)9_D_iPLeOz+3Qs0z`QvPgEZ^vGb>^EKHG_B;-F4v3WW-Yi#V34;(s>trA%RWb< zuRJ%n32q{@}1;E^EDiginLP9`iNH>;upO)z)gz9TD)@~NMY6>3*9 z9jeSb_H=<6PPP3vR00pmd2;fz0>0Dl*feflXU+OG9dN$#dsp}A4f+=bqy^kGf|sXj zk$T$y0dwbK#&xOeh2qD|=)YN*yvrxjWt+{K}D7#c{lP6jX0MWta(Q@eO=D zMhSUQL}ky(eE@1^yf%+;seUiaM#_C+ZCMO6dohgC}EH&u9D=pBpP7r}0R z^>?Q+4P$z5j{ZFXB%1F7%;+#W)JnipLpP3j+@c+oGUTFy*mP!3V5=!hKHThntcjdV zlAW9U&(guB6w$OWMf{K{9nPJ6vabbG0}m8;XEBeV1n)7O@m0bfH)jOaCtfNYqSx*9 z@^NnQ=SQ3)mS$=gDBoRW)v8q;+YxWBCV%LcvrU>fX5NYFjuaWbo$>#pxp@Sg1iTAyDKL_?LkPX0(cv)pu6SHxF>pne-J z+B}3Hn|lSYzk2F?tSM&Yl1ql|*y^h)N5EDqUm%<5+Ho4URR?fP9Q9I>&Y*0&KoMfi z*SoaY$7$UT-ji2=0a(SS6twVzH-C6By}6|bqVwwT+ifb&f_BkWY?fc&OfdYC6&>_A zG85#Zk|(f5B^40 zSM;){)}t{cJ~BzhOQ&Vq5hsnD@%48>aE*mfL8Z|N2WAN5gUH5RmA&igGHR0^9J9hl zDbY)+xLh)-`0QR(QQGg_qyEIS9f57=z-4s&;kxFgQ%vn5>-EM|mxGDKqBR-*C`;eO z&1OnN4V{(5rKwu2KdRwhzgRurX(tj!RKbRbW2dE&G-E7{m)-syB@D*{)p*$ zi$lWaAis90fstjLUcv`78Op((s-%!b4m26f)ipVcJ}B|{0|Tx-BO!V)AEckixDfvIPEw2k9m1-2#?`bTANR}1y9$wrZ4w|-!Ke@ z6LR()0>#ryYfPG)v}P{a$!`Z#9_(gy7{Zg_$U8f(@O1ia&&g?U3VT*slWZEJAVK8| z0vns18r?0LHT4eF&51nDSJ-F%81m3m9zXAKEJiT43uSWA`y&a^JP?RhDEvk?0rR)+Zl*J4 za6?NWPcO@tJyKiVWMO^#QZa}j@?mtEN1A>gj+A=V;Y$N}5|2dkphs5WG!q}iTXRLw zt0VC8jf{Mxx_joB0iyRCE<&s_B$*CaI0dt_dE{<2RFN;dXXFMU2zA1|7W5{S2~miQ z<1QR{rxqvKLj>P{_9~%@U3fdF`4dp>!6K+>doAw3WESf!QxT|W_~$P#Ztb*0Z?4cY zZ)fe3sT|e7l64BYf5F{u2?LeEkr;!ha6!*b+wyCtj5TS%q-PC-Jf%<5*pH|>b@4yn zLseIl9RBP8C$Xta^Ew`q;&C4ws-1d<?+=+qo)FM`v zTX9R8rP&cMimHH7G_j)If$6Ln1vrjoazn&FD^u-es{y!F$p$5g8x2}DYpf4EOBE)L z)`zwB%LUaDM#7!fAL(mY!q?U6g*?YwDy-dK7*sz5yVmIVZ0IXNwscFFBaIXUTXk?g z?jCLR#2Z9aCLy6bwzK#UZO)?-f!LixG22$|R|^YSO>E7jT;DIKFjp!M8&E?aPfr6z zB3&Ez4(0Y+DX7MN$FE~+);mT+fj3{nj_| z!y|oxwC^s1mMrLmz~k;NZ*G{2qT}XE(mIWgXL({;=7l{l zsLB4G56wqSgeHBHVYugz%=xu2VyR0pKa8@^hErI)(zGWLn z;Cxp}Ud+4HIdb5cE!%Kj9D$ZiKp0bqm_px6NJ)zdO(F@)ck?lisItI-B;5VKck-4Up3r%Khv# z5Ebs8r2qmsA3vmX0wyhEm94E{x=918*zMJdM zKzhDB_hwa*O1)<|pq-Rk*L1;(?@0Tcv4JP%m#O=5$19v%l^*T8qH~0Du@~)a=5ZB2 zcg#qvvEqctisv1D8l)HYstfH`5RwW8`|BNSXTPBa7*n|?*cY#dk_4JO9P?l=KKr4H z(aj$O%^^F#rHmBe%lfi^qm);eo=?;}%F`>*Jv5G=H?1M`rx8|RVq5d4M1XRvX4-sO zrwf1H2|e4&o+`1aU3>mx|7n*hCkvG<5%Cyz7sCA6ldP6_uyNKGFqaIHFzu?P?0Ov% zz8Zt;NJy3r2qk!!HEkfp&y9IN6gzIXxXk;SQ)P~IU;C-4Z5b7Ym~`sSdO25VB4fum zncTcI$>N2_A>o(i{g1Kc08{6_y7WL5PZ%_pIjrl6lOjGr453paU)v`F>Fa%vgAa~gApgw>d8@0I0wy^P)(%*#VU^2| zB^1#u`*O34T^mvM7j5?Wm{*wcT!nX{c=b#Cl-wzggaZD$`f z^gvyCR%e1T>;k^L*_uePw&eM4BAW{5G<_BcLjiw<4q(` zEzV(kgzk8q&1&oZE;dxy0=SD^8j1UczWM;dfEdNQBq$^Vt(<@INhUCopha_W0^_Br z)9z%>Ui&ZWNk8o}xhgS2v+-@bzL=Tg>*@*dso>KGXmqF1`^jU`&+0cani7J-3Nd&% z{PC=}9Rk#zrrGY-2Q_0!%t<9uDM#G-GEnu$z1thE~6Vlt)(MkNIL zt4Lu>Ua=V2nFY2QY>tw@36rOt?aGl%{?#87(0b!D)UJ%j#)YBh=qGmo+yHDml=9Ww z%+SAe|4!I64vxZdn%U}^2MI&p)!8Pt*0yP(TF2Rd_%v5`NKc5d+FNq0M4D11d5Jf5@(V_7Gjuf|^tw3D57PfmQ*1e}c zmDl`N5ZQf3vh!VTuQIolYUKK!Px&>2VG~F-Se`%@h1bMDN)hAbr?=l-ndduW`Qwho zQXrs&FB}&b6Np*G<|xjweCsG6B*g+xOtZFgk}LYFqrn+3^W3|aVY{dN1NK)((sQkP zCJBlqo2ktFTJ9A9TZQn&)dKc7;s7^Jgwq)(df&Y-WTQ+#di=|q|!cfX8?uTNix zz0-{VbdJ;wx&O-i18db6qzxxKNQQ&3jE7s%de6_?*5lz>5dyy!AHMV6&;uXxZl39S?HFS{ zZ)guQKQ|AvbJu2wqWxX`@hJ_D?DQ&1jonV_Vmei8+6=~l8sBihUxDRXU2J?;isOE4 zB!#=j)7KyPm6eN6FD**J6{#n?cRlp-X+Ul-A>k`^`2A zSpxCo69zY~HG|UD`?-@~ScXAu$H7EvzMuY|bp{2Q^3Q{926qUm%p(d~{B}gN&yQ1o z(9Fn9qeL7&*J+_GIu{uTP3^L`D(kdt2;EM_n!Q)LsVuyNosaZ|XPDD*pAi6ImM4&1 z{{ykO1{rxt(4u~{rA*Nesb%UW#u(D-55y@}vvvHih&QEs(TpF(WVc3gUTk}*s+m-q zRZrsx=7g-}>n_M@6W6<);-s>>$CqlgNJJJjFma{njPLEA3rxg`b=;!^{N0;8t30i+ zN9+z-@;8Myfw%)!MsWG>$MHKCLXLq3*n0XEuM`sg9_{-Z8S-~E8u?jyvNs%o{`qb1 zcqoMb%A4+4mPlk4zz5zM^?iPpYiB5VDM8um&-eX7#Tf-C{>ZcL27gzvFW(0POq+ki z6CbU>J7C0J?<@->|DF=?_i61@vS&mdHkqi65y22br#b6d)kgDk9kZ*R84lMk%mt=* zvs>t_RwrC~jU|dB-B!SdgXYe4OLZQ86M5$`YNLO!G4E&}itGO{HwJM&KO_cm&27|Y z|3X542tc4M7?40pepe}Atb(-9XBNii>+J*0#!UgJjx?h)Fj7Oj(R0>Er&xY)Iw1(T zjsOsa4R5|g(&KMJ$_Rgxj_81Ar37^SeaY?jklvC$FaStRCAI&HQSiaBp={pw>tF47 zd2yyj8?HMpPC=19av0~{tn0P3tF ziva=Wis6DFOD%eF0*``OToCxZacgz|Oj`dj(0^FXzX?wt%_rO#aX4h9(O{IMznbw` z9OGIR>XzL%V$|0U>wLomED!{2lc4d(BcDDlP%_z{>B>LL=pPZvfcPf&)kK(~t96d`kR#O_M49vflis z@dT+qyGMHRl$A>hcx2tSIK3w`7g&}gt&jLYs7S} zCF-Ww-gF&~%-k_x8!N zhZnK{{LOXQf`Odu4jbG3?e)1E2GHtN#;OQ((0%4EKi=qU9eljp8)~46|K^XcJbv+i z_?Mp;!V5?6={cgP&l5QBCvZ2caGUzD+$HI$sH~f=$UK|OpPxTPe)88|K9QnNIszkm zG2Z+B{&A1z&<^FkX}=l~mwaWQO#kZ7K1GI5KZPUU>VH%6IA|B_r`o$2d8bwa7a5~` zIM94g{^E;E@<|6Q_(;V3QKUK|e3+b@rp?L!OF29Rqk2QyE1QOK9z^Wzoq+PQ8_`YU zfYc9(<5f2QUmY!9TP5^c4+yn&)$`wb2B?2MiWmOh;{CUHpZ)*3d$Cddk;uRcKT+Pk z`n|3HhZgO(_51|)QS3HHHI>E>Nym}>C-$SMkwtsdJJ|o7-rem0YIjkl`yqwkw?4NS z3;(tgx98Yf+C6KS>Hk~2|K7cTefYO=__uNRzh-+0fHb@5Q1Q+fj7A28u@F}vR9-r6vf6zA7%L|~T7FfezY^2>d=^<; zD%z;pU4Ghd3SRl_v`u*Cu_78G5~r}9jkQD+p!S^27VumLM1U7_)6vtZ5LP~bNf|=(henbBfT2IMDQ_=Py`Ywh{%KgSyARsfAqs#e`FX?e<{O&6Nf&V zZ4gT?OGOaR3$q`GLzhfRJL-`wSbGcq5IUs?08T$WfKvnJaYLj2;qCrXFu^BA^?~yv0<1h%ElE#t4Aao-7H9HB3iKQ;t`U(Y$2-Jo)Hq*V* z6hA>9<^v^rbTTIk)xZyrVdrD`2kaxACQs2uFjod~0{-ynH66J|7kw4TQ@)wtq~&-oiaj#<%J-CQV>-qRY&qNLv4CYVelT|4aeFj3NNhvU63zHOg;_LLQw zjjm@Re#N;!ESD|zs{gxH{;=C?x^7U_*-uMXzNFnla*s*5Uq~Y2f0DoZAWH*TKQicY z?T6rnH^YNOUp?fh0Y%>(NuS+swH29=OT>_lx;q)g86x*xaK ziOA||m-!fa&izQ^*RO9M8T%4ga+A$O-Vedey55A~gmH+q2tYD4Z?Kk32d#PB;`>k9 zUmz81)peficQ%(IcqQ->-fGa`NozSL^>`)TcLdyhszD-`x*4pw-i7*7v1FYTfk#69 z>Vhy!YK3?e*`~L0d2_8-$$IrE)O1QsJvnGOzvrx1=7xUx3EuT}xdmx5^0m}0NpG(e z>gk^a-8Z6ed>0Uc`p@lbuiyxt!A62aoerjCAI|&&eLF{zS*!TaSXsNn zcjoU~?Zz4-w_;ZFxmSI>$$+mf!uOd#J(@^!_}@5@GZqk$_iRMn6}Y}B-@f}0f zflvX$$<3v`foN9{3WeROSk+M^%t`D0E%>|WGiU+Sr%qg@EZ<4@E8OOH^%|VTN92DnvZ4yIg)nN0&YjW8kC}h-&jB5R=`m}tc@!n3v2RR-R&+y^3dsOL6 z5MJz*My#axD~We8rp};M({s#b&ubl(i5xSI!tI!!+R9n@WYB#lll-*=%}2H8*F@s^ zmfd4_M|g(cTry9rIdS(g%cUz7?#lG#9S;YVO_2IX--Bh?6}vwtUxAPrw8*E~zXeeS z93TTEIdDi672VGhY1Nndyy%h=B`wm17G48gGtT!4r8UWWUnY60u>28E7w$`ze>fv> zwoQJ9PHS}&?Jb*xX8j-l;-69!L1Oq=+~gjJg~cZSPa5h2PV?sUM>;Q?%O39}W&en( zb3@=BEwx4d;Ytae*U=6EZOHNCJV~?22rrVQm%G>(67JWfs@)%&*9UrQ4~BmXHhw=J zfN5~sec9}G_X*WlN)osGM_+OE*`8#Sx$iM^B(pg| z7plBPDL=MIV`iXGZwl(+Q4Kb1w3aJ_$qOf{?=CmA@5%}U&m+Ge?||Dl$Y}%>oPT1f zkg5{7*NzCC}!T2Y?jYurg8iT~uyB*X+vMtuu@3yXqF`HujmfCo5Hl-|^I` zL_6Urybje}X$i$wEl%gId2OR?QU5ueCj9iUOIU}rvdbMc zVZYO8b-|5&9N{DM7F++eJ9wO6Dzz8ybnRxLDfFSEQD=60`7Vn&55!C1^o>((<|5aT zxKH<3lcqP`!)1kK&}t&VO8a7FfhR8NbSG1(d{oxy_M6*KVMNQdO8&b+tAzv^>sK!2 z_1WqznG)KXaw#8!!wlw&98COb$#;)~|6;NJ5TI-* z;4oTLS$s2&q*bbs5(mGJi05kyg-`THY7L5;Py}I58Ab}e5dGz0YS2LKo61kDH-0JM zyzdVoG%3C}7j^AV{MH9}^rCE@NW1>?*^IQ~Tj&@4jq6$2w#C7CCrrC+E6^pp9-2n= zsI)fON#@SFa`=bT`V4-Iw>&nEO_Y%b_xMkp;Rq5DM6=l)woo2CvYOtCDW~0Klm(;t z(dWu-9sseyH$21I3*-~Gp%kJc{ zOyG10mg{-x#Yi2&^dvl~KAAYVKlX+*K}El8{ClYPX_E_Vzo;^w!SRw}zOgb1Y%HEvn%3fo*$15@qufbQXRxV`!^T%cGZ91mPS8npeZfC5AP zN&x@n?zXkcVG03<*~M>mD29_P9RK~KMmIk>%#t8-#u9QF84#3D=n^>~|JLe71JvK> zo%I6-1bCeP(CSo9Ym`GIk(zq@T)Dzn3a$w@jb~5kNcAvyq|B3i1)^h8YqfFU2#^m6 z^9>Z7FYaRXv5Ia3A?=g};H=qV8dcNDqvMLoc6ExIJorG<^CZ}cv<#uB;R7f*0-nh7 zm3^HC$&1B(&#x`s04Rk_pB1V8tONFqHt_B`x!~MCYfsu+NVy+Uk_37N&Mn7e>N8Pg zwP|B!Z4Mi$^}O#%NjMQZ2CD0~jn2%AJ8n)y@U)*x^{fh+PE;E!%zSUXo+ns~MIKBN zMPOR0rFsY{1;WW^eJ8TkZOvVI<2_L*(h`ra36G?&h%vs%;Qyx0HSS<&o< zlnorJ>;q}uYY3tc`8li6)+HhHKqtHfuD1Fw(wk55>zLPBqLHIXl^Y+w*K9ImDt6GJ z{bbcmAVu6-@0))id_Sb^ZUUZ%a#-n+M!=&)&yh|J7|D^AX1Duje{p1u!86->?;U~5 zE)p1tn^!bZDnDCiOD?^wq|~CN9@x8cJ3MpV>?yb}k;KRjM1cVzuW5w73VCT^6SNv^ z;7>QZ6KJ>YO9BmebHcDk6^DsnC_q;ZBkF0X>r*V2YW(tbBKqFOsvtMx=n zWi#cBv{~v1wml=cyjXqcjRgU!D#yjpGszfiJ~%^<3|9a> zOX#6ieV@COufZj$MH$bIn0gA5Xp~vV+soS@4V^e3*X|%!Vl%LyjQ-(tz`g?78J3); zh+wxpg-@-&Q^JtMqIza1i4xw@pYXXO@RT<%Qp459ir0;#-*Y2Iu5`$v^nN}@mH8&} zg~(ai_^7-elH=|15zQ+#y9k$4#G16~k(dKt%&NPemeU?LwA`pgJkDi@ajoQ-69>&1 zFr1}mOdh1$L73dQYchB-b~zFJ6w9KF(-qNd)GBd0O`{1`yq?0abX?4cKcXm~1AXaV zoNAW2C`jBA;sox`7NyJ{1Q{eAdTUWu_b_kDX*w&C*v~{@E>Bb=5|* ztUPuQ?B?RQ^G?6|48avuPG%Uk@|A|0Old&#;U=Ej?OF5epiGZ2<8-NY<|InKy86U3 zrgaXrvCgxNcFm(?Uer(nCX#T{TGxTtKBH@cDq`bbK}!Oo__i&L;8`*wEGjcLi3D7d^*v~;_C|NO4dWx@VtK!xl~VfI|oc_Bl4dHQ1Bi$AI( z5aV3*rR^PjaBm>hk}pr*M@j6|!qwW_K;J@55R#T%d>WS*6>BTq7rz$N2_5w`CogP+ zO385tCFOxv5!B@8<@2o_N&1SzQnuaI4U!(bxUZWOLax1}MvEi9*eCUZKJ<>->&w)i zLULAPrHfg>6WpSGSSP#_-`ChQ$xEl$b!QIci32ds6@@5ci1A-vP}X#=3?Azq95DS1 zRkdE@>ab@h;{e;!M^0(@qbWL!_MLO>%V>irH#}NI<3OpzEfNZi5(N|@tKWKR*xMDY z?}d#wFN>V36vHreOw+?R2-6+PKXMd`ITxphMOHTD+pAlSfPVo`gf;>_^Rt<76n^5oTcDjrm}6x;N4s z`aS2vb-Z-ghGs#ov@wa84(`P3A^7&P*y;-*>?s>BS#H&*fMk%J;IOG)a6tKbh&u!F zK|sEtOFrLjo-W)tTt12dMak2R;3BEVeky?2d9~SoZHV`XeWA|5uJM;lsIw2$20`EX zGtU~~V7)gJ!rhG`hXb~^;pWapM=HPSq8bhLOcyPk3s3*o@bty?&>x~t% z+UN$BvHjZxIxf#k?9O{&1&Pz$O}pF$q=!qhHvGmtq2uf8=i7KRdAm9N=Z!t*X{Oew z7Kp95T*Pl;V$&5}M|+|V__=tYf1S8WG@~&jyjo^2KOW;=cD1&ene95Rvcfg|xHg}B z1lnyMoj95!^mj?Wmf?aO=giQVPeI(B?d+wS+oPK2CinqIcC#y=3tr*wYAnas4(ugp zbtVlpCz$H>@Pb}X<@g4s8<#z$N&o8O^8ESPoMyGJ^*^O408r-iEDfE9K6E28edIGj zcv#T$W+$2~xv#f(Eq$3m6ueW=h+Cnn#0!cWulNNM94mu_Ul_UDoj-kblbbfM{vF;j zL7EveYDUs6JX^4c<;O{+VxZh|SWPP-QrSq@zV>O{C7!CRGdcC*%7se}W9wMnrv=sM ztw<7&&vBuV39|QJr|_2=3fb6duWq(lhx}6v>6h4JfxrQakF}bZJW?t2(VqGD#N1wYv!ySszdg}k z^wx>xheO6y=i95i$W-iQQD|G-yqKvyklU$A4c5KFQ_n*z@kd_aU`OMTO6CddkxisV z(ynk}A(2^~EGV6=9nXdk0&UZ}Hi`xS=8#ttv-R*0Awg-LP%u%~1i8%aWTD1o$;4di zfi<)F&@*Bs0!%$)uc2DAr{zvgCCax?Q(<+B$_)bL(FwQdlX2*@a?K~sl=7_5>{03m zuU(toAwNSi6b=Ec#Ns6sXjG$CTVID#Mpz@m**xfi$ikr} zFBr_7qEp5>Fvqc57RdX9Jslb4)CZ#yQd#pX8}wC07WBwYKfGd6EG9o2DsjW+9z=8o zVWbUL-sA*^Ud7r7Iqw@Tb=DcF7o7dPMVu->hSU*MayZl&i%uJ@AidbQ!n~VS#NHia zX_Thjsw+K0aGIv<#y6X}8C>>%-MY?dJY#7;v*vbC(a&V9ME5y}L%G~vhDA5eQ2XeI zd0!?*r9Y}pD795V;)digZT;X-d$@t@oU$!iJs$$no)Umj!r}@?+aYa%Ujajqaf_m>co2J1FFQzxXGQ;1t zE)+0&@UB}ms#|j0tlQe_sWH^c66_e+`WAr-^__N07`jfmf0bORjx4F;p(P%8?|&%W znK0YRCax?@NG)mIs#dgAIGEll&?<%QVIecRCCN0qv7P^JfD&cbpqg~;&zJE-t<`w$ zB%VFTCg6PM9QuX5kwuGu)_m0Mi6erUR-cY{MjuRI`h4J1N2U>E6cVBI&dZd`*(tR! zHvMjxWfP*IubpCSRe)f)z_A5I8-N*3RXPF=Fcjcg#3Xu`GF< zCe*7Ly(Th<0)m`wqh`hobN4{0Fg!Q&#do@+9$s}Tsnb)(k_R?&X+A!n^ItQ9|B6u6 zl;oY~k2D|vT=PB}_8}Hhr1U(~kcgRH7S zT##mAL8_^nr)pTkTi~q|f8TCeU2ZQze`pWfgco?f&h9;LB_%AaT_th- zeQ30@gV1>@EPVnaX*?FstaO_Mvdn50v#a(sF_1;QY!dhZqx>Ve)@qbuDX=r1T~frW zg{3fnMDjkv$5-V0U~p?>X0bYBfp&bW?@mnDtGOoE(C4qP#W}k_l@1j)bPf0L*k{^Lq*a-YVkBAe$YKar9ZZJf^Elkx!wYwPs(`va_q%9+`FaNE zQt z4M%uke_Yc;d6n`b3RPby61W&jm97PaSR{LaEbJSn4tvEh1HjyVtGke_u-azH<$Bar zDl^}zHxJwr@oU~ScE1>7@yDj>c9w7t^VC;zg3d(x7 z!7C@aO$PlgFz=5fILvVbzU02|umihj|dlYfsZiEnu+WWYm?}rjvo!ss> zDWS)!L*ktQXLf6$%Hg3QnM?PHWqSgb(j>k_19kHcu%dr)^> z!~i{j@m5IvKou@fDp(eAeaH7U8^xv;;-kuac7q%!1HY@;-I-@c^g zoNqun8&D5+bKebWUS}oXB)bdj_)sAgnTnV?dTPKv2%IOkOwc^q*z-<7ckRCJPCc@d z&octgi%2#V|unNxngTWt@may_ts*R_4#R9MUC90p$+s#;LWdE>1( z>}wX;dWmyf{cDgbZ}VE|OD}aYDmw^aNzi8BV2&awRe$hVWE%p(x@DtC)3PgHk3B*t zoZ3Kkvgh8Zhy9m>6?K8GE|7{*OW7oULKYGm6OWT%*{2@Lwe(~N&>7Z)RWCBfeU}ww zD=#z16B)~33GIcbgR!S^?~XnTtzvF3;>zWg$-e2kE+IFexA;ir?vpPp)Uev0!Lzie zG{R!W6-^x1+!e0|v0e4;H!WBwdj43FHNnyX;#b@`&IU+(2ouYB64=nO_9o!-09UT> zQ8E3*63~Fs-|$+(^kWw~lY#Nf6|MmWPvZ4@G2+kxT^EUA#mxP4CuN@ef%>6Eu7_9@ z=KQiNj!en=V;h(gzetjEBTioPf{n_^P)DT$)@VY183mhyGNa+L9t`%XgfZSPx0^dh zq%h;+EDU0g?fuGldppL(1Lc-i(-Ayldvc?&2U{J{*5Y1t2KiUyv3Z$AML2?WCmcR9 z))|b3E8A^76xa5ejPc}zvV766h0iPSXE26u%~?$yEN3$Pv?BVG!&Q3^;%hUb_7sbr z#aXBXcKB7EV=^ElqE=3yePxfU4FCiGZ*zTu25)XTd6 z+0u)5RrRV+&Z^N9+8C-MaPem)Zw)9=_f>0w^cxkqSaKiDx7~O=;@0y`UjxEDbD4;y zKQW%Q_a)G=a=TxJo$YgGROCQ>V37N^-fJQo`av4a-cGCZ?5%^-lRE<7B{ggI>2JI^oJ@olluI*0mfk?W1JG@HRWgH4oe=zc@Go)Oxxrx$|pE zW!ljAc)qy-hwiFOr#W+pxMz68kZSc%H-Sc&+jFP5kaR98m5H5Fup41540BU5;V!pk zuThL2`ru$X2T%Fp?2U}Xiuruy#FH!gLAUzB)BBNS(GYB=fLSBaTiX?~H&HkPLlCWe z*#-V8{WTnQ9br_l7>+n4BKzA)Bf1O*1FwYZ@xaU80RZ`gAcb8m2L_>PSDDUfF$N(M zHti10xu0*=;@@tz`E=SPgYU1W$CXvZF?noAi|V}grhTGGPwk_b5gNsy&oz!C>#trV zV^35FALl9+87Ui3mw(SyJ@Bal1@1)>E_i5vX>i^#$%A8!#GD7ODSdAe42)DruF(!7 zP%(PVk)B3-l*H?dlOq;2(5-HO3Fn9V%!q8wl*V4}*Xl4744?B)MOc+XadP5!eyEad zcdif&n%NI%p9^j|VKK@z>zl4Jnjb2#^~tI+8_IXbx#8kq-DYAPb*DtN*Ba`Vv+((< zG`xYfb5SFB9k5n`sk5HsX|W@ruRV2}U1il3gt9J%J4bs?BVGQ^32=c;3_w%LoHzfA0YtVHSRDQ`B;*x+y2 z=ijtXvE>FOwoiN-+?DEe-F-47kL~jQQZrI#7;fpLsEkJ!0HJUQiNZE}5Z8B2O2hEN zsDc>cbRdlm*96;SMAn;#AYY-60nzF!h0C<9Ny4MHH5-hW#q#t~AHOhqew?Puj0n>P zMak%Z^vB9ejh}|Rp-GuF+Hj4Swq45I<5`r#5QV&lzwO4X(g-WcAz}=&t1zbZAn->t zL_?`Fkb)E*?|v_x)(aHYxopI^L|FNo)FI)O);fmCsWNd4$3x1a zA@yXGc$e2vP3yh>_N5iNLJnb9B+&)Z?7U7Xo*k1$!!VJY_}7>)2XWWd)9j<`l9(|) z%!5X3otzD2brCGD732{J&FYCV*>?^N+ zE{vLD)QHW#I-d73%4wIH>`TrmwjDuT9mnCQ_=lVXoL7}w2Hf;01TMm-2g1y+Pm7lt zaN;CH{F%DGLNjzq%JYLS^Y+%IF);F->YJ$CDb^3a2%b$1^5=BlD5!*mx-9c7kY|3P zM($wO&dvoFL3PhE-*?V-t>|5QcZk??EgV(K1pALgoa!S6AAdkxY6{V(RX!&WjmMsT zTS;j~=CLT%BGVcxE6(0M3A$RQxotVC(9Xv3Y@yjs>}8wByE)mYE=(joh8*(%*w)9@ z0IB7MVdx;ahDyR0EE6s66>HHh%tq zGKlg2a67aZUw~QV9_DVHv)97g*wjon80dhF_|!hk5nGPNl@LsssbA{Fh8@ z8^$qogNM7WrD~H_lD?e!=^(~TAUiwF`9`WFg_kf6<$RZlA@A^1v!&NM?67eQmC!TD z3Nz0eYrrr_$qy^SF)5xgSwc_Lrx?844!HAr{YuPiJ*c_BE6_GWgLYM#nvUhe#T z0)yx=-2QCmihtRCABfd-7Dw}))cT?5ghz$s2O*6}Jrz|U;n8$Sw~yGz&7H4pv?JyV zE^m3*z;vaYY>v=pbICKlkEbC1j%VAp!Phq05jdg$w1e>Vn>Q#JZWg*0aOi)OePSmo zJhfvB&rE1WJBygJ+*K{TkW4FAokQZ-e0Zxgjj3}_4UBOvafb<$^NFQfaAVmNH4v`b zjXTIQNJ??ph0&57M(l#>Zp#qXb3aZoDSVVqU>fyDG6mTwT%NIbVT-O2i-Zzo3Fm{{ zR$mxLkt$7DG9~sdP&YegM-PHl?1BGLZy^lsiDN`o1i672j zs4eO{$xH_(gPHAraZTaSAx^hiBT2-N#z9IdZtu4W6pe#m5G|U#rlRW^2MPM)%QEkv z0{Sc?o_`G`Qu_MdoK>uqc>b>36v|AlHDX#=Fd!n=KQz8?FO9oFt{}SmB`<-_&v;>! zzI4;AX!cn04~rNvj5q?zyy5_F<$l$$Tl`U=Y9znIdQYy6%5BYB=L3rfPqPL0a+(`q zKjIP1a-5}BbY7r|u1k=V?s+qRTx$^xxY@0`Z>&c8g%_?Gmd*Yw3_ztwkbAko;0M2J z0Up}4*p=h`a09mjqpEzQKz?EVtJIpUsZ6snOuy?J`{;JWZupy9zVJ8WihT{D|2P=sfZOIJ-)C=1p^at zhCE)>>RidFWD+J8MO_#0F~Qxh`nV`O61faXrBj%tSu8Q$=ifEC9DbryDYX=`pR6{3 z@<+4`jn8;Nz$VeL?9cS_LkP!wpR-Nb`*f)E7n;GS!uh)C3pelkc|!_S%8XNbSAz}6 z?blz5u!EYIEfvynSn|zx6@vj02NURItr`KyP=Vc=^*HS%P;kXVwD9)kZ=?3m+i1e- zsPB)HMjpDjqC9Bu#V43JY^)kNR4Fq!DGX(HTv-tL^#{4dE*Y;h#9_{8*FaR-X>!c6 z!X`hJPza`=J7jHlQ8mv5)u47?YzuJ-igUy+`^nso&^HEo`_EEquw=@cuBbUn0x*X$ z97a=BlQv5Eg@ zpbYMt#Aak>V`SQRh@!i&P~-(zorI`QlP#;UhgdnMZFP!%ct)Y&j<*{YC(4TQmJX@( zuyBr+8_>Uiy>O#2$kU6^|Ei+N$_c7idCU2n$^h0DzpSDBZPpj$WgB;kU2itc;%Mt` zhYevJLoMgK^%eF^!8K2Ja)k>yyBk)t%xA!DmV-^(Uj0V}`Dw@tn>Bl@+-B@s`BCrd zJV_~|x=H(NdJ`8L>R+*}bLa|T(u)qzpMNM+d!3dVH5GAto9KzPR9o?qQ-*Hy?L2|M zi2(Kj;6Dz^?X#`#q$SMM7?UUku2S@!uHGXA3)QG3hYk9iGAa}ldr~EHCS%Up671Zr zATraEWKIT|W2-Tp`=?eW!1ro^5Z4(S5`{36A=b&Crc=6(U%ilb5Ovufr9+DxIa93J z>6^NchE50azZ;)E#XFp8rooUC1Y0$b4^}1MH z7w1X2l~w;Zj}tzAhVYK?*=jny$$-;?^EoF2TRic_Rm>9(rUHgkuHDQ?jBCf z&4DOt|I^>P-+#3H3xQhLFPky`6}GsGlH4E(LO&=AY8~=1*P>}*(9Xw2bna`X(TRS1>>{G0$^|p5vwyPy zr;1cXP#X5$hq=!=!SGlnL{Hrbi$34QjdK{M}+HMTJmlNctRUqqpsLf zHt`yJvR<@$kZA2L6x=6`L1hyQE9$hlOspS;15Q|XmIST zDD`L9e{qy%UaSqcU~>YjJJQ#Vw)t~=5LI}DT30?soaHN&@n#g}HsXN{^*g;8MoSb+ zEMCc6$s4ug5Eh8$th`YO(%Hcjy(ddKUt3fTU38?Khvuh|*ETozti8Xi^VV*Aeim)e z-QW$~4rtWC8PchK5(s={P^*i{Gr4E;O}@a~zEAyYY&jWy2dp-_Lbj(e_Hai&c_KXE z5#Z%;?;uNpg~x)54fY$Q#TNU!6tR@bi+2RywRyxbX>~HI%~?lE=iE&*AfXZ|lh#q3 zj=995;d$)#n0?Z7dBK>3H0lkX1~%@FT@y=`cVsH8hKz@yL&;*}Xf@R<7X9ro>8j=` z%?P|IH$UAv9IgHk_eZ#r%NDD-KOXCUi)Z&xV>Ntn(rNCLIK3b-i-Ke>gVO zYZ`$Ck*+VaBMYR~q)fT*3~=1rEi}VnGl8a2zY3hir6Uqv{cd$YUC?)VHJ`mR0ow9f z=Dnyi92EG_F`07YD0((tgdv|Y$s+pN5!dVZ{lJEzfKd`L%S#Nz{m`x#%rhM@Oyuec zys&CXmrEe3T! z8Vb*)d?KoNa8|zjUg{^MYfh)#T$a6t@6r))?GwUDJUVw;)rtDOHO>-Cb`xD}*QI^u zN60FLmHOJOkEeXR37%F$+N~px(M1Wrr;_H%14)m8@rmW_i~jMY@MlDatCyOTv)y3A zO7J=M=9_W^mN%T^7+cFg@b|jH_0&k`!+gkAMC?8?&o?wePP8xKc+EHwXZBp=D<@<&q{Pg}kji5_0F~+}Y=Zq;ee%oUmB4^066(VH8P_}h= z%fejn&!19EHFUWWv|SazZIqE{u-G;tZ)Afwk(N zMT$u28n!M@bd`c#Q~yvZ=+*P(oc)dDZmf3s0qvI3;O#GA$)~A-JiS0X{;kg1HNnG4 zAjf;#sfL$r;FJL`#keSMp5lUAI+9$0!<`G~?K~&m)OqLGo2V~pST#A;greOyYd{yg z<7~_ ze*ys+z!PM4hf5b6Ph%`D3yY`EHp@;#q*tS1Fn{?O866sgU;)PG$-T?j`R-5`gp%KX zH5KrEasIU~j?Va**Chj5Pacb;7v_EB$^|csby}+wYr-0UySl4GRQPRTq8ECdA zFqPc(*WQRF(_#QQCmXhPI&)vKKrdNi`I>|%AMH-V1((=jZT(?qp{ zEy~moJzJ-PV{-djdh^>^*Uf+7M+halaJfOJbqONoGVcZ0wNq`SMj zyV<04ceiwRZTem4UFSUiGoEvgamF*=5BC=aGTeKu^;_SlGm7aSQm_~0p9TPALZIvK1$}YS-ZiCtS*dz4Dh9Aw@N4ReFIy%7XCg9puU|XppbgM8P+e_8Osj? zGz)G0OHcG?AlqX&V)e9_{6R`3lAjWx(q<2MTwXe00rt!;f%uE`&;!xfk6jWs3l7&< z6`69LT1V$Apf)3Kh_*u7tic{wS$<~O5Rk7och^c=Kfr0E%YYfqc1}srg($B*`H(na z7IJ`;Zmi^rB9+-_sXrXfRNoQ}QN(^2n$@o);(P@xxh@EKvQ`_($rRCcc}YH~?8tP- zt|3d-cYSEeQNy7mugXr0FN_E3tWRC2Ae(5!2zo&2y>5+nDmg;=MVEG2+RTSmt0+I8 z%>6XvofjhfTDu@}rzPvRBuV-|G(&HgE z_N(9^DT76wC8`^pBdPdd6o2-)0P~y5G36-KGcI?0yH9*AX{Y12BlRDt3sfgg+#(j7 zAaW&^rB|t2zo>crDIIp-Mgat%lUv#4z1SMg95o&Q4%i;r-gLRSINS54V=>&}z#bIc z;Bx*_c)$A_2=Fagojupp`g-i6gb3+ZapA*RH{-8^)vaoSB@t@^$+IhNwk z-f@d-W3Q{vm|f`jg-_j$JTWtOd*gg7hnH}kq4oYZQ4&)_bswOfQdTXDXDR-1A53MrcXcvW(Pvk{>;$p5D6 zGUqb^=E?_qLpV&;ZwqcwAr^CDu}C*`4{aGi8k@m6+iG=BFJUqi>UxEB50l zRTjQ>9sU#o&9GR&6yx(M6 zLi^E*jl#UgAL-T&&b1*5hlxyGywckUW2g2T;>!U{*;H!vAJ92%ecmJcYWc>^UAgQ`Qs7daa!i0)ko+2uv}k}f3`iVF>kp@x7!2gB0hF*pQ{XI_2x!J zOP8J-P3~4($L4w=O_!+U9u>@e;kTTiFmQA_hgXCA+7=C{*ttjw%))| zEH=MgQD{=pGX_@9WonD4gDnbsE!}Z>L)*8hDw)*JUlAemQd&b^y8nQSOU8wr>=(k0 zWKTr{cYW2qFtC5AxY;Kl6TM=Q8lw7|@rN>`?0$kr+gHY*YX}tGVLTl2g?So}Y7uDN z#>2gM006+4O^aHN_T6i!>^*d;k7m^D_GN4YCQp3jym35@!HYMyYutl3dj$jbq##XE zQQq9>Tk|=?liD=FX~`+PEJMSlG+i*=xY8Bkvuw!B)<6VN-}+!}?&H)fRxkN!R%HHGLce z-QjHC?`U+wWu+J?%1*v5xRgk7cMgr+`e2eAa`ExaPJl{>^~B?{5nj37aKe<=39#L# z*jyIbUcR=*;-hi->@t#Z@54#+!fXt|~O}F611zP2#Y(Nd@3V z0iLa7)_Q}GHm&{lWZwoEuTmN_ESwIQi0k4Iv$L#-7CApU7BOJc0v{ ztT!qIHPEg8*$)IM!;zGdWOkD%hv*)Fn12Hh^p%9~4!D}k2ILrsl})|}{T||g zG|)~Y*k4L}oBRfcI|3LcE2wX6>zNCo6gsGP8H36@_gJn#C;D*X6e1gF^zZ9cTUt!*pxbw0rJw`Tx@&oHBf zIdEFHWj*omHkpP4NVt@KNkY=*9A^ED41O~Jgj99C5R>c2W9a7f{FCRW<>TJhD7HxX z_6!PmijJ(3)ex|ypzc0*-vOY2K07bgma zS{tojIg>ge$WjR1kr4SkkSA%W^y5acfSb^?_^a!zN5(_#$UwiWMd|q>5Ix+Mtsc4) zxV7!<)Z>*LHY-;@VaNF)4JB25Cv#IDXbMoCU93+cSX#DnM=@puwT=v!q08FDp8>hxvo8^9~dYp@=@zb=~ zIV6?My5&zoQ#|A-E%VTh*u=ou{Ub#F_F_#*p11kX>mIc71p5^jv)JuIOB# z)Z&C*gTs9CTl$f_k&PE_q0XFI8>~{uaboCVc8&Z!F>-mGzpylvGQZ70a(Ag8322}9 z?5C09!jJ+Aw*OYl&##~38un&)sa8C%9cu;sx`^RU;z+pc4&Wy7>z8L(a?R+)Q)jCA z;}BF`$oKZCwF{A|>%E;k!#ah$k|ln3 zy$N3{ts%MBJs34hmN*$cip|c{an>!Pr#|y)#s86`f<{zkyrTPNn8A}fQ4Jst4aONHt#nQz%IgYVPKOxz50Ms&-vfd0_nnEWfr&(!E||Tuw?i> z2`tP~N$ZH#)_12Lm)N@$iB%>j(OC)xQQDOkOF|r~WDJT$wJa5;k{q^% z)K)1GO|vDia+i4ASg;stmJzz=fJg5=P{@}XS(ud%a{1DQ;Dz*(9^kZme$glfN#k_A zUqV=Yh3xBPGyQOe^k&Pjx+Tw&-yqjYubzYq;q_NT&6*2e3;Awr*WqfqdwAI@Ki1Ji zMT+7-y?`}*)F;N{Bsd0)Y-^TW)n8HgYWyO!I*T|pli>qp=}6J8Jgy74{t>p|QBU=i|odl+!qmHab52U_PBeZ%aFr+(=Tr-$b8 zm6IRc>FiKrCCVxFtE~+HCUQDn__qkgIt)@MZEfy_XI_x&xB;B&eEXH3_wMiObhK0J zrV~PVbkDU6JqOTV0#;1p=# z3cH1UAnXFi<<4HmC#TJ_6U%|Woji5kSR3mA*7YIFI#Uhy^e3k z1WtlDC{tKK_qH~ynCDDGWA0jqB>)rx3@?r0M25~B=*{2|YV}aEFH@?i5rqn% zNO6XWpER%@B)Z)mu$#Auy#487rSGJG<*M*SHspINw2yM}WQU?p4ICty$al%0D%yV=8a- zm#^PC|5P{oCeyk19N?OjS&S3hcaJ`7?CCn!Z-3OUTLHK*KLyvlKRXI2)cB#01bjl$ zQM*A_HfjY7PM?yTMDx&w#xaFPaysoHi6|0^rf#fpZiDV`X@gS@Pa65?saCl#lr}j zCHEMn-%USivCpfTso`0u&n|-+nO6iWQ&q-W1x0mF7P;8u@;*axZSL5~#B)Zvrm{=v zzu8`v_t6-?Dm=fvI@*~JVDZC)%nr2qDpzieZ!@;^yWFi&=!iVhywd<%2Lly0ntlM* zvaI7s^~hdlbUfS4kR^H9Ypcn-KnD6e9Wal$U+sFfS2yQiiA+8~d&4u=7mmpvnZ8~Ih-4>ovUeY5^n#}Kp3Tj*EnzzUKP?QBSIUjI?H|OT8)7dKcbI5X6vFWDXxN>hO_^sMT@z@ zMc~`Qi_SPbni(S+9_Q;XIe~g1g0$S0x{YI3l~^^_RvF%zlqetjwOjGfXxXWkyUEYj z;ng@iICrtOPWm<*+c@3@dS1S!-yK0&ZuF>8hKyK`$O#)caS_;NE9yX~{v zrK(6)H6d6xE3SBQ9qJTH_d2=ZWyktW?%&d$C(0)YCu*S#RyPdmVQ9Tjs`hBOhCDH? zFXQK*7{>XAob{BQ1(C-5h~-Q4AWi(6%C=~mviRglvwM7d@|l(TuaaFEOnQ+C2C=Ku z)jaC#eKP2XXQrUyLmo#np@P||ma@hz<@ZSqiyBM?uldjbK97;##8;tKZTL!M6udg8 zmtfD-Xn+xCwzPSxHQAgvVbW@(qeM@{9Y^`%l_`*NGER(1*7yU5Vs6Vh3I#o$l=cR13h0FzI0tBFUca{PV~jW z2PMBPh~a{8+wT2V$W|=Z?k{;OmLo8`;y(0W1TCdx$NAn!`wh%R*78ojOjP~0y7N7$ ztVFtHN3ZDAB-~!VrBK$VQj06NFsB(eu;0&BHgoE?9q>BIKk0yaASUJpKvHs+9o?$4 zvw@X!z51y0)n55s`HUJX7o5kX)Cj$PO;elI@PZq1z=3BH7J?+7mH6O-T%QMAJv1{)t!HtcQIerKciw`!7bVwe4>gCtsMxRB+&pwHL_DR0MZ?y;C}4xFn#GR6gBwrxI- zxoRVU$rqxPbSjNWFOkZH9m}Xezc^K@4@qx_cDxbv+26eB4loWu29~z52H-DRWQ#k% z5qLNkU-)5@h`!DOIoh02U00^B`p!U~cm@?qY}F`~f8@vviavo}@pMOkLwV@r8lx@EAq3W{n_*_ApNyUAS3hdce7|{Nt&8npRFw;5I4F35{C`HG^mjZwEQ%s75l<_Aoa9cY)KMCrM#U3`ljMQ3V@ zm{_nlIWv}3AakMP#wN_c+2;hW@cZh{kZb10dhs1pk@R!W8{rOEdwP343vcE_ACg)< zJ_i5tZ?#`h-Do;(vOEFe0dl3@TJ*dlj03B>Y{G4>sbcM2$C`4julDOR@sp$P{svl& zICnA{xnVm16k8&sA;sBZ$%(huu@lve!KLmN%}%X{HO(V1a9n}ZNbNFw?K;#mRFZv2 z+7FxHjnp2KN@1U+RP#h+qY=XI0}_%RYO5Dpsu)iwEn<;8(^V{qLYaJ_`DXOvB>a*S zwsh!MD|et(fw1KQOjBh;6xZ|JX?9v9Hf66j^C%e07 zg8%GQb~){ZeR9_$tMdI}i1dr*V_(L2-8Fv7IBRSi-~N_Gvjz3lvY-<0D`kjN1wUmK zrfe6jr2I5pv>$#|US{g6PXxXNuiZk?NBzDxvnFDUx?f{gWyz~!L;3Al!va{#uNwCH zc7Ga~bx?xvH_u(-kG`|#enJBN+N<;{&zGlFZ!u~bd=``{fA)_uPk^M2RaPL$JHYNtn5EE|J_G0t4`S(9C1eZdVW#r4N4IxX_Yl~G%t zSyPZ896BkP7CcU38vsm`0(RetoHRJaLGjNG^y|qilIomL$o+&`Z3H@V-q0rcshBg& zaG2nH?wGPgj_JtGY%t7HIE?=HLb~IU&E?@i5X|Xc3~c>5{|aQh(q4_WW%$w49#x{M zt~~#~k4oE}wEMB;bib8kSEH-u2Pwgb*%=6)fP?sHdPdiTxse~vca3@vus;cNqucEl z5xcswX$!0PPmCF|TP(~wZUhem2ClIJwxG=A$1SqK(`a_qcf$U7k@SaL#NMzAJ{41e zUGn=`tQx3l5M(Z~kA2??(x^9&Zr!xA??2kLWR7T=xw2NyU$Jzc&-PX*sgg(^F+lgRZ8zDP*g|M&|uWQD^ZeV7%1Es(zhk)n-ANd)#2<3(&E4 z04u4mck5HZg}ak}JuHQ1|9da7%@#g*7|6RcCN8E+@bY9d=2r_Z_9k=m`B+bt7;cx7 zunq{&nia3lw$g>*?jMumu?jbYO=g=5zqtdvuxYk8iF-8^$te5Oy%|)}XV$evhADzka&!m#jPh3mso6uNS zc4^cd#YNE{yv&>eu$}2ONrBjc+6861$APmC(NNy0`*}D+lPX;A? zippc*F?hyy@9NfzP+ET|RjM!Y@O6glZl#sP+C@Kn5yH{zW@fc#O<7{f4SJhKpfedi z6wOSNsx(?MzkM-(Rk8bhv|UW}1pR~rTdJHt=VR)k$T>{&5Z6oeoMS}XtYA+ekIq-u zT&9e>`iO4u?ucA@G&-V7ob6^FpNG~IXC3YAS$WguLi{k7CR zloSCruRK6QT)^wFbEYMBWk+TGfaefb7sP~FQI;l*UApkl?)Tg{a$uA{A&7_6Tc?0O z5k7xocaz(E_B#v&$MXt%E#l1a8#R&tmhQ#RPnoX z_H9yYsoO={Y9WqXIcV!ei_HYu5kg;iO1~vKL9<(NTqQ>rZNO-!O@aEo`g$V^kJsl9 z^-@VWee5@ge7e|(2j8ES!dHS#nNYVmH^>*8~2I{^)2U(2r+mKaQc+{)`(Z6#6p^*%t`aq}!bmNO&fSrzhBdV6@?~ z5ZV`g?T|j3_iC?)m*@&PM%a{M>$BFrN^zN}P!uHz?L?ccG)TWXT9OdG)azHmM!YUo zc@U~L{=(9yVx_y)HUz}cp&0!|-+*2egZ`L!V$lGhZeetV zaj-Avm+p@#w-aS;SSvly!6|%hYhBxkI)vVSi*5voX|_o&`}G-A%>; z6bhjINSJ%bj=A*VFodxcF~%$xKN1C6K^25&ofRal9sA8Y880N->Jfr_u2_Kw_wKvf z>G$yMP0v`L%!&ffmcce(U<7zT59a*AAsKxxK$1+jf)RlrFFX|vyYE-8SCf!6smAeC zI70F0mA$ftsRoitZ>d%+3%R6iuHpFfB5g==XCV;k=T`yOTiJAiAg08kHlxd%rY-vm zYp6<+!pYlR022Lmrcrj!`3AWSTMra^T1l=S^`5EE6IC<+USBq@&*9Rn*%ypEOh-Gz z1puOpjqSs}MjzKZr~6G8HmAIyB!u$5@WRDmoXmDf_Rb;BSV zX<-QH%*i$kA2%JK6pYA=QorM(@8BPht3~-3r34X-LIBXh$;viGyiJz^0`8c)P`1vd zyyehFzGOcfrqblKJcr%y_w$punFuh~Z&Mf`9POh*_9}ba;}2&wrj(+ z`&LjD@$Q5_P3VCT3U0D?xnD=d3&jG4!#L-!KiiIc>aF;+{oH7Itbn4klN$bLvodS0LYLP>OC-JeQ$Xh5Mt84sJR?c1+n%eQ=W)@Wu4 z?6D7ykQs9}(Tq}|e|$*^PoQd|eS^6zLz{NgEj^=LN*u>&?U zk7e&L*X8sUF5avN{v<6`Yml~cH8h4WmxltKr=8#Mal9G|1aa~$PMMKs5 z+NfZJSWGz@fEq80Nd0w>)M{=Xn};vBuN+dGhrnA)&WBcYsmptv*U1KaM+W%K%gZuD zoHUF*6Up}bb;DW9fpC06i&_uEF?1!76!U!4%9Z3VFNINiO8VhqA!%zZaqMF1+wmhX ziLOYBORi@a6jW_|55=|1(GJV+RtWZ87}V;s&Q5tj9h3%fd?y01^eT6e+=fmuuM}@C z59t}2?tCJJ!pAybw+LVd9*kn_>oWYQN?SPj;Q=Er6%)|`dkY&v?k|~q7q8nJ@x9SD zJ)dWav-HqcKYpGMWLpOS*y)Mi?2X0VF*CG76(D_oJxO;81QoS`xD5uLW zGwzr6tDe%#oi9>mi)ZJ~W-kz^F)UT2YCJpbKxMyJ9C+V|?2qTvqm3LON|>#B4wbg% zu*JpXJhDP{uZWjJa|k_GMA+=bG_N3C<4tT3s}EI)(fwXJWzes%+(K+>4e>ME0bJ|B1<}`4Px7n}M=V@oVYx50rFTY0)D$XGo$zaL-ZKzx%NW#e zdT5`v9T;$(iQ-6N(Z@|LBAXR|RjrjSG2C0YKPm{%f{FZmW>oq*0f21fwbPu-j9C0? zYdKQpRBBrqwN=twm#c*EN)+CA>ur;4i9zix1axtv?@j2Y->R#wUznmAbJ-G98HDVT zf1ju4eALP5G_3W-bWT#8j=5wzWT!N#AtQxwJ4wNSw<0PI4Y$UZ_XK}_Iull1I@EM> zwu(%Yi-4r{i}%~%?(oP=+cbfB7w#vH9y*@m<%l8C-3}nWGM`*|$l#f+%1fOwj^=Vr z1XCF8UG*+Ts@F9ofO7&GDmhZa)s=F^S3M8UHOJR_K98S$vd-4&?;9(y%3mj!U{ZJf zF#00RQuz58-{EIALZhCPB?7OKt2K`ML?@oyx^eZ<`|cm>F_!bVVq*f<{z&ypRS@Bd zH;2vFXuS(755rSZ5{aZ>acy%kY5(&i#H*rLwXYxR<{7A?Nv(#LL|kA;9H3k%{HnYf zx(&6nUZ%{$rMJcu4zIK#O+|ImzLRG@H6OFgg^fIgZ~aei1~y_{qmCU>=7~HMY;1CYi|-+Wn@tp zi|C~v+tJVFmSo3JTy|3L{^+PAN0LXjN>L(imIFuFHfx7 z%Q7FKFH$CwW2OBu{q3RLJ7k0}R13R^z`<=k5}>&A3v|a4XA29IWKLcpwkp#@mn)^a z;L)4zhUEsndEt`!U8XCV)K~1#q`a2Izi(655Q=NIwPc=>^IHR4W#CHz6RYlfljg)_ z!JLcc%%L)EVTAcegYEj}1>;g^`%)PA45;H^oXJ>NA)D*s~QKd+7uHNS+(*A?r}bsfN$Wzm4jw-Ig;CHWCz&5 z+OeYmx7!O}iP{o8NtsuviTH3n9R0u)VxVS6Iw$m9B zq#nIkHQMQK4mJg-1h&e+tlDTK(U2Hfg3xHS277Rz1MkJ##i?BpBfGue2sVqQA68Ui zpb^u3X|)s^SK4dmtum~H1f7E+xAh)b?2{ErY~Iy1Qogj%naV2!D>M0I=?X+8Us_cuuv~%WaQ>TW`N0+Cat=bJXL5lBHVN`NsY~V&0vspnW0rX zQ}~?axU&B^8)|QKWw+RUL&v}j{SE(ghQQ6e2d=6a5hNbT4P#NC?Uh^MsAB&* z(@uJu2`S-4$aKp$veco4FkJ%M#+UBAmX6n9w`oTUM^g6^ODt{^?euJkdv%d;l+*k! zY(#{B#U0Ar+Nvapg*kUhdnpsY$NwC1K)CCEHGwXrU=_$CeFQbQ_wwc4o^5_p2uah{ z4renP-L%7lX8u|pPvC22IGWagm&`~v`$$`y72PIjh3c>}@#@wePG}THT}Fi{)KXgv z!|qAQ!Rr+&VrXW>O(pvsux3_wzRg%LMO}w*gbO@WnmL3T_-ta#P7I@{yD4ag-+&3J z>dEFu&dU!NVIO{lOsk{eHy1Q+pNN}X&(LZ_(%3(^uxp|?ahEbR%~UZr&Cd8sK%vDm zIK7!VVjp~0G~Kimd7quS)AVtABSviT-KX+#PuLkzYbgjC!ABUn+$n|#Gs`PsApcpU zv~X+U6thka8Bh7Z8RsnKSvfRPs{T*Q$j+i-?3DI>h`aK>_fhpZ-TtA(43Hc2~Hy>53^ zwZtx|4M!E$>OeJD1F)A%f%_YVr|oION=|UOm+VcCwHE5VJ3Jluho!j}OPT%SFW_B5 z%X#**n*JEf9WFcL6phQ~+)Hdj1`@D?g|o`;|6(lxyV+6sGd~W3JiK&LXGY3P>ZU*r zVwH8e!j8N1nnDLW{fKZD3%Sv~Pw?r!O;bmR=-7raNsSt3b>ujcUIZdu>ZkxJ;GG{I z?#HrbCx>irrq@d;ynB{r}n`&ENMw@>U55){=Qk_8(xnsh;MsiUo-Hp z3i|NDJmY@`^@6G9NAkYrv>65)xD{Vy)w4Jpr1qxPZ2s`Y76JG7Pkm8zWZnp5m-t}| zs1GbC=D@n%Xn@$l&I4m81BVku(4R5iqPNG&VGZ$HA5N7Cz+%ApAVxI9x^rnUSEUTF zRj6hw^rC^a<_W`5)g#6IJht0mrgM$Lr}3m-&@j?$tr6Xc_-|^)&=JRNRAP&}>c1V3 zmwX+~fZ{RAvJ8icG*PnK4I_!4LK$-^Vu8{=+Z?Qzt}3$J-)5vTjtC3Dq(d#E0|`8H z527nO`YAhGclN`SwKxrHC{~IZb2yT;hbw91vdLF(tGQjSQ4{gx>NSda^F+}2v!*v( zi0rM!@dHiZ4r~so5u-~#=U1Q1la0%lXj^{3B}j^yjP}w^^SNH}iLPJ0xn2Ji?zSO` zcAgr6nX#y6RCcR^*61=pnwg^f-k<=Q-cA|EFc*$vwo)$wRi8sSgkq*{&;K&_u;Jyv z!J=CSX^*Z|h!&B}Qg-$BncT1zPb?Dt!!+ZhSH!14@-x#pyAh6-DzdYHoXNvGupB1$ zyPf)vQn~)LP7h|R^XW(UPCUCDC2+Xm=*e!yJCjSsc<0n5gNwV6DVz3YpGOvrs%l#ve2xk|UcIm5Ex>47L?#<*n~o+>o&*_~>GAg; zemT$lkwz!DIbwxZ1wr_=h8?7M?3VlwkTn?!`g|e(Rk@>eCa#*XJuA}Mj()6X? zNi6dYiw0F246DyJ>ILpERf`UN*rT`7x2insd1!gR8vTBSij04?oyv}V7W?U9?oseF zy@>XU>WKbGH81V{_4>c>#IJ_GuEW=`G;o9HUxK86giB#^P^biQ)b_hlGOO+R4w9MG zq8808l1t8RS(SBA_s(K#B3L3OqqMN@q(BHmN~HDsll&s6Ws!LM^=ABlrV8Nw{el1S z=oxf?YF7y>i6R7-;(nPqkVsf&T|r##eP&??ExLYCnkJa-dgk zatf{uFdw#!GARX*-Aco_pCc2V5b-D|lRrJiPcafr3a%MDXV_1mGL}4&|NS)itDc^# zhO%Gq9|G`?^Fa2?;ctP_=qrDG2;L-Co)RMsyRMQP%fFnY7{#p2-=QkgT+w#iUb%!S zGz223u|t2~=RPO@{td7ma8u$fJ$9<@zeAdcxC2)@E$9DhZ2XVcZb=NYq{b@9`dGOo zWDdQ@>ki#%y%p=B0FGJJvsm4jsN4S|8iu21jSW4MuTe2l||_N z`|3qcncDALXGHle#!c3!1g3BPi(~xDlLMXsTS{{}{hrBn5_`8ozw+Pi?O>4bq;)DSDvG3jE+VeG=zlHk04t?8p2kX-O3OYqk3qtM^Z#|L1Rh#egL&ztA`P{q0ud ze-w#X>@OARFAm~g1m_uaIR>DWHA_Wre%phg7yG)f4dxc)e{KH$c@Ka28(|F~XB|_C z)xV8nNBrO366wG5mi}>b9bbU+pK+>W{cV@o(f-I*JSp!C&VTU@e|b0mVmRDq-~stj zwV3kxtpEmpQ-FU<$Nq7U$f|(UYwr!t{eDfWl0T*G%l0nyBOsb4pGE)WqE83<-~LmZ z2C(g>P0H_{G@U;Q?zi$UN&ZL3{*Nd3A0hjXko~1w{2#Dn1AhKUEf3|Rre`pqxPL;WtI^o-EfduRnpv()<6|qW{>U|2VwAG&z3{@BR@R{9T#; z2W-**R8%$9Bw6_PSpfe>MR@j~23oY!$o-Xt zh#rs)ah(~(XIYjs$`xzE zYd}1RJt@TO*>t5-Js|Vb>=u;khl2<16`@b^&E!Tkh zw{i`ph@VM=h3gG={Y+!@m8CKKm2#6=>gDiL$OXW+{`5y7JXz_etNijOo%vg;?D%h9 z;#m`qZdPWpt;Ws;Q9hg?;HEoX0f3J7f-=pY1me}71cLkDa@yEpY0DlA8#8W?`dMoF z8g%Xhxq1=O)ulB)pM`;UD;)#`8Wdg0)x=Nct;7FsX&uSGlh%cWzi=9UBqlkazr_*y zwS!Rdh6z~2@c$+;CL{sSfw1rp`(qcf6QVi1{NGeUn5}lS+v~K0|0oW z2Mhu*i}6ji_=fnie}a2LVwxK{EqY4k`owa1;woFY-=QZU z*sZ@B3qAJZbp=_=ilqBL1)bjuP!OS4cJMMH0GJ7~oMm|-O$^AibcSbV&hNJ-r12+B zP57-dsfO+ZZb@_+Ey3Vij8@WM7H-vtg8-^Hw>In^J#N#tkwX#7*WcVltgq0}n2_jm#Si1_lTl zgXAtpMTZC9>#UZ96aaiu?S+V>Dh-1agrv9Pf+t;huuaSd_MPSWjN91Gy~g^jMhzJ@ zu;5*%H-;?o!!Ea42wux0pS2wf_-d?TsVdo*fyE!iH~EOO(KXs*sqVb!_?x)QBIMg; zG6O?c>f_v+=>m8|Cf0#~>(R@?klTD5PE@S(rO=wXe(9Ix$>rpmSVJc7rBqec8r!+d2HK*`^?&Qsa+-dIHG)7B`&Ku>v@< zy@LJ099iYoKy0e(jqv86#`cGjueWzL8w)lj;`dH=S)amt9+J8AOx`3pt;TBf7tPuv zyD!!Qt35buUP%9Bdm;VtNe0?HyU2gzt3on=WB}($2AI@cfFe_c^@g!QcVMdWgcvn@ zIQ&r)pWG72B(4%pryE3>Ego~sx|J?E*Y5!nn9c7FeL9$BwPZ;R7-Thfpi~vU!>muP zylt>1Dt5Bk8S#3!=lR2Xy4Op0+HHJULc3{?jC>CKe1n8zk>S_4vUmoTh?EX zB^>wcnCSh4c=3;WI9Bx5^1REoq#KO~ot1c2=+Cq%}oF%6%;IQjW5u<>MW zuYEhjuIb1w^=9eC(Ze3d?Ix$dTHdo`Sz}3P=kp3U3Ng>Bu_u#UV9SG|1!1P``gx*Q z%m78nZTR%d55z4`_x1}E(q87AlJp)hBS)u5!)6tRR+UB9R(phDHd!Y}|I zmo2&SjVaya{)bjLXouB0UNVW``?AZ1+t#PGN(5mhu5m(Sd3VDHdjC!r=7@u)&bxO( zmzTd{(nFIds%bDSTTcD|Mg0?AWW+DKXhl0cG@F zDh1ha39jv}?XPf8-}T&HX5BRl8ok9*8r|->V7W$XM=Hh4fT$8>#R4@2hTg`N%UM1v zRWz0vt_WwemqL*K$=Ku^&lg@1<7-*OT_9ieqb# zYGaF4BU$@0C3>T2VjEe$hba`}+;9hi%+hl~*U_z~qj@sPaLvi5j{Iu{>08>bp--L) zA|L{S8pPkAWirff(6TfJz_Ur#CS&PT=^Ylwr)E!va(ul3Di}}tDr)ocvd1Bi!9N z7T3tF5IL`*=Ja{?eDa`)3}6b)IebufSyxu)f|c+Ju^^XLFfi z+~+?qL+8;w1yLpyXME~^O)T|SDJ8(ZWQg%5_vZj-T-Apk?0uTe07oQFyj#{E0bT12 zsvk9ck&A?sZ4WP69~B}zkIB^d1p4%`?FT!G-{leNZGudwvm@y|m-*#ON3C;fQFgb( zqSHl$U{d)UwAfEr6ut?A|HL-^BKSX`5wOy0kXck2#qP)G4M)o#63h*g@<+YlJjmhu z(!W>BhyT9hHb{odB;+_4x+vi>GH8EfUd;Yg-0Y3DUBm5q+m~r&LDYfbOnU4cE6;V;W?zy`Ox5;H9y+}$u;@7f z1C@Yy{2TaG27L4&D*R4mQVv*En6Gxro!hM0O8iuilAmtzdE=;NJjFeKi+=zQ)DtoF z98U-VY2wC(se$@~d;AT9B?LmK;2Y3IvU{W!lAP*$aLZAYoVN|9d-J8! zZ?BzO`!iy)Az5*P+QG@GlzMfedyQ4N@x!TMVLoftrPgWOT%%Ip>0Bp#W694PRmK@J16IxpJbX0E)X@lwOysjwokIr~W~@t?c|06-d}DNp`&X!|ySysYZ=m`yh%IAE`2-NwxP z$+?u`M$SwBCIPQRhT^qtf68Kyflz+XtC_2?C%w*13`|KO@(q31+gF$+2CuhYVtqQq zRR-!AlRq3QK=-^BGeNvqVoOQx#@3Xot7wI;DZ%b%)8QF3G-;qS}f_BicJv#;!}z=(B3c!SN4t_R74o zdp@+0X4hGG>=RuXi^MsXn;dlN$YYBD`&Gd*7kf<9RR*q;m6K47SmF%{XZeRFo7$p# zJ+S2Vy-%&W6sBWa5tqiwHY=;>s%JNTMTPz#CwM1@bqL~gK_8~1;mWvO#iPDWf!1<2 zhs}0>D+ciOLej>w?Fjvmj4*T`zM}($G5k>Yd9No&i~P5e-Mgn6efZ7I=?0DNZtZga zoZY+i>#lG2N>stXf7_BTat~zS|5%;Y_3f~Dn%y7lkkS$$TFVn8!IweBSkzMaFsB-a0OQRG4lm&&CQPOhPmBzL-!+bFr;%57#?F6Bt>xyRh)){?uKrIO@+9cG){hS}!2 znc4Pxch2Yg{d|9a_|G5X{oeEScs_0~1U#MAj-Xzlckofu;arfcX~b@)W^4w#(f;)x zidRnd?QYxu$W(G{9y9eE_fxtvfHY1k`!VbYPczR|*Tx}n;mf7wrOoT>c2k?J+oNZ> zqwk2+-7n$3xJLY5GWRye9&JlsosSeiKD(u>v96V>%#5SCO>Yz zFay^cw6k1tSJgXi4-i7FQo)Mje!5b{aC;@sohF;xLnC#jc_xPzfK{d>tah5vdcNWc zC!py~c8gx)s;0DnHFd*P6Z2&Mr5xSDDk4fz@j`kcIwlYP$V%TFXpaGjR$%cBp?WToc z0~S98h~z7E954%T88{!%%jpNV>yNIz37ahS>~0(WS$_&#ePe^W^PW|su*7LukQ{;m zupU}sv2dVYM^uMO^?7tezN?qH)ig;vF z87NgGVPf z_Kq|&()5w0o9K4A-pM84u4`an*X-k*(!d(mh5<;h zSB6bth(y|7nU21`kM1c;a+6B$;8KQR3Fxx{aX%T0`PV&$Ty0Qe_V*V=w|xk;`8OUh7gMiJK64RI^$i6xt7uwq-haf7l$c5YT`OKW}7;o16C7EHWzx zWI(~D*wvHhV8C(clNe-70_OzsN9qr=rUZg9!_KPV%j%@|N?aA~(yn5tYex*^pbs02 zFjnbfJFizdEJ|b;_bW4m&{$Fa4GAY*XZ<`9t8dd5p@PYQ*s$v$+!Lg0D{8|(+tOab zIOVPcqekPTnBAnjh7PFXlzYDt+JRh$0;j9IV}QbCfj0vBj8^KB$IuTa?G9!2+11|n zf7-V?9blJ3N@nGYd24E2nIgSM=f9;o0_!JLJ;6hjuGn#E-QH-`~(#rumLc9a%Z(A8m7LHFv+YST4gB zEEn-5QA}|rup}J_w#26AKqg+i+-ZOJH^r#ikG-|$@Pr0?4{PyXhJBS=WN?lI;8#HU z1D4^8QDOke`r`35d-ERpqRIfnLP1{Ja0!KI>TX)JA586@evj}AvKoX7jIBFw<@-j! zJi49pnGU{Y?ojOMXM4!4J+v1x_P@Rc+5r6@3;2Mx@gzm*z^v5`8=`Mf!bTHRzW8QBe+f5`D zN(k{Ouz%J8?T|GM&iZb#cP$`M1XCBm<{iosOYrfWDoGJZJLxeS{k?E+XU==b#apfR zED&jMyqwkizDLPx@tf7;8GzqGfQN76TN_Fv&|37R7p>yOg|)h(q)NUrBMn{6oB-7ao*SZJG#zWJRnz z3%^_6b2Ux#L#KFo_WU9@&TMetoEy*X~*!>R|V9~`ue$m$H1-1BzwPDD7& z2%whQ*7akj;O)eeqrpd{HLr1rkw$gb6<{%ls5>dJi*ic^ZaMnNf| zX&#g1_0l@-&zNi>om0d2#I+!vw7s2mb$Uo=V;hM&K3uz5w?8dRbwj-3(YdhWo}Z8E zW#FiBhVPuky<6{IAf_w3m>6f4qk6VZtE8C~eOJPa8hU1b6M<`b+q#4-G&IeRSaz`t zp~Qg-8+@STH7R4^1PaJ^)d*VTAZLRLMr$DKhMuP7gYx-zomCackW4OsUb;aH&=sIA z3&ICQP}_yBlB#6em!6;H=ncaQj4A7u%S?*TqpY73&k@ELQO9GN1~@)inl^6w)RwMO zaS*#?Dw9!zxtRxoYJ*!_*KN=RMwlvI z)nl!+v;3!=SPA?_)ZJf5uv9V}EchdIvoIh{TK$&rTJz_FCpffi1H$?8ZQs>HR=Yf+ zhV`f$wn8~H^Qv@0%|M3yfMpo3$MFdmkrz%~-V&SP01M>8o3@VVksvXYyOiyKrEu&0 zhFILTo-5RM_HXf}nmD0o+;}REPnP%Y6i9W$A|eGl_KYj8J4{6S?~Sreqf#%t4MHXhK&fiuu*W6jV+&$w?6 zNEI|;uM=zy;5yYu%j5fhB^fu__4`NZvdN9KtKql@nfpaJ$60Nt#i&^z6F0V3C&R+S zExeMS_UHt(Jv|TG@B0^H(9f!8#uz?T+}6rl;(5FnrS~Vh;lO_QZ(rfkO7&HVT|6dHt^TEJHZ2D|n3cDYv(LZqGo( zahvn!mFGs~37rijj3X%6#{e3(WXUlPYKITkeh{$_LqIh~r6S-%WWNHah2uQT0yi*G zCL4JZu@G!i`^%4n_9PKwDINQ_>5KTH24m^<%+dbbY4zpMQEu(I4u!xr9iFYd!TG!J z+5sNH@0=Nwnle#(;-I{c!$U9!V$&jBJWM_tWc@aW9Y2ol#q(-w>cRQmyQ%)PPqW{c zndu}Hf!nHH?YX2X^1;*B6q8dWBv%QtTls4(##z@eYzX1g2oPSIRx!60Uip32U4SCC z)F-UhiD@Hbw25_Y2D<@i!$#NkN#~&=sjaIwWm8}#Nv~{!Ol%2{@h%5hZ?=O=wwfYB zIf}Im&;;5ZoeJ|CycHbI+Z;FIF$rchCCH`+1F<~F58ft_hB41kt$SQl$zzg75r2TK z>bW_5moPE>0u!H}K}7YNFa>_oQvWFLQoe_t8YvvwGzfc4H|rM52UnIZ<{Etd3j18I%BmZz&P=G%e&A}Ih`ew#%kLO z$i~o78w6*2wSK4wt$V8q5Z>D6%lhn|W*eU$ytnyo<=mO524~q2Ijws-u929FTH(D6uy1^=VJ zOPzb(5d^rY(*LHC$bLsteqFc?6;QDL@P^+>NdeAj(UN-6hEow=nDROR50L<(FcRUb zmzc|>(*8ZMnHnXQjrl9u0OrajI6`eHY=`A%JXB=Rw(Z_2IF4<#C|2qL648(YTTMR1 zb3GX{yaOIq>pjuCDK;y)QeMi`f#a<)^=-t<6^81qvZDe8*ye2w)xkC9f(V5ta`(6GT7mZ1cBh7#}lhW_B$?T)C8_+`D0WAC|P zU%J3T0{yphG4`f-IhZY_K_7NL#N`e~db4@+6)P~aYNWYG@m|Tt2bB*xmh-+kWFD(} z9EuzK9FX_HwGU|T`fk3Tlq`W8DkfxlPafcjKD#chk8irS8~^bPJ5-=jgXDsDt*IKv^L;v4rBR1XhRY|hWexZaXxabNMPqXwlD-D`PbMsHyY(H1e6#crr9 zxA5-YABQr#LpX_d;}!fwS2DD_#96A)0(((`EU5d7t*rj-y?Fi|3FBu!#AQr9+oK5V^~;I`2`ure0N3-6z%VoPz2S|O(Ah;Qj>`|3gc(uaS!K>2=#0(1(IX~1 zGpra~Pz;)O#DLw3dtcjt1ho~8b)Pp$8pN}ODsj{BcHJ?RjpM@aH+Mjt2a6B z7WJp9M~9&Lv5cJp1(T-J^-@oVqfuwsqpVCq*YqrgE6sTKj3lrPRVK<6oxF0k=UePn zh%dQz8zI{5@Kww5Bk7)hN4gfmF6xl1E|WU&SR{8E+Q9f*$vi5(QA*snmKL7UM)dHn z!le505gp0Os(kC`;gJfEY2EGr8uV{gk zOI=_TqIxLaapHLnW3Tn6^h?H()IUC;PvX5~F5tM}6aog47V!A`|2oh<$BAA$5ho-W zM3u)xX!J}n`G^$1P_WTb%Ie>7GRuS=S)o!uYjNpnHQ$(`Bx!yP)XF0`ZgJaDV<^Iz z>6ykwe-8kksllAyL~2ALm1n#2Kkdar`v*4~yndPwG^wCWCr@X-MKYHiLZOGEj8|;$X$C#M;Q>E)Co9bI}@wvmx zYV;zL^w&lFhkVbzQJ+~-r!G4V0F{gL;E{bK|B;a>J5_o~1Y2u^(T;JUwjH86$*t>& zNKN}=K|biLs)6rGN8H`V^IVBUcu!}hJvnSF3o#(~hRzX$R>a*O{;rEJBBR&7Xr(H6 zsb{OR4gFZ!L18z2-LsG9E?D%)0fvZY$Nmv1{!c_4zBlnw0+4kEx7S5vO%UxodHkvu z!#~HPOK!f5Ikh{w-Ggj@9vVH!zjbJ@Dh^??I5)ZFNoc?cfCb2z_QSVYvj~T$SLZIs znsTClNp>d}(lmRpQj3rE9fb~SHASxk6}h2;{G%%H9|lh;aEzyPne~h>s{@MTP*u&F zjuQ>;euow8q=7~xodZP8>B&NwVxF@_%u z3NMT8%~m1WeWEW7HbEeMIO`f)1xww{Hf(&SDNm@W{>Va}ooipdSEz^4(R><_cBsOd zcAz^Sgi`5F6xYrR4}kr_9DWxKL_`~tePHCHHNNP(^%_xUHH8tIX(&d+z%eb4Snc6VV*z~nJ9ZE}2Cfy_JTek%ahyUn%*-C1tJu8dZ#lSp zk^jIDb-g19U8~1m9vjnJ=4I;Bu$Cst1ACG^i8Q_;HK`!WeA4+HlQ*dr^3aZnv@R_W zS<`}cpMrMRf23x3k^jh)Xp(9C;LG>a;KI5d7N{?RfbDNrW@q>bi8HPHFCiRX=jH2{ zu|M@4?30tmEeD>AC#Ap?FI^CQaCzw)Kb#vdQ_RK@-(tPw&P z*!3#<*ba+|6u&1!Oh4{BCwOhVB=w2xzPYAtRtbiG{F&X0QD*C(Be~{6M|_vpI7-Sv z-Bye$_rX|SWaFud$UkV74i`+VX!P%1Jq=S)HK%;CA4Kyb&TQxQswfP34l$=Qb^~(f zQ`$7^u6@;Km)3B7)p~}8+pykBS+Y(@tLSztZ~4Bjcy!qZ{vGpp0`+ zW}U8?d^0QP?R~{cun|}t^k$+{(z~i#u&+<^Vc!lLpi7s1qP_$=_zq-vy)w+Q=S>5A->5{o`OY*`bHM_>0+W1w&;q>`x{keXBkku@ zXNfy!Re8I-MtMq_Fk!4ne?GK58F_uz!L$VHY?5UBaq|w(i~5)J-+Cr#>m=!90NoO( z(kPH?T4ILkvxWUFTK0-+PLm^QCNn}-_Y|Js{yFfVzrK5Tl|!-!8q=(J3pgNZn#&Vj z=I!IY1R76Bx*UZWTV^Xve~A4oK0N7ptcTzE(4?RFYH1@;t-6z+^AxAuJ_gvPy_w2= zDoH`ljAWl_Blmz48~Z~W_@iun`mF_@*25In5u0;ves3j;MQjy@UEGBf8TR+A#2#qt zs{@@Qb0qJ#&+9~zOzqO%24h-y@lSBAU$<kJ=0C~C+(X`7Qn?l zOWVu-r=71%7wwO1QoVdBp;yNn7x0LXw`-kx3dfEUI%BSMMIls<;HLUq&ra6wK~1v9 zOQUxgtB$$NKOJ7WKSRpKx5!M?9@z#CS^jP4C!$;+OYMbqJbh|T0tQ0*Di1^`XqqV# zmKQl^KP+i-l8h(pe5jK`=$47xQ5ZG*9Mj)rn{aZKJjksU(ojU_<61j9`s3f~WNt+u zNo96h9Qw@3#c5TL;F4w;?T%kI7;NtbH{ICf6zos+9U^b)1&EVLh+M8Zx}Z9fKR~0k zxKr{OE#dIJS_k})MwSz`s#m4kUfn`qAr#?{@X#{nqP%{{lri|4zHR)&jeb)FDj66> zNo7d$VXrs5lb%s7U+Ua5p}<>eG_#G-o*Z}t|5!~BXwW#=k_x^Dk=7oC@cY^h%XnC1c?d z?@N*1+EQLHetZx&xFPybC%j;L86zIp^0TK+@c_*5%Do{UE^3lRO4X#=+@;^ zm9b@FW!8m{lk#ckxzI=LuQ{COF#o#@C4|q+JMBy6VH1z3lbO1VVu<9B*UdDQ`VzJE zb7Hg)9Ut&_XlXh{FOVJ7?x6_e>+hT?Y&D99luKR~3-AM7a8w_;zYe!hf)9nn24zaF zs$}3&a{kZhFEXoY)1$E4Ke14Dd69T%qdOH7tc_WSxXSP13ti1Q;@<@2GwGr4!f_Lz zA4}n|U~btH-~IbLIXX+ zQjW`m5AgQ4m3Iw3Etu`;s`wSnrK_1{bSJY!=7a)2e&AN$4k}rNj>#n1SiOHDr}N-n zwf4q)V;O5sn}y#A>cQXv(ZbN2XXSZU!>YqJclr9Q9SqUAAA$`_nQ7l*RYkM}vNYg@ z*Eg2#TcCp}0WND~rP7cN5Da}00l(UvZRvcgHJBomF8?qv)Nt_6loOJP8CYV7wo?n| z8z1VNUBdFpNEPbA2m2vuIcZfZm#*7OJL}H68yRk0(H?%sgYU&?50xOxe+1xR+K!T8 zGZHNT*GIj0`mZ%L=KRR>eg+AptB~n1)f=xng@Pc{{`e*9{pO7JJ(G-UBe|JJ{y)?Z zJ{b`20Et~LKZbo_he`%~%?FX(&4CDy(C4#4?~xcW(xEC`Kp?z5Ni-Q*L-DF&*{+I) zhet|iKFJyxZU-SH&iH5&DE^d`SX!ofjU6;?LT_7W8r~%G7d7EJ82CKvi!XN{l5&GL z$A=GY;yNQz00i(058*Z4u1n)By6ucuy|HH`B6;eH{S_h5G-0wPUQFY-pgKgvY&D!R z!L-R%r|`KAqP`N6SH?tm;66Qa5^y75uk?w~DD<1R_eoUXxYv<)3)4{n-7w;WLmVV>%OP9k`rG@!5~GF5$|Ly zb;ib+o``6z&-8K0cYbZ^e;I3p{;wCtQ6w;w5!PQpcJy%ILWt&>{gx0&M!BvP@oJZh z*ZAifN^GG)KFQE8WOfH)CwY91W*K%kC_?*8cCRBB#l4HPj|++_+C>rJ;qS z`2N(X`u2ws&}+XW!&c|sO~G#3CYAd>kY*fon`8EzSOd5Sc#h~_dX~Rl^EON=JjO-x zXgQXjsr*qRdvQ!r>`rAzh3|8_(_=KTgJm@(tu8YlwY>2=c-pR}_fN--NaM@zpGHNg zT`LS4878=EOZ7+|UAA}&ut2J7H|(D3d_A~5W#DKm7M#C$$jD17fj7_VMY)6OM~d@^ zNy#br@hFhP$K6&6-+XI+UE5t}^QyUp8mlh+3C_O4-G>4{XZQw!47CyDzE2+-GD`RF z;O%5|GzdGM>AjCy@%)E{#!c#EHSArZN~ULpZef2}9yMLnJU5{{4NYTt4_+E-(2xJ= zk28owOD*kjoMZ)WG8dVzz;~)GiX+{o;yZ!bi!HCz&o>2=Q3Pq5W`lwIAV*3O!<%x* z09!8eNPte?3dR$)mgcZlZ&79k5*%FjS{)=LchfX}924FifTNy={0y0J>3oG*$lwH^ z^*98z;ZRVkK;nGX&Vat)k8o`LRy7Ijpn3!2g3u&L;TJ8n#sm(}41N9~j}Y=6BU&VX z!Y&9MJECDBa(UMlR1YjfOUxot!kI^_wDj-oT}u{6!{@Kd&5Ym*A6V^?>gg8Bg;gF2 z_}LLwBtdjqxLV^V%8<|D6#+B7v0bEK;r~rZcHezuHopT|&e)`NYf=*Jbz9`rmIUn- z&MH<-y<=kPe7!@x8kt3WG%pwms8JSAVzi|c7-E8E4R+|U870BJD^Cyb;GZbkK)=}E z*S&(H9`m;y8JBo7U4(rHhS_fIF(>N#$uz<5aG#Zy>W(?vy{^ln0bjDOWn=cR%RDCEzxfyaF$h;7((IL4i8G-Z81pd=)^~? z<@0eE2U(}dLK$OjS-3M%;*Y3`c4@|v5ngd=gSIsfbmY#BnTMJ6wEb#aPHEzS*>2E~ zzPa4|r;NtZIX0<7PMoYoo73u7pa)#cAi1m3Eg2nzuF>h9dc#-o2;&`ym_vTMh#dB7 zx~y*7<|Ci(oXOB7a&K2Wm+;;=rN-RS-4<|&IXT91SPyJPB=<;`o&*Or*7rT5drtM7 z?jB=)E95^1A+?vQsDeJ1^VAF;_g%Xho=s;w@-ei9lga9an~*rg0Rn^tro#OOpMGDL zJ>AP;oX7(nHa^A&{>j_35zEE7=0lqzK8H3%;I_8zb#3j;p2ENS?obBnUdy>iWP~Wa zTxP?tcwU|VmV?aNNoB+d#WEz{D(zxq;@kK7^)3bU+xT+_V{Y+@J2Bb@T?gxm0G_i9 z&8RSg2E^RQ%y-~QmqAU}f>=nv!lW`1b}>ilc=ZFXdyf4Ws&K{BT9i}q0;yZ~M+^bk zQ^=0vwo@(M<7~)3W&H_inMN7jkzAyooKEvd?5_9F_K6Dop0Zz{3DCDyk}L}$&TqN@ zQn;7^m=T8$ySow_yfW+CH}_Ar2Iba$OwtK6yliE*%K}a31XHJFtnJ5!bH7Py&nJd# z);zZ8jc4HzJ0JbW5V9Grl_Ldix*~=Eu{Xo*AcrB_cFW%EEs40Dpzp!xtLdgne$=B_ z3YNVl>QnOIjKEltv4|MyS4I!gd-;)j(jU$`#?7wy=erfpPm2vaZ1VLP3Gw9V&eP5W z<%IHz0@kKz#J*J>fKx~w`qw`D&jEJ}j8NW&l{ZA>&2hMR1qL1`yVT2~Q&g0yG1_yN zA6CxD7;aHCjJ_vur%!*F>=O%=sCJKMTZ8kCFHzyyjnONZoNKp_oHRMA^(?c&m(APq z>$~r6)CIFd?Kj%Shx(ahw>oAGUiMw~bzNAjSp z&S`e!TZObW$*KN*WF_qv-0TnH3$0$rt?#WpX1!2B3LGJ#XUv7ae>&M>F4QcctDq1_HCI4N>e>x{CCH0BqT%!=dE7aTQ znq=VV#wNPzQ1zsNo+yQLaT5`(Cr1}N+Qji4*naER&K%En{(zNp;q#rfnu=G($(cu8;)lu|54 zU)_1l`%D8+)dX_R1p1kmk693(>S4;%*MA9!EZGkqyv~Z})oukTyT2G)3pVENe-w>Q z*Gd!j2@lf?zEMvH)ZmaCFH!j-**nKq9%1~1pMsfBN>Op2+y^@eEhYOW#GEQSC7ouE zUguNt7G=5MCF+Wy;x{rVt@Q2S|NPc5z*-M*^s7R+k!3125O$)WjqQ#L^&!meq+ z=Jv;eaJLv{k4686oX`X#%T-MvUe*%O0hdtZ^`ttC*T8YA<}aba5wa;#1+~Mo`d!z7 zxZKc@@4BQ>g|;eHyXr)JQAT%1e!#t-W0&H7xX8W_O;dTq(^j_axoZ9dxAHj-ulQEj zO&X1z&_h{g6E21}=-}*L*%|ktzY}fYe_e2Br)LzSg_=770s?V;Xi{3+V-520iDPuA zgXg~LQ{3On+Tlhs?q4u*Iac_WcJ+HASE|)HjAVCNogLbxp$K2rK>X@D#qIBoJ8F1-XA|q(Anw7gLE^;wh%&9$VMGe7g{v_m&}1z_(fr}4>hXNd8Xg+GZC?kMFAIdR z2QI*$L}T{zP$=ezhrXwu2wzaVmjCBtuEmxTHV>@JW{EA+9AKyaPesVAwG>)dazpfz zboz?Sx9BCVISt>aKhEBO-FVUw?zf%cUuJkn0ZyB`5U%J)8LcDzyku#~88lU%Xm^c1 z+Is2SVzE=)li`SIoUxdCpsOm}XV_<-7D(HG9vl`^zS)-(DJ7?*e&YhXCIogJK`(k~fb!Y?6aSZqK7s@jKVU*Vp9eHFvi6$7n=UjlS6 zP>$At$ACHgaL-qxe>~0i9sUgkMf}cf-U2tFZk6$D-sHBv0^EC=@hU+H((YA&;oZZ@q)NGI|F!pY3Y)&i11u18+|#P{{kR!-xlul{%^DuM)o4 z2C^3AOTPluKVadf%t$+HSp4kTB+!TV3C@k+KY7KEq3GY!r?AjXPvY&Raf|rH&Zzrl zDA+arbcENW_{qZM<*jA+%4Y$CrlOBz+dyt7eH?74swwyAIZXL5X|6vrb(=W60(4Yq zoy!WK_g3h^Rt6U&H2oilskV;VywqJkSJS0CyotkO?jWXAOi^+o9}=9$ywPxy8a;E z#Ghr*Au_eMS+2hRc)drICAtts(_Vy}X3vF|Q-v1k0|on^R;jb+4jxCU=zR-_AYS@y z-;@VnjmZLdks0&mz$AWI$qmO=#@E} z4V(#9lIvI;dfb46lVsXMB=>$5T161-d)2cL8Di}M^|s;kAjn0XWsIz z?%0LU)%zb%Vc{td#R?SfKiv$Gh+LG6J+ltgGiZIhX~=bD_-8^939 ze|>v9cRs zlXiR$R_Ia7N|`@6R^}WV>R{aj=O=Zo~C|(-P#U z^53#9*VR|lG|?d^+&s0{3yoUt6``-jTy`0#I>(HcR$t8qXav`UUHkU4s=YQ_4=tzV z1%16FJk>5q0C~69-EF56vo}|>-C&_{2LKPAJP+U2k<&c0eSelbVSM?^`v>`6o$D}f z@$@7WzV_Va)4UtWOFB+yYHg`3!R~3#c+ICLohHn^cw>u!qpdHn;APs@=NUy-tfX6a znq^Q>yUsH%5a$BokMC{KFhHU-t&t$+>)|V~TWHH{ zB2gw$m@uG_w7) z9n?xfm%|>rUBBSi_(CfGP9zWKWsJbSoyU{GQ12g>9GfYc)BJk-V7;y%C5QG4t66xQo~GMZIF>q1OsY1oen}i@^QiBH z`7m{cXA!#g@f%aG8}k{yLpP{a38tEk#m_-2QC}R8)KJQehG(QgibQ3DJ0x3!o;O$j zf#w~}e;vZJ^tDEQv^jb)YqTjb4wY!6Bic6F>os{j6=wFapv#F|8?DFQAKKCH!DU{D zJJm^}Ur1-}eB=&ZWqMO@%hi50KYF;)N2?cpR)2DrWU0u1xq%_ZYOjiP(9I%P-%Rg{ zgyOPRLlDG#isk-Y%VvY*t8}6pFTpJbEKhT*ZfLlzV1~CnI=SBSfk}VW zvsQTE1dYBfn7&miFwusSb_}#MYhQvx1Y73cod@8uQYtGwZ|6>hGxY!C1ANwFd03r_!}z+5D|yPR!`6Qeyt`3UyJ-qWjuFSiIeSf zuN{cKL!0bIW6HXIW8_VmvnSQX%S`##HriDiyqn2O^AZZ-%vH}>`R?M3BL-VD43QO5 zfQ&Q_(4uyXv#C{P%4xEfJ%OGW(VqXM=Nk!L5x>m%d^yt;nbZOcv&eO zua@eC#S@+(Ql`_`jJdaM)&^d1eTO=Fy8&5z99)Kx=%E<(_=V%CKsI=2;pG%WyYL2V zA!oR_&?0{pu%NO7fPi!~(_ud2F%T6dSznn68zaczW6FS%c^S(Fqc+0{3~CyBf%#^h z;Va$qSnU5y(&I)0-(qi;nucg+t2jzra;U3(`{C|GlWg7K11~JL#zEpw@x#R5*+E6` zpgeoL;#Hk<)AiJ5qHAxOB|>~@`@k>DwrAx6^cI&fF=h$w#$?-ulG|1%gDBfaMU7S9 z;)K)`J(ji(pYT52@v2mMT`%pXs^+a81(3E;Uys-!yQh_}Qg)Irs}D8TiLx-~ox8#p zuiSuXgg_>o0OrEF^3(*SC4Zw&gQ&G>!CX}7M(A#FF^rHxgxTJPm)n#RFe(K)-<;O{ zS>jjrbGB1gJ0bPe)J6EauHUwU;T|MpalPyL1i$FN41)AtZUJf)k7E45Ga9!;!=J^H z%fHJzOs}5z7_YB&zfk$d!973^*fH4or%Efi@ZWC43%`YcTVUGY`sr+)3+HZ}vp3x? z%y?7|zVG(ny%mSTTqVfph=c5ZzBNAFA20o02cV~hCd!{h;tJ_l2c%DiJ^NkGn9EW! zwypc70xtLSgL-WpiorSiOZUs_A5=dg8Zsow;eB{hQwQb9AYx}m@oT<%OKbREF|clQ z%gsIgY|2l1n{U^e`1TKo?)looL6%13^-&7Ymmy=Q;PLqvED1q7_@?aXrNRSzdp$;q z`<%L0@Ed#YiEXD)>`gMn2Wo9s-M|xfp8to5agtEsfv>Fz_Oc=*xj@osZ`@76k$id8 zzb~hz+RtR6-Wc)3tlm(8&wf=ZD`lV@9hMGRwe$q*s@*V&KNAvkSz5>5(-xp^zq~y~ z!516 z!o`=C8FHvCiKd5XMdfagGE>?+l}T5*`s;S5CD@3|JiDU*HlC}9}5DFOZO zG`nG^y{_k+i%>xLe1;2NTL^o+;R!dtEp2^ zeGr4q(arf*JH2Rs#A>e_b^+0LqcYuOC+QLE`r+-PZ|2!*QzZ9#x+Q2e+^i36hG^)k zhI|HY6iGfOgb;l*b=nm;4D8vbI+-yCG4i{R2(SpbB$Ia)jVkFC@*U#Cq&aC7#K>9F>Fnj+Xmbm(KeJvqz zlrxSE|9g=p>;MMdP2!nV#*I8V85vugm)uo*Ke5OV>UiBZxDU>FtTlm7`|#E~z=UXg z|C4vw@7kGvO|O5WZ-mO|lt}YCb+smJ3=0a~Zrhw9-^5;`$ z(wN44UZy3bbVtW(M=SZ@rk3;cV6P@HZU~htcKv6I;8E#nx@=i}4z~OB!}ehF7RWQp za*6nFvEkam#zcAAmUEU2mdMAf;1T!kV#}W^V_s4H z$XYp;(Ane$FRb<)UD1lII^@w)UTW^}#11US;(^oAdJ(4u(!6 zDqYYyt1$N+exiQ=ee<$E2Qis%)t=w}n|X0=2ET=eOJ0yxEx} z19_+0cf12%J5J%HeESG_bm01(0~VDlJ~KNP#19PP^P=uWNjW(~qTXMOI&`u0{onUq zKXGDRj(W{8_;{S>c=WMLmzEWm6^WbE3j|OA#5Fh=68z^hks0RHKiy8u(`;9@|J&5%`LiN>*EeZ-#!)-AIr{?5Bc8>JU;pFsqvdklCZnXJ zQ>}GBN;rKojvr#+POqhnZo7qT;}(>GN2`0;qhL**kw;NbvM>GQq1KkXEOQ}M*mx#O zQEqr&;hi`kF?T4q$+6AJ&B3)hN^@a2)L_AW1G4InHrZyO? zN5#~KeKgLS7Zmh-Zi>Kp{!mMJt?j6PXrp!1jFY}0(v1B2gGG_IC_x@MpgHErEQxP z@(ul~t8MhH*rfU8f0pe#1H|M%=^dRfYeY&*SCB)et%{w)DKA4$HM2e-mh*OIKA4K!*>VV`zjj!Bv}!htd(bT5 zeNW5pJ*mB2pXi5YZB14U%s3f{z|>~23OP>~WtS&Odha*oh8fll5%v8;?i7S?8ak<> zC36{#{^cx!e)`MnO!mG7TqU_EI-|!t>6q`$BKom1G}nEyelEG5nmc$cPP>@1xF%|D z5-gGy^iDgWU3;aW(g4m_qDeM2k2DkUmR!)y@}4IIs9K0l%k2LEMU57pq4oa&MWFxb zU!bV7i%p+`Jc4C&b}Ob5-vSeulK7tq4DZ_`a0hqMy5Y}E^R9OSbGV92FQ6&gs%kQm zA{FL4ul77GSw3fC`f>gZ5Tqklzx_A&_0J@>5Qq#h3fozT9&p*iA+CYd?9@_hYjSuS zSnRo>qBvgLsbf&vN_F!c43D|%U zU&+-n)CsLmQn_OP>HGLY^8A>cL||Ff==%@T>`=$@d;;(#!fkE8&~RC_28^e5X^QXm z-`xR*_1g=c!;!L*?n94ag$Qu{%MUJ+!YnC{!Pm##5D|X{Lknjs0`b0WiQ_@Ism7Lv zp4iGu3qR9SfOapVGPCTbUt)}h$=z;2!u%OKPFZJfBG=2YezAt`72LS#_mci><+L@>Q2hqBIvMcK zS@mzB{h8R`Ei@ag;!fA+OZQt?KTR1B--%++H4hcp3>5xMw;2AbZAEt`SnuZF@bB-lli^es! zm`jBI)iJH>@Sa9(DViIZ+pWctbC^h(JlRxO6uSBin8A1UyZ&#e;Qqn{`AYzO@UY;K zckB1$uS#0f@(A2Kv?!>oheqTbJwBKX?89rF^Mb?N_;081ZbB`CxK}X>#w=nAZ=!*i z)E}4EA5Xpt_wR`xK?_PuG-lX`THK|f>}q-BI0A7(4qT<$hm`pPYYx$G!_>*lD(q!Q zmDWoGp6ck6K4VZ~hjah?FU(J-`R{DrwSu^Z8jf_!Q=;Xt?#i!aOPd$avHd5^`v-+D zCwJwIv+I$$zSxH;I3=T{1o`20Er$|PAzm1RG29Oc--Ryyc&>?LN&5|gMAKEeFP+Sz z{Te^%`worxbzq|{ows6Qe@bDLPIPa^YQfgAK@~3iykPYWGxNkD>CPJIZ5N7jzenM%HalxDI2GMTzWve(LiT>`Nl?p6#%j5BR1#rl;Q9yN7 z`p>xtL1y-JTVX!y3`g^#wN7RTO#qT`Og*w5v6pk)sOn6SvFmPoO(#G)f_N^3!-Gz_ zv(qyIRBc%#V%IZ^@iMsz0&~NR=|z!n3;F2u6v7J^x-{jSNuMt5g!eUX-rDtGtUSTM z474yHJOXL&4i~g(LU>e!LlWkv1Y7ox|7}F==CGavntR~Gp$Xz0Y;}XYg_;=cBgbWm zIOn3B$^rx>Z@Ysme9=hB{PiOZw5gsfy82?q9gyA%+6&*v)Bn`Q{8KW958>{E#E^t2 z3h(2YATpg=!XM}RDGk;4+h^b)g!peW+q%NDN)bubVA29v`$wW+uK0UCoshdG*dqja zz_Y0P1It4UEYoHU3(PN)Bm!1UIa!x3wCa#X1>RnfWuUeHGEO=SYosJIsI=u8QpYd- zl3NY0{htkhp`0S^chGGli*Q;%_RhNN^ zFE^a7avAZCjk-%?6G%K3EnVvQfZlFc3}Drte^5&H=WTu!BBbW1RhD|6(<|d(gkJS% z(;}AM{6F^IJF2OD?H1k&iim)Mf>K2(DouKCD$+qgKsre8oe)|?Ktz*FsY>VT-IAP??KaeoOxqjG;loAzxL~qX+K6D*e-+HaJp#2_UmG(RCUfr2QIZGr@uOf|y8ur-s zSA6#zr)qjW6$~$@xUXMieX&Ly{nCd_S&j_=A=$RuQsL=WOr10R4R;wf4rCYVX<$>v zPxECDt4ayU&RyM@6Jr;h9GRtE5+h)>O+{mM94Sg@&OM{KlT7jWjz7mlO46G6e6#_D z=mV-ao&(IVqr3YP%|vRPu^id9u}?Eg&fAnnY5@}^TdA}LMpo&3z=xID#rpwpvgxZv zb;xxFZx(Sls~<%wO%{Hcx>LV3Q)itdE=6T?(iu3M0rwRx6i!@)6(FUuyu3`csXaIS{*cYNlxxeuOy(re{H|)0 z88@}V8gKMPuV7`rUnJBdWKKIIR&4PH&&s~(WwzZcxbNliBZ&Q==;Zry3>SNhDSK)+ z^MD0O!jXX>zRBQjf#yyxD@wo0De{U)iHk00qJrHTpPQ|JubI(eR zc8GBREWG;RU8@YJP#yOk0;B{+jx@Xx2!r4?nCwl*n7xlR64*_vm(fBTL5?1cxzO<; z+f-fJ)0nLnxEJrp#P#|I6Z3k)6Cb9CWT;-+&F%Qw{ZhD2oG^Ec7q|%CcQ4j-iN==z zz@5`|9DP15A}Dw!w*z4W>(`ygjg&#G3-NVT^_IXL9Eb0Cd2-$qipkIbC2Q^6>K5CS zN!OyvsO@7NH{4NOkm4LUS!%#*S?-MmTSKa-nTLGJCj95}tGw^$c~f z&Ko_bMcvN`bo-HEGqH-)u?gFq-5pm5+e5y&#^$4ao}h^Oyc@hx?TM^0=F28yfK;67 zAHFoPzZgY3A*tywEGceM(edlo|0R~2bnUx$ON;F3W%Lt62C>Ywp4N=kKvqCgkij=x z5kW9vY^i~2zcBt47V(J}q?0(pdjR=*xLO%m7J9WJW)a0^G;W`&aCVz`;9lRzB|Ulz1$i0#h?8 z;kVs|Pe))+z4K7V+(!ZM~XgZ?VrB4_lmQ^F(jfb}wurPlx*(47b-MyWM9@iI6Vqz}+wRbS5 zc2n*<#hZZR_6z)Gh_Op6%Hm+l>Xf4_fIw17CzFwXJ&Qjf4`LBx; z_~1&C1DH!HpKOyLd%J?JQI39yOtF|_z!nJyWvu? z;)_*zp`lD0b86PQ8=c~h*`z-l90-8@*Cb#LljFtoiwlu0uJJ{#`jF(kei7VYM@R6d z2YTNam;GUB0=j|}3O(d-le*HzjDnnHZ`#NNSrfV?~-}#*Ek^OhMq0 z$c$S&t>Py74tGq(5#We9<~)86KI;-%*-Xakz(RB+Mg5ihw7ULfv!PYjy7>&(*i9T` zVqQ^KZG-h_m-gdS>OXhNZlGY4kdT`ZH|pOqS~^0NjTLGE$Sq^~WWQn@ik&jWo{Asg z-g`O04Ahq%p)i#UjP z2!P&FKLFSUs9AuFUgZdv6LwI%a8vD(wCJCb~yb9hXVE{67=zL3YG>Zu@R(O(}*qtQd<_qw_ zOg;biDz~!l%vGzD8-rn@q3tS8IKF>&tDGz&p7e7GItPN^TuZYe?MYc)9SHwTpEK^UT++ z?pMKVDl04KgkTL5BjP6hX#>xMa=R!NH<}JAAm8q;8{uW zwv+g{c#0K`+*rc3+;+sF+2^K{#|wg!=WA;^O4xv8rRu%ITbr|a-r6dbw$FVb<$V}d zm*827{W82KZDvAWKu)vY5(>Bj%TX%$NdJk@oETQbQdQ}OM2d@C@?IfGiu^+4<19F& z$EBXG)$wVha4f%P#itGFd=b)vso}5O=qSJ(h5P$?rlj>xnkyGP5=&LWGKgBec}=)n zC+%#bsp(@tT3p_=|4oW)+Fu2b)PbOd<3~6j1Z@>AmyR7Wm~Ck{1k`>&na6nd|75XE z)CDp`Jz+jrXlJrE3=NRSAq3&-rX`Y1?!4hC$VK9zWRfbWa zIH%8PXUu5wO@Gx*s49fWX6Tz0#?Y{1%IDAAQ@{M(r0uWqd++?-Di_g7z z9lU9t%XYZ*(_m4@r<;0m=y=U|RjksY{Ct_Gui*Uc`b??E0Eyebk}f1=vphX=3mAEx z!sm!n_&lg&N`~tnsm$chRHpUcrm{MJ>}=(+QW!=T9oJ~AbnJMo7+VS?v2nfR9Bfw@ z=~Baq{&9;g)mwJKqo}dj#w5uZ`In=7K7?XSXgF{m1oxO!|fu=3a0}e_-5c zR=sujk!Wlu&0r~$gla+b5h;alcI2@X_x$Xt^Tx3JdbJZ$wZU^#9E{uQN@acb472W{ zrfws#bpQTKalU)FAAyf|)NxxC;KOy7O7X?t5KswP4JcN;iP~TIoIEsyaYg+?w*Ut; zK`-TbE%_QtHIGBmv_%1(#=>I@2QSq?7~jG7fT1S61%irv&8Gn^+bdnmy3=dl^`*v< z(q(c=pi;-FT8S{gqM7~Jq==%HnmK|&?9Qr4%Sd9A?QkbQ0JCfrBUVA?kf`Q<@}1^T zWxs(=?rLjN$l=B?WzM4zH+ey}wYwpDn($x$?pDSI=Z}VLXvyQ?3lS1#%_zblqf9{WEuCVUS5cW#CQpk{ zJ)1@#(5`Wffk{A^p+yV{>?b6yH%UmL^W;}$v3_-@8R`BVDbL9(;3{`Y>!ypvv%VVi zw$BI*gM{%F>_#|H8eVSCm&po)2Wxw(a z#~h{T?njD4&!f3GV^g2H)^on+zML-+T2m&tBY5bl;Q7ku^qi?^szfe{JTuCxAFZ;Q zUVK}KSi)ymf`Ts=HtN z-4qW;w7;x=qodpu5B|_I#VMKn__*3jqty#_xc5bgYS6QetpuLcn4%b=1RzyB z?#Q=Lw=NX{q8bxyK_ODxd_HOBoYJ+)2YdIZ1q;s2JCW9w0%{TXel<6kY;5)-4K#Nb zuX$TTCoi5v1lh@m)*!Ap%PS3-+$Dh+_eqF!o}g^mpHLOFZ^*qs?(=bG;OF7EtxJ~% zM#3@y?7c@71%2wP1oV|luYHSn;3ghZLiI}FGQc2TR`Aw*{Dm-5DxXL(I4i5o%lsO} z(sK(=gZAqp)E^3aMyR^W-Bw2}rGBlXZ|P$EexO(%f{9eW11(VLKea$Wg^N5qgR{Q4Ql-;p`sMaGl*b zjsw4)7|8i8KDy%4)rQmcQ@8#TC-wrDCZ&w>aP~wdk^VqScDZq$q>UUU6R%S~NPnvf zaIN5ob+24cg2%0W>D+ze+@3_UfJzVVyL{1_p-9i?k`RirJRZhe`LfY@qje7C1gDw9 zLCdUQ7$y3o?q{N6I?6{w(Xjvyej`#eg9{dU_~tz!F}E^%>68T`@}}?In%*WbUfqQ% z*WN9`C7-rB_WHACo0k97>g=OqTyUl2*KCN+?W6sn=_qu)d~WT9T3SXp#xeGKMhoW# zRo~_)gv55pU$fQuo)O$V*ZK=5{q;n)lfZX`NJrG=JA(WDnQ-;FB2nI z?kM9hN>8;%-_+RoSPTcpQ&#m6>uj8o$KCdt#cuU3l|RyFH9kG}r#hckts5%LySJYU zXJTQ89DP0(_Nx-y18sScNTg3v z%OfYXmoq6qit}zc=R0%Qw#_WcU zM@CAx##xvZ)=uL*I4=uvs2rbc~m$puTVE7WpJuuP`U}jZpwA8 zn+NG);=>}d5ts%!vg)X3Gf5#T#4hnSlor~p(;@eHDQ~UA7W^i|=7lrfSd*;rM^A`(- z0lth1n+Y%^V3$$&cHL{h_%zCcy?zz7gdCc3(@g#(2i;^fw;XCed7VepteR7LdC(uMBwU?sl7#Yfg(Vz=uVY(xby;xEf57 zlZK9_gIQk#{1X84{*c)4{3xJVwA*L;+g;I$BtV-!j~%(`Z}?)2jdbwY6om|eH(LO<=)sQS8n}|Bd<*F!J?tFIfwKsq*^PonxTRPaXRM`aKsO z=as9iF9Ggt0Z)>3zKGq(W|N{~&U7u)bM^_gmGSVBy_y7N1|=d~@e{sJnv?6hZvlhx zfxx6oaQvPaKWLQ4cZ}6jiliEzsLx*hgBzG4fF@^Y9pe=csjC4(Qd+EPE<@3T5L~do zW47?iaRL+7W(P^NdfBR1_G$=0yk_=`Am1WS?1x&bsdFi$=)d$8G=&4ft1{ErAm}=%7k^ck)zFNU{bK;xyn{^ z4@D8VzrX)b>LPx3l?Jq}zVO0Lit6c3qYCZK4Qy$Pf~Y@a%}34B`2_H(`HQWxU~(H6 z$ZS{C5|SWOqpa_Yl53S#xDrz>LW;$x=+%{-Bq+CLR(pMS=gjUKHh)^`jXgl~clY^< zM*t#bhgtjI^UIdLx0SKWd=Uy^XJ~r(wM>Y$qEMIy*A{yBk-A~7>V1wcrU&n$VS<4C zeT(YjWJ>AXg!tE29ptwSixe3S9W+0IGw`HXCX*en<>Q5)cce69mM9mbbJODJs49C~cBS*^pWsA1( z)yKP-Cx^g1!58|tZc#||C}PT)AL10(o4e-=2?JPeF+fJ$qLhh<|Ki+)vV3Cy^)Nfk zJXJfF_2KkP=g5{;9k9v1uWPVGusO(+qdr&Kw7{Q-Ypk#&BHHmtzN=T$=zRb1gGGJ3 zaR799D$vUnJC^)7hAV)8CmP!M#+fqjxYeZ16p;V8Rgi>|DJC$;*vsc8DIgo_;gqqLb~9lAW8eZ*Aqvir$j2!Xq}s6NgR`Ybe~(m*p5w4fa3{l zB9JJ4jPn5zy6}dFE3kbKE20}qpZw`cf>Q*N+iVTQnPN7eS91zOeUuqs3 zEc^E{JcihhH}I(GBVF{s^|@xGdD`}jaYLD1Yf|RUwRg&T1{Oyvyvzn$#iam3alb0> zg~=o|#qcDsi~h2-8hIfr97%rn<1iJd)`>&v+p zNf}o0Hq-X%3Amo%!>JV9*5oD$Yba7)K9*WP0fl66KTbQccs|}iGL!aLA);rXoO3C> zoBn*-jjbBHIpE~BR)$&5f{+`o^ib*C7VUtbG~*e0AesbcrJb2SA3RZ zWA#X&Ry*FFo{bz&Ha>sbL~xFvA1k{W=jxxNTwdu`X9Deaft%I2Zk-=mtY<`mqo>`K zh?e*CBnMMw@owhBF+0yt?}xsv-?E<;==>p>x3M$2`*8OrxRjs0Pvx&!h2cepQUBqXxRc?-ELYy)uhb`4r~rch6~%R$E61xD8s}# z({Vy;d7Uw~3!T6KGxh`gAOn^vp)~q{wU?vK>~+*ZtI}B|ANA$;f_K&_aXGuBv}D$K zvPxb(;nL8;_xBe!=UGPRc10Z~Dzs~yHEcfer-S9jEG@dJ#vg$453_`h(;;3zn*DJ( zF7t2HqrCLvd>>$Kr)oAUz7rQPOS!$+S?=Nd9!{&aL&U+2qlv^YNqF^oAZv9_x31+c z)5ZZZ$|_^UYRSt{ zO6r654S-d~wOYS`2W8BJfL|xORO7zC5*(&op9v?&(U7h7tyIM^^2koNfTpkv(Tusv z=!FYz-reMQ+sr+qAiU5+*`V|MsjhE7aU~2BU$BTg5La@N7gMWsx0YJ0oUNT6~Rn zGRRdW5i4j4ITWs-# zE`1f7-J2XT-(r81^JcXwQJ&~=HOVDt*>ypwk1y_nt;UyS~+rH zYt-SW(dhtzM7;-Z@7BMghD!zAhH~WWCVoMUfil!q7?pix@9VPGe&SP#^fAuK9X|(P z&IDfyhS+L$v*jP#)K-l3nj@9kT&2*F4g0Fq!PS*c$gZCIvx+3*dunUpyJE3%;Ml21 z^Dcr=TRVwGG7_q);)+Sr9%|yXR^C*KnZ6wKA#z1*-Na9FBOR&+Yb>wV5l&kDc#+bc z{~deMaeVlRs>Ek>X*qwy9=@|j!a=|0Zb{4D@FGa54kJHHzuR1IKKuN>ML@W=pcFV~ zDee|(le~tv-~?I(tfCz{Uu~=TZ1#_qb`WskWD$?Z!)Pk{z3b1)Bj6jmJB(~3wQ3yn zPLaYD0ZRfi_}84=ArAf7?ckT$eZ7jh>zq1V@`ReaZPUs8f;g9t78j|fp}vt0hzfbH z&1r77-UgMpdro7F4S}_$J*F=^ser#>&gi^PbJq58WCT_^m7}&Eo{Y>-F4P-U#s9&* zRY$$jh|gQxUhGOS1H49RIL_?4v-M>mrV+pt4Up_Xu|n{bZ+HL;8Be!iZpTztTBDIi zM=}J}0p!hhe@j0_-OD&fQ-&UIdj3I*nJAn?(xj8v%2l(RsL}~N5+DXo`I#oap<2Ime|7o-c{!`Z^@-q<$ zh3Fz?wck15Nq|G=@=k8vKWTIs&JCNuyTi@nE_~<(%ql-|#;EKwNU{SPl=1I#72Z9U zqMr)N2Mj+S5Cbk@7w9VgaZCRGl=l+2{aSv1EST;AcDQYF?_$+NeRlH=LG6q&5+EME zYP*lM+8TRXJi12UdTi?D^GFr|()P)(P(6EG!%u&2dQ+U{foBST1imCYwZrp~9#ml0 zNTcx@{YWnoWu1;>OFEW4v!_36Yu>5O1#K5C@1b>o*>CknWyP}O!uRY?p8@8ajsU+W zyDzf-A7U(jbwYt!EDvqQUW(z-VOr&OW4B1oC-(nfm0CBsMq==dy(6f#cmkrFN78uF z;iqFQ;vV3AaP#2@-b>k`z|%bS-8%b5b^1RI?N2S23{Qhfpl zgO$9AeZJanL9(pPrnTNFi&_BFDPXIgQA~lL|rLrK1)B}4}Db*^q!Qg zx$yVF`m5Ok?!dcNlJJ1oJ{*YTR(r;W+t0W_()D>yF(1AbZI~0ECnM-{Wj*z0>xy8E zeH3!}=Y_uhc%QxXCl5JdZ%26n^!*{HA5_1&wdTKnYU7hXf9isqEHw+Tp~+>PB9{r6 z(^395rvv^pUgA6f&*`?&(GnvhfYu|VX8lb2`-J=>&;g%h^)KW)8naNtxs_3`5(t7f zY_uER3i9Y|3(oim(*xh60zALt_y~5~*)ffJ_4^vg?)+Q6zJtVTdw`|#cJN6~ZRiK^ z^n^X}f;MnYy`}gaXisB}tm^N*sj`$mU#0*4YX1?9&OXULr5*<#y#Aoary`7=O&#=- zYTqhjmon5XZ(i#EKkEzqBG5Kj_eUlpy~R`@)a`hd`qt-pna0`E6C2{b98GsYS$Xl* z4MHWZJA&nPEAqbVLOT*XJ#KgQQr-LQ7HBL9Y+hXS{NJO{KMu=(_vwGMDgFzJ{a+sJ zf4NnE{j);{xb5RUmBMEiCihF}F#Y!nJboF7h6c`KZ%@Dds`c+^C=&bcJi@=O z>-JRx;H1*e*3#WE#8uWwWqUq^ViMz*RJsYYj*B`U-kc`Lv|C{llGSu z0C1-Q|8wB}o673%ci{Jn{GS7Nwo3c|=cs1Y0U)z@gbg)NVg3CI{wtpXudqI=bPKDS zGyrPwb(gPvXMwDo=4&kDMgtU}29MMIlc>?Z6r1K+cz|RDIk{8`Is3A_&u7{Wo2ftE zg;DO~wf@a31S+tcKcu8nl>Ns(o*rzMpTB_x=bQgYe*dpW`aj9maa7~uW)i928b`hkapWnh);!+PksA`JpG8H_}$Uf~VWg62rZl1rC zk_L2@DQR6FOP-z;)iJ+Q&i7M!xqmq&{;)YOLCGA&$7$8Qa?&U;S!z9g!W}1({(qzW z6AYxJIe9wt_^HI26-4N8K8>zVU@on)2WWdDfuGW`_}nb{EZe^N^S}|EnX&(?2hM`^ zti9~;4Cf!>sVs|=EgBNab}fHDcC`>V#;pYaAUQu$SE=*6X}k72+k^kDY|kI_2UN-; zJ1f=01i8mjK>GNq?A!=|X1Ul+>v8^WlYVng5R(5^n{-RbbfCEWtRuFKpU_pgjk%SW zt#HCw%<=*NXacqF0>wpvt98lm*YVEp*AesY-W|L^OP^w6PxHlV-kELMa&P%B0b&3D zL^EZ<3bdX4LxU8}WvtS~AhUY_iuXUY$S>yBfaN>)F$cXS?*fOJ2DQuA@7?CsPvHfu zDKDO0*q=sh%IAATHe+w~c>O#UYFwU$$p5?!yAK!SV#&F@tU5?%g@}dgC~h>19^n0CT_mzrVIobifbQ%-Ww#3hf9bjBQ&uUllb1 zI$KerNQSAiO6}^6Kd~La_kAoQpzs3zz`W3p(5?Zq+Fc*i-dXBibR7D1?XG3_kfmnb zGZy5~p`5em4d6MHw!%^yvlYs$Ew-i)&ykIxwrUKVuiT6qY;l-$RZKhbc>ez8&hpPY zyfa!H@|cIN9v4=M$Jv}C43Jz^PXZZ+u={j_Msf^1j#zxw&|+4I+eUC$q0q9WJH?97 z>K!)oOR7cD$`niZpUH?p{4ovu*Qb4AKagMIw|tuiiYI5>I?6GkfQUp2uI+cc9`afbe3yMS?Mm^1eik1ZWEw#aaDq0+U&E z_D-lTzTfLF;n-UrjmFT4e7Yll2cW!tDiLy7M|a|HYvrngE=uoNP-dwcScIM|%m;noZv2tnC6je>fWL zuh3HAS=cm5$YoQc>nyWl1&l6Vu;QLYUI2{&nh|anZCwulw(HM1KGMM43$R{x>NMxL zZ`Dt%clsnKyOSJAQbLek*)<^xmVito?1WUVXgPc(?#^Ka$3*LmWNgnzqC9XrWXret z`p;w!ap&_7Y^mNYC1l%PxSuj1y;{A8?GDoSR=FesOMV9&?I%Wa3d7>f?2N>mJ|EYs z>6DNHZqa^H{#r3goHRY$Sw6yXw{kh&Q8@Q*ciNXxrh}Z9{GE3Xc-?@B-71b+L_0P) zi5-vMVb9!2r}6%kTF-B}Ed!ITk*-bHwbv4m$NBcM&I)=vylRycFah`({9U>B(Yh^0 zJniho+hY*jqKcuzb!7yW;Kmk%MJ(+TTIUxlT6aaW*z8wS-PFHV#w3Sqb6i;1^yk$f zVb^aldsPiBCiy!qoMt@5Fj+xrX1rdlQfKqA@xbV+s6g$f0wXo$v3%C=58~sCCn_(b z!Wa)MXLT(Ju;5v=Wq&CPZB=;jmxdXGnjRDCydQ7bdMr1O+1w6VcJ;&yI1zsuhD77Q>hZwxXfR~YZ zM+-)Xc zWbrOEt5x`{zE9!*9c$=MvFzyW^>7;QXfLdXhgVY`(ro?+RVtoy38)Y>19T!@Gl;o8 zfjI{h-2Fnhx&1RLP&3bqTg>ku%9fFZEF)%T9MXeg)AKSX z-zj#bKZjAK&Zcv;@Jw$x7!R*su(Sznz^i>+^Brc2eG)WQ<d@oUkJr#9n{2J~o64 zbDC%G|Fw7=Mj2_S_xwR(+^6=>T)Awc7**4|Y)9v#FTS3Tn*$ysLG2v zv*_b%?)%Mnk*J zfLUqEv$gH*{bpJpl`M(39ieMJ6@q`&24__-Z{V(~-#{8o)v@nF@Wyo2D5^~^RIHm4 z-E#Z;1Gde+xvnqF-OlYTBi&7IQ?HpcQQvYAAc*CBa5sMiJmYm+(!(ezV4^2%>DBs+ z4BcX+U)?fFU*q3*5sWDxgAGdA-G+9*l&|iuA^ipp( z6Ay82f7zE`?EzvU$wu*h;lratxaD&3A?(-XJ=71Vvo!O=zOcnEOH-8BIVCD_xoRu& zoIVvOQLbl;&2fLY?hI#RE&Hx0Vh3T6U4R^Au|`P3Si2$^qAx6R^yEuFPC?gWR%4A9 z-}c-}gt;_F2H=GfPx`#`jH_+^>kAD?x=k|kF()R}1I+=0{I|BpF$iJL!v*g9FNEi3 zuLBY-rnn6*)(#VZB$$;>{`t<0pWa$qQ{^gSJTLE<>_OTM0CzACVHC_jwBci4^ub(t zD4?2DsqWN}QzFppx_EJCl9QJ>wFd1TwA5HGBf1!HVwtkkn|OE4!HL-rs;Sai!o{=q6e5_SHQ7{@Hz$Rb7Q*$FBCgI{4m!1YIkJ*o3P5luM6Lox4P86!mo3NRUhWTKRHscO1(&mr*ZLYwxizEPTk z*a~LyC_@2`I`pKuGJ#jYpDRa&?IPm87DPtct$C%Oolmy>eGbX`b_FlXn_d*@$m>@- zq;<5VPB<5oAT(0NALk~>g!TqtQCQX1nmP;{7HLw7zm#Izu&+hn(&JZId`q5f*6yD3 zvOE~VCF-@2z-3sch)uHYs8`SvnZ^oU+hmh_LlK{_)QUmkGVy+8yy{WaWVxctL#&=FxRLWK- zK0Hf($?!BGB`G0PEp6s1yv|jo=UWR+53pODx(VNGK3Is;oIW_<-UQG1*hN6>V9p@_ zdFfimDW`xRgnOL2B{6{3rDA!ee4o^p!jV$#VKI*OzT`<12X_}{3fNp{g?5mDNcRYv1Vam1KhK?#_3Lpt^!q9jxKSjjr{_3asWn^R`*fY3uveAdA8?r)7T4DfxS4w@h@i&a+ z_mva3#a3H{2e6G`;%3=@XSf%yZnP7bZ`Rf{k)vNA>6UEE-SiT_MA&|g#ZBExwpflk z$;1x5{|@`~R(nSRXLyj^So`g|PDC;W*(Fo^ql~P!=hUC7&bFjUz248w>(FlqSff*N zIus{pSmBj8R%N^o>ei~CRjL|Oj~FOlUhbpu2p@8j%H2)i(yvvJPOO4WP+${^ko_x7 z2~9SQYixT+bMjNgkaJUo-1-m+|5*3t&2ir+?-T6v-iVn1Yq~=cT|`z7O*Y)6tHUVm zj)Lk-AvpU+hlAA&i=G%IyF~jZWmE1C(kx+l*;v{c3LH}w9Po}#Uv;`6MSwfZpr@0! z8mpQhv9TvxEm%pAwc12E_NzN=4P4nbU7IvIfU{yLcrL!p*a>Y>H>lCtXOeuNt+Ett zPap3BD{(ebym#)YmVGI^Qa#e0%kP({W;CE0DCi2M zdzrC)oL>1sBD)z+`m|rb{ceUOqdr9LCxrb5xR32YOM>rComjHvrjEN>;-X&vG@4f; zFMkcHS*wIL*Dw4GyX&aWiqDIIra(y|6LFh9!xcEEReYM1J-ho%vTv>4TVoTwH=+lT z+S&c2zRYxTBG7o@@lxonb>vv0l`#^j05c-<=gZn4m3~iB&J`Rur8Kj)@BCzVI51K>8o? zVtDc)`wXJ%lEZrpjeSkS#J&L+fsG4nWq}HT5BrvJClWlic6_>(t}A?x$pPE3zmwj+ ze+aVf;n$pLvR@O>?_UhD-+zZtcyOcN5r)%*xwEZZ{&r<|)|{!Ov|>p{0O=l34i-t< z!>X@J>CNu#EcM>WAzO}#TbaQ6CPJ;_J`+G^49^gs?B`DUD2P zXloKdyZQVa@QpRlPdDf-QD(*%GjANm4WUL2OcUPwr#(4p&hRo(pO|avauV#f^8c`2 zJyd5Ww<={gs~yAX1A)W~{kaWZh4m3!ld$|?AxWa63*7#97wM@iSHT_@l zQd3?(GB_v2f~r@8yE>at=^cmo(|!;JqE0y?V!jeLR9z^#$0FkO36P~1-D5Hjy`aW5 zaOe@h9WUipE7*t;&r1VV^I+flOhWg!;v*Ze@!FNNqCx95PWMIjkP8tJKRLoEy9Lx! zg *PPZq1)$Q*}c^PNwezH4Ej6Csp#NSU}*1}3omqP7OVG(M((ZL*>C$=qtf;(UR zSTH!A8^@g_#-|qz?A0>-WQM5TFzVEy?r|N{JIu}u3vbws(NTB!3}pe}h}{@rI-x?| zRUs#vNQ(R^J~}$w@KV#$bBmzO$<2;S+(t*WYw28im5P9Badu)@;}Ej{7a{0*>$G2Y zJ^-&;jNI)HIKxs!&(j63&@^sQ3~Ml!^1k;HbK>u+u3Hq0H6&zh0UnRAudn3WNsK3Z zj>_Pp>H?ozn6X*|Mtz?-<9E?mkC=D^&@2D$&4KObr#v``dvjW=5W);Rbq@3T+Ddrx zrDr8}mf)Rkr=i@<6TDIiT0CH&wHd%c79gfASiHgx0@waVy^M&r>1)W9hi!O$4`zCi z`hkL4NB5#b7FR=Q#={Vd5n;$NMbNbvE5(ib6xTsQ&eK8&RCuIc__&|RD3w_T(V12} z9*3QtdD?*W6E}^~kU5koc){m))voo5T-;O+<}s|CLU`tfhICYgrHV=!$I*|n7BzML zFuInVoj(ffsWgt4-`ReiABE4x@iyOFWM1}{0o1XE{paRbl>}?BYrHbiFe9HIlhr8b z;q-g{PXG(CE~rTZG&?J_TEyPG=E{J7J_N~7+T7Ma z9&S3mO!yg})e@cABhsmt-VzZAfp>OtC$niBq)%d%FfqxC_D4I z)fUu7cRaIQBBN%CmjgYE(IEH2*VzL;XLtF$p?du$sTPr})aeWv-DI=7PE>YP0)}w^ zWp}M_>h9sB*;`=qNAPa^qTosxCdIr^i5s8U22YxHbIhW`KZjwn*h#;fpeil#>oam) zC|R|efIsU`xuA^4Fb}uji=Surhpuplv5r?Y`1=G1mfeyp7py<@OoXbL+JC)0QDqo; zUy6Mn{Bn%-XO*M&(=?pqFUhoDegcE;FH~5!d{U8nE4+X;M(jaG;Okln3W#c21E8y7 zv1U^1A9)LqKD>focP{UjAkXyQilD$cQQ8|~*ZFTR+?=$ncx zY*i&CU?S=jPVaMUbjTNgAW6lYZ^|YIHwor2b_@t+Z=+NmuZ|1HhGU z*fsFLU&PdK_lRe0q6VN$(}&+ay61)MyH6RF2ITG|#vI4b-*S%0uc}k}0E>@>AZ0=X zxAs+9rOY&CF!)z#D6jgy>8WXp=W5;zPNkOIKr$Qef&18ewgu22r`siygYz&yHq4WFv&qt5OlB2pY4c`!3YvduUnltxO;v9yNc})X%Zl4pah8IC*+M1_Ul~~bacGw?{m^a)%Z{_w| zN#!Pu&=<0T9M>fdIoL_HV=bm*hOkm6sVzg9}0ppZ)G;rsZjC4eyDPE4|}bF@5rn5;@_rG1FQrLl-aZ)_?& zduyUP)}+q)vZG%mAWZs%`r4b%X)}!powjh_Z58SO{L`H!(qrsxM-NO$TiH*GSjlUJ z)2_I_owd7+&_S;<8ajJSTG+&8?F~^fLV%s-6JXoB8TiG3X+AEni;TCQPO84aLz}ltuQ2lsCFlDcR{%P@scTE$u$x1Ef#3G=#A-qUa|lqhgIeQh4| zr1RI~0hR`+Gg=&RG8Hz@UwwUJb)$vfB13)sdS59Xe9T+n+i#p`??XF~Ic1#daX$}{ z|D33P`>lOS1LMuDQU!&zeVzPguwBC_d0=x<+j_EUE0*zH`l&(f0sf0Z0~nV{pCxtU zI@dEsC(&5npEiGZE>FX{O$nq1vrH9>d+z+pM|KN1~@uUCg1&6mx z&Qg(9Nl(s!7}b)6<5+mfFD1bC#}>;-MH>R7C@GnRx$^+y;OWfvmXj6tZg(rwXD0e% zWj%;;^So0%s~RV@EB8jsLAiR7zE0~6m}H2{U>X-7tdYHZkhgT~#r@6Sj`N%mGvr(H zld?qdTr7!9htGk@kznn;dCgh&tO%*|- zfL)#FF!6!CX{6CcM`(Y532#udppl14Wi zUi>g?RO=ZLp-5r6dXw31VGFM7s$W*qg%*}Fn-;xSaky!56LibAo=M9`bptbC)It~r zU}q3{T$+RavPP**IKs}H*4OAh;9%}PmoRPWLslMpW5aT4&sr7DGwJ)rXv6ozMV1C= zO5N}i&TU|$RNp9u>^ig4c~<-64$j7LxxsxGh!Iu|UFP*LYqNB*`T#p?9I>B}5vJ*- z)B}AQpT!+ryCorJaVNTwhnxWvloJH3rS<$jbiH{r)Q$T-{1Sm>60Tx`;mYhX$ z;4cz}mmbbRGX=yY4zJZ8aul6zC%G6b3at%!k;bqe|}uk=E(!>)~un& z-eRP!g6zb$e_kJ^>FdYdHMYEDS~#yB;S?Ri)c?Ij0%K;5du3Ub4KowiQ;b_l@GUNN z6ic|d$xWm?N9XeQFS%cAe^ZIIvkamBf!{o)B^IKD(v{ldcMh}(f;EvjrOAc7l6c}m@9*0vZxghG=5^k-rca8uYNsK-AX8gxq&^&Nb>+QC$% z_)AjkAlDhO&W1ilKL#d$!PFghH5B`2)JDZZ>!~rtmh$JDS5U{BCOVBRGxm(XfzrdL zm;?3&TuK-YY2a~Dh*mjRCUUnz%<6Ij{^VpHXu%ZMS+EAqVoh{tCQBPH@*q!9c!B*D zKln%fJ{eB!fp1}NfLJH5Na>}1dEx(yH!K>%(t#kHmciW(fS!mGf3yG4h8DC)Z~eD% zM&=yFdjDYjUPdyA{&FWMs3E*H@6h{cMNTj`X52bQ-EaDmDeR!m1QKqMn{oP0iH_#c zm8niV{iNL8ZUI!`R^;bL5f5P+Q=t(H8M3#^a>2strkXBxF z2=s)IUw_-z=lqUcji|5}_yE++diAGgH2CLnvk9Gjd^YN_;7%fO^;q~;>ev?fb41ZC z!9j80okzDc5TMqMvfxYS{xKHVx2p@f@jbb4HW7ybHZee=R!YGXiR)R#BHw&tIFV|p zG~m8~@SPwqe-p=EFrxS`mndDr(vpG9OZrwxkHymZNQ6YQ%wp)biz;c{4gc_hAwBZaJFXMoqk+sjyWzWR5nK762V2=H;R&q|9PGk- z?(im;@8urOu{LQOUb=V^ zbZfP_yh^3q>6%KDE%eE0FFHN z<;2`Vos}iVk*&E31TX7&Ht9LEJ*Cx;+Edc?94n?;$)8#`wx(($$@>B=1xGGQ!L!7S zR;B|zoYF*UlooFD&LDz&VwM6UNdsZcbI&0SbJH!?3Gn+M)dBO^+nIr8S2M$={e(}3 zJJq@WkaFv5R+`*g{l)cc3BAL)NlmaQsVKSwn98E7~KEZ}=CZLVxA;YeY|IbmXyy#Vl0@2IV8sq=#Tr4P=yV zc0m6*B3u>EpPVn+T1guxn*m1@jVn=QOVQs@n8n&j7aJ>ua{KYaYlZ%iu@UsTj(xZv ze9`@aL_Wkg<8*iyUHToPe8pZ_quP&|#!FcG8qK9urh4^rr73-o#DmUiZ9}40=DhuW z*k+yTv(2W3y;W*}Dy$dM+&%=nMHed4J#k`Az&|`srTXR#HFk)}cMJT5k}_#A;J!(g z5);DP(g6vNTLS!&%@?;SVkVC?llTZ5jm?3oSLE5q^FW@wvk_?6mwCbM*D2nj*7x?Z zKA!aZ_*KabfNa|+YxbJx0Ft=}H@^lubK04S(h8xz&TW@U-uOH>$s5DFZ~~qq{^k`M zb5}wf)cO-0sa*`%ZZMw(a9*Q~^N7P>D8UWBFlsqJ0Y4vS`dzCBC-+48>#jL=oh9A< zFumC;Jd$i3n8+X~8*I$~SVqZ>ZOk&>y?ajI zO_RSp`SybB$#ccmhopT5C1lM+OcSaq40+ByyI@}n82{%5^+zudvYQu3*;?UE7zXV= zNrMbUFZ5p*fXc%^X5SBH|j^ZM%e@?o46a}vD^Y7aVt%;b& zd#rxmb#zVLiGd`r)gpVOK;w)%tmqNw1BdCiG3sC+w8)mmy@^Sf`v#%me)os6(M$JJ zgO=mFGu1G7WyaB(spMT}a>nYy-Hd>RyTMaNQFQGJ-yk1lHoroDI%Y2w(#*W^Q5n zDw3NvBPX^U7pJ12=&kxQ_U!V|oI=!9J>AIQJauQ|&~mTFo2>e@(x`mlRLngGZV8e; zQ%+7$A;YWXLx=dHJCPIQRUmPajLZ1e*ZA%v5Lszd!WFCs4;Va^uHW(MYRUB`o^eSR zLlK{^&XD;g#O${eMa{r4ab88gx&Bwo^!B)>!}+|u*;+1Uy5`(wCY?+=aGw14;00ze~L z4cq3|>_b5A{}xXLvkGC2=EL(opd#Hzuy=yME%G3Ttp~n_rZ>V-tA3xwH@Eifre_v} zL{1`bqah_aok)Y4t)|bF^?~8(h?k
gyoW$qDjn=u>Ta|3g^mpk*rHG3T$1$qMo znR>e3)8Dcdj7=#s!`$zrr?XbB?G?rI(dJ>2>V)xOjjB3fb$(v8Z~==IHx%&dUUB=r z&|j*A)sb!RD?7xV1X7TKW1XV!I8YDM)vh=q5P0%y$Jtu*;Yiy7|7tJ|S&y0(4y;R) zMqe}*7iA|4H2PujkzMJwPSf(3!NisI!Or2i1GLzW263F{hbE9b(d-V}V5VqvK7y`V zF7P0b)wVM$@NI~}uS`CF=b3&r~w8euFs63e=foxRzN#MJ4qKJT__DDG^` zg^-XipL==?k$^2D*qV%PJCqHCRt?q!B6L23;pE6P^^f1&l8>2Yo+%|;69(d)M}ts$R2??N|LWtRS4lnC!jNFSWI| z{7V|VhDJG+?tVVvWXFcq&XT9(-oJoNad?)`1|n>~EyL$Y+T2LFi_x1?!jkFJ94m#TC94&Gb~j;9p88Fy$TNf#{*@ zjI#4Ke02H-#2Gq+Yd?Y@1nb>dy2tOma)lO`6x>rc6`8j3#e}nqI~}K$80Q=VuCuH; zt%=W_6?c{-VM~y|&MvgWM15U*vvRFBjJSdj@AvKcb4OFqVXNYSn*oalr1aFpFF7a7iLxDB|hg(VgDVLds1S;jG8#M+uyqu|ZSm zEmfVc+#*9DZ1@_LCm>!$_=V29*Z>2nOTf;T%?t4E<5TeQOS{>F*IZyWLmG^jU(uc_ z_w}gj0iTIs4l^_6KiqK7Wd!0Rkh-zHLl2PnBOl`|y?2D^BJLDt<`qlnw zEM^aIK-$s04^!Lg4imcksE&m_mtwR$_?!~GgCUpn^{i4Uh6H?#TD-maUH>rcy+SyL zw@?nW*Vs`v^h$cK@AUY1t|y~Cfbp@0r=1!7=5G+-#6QV+)@X}4Fy=p5ai@9Y;1dR_ z^~0@j&X9Yrh_PZQzy6kx4O~M#XaH8F>F}0r7AVO38p9avAW3l+g@A9cSyWSV*vTdD z)aaFIjNq6`cil{%x4qsgj+mQ_t_3F`R=M^GQk01t%pda~QI|eEEnab-U(X=^{&}Lk zlFN)zG6VgQmuHtCLOa`QA)0gz#N)6D)i;h<%QTDvv+$c31ogV6;v`K!x$K+qm&kYI z_}~|&^K}Uv4`%)M8sOq#DZs;x zLC?PuvFL5TMhcDlIWF)ztp@voUo`Zo&W1koIOCNxzjyZf*W8WuTZ$T6bx0RUOD*SL zBNPmqh`?T=)p|d@R%%n(?Grro+{?UA+3K~5BbvDwlD#=#GSQ$znZgkdHRQ__;0%`$ zx{k;C#Mzu($aE|+svf5n4K;~PaClUw4BQjQJXcwIl&$>kIimQg9H7)c?0t8t-Y2ad z*_gYx-pS?V21oC;-mcDJPieVQmf#q*?&bx=)~WT*W6jD1!mK<2+BBLWqkGAjUK#&> zr+sN48xCjnz|9MW*eHu^I zBzr^ZxblrJPP%a-s`a0&vg3TT%GoSgfl~MGHO|T?rP={yq|m$x>;Is7z+O3p!Y|b| zaqK9AJ0FiXYgd|hf@g~>uC6b?6cD%K^)Mo{<8sq`#!t& zz&3RWTITeqEn>Cm({b?+uq)S(fm%PQW2+aN3AG-%Otoq9apMy_Ougwwd%+m5AwQA{ z7yU<>%F#oo44G|p_h*cJMm68QEIurhla-R~S~x>ShO0@cJ*(j+zMxb~TB`U#?zUSZ zK|l6z_u8LF3%F4*Q_%-zzwwo6__eC63RT=ho|!73$S*&mv`#1w)O7i^(Dpgd{>W3 z014fNu3Pi|+(_?xlwLhA4IOVhezG=AvK*j2eUh+6}Kjv?-_o`M=a-AsZ-_G7!4y!~v zsFd%lJ&lVj5gljTVAgrL)U|+Hr?}(SXj29&jea5&SMdaC1*GHwn^KqcA5^X*n?%@luMO5F?9Vjn-GVtSogDRh#f^BuDL=$Cl#!Z;OW zxoG05sc$P`cDGL;$Yqqy9lhGOXcsG`D>Y5axv8}Rb**1G#L6!^9322GViUdjtx8>G zKoe8g5R0$()#ZNOF#bAxe0}da%&p;acTyy}-Y_zQZ=-b~z!uZF6*H?y_c8{F7iLdA zJ$@?0NR>I5XjXO|!@0uD%l%smL6OpJ;&1)0l?hObzqDO=;~dY|VV3#Um)BtZ>@IBB zQEgAQ63vml^tq^KF|IUK=%!vzqh+qgjUI><>RR#BV1}_G)RarawkG9x=5tqFv$t|` zIx@QXHEsr8*J-#(myDiPQ}J$f>1GKVeuMXE%Uz?f%&R4eP2?sx@Y&~iK14~-rdWn- zhr0g!71S~s9<^vC8}4)`(4m%JJR?dCrI~m6KVATiDmV4bXXyU#J(7=E=^TfpZ2wa@ z4IGi=jptrZ(9bWgXHKOD-%1Y1CY2Mj-K$=kQyyI;#^*Qv6Iup;4Z9^4{orlgwsMJh znt-(h6IO-XB`FSn=zBQ7mU+)!mNu*)gIbtb2qrN3_Qx@CO! z1K=N{6p^e<_s3w)~|B>fD7n$)ku6H_kUxp>HB;?e|rvSwq(8grE#wX%ID~(Qo+d2DjP+>#@?h4XQ5`=xnSyEEw&etA2RnDgwb9{dlAPTDUOkV z%Ge&-Y7D?fcdP7V#bZ<~GZa{(_Em0iezUu)&aHPI1d4_kriDnH43~OkpcCCb=tmyA7b6q-1bK>sLNM}R;V>yG<`rhAi{ zhbc2%%R1+dFDQ5EwD~K;CE~53UXE&^MUT!>M=?7(g*`5K2(-*F7OL_XezQ+9UyLDn z2!`ar)tSvLjEA=B+tGV;Pq}RlS@F}k(n%Tt@X#j z<1p5+%N5v?bl_o_^@yhAO+5p>r!{*EOA*5&P!~WX6_@+yN!p|wir!Uq zJr+T|tfOyy(HF>h06nUc&Pq{VxoOoZgnlJ@V@X`~3&Oh{LEp_(yMl6dxvM-K462^E zXnQPwrmxOe=~FDWb~j>#ms>-I9#;P3A?<}aZPMMgCDG}pv-xsO8*R`m>&fU00tN2{ zS~-6BY&(yYmH6p$|7?$%aNfKTS8j1KlqnX1zkcU^^zbI<6Y|mMsb*yK(ThPyR8O2r)qtJnSj`E-TWBYMM9VcNAGVe&Qdp7Lk!TgM#ZjWqA z*9O@5+|Ycneg9`4BH(X**4$F< zVNbq)WzS8fz;lAnYUL`GnO-bLw+5}643a)KY-8`#QxAu0eFjtfHm+f;#|x8gTSRsJ zJ2l^}no{uR>f2BdVocV8n3^ANWxK|8mrh``dYUEumH<0xQ1jf92)Rdg^c6Dj8^3t% z#_s`|Ny;B&Rls*h(Xg0F*fsKoVD_v!DxAD17YTcH_h}4cqGWN~IJ)*XBXn-a`$PZ| zZ3h_SE2Eh)EAqUv&&)aqh?_1f#%Ul_%eZae;34Fqa`*eB*FpW^@2@;Z9khmKpWUj; zk(ow+qySTL?%?NxrcoyC3#uiMaYnm0mdCs|d}wqmeCQz!st-q)bQJcIW4O`x(3N6^ zwY`oV`Ky+nE<*T2OT9jw#X`sCCGJwNucbTvQlm;;VH}S+4fW%Y0ObGA^y_XrZD7|7kJA0-y~tG*E1>~O|K6vb#tGmvQM7~d~s*cJ;5UclTIy*mhD+63%gQmDx{ta z(|>*SV|`scpyY3{i5MI_{Vx607TM(UkdG+T)3ZGe{v9JnO?uQnvAKhQWEk1HobXrA zF0h(5_|OelEM}8e3ZUGN;`f&oLOvday5Ac){ZC-W-zT9bUMv&{$%c`|#P3%Ol-3Xf zQ=ao+LP)?<9C&SvW23=iob@=M%Gvy3c-*;&Uj&kQ!;J3z?QcIzQ$(lYsf*-R%2-25 z=;{b5|9qfzjzlaMUkGUm4@cAogw?29%R#sccG3R1JbhQ>-+T5g2QL;EXDQ}e>77jl zN_5KYtUta&Z~Xqfa69l@etr;+*IO%$-bJ6dl!a!D**S(l2a?BnFsRkXaW8%#sc5Q2 zWZ*`w&BxoOWvg7Hokxst;(}$Wns|HN<3Jn#RKrI}F_U=ReT;A{XZz=>x=rpoOTUrw z;>6QxUAdy|8)!CP_XwXZeJuX=(nE?WaF^iRYOmLro82DQqv$6WP7o^qv^Y$Fw3#_N z$e6ROLy3EUC9BM;+PN`^h8!o@H~%ZJHvRa}>JEU89A|YOrK5>0uRj!(T-?q~V(j68 z+jM{)5gi0?aj!pq!lzZo0=+D$cC!vomMnnkS7DP;aJz-y4oVkiT0rZ+ejN)dg*<wr|Dg zXard%f6PmpQLD_wghH#O^tC0mbI0%${RE?Ro?yQE`9 z$qjIC8YJgn#&8ulofv&EVpQrFZ_6nEtXSI1_BazcAE-s5M09cEy@l4kjKWzDZ|DWdm9DBb(Mz$RB2Zn zKZ=DlwN5Z^do|eUb!Si1a6)2=0J~hQ(M6yasx{`Jn5yZxI+Ax#wkCJ%*N z7rL_U72!XBv20@Z!L7-}$3MZH0XF?m+E}-a^q@@w39h2_0~NSb{|Lj!|4VRF>>Y*J z1KX1b?k#Jv$Bto4>~Nd_!+F`-gwDbM0lT4B|wqwpKPcmv(-$G zu!d7lyns|mdKLb&YaPP0+uKT9Rie}KV9u5={G5=bPGO!A6)tmsb5^pbb-o2JnIF|I zErta4#$HzbJzOr+ge&FgI!cp){II71rPP>kaTocW;hi%`stjrLhRR@v)r0;;WYBo2 z%j}#`@zj2HyA?6u&4NxiXAm44#on8O*+=wSKFfz571BX8^{l`81K|Jj(#N&vXTq! z7dyoq^*-LMUXkZ_M+U6H>iycp*4u!n9m#Xrm+yUIlwk4eY_sNI<8Gz7AKfb&v^-h% zaaq?0JpR?G3*uBZF+`9uPEl(z*aw_^5&Xw{JZ~eguy_38q(^S=w6AD~S}rxbXLeZx zB}=}%UJuo8UAToepEmI9ci25H4sM#0Dl1#*eQ@67Q$m1Z$(NkxJ)8_?r((QN7WCuN z_1jRRh6ALh2ZcO<2IIZYgax+0bZh>_3tDet@@uE!eZ_ia1Al!gdh!fXln0bC=^DPjV&jsw3Kx2s{@}ijKyUp+98ZtFPt4njWWp~*HRC3Q0 zi6e+re>7PLxu}_IKC+-xf~{P=v>4`%MCerKZ6YN$Ois1*Sjb}0DIUv}fp-Doo1kwM#=B&?(o}b-a^&+=4z<@@b17L1JeucdO-PQ};jpxhz=6Z<-O~&G16zLs-du$WqRB z2kGxCbZrE<)_dO|m5Y_wa(?l%w8Z+kF%xi(_lK#%fQYpmhat@$CI+ilc7B0vmi-suxJ_X)wqM&p!{FCWQ z!tFiNbT}cVcI2YV?G>!2z4Ft+5vK5U2VypTuTw6MY&5lq`UcXpeY1cn7nuS{b}e8z ztjzQUg5h{`r~Y)TT-zT{iT~D-#QhV1vuw81V~{ON;hW-;SeC7^^CELyj`WfjYVn3q zL($6H;yI;3$X%WK>E$NVWnA)IBMsY(&R5oqeSP$EH0`dJ1N&)QJUjmO-58`{L9@b$ zz2_WP*n3*}zJAwklc@3C1!D&rM#Cj;^D@e$x?^Nqx%jg=6^A9dKI zuz7Et<(rI5Oe~H z9OeJ;U+^*;(-=6VporRQv50~Ow;!`m&7MvvKJflsyz;xV_W=Ld|9GBsh5hTGc<#66 z@F|X)Pw2jw)l}Hsti676c8qs;Y?CT9{QD-ub=5A;YWUnp{W#yU-qYo@?Cm!%-Cmt+ z5~VyMvV7lgW;_?0&%VFL-m_^5l?@#9#?w!Axt{NW%$P^p1f`7;~H>$RSM1lekv>~4!LEp+X3vMvePH&@^DAddyq{!>XMg!ZQd9^IKc_6_`{3!{2AnS^q{c05qaJM7 z2x-Z0CYuRg*jo&fd4x~6Q{frOtLS6Y{kP3iuE&RXr4lo?*QhXwvaQ__9>`c@x>jvb zeU+_|)fLnsTLniul{X(dhk54Ahw)VzvFFx*y^8bd!D8YfBXw({jyG3?-B}pFvRkP) zI-RN*SkB;h_k3J3MLdrT81!&GWMnk?0>&a^D=#@a-hEYHp4M8tFDhUOc1ON>aik;< zq4yLU+LpMVcqIpp|2t9?yw!DPCn#(YBupp*JA-U|Vz3LOMaf8=V`#Ov&jkHk2IqGy z8^WpI8-@$=B`7XsCwmKJF74|@cN+4zCpK2w4aX9o)0R<-y2~QjESd{gx!%j061~?u zV{Xb@BBLpRx#3io6KjdiI;SipE#_vg`+V`gj(_O zc!%Qvx{q_lC^r+RU3AsVQE0AMA;y-G4BSi;pso39G|aD%xwxsut5U*$5h>k)?)ZLG zKNAYSYBiY$sRvdcuNcg;$72Rpu>m3_r~tNCGVRh;*u>OtJT7yM1Rk5}i5_sX1dedy z<~x7L3mV463>d=c$uIcn4JbXM#3A64FL|eb#ehntWwI$!M_S_jT14g9SYvPB?=Y|L z+Q%7p{BI5{kP;olrPj~gEX3LQ$3qlraf4H8&ec>Y%g`aFap}9mxSZLar!1ciLBGz- zt9SD-VQGu4ha_`)&fOHd#YAt$wg&S5)o?;C&)W0ogOw2?=BYNdxyJ~~yRk$253*ZT zdb9o0Z0&!hA?}iE7lD9q&H1n$_f5HD)b&2A%*j3p848TOVK``bK%QbukW&=~j5~6A zi%fYP6qZ9`^M>e7Wvd*&RlN9*Qax+UG)KZXxW9#NvlB74KVm(D-Cu9lEeyNlaz5EP zsHDzm^p^G8*VfuUN9q7r>y}FrQZbvi+8vlE%n$u#Ve-WVxP=kBnRZNN=UT#d&BTaR z(+a2NcQoBf*u=UW9JQ<8OSzs3F>nWZ zE_@5+BA5b9{E)r&1`0ewB(TW}3}wj+>AIHI^>@jLrQEVQ7G^ka@p3KmJM#DDV|Ze@ zb%!TEdNLt;jcq6k9H#2TM=A&c4s4k&f1S|@}8hl z#uD+?WMlK$2Wa$R;nS;)#<=cfrHPtA%SZM<#BW)tFPsQxvS-3#o5G5#64Axv>-fh0 zgtCJZ0os6R;b-K;9GlMGq$v*7MB91=zY`FjCUX1{Q|Db`b{d8o)xj_&UukCe6zi;W z3;kgRaCJWJ-}U474uR>+q6)?^QK1w_opN(Dva+-@>0AgWc#wp|z3Rul1^}81u9ss! zQZvp+he3D;$Z^7^Ytijfew`=HK8$86qx^uom7V^ca{$Bk#>2gLxcBQ^t z7N#zBdu=|`Z?;$+w%MpObx^3;e@*(k{bAw1PN}@P>@fWe>(|(Q(!dK^ElNN))>pZF zhf?pZ7(M~2SMdUEs=I6|uE6-p5t}gHE3`<@LTu~V5zjF5crH6&;e*_06fM3tYSVGV zB;{$GX2Jxy@D8$6d-8m6aFTS1x6LcZ0$^vWqG4eE=BKiAKbx@Wd&{{-S58GZvwt{s zFv?jPn5!7=RK6-4rO9JqH5!~euUS1jandr_?4%c@D!L=bOWe5XtQLYd1sr?uijjk2 ziI3iXXP~QG=D;LmrgVuSqu0~iR7}6Sh((82v|f#VuRH;Zah;gN$Dg`(nu_w=$ZH6u zR{H1_mIRi|Xl^89_WaS}IrRJ`O8~K{WUoHmSA6h+^Vz#^DiHfz&UZC$RP%3Dvot^h zQ~|n|yg&NxpVVAY)3?wa_?;9m8*TF{0l?tog$b5LlmbAmv zft>ykrsyG*{J&(|Os}m;_52sDb^cR%$%T_Fbl5fCdjRA3eJbeHi1vqmCGu8D!tz(5+m{#o-$tv)qRg&F)f_A}JP1jBakQ%QR(r*0*CWTZ9ay);Yv`{Dx+Y zasV_l>ip+F#pyFOevtph*k1EDp}`KKRTXqWGLZA2pkXKmv*^vct7T%WKXg2Wz%PH_ zVgV81ouQsn5Ch%}aT8=}$PUqpP!H-O2e5^#{|;9FP?|gPvHvq!oqc$gXEt;?_WSD5 zK)fZ}LBOn?s_R+)7A_ibds9OI^d_7uIk?H%J0io0{gYzF>QtQnVXh+{x_tgedOEp4 zC@;Y9nY;)))eA{qr-#fm9S;ueyIAYib64mgU6mx;y1Jxi^O>|xf>y8K>ukSI=@@22 zo!W)f-qk^NE!lz>FQw(j^Zi~e1oEAc1;JFO{IFYYaotJ{A0wy&HvvbGkXMkQ$2B`& zv&v?-9aNPODSw-TK%RNptX`h}ytdfYOi#;iTBQ$d2knx16wyNoWwlzVL?0uN4?*hf zc1eCYdi$%ltV4Y{@*`vSyNJMC$}j7yRLS$Yi$@U#)=BWJU6SKav77qNdYMb!RXC%p zRW^b)ztt#MS{p!&6xtq;yaKfL%zdA8N~N6Hk@;OKO$*XwWaW2yH+jgm6C<0fdusRG zFhVd;-M)&su5d3 z{rUYgalh6D(BhV8g)_ZgXI?y_-zOqv@!@j^-JQk!mw@Ekc!kAxRPD)Ij#wUO2@8BxAkCQ&z@|2z*=xq9Bo*fOqY9|^swo?(vL(4(~apLCNNWA!bxQUA+> z4w%q2Tz`uL?k11QcBhreZ{o&j?WZkRaihiQE|9FwL7DecIL~WV-+JqW1*-0&9I$+9 z_&oKwq4CM96=p%Q4i`?0uhxiAM#cZ4ryj1V^xwa-ci#K#eE^%lF0ZR6t1+nhBbKqn zgw&hU2B;s#U0Jzq46f;b9*!@!GjaUmt5A)ycd(Q%sB_E%9bP&F!(%<-yPcXaY%`pp zdFNxMmNpT63O*?@qsy}N&5)C5*gTU{x}R62r`#Lf+QNshSPE|mv23Akg$*|nt*l7_ zkI7;37rS{EY$2!C;c%Tu+(q#iHb>QYzEO0up^ETNi>)6LEjD@k7!f3Kec-1uUfZT9 zR|hnyaX3=cN>zt<%0Kc9#2lMYX^NCSNkEV)V*;eJ4oV`%JH`E6KF?3+i2CvU63;Fe z;aSCq5m<|rG18~93Ocrw9XmH$qX_JK4*7yoZ*FGxJUGn1xQr=S$SGB1I3byJ2hIYr z#xExFA{I|A6PQD*_JgZ3kQ?s5I~@x5fP^;AA>?Na6zyw==M-6rhIK0Nq1h!CdFc=e zuvBfy(@E`G>J*i=hG-3fiIrrXTOha2Y^-y1h_%+o_WS*c(R`t^vlf)u%&hX1W#*s2XMOPXpuni&AO31@q`F@C-}WZpes zpmc0wi`C;yXBS3EHO|SvD499f@_Mm0s7Jx8RyQ{a&}H?%G^YoX*(BL&@$Dbx;QGS4 zFz4{wr=1t-bI!X1N-+Aem2+CO>Jm;~r&k%`HKh#sO|C_=l4hjIEyJ6ti@$-f7iggw z-?ONp4%P|>0U{NDa{t1~|M3I6`sPru=K6hrO!EjW(>n9j^}V?nyc-M6cinYHu(l9K zH4%U@)YK+!_R}|>ZU8O2&#EFGnew(=>r=KqE}H#o3I)x-DVou5MLzTK;ks)uZX_tU zi_PhbpsdEtF|CK#{(FD|N0~g9CUM@pt5$<2zx@C)&M^Q=la-BlP_Aqas6O4F2iqVz zvR7S~zbR1CtT1`q}+|7sT? z|G4FePf6wRjA5q}1}otRAeZk`=n_15i=(MU3oVTkQ-{zp>f|6^`Gfr8fMirP!gY4I z-*%8err9C$AvZT@SJ+}{g-!hDdqYQv)?ga6Lzi$ z5Pv=t{bM{f>-(>;=EA?#ei>qkRCveN(T=f&aw&fYf?j0aF|MV6whDo86C} znJX{(p&2IHre_@duxHp>M;fr|3!Bn}3zx$tPU0e;jIhrQJv}(;^>+JHWFK{io_b>} zhBj~MKJbP4b+Rb%>7P39dMLnHi_{?fW=|rmqxyPWnF#aittF#l;|+e9p-A>!nR3TW za>#=JP$T8JLzr2;Kay6rD+~~S8(&PN&&^calpLZg|Eo`}&RfcK8N0jMq_cUzT80os z&fnO=h2+nSSp@6EAiXmp!b1oFm(iR!+e?8^E#T1sv+r273j+X~}xOmo`(E_UpG-Jt3XuaPC-Ud0FYo(%89z3kfGbcCPgE|Gfh7(ncQXEFJzGaued=$GF z;GjH#Yo(pxxret0#q=qu=|FTOX2y-?@oNKBD*d_0QWJi@p zaGC&Zu5;9pXv#0Ue!t5R)a_RYhhz+1n`Nx(IGdf4|5+_iA6&eY;wLH;xSq#p^*06RT-fOCVUa}#4W$r|NofZqIP)ZdJ9UtmBaR{d91XT)W{ zFA z?&OqIo7izPt0R$B@n%s2*v8jlGtx2-CeXIKs11X0)N<-@Pq)tT)CkmpPZvM0DzQtm z5L8{uiy2nTzADLgKKiA)7;hh+6)xsVm2<@CqrMpw+}Gf#E+aDOwareiwk^>YEk|&b zIodqTzY`ILSb{ZBj zz6Fwd8?^f{;zuIdJ^8Z0CT)Sk?g6Bj5-XeA0)P~=vGjk#6G~rQvy#zmRiD<_@!dln zGak0G?V2DO1f3a-`c5JMa9DGbO3S2UESK}AM(j6}=PKPpJGJtpUV4+4LoKbmLGKFB z*z3w)fC6I9jnGUj58}|t&v(P-8^nX)Bi)7*lN3~(Q3Fj1p^$)PFG&7 zs}UY?^i>ahJLqbkV?AwfSxxK1HQXcj#cMuMo|7E&LwK{z_bM-DTJL5?e!i zji0p+_n${q^e^ce7TTh#GI>3AuAzy>R;8+*4w^!v`s-^whMu0FYy~?yiwD3dk5G(H z(d-EM*#~Lb4-MBP-AS#7u5867d+cnaA2ToIUb1(=rZ@&rD80DHTmAWy-2la!JJM%h zq2F;uh_!h-(4^6XZv)_Lm4TNrAJIJPtGKoYc%lJLiF30}Gro@|#Kjb58XS z$NS0n@W8XjJPKD`mdA9!jR6zVQ_&cc@2Jh3%*`T-^>6-=iBt30uv}2kX~m{k4ZC%_ zy*Mx;-s?bkcFgkUZwdb1qkfoYO(5q+l6WiVrrFyIHI@%wz21FDlSk#PMCIQ=Lgbr= zqzvzr-yj_g+pe?Vgnj@%yL0o`NW4waHHS4rNKA~r{85%A;O=?cg;==#PpDs=xX<#T z58S+v_*351Z92k<0fM}XnhlYM?fv;rg{u6me#1Gld1x~f52*b~)9fOT@E2U$O{it$ zFacKuSjjm8r-pQCw+Y1t8HA-q=3`?u3I;_{5cc!bF#NPPoQB`yedL35O1f&P|EO{TJ829oZ)j|!q zc|U+_BhBsJWGle;4dIwiJHjICT^VS2&th14iP0=J({|ILApxv4=~wT(M<#3g=SuJG zt>H61LC9NMPfhuQVhN!WfD*HXS6;8*bbx#V!5Ge|4(|KZe4m1I`*`1I)UG}_#Lng! zJx06O+CcG_0S;K7+tEUaILqMvdugRJr&tzCtoMc~QT-SA0)~>brV9T)q4H+X8MNs4 z#%~g);{^!$@%I_tRn#p9&F09U2_zM?vs;GgjrJ?EqMHGrA@tii$uIQn+Yly92oks@ z{NPSKC5KQ7oU;{~p3O-tLb)KXQ-uQv|k6@w(ieDFM`*~6pH8(c#O3v(n| zQdt2SX#JZqPr9Swa5i@5N#q}CX3qBSUD!GaPauDtibYx_kMK0VE-2B#;m_N^mo!1g zr?}U5JwjoP$={BB8C%*F^0zB_rhKF)6T}vx3&{r>84L{S5%@Rl1kwS;2I7N|XxHAb zaf=r>t6&hkmwb6DM9-`W+Iuu)YDfwU+#l#uz>>;sHAkG7R1m#_ciuaWQXBD5>p>uWL(4AY8R|loiYe-ExD~MM$g0ez}W!w>@ z;Zl6iumMM*oIGBVzQiml1UZj!SY^XkXnB=AoqlC_laavF#8dwp7iXgSWW_8B_&6yi zPksT{lSzFMpO(_WwO=ja+6o?(cM=<3MbX%y*#n>xSF1}j>qQ{Rh}PGCuLD-C?(r!^5VnsVU>uHu|mIMT@M z&QWn^Wgz%)J)Ae?`Y`$^K9dP33C+&jy6da%C)KI0V|h%@W;{QA%@#08mv(OOZTPL5 z7mTxM@b%DGSn*V{t+IJ<^FcsTm$|~TG>R-l5P>VE)DM;-<{HY8UtgV+o10hwZ%$Vb zp0BiX=R<&Nqd7nu6zr+4Ojh#={&2g};rd-TSTe-I0tcjMQ)-r5jR0wNwmOku?uj)e zU%F&Nc!gB5Z1D~X5Wz04)a9C_)%CxROtmUl=8eq=m}egz ze4)z2e;ZgW{A$2WrT&sMdO;ysjdWSuYYLDmaQopq9lHuxLRM`2d>q#xTxTfkEcw!- zH_0el$Q`*ZrMu`Yk)vHAsbwgqxmlRIIauMQwM42;LwH{b3_N!${@np!Z_*msEjaU^=by(J(7 z>W<|?j<>!}Qhj3FIm{+~^e_TJ{_56_Y5=6yreTKV#E%3@R6m<+9 z>276rqg8>hJ6pT)Q?*lz+;QYcz4{8@2?YF3c(aD|Wqat2{&JN{N3$1@^0XT6w8SxJ z@8-1D*yg-QLWd8CYPo%QIdc=tTp+D0y z!e5V|>P_9!vOc->+59(|y%6B`Rw-KTz%6Hbf8*%f$M18*(L7x5!7DGSv)Xdc{+1y1 zKbZc;uk33cXS~p1Av|#NvS+rtjQm6juy2L-`6^3TWTw!D4+Xch<8lUr*n}3x553N0 ziw&TG8d^RhZ?x|Z91#n5=2U`XHJ2^?)9hw50A9tJPU{evoA*M8P35G>4#`|y>W%&N z`!>l&bzQHz4q&(opt+4$dG^^&ykdi^%2#DLvHL;aBjg_YV zz~K0^5qy1QDY^g0-dh0GwQOsnJA^p50@N9%Fppx4}VKtk)7eSFg9vY_!P5 z;UJPP+AZ8hU;-_P9&LbM1B7YmxlJu4;|ck2ohjF!6%#S8uB^5pD$9LSsIHu$qiK3) zzxwihs5SD-u4cw1m9Dg_WA9z#vo4%k*B8$tnDx8IJAuF~)DpB04X+JYa$F+E=zm{) z#Q_SgQHQ#MBF}~`-YOMuXv8vYAfGAK-uwYER;|Q69#)WSE_-JdqayMl@pJg18L7e}iA=%?5U$#JB zq<*acfer{A7*yDx3H2?|D?M-9Vq;nF%jdLCBX^hhPWISuw%E=RJiv=!z|4#ePm<*( z6V@(I@%2TMVKWbVL}91lxJ=rN*I?3Akgl#7#$wNztIyEWj|Rw)c?rC(EF;8^*I3gp%SZC0hsE zaW-an#-3@qrnsAQi8`M)Yjwc5F*!9r6{@oURC3BsJV%4W-g$}CWB4TZ5omB(>eizD zfzq3H_X*fqDF|~@uA+t@3LN9}TD~*A@n_jUf?Xl)xgwBWubC} zOS@L3(3M$t4su=J(>ot!z8~Vm7U(#-P$c;xeW9_A>U$`ZTL?ZLvX>|=YVGe-F|~`V zqTO~7_OUH&K3Fj6jI9tF5bDe3QFZUyw(yMIorT}La55I z6(7Nm!?GLxDiTyuD|vTNx`Kr?RqY_dv{Y!pwYSurDK zdVus9MjkY7_i%|CL)y6o{n{j(r+>O4N_(^hJ+1tP`o;i#`~xsl?1C zcqx}Z4rv||2dT~2*w?GRCKLp4!=}S~EU8*5cISwm(nnZnVz`Hh2{S*n|ni>}hT5c^~VgQ>ugyM{aB z2GH)%?6IuS-TNyS=a3%OL!(}&QQZuAXMw)j^COvSrw-uCn5MRAr#Ky-&fYbr0G$u> z-0toZ3z%9}E(&R8f{e#nL38~ObO6Ss7<91^(*yD@x_Q>@Uk88QSg*y!WS?+N=^yqb z{p><>GD}kA>`sMY@l0Vvui0e=%hC=`!e(5brM7d<&ppJ17ZMN?*gH7vkwkqW7gchj zuDXam*aP%rPUC^&0S<#WptB>@BCWywkghe3Emp7_8(rT~r(b_^VNqBSRCsiAlQ?Qy z+H6+T05@T}mY>3jVv^+zAU;1INJQD5v?GIUj6>XrG@%{YMY(RKW-z|r@nLz*tgYnVuRwQ2iNE-PN znVW_lRkAL!XxQ4)tPfnq`{XkDQj|O{cOd}v_Z3v82mr1xxGwXmRFO8VbB1&`6oSod zgi|@k_J>@Pr@8=Z?1XwaF+qjvPAd}1nh_7+3Jbd;P1d@UDh+d!N>4u3F1dJ5<@yT&5PFPcj_88(0GVO7 zxE)u?ig)InGRJZ;b}C&Mosyb3=Yige)tEzsL}S>;UW|nrHL^L2KUC!|h=tvUkGN!u zlx5iV^5}OxRyu9X^6QS4nq3FOJz9H#97eWXzN{?3Ox_zu<2)_p09wXI&r~chI*jix zT>tS^BJU3vFCG%~YCbB(q(d~8wo{DYG>uJ==VgzSX-(e{7qoBGkjH_h?-Mw`t)(?# zDG_{cS|gL8-SDIH$NZ=^lSB_$I8RtK!#tav=QoLw3x>vIoJP11^Vybe!XB)> zu=y4S&)TuuR^3aH(a*itLt0?4q;1$NS>wP(NgCDNLPLPG$_ksd;wT=V=ndTGgc2hJ zABuN|rxFfW$^=JDqjQr68!)4tBviTbH26}>(lm1!l991XYSRhB+xS~c#mh`C*!o+I z#Cu)f;TfPYTZFI|MD#*XZRtK4w+9?x+#UC2{2|mL0h#xf4O#GjKb*U6gLy7AoB2)? zU*N@-3}?sdoi@wmxiq_ zpzpPvrX{_lCre5w7YmI`w|+DFsSJz}EV7Y#rZMDc)6I~3hTfcc0U@gqn`q~IDkG2X zjo!|H$>AK$prip?b1ygN+a`1yFSt%UFOx9=^!_hpR+z*XG&Vvh3p`)2{K9B27rCFfT z5KZA29ZjXiEC=<=I?l)5panE?dc<$Cy@9tG85p*%kLQG{U(mJ#Xf?s`8N zr@R{eu+Nb2gXiei;T(YHq1jDKSMXg!cQ7UYgX}yqJ`&Xl{@Zy&%zpr$Kdufh0bm4# zv$nkIsgQ9I2F_xG75DRyX@cE<%}##ggBM+Akdo@Mm=&UaP>_sEbwU7S&H>>E!bfSc z`ECh|vfPN@J(*qy$ja3&Aq#F|G!LQ#JHiOwa7#vl+oYH^jm3s`zDX8GL_uiK9r4!8 zZ3&y}&2;gbvS-fTf4w6l;*m~5Ml)tEWm7VFywcYobtOrrkL+~qQUX@<&Wr+ztmKR5sXQi^sK<<$G*#aM=G-c8!<*nZp5Xn?p0? zp>Motu?B$S032>AFW-}sQYhXMM=d!^0X?fn12mdVb=PmND-x7?)KY=rJ?=U{b4%Y# ziARlyZ~30h%_W1jo^|-m-6%U@~*69JPX|M>pXAZrrq9zuSW- z`>j@kq_|X%8jAdkbzvX!Fv8KmNCP7EIsP`uzeXFr2*bD4Oai%wurxY$T*}Ggf$*KP z9K99E=GYTs%)Fe>S|czm4$y1n3rm{hEgCPn%1oL*;c) zW^eX@emN8v*UN(#lX0USh#XI3nujWR60^BYqD-YAQ@+K0vUF`t6+2YDH)=aP*%$}H z|2L4`Yf9JRLPKD(Y%~8C=4i!7VUIuG=Ho)7VV7`>Qf0B4hQr;ZerJ{U}gd4RKCl)3I*U0{o(bL z|Mylq`%`d}m;AXgL1()ERtz5k{wV(YA$apYb&I^bg;rXj{FnETw2l6L+o?8NMKtj}ba2+-IZ$!xY1_~D=Z)WMt zlEWWb+h_yGXKf%~W~H6VqWUQQ7moLPa!LQv?7yf<$|30Dr&BFY*XYK!QD>e`kfXH)u+9<(`{a@Yj zKXcK4{hLk1&y&ee$^1;B6Z~vR_>hNa9Z9(6x4^T*e}J9-`h|b$@&Eq2UfvpjbMd}= zZR_^9?C{aQALiWy4D#|s?(wSs_rLJJjo3!^>swqK*);b@F2Iet-;eYAGwA={e)~U- zH7?ez@GL9-_rMGz|3ZlUE3^Ff!2U@j z`9Ch;zgO(vEA~%LKiiGTRU2D2AkkWu7$_`GBTo2G=vj(njt zHKz>%I&lAg$g;?DQdGTo*w}a`zkA&Z`=RbM&hx&aBH?m5Z9_^Wx=NJ z{_=v6LQ4!Iwpdpp{Q)1j5&V#9S|8Hjt(9h0n{ko51FOEt^)tV-*_#MKhT4?9|~J zOE1Q*2F4l6pP~L)&hhg8v=X;m+ZzmGd1$E4nj7`UeeEBe*-ZYqc?sDQ?CqcZFRR(HoM1d{FY<3tz@40As?8p z;t2o+DjXKs*>3VO0RX2))LhRK#5aJLgZuLA_IDlcESXF{kws`*S*1JVvKPQ!#h#Q( zJm*Me7-rP~I%{anFf0Mp;-ARMkZH+X@ZOp@Q-g9kp8)`>PEhstMWHCu22jmk_DY8Y z!>Fy}Ij!uAJCE?5)z)06ag9NK2~>cWp~+KkSf;gQY^k=oD%_{JcbP6-XREihwvQoN z&dFGE720E@EgCHYFbId*}cO} zaumt!-tNbUI@XQ@8gioY!A!^!fvlCoMirLO?OdTk^0DjWz@-fLE~>2`|$&W?{?*;s2059becV^79-j@&k#I`(C3PoQhO5J>t)r;$@@|1|> z0?aNwh~28YUd2xBPKJ_GHq+$m&>-jC4+DVj%8sMv^leg&{A~e+>wAQ(?$7WQyajIl z8ju~%Yl~lo{uQb9EW!2HSx*yUY91r(KTjy{OMvSjyq$zZMB*cW3mgIRosmGlY>Z{= zo#xg+3e7`46pmz)A?52-%s56WLAF?2-vV4^*?BaWI~;(*IZPc)*Vc}|FhOPRAb+0q zkgp}PXE%QR7pelAyilkK;PW3Jo9!|waR zbtpPD4EX?e=jJn%jiO$p1hT||shhUac15-tdHjS4a8;Sfr=>@}&jieS_p=#$L)h+h zF*ubJ10>-B-tc9ZMvRR9+8oK z-9*a!GyAifkkgLyQvJa&vCUeLN3_Pgqww_{Q`UmDLiUZx#b*3^p^%2>@Q}vop%B9+ zm`KcE5|O7rt@VytNTHN+bAKZIrM;zLg+U{b?L#W z%2uXE1t0?DEERyBxall&<3tEIw!uD3N+Ro>#iRraIC9qZGZ)7L&06weQ~m~18@co8 z23@JMT-_!k;Em{!0jKgYePc+g+S*^86_4uYAr;D%`YbFjM63W{VEVBP2sW?}n%XTy z&{xa{+~>f#Ea!n=kA4-V`ir-m3mJDz_yMr?>*jFGaD=k-(`bpDA;D5BAvB8pKVI;#VFr){Fv|?% zoM1~Bn_~;)&gWU`w}_|?=IwCZ$E4=6f;WO=?YC=j>81&T%&Y;lmWqg*^6~!i*lh62 z4H`o3D*>mpmoT3^5ucfx(zkScyNw+ko#R%y@*h6{5cPE5bVpEnZ2msV2siQKC+5Dr zU#EAjaPLYHMJ1J&Zs6wVB;=J3o>{7HrHqT1UO;9pg$}R~E$ftX1Sm6u)ts}Z`6Mg& zX8NX*6l?7x#!DMU5|IlmZrq!j+`4%IGAw}x=Odp7AqO;YJ$@1Pr?A<@uAgk61_kH( zXM1#j4RbNjtE~qMyIEyBbNvsc5#d1>fSM(*2f&6Ac>-iHKX?ythx7B}&WhQyb@GfH zvAZn$8Z9^6yp5m0JSP0iBzEs!4$zje+KUeFD^1J|A!O& zZ9%t@ezm7NOyLzCn;)~3SKU;a)@;FF=1i}h0s4B%^ZG15b!)>dXr|uSbZh@zDb)#W zHHp=m;EOn}oZ8h{o;#vVvG?LE0Bo#Pai}HCzQm@$Ab%z&xk9^D1%>qk3a)12Nz&`I z^C0+)j~sR;GBSG!pswP1a9<@ZRa^p(4>G@fdXBwlFVJn(46u?B535jsTN+pw2@-&& z*3_+wM#J^k^Gq0^gEKVl1sNXFIat~-F>!HO=Mw;KZhjR9J!FJ*imG6q5HoZSRQ$vH zcYRjD08mY;j+`#HLi=*6J)J(X?l6*Euh#o#n@yf)qPwx43M8-{QE3cND81REs!n17 z^kON3a@@(*K^Vx)DkyL--%%6tc)nk1<2x%+604+Ea_P5FuNM^5m}j8W$pGM&lDb_q zm8d=vr2y}v%_4($lRcoP&^=MGH5epc?{PqDSphJnWvHvLF?#MmCG93&V&}JOv2$9t z%5zkwdfF_2MBJVW&ZLiDR5+c44YjkVFAL1oHumja$&nZfy+m2|P{P5v$zy;{$YJ!L zgdy7R&7PnIAkL=uG25yF(Nr?`(*xYccva}PJ7o#{?M~TJuEG<^;UxlX`x5 zfw5WN$?zFEkd=fM~*IYLUSJyyS^J8kqg6x1UQYw%s2agV=5IqwNL& z&1*JcfKMS3cfcPN0kP0#OZGKTIx#lhOiO3iB+dYnG zIO$Vh_VW zsu_UJav;(c29$>2W|L|Jo@-`(d_KnUT$fK8RzNzCQD#?zKO5~6zx+n&^OppZaKcdp zc)|*>0!Sufg~HRIBuDC~l%!^`#nF<1#tPSPWs(RzL&9yOIC0~4${C0U+A{*5dVwN> z$CplSkUg8{;o&^^^43$3b3s%R_e6qJCR0H#KP!WsP%K5%sNM#koUU?;8Ni}dEzK29 z5_B0(qpV$U3DQjCvMMsW(k+)nE0Pz)Ia*R2GaSsChDxzjftG9da_q2os`Af*9SQlU zwS4r|u8?+;?TJ2l%(nZ-abuI9pKaOMq;gq{0u(7h1K77Uw(8#n*z@&rTNo@zk}{9m z+He@ljfS~RChF>!v|4VPfxe~Vug+So?(uFH7ckA1*R^LvDi!ljw}R|G`XWXk>tFi_ ze{J{oaZ;EeM#g)BjOXR_Q9B6xplb1tm$+sacWuIv*si6r4>{}P2ke{AePf;(=eQi=LoETi!)+zY9|cVt<-_f2Cf zqyB{Eb5)~%++M8@SDeppx9s0Av@)I6(-|h71ryhlcCL#9FEig+eG+8 zBa~YtnpCE$p<~wSe24Br<~-!K#kDq>+g*^}sE-hk$&6n66$o@(IO`Ve#c6p){R(Q0 zX@*?(=gZ|11+7KUXlXkCSaOfV=ezm3d1z}nT@xdl1O1p(dz&?EIe)1|xSrxD>hbF+ z!hc_6ZzBJ0@5;X0lHT*4pxJz{3f<*J%f(UY;fCqr9=b>Zy>I0Z?2GW97eYS|oiH(1 zJCt~^qM2HgM@Y2xkAh_@J5x^gy;}7zF4rq;=B?REu{vHFh!IT&8ienC$(fgS*qL~y zlHF&v=-OqC+;LE!eVP-|O|Bm`A0-G1>h`FYLr6Ov)P*Q#o4LTbfaz%a4|j$g*^?kl z)P%hyQx{-g3VORK1TI&2`lcKCw`^8xO_U2x%CYx$@{(lRmG=@ag@SC#p)<}2_lq7+ zIw}i7#T^%j4PIqMxxUJZX-eqW$7IP*I5R3?$Mcucihjc(#ePVc!c(j-x*nu>ZdR-= zyYhuGl(*ggV*zD+sSHB{Nc#3nUljkBZFVfNf-URzp8SER*@C@ji>9aWB^DP+w>(#T z8&7T`U5iIOrL16en|X&3XoTUOX33`0x=+kQjUZohz|pBf=e37~8uP%us9J%>y1!NEr{hi`cA9bskL3&GcXCSU)gXEADX5# zlqIrp#Ay=!l_I1ec6Wjcxp}xu>iMQo{%M`(z5MhGC|cW{T8p-eJCsitsfS<}d>rhN zebgA`sbzB`iIpk4dLBt!ZwZ&zO3kHGc{$fQEI>C^|1YD@}7r`JNnIRJSDUFLJcU`t->s=WbRyR z2NyM;+hVdtFM~To|I2hmB)hY&wU%qsH1iQV8AT1wIN13}y!YZvAzK(O1vh4mTdi^3 z$D{QwI&NNak7%_pAA@zn7KD8DOx0R+xnwd19V{jwgbPh)5Bs@Npg zNihcIfzsWeioFIyzDF}}?7K1Hi$O1f;=19()(?7h!wiwG@bsc?c2w7v!3j-cpz0hWv&o7`Ow_~5Q`Md2j4n{t)|d!&NnMhg3$>e zPUSoZX;E-|Q>-c+-0@Of?#=xwVe(fM!l?_Ye(q*T&-7fex`*TR#AArxk+ zHfCZ}=CkO?=X9#R$oUP7zo%MK0yY=1n7pIA*)94)3Cjojn!o5XPr1m&Vt_@n!pm)8 zq7Oz!!8!+M^K{;eo@=Zh^r+|D_|rhCA3gUiv8ooCxmsl0$(DRSFs!T7meebS^jm{~ zP)&n4$Ih&79fL-Cng6@`H*3@-m0uI!XD!aOk^v^k)fxdFQ&0z4&-qmdYzA%<%9lLQ zFV!#NX00ggcQ`M%-40AwaGuUCoO6h~FCR(|Q{7Mmzd&kxrq@4qJ$6&gvS5kc*!&@g zrzF*Mrc=PP=csU<)s0X00B682-!hkB&*N)MPYSVWR+(_AQrWr<$BXbk{_gYhLI983 z7ZK0)=v<4w!o!p#qs_E%TbN*TUFUVicc}gG3#>r-Qat#YyRGLKH*O39c&b+O37I7N zGv32{gWr=!?1x|-QJcBk{D8g7Xl}d80ikEY7`>2pGP7k7b8wQjg z$E$`dH=K@-&i=`vk0Gt}m9}u_q0Q96@Mf_!%Em&y?Gp;WN=PSw3KI%FcmlSZsRMFN z`@FkWZ!28EIAro=U&ZfxpdD3w-P9Excf`%5wz;8WHFsi9!Wa&t5DAq^ zu*MpP|4?bsRjA@*or-7i6Yh;9y1jH~-9>TUUJP)VFG|1_3q5G@q}KIzKWK4p6sz1a zzwJwWU*$S8GEFEJODaTPIoyvN?EeNAh0zq^Q2Z<-SgmyEv$j#E5K{EU*%nO|3nUxT zx*&(+a_rG+u3SFsepw`yCAXbg;Rw1nzP1X1ZL`T z5y}j*BYiJ1v+_&Fu^AbKlf@!aZnL6I0UKVgmhUcl2rODT%ERg$@nNATZ=y0eV3qT1 zHImE2`QSZkM$>44kAp>ZExcIAiOY&nE9`u6ZJ6Q(`s#PJE7}%!5fgUuzWkw*=LCKy zhoW$Hmp)JBAdbvrLO;(O-nQEPKo2fFS1m~a-O;O3AknyumS$8Fxgd9Y>|9KaIx4GS zPza4_hM`TUElit8roFsL{5-K%!@uYL(z-u$v!cOq*PgYs#>3S6_NsgLE2RAGw}_I9 zS3ZZzaOqM!_P8{6C&nWU)->zfjTCBqU!A!%>b3j^Zgw8lE;uG6I=3yP~(^=8Yk^40tDldm!bK_;9ls;p+ z5Dq!QJDg<4TrwFk(tUNFR>sm*sL&V3dpPgu9$X=quw{v*-Nk-3K%GbH+(cfO?N%@( zfbWpO{+B&K61oWPH{$B+4FXw?4*6}>T~_R8KHD(4NPS^gZl1ZA+wR=#JeYiXV+ZAS z?)^y~Dfz-}VfsGM=H(kZE^DZJNpjRM8HuSn#q*5?zZ+slYLr10_MH8<^I)P--1!Q+ z>KFFiow&nmB%-`)sfSDMxSci2KPj(M6w?0Kp4Eo4-uiA71b=(HnswwVcORa|&y6JGXtJZQn{+IAaOP=y z2Z>Pet1ATh?Fmr8XH{kGsb*?(YnUNSP*5H1_pG^)IQTedmfJ9rdO=PuqdlrEdiJDX;zVKkFCUV|%0T z)QTr%dclR17xt6YC>kS5UM^#p7qvIO?TE*pnTGh|_C4|C)#Re%igF4G9PaYUqL(TB zlh3TE)Q+t8EHZD!Mrz^cXKEKRzuw_ zZ~!f*iI(^sCTz!tT8wg`x@CF?*TD~1-5%FbX)$@H;U<1X7>bK*ew8vr4ixDQ9r()} zNqG7d0>}~SG`X_G!e3$k{$ueR=7h@a4@Qo$PyS&`;by*P9F*I6-;wrPm9wVPFy_P% zj%KKqJ!mybr$LjNeauDM8%zNx@CdzmaNMnLo_};1Od_m>i_bb;s|U1RzS{J}vF2Oq zrnlKAvB|t&h(H^lyRUZ>K=OU!pcc4cRG{ z)<^30Jz=Ab&)*;k`Rz~91r70|0i-L-&o#pXKHx6V-o~JA^?Hi#)efO7+v%k*$g0cB z01H^QQrM8osT>3PZlr*gaDjZw4lyweaT+%Fsf0>)CrVqYKZzf&bsUJv9RM)KcfdRS^(DR!4)F|RJB`9cZA(1eD7j|8A!58g zwm2FGpxjC!i2jwpVD#>_b{N(P+o8dLQ?485wR`c08itQ9yh$}Qb4hlvUeRQ7eTMHN zp1^&AdEFi;-44I;Npqv)g)G%Zo zXx0se%b-}H0j|TaVt6IKh*o{fqiEk!7!4T@R|4TyevLl6XlpYpv2kLNoSNDC74hqE z23zzh{PePO6ieQGm5(&nuB!Wk@=vy9{#e@irvUc`bpFfMe4r9`r@0UfZ5tg7+hn3% zo0r)=Ma*sTl~igoAsA8l{aC&yoworW0a2Q9z3kdl-GPQ-f~<=2K;(u=6->< zbWVa3R~<`6V@Ixx(Z^4wmmEqM?Bj_HlYSlC7!rS}T-4+)#VS-)s~m196(C)GipBW$ zjv(HvBV)RNm0=yee|xFLei+^Pa_|CwK7`(h8_(mbT!Fb}f2Mn-Yh2h?yah+8?>tB& ztli&q6twD62O{GCQf}l^Tbdx^XlWG}imE#`NFT{O=U$LM-29r*?d#d@i^(`R2L3-j z6Glk8zc-BR;`*YN2TqIwKihkG-V&T;mdCv6r1^mWcZo!1PLE)YJOm!9~xH!__!?D<8^)OL+RaFVW8k+>|*g z{Fb@A*6XPj%Hfl%@ta;AIzc&2T`9zPx z?R#|b9l|fyDJs&ykmDy8+LS0}oKNwsOqlvT#M>t<;T1x*>~MA;tn1U1QYtszcR^d3 zdN|7~H#$WjbhS#a{2>XpN*i?VO$PhV&H@92!N$&><>hhPIEP)XP}BER&!WCM?PebQ zX;Zy?5Rqtg-B6=+2H<7Lj&iM94Gu2n+TovDtA>UkGa|~5j=>11dtbe9_oDmmeO&aD zpjk6Vl3L_H+0xfAP~T&nFQw_HXR^!uN{8GZ(g|p;h^rdhRx@7b0rgi7?O(6iT0lRV zCMUMFzPa^)n6JQ1>i056w%NIR{qBcJB9ZeMZoJ7UPmtvr5TdmdOU7MKW6AJCG!Kh1 zxU&$$8E$f}khoX!(k{`dd8qCsSypx5HWgG_@){E!OimQ)z6fk|fV6OR!=Jm7l>tvHBBrbRR2P*jr5FHIzZWXP8lp}GhDtmy#B0tpp zb$79Hc@d#RqpSLw`8)0z zMwr~Nf)S$-44(DZg7ekp`S6)0V^@YDjdr_{uW{)60vKuaM<`?q7438B4?OpF6^H(~ zeaIIT#tx>moj$w3hwSb1VH?oC>>_mIO^x^nCo)O?KH}Z$3dp6aL<{sDzByFu`wp$$ z@gE{_)Wu6RrqdR?;~)hg*yFCAHdz&4c?Lrcs6R3{9uENt?^o@K9!wVV2x<)oYw*IJ zp>43Xn424;XBP|RlhfA;=BP$Fsp~^fnX9&4FPl zqn58Pf|OTL72N0zGEjr#PcQ5B=A$HV(D>u(?i`kRgz&L;bGWC18?Yd%obwa!9Agdo zr$=_@stfy9yh>T;6M&Gq?*2t*^>G`Lv-%)m=<^o=69))q%vh1bEoWiO>#4mJC&$$l z>%)}|tXLv+{hrs~cF)CUU$NlEvP=x*b>UD0@sTTepAH?d5Nh-*p{uXAR-!IBiqvG0 zTruiRx1|dyEFtkcZH<1$=HjHf?OjYP<(Ot&L}R29ne7f8=^TiCVqtYE$|NQ?WC zKCvS3e)`5RgXuCg&?-WXEi@>R@M$*-YEN60@z4Z}jELc8c%?g3i~chkNIS<`ulfBr zi9GBxy+x8c!XOr0xLh{y;+L!ntpaB z2D;aqD@`xN(mOvMp*LS3?4u>ihvm6wU%(ezCofqcyeVau%9dmJxu*JaVJLG3F83q9 z0q=$nUoLfD{IKU)(vw!z^4Ii&0w2l;5A6`F`P}WL-pky2C^6(CC`x`~jino?a?|P! zHe}kc8A{~Ytln)w*A0I=O0POKL=_X56~_~%H3H*3Yl^^XU!?@|gL%&_q^AWT9}b~6x{IHf3J*R-O{&BWr76xW zrU@;Bvh-5JS$_06^lWS%_V87i~tkKgI^nXM!7w5}V2+o(g^)h7t_WiZm;C-uF`OXi5k`K12j@9_~ zr-Y+eG!opEoF&O$XbLae>n}Wm?njbV5AI`Z@EGAP15ol2_<`#{UCRCE!$!qBoVksb zxUx4>0$kHpSH916)Aw=@JQULOpn)Flx>@G0Cvw~C-^#GqEF_47hr!EHDwVJ84z-*} z)1qa-v!}(~(Y9CItu1KV-uqv1xb3ZQe_Uw-<7*?siW0h1;^ZmT5uRbrEVWDL1b>wXYdD9d$r&_tOe&v+A z*`F-yAuW@(bng;(+XM~19~xH`$e?E9hh+iJ0dm4FJZRd7~5up!B*%LHtkoJ+4_Zn z1O`LHy-rLr>VpG3C%$7t@mnsPIo@BiK&Y&If z5_j#J`45kGpgsSI3z0PT{KT>iXfmmhpTrM?A1#;!Fv&Ds?Q(IT5Y)-n>i7lC98wr6 zjq6zrh?my^HH+(;bsrdJ?sC}>`H4Dehs;IXz@FAbBRAX!;wO!)$L+;fj)XpTDc2 zRv{X9K^!*|K?6l;7N=gBCC+QKzE8~Pm~TOQj{ zL0Tp?2rW9RH{;%DOTQs;rqVe{+<2X5l`vGRPE@7WU5ZX5fA6JX&2hSRHvOp;xTdW_ z^pr8*uIhPITd3Px$}ykbM%`1&Yr_R0m-pSI%R8ScDb|R55#N5CcwYq3@wRhIPm+uy zlN0Rwn173W-+PG-<_?Y#H7h>A_JHLo!%~5Q;6}o+B+TkL9H@j zO>|o2(srXFgCIl0xKjleG43QfwbEAhA7K;qr8$HR819<`2@I<5${kCG;kAJ*51}hF zw3jY9Fuslq@YGgvnhvRqk14{h_>VW8*)U)(%x^#@&rw=5YChA355}>CY0WUm_3w@w zZL~CS8(5qfN@T5{$>2Kl$9zM>AJo1++l~>zZCXb&c`~2gWjTLDL>KW!7n$1*bQ#I$ z!YSGu#(s%=C5OR{x*5#lcq!kTI0;>!zTepytIuRKx&09Mr7{J|_X2mW#w6VrGbdSP zZtba0g6Yih+e(VAOR*E^zjG_8p=rHEK1`xWSET#(v{qPuY0*R^?V z2Uk~7yY!dEju&69Pr-dNbS({KZQPD-!OeG5q(T!qeb9z=7L%!_5Y0ElW zEjVE;R-Yz&jggZqOJA1Qbk!Q6Rj05@mu%}jtM16ufKRsLR=)MG>~)y%>T`U^yw1X-*W%##gxpmAmQYHnYUn?u)g7~ zQn*U!*ce!&Jx@!-dL=)I@$%{LL&jof$FL71hp-s-THRdHAU3i0{m`0)Er-i9n{Y4N zs}4ntBlMEx)LJn`QW6bTCIwl9^>umv7xOFH%0g^|=-wYI2C?TkB!UBzk@67am~#xW zQ)Se>2e*zKf_>$Xv6QTvgWK8=+n+FSP$fTG{ciAj$TW;R!k3P(0Q z7X#=W?q(Trb&sC0lk8QrT*7R0#hDET)MKxHbU(=TIUa6#P~%O zz4fmbAa`Jcv{-T6J)3tdhH!zKeJju%8FwF@OCffVt>S&aYWVa&lWY z=zh3ttnj%tPP}E42RBL*WJy=pfN-vG$zhO!Ojqshni*v@VCzWXKlXaarR+~HW~^Ms zoKG!RpbQeE_5OI2LM`J3sjoIVbXbNj-(`U#AH^_y<&RGgPW4AS^Et;Gc+XNF=YTBX z(1|fkHWa=(q$scX9U6~ugfXNwJ5y=iM8zNs?;o77sqVSA2l5vxVKy#J-`*VALQ1BM#!-89q%AxXrf#m$L@sdjg;a|979d^yi(q$E#!YuTD3= zI~uG{i!pVmJEFxhgCIT#GulF$#@r39yuyE|U9P@XIUjnLQnFZ*KVdwpoO`GRy*~@< zJ1ghKL+W{`hGgUBQ~8p^-$Mt(UMcl0w5@Nf)$c@fj1EO!6!dc;PR4eML|rLZzQVnA zfK@gbsm+Ye*Xo`{2|aE@^_90A6&9+pA`hhfw94o6hr&q|iIixi(Oh4|M>b`=_%4nfb-sFVHY+3ksY?7i0&? zNij!C(%4(=m8C!zaZ#|@9U?CF-5CytAYXFydsaZ_exjF$Ja}PT_f;i`FO5mln?G=W z!*S_E6D&FBBHBzj$$X01aR=!DIvG9tOiAUof+IQNhU;}!GqT4(o746Q+p0Vi!_^+d z+Rop_Qq4z)UYLUiZ`mT5i$S={m-Qb-1qTx+VWxDrmA|?SK0^ z-`gjaNk`$VvRP(6;IQ`9b}|ru@)j#E0yI!hAzM6bBgYTNts##iU)j*UASn_bfyUse zYbZy9IuP-T8Z-3x3B#Ihj&iLzP@Pw8u5O!soqNeE85Lh#C0e=}`gGEG^PQST08>-^ zeEzS(<2DD*+OVg&1Sk=0spu0!PlafHv@m`3Ev`IdN@j?5C*_M+Gak7}%DUg- z+%wZPTAl3L>yV1DiFeeZ)q<%iAyiIl@1mkxqd8!FSQE!HyTz{#jJe{ILJB34!G~P( z@65F0ws_s91EQ~T>Ggolk$9P_7?M{>MK1Mf0yW008?Hubc;(2Qn1kI#j;Ax=jQNP^ z7U%-xCVzXk{EuN2!6fWpW8`VWi;iUA?JRnU7?t9rHTX_ z5E_h*Xq(#vu_8shh)7uQTc4I`r(uYyzmv3nw5tc)&$>eo&o(S-n{kS?ggSE*V^KJ7 z)X$q~!S#1adcndap6Z->+Hcd^;rU&!1O~4V`OcBPTZ^A#HlOU#xT=4Z=<&ZNBDQT6 zlJNL$f%EAd8Bxin2}=HN--O$hX(LE)Lc0BmtO?|`-PjtXo{`uHv$n(6>NUAyVLaN$ zxjWJp?ASs}|35mUy{UG_79I7(eZke{HCFgDGaz)PrE8fGSM5tC8zJiNhY$Ixw^VSS zVQSMoKSjfS{JE3uQ;!4-OAo=oOT^5OccLp@NRu7KsR5mF@pvuiY$?~2VZ*#RZ!8la zmz6_&uQK!@V;LVNOzG@~YvaPrN*yqa%ScCb(0z%Z=NW!=Z`#*^8iphDdeZZ^N5KN* zZdPdwT{(5j!Lw_|ZkQ{sm|zCVv3-NkHln|)0R#2mpCNoJsxNTI^at>s^~H_-SV^6lIn(b}9_tC|TbT_%L0|0IwvC`xGu)+z za9wyN|AfBdyqdRA;c-kilU)nsCGg|S4(gZVbKTu}b)!91${-}w(^ZPv??;2$AMn(_ zh^vJ#bWtB*O;==Xt)yx3L7a~(egB+DTOo-hx&b?Fa<}eEV3kk*9i12D?e`js#T<$+ zmv$)5>3Z{J6xAfWzEI@bc$nFfb&{+l?=ZGTv(;~vbbg%^CJg!mN$d6{FF-A1L}G$> zclnOXN(Q}=1}@7+<2*LE5oJ$c5U*agNy8bKn;y@|*{uBh)NFE7B@#&@MeWKmPKXrw zhc6=ji51D?QvD2({E5mjV*+U+b1O69k8N=}$-t?@;kMzYQ7XRIR4hJa>-seFhnIJG zZmIXAbX=o;ta%EYl7H!_n2^_ZMOl& z;}E>9zi|Q3K51L_OpC&(#+kUr#N%f_n9 zSg9qVtK$e`o&C|A8VHd^7WU;V{{E8dwgj01`QCb`yEF$4Eb0nuMXMOcM+?|~~I}{|eZEWhNvp(f=|a*6rvS~ zeW{jA(Fc@2ul@4~vd7AULoDp77v$6bnFuo8!+ z^+r8}enyJ{gYRE*d=ffB52SH@E=;f4DfHL&%1&Y_`V)u=)VDYvo;OJ#wV~vWf;@$eo%J8)oU&TMrjo|i z3&<^(PB2|3D2d*+wGssrA1 z;`gM=NFqSQ!@j>Jeyp`E=K5-iU*_j0DcPzicdV+qecaMkMW(0Zz@f% zks-3I3sxh&*whs;{j3#wf@`Zh$NOTR_{!XKceLv?c?R`pJI|h4JFc^6s=aNzu6-th zGpYB0h_Y((w2k26LpS481EowErgBHn$b6*WH>1&00KppUVvCZ&js%&7;>B?hjR@AY z1p)`JOcNfRZUoluAf~*P2I>idr(%g;4=B%&*xAjSZV<`RMcUC;jYhj(M$$)EA$VJV ztjc7QOJ-95TH6y>I43!>cCYm}!Yy2}LHh3|eLSBMoIC7Jma8_N+cpxg|GH<@!2e28 zpAA{-V(#PSbaAP!#Y~Q0#mA}Hok)JWCII9qxp{iS3XS%ETE8&m|06)z(D?J04gDem zA4#>;T9v$?Ixnx=orhX_>4pZzR3b{F*WnHKN#3M%W^+Qj^X_sAl2r>Tyg<{>l!pyMU4g8*=i;%$> z$V4^Bv{a-OnU8icxl!Bcr=l}XUNNftIo6Iq3uiK=$2RlM{79PE@9#4wK={aKw!1(%cH|>}mX^;3ydtRhfbzF<=F?zi z;YDU*sh3Z+f&@|Sxqq=-h|yIQRRjZ}oN0gF;$<_uiJ~6w2^AiE_~Hdp%&D4he2z>& zq)xxw(-I4Hg$~u2gNIbexRq3I$QVKd8Ht_eK0(*Kn11X7>YhFISLPQW962!D8F zwgLmcEM8=CJGwN+sUiBk@Xfi{Ipc+Ky_BnT9Q-t}*wdX^0kzoou&UBGbexxAwizPd z{RoH9-jHDIPgAEgypX}zy%M!59$RC`pQ;U1m}&K2s(ij3fTb}M-fayOL;XZZ5zJnc z)kWv2(iqJx?qnTMlD<`TS#;t7|48C6J6m_9&L9D^+0FSx zJW8a$=k+R;KcR$H4y7VV`ut$Z6k@zWV)X%GU(s21k7W^kd&30RyumHZ0|Tan&8_5d znpioUZ^x>GPo*OA^?v5TOT*uw1}vo6&}#BVwYM^BfqS2DGSCzizS5INiFU2c+X4XifjuZ1))tc7#JaID)7T-eMEOV{3wBJ2RTvY+8C!h>Uvk&fD1nk~cZ(8OndEk8?9gi+b)mjY@rr`wFl*^50;{MHo9b)5v15%C+ z`t@l;OY(WkLa;jWtHv3&&}PB@Ldszjs!$|O6j0wISQjqIqEA2jqz!@vrfIO(QF)Ei zQh~)G4Oj$;U96goCqvvO-@V$Z0|e>UorYvPf!We3YFVor1oescVTt4Hd+Lx$MdzE; zPcG#{9v;LRU9_ycpwsdNks7E26-7iWF!;hv_|0Zds`mELe`@8LI z@{sX^dnENIa}g-F`(9rUF5<10oCte!A1JTWLeD|^IfWz*)=qlMN~bl@8tR)qZFdpq zMXvfvl>Qlj9Ue~C)oq&7ZSt>A4$J48 zMcsRzpuFQm*GQ&;QM@OX9nibIN*a&)r$iNylt^u^!~ywIBk(ouE4nO~JEm$W!rdkg51GmRlg--v2#nNRuM5vq(7Gl+*F(SwU4fC_%72KfreR z?qS%l>*eZT)cm}`VfuO-fXi~ME^l(U4a6y^p$cODz@wIY6ggXCJDrq3dq4fai}(Ir zBqlHaI}#&7yQ@n0%J_Isys0dR$@;9a{4P9++ss5dwvQKgZCR0P#K)-mpe2Cl>%30Y ziJ7W=1x<-!4I2098L%hHtcO%Kp-0=7^~jAk-$rW&J1L02QjmPcASnhtZT#sboOGky zh4}!S^~>q}m$zw_Au9I#CJ$--lznh+ca)G(S)~8R zR;mT>8;{aZkS=M1b+CRba$m4cI;=Vr5p-lCnS; zZ?i;N6kT3ahIkPUM9Anm(>H;t<2_=!(=;NV9rf#zFk00eCK>I9;wljEwY5%t`(j(x z&eV2(%U0?18YcjK4c`q8nEJ~8+@4}4D>Womrs7?nV^=2+ECFRj-$_UkERyzfZ8v0X z)Yzo-C{l5*RJUK}CR4#UOKgwpevs$}l0TneJip)wS@q^veDZ``f>NmU-VHA$8u@Lc zv*)>>8ro(YgJ?tH22Yyf@VMC@VBv(=YgY`JrG4>nt2vu^d#+F63v1+BEqhdLUglw3 z*}g$ue|H=h0;IS1 z4C_MJv)gKJY{sh2aX|XPs|^y^z9580oIMRYuTp((Z%*ZWSxhs7rN zn@*enLXu>!am?#fCQ>d>A^f4104j2&2+4;GHq<*`6T7ePo6$O%w>=rLz)B~kEJ#6K zKLa>E0)ibiPxgt?)iBS94zp8O%ZZnpKM2tVJ+IQe9EzXzzSh0myLCypP0C>YBFh}f z04}2OgIS1`L?shtH&Z(A5z@E5kJ^!RQPno#gnN5tj}GO=-mwRHM$t5I=Q-a<(o}Vv zJGTv}db1b7p4xNX1~{wWM-csqW)J_x1Wf?E_1pb$9#mV&Zm7cQ0lRTOsh8;canG`R zrt-UPPJ?#jKXU`_p=viF;dmb`&S2*BE;$JgVFisB(YJqmn95|l+6j5^3h~YH&~-LY z6BT&OjwtrH?6N^XYU(p|y8F67u*-s z;CQXSc)}3Ydj`F*-}0y2-UgzOqASZvP_)+h&vZjV&8B(6&8HS-^F@JptQu;z>jMm% zBe_vpRt@U0Oq#R}u*QO3WE_zB%vsP20M;}QMAEq{7Z`)xxg)0CB$=I?7R&R*495G+ z#Um{q*O_ACf=<^gTGf_OrzAYvhSM&DeM!ul!w+uYp($aTN&Y~3hW~LoUpGu9m2jh7wcc}ekPvP zu}4xCy3udBC>o>No1)qF98ZRBc_zk|aAKRB=|*(^vIjbN&-{CWFDAhMiu2cnULO(y zq_MzPN6zid%Sl3#gZbr6wQN1M3`3}w7)}@Z?--(q_)Yz73xcBz@0t#s#8urp8gMr8$QLD6#y577%NeV*XUeg4RJDxYo7_vMtW7@!n?4 zV0P*W1^dN}5aX903Ju8aU45ymG)}ahElA1EEuC-70Zm~;p0wO)LbP?+sXntLd;aOT zdLj3g^2lC{7^F_Q=i4`mvzv58ycoS9I0Ok)%_*} zJ6avGZiJQ^@2;gm<)C?fyGylj$s*9w$ewYwewEr;`gKR5jeElt#t;0zx<;RyJ(cc0sNaCGtWFmZRzp|Bgb)M;!}uMze#$KFLJcf`1t zX;A(NF*8*wKwet8=4nV?ej)5qVZO zq`z21-j^Dp@@p-8CSo~5ZnhErIy)!PmnXbsVmCrEsVjoIv1u1b;-E8LN{?-U78R?^ zHCHk*7h*>9RV548AcH2oUA*(dGl;0fK=xG$^PC_#o#aBn$R^F!o`6gT}5J$X_ z7eFBRWAuJ)p*G&FJr$TKM7)%0fbFBJ`@$?afY4~xh%h-<_ID8ZOYyhIBp8RyJ2?a7 zIzAvNh#m&Ld|}?b#7d*y6D?o?{}$6EKKjcel6ZwA>12qG<0d80wNkxzZMaGv9nx#X zzt(@q;V}KEVHeOq+8X42(6QoDacaJcc64FPb8K%+@7H=H1t!*4uNl>u=#<{HRawE+ zQ$GwTStWVTiU`}e|St1}00*+uN!kcydG zEhWdc*cR8bmO!-1gW|Yr-l+$; zph8;5S#dpGb1qkz*c5L?D?!gmy^yBuGttOz8m+}67h?IQcMjuINFerY!`X6-LAs?& z&^|*!69Ne&3`4jobWLdMso&HpcFc0p>*s~b=kS+M02z4n)2uLssA>*cO}NfY+S^z? z_uK7?ZsP;sN~*ED_>fsP4g3BTqZ7G_fM zJaWs4SMa|alN8U7_vDrl?|$Kg(jjdLvz)PUF?bby48Buqbu-4LlD5~&1r}$gZG!mk zzD>q6d)q?$b3kI-ErJX2FrmO*=QJMDqXv;@$f8M&840Ahof!z275OHpSteaKB{R7> znjf;dJ3VVfCgou1c+_&K2xS=Csvf@3&ClD*uJ%Fs!rs_L zXD)QW$7Z;7f>HKc*3I%W(t8WI0R=w$DN8a++HX*&^`H1y%-KmmyPXPmL)1r6s;87! zcThyS*6*MV1HW~o=t*7r{rSgL)Xum%vF`dcBPd_U`4X1RHSV(} zdxr{q-Y~QbI&rPpUKaRE4ewO(R}%qfXQozk-eOALM=pxp#~yytTgo+vk2 z*p$Co^l|#K?J-F~rgtz`O3!_>%bO*)*&G$=QaToA*Bhp_TEoM-5fcd<;4WCOC$i*? z|NOOV^`3jmmc?S*KuS}us$%sp3~Mue`Pd=_?3e*ig}!|pgSx5$8$CKqIHtOzA@}%X zdq(sj264#;mC*c+3TE8c&0$um!2>Nx2mF{BmE3*xo>E0MF#GhQ<AnyH#_#0odLKf|puvu3}mQq3%wOdSllLuqIOw zMPlyIORSWG`8NzMPBu*sCzUbFmL+gO+REhPc55CqNjz2&{^SL8_&sr_f}UC@%GH+4 zE}HHl&*T$FyM5fC*#knWuzmMXZA86oI)|;%VOV+T2gta07||Pm&Y9H?QQWS$@CyrZ z+!aIxCF&PzamVotR;Nq%wiStiK%=5DpNlt0Q>MfhbMnOv|4bEzK z3>B4QlX)+?_%y}wKXHZ=`eZs8b8k15uW{Q+)2)uK-6WL}O0te(%bnlr{Mq^W^5))W zFcwp@%g-mIqFN1=KqroUyNVXanW4!Qz`cHL`p}}U`NjeMC6e;g!lZhg#)QK!3ilBP z$ogE;y~@QQ_%RK**=1~_?iHILFVk(LnTG}h!PXcLyyULE%t#IHmmE8Z7V;}oCkK}x zC4cOFE=i+WErbr~-U@xOe-o(pO)o{Az@drHAjpxP)8XBwv8& z%@X^#Y!mLUkQ}$z4nMKM-&o?y!D+_urhQ# zi^gpQK(i$lA*?qmGY;;)PB{uqsd*Nl@$QF$^|TgyR^lCm}R)YmA9+w|EJ@r@j)))3dwUinBq31&tE{ zI^m{jy*MfmF|`Gf4$k`GqAen?EWRrgLVky_0S34K|A4*;U=^`A(Yy5Lq!5+tg6=)6!`9OP((*jgQA! zf-flE^4TAGM;RAw)iDwdd|lw>>%gPQAcZ=p`O?;h#TG(`#w11Ke5~nc-Ar%xL!A*g z`v>=QUJ{mzzk824zt2vTp-R+NS1c3ps8*52}I?cGaDL~`F_BroCjrt0+VeS|odImM8f?d$#dJjw& zA#zgQQEuz%>NZ4|)fxd8IlI+PVTE2!!whHrD=(V>3*AQJ`l<;6j>*mqCB;hFIn4j7 zA_oh(W)!8K`90LkG&aniEBPRm7o|%|(d51l>i~mAOc_o^9;d*&_S}ywgDl@7VHY3- z;3kH7Xb!IjTsAFb+Yzobj0>&&91wnmKL$$-+hcw3JjUi|sukJPFhFeoK@^R#zyh4r zd{H!j%5@@2)K#YZZOpqKg2HP&kaL@fB0><(ZT_u5ozeCA4kaNK|ESx64Zq7#*1$E` ze?3`RN&YaiGxWn^^LzuWpSIi&Gmb?kvPXS;%N^)u6E~FkneRewsj!r=%d8ZWvk*t_ z{1d7swq~nEn!>fx(OUoRJktV;7K4!6>BNlef~v~=Q|RY~h5RzZwW2}e^8j{%!QN}v z_h}3bt$NSCq5uSG{vBypQ4m)(pe06+Pt510a>k@$sm=$EC>rT)v9m; zef}B=@QkJ-U#$v(&jY|&Kb|M?!b}v}{Rg@h5wF#jg3o_xqutVOy|Jv($-Rw&s$6!v zh(ir)U(DZHeCDjRunuJax}8jwlImhVZsm)jR>b8tdq3ETCNMP@%4>p5`n=yf z!6ZquL*v}~a@KfPDP$@vWOXo7<;$8}Ht7OOPtJnkMP=ppFXL>Q{3ZT|j$-$seN>$} zR?Yc~%`{CVUbBYk(vtvd;C^=6EI=B|_I&##_sBK0DcPD7UXDp1bzUYDsLWTHck~hrn&wt8vC=rb6 zJ-ar&N}h`#S1{d;$&4U`n5Ij3jJoXWe0ZP`vH*8&9puM>0jXefA47c7B6A-RYMp|t zZ`;2XJfLyicA2Q;vqQwdP>RVk`Y+yX61-UC_i|o8*NZb+Z-F>!aKqeKHjDOXW@;5L zr3tLg(uhbhk~~K%r_+&Cs|++;`3R;7J~a8)&R$!+3O@hjsN3r?c&)wc%%-iV4fW|s zpLAsGXngfiV)Mh?ReMK7)os>s`8Mk)bB^_!e!{n}q>yQ?;trmC+hpeFWG#IvwrO!3eE40W^PBGMa)4b&n&g(@cf=wBpXZ#x-wv_ z_AGzYBx)V#4G4AyQmO*N0|u6Q`}MQP3}YVxA>E;%Me~zzfI}JQF)GSAI%!iHoP3-# zK>S|Lj|||LC`o1+epb4s+v0tQ&Fq^N5N`Nrd2v|g3RN1tLlW!plQy9T26O{+L4IxS zmp#`UYN*K}i;W%Cnzd@u_R+{rX&-~~;_}Z#oh={j{t#>kxV(@Ku{pe&;*k)4neWJr z_GM~s)r~&+7}eqN0frC7tjB9F!Hh-=)gc1&MVe`-rN2rdaG+-FZ*}ODd70`PK5r4A zWP;?g=MHexopiM6{t35x$A{B?z9=e9BlSMZ7d8EnhhXW%`=tPU-E*TNBbIPMHS8%a ztNcFFUv|k7YW^mfm;4vl*zd+hYrefZGB-_0?wT#T7&Q2dmN6N2CsYD#|@ z&!ec${gN2oyAoIk@FLiwW~;55xZHAzlLgm<9wq@zzG_MxH&7}sj#g2%o|JCX(Mj-;|FXMHN+s~gjX@z8ssu>r)E~R>K zv>tU0!|bX(B{A*@=66lIzz4SPHEaE(&Ui^s;xEc@cx*m$MvwrM*ZRp=iH=Ue>q4rF zqc!CS3dip0%I(!{mxcJ9rL!1YM>d<0Tfa4@;pBzQo!^R8){fygog=#FBj4sm{4T=F zM*;<}xrGU!h1%{+q6)?PjocvPE}Zqc-dsJ{oT_VDuHUad-s(X--Rg?Slr+A+l;_p{ z;V(_@PF3}N`8IXY>X(^p}JYFKVnMbc9r0FUXX9rUr%Tfi>s>}wrwPW#~`!)Wy zVxir8%wI17$ac<*CVRMOWIlSRfM_D&NT`^Jmbo7$z30k_xQkrBimL{Hx9_*Up3TP? zoAKo!QW$vmB@vs2Rt1$$B7O|A3~-1TP*+iUNx#^Z%nd+^N2(1;bUw2LdfaknNke}}y zC*mJ*)`mJ)Iad(LdB@C@P#L`_^hK{y>P#Votd%IY;=G}t6Pncnm=Re0-907iE~~!q zDsG>X5L)n?n%($NbAth*r3@mW-URgq-*_Ylc3sN)6-R!If3Hczea0`rLRuV0&B`^W zS|lkbEPJ*lbB)OTJWR_O3wF>ZRCOTh*PwBo3aha!$UyoouEf{Kevl&VaS_pvSGm48lBv5BnjC~~&YioCP!(7WdQ*kg?E6fjkPqlxN(N2O zw$iOryvDU|CM%lHb&xT(-AAi^YJO&+dM|VXODDlDtQcTqi`$YXogryS{EpIF-mrKy ze93x^Ak0cIFo_s}L#vJd2&s?+8xORrI{-QUUY8mcw;Q8u=RN@4b2lM_l4WS(t0DwV zzIlZU`bA1*090X5Tf1c!$Ov2gr8*z6pQfGFxC&{Q@8w(9%s^A-B%Ep`+v--j3;3^i z>e}CX2o}efaN9Db+ud)Xr=Q&Yt!@H0iA7F+T6YmQZ3t;_raa3)T5R$_0W3vt3isUFzrcE#EMTvOL!*$@ zjwWpxmMF)O6_~m}bh_hD3 z{k@+*1F^F_bv@Ul!M%{KdlLQTAM>2x?!%ke7{eu^bYvHl;Rp9!u*ZHaE9Ue{M&(Kr zX0}7*vn`ThhY#B=-=1UTg<_D^ZMa+CNdE8lpr z={{;FJl^T|rpLVPQCN~9D3c>cbbU7U{5;+Tel7jYwg0UfM1l9?sL0!DbJ}0)RZ8oY z>lO>?kWd-y9pY%_eRKv?d?>(=o)ia4!8qRsP_Jyxlev@>o-R(;Ds$6FXK2~8&je%<24q(o74afFpPL-_`cE-;x>w3d${)<6Yp^Z5FZWDki|@|v>9~?{W+`Y^ zN%H%^_tx!G75VotoxcTSeHV&w?Beoc7c9V5{7%L~_$aR^%=GBtTfigG?Eu%P#+o0d zu|IX8eBvz8&jttTdgYE8T8GE%o5BuBX>GEQE&lA@%m?;%=8~*^+V$p2VC) zbSPTJ^MFM{lhEB4HbK8!pR}DOO%>Mbp1P*YVvBfJB0{*r)F;@&mtO$o%K0?Ot+;;1 z>T^rGk*p_i$cozGgtX>of|z)%?n8CTFQr}F-fiBbE3V+~OsDWWi3e&pzRzWaeag#B zb9LOBkCGm2v^;Yk&rHVaB0lwZovA^GdS2V!D0ILJJaM9dPB?hC^%|M%*3A@$XTN@E zugB~sTb!}K(g{+6CHJT;LH5tKiKfdR%K_MiwH=NAC<2+$PhEt3>k-UBvN2Rd$=9@A zZu`tM_Y%^#zU>R`490>IY+HL-fSfJYR3`Hxy^zK!KV+=vmt{Gc7=v>tz(d9DC&I*U z7jLRw-{5yqL-h~tCs&f@Siqi3U)aH{sxZBH?5LP-o(BVBbh}xgWk$_DAz!_fI_Jx# zj7woCx7R^oooz|I=&4H!QgzY7QM()=-%)~1WGkKLZk%?%{D*j zI#a{$E}6zDk=H))PqkTa*Ng4510b3uzFb7*1K9T)Gk$1<#X|WzT!nb+gvuMjb_Kk% z4c)Hg-ED?=`1+OwrkLiGMfwiCncIlmzy&5Hk`+kD^$7xtd^exIF!}|Ed}zbVPZa3G z(bl~&(h^}O6RUIXz%Hh(`V1RHc}g8}t|ZX_?-%5(!Y1!?`4M~T^N~`I4$Cg=il6^9 z?HS|%z(4NvV%*KaH{$CxYlVhZR+b`v)Y`^=NOCn1hcXFHv9>pIgMQ{x-`TlvXZCw_%duNzgk z`Y(R3N-u5Zm9Bp1gqpgpPcTv~$G1y%+^%rV!r6&N`<)F2v@Y2;-ue~!rv^k)zb@&l zsR5t>yb!0!RAf=KuYTR*CI;yJz_=Ey5ej(FO6?i#3q5YQpa33C#w~D-l~V%$Hu`Pj zv&;9rO(}#Hts_7`)##hjN0G%^)tbyWyVRp~rlvKk<67AOfXh`6Xv6|;EtojDP^Ua@ zePFj5DmZ*TwyAq@*qK&oO&wl}b5$+iuto7;|L7V%trNS=%X=S<+;VSw5OV8?dL^ZP zVs)KOBCfj;2N-)>42Q#;-H;%RUKG5gO?aWF?a)5MdY^S#R zvue9T0^!a;s?hU%mG+&kPndzim`@|o8C4{RPwz)Cn~lHc#PavHK3ZYm&+DOni<}{7 z)SoEM+~yRH?(k@j`u67V#OB-nm1%SXy_DR?Ybp6rXeMs{Z5gix9oHh0l{i^VrJd@i zEf3!E%z~}!1+A~@9dqi`UAo$)1Ryw%znjKkR_jKQGo2M)jxb6th;Sw+fg@NHuiZ60 zgbw1gzh9LasVl&%a2qCS7mFHS^FPv2-p?!AjBI~@{i@Mr&2j$^fjD0D20lFy*#ul+jzfYH+J^>@P>kYf&9yf znaEkjsj)hC!^D|)j0C1I%DvVn2!?^^aW`W?&wFo}F*?04 zzTs_hLW{OX+jKGK$P=_xt%#+Dm?%b=sr6qw&EW<3VsXvxE^fnOHm(=;ZlewG+*(Df zYcwhnlub*cAl52WKLci&7K?cx_3|qO*Dm5WFl6>Cl6kpLN|hqv%p!^Wc&VVaVxB|EDqh^LTE7~wk$^tY+c&u=k!tdhd0r{Q#V;TD&)lC4&{TG-% zY7hX{K;3pN{cH5WiZxa$0=K|0m`gv!EtNLBS4@2J?K;^+i`_cT69GS>x zfmZdnt3)(UfD-Goc-fZEcl|W42=At5=GF=G`S90qN}U4^o7DM40Q0jyuj4<@!FP|_ z3AolSG#gU^o&e2osQz3wUxntK9;Ixg$P-{rP!I_qcVL}a=eyM! zj0Vuc4@drTpa1qFFRs@<=5Ay*tZGg!x6iH;WwcLOtjBb~)WYDmal0V_gyV{L)kjLhQ6jHs08{y@fy12e zcNI{i{w}5m@!i&L2mVzj|ZIgFwfc8pU5X-kaW}xL}^^F_OwEhWYp?CZeL6 zrs)IG!4Ke)I0V23!5Kf*H@myeQo?V;=*anBi`#!Qjn)vH^P8V6Qvl_bR0tY(b?gbB zFM47*d8`1)o2}`Qn#waB9)>jjg~x8GFW7Inx>11mPOLi^7TyhSDd6t*r+;f!|8uIn z&Tr@P>S%4~Zdf=^ev?vmO;pbHNA&+sb@u0`U;k=Kf$x{%fCoP8O_IE| zw}2L4#z$B64ewO{Qqr9r75rOf{6DXrdD{|QqN(+T@SXYC{_^{}XVSAk0}x7&jD>(LEfa+F2ZJvDiC{&hrz`1Y&6_j(n3&li)jmqZc~ zxXXPk6k{a&a-Y=kB-BM81;h`(@BRCS+lTnyyiha|ut2^{R-})AKNv+c_Rn?<*SA)* zzL)}!vtIt)#}%P4LKQj3`c`klbvG|c5+a0x8y^}Hus|DJ;Sc{ekNBtY{Ck4`ke`1~ z@E?NyZwdZGrTqU}MW7TSIqC?CcJ68CBza(Nu6n{ht3TS`aq)*OxJ6TZeAGkA%YZMJ ze3l}lnEV9gQ}c}Uy;lF~k8vKfRS z(KmG)OJL2bpKNxAY|d+Z#(*9ADFqDgr?dJ`+B^M=Mg4nt^Y>85?TMv)?xB48-@JTj z5b8=&(nAQt{IXR$YCa;#&<)Bxz|9@A4Mzf0xfib}a5vsIGRX(O6*~&eAJz%^?^q|V zGO>F@Pg{q_Fq}&QF0sNi{b?=0Xe)H^f2_VVwTaSA5vC*Pf1-U#R< z7e4T^ya1JVi4)u|fG-m;s8_MPp$~5*kOHd*W#b*PP%$rVD{{)i;X4uepZ_%o1cb|A z^P^VUb6?DH?QnG9ir`&~U8w#Q1z6d`=obtc3Sx-{lkP3zxG<4f5|S25NmN0aTKY zOi|ayeR3;~e~<}SpFI^ia8p1vl+3Z^$5q+mDmT7pDtVD1FKMaLZH`KR4I5(KM%hgO zhxS5sGaqGK`*F5s!mn8?swW%W-Qcyd{y!=OY%VCpL$N|RXoD2S(C9MrB3k(y*Ul;p z(NUaff7xpvY6Ay}G|ED4e=_JR{ugeKvmG#cXS*HI-Uv!C3iE4(-FseT@_?k4xnJ9y z{hskP)Za7i<8|;d7h7OtxkE9haH3=gCLO8NYnABxo*ITpD$#UPtMb%tG~lILmQ)Lt z&`q6n8PH39c+w{7{a(GFWv(g!`yplrf6{uYaVx1T2(R~Fq^Am#qpM{aia%DQCN{ww z1<~(lAs`RTW(F1x^vEoPktAG>5A4h!`nFE*!H<Ki)IZ>|-qEVDLz*v0k0B<2^X zg%xsFsv13mx0ii{;WazrBVTE6b#JmN`8F^b$8jT@eMF| zyZz!m-wq+vawHIWbG5Ks5&yj2T4n1{oK^t52O1-XC>oC>pIy+~9mRKC&V)NNAyKr~ zn)3{luS$N%SFTaB5*?YFKEGP^9Cf+GzSIexGnwHk`%aoEq;tGUGB8rLT)kQ%4hoQb z+>^!i+UL|M`4j8>{)^M{iI9Drnm9dPx>3yE;{RI>|3lnMqX20xjoO=0=Jmz&s#9>< zpU+OII~xX$M0r0re|>Uwf!>ou7Z;DjC5X=$pN2yVzJ{-tFIA6K7_M7R9i+|)_DV}3 zIuX!6Mo164)w=tMU&ZgPPAPS#by07%?km$;iQ-H9y;+x@Xm+9gWOf=c63uTXk}K=$ zbYYs6J-MUVb~AU2?s7~x)TO+Pm@JbvKbNP{ZhQYI;ywb!!5Nmm=@{$h+MDpDiZSfA zCdoSgINP_Rs|eEiY1X#t7$sAx?HTk0oSz1#z+RtOFJ#9_d0oY(e>T0L2wO^8n%D!S zAM@%AzOj^4G9?yvxWJyfUQaMr+Y%e1Hz<<2Pwc!lEv#m7z(Vb*vyg!&Y|?Bi;iVLv zH|a*A(*zxTkG&u&=pUN}oj-n&eNnW)`m@WpWZQgahjJ)g#g(5x1nb0k_pQ)b zPOYAJE{FvPvr-=y1u0addrvFCPujc~q#*maHz)GLl{4+ZE57b^v!O_Z)7*>f02UrWZOzM13GJ1VP4(TC0{9MvGl&8O!noGV}DZuIKZ(U z2NaDnBq+h--KEC<=y~t2#s!yc!_uVXI$Ks`zo;mvlhvsJ5o^O3wnnw!MXWR7)cKay zj*gL!9l}2c6JBL<&2g>%GlZqXR@9zlKZy8Uxnv@kacTOKLveBy<*}*6E0}UQ2v5mG z;j<3cDQw1}eQFsV+?CzSM>nThC+i(#_7^`s)E;!Ax^6+^BTf6Iq=ls$zmn$2N?)1cQ2DZxKyMfL3D?9`!1UOQN+M8>8`+WL z8?Qo&WZVy%J_43kNM8~tSlShmKXKpJ&#deX_N->wW|D2ZuJjC4VAdk$!~$+h!icZ|5wi`sqmSwbK)1ooA#pBPjmTkOvd& z1KN5@6Eku`a!FzHk#)yAqsxBOmP$oZ>+(Mabj`^MjlNFPL?Y*{S>S_`>#xE;V$9(F z0(WqCON(=MqKB87B59mA!`>eH0GjtpMd@v{XrDnQZvW}j-?9shPvtXz;&5cj>%9G| z<&OJDrU9}sV)k)$VW}f=G^$ESl#%DKT5@%wiV=E4=qwwWuk})#Mcn(Jtx-pLj;-CE z;#@()Le<0wiF;I$;@sFnOBS4=Zx1)R(WiC*E212d(H+nZwlNfY<{|OTrFIPqBqe5W z*-5zXlzKV2{TWs=+v~Nua&kSV)u7NJYvtfOwyV%cGcV55cuC+!IQ1*}PeD8d6YfFw z!D3G!Cs%qZRGNlbJmi(U#}g_ftbC>+z3Xk#kkaGgnW}j$0wv$BRJv*b2$ZdVlTYaj z*{tKZ2I%8VJle#iTCWYwzHW^IMDWp9vs^evnY{7JRT-Z9c($LGU~(#?z_2-0Pd(Da ziBzPM*DcMQ#W)l*PX?+HO`*llKx6;nL@-$tHDlLu5?~+sMu*PotLVqk zajJ$i<1N*kzZ}gMeQOp3ppDi@!dB(; zVP;_g=QEH6-;Qmv1~So+x&~v~^N6=JDCCdur0O36f{ui_m2L+$dcd!W9PInkr9=6x z+d=K@Ky~#CsoZ|#(D>9;9y!`pr^*~9OAJSy?wJru4b?*ND{FbAD zu4^G3lcm!U^C64v;aK%#UDv~Pq(2!ggM?;)<7=JupbCC-9k-|3U?67w>ji^Hyg)Qg zF8Y&x{r+>J3ga~@7Lzx{FH;!I5~wcijIQ6oQWbwpU zYL9f)Ioxo_UlpVz=~H=p$x?|woESi~yvVmTNiWTP#Bs)rP9ABjU}X-G;YtIwc8vqT zh$z~e18g17!qq%{()?EQ)6UcMlLxj55T6E&MITOIptD1+VW&b@D{~@mj;n)Ncc3u8 z58e5j`jywj0_GL7x)h$e#JrC2a!sM+DCD}x>Z2Dqz`i`lDZLkZXQB@z?gWJw4e(GU zHsqQ$K%}HP5~ZzD`@-&V#9_kv zMM;@fBIo*FUoLUq`sUms?&`)t(#Rjy0|jmS!Fo-NnU_^-WlLRV9%*PYE00mg!86eL zj_Fsuu(_G8J^8AsO;}wu&*zxKVG{qZ=D<>7N4tu`K){AZ-(3$pyVIZl2#SzGo40X5 zM$fgPKVs~xj6Vr2DEkiQ6R6wAOh}`(a{S0u-lUb_sn?j*LO$+a|poU{LFN;G{q_K%|noRM@XhbG6*-Qwj@y+jtk#! zt@;jsGY#K%O&ECdjMaU(oT1%ifm?Ib^F{t>xhhwoyJx1n1tD1RP_>ro=T<9np7H~NmrIe@?8Kvj1*b@TF&{e4{J1zK%y$iO zwRLOpzIYEq#%?_eZBcC*Nr_z3_bOeu8SGxdaEWZ>M+(2bNo7w;aES0qynbCgW?6QW}Y+8zbL~l5~O>*UeOwhv{hgM2t6RA#7IA4t2u*1G^c_qK;{aAqm$NqW^ z`by-5M!}nL`ibvDuknOjxeUorfta~E?9-GoD}Ad!zFR4AXo9irv;T*#vkZ&6|JJ<$ zf}(_!w17y1bPNniD%~AYLr4e%LxUonBHhxRLw6%EFw))9Lw5|EpU<=RKIgx$>%8Ly z7Z)#P)_1MXy6<~sk4zK(?i;|f>OGvTI-Rn0zd{co{M=OVxaSPSbe93$%plap?TNGg#~|J@B%&$Q^K@9-VmzB$!7fJ1HTu=Zn^{?q}-jH=HJ{+c!!g z4x;kuRZ#C^#Ju$TiF#)30dYGSwwAcuc?>I>Zm2Oe7N4clLr4qqmFJIRf8@&x4J z^Vn%|eD^yF;ZLyLTv6-d2`eLwdX(0Dp=Gx|{YwtwY_Mo{n5BFyYlUd6FX5Rq&ZMr1 zy)Gl0{SoQ~&k19gtVibm!qn^t1fKR$4u=+y(i}+?-kwTRLKKr)hIe`y(DLQTT8f&A?6+F>nrGR}_HQw@Yzj0q57qR9ksFGs zf2nd4*=FuxsbOd={SCZxYt4gb5xI~Ab-lS+kv&%)aJo^A(erCCU0Q6~>~|4w^}+;3 z0%G(_FdBL4^R8xGguwJ-B~{BZunx(w=q*1?7f5PqKv~GrW7fjaf)A!7T}8LF?)6us z_m;g-(YIw|NMkgwWPJL&XR@1F(DX`fn07K~^C{5GWros`56BU;zw{{7j-hvEWBE?Y zp%c!0baNQ38>Cr>D@#)w+V zCczs2F`kUSHb+lztNlf=#Vk)hQ;!@8XkCFcd4%DRayK{~Pfkkg&&KsQNQo)r#c_0y zLrqm3SVU0H!J z?uD*?OtB0;i&@JbrxeoV+P)$cN*r%Hau`}J$CYJBfNMb zJv-Vo<(6%!BDL4m`}H9RZ_?x4iGNk*-8#|v45?H!0S=C+j`Bs~_4jBOsYBg&vr-h1 zDXmIAA?Ld5{pi@mvO*GfqcZ_0$m`I1qabo?HpDDK##8JTnB8?bOKBFdl+y25GfO3N zo~)#;ySQ^Q4GzZdDDJH-wWw)RYnvU_)vqD-ehBdRES>AO;6d>Bk=0#1qt=uYJ5OvD zu~FBJ-fW^&Q-`XH0!*fvEv*{5`-}{g-J~l0&qFL`6)qQiw3|Y+i5G?3iMUI@O&?wp z^VHL&5zM(&Gr2e~#$Ageof3X<&7OgKcJ3@T%t?oNQ99O3uC$+e)krCJ zEyO*VtA)Jn&BQx8_Um2QmiiIwBEPdyVU5H2O*N3SrTc{c<+J~2rd}S{5nz8i6`}->~g;~RN)pCqT(GK8ezoHejoP__WYUC);1M+i1BlBnnt<%}vttigkF@3Vw9^ zA(dY{vUmz!Z8*%-*ya_l1{{cmP=QEt6ry#n%q#4p?ErZypCkq5lRr7)n8!QG^CJyL z1lJH^4)r!$&^2QP-sFd6c-LKr47SpTMIWP!AH+Xe^zV+(XcX+KjTwr8)`+%P-ztUi zpT7PJ!@uKT$6wI#Al%>U-*hRp?HabBR-qY517W~<#7`y2!$aoN@TjODB3 z2)noaH2%LpWck*3Ces`=Q@j6jZlXp(&U)rXZ(tRX$`h`dE3atKc$zz?SA)gW*-I|! zh!0#_nzx-*8r}GP9-Z6YB!y$4c4Wp;4Yt_q-CJm;A1|5gvNfvi*rn#K<7D`-vY($- zBc#KT4A+jV}BDcp^o;_Xgn=95IgSI_fMbsvN1iHB9GJh|>*;=cfQdeOYEggyh@YyveRGDqU98To1xpu-EO6t9^n8d6moE+-cRT5&u&?(i)tV>6cYxeJw zx9-*SR6D%avgJEJHWDWOIUze#>>jI@#irXw#sg6VTrw+Q-+WfJG2-BoasmR+?-oY8C_8LkM{*hN^WFGBc-)zE= z_!nLJvlo;I#?Io4L}d{<&sv46V|WbyBS$jo^rPCvP0gXEj?-NV9bLdt&PHm=39{K< zH$#|O9FdUt@{w?!;Um|>edflBoaBy=6Vp@4eq4nz&L~}Xu7dU3BQhAC8K>1+)JH>? zHh9I#1|g8DQhSv`ezV%O(-r9QPTM}KVpyuuhMmLXDpWtbt{1xZoVcU+r?zrW7=!qWahI0X{K(5BO!F&f&@5l^JAM{c${pv? z$dX9p75ocTX`@e6FnPp$*}iqQTT=qt0;sK zfN}B@-k!LYQfk&>9`L%wHuC1(Xt0u*Ype{ded5gw8LHsm zS1}G!unC4vciR)^@cbw1zi_r+aHhAujOb`1Vb)a-p`7PS9N8fO9~_pZ3n`g?s$R*i zGE814l<_%;1p)z6|BQc{+)BVFC^tt&#Xj$Hxtnb+e0QFh$nD0qhKN$Ib!=+#Mn9^y zUDS{l_n2@@=SZFD?^7B#%cht>%W|32-BI~7rc()fKD8xXc?>F2yT-YyafX`0smJML z&WcYuV;p+;p_!k~!BxhcuM=&-N+eQFsJZC9h12vprN!24eEX+lV>0p|*WAR(y=byK z9|3EkjvnV89p8T_-_*amFHT^nSET>ErI1{sn#a*R2Qx8uSm}BkZ1mB7?z2$cEBS;k z5ai7}mVna^O3|MmMkn0k!d~Kwx;qKKqT?>Fc=Ftnnu{E`*^&8S>F%>Hf27z`xV9ylPH1|OMv%tFp7v-DH&L<}ZWgOB%u`hVe zJd%!&IjuFGfCPnmrr{ge36i!i1RyUeRP_YVb82~t%mX~2+m{|!>IfDNN!ETrpUbji z=72hw4G6ZE%ODpwQ1v`1zXl4yI1Kz|DB9o}{)mpX4G;Uv+kA$lPs zyBhDaA;KxBA;+qEpKvWC!!c|zP&?%>tl9U{qCmhN+7WraeC-j3FHm8cX}7-dtwkZ{ zvH^Z*({1yW7%b>;_QyT3(_R#Z0=J{(4^hg_kZmI;gs6<)RX``W+_lk8gb<7rE|quT z@G|JYqCTFH7iF_}r`21nSNY~!>bi3g-`v`(!VR6A`n!W;p$~Jv9O2QQ8a-T@vliXl zP*%qghiNWNv{P0OwxkBOu#zbp|yZt zoBfgufm~_RR_=WYc}DxaJ7b*uzh=vuVrPWyHu=K@8VSu1}QIU!5pI>@2P2+9-av+e8D z@w&{2B75l3(9p_sY;(x_!`#Bo*^$v^$~l)Oji$+Ekp@CTH0qqJ8i>?iCGVB51EPMo3rjFyO;7g{@~LLH3(g5!HW25@9G-&ixA(_sR=xCB+(}&6EtzGXSpO}aOPjoG z?^PkUhQs?}8a++w`>AYpCihdLEm}DYCwFiZ|JKaWSzq3Ndbf8Pgs4eiAR*P)bwXUm1Va)?CZ>^Y134PMG8FIY;l>U=N|h8QVo-ltDJk zoMp0!Ln`Rc{zDU+s`m)%#dJlRdHUMyzU0)xb1T+Nuwe4$t5<$_bLDRH0V7eTrH@lv zC>Oqgne4$U0bCZVXb-TS0;sKXlp%h(HQXsv<$(mpvisw)eNonIHHLO>SWW+^ zk0Wdbd!7XK$Dk$mI>0)u9I5spgJiC<8a)iJ-RRy$0T&Zsl>x^m3Itch?%`!&@xu@WivIXv?FxOk1Yltd z1H#daCCOj#E`eCoav@4(0WMldOQlaK0Z=v;Ncd{8?pJu^`m_Vg+PS97<8S|d1ts6|9%)H_#ku2 zI+=)9q2-^mzg=jnZ96VZ{Pd=(Zmd8UmB+}(v+MnMbaprNOXdNfaoA=22(v*0gf@o9 z8TB?bVUIEkR{T1X;{Y+R+=aqrJvYiSsxeSa{^NN4{fC{RI$ywEu9}wqkR7TD0ly(d zyokR^Yssz-EFJxobL)e+eC6|eTW@wzXDIqxtgz)rKfES9(1xeRYX)-?o@lVwE$7;M z!qDfv5%Q40M5hm#q0@tEsx2oD!TuPiu@>2sGVU~m^Ts5ae2rNKWd7g~C#r2!J5;_M zPLhX@oAk;v^zx#=m=ZcQ94W;R?7y^9m(b^wkl>$m$!wbE0c+8kaJVAS_1O&2Wq>uT zovq6fCgTQ?h2)iqDFqJA^VA&6mx$~LQ6O*nal;k|MHM|1=cC-3(vyIsU;N0a!Izvk zp)|0kO|;v_MIs;bmespAlr^fpv6luVWTa4*q|8jwMrLszu&qw+iRKKOOsoJ%0|bxz zMV>AlicQ~;n5wQbr>t{Qfbd>WR6XKLU_IYke~JV;g9QgwK_iJYa3Na z#w@!xAW`9WJ4z!e4~Hj<+1_*n60A@sqOB)9Aw9U={l4^`*h9@^bJyL4>F})A$dojZ zcSLSTKxCo)#651WMchl$N4+QN`3O#+_dH?+->V6yuV&kpJFnzQD1KR|@Hi)uUJCzH zw^val4~nueQ_HxP%eQxMXcUcEgUZ&1Yjdx7tRTjHEH4*|>=gg_b9d()DnN%>sUB9S zk&9<4!6FbUK6mpH#c{{Lon= z7gTf=qV~BA1p4M!MYUEuXlpJ5p_c1xJ*P&$?)lnHml^3uzUC2~?j!4$D<&3u@O4Mo zgfxP@Q$=9P^+rRS?N)Qy!tDH zx%I>wp$GUfCrm$ts154TesQP<@lY2-O${}u13D>)DEEzh0J5s~%Fha%?m) zf0|12F8h>;IxTIDk|3BWEY`v3rb$_Kn$#uK;k)p;#g2~QvNf1FWZ8$zw z3Mn$2HdL{GkjSXaN!I$h;11!mJ+;2p*~_^}LmMZ;xNS)bN!Eghv`R@M@(IFRs2e{G zUAxV|q$G)#JycH_U`_Ui#^fw+Z;zC}ecbsqO{UbmY zB7o~9d9v)Dg}yru7f8UgzG+d-K7MUV6S1wlJI=PHiF`oKNFFQ4ut<0onr}!cBu%PW zZkhQupibJWea&J#uue>`nf1s+WiuaweHQ~tX2t^MmJ;obY5B|2p!^sn7*~g~! zdlp5|XQ=DcJnw9Kwa>0LR{CIKh7jV!8md-?#c5{(sD?w?DUnK5N>ZMOkl;R1S_E>^ zr>Eywnt(*?Froi^VLeO0D#(>_ohvxJcWAsBokfh1XOD4)p11tTOfYrGU1yrPb#Na@ z@A#1BB_^XQ7W3*@aWZjj;?hw9IIWwL}{>$(=UeYU&>5)49K`BI_bkZ zF`lg7MO~K?y_T|s=Z_gLFKCDclnNXzayBzLK%@S6WTAg@l!W=KS!GpByT1?9soxhp z@;AtStN|N9NL4{@p4RvGGHIjftC^?duxWh5l{L#P_PwpA3%|*43?_%Zj-Vmi47tX8 zA=}Df#BgqERIoP>QVlrS$`*TmT|by4n%<+7fYL0}xp?Ep(hn9s;X#7m*P*ak!yPfB!~BU*Mul}js;+MSP_ z$6qfO@kV&-lxvrsZ_S7I$FnLd8%i0u9V~q%lG3kRy1EPe3tK9)OYau>Sl-gf69Q~W z-pD&etC#*1)?(FT-B^^6QtNT0@z-So zWyw|CLtcnYTJ`*oZ*y*sh>P-#?lLMlfTOB1cgkCpG!(sWLdnMhrlISjfPU+b^*MCeP$f=B z71$LJ^+1$xH4DE_51Ws+tq{oxN>n7KPG?F#krB~r+56tNHbqcp8LtqK@WtYT1!LT= z+#p<(KA-)7)PmHIZ>y>0hfX&mi2Fso>kgOKj8CA7NmK&x2e=0zFobd5TJWG_J#pi! z?JLQm0g<8uzgP>)fnhz>&#ID=KVERs$!e*c(KM6Tx3boLg)x!&eLu zOkE0mUFd$r1)G+oKcPEdt*}$JT-6@0i0d>vz1t?K#oNzQzsM(EQp64}KUdpADj8h- zd{Ud>^c|K~N3T`lr{C0$5GMuSc+E!^K0Ts2&Th;3plDk2df{&3VZ<$bu+GJaabp~- zbX1&H@MEttH8lRou&>UTX6YoqDZ*R^$|ol_IoQ+D`wmB`pBL1`>mzfLVq%59BARiR{di7VEsqmWe%{G6e6z~Y`Nx=3)=I+fi zr)H^@;163nt+r@7FL8vB2&E87@{>Lwi4gCAfG2-8ExK*XT=9dc7vY4-^^uP?3EE*H zE;?xMWv^Yto+0iK$bY^<9lUra`=-a2jAUrDM|{ElHPsK36-1wDKeoQ?7m~S__Fjjp z+tS)TmR+-^lkNmdU|>YfDYbB<>pm$t;ZCs=nihSI6g>1~X7O`qNKB7*=M^v-Z$A~h zj9YS?_h(9!y1WU0^QXv0^=jmg(9vF02)K}Vjtaoog%7S)Nj+KsVs zxRgptXlksfp1a{#M#QhDF^Xxv;9 zCoA(Kp!~sp{kGzIzR{&%PfKB|=h@^PGg{BN)wnmwpX{b`Pr1NTA zo#s2k50+07;Z^RZ?lToofoBASC9jqC#QIWaED%%sRzt|vUm9LM^NXQg4HqJaiCkM! z9f1wFrEfQ3KZ|-Hi_XET5*#0gdAKzNr;bzmtvax+Ada3T$*>&O_t_X5cu58ODKh7I!RTGy%*y-zGP#X(%R*jE>$oMyu!_0W-XLK&UC9<o6}0Ut#=~#9ShNs5Ce| z9uOYG3Z3tbSg~geD=#KW1XQK=nD^mXY0=Vf2|kb}>u9R!6qn<`&*zS3#?`6ucsGX1 z!FI{v#kWR~jL5Fy1RK;n&C29f0B9ioBsRM}GG&Bpe9YOWc(MEqJWy`f`<3TBf4B}U zO#=GDBEv_o_G;=rT$|Jf3#AfXNr(*D?n)6>Or(N3$!MVkQM|=;+zA$Z8f#O1(JHNZ z9=xqH`2apK!{D2(o0-%a;#W+GMJNW&7g}U)(^Upd=i+=tB&_9yqaJ4Uzwr9tLLvZy zkb{E!>RW-ufVd!2z+|YaJbd({)$-dSgb1{5dfKWY0nP86X<1lT!HYu!Fe!-5>JIFK zB(~72E@G5=VTyD8TT6v6&S zGP55&2yHcN`8fyCbN%h{=f*N?$VaH}Lvc-|$h{UB!FvMZlwX9zhZyM!gQs0l?3^hR zu3{vL2V96A_yIh+j2jNG=&#i+C5&Pf4*tc{FDQ(Q4B6}QZ0{qTG$7@2 zz_?Fhs`E5QmD1rIcG=WLQsE}(>iF0hn+B2D34k2sA9eT3R)KB4Rcg@ljyOqu3;5`p z4XBv$vhTF}kdQR1BnAP$fpT`gki(y~N*L0S8tJC51vzixF+%QJ2j8l!UL!zu2t_-R;;psf5uorIJ)ubum61_dZE_2noXtA_uxCNJ+n0Q4f)Ioq zehu@^jHp(|7KnYXX-|lAU$B8V`L<=;{`N7wdyo#kr8i0W_b)qK$$K}q89~DQKkZ0# zx=3#jUhnN2>#5wuR%~Hj?M*ag$;k22RuA{qW8Tuu*$Y?LJ`Kb;iDPO7Es{77AgXgO zrQWeJQL(#t80(++`OBd#?YoXww|iTZuF27dBc!I8wXjXJU+XS^s6FTy9^UG5lCMDQ z$e7u_ay{7JLRmi<8|4d%r*bRsDK~Z8YPyTAJdpHgeh&|G`!X~x%0ykupjNFXPo!L3}<|n zJw})LU^c7q+)CNMft!linrOQQRzu5O2dLk|3-^xdgOYiE zTe`wbUBsGn0b_2JD!c6lW+#}{k-A`D1B_d&t#s{Upya|~q&D62Bhmo+kx};Q>)k6^ zS_V(S7B_(kW#1Cl=0f!hbFaj+Zam=7YSu5pUzIe&0A4baa&9gDP@>EK%qiyzBOle; z(uMO%xnz?_t5plU6PR*kdm&9%L^zXiND(k;Ue*Nvh4OxKLbBpq} zZ(jaWt~3i;wJhnAxdZVAK6mM2F2XsAsj7=%yx6V)rurr$GKKxm*88B8@Eq@<)&al-%f}?hSN@})t|3_?P`BzNberuoUAjNbrtCow6p3HKm9tZ>MbDI)E z1ZAEFI^w^Y;bi{X+(H+h5m>X)T-pPPL3#K=EjzLtDhApW2GZ1SJ}`3!Y6 zKP96i0sycOlCqa@FgpAB>E^Pi3x>U@26}1Yj+MN;C#b4 zOcF$}f|yHV5P`m;RBjLhe4@RKU=)ee4IFkiFJT!TiaoJT!6Pj=F z?pvyJIy#S_{ij6iiF%%&+!#d5a1G>~!VOygs}0mxuAyXuOs8=|W+6PF=MBU}tSC>X z^=+{c+QZDxvUAQyxVvIrlT47cFT1Q36abEgpl#~qSz-pUB+=gg53D$wJ`tcF{L>RfzO z-=sAr?xxG{zyixF?<*M1ak`6HU{!n3%XtVwxjL^8XMy6c@jf!aWRJ9gXDivV$U4i- zYHvf6;PV)m(&~#8Z~vI!L3B_lkEZ0bN-ol~>}X8YC2ic|wY|vg7l*r@%qP|9x?qBH zS=#0AB>*GBN=r>n)o?bI*|L`Up>liTkp1G9;=K(*MevK!9*^xgj#xPf;bgOr7w5a#S zb*HJehI@;i=qwJRyZ0`+CGS#%HW^cge8>qdlq*+^#!xn8tbaADk2G9Gi zA-a?ClmF`6#s~ARG z)V*Ps6Guhl_~>=2f!NCG=B&uP(t1U+PB-sZm5Ft8L5)?TN1_Y%HpqXs-OyGUeo^Fj zGo-A8oi6B0DI>aE(bw-eEKp|%$aytwe;=oW#kag5JT=wLIrTP)pvAzf9qwbdtQ zZV9~*f|x^8D&08`rKq-DuP%VSmb!Tp`{^}u)FW>eE*(_fh{IJAoBEHW{g|fl)J526 ztiAUHXcjfDqp<#$j^*sRE3grYrzZ}|Im-SWgVD0 zHV%+|W8q3;Q0nZy7%g5Xw=R-OrXu=P%;{D~pkF~Wp^RxcT)iHyQtWq2`03H>mClIz z))D)x-2Or_o6(?)v z?nD8AP(2$XyWY=l%ee{f)cGBY%B~Rm{K0MVEY)s!X@_=CYoz6H* zI=zfL|9@uzgm4oxspUScxiv0ii+c%B{i}Z;mAC&d)t6oxW#OFx^e0;#nDNkT4R*-# zx99XzQjdS{C=+0cJf=aV?A22{voUrAau#ak;O;(T^gM8~5#5#o==6=luuq$EaQlrz z2E0OUhk#GBOkdt%wWoqrwn(!qYu_C&W)|yYUuvyC?uV7Z#YYma%~(GB;kYvz!B=!r zZ!dmA-;rZh2K}xOrJs$sFg$k?qvrD?+kHiMkE(h#J(!e6}vL+5K1+zgnf%%RJB3 z+dr&64sx6}>KZz>(d@v2iL66)TQ&-l4qOy?QMe#Vr z2kmyS{Uv}*x!Yf@cstA>iFqP?m5T>nOE`_?>$8~1c-BPFRkpbk7=K~c=*X{+QLq77vr`$+fDID=>?#cluGzf$?#AZT=wM+5Y>&XY1w- zuZFGOZ9G^<-P-|X<2qFm-eRGp5Xv8n29!xN+yYxjd~X?)79$Tau}a0%1@$6dG10vD zMT}raOr?(PvC2fu?S7_WIwoxYRm;*w72cuH0X%=AeBNohpWa#4PR@H>>$#~^>PjE8 zj_3I=Vnw6|4QLRso%9fUC8tU>THAb}{oTarmt>=X!;q84SDXsuTUJ*!#=A8x(5Sn4 zZEblOaat%Yx*x=Vw;MZyKAJ5I5zK%|q9Uzv)*G-pNWH#At^vN4IgaCoXs%yCi+5SK z?%bR{eEp6rbiz6q zycsI2o(fw{n~7lf&wlRh)T;wwAn8l(72i+kV6s$IGo&PQrFrI`m2{4KOXAVwu zG6wjXeJ`<5AtMl<9XI6$o;(u&azVcm>AQ%S<|dym`$#N@a)J<nX|g<%`q5jZH0w zSIiw*WdsuVodN#@$#`bfd2!m}X&&Dv{$IX36Kq-96*qV5Rtt^xt+Z8uH;{W)_M%ON zsm5knx@e*}4^WGLkM2p@QQmQXumxlMGBtTZV_C@iZdU{RK)CI9i8xLCq=H&cLEH93-ERSeC!Lc*(Vdh4HrS z;om}}w78y;QZP>?FN)$25ORoE_FbS<#Z7HwOm!6%(j@tXA3qhW@1lG3=VQ*y9uAYzwY+aRu(2|9Rmei5Q#zi1IegwS#)N=Bn|hEhq09;DgIe89=?5 z6M_vgACh%!2AvbjGTa*HuOdq%F>s=xwK^C0fUmK3J}ZbUjIb+Al1$3)2h#7&Uk$e1 z?6@p&YF%GOdGBwlq6?{*IDpyv9{g#GZYgj}I5c1&qjSjdHFTVt$kD>`oc zb$twrZoI%_}n7J1hY>^BfhwC$GUwH!NmK9hQF_HgSl+tX z)1&T$%@R>}u?j+P!n7?R-GHUIjg@&X2l%J(icY4D;{jP#Z0dyO~wwB33B@_q64`( zO=5m^-4&y5mREV#c7`0)lA5LqhP!ULsh)QP2G;J6EXf*?4Q}7eI)x;*UH;MQiQs>X zO=HvM+IMTb{q)Ls+es(HD+i*O4xE*o_Br<`h!A$(l1k>Uzr{1Yo~S0G6~~x00M247 z;E>j1kV2L_OY}@sgEe=z=IW2*uHkrbi>tjouWBL75BGVkPcV`|_8D_N6A0!QE(!Mr zKosVsS|5P8E?0HiMjL1)^50!tUJe&eA6p&%Sd&(N-260@`LB4OKsEO_JnGSX--G+9 z|3>V*l>c`K41DmHk+~&FGUyre!@vZdht> zxqSk9@i1@SFGmvBM0H}R4rltCk#}GP-xmWg7BzMP)#*a^!8^X=k&<3V>8XbuZVvlK zF5%OVaTxqz#NNm8YF%lQ4Mli~sB0==K7Q8}OT~KCr&M+o zTw8esW6cu>nC8+Z_Z3IPXge`D{~_l3e`Bb#!=pcIf$GpHYWh!B=i*L>>!#Lx-9EX? z3J<%`oRB%qv)q}&h%(N>)!{$(j%vVUbwVe7709pEd^+ndMdm-B)H19cLz}6GM4GIi8gsWK0~0 zb`;DxQ#A_-=^4;_p_X=v5b`a|^0_5*zq_o49x%%t*HRe9r7u2e^lPe>BB(=EIklNC^ zvs*3;A^=~Q$X5y1q~)Cx9=pV|^e$Q|R5=9qLa4J!!u(g+%2jI`TvTLV^)MQZWo$oX zUjBADz1XBmZmmjNZ5=TCqkDo)U1g$C6H=)EGC1r>R;w6B4z5Pt|EEm(JzDPEA6*~4 z`T+fd`AfCojXAqP*O7@$YIB0NWt*nGI%mIj*J-U72~T!lYM{@dVqRwHDF1+9{oGrfet)lgt(lYs0yXA-1Lu?eh zQD+o5#p^icnke8s_qjivGg5vQ-9(g`IchO90>CiK#aoG^1o!E2R#LUO zx{15=oOlUg)L(-EO8-*|^S?`A%zq6AnJIVst))7zHNdS-6$Q4%sP(&_?w3dY2)Pud zuPo${crnG~57BuyuaK=0*ApjFr!4oi-}G{?fn$x4h>pN@_L-5}ha8NR8m;U`$rY;$`F5AbK@-ZN?`% zWvpvwi9EUZP{`Cij{WWbVBhy3V?NU7 z_r8o>|LF1h+oBg3umaFRC6o$8F-rz|SBOnCSLTAty7syp+qMJi*v+*;z{{akaCc)J zrh#e>FJ1ItfeWd&`6qi1E4x2HQ9Uf@qG}hS~|h`ND2} zLmjMV`Z+DfkrdOHe)r5m@O{fKeWN)`Jt{bow}zuhD;09!j4xsDYq`^cZ-z~^>M<(l zRKl2+&AIG{a)5ffIT_WPH7I^^p4RbkV4*3Cx3zZNj!+E5+f^S*R68pR{OZ_C^aal2YXOZN?n?TJ3p$T9{W~L; z>BF}#p990#*z$JxjGW9+W6HHqL#Lwy4SZ{u@x*~12(>u!h74mQk6#A?9TWI92?25e zP&D-md$l92XntUw96*%>*OUys;sE2hS&TLNf*wWCxfW2Jwt*(N)#c#nbrk(0qTz%@ zOzEjL^^1@9Tw@PT6pcA35>BC$cLY%{BM3uxVk#0M)7{pOpKdn;BbEWxqTQC{#ZoBO z@ZJT>;w(IPz@P=4AjlHL4LTIEr)l{UvpIXaXe^t*6)HS-c)I@%YR0M2Gdlv{bFphV zz|xsTu~A-})V<0^r*$SVFxO>b%@2^I)2VQerf2^K0{u@S3O?*{lNC@ZHo}T$V)pc5 z3U#A4GjC+m__Ee8r{S)A>=Ys@b^|II7+%9=&GP9}HSv(@9mdhWhH$_uj*CyQ+&&08 zk%;E#acD^t3RytL#8Hd6zDEyCa7CP-{&^R}qD5kwN(gA=f7Z_j{5~8ky<@!2H!x+< zKUULOcYZ=cJ=dfl_b4n+4Rl7aYX$bgU>HCh?Y`mumI%~?&-a{%@9kfXR_!y(t;>Hc z>dLIzi{x`vreR@!odE!6=j#)AlGAFy&YhXlawj1HI@|R_`~joY$SdB}ybnY?5X8Ol zo1*~}an@t22IWRs-^dG{X% zj_!$Go7w$W7K`rVSDnItb@J|bZI^%Zt=_(1{73&8Ar(wh&}E#-i3U*KYc9(x+j@$tg^pr1kvxPNbAtxRAWKNI$fPr?(>^$zvw_X{1ioqk0?*;`x&Jv(Ail)59Iw|S6)pjOlS z{olt{&>JfclP<3@`(toI$(g*nPBF>1d0cq{NrV{P)4`c9H^Qs$#6M$SsZ|w`gER zs3`|XMP&8|AId4as&x^}J0zTs?<*ZY?fk1(3?7{8rf$Lu{i6LeTb`7iZQj}c3UN$I zH8mgKkPx&pyrXUQ2BD|XXYsmZi3 zzNA#$X==LOOiVevWGFiD_c8$URbRXbm;bj9GmZ^f2i5|0W%7gkB@^SSr1j<>2%;gi z12O{s+F3U)w@8u3jVO+^is!F4Bbr1aDm#l}r-kH_ks0$ATLpG~U!wRf>Km1@iDCz> z(v`v%OE>cBTbqDF4`wt_-(Ysf5<9;m_S${uuvgy={VR@t61)rS<^Z$%`u>L1Smmho zxb`-|Lv3}n-$c%`#AY%#mg3o2$v~lF#9CT9g3bgQVh>L=NKCHP!8F5cPi6CdrWBa& zNj2L1AmDbDa3e@H`&G303IOPP=!l(v)`fM&^Nq#ev(NQ^O=Q@dDQ6Jax#Q;r zW)Z66iEkEFr${~DOL{W54Et1sw7Nhw4bF{gvFe$@Al@e2cYk1f>Fil)7Z9l++%iAX z=eqT86*Sssgb~oxvB~f#KQJVjEZI_vxe)p}TkWB=x!MAHN|1W#(N5}oaF_ycCm5O@ zBUFXn9}oZ8z!uuV`)mhE;rx_3un2cXYQz5`Es=EIv4693XXNIzLH(>y8(F6;DlnAwYdC8J7%q8R zhH3-yzv7s&#H9;zceZjG{>sPAbGZ&3%<2x7GSC{#zH7enN%>dte(N(UpSb$4!k#09 zK#U`G8v6bT-o=al8IFszl{_bfmjyU9D|zo_rw3-06fecNM!gT+)73752+TC#Alx@y zMD=1E5_6?@et5soJGGnJ1yH9Q-@8Rlw?NrN{_IR=u-f3k^z#m^4W@I{yb`-!{T1sz zpF_ucAk}K=E>Ey*xb@GnSj5Prf^J_}iV%GCJkyTVp*^kyln;a)_Cz!Q5{@mnIv`bd zq>yp9yi`!jN=dVvZDF-tY>|UZKc;~UrpW+#W^v~3PWzH*tf#SCk4|@#k0Ifw+h$2# zd$-Sf?<7)WjF)?3*a~*`t=!+GF~u|Lm|r(pn{Uq*gtw4wy-~c^5%^}|{^zT|xmoxV z|7L$c|7N8vi-5*S87ApB9P<`10>^a9wj=J!qB zJ|M!TA!23&tYs){pn?B3{Xx-1dIbhAvn*l`v+ZWaHlX;U>cEXN(ox^;=rKq*Dh}x;_lZz`E5Dp{WqPEA78I^CcPTtO7-WMwVHuV|Ff}=y6VrPD;b7EmA|8jF z#CuhJpC9pn^8d!OeBK{iTKEgx?%!zmS^zv#$fju5lYLNyZ>&aOT+`XJ8i4mh7R!Sd zuZ5o8$BVQ$?bgmtc~<{ahI}dLVSkdm;7d$%>t=(s6ZJ+(M~Svho{y81HNADD34^k< zOma++D~rbc^AuUwY$hyz;IYZsiFo1)+3Ii%-^S*(M(Me_#v4H2o=b=~LQU(f41pCl zb3&vo^4>A%7QIaQhSlnbdq$kMWavU-H%81e$GXa8uDjE8a?5IQ+)MZ5T|AkLRp{q_ zKw~}+RO9i~$X!S*Km7O3#%la-{rKnd^&OFjGSi;AN}(G>5`62yAzYj+6t9R_ktG%G zyx|m)Hj?>6t~{eZDT`U>F%5qx)c&~BxEe>nCT&2lC5rhuY-ohCFCz?w`+wMb@2IA_ zt$p-WQNRK!DhdK3O}f&1QF@gwEhxQ6FQG>SMSAZgNbg98gisWu6MCde@1YYQklYRL zIp25c9lvwO{p;Q{h9f3nkDayWT5FbP&iSkcWW-z&aD3PM4XGwj!xfigU#ZeP(vT;* z0hv8ybXuPiU_<59($btJ2>{MFCat&Q(kp5^bk%V3Gvk~m&wczp5p|3XG)w+z@`sA% z$%qyz?%@}`+$%-iXUUG~Vm1htEZHiF4dUAa)WRw?%6oP^v}7id*jrgmbW)?%Ph$jBOqm7v zxEkm;E*k!SQH?%sQzDPf_c7lQs2zr+>W}CX<(t5zBwIEqy>9}k&q7fE>z~iz{3!*W zFY-n}-S3K>R!QyywN5XYd{u50r;OYdcL*T!4F>=Xyy%MxHMcpTxO4T}-C0YJpkbmq zxpF7yYJ2_A2?Q^I!1rLD&n&Y&Tmb*U*NB%5vXt|zY5`Ky>X@~p1vea!J~fE=cLgEJ zH)wn*dE?xA&a^JGk9@lpXRF;#H@RBkHDm-Q>EIgitj#f?iH}~TT;>?ezDAWz^j+gB zn@T=^AybZA{p+&wdiYLF2G(sZVtaxR9VF`4bIK1Kjn z4k;Yqn!DzjTWl8W&iWvG^R}44k6hKu-Cj3o_&x-a@8RJUm3kYBj`V>FG+J4}A=+Ip zXR40I6A837UH3-WnIG3V%tm)TH9Xqh7~^KqYxp>+4WR!NyvC7gDh%4EHOVK3l$qL{ zDo4#^6;7tamA%+wCV;suPB6uHrYcSdyvne*x6mg~_A|l->&0XLrq1%wEh;{}_|>tj znEj+^)}u?8B>(tM=yK&RxdY`ta|hR#_Y|}2z5pz4-&EG`Toq842;(dyI&iW(uJBZn zqI?5%@}~)dr+k<(0;9Jwe1A_bL!pEI=&GYOY!fhZX`eCYt1V}L6>I?A8P zsNZ?f%CZ`KzgwM0?eOG)lIPVI9TF<1-r;T!u- z26Z_of!7{qAzR1F6|SuYbh}n)+!W4Qk7s$OdCn$cc$cK{@vWDFk&a2p#@gF`Pz#>m zKY5UXXEx9UGIPv|!4F+F(Ha0zSh~J`Wsv19 zZt3CA&52@Od|T~(32Lny1x4yVhu z?@vN^OCM)$z6|}&U9tYNPaI&RqkHg8pn6tOg}D7^h+SKKI>2g}6|u`0f2@*50@T*j zJxynBn$GvJ^YN$Z)?oai(9S99;M_O2yJ0XsxvSXK-adzuC_viap_*)T!P(keb_sLpg3+=+&4d}2@R%T8Gvl` z1p%?A$>n)VguGPh+jq%ab~I2E^PR0PU($^meY2YSBpE8|Qk{L;nCnn!6O91<%sDfG zE5+{Ek0|4(GDNbc-h*LK@*6_r&np^4#r;{me_uJTZ&(Zcwa&M+!yVstX=$0&$iMeW z2qiaqJ$%7{JR;_ptCco=#23{mY#<`9hcf z?Ty?cBSqizL<=LGiC#sc&_{(TKG(o~^EDfHw!&a?KOTDocaMe90C`qV2*88(u^R~U z=k^{}ZD-#ba7Yeo-}?CSee7!i>8%Htu)ChHn&<|Vwfe39&6KPiH7HSw2U{AM3eiuS z^ltUVG<7N;4`K0PuV#=ewqQ;|OxpLgH!P}P&t;KD{zO3}tm&-Pw${rZ8TU!P>*EB! zrl`vFjFv7uXXv8+Wok#Oaat9qIH>cMr4`bLbQpc;^Ef3rRTp7WA-)8&3+u{>#?+^` zTNw?{F6e)3?=*kuQlKO)puVoMCC*{*d+1CpPIo-ky2W|o(>miXPOQcs@d*a#UL&87 z)yj{^n5%F?TTlYXHdMC1@xnY$lbQE z1P)@}pXlN(6iD*P3B4s3aB=Fvm|_GO;RSi<+sm+DlB(-2PrUoB1XL^EWaB@)YrXzf zSTXA9qbZoHY-3Nw5U#3#Y%*BP_cQ=FqS#De3vTOOz56a_*JXZ586ZdbElj@i?j%$& zJ4D$0lqX2+sCnj5!ku#xMG78kNtnV!PtYeOy3eE;#k!Y;g3?6}$j`}88bT(7AdyPx zJfAbAg685$XZ?RU%l(LXolRnkmcWW5ZJntSz_9-HrvC9@~9RPGYD zv!;(32!1JW(k9`yrW8)SRhXb9bhEG_1K_HHq$}f`U)(sRn|-s<>Hc|AaC7et@)^ZL z{TeLGLAn=PGsnia-tdX{DpbxQfR=LcG|6Jis2}H4nHCiY$dM zUH@`3T-|B$kW2_NbO62b7b4pV7V9Jnx7#&r^jz!l3bX;QSLKgyo(331oJ@H9s zSlQi4LbvPXk5hmK#yvRlBt{$E^i!T+f2QnVTga@Z%($Rp5mjpF#D=C&lg1_EQCJeT zdjdGPdhea=_|JKghf#U^&cj1JesoM`_xo!6%72GHT6?pE9e>>WrF-iBK%4^RSD{-} zH-q5~wL&Sisa^NB)yn1=K)l2xK$_)C#E&TLH*Y;o3gJUQ`D|F(ki?E%`ankidnhm+5R9i3P>%evL7X~V*qKR2VNkeK}tHi&=LU&HN07;${mnE#`*wsq8` zHvb^@$IsbbW2rn0wD3a~s9bJ1ro7)A)PA|>g2&m+da`Daga2`Gqu z**%75!g2h3`o#-nr(U-`oBf9Nr76CX9#Orw^F!8YW;p_?{&BeTnZiv>(=GQ2yzKvTKDr}B7EC}XYSZQmVs8cVh)y;x;V(LLH;E+^Yp z?mqndM@wNQ5H?ei<$B%~EB>?ftv^50IghV3rfhuda1)+yi!F6a2|Jxezy9^lIXL*kQv{HK0WK>$>4m?;FnY;z)OUYsK3n#95>ryyH1(cuyOEpkdJt)i z%zM}BAwtVrk>JXtDRu+*mipb_SEv@z;iN)z;sFZY{bsJ3{+Ma}n`z%=f6a-ygLult z(!<(L1V(&=UMyf-rrk?ec#r4ENLGYMtFLKW!D9Fd)yvK57Jqg23LBK2)xesuh37;{ zX$%&P=+Umbp?U4`+;xoSlfR_ExeAy`TKX zKNA&2Cp!@%E$fkQ1n{;GuY#EMs^t1buwl5wM?x-jr$QcuqGJWMR?eR$9rg9q#34a0 z8;2ECLT*knIYeNRHU9UrY^A!BKAz(5$`q(B5rjMWiKDjSSx;2LkDuk2GBQe_l9<%y1{`f) z$)O5%#cNM`qS#N-u3Yx2W1h6<2z8|JEo|><(uAQ35_&jU!Z5zKKy!)SKsYxkN(#ia z+&@#)fL8SH;O#GSJ=0jMYc?y5p^Hb`BV)GA%P{ffF*XfBv@GM!o06h(%yT1 zDp_Yco^6fedfRGjUoys7wYyfX$nu z&{38}fW~z#y)?e3glthw#QKS6Xpnt{8R+V&@L@hUNJq$CG2H~sO_}jN+yceqJAg`J zGxWjf*g~4sTHhm$X&%V%Fh}yQq23Ln7}mj*ql^ix(;9`x{KWl&yZJ8Zhv~)b`H0#H z2JTcYPgT^qYkvLAI09{xaxgyBtfu^VaElP0eQd~2VI$EhG8a(QEa+bH?rSiLL5z@68p40?24t%Ov9bIZQH zrzzL5An_{+DN+)(p{pZO!AaEnXAFaa5j@DLJ`kBEzAN8scQt!NG9K-Hi=%P zuoLqi%RJJ`pj4YyIOe^iJ!qa~1n=OUVfK0lkj2hnDiv4W-z&;$`Xvp$LIZ24NY!UO zZBqNyJ#kPa*8RvQ_Z!9xg-Y}qu`!A70~Q#2=Ub@*;3@HN34gFbiKye@GIelF_)3&EU6V8eS~)YNq9^@zJc0NsD2FW#BWRNR~)rq+rR9aVq;YMXsVR)DKil0 z7QJ0Su-4#F2_enKGc6WE9DclsW2>^}k04TA?5XoU(UT7n@#NoPs5W4?Ud{QJL^Z-F zNML^6GEU#rxczRvq-#rE2S!gWzRz+gh|UdM`29QmO%1q;t;kIn zjE*H!RiZMT7r%B!TW-E7G-e~y)nV@|5i4*oobMUsR$FP-t*vV_iW(4daS7B=Ww!%q z5DwRM?*;#HndouYW#PlevAijm4p>RpJC(&?Me2^dp3{6WlT zRgy4$?72a)QtyMg6!RozN-*$KkE^Uad*lGp+#CW@uN64c2-nmC@XQL0^cbHz~h8eBg{&?s9C1<-rs_J$9D9l`XFf!&!5~{I9iYKgXDn4UwZV zG3e^0>88%frh_Ae6w?w1Y==@_=;RPDvHfN|q7U=229dd{B?3v`4q|q^8tP=SR@7eC zZ9rzGY#ijPBcs9dOiT7dKUPAL+gf_@Zn+OX9Q($;aiY2wf(ReHe$5rN(`5ajV7eBZ zT$7s08Cajb*CFpwfh8Btomsa~hmwvat#1nKoqk0sp4`0Ky{Ar}5jxHN)K>V>l35MZ zD-@r+myN7EF@S^dO?`WDAgpZRuS=V5syNR^-aGpQduOkkL%(OD)Xft@#WVtJpklIX za#GgmKTdu7O`qZA9A`&IR(I<7<_=D&H_y0q(Lu>QaHn~@fdP}Md;G{9h8}Rw&TL~( zTFys&a68}N348f~h~gqLWk_+3)J}3^Yhw!s>7}IVl!I2PbR@B_g|(TSZ?OliS-Q9X zy1&kMTD10u*1&90USgYvL8Qc4;a0LI_Ma%$E3JmiJCnErV>yjR8-5<*qr46`qRx4; z8hxoCN&t>vE@z34t z^V`nJUo@qc8f|K(voSMpee;7SJ1wIb;r}zrKYzQqoLOS-N4W>c zM3Ch!jqyO2PSm@FymZ+F}Trh@BLobAPAKIXmbR^e}0OZv~x2*|;P ze=CmT$Fip~Ko{ZnlbRe1mm8WY6OHn z)?67GJzi}?t<^4J5&;4R8$RtU+kNN!iRYfYWfK17>NP|!_KRZp;;X;0W9L`=tB)1Y z&9ScCrjuP)byp(=wG}hW3akgey}4?0UF&=`b`V7#Ihan4v7T=NiD;r>Tx7J2qTX>(%t08&cLHd)YlR~M8?&yarvVZt3+y!=heIH?oaX7dGSW~@)H`_NHErikT%&E=<+_JZ##t ziJ~ebH-V+6ay~D8doo3T&I|pY^Ro9J&C6fM;MaOR@+k6+JrMo@QxIwT=ZZ{`2W-70 z5QF^nvj4Mpa>c-A2|6&hzgUOzj28ogC;fL||895O{;$OT&sNs|3h=)Y`>(|Qgy04gDgbFbM1U>JsJ4Z2uw)+KQRK~ zuIJY2fV*es+LN>$NSG8>CeN8R?kZQ3m=1? z>>^5@Qu^<}{wAjR`>FV^#Qu2|{aayO{NcY6`>({#_1-^7;a};ocO5+kf8_%B|BOzH z)Vi8mtj~CZuPh$owiWpbf0m;4D12u%RULrwk^``jy3$N724*_eF288*K z)0V@u>CQ#gD&MT)_HF%eN#6S#Z~nzs|0K$PkSy@gl-G|P>()))ZQcPhoTwQ8YB4s? z4us7HYG2b+qghqsd4D(Gk$6&10GN`}JxQC380jwCpTW+f|0vk0NN!HK!5FEy}JduR<-NXvJq)`3(C#+Ol z?bgIqY+A|`4~pI@f4#s}ADx@(P+>3W3u}1yFV>LmKe2|9aRd)HX<5@YhugdINeh${ zKmKu9Rt7MPbn|_ni}*BJ>S7Yy_T>JfNnrRZzS64@*i)`|c`RHQ1RH_>N`84Ca8d-g z&L{d2`0)HWo<=B9`s@n7yFika`5PVQ9N2Z3W6u+z0&iKQ8E9R*AV+#)ue4 zdq5iVx?h!vOhtiZSTQZQ{N-Z3uw5)e{gA|rbo{~$1Ygb6`Sn#`DhAyE>BT~NA?8#< zF8#WVZw9_gc3ZUZTMyOF>{U3UR0=fU@diFx>j7Nvr(nw0NIb^`b;ym}8+oh-pMS-I z!H0ctnyyUo2a2;VKV=X3W9ni&dI|j4^=lMrsZ~2t1)B(M4X4VQ&}$i14U)hjAS#|} z(4oe@l~fY$hBCo#Hk6nvt$%ayzG}`s!Q$V}2Ilj$_9I&;pe$?y6Ux_B+rmlYYHOD} zC4Dlu7d@PBrJI(vnX(*uFuNG5tb&~n0{FLD-ZgdhA^etq3nN)sZ?TZexl{6O{@O}q z1-GA#YcYN4Y3pc3f!p!yNJu^X2=%`2RE4=qlMl(`6IIwPD64qy8PkZ{PmC3dU?mNw z1sM7ykOV@qg{b>D>1(HJKZf4w;SRckO~VKw)Z$tVAhJKsT3%(|CHG4)N~CSV*Y}QT z+mhYHFP*spJZ_=y=^stRM$HSVulE_iq|p>26L4hRW?i8pvB!RLA$lU;NXLGht_%Wy zxs<$a7FV#$C(q@|lFD|#l0HYTaZh+LAivg(^JuKB2(dt!1}bm|t-5L5_lnA2gCA1I zax68%@o#@0%jm34!ZI~kUDY+$D{o(xt(4%JbVLo4CG zwR5Jn=WF8d7?s7eLtA6>7Qo=SJi1(tH*4#;Y)_O1!bO0_M)qnOR4l+Z57ZnDoZ%JT zd))$^q^QkwmBr)rv!rl%R$b>#tnpwptrB>t6g!X%DXPrN1&GJUyXn-jm3lm+BPk&2KI> z8R2%kD{i*jXXxZzGoN#^n%Cxol^wbUck$6=R7#C4>@@P(`3iKFvW>Vf0`TV24Yn7e z`XKHn+oa3`Xyq#}bHz|k$J=x{Wc(g6{zl$nDb?j`BFk8wX~mM^;+GqV2n5JG5;S}_ zd}<(30S!jAW@V=bNIMIo@oyrJLQRVV2^g{aedbzAc>n4yzv6Z7=` z7F4L4U?>mNr~jKsb7L=4bY69BMr5`mALWq>J`-`X)vB*h3ks-hfs{7-Ryp?2kz|jo zxEp#|Z7y3T;nP-+K`|sR?;}VKJVSH$PaOQbd0lM_rCINFvqD|%pAGfM-3B9sx>L%s z#Jne~{V(o5wMy$~JC{J+su~v8VQe_<3`S9yMa;(k$eLhHgk#3Uxn;eC=nM zK9*(s`YAePpbDe6r~gLQ%b^?KwH63cLwo&cn*NGz`ei9UNe?1T(JqZsLz3Q-cX-*@ zpbnGKVpc23yjP^D;@34;<)-M8_S8b!+= ztI1k9dX>P5DKbLl_;9D>-}~z)E(eSel!sBpT-cq2_kvCx@}F*WbhcerT>R;pWBG{- zCp~wP-Ws?fs8eddK!sjqqvXp*-&ClLW>Tg0@Y#M+pvQaa`rvH(JLmED5dTGgQgPP@ zM?2Ukr@0`e&qj%YM2{KHttSIhu=zzE!ZiF(TZD)LY>|`^u;bpwjRldWQLoX)Fe*Fx z-V3AQXE`Br31zQ`;C%&)R*(DCR!LjQuN}lB^A-Z>GB4$yo@kQ|OTotk;ncuBi(WS< znXHrLSWmkv2b6;GaM)iCKWiiTCLSF`DgSs6F$4~7# z%s@@o&QhCY#60|SvpKc_u%OY|(T{>icVLI=hL*Cc1e@%qfr69`qegm7bv!&->>E>% zXSoaHRK4%=R(%XYKtE9FTIxKH3O+n)krJQBCr451i5*t15Z%!8OrA!S@gcs!KeZC- zd_?s;_*UjYH9-GJCR5=jpV^_u7tCQ(VuMWjiTl^uu@m#*%p2wgY6r1h62lxg4Pdzd?jk6&{Fm1MqK%1xiN>vu`Qq7E}2t;%~RR(lss;s$#%HdiR` z(x^v0r|?N17_Ci>9I9yVLCM^uF>nvGz`oCWH5~|c`ckNY7VAEDp9U# zFCsXQ9p8zqzn@M7SZqcS~K@L;}rH;XaJ+Xk7lTQgHxZ&pI zl^&Xgn6{Faxl2@?fU$upAFG;Em29MkbSs`IT$NfE`u<&CJomKStdXpuyS1@*q3)S+ zT2p$BHZ}gOBumK~GMcJdFT}FlWFzND4GPWX zYbOoq`l8HWrZz>>ex%iFtE>m>814Nl3({|@{IDaAKY|U%TSo_Qu-He&gAJD1;X7p` zTt`cNlEh@66cQZna>pyB-{(QRFBw|wqxC_!o&}LI6lv`)eJXT$DAu3yo=NQ9Gc~1( z<(}D|AvIQ)?CX&F#YLtZb^mc(=ObU$xmPX$wUeWg57>xYKKGaZpc*XQJjmq^m`{tV zCdQvz4{1hUm?BzR0bcxl9i{f2t%C5p{5< zNTIB*2D;6xbK*b;>bOwS$K8^ys2NU%kMW>?RDDSalE&HZqw%v>|jQpqhiLu8) zq|{!&x{M$tv3#f+=OzC4?zs*7-##T+t)$`mk2*&_^jjlNc zMTWA@!lu1&{g>!BC>o*nb&t8kE!RiCX^qZ!_7sHtvb&L&PvT<{ z_l_!yhWEd=Be?OO*C*V&r`+dx)$3lzm1$@t3 z3zgD^rUb*!2oDuI?=ob|gjqYG1=$w^p8t@CEyLcnTpm2kU0;BPQJNiY%%nLVpo}2G zeR)uj7DvPHNzDgF5N?@xc70k(+_9|h(Yprc#E~K$z$jmSb!iC+HL^o2{n%EI#16jLPbm3nn+&|tAAtraNCp_T4U zt!tSQ*Ln}u3(lrj{X@4#s%26g?(JJ&s75SEYq5Q%P43=FP+BrWvBHjFAv4v_^Il7b zR`X9u8nGW7o~=}CF<@qGH^;qRpZGMsslt%3t4_ZLinFHaOe{(g9G&q|C5#=LJL@Wn zyj^XDVO|UKM%qCXXr75@o=zNjOtajqX-^kJ77q^ZE1Mnemh6sYk5u?hh$YqY+|JJf z+<*7rd%ZLd*D&$gW(^q#4AUt)(x<$2%*D@JaIt;bqWfB9X|gJxXgMbzZZUW%j>1eO zdObOQH=Nf%|2%}tGA}0E+;qtrQ^7R|W>>9tB3%9F)R9#!M%O~$Z0vL3f7nwt{1)F# zs`of(K4#Z_R_jvttpQS)%GU>P_ z8Ha;+GnF$xUsdg5&{9l)hDrggg``Cvii@o|+8}$oQCoL?(u-fSL5It{gPnUmk;1)h zg=88-6C6afkX)Omlc_efD@3fd$<9S>IJS{ehYEu!fo;-FbOqW5kHklA!byef?XA`H zRJhwW;$H`m&Lr7*bj|g0ZIx{<=?P2=_VHQ7MOx>mIO*KL!c35o&bFn|f~+-y&`$<} z;rudJ7nGb0Q$Z*6o$2hZm|r;OgM+Lv>9U~L45QAsBWyS|g-Mc-cyMmQ4)GpeS63Lk zw{jAqUiscvFw4N#>TNiG$+{#81?p<20YQ+BuQD+lyw*e6+4qE)E%K+XrR}`|!jG3f zx@Xv&YiuB&SyF5Yjdz-z?SVQ@+sJ9|#ure3cKD$e#wjiDQuFa1foC?X%OJ$Hhqr)X zP?Ucha3rS1tCev!Xl!0zbm$}vPn}2hvE2}MXS~--8d)~2u}0y~+6#`FrlX7dw1l{;zH0s6NTZiEU~hBiCgX3ydhE}MGXj_iOI8`^@H4H6>-!_eeoNSvU-cy*tMlb zsJ1+EStx$1>ndw)H+Eh}sP~zE>#4R#Q>t?~V-L3dIMmAP0Q(Y3tipb~PRC{o;|WPM zZEQE^oOn8>gw)H66H?oUm&tv>I`Uw;r`iu}16%XX*oPC&aN`=zhHl z5;jmJuQrU|Gtv>B(YNV2$idSTVLCo*T^E{xQ{>YW{zA2EF2}nz<{iMd$W8cqC+Af= zqLd3MDp@Jh*F-r3#=})YFuc}VOr!Hd?PZNnj=Q{2(?;aMUY@kLg>vDwyLVK$4(xQa zYrteRrO0UV!{mit$muxX&B^3>ZcTN8_Pjkkpq=KepU(QSZTeW44TpXOLZq%E_#3f9 zGkquJ^kS#=zO@De;EIWR^_aQqyIuLsX9i5>JUg_A8TmsClu!K7*6LR8-gNd=N@?T> zA?Zj$%&sYBoVswX$w#2mkONL zf}HB>(+}VR>hfDVtVWGEH&dKtrw$V)*6$9pdcH?@ywsk1*= z=e94r_59LbF}4fW^^5wGs36ku>?wda%DH4~TZYGd4aG^Xe;7N{o_ueoDcp}B(7Knh zbM2~PL%?U*MlT&6s}|t2-b&pQBkvGyU0D_Pl@MB-bSefaevsL7vLu`5i%CJs7p(a~ z#3@`{3CE7Wzwz&2VHDI{!8hr+HCQP`@x?C)>ETAKAP7XF11f2*j`((;Ld;_;bR5gk`FMf*^wvQ9G zBQ;fCzqZ*LNJz8tOxSHB7LPbq>9~@wQ&zLTh0RWNH&%EHMPytn0{js1N22D%qGLr+ zr!MB**Lhy41Vr|8vkH3c<+c-URuIftg>jn^PAd(gRiqh>o)Qukmz%tLm;$=iXYJXD zc7N>P5tR+4Y1*1#4j>&~z%d4W|! z%`Gip)b;CZ&ftto`c$A4+sg<5J5@(m_ZJ?KQeNL^0c6% zg3;LMJV;p87XzD*x8XD-k9VPYoYYnesT#`G0H(nxARnX8Vee1~iQmJ0ApVA!UrgG? zLMLAKp@Nd1@4jAFpuK|qQDO>B08ASN(WqVj%`K5t-ZRI9Yw9(Y)D|&^76qS(iAHUn zX%?Kl{Y|s$3c~9bc6(G`?xa1LR`Ff|kVqzGDgV8f_mx=&Z1fQ?8vj@Po5Ggnu?l4%d=8P#G|c(tUj zn4YzXEtgM=Lte-mV{RqQ&zSamDXV+@nB=FsugrMtFxMp)B9}LMKgTdc;-gBomtD38 znqwRc?5|z0SD0A_5s8NcP<<3`Bt2)`63Q;e(Cj*1xyU60~CpKjW6{3-@p_rMFUl z&k6T{tFG-}Lws@9l95K-Gs{TaMgYu+1B4hl_MK>OZi2*2WBZn zCek%=p1vum4jlxExyTIHf(X8qGp{&`NnCG5Y4pICs(;e)fRlV3TfkVqfNrToj9i;k ze}$X;rg$v^gjNb+*qJ?9&b`WT6uvPgx8|nuqC;-(l}uyI2C|e|6&|0nxEkRPRplMi zZo<>u$BQ1Pv{Q7)`Q*8GRvg06D-y4o^lAOu3D`D|^-xkY$|S^ETuu##7TQoO?nP&l zT?QOo6e*uSA|+I7*?i`@G+Ey%h<3qfmDRQ@Wri`5w5#8p3V#D}Zae9r?she$@yhqA z7s@@D%pfj2NnK)0GtEXE?!g)34!yyRU=~7fej3XikVW#Om0%IpoykKHn4+I47}Q9i z#vrz5y%c#-wE92!!`np?nLzySb0|khHRB6XNYx&&IV3li`tpdb2|PX1Uj{EWYJ6)cEjR&i%^}-te1C)k{=HE>^lffqweHz!0j>AOi>c+FoVNXKY@6$ z<=O)ot?h`0jBaZ|m){vH&u;2DC54Nrc90)Il6zFV`_D>@4ig$&&V2M-yXNP`A5fjq zf&e_Gih(!W%1{1jzxrP2+B@NgXWp$kgOKJMeNL~Y-Q}&*)P5AS@1g*bg6yGJqEcjc zUdEvfg_FV!bvg-YeAjw#0BBe+mpNK$$aE#$ON}vUA;@9zCuM0AA$sd~Z;foVK$f}d zBWq*7@Arjs+aamR_r5xs=-0d_uJ?3~Y4}=hKrbG!&^bsZ@7*z&2lc;zIxZr9_VZqn zJ3gZ7b3gp95N6w8+7X1yjLH;Ue~|T~8AVq>lW*OXS&r;_zC;R#^X+_gt5NdEGV8E<8$C8aayMp=W9)U*fYmA&p1CWns#xeZ9GP>rM9dBx)rumvws2;(-VF7x4fD))mXl-kneu*@Ooz+AfvL!n<-32=G_@ z!W$fC&PcoMn~=`&L-d4aYVkizjqze&KMbAp#9rSvD#vo*>GWaM9EFu(!T=2~gTlRp z;QL)E12lY{AFndE+!iWqzu|wfnyKQkJQZPzp7f~b4Q-wkvYt>(U|H=!sR^Q2-Ir%` zJb?6+)Qwi*9Z6YH2U#N`Fx&W^v+RuJ9|Huq^+TSF6-BabI}Eiw;bmBh2F|A)2)vO5 zN9#l+ZslY&VkaJPmJwL1`_=uw^}(h=a^14dr)9}c+J7=SN`+9p&Sr#>LQ*!*tbUIs zG9?pS{ciW7C4+oF`5qThFGy#7T=?BVPct?IqWo^G{CKVL8x%zc2`C&hPY3-}|r&Mz&xv+x*IjGSt z!7^hWz*L0R*F3!NU%7LFAKhwWA0U9NRtzwTSq>`J{T2a3DSFB-#pC8w2e*;6Gwb!E z&gcjD`dub5(}l;a^W)AF1!WUTq}w`}6l>2@l{5(x&OFymVgs+B+K>~_lsN2QbAbU& zc_9f4WO(kc z8Rr25rexEVtsDak84~H5y`_K!<@=qEzk=b2wf4nw=&YoihHOvwl{7f>wQ5ZuZl^63 zxOLiL-zh5}<>-#9u9ur;UG!u|!-g5BYQp;*yF-{e?Sh;t{^`1 z5DBXvLx~#>B0k3HqVj9#5bfk!t%P2h*Qh?d|82{gwgsZ9my`XXSL2p&kDo4V#WgSJ z<%tiVWwz|7q`xa?4-6naPin}14(Dw-c>%}`xs80&S$e{jLHB%YX7ekW)2do+*YWNqJIbK5H5{>5&_v#t zjh>&}JTW303%B%jw#07yuMduHO0W^$hxHTmRt5X=TXU8B=KZNgL8M{ua7<$p2bcUd zGI8M*WMClJ4q}zdKZcu1jIsdP`)mF+{c_=T`#roG4)n1QPGLJw9sR;f(Y|}S+`BK| z(l=aTl=-SN#5a9sKl!NOyFBAFwv8yoVoTx4|H$=)f3Qm?z7YFr`QpkQ9A z;Zt!Job(`GT3ppRH?~YiV_amcGxX&45uVqkJaR;eUTh^?+|%?!&)F<_-YtGnOn&Mp zkGK6PEhWXfr$MB59E?*(a@MoB-p$cll)NS;wz5?bWhnzJsb!s147qR!yN=%kSHv7;5Z|_|U#uYku_1Mg zydMtx6~KGK(}Z(I1QUepdHbvv5@@{e;1|eNsVVcr%?DHV^FI$5EW%T{e7|#ouy9wO z*QKzEYWTx4A^{+6<3M`>DVkdSS*`KxyxwF0^@Bm|@$<3Gi2aR4(Po<`*bg|>90dUf z|Jj2Uk*pw6yCUeu!I$%f>As0qfh3&(-`GNwEObAb{4`5u<)cy9V+Q2DN1v|jl{ME^ zzY0d$X7+PvDIG1^>``QUwh>e7&z1dyDiEZjDi+5T+$v3;&IBAYT6^!=Z8`1!>@O{4 zxAwTo&Mx86I9@M(?y>{f<|D_f$<7xD-#8cEMqspVv)43W}IruKL7aK_>^g> zd$|GCWIzZ0J|E#46T&Gp(>n~yrmpd9_3m!cmRWu4o;=tGE$02z|^*(OrJncPp%g08Wd&Yz+s~(7-2J`6S{t~lYCa`f7>JzeT|x~tXsn9_|v+2S!9vD)Mw zVu+EJ{pH0!+1C= z(a>=ao;PpE7$LsmF}yy_e)6ahd)av^W#Ne^=EU$2wi-6+I*R?8u3Ed|V{nCjDihNR zSB{1@av0TWh$Yu4G^WCSrm^Ebc-hN*3Eo`m8@(gN!G%ix{N9Fi5vp<>XCUrnb4#$D zz!lCg4YirFt2?(#D`>VfOlI4qmti zw{hfe<|=iC>Q)PTa#eQsimS-GY4O1sZ*iFXI|??eZCPyVQD`w`fimQ*Qorb|s`1&!RP1D%v+C+ z$Ppi@Tt67o0#oheY0ggeEiZi(YHQe%M7857*3ygRtI~Qc49c_+M)k;uLzvLo_qHVu zvrit>Lj-p)di`dnNS7S}!1%4#WR)I^7#gEX0OXcAu*Z^KXgry5dD2wovlFCfr2?F) zGa4$T@k>54$x0@ENKIyPStP9t6K7dACRIZx+Ej1sV;-?6R1q-+;Y0-pD33aYh(#P) zYP6k-3Ck~?){l6|q}bf;nsmZ5++Wb%yBQmGIF8(c845=!Y)!;KZE2St+}3m%7W1hY z&BPFT#U_P{>|NUo;QzZ4P>GwDgH*hKHCdF2fREFriEbc#aXpH!6EXAj$KPZjc?Z=T z*0i>su1;(IrRXP=c#_ljwbNrt^>3PM17u7MXGx(x2UJ@fu2O;H=9F=iBXQ?-2z`^x zc#9==m%3e4>Q%06A52Ck3_sLY%4xQ)nc!`%KO3BO^!hJZq}c~?BFCyOG9eD+-((w! z_y+^v8?9imge{QAghvt9^4F3vSo^aP;PyZNTIpvsWYLAdh;9t8j})={8+nK=-NN{q ze+WJG46Ou>u*79sAUV|Q)uoyGWaho6eYQ+I7DxC$)~u^~e-oA)dGoaqxgXsX$C|tl z(2R$UI|>NlLy+RzH5ToURxNM4sRzLO6YZN4m^=?0r>A{TwoVfzwo|&hlg$Z>F{-ix zTfFh>4bJ+Wj&c*V_TcEJlL29OpiP_%irLi66B7^P*qF|tDdEM(&o7`U_6$-lyYh83 zkI%>|#iT9ytz^_(9~RYsQeh;e5?WDW)#hQS>jrVMj=W+JTamjOA#xHMN`tR_HSldV zsqYzay;BYe7hrei{n>Ol4+URs4Zs>DA>7P*p-zFlybuq+0mYqMnCJIURIJw?ZKWFj7|D^c)# zD_eO+rME$2YQ2wx|4603X|XihwC_B4JS*F9M+}X~L%e`Z>$ma_5`(LowCtKn()f`j zzkUimo{7@|E%iBpHfaoi4DG=7H9tC*->TmIZ^JZ{z8Plk!iay?dVy=NXuBZnbhM(@ z`&5X(p{ywA&z49b)+5YzTQw&#{-i0G)Q5@haHHuS)qx=RO)O5;V}ky^CYPiJ#l4{# zX@!p|R75MJ-(73(bbleG*v_Q8dXGmE<2E20T?vc8d`#x~py&_c{q~E4;`MRVYMN$< z_)!~(L(^yRr>K+emJvc1nv%ZXtuML?=RUn89ai`t5`eATEdDR{-ZQMpcIy_k^I8A} z6#*$q6A@5~NC}8YC!iFOuAqb>MOuIW5m1rd!2qEnDnjTzAku5-E%Xi{p%Wm4oCkd0 zZ@ud~Ywvy5-uvHKf4Fk#C3(D``=0k4bB;NNBr2<|SfHplDM(jr zo5UbyuYyhGI8iEFT)sX*Q|yu8LhDwv@?$d4`Z<>*oISm-TJrO&lMp=v%tsnyTg z6WOLu%E2T3H^d~e7T$Wia_`&)gpQIsP}WCL>td>PCsuVfyvL`ix!U$vwx-Lccu zi7X|iFn(*~Upp}LBjxmxhlr0nQO!~y>?xm$Ep$j>_kMWPiYId0fuyhguDri!LEK_% z5M%tVl;ULr;3;D3`J{xI;Eyk;VyKGmsB4acxGx&hpD)VvB)65G1vBc2X~q*g%|g`l zOPg&TeV^`QJb(p&mcl!TCR9mIHWN||i&7;PLj5-*4O6+o2P~vQG_WIUTSMmBAKUf8 zR~86rK~pG4HcCB=rjy-;S|wC_(<>!L;@sn}Q`KTtt5w|E7XG4ZH3!%CR^w4BFK4d7Mk%#R1-jBJZm&eh%RbJc92vMtqo=PD|0yp08 z3>}M;58%vQAsZUVO=rPK>CapzTdzoLITEU#>W{c&Yn4#CcM?}jU>YK_?AqV@E5m!y z%h$iTKU<(w?|Lp{)?X*-z8WV)!Qu8LY4{(`FCD)*Hj77qAoh*2E>pf09;E|(?qhsg z`bqQcAzW)U>gO!IteGK?&)dl{{s4GivJVUPfW~$@z8&huQs}ihMoBlV@1@vYw$z9h zvkN~jP~L4YvjKQZX>y%JK69f7&lU~%H3QlQMDAUBwip2efpIUA@1f+}DeuhrK{FaJO77CNC?$t486J%ax?jSY0c`Il1JzJGc2MvwS7Ji ztS2@ETN{&33Hh72?TUYcn;RjQgG@Wq<|EaOu;Y9AQKybWrY5UJQl=9&^dW zJnpUqwJePV+)t;pHo|gdBSXh&nB;#M3~3)cuY5dQY`vo9UI@`GTkbxOA7WJZ*g5b^ zO3zeQ=%TZ#I}e2by_35#cMj~wo_*J@Q4LubfQJR`n5GLG6?BR+gS3YVEei}?*K|7W zP(oP;lprAoa|L0|TztCOF397lvt0$@9K*1_Za`g>8hU{Eg?-7-`5 z=uCu)KIt|&?9i7~OZCL>zs4wNDkz$*Uco=zT_(_1{>+s9BIb$bzaJMdR!1e7J2Dn} zW~dyr)PKt{qSDM=ben;?Q*&t=Z&6r#eyGM*LdXZZkzWz)dMXK5oO)JeovQ1DkDycB3Uorw|Zokki~MHk#|j2CX{|pgxbwENhHmA5RK7T=xN*hm^iu^YzWJS zo+OsX*IlIUq|sS^_m~Cz*w?RU2NUh-*>DuU3$P{&>4xez!Jk6CE$q;6Hk$9&R_+w2 zqWT&Nm1bO8(^DMl*(PBW+cP1>zb&qTA@>Y@+HI|(*HP>oQy1Cl(nHZF*tISqbCS`SzF z7IAshWyeG~-?sGruA=^f>X5TRq8Ra%7BEI5b{B33HMdMgCCZfmJq7MhOGN+b9aJqq z2{1T^NW>NG%-7?Xf(Oj@kz8N|O4UfQV$-)iLg=w?NmR-_2a8`sIit4&S70dp8Yq$BidkW5MdasjW=`$tiwB>z)<(}JCVjhzT)InPjWI}b~ApcL%%h&`ic5pOaPv3$F_ z@KZE(V^hB;e13$^8b%&hJg7SZzgZTdk~*$q%Vj-4QWtH}GV5&e8^TrB`3k@e@?SYWIyhT5QIpFh z(*$>(iQ0_ZDX7|&1!!Ti_fa%X7G{EJq^cYZUEa6)@^%iXbZl4EKi`hKm6Bmu!8f}P zvwOR=wi8(A7sN{#t-$zyh!eB(E=VaBGvXnR!gSl1$$Rnl)}2<4cev9^cRsZ(tpYdM z48D~pe}^o+=vAJ~^h@iC0JeMaALKD7@Ny>{eXLyrc1GJcOiaUAMvJT@tzX9IXp zhQc=+s@F%MG7`+46Fc)sIOh9{vJ4JD4j#T^-(1ho1eA)-V|Vh#Ln9U0V8aNC{XA(V z&iVxH_;#)>MrJ@UfPwZ@*T><`S|gYQ?X1N65lK7RwX0{L*YUQtf`JFmr|uAINEBh& zloSqo;>x(7*tmO1K|%;;3Wv%dR~iQ}*1R)GvQq(wVax5AdL^M|-59fW3&tAs)j{Sz zjJIKSuc!x2E^nADp2NE9u$xL5)~NE2`98*p}Va z0w&*W-plSS^~0WtDQ=zf0k*>0ck?Q8(WCY?IS23PsF~W6c%O>H=jTpaoPkC)`W67xJmdAxYE(4X!4On$}91Z$>bE zfk5!QhQ4Pp;q{OLW$g(Wt z*Z4VfzA3s)Fm9lJPRdKt8awTc+?Ahi3w8D4 zH<+zXorE%1-x=gQYzbFIPtx{A3b(xOn3ouVW)Mc;f`z`(qYWU+ES(#4f4swhnp;;D z-gQZ&fqW1uT;{D@+IuN;#1!tb{6Y^o-ou$0bYJ(ii9fj zSEKee`WA#NvFF6T`SuOpVsY&?o|PdEzrg|7(!@nF#(BHxDZ)9p0k_l30f^^pqxDL@ z%^RQwBFyWKl~_FT^`bhce32%p{D^CBXdqu;p_-5e_UN1s*l1I_EJGJ;_ zP67Gc6=;NK<-sMngpZ25v6RH?OX61fZXL@z!*A>Y-IG>%5tQMyr!ZWtbWa`qfR;v4ipWjnc~%saOf@K>%ll1gG^yhV*Mm6IXC zi~n2+dEgB&W&S9Uf$rf^AdXouosYqn;AOa~LZlFZvie%Q%=HpPSrTYWmT9J@-FwgX8rK`PFMrOxz>INia)4H` z<*RIMg0rCes*9zAoVA@KV>Xb~ddcEn5W5;-F#i((T{X-b1L7FUKMnm%*Uq~9^x8*i zH+idmDbTVNe#PtIT-(|GadUuuN_jJK%X;8P>=yI=rm1?>*E0iV3E_-RRD#tzKZH;C zRum+`cXe3ZOEWjN0jbj#d`Xcbq?y6Qi^G#d?KEax8Pi}hR8P3`EYrlT{B zMu1>Dn0Vk4($fVdHGjYe0MX{K8N+du#4;bsa&hdHBX=fDaK#4LmQm>FT+;Q;G3t+@ zic_^n=*Ugz*jvZWZM>LjtUxTYZTTp|3CAy{;#aX^zl2U)=1Xe~Dq;x!E*B)*ktLi)hW+Ftbx=Y$I_KbzH@!30A#?yw_=5AP2!o$&>|zr!Oq!#dOpkA$24iYm zUTBuSyF$5t^K_!c#1L7|YXdcf9(Y*Kr-m6y@oB(6{OJm0s};*hJ+mBqA4FzoPHL5Dg|Xow z%`_oFQ9G+)%FCtS+!oT~MY+RBQ<<7Rg`*D*;g8-Al#1NG5;z~JQ6Xv{vrZ*7Jb&AG zo*n4i9I&<|S;EQK$4Nl zlJ7w` zcPQN@Y+eE}1#q`p^UHc1eEvjS!aq*>MB`!CG#(Gh+qr831j9AW@_@5<4k`s)X~ig%lu$1Uyh_X7bVJhPGAqFE}7 zOgb4+yJkGc79OF-`{kc?kZKL2H8a+>Vw>xcC)U`)V+!W^6CQx2Jw1}e&b^me`(@m3 zVp6>H=-p7%0g@)LQ zz+S19W&8MGHwk~*dy(RN79&INASO{5MUUCafiCK?>-V3p&$R=rB544(qNayds!1yA z^RyJoiUw%Zq>6DXyC4bRWJ#Q>uk){N`n=*5HdFwQ9j$=+*+j~$O&*Hy5q4uGaXV%o zm){4zmGR)%T|a%mKRmkApN*aA$4a`UNtgC)>6oSI7ro);HxP-Ia_fe?vJ2hI0}8RV zc~Eunn@58I*M4Vuc0NbJ$UVJ|YP1C)NBEoH_2cV0Rf{qzG1fO>-3cE&=rEWK!D{9E z#R>>FUl2PJ!MKm8Kk!^ywUh{oyUKDx-Os0|`>363s$w51d@rEd3$cToX+!kr35~q% zwHv${z<*lML7{y~$f>DSmR|TMG|ec>)Fprktcs%&MKgdvw9oJy+$>aJZLx7h2_fX2 zTxqYcz4sgWK5##rS2`R^v5F4lXBRg78DMfF`zNrt#VwI+0#Pzz?!NXs2m(z(o*hVowDz5Ti}mNNnHahFdB*DNrXaa?p4Yo`W=~u%?R62m&pzdTwhhy z&C^lOgfqOqZ@txU;}0;R%vsccf_-$Tx_ z<0Nfi5q+A-;^a%=Uq3atf&XOJSitYD&qv@hPesVB9Q1%Hq(G}eA`ILOgh^T9^n!)u_FDK4?yY@wbs)d zFSoJMni%_Rlr@j5JKx_{(H-u%crSfRDz&xFf#rjw3#qKetDzU)s5#YVEa^Y#5E(?N z11KGo0-Mm>G@HT|`Mg5$en|K8;`aQ%r#xYzr-b;{Zp3iD1M>|uZRn1&h?a(wcLFq1 z^d)AR&+IFn6~qU)dFgveVx!eHXKQ65^L)qOawlO^vV|plLoVdOurv_;juD+ESiP=I_aP}StvQa{!A(D(Uct1!pg; zSL8iv2TPna(vrc*HF48D)lZ8^$xyz!Qbo)Q+L^Mp(>@Dh1b=ZQ3_;T0AUav{hFUc- z`T$&fmA%p4bu`+#^E-+NDjf06Mw52zS3r0!ld;NfyNB!#j0+sLQcAR&JC8d8Aw^Ix zU(NOn%&+IGl0U7@u;C3O)^eFQ)0yhX8$?iNJz^Y~baQBJ7n9iXB2yu#mc!M__!8q- zk2ya(k&IXVTJ4>i-tRi>8&mwR#@RmwtjFD&FHkXnn_oxp23+R7UTC2}&$eu~zn2wi zcJOwV)h`jVHmz{FsGXwVSK5<8C>)ge`ipT07YRVyCyEmbmz2H$qpCK24WLwXc!v<$ zM#ChZOJ~*MJpH?zW?I|4lgDdM?}s4K#^q=b#z_89766!}IPm6;o48}NR*#BpS!Fv( z`I-)bR@=`rj&0x6xs7;1d}JOKWT66}e373ePh*pO0D<(UcS{mXD!%rLqHo3u#tfW2 zR(SG6C_o;xrc#Tpw|0@poGR4hY4MEJ4w@@e0`+8BhrIEg|ER<_2vo)r&ZxwQcb*s4d2{ScGrkJ;nS zvxwVm8{Gn01baWRRw}k8p$lVbS(?i;hQ_FwaA~bI2`Wb5^kN>4s>`@5UgZ5eV$k$` zXJEztrJE((OWfK&>N_{qVm02t-N*#2FLsMiS%fL0jLiXM7R%EFc}HLvli@poB7JSw zVp{w7WO*W55WebM>W1*71Ua=2H7*^-D>f&m>)@-7foIgj#IutNf9O5Fjf~T6i8m$= z#65M$S&r|hfvtUeL_;$B^|5v5*cc5WJ1qe*zO#c}F zdQ(zXCQE;FS1U%ImG@j)gyXU0+318zD2OqHYX8H3F=&q@d)UJ+_|wXu zck}jF_eknl8g@g^zn7>jzWF5`l{C(LBhDf@V>G!jLnYE(-6)b#GJm9Syuf_PL+eI%qAOS|dtMP8+UFxNDr(iIQtaJa(U8)0DL)$$Dj zG$R`Bd-g$d)hO$d5V%YC2jLqu@bI0BlBwJ*7VF+ugR|Tm2eUM*JoM&0-6{Fg9@2Xg z*`KiI88XvIE@sY!IX2b<+Y;ZNlAU-BiVH8_dH&O>*rjqGsBbL-gny&QkGQ1oJO`AK z%d&liDRVAjO(2$)s8Hzx!$h{t0AYM|Y*OSNq~H0FljF*cA8{G0JS}84cO8vg{DFDx<=PU`0bk&~VsB$w?b0{9FCnj0)K4=g4x~yF6u}HJD78f2 zM33uLQssiP#L^nKgDGKIeKmcQ1S?H6WV^N(ua;2VWvMx<)xL1ih&kPAOz`~uW>2{j z7#;~>%_-lIvDBo+C$niuy2`-p-Kx1~S6X-!f1IMoAB65PZ%!p7Bk#ijgCSl2%d6K= zj$vJOR5t5Fqdcx?V#yD^=OWD<+FfJg(6~!Ng_k>$TE#Qp=-1IDcCj-?Z_Elk=%Tn`4I`7=Q9V}J2%c2_qg5urtOs%h?0n)6AH-Mc4 zW0}IVv&V200K6}-78ri?D)}W@sl@SS5M65hXa*P}gZ6L0%`1cD_3{**-I{_pg$b19 z(bJ!`b(nvy=~{+GMG-Duj1oA`d{X|x%*jjikzr@#pFVnWVfj(+mAs4RA4e&qKh>1T zsMzm-`N4>7qlnR=(V>?wDf4bGI!2_3(3O$0lPj(V zH+KORY&8fJafk~Oq5yQED-t3$0_m5&nvET=Im;!nHxRh#sc)%hT3xn(H6>Be36Xw? z1U-K+f)>ANOnX5;Fo$cb7~zUp?7s>lUfrPlA-!FusthA@z!xlJjoMbu5qFL0=|*4i zWZs)YS%5amvD1grRY$XBzX!~;C$xE_EtWeRvkB2G%=ab1RV&Dsnw3@yPrD$VYiJKq z&Wk4%NKI#^tsj@OG{$Y*#&ArneAp%q2 ziqn?u9jv#;wf^KGxyi0dfCE7zagx{dU#O3aqupf$BE1k(YD%}(WErlJ$Cy)Vb9Y;7 zeErf#@lcptf#=q2qh`82`vb?Wsf_Nm4iZvl*=*HrdN9vyeQRJ`dA8+BM(U8CIjEu@ zd|{PGx{^}Evko+w#RI8bf0Ptjye+Fx>BJS=V3DW7&I|syM93$ ze8O|wz3BqPC>!_nG}8~5kirw5X7Ad@S$%r@ugCdpmDQ(eV~qS}TaLd)7yIFEc%jaQ zc@1+aMKvWEiF_iY=DTs}ZU+%^=smW0q=W9&Wb1&#vZ^05J-IBfHpxu?jx^|}TG{^b z+;=T8>Z=Z_rhv#n>&zwU6DsO?z7ecwR;L_vieiuDedvJ>=a!-Z94MqA{H0 zgyOprkVtQ5qS}uS@A^U{s>nO4Tmku+*HMYBij4j0e{VlOi`s%^w6E%oMU?YXPuz|W z%n}3hVLZzW8`O+(VA7<&f@bHb;fnfwxVOd6>iFv^J@kO($*##}&U|oP@=DRNj8mIo zs}?#L4iBA=-6XY>Dn;&s#;QH+f`0~7Rd4M{yexl|V<;7CXwgv(lRAscvOu1cT)UBH ztr02)iwT<3yT5a6Q@?Y&bQXI+odEkpGB$z6kv@j>Pi!xE5@$1J53asWkl)9_JF|<+ zjD2KKOKBXZeuy(hWzKswE~o;%mVz zoxV*LPO9utP!k8Hp{Z#c zztp@WHsMY?0|gjV2k8gIh!>(jpC33@fO6f3t~lbimGH*I?KOFlqfLn%Zj$g}+hLoW zqg}Hsl%wGZE7mGG*?^0?WN9qS(NoGb0)dbcIo9Kq*$v9vl7!1^BWY$zA=x3e&nuxteLuoyxa^Cizt5Vps@{f@BqvmJPlqDwq}Ej-wT|rkhw1z zxw%1_jtu5Bn416=qIVuwX70r3d4MvnqPndZ_9O#W|DA;wNK#hgR_npEI&B0+H#24M$Km_JyPfJp_}xQdbFjGHEmRWK z{TN3_^X)NfE`3a8IX~I+TXXN_zX$Y(>~!8*$emo}2)eT`PM~b47(W^MVW8zOhvDIav^&z#I*_fMdDq^&#jj@{|x;D~#U+>mwBD8R7h6{wt}>vADOe1@TRLjv(J*)e!) zvB9iXolvJJ1sfD?+|^()z*r>bf%P`q`h=V}PG`VChLbCZXl zG7os@8X1dXX`&79&X!oNTM(E zp|cs`D9NlX9JUts^O;$o#3(ctEuNXPCezw}!0>q*7&Okg%;#=g`MQup5C7y@YjC!{ z3WgOq&0qU|^H4f)4@A5!eni#0bTmp9d^Aet1~Q!TwS5`c++pKrpeSz7-sz}6uSkf+ z4v$D#gEOrda2s;%_I}SH!i9Ua-wQOU{dAo{(_aj1i5(^ITNOZEQsKW{4Ydm<{Y{@x&s;5R zkEKf1j4UBp37H7vo}wLJdGhhs5)L(HCE6}0&TZ`!imBs+2L+k|8qOB}9Rqa^qnDzn zrGECi5=$E#Qn2B4{X$Tex%P2tuYh!mcP<<~=g|hkVuHL#Fm0;s#CJ(h_q$Ykf7&dy zh~{AKmv#Jcxyi?4Y`cyPOPcJ-iM$x+PoZOTsyoIa{!rDtr*&zkkxA*m@U8bAq1+$6 z2Qy^dQsRfew%x-|buF$RJd^+?+(NVT#(5oP2G2rzKCHhA*Ck}}zE%reudomG2HlsX_wItS;U3q#x z8pRM3T+tz_gdY7gWGgI>@`JMGaLpstl*CM0MO%f#5?=bdD~@HisIVuWou{S=GNB)X%>mw=XO$KD1h@L!M+ z1u!hg^u0j3_x>KEOW^jo?3zJaI^$Ayb*LMukH&Ri(H(@dxKqDQ3_=am6Q(i`yjTp7&X#@b*6v2#MsT) zv4Q(3b1h%}sG8Opy~lgAshq+Ads^{UJ0rBZamDmgp0hVos4W~GkuH&EN2cD&4k^-H zj~G~4x)HCtAKCf6qjH;rH8OyDT7e2+zt9;C-RUHex*XK2eo`a{0rQn?thv3$H+SXQ zx~r=F9)RzYS_4K z`bVn3_XE@i{1hrIE*4*fj-A~wrl59r*33Eze|?zpxs2cH)&ix}Q8|AG!E&TlpNNIl zC5=`Bu3eUHa?EyBG}--A-}znvLTN&F2ak9dAJU&0nend!B8(i__w4Q(U(D zJ3X9>1MuX6Af{0dEq2S4tzdpGtuGI^t3mD`xfLvY-WzQyHsPU8=Oh|b!9I$KfKOFN zLRrUJSur@yjyN0@?0ARHMXO>>Ll`q*b}4JvcApK(T#?H zv8jWH9MF$veqfK=5S%>0wo|@mg2&g})Vju60eX#XlF7}?H)C$k4-AX=zGgE?Ne%}M zhef5LpIF=V+IGG7dGkegA+)@2&Am5NB>C3iWs8+&+cWlcDU4kQe`#D~gyUCFP@EGF zwTPIcP&L0?x+Yc>bUK{fJBu@UwArL>5oe=}7z#hxW^Opo&MX1c<0>Ve1*en0!~8tX zf(EY$I9J|xdQ1g={Jh*t<4NZ?0hBBSsrK^~Cs*Fa`YQ9rYzY?@4cVjaB24i(K)E$vCwYs+G8O)=@tLO?Qe@ zi5b=7%=$}gg~)Gi6t(3zMxTm+_n_@QQJPZo$!POIA%H6Pw{W8uhk@}F;k)@og zNM?ZGwJDkhOA(0F_opqlk?hnN#}Sp$0lNtk8{fDmMyueKx#c0YQ!!CL;s@u;DwGp; zhd4V2;xQ2K^5)6Ky{px7!bS zKq}MB^xNolI~%R5HdPxh^TXw87p!`WKElAtC2=8p&!g5 zCDmWccYC&~>r}7@AnV#UM?Jf5zQtwTQA$%b@;Y@3Fw2{Y!1ZUxx&Wi@^+J|G9j{}# zrPi&6@-re6uC3uv)vClqGWv|sNP3Ehb^qglxGwsGT}W`{Za>U8A*3P156UP*grJG>3g`+Tfj_}?RLfEt z_^tE#bY$iXjOkF!Z^0cX1C+;rMi6J(;QN!3nx*zP?0nP4NDqzOw)j`jMqRUhG+vKb z-P0?C#epc#B7vXQXmIx?Z@Y}RqY{lW`ltuW?R<@61x*%%0xpW&tBZfaq04!-m(pHB z|7t=D^L|i&HT?+(?*g3!lW)jiGKb(`z4}xx{KZ!+M#hT^i06e2u^FnA`^~h()8LKj zZ~8?67nmiUbb!QmWMIx^sA|LnweGwL#*@uri>$y33@{)(IY#3r2*5FT075}*7G z$bLyROoH8^?Tai%=NO=jq)}4XymCMv-6QnEl{fP_Y2M1dSY786WuunOK(A`6Xr9ar zMvaox?y5h^upj%eE?Y9JOo-mdLd3uNsi-<-v$yCnuNoM5Lit$unaf;JJ9lmO6x`M$ zGuF1J)t`v5oULKmx&btd&KxW9a4%QhdoYtTS84U6TZ8+vba(2&%lOHHsnc{uS{1n$ z-oUB~5Qi~T7GNWJW|!j;uTM-BF$~oOY+slBAy?!I`uyHNFb|M^t~Qpmj~ke-ux(5# zonYIlsTRbaE+d^PD#3*&>s9XD&h!79%pw1}+bs^nulK`O;4oj<8lICUuel;)Si4 z@>A>LdalGp2^Y)fyCcb6n#(|3SEuI@@xGbYouhX)a!_Y%u^p86+PTWp3x$FvdWdu6 z@W3d0dkBx_pvzk0r}jvyR)_onE*HVxSxw9I4qd`Ml_=n}E!J0UxK61w9juUeiP)xG1oO+`h z85A|Rp)VMz1`AaF4pvvT_NR5fz`Ls+FjK(n|7V~R_ow9rjnzpP9GDehO5lm)D#fgG z-Cva7!Zdxho)>duRF~a!GuLQwjvCCf?v~4{>5)%Lp}#FLJWjoZ2`o`6#A17bPHj&o z8B~%NpthzQwHY%A=mJBlj{;54yk8D~D~yy0cr5&l6Y!qyllhd~SA0@{B?Uo2b#i_( ziZ4VukI!Q+uAUl>sw#|mEFOH7bM3}jOUIT{xm~p$OpF8wwt?4Tme*pk%_J} zfLQ<_NBP@J5_`lnTzBULL^iRRvdr(Qv78MINi?W)!^JJp@WJ~0@dJ-0kCTkhob za6K+)EQZHVRrS`|r2lcx$9{@9;-J>p$+8N1mdVKjb*M6On4v84QI(bHPXoKq?R+Hu zgH_*mUKU$BW(Vf*Q(L%uRbqQ`kjv*_75de4OMJ+uw^d>;P}r~)F8CN(xy0z^NchIH zm7a=t!|`>dd9=A4ahY7YVaBEH@Uf!X=X4;rpZGQT&Ksm|?u+AP>AUqIS}}Jf;WM}e zdb?_2{gJL4Blx-Yc-`SKm&jem0-%yzgIq={m_|LHstvf3HB(F(U3?>)!gXPR0HU+!p2^ zOLDf=SGYBHd<&}BI-7=)O6)(ixYIx1sXQB#_&}y~-rPu={*0}iv8Kf5mpM=iLs5+&*^$2vlHhP+jj?8U*jiq!Kb=UQI`yED13HwHLiNIz8b&b z%Yt8g#u{Q#!u<#)9K4U?=amf=&&(EG$cQ@!vGe*u2i^ zf?u3yhq&Ld)S_B;W+p_d2q88Fi%n)d+$5A+N7e?^CaH9CiJ z#1KzKpQ~LP*k3{V-St7nbhj;U>Jv3c2YasZEe@WeJ2h}w>ho&~Cl63!{%W>}yU8h+ zJ0kl$ap>WJ&toPA{lU1|2PtlZGn&%}jEkbNgJjv0vs;M|EM@I~1m<`5 zGNoAjnr>(s5nKjRsNi*=EHTaXeo<(c!vjixG3)GQW!~bfGnE6kkXVnLd0@04xO>iV zwA@GgPMq-aoEFJ3TQX$E_?q&RT++S3*T2}}k!D@Sl|^E9C7jzsL#5MUXOEfijsrF8 zm7Gk}{Hyj`;H+7(BtV(1Iy17u*3_oklTC!!$IxET!C+p<2siyGExfQ%YZMzxgSc#F zLUn*iv^59>D1pqvaUUqGNTvac7c0Dy(xVL=bLIW>XZa@+B@+;r4l>5+F&=9rWg*3N z8~yJ^Sajrwkt6H<8kElvOmxQ*FAFdnXsAX2#3J5u5+!*fFgX>W?~OUicoZXcR@;Ao zJ2r9&s?{3vQVit-=owZ!&Llm`+odMj74?0dF~?|uOw2Rd!dn~?5zjSMeqh5R#tq#K z{g0}^0W*W5H*D&3ThTCI>#TwI2hUtLKb}i%UYk@A!QwPbOA8fbd6Xqaszw)^J?BPW zD9H4NFKzB>Ms77YWnWnzY8$0R{Vfawx`yWx{QYSYhSCqcUrGmJO+5L0&&b5@`1I2q z<_6&X%?-izJ?53B;i4KAp2hnlB3>XVl&o(IOtV4kst?wYuUfC}Q*3c!Z=xDm;rdtk z&k-JIOnbN!mv2Ilp2bcpT^K!?lsdnYR5VIGbGnkPizYH&l#H3?NGy!)d+I%vxYBzz zdu^@-q77M&^P~(@AQpV`t37pN%{%bOiVw6iO!9Uf%32S39(j zF};yXoVW*U%;Y!sK^|9|qV)=6x8DQC0ye`{^PiRnVUGi5T9>%Qc4GbeVbouH-d(0v z5XX-61SZC}pGte>@B02--EhiPT>JJ$+=Mk8;0oZlUmxU<73EK^)3ShW%p=&1D~LFy zk~G;lYw(NiJbH6x?m_7?Wj3ZizMmD>6H4NjZ+8(&RLk`*WKlL!4>dZONBlfC=J@%= zbCBO|yL0T-0AqkK&lUzW36$T)Z#w2Vky&{rO45~mni))IeC!*4oaJ|CS!!b40|2C| zvr5an&`7bfJCIG84vcMs{J+(olCJuFS#XD=r!o7|r#_BJP*7O>6Y#Y?e4jWWuysu=A$m>*;F01V=k}Kp) zt6(9+{lMHI%4Xk%ARU}QElLQbOcHDHrJ`+FpUs*9`oNln7MFMpOYI{LzrXrE(3LTc_>wo_Mv~B0H}i3M44>&XOI2;|C$Tmk$f2PzWcl0d&!e{e z&EG8tv;cr_{@FGh7y%ZRXE&UxML2j|r}}$#_74I0$BMwP#lnNc4uczOlTOmGZ&()= zovG2MY!4(ErI#%&yGv!42w~Zo)__2I_txV4#E~7+kyCo>zw(oQpasCM2U;DRjYqEP z|1XcYr9)@u@~X_*er1mbEFGH5*izSK69>gc^^TD9SMRV-H+bDb2)z#Slp8cFzXYUb zqX||tmygo3sNaSlum6>AS^_W7e^20rL`?sK$?&&N?9PW4n?~b3F9ALO1R4nMeH$tF z&95W&W(LjS92Gx|(G6HjiWg{R*g9u@OiPws^w39*TBq3mFsZd4{%zGQee7S^XhH%G zUq=gK=E2`s6#w{cB_rmXu9Q!Xk*#Y-a#7%pOHM}M9WMe|D+fH1*X6BkGJz1$IQAo0x7K|&N!{3Z2gYQ5_02Btd7 ztT9CSV1K@)9?YcN9@nS!HuMdX_XFUurtW+_atlkB`_1>d{F^!Tk8k*&e(H|=8Pv}A zy1Sff@wfN7+uChSl)c`c-s`=G-s@I>d9O45-rJ*6|7zj?>6-gH_*ewLd&<_0Wu(0> zm(qK?`4 z(|bMj|IB-R5ICV14gT_8Z}`ns7K{9Mp8vmI#zh0*$xLzWV@F4$`}059%Nzcc|BK-MPi>uldFI%Qfv8ybm%Cs3z2E2cf74mG?$B9y@Goa! z5$>b0yb8p>b@=~^klz2V;Kb!0*^Z08A{eM`#|6gx11S?P$6CAgofAY^> zPXEjG^LFC2_uAd)?(G5;dcUYs1t0Y&J{A2A-7fzs=lhqj=Wn~$Ti6H)9m3=bjvhyM zc4qYNU*@Y63Um+GwEoQ}Jbp?&;~0l@f{N#M@KJi!^5-2J^q)KGfA}i?6F&YEKK?5$ z`x`2I_@6}RUoFf3?9cv_2>lO{*Z<%z{%>qDcJ#Tn!Ai}TMptI1greuI1|I%(jQT&m!D~HlIHsHQ{6GZS6SjbI++duxA(Q*)lAzn|4z#8 zy~(}W5y8s|N-v4D4bhEc0|0phO=yCg!ZGi{TLA9Sm*Oitdjtv0|MaeW_;1;YgU%kV z9(T4uL?R8stmsr61M241x!9sFPY!+7)q@XLs{x5VnqEl1^e0gG_e|Fl4^7uWNc_&B z>H6A{>3Zg&>AKcmrt96Ge&73Z;X8L3p8EWy1#mc7`nPQ1f0o%PX`GOo4~ji}`5H$C z?2H`}2JZdk!+#pEiyl^inEoN(d1|1gR{~x~IJRHifkK-+hR49rNDq9iCnmsA|Qj{fI$rds8ZH!5ZB>R?i?39pw zn=y$JV<&?d`!X0aV;_t$=TYxD=Y7w0&iSjWuIi6@%>CT=@BV&2pX~n;u>b!Z(e93O z+zHzH)SbNW$FA551iF z1UZvY0_b6h*`=FP4MxI}SYdfgo7^IQJR|}1&Q=?KF$@$;r%dMLi#?DK2 zuFrKWtdy3=g)`$HJTKLmY6mWbJ8hwoiFA9Lda1pvf)M(z=PSSWW;GW$kvbfJCZjsO z1e{@M$!IVKjA+_5pAE%m4AR1JfQY?@eA)@cVJ!D}5ugk-mPmfsBT6VSoflCAomyuUbr#SlCvwk5$lIKK_dVKJvqa5((>34>S{*l)Fpo4EuZB+KY#wpB=ZD8V}9@y4? zOmEN(vE8pQ0h#YvHO?g@7-k^{WADmjm$Ehevb)-;a*LyDmHvOfj?+HuSAaRO(u)C* zWF)JO^hBd~F%S~8Tg>^ z$KZwQHyiC1L>tQpS-mNS4$~AWt6#E$_hAw|aI=e*z2*In_>&;JKVP8sQ!P|4zwqk9 zmA&LJr=n{A3Gh~;ZLxl||FCT|Mf<4v4pL+XuDiES);JL}U`z)Zx&`2&oW``aj0a73 zP(qKM^?t~*x$C%X+$d!Eo)50J>sxk~pYv3BkH4W~+V0~yL86di6lgL~d*qeU^ecT# zJa%#-)ooNniOla=XVUbL<;Eu^Jvc)-7H<2LHEqU#w%n-+q-74hCh3ZE0Hxxph1Boi zT!R;rAD&u^1fq>-mZCbP`ww1BGSC|Li)`tO{r8>a1fQa9WH3p5b-oL)ryNk_ZR;%C zPy;>fdOQksX6ma4-Is}ze=o^x&3YjySGE%&w*(ZnxDnUqxr0Chq}lNa;gdZu>MQTg zPct%nEmxMD6Uf4qq<#yOe-}csZ(FV$5Ty_1my-{DJ`4Immi+t07xxU0l;lToncA)e z-$~WAedRPisrB46uB?SdB^_tqtU**Mtyxi_?+KIji_e6B)m`ZF4&S9tZ*RfF$O%b- zG0h+=VT5WJ-<@D9j`V@z8ha^POW^Y{<>mD)@9zKFA!KsU4d@5&`cDXR(Xbg;W0mj< z3I+FTb&YFu6>eCy)Yx|=tU2eufCa1Xkj@^IUk_Bj*w~<9pLLBmS!K;(lrGG3`1GnP z=YdcJ>*b``Ct|t-T?+;GsAmdC_b%S6GZNub@iAYd-FYA@Kgjuuu0PuY+9cay`q+j6wF+NJrJ=YKN_qeV1V4>G?$EcW1QUF>vbS zR(-}WF##o1>2rtFCSQEv5WTene#Gr6XIHjLGkmA()aS=H0Kd7{PeH@r!*^!$ZLzA} zBk8+C=mcrt0?0k|=Xq@~u;>*ayzfQ*J%ig_|2IHmIvSwGqjiE$nHK`lid1)m!^$vM zp4tatBX0gZCdIZCWv}`7GA>^4ydS%)AH2V6jClG)A$T{g)4b0woL4*|?EA6+ut6AC zGy|^rlJME-i?S}SDuRrQJXlBw%S!rHBL^TDEwP5rBN$fKbS%Y_M?5k<6`;daM4}jm zoR>p1PBs!|XV*t!HDBAnqcsEHKx}~7sGhM-bbExeHTY4>iQc822 zV6i2i*bj;Xq5!L<_2HP;UH41M6W*u%SvNUy*i3UMCGR#i;boHtuJ{Y_K^HeWuS(m6 zX7t-j<_p{{AP;=Hw#TCKTr>T?(7i{J-8ncdSq3rR@Tc%H$0%ibNz|P|E7qe71Z< z`ib|(S5qfyf@?p%qGRYfAu`Ua%dmHLxb;Bx+{;rXX(q^m>^SG6h0n=lD zckDHi+J4O|n{^|2An`4?czWkHg2?KkRnW2OKDTUP+x#RDNg1lzLboerhy|(x;BJzJ zan9r0pb2MF;6v8;{`ujF7g~k2Gn77*Wl}d);zq5D_0m^mr(P=yL{M~nZvEt?8-Ge+ zBt)zqK)-MXROU5Tj<$n$&eZ%BLry3CXF`1LDBd{l%f?S<3iPBxdJ612k*VUTegu-I zoacnEc!4d9c;lbSJn0Ax#A<6|+LbmL%Pz`gz#6-4uqGt5PZ!T{b?o>K@b78Lg8orE zfxsPod&Inr)=OW6q|>V;5mlQNSrV#cyU;##brM{kcYMLyjF52Vs8(55BxscLa_WYS zM@Zu4ChCm8?Kv+EAh_gJguZUjhl&r0;FDGP*>?brxF8uPJ}-NjO)=Ww zrR%;u-j>3yGUtF>#!)7flRc3D97RqEE6Y);p&LuS3)~|3`o5cFjbxqusQB|#Ty6zx z(ciu5zqxrF$BCm@oz~O-jj2fXD(@jv&%&yy?m4dK5iwbS2JCLfZL)up-gv$13&j`(jD>|#|DGKdz0v&*mqqr) z4=1GBT;>=HPprHU$=Z4MMY4<}@XXWI9>|>gdjydEH}E1IUCIb-C`Pg#7XwNaNJrzU zfs-z=ROz^0~j*lZ=HF^P-aV4+&9EZwJRQYfH2!siM+?Q3J*JS#7)eHgu z`=i6%eJ3ZIpW(Ih<3zIV(dlG_I;vRzdRVuBHXWt>vZa@GGU z9=SJiUBNx1f8?`wyiAEL+S2`J*Ap*Gj8YcaT2bwao4cF1H!V}r8`qoqQ!gbwo9-~t z?&k;Hp`vJ@F&XdBMB7G7?FG(CR{2dZj5Rw|B#AyT20HQLskR}JK=06pbunI0wdBw6 zOKJOG-3nFDshY(-4ycqA-DFYiO-BPkjqtORo-ZH7lK-G56M&oIj2-=yGRt~}O^~a1 zV!ainPF^qcU=Kl#H(h<9?6vz|;TM~6p{~$pi|U{}%+TB?IkzHxm;y#2MnEf8yE5-V z;nP}Cud%`&A=ghcf)m~lV&h)H1kF7eC;*{gPzjITKk2frytvK23PCgLKnvw4P)pVo zF|+cNGE7}(pPG>$OSQ`%QQ+11?D}^g^Mm5$9oG!ny%}+g?h(g(&Dpm4YWdDBq~9I! z=J_{o2H`=+_rPs7X?0t+dv2XbueINvpC8KWy(yiv~<@zCm36ljcyjDQ|Pl;MyMN4V>(o(F0XTgrT6SmPw!arap zr@39|N_?=A)F)Dl!X-<+^A4bVDA*`o=A~|a=CMZ++cr8rWKD_!=Q^=>UX0=U1P>jZ z8&EG97Nzf#2En5)BTqJ$i#YKPzmPt;myOHpB^qmWJW1vVW{Rk{88KnqTTThF<1UXG zuo>6;l#R6<5x-We&vUSlCYhq35>HcxmU4b74Lvj{W#|P}9*h+XJ#jcFJ&7p&|b}T(S9yC^MpTxBoP)ysdD4A(&tkN#DQz$f;vopQ} znx*ZQbWnjvTosVS8NhW`z3Yotyttv*VKrUQjQ(~?bSIDr2>h$e#LD8v#T9>a@h)Or zD%JD=gn1it^~6dqQ41nx%}M z{sMq#+yKdthrVBuFzkIU`bacxCu>0Bfu&P^NqJ9=!Z+jQjE6pc^iW^MdOaG011Ddm z`ui0ykfXboYN^r=U;LZJ7L#AWBY@)K0~opnYK6w~>>@W8re|LCBJPpu$1Uq7owkD- zfNfSnhrDi>4O(x6=u5;0xlatv=KXMg!iUI(&#Q=3?~)e`$sEcS1EhD7MIetBCAkCO zAP>YGeS3U;H4vMZ6Uhb%KL>q7Nv}C-PwTaH;r8X@m%!A^2WvQvJ>LO8i+bwoKvkO2 zm((tTIlhIB@)2LF<~PoOo2>HexH>?S9>O=+{PfNO=Lkc z*1yu2-b@z*Yu?CKYqkn}boJ$91?XsBDT1mbDYg&{bK!x?PYqOeBks5soi+X(VEEFZ zoa_O^T!~8rB?LhPeGab~1Z(&D-z}+&$VeIP8?)cEDniF{AXtLlHV8xI$+b))-Vb0I zqKf28&CL6&axQk*huf^Smc4;7n^SEGLC6|%t}nt5DL>U}!U5t$pqHJ#ehHKt!u>qc zv;DR2^x-T>qoA))ug7~cb3rM~$r-}ZohI&qkdy9PNPR4Mi3GS!%xGKo0z=saDrQ1H z(PNuHI#86=#(HE=84tl5Z6fkvZdBsHfc6%bTGG3zUo_PO@H4Lv%Uv@23L@}T(&t5K zgh!9N#jB9|CF(t7;`UzS6Y3@#L<+a^eBQRyDitSf!$u>h&;d`mkExzo%Y``3)b7++omcqI% ztboz(l`c7CxTqjzld;+tL21^3MM9-IRD3)AZbw|__bV0HN4!X#S7sc?yQ+M~^y6yP zOjo@|hDcZINBctQyGc&q$5;KiZ2tS^WqSBjyA;r%Ui(f&NWmAZC*Ly|8S;p5N&TW` zLUgELR#r{J}TC>sASfutI;(7FcYJ)c1EYU#R?5D z8AVZH=v-0bP)u~GaTb86}>INTaN)L&bdw+j#j;ck*83-Inf2m-DlO06%8tH36Rw4ks-6)mr;YSy; z`xC~+t8v}Q0ELiv(D~^`{sk41@=I(<3p=BqsU5BHVvYP{0Vj~G8APQm-ue6K-aGvd zIP>Z6j_|1D6v4`$LR6ukK5|uOMa#Jl-wi*@cO^~gWcYlP;PYogi{gVD`<7YTq(;Ev zhwr^RQe*gyonKMS3%NScY%~erbgIA7DxTK5boI9yY4>J&hC+6vxWDetf4{mh@s^*^ zX`=!HfQ4l!dPBOm^6U0Om2;ywyGdst7mT!(YhB=dO&3=i(inqB~X+adQ{w< z3J<2PQR@wiHGin*?tBPpk;zxa-gfNEwq{VFnm_c4M6?`UYOEg;cpj^PhT@}B@6~n6 z4!$5@>YHm^p|OAE-kGJc23cf1;2tWhtKm7nOY}CoG)xR`>^i;iC+C-c*=q%V z1@efJi>CC`xO>%CNd^~)lG-5)iU`Rl`OSXaNQBl zeQ?yRC@{l+=#@I$lmT!lxJ(AR4{ziXTkl_Y^+Ij?_MOT0+?aU8ehh-vgZ_R4r3-D! zsDkd%39D#rS7$r5_f6t#3TJ-dwFisUGeYWLlQJ@MU=Q z@@_;42#=bQOq0hpln& z4Dn3n6+>_~&FY~3CcTMI>5(XHuU!%vE zdddrdXj`!jk(Va#+b(z}ehfh9aC_((BQ*$e@4)WbtD9e@y!k)nJZ6?4bAl<{-zbv> zvQn561ree;jV+0PUs7z%el=yCRF+e|nYl$mIB&WCbnzw^w?a~;1XactTFefU(u7;v z#oLG_!l~))R?VY0GZLe8xU6>ziAw%fFeyoZIKN&iTddBFRL=cCtfz@5XWbVCw;-7# zRZ>@w@04lVrw1Md{5+}bRIX#jN&YB_4VxiKN}+)DWz)PN|Luz&VTBpbhh z1#b0lXHlpSXk^2SMq#lD!WKo4O*W~u#ObLwK)dGV{?{@gp}tU}VPbQ%JLzVe&Y8N# z45mFrLRwLz@OXq(eB^%(8Lz~N(p3U3^004OiVZXbuE2SrVe0N&_xp3+Er*>7Bbe~5 z1Ot>QN|F>j3kQvrCJw*!O$J0#tf&LVj*^Z+{kzQ>TRC9Quo>CU(-BOzZ?T>Qk*p`raI9%Q=qEgp6S&cxfqckv`Td!y zLBY^RB)DjrbO-A--n|VTsi1Bx8y+9<0xC6m0c941`IFWb&XN=*8ACBL$x7+>bf#+y zWA#rB+@x!hUfCFr@!niWd>55+qLzf0R7?5sjy^OZJr^*&9J9vStJ0Rm{VTa{YoIKg zVB!d{-+7f0?I_wM0Q-MKNG~PsNvSDnycUn>*&?Ae$`Qi5{HJ{8qa*l29xqCsIwAWq zA?)xv%3i9H^QP4-ReNCPBj0xV15Hv{lL_kFr)jHVI>3HVA+}e|V183(=bII&PxDkTZsN zu?F+d)&>-9UI*KSs*Nk*afp>YdG;;Ugk$A2z<=(JP6d#Lj7u-i!Q2IM0slGodk0QJ zZaoUKnPoHm&wqYvYv;><{O8cwHc|F-<*ltpbDxnvn>$ArQ3D^tXE~I1#U7ulZngp* zd-@ie#Pr}q3PXtN#v9~rqRhc2fgDu6o!R^oT7J+ivIn(Zq8HgEQ|MP6&ast<8!hgV5eVX?4Yz zzYDyu?6-+Yvl8$x0Z^}hP~F26oERI~90Mz_Xv5}CL1@`% zjZtZ@vvft4zOe2xb#N?aPfyFCX+SV^Oh=WdOei|D74IeeY?Tr22kbp0;Mb7g}#gF=oCc2Qxt8p@Gi$Q*v!&2MPjdQ*4lyL0=7P za3=y-TCtbE5ERAPI4SZG)L*+Qi$^5%N)F>q|as@c*V5gnl}m z`Jp|670ev}Gm(zhdV<`03oxeVXq4s)Yd*i5m;s;TzqKH}2i*DuekQc_%2*qwk~yPa zEZdTTKwfQ_r(F(N<2pq**Z&#QKe-!q+9FRL@;2$0t#}QwTX&bRhSF@SInG!_19(B= z?wo4h?;kLz|M(hmhFaj2sCX5Vm>DUkDySvCrTCv)KVQdiUF}l{Q|x0x=2nWFf57@3 zMXfnEQPZ0u|4(B&&YJbNtz*r}dS|#1b>G(>wru6M_*H>uFS4%Aeg!+2`$9xA1qV>C zPWnDuk*M~cQf-_cbj_;gcG})fg$2;U8-BOn_m!deMG@=O!xR$~OdQh=@FW`w_}@f! zS>l)2{~K}U^xx_Iwg-T?G4KP!TIk`70nGML$ECz|HWuu&0LU$)mjJMNMTB81zO)?P z9SAXBjCc0@v#_zILDp#r4z)jN@F8H~Pd&Wb75W|74DFd5>2{@_zZEzb z;O~`S(*fBlJIlB6wK_)l@>%HO%Nv$*{hMWV-Ut3_cm5gE|6(%ljNwDGaV=EFpnM6d zpqD0zJ_CQG`!}hRORNjg@>9NmF&%_ZF!sv!jsdVbUeQ>l*lp4cv-*Y~fH9qd3tk>C zizT=Hf}JeKzw~;0_-!yxz`myG>e^gq+IL%^h|_f<4-mlcX}e0VyxCFBZawR^H^HB= zFf=vCR^yZQStEmC+a&}gE$uM&>+Z31hUYGlv~AJFMEZzWRP1KmZ||ZA=Xxv4;`hpd zmR83yc%NO01{kZc43pRp9i7j{H;XT;2Hlgmo@jX**D0FF>FymA;EORX|E(~%KA2$K z9IQHUpN{vW-5UiPKr24X-JfE96uMx)Tc~c}Zy{jfTrnx6A6NCM*Up#b&UEpncSxia zuw8ylwvC5Y>Kh0*5^xWc1iuX9~kZ2 zx9UES{l-`DjQBVY-jjWIdsj=(VWiV0*;l2$e($nypx|T4QDWWJ6Z($2bikLsx8);w z$uu_iPiHoKGwr-I_L&0ob#{4i>x`mk*p3V`5dA#xuyjFPWyltoa4Lf|FI7fOP`((V z=fhJL)4$jqn7WNghIRku0d(ogFM{xhubLkBa+LaLE-+4|-;ew7J&WA_eGv>}2x|WW zFZJcu#m&6`^)5IProZy^YEOW5E1+}am3AM3ThP=-hx}!6+pviV2bm?~us$BMPEZTw zLC7sc2NIYz`Fo0dGG=$h&Z?Om0;@`9n6nkwUFpU47sR|v|0m1gYO=w_9;#4kH^nJ6 z_<3)~J@!|ml!%HOV*XZ7yCC?F4EeZj@qG(qWymAk{(w!7+U-trziS$1n`zGIn?#FI zsH%?=xAthQgTjp$Y^Ech1}=xkSaV!Bn4H|w$1d3SwbO_y*R%|N^x}$`$9a$(h;XFr z@f!C5f*Wc zCjT){Jc#SSMgeoNn2DG1AtEaw{+B@Fiq~Q$ooan#&|ymHk4zJn7Kwe6skH3%sJ)gI zmmuIqj<1w2YO=3;Igvygy$0KD$?zQm-ew+{ywH_>UYO9(m?7)dpYA>MqX%0pa~z0> zN&mt|(x>^GZq2HCaJlEnPI>5$A(Ah3R{Wjs^)c^vKaYK#i{2@Vj*1L{Ey?cptQx56 zXm5)xBm$SjKKc`N7!3O5eqiA4c$IOfmCYD#YJd;b(U zt3XM6X96{LyTvZEiH zycXVt_Hy4Nhu^8a?c*zU+gY+q56;yo4T}9xAn3zeJYWCd z9%TeK3GOMm<~~3P3+YG_502@U!|g1ri#e>1H;}gYvz-M`dNcOA>6S+qsLD4JHj%>H zAzabmJS6iDm~y#kNK%U2YO*(oHH~e>)?U1n4BWK!`y8)VG-Q*{|$4OZDDA{O|NtsEOz~ ze0zidBWvdxp0uNBerXMZvw8Cafd4GyPipW2sK@k91Nx>r+vm%aI(KSAp_@d-9bbj| zfcOAMWDB|RV0XhA)D*MyaOhS3J!(`zK<$SF1xqX~E$~d%*RN^y_a_^Q&HC*ppbNiz z3x?l4S-4zX=JC@oxMcKOiWP=B=@F&7gH^~HxQ0Es8ZY@HT4qK<$zjWU@A*8q*K$G& zkx}mFRJfbm9&v$Pk>`^vg*9+3S1T*1?5XTRa(tgqV4IN&^=_D>fxY6A*HeJ@}K!l%Tdg^T5(@0?zRBZiYUXGGm~jdGqnE=$I(nQ95Tx)Z=LWP$O#lD!r2!QzoIXzg>PDyWXTF}uRxl#c6E`W7enkdb{dQfF|Br=;E6{mdr z!T_fLW61uDm{S2=Rt{IcK?Y;Ui4~25j0&XS-eyPN2yLs{b20beffEm_sz*f)$iLJC zjr_sek*Ri=MB!grIa0Krz5PFmb`pHM>Twx2=f_f1q0IVo+9CbmYC;2l(-f5a4p?yO zUwmf|TWDrdQ%uxURstAfEaE$?QnLHcx-AXa!lgIoZTA(H_nrAcZ(|wx8#*r4u5)-s z`}{zVu~+^5UXgmd#p)_qI?!MK_!4j8{v5VGnAJGP3_5qGknRu|KXv_frE6ys9TzK~ zXl_<}R)~wfm~}-R%mdijd;4esiK~3pR24gyV;KxpV+-Q!uPE6%qWyPoFcWLSf(Xaj zj=;U&3K^{T=2?;)sEbzuGAvA`b!+lNyD#o>Ycx(+f?`se3vpX?x(&SxUxw$h@FhTK!G;^ z6fzD%mT84|J$&$U(XhNa^3V>Na-iP5Q>CL5ykz$VBm2Hf;xI>rc6%Jrj`s|HrFms7 zHuJW_y5GP8b|YrF(u!WZ7O?kb?Vc<1K3C@2=LU5_?2~x7w-kC$bYaLA)|&J!6L)P0 z$ruAc3%3N%r_9+ivPL8XZ09TIg$rL=oy}Bk%Pw(OC!!8;8kjYN&f`jwwW98uojfAL zIKFY%+a(nMxdiDr6Sv*^&`nU=oksNAFG{utZI*=zIyWgfmRUJ32K;KcWdyD>2>`Fh z!+2S~#=18>`Kd;IR{gVZfKj zFuA|ZFS2e(O5O2()BK9Y%7FqddzC=j6yIL&o(YRy*Mh0sx-u#@hi211x}S}PEICzv z@62)VcVb1}whghYnt+HMP7V+V_2WM6^jB^_!)@FoqhluR=1%up+jsmC+Xa|baM915E9&Ilu! zzKzTxBZP1vpIgxyU*lWvsi0S?Lscsp$W~w(87R-zB@LBS7ce!_cL!mMa~-$>;r0EJ zr^AN$sZ4fe%jcklBy1iHr-mQ;D!Li$d=nU7RtzT#j)N|FsvuV%L`5Rhs{g@dE#L%7Pob`5e%K9tKVlx9hJ z0eWs}=sJ{KCyTtuCyV4-t$Nj_+UPK<4@!WZXmWm~Am-gJ5OWrW^m%z73J?+GX@|uxN)&14&nKi!j2FP>3 zFGASemnb>IE`g2mvcM0epRx9klDn5?&6-@&58%Lcvd2It&}D9*BYBD`7~Hkgh(;_-!tZog3T+vl7nf~J}I|- zeJ&Tfln}>`#hEl{+u%qj&J0yLvbYM5Y_w#~{7`)3tgl z&nIFX_p}Oj4~D)wjbs&9aMKrf-t)zeBnU_I=*C@ z|DOLh&aO#qJr@MiDx}RB{f$AGmRJ_2oCPo5=uDRl84Qz{W@ytA0FJKQKEv-HGI2Cj zIKjX=s(UhVI?5Y`GseY!SI)W4ws#ITlh~WyJ5wxeI8(1o>nrc23j0_E1?q`Bx~JuS zX)OQ*@@ts8U>i$j~z8uk&oi*DYal|3r zPq)7yo~sG>@UQbH*=)95TZ6>`^S|u`f$+1uS8YF1#x3;!8Qu5DQ@mb({>UpKt}s}E`JOvgtURLc z{E_ATvrGb;&bb8l4*r`j7&$SNfoJmm_ZbKl5TDdt+OeeE~OoA0qm$e#ER=WEH zC#wZ?%!^qEKJ1{|6z|MT(tUr89e>M)?|xw09Tg3&i~ZR}6M5)2HtdIa>Sa9?118<{ zJvA`-xUlRWS&swlWC?`-x%+p|6@swF3q1wd*Vdb*@8!LzC)_E4n|E}a4Wlg|93D21eC_F( zzie^xdd?lzAFc^wT2~csFUbzq)m8`%ak?e&*nV25t;pB2w%0td!HEDVV66Bj;?)n( zTFq2v%-4Jp)>YHSD~dOmWEi#WQXw$DK7$l~`4DcI$E(z2z=dFFz`x((jwPjKNBG)v z)(1N$+@E-BMY)`#zN|Q#z(JWLu9G=`cbMEWx-eXzY9Q*Nr`(&$+vCi-nHrJsbn9TF zd%L)yCjv39)9R;o0QpAY8+jc#rxxRrbek7)MSH!X<4|H0)zMV(!S~}BU~-L5`0mrB zHegy|6qI$^IFGl3i#l;_q>12K*jwBYtEM0`zQLs;hxH4?$~SLnf|^_?{8dp{^= zEaiJZO)dr~Fo{0=uRih}#UqPg?!!nsV}#E2-n(=9b>%d(6xyMaxt%&Wl~LP4I`2&i zA*1g1cW*_7ZEWD?Z|YPFL5S;>d7W{%_4yA%*Ny9vu-ofmz3gjQX%ID2$)}>ys(Yp( zvYi*>6E2C$mk97OZhLClu8F(sH#~BL93r|8R>5NpQd@T~g88h;f9Q$HRU%I|g+)Zy zpC85!-Del7saXk5%k;K1E9Q#@;*R$Eo@Anm;mu)e<7Q?!pd5E;q}K5aVV6exkO>_W zm6@C9xn9eH7ZGCD>YjHjFP-(9z1M#7ntrhV7URa2w4@^JEOd|Svsp#CeCjWgmsZIf zP;8=bfU{Q^hqY#EtzI)qsjDlwG)spR%XcGL%&bPODCVyI5kzBS?dlQt;(MjU-`qI3 z`3NuZ1`SxYHhWc2AK!aEY}s?n9D2>rp|(B$y+nsqF_Gsie{6fi8Ob|ld?6+N!@W?- zL;!G_>d5LNHRAmmH@fQ%mCOpI9K1`9RRYvQ?^aFdLg8D6~i+=nyT5EglES~v;$ z-*4176*du+UcB&i8Ltz>Nd&kMRV%Nsxvb5mnD^FNN^v#}5uHE9brraJsmm~`bq946 zz*=PU9p2JG1jH|?lKdxsbC<_UNJCaw<2f$+IuEQ|#z`9-_6weC{?{kJ5_n=380_V{*KKP&gzzj({tvLtfUNJ*zcVE z0WS&qG(G23_BzPG`MoJ$0EHEFA`CqKB-Pch;+)&aw`KJ=aX!bP-#+q|xX3#*a%0qe zca+_&!_KFEot!zrBq1OA#)O8wE^YARz2&u&q(Y&!4mXiO*SKR6(ASgr#m^aW{-=cCueV!10o2TOTvm?$Fc+T&Gfo_e$5>|3Hq z{rxj}zH0Sh$ki*3WN)&p^K9FbMWtcfLqIG4m9n4DRhb(BXyva<2kG!`)>uI38X3YH z7ba1LNrMq|zpyWfr7^P`l&Z2`jHBc5Imk*Q2d$+ltZ}xMb=GrL7VZj9ou2Vg{=rIX z6fHx+pMT7j6_{*rDAH+PXGAu_9t08G+3K*Q=LI5q7}O}l6-1{cYi=3^h2EzSM? zR^<+j9ReE+`;MdQoI?paO{?DFYPXa}>Xct<1_yL}JecO71lhrc@(AA6y)44pA{L{V z^Dj?u`y=9Q%s^Q2{eqR`McpqG9f}~X{AAG$))v!8W)u+ z`)Lz3nAn{yFB;XX=6v=6-ggRvfA1IEJ`Np-$qKNd$Es=uMWe~xEg+9rF{RJ<`kn{% z5TsqohnOjRi`W*msEoK0fgel1Z@I6-+6KK_YWg(NcfB6HwU@V^y5J2f3~hh9>Rpax z9U$uYHp*uBDG3}pPl%_V7;Fhtc=;Id&3VJ7=Dr;*D9_FHE9HxM$0usqjyP~o(Nft5 zTVLlAf0|d`4B2t5nKQ?A{w8tkC?0J0K`q2t5$yX$AhI-qaS%9ktT5fseD8@HK!4=p zakt!ACn1eIaXJLq-+NLvxOQ_$B{^4k#PtoNzz$OjawmG0pPHE4#ZiZ>#LD@+c2!3V z@5E^FG_?d^!^Wp#&GQdWAp8eI-nqei`7g!F)j-(zABX-Ic=h|h)i{et*3WKKU&-xM zQDLT5@gcQCT~*$#gv~lfl%|&s%n}=$i8cc*%?Sx$WoC75*eV6vBfq8f@bDhDTR8Yx z6)^rPjr!-r*qYH&D~F z*S%%7UQu8rVoOFv#r!%~_E@nt=7Q*>VagqG0ablIYFhB^RavL8O|X?nkCM%7ZQ=m1 z{a)rAW?WU>^-z<1lw&dUOKPk05KzGH$jH0I{#YAd!xg$uB<9z7wi)<$t&SlTV2nD! z=E&z^Uu|klN6IZl&TvYk^!*B1_}HDptW54c=X8R>-$9M4Y(Z?n9mf%(<*mffzWCJ; z!56A~RtzlMD{ypxcr>Oeiu%nwE5xEXsz({8-IFc??6n7wAU~er>T;k1YvDgtz3?|a zp!rV)z;bjkv-Vdz{{>Tz+A@e;qeg>oy)m~1W@*pK#yK92&-#;udT z_@TST8}ps)BOxvzEaAP}K_(&?d0b<@y067Y7;<}u{)P?wlS!lB}6g@f~4c|Tj{KI=B*6#pc)s?+WF{R3~nGDy%guGeT&?l*56ZkKa?5-oq6 zNa$vNC7=>G_IDGEcxNCa4xEf~$|rtJ#~vn;L!Lf2I{lb5T=WL(t22KL45dF>JGqq1 zg-vg*n7||w>O*!rEDQkgHS?z-H*O_}ulZ~w(sqB6h1*9hR%<%8?jnBF1HHi7A5{mF ziCara4e{k<2Qu}uA&G5l=izC_pWy-Cke5&MwMD((kvM7H+{0Uifh(^f?=@2S14&^a zsc(c;v2JWihiFBw!5&d|?cmlIiE!WM(1F9Zr$FJ4MgQpHQdxuK{T4seR{UED$Bx?# z$o26*{50aQIxhgZx9%TX`@ZhW`ysaqXQLQ@&R1&AUlQkYNEsPdx^eV^c@3x)SC`{% zfW}oDRX2)zn*)3T{nhS9G(!>89&?_^1H7`|IwM(Asbfhh5l6!-7miyW&Qa3u9RIbi zxuRvS)ZM|<#yz)r`(UlZdOeAeHkSu1gU)ySgpAw;PG+*BIB#gv*(ZD zbCMBr%G+B{;bJPS<2sKLuPnDED(`a>f*Ub{hH|p`!iB}%0bk0N5cm338}Q#q+edF2 zcmLAyp9LDI4X-auUG;kX+wK3^9{xPNI-!KUD*=KmHKh1_XqLRn!e%S5#>m>`cZd zKsyTNDc0Xt?HQXV`pMj>&4zEye*4z4H#M5C7rb_O{j+(c`^>xE|C0p(m)4UJ0RM;5 za9ITy7e~kwUtQT2jbPL)tdmuzGp&gpe&gdP31ppOvPmlIvV%c986u%Buj?4zHvlL5 zD2`{BfWAMZsZ@1A7I0XV_vf@<5z;=FP{%G~{);7iQ$+RPuzv5wpK9rRh7^~$^b~sT z8HcV)fI2wRriKbH17{L+P^`QY`MyaaNDN_=@-v$_B719#Y7-5g*Yj_paBnqVkXfHm z-)yI$df06RlHHnj^hzoBj_2<09b*?P4-K;Iv0|4Se^B5cU{D=fVcwdwKF+v)O0jw9 zV?ZT%s#QB<&VXWz-x#biy?*|&NRclW1^%2TPz-2IfUQSrzAF1XnHRb2Dm~Fn-ZNvr zS^j`tQR~yAM>Xx^{Jm!*LJBzgQwD%tKVR0oa+Z}Dj{o9!V#J7L`ZEV|=b<_v<{Q2O z`B88ACImFGN9{Q56JAn*F@?lFJ`fOvdy`)pmj*AXiN6VnHE9<9w}l%Rkv**6_9DOU zAIhzvvG3QjG5?BwteOrt-ltB{k@5wScXLwH!TK=htw`2^55fWs9q)SCN$rdjO8V2a zZTu8fybpSwyXPnWup6n_nJlDUK_0ld>U&>Fb=5UN?VH?qX=#uU+TV6)TEkgWJl#p zxj-#GLdo_k`U);5AdCIQwm>bU1hr2Hx3bjgRTkR1(5vl+(fLwu{qRY-QmL`kxCi=T zEV$ns=j5-l&;9Rk3(+B{KEmbx>%RTN?cDV`Wp4^JHxrH>TDRzCHyspxzoNMEgMJDz z7d`r|??fPJtPy3QY7}}f=>rW@i#d4M0`W|e-us%Nq>wMY^!uDr{VVUHg)VRS5>ne? zEOSrlV1Ke#>k0QrGTvqtH_RTt`;9PVAhiUSu&ED%-ZnnXVMLv=oTU2_#68^Q=rZXKP^E>N&Z+ae6;BEzWmM$Ml8#c$)cJe z=Q30zx4#MjMaPlxsaN7hhuzmkf7h*@SO3;6U@^eBBh)u=D3P%2QztuIP0J^@QY1MQ zo=IrmI>>vVH=k}ek!AQ(H@IQ;gWn*YsFddyGG4>wMae>B_JJB3n|%mg(I)&d0iPOM z54%4j_kN)grVeI#3X;SuHDi=6%$##mk{P(iF42`DF5Z_uGyNtBE1Z^hKXUeYwd3Dy zS|zLnwrE?9CG=Ajo*!^NhioDTt`dDpl*D%=9}j$7UHAum^w>HjXfhjCT4&cLfxA&w zt$&Op86{VEYIY-5^t|A%5$sy2QKB#E?Q!8#GN2_^eRXF?v9qr(X=l!^H=lo;@?gp}$5UZ$ zzeCM(yUe6q&M1rEmaWS3d9>BGI7386Z9-+?_9E1dFkN1|uo@(USX_N3$-FiAx2wN%3kuxt(G@^*MkL7H}eK zPwuM8q^fH#56B!BZ5|4XSL~nZTo!&PzXg-=6}y-q50?2T^MA1So>5J;-P))HMMOkJ zR6szb2?{7xN`i>=rl24oL_m6z4grFQiuB&ARFM*TXbCDHJ#<2k^qNEn5FkL#0-yKY z`#JmF-`RVN^XnV$AI5+%lB|2(>z;F7b6(e#EUfN-Ao}1*Ff5+hH6J%%ilevqC?}&u zYuRBrEw^CY&`Ridggr%~!ENnM?8-X7vwnl|AQe#oO6Ej;z!s=}4sWGvSS$hBW*^;z zI{Uk>7E~rF@+DE_9sg{YlS+gze*^jKby4(=}D{2AGr_gX|Sy;rhXm zK&HtiIY#oeLFFYtp%_8vE^~9fo!^;0VB(-y!FkLO9;T6vxr?yuDG7VoS7lF=Z^WJc zj5kqJC;4fR0Lz2HR4#lVJuFzS5q+;g7+OGEApLuYeLY9{a)0ImR9(PPHNx&Z6zM*; z(J;F5$zobgy7>43YLqau2^yc{qjA^Ti#SouI= zE~as3-dhsQsctDzZbZXmq99qWs?Z&OK(waaEEZrw06|I`-I!wwn>>0_kN!JRm6F9aieu*{ZH=x3T$)jxZ?MwD<8z{?q`_ zUD2d~gM*^Bb4ddkb5US~QdS4rb@_n3A!J7Z%(VSZcxTlBkfS#o?fAi4KHDWlmh3m- zvMDsEeVJCXtYd+)4qa)h>;}yb2m_ParpaK|?aaOPHgWXsYBsIKqw6q$t?Tw!U9xBP zBtNsRFyLa7trDw(CT|>+%y>_FkwO!2^1=PRu63o7`WTce-lcLN->2-^*JrXpSNKg1 z=Ht|Vh9=)2fqs8MN0|U8q?p6xiKS7Td67yynssi-pg5j1Nl{8;-l`YI?JT6lDCB)$ z%bipE^jmJmZ)2(o;O<5<30p|5R9KLAJHm66B7bagF6+Gn6qWA6j+N{H=i@`2t4Fd{ zxJQ5%)Wv#x9&n1If(_F!<)VeL*ELaAl-=y7crMNNYTIlea_cN_e~MXV=;Plb!|-ef zg(t<+gbVzbnfLo-l)Iwu4NVzhrts2K0JP)7)%UO(*0rAo>+5$oQkHf*6mg@KtIa0{ zCm@$aY{9`>{iz_wU8u#xdbur9sElFujQ142|)9TA%G zy|{i{h>k%0wu&A?U?XPGO8aMC(sdKWp+%}Jt6!Gl4JHQmJt*@VSL~M>qZ98>%W1G% zzsoy+ievP33Sx3w#=nWGcZc&Z)eG#Jq%`f`kA0O&$HFHimQOwDaRuO)Nk5<4Ec|GU3QoAwqxO*SqM z3E6nCKRq?Cbwl&K1f^7Ya;<=0!Rrz-jQieNI2~F=^RB5vKsCZK==`2E0aD}Rv3T%U zCIm=`vJi{61tQzMWQrob&o2$zGdV-F^PdU9E#Lf--+!bWv8z}3%fVfbVpI64{jc+n zoXSMl*X(B}zY^xvy{j4Y-0Ju2`leLsl7zZREEr@M46cNvPr|u$UXA0C)Y(f&hLoKR zMTGF3#HO?-eX51~Q~a;^@=sNm0of;vA*N8%3zLZrXIIOphRN*B<$1EqhD|xww;iT{ z$Gx&YRk;QSbK@WLtyHZ>;>-sa_?v0x+;&UXv4&1lGXdfImfvS1`_2wv<0LNS}FBZGR??{$BRqpl~;vpk@%SV7DvEI87V~3ZIGabr`%x;-oWA01 z?|3q3f+PzEn)0k?@Dvox90kX__ZkL}NA15|c6k3aY3^*RWj_S**ao}*65_u#X!H~C zI{xHVIEvw<>~M^hGKAZ_ozV0J8DWL(FdDhFU!GbqNr6Q8;z7IbL6WMeL8nqLzS&3^ zytFjQ!?vJGu4BFPaBS)Edv;m!1>@clWvJoKc!KoSfw#l1)gW!hZv#!&NoqsQ`b+Ez zlOsz>O3e7sI*TGL#wLF+rY|pl)7CxmLg~OZx2N6CQWHaHaRXo%*<2M*$+0 zFX>w$7n_}>)LJ!ls4Hy9wVI2K$g)flv@rHo7LKaKtJTAjQ5kEix;bk zvA5xqJuL>^MOhz}6O*2sVTSDb2%SB0B9(qC5T@I)%jv5Xa|aJf92!DUz9pTM`x}(k zSH}kplMH=IiH_#nU|T~9JYcT@`|~sL@aueY*3aGRuEgsCOvIm-Jamgu4j~@O z8pY3r?Lr?XkT)-8&BjhSJV-ysy#1xZ&Ut%EVr!Kd;kuTi>*Xl9byCGWxmQ!a@_e(x z(n*6&;}U>MQgPLNnL_eq?}*j}EevpkZfCGpG?YaP^S%E`>$BOc*ta>#V)i{fIA!~@ zpbX_@AeiM4c{P}<@yR*N$ z!6eYF8Q+9OwNJpqFB}4Ou3o%ndr)SBv0oaPgF0ANY07wNs>Gi?Wr5x|MY+@g>S-6f zSoZ8zu?-L~c~wFQHjNoq>!&fj4 zZ!SI5096___1+%`e8z5rXf6{MD7=Qn$TmHTLaIpR=-l>Xhfufqx~dh?z6#~r+dnm! zdn1KhnnIN3sD(R?9E8Wy;+)YEa%{dEvJO?23X|t@597mMXDv|s)9+HfqWjiY-Ai4p zw$qZ`%WXA96J7r+4$fwU4^he>jL|18-z{)ut$cWrk-j;7nX~s8B3SKS0h!Y!H7*S( zu9GUkgQNVtY22tTs{So;noEp9bBwIdGh_#UXx(!-?_Qb!Ke&;NfTnR*s%NA%P|?K& z#%*VO_oHu+>b4m=@8Zg{>#wJ+>iq>WN5y2ER-KY&Lj7jKI<0klzfgrYDNylk8if}} zAX(q#iR(%?F=W0i(Jt*%Z$5HDOO^DQCc()+NxRcl{ZkcWBXEDW;yJ?7fcY4twsj59 zxv-h9c_r|4eBE5KqJa_(Lk#W;k#b6-BsTf_=YCTz@ZthH7SqHMD2ufjDfMcQh~sH< zBYx$gtVzt~$>vG9?i+_+zi{W+({Mo_Ns96uZF{~srEZMD2GVT9J}hg&B(YT=ip~zA zv^8!io!jC|Kd>#Wmw+V-D~E^k%8fqA3bD+5%YCkTu2{7|HE)P<95Gpt<_s2T)3Yy4 z|IKdWTTNW~3wuoXO@=O6MTL($nFTv#9v^e-&5MRec<8^l0n@+4?sEAw=;!$Qj$BvD z$~&?VL_G27{SB)g>W#JT+?T#?W){zAidI}EEc7?LK4WF+t|2;-y6WbBv~YWMki#1? zWK*_01+{)zM||6Qu~IwCd2dNnKA270`ZLGQ@SGQMmTcs(XRmn{fMBSl>1(ROQan`x zOLq2^pDn3-mvl?@Zq-auFYdoJ&{FmOr0R7yLxDYoyy#P3aUNe#d^uw#+SlTVFJ!URx^CUKi)SCXSt7LMN=7uQ>5?B z1r9mweZ~d4VY7TnWco?HVO-?VOyVZ0{^Oz&698d4zf$l;e5%6lb0^N$jo7df8bUl5 zsu=4dCCAM+5^Q=c-Vwz+Hzi;g+N>e0{Ic{z8V*LI(g4WNpgk zDUJmknC)TQ$>5e$U4pXfvm4@xns6WOuKj0Wa#>Z)S#*ZF`gqxir@Af`59@}p^u8uZ zAjn_oZyQSUnSuJp?7yQ0XMr<6V9xn!d&dOc@y*%T+uX>XsI*(?rr0r*WBEC0L^)Z9 zjhT{mJzWOAI#Q#W)-bOjm@jMbWuz=}vGp9a`glOta*4<2R1?Yj18tiRBs6NKlW<3W zvW`NtvrkS>tv&eS(XMPhva6Nx;-a3APgS%>#>yMjZhE6A6UGin2cV&2!q~1dQEpIM zp5p;RH>Ci*@S54y*#4bWoY6k=b&$58v|I&*l9;i@ZzJBi{6W>MQ6_-$5l)-pZXs^v z*pWb zawx{*N&*=Go*idyy!s;*I`bzoD5`q*T+vBh9Y4=n*M?4&NmkRvYx!PqE)0H+e1Cn4QPQT9{6w?RM|!rz^w%( z`#u^BtOGEJyl;N5Q@0_aBUaaF9=2LT{iB$bG>~*S?A}*JIi8HJWL^dNlYIsoJH5$r>3tK8(!5*MJy>hx zlB~a3CKoXCJ2b~_+{B+$lJULHzBfByB`ukkxdib345XJdc}sp~K)1LvJ!P&{_-pE+ zkNe1g5$>2F-LZkZ6XcWcr!QvYjSbHG1x}y787qAg!7!ko^9&3RPP*Z&+`wz3^%ieI z7v|!>SI@-p%mjDUcRdW;yC=u6xP02w%9&kLk2k!**W+2F3fFo&aX!B#sV7VGi>?D{ ziGp7S;@IsdnfQ?9ksjKE$uj43%U`MBix_@fa(pax@s}l3tZsuLpCF8>me3Ojl*M}X zB9t=LUCooJTkROtIWyujQ^c@eL+RG@`YqY|Fc5;0xMMBTW`vocUp~MQ`1|ITdKerx zoV~J7u(nNw1i;o$+}5yeow|aH28@f>Ukz^I0V2=93gXuvjwRdCbMkOd%aWjE2 ziFqgQ^f7nltzgn;Sc~F#@00fHDng@X(&Tyx42zz;MTO#&hv~SGr`zh(Lu;R}8*eo# zk+VQfK;jpq@DbzL!Qx<7LqjW5L+W>@9Y_5N5&^L+_99u*l0SE8Nt%S)M)fZGy7(cS zQSNld?bi6$(7L%3!X}{x6`>2A68Vvy*7dM>EX7kkAs!t+*+eb%z#zSoVjkZAqu2-A zbzTPTY6t*<8JH(hR^I?(x0r*6aa?przAHcTLwJ_sV&%h*zDlXt<(vJ;l}{R!K2Fn7 zW$V&Wcjo&td$KKUG20QnHgD@fdyQt+K>bzwS=!Yr<$xqn7i_dfD%>~bygRheIYBBM z^-~gp)~l7T1v_u26w`?KOJZnL-=)@gM7#LH;xO5uv(JG5^y6TqBZ1tts6IdWo!_8S zLiObLiCKu$jsO6!0C}QMAJt7HBrcO=7CwK28lrt!m;b^{`d=%A(;*um**B+lxlw6w%Hioy&_NGhRva2=ZvY2#H zS4)j_--wmhmh)w|#3J$rWMnqnmt0ljJ326vGn}$b)(@i@B>Z%5#%l9)p&Z@F7RTJh0ws|J{!SK`sPLfXr&~^JPs~GnifM9&&zCO#J zO~1S4ug#JW@D25QPurNH`GwYdyEhMg(z)`W$DhE-d`Pn1p=Jhj2^8tGLe+C4C zG%(2ub(R;Zu8_+8=aHv5*dCN%6Lr4MPTi3AswsRH4(x;T4SPbW_Q-wv@TT;Mdgvx| zO|~I5!I@Pbw?{-rvP!wNu1YjWwH-^k_lsLI8%UMutiCl&uId&)>t%8@+1qAEe(v2M zMw-8<(MK82Rj?b@O-%3qcyr)s0dU}}BBQue6VA@R7IE#;o-9dkH|EDf-ECC6bZbSXR;h&B;MmHlMSFV7ejxgJ1XE zYfp33YHqmY)xd#7wI^e(AT5Dga@XJBYb;ujNB8y(8!=oYgfe=4NSAK%x|xEVlB$*X ztDrrkK#a$ij(le}V$)i$yZCzA7j}^s-1^i0RW<~AAGoahZpE*`d8>KttG4H8HHNx5 zfN=A>{&c~p{K-iD0Y0Ewzf>VDVg8xsm_D0WT~+_gw6&9LK!d#Cm@{-K0sp_?;E1TXhUo_;H7{ z_xswz_p{SSTFMMD-9WP4<5`jNg1cdL#J$Jsti7f6;&xx&)2r<)wLHB`%xZAI%-v_s zh{XfTC!17&_pxTe&?^;$WjgnH=?U8Nns$(8Q}(8nVQ0imVTfq;6Nb=L;z#JR$~eilc$^z^Zl7y4VUVhX+5B--O-I#xF8Rg&X3@_->8J+8w8j9S z%;ePivh6S)*!PuF`UMU zRJ+th;%=Q3NQ!X%#%X_7q|F7Gr&wFIU_x@&;>Nxcd(#%#Z47roL!1#Z2P4a3Ol!|c zIo$WF0h(Bk6>ETorlU~>DZDO)oCKWz*a7sVoUDt0)0*WvcNv4vQQqqxq&p8c14B6cx00*<EC?yX7r_%CRrh*!_zeq<6LuBNvT`^Z z#&$Rx_Nj`VgMX$0wIU6r6t~2%t!xo|cBO_{xFhu&7~BFCS!D6DgSZVc57eg*wzz1G zUlh#WN53LTWRd(vb$}q?b!vaVSHK!Fyw{(7=jotKq};bp0ALuMw~JY+DE? zI0WTT(#h(+Ei1I8A}X7uRHLO;XXh+YqpmH1`Zh)FG(v370)$DHgF52j5gLZ}8zzY& z3JZn8rs4K4Dy`>4cog=wXS(|eNODF28V-Xm0TmQ3v#v!NUkXwUFs)S=)M!a*tg)1c=&=p4*x3a2Ow%I}|0kC4bh7kPqNXCtHpd z^32np=Fh|470d1EhvMIjd7>kyi&ucSWUqEiU9~Mbu7M{dS+tq*q-gk)Cb) z%Q(zJ(88$@h)9w+BuQrd1R3Wx4o#nQZ!^OQIAK2`1@tSLm>6%`n!Fc}R47*B|Khv4 z0BM`qPy5uPzn!hb!Mk`}lG#6OID4eK8ZRM)0H)AW8!SM5@|%CmMeiLd{nl0D!@0ao+O ztRzwGWgNfbmVu-!4FU6_*Ol=i#F(Ye6U!e@U0CvtJh3=FCwjx`)xxO84TKaw0Q=U~ zgFPuu#EqA}C2?a_Wc_yO?|Z3rnhZYEF#YztejQb8FH!4mUqgSJ6U_g~rH4JQ5`jrx z)7-+SmdW&V6A+%twLkL0_*3>&yfDsWiFt`Wp{cf6uxIK4>+> z|L9j~o57^4)`tRc(HMT?150WiXB{C6xg1Rja4BNA@{q~SC^c;q*8BEzFkAX6$Wt$V zjYnWx(Wl3AHB&R5V5T79=wG+jAr1`Ek`hl}SdOmDVx;>4oyvt8%WmQ8M`5G|b5D+x z>i&KB=*O_0r(;wJHC(Nz_C@d~OzFawL^(usX{yXm`^Sk+jv{Tv0xQhM@96w-&vzb6 zC=bfyPpv`b?~mi@%Vb=@Qomm|P}bPiWHF!RqkW;Mtz`Ff zCS;JE$+2(gl$d&Z8ek>WL+gZp_<5n%5Ls=Xe2XS{p&{1F4%7bJSKRI^TXhVvYwQu> z1v|>}jS2;UG20hrnXSimfsR4yN|&oqdQ|$T>%p3hb=!x$*e!QqTdce_2W>Uyl@?&4d3$#8(*Jx1+&Hd$;QEG+b>t&xMHn*HaB zcRmieJqWp|_#8O1QIlRHfqkE!dy?#aIak%a#ePf0`{IC6L*?5=0`np(F&Sgb!03*8 zNnaDa)aO2|jQS&=Hfh;OHqdvOaEebM(GGxXe#1L_;2hLeCyLToOd0p>&)p;8Eif{B zBw_c14K^11`cbBA3ZU}a|b zD9etjhI;Vzd_RG5-*zziG(g*m86})ErcDxOs-bro3sPi}v>uNa##F0A;Z{uf%?6+T zc96bKdMM4nE>sk4WxFjyq%bB?m3nqT+tN7dq6;I4+v9!)Bb9b_<*O(|uWXMwr>MM# z2j4o_LWKcywOu1JKooo38r_`@&JqpazAk-#@xF~p$ye}umnIem`P7<6ADlEEegA?` zkRk$z@xeU~?Q!VXgwcsd*&mk&3syiSqB_(5;Cow$R2s-W_6K(sDN3#}2bit!s37cTHfDi<$z8(7al^o{-)}m)CUSbM=*E>V zLPYQXs>CRIj-a>H0M)4YV#DIVVTFhc*u+n9MdV7zBV$CtCcsF*Fy&;LG&g=fd*BIV z__t1;ri-OvI8Xg@+!s6Hw8V8)vfNtCg+OL=gy{vwq)b(j#vFVT3JHZ^rmvR+qf&Upq@AsI&pP{8A%cbS5$S(~Z;3zRE2W z!-Wc_JAusxyo^*AlsUqZ7T<6;)Ss|IpO5S1vC~+@@=aSCZ94_lZ{e^278dl8VwJ+& z=>~L6jaPaT2MtcH$|TjRh+KdKpSGt9D{&Al+4_#4T)>sHUb6{5J1r8?PEU6Nw=;U3 z=T~>?b5c4OX{6e-Kg)icQ(tDIjo6*!v*^oQR;(JWV=s*;d)fCTz-KN2U z05#I+z_)70ef^K2)fwcuDff9#KdfXqe!;8r0CU4Y%2JoXPeitnf6Jn=6MR>jGkkn) zdG)d;FXrt6*nBpIp+kXkl48#=PTISwI_s}|rxB%#uNAqm`P2EUk_5vm^Y{!hUl#d> zQA^qcsk3lJNuUvIIP0yuy195iqh%L_)3~gT57H5NWjAaQjC{@M1vbPNtA17Oayqrz zrU6+WlJ^?$lz?{q0I=xRGIOwsX8E`i99IP5nm(H$kT7nj9H`)m43E8zdHtwx>AL`CC*MQFBOEjo5#v5c4I__|S zX#zNtdzPSGE2hPaTRU3eV`1Dc>H;M2_-o)XRi)qIuT9gVH=y3iGckcD@U?^baOD|a zTFq;i?lEz}JBU=sbA1Dj$3B}%&I{f+0Rk%5jgGF5XTn^aE#&f-BH2oW;fv?!;&`D9 zJ@SQYA3(Wlm^wMz8vZut)x!7ZuV9d{@z(&8XL*8 zrYPlWl`PwBoS!N960Rot}MtO0~OjqH}+L(?a)bisiDsqIHX- z0u1p6b8+c8+&JkaX@1*`xAymeLC#FB-+JdHa#X>(+VeE_(y)}=qk%K}+T{E*R z`T*7>$uqLALGXE1Ki1Q95p;kfXDMZ|kF4Yz!My*-e*+mGTmi(t?s#m#Lz@ByNK-uN zFoBb&&#U_=*n|P8k0k@vhvHu^}?E!g)9-@*a zJw+i@0fsc5+mQ!C?)KaML=p4?Y7#V8Z99^ULDEawwWxRx0~R?I_FjIN0EdQy#~Kel zN07i;@}@B&j;8A|R=nV$Yj8G@eIzr_#{-IF^EtKFKENmB_0mN5&m;N#BVE_HL-Okb zr%gLR?Yx0v9|LH)1K!*_eG`!Y{wpPyHP@b~4M4hFfc~A5w!vul^8!rk7EX#2g7Vht z<2-d)!240s=qEAa?k3CYBBmN+?4*y@mnX9Q4N<(XrB79b8d!uwL*dIxmG$es_0ffI zQW(|q<(gSVH19kBf9t0avm50s(1pkPbN3-CnEW{U&d~Sne#XXE+F;r~(orPKFAFua zTCyBm43=xtA-Mqfx%aMoqWmes|<9l zSR^4M=KcyWcLlxYT>(x|P1rL%QAc7Iu}gSG-r)AJyb#JgJByB0Z%=Y_dL15aRsmb7 zvbl%RAy%w;a}OJkjPE;-bIJA2*z9~v)v9=iKSxq-xJuNuWu&u&TSmR=6S@@0U9sp` zZQgGmea0z;hRNj#Sg*q++pqw_TwncAjVd%=Uoy4{CVf-Hu_E7>Lg@R zB4qMn?j-4+ou^~xy^HiwjhkDIRD~L8sY@dA6N-ziw8pKS$Co|zLkkj}4L;XPoJ3So zzWJivpQO7LC25h{>mt4!V+E#5I z>TIVKjnt1_@2)couj%gdl0<%7E@dTTVs;1T*>)k$>@V{lgY#b%ldNh`P31CfuMm?A z%l-Ju#WfM%9kCIwUm4Eep{9^d6sBX5a7CkqW3R_K_5hXHfB@V;dTM-!W~VA*0HV`c zt;2aJN-fSg)5izX5X>k_(uTsolP}ZX#d%ajj)K0_S_dwWKz}A46ovaQx^5(B^7nEs zf{nrdVQ5Bm;Zrz3$ysxhPBOT;c2k0scEE2{8ED#<@bzVl6W~M;+i5d;AmfB7HY~I3 zg#g0B^!1x2Dc^OjAH%Nqj#dRPt*RFj?hz1?HsWYc*J= zx65q8OLgK5;L?69Q16I88)o=tu)#p>sL%g5%Pu7WzlN?)_i(4x)+BSXcFxrm7suRj z^JtxyP(`$+!n-2*=a+WvnJ{p(B!%0K@g2)>BsS#^_Mmpiw0fm)dA*_kPQp`zN6{Pk z6Wu$CDS@uguM&wnXbm&kh|AHxBblBZ)Ytl z7X0bUa*%*{Sd4Qk?|%a%ab}&01Qm438hfnR0VuCI>p3vmmgU;r>u}@(SAFK_=(A4& zcuxM3e_N*r?-K~5kO6lWMZD1T!}?rIpLw>QYci=-LHO2t!vjq1yK%b{TfA0Rx1Hz2 zYM`wfC8x?Qq%_(YyJk3L?qW++&nJAYoQM*4ciWjg$knQUV()(G5d3~vdnmUc&Pw~A ztYwZuM#N2kPa)Lgu69>#y77J~%S_ot@)j=IEgr(LvpyG_qZ;pN2j2LFbn5-E;0d4t z5ln|y{*lk_=#8$6{?Tm^fBP>l#f!uqYGmkqiu|5+snmMezY=2zDWS=Etf6^~__ebAYQ$Dohw`A-PL%t}u*@_& zp)AXKDaRUbVVk1D(dsePceia6U|;l#--;CK3@hKe?=O2u|Msh<38B~_L$(hb@<1T$ zIlPvXyzuoY|oACJRwfhd4g(Ib0yXU-})M#Vcb(LxdtzFd|I9RT}e1&Hx&Nb4@ zMDCMGs--6Ka~nGR*|7cE?<}u0sDuv3fKLB@aryAc__g?FXcB4mr@Q%|EtCDSRw|#(#bO|Bvr$J6f*&^KRlz8#miF>*O>ugl;t3 z=ySW~;1lw5g4gyQ_mbH^SaIseaHNB{YWm+k=j$ONg!a}q!K2LPFm)-NETlV1G1~r2$hjYS4*tK=@&Caa|ND#m%jEHB z3;pXK|6Z|wuh_rZ8G-*-Kb1BC3?cu}0{H9d|F3=!UO)HCw~1@554~fykG6CA)!?re zJC!hjUu`jqp7x|wD!OHsqn!V>W!0_B7|_3W0g#qAE_iY1pH3dnpF+JW`hOG1TCGnc zZ>`4MS2b@@$F$bthoHBXpg`c z{OSKqt>ah7ea~d_aTHtGsD}7hK^y&qb!GcI12i|s+lNAjm{Ew=2k@V|?5{{g{VxEw zfAtXj`P*x*qs7~vBbN1Xmlwr799yr<23Bk6@>k#=zC~UHtm<2<%XN;ffb&o3JpsDJ zZcDfP-@obKW1yb$+g`S^zDbRmqLAH)zW2PqO?VBs);|!!7cw5jMdiQZBG9@1pU1_A zI+w0V&(KQz#(poXXtOQg`Ugz&|La$O^-a*Uyl=j&=pq$f2A6q8JMj=M;?w~Wm?mhs z*q>!#I6@>Q)c?230-%!>2o49pG%wOHAqc=h{-@_s#0x+9f~t=9Sd8k5WOEKQaqp?_ zK}V*#5EF4<_r0Hvgb;p9N05ysh7hg5KlBed0`<1Q>U|z=`Yfd`IOHS6Y3@P&dc;diN z<3gffLIyzN{DY~V-9Iz4sHcY*%lMr@90TACxM^+& z`1|Mqe`*y_lRwP3TW|dZ>!ky?p2G$s0|>e#N}DD5|L!@7%HYEfzH@_E>3t(l5fO5@^o$mc=P_9?b3;y_iWnCJ=Y2vQieJ% zOBk`OytorR6eHaQC|qbl8zgkM*!Q}Z2DIm|-L(vpSD8QC2`N1#WiZnvZLxG^X}9wne8e3OR=187Tts5pQ70+Ngvf>tdTxmy5bkr9Ts2Ow zqvL#FF((61Gk-~1MEMS7`(o#onAXRz1}U&1ahekxc*}?lpRj@NiNWG+p@Ij?IC}TA zj^x-_YIq@U>DEq+jCeaB1cJM(RrpYVX&|Sn?g3o!;f*1bjU)tA8wW*WSSHoi*)meWq!m2m$3OB-v`>OaSo{62P=ua?`A&ip*x_SV z^`$0`r^(`OyVjoDPn@1@*|xNW6P#KlX`6(~*XK+39?lC?6X%c}2gDwL`Q^>2eJ>U-LiFdTQFrGCW&8sie$Ci$ z-^|jWEpmU6xz=PN4&;R9kO{C0AkTkbSy3*J4pJ%fv4>>2aE2@U8`K38p;S~RxB`wI zR*TrS;XDqr@6dk1h*1d%%Z@c`p2c0QWQSN~HNw{FIlVeh%>li!A%6R)_GKlsh!F&p zRHK0RT?sF7gWEqhf;Rht(P2W)htuBA;giGPBNej&6?!fR95xq`XiJfqOz{2Agx^r5)a zi2h*qv(5G>VfW%s#2N+}=ql4lDX)uz(OQhY6BM(BSG*5F6i(dm4N1Ry=jz=!UzouS zFE@PDdZmrhNc7jXKy}SnCmuygsv8y$5?UAwEVDi^(K~2)v_ndNuC?35r-jm>%YTB% z9gsvS2f4P4no~M!I^`a~+1|j#J@;$~ZD-5beB085^Df^tdaQB#`AZGkp@%9uMT_ZN z#ROnr9$n+TbGBw@sP6SdZ4A9_pU(Px*B!xz2Wr+sA+VHF5Q7bgK<6O)Mjl1@A<9ZX zWi1@VLdOe#;(!Pc;1#ANvfvYJP`s& zR^*$UD%_1nrKP_k&yxEN7no{I>3EDXLz$M)!^2(3F5nBF;KiNRSW60Z!T06$*<+E| zL`DB8xb;)CC)D+#@U6FLGUt<83=lqxJiWb!71FO17%d$Xt}5kT0$6+vb(bs)*!p;=uOlAg5q*^?h_)511BbT2E zZ7nJ3l}v8XQc3VoTY-#lRC>DB#6s~v3*Cfl7n1%p8<_fq>mymlO`JsFg@8`f$5Ts$-Z$8k z#{tI-|LK}lmU1{kro;c@mY@qh@vAYu-gEY&E_E{1CzXo}hDghNY2U6?^H9ta*Z!}S>sz3Gv##j|ZSQ%FFYYjwnu>0I zHa{zVE>>xZ}#p9#x~l&YL3#x&)M1~nyp z=AZu9TL@09x*(0_LO@TqmF#>8;tTDFhGJJ8 z_B)O@N5MR6Q%bm+#g))1c&1?FPCBP)x{z;yo}BclcWKeu1{U?B%61@GaKqdj#H{^Y z=wzYf5A>XRhe~MKj#<94koWYAjJz+v?Ag~H0J{Cus+R^L*<6~aeU)vd{e2oBZEh6~< z3jeZt6$5)v3_q8I(}x3%;w+s-CB}ok%^JlV=*;dx8xu?u*c3mCC+y=qiB}#7W1XDc zm&Wt`Uw6cHdBSNH*u!_!4ppLvD95ai>*M8e??h9=YJeUpHFGd05;$O#8-f>a9Cb^~ z|8gki`E$SkO_@pQA{)-Nn?)v_;SYxnRo&|yElx`4pA-%MfK)iz3fFnGkEOAW$AQKi zg=X@rT7KyAPm8_Iu?syD5y-HQNmAl?^m=-EX2?azM|`I0=|$$UlMemDN%VpA7oQyF zx{g;rVI(AsaIalXF2IMmS<_SSqRv(`LhDKa(e)(#-d8Kaor_A;oxUiW{Aah|AvF#8 z+Toj~Kd055_KD@U(1(hDhLn-;y%dvyGj<700iWvC)K2(i1X3yYJkO(5H1LgX4u$q(xOk0rj|-hkR~s7N7SxL1M?|rvrL}k8Y*iRd98NlFfYLRB#K) z*qIaTvHJ8*M;w3ro#N$H@5$^otM%1>&BrOE(iZBD1&BA!dkdI^Qcja@QA`ocVo>&O z{c@v&C+o0hSgpIraCGN?{8b?xcE36HHvyT4cG3(i!Z!{cV`qR+&QW2^(XVWG+8VJ? z^4puz1Qd*5vOY_5nAdzXnf(ORqM23d<&^8MB%9)x>E<9$!bCeT%G4=HjctXf z#sg|y2072#qO=Nh=<>D6uk-aQ%cKmNF#hvP$7M8=__TA?;u-JgByAGnM=NcVlZW`# zSwy)&4Hs62OSO%B?6S*IWo8|%j5xv2YWvh}LIcZO5d!NB7SztIc+U0uL5TcCjg)-*@&J~!`5 z;uy_S2xV@y%1d3w1>nZqTLCrOHh}Nd#_oF;(A`#5#zkvJ1q(<*oaQ?tO;~|+^@j0@ z6KAep`c0jc3!GC#h>n*gH)tm25+FC_xC2ZyBuY~tJ64koWj2K4`Fd4vQ;g~oDvGtG zbN2xa0JA7PbG(d!nIFwTuU3^MTRtQwf>_Z%<7}o`x>s&`wPUo)D`hD@nI~z1t!K4j5rRl}))U$6?tV`Spb;V5+oTvb-=!^S-7k#B%RWd?$}9-<8XB=1zz~ zI}AkJNEK;v-XKS8vFqEqB z?O^QS5Kq@_Zg?^5<;rR@+Pj{!xiPYCJ|f9TE78B1AW;Wf4DbCbN0#j0YysqABkF6M zTc4F9wXf{mv3^nU%03?$Q*gPb8727q!KMs&+0CYe46$*4fSLK4v#y%OKr1!&axbC| z@k2yMIolqoZk@dUxurG#x#m3|dYQQXWn*`XvEu#pso7Yev1^O9 zXJ^}Z^PUO3j!HP2h~teiG2ANC$2_c~kgY!4)hnNnnAGHhJkd{msU~3gqJ7PCd%_ca z%LJ*=Y0EvL5h9W7FM9XyGeBIc0@2ecFx?2(zo<*4e zDMRb9>YF8xtUOjcKU_}8U^;#io??okg@%DPe8us6+V#1c!>YY+6EhaX>1y>Y(GHUO z06SKEK?hXK{EYu@%ZCF>tHFRT8#2$(mDd)nUJI8I$Cj!~Z9y?KhD!cRv~zSI-155l ze7zltL4VbhdvxdJf~pP0g$c3P@7R*;jG>?3L;diER3*=R&6a>X6K|PjFYBvwko$t&ouoTCmt z(_|`PinKFZ?~D>09@@1dt+>?_-;IPMy)Gsfbh$r+kKjGWR<=I_HIP|%!9ojDu$Tnt z6_oucpgzS5xeKqjPja;w;E$a4N{=-2-%<|0h_qKrsQWHG2g_R(YRSVlMBlkAqFE!z z(|mTmtZr%$H}mjhBU~o0>`US#&%P~Qm~x*a^;~tqy*OGoiGVc1X2x!$V6rOb(u+xk z>1u{^k#&)mJ6R6g z{Wh+*Y(cXIyV8Xphc{y5?Hr4}pfCYreBfq6eIY=IFvIhj#8#wH_dzwns_-Ed(UU~? z3RHDJIic4L1vp29rFr=-V)&*>_8U!eLL1TYXcOovjBFWvnS;N^Zn?mSgcfZ(%Yq=d za<6Q@Bqd8pJ_Y1Y_Bc)~iS8A#A2^PNDo)Em?Qp~|2k2~)0XC6*8?+!`fM}G!u6W+4 zG)b@9WG-l^L+h6*b0;}RO!hzHOT?%Y; z_lMeh_TyjQn>tS_L~1qefwSq8 zEMMTLh+a>&v7^F$5E4qSfv`_;K&_5Bpk{MZ^x*Gnr~~)JuYq{Zu`)=;FV-J|9eez8 zEB3uJWI5*$v=~VMIyr#FZjd_qJF#ar^j9b2tBFJaZTkzqjJSRx5MUqjPu7?vOM5E2 zJ3RJp;SP^nl{inK1aQmO!&Gm7|E#l;Tjn%*OYrm5fy3k_b^YJ*MJwX%zi4YEqg`j; z*R`A@bx+q*7E3K&4=v23?5cC5#jID#`PN+@Ixrvk-K}B)B?u}gsNL5Cqm6sul-$wXcT-N2Y@&X{Nd!$oM5^V)Fav&}>LR`E11* zQBk+?;}fk98TY{R_tX=iZrW}-R};5e=!Etrk7kK3KsRY`k9e8qidAZ0o#fQ}M_QFC zW)cglRT|#$6QMw1vK}SIEN*{WJz1no=6nHVYm8m!Ab>s9iaB|p&}ycnTO44LG;}5a z3duFCJMoQ8oU#1c3i?%+%S}S83lz<)k{r+I=fH$t>sPNdoWdc5_vTM(LOkpQXCsUK z(g0y*B|x%$>=Pg_|MCSM?^zIiYzke1dEJZH_T55LO$IOR&ves&zI*XfWROzSvqx4> zF9#}RYkhgF7cC}lrCGqwseF@{_gS0@t=8j5dMc4uR9Mb7Q+&Y-Zu4NQb3?~Cd4CJ% zB-6d(N=QkRa7HJRQY3_(2}B9a&02fW<@M%;^!q;omGWA2xiw?`=;^|f*jdIVNA>M3 zdk5Y}bS!)P?$?x|%~bt$3Y6r!G%)!|3>I^>MYE#L0!d7|?)Kv2vWz|qL3b+*x(Scu zHxRn6Zqe;6cOE2C+qj&qn|pd{wPz^V-gZ9d{-Y0EZrHESvD9OGO>!rp%IX|_Js-nU zh+hY)lJ!Lz&{aEY7d2PziWz1$DX*^zbIg)hrLw#D-P-|k^{jcOwc#fc%U@dcj^Flf zeHX-{^pw?x7p$ZibPLVQ7XK;+gwC=RDu_TkG=|%vy83_kLa1-g_=ZB;G~w zM!q+H(?h*|FL>%V@|{fijo4(syfUTrnLRkd=oiDYwa3Q?W%KKSO@HrO+m*V_9zQSm zO3UT4b$IHg1e&4Mx5{`iMxqgftIVrE4`$H&1H7wU-=dlA$A_AQjz85UMb6dM)BY;E2iw&+Jb(H&q+lTTRk4#AyU0aHT0kBY`sGQR!cc9) z*b~pLkEEB$?%c7n@z{OMA#6D!QW0J7lJAr}q`6tUVc$>xic7mI_m<#3+!%TTo7!Z{ zwF?M6748#7@E^kRE3z>FvL=c*opQjuI%k*9wT(y5vK22g_11mW7q|B!r~YEM?omqu zm%UocAfv96Q2k6ZEia^6pp@%fP^$CbnXNHcaLlM(jh2SXI|JbyuQz8YTV@}RcLsc! zcEs`|P`JR=U&mvGq62QQda?1PWKMF{Kb%W6(>AkS|Db_{dI2CNCOt~TPFVNx+j88>Jg{a66$;`A|15E zktU8}QX-n!?+C)~sYUdF(^xew?Nx~xDgvi&?y)92v6~JlQ)3nm#77Y?PQlSd&SH#n zH*VLSQ6bRmZR9}_{f%*_IGSVijRw!tUE0zy()cZ&PfwCpsaRnwEK$7}7Vba9JB0-2BT}2YIBPW_ickV1HMn_OB!QTH#SAFP>&2{_?bwjI7gKsC44Zp|n6=)A? zxy}O+f$>;g1T>gA_^jW)ob)_MU!a!mXu6xF%zyAf%Bp;SFCUUlIR(5`N-sNNp{w^} z=*4W9v5`!`2ybhoKtz1s`kf>#y|a%67X3;3j()C;Hdu6)qIsgw#$o<04j2{9eroOP zoxlgk06tnuDh0d6>tlD*0BG}tRl0wHd;BG7Zu0Su?wumne*K(&0`eIWb|ON5>04nJ zWNSQent7i|lpsrGjrmHr&t(7iB|-_m8=``0=90)3r9`zq=Ydu3ZGNDl{JTE4TD7l6;E{9= zE5q&_)u`MjZLUrIL&`^b(%iFEM{hOo!SUc_7^U%#gru8`vBz4C0g%J_kKy=w%58XL z!x;|6rYl==+V^EnLL@Gb#?bqkv}Od1?`6rPYlGB~j&Qt}S06VoPhKZWI0T~3J93CZ zcF2DUJ_I~UHfo1+=-VjZSGw7z#)*I9y7+kaBS}Mwb#qLdD!az|=aIWXJ2+HQ2xaaI zd;5rfC`-6i=diiPvC>ev4peHS@9Vcw*eNYDQMVK-Xg|vUU69d;ViosllQ}9rNeI82 z>bND(B4QA{V@GVm{Z^mJ!sS<64khg$G2=X94wk~NotG;XW_}0|iaRI<_y>HCWfYYL zRl2|}zia>p3-_Ak9A z9>Ak~RkQUw)XU6pqM(1_H941V`DY6I*r!(+DO}zUs`aM22y&9C%u=L(r#$A?dq>TS zp0}?1vv*D}LfG?UAm%k)KDb$^VAbxLGk}mnP!9Lm8s+P{BOFa~qqF-JzszRt2xPp% zT(6a-LHln7$dE22oNwSSV4AEU6JX-!zet{D+6SF)&pYD zHpl1spwRA|yLB5IJ5WJ)?G$|mcEQSs$aFOnvYJzjc>s_@DO|AXq0p*=J6+Jh=e4#I@y*@r$tl z>M0!4^vH!Yg4K6A&MFzJZI%s2j;vaCwxxOm=ln?uYdd5^yyOg_B}Agq*RF3T@J>3$ zmDdP~ZCM>D-kQx~e10GaQj)dc@)=b)U7VtL%}!eLr(wxE8|B-Ip8QKo+k2N9D`1%w z7-+-zJ$&A*#;cmRo5dM>h#={*suMQWW-qWHUG`?MWAj&f6>&7fY*wqo`{Qd^i`Aq z&c)mz0v5{jYTlI{~gJ)pPkW51N_7P-sX^Y%Q5L?E2! zVhvcs{i7Q>PDyj8j@gHSpWti6cx~pGBnav9&0eF~L973?t;oZiC2IRf)pH>c305Pq z^enwr5UgUFX-7Qz@G&RzcD|`T7<1l02w^1zFbBDKSq{}#JLva)f3es;i0D6=gMpJ5 zX^fpjJ9Q80UQmU!<8+HYlzu<@&KWzswb>Cs@F%AUc^|BjE3v|(E9$UT?fM2c?Or(f z0pWjs6yK~MYKfiNh*$8?A4#oe({n%Gz`&shxhPKlafN4`;P+Ku6X#$VEUg$xt2wxx z%Q*}u5PcBfBl~*1aWL)z z_3Oh}vbj8ZsrI%GODCJE&9$IEEy7PudZNrl;vgM$4lBGUv!H^ja*0I)c&LO4S0}yk zimbS2%MwBm=wPE1(4pkQBz!_CcHBedkSEOkS#e*)`#}hygF}F$eACo)(pXrce9z~E zIMhZwRDAIoC47qb>4t)50-ZEb6kp9l@LzYZC4Pd3a~PNx*GcKLHwHQd~X95iI}Y=Rq&T@HnZxs>AKSDe!?Rjd6Q%h z(STcCnY0B;X=WJ)Q73+NIcs&$+uP;ygq#o6UmuJ8HOsWj=@F>;4IKVDe^QXVk@G$r z{}rx6aEAHl99_;Ld^vA`|CBH1dJQzSs371HK^GO1xe(C%_De82SJ6E!c#4U^D26t2 zV^ik#W$5rhoW$+*5+kcI>6E=1{(W1<{s3NJ`t^YhV))jMkHJG)0C*Xnc@?-u5&kw~ zcR_5_a_bYw_=2{58D!yDZ@mTrEp$*YcID?zAHHipy1rgW!LuLtmRo!L+1;*DndIHT zFgJoBFo1xHfq=k8!Mej?fWH3rMfV8zRVieY!qNf~SFJqcLS?Ryjf^67mB*VZ{zD6f z-JC(sfD@$e(t*P^{;pSDPQr(e;=AXv7k(O>Ds9brepZbG##gDw#OOLC5tteXuah;+ zg4&x;JrFHDMh!A?R7{5rFZzh)>G~3MV^MIzDbbvwbt3^ow0ljv_Xm~Yh~h>6y(8SK z*a4eD5}`}BLs!~z(Q+sd!HlSfo5;h&>eo6?R!`KtNM;JEBerRTHRV;H2VOc0ITup8 zgf>i(-Kjv(q-X1v5Ris3N+dq2AB3%m*u7 zQ3AfuacFw6PI*FGd~`fSF0Edy%c8IL5Q5h5=C$iYf>+{%oBS7Isu%i{2yt_Ua_7GG zLNb~0fbJVpirzPu*uzNvNNIOuClRIP6+Pg$_sGLE&iz?cm3i-!IW;DQY1b`ag7@#E zTg{>=2JezUg2tI)={Q@oH$6Bxee1@~w}}M1lRndOy>6F$ik%Se?6jqv?vzjXAfCr3 zaabq`$WBZ7i#lM>`*E$XflP;3onQz>i{YAYtg9jM>pUT(QIy>}cc$w~Dy8GqUWn(U zeb(-=1&}Y0^5U%WT^=xu>RuTBn+QiQHFiT^_5NFN~^x$gZRPvF3$F9 zL-m(^NX`*L5f;`Yu=-y^q5`$3ivqd=WtPv{lA)*PbzAg9iiyFrJ}M2dRlLwHf`FK& z5`G^gbs+BBGpIHp;C<&TK)LgN66{FI_g&kKLv0pN3dcprYohN^Vi=?T9Js~$X+iaL zPNAj0kR)~nHTp^+$9vej^v-FYxa!z($@lHn1|Nv&lDy4Or~J;?MAY&YGXx>Z@&@m| zQlbs;I*L8%*RblrxQe$M8?Se{X^Pxw691w(e|lUI z?2oJq&oa$;hVzQtwm9D>V_64j#l?(IeBh4E83-kMpe_pWe*L2rjbv_1++zYJ-DAzL zTlzF_WLGc@k`JSkbT*?nWBwA2x$W|Q1ND1eWRO`n0)vnEIIW6#glQ162@K-K;bW1; ze?R6+iq{QC@QPf>z#5k`87uc$j?4=R&H#b^KsuP`*Kn=2)o?epu?rEYGEKvUGx$nB`}_nB%HWF9i?KQi|)|6?@ltX7OO~74XiM+G;Tw1s)WnTVQu9 zP@9JM)%|(j@=9N9I_1ew?Ge28SL((|d_&Klm-ins*%T@^l8B!umc6FpMYdE`3>YRz z+3ITc`_36{c|C9ae#G)ItUgE)z>~IwY@GYS^+DWFNm4{;>3(t7*c%P2m_c34CE`VK zp5JFm4y(7X*cDyDq?&E|J3IcLi~nVacCx3dZT)I&avfSHzYX$#`E zn|j0Vil_UmFNxR!8k0>iD$XB=f8# z$LH0A*~)W|=?4x&@kcmUEW<7@cN=V4KH(E8o4K2fwe!m{`JTOjuGT2){`CIHn5}eY zSZi0+a(=;#ZQu5a7}$a~2w^R<_RID1ECbz2~X~4`u6oPLvp=(Lp2Kk+k`G z9mFuUM*G9|?37VK+%z!Db9LN$4X|ElTTUjjyO4TJew($Ie<*K|Rx?^6XOm2OKKjXb zH0t46Eur#z5C$~$@2l+e@2lKlPC@o^kqFni!*?fy*B#fEX1Ie$85*iqd*9K;1^jXK zDU?W3#;3$)t)=2rQME!~^g#FQih2J0bEZ_4RmuWYV6iBuC${nYU=8$ajTX}Mawy;N z@_3iaI?r`2I2l}pCgP)GbQLsU4~9a!rfj zQDU-+c+s=z6C$+}VuniDaZ)4+63Srq({$@fW%|B48Rb8D9*s`%p7q{=loB?VKdF~t zq9k{qu49@cY8TSF&Q7(M`0;%Ar^h&(pOk%d$CP1CNmv&5SEs1f6;0=y1Ibyro&G|& zU7@^`l1?1!ULqp%FevXg;A+yfJY5>q1}b(P9#};zzSYECthAcZX+jJ>*BQ{>>goO+ zx{QOd_0h*zaxyq8FB?c_XcF`*$Bb8Z#PT>@zo|!FtCU$1=?;0__=IH_Y#QAU_m+*N+?CCftjBU9r^2XRNic zslL5vt6tgptZO+N?T7A))W*Ux>BY1a+j8lAyxLMzcx>44__v5V0f$m^3CYcA)Hmc7pl|tb%5qafh4E_Vw)FTOqXPCdAc07&c^-E zdo~D|%Fgr-@gIQ(*E`SNvd0ndkceC*{kR5ywVn1NxEjk}Qu|Iq$d>aQSPm5|;DKFl zaAe}MEbKYzYzX#(*3cFcF#sPvpY%>34svz$+C3CR1pHHov{O}-ncckFl~&^X9A(WP z6}iekAzSOXRHgd#0y7?Een}&Fx%jkLpK!$N=Tm~N*uiGCs!8)dZ+cOTrC^81#M3sZ zF=ivx76`9!;IljyH#~)ks^NTdn3ygb#4C*a7HA})S^Nr>`0yW4cC{dL7TbIa0Yp&+_YtY@pwh`J|uw)Pu+4`-+^{szf{PlK1 zKIUXen8f>zk(UEDJ{T*y7XOA8t$}{}24fu0Nj||ne6k4+H18$qzgL%{9gab%11&YLT%MF;;Aj$F^?T3>Pb zogh;2lUFh33cb87BRoeSE#uz1P4wNN^ObxVNPPe}%1M!>ofO!I<<|(Z=e>pX%7CoSo zW}DAtgojdxPq*worJrC`c_Ox`0GE%iRAi{N9-{sT?&di;9ivBF(Bwmu)Wx35^D`w0 zjH>*)&e18mR$mQp{}E7W_Kie{YPgw5+jE9o<|M4;=|tNZ0Pz(NPPoAS*V zh2mp92k2a$t@^*j(TvcpDpcJb^jO;NDSWENW+bV6g{hXn1Bx{H=%VQH+Dj z>LBz0gz4TjHDrb3Nk7;#b^R@+psX@(%^bInn&{6TxXZl5XEOZmLgD+0nDwx&G*`&c zEe=v*e7BiC;(x0)-=v&4spr;3L_ZY4wv z@FopVLF2B@EosMcA%UZ9w_AoER}12dTeq@Gv6tZ`R?5wOR&eyt2>-GjtyhH02SpQM zpUH$Ec~K z(iP%R^^T>+?Tp4(Ut4@6wq`DJK&%ZYwJj(;TcL84PY;a(T*hHu@h?e{P~!hd2X%e+ zeivDT-hQ04Ix^}~+WBZyzpi7X|pTxeNuJm%Ji%m13+bA3FK!z?`- zy<4?J^R7_xXuK=j4vBF&s~89CylZV!YU9M!B%vG`7YzW+3E*;yuD9Kio%W9fULl@F z_`huXmQ3f|A;R%0#OG$9{ed6DEX=pWzd1VI&FCA69L{X6nsMW*5@9FWRmtV6;*{9O ziaW;xVtSj4a%z_Gi7po&N#%U`XPly=9sN|h{Xa&91mOV>T)wkQ zS@q|sAiHf4r28VSeIRSBJ)VNP7F?a5!cY0ctle>e{bpaJVK?;QMmlB{EKNb@fCm32 zf&TctqFZ7|*<^d7wRH!YxbvyMUHWixoYJtV#a150Zo#Q}{Pv^x*O<6AGh*%bdgo>C z{1yQ%>UI$=k&2bC7go-%LyaIjCQ!ADLe*hwE?#r)fJ+yxUs^TPhX4Kg#Zk z++e;v?$5`)%i?R(vmyQjzVUSHM>JSL$33pZzM1pI=W})gn9P?zCxeki0awHAaUC2a zZ3>m?9FjCBb8|*q@+f*U(1ZR@(7nAM)m{ic=*KRUznA$(j3OON+gy)bIEWJO z5hZp&a{uLR($4=_6-OT#A35%BveZR2mz!L@}@SmAPb1w#QAs%Hm`K{SDH( zVURodYyyd9k57E0^d?EqHCjjwawR`)SiUbe(&?A<4#+k{VmFkhEzTS~1e~e1@{Q}& z?fHLP-cT}hx*6h4A~-}I{EBV9UK*CI1b1sxn~#mrm~y8NRaQk6#f3 z_GW+cU|BHJhC7k*9gm~a7abnMM&r&$51mV@%<%}$z7X5%5MTU*$ISl4V`~zHe$c}5 zJ}T*+Y(`TFB|8EN?e|NdY$p-*;?cE@a7dmmPhd*!u~1fb_E722`5hd2f>N(>>EP94 zwxp(kxtfP$P8?|iORJp6o<^dTQ{<)aNvq2K@vf6t3P!k@_8W5^0;CyDBt9kK4G*VL z4U?o-+L2wLnL$jyjqadjH`c{v0x|$_t3Gwb{3EOAt@#?haPqMX{pVZ?nIGInx9N*+ zfOJS)yOz8sfTa8U-9Qqu#7mP*I>te#dH;S(s zUc@X5xJ4VL3V46`Qls+taeMA<8MG6J9ZqbrT($|O^WQh3d~uHwFGud#WCw`95YX|F zQoXq9t;B+2w(t@oLFdp_ALZb}@AQ-uL*5tWy2%Ltu~8$Qgp2{nQEK|mME6e~OMiK8 zT(u>F;GjEwsv$X%S*)XrDX0r9jmE8VyK$~|It85Mx^m~AFN}o<%Xme9UYXzB!Ctv@p_Mtw+i2%f>8F|r{$V6RNvixvi&CH z>buKvJWI)8qOVYEP7wO_iFLZuJnuWE8PN1H(^bmO zDhfYGb%J~@!%kc#Yaf+KS=9pduso86$55X&^-?|iQ2^+-zs1rd8bYDk4+2SrM~7O+ z8*J6XW)-Kq_AR2YbdTKQ$>_cd?Ks%+;!$k0)8%~a@HYR6Qj8aF(v(^PHyK))+dP#i zG;teYLW8eq_RdQW9(w2u8og6j(Lp7?#MZWsu(ih@UCl>ti7J}D$*@g^ILAE*pjC)~ zmZPI5o6M~go^C`E-Zsd1Ey;UMOWp;tuL4zw=g%?UWWeaTo;p!RSh;y)aRK8$Rc#U# zi(CtM!xZmkbqQUi5#qe#gZy|Xu4uURz4aC*2Nt~{f8}e7M)KW$e~i{6BxkX6nH@ZH zCIlAHvHF2;Z@i#fvp0_rASbqe+xvekPMk;c82k&Y$FDhLC^ez0@{}^9MlsoTU>Zkb zer9s!rD`ZIVwo2j(5#j&8|$*a)9GfhPzKXQ-%|+Eg9e0`=`|{(4QH@rgZ1bScuj6e zK3@4aFUY`fIz?n~s(Sw15(-Ixg5wRx+1%tt3Ot-jI!?K z%6W0081Up^RJ|vXysw>oDk84Be-;W&)ppDh;DWr;d! zpF^y)ynFkrT?Re)ef2=utzhBD2nJOQzYa3=IxgWsDx}BrdiER$lvcX9WuuL9coWbJH_H%G<{PTdQ z=f4KZkIaLJTy^)mVl(44u_BcvJ%u%3vVxGY=aN2K1h1%re za)MnSb;Z+k$1m7cehcuZtlJg!5{TzoOD9m*9e!IJ=u-K{N*VQ)k;a4WAM@5ED<57~ z-oT+E+FqH_0e>F5seoFO=-Ks)P`}aXYsG}FJXS;9i&V~;+K-u4Ce-ktbdc?Mv$FrTU!|B8edm-gy&uT1>89Ls@-<1uPAF(W4G`U}Ofoxkr&T&t~8ue3Fq#>D~;PNlgz{L`b zs(OCYZ4-Kbk*-B)q0riAzvi0TwJ^X=S^p+hMbUI*lEOK(Tw)?)=BkNr1EB$_e*RcM zJur&)o@#Fm>w)L1K)(NZV0Z1N`#mHX?% zhlc72al$sJn)d#zK?X#J6p7d9TFydGY!&|sxd-;D!HQsB5bz%w4Zs?g3R*PfHKUE{ z0aRQSu-nS*w9jCMQnmT`Ok_5R0Vk{s!}CcbDuYj$@@H12y<14M(jJm;!r*@Ue*9Bu>5c$dL2{lPfWqfy5WE2TLY9F7YX10;d>+F&l21 za&%B(bWs-}0K9rpJPpJ;qhG3(Ck`z(#8-1%{MbCD9_%5Az}I9BfGZxbDS{2IT3Z6{C>AO$>PB>+YFa;M z(Bj#%U6DY(<_@K>DBZNxbZi@^z(Nt(@$_<+b8}C7O7VH>k0Taa)SCCj_}9qI)Ilvr zoG2%LziC3TjYM3rm;9+<^{7_@&a3`{>%TKkc8gW5`{Nk}mNqa}h{ZZp-g5sUsULb( zR92Hi>miosJ=Ha~Z7h*YPwCE88>v_HcQq^?u3-8sH7kdN`OinaJKW}fE22vg5V-88Ej#(`G zxEYUwyCMn8jIeteU*qAx=*}0QFIBD{=`$|<6@DHYN*J%Pp;|%Jx3s=-o(^egIV+JomYbYOz2j@af2& zmfAzctShJDg!~h@xbIOBNq>fddJh`({k)aVk=i{SK=u`6YulQgnuNCLv%8b5(~2M3 zPy44A#pV{>O8@5EoAN9#p(P8E>gP+oZ|X?4230Y_!s^ z?^~_&DX`4$#X?(ge}f(Ci@907A#4{5>VwQ$>0I-an?If^_!(!sQto*-# z95yMJ$PnE6JYXQ6a4lVU-)d*3Awrr`!FcCllvu7O!nkh`GsZ{FTr1QdWej=QoDUtmQ_Hl~4dQkzr*!A#le%alI@LMP0Ir&)crWd)9(!a4oc4wITxs$ zR8sS)*v(oI@nj)`?+f*Ju~#`S2J^=C6C0(dme`poTvWfc!H(O>^R?!f^+}l ztubp*{p$|B`;R+BK*C^SqHbD4AbEL^>{fDRM`FqGSjyz~vVB-Tnu-WOasM0UrqyvG z&=1Ck^`M^o$YM@#+E(S0=6bG5O@47j6lN!1BBG}rMh>|-PoHkuc**sS6FbBeOLr3% zaDLt}`8PtOei+*~5_YwJ3~g@q8&M5WE6#cUzP$OwP3-1u3coBKRPc4BxVr<}N3L05 z`$#hY)lshIWzkXRH9s1dv^!H=wki`wSm7;by-zPGvPE>ug2w8Vb;Naf6FLWi>TVD>eaNuY@VkpgNT{y)RyNC*XX1u+(*NaU~&~{VP zk7C0TgO99x^5MD?3%P#R-vqx+H8nRfJJvS7mpd1rQDc7+h@=FzNtO0BgopBx?2%%5 z8U#I-g=Ga_9ATpNkmNoa8#hN=tV3kv(ANSS#@cp}wdtQ2hyTh~`yt=$>AQT>0#}9Y z^C^F>zt}SC7fc6YED>%Av!K$nm3gA6yxrazE1^1q!kYprnTE zn$l(fstYF_FjR>YSYVvBcQs_35v z7`0!K|D59jKBc*6l6)-@D!Ul{y=r8$vo*%MT_NpdeRSW10>TB;9lJ6}2sp!#>|I;w zIi6mA(DmP_#=2G3&6E<|NAZHi&Pv*Idh50u6TAOv-wbSgfzFvBS(}K+$oIHhF1a&i zqZ9ySD0@VdW$b$^_yN(|s$Vpfvz84&)jXdIG#tK_b_ecC~_y|Bun`iSHJA1Yen;vf4`Kn@<)m)Oqs4u=LY3RnFbDRq*(| zS&Ml*H-i}!5mEs>1=7j~#*1$@BQo1)y|C#|Kr1@!?e1NpajCl@@lRKIwkw-Xj+13$ zDMY=GMO?n_@1#h2n9XUfo0D(T?u3a*YeP8skz>{(BrHH^lgBWh+IXJy1qut~FIX(x zKD@1d*xmD^P+5v;j_<`=(w`^ppS&?rCs-8sz|nrp3U#MahXU@}acA=c4rv_Ls2nf}hK?hc><+ySM~B<}JOJEECAm{%mX4?&`JQiWC$) z;c8FDVm)>Mp9yP;)>8Hqhw8Ui6L)hZrvka&gxDOOce(Ib%D*)z^FtgSuknw$sa*tW zYyo~}HR~IL#Y#(fM}JM~9WsvyN^_#a$W^5=MvKdC#Zm=|r|fPRM>nlSQ9$r|m|8_9Jk9I`W)?;1tBZM0+hK+W9doOs>bmumJow626U z*ZsqHqs_*K22Ve{*wbN4gE=p=KU7Hy!jCTuM}-pq5% z`U3jb=M&eg&J3~*?Gy^)j#jiVcia72&+gDOZJZtC2Om*itPA;Z3xC@R z?+R9ql9I&1a7YC9pdhs5CH5T$wJOA*3P+w{)br`rN1U;eD zqZnZ?jwsQ#O_yXHl2G;e?O-2nsPU61jz^=s zmGxSVr)=g=hal~%^#8CgB*N?2Q|BNyY~|K3x+=WG@Aq@qBdSPfrUE%`D72-Dl4$6vO>3bM7_`=B0n6szaxi*T|1f+G-_b2A7r%VEO{RqB8--> z;SI?7s~jK z)PgPk{_E>j`-a$d=daxP*#i2b)|a(uFXxQSPY=}K{~8#jfq-OZ>4BV#Ux*AAw^y0( zDG{n(;a!mjl+y(`3|D2D4Cf@kH=nB09?Eb?5!quC{zUAxQrAb_HA0BZbdI65ZwZSC ztdPx5>@04Hyu>fiAI`Y=yzDc@*{8d9lQ2$qq_iAOcjjt=(kmn?!kMlK02#i&SbpPPE-x(kg6=UGGJ8 zn&8D!b;!K0`_qJ5BydnuWI8b7cv!i6vN<$Jl|Vl7p1^A~`!0BSsVaLU(p2n;wCuO# z>T}2Xoce}(L6z-65v%N&dz9Lh9N%VOH<*h=Y`ht*k55u+lz8<;=5l5Ciwp#uO&${W z&q&;^-W-nk{!`JWi7mMvB89voMCg6u&BF`h0~=H3zuIdkJ74=gtGjpQSi-kqj@t&@ z!{)fZl4c;N$na755;={5^v(*zPFsct*%O7o;$8>UdP&Poz+n6Kl@gMcZ^D;-he20b0n@6|=JKO?OZAa!g zu8;f6O54Ic{piKd4e2fq$uC?$oS~!#p6dfU3`~``yGOCx6qBPJr155>*cN^5*?rre zIT>CcC<5D{o%ioT}b^N#uZ2Xo_~ z;>Jo;xTHWGByfIcc3Xkes$RTJ)~d+JXpV6U`e=a{2Rd^ ziPloZGk=HvvXu<|#RcFNTAP24NT+70MfNRz@gF)V-hoLC-Mf}&<%r2$Ee=I{El$tm>jWbUY2wJKnlvk8g1iUv_TK@`bAyZY;#cpD(pxhRX(l7sFXbZ9SAB zwzNVe_+_k zFcX3bm)-PmZ0sZp zvZqh}3m{Y7JbyJg=%?KQ!N3_qBOU^VjIl%iHcOc7Tg`7^M>**27%Id8^D(*X&L-6X zZSJT*m%cjlp4ZOHx~E>d>>Y|C?{7f@^$^0_>P(kGxC_Pl;aA4Fp;SP0rkECdyVj!D zd-4peQ~yrEuMr!{6y$pM0#Wls6~%vemA*02pI5EyiJX0dJ_{W9;oMx6S=(Ay_mYP# znvfipg-(A8`TepFvL9AJcQ-XjM+2!=Sgf~q7Bya}4E8wmXjmQbVB)|I$T1=BNe2F7 z9S!XNXFiVRKc@4wd%>HUY<%_eNfk#eqvHo;*rmZFb1y}Ym%r{vnQqLvf zcuR=K+gg_N1YpL|RW7C(#$~qtL+v6Q9SHz?WLFac>Kzs=M%SM#)H`My%{3;aaJs%v z)a4jYi-^k_T&&9+rJjcsok~p}{TlMr$u?;|Q~kKI<(1vGKUzOowp&N(JAMnsi_klc zT9W&39JHg29qU9N62n9DqUj}T<@skv*8hkXg3W9$!ao*El)*3u+k*Qw`AM}A1NX^= zu#>{d>(`6)#gxPBzj!#h2pAyPu_o)mU%%@)L24vzyKjH`ZVAXu*x8pV3!a+w>rs8U zH;OPnxRmjt=csCuo29N({{oF$PrMU_SE@T#g^|0whx&Cy%1JqS={Deu?)+vl<~F@S zl`cKQKJZv)Mm%GL2B@U&|MfFNAWE)Nz?@1qV+W5Su!H$Q2gwSjhM^<@RW2VE-feq+ zb4B$JA68l>fCj|rQ@Pz%*G90_+T8?x87-~6=7k)Xqt#<>kv7=$3uf3VU zz^7i^CRK_QikM!KqLOhai*J_C(pK_pr?aWN>p30eq zBocTi*RmqcANO6JrksDb_j!QcHbdQzD?8g+w6!m_K zZX&3rRBhw)q004Hnb?@}v~L#?)bzAE7==^Q()GswDr>k+y!L}waCcKpYhXDT{|RDw zcX3TZe{APtkD-4KU0pKcN$6?i?B;iD7#so55WBhZCXEyodCE_r1b;)%^mVT_E;)2rX2@neYRDc-w$g(*ULPNBEJnRy8pqB zzQ9q=Y%TA(!Q<57s^dNq*c&S36Boi>Abo@_il2&7PWj}Mc3p`FlwAu{`cGwF8Gdk8 z#5h8!h&Lf*HWt0rzvsw;}ZiRkiB1=pjGOv*iYJa&)kVg3OAF*(;G9I)of-19w%0>&U(bW zb$EP~*WY29;%^CX^s{O#RC>6Y%a7OMzUuv#g@HWsRN zQLz3Vf^~(2H0hUb`7ON#y9lPI`XnLDXzvH+_yth-4S7VA;2f#J<7LzNcueV0Uevwg zJ`LR;hKJY@zRKm~kIL2Sq{0~A;6R>$3=xNv0RCHH;50{jQ;I}VOZSNN9DbT?uSxlBEUa12fG9p}N8ZFY(qjVClk+A`n%^2JBJ3fXrrgia&C02O2iRU`tN&K6UmL zAMK{%%AJ_6POL#=EPLI#-ky&+!RFROX-WI#j-0)pbM3l{1KDa|xinEs*m*^>!bc1q z?|!UrEH@$F^p9RHSss@vo&R!!htCw1Xg;YhxoMS@+7r9F+W!C8d+VUOzAalg5E3lG zgFC@pg1d%5Ah^3jaQEOET!T9Sg1fuB>%raK;oF4Y?auA)`@ZhmRj=M3x9Sv}q7G;6 zz4lyl%{k_nV|{ONdw=H-5C0a^OryR8e&vlnllDy9rg|8nWN_g0{aev%i1PMZ~HKN8)t}w!0OD%eOYf#2$LNQgdW(H475UZw)P2r<6I$`tn^) zw_bGM^uRH;_?hLgH+;9BAsn@@EA|Kr!pL%_4ovq6UKON-W}!H%Q+WeZe(u=*Wi0Z> zBiYMf{B{hW)zvDk?PP`wUSeta;x--mD}39_YnKuD9sY7J4YzwS`GUu{O5k4p*$vCv zZ^A{FqB0Jt_q@ht)2`u*B~l*ly__lH{oxA_MoC&CK^IXBrIu>Sfanv45e5EBg)1PY|$yhL=m3Sgd?JC=ABY&{_WrD^GcZyd%lpZV<8>vSLO*rn6WA0II-P17T| zscu^bDXR$YM#{onL*ZUZVUl-CNUvcGUNF z=i}+imXxyM&B!fG7l6%W#JrZ_Z}9G+(PJy>VUgKlfAb=r#t%KbwoJAPjqtTUMmeA2 zhkVHo4dfpMcqg>Zq_G^^P1{-cIwC_6%KC)gdDD$z41(!!CMz)gc4p69Cy#kPO>=0x zUM#-W55jQ>LrV!`x2?P2C9OELoPoY z^(B#BrZiI3?E%uIKs$D|sWldHtEqk8LZ_C?@ot&!WH;LSCH36Aex2a^K;$9L&os4J z@z^q)L@)(?VZldQE>j*S9R>ZOZ&l+J`BSB~ya}Z%<>lB`TTj=Q+89XJMz5vA0g3>9 z#|IO)s125RLJm7!!6=`{;SRKkKL8u5;zC@B&UmgS99jnt3+~T`X9(` zdwWh+LrwIaSn%xuMZ)DAF-KtW2i0X6RH{*IEpksq!0An4VeCVB{MuaW9yu@~@d%YN z;SX#zy3o5~l@`lg45l|KGL0h8}=~-wAl00}>a-w6i*0->c?amc85p{HnD9pa^Kx zVt6b;LD5Cpo%|I`iN*Yud7@BlOt>A2*&*O((dWp<``6AYL<%k7d6v`j_68px?jYxw z1UWY4ewvP*)7A;%RyUP>-qrB$9RV7@?Z*D%oo+2K-?w=BSlQpwFmt6odU=N88tj`j ziEuw$$$%|Z>FeINee3H2kU?G$(Ub2dE?!Fe(b9kN+xK&l_S*-`Sd*^KCw33ghcw1% zsd7jx#~BVX6jHHjpPNffKAeI~`+gpQbv@SaOV-TxyWJ&NDhC)?2s@>e$Qw0cT{6%Xq_}OLpf<=(uLJBV(Kz*1NQx83%x^S@J zyZr5))RqE2RSWWbWpI%4wuXYsbC*EeUf6r%>_P~MtRM>XN1SNMJNL^bb<<_sr(zBD zGkA%nua+Y#*4HNmM=Bw&e%(+($7OxZcud&peHgbBYwx(enz?D4W55Q_3MzM98Kas% zKSn^}JRLNygO;EMpf^=V&@sb$n{DluKU42yS=vq#pd)d=MaozHu0b-#)_r6y95lCC zd$WlnkFpLcdS|x;Lbo)zZYIFEJx5ob@z<4)yKNaLJirS*SD_^*uTqsJoTUL8wD``3 ziyu8TV`g)spC9-fe#7C<>CeNiA3d19>c-Zu)6R|=JFprJB)wo7aK?lxOFeXW03 zh3OJMA-ZIhtuuW<0xyYWPfqBV89jtNgfG~}GoGq|;uCRc9@OnT&yC)nsh$@cs~r&> z3b?H2Z6~vb2YSPKqkGO)9X36b1_<7t`@}rZJ2YN09v1uiuBnu+^2X866fw>^OMIXEJf!6pw({qWCnfl_(_ni)cCR8SZ{(tW^1@NO={pPLY9}ONv zULdwlzQxjee0fo&?c)MzAdw!Qo5bOMKY&|jvYBEf9)SG*Q40gv_dWZ;Vr@#RU%P_Y zN+vmj;Za)vV;(jFHYZbR>?{&Zd_l@sY-iV2&dh5$Ut!%dM*00pIun!qe~I z(iX)#&e`%#P(={newqX;-|h%c&FQp3;rYTHkfN!Ev6*1_z#kW4UxxF7NQ!TAaIB&& ztp*CIF{LRjkjCK%ZNJNmeZ%S%rk3E)va72sXUdaiB3vZZmp|&v2=38QcKw*q z!P2nsoVSs(bdOc*D)3(2aG?#AyrpRk-_u>KUMv&EVDwsfn5=2XDKJPn$3c4%LjWYX zzgOM?JP8alechyUr8TOvZrGOQxB7PXSOafH*^cyxD z1#Pp& z6v_D&6>xZu-hy{apKlnsL;A4{vqSZQN{p2X&S4#kW3>Skz)e?ht~5!%TbRRBRu_TD zJ#YWnh+HE*b>67=#Gs5uV+Cq^bW4^4tIo_zqHTE_k&#=Rx$N8RV0!hC#ZX0|3}GvQ z0$%7Dh*Ke|X^{0D7rjna{jrq%=8eDr6;J@?RIX*FNYYas2D((&otfCw*tu_O-kGGT z8dQ_u6mrVZ&}dAX2G)vK9=6QbPmi1LbN!-hKJVgkJe13U0TjTH7E+!nqY9YeQDqoh z`JWJx2U=P7EqqJrT57@v-MUjEFKV2GF%aSPvoCHDZkCP``g&}=P+#4b`60sc6|btK z1A*?4;!wNpjdk3~$cEsM>SO&G`+;NdHXSRa2-fYY+G+7nuI_D~S((^wEj@ET-WM5P zi5^TjsG*&hjieR*)vKzMi#7XK`$`*Uzu6Z*1n;?n0X3#_Tc>)oa&CarVtB|VgIXAw z15$l=_Lzzv`Hd_$199hCibORz5gV)MvD&J{rH50@a_B~zE?DGTT#!tVfqk@Jc|YL* z@)#6Zegvj1;%`#1ZlgM-Cn(kieI61nMhJ2YgTF7`{g4BljNt&+e0Sl;#o~OFtiiV5 zRU2$*RPTk)-U6s*3^5e0s3LG>DvU8$c_QYvm+E$T2;_kb*q=3$ z>_Dg27z!*lm9LaoNqR|3-8K$l(Jq{XceJo5Fd*U`sk+YB`?W>{Tzy-O)B?g;p=&Lw z{%IWHt1or8cbfC96`mITEH0A#nYf=5A*H7F&n08n*UMmhTSHQ68yn8|f2bYwloP#M zeG6fWUUuf38j_26;nJ%9(jO0@qa*Z--!bB%7yOT7#KX%HD!F~3Yk%dRbH|_MF$3K#_ZxsdjK61#Q+fMnmc}f!F+F0w`4c`+cW6eMll0^G(Zro+>i z>ubBq(hYn+jUTp^KeoyhIx_K+|FF-&Y=z2Xp$h3WJhviDg3jY5&j*}LidVGbxtpO$ z?jQM13DwT7R#({*a|K?7;O!2SG~Jad!Ew^10C>ebRT(?SmX0ds^0dWW3xWO%Lnl{C zrIHm6Q52lk==~U#%CF&a`R>KxA3ve+1T4>EqyGkO@ZWoA*dH*%wR7ls#XH``wZTUL ziT60Wrw^wpv+1K4bAnP`D5Z@>OgDm7A5;Q79J<9vPXUnIMm(g*DPgB0K{B%5bZIy| zl^fGKo>BW-i_S%r%JWOLlk-`P^-#6P?&Iua=`I8JN-RTMH#)eny3g-3R$%<2UcX4=@>AC0D0 z*waI=5XDv|-oy9iOc(;H{t!nm*(V2e0K{QF z?WEe+FcEspf?8j-T65W@@i=|i?J!th$mJBj#~Kz$kFgJ}B2n9EUccyCN0SkXt#YKv z_K@pUcJ7vg@u)Jot(~CaumtEVcBu5T^zdyY!LO<;dzK_EM;fv0%q9SwgSi-S4rzK2 zz9)JkB%Op1@{kW#Xz}%t_^Zpsw~vYS_Stm}501+?Fz%7x9B|w>yA}8E9BOYU;_)`mY zP`<5}EynO8pMp*6dZp={UYjIO&m{HSnuCn}$Z9B~?dcpHK{aP0K$+%rIdbE?<*>b|BU*cGv>ej>`r>>+D@7xPWqL8M37YesAkJ`yhi3|*AH7c^283^naI1V zllb=QUI8)nXj#LyW?JzXMU;K!h@R7}cxAWPltMgp=~OLR78NL;H&E}a$98_SM6U7p zv#%2&8OS`B6#))s2(ooJFFFw9d8f5={^8XjHGz9RZ0HVvWX^CrIGQCO-g1e3<@HLC7;J%O3GJf%R7=5Hf1A=Rnlj>=W=5 zTuaFpT+xuFgR*Qh4MGcB*pdGnZy8{A0apfGA}c)_v^N1z3`76aFYpID_}`>7fj37Q z#JtOG?&rO}JhU))tz|bwoAZDUo2soX;}iA2rM-xC^Dq4MMuW#Sd6An0_&j&xi-P3e zm#De;tiS?H`_m>0So$rvQu>h->#*$Sc`Awl|Zt{I@Km|r;dYf&{uX(yb z&2X|!UwS{aZ*`^RC+1VuC%QlTLGKYDqKR5^`u_X%oN#(P$!N^k?^R+S6u6hla#wsw zHb8pYygH`P>siD+r&cjULB%q`O|H!R)Vc=6r+G2@oxy3tIH7Dy>RNBhInkE#lKT&2Y{f-Bvz!_8d`_eopNsc$K9Wzca%f0(r**?Q*V>~a;hoIB8)DTEcJ5A?N;3EiUK0&0ubT7TVzuW9G9vih7DAcxWMF?5 z%>T5IfAk)|2yyyk6VB0gy{mNj($sN({B-Y{|IA{dCwi?L=(tvT&1ngg66S>f1Dv{l9AD0$If#KaZZFTaWu`Fr9-;;_a2?!ImF#V1G^@o@IcTU*<@sF8L{ny*; z1GCR811pT*7}3_!H{xH66 zz!eENIhHa1Wm>||rWN_mnARUA_mLJ@@1uPQ70>(38UwiUUg}tF{F9=G_*2W|KlkEw zdh*rkpn~Tu6+iabR}cL5)&EmF{bPDZ#QDnl>{L6F!ebs-N?i02CUtagw>pDtZ9j#aGGJ$9R(;LtUf(PR#oRs{*m{vbkTefNR z=l#OwdDGtir#9_>bHGbY5`h1Gym_~A{k&h?R{-8n$b7~)z#GrSlTP6q6DH*MuB(0pnS5luhOReQeSOiX>T7` zS7-9bLn;8$FV(4Iq#ACxyq)d|YC1iMcw;R=L(~jK2Oj+5zxNA*8l1`nO1Zw~gYY** zO$c<4&^KUed#QfsW~D$!yjRkF5DkqE1*A=UE-XS zA)s*Z>-HiL5v+fYJ>hXqanS(=IWi(_ZuOHqt+6b^0Q-F@F5cg0?1tN%&Z%66N0#XR zd$;o+FC&=OLSX5k&!GHhPrdf|Ov|F~T+_Mfm{2$?klb4OtQgUg`nAjI)A*JI!1$rN zjuz(V&*OWd|1}ZC|GSBJ>k-h!Qnp1<&1GZRgupZ2_k|T5#J0!)+>lE!RPoWWjtj*+ z>0h&tFTjh&v8C1U@_%{L{FyM?4>9KVofcsl&!w2pb z-ixEE_t{pC!tqmsaL$TBT&Ubzh8A&8rtmxs|D#{{tOU&^9*0 z@m_`ebIGRO#pO*}a(p73ki`MgO|J`HsMD-Y(N*?Yc zs`_cTF&)Lu_de(QA)9LoT(UDSX%Tm}MVf&0tYCQVrw2h4g0CNIPq&Dv7p%QT{ZFpP zIx>g2t(6Bv5{_0TRBoIfKhHFc&a6sT(-H8@HrDQIah zez`yy(Up=+sj0JLO+vKrZT7>~dA!9Nxrnsij*6S>T@REjN%yv#{2XHN4-IZ9gYTOU zJl;UYl_rkXavP*qGL}B@;kUre8){mFJ)0{26~S)<4uN=jvYz%1Gbc?z2}=#hn}6*rTUjxjILiMlHgKA-suGAr4A9% zr}d-|7b&j1I`YYp6{P-%Ax@M1N6E@J4tcIuXCEpOtfD}7lyUy8zJc`ULcv0nmqE<| zl%Yo5>0_ngP@c{ADs4lH=3aQk7r;UHjlS2z*M740?dtinP0E|;ZvrwDr=aTHZh4GZ zuAxj3R-ne1FQ~<}_<=Bvie#kkX(Qv6cy4wN{SLF*&~SU*^pU|m0;sKA z&Rp%rTU-qeWHRU>3pUeEWCv5i*xeICRJl%Z9_KT7rc}d(w1waV?wf`(15XX;_?pp7 zD)Z@4QRqTcY?C`1=S;NRW=EU+6LUP%P0hUi;d=LIe)7xBgqMrtU9EoKxcY7{56421 zoVSM4h{~OZxSj5A-mdqDe+Ldp=D$AK$Y!LUv!fyT{hYX64(4Auove}jKw)??=!xT<;S4Kdb8EjDh+|XeEKn))CKL%N$a=k~ zIi}w<3~GQRb2{59H(vK#f`wRQ1I+$P;05Wn8^`0Cg8Bb7Fbi=GxYG*;aZSSy(#mTb@O?5J~VTlNWBqwg`E027&!{HUa37fDgxOtgnIS< zOhvBhv(%h?OqdOepZuo$W=u~Nr|<-t7wWEs{W+{E)Xk?RxC8=aa>G($b^}%5HKc!< zsq7yJs0EuvMW5t^iWVlrZJ}?<=z91V?vO+^(?9CHHT$PHf_EKaNs0V^w)@o9ZbOJ?XN~(D=A%Q5 zU&3qUuqRD~x$7PMLVhhuC`cx!iTO#6_8AP3TV|I>(YaE5ilpTr?v3lD(pGD7JC1<+ z1rncUV0fjG6;`l)3PwrPn4J-&dx!!^3^xGSaUz&uT!{ok4P~Was zHI}#29Ac@xBUiMNycIksTI-s-bd&27OuZF?Dj>~!%+Q9AZX?ga$}PG+?6BQ>zj8fb zqTkBLw%mS*oH|n*d5@wD#iq(-?fPAN+3S@~G0fjgss9y6p>)v=Ht^qX+!F=81{%zA7Cped$YZtsvnR)|CU`QTibw+^nYG-%ZjqnoWE= znYt1VDtUFNQ71a)zAwNssCpEeO;{R3F8pqmrDE4F=dxgDtIRn7X7r5Nb*r7^(rRu=O|V? zhfkOsp3#pw&<;0dxSWr?c5EgmlBbymb}}KOJ1<$*xvG(9Se-X+FxT_$x=vJU@ES#$ z(OMzTdS}p2T|;rEpo-*U&3SS-wHIMqBrWKG8=TJRZ-vBq2!V*gyXdjl1&sPXrV%de zQ1z0_FFC23A1)7@Y#wi@`@CMRWL{~t@&?BCHnDigWn>R;{5%aGD8;;=mC8nXRbaws zVY9&eV@B(n8WY4zEh6DmnYqiEj#xv*$Uv4{vyO!thv-h1$DkxlLiq@9={QTLF1NZX zT_wiR(A66yz0b=6>2H4iViNHniS$z(sXZbPZgoJR2;P6}S*`$2rV!8PD22=#j2sBQ zxcLD*UOvStb!2w8dAlRgF_O2r68o4dOOXhrba2MX#TL+Sv6)oWH+zyIg&&x^%K~49 z2l>Ezy!amEa`qI3XSfT_^ZgZ{UIskJQ3+2`IMfXtES@Ls>9@*mU;`xVyvFcY^7=;Z z5_e_|cOx6{YL>rc?~;Rr;7#BONbojw}B-YRa%7~QYg}nb(~miU0iX@ zZf?P5El-jQnCU<+idRd!q$k@Go0Q9KIrf_=ZlOw7M_MTauy|ju-1Ba|;W?bDZU2i1 z?kiM1?XtiIEsXSeqv^h;uY%9329eR420uNQz(l3ohd7X(SB9mqrjthQ0yZ$2?(tgo0 z+hz73cC@pH?-$fclw+f)-J%#coQ{E$g>$^IG#Xi5p|~=ox}xNAd26zzy3m2xJr989 z=L+o3^djkS0*kp&{CAt(Nz)mN0Zh4HaN~LB)Ey!3`fBAp=Bf_;X(98s=C4oBj+Ti6 z(O78oy2D}^40=D3%aAC{V7om~O2ALonv(8Mmn0Ob)=M`tfl{u;GPuoJx8-cr`5Nml zg{m{ZHjmbNWY`^!=x{h~;zDpZM2}ayGQ=^)WNNJR$ZWR0Jj`kWYK0$JJ%I=hM4%ZV z^^(X%v2wFkD2(dZ5t|~JnEBrNoZghjGPV-CNo+`?AxHO036d6Z#yBE(zLA`f7R>6sMtTbT@1q}0w=rt3m$HJ3RPoa|P3QYc7e{f}zUhr-XV3CS8!_&SYzDLZbW?Atu)Wb1TYlK@n*T9Gc7)taHX(np zmN-Is#~#FLBmMK_%0eva)dokq(RL2RL(i&kX1{30m-E(uU(OX2%;2{}+^Or%<_HqZ zjYK;wM*E`eM!V~$?Kz3*@Y!!wEj}f;)?W-$JDqQ6#0SeX1nHM@Eee*j%0w1P$93!# zdhFs$!GG;&#FAImmSVOZ%{{@?$<}3_a~I|yloE!*3bYHnU9dc%0c(qsYL%`P4FBoN zD$1>HbNP7ffBSmoetsawic1267HM4qSq)^pXJ4&?1FO083tiGZh`#)K8mHFjlFbMD zohL)UrU!ilmmU+idhII|_=dgJO>;xgMZV1!&2N>2e(;}DNJA+E#ics#+mEJV)KQm_ zSJV>9)?tzwjs-(5&jK>OEC-it?Is?-=T*{iA#)J)Z%-_Ds*8vUZJEbcebr=CjbPr-EoQA_k6L=7z1DwP4 zjm9z<0eCdhA^66$ebYiN$-V1qo4xCNUO`Q_m)9pzaf?g8z*r5Cld z5>B^@-pR`yJsfH9<#~~q3#&VSV%`TsZ4ZR*~AXHU;l(26Sm-YJ{lPJni_(t^nQbvh~RJVRM ztWZ!|pMCO(wWayAjIKD6Paf(=K_G!Gp$zz7F~7L^i}gduFDS%jY!3YnHp;wOMRNwy zvR_IRNIC_#b&klEi~bc%p>aW4H|Rx=dJHv_+7fdVlZOjA2U69;1mtQf-LmB7;3fmH zuafSd``NQE!JJ|H#Z1~=yguBo{K~OvI@ck;JzS6DxJ+)Oy)>BC5ro4FMCuCU?PyOf z5{zMe*nrR|m?`Xxi=PzQ+tq}%S4TeG5U7D~O@1*{n;qv|A_AL>({$(mFzcX%I@Z;w zE~&ZU(ommo!AsAw3$rzSh2YH5FyxVhe9qoq{P1Q1gi>9AsN*_!%;D{5F1$OBLhO0} znAYq(GO9MU-gpICRX`C5PC?Pu_%YIZ*9;a zS?wlbFwfp&WJk$mm~JB;*tHp>L4x9K(d?w#lILZ;O-QvYohz05Va-nL1NqeEi*dx^ zLtZBp?58~cKkb1Q!MtB!@P@q%;PJ+mPTo?5zUHc;%?wMsb9?+owlb8>>>=Qre!aDG zJQkChwwh-IG2&?yYPOgGrZE*ga+Emiw9LvFRG++P4Y99LDdCGHi7g($IP-95r5H_O zvpFh(>e%CE%#Ijmq;S?eJ@T=q0gB*xLXeT3nv2ZPVM)YgZ9n*-3_uT;of5 ziW$-rDi;g*)sUpR?ai2d-A=fD6`2kgJsec!1}7Zb17qaVU|cpqD?4m`8{}=u-4F;9czjHcTNjKKloa@#dEw^}yFQuD;&C_%yVzThe7v((et;!r6@^BApUVI0RFr1SU?Wu6F6)}G`YCB&x>>t! z{0mHd|D4bqJz<$dOIiqA&KEn9l=6jkimX6FJzhH@Dg7dip&p6i#?wdar2wkWeHCQ5~`p;#KnB}y8CmLNa^1xnRGT( z>207v^x z>2C4sl(}#_*-kmn_aLJidT^FYX6XQ^e) zzUrQD*qomKX*^=rqLt1~j15Hm2;9L&5z)qPXI2q7!sNS{20vjy#4j)*uqFg^;X|bj z4ZPpQ)Xm#&T1)p|zWb=g%(BU!UQWfI*Jf;U7{+t&jn(>aN6tBwJo?b_ z&;}be3|SaCoz76+om%t4-D_}`4HmU}oyHWgj$8N$a{qEhmO1}6eU6=4xocV397Soz zpP?8Ar;eI8IkTQy+3QyVlRwf{&WB2CR%D8lF$!{jJO1|Dmj&Xd`kcGx&Se`vTwCko z>du`QXAhK9UM6x`qYO`x8MH!b1k2S8VxUd=u;z6lY@X7U+CMNSy=TZzN04=0uuiCr zT79v~S7n4nGt-a~?M)^VejwM##g9L1QNEb0b27x1WeBx>gN`>rM)_IEJv?kN`~!8Q zryEuLycCjSS;)3)b3KQ{h|%bj^gT}V^%N0uFevBnr%@H4?L(QkEK{=RbX#lHl-mR zSq>+J``jQ-77A(?MUuZkf9|kq>YPS!TC9z;1#S_tILA`o<5$Lcdt3R#k*UE%@74ax zAZ6{12}pD4uAh~MpAoK>Zi8-IXIyw(ju&3vhBkSBgh(ef*f4XolNI4@ddX&zu=%n8J=T2D+e+c4 z7l3gt3qh#_@34BsponIR;=~E~Zvx0=8)Ju(#R$L(!)ayF=d?In#U?82DdLjRWM`_1 z77^;{np=f~d6x-i;7}bFTOrHsPxpjwehFJc0Mc2k2}}1a3P1vO`BA;eGBN}f5sa#D zGaegvE08H^k?A0Gk!*J}9uWus^wrSz%{dm6#Szpj30#1!euc4{7*Ca=-vHoB;&6cB+NCaSZ+fVGSHwEiGU;$pQ&(aBnV0vAS z%7@c*>@h%PmoK=GbzKw@mw&yuQ1V9@PgA4xG~~yK>T0^1l~U_1r;2Ap7;iZWOWoUL z$jVijy4aC+Bb2Pbz1A&Vw!_XtIjIpq|A%!k6=7urg{F-5*oQPHW_y?naiAXGLFs+MXzV& zQlN&$rJ0KyOt`lEC%N%>Zn?>&x-9A2-kn_*Glcec-LR4vkZ{4M7XYo#NrznX&4-IS2r{}w^m1M2IKoJ;8A zHcvQ5V(6)YRoBIQHtvCo^IbPjLsfQXRmxAKrOuwn?c$WRsKv;*sin;!T=_(VFT%mw zVGiEhCoYhLp1uB7zj06LSqex*dhFxfREs5MFFN#tK`i{>zJxei7*EL|0@C1BrJ}{i z;}ydJTZk9kwS2@bM;(f`Ht-a1Ad0*<)9WLg1wk-UjW(CRCb>IDFo${l$!v$j9bUWJ zSGkJF?+a8zctE^49Sz~@ppvA%sfQX89Q41*E9B{zPf~MG85x+f6+e7=lf%jKli6n3 zi&Xb(R9gepVZA79dEFZ%a2@O8Oo}QEgI`qrq;ziA!ssM zlCy9y1Oo!A+K*HZI(5C*Gf2 zq$GqrC@XbGzV1FcwtNQ{`Ghe$kix^_1C8Sgw7D1`N6l84ibhjLE6iL)B8CANmIoyG zGib+KEd1LW;h_BXMpX3(%~h#ZstoQ2cV*d+HjL-7Dhzz<;b#uc$?N*b|wPYdI!A+39ew_cMy=Cmwm4 zeTql9?)Im6JkM_uNwZ&mjQ`9uMjvvYJ)2=NKEsoDg@RZMg7k)%FdmOyhehcYYx6ye z)Vd$4Fq!(vpY?-*Lgb==$*!Lcqcb4*9FwV{k&bud&ia%D;F9(3embIv?vt5grj|q6 zZiN&C--KRu%V-Zk?%|B}K?{2QRz=YhN>Ki`5~%{g)Ekv%ZK*`N2qA^(vF3Y!D36H( zZ8n+Ioy3Jc0BFC31oo|F-sY)RNIBPc%eG*o>Aom{yxO$A*T&b1fKk~SpoX&lv2Nn^ zLAuOTa<^_`ZJ^ADjMB#!0)q|_?vg}2pdBBSSP-^*0{-H|%d+-$u z-(KH!-#$f=B3CcBD3=OrSAj0AE|ondl4_uhkS-jjhvEl!@K7W_P{8=Ok6%?+wpj%F zboc^)+Ee!D9{ln$VE}7dOgjOFp+-EB6{3XmtCkPR_*%);CvmT#PZ*A5CiygPejTNz z77VNrm0v7T+mcIOh`5(Qd#*oN!yBH=2H70ly`;p+VWV8R+xMd-o@t!xM=nh$N0-5XaN9KF&T4F}^N@ItrO3kQ8vh|g-Dix> zzilx9xpP8Mxbrn}q*Qot3AtOaMFiEH&Lni*CU`5Ae;HWEYT(f*n1_#qqNx8G35erlM$>t%l+U_G%brYALTV)_58WmnAQm#vq9m;LJ-#T<f=EzK>n2GO? zgcux+8dCyO@2;+~oG83?H#?kXWF6YR=nt3@f}@ikA{K5~o8Mdt*C%AvnpT{49s`v@ zSx&L9t>jC&&i%dCs8YB(u9sme5e2xz_A>6t*+(sCfVrkA#9@?Og*GdS9bkVF1ii?r>-Fm4sSR&IOK@ADfcw~6PALa@K1}Jm;#09Y5sM}g) zh0wer&hNk#S&RhR)l)m2+t2x$h5cyzA*3Px6sJl*==`NZTQX5D@(M`c~cBMuUokJ$nS`_R$Gg;t1!h zvZ<8OQLd@|cKqwn4g|u9uQ743NvGK%-`pT0G>`E96EyKuHjRaXs5n}lI7MTsZVip` z^Epu2Py+YK*sUDthkL2(UIvt`a+Kjz(A=eXmd{J}V|UJ%PM-|bgK{R4oePa*We*d5M@ z4E%VcXk)Y1&!ErneO;}sag=!G_0{sqxQTm#{PPc4{zOfVMDW(vP}rIuHCWw!Cx(22 zVx*cL1lB6Z1HZ(}KQ#E(+8$EUVzK0joV(@ziZDD13uiJo0C!x-a2BDs*0Y4U9=z?% z5DCpB+_P>IYhXKkFIbc;%Th3hWj&#~KVif!k+aSLHXvzLgvky%v zFP0&!-66=8LM=Pu&Favd;~2SRy7y!S%$7P90vZA!U?UKhCOeuhPlEzzgZNi|z0oM! zt_pAJ+dWud{}NyHsh6&E@nGTBaAL>S=Jo;ylc|`+2iAZHLdi!cb;JHVYZEvIK3f9A zfH=O@uPOU;7%oe}8^U7k4&xnASxT^{LXZ+8iB#^Fv@@!+u4>VD1hxm z(30|0E+*83!Q+JqqVa|-+_UHF>op?Q63$w+UMnqQvfO_~xl=S*Lng37 zc7iFGlAgq@VuTOnNtQe3{Q=D|5aC@WD(QF6kIHp%DIX^zS>$NJbRT> zjrz4|gz(quxJ(#v8?-rW?RKWrxf54SR15tcr|q!%-YKorFw-*J+% z<_SdGUMi&~;S~-_=rW6{;%62j>B#gB7!H3+pD=zbr&T=Mo|mz!64bR_zPSKAS`bF%VZY z$WTb*1^KHi)`gwBx%0Rb34ImD^udfb(~YtwB6JN1hY%2znizd z;r@W#prIzsPQd(wygrD`)X3K5j1iKWZBetXA48aEKherpFi~j4k z5bHktyy-=d-7+ObcxhOq1#OXU`dxTzJsCy^DmueiP}jz~g1J+i=XeSj+hP(?*CuXH z*zT3-KTJ@pRE4CP`k%3X=I~7|XEQzR{ve{ZIu`kd_s4UE+4>R0a8R&)2x-{Wtp_9xCB|G^PfrKy-)NT3(`p zC>I7{mrb(VIDV1!LtD?TR}fu#rG{=63I=xKl9yFa|zgn~3#SC7i`@%dl-jQDF9?N1cVQmgX1Dy9U_T>{^jog&j`5mq6 zgfk76Q2Aj#%6Kx@7&Usz{t%Q=)L8g6Ya7dna#TnYbl1UTF>DdvhKT#A`r8|vGRXPF|kF=KujbY5;NonS~^L!XP(-C=QofE#S+Y)?PQC!X% z7S388!>Pd}{ed>#iT<$yf9l8UP&}L*9O6VfcrQqgf}RY~W4PHb^2`dHJ92&Qj$t!_ z_MorfcjDlM6o-2%Q0ht@Zu+*1G;VICI8+p2v3VvF+QwJ;BxK2Bc_nE!bh#GwR9w9%lq0S~d{f zZvNZ5AJ04zY(IY+LsLCncz<1p7j&!Mf8nS3FbzA)oO2LyQRJjrW}PF^+2Lv)HrVZP zO7A&p`AWX4&C!|2FG$otN+qyUG<7Z0?6F2f=&9?2@Wb5j55z8GUL9|{NhWS1RXt7f10;0Oj1BW+VR z;8*t-_>Io>Y5WC#=VU`a4CVoW*C!@tJ-aC90`MS#fkq&GH>$C<)Y}k!=D~MiS^g?O zfzotQ#c9OHM0gmXTa=@yO&5eB&qIiUlvgXMn$SI3 zGo~Ha_amTNzUa6fyDz%@q|qlLFF<+vEYn?k26VnTp#?dw9{327mJF5VR}pQzp%0dZ zJv^1T4E52^znnfAUNzlKAGH$;V7nhk_IdUDOP-7B*g4Xkp_|$o^2gXvBZK+++$g2- zlP}vF?$gRGhk1n+X@nw46BRG87zV820@1mu<+bYIdfZY(vmly&y%WnBk8~JyEb-`7 zu>gH{(?6}~^QpYwkyL8OvV-MA#&6udM7*9=(?*;k$nPUjiSbBcJ z>E2NP`a!QgF=d`!U`wd0wI84HNO5te{$AWo4;8i^Sn2VQz6hM`yil& z_F`}8BKf)L*uMER8kB0=kS5X_iXv9>y%Ju9m%zg zpO{NhN-+WwQXLrQ`FHC4QU3g zR7EF=5M0Uu7!xs@_IJ5AKn4T-PX>cNgQ5$MLl+aQlN?$?wB4hEe1TE6E-Wsfc4u+F z8l6Z9s9-M#UWCd7u>$gYT!zWA3HA(bakGq|ECMFd#5-klGGW~`@2riJv%%#;5^I^V zCTD8(Iho+d@Aj{qFxC8KO`tZ0TNXAS9`+D4>-FQHOigYoFhm@b(b(=>u2RE)nj3}6 z_=!t~N`PMyj;AiR&26!4HE_|+-!RHYQ>z+o6(6bW!L@Et-+4__bfw+gFZemw?c}be z-3Y`Zl}X5IO%HNd@4~mrvH7SO8>49XK7MBe)W3koD(i>svF{awx)Pu9!qDGCnU9i81<`j%7L>X?J91n@=tkD@`fVCFl*Z(xH8XAQK8lh%J^^BSM$-`;a}-uLL>2T(;Nb&m3=Vvg z645U}PJDphX6i&hT(k3jVPON}jt|k6z3qwRgOV#Dd$C!;wV@Q4O%lk+{b}t_bg1PNKwGpgX8g?mGFyqi0St3X_klcm!C0 zF(XSAPO;nmG)^BA9trucW$$VMwWXwlm_4Xm+*#w=T&mkwpvd%2O@w%qW#zOppYlZi zJJHV3)tg6!$}|Ma5Gq})ilj^G?MR;KQNUGO?^oF6Xh9`Sdfn57yQT=$#qtfxoW@{yT_SoYm9^b+FCrWT zPx~ul5O|l(Vyh1=UcFg1s(tn?&+Q_cRn{ZaYGRI%jyr`fj?kp+WXdd7OQ#97ZIsAl zt*6+>&U#s@)^?6x}otE5@mfY8EesnwG+DghKFsi1f|7VS&E zG7;TVd?sf@Z{9m5F%MmhKT$AcN8iT}15KN-e_3v2{9b0HJ(h#Q^W)W#6Xk2T!~y|Y ze~#_=T#ORAE&XvydX_Ha&-Y@nDPOk6it0+9$a8nXSLrQF8y}O<)reU@lPIqm0P8m-Qm{ z<1@bxSB-g>m*n*Xz=;taS8gZ2jE3g=yMM&X0PYj|aTUHJd_MRoxo{|deb!|-Uv2a47*7F-%1EwK63OPI`K?ET?GmAy!>JY@{4vO*cUx$ZI% zk7$n1eUR4Tf7Q~iyJuJx89K-g0O}$CO%sg(3gb7+*RwrQEP)5kBt~yOsrVlamnBCC z9Xa4TNRrKdxWw~%x7H(eznB?9?qG+N2U$4qLp0NG<%{6PU4we34Cx9A_!LCUNnbpJ zMLE7K<^ACb5M={(7|9h%Y}Xctx!<=kkT1)e-twl}F$HM%4lP6tc*Iu|zM#GoU<$Z= zC$-{i6_JSB@bvD82^-+qJeDt0YOHvyv%)RA&dx;{=;}{WEm$-@TIZdfUGwIB$+LT0 zW!v1=8D{>mD;Fz0u9#Rp53z=rdx%XHjXAH@cC%l6*hUpE-nN{Ee!*JqYN}TNl5Iv+ zsWohvs~D|OPhK3<<^GK2N>>nqq1WjS;%LS zf@jVPxltUn_IWX(ZjX=cBJM%D^oPsS^fRb^Uw+OyE9|Lc1XhvNMUEwWtzDX1BG@$G z{z%s-YwzV@n^W^!ms-sQwg;Vw|4y?y<9k`puux4 zTd$<9v@z6q=&o97W0<1N29axXOT3{{$g@BeS2yu8z@Otb^f!Wx}+5z%qKvJ-t)5G|3qu*N7E6@@D{xmFfe2GQh)io=P=62WYO058QhH zkY5Y`1ZG~p12g;2u+^-9DoZ^{gO<~XO&|ta>CqDN@ehrX4+iso7U?&%wOTVxd_V1& z6+&74eG3StvIo9M2tE=3Vyy(;`D00XPN1p*WM*JjLrIOuDnbJ{wS46lmMcL14#F1O zPt+2I@8Hhoc1l+HZgLDxies@qjNN_^7@1ReC{L-56$XO8rK;_`OCmDS+)WCA7d{#g zbB)M~uBH`sZFiaP)WX>aSDFt%^pCe&9<5$$MM@{t2dk8c3#hJOdU4QDgOehBYA@}R zVz$2~FBVQ6|0GIb6Ht}ilvNLt6-^=hX1AZj;>Pzu{L*C9>f#{?-T1Efv2O$N1iF6! zqj5Ve+f+x;1j&z%Uvi>CB@BEj>5@M4fT z-duWBBoe}{Jzj_39`LiediV#&6bnX1xrMKil`p7RC{@VyOdTsjwXVU;D6OpJ)ko*l zSLn1H=`<_+WlOPOr6O9_!puLtT#AabY!r=02nKk?2^G_>7LpScpSVfl?wqvI`TYd_ zaAs*3ol?FXvfQF%dx#BtvHNF$w7Z!}R62uIXNm|c-qvrfvAk6F+0#`e+akm!CYGSLJh6k84H%k`6`HPaJt&sFLx;Hyu{iWV+(yfER(Z zs=}v-Z~GTN-P#JW?}-#yb5E&8vW94T#CQgAU3`r~=6KXFF4pF0VOH+9$-OZz|KHNdY2)T#o&U(ZgR=(w{{e zdyEmeuA;6|e}9Kj{x!Q5h+sA_<={SzRUJXpq3RB7p6q-TH;rotw+N4rX&f73$;B(e zndQG4EB|*hf>Y>Cc!TyF&H7}YheG??*UsdR<9-m^S;p^wX#tpDl?gqqC!ya3*d;&q z;dIhvi@jL9@+r~G$wk|2Wa>ay458fvqzLYaEcjegykfz!gLL> zS(*~^;`_eyv|B@n>3-9>%E6d#t1^`qK%`ioJXp0`A0m#ozyjm*Tb#a2;5ScsnflcJ zewKV>g5_MjWJ{tL$u@eYn8^=sC%7c7HYyHfZZH917v9;82hFe`b(Rm$r=~ zpdk@K(EMrB!WjD<;`p@OG@16dBJbi5B@Q!`HATt7ROt7z28muoao%=6jt{{Jyxj2x zA-o5^z2MNY-__I2{TbUXY}(PCabi0bEF1Me@(EinPLm|1PGvI+otx9q266O5T_vo0 zPu|K%M>2(GMP4Um3(WII*^iZI_%B?^^X3*{lRkPcnI#wP&8p5Uy*`}7@S6CMwrYHK zo!3q1LV6RrETGZ>)N@flTua<$xzDzRW%~j>?_K};#Z`a<mol}p%gBkjbFaA!?MJ-7OCPs!a+ooD&B{ z=$zH)Qh<&*g8;^s=!NG-*o;Y5uvJX5by%ncP{rf+7d*Y9_s*4joXP#f7_;II(xq_TOUs@7b}V?)!boj} zN2~^Bh0<4fT6cde`EYdPPii2i3SogXi@f)I-K6gj+z;sPt{wj_29V`7Vlz`W@Jev2 zB|R{jU!ykmKWAv4xP3-W|Beh}z{s{eL$6$++x$Q{HexYMgyT*JaJ;d{3g>C(1yE`d z+oNKYleYR}vAMc+9!VJ3(bhYET%*Nb)T0~nO+`?zv-G3EBNby8E#+x1iJoq$)egrBY8(I>!s37^ z+PHc}15^`p59*F_Rt*^r9mJxo_cLgindn?G7yFHlvojlFaMDD;_ zKL(bYZtp_7LX97$q&^{bd{{OA#QnDTyITcZg=|@mUSB})evO&l-%eECk@L{OAwS#c zPw^{wrvw|^&;O}lpZonpZEYkJ$-TU~^Q13Yb7}1C2Y33E!V~>`A+2@)2w|gBcWiLe zd+ix3oNcWNxvHEX_P4&EE1-XTfo9QK?LIJMx;dMODcGUw#eOEb{$5hT(+j`jol56g z>3M(}3yJ44%6!}PS+OVX@y{4wz+L-p$xkS9U)1CC#+dnoVOWVuq=(r#U2lSL z>PI|Eh9#+x`!B!QPU4+fJ6Kuy<*xNi+S(ni*-X{#(tMGhz0&*YY1n3c39WDu!Mh8- zsnEHl@XWLPsnDVR4n@julp$IV5N)! zpwe8iJk{a>N)c9UvnUfJOSD7&v-A1MCarE3KkKc2%z4#ZNVVl`OqUmdNLm`ZVw|Xz zz$3l-q-;nc%VrXn>nG8y{VP=eT${+4C&(aP2_%!;v)XGV7{Pf{W?MrP=aakc3dQ#6 zU)frU>S_;Nrc_@_@C4CUv3)q&v2E$P?gpwyp}>RBW#1OznDdabn#by>FU_=h@Lk1) zmYsEcy2Nc0D{s9nJygNal+z4Gznf9d+j2L&C#S00&+Ib(%#wxH-#N9XKr>%7DKnS}(`YC$s-LkZmG z-u?3Sgr;~D_ylt3=XlhYp%K%W){Fe4_!IGEP5(>9_eUK#LUaZ?%kq@1gxJrX-+t_8 zni7DgvyBd?i-f|Gd@yw}R z$N(_WLWd#b)3l(5mr`?oGDyRUMSnU(T^V5IU=qBSbKVXTP*egs33@6=C#Qlv)VAt; zqBKN$0w+3~Zd?-^o?Y7HkiTn;Z?Z)b0W{@jlD|Y#3^o)zz3sjf=)-Ko*r_+@$Z?uT zassBa+Br~`T$|P_GCKV^Cd|DZtM}wSoq^D~jSdt_O+Y={D7{2kRXufPy1^+I&dwkV zJ&bdKD*Zs&>J&X!DzhLjGDn+h^pM~Z#7iSewD4bcL%u-m)<;stuexJ_fuFy?z6efN znMUGen>}&HVCW8?Du&MK0nqUpVT@Y-4$2u7OS(GbXAOg#La-z~BJe!qi}Fls^ZqYd6@^llH` zgjxsF)lvk|bN8<6Gx3m*xHg>e(enU&hqEZe?FhlDqN8eBk4KGs9$NYJhv}X|0Cmfu zhP<<*M!NsXn{S_k_6wn!-DC=yper0HGoGd0@IR3ChPa?DO~geHODpO|nudn#mn-9o zxb5DQS3=VzE^~{p+LX)hok1Et2lK1RBF{q^PjjTIvD2elrgx8+eVEgeXaeV5_vIv& zUi*T0!S$I#vq*^lm~5wd`vU|(7TTagBa}6iq;Vqt9`Qs#G7w*`f05hbvqv^&x)Y-~ z8E@|||E5)0TzyNRb=U3^we|gG_#B=!s;PXuARHA^mom|EWJ;6IexSnCi9EEIGea0X z;R;faiOSaSoP58pnBW_6S!sW{PnS>&C(L?57XM^{9LoxWrm~g`$*q%g+)!&GjN3oQoN6#~xDxuz{6we?YtZjlmzh~*_KJVLP7#Tv&Nn>vQn z)%w!3nzmWQ$6s~#EPwd!QQgi^EOrPBFoFc&6f^HVOlh}d#) z!rb-N12LU{V_}6K&rcxv^8ty}DO4NvWuhCl>sLHyK@@lR>-m@Xf;0u69z8NV!5PFG zJJ6Om)|3~R`k@&p)ilX>?9j)X@U`ynj;($$uALOANZe+guF0&H2-0MVLOwwIQb~pJ>?`$$Xiu~bTn>#Ih|wPnc;fSM)zyZje;ndeP6WS0LOnQ@}@5u6UR`2Ubr z7~DPbh^7jrU?Qp1I?p-1_UMF_2z@*8JdZwJ61LM44Qi46B*u{{oTF6fQS}@*_o42W z8MJ_Jhq%6lUq5k2ZvPtF-g=BUPC*mwZ zVwBx~8j`bSCg?Xm z{IQM=)Zw{Sa{(@pQ5NEGU@J$;1NR+ma{2PhQ_lD24=MOJKw9~>IaMQd{bJ--Uo0P) z4b^z5CqBXefpR1-{L%H*NVlnolb$tXOmYLRYt2 zi0$9#I`bP{JO7}o_-U@v=3SIL>XqOM(O+@oj}dqc9!lRbt^eQ9e6`a2n$MA5AsBy`H;N^dVesF)>l{pe-H-} zo~XUVzp^P4d<(tt$;gGY9v5f&3rLOc2NX6yhB94)mX`;MGw2Hpid+-#l(IQGWzAH93Nw~d+wwm z0d4*BGd?531KP;oth-{nglS5n-f1{_d z^UU`+T=;0!SzeE>27Miu33%&(onBs+ZKOO9#t>QXV*Tr)>tn_!;(o%!k0U=GaLhKO zu4oe}0<8MIY$%s6Z@7318wL*A;Ib~ZVnsj|I0N7DMgfJ#j@KYmaYg2Ip{p)WR6*s& zN8QTz7nXceFs)eJxvf}OsrAr%>~T!b>vMx#Rr%c#&|U+O_$wQh23`@&2`UP| zQtW}@hv(W$k-q$vNTf);@;fK~v6e>p{wTuMoT_cEq$MoOv zo|1(n%5jAFqt?pWEpZ3h)A7j)iRXEyAR>mueiJTQv6o|&KoDz`*p`wDG_^@*=z8ic> zYH1#<#r}M%dA=Zl4UPdNiUB3C2=|BTB^2(1H8DS~AeMv4 zklhNTv2vCxTeo_4Tn}{f(&!xNub+j{qK1yoG(tY+XUKR=X9ROO_P%;I5M!D2Z6QDR zV*eY$dY+%0V@GW{G^g^l|wwXnN=`h*GrDEqBQFd-4HlMOPvbJ zvo7+5J;11sFD-tTSFlbwjJHjsLOB{GdP>bLS#LpDzncdR#wo2UngTyo2Q_ z>Kc`cnDoXy2WFg<7puK)?RYd&?5^P)Pv@#mA#9e*M?ZcHm0}I^kgS)xh^ zeS*@~a+ezI&(_sU@k@)&UJ*Y`KEqNmwMBIbwn*`|t=ek-dySKg@Wt0xB?mCFMi1o2 zi5}j{=jb>2IeibM;Khy*x{*4QEPR9IdGo?o;FC_PsH1}(KX`i93N7Gnn z!obSB@2BM6PuWKp?d8b8QB(^x4dj?r+ez7VGH()&z=*jbJG7T!Ak@3KOcwP9_$FeR z@E%5mv!IUP^&f5boo7txwYkP zT2lv5OaP+-7(6;GvhFKlB^yV>?h{;033+^%;NlZaQ8T6QgM2y#dz(dTfSp>j#TcQ( z;2C#75(GoVE=0iL<>Q}U;_ZUEt zxR6pN8=b2y3WY>?PR*&5hW?r%psV&vO3Zv_dWmgEULOiBn%hiqFd zdV9l$uTw?HUZMs*F)jC;!+!CyE~;r0SsN6n5#%o-0^MwU`4-dSGcn z9QGZyyzDT#4Hzotmu&&92vB zWD=UvFN3Kt!9vcwN2{h-V9)64rAb}nJJjs{JuonY*!{qvFda|hseS-~3#B2NkU0iZ zn6As)lfthM1wunX$^FqyKTh+>6iSzS>rC}@@Uhm|A@h)wu2GgVAbjuH%f|)}gjR3H zF}aHgQns_~;)k)KN|8rC|AMnPAAt>Gh+)M|ZS~_T`!2{qdK1j|jV5g8<8jH4`a4p( z*Lz(1O~f`R4(=0~_xI@APPc!nwXPiBH|}#B&E}2E(6j2ivw_jwKs9yX0C`T;*E7n+ z{o~U1=<6X~dI@?Q*AUjOJ|J9CK_n^mQb57U(92VuSAXR8ZR{1R*@3XNMR1#RH;v`! ziCC>-tDC3}Cb+apoxJqNj(c-mirN-a$&9mcHIvwMs4v+Kv($B;3gc|zU)x&$eA1yq zH2Q+H{Aj-9<1^Mgv9@&~F0c$FPPjgz1XRy@)CdGh4TXC*MRZoYH2kL|1YVuN2@I!$ zB`cgaP}m^oi}VUFSw0wl;Yb{b(R-j;f9^(yv2+nroMFFYJTQC#QmeT1W%|?>KRiSl zVy3k9_E-3u-i zO!eYI>ToN5`$QAr-*}l`^TQj^rva66wg9*}26IS%^s4$tBQfdyymU!yr43b<_3r3` z3fEna1VP6yy0BzSaCn|`(9;U@>iOFm>qFVuc`6-~(Hf-qx={~x2U{@wf08^>4p7dP zVgL5F&S5)inN2-!>+s|g`aQaj$X#{y2Y0<0Zlq&l!ji2LerHLDssSO60&*zNPi=QeBNL2uuy{b)J zzxjBvik}=$Q4Jx(C%G^(bzcI_`nUW?>w*&jl`u3C#gNvg?=@xNt<&EN@V9^V>Obp< zMb>iLZx2BLIxnJI2?+hkM|0sIRai>u59w$tKsj=xOwHAK5~dGoiKRA@PeeWg6ntnF z>ddmPugMh8etECn;2Y#rL36-)XqKG2iA}gdA#OINpkzN5rsKU9H0(l$ZCGU)Dx<4OH@cq)*1^ z!^HDj08j$2Fv(7hl(0!EVm$QIElY%NTD=G#p@=89eq%qLVA;KHpN9?ECgN(*(+a_@ z6h4mA5lTwA7R62@1?o~-b1H`he(4D-RQ{TceBRzK-OgBQf&$G43(awwHC*wg!Z1}hkZP}6EZF~@Oz(E6F9^`QJ3p|acSAS` z)fMQ^_IEyX69YF;6>NwkyN41VAozF>INK!4r+$7F`W|N=Pj6QkBzTv&Txd1-GONz2 zlJ2fx;&jA3(V!QQSJ~JzraH(3y+a)XxaZs^o5a(8L9ogo1_HzO5&G;8rZ>nIUBEM~ zMrEvB^dJz4$*e|s+NOu&`edtDi03yi!g2d9iLF`*?;BKmwB%CI9jxvp>8PS4s4**Nslo3d}{=ggqy%(Ew({9yLxkxdv%p zA6^W$0u^a|*Mn1+DB@#DsuZ`oWfVXEE)Wm)R6%oNakHM1!DqTuxRe5>>-tbuv%Jj> zS1!aCNJ4s{71thK?h$DnA05Qr6Lfxn1)ki!Ue%4hP#p&J$*#J3ldA*n;8MdyGGb7@ zeE@w9v&Sju4a@vgME5gN6Dq6FFhaF^6L_$xgx+0H%>b9_Kj*MHH=duaI~}9?P1$*K z3TMG{T)jvzZt$wO&T(7Js5|PAw4b1v@`h!;yV~#Af5T=FE0zA;uS)i-UzOc$u}zd4 z-k%qvtXaZf(r2N1a-kh1sDURu#eTWaEU_^S#dv>jr!UHWYaoF&ilcyinQ10RK8`OM znDJ{s3Zi|sGsB;2Utm0>;;ozR@YQ(x&iR{}=g>t=x30CJyb#1%sc*-XhXzUTL~RStoEBD*z&5;=OTjWyM3x5L)VqjpgC&1~I1s%dp-)6-fMB#@GXECve9KjL5E*YP-A^Su6B=p+;eJ&ww=XJhO$nc z$sneiB=#Jd+GSubfLT6Vy$WH6aM+83`fxF7v)Q>=41y25PGmjfXfz zf^VT%!b9T0mwHLX`qj^sbKc6Sg_ZaBcJ3&SlXq@I0!wtcF_Fr&l@HU2zFA{!b%=Nv z@;3Ahvh@x5j*`B;SO0E}sr><=Z!4Zk*i@yD(}Hk?2T1}9N%3gHhFD2eS!nt;Udkg# z_O=j`>`VVS%ePt$d@Zj;Q5u)31Z$a;`z2+IXYl8`aXI~6hqo3B!FA~C*Svc;RDpNI zg3-R#yX~M|VHD?E?TFZJjv;bua~|k87gWQ9^rq3Tjpb<)6NH$k|@=daK^hZA8qF$rI z2GG2ssM`mcP8K6R4u1(U4wa&$lv~thWX2(vq7~7uVZ^f z>p74VyFx2=apm9UN4ZYyLiQaBH{2cWr7)}*2wADf_04k1W}i zDln6NMnaE=ujerUDA+AguBQas0FiTW#r=sJsz8_*xjO|JCltlsnCel(dU% z;Ud|;nWAJ|!=8gmv?yDQ$B>l^+(G8^cP>PLh>j1o;}Tz~ZKF^2r6l?t+lJ3gp}1<& zird?&u5&$s`FPT)J1Ji>p5U|Ny!y~Vc(vhNdW=*S;c0daU^|ec!ncywa~!l3+FbmI z+d}u^f<@X$;5d>f!Kk_xkcLX}sP=kIag=Z;LbJS#CGYK6jq&GMo<^|qEC0G(F$dgz z^uI|s275}NT>GJD zTHB~JzbB%@_ld6C<9M=;4je*J`bA2RBL$Y0Ye<*ODUJfo!Kaig`~me#zpiC=J=qb) zB4Xsul8JcfHU()Yf5MO1L`B){f3Se&nJ_<^1E@wt2=3w=tK2jX9gwoiD$sXDG8j2p zGK&3XjCoR`QHw(9FxvXpKk_*XIYe)^bzuE28!T$ zk~siXP1$@L+A$&g-X+WrA295HevRF}9mJM?wf1ZVKV0P#>eQA`PRV*|LD+ixCX~gC z2DzCt=&Bv7ski=_<|T|EC77@cV>fJO+fw) z01-Lba7>0&gNKiI+>Cgs>%)CdV^LlSNe2@QzX>d;5^7(nL|j=f_i?ePVo(auXDQt0 z7u)ScGL>NXehBu$Nw*lm_@Zn7BZE6x2OBOiit_a9aE6K1+Gm;;n9Bu+csLP$2{Yn@ z&DpGbI?-M`nJn|%k!QW_?vkFp7^0_mw%ryA`QnF0mTsTMk+vsyTZ=$U!PyFwCikTe6aOL{;d zltCXv6!AIW>_Va!lkw{-QvcVF>Mqt8{7BRJ4v7|PPE2nnAD|AAT0K5-us}PS+j)~f zL>t#~g$SGok`B73-9t&hEQjVAX1kM;#j)X;L$~#c#)I2Wo6L1Wo@de18d|;`}MYdf${`@8dm0*%q|RcoADN0F)~VS-aiTKG!;KzSgzfNRIXy!tgQ;$Of0=Tp;-Eb_z>!Tl0|C2~KtcFENP;I^t2 z>I4B;_nPYRQqlXqH>2q_yeG!44z}Zy55>akE3s&ytN>Qfsb-2<|#IShD+!zh!(rx`?{GQ&%bqc z+1h{MLrq;Bk$0VWI2tydS2#4EcUGg0mrJl*kW0|@;`rcFP+ueVNU;3OG4#AP37cqn!PWs8JZG{67L~q1T!*xoC<%9 z7sa$pf+B~PW{-9h|K$0?QkW=aPKtxW>DEDi%XJ76YH&Phj2XnyC_`oxrQ|Y{{1o`r z&6RrH<|u9N3iI!8JQuN@Fh0v`of$^DH6=!&^6h=pX!YT6OVZW8bcA70vWpmfGwZ(j z)dCb{*Zop{Vtp$IJB)}onJ1WQCAaeR7CG{+etxO#irtoOoI_8!h3N` zz9GgsPECTh*6^KHCRbaHVs(idudgmRo6(m1=Q-+M#}!qObc?4E19zwW#RBK%?%uuf z;+~`p8OD6!Cd1SA=fZDH{C}P6UyX_?yYS^iAJ?%SIU`nUbdrGa@ab8w!CYVtM9vrZ z*&5~TK#=>ArRuMv6a7B=y6k^_bor)Y5b8G7ZjFAOFiy|OtS-?z4d95|=Y4UcH`i71 zoJQV3X35Sv5R~^Z?$_J!Z!h)NUA#`iblcz7fOl(vF?XS7>tc0Bw_Rb6*A1fcR&ka> zuF7wlFLYqyzvH+$%aKPM?ys|G{yqx@Ay^sr@qe_(Z&Nji5j(9RHCk=KFd~uDjRQpL z^%bWgxzyAJ^|G`m9?_M>7Uxnw6Yc>-=t#yj)iU^&*A)x!5y4IxrDM|sZ}&M25^BOw3ZTIa79Yd{;g{i36%6u<61 zUMyiNykni4K_rvH@ISo_|Le-c%+cvZD#oVY-TZyP`1isYjyerD3&8x(PwB7g_;uq& z#Nnp{+Ey9B!uAwP#LVo%Gfjf1{9_oDe+=_)7REn@`NuH-A7G3v4Wo$A#eN-&*MGCK z{J|_TF%&L&LD^TcMQ#37E`l#V-fT+RkA4F&=>H`UlT88$8oaezdO-&~Q7;dMUx#ra zLVdhP+W`GmR5P=b8Non{^b>L{q_n><^Ef*;Ljy`jbX{Sy(_97 zyzx%bdeMg7`g22aSZ@3>qQ6|j|6-fbW&<|f$~mcD7Jf?f+c4Sx7zXVh!~C0t@sDBt zG0Z<0^AGs`t&{c7uJmvA+olw+m-9)3&`FctE2}h$wu_ik&hUBn6UdE^Nh|N5@&rQlmllA` zQk2xMyx)MPmmJJ7gi6xtKZdInZz z#Ch?{lRbwl40fhqBwBsded;CdGX{w2y&rIlTwjV{5INkVeC>1-r>?#7vKzFg$SMDP zlfaZ_^pZ3R2$O$dm=yjQFi2XT5iHuYrFBwWxuv%Zd7= zg5)Vyk}YQ-M%#A#CysNtVIt>FPWxRZElUbQsEO$#iDx;&+3*zdZ35W*Y|?@PG`#+ty-%|XvV}IASI~l9*L2TKu9cq2C?dU%~@5JS{*B%SkfF(S*G(KN%LBZ}JBGIVWH%SudK_srXmi>50o*i$TPcY?n3YUiGzJZW^ zsju_?wwgd!SU zqP{j)R$Hb0b9MH$DJk`*LqFi5f;*TBLT7eP>scCQ{nxw3@%#@PPj~B(58{vM{$uhz z?F{8JZGx4KrEjq;XuEd0)iu?P^0*$cjQB~J8fHx?5tI6)upB{87ga6M>;n?MUqw~+ zVl?l*QCC$WL`x8dW5O)*WR6gZ%6s|JegJf zo>WZ?XuCcO{>|;7ce$ami%@e3#iWfIWL_ifQ3a4nOJp_HH>GetQRQtJ~wz$s4nd^P~=Q_Pb@{hHzSm6YL=NGR5{y_J0HV zzn9&BC_263$W`N!f2Kd!G^=^tHuf?!3gSv^xKVr`H8pCGL$t7t&_D!ordGBWu+_jpaRU5I4iossMh!P-v zGhYtBXhQH#!>(8962z6nk+c0?q~Cm>kV@6)n}k7+3EB&do=gr3?0;X+y8*gb6hfMO z*n1@HI_+FDtG@{K+|^oQKJRd7AZRad6RPP^X*g$d``of_2j3VuYgJw*4R(ESU(4lG z|9rlb1GZJqdG?auIOcV!#Z2Ui+k!YsJ9n86I6EY@e?prctgotRz znRd+IJ3{Xz3fS%KtJ|VlOo*0~&T8|Qx=d;3F*HXyXCTfutw>r+Y8JsQSU)%@vlAUQ z5G~jo{skr9L}sj)98CY&;kJ{>q< z-f`LYY4dkDqffYd^J*Rjiq+N#g$#GK?VtK`7g|BBaOwM`JGGm0g_n-yJ@+AkN2d_`JBzYe{cy30cjK-e zEAgu>9f>&o5A+TEj9M$l=i=n6l^0vjDRJ1}OPtB6n-uYAU`tfZrq?tqDey5QIbO9- zo^cOf3MBDv9WH={u&IBc>c3f5UJ;NcDCqv)qwR!4&gRplkAAD$n&F~`+l`OnZCCHs zC5s6%is)Fwv*2-W6j)dE*z;)F>-EjILq27C_3~1xYWrTUrppVW1wE|Nc?`>n)f3u+ z?NZZS@*cbHgn*c4GU9eZ#`UQ?z}Kto&UJUDw@Y8uTwnQjLrQdsz>DXp%Q4p~k5^w= zH3|fC^<5LMdN&fC0#CJNmsGbZPV6Pxgva+7g9hBEkGfeIM7S4Ewo0Jx^cD@fnr+U;{ zmQQ7LMk)vs>9O@LmG_Ha4@0=@9XOU7xw9EnUOsjXfR4b~khPryf5CJ6liYp*wy(aVn709vLw$lTGCnq z6<)@8lOr|AXB^ns|AIfG-sYuo{?pWYJ-3i6AKqEUi_ewgDT4ktu0#))ekW=Eha1Qu zdu8#>eXKp0>m|6451BbcS^y^2?clJn5o|PhQMJbhuc2$vvF+8`f%x^+Dbh07WY;=gm)5vNC1bQ=s1tsPYRK~vV&WHA3zH9 z@{3No_aj^0SIfd&o@wm`6s22VRW3mx$xqX*f{pGit#i4S{JMr$oFa_$42!&uz2Vr~1U}pw`>b8XF z3(NLD!4s_-@gC>Vigp7FW8-9NV(E&o54P~xEf>+`Ui~rk@+VWfGxg=g{52jnd%c|p z#T~0M1G0)em-e%%O$!}*?uVsK^|V)Wv4SZs8)lCMv3xIQOy3iVgE|w3M2l z9^*ty)k=AN{rkCHAVTo@d8CQkFE3fet42&fbcl~5sN^fKRkA9-(gAk4Efx>cApN;T zoAW#-UoGQ!mY}7uQ+hAj>FpuYALW;ZGoKLO=|Ffy5KeLR!(QI`kA9?Dj6q9_2ZEM$ zRVrhaJ(nTmO?z>MpSoI%VsZM>LX9rK*6(U|&JzvELix|bIj`Lg-tJY;dr*dotYlgP zW_`Q59>&*KTxUTVqi42PQDa!Yw)n$Dfhr*A$nnv8(r>d4btDS3-zj?qcXi;U633v7 zFcB9$)q1J0?W+08Lg`EI#`(rN|3N9rqTK6_L@Pg@u^AdceaB>;)=n^#uownkSv}4r~QHoGh%03*4EZG^1WgZoht&*iM z%93m|*=39=YxdpPWo$7R!^{|F#{BM4&+~h}zvp}U`OA2{=HtGv`&!=D`?~Jyv*`6# z#dHF+Xaj_?6GsD=C+acV{UsG@RfBIPJ?P$Femanvl~^ktel+!j`V@VYNNo_2TOf=t znRRPgB@i^&vUgBk|I@#i`{^cNq+s|6KDxB9JyDDXu_G;1h54WmK zWAl`H9w2gTRaZS+&zGHoG)_3I(V^xQrWL+qt=G<++v(Et(8MZ8W_Ut8_;ZthPVNbf zIvGW5)%;L?Bpfj&n_tUFV~uLTN|vojuZh$+g_YLk8wbLATRBIxC7 z*@pTcT-3q$SpiWzK%Z+<)GCxs@2S(53|R8fteEbPDczQbDY{!Go9>*7fEfw}Hhz3Z z)*SL!qB_#^3aW#tUpwhU3#dip0inQI9UOR8_&=9Qyc$(wJjos_>j5r!&A`9rHCUoY z%f_6F7kw6X?qE7yx9A?Y3bw8^JB_d2wC-=bhp7ys(5}Q#Me(D+Iua+ zrF>A0?Z4O;>Fl_V;u{j0aOP>*K;Vsmzc?_V*}jJvu@@99{krU~#9O#lo{54ko#%zD zUlrCblC*HaN7^EJl}+PDQ>SB#FOuRmRL1VL@K87Q zyu--nuP@_b_t?fN85>ImKYwcdo}{plVx)B~=1c7L-`!Hxb6_yS=8%5vV*$kR>vd~> zuVCy#=C)T$Y6_VzQ>sznZg$E`+VcMmS6wEeuTTkC`Ibqkt(uoV3K#Yb(rs%KX$~s`0|T$ zhOojC=lX$qdc~uLd1s7uO5+=HpzYxLEZVASma4Y2@_~BN!lx2ziiQxF^}kJ|aoO_F z=m>r?rdT^Tr=++}$fh>Be5V_MV{o(Ir?sM|q4Uw2Ow`>5#xAM76x;D21Ye6Z{&H7! z|6gP4&==MuKZUuI>SZz~D0Pc0k_SCr$Q~M#Nwj5u-jU^>->VQ?@u<$DaWBeAi&#lV z!x+rC`WOL`#Iq!o!HQK@Hyo9n>S1txGRnrRG|oWnOsmE)rP7(C`rT#!uQXc7>+RYz zS2#)%y`~=biZ{My7}nzX)$fdOew&OH5k#+*^UhXsd<9{Odahe5oWVJtd>5q~_`ZIX zMIrFF6nsDy%HA#S))F-_^ItcAU3MpRwViPOs4u&zJ_Uo{AQf>7s^51uUJQJ5cT=;S z`HyC%d{{|@z1RA_=X*yja9qr!Yddv7$`Gl+-6hNl!81PXS$ z#%iYg^h=}16?}C*#POqhq3omub2bUF&=qd)Q3~-VX<6M*E>Pj4&TVoz6#j|NxB5K; zNhtIe`Fq1MHRjHkggen{C`}0y3c*b-VOsN==`5iTS2@ z)J$f5OmVL{JyD-%)ifkq@hLFWLi))c68su8cZAGR$%l1&k;DVXPx32tea(zB;8z** zc1FllV;`vu9*dmp_W}OR_4&XuYg|rP`ILJ7v1$qmHJkc@5*+?`HVvhaCxQae{bN_0 zp++h^R-241H@5NqV$l3wO`^TPr6HQBS#l%i?1}U1H)W_3hR*pW$8GB* z~gv@7}Q9?8AlZkBj1u-vC-Dirwwf*isO|B>^*n#m6fdZQik+@%l|4PMkX z^yRN^>o~Dyyn=)giI>;yl1%Z_^GF8JKEK4^?h2_Y^$~NN3p5b#4q{6<02d`m^G+zs z(+gES&q!6H4=V)kE!z(Z_NZf0ux+ zkH=QnPiG3m$|A(BVk0ahJBRDSk-;4?YV%BY>Isv3Dnc+3>cw=}riV_ADYCJ!W4n-* zs?08ab$6Y@cc(EYnjtB;fporbt*|9xj%)BruTe)rf3iz_T37{|Twz;@TK+bnBPJw^ zr!}XK7N}T@HXNSiK3(11w>xucM+84-LclSG$1Zj%e(z8Dh1dRA+6a=g5zK?eMX2B; zSB0&@&U@L#>2AS>85yYO`RRRvB*4$qWiK{PMyrfTFA9FRDA;(75h4C#})b*U%1ZP%w0{s^Fy>KnhbPs=uxx>`ONxjKBG z0`HNn0r{P9!;yei`LW{GL)zNk>vGl8m`yUO~{!b}Ao3+%L1cC!J!;Fw?hY z#x!HH|JWTV!(h30{t_UB8fn}`<MQDxjl~Zn~tGQmPUDcmlcf*aN-Fg%9Gh*0WrZX*W z=f>&?#sAyf@`Mie%-GVMM2q)NSQhd{$3f562%k+Ym!raBisj?lU)zuilwDZmlTW2E ze}o@Jcn|tFjGiG0kaPeIS43o0%46)F;8dp~D|<@MaZXUhHEyrYB)efF&SK0W_%l=f zdPsH7#on6Sj(pARj2kZ=b|XkFlr=6N554}o%Rc49CBfOr8x!H&FfD%Q8IUt*HFRo%aJq+Fe?Yq_MD&xj}M^Pga;wSmM)eSVJTiyEyXYJ~F(EA!}v?LV~ znB+G0u~tC`@&b;fnNf!Bzh-{mVfm~?^D5`~Zj4Z);IK@C93Nr5&0C_kiH}qP38Hya za6`h2MrHH}7j0hX2AeIo?i0}6dj#oc90c~eTMDxrUgbzd0!J0*)qy(&9ruj9uFvf( z(iUv23k}kXI6^&-q0t_BYAbZjB;F{Y6kMZxe13_& z1nPsm)l#X_wrGRE_ly8RfdFGu$2QX23hG{>wcFx@#XBRqCowWO_DWtY2<(bAZL`kR zq)-fjukb;KI%4l?n~I5WKz?B@hXy~Q#3KhO=1 zI{!*hok?1OHJf5Mig57eYK)v~;hIE@nuew4+@V3uZ15U1#_>%|##WwYY(YsnI?cCL_n0}(Y5`4=;?P!`6co}O$%zl zAD`m%r_w^1m3_+4FdZ>}H5{7z#AW8S7h{>#EmS(dJ(Usl!a8^3^+^pj{c}v}!Aj*P zuiAY_JbaAv(RoR7?;&8yGbT@GCO;P_HCiPxG{&v#iWAF{K0F3BnSzFcM<%e zx(7wAPa3GNGm9v!Jt|`d7_c`IAsM!f;W45bF{&GnN$29$;EVKu4E~m~uzcfev@_tE z??N0e)jnDqw?asUGtH9SLSpJ(EFCyL|H|ZJ<>(36RphDccTs<@s-XN=VpO9kG4=@Y zF-;0XD6bHW;NN~F?Kemu(?+;zPPty|$mH>`R4*rH8?A@Y6gV%csBvdAsFg#aPaXln}~?(P)XGgNdn zH`hDQqphEeC74+*RXT7JEGRp9$*Twc);^;5G#9#$m?`Rixl!wOOCO4YU#r#2%fDm! z6nC=@etLu4r9_>O%MyjmoLXed7l|H#XqWl+a(H-K6TWSI+uFdX=pKU~R3Y%aPb|U< z3O91E)auLOa=#SGlq-=C&;`LI0{3nH=5%7J(8;t1-RUl3nbyk*rgxva1J?LnB9E?- zcUU$ys{&km0wU5>HowBNk;K&6JEqclM{lQTV8o#!GIX)Rr7Q_nK$!cwXH~q2$lSrz zl}y_&Tky{rJ4xu|mnYlGDQSXU2U&JNl1Jy3ohmp>&C8>eSD8H@U-cI*x@ zVYDchkbB6QBvf}r2ww4$xomuz`gSrHiDq^dicZuEA&%R4iz)^e4%%Wl#Uv2xgq6n} zMx|pYsMbFLuZOKv{=>rtRb6}$xaSsE)?=Jr!~yD;IE_l>n23Y8g!y_2kmRG@JZWS= zm#hNqiypcLU(To(WCf{|IuX=50we9>Ck2F;s_?6f04n4OI&l8g0H#-5L={U1L4q^b~q&#?1frnSGYJq}q{>xv)VlPtpQd7mw^1*&q z7RlVU_(JVjd(Kz|mNJ13NAHCM)3A4k@?^_z>|ZN?1EVmPsf}rmKPS5wNgs@1=s+%P z(P*4SmoGD{T7GU@f5uT%O;bH8J64F)Ght$BGg$U9`+UcB{iSvDhs@44fmm2k&!dAq zJ_;VB#S~_z=z{Nf5G29cgHCGVw#XLW8*m#R#W~L)1%3lS;+a9#*myCh$|^m$Weyc+ zl=aQW_ovmk>Eq7Th1WMoVDc*08)A0MyrWOH@8fZ0=Dnw5$TeaC>>SeP9EInnP9D6Y z8Ybp>uVN*4!Z~nb)s>$rHjDP{A{kGbzlqZaME0aO)#hHH$*2GiIP^+y<%B~aTjT~% z(5nIhclkY>3zOQCAtrE-i%dsG;gS=FzZ(+f`$L`V=4kXwxF2 z+*EccQpolllcbMH;uIcD)A(RK7dsimP(SaS$PH2TD|RV%q20BofFj|(&0Bg8o-{gw zlRL~@yk<5+*I`exBD(t>I@H%L`GLxDq+D9z7<;u%G)5!WR_GySv3pgGDxRS3K3-tw z`*h%L-ePS=EJ9jsi$-Bia@CT@FVxC@seH=EkbLF+B7N91ZCF?G)p-lc@BALo=^9BZ zOH{aBW0vi{a#}Q4Vg2|?fw~JaxDlr-p0%`|>lV$u){1~(khUqhb)cnUGDcwKa>!QY zmEFBs#JWIUSgkpojgGIU@^OxOwVIFI7qbj(Is~e_s%3A<15}&ngE7rW zPNVH}|CjSX?b>iA)n=y!C!A2vG&F;lq3gJSiB0Iwda(cQil$mHHS!M-r7gRaA$hzq z+EMT2{q=#ect6u5&*rAcRpF>>0M`dIhGswAUA!E4?4D)Dqyt`4;s9jDjJO)W0Hv~o z7rQZg_&N0F4}4#pKAEQ2szhAKD!p7Bmc$f*qzCYL5qO8C-ox{&w3yP1>!$0@ma&NG zc;e%1edi91jc;-ClTkh4A7@h3>vj+g0IOEpj$4AOc`Iqi`xakUX--BUqoFVJHyU9= zb{^T`6_Z*hb!92_6lLpG0gBDN(M9pG-1aFCx!0|Uk2+2i>4(`x>_Kr^P@B>|=zIf8?a6dTw6eLvsG-KX z$!P^r?4bW^=JHo9{%}BU%Sc&!)Z5iA;g(EGnjT$zR4$9)(-nXqonEdD4-=gt_<5ZY z=N%jxVW!fhQ|UHb4&$gzMGyn}p0=GElOI?PFXso0@yJe}*Ec(r*2QDQ=iVOf-Z=jE z8t4$FN#w>1M=2ZuZ>D?gRXnR&bR0%&tPAfTF#mk;ahf5HS^N^qyhmd`rahmoAT>J! zu3YTSNV{k`+ytpfN~-s_{+&mXWW$w70!uit@nDuqw&c{Tk6;oCooiS~88XDBq|p+4 z^!ZEFV9D)@J=YG&p2tp#Coi5Qgq)4lKB;lJSet{c4th|WFA<97v#tCQp0 zOteP;6D9jM(AMFMqAARU(c&gGZ9_fYeK05HGfqD)*nz)I&aT3#|)R z=4!qc<2gn}lkb;cZiA~m+KV2(5&WQw!rnBfZO_xa;i*A-%r>`oE$y}m6hLO>RP-wq zbK*^``JB1_lcbHsa;u)X*ba~o<_&C0V@m){bRQ+$xGH3gypUhM`EEUHLFuIR0?x28 zoyD#Jgv;(ite>0?M5&~txK?dFYhQ7~B#9F!QkJBsz!da7la}y95l*U+iMH zLn(7pM|}&K)L7I}D{21%!i2pUzJg;nGJQ;4w(47v`+^6m=_$~6&?8aN!$P0*ultya z`g|hmalBC^2K>F(;pypVD3MRlhkjPib2A zbHov%Rm@ddZw{@0zWBc+O#cF?ZwP#f0bRivfg81I$rl=Dt&vh{+?C|*_faG3Zwa7` z;1MXp^>7>jsN6^9rBIZ9uT`-4^YNgx=Jhs%+L9jB1tzhNbu#$TSukVr!)|Th) zTZd(%0}5!Jz59ZplecYB3ZasnRh#{+i9X`^AE3JC%3R!SbccNnF<%mE;G`Sq&`TM# z*2h6d{CWxoQ)3hwgl)nX%Xh)nn+&xpRzdkY%_cOy|5S4qAZ+{^1Rb=rE^WaC1&L$0ex(+bYU{KhhMB47 zTzoNkJ@#D3`O~ephepN4VC?1b58%58b@>Vx{>fR}tuOP@ba$kLtBl`rr$q5;(gi}B zak9NdCVsU&V4|`+<^V4PL&$6v28}3$A6o1_#<7$syF9C4yP~zpzr%Ob%Ni8_Vk9>k z8InhRFPFtzj1g_ZAr_UCyy6}})JZ?69(*HzWe&8QjPEi@Jo^l?IV>?)nv;z_0~#?( z9)v$tqrSa-z}V8pkEErVUB&gp&dL5pMFv7h{jLJnmRFaTYh%NbK0SjxQi*_G%1=&h zkSpne8SWbN2zM!RnXcZPNp>F(;(y%JA)KJX2RwkZ8iidU(zrYoR$A~XJd7WovBT~%%Z)V><`XXvY$FX2EpSv zPH>S#N5+DvP>4O(uBMWL*ciN0PGDQGN+dLVSJ>&wMeeh5}R%OIpf54afw*IK0 zD)qhm?9t*wv;O;tR~9OI&=X_bM?%?t%bUYBynH#0G3V@d0Fq#Zq`H3!4q(i&S3eT~ zoA}|=CHU<5FXlW`u2Wu7t@ob4e}OS{YxT{K1Gr!O&W4ZHdu!;}VzhHwmEMh=W$A z_ZHi9el6JbFcmSP%yukoCx0Xz!TidvDsAb@xek1w2KjZK>~3Clxl2}~LK&{_z4AMs z5%SCFXR`kQphY49OlY{`6zQxR_@s%i1zUmangE2?t%cluZEGW}f4UF5_#PtSe)ov1 z$1_GQSbQ3zbB1{hE)kOG=GS$wTaz)n=Y$5BIt%oysnGA8EdbBPrP*T@&IJvNL&GK0 zknfEAkq1~B8($vP<`=i$I_R6KA1rPd$TT}0d0}Z}nWT@MN_;`&hNb!*Jzxy?sn3+Y zH%JYj1l%b5^$Jq_q|%g5N{h9Ds%jmak92fQT83$D+qS2uMS*Gq7`4{Cep;oWV^uOY zF-n0_96>dyZoH8@NDVeerzLL!PqqTm2kh0cOr8i zVWCk*v8Th5_zMXmfuodZWy3Wq`#rW=jsK1>)+BF#{qY+Chns6D#I+Z^@|x>t;s-p~ z1P?b1c+9FpIpthEzCK*_+M?&?SO6tF-q;5_?{R!p}WjVEeT3R0jKeeo5=L`qH&c>P^4p=d({&PfI4BYNg`l zKm!}!_qbqYiKAsJ^-HOLpivHMv4hkZNm{kM-dHG?*3(fWs)hN;Xn5#IOf46&X}e9N z+nq}g3xv|X2Gz=O%OB~Fe71>IXYhFxm^KA0?v`N(Y@C&m^r6qfY`v;Am#B0DD??=j12cG_wO}_Q8zGC7< zWcwLAX^7a;$F zyY)~&S@v3Y?2p^I0zV~Ny}aNK%Hxkgt*bL9@{X~U_yb(q3=e^!9aBx7Ko6(*F#JW_%n4v)U;9|*a7=~7C|;q26X4M&{wO)ZHE zF?@F^}GG8tMJ`%In)}wmfi^pmv)4r)agzPx@+x@ zC0r?KD5?_btobOZ*L}upHm1`kaG3<^_yXvFrBDMRNlVaBeSH9wedB!3xUIzrS^1sL zFaP|mUJ=mb31xxL?pA7?N_!9}M@nCv)n9uC6Fx^Mqm1D~VQiZmc8QD?j7!RMZw!h} z6w}+#62_He)V^qn+3WGJgFv$f_W;U^K7wAbmq2{po8ws^Qyf_rKY2yEx^qE%X;&9U zM+ThSQuKy;r0yOMop9Qdv{+sz&_Jp$IpOKUTk>s+ zMxg-R9?#TOqHYX1b58FbL`0T2?a$`aDQOU`f^LE?{lZ8xNBlgUR$M!mReEz>;eAO@ z^Vf?aQ`r)nyt?q`n=*(;JV$in`Z0Ju;HQ&KWkGK07<5#qn6S19t4Yi{{#c>$$hm83 zU6-?9o~Z8bh(Io9ZQ>EXhBW6h+d~-jkgD&+yfQkO9l@_M>h9ma*&;{SrC@}lb?Hc* zxN*&rTHW1oe?>R~mLHS3-cJA4d3=s!}VPORv6v=l8)4p6FCu200`3|3m? zwH?=<(yq=PZkbH*rc|$4F~)eUc+J5VbccO~ti2ZZ*nAV$vFk$&`>;NccA-uUXIf=| zv@V@i@70=cLaa^>4!#vD%~C_nUmg^>dG-I*o&Qv;Pdm4@Sq8#t{u(_^+xqhD ztI4&-sc@h@AIN|rgf3M{21z+T9R@jofvSf4@|#Do-w>PUI@D~>)1Gl^9t&LSbQwkD zby^>Qqz_ABs|3Ry5Xd`q_rkBQjl0EuXzdo|Pgp<}h_(~f8RHWG9YCjJCeiAclQBLX+NBTmEMeUQHG!&F5aQt=j@xj5-CLk15GQP~-lA|QZXZeZw2qihAmhV; zlc)@6=(7Rk3R%QaU2-+GA=!qmq;l%1^00SC_pi5!GVLra`A%LOKTdrM3%u3#oM%R_ zPd=0FHkkDOv~|LBxQgz8-sZz}`@N9~h(OTiiq(T^Lw$;&-GQBy8VTwM8ccjSp0G(3U;6e;jJoEY48pe#B|9;%R>cKKnLze>Y#O`exlu!<95pvabD|%)J1ZzZ8ETY|!x=h9s?& zyBWb9VnGWLyn_E@(AKY5cVSA09W?5_9A*D$YHMH+@{N@JH zC`?9K5WUVF&IDz2{s5l}Hhl4qFO`pjpi8Xi~ot^#$qp>-oCSDwvv zdWQst_#Oo`e2DE<$F3Vmk76ig-}An(1@uwoQjnrfhgGfzRxG^mDi(#zi)N!YASkvj zv*!p|$l6`d%3<@v2qap15&AzqZPA!lWOY`oG6Dq&`W*?1L{p!S#TBo-Cu>mRVw zCt9y5c0E3nMoJ^D4Z(gpLJbfkO5s-@cbU31rQjoq2P!(09y*y9`tREwn=Kp$<+Rq~`B<$AGw zcRuwlNvqXd3=kbPpoP0Xe@=+QU}%`9g4ePKgG3}O6)~7s5$<`BCW2hnut^wizr9p+ zmY3fBr?LN!V6tKQMlw>E<=1>C+--)Vm_f0pnH_pxQ$N-&aXr}7Va%-N@no!#&GGuJ zhx|2l=&Emk@E2WvswlWFwi4VvdU%VZKK4v@x8Y=oqjVzk+0znb46RzxRdVhLr3Q{%QOCFMoCphti_|a$+1kGK$Jzkt1x} zW|lweq=oV8b5(fv&+dH-E9bS+lb5_w#|;mJNvqh6E-HSP(MQb@&<8QDIXWlq`|n|P zTkyZv;9v0HT*w4zc;vz(`g2Bb7dniija(N>7J3X}eAdD1c1fW1pw=NHI>G9| z&nKe1N!N4}95z`fX$`fH?fJ4PGH7!6Y3`Mv3y8jmKL48}t<=AAx1JF4JMY^6v3D5W zS-#=^kr|2WIggL~9;U8a&T$;3zO@NwbOk9_5=O9QoEgqm-tsrN0c=$h$ERqk5PWW< zRaB(UH)Eq|_72(EI@*HF?&S?+0bd-l029pu2rzpc-pA{LSA|g79;y$vj#v?fp;;+9 zP1)1N-)o5U8J0NRvsN#43%@|~UK--f3;Q2R_MiIKc_aj3xo`aa1*P0HTB^hCwCH)s zR104Z>!`ue6idnP-`ofX({47Y8m~_9HlV0`4E{2;Va|Q4Xxu$g(aq|7e^X=>C9&ar z8Pb(~lhf-oI!|>`7&3*~xT*}sW({(d8PR|avR<}fF|D?{!6GYnq zhlWcm?X|(-&5g<+JO%DHYeDgw|DhQiYanJWihp!VscDyv!AAfOllXnFDHShJ653>! zalGSrav7Y0zZnGNhFNuH_@h#Ni{UiGzn8S;8`14UK{f#yv&1i($Q~27p@xo|Zo|Y? zvj@|r^j3ZNcgOHXoi{9QmUY*dC%n!-L%hYoWy{*eEze_1(i@AO!)GLp#dIYz@Q%qM zw6fT-vX0rVQRlpdIae{vPxV`Vq{=XiOpUN7{aL7_Oo2q>|^LLSsFi190fK{8((X0<=p{$^UJom znk7X8T+B4+zv3T~?q=*N3$k&)53C5Vc1vBxW<@e(GM2 zNOtax91&3p2Raj{VcvHVMGQD=HCEP7G>*DSw*0rL8SzZ5TF(9oZ%Z-oK`|w>6iz{BZbs$B? za#c8Gxh{qcbGpgzyL%9|SD@+O?SiG&KVQH;hfqxkp{}(|EV`r#KJPNTu(4i6a>mi=8=Y6;Gy>m6EQK4+NDS-3uo35tihA-K~G zx3|VPf&~zOBVwRpTc7ck_xjW`*)o6~zkJ7zW|mFm_wjUT-D8kENw1vj>(Jgdic(O) zeJe+to<{~NPcg>xr`iFyIfXzs){-s@IaH!G>Y4TlIdcaSR9a-ufV)@{zq`#425$^w zH6{Ah)*ME@-?~GAb?g-d*eLT)dSmUY&@HVV@fLk1psJAj4ts0JMdI!p0i#JQjp?( zba<{=sR^9*#CK=SsCePHsJh=$}j;E5(7&@83uHpbQ>OZKF3;eeL(y^Rx^aL9~_ki zCG-^!aA`tzX7W|`oKMx;vSV+ENzp>J-TD#rMQlG}(GuJLG0U^SDK5tB^iq@M8G6=F z4=Uuj(VIhj!vW{C)m_LrBI9l5^W{Yb8-L{4jg$lzto4*$mzh<6r7y$D)%xxgX%KK& zoLT%?qb>0~)T}(ki)G&%U67Vdg~+@WlYkzR0vG2T;(Jx9EPx&uWBoM$QS;en{c=J? zsQpKcmp?+eYPyf&KmM^>LHF{-+kfL}-beyL{RRZ(ma6^C8xW8#U(Y&FRJcCtt zj4Ll-4CM#sMbB-GHU-D0!8^WLyu1K!ecyf!@unhh$vkBIL%5gpY{c2kegOqd2N>hR&Ap{0%_+)#A-yWM4oJ%5bQ^`(1)6)u;=OudYT1 zd*YJy4ax5oog&DubYwU=Ka}jh-DCd0-Q#J9$%>RU&ePFwBd7FwDY6e!Kd8(?%61QX ztOPr~^0F$&DXbz(s{vp&Z@d%xGcOhL-0;nFzL9`#pskg8#8Eo4-Nz&wi=9owEX_P8 z=1rr!E9pRDZ_&YhKW0x4nShAOs#dYza^y1mt_nGTi0Zv%iBZBPMIwdv^cP50PHC_& z9qENPA9f;oMl8*H`{Mh9=L-^v9oEjNI#z`J*dPUaiJ1capGoaERZzTqj&$1q!C8im z%j-!b;zXd;UZuT`+W7Xg*GnBvsrT2^bAD86Xghe8IRQVrbrcS-H7h@;M)&;k-EnzY zHWhdk47JbC<@HyN_T?e)hl%NzOM{(1S~;iM_eKU8Lo0FRPA>2tApLuc`0f$^<4`p( zglJ2HSX_0Qeado_9sX?FIe?%pt!@SY>hu|IXy!n#JB3m5E z5D2@OK*0`ft?8bhWzz${=%EbcMsBHVDN-FTNO>>ml2FTdlc zc3puOcE4Bu&#h8omtsH&(vXEMhx^h4yzpi&d31|K^FSdS4s4Ppa8p0ck>lhc!OB&R zasKXZGy`}LF?Q{<^cF;n1wpV6Kt#zch^R`^vy$jvsLn)JJLL?+Q=Nz+K?T{IE2T~@ z&L7b&zC=SjePv_X%2_ne(!%a<{MQdGc}lYL$@V2W?WXgn6CH_^8ABNk8#|fgsFh<7 z_@Pqsp;@19qWQ)(vdL4B_GE3w|G>YCC%`aE{1|^R&tgLa`7$F*fall#?)eGF2wscx z_v1%eN^`SZeSLD_Snq;c{wcOu&hgDaj%}p_%3^&Di|@Or#r;UfWZ|_EI5D_6Ri&8X zIeGf0C;i3;Fi4qWJ=J7KB7Agf=Utq7!;6NjR@lWpu-X+Oa(>388Lyn1<{2dQuhhHnW$hpd0M#lxt?~8Nr4AG$j5|`P0TCJ^DaQI==o$A z{gC0jRY7c(tBlV|<+`)s(3DFH9yk_H+fzT69tG5xuHq$wh&}JjN70rdgF~5V7^k&_ z{zwmXA6%KsWtL~qnSTlGzg!CZhfC=cztwb#o_hjQp0+e^f*Xr-jvp$q@OOnfTCLOB zr3uK=-X@mR8UXCm8~;L<|2rk~>64&C-?nx0h8*K;N#dDO$J_qwsgiUoO~Bl-s>DEy zXr$s6M_{~j84EZ0?vmbcfn|JyQQ}|m3I&=1zja?30`QO*vu=;29xDZ_nzGDs@ula% zDNUt%F3s_YQju#nF;$jkS(SawIGiB1F{9g0)C5OB6ZNfe&KWN;Cr}nA9+c>BZph;l ziz)ncA3Gm^l1v=%MPi-qub(Lw=x`#4I=@THH=|Rk@*Z%%#d>6&bjqWOINx@T{NdF* zb}^SH%uqPq$4|A}IMWNkW01W1Am$D0Pn3cp|7qkci-J4#!(wK#k#?nKqoRci(s%Of zhpiD9ZmU|kk=HE|^ivnUj#(7xg8lwNkkgpq@+|Dg+Oyyf934NbhD`1SXY%^DvVrQFp6qLB|rQ$~lX z&We(ao$^X^{Yvfcz#1B7AK>F(Gp!qks23~<^Xk#o^effTgXfrN18jA8>CJMgRZ+ literal 0 HcmV?d00001 diff --git a/packages/cloud_security_posture/img/rules.png b/packages/cloud_security_posture/img/rules.png new file mode 100644 index 0000000000000000000000000000000000000000..ea86ba845e2be7893f08ace11918a09c02840b6d GIT binary patch literal 315772 zcmZsB1z42Z)-Xsa0wORdh?EG@h=6oSNlABi4&9y7qI5SR-Q6J4odYv;4MW2SL;T~p z=iblb`R94w_uaGi+O^hRYp)9bATNpgfb;Vw4{ofo7IArYI;<;R)(k8p;EJOzqE~K8@eQmb%|Yql6}PKL_KJ9y%G- z{TK012m>S9m>3#e3Hl<+Bk1cB%uuTsBaIFtF^Eldr~5(&(?0o^BL?B4@R2sZ(ez7& zCXOaJO7>*{W86lL7Rp8>PX7JXt|)fP-G`IP{{E}}*bh;nhrUQ_I5Xg4BLy7kKFh;*&D)u~j>`_a^B{e%rs{A9YqhKAu z-iY~(lT*4^_B_3=<9helqp;XGI@X78$^5n+2_>Zo1Sfdle$@IX^>Scc9w8)i+CeL% zAh^?miTCXTXh|gblx(6Leriq2SkhAy8x5gs z{3^yQvd0)z?7fC-t;rS%f*dkL-vgc;0Gz*l_5Xrih1wg5UOoOUVFa+7kDkC<%Ox{t zR(!VIIEmWvKp%gjX@H6Njx5JNZ>|4LM6h)6BW22Z2BLyq;ZoG9NG5Lf_of`*q<+La zt&JNbBs$g>NvC`ihQ)YU)y-t75jfcXLZ2&{wO*Wlt@rCu*F8g};A+A7SI^xjeUouq zH7U(#@lUW#jB~M^R&hi{6Pk?2FxEES5szU>i`WM`GRwzp^cC+r;E3ooiULuq!b;f` z>i`O`{L_>NV$G!=tbLAmSQF=2`tjD3|EJ?4+<8iLHveZavTXM^P!zS@bh)n!((j|` zP+}|yqok{*b`ck&aTvMFp^LBJe?%ANs%3FEP(yi;b361&&BFy#6Rjo$jnT17`Qxbw z(T|{xO|+6;F|bl6;a7s29zGJh=TY4FczxF$bNE&rmKq-j%O-zd3A}!T#T=f~`^X5L zJ<1}MY!$VU;yG@Gh<)R#?2D>D!yo{_ zrf~$LG_ddGC!q^XD@h|miExWPIfU9?ck-c60B;J@?)Xq{5CF(z7aEcz!X3}+>h&yD)b0lROH1+3~5SSS$|bP zw+{=3a_2)f5~3ib%4emh&@Qt|-2HoAT_PW_Vgd4^0G>B1+%Q(rCvqY@kf~rwfnL zz<$_nP)&xkiU{UBc`xpwNH~p29`ITbKpOHgXMMuP`L$Lsi*QozrUh*?R++d$Hpv9k z0_*BAtPiCyX4iNtnd5u!yarQZjH#iL4L~h0!7xDscNRPARJ9Zh`dx7CU3v_My?J90 z&5=oZn8J7SRhgsnpDe8ap%DE(iZy|s>i41zWbI%4eEc?;J=mt3NR&M%sxrtv*`74B zK)#!gI_|4NEv;uyO|rx=l{_5_mEDU28ZJUmcx-svi^l_>Hl$AI`aU=2-&10@B)7yb z4tEZjmcGg^EH^9MDg+cJmcLX>D^e@0*M>DN64#kq`Isdw@N`z2iOVbDq7;J;cmdv5?B0)JzWV zhlObe6&{yYE_8J%o@rN!5_t>bffl>9_ZF43h+!{asIVYR-5&9vyso+AGQ}Ll5(n}1 zgqNCAT3-ryL~5jJWKTbB(T>%ZuA} zSvz+qJ!JcL5}mm+B(oGC@?nUZn7!nvH-UC@rx+38u*F2!_5&YflQ0NX5ES7l$1RjBUM3$Q_>$ftnL>|TSc zE|(yM(1$%AdUSe-LtR4Q(e^Z0dG2|yB+{bf$z1T~$Pc*Fxm!(scCETaDH>y~qp$CN z2SsT|d&$Ylb<4eY36+&kbxzw$!%W#qF6R=kTQrs6#$h8&DdVz!?bS7IT=~Q!%JKUv ziP)wpkKm>y?-GwRkF1a~@#;SQNFM;4`BkFq5Yy01B6FgEnweT&nVE*F_HxxrZH}^# zS?jVft&WDOI_Wx13uW`urP{Td%PgGZG8#h4RURRDp?1%Pi}TiQ8(ly_H=` z=dbpS8y|T+c_N;1^Vahbq>g?(0MOTu>2^#f% ztf6Ud_H5p2vU6+WQ!+Q%_~AiACfV-bWWU~|+NkSP)D+e<=33$A2V32tI-1{b82WO+ zv*?s#9=T1z3S=!-k5*4=NN@{Y6=sx__FE-$gfXUO%Ro72B@Yj?s?gb9d%+ zF?0@s!M)>Q^j%+JdCw8rKb>wGuH4Ys?!CTOkM4|~isgvLh(>{-iFq94iY{QhP~)iK zrBM;68&uF076hsBS>RY0q0*3Ymy(v!{wiPe%)CQu|` zq_%UEeakOTTtqj?=V-Q3OmC%PG=23|asqE+a_9TR&d!gC5(!9TRSZG@bYGx`{QkFj zghRc`sc@=c}PzQ8_j4lut;eYLLiO$l5S znqMvpd%|HfJj_lq6*c+J@_aY{EdGpqx6N3rzx*kPXVgjOxRGq#wqJqV&o^))xb=Sj zODp*edH#5jA5tUp8OJGPLuDHmW{$79O)ie+TkBert|@P=e3Lr$E0vCzhJ>t5XHRYJ z_Ei^jyM+x?Dz$q7Wh8B*;XfAAPX)QT+|2F#^sK<`-gVbe*O*l?Z`Hl6KJVrie_5oB z`D`TJZvq*xehHV#%jYxsXwzESE==M(-7pB-5E`HWU=pbj`6hpUy*aJ|D_$!un|fBr zoOw}7U%HdD`_mbGmiTmwV{6p??H5ibD3giWR%zlwVhzdgK{}zJ`JB$+(o$2$h*L&` zBUt}bd7GPsO_R;MYdx#m?;Fc3eIfv&v(sRIO6?tIp$Ia9_dx-E%&SQ{^e)WIj5n>p z4IABKG=401O@5ZMll7*0LtM;sEF`QQRn+!<@tad%s0q)k9qs#szLGB`r%- zcY{4`*ggS&YCGo~<OJ5kV3SUu-Hx+1o-ln+1o#V~l=8T12X68tuq3U9|$gUCO*8 zd?WeGoP1xF6(70F)ly0&2i;ipC|Aa*klR`7;bkb!FpdjJ8_R6HXZ`crk<*4ATRq#l zq*m4${fnlhdBJZtKNC6`>B>WO1e~IsU~A{eP#E`T;8HWsfmuKEZP|9isa;3AvU}0t zLAqD47cIQ*AW4AD_rqn&%^`xfl{ZG{M zc4M)wAuhVU>=)wOG6O^H2WvvLck@Ss2Qw9Zm^TZH9EC-vb!RSjX|zCG$iel{dPO3* z5sYQ63Ekk%b>3IRS8l%K z`vi*A3F_At#Q2ABrlDoI0r3!@2dg4}ciQtcacZbXrXGHN`lfz&Nw#bn^L$*92?Ae5 zKUSL0KZetC2oYYBDP9yoHh->@(^DUz2!Zb~1k64)++N2VBkhj}Qw?b|IXM&tWEmR; z9hDRX16e{vK7y!Z|0_$N(xagLReui!CCm~9{cjj~FmkmJu=s%SWC$jR~=18rFhO@KzGEbg}Uzs5n~cjrYGZB3mGDcx;t?3{Sr1*rdm z;6;{yRkKo4{srP}EkLay_kmIj=x9pG#lptIMlJY&l9H0&(Zq~b>7B&i-I4zUs4bkG z?Ri;Q-Q3(*+&EZ(j^?cFJUl$CY_C~gzh*{4FgtnJIUBk&+d0wvXORDn^Ul=C*wND7 z*%D|+`Di#}sWNY$|aKG~`6_3}4@1 zyc5QFWAi3O_mY!>$EXvyC<<*1&acYrdf=-`k4@>1a_^5%xzOQBcwU`wFn8`jnBu%Fgy z^s6X6MG5de=IryZtaPDmDjDW5X;glFc=3bfzts92 zbWka~8=dLu0>*rEbrC1n=5;B^dsvXDaf@ zpnnk;TZI>u_e!N%c@XvYQz6VlxB@SCbQQJ0`^R#Boh=oqfb`~>&CKU>1LNh<1=c0| zO5{C-J{YgvrW8HgmJNA4wv3ARuh743Qy)~#Si(1gfeC(AAKz{4I<`J zA&9iM)iVcH;cBs^iZd}M{*H>jP$q0jl%1zw%3tz~@OON~(;=zHpkN+U|1W_cEdKcC zNvGP$j}@+0IBMvzxdq)7HTKP#Ko%~e+d^ePF zR{kmDF*@V*V7aWtc;F}T4gvP0C^VHte zj88E6o^7e6)ZI$es)}wWNh6Od;oVIb#1mJ8!zD94xmsyauRT?8VNuKEr$Tv*Rh&&@ z_w!<0O^ZfRF+f7W4n2ikRi0ntX|lv`vh^=+4H*7KDzi+t7}9@mue?8`WpFfA;P)l} zhqiqH_eMV)4@Y;9wdbQRU=VEu3(q4rvcVSy#{-3RdO={s1>>Y4&>dv+!{~V0d^2$? zE4V@>qKU7>SGD=vM@rB0Qe8 zA^MkpN)>DZByr~oW7lqC;D4MzzI#~ zq3-6k&iLbha$mqSjs*nB?BfYP5ky?TU_Ms*Hrg-St|R8SLB88HQk{#I5D#W6HBv@x z1@Y%P2Jhg7C(Bjj5e9<;SwiW}s%B+EN=DX`&nqkQ)c3DJ>PB2!y+7q0q4QLZX1hO< zp$TR=*LtvmPYntIYQJE!jMrhC?@Q$Be-z&PbHf1H$#v*~z?dNz6p;g()5?2r4?u z(Yq9}2s{Rip%(=!&i{teUrWiJ#2KF`n#?l7d-VIt%BxU1+;rCoI}iR~R3(N-4>5PX z;`|Z_7gaWw5AHTETwg@e(Gi^=)K6KU(DASKeZZb4m28LTsLCysmY+haIJa+5>9(u@Tr$(SgJtmEoIXSr6Ss9Lt=;`NS2pv+taT>execk|gx8A?c^!_$ zoo@Hs<+2v=6}(33dt3LG5Odc=?zk3i#^uhiMcSP2Ojia~>2DpVb8IK;PL5XHWXe)G z#Y*O~Y|Y0q69ScsOis7T90$F>Gqic0$6vtg&eV83&yt5TIk;!{n8c7=!%!#8>v#BV z+Wy(If8HI!O$3!UEw(|Q?`zBxklN^8X)1l{)a52D86w=@k^0weh()K_k zhg)bpr!8vaN+ql7A#ZA5+-6!^1$lYv%Ff?1r`mN;V|RWnU6->UE6N~FX|z^dqLUid zyZ zj*R1MFX7~NzsYfbo*hv)ELi7c(}Tq5ja-_bn0%I?vKhimGC?d`JaS8^$kp~0Q!5jn z8;oHN%O!7jxIFGFhxzDxa97Y~bJ?!lGq`Va$a;y;&l<|iG60j#3oQKS5#}?s6{k&O z(Xo6M?pJ4)n$0#L8{6Aq_0V?qynOi#UT}4Hx2VTW^s5{wJ0Vim{6G(Iz6K}Uw|hqO z2R<(!VTUr>lq`J;A(s}>$ISQXuG`rm(pn;5=*>WF!*xCZ0T z^$1&_zHD&R*lnn9RjW;aC>KTGc^E9F^7aWn=UT(&wUm>l*svbR%X^CE@p17^J z*bjkuveIdHJL)2eMnYOXjuiJZ+?1XiNMN~a;1ulDyZ!>vac2^ZR0{%G9 zDEB5Xl$IxojQjCUmN*nV_?TYl7-|=QqMp0Na_9D)vdXubQQ>eKIB2pA704vn5a#*X zY23xxEHsa3gR@0q9+J5xsgx zHynM&@%;`&DtydG)8pI*1|z{<+^M~!7onDWyjm@H?X7^kEt@Zmrz1w5d3&ge!y+;yNt29L#24{auJ{RYfBy(8dHcK+X3f5 z*T=kkyUP}S@J-33~$hP5Hcv-4ilDISWy~ccu*D2*4lF45yP|kF? znPyT-{$b|Ym!S(T)XswHTrUpi8Wh4&!%c_O-F*^VXkf}EpvF8c^jI;3rFB(T#lMT6<4VN)V?8n zYqQ+As7Io)@}OCsy1kzHcwZkRbX=f+)o%#u`PbDx_ntC=+(#nz`K!D`@)Q-}wS*); zs^b{%II9|@MxeA@I5{mz2c7&{70oEz**)|1?bH%tb6rPu%RhuM-LyOS3i1f)!Z$`)^4Ti?{st*;KCGgrzOiINyMk=hAwEA1v6wA|Z?5%~&|Jk|_$ys{sat|N zUH?2eFBl9E9@Y?bP!(j<2^v9+R|!q1&Cq?Wpj$s0aZ!8|#mPi4!m(Hd@)s{{-`^`L z$VF#L-JJf+ow=(zA)hk`#?sfJ4U^A|weZrq2Y_7NgjLtbH+&@TyHbMvboKBNWtBds z2iP?ljn^n|$c}7H(rkaazTm@m9|?Cc{B8wo9Xea{Jqhn$(_L=qTH7tn8ubt1QWFE% ztuZa4zIgl&yM*RRr9B#fA+$f01W@_0f1s?UwqH5*Lqv;y;UAj8BdG%6Z@gE|`|~21 zUR%ZaJp^3&$JddBrbu5;G5_>q=zA`M9N@`wBi=N%3O(JJ=K>5RYGudplrPHqSLaZu z52VrI%QJp=sYUR(gjSu^D_k6H%EJK-44<>QcTGN7wMB&bRY2X?=H6#y|J49;RU+P6{m<;blII; z7`EPNyMI%IBM#GOG0RAQwHm#%u%J2F?!#xf^tEcImN$#fP48kKOq2BlI+Vm3R!>FD zalUl6<508UMpLX=Q|Q*p`+6`(ENrA{QE#pN+#T4y`*NT>iER;)?s@t2{I4hpY1^HbMY<=WCOUEbYo%fn*O;tyVdF^uBdeab( z-J#=k^$yUbC$8I}-J(@gT^R|B4%?hmfDO31k58{96R~jcUB}XVG&=F}l;k~U&7BTM zh4|@~o`7dt2LEMosb-Cue1;&*jzMm?>TKU5l3SsInc0&?A)S9$jzo_ke!*$WbE^1S zY;2cVpjjpelSipV-qs1KdK{yAxDZVybWs?DD4~b@9<{gJUYUX0O7e(xSX!CF@F)^t zAh%?55c}by^OR3%AT_Nz8!B8ji%n|~E13wywMU!&2noC$_I#fwi9=W-jijHkII>6Hq4XNDb zh#2x}$4x6gPWTn1*(Gg%scA^xjPA_btVo``%{(5y&+f7aHH0mm6ZD%lI0ykPrX+Zs zZCG8Pv&Wg*SLrG>Dx&y(HZh*TGQ6`C6|{arVy}C^+42z$7PLUjk+zaBnTiW z5OP(sv?S(9VZmdY>2kT%L2)KX|0bik=e^}YP^D*bn6N3qcotPtldbq2!v3(`rw^~h zZn=4~9)?>Dx^Bn<8z09@b{v0P^0c1tGuPp|gZ-SIf>0X};6H=@;e%0mkIJ_wT6tHC zE4CvdiGvXw&L)t`vTy8Kf%=8I9zphot;I&LkJ)BC}m!1Enxb3n(uGgGq;16RXt6%HS@}`E)`4Lt95V+0jj~O^N?r*af z>wT}@ZqYx1fg{A0k%Ld7&3_SqXcg}6lOZwfJ5hB6+4{8M&G)Ij;ShXnNQ_$=OblE4 zwzYW7QkpK{rUv#fmk1XLtF)C#O#;=Io$Z2#p#Bu~2bzQrJ^U_oSl>OaUxHx=qMN)ejsNndH9u&@VKFzPN00^(F|P z1c9gm;gLEQ=>YHXYi*^Dt_F>`+4@ylU>&$MJ*LG^xjsD65u6>=ScO7e|} zn|bF>{SK-VO--dbx8#-JTmH%1v4{ppik=N2w^UJA100gIUSV9Jiu=7(qv?IElOHv0 zoPWq{NkB)M9fM~;A|?&k8%plyc5vQd+%I1ta4X7@gPKewCYzm)6nFJPWjRO>iWxDE z=I(>5)<(At?C^^km5PE`!NnJ8!(&U8N~zY0L6Sk3;9XVtLf@FlV0=UOw~MW1ZnJoy z=KgQ0C8lZj=@&kmO58PWXYRlQZm+fL9HU86YeDm4?+(#g$g{9jBv5@W_%C+mTJ39| zXJLBWoeKFKU@<@U+lRi~UtAVC!`<>IB`12%(BXb;u2iGO46JMOf)B>}UQd1I3b*$7 z=6e`nZC?5>+w}puP5*7B{52Q-qlaj{HQFFQ{+aXdHHX%1F~~E7Aypb#KY?4TVVzN7 zW~YC`CZ=0K9d9nNHTbiAM0s}l5(*!rVQr-=8YQMMz04AVC}g$^T|)%kPx%iFoo@7{ z@X>I|d33JjB&iP+go*nrg@gpifHI~e|aRKaBu7Zb_Ow3LmwPnIDHj6%Ag zh;WP>SA!@s$k4|3NIXYtz$@2A;g z-F?z?k@8V_{uty0fF&6p7Xg?957{Kf-R8T0yxZx8YZZ&ua@hQA>cHN z^J1D4=-bfWfQ$ucRy(J(Ao7b`oI`TNDoFR*UEX0WBi;Chk(`t`%Rh!Q3XZO3!{Wx*I85uC+PPtoHBZpq*)-Rq`3^@};!NF;^>ZgLs{vmC8 z`xm^V0Wrabk)w0l0qrSzk?rE`a|tN^KBp~UoW&;XNY4>(xB!rs*l%a&S=Z<_39H`O zMIMc&hB>F-+ZQLr{|!FtNc40(M)pKc9uF#!50K@7 zF~W<~2-k;h5Ka~6v&Y(JJZriYoYt41y=rp45nuJv>JpEv0iDS8et{LYtxOI#y&Y_t ztMAwBd57m01=~B(+=W*GZv`ZqWrb`fwp(v2Bt}RHp4V&-pI2D6*ipj+mO~ZL8S?xE z89A{P%RF69A#b-j2;_F&Z(IJjq_{l>z1}~_c@5@It4(L8QJ-#mY~wq0?HzFr!Oq}y z`DC8eMEc||>+VKodc`TXy!fh(apI<0@Sh$ElzRolmE?#Zss}KflA&6PQcTqM$~NPa z8V$Hl(YKS#C^l`=+?V!`twFZfJ(*Z=_i0I)O8vSPd5 zevkl7XUYi(>VNiQc?}6gbzA|%2KL=&M!%d4`vIfAQk$aUcy;&R6#V>jLf{p3LJQxQ zxE!kh+|UG;SG(`kILe&v^stAi)@=Geo%C5!0Zz>MUKf_~Eil<|`hhvnN`^=z&%>oK zFLAykV~66eJzb@o@6xAGnGnSYN5^{16Lm6<2?85v^SXrJV)C`f9dYOtt+dx>x{qqw z`*}2~7B&i|IDz<>r=L{*nmloHpVAy}_|pka|#OZc@N1`frk{ql3!4fhz*TQ*eG ze(Cz|^svn>*u>n_>vVqy&kGJa<+Zgs66Rat0{Z&&a)tkL>yme6H}8He6c;0wNo4v$ zBYASeyByO)r;vFjp;(EtJbL4*=j+?f%^TpFJe&LdisVQAY3qR)A684B>+`zP+L|)g zQ6Z;-p7QqNR$!LiWVQ$zkhly%4jcEP#m?rCjC%4C*D>N&$rW?~t2P_qWu?y@s+PrS ziQ6jMu0Ji0$+YhcCRS41OF8=9Mss)!9UT*5INf4Bf-fVTG)tV$AA!&If2O5@W}ks( zI+k?JdDZ-?Jt84*1UjxDq35?tL11-UeG3EH8S#n+!=BKqj7+4d z!NfQM+Nnb;0>EAf82wznZENuuQqyd4&44^aN{vybSa^FqqdUaXLb^vrtG4DR(hDlh zJms(qz*Vro7L}Bq$c5MI;d5!^(G2ZibJXwD6{9}KHM5vF<#Ypk`vsHx94vYCqcj~f zLt8f&HGM;$Hg$$tIh$2RUtMe0+l0)qFN1alDF*b?>~srKT(iCuJna&N?>-OGlFhiP z_e(DqWAn}#UGEoKfw*;TJM$wAQ~$oNUWaj|rA!r9A(4WgT3ds_wO%(^XaIp>Dd`M8 zmy=n(9C$}l2dqZw5D`ZcCezj|P9v~eV>*&r=X;7chZ;)+Hg_S)$I|;`60h=-cAVt1 z1h}`hJcrKBd&#~OU5yo*REWDlu!cV>M~X_MPfmO}o3Gp9Fun~80oT^cmF<5eE0QZZ zL{5HoNaK@f@uO-rAq%*-8iSpi(73JNA=!fO{1hW#kZHWYiSBZXJL}B1T<~TD=s`7^ z)$x;JtHb3Rauat6MOmqoNGtHT+pVJgB9wb@N!JaReJtYUq(bPr;p>|#pg-y4l#)ee zhl1dF`rY-%X2oaw)}3Q)v=zU)-J2395bs%(=H@w^w`@XyfKs_H3ju?SUQG{60II{$U#3_*=D zpt6##^$jWxw+_4MfYH-AKYxf6uGVy0s|?Z^v^|ECCiO-q$7QN%GqE`*3^|Zw_kY1Ux3b|D}$PmkmQKkCrZyN%%|_V|pfL zA@#N`HlX$%{e4%vxzV{P^HwOU6JLr|(Rm7oxp?cQp87O*Bg7A4Q9cBUB&bYB(QEE84ZP&q4DGVRNG^T}BX?oLp;|}~oz)7BE zwRX#cIB2bRx6c~F!L_bTbMjMKF{z5kB%DmB9F&516+GwK3||JfAzJaEybz>|BQ4^_ zBj?z_qul^$s1o^S2^W{jR#K3)ad|slrB79CBSTzKMQ@tLsS=k;+DzHx_hP zNQ)(cFZI2MNWd_gkW64fhDRvGM522FVYOSm>3HpK#M;ClhtxwqjHD8`bq@L*G|u@Q z@xVe~o3--|T@N#Vd`pB|ic9`_o@`*_%ZT=f6rN<;Ch24oaG2gt*N4z&e#{#8Y@RYG z)aT7v9_@m)qL^o%?6Q{g^nF|)`VbmC_Sm-&>doCdS7nUVbe@=-B(}RFJXJV$7Q|sk ze!#)|L_QKOXb&|e4H%@)Hr(INL=G6onBL21Bug@uMXu|?-7TNOxD@7F}$MHS~cblM#LEQzz8D)Pizr@$8E1v#K| zu~K7%ZQZ)w@xhHf4!FhrASYisI>g#}uV4D5$lD0miyr)()o=3yF@I~xFSS3r7 zJCkZiSO$)=m?G!bQn8qp?E4_sm-voNnuHYrwkJXf6%Q$>bjbiWXw{g^wZYL=Ra_M{ z51$|c8~8Kh7+Z-euB+A{h@v+J1pB2~Qf!osWtenlW)BkGgV4HQYnRWT`OuW!9M^MX z-iT|{HO5xDz5~sU#?B4sDm2g<7-C%h@__#qIREe9*u?t*2FL4W8~A|1lwcF zD6-0r<}Dd5!#k*>kiNzYkTC{RE(X4HmR;D?ZsGc7F(bJXBAI|}AJk~2kQG$B!Hab>VMpUJgz27{W_XQ+B5y z(Ti1An5Pn(NOQoQJi8%nbViGm+s;IS{pp?@bO(hr9UBv`HDoK+&<+2b_tBo4TRtlM z**l!19WEcwH0XeH_iXh`48L(CX73yNLeuD{tHzN}cWFu+$0}EN+(2LRX6F@c zmpqjmY@5#$%odU1ftt3^%{OmIm`D#M5JlfS$XdXWPI6zxCAp8<(-6{P_Ov0~fiB-q z+mN>hJmut=F3t4j3Kv|y1QmKx*=XL&Hqi8Xa=d)GrENlL%@R`9aKVlrFw+x8v~?#5*1Re5_L^{1@#5CR$Oo2n|0$R zVMsDWY$N&52+4;G*>@wSYdCkSA%W-Hee8txHk0{P+<|?^>-{5A<~-oqm`}G z62_Cccg(qCQ>3Z2* zIZ0Wj#VO2{_?Sa2`^Dn1Mwp4jgK#xBkK~RcFSKC@A9NU{| zZVxYl0L`*J04|F-*+x<5q<=`F3T@uf=+zbeNq7_s!Ql?cz&cwV27?WGa)ING0r_8c-P&VA6wRn&h&tl(gYkfF8!`SX zm_(ttEi$B>HalhYj++cs87DB;gCfMm#V?~!HkynZ0IN+m=9RSW=LAV>!HaV+ak(uV zV)Z36-Pfbnfae!#Z~Ph!69WT(G*q@^NSY6OH_S^>)Z^V;FKrJ?5pUg{>9pNm5&6Y| z!d1=pKqGa8cbNiSVi3RqFuC`g?v#T9-?CLW*P>|YUW*HCt<6Pmj>mbYa#;UEYfs&B zdx<98>@?Jq*$&GX{_HQeov&B(@{6@8pU5j$jt4`7s&N@uG7mHw5o2RQRyN#{(}%tj zqvPj$v!`ZFb9rQy8m%V99(iYiZXAA#F?$3LE#`@BitZ+pLA;M|N-cS<_S(ifo$R03T`H-uyNj@`x;Rc zcm66BYRlT{eCgKxrxty>bGQzdwhx0{e&?dE=C#@JWqf1Kw|AXSVLhXBV=NhbDT<7C zuI3(7b{})*yI+{kpXy9HEiI2^xGk|TYrTP+S!%q`YCu}mzZj`N(rwp7LZE7M>C(yU zMLKzP5C50IytH|jvnlcg8XNTIZp)RH@GAyb-IL>1F4UAudEr9+4#C{K7nTc#VBZd- zK8B8`2kpxSIUU^z;YdI1knPQtCnPX$t=EYH9lFkUFF`fi2jO}$O&BX(wkS?Rk>H#@ zH2hWY?mSFLTo=}4p7}XOJyV8s(S2>eJhxms6$5E1m%Krkk^L^ef2Bsfr!nCBiG`4n zOv~C4%$*^$_02s`Dmu5#x?HiKT$J$XYHjb8NNVZ}eeJBL@k2BT4h2d6N_)H$ZIov1 zSW{?mN$B5I!C=DVhm$O1y1hOSTRPT{m1>3e-&ga7X+^878$)`ERsJZ^*ZAe(_VNhlUwYe4GCZwZ7^cmsqLydT|7s2k` zgvX_X{W)Rfj}k$T*`-Z@-N+Lg-`Lu+s0{YRRbFlE_am(zcBQ>5eDOaE`3 zH5u5a;7LbC+?a721k}gZY@26laPlhk7q9$MtUa+Jf>xke18vnrYOy}HbS^&DO|ukb zjd=!*$YNT?h5k70S>irKqYnzJwa)nL^Nrx$Rp|Mi@+kr)|K)7K>3&@A`Eg9n{D#bf(B)D|6(0oK$YK?`nm`%L8&AQDoXro91Dg zkmQ-%hSr*;F+;f=&|La@6_ZKu_9vlc$7n&t|uyFTyJbH*ZuBdmynhPM}#=q<&eG}=N+u7-;2f4f?8|Bd@?_r^&=Rf zRiB(af6Drj;+Y#f=^LbFi8tlXbWqBSdt5}19%{^A8X5+;gN%F77PIDY0q@c%fNh&D zZ5lZQ(5Hah@%9PQ?D5AscF>2;&L)$nb)&p14qDYCEG-}*G z7|`H!w@_nt7VOq7sW9$RN0{dNX6EsJsV!gZUiIgDfJKk;i-ZP12fK$=?+%g6@bxX4 z-IteU=y=Qel@^kR_<|ZtNNWs}Bw^1hZMLky@6H!okIY{BjDbT!t1<>FEGyHhJE_-f zGb^)MZf4%Qa6y_}?8XuvLkd}f%)hk%!eysN4=)=NXvr$=L3^{>lV_=Q&}&39HBv&I zb;xNou<&ws8BYrbg3&H`WnDUROAma!AO(yDhCysy2!WkqBnv(`6P!dy%kbOE_SNme zn8JmW$Sa>1WHOeGoc1N6d3aP?OoUxn4+_Z;BJ*nKZKE*T-~23~RqGT@g4Sq?v0q)+ zW~92bYjgdb;gz*12RD+0GX-t~U%dR4F7bH8K>1I}zXqrzzY7w1 z0NNEwiMg(iG4Qj20ZS3Mqp>X$oA!O~F$1Br-Lho~&r@4;pfdzaHbVOr&;+r^719-g z%gS1BqJSoo8vSf*Ey^aaiymayry%*NEjOv9Ppd;FO+qP8>zJgrZ}Da0e&?~%$q_5H zWLU*ym6O{SxRhKKH>AP$E@!`Vin&$^8ACY^x~x9)KI1+OvD+VJny*(b6uOG%E*iVj zTw@CNtCk$4x`eqs|JW$J4r%_G+O;BL$qVi0;1%bGqH7n~PUUiE-4^6BySCpvzkZ0L zvBT@RE@&CL8?A=)CNXKZ=c@Efp+jS5V=NGJm&b20;L52^fD+ul(guICW`wg#F_ac2 z`a@|xKkcI?riz{Qlmy9^C<>?S)kCFhU-1wlM}r6 zw-es4=;^Ooc(^+Wn32}iqdj#`(_F>8&_cpJU2p?3JMUxrCI|rXQ0Y+cIkj!FUk%h% z*+0#}>i6iv!}a@>MP@YQ5*mt!4C=q~^iAWkRob`RwKHECf3TLm`}_;vw|D7jLuCzM zYI43>xEiF%T79^KrX@#?tO-`%4sPy`A^!q5A3HA`VlbGPs;%ous6SY!QLjIoCzvzL zeCseNltoNyFaeIbn1BviPb6 z4z{?@5!QG36d$B4);AvVEaB zGcmhi)M+Hhta%C0qNhRbnsIV+xt7!{U9ps&pLW_N#GI%joTFcVAsoA$wg6OL)hI3tJ z4JuIF271H#frHIoMjn^HTtOXa?>l73;3L%vn#R1Lrt7*6J4G|1_L*N5(wyf=WYJ|oCKnthH4)lTzU!gn4HV}u za9EdkeKg9KZ#I$&-UHPGlT=G)duuF*U7Sr~9gGj*v-e$J$26@bgdA`xO`gw{s4E5T#0Q0wMw`y(7|l4V?fAsC1Ctq>Ge<8X$xs zBE6RY0YYyfbO;a~w9YaUu%qjOtmlUwcy^5Vlbtn*qNi`A#Z^}VRe0?Zr&#@K z+p6-nYG%7pIj@?6COuD|K0VpPMwk&75$9pmwc%scV|%^onvMFrr&Ep}z}M*vSxxeP z%L4K&ZuKX@3|`!$J-OL8sD{;tTwcG_HEzce#f%ZZmrohT`jVd9$!Vpd{umWeD|4{X z)C}~&=^U(}!3w3NrE@)C4|TZ-uZX$1xet>e!lh$XXV+qCc2_*6^Wwn=m~*5AA!2_v zT`d*2i@&(;YRL3$jTc*r-@xn7ONDI0e-$i0$&aL!Wp#UtL&^lZkNh(MaDx$-LeJUr ztnY`k(-yT0v>MOZ*1PsCL;c>vMKz$!Yuv-aH4)bOY4nL4vv>iO8hTYa`mBx?XvhdiX6i{%)BAdPV&cAzjtD-sER>KHLvl&X8_7#CTQ|T zzO>h&8AI*qA)>4fwE8p~t}|ejC_O=+Qu67KKbA~in0TU2muj%Od4|#k|JG+khBMKx zIi0umklPh%ova2?OCzJjj!oP{DCK!_r6p=aTrqUkG!l7BThpeDh|E3lN_-6BNtrVchid1=5LV#+nDmGLbH1MHEWc~UrE}im? zh2`Y&-LN&CawfoQ+9ASRF(B&KLNi@%$GuUvU4ES7%AvRYUeu8aYGStzH5}Q61mVJO zurRdtcJJHQ^G*~<*IO^@`dGuys7(rH#LTv+R1J9z3>9e7VS5Wx-774rq+}>{#+@Bj z2Ja_|&+6OzZd`^@dyaTGiM+7Ro1Uszs8o+%-u;R+)v9hLw{#f{W)g8b$kJT$v}0fP z*rscpZffp{DK-~jlgGR`+E~0fI5c;3ux%hx%YFZ77J#K6y;5<>rlDXyt%zc@i}WQN zx|gXkLGOil88X_PL@YJoSa%2$fnSn_6F`wt?e;s(%qb-DV|>7|B6iGEVYjn*x4KZo z#RM23n8t_NBfdMeRyMCEC4ArGiVCBuqis+HN0dkY1+Aqrz4T=rzVe&}AgRSsp|mgA zF>H%6saSrQvSQq`og+=H=f&#jpp-sOc4mAb0`TRyDDJL2{G9ignA+gyUFFHz_dAVOjbb$IwL2aR#er>I!#_s4m?D%HVY$xe5K&Y0AN| zM)z2wjNaV@*Vp;XFg#`*D;X6yjY@weV#7qvSxEkSOK2inWO%qZL)>+-m7B{W88XuT z=NY@JG=PNu4QOxpHiJzsWf4#W7QJ_oRxX^O7y5>*8eg1Y!0zQm!G0B5wfR$Tc>unY z!`=vswDuVb@{+q0v$|@d>(l8cJ3TL*C;`rpxDY(CREawDOtspDgIayIyWDOIPolcB zK!jb4U~5aRbD{27xg8h7xf0W59^U@uwalo86PpMq3HA+Ab*SNr z{h|-EW3t}`fa|j5T}7-mV-!^ui*rKG3(1i`Hb1DJrKpuDt|xlh8$23+?7ctH4+X07 zqk$K5v3IMk*x&((K-AALMlTGx2wmO-0BG#f-QK>nw>dp?r_>(pYd=PK`@Wi%Awf{a zx{pc_C`jpYewa?XD25!1=>dAbPCu=D4hf((X~ z=bM5kcBSQNW`NxNJayizkErb+HX0$oPd?OhG*K~W&LCOJv|X|0{`>(cEkovY-US0N z+hu&HHIQc>=PzHv>Uwt7*JY-2w3gZi8HEXOk&borX-QcQ@!Cdndqb`y6Z611FB!JKx`I!IFI*IryTdBY6&9$`22qH7 z!XgOjZ8Vu%4?gyvvRO~+H?N`rs({M@*SwACS6hrx_V%qn|H48Pfu z-r57+d`;frR=*9-R>x>e)?T~|J=ozrzEUEpZrH!+rTJ}4PV9Hj_$l={Ot1Z7HR{Iz ztR@?4W5JqMGwu_=XzBIBPO`Z>g!Z;$>Ns}QajaKyWDkUz?+A$yHimI?r*}D7wK4Ww zBfw2cZG{h)wduDBf~H=RLv*K3V^-5pPYsT{uUkgC0)2_^FhB5wMmo*5jF?4M4Hd

p+kHSo5Sg5dKX8-A?Pi10}@lM^rruZ@k=`m&3fA`NKyZnG5*(V^3#QMc+KWVt zx$bO3=>w%j4m1UstahJZ76)-6Z_dhFIiQUosFe?7_|Sprrr`NQv#z)J4{2!wirsVqr3*Z zG=_(KxOL5hSJx-8$Xr__rQcYiMo19nPS@IDkQ>&a2wO@*M*&^BN4JKWQ3VtiChb;b z{Kfx6ZLKIotfLdnI2QGwwlZA6w&>NM1_iB+;No@yy;8O>!Nzj($kTH0YZNS%=(y3# zq75~QIu=tW35mj862up*4;2{Hr1w1Z*09<69DMV}VsONFx%mx7+5`u59Ar^der&|L z+cG0@`0XI9PqRR0uuoS|$+bZm^8$x};GsDE8dBPth~k9<*D{ZA%RcjW;kBjaI0O5d zQCFk_YMk-NTubW%XPSW31b}FPjrYq4Cw}?D)oA`cl^Hugp_L-$HS856rwd>XsAwq@ zVc$?dc}{=w-kC$fdk@+k9#)x=nec!sH|Ax?PBZ)*F!zspdv_|Q=i}2)Kwqnn6G|=1 zlOkUeQao6wJ|Lk|X@KB%VM{Usvc0{#<5b|Cx>4|yA1Tfq>-ST<>sR>}k`rSK5XReFUH{Fdnxb%&Cy9 zFpCimoxUjk@&Oo^RbGqlB)PFprOn#ujU9&J%tcB0T_^eO6V2Z}(R|wdJg~QhUG3)2 z4>EdY(y)`9|Hm`^#9hNW^E7JBW7K}>fqmZk@sxa2kAQQ%($N9vS zR_A*F*<`?l{oo4ccULPRwG7KgP-A4D=^NC_(HGTnTbGF~9pBy7uKo&j(DNji#PR2& z4M>Mcd$8>BU0aT>Z~8KI;-&Bx*C%9FkX(m?T<}7^^ndp_*$kAQ;dHSVNZdXUiULpT z7v53m+{fr=W!c%1(bas9yva2mlJzMFq#}R&!F6cDPCo~a-i;yG7B5B%rF{2DoHwq>j;ZPda$@=d!n;EIo5zO2d^p*mi0s>k`oRGIeRSMHr zSjcPP&1{+8OxJo0K!7x8J?PAka@9})4Z>ffur!8U#WOXiLI$Qg-kntwUT6D6r;qA} zS(hgoqlPISDALueZaacxm-@6&YF9hC{;(oj=VPT!2;bImnG4;;gdE?o{Bg#gdu&=$ z<|@!KLBaX)sKy!j@R<4f_??;w1TK67z}t1KmV;{a%Uf#?#$8^zg?Ld0G*Y`ED6uGo zo-~+e*$xGPLsOQ)#MHE{HL5AZHIwp;^o(V}+EYldTbD=a^rh7JZ+?LyTc3ulI{nnWMzPUfGt%r%)E@Tki`_fR)+^@DkwHc#hmTaY%bSGKf;l*#1Fe2`;BaWUgNr2=EwLWosZd*t;(oSfWpYqqw<4Xq; ze9`9>*vf20TVB6L*)ky?7)2F3n?;1E{1PhzF+)GsO9PQZy^u&**>hS;yAGHlv1}hW zh{)KE<#*Z}*G_yZoUtbW{#XRqc}MvKplfd@-+pfmq>407#Z+W{tCRX#;DHA=I9p)~;qk;6Q$am|hM(k=K#754H18E?sR5T>Eg&^U}e=L8JQfqvF&QduE4Zj}T8) z$N&QFA0#bMc>D}#Kwaw&Pq4F)!&em<8iGyExMhG649d*(El?A;qN5F((-PBB3;GwI>c>K zv5Ry*Q*N1qQGDfOIY3RGH1V->oFLOWGeZ)+`y#f#)1?M^B~W*#>!1cQ-L$?ZT#NDH z@n|1{AzN0A)`ofAdnNnAzvwJmG{qJ8TSY0Oi4MIQ?hxtADvp28LN-)kaZ9bKM zZfOoQeBH_vuh&e3EisF_w@$x|7Pvf&+dHEbR!%C=SRAn+4*&g#w zo|3u>kBr`%euyNn@f^z3kkM`qGhfoOcqz-w_VF503Km8S`sjvuy4O|nyUVV};lDNB zx2W@;vv|nknM?gxTeU*W&({(nsM^QJ(Lm>C$aSV$eTUzNk(7|JXv#5*KPSIA$ z^YU(js}(X%qev%7@JMra@@aA7ITY2C!a8Vo*5OZ3QC6{s3^6bF-BA?l!DErGnq4zf zQ-!P`iW~z(jnmGEBljaJBvEN`4ry=^98<3gF0^D?&H}Qxnf80!eD)f{+u2MTvs@Kn zsdk1PE>lB-yv+Qm!xgi(+O%Rpxn_f(x9J`x^t}oX0YND_7)<)Ymv>i&w!0y9t_Jd| zA1i&enA*Artcx;)ka^1KJV48y znie60LXD7TtRQ;?vRqSQYu}xvwt^eTAEqF;L96>Ey;K~TOkiz;kTq}WIApjvt$2Rwi7g?n0dD6FZ z8gBR1G?CJN9FFP)2+go1a(>TpeJi=VNSG+*f*8l#MbZSp{x`(EvsW1#Z~ocb{6+74 zCG_%{Sl0aa^SP^b@o=&WpXN4)BWKz61E5ybJ}?fIZ*0WDu!inCNL5}z!`H#XDn5<19q z+mJ!m5cdjdZ|>VKVxuG;j?-0m0JKjd7gs`hj$b_7UAj@hlB2(YNF(G}H~pLkI?7x4 zfx7W)&$7?gZk#)F=ISVz2NmZ+xvS$2w6z}%8CP&z2i%0E3^sODevN`F1{|rNJCx0HT`7_42;tW2azUsvyLugp_W`gMS(LA`@W{$4R>vio@3dlfx!z#I)WHfYXK+s{h!z-(_;-M`hS{cm zcrgy@oQvW#EaBNn8J#V4eUC*yoc*o7aLT{*gn>-kN^{LeJ;+bC-q$A^OCi`g>TEub zh2?3kQOB{!Yvw$s@c>Y+W){m2N?k^sMiE{rK{teg|DEcXS2&?78yNk<_3v%{GY67? z)q#wBb2#yQ<0p46t@Uq`c?;TG$q+Ze<1}Yi1CN9nZ|yluy*799wy`+_z$f(bl8ATb z;^GU%e5F{KgROXOZ&_cl-TV2Y-fstMxaVAB>_bzva+kkCDeuYOA<`{?W^!N@Pz4}z^3S=J*PA8egPl|lN17bf5}(B{nuIK{wkhjcDm z@#Joa&N2AKoBr|)IMk}EzhBY-^gR0X%{8=i+KtJ|IhqcmFokt&v}XK`57sKCSE0Re zBd<7#%R>?!X?J&Lt@H|GSC?o&Om5dgsL!srm)TqH-k~4Iy|F($p;0TL+y|jte66la zDb`9|WW1_XXKXrX63;07p(1S!mi_4c1o}t3Fa31Zn|DB$s|Ag3i2|>F?lc9LFq29j z;q&0I#qMX9OEvmh4Y#S--Ox3Ff_k>N+O*w>hpYURY{3BMU^#1D5NA0XW2r+E%~+$D20K_^9AJUG{hiE!wYZV_ zP6h9Tk`oT{F#n+)!EPddOjC=H{|#je5n-xS(N9|=)YuyRLh%RetN&B-rKOk;w3uI| z@#96{Mw&6R`76s%BF7(6vv^kcS?mK-Ylnl<)`-b*pjN@GV9{a8n@-k`M+ z4@*eTkS*Kn;pNB^LOF@{cL2soW!+#hkNC^3kA?8Y$r`(=+r?qp=l{C(08J`DqS>IZaOFR_N~V$k>O3U> zy!qnq5`62W|LHnWXsjqtmC~48S??hmTYmQit25H?DAPotp(DBxJc`H7d zzfapB-|3#=x0{{u;yzyZ#!mp1Bo9yE>6zaz#}g?y*W1T_>bvGIx^b(S6dt5eM0*NA3Q_zMib^-a|krX6|-M z{j${8_W=&Z{K4#pzb^k|Hzc3RS5(ah9rov##+BRZXeJ4My+eT+iX7wr<{`Q$4rgmo z0pImt@9rpOHJ_U$)VTLdcVGYJ*!&^Ek_RXJzT(|vMgLJ||M%Kn-|j6~EQ*d%MTcIf(YbKp z!t2-UvA@;6~Sc{!zX@d~tR*xZls z>lgg-tM{*20O-^4!J-1SBAvijoUfOjtN-#ieoTl=fNlAN02-iZd-vO({=wJ!vW@(l zmRc!w`}E%|6Lc*EsQY=O`T|=e`KyFnc_uB{M8jYPQOy&`(qx-%&Hd$<|8*7~bii3m z_FTdKMUhCzuU`AAn-^XV@ckeK;oT^wKMEZiR6;&0pRXCzr5M>3{t62*$(0;>pq_1@ z5yuBF&M&td7?XM8z64zzt5)nz5lc?IcZ2^w@3nue=4IPyV0By6ozwqe(*MO%D`|GY zqBRp>eY3NaNat={Qhp7W2r{)c}eH%ZAkd5Bj}{aYpex}v|4!e8Ee zPRoJfZ)D}4J(A>4K%QIo6;GY|yS4qJ|J^cbpauH^BZeFhs^(ZD{!CW^AOg-<5##2tg{iaU*G_aiam$jq?N3 z%gDO|4WF1Ut_)e@3rFx3EMGrpoqI-s!1Xr4kT<(cdQ9$$B`WN%<0FNf4-Zm#CKpH7 zwg2hW07n4+$peS;ob40$sN=cf>NO#erx^uX$BJ~>>=(N)Ol*%NT+fe*yccGj`@E%w zzTYF_O#h=Cvp~DDOpP?SY4Ds~TTB;f%OvCgCT5>Emk8z~2MPM`47#_yP(0@~!l6-k zjUX>`%72Nvwe>6eA-CQvk%GO+9k_A6c%J|9^XGGbPJ!+I{k|i`=(#x)1qFp-gR^aY z|L{_wx^~NmO6n+6ps4W^Y_T(vIgXRlYWR8LpR)~ zSSQkvbENaPdf8YNUdLFy*H=~U_HOH%xCRoY1~`(PNR^TW1X3+jzptIb*=sS}J$Z~F z4M{ROp!ypv>}o|_{9oBo|IrO=uK;Jt``bCC}8n#qv-?$Lx;civ<17t}b9W&FMF}JV37L z_WdvR_w2{Y6-M-@h!l!VA`bJncgEX4?V?N$#)|IfeHx`2@geV5oxQ`$#j;8Q z(JFbp!%RU!o~d$+H7jkY-XRPxm~v?r$nE$~$b9i7T*}wv_Q5^T3cvc#?A_OsDLOQM zI&tb&^PfsaRXa*QJ=d*t!y~eaqXRXHwJJfngX+YuRSMHDc^pYzPwE`Yn*61l6Zlegp_0fF=@*4}c5;BMiCr?MA&fs0-|&;_>nGClj=9_VCucW$@K4U}OFh-0uGBxe1^^wn zR|iPcjIR1pirX=z`f zXL|L2(EJm%a5}k|!V^rjhxjGD?-#&q9(Fvq4J4(0uzA!d;y&0K3W{2{-5sqFbd%ZHl|o>wNk8Kz`_O>hH5Fe^t6KpGjkBp-bKt zu-9wG2b=>fNyqdIr%iidx$5~Jet=g&u&J`UsE^75zn zxd7^n^%D$VXnv^dAIESH4#;6CW9gZ{uKI7JWrP4^3ZJ$KaYy(yM>MU)*4m;j-gu?= zIx~CqmEmhffk?Sv=GzL(t`|F1hpFIiPlpU)1UoeAyJGXp;@XZ(F(#Njrc(3mOO~i7 z`eXb>>|U@jRyK?mx+k)J@gZ#BFwNu3pt8axAw#~4|NW_W>p)a@%xJp+vlh5g98-U%@62r(DjGar+6+pJuX(HzqlmLrCc21DDG!qI=~w z=ryl6fX2dW+0h$kY`b0nIc5hRZRVv4vam=U>ba>0x(*U;x2_$akA2To8}eHZe_rTH zehx@YwrPl2bi#E6&b^h)K~8+PbGx*S+^V#cXZ~or8!qmIV zpC2yN7Zm6^rw8Yy53A}Vpi5T9YSC4myZ!UgAw3Xi(|F0-VDH1xcpjg_dJrR%aCt%b z;tjxti4+xH|3@bHTL~Z-_k^nFsi5v_%3GjGCgSiVOUDn;R87` ziLcF;XBVnaMBPSi0n;|-10#;_In@n^t+e-cghwVRY|3`)zT&lbwvdco936rQW?ZLe z?S1;EyTRG~iH1Y=SX~Xi-(Nr|P=5YA`f)^fboOoO3k(^TNKhnWVTo!hg- zx0=qb>m73&P2cSDmNSJ1GPE_cubbWK!y<_mC1VUjn(SL^@^o2Yug)#;)waFca-o?gtHG! z(2HHk+=rpb5)u+AW25h#`N(zXi@u`Yw~w5y{A)q+Z+(6>e*fnewbb|%+9%Ollv;y! z!#{3*?`HBS^= zc&BcuhJbAwG!oDivkR^Gpk&yrynRA@eVG)Q!J;ZDt<&ucv$J%4|8&Ar}{1{ir%X`38+yrJ6H&fgdY(7K#M|HJEg=_(M3+*!;L zC8Kq`-{$o5to>nxjk!VE+(TWK5Z^;>UocNSnbS`LrfkeRoWhH+jnuCMj{C+&ZUD&% z(^l-=3i@GO z2%yFn!e>^#I31Gt{*xdfD?%bhaMHU)qD({XuZD&L{=D+BTop;?yfKFqQNlJbztll7sw=(8W?Y=@tyz z$E|vBtk&ozehJom{5|{;xY7p2Qm0-@t;j4|$hfq~UVAqhGj@|fv3zBneu6vH-oLy=H^ z%{p(f(K@Yd=b*skD56gJ;H;a)J^8g+Ok}NF!3zbY@OWF)_FVj`Ea>q>T@5)59oiRX zi@GyRZbLa*76snQwhVb%09rag!CZ3-c^0>D;Q02dZwpbDrSi7NwRhuLM};^{h^4!w z;%*^)JDvhE~A_bb)CTyDK!J5e)BJ)5M#)RR?Mh02=x41&Q8!2bx~W z_ECBx@Oz-O@f!zj3!Dnd&!c}TF(?4`{Ak;YtN>XU1wKwSt*^8l&{-MG=K`4dqgPky zqd$MX$AnwGwY=<#7&V>!sRvi4z*@*gg0QG(6XkrzJ5wYSWgd3c!-X+Gli{=AJ*;$1 zev#&@IX?m}wn!J&CNWUj<=7dc@zWFSBm5DSvA;4I{}J@w6_p~iZE|n{?JU5;()e&z z8JNG4)hSpH@eEBCw2!*v90uHQ59TTs9%@E4c~S(z!(HGsuE(A&*^3qnouj1&p;-vslIq&7?j(e`{%-}KoK5H!q8AOa{LBZ=X2G{a4v=Y}_sO@YrS$lBx zt*;D2Vmp)9+UVp_+O?zg3-(Nh%lh~`9%k8W>>UPPSW5!&2xG5pmG&{1$q5QfaOoA7 zsP&p_AloZjlsrw!y5zUQIp(u1J3#4p0?hH ziR<+-duTAT&}wftNWe#6u#jHMC#MPnf@R^MCT*|1R95oDnR&amD`bK}fj5KU;V+vq z9snKLF2k!rdujdF&OMaakXoFg(~C9!ydKq}glrrn=mN4(n}gzodd(ho?3zx6T!d+f zV}fPcgy%$dULI;Y3#qrUyC8lUvOb_oDZX?{+wuYLGOvF6yBY+@RyX*l>l`tx|B>e2 z4j9Xis&Q59Lr+ybL4zZfd8N}6c{_Ko3$SN0Z#-`__MF9u+KiRA5f{21_pJZ;@zgRh zmVPU3v~J?a4ZB`GjayfIfRH$IE=3I>8@lXP zxx9nNG^vcRLeTkHE1${ly6kP-vMjzNJf5q5LyqVcU^7-a!NirSq&3wWPB9+^^DUX};5B-4IM|l> z4!vi;UIg!k(n!`)F+6pj+D*T>8l#Myg%fwkY_9xBHk5!R-D;~+$!#}}F@tAep+OwQ z;-(VRHXEZ=i=_>nWAs1#)1U0>>o*119fp z;H}fFlQ2BG=9RushBJppr`}})40w{o>6yIYb(x-?3GQQy?=+a&He!!Vm#AQ>PvrT< z!HtN5)qh1{*L?9pLff`^ja%c8mn0!s;i7uQRYxN^KsqF=z=Sb12BuJck{FL-!y=^7T)in|~^_9jc10 z-v0hz%~M95(5pOPUyt|q-fR|RiJ0z{xg1weT=fI(uZdg)Wior4gXtY{_m0hKr$XTM zjU*uen5Dyqm3fQXd4K}>5p)hWCW!Xso;C1p#xrc>=OVhr%6ciANG<}V!!uosY4X^_@bSmNV;_%c5pC>*cW)v^Cd`x3s|P|DK#;Jra%k!+s~f`d7~%5m-6<);9bV^%+f7f#s0a(X>(J!k@MX_J1Hi8Y z<`G3Mrh}{fqRxb#nRL{ZJk_RK$JrAK+;JU`TW;Lx5ywTtgg4hpP6fYm>-gFi(ONoR zCmAJJChlAe-)oP|NUbLxwxnd4OHalurufvPc)z}E&oA(T$9-vnxZX&{8ic05a+Ra4 z2H|R{HP@Dx7E2G8HkfoLsG;kShSX3BH_um100&??GsDQXui?09k2r>J*<cz}o+YSXUO}CKcVw`Yjkxucf^*Xn5ipDD5 zC9w(QIInOzitl}P&nPfHss_-NoA?S%L#ivGgID_fM1sba*^?hN16?`ucxK-%Zv04A zmhDCl3Oxl7Nn5|Y=`|MQ?~(zsMLmw$j*JouZ;>eGxr!p!@z^w3t`)cqD*&C|*R*rb)nE>`nSU#)&Er>)yLt=e7N%G$ko zbX-1s*#@ltp?j}*x+YB5qQZ*)X_R_4Nl=)U=pyx{X~lMKnkO7S8mbPH%j zI}B*zFlaDt%C&XE^BUp{GM8p|!;k;X1t3n|1ECQ=Oq7%}_TGCxoJHJfW+&bh zEjW~&f9ftix#xoBgJ#5vOIH-)hEsFs4#6aU!LEM-F8LgquZc*({I&$@JC&lWKJlYS!HC{LN zaUlXpKZkQ|cR)$`VC+DZWYTH+x+#Gl+iIHEqaynAd~mq&Df(=y%2Nc&<-44EXt(XAuRe zfEnZ6ORre7m9f#sFbE^`-s+8&I&uka7d^}HHpD{t%+s$^(Z#wEnCY|Y6#J={Tql-l z8*Qhsu;*T?IZt&RVR_r)Mx;VI9&Of>_CaIs@nQXFkZs2ItHQ)=>Im2y38vxPSiv*n z;y-YvNc5ET3wboJF%;qEGD4yCURdSC9=GOAx1_TllK#}8UkOLqN13Re&gJYPP~-;4 zYO`t6{-aFLm9Hm20~&k1LM}C+|Ho|!jtXv%He^Tnh^!?(jvoFdTe8PH{sJ!3Fq4nF z+d)^~T|$oVTH_FVp&rm*?m!ZvDSoUtd0)X|w`W1b4+f$Sj^PO2^3P1#Gy4g;_vvBMim3UDTf4KyR zsqIdm7yAh>e$sCzPj+80$!Cl7ygBoPK@AqIw=(=Zx_*H(-drMO294f^yL~R}bg?Z! z+Q)Io`I-dte|fZ$WY_<-Zh74Nn~t}bM{y{VM6)sqrj&cBIy;1ESV9N!cI1iS*?ohS z)%%Ms*s1hfG9VGQq2V4|ZN|q*Wyq@WI(p_#qgu}Ot?zDIJ$h)}?-3GJIVp}NBKhfY z#xh(g^~dlRN9Gy&M?YkA+G5$)F-70{B?kU1n1Oa}cY#1Di4pqbaOvUJ_bScRZ`?J| zc#B|nm=BH+v6bR+v9@x%M?^RG#epg@5ula!BDqL#LK7|@zN2dj8fW3s6@YCoF=O4m zbnB(|;6WsE6X1BTP8EqDK$#X?QI=iFl>2t!l4`Z__nw#|dlh7NqFWLS4X3#?>ETuj zP^1Ne=zRuofF|DxQ#xzsV_gXv1LIRKukuZ#N8u=NZWepOkd>!cBhRAz2PK*4byL@9|-DSLN@w}69#B8VT59`*!d~kC2-0|+&%R!XY`T$WB z;V!xT`Zo^lD4)Ga#gp;D=mewpjGztS!j;Mi%9=xc^sUM5Icn49_Smh)v&TW1d#cs=*_t`&o^%8S`7 z4oJN1T2Dd>O<D{hk^5`dW1C7UI+} zxu8=$sHWN{+3ceFaRv)RZ>tQn-(*j7NSO$GNfe%r)kH`3)bEdVXCWicsP9m00ReBk zd>3jSam!ERT`&G?b{9gR)~{JbLaBV3-Cn=3C&U52(q%aA7uXGnwdK2{US{^mqM5O1 zZpJkYX~lV{;R}gv;gvz=yx~R!&(6%SjgmX;h&wX5q-}epa>?KHNH{M(d}a4KuD?Kd zOaONP_1tCXv$|$rp|DQnL%Xs$mw;c)&r928j?mcZZTN^J61|c_`C@s>123?|f+p&T zd+;LBFBq&5DH#%1JvNTXFMZP_=Yicl-qw8FYb7=oRiE7j@K}@{-l*#v$79DTsC>GK z`vW~&YhHEcaOL{NH5Q_SvL)cdEV!iV*W7quo`}f}KQC{dj9KV=ta6a9y5^I!T}SA~ zZ`FA$SOK0&MQ%GVdb-P`FZ0gcWu(r*Iogfpv=0L*m@Wve|dcucS3Ilqxit0CGKs_82YD*IN^2O;h`>^lAj5` zlT}BPRDU_a>WOL|(X^h~Ws2w&HyVFt0p_@y#J{zWysqP%>b`QHJrTcrO(Y#4)u-}Y z1-!%Xa*MuBjo9AB%roZ^grO@xXW!n0PPfo??XCr~?h0xZAeZ>nhUEaB*8t9lf9Bt) zrAg+T<`iZgE7}Tw@FVW7@`h{g#mDy_$f<)Gj7yh8`JFX`3s{xRX9~%195GF60MdI= zLZaP%z=!5)`KPCNv)$*Wv=5D@HC)`GJ&*e{rINse1yh{UI>!O3{vhSu{0Btx$Z`&a zRuxNd=T6er%k;HM&j46oSTamuy^k5+L^)3b)vEE#3iZXBCn7AuCI+h~_C7nq4+1C{ zjQVbcR5tBdal&@n!K$_4$w18|e}AgL?iED2R20>N3nD5E(6$jE%DviiUwx9>!_1jX zf)NsiL;=m$N?)Zoz!s(#AnHK;7$FnUVr%CvlQ-eH)<{&|5k?EBS}p`VHryw>1ECP( zGFInw0VkQT(Kj&&UoV}X>x>`QGi;8Fw5*ZlK2vgb z{v&%j1wC}17@R&gx@b^}Iq{Y&%f1qfiB)etPIc!`iZ-UN@iY#MuP^QjcYu~6!opnT z@glBPc|FrjXGX&d)-JtG_j={K-{_`i_w6_(K_7Pafaw!!H!l8N5JTbp-PMh;uZV{jW^K4#>JsB3K<;|G5$Ojn{&drBth^*UJNx~_3y+EV z5L&KEshbm#lMo;P;GC)g2I$@;oViqq&lo^FQiaxQu=Igi8r~2o53}UMBRgLhnv$jF zqWZh%0q6~s#{8<%%P%Jv)sAmpLl8&N?B>z|1}60wAU05Ja0WL9$O2rN z)05vwrC(1XwBpR=99kPuk(jAT=gA#-7h)>VtoBs2vNKme!OoHkEXE6%-b%Et^E%Y9k!RK2mcPVoZ`lh6z|@^Q_>+8t>o`J0YadLGTq#EH#fMyAbPGTfQ> zMSQ)28{P0Dmd6m|m#RHHKTSJJ08>Q(@!ljbo+-nti1LJ5J!WzFl7~$89v9Gn2 z2^ZF1uaJ6ocv|h%RvbqcJ4pyItNPME%*D_HE>@HyH*~0-QtQQIdz!S(Jv>MvyvqCo z-y{1xE=3d*DQ%PCkpVHGx|8Sh*;~(z>41!J#ye}~qru{Z4?an)UFOVsMzLkIMRC3= zhXK;;%)>elB^;SWR4mD8(J#{2BM`G*AxHdqYuqhNb6#%|@M$`U#0Shr`w%8|fb$)7 zce&psVhnU(E3)-8g4fHyH;0S@H2(JcgXLW5z)E&BL5c5DhHYn9i^5ygz}r<5xOSB- z#XVyY&v7R95RDy&rrW~PnX`M*SvYGm4nuP8b>IJoy|<2wdh7m24+u&~C=Linh!WC> zfV2{#bax}&-KEk>Ns54=)R5Ah64FRBgmiZ^40HE*&Ut>{`#k5~N4|gF*Zspkkl{0* zz4xlU)_c8IVV+;BmTU4|E<>Y9nJ!n~g^qi+2*Y-~nhmV+8Wo>*1KYOI`g5)6vk|p- zY0RS^E9#5A=)Sc|=H@LF<#zl9bjpf<`3e~5@Gmx5-Tcx)3-}Zh?43@Hswr4V zbleIW?&YZ3S1ykDy9{rUS8N9B_?9|eWMA{L-Em=ZbxVHgTyEbdY(B%j&C1hOJFGYJ zv%tE)5%xs~#_e))N}_wDmV`At;FR^keib%a*4o;B%1>DX^PH`s-_Y9Ll&-m`OinE1 zw0$lR79=Eo*_C+2 zzR4O8;g;V!_SJRonZd5@D^q*1+d&3KPzj*L)B?{h1UCay-ZT{?|6>ZL++OvN48@ z`TA+IIdJJKR=FeS%{927{k&H9vLVbH?0T}r)@*jv9^>_DYaE)Vf z);?{D5aBzF_m5Lwz@otg4Mbauv}+#v^=A^(XC@z#O?PN@ zUN&$iW_~U~6?3~%OT5u;^ADVxCq!Ai#zhsHk~Oy!s2Ai((Qxtn%n0vS3L*!n_6FW0 zHhpgKp>i-M8Lx0Q8C!)2re*sD*a-7`KC9Yz1`0(pjKXGW%LBdFs2IEpYC3J&@$lSK zD4Q{vozU`aIP9a@lph(MBp=}|O@v%zYS~n*JMw2v+z2?gze1dq>``pi*kU=M;oZAY zwfDiD=m_98Hdp4uH|a=p?FuMH{&;isZYXRL|H8(!zr9^RULP{Sdw?JiDxRO>$vtlH z4o0#p+R!hfGhvY_3?0><9(j@;&oQ~=SQgZ40ZvUPE$W_b10O!1cN;4DF#FEg@&DQ`t) z(D*=e!gWSAv$;d)E`PG;zUq=G{8PooHQO42Ej^y=i&I8TFzmyrL)XH1U~XFlk0G_a zWi3uwbw@F;@h9~jv8zlhUB#VrHj{sTMKnzlsNxcfO`~B zvA83O&Yd&tU9d4V8a^nW9JpSJ*js<;zG1JI-HNw19ujc=z{0aS`xr)eNBy8}-I4u- zr&Dm*G{qj8^UU6`QMYo`0Gz(B)S=tO1-;f%qA5~Dsfn(#YGiBsd8J(l>-MJYPBm-I zfyh9=wjI3l%{$!*2schj=8T+BPS8ikqt!GzY_zaQ=C{9zN=!$=TVp=P0srddG@w#! zzkAd3Kv0jI{(C?zZTVv{RQe*e4;k%RpR~ovU;9qmrFptF?E$+S5LeZZev2CuXDRld zoTeHy{1=_Rk-FAfx6{+Neb0R@SJnc;?@8nuM&cvuD4lkrOii)Rgu^tbQa!4yk(>p_ zV@>r{*Fcq4B-gSsp2IUqe`MP0>}$w@9KvSxVMO5l-a8xo^>%3($=mNkN*2aV=hPP(YbzH&bHJuhMMD)R4st%Ar?1)rp?nrjGt<&Gx}`}k3! z{Li*}PW}ew32LK|oeg_tsLEy*>@IRZ;+dp~SFJW|nYf1cm}L$mh%x~TO5k8;-X(ER zj$Z>Lw@e$8#zmdA%Q%Bh=C3ld)-0f}P8@ciJF;-v5;Rzk!djf?9F3^nzj=dkx-iJL zP&SGzY&@TRwxU&5=9tG_$Z3|{o69Gt4D|Y7Q$-VN>w0e2t&z})X`UG``gvWC;ezyZ zz_@F!(Q*d~-)fJn`4|(ku&u143$`dym)@i9jfDk#cog~mcpAz6vR|~W?54;d-8)eh zUGw>e57$C2a7R1WFNWb#+nm--6kl4bwc2Yas=>fz*+JRy!rHTE9r(k1Q@D3m>|P|n z()iuR(Ga$A;hyCLlsYT*Yu&Bj9_yHAqp9hC=!Ek^U(P;obmv~tKP$#Zg*?;uB)$X zfA4??kyJ`#NhdOrF<&3W7qAm%RDaX*3;OvF`SpKCQpg8jFtX??1W3~q=YpKOy1**W zsn1V#&yQtfJkdnD%oj;REwiY?-waZR@t*Ek)6G(=1iH@!t8`z#a?C!rx@}a8Eo)Y@ za#HsNcG0tGm+jXYlPI-VK;peFRAYIKcRN9Fvvw=hxk_u{ho^Aq=SR%!2Z}RE&QpG^ z&RJB{Qv_yPtaSTv1+hs~@E_s)R)uX2T5NjP_$zLH`xJ&Be`UfLlQ~OIh|3`GYfba@ z41k0|3r1%m;Fvoyt&bwzR~vs&h{r2)lL*IUh0635L&|zxT}1g)JXaO6(gbeXfb$yt z*mDlc#Fu?t+XoH4Fy^ZLxfVo8JQySZkt%fvft3=i1i1QASIh7mr0;99&w29;X{&?L z0Jg|JlCgmuF_WneTTtBV+Xk6gbj#Niak}OG@BN886Hd5Uo3pp}aWkJsxp6Klm9BHp zNUx~mqw|t^Iip`ai(V4B9RsueS1?Jd3V_h8>3j0>q)DBTIu3nx1RV#Y_3(qlEJ}{` zp2BQHHOeJ9d%*aZtz|sl>yP-7pF{lUu&-g!|62PPm!&g~H?FTizN!UuC^z25^g-S} zw3iS>`}09~4RR)ZiMg+DY6I}e_5G~uO%;>IxteX?nB^4T@rJB3RfqhW1KA3q1L0*8 ztA~p^w#00fjUs(rC%dU96vFa%eGR=Wjev&y8I|CuJ0wA!&i6nOONkH^{yx&E$`(9by5GTpw8BiXZX9anysXBwXC zY;hh;s}E4Sy=*&3JevL};2vtW(qjp#ib{{n6n-oL=6ML7B8pZa92S+pL- z8;EWfwfu5hxcJnop)HuqsLM0yVdG~Pn5N3pT&7!DkTOA?pktW)0LZXz=hgEZ?FTV@ z;IU*(=BHu+*{-N=!J|mcGR0Q7ZD8?L=A)^s_hy(-Qsf!5#+hBk_mP>(2WnXcQ=o*3 z26uk*wwL^?@?Hxn?}qJhEPJiaJYCi9` z4I7@0a9+AM1D0x7^YEPg#aSNuapxK|9NTswq;a?a;$i`P(D%YL?d{oipNm(ee2~^+ z`a^VL%~sJ|cQbN>>wILm6^TAB4}Y!}8ZR{uyExfliDtE980!{0s&+PhojFtc94icN zh55h=>~U2&9A2rH9jWf_dMz78CYxyL*_8n4u^EcN!L+}Nqh11Pd+n|9^RCmskqgjJS>w~@1=VR}PJ9{F3K zTxswO+h*i>Sm7q?QN!jl-{nD30zvhHy0cKjZ4V$nn)Xeeurk$${rDf(M+*VAY^%h`jB!(M2Etx`^$hba>t-sE0r{AFpw566OKkICD@HtA*zOsZohv=NH;j zz54RHSnK4gDK~Kw$0@jcFW?hed#k4P>>3(ilUT(1y7;%lD`FowA<9b--b>a?&bX>~ zcFMPX3N*_mYV8qdNG`GhvR5_I;&>GVe4|aU2YvA4iW#4H399`7Zc*nCqt-})T@u(` z?cAz6KgLNknV_N-F2&*Ylv_zXzFh*g&D=!v2n&Mt+~-7IR^r~SuQ5TH`GL%bN6}HA zDdWs*Qp`6e$~lg^SkNf)d@oK(-1kz~yN| z`OMi}j?dP{G_DtamH3N4hp)Pn0^otWOJ!-h@(|(%D+m`UN}~h0>*B8A9pJ%k)LclX zUKBFxlz00KuB$}kWN)r^Puq%$Ut^AA2DzwfAQzPdBXdS#%_mc-I&Qx!#$Z0EO!Yc{ zssW%&*DJlVg&UngiuQY==|{r~y%Ay1zQNeB_m6nie|K_zPZqHWi?RjQMJkj@(ZXUg zTSohqtT)L?*uKJ}t)@pNMQ5PNnkPy7xKq12M6N-80hDV&!aXr0LcPA6?%OHw&ac<+hZnP2{>X);CLn<4x9{ zhwE;7*0k8Jb+I>!PImh+_kNNSZ3;aa|6KmIzC7vvx6z&L_geX%HB>3wPtLYnCTeD6 z;;E3D)FmYOUm=X8iUFf23}XBYGEMmQ=eyX2H@~Hp#COThf0ki#GovM_*zABkFePwr z7q)1`43b>N$J;#4H>o2?)bF}a6w|K?ri_wLnza_&f2i`XmBOJJg3qICCeA!Vl2ZBd6KfL^2b1UD*`@s zr~k#_AUTHrAva#4|oC57;BM+7jXV)3tY$(!SKMUY}v3UfKDc zrPpCuh)mVFSa=`Kb749*8-0!qVeW@sv$XGkYa#)aPW^loY=47_Ne76WYub`gD(REir8!fAQ0N9Wm?m*+7|Jcp>LS z+G(02$AR?LhZ_a(j5PQ9GOl6IUg2#km6(h;0koz7Q1iz2 zWs4aoJe}?>U|Ml^BOk9>q%3xrqC4Fi<-LI7Y0et%&<06)eJmV=KT~4)e7q8YKttD2 zZ6W1)KPP?#R~Lduu?^yxi57;Ex{%E10B$h1{<9;Kxi#ND+oSfh;ro-Ss6-3oI>m7^ zo-3I2!IMj`0}`+3_rCA7=VfsJoZB2s2B3W1$Ywm<75kO?a+{AfuW3R0NY3ZsEUq=Y z{CmvZ_!B<9wPU=b^3K-dx1&#Cy+YM>L;1rq`X z{j<^V&D1mTH%v}O-~tpT6EuugL4Z9*<-P7zVj^=s4@v}>WiQrD!j;!6Qo?^>yw3qB7qUE$C04QpJg&05XQ6#iarZI(c>@+o2RajmZD_Y{f=*xGfa%!>!}?QrPKO6hW&5GA46 zfIVa?bWK@H0VHHu#0v*Y`uL`t918E1nDjyL#LdcXS&trY`+sa{zUJ`gr$dVj0&$li zU)^El?loBC4*-%~lyU5>bH=MLX%K#+d~?*U=@mLfp6x1==XPDZjI%63Sein6k2etS5KPJiTQN+-=uo1y+GB&Pl1cSveohvhXiui-H*Up{xn!xMQLMv z^Kf)I^eRc|rYYYx6)3vCkdcYybzJTYqVieu9a-Cdwtb_}oMCN3sKQNeaY#w_QD4;~ ztwcI*?vb-Nlc}w*D~@v~^EFbh^Q23J_obg~J0=Rx9M4=K>lo0NeSw06$B%~cz!TPu zs!q2zwtW+R9`}dho{_8MszRrv&FeyO1a1L-yHC>zIx5Ca^rd8?phCRiKCmX45=3qS zuE*7s+n`yF2?QfQ$&}ptYDU>m$R;x%$BG0-?gr#VP%V5qsG7e#R;^J)?P$w$9O3~*VpYT*lV#-~tAGug`=XTu-{~?o1qX^SWfxVIY4fc(luHFNO;gxd? z=Hu*0mdUgwrfvJbf^tI~4SScPw<4KwK8lro0R{F$D-sKZ4O!!{me2J&ex6s@u6F=1 z7hfNo%FF5%*7o`*Yx;u~8@`LB28}6ly|F9+c(M{o&YTUc_b!a$E3>@TeYU7J)7gb| zXVKT*A@ROfTTeP|2?FzIRAJ_DeYDGNpZnDKsR6(3)R}wJ>2k+zJH`JIJqGD=-=Tmh+4M6~24O$rDc%~g= zP6SyIUm(g9^T=kBUEeu_H`DGosA3MK_!y4LW-?;6W$=nyv11 zgnw^V!hbl|sg`@HUJVZl;8RVIw+F80;1a~5KsZs2aWhaD4@ag$r+VK759#|h3Q3D z`1VUE?|sZd#Zt1?icH0pu2jTop?cadRrqv8VvgoOhhE0)U&YWnMYT4|l3nQ3^;!f##a; zvB(7Z4g#g+Yu&l3b=8~ZOimcm?0OC|v=J2zNvzf0cuj6H5#qVBE4xE-QoGOK!WC99 z0}+-6cwdNY@3$stBIsvikIhr>{M_v{3r-T!u*V z4UiDwS+}x)T0V+p1&zA85_>$a6W^#cu$(ZZVA z3f^%zCD};i3Szi!j39-X1Xg#j}iT{A$;Cw^s`@Z+N9l z?$6h&=#1vx4a-XLnQq7nACxWAsi8FIml75{!la<(NqEu)N`0n5soq<(`>Lm@8+LZ| z9{fK*$-wtDKg=?gz?-Q~RcxT5(U<+g$d_KvHrc{s+THX;O}TZgLhMmul!DxWUZrXj z0FNv2ds%Wp^3`X{nfGUCB%FAMl<`*#821+1D{%Hldl6(#3A@|Ot}5y4YX(pvC(dQv zBo}SHBKC&R7meLd_2#;Luat2>jBskWOJ5%X-1i3@ws9A8!HCyar%i$mYmqzi81C~u zuICW$1NV$rW_+QOKYWb?|4KXHAV;Wt4fCYW7J1+Zklp)g+d+W8V#bA$e?Uk=vaHuj z!LV%_SWv@$EqUuIbMIe}Z@!5c)dFo=+l!f+hX&2}k&h|*^*eXlo!=A5J(i7r|Nctm zDoLHJuE!}C5|K0iDs??Wqau)b+7sD=4*%RIlm9BcJu)&T&-^U%Uo)_Icf&yr}HoG^ywuog@gVgVGDmf! z0&X6a+vMEVv0UWk&$ZvFYdN>9!pUr+aHtBOV&iF9%|y|YDL*evzSaMLX9$0TeZN4v zV*E~*NseVR1F5rO_rtWM>vyt-@2e(Q(~>Qh4t;A3si|MRu$rhAeAz*}fKGcmr#;(% zM3CSG-K}(Z@@>7(7?unT8h_(IahR$dUB>X@2QfCk_*ynRb+NVy>UPld4pIA@Tn5^a zEcq?kKP*dlcvQO&dN#4khp1_HpaZB6@#aE}qiM=Z6O#|UZM2@cw~E&!6TiS4zB#3j z$bLOs%TVj&#)So^w3Jzneh1t@_c=J4TrMKG`evV(qS~035H%n@?U@XaPcPO+3-vPB zJ;3mca-u_gA}=#DMtk#X?kN1J9Nor#G(Y1;k;^$10Mi)&3`R3(VB6H%l=AEY6N-9N zbwhG*n7&<0T&F+Sj;N7~ax!jz(?LR>9^iWei-#q-%0Q5E0hyGZA`cFVSeXF|0hFHvs!OuB~UMpo=?y$%h`>+V{rQ5Bucj&?$V( zL@Vy@77XQN+E;c&!_(McUg9uGu;8_~Z_TAs?N)h6jt*g!AKDfP*#3k3H@VrMpMFIH zs36;g22j!TL}c8M|C{eAOd*!vv;nxUhd$@@Xzkp8CR;QbAJy7FEQ@YDoZj*oLT%Y>fo7B=jbpP#M242g({55yyX9zi*k zA+xTk&@i(>jou0|o2j=>D^Xp9SM*;oqCvgW6LoNs2IdLBQEWqfJK{1O=(YD- z;)^}HmO7`*c&+no45J06GCXno3ct4$#0s!}#*6F@6|}sR_2-@`D}C zKN$Dcuzwt!XD%z40(BrXG=Gt)kVjdUDEt<0$CFP`aHR>3=5#&Y7Vb*TRTcX_9b?7A zmtoqG45v^m4(N2>I%VSS3hd$UbkEPj2c%7Z^OsOECzt&78iWPGClBz4(6gUob2K-Xh z`HQuxszFZ<|HbN})RAUl+Q;yc@jZ}`X!K231&h=EWJACn`wfuk$sR#bbb$-+f`#|n zJHJ_ik)H-7m`<(In02j~8U>q_9hnF5;TwhoR1+#>nL}?^WUVGX(DQcjNKN-9-qznF=#rzBji|6Ud<_!*EV1t(QX zINbHr;CnN}#OHL^3@O!nt1$b9bkn>yyu^jmG?v^pg>P8CVq-vq{^D+WBY3+Rf|A20 z-!QS%#LjOOp%`JGDC2&~7>>%z>&~8*aQP=X>3^Vg`TG@0LtFEOeYK3C?BCkHb-WI` zL$SLCnSRhcRV+%JKS2X?k#BA0oF($N1KdbU`E4k^9hqc3^t* zIL?TSE58bUQbThNoGwWin z%@Kx)doGy%D>wh*X)59uucSe-js;i#F&i43itd8i`d|w*JT*|)r5uKL^!~2mpk6?- zFI=_Q&E_msK`rDiH{G)WtI-E*jA|IE&+=b>^_X`VFJ@tLyE$`XEFbf4*0EdZk;#Ie zBXguhP)tarwxGSb#}P@~*&+t4#-|CKKZ)YVVws?uq)UxJum8Kmekw+Bg~vHPC@*1f z{ah<(8hBpx(%?ZHD^k4rC08`3R%tBYL+kPdsPnc-7XFui^6cGPd&LN`tIWIUZ;1Wq zS0#bWU^&A>97U%`XpaW{KjJ&|i~kR_sp#nFJI?TS{NLOr6&V2Wfjl+>P=HFS zujh3h0nB5SPe*K~6leX>@|6|n?<$auO2>vfbAH*U#Dhu~(VWCs^wYRXrC4zfGnb~f z9@QpCn_dhMj!pfG+RlKe01HK|N5lH0^8cv1$dfA&E{mbaFJHv=* zheu}s%%Xw?-|q(W|G7E-Yczm3z53&e@GJja^8Rrn&@d!fz$1p7n1g?J<^S=yVR0Zf z&b;sMT>HI{;~(}oMiV?DXH}i>f4vN77zm-(9O!uQf6t-+!)`E?fk!9~ex?3jFGHCG zSl!`8X@@)iDKP)BZU6icc?lwEn7@Yr{)eS~`u`2ZUl#KJLxzId zWG}VEHO|BQe{VL?FrfZG)h+C9@}d}D|G^ae#{V%SJ?Z`is5st6-5xi;pkGqzrk~jj z9$CN3k#=>I{@60sOLtgWmKiqqAtN`Su{U{XwK~@(2H#RjIyjfOz3u6x^+H95dg(Z4 zygVptbhZRaMF`hJU_{?s_0mT4f|=#%3t!%>*;C&UU&J!2Yz`!qi5WN@kdY29{J2>H zx%49aMKBF7K5`H0H8tmI&w5)3%Wqy^^IjfQ8%GZcb$!lm>(pK~mt56wCDr!9cMLil zM614G4yMb};%WS$2r(ZGn{5{1(C#4nZ!7!X)=^BEn$ELLVACM)Md;4E)f46B!>EMY zODtQENe_a*xd60%wSA2%FR*0Z_?B{JIABcL1=tLL&i_ggax~noMyks$mwFDJgVTg< zN3DpE&D`M3E6}5)jz>`27%dYX{m03hf?C3@v*)tXW5ctzh3ob!eM0Mfuw=x}D_&DD zWTH-Xbm)A)LZ{`7d_9RSI{M>EYWLsE`Tau%WV?nYy&4M#=Wi#&ix#J(s2_0H9P{ai z10E;71d`5{Z;Z^5@$n=@$GT(9xfW?p!(tY`__?3_(>$90_gyC>^-s{)k4wNIK7}yt zxh!GUJ)OzrC*0~elXgXvmRRXyqI(IXE_`$IHsu$3Mm>{urc1@O`iL?yi%;tvnLqk4 z(?Nxcnm8_bDSOLVQj#Vot;JCy#lKCq`R@wkV(Op3%PUpZUPH&cM?SO5khR{V3jOH; zB_1VGq1&U1x_(za#*gF+R!U#4S=ykpTNbwZkYqlo0Qqmy$Nf)-KtoN)X?mfk)YN?Z z%zJQVu=E_~%5=?P-Ky6yE#}US4qJc@K}ZN!ci9`Y(iu6f_eA%0#thzLDchoHB{$zm zKVGHGCn+kL#UU!{$007W%&0D5e|zaOCcNvP;Eo$tRfa=TN^VuohjpLsn_5sy_K$XX z&VWX-SRwxnuQI}&SCHu}S9#q^k@oG1E*0{wZ$uzUD4 zBV;FnJQJ0_nv@UV-=K&PRyTmEt=v;-SQkboP9gk{;hz6Zk)FK71YegwwyHwS&Nj%+ za-MW-tah^{N%-XbYW(-Rl-=(Vn0)e_}|bmD#knC zldr=N!DO7gcL3H|nJn8V(mpDayV=|MzuVd+Hr=wpS`k=nys-8nPT>~%V4dVG|J30= z`f+7wM*}6aZ#N_JzW55aQ3+r)p27?TWy~2ZcoI`F$Y1kIgG+-R#T}|k2D-`+{{&1h zf1aaeedOy;xXp4@3}LEok80Y!Tx`hsU>hNdz8Dm2D_g21xaDUtnLhS`VbZ}Dx$!B) zRTQROmyafW(3F}C7i9}+UaRH$ZF7{rYT5c36?5Bkk88lOHs?XeMc8|knty^~Ri@#% zsvirpvGq{~l9%@D2ZWFMf-tyK!$kO!@#Cjz+;7a<#S{5D1`#}!j%LmhV^iU54+e5n z6|k>?g-Sj#Ap*$|4*#Ds(#JI<(EjB8KrZdH77S(@m(Hp+l{bC*PkSHwbB66Hce;h%tU*EP%mW?tIrn=MkN=@knvYEemx&I%V zFQ(q8)7j=a^8_lLjCCOlpBS_WW5Qqk;Q#S-RR#J9T`_h# z!!;`WxylWU7<`=PQ8dA7w=h^$6ch+gn^+roHRwOSpc{Xw6+P8A8SmQrk(bkPN$~p` z)qcrCkncq-*40Y=7txUddxjHv~uG+inG-^bNY@b&o zbK^l6tkhRTKr}h0+<0AKg@gk>G;uDmIobk&BDbb$!V$^<*kX3+aXtKD$@ zcs~#hT7i)Y{ivm*KhO_+aKM`_v`;l`8y*rY?;qN+>3Ix*I3}f+)Wbjg^$FP-)z58| zi-PmC4MrsOVQW!m{xRX5l>P^Im2X_vBUwT@9Cgg@oj22#s!(=#cToV2N&*@#7oEUI z9OBFymY0qMZ)4CfsbjQA&$;7=OA_sR$@sEKWH;+^{9^OprPn7ZkXMV~)4yTxw(8in zkw)a9Y3FU<_e+wOlOdFtQDR1G*PaEHyb6G7-!M3DF4t(Hi5Vdfh!nWL?A@3BE{&fE zx^tpoj7q8yDx12Zehja# z;rVh*?;qDQ$Hc9?C`}p0Pp3nStQ+BsC zOPX7!YFsHc^E4hNifUY1oUt(E8x@;GE@U)UAdmwbT#l*KHUF5ld`%|qZ%d~}d<`c; zLd-JIKZHD3f9WP65gMnwK}yRc_Z5hT@5>p4UjUBAo1h?~BK9ctOMm-QYC^EjSBdOZ z6N8(0Zw{uJ56b7za0uFNLBKf00zcAhdDoSRa@YuyI$_cC%2eE~->gFX>kvfL8ngB7 z5xO^xE=*`cu2DX>8T$HsZnEBVWAHd>eyebtDpu}xT4+Baklhi8XX9%>%i!ianaxCJ zhBirPxGGg56jGSDIw6b zPp6S)+fAvWg>`g7qR`&fxNh^kBGxE*`7o&X*`;s7Sf8Fm&lJo&VpJDX&11JzD5CHt zfU02Z40dOr?5^7_`6irEyMXH2EWdy?wYyrCkd6eE^CB-mVgKkH#LZ}U)E0& z;=*`<@_N{)0SC=K^^+8reB6B@G_c1d4w&n}vQ6K?Qn_ExhUP4LTXAejJqX0@5HCkozkXz^L;hjj>D4w)Ay#t27G6(I70c z8#V+1{=Zp)|MDXiCCcnKai)Gs#ExZrwWPp)10_W(7~P?_T!;p*5SwI+yyJu|UGTeZ zJwD6UH^_Q^*?5wg5Q+W_Gpu1-d?f#uZ=*SWi_{o3nZg&Bn!wfl^_f18UERrh9H)$bd_t~p3ZnBJ~Z_9 zUpo9>w&q`-o0CE5`e3&H4UMYiJn^X8<=86UV5V)i5r zDs*CeqKn^+p8lnbSaiQm;?d{FA92${AAeg!jaYp`b2IowBaMK7w(`L%9O96bD=qn# zEM`1;j-}41o)F7)^T!8y@#kLniT6=E{Se*67{_sw&%VwuU?R&lmm3XNjidb1&if}} zaGrkDw}iK6yw-A3SX=b!v#SO_ez88GOuD*3flgnB$gMLWLEy?D;fS`U%0+guMwge< zyk7y}%jjk$%rN~KsyI3oeXc4#ltp;*iiEv|Xlddw5VXOD7F{~jdlQHfo&JQ}P39bB zgDw&JUk|;5ozMjK$Ac7|xPZp$(nccfuD){730(K(RH)}OMCg5ozLQjE>ydoBO`eK* zU*T9rk@=QZW|Z}O!=Qhask>}l&;v(3+h;%3v+e1u>vpH$XEv>J=7KE!OK;T^YLFCw zFw+nbAG1+?fhp%!B7@C-*^F-uew5ID*qL;5OUt2*M7D@?!Yq!&A1!05Xt=|@pzUa` z^(t!dmkE{$8PGnzYL)r?O8n&_P6@F%yLC{8JGDHw_FseK!~960?4xnXNE^bUBBiv; ztA!6rEuM1AF{)sUUoqhO^?LZfBx_UM3txS*>fVjxErq6L{3xNz8V#^faX7>#i=j{Q zuvIXAt~$Q>^@IkDZvB9&a{dIrfMgu+OYVo?lO0?!)uQKy(g!K=-`i$=UO{vx$A8hh zg80s)s975((+j!)+j4zrXlU*rvwat*xfs>6>o>-W$C3jty$0ZZiT~v#^lxavTYh{A zU4|_<{Q2JBv>UIhCRo;Rf?@0b>)qdF2fP36%ES0yCNWs)&)sKz*4Qi?aOoGOKEZs8 zL+m>fmZxRkm#r5iwnd68Dd?$&6d;z$ml4WPtP6raIDerZcXa-I`Fq|t>SB}cYi3== zlj%LnnO(9jFGo+PQ!qi$FGk0_rNV3C@buEkjirlH zhk=h&X`yD#_P2kTs^>U=E`SIy>4=YAI=mB+0Fiogp7yM@Og4=ZB`YVMpg#hB+*Nyu zyV%9n5Z(5UOtQwsdT~I)F<|-~yAj6CY(LUG_R)fh7mdv-Z>%q^bxx?;*L@B;ufDD? z?-1rn!at3lOl~Q%j++y<(GQfKeNSPjxy2Bv2UX3d$&ieV zS@{0m^J90bRQ$`%n4CDo1EtKE*_J@fvzwi5TT^Yqj||Eukvd(6f}qr2C-}h8bawsK zRR%P^}`;Cx;Un@~k836+6n8j|!&duEIv)OEm`)qD`6Krw(Dugded;6~nU zHpk^N(sHtEM5|H!^6UY&`faiSY;`LxMpb~{88BS!dbY00V!YDdRDa$0?OnUA zNq6_zRvhB6JL4r?TT}eZu^NF9w`ozdVsAb3J$deZ+zrfNtLI4v_s!)oFi?+F(BfqW zh67YNpEXNXDn-Ue)f(K5s%2xpY?4NQ7On)fzvi@95%HC;zz0G zYp&>&)?rDf2&mA>C9d60V=R74DyRrm&avWcX4M}kHg+TxvdT8r_Oks3I6amoj`OE~ zWJoQaq_~t8n35DFa2S0Uf@<8;T%P~bPuMRC@z6@GLoMf~R^wd34Th?HUt|{1x9nsZ zW62j=Hxu3tV2d8;L%OTH;pK8AYG{Kof#kTCj1*4jBNvccZ)WzlBP*%uKu7E9R94|A zFfqq(v}@g7*i6^1+D~q1aDMSPwCF{E`8EXVPAfZ5tMTd{^K2fAQRoAW665zRK?LN; zI|Ht~FwkNj`}*3^3ovLT+51r~?qsFCXm5%j{pr5&qH2IR1*s%jn1K7<^8)RN$2KRa zTF4H$EV(X#_!dC-I$V_fp2(Tij%X@=4Mr6Sgq$P?{fdm3vDAZ=v(;sM9y?2#hS>8n zGv~kTOnC9|<#V+Fz*|6;fB(NTHTEV%p$(j#6mr8HfIHF(9 z9NtWN(vQi^s#DDj0O6MKJIdLHlVco;ML&H%Hguo25M;fatlTZX`^TZfaa>Q*N4A{y zXN_~Iz86u-If~=GY>~-pYWY-dKhe5wEwQOHv;@8@I#BtSqLghj2#IIsKO!gL^} z)y$0V%)=B7$>rt2(U3QajfN9L-xafDt-JDbpbXyd!}$4jIrX#QXN9`99hOryRfjO= zZzHY>-p?-jPRhJTw*!B` ztP3s+g0+53^3MOj_4540KAP^GCoRU|!*$ET!h(Tn9%yJ_|j8bg1CDUdBYTZbrS=d8ID{{;$iU} zVA>YTv3!*St$Up*fmG^*{Bf<(vaCj}Th5)wcKsY|5H|+h+Jr|IV^4sdGIQXmXOqlY z4*PuHoT$!O@11a7tFC)2{IY}pN2W8=Xj=FtlUhM%r%LWy>TcE3-K^A)^$|iJq$J~6 zS@70I--F)q=Rdx@u#Ol7ZGhFZwX40xziQQ)>3(|RlVk1`xHg>6 z1U8_bz_C;=Mc{$=^qT3a+S3oixvJ`CLxI(@^K@)Ahkf3*;R_v6Qv-!5pFL8}ex!># zwwEMwnikBDC&b=qdrL~o#$!#R(355}b@e9Y4OY|M^9`pTeTA>sEEFKrOWi3C9H*0* z)<^P3gPyCaCwNs_Q)tHeV=&ZBaEDn5i^;rM^1D z3`Uz{g<>&mjjBD-cuonMwu2h86lF{tAq{wr6>xT+6+6It+^HE_UI=NYa-FmU&AD%J zXij@X?^r^XJWAATC19*~(!=}S(^nWZoOupsNSR8&wo2qPrOinne`+vlxbR)G9r}4! z^pN%YN8Xa`$mpsugbXn7Utad5$V?}*D~uG*{B%Oh?Z4amvWts6ORpd8Qp=064%dg@)2FyiZkXg_|FZvh_HU}O)W7L9id5K+mX{r@!`iV(G6rghq?7!_ zU%AIjVqL~SJ|V=#&}mE;X=QA~U5H{6NU~XLT@=*YjCNZ6k*H&1DK|`fRzD0oO)n8f z!#%u-X!N)30_{d~E-a(r4#r)bF%O8|ksNbYZ$+!-!#WFeYFH4!Q`|U2uULO*b6$hu zB$9F^y4T2IvtcHc`T>?ych>Rjp7c-i)yY+r?;lt!-!iIi%rxkIcx1ig5<(kBB3b2d zr1C6gSMHg-h#n5f1Lo6I56NwZ+BfGH@O|S2hV?p)tB9I3s7)=uPhNf@uTNh}-H+Yj z-d>Wf9-mR?@Qrcffpkn8wq*GJc%}P(<}GIBZ-+z0mdh>*O@w9L9|R@Z!YOP?2g@u? zv8BlA)_B*$PThko@T>L((x{fc=D*?&!uMgRarJ$`qE%*3USU3HYSSl*r`TuotwX_P zK7x{W;jqS(@~2#*2*qcpdiG9qefDyR>vp_H{Js90fr^jf3s{DbqB~GH5vA+x03i(26!6R$Ahe)Hk?M3QtN$zs)GWcvfLD zAL#t7GTU!n{?PTa9@4*f1S?*w%xQf@eA=zfv|rUX#NxufOpici#TwxOP4yGkM<-t6 zUFb=YSgPmgIw3#)a-n`x3?&b4ZznM>B@dCf7%Gh-2obMg3$Doyk3$bp-Sz37{F$=P zuBr9uB4}rdxh68JmgnhZn&}??Qv$MePiBe~loT2gw%5~juj}m(FuFgM!0)>2!X}!; zHl%fxjJzIDrFGR52Gw#vq6ldnLxj*(VMaJgJ+YP~yg zaBd`7ql;H013vjSHbKtC4duVgbjDiv4q36hTm<9brk=XDMD!h@P);CZd z_znRr+NaEMtQypiw+&U;=6Cg@B2(y&F9ok5%tL<)DUwg~=eCB`Xlzb?m7(<9P^j?n z<^OdMsZ(t0N$}cysd!deDrTJxH&WOg5*SGNE6n%scqU~Xdu{@mO`hD!aNkb{{xyoY zCyDnJ4)BV1LG;b#>aOE!h(V)!e2>r|rF%;aDVHk50%20&3OXqpVUj&L8ZU&Au-FfX;PB)8evt`yvkG1$0g{P#%bFOs!BC2u(rDR>?!_wU;?c zS>;o95)97*j1I(A{!r*^)doAPo++(S<#bx?ZqcQQ=_at51fRB2Knv8zS68=r24lZM zd~x+dx6*YAK6T9s3v(N~vochy#CIJn>?f9bwrTNV7~V6?`17-Q>{V{SHRn{14uf*GZj9HEh;rAb{u7O zM{94;&lD7`mK0U`l7 zojV4i;`zw4^*|63h_r=!j&3Th3n9c%_r4N6Oot7qdv^SpR=F7+0V=#UMuHKiyb&Da z*09pJrq?qrR%d(T>=9w+jUpO3omjk7KI*J`Rm>13WkLvLhy}hd!bx+e3&v^MdlOPR zK;qmW=vlk8BAG%{wcxYCAp!r{B>E%UUdcQAv-jMIg2Fy~Jd0MjWKei=x6Ja{g6oVV zD)nUoU>Y6lNLcxh6lzy7W=Phk8LbZ1#5-+_=_&$8=vCO)g>o5NYz?K8CI}B_ z;~!tJ_xgm99mosUrmuxMaQyJyv&N@at_4FC)8npDdC3rO%99L{)4e?~`id9O+HVa?U7R2Ya?~2qc)wMtrjn{q zFpS=d=m@|idFT0&xxk;~kd*hl2Q4UKzfo-R*Y$%QOoSFd3+qngB)uE<4n#L5h#LV` zz;bp7@zI4}Dj_L?QqKf#@4(7>tU@0RpKaZB+`fUscWam~&eKh=gF4e&r6yUwdXBn$ zk7bH4L7pA1x3R%T9pJ;B5GVCoGk?dAQ(gTgt?0|2e97nA8Z2uCgke9XzPvCZ<#8$f zyd6X(`vMqcX87>4MM;S9(MDplfV;zTeTI~9B!~=MY?APNuMn?2K6I$`criIDE?6R) ztQX6juT@21NHQir&tp4%-@w2iZkO@?Ly%OE(t{suE^I!%a>qMG_k%59rw3O#$>{qp z<^)Ezs-QS`U=`LbZ+90<3{sfs(88i=B|Gvo{xA04Gb*YrSQp)(U;sr_K(Yx@qGZV; zNkGXtBRS^`4F*I6$hFeLnxm2NKOy?gM|lZjElI#vvJWln@hp84zwf0~VV{>uk?= zI$z{(lSOGLB$0b}3wwGXGD=x-0+DdrR*+_fiAaS0%zyJ67e`JJ(kxEUUZ{>fL3?ShSxqSnfm@T&jCmP28a%;@3#qxf~zCTOi%PBgl#UR`;RG7fvOsYz;Fs&z z_BNoxg?%70*s@wA^HB;?W(5!nnYVJt`i@Yve|B@w(Sa3KoVMeyK9bushtoN(Egl@k z6}hZtbXfP_;j;L^={akR^}Qq)w#dr#@?M~@8LrjIn+S`REfU6bJw#K1U+VM(23a{T z(;W7oa@<&%Wq~Z0F z@5zu`U-;aIZXB|Mn^a`IOXm_(T+pIoI?+vuEILu~~>B^qOe)@*fckB23s9$wE{ z4__{_ofzEOVr*v~V<_9~Kwe<>4saI5f}JstHQV7a^%Wmj?71{29I>I<{EWb5eJRBK z=v*w%jW^iKst$6bDh{_#l#{W&8BG0`NAdTEi2Dgvd@yMEafZGDyx6}Z2F z?M#dyYgKbv#(4GOyDw$YQ=<#X3u5@JD_+Gv8+NFcq;03GbkX#&AE(k+bH87KL*Oi{ za!rIBvOA2g0YBk@lWnyxFD)~uFth@)A)Xa7n1_5GOvC@3DC~!MuQZt7#q2%T05XoY z?}m8|iO(Q?-87iBi_>cRrW(6sth%pMVVVYjLwk_j`4JMlfX{T5gyHe>U|zqRvH20- zC2;fUWxeQ2ED%QJ(YoXf`Rtz^R7LIyQW^5TZU3lK`^zMzkws-VRRXmXjJDs@`Ej(e z7@=U0|EB)4bih>om)iP38sUhg7<~eDr^QjJ!`;=?iQv@LW(D-v%jgwIJ>_<7jvA~2 zuT4Ou@@a_FD@#G;WVrJMT+$Ofrd_WR(Vp*8Ik)&mCMR8Im-_W)rqX2`HmB%#A;%wx zv$bZqJD|aUTe`m_pyVxTeDl?A&sma)v-9K-= z!+9M|{>DG(`C`*_uLEhDjImM_L311rObY`VQD?J`@x~6JEE-12A#UT{wBXA9?TMKN zJtzGfirl(!Ws=Gb$kYP>sVo31SJl0=OB>1zmcN39GX^e|c_1wp%+h|s{^@2fbfdpn z4ziaAh(}G2y+uawK?=2Dkm?F{^PY<`NvxC#-rPHmVm$f^d73J*9G>4H3^K?;-hIjf zd9p0|!p~(NRoXgH#|H#P06|2Ti)C1dyh>cn4694mC{~Mi{1mu8_3=wwnx)zvg0&;C zg0ltcqtFmS`2aAD_QSWlZ~_fP{a=DCbaZa9x!d|1G}tuBTSDl>tOQCNU<$=zql&+9 z2r#&$87H3FAW2WXtEa`aF=U_QPBFjSx1-DI7Z0!4 zd7pL4vHS#7kroI?#;`JNM&&4DCweljCy5!WT1Mh8+5Ac3u2n&r~bZ z;5KQDdg+QN`O^*Sq(&|L!}86eb)P$|H64-e+jEuF8t^q4cH=EEN#Iq*MLmV*6S&xG+ERJze$rca);j-d zVbRQ5cQ8M~#`GZOF8l*aejcbd)xt7>kHNAX9TF%%`lL3~a%F8VvVOci*dN!`0iBKn ze%tcIj4!WZ*_+=Ttn*_&#!SDqjrSE###!-BY-(FSr|<2O!jN zN$trBo+d!O%U&E-^-qlMm{(60mnhCmU`RI>eeY7;X2Rwx4{`!Wxw3P#bAA?R5$1srvf;BBs|TTI)gH0LS}z9qYy?OQL5IexH2XN|(GthvpgEH9*URQT{U z1$lheUhFDR5V(W!q%%FUttL>zv6U#OF&OU_?4r!tofBGHEFP#8tVU_63X25Jq5`E? z?w}$a1?kB18Oum&>XjpN*g@hk;a{V=OU?Jgk-vlGdH3It#c(A}O3A3D&pdj1Yu57x zw@+bnkEsoCmm1$?<7{mB2F7v8qu(|(fV^wAty5U5g5P!NG2YeN1v`tB34E^3IVK8e zb_N=iyAK+lR+9CCS@?HDkjj_4J1t9<(q-xLv`Ue?XN^K|ZAxo{H)t-Ch==P_LvCC8Sfz3-QjBT$QN7ft#P60~sN8|XBf+Hrk zLz?W`(5u%M1FyPM@$Hv@%7E?X4BvWN1e!%WFv^a`l6%}OH6!h1;;+%2ijD{#cweUO z*mBJ8BBj%e{{)mJ@36j=9KCggM^|2Ly4cha7M_yC(Ko{DIE!*`IZ-ZnDwo|h;<~_; zOH9t&(|EQX^H#mau6fZ=X>!0RX-aI-#5cZ@F_ znVt~2 zvdm9*OD0(SJltx*RV+R6+PcSRfL?3ph9a##tgOq03+cOACP|R0~ z{9(mlC$8Dy0xHWQ@H8fSOnIZF5mXoE}95W$OYTsyAZYLKbJM=>|< z7Xe)ggHbZ;k{=qj=S>HYxd&Vu0nw>&U4Jr3JlO%^a_Lx!4gS+HStpqWc`wo7Z6bxx~@slHU8_=UlRd&9=is!Vv`*oW}IknMpY_^>zkM%$c-)*P>81P?` z34A4jRFmcWEH#0N`QKk$p77pFuo^1p-n9+k>&X53Cb2Hbw?2Mvt_74U+eN7@Rfr|M zb+w^@6ybaK+Qa7+fVXbZdzH0eElA}3`2XaNpvL7~z5?A3@ z3@m4T=j#_i&j;|&Miir3n%O3M$F^8Mc4TqT9iiVY>KQC!#^}RqrAONQaBH-7qC-~M zG+%>rWm7TT%%C2u+y!Z)_snOcRL{A=6cADHrXJ%~5v`f_pB7+&9evglE1IRBoZOXcGE@WpQ|Yd?hWL2#OnwC#rN zETKL+t@aEnRM%2{(=}3Il|bTA_r=srP(>1w_wav|1YFE}zM7HYeU%yJ;LSNq7Fj%E zv|1EfpKu{Z2+**+*0Y%-{Unc=s`5sn_4-S5q?2WfY}eJo1&`2rZsSGHaSHvv(1Rr? zU%!k4xaFYgxVz^!N1N?KPlu z0b9qSQX7Lo-NyOu1yTi-M)`<%?D%*}QjPZd_#cN>dX*;Lo36dzJ0D_{=HCO%qg`3|m;1DSN@}?dnVQOPMyrrF~lo8#QXrA|% zaiYJk-;;X|b8VeH=~_ewyU6K1e#5SoIG&I;Z`4lQjp$7NdEY zS_)Ci)epzM{FRrT`TJbdov-iB%N4$UUzIxtCn8HMg;id|#nD@yAdQ=qnkGy0;eohA zDix@wj@A*blo@<|u#FtOX&y2;96TW4rhpqvKLTq$PT1xOI|bDwzRSfifVxU30#idL z`tf=MxMi`G36`jyA`kar?YU09yLBH!IKgHsRF6}VP&J5LObs$8p5iKo1zI~GO>@4@ zqS&{JXXUItn4gdiHa%{AQz$op66f3HN$V#ffhQ*{^Py596sG(&xTLq}Wuvotzw^T^xmEMDSpbvC&EW9R(Mz@+ z;<)-m?9G~*W%bCX@pT#g(hH=82Rc-|7C+h&_&Zm*T~>w|%4sVx1armnRrH1pL5`I0 z|6pVERQMHCzs#+T(T`c_`%aJjv6n*geVdA%H14dCXA>r$x9XfguloB_X zOQH6Ll2Y3ytdh$=CcIr0mw2ph(r>fVbFQO@6{|H>93!~S#qr-Kz1-sK=TTncfzotX z+?q8Lra;|4*_x$&rstqazeT5?%y2ssnh`=PJh@lWAJ~N~g%}(!dGgH{N(NI!d7voy z;Araw;Nf#U3U#aXX~*h;sHn&-U4sA~`W`WOGS`LEN`S%EXGs`G>z-gM=J&;~@@Esc zZ6%#40P1-0ND>$N%5xl%Ney578PnAZQ#wRfAd3^_z5WtjSQjAnG-IgrwI#X0zO`d- z5#%6h4oeF}3whUZ-A!8$%%(=-1P&ducpTAyB^d5obJ4anyjGNn&4$Y9!$s~9>AyZ_ zv~Yg!2FZ31!l0ijjv-Vf#mF4F@qu?7$@d*6Pz!D&)vn1pj31^<0?i20vr+3e#UgwD zFM^&ft#!N(Lu)ct2_Bg*Y?rTJWD=Xoc_$7V_cktXN675V89ygD6&kiV6M3FfUvDRjk0zEjVZPb~c98Y-oS>*)_Eo#~3#6&wV*sjiW~AA}c~) z;=NQ;I9OJfL1h;M4T5?Xh$*KN z49=F&zydv<2xX@m)ZrJIw4;{@EvhVQr*>D7V28am5}K~l3Bx7GM@Xz=YXj>`{W*%M zCe-CFt6!HFy+?G*^b;dlZS&NV=af@TtPx4pYz9-eW1pFSrhc8fhvH&zMJ;rNMF@j(HU;bCRmT_n zr9Sr#65W2C_qZ zC!u2hHm#_*Kv;e@_J$XpWXmmafL5UK&$7>l( z8~@1EC$kHpawvR){0(ms0^G%dqB}dg`UnP%OuYtL_8ICd)pnuGly{V4m3xusOJ1J5 zs_mZN6{_#6WGhD>DNs&MPJ*Jw#aN(HfP1@8Pd5a+TvS`xZBO8rlL)4;hPQTStSuLJ z3OOs&*`w<*;2<*tm~^X@$H@hLv(Z;#j!tImwQ?pPM>?NL84X-N-Ts@Rs_cYzl!5Zh zasv=zsQg~A@Ir9gj!(6&e#+Kn^B%eVM14cpX1ZTyXGt4O^LIdI@BwK7U90eMZMht9 zsctIv^}Q)V(+?yFIZlEjiwOh1`1{WF)E0VcSC zbB=U8!Q9?Gm^~`B)@=SXDY_#$YehfjTMzi2G#hk-Y~a3Gu12-CG?amSHvQvu$|vjO z7}?;?S@P7+1E$Nu0i7}q%%?oa(v`|T|1k^T9}**P@7}t+Kl^!)!Lv zvhShYCB*&fqqnn;%m-GCu@xAv!$m%<(rI>R0koXlT0!oWw8e92MW$LB6FR=C@sfMl zczrb;g7ydpuDKZLlBdgu*`Jm(I`|w#Q%9L?Ar5xI&K}GsMLd)WA4+Uo0YmuEAdgYh zzzpLTw-%{J(N|Cm7`F=9F1n7%@9_YsAFszsjIr9PCYLxm#b>j@`3a8jtiR}HWN8f&tgOWyRklLVbxkE`?3~%r1y41WZOd7zT zF9q@+1hjsX%|25Jlk{_KOP|h37<+NwurVn5`|DJQ)ZyL)=IKc^3zX;!A|oH?-uCg5 z0QCr*45edIcs0}1?C&H<4ll3_rax)>RKKeh(vx0{nt;tY%H-k%0#ldnw?+M#+r)pORFt2HW&&}K(t zY2;e!t#g$(CkZ}?)&BA#TuSe^9L(osc##QR2Vy*Wjbf81CJlBOaGGrfg*B>!)ef`S zo1G-ngGIJ4L1B-YwP(I5?1APWdKRh|1U-Rp%_Y>k{d}qv`4h*MCk+yX`BfhnY(Y!T zVPvQL^Ap3TKdW9fYf7wDdYt(=+I^1lq-^fj5$N5xy1fwLeE#pD4Y2b&1h*o*3IdBwI)zb2UQSnm_X2B zsXTAhq;ddA`A)bq*GmE9rsnlIshX}#6`DWM?M0S*51aDoR(pt_95Qa%emzJCTrb~e zpU@{y#ny*}z^DLwy`NJs#7VeC|METwVGNgJc9n8Q=}Bh%>TimI1*GjaCiEZCjQ6Zx zK-EinGew-v=Okn1r$0?(v1uoT%EuGSi~4H&BqnCYA0#D1DAqQ^x5=2;8SKjaWdy0e zF~~V_ys!Z7xab2v><)(dspqbzM5awmhUnN~zhFl!*BD5#|DgjqHH^2v@7++u3H-hJ zvP|aUl2yQ>ymKKxbz>`Oe+m)u1EjIqsS662S#t4=~e{pT})cP}K4&Bgtat z3tQWAOcMy4GF{s#Gysy09-&4nk$r?7AyTU}neKi{;w`D% zfjE2uC}Ru@iH8qZ z!#W5?J+3>WHvba5q64dHcyC7MzSx4?&~xvTxSF09HHQ|qk@LWbld}GR#VeOvyatlX zqsN`e_+E~7Fc5{9TMFSeW8tQsqn+@b*nztOw;juS$Q`{HO;YU2`x zg6=1rb5YXwz)-mRX|%KvlAwJK)H|^WX{m)DA3IQ56xoc?Z`lP?jm!Pky?EosX_<+l zpO%<7*);(0ruCy_23C{@IH{QYR94WE5xtpQ6UL!7{;eDjsMCI;Js*mHzD+Y9IfP5v zSR=^7Wl=NJEjq#G@LS%zw<3L<#Q11Fsk3E!mO+eH_S*hjmr!#wR}OLr|5{wj;1N+7 z5Rg`l6ebWtOhd<5;5A@x1#(kkW7pk||I_)dq8J@`MFl|{8}7m@R6<^2OFU*qp2+@e zl_(taQL|x)phaa8=*%oQ({zWhi{AF21=~so?pgg*NlNQ|J@`wkK3Yim7 zzWp0M@hqD^23eEuoflf@)Qp=YernXY8pnT#Yz_yh!_1GF4Z${l9Iz2pS$0mTsUSDyM@ z;>)3D2I&OE%NJ$v0v~;$Z2sWdh}DOpBxeR>t#AUlt@&H#n6<{JwE4H@+8l;r*W(`_d8=fI25 z%(4;w(@Npl&pju*tDkJyb=H;w`k+sB)}TT7CvichN^wP7Jn!ppdYSLSG)R{>1nSE9 zno6>X$KwOPN;o8g7w~QaY4nN*19BDOeT0=3m#y+U?8NkC>vZN#OaudXE>)N!J{x=A zZ+0<*Kzj0*ADzQ3mW$J>S7QbzGe0b(jSO)DC` zR3x4|rqfvoz@p_y+%#=Q%N7G3=pG?U&FLO|Br2?)V{F%K&L7hoSqqdh%?hVW1Ie2r z;B4Gix+M)A7|utpzw`x-us8pR&PJcgo8Ra?Kdm@OUu421E0FKMD)HscqY{h$E?TL` z)!(-Z%789^#yjPCrWQYgROpU^(bt|1paD`!&BKLcjqv$TJ$UQsHE z7^+~IKi4d$%eufb{yegZAwT^>H_kM$a$%>EM-s-W$LsB}Pk_8^fYx6Q`$YQ_7?zh= z?6Y1D0U;utx1TU23XWGh^j7wvtlR^1L4U$A@h*}3n=-Y;~P?)aa>KK_Zz zzLA3M6yEvCcG`6TI;GE=81QfcYcDc=CiPYoLK~F;$SmeVB~)@tsdma=Nm$zNvx+zN zc^HNY%L1J+SzU=sXwp`DHLO`tnczhR9R3%GB9W zc|QUj3LvGKrh8NFw@WN9q+Cal!U#^B=wt>wN_Sv9%kSMH&=eVrw z&kE`Ya6q#*gJ9UQ#6{b9psdD%d7kJ~^D17?pWvT-oB!Frc`*abzx(6G(gx;bgGRTe zvv`~VD(nc~`Ya3$l+(Ot;X}vnA&OGWkJd|v#&btuxZJQf?Pb`nK~bvdDL#GR({+>P z9Vd^?LkxizMkoS$I^+mN?Yz_%KFpD^s1xi00*Am?{v<7*Z+u|V^%F;v*Lw$BjUh>) za)aKFmWn6k_8aC2?p(lP?Mr*>n@5f_om_VU&n4-q0*C!>Z}=$(7OlL!d-LqD?*rnA zKwS(7p4vxHGf3Nz<=?u)6ch~(`87@P>m*y?}>ySH%HKi3_R(KKhSVl8)5d`^JezH z?)?DDq7yvezH8r;K+8@gL;F3l>3I^R-l#BkJ);XUE`Yrl4`6MRDX>kJi zoGDv)Ca4BjEs?4uB0vRF=c4!2MHlQ1^x7Mf;)P6opc358TN$hD%(xpcRxN<>BG)KC zzEG)iI$q%)JIaT4Sa5WVtwjPTOkIj1F<8J`d*q+DGrzd&-oUTGqpInsQnLZ>>j(Q*&Ed3D+9}k_v$JI0BK($5&+OgRw zN+h(PE_|rYqA=J6O{jEfoo!W{0p(YRX&9wLojL|Js298n1Pn6R+R;JpPz{JWR{K_Y zSe#C~R_MLIL7atFybuCb5mO1fyks|O`ZLmgt^p^{aRFEetEGJk_s9B&8~nJZ9HJ?` zJ~7ybn*`xwW{rg9DoGBHm!cfqmzup4g0%|l3JEX`$ zSn)&t%&efeb5H^tTc7sd4CJ5QABTIMG8L}NE4}JmW|+6{6%iu0k{WWhv$vN6vpEZa z;Jmuk&~tQ1p{HuNm1b|5AKRZ*FC&CCVt>E%C`{tH)J#X3a6u87}Z6pFsOz55zKi|r@GJxxV>B&u%()PHi*Nl#SH}-(w1rW z?U$c#KbZ*;J_)r&2;MVn2!=k83@N|9XO6APv$9CX;946IzSCt>Ndvm4??P>f#TT&$UoL)W0w4?H``KH1DYfr_Af1=r-e| z79Q?)?B9%_xy?wv?L-Z;d(vb5%FaPqmCZj5U*c-6?>%Dy?*`&eSVRIryHrz)3N7z1I)#MB(e)?43mgY+%m=DUK*6x&sz%#aHWff> zFiV9$w5Rj|B5!w}@fV1>@7ZrMm+mnAV<(7x^8h*E#HT#xM%hlCIOkbdl>_@T)^JH% zG*tY7_&8d2tt9US4$z9f41e@`$yqzDl-hVZI#0LpcVh>Z#PtNK{QyEL&S#qNbnPUs zEh(_f69agu?X7kmf3#3%3f{WRYzxU)a3v)TOL}W$1n4KIT-_enG^+91>X9j#ne?ZP z2DI;Mfbt(;D-No;+Ow|vvmi?a_1pSto#1muCS`17@-7%9J&R0d36Y+kulOiFQ@$R8 zg-!;r6MhH0#ouLCN4QXpGXvwru1TCWJ#BfyHT+W?`ozS<_dpX3)Eep9uxBj|m`9`e z-FBMytTNFo5fJpH`lG5oyd35HhXiD8*P2SoA7lT}KZOC$|9~;k7f;BaUO0sSH~wx~ z<--XqyQcnldDwBTWrH}?*#)-RNaL;SVug7DVArCvb{;?mP2GmNjr)}xpqcZBRkt?q z-<=tv(_mTNBPSG8FKv{71bsDk-|2w@p=OO$KqTW{RilFI+GrSP6KH;W!CxRaActBD zZWVqkCrGZAF<*6#$Nmdfgass^O|&<9Pel-yuj61dY1A-r!KWkNdO$Cy?KrYF!4SH= zi`Au)!FL#}HQ_sabB(k<;be@;n|uuu35F6Op}^}ZNqnK1?@ivME|8BHDYt}kT8@uo z9Mm^_Gp1zw>f7D-N;+IkIN^qMzMy< zqnGD={VI|o=n>FeYQENC$9b>nYO^m|o0E!9w03!uLeT3(8ENi;11Y~q?W^08cqFq` zzKr?4*6xhmKG(#R-!%Z}4)M$eogU2<`Lj^3dPV)WT3vj zd};gpAe+T}#`1s+G+!`Z{I_rnKE%Vx;8pURxbV zDPaX|@Suz4;S;5b$caWhpaxv*UuGUI_0E`RJal-DHTdJQZp8{^DZP&z_~+t?--1O2 zFaHq5AWyC26ZM&u6yGZN1S-1h69t=&i~AO23BoPAfLal&UZL&Bx{295$OY;s>J*Bc zb+ssV55&Po(C^VPOw9mt2m{oC4$xw>=@qEgpm)o*X;P4nLD6VX%G>^ zge_vv)gYd$=4(<%^gat|kLQgbE?cAni(-N|N8{!NJrc z&7nWv@30_{*xaMvQYe}T3JV2<|DiMBUG+jcKqMS4>ID8@>X?r^`zMrDFWN6Ky6K%? zAUY9x*w&w`Aj+V^gavd^peht|=G{G)4L)QCu`Xcctz+fs+jrkOO;UuxtZJPHlRq#O z_M)=!`?5eos#d;>w7m(O<#4enRMJ6+iAWeM2WgABH}L-A&y+oEQx4F^QsIQiKw+P* zKEpQ0hiAOJM=Wu9HY}c(ZvH`o@by5d@H#swgO$LLSu79$v4MZi>1RxYg$~qPM1#=reig5Vmj9cx|4;uJssX|}`|@@Q{1hV`Jk%E@DYdB- zt^H*of3BH1Sa-sX#b_qpx;tl)IO(EQ=C1*3*URea*OtzWgiHVuYRc^l96yCsGZDVm zRE8>60eHy~p*{}^!Uq2)ES(gKa_>F^FJ3nblCNsP$L{GHaAlqgt7FrXSUUMXxTLH> ziFAhatO42TDQ3i38d)FuGSy#<@Z>RF%Yg=uSwG8pt}|a6s#qVml4%>Y2Sz^Py{!GnU^V6v=Ihu0 z?OaXlSU_YH{roL~`i|EI*#QbREA?amrYfDkFz}MEtUz1@kQ6*R5<#)6&dX6kt7$*; zv;0MJ>xt@!7|d+hCJs65ey_7TjN+~zr{dGzC6Oj;hu7G>xp-s9{q!*NK!4)D`u=Zm zsS7gIzsKBWR&2U8R^*(+q*bE8Z9Dw+^?tnQQnR?^$|Izv2{N9Q@v{01H9t;ZRq<>S zAab=%Kg62IzqH41&o40vQ4NV?M>3LrviLETl)h}#G8*Loi@WzGG3RLZR~?frEjTwGFj)7CKJ=XXm_?G5xR|H~7Qz++-s{obx6E=mXsPPmmz(_NXznXT|h zy`%Fgc)MPD{V>;3Dsr5QZwQ9u{qm54|Mr#`S=IhBtvT_N+G>UoRM+o%Do1;E*iPDh zb{i`)&hg^3d3*fKJGM=;OhPqx?4e348MK-*5<0z?v)KQ@W#*ba{kEepOihXV)(+m3S=Y`V5xfVyOvTw88w(PWCc6^gr96Wl`a9g7o zQoI89q~py+g~Qo)|@MDDOShHyaa`& z?q;!guB(cG1qpVA;BsKXPR~_P@ZZ{T5Rp1ln0dI*RwGW$H2@XL*f+$oi4|&@P9tEN24!gArGglMu^Eq)W*WO)#6%G55 zr9@e4FR1f+~ zc7$dKCy?hdE}A5ot(qt_X;v#d>d++4^_eOf7-u3lxk_2k)%9ZF>z5RRcledj;b6py z`#l^=m#)9WQz?v($EwvR3pPTMDYGkwpZ@r8fpRdR?|0mnI;7c2_n!Mmf-pY*Aq~Zv zrsja{$o<~AysMhr*$SG8)o*B@ESZ!R(D8f(f^QBJE4%r=6w=BH@@FofNT7>wK@yV6 zj1p2ejvrfhNgx-6P}xzRH;PCvGARdu{vnLtnKAMFTVtZWufMr8#LIrXYM$r?OQmQb zztoRf;?tu-*siVa{ZpM%-WRo;4o*t z#}?0l_ikyZgcjL~TNj>yRUse+^fIKS+*f)A6w9sHV8i!$JR2jDPMB>W{GD0@UB5he zen1&!ORWc^C^Q!!M|(fp$V~a-0hECuT=(j!KXe3h zhbj8bjVs%34&4Kz_+&L0)C7daBi4bxS@hO6gyp~AlEjq096var)rcvPO{~iOvaoV( z(qSePRvpXaB#$||Fmfr*dG2F`zxO(`tF_8&8@_6df_7NY9S*HW<)LC3)!8k{%sBzA z&)n+qnU++U>0rBKJVSHqmEhmqj+WiN4fLYdH+bA(*w?06#HFGO6yMdGnAX@ke(2Mt zvAF8EmW+IGq8Qdjt zw+0N!N5F!b+BZaeQ?0`eot3@SD)UsDax5;zR$`31)k{E3&>g7`iofpnP7!RU_`gI9 z`u>-JYc%k3m9l_ls!kZXR-D^zn6XQTg8gs zyBhZ^2&ot~EV(`60?Yr@2dr93!Atwo4Zg5%ts9Y?7`QR!pa^=V)~ z4T*qi1P-{xfe?7>4OoRS^S9R``#-Uj0oU!Bfx!&7Exzry9lrXl?`D_9kwH{EdUMP= zraZ&OFrH1BxL~&LBiD%47Cj;+l2W_=;bK6Sy;vuW?>S4R$_unjA z2d}9g$c8D2QWlsYB#q1Gk4cFeQDiL64Z?hu%nvR(he{i#cK%34!o1$R^V)8_naBR# zFQZoY^4$%+%V#d;*8hQvajg-2txL||7(weKt;D+X$A^$2v}|f~Go_g2gG|^jzcksX z@bMthlih9}+Q;diCGp8mbju{xylpGI1l^I}PB!d!bCqP*D!=(fGOBP6MXveQySh?6 z%&%l?Rgsgue7HARdtEVIn=SSaF4=tLAHQgtOMTJfja6tueVNTNOK#^)BjhV zwP_#7qOQfIx7HRG8T69Mjdwu46|*hm5<Ckbr1No8tvg;%UssTvJ?R~gPaYUpG9+WyUW{t@LXAnp004MI-?7u-bo3MQ+<%6 zU)|PPyp2LejH|aLkLFiAeWE8!Z3zr-6nuL0n-64w1gBZDC(FOhlF4Zc-1bw+w{}c9 z1f8iPVehxmDIBs3ZPzt5d2;U(?O4%O-fkAU_Pcx!&2-DunzDeFRezFp(5L^KUq|qy zKR*BydRbZ}k#OEI4s}A|jB=`>+|NEspVTOW3yS5eoRTB1qZ{0;8Ka*(qMayX<|HoM zMi6k2<%O-meb$**Rp9Xg&hC`3#M75{Aq~e7+zqv{wiH|bzOZ?nVk3&|xC{RxQwn?G zO`MBc&rh?a#LxdadAY>ow1MH0!#s-PGWgT7YPw2yi3>*Ig)8U7r$j@;Tc=f1<9UnM zW#a2kZbXs&w(6qYs+o^MP1)k}Cpsyg;JL*-W}n{tn$U273?8OT`q`16>~gw0uTa@K z`?v;Ap9o4;Tp;D%xv^IFiLJProWrU5<5SL{Niu$9owey2-6i#2OnypKkyEKxZQ}8B+Kz(Ry`iHT@Vk*KTr-L^wQQPac zjY}~P4r3ftmZ_SC^gw4|7=J zny(+t&c}$oP{R@Nj+Li|Cl9evj$I2JKi^ z%tH{D4s&9D-Vgl-K&w0RS%8%JmjM!+QggnN|31T#xX|!g%c$WUSIXOW#yQ+#kJmLa z;;}bXf9{Hpp_|L+I<0jE>b>0iT#QknQpKuGM=akq8{?xOj_dvSOb|4qjEB%OmZ9-H z>uZZ$KZ*cFqV3e+*ZGJkauJieTdKyS^h&6vP_&Di6_?b*j;mXP;VQ|^gWv7XHV;0C zi#!&gPApG(-E|4!fTUEKX}6ts4>XounZg4N+zb!2N^PRL5zNuVdL6rQEo1W~8{?^n z`={2k<3$luzBy}ca6@N6gMWu3M=dY%RUBNJ1~X&ZZTE$_?Ti)rKL(|V>p($eT-38>5NXcoX4jY;)o&v_p={|4X9086V?Ru7a2uK z63C}Oh9sSXPx6j=kx)I-3Egeim}5A9v5`p4sUg4=HYAx{u_0Nu@QPARh)uT!ZD{VM z^n1&ho+}I__vD4LWDbTg(zP!-jqC1KP_fL)kVMIPs)V`v>^CCCYVR}sW(QCp>I^o5 z&V_#m8-uQ@-?o49`Lpro&-nMRTdTAaP)DL&KL)z3@U_hkhR7xE$L)Lqeu~ z2V79sPj&Qs9m4#&rQ~Zc2amzEx8-E-(T4;DuZZRl=8x72hpS|Ul)ETo1>el~?Sp}u$ zw!^B0v%0m=l~WwK_HO|dkgRGXkyW3H5Ssp*#{Vym_5U)B|KCRT&t;U@BGUiIwW1X& zT%fKG3qZ()wL~#U=Y8#W4d!XD{D-o57kS{2_!oFo-eCS?7Qm%eBz6bwjhC>qs7C-i z-MylIX4!q~A}`D|Ymr^|O^phxa%>9$m@@E$gfSYb%Dfv1<`GEIsfDP4Y5#XSt2VxZ z%_1s5Nqv7l!M$jY!ZN8n4&DU2^{AOhI0VY;hzaY@8E7)$*)K6_zNwh*AU<4a%rOjK z9aqe^idFZ2X@Sn}x12eEj_-^_GwEt~JX;kTg#EJL!?N{NyK_fHPVTB*YoEYmAIR9q zPX|7R2fE&pMXI@x_x%WDLLw@p4jhbo?bU+|Z(V+Mv~7E^6If_JVGf$vz#wG@Meo7v zBG()f#cZSIvQ^iaFNmO|hZE(V@zJ|SrD0$Z$Xb&v5A*tJVTN9KdmN8U(O&zHcupds z6a;#3!p+~cv%i|XmlpJIYM-ExfOGEE$uN}CRj%vNEjH*bGL^7!$dJbFF5+ps1~_+LABQzP6OQp3r^rFg)n9-u4=2{sA$CR#?7dRU}44U ze0G?acFq_!{icMUy9PWu^k9g<)o5!vM$7ckqb{W){mD0#d|En}=ycppFlpuy62ql* zmG`3{2aR4!Jxi&A7imTf#-y=vQK)$2sleFVa5~SlfgeN%H z5l7n%Kl(UvhsTMgI|lE+3X?CTzz3Gr<~)_=4Qb$EE46u-a00C<)*%~NUdM~2IE@4J zy4B7()iZ6FgvS(Km!U@Q346!x4ql>hSLL=Dxh*8tX6)TkCS)x@Pd5y{C1g7xY-@M{ zh8E9KEh#eFPj=gU^RvQ9<+6I34Ev#dLuIT6ji<#2c%f?hQV*gty_?eH&q(}5rXA~n z+`=4f*LFI^q4uvu93;4;Sw16p1_c&N)xp*N9Ys#BF>%I$aZjXVWO(?MIvr)dRM+`b zrGInhxFclC`d2j#Y>kKWS@U~WTi7K=*Mh5q%3HLLaRO)Zj-wCUiTVrrOl?#P;p6C` zb=lvHIDwb1ll~VN;$;p9^FJIMo}NnGs8voOLyaCT>3!QObeNaW9A)eMFO&n&3q(U| z7Rs0#~=zU-&YR?V8hH`DvdY!~_}R3vGIZ(*+T{r1w`^$zO2 z2%tHYo|TRo{kHz1NWjwXc%#>i^*H&$4Yb2ZbEEX7y^ANxGVJKBkgT6quc_~+dzBYC zcu%yx>G(YfZ(Rhh5Z^)vpXj(*(6!M?C)gPz1{@OBLmUv0Hj^3FTr-jGmXLH>Ws;<| ze`$0??G@lFzC>#Wxvu)U8s5Ch)+nfQd_)TgD>9a8#aTs4gPzj}>#*VG^7c zjQ%qb4{-GZQuB;k-dd0`Q8E@yrVwFtQQMKJ$WCy13224tDZu&94i%Zu&Z z3f>~C9yEGK2)u5^@&2|OtokG4j@03y7~0HuwnfEZdBeX-WU8XtX;G1V<@<69*Oy9` zSjZv{^qL~7uY0=aHP+$B_i*S3i{ zSbyZOE-KeN!7=Y<>6)i1j<4(LXI?n1c11nygnWKbzrWA3!f-{QtLlpS%&N0^Es(WW zF@lxp0tpMqt!0{#oV{33-o<=73;tL69I-fwr$Bp@%kt1 z&lEg3D}C%$a9m>Asn+wErWP?1sUx{?r1vC>AsQ|=yi_q!O(aCudveS_!yKI**1u0;-JX!n8-4qo% zkhd$nglx>(W)8w) zUgoM(y7du)rm;EElQYguL3IIx6GrYE|B(*23^p(F7$k4W$gZB zt+n7=-OdS!u&jg+Dgirl%1J-I1_nUfORzvo`3WbGE_ zd%l{gkZQd2gZ!txlSvo_S9bHss^+D6B3jd?yuB6=9y1qo#kC@ru?qcSeB$Gtem~C@ z)G};vFg|gRMs!_l!s{r)%xxYPTU_n?-e&M*FiS^tN7LqqmSClfGzv>6*m+j#xG$FX zlqtNAnb)4hXN7PdS{|5>Uerh|VV}~p8u(F2)m`G)CemCy-xeX6=+({d(mMBgcIH-a zG`Uav&1<|1gnS-?7Tx-TG_NU|Hyf!QrAtTe4AdXd4>;>osyYwni3kqEtQk$UIF|0E z;4wk|2Yc@s)l{RcjjAZ92&f1s-HJ33k={f_R1`#{S3!y*y%Rza1?gBQf`Al7qy(e{ zNTUcy?*s@CdJ7@c1W4gqfxXXn?m2hwcklO{A9vjG{__W8xU$x)&wS=HY16V>n>`YU z4h*U=uj-Lr$u}4Xdjesb6~DY;p84#^);31KruLUA-00>y>|46ynl0!z5X2d4J|1G` zqF;6b#6YRzECo_n;OY={;uy&!Cjx; zB;zYVtz-8qu;EBFF`%G?X$DrCUkP-G|2 z5H4L-TMIY=n+9yjv!&s!8s*Yg%p6OzOUhv$OM<}KpEd^6&G5Aj6a|}&-KK~_EVwOu z9nR?&J7Nf!J248BvA5s480&Bkw6Qyzk>05|gdW6GdcG*oWZr))z`W?}grFp+n|o{- zRRxK8+Wn(GZM6^vog+kta+WTR{QUGekSJ`fJRFeTFFvJ6;=fZ#pq(R;zhl8*0fiE6 z7}&TugUR#3g11Z#={J{oKnvMyU;(LUB&zQR?hRZd=-%>HRV1~32yrZb-?KJkZLh3a zxbmR#+v+NJ7dC!-<3)?p2JU_i12OsxH!G8vahd(4^a=ve082SeQ6Ap`57bb_y}pnO z8;>4lJ$-GMD%++nY*JOa?k?3hPtxAGLusROikp`HB9kBNsPqvYrXW(75}O5dch&<+ zY%8#iWS+qQ6c~=W$NuJmJ2{18iL`!3YC0OKx=vFeD$09U62?fE_(+d-Dstfqz8g|~ zAg%hNm;<;M530{`s1N9%6Jy5N>67*bx$09W)JM)UX-;MRWr!X<{XdF=bBI%Y!7 z2nq3acqD6^SQ|3BXj!_f6+UFl#z@E6_nSgJS6iej(42y!VAU+(n(i%LqTVV==1BRV^by6LU4i77f}b`400y>>o|7 z>&B88Wy3HJy`@Hmsns7w7pgp8G>13x3HuS=>UqS?*<5kqkZ^gw=s7a^D+`gM5!S)M zYIxm6?L4B;ngbkYVCtvUTOEoRl|XIs`i`({ekOIi`X1JOwHc_)PO%sa`!$A~AaTP& zSgY`}ugv;>=ojaORE3J%sW_v#h!7dD7ZD$^Tw`vRmtOF0Au4_%cxKl8*f!Z7&^-^g z49C7%y5hs-{0N1;k^`wku;vG|TE=?q&^&7it5YSAUx=_dX^>gECPHmX9xO3V?H=bt zwri_SZ!SN7HGSK$E@V8>&Za2|f@CAI8T3vqv~w8x1oZe(tW-(vz8 zR6f+VI(~xERQWZY4A_H5qtH4W>QS; z7Xo1jktkkKOP$Kc>V)}izso!GGr;C?yVsH~Okh%ZMAhHPEMVphdb%;a(GHVMP+rVn zIOWXWD`fR3gBbXR>~D~7$kF9Ze!W~6#yh91Jd}0;I@@RMI8da+$cm6ka;;NER(*7n zI@Ri#{%)gpkcU-yZXe318PQZ|gEyv%UhCQKyH5b4N)TfQ5HXwSiGUlBQO z7(&s~7Y2&w7nHbHoad%O_oRIn$u6?JNb=bY!b_=}1B5W@=#M;pQUBj%xLP>0&h-eQ}rhY+V;4`uAtU3_X z*UcO~`p-~J@yf=xih`MMc zLIXKtJH72$TOPbh^!tg@j`q%zu!Ajs5vK>HdwshIKfYCEnY4OXKREv9P=L9@-)EQ5D0^y>j$P5P62U1f23Ji+d zXBS=m$C$Yw0jNZ$5R!I#ZQB05Hq8WM#K5WWcKL@x*uhg?j~*9Y8NW@ZW9C<6PjAt}UExpB;Uj`+)Vz zsdqx=AAwcN&4;FjlOkP0UKlGf9)cd^SExF}1t4_uZR&yFOre4FMa_h!I&HY1LUlJMmEYXI z=1fhLsGo{-XO0C~ohb)hpxa`x&e*wNXT?;$@MQ~(S>kI|$zpI!cWnfeckdTr#bt@{ ztJ5uvEyhPkCg^&yIi{unpueGOdX}1IwqLuWvK5PF0TRSRw5KIYEy-EAv2RJX8>KO? zd<(MUx3qToi9N<&5hXvVF>HrRG-QaP;&b8O>M-WBz{GQtaLZ1o+hJg*t44S*u~MJXoNZHA6H_lu)chwel&#&jqkU?lJKD;;T49bj$q!#7_K<&ez`dpMQv zR0WjOQi(g41|2#sjd~mG=nGG67vY!0tT3}AXU_f1AiY0Y!w__)J8*%7#_qbtfZCn| zW9SYXIZ{nllg08qQW|4i+X{LAD!%gjZRTrpABO7GnbL8B>%jH*vY()Z^|YS`C6`9o zSD3l9vRmAxRGKo}%BOJIOfzd_p-B%Y3G8jj1w4fn z>!yPUoshROUT24CKO@^$8K*Ha#^{_)Roc2{%?lQ#IYC>K?NJwpt4XHNjmm|agy-|+ z(fxG{sbyx=sy2-e!s$CV)o48so&DBMsr^(ca~-T>}-1M0Exl+PO| z_K}`3XxRQ*e3m$-10&$`9OLL|5FId^L*4TJbt8}^W*rH)yV}{aWX*(nu{;^-0P-!l zFd$>x(QGU%d+ZGVK}nA|+PIm*p|;xnk%mM+Gd3^M1=UlfjY}+F(e-vrja|)XEbRh- z&>o9AW zcP*OSw?yvg1joMYTK>fn0_B-6Phm7;Klp%B4&2I#qlGLTPHP1>JQw;Ma7AgHtIT(0 z8Vc{wLDyH!+Fu^4+7D%FESA#QY&=R*>>?=)S?W<+uV1#YOX>>711R!b`Xz1i9#1~Q zkRqE++0_`6ZJ3eWeOr*KKmg^9KLFc1$GIhjC|;ss-r;X#aLg~4qkREdj^}XxDFkHk z%tkhhWRt%99sNWB@(wpb_%3j_o3xmC?@In=r*#K8@+6I~m?Yxp zv9gr|3KU>cq?phTk}{)5dGc9zLgyGk&RwV$rgfOo1VO_wORZHSoi{@dVt@Gj&@nCU zJ5{~|3;|L{!nV4%Qf$Ztfgk3a?LP(DeLkvSDN>FQDEbY-iXGsb3CW1~11N@{j#FA& zvc~RWaMpX=KyPRXP&ef+dSiE9Yh*CQFI8H{*)(}7^FCWi8@zJ8^nE*zp9U* zs+0s=NX}|lEC)ZuclC%y<)A8&IeEmjBWsn^DnI(O{lJ%!{l7#?Y&$%`pkEkX{E=To z<#La+(P>xmPe2BUbo5zNLQ%qYEr7v^nGq7kG~T`mN*MMfOsb(gg51L=Ft%K8y{bX{ zKG#nB@H@tN|J)zxkw&70r2_*Q+PtSh-A#qd*Nly(Z*nU5DCVf00|=R36nmVO@|NLz zkwwbbJi0tuC7jlby!9%mHvY)O&XAzjT}76GCV)J6vM9@9P&Z07x2TcRJ(^Te3Ct9QJ`(`p^-1OR+}XN7apj9KQR z`#?tOu(vGP(iLG2+^(NGlu4Nkvk(BUs>|LbvN@NvuV$2p4p@;>Tj@U0$7SxPiKIR? zbs4ZPi8;vAV|Z^b8BJBL&9sPnE1h2V8}m$r3Dp>|Bv2!0EE#8WeHg&h^1mk{R>O4w z0O|T!mY}(AW#t{2$}bo_G%HJhMl7zskF3~_3ay1e;Iy>4#S_L= z6>-V!Kc=`qkOrSSWvQUwoPbY^WiTGEQ?G*}{G4|Pua>b%<%o9p zM2A;KAYmR09)BN$6~hqhOYXhtc#a|Ou)McG866a>O=oTSXMiMN`%|gF)MIb$3V^H? z<93In;7CP4>z)aW8*>&{xU9o;=3B|@kYlv5Z-%pm&;W!#sZQeB5Q{A_-BO^SfVEet zjpdkxMd8cRwj<~_WDdtL`W3A>o2=5MyB^;Ti*KLu=j)y2O7*1+Qqrt?4M0n~#ZBum06Y-l3(V&A7^CULjzdcE zY~Bo{s!yL7C^9r0m`zn&_nQ;XBOgGhW%vVuZC$pB$2ssqdhAw%$*6m5gWLQYJ4Q^V zUPHiI7JPjOHu?=1>^2YPq@U^%8w^rc=x~VrntIP8`nHGMn>X~i)UrYmZCI+R@DofuIlqx592zhE)~$|>DK#P&oI85e{m^ZN~9`0?h?A>J&K_DN@ri-W^_GK3WK zv^8XLO~N|1%HdxAFfGFVTh1`;gextp`rcmH!KEdbLnPk&8Wy)~+2^ggdAp(Nj5?(o z|NGYP;{H@>y%Ol*EWOggKIG#CtEbo0kiT0%%1wPncg`(E*EA@7&;DC&HOIc`45$65 zAQ*?pDkK?2j^29twr7;f9pnrp6dUz4xZUg6M6s767{$ouo;t0hm8MyXCJZ5ZwLGlu z)jV8d;YcldBLo<$*P_h29-x`Ex-&%Mv%xyXGuIG;!c|eJnTgST6b9fUQvYAo0Iy4AUg^HkFTB&9x>0jDL;>$ zy(Vn-Bik(XiSn>Spb+1%T?n5-l79Ma0m8k3D#)%~;{-5)4}1GVd4YNU!9fUqlvb!? zfzRI$;5`XI&AL7$Zdh?QblA_LsN*b?r%TA>BugyU)i(KqOzCsT&<{`dTW~G5Q~^UzKsojiQ9ud?nn9d8Yrg;gmy8KSOmlXWoF_K zeGkL`goJixQMy+vVJwRer1;_YxQt&bDrr1ONrWYI(25|wLX&|4H}?t`g;^H*io=d9DD=d(hh|;`W>K;zqb4GTkmQ)Y;G7`6 z9?ON(tFzt49$$%|D&EA5$Wrc*WFNotfffCMIqyH{b{SwTg}E$-?iMTVy96|oH>uK= z#eQwZ^B}7D{`yqtNZj&~e6`67BIAO$;A*BTtT|F9QDmD;_)eEyW(b7(zNhBJc)CYU~^PK@4 z9Qts&3?Mz+n~fnKf?Zhf?p(&+7r{>+5?lO&Se8F29+sX|i2uN1m`#RT#8A!6eJ80& zX8nWeLj+6%&q0d{7mDD6{E&g5H;i#k0K%oOI|%oURN9_m&P2yr)H2ZU>_t?WTsY8D zxseb*7VrQf6~4_0UZ03S z@9J~@$Y-{!hY25grajD=!k6^&^a~Oc2_PjC%X$KA)Xun4=$E(r=Dw~+1`3gUyu2z- zKSy&-XTyhvYL-`QEmz1@U2Xf^zJA*O?03-UGkoJQal<-RsE^Fg9 z>5;?fQCTcBugN+W9BSnP{T4)#=<7$QK+O|hYAZ|V$QQ|#@~8w8K}I~k13(D zXFrYJ$Twutw&^sXCuG+*%!Z4j-_`Pa{BVwOwXBqWBVPW1i8mGG1`Iu+e#M>T3%L}& z&3ByweSe?q1DxRnKwWoB_s!4aHmRQDG({$jd@UKvcS~z8gw~%g(R&P8Db3qCt*=5u zufR4J$BeJ1oYdDnVmMc`j?B@1N4mx7iR=C7071&h#kQMgXy5O6-c|h=sG;E_Jsd@y zgAYnOjGGfhMWM%*aDDEp+9DzO%*NFdC0!ORDTJt~t#Z%Kz-aEiXTd2=H<=tAns7mH z(r(#3l!t2y70f)pH|rVKinz~kFFl%H)Y|mXi>*}-Nvz4W64v@*`DR8knb*es@qc{u zrq^tq`YGlJrbA`|y*o#Nt~dhvxgGQ}Gk}S2bNBa#%=Y-k_7+~`DY{GY-5B2Tj3yjL zKlzEi3yhkYjCK@tD&3#FuQb?VDjyGe1xT_1fE+^T(i-+uIl|f6Vv=erZjyF!jb>z@ z(wHynWM~n=ABpt$K35$4d*^o z+EJuiChZ5|x$8=#>zW^mR2o>SY2aoL$OtgAP0(Um>zBw8((`9hg^7FNG`h*A?qPfTX zdM2+JRkbQUC>^{4gvU=LTc$3(ABN_ktnda!V*a4}G!e#sqzW`5op^BLnTTHA6HbJNzL8 zv5^r)TQ%8T;~3=vRbK5}lRyYZa!PE#&Lx_8BmlMSWyAJJAXSAtQ&rpniy2n@20PpR z?wt>8A_P8QJ|IRT_GrtSubaomSTQlp_A18XDAVZCcmNpf!ugdNnJrpw0(hIaU7FX; zVd!&|?9g(%$%vTI#Rw2NdoOc+$mv!Y9ozC4Jzr))&;4LvJ4SqGS{ixYRClHD9niW9 z6W}Pkcc~gx!L5x$S= zf!BY~FkhhqPAB6=c4^~Yth+RN@{%_o*~s^?;8KWLoS@R>5#zz_Vs}-BB*CgYpP- zx$zYJLT_pti2(Q~wSzI^1E)L0}OxR;2|+O3B$!uzX<15E55hEi}Iuol)=IizIZ}~6G@aV&(lE>KQc+oqGsm#KT@ebSAQ^&el z0~2(-j~2Avt3Idnh`NMfx?gOijyNx2mT-|F^cY+F`^)}cu}ysr{Sg6L&;fb^#IU!ZbdY!ey5V9jf+J35%pMX zAfgJ}IYxNzQ=`oTfR)Q0cYxYwO;&U;fIJ)1r=kkAk$460pKc$`p!~y_BWY>macGpcK@+>($3|j&yDA)#?skXAR{(* z-p>@QqjN-;LHx|bd9SGqH=jhU8n@DBfc1EG`?eFx)N|0c8(`%GO6H<(Q-3n~E_cmN z0rQ7Ld6{p{jgsf2&H%Si(RY|`jb5v8E?1l3epZR23BAe*ahSAk{0Y$P+;_oZM^gWb z^3_^R=O(CX6m!1?K=H^mvPN5O0R)rx9gY5z;;%+(3jDqX zrfYr$XwfvQUk+96DOhv`m8DxYDIEPI)8Y2cl`iaYac-3!6hr1AyLG}Fpz_9*^#p3E zZuktM%y5?SqX-fEb?2{pftiDlc3P%$+6Vsu5q3w>NvnSlb>0KG0wJ&SOyCdf`#n2Q zWPWBZ*bU!aZo7%S%Mx|l_q{MPx($JjXymidN0*jZZX+>P)SMBd;p<2||(%r5c z)X+)(VF>2rp)>1n@HX}wz@TSl?Q=@kA04BeycofREB$GUH};*`LO<)C!arrgPj&{Q zZ;kcL47d>Ig>0CgZYpL^!WAsbNuIJyfl$h6GARoPQ^{4b+)?g8^r?H}org-vuc#Fip0DwoXoSW9kZ znLgbm*G+1pPUZJ3_npZ}y{y3VTHKLc7x>CElV=QsVPnr?C6#vl-4siEU?YGYx2xKY_~H zhSu_3amf#~cIZM$10>@cw;zcDjv=>+ihp&g=$WyVv(&K2iBmMJ)H?=}y8?Vg3B? z=m$*hY|`4>BvRj(+E73NJ1fOVEfNWtsE;@l{2t(4^L<<(V>O8M^Kl!>(01h$!VQn-x69Uud&%jK48pDOCSQC*$k z-F#m*ZcySy9)G;3{_)f!HZ%E^C$LZXru;vo3<~l->!eD1SV7z!O|tJkm9_r$j!xL5 z2@m)D>Tw_CvhX#zP8s7uuyV_M7lp}=wt*ROHnq+l5Js{Tyn>;*om!Vy?kPavi3+gw z-#L;toQ~UVn&(8XCoj48snge{UXtzQezPL`1EgKSXu@o5z2>u_b<{HiEaByu#ll9B zEA~@~9zbK5)K!QB=zD&o5P+3km>~q}=tPc=y*gZ;eeE)aHL8^mRR8{B3%oNCETKTY z3k;=wvGch-cDLc)sFA=EMV&ay-;Sg^pLc$k&w{{fU_9)>hWi!$My&f8U zG9<*U1ZmW4RDK+rrEYh!%Se}!Nm{vPb00V)4tkc-cbV^R$osX8xC^8x$^noDmb08|ReX0rEZ%e!;~@mPV(BAi!w&>N&T_|;ODc1)b=@E7v4 z2$g6QFekSI`BkBuf2xH7rT532k;PLq%ZGtGh7g6TcuI-(J4CW{c;AJk?Pp{gHu?h5 zG@WddXAB+Eq<8a0`Dc%Tw_V_*FWO=Om^SXK4n!qq6kywB;Hed^bBrU0gecHVhLaMA zJGo?xfDJ8l0B!Y8lals*UdMl0QS6(Y>IkjCVG-%NddhaDGuzj&lP(HAz6F1 zpIrC(BE@EZwKm}iqY)UE;0ieOvB%KM=VMF^sPT+RsEz_}9 z6xRaPZ#gJWJ>)@vZ);n`goXAvC>MKa5Iww$Y<{?;?J1?Ml>Wq9OOZag-BGz$_VAky zV10g3&)}ZNSH?`1nmE6efaTy0b`L)`|JH8s$pc=6mS>6noO4U9y5{23pM5ZZNSl(8 zty{i9i|`n>2I>@?ukQ2oRsdZXJ`aw46Uo_91mllBjGQaCm-70GgKzmpV}jJbnd>&0 zpZCM|42qqMzry7G(HiC%oy2j6bk76wvr+u+erCJ@KyZ0qDP$b>Y)HtRt*o*2`N*G) zyFq8f++0{%fhl(sue8GHBp#L5D$`YUG{@Ua!SjNnh8N=n>j1=IM85GiFi++=*2*Ga zz$628?0M`_ZF@#GL`_Rmg!*%~VrSg$T&)njfhZlwd*1oXxBsZG(=Q$;{kLao6bil@ z#D0h&rujKB{WkNU%`fHlzB>yr6=CwH4doYSXrrzB*i>o$47%v)s)%ntX zvlxSQDXPm9*I=615}^bJ+TPUB;C+w3w?-qv%qpI4M|~Q#Dz$uz1;|EU5iEwkj{3~G zZakk=_(B5e71k)q+I*h5Kp4MA5btm$;^SrWVW(z&^o>^CE7!j;;3%2np)~N74XzNh z$7h3EoWMl$&K>Z!UM~_iwgxtaE~|9dmpC0v4cDa?7Yw7CFriG`qJ$%+^le4xB(HhE z=5siYzp^o>m?>}BAh03Pa>6Oj3pjyL;s`CNw%<2nD+{}uZ~$;e!T($xfJEAaMK`5AtNa%a(;ikijoOwy;E^gwAVTP{>|=>2y2$!BMz zh>B-61`S3R3d1VYU>e>V^ooIq!RFG*-c%!&-gCxXXKr85pXI{Gwm%zBOmRY4^ghu9 z*2CTd%XDk9({s|YXtisMepDoB+-{XD(DQRc8`3pY_9HS>bfLHK%*&nU!>?aT!4C3F zK3P}!MmiuqzuIp-uRPc0tvgq|-+G-@cJC3;v8qmO zE;2(}BqoIpIZ`6px!oy}VZJC3t;!G}WH)|WHS1T&?jB`LLkj|msn+qs!{_mm29<-! zY5qixPYbq8KQHzNEqZ*G6+&+ULuAuU$rdlkdB2qYHUxGafLZPnxw{72k)9<+;Oh&_ zvUMh2vZ=WbP?0o}YSbs7o5eOViUGZl={iBi#+x?C}`qf(xU{0G|uLDe$A`he+? zz2U@#vzB%RMV>HGDMQ0({D!zmdGj?{AE#oT*GMO-pYxrdW)9K2gFkJ`W$(K`RE@N8 zDt}e4nb4dWm>yLS(jlrZCLujiUAS16-7_3~omUGR!g>>ZM(w)k35VluB00v>j1}`@ z`(PC{E5Oc3;sQ*+P3QNsjpVW`Pl|3Qh#AeKnlsfI6qpK&gC9&&r@j?zFX;A2U(O0y zX{p2&M}P$MhRJWaHp9KNs8KVO!K3vNobf;OL?c7ltl|M*i7g%&#BCsa*Eogse!iBK zQ|wve1L!Jy#WB`2E)w#HW)BeR=U$ zpRHM}<4|&80XaKq@{Qn}#QV|Qu&Vtk ztg7pcEX`v-Jeo(g68rt!%dJZ^TN^kVkcz#mfjVogr+$yTnZ870xLB3&+bAp8!hQUO!?}WcO4{bobU>vjPLoY3nh@L zRFZ}-lPY=rL$+f|g0K6zm_J~s{RbRh)B|W@56r8$jb7ay32N++O)hL*>7|mVY)&{7XaS5Bi(`W_|x(HZsdF zX2X}BG*r9c6}qzbP`oDRZ|zCQp*)+us)yZh^Q{AestSOhJRsg;w!0Hme&K(vd4JEi zSpVz$YhN1q)yR42$%58_*z%pW9N7<73Vs~I(DIs_%TlsCq)@&&iWTa5@|CynW4(|7 zWsOjjbeoCFH#3&X@hLo*jaz5;ko0AjJ$a|BKP&Ha)U^8V(&O63#rG?%RsrcuH8PbP zlh9`3!O#4zy)Cb~sDya5oN5qXFDmo<-7O?h3tiwC{dV75a3G)=cP<^Lg_^%}+3Y^;T&JR{>V+Wi`_uZyc`le&$MW-%IKV zul$q);q=H*e;gpLc{m2zSq2^pQAJE!5B0@?x%G~f4?fqnyY@*kUfg3;Fc z?o{OB_fR!~mp0p~dBayo;r#HP7EK1TLK__vdgOP;ADFoi%{Hk&!L`bgb;*21*<9QqNv z;EkYt`wtvEeEg69!L4ceiP_N9zo)Zeq5Z_P?q<(D#ro|$$fJJuh@#pnLRg)C;q@Zg zLh58=Usp3>S8zsdd_5vb^h-maVQhN7OZyt+PU^ne$s4UzN1Zlqvr zVt^mpl6`~!$8Q{^<*4Bl_ltk+x9`568`ekQ5)7QF3Z>Dx>WSgkA6E-fWf%K|C4GnT z7kU&uIy_VGi*Z%j*~@Aw{rIlRxhP4|2CZZrEl98L){CoFt_+;Hx9VRvNu4`%PR2M( z^Fg{i%+z`s`J6T*wXI%dpz>HYT6<@iwm{M(S9v=Mq$-w1CYq-_=1*?NKk+ENi-lGO zse^+q_&P$>ph=rEtv_+<(*Y>TkXKg@`hNVwbl@`@e*4?!HU9TM?-=+@(cRd~Zy4Km zCiLG`>1Dr5R;DcUKV69oL>M~dsCuW3pp*))NqVeL$pNa(qA9LVx@yLIV1*nb`bj)) zr_B$Zj;Sau$NicB2r3VWBVHSu#2ndz!n0;ON$D!4EN;BlEmP%)lRSE8DaV=5o5Qh7 zu{x7E@$RqUci`%x> zZk~#T%Spy;H^r?|PAzTDdXv>*gO*;^g#SXocLGoS0cRA`By@2LGzdLPUS|{ zYqaw|8H}oDF?`wS{$_JBTu~kDF}^a+KDm7E*SiKU9GUvKBfrE zxsC|KZj-$nMPMx*r!L4B&AI5z+v*4u-Az^Mrd?O5XnWz>Ut{volP0vKB5(Eh*uYN> ze@k3n=I^Jc>1Odi@%mg=L$SBlJPj*IVW3{#@~itJdws|IrM&axAwOL=M$S*x@}x<~ zqITYl+Hi%J>P(%qA~}zok+N+I_rPM1C{S6+ZC@ASEXY8WFHk_~+h?QUAoZg$i_jkK zLA}{{7y=QqWQJ)})gl;-tf(3&on%u{%^0Rlqst>z5Hp@>-}#@M+VNfQlbdc9YRTOW zs-HX3Gr?|$HCfU$Q*n~FhR#*^JKjByN}zvk0#~rolXvJX5*Hvx)cY^RwY}IE+;GzH z2jHOOo0xKOsD>e8uG^)pNfG^4;z6}l-bPge1c?N<`Nl`X(z$trDBCM;Yrm+nF$~@& zuzaBhX(z~Ol2EDoI}Z8B4N{AAr$1gw4@u+aYNRd{y9EG_kGj$iwJC0&X~=0uNZg4^ zHTKFm?XwiLaP~R)dFu1*v3o~fU6-}xJo_#{{qFhb?I87JfNB#g>Dt`-B!RTqTj;=% zD(BY_>frIbTPI8Dw*U~f;A{u?BDvYW@9LJoH_cu;maAEp8TICf;bPU`57(6w;AF%i zpfD9_9Vjo$`;JL0O+Z>6=`tQNEiW*LwEMiW)s~{H`VhIe1(RzNeXb!Z>CkbjdX$!ryAaQ+6(YwBPz9dDN7@W!6fR1oFy>b4K zxz~XG^yVC^vNb_PIrAa&{+R8xmq0qQG&=tK7Kd+YAaKgv^wz_FIXfLbZZEcfe`M8c z-{b0uU02c!`>2sq$SLgK)qPs|sj>gWBB*7AU<34{?9LK|L5H&ThYFxxh$lps5YyCS zD-Ezc8^7&qyeP{O-5Z@%*#$~1T$wyizKw2gk%eM-fh?IIzh_)r9RI#?9WVM0G8aE2 zb|)rd}+m)0IrM;E909zm~vh_MFxzExw_KR69~S z^h=e9XXV|IE8T{UUs+e6JznCt8QOzXNySk3vY*luiuWu#r2cKOZeG~NV!x!5Qkk=- ziCWOUU>hSrHoYlNTIwM&Hx}uCG0)Te;Y;zsgJKJ52AcaLpG(c&-qBqWi#5-k8*;&Y zg7u}!JFmrh$G(kpI&HlBytgFyc{`%~v)}}Q7_6j>c}WXg-KH<3L;LMc<-|KTTeba> zi={sws6{$cCc2U&9keQ`v(8JrIO3dXV3H$X%3|&Ze7~QAtVxJizH|6~k2n-2U1D)Ef7(Y6u@4C1rxR z^~4WY#J;*{cZOraJ}!0M+YLWN%ORDu9Zms~0aU`%zDm+H%a!dEsmTwj6%v=UQ}jjy zW6$k#>*w+_xOGxkX{A6k{Vgc{jD?v6xO$=&t9oX~Z>rC2$8NiTPl&I`bz|U3_P!=b zRj^#>sZ_CUdb+6(RW`Wn5J-Q1G3LGJFZuJ&Z`HpDwc2rCiZ&3^lIU3I&2aR$$Mji4 zNAnuiKeqoB#p!g)BdD;iKGUEt7RazI>l&_Hp%;>4Zp0h_>kLP`Obd z<+Ji^!FM)8rPYaFatlJYe$0N`AYuIbRx8NqJOVqui+wM+V&h?@u_osn-4Q`!Zi}6{P}g~^#bs|48d#<5X$;GW`&IYuz^RS%Z$z&szrby_ z6VfA&e6YI?XvR$jF3;LcZj?_B2D{10N z`hc7Ylswc2=E7dTPPh9?YR(6*hz$daj4BBUR?0ZlCMUuJ6+FxO+glGO`>j2KXGwq~ zmNn&c?$VI&)?A4>db3(4Prbv5&l)SmSa!PTE?1>(=kLwFg1Q##A6()Qr#c6m>YQ9> z)DYHv9GF=cJ>mXODp1Q@X2a_zvDv~>Enn)QjNGl-^b|ODJYObFlf(}Q=GLhnH5vAK zfwe`aZd*k0tBT)=PUqIOYmJFUFFxkSF4kNELPt^5-z>WPPg%6JGUQMpvF&-uq|lDf zStKRcybIy5#&;<+CXJWLY}wMcpf`HLuJI+T8mB-{P6Y4WoKPA0XaBdYLSntaXjGj9 z-^mX-Z6b;fckRb1wq1JmfmoFjuiN<8>9y@rH`;HuLII6{B7-(bncWbbyVu6t{Zn?; z;Ag&OhW|KUGWoWJKO!Rwo6ir$+2%FaIzUc~df4-HaHWbmfv5VC0C#i?1nSO-bS$1r z)a!+TvN_;%`wz73z2#WWKa&dW^JmMd`?P=r7K5aW``AwLtSNgdfLa^vwdVnS6QII)*H|gVrw_L=V!0!jD&u7$|Q z{z(gw$h$~?F8!0caYW+JzKg`ZlR$%XLv$}+CH~pp*Ybk?VZOxg)t)UU{^aMkDWlis zo%i?h{xm>F`FC6K!-m)U*M0(r%7M!7;$B_mcJR-XIovp3BjBj-!NaBRcdgA|{!jFd z2RNfQ;Q7FD@&gBr@9kO;lK0O#roJZK!3r+ycCr>Rf0+$n{S7CN7XeY@FSGgYINfgF z1H|+Hr`fcVB`sH`*0S6V{5y63m@@l-)ueRd9O9r@!sVRE6aOPjWqIl7VM90!S*W$! z#wG7nLIRWk05Zl}{9C=UuN^)tmQxK=P$GQ%WORVs%>{2gbqFeE#Lp&TB3v>LG@!9>=TJl zR)=$&UlHiYR9U01P5$oevpXAGrxpC%KA5R0+hPn0n-<@v%gqkiO@1xbHHN!jWLkE? zBD|hreS?EncmToxtli%?@oF@LkB&)6x)VPyq^k6J7Yx{?^!>mP&=Y;(J(KjoP{}M@ z?;?FjYmH&4(t~mUn6UC*k;m~T#*VQR(a_a0zJ=-+G-#^oWThJh!H0_ z-QAh$Q3>AJ0wIOeLib}UMZamKk1TR0r#yHX=^XIl!yI($M;qS!(u|kF3Ne}B`bz~d z@%`N0;JQ+0orgBIuIq>rV&Nf)m#iG)qyT~nC^xsD+ zI)NFUHqlH9xsm(Oq&HQbTrf~F$1iE!|JgRyXo!K+Orbmy(>{b4ER)^N4pLv!epH?5 z%T;nPL4U8&_WKj_1nx_gUFB_VuCwygEHF%_?dXp6a+2KSLQcv^;w2MN%VM<-j){r$ z+aGbsdarNL2OGny%c3h|YwXGS8&%HulMdd5-e<@zp@YCXc=f;Y4t{N?cD&?HAMkCn zeZ%&*>47cjYtyMBU?0?rGPgZz)o$Xf7mINlDRdokaxj33*1Kn2Y9tVRa(@~H5Jx=X zH0dAB$XFSDpGpFgwKjIoHA)zB_%cPt5j-c7w>o^oAz z$=AnXoGroHc=hz|UkgYDennzZ5WmpdPOq zK{g?1V1+!#>tVaIu;q%CYqVOu0wd=R!bmCQA$s8?L-`^sr@ZbIvs{e@h=i?qVQ7ceRAkA^fK< zU?ov4L)F{F!M0i^cR{nD#l~As=e&sWx$6K&h)m<>iOuN>*Bw|sDKz}q!5R0$Vz!R$ z2zgX6K<+j-*0E!$*KXZaz;=3SOm|@ZWPoeGh?3V63&nDp83eUpF425_-#{2!8UX4C z&c|!vM7A$XZ-Qu2j@rU?w;>2+)+?L6oHL$VS(sENAi?h(UJpZ9VDloUUdG1sO0DwO-&iA zC9Q#KF?+cooqiHDD7~0PUU``;zPIM{XIvh>ao6Vp5J;=gE3=OU5L!g>?jYLaET-^oYD=&^J9|t8nfW zq;K*1bUD_QTL|YCSxsAwahp7j9VAFssrN!w6c$1vlb88e6wTydwA|r_8Mb1h{VKt0 zSyCdejY;<*sD6Jd*blAf>SY4Rh<&N2)N0IoVD;!R(+emelF_x+vX3jiaD-S+XaMh(K<*{*-& z?YpLiV&*tZWwUAG4RsfR=}%B5+^bW@&5j7##!t6RdyCbI_E~$N%T}dox$hPT4peU9 znFOUAs3iE+p*eZ(3pO!Rf77(2-BVEuwB9^tMaDU-a_7n1vaQN-#&R5!D`!c{Y)npPjHR? z@<2fUVsT&5lm}k@5;$Y=tA<-!j(p@k?~j8IvL;jx@Lk{(&?J?X?19AwlYPgiO+#CK z^A+a!%|@cKF*Fn{{*5bvnQ=AO(BnpB%-x|FgP6rr-9g@XQp%vbTEEe|b~Bb^xQj6N%ysko2*b_Vx>TPLnM+w!{&ze@_z z41Tt)Kzdo9?}5-w5fs{HsP?ZIEsy7DZvFfrcp_R{{|a#?8PENbofdcI-VV>Fj0SS?fgkjR0f1FI9_27i1~6N|YaEG}tqdL2YJ znd4bA!)c3njc5tTbK8#v8#7Hm+l`Xq0J+FFYdnj)C@3C6snn_2l$H#d{%{lbe1C&2 z-fava2)nKyUEpl2-s>hlZ-A2$QH}146b{NRy)<|9REd^=IE#Xvm6L$>5NJuUK2h<= zj^mSeC4%(>g7L){obI4&IMaQr50z#z)k!hm{uDQ|1>$=CcU(*S3vn&Ez6XW~@@(AM zU=MoH-RZ@TtUw$d{IgW2fTOt=_zU@7eekc-*0s$zdzuM7rr95!# zS3_>~B%@pR#a>npq`9b7A#Zu?fvs6600O!UCinRCfTne1!Rnb9(C0$K#B)LLqJgC| zgE;woZOZ!@R^pv41WG)xqt#%6y`s4KYRF}Lu7?p$V` z`RpG4gp1u6pG+IATX@;yk<}2MRkyio6vX#3ei?Nt_4sT9e0aQo^CCP`1A?nHhdZ;b;A8*x{Pn3FE(R{O`_ikVk4>^z***bK zzX|3p3_M#7=EGdy9u&`_sN*Mi<$}#0Y=>A4L~torz;NRX121VVzlN!FzR+f&CF^GN z^fF_%ov<)OOX%s<+4M>6RUhF5<$#_@K5eia>@=2oai|~xG=?86hTew)+-b8{&RS&P zVF;Hf|2@h!`rok@@2*J7de)OPNb($iG4XC{@~O z=3X4vXT^L)FQ#}W^xsEA z0s}KPzlGFbYihhQ9fIy~aOXwrgZe^ayUw->f6R=j+fZ9yO;m9)uCb!V0<`;S9%>j+ z(Ud3tYVP1w_q$C6qo)E2N!~n>o?CJn&+uDlHLzmE)>b!9RrnqYZ_v_Q$C7fUk)A7X z9rL&AP!xW)?OZ<=&R?&)Tup2PQi}?;Cv&qWS}6ac&hvLi!%wiJiKDZ^uWuU+evrm6 zPg%j3#>->U2GtmVUF`m?l{7i|uO-9 z=n5wwc6*H41N)pI+H##o#nfYhJ^b3&35}AoUT=n0EPMt$4Tm5(a#KM1FHl5fMQR*3 zH7YiQMxy{FZP^=^#vyv;QkBT9*_5@9O7anYLDmg_*1v*VH|uBABy2+%uIQwO20$6x z9wj(?7{Y8t5Gy1Efr<+Lju531VK5x?Z7)-R{McT`-*e>;Qk-jeRT zwa&N?><)65uw`%FyySi0w$GGPAWn4rBtkDNW;(l>RU3cGY3Wx<@a(Dybv+%hzHmQn zB894oU*T8@Kf$}60Vr6vFFPu~)-p)U3}z{q4hGVTX$$TF$?HfBxHaqbgs;e3){GFd zhF|KQJX><_cPfqjS2_-1o68x#-P^JF2@?@|nO$Y1)4|9Hpgt{9LU*5$XnG*J%$cyg z{hA8MRSyf%8LAppFBbYe)XT>gcO(s3#B`>~qV*aRkRnQejSzw=aMlVAto7O!#S@$3 z%!t2Wh!zd`V=g_~=UyK+$h85u=5E9xKgllEaa;|km)i}Oz#HH^GRX}PPRZ3QTYFgv zkN^>{$y?4_TF+l;oCcC}P^Fnvmzu9@XhfUW1+MGS>_9#TnhU{Nd@Zpe+SPQR^MK@H zqcF4@5H7j*{z!6~N!96z5@N2r-rN?b7}o`k=9i&*Z-uNWma(q9ay(sE=YWhm8O2F@ z;wtIfF!e#kTjGYWhq6H*7(a$q;Ts&c;N#6xzu*F?aUE3nJU>^eL3I58S&RX9%zG6o ztWA9-c6^u5uU&Xe6tzw=8rQ=(!p9}mP}66Qa+Or4&wKtVNT0rL@3}A}?W*iVsh)5C zOl(2kHpW#PcNI=WNsIhIVen%0z>UQ>KhSNg}d zTUkiW5i6mR`H704t?9LF5FHD$xi56f%qY4%3OMpLD+#9^0)xrr1xiUrO(k<*Vvrmq zn+$kbSh66$mDS)kPV!OH@<(aKNT7&H4KMyPp?*9*GgwtT!sF|4EXe4)aH<6rn#oYA zJp6}g$#0#--QCl<&)*z2Wi_#GBSL9U?^n4b&rTJ4&{{|M2Umcsq^d@Ly@O9h4*0v?gfXY>etoJ87CK4 z*e>_yXm(n9@D*^To=__#C(Rb0=O}sN8p)o5cJQcjbt}HVmwO-l3{MM_R(b&^^7>D2 z!no>Hs{)-;NR5`22#M&*CfQT3r~0gnm5E5B1AQ6I`Y@#~x!kdszR*SGihtd?-=KQwVk^eopSc?CDrPz$mSK8d#kfQlv&Xm_3R~?b^jjXX(>^F^kT?w-$>HFwCCs9#Va(oJ&~0y= zX}v{g67|DXYri1>EsyVso3rRQa#ZMCdL#W7y3@pE!3bEb^0U8J>tC3)V69fzI&l68 z4IV2ze$A-bkP^0T0_S^W3bdF2{vaN_RmF2L;R)&Eixc9%O2q7d&m+)^GSYRE)M~%) z61vhsICje0tC;q+&iZ90($42?=YVyoe^+wv;}$#?dbU|VjYGoInWgFB0R;FJBW`xu z`z2QcZJkrrl3NNWcQLi9N}A?6KmpZG6@8;04g%BebzTOK1k@|cHS)!IM4kldx)?x~ z2i_K3fw_w1WoW6P4EO7~79CBIYz@Kqs8{&~dWNRmXD;`g=_zBnOj;j4vYmcNf6QqA zjqI*OD~3EE5q6t(Q*OHLl&Qz((ZW?#$BVA@G6mog%X{(>NiP8b-Mt;s*h=-2*uNm| zI0NWOYjrb=Pp#W!$Qi#a&>PBAst2~b8>HhcI}~zny^c1O8#EX#va#?$T@|+i)HF)I zv(hUC_&P-wrh=Nfsl0 zjC9$eJb#3-IrFn|rz-U1LbcVsG&frow%dZJ@Or&^Dkp|c`$R+zrqI)&zh*sOI0@VM0b^^C5y9o& zFWxF(#<#vcZd&eH-{$4IsfRPQn~jR^d`)wfwkf?N>V2{HdL|DpplG1Rf0G>%Ak7HG zwzHC*Rk$>FRZ2JL14s#!S^6jI&KHpu-AIt-rcEr*dM|43cF@l(AfqvPRW5W@(-!7X zJ%RX%NWjQ*@;D_rybKXk*;Ut^o5TLzIZ;N4G6|USG9x!hC7hh=nBqHQ)2! z^#tIGvTH^38EG3g@;j5MwSu|rg6+J5Ml1Xp;?0qh%yi(&IV5G41pvtTJzYQd`~q9~ zrBa1GFt1vla0#G4$vkn2nrP-3z3ED{Vs6hDP(91Mj+kt%RtwkySos4AC=YmupFg@| zr{BR2$}i;Js~;Z4u*N`O(L+i~((3XvG1+{8zjTtupJh3>@8&bj`&ZbV>&;{FL|4F| zQx{F@4Ym7z6k!6WQr7}%Di4{JiwD#5Vq19t1PfCvMh#Pje7Tbn^o%eM2s;DKbwe6% z{6>%U|D`#Jz1)N2%K3+s`xvlo*0>c*mj0lhQ)#nln9`IfUe;ElPpCEKN8)bxZ|7}N zr9jOfh=8$-4}iEgyUWRV$WJ6HNo=UCtX>F+qBq?pQpX1!ub@AL0iy_+_rBkD@(hz2 zu)6Gz=#^8eURjiT{)!f`wG?AA&BBuKn!3d}E+FA>g|61P2BMfsEPzvv9!+a)Bz}jH zt-A=rMRqKiXp&t|vsw;&L|Ah*H~inc01O`+<9)__XE$5BM~$i^G>({AGO*0%hMeXH z+4=B1@(#?22z;_l!Y~)3(pi%Xa$h3=!M6-*`=c)TW_k_&*$f+yGSr6(REldHXh3^j zaQNufWEY29tL{ywVhiRN)SC<=EIvZkiUvMu}RT^{DQpZ-EG-*&)cSHPpcfu3}&R^@29ri&OnRR zT5V;|pNNSDFm`ShUKe<0M}I`{_$|)-7v#GQ^eZ-(=NH^qAd(YN+sda+y40Hkb!kUz zaZO`K1ZWSX{R_+Q3qB}`@>%aCQohIc2Vp;*Elt_F~pP&_}0in z7+P3bOQEk|Mv8 zGD370cuL8yz3NCR+6~hQYVH;?N6%%pjhU#GU+=6t4m?LqgQ3U;3^`*Wg4JFr`8=U_ zfvS&LP6qLmm>x{~h}hw8i+-19;P72YEE~QZ&0OUYx4bWusX+R2ZdN0hSh2#*u!Z@} z_zkM^M58wS{WdOIjkMTnLdx!$)KZ3tz$C#N<7m~TqZUmERZVhTCAf8MHk}No;&7_> z)5@ot3!2>MF6B>no~_+Dd`wX3+(jnT1=SVq)_+)8s?V>Tc6~2*JMGlQHY>1f!hVCe zAOHaQA5Y5ssJpgkT-tbBB0;&=VWJ-BvhMpGRsjxU=<#wbHNW2llYUsm;FTrHv-Rez_9zc_D?vxh zk~|2gt6>N|aRfaw+J)C;M6&A1QKyoOmO3>lhVS5a_kLwaoqH^9MrbuqybH~sx}AT)eQ4S);e=r{!5 zUT(smC?S9~Qr#f@TV)Lr-o-=Qlel--B-7?rkbF3;i>t!n_VBE5=Yv|~%mxgXJlgcl zm5Uzhc*#X?fKf<=0&s!`rC7kcu8$RUCOEnD$LJ7^<1NCFL#C2f%*sS1#caBlwJ+Rk z_!j+J`6c=4cQQ5F&DJ)5?h?JNuSoob2^d^8?I`LS7LNR&1eRR1Pd;kOnycO%(Uf=I zFpzOTb0LGsQ7nF}lkov4-KtyO=ti)?;eV8cdkij2hy&KGBF2k#ft^&x>E~0439waO z$K@*WnbI-$c8noNHyoH?;_;XWAMz}cE~RsiX8_%Dn_UvUOpMZwh0EF-j~R}M7J0GC z_~2xp=zgSEu37J%purCPya8;zO3m`sEB@cgO@SN1N~fD8TKrX&Oemncm(d{@99wkQ zX&HP|o7IPC)yhSV-p3tLq1L|jb$DQ#YQn80Fat{nBah?&xPXuy(EfTbNzUtLK}&|o z9|R=*i+e7!HbW=T(QY|&!3}@P&h8fRn6ddo>QL!?$rq}UMAx8lYE`axJRx?q)P!ik z`=F4l9$kN?5uADwKH^n06u83GYhPdokRz8fH&LwFW#joDm4N?gI+UpVWYBwpVAHlX z?AHFyecD)F65T?a`ub1e@R&l8bFmIW1nR=`|mB4|gg|M~BeqBnMNV%Vfzo2a)9 z9=~Yd5H8!}un4T>D(6BX=NDk$geo8p;UXgdY{gUB+7?Y`+n25@bNx-SAg@3Uc-<%# zHUQuX?KDy5T$t}B8X>QERX32juYPJtsNlF8e-O2ic#UWqaAq*|iw?hk_s_or!es;b zsZ*lh;cV@YhiCl zrL&Gafi?QWR-YJW;EDtWOV^{AYP~45wpRV63z&p%{1%Fm7rTH`Ec5sGzpws!KgsPI zgRkW)=IBOz3_5qB-YN7;#tnNgqvj!?+!%qZ8hBPGDkG~YIu1hgcFp$UBd2=6-jD$|2x*Xw;Ge{1qpYPv~xzwLDvY9Vg)?%0xm#318ah}TrpzN_N$9_?+6 zHit#Vv(^~$ivvswe3Cew{KnW@p8oM0AB&+#3W7PA95(F>$by;d<;F%Q@v||Wx&D#v z-a8kC{&J|)*~~NF*LE`#pmW$HLI(n~$;E1pIbX;aVAOAVB9Vio%SghxbiNLcTtjY= z<$a`;1C2Ij2Vf**Q3_f%@QA78as97nb`IP;p5JpfyTNci8QYB7F%7+ww9dh3_Yd35 zJPd2IT-56xQ;ffMoACv@?ZsoS%x=211+9c-1YgNi2`ZS%TE}sL5O@*jLJ-Ug*<8uz z3B%!t27X$CCDm&XP!ocwT9`rr2zN`*TX52lc&|fCd=;7#y*UV*MfJr@vY42G1${=k z|A^Yu%lfIGdzP9>8YMsVfk|BuP!FhoR6x# ze|*;(?9_B+yi`}`8$8BuwyKAl9=ll;G4Z-J;$vC67lT;L0sKnq)J7T2r130uo#YR^ zxrI$m?o9@de@mK%W?0|&bfHsP-r=_@zF)1oi&sWlW2ZKwgP3W)eq((kV+tJYKpk(3 ztYVIB3^}=dLkLM!^;8(X6F%TDQsHt63Vr4oNLb7%cpjCkH(oIkGo3p0U@v#PSKzt` zUz6HshZi`{18Mqsvonyf#Wn>nDa9WYH)au?ZGezH&#{%7{i|9{2IUAg{pcQAIxkCww)fTo%fGXinH`> zBoo)()+}l7fvZEE5*F=wC_WbT4F>msWAy<0*ONOTvG6-25W5SBPgzl?q&joTB+kK9 zZoR|epGS-!rD(>$>m{e`aT~(0H_FjAlCvj z%&LOE!8cT7*VZ?eU7cDkIC+UK1uL>z-<<*oN{_ z8X!P&H9hs`ETz8r!n1F$SOy?fuR zS5G~IIzFE6#IcbZ0ZimJg?90B0^SqiIV7gMd!q(*+_<>@|Gs*CDkjXChf%s9KjQN&U(S;p>3)5mxSv>f(O|THeuvXxBwSrb-B3S z4fJ@da>dy;<(?;RqLt?{t!Y9I1tw>*U^)Q2vIL6?w6 z;06={SGwr!WwTx=A~A9b7Jx9Rf1IU-u3zK3JI&(RTYStj3KP}{m38w0Tbd11st0|P zcaFBZzmK-6-HZ=Dx%k5}F}>$&I;kgk+id+|cpH)6-H>iazgoJ~>Jzu;EikFy)Ii=4 z1J7f@*VN1BA3d||ZvFWpz44}pfMk!4_MULgD*!Z}==-#Zk2un_(0@;ZVP$c|)RNV? z1I8{hp5di<|e=yHFb+H_4w8+82a`D!i5_kOAxOs0SpirP5kaH~~{t@9P@a zcxCQX0UAcRRELuLO2(X~7VlMe*~@rr6HrFbTiu9TxvepKLF;zf2P9GJqoPv)mMaco zmZeXB@9OmAZ*Am*FC&dpHim1kvh1dki-bxBy?g+ec6Mq-f>!X;Ud1zr{swvY9k6(`2hDd-3jj{Uos+;bJo2*I;`;xN5dlr&VYVENkYvDWK;C zFp2TsedvSTU{8HVGW9r>IYD+gCAYQ}zWCOt9*`pa(l~!B20M#?(3MxW3@2Em)YgPx zfK=bK2R~+E?bAgxY-Zr#h|neR0{xd(=+!Ihsb%Yby}iA1uX6+Zp(3ZVah)N_@NyD{_h9(1tq zX15-us&!Y+DyPtBsl$5WT==Sl_uC3sKnJA!c7ttCoZ01{qdp(n?^vnmQ9H897Pg+I zC>LkcMmSM#x#u`Hps8C$rpO{ZzAug|HHE@(_ki~oc|5%M0!tIN#(Z!_=c0|f5Roj;EP==cC-4q%fFz&g-lTd!nCPpHU)sciWT#?-28<=goQB0Hf zUwjxw)8iyZz0Kv1#a3{B*J|lNkTrrMUl#!lX{HAm+KnE3nkw>Ix@VJk-=bx;9+}_; zn3$yMr%>Ftg!G13pmK!@isV25TwnUUgd+jM)O3tKYo(a9r1EUk4uLt04lew%{FDt= z8k^k$z{iq!id3y(3NmDsv;SyE&J%!dFxQ(k%UtEGg7>R`uy9p_b$Ck^Th%rJqU4*J z`cc>vAE;kd7vSB3Mxz5fpW-V0DPvGzGc$-k5;wczJsMBJ31~f*gF`;0fD?zLEo?3Y zWwdp|!vAO%goIw&FM08X+TT}6`u8f0>~@uaeJt72y->XdK4P4CpDHQ8$S~S_TFR?B zS2^%`GEe}yo+jN1T=LQHO93-a1_QbeMWFd!iAEQxAXq##kmLL6_|*Xuu4%y7D&Lxt zdQftrb^G7*(cpU}uPxHjsAiS$lXuO(2D6)3$4eNbOR}mLeuoWaM4`_KT(+kz8#MzC zL5f$+3Utg&7@0OKpdFKq*&0->_LjB0VHI`a3f~cBB5fC-H2? z{$^Vk=NHqHcC6mO`T}&AnQB>;6@pn77Gs@YO@QG=eu6r{tv21K7lX%H8Yl0$!Lb7U z=*=5M14cMtNw$rRjD|t@&n%3@6ZQ6S6J~<#tl`{n+Sj1|Pq&V|a<1G6zl<-cngX~= zqYtLr9i2>fZ2OLd7`?|2EbiU>8^yr}-n3c&7-)-^n-UqNNJgXaABn`#(KjZ8 z0bS=TnnH0Cl%02?g^uov&m<{RpFT{k)u>YpG9KIdAwkS}E>hr>52# zE7I|80@JLL(Ay;e#sZEuImPaLO_w#mN9c3mU4asxm-OvbHEQ1S{^7pBF9dV95eIpR zXdUQ&$$ZWutYYG9iSyqbKPq;C<6bMemIc#TRJgxzH)gJ9vn}*$u4=WbgjYdsgr}<# zAv_rzalXG^*h-oG=9phs$oxo+)$9kBRGQUw8I5-_`x&ypDJOj37%FHswx7HRTQk_2 zaV%?F_?=O*4s7{!B(prR5U36~!V9-z9IYAddIV9YR-Xd2*N#&>0Nb6w^q7!o!xr_4 z3YNG9K5Q5(W{1b3e9BMz~nTwPnb? zzL*SL|K}>EX~lS^vbMp5%klUIWZ>osnzJ-r45xvarj$6v-z$6UH%o}l-_6PzKIe?n z`udg@bK{hhSEW`e=;HN=t-AB4i?s$-mjQ{;P)XRV)WOs$O)7|DvMLYM6Pv#%2ji0i zxCQo0tJLY+n^64#Ds5Vx`Ehjer>G|66p|YRH)#ga0e23A(Ygrx<*4R$Qo$7+IYoHc z!ZH_;+;0k zi#+%(3Ly>L;}VAC?T&riLGl*orI~G&{nLi>p?%t!021T|ketSN3C!@I+9{~untP2O z_424O($HuFcfUGyBQz)9>F%D_YlY;P7rgjw>M$>3BrZ_NAY}4akU!?L2HV^8`>O^t<;eb=kvE}(%~ zp6N0qLKO#y7+gmphTT@dX_07Eh3q+0o=z)(C!QAN88k!9zlw?WAt5^vy-DltGLO5` z22HZ%Or|Dw#u{zJxqqV_X1hQNKlwdZk-WcfJLU$bxXt|q=lhCfC%@;u62FMg#vbsh z&$YC3q~0AD0$lG-@)dQTujK+YqDSqtaflw5bM-dro8Rh_tb)5Y&l>RB0}!jmp@%gr zBS^{&@+vZsdN=!0Q>MHF*Y$)G-K9aJkE8hkGL%=&^=S>H!c`zclOxzs+O&JQ)hqU> zor%w#*v?1F%klCow6zpdYt{ZvJNBh{qSn_44uo!Gm%ym;O%*Brkw;1g%vmOU6IB-Y z*>;Ddz0&QAf0URS!wU%-EVNw5XotNEKD8UH{521NjLHHx*BkBSW(U_%zJWVpV3L;r zx6Dne?sJnHE!HrJ=+RQ`mI#)GAd^nkY+u@tsP(Wk_FT9$ccjFkGWamS^bC;KTv#Z> zPpjXCFF3tjyb7Di0~fD{_vHx-nT&1O8r7Q2kQdKOJll}NHo*ygHFZxG@40QN)!QZ? zufu%$ihL8SNsJQ2N!p+Xtq(OH3=%av(QZ z?||^zjb+PwH>J=1Guk$D%T-g@m$#b*^dlle-{|Ff7itMe`4YR9ksX)9zwCSdz8e3& zEdSTS<|lI)xuj5&PiAjm(|Y%F)m18s)5j-tYE>HZ@&NlP#tP;X@<(~K1$9!-E#as3 zJf!QmOr0{a?BgSu;bVTT>Ya5S1XYJF6-t*RG=-3&ck=D$aMPB_L#DTOXHHoIm{TS# z`Jdi#ZSs77?bw4Rr4xWJ*3(^CM|QHNw=D$10F7YyRzs`V&#gO z;)L!Ut1r>RP4_ekr=RVYOy8XqvgKZ2yw`{znIc)i@+AGo)BB%1*55xfa&i;w=)h#`>xouh*9k&1#e=q2*fEZN zjLDhUh=gXLDhuF}iV-znO8a)62n$u%6gj%nH3bNE@8gEY8y9V^!B7XZPZ;05GC7pz zByRLjs9KRZY_c$x^lyt zH;ZuYntQqJ4@dt-e*|_y#`%iyK}pgg7b3wJ@qJXXS3jxN`}FzuyMh94>V5(<_bgOY zsf*K+YxWeF0+Csvll8v^1P2fhLBsMvG!1ZpNfY1oUA!IHyPxX9F@K(lO1+R~v;3K+ z1W?8Ch7PRf_@&9U1A|bMf#;am{s~(fXIIb36NR6Rlo^M2g%TLCxN=DIINu=Wficc%^C4AyK4!8k#JQfS9F#M&ay)$@0N85E8Ka3bzm63S-A|M584FI?83 zX*V&q|IFEUc&Rxm%x}Ur4Xq$65A4;vJkZWwZ9KBGSNQ~iR|ERM*moWRJ>AB9e$uLc zCqn*bY2vxqk6bDYzh@&ET-`q#SrwJy6jTL1VfUjB-g|EJ>RQ|VqpJ@YzkGE}Iiu&l$9{F;b^49m87nK!LPy)Ghh`j`88 z^XSG3M;BZ6f6DRwV>jJ!ZO@*gK6`gQIsdzz;(re?Nb@PQIqRyd7PxP|FL56QCmN~v zxT@>)Ta%TN1{kRRJ;Mvruc4mo^5r3|7ydYJ%`X6s>^T=IDEDh9n=jkSd!pFA(6Y&+ zjb7`u^kKDjdd>haoLuzlBj%YPCNQ64^;MLlzI=Z%+nY3X8HMhA$}5ZETbQ}-zC3gE zM^`&Drnqwnf&Q2lxcJfF=aPC>i$kxhq5j9Yj}FDMcpM{%+x!Vbb}=`jQly)Bvua{M zRFyP8t)a;#Pz^a_7tyUektg_%&-qV#zf?(p%xmRoXx|yXd@HrnR$T;&uMCgHZFUvO zaSv<|28MH^!v#J({WmXwNXIQ=%TmhoV_yqU>jTOQNCHYIYb(l!Vx_(G6js=JD2 zelEwN*tj71N`K=(kmC&X(p>8p;oJ~Lya`x8*=0h>vy`?dkt4{q3}{4WdI~rtY-U8A zwu9Eoaj1au`3xC&;Kne1AtPE%{LQ6yNtvu}O`)RxX9w+n)kG4>GEc2`Pw@V`*DdpqOH7?EaW>25Fzel0tuyF4)~la@+9DOK5$J-2uj(GdgDT_Dq0MKUI@)S(misl+sfGOc{{4RX%LPyHe;t@)NuhaIo=7 zu7Ll?$#XWBCHaBTOxy*LZ>o$5x=?1t;BcldSy91<<|tZjnmRuULFRB)@-VLr4RkVI{^^)Z>l70Rdzz} z#tuI%@?t0S{GR}G*wmTcK716iH-JzNSKIuVAxq=U$Pv#@RFSIhn{q5xWPZ3U=$DxU zDFLGy3t^&ZcMzxze}7g6)mPuPEc|q-g&(RdA&I`bI8x!1wGy&tUyqps98RMMy<0`$ zQELl1aITiCBhSX$6!{=^)=9qUVHdHZ68;pFO#KFp&+*$~QLSXxFW3Dk4lx|WvVc5T#mE9LxA*XUyxor&kZj39pB27dO4Mu4<)Jg(>IiR zlOgq~!22nay}l5nr@C&0saG&uFt4hZC4BL~BCD&LJvtRN-Bc(1mr~a(7u5U~KRWdK z;DW%l`j79DvGV%nHqZS=7t`lZQDfwrBR?sK z@U@kZr)H#}*~aE>!|AI%Svn*3_?7Tl z8r&DVzFi4fNK39jg8FEX+M) zUiTz`gC9_r3u_m{9kY8Jit8Rgp)-UMO`#xRRRbDRKMPBb(G+~2o%Xbiw1CM7s5_tu z6Acw|bFN*lRKuW@>0@!te2_8jmUjI&w||Hs=Ey%9qqzo`wtL!6Q<17rkaWe2Er#-- z9>^a-j2}0nv&UL;;6c_Ae$A(|K|x?itFh48%lH=g3Eu(|gG6b#akNW_y()LwL7aKq z-1qYVU~rMP1PMn!K%i*;ZA?N>g-#n(pWDLo^Au!2OQfHXJert(R{VYhO6Wk8k1QGHCuz* z`t0n|$10$JspT9qEpc~En?a3lFvZe@0)GI$5q_kl+k6l!#hjw4#EcWVI-vSnZu99d z=7U!jq}U|{vaY|0sB-SA{=2TpSCy5{o_#TFRY_tgSb-k;lhGCLB0oT#k0g`@m^-Y< zxtrZxLtGU*@d{duo}BYscFTFCD%D=WK>3eU(O2{QN$$afqtbPE-AIpO&+npz_<1_RN<7%cH^yeRE;x75<)pU@e?ZfL&|LNNqx!%ap2n<2v&Wl28iaFc%X7 zsn7kqg>4MTq|PNH>k2mc=dgA~QaE+Wcz^}05zU~XdsKbyb_PhJyQ~A2E%!^A%O2Aw zt#=u_xJVRLTbkR)bA@AF)vUK`!f`?tE;WveDBM@6+L|eF79kzC_w*`}Th>Lbl`_Bs zhsN9%w2u>>|1qbXl{$+JLZN)df^Qb}K3&D`dBNZF{ds6*<#sLM{{E`A>+pcp#rS5y zfMxES;I;0Sh3Zp!y6g!z&Qw%J%A12$HlhV2LOnttx{r~<% zugG(^K&X*H&*Yewm)sb0TzFWgsKz%+MNY{fwf@7 z6Zzf0TP#DvFg)TLk+P)kj?5qm@66ManAR+4+o?=4S;bK%T0B(gahhNA+Hx7zr1=A7 zdmRDQrox4=$88w~}2BNb0Fik9jWGn;17MY_IixxFOyf*SzU%Z%O@m zU9~o+-`Fb8-CFw1nwrvd2f0U?P?tO*y^Ri(n)?{gB|Bhh$Gr_HpY)ICk{r46_T~4l zAA@Qsxyx;_KIBbx(Cd)40=t=)qpoFs3rq{6u67OJ9=U+5KwbA|k9)L5#e-W_5z7V> z-sARkTTC2@ydfAmlScR+;0TeVng&D>1zQKzf!zvEP*L2%!=ZZm>SW6-dL8qFwTa0M z4ZkmRMZC2sKPWVjw4bJUM?!nX1*iw^(&N=e-3n0nHu(4;7+U6joJ4IA3b<98ujQP) zRF~iGm;>*%^moi%5Pko$X7R+B}9{aG~Emq;B~e-)}?cOvC&0^!PA1E zCC_DIG6bdDUUcb_Z2tf*{`z{FC;@?<{2=x1FjXztYv7~73F$cIV+^5pF+>9$yxlV} zx@=hkB00?k*nECHr;l6TmR4mn8OA@H3DG!V9#D&^Llc ziw3j9M3Zve8THKIvny51hM!HerJ{K65w}sB{ z=PD1C=Q|k@ia(s#k9NjQHF>ASiE1V2D^6~T^iIK~ELA#VE!mgdd|`jwN|Q`7@k+FL zL4-guSGXrM3)B{EDYB0Sb2VS_Yv2h8+Ql%EFQ+Flm=%UAJol=3;wJM@%!@3 zdVTV1sGxWn;tT1BIN}nAiPm?C8~px5-5BDQb+p>zJ6VE?#{=VQzEiC^hLj-o;=6^N zqQ?6Bqfdd`B}_R57#sSkAKXZRUJX;t$*#JZLLRo=7AKNYo{hygHlNM`rQxwFF7*Vl z35SUo(dG^5@uT)Hqb4+Kuv&HIN zU>`6r%o?4^6!(UOR#CXP@nJFjYOKHmXmLJTePd!tC`)^#z+`oWWI8r&9~Py)p|ZHy zS71U&&j32}SYvR|?AOI|2gmcDtgFVX%UfdsOyC(@w!K4!3s*x$E`Di8=;gq>uXq{? zl)U|#wiV>F789Cn_V{BS=L_DNd3iQ5_jke&>Sp91_EP!brm&g9Ffri^_n>5&&KlB z>``OJiIp;nt0Si8sp@RJy89;xMU_&pRn+k^4`71{-TT;;(hpsko2HV{OjLj|ZGI2| zt)1zS=&8Y5#j)pX)u=P;dL_;k+2*ira{sTl-gEB*XXK!6nPA#+F>NmpG<3~oJ|#dRgCOP zlIm)Uy*+47ryTw%KmJT3$u_*zA|-a;3FLCEPbmbe>aERJi1wcKO*`bzIFP`Nb<*X= z#@Y^AL1Aqm4>)vnAwG;+GfCrfz5g*T$%OP>!rut;cSs`WBC?=pG?^35*Kc=P6x$Ml zq2QSBKA1m_Z*!t71l>FzVlZrW(Ov7$Pz@4y%V0NMj563Af~g!`F{fhIfI1~+;G*t( z#6l-{0O zr*spM&ZSl!F5-ReQ|hoF}cP}M=2POgTkuA2V&{S(64&TK~n49&0QBygV>>o2|H*(?lq3 z>oRZ~7{=!Wf)c70Loj?0)B_sQ$EP&^-if)pKo>V_C=s2*AQ!G7B#On;S~lDcMAhBt z;z|JDb2OB8e|DKoko2MPG*u7;kti%TCRPa}O5Dcf65@SK1U;%naFnBxmmuPj)mmpf zI$Y!JR=9xZjs^vF6-(8-PPp5+BUF7{*4>Hq_?P{AV4HsJ1S&Wo6}(@}PLqn}qm0o* zge^Z(2w%wFS;1E$a{hbD{<${*AdGx`souE z3Bg6dv3JU*qtwq^`D}M$$on>M5=Ax5`SEt^oa=Y53K^-py;$p%x9Y#x6f>G28Zemj zgEowZ=R7dBs`AaNQ_@I#Vl}})ZQRD>vr&0S0pp(bXB<-8+Ct4$)Yg7vU^2VwWHyKs z0fd~2L4nPsS)i@Ax%?HW(TGc%!S>8qIK!>|*4J(I*KhsWxPZYQTsH;EBR5-;l@AkX zx*$R+8?Us;cB!0@Oem`4PxM>JGJ$Q&U{&mr&qWwV29I`61jXqu09$c7T3x#UQFEPm z$M5xfk2{lZt6zMF+!PbkQ{GPL0gZtl^tn~U@|NU!!DntO{xA04Gb*YriyBpeAV?Ac zkqiQoK_n*?0RhQ5BT=&CPz1>tR5COb0y6$S*!Ia6ecT!exm7Vlu_?%S`wzTfTf ze!L%dj2euxhE?aBeb%09uDRykM>#%F%2Q-Fh+)Vi5?`MqcU+}iBCtVGaM)i&Qm|J{qiR%KW|{ZSbl&{F7D53cQRo#t&xx1RwX@qj89u?c zDoXeHQ>FBw92)61+RrLC{O9V0yFaVkwAG1G)|-JMg`(l8KmrNH4DUUw&bVawrQ8Du z0wgoG^=;p*+No+jxR5i;!qSBvmiOw~JIZtLV$Sw=kcn1PIyZX6E*WL?JxZ;q*<+;u;@6jl zyzwOM5hnYBnET*$nOq=!7dJ$9?l(8mXa}Y3MPMZvI@woTps=VF0Z~`cstz2zw}rQOb;!5XN7Yb(9c#W{iCgPBt}mTo%OFU9-A;FAM@ z@(L>muiY()fl&pf+CnX|3)2sty{1lk)pn`iA3|-$7Brwf$mXi;6LjX@Z*x*3gse(h z20qP~`e`mpewyfv$2mzG>K$k%@lvSBieY0?zY|Pf8lwypht0CP^^soei%ZA1%LNhT z*=q19IJ>md1q77O^X)c6RAEac15(8|I0l1#@5w4yhFa?eVqBG*e%8IZMsxtwQ++K& zf0Q%W|8T1X= z4bD@xT0X)rLPnP|?G)J~peV9+1X6Z*=_RuI8oU-Gvdxk@?b_aBHSIWMsB$mkwN~o) z*$YR^7?Qw6$w|$1iuhbd4Y*dq~9H41Ny7s|*k^CcU(67cadPP}F++Py) z;M%)kWhs&oUGbXHI$j^zHgH(J)zniDf)FLOP+1DwD)WIEK>bN}oA7L0FJr4@+fp|-NwG4 z*o7z-)}UGb9<2P()o7$|BZXEh=W3*u5lGCgVWKrWZv>)hC>C?pbQU@7IC#uA22EBJ z+|6iP^E`-Zx+z`4QHrf9X7wXLAYSY?3gAArt4kzT_YPOTxaX@#ljjy}oLjz_mZ7?? zt*_RAR1{pRGO4r7aFt61l|n`+z4Wc_mWjWSyy;0{2-xQqn}@ykAyhAZM1neUV&Iij z6Rhym9)2uIF#SfF%5~Uf%T*wEQAw~`@F4A@B8O(rhmq~x#%%>LeBmrX{qy=l*eQd6 zOYGR7ou8i})r=HUAmu9<&f>mMCK>p;65Z;&8o$ngb!%_7XDu&14|vQ1jH+H{pH+jx zuF`b?`CjvCXOUjQtSJxRk?Ougd3YIQz9Pk&^ib`?Sfj(! zUK+W#S9r@)?|HEKAW`VS3sVeq_vQEB18}(vL{qHt$OlQ12wbA$8j(}(eO05gT168w zH^|kMFdQ6Iy|>F5u11>1h}AzBsMX>r)w6GDSczb$z9#-)JNpP)*07NE;LDAnYOi|T zYXe8E=!c3n#VvA0HOo|GO?$eNwvk(r`IilyN!KL*gPoh@x9`An&kSwEMxDB01Vxt- z!&$$&`CxS1bmWeG8`jp_{sD!0|ER=FfeHjakgPJo_88dtyH0?-_>S(^HE zkSN;?=wTNZBxeRW%_Vj){88!)CRrL+x;75p5`;~%q3twp6#1kc4%AEBVn_W9ZI?>U zaRV%HromNS=-$rQ#KqgZclN0d=7Wgi(P$ZJ>)HX0r3sL5tRhR?*iUAGtUlN)V)w4J z;pD_+@OwVlsiMSI(1Q!_{adaje%Ef?ehu~5FIj-Es3}QkHCc$(D#0lR0UH60`$(~f zQ|vd$K0uwE)*V~L`HX&ah^B07R{wE<~{RfmR8)fz}a9yCeA2fy)3Ep5eCYoA#+2#o|y7U+DwQbih z*^Lt8g!$BHBr$h>(_kp@81)QFUOc^X`uqvLc&xAQjk^E+}YA*GkQR((Q<6tp@6TtFeeVpjLoIT%e%6a&+mq z4szmJ)IL7CpXo^Bde@l9j(^%Xy{dg%q?WJSWcIg8tOBoZ=d=nu7~@=@XEf${0G00% zxR~-kx`Rbi<)G`DK*FZ5(ERe;H7Wl?erlx?JL$5G;fAvoit)6`&H; zdCLsv`PP#&-a#PQkFKX3x;1I1PPZ&O#7#NZ(TB2I+g*$|gS<8?m?OW8Al)yc=lSvZ ziq}&Jn@l`Nlwx`AVQe5s6Aj((o#`Q>Pc2r-G>XSdT=eS{CYfPsuMjdT>zqf1CNa^_ zdYAvSGXpjJ_EK>0dx&-Rb9(9$B(HkTW)sYcjmN1tH|_=X>Jm5a3oRps`lg-pKK6xL;Y-%AF!o*R<|;ej}%oHk`7= zN)J@(b(VK8)eu0kS6ue|Rm@47cOCi)H36Xp^bh&$T9)zKY+&L2mu(Ak$_kI8`SwA^ z+>tALiSXdPh`Z*qbj`6&e!Jq0I{~~yn|{a6&>52=^Zqg;NYyls4Jlh*m1P<_ub#t4 zHJ+=&?%q8bWJ$gizLN`lAwUv=ywF3Q0i>sm!Wx#L8&fY^0?KJ<+%wzO&1iILHJJ}4 zeVU)<{mga$N1wT*2Kr$<1D#rEbzpQ9;&*YWfFWQKeW?~4K1$08n0tx9^MH$r<62JE zix!Ugw2S}{a!Uo&z$Fsbn#mPptHJ@S5Dbr<&H#xP))>JqI4?8a(1F0Tep<2?LI_r@ zHaKn?JLCIBI0gkfCL64o!n^UIM+io_R?Mqty$}C}P9XmF5DIIRiv>*IKrNIT%|Fo~ zs7Xaw@ZcWFGJLqHOtWiYCO zL7q)FK`X!TFmiTL&$h*J(yD#-0z`Ls0C+^6oo>6otgulol5BIc{?C@Ve~DyTM!-yU z^#{B9qnWA!NJx8JjWF4@&5gmi5ZM9+q&?(^tr*N!~|K7z}0Q;lcDwz z-D+v~Z4*N0KxqhDHg)QS6Kj#_zie^olx z2toNEp_*&Vq}5D)u)bYDERNed=$wLrwo^y-97@I?`0V%8S~cU<6g+zYJQ$sAXemxf zGi~V2X~7wNGiWviU+ipk!3yc)rnFJqEPbrJTp<>yrYQCi+iEF}EZGn0vd+?8&E0$2 z2iSgGzUQJ#ijO>c`<$e_00xGyg1*D6n@hynb&*e9{Q_~ci^~Uf+nV3P+ePbr;#H)r z2HMIXC@#CY-Nd!6+F6c68lNRPs}%D@TSrA-r#%+S9AK`MjvF=K`F2UPQak+Q9NGQ& zl|)-Edt_j*lZnB*r_>4G=cN3Ysnbby%syo)pz?v3^#%i3dAN2tA+lHGVqsy4vRLF| zdT1z!SW($%@ll!vRq=#pzTMEuJGjPpXHS4XfO^SL8 z-CPjV(T^IZUGa5_YbNCq5*Wo#Ru}1Sy}4+7-=u-Xz87)J(>!9&tyd>M?@|potMWJl z^2SiZhJ)d;KG=8ix)thp#mX^;`Onn}JHWRz$sh9ref>jzE?UCH{bBJjZ8aHE;D2fw z&8OLjo&ws2jQ3o9cGdx^|r z?m%5zfOViGMw}x8JW{jFueY8o7wBqN-Ik+LP%p0NZEIgwUV7MFnR^|+ zm=Hj(lu)`1B=f>&A!XqBX+Y71__kPT>Y1M7e5#qU1xr)dA*zN|BXcj)_xP+KH*Ki8 z+mz|-pmqjFZx3B0o`62H!u{Q^m!?1Y+QXJ??dxd{$Z?U^Lyf-B>3LwEv*tkT@@Cg)s08qc~lcZXs5w6JOU`jnn+wOS;| zzTP}ZE>2Ncc1;U4`z%)M(9Cf*p-%#t=9edQaX7X&w6Kfd?PY1n?-bduP6u@Gp-U-a z&kWwAz}ut#L3EG;*h#Am!y@z_^ox5UcP=t*pB973i(%;kfIo)*mj%nE=&Dq+eqqXSIRT_qIX6 ztCS4oD(OT#Sv%dHv~ge;;Gnj_WZ(N_a8aS;brzn_3ahPstAy{)4q2FG^CQ~_899Zw z4My=kGn(GNRNNa%5C$616GRK00{5q*<@_yi{Adv3vbkm3$rX>T%9|7rJA1gLcZ`b7 z$Oo9OJ#y7lDQCuwrjB009&(`hF7J3HT_oY{om|4%cbD=`v3^Dk+WqCR!>9k1N?gKm z6$jw-tch&?F++@#e=gRE{2lmNU?SU!<8M~^RJAOM=j%mf5#g_Q$vzaFCOh{E4LbLU z8ErzXyA+1-ryMkdmd^>qp8<(i-aNo%`JqOIuN7a=464F(9WWL}GI(kPH90-@q<1+s z2A_c?u@7tkm1O%xEB!3&c&vNz>sZaV(fzQ%h`A?v?bKeY16436R+Vc(<&RDVbGoD2`^{62b>I z3j{bya?ON2umlbT6w|fZJqv&!#omIho335W0L9u>HoU%AV5(RUWVukG515HMtuirJ z>>&C_h2r`3(!wbWOkdqIRqx~U z&AKoAfVQXgw5VA4WdH~uTNy~e8I=>s)dC1yLnX@=3GFFz5btz!D$nW=-6^2^ua-*d zW6}U`!D7p&EWa?c>fzHY5p^gluna)pu$5>$dkwbS76SaP;OW9fIOKwkqq>{54b_Cx zQQBxbyPoEIev;qC38@?@q(1(7CSE&Z5m}|arqw?+<@9R4*qQU5Z;AvsX^O^CJ2swq z#G&?FB0_S6*y~4MYqR!(ZVl=up{&dJUatXg<(eQ98o=N8Jx$JlB5QhqY{D7K)BKfr zqG1*`EQ){fMS^&jlngw3x({$cMvOe%i=dV`+mReNz+q!o8((4$yx#%yK0Jo4odJEj zT2~3qn$^!%jaxNOKla{t7O!sOFGeFhmfC2Bg(8}(JWTCGt@It)aS$$j_>8UAy!Js_E|B5FyvF7 zbm|=-9V_;0{r227@OKkxf7|u;hWKgrk+%3@qJYsH5J4eoKnhTMH>*~nSUSn`V0&QN z+)$;UkIJ3wc{S?%l&q+;TUU44`uiZO`Z0VNhwZ%CV_ElVq&IijXq=X>*Xfpfq;uDW z*(~5?szqEJ=mwQ^wu}9_6=Dk)Te}Lrc<%?rd{OXott8MY9DcDatd!*qOTQo`9%fGQ zSa<;VZt_bF^hyN>pd#JGA`+az9D6xCj_p*;J>2ImxrYW*HiHY=_}tz*^PyHz12SAp z`@k4H<%l8RQrZ&)Zqy>eZWccH3WY95ti;U8l!4!SbZIU{e8Qs19gwEsQ{Xu^v)Zg^ zr%qe>vNU~Wvr6NGkUgoc@@ij-Q8o#F0{KKs&0iPql z19s`PH;oapSesNzn-qaq$Y@~M*JWx6uhjW}Dm-NB)Z!~T9u_l~4Ff4U=s@@__*=&b=(9!^YWCZ#w9ew{m>OD7koC3q+0Lf6!wJO?;N z$ZO7;<=_T=*^B*M=8T*&$O)5ziq{rPesU9Hl3{G9YQ{O_o0#qf=B1mXYW^F#R^_Bq zWV9N-$>`*syC=SlH|m(Ijb$-0fcY3Mdtj|uJvpWH=Sd3ixxDzjY~!}YPqE}xlf=ay zXnL=#A6DYMIX1XINZB!1HiYClRM1R)4ei#;Mxp1XC`6?L0G3X-vlQ2tqa=R*proNQ zg3k!m|0PDT*#YuV(03Wa`3x|{`t&$c(Q?J$qH&)d8Rk9NsTjjO2lj`NUR@>J||QED8|*Sq;QZkNvzpioX-vHIl< zoh1ITT$z8FP->d__nu(=*#7&y5W#eJ6r1MOurRh=ipi{sd>Z!Eu__A*y&3>jK z7np*A<7|`OtG7e0J*CRkh`GWcXLU!E=31AT}Mlg{vRbYun58E1|wGDo~1P~ z%^i5EYN1}tcGW$-EM;bD;R+zD@pIZ!P_g zmAPN!<}yR66+qiQ50{rM-fbyaK|NRGhMw`do~*oc7-WbQ1%rK8>N|Ivk<)yDR*?A#TMd=4~t5R|udOv0sx zqJTvU*WxuLcjPkDFv_|J^`Hl$=o2KpMA-iAFu)D z_6X2S3T%I_Zx9 z!T-m$b0O8Oz-&(fx@w6CfCs8;-n#8~wmW3|u_x66Z1t_Gvy&~yDnH#zo1kms{1K+% zy^^JuGk|mtfNy>{Q)+qD+b>yGrS&UEUz&im5$F6f(?#wLFzD%!2>eXoeCG?n2fbQ* zt3(|OxsQn`$dO6prTz7kVBfd-=P3Obd8*&`a;rPHwy31bAVMksn5aign7?<-6IPoW zGrCCfJ$HR&Gz#yIoU6W2MgzJgTs~lFS%&BbgEZ?tp1glnti9I(#P`&LPI7@uu>Y5x zH2&hghdjW^MmvtM{YV)F@;{n@6ae%6Yr7}@{VV@*n!W#fT>c)HA2aJ;RKWj|=>LwF z|J-!^dtCk=7rwve(cgLc|3%CHMuxwU;r|n4h`z9dv$v)RP70zHww0%IwH<5e+e$Da zNVs&TXL9RqvE8~im=#RQvc0WI8PTZsCUEg|C7l}-*L*ig|1I&hM4zOaw}oG$NS6z= z^7mc3D!Fc$;y;?;uXv=r-wGcRHv{x=)ibVZVBwqRsH~fPY(H#k|T>T$k zJNQ?z*_*zQGzVP4eg(WmlzK>}vFg~&gFz~c_xBM0J;eWO z6w}@%o|_f;5{ygsHb1Q1|L1)8{TGAIzyHt=cyM39&PuEDub4JwdLPM(s56Y+m+(G% zZ~3OItn67)B?0~Uyx-luSz;KYY+6U5?+ba44NS%=$5!wEtNBlxL%ib&lXsYHVa{-e zugx?PEV234RUxM=pGuH*6Z~;Tw(etSzoMe^7L2&XA}SSg>rK{^@Ov>tq7tt|y%34# zCV)Yb`T0ut56HMY>AA31sJ1NXv8k8hz;q${znv}t?_R~may5HxNtQvIh#{7rpWUk~ z!}|7zS?u5cn6`;f?@8>P@GP0gXKxrnMKdumNHdoeKa2jnaB*3*hJwej8_c+W0kr(* zn098_XuNj!IGT~?wD~tVbniyo6rz`kxDBR%f=x3$^yTQ+?f89_bWyL$jv!weku<9% zeIT#%lk_x$C%b;3+C16HQNW&u!?twg*eXfraaVt!5Vp-v$P;?_7a)&T@OpXq!f}@X zLSnuuAee+FnCI3Ll24ve-2A_A=@Lz^U|G)#g&vn@+{GaMDT|# zB?q<+S(dHk?idp(c$9=OG-=WP`?e?SM6>Mvb?YHMVYL%4fFFf!sjQ|#^^ z$ONq|p|T+=f?H>O&JQ;%i0uHl7z-?jC9S)19HH^{bim&D8DaH*X?7J{pKiVg zfS&rke{$VKIS6|`(90tV>(|)*I)$BZ;vJHUS&yAniHLhB$eX2)+Mm2?2(>ZTd~e|Y z_^*Vc*H^P}#7dq0|4MW#-<+FebC?A^^1fj&ng3qYAqw-42PUk-&>pAa)EATk-*xN9 zx4nahhD%I%_ZPa;-urpbKL7ui74%xhpZzac;VxmFCoClmfC##IYh(OB+=d;io5uc_ zp|@lgF*dGyb@}q7^@$k$8|-ry_Ah!-FlP1d)0X#J(f%Bu--!8#U;Eb&=M>NgwLRiE zPp4!J|n5F(toVQg6_!&WYoP$3E@)Zm; z`73CVt#2hoev#UvAnYIaF@s+8FOWxUYv9*0_#FQ&Zl1?p!61DOPhE`qb;DX|elpXD zzrsxa{_%g@{C|D(_ptoyX#C^-|38NXy9)#77AvFD#T?4+IXQYS6~;r_TQ>#0*RJ>tQ(UmLH8b3(PpP$jib z*E{=&uDloZbW#CN3mJ$@Jov|u{CtD$dpSoh_*!rLf&kj_pXjM{<9BX;o^m-~kJlHc zAJMuHzu;Lem|DO|e^`WLMOWGH|9=FsIajn#Eal03AnKkJ-q|&0vroXHZGnLP&sHV{ z*nhYXxl}H{$O#-s z72ilQ{y|s3HoUxDTz*l%(+6F^tINc4vh*XVP^(^V0wKXDA=gy#zW6sLU&E+X^TR!Z zoq%rz?cs*41wOn@|MF;%IJE+Wb3Vu!D{A8&O{f9V!}g5wCSRCfeN6phxLTQ?%|*v@ zl}LCgfu9G9hO<~NVQ1`2EDSeEJ@m|)Lz0pVgD`Q0gbJ!yVcA{+*NZ*W;cQi3xn?|N zvA9Gtxi(o$WfqIQuIWnZsk5FNCDZ44X44 zjm&b{b;R>+bv`Qlqj|FE*S$nBdBLGRsiNlBe2!+Z3U#uDmwV#6jMDp4=QlRwtE~lc z^lG;|)U=UEC%M2jZMAYCC)1y)U3S@ zr~oOK?K4cdcy2n^?O}fP?umiB&5Y$oJM(^37p;$kL5HI0Le5~tbaDBCY#EZVW8BU( zp*U|tUW;e&7uNoqi+sL2uiq@~_lDw-cF2qrY2dpUJ0hPI=Mt zLW5s3&47(cYsa>)==x`$B3241e!Yp!>K~l{l>{ee`?@I{%)u)1gp$jsUJ=HrpH-yg z&|gha`yF`>l1pU2o~sb|b}(0g!}ne1V?*B=JR-_Xg@vyYmR7Ls^UAvC=c%^@6m3Bo zZwUT58)$dJ0Znazxc;>u-mfr!8Tw;hdu60u%zwcWlfU!IIfV6;_QvN4ROcA7xm*6N zAmXgf#?^#|IG+oeSYb;ZH^GXZD9X=$=DLlR%CoN(x|qbKmwIxz#uVjS;?8ZhIFnc+ z+);ymg3Mt}U=!SAen4W_;+?QQ>R|oMbG#q*mGZHv$N34~!J0tw;bw)mjt!i$P^09j z7|12>=^IK4;Yk}B^<#;!nRI*_aV8A<-4|aPNFMPOkA2$>X!#9K@*5V@%H$YjA%mLTBe8X%F(v)ac#Xd4Z|=mq*p8o{#%w$|REpfSMBF2K z(O2;HTXIZilw4SlEE<^uBxf?4V?oODN;%JVe4`HTpY?+76i=)?#o$McYtW%u z>7fpyFGDQ@jDbrtucW+MXrwgRZF$Nn;64{J$Bp)UE8pHoF3QOhrD-tTq&22DCe>Uu zWQ~6n0GGgLZ&h|w+<;STw@khCi+S9_sTXb8sv^d@2>AqY?@^Lnkisjle%~p8t;Ey3 zqIY4SNwqtxi+V?)`}mXnR9J8tWr%N5LgA9q9o@Vb&tIZ4AcGL1Jz^|ZHe{aO)qgIX z_k?eDvxjEV&MYp6iW+|7-(+5ISr zx?0anzkg<Vsc+$suB3iw@AHToii9U`#qF zs&^vr(PWiXkfVY}gWHxcm5|r;J$W{__>}ve#fUra?@O5bW6p+B2_L>k$0AVMTavXx zO_TfI_tGp5*f>J0@vaY+5Tpy6`(YXR*w;HPzvsygQB5Ok(!<9fJt5hrfp~84yRJ{i zl^Q{;Zjo~6KHbDmh&P0IDdhL1<+5p&lAD`%#^*ejJW&b42J^nZzIJVo-NIM}J+uwi zFV|&lu*2h}PaRu%o#Q^K>-J#Rda8(Uk{n5w>;P`r0Ub{e;*|OBecVE!pAiWA^ex(g zL8h5tW=^G#!1k;=8um3SM$5qtPHDHDgm(w#)-4mh=%pA$atDL7sqrvIjes#GOXp^P zye4>8dDME6N7!S&f@I}EhE%@9>8+YhUS>-2_adyk$Uv8I`nkf^fVG`-!CE!(2;!NK zCZ;mT583w}^a0PSq4Eq5*14-#y*X#SX$u66z+&3tD76spuO66Kd9!ue=dooywb<3i|4&HiO2F;&>dQ7Q|`%pqNHP-`B2mgq3tDy{k^fd zsD4t|ZGAfOaC;vD;);|8oQtMK*ENbX!%q&@>_4*KHG6D4f5hqnALt`gOkmeZYjEE% zW{g@G#Uh}}q!z>KFVae+>cqlZRY+h>aGtKf&83@ph*Bfgc3B+`JcLUueI}u2DaZa` z82b3+eDUV0QgP+PYJb|{@S0b)QRcgxh`IQ!XAzntwfYZk6&Xsa(0o+rW zN@UvcUFpe%*Hr>>`r2mYd=)h}8_k!^L&Rh^@31s=2dVLiIkQi=GmD+V(>J?^;3D9Z z%>Cwv#`D0sEsWo6x?F+w9tLSAs4bplkwwYA&u8qbWlod!OK%{ldSfS++kfHLg;+IG zibx|?hnsZ7v(-Do?Tu02&*(q>?Z%ZcCvxj53~_HXiDn5dvRC3_?|f@c^E0+(iJ%25ZxL=X;dhXpu%DD~x*IPA-}~ zl@da?`J$pe=0r*1Hj=(vet=fIaT!FU#_gP%gk2OQ@ah>k<*bGef`@gXFz$-vCF`ceTZBQ&5nXjCq&%N$Ezy;YX)Q0#1cSA!Zv_CcPW{osGrh}OjY&}?>uC} zAfEi#Yy_J*AQi zG3H4Z+>I^1@1acdg?5a+yg~nC*xKyHU4}6f?XSyFN zkv!XNv~sggz`c|bv7FSly0={9a&{yu?2Wj+oAia8HzyzMcwhBXz;Tq@A-!cEI6wMb z&7kW%|3rIxXrPgxckb?*iE^s^ckWThn&0i zy7=92abPOk3pnOo+kZAnt)QM#viLnN-)f_VspLnZHO z%_Y``@^iaWcvaR^8E?FK-SbI`i6WOq*gL)#7tV3UWs(!N2Q(Urxk>K5PWl}Dv4w2w zVDXu+|KnV<>cG=lA+?$3R4qw&1nf9A9$0H9O;+2P*NV@!2VT3l2OqmDORR=0rLrBx zyCH9hw{%Rd3we&4F7BLoloCtMo9E#+sM6BpdC%P*=B6UGUYyF8-ZB3*;&`kHrtquZPAo=`(5_UDfid* zIP*iNNH`1VuvlHLSU_|vJT8wYQe4n>qAJ3q%?aw!nTU*VG!5-?)pENh?s2v)b~02t z1JXzo#itmI?M(Ps7hB6(9{2K4$g)qudgerKXW6-$#0?IW35}(UliHf9z7LkSgwvG5 zdYyX>Q;!^`>i5Z3I}>bfY1L&Zf!SF!O4Y&I?}O$tUg;beE1o(K)loVi8ol8hcWMx6 zJeeF{BGk^3-7sD-@qCMb2H&$YxyX_vH7%C#igm;3BilR(kh(pg)}Dt(zNiL9IEK5Y z@ndOWkjh;6$Q2PlGrN$eI6sLY=5Sfe`)%2Pl%SF&sM2k4Di85E2crmKKKf|{eO#JV zPvd#*D4&~A%OHqnXV0X|>S&|81v2WC#NiwgFZYGwyX|!t)UdgTYi>L`$FpTvoKnGB zeY->2>W?=b_bpORPf7f>RSUki*e0gTwbhu;&4WzDNI$$&vI8K#{Qv_6N!Cj<*>CofqGzMSW&23s6AcG+Q#_B;+G%iwDuSCwGX7;zgC zz_ESep;$yPomqr58W_6pUUhzc)Pt4?41sD$4o``0dFvJd&jqLtI!Ht}tU_0&-F4GX zzia%R^0!!O=~2oC$MG4QONHShZ^i@-r|K`JVrM&M&OOsv5uRv;hTII;-?ftaS=7v}U^Z>DPkv;cRE|umHnGhoVEv75Q$dFEIsP)} ziRu7&DtaZo$nw2(?wJI#v?X%dXD@`QtfJW6CU%K|V^ zMOaH>Taaq2cfWg5ir195Gudv$xGUUtTr;{8E4la&Ws@-Ex`&=|rs%V!-t@>kMRFL) zpmmhRLT&QOtiWOC?HFN_vXJ2qQxA0*?bF5|)cI-2j987#zFS?$Wvf(tM~cVd<#GX4 z(DC+u=IwXd_hBC~H_xCWkaEPqU@)n!&h58-MT&eHwKG8M@+ivr0wsC;&XAI)7O~Jc zOCP*P0mo_%m62PqNxNMD)Iy(V0v#%4_jAsbY-k`Rf=vYTg#+(mTxW*)P)gDD1j1Inb#s zThR(=OI(>5In^Bxc5 z`L?~y&OcuvIL^B?7VS3?mfrm61`Us94UbVQnzNC7B5c&?7OrvRb)wKHC_rU5~O(J4xh*X zi|+DXQ8V{8BkC=n!2&%qo0kRDNHyy*JNo>0yfSVl<|}681e-F(I_rI5%^Q^cycZ){ zj31oyYfw*auIqc;IBcnOn~_d1cQqrxV+bK2G^E72bIhSzBM?L)okzMh&`i9mn~UWR z^8|Fq_37%`d7h{6cZRZZRYfPKQxd-q37B0*qsx{oO2r9V`!09ZDL`} zq70hFe4x-4i!yW-ASKDWlJ+e3u{YBu9#(9R2YxF>uK0Qg9HCq*pE4LVca!_Ki5MMb zIR+^j`s4{zM~snB3pQx>JtblouYsBm$RtfLheuP|1qW4R_ov}|2Gf<##*Vdtw%#Y1 z2>5~gH%iyFz8Y4{c=LOgikii$KpRJ4@eh2}*SYtD-UyVbiFdwXig`22@Q)(J1MLKV zcRG^!Mr_ZuUhwLWcL-2yuGrU0#|4E2pi4A{2Dd&YXqdOpaNr%PeQfp|-$HRpCjPzP z00;acW?N0hT=W`+fI#ZYagRiuj_MrHBe^)i22Y%;d7xeqDGG`0u)c*4GYs;B0t|-( z)mUX_dcN0=bzE+x>161J865ldyDbZpL26Dic6{(zkAs&lPVFoy^P3-Uwr0k6P;hm2 zKTqP`933Nc7II#2{%&j9?sx8`Xq6DTV%IDk8uawD=251qu(b+j351@1Fr{w&Cdat% zj8RIbao|g^WPo-}n|C2~j6cJB3Fp$Vs_uA$`6Fx{2izEth^zn2$9*B7}37xY&uxpz2PtkRuJN zE#c>p7Dzh(sAxi2%$cncnKN(XT?8yuOxyMp=1;ezZZ}d9LTH5`qZh>ZCzAAEg64qc znW59>xZ_@)`*p_hoxCtfOA9t=eY^2u?JP|wqLL-Ge56+s8cD`wHC$(fcx?N^f~`C( zd%(T=o=?MYO+@ZJlYzI8%^H~W?8tct&Qh282(X{TSbaNfN;^G1YU^ZYAWoXyb2e|aX0!x$!*NZby?^rW zD;ST70RQ9Tfws@;zq`SDKbt@8YV={^6{c7B>T6JGx+dd-e}5=to2AYeN@$lY=AY?CQN%Hxg) zTa(b{tl!ha?=+aWOWC`R%~~H{#TWRhh~R_R-CL}=5$s8J5RqWh>4ci|9V^zg&Jp@- zksle#rwb?SFgZ(k1*#mM zpB}s~)L`wriyNaIV+7^IqSsJ7@i_vq*t*gEgV z=hI%R#WS5-nJbGCSdsf=oSoHbil{}I#u|wT%!M3A) zC!QWRI{LzIv6Ci4nQEtrCPq9Z{0_j@G1E#-ralk--NP<)Hv>u^KSaYFWpM}l1h}Pn z6{L=fB?4N8G+*y_+1YS4Y}o8=#-kbt4h`@4>oh4+xpBhRt@J)`ZzE*5V8LMPX{!y+ zAufv2g1Z&-p4|mRAD+f;h2%$-;WB0WA5`9UMTFT;f0v#INhdsrph_T5Aas29YJzrx z3f)ZUaC!A>8i{rjSwNodf~O`uIzKI{sH}P*z`l+m9xbxV{UY1zaYwFb=ML{FXzUE( zxu+eYIAcMM{M45QJm;1(F+h70QAC(jE`vqFPrzZXMcBHbmaoH{Ge)g33$1uk6ZGIi zaNBJ_B5hNrbGi4H(SMVZ)<5{84JC!iM=W|$;nhbFuxyY36+gE7EsIFkLEG*b*IwDi zZ&O}I(-*Vnk>fLF56dF!Y%toN~7n}CjoTsL`+G=8l7~61M-r;51FHk@$=ZQ zo7xy|iiJj&qd28qHuFY4IK-e~Fbk4(#dtCq7#lzOa5Xbay z8!%-qFlgjlIJJX&e#c%dz0Ess*>Jq;{&`yHquP0cQRJ*9`#S=RVNEWiCo<++RE8pw zM*AyLpH#$+ea#L9ZN>@-3*0|NZa=+FtPS!o=DNwyu2@}2#%HZAmvEnahGZ*4!taxU z`BA2Z>4|7|2F%02n25#Xi5GK|%1h%+3{XlKA)V;K*2JTg-S(_pwp7@B40(^;d(s~%Q2d;X7@js z-hwV$vO!Rr(3HTRUe#CaKg}`(R{)KY!DGR8daB7>#PlWqj@@Vu9SK?E`>zqpX#+9# zPr9fo%1!!P#lM>1;@fVDfqK1D`9LktKJvh8IBafQMYpWH>I9JN+W{D)48vu}lIO}j z*UFmY&w;|woF;)SA?b1S%LQC%e4v9FAM$-#fP!fwWSm04KGPRH2W3I;9`)R zQPUBZ&scf=vs5wtOPU{Inc0?^o0N)g*N%CkF?L{9X>|a3lk6EmDQtw zVxEp4!9Od1l^j}Bfd(AQ)g0(?hR6g08oCM=9c2WK1b8zsx-wrOgE6{DC{T>zSsJ%0 z9!sogyFy-Wmu81xBync~huySVUxq}|0^qGbhddLc7r-#gR%#Nub=QX-7*g zi4)IK4^yezd3&vntK#VITg^!pP%>xbHMiSRh!0z5(Y=rtd}MsZEA z5V43D*V0MPqqK)VWx@l7st!90$SoyTo3rKRvSm{;eFSf+2(k_}JRC;H=>8nmdYi8{ z*(rYfo-U?)(49g8kc=e;slH{hN1lrVPeUeTT~A;dkJTR&u4@EBTs7r*9=I^EwXfP+ z^AY+P3C|Q}YX5rfPtRW+!Ikw>8?|(a}-;mQ|B5 zNF0e>6FIX`|BMXGv8nm05}V*=nU8mFEsc2o$^x~rzk7!gBL>G^lwQ)^(q*yNU6j|^ zwXxMe!&gnC7pt?S-z=#=Do$|tf7tu#u&CPZ-B&_E1O#CyX%VHnL+Ox`?viea0frEy zQ@TSsq@=q+TDn0Px@#Dkv%$BnbH3|*zw7*c{+nyq%zpOT&sxul`(Dd8z-Q>VTF9R)mLBoyfr&r};!olQ-v>+DqY>^29b zFI48XX~v$V7P^j=Hk8*LGqmkL3fEN=A=)7q4lGV|kLfxXe8&C}37Rl`J6KSAz$=sa zKL52*hUw9C@fT`T)aw|{eepRkaoJivoYun$f{LZ~bqLz$XbU}ru-%jdn?F`kZXiO> zPaBt*buB)xrF+p}*WkV`Ee)Sz;XAXXEY};|K*9RU&-7xFZka_0rV#CusDi*P4{4z3 zgxw30$<59QIRo(~IOVqKLbZ|6)T&N~QIwfKWqlUuJyW?C4^Sew6bLRWy`a^hb?O@LV*;bj};CLd;>#wcai4XZ_Wmoj8(19G^#Df zy~c`9wkL~A3s{fibkQGlsp`f=3n7oI5Kot0&+^DT!D{)Ip!kHj{Upr{A=Z&!dKPsL8VMF_VLOX=8F|c!@TsVPAy~;WRRd-nuN570iXZ$gq^I3+p zM&w6zE8JXx45bSZ9-+=3)H#SvkJl7;YkrcW|Y0+smRb-9*DB1D8ct!z9J@ z$tZzaGeL(9Uk(Qes-7od*}taqp}Ml9mRf;-_O8vSrz6%j0cjoD54FZRdmrmId&uZc zo((#$IbyYV-Zo~uH=?m;C+N2b>Lq166Bo8L^l$4Eb z)>+CTy6s#;xIj5M*s%LLt1eRf^elqj!nlwxMz3rpv6)_QBaaVqrBv(TaLPS-%i*k{ zx3t&jay(&Gpm5CVqTy&hnO>|tvz_}2dR2Yc<}0nF=8UtvPSwEFAX56235~ShOwR5| zrCD{qIkF2tZfaZy$=!FTc(+85jZ*0cYYm9Cd3RTpymb1uxdE#M#|! zFdZZ9@<7+G4c@L_Me|p#J~CA{i+*ZHHzD#|(;qk2x$TPr^1@dgm!Gd_d6Qa+(AkdUM6L=JJ)s{##IU344@Gv5*w}#%^1ht0pyL{JAbFl>+ z)dPHEFJz+SV?h8NQnvFZe`IGoM|Zbh=?y+K@iXAG;vk^u2%Dp}Z<*XSvgWYJIM2PN zdlHIBlz8pX@f5vuiDjRw1Od{+1s?qlp|)2WFA1Pw2~*uiRX7dz*j8NXKQxo-(^B!I zBo%;TSu9!`?iMO=al=ZWaM?D5YV-C}LU#r{61x%9A+9w*HpA9kb~E-9HjhSo3@`u; zPwAGos5zaA;@7u5N@K9?5E{t~*h+sk|Ks;vADBZwhHbo4`()?rW|rx;-Sen}gicAX zgr|XH^Xqtpp^)Wa+5rc4)K)-caw8_0bL=M#MFCMSWQf`3>9!;-;}g2l-Y9`$pN+lx zfI94p@)i=Ssq#?n4NsHWki{6aS3N_%By%axO2AZ?du(+TFb{T%QRPJHhP{Jh4XFl3 zHoBPJypl9D69#OAl769I+5S4ma>IU^@Q`m-?b7%{*p$!yZ8-sM-jMc%74Io_@S}cm z{kF3c(W?HARQmV1N4Na71)dlE$cfzDM@hQohrBY~Rg1xkE>|~#C0jD_e8I&!_2f~z z8k}DN#6~aIt&sasT6x8O3zjPlhwb)UF}G;oGQ2U)e9`lV+GY<$@l)$3dyC3OeftYM zaQqKhv(;u&1S7f3BQ!@+SAN6ww-PZ~aj;+i%t4NMrPHw(2dTrdDoPyB7l+GoTmr?lh^cJ%96DB_ z3QxuIrW2i3givKqdTeWtqR>B-{p-Q|nGEw6KVCp;HpUJg5lr&iRalRQB(ht*I-YK+ zKT%Z<eLSv08!hM<9BCcL+&NT{efHLk^{Qc;87e@pdO(Q7mx|cRPWXFTb#x z^^jk`<5dTu#=L8GeFht5ye99*Saj2i|F{I=AGuiU5pD>&>4e8cM zpc7R_t6yK7rkg9%5_WERtUOt$P2Kmjc_fEMH|7T46_l`Fqhsojq0uFtF7L!FN>c0! z*;J0TbBN2%-2T=fO6R5lpc84^`3w;#GJ+q)(kIB}cgiY0=dfB3bH7B7IEiAMFfn3zc)jg#s)rNNO-+n89mQt}nEojF*z}G8+^77VeVB(xI{0E&I zQ!al`0D7$^fKcvXFw(Vb;r!5}Zh)vR{xyt=#Zr^IQ7{}G2GC{7IqCdk?_BTwa~qhkZhKP;v&mjp)&%)0PO@qE6GO(Nr9@Qt+o$2tDtv-C`X% zi^ca~*o^hgPaC=ZuSDR)S}q#s;Zr_2GGHvW5lWFU)XEMy+z_OeSGG%Rfy#)&-YHoA zmSJ)d9o$G?s>YlCYMj8nrMGk@_G?+=acRu$N;YQ9UUlCqb0r>j$Ku#li6mrHTAyzJ ziohaY%!|Y>beB{~s5twDd_>Hny`L}3M)~}++R8+zVUIdd9j#NotNNTf(cr|Hr8Mdlj(w}&uwY(>LO~H8{ zCnl}xUY+LTEmGt@YHPptl2aS85rPGHL#_MJ%4i{;=NmO+KdSMDhkQHnpuVP~&j%M> z-#T_bXZ!BC8$Y>q-Tmqf(qDWMvUk`ARV^7-^~DZAZZVO?s9|8Bj_<+sM%lBmVr{(M z6ka@;6qdnf+7Ii(XTf{JN6ix>*`6gcJCrK@_$Q9zN70-%vQFlvxN8h*V%@UIkuLmo z6<=3+BGqCFk%I3EQ(l)eu zGBxLsU-B7hZwt;HsT!vOj{Owk7<8jH*@VG0`GS4V)=EPHxM87Rusn}eUhhuTCY|m~ zGloH~WP%!{pAgRt^-_Ma7MX3-6u+pNn7o;>>*|ux%-6mB`rUG*L%~4x0DG_{pP>Ma zWf8F2a^~^4A~l@6;;-j;pCu6?LE8K-A@T%z;Pt)f!d6UA;rj$sj_GJX&a#z}i*aCy!KSagd9YUTZ4tLkyB7Ijz#akfY;;uyDfMV0}T_zPr(Y2=i!Ue zgAP9GYqk^*-5MoXQFxu9g*Ck<7{_8vQXMc_%W>+*8*%FPMRi(dvzGO#{$k+?5}tIr zX3CxbEOn$WTsbGj=XXwV6afvqZzqd$_E#?e83A^x)Fm!7_pPxTzussDNxFEn^>4U% zoEV>5E&EMnd4qkB5w7-sWal3J*gY}|5O-nifF-`obg^z2z34>*T5C`BoQf<6zJM{vof7jt9dwHNX&nRZRL z(|Z!(AQT&XMVSRAKePv3q)tfq=BZ&KIAOg?kmvkzEw~Y)wgI$fAp;1(@j^aXkkSL( z$E5SZJ{ceS6n(5~wq?AKhZybVUUdi|;X0Hs(hQA5ZDvbGYntiyf6S>A5fr553OTDt z&2l$=JvjT>S#iULmr+b&b_JEz}{p@4=P6jwIbde>uujM9usO6nm(ra!kmhe`^&NI&3>hX-r`$?#4pts z%FwNSESjNVX5o=|wpt@uDGDTMnhkfPHEj`CrXboN3SIw#mXe^`Nk?)o3i*^FIf|m! zV*6B~*l<7UO5HPN@7>!)d-rRt9sWtgMSf0X% z_jqa_2BTAFDlD@K)QR!vwIwexH8|cZx#UP~CLZYEsX16L3R&VCUvgGXAA^YOiMcB{ zMT6Jio`{909{CS|1)ERl8WoSLMQq-jgnvr@~x~-AeIZuf;<&nnASoOXGprULMvQIqdqg zl`lfrR1Wxjd6>%Ipj79R6me`Sy!47ON5E0TSx6<|=PeDN6&0w=MTw#GJ7r z#1FpK>xHEjU843mm9GrnBjK_<&X^Iy4PD9k;)H`wb-U5t zLeiZ7-g&?%P3csIX@vI?H=|a~r*TY3fvlQf;vKHf4W9; z2K3hTE~a);PieoG&*Q`Rs7j~Y*RU$nT;?|7z?o~r>oD7+Emi|zQ{0Qmo_FkzHJgR+ zlW>ae%NxW9YbFVz@0%<74B6Fe18JSHjS*cmd1IQN>1a)m)=KY~iK2Sd?9!A8^FmS; z-g3^ta)4x8ZdilyH)6GDfnY=CBl+`Ul4gRk@ZtqeBewF&^2<`H^(XDd<=v00^Gf8D zkEp+XT{L37u;*C5Hzw1wl4r^pJicQ|w6E`1G&`&wdujQA^=ZKv8 zD3v%%-Nj`CJU<-LK56JW&o9BcpS^Vn_+FXnlHs{0j7NbqwhlM)EmO}vQPFwMcgT>@ zHJ*kHWDkuQ-xrX|4VXbwYp^g_dQwEDQV=WjIfDRa~$A>x>c<3F{qN~eSZ%yX7 zkw7<3DG~qlbK2M**r3rF52R8z$P7{2Jf@3|dtwu|G$^wSJ(fj59{gF{=pO+1p1;AV$V*$d2_t+z{?l?%MXOVfU|#i$%_E! z5P63(Cgs1-A)w#9*~2^Tm(LE@zU!h*3)3dKw@ID-rK=$|o=K?bE-KyNpW(+J8kLq( zi^21d=g5`z+(fNM#oIJHbCq#*j{CGxJHFnH3VFm!G5)CYqsZay(9q}XUMg3$QdP61 zdvaw_wUrM-s*yl_H)p|JAt^7ql?^Z*8P+oQt|`fw{c4N2udmMSx5lzLQ+OP^3SL>w zjIqho-#4g37xZ4o>2!D6a#gu|S^yDS&DkK8-xZw+$-K_FW#YNx5H?WR;;^2h zm^5h|BL95(-uFm%Q(de}`t-jD5PN^*ANr^#lW=%uaYgXzY!tbNx2{l(*y6 zOxdzH+JvOXd%a$$=5Plf*7=U;G}^vyqrKX73Rxdp)C-J^Wa1sMNt!|+- zfF)JaAUdX2T*^og9p1Tt)Ev4+}{!=z4mwR=dO| zEXfyP?IUCp$faupBA&nk!O!p<+t za0lm{Wfwz_pGDs;unQW=5NN76uDSBCs-8BnuI_tUxe6)Rn=9xz|HzA%rLsFAdr*1f z{LxBb$W9&=IM}IW<3;={gI?q|RkCU-7-C}H1t}OXlU8CcU+Q&-t6oLIhK+CIkod$B z9#B7yZZR6&nfzNpJb>Pg`wu@ri~J4;e8kXdKU3c=ce2_09I-$%%alOfDCn$+T5d1- zfimXA5oPzy*F{j#7oyz*5i!htX@v|m4%E#ltMop5>3Ajq*uK&9P6$yNkh1o;G4dL2 zULc3`Nxaw+bUvGUHQ7DMuf~O~7IM3Z*G}8*GmNOc@a+)-+I7LdIj{P6y`#YQ)7UUK$s)~SwPNrIEL1vUgY>` zzrm55A@N>u$xye>oO-*(-C+yNs0(rt_kc{UCMCkM*HKTq4o9MS z)|Y!XAcDomL8)77O)^u`elcvs7|Z9VKyTr^#`+M)AnxO=r|`*5rYMG7?TCg*@>&y& zcxpRD;0>O2bF_@Q>CYyqhmAz_b{t5dIONZX>&|>MWMQo4x0$NsQfV*z=ABL-^O2Y8 zm5@=n?vv^Itr<)))x?j7UDrLRbAelm8!=!6Z+X4=)n88heCRtZ0-6BqAry0Xb9;!& zmjd7jjj7Z=p{QFb=BHc>Mf5+Pu=Twt2!JjKcSz z^3?gG`=OuelVgG{5;~2?4`hjCKDB$Y(4sHMz*8>*=_gMZg?c&@)4iz|M3r_<04QcyM2(`^gS$z*jtl@6 zF$;;*v(N?LAi18vE(dw5&aA$wEnP(mXqz8u$_oV%)8+u_tu+D)CWK(X8Al6$ZepZ+ z4FPBQFu3~rx3uL;2TT3al;c1Wpb0ET)g^Ng{CW1GJpZlb3wLKPlKa)Kuapi4=|*uA zkyO(1rOq%!qQn%xsg<4Vyy;9~Z&)*F z*3%D`&yiU2X0vOPNP?mhUQrflS1ZJF0|0A#zKjF~z%D#HPNvst8j3$J<| z#T_kU4z17V$ZR=rc571>nl8!emx#YYxToB&8~1Ntc}^B}eW`o!0^Yv-0K*ce$EX-d z906?}ib#ZBeppJoG?6)}WVE4^iMsDPux?JP1vvvZ`jajotUl)f9bkLuOA^%-p1 zA|wc1Lole`tZB2IQ*nmhe2&Qtu8J8|JpOJLQVk+m@k%OA<)q=RPEM}t_*+LR{bXA(A0RA&y~G{U*t`r=JO=e>HNtQYnWqy z(snE*kgxEpKe!rGcmDMLtMi1B} za~6)}2(~Fo6drZQyo6n3q@e*3fUCscnLaMzJLXxr@lYoBGOr;<>Z!rk4x-l0#^tn8 zgJ(&Kp#2`?qt%Qjo1;JME8%5keX<(m*1>c)#e19`R$L+Y{0V#Wp0A)#adaG#Z|!|G z<)kKqI#~qeo>Aj27=jg+mgSi9h@wD^wC+uYSa;Krcg0<9l+RGb} ziX?*Lk74eN$2;z|S#YdKXfC5hNNTy!JJ8PP82>9SmXE5>#zU`iQQ>XpN2{@-djJIW znfv;wKEZI^q-ZyG>EqU;R zCCUP&?AUkq)39w$Be%^+m*|&{G?}SEKu)g}?$Oy>`2F~Y`A(dn{?2=cvCcd*DZ^tlB==`Qjt$ml+-^zUQw5`7Gv-xZ7S$2IYj>A~KUl4YOWBPftxi+;QvqCw-D zYDp3vARNy(372Kr8}z3}24!}?%My$&i5}hj*~HF%Hn>dRHgUDk;37>WrNR{CfC<|B z?(l(ZG2foCC+$%cc;B92@pea&!e(I(hqHKbuj7sl1*C87alfy-`}L{WvdcMtTKZYh z16HvJX5auy@rg1K3H8Sxvh#nG`+d@5+`#2 zS|XgmTJH*8g7BKx~ zIJv4@e3!+lL~F<-Q;g$da@kE#|LNG^*nkHQ1sJq0JIxgz8gD2bo`-4Gp-NIC{26o} zi0H@uLoDW4y(7^bFFB`De6P1|Zm5gA^OeSj+aV6LCsS$({0eU59oXvc)jC4LkU(q1 zlW`7=5($yrY-`yRCf0np=d;C%Yb#~13O58xo~FO@5}AHbj}BcsW2PL<`PzvN6&_Co zYuNDb#!HRtV7R=NtE&;yz*AcRo!g7l7JfbKX#c1Rw#MT&aGv3;%aSp)9Jld(>%r?p z9f%h*flgNt zGv(hti5xZD;_88LqCp9NCRqR6nc4-U`zljs&~R8;ncVul(8EErkQSll=4nkNNT|G5 zn%${$6aZL{!TlA%PkT_Fhkz!mMrOch$>kdEii&8A+r@V6-PC)Y@UHmTwhn38O+Hhe zj>;VkM~YB<{+V2rQrTuT!+9u6xvBo|YJ8_~f`X(7;9k{)HFX^l_LJDeCz0$4xC<-$ z?XdH0#7{DtJSiKn*Jj{D$iCdb3Yh$(uZ zqpSYH93$8#z^dYDd49|OZ}%(Ds?!AS>RmeQQ}upD2PFrf+tD%Z@2`L&_*k>5xaRmq{J}_>Q@e_~O6{_0G_AM_0pO6m zWccuRGlNep)G|OWMDF5fdF9WfZwvQtnr~4|fY8uqfa<$6&qXvFSEAOA?-M#qt3oHe z)E21wy|QKU!(a&-P&qjMz(CYdqFw&ZHSpIHITSjlojKuo$Vt?7cQ9T!h%uSoX+E5K zbnA2I()3gU;?UC2YV+l6LRurMQof2Ndqg)-08s$2%tb(0oMpdGFXpQCMaymYa{b6x z#ZjqE69H{6E%etkekx+xehqW`D~MAcUSTr$><6>H!~D=w0^8I=z%|kuE>(~&6sRG^ z;4_}9xj|2)%N9a9bW|?T%*~N{=W zfcydb_y=yaJ^SNPlib=3&wQHg+U{(1TcHFs4`oAu?Z$W}>v*1mOjotlq9{KE{fixk zd>T!M$XbdEYVh z3^xkE<)G44SNx$cx{fzpD=M>SRY*o$Ysn(UYVR-3K=&viZkB zen+mqjtjM`1Ig)FAmnQGPL$|`N12u*nGos%ijomxPP zH!;=evJl|U)Y-nk zZ%eN77b2jap;bLM?>04J>N!tkaY!ydr;*V)E+Ld6l*Ghq3rseH;=9{bcb6IM)0wYcov2&XsDXv?~=^z|0pdKJ{u1RZQ}0PAU)rCqQu z+x~+WsJ^fjIa;^p#a$X8?rpW74)<~HbHDb*trz!@R1gf}yJy6xTn?mx3rVR%vXr@r zBFi6CuppTruBHfjyk2-<1U@nxJ36j#juZ9iT@Gk|g!9#>j9!rCa{N0fl(`q9^y=wg zCD8gqO1SwL(p@(Gab~6uK#>OL`Srz}zLFq_QtzO8sy0Od`hKkT0ZXgxvFJ-O08xp0 zu;GhI+<4{F^{vJfC90;8f$o<>HBiZhJ2ve+Kle@cHW5fii*gNPUf-k{on{=TsZ|HTX2`dX#WP3p^P`@+ zZ){_(1Ldo@t+@+?T4K<+1ur z0a7pWd9$1TR6Xy&B&{u4%o*YRQbN3NC@Gw1+wy!a(ChSt zx!u+w2q^ceq|@lCt+S8Kv5Sv@Q8NcgIbThTJxcs$&vjzX z*Wn^0&6$%40qrn|W(Z!(WrKm+7nAXLRjRkQRtw#!V54;+uJr!!t>OUL;M1TbpANx4LT z4DZ1BhclN8k=`iYT%g86l+f`^kvcr{>ik%3{M=|lOPHw*xk?1Tz>5xZcXq(MY>)Ep7xC?Eh4r3;q6q*|7oPw8IM)Sy zYaog?nkgP`3h?fZ=G4iS3Lc^D1vi39KM5mqqz|U>KI#m?60XS=5KiK-$%J;x^%{^E z!V0KxXmdJ0jRJi6Ugfhce0X7r)cYRBV8sguGhdTn&&?LE_7ea}USOfo?1bDIZbSc& z<*{~v^LxG41wkH%9oZc-VPErc8inFy-2hVZNGzh0^7T(Kg%gC!h{f>jfP|&h%H#0;4L-VH$Og+hKGj;oLji;+SCH z_#C@YjxKJc0=2Lv8pX)vu3%|@Ow#PT>Kks^XB__wQ8Y=r$c0pXL#3j<_4&`CJDDPZ zQrS|t)ko&bdwhIKoF=&JF$M=m2kf7 zYk!40{+t8bx0r9;u){4j&?UcRGGG!uYoN*kVm&-A5?lu?aE%~%PX;*P@+4{5=?^*6 zi%%jWncgCtb6Vv-B_`%_R*TJ*NlJ{ROSBjh^^qW8rhy9E&yY|m59x5P)7l{u8JCj@ zW192v4~=sXVH`7@Sh5v90^w&#;D=5fz)zu^e)?qv$L`Z?W5pj`W1_pMgxr|k2Rv2M z!xCzJclg@lo5YBPugjCuKU#V7>}_9^{`z<-J8asfU+7Zm|Cr;O0OYtfW|(QxMqPlu zGT#&{-7fL-G=B1WH?*9&wuzEs(g<;VaGb?<3dt03Tu6{@9tgKXamY$bDBUK8276?*50vZI?fBw4DwN%YHe7KP!UR1FFJ@|>+ z^wy-;Us%TY=)130s!Zfd{+9oM5mO+Ho z?O9_|=^wNz6#?JRu8QzZ=4*si*8AHKPPbZlhYHJTSjwlFGmtu;T6`mE`m^@-;qU@S z#yMT>#ad2-J&?e*ZQrxM{W{Qnjl`JTy}rJEDOg8_#OPXD>BnmrV5JiUgh#W;q@eM< zmi68Rp6@}Pwu2G^+0s*_c-cVp1Ys zoWBd8aNFn_;9cgO8qM;-(h|oLw@pNZxW`}4vPcWLffzNue0NKI8^pwL4e`Yw=6(w& z<%?XU`-#ty$J_a|8E(r2$^8*W?SB&1+PtduOlKEJk29<-RTDg@Mh$84p5=Eti5Ck? zFh_aCVj?Ane6*g!Rc1Jx&$`|zW=_4)DIF}{4wWkyg1}L7blX@LL$||Jr z>t`QZ;_KGvd2G#tOX+TukU(yYybe41_{>Q|{Dn*>B>)-bn(JdS-N%W~zFQ`+L`OD< zDbtt=NHVi~B#!O|Zol8GYXXT$2_w+bXtW%G7!L3UsaqF_nrwzAdTG5Id&=@mMtl^a z1>7}~lo9$^0JmWg(Jgf1s&Qehh9(MqF87Kp7MtqGCfezA$A$d6?T&GBV_OITdo=co zfRZ}4Fu+K;9LOi6@Z7wCZMzpnt^~Ryc3O(9lTy-U7?2NLAqRhu1(GLowhLFj!1xcH zUpskQyr0s(_`G;Qj*8+#wx8~8`u0GX)c5_{x2+nY!;c@E76sW^W{d8mwYC;{ zRr3{17*bSMcGlgG$kTxx%P*VG6nLQ`FN2s_mXAnE0mifW zz7iaN+}Zz`p7hp(9omM;v2&|eGP%8=?u!&w*oFXO(Q2Wn?gNVrfh9<-&yT71z6`pL zKYQ3;RZ&&*@8ISM4b!lIrec%CMLcVXtaNPA-XxVj-4XGDzh;;K zw4jMhx=G@?w;Yqe*8iflE8u#$pAZ4`*-V`?xy2L##2w&pvyCCaN|K88(%P^z_+op~ zUgFm`C|u5_`5+>Ak5jdUV#xB?8&hkXlSpV`?U8P!C(qTVl&t~GizyNW{H^89)4_IF zA2@vIK|m<|`K3T}$$s^A6=I_H#{uHalVDFlz3YS$H#eT6bae0wVg|j4c1mFMf>qs3 z>?&ecAZ_aH%K7*XcX)WAhGP_387HXp$LC~NrC^q4{n6})vxv0)z2H{3Rv)C zy%CsSM3@Zq2%4}Zh*F;t$#5C6`H!*b4c{CKrH*fn!1*#4J3 z&KeSG0qb6YYY1+#s|jv8p|#7A!1$ANYJoDwtC-ntL#$GK*`M3L2SK*zA*4J}TiMlx z%$JN3kv4IwV2CF>j2sFts9Ba?hi)$%bXDhW7uPpke4`xdZCqlFIdi4nzJi~GyC2za zb|qO`RZK&}_+RqxzLq1b*u@pBtxMcAfToeIgq84~my9-r&*m=T3)U^?Zbt6wEZAsY zM!DFppCI!Oav#r+qsMc&#l{O(L$-P4Y}kjOYloawb4v3Yo0;pnHDxc&E@|ctb2yXZ z*9Kiy;2$0YheoX&Id1bYc`fALNH+c$gooo!yN5u0tyEI zhjyH1*u`l#k#)`M#^o65YL#`~&NRp%!LE!3xa7`9fzR{v>-O`x9IZUqJqj9m5bT9bF~cuw~(5(EKfF{Te%Kc$mMggW^_lgs;vi2JcAeWTA#aPlhn`X=^EN*&PY(4&nfAiBxY;}VG|0(nJt)5`|5{ioD z-Y3xohtunY>^Nn-NL{WCn>-{JC-rVFE?X{Tww&yh;;n zs;GN58RBvI^F-1^@b(?7Qgdho`_gDMGmM9#aWmADHA~V`P>nzGljvTv<@EQHub63R z9tWREPl@)jo`uU%tCA9W93*4r4nL$j`jmM-^9}rB=wqabLcR%4{-jB+3IF!y=B^Dt z)j*NJhw>A=ywBK z$)U83ET&SqN(H06v1}2;?g5^*A>s8Hj`z}q2$0nZ67IpS6a?P-F$tL+rbn!iQ zy*0m6w3m#$*9ot6*`}MW8tRCy#GCD*>Ewau$2rvuB>Zcy(fpn;tOS1_x?GUiEF4E} z*#%Dxfs+LHro&}R&dTR!IA`H}aKYV-#q6{zYqRE?$*a+?uXW!Ej78F?LM~$58A&hu z#dF<;jiXlEZfn?6;PXiri5^Qua&V->oi}JF`3&PiR?|)73s^&EF zZExv^^ZUD;sx#3NyBu7dWaRF%toRNreZHvdCl3x++Lzlc7ac2KZP;JEM89ZK!Hir~T{zBO zgrn6r9(|b~nboOTTHnSmU@s)cr4|zt0?&NQzuyVa&*E{9JYOas5wbzjf_0oZhBtHxBW9;xn+;w z(mE|ogNN+rjlBqQ#gC-oc2KR%^|1u;QGW@TMk}HkxB2E_k}pklejHeNu{+LxAL{wd zTVe>p6`)j2Ffc^nxMI_wVgjdmC8 z?`{`#pHkg6oQ!O(2dUn6lI$|V?1{H7d78roH;cl7ZWap`n5F}R?0QVJzbCDE72|9; zv`|p4f9W(4I4&u&74b+##CGY?4{mtE9tGL%thyzVBM)w{Xuc`Am0fIDxpaTvS5rTl zD_3GYS8ngRu;i~&?!Ql>ODM1FK2S1Z6sH>ztI8Q;uKV$9X(KZ=3Zzv2;YpR&ZPH>c zqx))7ey)j3bDVwY@_2VM+x1FsTDGpvWzvL265s$JUhSiE=GrLff8pJ8UV$Gp2>5fH zmI!FNPfLdtTR)t<1v@_oru#tt=d@ynIACTqIK@U>`hEuK!{0-zyMUq9hHhirV_$C1 zsz3Ckyw=sLvt3FhYAmfC(^*GrkE2tM+^fI!s<7Uzs~DB#Rl0SetE{yX+~aII+yz){ zw{tT?#{wU%X&spNz^*>L&hUBZ(XG_f3PX13R(ZVkaN8eEYc4yy`*pmq;!PR*f_lW& z*ZE004XGyHY9H5A%+9~#n!Uy4m@#S{948j`Z_2B%$)u!{LZVw{pwp~sfVsQFM<5zq zE-C@TTsA>Qb7`kMkBIm37QnG8mz-uJSt`E_Z)AD1^A&R|IEjy3n!X4&dlr=xCr-QE z$bKGFV^&(fTFmSWj?3~dxZSOQh6!7P72&Ll=UZXCv00D;v-V^E*O1-H?oR|xely(> z#kv(6VHKu_%M(?`gUJab*mn=|yvnmfoSI)6G@rf^h1h0X$8VE~HV8Y+=XlTy+BCoV zZXHD`t#jghTTr=q3Q@@x9dC9S_r1JS0c#H7t%W(Le|K}#aNFM+8?A3*m&IV}PaVGE zw=|s9)ETIH_dN1juBPjaa+dzzMFVR#KG49>REtz((j9#~+u+FIGdH?d(O z8x~N3O~l;n7sr_GUck&+omj_0ioH-@n!D z-&B|m`!(MRy0%_Ttc%E8gyzUBOpI(fA1|gH3v?0Cim|2&{5^F0nKUpG-5^CyT=-s7 z#Hha9+A1-Y6;G~qH!M5>DTvI6A~c_MR*rYxg0uND+vNK;_jzfxFRsxQ33RVI(MA^_ z``k*3+tu=3fYU)A-D&-dj0ppI1`))KAF=<3_9A+nd)zT`ru`R#ygx*nN|~#B@Psic z$I6YK!0KRsF2n1U{H@meq4x@cB_`jwOqb?P>elyg>+}8|o?fS=M~4VvcgN7sg6zV^ zLqJ5v$~Aj++u}H-KcFGqUqs#ANdCSU#i1V1{%TKTE{}UD%cFM4i+-aF`y@Ih56*1K z6}YZF$(QqNa@@#mf(~qUdOE(_-n$-NKI-#~mxT-w6e+u?MD#IU8kg}dbnh1M(vs;7 ztJ`Q&zR^2D*nJQj5yCb_2Wp2cYJp>m;gFhL7k2{`KBu_p&Awa#BZKE5ng9C;(OW=a?kyQ+?hqw6g1P1F8Q z`0T#j=C98fz@DqJ&?qwyt=lTF7%3^J#~ttEU2u}(Ii12Am*bZud+;C_)q#chu@@?X z{3Bd3-og$EAy5*nR)m~nZro@Vuco6J1Cj_G8zMR4S`w2Ee z08yGGTlwCvFvP+OzaYSI&g?;O-q$@9FN@-HBcR!TE(YYxq~W&0;cUqteOC4}y&~{f zeS9{jiElU`H>?>>=IAceSa$f6v}4N%fy%A}ICBvH&l$H~SSar*K8XsP@O-da4(!g2 zlH<`wB24^eEoAaSZ(1^Z3YhQTbPMR^Q(@e)Fn@AAEcUT^I@?(*&v%Pg6X20?!AqCA z)!11Loa40t>C0XCRK-wR?f*MAb#l&Ywizrzr5sdN;f+2BCP)T zJH8n3{P<*y&+f$NW&JeZYmi#EAzoUCU!TMJExHHy3Na<$LSg=oE%@ig z|44kJ0$4(Br&ai0zy0YA92HpSA~(3>UL1O#-aJw6;Nige|DyW;qWYijs+J5Yc=lE8 z>J_mG*mbl@{C=unM=5XS(StQ-J+B1NIJQ0BX^htIeI4M* zXuZF-1qtWg1PK366!iPfLBYB9#| z(h{rEst4jpiavG5AI);zX|hB8y++lcsEMHe-{%sifNE~NQY)5k#?87y^34W!Hd7WF zcCr3GW5}3Vk&pI?3RPfL9*gn(7Bm0P_u1Igj@zq+w^n#u3!C}xn&k9ERd1azOp*M{ z^gL72o3Ddy?m5_* zXQ04k>c*(@{7@ZBBU z1eF#81a~iPoV%x*IzlqYqnJ39_#fOB+c`b4)u7Y8a6}lBiafZC2es;VD0R1?^}JEW zmVzXs-Y1sthOiX^7xK{|fS^lsQ;+VYr*SVmr2m2R-v7FJ@4Q|KDcyMHz55%;FY3G`pp^RE~A`;ERK0Ni7iVlk@wb%ow*Ls|J3E!ysXvG?BLaPD3IXb>d?kp$5qLWrIqL?;q8Awl$-C{ZWsUWQd`J3}+5%+I#(?4DOIRFupK4-l+19DQ#XB%dX>lDfU!6*LyF8+IEy!ZeB zWvUmbc=qgR&(fUN=KmIV{gb7HQ(VcvJ7=kWX7)YuXP!xv#GjGx-dy zd&!<}MeV;$<$s~6Xc}j&UbsLKr0`f;{r5)lPlk8uRsJ@cKUku_J zwwb?8PD;j0WB$>lYi)wieNdgQdDCCNbd4RtJ91m;O0=@chudW8^mlLF-4~&FfrC#; zVNx!n*5rkY%K>55mGUDhlpARfQnBoF=pVD!{Z?9bv~^G?-ug^A6f`gF(fNH+e_UsVe`N_^S$!zNmr|*>X(BR4(3nNfjMow zM#pdIw6~k5_EB>sh&0+)ar(vvtCT-y_>`l6PT({>#0PT`r z<=t(jzqBCl-kp9fq0fu+dk9snvo-=ncG}!BGPd*qxgtx~3(ZjyhTvPCHPxy~F82)) z(hGlWol-P#aH%qOTM7-&-e=5YEY4+El+=x!;WQPygnnr26h%(;e60 z5sNb;4!?c=4WMV=fKyal^RY=A3vjL?JX^bPzwlaf5Mxwl%t?4yy7DD)?fpkjQ~%Np zXXpXU35R6e+RanDlxm|ovx;#`T&gr#mk4I&;MUPyy0ySuy^Qyu8DhC7GE`PWxn**k zFYoe>6q-6s&QkvAo&51Xcy3A6&EiT`2cB8ZJJ`A9AX!eIpytR5Jn8ulTzl8v+X{u7 zqQ|4`Rn8|eyi^KFor>ps;18Ei3SZD>luPm{M!|CEJI^i>5hh^KcftGIHa}5(74r1r z(k^_eQ)bI#+8+L~KtEjt7Wp#EBkE;sUL>J8DC)CYdl`v-a`We~gKg?jWTskrq@(A)G#EZv-w|CjKc^y5#3pAF^aU(ivk>QN zcfJ??b$Ps$9!sHcp26;`MRM!%aB3d&v`6wrwe!}Fld-E8A-mN^_z!xX&e9vJ7SY`8>PxIkCnNVXHS zbqf{R8LmtF!1Bu0(MRFriX4mnv?)*$iMMB*arjeKQE&*N%g1>h)PhL6)kfWgAVf4W(tf}~95@2_k>mOR)SL%p7`Ak}m~>cyz$SVm|qDSQ$F`hf5-LXSQ| zyJdiG5$QpDYSnR0dHPk#-^!}HXd;&4p^7(`onfNNIKZvT=iq7%d}qe&t(SrGP}kt8 z=D~8R69STd4l=bVKmMig`RZxU)6>et$6SqfpM2Wd>D=u&hK9MYQdNY)r;lA^us*9@zUTW!(d}O;3-OmQAI^bRB2c2{bwBEywrWH zET*Eg=HA6}37;aeM3c9g%o*8qA2v-85fk~`oz}!O2>{c+i@v$?{T4>0^l(RSOwx1| z@;@_l5&_~Yi+fu@Hjk{+cU{rLjAsf3yR9XYMi?sCJ6|42mmVd1xuvo9FDdgZ6b}3o zg^Ut~sy(8`nWr<@x_(~Ef6LL@}(Ih`!%5Vk`7ZRviT|9 z$uP^aJc}6(aq}U^UfIgUU$yD+C68{v+Foi7hV>@P%EyaUbe6H7B7+RoTlBb8hx5Pk zYNIVNW$*)8n$01)j4iEYn$L@V%M&G&(GnsIuObO zb}SvUC1cb9yvoO3#|1b*SO3h9Gofq>O^0XoGO z{i~Jy$<|XM2l;pRY{pE7)(qzZg{JH$BfHALp-kR}&dp(!R}||Wl_@}sRLm#vj83n| zLkYxUcBFhWRsP#jzTu_tGU~M9M}f+aAi%vp96UHwtgF{F;E)3%3SItC2vBDPi0$#+k||W+UT|&SPB| z=kgalB&oAwHBNwy?#Y*(_!v&ZAlO|vX2*&8WIh?4V$siPKU7J%&VnD8#Op-W%+dEl^np&&m ze_|54h!DI6ZEFinZC}G?>Q#gep86V7L`5yb`&A5QfjSj+PO-3f3X)L9}vYAA(?%Xl}rm5jPf$uNPj8!rm8ouO>D`l z1&#v@N?$cWN+LtGqA;9OQ=>0k1!Y_85a$sv*#C1{GntWN;N-wO<@t~Is`*AZ81~67 z_pbLpa+i>h%E0YKZA8q;@z@3&{&wb(Dypq==#b=LKxN*fNSWLz~fJ)s(l!8JeiJhm5k|*~Uw~ zkXTxeehm0vdns(TDWEmN3Hf1Y<}wli%3p%K-Y3#7vxSRmL(I$bkmAl2FOmsD`OTHh z_ip6rmf404W+8_Acir{-E9Jf~O}Y+2JJyFP_7#yw`X!2{LR#QSx4KC`QaaO_q^3Q- zm)V$b>QyMa1dL>n!1DPl*lLVQ3oYivXo<+Rm_mQ%HZq=68+6ktvCSYAm`{h9wdk}j z?h5%;4b~p@U1$vxEz@%zG40DYhC&WOwVl`2@n!t`Qk4{*Ah(A^W5rziJjxSps=*C) z;fIu`;o%*oc+%8SFL)`bNy%iPZ7Nm0_3Es<-_?Agv?hUzM-;#Os92vJ)gK4Zw2gLb z%M4~lrxhyOy7qr&* z-B^ZQ{kzfU-GhlBvy)@It+DZnLSP(vhF(Pywju?iQDE-`)~(rJd)?d3_&)?;L;%HN z0`+Cbx09lvK-h^U?6Tufyhcyum787OhKA2WM_DS~lbt&6n#7A-L5z|-KzkWGYR|ps zlU8r?ao*-2hA4Z=q;$`{6@PoDIoS<&9YB5RKkskxg6Z>^h*LPifWf5JGg0!gQ`{)S z#tscX-fDkHwd;0^9Agdj(zQz+zOP8MmPzvr7dtK!`Rd&@+8jivt#6n<7?@_*Ax9bK zkrq^?I!*GU)yg18QLxrPp^4ieAgRxwkH`XQ%>Sq7)2KNvYqXOx!3A{-p6|R!(Q}Q^ns081K93_)aMwoSe8#T4z(y6pg zP1s&({255wwgiJ-@7p~}Y?ur;&a0&<&do)S-{IZy6ihJAN8j|K6~`Q1K;k?h!CmdK zT1uY0X={i_?&3{xijXc{yh@wj^RrB42igYjUYQuE+NhQxxa=Y!n{NxuZA--@i@zQx z8CckL-(N)LjYtzQ1S6}nP@WH5AJswS;>^gr{i|6Urf4lxET?jF25*%nE<;~9^bjJj zzp#iT7&T&|N5gr2)TV|zN4F%L0tDxwprF9%cVfw1C)ul*R!=~yVZ;yAFMCVCAv(ss zVSM%jZy*|^K4)k|5S6j&6NuDopM*nFrIWvRi$YktJy#F1obogYw;igQlgX88Yk~<)#5CK_x{5zrID*#q-_2`M`1tzs~fC6t&=G%=rKZYb%t^B0JO+(7NkDcy{vEIux zd;{3AdTr^KoYT8AnAdpkJAQQeY8RQ=QHA)FCiglRA~2OBO#EehS<~)36K~Z-!F)I* zQSTq!Ale`FxZk2oW7yUK_1pv) zB01Dw!xMl1wJcai&)4(#fbETph64?$t-FQ(QdbyTnW%PNFw$w)h@8>hypXu7WU7%^ z>kV^}w71~{O^W34_2b;FBZuztemI(}IB~7ew0#2I`Q88zA)CKrVx0M0_JUW+6?yr( zN8YyFI{J(|@$nU%aUhh5P>WL<6cFET)yV`uOqMp>HJA;Sbhnb!;?BL`%|j17V2OO2 zIY!Tm`sVFaoeL;^VEX4fa9T5FC$!mZm*{Kkmu~zVqaXE8`f{P^?OlxfF z>yqh&ATHG+MN(`ZfL&5{m>c)b=#msm9Da4<$j-Q-l^rAFPd+NbzxhcyRsc@OF?w>G zKvuQEn<1cD3pO-dNabo4VStB<1UJn6u%b$W)bS0q4}2bU`XZvP#|JnBs6w-Jg}L)d~dF`>H)ZQ$@DJ zhD!E>bF8+y5>$HOGk!>u20zk0Cx<1RN0r=Jn%rT)mL3k&E@9G~@=y^D7=bHLbE`hK zpYJe66EGllj}*dcLvM;hs@g3Z_-zETjYBV8V{PTFJzlIqA33Nfm0?gN&2XpH#}m0- zWmBxp+;|R>J8*B0@ZxKu#C9dbu0 zvUQPLm#cOuuE}ISrh&z?#$DqL?;`-mn5qcDo`d#`5|K82#lBV9xkcbSxjUL0<68jV z@R3%;nR|4(4Uo%754KZC9xdt`*m+H>Cdo7x2E{0Pov_`Y55A z`05~G*F31j+S3p`DbP*cRqR|g&IQbTj8Kuph)wH_B+7`ozSdG-ewb+UxOyxTIdEkh zJ7lgPi>$%`Ei`Z? zBhWgbI8FOV34vr|=56?}>}fLNrOtUyyEUBAZX9fyJxmotbZg5lcvLX=qncfRb%I_P zQXGQ*WFXe(+VP{}`7+$~YBrOnJ20I=!bYizz7{nJ86QLjW|$#LBW=dY#`+CBEZ$+8 zVWKi$-U}Jsw>vW5yH@A%buU>IT|H%{usPdwr}Uk#!Ic4$5YOX^mq0%zR=h*WB|nDZ zs}7QLl{db7eqR+tPVe?xY%g|Et!HWyVqfoltT`!aKZMMqlJs z(sQxlCspW z=oEj<)KF{wpv&*Uc)1xqCq$Wt#7|Lk??3BHduCM&np7INL^p)ph{s$zthi@2WL+`W zmFtW>oSK&AZDoi9IW*Uvczhc_scYD9(L<|u$~JLoVtH(Gt6KGy(aG{5^&90>9Rver zb+er_%qA^a4QsA&n3_m$HDeYk?*QoXSVqfG%lGEPXBP|uL>SwRQHNkX5~i-jdcE^y z{=tcROmvZiyRnqj29&tY6Z=C)z>L8lmJVmkOo9(@)wP8rG1H;u(*~Y3I+E(8l9%Qxxs)3GfOPn~QrJ zVCV$FlEbt1%S0)TrwKQfr~rBv+cR|PF2DS0>X7avBChrI_KccxZi0+`j?i$(CIQ#` z&ezIFkkd&{s~bbLkV*#~Ul*U*ujx`{hV^u_6-WWrxZJ%-vEtaTv}?A|WoG<_idip- z@#vi_vP3oIOs|OIPNOemFzoI#qdP=)~6xm=3^LxaV{0gh9f6*sZXG z)%Dkm9MDbm>p?g*%ELq4^gV`!GN-HBMH~Cca%-Z@u)<2%arujSu1-G#*o~~0hdvhVOJT7{gsetuJXlu%m@t8G>#5K9P`p`h%g1b(ni0cz_MnwYkJk3B@@Ii&Wl>yKL$i2JM@V=5I-mSA>E{g0Bf zVp=1)JxBXpZalw0%1m_Y%VXS2m$WX935XjWW6@JvP1M&Oqh5+M#DFeG?5!tl*bL?B zPQeYoqnF(FTps6I^(%hTCe`&vqRo$_d46}D3G>%aGxT7AD}hyDqWm3sg!0EkpzA73Wh(oYzO9za7du$K$~6HO>-PmQ2h`$-FOVduH&cfpJHU`i?@N=O1*D@N$wzWJEc`^oFJ zI~T=wVdHkgH=Ywh>nkKy#;YZ44a~_><9!IYs^L#NVvoJ)M&Ax$y5q%FivZGbz{YU_ zE|)-#XF14MNlmIhT`&nX1>pW(;c1>__gb!E_xWko8T#l}A`Xd7xQJ^TqR{BaZ2(kc z&{1vM7SZJ2*zLMOv)^|M#kCh!4;-PE*U?^*Ce;IKcI-y+jYL{5jPq%n-=`8jT94IC z7(`uLbkN8acN_yTTkwPS|>L$ zuK+Nh$2SR?jg`^PjN2)Q2erIm?L1XnDX!6%{)A1Hy5)=mtwiV59&vPQtHe!g8KN$W zlx-)(0P&W>rsMi*g35r$#z=Z&H37rgN~PUkR1e_vFD(LH5yJs82S2+FBj7+9`X+%T z90F+KaqrSdU+^+H&7EHDu0Gg$j=qVrv_C93aan8mzhnQ%7Eb~g}fdP=#6n-BX7!Ngp-WUM_1d`&EbZzD{-HQEh$xdJ67D)-j;RkP?1>fPdGK&gC3eP$uFj-Ma&zI)1A?`ikUs@eQ~4 zz8NKQL5eRe%eMiS!+zJt>jF-|y@&GFx6cZjtCZ)3&DVcI_OA4e6j@T|jz(nhyTBwC z;I4em9d|AID^vNau$IRKmd?-{V~l=_{Wt>C_sn)$-W^smyJn}8t7lxDh{#4m8G<>1 ze4D|_{+UBrm4SmRztId_I8}eXv}(aDL#?VboLx=FBmRMIJahveVh2@$Z6(QAV=QVd zuu%X_Ka?|;BAuM3OqsNCN**-BeSuEZ?LZ1nLe%WCWK9337NICbXX0_v5X{pYC}hAp zQe^7T99Q4=vQ{YuX=^XrWU*}ONBm81LaWlL3K7SqmFSqEs#^Sp;yxWX8j2UfYH=n z7F!Misz>U@)bWKw;y<<)+VKTGF&r=6!^9_EN?6i^%YBDGeuJV8pyqur6$w-T+99YQ z=k#bK$YYLQ}^)?(qKJj;O9@yNbXN|o_*CIB)IO8P@~xK z1f$1uT7mMmBJw z*1vj#A(yniiiE3G0wxsh;WI38o)U1Mrv&}~loB*j=J%wyO}LRxY^W$jaIhDd9p7Ea zA;5^libFI$MR6@@j1|a0T%p5Pz~hjH(-i%XlrD9oBxhVCmWO=elE%#b=3HnOv6o9# z_k*ST?Tfx5q_j_qE1e$@!oRz2b2D@(IFD3&JpiaM*Oi6u8xu~4p-tO(w%5 zJU;YlhOx=ViS(*WN&q$09gk|*+C&i|7hui7BY_@Hjbj(A0W6>Z)DhMWb|g`|ZfwBT zm^>OdIs7Cj^?{{Bl_(YIH0{j)D5!i>NboRGdC@)mv{qGnu|xJ36t>JQ z4iUS$l&P$ZMkq#PEO%{p^sBVVkjtXEP~vD;JgU=@zPCS_g4fZ(gvjxsRk~PTvZho| zy>Qg(QviUc(Sh>aez^4O3+BFO#0dZ}&;GAul{No%;juL=mx$dgFpEkX0Y}GP#|a>0 z^iWSz#&%7nc&O}z+!U`AjajO>Ss0|*6)TKae~Vmf=Yu;yE$xZ9fm|lOMT834=zyas zIW<2DjyeO!qJl2w5$!Wilj5*Esk?oaow|V#RiuwL>WPop0Ak*K)zuY@O!#6GCz~ zg^gwR7|~pn(!Q8yUB7w>QEh|IXxlemH>Y5j#dG2r79WB}6kMJ)BB!6ti%JuNH0RLc z(Ddq_6K&DwiR~-+xq^rZ>pV4HGpDK(iIx7U^cqU!+eDzex{SrsNRP$|V9SXyX4DmG za_q?+0j9!t!dud$!+$=@jeuf+S~i9uzb9fG+Ko-p-vNSF%E9b*@EyqB+Fp5laPinH z_;Nbtd66vX!BJ808hW4n&z#?MJ+7Iz9=z*tPZy*Jchek2=#^})7cOw705RC4JyLR_ zEs|T`Na*|So^>LrY03RCelEiT)!f>|9Pvy<7-8*JC_{J;M5#$J+{vsc59_hDi8&R0 zKt>xC)Yfjs#L;*h8E1|)6qPX{@)Kp|hl1AQv|p2IEnn70L8VS9c+tEOOp_#JPkt^d z2H)l~(#B-XM{xX8Htug?FBboIt`g*Tj0&s}wpD0cbKNNhbWpM7NIeZDNJgE_=)UKV zN66y|=*B@GM0sF3j^LMLPj|$FEX{Hz(QSjYy`y~hmHKx-k2c!G@g;GoDnI#n@VI#U zk8U^Q8|RH;GSIw))%%5?8PM@n)CxcoGtoWq6-lFnsxCvb?k_-vsA7)MeZK(UjJEe& zHeWTFw9WIT0ty%B26MRQ+U2}z0jZ7ZZ8FHta&L0qLT)aO7Y$&%*UyX>n;Qdc1fNsa znf2+RxcVDyh<{av4WtbEF&?tm8J7b(=nGmb9Ycj1dSE+q4Nn~0lKTt&ib3TCIhc{u zej=^!xH9Gc#d0U82fmx$hk^#Cd07xyOwk>odT#ptJ?k-gE{*Mz~G@DoN1PQ z2zQbu#|_QLsE>;!wu2SZJ>Yk5(71NcI2p>U{CH&Ufx?n6j4TArZ2q zbS?L@gaXTCKVKeZeV|j}UI5p#mcD9!M@1YP`({GqB66#&WucdPza!@DXzDLgp%RBo z3Vri*T~RIR@ExH3%A2I}%+AjP%1FJw8v19oaH(6s&^bIEbN2O>k;^Y1_U8fl+Rx87 zErM6QeRgmjcZKCSCDj;~SiT%7wg`KQ*(*1{CzBXurISSaKm1wJZ)uAgO`$GtD%??FU<-> zuaidxV7@mu0L*ut!-#;(@!D=R-Po^AMA-VIXGi?}1EO?s0!l8e=Zl>&yfDxE5=NUs zQ#Ux=rh3Liy>pj_f*2l43hmTPrnDMXv^%ZzX%oPYl0=Uee^Kzw4;pWj$Ip>avvV;* z?7OQaByzF69C>9>Q0FE z?@W_&H#+ekY?iTFDy~3Uy0`cS#IKCGWFwTg&emZ(+t}K-U9fB+3brnoQhsxqGKe58 z$G<0afHQ>Dr8hyOz~U{Wn)RceE6fa-kWKZ%-SQ$$HX<6gMVZZ@w4 zJQn$Z+2H`QW+nXiP`J?6=5r}*trbX09TyQ(H+b?$p$!H+r6e*V-X-^OP)=jmhdS%nlj_a&NIfS!~ z58mYUbbfn4`qgw_m-z`@=TE`q2g}`(Sb2_@nK$mW#fB+uj-Fb~}f;=S(IBiq1W zyH5Wc1~ysy`a;7fIaT!Fk<;qu9itih7XXuLa`hJh*X-zL8c8Uxn=<2hmYI-Hv?{z0 z%qX>;(_%A9m>)`WL&nHjn_y7!Ev~xD@~1 z5Qjwn*&_*R#|mHonF11Nd)eh-oHE!CP)9h(ke(XW?#B2*8MfGEJ&vVR+FRgSvnS6T z#p_^m?P8aY#qiW*QCljatbS0n2KezCWu#kn}&we3fy*= zdEA&=RuY+V-!-KLTD|hQ;8@X{+}v8aK87a<2U<*P1Ye%Ovz@=#F-^0w?IPKG>mymg zuF(wF)^AaM?FCT%yS6jCxQ#WuT+Wn6-F+JI)id-)o?(&2cLEkioLpe{rYE|Oc`rLw z)d#AOQ#mgTdD0f%I6S1oQF-5s-nk*R^-HENwSE061;tE97w4(@pLy?p`XMEDafdcr z&_t*FZYJWD!wVahv7#mBzKzJ3JJ7?OMP28E@}TR~*mu;5Yt_qksx6aRw)cBU_d&>6vJ~5-`!a^dmxS2mSHl^JpQ@M7rD6g|-aQ*7(<*J|N>)e@oH|m-AC9mr61OVec?x#t4*88i6i_ZJ`LZ#=NbGXKQg7*z`O>w~pha(T$w*Mmf#5WXmefUT zx3)&L)O}})<=RhA*4@0!rR*Thi>k#yc61%;GW_r?I~w3Q&yJ?fvm;)EO1+)^!HkzO zeL$BI7P>rS|L*FcBRs?6q0?$ORz38#MpVhig$(L@Kpo3!H@rZT&#dK^F9~%hy|6tC z=NP~#tf%KLJ74G4VbLyY(mqI(@n5qMf$U{ZJSiaHx{AE<5IOy4+T(I{{2l4XRXJ>i zsF5N$`^64+HwLi*|FLB!U8v<=4HPq9*v?awJ45whvo6snw`+HE;$#g_hHMQZFAKuJ z-)xb&wcwF3Cw-c1E953ktkrbo@q7H;OB1fMMGv=6w|IuERQHr8wnRfTOTaAnP~hBwZ{Y{j_E|`jE43N3of_)|s^6$F znl|FtIs5tL7p*W}*!6q~w*GV_@Q)|E68nI9DFsj_12g9$NxHfLl>i_e%W-y*XXs?GC zJD&S$3sU#494-vf?*tT(bwQSLHn&ec#fpLf;Z44jgu`AwCuSG_P6m@kj=^iE88<}^ z&CFZcVatzN?jv7~ek(!d(D6p6=tQ(Bz}vI`6q=v%YNu@D?|yjYpPiBT)^FaW-6{4D zVazR_b605^d&O5c5IBnvV&ATt!)CTNQl&zyt&&zQ_R;P3u(9}p2_UP_e(Yv|vADyo z>CY|m&zJwFPy79^w@fcx$(Pq|_Rf($eP4Ow`BKmjX?>-gc^ULsjMWOzeF=%MyA`~3 z%j==k$b4=9NDXKWjI6o;%=7(|BmC{x*1JH~Mzg8?;QVc8$0GQClkUT{elOjp%^j{j zP!V=ry$;vhzx`K*`}zPfv6QS|V?0A9pMDeW11+5a;eMo$^*D=vFnxhg4Irlv6$SIO zh6)z}8*wqoS>97H2=em>W)5S)oh%hq;GW|nTwcSmU|Uguq0;`mPY@2>ZIb5Z96R&wyBj`QWy_uZmD ze`IBGfQ?X0F0{0~E(D!;2;1*`j}>v!c_q4-xRJW|E`(i8wlze&YQ8f}?(_k!CUyA# z@q_x4cy<97=+;AZ^NQ@*EnSgU#3}NEYYUbE6}kVj$7BE^?Js_@V*q3PYL3u3|7JuA z=fyc=;DHmE{#`{Sqlzum|}icOaSRQqxxO8(mU zySEm^>c9y}ZSc5-(AVLykj0&7hZ9z0e1ZM>9Wq7t=jmTL;qpDdrzXXYL>>H z8RD&2{4+8W{qe8zGV&r`3>cNRaNm=b;suOJ_e{S++3aH-wHj-S6ypp>)pQpf&gT@A zX+$Nf$!t%8;=8#9+bKh?;yd_M-q>ckG6XbHsXzQxuz8k{%=|`r8=f(IJaV!(!=M;+ zdq}d}!azp9hCOyR2?-2N33(dLrx>(0at9PI7Rs$V^o!sX@;~h-+*)K24qtT`iycra$$CN=6N?stRhV58-kq%X8D!cEB`8x z1#0*Q1fDTW@;2v+O^m{+VzYb8FED2QR|xaoPihV=Df^`^(>rzi0eez*_q~s;=_TzR zknp8m4^3p z66@nE)4-6NmN+CIyK4CtlhRQR{f@WwmdVB2D1H0sX{IXL_0A-lFb-<9JMFi>ygEI` zH7wKMcb0YQ5&w1{%BS~HTiEaL9ahdSg-pRRZj(#>Tj=% z;GgFDUcY`5R5G6nD*vZWF(9Xvs6p2N&9nEp5XFi?mD9KbR%yP!?8Lnqa$jF8(rjp+ zY8X5p-eKq|6=@^PA{PV;If{BBzrA{pYL?Ny#s=@!tu+)pW?&Z@U}tf4FnPMsX^JJ% zd;ZR$5C0=i1x*l4gsl^XdAak_zoslaY>d{>qg6PinBmyEiwtl**>G(Jy6X|K+WaZS z&rBeH>Zf^bebK3>q~SNoXS^6Au3Jj7W>-HcK}%yHNwl{U&F{l?RklTy{j_Bcv80ss zdCQ#D-eNZH9ZC5 z#ZN>|&WlPWUJcD%^0nle?IYVKqYucDI?wD)6ksh@3a*3D<94#>3d=mWF+#nQt;`U* zBIqdK2||HhJj&&Y5?x@(e^|PlD-_w1nd84MY^fEvHHCb^8C2ogeqF2d;LGPD;{frD zw;Mz>Zy|TKZKm3lgc!mJWqG0;PU1XcDNC~qAIGm~N&h_BPyc)f!tkZ3aMqGl>Huqa zKu6Y6)n7KcP(8xmmQc0aHS}}3)`WUGHhj(hR+CNLbSvEg2@>K@Hu}MHF(8mde{>qI z`DWO4un)6W|7ca?3{6rp$aLCjiHpEK? zEC^QX?x*P2`r$n|bf|I$#>SYvX z=F5mmCo6?-0zdL*SR#80UNCf8z+;I|E&X~X~-5@oM!v?N9J*wqQeahsix?hm9tr}fpXP!bY<~%w% z5sF`^cpMx3YVB}wqB#YdfWNV`f=8>P@-bK#ChDz%56#?0jU~~xn#)INSVq=xNm~(@ z#BU^Pwp2S|)}8cL16Mny#>_!Ex61S)1el60G8lC~GVjK6IvpO--*ejRv0{OWc!Jz6 zX5aG-;wq>oQGT2FZSbCumiM^Il64d!?ePP#&N%Mm4*KD{t$SwOGirTX2UG8JQR{@6 zO4v`X^FvG|>ywPZeiIr%T}{k3ga}yd&(ovbkBTX8T7i69s=ed$45Q1XSv$v8pqxf} zGOcsj4#pv3$CD=-x=neJ5}RuZ2Cu-D z9CW5-xJc{{cL}b3XzVcEc#k&AkS}ih1>5S6C`!)oYqf5KU%Wt0hPXCmS%{5qs#M#mz4dE(f#AH+BHAl%A7-=L*KjygRiRn zpCf@+KeIZX^wX_-gr5CK?h!@9xi>88_^ia8Z(!ATL6y;YO_WK9EOv?Ssas)uILFsP zpe2u)JW~c9mD=J7H(rh2lJ%#75;tWF{j7KNpT(HL0_?0b*CG;v(+@DdMGPiZrK0Ews(~15k+JQ zpLCeWj-qWh9XjZsC)0+16#unX_)aSNpr$Na+Uo`R;1?0oWL)z}G)*wo2S6C_ApQ#9 zcIlY9oZB2fvt|uqx>FziFFyFzOXAqFn~wK)cFRoaeb_gS0de``PuF?wdZI?T0d1^v zx*^2on(L;oxjTtAAo0&&KYfauSBE`!J{LorDjvswwj`m*^HrTb3ZNYkZ?x)R@nJ=UfAgq!2)yX z7g>bCJgX$|)0TnbmA0>+Nm>al^J?8PtUHgd|CnH%{%;@X=_Oc4LfsHa-p zY`wG@$=Atn0z4RVBVmzpP9t=hQjZ|lh6~U>dfF0Y43%$#uHcZ!y+<@&m(PA%m+G#p z$kos&mb;n52^?@`Am9yuR&{&*S-BX<>|ina@V;RB$&%Fq(zj}SrD@wVp^ z)N76B8j$gCyBGuQnmemS%H|zZAqE23(!tMobbIQ7gT7W^`j9Re>Z*3-V%(3Z-WRV< z(A@nO>5tSfNrz#+yxZQYIZ6(g2ez^;Ag)GHpeF^LV{Sx0AQPhAPSGi8 zt63AmAu-g-xDNF6!SRw-D+Q433p7oG9awbmDQ{qVO4xV>PZ(dS(w%l5>(S~bWLo0v z>z_OB+Qg_UMA{go60xMcGhCDT#s+;Se?}87~oP}DWe z=@z`iu)PdAfrt0E{JHt|nk6S(OZ+LtJ^31WPDRnX?iVxAjabwOCR)b;5F zWXnRW4Cu(`B+N?I}>~GTYEse)9NYY2cMsDwW9=_cOEvsxW)MGGgXoGU;oZRWX!h z2!3eO&FBLAVCyl5r=!}WWgBJnY>RJq8nvSzqIs=O$l4QMo3p6-6|0u%*=DG*Myc~e zGQVLKb#N`pZm$(_O%`9lq*hIo?PRpR3|J~|&dUwe)ET&I6eWa`U|lEVe!CPSk&rl; zEbpdm6y0rDJLREcA5R~h^1dXv>;Z=*T_ryuJALWUN#H`cW54u>({xH~QBZ0nqEM`) zS4X+~evFuB`U4b`wwZW@D-a2718poR9ow;>yz9T_-O!}TSEk(F?;343PlXJ1k9r^# zdI?QVdi(df+g?)Ix9>Xfj9+Uv#3;8!)nf1H$ffK$=uH*(((6Wfi zxt0&40Fs49b2!@Y^$#XpUx(bjIS8)w}z^JwfYJMXsWzzPm-G4kwpdmmRO5bYG!UlDqHkj~v1g z=|Lx^IlO&`;=D#!o^bB)!9p&ML!T`pZ&xx4M8bywF3KX!AgG*jE7A~TPwn~B^71#~ z*CH6S)9iTMR`5b@t#{Y+c6;7mQ^G3UN~Ss631mPV0+)W~b1-5adCi@rqJ-Gq_!%dc zYT}hWRKe`;SlAU)85BUXGjQDIvzyfHn(O4zyX{NnX7J`YQ)b9pvaE4br2U>Fv~WMY z2s~`+P^o;cOg#7Iy&Zai&O_IsZanb~n*Q_%j-lgal=(AcwPQiEIFlr5(Y$l;<+fsf z=7DL~DtvFLQ4#4N1&hxmP4AQrZeOZh%a`ol(bFCfNk>XJ7JEeA&Ys&UTyU$mA56qJ zrKSQPzfFOnOMU3#8V$lFsdd2zfSDt<==Ki+Zr%|#y zoAu?ELRjX(_-=fO$MJ5p1maLzr{*9bMJYyuLq}x}0joWdmhha2(DwClXC)Z>IpME7 zD%oDEJ;hk6yOiALTR2jSvW(=hp>>GhYdjnufXQLAooRKD-F_QUWUCC8ZwAC_3ZPN) zEfqXQ-r~&ERVVSQYp?IMiWpi3U-Hz2EwrT)?6xfxbT1r2<{7T`_hje>CwiRd+CZap zPY^F4g&ySDFF4Y%P({zZIoesw2>lf5s$GumRR8ubD07lqYyT$NZJ@AJ{8w!5QYz9g zHXSt9Acd?#Ih7>W;tBWfzVsAC>Uxoi=dJW0L^M~yqekAx$InXKnuaTv%6BKWio?rl znk{%$O4_wl8VWtAc?2G|Bh3$RkfJXS$Mhn#{BA+9wpfEs z{i<%VFn2RwIUwI*%>Uk%Ed7D|guV#kGJv9YYF{X<<-drjxtX8;ps?$3-c$s5dvQ6L>Teof6<3|4KTe0Bm7O) zM|S~59aS`T8(gq4uq)&oE)Lmiqa4g^8NLr{5}ERy>=CKK+J0LOt4D8)upMkI0SShs zLRMtw6S}fe>xrS<*)E>A`H&6ri#f_m7~|2)fMUPssAL;-fT)xR=QT8_Sk0^iPM$+Q ze)v$cyi6lGpWe9^uj zHE-b%^3EO=)22wxNpDPMmW)Z$ka>|KIs80Xb0^G?a7zD)j(RXL=W?~C#7*q=acQtd z2%_dtrucp_|C`rXYEeyl*#*t4A0w~lG%5lY#)XbK-y|;yp=#@GudG3Nhs(>mma%`}|2o zg~862S+XFix@*6h=^4*(zG%(v*Jhmt`oSE6;87{z;e^2Va^hOdvJV@hHR&2_B^_e; zY3E9GKF02KtH!V0r+d)+RhWkLYi${JG@{J=!RQTfpp{N+RF!&A??dgSL6|re-amQm z63+2zavP}1d)g5hPn8-!nb zB+cGvD~$+q>vtIuoF|x1w!EeXK{p=}rgS4p?p1}c7NXrpQMgm@(!V-JPk;5L7NrX| zl`r4p@0k`{M&G}OhxnGzpVP?2*72J0w_D;-xI8jeec6=AW%s39EH`tcNE4fJ*2)yPJ2dOeu;)^$fJc*lcZV z`8~rSGb_@;RG51~@py>hh^5>D-A4k`6Il`JPJtyN_|~}Q@R?D^sg1dx8+V<4gFmqC zZEZe`emasf-=RJdxU;qR{Hn05OO}S{e&tz@eDCemOl*WSlUDD7X!^XFdg)Y}`eJ9u zb#)?JZ57ZjaYp8JBx8^ZHqfGx~QG zUOnTYccapsh0ya|$$xvu8hK%-?dZ(W!@P-Ck&=KFnxnUF*;~KaF0tufrvNWuX*Vo< zbwbJ2AI`26bZhC-6Ak>X+26!V55pA2MR)#`YhNe-^B4ctqfcozU`*^V#C``ScZWf<58JsPz-AzX48{%>g4ym~UR9FGrS{ z+J0Eqh}KpAj)7k7nXrEMd!+Pa?~ZH9PWqysZhWl7;rS33jXKVYJN)YCcw~u2WDBWX zA1Hp-dvvJz^6~FNz}R+u-l9zGUjov%e+fv(00NR|W7oeH6Z?>Wo~ZFRfbis(<^IgX zD4VB^0{m|FOYx}?!NgxR#rnvfC+}7j@`K{)o@PJFD}8!|w*ihzEK76heK@@TovdPS zf7X3k6U+}!bCKH_h$`U|Xyn`u??q}SJ|CE$tJtx&llBZMgaEo6QDbkdEe^RCvXsH* z*XouQ(N6_r*xcW{j3mDg>2WOKWd1oh?ZT7j7CTA9Qr#VlTO6T*UHsWHhF3Dmtw^n5%53u)UIP)QHA4 zw%AS6VMQ393FcfR5??iy6D1*g+W&Ujy`uSec5Nx{f|Hwp{g%yu4*<~&e|&twguU{1 z@hX-T>c%Zm&N=@1AbMW#sON$J@y^`V_fr-w(poFUq~P$#pFN%f6$-nvaIy-b{O=+m zK05!3zwG#|Q1)gjeGv?p!I}%osTlOp#ut?C!zBFD*{E>)_UbrGX}P$5SjW%Mt6wy_ zt*~4qyglp>^1zk)RA9$1iX-yK)~2~ev=(r-DV!EIJ@rzh5c_483M4wD$z;0opokCk z{&DCjtrIbe@|0l8O-iLHO!rpwL1mzbgORcOg?0^#yA3a2UVKEoeEBu!{d488^FK)E zDb=)-X3cRJg~pxm(K6p-f^RSLHf)h#mS1S;(z+F7XRvdnnDrVmy?s(9apuaN-c^~3 zc{TAa`a=RYQl4)p@a%zwS1_b;xAKh`WdcPR$3LrvFNdo&rhH;Rvsh3hE%|1~!DMQ= zc%J83coJnNS&g2mu=zxvNa^8Mj);=nQLe%h8$iI4m#@{1s7Q z19knAB4%`Hq33kG8tX}t>3FTT_;?CnIUK90Bp{nF4fGP*BRc2GF5LcOUC;W}WI5i) zFAT_GR(kusRXVy9*rJmd;5C0EKr}^GkhNGF=tc#1uQpEeDp>!zWT(cMo=`tX0`S!! z18&ep)KH1FxW#OtyVnOQ_TY9W~cEo z0r2ze$TsM7M`1x#nW$cUm0_QG1uc)Y>2mGWWcbe5O^bNo#hfc?9_25ZW#nZ=^Z!vE zZ;ZP6W%!1qxrm7w;6^QtM$?0RuOS=oVVsMLM!9Zki+z_XsZV?r<>L;8O#p=Kj(5D2 ze}SW?&4=Ypo>8C*M=A{ji)0x`GKzFN;jEZT?Cmb0c`e@|!o`i3gItwzK zkcJc{)0E}u@rg_p5fW;<{7{SFx2%@3LUH+tsp%CmYy(A*56KyV4OT7|Wgn}}H@D<1 zowybe#S)WA!`O3qSR1o#cP=}iy0>f?S)#r60d*>TgfsTE>@Kq69;_V;S>BG(Iad3pIS#8Bv*dwjQp~ff|uv*&i^Uo@Q*o7X@cmlfaJiTc< zzN9u)P7}P-w=wG-gGo8#0d`88d_Xow)UVEJ%-*a`w+~23r>1*3zqg;fwj+&{(?z5v zD1E^+vE(~W6X?*=R6Q+~F`^@(pN6h`+0y!HaU&CODfA8Wn0pw~AWO~m_wW^s78#+U zC1}?`?-;+K)s61jDrpqRYG4!rm!2)6YB7QOHUlUZsbX+xmq(Amr`KZQM#y(jwzV0` z!(DU(@Cl1u1Gjd6jQx;r=C?Qggbu()tR69KhAf|$amFh3_l74DvML|D)K7i#Z8=T} zk=#uK>(&c?Bc)c4;u`8xTJA*%5(P8K5K-3OBm7)HF|V4*s2%MS7)uW4pX6u~5=ZHOv?XI;?~lRnW@t6w23O(b1~CGpCFPjcQWV;+`}`~SjI07+ z$d8CLNZ#YfWf^MF%_zhuK|!dj1CNoaN|oT=gt5jyvsoDg$Yk!)beR&Xvv$*MlXA7b z-DJ}I7`q0Jd#7mX2hFA<>kA$CE$1SqK?61KH?xS|Z&|wq`$&pu+VxCOopEO0?7j^n zd{Qy!Wr*HKsHghVZCf>>USL>d3)M@93hf8`Fc8}{nD}HgZGA$bWq!@W=S`^= z29+NCRBNo->=<=(ag7Vo_&y!im0h{H`#|elI{*#6BhGIo>i}A-E)ewisMaVlRG;Z7GMwTW^IAnG&2VP>b{0+kSl>^lNAC>yx@P1$o zhjfGL@iVIQEzztrs=qN{WhW~BHNd&-4KCm3$5iyu%4 zKs>*mKYB*0Va-OViBMiK9cPMxLZaTVjtHM}cDUeUps`58q}Dz;a#%dgug07@5o{m4 z+j7WmlGW#^SV|}$8G}@+lJn9-6)hSA7VjuD1Z|b)VP;wJKFxsXY*fb)ZuKR}k@wwg+?*e6 zDTGb)WNMS3n7KX7e{HwgJR=zptFy%y0J$aoCmL^sma1+C&tWC`ekRPw*<`kd+)tHN z%Jt+Q8#^{6AU|4tjZ1^54#ua8a@aa}8-|D}}`*0aZ!~Nc9Bm_iGTzuIK zz3!lOzQ)TS>1E{bHOuX+lgj6Y5z`?MkNGQ;(a@{9rcz2-Z?-19lN~n zlTsB+>a7vAsWblWDXMTNX5I$8g0X2I^QmuzoTUGPa1CaGqREY386K7Q7W{1S(jn;~ zO@_Mjf)9^^UZW^u_w?0n(GR{y_sT7-?}2P9VkJsPlvTpW*QJG?^c%Kk96Zk@B-p8l zH$nBp4Xv%cV4jVk4F89t7Y*5KYi-5r4pH@YLIUrGw> zFVI7Nb*Sw#?kY^bfqIN&iAo37-ySpvJN5Ow#F#OO9lw)3|96j#kNrM#Yb7 z^qm`gE(5stH7?Q99KFS-ruxYly8&N9WxNUqmuf0Gq*Yg)b;=&7kc5}Q*%2oKyJ9JD z*j^>JyH-kKnvb|Xfy6aE+@C;F)$bOfxiG=kLzo(jDSNwUKMc1mv9kUv)M143_=vW0 zVZA-62_fRTS}KACittqJ?e=53EJ)zof*!R#ftGsZ^C9sGekj&VZl*J4XDf9b;r?j$ z!eA0xf|rI^rHp^lC;#=|AM)C}@^$z@V{Ms|SbkV&{Rs;f@!w(2&MEA8&-q9j26VfY zgx_kKLngW8-`7aY`pB@OPSNpu(G76)OWQity~Tjw)tH`d$x)C}*|2-I$PXNfUpJZ; zBvQvIs-f`*9ldwY39r~IjNB#1*!OOYpCC`KP`=%C`HPaob4SB^+rOUJOAaFLYY3yi zVFFweZyUc=&!fIut#v{`GeYme>!)^mkl%Z$;ODy+c;4X-HtlcDgo`7#xecY%3Jds} zkEi>b2QiV~(aEkl0n(eiGiz;4O;gmfd-a5zaZk;!2RZl`Y4sNw0!yrFtwv}pO*hLj zXv009@VM6c4l3_Hl{}CAdL31FI-8_2yc-*FXSMR!_L$H%`W5y4GOa*rLCzN^;9VXC zvco!4UlqCK&zjKGYr+nrv!YaB%a%kAb$OD~x`(q2Uws+nrD2P6hz4>3!>yZolsqu3 zOdJYqfuoW+3?`sPzhJ>p9CBL%YmQ|YoZ`j~C*AqPUv94rP|x7+7#mE?WH>c;it@D0 ze}B>xdoY^yEPdMM_^9+0Jxm>i^w8)(<{6r}MvJRtW1fAr6#!?FGO3o zN*267eSU@M^+7aVamd?Dow>zP&%_-fO~cqp*V*eY-mhCwGAlIEX{h@v8s~8)$Ho3F zAmZ;FhaLk``6)XN@8|UwM?w?Ajy{Z=?{86dHx#m1j z1)oa+Rq!+RuFyZUmgXJFf2tt<%m1l@t)OcEaf7-_mpajf5-B0yMh=}$J^@ma;9 zg4}_iEar0+X*cnHZZE*RJ}(eCxkfcfyS&n1c!XEk4Ff%Oif`pn?ZLKaIG2|~gMO}f zJudgnTj&{U^u)K{O6vQvG=i;`uh2jpRIgcMtA2sXu zAAAYC-6vcMsrs{RUevEnSD4{TJr}A$bSwA#nbbqJ1gBrws=i|-ey2V4pj zbastinn=SoSAb003sAqUN|C$5V`AnY`I|PG8vZ^m&SV8|@vVD0h@7iJm-?kX_IgP9 z@_sKWjwcO%F9sLT*W~+41Q?&nLVK@L_g-kYQR^ZUZr%$DuAqhEy!^^I-t6U&ua`_- zn@!QI%sORpg%XOI5Y zAE9_^8UodAOlZ^gTTFYL)ChhioW+9&ic zYl>m#Q5mND0=o~|UJ2ZIVxo^+0P}0Ws%syij$nj6I#JIQ%d#tLPWiNFRl;UXPA*j{ zEd{>$8kbj_s@chXeAHdNA1ZJyXup!*uCJ3DA!da#-dwT^8pY-3P{!yf>Z~g7`Bxcw zT1czk&beK6_CpZbd5zb_Z@T+$#V2fSlCnHf&L$aTX#KxHSk{2b^=2OQ$ zHwgxPQ%H?Qcu@jvutJjsaTAbnFIL;{T2V+wE%|8Jdy_*PFk4FO3+hCfK_A!oe}!uQ zi+!*=e>_wTm}#eeHIYu37h4#TLYWT=jKv*)m*k%uxBtB+8XtJ*?fERv(49s439X~! zB*%CSQ50)l54GrX_i`8O?~njGME!>~1cll8C@zA$Hrj)`~9(y7?lWq+y1 z{6;!;mkchyyjy%2BeJXKEQQ-8S{AE3?h8V+ogaTeZtK=bE6jO8o3zr6JUMm{_sOBQ zT%-C~8{3{gFfFHP0e~nw{G+0l)cv)$sMNBj41`l>{UwA zow^E#;D!a4j?D?`_05qEFjneA^`dq7N?X{g|0x2|+7Gz6224HJ!78mAx}`jSvakAN zwY+&Tn{*J%?R-{8Hd`}mCBW?cpfE$JKT85XmU3dF;+?!RxmLXXH2$5=Jyp@k*c;|w z_)Xc+{3^1)6Y^caldc>S6s$)?kM99fF}Oa~7bM0!ySgRZPKRc3TwQ$q8_~IP>Q;lT z2%&sXxR#v6Of$|K`{ebV>dGFj55b1c5q+5qf z@{2UNALJ6X__g9QEaiPV{Z04%BV33#G7bqni<#W4vrM3G17Wv?MWhIgyU`3KV$m+i>BG>9vKo@MszfQ2`c=~#|`j{FHEwiA&ts0n}(Y($uEAysY)%4mneIK^Eb zUAOG?^S)F0bBuD!^s^@TLqES$)k0G#r1G`cjS%nZsfoZzk0;8N4|hZKWV_#x)6;Tp z4BsB3C*qoEvuU=BtGoY(3;u5%`@!ij0DS7GhqFLmSBwqRC4k|ETUfiK*bZaGrL<+? zy$#EC$Z+l2#5KQ zDZCoUGXk8KZbsO{+hDAeJmCa2+7lK{4ee!zV)xc&0F>OrJPRX%RTTd+Il_u*(r|ydMxGi?e7`w;hqmTfLWUX_TiH zXeW*1=js5G+hOq>&3}t!7RTt*$Pyy&aSMxgA55hSziAn+D3qGFL+b``3t-`)TeGD% z%&&=>P9PB{@D2$cGei>*IjNL%O?z@LV&U~DaKAHDL#PdYZUo!PNJ%5e+bYiofbU@{ z=j92*$(ppnbmAGv=Gn4G&ZVFP>0mbxpP;Fik#T^Vek=i-l31bjjeOVlq{S#?hlJtl-rVUf)LVw#;v+Rpq&jpJ(H~ad>^iLgGpQTp z>XCOaJe~2T1~`w7L(`oFn@Iicw)u|>zJ&w@4O+u}`bI`KbuXHl+}Xsjz(V+h39D&i z8dT#759M>8eYLa%77&H_MF*P zuA*-cV>jrXF|?0NtC9C>+hW^2K>tjaBAlZ;-jLBJOWoU&weLT8=3 z`W$o%p99_L<}0r}r(JUqoljk#61_qK59qUP+#0Cr7fLH?Tv`Epu#VEr+S5J09`d|J$rnc1m*|o?Y zRBRF`+94IT7#JQl-BAI_*x!5=s z&b#^f=hSCyaUJeNeN*m05B=&=shhv@74R*>OTUq8r)Xo`UL&7Q&iW~w z?MQ6P?WW3@El!C^rhPF_R#y`^*6j(#{njx)f#rJ~(tKI^Vb?S8S;aC>J^mpuclJj^ zykSr)e_NJu|n{iFbteb2p8~5}FGEWP6 z>2Lrch(#@LW}cR3yy+~B_Tf=FcFoU9*h{*9`l}tekwiJW(v6hD&Wj*8|86Wz{4$7d z9xL|H#^ut!_m-MQm~yl}6{LIqdfcy16}b4=Og2CJnFi;u%k_NxT=+?giM1}pz30o9 zsiPlyS$`yB*BqI@O8nYWc_MZKc<6im+0?+SL&B1VSofft-t=d+)M|UR`jziyP~W8e z`qfRl2oWpUd}JD64O*6##=x1ES(7_AHrEx7|th*HM?xe&R-arPeQ2 z0EaK_*dy?f0i*Wb8w$ntU=)t~zYihnSisz?N?g4~z%O=5I8Mb_O7Y;UYR2x&bz~<$ z*zUI{YQ+WC2?Pu3&gN$utnrGUv}oL1W%oNc5`Sf)F=Tsbz>6lY`SKpvzt0ln!T+BP z5XqQe2T%DL^jw+{wu2lfqPdbzT^RpWW#(p|z+(}~GTFU#aWZl21 zLi;K+v6Hhrc%6b|+_w7%uk3kl4$R?M09pUuRsAn#B}DeNZz)7P2==ZP^j;D_VD1Z| zSZ#s!k5lfvIp8!lzYs)iYk6`3%Elq6+*!b>M!kt@=qHj(YHg$sl;@8B^ZeJ8!x{n8 z|JR#mKX!D>7X$#Rn}KKihxd3cIwWXl)ckAxa?$>ueN7E;$D3up7>>EI@YIC$*RKu_)Or>YSl zA)Xmyi;xU=EZ4(g1Nn%b3s|#`NCUH~M9dlk!di z#As0>2aS{l3B)m97@f2rg7W?AyIXa^2U=QwE-Vlw!OPQaDUtKPY4vC|_4 z>mrr<7dcVy4l z%#GD|^vA}5623`5uid3X12eVSRym6vbA!uMDKCrZg+a@q-^rdfQi)Znc+=toYz zm9ipGAoETZ(tND^x#dA-AZqYTD{~`VB@hm36>|fRn#fqZBF6430>;F4@gS6duuv3E zb+FpAZl$=p$5fwrRxpn1p&G!kW4P4BSuS?D`7%JZo*dI_c z>?occ7P)ZeCq~{s{DGtJs#N{1wSQTf{RuL%fof&29}9S zc~HH17i%Z&>|q$T59c|{_hd{L!OXjSe+{19h6fG6H99};@mEGvld9j^Km#gYpu090 zcD;qVV^u~QMRYqP$uWhjosO=GSg5%FKHN@fKlM0vq=Sp*ssUg9zg(mg3J>E6qRw#r8+r0y<5-WvI6Cy+PCPCq{Iy;U7dC{ z+WV@i*p}=pFF`^Gkn{QJ-^TbLv6Sv~D*qgz$%QXW5zz4cD9|PT!v{G&bMYUPOhMG) zncQPDOnx}mgKBb}9f)X%Rs@8i^Gc5W$_kY~@9(v}tD*9(+|209Ue#X#2>s!N+oOiUHzLoM)va}w-wApA%i|KK zyXi+lT7kxwD&%N`4PjGPha0HXOx48${kc;-dn>Yw=yN~4=}p62bJDg6yCV7|2DEg7 zPMZ0BI(niiLw3AA>y_5ABY2OS(U6W)pgqA+TucFA1-8$kekIj*D$7J`Z)0bFm<_-V zLJ*af2)tE=U5yt+ZPV7(0-dGM1xY%8S^WZITOv4U!Nl8hrDJcElOFOAx~XT)+PQa* zOZ2y=z<2fhfsu)xCM!wN$0<6MaJ~Xz5 z$6tmI7cw8UoT1a8w;NJ+hyzm-j|Q9cZOI(0UWB17&08N3`XSZlpv_qq)p@d^%ea4g zWUn{E+HiOqaV`MGf%5*((E4IZY7(p{yVkA64z36DzRFaq^??t~%=!)f_SNjWN3907 zx1$_V=YVsqc}#*uZ$DfAt9NZSc`Z-`Zij{K%ZLvJPTjW^H&vP+hwyK z?zFb0Wzz?<4*f}x3QBgFX&$E39+j~*DR}zOZRPWAj-*LDY}**Dkg!lAvMA-!m~leD zeNFd>gH@JYv^n;@62(&gS)3=jcjIO#zHY8=&M&0)2l6;|a~EaTVI}zJd|4UInls+* z^~do4J-7bzGb7eE18K4|e~|W)JXc>ZO6JSj8oEJDFMZ`yEfY>oxq!ux&$S^DY}>Oy z9FktcVtYpD)j$#iRjVpg7Buy|tuO&f~YwLiV>y7njZ*eO*qCZd^8~JQQ zb7+lG2CEIzBdljXp z#;pzajiEt23{O^A(_b7}`3sf4&_2neCUa{rhOA|GKY?>hyXW4RO)DKeeeHf2iJLL! z+(dehQhRtp|GuTTGYtVx>`{D9*P|tn& zq3h~sRf9>1#nsVLMU!Q^S^PXRb*ER}xT|4Hay1kiC>rju&NYT(ZS*f38=!5UXej`2 zDz$w2r)|O7w|4OeV02{w%|0ecZ6CoGaHYhs{%dG3;n3Ja?t{)qq|}|M3_dC90*1hF z?Cqtd+JmIqeo1V}>+qVLh_3p(_19RU8^z#`X321kp1}`qd`2UVKjbEC`<=8H<)Sq- z*=IqcBz0sg7V0Pe*hL%EVz@#|5WZl(g0dCFYzCS&;%=^ek3gGS_4=_hLTrUX(|pvh z1awXE(wAzw;M(eoe%Kd#VRckm08x$NA;dAcd{-Myc~->bi7go=z$!VoR^Yuz=7Rxu zY=|FGrzE`H>I9Mts4Vy5TM%(Gvog1rs=pe~BhjG-v=n+4T4bi?3JkspL+L_W~lA+&m9u$D z_}BtOx!6A0gN$k=?-|3fRpdz7*p!6^4zAe$W+QwI3hPa+?T{l(3ibH()o(WWk(<%q zJ;uWK=)F$K_Tn1vSU>$kmJ{es8Sn}`Zz1!fzDjodlQiW?YiXgfy2T`w7rSd`NEK7| z@GGV_#CK^td|XQOi5Luo!GEKXeXhOEmuCiGitVJ=?`Cbz^wyF9Ii}g8ifzb)v~nQ9 z^;hSTocqk@?D$(HPG%4&XPT2%x3~yKwAyXB$L90*omH6DY!jV5SeJcb(4ZlZn&jCl zX!zudAWN5T^_>nB2Ob7GU&3)>;;}`m?IX>9y zhv(-TcN5$!5jzFM|9|f$?<%1(+@XHa3PHqo?{p`l-WLplI~wI&2R6T{Z44YGUVJJ6 zI9{HMNe+wnr+?ec`=?Y{bN}D5BrWmnWrs7umW)2Nz$6&nEp;})9(3DU_R&=Gvs$!% z@NgH5n=B${uo`mH-z@y0*A;rZvVKtq_9MP%gv5?T+x`;kUKY8M4zNdexHK z4Sh_owjg4zl7C|hoIdc8x#kx&UKS{ySJqeQubaIMIPZ5wY@d>SmAA@eR^Y%!5GSk z^WfPG*^sC+a!9^0`vqX&PW`I=tHWEyEF{$>55tZdQ`4OXuTVot*(sETw-Km`Zc4|B zr^yq^L;Py+c`DxE| zt(yPP_={$iwePTka^~ypiv;eh^-NXvhVYI$KVFCE4N+x@!badtI~2ss}AO!<>|}Yy;O|Ua2&@U zhP@xHTf3LJ(Oe^!bHMKz@&0EQBz5+0n#2#K6xv3#&4M;c+j_&@1$=k_>Ur8sgaR(Y zUD;{-;k5r08bBL8Lkj>bzOyf?r)C2pVd$5v=MjIsIecBN%a{c?}Kvdn|P zN=&Kak?4?9_VxIybhy6OOA&GnmTWVFKd1I9!sc!(HgHjG9w2*syb8H-%yV&mqdYMF zB+eW^j}BvJ%OFqvURC!RIl;uC2oXugx(8=_G_gl7>B9Aief;LFVydFQ{!-u}Or3E4 zbJDxr@xKt1Ybl432h7?nbT&4WwdX@U`Zqf^o~yy2D;YnDJ(8Y0og04(qm&^klOK0JN;BT2fIW-(wp{-pb=}@UI6Bs;bEa)V>rB=Pi1m0&PKWic^c;|gr08eI0|CS{}~ zIZVGr*8HDGjVM6z_EiWzlfaenFJ9BFFkz_D zg%HL#a4UV&`=t^3U}f1`n|Flky@s04)3Td_H~Pe@9cP+Kvzu^-*8$y3Ll@-qR(Gja zE*l6$k}e{6CkVr_oXVklc=u=t>}Ej;W#ez`D9Nuk1{nmJV=x!Wp&nLxTVC1OOGL+E zrdvC8&1Ha9^9G^uTR8+fryNSmqStNM_s-;FmVyklw`6rl|o3Mg|lQIUE?x3CLtU2Eo~F>!viZ@WNis` zfBJy8bo82I9;(Mr(slR6nkm2N13HB-n%qgMm4p^Z2r3*%RwmW$-PP--eZ?IwbNt!! z`(>Ks1M^|r60Gikx2_+D{92{DaB)$=@d)p}4T4mwgh`re4j0Bk{e}~M0;F9@f%|n` z7>x}p*}m`dfA}VoNl1Z_!fT1PiuY8u>9n)RG@s_n6YFGq=}_u=27wGbfqI_I_QJv> zqTjJ!f6v>dGVm6U{*eBdn50AIJR^y6MWYXrM2ktsLYqqrbBg(%thIqz8$P!>km~(Z zfIy{WTM5ljuE50kWE3vUhm#Ae2*A-u2WVod2S0mE^j=t+0l`B6+4LbM$sb69fB!@) zqGn;|83aBQqu_A65)9r1LkixX4RbzsyJ0vft{5dtcr8IoamX-<-#$ z(I$qC5}4`3(P~_No075qwslXywQDMK6lEy%I^5=TMz0}OcY)=1L%^zk?JX}RKEC1L z;`LOs8{N)-W9U(=kK5c6A@~7mfz=km32&J(I3~V@@rv+I1T6Dg1$O)&uE-ug108ha zAHx=z_yJhdm2o@lV0D1ZquA8y8{P1SN8V6Lb*KeqtF$3X%hot+=Xhm!cB&m#@Ph%fFBDUw!gbf{M{Faqj8Z4HWmh zX4!l%8N=vu-R-* zX2tD~JTqN4rB00NnV!JwXA+@6wBB-~zh}xFr@~MrhWj3iE>bCbhRfo6p7+OYRHOQ5 zH7#?miMmXa5~Bw!zsj&;`;7I#1UAkk_I4LQFT)CtjF|!04Li;oeeLZuWiu`f#_0l+ z@+=9fDhoT`DPAO$D{XQnjJ~R`*d6Jm3&b3?p1+{tSpD^2X!kI&fYZb!8Gq&m zcO?GYg!*!ee37YDsd|2~$u)aBs5kMK)QyV$46oemzlr|N?I8o1d$x|Vy{pnW=l*jwJo=X-s<5GTZb#|wPHlGtDJ(O>(HO8)mq*F}SUqTLqg_IXSv9BS z(I#wlGEGVOX-v;(#L7$OBfR687Alx%6`RO-O_e9=!GgxghLawsh>)u;ISROEj{H5pd25~(W6Py|_2Gm9rlmwHaG)E#{X-;c z>kcM|$4>pi+ojEZZsm>}Lzhk<{3wsIB_eC9;}dO>EamZFlQt0R+RWddGdVx85{t1~ zS{N7T+t39L1$1OsA3f!V=SO!YfMgDv)fg8*2M$;yuc={7yVz}qOm@~x+2Y2;yv*73 zM7R++KrzRC%kcRI3^O0lJMK6b5+pB*wgG>wC--(`RsPr&6DsS&w`H#~E_FXzWi{-h z3t-;Da}V8VVAC6KUq%XRBLK9?u3PDt#L&_x>|y zYHGOhK|U&sDSSq~H2l^R*-g_Rjr}@+;I#1@*zLTfJoVPq43!s0C(rMwbl&5WRsFL= zjcC)A)k<#2pgIrrJ2-#L$}m^1j7D6Ij=?Qw5*!M%X!Lohm5ZLxUKYl$ieuMqcV^Ti z6-I|s_Ti1NXxrOMkOglZC;Ns~U~ACH1XI&jHZ8S8`84F@i8LE5oLQoIQR90Oz%H-k zcdawj4SINvssrGk{|8xWhKiNZn%HOeL+wC};wq1RRdZr*ij27wi#AM>;O>-f+{<Gj+{u| zGjOv2tY36UZ3*_=i6_r@(PJ9P?jyws9FwPbjBUSNHmqO#<^BR_D6%SFxd4s$R(+>2 z>w^rg@otfhE}+n!P017SrQmn2E+5uJ_f+IQf|4vE%rt7Qb;*kHt0;-qbDEy4I$mCouvc=!)>v|Rk_(*QppD#TjsOyCX`;s z0Kch^wtT(-M6a4owqLIJ7Y;Bc*neCL+|Mn^68(tXWH!Enj=x!NZTs?w z>6v{&+~dm6MCGM*Q~bedq&Z`_N~R=Exmc_)ILHLfS?!|jjdh9c0;uze2dwfR$Q!$p zXn(c(t&ZG*-q=TKz!p(D;B;|S$;L;@X=a7sq9t)N2J?_H@3)_3tWtAi`5A0g;s`K+ zmUSA72!Ud=ia}-7qR_e?$ghZr8?jh@Q6TT@mwL~;GZW;cVu#@Xn2^R);b&Cg!th{eQJPwu=c>io7z z?Chk)b1D0{i;qq3Op0}TL1YiiwR=8@tEZ&raKfoe@EoH(*~Qs#HAMfIXDcWcGNv${ z{FqD-e-W&QTNt@p3Z>nVtda33)X#yk9R+c!DO7d^sXShremjq##ToF4H3)C*nY1Un zrFc>J(mMa-OvzN*;u~yGi%5~N`vF5+6G?w_KuX8f)+Ky0+`W++<^iwvoQf2590Mg6 ziWSvpCE|;zwU24mSWbE1#~cvW#J(B~`w*%QHB6$tj7r;28?aJ8fFw)+Gz%0b=c`4v zacRS1k^SG&fxWmLc^&AxiRF6%Z8eb#vfsD2#Kzikf|*ZZ{bECWi^SgEJkr!kp8W!!lss!$M zz?Ysn`@V|W;-HY)sw<66TKOEW*ch$g|KmZj&0_D1gc}Z-@6wSiP8)QQ>Bb!qgwM-` zo>K*HS(A)v0{Mga!KPUaoKR$L&ZSWt4NOx#s=dp%mfHL6I-alpDMlI(Is7b9u%C~7 z%<#Dn+;zgWTz-3P`57;^7H;1`vhEdF6odmia-*HqA;T|n?w2EkgYP&s-y`;62Q_FD z-F7Pbqe(pa3)kT|wYJojHgyBgp`&l@e)k)IJAa?qv%hsa^sD?g z8BU9Lkb7*`DaxN*!DaW;-Y2HTK~I0J48WwSJ!3Dhl-oabvU6N_yAk^5E7~K1uxJIA zE12EM17SU1UmD&~k~EG#!G47uZ!{WupQFhz{&j;uRq6+>GCIu|DEgx6u?JB`RNoaoQ0OG_1)tNPRGcd~Bb8nu`90XlJHem{pXszD?|XTmAFhxxALjaIVgu!KfHNgi=X12*0iJ zo+Mp81Yz5rfL~L{a6R@cpC-)|uI+kRe z4zm*!IGr+0D%wAvRZV9VR_4#tEO_YbBkbp!G5~b^5f;DTTMR*IR(Cn&u=LO8xcw}y zjGWo|{GkLzGnyp0DcrOYqhYkD{q=jRC1ifN&sk)(@jCoYK3NT$TJ}T=Chz|%UYe?U z(VVUaRacGwKOG71r$tz`JE602Z_{Zrx7P>_m85E*Rr4BlG(XQfXMR=)Y%(b|8iRCr zUOexwS|QaAj8@heU^N4>s-U9n0~m zv6S%}7wJB8_uJahxjL4J8dXn?$A1c>w@Nc9^1EI?-4TmLQ=6Vr*>7aU*Gejfg#QQb zkRSgK+##dgR7?Ey@n5)uu`N<_^~smzm6}`5g(MLV^E7Co*TG>jn`8)>P-Ix5$U0qAD;_^F`4iiJ}iR#tUui`E3H zaVXcSNaz&|JL^KvMy|}hsvk@Ez=2aAC?NlbTu@^kmVwxRAcg*;Ox@B~n?3417xN*c zRJo7H4*Ua2D_NejYSI6Xy|)aDb6d7XgIj{T2X}Xu00Dx#I|L8z5Ijh52?Td&pwXa> zOMn2u-QC^oHpyD+>~HOTzH`s7`{S;E^z$^`v+J!{Rdb9ntCU6*zdL~BvC?0QLs61H z-bv?7xFbVA%T%PV*$4i^fj&!z7qT(#kh&PvuFjwCw9xE7d#9{eb_bu&w zfAU+Gw&ODVHKfCZ0Yj~H=txR~qlWa*2;}+hLjmKb7=&{-)~htD!?8Q<>db5?LK1Gj3vu_P#Sxe?v4^ z{@Hd&EzBI#0#txEbS={oeHNE2vw|-Q&=5oN#rIS*z07}lp;P{jwqg62Do$O@qMnX8 z=SDaj4Gdrc^smX^zn?xxU-)72^g}BH5}NM!xBW}4U9o_`pw+0#1lre5VKqr|v$Jo# zsp4>~mPqKT0;?z*E^l=#?moedF=& zaHt9y1^oQhkr;HUwW3=6N=xO2agV>{r7KOG=C5Cp_sf8r!R0A+!s@qXcL;=b%O-_i zM$0TQjFzZb7wdt=QnfpBQ$gU1*blu06UhVMOpML&^MwRJ zoiPtw#e)Sd=r`+Q!={VPFzu(w`rb0G)?;+;?_eOHzmfQ73o|D*EvBd&E4+W|v2^q- zjKtf~X}Z${D?X7nbSF#o=rO3}PA+SA{U-9Is2^>c6_;nE_n-Bc)aG!%mq&r~Yv1ai zg1wKj?r_)?Z3~aZNg}PW=C|m)?ecX6_<};(**0_4`;DFiYSjjBJdg7LLDONX3FY!$ zv0rw7>5t%~J`iI2x>gWhBc9Fj25EflU%EU085J>c{9oDqY=uJMV;fkhv7M95aNmb0 zUWUbH*x3lifg4~SZb>-h*qs2-L)|XDF4N{xXdp%chbmK~mxOG3i$sa6ZI;pk@$vi# zvE_rKdAc)IqaCk?N&;JZw44>EY3+W_$bID=Xs+GJv#9&#a2WLsjYbuG=_9y*aOn5e z|4#QS-A|D{r+ZhQgISj<=NUFFkojku`FiO%(5BL`vPIjpQK+MGtqfLi!_C`nO(Zl~)rjpX~A${9~k&`YtKIwv9_NyMCKLw66p#+Ovvf&0! z#bNi~ec+cZ+JyBD!Or)r@@;B$0=oKrEvF;8w4q*Ta*MC2sX6E|{{d|61K*c)Nw2`q-_gDY`}fi?zkEC}wBK`u1K)#z{V&0@ ze*pH+j}j?0qspo6lSrvamwyYL|MgPlOB=Y?g#;WwgI=RE0>2|N4g@r!jG-5TR*_V0 z$g4cpvQ!v}wc2X;KIIf%>u(yFQuR3^ww9&W;5v*(2nZwfYtJ2{VE*z$%>Q#4{}!_U z>wEwBi&V(pU%X(TDHprDF7S(vP=g8H&Mb#XK{oybKpLdCD-(=}by_?1oW;ORgG_J2 z6ZQGeCX?bb7G^gAa$J&G^@!kglmlP(20uTU<7m`h>!4O>>#$P%h35a?hLZeCMp?ze zy*)GbxXw+f;_|U><_|Bvcpxa0KDxA2Zn5d%xU980q_{QM=udR2?FCl^V0G$1^OJKY z_?`m6fNC;vI{sD(k-B6S1$eS2jWiIu_t*9T$J$>)4-87M!xsHp;s58p`j_bZCnj?8 zE39VRS;>c`59V0iC_9>d<=B~JFyTVN0w}gLtCnd?l+oz#XB_&mQgE^Sz z2(H!oT5qz!u)Ac!+Em=r^F>*;y7OXg@pySg>kLZ(Y%!_gJFsXBa||b>Q|uSrVFCYZ zk=4&d^#5v+!PG1kT8%GnEMvX7zzl$XZSk?Iu83EOT0?@fWgJyHeo~SZ7Mpp^r`dD- zWT57m8;s>rP6kJb3g@nQX{bopGwYILAcRc(>?c`yzY&eI=gs}UT80EUi))Y7jmxc7 z3X5C%5A7;Z@NEx@JubV%rw8EsDC#;dTXjGU2T)B0U!9q;7LefRj}%MPZyLnJWrwEK zs%6?a$w8~~t$7@vC&yPa&0E)G=mRa&49-mGPw0-nubWY7wS~~xEM#CnAOS@Gy%hO3 zzy3d4^?#BAV>bfjHNRu32*vNRf%Tuy`fmcnKlb_`9O`dD?H_ynW3Rtk;2)p(yG8!C zY5w-|AA9{{ufJR1AD{TUMgF#F{`T_!-}X|fcX^6XUO7wz{qM#Y9}iKQ)Fj>&Q3v}`40v)mL&`*hO9#qBsFNc@^7f#HgfT7W&^UIbbxf|CjXWzPHD7A*fYhyY9J>63yjX9 z_>HeS{jc%${~6|Y^$(9^kr*$S%8MwyX$q*ZS5m;AD8_eTpA^q}g9K(oMwm(9eu*m- zM`3>TZS#1h%PE^$To3rP8f{Wa^{XYh?B>_w_HH7|lj+oCT&J_sp2gQzhc)r4<+{bD zP!8w+Il29ZZHtNF55C$s;AAiu>n6oWMEGuYr|Db zbhYTzX_&#Z4w$!#+<3lZFZY$JFXYuumHC0TmUU(o`JcT2K%Sp%-nt<~*qSZQI*xio z7brJ1e!UC`Xme!{X*1^cb>QXv#igz?8}d)jH3~XDli2H%7DK6w5y=dnFQBcaN@zdh zbA56l;fVSV2dV$?JHXw4FPT`*x4KV{rP$4EZzs_`O76Jj;};Lc^1Npv@#w84=B3YD z`_`-LIY5)x{I0LY1N;y~3CHV!Aln+Y6H(Z}!kJ~0@V?g73Kro*44G};+F^MsC zqfqPHuffNEJNrMsbY!dm_Y_Y7nS$!{@=wi7r&1%$Q>@=`{q3zZ*pN`6@0csA)oGUd zi29+c)yIqU<#rF0HR$SFWNv5)bV>3(&Tzh;V$p-low*{O$-YAAZxUJ4&t%^>=2vhb zzsNp?-(=qwcvPfSLUW_Alf(^?YYdn?mCX;wGT{w#*_#@uv1F(4S(7xPiqQP@hs@yL zNC##3`TJdWJTCL>x}L`}w>WUGj7(!&?7yGl6$N0PTbf1^wl=#H>jvdE7CC8IY5;5M z%)vxyv+o-;u88LTRZ3ZjJ8{e3-Arqw)@`-W{)djv&-$VuY4D)E#WFd-bO%;TcnCv} z!k2YHo3WDoucN@Y)=x`+y1qy`%wuY+y5xPso5llu+0>&r?~>)rC+*j*at5^Vn`I6v zFAJpyZWHsb9xw7&ku9s7FC=faw}MAIY+L;R>GLo38-yasmPmcZ)Nl5uB4;{~k1DDY zn3L7ldlROheomQ;=WUz6En|H5ccw4I zz{-bzMJux2z}qmdggcrIctW+S7pL9Zd*677f~608ub`VO&&aKaXc0$LRxMqD`~x)X<=n5@U@Hv5kb z$7bKA?`}BNzM{uTYXi5^*$C0-=}T(WQ;^dj<^y-cDbp-ic0KmHEQeeSUqvEOZd7Sh z$&0mvc}amO(Jm&!08RO_aSl=x^Q9^@3?>8&be^bKUjE9+!o$-rck+zeVe^95)g)5- z*&V2^dhG6C|HuBqSvrP-_3dSJV9kdygqbE!F}wzs1A&v8!o`Kz*O)n>!`HpxKQbPf z@TUtBTn;gL9B=7BSA*(>rZO2Ev5G^Wh*MK(>CXdOS@Wy!sTCI=J^Msc60~VdTAy+% z?TkX>!;p~uQvfJqHrewi{*WGpR4{>nZDGw_AZTlQ<|;Qax4^mV4dq$hnb>Mi*^|;$ zpWhhS3E^IqyCNei3PnMxVA9Vr{=Ig36zm)v{LQKAp1U)PptxzOYzA0b>YkA;pxUP^ zpKp81jd~VEozt%-9~3>bRR<)Fg!I#>?i-VP1{cV49gdQaiy4nzlc^u_$Yl;LQIA#S z$;pdn&@y&z8qAX}@9B5TMSll(LjVY+xW0lsLGT}#vK!e#x*Qp0q~7^iOz*5xnw@`I zkQ*M%u3V<9Rpcym#5rlZ#HRikfDykdlJJO)uGgo7YgvF@+1)L9LuaX)<=`_koU;cbE z2|1WAn{2tfyn#W-0+W& zxBO*ZSafOZYz*Fhwoh|oZjyR=?8)T=0}L^OoMssP*Nyu^o?+U^T4oZ%M;hXEvpQ&% zm>lX67CPx(T4D zq9R6O7|@cuJ$Z6oyz*O=h{rjsV{tFg7uvmlYqUq`FSKNruLa0W%vL2U9q-USz+aik z>FnK8t2sAjt<}NW6A*%a#LR<|ctIO4ESNvutRe#OO?hew)Y#~1DkziM<;8T?kBXuY zmDwbTa;|SaR~^ltkZ(oFrb5qJ*y$A+68c=_rX`3t+q4<^0pB}T7 z+YCS&?+NTCWeBW6`}783v{(E=!yT(HnGw860Yk=+oZ7segKD28F=s!=$l;^U^^ZF zs@b|-WwA7-KZ$39FEDEE>`}!lJ{h=GdR}!0p_IqerDD}yjG`LAV=poDzX>cnit*`& zyPY84?f;PVG(Q=Sih!+1S3YU$@X`!OZM~6gHyCjnM5h=4Ll>Acwe5O^zNLv95UlV; z&iE5NZh*w`i$i|bl+;)HmTJd=r0*~>yAYU;mqb*_wZ@!Iio2?@J8 zae=Q&U9n1uE(Zo@c})6{ZnLNYQt+Z_0L$rGKh3VNOVf{dAs4n=ke{4v$+`abxK8z2Eas=U4ySODn7LwNk*C)!DC~OQ~h=rNU`PdV1jYu zYuJ;8fm|ds#TEA$UcK-)Y%Yp62@g(DLh<^S8_SUK! zL8HrFf$H{ftROv*tUZ{#Ry53(bnUY0X{*Jh0?g-nQI2Q4_SrvC)?rmsNz9Nr4(%^4V*+zdV@{ zHH|y3zUA=Hz@}h{i!grSc*EcLDQv*`xC^U9nIWD+ugI4mAXtp-kud#GP4|*T=#rM{ zgvAyv>f=|pSAMmyY;|`4`f+FX(xST|5^PbT3qdu0l!*pv`i<`~0U|B9tWJd*w+bDr zUKtFJ!a^OL=#wk)Te)Q|fJa!FifeGT+r1c6SDWX<4+w?{M(ARPCd-B*sR- zTAN|~G(v>C+D2I3#b{)+jl#d(lpm_fx~Hk}BR*H3#w1;e4mEQ!@~xf;=|v+Ez<=EG z^sjsgcB;01HS6t*p@oeN@T`-slF|5L9*$B3sl1-&xGsB-#I{Q((LdN7I;2z!-W7jp zGl9oO^Pf<)0tcgeIMhEf=uB* zFe|M1QQwM?n>jGHu_Z_yNRUr0Uh$R(I${c@VHHKRsv;hNIk`|qf^C+vk0;%bb>{-n zw9wuAexB3Qd)jIs0CXtVg~~wqnhU|`*%>-sPURn$*;2rn+@JJ!AlSX;s8i6c&lI}$NS@e$P)N>!qu;C;LenIF zi%s+;6bY4O5ig7f$Pgm<@Xm`lVr2vw3+yC}%~Wi}q%l7e+Ay^J z0vo#NVX_;?>R+jkDDWlb(sh`mGW%C%r3&VN@=lwjgXRYE#jRBO*QMQ^r#nw92jTC! zVU$+ z7t$3Gu#?Ld^Ii+@V`dl%+%JJI7;W^|ehrESPh-g-)65%6JM zE#PAaT6E9_z@L8^fD_&lr(HhhzhMZuJp^L zw%o_mw>UYg(+tihGO(&)lhn~;4ZVFXS@Wd5>#3Hp!dUuIo*W7z)2k1Q5)lVVuGVFl zhpm%`#IBMDm^xjdBUIfe^VJ~F66X{~V2xf0IyE*G)z|k>2iH0oZp&t!pT)O1ER?f5 zub->!yn-;JgBSQ3VLeq=@>I_zvo1(qR^Hjsi0+=KI9li;%{(wqmq7wmwzY9WVA=gm zr3!JQ9TM?7y;~akN#V|T@SbC-Dq}_%amo4;#z1zw#{1nW@gP2?aEIqKqT2AOJ~ZH5 zkwwaCaU!duF}M$0_7@g+I8w|82q+5izp~u3(Gt@rcO}!z0uQAkA*X4iztPg%9Q5gB zv*&@wZWs7k!psAE*1YW`YrtBNBX5ws)K&ZVc!h8?e~zBPM;C5kw|q6X-6J^?iaa5z>bA z8|AyZ2wy6zc6W5d$;n4w;YHO7^(@(_2eB1MGaX&n8139f7KzjD=MpAdjuoD|H@ts6 z$+wKMqFGbKwA%epiSffjaeIb#Q{czK7xE9xM~pH0Kd$h6JjW57)7$ts^xUU-so)JY zbrMujhpjL9t$8PPHWGUew2AlKH*t-ahUf)+vZ4pNQmf3jELVnj5wM2ilTssiMK7c; zW~R_|GTX<#$qsA}bl)PSk!o@SaE2K=ciz-{IYpBlO$KgR_OAxAuA;3Z89K;v@G1NV zoMx6tZzRh!`T?Wa%0jg)NUpeYt-+k4h*emt$d-LQ6Mib2d+yf?-4Y! zF0cytYEIMYiiBpxFxgdR36MXB>AO!?NxDT> zqjO;RLb`f6lsl~Ri3?Cw|3~ydH}0+16K{ikH+z!YJ|#;_ss?BdV5=rc6iB;Qpio3| zZL*-raLnU=S~Z=#6zAozuRsFG_*#{B<_)dvqa-DS{2_BMu}=oEI^Q^|#qj|fYdA5f zf;!mkg#r4H=0ku`1}xGxy9QB`PiG5fKJFQBcT25)ij5;M?T0zaP-W*loY>9nf`w(v z^d9q)r?MyDzQEc{CYg@bUS`vO%U`gUNm?N(*f9_7?jh3g$mmLcRc*Rgn&m1}1818Z zd%FqNJ|Yw3x;3kFA%<@kyZR8sNqFb< z_IdLd@3{`uGR?kj+iS=F%C3Ug;Me}>0GOUzAp*(olq#d?g2(~9kWSlZmDKIcS^(7~ z+;!Y0stI2tr*_Me$54;Dtop*X3CmYgQ?ClI5Pg8iHk~&uxHu2+&MgS*M1nDUD`zZA z1Upx_XLCT~SDmR*ocl=?>>5;lo(%>tDI%F(;yb`uuOloc0cw?%y3G5TeNczdL0eN| z9Cs=<_Fl==k!pLhLdmT+5i6VzmtW=&NXM@J6_iYhL11(D)2`q|A z!Y5G=6)4Q#yzNo9k8B+(&AT?eF}LrONKMohP0xn^IDUY$jXy5Dz}>xUjmw@ZxMw*Q z9Z2n2~z@4mq%8bfdyt}l$U5nm0pDGx1ev7I-l-?>b)5V#{q!)K+uNlo| z=Ey}C!lmT9Q?HsB=PB?w9KV@AP%Nr>=@2u<+)5=-=c zZ_rJ~5vLvBMCm(aD@_3eGc2cf{`WWYm|>b3pu5Ylu=v95^`0pYd0z$rI*(hV-_ZjZ5a*0|sAUM6sZyHd zu|H+Ui}5NTBwXAHt0||CDrbMX=;@ME_8$y4^?xTOiY)`4Uy-Tw5-|?t!l2#i6P}G4 zIrqhTt#?%0UxwYA=s?#aoB{@^3i{+$Y->fDo-pD=MQP@geHb)PS#vxVzr;9O4Ar>RbX^s(l=18xr< z(Z=<(N|9^cWj%-Dnv|&j42+rBCr_{P~uMa9nv&q_oq$} zaQ@;7_e22F=^-+&f|zPj zgW*)UCwwB0_xlrwteAvq8H%@mW||+qKzvS;=Kk4%;+Ey2j4%bi1zD4=!xd?DT*P+8 zjLp>}Uy9>mFAptIBA2Moiv> zHO2ACYBtuc^G+Q2`*Z2#E`a0c1hFdQBt$Mi7(Qe(IE7mCCoKSbcIStLywuJmN zHFagl$+rp@8M)ZVMbguq;`2ZD6yQ(YG*0YRYhdT}pjHDwPbDpe8I>YSoT@svtUnv{ z60hoDjr3E<;F&B{JTY`tJqpPy-p{)=Bt{Cpx;$Qqq3+flkj@kasU*@lhh-cspffmc zY#JHMPgBF+n{2sn=7NjdY(sDwxCo^N!qpotwmmB1)V4g)eoA(CtHqda9X0@vF2$ca za}QI(w@nN0c)q#L{MZg%>-Qd9n>eiF@HP<^$BDX42!=G5P>g7!V>{I{TuWNTzcBl z&J~@|OZR(|exH~OTHayNC*@X>e6AYUw626a`>j= zdZkzEd_@Yw)L@^k|BKRnlF$lNe>`>FyB3!{Y)+4DRz9bmv#%RRNaiZ39K{FWqvs^% zBNZzqrn9m{b0bc}LS`FHz7Kq#@gGWzjv-=YoQQN!vd=}xryXt$B(){63A%V-brc&TdK-LKGNpaw7n4TbLaZesa zaQZt_Ul$%YYC3!piTB^zzUH+MjG5k@y++Ot8mV-yvAgovW$}&JGlvsQOJmD>_l7b8 z2kWf*>S(x}9zmrCjD(C%9`NsUsO8*pLf$bE6fk|UdI@PH{(O#v%`g7`S8ntt{{^a9 zvq2+8Np>LiVvW2mpZz?(fWX}jN#dEF;Nb8|(K~esSdbj7`Ow)6v?gLm2qQokc#;vj zSqAJblNgP(?s3}#C_L7oku>#f_-_@Y%nbEEct+n9#ULrb+a+XVV29i3kz9DMPn`th zyN$2NX3e8)P%=FxNV@BnzggexJl;ifAqs;kSrpk@xxz>M(DI$_PT$u0lw6>*Nck~hGg;HgS*kx$2m-TRp;{hE>aoIV3{p?}kD!n4`*cHUu zxxMIW37&{-Lu&yEPzb?>+0mQ;h_4?XZOCM4h9eeTQ!%9(k4Q>9Bq~0RG9*|e-cQzr zl$|oSQde;BwHmxqqnNz4;@n1EK11utIxSy|(L6IPbA)F#7ey zkPkvaJ4-U%NN>IJDI#~f7&UhB1N`aH2Q`U@kn^Qu7F8 zv}gvP)EY(1GVNUDPpBoXc;I*dfOjIyt-r@7Nym%UUGD3#qsQ$zx9Bw@R6Cif&B9QF{8Ztphv2lqU25R6 ztz!sjcBia={KvLAdDNx)`-W5>I2CADi?jiFb`>(*py}NQ0c3lQx9l+#X0C3T<`E2mWk9Hbz ztDjw0m^tO=R?L~%=C$iCDt1Nb>34GX!k7AEHp2c%BEz=9*hmHR62bJrh#HZ%uPUtE zs`22b&o?yFSGgiRB^?ulf6y<_d=NaLKN0^^Hka+(K!9zAZ-Bl}_hNMrFm(lQwKKZM z%Zyg%+e^_DmnkL`Eg}2GdFSP}*D1YGhL!Fo%Da=f$r?n*$1&tmTszqii>#zGRc86X z*82oD(_>tu7nO#i>$GfT21{;1b&;@arB7Zh3j;MCXX=wxM0|a_rqo*5y zQYTa~nFJb1ugm>-ed?Hxu7$q*DawWNW*cWXpThaX6lyKEByjr@=?l+=D!s1skqE|3 zq?TX!=jmMOcX&zERPx5W1NV+#V1>AW40xo23?XV?eL(3MNw9B8_BcVgqH@}Nw|aYt zPVMV`{rI6oxjW^Zjhf+ep(s*HT48kL;pvd(#U`G|hsDs4^I@`UJl~E@CWQ=Ufqe7q zn$$1CWx0O>kie0CY-7No?M5YZK6u_viV6=IVu%K>O$GeLtUVJD9g)9qI{Ti#7oGFa zNaq;gSb9M&2LS=P6;Ib@**{vwZc!u8zg?V;5JY22D)xWLbd|Oq-6bUXadN_?S7IvG zumk-HYqB|;1J-|asaa@5W+dDDSnc2>x`GawnBORWOTvE2n%=e5fcI` z9IwJzui6w_h9VN9b5x-29EozM0R#Zh5k)Kd@-UTBiKQY(mXm~A4<5NkeWwth6)}35 zL(fKv+#gkugA@Uh8rIKc?KnLb@(0Du=2!p3HL}!182!K~lePY{GPWK&`$eSdCU~4- zCVak2{(T1{!K!{+`0=oHl;&iXl6g|aKB6>Lhn;{hv^GlXRLPQ}ZjiBfxT*9uijj02 z{S5i=yAkRb-vn^q|DYP4vZ0lOW>)@K{g*<~Am^G$=Na(#eU1w&JgYL77QKD$b${CGC>ZXbX?{P7jT+ZSzfrd~% zD+ayK0J$}>7*S_tQz-uY*TE8Gin`w5xUy8hM;#|6De`Q1PdOS`qeyXDC4_`ezNi!t zFO7+n0z5Q4bVLa^FM6%l;E~ufnWu3&9lf%kBh)+9$A&tIk$ShGn$HavVT{)5 zKKH&)IHt;5H_FDH0lJ(=gFAxKj^9PK_?N;^3Q!(roH@pe1>KOGy&A30S>d)#GKvw3z)P7kW>9xHmk^ zf`-U;-Yv-&Qzp+3i7hH_ikR-rFz0t>1#vCv3Q5DLP-T05^ZeOHSk^Bm`*bU3P36s4 zQ71oG!9n@Z_h3a#RmoisJWO}%-~xZRMPQ{!2#`x=-6mFXY8=3+LaRrOP5`~HN7|Br z^e%vfQT z*_{07)c~>w8W=qpq--|B)R@Wdep0+ETB269t0Ni9Bw7!2T`#Qcw;nYP~(Ji!cWOx&U(@9pr01SF$*RJY&-w)VD7=|_aVdb^j z>qy@^Wde3Nda zXEHplbjZVS0uW$+M0rT#bN^P1`gfN&g14A*-T10(_I$JCJwv3~?$NA8(8LJ%NuTut z)tVPr6Yfa*1yHw}LiCorocsi5qNhgcOU-` zFvi@_NQ=TXPZ6XAM)SdehG@voxvS+^EL9)n65l=o1bcX;u38Eph zm!EPmH*uPFsgoW%p*ArAeb@x45_v&~RIptZev{j7UG&P^vd)eNr19p|hn4FNZQmQ? zJHIFCROgn_1Myn=Msch)NFZ}rkmP7p8iTsPpzAhJklwGZ{T6B%E&E*K0K{5uUXHy; z-TGPIqUA_EIQ$a`2FJ%h5KK&{eiMOBp(H%QYG!O=@tbsZ4At{(J_9|d)trWtMeMYy zHD7)(@|15jnFAN^+g{EYnZwcHhG;m}u)XjPNLSvN{m&JAqKS3KUtAmue7)3*qZT5* z7V}tmD(}-4)fP7csFBA9xSdLM+cL7_qM!9jPy-Pi;L)(#wL=RGjxcPy&=DBa^5J|L zm7m~=_yrUgQ@QiccgFfWSB#8*F2^Rpg|tI?sXW}enBv1jmSuRWhX6EMqa~vW89MJt zZjaxeO|q4Uf&0wZ?Z2nLS?^QnK$4X8@U>4F*9vX@Ac$(GuOD{lj09&qjPA6S0PN0JvULa6JCW%2_(91bH zM*=az9uO9Umir_<+671AOExwk3?}~`YVbIW*WuXkD3V8VLliUS8&qAjzu8c_c%0ep zdG~8z6u(8Y2iB_RAUvZbmEmm`NGK!q1}HsNUp-CQ2d8YORlGmtz|JviY)!NXuZWa?5#a{P_bA43)3C03WOp8sq-EWcc z;9#)a%itxmO1BD#eSss$0-kNva5yyE=eOnnEY3IX0v^jzy%?H8Wh3PH1~evO4KdMb znCsyi^@muUyPE6R0ApeQ;mxDm=%9f7xCWmRo&K)I?#}K&D<#ithO!8q02oX;ZA8E( zoPuZbm#krHsmb^}l5sr5cCrKu_VFzVk}ce&W60Gviz_ne^>r%2$}e$f=8;o3Z(e+K zkIBq}MhQD;>6avW+&M$jaMzHSd~^z#^=sBoS9Zv*cq&tz*EsEWw?}Fv`Nk~E8H7%U zvjBj&ii4sYDzRs*+O!c^YCSL6tQGo18=^nPfUxJpZ?Ax2vRHgJM52EFeQQ7w#I`6C zjnVCN9!x4I+JJy4XuB&ZeDo`gwH$pREdfgw^a531Vrf!i4`;>2Zvi73c(j$`>GStY z(&#<1n}y(}J;=m_qF|^sx1ES5x9|eq#w*2WC6J~)t0D=q zppId7`JJD3-6eGh$^G$n}XF%xezVG+PD-3l4CU~)ZuO60o{D)dpp8UG>U;1@0cscDW!b6kokDQb` zwd-CNk@C|+;Jx7a;IG`i7C`#R0p367YO3QbfB<3RF?0=2oMfTd`nn05+ll`YfpeyX zK-1(X@dA0~ZSBcyQ0x0*Qfc}TLBk^VrZq2>Z`%EL?jggv%_|aQRrDrx)T=kwiz0r# ztB75X@YuKbLw&8;=nNg;xwE{IlJ1 z^kzR=<^a-eFw7-GDUA}lb<*;AH5E<&8KCkzIzk9m3eb&*4htMLo zM1|r`WrO(}Pa(wKyV$RlB^B&ae<_V{p&`YW_h?n5X}7uGD~7_p+9uM3A>*con2v>3 zTuEWK*zxZfENyfN=$-&fy&qW>et+0}qgrGL;rURTT-r?c;c(u=>RLp_qa@k>?w!{_ zU?D_EplBc<6aaCk*_I3v+j~dB6`}#BjLH#x?o_eP}l(>4x;{NzE z4zD=nyK853x%+)t7nw9ehm%#xlBwm_^n+mn?I#UKEi&irUyRi8FrLpOtH}P~F%DUj zI>z`C;bp|ZV&x(v{OSslW{#8v9me{@U`c|F%bW#&p?qfcg4d<;cre9y=^;qyEcH#G zh_@sd$5}mFVD(}D&1w7l3H}nc+;_Zc56F$J=x~s5{sb1RxVSk71h=|ope<7Ku^(aF zN?o`G2PSB1x2A#=STV+3T#B^SlOybc~S%TF>dDkc`dCwu70nonVwHt>j{_IzS@WJ;z)G*5)WZfZ1!24tvQ@<`npl(j)P z=rlgG2srIzF&6BE&k(thATBfm^#}qc((TkanTY@xV;s=trKaeTFi0lrvzU zwu{k_PI>UB8bZkK1xg49x6^5$)5)*YA2sHj5E`ZMSx})^h8lF0PDs6PsaSp0NBdT= zAN`w9PeUBe>8_Iq_|zdBO!xLd+$fPUYGd643@Vkq;ie|2Pv|fK1 zM}QK@B;MSkAN9q2lLk3sf^OtIFsR$WO6cS4l=)NmVW#~{a54l_W7X!%%DNzBW*m1A zK7F%`sB=ycvxH(xp@deU1%_o~&~vQ3Uc@l9q^Y83V>{{uOG0D=%EH%7#f6a5F15Cp zm-1%qnU%UN+s5*@MOP@HAdRJI&KlK2!(m2sJ`hP={`{ z3bis3DD(F;_niSg&|C=<4&&agZ0d<$Ozmu&+Zm95&mzLb!_+TY{w#wN`SlLWXnfak zPfCO%6$JX0V;rmUT?)C#SmYC|5?NFphkR;?K%#~{ao6+L@q=4N>}r9>CKahcg?_i8 z1Pcuy=_bs(7WgYbnwWwEWZRzN5w)zl*%$)4>pEjh;cPgl5xvFWXCIFIFz~TF)Hh2Q z^>-iy4;}pl0VUkPerfQKa`O@_iXQH~y)OY8u@Glx;3TL)qKLymqag=8p!!-Xp}+IH zsO&<(Z1hJ=|A-uoa(w>+q1P+85xJ0j7ED&S(a-E~LnlIXO?!5H4?|ywC~Z-2oV_~% ziBce7$9|b2VG(3;8(}{By(EgZMTFZ$^^deDoB$e=p#3ap6`alTNwjAxMKD+!nejW=~#sQ5P2C*W6oftK8g7Xbv>CmU7;_|!`CDO+;Z)F*59{zW<$;M{$%r;-e@0v8h9+`{nF0D)$M>I z^Ea;~eVeODTcSGqr2>o0z3uosW1XLGo<&<|5?LFcKCjlXMQ68t;xbk7C|XBUodGC0 z_Qx`zE&LMjq>L6MPDeL7ZXiB@%m~u4g%deS)Pyei4YfJogAgFZE8sC=3h@6*5YU0Y z@EqX4-|(DJ`rIbVPLlRjcB5C{nm_l30I^B3l-QqQ<+f#Pj=XDw!4QcRCyLo>ffyd7 zOpM}mH=H{)LNA;_Ip(S4SjYG`yB6F*TVZGa;}ru0q4(lSlk$c$S4R(9X3DkbDF{iL z3*lf5mtJf;!dZ7m<0?T%e-65xrFQqpTI`qx0wRmjYCZcdWV`lpH-Nj0p)nwgfD#r^ z5&iKw1YVjke$gr0ObVq&=s@@mFO$WwL2={_>OQ47HLoT+S3PK!*D~ok;&Y58CTN@u zucLobe8R$X=|2;XvlG?E8czhMH3P{@OXackc@w%d)?Wo1qU~4XMLpM@D#5*9avDZ? z^dBi%)ve);Bhe2bBsJhS^787p0lT>ivBOfX#6GGiW;zNZfR4bRxIQ3w&^uCIp{;Sb z)!=4{l5v_iUXQ#pdQ#Onzw{3y5_tLz84>eQ#$W)4=B@f73gm0eECB%m2S-#)<7^r= zkh{4h+PplkW-Y<55O@IXVU$kFD&jpTT{3*DM6%Wxmn;OwL+jwga6LVFw8ke|Rjr~v zcDJ!7@YAK^Gdk1k+8MvbB4V$*(sGppH*u{d;~N7I=&sU7YdAu z`oc7rwkTl_;|5~9Ua^Wf8pOKJ8+uXczCaJBV`La+B~$?LHTGHegmf%{Ul%~ogB3UX~vRY z+8o-%2L;h{#Ur7KZuW=ROXRI2LonQYWF$_h8HA+s$Z(hHP3Y?bt5RgH2n;@CGY$SZaAYG&zrc^F|y3JiJsDyTNa{#Ey({8{&HiDl;A_#kyb z;q0nC2RP8xscj*A7bB%NbJ5ecj)9OhkXY@GGqeMsg8-?_blyIPqa%9`)pw7;XE3*z>&u1bztp27aszSsJVZRLg`6bm1^01U(&uKPj?MSJ{;F7) zck9SYz`kNll*{z-nZ+{_&yojnuDaFfKuk@w7!j8!vJko8l04|xkR}EN>iS~ln z#!==VZXD)QNT*$>L+$V+WL6*~had>Z@ zHO+(se^WCOJ+cz?Z@aETg4wPFX%MFEMfC2yI6L#!9{FnD+0=HsFFnIReluZ5#qCW@ zh5M|w=FLXuwf=4Q_;t-I(t@-l72+pVOJZ5Zzx2LX{KH*hrk1E#( zx)%ef74XH-*vjmM7vBPe)Xq&Vh$Pt7zdq=57Jo17UoN7*JLPC%`HmGI6bE{Y3=*q= zznpp5d$#JD=EP7>xrXjBI?Am_Kd_ERkD}6AJXcyeKkBS|F|iwoy?hqSY*v?R0aRWS z8Ymm>k85V$AfZ1?Z$r#}6U3_;R;A0Q8o6?G7-^&jA+w<-73GlyjkKT=QldhnWKex~ z_^sBR=vO>T`*ER|PdNTmtX#5J9`)E$F9Zkf)QrpK11G1qnQ~@0;_KUrUw+%o9^5Ej zuhb#oC2#G))5E^IwbpH!?lz|}Zb2POrn#L5+w?7cRRp)<>|^fM*0lyxYFLjOU7p;5vy&Jt%4o9{lPCD<8lnct!aQ}&-qDOGu@6d(t0@SVm?(f!bGgCY@!D$EW4d}u z#7kEM+nS;IQGoKYtfAUnry4Q8G~Th~aHqSEjsF(jdZ0}Uq3+{guRqWy2?(+R*JZo$ zV<)GzIvmy)M#bj<0Vtl0i76)P{qs|A{i!kU^k|=ALN&&uJ`L;??EMFnDfSTg>qb9c z=4E+U?lVe*z-2VE;^Wg53Ps2eHWsk%ae8lc;iW!xLQRvfFlat6hVO#!ly^4DlwGql z#oZv7)JH!PpS2m+0mhgb1-o}xFPF+ES?5UYSUGenQnm2_@+)StoO0I_Kn8Sl6u3W~GmF5Af7W7)8?(6vF zNvr6`Y!qv7i1GrRfde0l=NPM+4sWD4T$;F-&rHCg>FLxdvGnMVNIlZt*F-XcJ4#=Pimn7__nuoffLq;E3}@}Ul7sovHcnA0qj|Df?p*?!@quKI>PmQ_!)}{ z7wmY1P%BP5kMA5g$IX-B}*^l}> z_rxmSpp@9V5LYomn6%_hXZ`+wz5Mt1M5(C5!Ui*-IuP~nIO;uF6-WHBnYa@{}4#PO`}#Ucrx%tG)8T>PEUB6;KwucyV&GBL}3Yxfz@=rB&;7# zw3d8gV?7;E^=oX{p-7eW@eHP9$>;XbN^`D729Hfo1dD^6E&&p2!-Zww16Klm<#OC| zF1_KcKoXVFyNI}iTRkFkObRk&)rw{(trJ}HX+UDNlV_3hQtnloYjWDHBIV`_eSYl* zVi_uVr!nj8rlaH0&ho9uKZhVw>*vi=zvn*g0f7T9W*dIKYcS`cIszspgpz@7s=~Zw zrG(T<$&*;HvUf9Qq$igX%?#J%E3@Zq>&L#$!|dYXVM1#t%Eb+=1p{y%PZ-YQIT zT0pTccYnbRj*KVb7LvUFaUR$N;M%0ZpB-o=r3F``jUQGcXpT#8D|hH(K|!&6y=OOa zgg)@J-l1N4D0o@aKb?q-;#Yz|k2L~Mwt(3b8TA!nl%KBw+}d}VEq)P;z*~sIG5KDJ zhdSky*gS~z`FWW^CI;;A#qP?Ht%`XXT$ALUv0>= zo8G50@|cUa+KCPGmSF?CC!~eb>#VovhZhJ2F7?!gY z(O{T#Wh-OjgHHhRD#msTspv7pKbr)SqWt~Vwzl25&jX=Nm<;EonO5tt1$|w!w`uFC zRuB?kKI+<8`kx2)LpWoE1@6V~>pEm0*Ux1x$&BT|{KGoDyMn{cwck{kIkRmt@#s1Q zwM;@95{dIWs%b3ol>+mBcmXhENGD3Ph(Rnh`3&2Gl-3fy;(5T&5iX2*^enYWWow4& zyxi(zDjZ%8<&1ty8C&Tp>D(wpWDEW-^97rFtu1dq5p0oEnE5Upmp+w0U-Jvu=WUmp zYK|1hAf5wlEQfjW1dn5BCj&$+M=3i?&-9uksBg9!?H%1y{qoLc9czZjF*r{@w#4028=*o)0P+5c zAVq}5$Tisj8Lxhj)%2mqATX{KIJnQ2{#yuv`Q#UXDEw<`Q}7-)8UfATttjBpb|nB( z>Grk#m;#S&hZvI%G3v{ujFVY+4cy<4=aX%bxWe4LMX$_mxZe;7=vdkttsEKAtZL77 zzf>VZTj{jI$L&n`(RTj021spkJCp9<#HYXx!-$F|VS+v)IAA9J2Wo%-36|uiKBU4D zp1462yuDjUAQkfrb0Lz54=Zy!A^mt;iBNc)sexLNQI}3rxj|f+@p3EuP{)_}C$$Ay zzxcDymCatEbomr89ZLemc}X-1%+9;=t!Yb`>_D1t^ z)~FqBV4K!wQ|=p{J1K(ccJ@Tq8xt-78hFr<>+0AupFwd1+xC4@&FnCc{vLB#du*Lm$=3jGus-oljm|v8(MFwlzPcRsSmD zTsCkd1Z{8+ee)e@W=>Ey-jS{Hh#lEJpF~?%!>Kg)EWWT}kWl!8AD6m(B|WD+CYwP0 zn_i*IufpZD+H@|I!57VkuAKTFIw%kx{af_K_wsSJui5&eXy8M6#Ol+Q>b+Xwxq$(D z_D%dN4BY>*h1P1VSA7a%MDIaZthY!e z(J$we=(a|?b*#W^zjXvU*<#O8&J2&r1WLKlogu$$kuL_3yc4sLFTB>TTK2<91_2L_ z_X09S3kPiA>$eLF7mVFGVTeLYYUSOAI04uUTn9^6*}8H!u1@N-dkdBG(wResd}&eg zm8P%*?wyDX!V_*{{L2haR^)_b5k*|1T&PfBv>;u+Vm|SgN_S zjbn-;@=KJ}c3L6$5+7E)n)c4-vJ>)Yo3;>R2{>w!C{Fi3mR(IO+5wO!i9wDM0~7i^cXL$(bAN4L^q+`!0`- zyu));lcLvX9#NaZBNaU?H~H8BI&cIV#oZUE$LBU|u$no;K9UP4egMCW&Hjqfl*3?Z zTri(*o%|Qcbtz+`iKyJ=AA0)sJ2H(Ef5O|u6{00Fn<~k-p}TQ4mF5R141{lz8Y>Lc zh&)rOzEr1)VDdq45rN9N8sT>4?)5h{e~uE@CM}m{ZkLo{)Ll`;#^@ z{;`HcfHZpdd9aVE_yf_W${fFsnYW{`BCHlQR$rv&vd};2;4A0 zXjeZFC*iEg)$oFrO8BIy60p=pe7p_gty1NDD&p48fL{IRK!?<8aV7_=;xzE>7J`0S$>`fKJEmgab}E*WJ?dy77EaPXOV~ zMeGDofCT<}RLzYAZJHM*yn#QHq5G7m?sdKHTO_HXjYIV^M^13SjPq4;!d2}p;hEeT zoQ^E%S*UJeY&CHCZrnJ_Xit>yq6hq*vjxIj*Fv$-7nv001Fpy4>)(8}QX&LnENoXx zVyt9!_FNJ^6({PvN+Eq~Z?h=c-y7@|Z@ z7@vKq1!-!1!`iaQ*z<1I`s0>)S1&WWqmVnmN}OiT)A^o#$z|D?`!yzXu;ojaFVRVqEq61=KMhUy?b;A^TU9uRDuC~f@m z79<9TH6tPPSef{u2uX_@Qh=||LfBB*w)O*S^MZzOPt2k{X9V{0;I|fn1sQ}{1$3M1 zj&1O#YQ~PPP99*4X4couI~=bq;BkgM`#9<>^kE>DlT-TkhQ1@E6#QKbc8L+S$qwbmPAq!5C(rxQ(m*c%zm(M<6j=;S{iBJAU|Y% zhJ$5dySOK{an~$g0q)`&-bt*l?0H6RQ75;sd#+&o6ys0=n1i39Bd}%0j?-gZjosS> zl#*SCd-X6p{zLHy0&~)(!_}Tq5zxaXtY#EEz=I*#I`LiPL5uHkDv$lg?xNWSI4|E3 zS;4+=30-$qj{tmngXq5d{#voWP!HB~AL=Xm7v&qiT#Hn)Eb$v-G~BD=(f&|c7RLvU z|Ay+>3QfgNuMBXPjY>Pt{_3O+tzV8#UkVP`fr+3vAJ^BeZf1SI9aIg($fCF`w?yxD z5Ocx}FRGYvGI)jZz#0HExe##HsZqY`XdW0jfP(TcE%gwQO|JhPt=vqMReEML34_S) zv$at9{(Lg80(VY!jsR zM2w_JVo3I;_s!uVWJXR8_VDx%=M1zmW5~l-rHLFGdd9?zL}?3>mBTaLjbsMhDB>3= zdYygKknhV~OF7fPt?aj7-TFzT=6(6;kQJ}@t|_JYc^2i<95`Vr=v0mCHIBb3FNO;; zXQ)bbth1o{Yvw11r9_`}4edlktkN;lWVdyEP|=v_w3u{jMem$KXh&W*eV7d6`DSFI zMy(p~QZAS$jEZ^O2@Cjdo40FT3$cM5=8xngTZBzBXKD4 z6&=PJiBT}2wXKV4CgD^5BU3IbRQsTQ-0_NeJeA5QE2(|D$6^*(L}`hIwIFe}oA%(l zzI>()1DBIfrP2T+_tA}Y`uhU4wu3wR5jV$sz8(fh&i5pz{ujCCbr4oQAH6;G z)DDAYEp)g^o2;S~VoCMUWwW5h=U9*@wBLuzpG4tY$ua$mZDyOi;q|8D+spMPqh#2B zbIyef2%fee{a4*B)ZVXmVFrDQORqw$DBZLVM)4hTbO`MSWEAIfUW?i~6*hHNo-8yqO!Do)9f!3W6+5@9_DI;kst65x^M zhLGHm&mq^dt3~^I2T5xHTiv}--W!bct0Q*eh<>w$5~Y{CS6RcS;XO6_#WWjd&vFDY zSqCK%3CQOq^8^Qp+Pm+#^@B&T^`ToEr_ZqL9Whh`3!AG zHp;uSA@Qany1jprJlEH;feqhM&D#c6Niilc&xv#d&D}b%A5BE8Jrg0Ia`JWJKISa^ z%mq)5CFv{Z7)WRTS3#7TC-Q^%9?hy6H0CLvI<~s9-W9ao$yK`Jx(thG zMtR;af-jGsPL&%oi)xF%?%SGs{?R@IB23zUR}XV}&AqxC$o$0()2IY8V>x>JDHDeH z>NO3Ct1VWM@w6(}hS%^~OBeloY9FqFu4}HHpzyksOymy)RM(%%FDpakO8OS$OJLSU zI46nE%uV^h6-vkQekF%qe37QUH$^QaECt=$ByB*Qth{>e=g?Y?KmLfk0zd5zgnlY!5l=INCJca8=_1dqL&o#vmI%yT?*wQaIIS6X5z z=l|>l4)WGa#MoBu`9o=DWT`4Tj3@OwTJm%`8s7=wfo|E`*#>_V8G_La9Kau^xb!&FY62c^Ak>J-L9`TvDbJ8@XwzNA$|{IB!G1W{GgCx%3>Uy2_UN z`Jw>39u2-Cysv5A4>INUcq6rizAB)`#wZHlY={0pvPM@daz`1Ce}XBY5pacgz}bGn zO$yi#O)aRXSQpU4Z%V4oe6->kN1=g@VtzY`D$9=!zX}b@h>oCmch}Vbw_lsKQ_|Gz^S+)}>E9Th$x!9VuPru7n5xeQ&Q5 zO;mp2r+Rrcr}19j!gv*&MT&T2hW1U*;{pQZ1*@6E35LO=qGAARiAFh}@jyj`LX3}D zMn_laDdC&C+eJ|OAV5++>s*(b>EGQI)M4(5%qd`!4wT!Ta$G2^;Ad@+R`kXwY_yY_tOD9=m*-S`V^J#ZB{9&5| z_@xDu_|mmW;5)ibs{7973m2M_h=xOP45SK+buBRLKvgyi0S%OqHE^oAF<@M%9OnB7 zvz@S52=o1UEq&xsa#~?)UrqAiTR?YRaf!9%`hZ~ul8R)*?~$h;<01&oC!2NakV8D3 z;cs=RIMfQb*-V&hp47b#L3mlq6q9O)fk7vmwTGKStSc7($NMu)?6Wohnl&^9rc(r& zl;>XtyQ~(^>lisEg2V^J7D0kGY%10b3-T4Q1ZVpjS=g%wL5`R2Q+vJEjqGY&>iowV zuAL$;-72M_{8OWSQlwJ^tiQ>O1~`xDN=wDPdasQMUHtBzyFns1mJbB!;){@Zl;aw3 z0)O-+1_4!|FgJLsGJ@uf@3GF9>(TD3XGb?`^fJ_HjXkYmB(h5^}6Pdz(r z*ZW6u3+p7N9YOAF4rK3yz{yTMnaJL7O#C&D$$*@COyB7zmVv0{ z8>DC^?F&AUMCQvgswl`Dx498ro%>_n|66E2~c=xfGs9{;a?G6SSM7u^DD64uk>KQ#x-Y z$yjw12hG<)V)==WA@rA|Pe?xRVFz5wwX4;`B8{SOOyypCe9eAB^PCgsn^aUvY(Phc zrK_FyK1;tBrJA1PCSV6)YKnUzG&q6k^Ab}-gHhn~(sJgLva61Tsc#CU0cZAvtcIC# zNk=yxaOQUIX)OF|L#cUtfaS?ukKi081Wxi+%2mRXWXzknrOYF?X)_zsjn{*te5Ka3 z>goJ4Kv1pRf!<=Ii+K$N63S7vwI%RW`Ko;RTef3ecT$v3{H z?4C)k`o6u+G4)fX%O48^-wL#drV-GzjA;fwWDNvPTU$5^>RIDRGHD4Zsc|Jyg_bm1 zPpal(JHl(xdS~L|f7?ioED(&1kzGtCYatSSt-Qu49Hv3)ub?F~RYQq$8!3hn^-yX^ zZg3I)D;7>~m7W$p7O`*=MXJ9ZA3vriqByaf!799`R#eLO4Zz}2;YGy2w(MxH^sJ`H ztq{TExYu=i8&@G&XmKF|M&}78);|MedzC7qZ{AnD z??ar(<2Y(s^UnL8(ap5O0-H)Qa}T@$S#%O{e4ZC;tU@09yhHvcC(t2hgC9@A1xUgl z0d0ZHe)GjMGVxT&&*TZw?@S{k3UM#lE~@1O+SoSVa^3I=o@z}ZB-^K|Js(SuOb-QD z^C>eenP=0E3e;4~n#|9adhuNn(`X@}jq(F3_X}6jM@@B&_3W{7R+@~R#+P-CIxObh zX)i5ljNE85Qw{;wnxW5osS+LjUg_>TeL`z1XP8&95}vJrP7)|2NI-S<8fcFS?u6{W zt$cqZL60(_oNe+pySH9a&;7VpnI7E(;C5)x_HfL_Za01K`IM6S%>DX1)cl02+_SCA zaP3DIDUxTvqffWke0gRdW~7ON)@+rA=pVW5$|qn=G4%9n8E>eWUGk+(nAJ)+&T!H% z(S1gqbKZ)Pwpy9WaXd$NSxX=g5lrZy)hZ|z`+~H&*8nPXb+qZ;rgzUHRdc<}HBQWN z8QE73$@F=kS!v5;Il;73m;g+zn~YdA_*Cb|?30x`-Es%+1VHwWU)6QE;Wa(7wiriW z@%nS@Wy^JW?aqn>#SXni%LDciFfc`?P+$Uq{mvdTEkc<&y_2R)$%3dK;k?D!p#WxD z98R{ZWkb~7Ok-$=4b89-lNI&bKB1X|)ni?mgW;K91A}4Sdz#G$F3-1u^V!LVkL0=L zLT7@M^)d?0dAe)c3`o?YHZdhqr&@ z1}n)3&|IvnnOobWrU?#qM5gybE;G4dNtasRU5v=w*55$lqvn&MIeY+NM<3e|e-?xtm1d9w+K@2Cdw(B2y!6Sz*o? z{ArDy4?*s|wZ}`BwFFByB5?^1o<_))B^|DI2kb@PrV8F_$pTbxB{D&NqH7RO!<@w0 z$(ih#j7Lcn-M7r0$-$lhy{Da8NkRgW(Hx90a)^gk zy{q~+pj}cqCMHuPv=pA&u`#)>^EH9bYA(e|@#AO~T)IqDz@52?F0xJFVL#j+6}c~Z z(TR;m$(^5?$4^ncmbs(jr7A{!vq)?@Ia8n4nGF^@d$&@pX=0Gcu_!0`de0jKRJ8JW9Rs7~Rba`g zNblMgzK4)1qIEnFgB4)-^>NseI}mF;06HMc%y~eCwg1R^Omz;)yIP?$^=wueFg_YD zRa=iSuIfOb7e<)T!AR5uIeAl~Y>`-BblrhfqJ1~#%0K&~At2$XG`6{=8X z-HjooS>?oEj47$?Ie`OfCACv76vw=(qs%6$pO19>ad@iFmoN zR^1BW1*~Z4S|R;Od9n5nE+R#i+_3CBJ_t6m&Y!!8VXQdMI*FzXK%K8P?Yja!asKt@qzqxoT~$m4;Pg7 zcN4Ttfyup>>Og9lwfxzm#q^Z1&Cd6@u=m}wkZW(CGwH%e*dGp z!BRj&gl>C(+dG8`=TqcJZ(fvi6UwG14E3;OQuHh9%p6~iplnN@S%lYa9A0iZGaZrBfiXUUm8QOWAY^t!^jM$6Bb1`8>6-VCa+7b`xsa{o^5lVbO^lZhC!F?qjI~CK z(6?v&+a#BUJradWF}6kZkjXq6kIodSs&SMuG)hwFYPNJdWK=Y72$S>3g=TpY{jHkI zV!4<^Qh<12;JVTxn$Kl2hZ&A4Q!BC2L8C?vU}&-RxrpI5ly71r?;Y76Xr~c)&_MkQ zA}5w{9Sa3Hfj~%514{=;F1z;n7uujdlD+hJW~{tGMo_BoHl z!-=0Fpf@gWK%%9J?^c%^Cj`*udaTgH9Eq7_7;{$@q<#{opYY3%8W+&d{4Wq(ZkH;pZ#y00-h7% zG6-Q+T>@|fW?cc}(#M;vU9Su?Dl1VzJ{vdV+e(=-(lv!Y)_Hr52FjB|h!W1Wp4eg3 z9SDBT9+^PSVnHaCK6DHHZD{duu>X%_)jWKj(JEC_yK`g3JpXhv?+d^eP1z z>}KObz;HON@>Zl$3WzmFD;pk{Nh_=!A~;Un1aH5<3(HKD`F64p*JBvUp6W1A8BWXx zf}q^#6RkrVk!(*#q60Df%E?L9^QLVRsCv&_Gas3)Y8dr(Q>6R0MaYdae9soTan<;^ zlK`EqOqB62-}=+vu6Vl2w2u_?!=1lf@8=&||8Tdvb04`kn11|=9^0>nA#I$0iHKwq zbLftk)-0x0P_@~Yi?kE|!DxopoycsN_Txf!A`rvJ53sjw$t;w6d9X-``UIe)?SoMS zyh-?+)IqXUfhB2D&>Ah4r~1kJccttBfsS-Zz^RRq%;u37m~{6KG@8lzC_dKJ?#QoS zsU&d3ttXt4k4v^YDZg+RF)>7{&$#+eJpUYZ%!XemMQOm>#?Rj{;#9R|os-yM2od?> zf=t=kxi}^c4_bU(1a|gnNX%Hr&iT zavmo|?xDy9y~;+LSdFuh=w-Yp&3K~LK_PJ)^puXm%7Jax$1J|l zt-a>EJWbam*6ECvC0BcCtOMXWooZaHS|d4OG4l;%07HG>&{`NuKW;mKNWd(|B>N)a z>YV{3DOiXi&h1g!?9bjn;|E80r}+Rw{SCE=G^HwBuKO~Vq6hk0gvJ92L){W*f@_EEE@`p4v~&~;M6 zJ%Yum+hhU5Mdt}C-bzE6CY`mQMw}~@psr7wv;535XB|v8!(*{!Z$L{Ii6DXE^(N=# z5Ba6J^vSJlcoheT7?9e( z(OXKN_wHdAPwLhl;Dnr^);eP$eVq*>ap-&>MjeezhB%)26Emnq4s01{Y4*0LYOy-t zc+W&F^MLpBNd1F3hoX)au0h1JE#LE9(wONP?36dF*0_)1==Z9@!TAbQhLi`&k>+dc${~* z;^ZGhcMr~G2uc15q_*(|pqsBeEFLE=ssV}Rk|_4+n-QtnpA%dk+)qdbybnrv&j zHPyvNHv5UddS>It#|&pt^r{SquHWb1K);4fLr*x%-et*^Y85!4et8?S7mW9*75_R;If^n^c2MTNzgt5Og; zGhVj~VnJzIQ3h54Ns7U9&XI&a*R53-AnkH#R0!1?DL=3e>~lFV@=lX z#$Jt3$ZwXQQEY#tR3+EMwRv-IYEBv>s{Kx;Z!0n+LLlZXI{cytslsL8mx31jJgmPw zt}EHSAsia*6U0!qJ5#vp$Mnp2w9uMBR9rft><4Ani>F&c1wZRtfZI_Vf`iUbE3>}4 z{<+MUH1NJ$3y)d7B6#E8F?oFkpth+QU6LyFuV2>V+@n#jS!!TMFtodWrRT@jAF9Db zh4lx^Thh$Gf%NVsfNM@nF6%>zy2Gv5GGKbgsc9a}`TY>h5(`Bhr~qUv9bBSS@-^tc zV3UhIN<&@kan?q)V|yEX5tAVu`(pV{Y}Vq3zTa&qbCBtCP)%6FYHtpMa~m> zL5uL07r&no6YiH5Lh+u9i&-S%bsVZbS~ps^UF&4h4$qMM{`CoEz$O`g7=7!{Dh92c zcmX%x5W*9d&5=wgu{Lje^nZ3K{1NU~PWk`3a{st4=6By2U>Zx1k2fY`9~1J4)H>`I zKl?a*?!Glrn`xhb`CwV#yEq^eDXw`8FM6;f3iSH(>~?;lTpIQB0TWXO>9Uuugn&cr z3=iksFJ74UYRoI|$i6L`MLG4%!4-ckt13x%rTew%j(IP>__MGjGe)&s;-%(giGKr8_@y7lEsIV5gos$ntqo?fBCkJq?p_Y1<0x3@@z1dhIo+!3<+pdI zUP+0-*ymtE95tvJiu2aEaK1`d9zQ~{lqa2hGA?_X6f^e@O!At|pZz&(4=fhv{VC5E zeP66OoC9iWyTegh9`GVO;0PQa2d$pY^+pP+g-Xh74rin@d}q6JketP1|4Z!Pzyp#B zAz-FD(n!}O3saft2W^(~&92WQncGv|PX){zSm&UA3k{&j@TmlF%HF8Hyf7$r8u|9u zo%CPC!-8OF$To{aR+SWh9~cps8kIkN@$d_ zgj)I38*SU5vo8EA0ca9g>a#A()T9}z4}m)e0A_^LgRSkKd*m@fl_x*OQO%t(f&O0w zrGHL4|GEI_e|yKjZUOoID}MbanO9@JW+ig_W5582@cYAe`9ORKLBtm3UzhwbcyY9v z{^{0uPatV0XN&)jJxq8MOn8dq2yqEg|EyQ?iT?fqKja%dX+(v7;5NOM4?q?V7mp%S z#!N%;Y{q`&Nkc|THtZ7q44#4_ENmYtaG-O8O||$grf-F6UOVvnJonj-+u23`!f-is zfFC4R`9l!aTe_L-N0Pnfs#Tq$X)euig-oN?D=^S3iHu1qq{oEgpB@lH?&B#s8ioS= z;PW4F@CbK*^MC$>oXkRz6tOt|%}KTmi5zGxe>{#ezjCQ8-WN~PF1)OFSSsBec3GD$ z8_#8J;CwA8o3`FApxbwJett2$wq1DoZS7S|;|^Vt9&4?@(`_=~lRTCVdv<#mSwf;@a*Dw)&+B%{U#B=PP?sZ1z-OY@ealcb z_*xs7m|gD3G)^E=ghe3L^KqxEu4%t=`?R}S`zkaLr7YsJrzkH!qZ#Gh!*I*|dYGL5 z$;03iuvysftZs=-J8%a2T%AhB=1uYDR}PoWGL)z_)Vqx|qn*jZo{I(oOOtW27R!7B z<==(TDrTffL{O!pVC%{-vj^ZZL%5ivT`yMg?B>dsy!Lch8S6JRr_oc{lZEs+aOH|( zq)CE|uz;7-IP(Hi3YWE`R<+3g*~|a-mHk?>IROu`4oDo+#kAsPH<&Lr!CilN`mAa8 zSi%c`E9%DBXU=pt`6x~FQhItQ1vILmc$I$kNSCV4u*+xru`Q8D1)f}y$##eF z!CjCHLg9;*uxugBh=Exzu>Wr{^XEGQ;ws4);pSi=aPu3I&O1lGQw8Vq?_V}2@u}0J zb-sVqamhCx9~qO?Hr?kl{kfoHx{-2})^>IF5r;|P2YAjjJy2Cg+O&Bkl1gSXera6oA3KD3|ASq2_oalM!XXB}EckG@ zRpH>v5e%})*0|J~$Ub)dH?Z~lyWD;FOL$Z~BdtEk`*r+?(yAcZYhCnrp!^*u|8n&G z9Vq_kW-jFFM~PMltk=cR7H6^52QX-x=q>)Q*2=oc~2q{Qsad8O!IP z{f8I8UohjZ5BGOc@$U=s|G`=D=I?s;?|SyHk^BDuUHwY8q#@vh@zeZykDnRl6V5 z?_2rUbpN9+yd6%b(P!R0w<;cPgP()149>$s@VU0WHnJJ&h)>K~O>1pt>kXv~;^N;k zF&0H*ac#GX**1gTsxH&fRgCmZotV)Y4`JB4l%K1<+BV1m zc_g-9Ivp1=aB`7(@Y&s|t5d zdf9>}nw@ie1i}Ynk5aI;PR%OGt?LM-`|@^ey5pmh+eiBua!miaqJKHnfB#h$;~QyWhQ0oAmj$@1wAF9g8KsqR|53wckkZ59V(E6z@_EGRO&dR3UFBr8 zUO4_7(>R+bv^f?PPrK2E_I|5xSlm-R?jiRtl@JZ@xkZ&b&&mRfccztXKp-}R>oDe( z^RfNdg=1m82G8n>A+Of*XMo*hDKFMutReZCq%n6ju1-%h{nMu{@IN_ugd{vR8}s6m`Yw0y14qr`ZQ`hY`2X3BD?}?vr2vmY^eTKW~F=TV=Y+K)Db`#%1c2AFm z42hhs_x0&j&R*&@Hd_+lOZz@jXUZR~D!d{AvCM*&`%Gu54os)bDAZW8+Dk}s zaQVtQTdDO$DY5JRqTNW}t$1Pm<;NDIu`K~=nYb8>s>Sv#TNO3^i?Zv(H}m`7wOKzt zPIzh5{cd6eQgCrqz22S?%rTk5L&$9tQ8o`u!_=>G{`-0H??3Udz&FXX5v{*aD~hq4 za~c-VEC^$&U(B|fZdumg*p(~l42;*5#6!i)7nJt645V#8i zM7PQ;+;Nt{5%T<2>@fJKP-TL-x^?04MCG(__O0hI_G5cgJST0JJr}*2wI4%cPh|No zs>&|6_VR3Q4n$H%_xt$kHQk2l?GGFDqoVxMQ$u(t(1~AV@f;oY6sDbw&u4X4AMg9+ zf+NxIx7JTE_0&@0sf}wLrV^h7$l7w>sTMo3>xfSw+JQ&w@ z+_h^B1;?xG!#XpVcDHP~ zf~~H;c7DeGjDPr<8H9HiGICn_>ZB_(K|VNk?4a~G`Qd-k3GV$WR2xNqD9wR}M*<#5 zI@<=nNp-ZfV*>O5oPjAW2>0~g;npKseu#*gphB|yl{k=`@#XaITs_G+~T zF_8ashF2R5LmxxGIgA?_4xne!U4`(rgy`N#IS6IP zg*i&HhJK!-l}IUqzKLkZ8;$a#H%I3I^IBmKF%nezJHckp%}b27(O}lp!CIc@J-WB! zgx_pf^>%(1=Pwh=a6zdpf3l{wAl~wu;4%ED)mbSKH7>k`&4*@qJ^smgvNe`_a$04* zJRI#XQ|Bd?K;0iM^}>(HSnbtBzGuTuwjVcc0wI_m_hfMp}=M;?u|EqKR zUye$I4}u=X?U1m7+Qo|T=7;E76#13VT8)lUvnptRv1!wVOD4ODT2*juH6#!MjZuB+|!y*1D=e*7K*4kn8-Yuwa zRXLkR71R1^*HLM2H6G33e3--Zd_QV9-f>oOmt&B@D6f3nCD-#!{r+%Ifw&;g zO6SL3&iZ=I%jWUK{KNAD=5%z9nY`{k5~oVPwSMdiDVU}?EPX2<12%v(EH8GG)jc4< zOJ!a%nVB0m;n==Oo#FV1=<8ttUPJYDx7|5bYR=hVKT<~!52TyzYKTGYRbiLe^-8Do z^V-69(%`zqz0I&Up&xP4PS4j=hu15AoK8-X@2OdB=a1a@4dcazzMHnJwAZldqRc7j zNEQ^}2_|;aX5TdyD0R9#P0%g0VNhGauBIsN;B5HuHi#gBO7_PLLBo5)=+Fr%!m*@% za;RRo?D|s2L_>v{#{0(4$D!>SA-vGE@esTrM&0Luv`&t}vktSg=tMPI-9Em{p@NjK zQ^(tAW+`51k@=L-y6I^Im9(U$>t$d*eB0$Vn8v(ecieRKt^C?h2eB*?A;`pUmc^jS zKqdIl*xfa?PZK(_m!iN}5D=p*S*F?P~$$w3qcIT zaJQN*o2bli+q^A5)^K*;IoeEc*^{M?cXc-7^q1zi0rBYFn)1T)9S^o_mTH>o&f3it zFI?*;3@u7+Ic0jvf*oqdfA+Y$=_qr64!bgkJ7vw4gI(r%%+d`*xl_8WD?PSEmODPg zT12|=bt6={wDPWS0hoT zHy7)LkB?lcNo{Xo7%G$jfDVm=S?X-|R%q%HjaQ}PfO~d~X5dpTjA`sb>tR=|=JEDK zAv+Vk5y$h3NtLH$cnnK*4sA5D?(=RKY4n9PJat#Ix#?Os*+<=Az-N6o?{RcN#Z=B1 zn?G+HWSu`(bv3r$EwkE=U>^^oM&sMY)`_LHlka~b5`%~W8DMWiTLy`9AlvEAK6kQS zI3jbs!PMx+mbGT1XkeL-Z{!)E7l7~ds1qElL1w@J|l8WkF}_wAWGD)$5&x^tesGH6l5S>ecZrJ5>irj5~41f3kZm zLmQ84Rb5SH$3_-B9?T_RFdx&}N;Vl>8jnERqSuyHicBQWrSFezXQBH-S*mM2QzrhI zY&xKqRO;xvOY<`8zdc*m&9DCnS$X2ct2J+dlzxLIDa$p=sJ24%;4pdca>HnWV!j{FON)l(c-LTWQR4( z>MDz;+c-AE#fYWI#VizdmLRsWvTuADVg>dENpjnn8mTee}c?BKn*I$nris+U?()q$^|gY)Fv6>&^K^#{9?ImGqEDBs80 zOhhLUh9egZKh}melQw0DuSUp+ujVRM{5;z_Wk1E8PM`6PXmcO6s1=!f_k8m3Lyj%NQ_$flrj|sR04dCU3WZ~f)}K6AKy8NYN{x$yjUm+PU^=W7$k&P)j6 zr-jFJ_Qj^}s2rl1OJ3zST7i>x;>NlwLDqmyHumc&Yl=-iyOiwn+;L1!MX2A0;j6Wc z?{e$i6w1gT7WOwBi!$O`cer8A5X@A0Y)qU};Ppi;>IFU%ozk7PhWfp(vx%Djm{2dR z$A^#X_M+z41&3*$jol@B;XzxPJmZWA>0CYk4x!_yPG~@l&5=4vKYc};wZizc3$p7L zDu<^LFB@qx{vx1SE`Em%;;o<((f-?f(HP&W>f9d&iLB8SzSrjXJaaym`UsHUVsK``#^oyy<9m6CUdJsymyJm@LXB zh87UQ&43WXWI_<7W>BPmMJ}8LTpR4g9`@>?HVsb-JA*{T2>QfkWlfK^dpGV?ML93( zNf}4Ri7*q3w6G<>66v$H;@gmx!i}&a`3JIp+T(Nloj2MNi2spIcf~js-G5&17w(CHoYI}PtqPUJ6is83st93+HZs#xz zu*KLtiCg0|CwM!T4<ZGCw96geqi#8WWv&fUo9^CEyK2LFgWZosW0fT z<5_}jt5^C;H@pF`MgYmMyi4msjav-2N!zX@~9! zot`5D;yCsxm6|N#_*Zx4k<&$eL6akbk_)wN!s%i*5Xjr()n`)>*}%1};d)JdHlR=X zy4R(i$KvJzuIl6z6CbHR5xpa5EM-wmU4%NNd*eDG15t9Xs+zqnd}hg0CApOS`#zv; z@8qz8Zpseb`OBQBqB-=&-&_c{%MH3IygRi`;+g1xs^%)0DbmsE*SEq}S||6N=C?=S z5s&wIU9-JpUq?2aJk!lyn(S49tmeV)-ZG2#R-+(AUwhHDM?3YKYyVSz!fX=JwDWc= zuy%ABW@1=H^hlaz4>s>9k^=Yb_UOR_OH63J1}V6`i)3Z*CaAm0TE{vNgM8pwd3@QL zM&8!YL$|8=y{)#z%(=IN;=Bgw zXZnjp#MM@bZ~ePZb>yTk1n%NqqG4xEnI5t~w8b+3R(%{Nr@U7s5$h4QrdnM%md>sS zU39Pg8nzekc3KQ48)KPe^rS+@6!8ev^k zu)p|>%Zi4zJQD?sUo(%^IgqAwV!|BwYsQ}7Bv?}Du85TaDmxolp)=UGYot8VK=@{a zrQycEZ{rg;)rBUv=iWc;W;tIpJQl!HvbUr9@BT^UNPl)mQ-sUr36tX92{L=|akCQ7 zx9M}TkSU>Z%yMc>0JTD)*eAsWneRzGU&|i6vZUrx+LD^E!le4d#Xo2cT}&TdDc0hY zv)~rAATvn{_okBOgqj+v^C0anH#gV5Uci^o#RE=-qb}-&P2_&6XyoV8mnDSoSzQEHF4Xt+OA@pKIsQy?W93-i9e5!S}C)F!SG3`c8ZB+AQE-gakuwb|NRN0|tJEi2D6 z+q1?0O-C6$8y~q05p)eUr2!aJ1TUP$tDNv=6R?|P8Y5<_wJx~tTp2TOKjlsw1Fg&QIq6NlG@L5MtFhSEwOZ0 ztn9CtK1~}?7kLuCemZR85)ULQSxv<)rPLim&VGNi=Sea^AF{T8v&bnKGVovOQ(feh z;bx_4L`It&0yvc4IwY@Be859e0~V5OGLT6GV(hLbl2ivRJEJit9wrz$m5rvT3rh$!rp7$1y-;5ZSasU@ zdT;QnD}@oh>Dc~2blBwhDzeeYhOjhlIgArj*4hgM_S?+joYK0N-7b(P@$tTCTE)W- zi|ftLu~^tKE2D{W69c~^-YS=vz&925X@36*;al=*n)dPn=2>S&sy#iR_th=HGg+;& z^M>4Y8W1-BRc>j%#nDRibX`2zmvBn|)uY21#cA3OjaLr#^48dtQ7S3>G)(fw+3I~X zKh2i`fx7|sUJZTHk%8CHNB8LcyI%rWN*6^>?qBABCpr`d7)P@sxx+1_$SsmBLw%dU ze2vXPFkb_>rm+zwNsBtMENkC2*rP)6dfxAJYVa5>Q^&@~Mc1q4PQb**^mKXcvP{B? zUobjYzt9Zw+3SJbemy%_<&#C(QLhr=*lQS6x*V@!;DDSH`Du+^Zi3Rz6QDAg>PpVdpnxsC+mO_m zySxp_DE$a^U1KdEXJ#$D)#Y}?3Rn{M@wzec+}*agD)KN+e7y!&78Ki4jQjj$;hu)j35Nq{hrX}I8q*u zY%Cdh;Qhc-yL7nsD)Q!&WWigkFgCw#yQTIupjxtS>-{wA(5y1y-8~0^3%25Oo+|37 zjji{6?4mK%2g_mC$J`9mPtDjf@K{$^r0ksAKrZCH;u(u3A1%Fab9*c{IZWmKmlW@R zf;%L`n64ECZgMEh7QK)%u2 zZCZVN$Yxyp`bNuGP`l&U!;2#i6>_-Mg0tCp@VfJ$}=u~ z9!90M?mk*FS3~;Ae+I91LDrnjiu!Te8PDb0LiW;wtQUQ&44-I4_==sStv&MKDXdrG zLvl$=firmhGaH3GGIl?u+dKKXYsqkGcv=lMCPw zIiOE(jD_)?#NJ8^E4#eRk-98BIU&x`|8nuECI!Q>17$-Bw_7<_o>SRCB+)Th@8pww zudJONdx^|^GslxlL}s~i8vlsbKB9q*Z8E_ff529V8n+l|jrvWy(8>(z0(sYa1K#q9 zhG~z^bu|?{G78+4e%>6msaf*sxOg8J3aCrY%>rBS<+aNbTv4>UJ3OCN?VtcJi|`AW zH$KwfKRRW)Vqqb=IyK@R5pn-p<-Vt0+d%{WY$r&S=2U2NJ+!(0oh2XIT>pWb8MOWN zziz~w-GPV#5#{rOFzA5z`(Y|%Q6P)*0s8?F<$YSb|H%iJ9z$JaO=bz#ghu%0;e(nu z>xwm(zNnzas%TPi0*RCW{@;nuaRo|O)lZ^lcQENJ0km!oKeslD>U)%Cfo)e+^xm97rL`vzAb5#}jqu7_JEx*V&CSTg3ll#%8$cDOGjEp>- z9Z$ZJYuRq8si^n4C40mXhiS3Aq432dji<8VPVM|Dn+qy*O4j6Nhk(uL_2RC$TTAvW z3z{S3!uQ3x?&liM1k`Q~;jKHA9E`S5{F16A&(6xky5av~29Mo8U3tt*#b&Ze*SEL{ zzv0k_LF5V5(f(&p$9jJyIy^G@<_nq{4#W*HmA;qF2h{+RxH=aI^xc~Qf?|2 zUObav1+K7g$=(-MsE?Mz$qRYfR(nOk)4VHY^=pK-U%eJ8AC(o%>#pmO8scGZ3CPBGFNt8rDdFp9ntY+?Opphdp+i2 z(9`l(7{qU!zDHEI!~+ral>MsZ4x;V>BI?$8bNgCnaDx~8E*Pb68=5+AUi8G^sNwU@ z`qu=}!#AnsA~}8C>|0wS`ZQgC)ZI4m1;BoV+amwnFhyId zzmsshk~hSd=*(VpAb0pd0$p5M$30t8j_VTeZg%fR6)o2vO}6b%_<3W+#M3wIk*oK! z@LKw=w9m@n%{t%Fhx+dy@9&?y!=tidm4|iRmggQI72kDuUTFW{Z5AGDKtr!BVBM^hl2S?jKYU?jC4dUeTmnc|D1(0~^rUxI@64Qen4KgnN_LpWq&<>Oeq4jwsNSa2x9&{GXv@8EZ&L#xs}>LlfYP);{M!~+;Cb??gsJ@3EOi0xGTJ-4&l z(n;*&1St;RPc22LYCibfI-sDg7Rjn=7EQH)E?bf;>Vc<^+Whb@bCR^?%@5D2CyiZihxvrSOGyHML;S*tbm}9A|MqYRzOfl5s(THDlak3Mm3o0b&INg%km)0I}l#85HtmF!)zr z?Yy<`*WE`xd{%k3j0tqQa1Me0XAFT@0i8sK4rN2<(jh?;CTzaDRe9Q#cIvsUU$;?o1bNr@89~8N~kXs7w6tXxTb+c z?{>>9d+-x_x@JlPnv7| zm_U$~)jW-l_Yyzj9&LJQQ+~6btmYvz$?e_$EK~YUCRh5C_tvd)KS(dP0;@k?kllVH z1`(;@9<%(kB;=PO{3*dyYu>zYN9rlC-tv!Yqiw+lS+|-(fhCaGKsca6Mu!UUQcLLeGVZ zo`ZKhn__V@B?k1~qvDWHXJKZ=q>j;T*y{K8?)+V)s+8xgj?(&#Irps>NM-kSyS|$#}B{+u)s1b3=L8)XnxXa^Zs0s_=pWK%VJ{f}t8b20&x7Gti8CTht=y@V zQ~mbXe@O(C>@j`zdO3_Zm*xQaHy3cbo3AqQAnW_80OLg{;0VZ^I#<-cTpV5%Dtl3j z30Gb}J0U~Li*pnBAx3Iq0Cy-pQRpdXo)Y&DqwIk8O=3;n{1^Nds4iLj@aI&I?`K!l zm&9}DYLN;g&|$B##LfI{OfLr+1N4wPIF1xms=Va(*SURao^a%^&s>;#m@l= z1DFU~LINMFlE=+FF`$%7R&YrV+p^|y0F+5j}2d~pU3LNTKet&V}=e{Mj` z3;%)Fh++s5cApr6-Fy{d`1R}qAEuf>c2k(rCUQUPSHxU8tQOPj0e92S^=<%ivr>w=~ z`f*dV`VAP~4E)`bLKMTLgdS^ulbanmv_?wX4+&KTRcER%b|q1Hs z;1GXVWnx9v_W_UwC>Rq=Cm>&1+c+P4Y!H0?k5AJkOU`4##>TPlvdFe35(RMg0lHjD z?r0U8C{qpGjDr#V3<>;U-Uy+9R1@1DTvTAJW72bU1$dj>he4KI(71l=zB-%2D`gq> zoMDluvqXO^zrf*7ldqSG^~iJ{Zl=nBt{Pgp#XV*XVT1s$7&v_72B#}$Vw6mNt^3Jo z+$p>18`(`w&R*@yeKR*oSd5DSv|NM305gN9WG8NqWlqkEqsu67JapUDfNWre?dW3a zcc?Wte)q9i1o3*Icu#TBy{)i6mU&m;!2~GKl|2i9o*yXQAnw)GrB4)|7BtU4nl0~e z=Sc;f09W0~=^Hw#%KW+Y-ejKkCwne?$UPvzoh|f=;kZzrE^C|Z3JwW$o)s`7G5Rwk zQ;cU4LPo;EBu+OkB4KJ#LGQ6kOQxp8S3Z8c2~%%e%&YS;XcL2euQ+O#lruAHSGkYJ zMw7sFB@Qb)p~22v3Inm{-tTBW^XQ_6$Fe+XdS_&iHTqM^nQ+kkanyu`QR}_X$%^ut z@ARVPvX{BGrd7u?uJXlJ=jCl+S>a?ZJq5NfKqnNGq4GCVOZ;C_+K=dJwtNB3Fa>m515A8K+rB%|^+7 zWL2g(@BdMfxm)85LUJkSOYH(DuEB&y-?2*?a3?d#6OBN!eOpH`YPq=G;kD7~7h(7w z36aZC3@bQg=y)l;&y>6-VTD-bRqy1uHQX)5g>M_>YfB+%{5Wc>Fmw zDoLTvuEL2E+(_V14)T5QaFMD!xzulhnvwQZf+6&GI+mlbyA*|L;F9oY_6 zj-24Zo&s)$z*!8(N11ZYR2#Qaon6cfE}{%`&}8OlIhqSMnf<0 zpMAe$#%VOLhnry)ET6D#p9 zB&tife~uBnbawg^4g*@(4CfpXPwO*>RVJOy`o*9r-+L3)MBL9cacO4yc?hl(6fP7P zHD_ZR$6HDEjLBA2p=7~*&y39SBSc2S_@QqeEPQ2yR}u{#z<7?Z=&#(&)!&}HbM`BS z0EH$K?`{w;hqy=?-m#$e(m{Whsx{`#ZQjk)GK^bjV3ZDhbG9Ix%b_7bcL3>_V2UxQ$_O)8)yA>1z)9RoaVdJEZo=vo4_$gc6dLoGY}pPE@EBhpgWiq z*x-j6-Yx9W=~0d|U|-AQCD-D9j9(#XRkrGs&im2^jo^>IfJ< zD_-mz`DeOL8nrVVetebJ5p#4Zv$Uon3f6?>HeRE*kF*Qgr~E#->;Tv4nv|LJ@SjW@ zc{6`!W$6A+cFt)h5!(y6#8APkaZj)ZbgsXEb5cB%X9rf9EGFw0JAm$!5Y-fjO*h#b zIc1RVL%xy4EvjT)8)!Fj&2q^Gl()S@vOIp&$T+Wl_WEmqh7l^Ks~bxXZ8$nw%H@qV zXNEF4Gej7RS~2GV4XFS@mgrBT)nenbWAT%yCk4&z;9}8bpHs@DPawF@G3a(q3DTRK z#SOijC~v0PrOn0Ia))`R)jK|-^^#dhIGn-_(vE;s4$ U#OE-+0{-nYxBfNz7x(l31Hr715&!@I literal 0 HcmV?d00001 diff --git a/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json new file mode 100644 index 00000000000..cd2d45a61df --- /dev/null +++ b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json @@ -0,0 +1,14 @@ +{ + "attributes": { + "description": "", + "title": "logs-cloud_security_posture.findings-*" + }, + "coreMigrationVersion": "8.1.0", + "id": "cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "type": "index-pattern", + "updated_at": "2022-01-27T08:10:19.277Z", + "version": "WzMwNDY5LDFd" +} \ No newline at end of file diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml new file mode 100644 index 00000000000..58d7b863dc5 --- /dev/null +++ b/packages/cloud_security_posture/manifest.yml @@ -0,0 +1,57 @@ +format_version: 1.0.0 +name: cloud_security_posture +title: "CIS Kubernetes Benchmark" +version: 0.0.1 +license: basic +description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark." +type: integration +categories: + - containers + - kubernetes +release: experimental +conditions: + kibana.version: "^8.3.0" +screenshots: + - src: /img/dashboard.png + title: Dashboard page + size: 1293x718 + type: image/png + - src: /img/findings.png + title: Findings page + size: 3134x1740 + type: image/png + - src: /img/findings-flyout.png + title: Detailed view of a single finding + size: 3176x1748 + type: image/png + - src: /img/benchmarks.png + title: Benchmarks page + size: 3168x1752 + type: image/png + - src: /img/rules.png + title: Rules page + size: 3160x1708 + type: image/png +icons: + - src: /img/cis-kubernetes-benchmark-logo.svg + title: CIS Kubernetes Benchmark logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: kspm + title: CIS Kubernetes Benchmark + description: Check Kubernetes cluster compliance with the Kubernetes CIS benchmark. + multiple: false + inputs: + - type: cloudbeat + title: Enable CIS Kubernetes Benchmark + description: Collecting findings +vars: + - name: dataYaml + type: yaml + title: Rules Activation Yaml + multi: false + required: false + show_user: false +owner: + github: elastic/cloud-security-posture From f7e7d87093b73680dc401424abf3e564c0189d1d Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Thu, 21 Apr 2022 10:26:09 +0200 Subject: [PATCH 09/23] Fix pagination bug that skipped events when more than one page is present. (#3140) --- packages/google_workspace/changelog.yml | 5 +++++ .../data_stream/admin/agent/stream/httpjson.yml.hbs | 2 +- .../data_stream/drive/agent/stream/httpjson.yml.hbs | 2 +- .../data_stream/groups/agent/stream/httpjson.yml.hbs | 2 +- .../data_stream/login/agent/stream/httpjson.yml.hbs | 2 +- .../data_stream/saml/agent/stream/httpjson.yml.hbs | 2 +- .../data_stream/user_accounts/agent/stream/httpjson.yml.hbs | 2 +- packages/google_workspace/manifest.yml | 2 +- 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 77c6fec1a31..b354fb6856c 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.4" + changes: + - description: Fix pagination to prevent skipped events when more than one page is present. + type: bugfix + link: https://github.com/elastic/integrations/pull/3140 - version: "1.3.3" changes: - description: Add documentation for multi-fields diff --git a/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs index 973357f53b1..0f8ae6142e0 100644 --- a/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs index f4cd56a3411..39433017889 100644 --- a/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs index e7db1c71787..d1486b825af 100644 --- a/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs index edcd159d1f7..3d83580dca0 100644 --- a/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs index dd1365492ee..c5e1386ebe3 100644 --- a/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs index 872b3c6f4d9..9c4e11a5fea 100644 --- a/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs @@ -12,7 +12,7 @@ request.timeout: {{http_client_timeout}} request.transforms: - set: target: url.params.startTime - value: "[[.cursor.last_execution_datetime]]" + value: '[[if eq .last_response.page 0]][[.cursor.last_execution_datetime]][[else]][[.last_response.url.params.Get "startTime"]][[end]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 4b70efeca05..35e8d3b026b 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace Audit Reports -version: 1.3.3 +version: 1.3.4 release: ga description: Collect audit reports from Google Workspaces with Elastic Agent. type: integration From bb0eee12aa7e185e99c22fa3e80b13f3dcd76981 Mon Sep 17 00:00:00 2001 From: yug-elastic <96041884+yug-elastic@users.noreply.github.com> Date: Thu, 21 Apr 2022 19:14:43 +0530 Subject: [PATCH 10/23] [apache_spark][application] Add Apache Spark package with Application data stream (#2941) * Add applications data stream for Apache Spark * Resolve review commeents * Update Kibana version constraint * Add system test cases * Update the Docker image reference to a specific SHA * Change naming convention of datastream --- .../apache_spark/_dev/build/docs/README.md | 9 +- .../_dev/deploy/docker/Dockerfile | 15 --- .../deploy/docker/application/wordcount.py | 50 +++++++++ .../_dev/deploy/docker/docker-compose.yml | 27 ++++- .../docker-entrypoint/docker-entrypoint.sh | 47 +++++++++ .../docker/jolokia-agent/jolokia-agent.jar | Bin 0 -> 461859 bytes .../deploy/docker/jolokia-configs/bigdata.ini | 6 +- .../jolokia-configs/jolokia-driver.properties | 12 +++ .../jolokia-executor.properties | 12 +++ .../jolokia-configs/jolokia-master.properties | 24 ++--- .../jolokia-configs/jolokia-worker.properties | 12 +++ .../docker/jolokia-configs/jolokia.policy | 26 ++--- packages/apache_spark/changelog.yml | 3 + .../_dev/test/system/test-metric-config.yml | 7 ++ .../application/agent/stream/stream.yml.hbs | 21 ++++ .../elasticsearch/ingest_pipeline/default.yml | 39 +++++++ .../application/fields/base-fields.yml | 12 +++ .../data_stream/application/fields/ecs.yml | 12 +++ .../data_stream/application/fields/fields.yml | 22 ++++ .../data_stream/application/manifest.yml | 30 ++++++ .../data_stream/application/sample_event.json | 69 ++++++++++++ packages/apache_spark/docs/README.md | 99 +++++++++++++++++- 22 files changed, 506 insertions(+), 48 deletions(-) delete mode 100644 packages/apache_spark/_dev/deploy/docker/Dockerfile create mode 100644 packages/apache_spark/_dev/deploy/docker/application/wordcount.py create mode 100755 packages/apache_spark/_dev/deploy/docker/docker-entrypoint/docker-entrypoint.sh create mode 100644 packages/apache_spark/_dev/deploy/docker/jolokia-agent/jolokia-agent.jar create mode 100644 packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-driver.properties create mode 100644 packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-executor.properties create mode 100644 packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-worker.properties create mode 100644 packages/apache_spark/data_stream/application/_dev/test/system/test-metric-config.yml create mode 100644 packages/apache_spark/data_stream/application/agent/stream/stream.yml.hbs create mode 100644 packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/apache_spark/data_stream/application/fields/base-fields.yml create mode 100644 packages/apache_spark/data_stream/application/fields/ecs.yml create mode 100644 packages/apache_spark/data_stream/application/fields/fields.yml create mode 100644 packages/apache_spark/data_stream/application/manifest.yml create mode 100644 packages/apache_spark/data_stream/application/sample_event.json diff --git a/packages/apache_spark/_dev/build/docs/README.md b/packages/apache_spark/_dev/build/docs/README.md index 460b8406e49..e2cfa137065 100644 --- a/packages/apache_spark/_dev/build/docs/README.md +++ b/packages/apache_spark/_dev/build/docs/README.md @@ -1,4 +1,4 @@ -# Apache Spark +# Apache Spark Integration The Apache Spark integration collects and parses data using the Jolokia Metricbeat Module. @@ -63,6 +63,13 @@ Follow the same set of steps for Spark Worker, Driver and Executor. ## Metrics +### Application + +This is the `application` data stream. + +{{event "application"}} + +{{fields "application"}} ### Nodes This is the `nodes` data stream. diff --git a/packages/apache_spark/_dev/deploy/docker/Dockerfile b/packages/apache_spark/_dev/deploy/docker/Dockerfile deleted file mode 100644 index 49b5d24740c..00000000000 --- a/packages/apache_spark/_dev/deploy/docker/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -ARG SERVICE_VERSION=${SERVICE_VERSION:-3.2.0} -FROM docker.io/bitnami/spark:${SERVICE_VERSION} - -ENV JOLOKIA_VERSION=1.6.0 -USER root - -COPY jolokia-configs /spark/conf/ -RUN mkdir /usr/share/java && \ - curl -o /usr/share/java/jolokia-agent.jar https://repo1.maven.org/maven2/org/jolokia/jolokia-jvm/$JOLOKIA_VERSION/jolokia-jvm-$JOLOKIA_VERSION-agent.jar && \ - echo 'export SPARK_MASTER_OPTS="$SPARK_MASTER_OPTS -javaagent:/usr/share/java/jolokia-agent.jar=config=/spark/conf/jolokia-master.properties"' >> "/opt/bitnami/spark/conf/spark-env.sh" - -RUN echo '*.sink.jmx.class=org.apache.spark.metrics.sink.JmxSink' >> "/opt/bitnami/spark/conf/metrics.properties" && \ - echo '*.source.jvm.class=org.apache.spark.metrics.source.JvmSource' >> "/opt/bitnami/spark/conf/metrics.properties" - -HEALTHCHECK --interval=1s --retries=90 CMD curl -f -s http://localhost:7777/jolokia/version diff --git a/packages/apache_spark/_dev/deploy/docker/application/wordcount.py b/packages/apache_spark/_dev/deploy/docker/application/wordcount.py new file mode 100644 index 00000000000..7c299ef1b59 --- /dev/null +++ b/packages/apache_spark/_dev/deploy/docker/application/wordcount.py @@ -0,0 +1,50 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import sys +import signal +import time + +from operator import add +from datetime import datetime + +from pyspark.sql import SparkSession + +if __name__ == "__main__": + if len(sys.argv) != 3: + print("Usage: wordcount ", file=sys.stderr) + sys.exit(-1) + + spark = SparkSession\ + .builder\ + .master(sys.argv[2])\ + .appName("PythonWordCount")\ + .getOrCreate() + + t_end = time.time() + 60 * 15 + + # Run loop for 15 mins + while time.time() < t_end: + lines = spark.read.text(sys.argv[1]).rdd.map(lambda r: r[0]) + counts = lines.flatMap(lambda x: x.split(' ')) \ + .map(lambda x: (x, 1)) \ + .reduceByKey(add) + output = counts.collect() + for (word, count) in output: + print("%s: %i" % (word, count)) + + spark.stop() diff --git a/packages/apache_spark/_dev/deploy/docker/docker-compose.yml b/packages/apache_spark/_dev/deploy/docker/docker-compose.yml index 50d2e581018..9e901468298 100644 --- a/packages/apache_spark/_dev/deploy/docker/docker-compose.yml +++ b/packages/apache_spark/_dev/deploy/docker/docker-compose.yml @@ -1,9 +1,28 @@ -version: '2' +version: '2.3' services: apache_spark: hostname: apache-spark-main - build: - context: . - dockerfile: Dockerfile + image: docker.io/bitnami/spark@sha256:cb19b1bdebc0bc9dc20ea13f2109763be6a73b357b144a01efd94902540f6d27 ports: - 7777 + - 7779 + - 7780 + environment: + - SPARK_MAIN_URL=spark://apache-spark-main:7077 + - SPARK_WORKER_MEMORY=1024G + - SPARK_WORKER_CORES=8 + - SPARK_RPC_AUTHENTICATION_ENABLED=no + - SPARK_RPC_ENCRYPTION_ENABLED=no + - SPARK_LOCAL_STORAGE_ENCRYPTION_ENABLED=no + volumes: + - ./jolokia-agent:/usr/share/java/ + - ./application:/opt/bitnami/spark/examples/src/main/python/ + - ./jolokia-configs:/spark/conf/ + - ./docker-entrypoint/docker-entrypoint.sh:/opt/bitnami/scripts/spark/docker-entrypoint.sh + healthcheck: + interval: 1s + retries: 120 + timeout: 120s + test: |- + curl -f -s http://localhost:7777/jolokia/version -o /dev/null + entrypoint: /opt/bitnami/scripts/spark/docker-entrypoint.sh /opt/bitnami/scripts/spark/run.sh diff --git a/packages/apache_spark/_dev/deploy/docker/docker-entrypoint/docker-entrypoint.sh b/packages/apache_spark/_dev/deploy/docker/docker-entrypoint/docker-entrypoint.sh new file mode 100755 index 00000000000..ff8afc7756e --- /dev/null +++ b/packages/apache_spark/_dev/deploy/docker/docker-entrypoint/docker-entrypoint.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +echo 'export SPARK_MASTER_OPTS="$SPARK_MASTER_OPTS -javaagent:/usr/share/java/jolokia-agent.jar=config=/spark/conf/jolokia-master.properties"' >> "/opt/bitnami/spark/conf/spark-env.sh" +echo 'export SPARK_WORKER_OPTS="$SPARK_WORKER_OPTS -javaagent:/usr/share/java/jolokia-agent.jar=config=/spark/conf/jolokia-worker.properties"' >> "/opt/bitnami/spark/conf/spark-env.sh" + +echo '*.sink.jmx.class=org.apache.spark.metrics.sink.JmxSink' >> "/opt/bitnami/spark/conf/metrics.properties" +echo '*.source.jvm.class=org.apache.spark.metrics.source.JvmSource' >> "/opt/bitnami/spark/conf/metrics.properties" + +echo 'spark.driver.extraJavaOptions -javaagent:/usr/share/java/jolokia-agent.jar=config=/spark/conf/jolokia-driver.properties' >> "/opt/bitnami/spark/conf/spark-defaults.conf" +echo 'spark.executor.extraJavaOptions -javaagent:/usr/share/java/jolokia-agent.jar=config=/spark/conf/jolokia-executor.properties' >> "/opt/bitnami/spark/conf/spark-defaults.conf" + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/libspark.sh + +# Load Spark environment variables +eval "$(spark_env)" + +print_welcome_page + +if [ ! $EUID -eq 0 ] && [ -e "$LIBNSS_WRAPPER_PATH" ]; then + echo "spark:x:$(id -u):$(id -g):Spark:$SPARK_HOME:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "spark:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + echo "LD_PRELOAD=$LIBNSS_WRAPPER_PATH" >> "$SPARK_CONFDIR/spark-env.sh" +fi + +if [[ "$1" = "/opt/bitnami/scripts/spark/run.sh" ]]; then + info "** Starting Spark setup **" + /opt/bitnami/scripts/spark/setup.sh + info "** Spark setup finished! **" +fi + +eval "$(spark_env)" +cd /opt/bitnami/spark/sbin +./start-worker.sh $SPARK_MAIN_URL --cores $SPARK_WORKER_CORES --memory $SPARK_WORKER_MEMORY & +cd /opt/bitnami/spark/examples/src/main/python/ +/opt/bitnami/spark/bin/spark-submit wordcount.py wordcount.py $SPARK_MAIN_URL & + +echo "" +exec "$@" diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-agent/jolokia-agent.jar b/packages/apache_spark/_dev/deploy/docker/jolokia-agent/jolokia-agent.jar new file mode 100644 index 0000000000000000000000000000000000000000..45067065da3645ec04bfd0d5c5c0146a6780c1f4 GIT binary patch literal 461859 zcmb5W1CTA-wk=v*Z&s=xL-_r$+<|9ke2HzQ|cM$F!F zjNZn~-g@>iGUX(JK_CGDzyScBi&v!p{@VxQ&#|3wRHBg92 zaCmUXmh6aZoZ#>A)CJ&J1ID-5$DsBB!rAE`z|xr=!}};A+vuzQ972qd}_cud1!pd##xYbuZ;} ziSVbI==Pms`-r-bxNsYC!Ej1BNic9Al6l;vKVG{60s#EQ%fINuD)^uDf&8(sbuj%u z%>C~c(Env&VQXb;X|DedmVa^l*SY>}X{K*uWM%B|4+!-CfUq)mbovJv%HLpywl*%t z4o?5r6y|@#SUB3+{6k|T{|t0Ax3;q~H!=Um#49>jfwd`4e#H%G%|NIwEe@T`#&`D_klLhH?%aiG5QC@-`W2+!p_Rs)cl{=|2uR4 z1{%8=8#+7L{?nfe`EOJh89V)<`X3>GC)>=)$?hM#Lj79{4#tj74(9(qZQ%T8ke#iS zx#9l}@n(On6Wjl*p>i;`cmC7M|KrrZBIVyB0`1@W_wTD%;a^Cxe_hnl`ZoHe#tt-w zR{D;PO)8qIn94|BGB%{>eTxcG%HX-NP)x{i%^(#herkf|h>$}b8AS7Ru~Sl{hyzV; zCk5Vfx;qgyF4V*oChFdf)V_f|{a`81IS@fwA|nx&lj#k|nYOx9u1{NzUoXeUB>+cu zc=(ab(TO0aOF(G-?^vvCJh3~1>4w_=xUB3fL}CV=#Q0=Kwvs1;!Gx6h0Ok-nR!=)W zn~CacsS9D*9k6i4(R$NyT?b$4+`RXOOAJ1w`rN&y@Es4(e@GwlE0?K}t5YT;J8H9_ zz0G&rb!V1pSg`XWiU;$lP@C5)Gb0CIE-e-{+9V@%c&KkH#+Wd|BxLAfNYooUm+TVR z7vx)}q4bPe9t^e=T9i9S?aCJlSLIqhFDMwS;*=L#m9-~ZiC$0^3m2#4NG7QW$=4n0ml;jM&Swg> zm!gw$M#b(=b-WrIBn-4`?1yvlx6UXpV%lB!rfYG?MUrt%Rml)Yw-d0MjZ+k6a$h$_ za}_W_UZuLg0)Cb|YQ+uwp=~A&s=ou+-#DqIz9bRGsZnHs#$l{%-!F%e)Z!o~2aQh` znTgks$gFYdp-hb`oJ%O3uK(F);l=@uht2r%@VZaAcl&(xM;pmyP3=hGf|w*TIQ`qKZV`~JC)zg_EVLl5^3pDnioCz$se zv2$nWN!91+vw;^^QOic?gd0-kTJlD2U29N~Y7ahYTMt5BLmK`F{|CGv7GNFW zgdR$5QH0oxPmohsqjob>2#~XOrg2QIZ2UUe365uX3xhs>s}Ej#OwPM^j#*R7?uDr`%o+L^qL6r zZC2t!#8YS3ot_7KmUD>k(@@=evUC@Hwl~$&AJL;6Q^#j$dHtUDWKN+_w}PEa4-60? zZbiYfx~4vCM-C%TJ`q=AE#gzL!_u7PcKuKGO82eN#&;W{nNTv?EVMqgJ@mu3I8~J^ zoLZl#eb`XR}3Vg|5x}6ij;=zqk|LaF=K9m zeELDr%5s8Sm=9&Y3t_3%(Z52_bH4|a@3Ph{%p z819lp63pZoyC#`n=}@7uMcmKCD50sFwkIZS?id}Yudj`7QE}N6pMT+Yd*7kODD`tF zcHQEX`!(0bSwK=TbiRmWk#6EkZH^tyg@*oU@P42#W*)+R~5d3+OMmuUV%y z^Zz)t`RDup=E;AL{$&5bZ53k&M{`@7|ML7_epjiksv@eQeZ#1e1j;joB1a&wLIXw) zHkHZ=$;Apo7;I({rO?5d>>2sbc-LiYKCg8@7SUd^H!d9$4kgEQe;u-%s88j9T-Z@^;z*e){Gy6=4`KtM-FAsxRn_NQHbWgs_{ z7;;4Dv=_u(ibrUELNj4tuqceAmyTK~iF3J4U{;o7d=NxPgk~g7br)DfBqz~d=gJ0Y zP}^Xb5Mzo7P3;U})^5-siVR9lp^xb^LLXlMIpVYNGy@el4<>3|j{-SW+bTG%q~*jh zJj%t`*8uZ~Y)!{dkdE@@46(5k8W&sPf%Ou~O^d@fF%e_O+#pIgaO&7^u7Aih3HnK1 z-5scWdcwszCT;>FQ)G?`y*Md2qM;G)R%0BNr3mLJ>=igT%mL$w5|5Ms_Y+wRg(~jq zR$SB-Ovr60#ig6*LJL15@UfY3O@UnVRVrh#W_YzAlt*?}46S*Q9cJjbVR+#MZ5|Px zWpq#ds%@)4YSB6ldrDnDo{FN@R4Gf2kX%_-3YYzE~7h7M{^` z(KRh{$pVwe@FXshC0nLW%(bz{R>ow3U_*zQIzFmg)4#`%VQP-cO(}1B+>L)IfQJjp{ya;)D45mgb zGz4VM$VltOBJ)(Gn=@3_^wvQ5UF`N|?KZa7z#Jj?dpJ{FfE~R?qV*-GtG4iU9i=M! zBU~F08Clg_N%E{biJ2Tq2G!bVGfj&r)5OIssLm2!`%|9Ka!9>oC_`oNqqsFL+OTQYkzZ$iHgvs5UDdJ zgMmlx2A@Y^#!m(vm+}Q9hvEe~XZ%H=H|0g5mwKaciskr%(SsyI2D5k&;nUm%HeKsg z{N!?u+T_floPA}y5}ptqYucnT*G8=u4Qj4btWN0W4SYVJ5$0%+2T@5HrO`VByj*1_ zH+V$)RiiH&xlOs(2Wv+%$A8mJqF3jlK)&+>I$o}${zbu8C$?MLV@N@Kk*EKRsosNN z8ubw>be-x9zphd_(&HWI43H(WejGohve*sqP+loi&s?Oif;Z>7&*9VJIo|pglMU%K zk$U%3Q&5qTmB@X1g^mT>JUH4JTByt8GqTGf0bz$yq*cZw^4<#aE0&CrIolj(Zj>tD zm63L7wHd3dsW|}_G_@5Olx(<57JxX%VWP6kO0w~`@&iEQ5loR{%xq{1y5XW^Q07oj zs>6fAIzqW73%818+CDj9aj}W6<$?EELhqqYo>1z6VV8Lr7-fna6PxjXM2g@OQ#CYo zVHsvVN?RDtHy;F0r(!sElk^)kaFeH1i8Git@yUjCk7XYWV{BiPs~kdg5Ad>eue_us z-^O)7NP8$Qm|S$gia4o$1}y#ppaCigd;H2`fnV!ub(~TAi4!V8^nmumc-aPT@28HC~7NzJpuL4DIk^V99Qp;wxB^(Ph+VM>H832a1;2?U`6 zzKDKix;K#(Jra~Th0UEXgmno(I3z*Ki7%qLe=)qpO{BTQS=wWflF@LI>37UXk2yZC z6u+Mw5T%hrFtYxBgj2p5Ilc`;K3iT|{)$bNmJR zm(+y<#?>VK001b0`zNX6{0~z1-xXfg&e%cU>5uU7+Zf5|JLp?0x!W24OZ|$Jw;d7x z-1OMEBxK;Ovkd%*M1zNjwSvk(f=FM&TObH()Q9emU>vh<52PNoF==o<3*SL zR1q<~I0>NrkdA)b$Vk>`kTLKc*=%r~cI~4m?W+A`6*_Gw`9(rad)K8>Wrx$oG_Lmq zO7|hT!+@?94BFNUCz+`#KHYoW`^8zeSR14GQjL2zJbJTX^EUxYON&0#GKUnAQU0Nm z7QEH_fNnZ?qtOxss-}Y$X(=NWiYRDMW`j${lpCJ%n%`wjyKLv+9N`b|)peqywBY@< z^L3#EUL;KI!=Po9P0>ErgU{aLU2L;hw_wZtgWy<%qJrP3q;q1Yy^0~wlPs{F&f}X( z>R;wYo!D9AG3B}_gU}WA9*JDY$;JK zA_G>>WT6W(2QG=FrweG@=n!rDt_(mUwM)&r%h6>4exA+MXRHl&jwb1UM07q(Jvkam z-u&4o6a%Tp#=9i>qlyeO_H3nBzAh!A2;w*z(IzyFI#>#}zl|P2uGlt+Ul$$*ew99) zpkDV(ViNfCw89NVUZbq8(eZ~Kr~uK4_^?-4DSJyqD0|N{ltIUg@^9BX^T*fp?D^+% z`6`U@q54@{`SH`$6@jSZ7u!(Z07mvN%Dtx6SKvl3nlD5IXzKRa`)TInecri3?wGpk zCtu$@qV6&tSE3Z+yaps=%#m91Oyl{H26QEL3}+WeN~(bA6)K$hEkqX#_P#~uu-_=&~9UA{YJPDCfmR&?qrFd=NBYoucjn4RvLt1HpMMvM^f9Qs`)3WMfxHk zLI)2}9oTd3R01ZuRjK&Z2+v;&M+Hx{q(hP>$Uv7CmJlXj`{eTt{0ZuP8t?>|>|C{U z{1yC#fNS;4&KL+WfMzMFMrt~>b-eEB>zU(C;>+`T=?YMCV+h?5Ytc(oJv0->`bvi^ z$T?Tl8f=cvNI%lL72ZO(9**gj0n2LK+3&n{IDS3q#v432V`P*b7o|_>gdPbzd5b?B z!i5Wse$RkHBm@RMZU;t;6&ABDLql(y@#LRJjHTj$O?bX0V^Gd;d7T~yhg0uNqJQ72 zU#HX-t3Sm|Z8$g9Y|mMd#+Yt+W9mzPaTFCFD5$*SJ~=0SL^LPmSpO=2U8XBwX+OF2 z#@&P+k9VBvXcgfBKx&VW5iUS`i#c zV?G^Wf1-RW9H!1hJppZCJhWsmb%9v7J8?RbH0^JNxva+e3wDdc;6N#_f@8qBV5@P1 zd=Oot7I|881Pm6E{bXp-A4Mityp{d!I$K`)6lZ<79u_M8rY(TfV;YicBkJjzE@bPf zmd#a^#OrsiFI|?obs%>XkwusF3C4uMW@*aUwJD;-daO?)cF2kLn!VUm6l#57kURsT z3_L0~5LXf_Z7MelA*iW5Mv$W&QR|KKe;duzLss)d6>$sw9}i?aa)JVaDDnd(9|!B&>~ra1>B)sdkl4{ z^BOXLR-natX&fwIn z@~ykiL{DLHO!}?JvK*-26IIAB;-zuGG1O z4)hg1(E%l=SdxK28ccX6)8Eqg=t4co&&ob>2tXg}ReUr}FESuUYHVZQg8z?z&3Et+OHY6W8YudBJB4L>k zI=Ih77(!uF5>^qoLlA|C#1~3Ovqx07AS8BdpKhX`c?MT~EWD0B9nJj4H^}pzj0mG7*j7fH*xSXqC0u zYz?~ptro&eU8^Kp;g2jBFAzI00o5XlBp5i-5vYH4nM|~betVgz-Xw_b75HR)p{6Sn z0({tL5n^bA0C7uiuRl&K(DlKz5bYb|5!ia;#(jyKn|y@>*naPWJ%a+9=#O29Q3i7} z_x7;>fcJ__-|c6A%Y6&`mpC97B^8Z;0ssKQ{*ySc|A#zK>Q8a~-<6)fj->^R^=*Xp z4bAus|H=sel?8UGn!6$@qxlrC7n;Y?SSi#3LOO{<_zUABTT4PMI@M7R`mZyk70=83 zDT644b6$09zXGcCjIyuc9AbTzXYbqVviUr^x_MnmfeVr}!gKkIY&>^AYv;UgJ#Trv zKcngbu?52VulO-C;K1Yq%{Q41t>W<>4?NUya7B}XJQhZl43v(f!W#;RC`6V=s-u&m zJMuH_NCBjy9S@q~187H{;+^S(>noy7jno<$86Ox?NyIW6E@7!KAgt{bCxuUCw72Dw z&$17Sos}amHdSI{UnwFRhWe8tX@-fHp3Xu~^3do@uFHAps4L~OYt9!SHpi=lW?ARN z%PrcHC_`ZGr{_f<%rTZTmra};Fbz!x=F5^NlN`C5BypD*6Eh8-PTVr*5*>LUHk)7| z2nYt}X?(WFPnIK{(V!R4a2?K75m(Y3txeR{I|)p#I3g6{L-bCh8ceg}OPbvn^XnWr zsa&c;&(EOUhQ^!Z&Z!@H8U8?JSgv2uv??4nJ_(N_=%0&Jx@ZkG5|Bg>&uS>0-vz5J zOa`|2<@1P6x}#_vy`aEUg(e{(T_NI=LZW0DXO=cFF}Xp@%E36z949BGRy74~UiWRR zfkZ)r#ktHR6A6}#Ae1Rl*>ca2tY&)_pFXmxl>Ke1z;^66ZalokT}iGe2|2MyysqF; zl}OfrK*2y$tKmGaHDV08DAV-d>@h6ehg|U>S4MLSXYC?wY2swo7|W$f=yQlqXh|s| zfK7kN&uB{2wb#J~|MRpxUBPK7xXQzLO){;KnlZy(|9;HIjv``sgIxIup&8xr0?_nZ47Jdsnb$4aS=Pq*R3A3?;+dy#RaU zUc+0*W-%C3S=N3rtN|yJ&QV1GdqF6m^x3HlSb!~1+fAge`wpWfb_-host^Amk2BEp zHZ$^A&<&6__y&QdzEM(17o2t<*(LoBO3tj4BF{Jr1IeI9d_~s;U1H^uaRfLGkpd^L zYH+iLw&YZNF@9#k#46Qgg?(%nh-p`So`9fcALiCwQDBf>X1i}4sK!;m4b>2TBW9mr zE5Yssg$C9}%f4yUO;=$1QZ+L$d!3veqKfBccu{>b#7pvY|2*#GLHuDY&^NehO%>P5 z#d_~(F3!s+Y-NV5Od)~6;G&Ww! zBl2;hvVnc?d@Bo68-#1bsRmnn^qgNUJS9){=n;S7F&S|PV>zN$zQBl~QUpTV`ioS& zBPNNrq>kVfA*x%AM=yh>;st2z9buY?cey_;vti=Zead7};LbZ2gpdirvk2 zHgDi-=vMFYgUkkKx2Z7ikzjW)(>mj;C)>Ea&R|`cA+o|SvXT_5s7rPJ9ix&qNe4pJ z$5t=ATJer3(>?u@!_scKKJFS|$Qd80G!%tDO*-lVpir4-tW#;N3+wXFxa!~fcUSzb zJc;-ckh~6}rbft%DcJD4JSS+H`h^wI=e3k7cGUaeSI!gTt+1lx-V?Ls0?^K-!mu>q z&FQX;;@0pUznuxa6%LLq-(H6j403l!U$tZ zMM+bx2t7_lX^P3|-9t9JR2i(RrkvJCgU+@9FXW*ar0yy?Wlr z!)S545NMO5+R5aUf&H6Cmiu$Z<&Z?!?Q5>H)H_R`7!u?BN`n^B<-u?)T`9BH_@qZAQ z|5j-DFELSv@={t%`|h6Dmmxt7^#cqEftDpr5C;N;7XYFE6)5@(#64nzD8)#R!8J4O zrna#u+@Pswsa!eSOg?mNlSYFTP<__9WiG{~Wz%J|yT!S~vZKS>bus+(JJa)c%E$z$ z;iQH))pMFV=1-;J`}41Q!-3^Bw{LRj*$X*s(`-*tyvR0X(e*rRC)wwWJ!yESJmZWbkZ}{~0{ha1Qvzd2Ea!Md;QkeM7 zqCt-Q*iNIGt?mgb!PR;<5!7OGVKS;ACKLU9r!#WIa=u!JnU`!OqVPD@XT91JzdXYA zj)y00$tWQWyc?5t22?WkLKpXEoxDn7{=JU^Q&QLWr%(YYPPauHFDcnM>^DE~fUP64ta%A#&+ZPA*O9zntm zq=)3s%z`ijGB@#!bRn{H5dZ;P&zpfumPYJ&>|q%30cl|CzKZ@qvH%8WlMpG!_#}(@ zXc9cc$w_ZyfF9Ip8M`;;-62gXEw&xKmqKtVFeI&C1oi5A^>9$Tcu)$3S6AOSl8u5J z`vfQ(0p}C7gwqpvVs5-Vk~$51e(}a5_v>Rf9^)D8L+(x}wM@ijKg@Ve&Q>XyY5@y2sWLIOa_=`|0_z;p`d zTa6?axspC=ik3T$B-@=w3frA13fsL&NLzV#%Iy&*8Yt$jE>d{$%LYQ0`BX0hk$h|q z0jXLTjTJ!r+&k$`YzQ&EkT|mlC#Ms7c}TI^+0t8+r1hKMzg?1W@(L(iLoW-sP*sv# z?MftIX96f(>DB5K54Ev``$`G$^tS1gK%z60W#|Zq+MjQ1lAdpL3R5Vq_cfKi;I2a) zO+i?N3p`3tq>tm(&ofq$)~kdGvHeoHG(jV=0Xcyo%uY8NNMhAV30!__T!jGg@vV^g z11D6zf_o9e$s#hM{~U-!5=s2gXq3xXuQ?pKI4QD(RIdP3)E@{q-e&*=#pdBR^%H26 zDWDHm`Bi0S0C#^~$s;`5r2Q;DoFi zmP!vS*ofQ7J4r|J6=2)1HphNXI4rPP){Vi%E9v?m0CKzNZWt8z>c~^+3&dC9P|yoj z1p?2*0DJXbTiwW}mx+FQgYCQMp%MoXqbapEBq;~SBbngqYl^xYAKMS<;P)z14T1#67M){*#{l&kVxU(@jxu$N9dR+=yzh(s2mz^ z67JzJ(pTr$@QZy?&dxrY1akDVzX0j)4L%}tI=Jlo;H5m*1(1tPGIIhYSR<1K5F4>G zKx#w(-`O;F;(P&)h(*&EGq1=7yaXv<9g@P^QTC^v?#+r6c{@c&ke>k#q3WY4 z-0t;Z%@;<*IgXS`}+ zF~8<|S{JPWU+yt*2)AP%c**f-^{W`w@s;>#;1;!=K_FGT-d>z=9vQVm9V3{C=AFV) zW6F3zE=AoSv+d6fxK_VGFA!;(6j-F(V5rm&E($fe!&Il)QT-e-2E@n$dBd2kUL{pL z)zS1GzT}9~1Msm3NNSuAdxP4_ChB}ro_6nWjmnznUV?POnqmOBC9Fp!hm1MzX)_A z{KKOddSi3c=clMK!g~qv?VpMwfm8M%u*uW9bt0Zlf?^_sX~-vAIeJ@>Qzlvk0$oK7 zI-<1YXz#vZfIw;Np<0!CAK4P(G@Z}|(j5py0g)UChhKUFC!na%eXW`Dm%hkoULLO8 zEOOc;DMzze8ki_n7LJv;EUDn*wLi_lA;=eOksXaaYD*6#1 zxK({{wX7I^V)E5HxKXjO0@!56K+0B9)x4^uwuC(dsx-;*&$?!3 zGJY;g#?HhzMu;K740#k3VGwA4o>lhA?RNRsRNyS)bi_3JaP(Q-loBe(7!=bhX^odM zl#Tx(yD8ai3nsNW$3&wZU=OX+E0iTcuil;Mc7+j_LOijS(VU*PcoNCuf`p~A43#Ih zG(pr_D0m5^{qe6ky2K7L|6>`iD&a2R>v}n5UVE~S7Nt9A9!WFQ?0#cK>^3tLcXJlu zTV%QpMb^PkqtRTpz_7W=)Lf855Mt_EX155I_7_FB!*@V5^ekJcc^tAj)#w9Ivc23OnVE3InXQ0e!n|@jUhO3< z?{JE#Df_of+L;j#)z%o1#SXz;i=6rEE7Bap=siWRDZ@t4PmvyhroBVOGo3thpA=aL zZc$=yrlInO4(~DZ_D+xxZ(mDV>8S@aN)z-AL#=bbAWyLD(!N9*rkLjl(?Rp}o%{rZ zQEh~82Cn5e0oLE?=cA&SW?0sR=8a(%=8V5qfIK$DaQmP66G5=3)pTQR@?mFvBKsw* z^`d7&P6_99L{AESm4aNt&QzgY{(2B}!W3bnALeh*`uU4_f5ri96Jp?}Mly@#l|U4L zD+4C45d?xz%$tcgvv<*Bz7OseYG1H0}rui`-#pQ)23)n-aGv{@I$U~6yA|z zo~Tuy{M}1d&5YQs**&N1JhBubP7#c$S-x~4ABsFlnz1Ubbakq~gW5`6OtFeof5^7` zPp)&~8e*{pSy{z132}17?OBH>nY;cX0lRYPnQ}}rNG#Kg^wpC=A`>df9MGS{^$&1# zjw5sZd}HQ>#!KM1aAMk$)pPK`PB3jmDkyRxBfI##UzAR60I5ez9G45D{_Ai3=C^Hi#?o`j2&5o9PCIUmAk4)dS%MaNHrXIM0zdC ztolTc$;c~rRirGbXnx8luJGrZ;CBvRUzD7Av}{|4yG4GOmYO8sMkgfej(;-k7tT;1 zJxPY7lOxv+2Y=AWYpT|~BsntiYJRI1f6Xm5OxA-#BCGDgBLo~7U6@Z+jGS7nH{;2{ zQ5F9Nn&0_mz6tek`)%;@Tcp;9^CcS~e#HUKq3w6&~i!p9L6vZ_NO^uqv8pjdt zORmKLO-OF{Rd+g^K|l&p*JQ8=mR=qXS<3^}st0}8gDo(nz;7O5*?q~EYx$EaVapn5 z!;;f8gmTyHyf(VsPLGuBRnbR(eA8pHXm*^O;S#I@2@rl+ZSS(4#+W13XZikqrJoo( z=jro}xq&QLH+VEY%h&OZ98!5&DoRioR1H2(Hcv=YNy00p|1 zafLspARlkN5d5ymy?9|td-y2jbfEBBX14VNIU&lqBII@b$+H^*tg!orP)}+~69=TX zbPHO*v+d1!P(6OoJr!;=cwFMmWfTKTkYEd)qR0N$5BaGmLTdzGFiE-$AYC*^h1kn8 zEivyEhHw6+d5}&IAU<_L69{*gY2D_j-|=3B=8wd$C8`PUhN3Y@qaP?cZ%}N)_J$yG zuom5?fFh%H{lGbmQw*=1%)jAtEZz|LCOW#wd6RA!Jq~7>!!0uZDU(xC9aD{JQghc< zxmmqid*ZtH3#!-~d!K#3xENGtXz30X?;xcNLxwe`TLR|6xjnlZkg_uz>m*~r?>g(j z8t)a`9B>!T(wvCwi%kNmOv1*^VBUg1lY_>d)oKGK@Pd>0>IZj>LYUC{1eVY`L`M~> zGthHgVW(ucfaz9|xt;&+wE~3fVDuBqnl#?`&mPp1O3(u|fK!x=FyU`y5JR(0?U_!I|nl05BG_N^Q}lE&Rekf@I&vFonR!RaGus00F(adr^oCX z=)9h@guvc|AJrZ)#FE`bq%SNXJ6;!P@Y`@@*3^Y_pMO;**0p?u(Qyj0$6$q;URM7# zC0zvw)C~JUCX8vRv7)d#ZxdwbPSv?kt*)ubuX75U-@s%+<;Jb3gW-=y9WgAKjfnlD z3%|&-sMu`_Df3Ee*U}g<60ogoAM`i#WzmtwfJ*|gcrksFhl+-5HXxbR% zH|XXY7H{f1WS780elmWT{wmfa-@|VJ+6w$8aOx6H*bW|);_6ZE2G@UBM-emumW@+& zkE8AsT7Nq!-nbW~JO9{iVnVvLVOwKdJ?crM4X)mQlz0` zF#xUG=gsA4D$8;Dp7%JL)8q8ACi_RN!Ue1zr_STP=!-o7^@}*b{4K1*gQ7b-DeX7f zZ|O&o zf2{(g-^3=|{E(wzl70ayjlbLeP0PGXS_gi^e;|ROty64fU{O7S_?n(t90nwfWMRCw1kSf*wyB}%w(y4nSzq?ZAC7D+N_ ztuTc$#dgZ5WLu}wh-48-IgnZZdAb@7Ur48_qy~#kwdLmK z%37`Sb8`EV^kl|5Q=R`)ixrc=Z2OcF8w&Eu43^}B(sh)u!Fylc8F${4w@72f8k?EZ zQ;9*Ch48u!(NDCn$)yd0;WuZXuO~ZMro=N@G@zDFLX-21=ir}#KUJQC^7C*CrbCM- zkfUa=R@z~Zn1>rns|yOM?Dr?JGhAD&tJj&VGWgb!V|B10ggwh!u2wCbiW8---|Uz& z*YIi^nWDV=#EKDiWky>kajGfTNp`AZoM%zpCwEI{*S1@R#he14gxC~ku+E`{n}ZPa zU#+Cu6}$9*Sn^}sZ^<=M8i-BhRZ}0OmLCj>5Rh66)=WlR_Bb|z%VC?t~7rByC6=LKf&sJ1(bttj@))T%SNTT9sxiEksy9Ndt5J{JrQN=?DmmeL1kwUBg0Cc5SIF>s!=Bek{lIm)O%u9 ze?=dXMSc;Mk$pczEzOOPD6W3epvD7fKU`g}tv+b7#u04ej$TH4GqM=nceq$uDXfC# zpgGlzxsv3YrH!z#HzYQ20wH{c!2KD&BHrx8RKZffX>dg%(?^h?%cio~y2#Euj9*g4 zn-2MmKDDe|@EW7Xn`{yKDB6+v;L~wbr#6(NOagGfm&VRWycOFF402Hc9+F;_^3FNI>5*$6Nm$7#)!Z+*dY;eNFX$c)(h#>>3Nd~PwNj+G;z!PRQ|1LRX zmt2){$n3i18nb0Cli|v+Caz2!Kf?hw?$><#NE~`M1f@Hqrfx<9Y)~9)emy?dpw;OsQrECk-+>txBLI+KXo5)fxw^ zMqi)0<^u5R0im*7BvxAWkra&^3=yW48!6<43lWg6GK*s&)jfy z6E1A^ z3SC)&8iuZ{K`3Yn8fNJOO`YmQoz7PLH0Lgu{0bvzR@WvmI+V^=qBNZ{htRd1B5Q-f5-BPwOX?9O5ZZ~dDm^ypI=CHutDN4a;aX$Z>=EPiOC z+RMwb$z=9%JTXqYiJ!1VT%U#J#!Q}peF(zSrFBJWqHLRmUd=F z%j~3&Cnc-Mt}UkgdZcKJ!?a?m2u zUbD!S8lO|XK)tEi{B~vZQky3*YqnO;JWJf;$6nBG;3aAt?den5rIi(rm<*beMd$Z;1crTmb#f%jic@oE`ix#n9GP1 z2JWTj@8u@?-M7j-S}SW$0@$UXp~14s&}xQY6lu&x?uvddSn)9&w0LKK@G(3bANhfO zu8RvrLSzshEJ~4UyE&OM}ogz(~s!_ zat1BiJbrA*;vW}Ij#eC{BcpD5+1kU`XVflj4Rs{a)ffO&1GdH(Vu)t%gWnu+|D5y& zvRU3Qv}13*ayns|Ub4o?554u)nr$;_w~6(r3&GDybf$D~b<5G#5!e4PFWIR;!-4I) z?i+;`4J>=pA+8+IvVh8nB2th@Ta~c-`IeN2!?V1nQQ50O{PBzU18v*QO_$=Z=?#+t@|f9AYm6#)0k2IWOClF0+HR#xvezc^A+t?COOL zN71z>Fd{2M~=@ooGFi#j_Al~ zfm>j~^!*nak8m~Y9t75)BG+%8fRG#P4|pFLVPmEJgKq5m(brF*UGK<4un}%Pba@`^ zVBH`6(XW;+6S@tCUyK&|Lm$H`6HvF_7LWYh8U2ipp9dF3TeNchp6FY!j?V05QtF~) z{ZB($L31 zL5r|T;gYk;ILaiVBGvp1ZqZ+ENK=ES4M1^}acEf8*Lk#z-|dk1?NY;E%+eoHBwt06 zX&sLUGvk)t@n{S{qm)hD+62<|lh+JCu!sAL@eL@XAMCrW!4El=iW_!RmfAz)gb|aM zJf9qLrq!`V$?%)YDYNsulfl*mcqbf9byY%rF`pa}9yK0NsUFrM(bX z+_14A7)}nXs4Ov=-=oYe)TVEQ@Tx3WH$PgxG#YzjdONEvcCmO|=xD@-c)VQ(Br+!8 zx92$G9KttXNR$(@EdJTx6$X>OwQUQ8_yzXz_WTPZs+Eh1m!8&+Upy0E^E#6q6M10l zzOcB56dK0lEsWyge$E#%CiVv(j5ws$bTXV6s>6B&@Kh)5FZK)X_G%SHzv$!pXnDbKzu~-9s#@ z`}ZuO#RHn?wp;>(o@c;N{%qE-zzG$$}~& zt(AMiiAtr`&uAv8z|W?u#ce<8ctYfH%x5>EQ7%iOQLNLf#~6y5Yb(mx9gPajHSsc7 z6thfUIinbpIauR5BHj3f4;5Rd9;sNM_dHk~zk(-{?@^zN+G!WM`JRy^El0YRtnO1MIUN~OJhW;l;`H+qQ;3QWHP zWEy$e5kY-kzr(kxd-oS0O;A3hZ8iKw);%|o&^gjq!6mx;1= zf~nZmH+G7G)Qx5s2CWN*o~oBhx2TdY?{iO8xPkK#B>~T_`Ss7nxu^Laflp#DlHq` zzhKKyqyf*8yo%m=d>e)i7wtRjZ_c2WmkcZ{XlA&uo-^buc(QYHR3iUe=x{s2U!C}j z(cTNPK>6b7{Efdg{!TUJN~Xfo%yi^U%HKAA{>}SWiQ{trGdK3ngE;R0SmOBe@V3pCO%CDwJ4zW(=yXsmNfMTW-Hp&Jq+&21IW0OkMiMcIKm4wb);v4e$R0@ zJk(Ed!r>tkywneM(Ty;a(1ImFkx(1Gnjp}eu)R@UV~^_l_L2TNiOzy?2cczlY+R)l zV`B-Ks>w$5@f+dN90RzpOkItH7+%=Xz|DBLX~$dGN{9%d!Srfzr1caKi7W)Ph2{n3 z(vjiE>hf`GTRP8}rk}3^GdP5q7qRy%23uKy*{EH0i+dCV= zry1$zM+EA;Wa!cv0(fYYQ&SiYoQ9NiV2Cz#_s=tD=>=61nHx6J6!tS*+NZ<{6bv1W zCIC;tH1-$9r|4)KlG%btbjR|TaS0LTMof(ghy_HT$~Jd)^Ryr%sr|}!R1E|a28tT- zNCXVLc;Vqfj&jOKWHw`!v-QMM2xN&UNk+zwdST5eF$}1%VXG`x^0UyDeZ^22a=cad z>WB830}os}d-g6HY}Z}K;42N;?3J6V!a-xtKJ!_@+F7*UnS6>75gRq0`XUvf! z72me$ffYyLVmCoA-TMl4Xo^~A%wtg^sqN%pOx=syS{BbK4~cxGrY-Hv)JgMNQ%P5sy!hQKeaNzDBb&ba?ur>f9EP#fbHM&WN0m7<~=$80JrAIHG{`(p5x16^0 zo@^e!33g?ElkD339uz>&$jE@KPA5U!y{q+qwht0=<6nWoA9mMXMidSOz@nhQr|J~Q zYA)FntG{Xhf_re+>jP^i*%k60Ixqsr+f{-kqYCvDWC1<%l$L}T#frYy@SJFUX0%_^ zz~+SAOMIuCC|8n1nmBG&G)qeHl6BL{`jD9V0JKs>XsV6fTtqitxtXDgK|TrZ}n zN;oaH`a75EB0@oMafy1_HXzK|KS4)8wTH=&L@>G-g@sKu(-O#4i2vysd3d!@PJF|p zY!xwBt6zcNg)+gAf6k-cAzEWK=F`!Z@(w%(RqrOY^58V87r^-CSi#_SRfo?{hk!61 z1J_P+P}xXMMigY~rmJ}}hmO<3$m>DNiH*bQMuM7yj$IfOtFl0_5fjWuVo8`%Ui|k$ zVVE4kF+!ERQ>7xMLxtl~CZe;WAa2~V7Wry&5epke=N`9EZbkKtxl~Tbb#lHOSC?{L zsQDg$nsz{luMh7JFq-W*K<^{1FEH0t)n|eV5 ze|HNS;BV|M0hvi0c3I7-4d&_ep0abSQOTH! z#ZzKwQ?asK2Rmpt>wLwxB@Jm(~@2g)Q-_^-KS1=<2?MdC!;>tewj=Ltem~g+h8_%C$QgO zdb?{nFUL29uD(cLrJXR~)^|pCMc`&lk4M#x9-!kHD@ElegIA-@#_0m&9i&GR^CIVXcW2m2MxYYv}5d zsIHDBt?CF|JO18MK|G`#ZPRg$w@Ec~ge4AJAktYsGZlrlOF*C*#<(Lf8B$9|(Ayy* z${h;NL70ccK%f~5w=G;10)99Yg)kZ;aLX{AiVd4=YM9t>jSA_ap4p`4CZXN}LEI*! z!-!&t-t<@#>y9|1p`FRo&N!qPFU}UBBc-=6`n##VOdSvj_qPhFwiCE^BOq%)$(8pH zp-<|c8k`-YSy0?lE4ywFFs~|dl8~-7Ho3hmJw>SA#qSrsxoEyK$d5^8j8=YZzE;k8 z>z0enux)3F;W6!8`Kl_#(_elEzs%l}Rjzm!8oW7zpiKGR|M8^lnuSfJ|JYBX|J8o_ z-#lsmM^T@c@qfgwM0rOJNdW#UwUs)VQvD+&GF?k-@ z6v_4`N|kdPJ|rQPhZ|;!spzYV_qi%lAy1@wac-^H91Zmykjl$xalJEKDSyjG5uhT4Pt=K? z9hjU45*ej;YuhbuyO^lIZYO2=*ossSC*f>9N7j5<8PrEI^T&T+0z!dSKZI7^M7|){~^a)e}1ORA6sZ+O! zeZ}D{F6XD5O@|VhYc3W>Y*IO8%#AjPWj8`;ZGmjzM=a~NS!HudVzOAbvzT3yO0$yM zEvy3zzPoRx7o(ZSBzwK{j(Z-i-}0QkykhzdyXF+>#MPYQo_w<$?NR~gWz<0onIC?M!dMlpoD$@MeZt(~{%+RfF zWtMM0dj(%^=rfnRkaT~-;$04X)=lVLq$X4Nx5D%@^7(g7-}9X%i0)tu6S`0&F{j^|ZrP}1V_ipsW`hf>WaY}P> z2AB$HBR*YvV_kHfa}K^}-oM)LBirX4^w9u+t052Qb>-oEs&;*b<3&QLQG-XSmAbB+ zZI$u21MiztuyDpSgy0}iaozhk4O(JO_9IxgTS5+i?h=Yqux8f+Sr$jRa$ZN3JnCcQ&1c;ZG%DHX(JmEuLfJaGIFHs*NC?lySrz zs)$rcYyWJ|@Y^!yqA>r#RG+2YlyqI>hAd#T>l}3wW8ePakUj2U#8*Yla_7wCX;q-j zi@)i3VCo?cnNq4O7--I$z)p4FNwcn|Vbq5yj_(0IL2wa-v!1JzZH!bGvlzy$k85Wg z2!dEiA;D>eSeuiVy~ zX$zP|==|QJY09%Fu8V6@xw7V}crVt)o^F~Li8gyY%2g72wB$~i!fYIhw{#q9sAt1p zWACbrExl9La?5KIFM=w5&fa&Bl9YwN%${uB@ZXLI<}oA@kIB~Y9-3gwCSj)!bBYA* zN@A9G9J`h|dMX`B8XOjD{h)`!4*RZeT{=h3>nuJ5-_D$jCJQTPh}cjU=cIE7kyDRw zz=1G@KIiZ9|MeV8h6qxB|dHFSfd78Ut;3qUKUskObV=`eP4?8c;8Exq{u4TZRNIK~4d@*F&Z z3g1@Lf|}t3wIw*CS$0Tli^yDEx3hX8SgEQ@FqLG) z=J9K!lqi(?#0FhF#w;}b#+i{$a`IyN52@%K2GaB1s5JIyI0Xy4RFn*m%|4BLmHulD zj^)4r1JbNS4FQ#OMUtmbVQF=;N@;Z}C{kXZ2NGX^TV|u^xs1jnsM>8a#YOS_kP*At zzJvEvGHFDHJD+a^TAT118g-6skIuo}P<E>!O4kA)@ra@s& zMuJ0$X@IKKRzZ1XYmuv9RsilAMVEWpJuOX-S*f!E-g-Ig&PEP#c5%vS_){^XE3??p zyz)XUBkde5v(n>Xc~103nIlG&8vzF*55|eac{^-pzL8~jEQlv_uJc}dl=*(coi(lJ zRIH}LfO!O|66B%n`d}4rh<#oP&hlQ()e38KlTb#xYENHw;EGo5oPu=8ImgUSMiEkM z%*iolZ=6Ue3(#z+)(qL_{-}oMta_uXZHo_r!F_?BPDEDxWO1VfnJzp*!N=-o z<9=M?KtVoF>P*gxs(fB7h8MLg4K>6XFi7KZJS(wDah~n}v&A@Z2#e-Bfy^n7? z=i}Ns^>)$unzC+ydV~{{Cv1$VBH8kDkrHbPU^vvqZ z{d8_T;3%p)Le`6XrP7Q6rBoKy?Mg`S;qFO!9cC&&i6uS?(Hd(yp*+f!$D%2UI+S@u z?oqzNYgzF$?Keys>W%S=G{NjcR5i&Zf#^u&J6$*1eo5$k-CqJP$|?fmWszXue@cHQ zy^SjPJvt=ybbF`qpx`H<*4QH1ckp&M({{!DXE%+~2pTe_ZiiL11Nm0&xhb_s;oVXD zAHd}Z+1)Wr()5Q&5en6PA@-uQQTu}4${Aa44mafrvH3zg+`%ty7tKcp#qEiYu>%;0 z0cc9Vb()h&-Sbj?vu{7fn%QoJNlyGIAq2u zcH%uzJE7Z+a)EPJ*<4tu&pN2O)MAFcC_kVf#CKL{k4ir!-3V zHQjK?ElncAu8spCtxr*NOr6=+SX9$#o_M^61$<6qQ$06EjC0YZJ-qXuK z5Vwn4r>*ir*B$P2Y&>0*CiCI1QSAB~mkcJZH5S~pmc_nWD$q@Kpi4D~CoAB0mp~s2 zSp6L}U{!$+k=0y0XM*c=hz1)(8Qh^Y=J06{c)B7J&;dK7J-6^%6zkDvNcij9e}4P{ zF(`OeuVdq1ig_}%9C!wL@*u4PWBIibPG6bAfO3J&dUF0Yl(O1O3Ko#dR>r3+jt^j4 zubrYUVNFG0l*a{;2+Ls1Woqu(x~Gns=50;1m2URJ+s~jQ_b_0}=v-m?4FSgZP=?|`QB>icpe=e1M&caas|>S!VS?F1 zanfjGVA>DWeu!6U_FcE2I|QdT-GMO!76_1Tkh#O8CS}K{8GXkOY=h%F8jlkA}olnQGtax~(ox)Rj2jq9#>jy%f=dH?((D?jyYJDbQoIYzfBQXZB z#qMg&=H~@QTf_j>>W9k^7#DcrJQDPsq^bfV-XxqowYMZUD(p|}?KYVf6$_UP8>;&( zD};)c7U8Mp$*Q0T)qBhM|MOS*Cn`HW8ZmI*Iec)s>Bgwmc-Q00JY6uKtwPcX=Nr-) zyx|WXe-bgLHJyC>6u@9#JZW?U0(|Ni+iY7Fkr`hvKg)OoC4$_!@JC7iS%lpP1J^ zVGB~W>E6ys>xUJNqg)<>k$3MUn)fC$N4dHri%it!M-7G|x+;N-KsV|t&>%*NKv$|` zp_5*v7*45N#-MBVcqm+)vDf5~hBOo4W0hNRp-x==26eklk6EL2Gt9FV?6n?oIOCV( zOh~BN00pa9cD0^E8`SUA2-_(_HoWeQinuCtb(v|BkA;|Nke6K*;O(>thmg}Sr-L)u`c9~V&O4)FR+DY)96A@{j6dh}|-o8q;xov!)d zpxoZF1yUx3;?DDBL&eS*XWV{qiqV_h`zkq^tZ-hAXpBZ#3>9@KQ=a6bE)+KWvW5T7 zgD9NAM^+J=M}?|{Q&#;0mbD$lJ1?ZGOJ}0e+f^CpJ#|U{F}H@k(pvFN?<{+}69JP| za-UN!Rv6mJO^e;a2iz#ko7B+*gJ{vR8}1gBQ%%{}?emZ{UHsMAewMC+mCO{v3BW`R zF-hnP5$6Y+R0+B0+?M(}u4qBXq*-zjwax8)wVzz#S(lO%ycQLQz0bua^n)$ZjLp}L zH7wZ*GQ}XSf2YT{8|JxZ-69*MCl+#7x8^1sy|cyWe>Yx|0$Zjw%Oe>4tj1=ua-}fi zJ)+_2A}k#EF9ba2RxK=_NGV?xMWGgl7iX|DsJQfqjd;Lb`4O4$7)7E^vyATLr z@0EhufuS$tp}VKFtk^YUVfaFxI5m*n3As5)GCBGN`%gaXtw6Ze3j6C91^&O~!~d}AEb`;Afh3>r;l6v+WXk7H35+Tt*o!Xr6H5o zwouX$>({+W>1pImo#gaI^9PQ5`l|Z?vQz>%0)$wt03QHdSmS_EfqP6AA@%|@dj1uLu!?I=l&*QYE^# zmAiq7a#2Z#Ez|no=@zxHz^NaspeFNaW-tkMbzeV?NtjUrL7lT6Y_(v{9E0Waidu zHo-ywN~LHH>!`w85$0Jq?xU7;dZAd#@@SqUgiJ|xn0AoCR_NHM5}5!`v{D6e8Qz&9 zp-Pohs)f;wKrEsaF0>>KmPj#oN(&k^`R*rQwm`P6y}4Q?4>NmD>`XR-qLD$qeXGd} zL6%|S?sCCIsTYR2T^%5D;aZ}L1m+r5SmG#cr4zRvEaAW$h?_s=G>-CcHClKjMp$x~ zG?uMBakN$$WKO5PC4^=?{8}w})WDFhQtHcgZVC_ez_^sBfU<7s=EK#H>^Ajd-~E{B z(Q&k(T|}cJ9af=Z^^&=%Qq(nTQbX9$#3-Zl4*rVUQ0;U_{P?+i=a7e!A{GEN3*fGupRX;Lo)(w7)>0w?v?KNVW%N(0eT1 z5vVt>e>Zw{m^R8c+*I}V>p+jU`@3dH;3cPga!UP-ry%^~J< z9^{wg`C*!kF8Z9!peJOJ%99GME_v2Fhy`F0)=sV}?$6 zwg(e>s#AxL&e_;Xr8@X&gHZio6Be($GU;R%1lHPF7pTx-m4*)5q$}V2#69X|>137G z1tJEVYLr&YGE3rjiq?)S5E_UQ@|!Ley>oGJoyWJ2Cag<@iVSFzrt+kql+kz*Wjygj zlf-MsE!c&wt+lhYo9v#kC=FNhed|c%2Ow@yGX-%?+r_1Olz}3-NuZJIm#LuA@>ZwH zq}?f=MX;AwNpTI*fcy-Q*2M`gq^4sXX`O~_WU!N_%=(^axz&K`Q79%yLkA8EQISIm=gE(-X%9&IMFRYKFE`I~0I|=XFQ>r#tDYi#_3gQgRN| zUGq)pscQ7HpTqbuT$#oLMp*9_yW-ZN>`Iqb8R}Ms^(52@>uUoLk&OoGArLTDKf`q8 zEkq-}FY}1?!X1IVlH?AqIj>QbJOpe@c84&Mm2_^dr{)20kz2q|W#IPT125lXTwejJOIzNKu}h7oQjq>z}TJoD4r4Xq*W2^hD( z>dgi}`R$ouAT~Wi&m1*jx&R@PD&jp`$HOnnMX1@>iolbBjQ+yHeS6rwi*EuM) z7$??Y2hBFXpc|K2<~80pZ{=Qd%FitszpvGmX(b+9Kyuk)%oT$@2-f_AIiMo?lYNlQo!m zIbINTuo!*0vZ(!M6c64kT6M_&UN!x7V@zQ9bGJ^R`yu3Z`=1f+Ff%y#( zsK~^bd(h-)1A>!6SdCI;1PjM=0#JRstssPjQWbStQ=VFq4iq zuywuW39$eMPuAN%&l@Ay*JF~O;1l?-P(`MH3qJoFocf=4&i@sKQdBpU{zDDNL0mI# z@>eO+5ynJ8Kwd+ovXrM1%r_S|M=UU}qBVf&H)*nEMYX;f-gy7ieOtiLb3b(+*~nn0 zVQTfcD_G2q!?8HB|4TK+vVd9kPh^l^uFuA1p9?y~oyry~~&|Bf`!;oK)a7 z*S_M$!;VSzXTUQi1}O%KhHA$*q$fjt1VtN zk!~4%o>_8wR$U`3Gp%^#JaVdP^S79zawBtDpqgTuw?Kx$+S(d2t}0DgL@g#6v8|># zq0lFf)k4d1;aC%TPZW%)Lb^OObAgn3Q1va&qH^9Wd)B#n$&T_RX&POUmB-*b(~%oD zMp$g5rC4TUyE28a&T3WELuOf#j2&ojM&$*JUAQP7Ta3Iq8l$uvqcypC+d|_UxnCQp zavVP%3#6IK$kZbg4M^iQkh=D2Krk?hHvCx7)IHqlFvbY2Ic9dqQ{!r(M}5kV^C z(9C5hL2pFe5vn1QJr#0c+C3I+l1LRMnmrfoA1_ZWxVzGTmOSzA7&qeIlNdV(gYVi; z0JV}Y@pOFqgQMC%7&?=3N5;ga#ZEIn&Q`{ zCm%ei(^kY-qW1Lj1kUJ{dC+&mN;vXkV`+)0v7m!VWgvC1VBj_IjX(xq$HvwGAoBK{ zB-?`NZb|gKN%pL+pJ}C;nm_6e#^ie`eIcq%|C$=Aw{c5`hAzUbH*w(twuW{bmDz9K zI}O#_OoN}17Cw-Pf(bUv2!i@H6S;p*m? zVWT~giATFFwUXUST&KLU+kt~v%+lmnu?kDyi0K|~PssgPE;nVM?Yd7__tvuRUfpe) zo|(b=Rh>B$j-Gt-@a7e-TGwIPN6&@$SfQRJ zl7P~!KO9Iwa&kBM+m#SHXhcqMx!)K--^Os>~ESNSsu4WlQ3m( zzj@OX#Eh7@m8U!@Pm+{V29?ur-x{S2>6{a_`*}TeS`M@>N1?}iM+K$`!};a{dhNm8 zBo6Gb`}x=>Cg#T}=cic-hR){(G3O>XZkad3cvqqhr~|;c!c<*x8Oq3{U&4!ms;@;* z7+jHdc$E`xD{&O5vteI43X;9M z=7ruFM*v_@VjIg%V{(m)gBI$0!Y%wi%xxR@oQ=hw_HgsRZq@i#%@F#}E+JV18 zGisEyeg+_rzd})0XsO0j1dtKtTD3)g4+9GZhC^sZN+9UrOw7SryRmgO34f)$$Rpu> z0DO@jWY8=*S|I)OYNn>vZ{BAzoMt}WJ`c$J%iJx9f-0bK4L3-cj1E9eV+yv3xLXrM zW(5BXU<=Jg-Y4sth?_WdL7%z!=`lW{C6h%t*vN%)8P1Z->i5$@xv2$DWY1<>=%^q7 z(Y+Xi;JwxQ6$95n+U=wexTzGsc2X6VlUv@$%x%uxC+WM;i6( z?5Vg*giTbXe>(u0kQ-xdB;4GIF9WLGyOmt+Km947zBmeg3t0^&qiiJQnQqgS+OzQl z^F6?eYjKoNO^!>Q{_7dkYaJRPy8-Pwr_8hl+W`F(G`CC)KiHSD23>@9;f9#KYX8LO zeq<@2DuJ)0h$45&PCRq+t(syLlp(oJ!UsEfU&F`|tFt;HGU%*dv^wxR2!xswy)Pdq zmJBr&8*@kiY8IP&6e={t4-+9YqxA)0I4ixek11_)>Sf#c8hp3iG6flY{lZ&T%1#c&4c@}am&v=#^BbV~`jldJPQdSY@oD`kts3Pj6dRPkjmPRMS&2~%w5G>Js$ zG6T?itk?0s*JBjED7I`$^|_G_JJO0h^1PGAulxUjxP7C}iE8`|H{ky3aKpczTmk2w zyD4%Uczr#`Jx9HNZl|D2?T`5WF<}qhS$`hGsvQ~ zc0Dj%v=|k8KaKtw#;v0Bsqqo#aw(1DeL*{mCd%#7fQK@mXX<#~a_YUwcItgM^80>2 zqWYCap!_>vo?HX3a!Gryy;88hJd(k?cpsBjl_3@aqMbG@$vYu7riA24j7y zQk-b;XC)4X&`YO9)*oac@&s)|dD9%1paM3t4bdJAEvBtT^`^1KG$+adO~hJ?(Ez2p z>ns>ho|ASJpTUM~8Ku+bkZxOyTH6d5xx6RtRc$LzQB8Nlh8|k(!JPbRmBB6xZbSAI z@nhB@paQLd+H(@XO_fYOQ|?D?g*)OXg0x!(xWAe8BFjH-jk4KU^nsa;=j@2j596-f zP@@Z&Ce=3RPtl5ax@sGAl(@h!%fcCYdv<0SKERT>TM$t4vQR=v%!$OFZ~z!7^_ANa?Ao!t%4XZW*3dfp ztb^Flu9r-LzrC?wgRikK-+gafR8#i*E;1Oje>nF=bGZPc_bv-m7S2ku3S`qJhcBlL zIg|?PbLz%ngA$+Tme;0*2@oR=6)uj2r=u`&0_*Q&l+=e}NuIE4ckRj4&W=;nP#JAR zUlnrD3p^K%+FgHr`2Tv>aW+}ZSg>aJp^c&5LyuC}ZC+vLRJ@QGvrFxx@K9%1-Eo ze>txRs5d&FWBlC?n(g-`D1x$6z=g|aeJ|aG zH{u2_$Da9l<;@Z#YJR*V9i%)i; z$8iZpNN4ta68%##$M9>Mm{wH(9p zZyAxWiIb6|h5dif!T-H9`-8W z>e|#Rb*vW=&vHNLXByQcyQxOqRz`Zu*v#z2dxx!wsfo|e=Nn)bLw7^mfH7n=y>VQ6 zvpodEXe?_O2@AuR=8$@d;jx-r?o1_An6zs&Ui$%#SjbPo!;z};YSLcqvI|)P?X%JT zS-5=4iz?(#zODk*1Yv>FO#O|H^tNXU?-NKn*?e7*WfxaNDR>0 zd3gSEdw+RWNu zte!MeT)=#_S`M;Zsr(^KRWlLaG+mtRs-}tOhq`X>j9E84WGF z?4y}eJ(9#pMlUUZ*1s6EPy*zWf`I?45#2LvgjYyy}=1{}o``4g!x(0@7>uWXD- zx<4XE{;wj(`fmqV*3S87&#BQr>rnom6P%(VW%r-83AP{YckY+P{#v9AHUY^ShYSS% z5;*xV9?hVmvJDcLf>L(b5lsEL4x>qt)Km>;i7Lx9i06fo!W!rm;u@+d-{RkZQI%&M zMqnioH~}O(UMJZPIiqf~8Lt;RJ8r+C4Mh4KqQh<>79eSmu+>mr7;1MhYpGt4e@gg6 zFc$PAD2w;ZL?}&;uh|DsAPN?EBBJNEj$8XpVyrlX6Ta}vKl+}R8K%krxyd7HR!Rr3>USzO*&4~ z)DWx9H5Pl3TrDblm@~j2v{=_PMp1jhgc;lLJ5b$()s4FLIE$1?yw=>#I0}v=kpx+{ z*0|>?1`&-4EYxawT?XJ(Mm6h5VRz%Ek}jJI7p5($43AkM-n6}q2FY6x8852SRFyLN zdMZok`(j++;$X^ecSo+YfVQcTW~X)+#tRNZs2UEFt|o8LIgy*QxoYG=ie5Uc()Zws z=!7kwu;Gr7>|{|<$l3~?{9-q_-KyyaV+v{xhaATopyfv7>ivJ5B}b|$=(zsu(TW+v zQp)0w+?7Obl9!)~Wf#;j1tH6cAh?mIMuH4cv`30~ml#S6+!$&M^LV^rI-uIW zNTTdW7V`%fJlb$27~~Tj`kDIVRG6OftN}xhAF=f=IoX+x+rN!zTV$7$5OsJnFlA+A zQk&j$6dqcioNWOqKz1|7z8@qM^$%?>^_2iAl!!uL{?MTye@u~2Fk)8DiEb8ej!8~T z%;qgJnF)8SqBijxfIgdGgFg-7=_7w%?flJrZwx=3Ehd2(;6{X%TD&Y!{?OK z)(#fFrT%aZ(Yh`7Cq;ZLEa-nql4QAxcB} zqDqFf+{#M+Eg@_Wm-Y!v(qu=)kP>4NiDI4WdLbY1UH{bL^c3S%EKU;>NYogd<%Tp# zuy{NDC3HGM4@w^>C49^hO(^zzt1NC4lXiggEUrCzwD~)j%3ZRx7f}(>365aFqT!H<^^6UFll0FOw38BwRs&Jar?`}uTx1mEL~@KI^v6xxJc zdVw*pYl!&-eQ%CKl!MkjnnCa*NC_LwjUnokfQI7t0ZHs+v*d%?>5fQoO_|yfW;9}o zo8Qqt9xwS3u9deRdEEF{c_jNU(dGY~c>iB36K- zS=#-*ELyI8yu0E12BZ(O0Sj`Uiwkofx}zC&!;Zrly2FpSsmX2=qKyEd^0S8@{1FN6 zJ@<)(6LnK@YWE4IDCq8tyENzq6P*<3AQ8Fom}6ZH(9OcjBodt^l)YZ$0J9Stqp3@G zm{4T_3JmJ^!ufdSZlxuG>Fwnn-vbCYvGPhfAUCPVb4@9{tZ4>&4}2;aA@cW({n|A& zudhL>; z;~1|bD=RlC!El5-YMX705QajUW}FickCL64%Ewe@RZow^*JUC5F!4$jTBS$gdR_AF3GfDJKOf zY(#lb4C6}cV_~?g86T$>A3=Ouw^|j^N7A6%W^AZ8?#`T@lF?DWq$V&%I2jvB^xkpK z##|+|2f+;K|wG*?n4JcCgoP^zLhVVvkGTQB_>3h#r6G3SO}tGCKWtj zuU$yD3N~j*T8|j75YqPa8d*uYYIhTo`W+HV zO$u(nsLdu*U6W0KihqF}vw9|#WP@*X&r_G3rrX!;=Pq;nYw@4-zuaXt zM+;|@|BFf0qVA!Oyo~ep$JW)%jVT}=-X6e!WBN=mUmOW@$eb8l03u|6+?YuMl(p*u z*MCKIb7Nyg)5~&xC9<`!rp28^l+ql|=E|q2`=+a!pEZ}(qrVe&C@=Ivzua+0q>09#mnKA6{V zy8tk7sYc*~_jmH(MDFatLNChTal7@QL<_q`_mf7Bj}|a_5CyP#DGPZ?t+;ffNH5;M z^x}E1=WdO`^@h>}Ul@A`#q?nItX@2S?U0WedNcXkN#xjp-QsY(Zo|j!Q^3ecE$$@6 z-B`T@gyKO48;%dzGUc!=Vg!I-C7ykq&KPrdOfnX}W|({Fma6piZb+)Hvj(`d91Ja* zl4i9Ut{Zc9a`0L6^bB{_0GeEl>niD=gHjo|9)WsIJ)#zo&Csb}B{C58EQ@R1Z@;Ri z;?$E0bLkU%9yI@^u`!u;d4ejUk&6K#s;>_YFOltnLay1FvhAQ2=}p+^ba?BiMkzZk z;h>a)s8k&Vom#7nHTGP}Pmu;+LM1FwF1!GHt~AF%f{fsw@IX@6PE6z%aa#$$+AuH1 zb}xM*z4~}ajoyIairF6dbDEz(|28ealn`UfJ;;o>ZJO!9xEWj_XhTCIYeIv`hWI%z z!^2fELH_&rPcr|uuvkunHD`vzI_%5_7L(FMlD~fSWaRh_>%QvE2KC*=xXE;lD7RVX zU)1(3w~+(WUIaa?sEmwgt@3e_WY+h6XF8gutl~aYqUp-cqfZPF5Gxf*VcW_yF_F_Umb)->7j_EwGc0H>JCUtJBY*WRA`32mGdI@%YI9a*JFpEXEH zg$GjW)Cw%~aI5B(JZZ8_G+@2@6Y&M5P0`g0s`A#2{fbhY@$}E^iA*C*_&V&9-UY$#>2aF$D`jsU(Q)*Gk)p=95<-<}4}cWRs~cirHCY=DyF z7VOwLk_69oUJ@m3fyR|6VZxMXdo2-amSOhy$xm;ojD+yBmmHp_KSxAAk_cXbS)7Y5 zftNvr14AgFs%idioT&e~UkFybFVzFf)T58q|;= zqX5LD$|&k@%~8_qNm2Gc8p`?-7SaUrdc{sm8bSSTBuzNu+J&pjx-dy-HQ|qi5DQsX zUs%29CnzTxX~Hd(xhc`EwvIkJikN(8RxKY80c&aYngw-GlHAME7`<|k)Gla+VPZ>uD2Xfv+mr{A|Mt0-;W#Hcdr@N zw?)p^t12eZiw8YgL}Cw(0GG-y-Et&sO3qqbhG7{V;;??Xp-?5Um2UXiaOZ9rJwY;~ zt#|7LNIR3u*>jH~DEB7p7na175{9)$6mVi;5Y=LYjci2o$brt1iiNQZOWV@eA7vxN z9#wv=olMdIogLziGdAebbuo3_CI^T%2~n?fy~hGbB&TnBMa-B}_oy`z zG=No_jC3+w5^FGpV5)xmP)SornUyKrwuEAX{jefYFj{g;lxSgU{!NsS^-6!0K>36y zL$)m@+8LZhg^AsE-`{{4#^^Y~A<#g}J{39JCQjwW>9PUoOSrq^+m9zD=VzmNVy~1# z;u}ui`1!Nyl+&)Y=~dskRkfdgi{3;hozYR3`XGSnJYlpQL3|tH*r)IFEaGdn7HF^Hq&=VrsyLCwEIt7#0~IhRotH$HdR?)X@?LF^U@e0R1?7u z8@fdZD3`e4O4iYwJSe8;0^@j5*;Q)?nT->SWK38vcfBBFz%AEm z0$SFp_84K(tlVotserHOykUDXW`$O7IaNx}peynu9vP=7TQ|n7>i|ISJ+;r~_=|)H zaBsFjeqfwY{M@pXxE^+{kXJ_XjQ<~L?-X1MyKRfcww)Q(5t1S*QvC2yH}rI3RTM=smk zQ8bJtzC&mD_*N9>@@#9O^K+u>jq&s~;fPzs?&c-HUzaurJK_z&=o->DJeCCK!{S5M zu5_x3sFm44maNBkA{&6q_Ev`)EuXtCKTcRXvbRQ*DZukgC~e5OX1JzV`B^fqAuw^l z#gtIf;7mSU0t*)qDp2CUEK{XT%JE;dI3^nk57uFt)@P){9Mz!W(wM2&+2rZBO%wA?@lvxR}~$~7eL-HW#H zp0|`Ckjre$yb;Sn?kan5%|pxj1Y`+m8|a_3w(ULl(u{vPaimih1EOfuck-fIw!L5q z`@L6tw0L#`pDTXoF8?CzkPDO(>i;ZW@o@hWTae^`sM)3e@1eW@O%!ZagLKCpM*Uh% zX-a4y?nemV7)Vg!MFR8(a1?jI31wH8#p3b@pwW=9@<6swt5OZmXX~aA15QdwQS@90 zOySq!+7%SEu#l3Iyy5D;iTp!T{C!!2qJh)`O!CFZl;QEWm+j{BX8N-5yZc)Jz-*Tf zu?uijG``P8AuIAi#7PLnY(HAzayS}sD=2e#mMwgq#_-{o{7-;ZAv=^^@*OLIZ)Q}h z7z22#SUu29S}@nGEanZ;XXo&PmvNWc$h+|t=J1`nF9trsCphRz=s=s)$BRA6-#bK1 zx6pdIj~=opFB5O&k%^jvsmS^$TO-AY^AjPxHE}dkhsF9uu0a?r0 z`BcyyAS^2@cI)devQ%bQj7{$2432j+Z>S{Qr;^SR5D)5@k~3#)(mr`fa%WF*DH9GQ z#XFK#?KT-UVLM;OeV7bodrLpQCK>7DXRg|7E&bTY>`fc=ux8Og#q|;ktS+0P8}-(j zig>QgHi`6=_U?iM1(=r!_F1J}T&dVgSKA#rm#(bo7MdMZs+C@+FC!mi^o!2|YMUfT z1EAljLBmYzgXBeG4-YkuDLSmf(E~6n_jyi?DJP{7``L-lB~1^s+fzf23OqVUX0Afl z*>$VA7a8#_U)dYBG&ze?*4|2%r8#KFVo(`OjHmLUL4`bksTkKuVOhtyr&VVIU2TB4 zkiX`?9njsGb5^BkDoP$`^qs+$rQdYgh7CrlSmNj|{XQ?@{208ROE~*pK z%hB}Y>3SG6Xy`k4IjGN|;uOqq+GEdtO|mwGlpnF;yK1u6M%NVPAmTO44QweY+{{Z) zGN;k+D`%0`2Bfg@w*Q$MghN2d$ugIg;#*Hy8ZmWIVFs7rX4-5H0T64Cl&Idlc9I%4 zQx{V|P&ZQF+oE)3t4s(o9~Kb7%uT-IfaEfSC3IOs58J8Q+W7`woS2q%u1uSK*yMch=>9?%@99IqdHu9VMBF8lZ{qM~oLfXX2`D0wz-7s}{&$?ge;$sej0(BCqXR-ZMyY%kpbd=T4{v1N=> z>h2g-bg7Gtnl+m}5mnA>P8JfwRMyiTntOpFy{WG?VZtMn>n!fM-t z_A9PSRrOkIYGn-Zzadrn@$bk$eMgX~OKqUO0?0sC^hla!KXUZ>!Kw8|8U0__R8vgO z>kty`7nIq;f|Sl@rsX-7b2K*0I6I~%1(t0#8AAp z@yr-2j?2(+3Avx#K)(^X-b=$iw>Ib{*c~Doi1I1sWxvVXz3wBBRqG%sA51xHW9n3w zBXsqRY+<@Z9Ik^GOS1z2t&wB|1o#r5SpD42DHe%=eE1rtPEhTOR1)F2SEWKwZ#I=t zGs^wPy74mNmn+v-6;3v7Lv7`fvqZIZw8^?f@Mk=lTT)UVm)j-xi^}mnyO!SG!9s_i zEi>!_!`^2epKfDJRC3gQzmir*F<76b3k>?$*!j?2lb$QRP!LV@o34QC*3s0rR8%U@ z`K#uryG8sl)TBDq;y4rwu8usM>ptl#P`~ysYp8T%i5xqTbL}q!?8CGDnF{Yr_6|n7dqyTy z-AtWhcjTv<~>#9lrsLcraq|k(Wb7KeL{;!5Q#B7t*i2D z-uaIr59?>vlvhuU&IHs~r{gmSB@0Y+-29J%9@Up}0;`|>1vRB-tV@T;U#=ca%18ozLV1 z{&Il|I^d?j7l>Lp08*o~KCawXq47UMw{BGLl(6sjAf71nUc63W#B*OIN?8T zSn4QIroPrtrfM!BVqT80kBIhmF$tH4DYcg;+#2@9T4wu=fVOBb;DbFs;L22358B8O z_KGn;XkEB8Y&_HLNM(1Nzjg%VMspz9+{dlgo6^vuYe^f^bhB+xR9(;tWC+rF#`2c;>5^sO+zn?qVC9D{#v(+fG_Vp7II* z!nOda1TM-B@R`m701}Z?S0@{I(NE^n2c?ekcGhHF&E&ZwWlN+TgQd}IMLtBKtj$e^ zkQgn*q$d~mA=w1qZ18&TyhR;#dVf?CNgDK~D6c5&QHyu)ap64GV`qVGei3>^YuJw0 zy0(lVGl=}WUw7jsI7VKy(&J;Xo3p+8)Dl>kJ$=P_FW>%KDs zoGdXm0s_qLyI@-A}IMX{BZ%a{w{MJ;2EdHxjsRt$62`bUq3X5TwCm7f00!E_@%GpncP z3$Qj6;x9pcrp_8Su)r?8wdkrU=5 zR;Phzux$&W=ly`Q`Prz?W}f+3va(xK^;PLHKu;rLRu1390z_O8{geaKou?ap0l_L% zM}((58{>{|`<~F&mf*Kus=GUG26JX;kt?u?c*CL7y$|~FcxMnDs#1EqDBVM-J-Xv2 zC^x+QV>fe~0TW5I@O;lqq0lpPa7@olosyu=iCqt-y^SZ)Ikzep%5HvjAjK4#W_1~U zFn2`9W1@Opi+dE}w4atXjH3~EI7C`PFSA3wKCW!KDU8PibMbA(H+avHfL_YztW8mX zb3t13Yn0x1{#idwF=nj?d8tza6Av|!r{rzq2FY?K=Na3}tq?^$Pm)36h(v}Zm{y`N z$uqHx%&2^|ZwXpSD{rjSaZs6~VMBj~tq5*Iyfts0-bvrbe?_zfG<%?)T-tZk9a|I{ zIhW{I#S(f5fSRyYene%fAB$Cfge8N8%UOFA_8il8UzM#U5s&BU?$ei+zV%hT}{n{Y=lZS$c$ zhxrkKA#0D$$sfTzYR*_Lx+$=F!8z7f;bqkstfchg_6N!j^ibq)oKGJm5ExPS{rzA4 z$6Yc`zLrM7vlxnhf4n{1^XpS#s`L+%N7QK9AVS9fcGFYqhz1&14hhYxjdbb|WWr3E zjc(jnpMr*FEXS@P&F4S}{UJ=YI3Y}CCv`}Ojje!ZK&o@DIn@{arm_^RfHy#8{p5yO zJ!O-cFIb;DnaZ$+M}@{&ztRi2z6eULf}h5kZGI34LCxNmu8unl*&*^{LBjuOG%KpXu>?tehSI^?pt`cg=|d8XL?M zR-45>lr=I(Qm8?JVVDL3}OzXDUWW3eVXYY6$4Nv(_X{$X3P%5=?Lh*|2ESBAP&AtItBzvP$SX4W9em zn|%7B4xO<&PxuMu>b6QXa4oKd!e4Jjn23#YyOKs)XXLYaU9pGepDw4+7bKGSO+0TXSKL3`a+_X;cD9ZOR^U8jPZ$4Ha&-eEz zFn6yxmC89iDvl<)tBw&eEFX>PH3OHr zg~}ypc>-Z5be0ius9F&eE9Zn`8VgFaAihY3SzW3ap+9|MKrRUFR*w+cWp02Z5)%6D zp^70IyP9Zl&795<1#gbV@+Zd5?+mJ&b|4OFg5IFCb2V?QNGdzC>3bzbD=mLB8(d%x zBNAJfjZer3NrKjrfCSeJ~qs0D8*^>pC_VHQ~uLx%spKU?*Pzi`Gc zWl{X)gb$;su&;Wx@;BJ^RdR39YmZ0ZnM-NR#+GQTL@dc}kR6)dK3XV}(6`7@uqSG0RRz<;vt6{_mI z-cLk>{>QBQ?^@M=%eo@&&W;8~&UXK$Rc%g?ksF}L7|o?*1QbBoiNWLM7q{Mb83{rV zrx%9T;cD>(voE+v*0;7Qh5f35P>q z4^;Abf+!?kzS4n+i98h!VV{`D?uv-AE=(o(=)-5IOcYk3Qx1e9K?_dMuN=XkltFv`Far%N;9L-OJ=q(k zU5X%ADGzcz4c4wWb*$v^i1nqCkqXZH8uiwN09nqxj;vkS~agfp28|2T()7M3| zlfvAzbcp@06#}77Xb6Aul7=0i%4-pZbJ}pV#iB?^S}u`IzE(-HMf~)kFB8Yp=z^m( zey#aeN#JH?ywM&`Swi2JDEjdvu0@bU$TP0rXBTR0divB6Gt1v`q6Eif5{&X%?CH1De)T++j#RvH@wJb#?HU^WKSo`h$sIcK0Zh=;(noXd3P?Q&2bPX<{ zuAXQ*ksMT0t;?Jn(qj!e%l0nwk5aERs}8L;DXrS|gFfS*AF9i!uN;WV$F9Y*)Msx> zSPw|4!(@0Gxzn(;w)MCvZfWF4X1J==3$GNqNza zEWzevaV?2-;-)ro)vzs;7W7>m$gl^szZs4ewG3ntNUNg1;q21K?-~D6)G^Vdk#kJ6 zcE1V-wv-TDEhl4lqZZjkB3X>K&CPAw7dXniL-tb!?QY#AD9jW#=vef4bS%His6^b} z;{6rmGQ?w07-dT;Y1fJLT5ttb=`GYx1xfUm%kh2Di&#d}eFw^^xewz|!2JEeC2U)U z`byQoQs^tX3{jv`N>hUU4eP(Z5P%R79>PW>VZ{@t9Bk*py)b9Nps*XNp!gR_FDd~0 z1ueIAFob8ty%0(bOhY>l2bU}gj#GWK8iv{$Ava@iN*{(hP$tPaiK(u>*g%}(>X=Hp z4yo3j;IE6HR85u}aJ@olSjgXLT078|#(bbja)9F)r~#ZYeQdaS*S;-#4;2{k#(^Rg zRu%L#;3cFY1qJyA1kNoOZtfNP*Rj`tgIgpg(+|ZwdX`^p3`Ej3H4P@oT$v?0ELV~w zaS^Me$fP7nZ3|5khaptOSfsG+zV8jVQd@hQ%f1PZ@g{cW7M-s^rMfPcH&!;5Euy9x zU79vwR;S{_Cz&w?iver-Eo!48$BSB?9zY(BHkyDC9WPbzfjcTt;yrUfW4Z>1LJC_(A^IU_G^tTIk3F;z3dJ0&ceM_} z*(E|O&Q@A7fVh~8XAf^H_49{Ph060$0;6LhO?EzIm%Fy#{afv0zCg|0qrZ@dElTi8 z?g*>znXN3J&v~12CBpWQqRZ_Yv1=F8$|-hXyCj$#BDR*J#0U@Ec^E?n?sk1a%8^zH#IVz^7uq3EBWv@ zgx&yfE5YeipXb*T*9Xh1WQAreNJx^GLxttAa)g4F3k zF&cuNfIevz^;2)*2=Ix9kWtJbKMio;E!7Lzla^ws46G9#z{wp+j_AebDb6TEPD6CL z2k1#CBzjiqCEI1^VL|VCfpAyPUlmdgj5!buC0rK3@86`-n9to)N5W$;aoKKlAu@SW z-1(%Rz=`DyBZyTZLl1vRG&=Y-R`PVepT2jO69*cQuUct7%ELgJaB{QV8lXh@XM!-` zNm6zRySqiq@D7X?aRq820*4TR4ej%>Y_o3g`>AIGH13^0>HU))l@8Rg27hX|oS!cC ze@>78E(Q2EwEM@_{=ZsTxqnFloQVHVlM%%LHNcM`@@>w{09Df1T(>Mzi-3Yc989Ku zfP|ciyB^Jv6%2kWzaNsM`nC6MusiGJn?nbH9VHY*AR6>C1fN-{Q;urjYHzK`8r|UH zS}VnBt1>Q%RHBt=vpik5w+n+*As^vO zjJzgetQo)|+N)6@Ld9gwFKOPmP}sNmgr=otf;C`UlIV0}+T8JoLa*H`1FopCgaQVY zW|wQZSSCH<*P)`bLD9jFrSbD$ewD&me}#w9wPTa&>^5*K*dziQ?eg2AisxabMeQcc zw$!v^KlKf#ld0A%YU*-Bln_UXXe0PKHZ(DXK5xEy^}cclutAb&X{5yPbQ4YVVpw94 zrPyL*1Kg~1s3^AqO}%{Y}w6FffzhLD*k4*>6BLNk2? zL#ll{_1V{k0`ogeg`48?!G(M?bmcGFgj zg7Ehk(mC!xMP_IledWAdMb>4KA3a?2oy!7fChX{Ra2tinB-zDIXe}wU$XdxLJR{63 zW}3g^R4o*c$^Un?P?WGIn)~zk@c)0R1wj)7+kdMTx;3D^m5-A7$o{q^reovz3($ta zL1d5t4nY9UBOpP9Afy9;DR)WRCistUIhXz=RO!{l}Q#;HaD{xX8Iv|J6CRB z+g7(|xm~neyH>hvyR2TV&=5|1&2}>-N-*xt@0{O=U3)*j&pi8_aGm&mop`6_{(ieO zAj}vH?Mf08LwOsM5<4@Zn=UoFe-X}?>s}HWou3XuYaH;;=n*n-5)pIq+7=dBtU_q%jzasm z@ainwG3l*6!*rzJ4}4D@Y!2fTBU1S7NSFeyWXLpm zq9%Sc)?G$ejyMKnNkGTj$ax4X3+!^gzD=Bk^B}2Dr0#q&j2LCz1W?I`ej85(S?503 zVpD%1^wnw@o=t6?s&*X&vgk6Mjdpv5>tMvju?bbG{54yyFX;JmBVhP&5B0&Jya zrdqA#*4)+tF%)VI{?BDbUCqrc?M_Rf#fpuNx5@O8YWyD3L@xt&ELmDZM-X0mY92TrjPByGNQ{0e#G+0yd*sA#h0}nYD&O}^;wbG*gs8%&=Mxx{6I$cD@LaiwG zg)lX1$+Y>1;Sjv)?UbmC{36WJ5XsJX>+2YUr?!H9ZAXdISh*C zk{t(Rh%AgX70VwpWV{x}nLGQT%Ceya=40LdKLKX3y?e_y{<({E=Q-b>{~1c+BCyF>z1N(BE&+S*tK8} z*DuOhhq|{@G!z=bxvJ54zlI}dLzh4(Qn!N2YMQR;4*fi0S_rc9%|g>H^Jc1ryYX9%cZC$|`32BYAlPOwT7qvTsIvp|#41)^fu?HQ#!JD~6Q1(H+)AdE z&QvyHmY9}o^jQ;|ZCXcGXK@p&caMQV);DDjtlfnRJl=tlp=Tb4Q~5}d1|UQ=_t77q z$#(mh^|(8PwXGFh*>*~=u05FKG7!t0`U=ULXST^VyIk>kDu4Vjz0r4Ib79>yy1FYD z!{FEf(J*^_*cU99k)loeLQMEsd%&0F^qrQruwa|g@BDNUL8e;#((sX$GC8;ol&vOy^SK;VmVF2BbEoM(IW zOvXnfj>Z!lr|g#P<+oJvp!0<;=3ZP_41Yhvi~yM-Fl{pRH(Uq@lM;!yLCyA5wqpa4 zLB%{1Wzrx!GD>+!XYpjVBn9@Q1_K|Bmc>;-vw;_k;0B(u4)2L}WK?d`NNn=&da0#aWEDCSged88gs1KZS^rE`6ABuko zDy+RFgk+Q?JWE=Kh+)gYpy}{Ljd2xpgM-kGbY;kO^Icu?*55;^@Is-{##7~WP?2d! z;l`l}Su*qNc(s3!cGe|8-P9K~cL8MxN_r%7U?D01IvrdBOwHLZZNo zaUdO7-OzKif4mD~^5@Mbf8S3g1ptIQZ9q(ypygkQr9u$^C1Y4m=2p1PRz4YDchRWe2bugewz}>?`R>U`n^l(5Fg7tO<3Qx^2x5>aK2dtyY`~!+ zyV0j;t1Y)F0&uvfZ!41+3*4%E8K~9IUrx1Ii+q?G>zz4+*-AndqLor!_kxi{VxaPR zS}tUgKno8B)f7~xIUq~R6d@Ype@O?Z*`j7eEU3iL8d9Q&euTJ)=D0vyJ~-bK1L3oJ z@EKC|jC~hl34SG^xWCs5VAR&L=Yjo)@^!G|E&Mv>1`vV@a3x>Y9N| z+TyCz5fzU%O1-}i3on$l$2{6+PRbR(mv1(u7FlZbvXxZwP#+TXoSqkgbPkuHD(;^Z zzFf8WV|vSvdIe2BokgYiWUSAKs_hl&WYEUPgUuwND`orb=(3l^%=l`Lo)!BxhT20- z&EzsOoHX~Es@m~n9B>MpJS{wvH{_T!nQ>mXfSvzn%Fqn*>(ZgBygtR3N*+<>lEmer zjnO#?<_#-Uc;GtKHGv5wgD@CWA7A*}?3_4o1I9S2{|a9)=H4ue+pvIgnWKgpG|4Q_ zAzb3mc8?^iksgwViC+p=mjJ+%@I+yFX0|B?Zi>zko9c$V>5g6Flw_+HWc$nB0o%DX zfNa4fSF+h2cC8PX0$@uQ-QRIgKVlTtTUa!IU|ybfkmuu<4&R9LVB-md5OA_+FKqR5 zZI?fI#m$Dj;E@>Mq)rn^flOx4@D1-xn;9C5+oZof1oy$G2_@?S`P}~)FYB88YP9E- zebDCtM!g?eM#=`3x=l6FF>6K1Uyx7!G!*I)sP?S%vsNx27z)?;l=%^&eIj-qC^+Xz zzU&)=gTT^%6INt(ep&v5gEMJAq5(zikRumI5cSzqK}7fb)Z^ZQTm-dus9*aW3MJ^LU+w=LdZA+Tdq|>F2ZR5cy3A*wmi7P7-BP zC7PO|&`PS5_0H}nejZT~0PE|1<}`k7F#I}j7&QQw&VAG{?!_K1tTSIwReSwW77xhK z0qkNUzvH7m2{GSA7-6vUdt0b;v~%V21$`^$c5q9f z$#({>XQ`KZpoBJw&|LLMK+b3R2zezv5<@w5Sw4Ph262u&Os&X$uB#7aAPfx+h-2U2 zW5_{vw?%1KZf}Q>BU(gTC%in%y_R7M+e!{`se5ypXY=cZQHw7M>1tfY=DM0v6pcBH zqaK(b^m%jccYs4+{nWt2QnP-uPy0S603E(8XAD_Syt7--4jj?wK4Z4sXVtz-S9VdH zmMLDN5e_bmDqwN{j0z8c>T>`(o{=`LxfRl{-FYd!6WLXr4Qd!|*-JzW``< zWE!6qi|>!+<^}SE|6skD58GnZwnJlkS&)beQik(dZd?l*a>c1IXF=B?e!}?qB$q7C zBEHr3|E^t>)Hh&}bpw546CCBL^0OB-%^5xr{8f!P*{t~_cm)0G>zDkO5v|@!S1?xH z7>Xli5%aJ`e#2^Sk#I5A0`ipEB*k}Vr#4>yUQv4&ga`QwAovygdC^4BK9ou)MzVG1 z%I&JS?f9Yd#1ELcI92tkfQlbXzych>le_QL;e2vEnuv^e0ZVg8W-^i*C`@1;eHlpJJF27VG_+5>u zyMevB%n5A3T|Hq$9rH6jvxDaWQ6iS4%)_UF4gU%%QfGdTN$Tqd`ZiD7!livazj$G9 zY`Cml+}0T%kOT}+l1WXo)E8Ul{nAo0MK?yORI$B_ET9Ob;)$8?_U+keL}$)_`Fo=5 zVUlw^3{nY#WRZKku=ZYbNIYr5n0Zr9nUbCR=vJ4FHxcD}Oq*j#LwxGLDDZP@!yP+?~$78Wu zj8$HMTFw9|#}l-}<`?d!K)Q>rGPxXB(Fm{q&IbhOE9m??EZtX>z!&6itU++Be5X%T z(qDq~TYV&#ne59V@Y_!8hcARqbNEgRx|2oTrv<6Y!qwY%u-Jl~TXWCU(K#>f6tXp4p^!r|7Jf&u*<-GQeRqUgJ>94 zsDBeh>#Hql|E*o;cPZPH<&=ryiC_IawZFstY6pmYR`z{Q&H8hq{Vk$lFcK$Ow%2Jw zH$(Z@Z3fY~KNnj;k0W>M8bol%fjgbR4^lDxPCKIyeQsS_LTR2i_C(86WX)hp>^quB z>Qglfa?gl*^al=0%ROWOfE%j+G(G-*SvCH6 zk(m73@UU4;!)Z|!x7qwMzVGJ;wBOZ> zZeUDS1R`vyy(afenLDk&E-XXVvOU~vC422YC@hvEWEc4#bR>6)E?C%U3>yJFP*}t? zEKP=z{4fWG24(56XOVg{GJ1*_#-WzN0hzwVTL@8=uBrhwMDnm_^%&G^mANDfzUp5a z7iiL;R3X%(+^QKkET4!*OUIIyW7F7A7K5!rT@4tpqcj_9%!hBomqAvY=rlx`ZrK!z z@G^W{h;6b@d59T4i}`kkLaRH4{4^PRV^LyP;EY#7$RkPd&9J3uSIyDCcE1=Kskym1 z4UUCCk<-02=%k|C0<#`yt*^=%w9v|`k_0Dbjs=N)9cJ5~JPANE)L07i-#_uCdAk=w zbP|GCntZn)Mq{ymi*Kkd`x9~vw6U-j@^gs&h9;KlpTH6jAUi_R9iG__bj-Ko5V>xp zg+qU>39=qs5b`=-evY6Yn=T9?drYgGlHb3{oXONRZ-={MJEGft4u1Ts`!*-aI{En(X6YiE4lAfQ-AVxBYyK}q}1Wh|nONEq?i`oS}L3XxvF4=`Le#g#b@* z2a-#e8h$O=S43K5&l!TzHQ=N@A_`Z#%ZOM_bO*MhT%&#}ZA=U?LYbCWgltra8{Mkg zq2UO&#G+8|T-xwYFhLJ;3Ve5o|L%xKAMn5Ce2TI?1vIf%Y6SuAAP3%VI%4SHDv^V< zdt?>x&dg!R3b<~||C2Ig(pCIxVI^m1(_O6XwI<>@!5tr;_>O>Aa^J|iV1JRAcko2w zXH$)?9yb=Ey?3N0cx~l9h@t7<*=cprLfkX#2DNc5p5qvhaMBK=Y_P`UBgC$8U^5mL zkI|O$@GX@-fdg1D7vqO*l|=`9HZ8YW`(73 zXp?vF`&Yt?14jjubsi z*Hz?f#e|Jg%1kU3GAhf{r@K)V6NAiUj?UQ2{9Ik}Xvz<9Qo_4U%8$IK42HQ?zk*Z{r%H^R#C1l2 zakNJ*0qH3LZ4ZZ4^m+j{~Vv%Ao4j;mX>IPKeD8h$u=E{am|h1A7F zj!n@UGLB7wZwi{+v88jv$Sd;$v>TBJXOy^tJ(>4j?7Goup3qb(4-b{@$7mg|()zVS z6Wo1`2`fH0H=}?tATEnb%WZf`98$v)$)2D(3p+aD&JS!uHTou+b8fg+uEVwQ1hSeZ zb*^gMxK<=u@GYbuOy$lRZaSQtp`kSg1`9M}=c_p*@bApnYbCH2f zcPJE8v6|@wJ~$-gof%J^ZLT?;KEw(^gk>Rw`s8pDg1`yda3cJ~ohIZ!m^tLlWK{VG z&U}HVHiFiw3}yRa5d;e~xjX^(Tcii!Z{6grU&4-sQBqmpxWf#1+|uZiE^`Xyf#MIL zBqsLxB`}1`jO+wvWZz)_;MJlKJB9MkW!G}p|Abd;|Ct&iWM^Y<=k#Nf@sEktzX4ab znuZ&;2-=rq%93j*G8ri}BSBi6pPI2WDFz2f6tWTcLC_j8F+H$NIZ^AvwXJ6Lkb$0= zeuxj-JB*b2EF|3%126bJ5c~%bJ5x}trj1BT5b_Dmv4F~Q>vgxwjaw?^=f|eo4)Ey+ z8)XYYVV`_Gq}WlM3cW%sgfuD#j*|YkhoXOVpMpZHG>tX~pFFhOj0Y;^hbM}?_ONP} zJbketE~Db81SGxd3qMwjV zboQTh2PTOeqmD7@o{U#(qp-7VUB@HV)d}fnw&MbEBJVBGH_F}W0 z%a0RMR`#-fYs+bNWXn8hdGgMFs))vW?6}W}zXP?W9K}#LMss+*&iB?WYn8N&At*xi zSdfVM@c2|ci(8Q(&(oJ^``74OQF4@Tdak4~Tl1Z@g~+Hob8#5suhK9%bviiCDsR~P zEY?$$brdgxcBt7h5bfhFRSN=mpbjd#^sj}e-K4vwykn!00Rdx>4z?7JTvnm%kQ`uH|H<$4$B7IiK_ou>DolY#)3+l2tJGx>&FkBAHXcdez1bZCnq(-eQefv3Zhc)wSD*r>lIM z!0)5kDi#e&x1OspdtRn=yD;KML3Q15-uyx04>*6z$lev82D(BWEHG&0 zo()=&4{Zmb-Pur6w)bCvv&TL zwPgLW%^m#arx8=S?FoUu%@5(CC!Bj2eXZFe`q1k4W%iDeL-DTIW6ClFG=I@9xC7N) zzAX+aGLY!7{4vad-fEE!264cigHGWq+r*r_ZAtksc^NZJdf#l?DnTQbuxG%!4Aq)3 zU^3PaRc(FivKA23ByBWNaL-JaYB^ww#hxbPUVMh_Tz3Ph(YhP%Cg(z{Ij){8qe#5e zwBXxAb%uK;KziVpb1MEmYl@#u_1O6xGt3mD*#MEw+SPvely-f0r7%*R_R5o3Gn=Au zz}fY@+N|u0Vr=r=)lu9aqik|x(SCX|+F`B!eDo>=V6iI6D9ehmZDMneIOl=ah^~_E z4gMk<--HsgAf@la674PIS~Vn`vLakZ2`y&TzF!YH%R!(AwJe}3R3w?M=`HITbevOr zC2{=++B#lj+CjInkP&=^_LpK*5dn=xa~MCswBmrR`cO~Y*nK@~{)yO2-tMpsxDvGu zN6Y1tZNDCE;EWT|U3_n{FHc(42R_ot)TEygRc}HT=!yC!^-!y}@EjVWKj9TlGa)eN z+<5vYFG9jVcD}ug(cuHq{0ifIMuItd%>lZ|FaYXG!m)Ff05R%CmcTSKiUSm7>O50e z@qYM=Tw5^@qSVj{LTsLsk2BcBS<(V;V24Lp=!t@_JDTP}1!k4(5C=1>eOiBpMpgC? z;k9&CthBx(nv&DZVVq(JseX}pA8KP~c(BmFJu~0_vS5ANeBg2G6S~*+_5y4xQh9d- z(9tciGxI%R6B0L}^6C)1-x8dJu)hMFZ9%48GC%cX$iR@ywqR1G4Z72wiJ~=WH~z!t zu$Kiw?4wt`GS8R4|GIGvLZlxL^rJ(jKW`W8Y?piK&zu13FM}IV5UVKr0{~b>gHO+ERV+pFnq1gs`Y#JJXK_ zID3*QL)}Zb2URl%6NAxOrVh*SQj`b$yGKuiYU4!7NnQay$(#}4Mf8MUcdu4PqlM0*y9QQ$^czVOb_BNcvT^3PoVU?_VY9>UHK zhF1K?>*$RC8AJaEvU{?Uj@7@&?p5o~KZml!n(nlyhzWHxz2`#&%U%OW{GGAyhUwQ~ z&PoodrmkDQXwCxl`+p=FNHycur<`wqCyuF4zFP+)WQ^fJ3|{>l}7Q zfWcSjPV%G0Sn)R92jne^%40?}C^h4ygV7R?OXa<#3)LCgbc%y`lei^>1*NxLYxz!} zHVO>}`D|k}qmB45T(G*?emnKm9gKROPa9(9if%z0xsWn5cs3HN{)wBEZgMAGgi}MN zc;LMQ%@+8+;(JwU9W@E`^yC zn^(SLUJTeX;c@3lJUWVa-8(%RCq1+B z2l@hEnC@mLZHt2I-u_6z91l7h?D;SudB`%Ki@rIX^0RMaGq0F$ zh#?Pp+t`n`nt4QOjS+UyVzNn}5DhX$rK4RWM+CSh5%oc6NSO*FVf{U zI<-!oJ!GWpDy{s7G&+o%x!ZlyiLu_%FpL7|>bR=B-zyE=m8z@?p|q{^8_I17T>WsDCJ-M=!S7w*3#wD$T>}0(vwrM($@}RO2c% z>ybFjZ9^jy*Wb+aotf(!KEB^TYyGld6o*Xoak(NuvoI)4NA3RTU=d&wLCP{6ip!99 zhUFsSIPPQt^s8|->{w451AHwTa9YRMIW`wH_DnNSM6p4Y6EPYz_Tpi4XbX4V&iYvwQi?j zIrb`l2h`gLC6e{S>IKPB17S`&TRiq3rx1!XEuE{GCY`BUje6|df~y0{?kEf>7{lrm zx^U1TlR0qK3u=o_;9!(ttdX7~+0I-#E9i(=Jw?iPU_#?;Ct|G1^K0!G&J$+nS|4&b zzD+v(sI+I~Ba2#VJghv0cF^pK@k*M@;98t5G>YQK4WUU52!N;}J*YAC8+fkaQRhYyhA&qEWTb4`}Y*_OOT}|5-j6Z5lL1(oCQ@LCXbg_dY zK9h?AqO3Zgf)Rfig!oM*KXUM%fep8hO~XXjp6p ze@<))N|(9N^07DNp(n+GA8CE6DQ8bmP?WQa|9j-F>{jQ5yXiAhSQsa%s4kHG*m8=~ zGH9KE4 zX-HksWw2L(E5YAYW`<>wLp9{f8A8E;5f!U{GUbHdG^A;I9aUwRks_f1HO_8>Hs)I! zH1F%7-?cSI((4bgOr9eh^ts#7zLrV8%zMtx0B>Pzi>w#_fTdTqMtAHWP5?!D71o0` zJMs$qkK14m&l-RMxECG3jr{l9;Q7n9A+2X-sPFKHYQ;bA3c4 z7Co-2!y~60JyiNO8k9u9x|xdgVADeeQd3j5XsSsE1z*eCp@KzUKEKG$T797q!SfqI zIM&+S-Amhj8t{70cmuhDsl?{AmmRoeIKZZABGa4p_az3U#cFf73h92yi=$hmmzIxa zpz^qY6*PHtA!sOLuHmlHJM6>2QL{u7vn>^ zQ{Z6VvyH?|o=4T0#u1G%ajpyY$&R>Z9rl$e)z>Yf>!zEh5HY;rN(hWO5hq=zU(zdb zFwAShM%UwPBAh4gcA-9>h{C;%1%xuf1n?tT@D`RaQLFQWh#{KEKQcRq$5+FAbgxlJ zU~v+H#UtSZ-i8-1HygN;7eWFR%NX60G<>(;`n2Pn9&tifb&8m8JizrTa_}xklom|X z!`+y|JEQGg-09FT9c2n>+Kc;pOJQ1=DsvY0EDy93hsIx(h03O+HHDn$Tevv$*!bs# zC1$}~X3A>hC74V7waGm5x9_CmJg54QjL0Xlc&3HHPm8i6zLm7yqF#e3jsSB`WLCh( z0CaoEY2mbn6%I!n>eyU(jxf-##pD01QqS6{81@4oJ=E^Wy>0p{+q}1uh*0ftaxh5M`C*l?V5C6+7Z-}l6@b9qzXY}7q%JeUv&p!?6cMgt7-rUsYU;LiF;h%%_ z|6_aYa+2ae^hjxok(%nI^Gc=4*`W72S*)^O$szczYi8V922z|-<1Ex(x!!@KeL%f_ za*MgQiou_W_I(XV9^M__jc$BQRQ`m0rXbsA6eJWxg3mTD^uowz`;jG0=6GICFz2>X zbh>PiwHA&=bjIY$k|3(ho_k#Q}ciJ$Y3N$DXf9 z$mu}OvAA~GInjXwW4O62+m8YNJun$;oJy8x2CBaYdYa(%SPX2i(<+b)>8aNs@ae`1 z4M>S#k>~je{jM+XXB7R=xNsTW!golSZr69MNn2l!tnRW9>N1e{wDRnmKRJA`RCLkQ zfcwk+ty|>y%Xg?~XYtQ#{0F$hB>~`u^Vfb(r6(eh0uYdW*}S7vg8bQdFb(fa)@Qh| zCVD<&iPeb^HJs#ch!fLlb7eGg{DfD7&jFL$J-0#tn11hK4}=d=_b*F9;1bQ%lHeI8(<(^`FePPC5ijUbFyB$D+SV-T z9k(Z8L`jcNxFars2uwz)XiJg@yK7_ZhZAXTUhlsifVxmJOq$9G18V{}FfK@JrTGPg zzswVvVJtZ2&E0eafU?gNoeb&m`(|%v2S^6oK@P%e^&WK4x(CSVvCI*b83{%JiG@arfccy$Aa{EQdWTn_uAa5ODyPs9ByWhH?I^c}?e zIR|<1uWa(v$)6t!Pt2nwUiW>{vUiwpw&{Co`?(l7HC2d+4v6J))TkBSXS(YQPD?5t zD8%PPe%PN7_PVuylbr{p(7l(l+(o&M#F`sCqRkQ5C0_B!`Hq;~tT|d+8AK!ncP_9? z8swPs+_W6*A)LbxGM;x2B_*{T=i}(J%lNd0Bt^-lpEADk3pMRSB7;yRpFR>T+c3ks;Mc$S+JB?!mMd&pBk;n#gODl1sh3%n zcOqBgWO1zyB#F)DnXcrKPYYOVM%wr14`MH?W4u#&6bHi&7=MuMQbmo>BJ#T|FDJhp zq^4gUJS<*ba(}YWr3@#sGgUDX-3s<^3+Al98uPKt77@7^;W^>rTcb&XM*!Ux=2a;h z;%T#FHRtoNG5;={K#_g;%eW$D;1U$^S8W&=W#P!?qS~;UdT4KiQbi%Z;1Cw5w+v_p zrl5~5X}rvQy3kSJ;f!M&T@#!bt6b!U9V(akQhQ(*iWBZ6XY!%biG8O+#J zIx7^LFVYOUMc4K++Sr5+I4gA(-XJ3;JfD-oC&*O4Utc?uK`QS8+}pR%*)UfyX=+8IG-S!x)a6}?qi*o2F6s65w2+ohn-k|)Po+8rmiz6 z@hp23&>IIBrIz#Nhva99Xy{qRnO)%&f1fY6qV%gT3tmTWhi~MMT}AJl)?C}YWxH^` zhE=83$MsE)-X##7&@kw?!gO)UP^8-8W$t=#^xUA1wTK|Vgg z6gRm-#?>V38P|WXN`{&1BitfLzZ;XI<1)l`@X(EGlbKq(1?rdi;Pyp@r7I5UYhZ~( zDnPO3Mj$DGIGx7X;{tch|!oKee)9tiluwJt_{; zW1c0wz*fcDc9hhm&3pxWMDK(kL6_VM{d)p_`(mxjD(cKN6P3A3x6Fie!kUlSB6KBMMI8;)g5u1+8EFoe0ZeO@?u9fc zX6!vuyC0WA`&KGjR`j<@6-9PQjCP#_n8;)QThQLxoQPuZ1yb9|DrVd1DiK^w1SW(# z>;X7gE};~u6kfnCe$-C9n`9PvjY4L4v`yU*rFPgZCLS5%R$fJ|y04m=6 zBjcpM2mA7e^p4qYLH^eZTK@rZQF{SXJ3tC*ZTI89VI1J0|0rm^H`J{+q{;BeDj-$s zL5>W=!q0?!_Vde&?nA(FXzd8qPfKqo@9L{Pmb4?=DE(x0*L51cR#e0tD|$dpGhx6{#4kKF zq0kxl%alUHZ5%bjRDxYW#p*M{(fAcuU)hh`JG6qw_Qn}xWbNk62KUYQ{Q_Di^$zo6 zIN$0^wx0EB>Pf_}+*A~eMho%fQhA0-arPt{+D%65@)5_wvjNnlF|S;vp>l)cuZ*G@ z-k}Y>bg9$}fI?Or#n#Z_N`>V&=G!a{QWziMQn^MtJNOa0#B*V7(Wn(mMSU$Y68{Y$$YxH2qzo{R_s_OV zcSxQIwz%`_#WzTLUF}}cA?&B4YTW^*?W6BiQLeJgx6qaS;%T%jX)BYDQ8U=iEgqD` ztAd>e5)kek-wW0506t~Sd#Q^A&t<%azL#u(zP$9REYLAU;)7W?;JalWHf2`#8Lgj9 zwZNFJO#=@TKUIZoaEeucTf60hq=|cZ!0++?0;ONYHS`aV8>!)!$__vKX9lGcdM1}N z#uk{$)KM}tIVHr{>_rt2 zIWu#nXCY*4>v9H@uOy4S{~0LDQSF)Q0$^_bTbL{VWnccM8tA{|5TaIqB{xR8`iB1< z<$w3&hKaxsN^M)nkPTU7LCD~KesB^ZB?EI&S<11hb+eLuW#>&UG{A?I(h>>`LIB>AUNtn4oNlM-^w#sujaaZyp5rn znUBTmC!%QLozWOlyN$c)l;S&FR=*d8UIA6Q5hWLa&^$W1kTGY1F`k5mp%pZE5chCh zgh1!>sajK3JLd6Sl;9auHF{|KrQ!gX#RK(ba4cy?Tfi?d99CPnAyIAVMo3RmM6hZZ zYq5QUF!eOrZA1eUzWD4=y%NPMdx2}$O`AtQ%MvCfifYIsPB93gLQPGb<3G_>O)IiF^UOOrbfEppo}D0+$&bHGjuw) z1=@o@jGJmjG@JCS{pvF=D&*Cas7(SZT&NxGAyE;ur*K#-!j|qb64BO5C5lv56U*&) z3@V^v-;i0fviKlvv!O5-=}otYdtWHMCZL`}`RS|1Z1R0|RdB9U>7ho8QaxX7-Sgs2 z!RC=?5|G69r9D_m8DwPCe7wyEfqq?6$t>J)8%52)hBnFWVC96FI9(tWTRVvAhD~Tt zX$WLUwd()0MG9iza;%w|XcdqbfV?FY@#?>VHE@!SeiO8~NZLC_Gmj%X0!J@`>%`KR za(YFO@M!f;_4A;7(9>_iHWu47_w@ZDMf^E2=I6oMt2G)a8hZzkJ|i!;?@UUo=r*N* zyy$kB*LFHl?K)9yQ{YRUv^;nH8xu}{U68pzA$d?RX;PNd=Jdfc{z;>6;I~+&Ub61j zKi4l86}R|10id7rTj+oL%h3O~(ED%2#J?-xCRnwW$(T0}Ns^Z;;jDey<`owKgXdej z;_>erJa#IRPefs%B^=SDA$5KSkMndGvlM(9?IY~88WOIQlcZ>UaT z>Wn6Ko>&OA&$W&UC7-RZL&kLqew*>AH^an-ef<=NnLO+jXZRwD@Ss#Qj)!)l;+4P| zRL71w0D%aFSneZ`;SszqEXv?Ng)NF5pr#Ci)L4vP!ow#FT~hBIAJ>+}`c%Fv+fDt4QM8{o2y*+dCN(=wvauGqk?LtYhNEe3raB&Fd=7 zjm`x!JmuYG$q-8J`S#~&(HIyyDN-HR@@`KZi*ngt{x_iP5njUkn3`d_AxA`F0_sIN z$dXS*v3r`BJNOuV;x2KWRxu>Ij5fiOu^kCN%9W2FIg;?sDS&sB&6NLm{$pX8wHpA% z1Jd7C54ry`IR5Dp|4|+LTg^-Phr5C@^81E`wb2b99+4lf2`Cg3Ce)YwD47%{9&qtb zr2cYc_w+wRK}Z;9lUb4C2$*Hn>nqAbc9arD)G6zU=>^EG$`|s@)=#t^%YRk=s_nnr zc)VeVg^H8eV(o0c>~NdpT6MnocF1+VGc5lpVN08rYCskl7re(m_p`v2EWJC`(Dp8` z!VaQdlXgF;?-SB@>I81WfX~R8&^buL;xEJNNFn>%%=Q1i_fT(LQm>H@gxwBXp zx|v5?Unwg@jNiHjms( zErZAObE8q1cC8foRe1>M?tvLFGBYATvx#(aL7@Gw+}YGu^Kxw6nib2W1dv&Cv(TrS zIhX+I)<-mY`RpLf|=vXk6{Z2(zw}umR#!~^g47s}q9h^({ES~1%pM|2DLn9HkS}8PKiFAvn!xMfo zPSeeC@f78wxrfisyZNZiqF+Yknuk+KdVQCL`x}2Wn~tu$(Gyw@$cwJn9mQlRDCF1T z83#&=6Lh0(8tY~Su|-~l7v5gfm)CyT%{d4@+0iRnrZRTa#S^V z+^7x?vND>9F%0ig?Nn7YiN187;dmY0_tCr|-&?;9ei?3k=HlsIr@A+h_PFJnzK8rZ zwyJ!`DEmN+Q9LDZF=P-sgFCvel2PDtL{rnij@@^g;G5Y!4bJNTR7J0l?|*>l%Q{IqD&mP5HvoYQ{J z91cS-S;mT86t{eR_TdW7rU4P-up}#tbO@L*4%=o3ADJ=_Md4imIAzq}3wx8O%m|-p z1sX&|;&_=cs+=i;ZZ&?yj>!Vcv5R}xhQJ1Mm4H&_vMw>`$DQxc++DiR+ znC%wX1QXE@am_UG;s=kGio4P6-%+Ikh@tQ-$!ubf@Gvz?G_BG^k-o?q%dc^?uT&i$pN4&#Cu>Yt42i?8}YpVMyf|4%g}gOe8WMIqrrELA*iNQ)~JG ze?12eFr?W;E#=kqose&an(SWR4^Qvb*>ATRP+D@}&W%?-($awIig&wg;FZ1>8#Wb&!ZT5k=%Wt#u)yXP9wBG`O+65k4I*Cc zN#W^EuH~_baD^1LGCqeXv_?k8Qj;LYer_U%%aF3S~{J za|h|<((ZYDnLRndL{W0(+laCTBOavW5|%NdhUUfmS;%X$Gi=XC8LsWCs_-sG(HVu{ zZ*)qn8iANn{TVagYJACWd1jXK5>CJ4R8ha zyHRG)GJ@Vg<^YjdK|^D^EkeV=VY}5C;s~OQ$TIk9Pxdr2$nU4*R}dj36y-92j-23& zN$$Kh?@rOBd~aHC z)p~#V({Vr5z%qnuVQkvlo)>&`-@JeW)}ggixmY#qimRdP#lvOtbeI=w=+@ zf%m4)Ncal>`ISx+Xe>9hG|4~V=}Vifq6;=+H&$Ao)%U_(v=(>ozpd#8;u#bHEI6~k z`dv$x^DhUj|53C0+pe?pa7l=;*C6^g3O&*CzJ3YR=W{lMYHd!~s3pytht19( z?l)4lQ9>yA$eR5O#_V2zgM!aI1+~FLxyD8Yj$Hy_`uZmWAS7Hyvl8&PA%5Eql>NUw zm_O!7{(F5x(t4H$&f~PnHa&%|F?A z0c03(RsrU>ra!clFAwsD_u7Y^U`DV-y6)sFjJqBn9lfu1)cjtI3BF&*tLceC-@6jL zdhjAAlrtUwT183-SZLd)gAMvQ62_f1;@kGdVo%X=9UnI*U?kYT8#t0EGEE5!M2cz! zTRRQ>Cem;6RN2aw!7aXf%OfybXHo6K|1^kBv?AeG#U+U3A%AW^m#EE~L{R~1AfUML zz~)N8dr@_G9f70^hgpQ?G9go6*gC7ESX_RuMc0;|;0?%VjkZRt@^DOMfE)%YuQTW0 zm0EHrBb1l07wn{i6<}MV2O|;6l><^Y6igsV>`+*?r+z{esH+Twe2&>$hdT7b=PvQ~ zrVdCx>Dn5PsZilYP4~88cf8AgJKY+0U=-Mti4`Zt>Mh}7yK^joXFBH6mh2s?Vywq; z5$PlYg1Wtfoy{(`#kcn645T9DP<{tFr?g~JsWXb*64%I`KLM%=IyFefC}#Q*SXMAW zkvQazF6x<1RC)i|v}UDz2Smj)(`0U$Pfkc&#;ExQ@fY!dP%+30oqS2^up-*RErpX? z9bpShs(bo%#Kjg(y0HyyH#c5=oX1x^A@2}_YHwn>vjm^RL(zVO3uDQ$*$ebB?mzNR zHm;6LMnG`_>$k-TuD^`f|E$aX)0Y3)+c(<>EX+wDXBi4C3Jw5FH;SA5ylc$il-JLk8uz--Uws<>HCUj9K9lG{lc+zlkw} z6<5O>;zYOB@F+Nvh5ekW6`VMvWM)(+Vh&jsbH5LSKGWOmCH;95|Dm<#saQMVTOGv~h^u^mAEii^7HLDhdewqHXNl!ZN55nk| z7O7&E%mv4zYwgY#Y4(@RwYR&6i`Ji%s*}GA&LSZg1>+A^cU7DCh+|EDO90fj`x@g5 z?_hdGthR&j)vmZj1FBV;KbU4!hQ3JIuTyeE#Pn=Y+EA3s9 zD<^PRHE_FTc#kIZ(j`*P_cd3=TWj5Ku)N2fv&w_gtd3T#Q(s2F7oV{L319f%NIRgmThvhJ+4T0XYt49O zZckIU!kFoPiN(T%x(skxMq}`z=)DfnEjpoN>-8H=kXC$CYsy``+hkz@X;meXQatgw za+jXQ)I~B#8q@qB9T7NCG+jIOm7%kMrh+m$?iT+^!_5^UD==nBFi9{;GCDMX@<-$8 zI{{igGY*J0p=9a2SQpyBFoS*LN+6|y@DNEt1)bfGE}GskvV9?PE1Q|^cO1bDxPw(V z>jXX9o#Y;-a)*|1iw=OOv+kOyqRd`X>N0VMTb%LJ!cYq0aDV<~kS4z8bEHqK<xk=LK~deKJW8Bc&;NcgQ^`0Hb-|LGV0%2Sq_=Y$O+IC+KX+6LX~JRr~x`vD><01W@Pu8<1L|V zt3zq~?}{xxl*W`y41PGK1uN4szh2X)c55=&pE4$@bhAzLVQIoOA$kTdtWxpJDje<5 z#7t=<&L%YtzJEu1J@un(ob1;b;Y{Xsb^ow$)3ixCQgv(wXmN&ro4wsEAka;;x*zA8 zV%maa^eMcvPS#N=h%En^hJ!I<6?G6}K$KXr8T}%Zie;e|-q#eGTDP+MX|0Dsw4l%| z#$AM=(4$^_ud^WLF=j8^wu?yha={j~%t3-~rBGKZc1~8Q{sGcooGL%NU{Y5y>w=`5 z&LW}i-1C>f98BuE)Pn%*Rn+SbPO+U#ICZt}K=}HhA!tk85cE#cfr$yh{SY{qC@iLp zkf(pjCLHGy2+#uHO8;B9{`L0K|2Bt3^n1*T{}Fz@lhCrlnjD2DDC7IZfX?M{#S28| z$PwigfdSuNG>I?GRTCP|9vF86fBk##1y?V`XZc49m2q>-oujqW)9d524k!nDp3G1e z4}R!Z985B^QA8kV=r||^u;KuRd^3cd{2O@u>Pu|M9zFGz9UIOgh>!Mp$EBLN2aC~f zHSWdtQ%N$o`$1JsCeQ-nCx7~x-E99J?n8DBDX(?v$> zxE>Xr#GZ`2_L>hwU;-ju@l?I`p<%G-;VMqX!upS}9DVQ$AhI=*y)-U$K3Ys<4nGkT4Pf|d5y(CPF?gjQ7ZFs^1}h707uhr z08)T1CW-F1FO-4ARG2z78=5aJ@HdCc^fH7Rl>A>`*tbK{5x=D|2G$Nw-f4q|myV&~ zuOgmAbwW$x>*h0kh_I)PpI;kxwzlU8g{VF|TbgvpRN3uIY)oPW5cDkD`g^{(`pcDYV~i<$YS2`-2pKT;_8_4KicA z+{K9El219GDdNt1!#U?pd<=Ku1Rw=)Ra!dt{DTxwm$O%vLj+(MWDeSLUu_z6)VY5Z z67r7CtMV5-u;6b!L`@oGz{#6YIb3JV`vA)_0TeTD1O=I9lh4FHKl$JVX+~70=wTSKzgw=VGz9dC%7JM6(f&g4 zoJPlX|CHHnY|DvBp+s5~YhXm%xz6SGaF$`;;rVd~+y#ZhctinW6RMk{OA@>aRZD@8 zB(9gS9T5^|v0tP2?dL;gq+7}x$2-y zeet89P^YMm%WJeaII*X!{HcSILUL1s`%Y8q9$VSF!IO-06B2WTd-q*yscWmCkwin@ zX~S=XD%pw4-PAMnGF2BSm{=FmOO>~bt|J$(<77?(c%4``b#?qLzZc>GHi)*jF#X90kCABGt@+Mq@X_`|gL<^g# zLkX1V$@)4q^V8==YOBTj!gvtugoAu2*~aEg2h&N?kLKmda4A+5_Gs!fp4c4*Q6=cY zVNb0&Dd~oj}3=v3>(Rw{c4pr>E=JgL%Q`%smkh>gBVzMru zZsd<}2f*TU=U#-i+k8))5x?ydveyLb_l;Cf==Y6QYZS^xcnRf55RPRzL6QQc#i$Uk zE%zLLNlRekXPfTP{CttXCZ1G(_5A6O=mI~@VteD$qi7my*i7FZ=v^o28#|qlA&f1B zFd1g}HkiB%B=%y^p7g}eQ!*J3f!*DtEW`mi^s;vER9-IsPz73_Z678<7Ey4qUgDv& zd|fz(a8op&F$)YDei9C7WxU%=Ar=L%KTYHj15djZU?QZTzpFvW|6iI2k%Xa@@xO@Z z{2%eTI$)>~={;ceO9gdVl1E+BDs2DvS4Gd)3_w<6NU?!{W1~07s)Hz7ucyo%B$aUbEy? z=*!osTMgM$m)EAl=78gGG`_#O8=Bn=(9c;&4f4;LpxcjCCj99fW~*D*?wd+kS0lX`sZZBB^r$TJdA=NLJtWb%OXRsUa?oS<(Vo^rBLm1 z=V}ULOc|08#tFIoz)MwdWUm;Oe$}FlBxxs~rif|E*MnSza8fwip$;FR3lA||Q>+@i zvaLYujl#GL@NtH+KL_*uCfy=&&sP^P*8NIfw&qa9y2>*Xu&O0w8a!Qteq zrM_6j-X>S5J}(ux8OT`>x|vQ)*ZV$p-oyT8Y&*r6rA_M-l}0(EFyjytX2A4_oo!tQ zzRgljzp2vorQ8hnryy0df!)EELxgO8qTOdoKQFu+$FYz0%g&j>ukUuwkrq^rA`*|s z5)9{GC4x2HS#y+w!sVe0W59}(-ptSzgLtq#}cHnVlf1pXb zzp`gMGlX*x%_0f#qL4$}@bt*riftoj3?QiFrbqPsnUbSTZj`73kS+V$Smv)!g#E9v z48Mt~#ebc8{O3fNrWy=69^Sh^(UOnd7XpGja6A$cXrhFxuGI$>ozeS*HBE1BaqZW8 zK>iuYFrh`uv-Nk5<2Y+=?aSfir1mGHD;C&@YEE|g1%IfJADq2xgZBC~wh}fHc5Mbj zH009$$N>>@KSJ@_OPq=Lr4@hJwa=G{d&$pf*4!!96RuHjQ|1m1I5bs$3CN!J*uS6( z%&t5sm#Iki>#*TFXH>!ElKxd%0ro{SB31GHavA#k1c=x|*iCo_Hs6}{%lWdm8BU9t za`d|v>!QYToR$g)GfJgM%}|%2x-MB_4%A?6M0;+k6I6{#1xsIamFD*OGUk1NLl0Sr z#|T{%S|6QO3sxdnyf%mJo^DYcs*Qwgo1O~IdfvjZpgnpq;+K*&s6c#WdAAHO^^WHL zJaP68jTx^4&QS*l<+e0k^6GZv*~S#B=ZM#=F*;~cMLNSG)uG(c9ws9;BkHyREPk&q z1^%9E`!2m##}9{L**4XZShrA(D-1TZ*9KtmrHO7as5eZ|a5C zL_y!_dtL(T+?ZVl|{=h};KTup$1e&H1WnjZ|z z)q5!`VGM;~3@$;!4jbNs(H~$LLUu^)M8f3Y!sx(acAHJ8?7=;doWlon5*(P#f3m2e zw!PM@0iZAVE$II`!{k5m&A){_3LoaPGH@Sl1?DSBEi|R+Rwrj2O?9*V-~@*G1pK-( z6bR&TZ+9sj^UAXZZ3VrXuc@zsywluW++uBgs`)6pSk8|>oF8w_UkWQf;p})v zNCFA2P0P+##}76{U;}+SJFrzA%<%r=1f5jnIOj0uc*dAS%8NHwJxPj4ue-zsPLMs( zM4BNK9rI>Nl+hlJ^q3<6?9)`9BJWaZ)iE=t_GTbb;baQYr{w9H8&)|2MUzsLwdJ22-P@_l&R*7J?9u(`#+=Ae> zGi5s^iB!2u%lqMvEe+o5eEF^I8zP}F-w*4Vi6=ELD~t;Ep4SiHeK0@JR|#6`nZ)c& z&R+c)PR(cr2iUl0)<1HP*3Im)X23E0p11dZ9bgH%nA$to|Mzaj-=;O|(ij5*#BZ7W)_`Grmu@JD#oL3E+g^nXNvu9SKUI`sp*WFKNe~4*XiH#BiW|Hj>(w--r zY3z*vFJ{z7wXJE}3O5{0YS+HPnYgH+c($`kYS$9s$c@%D=ojF~4S%Ie(Eo2FWl49nq)z z-c)h*fHnFEj1OBnVxB_1Uxa9y++a89hYB`n@jSxp@nglwfIp^#7F+hT^f~oO97^L3 zDL^B8rDlRkzGSLh;jB1fpJlw)Reb4l_bzlXA}($K0~Ja|P9^b>LQ8`Qs9f{+L5M-j z06E>d5+!lKK42PIi|~=IsEXkNb6{*~?HNbqsSdRPFQL|;xx!KHa2cG7{Rk^LNk>lg zv%vNY94S}9TxbKE!7hpgwgqU5EkJ~Y7w&Dkw!38TZ&Vg~lEPNn9+=C6rodDja!b?By z3Tl;*6&mucG@mEZ`@Mrr&$UH_QG`*HAto45o%G0+gmN~O3>csoFlBcAB%u>RG#iWh zEm3qpq#$9E{sHK^GVv9b?;{z9qIRL9K z@k`~_tX_G2eK{^NCDM6pOGy+-UU4vZF{DKJ==Qgrslm1bdN`+d;`O;cf7|m&hK=kz z;-7tWj*QM1i_P|vYsuQ3ogbg7!q1svRHS>W#jzr>49fSbeMw>LU|7J1Yi35y5RB}e z`T5*wU-7{074!Fb3l$Tm)n#Fq7_^~1;ITqPR6TUUQl(2IRXpUa#Wt~m63WmJi(LnY z-ZFyytb2mCIu_J~+`LU1iG@2W17v&619)BX{0;+KCQ26OptRQJl->UJ223Uw%2Ed6wcPv8sSwW4Zr5}Z4^;(uoN)lV_4b+l; zDR^}2;AEkgvjhbOodks@p zbmroJqmbfE?Nwie_ zTkHqnlQMW>Id<_b{;iH4c&L|s94+Gy30eLWu5AADC*f+V9zLt5x4EV~tE;!pHW&P! z34hTZpm!o{IHPCOa6+TO(0cQ-AAoHVdbgN*+CLC|N6l-jskYcFFHApKZIOuAFtUnl z=%Uwl^ne?6gb`Wa$D&FDfebq}{#?zH@YgMy>}k_6&6P_9jM-=6(L*r1N6dXXk?KV5 zksDaKh{y<9%^p4v%QOKlJ(gJev9Y-7o{zJYYPhiSH#r%|Bzc!F?B;+MD`S39jZal9|Y-}f$HmK zXn-HrLr9&%7!1W4j9TjVE)X4Re< z`-Q?2t{+x^iTFTU>6#Gv5J})6wc!|B22R2WM-~plp(enmz;>2}Bm|N%fFplW1;E4F#SwAjY%8%Ti`({X!Zm{1J2p%KolkS|m2FP+7U}OpMa{z_-KZ<+3v=b^}lJ zO)T@5_UdwEkpQV)F-cd~1DB8L2{mHiYWMzNpH?e(-JBHe9Cbl(b5V~a|c#L7WAnb7O+2}+EW>&}cVwHKSDMKu z%gq*aiQ-+qzQ7b?ysPQW55!ksDo%~jPy|h$2##XTpO+D{H6E(jiW)(`-1(#G(^u*Q zT6@nNU^}e=ub0N}2OSn>=L6*VO`dYUz7U4YrtgT7*YKBj3anKHG{? zIMF>21JkZE@tiI`xBFn}H=@^s0rwhBtq=baFQ}BuLTu@mN|X*|Cok~%DN0)Y9oMuV zJG7x-XK-!OFeN+{*g6Z(PElu*GiM%_JudMpYzv6~`W7RCEd4|#nalQvdg(9Q4K=zE z>W($q%vLpph&hUvR68-D#Y?1jJTu3Wfw`A=0ys%-%T>LXfg2#4dZQ2=j$LWR*RWOc z+|}3twFFLcLG4V35UT++7Qx+hjl;Ax!ko}tOfDh~uA^NxSlWopUDPr=#}3<9gig6@ zF|5u3>z$;oY&NK|k|#?n)GISA++IZ6wa`uSrZ;vE!iddXScn$C6+JWF#{0B2iDIz~ z#0XX@SCM{!?t+t_Fes9glvlEbyVLADPlO4`Ytz}uz~fGw<1{pA70J^^*vhkv=(#dk z$wtw&wq;w)pZf)oD+jAXxTi0;92i(QkJrgvxh5V{Ks(y5sC0rapDc>GAv>H_6;j0opNOfxrsSBA|+)VZTJUuDg zc`Ch{Q>X{*Oxu0Je6P?cq=lzRm@WUzs*LpMT?9gYxo@ZB8 z<7iHV@$+6-HZ_~7{Q^@Br=-=HQ$vK9`D5jS`O}qZ!<>_#)y@66u(wibB~=6MY6T@l z1wAF7LAdnQ3_(HR*I%9%3bk}~QI9U{z_&24JqreJ6=Y(>&bXC4Zq{`#*Civ0m7iF& zI;8z$Ot&kSCxs@5z=1Y~*LL*8t}nuUt$(J_cZqTW>Y9xMS}GvqN!2HNb-%TigrOdK{vg4Q_g|p_3T}BeS|qqEk~8v^uIOe#Ab{u?Pdfw(sgGC zGScc~@TT(0aP3nl?4i*4^q#C~!ffy;wtfa!>S*9qk&`cEn~^Yg^p~FRZaf1ICZ=z8 z7JMthl7eE7@~n9Io@d5=e6F8BkG}cPyMy79V5ujKeuA;f^F4yu;Wc7X7*>(nh@2~DPkTbOiJ4@*kW*exZ%vUXmGXfU|^W+gT&sXiKqY970(dX@vV;`9( z=hCtxoqDLOYLdGp8@7{gg4bL09`XC_EPlkC2Xra+7_35a}+GhbauFj>dd&6o7 zxjat`s`GDX4-+A<+m;ad_Hp5*RNd@z4H|UD@@3VI!~fhI%sg@L0#4^5Cf?IeJ2EF4 z&Vrck{Hq=-;)Sl7Tk_O88_8#ELy>cdQ_&g)8~2tkb9H{g(KGU2@$iU03r2kuWXVHJ zf3O+hEfIH_@LpLmQBc%a>w=0tlMDjw1SlEdFN=5mj8;6;q2YMxStrIL=+=sNhf3#n zCXn;N8yR;SG^~4MChE})Hp$_gx+A!N()k6&`q=vMU_FK4m7%jE9fK`RZ`ZgmTWC5JP*l{sOlK9O|e)iJ6`BtB`lB?GLAHvQtOt5ZA zvuWG5S!vt0QEA(@ZQHhO+qSJrW9r`Sd1j_(`kVjf?~W5YV!dl0r{F;JC^l~__Qc?n zIUN;za^C-YaGK8Qu~h&80Kkj#Pb&f1f9~mJ^zHu3u)kXk+7m?$(}&zMeS1164!f>? zZvm*?6mbIrT7-}c0ZWho5vpa+h)IIg%A}>UkuYhaAzpK{qPS&cM5;UgJ|M$lJIz3A z3C+5B=eG4HUrx(w_Ug(c(Q4qho_F>poyoN4QD^7nqlf8nLu>Z65N|&RBY%jE-LnYE-ZBTE-XsS`;L$lgikdp_7Hj44d!&{t}RL~0#@^^Y{=E*2626C|=J)d+^}vCg#r16K#j(b<>i=No(&0)5+ zPN(OKcpN85QWKWPfU@&r9F~j)96u*{e>YEo*c2`jPP20;3A)l=^;wF zwmy}udR=VuVaWvKD!B+V9L!Ui#miuGz9U!=$*VpK2{N;0_t$=u#vW7`)WxmpbiNIX z4N`Lhs4OCGJ~yLXL=Y}1DY1pL9Rs!4ui*Hy68H=uq%H=n?K$m09uw{YctwX{?Uk_3 z>85=o9 zFI(tIP(!MzPY15+vw9JNugKjxxi@##*e8-fADCrxnlKQeDMFo8byh($#*ix zwcF5-HfVYAh%(}>Y!DZ$rXJ(>PaEV0Y|agk@q{XanoCc<<_BPM*X|L?QokbV>e*)5 zO77slppLuDVRZ-0KqI41ACC^BSgQngG1muS6 zgZtF%sdSMYq9eKdmg}zCG+%h>DWc@hPg}|5io_T?fJgmAs-=EK^{L)td#w%v+uu>Q z6JA~xunw~3OxxTtPP-OWoL%j5;C1Oth&St{aHT(l%bJq~wLtlV>ot|Dg%n2eFY*y& zlfCcHmGt`6%AMd*=%3$v~Tbg0(w<@(KK7 zR05WfnR!~5>3yo%8dQ*l)?+_~wA_DM(d>2^y%ZhPSA~u{U&dM{>KZbrNfZxmJXj^J zjU5K%jQdWpYddtP%QAyL$!%^*V!s~J3+{P80Vg*qhKg>Nf;fTtD`^* zU5(x1tYC6(SNarl>Q4e~^QuDvs?#>2RE88~n+33SSI$AvYDxUHj${863tOv;oMLo@ zYc7y%c#cLotXIuRbhDIC4hpCGwgpYe`4>_~P5I*nX}5KbrG~qYN-~^A$KygH-R}lh z3Y#pH+wtIhlqgMGpYQ9T2SpgBH# zBb7ndZQDCrMz$_V=rYrrnwhQ3@tYmMxBIxQlEt4i&vw`RhomUM+OR&WFgQr?9Hx<- zl(4HHM&?MovfHTyp+>!4n8tr#qh(ZNdnf7T2ANcjv-sV;1Dh3(b3$B^=z68t51Mew zOQ`eo*?4O5W?7hb#lZ#F%sE_t9r|5orFEyukyy4sSHp-+?S!&+(3o7W$xPd9`SY9+ z;Gr(Hrp|Sgx93!5!mW%CsTo8GQl_=miaA_L#I)X(Ep$8yA62|T_1sWrf)rn0>l4=h; z#I-U+H%L*yzkS;Dx`LrzEgfi5_TOq{i>hEz!{sIyQ?*YxpkA0?lD-Y~1m z=(#6fVxs&WlGOaud*muNKU~co;#1Y6zvHhMbA5+|7o2bNx58sOVFR9@G^gg_5Tj55 z-kweX2u0gDC+%;?a?w(O?Hx9UyIN;i8@b^1>nx4=IX)FRJQdL>MpUH}4C_zdl<1VQ zaEU5vZ}Eg2zUF~yC#u>)-Q`_VOs07v~)@&EfP@yyl9oB%#)8p^g=c)(+h2q z8t(1JeFqjyfCj-n%(BsE*0F9hf1-zH6Nj5yB{peHStW2EjTqV|iaKN6>S?ltfhG(c zkx3{es_9ybAClGo5UJv~hp`kLW*_@AuR!Ijr0h=R=V+_R9iquDsFs-aHDKoDd=mY09}WYIHn>oRufNwNoBz{!D=%% zWRjhe^a(Dyf*J?PEk^*2VXKSEYehH)C5W}F8Qhch^UCN14L(dKBMRP<2^v$WqiQ)) z6G_y8*631OXF;4mlMv4_V$pVAzwL>d0Q0w(!D{wNP$2J!N{m(kfZ3x>bfoYi>ziSO*WzD{iqn5doN<;l7Ipt z2=ju5u#!Y!^R337!Nbn2>o&0W7 zTnf6OtEu(afMx>`7Qv5>E7fx;nF*Ydy{gzpu)DB9)*iO(Wy7*{mvgM5Q-a44Ww-2r z-Oxpy^SZzka~jkLg#0F1yrB7fSK+7nP^qlsGJk(GI5NqCS*31C=iY(tz3HG<-M8;} zwKM=58Zonk$NYPJ`gw=ErLpmCBu4WsSIp$+`7FNa3RZ)3%ggu`lcxkN(1j*6MaUHTHTIYrRQV zgY2E5&tO5AEhghke}1w6eiVf4uj2drMtaJyUzofDq^2o|U~b$PRcBI*UQ|jT*Cuis zLA=_YaA|BX^e1-~&+y5T;XE{H0D#Z03dB|PJV*UyBtuhJlRUBmLQ|WwJ6|c{>3#qX zDR_%DA-Lb#EI8k~2nu+Ebs<;9CdM$1%pDl3B(7fur=OW{7GZ@JW?@=5D2Px6T#Nin zm*SG-ZxfwOL|tCBs2nT$Vrs`)V-jq@UeS7oI^H^VqTU-=pJw114(dk-5yzEC)>V&>gEOl3T82#6FpQ!;F~Ba0Z$Ri~Rxk zeG#|GTj&HD<^;9Vjb3qyMP<@?gKmzDe6HU-+q$XsdW`7t-};N3%Q;BNzqW4we+0E; z{`si>Uq<);iB8NzmCsfxed<3=5Ncdbx69V2w)rPfUxC( zrZCBubLOaWhIr|cSIrs_bY4Gr(j94Nr~^SeG}DuuEUy=`$M5@husw)O73I1EV-{ha zAx>}UV0+7FAK@Hqi4uVioS$-|M37kWtqMWGsmq!C5OG8Qp((b2xa^oyWHQA@QB}Tg%*Fp;hFdaCTWbp(2 z8ORqAjxSRl3I+}!MykdB0XHz|w%F`U!7=r{^cqSW;F`6!5P+Q;rB{}&XB9dXYGIOaaOP}uboDA5ir|9r79bsYZ!NtgR#PqC{CLTCA-V zy8^oc9YvA>LPF4P7x%l*rA=U*jL?Wi;qVcZxVO=w12o5aWs5~eGE&vh??z+p9yLPg zMOmYPx|n;Fzx&J@1aD{M_KYfL1e9#H%nhnk*@@}ApE9Dt0FwdrOInnnq#!jn+hk#s zB!&s-P>#Yxz!h4oMsx6!<2j;lxWr>Xwh|~+j#=AZwuamMe7M@k*%~w?V_n1l^ShZpDlBv8s{OXA4RwB`rfc#JfFtFCcF-PX+WelTNB0+|8AE*1Z z@af!42-+4>g0_nS@Alrkc2@4AYxcB>7q8Ts5HDcQnAjslRtS*e;h7N6E#)+f zYRLbE;Lw{}DnYY((9zAG-BA0EVTWuI;6AM-7LB$ATq5$8FfV&usPdUMz%veB{{xZa z9gxFIyxc1Y&Py89Tku`3`bgH z$ejfCFNN}g*pD+tIW=qXKj=*dtDMU1AykK?nw+wKjJ2QpdkAPx6AKQOJI_4Ao>`EN zy`8oSAxMnzi3TbVzEIwS!H0P{ONM>m5nZevlkK9mncDA%=R( zhv7UX-{f?%-X(M%Q`rJmyN+@1xr^eQgyzmWR>$nQ<+vpk(buy}5s%l}8?XO89CQ`@ zU={nz{Luf+E&uoRishewL(2LF&Q|&k|Bt7+nl+)ll#i47$RFDt+aO60jN(QKYPlgP zL@`hxV)YP!5+DMqofEc5fD_a0O$LOtPywqYt7A8yIxTf33u|1kw^<1nBAQiNn>MPw z*L1d1b5V1#eSrGpXT7bpYXC1M?ZYt{br;tg`(eog-YPj#BxuWgyv>nJv3&rxVtewzf*|c z>ivFxTc4$ib}k!y!$Q}i%T5J7H2QLrJ`#+M6c#JfmAxGsGKeNO_ll22o8!XEiDCmk zVi+DopY*JVt#Hd2S@dpFSEV_@#Pe7YA{Wt?2bo=ZMT$0kGXs6uYW&bXHk#_#%v}>VJIt#) zKzN*=HZ4aNV)-jj*h2WeUBAwnZBhaY7qa#NG2w6 zjz)G`;Rc<>ZR1U1vgGQ*{MX!Lr-Z^Ia(Ottf0km$NVKb3%CwCq!9c5xFV~`S9VT|j zMZ8~e;%1c^FO5B3fm`lY1*ODQxPNqE$Ju2f$BAhpJDMn!-o#40-Npt;h%70&dJAz2 zr6w|1-%_D6Z$}k;?=_g!Rc{_TpJlS4z_>tmQZ@3*=~XoWLpzORDO=~kxfpMzBE-4X z<#_(Qke`_LkfD_}u{4%b5o1TQW#WWU@1(-5KeU%+ ziDMa#B~kK5Oxa0_bIokgcw*Q+xR$6_fzx3u!|7H4?$*J&gK4SJSh_A=M0}5- z`i9g}FP$2*Edb#wXij`Ty$}A|K#6_3hcZi=cp_LRYxGDWtWW$>muv^Fw|KubA^tNZ z7;K$qn+O|bs~Zq(bmJGNIl&PC8nlZen5Dz<-0>uckcFKPd;W@l5x)%7i{&yTEdYyO zm|n@XQrfw7Skv&p`3wnb$Mp}W6G!tj?9jl8OQE}|HFvxItYjN}$*<(tk^Y0~;$nz! zYWvmLHRxcSc=gD7a6&~}V4lOqCk=dw@rw1p z4hM^}d(Ppe#+Rf zF#_sV#A$GQ%)WEcD)CC2>4j8ROyd8sCxW*@`kZ`UuT3Wps>W080d zm-rMF>q8)1tF$&I1X1hoJBEWqJ|igU65y)>Q2Gpm43x%N)pXhV2t?V zfs#44vO?I*q!RMhjgZEHp*ts7q7%nhbum*A$Q3f#V$U+!(8XXw*I_q;JL3QBKeOL= z5nJNFq~KhirmWu+q*HI+C2;7WSHt7lvy0~0*l(QKcm<)(I|Et@aOX*TmkJtD`R_~a z*tV;$VA*^l_^aozoCS;eoB>7^kI|oyNx+=DL-OU}nJhN*fYYkk23ug-(Rwn02daQ6 zvavz}7ij(DcY7`|1m@>mfv!Z3=QyZZTth3AgG!CE%T-XL2KP>NOvWIC0{fo?uY_jne(C*9kQI8+pNLzy{Xr&;Fp!e(5GiL{ zS%Db(@90v594FopkG3PMTomS8fbfDQoA#lqikH zxDrgkKBR}Ez!X)FXR+>Ar+!gjj7(P)6F52<3h@5}YBTnQ>%7KNm6XjA0Rrm^XAF(n zMDv;SA}4`WtuXHFT(8sSGig^y_1$P<8NZYfBkWPTRen%bOrCNiT{0tVDw&`*PLXKq z|4EW`9n_G3I63U!sw$SbMFeKWs#xB{9;#aS>1<|@nLK3){&~`vSL9UH`>q^i%&Vx_ zX<;l&;M3n70`jEXFJj+1oa7 zt93iRU~8I(4BjtC6>ciDi+B&NX(ESO z=A;?TI2f9d=GnXKF$b6eYN@&~ZPhg3@0rYw=Ha-vD;|+H!b@#r^C+D6rcnypn%fpM zuP7!iv6`H0Run_KnFZJmp{3q*91_sIb1U8a9|UVAY#eaNqUGY?Wlo`wpxS|NQp&8$z4nRPp9?OUz%dNa2;>-QgG8{8W!FNqzBZ*lPS#HLkA6x}lXi%L$Gk z-GDUdqyM&n2B-QNOnS!tVYIjT_vB-?EYO`mHFRd2fh`MvlHh5FOEjs5m;g6zN+^?t z%&^d020S~>7_Li1yJ}0jo3d^4GtX43+F@lovTusG&X}5F@%TRkHfp^VBzdc-gOgCq z)2;)nWFPdd-Ne_UdEJH|(wd(6=_*%fxp1fMUXiy4h<^*^_?k2 z>xrW zdKuQ481oVNhGF<}+&iJC03a+FBT|a19+RG0FC}6|X5uS0;8Ggi^lt{N@&ZYCKcr}c z)4cEqaG{+H zn0mfPeB{9EU2sc#tiM=y4wW^kH)8*K36eaQs=t(Ycc#=7l+zMTlMnPRVKkRkuG!H+L)SE!hfkFJ6IeP&EK7b^fnOVq@e;`hj7 zBM6F~w*dcbNkjFF1?&~-L+)88BG%!%chCsBrP!En#Du=)@wuOpnK^B@u&>myDtF5w z33o1FJTG+K7pzQ4?c(r~%p||9rT!z!6YM*NH*(Pfx8E~t2et*b@NNM3@1n#fYwliP z_gek~DJQU5we!v=GEKhH+e&p_K*^103UADzM7cj<_lZwxVT&vT>7@v^d__8#$iRoQd{G`jWzx36%{)-G{0reIXWp@9 z5D>sRIAxc_94UO)?B{YWzOa~i#UekqOq^8e}0N#{{h@=)4W>$EfMJ%#D%gq}wrvz!Q5ZXyyWLe<3 z$Ry+mexsOcgl;3-fpTx7Y18nm87*2oJ{zU z8GzJb9;ibSAa=*teL)DkF+A+b#k1|^VZCE6&+h_T{Q%f?g@3-FJ*@G~^E}Z*eDy9k zKC$k7IPyQ?a=G4syg;_Q{VMDOTgJpzHnoz^t`~3~0a`WySOHOieRe||9SZ(>p>%7X zR|39!R?l0o#>AY_5wD>V2s0I*^HkZ2g{BEOH4nL9_kkl7tcl|jE2VMZ1xO}Qk){`$ zs`c;>_>){KACEfcQG|MLXq=k8Pev*FMGEtcO41`W{A8IS*{e`P$waztlNR&%-NdNR zsZ9|ai2gY2Cguy24t34&z@6Q~|Ekg^!0$FSB=223SJqf1=&-{mfvneLyWpTwhZ?+9 zY6hxY4QU=@Ay+?&VsYQWn?^opq)+~Yf#K_Nnx^Gd|@hvk1|eH zIjT(b88Z<)iUO*`q7TuhJFq*+PH)0at~o5#Bq#!Q-g`q4Oq;vHRgpbB14V6;oQyg= zBW<*IP@PUF5zsSH;Jo147p~r&f}3hN2TP;;0)C9iMP&>``Yg{2>~RGg`+Cl}Vh(z` zsOe?9cke`uz95^UmkO7t&=P)|4RDE8RCG&aD{@UCoP4X%JX1z=;KzyKzOp9ZNuwkj zMSkj@Q8oYK_RZmtU1%=k_3ZuG9if~LN6J?2k#R=Jk%S(cHM{Wc_sHH()tOTayYQfv zQ}mwLgt(i@xVxHDH2rEb=Eas%ba~fJ`q=%4L?`yv`k{Ld#dN*Eh(cdO0zBN=HQKrWO6S8Z420!-?!B7DG4{M z6s1k0*(b~}u~f6R@E9N{HsH(`Moba_N}iFav)P&KTX^ zWyk)nPP}W8pc>OeH*u@bc!E{?E`qGA0?O;qJN-mu1AV|xY*~Zi3TVg10_rtLzIf&# z`^=M3$y5eGjujtI+hTb?rfZR|8D-Fp#r+M6-Hw5FkJL^tO!ZNb{f?@`KUINi6<~6* zJW$PFUv-hUrr7h$Wla3^uCSD17J#DPAuN z53UhWCmA?tFJmzPQVs(FBAg=&612E9Vp^A8o2qJTL@=xHqfq>q<84}7Y1xo8w2t&9 zA*h~9wXSZyefe;H=W{c=zTL^D$(%+CJKftqn%Va39liD0efc%RYc>%A-fe+hHivSNqVW$gufh-RVaO306I|!uWMF|QS1mvd4i4EHy1oR^D ziv_!5xWAkypt@5>z#oM~jRn682jHbl;U$&kCJd1SzsK}aef3s^kt=`IMnLp8;^3`4 zFb6y_0`2i*K>dv(7obVl5_>R7)q~Vm4v+&~fEKH=hv}sx#zPON*~Wi*>_~p8Rzs zCLM8sU&%}bdnM~!Cj3e~9*o4qs!QK++qhf#Ty%%5wpbLRVi;`Ta1`>-bLtCqNH+w& zP1F!Y+{@)Ho!X;KNXk0wEFv)VsU_G@UsdTfJ+i{OHa3e&im}7fM1)7t#P-C;87(4X z$2ukh3)@jbjW62CLny}=MQBM0@A6J5#>u)`1@v2 zMJP0r$YTlR(=H*-Z0Pb6Y~8#=1v4A8Qp)9NPuNZuk>q~@!5xiRf|ZSHjIwNhv&sW< zt8dYLIlxGkcjLkTP z#4jS1Nlt6F0xd)xzo<5sAXw%CF(ak2*eBzyun_zMF$1^o?K}n~77+^~OJZ&lZ&lfE zc?;%G4Eo5#FX3ToET4#6N_CHPmr^~EQfn4&)u1RiVXiowaSp8RjYNy{2d}gl4~I9yQ5H>ZLXBqt;K3eT)l7m%4Mqn zv?Xq(-ue_osE9SGp|`OC!t_8>mcSgJeC0$#G#u{SczY6X=m+V%%>jBVfdddsP1zqu{DA z!~m9XkiB7ZeJCPf<$4K6U+BKzSmI&?T4}OrT{368Q225~Q`$I=u12AGB-k&t<2BK= zA(1aCoVZ{-?^0i$aUMNLnOY*L#7d6=T_D1x$iFrw8itkQ*qbAXsoEP5ayAuhEjepO z8AtE%hcXGi&Bdi0;rC4e7FCEJKK|pwf_b~Bpm1WUF1hvHDd`eM@&?hRJN0&8O!seX zv*Orx#-2gSO`^euT*8CEA|?EjE85yqI#JeAoWNhOw>wQ9CfrOrc*qBwjSb>Mn~{^H z!Cp;iUWl4nj=z3Y(EQj zk!k|T#NU~$hN<(PJMqn0c_@uetza2M10GEa&sY#Lwv71Mw$pPUHc zaKQ!d+sJq2iP>(8k^V&i6e;n+G@6H;;7wtuuRg^Bf=aHYV6tti(uT|bmnzv{uwShn<-ZJ`(W zDd8&}K~Yornh&4~PNj`nJ+N)!-k5!tPDnxIqs`S(l)gM(0-ay|yL}Sd$3Txg2>xib zsY3k+P181VTZzRCJJs;}R)u>O17os^ib1(F&Ge}i4m248=c*kRbmk}d{8rUTWp6mr zAElG@vdZr56btBL=Mh?BsNC$)!b1BL?ab2j;mVe)KFl;ke+uK8;bs##5zf@JBCe!yc`BJW zG-zKwOUEEUK8o01{AtT&2mZotXoi#_;z0mI+0OL9R0|84Qc|`toZTE3PekVmrK^Q8 zX|PfkNsZ66MB|F&g5_1A)=zQEC?pe-#T3hw9|^a;bIM!QT_Ye#m3GQS5)`O41!2ar zeT0uxNoxCA?9pZ)ucNUD^vJG=A$F{q_|NeaM0+r;y#k^iD5r;I=Bk55veq%2&UlYh zl^5jZD|TSfq-|B7R05pqt2R?=iT;{>vi0J;Y!7kkNy`&d?Wy5hL)(K}d;yns_@p~>F$~)957MJX9g0a+c`@Rtxd{q5dPFK0ERtxDyu)41G6@>D`&e?hQu}6f!G-N8 zF(-=b8B+TcKi0-qbkAK1^g2Wm0!ddSo>r*0*=RqWudcOOxC5z0G`%@@FgYS`|B<7X zTx5MU{0rix|09U^|G_~1BPXq7>|m~MW$vN>uK?;_F3-u>&FMce5EUI)WEGU{#iDc) zTnboxNkD1}78yVO=DZfcd=zX5l=KZOgnicbBBc^0dlN;dj+Bm1^lvbH{^Bq?@2CFV zBZv0eskoxx1~lHO@$S={#@W>#Hs7C*&0GM{duKG;gM=7KG@iDkegwM9wgeH|rgW8q z3Z&epeJp9xlZIE6M@brr`*b9gV|$(TZF#?3>ds8bmtf891$(W~x%#rglENCHi?&1& zU@5AqVndBl9oP_!9+Z2)_vz`iP+q*8((XbT=?va@sreFz-N#>6(N(A&KW=d>>LOa68Z)VPkcn7J?2|l9 zP>XpR9m&-$7gbdj_JRz!*-sr&|jr=5oo&n zBF^fd<$)c2B&N3@gcbC;y$184E_sGc;y&gnXfQc9W>Au>+|rfX zH%<00jYVsB7WaNd3?VJ}!!$t_I}j!k^Uy-3f!{=%us9=xEr!VMurPK52 zLK+ziTdm#r*r^6U2NYj;&qKEkhQ`_pYn?2KD-sTYtz%p%ct443y2JR)ozV+iZnygC z&dd!h3S_&I$knz~-m1FlQW|r}Zx-oEKO>GCYX;x2wM1cgk}wHhPCA{kEkz$5Meq;6 zdrku*DCh3bTzT9w@xw7{#<{;wP;Li!B*u1OdWqR3V-2;d3Hp)u?Dip>25!&Fc?Av_ z611Nk(mi0h`@B2ky`rWH5lVzP!cdMe5>=O3n_Sxm0h4a|^`Iv($UDJa` zmOY;$1atGF8!o6n1B~t|8+cypaS2edaLjV#V9Tl{^hOq>V?BQP0g?kmmBg7 zAL6XNcVRd+#E~R)0z{6o>RR;Omt#TnlA$4UqRUp<-QI1&l8nt<>0y(rA#?hi*?Z83 z+;z_ch8HY!^&)_=b7{zt`Bw*B7#y8p?{ zRck=HDX%*7iZyo4pAqH*f)K+*)&DBQtz#faA%KPiN$5)eXk7Qf;wkcl-9 z5cL)Ft)1t4EtgLDDa=J1|H%DRCcLfvC{M6?tv|%Z@?Mma3VxmSsYrNf{cIB4`8g=H zh`eq+zQ^VJqV`rR^nF~!vb^n`r2HX_{aHHel|1)++75hb>+^G^Mv>Pw-wFEq=J0ER@FU7>P8h(dMO^D2ttB(XFyC z&UKlG#RtDTA$?H4I5g(1dAN7LuSF1?ljBN1&a!|Q`3sf|%7F_90(WVSSq9+*V0oEh z)*g2rDHPswava;ZSE0`jG&HG_z)qCSjQ$a{xw9`s$o$-z!uIM?AY*%b#almnyzl1S zxjOxDi@e*dxM#(0eRb>1b-j~~c4c@AiGJ0ak}gh1bIoR$!JJ-~W?tDsl`(B$N`4jz zJrE_!WK3^ClfFHZEDFh(B{2wZR4C*~2+L(s!emHPB3s(c#T-RRv%B#P=y6#<8 z*;v@v-FmyvbB$Xa+WCGwjWU+FyAgXFS%*$B#3UA_jy6(8u{LwGjTkM)RCh+aznOSG zG;pQi88p6~f`LNVQDEOl&c&!#@*eGTOs2;~l5 zf;!GI6s$(_Q9wMd{`B2jxJXw z@l;Y1Ed~Yar5qk3<6vl%GT6jx0xNmRi553jmb5~P91yttv3Y^Gx;)FG@@XQ6n`5LjWP|NdtSh~{nXDnC`#VOk$M&yD?2@@WhQj5&*y3BQ;de3a?so>E!M3Gr#qJ-%5YiRLJ2Au z$9&6-Ex_dO75 zg|_5!OTYy5;o>${Y7+oQ<_t_1WlT*7(blv0;o!T;2VJJ@=zaB6jtrv;n`!<#z&0f@ zX0Vu(JY+sU$v0bUZ7OS`49-(z!MER`fGaK|Rq2_HlA=`lEhQm+YsBLe(X3(T^_#(8 zGJs_`43^$&`%S*zcJ*?(-6kyBqrKzdq)b*A_6hE8Qc5}+ud~=h4)`) zH)$y_=@h2*7;qsSIwoEeOi>1yH&xd`DdEaa6j*Eq9Grn?5k{ivDF(YVQjFFRt2+tT zq*Fu;i{c!zH&9a6tNymE=Ll@m%Q92xX2IaXQAhT${#mREge9jGCBKCQ}01F!OAkOt2x3?$cK?o~IcfKTf5` zBYSz%%l?w`ak z5_xCI=9Q}5Qxc_@V!!fEyx{3O2z7qP>7HmZ!J3zKTaH5nelYMBD?biS+s%z00VAbc zaRq8efl?cjE=DR(k(VPfQX88y_XnF*rXUg_D0(Ee8Z!j=MagL)2eu`+qOv?tLW$DC zt0g!#21`g>8t9eEsvc=H)yyg8_80T!h22GPI$`?w`&!zeS^he4w%lVJNsgKm9vXev z17;FY_Ur%!4)Sb;hIqlEyD;m}ThR=p?8T?*o3w-rCD*)VP6*`zBC=l*<`>=V3dbNg z^UQ@;3_j?7(oCTjMq6%O7E2M zC+W>}*KFQZnmxOtA%o*I(Ym>S^r?JAt^f*mx<od@AW)9R$nff z>8XGU451`w6O7^BCuVRX0e7x;Fnhw21XMbb-?PVS=Ob*iC30HpRywakSuImP^}CT( zt5`~GX@BSu-NUCBv;k$y^{C3lRKcX-s5`!3|SSgXS7$#IW-kL=TGL zPPaoSqiT?(ccEws(SLQ#PcYweEC$*#u?rMur>Nc-yXX%+g-vNY!4BW7@;kCanPb7e z!o9!Q1hm;iNJq)WoTIleJbpdt5?9}FER>9e)-Fgqq|PZs%7X>u$f<(}y7T4(1r5Ii zNg@ET3Q)izHw|TIM5G(PNmcTz|NQ_^aE?q`fu%=Pw~*`NqISN*G}+{~&kXkQ=}m|U?i zvM+i0Z2QTOJ^Xz1oV*U|b^c>K&{wz;yC$)B-(Ax?`BSM0>>yZk%lVIhYoTYr4bC7` zYl8f@WsF{9ah#BB=jz6FR!fFY!cL*A7A&OL(#7(V(i6yxR>U@+j9kFtte>XwY; z8nNXK@cH@4i=Wr*X7zP@J0m?)-ZDgcTxk7}*6K(kIFa zb9*+yR5W@#%h zX4W}+edPktf;?zXwRz*TAy~M{f zR*uO%e9jAz_Zvs;tMGLZ(wv&RGn5Z{JH@d<6x6Y%aa?TR5%~CxgM9~NCmP5VPO}_H z#nGLN>j2XVU))%_ys)&@$0wvy*2g`e6Kj^8gtb-=PK|=bDCPnqHlTe<@x_g`(>groH z@ISN{>%Nz0r##(AO^G1kDI-v6nQ=l|+BbrK|w8#&n9`vNyPHl+SMNHg%3Ci{Q zS{Zr-yP}fxa{%|08o$Z40qsK5(U9PZ+H2 ze_azHtgp2Ru*p(rDVEGVhqO!SP)A9+-o2{!|@O3;N-E&7k~Nd8}!D#}Fvgt2*zO#&6`* zfn=BaOk4GuO}CBlWmYS%Su<5uX|4b}Zx z&jHhioDB)^A}a3+-vG~6QF`~j9t+!px`3-ZrK(&hy%Z>u?j0-zgKp?zr6fbC>no@G zGM@-<=>dzxqOS>vOfDQUvtUu6btr*)A-b=g+m-J^TH!qgA^4z+AUT9BGFgMQ<#z3( zbD|Yed5LEh0FG%y+XCHnnacJa6g$91>ADoSjT5+ya7b!^hCGdi4#!CK4B^(D5Bas# zFh+7WT9ebmqJFV!j>A3kFQUOfBLsJX!1)$?Zd(WxsbQG#oW#YW(xVgNU*5|R`Aqii z`^+9-gBn?HR^+(19s7q9*Ew_zsXu36ZF3PfB{$mPs4gZ0TbE{XmPUj+hOMWTH3x*N z1~Q~?ZbXYCATRiL@{&05&dDX0kL}{)Ap}NCmIi$q`4V_P?b8J48K0>pvij>dK18QP z6emj1XTocp6fj0=NVaM*gI|#|T;)HkOSX9kxHw?q@7q!aR)~us_es*X9GCdaD8A+? zFVn9EPecwr-%+Q?6t73RqIhX}be_4CiO7Ac)b3xbrvc52wV^fqAj~uMC7U9?ZEFxvRY$-_36h;LRAE%)QFh8YWCuRc=46l_u56G2fP9D6)@({z1j$(pw zP)cXDNw|d5O<@10qu`KDj`nJiRqJ~yp4Ll8aV^$ZndW5f(2(8cy4#h{ldoG^ImgG{ zsTD}mo<387z0v?F4N7-D(~n*wCRRf&+Sqb;k`Q)p3EE<#XT~g*o9_{^CGOlIsz4V( z@qs%dLl24wvwU~@h}g)V^8GnGi9$!k{SetPJ1o!E@Y#Jw5EpQ}SuBRX@*)^SZw{zB zQTr%(yHFXn%c(mt1|o&VmQ=k-L)ILWH11>pTd2Kes@~eX7KZgTZ(h`TN;f_b@%Tk1 ztvmqm#OP4;AlEf);hs~yIp&v$y}l5Z5~L%E(u>A9&&#;W)ZGozkaflSoSf1n*SbGdqbJ-kJX&SC5B2L92E=Q#hgSv&+qg*pMM752+v=2{n z7L!mZF35WIS=al_|14E4dHf7xC}!L1rmb=|0AG5*Eh2Te56n|!`aV@vtCdY13)4u7}NP`$VK7e^Cxz zG#HsUy{?LkNrTma5`S9i=|jcfB+LZiT*#|<*P#~(%MGdMm9|Cf8-UJx`@6TQwY2tA z+i^j(ZT-FMonOW(cw30g^5kXhvlxOvZ|q4>NcMIyj%nN?W2E|W8V$o@+_&7GfJ#HT zzVcM{nqRO3D*;rPaKusUxe;e3P%%n%uz8e8i8yssc$mvCue^=LlE z@o8G4gPlA|rM6<4$=O~E3DT6%Xv)yIHmxP(!j80gu8-(4f2P?i7*_qxN~2HR6lq(| zH_J^cC!Jn67{r%Am8u-le`p80%Pc6$jWK@XJt=WPczku{i1!{8(iK@!T{SH5m&|_N zk?h*g7zOPVZyiDyk1&RBS@(0yVPspK!=tf&DbHFrwW^7p^dhnS&XZpR7FGIAYjE~R z_Ra)j2n$7XlvB=L4`nE@wa;Q^$Y-eW5s{q|MeCQ~UV)0ZOWW8$&2*m72!TUMdNALf zM@qdqqum`^2fJp+$_vXRTiq_I+*i4t?ec&ZM1Ug+A-8SD^--Pt|V*>4(-K2TfW zsyi&}tZ)Y=wxG?4RwAf&13WF32>df&H5@ ziS)lWbSA?=I|pU#?QnqueDj1a;uo=lroO07k__7HgU%zeRdvR&$r@W#A`L8PicBqp zPSPrn)N43k?6_-apd_eS=lEVXLA&N4K22w3n)h_Dc1UYIem!xWVy;~iq!+z(O<*8$ zyP|MYxO6q(U=y!FdNM%jDapUIJtr^x=Jz@+tn-w@hmr84T$l2if%3t@Udox{Tz=dZ z#$CmxOa0=YpjG}AjUeurZ}=SqvIPw~`q~=eM43EDOJA^p&k+M3|CG0Z^iIRY7=vS> zDyt_w8GC+y(NVZzaemPuJQUo5&W)u6)4r025NS#Lu!i3sHQ6d-?-brPOHk+97Wp`s zJ1^ifL1y1t04JXM)JzsMpH_6zy=cyA5Z02Q5>n!aUKV^VqH#k~+i0gaiK_4_u~b=aIrFWuh_6H*yXY^}TV+lukw8bvJmNSvzWp`}Ny#lR^8$n? zr7b3{TmH*D)EkT-`gml;8(#n+(X5D06;w`%`!UICQlvzjQjAd0Pk#7JHF(ksa<|Bo z^>5SCfEK>Pu?znr@h|XkdbVcfg~L@R?i!GlEdzmBEj)qIN8BV6EbeV#eZ1^Rq%E5L zbhIR?R0B2`+K2YiAnN;D)Q;UW*=uhBsADb~Q&eF`dKk{bnBp132Ocki{X1V-VE3s| zpJ4JF@wjAA-}eqU%QW_OI;~3S7k{YgH zSRH^Ck#qZ5YX4bVVN=L`12u~Bm!HsO(X}o%l3alMr>&ld-=KdAsLzjdvIjs z6;Kj?UqA_&82n#HW-?_HXIT?xb30=}BO?TXwXx-?v@WIj8lUX^8O~l|7_!=ITw9Yd2SQ%K?6~_4dv%AAoZh7`XW*U zT+`Oh^fArsFl~cSpvwo!o=_GOuwIfE#fEvdY`@ZavYi~bhIolwCTx){;63C5t%YgUX0-XwvF-#S$7Bz2oF+{glvB%UlGHSuajVgDNn?pUm~k>O5ST9<*a?bmqKbsrW!#z z={|sGz3;qeldjJ0hS3!=gr5J}3#{dZx8M$%7sU9TZ(3~*q*OyNwM{(|?SVNhBO&t{ zbv-Hr!O{1-PexRGZ&5-gSfVe_8FR9CrNLaQBhT%4X?F{&<8`biFwAN>>)c`|--(jI zw0IJAve=dTAK)9KlFqv#Xt3Fs4AIz{yZ#av2bN}ne*s-N7J-H<|Bkq5_m^WmgR+H< zy|syohrP)^{gM8UxS09g5c z=n$eiMtoI6oiC(1QC_n9)&W@HiWG9@}g5*VOWi>DYX> zE>ZDzY;I};aR}jePFs!_oqh^vjB7id$jqhtSu3^89L}Yx)kVC`(QyzqN_Z|)1g$o; zCNK5LX^djz*@eWxc_Cyf+|3I12uKQ2-P1KOp*U5$I0)Mfq~i+dRgNLz%KFB?r7ZDx z7CgNfmv?+l`|^BmWyI9|JylzVlPH__U_;yTM!bXr1ZJk{gb^UrPV6{^e@jCS2*4)f z-52DQ$B7Pa)Ww4Qiu*n$ze(pt_ra_GST52dznGc>5Amax*s%kOZYWa0eZg>s`hj5DwW?J$zY@!+k1iS!3Y zk=WJ!qCpO2XblEwM8#e--C#_MRQDxIQJfTPV-BLOq0kG~BIEKTp&_n;9nr?09{9zo zwZN+N3YSjSDPdE9C4pS~Q-+gg4By?+`_rc1Rp;y0Z_oRaPy)yrbotNby;jC}YW8R` z!_BgT7tEIm$laNO?P~4%lmyjCyXMGt3fE%opTjudX0*|tZ`82ulo=7+U|-w%_b!-Y zKBs=$W4=V(#fLTB$rQTNO=^a^s_OT;-jr%by26Y_8h-vtez>QHO^AAhL_^gl9`J0A z`~;)_6nPaJjx0c5As;rCXn5}*1w~VG4FlowTo4Bj`%a8qj1Ip?3?Xf=HCT*ZF<5NE zTk#cQa+s55??)8y{NJr-<}c1c$xgWm3t;W0pGI@yw_ zZP4{BSwEhVG!^8!8NYftmrI{XDl&I$L|K*EPDn-A$sYs#ys=TvMAa?XU*}9IEY1eT zBuiv|lCfA!#5|oO2MwS_s|TPi!Cz?$sU`&u_egY^n!|MHbDW1sl2YVid)#R}*us1? zU`aK*>R<%*MHY=Y$0yfZ-uj$KG7waKs#+P8_SR;NIn)Tdm1YrEyfgqrIYKZP$Yo0&d{l_AkuHba*d1| zrrYbrQYUiT&~;|ZxOSTGo}S0`F?Z7L(X6kd9$v^6DgBCbqqyiq2)44xV%+_e$#$xI z?d=$&-?3r4dhq%nJTUCO7By`DIWqA>?WwW}JH(c)xIsn?oIQW}okTp+RC#V9f2LH% zEnSnQ%8sNJ)vyqLsAa~)J82^(TCP_&1!0_Xsg;)W)2)zT?04IlrzU)~O z^$fa?T74X-_P$S`otH%K$!p@VMMxh$NY-{8C12hm^yWuAEO$fl>0MEG#@I=uDwm-g z;9Rqjf;1E=c?wChX@*x^r`yG%nnqXkw^}nVlxvgZXs>{;GqTJhWO(&acZS=A5B>D0 z3$|gAfed}Jl&R)e&mU^E7DFngb0S)i{uV}V&9cm>of>hq-G*8PPsw7?*U+csPNo9b z>N7Izxspz07y2HpRTOKiSc?e*0OKSgW+w3N|1_N@TP!<n~tT3ET+5OTRZn?HiC?H&XJ9?OU~r=`Pd@AYV<2(2poB&Htu$L&KZ9 zyYw6#vbna;O(_vtw>LatqB zfbfPA;5WEuxY2d(OsFobP>VQ0{XxwL^wFo+aXFwqAZwUpRc4L9K?3|n*E+gka4i0^ z6ITg$(&dEAHG9ZEF}vGDwC16+t*Hs3nEjca7Q!klovfd{q}!(L^H<*3-{>n<@@eUG z{qh*On}((y6|lejJRaJj&akcs(5x^}g{C|esbJ}T8c_mfLd`CQ-EiM6nk2K~hGvjF zMjB;nF@DOZmTtP&!pVG*o|CN(dMT^*Y4wa6w!*4ad?8=GHh=#r^fQwOR8vv42Pd5~}#ec!{cXVoau6Mx9Rsd|KEtVHMD6 zsN?fVV??SMSt941Ao8Qvi%q!i1Dl+VuWc__e#Gv6zco|w&$Ywgp!*c-2C1H4-IUDA zJSj3#aN>rF0P9CjTUnO%j0Bk`rvqE*yLhYra`eT6dkkJZiKw4b{uE>_1?)OXslc$# zGKP1TzZU{XK(tCTGG6(PQq{G1v{e}&rFXehmmFUTSyfLA^owZk1TAH7GPRYpgblYK zVxpmMsc@2es>{TE^~s$-(M7D*h8?iIiXa}}T9*ZJzm3cqcZ2I1orX=b(<7!@8J@uz z9eqZepGOqrJ~?iw}KG2{8W>Rh?U=L&K=;ju#1AtFv#Q z$@IP&-y5_q&e&y&yu?MZ6uK{{A{ywD`-O@#>eTVP{V9zH99uWXNz|b3JG;w9i^c!NY=j{UvQLqX6TBDt~IWozqcjg>s66VQL(m$RGr|nT7Mn@Nf;xD@0IsK~Wn_ z{o4`ULf|{~D#Yid;e8ya`xsB8Tbl=hUAVkX?oWO;*fBvW%@QMO9A`UuVt_Ts133Mim%SL9ng<9Yp9Dk;aoPsk7Qjl}CF-)zR z$`F@?a+dX>wudpkSSUwhD)W4ix4J>Kd=(+__|nLmlMYqluQ(wM?(Q*+4poOhug9$C z`Dql|m?6V6u{p&v(-fPS22;1J=#h4GnF1plYrz(S)1i&#vmUQtJLpeO0sH)$1HZ>MWxsPni;^$N|O3xbdt?N*=HrF%pXk z%)ihVTN4uHUI{*{3uIf2lRn{mt!*@hZl4G+87cg+juy6NDt7DYnw8Q(+crDPrEC zawC^MqLKcyH>!Y`)ooTK-Ihd*bR>d<&t})Y1kI;F1ncBpBwZ$50V#xewD*0ygq45V z%VQ@KztbdYXys8eF_7xstcwL|E%g*xt) z;E>kgk4;M6QYj+vS5Iq_Us{^t>L0o5O^F;c-S7s)0t2w>&I zTkMPm2ElNVU>4=DLQkxO2CST67F->vU|2F4ldr_Hy_E37^!hVbyy`k!Czr{VZ^=|iBw%p$%!meiV@1{(Y9=#=^hdV*{%0jlWb575pEh^Q?JI0D^Bf~i zm!zLJ;Jf0c(A_g9b|^}!>VpGLOnM4TrWcqUaqf_!!?l|;doGRdB2#yohmTllqb!Ot zmy8~8vOTfOlbs;{gph(X;p{Xpghc-~g#PX9^N(yKXJGT60;%$k`!sMR;9T-X9Y#qK z14<)_;n)%=D5xkp4l5aiED;$m;u>%dxZ9a?RU$%#E^mZGdBcC0IhbWjYgghS%Rd@=H6(HLdQR6*>;Rea}F2gF^_Bc}XZIkRgtuW($li)7+^w^>dBj-zwAiPvHRhej`2m2k`S>Ir|V3p^{TFip5 zY?6_-ajg66xhKFPJf*2MeP@fPc)`F>VjH6`lO~KeRh%bBNdT|pJk%6MFq0boiZFX?L&MxRr=0(sTh^4H}zh7Hl^ z^;JISLK{VWWJ}D%fk)e<+^bglV$&J-QnGd4jcNU?9tK!5t?OuxTT1Wwr&Icn&3RQK z;=$_D?F6$c3D2tq8ko~8J8@{T6Ln0eKG~PMU=*bb>2f`-G-K?Qm>V3SY;#m0!sv8I zW~g`8*o9A6-N>4jUho_N0z^X2B91ZFJt7G4v1>=uh?BX5^T@K!Sv{#a3=V-IBP{)s z(`=eRhd6)62ssi2sFPLzf>)>?gMQ|acUz7Tq&&ke0;-c ziti}vsQvQeV=7hvtQl7K8&W;

YBFGZVueaEaVkI;yyV*W>_3Q^5M5Ar@v0t3PWp zlsy!UVG9ktyE<(-^Jb!he9vcNp=O3n&Dx6KYhP$W=v!e3#eL&_?C*6Z{4;p!PVCqr zEVyql>StB9CD=Z5vP?lvo(uc78#7q!o-s!($;zr6w0)ixPK{3SmPzalb>&qn>1lqJ zRwtQ(zY5%XlC}0Isx8?joK+)(EXkuY@Necp`QUpzHs&`VLRQ@USh$vECM-9#?wat8 zO2a_|zc*2Xzln%(G+Jk#b9(48hoMbqnAoB>=STWvd~P}87Bx7Gd-U8Oojy7Tn`T_+ z%)$ikq-%2;v}f=w;cTiiv9B*{VpT?CsHf^XpdTI+AEzn}tzb{wna%yGXn6t3ajJ*$ z*u#?Q!z4hZ{!HRuh#TH<2Yy{a@y_vUnUCftU^{^nJ&9=5WuUjd8CZ$go;j*zk$?WDK zE;H(j=_;auhtpUIr+)*D5pf1AN}tm7Dd9E&e4 zMR3VxV*9yovo7;pgg!c!v^~gyi|w`nTuFqbZn?L{Ew#xmVk4^(W$c`|JFl9F(*nMj zCY}L8O5KZoQanbL@|h%@#&4NbJdB3wln3x+rjd_^-5 zq;4T(yyhd>@^p)x;}&@WOT53x?v;IEX%=aVPljj@{|OQsVH9xAGUI83=l6vK-(UVC z1jH-r88IFc%XnC>qZ_%8B?`qMU`PG=u;5O~5w~xO@k{?cyBz=Tmo0&eFpLaNRqJi% z`*C)$Fh5`vhZPV_qSZ#Lt1?tv>5#EwLJ`5^P>O3OXcoo`}#K>&9&X z$n}T(V_8)gq^{iC(*ALaiYCXW9tLD)Im4l=GMF@qZhGe>4pLslHRvmBs}g z%WjG1MOO1{mDvwyS{V(~swfuW(Bulp0kBe=lxK0ats9>cWv|T^D0`rQ<}$#d-IbKs zMt?D-MgIuz67TX#;0Xx?v1TvNUlmidg4_M#>qZY`4?p4_BNs8c2i1Uw-Qm zC4J@_`Cc>3C#+4dqs}K+3glrDc1wutn$KTG^oC-#=}EvMZRKwzuYWrd zMC@FE0_%T@1Z7>jIYx9o4x0pexC(goufPxP1qGe|vkE2IJS%*}q$ zf-eRy(@i(hwm5NBB6<>&UT@@8=oA-sXOrLC+arFr(Ybq#!&snEvg$hf7(V71{bg&j zxcy@unUp>Xb+l=$f=&4oP(F=DZ4vmGPkE8JH@c*CRi)a^nvO4xG-Z27j)wLXk8bg$ zyqB<~-=YYgztD&hOK@A$ErjY(7&tW|3s4|OD^)H9TOb@|L_k!=Cl4fbiA%aTc^s@T zjococQ;B3Gw`OYE&|nRL00~em=!jZ_S6MU&kkKF#$^?&Wva4xBHSBU z2Md0s5bZ*>B?2U{et)^dIpViWb*eovf@5(lhTpFQmevVd$3q7K zFFe2F9k7TgM>~FJ*_~5-&GqC2LZ3SsZx0a(;SoE7F|;~~O>I`<%Rl6ob(7*G)5Ec% zsspwl+oVI)v2PAwKQ_c|iF(%_9CTS9Hs@e@gT>&iy8dNdvBNw@kFC)$SghCQGxQ4a zr_9$H!>67AMv&s)miZk2TQ2z*bMXI2B>#})D>Xd4RTcmrw#+Pc%pTTYB9MZR;Az(I zyO1z>6*w@ts3NtEkMX>T-$vRUOi^>R%57{aZ5q|IaofVwBAb?XlUa+X8(g=Z7FK<> z)PXbC%-2mB3OI+`*N52lmNTv+-y@!*^$dp2`+j8*wUQ9zroEbPp~9TlvBO7-zj!IK zhYsevubFQ{dlX zxqc_|MHXU%41CU|dR9ahK-^s+@+HZiQr#_nPV@GqclD+Z(+9s9lX`>g!a$h9evbaO z6*BFgZ#a2HT?^ZViTpui^+B~Efc@+QZFPgm^`wvRMi+$e+=jPD2>F5C-xcuehWwl9 zx}BDj!n8vn{P%7PQAmJ0Q&>s>r`!%~h!Sk>1#Z=PyF>BY=b#KXZ9X+#i$d<*$`%=t zg_#mYla9pE!wMDK(4_MwfQ;QxOyfj~wF-2FTmfne8?0G>dZvuH_s>Mcv2Ib?1Ly=M2lgm{TvnK7f1mNG)pgDrC zMnUXjH=S}OV_a%!D66xc*}#lj@q?{GCYQN`I9^t}rAdw_zs9?65w)D1=HLNf$b_)i z>7J5Q$9+!ElN8Cb-cPDg+WR>Yys7CU9oa$y)a1CAX75VQ@yFXFX-lE z^sr2#IC?f+HCdfae!09pOQru1N`)qG+9!$?*gLXEuhX_Px*Q!v z6C7M1yOt#@7ot`%!Nlq6a&#_@)-tKq;a%UMpW9@t5sWbxN#(W1_n=;mm36w5Y~x@r<3?%2McW z{&2Oq-s3YNx5{F~qY(|z3*k9JW%pqj+tv%@%(_&Y$!=x1WQ8c*YZb>oO&C&ijV}g$ zY+SY4du0!F9j7fsFAqn^i(1%(A%AhSc9|+uo0u(9R$8mY{or%#Gwh%yl;-`}t4XRJ zC7e_Htu+J{XDE^P<`R^cveYGY_?h_%vt0~}I;Z?>Mmw(-kT3J>x)yoi*nifZ_ z@pD=OPsRSKjQCG;S~Ae!M6u9;)=QDPjmfahQdk;}OKIiQ4FbT3qJ#52H6>bOo@kL6 z+RAawZmap|h^Q=^tgKlt+X6fwc~VAsLaAQVIw{-=BE{#eByk=uc#hI1-)MzJRb;|M z=DhYPDbyb|os6<4t*Ek+ z1~U@w2NbLHUz}acoMvJ~VlyMO=qVJXA6rtXXgj(y6Kjw4HVN~>NgO=giWiKm?lJ0< zMagj~IRSG*xKzCrk*4S6ZD`nSx~*laD$?^7w3bC$Wrjs%YHTtnbTO2gG$=PSh3zo3 z(U+23Udj*-<6cE&s(0w7F^N7F-Pgy#YE6kOMPC{!p8K=&QI1G)Z z07b80Xini=Tjql?6|+_u?lY0jgp3R!m7^+$b>IqVW=(^hvDS0ESl@^A6MFe|*|u}V zSDjANJ07FLU4ydv1ulxtay1-FK;*3_4LNH2mz;tK^T`qI_8`x-ipvW8376HZ(RR&~ zsJTRQvzkG4H5F-%2s|#jl+|Anivb~fY?cRkl9GptH|9`RsEN`|n5Mx)Taa;HrbQtZK3!Mktb|JW0cBKtJs&OO4x6CQE%}MSY)%{}+k%^&y zkbXa6WiM@*CCGfV=`Fv2o_$BwWWPSBnxC1{j9f|cod{bUY|O%crEQ^T&MfL0Iuu9z zS*IH2P&6hXWyt>)Uh6!)?KG&S>kYTPU3fn8k(m>-iu%q_7Hv11s;1ep|MT5>@~cyE zl1=T?0jrlgqP~=y*h_g1V+q3v4w`}MjUT&Oe;MWPu4s^8bB?4t%aJ^R$sXw-q2aR) zEOmLTT+$QfQ*4s;at52WPVA$W)`3aWmgK8qhadW^bsdTFHXhffnaaT|eK5kVDUOs+ z&CF&&(n~z;7L6Wu6`Fg|q!Ed=KqTpK7xmn~x3ComU!(vYj(UtUQsjK~N8;J=X!h)K zikb*d4LS~0-$L%q>E25E0M@E4<=2)vFvp8lUlk#1;B2xgRNs0#BKO-Q+)RH*O!qMi|zrCOQ{Py*hn3h1I!BNkGl8-q;olfRs6!LAKe?KzlnJoJR|n1`90pzZ!UJz5d+F6e+I92%^XL z1~pjXGU5g?pr`3PpAKB=Am5n%u@<}JDUJ{hWe8a{ldPj%vu`_<&>UwZommum1%fgA z{Sz&%Fhg0t7?bsk;t#E;0Qn5%LdluQYFQC(EDIP~Bd_HK_nto=oOZ+|#fLL4OAN6p z2KJ`SZiH2h&OIHY1&-20l>=3>_GTn$&l_)>XV#5pxM&@z8sB^~L%IiXMZO3rwgRPh zXzB$*L6^W-jZmC76n#QVQeU5sHV4}qG5XY#iThmsc9~WkJ|4U!v{|jmWJ;AHIXh?( zP%w>LX#MgA_YGS{l8>;NP!_fdHv^N}h8Y^DJNbGJpEEK1q)m4Q7Ct07?^s9MNuw#R zkl(rl-I_hL-64I~cGeS_ww*yL%?4^VqSvghAKwyB`loNi*39;Ek;}H*mCh%~ppdp7 z46g0|bw@68`$ijgSM}?F-72UcN4ma|@|cfYut`O%ZYd$Is7n`uR`Hs$9xM^C8Eb23 zv49=rzg8Q2j zGf#C-1nV(84h&Nc0v*o5a`(iOxa%HpiH8^89cbLt?EP?;x+2d7GMcw0Gefpj!YZI( zOP@boq%mt<6XSmze4jZh++}>)ko@d>K^HEke(440h`qI0*2as(-sAQ|8UgHz<=VH% z{ty`qI64t*Md6g2RgK~?+qPxTfyd(vIbk?1@I*p7Yt;ftB*mLX!Q%;lYfr8G91{t* zaWBBL&Pw4PjPH_;k2;9zlunus$S8CPkw({5#sI)|NPyBX3TgCH2IUmBFxMVJvq!GQ z3h3yNr{pGVc^&6?F$Hcf?(#2=2Uhs(h5+ZZvC}u9(Cfm_ApAueEn@nxYEBQfP424! zeTe&DVRRh+LP5Gx$}LqjeT`1^-ohFqBo8FLIO`dqH4!K-@RSZqJ_Rw6$D+=u^EY~s z^7V37+K}B#Dk$_zv4bYEO!V4!U%T?+0_o`ksN176e~tTljDuG6BMf?P`K0P8;~L~= zK1BqkD${6;ezYXa!hY3zy{4ifBqobBWFpw3J9SvR^i_-fMDPmJ%Qy^wOSZRf;dm!O ztXx=wPDo)5>83jo83Jc%_i0|Qm9$Xs;vw&g7Sc4=fsO|c{`|=|Zo&^tCgH?ndp#k} zP{vSj{t!*$)BC#vLOQ)*-o%W;sGArUa1-#7hwGBHHBg(J(lz3#RL5qw_RwMQU+7B}<%3ugsL?C^ zBC}yI##?474i{QH#!YQIW+#dLf4J&V_u>m!LGMxqCxOGPL>4ns-;b9Mux>PKuNsFr zVB-&1XCAY`w4%RkZkD!p-DREBL$wqvmo9Oe&m|idb)epg7I-S)NA3vXxr;xIETD0= zKCRQ7;vXapz$|sX);o@$2mfu8F0~=qZ%*cMvOJzU^@uZ?U*`CgmJ_sgm zkgJ01@?KNz2)D0@yI#^a{55r>jTAe>z1>j(3PPL%ewiuxT8kHs3bGa-oWQo#9qg|IldeFUN-D^Pg(bhu>yS$AeL4)DLiTU)^0^ z<`=vGe_%MeHi*%uHkE20!LSF+v#uzO+y~^Vj^;#~ptC*_;@~dX^M!54pDdeC_tIls2$x_s(UQu}v2zzUFHuf)eTZQ0;-wBIjptKL z_3zR2G{c-}6S5db7Y_{icvOsp&RTHV<7#oj_cIxdETAViEU0BUQ1)t#2hJoi1Ucu! zKXOE{&h91t@C8qy%#*zx<0Z~D)oyonJR6&-2d>baypvI3EWK(xI1!{kz5xGw(Bvbb zG(?nkdn{kP%q`2?!uB3T?pzi7W=BlpI9I2%yGqg*=*Rp1{@bLwn5qw9k0H5D5iqBq zfj4y0c>ItqggP%=es&m!-+%am`oH)B1H-Y%G9-!(3zUI4M4*D`q0#*piXfp zq@Gr7GQ+q3%E-{v=Q_RyPvmYYx4U*jz6`pT;x|5&%#?m9B7_sY8QXXV1%M zcrb*XEXy&Q_vE_;7=7MIygjxwxqEE>Ky9s8#Omi${mJbujOPUl`EZUE0BvA8g*IJU zR*H-mWF~`=l+kaXqXl3IcKIRC4DiZ^-9FqxT}HdU=jUd(?$9g3pY&rH``hXd zU?BaslSjdSH-`Q-d@>cJVS5$ee>__>QoDnskhI=>Yd%v#1{V}$xTei*NPZ&ni7<28 z`NaEuSq&UzJyn$1*fcfnbB&=`t<`9$k6W*gA)4%zn7=Kd^gF&->7ex@lj|N?su4oO-NfpecA_#86`k!yM{M)aan6;h3e|g>hW6GZZp*Hx}lt0Qj5t=9{m6=$iP)Y)j(NKD2 z%ScY%pO~Tcs(Ibt4<_JG7~CwUTr%hm!_Z0Cd35}|{Bd))<_02Pd)6~ZhZLi^=&(lX zreodOe6~x_vm#$d<|kPKQAv=ysdhzXP@7?Vd-1HSe`+)%-%>xXS}WltL|H_i@$e?h zOhW6dM1CurE3Sn0#-T~!!UM>U-=A0lj`?>K3QvtldNoYYN}WoDfn$D7q*%vH<3J-9 zh3^+DkBfLFBK8LsRiZ!8ngTEXoc0mc3IX|xI##27$VUZ~vktj$4E~XHLg*^Wk7UeZ zn#Hj&3}wv7?WAmrwdZ7mLl1s3{LG_1to9=VV1#S#$E07z1`u}^ey>WIXZ?(pE$!zf zbv7Njv+TU?dnGN68x_mMnyk}kIez4MRLfS-24xD^*qO!Mss;3U98SxwXG8MZmrDMpj4fnmXAQil_pdMAzvOI2dRaJxf9C8| zP+-o+!wCvPZ^%>J?C2b}1>Fv?uacIhJ z>l1HJ2o&y5UQScZUYq)LhuYoUsz@(zGa9+Qb3iUCYg>?|HojD^HKp9aQO?L{gDfKxBRc{u0Ha%l~J(Srdf}Fm1PzU>}?U z)3yeALxAHdyY?XM*)!9Qs3v5<&tfs|1Yp&8Fe|`Kh<(6s*}T8|EtZY<9wq0*Ftg_U z_aN%&QM8e^)XiU2WBU)5pq8x!*jio{@sNiGon~`LM0csd!`Q1%O4fkDdSOMPl}9rZ zV}szWc(4x;fpS>dJ0RTrkFxQdrh)-jHjbBDK-%;kt!J}-g>;GW797Xiri%e8MuRZa zlt9HO)GvJxH!%y;uCBZpvMi%Qk+Fj|H445}V=!otzp&N;pTlu^qTLUr9`FC7?VW-w zU7L07F59+kyQ<5!ZQHhOtIM|CW!tvxF8?*>`o6tmtyp{hJ66OVCnMq=C*vUVdGgJ? z^SaSqd{|TLgU!*TG`ogcbcX&tF%rs6(_Q$EB-MXBxBtg49ukVOGXE)zlr$CRe87F)m4q35^FT8F63t|CF>kj$fEH5F*@THk6%GNvaO+F53L z7Dr`{ruEpWU@Wv8PDZ%9!G(I3NLuaV)6FdRXhETZL_iOnA^}q?}~#oH-joT6X`3c zh^bPYBw9vn$D%(2xIJ$t(Asvg5+K{KwpskP{Fz}Y9OGq!U2em2!ZDLt6{v2SDuz-x z7W0nK?^Xs)=)73q7VKm=WZ`ZF;GoEywZqbe{$Mk+r)>-&d0>G4NHl{6I+mzXPbsyt z9IRM~3A)t%@u-#J*kq#N=^(`@Y_lGd3$xNtA5j@{{EI(|8g#2ZBvmbbv4)bIk^1Wx zo1u_y8baGZvd}aroXNDh$=FsdRa^g>LF(Q3x36NI9mIClC*N*jH&QWryMwBK z(1@;LZ}7xY_pw*p7eD<_Lltujb(c=|FN|Nq)DdCWauHW@g^9*S`!7gByopHsY*i5H zM%X+DmIOas?Q^MN_+B$I`3Oav9(Z#I+rNPTYCyNL=OuD3GVz52RZ(j{v5eOlF=_T; z3Ng*_`1prg{2HQLkp}Q(tx}~fc$iiABQC+nOes?P;Bog57D={uYe7$qXJxU0^s7if zV&{J~hh!wv#6>f&8!Wdh;sE-{4>3f=>uJ*dj?GWCqDzh&!oK1k{1sG`Sh$CcigYIX z*Eu_6z`{}SEeFH-M>*L4I6J=Gm;duTUdj4fFbVHdY%4119}$pG{wwTI7#6-xu7H3X zqA)-_exLUwTZ_s5S~ zzhvlk`W*f>uPcMTzAk9Q5zVv-J;-^~E6ubfJtT!#?e88Z{NBr`wt#`OcU(|+!ufcW zh_mb&PTldXjITIH-#W?~%lVQC;h%#gh;&oJIJ)3!N$C-rKivzKIi<@axm77i)hlmf zieS~XIEQ!=IAYcnUEZg_E*vw}x~uZ*yAD;}+@D}|Vzow0Gkp-?NH25U?8wbz?-Eok z?Cus+0TdZi8PwOws)C

rF~y12z#?R$ag>nf-dX?*HRXMtYm1JbH+B3GNOp5`vxp)R}2e-t`&HzC7+ z(JLT9!dXlt>;&cB?i&fW=iWjDF-P`9U(C1vUH}*V(;>x5`Zr&c888`KkHI=DKTS` zNr7}fHS3`sY{v1j>qo_6sTq&!fbLw3QG<>$ZWPv+oWtCZrp+Sxc(g}$6Dwb@OjzQM z=4^>IF-{>(xw5Gi{M<&8;eg0imWG&foDxGr<{%NpMv|ugr;wb)BPV+<_B$x0?89C} z1}pAMN;~oB&~bd)k!uu!$Z&lAKAa4xt%10fwBX0Gme?vsqa}EpWc2LIbhA-WOPSYg zo%v?7NT`a~E!~?-B6iJclGcLQ{v{BPrJpG(VTP44taB%vLm*-GApfG4y``C4(SVL}n7A^U5Mr0!OKS|y=nlGP^%$*dd;>0hL-iDB45Rl9e~fi*&$x-lG&>=@KQDyDUz)$- zAP2MLjk4~|WYE4v&YFR6K?_#(Xu)N-%{%5$7ml`~AV46uB`VqRx-q#Ut&dKWzHzn0 zUA++~VM`XL+M84!WkWDdwje#3Pbv(Z9+i+bG&X2-O2GZeT)#a#L8_EXvC0%q+X?AR zL7NHqV1qk6IXD*~R>87Lt!%IPC8B{qmSG9lZm@Q(Xt-6z zn-0KwotSsqL#j}Fg0+F&Dtyt5syX7m$n^eMJ?E4Z!`Fr?Vfyh4g9mQZ|MP9U#X$2I zeE$0y=qmjaQe_TSMduCHOtPJJhoK8nB>_8?ds-=#(*-3?&9}}lG*`>Yb=rWcp}7gS zMi06eRmxmJhUz~XHG~s2_yaX~+BSGZ)kl+2SZ}H4f*k3jAAUPS7N@n&Tbd7O>ik2EfVP-CUmp zR0Wi?mLw9<;V?5P;`ZU$hBwV zv?vTfABVlr=8q51*1Muvf8ElvZ;!40%7CDsV7<>EyZMQwq6=G3yY0pgIN5sc(HMTU zlX0Ge$!ozLL6|>uW#-$4Lf13A;g&}x)W9>)!K8jhn(Ja7F2SEXd_W|9$Nfk1j<0`) zpa=y3F!ST!`40!d|MO`7e{bHUoGcy9{!`yhC}m@4^lw|KECnl>1z99->Z?=b@d;3J z0Z+aXYhMbW$YCl&s6NBGNVo-}h#cys=;>;y_T)hyqS(+m)7Q%w`fLxiNtDpA4yoy} zwv!{b>9e*TZ=VkcUBnHtQrF4@hgavlC6`{ce!g+pFrc`M0sd}`< z&)u#8-9@h*2p6vH8xF7F6J>bkN$Xt@TrF$o7>~|_*SIy8OIF7MnPcxuA#1AW=+osU zH>5x|xf059=5=WGYNdwlYbJERxo;GVU9;eix9?_sZ68%q!Z> z&R~(Q+5F4X(IU3ObnB55IV^c1A{wl*@GF@33xPHd@6C$HwO&}d`3yd+^=S$f*&ZjR zdeU5I!@=q)%vD~o0pfv%I(QgL{fS=eO(xnXHXyS}y2(iAf!NxvUJ`bww|?0Yun?`0 z=+OJ&Z+*nAJ-dk|8l4uf0>SYmgswjU*;(>aklg@hjk69C`uK-(as9uneZNT6;6x(| za{Rse20;>M4Cge(q{VZ@?jlBE_gm=jY@Q<9-;u+hO7Xq*3BAJ#?a+fZRFl0i{)oxt z0S9sOYG`S2j~tHi%rk8wF52k~SN;)mQ~?#lSPW$yx{=*LmtqsShbA*SEoUr7;2D*d zHe=X0Co4`j(IxT8$cQ5pXDp=RXB=x6bPLT~jG?8#%>5JwWLUcVXQ8&>UBdGI?4V|W z|EEIzZ&#=PF=fh12q@4g{kTCA3L4q}Gf?wi6K0Z5WY zUg{$89Rdg)(LNEMS*h7NVDW)msvb;$gwFg|G`Ew{6CK={I#s1oNBYYbvB#PTZ{ysO z5zcWY*N6RcOHaegWRB1GGnlWP=YbIT3lZmSzuy?QXCN6(F&)8PUZffgXX-;dJyD_= z`U3(==j~oxw*HQ60^MYFzF45Ij!UQCMIJ!aX!>HG}4;6&Z)P zKW12^wvD>mgksV&i zefzs@rS?jxZQauhl_{km%TnS1nu?3^v}*FGVDVxOwt+?DkQi3rr%L z*kW%Z_5OakA*)3|=Y1cZ&w8Z#>Wx-cm7l8nga1(~AFDu~`*Hpm@|svO9}-sIS0_CG z(OAJxIJ5_(!s+aR3>+=|@))AaY*AQ7vS5hYS66OPlw$IFRhP~3ydgFM$4atY4P8VI zI(Tt*>|ykq+w5SHfwb|sElm-g2KRGkO23*c7b#m&$|}~oY;2GzZAVhr2`O0nW|&Bx zllyHpmk`|_aG}h{2!a1t207;vWvt{#BPQ)$ns&y;KaZeE2pDk3tm=syyXBY_kE75mG@d>HtZbQiC%sKAjs8L#yb(wfi76UOcq?=Zq341xhU3i&OFQ`0k4!w* zvs;Q4g0>*dHn~J)@?yyL`OAj%_HzPv7q$x)q}ziH8)J~C=1)jb4lSkUGo7p@0X&u^ z9-8@{<}D`#l_q>#iM?&zK%eZK5SHg^f6)pT#_-t)&|z6ElYh4~BPZg56lu-@ag-JU z%`GrdePUj&zm@5T>Dtwt{74Bi70X#AL`Jexebl2VL_d{j92~r^3Y_hkmNj=n#u3gC zln&UFW-xd%gcfMapKqvtyoOXxaNqzx0HX=^KY`4Ddx!QPAS14)=kT8%!+)_eKM;fX z12NJFXkh_=Myq}`gAfK15|}oDh)0x#W8@QwMs%$vjM1T^8P^*Vhw>DC_k}oDp)8YI zJl)TSaKD^5Hf^044(9UpPqbY&(CoClteyOQx}oX$l^TRN0$^=EI{drO1p9P^ima_l zPfh&VthENu1(d?>@Qybe$NZHuTDsDlRP?inwf$BU_QL*^|J<`oPhh|RMu+b4wQ0YY zHlQh-#FgwMebX3i)aoAFdUcZw69()78XKhI@;3JvBKTse2_?~Wnsa&w_7= zba7ykCO+XAWTMVrD7afNAcB8aP1?=dJPR+`NdhUC!h{W9XM-BjCh8{^?XeX6Vzc3p z8)?`-{D@)lP_xF;vc0*($j-pQBqJpVvD4o!#=$2nH+GiZZPy(^%t^`CLxbHL2s~g~ zrwj^4C*iC7*20-r#06W#RW0MAJ9pJ0Ec477(|d{z>o;1`pVIgKjo;aIk`o#o#z9yS zZ)FFK(YqKmV0ZxPs#w8sEyPK_Zg{niWCD)Ln7`>I8wCR|Apu!hlwFmO{o)I#7g;d6 zjZT><`Zvej^9h0MGY}Zp3g@NFzf)Ni0^_MTgC!NF6@5BH^P((URjV&1+}Etv?CYx$ zL$$<(^2@sB>FiNU4Ms4q?P($=u z>r5n9+{}}rD$}ncP9EWB?T9&vZ#Us!%I4W66CJ@h@dBf?&Haop={aZ^9@O&)hf1JR zG$^8@>4%HNghGfE8p5csnM+L&tCl1BSdSKZX`LkJZR~gGbr!O?g(m1Cn`U*PyF{u( zJ}SQ!g%I!EuxyBM$WlOpI$~4JO&h^zaG|$Q`{a48R4PIC2fv`F3~k+iq+?kLQW)6} z%r#%5#xV`1Z6ir6O8Vza`7W+8G(nUxK6nM)lf!YiC$Y%e1v&P<-kQQa1W!0qH?!3K z5ux+x?@7aQ@s+dO{10!3kKC&F0C7=Xf^~CX|4@lR|R>VR^@P&N7SK z(m5Lw7=s$`xm`x}qA8*Ky@l$c{sz#&Fnr79h6by_sPr*v7CgY&av8RYXcG-g0SYt#`=HV#s5ED5}$)Los7P@ zk%8mCFihbe2K{JU3s6)RP)(XmkQBL%$ZC9xf{|f=h@+Gul@R(DY9+@L>ouH9Ut5MHBjs z)fyvIpFCItbU!tEApF1?x`A#}FSN8PT~`+**fc=p0x4t}1+70k1-%_dT%=qC$q>o{ zstvhZ$C0J9xP=t^F2B2rx^u;|OI)=5biK2^pQ~(!iZ-9QXhxUwIVquG_*NkT?rv5{CT7w!O}a4v&4Mq9phbQbkiVuhTt1s!b| zQkqwfTh0Bc*D>HCb)E$~rMXy`%Q`ym+veTrnp)s^6KQKgs;7$8h1$ZwL_Uq_`mMjx z&0d3i4W8Id@_N`dM(_EX2LK(pw8Fl`GK(K*Z694#KHG8pVZGh7`OT5|I}VJvYm>0+ zj8;wDTRw3)8PtQFRfP8|KW7<`9ikk1fjf~0biyPWe%wU9;6nubq$C=itxyp>pb>W7 z2jEh+BgFcZQU15`2z;Kg18{I0puea>-JkhGyzrV`^N9I;t&{vWn^3Gqi1uH$ENH2w zD2-szx{2kE59D%Zo8U|#1v+t@e2z?8PLZoKh=VFmqXv$+z_6!fTz-u$j}P4hayJ~s zF^$C;d{hz#>JwOAGjx$H;8`eo+K9#SC6U3#grte|FAB$G?tBFyR`W!MFN7|0)oJK-F~phc#^=!nj=Q*F#QOreME!bKT|FkI7_?9O8iJ<}J3*;by<_pG){;m&qH->(D4aHQJ;GVYQ@9!QOrl|I16`U^n%G zd_q=dMLnJMU|HNgMWaouKs)?kff_Mvgpy!35$<{hQ27c#)s_WMI9XHP|{Cw-_lDq>Ou|U@y^!$L3O86D4!eF}@ zqy!~&42B3loH>2<0;yeay9OD^9iuTS~kEqj5!$R_M6z&n`!6qgTphatZW zjd0og#O^uo$+F60u)FUKATlutLwIenh7{9GSVJBHTVwhTuZ?>Za0(CE}@`Rybb)y%STl@?2*l z*ba@3yF`qS4<4?tdy(Iha=%i=bR+P`=(*Xrc8kH57Is6V{3sOo&RNRDK*5L=nu+hhj7MXjh_Wdmv z#f493E@IfC(T1l_@@PT=Mby@J39(b zO8ba0BD}6SnGIELz-mo;HE7suH(E>b-+S&q)foHelW9^p~6+ptDNycW0UL*5q;Y(6^%V# z0)rK+;{L_jR&~ob>kHd2UTXv9O*o%DYf|-un2~P~mmEDW-51|pH<&nHciSI;l}LH= znGrFdbKw?@o|K{dnia~=U~8V5QPm0s7fhb~127oe=!4Ljh`mweJ!HNzWnT;BZ<6qQ zp2}MPi?erN4z1mqMOSRwwr$%^R&1}>wr$(CZQHi36(=X}hf{U$t-W{E{R^{3&GB^i z=x$qwUts>NAYcKlC@mm%T-WkbS>>;p!9oJc`?N4QIezHZu=$W7EYP5Kh|y-PWWF9i z=&Ia3KU4+gHQX+M(^>!kcj5KB;xAp;eJb|yy*+%)+ofN)bGIx_kEIsfxPy?MM7}nl zw=^VkO_;a~x32INNvk`s`&=*8!8agwsMQJyHxlfAHN6W0AI?2 zbIf1bf_1?sH)eD0|5`i5s}iO$PQn0X8xnJGAk1!1OL5W^@3qgPknbF>FS8C@V3Ew- zO8Lom7cjXOQh30~S>J?0Oh#TY{zX@ia#xsMxs|4zNt0pNIE%Wjm+^3!54~Pruz8f6 zh-hbwbB^EMK7E@^lBj6mxO%dqN~3qR9TWaKl)n@oxFjoqwp^%nFR+VA?AoN}pfV@v zY66sr3)@gqZ_6!~$}Jtbjst8kkdU&Lc)p31EvXww3@^!|pQIg-D0g$NlZPz??l(*} zW1GxsUZC?Zi-!S%NV|`37TF8$>?W@A8h)(IYm{;_a-@^Aa*@{HW3k9{l_WhKU3@F7 zD71)+UYRFD>Hrx80W`Lo5x=x%Q|un)<@FwV!H17zK-KzYadQ-BvvLQ_iu>Jv9n)?; zp;kWgpjhqrSDb8poZ#uaVC^tHeXKOv$@p0HoL(ueadl8vFij-aV$$~9VExaZl*c|{ z*sBl2U1#X5Trx_=4GFIGW|oy(Df^F26UvM9DOsELoc*JC6;tei-=XbeUx^e26a#sz zKj!9%B5J9lb$-3GMCqbEwn>u4`rsW#o0qjS?;{bh__$3o;;F`g4fhh0*RWkHkD_UE zDJxs-4Rt!6ds5~IC5*!e)^*N4{s*IOY+JkR-Eub;Lr)!xeS6S7C=bS8F(ZbM2V+^h z_FknA7NCa0Ahv!|^OCxw06WOlmZD1t8~2C4HEsIoRm~S|+QDg;7!W%Q22G|IpY>9l zhXhIT6O58E7LDrHR&3Pe9Jpd}c7d9guAFl#fBvp#{(Zs&BA$`x&}lHIG(PnWLW@o) zP`WZ*We1++C3Q1#4GxME7hlnyZ#4+&JsxFNl9cJj)}ZgD3b5n4B0d~09Jf_T$keTt zy*TC95+mClbBxEzwzzWPY}TuYZrQiuY~E|)+|D~i#o<$fr1pOGC6OG4>Y>eI_8I(U8w;5T<_Wor}DkkN0t6~poA&q-?anY&Z_h_Y6&nAc2s z7sIIL{E8-H`4Af6yQ3Sfi}pF7!1?Z5;LKLQRFTadbo@Y@fn1cMU=Bk*QUjpjn!m&T zDlzi#E?0{@MxfzREXhGlO(5fdq&8!qp7`7ExiX31AhGjX*uQ=T>sFN4Q=KkQY;$(- zsz^yP<#8dDjdiHS8iH$HW-Xa&X^U=Gg16y>?M1zmAS2kZGqmIdUP7gd`L1aG4p9kl zy(C4Cl)~Q(nIQEp@k0jiME2$$A}E0t^0tx|QY6kmep1Xh0tdG$tlvJ6wsS#Nljl!X z?ZhBzb#d^LI{HzJH!AExLS3AC9TVz`a2PE!0(#&1XlT~<@W$<{M)PqXYQP=!MY)Wy_MU!Lz zAj1P~w6un(vAL`5+#N+Js?Bz)qn5kbS|W8RZ+2vMb|v!$_W7QxM;d?eBT0cWol8;5 zQZ>^W-4(MNn#lTMa&lFEnw3`+69v1{Wu1{hTZyq!LN7<$*ddct4aSrqG}Cd#iGoOZNp1dZr#Hx z3#%2v!<*ZekrPeNwD}}!gh>P9=1TibVhP+#n2wqc4KJwYG(1ea6#KHcVC2&y9XyCScsV)jlS+SIbj(4 zp_~cR>H=LO!NOg4&91g`aUIq#gd8qF6%f+7LXkijYPz*NJmDY8F8$v^3w7G;2B5Lnxyav2h;7Qr@>YueLorQUlKQJ$IW6))chL$bKfR+M zW42ok!6)ODLy3GAh3i+IRzI0W1^ng+RDwGSUN(2M$bzg=`E$BPkoo0{wDbeWL%V_9GBClzME5u+IEDx6~fdG6;hXe zITL9E%YxIF{yR$&+|=&qQlPSky@tczA$V>w$m!}yY}Wpl>4<&Nc5Ix6K%K0y-+}eE zh=eJEQ3VA0lFi6)r8gA>?=EDu&Iq#|Po4{qfFlwnM72t502wS|Xv_VemGZu``?0L< z^FpaKNYx!}XT~|pe85eg$JmiHp2p3CifREBdwLMApfjEv#l)mam_d{O?7PYXfWc{i zN&`?Uq?+j`X3%Yy?xZh@VJ*cST7~Cd_uyZ6_cFS^aPL=QKW#GD`8|GTZBbNIt2QQh zhC4d>Ur^eg5V1bRH^!TfC`mv0ot}Pe_r!mN$Upi1dFOuBjwAd0biD=qTb=hmBVHAU ze^fIE2NxTAqyGoy{qL7@I9|N9nF0 zjB(?`L4E`*Eyt>D?UDX$RAp7|TAs!;Ga5QfBO?B4bi zACX+YBb>M;87^dSQg-BE#2;4pa}>NlLbVtmTwGfchYoxzo@5G$zXmM#WOnFsB+q0I z7?P2PL*c9lJ|1hWm4)Zdu(hNowlq z^@t_pHd*Bw`uJLT5%(A`QWYDFkXvIP(I9WItC2UC^=R2e*$=9nJn<__j*bO6f;X@ur2KuB^bP^e=@$B?h)_ zTDDLq3niZeS4NKTdZ=#;hRN8vx&{qfYJU8@f?MUAt#K?Sl}$6hDw%#1Tg&d~8Q z(C18RqdUod*nG%zxE}lZ{Ak$$=nTfofFD3X(MC_HDDtbi(d3p>+_(@>#o@aLc!aw4tKT%aiHYX zCl{}PZ!Ot}XM{XPNrkM3R!I4gSE|aWbr0Kzt|EDHT#K_fCT8I$GrXVef)^-8CQj8y z>`|qwP0<{bf!P zJr*UPf{zo;Bf>nbWnI}`Gf9XMMs}B>pQYP$kwi%lg16MXMzRUJ4W;}>U<6HP{}gK*knT_}pvz5y;h!n={en3;Kfa&`NM z7hFr%HKKoE#GFH<5oX~C)lU>v*iV3kvKacRiT}(Z1&unSgpJhIo>mIev2yG%Mx9Vh z*vNC7^R>5;e0lSCEW~4APRr88MI`xwQ1-K^})RLB%)oV}#t0x~N$yjUXt6Kn8n)NDYt0kK=+{2Bs& zoxc3w_uqu`n2@f$wueOn5>oCaQLbs7(jp|p(C=(WU8!tUjh&t5{b6H|L+&h|ks;7r z?uO5qomtUo&e8)!o`iJY$^)jqP0ZFJ3-pmw(A&SI)+k=I2GCv<0lkN8^&HHMq{kUn zZdtnXdX*Q@@3?j3Z>xfDZo8B}{PxDbAJrW2Hd1}aX9>T26=)%upjy7}Q>wAQ*f;*~f%XDFu zL08`}!Aluz#|eYG?yABI>uN9wMTqw~uT2Udzm+!13C_7U=>uaf$9|;f(Y>+J+N(=Cwlyi$j zoYmhD!(%(q>@eTWT%x9lnAynQa(*CEsT4G~z#$sq5`n-$_3bJ@(tIQ8X^A#gRvZLq zF3{dNyS9Q@EZM10g)CqL?_0b@Zo`p^u&Gq3uE@Y29|TE=C=q6DxsUKsrBWmyp}9Un z=a0a<=u=&EtsvHp@GPU+il(+u)G|?}3u{c!aI>PaP#%(>Sjo!2JVG1tUin1p3cCGY zd8aeqiK=tF8weyKj7D;E3jKa4_Jo*<68uGT#Lo@vks#r*B6g$t@T}GYL)vdEqy0o- zc=On#fG%Ul#BmiV%9MdAcbu{aTdaa^KqX=K`jB%Nof3WLgc$_!B0r)J%luEMY(c{V zvAMt@M?3P5Lm*;U>D|_^5GIhpKZ1E)cR<4$x9X_4H+cCQItw{4fU1%25q+wW zkNFlkB*N7=s4B2bCU7lodOO6Qq`lJj)0Lm(mc9^~3P?5d@h4!$)`@X)@0DK5iKeO% z7ph{HF?x>rnc=M-r|=bg3JT`D=bwjxpc#n{-;b|L^XCZcU;nvT|Kp$g|9b%TKirq9 zrV_RY@|U~IXzhe;oMkA4L0~Jj6sagutfs#>w2?EC`XGGG0DBXck#lf56pD9vcSX${ zW1ayui=3+ZSAHU9Pc{j#eVK-0w_^^k$6MwNSIXJv!%mJ5h%KrKs#U5Y!&YP(wPLDO zABfhU;mq*odU=K%0krLu34d-Ki$1Vc>J$+asrzdb6j9JE^0A}xa7#*FWceQ}O|x(F zshczXO}f5W2%wb-wu%*NW$F@&|Vv{qeG7|Y=7{1a|tnP~)M`=}6h2t>!+Y?(3F%)jDb zqW$)JVK$@yQ)kEyhV2&O%I0T!+Np1c%DDsme z8Y+|H4q= z>~%1|kM$1r^!p!RDOKJ&E9bwNe~(2YO#|vom&!4cFExP+T*sC_R~f@RoxB2I%~P_e zs>YV+Z#i=^Sb60r9LMVe@Z%R4vey8@CZ`8}J+HXFfk4i0jy!O|2l36i)*kk1>M#=~BobVG7RnPYfvW4kBBeAGf(2x~BP74Ou=M*{*AFLN^8RUbt zK{5|-zS-TRZ7VQ)15-yiQHlJHQb0k%fg`}ZUqRlMVVBKMd1o*GRKTL`bDL{@~~Fm-25-VE-9k{0knPnDKw{g^Udn1H6~4AZsAMRGw#I^L}sM zk*@-Ya$asZxi7!QZY?>O^|Z;VQ+plBM%d|0S*!hC;GiGgES`$fa#-N6r}+VQ-tEpc zHp86k&o>x7xDD-}&)fG2j0J%U-l%I5(_b}#OuI`J)x$okmt`j zG@(w8G2aHc%(H&ckjcUEdGwqAx)6y)tzNM>R^3)>D<-XG9-i$XX|kS~=%$I~b87}L zYyM4dkvaS`hAQ?&q^@^(CpWD{`Y6W_ko$98~o~*=EKHO?SQ*(dS-8f)TfM|Wu=!_R%Z}ETkjTnu7JcV z0@?uu=7-Ts_3J0|%fT4CoW4KG*ktmYaSgVHP z#_sQd57aa`w9|NX531i$u0U*cs3Ke8b5@lNR(r75`dA8{`GR9|BuT>%GgcmN7OR@=Wg@A2O&uvLJwQb?aSwip8v)H^wg|@NFax);XARsZozHLzIFNi&Q9&%WU`0#!9GXyj7 zbY|pq#N43b#O)x(Tr2+1?Tk3)4vn>N`7i)gA`YXic5vHiu(Nea{Ib|-Xtl{ zO1rX`--Y&R{Shj(&vPb!h4ASR@T5?5jteN=2Y{BwzVjmnFYS}mLQf=|3vjSQLa#Q z${bx$c2(ZO2GuCJm5i@ccm|Aj055D&-YBpa+IGeCKO*7b9Dv^06^wg$Esnnrj>u55 zm3QiPvO>tf`TBcT+cu1YfnbLycdvR=Vb$D%#TkThAAHfzIS53tU zP2qIOSVisG-s}NYb$AT4=xy&fOY&8%kUSppYp+U=Bmg~07s-?v4KF5`v}BKBg0SAy zv!dy(*Y|YccV*J?*nKuzb^XLDPAz+n{I2%E+8=9eOBqwCYswhgN(>ipSJ&h=cQgul zk917gPN5H+FDuPHU0$$bXeQe_*5e*f-b$8)Tg;LqQ53T4x?Vif_v#f-cfue_ml>Iw zYgaX7{!=_ZOk=_gp!73D3|q|6BU62(T?^l*q3jHY5;EO>HDIFV$L?s@tWi{cqz zPvpsBY0ZaL$PrF5FQLyP1@Hz)g5{dj3|7>Q0I8RDe*l}rFpclqp z7mXA}(;rDG^cAY7r9}V>jF}o}#^R{ai($NezwrDypUZRh5*94KMF`?T;Vr*qIMjbw zD`hYkM!KE1FV`K<-$D*H`lGCUL`@9r-hk@vBxODEG6V7(g?^ z{jZQnr0G7s?$B}?%Oy2#+OQz|BH+}0(hRNylZwD{D!OscJyNwV?HVL zZ{qyMxxj$8dPH9mo}ke{D$z$*4Phes6j8VQ0C#Q(5f4y0ojp5K{Alf_yq={ z$WS$+|vbjg0qb$Kg#GFWkbS8zS<+P>Grtj}jjR;(%YI^$MksxW>Xqc48 zWlnBbC#pPUf^~6`O&4bb1dB^4S2+k*xsB`sj!@-d>`5|WFj8CgrYRLD8_eVI7L$-A zlF|Dy#@#5+5xpYjb1$sk8N*$kT>BU2cU5)MUXWre(RF56n9mQtFhhm|j4U2;-e}7c zcQH)YwQ{GOn^}Wg*vNw9iX*DzPZNiQ2seMkmUI-{W%jYs^c9^pG)wM&7yRCb18dBD z?8F0zvv-k@DkYIx1#Aj`%o2>Q*+uq=T^Ef;gq1z(Ohd`b12LLt!q9wK!(Stq#6EX@ zjj&V+b~s5N{7lrEFX|vkgb6asKc!>&k~d{M`Y9GcGiIL2Vl3SWJFpuCWqa$cJGb16 z(v~NQ(2m{c)M_r$$0ZG0=y{! zLVfq+jW@aU$iIM3{zj(jOW<$=Jq7%tGRqX9P8X$46}VWM`m-Jj&NGPIsS#zez8uFG z;7%CF2?T0FSt{lKI<(BF(iM~+jXMj1a?;X|EsbUB@6KpexKPI2T9aAx>!dI$iAWlS zW6r!-F-)4qqQ*4N1vGT0xd3_sl%w}3+=QNlsva?!OJPIg9;r5$vkjA=Q~WFn~} zY+%1BsECXFo-{Q@`FYvt8XbC~%z;%4aPihFo1~j)Mz_B1 z9eK~uxEQ`2^QLu{kL0CNN2&lD(s*Z(ls5!D^4%Z(6?do0KzAM)5S#MXQ1_=e1ZDiZ z#m?Ai9(l+S&ZryKd5koX-jzhL$ux{5X_@CWm1&y$T#^`0RNd9Qwk`fE(@GROKG~Hp`{+hG*;ixCH z8G`KSvf`1lx)qu=o*6z7suuU2zqG2Dw={cC6L?-hHBT1a1X~ob?PNAYB23ga6#M(G ztHsHxL67h`^!RBt{x&MGX%8u&dX)5X?2uPx+Q9S$K-b9@*0J^rhUp}dgFT|5`)A%13}SU#;L?b|Zee@UoMeVLsqK3@;D zxi^|)$e<^i!FttP1*%3xUPN~4fkgNT@FML4(|>u-6a&G{90f+fKQ)+vGXF=li?-t$ zrWk1jIzSkC0Uvf@AHHCaZq{}`hXA~mT`ZG)8?UQptY{U{{nh>{Z!R+h3ZFJN+A zpeE#$DsV+z$a-{^2M6UNL8EYGl~z zW=wQ7+>o7KnC$_ehf!7RGRxIR!0+82u?<4S8Y_7N3cYXh8^)2XOYDON%I0~ttF{uI zzB6STjAlD#?MRs!WSBPSTItj~2p3=V6o}GGet*AM=MA1m{G|4R;H@@DPyykEuK!JY zfjp2KF*ufO7smAuapE}ydeySDy!j~Ft;~GBI6qEFJ%a`|WjFtXAPInz{|5ohE|i%) zWA5r~k}{|y;1EE|J0eY3E1;xnWHMy8ZymETs4Z~cAv6hjuhT8}@0h-R!I2~+)XXHtWw7-O3 ze0j4cyRt#NHM3~QZ-k9)_@3`Y6lU%uf~ck4PoeoyR%m8bJ_$SxW7!m0g;NOM$#&(f+ya_h@TN%w2n>>= zNVlyP<)mehgcT`>s^|SlUseDu7v?eG*+p{G!lSUO{IjlTjGlO%D}diPAj3Sj5dfD5 zz3d=?4UTx;*C8W#v2(W2xIEyvJ#xCiC9;#9eFhsbpjIs>&Hx2`xi!Di*q3HSCfj-) zpm@T}Yy%!R-za&E-|bM^yn#rN-v;g}epwhFtof%rE; zLT1-V0v|We6Z1sPK}OO^4g?BPMsk294d;!LxDS^%e84Xv8{cPMiS_t&O*n-)%gtuT zo&YAjvQ5EKjgTMKh@~>)FYySjQ4S8OorxNK>L@743q6B$CaL1!*IAe_HU{3%W6e zC?cn~dL|Fo6St%L7g0~BHk!Ob4>7@c$g5P}CnNs7`1Q=Z!|m{|7anP!$d*daccjiO zqMa}0;}H%BlChREa85BF(HSYe>;juvwxVf>jE9_!>sq5OUkuAD5H4@kSks{l!j7IN zDhuV)A?F~S{u^EXu9P#B4yfy469O}Zq8umf_lAr&T- z3hjX6TDvjV_Ai~=l|~EL1EB_eh3n6i>n4;SAA5#$Tb@kQ=|$3)*u+PRkWygxA>>(R zTANp37F>(JKQ!j8`*=pmX6C%98>4W#4f@RQFp0Lv&RXH%yJ=1hNt{PXue5C_?7^?L z_smc_9UymM+e5YczB3Zjio!*Y>g*8Z$a?gIE!pH{^n@NvO67W>pd6COcLR>A#l7w% z{{^ix<(LNWf$67Tcw;X#SrBOY7Vk-kg@eE&9jH5oTnP8+< zT7_BH(Yy0{^NSj?Y_{AWr2ut+E^~7!JaE&XgXR1biHRePW(7iGc4gSD2Ea5#=JVD+ zcLD>Q|4?c;p84G-Df(qu`{Y5+QM14j+ZpE_>i+67U!RryX9M@nWQ}Oso4ksq0IO(= z_SP)FXNb3@k(IpMl!0<4rWk+75Q7p6?dw|{_@S~(nlBmP`}rI09}1=072Ea*{-+v^ z_}@_|O8=2U`B%i6h?T9Q+rPRWu2NR8L=u4i`itl=hGB)-RMlj$XqKStA)ykkDr`=L zB1feP#A`i$RDWlWcFmgSh5Q}suc&Yf_EIpoW?8DINghJiz~sQRGdRxB-z48UU*EuwproC#niV5Ci~jyn=QQMoq{X9v_gOgi z@^|ZicsY)T%uD})B#aGwRVoyEs6+riUnOUxF1L5e zF-aw+x1?I8&Xk_JoP&pV-x)vg^EjyibAGBiUcXk+WwX|1WB~tlS;YcA!i<>EBVf@> z8L(mVlQ=l7U{`w6Aanti;|N#-f@|1WDFSt%Ymt5NSd~3e>rU7L@+3M`YjF$B4zeVI zJuH726{CD4jTlIJRfKtN-dqZL=9}sYx+oAc2Q0g5?F>TZTeO`DR)`MoSWA|}CRkcV z$%RdYH*QE`cCXd(CZmqZVbfiqRuV4xFr+2+>u{+JAJTLL2Bf*CH190j*h%BodF(MNSj?8 zht^Xzv+O@{G)7VFbw`t84>FNrFF8pVESz?UDb>0eWUH2-mq z|F1LYzj?qZWhC`4*cj zB-+;+t|MJ4Pfvj$)R*XA>5m=Ie#y1ARFzH-1Zp*87pPX-b_11@cT#q{+xJ0a?-`s*m0pj^ZlK=*EBXF}M2;o~~yB$R2SZQ>j-&cIX zGb7EB%yB@RIH`jEsuD)FSO@6C#Kn5@DRTM{>Ycewi5!m9AS-r6iD@G;n}lZ&)brh3 zgPg*yk+B_v(lR@gge&$0*`#S;@^UDSAupR4Nc#k2)AS;vzurN8KVQhBylMv-Q$#5=#`m4N zBOtfZH!6j$v=a$L#B<2;y1pJZaJ?sw5j2R=Bf^nDuY$kWoeM!U?hN$+Yo~^<;#H~jV#%lS z23qo4Di7i6a*~Xm)mtglcAlz5ogMD`u)>H#h72cp_IK&)@ptWxxhxr!NQ{hJGYD3r zRBSb8WHzOp&wvheD%zc{N8vS?N@FQ0`{M||BoM_(*tUWw@Df{R(=zD`&_N2 zhr^HLjeolK_UMj+zy=hY@z)qZBnb(wQhoplQuMp$6-G!FESY0NkBtq%UH%=*>zo=5S?W~q;5w!YQSA}MhBKG~Q%-Icq2ny> zPMv;iX^-1p!>(1BmZXLFMuN3F5Xg78bvAI`rkoHedA(5cA za-bHEiebOEN5CK-{~j`vm-aNH`2PCLi~c9%&DqNsf&A3+jmM-t_#$XH^J*GXL3bHY z$pF4dAH2ec#0d*M5Ay!PQp8_^>UX1m@OiPyRPXX0vBK=aHd{$CT4h@89NQIPH2j6) zlw-MNHw7l!^hDgSeo1<_OZK84lH1T1=)&U9fHJ8I}&+Mbkp3E%E92u+qxNOFdncF>nxE;Z3#xb8t)UrP<#%Yz_9(6$X+ihTiW;KOT8c44OeP57C> zwgo2#i##6;JAJBclM4Z2w-#e5t93;?bhx>Bgli{WqOpNZFU@@nQ9rl*rq7 zc&Yj$3#OdhI^voVx2_}F1;>;#+Z6Q!***qt#gkIv0O0r_AHh$L1UwZ;IdQPKIHN5A zY3Mi3WfVd*-{JR$b*Dmu7r6G}2sXRiR2e#g2iEYRN?JA#wOVrvkc^UKJF&mhB!4LG z6Q=Cd`dBg!X)#BxZK<14j*9%CL<;%vfqq!$0lO5$hynY zJ2$Ypi(o?dE>H;aj4r?w-55P-tpR(K<;m^b?aI)%>WS_!aE0Ou2YE#tYK_EMiHpd4 zu|u*TUiWX1jRp zW|(G2#;$oOd&!qL zNz%}fAhqfsK2^pRH(kaSf3w&9m-x!q+Fl~A=v_noe5UN~lY^!1oAWy6UdK|i1^a>KCcwH6+~@RAahgb8GuV>A@cR8++xS})!W38N>NX)|n8 zC{tTyBCarQ!kgGSuAI0*!ksx&DfNo3RY$yy)FU=AaR=sx@Kqzu%p-dkiHRBe`N zDDpYF2A@wwOLRwAKi3B$D28mE0)b@%FOH!$(oYVe0E#P?DArZ8Pp9Y+6KbC$n|p>& zj&9TzZ&y9JEWO{&;%1P?6%)5Pm04sRRn>g*JkM($|{2#f-9g4+A3#LS(>^ z2|p-_)Vbjs$H?^1oB3m5lA3jsGXnr%D6DRe1@8_r#dg zhLIaz8qf&dh#x;83Y<_pwvoVBINldp3WyRmA;n0Kk!iAjxxC7Gg?1gqqRL7|<0@Y@ zez9>L#qwE3v!lhi;XS{p3H)=$tD#eZl)&@pV8Y9V#C`L0>A1qtdp)8xt{#5_83a3q+0RKr(1z1C!Im1h za7u>DJuRE=)XJ%6Rqu6j(*>}Xyt_xBsJQzUEh|W^7-*OE^+9dK^SDb6GXlV+i$kIz zAiT?iw=8&iAu~mqRLAQtyu>{MHoRjZM$e*09g^M^s8JZsozr5g4-0`u%q*MvSCcH= zi{dQqnW375n~Ng10A?FUCA6NgA)Dl^7Vvz{BDVmx+Fl%?}-3$}U4%?;PnJ0;ZdkG%lwv--sJ~rF1%nJ22yOA=#Vx z{+Npo1hy@5(e60D@&_;4?wuh#hXtAC#SsyQoY>=pdG6hPu&u@3l(Uc62-%J^)vv_b z$J$5PQ|?}6Cu3^F4K!G5@uK~)<=>5Dn;EjeN_D^qbEr}2Vaww5Y0L@ID3$>xKGf|^ zbo!tjD_}yt9FxkJiXN#J8-`)q!(FJ&!(Cu+0bM4{OQ`~Q^hjX7Qhn71_QL*RwHUGj z?&Job0wLxCcFP*+S!X)3-cg-8gbF(Akgq8?a4Wy0)~ksg1KmzoIBucE<` zq{5lDO{>^+I4q#xRUFY4jsYV~I8maR1?%!02?`cZL zpbXdd1c}4I4IDgM@i=esSg%~pU=%Z~YSp7nKp-MR5NoKlG?g??&kI3fYW5OIImKor*00D#$O zqGwM{Pl)+8IP$Mka8Uwj!W>sAML@SX@X@L;M@AONWj_C16jIqXJ>po5jV@csPX2;Y zvE7JKWD)qB8a|moB{BMWtc6zvBN})d5;mogZ-M$$Ofq$&#ILmFY_`Aos*XbnrPz@q zvBOQ;Rp5(W$9sj9Rd5sP$K$Y0?gA$XoIbKAGZ!BqSv{o>DUM%^@xq+jFe@|rS~;Ol zHaaVPjn;(}4$3nDcUOv3Aeu5`L`wE+;;u^FfBMRo7%hJhmj1OR6;P*{yT0lZ|J~Y9 zsD6x>1wS&G?#4OY+O&nSGlvFT79SYa%!ml(yiwHbi#dYofn20rMX0CFZL?JW@{^q= z>0TIli)y=o8dajSY6bdkSIu4cKv9~vlAKLDnVoBxWPYtj9=PpKf~GsU$cjLgt_L^| z3y{YJFGVJZ;p721OO4tL?T)vlKg;u&DrO)(vx}ArMuWZ{W`IcIFlB=g|3!sCh8K13>0O^N_e`EWA(NKAnTH;j zFF3w}2Pn|*6uF8*#PftAwAaW!(>b%kx@z;)>Lm1ZpiDDaA*vjUd&rMhie(hGh}NeDehut6)|nr{lqB z;YAj=u4WNJ6FOf-ac|bpG$M!DbVv4ink7jgOM1+xBG0qJv!BjpT{-GKrMqh(&{H|F zqI{5S(wsaMa~*RNjCBxtoYt(U2o+EFtlfveSa)LkRV$DUEnF$Kcp?TSw5MUim39AD@EZ_$LGQlyhp_V?N+C$D+gk%b$&JZy{ro*eBu>p6;6sg zDh*|PP_Ljtzthv}l4U+ts&*<#8TB z2B^5vN>sRfl9Xv%(zL#lf*Nf&SvdlcJhr?cKwG7)eVNP%o3nN@XE*Wq z(bdh(FZ?&AjU#Wg2S@qm06?->_Ak zheBT{!-+sNTw>^_aiPe^Z{jN3gzK5Wvj$y4>|8P z-h+)h)6xTbD}B}HYicRxh1X2Iy(V)Sq^Qtw=%TtUe&ikJZ+#xoGDyB}qrKaeQKI=x z2X2!*4a|q6L3gAymuWQiVyNLk0`y{J?r{k}(CuMQ;|XjhXU_O*jasLRWBy+0BE7i6PR1kXR0Vy7cX0nNyXBb!u^H8(1?BBOeAYocfSGJ^_Uw~AdY-alx*6YM6zsYN+qP}nwlm`y zJ2SRz+jdU&xAw08Kc{N1T2<$M+>Bnm^|!rx9;1!p^^3~7IxgsAcYF*Bm1$5KPAE?1B_@}h1wL8(T7~)p-%;< zCe&&}(h|dUgqR5HE_rOr%${(|JEtcyt0){ZawOzn7UU((-f%PHLU4gf=lxeW(d>E=fRfpY3HEFspj0hAevG3?-&3=*Wz{u4*b2upNMU`U>ggO(2tqkXzcnOTLv(VPiQF%Z5*;h`c(Vokb~; zRX&pQ1i<-)a!qJiDbO~*|KTi~m2C#;4TT5hwKk+cZpNSSE+M*jo?JS}p0Si58t8x< zns3qhtx+~^#4UXqh?h%&5cwp#WK`scob7mI;?}RgFxBikI-_~lDg&||E5D6!m%>pi z@a-;8)6|pa^g%RJ&@M2;mcp=<0Caku;Z?(vS*VafsE^{v9pCIlk>wQ*3(ah5h3wQx zgf%T@!&@w2GUaYwh7`fg6sZ1BbF*#yQ4W3$s*xnXTBl!RU>p3F8=p#V*?oXo#{Juv z_Kr#{6n8;7Y^PaoSnT!C+8eU6Ds*0kCLjNO7WPeXRQrqz{9GV1bIH_s9ZGlIXvC_8 zOv%=q67%T!Ln_=%AYGQp?+~jx3Jn= zS_%RdwW_0_^+d?kkoJk~M6fMKbs=5vC3f#o5gkwzGP@bzJO#OzctymtJd?M0*|75) zlq;XC-emBB0)L0H_!4aVH^?G?Yo=18CNHq^`oRq+SoszCYiM~lq=WjRGN*7<30sN8 zG@wRKR2o+tRW*%;W4=!N#%Y`IH#N;U<=>Mz{Tmq4uWf8riiU*h9g?0dUTK=Da`8}{F*FaAa7caQ7L1gAEJR&v^ zM#cwu_?*76_@AJGug8)_JTvc%>|@LRV#8BVJ8z^9N}xJE(5=|{s)E~qqGdG2KSYO* zgzTd@|1BN=Esz*3ua*EZtJ)K(Xv7jUz`LA;KD_kUjczvJIQ zGam?L`iO%TlpctvaM|Gq$E54#<`&IUo#E!kYC>0o78VYA-4_)ywa;Df)oJ-;L)A)E z;T4>ckaN;lPIJ?|9sw;mBvH|81KRWlmrCdMnYSBQ8yFWeb;ue*7xmzeRegOzmS6d& zGO~8$h5dr-`~nrfql53%(hu#Fh5W)8^F&yEVl_|n*dg-DbRO)^N`A%b$;}IJCNYVS z*?*#&QkGn4*UDe2E^s>FM;fwRM9j+-Tp+njeZYjZ123%UZ*c*j4!4JxfHw7AxCxXQ zMvjkogrW(w$elfm!^*#5WQL(t#!2%*$FwI?vs1jfa*!<7K@3`392N_BmYg9Y)2{Z+32xr7OaRp-ncN)$PA*R; zP~T*b-t6Lm^T=-80zVTQ3a-CZQ)95U$|Byutp-2C!oE<0lfMZY9xhb@Gv~P?qnj(un=9zT9h3SeOqKAx#R1i3Ps5o;kAL~r8tM+a zJ(sQ+%iVU$)ua(v^BcC#Q-64S?mC~0PDh|ejblNKu8gmjOA;|PYL~z-v?i!rqFcc4 zZ!DJbbrz)<-nhm)I`@ezs_`(R0Bf-<_@zg?Y*~*E&27Obd{xGL0el_hcz?#T^Fone zIUns8CT8JPXI{Gqa;JZGr~O9KU&yWxWZa}8&rH&O@TG7(o_BDHS&e0S;n98Nhzu0Q9r}_EZg8;E9SLb+IR$?H zqFf=M$gSOB^8|lmp<@U^F@T%fP9#`C@u#uU{#-Q!WJRkWwW&YnB&lI1p&tn~fACup zrql>CSq1ejnd7(+WU>%tw9Hw+&1vjPbhiW~d_i&cXxkCDv)t3>444Q9fMd=tfQA+u zW5<>0B$QTTa#3v9j+wn1<_Icvc?C(6j8tDOG)wM_f7$PuxvT=Tnw?h3q=5-;I_BgV zOWu6;I~)D--dj|p={Z7IfuEP*=-RM8J;a>0nq4qKy>Cwf@cCrWWRQl{n0Z4ou4RLn z!7>4FxBGK_*U8cGn3@FZVV6bHmRl==yC!q!jYG4~b5n&dxYD?(^>l2!9f$3bmgvJL zr{bU}>Z4uLNTNxe6s`e=!@Qc*`~e>jJt5ccb>Ob?S0>h=y{WQ!>mCi=Eq)8?olqI< z#71|RB9kQJ<#Kp*{vf$P3bt!12_8rWvb6>*(lXm|kwXG4fb~|Fau>p|G|$u_`e?7J zX2^}9JIx-*A*pe2A~IWs#Q1=&n_r?dQC zS{X*$1+xiAtt-C5a&sjCl2|zLmxs4Ag)UPe$}v%q)Xy}Cp8o-#CsSP2{`p0ggKD@n z<`lHW@m?f9vtG*2{p4~cA9&j>aGbIPa1QPEQq#p^^+K1+7suMY zTz@erNCjMtd!;;US_OO=n;A!&Oc{58ataseB7c!2xp|I9Lj7bwk{1i!OYu5Vw{Ijv z7Bixl%Gr8JsV@0)n5b`$h#;(DZF5=i!X}Db>X9q(Tb-h!1&IMuf^_q|xE&8}j@Sn$ z%AOu0vRhf>r5M1qI9Gf#+hBpTRkE9cUJ$_<%#g58xZL-}uqs(%&h`@!O*%D!lzP(e zUe(n0A#La{W&!F%(u3=I^th*2R2?f`-p*yQ5zgo(JKjmcXBKG`{4d-BSMIdGb}tY! zj&-uF?|wnth98}5@rdvR2}1kSvVG(#v+7p+F4D`{$G*WSt39E^2eHPg#CvSWos9DP z+qvcU=Pvy0f8$m|O-lPKlRBZ=ke2V>0ITRW)Nfw381TD>DXu;P{V8Rg4n2$fSnljOe|4C2nt_D=t5#Jf2DA3t5S%BCHb2*P*F(rtPGWpt|KcX+uPL{sP0lgAztDJe5Rk<2kvp&v?MU$4w*z<~={i_k7D)?8 zixM479ZWqruag&B+ut9zWd0c5rh5>k(lGmz1gTq!{p+M#e>*JQrw2Sb?F`YJNNLM= zxoIgM6BX$w9)U}ys9ba<@Gx7gccA`C3U`w1DWdS+Sb>yb53;y1K^0E>OmA-d_F_Sl zeD?Gz_|xy2s;^umA88}OuCevd+-bvxGAEPRTdh1+@`RfOJMmgTM~8%V@j3a%$JQe_ zl3e&67*F$Fpl-Qz9q|(DMz@o)>!|z~h)VaAvZXOG0?S7b?L324VohvQXL>P8Zi-eD zLV$;$-gQRUZdoH37eSSZ2{v*s^kR;&a<;1(vw%ITfrV*KyIyYM&zSN4t0t zc4{FbVCf|ZJ8zjzApLMGK~JT?R1;a*eHEwkeyj|HCaW(D3yl`L+ZvK)ztCG4V%2K9 z3pNI3tEt{c13Zq#+h+re3hj1NAA(w?sjf6fCaF2B1DuCs`YrZs9|BK#V>^HAOTJ@> zD^D?aG2+|d-T%A(ruf7a#$aIzZ$_5PQc!oRp-A@nu%%M((l;w~JIj=iQbHcen>E93 z3^w=UH`ymSaq;B`=d+mKbFe)zqT?d834F93jF%1~lP7=ghE#Ut-k6|5 z>T3t59NSG_rdC2d-tQL1@v@6%Zrf{va@omdhqQfh(M59c2O=7`@-|`a(W@0)65l;Y zj(clQhQXc`gRkAz5#9p?NJh9NSVt|78gb>5(5uH%nE&VBvKSDaHcxJ~P6 zU@1^EMjCV)7_^Q(d9y|9UHf_}&78$wn(p;0s0|^8&~3V%aMH2QS}=2NBeT!wC3y4# ze1@66eb_t$K%dd;574ToYB^!^v6WfFm_rV!MYscuq&HwiM|BWb9>q@jM^HJ@whmuo z^Y&0laROZcU?`9egK+jm(6;)2gc1V^NhKtXch3GuTSQxQ{Nw zaE;XNru|Fc^O`+9P4)t7&hlzvP$q}`&+SP z_{PE|KDfy!^sbvX0mkT2c{IFXRmm0 z-3?kj3Vtad>>Qv_ll)PJyv$eSY-&W&T-?mHcEy$-Eic_Ly>$+KF+wD9!qSjdma`Ig zkW6>(30zCto+Rg%T}sK^R)IWH&Z*dGEb2NJ`4%K z_UqS!MZaTz*L|pMNfO2{;VRQlshPy0tf1ta#=&}B0C}d}`Lmj+?|um)-(mZlETl+L zZ602>Vlp0b${&uCVoi>df}#2;X#cE^k#oO(UAKW&(w}-^gaR2gp4g&o>^h{OIr}x7 zTu$4vYT@5@6t=`V^UdXj(iyZgW2LBOKw!iu>atUD(%}=Gk!Y!~$edPLs#kxie6e6) zr3((A5`Pl&45Yh;;1cy8)1KszS@a7w!DJb-C}Albx~_lLgP8VkV<}Uql9r5Ft+=V8 z`EUI907S0KftaMyvUJGf0yKgG+`HC`1`|FDhVRa zG2x12`pr&Mcg@BBF2;){g^FzGr*1{7^&_QkzCBNdMA9*D^rc~T_bp@E?#D*jF?&aK zU|#KV!IsU`?s_rT=jyIcRM-i`7l;Thwib~kg(9;k)fiw*sVJzaX%wZBR}~_Qj=5Z9 z1ubA<&D{XMkt}p|05${cB=```3u%pUr)AhEjXsf!V_ZRQsw2##yg~1kKjpy6DIf;U zpx;ENr&_Vga*ifaO>h%+6)!$|%A+{dxNWJ{0&7KdNEEL4gSL;TY{)VO6-)xc$W387 zJg@Y!is9yaGc_TiAl4a1mBG4=BP(cZ-z=ro9mrIA!^fOk_9tuj|V`5Qlkk9f^iHQ3@eR%taAsxZ(E!>?|2eZy3%1?H2hV z5?i1UgX7Lc&rG!W_H+@yy(Eh*F;ENg2~JjzEZ$<+lMtc^B5 z*7vI>fpznNG#~(D#mwt*MA$@%&Ocs~@YH zO=s~A)L;%tyyu{mVSclt?D$y0`3yvXK?EBMtWpBidQd*OpM>E7llSHyD~yYqRlg5J zCDjw(M%=q!CK8cU=O{|ss{Ot)x>iC_)$;Up|0&|9 zQhhqgdqm=-e2F!xO2?jaUjvE!ah?C3EU7PvK6w)lrs!2}r zLLJsQCDjudPF!(9Oteqgu1tAXI+;ww&m8H^&3!RF=#d2x4Sn=0&9 z6EFM<;BY|nHyL9kh5~JtIU>Vg?8x0tfltIH>y08i{{r9E-8ke#gb0JDk^HUphseng zO|p!nVA)7N7nI?ObohuArt_--dU_YZ7h+xUDclj5!1~RUEH_euN`x$F zaX2DBe^0w4DgU|y_{0pFvIOU6M8dJ!0E5`pH}Y+GfR&Kq0ogfNyh%F8MSY+}ecaLJ zT5ci*Pme~hnA*P{I_*JfvM%5ok{?-4oboBf0V$+QG4S=z5WA%hZ4vO#jMCp9lH&h9 z#Qw9X0bu87MrZl2jDgP5)yBZg#MYVaAKjR-ilfE9f=Y_2l@rz?hOcUiPBp7*p*n>W zBsmDSm}=pWj0|BIKLlj>5m+~(xzN&_sIJ(Sj%wwAEd>HZi*DbiP=;*TrSq8`PRl%d zaYklpMjs5*4=)>@m)<3>p_2ShLy3VX=i2?&)I0C>{nhNR@7H%me**9FJzeS2dQiDa z_6W0q`36eo4{>Tfv~dd1X~<2B6iy*@>Cy7vGxQk(u%*$PP*Wr2l`H-dp!0pBNaNA! zQhUc%GN_1h+m!296$Op<>i}bjd`}N(%>y3rXh}^g}Z9e z)AHR|aq&1!m-QR1TnYpCCRe>y8+6w$<}Hn>)kvKd?H42$%G1+t6g z(&)J)Pc{a9dClsMU*Y?UQcSY_999@58BPtNn~k4yko{JfO%BtBxR7qz2W73`IO}Z3 z-jG;CjPZ503v9p5BBbpF0dC}ojn7K`3YGk}d!NXcQDOpxmbPcMg9V_08ncKC{O}9k z%F`jUXkmP&%p0X=H?G(x6#GK4!dzIqr!`kETQuY=EO=KLdG0LFzhxWF8;#?!EljhH z$<{oEbiyi?5qq)FsAMDY2nr4S(EA)E_gxzf+hdQjnuJ^zD{lRToK)r?X@*S?R_+Ot z&HiX*skZoSv8=;78h<1g5$r~M=UueucU%W^5i*`NcK-HQK?*)UwYMz0nWqo`#cVAW zz&v}ybg@_m3yi5dAcd(r1PWWbqoS%aXRkmGzo!7J<$(9@%G59%bHvA%lPN?kc9 ze7S`&t29`1G2piwl4jFVnshyP0!|sJP<9ve65ez9JEd}uP1<3ZyH5C2dCE%7X&og= zdKW^htBKRHtgx1{_TW>MVL8lAbDeHb~yK4eFfQYO#+}57g zf&TV-m<=|Kt@}0B%5RHiQ6IFQCLGAyJ03z64;7S#NCiVn;ENHlXLdqI`;Ddr<+o4D z+ZcRMJF9kbp(qt^LHeXYB5#W}txWtCZmpjNA%mvcZ9MT{CP;}}!`~G>0ptm_oS)Mf z=(6!iGU8))(<8M1#&gsJZE?k_&t~-wScyJ_dok#c>;MJdH{ko?j!w6Wn0%4|f1ZC# zi|>y4(?Y&^@EHnc0E-tg3^CYa3^n1#FZ$KWS2iad42N$(Phl?=iG&7xAgo)#{~~Ok ziiX)ZotQo=9_(aYeQ#cT&x?l4sh8hGPAGRgv7_=Za3lACOXC|`+^DYo1yOPFCKA}Q z0(dSf3buRl*J)&r`Azd^Q(n)uWWAnH*bA4Z6Mffxq_@~haI}Rjv5JLr=ZsJhwidEeWe#}yhAu9B56*RdyTZ<($>)P zB06n=S{y}Yyu&&Xe*AnG%kxEtFe#o#lvmM4j({RO4cY86CK~fh4mwdz-wfTAPA$?_ z29+Vrzm(?s#wzyq>aAA18NHrksalVbQ>$;{{SZ%t0meWwKpV+(h{}#2@1TPZM7a5V zW8(wB-J^1PD~&I$esGmj_r6}Bc6&Hmrg*zZUjyss(;GS^*JSQ_34Fa}FZ2Mfgn-xt z7lkfR%j|Hs6f!+t_USSU=&P1iGP)cEuD^=-LWc|PI)?*I&B*4829CF5j2`k*#Veh{a54AzB<4C@(FSLPpgit33d2kZ!kNS&rAz9Q57ERDN zUV)reY+_c!@-@C_ek`BpAfAc}e?yI;4n?>r=ie*YK*cIDEn%D#u*RV>BuS0bmfYF3 zmsdFtIda!!zR>+w^=yMtzd!3I*ula6yI}Xf)?$sUE&eO!x%?oT=u|Bnom~v9WekkW zEo@E14Q!3A|7S=y=fB(-%O2l7n~PKCEQ0QU0Ra8#=mZueDln|Eprl7gBePJE5W=MO zJZm@-z?B(~7qnrQLz4>6;qwc&mf();QwoW>><+<@F>#H9ZE>t(S&bI+TwPgPw${hr zTN5>|vxe5bZrU*66+ zeTDk%EMKZYm_M4a-*8~fkleBJ7H%kD<;-84foxvVV>Mp6sj|pSoM;0;U!p_rIepcx z-m5~(oVlxaF>t2OUb0bMydY0rd~p2mr+f1EIVfK4IlJ?BqadqN6nlzy$7xQ6)HH8Y zyk%JRmL1|^?aW{LLFQhFI9_EudRvU|Z8)BCK)%rZ2)(vbz`f}L_y+SvUAEIE^UhzO z+jhV?zZe5hU#M{Ws`u@jKdNJUk}|)$tbNH#K7(TYq<8XerfFW%_*eZ>CgEK^w1B>2 z@ho28alR>L-{^3@t9SiCm}})7xm(EXH^YzRV6mU>wh)Ig*}a{IGXHGO@v~l!h_xLY zfIop)wY0ZYeaHj;xYesrI<)(egmrj{ z!fAFBY8RyOeW3UXX1OnAmXwaX#d|nsPx&1EmNT&)Y7C25&VF{GiF10qFN?4)JoDPc zk;`ZMo=Le*d>aDBZTi>CAEE$Go|pymF)d_Q-Fy-=sc)N{KJLIS&mVlJ(yQl-fe>51VjvRuy!Hh1SnseGBDxKWd_$Y`eK%g|sN|O4eJf4b|svdN9A@ zFjY@`gR+LRDV8Zyd=5*aXnN-6PjV%OCqtZoygIBv-k*|vy!Gj>^DaA_?^3V@2F$7y zUDrrQaPE!G0x4=DCF~$J>_ftY$;Ofvfi2xzt1k|m41^(JEsDhkMek;~j^K{dy+L3+ zL<0LmN3(O(5IC@YRMKk@E?9%t97jvp@_2K3?=i-T+EWMZ4zW)m*I#ah>2R*p5;@t9TB?E$QsgOXd|50~omNcFOAH z`oFPW7-TWr0qHPb@NrAV1Wrn;f8~r-y4Dwf=@K5eqsJ}CfVJeY^&tofgQ)6}nltrx zDT3Y3WZFp43E%|O7^o%okHKdaS-FxbvB%6p8Wc<;L^iK@7B11pb;uOT~|#=Bd~$Uu@5&*z<*sN6>22+1j+b|5Nd8> zD&IE3%_=jM@fW6xpL1Ggsk+-PCw@0Jjj$FM`m8^n046f^GBzS@=W2 zC5lyBz&oKv+cSv52U^&iNkD0~u{rN|Lo9)H$YHGmIfG!8R8Dlf*cO>vzh=TSU< z1=y3~a5aXy%Z{JmgCcccM0n)l*K-(>A(d9pGrl)~LViB*k7AW)GMk43N<T2-N)?FwzF;~{LVX;desS9u{ z(pa_sjM30xAO`+UCb`zWsxG}mby1lfjOfVVqU7A1%a7)H_@i>(Nf-RHsqP&NxL*ne zdR_p=V%;BySShc+bmS%s9CCF0)@E4Jqmc69I4Cm;9SQ>1%sic#o zGw}QMV>cLA&o50=T4W6-x6~a7)29H_*kP@J}J7J~V=TKimK z+s%I{^u*u?PT@-+XkbJwN)cS*-(06&QBKI(PU#(v>SCX4bAPZbW)Ut|K*Qc+$w6G_ zOHHZ8GOP$UR?$3ta_%Yz>#WuIItwt@u@^-&vw*dvXC1@{^dWUQKJbG%MezcyH7 z8^+4GAs2i=Bz13-j_Xrfimilo=>wZ;pi&_mJi#`D>SI?p9w1;?U6^x(YVmQXSB+k| z(XYdikB#+O9pukvIQJI2-tuuLp4E=BxH8X=kSp%RRoAVPOLc=UY`XTcS;!XX9;JvryW@@HeCaKbW^dTXuL_;p2A9P_mPvncf$EuR~sd z9Bv5BxYS%8#I8d=uE!sAQ`D>vrPvi*v=({-lubps;sB)LQMNwog~x#xvI{N zQGhBhfLQL~3HC!Jq+|FPT>SJ5Yd7SpA6}64B5rHiukMM)#)l&d zKlDahI?OK)U!mAZL@L)KV7t{P+HDfYpV44$VkL(MI;kXNcTS|s!Anr}4P3aPCn$!1wi|7q7y%+Sti#rH^ zL+}y4`v=L|&M@B_;F=J5?xb|X?Y@wEoMAP}=~(B*Bo`^kw?doi33o5T*qzyLYw$az}46MP9>-K;yKyauSzNo#p=Ze(@q%#X?yfgq%K$sa2x0982m0 zLZc5shEX{Bs0U>Zak_wOyn=|R=)D9?PCsox!h#^D0c) zq}(kM@1*!+^jt5DaWEz`(|MPiiGRq47oQFq|8nFAw7ST~01e}t*unRqAj?&m$6Wa1 zs8-&<`E>MxDj};I` zY>fpR&7A(ndYTd~1Jy^55`6r+tO*LO+Z$pPw3Qzo2<@;7X^3fPDP1hVlMM~OQ!s#{ zMw>G{aijmDdp(TY3snRn5lBG5)n1C`SQ$es4d0TV^B6)CrTHo{c%4nZs&0_Ita@p} z-oYp!s@|?yKZfBpo2~Lpr8Wmf8f{w%xmKsQvh*$WIb#68-=s zrbaRrauSAIiNBzT^C5_N{o@3+xjZ051%R}k9@XKdXrMTnfJ%n)Vefr0@SMuOKv?h#tLZKBF6q7zFl?1OsyQ4#C@;Wx%<|M#9 z)E`Wld-wSi5Dr5d8}5mNO(iS|q?2Aqu^^PTNle_4s=`oJKLxAyrd$^@)EuD*AxibU z>OP3|MM3DYCwK2DSclL3%>zUxM$xr4ewgyGI8X=c`xT@^m#AqoZP6l>QZ0moC3i7y zye69Z*hQQ$;91zoAEx*^EzG@W@H2j8w&ni zfFnf1#oWKPU1qxSaV!fHm5a!Y!~{%V)j|p+c}dJ^Gr8UEO~qk|_RNhKI%(T7J~M^e z$1!?|+wMF@mA?sAxrk(Onm00Uv`<}dd~#0U=nSlCwvViSjM4_*I94EejWh@#v@jQa zu-->Fm1GieGY=J~AnvnhH_~(J4e}n?M-h3=WD;vOrc7pH*`a*Y*BC9tdW*`Hr!Yo3 z?MN=mfl`+(sxu&INw@15S+fUqMxiD;Po{SGkAd_#pmzf8hYbSvZ{4t*|H;cI?`UUa z;^g$BBNlNtGWq9l{`bI}%Bm}}7(!R|AW_`#2!wS|Lq0!HVsu8`fd3?t(FBq)+Blk3 z>TP-4hG-^+r)a3R6h>4 zdmeynzNsNLnM`({S`d0abJ2YC6g}s-`B1UJ(f~&`-TAPQv1ilq?wa*;-+sR;Y%iap(}j{>tF}V73z5qG z-KbolPP#U-%l)f{D)=nd%i+?^Roos8i`prks~R@qq=y}{MQ7%N=QRwd)fMvkZ#{AC z)jn#W1PPmj;vC@6nslKqfK27W-Kk9>W&yqC+uk6I0%`TVxA0T4`fmJ#ktf1>bV$F} z2;!;jmqtmQ&})Qa-`!^+_b&FD5fD5FWyX^aN@#9meeQQcrS8tn0?z;M;w!^MF1uXWE$QY{yXkMc>NxA(XL3cL%b zk}|j<%f%P&nLMDkjYI&1m-^uGF)QssWk2(@5Yt!o>KE<^7n9d@V>_i3_2sM;c}0ru z5>+^50_J+gojqjU<=Q6d&o1CQr4?hLuASS%ZR6j}^3-l=7b|Tv>XfiF(u= zh|nB^YK$875Gc)APp~CDb(dntGie@3l&kib-dtnm!RaGFs8ZzvA2Fwkm)y~c|H@f# z^H-J~WE8&gTil&MhtDZvMaU3)$o?0Trk6DO_;!dp#z=hL9UYiGP=|b`UHq@4Grf7V z&@Mh4Aj4aBEDFP0;1jW-bFeGPs3!3@Ttr%9+;(+}uh5+tb;{aEBZK-E>Ji?LeFq3l zBXoTwWqgib7Hl68lk~gqt47L}t@hM{=oxyhjR$9CNOvv%3$h;2-NXSkX_I@Yy$z>iSo93m7T-XBtd}9z23W6~peL7N zl>yN^WCEg#9XIWE;2-JQ71l(!)6Wb_$-l+^{70eo{~K5Sr-OL@U;e9a8sgQusz8Ot z{1ts45P2Z;YS1WAC`_0LgnZFzX9+a*m5b6W*uieRr_HtJ{_Zlpmq<=vX$+h9lBox} zGj`d_wvH_Rz&K9eXVYnpXE)s*FW2v{=N2r0wc99vFm9rJ$TCo3`_N$xQVunN@doZG z=pBc(D1~OeVYCQ~A&?8vM2u397lM2AXT!h>vM%|~^gBaMe`v}$W~N1ulMx7aT(Gz* z|7v=V1CRwH(O&5ELx+IjC~E&S^sRB-&c0~9!`sYXwM-z3QEcv=qXIBinbyvgimX&- z9Lf(NqJl+ahMzpx-U$>IqENpRSrMbNLJMV_9aq>OK!zGx; zQ6W$NPSnnTm_4WBqnQw>#AIP1xHO@!sIrpEgv!ERd~UfE*{wFK_(vd@N<}Ac%7mIA zOedg8gSiGt!_@h=cJ8G8io)-RGt=7Kc}1QE2@WI5cG1$n7@U+jl(Y6$3X-z-l4w-U zrmP20qdPqtG32Ex@ps}N$)Yo)kTC5z>S$};caF$~lvoUd_t6~SN zelCS+toeeuEU*++G3VS{dx*tb$kpuD;+TJo$0|P@R*=bgyGr>(dbK%(CTkwDK*bnb z?!p~cm>W$z?oF{r<((rpU9X|y4t5KxQybQ;!?nIL zYv-Yjc8k+p*1geGkG+PAsW|{&mBwf2Up_9cMf%uCy+`(uEw^Mqrog^3hoqcRuV27F z@U1BDC~00_Pr+e<7IEQ0Vm|7dUPu&{o>yQEFVOt*msI6L|uQ_+^1 zjL@3j)Iba+d5p;zd&9xfG+aB%CH96Q7?PUv4GuOL5hBUjhzYCG4NP=MYJU{WPB2#K zErKt<^gd36vATA$PM8W{T&%xlYB^bD&5tESjbN~S1pSGfXD!^=XbLYPUG({?aiva% z0X0R|0pj-YFHzlr!bT!-c%?EK*Ql~m<$3W67J2M2Iz~1^9HA|FF7fffb_gKA+A?B2 z#P5hXsoy1?H5qW5b)IkBp>)vTy1+&b6FQ}A{c}C$wA-Pk_0qM$^3;Qu)#?EPh#P71 z868m#zqhb-4#9O;YToo5jO}77yZUv`b$i>#SLDxi``+N>s>>_@Rqmb2&uR)4& zwbafro!eBNb2bx?Rj9^M=dJ5dO&UvHc!$O@y>RJUrM<@z`q=yM(Y6K z5dcsq3zRYsMZ_nC9Q8|p7u)1B7s;OJ+NaKfYq3)$JS4%P3Rt z)^oIGs(wJBbqk1$qrIFLq@*mArjIz*9x=Ele^quZByxYTLg#QR*}^1fxnMObISYkE zF`3LFgul7c8Z5K8Z!FhyDRfIm387@gb@OS3K~m1p>gNH8$}zq6hHzHkbgI2k!w{NMLY1s$nAd34{YQdygl z)i9q#*Cb75%67_ji9miz`e53)`?{&jENi6`Jyc?WU!VTI$`7`h0-mTr&-)zL_np(L zuP@$S;P&B@)QRM#KmIBdRhB9Xbu)S6u!5PoSAQ%xH<}`hx49-+^u|~iPdGng@f=CD zP%{{=l+nKu#cPJ**!WccDL`Ei3(M6M|04gO%~$*3cJ$*hwg_SYlU8N zYy};J@|-wIwH6p~GD?2Ra}LE^XAnZ15z_mtLYEvTDmA%Dq=`SDZHFeMLJ*nPE9SU1 zP~&`0m}cp2vkitsN28EEJ`(}rU|64s3(O~k4%t7zm%+U1F)iC@r4xA6Dr=F?M-iW9 zpuCxjX_xF*1G{E5TlgU>7Tj>tVf09uAzZ3j_-8o7$A-$CzalSuwle+!p!ENvwR~*%^SZyd! z(#J@e@PD?mp_*eb1T__VH1;!I6$ zK08yse|=q(oFbyz`d-j|-#>qE4$lwky-i3ES~6hzJOHqzN9zS)NuD^`GJ3?ub#COh zu8J*kFNY0!@UBhKkWN1Z*>V-8lkQ z1JN?I{Zwn?M`b|*42`nZ`GN#ASe`?O+%?oDtRQelkZe; zm=SyIl-N2)snbBPLmW_}yh@Z(gM6wcwY#4M>RvmrlHRI$(Htbe(;478@K$FSz2A%^ zV%(<47jvln5cO$Hbc0;6ahy2d#T(|>-6z&N-bX3($=>x{-7>nt> zownD3>L+|FhUzDMD=-*_;-`H}hT^Aq%M;00@-iQJt>UeI>k}DA-mP~F9EqpQUH($O zXA~Jn^%cE`9LZPtLNG{%%2)M*IGCsO;W4Nu|53g-jFPA5t$F(kRmkP%cYpS3$-jQ@ z)lz)5@7a-mmG0S5d^N|-3EsM)@D;ptMD~=uyhr-wzl25l6~7Ee=Akfr4jklVexM|w zh7S`}G^>;6#1>~rYAW%Z3spE5XN~^SZnE9~;YcjmK{2LOZ=$XtTV72I8%%94|-(=WhgUmHMl>F{p=J5aM#rsfqdx`2X&qHt3mCcz$~rt z%g>+WS6FH-Z*8sB6Sn&7kHO{y#011rHP^yd^-Apu>*d<>6z{cabP{96 znWi#KR$&qJR~J=OZBHCnNI8oM@6Eaw7xmbQ5jRmZ3Wfh!ChaR&Ig+QObaJaFPHqVw zv_h`PJ<^F#H*{lO=(Lj4DN9gES(@ zq4)vDC!fX$THfo@`p#=Q%aE*9M%zk$rpjha}@B@Ts$8AAV2Ns2K)fD!8#t z|C39ko$hD25{<#bfs&+$Drb9a zHsnM#fai^jho3b;faCDj#fUGiUDl z>o8f^?&%Bn@;V6%G zxfsNY0OOc(0E{lw*f7F+`EZOOaCS9MsP%N z3$+P!Z!;l4|9dKD7O*&_eYaFA{t~FW!DXQ9p84s1z!z}O!}*vuY?EeI+D=zDEj#V^ z6jExEX71qVWb6w!(h?$W_OiB}y-OPWQ_=0wreNJ~w(S>t4hIBUG*f9vJ>{J12#>iiW%MlP~I)$+xZWwC?9RhTc!`IQb;q%Nwn|Kyr!3y z53VTO(y({~>Mx$}zk8Iqy~1eU33Z=jzDoyuS|7i@sF30Z{gROVj{Vd>tm!cfYpC|B!bR2a$g6iQ_mqsn(#P`6h!i4-;%HCWI5L@2$m(8E?-F(Te^4$ zj#wti%2vh@C6*Pq8C8jtokr>Rk_Qp#de4gd(t04Fo*{ZbKr@tY5{a8nqbb7XWTXtH zvNCTpv-Hi_U17E!M>mURi;)~JXCzG@0!>x0Sx6re9#1!xM*CCBk991LC;cln5#sFs zq3oTaERD7n1 z#v|TSDpZJC%3EnsSd0EDB7XWbqPm#(0@(Vw4A4} z`-_Sfs&%QKD{$@ywk4Q*P^W#IF%{F0eH7c=qqE_Z3jMiT;V0Ko%m?> z$3-x1!Fwphkr~2BN^A(JwF=C8FG975E@`?Lggjz}O&^8bIP}EXNgkABz_nVsvKcw` z8UYZ-3cI?uRLF@0MLF2%>~xWA3LvNOD5er`A8h7D4GUMQX~-3Uw!|>iBvr|qjn<=w z4+~)t@f=4)b|NF46?q|Wv*S6|$}sli^mCMX2|b7w_Rb;^EM0WrN+oys`AiEWl^F*9 zEFenM`y#(_kKrX$Vx;tSxA8U>_CV~W{u-RCVI?;~YqFlU9th0i$&%*)Q?8{~_0IQ0 zb1+KHLBnn#JKWYwFktrJ+rQVh+KtiCK#8TZ#D@unL^;|pAw>aRB-@Tc0vjwogzn+K z!lSv1jLb|A6nK!r)Ql+1kx=eoLlFPm#-7VrpoAbg7Nd{k{0RdjJH_M338a6hjh1L% zx^Xz9y5tqfPAs3|ouh*!E<{RjWk+^$L=Hu~&X%(&wIdu48zg_+L+Be};@uAHxvtBb z3w3IRg*T{1Tb2^wYPo9HX?nQ|e=T-$etSuhzzsPS5#zX|)3fhS3oG(e%LHBl)(GOI z{0IZu5f|w=s3ux|)Vg_QgtRHdH0=V4WWEvfsHyeL#y8s?GEJV&xEE_rD=&cq2lY9Ll+5Tjk14lM5Mi znHy_753u-|PB$nF9$&Jc_Zly>6h`8PGq+M{Uah>x^ahh zz$2&SNr59q{X^;^t+M|_TZx1FAF1K9 z?@4d=AZKjXReEmW*=3g0GvF-Ou1V02spj22A`q0WLKN4>$r)fr6X$xJUKSWRbsI}#}xaiHQ7Q<@8B|#u4NfaGf85tXQ z4~Ts6eg#bdP9vo@2DiLIqFNd{Qn8x{!ajT97r^gvN~VHOTx)f-h##e8dIC^tAH^w~ zBH40Es42I+aHwK6gM}mHZd}-N$yr?87C)309=QYp6{y0%At=eZnd>Mo2&?#JlTDr$ z2b)Z~B#iATTysh#-GV&gzmx5YVIz3pnNd;|`DF@tTToq>Y_R-dy(xNf;nkI7pI7rj zb6u*U6s#+7U$nj`LOdtzjJO$kEBfp8j@}daEyKRlca9z%(W(e_%0rovmg^;{^k6`11mD0U>+gj@45KqFO$E?Yll3DID{Gp0G!zaWT&R~dcvaju8{dAUzVtwE2eE=P&Jo!{N6iI|WEDX?NvYPv<-c@p6du*z zv!rK^_Ek8pKI@j(zXdb>Go^64$1Dm;%f3K$mrtxVdoeQ+ZP(K{4)X6QXuUAwWD3wT zjI^be4(peltA!CcYD@(g<#J8W+Z86X#;Tn<$M=-UQXY;EFk7mP5gOanLW73 zd;P#*%bSwy!0J1U(z{b~*2wy)R;|X6zigv93-|zDdi-loJ_+Bo&GYbJ3`WP@dk4I# zSDXf|Q2&~XB+;uCAH>Z0(4|XUfdtW*hFeymg;5B>2wvA?Q_SiEA$S)-xT+lq(uk3)^P|=)ue3-E)Rh7HeeQg zIWBiYoEiL#vg2!Q7R`ZUGE1qc5)iG2qWT0%}Jr9tb+! zS5&f-& zzmOu3N5+?OP2uRAxoU1f(|II#wJ?#8#3sIpmgD5jNEwa=_{RPm4@OOlNn60u2lMMn z&2;19>ZeZKnl?+U*%@60;?@DRQKT){v)0L<2nAl{I1H5)7BYrE#Mj2Y`T%`bc8op+ zxBcp?UtRRbJY~xXQrbE6PXBr_LosEk>;7=s#Gy{Ur>fllH4}_xc7fhwR$&{6!;xtj z$n2vR_JLkQTn2p~ujoj)L-Oxp3hlkdE;X+z%H11)ei_`no-ylGmi8XEPz!Ov)EA4@ zMNoXoqZ|8C6D+e=hRk>aw-l1s9Ztf#U2_9yo6{k6lb zwW3Iv0Ry)MQW(-x=LL4G0>W)E%ga1pY*3M|aI~er9M6aIkClk^HacNFHrrkA8G!aADThMmzBVjAKX6X zM@xY5H4f0!Ro1Vm>op*?^$#H1kEej6EB0TpZF`U!mV2-orhC8~1AZv`V9!}VRo895 zR@d#pvMu`H91_3W`X`=i0+g@Zf9YB5fooXr!E>zmk?*s7=>7y+xr5Bs?}2bE`O)vw zeEizC`GD`|`tS{Sdj0_VdWQIgbHxpWbBzGZwm|@#ZS0R(ztIchQ0vRS&+|bXK>I8X zbhbqRqGLb+YX!pN(q|IuqTWC}t}Pnh7V+DD?m8_+d-in9l$kIqZ(Q;%iRh$9Yx2c{ z^2M6cUrO3DHT9vaCD|Nw4V5&Xwr=1Q%Ick%B69g0%8=2KH^CT2GoZ7P zNPFc$GP63E{pdJU2g16{_imA7fX4P5RwqiH>G-W4xRXvzVMO< zko znkCG4P&(BUxDg9HhQorXgmM!L=Gx=TL%wNFkwVw1yM2+$4Lc#+CqIuPJBA{Dl#~m} zcb`jrOtN=s7X}flL(i79fI)6Djtd$b#{(&vC-`sQlZeB`6BC-tisj3|0N!_v->sc9 zJNqv1j%djZFJm;}D6>XG+GGDIf{cc)Ln4C9iZ-NFJg1|4y1b{EXv$VQ#BiaJ2Jp3r zCYCaxVrrG6yh>vFM=H50_mseQr%@#xHgC;4Bc@K#dVEZ!lojie>5B16HwaL>{X7;( zyUYDB@c57YYO?CGJ(d=atM+1iGM|w6MS?KK-`f%b%jrz6*-O}PDQS%@wLhLhl6e{~ zq5d4B@-IJ%LNQ4tY6bnQSGKZBg4?`*L5g%0$%*zTmXequpja`3&``x(LC#nu_7J|H zUx-9A1Qy3QN;ckH-!W-6niGGk9d399e#X$zHH?b1_GVERnG^2C!Jl!Xn5Ii<6oI6V zR=nhd?9s@|cQ*hcF|!{*Q3FWMM<3?Xf>c8j0+#7&0(hIW!vvhANQpK(FsF97FXM$q zb|Ku-E)q}%qs+pSR64xkj2fXn5S4ySiUmGMHLNL`OXE!=>9nc;Usf~Yb7lbl&vS+E ze=G;1|3Ca!1^>%rEo10vXKeBRy35qG)qeyM-(*mngwgD%tSeMnHG=&rRpkaL;rR=o z^9odYoA49qurg+g6C_63-c2i7+P*jRcP*{ffzqp$2-law{}c%-zh+4+1d^evIX|49 zcg^#Br`|p$iuQo6hISZs2lM+CFoA~*Umeu;bui&1V4@|=w3znNvK1x$em6V<8v|nq zwPTJ-=^(e`4u$~}gx)z~Vvm9`#e`@A@kYmB!X8A1bTF(E69f@PL@pYISx@QczptFD8V=TR=k(l7Z<{BQfV;2sJP#7*cs=}^_7gbW>WtsBs>-qpM$ zth&*j62skr9P{=>sWuoZdU$j^33j<6UT%E>0>INAO@XRWhh?yKakwV3RIewxw#t}D zR{Kj81vl7gAYLy57VCN9p8-aH2W6d8(+~OMNJ(0NfUV;=TUp1q)E|MrQbF{du_$*? zNbIDu@9h37ecc!YG9}d+30+&6KFErecgT#Ecf^Hr#o8%2@O?reA$VLub`sO8Q12Rn zZ!AwvqwY>Kb7fbPrZC^B@}~j#)E3gG;zzQt0aiJ&rMn4lRb;F3YoC;?X6keoOSj)^qIjFY_u4GYYH;z%#T#;0|WYsU2P zkxThFP4iMsvx;mJ{W%@eEw0R{jtc zteR-_wKNfm<-tZRT&p{BCT075FXN!7RNC^}!!>2;Trzu6cJ_-E|Hf6~+T?1)tylRt zFYX_1vBDi&1!jTJdc8OJB#6B?##;W^b|{5<3snHy6Be;h4|1>dPul=d#qr&Zk-`2#+W&rrSGS)jK_jm z@G(oLw80cxo1l<&f1;Ao&MxT{q_^m~00OG|Zr`)|-T>a3SL1*eCHoMKKHS|Qjh+#T z;Qr#|#pu+4dF?BD4X8OEM%y9%fLG|cXqiBOUT$%aF`Lj0-%+REQR_B15T%(b;LmoS zU_=&&Y?ozj{4j6v9SrzA4uC;;ml)O<-TWT&><&V#`xA9RB#U}Jf_Hig3?T}Mndb`6 zh_<;e&F}SG8R&LVoS&3#VU7-ToM1>0*NE<9nK#;<3pW!{}Y9tO!f4)bw33zzun zggvN~{2VbH1{dS}4;sfkY8E2ux&J6h+zKf}|I59kU)d|^_X#8Dzy6ox_^vM}PF_j} zvf-p8J-E{Uo_Ar?5y#B^Gm{Nq{u74yKRqQI+uPdySbphcES+71|NHO%Axr(4&N!;5 z-|!tWkjDMZ`5wf2yX~ttMIT zz5UHy!O*mj6YEY(&@9~whpKW@*g5^$sYh5T$yZIig5T=mV$9y30oG(~Qk$u_*lLp4 z;lc&#zD%!f$NER=zC+7SvG(h!Z6;`G+llOZ=nU%XD4qQNj^W)0@2Ylo4m~paYZS7| z?Tzt|(rE*87~xqqvBnZz$XA_JM*g6&X1-?_(qdFl%G7Ynq&;=?`t9 zg!_`FN2S5^7cI5jR#rwT2@9TDR-THR)$f7zigy_#>-MS95C$ma(ZJ4=t0Rd*B6X87 z?R0{`0MutHze%}ym^qJ1lqwD)E-ES{-_zV(IPj_HT7YceMgNc1=5B8`L?}@NHs5PQi5EMAd;2voHslo@7HOtMrNY5 z#Z!2ajBM?YUMf*Vh7~4X)%32aOk)qxZ;i4=uRw`vwv0q(Pjiv<$&%c=FfwR&?Jz5( zN*!5f*A~Pj&tk6c$ubgyxe*xqAcJ#~O6^F4i%dCXXBAq9#^*A(vPKjMPi1k$E%P0@ z!%ZSsz{uy@!9<_Ei1RidivAt~wK+Q*e*}{)ir0P8CSIzq$b_3J8xK+^;oGxA#wzVu ztiF;H9y}i>PpZxT*9|{=TRE|xhc0$0%SW46E=gmq3B z7-ts2>>cV%E`;q9$cXw5U!P^{Ou8SJKi`0gffKV!ql2h16zWw z{TD0Cg*Ge>d3#7^r$~~?2bbvFJT)G1ua87Pt`mnSsppG(=Qa3Z6aOTz)0koid}|oH zJB5Pg@wiox5ld$WLzn*# zVb-YscZ4a2%w&j(s#p(+-VK3Rr1A%Bn20D}k^(QJRO^}nD=Bbd+Jz~2Gpfh3?q4Cj z?}hLM7`muSAXFIG})BB49*1$|ay9tQ^4VbmgUc>-)&K^pkep)2O?vYS5BxMEBD`B+&G9&U) z&~5aEeoMJwJGn=qOpX;%7H2M6BlW8|N5#+h>|Bd^x{W0ob^a=>iF*`=6KGtHL0*+-5}Ll_|&L#EVI8T|z8R?^aB zwNk1yC7Z3zZB(wk?->}Y$gsAnj^ctFaE2YhEmNzY*NX*9Jmc+E07ttulKs`%NG zAJFv+xKP{>Pf7aC$f{G;upzTJy8K>V92-z4*os$V2eGnJ))id>T>c8E9Y@{~2}-M6 zCrmPF@D3{iL&z-@u-tK~BA!@*_=9ORU4~`Qiqe#z)@?-vtxG0X!mcLmT4v#zE2>M_ zmNyTWY*Zhf)s0O7jpYX zt1Jz74Q3l)*4ZtxRcXh^Q4|L0!12_x@=ep67m1_FPJ$ybQj+-O`B-=$carT9UZ@-n zs(n1D+e2QfO4`ApdVj`qq@j7INWtrCG>JN3#G#v%4Bfvj#8Ws1W30}j%{S?`fk~~z z$h%{{;9}DdJhPyD$#+P6sdrFfpgi$+hM`qoa`u>%Ej*xQpkK~ zPoKd0Oxc@@u*T)uoN}qODc(^9&W;lcb~q%dn2hF@#SeD4>bPDKX)NY{3SBl6d0F!o zx4Tnxi56Nr$5d6R(bK}SyS@p?raSNI96jcRTm47k3aqAD$b+bJ=Je!KAi|2hAJD&W+w&8po(EVZU5 z;)t{QdqCQ0O(T6oA_v6x!sJ(Sn@(WxEzFCbm?cTkmp4KgFFDzcG zTjGb6D}@cE`yd+aeLkLTLth~T{R^tMJmFh_2w@x3E1b8r!icq8A8ST0I2(tOV1CBX zvhZFWJ6Z7u`me#QS~b0`@B=#||D!_n|KywapMzW3#n8p|C$jm!fzbZ}JXNQha70mg z@p#1)M>#0aBLWRb1>&zbjE_j*Q*(ZAK{>{oLO>`MM~YgP61VVXA~EyU)(0RQ;57b1 zmqJr%m=5}92sLt@Ks1#KQ(sc)x7{1(JlC`HIJVdK4Zm;flQ6Ym^KJ=-H zOpn=~A*z+Pz4&PB+g+~i-uMbCjg<^XgQH<6K`$*|*##S6R52T`^N2UVpqG+cE_w}s z%)J9hC+e)Ub!eXjE`RhgRA@1oXq3MTE^R*P`pY|6yZ6mx4JxNzPkKCT+1_xj#vW2Z zuX%Mb1uvjhj&2>B6>3!8JowsmY+EPl{q8AML!1l6qf~k=c&$SsBGt97Dk{DWMVqSt zovG(JcBpEgwo(1I$8g0e5AVv_wo`mZfGVX9aVuJ#1CBw}uvHu$=qi zfOVIPitiq-)Ca#gpa7v#-V;-z0Dn$4jD|M6wSAD&5dl&8xcWM4Jr87anCmYCry|+8 zFX~4}FwyxZe9~25oX!!)UJ*R_Iy_9Z3R|7k9tQ!=$9#`CyggE6p+q`}EFN{0te@YQ-42F@{x43p z1gSD$%PJ+z$iVa4LJgJ~qELXxxuSCw&?cWIw)7qXv3w1Zid72VZ2c`~(#95Q^)?$X zb|7Fpxm$WhEBcCqE1B6v}UCeD4eo@JU-A9_JIdFNOcdY_L|Wd1 z;wLiprpI%ky@e{HC^4{w$~41`S5T2f8%u-@wsDKhG>zi86a-5c&-mDvqy^U+}vbg#!^LcH#q2ILD$%PeyD>%mLo@IDc3zesSZdU6H7^= zH-g39VrgWV9q8v7J>N4?VA|2&AFuE2_ zzJ^smvq19Ub-lL)I$M|HONb@G)!&hS{p18b_X}J_JjKjh@0Zccvm8fJLwg5Rv3ncE zghJf{__HV6eYejav+ivCUvJk4zr+-y4{%2dG2;$s$c#Mj)LCUJXOgjNTaLJP=N*Uv zZeUa8o?1E6->+qr`2bmsHycBK= znygLbFg8Okbvuc^VAU!Dz1XLB7Hko{?o;yIOsW=HQ(B(bqq$Y6UQ`#i@iGHH^FjK}GO zJ8aFVuk;rWI-F3emfJ9$<0q<Cc*<^sc{sada(hFk)9{2S7N1AF)Ylbpj7g29dNg5d3$_e?6mg7O zLpk3Yd-dq2(3>%v7c#R}qqQRaJj0Q?_2RE2FGDTF#zj_b+1NcFU-*%5{0H1$D~3Y` z!F%2Dj$V63p-%GlTdvLmnR6VWG*P;zMrpJ6!*vn*p$xvA2Uk0kMW6gGfFh;#Ag-Cl z#1FOYQbZALtAsk)XY4e$yc0>IUVLK*ZWI|=TdVi1BmC-zh_xn5$mwW$Iru1{P>2HU z!x0-a*-HI8Ue10E8kd4G+rQH`GF-Y+At8T}bhxC54SneKpW=kg>*5h0yEGan6Xb*S zez;WDorU-IN@1&NssY(#r=1%0lh12Gw-$2*j4-NpBV_&s>9Lg-dV3Z#vXM+eyx*&jtoUsB;dU82P>;(h)NSj;Y(K-WCUlFq?fw0LVHZSdJ=DmxSB zERY_I7l*J@4t9sN`J~htG^O~rM+EAoM+c3{2_TWyhX8p+I~ujCBDrJpD+jIjK=aAT z$0s`MxqZ%x8oY3^rUpx{O(G*wLybF2=-MvDsrOlPLU9PieYy3#WbS~oTpv<~SBr&D zzKdlh`c&c)YMs5ABM`&F1}5a}o+#!X`xpI!-j@rLnlgSRbr>>vFJHb_fh6m)f-hDb zVx-DOnMr*NiFd^Sm5}-nh-%0f5$^%Py{DDK@4vi6s?95N$u7LC>l1!;LRGd+UEzLV z&n@KPq`4JDx!9PMg~8~mJlZ1@rAx{rBu6O@hMZuWz`^XdG;Zcetjv1rWm}8h~mfHiM_=^N7;^~9r z?Ew1oyveloz&eH)-RXUd=|lEuuq(Yf#&rYtI1PVR10Mv81#y`wRpc+!Fo1r-;IBc{ zfjP`#3nJ8*N`+Shp2c`G%GAR40Ez-}iqf_5#gqI>^>5(+nse9LA>JWBx6jD`c>Dan z<<2BbZ5;kr2&3ukjx&Nra6rPOt!yz^R00a#HiBS7X$b|@YUE%Ne7zovLJ2NqIcMQc zBHOsB>1O`5FVH9S?|f}PE|nj+jJJ#+pP;hrW!Bi;bi!>gw`k>RcKVj@Y&NIs-`5X} z5r%x@eQOfeBYTo`njuyncSYF!93Z|;z?n;WnV6yKI7y&#^AGqZon-Rnx%j({x4lLt z5rOvsNi&DUy}s!pfwfVOlt6ug9L=eMkf=b7%EZXcu1|=L#k8OLc*GXze#d71Kr+i! z$ivxF`<-UnJfh$H<00rWs#&PkeyUjApG5dgqyD`p80gQv#LAb#IX@?6Jw>_w9fMuw zvs0*wx6XAVP(U{iciUGuUcJ|Np0vrkdeUYQbNuKQvuRRf zl?VHj573@y)7xP$$|kwpTBPn}<7^uhi93`J;2m0|FQw!79r}cIIiP(>5exzwe49*0 z3#!Qxc1<)7A3XPVaXmcp%snDVadg0EE|EOHYbJ;HE-)6y-$-pW%Crh%G(ew1US1Wu z4?V+vO-uI>l`tKuxbZ@(S85d23u0hcO7k;Zwl86q>1HUboUzCi&n+dFGQNna-}M8J zr=$P6yQ_Z8m{el#qes}m*(jkYY-&*XMWlg=Kc`rVx}FIEt~saPxCYaav&V*jR}0S> z7wzCWb70foMFWEd<|@LHxO@q+vVa1?leuJ3AfZY(!^Zc^P#S%WeMbmIL(+o_dMZ(m zO`rmgPDTtCWR94hGd3kqzYQT^Z1JxG8BjiCpMGX0x<~$SNK=3t3a7w8VZZ<=(n!Wb z_aF@BI+wJdaJlRLqX6i>2g`&&7zq5)!B@b60q>v$fOuX=t4cc8{P@WLTh}?%1i7zH`@4ER6oTAy4Uq?io+C-v$q( zS;&Bw4&_gJWNs5M$7f8P&F7y6w?K)(VP2t6@JSD8P9Qxf&*Jf^*QG%b0|``S1TE5HM}f8_nX{;3P^O&cRR>Col9MG;wE382L2;jyNzy| zRi_HJ?aV6={IW{Mffaz^d@V)A43^L!RyJeDB#QtB>f}fATLoq%><*z&uc*-5NYGpn zbW<~btwO{XKQdW65rXGpJULIuY3~`k(=AeRO&}3qodTxk-qQdZ>R&CoYFM^2CQ)Zh zd0yCjtZYErtj770c@s&DFO%h~NDNGfg?*2;(!;X&MpMge8iBrS$3sh~e><@xQEu64 zE^Uu+POCt$3H>Z34%AJ%-~Pf!+MS>^)aJ4@s7;EquB+gb%z+)6>Fx{^(;o}P(5;M^ zuG@us)jBJK-Z}I+R&ccdu!Z&h2YyWTdzA4C81Y9bbHQ`U1CUkYPRY`>`1{`C10!9W z$fr@XpicD-ZckeJqI2soeaJbNv26k9^-($o!%gR(W94;Te49UZST=prm;$xBcr_V#=bM!4JscE zr7Oj1us;t=;8rn*L26OF+xpVNquB?8SFP-R)im+^sHt_FMU`O)Pxoz-kkK=O;W$e~ zU3w{JyV!of#vx`YIAV|xsnI-QF3}=bq~TmPk+h3*t1?O>c)InmHX+GTzSEFo)7;ls zb3yNg7AtsQKP!A9ZoLAi*#L-#WPYui%ny02d zN`)NNl1nYRIqGb--6IU*B(2V`Yqqkd}haIRf= z^z>Kx0T$N_RmNYd)_Rp8AthUGi1|{WZrrbK>!*MS1@9QL$)%E}ee0Jw8J)R~S>WBt z!9*(e^#!kDWS|>pOGQd_^tX6L&bA_{j;R0ylGnls-s-1Lor_^Qe!C9jxmmnf9VI>k zacdqxC`8z-2MI8Uv{5{q6s7q%f`>&a>#zh6%)dX|B6tC^Fx#cD!Wtm+8_4=aD1*Ky zEIM}6F^#Wp-9jS1Bu=2Z@orOHzb&m2$)DVzB`qPSX=p?%AgjsYCQKUwQO|J^07usLDu~e28ba2|9La?j(V-3znd?PW&K-E|!J&Db`lig+pQ-HOC<@ z^^iru*}~{Z-TeY}yyP<|aS~#P7DKvh{R_eiSOeP!=nYfBvNWu%gJY;Qe8DXQ$`KNr z(x2bcl!7?VRSYm5(t?${fFUjdA{`=Yh()8~d+l5j2Z+XYgq&7Z4)T3Z%}$w8kx(!P z=m}r&R2&=ViWWGn)U(HHzuV-??zUk8jMjr}kh_W6^9w4B&mz?^Jh1c~&6F8Hvv|e> z8HGcyibS8!~#b{UYeD$I#Sii(bT%2j2Y#N~@qt9Ae#0?9$Lg9V~Dj-VF z(~UCRHK2Za0CnHA>twa|R{YexUk~PXh1@XPGgZyBZ1W3!(2}aNUkZ||KT@Wf;m5t5 z)FFk}KnY5(o|i6Cs%5$k2ywj(3$Zznl~kgkwmrMU2J&(5y9igR!8Wze&?*+BcU>5+ zS>F~V1riSgP7D2%jN;=g66orI5`1GCL+7%DrNV@=fM-YGhoe?$goSz1{qh_@eIxes zdN+#vjPTJUd@}!h*C1riGaI!cUtyi$?ic5K+&N@cAM83Gf0{Y(x1+X2)jkQV6WXN` zyPZ_~+33GNC-PZ>(23cEX+!{3e3zvx$1?Y$J}%Yq7($c;=J)8*SMIzop{nCty_&W0 z6%WkO6uv#d!Tba&;~~>3q1}n{!ys{1ly{pz(|yB-=|w{5=HmR+v3_$c1R#coIHr~| zE;Z~=1i0LRPb>1P?pywrKN)#-{;Rd|>}_*DE(7|Y(Y0y5`nf?^lMba^L*h!TGGdW$ zGbPC(Tp284lTei>DtNZ6cta{DCeW7D8DFr@+c5(j^{+{-)tz<*JX{PC0g1^2jb zq}%itY000^H_B$eJaay^K)MBMHz%Up9)?fOz8#G&Z>5yUA1dq<+YC_UdJuRq5TC`F z81HrYHiG?yc0(y)unl%$CxPgI7-QT<%FZM}3Jrax`pPc0(+T;7B`GdFJPAsE50P}s}+VLl1G`t~i=f>;v z5T?OAb;BzmKj2p+;`EP#QygkH!d|02wCUVXb$|uY^rLv>=4yWYH!-78th(mq4;xHK z_@784j{i&2NYu{Q$#U!S;y6kB~?-YDw(lx_TN`R)d^4|;pBkL_ai!sq`1>^8}?=5TF z_TK9`%k|#-eDSycgz4|`P!^|8b^U8dI;lw*R0xkVOP72{>3UkJsTo{WP$;b4$fdUI zz!^#1jy+HbFn966&Re+Cgqst)}2)Q>Mc%i_~& z0eKE@M~W`ZmWf|wcWFH|K9Sbl$lq)$o@D7+MQCa#?}lg=qkJUs8c&^?GV3y2 zkNizO(|RVVv3{tWR^@@_$?{SE_vuY8oqMu=Ldea3OqU9w1uHj8Kb6gXw@X$^yH=GR z>d4$CayQF78sy}Y%#hJcS>I;2f`Q*OiJudloZdtoo2CA%4eBuVM2!a&`8E(!wXiX^ zsdy%!TMJoYl{O73%-XZ+B8+sy2)z{hPeK*vg}D5QLWIElinkpOqn=tOogI7;P!4nx zP*{J)3runUzznJmZOzi%F}eXno3N)^Am>R&M~Y+9ah0VYef`i|49H zNX))DwjZ5Cx=q)*#0uvcrJ3g`>Txmm$qB8t!SOTYYHBlHlP1tWJp8geEjcgOMrM9J zwQSx$UD?2c$-y8O({ILqB8>d%FLDO@%H;=l0Ra8iuX9cS=ZVU8Hjg>w#O%z9XWJt4 zIs<{qP#E0bBYagQSHeNl{j^s!LY6!0&(VJ6bmlwl&sdT@?3Dfl_p|CiBEPx=1n}CQ zlRJ53JUze?(hl~o09nPL2@nJ~EjK4xAF2CTyZU7}hlA;cP~)7hF2K&{pjT#8u* zt;%Rc91hmVt@u0+lteB4mL`emfycgb2MA<^rCR%@bhy2C_YH(_D`a8Of7W3>gUd4A zSeCi@+km*<(?I}PY~REMcH{4FE46dG{PW+(swY|cckEnK|r zG!?&A11bmTr6f@m^uEy}-pxiqaHVosVw0w;Vwe|*me#YF>SJ%M$yRV@@Jx}|i&_`b zN&NdSVjHsx612Au_vAV;TLhbgy=Y7AxA3#-wm%@(wV9)get0i}Pd({ga2zm>vtxlr zmbG$4!OXw2ky*plIsWwf;<|o==qAS=`OQXmqT=^s?P2ew145mXRT{l20kJB#){r(D z8!^Aex)6`uos;z!CKm@fU4{}fP0!OB`2q$2Gk)JyIRZ2uJ(e_A_ITEgS|iF3hV_g#8Ql-sQ#> z7x&g1hWs7!JBOYK`A;W6fd>D#ld6w_5!^z?H}*|uFF=^tnuEs~MBIu)OW3HeFVc7o zt(e@yA@RaW0jl)yTnA;e13X#~JX<(7kg6Pj)Ex=}Sv^FAM)rVy zqSea9fjHFDChu7}eZ-oU~!|j&=)nbD9n>{_np%%53kbpTGZP0$srWr~S(N zf4N@;jhtPaehQa`44qB?SJG15(i>$B&5vG74BZ%niFAEnSU{45zFblY`8e6g0n*9# z$Y^Z21meIC{~Pa-Ym@QPa@0Cxloqfjb2&Q`4Z2}lKk6z-ZFyZ9yjsSU}DlJ z&+9Jt&yJn--fNmZ=fC}awEcy!?}n>8UR8iN1O=B0DB&2?h#eARjD?iK&gS4sR)Uyh z^pTvY1w=019hMuB#uEB){*=8`9%OpGMgrtUN`@c`*l^to(HcUa;(k z=R<3UKP3f~E7FYJxI@&AK6rcKM_I3Guys}*vO{gG-Lqy;MA?-g^Bib4|Za#7L+KKqdWYIN8M>?d4z zt~w-LS1(j(I5Equu%2j2w`6_UYK=37ijOhGUc3_e4G-@omqj0&jdS@$=P`7-Y!5o( z@sG@b-dOddnVuC_9l?EOV=)#VVQ~0`HT+KI@{2f<(Z=f=taFt)3IeF&^$pmA!P`-o zOXs@mSZySAh+!<;V@<>SZ6USxDbcv4%X#WC{szSE9lTVlol06)UfZUra((B=hm|!M ze{p?>^D`!Gi6^LP!8_IUS$I$}y?qZwZu47fEZvtH{ek-ob-^_=zL8)2DRgICx>x^{ z9olnUP9{%4#hAqNrCkX)RBiiLRI(Q;WZz{egbHOXWXX~u zX)xAdEMrR&Ng|T6M3G%lsT3tGgvu6LMJZB>l#)vHzmNTJX87L!xvu%9*Y(ZscW=-A z+|PPURZ7nsyV0N0v^Vsc*=}pbp;VgZ$zSWV@=oSuuqGO~9g*n2Cv~%bt>z+TxAqkp zo9eFI_{zV()<-Lyu-b9vhG~(^rd~;Y*%L7{>t*@L+&EFzYq4a{7tW{ z@@PrrEh}&Fzpuzq7Pv*=&}XG!2G_@hJI=C4m8?3rw);V7K-m$a4r|)_!%L5!`n~!v zXZooJMvN9B>;L|gVi?eL32)W>XZbPlPE_&UmQ#<{F&yS;+oAD6B7K)by2^32q)$oA z-+oAQem8uro-cYcqTuY?*5yyF)Q7E@{)ic{)^hCMf9x$SkKnVb#Rt6peysoFtGt|# z@yo|c+Fx^ndfE5Q7xfps_D9H|!JZ9&v~hRhvrZ?kqb)1%F!$$Nm_3w<0tOYcjLQ9x}f80L!das-47kl+p+hU%( z?BelT)J{wzs(O4?__D2j?T_c~VjhXq=Typ^#8`p~!!n#d>}FbSet8w^ZmnI6$G7?w zhXr4|-^SURBE*|OyQMZ^v3_mr*O0TPD|n*oV`?0B^4Gr=OA&4Rod25Z$-dx0nbo2zr>3d078PG(B|@mv=V zO-RIPi-%@!yiBy%hU0}wb&A;;qQcE|wyn``-W|~>aLBpYSUhv%YGI2r9`*rOg9Mv|b<+F~#B%JD5+npyl+9dzI_9 z8vWE*U-WI=mmMz(JeCj82ArO!k*+4}ofj!((^M88<=Vaa^u}l_C!I?+9f_+I6|{uC zit@H}rqRhNd}*iW67FvHJD@|4=dymcD(vA0F%J8ES#rBfPOiQ3OrpH)mW`{d^oF^+)sisk7>|f27nc87>%MNoE@#2P&xdXv&BcG(!tuKI+0s&WQ+;@)f$j(U zu+k;ZZ+jN)ldEaErE_p?e_-x{eiO}W9~()_W#X=C?9mqqQ4}j&V^Cq+waLM_X=*s4K>(91l{uM^9=Tus6N<&O)U(+e=VA`-yyQo#6SdZTtyqw0IA& z)yT}ZZ%(L`?^&6|QG2DjuPHsvUv zCU*peH!KY>jM;j|t-S8N!>biJT3nZ|d5HA=Qu^4vTI^4;MukxgzfL>Dw!{jh&Mhkr z)7%WHPORb#GPlWNRb>6zfX@#y;36%_`K-i?kC>auxye#ib==C%dWZPZP< zBYccE)^q2dfARuB$phX=m-RHM!daCJg^q@Mard7d-3Iwc>~&u{?38*(ai`Q=C%v}g zJ-y&<4d{B@^p!EI8jDK#LWTQU@?xCC`vErh%{0UBTi)eLq*}IJGBBA?Sy22^r^i4n z@Y}|})V%wQc<(k!Y`janA{n5tBHgb%F!9uvp6Ye2D&K#9K5R%;>Ao@8N{Op#4QqzS zX}!A#&fN9i^*HA;jkJw&w4R0Bk}A86eZ~3zwh9~FWoI?l-(~x;hzd6ZHXMIcF*Sk;q!eq1KTVrsygbv;;6;S#8=JWpPf{ zgEpvYTw*`CcgIJ%Vk4_1(Gq`EG%FZQBLnbXBw7EJ&@{2C@o%Vp z{3`RSW`Egr4(fB%(btiNzwuR5mLxUwt$^HYJmVBv~0Ir!H{ zlQzqh#}xP1EO9LsxtLsxOW)Eg{E}{^$E&AOJbx~`ejx3mFF9`aVjy|feea9@({v6Dv@ z&_^cPuXr__zh>)jq{(H@^9MFKCml|2KlMt8BV3f{T5U?dd6)FZ^D1rgYTa|f83dD` zefK=~UNYg3Mf^4C$RF7i`5%s~ABcz+EGwwCBiet)Klb&?P1bxLP`zle8f+@dKBkzg zZp%Alc6Q^|@Y33s_8)yUbS>l3!g*qTT~ z{&9Qr8_t?@JKPw*C9E*0h#eBTvpM8h2a^TQ?SpX<7jSzRH$*+(w(AU0DdGgb!Ojq$ zh3igN(5N;2u6ng@{qOHeq2)`mm7`foQ$C)|{*DA*&kOaJCdd-108n zYa{X91yYaSr-z(db52uGhn{&4D{sy#j}m;zt8RnEhJU>FeN$r%)?~HThePyoud*)$ zyI9F540uQ1#RfU9A(1fkmR%H@Y`y9KsG{2>q z6L#Loehluo-SRa_|I4!#+jUcj9E|nfeiGc|e~uf95m;BMKK*yOe5(*-4%bN6NH!cDt$1Fm@AGi!Dh zQHMRHf8W|KS-oVaCP}zs8F6W?ortCL*FZO=mTOy5i6!y#!>MuCh3Bc-)zv(Xzivw? z%IvwJ)^LG6aFrMXi<>!D*~vrS#U-xGylN5mx@u4rq#?`wcKMZL1`Vln=DNJEPU~|E zF6f#(?G5D%^UF&P#SI0$UnArsR#PfV^e&0@^WGB?O~-g_t#ZTHleaePex+F9vZ1?k zW9@@gPV0?}9~F>Zia%Ks=CQCnHY3M&zPaOHJ2A~F&Sx-sQ+WETvHX64&+$Z?wK1xS z@AY_o2!0rJ{ZT?Y=AiuN^ZQF$a`=1VPT;bSz3%gAwl9^mYt3WiYYe=f-A)_1 zL92;PZ8eonk~i)Pd))n^+vTeh)~(~p*~gNY6(FROU=TWN`rUoAR_0o|?3B;=r!fM0O$1|Q9Q3NNN&1F*T;3_tp4a`{0rNEkDbv!wVFXM zL;W(}6A6JxwGz7Rk;TFD*jVVTx>-_`Vrnu^EEbTqDhzP#+1+!yximt`MkOa_<3R66 z>xQPD+lnU+(aNjj{C-i*Ij9@6ey;h8wA0gz~btL>yP=6xgS5eh+uz(Q-Pv z)s^PaUr*IJw9AUj50@}vG1+ssLu1#yjDm=m16H9zBEQ{DD@~WgzfBBrTKVC;sNHGF z`{K$X?H&u__RLehcgL{rtvqj?m>->?*C7WxWv;tkbVoMUA6{PkE^^-KxNosE*P2!* zK3(#3>Eig9HpA5}u{)PO3)Od#ly}pvU2H`kWms9b#{NZ`v_qQpmTNl2=kgR=N{X%y z84Z3pqe6X{>Bk{qn)3GM%w-YIl{<3ZTqoHcrHS0IRS@SArjo05;^<1(2FBLc689|c z>^BOzRK7CnX=8y~L5dwAbSHK5mXjW~_L`AQ&hd5sN+MMU!wvShEW4+~;qrmCPohd{ zSrbV^-Et@@_sVwCdNw>E6{(c3+I{rW?{ot5kQ zk_&2!lh?{5N9g4~inuD{^kVPPp3@Np#o^J>w?boSt{(A7_I7zjvoYs&CcE&9<6=$u z{#+5ujudFx=L1^@82 zS6Nif&w9mU(Fch8emHTkwqS~vHBEB@7qy`+;4fo6wK9gTj*nQc{_m-j3xZF}f*i@bOA z`yL*?WV$bkXtyu#-G;ilfnVC{{jsNwv|CCUZ8R!`cWqyDaFxXVw%kWn4i~Pe@1_cu z`$UK5C@vLjXIuaD+uw}xS2}ysn(X6648BGzNK)9?5s~sSdoVq9WjK9k^YQCOLI3_) zRIm26jDOYgi^KjWQ&feY%=f4C=jJy=bk_Gk^6UpC^(?9H#UD!k)VWA%5msaKjoq=! zIyLB+)ljc!GL?{~&lRQ58{-Rh9vxU8`Qh2OoaD5?lalk*Ln~>MtTW(>sOHW?u|egr zmcL!s^|@v0JzPX++W81CK4ic1I+gmj?6X1J_WK@NGe||eqh-2aP*Sc=GTE&vAb!8I zBq!aS7A@ZT#PijW)W$!Obhx;>@Ws))(|Go7GtS7|Da_eG^G-YeVwkSrS_2EGH1^@R zkCu6{?+X+VPzg!%}bCqua|AAK?ivsCAM89~(`QFp(+w{*oy1;l z_bToLweQ)tleD$zPJ8aX#S({3&~%t`8Zpj?w>8YWu!iwMgK*{MzJMhnRIP5W&&2U0 zoL}lUta<$CZjQnIRT3ek8?Ck|6P1g-<-XR~RIGd?lfJi?!R>bRqqMvo9Jlbx%owlc zrc|8Y`DE9!vO^u2Wwjl;0xOmD+c_+P!hBK$!eF5$MLz+z=6%sIS;l#r!$c)*&&Im1 z+|uqSn%_b?cXwNfV)0EJQxSJfN1mo>1%2j_Ky7`tYqe(W*<7|m*5zH_-!5T`TWDU7 ztG&mO&-iTdFTUWTH@s*D*^};AEIa#7FY8L&$s0HC1jlyOs#qmotqbMVaFhPKqVopd z24wGL)68|!4n77?1Jj?yzq~`|GN1Z`_I5wLMhQv6MEDTNREMmxMc&YM7zawZapE>1Wp z9CCk+w7VzK9q&nU!h2Y&2DOrwsx%Llaqt;=tni7BX!Vd6 zi#3lu;dgs~svYZ=9(>WWg!{$=pPye!?a1f|zo`Fo$Igq&Rt$&loY~D#A0(W_Axu&$ zy5<#_)EBn4RuiY7o*Y$kLa?K?`t-H-5NE3b;X5{*W&%})MNK(G!WsD_>4h5WndX(c z<@xq)VBs`rvXIY=%4uH1mzj}ey7gA|jXt5Z@9nL`#YuIAar@b;Nqp3s_Vx1Bl+kO_ z-#7QO+<#Q?t>D|Q`L`}f*VkQt)w4J;I?onWR@?0#{H2_e&_GZ~suOKL%Hu#9QYt-FBYMo_){t68m+#Hw zt;9d~W9aaH<}dH^3gKgpN1okTxo^`RCkyq9?{-P!qi>UTM#i3#=eo|>V^rZIWwj!k zx^%vn?!~O-su%xeh@aG9IWc@kG|5B;zw_0Oa0!=9_w{@N8m;fBJZ8?Q$z#hon;&TT z`_ zr3T&A@$O%7LNwO zo0CEauL59v=zlC{2qha$^+%NK8Jv$w>^F( z-%5082u`W?ZpLr=l2|j zzoslyE&F~I3cI_yu9N${YEabWRcmpLcl4QQg%psHx6o7rSTP<15)G278M9V&?Ov;}uhGq}6T>+@V{SuI})UWIlLwWETk-RCPkJlV}vbcY*o(17}T7#oezA^HS$jmprvZ zmrW>Lk2BcE-}qhV*-$mH_h;E8XzO#0n3nO``@BRQ^)DzF{kCXQJDWmtr?&1x!J2ZO+C!$_ z=9ka}3d(;yt!0r<&7?6X_C=F$ASL@dP6c)-B-%-eoQvu=$`DbbR+wKQy4V4~CQ75N zJYZel4k>_$uWNOvvWyfl7U?*-yjowmE|r%E5bJ@U_(+f<5OqKd=m%Tty^^QGL} z=eyBAPc#f^HRiV!5HO&}r+)olZO`*-UBZdG3yv|cGSOapPZjuQZDYPldG3Ygvz`Y! zgck6=j%D6)QT+`wUHosBe9z_D9V9uwkI}hRo8}vTm8>9AN3R{GE|(<{T?H>{eyp2W|uYndyV(R{Lhg$#hfe_ zWZJlE(X8?}ZEapwIA22JZZ(fiWl>t&wzJ`UB`-?djiOq64tQ!Uy=Z){LwHws>)y>8 z-^HZbTf3xJ@B1m~*V!vuE0oJpGNhJ#Pw3-`f8r-C-kEkc&^Z@g+`jC^)AQ;|7S}j_ zI6VzLBC#j3F!X~*%v;*_c@4xsZNLn>A%2kJ&@nfvNHq9CWQG-S?k3)HFF}p*&gQzN_GU+qlQ+B64 ztBeD7z^%^TYd<|wa15;Kxc=Gr;OX=FSE`d(Tl62e6>rTF<&K^mHF`44-(xS-Co3qJ2xT#J6efOaWpi>+Ivua6Z}9l2_GymyG)bMunZurJ z*GZ#<{g#Hrn{Y*Oa{$z zxh|*M3*4)yI#1ejwB2pSx0P4Vvu*RyDfr&KhySeN!17!Ard+ly7jOIdxxnqcjg~B8 zwc!q(B0Zcha`Wk}RdO#|c@WnSBpb|Gp0Duoy!z$iv#O+9mV%b|UngD7HnP@;a87i~ zmSi+~!?R({x(iWK>Mm#ZCcS&NaK~RqW!G1?mmT9=cX!X1n#-JLc?20bGm6eR@>|4N zDc(#~YGeK+_v0DPjQNvdKJE2Dqb}WncSN5ituyof?!DjtQ0H23f0j-SdqTX`fTAXM zlfow)wR=^}BIS35{hNj3oL@se|FXPgI<(_Xj_mE!VZobp|qRX+w6ZCtoJbOYGjT$&LS*r1!$- z8wVQj#RsZ9cyHQds&+BSH6G8)QB@Q7~RqRh1-?lH#+scy2@y_41@}bHu z=1AVdRT_-&8V|KlHI;tL{sW;FGNztS=<#vxKSr(%<*q!LDhE}}kigVc^651VvPwS3 zng%IHCdXeUK8Ce=Qo52l`rEdgH~p$F375ee|E#Sy`6^LsvRc+`wQPZ`Y>}+Oc6T2} zrg?n~QpJyqBO~O#egTT$4GD9d^YOQ@@ya*U0K0V;<1N?sz(j^=Y(RTKN~H` zke|&LY2tkb{|8@q6CB&vkC3m-U{sB#uV$d5tz}{=t*Nof(T$Z5ZHgqs8jcu$Jl9OKkf2tp|t1Oi+~ND*ck z3g*W&7+a#74~)}i5rqqdAqI2ih~dV~Fp1&pMRcPmj0g${M;XY=$<>|UWbZVKaNH=& zEV7tH8)v*NWm_#lLA6bT@+LVEC~C)w`Z+T!woNmWy%XhdL;GseGypp%FIysb%b%hU z=)faQ!?3~Gy5Qj!OG=@O_I5TI1b2eBgA-+MqdoJ63=rNAZ|hAWQf>_FDARI6OP*?4 zJ3I+oI|~Hbx%$%}97!a1idI>Ul3?GopL^nAv#`^wGVq{4E|UjwClZ`&{})I1Ov7@7 zyg>Y)LWLKW!KND36Yt>-T8$ZHG$$kZ@zIj)#^-_U23)5qGocTXlebMn7|(LXqexpu zlb$}#4dw_vN0-e;<8TtZSFx@&9Y9;*gQWQJCo^~lbS6{98wb~d@EJoET7wN5KJWOY zIGD`LVxgiE8%Koi%wR*%0Sk0&o5>h1Hmbv>wre2}(=VX!My_8Re=>vDFU3ZkDykt& zkHSGwqMMqV9o$2Yb2asM$72(*XT@bb0MpKcZFFdx2t&fa65j-m^R#uOD1CY0P}v^< zbpp_Js*q|d-!id9k-0X>( zI1&yUIeWuDJR`L2m_^gYP2Nob83EM8`+H%7+A{s_6b8@`XebgBwnaj1$YvH$Gj}^2 z6erlYu6}2lo4~Gx(1_(wxO*Ka;7+tWL~4oz|CT-0-U-g*0TML9MOO+08U&n|mjTWd zKP!Ro=PbK&NFkPBZZv_TI|TwY67)4T-lW+Hek;nJ*bN$pfd=%^&1co#+qx+)SIb4pgl zj`HD{jFWWW!du`%w3tuh(2$dLxW;%@Po_ndg#-qx1LkgMm5?(hp3GpmL~@uTwf%M+ z!5goQtoM!g1Z0fc!@j-28WH*eQjuqz*^+TwCS+2?M*5#IFOR+6oLupf8T(c{72uKK2-??KSrjQ|n4MgA^kbc~^II7E^sbt2 zpzIuq3?l^uW#cz#D2baw&wP$?I(B;rMQq3^_*smvbe4zZ4Pc*#ULU!Jb^OT;K2b&y z8+ISN6TKi8Ac<=hk`IyWf9`_$?ZEu9;|%Z(4dEe0k{Ra5j{2ai#V7Tkp%Fom9Vq;P zYKr(%M%S7|S1khG71r%dCWhQXBm5IBaTYDtN1d%?0xkD|B*rKy9@NcMib?JXGNHNh zH+k;BR{%e9Rox~O|Mtgo%`xDs5r4aF4K_aB*%3_Vxp;d|LvASsFw6jedd zZ|*1zXUKV8%R z#nJ{eIA&eoM=}PwtupNfIm~$@?@BQx@6-bc`sS#ZO)I&`$bz+jd8K%V?w!KTXUUmX2h`KI|-%MYeZz2=&?-k9WtYJmVLAb=Grz&1jeJvW81 z>RF-5Kh9N@Qwn=q(qZ03m2LX?k$DM4Q8b7I0`&JVH9Si&2R1o4#=xR*1k7ejp_FCi zq{yI;bDsq|<@4jkx-jwzhJ=8gU>g>s2t9LrjUAcz_1hQkg3cujoTZPF{hTO8f*HfR z$*~SZ4%8@kJ1swo<+rc;pu%Qoc`{Hnpj+Poaf;M4brVwehGtK0o|RPN-7XK~`xF@8 zqbDg=OH(8=#o2fhaGrA*CF?dR{IZ1*I0YdfgEC{48bt~Hyrv6!Tbzb%oddVInETZQ4={rCU}xQ zp5#chQ?s?jdwDt85b%_ih<3iYyx$I*53)jsw%RgRa;(JBwfvES7muu*jm?FTvzmd{ zw*_h7ejLOXx`=;GoP}dzvS$u7QAavE%fNtQ5N&!W19tk)LSq6``fd)U#L<|WP)A7J z$pIO%z=G+>+p5XTQ5xy-Ha-SoEg(iuxAO1%uf+Z&JSED_%@++Wf!j8N+t9k&?f;LI zlbsVK;#Fq@uPz2X-N2vd!OPL$xe~kM-R9s<8*R6wII!wVXb+oF?)-OXu1q6=I_b_) zH&as2qMBQx7D%^&ifGcs;s23Tljsd?kP>O-;=jtKFvaT4JAEotFJczbDM@}pP3-h& zVmsVWj~S#iiL;Q9YaLsOZliB;C(|xI64c&cH%RTI|40c9QWJ0MT&S5|HR3{P%u#th1rj<5p*X2Q~-;Q~BURWO z5^BZ4p@rF?)i7wKiHcCy%d=3B%K&D^TPfL*rlF^s2TC$mq3JUMhYJ52BX(}{@ix`_ z3Ee~^lxFBvHhNf>px78-Kf+u(qXNTIvKPQ+tPuX_ZqN4NEDYpqM`rX}FGT#=04&Jh z0_~-}kNzVQlrWUMblEV5&EB&7eiWaA4xe3|4K#z}LjvcssxiXP$T= zEjN;-7kai82+#rcZWvNR zB{1=12AjUXz(+EQ8ElHh7B*y$>p(s@6$i}%JsFn=zMf%W7-so6+2TiQKyA2p6?QMe zP-5hdBPJoYI#fJB^Q(-3iYgUqd;STLktLHmZ!ma}>s%G&$%{Sz%Uh@4p#OmtR8%nF zop>^XA9rKGVTp}xk6VvQDjLBS+KZ+~oWL&(VBOL4)EZ9ij(ATY*j=@Shz!wnU{5qQ ze)ExFuWyik9zwbknh+bYgX!Pd@UanN`i7aF0g?fD5pCIo1@mWmaJDAV5fBlu9iU1f zf<;gQ-dczOx6RuLKWj5Hp(PoZLBt{fFuA!FQQDps15?-4kG$vIZ7RZ-f^54W3!x3T zhzSeJn=qTkHp2W|>7Z#Ve9#)ZuwWsgTuvrCM+`6pkU+{BkP___+!74TEwHb7bTp3b z>fS^1eRSr-Cd_(I(tUWH^7siZ*n1Tgb&Z$11!M(7h!CQ z4)((^KR*L+GM=!->vH>MDhVk#9SngE&($ykH3LrH$#rCMiM)Jt^5rk%pfMtYb#9bZ zFF0TT>JZ68EiFE(WCL>1fX~s99_5SyHMaQ}DY~(BJ!~n-UPRxEG)h=| zp0+>#)Ikb(v&?2bT53hr27Rp(G)Z*wO$()f>OHzGA6wE+i7r!^Gp1qypM&xfPiFAb zqiD>r69m{WWo}98$Kl7YH)>iIa)?I5OrH4}xob=lPr^A7yhcj_Z0wL*0`@l`#(&S4 z9y2{g4qJ2lWRama$$<#-koquh3x_l)uM4bY(Rh6hH244?bfx5bf*g}RY#oJNzg{Gy zA&{%+jxHVe!3?cl5MoRbz{j7=VE>ckfG1R#U@*pexf9*Uu4+6hZ3;F4R~`XZT8=Zo zcV=);5;>9yY!f2%fh1%~9q)$sGkPeJFr_X{vgrUmR^fwuH6jjEidEmbB zO9?2W1q~0a(98T;X-48g+sVytB;LJ{VG9l>FR__=u4^1W1SRk7rPC9~a3MLSsqF|G zb+L40Wj;g#Ekp-;LEi9G42HCzD+<~4i=(MEv$2MUz9XGgEbTaE; z>ysesladWnQ(@3?i;pV<-eV1wR}gB`01C*&VF zSc5IK(wj@Xw*lG(8n`|R{!<${c$Cya8boh`9qi17Q=1cnM#w2nSk0rjKCBpWGs z8T~7C&LjI9u~qU+9lE?74CV#%3Q!$SJek3sU$F_d5^ZsWu{saT=Z+)U!c+h@I^0G2 zsuNoJN@yYI=`4{!Z1gGWAV=}HK$z+#Y%0$ps)0YyNwGn~LRW`A3udJv zQx_{7mQ>;Z@n69Qz1!qIBR1yPA?gvs7>yjLhEkdQ1_RX{^Fv;OUDg5tx=E|T@s6oI z)3_IA5@4Id_4>w;tx$4x!sHPj%JLp8*vO+bJvLfg%BkIpz_1%2(9v?zFULlk87_ks*xI$=DK` zW3)++m<-!Y=UuL`AYz+<*ys^ox)nC$9J{Z+#;hBeAY&(dBv7(yT4MvF+XlHd_eUq9 z?+TQqF|b=o6otEK4;pvk3W?df4(IK08Bc+U!IIbi5hNrBFEG%#;Pw>r_(U zH?)yWJ;}gt#(NUooLq^NE0CZU)Iu=PPPKXl@D;cwWNPm*VGJaOeen9*C<7l)h*_it z`9T%38#>)Dfm6Gfz?+dX()LbXj+BwVE%eL%1R~QwPmS(T^MlDCW1E^>fIMjWXE$=#j{d08Q>X~7Ml3W?4fR9d8`OIc>MrM1N5Nl)d@0urbJgb)lFHAOQN67A?v+I zz((k$!E*^@V0G1rUS8vh*yZG#<%`P7U(N)1*=$iY>DKb1;og5rVUL=^%am9O% z^I>PhZ?{u???Itp%{4uCUY#X_j?w}f)q^!#Fc9KqC(LP}8&lr}GN=$cUdSpTp0d2% z^CAoR!I`Ddn9#xV@cLYlg(kRWxBky+OR52Ayt{!9z1CuJlMLTPXpU<_uH9}rZfM91 z5p)ec=)k;CN(Or_xwl8?vGO3at2BUJhiYG}chImS_XUm2B_X&3JZWTg1it5TD~Leq z@S|X`%qwWh=&srO?rb#j*kSWdPnB>5AfH0Gqak(RhKZ>;c&6mC*pS4FEBw>|vKCq? zddz1~IUD4dQN~6yu$+&xBQu9bSDVPL4&5_1l=Em$_CLU2LDn*cvd zVYQJb(a#^sKrJ_9X4Fm{I-`***wx(pU10;sY*PjMUJCwH1vRdN8tB<|(nkzVlw~H} z3hOzPy!t@0>Smw-WHE#3D{ad^&q9K2{Lt(pTac-NKkyMnS?WDpSTi-gr(DGaO8{fH za$$q2<2oahAlJTxv8ogbbT>0uP@|Enxn_e-lsPH*2_QW|Ui68EZ_CL-s}Tr9U-+Nd zz-7&)^m+iC2;k_DGSTodo+KL>1e_rOeF2oL1MCOSNV;o3Dah8{1vpuKyMaBh$U zDH~qJzMQ%T4F3oWk5<5nn=HvB=-BokY^Mqw=TuXI#EKj#LhobDhRHrM3XI*iHo04Z z;x-48tC`9Zn7KED0Wo^`rY1QX#mMk#^kf7@j^j=As}MC-L4|=;`9aHwiL_|^AZnE>3Y&OV3FFL-Bzx(2e)>}%3IufN?1QjpUC+KIyP>C*LJDOws-oP!ewh24%MzB$C77;>WiotC~Q>`&B>Bvbs z3Y#XcIPI|c2oYETQI3|fe-Ad|nC=uX9~`+$kcCdWcMY5g(j$c?(z*xtS5|cW2TZP{|ZRzXcv``VGD*hVBQQnrMCJfI4Pg zidV1kUyG+Rg!z^E(A>~Yv-6vs0=pF_+VrbG21DG2(IC3hSrmoF^c=hT61EFYo=F;O zYuMP$_TpAZs^f;BKu=)Fogj;i%({-Dk{jn7VDya81l(hQi=Iiyizkaaa!=VTz(L=> zE5KX?6(3|BbYyHv!Ui4#)PSKeWCmN~cqAn!KlHpEf6 z>}NJv=&8=bmbj2LG8&e=sfkCku=0Rhh-arrg77FpwE}Q!m=Y;g_&+M@Ay1 zI8O&WiBg@>r@y7073K$JVSW&uEz7QA14C3$blNS~06R8l5*Cmm(9tV;n*t)vjv}fZ zSNiP`=*zA$O-DUmMHY2RBgS@D&F)lc4lrxdjLhy-M;3L8yRcDv!y4BK11jf?g!7_- zEGlv<;w(WBb$`ApBlv1L?BYZRf!R|ExFc5uQ!LB3T|B#A1qAj6GoYik1lF#mcI=*$ z*%y@>unqAApGChN8W%fsMk`T`%&47a@@DzTn>W0q#$H)Ay~?wYeYDyI5KI9Hc1TS; znZaMDBH4{C^H0M8n?ZY&op$9s^8^ZViF-!J6p2P(Of>Z(?&&{A;nZ6=dl;L*}_}`>hfpg4N3dbw@b4^X(l_P5;puFP{&@FG}QrX zz;LmWJDVLqV^{c~E8#m`a~B!?`h%%v`5r>rG-l9|ugNe(%o6cw1_x|Ql6D{x;Z4W3 zM3}#FhD#TvMgnQvFr!YNjyowkg4_5%;m+h3y&N0iV0m}JEd(S_fRE-BMKXg$KL0PW zPvyX})+pn%VA3Y}AZo3R&}hSxJtAszd*4hipyB<7ik2*G+_)0wss zng%zd0rcUie?MnpAqPN5j!j~N{Y`F^4FhG;;DZKp93%tgi}S>oVnrkqOFkwN2XzPy zG+Mqf3n5>b!5jW!gN;_b*rIt|>E*o$zkUNBVFYIE$qeS1zhE?xBaRxg8KNhgKZNBJ zHSz*l7Jd2L1pUH3a06OfUTSQ}kwM>7`LJ6ebYf!<5=a~AXM(xoJiR7fFfkbzA+MRw z0Q@YzQXX5hC7jak+6C*(Ia`B^q%jIA_7c%r+bSE z6olttVGabIcrt^v1;_&L^e5o`u(c=M4}J(+fT&JDpreb-ru7u?NJMxa##F@7K(d?G zkHZ4R*n(?5@I%4+m$B&K6c)=UW2Z*o|+1gF^)AM_WJLmb-#i>!6vJ;{x05bU%ChJA;?ek(Ulp9fiP zO-A`~?~ZXG^Ub3hA~6Qk2*n1TEmg*lDA*vX(X;XY0{&+TtZ^zr5@EKBs~Vb)2DEW> zM!&wF42dpmI7K3!9Hf9v*HTk@Dyn*D;TtC60_k#|gph%ph*ph}P}6|d5~+EU9DxM6 zCLU|X0g=6kznf_j80azdylA51(X$baY_vvk2*E|E7@a6WB<0OaO9dpmpr1l}V*T;i zh>Y|!OxBE?Y|tcsj}Jm3@~QSEOmk9Qf(i&dvz7`S_|!qtM9P^kn=TILg;Hi}RvYal z5DLXu2g!S2up*#Auj=kenvG&o4>d2hHROr}gyqEQ=g1jhs`bEvE*uY^nT*D0Rq%nvn-1ClB zbfF?dZZn<5oEm1?vF)H?0wkizK@^fTVhd-Zp4phO)r(oa|6m?i64{x8w&cs=**M6l zhp|3_M8|EvmG19hP?94wefv@G&Dp46pK;D~BDP)eZa zocrfQhp{S!sNozaoq^mra1Syk+70#tWNc}|7&dk#Z8*ydalPXt0Q-B%|?bv*ph1k9E)Z%u#lPAd=N6?4e=P)RwSmrH0 zX#EozQ&WMp(Z$8VrE_2!dj$x*N(`2;y~uTx1HpG|mO*=Ef<76&xhBwTnF84=G1_>r$!u;MliL79$orLKCa92( zeE9~-WFw=BtvGKtTg1W> z5fEGGQH874+$hH2DQ(6>ba~TblIsVJ#csx^LPT$FL?$F0$s3aS$nY0io1W950ij^9 z2rwABtfDrYGl?fTcNQH-sjQ&fb|Ysz^6a?2xVGU!x%&3A4rrbGu=WuZvo zak?_A8r1j=?iWPml&ZaCNXBbI>}H{SJJd%9nuRY^Q+z1E_TYt7V~d1Ry9o=re#b6BDoGrY!LE<)a1QAb9)tJfnF(1E6q>LH_gq0Fs83YybcN literal 0 HcmV?d00001 diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/bigdata.ini b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/bigdata.ini index b40173c1e37..051a1e2cb78 100644 --- a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/bigdata.ini +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/bigdata.ini @@ -1,2 +1,4 @@ -[Spark-Master] -stats: http://127.0.0.1:7777/jolokia/read \ No newline at end of file +[Spark-Master] +stats: http://127.0.0.1:7777/jolokia/read +[Spark-Worker] +stats: http://127.0.0.1:7778/jolokia/read \ No newline at end of file diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-driver.properties b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-driver.properties new file mode 100644 index 00000000000..1890ea8439d --- /dev/null +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-driver.properties @@ -0,0 +1,12 @@ +host=0.0.0.0 +port=7779 +agentContext=/jolokia +backlog=100 + +policyLocation=file:///spark/conf/jolokia.policy +historyMaxEntries=10 +debug=false +debugMaxEntries=100 +maxDepth=15 +maxCollectionSize=1000 +maxObjects=0 diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-executor.properties b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-executor.properties new file mode 100644 index 00000000000..cd8fbe95bee --- /dev/null +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-executor.properties @@ -0,0 +1,12 @@ +host=0.0.0.0 +port=7780 +agentContext=/jolokia +backlog=100 + +policyLocation=file:///spark/conf/jolokia.policy +historyMaxEntries=10 +debug=false +debugMaxEntries=100 +maxDepth=15 +maxCollectionSize=1000 +maxObjects=0 diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-master.properties b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-master.properties index 1a57647fb0c..fcbd199a726 100644 --- a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-master.properties +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-master.properties @@ -1,12 +1,12 @@ -host=0.0.0.0 -port=7777 -agentContext=/jolokia -backlog=100 - -policyLocation=file:///spark/conf/jolokia.policy -historyMaxEntries=10 -debug=false -debugMaxEntries=100 -maxDepth=15 -maxCollectionSize=1000 -maxObjects=0 +host=0.0.0.0 +port=7777 +agentContext=/jolokia +backlog=100 + +policyLocation=file:///spark/conf/jolokia.policy +historyMaxEntries=10 +debug=false +debugMaxEntries=100 +maxDepth=15 +maxCollectionSize=1000 +maxObjects=0 diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-worker.properties b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-worker.properties new file mode 100644 index 00000000000..e9caaa40f4e --- /dev/null +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia-worker.properties @@ -0,0 +1,12 @@ +host=0.0.0.0 +port=7778 +agentContext=/jolokia +backlog=100 + +policyLocation=file:///spark/conf/jolokia.policy +historyMaxEntries=10 +debug=false +debugMaxEntries=100 +maxDepth=15 +maxCollectionSize=1000 +maxObjects=0 diff --git a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia.policy b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia.policy index 09f58157be5..9621d60c71b 100644 --- a/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia.policy +++ b/packages/apache_spark/_dev/deploy/docker/jolokia-configs/jolokia.policy @@ -1,13 +1,13 @@ - - - - get - post - - - read - list - search - version - - + + + + get + post + + + read + list + search + version + + diff --git a/packages/apache_spark/changelog.yml b/packages/apache_spark/changelog.yml index c9e854e0a60..041b6bcffe0 100644 --- a/packages/apache_spark/changelog.yml +++ b/packages/apache_spark/changelog.yml @@ -2,6 +2,9 @@ - version: "0.1.0" changes: + - description: Implement "application" data stream + type: enhancement + link: https://github.com/elastic/integrations/pull/2941 - description: Implement "nodes" data stream type: enhancement link: https://github.com/elastic/integrations/pull/2939 diff --git a/packages/apache_spark/data_stream/application/_dev/test/system/test-metric-config.yml b/packages/apache_spark/data_stream/application/_dev/test/system/test-metric-config.yml new file mode 100644 index 00000000000..27fa09dcfab --- /dev/null +++ b/packages/apache_spark/data_stream/application/_dev/test/system/test-metric-config.yml @@ -0,0 +1,7 @@ +vars: ~ +data_stream: + vars: + hosts: + - http://apache-spark-main:{{Ports.[0]}} + path: + - /jolokia/?ignoreErrors=true&canonicalNaming=false diff --git a/packages/apache_spark/data_stream/application/agent/stream/stream.yml.hbs b/packages/apache_spark/data_stream/application/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..a09d571dde6 --- /dev/null +++ b/packages/apache_spark/data_stream/application/agent/stream/stream.yml.hbs @@ -0,0 +1,21 @@ +metricsets: ["jmx"] +namespace: "metrics" +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +path: {{path}} +period: {{period}} +jmx.mappings: + - mbean: 'metrics:name=application.*.runtime_ms,type=gauges' + attributes: + - attr: Value + field: application.runtime.ms + - mbean: 'metrics:name=application.*.cores,type=gauges' + attributes: + - attr: Value + field: application.cores + - mbean: 'metrics:name=application.*.status,type=gauges' + attributes: + - attr: Value + field: application.status diff --git a/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..cf0f7721950 --- /dev/null +++ b/packages/apache_spark/data_stream/application/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,39 @@ +--- +description: Pipeline for parsing Apache Spark application metrics. +processors: + - set: + field: ecs.version + value: '8.1.0' + - rename: + field: jolokia.metrics + target_field: apache_spark + ignore_missing: true + - set: + field: event.type + value: info + - set: + field: event.kind + value: metric + - set: + field: event.module + value: apache_spark + - script: + lang: painless + description: This script will add the name of application under key 'application.name' + if: ctx?.apache_spark?.mbean?.contains("name=application") == true + source: >- + def bean_name = ctx.apache_spark.mbean.toString().splitOnToken("."); + def app_name = ""; + if (bean_name[0].contains("name=application") == true) { + app_name = bean_name[1] + "." + bean_name[2]; + } + ctx.apache_spark.application.name = app_name; + - remove: + field: + - apache_spark.mbean + - jolokia + ignore_failure: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/apache_spark/data_stream/application/fields/base-fields.yml b/packages/apache_spark/data_stream/application/fields/base-fields.yml new file mode 100644 index 00000000000..e36d466bdd1 --- /dev/null +++ b/packages/apache_spark/data_stream/application/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/apache_spark/data_stream/application/fields/ecs.yml b/packages/apache_spark/data_stream/application/fields/ecs.yml new file mode 100644 index 00000000000..ded177ab1a7 --- /dev/null +++ b/packages/apache_spark/data_stream/application/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: event.kind +- external: ecs + name: event.type +- external: ecs + name: ecs.version +- external: ecs + name: tags +- external: ecs + name: service.address +- external: ecs + name: service.type diff --git a/packages/apache_spark/data_stream/application/fields/fields.yml b/packages/apache_spark/data_stream/application/fields/fields.yml new file mode 100644 index 00000000000..f9eca40b877 --- /dev/null +++ b/packages/apache_spark/data_stream/application/fields/fields.yml @@ -0,0 +1,22 @@ +- name: apache_spark + type: group + fields: + - name: application + type: group + fields: + - name: cores + type: long + description: | + Number of cores. + - name: name + type: keyword + description: | + Name of the application. + - name: runtime.ms + type: long + description: | + Time taken to run the application (ms). + - name: status + type: keyword + description: | + Current status of the application. diff --git a/packages/apache_spark/data_stream/application/manifest.yml b/packages/apache_spark/data_stream/application/manifest.yml new file mode 100644 index 00000000000..ee79a4eb2a6 --- /dev/null +++ b/packages/apache_spark/data_stream/application/manifest.yml @@ -0,0 +1,30 @@ +title: Apache Spark application metrics +type: metrics +streams: + - input: jolokia/metrics + title: Apache Spark application metrics + description: Collect Apache Spark application metrics using Jolokia agent. + vars: + - name: hosts + type: text + title: Hosts + multi: true + description: | + Full hosts for the Jolokia for Apache Spark (https://spark_main:jolokia_port). + required: true + show_user: true + - name: path + type: text + title: Path + multi: false + required: true + show_user: false + default: /jolokia/?ignoreErrors=true&canonicalNaming=false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + template_path: "stream.yml.hbs" diff --git a/packages/apache_spark/data_stream/application/sample_event.json b/packages/apache_spark/data_stream/application/sample_event.json new file mode 100644 index 00000000000..206796cf423 --- /dev/null +++ b/packages/apache_spark/data_stream/application/sample_event.json @@ -0,0 +1,69 @@ +{ + "@timestamp": "2022-04-11T09:45:08.887Z", + "agent": { + "ephemeral_id": "fd3ce7d1-e237-45c7-88f9-875edafec41e", + "id": "e7990c69-6909-48d1-be06-89dbe36d302c", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "application": { + "name": "PythonWordCount.1649670292906", + "runtime": { + "ms": 16007 + } + } + }, + "data_stream": { + "dataset": "apache_spark.application", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "e7990c69-6909-48d1-be06-89dbe36d302c", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.application", + "duration": 21401735, + "ingested": "2022-04-11T09:45:12Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.0.5" + ], + "mac": [ + "02:42:c0:a8:00:05" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-107-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7777/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} \ No newline at end of file diff --git a/packages/apache_spark/docs/README.md b/packages/apache_spark/docs/README.md index a7ef644afa4..9fc930f6d87 100644 --- a/packages/apache_spark/docs/README.md +++ b/packages/apache_spark/docs/README.md @@ -1,4 +1,4 @@ -# Apache Spark +# Apache Spark Integration The Apache Spark integration collects and parses data using the Jolokia Metricbeat Module. @@ -63,6 +63,103 @@ Follow the same set of steps for Spark Worker, Driver and Executor. ## Metrics +### Application + +This is the `application` data stream. + +An example event for `application` looks as following: + +```json +{ + "@timestamp": "2022-04-11T09:45:08.887Z", + "agent": { + "ephemeral_id": "fd3ce7d1-e237-45c7-88f9-875edafec41e", + "id": "e7990c69-6909-48d1-be06-89dbe36d302c", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "application": { + "name": "PythonWordCount.1649670292906", + "runtime": { + "ms": 16007 + } + } + }, + "data_stream": { + "dataset": "apache_spark.application", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "e7990c69-6909-48d1-be06-89dbe36d302c", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.application", + "duration": 21401735, + "ingested": "2022-04-11T09:45:12Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.0.5" + ], + "mac": [ + "02:42:c0:a8:00:05" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-107-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7777/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| apache_spark.application.cores | Number of cores. | long | +| apache_spark.application.name | Name of the application. | keyword | +| apache_spark.application.runtime.ms | Time taken to run the application (ms). | long | +| apache_spark.application.status | Current status of the application. | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| tags | List of keywords used to tag each event. | keyword | + ### Nodes This is the `nodes` data stream. From 7d51097d934fb33773b367aadd61f56fdc1207a7 Mon Sep 17 00:00:00 2001 From: Lee E Hinman <57081003+leehinman@users.noreply.github.com> Date: Thu, 21 Apr 2022 09:35:06 -0500 Subject: [PATCH 11/23] [cisco_asa] fix visualizations (#3146) - stop using `cisco.asa.message_id` in visualization - use data_stream to limit to cisco asa events - use event.code instead which has same info as `cisco.asa.message_id` did Closes #3142 --- packages/cisco_asa/changelog.yml | 5 +++++ .../cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json | 2 +- .../cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json | 2 +- .../cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json | 2 +- .../cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json | 2 +- packages/cisco_asa/manifest.yml | 2 +- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 7d19cd40f95..ff5e2a61053 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.2" + changes: + - description: Change visualizations to use event.code instead of cisco.asa.message_id. + type: bugfix + link: https://github.com/elastic/integrations/pull/3146 - version: "2.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/cisco_asa/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json index 259860e15d7..2eb9a6671b9 100644 --- a/packages/cisco_asa/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json @@ -12,7 +12,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "cisco.asa.message_id :*" + "query": "data_stream.dataset:cisco_asa.log" }, "version": true } diff --git a/packages/cisco_asa/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json index bfa6da49fd4..d96062fdd08 100644 --- a/packages/cisco_asa/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json @@ -12,7 +12,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "cisco.asa.message_id:* and event.action:\"flow-expiration\"" + "query": "data_stream.dataset:cisco_asa.log and event.action:\"flow-expiration\"" }, "version": true } diff --git a/packages/cisco_asa/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json index dd788d0ca6a..67d1ba8da38 100644 --- a/packages/cisco_asa/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json @@ -12,7 +12,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "cisco.asa.message_id:* and event.action:\"firewall-rule\"" + "query": "data_stream.dataset:cisco_asa.log and event.action:\"firewall-rule\"" }, "version": true } diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json index 31977af7058..e43aad55aa9 100644 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json @@ -30,7 +30,7 @@ "id": "2", "params": { "customLabel": "ID", - "field": "cisco.asa.message_id", + "field": "event.code", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 14556ea0860..afee0560416 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: 2.2.1 +version: 2.2.2 license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration From 919fe81e1a45d8b4904b97a85f6e3a2d32baa8f8 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 21 Apr 2022 14:33:16 -0400 Subject: [PATCH 12/23] [sophos] Various improvements and log samples from 18.5 (#3127) Remove space from sophos.xg.trans_src_ip field name in mapping. Sync fix from https://github.com/elastic/beats/pull/25250. Do not modify event.original. Populate `url.*` fields based on `sophos.xg.url`. Rename `sophos.xg.reason` to `event.reason` (ECS). Normalize all `sophos.xg.*` keys to lowercase. Lowercase `network.transport` as per ECS. Format `source.mac` and `destination.mac` as per ECS. Add Sophos Firewall 18.5 log samples taken from documentation. Set the `event.code` from the message ID (and remove `sophos.xg.messageid`). Consolidate geoip enrichment Consolidate related.ip processors Consolidate lowercase network.transport/protocol Consolidate related.user processing Consolidate related.hash Consolidate network.{bytes,packets} calculations Add network.community_id Add {url,source,destination}.domain to related.hosts Set event.duration (ns) for WAF events using reponsetime (us) Remove client/server mappings. This was a large amount of duplication causing increased event sizes. Add reference link to xg syslog formats Anti-Virus - Set `destination.domain` from `sophos.xg.dstdomain` in anti-virus log. - Use `sophos.xg.dst_domainname` to set `destination.domain` for Anti-Virus SMTP events. - Use `sophos.xg.src_domainname` to set `source.domain` for Anti-Virus SMTP events. - Set `network.protocol` for anti-virus logs. Anti-Spam - Set `network.protocol` for anti-spam logs. Content Filtering - Set `network.protocol` for Content Filtering. Use the URL scheme to derive the protocol. Sandstorm - Set `file.name` for Sandstorm events (there was a typo in the if condition). - Set `url.domain`, `destination.domain`, and `destination.ip` for Sandstorm web events. - Handle sha256 Sandstorm file hashes. In 17.5 and earlier the sha1sum contained the sha1 checksum of the file being analyzed. In 18.0 and later the sha1sum contains the sha256 checksum of the file. System Health - Convert `sophos.xg.collisions`, `sophos.xg.receiveddrops`, and `sophos.xg.transmitteddrops` to float in document `_source`. Wireless Protection Change `sophos.xg.clients_conn_ssid` to a long in the mapping. * Update files [git-generate] cd packages/sophos elastic-package format elastic-package build elastic-package test pipeline -g * Add changelog * Remove null-safe operator when accessing ctx Replaces `ctx?.` with `ctx.` in all of the sophos.xg pipelines. * Sort ecs.yml and fields.yml by name --- packages/sophos/_dev/build/docs/README.md | 6 +- packages/sophos/changelog.yml | 29 + .../pipeline/test-sophos-18.5-anti-spam.log | 19 + ...st-sophos-18.5-anti-spam.log-expected.json | 1715 ++++++++++ .../test-sophos-18.5-anti-virus-ftp.log | 2 + ...phos-18.5-anti-virus-ftp.log-expected.json | 177 + .../test-sophos-18.5-anti-virus-smtp.log | 3 + ...hos-18.5-anti-virus-smtp.log-expected.json | 283 ++ .../test-sophos-18.5-anti-virus-web.log | 2 + ...phos-18.5-anti-virus-web.log-expected.json | 210 ++ .../test-sophos-18.5-atp-firewall.log | 2 + ...sophos-18.5-atp-firewall.log-expected.json | 183 + .../test-sophos-18.5-authentication.log | 3 + ...phos-18.5-authentication.log-expected.json | 215 ++ ...est-sophos-18.5-content-filtering-http.log | 8 + ...5-content-filtering-http.log-expected.json | 850 +++++ ...5-content-filtering-web-content-policy.log | 1 + ...ering-web-content-policy.log-expected.json | 66 + .../pipeline/test-sophos-18.5-firewall.log | 16 + ...est-sophos-18.5-firewall.log-expected.json | 1704 ++++++++++ .../test/pipeline/test-sophos-18.5-idp.log | 4 + .../test-sophos-18.5-idp.log-expected.json | 344 ++ .../pipeline/test-sophos-18.5-sandstorm.log | 5 + ...st-sophos-18.5-sandstorm.log-expected.json | 393 +++ .../test-sophos-18.5-systemhealth.log | 5 + ...sophos-18.5-systemhealth.log-expected.json | 239 ++ .../pipeline/test-sophos-18.5-wireless.log | 2 + ...est-sophos-18.5-wireless.log-expected.json | 98 + .../pipeline/test-sophos-xg.log-expected.json | 3021 ++++------------- .../test-xg-cfilter-new.log-expected.json | 1956 +++-------- .../test-xg-event-new.log-expected.json | 33 +- .../test-xg-firewall-new.log-expected.json | 1997 ++--------- .../_dev/test/system/test-logfile-config.yml | 11 - .../xg/_dev/test/system/test-tcp-config.yml | 12 - .../ingest_pipeline/antispam.yml | 95 +- .../ingest_pipeline/antivirus.yml | 155 +- .../xg/elasticsearch/ingest_pipeline/atp.yml | 120 +- .../elasticsearch/ingest_pipeline/cfilter.yml | 126 +- .../elasticsearch/ingest_pipeline/default.yml | 420 ++- .../elasticsearch/ingest_pipeline/event.yml | 120 +- .../ingest_pipeline/firewall.yml | 149 +- .../xg/elasticsearch/ingest_pipeline/idp.yml | 105 +- .../ingest_pipeline/sandstorm.yml | 65 +- .../ingest_pipeline/systemhealth.yml | 45 +- .../xg/elasticsearch/ingest_pipeline/waf.yml | 119 +- .../xg/elasticsearch/ingest_pipeline/wifi.yml | 10 +- .../sophos/data_stream/xg/fields/agent.yml | 3 + packages/sophos/data_stream/xg/fields/ecs.yml | 90 +- .../sophos/data_stream/xg/fields/fields.yml | 959 +++--- .../sophos/data_stream/xg/sample_event.json | 23 +- packages/sophos/docs/README.md | 106 +- packages/sophos/manifest.yml | 4 +- 52 files changed, 8993 insertions(+), 7335 deletions(-) create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log create mode 100644 packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json delete mode 100644 packages/sophos/data_stream/xg/_dev/test/system/test-logfile-config.yml delete mode 100644 packages/sophos/data_stream/xg/_dev/test/system/test-tcp-config.yml diff --git a/packages/sophos/_dev/build/docs/README.md b/packages/sophos/_dev/build/docs/README.md index 5876eb0ce6c..773304a919e 100644 --- a/packages/sophos/_dev/build/docs/README.md +++ b/packages/sophos/_dev/build/docs/README.md @@ -9,7 +9,7 @@ Currently it accepts logs in syslog format or from a file for the following devi To configure a remote syslog destination, please reference the [SophosXG/SFOS Documentation](https://community.sophos.com/kb/en-us/123184). -The syslog format choosen should be `Default`. +The syslog format chosen should be `Default`. ## Compatibility @@ -26,7 +26,9 @@ The `utm` dataset collects Astaro Security Gateway logs. ### XG log -This is the Sophos `xg` dataset. +This is the Sophos `xg` dataset. Reference information about the log formats +can be found in the [Sophos syslog guide]( +https://docs.sophos.com/nsg/sophos-firewall/18.5/PDF/SF%20syslog%20guide%2018.5.pdf). {{event "xg"}} diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 44a15d4c8f3..daa3b2d92ac 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,33 @@ # newer versions go on top +- version: "2.0.0" + changes: + - description: Remove space from sophos.xg.trans_src_ip field. + type: bugfix + link: https://github.com/elastic/integrations/pull/3127 + - description: Do not modify event.original. + type: bugfix + link: https://github.com/elastic/integrations/pull/3127 + - description: Populate `url.*` fields based on `sophos.xg.url`. + type: enhancement + link: https://github.com/elastic/integrations/pull/3127 + - description: Rename `sophos.xg.reason` to `event.reason` (ECS). + type: enhancement + link: https://github.com/elastic/integrations/pull/3127 + - description: Lowercase `network.transport` as per ECS. + type: bugfix + link: https://github.com/elastic/integrations/pull/3127 + - description: Format `source.mac` and `destination.mac` as per ECS. + type: bugfix + link: https://github.com/elastic/integrations/pull/3127 + - description: Set the `event.code` from the message ID (and remove `sophos.xg.message_id`). + type: enhancement + link: https://github.com/elastic/integrations/pull/3127 + - description: Add `network.community_id`. + type: enhancement + link: https://github.com/elastic/integrations/pull/3127 + - description: Reduce event size by removing `client` and `server` fields that are clones of `source` and `destination`, respectively. + type: breaking-change + link: https://github.com/elastic/integrations/pull/3127 - version: "1.2.3" changes: - description: Update pipelines to parse new fields diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log new file mode 100644 index 00000000000..d2144a89ba2 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log @@ -0,0 +1,19 @@ +device="SFW" date=2017-01-31 time=18:28:25 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=041107413001 log_type="Anti-Spam" log_component="SMTP" log_subtype="Spam" status="" priority=Warning fw_rule_id=0 user_name="gaurav" av_policy_name="Gaurav235" from_email_address="gaurav1@iview.com" to_email_address="gaurav2@iview.com" email_subject="RPD Spam Test: Spam" mailid="c000000b-1485867502" mailsize=400 spamaction="DROP" reason="" src_domainname="iview.com" dst_domainname="" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol="TCP" src_port=22258 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Spam" +device="SFW" date=2018-06-06 time=10:41:29 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041108413002 log_type="Anti-Spam" log_component="SMTP" log_subtype="Probable Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="postman" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" email_subject="[SPAM] RPD Spam test: Bulk" mailid="c0000006-1528261885" mailsize=438 spamaction="WARN" reason="Mail detected as PROBABLE SPAM." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol="TCP" src_port=56341 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Spam" +device="SFW" date=2017-01-31 time=18:36:22 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=041105613003 log_type="Anti-Spam" log_component="SMTP" log_subtype="Clean" status="" priority=Information fw_rule_id=0 user_name="gaurav" av_policy_name="None" from_email_address="gaurav2@iview.com" to_email_address="gaurav1@iview.com" email_subject="EMAIL" mailid="<5ab27db7-7bac-82e2-ba40-83ce90577c7f@iview.com>" mailsize=398 spamaction="Accept" reason="" src_domainname="iview.com" dst_domainname="" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol="TCP" src_port=22477 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=11:08:08 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041108413004 log_type="Anti-Spam" log_component="SMTP" log_subtype="Probable Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="postman" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" email_subject="Test RBL email" mailid="c0000008-1528263488" mailsize=433 spamaction="DROP" reason="Sender IP address is blacklisted." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol="TCP" src_port=57854 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="RBL" +device="SFW" date=2017-01-31 time=18:34:41 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=041113413005 log_type="Anti-Spam" log_component="SMTP" log_subtype="Outbound Spam" status="" priority=Warning fw_rule_id=0 user_name="gaurav" av_policy_name="Gaurav123" from_email_address="gaurav1@iview.com" to_email_address="gaurav2@iview.com" email_subject="RPD Spam Test: Spam" mailid="" mailsize=405 spamaction="Accept" reason="" src_domainname="iview.com" dst_domainname="" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol="TCP" src_port=22420 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Spam" +device="SFW" date=2018-06-06 time=11:10:11 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041114413006 log_type="Anti-Spam" log_component="SMTP" log_subtype="Outbound Probable Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="rule 8" from_email_address="pankhil@postman.local" to_email_address="pankhil1@Postman.local" email_subject="RPD Spam test: Bulk" mailid="" mailsize=439 spamaction="Drop" reason="Mail detected as OUTBOUND PROBABLE SPAM." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol="TCP" src_port=58043 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Spam" +device="SFW" date=2018-06-06 time=12:50:07 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041121613009 log_type="Anti-Spam" log_component="SMTP" log_subtype="DLP" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="postman" from_email_address="pankhil@postman.local" to_email_address="pankhil1@Postman.local" email_subject="Fwd: TESt" mailid="c0000002-1528269606" mailsize=5041 spamaction="DROP" reason="Email containing confidential data detected. Relevant Data Protection Policy applied." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol="TCP" src_port=60134 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="DLP" +device="SFW" date=2018-06-06 time=12:51:34 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041122613010 log_type="Anti-Spam" log_component="SMTP" log_subtype="SPX" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="pankhil1@Postman.local" email_subject="[secure:pankhil]" mailid="c0000003-1528269693" mailsize=442 spamaction="Accept" reason="SPX Template of type Specified by Sender successfully applied on Email." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol="TCP" src_port=60298 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=12:52:49 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041122613011 log_type="Anti-Spam" log_component="SMTP" log_subtype="SPX" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="pankhil1@Postman.local" email_subject="Test failed" mailid="c0000004-1528269769" mailsize=431 spamaction="REJECT" reason="Email could not be SPX- encrypted because password was not found in the Email subject." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol="TCP" src_port=60305 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=12:53:39 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041123413012 log_type="Anti-Spam" log_component="SMTP" log_subtype="Dos" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="" to_email_address="" email_subject="" mailid="" mailsize=0 spamaction="TMPREJECT" reason="SMTP DoS" src_domainname="" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol="TCP" src_port=60392 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2017-01-31 time=15:46:45 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=041101613013 log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=0 user_name="gaurav" av_policy_name="Gaurav235" from_email_address="gaurav2@iview.com" to_email_address="gaurav1@iview.com" email_subject="GP235" mailid="c000000a-1485857789" mailsize=391 spamaction="SANDSTORM ALLOW" reason="Mail is marked Clean by Sophos Sandstorm." src_domainname="iview.com" dst_domainname="" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol="TCP" src_port=11255 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=12:56:53 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041102413014 log_type="Anti-Spam" log_component="SMTP" log_subtype="Denied" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="postman" from_email_address="pankhil1@postman.local" to_email_address="pankhil@postman.local" email_subject="Fwd: test sand" mailid="c0000008-1528270010" mailsize=419835 spamaction="DROP" reason="Email is marked Malicious by Sophos Sandstorm." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol="TCP" src_port=60608 dst_port=25 sent_bytes=0 recv_bytes=0 +device="SFW" date=2017-01-31 time=18:31:11 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=041207414001 log_type="Anti-Spam" log_component="POP3" log_subtype="Spam" status="" priority=Warning fw_rule_id=0 user_name="gaurav" av_policy_name="GauravPatel" from_email_address="gaurav1@iview.com" to_email_address="gaurav2@iview. com" email_subject="RPD Spam Test: Spam" mailid="<2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com>" mailsize=574 spamaction="Accept" reason="" src_domainname="iview.com" dst_domainname="iview.com" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol="TCP" src_port=22333 dst_port=110 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=12:59:01 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=046108414002 log_type="Anti-Spam" log_component="POPS" log_subtype="Probable Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="pop8" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" email_subject="RPD Spam test: Bulk" mailid="<13c3aad0-82c0-11d8-c9e1-3c0ea4f8708b@postman.local>" mailsize=0 spamaction="Change Subject" reason="Mail detected as PROBABLE SPAM" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol="TCP" src_port=60742 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=13:00:34 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=046105614003 log_type="Anti-Spam" log_component="POPS" log_subtype="Clean" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" email_subject="Test clean" mailid="" mailsize=0 spamaction="Accept" reason="Mail is Clean" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol="TCP" src_port=60757 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=13:01:42 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=046207415001 log_type="Anti-Spam" log_component="IMAPS" log_subtype="Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="ganga@postman.local" email_subject="RPD Spam test: Spam" mailid="<6da55e70-8d61-63fb-df41-35fdf36e94d8@postman.local>" mailsize=0 spamaction="Accept" reason="Mail detected as SPAM" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol="TCP" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=13:02:54 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=046208415002 log_type="Anti-Spam" log_component="IMAPS" log_subtype="Probable Spam" status="" priority=Warning fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="ganga@postman.local" email_subject="RPD Spam test: Bulk" mailid="<0a09a814-f3b6-35cc-c94e-1807dab742fc@postman.local>" mailsize=0 spamaction="Accept" reason="Mail detected as PROBABLE SPAM" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol="TCP" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=13:03:58 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=046205615003 log_type="Anti-Spam" log_component="IMAPS" log_subtype="Clean" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="ganga@postman.local" email_subject="Clean email" mailid="<3b542388-7bca-5b43-79e6-e21fcd709d8f@postman.local>" mailsize=0 spamaction="Accept" reason="Mail is Clean" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol="TCP" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-05 time=19:11:26 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=041101618035 log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="pankhil@Postman.local" email_subject="dd" mailid="c0000005-1528206082" mailsize=421 spamaction="DELIVERED" reason="Email has been delivered to recipient(s)." src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol="TCP" src_port=61636 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json new file mode 100644 index 00000000000..adc869dd5ea --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-spam.log-expected.json @@ -0,0 +1,1715 @@ +{ + "expected": [ + { + "@timestamp": "2017-01-31T18:28:25.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.233.61", + "port": 25, + "user": { + "email": "gaurav2@iview.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Spam", + "category": [ + "malware", + "network" + ], + "code": "13001", + "kind": "alert", + "original": "device=\"SFW\" date=2017-01-31 time=18:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041107413001 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"Gaurav235\" from_email_address=\"gaurav1@iview.com\" to_email_address=\"gaurav2@iview.com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"c000000b-1485867502\" mailsize=400 spamaction=\"DROP\" reason=\"\" src_domainname=\"iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22258 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "outcome": "success", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:58l6YYAlS4MiONjMobtnTJYmpWQ=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "Gaurav235", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "email_subject": "RPD Spam Test: Spam", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041107413001", + "log_subtype": "Spam", + "log_type": "Anti-Spam", + "mailid": "c000000b-1485867502", + "mailsize": "400", + "priority": "Warning", + "quarantine_reason": "Spam", + "spamaction": "DROP", + "src_country_code": "R1", + "user_name": "gaurav" + } + }, + "source": { + "bytes": 0, + "domain": "iview.com", + "ip": "10.198.47.71", + "port": 22258, + "user": { + "email": "gaurav1@iview.com" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T10:41:29.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.16.204", + "port": 25, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Probable Spam", + "category": [ + "malware", + "network" + ], + "code": "13002", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=10:41:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041108413002 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" email_subject=\"[SPAM] RPD Spam test: Bulk\" mailid=\"c0000006-1528261885\" mailsize=438 spamaction=\"WARN\" reason=\"Mail detected as PROBABLE SPAM.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=56341 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "outcome": "success", + "reason": "Mail detected as PROBABLE SPAM.", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:abMOcgeJH+xBFHn6l4jTehUSlBI=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.16.204" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "postman", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "[SPAM] RPD Spam test: Bulk", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041108413002", + "log_subtype": "Probable Spam", + "log_type": "Anti-Spam", + "mailid": "c0000006-1528261885", + "mailsize": "438", + "priority": "Warning", + "quarantine_reason": "Spam", + "spamaction": "WARN", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 56341, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-01-31T18:36:22.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.233.61", + "port": 25, + "user": { + "email": "gaurav1@iview.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Clean", + "category": [ + "network" + ], + "code": "13003", + "kind": "event", + "original": "device=\"SFW\" date=2017-01-31 time=18:36:22 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041105613003 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Clean\" status=\"\" priority=Information fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"None\" from_email_address=\"gaurav2@iview.com\" to_email_address=\"gaurav1@iview.com\" email_subject=\"EMAIL\" mailid=\"\u003c5ab27db7-7bac-82e2-ba40-83ce90577c7f@iview.com\u003e\" mailsize=398 spamaction=\"Accept\" reason=\"\" src_domainname=\"iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22477 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:TxMs7HDGo6klbRU54soSJPEvELk=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "email_subject": "EMAIL", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041105613003", + "log_subtype": "Clean", + "log_type": "Anti-Spam", + "mailid": "\u003c5ab27db7-7bac-82e2-ba40-83ce90577c7f@iview.com\u003e", + "mailsize": "398", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "Accept", + "src_country_code": "R1", + "user_name": "gaurav" + } + }, + "source": { + "bytes": 0, + "domain": "iview.com", + "ip": "10.198.47.71", + "port": 22477, + "user": { + "email": "gaurav2@iview.com" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T11:08:08.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.17.121", + "port": 25, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Probable Spam", + "category": [ + "malware", + "network" + ], + "code": "13004", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=11:08:08 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041108413004 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" email_subject=\"Test RBL email\" mailid=\"c0000008-1528263488\" mailsize=433 spamaction=\"DROP\" reason=\"Sender IP address is blacklisted.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=57854 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"RBL\"", + "outcome": "success", + "reason": "Sender IP address is blacklisted.", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:NvdaEFP3A+xwUrbF32GvYv4ezIE=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "postman", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "Test RBL email", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041108413004", + "log_subtype": "Probable Spam", + "log_type": "Anti-Spam", + "mailid": "c0000008-1528263488", + "mailsize": "433", + "priority": "Warning", + "quarantine_reason": "RBL", + "spamaction": "DROP", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 57854, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-01-31T18:34:41.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.233.61", + "port": 25, + "user": { + "email": "gaurav2@iview.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Outbound Spam", + "category": [ + "malware", + "network" + ], + "code": "13005", + "kind": "alert", + "original": "device=\"SFW\" date=2017-01-31 time=18:34:41 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041113413005 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"Gaurav123\" from_email_address=\"gaurav1@iview.com\" to_email_address=\"gaurav2@iview.com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003ca22c9da6-19e5-4764-2836-3f48d7dcc329@iview.com\u003e\" mailsize=405 spamaction=\"Accept\" reason=\"\" src_domainname=\"iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22420 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "outcome": "success", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:cZ39MftFvT3s1y8vN0AHxj2KZII=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "Gaurav123", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "email_subject": "RPD Spam Test: Spam", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041113413005", + "log_subtype": "Outbound Spam", + "log_type": "Anti-Spam", + "mailid": "\u003ca22c9da6-19e5-4764-2836-3f48d7dcc329@iview.com\u003e", + "mailsize": "405", + "priority": "Warning", + "quarantine_reason": "Spam", + "spamaction": "Accept", + "src_country_code": "R1", + "user_name": "gaurav" + } + }, + "source": { + "bytes": 0, + "domain": "iview.com", + "ip": "10.198.47.71", + "port": 22420, + "user": { + "email": "gaurav1@iview.com" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T11:10:11.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 25, + "user": { + "email": "pankhil1@Postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Outbound Probable Spam", + "category": [ + "malware", + "network" + ], + "code": "13006", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=11:10:11 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041114413006 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"rule 8\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"RPD Spam test: Bulk\" mailid=\"\u003cc63b1eb2-1c17-73ac-fcc3- 20e8831dc3d3@postman.local\u003e\" mailsize=439 spamaction=\"Drop\" reason=\"Mail detected as OUTBOUND PROBABLE SPAM.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=58043 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "outcome": "success", + "reason": "Mail detected as OUTBOUND PROBABLE SPAM.", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:4pL1g2Wx0xpVOFsPZ927l+yIPiU=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "rule 8", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "RPD Spam test: Bulk", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041114413006", + "log_subtype": "Outbound Probable Spam", + "log_type": "Anti-Spam", + "mailid": "\u003cc63b1eb2-1c17-73ac-fcc3- 20e8831dc3d3@postman.local\u003e", + "mailsize": "439", + "priority": "Warning", + "quarantine_reason": "Spam", + "spamaction": "Drop", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 58043, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:50:07.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.17.121", + "port": 25, + "user": { + "email": "pankhil1@Postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "DLP", + "category": [ + "malware", + "network" + ], + "code": "13009", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=12:50:07 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041121613009 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"DLP\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"Fwd: TESt\" mailid=\"c0000002-1528269606\" mailsize=5041 spamaction=\"DROP\" reason=\"Email containing confidential data detected. Relevant Data Protection Policy applied.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60134 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"DLP\"", + "outcome": "success", + "reason": "Email containing confidential data detected. Relevant Data Protection Policy applied.", + "severity": 6, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:a0QO0XDedN9BRtTg60uWTq/zaCQ=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "postman", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "Fwd: TESt", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041121613009", + "log_subtype": "DLP", + "log_type": "Anti-Spam", + "mailid": "c0000002-1528269606", + "mailsize": "5041", + "priority": "Information", + "quarantine_reason": "DLP", + "spamaction": "DROP", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60134, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:51:34.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.16.204", + "port": 25, + "user": { + "email": "pankhil1@Postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "SPX", + "category": [ + "network" + ], + "code": "13010", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-06 time=12:51:34 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041122613010 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"SPX\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"[secure:pankhil]\" mailid=\"c0000003-1528269693\" mailsize=442 spamaction=\"Accept\" reason=\"SPX Template of type Specified by Sender successfully applied on Email.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=60298 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "SPX Template of type Specified by Sender successfully applied on Email.", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:Gh3yGHw3PI8ixdFOiZO3wKa8qrI=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.16.204" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "[secure:pankhil]", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041122613010", + "log_subtype": "SPX", + "log_type": "Anti-Spam", + "mailid": "c0000003-1528269693", + "mailsize": "442", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "Accept", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60298, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:52:49.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.16.204", + "port": 25, + "user": { + "email": "pankhil1@Postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "SPX", + "category": [ + "network" + ], + "code": "13011", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-06 time=12:52:49 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041122613011 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"SPX\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"Test failed\" mailid=\"c0000004-1528269769\" mailsize=431 spamaction=\"REJECT\" reason=\"Email could not be SPX- encrypted because password was not found in the Email subject.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=60305 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Email could not be SPX- encrypted because password was not found in the Email subject.", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:o9GcBl2rXdCj4Z5eJViWo5SqDbE=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.16.204" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "Test failed", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041122613011", + "log_subtype": "SPX", + "log_type": "Anti-Spam", + "mailid": "c0000004-1528269769", + "mailsize": "431", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "REJECT", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60305, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:53:39.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.17.121", + "port": 25 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Dos", + "category": [ + "intrusion_detection", + "network" + ], + "code": "13012", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=12:53:39 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041123413012 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Dos\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"\" to_email_address=\"\" email_subject=\"\" mailid=\"\" mailsize=0 spamaction=\"TMPREJECT\" reason=\"SMTP DoS\" src_domainname=\"\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60392 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "SMTP DoS", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:kePcBIa66amVdXctNnMv73KAlD8=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041123413012", + "log_subtype": "Dos", + "log_type": "Anti-Spam", + "mailsize": "0", + "priority": "Warning", + "quarantine_reason": "Other", + "spamaction": "TMPREJECT", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.16.121", + "port": 60392 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-01-31T15:46:45.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.233.61", + "port": 25, + "user": { + "email": "gaurav1@iview.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Allowed", + "category": [ + "network" + ], + "code": "13013", + "kind": "event", + "original": "device=\"SFW\" date=2017-01-31 time=15:46:45 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041101613013 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"Gaurav235\" from_email_address=\"gaurav2@iview.com\" to_email_address=\"gaurav1@iview.com\" email_subject=\"GP235\" mailid=\"c000000a-1485857789\" mailsize=391 spamaction=\"SANDSTORM ALLOW\" reason=\"Mail is marked Clean by Sophos Sandstorm.\" src_domainname=\"iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=11255 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail is marked Clean by Sophos Sandstorm.", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:is/QwrkxpayBwGh5R1/esrSbZ3A=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "Gaurav235", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "email_subject": "GP235", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041101613013", + "log_subtype": "Allowed", + "log_type": "Anti-Spam", + "mailid": "c000000a-1485857789", + "mailsize": "391", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "SANDSTORM ALLOW", + "src_country_code": "R1", + "user_name": "gaurav" + } + }, + "source": { + "bytes": 0, + "domain": "iview.com", + "ip": "10.198.47.71", + "port": 11255, + "user": { + "email": "gaurav2@iview.com" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:56:53.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.17.121", + "port": 25, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Denied", + "category": [ + "malware", + "network" + ], + "code": "13014", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=12:56:53 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041102413014 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Denied\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil1@postman.local\" to_email_address=\"pankhil@postman.local\" email_subject=\"Fwd: test sand\" mailid=\"c0000008-1528270010\" mailsize=419835 spamaction=\"DROP\" reason=\"Email is marked Malicious by Sophos Sandstorm.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60608 dst_port=25 sent_bytes=0 recv_bytes=0", + "outcome": "success", + "reason": "Email is marked Malicious by Sophos Sandstorm.", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:s4oqzO6RVrUrT4HCROvCsRxyngM=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "postman", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "Fwd: test sand", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041102413014", + "log_subtype": "Denied", + "log_type": "Anti-Spam", + "mailid": "c0000008-1528270010", + "mailsize": "419835", + "priority": "Warning", + "spamaction": "DROP", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60608, + "user": { + "email": "pankhil1@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-01-31T18:31:11.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.233.61", + "port": 110, + "user": { + "email": "gaurav2@iview. com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Spam", + "category": [ + "malware", + "network" + ], + "code": "14001", + "kind": "alert", + "original": "device=\"SFW\" date=2017-01-31 time=18:31:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041207414001 log_type=\"Anti-Spam\" log_component=\"POP3\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"GauravPatel\" from_email_address=\"gaurav1@iview.com\" to_email_address=\"gaurav2@iview. com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003c2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com\u003e\" mailsize=574 spamaction=\"Accept\" reason=\"\" src_domainname=\"iview.com\" dst_domainname=\"iview.com\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22333 dst_port=110 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:E/1TIGuzeeJuVhq04jui66hWf/Q=", + "protocol": "pop3", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "GauravPatel", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "dst_domainname": "iview.com", + "email_subject": "RPD Spam Test: Spam", + "fw_rule_id": "0", + "log_component": "POP3", + "log_id": "041207414001", + "log_subtype": "Spam", + "log_type": "Anti-Spam", + "mailid": "\u003c2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com\u003e", + "mailsize": "574", + "priority": "Warning", + "quarantine_reason": "Other", + "spamaction": "Accept", + "src_country_code": "R1", + "user_name": "gaurav" + } + }, + "source": { + "bytes": 0, + "domain": "iview.com", + "ip": "10.198.47.71", + "port": 22333, + "user": { + "email": "gaurav1@iview.com" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T12:59:01.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 995, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Probable Spam", + "category": [ + "malware", + "network" + ], + "code": "14002", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=12:59:01 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=046108414002 log_type=\"Anti-Spam\" log_component=\"POPS\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"pop8\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" email_subject=\"RPD Spam test: Bulk\" mailid=\"\u003c13c3aad0-82c0-11d8-c9e1-3c0ea4f8708b@postman.local\u003e\" mailsize=0 spamaction=\"Change Subject\" reason=\"Mail detected as PROBABLE SPAM\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol=\"TCP\" src_port=60742 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail detected as PROBABLE SPAM", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:oUKghgmwrhA1Xw2ZUaHjKH6Pay0=", + "protocol": "pop3s", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "pop8", + "device": "SFW", + "device_name": "SG430", + "email_subject": "RPD Spam test: Bulk", + "fw_rule_id": "0", + "log_component": "POPS", + "log_id": "046108414002", + "log_subtype": "Probable Spam", + "log_type": "Anti-Spam", + "mailid": "\u003c13c3aad0-82c0-11d8-c9e1-3c0ea4f8708b@postman.local\u003e", + "mailsize": "0", + "priority": "Warning", + "quarantine_reason": "Other", + "spamaction": "Change Subject" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60742, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T13:00:34.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 995, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Clean", + "category": [ + "network" + ], + "code": "14003", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-06 time=13:00:34 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=046105614003 log_type=\"Anti-Spam\" log_component=\"POPS\" log_subtype=\"Clean\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" email_subject=\"Test clean\" mailid=\"\u003cb4ac9385-437d-7cd1-1089-ef09fb3066fa@postman.local\u003e\" mailsize=0 spamaction=\"Accept\" reason=\"Mail is Clean\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol=\"TCP\" src_port=60757 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail is Clean", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:DuidWxTTdSsPRBFLr5t708mTGNU=", + "protocol": "pop3s", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "email_subject": "Test clean", + "fw_rule_id": "0", + "log_component": "POPS", + "log_id": "046105614003", + "log_subtype": "Clean", + "log_type": "Anti-Spam", + "mailid": "\u003cb4ac9385-437d-7cd1-1089-ef09fb3066fa@postman.local\u003e", + "mailsize": "0", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "Accept" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 60757, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T13:01:42.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 993, + "user": { + "email": "ganga@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Spam", + "category": [ + "malware", + "network" + ], + "code": "15001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=13:01:42 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=046207415001 log_type=\"Anti-Spam\" log_component=\"IMAPS\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" email_subject=\"RPD Spam test: Spam\" mailid=\"\u003c6da55e70-8d61-63fb-df41-35fdf36e94d8@postman.local\u003e\" mailsize=0 spamaction=\"Accept\" reason=\"Mail detected as SPAM\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol=\"TCP\" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail detected as SPAM", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:n/9oJCh3spT9n+qgYjYhXd5cipE=", + "protocol": "imaps", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "email_subject": "RPD Spam test: Spam", + "fw_rule_id": "0", + "log_component": "IMAPS", + "log_id": "046207415001", + "log_subtype": "Spam", + "log_type": "Anti-Spam", + "mailid": "\u003c6da55e70-8d61-63fb-df41-35fdf36e94d8@postman.local\u003e", + "mailsize": "0", + "priority": "Warning", + "quarantine_reason": "Other", + "spamaction": "Accept" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 58595, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T13:02:54.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 993, + "user": { + "email": "ganga@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Probable Spam", + "category": [ + "malware", + "network" + ], + "code": "15002", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=13:02:54 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=046208415002 log_type=\"Anti-Spam\" log_component=\"IMAPS\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" email_subject=\"RPD Spam test: Bulk\" mailid=\"\u003c0a09a814-f3b6-35cc-c94e-1807dab742fc@postman.local\u003e\" mailsize=0 spamaction=\"Accept\" reason=\"Mail detected as PROBABLE SPAM\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol=\"TCP\" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail detected as PROBABLE SPAM", + "severity": 4, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:n/9oJCh3spT9n+qgYjYhXd5cipE=", + "protocol": "imaps", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "email_subject": "RPD Spam test: Bulk", + "fw_rule_id": "0", + "log_component": "IMAPS", + "log_id": "046208415002", + "log_subtype": "Probable Spam", + "log_type": "Anti-Spam", + "mailid": "\u003c0a09a814-f3b6-35cc-c94e-1807dab742fc@postman.local\u003e", + "mailsize": "0", + "priority": "Warning", + "quarantine_reason": "Other", + "spamaction": "Accept" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 58595, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T13:03:58.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 993, + "user": { + "email": "ganga@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Clean", + "category": [ + "network" + ], + "code": "15003", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-06 time=13:03:58 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=046205615003 log_type=\"Anti-Spam\" log_component=\"IMAPS\" log_subtype=\"Clean\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" email_subject=\"Clean email\" mailid=\"\u003c3b542388-7bca-5b43-79e6-e21fcd709d8f@postman.local\u003e\" mailsize=0 spamaction=\"Accept\" reason=\"Mail is Clean\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code= dst_ip=10.198.234.240 dst_country_code= protocol=\"TCP\" src_port=58595 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Mail is Clean", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:n/9oJCh3spT9n+qgYjYhXd5cipE=", + "protocol": "imaps", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "email_subject": "Clean email", + "fw_rule_id": "0", + "log_component": "IMAPS", + "log_id": "046205615003", + "log_subtype": "Clean", + "log_type": "Anti-Spam", + "mailid": "\u003c3b542388-7bca-5b43-79e6-e21fcd709d8f@postman.local\u003e", + "mailsize": "0", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "Accept" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 58595, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T19:11:26.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.16.204", + "port": 25, + "user": { + "email": "pankhil@Postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Allowed", + "category": [ + "network" + ], + "code": "18035", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=19:11:26 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041101618035 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@Postman.local\" email_subject=\"dd\" mailid=\"c0000005-1528206082\" mailsize=421 spamaction=\"DELIVERED\" reason=\"Email has been delivered to recipient(s).\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=61636 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "reason": "Email has been delivered to recipient(s).", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:w7128i0i0NX5CvQ/yBHqcVXh0Io=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.16.204" + ] + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "email_subject": "dd", + "fw_rule_id": "0", + "log_component": "SMTP", + "log_id": "041101618035", + "log_subtype": "Allowed", + "log_type": "Anti-Spam", + "mailid": "c0000005-1528206082", + "mailsize": "421", + "priority": "Information", + "quarantine_reason": "Other", + "spamaction": "DELIVERED", + "src_country_code": "R1" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 61636, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log new file mode 100644 index 00000000000..717168ed9bb --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log @@ -0,0 +1,2 @@ +device="SFW" date=2018-06-21 time=19:50:23 timezone="CEST" device_name="SF01V" device_id=SFDemo-2df0960 log_id=031006209001 log_type="Anti-Virus" log_component="FTP" log_subtype="Virus" priority=Critical fw_rule_id=0 user_name="" virus="EICAR-AV-Test" FTP_url="/var/www//home/ftp-user/ta_test_file_1ta-cl1-46" FTP_direction="Upload" filename="/home/ftp-user/ta_test_file_1ta-cl1-46" file_size=0 file_path="/var/www//home/ftp-user/ta_test_file_1ta-cl1-46" ftpcommand="STOR" src_ip=10.146.13.49 src_country_code=R1 dst_ip=10.8.142.181 dst_country_code=R1 protocol="TCP" src_port=39910 dst_port=21 dstdomain="" sent_bytes=0 recv_bytes=0 +device="SFW" date=2018-06-21 time=19:50:48 timezone="CEST" device_name="SF01V" device_id=SFDemo-2df0960 log_id=031001609002 log_type="Anti-Virus" log_component="FTP" log_subtype="Allowed" priority=Information fw_rule_id=0 user_name="" virus="" FTP_url="/var/www//home/ftp-user/ta_test_file_1ta-cl1-46" FTP_direction="Download" filename="/home/ftp-user/ta_test_file_1ta-cl1-46" file_size=19926248 file_path="/var/www//home/ftp-user/ta_test_file_1ta-cl1-46" ftpcommand="RETR" src_ip=10.146.13.49 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol="TCP" src_port=39936 dst_port=21 dstdomain="example.com" sent_bytes=0 recv_bytes=19926248 \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json new file mode 100644 index 00000000000..d5ad1c8cdd1 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-ftp.log-expected.json @@ -0,0 +1,177 @@ +{ + "expected": [ + { + "@timestamp": "2018-06-21T19:50:23.000Z", + "destination": { + "bytes": 0, + "ip": "10.8.142.181", + "port": 21 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "09001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-21 time=19:50:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031006209001 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Virus\" priority=Critical fw_rule_id=0 user_name=\"\" virus=\"EICAR-AV-Test\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Upload\" filename=\"/home/ftp-user/ta_test_file_1ta-cl1-46\" file_size=0 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"STOR\" src_ip=10.146.13.49 src_country_code=R1 dst_ip=10.8.142.181 dst_country_code=R1 protocol=\"TCP\" src_port=39910 dst_port=21 dstdomain=\"\" sent_bytes=0 recv_bytes=0", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "file": { + "directory": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", + "name": "/home/ftp-user/ta_test_file_1ta-cl1-46", + "size": 0 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 0, + "community_id": "1:pEAtCi2v+cfDLsHaWvO82/Ahn0k=", + "protocol": "ftp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-2df0960", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.146.13.49", + "10.8.142.181" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SF01V", + "dst_country_code": "R1", + "ftp_direction": "Upload", + "ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", + "ftpcommand": "STOR", + "log_component": "FTP", + "log_id": "031006209001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "priority": "Critical", + "src_country_code": "R1", + "virus": "EICAR-AV-Test" + } + }, + "source": { + "bytes": 0, + "ip": "10.146.13.49", + "port": 39910 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-21T19:50:48.000Z", + "destination": { + "bytes": 19926248, + "domain": "example.com", + "ip": "10.8.142.181", + "port": 21 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Allowed", + "category": [ + "network" + ], + "code": "09002", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-21 time=19:50:48 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031001609002 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=0 user_name=\"\" virus=\"\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Download\" filename=\"/home/ftp-user/ta_test_file_1ta-cl1-46\" file_size=19926248 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"RETR\" src_ip=10.146.13.49 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=39936 dst_port=21 dstdomain=\"example.com\" sent_bytes=0 recv_bytes=19926248", + "outcome": "success", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "file": { + "directory": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", + "name": "/home/ftp-user/ta_test_file_1ta-cl1-46", + "size": 19926248 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 19926248, + "community_id": "1:hUeUw/6dIhcWCOgAeWChZiMq1qA=", + "protocol": "ftp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-2df0960", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "example.com" + ], + "ip": [ + "10.146.13.49", + "10.8.142.181" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SF01V", + "ftp_direction": "Download", + "ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", + "ftpcommand": "RETR", + "log_component": "FTP", + "log_id": "031001609002", + "log_subtype": "Allowed", + "log_type": "Anti-Virus", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "10.146.13.49", + "port": 39936 + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log new file mode 100644 index 00000000000..f7866baab44 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log @@ -0,0 +1,3 @@ +device="SFW" date=2018-06-06 time=10:44:40 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=031106210001 log_type="Anti-Virus" log_component="SMTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=0 user_name="" av_policy_name="postman" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" subject="virus infected message" mailid="c0000007-1528262079" mailsize=2064 virus="EICAR-AV-Test" filename="" quarantine="" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol="TCP" src_port=56428 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=" Infected" +device="SFW" date=2018-06-06 time=10:51:29 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=036106211001 log_type="Anti-Virus" log_component="POPS" log_subtype="Virus" status="" priority=Critical fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="pankhil@postman.local" subject="EICAR" mailid="" mailsize=0 virus="EICAR-AV-Test" filename="" quarantine="" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol="TCP" src_port=56653 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" +device="SFW" date=2018-06-06 time=10:58:29 timezone="IST" device_name="SG430" device_id=S4000806149EE49 log_id=036206212001 log_type="Anti-Virus" log_component="IMAPS" log_subtype="Virus" status="" priority=Critical fw_rule_id=0 user_name="" av_policy_name="None" from_email_address="pankhil@postman.local" to_email_address="ganga@postman.local" subject="EICAR test email" mailid="<2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local>" mailsize=0 virus="EICAR-AV- Test" filename="" quarantine="" src_domainname="postman.local" dst_domainname="" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol="TCP" src_port=56632 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason="Other" \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json new file mode 100644 index 00000000000..0a852b1ad68 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-smtp.log-expected.json @@ -0,0 +1,283 @@ +{ + "expected": [ + { + "@timestamp": "2018-06-06T10:44:40.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.17.121", + "port": 25, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "10001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=10:44:40 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=031106210001 log_type=\"Anti-Virus\" log_component=\"SMTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" subject=\"virus infected message\" mailid=\"c0000007-1528262079\" mailsize=2064 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=56428 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\" Infected\"", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 0, + "community_id": "1:/s4RRYmRyH8lqMULh9n00Z6AVA8=", + "protocol": "smtp", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "av_policy_name": "postman", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "log_component": "SMTP", + "log_id": "031106210001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "mailid": "c0000007-1528262079", + "mailsize": "2064", + "priority": "Critical", + "quarantine_reason": " Infected", + "src_country_code": "R1", + "subject": "virus infected message", + "virus": "EICAR-AV-Test" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 56428, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T10:51:29.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 995, + "user": { + "email": "pankhil@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "11001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=10:51:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036106211001 log_type=\"Anti-Virus\" log_component=\"POPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" subject=\"EICAR\" mailid=\"\u003ca5c35e4b-1198-d0eb-0763-c0d5af3c817e@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56653 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 0, + "community_id": "1:miDZMZyHzg1ArtBIc4N8695JaWk=", + "protocol": "pop3s", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "log_component": "POPS", + "log_id": "036106211001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "mailid": "\u003ca5c35e4b-1198-d0eb-0763-c0d5af3c817e@postman.local\u003e", + "mailsize": "0", + "priority": "Critical", + "quarantine_reason": "Other", + "src_country_code": "R1", + "subject": "EICAR", + "virus": "EICAR-AV-Test" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 56653, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-06T10:58:29.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.234.240", + "port": 993, + "user": { + "email": "ganga@postman.local" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "12001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-06 time=10:58:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036206212001 log_type=\"Anti-Virus\" log_component=\"IMAPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" subject=\"EICAR test email\" mailid=\"\u003c2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV- Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56632 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 0, + "community_id": "1:brG0+fyFYq1h9huQh5nQ8cHjL5E=", + "protocol": "imaps", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "S4000806149EE49", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "av_policy_name": "None", + "device": "SFW", + "device_name": "SG430", + "dst_country_code": "R1", + "log_component": "IMAPS", + "log_id": "036206212001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "mailid": "\u003c2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local\u003e", + "mailsize": "0", + "priority": "Critical", + "quarantine_reason": "Other", + "src_country_code": "R1", + "subject": "EICAR test email", + "virus": "EICAR-AV- Test" + } + }, + "source": { + "bytes": 0, + "domain": "postman.local", + "ip": "10.198.16.121", + "port": 56632, + "user": { + "email": "pankhil@postman.local" + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log new file mode 100644 index 00000000000..03dcfd53926 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log @@ -0,0 +1,2 @@ +device="SFW" date=2016-12-02 time=18:48:18 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=034806208001 log_type="Anti-Virus" log_component="HTTPS" log_subtype="Virus" priority=Critical fw_rule_id=2 user_name="rich" iap=13 virus="EICAR-AV-Test" url="https://secure.eicar.org/eicar.com" domainname="secure.eicar.org" src_ip=192.168.73.220 src_country_code=R1 dst_ip=216.160.83.61 dst_country_code=DEU protocol="TCP" src_port=51499 dst_port=443 sent_bytes=0 recv_bytes=353 +device="SFW" date=2016-12-02 time=18:57:57 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=030906208001 log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" priority=Critical fw_rule_id=0 user_name="rich" iap=13 virus="Sandstorm" url="http://floater.baldrys.ca/badb.exe" domainname="floater.baldrys.ca" src_ip=192.168.73.220 src_country_code=R1 dst_ip=192.168.73.220 dst_country_code=R1 protocol="TCP" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=1594715 diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json new file mode 100644 index 00000000000..ad8b80dd24e --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-anti-virus-web.log-expected.json @@ -0,0 +1,210 @@ +{ + "expected": [ + { + "@timestamp": "2016-12-02T18:48:18.000Z", + "destination": { + "as": { + "number": 209 + }, + "bytes": 353, + "geo": { + "city_name": "Milton", + "continent_name": "North America", + "country_iso_code": "US", + "country_name": "United States", + "location": { + "lat": 47.2513, + "lon": -122.3149 + }, + "region_iso_code": "US-WA", + "region_name": "Washington" + }, + "ip": "216.160.83.61", + "port": 443 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "08001", + "kind": "alert", + "original": "device=\"SFW\" date=2016-12-02 time=18:48:18 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=034806208001 log_type=\"Anti-Virus\" log_component=\"HTTPS\" log_subtype=\"Virus\" priority=Critical fw_rule_id=2 user_name=\"rich\" iap=13 virus=\"EICAR-AV-Test\" url=\"https://secure.eicar.org/eicar.com\" domainname=\"secure.eicar.org\" src_ip=192.168.73.220 src_country_code=R1 dst_ip=216.160.83.61 dst_country_code=DEU protocol=\"TCP\" src_port=51499 dst_port=443 sent_bytes=0 recv_bytes=353", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 353, + "community_id": "1:pXQp5es2PyNVnMf24vl407J45fs=", + "protocol": "https", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "secure.eicar.org" + ], + "ip": [ + "192.168.73.220", + "216.160.83.61" + ], + "user": [ + "rich" + ] + }, + "rule": { + "id": "2" + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "dst_country_code": "DEU", + "iap": "13", + "log_component": "HTTPS", + "log_id": "034806208001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "priority": "Critical", + "src_country_code": "R1", + "virus": "EICAR-AV-Test" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 51499, + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "secure.eicar.org", + "extension": "com", + "full": "https://secure.eicar.org/eicar.com", + "original": "https://secure.eicar.org/eicar.com", + "path": "/eicar.com", + "scheme": "https" + } + }, + { + "@timestamp": "2016-12-02T18:57:57.000Z", + "destination": { + "bytes": 1594715, + "ip": "192.168.73.220", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Virus", + "category": [ + "malware", + "network" + ], + "code": "08001", + "kind": "alert", + "original": "device=\"SFW\" date=2016-12-02 time=18:57:57 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=030906208001 log_type=\"Anti-Virus\" log_component=\"HTTP\" log_subtype=\"Virus\" priority=Critical fw_rule_id=0 user_name=\"rich\" iap=13 virus=\"Sandstorm\" url=\"http://floater.baldrys.ca/badb.exe\" domainname=\"floater.baldrys.ca\" src_ip=192.168.73.220 src_country_code=R1 dst_ip=192.168.73.220 dst_country_code=R1 protocol=\"TCP\" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=1594715", + "outcome": "success", + "severity": 2, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "network": { + "bytes": 1594715, + "community_id": "1:4ao/YhRCSn5/cM88NdWtPMdl8U8=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220" + ], + "user": [ + "rich" + ] + }, + "rule": { + "id": "0" + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "dst_country_code": "R1", + "iap": "13", + "log_component": "HTTP", + "log_id": "030906208001", + "log_subtype": "Virus", + "log_type": "Anti-Virus", + "priority": "Critical", + "src_country_code": "R1", + "virus": "Sandstorm" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 54110, + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca", + "extension": "exe", + "full": "http://floater.baldrys.ca/badb.exe", + "original": "http://floater.baldrys.ca/badb.exe", + "path": "/badb.exe", + "scheme": "http" + } + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log new file mode 100644 index 00000000000..31c1ef763c4 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log @@ -0,0 +1,2 @@ +device="SFW" date=2018-06-05 time=08:49:00 timezone="BST" device_name="XG310" device_id=C30006T22TGR89B log_id=086320518009 log_type="ATP" log_component="Firewall" log_subtype="Alert" priority=Notice user_name="" protocol=" ICMP" src_port=0 dst_port=0 sourceip=10.198.32.89 destinationip=81.2.69.193 url=81.2.69.193 threatname=C2/Generic-A eventid=C7E26E6F-0097-4EA2-89DE-C31C40636CB2 eventtype="Standard" login_user="" process_user="" ep_uuid= execution_path="" +device="SFW" date=2017-01-31 time=18:44:31 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=086304418010 log_type="ATP" log_component="Firewall" log_subtype="Drop" priority=Warning user_name="gaurav" protocol="TCP" src_port=22623 dst_port=80 sourceip=10.198.47.71 destinationip=67.43.156.12 url=67.43.156.12 threatname=C2 /Generic-A eventid=C366ACFB-7A6F-4870-B359-A6CFDA8C85F7 eventtype="Standard" login_user="" process_user="" ep_uuid= execution_path="" diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json new file mode 100644 index 00000000000..5de7ecb51de --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-atp-firewall.log-expected.json @@ -0,0 +1,183 @@ +{ + "expected": [ + { + "@timestamp": "2018-06-05T08:49:00.000Z", + "destination": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193", + "port": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "alert", + "category": [ + "intrusion_detection", + "network" + ], + "code": "18009", + "id": "C7E26E6F-0097-4EA2-89DE-C31C40636CB2", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-05 time=08:49:00 timezone=\"BST\" device_name=\"XG310\" device_id=C30006T22TGR89B log_id=086320518009 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Alert\" priority=Notice user_name=\"\" protocol=\" ICMP\" src_port=0 dst_port=0 sourceip=10.198.32.89 destinationip=81.2.69.193 url=81.2.69.193 threatname=C2/Generic-A eventid=C7E26E6F-0097-4EA2-89DE-C31C40636CB2 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", + "outcome": "success", + "severity": 5, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "notification" + }, + "network": { + "transport": " icmp" + }, + "observer": { + "product": "XG", + "serial_number": "C30006T22TGR89B", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.32.89", + "81.2.69.193" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "XG310", + "eventtype": "Standard", + "log_component": "Firewall", + "log_id": "086320518009", + "log_subtype": "Alert", + "log_type": "ATP", + "priority": "Notice", + "threatname": "C2/Generic-A" + } + }, + "source": { + "ip": "10.198.32.89", + "port": 0 + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "81.2.69.193" + } + }, + { + "@timestamp": "2017-01-31T18:44:31.000Z", + "destination": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.12", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "drop", + "category": [ + "intrusion_detection", + "network" + ], + "code": "18010", + "id": "C366ACFB-7A6F-4870-B359-A6CFDA8C85F7", + "kind": "alert", + "original": "device=\"SFW\" date=2017-01-31 time=18:44:31 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=086304418010 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Drop\" priority=Warning user_name=\"gaurav\" protocol=\"TCP\" src_port=22623 dst_port=80 sourceip=10.198.47.71 destinationip=67.43.156.12 url=67.43.156.12 threatname=C2 /Generic-A eventid=C366ACFB-7A6F-4870-B359-A6CFDA8C85F7 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", + "outcome": "success", + "severity": 4, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "community_id": "1:nB9nte3WRkewayDVwPW2FGsg5L0=", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.47.71", + "67.43.156.12" + ], + "user": [ + "gaurav" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "CR750iNG-XP", + "eventtype": "Standard", + "log_component": "Firewall", + "log_id": "086304418010", + "log_subtype": "Drop", + "log_type": "ATP", + "priority": "Warning", + "threatname": "C2 /Generic-A" + } + }, + "source": { + "ip": "10.198.47.71", + "port": 22623, + "user": { + "name": "gaurav" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "original": "67.43.156.12" + } + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log new file mode 100644 index 00000000000..b081decbe66 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log @@ -0,0 +1,3 @@ +device="SFW" date=2017-01-31 time=18:13:38 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=062910617701 log_type="Event" log_component="Firewall Authentication" log_subtype="Authentication" status="Successful" priority=Information user_name="gaurav" usergroupname="Open Group" auth_client="Web Client" auth_mechanism="Local" reason="" src_ip=10.198.47.71 message="User gaurav of group Open Group logged in successfully to Firewall through Local authentication mechanism from 10.198.47.71" name="gaurav" src_mac= +device="SFW" date=2017-03-15 time=14:33:37 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=063010617707 log_type="Event" log_component="VPN Authentication" log_subtype="Authentication" status="Successful" priority=Information user_name="gaurav" usergroupname="" auth_client="N/A" auth_mechanism="Local" reason="" src_ip=10.198.233.49 message="User gaurav logged in successfully to L2TP through Local authentication mechanism" name="" src_mac= +device="SFW" date=2017-03-15 time=17:23:00 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024-P29PUA log_id=063110617710 log_type="Event" log_component="SSL VPN Authentication" log_subtype="Authentication" status="Successful" priority=Information user_name="gaurav" usergroupname="" auth_client="N/A" auth_mechanism="Local" reason="" src_ip=10.198.233.49 message="User gaurav authenticated successfully to login to SSLVPN through Local authentication mechanism" name="" src_mac= \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json new file mode 100644 index 00000000000..3c18e225bb6 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-authentication.log-expected.json @@ -0,0 +1,215 @@ +{ + "expected": [ + { + "@timestamp": "2017-01-31T18:13:38.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "authentication" + ], + "code": "17701", + "kind": "event", + "original": "device=\"SFW\" date=2017-01-31 time=18:13:38 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=062910617701 log_type=\"Event\" log_component=\"Firewall Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"gaurav\" usergroupname=\"Open Group\" auth_client=\"Web Client\" auth_mechanism=\"Local\" reason=\"\" src_ip=10.198.47.71 message=\"User gaurav of group Open Group logged in successfully to Firewall through Local authentication mechanism from 10.198.47.71\" name=\"gaurav\" src_mac=", + "outcome": "success", + "severity": 6, + "type": [ + "user", + "start" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "message": "User gaurav of group Open Group logged in successfully to Firewall through Local authentication mechanism from 10.198.47.71", + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.47.71" + ], + "user": [ + "gaurav" + ] + }, + "sophos": { + "xg": { + "auth_client": "Web Client", + "auth_mechanism": "Local", + "device": "SFW", + "device_name": "CR750iNG-XP", + "log_component": "Firewall Authentication", + "log_id": "062910617701", + "log_subtype": "Authentication", + "log_type": "Event", + "priority": "Information", + "status": "Successful" + } + }, + "source": { + "ip": "10.198.47.71", + "user": { + "group": { + "name": "Open Group" + }, + "name": "gaurav" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "gaurav" + } + }, + { + "@timestamp": "2017-03-15T14:33:37.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "authentication" + ], + "code": "17707", + "kind": "event", + "original": "device=\"SFW\" date=2017-03-15 time=14:33:37 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=063010617707 log_type=\"Event\" log_component=\"VPN Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"gaurav\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"\" src_ip=10.198.233.49 message=\"User gaurav logged in successfully to L2TP through Local authentication mechanism\" name=\"\" src_mac=", + "outcome": "success", + "severity": 6, + "type": [ + "user", + "start" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "message": "User gaurav logged in successfully to L2TP through Local authentication mechanism", + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.233.49" + ], + "user": [ + "gaurav" + ] + }, + "sophos": { + "xg": { + "auth_mechanism": "Local", + "device": "SFW", + "device_name": "CR750iNG-XP", + "log_component": "VPN Authentication", + "log_id": "063010617707", + "log_subtype": "Authentication", + "log_type": "Event", + "priority": "Information", + "status": "Successful" + } + }, + "source": { + "ip": "10.198.233.49", + "user": { + "name": "gaurav" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "gaurav" + } + }, + { + "@timestamp": "2017-03-15T17:23:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "authentication" + ], + "code": "17710", + "kind": "event", + "original": "device=\"SFW\" date=2017-03-15 time=17:23:00 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=063110617710 log_type=\"Event\" log_component=\"SSL VPN Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"gaurav\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"\" src_ip=10.198.233.49 message=\"User gaurav authenticated successfully to login to SSLVPN through Local authentication mechanism\" name=\"\" src_mac=", + "outcome": "success", + "severity": 6, + "type": [ + "user", + "start" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "message": "User gaurav authenticated successfully to login to SSLVPN through Local authentication mechanism", + "observer": { + "product": "XG", + "serial_number": "C44313350024-P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.233.49" + ], + "user": [ + "gaurav" + ] + }, + "sophos": { + "xg": { + "auth_mechanism": "Local", + "device": "SFW", + "device_name": "CR750iNG-XP", + "log_component": "SSL VPN Authentication", + "log_id": "063110617710", + "log_subtype": "Authentication", + "log_type": "Event", + "priority": "Information", + "status": "Successful" + } + }, + "source": { + "ip": "10.198.233.49", + "user": { + "name": "gaurav" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "gaurav" + } + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log new file mode 100644 index 00000000000..3944da28a60 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log @@ -0,0 +1,8 @@ +device="SFW" date=2016-12-02 time=18:27:03 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="None" category_type="" url="http://floater.baldrys.ca/adsenum.exe" contenttype="application/octet-stream" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.13 protocol="TCP" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=15940 domain=floater.baldrys.ca exceptions= activityname="" reason="cached clean" +device="SFW" date=2016-12-02 time=18:35:51 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=0 user_name="rich" user_gp="" iap=13 category="None" category_type="" url="http://floater.baldrys.ca/usemem.exe" contenttype="application/octet-stream" override_token="" src_ip=192.168.73.220 dst_ip=192.168.73.220 protocol="TCP" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=321677 domain=floater.baldrys.ca exceptions= activityname="" reason=" cloud clean" +device="SFW" date=2016-12-02 time=19:21:41 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="Information Technology" category_type=" Acceptable" url="https://the.earth.li/~sgtatham/putty/0.67/x86/putty.exe" contenttype="application/x-msdos-program" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.12 protocol="TCP" src_port=51570 dst_port=443 sent_bytes=0 recv_bytes=531659 domain=the.earth.li exceptions= activityname="" reason="eligible" +device="SFW" date=2016-12-02 time=19:21:59 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="General Business" category_type=" Acceptable" url="http://ads.adaptv.advertising.com/a/h/WWEVd91PNug3Es_Gwp40Tnr0FIh9nkWQ?cb=1481065476497&pet=preroll&pageUrl=http%3A%2F%2Fbbc.com%2F&eov=eov&a.cluster=0&a.pvt=0&width=300&height=250&a.sdk=adaptv&a.sdkType=js&a.d.pageUrl=http%3A%2F%2Fwww.bbc.com%2Fsport&referrerUrl=http%3A%2F%2Fwww.bbc.com%2Fearth%2Fworld&depth=0&p.vw.active=-1&p.vw.area=-1&p.vw.domId=-1&p.vw.framerate=-1&p.vw.geometric=-1&p.vw.pHeight=0&p.vw.psize=-1&p.vw.pWidth=0&p.vw.viewable=-1&p.vw.viewableOpportunity=-1" contenttype="text/xml" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.14 protocol="TCP" src_port=56477 dst_port=80 sent_bytes=0 recv_bytes=3672 domain=ads.adaptv.advertising.com exceptions= activityname="" reason="not eligible" +device="SFW" date=2016-12-02 time=18:26:43 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050902616002 log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="None" category_type="" url="http://floater.baldrys.ca/badb.exe" contenttype="application/octet-stream" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.13 protocol="TCP" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=1594715 domain=floater.baldrys.ca exceptions= activityname="" reason="pending" +device="SFW" date=2016-12-02 time=19:30:33 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050902616002 log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=14 category="Financial Services" category_type="Unproductive" url="https://www.vancity.com/" contenttype="" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.15 protocol="TCP" src_port=60444 dst_port=443 sent_bytes=0 recv_bytes=0 domain=www.vancity.com exceptions= activityname=" Finance & Investing" reason="" +device="SFW" date=2016-12-02 time=18:50:20 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050927616005 log_type="Content Filtering" log_component="HTTP" log_subtype="Warned" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="Search Engines" category_type="Acceptable" url="http://www.google.com/" contenttype="" override_token="" src_ip=192.168.73.220 dst_ip=67.43.156.15 protocol="TCP" src_port=37832 dst_port=80 sent_bytes=0 recv_bytes=0 domain=www.google.com exceptions= activityname="Search" reason="" +device="SFW" date=2016-12-02 time=18:50:22 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=050901616006 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=2 user_name="rich" user_gp="Clientless Open Group" iap=13 category="Search Engines" category_type="Acceptable" url="http://www.google.ca/?gfe_rd=cr&ei=ojxHWP3WC4WN8QeRioDABw" contenttype="text/html" override_token="" src_ip=192.168.73.220 dst_ip=81.2.69.144 protocol="TCP" src_port=46322 dst_port=80 sent_bytes=0 recv_bytes=619 domain=www. google.ca exceptions= activityname="Search" reason="not eligible" \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json new file mode 100644 index 00000000000..a5528a02e42 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-http.log-expected.json @@ -0,0 +1,850 @@ +{ + "expected": [ + { + "@timestamp": "2016-12-02T18:27:03.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 15940, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "16001", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:27:03 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"None\" category_type=\"\" url=\"http://floater.baldrys.ca/adsenum.exe\" contenttype=\"application/octet-stream\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.13 protocol=\"TCP\" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=15940 domain=floater.baldrys.ca exceptions= activityname=\"\" reason=\"cached clean\"", + "outcome": "success", + "reason": "cached clean", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 15940, + "community_id": "1:A533V8KpijZTUOuXt+PhEWpnluA=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220", + "67.43.156.13" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "category": "None", + "contenttype": "application/octet-stream", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050901616001", + "log_subtype": "Allowed", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 54110, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca", + "extension": "exe", + "full": "http://floater.baldrys.ca/adsenum.exe", + "original": "http://floater.baldrys.ca/adsenum.exe", + "path": "/adsenum.exe", + "scheme": "http" + } + }, + { + "@timestamp": "2016-12-02T18:35:51.000Z", + "destination": { + "bytes": 321677, + "ip": "192.168.73.220", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "16001", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:35:51 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=0 user_name=\"rich\" user_gp=\"\" iap=13 category=\"None\" category_type=\"\" url=\"http://floater.baldrys.ca/usemem.exe\" contenttype=\"application/octet-stream\" override_token=\"\" src_ip=192.168.73.220 dst_ip=192.168.73.220 protocol=\"TCP\" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=321677 domain=floater.baldrys.ca exceptions= activityname=\"\" reason=\" cloud clean\"", + "outcome": "success", + "reason": " cloud clean", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 321677, + "community_id": "1:4ao/YhRCSn5/cM88NdWtPMdl8U8=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "category": "None", + "contenttype": "application/octet-stream", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "0", + "iap": "13", + "log_component": "HTTP", + "log_id": "050901616001", + "log_subtype": "Allowed", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 54110, + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca", + "extension": "exe", + "full": "http://floater.baldrys.ca/usemem.exe", + "original": "http://floater.baldrys.ca/usemem.exe", + "path": "/usemem.exe", + "scheme": "http" + } + }, + { + "@timestamp": "2016-12-02T19:21:41.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 531659, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.12", + "port": 443 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "16001", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=19:21:41 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Information Technology\" category_type=\" Acceptable\" url=\"https://the.earth.li/~sgtatham/putty/0.67/x86/putty.exe\" contenttype=\"application/x-msdos-program\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.12 protocol=\"TCP\" src_port=51570 dst_port=443 sent_bytes=0 recv_bytes=531659 domain=the.earth.li exceptions= activityname=\"\" reason=\"eligible\"", + "outcome": "success", + "reason": "eligible", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 531659, + "community_id": "1:Rx2NAbhO+cUNx7MOYl+KZ/KqxR8=", + "protocol": "https", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "the.earth.li" + ], + "ip": [ + "192.168.73.220", + "67.43.156.12" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "category": "Information Technology", + "category_type": " Acceptable", + "contenttype": "application/x-msdos-program", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050901616001", + "log_subtype": "Allowed", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 51570, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "the.earth.li", + "extension": "exe", + "full": "https://the.earth.li/~sgtatham/putty/0.67/x86/putty.exe", + "original": "https://the.earth.li/~sgtatham/putty/0.67/x86/putty.exe", + "path": "/~sgtatham/putty/0.67/x86/putty.exe", + "scheme": "https" + } + }, + { + "@timestamp": "2016-12-02T19:21:59.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 3672, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "16001", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=19:21:59 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"General Business\" category_type=\" Acceptable\" url=\"http://ads.adaptv.advertising.com/a/h/WWEVd91PNug3Es_Gwp40Tnr0FIh9nkWQ?cb=1481065476497\u0026pet=preroll\u0026pageUrl=http%3A%2F%2Fbbc.com%2F\u0026eov=eov\u0026a.cluster=0\u0026a.pvt=0\u0026width=300\u0026height=250\u0026a.sdk=adaptv\u0026a.sdkType=js\u0026a.d.pageUrl=http%3A%2F%2Fwww.bbc.com%2Fsport\u0026referrerUrl=http%3A%2F%2Fwww.bbc.com%2Fearth%2Fworld\u0026depth=0\u0026p.vw.active=-1\u0026p.vw.area=-1\u0026p.vw.domId=-1\u0026p.vw.framerate=-1\u0026p.vw.geometric=-1\u0026p.vw.pHeight=0\u0026p.vw.psize=-1\u0026p.vw.pWidth=0\u0026p.vw.viewable=-1\u0026p.vw.viewableOpportunity=-1\" contenttype=\"text/xml\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.14 protocol=\"TCP\" src_port=56477 dst_port=80 sent_bytes=0 recv_bytes=3672 domain=ads.adaptv.advertising.com exceptions= activityname=\"\" reason=\"not eligible\"", + "outcome": "success", + "reason": "not eligible", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 3672, + "community_id": "1:0QC4IPLl7ucQNCsWUyc5nb6AHMM=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "ads.adaptv.advertising.com" + ], + "ip": [ + "192.168.73.220", + "67.43.156.14" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "category": "General Business", + "category_type": " Acceptable", + "contenttype": "text/xml", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050901616001", + "log_subtype": "Allowed", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 56477, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "ads.adaptv.advertising.com", + "full": "http://ads.adaptv.advertising.com/a/h/WWEVd91PNug3Es_Gwp40Tnr0FIh9nkWQ?cb=1481065476497\u0026pet=preroll\u0026pageUrl=http%3A%2F%2Fbbc.com%2F\u0026eov=eov\u0026a.cluster=0\u0026a.pvt=0\u0026width=300\u0026height=250\u0026a.sdk=adaptv\u0026a.sdkType=js\u0026a.d.pageUrl=http%3A%2F%2Fwww.bbc.com%2Fsport\u0026referrerUrl=http%3A%2F%2Fwww.bbc.com%2Fearth%2Fworld\u0026depth=0\u0026p.vw.active=-1\u0026p.vw.area=-1\u0026p.vw.domId=-1\u0026p.vw.framerate=-1\u0026p.vw.geometric=-1\u0026p.vw.pHeight=0\u0026p.vw.psize=-1\u0026p.vw.pWidth=0\u0026p.vw.viewable=-1\u0026p.vw.viewableOpportunity=-1", + "original": "http://ads.adaptv.advertising.com/a/h/WWEVd91PNug3Es_Gwp40Tnr0FIh9nkWQ?cb=1481065476497\u0026pet=preroll\u0026pageUrl=http%3A%2F%2Fbbc.com%2F\u0026eov=eov\u0026a.cluster=0\u0026a.pvt=0\u0026width=300\u0026height=250\u0026a.sdk=adaptv\u0026a.sdkType=js\u0026a.d.pageUrl=http%3A%2F%2Fwww.bbc.com%2Fsport\u0026referrerUrl=http%3A%2F%2Fwww.bbc.com%2Fearth%2Fworld\u0026depth=0\u0026p.vw.active=-1\u0026p.vw.area=-1\u0026p.vw.domId=-1\u0026p.vw.framerate=-1\u0026p.vw.geometric=-1\u0026p.vw.pHeight=0\u0026p.vw.psize=-1\u0026p.vw.pWidth=0\u0026p.vw.viewable=-1\u0026p.vw.viewableOpportunity=-1", + "path": "/a/h/WWEVd91PNug3Es_Gwp40Tnr0FIh9nkWQ", + "query": "cb=1481065476497\u0026pet=preroll\u0026pageUrl=http://bbc.com/\u0026eov=eov\u0026a.cluster=0\u0026a.pvt=0\u0026width=300\u0026height=250\u0026a.sdk=adaptv\u0026a.sdkType=js\u0026a.d.pageUrl=http://www.bbc.com/sport\u0026referrerUrl=http://www.bbc.com/earth/world\u0026depth=0\u0026p.vw.active=-1\u0026p.vw.area=-1\u0026p.vw.domId=-1\u0026p.vw.framerate=-1\u0026p.vw.geometric=-1\u0026p.vw.pHeight=0\u0026p.vw.psize=-1\u0026p.vw.pWidth=0\u0026p.vw.viewable=-1\u0026p.vw.viewableOpportunity=-1", + "scheme": "http" + } + }, + { + "@timestamp": "2016-12-02T18:26:43.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 1594715, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "malware", + "network" + ], + "code": "16002", + "kind": "alert", + "original": "device=\"SFW\" date=2016-12-02 time=18:26:43 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"None\" category_type=\"\" url=\"http://floater.baldrys.ca/badb.exe\" contenttype=\"application/octet-stream\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.13 protocol=\"TCP\" src_port=54110 dst_port=80 sent_bytes=0 recv_bytes=1594715 domain=floater.baldrys.ca exceptions= activityname=\"\" reason=\"pending\"", + "outcome": "success", + "reason": "pending", + "severity": 6, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 1594715, + "community_id": "1:A533V8KpijZTUOuXt+PhEWpnluA=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220", + "67.43.156.13" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "category": "None", + "contenttype": "application/octet-stream", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050902616002", + "log_subtype": "Denied", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 54110, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca", + "extension": "exe", + "full": "http://floater.baldrys.ca/badb.exe", + "original": "http://floater.baldrys.ca/badb.exe", + "path": "/badb.exe", + "scheme": "http" + } + }, + { + "@timestamp": "2016-12-02T19:30:33.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 0, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15", + "port": 443 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "malware", + "network" + ], + "code": "16002", + "kind": "alert", + "original": "device=\"SFW\" date=2016-12-02 time=19:30:33 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=14 category=\"Financial Services\" category_type=\"Unproductive\" url=\"https://www.vancity.com/\" contenttype=\"\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.15 protocol=\"TCP\" src_port=60444 dst_port=443 sent_bytes=0 recv_bytes=0 domain=www.vancity.com exceptions= activityname=\" Finance \u0026 Investing\" reason=\"\"", + "outcome": "success", + "severity": 6, + "type": [ + "info", + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:t+d8o1s7+zccNjNhSJFb7vVZtvU=", + "protocol": "https", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "www.vancity.com" + ], + "ip": [ + "192.168.73.220", + "67.43.156.15" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "activityname": " Finance \u0026 Investing", + "category": "Financial Services", + "category_type": "Unproductive", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "14", + "log_component": "HTTP", + "log_id": "050902616002", + "log_subtype": "Denied", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 60444, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.vancity.com", + "full": "https://www.vancity.com/", + "original": "https://www.vancity.com/", + "path": "/", + "scheme": "https" + } + }, + { + "@timestamp": "2016-12-02T18:50:20.000Z", + "destination": { + "as": { + "number": 35908 + }, + "bytes": 0, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "warned", + "category": [ + "network" + ], + "code": "16005", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:50:20 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050927616005 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Warned\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.com/\" contenttype=\"\" override_token=\"\" src_ip=192.168.73.220 dst_ip=67.43.156.15 protocol=\"TCP\" src_port=37832 dst_port=80 sent_bytes=0 recv_bytes=0 domain=www.google.com exceptions= activityname=\"Search\" reason=\"\"", + "outcome": "success", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:zyuvJIqDyUnbsrn8426RPB8ZUn4=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "www.google.com" + ], + "ip": [ + "192.168.73.220", + "67.43.156.15" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "activityname": "Search", + "category": "Search Engines", + "category_type": "Acceptable", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050927616005", + "log_subtype": "Warned", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 37832, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.google.com", + "full": "http://www.google.com/", + "original": "http://www.google.com/", + "path": "/", + "scheme": "http" + } + }, + { + "@timestamp": "2016-12-02T18:50:22.000Z", + "destination": { + "bytes": 619, + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.144", + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "16006", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:50:22 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616006 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.ca/?gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw\" contenttype=\"text/html\" override_token=\"\" src_ip=192.168.73.220 dst_ip=81.2.69.144 protocol=\"TCP\" src_port=46322 dst_port=80 sent_bytes=0 recv_bytes=619 domain=www. google.ca exceptions= activityname=\"Search\" reason=\"not eligible\"", + "outcome": "success", + "reason": "not eligible", + "severity": 6, + "type": [ + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 619, + "community_id": "1:uVZcGVWwRzhh9dvIsXBbFt+6jCM=", + "protocol": "http", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "www.google.ca" + ], + "ip": [ + "192.168.73.220", + "81.2.69.144" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "activityname": "Search", + "category": "Search Engines", + "category_type": "Acceptable", + "contenttype": "text/html", + "device": "SFW", + "device_name": "SFVUNL", + "fw_rule_id": "2", + "iap": "13", + "log_component": "HTTP", + "log_id": "050901616006", + "log_subtype": "Allowed", + "log_type": "Content Filtering", + "priority": "Information" + } + }, + "source": { + "bytes": 0, + "ip": "192.168.73.220", + "port": 46322, + "user": { + "group": { + "name": "Clientless Open Group" + }, + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.google.ca", + "full": "http://www.google.ca/?gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw", + "original": "http://www.google.ca/?gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw", + "path": "/", + "query": "gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw", + "scheme": "http" + } + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log new file mode 100644 index 00000000000..c8fd3ff7692 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log @@ -0,0 +1 @@ +device_name="SF01V" device_id=SFDemo-c45b327 log_id=058420116010 log_type="Content Filtering" log_component="Web Content Policy" log_subtype="Alert" user="gi123456" src_ip=10.108.108.49 transaction_id="e4a127f7-a850-477c-920e-a471b38727c1" dictionary_name="complicated_Custom" site_category=Information Technology website="ta-web-static-testing.qa.astaro.de" direction="in" action="Deny" file_name="cgi_echo.pl" context_match="Not" context_prefix="blah blah hello " context_suffix=" hello blah " \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json new file mode 100644 index 00000000000..9a5ace69cba --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-content-filtering-web-content-policy.log-expected.json @@ -0,0 +1,66 @@ +{ + "expected": [ + { + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "alert", + "category": [ + "network" + ], + "code": "16010", + "kind": "event", + "original": "device_name=\"SF01V\" device_id=SFDemo-c45b327 log_id=058420116010 log_type=\"Content Filtering\" log_component=\"Web Content Policy\" log_subtype=\"Alert\" user=\"gi123456\" src_ip=10.108.108.49 transaction_id=\"e4a127f7-a850-477c-920e-a471b38727c1\" dictionary_name=\"complicated_Custom\" site_category=Information Technology website=\"ta-web-static-testing.qa.astaro.de\" direction=\"in\" action=\"Deny\" file_name=\"cgi_echo.pl\" context_match=\"Not\" context_prefix=\"blah blah hello \" context_suffix=\" hello blah \"", + "outcome": "success", + "severity": 1 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "alert" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-c45b327", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.108.108.49" + ] + }, + "sophos": { + "xg": { + "action": "Deny", + "context_match": "Not", + "context_prefix": "blah blah hello ", + "context_suffix": " hello blah ", + "device_name": "SF01V", + "dictionary_name": "complicated_Custom", + "direction": "in", + "file_name": "cgi_echo.pl", + "log_component": "Web Content Policy", + "log_id": "058420116010", + "log_subtype": "Alert", + "log_type": "Content Filtering", + "site_category": "Information Technology", + "transaction_id": "e4a127f7-a850-477c-920e-a471b38727c1", + "user": "gi123456", + "website": "ta-web-static-testing.qa.astaro.de" + } + }, + "source": { + "ip": "10.108.108.49" + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log new file mode 100644 index 00000000000..046e7038bfb --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log @@ -0,0 +1,16 @@ +device="SFW" date=2017-01-31 time=14:16:19 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024- P29PUA log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=30 fw_rule_id=2 policy_type=2 user_name="gaurav" user_gp="Open Group" iap=1 ips_policy_id=0 appfilter_policy_id=1 application="Youtube Video Streaming" application_risk=3 application_technology="Browser Based" application_category="Streaming Media" in_interface="PortA" out_interface="PortB" src_mac=00:00:00:00:00:00 src_ip=10.198.47.71 src_country_code=R1 dst_ip=81.2.69.143 dst_country_code=USA protocol="UDP" src_port=59859 dst_port=53 sent_pkts=1 recv_pkts=1 sent_bytes=77 recv_bytes=105 tran_src_ip=81.2.69.144 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Stop" connid="185246656" vconnid="" hb_health="No Heartbeat" +device="SFW" date=2018-05-30 time=13:14:26 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010102600002 log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name="" user_gp="" iap=2 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port1" out_interface="Port2.531" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol="ICMP" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature +device="SFW" date=2018-06-01 time=10:55:41 timezone="BST" device_name="XG310" device_id=SFDemo-9a04c43 log_id=016602600003 log_type="Firewall" log_component="Heartbeat" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name="" user_gp="" iap=2 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port3.611" out_interface="" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol="ICMP" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="Red" message="" appresolvedby="Signature" app_is_cloud=0 +device="SFW" date=2018-05-30 time=17:55:09 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=018202500004 log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Denied" status="Deny" priority=Notice duration=0 fw_rule_id=1 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port2.531" out_interface="" src_mac=00:1a:8c:50:6a:8c src_ip=216.160.83.61 src_country_code= dst_ip=10.198.232.48 dst_country_code= protocol="ICMP" icmp_type=11 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="1084482152" vconnid="" hb_health=" No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-05-30 time=18:03:43 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=018201500005 log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" status="Allow" priority=Notice duration=0 fw_rule_id=1 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port2.531" out_interface="" src_mac=00:1a:8c:50:6a:8c src_ip=172.29.250.33 src_country_code= dst_ip=10.198.232.48 dst_country_code= protocol="ICMP" icmp_type=11 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connevent="Interim" connid="14310965" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-06-01 time=10:57:55 timezone="BST" device_name="XG310" device_id=SFDemo-9a04c43 log_id=016602600006 log_type="Firewall" log_component="Heartbeat" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name="" user_gp="" iap=2 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port3.611" out_interface="" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=10.198.32.19 dst_country_code= protocol="ICMP" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="Red" message="" appresolvedby="Signature" app_is_cloud=0 +device="SFW" date=2018-05-30 time=13:26:37 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010202601001 log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="" out_interface="" src_mac= src_ip=10.198.32.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol="UDP" src_port=1353 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="Invalid UDP destination." appresolvedby="Signature" +device="SFW" date=2018-06-04 time=17:20:24 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=011402601301 log_type="Firewall" log_component="Fragmented Traffic" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="" out_interface="" src_mac= src_ip=0.0.0.0 src_country_code= dst_ip=0.0.0.0 dst_country_code= protocol="0" src_port=0 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-05-30 time=14:01:32 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010302602002 log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=2 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port2.611" out_interface="" src_mac=c8:5b:76:ab:72:d3 src_ip=10.198.38.184 src_country_code= dst_ip=10.198.39.255 dst_country_code= protocol="UDP" src_port=137 dst_port=137 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-05-30 time=14:17:17 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010402403001 log_type="Firewall" log_component="DoS Attack" log_subtype="Denied" status="Deny" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port1" out_interface="" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=10.198.32.48 dst_country_code= protocol="TCP" src_port=41960 dst_port=22 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-06-05 time=14:30:31 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010502604001 log_type="Firewall" log_component="ICMP Redirection" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="" out_interface="" src_mac= src_ip=10.198.37.23 src_country_code= dst_ip=10.198.36.48 dst_country_code= protocol="ICMP" icmp_type=5 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby=" Signature" +device="SFW" date=2018-05-31 time=17:05:14 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=010602605001 log_type="Firewall" log_component="Source Routed" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="" out_interface="" src_mac= src_ip=10.198.12.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol="TCP" src_port=1571 dst_port=80 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby=" Signature" +device="SFW" date=2018-05-30 time=15:09:51 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=011702605051 log_type="Firewall" log_component="MAC Filter" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port2.531" out_interface="" src_mac=1e:3a:5a:5b:23:ab src_ip=fe80::59f5:3ce8:c98e:5062 src_country_code= dst_ip=ff02::1:2 dst_country_code= protocol="UDP" src_port=546 dst_port=547 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-05-30 time=15:12:45 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=011802605101 log_type="Firewall" log_component="IPMAC Filter" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port1" out_interface="" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.15 src_country_code= dst_ip=216.160.83.57 dst_country_code= protocol="ICMP" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" +device="SFW" date=2018-05-30 time=14:04:25 timezone="IST" device_name="XG125w" device_id=SFDemo-763180a log_id=011902605151 log_type="Firewall" log_component="IP Spoof" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="" out_interface="" src_mac= src_ip=169.254.234.5 src_country_code= dst_ip=127.0.0.1 dst_country_code= protocol="ICMP" icmp_type=0 icmp_code=0 +device="SFW" date=2020-06-05 time=03:45:23 timezone="CEST" device_name="SF01V" device_id=SFDemo-ta-vm-55 log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=0 fw_rule_id=5 nat_rule_id=2 policy_type=1 user_name="" user_gp="" iap=13 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" vlan_id="" ether_type=Unknown (0x0000) bridge_name="" bridge_display_name="" in_interface="Port2" in_display_interface="Port2" out_interface="Port1" out_display_interface="Port1" src_mac=00:50:56:99:51:94 dst_mac=00:50:56:99:3D:AC src_ip=10.146.13.30 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol="TCP" src_port=45294 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=10.8.13.110 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=" LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Start" connid="2674291981" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0 log_occurrence=1 \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json new file mode 100644 index 00000000000..cdaae1bdb66 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-firewall.log-expected.json @@ -0,0 +1,1704 @@ +{ + "expected": [ + { + "@timestamp": "2017-01-31T14:16:19.000Z", + "destination": { + "bytes": 105, + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143", + "nat": { + "port": 0 + }, + "packets": 1, + "port": 53 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "00001", + "duration": 30000000000, + "end": "2017-01-31T14:16:49.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2017-01-31 time=14:16:19 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024- P29PUA log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=30 fw_rule_id=2 policy_type=2 user_name=\"gaurav\" user_gp=\"Open Group\" iap=1 ips_policy_id=0 appfilter_policy_id=1 application=\"Youtube Video Streaming\" application_risk=3 application_technology=\"Browser Based\" application_category=\"Streaming Media\" in_interface=\"PortA\" out_interface=\"PortB\" src_mac=00:00:00:00:00:00 src_ip=10.198.47.71 src_country_code=R1 dst_ip=81.2.69.143 dst_country_code=USA protocol=\"UDP\" src_port=59859 dst_port=53 sent_pkts=1 recv_pkts=1 sent_bytes=77 recv_bytes=105 tran_src_ip=81.2.69.144 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Stop\" connid=\"185246656\" vconnid=\"\" hb_health=\"No Heartbeat\"", + "outcome": "success", + "severity": 6, + "start": "2017-01-31T14:16:19.000Z", + "type": [ + "end", + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 182, + "community_id": "1:lYJim7EEUckhyqriZSUn2kEcAwY=", + "direction": "outbound", + "packets": 2, + "protocol": "youtube video streaming", + "transport": "udp" + }, + "observer": { + "egress": { + "interface": { + "name": "PortB" + }, + "zone": "WAN" + }, + "ingress": { + "interface": { + "name": "PortA" + }, + "zone": "LAN" + }, + "product": "XG", + "serial_number": "C44313350024- P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.47.71", + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "gaurav" + ] + }, + "rule": { + "id": "2", + "ruleset": "2" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "1", + "application_category": "Streaming Media", + "application_risk": "3", + "application_technology": "Browser Based", + "connevent": "Stop", + "connid": "185246656", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "USA", + "dst_zone_type": "WAN", + "hb_health": "No Heartbeat", + "iap": "1", + "ips_policy_id": "0", + "log_component": "Firewall Rule", + "log_id": "010101600001", + "log_subtype": "Allowed", + "log_type": "Firewall", + "priority": "Information", + "src_country_code": "R1", + "src_zone_type": "LAN", + "status": "Allow" + } + }, + "source": { + "bytes": 77, + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "10.198.47.71", + "mac": "00-00-00-00-00-00", + "nat": { + "ip": "81.2.69.144", + "port": 0 + }, + "packets": 1, + "port": 59859, + "user": { + "group": { + "name": "Open Group" + }, + "name": "gaurav" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T13:14:26.000Z", + "destination": { + "as": { + "number": 1221, + "organization": { + "name": "Telstra Pty Ltd" + } + }, + "bytes": 0, + "ip": "1.128.3.4", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "00002", + "duration": 0, + "end": "2018-05-30T13:14:26.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=13:14:26 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2.531\" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T13:14:26.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:dx7kJlo3wECJdR37qq2A64L5Iuo=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "egress": { + "interface": { + "name": "Port2.531" + } + }, + "ingress": { + "interface": { + "name": "Port1" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.32.19", + "1.128.3.4" + ] + }, + "rule": { + "id": "1", + "ruleset": "1" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "2", + "icmp_code": "0", + "icmp_type": "8", + "ips_policy_id": "0", + "log_component": "Firewall Rule", + "log_id": "010102600002", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.32.19", + "mac": "B8-97-5A-5B-0F-FD", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-01T10:55:41.000Z", + "destination": { + "bytes": 0, + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "intrusion_detection", + "network" + ], + "code": "00003", + "duration": 0, + "end": "2018-06-01T10:55:41.000Z", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-01 time=10:55:41 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600003 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "outcome": "success", + "severity": 6, + "start": "2018-06-01T10:55:41.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:Sor11fKmsq4B9ppdtSRcf8VuJ2A=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port3.611" + } + }, + "product": "XG", + "serial_number": "SFDemo-9a04c43", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.37.57", + "175.16.199.1" + ] + }, + "rule": { + "id": "16", + "ruleset": "1" + }, + "sophos": { + "xg": { + "app_is_cloud": "0", + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG310", + "hb_health": "Red", + "iap": "2", + "icmp_code": "0", + "icmp_type": "8", + "ips_policy_id": "0", + "log_component": "Heartbeat", + "log_id": "016602600003", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.37.57", + "mac": "08-00-27-4C-49-E3", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T17:55:09.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.232.48", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "intrusion_detection", + "network" + ], + "code": "00004", + "duration": 0, + "end": "2018-05-30T17:55:09.000Z", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-30 time=17:55:09 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=018202500004 log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Denied\" status=\"Deny\" priority=Notice duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.531\" out_interface=\"\" src_mac=00:1a:8c:50:6a:8c src_ip=216.160.83.61 src_country_code= dst_ip=10.198.232.48 dst_country_code= protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"1084482152\" vconnid=\"\" hb_health=\" No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 5, + "start": "2018-05-30T17:55:09.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "notification" + }, + "network": { + "bytes": 0, + "community_id": "1:qJ07DCea4ghp9BOH8VwBZhcsIos=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port2.531" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "216.160.83.61", + "10.198.232.48" + ] + }, + "rule": { + "id": "1", + "ruleset": "1" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "connid": "1084482152", + "device": "SFW", + "device_name": "XG125w", + "hb_health": " No Heartbeat", + "iap": "0", + "icmp_code": "0", + "icmp_type": "11", + "ips_policy_id": "0", + "log_component": "ICMP ERROR MESSAGE", + "log_id": "018202500004", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Notice", + "status": "Deny" + } + }, + "source": { + "as": { + "number": 209 + }, + "bytes": 0, + "geo": { + "city_name": "Milton", + "continent_name": "North America", + "country_iso_code": "US", + "country_name": "United States", + "location": { + "lat": 47.2513, + "lon": -122.3149 + }, + "region_iso_code": "US-WA", + "region_name": "Washington" + }, + "ip": "216.160.83.61", + "mac": "00-1A-8C-50-6A-8C", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T18:03:43.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.232.48", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "00005", + "duration": 0, + "end": "2018-05-30T18:03:43.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=18:03:43 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=018201500005 log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" status=\"Allow\" priority=Notice duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.531\" out_interface=\"\" src_mac=00:1a:8c:50:6a:8c src_ip=172.29.250.33 src_country_code= dst_ip=10.198.232.48 dst_country_code= protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\" connid=\"14310965\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 5, + "start": "2018-05-30T18:03:43.000Z", + "type": [ + "start", + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "notification" + }, + "network": { + "bytes": 0, + "community_id": "1:ufMwC8WphNOce1zUhLjBH5FUI2A=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port2.531" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "172.29.250.33", + "10.198.232.48" + ] + }, + "rule": { + "id": "1", + "ruleset": "1" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "connevent": "Interim", + "connid": "14310965", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "icmp_code": "0", + "icmp_type": "11", + "ips_policy_id": "0", + "log_component": "ICMP ERROR MESSAGE", + "log_id": "018201500005", + "log_subtype": "Allowed", + "log_type": "Firewall", + "priority": "Notice", + "status": "Allow" + } + }, + "source": { + "bytes": 0, + "ip": "172.29.250.33", + "mac": "00-1A-8C-50-6A-8C", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-01T10:57:55.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.32.19", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "00006", + "duration": 0, + "end": "2018-06-01T10:57:55.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-01 time=10:57:55 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600006 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=10.198.32.19 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "outcome": "success", + "severity": 6, + "start": "2018-06-01T10:57:55.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:GxdOoNc153FG9L1WhGZ4edd++14=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port3.611" + } + }, + "product": "XG", + "serial_number": "SFDemo-9a04c43", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.37.57", + "10.198.32.19" + ] + }, + "rule": { + "id": "16", + "ruleset": "1" + }, + "sophos": { + "xg": { + "app_is_cloud": "0", + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG310", + "hb_health": "Red", + "iap": "2", + "icmp_code": "0", + "icmp_type": "8", + "ips_policy_id": "0", + "log_component": "Heartbeat", + "log_id": "016602600006", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.37.57", + "mac": "08-00-27-4C-49-E3", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T13:26:37.000Z", + "destination": { + "as": { + "number": 1221, + "organization": { + "name": "Telstra Pty Ltd" + } + }, + "bytes": 0, + "ip": "1.128.3.4", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "01001", + "duration": 0, + "end": "2018-05-30T13:26:37.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=13:26:37 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.32.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol=\"UDP\" src_port=1353 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Invalid UDP destination.\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T13:26:37.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "packets": 0, + "transport": "udp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.32.19", + "1.128.3.4" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "Invalid Traffic", + "log_id": "010202601001", + "log_subtype": "Denied", + "log_type": "Firewall", + "message": "Invalid UDP destination.", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.32.19", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 1353 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-04T17:20:24.000Z", + "destination": { + "bytes": 0, + "ip": "0.0.0.0", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "01301", + "duration": 0, + "end": "2018-06-04T17:20:24.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-04 time=17:20:24 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011402601301 log_type=\"Firewall\" log_component=\"Fragmented Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=0.0.0.0 src_country_code= dst_ip=0.0.0.0 dst_country_code= protocol=\"0\" src_port=0 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-06-04T17:20:24.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "packets": 0, + "transport": "0" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "0.0.0.0" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "Fragmented Traffic", + "log_id": "011402601301", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "0.0.0.0", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T14:01:32.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.39.255", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 137 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "02002", + "duration": 0, + "end": "2018-05-30T14:01:32.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=14:01:32 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010302602002 log_type=\"Firewall\" log_component=\"Appliance Access\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=2 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.611\" out_interface=\"\" src_mac=c8:5b:76:ab:72:d3 src_ip=10.198.38.184 src_country_code= dst_ip=10.198.39.255 dst_country_code= protocol=\"UDP\" src_port=137 dst_port=137 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T14:01:32.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:rWQJGdqTu4ERAOCXL2JYQ16npW4=", + "packets": 0, + "transport": "udp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port2.611" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.38.184", + "10.198.39.255" + ] + }, + "rule": { + "id": "2", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "Appliance Access", + "log_id": "010302602002", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.38.184", + "mac": "C8-5B-76-AB-72-D3", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 137 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T14:17:17.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.32.48", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 22 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "intrusion_detection", + "network" + ], + "code": "03001", + "duration": 0, + "end": "2018-05-30T14:17:17.000Z", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-30 time=14:17:17 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010402403001 log_type=\"Firewall\" log_component=\"DoS Attack\" log_subtype=\"Denied\" status=\"Deny\" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=10.198.32.48 dst_country_code= protocol=\"TCP\" src_port=41960 dst_port=22 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 4, + "start": "2018-05-30T14:17:17.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "bytes": 0, + "community_id": "1:ebW+n2XvlKyynA6t/MupXckUzG4=", + "packets": 0, + "transport": "tcp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port1" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.32.19", + "10.198.32.48" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "DoS Attack", + "log_id": "010402403001", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Warning", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.32.19", + "mac": "B8-97-5A-5B-0F-FD", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 41960 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T14:30:31.000Z", + "destination": { + "bytes": 0, + "ip": "10.198.36.48", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "04001", + "duration": 0, + "end": "2018-06-05T14:30:31.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=14:30:31 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010502604001 log_type=\"Firewall\" log_component=\"ICMP Redirection\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.37.23 src_country_code= dst_ip=10.198.36.48 dst_country_code= protocol=\"ICMP\" icmp_type=5 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-06-05T14:30:31.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:REw7Fd5sFF/Vbt+C9BommT9XGDQ=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.37.23", + "10.198.36.48" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": " Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "icmp_code": "1", + "icmp_type": "5", + "ips_policy_id": "0", + "log_component": "ICMP Redirection", + "log_id": "010502604001", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.37.23", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-31T17:05:14.000Z", + "destination": { + "as": { + "number": 1221, + "organization": { + "name": "Telstra Pty Ltd" + } + }, + "bytes": 0, + "ip": "1.128.3.4", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 80 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "intrusion_detection", + "network" + ], + "code": "05001", + "duration": 0, + "end": "2018-05-31T17:05:14.000Z", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-31 time=17:05:14 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010602605001 log_type=\"Firewall\" log_component=\"Source Routed\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.12.19 src_country_code= dst_ip=1.128.3.4 dst_country_code= protocol=\"TCP\" src_port=1571 dst_port=80 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-05-31T17:05:14.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:d1AF6puk61t38ufI/gIY9HJv/Xw=", + "packets": 0, + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.12.19", + "1.128.3.4" + ] + }, + "rule": { + "id": "1", + "ruleset": "1" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": " Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "Source Routed", + "log_id": "010602605001", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.12.19", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 1571 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T15:09:51.000Z", + "destination": { + "bytes": 0, + "ip": "ff02::1:2", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 547 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "05051", + "duration": 0, + "end": "2018-05-30T15:09:51.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=15:09:51 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011702605051 log_type=\"Firewall\" log_component=\"MAC Filter\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.531\" out_interface=\"\" src_mac=1e:3a:5a:5b:23:ab src_ip=fe80::59f5:3ce8:c98e:5062 src_country_code= dst_ip=ff02::1:2 dst_country_code= protocol=\"UDP\" src_port=546 dst_port=547 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T15:09:51.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:fzZxl6nY1aZerLCg1u8MwroiREk=", + "packets": 0, + "transport": "udp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port2.531" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "fe80::59f5:3ce8:c98e:5062", + "ff02::1:2" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "ips_policy_id": "0", + "log_component": "MAC Filter", + "log_id": "011702605051", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "fe80::59f5:3ce8:c98e:5062", + "mac": "1E-3A-5A-5B-23-AB", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 546 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T15:12:45.000Z", + "destination": { + "as": { + "number": 209 + }, + "bytes": 0, + "geo": { + "city_name": "Milton", + "continent_name": "North America", + "country_iso_code": "US", + "country_name": "United States", + "location": { + "lat": 47.2513, + "lon": -122.3149 + }, + "region_iso_code": "US-WA", + "region_name": "Washington" + }, + "ip": "216.160.83.57", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "network" + ], + "code": "05101", + "duration": 0, + "end": "2018-05-30T15:12:45.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2018-05-30 time=15:12:45 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011802605101 log_type=\"Firewall\" log_component=\"IPMAC Filter\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.15 src_country_code= dst_ip=216.160.83.57 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T15:12:45.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:fdV0lXy84V2+bFCyBYmUyiyePtk=", + "packets": 0, + "transport": "icmp" + }, + "observer": { + "ingress": { + "interface": { + "name": "Port1" + } + }, + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.198.32.15", + "216.160.83.57" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "device": "SFW", + "device_name": "XG125w", + "hb_health": "No Heartbeat", + "iap": "0", + "icmp_code": "0", + "icmp_type": "8", + "ips_policy_id": "0", + "log_component": "IPMAC Filter", + "log_id": "011802605101", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "bytes": 0, + "ip": "10.198.32.15", + "mac": "B8-97-5A-5B-0F-FD", + "nat": { + "port": 0 + }, + "packets": 0 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T14:04:25.000Z", + "destination": { + "ip": "127.0.0.1" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "denied", + "category": [ + "intrusion_detection", + "network" + ], + "code": "05151", + "duration": 0, + "end": "2018-05-30T14:04:25.000Z", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-30 time=14:04:25 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011902605151 log_type=\"Firewall\" log_component=\"IP Spoof\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=169.254.234.5 src_country_code= dst_ip=127.0.0.1 dst_country_code= protocol=\"ICMP\" icmp_type=0 icmp_code=0", + "outcome": "success", + "severity": 6, + "start": "2018-05-30T14:04:25.000Z", + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "community_id": "1:MePwSQsHDt/OJu9hRQA+9BvVRdM=", + "transport": "icmp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-763180a", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "169.254.234.5", + "127.0.0.1" + ] + }, + "rule": { + "id": "0", + "ruleset": "0" + }, + "sophos": { + "xg": { + "appfilter_policy_id": "0", + "application_risk": "0", + "device": "SFW", + "device_name": "XG125w", + "iap": "0", + "icmp_code": "0", + "icmp_type": "0", + "ips_policy_id": "0", + "log_component": "IP Spoof", + "log_id": "011902605151", + "log_subtype": "Denied", + "log_type": "Firewall", + "priority": "Information", + "status": "Deny" + } + }, + "source": { + "ip": "169.254.234.5" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2020-06-05T03:45:23.000Z", + "destination": { + "bytes": 0, + "ip": "10.8.142.181", + "mac": "00-50-56-99-3D-AC", + "nat": { + "port": 0 + }, + "packets": 0, + "port": 443 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "allowed", + "category": [ + "network" + ], + "code": "00001", + "duration": 0, + "end": "2020-06-05T03:45:23.000Z", + "kind": "event", + "original": "device=\"SFW\" date=2020-06-05 time=03:45:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-ta-vm-55 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=5 nat_rule_id=2 policy_type=1 user_name=\"\" user_gp=\"\" iap=13 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"\" ether_type=Unknown (0x0000) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port2\" in_display_interface=\"Port2\" out_interface=\"Port1\" out_display_interface=\"Port1\" src_mac=00:50:56:99:51:94 dst_mac=00:50:56:99:3D:AC src_ip=10.146.13.30 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=45294 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=10.8.13.110 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\" LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Start\" connid=\"2674291981\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1", + "outcome": "success", + "severity": 6, + "start": "2020-06-05T03:45:23.000Z", + "type": [ + "start", + "allowed", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "network": { + "bytes": 0, + "community_id": "1:2Z/T6XpjT4zBcdXNDaLCpNp/2uo=", + "direction": "outbound", + "packets": 0, + "transport": "tcp" + }, + "observer": { + "egress": { + "interface": { + "name": "Port1" + }, + "zone": "WAN" + }, + "ingress": { + "interface": { + "name": "Port2" + }, + "zone": "LAN" + }, + "product": "XG", + "serial_number": "SFDemo-ta-vm-55", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.146.13.30", + "10.8.142.181", + "10.8.13.110" + ] + }, + "rule": { + "id": "5", + "ruleset": "1" + }, + "sophos": { + "xg": { + "app_is_cloud": "0", + "appfilter_policy_id": "0", + "application_risk": "0", + "appresolvedby": "Signature", + "connevent": "Start", + "connid": "2674291981", + "device": "SFW", + "device_name": "SF01V", + "dst_zone_type": "WAN", + "ether_type": "Unknown (0x0000)", + "hb_health": "No Heartbeat", + "iap": "13", + "ips_policy_id": "0", + "log_component": "Firewall Rule", + "log_id": "010101600001", + "log_subtype": "Allowed", + "log_type": "Firewall", + "priority": "Information", + "src_zone_type": " LAN", + "status": "Allow" + } + }, + "source": { + "bytes": 0, + "ip": "10.146.13.30", + "mac": "00-50-56-99-51-94", + "nat": { + "ip": "10.8.13.110", + "port": 0 + }, + "packets": 0, + "port": 45294 + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log new file mode 100644 index 00000000000..130461f9ffb --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log @@ -0,0 +1,4 @@ +device="SFW" date=2018-05-23 time=16:20:34 timezone="BST" device_name="XG750" device_id=SFDemo-f64dd6be log_id=020703406001 log_type="IDP" log_component="Anomaly" log_subtype="Detect" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name="" signature_id=26022 signature_msg="FILE-PDF EmbeddedFile contained within a PDF" classification="A Network Trojan was detected" rule_priority=1 src_ip=10.0.0.168 src_country_code=R1 dst_ip=10.1.1.234 dst_country_code=R1 protocol="TCP" src_port=28938 dst_port=25 platform="Windows" category="Malware Communication" target="Server" +device="SFW" date=2018-05-23 time=16:16:43 timezone="BST" device_name="XG750" device_id=SFDemo-f64dd6be log_id=020704406002 log_type="IDP" log_component="Anomaly" log_subtype="Drop" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name="" signature_id=26022 signature_msg="FILE-PDF EmbeddedFile contained within a PDF" classification="A Network Trojan was detected" rule_priority=1 src_ip=10.0.1.31 src_country_code=R1 dst_ip=10.1.0.115 dst_country_code=R1 protocol="TCP" src_port=40140 dst_port=25 platform="Windows" category="Malware Communication" target="Server" +device="SFW" date=2018-05-23 time=15:49:38 timezone="BST" device_name="XG750" device_id=SFDemo-f64dd6be log_id=020803407001 log_type="IDP" log_component="Signatures" log_subtype="Detect" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name="" signature_id=584 signature_msg="PROTOCOL-RPC portmap rusers request UDP" classification="Decode of an RPC Query" rule_priority=5 src_ip=10.0.1.39 src_country_code=R1 dst_ip=10.1.0.42 dst_country_code=R1 protocol="UDP" src_port=21378 dst_port=111 platform="BSD,Linux,Mac,Solaris,Unix" category="Operating System and Services" target="Server" +device="SFW" date=2017-02-01 time=12:51:35 timezone="IST" device_name="CR750iNG-XP" device_id=C44313350024- P29PUA log_id=020804407002 log_type="IDP" log_component="Signatures" log_subtype="Drop" status="" priority=Warning idp_policy_id=2 fw_rule_id=1 user_name="" signature_id=1151209031 signature_msg="Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow" classification="Unknown" rule_priority=3 src_ip=81.2.69.145 src_country_code=HKG dst_ip=10.198.47.71 dst_country_code=R1 protocol="TCP" src_port=80 dst_port=40575 platform=" Windows" category="Application and Software" target="Client" \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json new file mode 100644 index 00000000000..7b377fb5436 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-idp.log-expected.json @@ -0,0 +1,344 @@ +{ + "expected": [ + { + "@timestamp": "2018-05-23T16:20:34.000Z", + "destination": { + "ip": "10.1.1.234", + "port": 25 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "detect", + "category": [ + "intrusion_detection", + "network" + ], + "code": "06001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-23 time=16:20:34 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020703406001 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Detect\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.0.168 src_country_code=R1 dst_ip=10.1.1.234 dst_country_code=R1 protocol=\"TCP\" src_port=28938 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", + "outcome": "success", + "severity": 4, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "community_id": "1:U2yQKH6TWkggtH81oE8Yw/5bA30=", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-f64dd6be", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.0.0.168", + "10.1.1.234" + ] + }, + "rule": { + "category": "A Network Trojan was detected", + "id": "26022", + "name": "FILE-PDF EmbeddedFile contained within a PDF" + }, + "sophos": { + "xg": { + "category": "Malware Communication", + "device": "SFW", + "device_name": "XG750", + "dst_country_code": "R1", + "fw_rule_id": "2", + "idp_policy_id": "1", + "log_component": "Anomaly", + "log_id": "020703406001", + "log_subtype": "Detect", + "log_type": "IDP", + "platform": "Windows", + "priority": "Warning", + "rule_priority": "1", + "src_country_code": "R1", + "target": "Server" + } + }, + "source": { + "ip": "10.0.0.168", + "port": 28938 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-23T16:16:43.000Z", + "destination": { + "ip": "10.1.0.115", + "port": 25 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "drop", + "category": [ + "intrusion_detection", + "network" + ], + "code": "06002", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-23 time=16:16:43 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020704406002 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Drop\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.1.31 src_country_code=R1 dst_ip=10.1.0.115 dst_country_code=R1 protocol=\"TCP\" src_port=40140 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", + "outcome": "success", + "severity": 4, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "community_id": "1:ZiG8ga1b+BkNsFyuxbnjyDn2xjQ=", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-f64dd6be", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.0.1.31", + "10.1.0.115" + ] + }, + "rule": { + "category": "A Network Trojan was detected", + "id": "26022", + "name": "FILE-PDF EmbeddedFile contained within a PDF" + }, + "sophos": { + "xg": { + "category": "Malware Communication", + "device": "SFW", + "device_name": "XG750", + "dst_country_code": "R1", + "fw_rule_id": "2", + "idp_policy_id": "1", + "log_component": "Anomaly", + "log_id": "020704406002", + "log_subtype": "Drop", + "log_type": "IDP", + "platform": "Windows", + "priority": "Warning", + "rule_priority": "1", + "src_country_code": "R1", + "target": "Server" + } + }, + "source": { + "ip": "10.0.1.31", + "port": 40140 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-23T15:49:38.000Z", + "destination": { + "ip": "10.1.0.42", + "port": 111 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "detect", + "category": [ + "intrusion_detection", + "network" + ], + "code": "07001", + "kind": "alert", + "original": "device=\"SFW\" date=2018-05-23 time=15:49:38 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020803407001 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Detect\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=584 signature_msg=\"PROTOCOL-RPC portmap rusers request UDP\" classification=\"Decode of an RPC Query\" rule_priority=5 src_ip=10.0.1.39 src_country_code=R1 dst_ip=10.1.0.42 dst_country_code=R1 protocol=\"UDP\" src_port=21378 dst_port=111 platform=\"BSD,Linux,Mac,Solaris,Unix\" category=\"Operating System and Services\" target=\"Server\"", + "outcome": "success", + "severity": 4, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "community_id": "1:2f9LkOfa+shAInkup2Av8GQz/s8=", + "transport": "udp" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-f64dd6be", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "10.0.1.39", + "10.1.0.42" + ] + }, + "rule": { + "category": "Decode of an RPC Query", + "id": "584", + "name": "PROTOCOL-RPC portmap rusers request UDP" + }, + "sophos": { + "xg": { + "category": "Operating System and Services", + "device": "SFW", + "device_name": "XG750", + "dst_country_code": "R1", + "fw_rule_id": "2", + "idp_policy_id": "1", + "log_component": "Signatures", + "log_id": "020803407001", + "log_subtype": "Detect", + "log_type": "IDP", + "platform": "BSD,Linux,Mac,Solaris,Unix", + "priority": "Warning", + "rule_priority": "5", + "src_country_code": "R1", + "target": "Server" + } + }, + "source": { + "ip": "10.0.1.39", + "port": 21378 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-02-01T12:51:35.000Z", + "destination": { + "ip": "10.198.47.71", + "port": 40575 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "drop", + "category": [ + "intrusion_detection", + "network" + ], + "code": "07002", + "kind": "alert", + "original": "device=\"SFW\" date=2017-02-01 time=12:51:35 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024- P29PUA log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" status=\"\" priority=Warning idp_policy_id=2 fw_rule_id=1 user_name=\"\" signature_id=1151209031 signature_msg=\"Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow\" classification=\"Unknown\" rule_priority=3 src_ip=81.2.69.145 src_country_code=HKG dst_ip=10.198.47.71 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40575 platform=\" Windows\" category=\"Application and Software\" target=\"Client\"", + "outcome": "success", + "severity": 4, + "type": [ + "denied", + "connection" + ] + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "warning" + }, + "network": { + "community_id": "1:b8cwgXEoZZVR2PdphquxalsImxQ=", + "transport": "tcp" + }, + "observer": { + "product": "XG", + "serial_number": "C44313350024- P29PUA", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ], + "ip": [ + "81.2.69.145", + "10.198.47.71" + ] + }, + "rule": { + "category": "Unknown", + "id": "1151209031", + "name": "Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow" + }, + "sophos": { + "xg": { + "category": "Application and Software", + "device": "SFW", + "device_name": "CR750iNG-XP", + "dst_country_code": "R1", + "fw_rule_id": "1", + "idp_policy_id": "2", + "log_component": "Signatures", + "log_id": "020804407002", + "log_subtype": "Drop", + "log_type": "IDP", + "platform": " Windows", + "priority": "Warning", + "rule_priority": "3", + "src_country_code": "HKG", + "target": "Client" + } + }, + "source": { + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.145", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log new file mode 100644 index 00000000000..da4d6052d60 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log @@ -0,0 +1,5 @@ +device="SFW" date=2016-12-02 time=18:27:55 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=136501618041 log_type="Sandbox" log_component="Web" log_subtype="Allowed" priority=Information user_name="" src_ip= filename="" filetype="" filesize=0 sha1sum="" source="" reason="eligible" destination="" subject="" +device="SFW" date=2016-12-02 time=18:31:50 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=136501618041 log_type="Sandbox" log_component="Web" log_subtype="Allowed" priority=Information user_name="rich" src_ip=192.168.73.220 filename="test7.exe" filetype="application/octet-stream" filesize=871700 sha1sum="7769b038037bc8e5c6373e92f99aa2324eee827c" source="floater.baldrys.ca" reason="cloud clean" destination="" subject="" +device="SFW" date=2018-06-21 time=23:43:25 timezone="CEST" device_name="SG650" device_id=SFDemo-058196d log_id=136502218042 log_type="Sandbox" log_component="Web" log_subtype="Denied" priority=Critical user_name="ta-client" src_ip=10.146.13.251 filename="sandbox_dirty_no_cache" filetype="text/plain" filesize=266541 sha1sum="dd0bf29e56e4433e7dcffbe35f4003b1f251ce9d" source="ta-web-static.qa.astaro.de" reason="cached malicious" destination="" subject="" +device="SFW" date=2016-12-02 time=18:27:55 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=136528618043 log_type="Sandbox" log_component="Web" log_subtype="Pending" priority=Information user_name="rich" src_ip=192.168.73.220 filename="badb.exe" filetype="application/octet-stream" filesize=1634319 sha1sum="9379f98b00017db44f3c6120bde7bdcd680296cb" source="floater.baldrys.ca" reason="pending" destination="" subject="" +device="SFW" date=2016-12-02 time=18:27:55 timezone="GMT" device_name="SFVUNL" device_id=C01001K234RXPA1 log_id=136528618043 log_type="Sandbox" log_component="Web" log_subtype="Pending" priority=Information user_name="rich" src_ip=192.168.73.220 filename="badb.exe" filetype="application/octet-stream" filesize=1634319 sha1sum="2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae" source="floater.baldrys.ca" reason="pending" destination="" subject="" \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json new file mode 100644 index 00000000000..c637b506396 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-sandstorm.log-expected.json @@ -0,0 +1,393 @@ +{ + "expected": [ + { + "@timestamp": "2016-12-02T18:27:55.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Allowed", + "category": [ + "network" + ], + "code": "18041", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:27:55 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=136501618041 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Allowed\" priority=Information user_name=\"\" src_ip= filename=\"\" filetype=\"\" filesize=0 sha1sum=\"\" source=\"\" reason=\"eligible\" destination=\"\" subject=\"\"", + "outcome": "success", + "reason": "eligible", + "severity": 6, + "type": [ + "allowed", + "end", + "connection" + ] + }, + "file": { + "size": 0 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "log_component": "Web", + "log_id": "136501618041", + "log_subtype": "Allowed", + "log_type": "Sandbox", + "priority": "Information" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2016-12-02T18:31:50.000Z", + "destination": { + "domain": "floater.baldrys.ca" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Allowed", + "category": [ + "network" + ], + "code": "18041", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:31:50 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=136501618041 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Allowed\" priority=Information user_name=\"rich\" src_ip=192.168.73.220 filename=\"test7.exe\" filetype=\"application/octet-stream\" filesize=871700 sha1sum=\"7769b038037bc8e5c6373e92f99aa2324eee827c\" source=\"floater.baldrys.ca\" reason=\"cloud clean\" destination=\"\" subject=\"\"", + "outcome": "success", + "reason": "cloud clean", + "severity": 6, + "type": [ + "allowed" + ] + }, + "file": { + "hash": { + "sha1": "7769b038037bc8e5c6373e92f99aa2324eee827c" + }, + "mime_type": "application/octet-stream", + "name": "test7.exe", + "size": 871700 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hash": [ + "7769b038037bc8e5c6373e92f99aa2324eee827c" + ], + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "log_component": "Web", + "log_id": "136501618041", + "log_subtype": "Allowed", + "log_type": "Sandbox", + "priority": "Information" + } + }, + "source": { + "ip": "192.168.73.220", + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca" + } + }, + { + "@timestamp": "2018-06-21T23:43:25.000Z", + "destination": { + "domain": "ta-web-static.qa.astaro.de" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Denied", + "category": [ + "malware", + "network" + ], + "code": "18042", + "kind": "alert", + "original": "device=\"SFW\" date=2018-06-21 time=23:43:25 timezone=\"CEST\" device_name=\"SG650\" device_id=SFDemo-058196d log_id=136502218042 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Denied\" priority=Critical user_name=\"ta-client\" src_ip=10.146.13.251 filename=\"sandbox_dirty_no_cache\" filetype=\"text/plain\" filesize=266541 sha1sum=\"dd0bf29e56e4433e7dcffbe35f4003b1f251ce9d\" source=\"ta-web-static.qa.astaro.de\" reason=\"cached malicious\" destination=\"\" subject=\"\"", + "outcome": "success", + "reason": "cached malicious", + "severity": 2, + "type": [ + "denied", + "connection" + ] + }, + "file": { + "hash": { + "sha1": "dd0bf29e56e4433e7dcffbe35f4003b1f251ce9d" + }, + "mime_type": "text/plain", + "name": "sandbox_dirty_no_cache", + "size": 266541 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "critical" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-058196d", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hash": [ + "dd0bf29e56e4433e7dcffbe35f4003b1f251ce9d" + ], + "hosts": [ + "defaulttest.local", + "ta-web-static.qa.astaro.de" + ], + "ip": [ + "10.146.13.251" + ], + "user": [ + "ta-client" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SG650", + "log_component": "Web", + "log_id": "136502218042", + "log_subtype": "Denied", + "log_type": "Sandbox", + "priority": "Critical" + } + }, + "source": { + "ip": "10.146.13.251", + "user": { + "name": "ta-client" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "ta-web-static.qa.astaro.de" + } + }, + { + "@timestamp": "2016-12-02T18:27:55.000Z", + "destination": { + "domain": "floater.baldrys.ca" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Pending", + "category": [ + "network" + ], + "code": "18043", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:27:55 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=136528618043 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Pending\" priority=Information user_name=\"rich\" src_ip=192.168.73.220 filename=\"badb.exe\" filetype=\"application/octet-stream\" filesize=1634319 sha1sum=\"9379f98b00017db44f3c6120bde7bdcd680296cb\" source=\"floater.baldrys.ca\" reason=\"pending\" destination=\"\" subject=\"\"", + "outcome": "success", + "reason": "pending", + "severity": 6, + "type": [ + "start", + "connection" + ] + }, + "file": { + "hash": { + "sha1": "9379f98b00017db44f3c6120bde7bdcd680296cb" + }, + "mime_type": "application/octet-stream", + "name": "badb.exe", + "size": 1634319 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hash": [ + "9379f98b00017db44f3c6120bde7bdcd680296cb" + ], + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "log_component": "Web", + "log_id": "136528618043", + "log_subtype": "Pending", + "log_type": "Sandbox", + "priority": "Information" + } + }, + "source": { + "ip": "192.168.73.220", + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca" + } + }, + { + "@timestamp": "2016-12-02T18:27:55.000Z", + "destination": { + "domain": "floater.baldrys.ca" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Pending", + "category": [ + "network" + ], + "code": "18043", + "kind": "event", + "original": "device=\"SFW\" date=2016-12-02 time=18:27:55 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=136528618043 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Pending\" priority=Information user_name=\"rich\" src_ip=192.168.73.220 filename=\"badb.exe\" filetype=\"application/octet-stream\" filesize=1634319 sha1sum=\"2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae\" source=\"floater.baldrys.ca\" reason=\"pending\" destination=\"\" subject=\"\"", + "outcome": "success", + "reason": "pending", + "severity": 6, + "type": [ + "start", + "connection" + ] + }, + "file": { + "hash": { + "sha256": "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae" + }, + "mime_type": "application/octet-stream", + "name": "badb.exe", + "size": 1634319 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "C01001K234RXPA1", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hash": [ + "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae" + ], + "hosts": [ + "defaulttest.local", + "floater.baldrys.ca" + ], + "ip": [ + "192.168.73.220" + ], + "user": [ + "rich" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SFVUNL", + "log_component": "Web", + "log_id": "136528618043", + "log_subtype": "Pending", + "log_type": "Sandbox", + "priority": "Information" + } + }, + "source": { + "ip": "192.168.73.220", + "user": { + "name": "rich" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "floater.baldrys.ca" + } + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log new file mode 100644 index 00000000000..ed72ceda8c9 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log @@ -0,0 +1,5 @@ +device="SFW" date=2018-06-05 time=15:10:00 timezone="CEST" device_name="SF01V" device_id=SFDemo-fe75a9f log_id=127626618031 log_type="System Health" log_component="CPU" log_subtype="Usage" priority=Information system=1.29% user=7.60% idle=91.11% +device="SFW" date=2018-06-05 time=15:10:00 timezone="CEST" device_name="SF01V" device_id=SFDemo-fe75a9f log_id=127726618031 log_type="System Health" log_component="Memory" log_subtype="Usage" priority=Information unit=byte total_memory=2100191232 free=578650112 used=1521541120 +device="SFW" date=2018-06-05 time=15:10:00 timezone="CEST" device_name="SF01V" device_id=SFDemo-fe75a9f log_id=123526618031 log_type="System Health" log_component="Interface" log_subtype="Usage" priority=Information interface=Port1 receivedkbits=4.55 transmittedkbits=2.03 receivederrors=0.00 transmitteddrops=0.00 collisions=0.00 transmittederrors=0.00 receiveddrops=0.00 +device="SFW" date=2018-06-05 time=15:10:00 timezone="CEST" device_name="SF01V" device_id=SFDemo-fe75a9f log_id=127826618031 log_type="System Health" log_component="Disk" log_subtype="Usage" priority=Information Configuration=13.00% Reports=11.00% Signature=11.00% Temp=4.00% +device="SFW" date=2018-06-05 time=15:10:00 timezone="CEST" device_name="SF01V" device_id=SFDemo-fe75a9f log_id=127926618031 log_type="System Health" log_component="Live User" log_subtype="Usage" priority=Information users=0 \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json new file mode 100644 index 00000000000..c6c4f46c33d --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-systemhealth.log-expected.json @@ -0,0 +1,239 @@ +{ + "expected": [ + { + "@timestamp": "2018-06-05T15:10:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18031", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=15:10:00 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-fe75a9f log_id=127626618031 log_type=\"System Health\" log_component=\"CPU\" log_subtype=\"Usage\" priority=Information system=1.29% user=7.60% idle=91.11%", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-fe75a9f", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SF01V", + "idle_cpu": 91.11, + "log_component": "CPU", + "log_id": "127626618031", + "log_subtype": "Usage", + "log_type": "System Health", + "priority": "Information", + "system_cpu": 1.29, + "user_cpu": 7.6 + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T15:10:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18031", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=15:10:00 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-fe75a9f log_id=127726618031 log_type=\"System Health\" log_component=\"Memory\" log_subtype=\"Usage\" priority=Information unit=byte total_memory=2100191232 free=578650112 used=1521541120", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-fe75a9f", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SF01V", + "free": 578650112, + "log_component": "Memory", + "log_id": "127726618031", + "log_subtype": "Usage", + "log_type": "System Health", + "priority": "Information", + "total_memory": 2100191232, + "unit": "byte", + "used": 1521541120 + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T15:10:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18031", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=15:10:00 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-fe75a9f log_id=123526618031 log_type=\"System Health\" log_component=\"Interface\" log_subtype=\"Usage\" priority=Information interface=Port1 receivedkbits=4.55 transmittedkbits=2.03 receivederrors=0.00 transmitteddrops=0.00 collisions=0.00 transmittederrors=0.00 receiveddrops=0.00", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-fe75a9f", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "collisions": 0.0, + "device": "SFW", + "device_name": "SF01V", + "interface": "Port1", + "log_component": "Interface", + "log_id": "123526618031", + "log_subtype": "Usage", + "log_type": "System Health", + "priority": "Information", + "receiveddrops": 0.0, + "receivederrors": "0.00", + "receivedkbits": 4.55, + "transmitteddrops": 0.0, + "transmittederrors": "0.00", + "transmittedkbits": 2.03 + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T15:10:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18031", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=15:10:00 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-fe75a9f log_id=127826618031 log_type=\"System Health\" log_component=\"Disk\" log_subtype=\"Usage\" priority=Information Configuration=13.00% Reports=11.00% Signature=11.00% Temp=4.00%", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-fe75a9f", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "configuration": 13.0, + "device": "SFW", + "device_name": "SF01V", + "log_component": "Disk", + "log_id": "127826618031", + "log_subtype": "Usage", + "log_type": "System Health", + "priority": "Information", + "reports": 11.0, + "signature": 11.0, + "temp": 4.0 + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-06-05T15:10:00.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18031", + "kind": "event", + "original": "device=\"SFW\" date=2018-06-05 time=15:10:00 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-fe75a9f log_id=127926618031 log_type=\"System Health\" log_component=\"Live User\" log_subtype=\"Usage\" priority=Information users=0", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "SFDemo-fe75a9f", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "device": "SFW", + "device_name": "SF01V", + "log_component": "Live User", + "log_id": "127926618031", + "log_subtype": "Usage", + "log_type": "System Health", + "priority": "Information", + "users": 0 + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log new file mode 100644 index 00000000000..4a33dbae2a3 --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log @@ -0,0 +1,2 @@ +device="SFW" date=2017-02-01 time=14:17:35 timezone="IST" device_name="SG115" device_id=S110016E28BA631 log_id=106025618011 log_type="Wireless Protection" log_component="Wireless Protection" log_subtype="Information" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=2 +device="SFW" date=2017-02-01 time=14:19:47 timezone="IST" device_name="SG115" device_id=S110016E28BA631 log_id=106025618011 log_type="Wireless Protection" log_component="Wireless Protection" log_subtype="Information" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=3 \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json new file mode 100644 index 00000000000..c3b48e37f2a --- /dev/null +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-18.5-wireless.log-expected.json @@ -0,0 +1,98 @@ +{ + "expected": [ + { + "@timestamp": "2017-02-01T14:17:35.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18011", + "kind": "event", + "original": "device=\"SFW\" date=2017-02-01 time=14:17:35 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=2", + "outcome": "success", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "S110016E28BA631", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "ap": "A40024A636F7862", + "clients_conn_ssid": 2, + "device": "SFW", + "device_name": "SG115", + "log_component": "Wireless Protection", + "log_id": "106025618011", + "log_subtype": "Information", + "log_type": "Wireless Protection", + "priority": "Information", + "ssid": "SPIDIGO2015" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2017-02-01T14:19:47.000Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "code": "18011", + "kind": "event", + "original": "device=\"SFW\" date=2017-02-01 time=14:19:47 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=3", + "outcome": "success", + "severity": 6 + }, + "host": { + "name": "defaulttest.local" + }, + "log": { + "level": "informational" + }, + "observer": { + "product": "XG", + "serial_number": "S110016E28BA631", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local" + ] + }, + "sophos": { + "xg": { + "ap": "A40024A636F7862", + "clients_conn_ssid": 3, + "device": "SFW", + "device_name": "SG115", + "log_component": "Wireless Protection", + "log_id": "106025618011", + "log_subtype": "Information", + "log_type": "Wireless Protection", + "priority": "Information", + "ssid": "SPIDIGO2015" + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json index 8bf3c14116f..5f3dff0dfd5 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-sophos-xg.log-expected.json @@ -2,14 +2,6 @@ "expected": [ { "@timestamp": "2020-05-18T14:38:48.000Z", - "client": { - "bytes": 0, - "domain": "elasticuser.com", - "port": 0, - "user": { - "email": "firewall@firewallgate.com" - } - }, "destination": { "bytes": 0, "port": 0, @@ -25,10 +17,11 @@ "category": [ "network" ], - "code": "041101618035", + "code": "18035", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:48 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=041101618035 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"firewall@firewallgate.com\" to_email_address=\"Sysadmin@elasticuser.com\" email_subject=\"*ALERT* Sophos XG Firewall\" mailid=\"qkW2Y6-LxBk6U-vH-1590055245\" mailsize=19728 spamaction=\"QUEUED\" reason=\"Email has been accepted by Device and queued for scanning.\" src_domainname=\"elasticuser.com\" dst_domainname=\"\" src_ip=\"\" src_country_code=\"\" dst_ip=\"\" dst_country_code=\"\" protocol=\"TCP\" src_port=0 dst_port=0 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:48 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=041101618035 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"firewall@firewallgate.com\" to_email_address=\"Sysadmin@elasticuser.com\" email_subject=\"*ALERT* Sophos XG Firewall\" mailid=\"qkW2Y6-LxBk6U-vH-1590055245\" mailsize=19728 spamaction=\"QUEUED\" reason=\"Email has been accepted by Device and queued for scanning.\" src_domainname=\"elasticuser.com\" dst_domainname=\"\" src_ip=\"\" src_country_code=\"\" dst_ip=\"\" dst_country_code=\"\" protocol=\"TCP\" src_port=0 dst_port=0 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", + "reason": "Email has been accepted by Device and queued for scanning.", "severity": 6, "type": [ "allowed", @@ -42,7 +35,9 @@ "level": "informational" }, "network": { - "transport": "TCP" + "bytes": 0, + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -52,16 +47,10 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "elasticuser.com" ] }, - "server": { - "bytes": 0, - "port": 0, - "user": { - "email": "Sysadmin@elasticuser.com" - } - }, "sophos": { "xg": { "av_policy_name": "None", @@ -70,14 +59,13 @@ "email_subject": "*ALERT* Sophos XG Firewall", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041101618035", "log_subtype": "Allowed", "log_type": "Anti-Spam", "mailid": "qkW2Y6-LxBk6U-vH-1590055245", "mailsize": "19728", - "message_id": "18035", "priority": "Information", "quarantine_reason": "Other", - "reason": "Email has been accepted by Device and queued for scanning.", "spamaction": "QUEUED" } }, @@ -95,27 +83,6 @@ }, { "@timestamp": "2020-05-18T14:38:49.000Z", - "client": { - "bytes": 0, - "domain": "constant-big.email", - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 52742, - "user": { - "email": "telekommunikation@constant-big.email" - } - }, "destination": { "bytes": 0, "geo": { @@ -144,10 +111,11 @@ "category": [ "network" ], - "code": "041105613003", + "code": "13003", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:49 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=041105613003 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Clean\" status=\"\" priority=Information fw_rule_id=22 user_name=\"\" av_policy_name=\"Default\" from_email_address=\"telekommunikation@constant-big.email\" to_email_address=\"info@pelasticuser.com\" email_subject=\"Telefonservice statt Anrufbeantworter\" mailid=\"\u003cMzQ4NzU1ODA4Mw==.70c409993fe53cb7c5e32c9974adf8ff@constant-big\" mailsize=13371 spamaction=\"Accept\" reason=\"Mail is Clean.\" src_domainname=\"constant-big.email\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=USA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=52742 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:49 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=041105613003 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Clean\" status=\"\" priority=Information fw_rule_id=22 user_name=\"\" av_policy_name=\"Default\" from_email_address=\"telekommunikation@constant-big.email\" to_email_address=\"info@pelasticuser.com\" email_subject=\"Telefonservice statt Anrufbeantworter\" mailid=\"\u003cMzQ4NzU1ODA4Mw==.70c409993fe53cb7c5e32c9974adf8ff@constant-big\" mailsize=13371 spamaction=\"Accept\" reason=\"Mail is Clean.\" src_domainname=\"constant-big.email\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=USA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=52742 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", + "reason": "Mail is Clean.", "severity": 6, "type": [ "allowed", @@ -161,7 +129,10 @@ "level": "informational" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:7d/3uzjf495waTHySBG1PJtS3h4=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -171,29 +142,13 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "constant-big.email" + ], + "ip": [ + "175.16.199.1" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 25, - "user": { - "email": "info@pelasticuser.com" - } - }, "sophos": { "xg": { "av_policy_name": "Default", @@ -203,14 +158,13 @@ "email_subject": "Telefonservice statt Anrufbeantworter", "fw_rule_id": "22", "log_component": "SMTP", + "log_id": "041105613003", "log_subtype": "Clean", "log_type": "Anti-Spam", "mailid": "\u003cMzQ4NzU1ODA4Mw==.70c409993fe53cb7c5e32c9974adf8ff@constant-big", "mailsize": "13371", - "message_id": "13003", "priority": "Information", "quarantine_reason": "Other", - "reason": "Mail is Clean.", "spamaction": "Accept", "src_country_code": "USA" } @@ -242,27 +196,6 @@ }, { "@timestamp": "2020-05-18T14:38:50.000Z", - "client": { - "bytes": 0, - "domain": "17buddies.net", - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 51789, - "user": { - "email": "ripxfc@17buddies.net" - } - }, "destination": { "bytes": 0, "geo": { @@ -292,10 +225,11 @@ "malware", "network" ], - "code": "041107413001", + "code": "13001", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:50 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=041107413001 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=22 user_name=\"\" av_policy_name=\"Spam\" from_email_address=\"ripxfc@17buddies.net\" to_email_address=\"hein.mueck@elasticuser.de\" email_subject=\"nimm dringend Geld\" mailid=\"\u003coE6Bl1v.H9RXAIt.N5WB1my7xW.JavaMail.app@9in8-vovZnu.prod.17bud\" mailsize=2025 spamaction=\"Reject\" reason=\"Mail detected as SPAM.\" src_domainname=\"17buddies.net\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=BRA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=51789 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:50 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=041107413001 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=22 user_name=\"\" av_policy_name=\"Spam\" from_email_address=\"ripxfc@17buddies.net\" to_email_address=\"hein.mueck@elasticuser.de\" email_subject=\"nimm dringend Geld\" mailid=\"\u003coE6Bl1v.H9RXAIt.N5WB1my7xW.JavaMail.app@9in8-vovZnu.prod.17bud\" mailsize=2025 spamaction=\"Reject\" reason=\"Mail detected as SPAM.\" src_domainname=\"17buddies.net\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=BRA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=51789 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", "outcome": "success", + "reason": "Mail detected as SPAM.", "severity": 4, "type": [ "info", @@ -310,7 +244,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:YK7dIGysD31VmEWNgT32s7vj2b8=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -320,29 +257,13 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "17buddies.net" + ], + "ip": [ + "175.16.199.1" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 25, - "user": { - "email": "hein.mueck@elasticuser.de" - } - }, "sophos": { "xg": { "av_policy_name": "Spam", @@ -352,14 +273,13 @@ "email_subject": "nimm dringend Geld", "fw_rule_id": "22", "log_component": "SMTP", + "log_id": "041107413001", "log_subtype": "Spam", "log_type": "Anti-Spam", "mailid": "\u003coE6Bl1v.H9RXAIt.N5WB1my7xW.JavaMail.app@9in8-vovZnu.prod.17bud", "mailsize": "2025", - "message_id": "13001", "priority": "Warning", "quarantine_reason": "Spam", - "reason": "Mail detected as SPAM.", "spamaction": "Reject", "src_country_code": "BRA" } @@ -391,27 +311,6 @@ }, { "@timestamp": "2020-05-18T14:38:51.000Z", - "client": { - "bytes": 0, - "domain": "ELTOBGI.COM", - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 55002, - "user": { - "email": "SHERIF.TOBGI@ELTOBGI.COM" - } - }, "destination": { "bytes": 0, "geo": { @@ -441,10 +340,11 @@ "malware", "network" ], - "code": "045908413004", + "code": "13004", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:51 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=045908413004 log_type=\"Anti-Spam\" log_component=\"SMTPS\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=22 user_name=\"\" av_policy_name=\"rule3\" from_email_address=\"SHERIF.TOBGI@ELTOBGI.COM\" to_email_address=\"info@elasticuser.com\" email_subject=\"09F1A19017 - 65T BP LNG Hybrid - TS-V-061-01 - HVAC Package - RFQ - BCD - 27-May-20\" mailid=\"\u003c20200518070235.C1623996C64F9957@ELTOBGI.COM\u003e\" mailsize=1032152 spamaction=\"Prefix Subject\" reason=\"Sender IP address is blacklisted.\" src_domainname=\"ELTOBGI.COM\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=GBR dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=55002 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"RBL\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:51 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=045908413004 log_type=\"Anti-Spam\" log_component=\"SMTPS\" log_subtype=\"Probable Spam\" status=\"\" priority=Warning fw_rule_id=22 user_name=\"\" av_policy_name=\"rule3\" from_email_address=\"SHERIF.TOBGI@ELTOBGI.COM\" to_email_address=\"info@elasticuser.com\" email_subject=\"09F1A19017 - 65T BP LNG Hybrid - TS-V-061-01 - HVAC Package - RFQ - BCD - 27-May-20\" mailid=\"\u003c20200518070235.C1623996C64F9957@ELTOBGI.COM\u003e\" mailsize=1032152 spamaction=\"Prefix Subject\" reason=\"Sender IP address is blacklisted.\" src_domainname=\"ELTOBGI.COM\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=GBR dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=55002 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"RBL\"", "outcome": "success", + "reason": "Sender IP address is blacklisted.", "severity": 4, "type": [ "info", @@ -459,7 +359,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:KLsRGAGT4nHkerVf6tdfFI7Er8w=", + "protocol": "smtps", + "transport": "tcp" }, "observer": { "product": "XG", @@ -469,29 +372,13 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "ELTOBGI.COM" + ], + "ip": [ + "175.16.199.1" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 25, - "user": { - "email": "info@elasticuser.com" - } - }, "sophos": { "xg": { "av_policy_name": "rule3", @@ -501,14 +388,13 @@ "email_subject": "09F1A19017 - 65T BP LNG Hybrid - TS-V-061-01 - HVAC Package - RFQ - BCD - 27-May-20", "fw_rule_id": "22", "log_component": "SMTPS", + "log_id": "045908413004", "log_subtype": "Probable Spam", "log_type": "Anti-Spam", "mailid": "\u003c20200518070235.C1623996C64F9957@ELTOBGI.COM\u003e", "mailsize": "1032152", - "message_id": "13004", "priority": "Warning", "quarantine_reason": "RBL", - "reason": "Sender IP address is blacklisted.", "spamaction": "Prefix Subject", "src_country_code": "GBR" } @@ -540,15 +426,6 @@ }, { "@timestamp": "2017-01-31T18:34:41.000Z", - "client": { - "bytes": 0, - "domain": " iview.com", - "ip": "10.198.47.71", - "port": 22420, - "user": { - "email": "gaurav1@iview.com" - } - }, "destination": { "bytes": 0, "ip": "10.198.233.61", @@ -566,9 +443,9 @@ "malware", "network" ], - "code": "041113413005", + "code": "13005", "kind": "alert", - "original": "device=\"SFW\" date=2017-01-31 time=18:34:41 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041113413005 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"Gaurav123\" from_email_address=\"gaurav1@iview.com\" to_email_address=\" gaurav2@iview.com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003ca22c9da6-19e5-4764-2836-3f48d7dcc329@iview.com\u003e\" mailsize=405 spamaction=\"Accept\" reason=\"\" src_domainname=\" iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22420 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=18:34:41 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041113413005 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"Gaurav123\" from_email_address=\"gaurav1@iview.com\" to_email_address=\" gaurav2@iview.com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003ca22c9da6-19e5-4764-2836-3f48d7dcc329@iview.com\u003e\" mailsize=405 spamaction=\"Accept\" reason=\"\" src_domainname=\" iview.com\" dst_domainname=\"\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22420 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", "outcome": "success", "severity": 4, "type": [ @@ -584,7 +461,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:cZ39MftFvT3s1y8vN0AHxj2KZII=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -594,17 +474,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + " iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" ] }, - "server": { - "bytes": 0, - "ip": "10.198.233.61", - "port": 25, - "user": { - "email": " gaurav2@iview.com" - } - }, "sophos": { "xg": { "av_policy_name": "Gaurav123", @@ -614,11 +491,11 @@ "email_subject": "RPD Spam Test: Spam", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041113413005", "log_subtype": "Outbound Spam", "log_type": "Anti-Spam", "mailid": "\u003ca22c9da6-19e5-4764-2836-3f48d7dcc329@iview.com\u003e", "mailsize": "405", - "message_id": "13005", "priority": "Warning", "quarantine_reason": "Spam", "spamaction": "Accept", @@ -641,15 +518,6 @@ }, { "@timestamp": "2018-06-06T11:10:11.000Z", - "client": { - "bytes": 0, - "domain": "postman.local", - "ip": "10.198.16.121", - "port": 58043, - "user": { - "email": "pankhil@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.234.240", @@ -667,10 +535,11 @@ "malware", "network" ], - "code": "041114413006", + "code": "13006", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=11:10:11 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041114413006 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"rule 8\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"RPD Spam test: Bulk\" mailid=\"\u003cc63b1eb2-1c17-73ac-fcc3- 20e8831dc3d3@postman.local\u003e\" mailsize=439 spamaction=\"Drop\" reason=\"Mail detected as OUTBOUND PROBABLE SPAM.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=58043 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=11:10:11 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041114413006 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Outbound Probable Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"rule 8\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"RPD Spam test: Bulk\" mailid=\"\u003cc63b1eb2-1c17-73ac-fcc3- 20e8831dc3d3@postman.local\u003e\" mailsize=439 spamaction=\"Drop\" reason=\"Mail detected as OUTBOUND PROBABLE SPAM.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=58043 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Spam\"", "outcome": "success", + "reason": "Mail detected as OUTBOUND PROBABLE SPAM.", "severity": 4, "type": [ "info", @@ -685,7 +554,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:4pL1g2Wx0xpVOFsPZ927l+yIPiU=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -695,17 +567,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.234.240" ] }, - "server": { - "bytes": 0, - "ip": "10.198.234.240", - "port": 25, - "user": { - "email": "pankhil1@Postman.local" - } - }, "sophos": { "xg": { "av_policy_name": "rule 8", @@ -715,14 +584,13 @@ "email_subject": "RPD Spam test: Bulk", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041114413006", "log_subtype": "Outbound Probable Spam", "log_type": "Anti-Spam", "mailid": "\u003cc63b1eb2-1c17-73ac-fcc3- 20e8831dc3d3@postman.local\u003e", "mailsize": "439", - "message_id": "13006", "priority": "Warning", "quarantine_reason": "Spam", - "reason": "Mail detected as OUTBOUND PROBABLE SPAM.", "spamaction": "Drop", "src_country_code": "R1" } @@ -742,15 +610,6 @@ }, { "@timestamp": "2018-06-06T12:50:07.000Z", - "client": { - "bytes": 0, - "domain": "postman.local", - "ip": "10.198.16.121", - "port": 60134, - "user": { - "email": "pankhil@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.17.121", @@ -768,10 +627,11 @@ "malware", "network" ], - "code": "041121613009", + "code": "13009", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=12:50:07 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041121613009 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"DLP\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman. local\" email_subject=\"Fwd: TESt\" mailid=\"c0000002-1528269606\" mailsize=5041 spamaction=\"DROP\" reason=\"Email containing confidential data detected. Relevant Data Protection Policy applied.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60134 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"DLP\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=12:50:07 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041121613009 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"DLP\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman. local\" email_subject=\"Fwd: TESt\" mailid=\"c0000002-1528269606\" mailsize=5041 spamaction=\"DROP\" reason=\"Email containing confidential data detected. Relevant Data Protection Policy applied.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60134 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"DLP\"", "outcome": "success", + "reason": "Email containing confidential data detected. Relevant Data Protection Policy applied.", "severity": 6, "type": [ "info", @@ -786,7 +646,10 @@ "level": "informational" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:a0QO0XDedN9BRtTg60uWTq/zaCQ=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -796,17 +659,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" ] }, - "server": { - "bytes": 0, - "ip": "10.198.17.121", - "port": 25, - "user": { - "email": "pankhil1@Postman. local" - } - }, "sophos": { "xg": { "av_policy_name": "postman", @@ -816,14 +676,13 @@ "email_subject": "Fwd: TESt", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041121613009", "log_subtype": "DLP", "log_type": "Anti-Spam", "mailid": "c0000002-1528269606", "mailsize": "5041", - "message_id": "13009", "priority": "Information", "quarantine_reason": "DLP", - "reason": "Email containing confidential data detected. Relevant Data Protection Policy applied.", "spamaction": "DROP", "src_country_code": "R1" } @@ -843,15 +702,6 @@ }, { "@timestamp": "2018-06-06T12:51:34.000Z", - "client": { - "bytes": 0, - "domain": "postman.local", - "ip": "10.198.16.121", - "port": 60298, - "user": { - "email": "pankhil@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.16.204", @@ -868,10 +718,11 @@ "category": [ "network" ], - "code": "041122613010", + "code": "13010", "kind": "event", - "original": "device=\"SFW\" date=2018-06-06 time=12:51:34 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041122613010 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"SPX\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"[secure:pankhil]\" mailid=\"c0000003-1528269693\" mailsize=442 spamaction=\"Accept\" reason=\"SPX Template of type Specified by Sender successfully applied on Email.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=60298 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=12:51:34 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041122613010 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"SPX\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil1@Postman.local\" email_subject=\"[secure:pankhil]\" mailid=\"c0000003-1528269693\" mailsize=442 spamaction=\"Accept\" reason=\"SPX Template of type Specified by Sender successfully applied on Email.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.16.204 dst_country_code=R1 protocol=\"TCP\" src_port=60298 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", + "reason": "SPX Template of type Specified by Sender successfully applied on Email.", "severity": 6, "type": [ "allowed", @@ -885,7 +736,10 @@ "level": "informational" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:Gh3yGHw3PI8ixdFOiZO3wKa8qrI=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -895,17 +749,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.16.204" ] }, - "server": { - "bytes": 0, - "ip": "10.198.16.204", - "port": 25, - "user": { - "email": "pankhil1@Postman.local" - } - }, "sophos": { "xg": { "av_policy_name": "None", @@ -915,14 +766,13 @@ "email_subject": "[secure:pankhil]", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041122613010", "log_subtype": "SPX", "log_type": "Anti-Spam", "mailid": "c0000003-1528269693", "mailsize": "442", - "message_id": "13010", "priority": "Information", "quarantine_reason": "Other", - "reason": "SPX Template of type Specified by Sender successfully applied on Email.", "spamaction": "Accept", "src_country_code": "R1" } @@ -942,11 +792,6 @@ }, { "@timestamp": "2018-06-06T12:53:39.000Z", - "client": { - "bytes": 0, - "ip": "10.198.16.121", - "port": 60392 - }, "destination": { "bytes": 0, "ip": "10.198.17.121", @@ -961,10 +806,11 @@ "intrusion_detection", "network" ], - "code": "041123413012", + "code": "13012", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=12:53:39 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041123413012 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Dos\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"\" to_email_address=\"\" email_subject=\"\" mailid=\"\" mailsize=0 spamaction=\"TMPREJECT\" reason=\"SMTP DoS\" src_domainname=\"\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60392 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=12:53:39 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041123413012 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Dos\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"\" to_email_address=\"\" email_subject=\"\" mailid=\"\" mailsize=0 spamaction=\"TMPREJECT\" reason=\"SMTP DoS\" src_domainname=\"\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60392 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", + "reason": "SMTP DoS", "severity": 4, "type": [ "info", @@ -979,7 +825,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:kePcBIa66amVdXctNnMv73KAlD8=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -990,13 +839,12 @@ "related": { "hosts": [ "defaulttest.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" ] }, - "server": { - "bytes": 0, - "ip": "10.198.17.121", - "port": 25 - }, "sophos": { "xg": { "av_policy_name": "None", @@ -1005,13 +853,12 @@ "dst_country_code": "R1", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041123413012", "log_subtype": "Dos", "log_type": "Anti-Spam", "mailsize": "0", - "message_id": "13012", "priority": "Warning", "quarantine_reason": "Other", - "reason": "SMTP DoS", "spamaction": "TMPREJECT", "src_country_code": "R1" } @@ -1027,15 +874,6 @@ }, { "@timestamp": "2018-06-06T12:56:53.000Z", - "client": { - "bytes": 0, - "domain": "postman.local", - "ip": "10.198.16.121", - "port": 60608, - "user": { - "email": "pankhil1@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.17.121", @@ -1053,10 +891,11 @@ "malware", "network" ], - "code": "041102413014", + "code": "13014", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=12:56:53 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041102413014 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Denied\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil1@postman.local\" to_email_address=\"pankhil@postman. local\" email_subject=\"Fwd: test sand\" mailid=\"c0000008-1528270010\" mailsize=419835 spamaction=\"DROP\" reason=\"Email is marked Malicious by Sophos Sandstorm.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60608 dst_port=25 sent_bytes=0 recv_bytes=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=12:56:53 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=041102413014 log_type=\"Anti-Spam\" log_component=\"SMTP\" log_subtype=\"Denied\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"\" av_policy_name=\"postman\" from_email_address=\"pankhil1@postman.local\" to_email_address=\"pankhil@postman. local\" email_subject=\"Fwd: test sand\" mailid=\"c0000008-1528270010\" mailsize=419835 spamaction=\"DROP\" reason=\"Email is marked Malicious by Sophos Sandstorm.\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.17.121 dst_country_code=R1 protocol=\"TCP\" src_port=60608 dst_port=25 sent_bytes=0 recv_bytes=0", "outcome": "success", + "reason": "Email is marked Malicious by Sophos Sandstorm.", "severity": 4, "type": [ "info", @@ -1071,7 +910,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:s4oqzO6RVrUrT4HCROvCsRxyngM=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1081,17 +923,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" + ], + "ip": [ + "10.198.16.121", + "10.198.17.121" ] }, - "server": { - "bytes": 0, - "ip": "10.198.17.121", - "port": 25, - "user": { - "email": "pankhil@postman. local" - } - }, "sophos": { "xg": { "av_policy_name": "postman", @@ -1101,13 +940,12 @@ "email_subject": "Fwd: test sand", "fw_rule_id": "0", "log_component": "SMTP", + "log_id": "041102413014", "log_subtype": "Denied", "log_type": "Anti-Spam", "mailid": "c0000008-1528270010", "mailsize": "419835", - "message_id": "13014", "priority": "Warning", - "reason": "Email is marked Malicious by Sophos Sandstorm.", "spamaction": "DROP", "src_country_code": "R1" } @@ -1127,15 +965,6 @@ }, { "@timestamp": "2017-01-31T18:31:11.000Z", - "client": { - "bytes": 0, - "domain": " iview.com", - "ip": "10.198.47.71", - "port": 22333, - "user": { - "email": "gaurav1@iview.com" - } - }, "destination": { "bytes": 0, "ip": "10.198.233.61", @@ -1153,9 +982,9 @@ "malware", "network" ], - "code": "041207414001", + "code": "14001", "kind": "alert", - "original": "device=\"SFW\" date=2017-01-31 time=18:31:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041207414001 log_type=\"Anti-Spam\" log_component=\"POP3\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"GauravPatel\" from_email_address=\"gaurav1@iview.com\" to_email_address=\"gaurav2@iview. com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003c2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com\u003e\" mailsize=574 spamaction=\"Accept\" reason=\"\" src_domainname=\" iview.com\" dst_domainname=\"iview.com\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22333 dst_port=110 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=18:31:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=041207414001 log_type=\"Anti-Spam\" log_component=\"POP3\" log_subtype=\"Spam\" status=\"\" priority=Warning fw_rule_id=0 user_name=\"gaurav\" av_policy_name=\"GauravPatel\" from_email_address=\"gaurav1@iview.com\" to_email_address=\"gaurav2@iview. com\" email_subject=\"RPD Spam Test: Spam\" mailid=\"\u003c2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com\u003e\" mailsize=574 spamaction=\"Accept\" reason=\"\" src_domainname=\" iview.com\" dst_domainname=\"iview.com\" src_ip=10.198.47.71 src_country_code=R1 dst_ip=10.198.233.61 dst_country_code=R1 protocol=\"TCP\" src_port=22333 dst_port=110 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", "severity": 4, "type": [ @@ -1171,7 +1000,10 @@ "level": "warning" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:E/1TIGuzeeJuVhq04jui66hWf/Q=", + "protocol": "pop3", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1181,17 +1013,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + " iview.com" + ], + "ip": [ + "10.198.47.71", + "10.198.233.61" ] }, - "server": { - "bytes": 0, - "ip": "10.198.233.61", - "port": 110, - "user": { - "email": "gaurav2@iview. com" - } - }, "sophos": { "xg": { "av_policy_name": "GauravPatel", @@ -1202,11 +1031,11 @@ "email_subject": "RPD Spam Test: Spam", "fw_rule_id": "0", "log_component": "POP3", + "log_id": "041207414001", "log_subtype": "Spam", "log_type": "Anti-Spam", "mailid": "\u003c2a2dd5d4-1a30-617b-27b1-7961ad07cf07@iview.com\u003e", "mailsize": "574", - "message_id": "14001", "priority": "Warning", "quarantine_reason": "Other", "spamaction": "Accept", @@ -1229,23 +1058,6 @@ }, { "@timestamp": "2020-05-18T14:38:33.000Z", - "client": { - "bytes": 550, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 57695 - }, "destination": { "bytes": 1616, "geo": { @@ -1272,9 +1084,9 @@ "malware", "network" ], - "code": "030906208001", + "code": "08001", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:33 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=030906208001 log_type=\"Anti-Virus\" log_component=\"HTTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=2 user_name=\"\" iap=13 av_policy_name=\"\" virus=\"Sandstorm\" url=\"http://sophostest.com/Sandstorm/SBTestFile1.pdf\" domainname=\"sophostest.com\" src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=57695 dst_port=80 sent_bytes=550 recv_bytes=1616 user_agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36\" status_code=403", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:33 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=030906208001 log_type=\"Anti-Virus\" log_component=\"HTTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=2 user_name=\"\" iap=13 av_policy_name=\"\" virus=\"Sandstorm\" url=\"http://sophostest.com/Sandstorm/SBTestFile1.pdf\" domainname=\"sophostest.com\" src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=57695 dst_port=80 sent_bytes=550 recv_bytes=1616 user_agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36\" status_code=403", "outcome": "success", "severity": 2, "type": [ @@ -1295,7 +1107,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 2166, + "community_id": "1:/vqw1Zz6/4E618BC7NwuF8VviEw=", + "protocol": "http", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1305,7 +1120,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "sophostest.com" ], "ip": [ "175.16.199.1" @@ -1314,23 +1130,6 @@ "rule": { "id": "2" }, - "server": { - "bytes": 1616, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "device": "SFW", @@ -1338,9 +1137,9 @@ "dst_country_code": "USA", "iap": "13", "log_component": "HTTP", + "log_id": "030906208001", "log_subtype": "Virus", "log_type": "Anti-Virus", - "message_id": "08001", "priority": "Critical", "src_country_code": "R1", "virus": "Sandstorm" @@ -1368,7 +1167,11 @@ ], "url": { "domain": "sophostest.com", - "original": "http://sophostest.com/Sandstorm/SBTestFile1.pdf" + "extension": "pdf", + "full": "http://sophostest.com/Sandstorm/SBTestFile1.pdf", + "original": "http://sophostest.com/Sandstorm/SBTestFile1.pdf", + "path": "/Sandstorm/SBTestFile1.pdf", + "scheme": "http" }, "user_agent": { "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36" @@ -1376,23 +1179,6 @@ }, { "@timestamp": "2020-05-18T14:38:34.000Z", - "client": { - "bytes": 541, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 57835 - }, "destination": { "bytes": 553, "geo": { @@ -1419,9 +1205,9 @@ "malware", "network" ], - "code": "030906208001", + "code": "08001", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:34 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=030906208001 log_type=\"Anti-Virus\" log_component=\"HTTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=2 user_name=\"\" iap=13 av_policy_name=\"\" virus=\"EICAR-AV-Test\" url=\"http://sophostest.com/eicar/index.html\" domainname=\"sophostest.com\" src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=57835 dst_port=80 sent_bytes=541 recv_bytes=553 user_agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36\" status_code=403", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:34 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=030906208001 log_type=\"Anti-Virus\" log_component=\"HTTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=2 user_name=\"\" iap=13 av_policy_name=\"\" virus=\"EICAR-AV-Test\" url=\"http://sophostest.com/eicar/index.html\" domainname=\"sophostest.com\" src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=57835 dst_port=80 sent_bytes=541 recv_bytes=553 user_agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36\" status_code=403", "outcome": "success", "severity": 2, "type": [ @@ -1442,7 +1228,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 1094, + "community_id": "1:Z0Tretxsz7tfUwZQuBzT3MrFn3M=", + "protocol": "http", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1452,7 +1241,8 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "sophostest.com" ], "ip": [ "175.16.199.1" @@ -1461,23 +1251,6 @@ "rule": { "id": "2" }, - "server": { - "bytes": 553, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "device": "SFW", @@ -1485,9 +1258,9 @@ "dst_country_code": "USA", "iap": "13", "log_component": "HTTP", + "log_id": "030906208001", "log_subtype": "Virus", "log_type": "Anti-Virus", - "message_id": "08001", "priority": "Critical", "src_country_code": "R1", "virus": "EICAR-AV-Test" @@ -1515,7 +1288,11 @@ ], "url": { "domain": "sophostest.com", - "original": "http://sophostest.com/eicar/index.html" + "extension": "html", + "full": "http://sophostest.com/eicar/index.html", + "original": "http://sophostest.com/eicar/index.html", + "path": "/eicar/index.html", + "scheme": "http" }, "user_agent": { "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/889.160.20.156 Safari/537.36" @@ -1523,26 +1300,6 @@ }, { "@timestamp": "2020-05-18T14:38:35.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 56336, - "user": { - "email": "info@farasamed.com" - } - }, "destination": { "bytes": 0, "geo": { @@ -1572,9 +1329,9 @@ "malware", "network" ], - "code": "031106210001", + "code": "10001", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:35 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=031106210001 log_type=\"Anti-Virus\" log_component=\"SMTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=22 user_name=\"\" av_policy_name=\"default-smtp-av\" from_email_address=\"info@farasamed.com\" to_email_address=\"info@elastic-user.local\" subject=\"ZAHLUNG (PROFORMA INVOICE)\" mailid=\"\u003c20200520004312.Horde.lEUeVf2I6PwO5K5TtMndnC7@webmail.sevengayr\" mailsize=2254721 virus=\"TR/AD.AgentTesla.eaz\" filename=\"\" quarantine=\"\" src_domainname=\"farasamed.com\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=DEU dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=56336 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Infected\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:35 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=031106210001 log_type=\"Anti-Virus\" log_component=\"SMTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=22 user_name=\"\" av_policy_name=\"default-smtp-av\" from_email_address=\"info@farasamed.com\" to_email_address=\"info@elastic-user.local\" subject=\"ZAHLUNG (PROFORMA INVOICE)\" mailid=\"\u003c20200520004312.Horde.lEUeVf2I6PwO5K5TtMndnC7@webmail.sevengayr\" mailsize=2254721 virus=\"TR/AD.AgentTesla.eaz\" filename=\"\" quarantine=\"\" src_domainname=\"farasamed.com\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=DEU dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=56336 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Infected\"", "outcome": "success", "severity": 2, "type": [ @@ -1590,7 +1347,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:SDfOMtSrSIy++DO4/iWrhPflPNE=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1600,7 +1360,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "farasamed.com" ], "ip": [ "175.16.199.1" @@ -1609,26 +1370,6 @@ "rule": { "id": "22" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 25, - "user": { - "email": "info@elastic-user.local" - } - }, "sophos": { "xg": { "av_policy_name": "default-smtp-av", @@ -1636,11 +1377,11 @@ "device_name": "XG230", "dst_country_code": "DEU", "log_component": "SMTP", + "log_id": "031106210001", "log_subtype": "Virus", "log_type": "Anti-Virus", "mailid": "\u003c20200520004312.Horde.lEUeVf2I6PwO5K5TtMndnC7@webmail.sevengayr", "mailsize": "2254721", - "message_id": "10001", "priority": "Critical", "quarantine_reason": "Infected", "src_country_code": "DEU", @@ -1650,6 +1391,7 @@ }, "source": { "bytes": 0, + "domain": "farasamed.com", "geo": { "city_name": "Changchun", "continent_name": "Asia", @@ -1670,33 +1412,10 @@ }, "tags": [ "preserve_original_event" - ], - "url": { - "domain": "farasamed.com" - } + ] }, { "@timestamp": "2020-05-18T14:38:36.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 54693, - "user": { - "email": "spedizioni@divella.it" - } - }, "destination": { "bytes": 0, "geo": { @@ -1726,9 +1445,9 @@ "malware", "network" ], - "code": "031106210001", + "code": "10001", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:36 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=031106210001 log_type=\"Anti-Virus\" log_component=\"SMTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=22 user_name=\"\" av_policy_name=\"default-smtp-av\" from_email_address=\"spedizioni@divella.it\" to_email_address=\"info@elastic-user.local\" subject=\"Re: NEW PRO-FORMA INVOICE\" mailid=\"\u003c20200519072944.AFCA295AF2A037A6@divella.it\u003e\" mailsize=537457 virus=\"Mal/BredoZp-B\" filename=\"\" quarantine=\"\" src_domainname=\"divella.it\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=USA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=54693 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Infected\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:36 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=031106210001 log_type=\"Anti-Virus\" log_component=\"SMTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=22 user_name=\"\" av_policy_name=\"default-smtp-av\" from_email_address=\"spedizioni@divella.it\" to_email_address=\"info@elastic-user.local\" subject=\"Re: NEW PRO-FORMA INVOICE\" mailid=\"\u003c20200519072944.AFCA295AF2A037A6@divella.it\u003e\" mailsize=537457 virus=\"Mal/BredoZp-B\" filename=\"\" quarantine=\"\" src_domainname=\"divella.it\" dst_domainname=\"\" src_ip=175.16.199.1 src_country_code=USA dst_ip=175.16.199.1 dst_country_code=DEU protocol=\"TCP\" src_port=54693 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Infected\"", "outcome": "success", "severity": 2, "type": [ @@ -1744,7 +1463,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:6tpKSGkpOdXHM5vhqNlALTDRGM8=", + "protocol": "smtp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1753,35 +1475,16 @@ "vendor": "Sophos" }, "related": { - "hosts": [ - "testhost.local" - ], - "ip": [ - "175.16.199.1" - ] - }, - "rule": { - "id": "22" - }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 25, - "user": { - "email": "info@elastic-user.local" - } + "hosts": [ + "testhost.local", + "divella.it" + ], + "ip": [ + "175.16.199.1" + ] + }, + "rule": { + "id": "22" }, "sophos": { "xg": { @@ -1790,11 +1493,11 @@ "device_name": "XG230", "dst_country_code": "DEU", "log_component": "SMTP", + "log_id": "031106210001", "log_subtype": "Virus", "log_type": "Anti-Virus", "mailid": "\u003c20200519072944.AFCA295AF2A037A6@divella.it\u003e", "mailsize": "537457", - "message_id": "10001", "priority": "Critical", "quarantine_reason": "Infected", "src_country_code": "USA", @@ -1804,6 +1507,7 @@ }, "source": { "bytes": 0, + "domain": "divella.it", "geo": { "city_name": "Changchun", "continent_name": "Asia", @@ -1824,21 +1528,10 @@ }, "tags": [ "preserve_original_event" - ], - "url": { - "domain": "divella.it" - } + ] }, { "@timestamp": "2018-06-06T10:51:29.000Z", - "client": { - "bytes": 0, - "ip": "10.198.16.121", - "port": 56653, - "user": { - "email": "pankhil@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.234.240", @@ -1856,9 +1549,9 @@ "malware", "network" ], - "code": "036106211001", + "code": "11001", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=10:51:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036106211001 log_type=\"Anti-Virus\" log_component=\"POPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" subject=\"EICAR\" mailid=\"\u003ca5c35e4b-1198-d0eb-0763-c0d5af3c817e@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56653 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=10:51:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036106211001 log_type=\"Anti-Virus\" log_component=\"POPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"pankhil@postman.local\" subject=\"EICAR\" mailid=\"\u003ca5c35e4b-1198-d0eb-0763-c0d5af3c817e@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56653 dst_port=995 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", "severity": 2, "type": [ @@ -1874,7 +1567,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:miDZMZyHzg1ArtBIc4N8695JaWk=", + "protocol": "pop3s", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1884,7 +1580,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" ], "ip": [ "10.198.16.121", @@ -1894,14 +1591,6 @@ "rule": { "id": "0" }, - "server": { - "bytes": 0, - "ip": "10.198.234.240", - "port": 995, - "user": { - "email": "pankhil@postman.local" - } - }, "sophos": { "xg": { "av_policy_name": "None", @@ -1909,11 +1598,11 @@ "device_name": "SG430", "dst_country_code": "R1", "log_component": "POPS", + "log_id": "036106211001", "log_subtype": "Virus", "log_type": "Anti-Virus", "mailid": "\u003ca5c35e4b-1198-d0eb-0763-c0d5af3c817e@postman.local\u003e", "mailsize": "0", - "message_id": "11001", "priority": "Critical", "quarantine_reason": "Other", "src_country_code": "R1", @@ -1923,6 +1612,7 @@ }, "source": { "bytes": 0, + "domain": "postman.local", "ip": "10.198.16.121", "port": 56653, "user": { @@ -1931,21 +1621,10 @@ }, "tags": [ "preserve_original_event" - ], - "url": { - "domain": "postman.local" - } + ] }, { "@timestamp": "2018-06-06T10:58:29.000Z", - "client": { - "bytes": 0, - "ip": "10.198.16.121", - "port": 56632, - "user": { - "email": "pankhil@postman.local" - } - }, "destination": { "bytes": 0, "ip": "10.198.234.240", @@ -1963,9 +1642,9 @@ "malware", "network" ], - "code": "036206212001", + "code": "12001", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-06 time=10:58:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036206212001 log_type=\"Anti-Virus\" log_component=\"IMAPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" subject=\"EICAR test email\" mailid=\"\u003c2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56632 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=10:58:29 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=036206212001 log_type=\"Anti-Virus\" log_component=\"IMAPS\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" av_policy_name=\"None\" from_email_address=\"pankhil@postman.local\" to_email_address=\"ganga@postman.local\" subject=\"EICAR test email\" mailid=\"\u003c2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local\u003e\" mailsize=0 virus=\"EICAR-AV-Test\" filename=\"\" quarantine=\"\" src_domainname=\"postman.local\" dst_domainname=\"\" src_ip=10.198.16.121 src_country_code=R1 dst_ip=10.198.234.240 dst_country_code=R1 protocol=\"TCP\" src_port=56632 dst_port=993 sent_bytes=0 recv_bytes=0 quarantine_reason=\"Other\"", "outcome": "success", "severity": 2, "type": [ @@ -1981,7 +1660,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:brG0+fyFYq1h9huQh5nQ8cHjL5E=", + "protocol": "imaps", + "transport": "tcp" }, "observer": { "product": "XG", @@ -1991,7 +1673,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "postman.local" ], "ip": [ "10.198.16.121", @@ -2001,14 +1684,6 @@ "rule": { "id": "0" }, - "server": { - "bytes": 0, - "ip": "10.198.234.240", - "port": 993, - "user": { - "email": "ganga@postman.local" - } - }, "sophos": { "xg": { "av_policy_name": "None", @@ -2016,11 +1691,11 @@ "device_name": "SG430", "dst_country_code": "R1", "log_component": "IMAPS", + "log_id": "036206212001", "log_subtype": "Virus", "log_type": "Anti-Virus", "mailid": "\u003c2ca37b7c-e93a-743a-99c4-a0796f0bbb79@postman.local\u003e", "mailsize": "0", - "message_id": "12001", "priority": "Critical", "quarantine_reason": "Other", "src_country_code": "R1", @@ -2030,6 +1705,7 @@ }, "source": { "bytes": 0, + "domain": "postman.local", "ip": "10.198.16.121", "port": 56632, "user": { @@ -2038,18 +1714,10 @@ }, "tags": [ "preserve_original_event" - ], - "url": { - "domain": "postman.local" - } + ] }, { "@timestamp": "2018-06-21T19:50:23.000Z", - "client": { - "bytes": 0, - "ip": "10.146.13.49", - "port": 39910 - }, "destination": { "bytes": 0, "ip": "10.8.142.181", @@ -2064,9 +1732,9 @@ "malware", "network" ], - "code": "031006209001", + "code": "09001", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-21 time=19:50:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031006209001 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" virus=\"EICAR-AV-Test\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Upload\" filename=\" /home/ftp-user/ta_test_file_1ta-cl1-46\" file_size=0 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"STOR\" src_ip=10.146.13.49 src_country_code=R1 dst_ip=10.8.142.181 dst_country_code=R1 protocol=\"TCP\" src_port=39910 dst_port=21 dstdomain=\"\" sent_bytes=0 recv_bytes=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-21 time=19:50:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031006209001 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Virus\" status=\"\" priority=Critical fw_rule_id=0 user_name=\"\" virus=\"EICAR-AV-Test\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Upload\" filename=\" /home/ftp-user/ta_test_file_1ta-cl1-46\" file_size=0 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"STOR\" src_ip=10.146.13.49 src_country_code=R1 dst_ip=10.8.142.181 dst_country_code=R1 protocol=\"TCP\" src_port=39910 dst_port=21 dstdomain=\"\" sent_bytes=0 recv_bytes=0", "outcome": "success", "severity": 2, "type": [ @@ -2087,7 +1755,10 @@ "level": "critical" }, "network": { - "transport": "TCP" + "bytes": 0, + "community_id": "1:pEAtCi2v+cfDLsHaWvO82/Ahn0k=", + "protocol": "ftp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -2107,23 +1778,18 @@ "rule": { "id": "0" }, - "server": { - "bytes": 0, - "ip": "10.8.142.181", - "port": 21 - }, "sophos": { "xg": { - "FTP_direction": "Upload", - "FTP_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "device": "SFW", "device_name": "SF01V", "dst_country_code": "R1", + "ftp_direction": "Upload", + "ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "ftpcommand": "STOR", "log_component": "FTP", + "log_id": "031006209001", "log_subtype": "Virus", "log_type": "Anti-Virus", - "message_id": "09001", "priority": "Critical", "src_country_code": "R1", "virus": "EICAR-AV-Test" @@ -2140,11 +1806,6 @@ }, { "@timestamp": "2018-06-21T19:50:48.000Z", - "client": { - "bytes": 0, - "ip": "10.146.13.49", - "port": 39936 - }, "destination": { "bytes": 19926248, "ip": "10.8.142.181", @@ -2158,9 +1819,9 @@ "category": [ "network" ], - "code": "031001609002", + "code": "09002", "kind": "event", - "original": "device=\"SFW\" date=2018-06-21 time=19:50:48 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031001609002 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" virus=\"\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Download\" filename=\"/home/ftp-user /ta_test_file_1ta-cl1-46\" file_size=19926248 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"RETR\" src_ip=10.146.13.49 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=39936 dst_port=21 dstdomain=\"\" sent_bytes=0 recv_bytes=19926248", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-21 time=19:50:48 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-2df0960 log_id=031001609002 log_type=\"Anti-Virus\" log_component=\"FTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=0 user_name=\"\" virus=\"\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Download\" filename=\"/home/ftp-user /ta_test_file_1ta-cl1-46\" file_size=19926248 file_path=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" ftpcommand=\"RETR\" src_ip=10.146.13.49 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=39936 dst_port=21 dstdomain=\"\" sent_bytes=0 recv_bytes=19926248", "outcome": "success", "severity": 6, "type": [ @@ -2180,7 +1841,10 @@ "level": "informational" }, "network": { - "transport": "TCP" + "bytes": 19926248, + "community_id": "1:hUeUw/6dIhcWCOgAeWChZiMq1qA=", + "protocol": "ftp", + "transport": "tcp" }, "observer": { "product": "XG", @@ -2200,22 +1864,17 @@ "rule": { "id": "0" }, - "server": { - "bytes": 19926248, - "ip": "10.8.142.181", - "port": 21 - }, "sophos": { "xg": { - "FTP_direction": "Download", - "FTP_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "device": "SFW", "device_name": "SF01V", + "ftp_direction": "Download", + "ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "ftpcommand": "RETR", "log_component": "FTP", + "log_id": "031001609002", "log_subtype": "Allowed", "log_type": "Anti-Virus", - "message_id": "09002", "priority": "Information" } }, @@ -2230,13 +1889,6 @@ }, { "@timestamp": "2017-01-31T18:44:31.000Z", - "client": { - "ip": "10.198.47.71", - "port": 22623, - "user": { - "name": "jsmith" - } - }, "destination": { "geo": { "city_name": "Changchun", @@ -2262,10 +1914,10 @@ "intrusion_detection", "network" ], - "code": "086304418010", + "code": "18010", "id": "C366ACFB-7A6F-4870-B359-A6CFDA8C85F7", "kind": "alert", - "original": "device=\"SFW\" date=2017-01-31 time=18:44:31 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=086304418010 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Drop\" priority=Warning user_name=\"jsmith\" protocol=\"TCP\" src_port=22623 dst_port=80 sourceip=10.198.47.71 destinationip=175.16.199.1 url=175.16.199.1 threatname=C2/Generic-A eventid=C366ACFB-7A6F-4870-B359-A6CFDA8C85F7 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=18:44:31 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=086304418010 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Drop\" priority=Warning user_name=\"jsmith\" protocol=\"TCP\" src_port=22623 dst_port=80 sourceip=10.198.47.71 destinationip=175.16.199.1 url=175.16.199.1 threatname=C2/Generic-A eventid=C366ACFB-7A6F-4870-B359-A6CFDA8C85F7 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", "outcome": "success", "severity": 4, "type": [ @@ -2280,6 +1932,7 @@ "level": "warning" }, "network": { + "community_id": "1:iHz0+HJt5nXYKJ8gA8XBVhxEQwI=", "transport": "tcp" }, "observer": { @@ -2300,31 +1953,15 @@ "jsmith" ] }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "device": "SFW", "device_name": "CR750iNG-XP", "eventtype": "Standard", "log_component": "Firewall", + "log_id": "086304418010", "log_subtype": "Drop", "log_type": "ATP", - "message_id": "18010", "priority": "Warning", "threatname": "C2/Generic-A" } @@ -2345,22 +1982,6 @@ }, { "@timestamp": "2020-05-18T14:38:34.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 57579 - }, "destination": { "geo": { "city_name": "Changchun", @@ -2386,10 +2007,10 @@ "intrusion_detection", "network" ], - "code": "086504418010", + "code": "18010", "id": "E91DAD80-BDE4-4682-B7E8-FE394B70A36C", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:34 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=086504418010 log_type=\"ATP\" log_component=\"Web\" log_subtype=\"Drop\" priority=Warning user_name=\"\" protocol=\"TCP\" src_port=57579 dst_port=80 sourceip=175.16.199.1 destinationip=175.16.199.1 url=http://sophostest.com/callhome/index.html threatname=C2/Generic-A eventid=E91DAD80-BDE4-4682-B7E8-FE394B70A36C eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid=\"\" execution_path=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:34 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=086504418010 log_type=\"ATP\" log_component=\"Web\" log_subtype=\"Drop\" priority=Warning user_name=\"\" protocol=\"TCP\" src_port=57579 dst_port=80 sourceip=175.16.199.1 destinationip=175.16.199.1 url=http://sophostest.com/callhome/index.html threatname=C2/Generic-A eventid=E91DAD80-BDE4-4682-B7E8-FE394B70A36C eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid=\"\" execution_path=\"\"", "outcome": "success", "severity": 4, "type": [ @@ -2404,6 +2025,7 @@ "level": "warning" }, "network": { + "community_id": "1:b1o4Rde4SEO3zGAysRCmwfRnBE8=", "transport": "tcp" }, "observer": { @@ -2414,37 +2036,22 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "sophostest.com" ], "ip": [ "175.16.199.1" ] }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "device": "SFW", "device_name": "XG230", "eventtype": "Standard", "log_component": "Web", + "log_id": "086504418010", "log_subtype": "Drop", "log_type": "ATP", - "message_id": "18010", "priority": "Warning", "threatname": "C2/Generic-A" } @@ -2469,27 +2076,16 @@ "preserve_original_event" ], "url": { - "original": "http://sophostest.com/callhome/index.html" + "domain": "sophostest.com", + "extension": "html", + "full": "http://sophostest.com/callhome/index.html", + "original": "http://sophostest.com/callhome/index.html", + "path": "/callhome/index.html", + "scheme": "http" } }, { "@timestamp": "2020-05-18T14:38:35.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 57540 - }, "destination": { "geo": { "city_name": "Changchun", @@ -2515,10 +2111,10 @@ "intrusion_detection", "network" ], - "code": "086504418010", + "code": "18010", "id": "34AC8531-E7C0-4368-9978-5740952EE9AB", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:35 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=086504418010 log_type=\"ATP\" log_component=\"Web\" log_subtype=\"Drop\" priority=Warning user_name=\"\" protocol=\"TCP\" src_port=57540 dst_port=80 sourceip=175.16.199.1 destinationip=175.16.199.1 url=http://sophostest.com/callhome/index.html threatname=C2/Generic-A eventid=34AC8531-E7C0-4368-9978-5740952EE9AB eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid=\"\" execution_path=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:35 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=086504418010 log_type=\"ATP\" log_component=\"Web\" log_subtype=\"Drop\" priority=Warning user_name=\"\" protocol=\"TCP\" src_port=57540 dst_port=80 sourceip=175.16.199.1 destinationip=175.16.199.1 url=http://sophostest.com/callhome/index.html threatname=C2/Generic-A eventid=34AC8531-E7C0-4368-9978-5740952EE9AB eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid=\"\" execution_path=\"\"", "outcome": "success", "severity": 4, "type": [ @@ -2533,6 +2129,7 @@ "level": "warning" }, "network": { + "community_id": "1:7bR+xjprLOf1D9nMa07/FLTsJb4=", "transport": "tcp" }, "observer": { @@ -2543,37 +2140,22 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "sophostest.com" ], "ip": [ "175.16.199.1" ] }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "device": "SFW", "device_name": "XG230", "eventtype": "Standard", "log_component": "Web", + "log_id": "086504418010", "log_subtype": "Drop", "log_type": "ATP", - "message_id": "18010", "priority": "Warning", "threatname": "C2/Generic-A" } @@ -2598,15 +2180,16 @@ "preserve_original_event" ], "url": { - "original": "http://sophostest.com/callhome/index.html" + "domain": "sophostest.com", + "extension": "html", + "full": "http://sophostest.com/callhome/index.html", + "original": "http://sophostest.com/callhome/index.html", + "path": "/callhome/index.html", + "scheme": "http" } }, { "@timestamp": "2018-06-05T08:49:00.000Z", - "client": { - "ip": "10.198.32.89", - "port": 0 - }, "destination": { "geo": { "city_name": "Changchun", @@ -2632,10 +2215,10 @@ "intrusion_detection", "network" ], - "code": "086320518009", + "code": "18009", "id": "C7E26E6F-0097-4EA2-89DE-C31C40636CB2", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-05 time=08:49:00 timezone=\"BST\" device_name=\"XG310\" device_id=C30006T22TGR89B log_id=086320518009 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Alert\" priority=Notice user_name=\"\" protocol=\"ICMP\" src_port=0 dst_port=0 sourceip=10.198.32.89 destinationip=175.16.199.1 url=175.16.199.1 threatname=C2/Generic-A eventid=C7E26E6F-0097-4EA2-89DE-C31C40636CB2 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-05 time=08:49:00 timezone=\"BST\" device_name=\"XG310\" device_id=C30006T22TGR89B log_id=086320518009 log_type=\"ATP\" log_component=\"Firewall\" log_subtype=\"Alert\" priority=Notice user_name=\"\" protocol=\"ICMP\" src_port=0 dst_port=0 sourceip=10.198.32.89 destinationip=175.16.199.1 url=175.16.199.1 threatname=C2/Generic-A eventid=C7E26E6F-0097-4EA2-89DE-C31C40636CB2 eventtype=\"Standard\" login_user=\"\" process_user=\"\" ep_uuid= execution_path=\"\"", "outcome": "success", "severity": 5, "type": [ @@ -2650,6 +2233,7 @@ "level": "notification" }, "network": { + "community_id": "1:kHHQzEsYiPicaHEfNBDcL79Jdlk=", "transport": "icmp" }, "observer": { @@ -2667,31 +2251,15 @@ "175.16.199.1" ] }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 0 - }, "sophos": { "xg": { "device": "SFW", "device_name": "XG310", "eventtype": "Standard", "log_component": "Firewall", + "log_id": "086320518009", "log_subtype": "Alert", "log_type": "ATP", - "message_id": "18009", "priority": "Notice", "threatname": "C2/Generic-A" } @@ -2709,17 +2277,6 @@ }, { "@timestamp": "2017-01-31T14:03:33.000Z", - "client": { - "bytes": 0, - "ip": "10.198.47.71", - "port": 9444, - "user": { - "group": { - "name": "Open Group" - }, - "name": "jsmith" - } - }, "destination": { "bytes": 319007, "geo": { @@ -2745,9 +2302,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device=\"SFW\" date=2017-01-31 time=14:03:33 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"jsmith\" user_gp=\"Open Group\" iap=1 category=\"Entertainment\" category_type=\"Unproductive\" url=\"https://r8---sn-ci5gup-qxas.googlevideo.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=10.198.47.71 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=9444 dst_port=443 sent_bytes=0 recv_bytes=319007 domain=r8---sn-ci5gup-qxas.googlevideo.com exceptions= activityname=\"\" reason=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=14:03:33 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"jsmith\" user_gp=\"Open Group\" iap=1 category=\"Entertainment\" category_type=\"Unproductive\" url=\"https://r8---sn-ci5gup-qxas.googlevideo.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=10.198.47.71 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=9444 dst_port=443 sent_bytes=0 recv_bytes=319007 domain=r8---sn-ci5gup-qxas.googlevideo.com exceptions= activityname=\"\" reason=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -2762,6 +2319,9 @@ "level": "informational" }, "network": { + "bytes": 319007, + "community_id": "1:/f8qayUuOw8mnpWRZ+An6bMQrdY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -2772,7 +2332,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "r8---sn-ci5gup-qxas.googlevideo.com" ], "ip": [ "10.198.47.71", @@ -2782,23 +2343,6 @@ "jsmith" ] }, - "server": { - "bytes": 319007, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 443 - }, "sophos": { "xg": { "category": "Entertainment", @@ -2808,9 +2352,9 @@ "fw_rule_id": "2", "iap": "1", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", - "message_id": "16001", "priority": "Information" } }, @@ -2838,23 +2382,6 @@ }, { "@timestamp": "2017-02-01T18:20:21.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 46719 - }, "destination": { "bytes": 0, "geo": { @@ -2881,9 +2408,9 @@ "malware", "network" ], - "code": "050902616002", + "code": "16002", "kind": "alert", - "original": "device=\"SFW\" date=2017-02-01 time=18:20:21 timezone=\"IST\" device_name=\"SG115\" device_id=S110000E28BA631 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" status=\"\" priority=Information fw_rule_id=1 user_name=\"\" user_gp=\"\" iap=13 category=\"Religion \u0026 Spirituality\" category_type=\"Unproductive\" url=\"http://hanuman.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=46719 dst_port=80 sent_bytes=0 recv_bytes=0 domain=hanuman.com exceptions= activityname=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-02-01 time=18:20:21 timezone=\"IST\" device_name=\"SG115\" device_id=S110000E28BA631 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" status=\"\" priority=Information fw_rule_id=1 user_name=\"\" user_gp=\"\" iap=13 category=\"Religion \u0026 Spirituality\" category_type=\"Unproductive\" url=\"http://hanuman.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=46719 dst_port=80 sent_bytes=0 recv_bytes=0 domain=hanuman.com exceptions= activityname=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -2899,38 +2426,25 @@ "level": "informational" }, "network": { + "bytes": 0, + "community_id": "1:VEidEjVf6CfPataXyE+RuqsRk7Q=", + "protocol": "http", "transport": "tcp" }, - "observer": { - "product": "XG", - "serial_number": "S110000E28BA631", - "type": "firewall", - "vendor": "Sophos" - }, - "related": { - "hosts": [ - "defaulttest.local" - ], - "ip": [ - "175.16.199.1" - ] - }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 + "observer": { + "product": "XG", + "serial_number": "S110000E28BA631", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "hanuman.com" + ], + "ip": [ + "175.16.199.1" + ] }, "sophos": { "xg": { @@ -2941,9 +2455,9 @@ "fw_rule_id": "1", "iap": "13", "log_component": "HTTP", + "log_id": "050902616002", "log_subtype": "Denied", "log_type": "Content Filtering", - "message_id": "16002", "priority": "Information" } }, @@ -2977,23 +2491,6 @@ }, { "@timestamp": "2017-02-01T18:13:29.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 49128 - }, "destination": { "bytes": 0, "geo": { @@ -3020,9 +2517,9 @@ "malware", "network" ], - "code": "054402617051", + "code": "17051", "kind": "alert", - "original": "device=\"SFW\" date=2017-02-01 time=18:13:29 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" priority=Information fw_rule_id=1 user_name=\"\" user_gp=\"\" application_filter_policy=8 category=\"Mobile Applications\" application_name=\"Gtalk Android\" application_risk=4 application_technology=\"Client Server\" application_category=\"Mobile Applications\" src_ip=175.16.199.1 src_country_code=DEU dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=49128 dst_port=5228 sent_bytes=0 recv_bytes=0 status=\"Deny\" message=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-02-01 time=18:13:29 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" priority=Information fw_rule_id=1 user_name=\"\" user_gp=\"\" application_filter_policy=8 category=\"Mobile Applications\" application_name=\"Gtalk Android\" application_risk=4 application_technology=\"Client Server\" application_category=\"Mobile Applications\" src_ip=175.16.199.1 src_country_code=DEU dst_ip=175.16.199.1 dst_country_code=USA protocol=\"TCP\" src_port=49128 dst_port=5228 sent_bytes=0 recv_bytes=0 status=\"Deny\" message=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -3038,6 +2535,8 @@ "level": "informational" }, "network": { + "bytes": 0, + "community_id": "1:AJhaUU/xeI8D80gn3JKhVsapjjk=", "transport": "tcp" }, "observer": { @@ -3054,23 +2553,6 @@ "175.16.199.1" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 5228 - }, "sophos": { "xg": { "application_category": "Mobile Applications", @@ -3084,9 +2566,9 @@ "dst_country_code": "USA", "fw_rule_id": "1", "log_component": "Application", + "log_id": "054402617051", "log_subtype": "Denied", "log_type": "Content Filtering", - "message_id": "17051", "priority": "Information", "src_country_code": "DEU", "status": "Deny" @@ -3115,23 +2597,6 @@ }, { "@timestamp": "2020-05-18T14:38:51.000Z", - "client": { - "bytes": 259, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 62851 - }, "destination": { "bytes": 168, "geo": { @@ -3157,9 +2622,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:51 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"\" user_gp=\"\" iap=13 category=\"Information Technology\" category_type=\"Acceptable\" url=\"https://his-eur1-neur1.servicebus.windows.net/$servicebus/websocket\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=62851 dst_port=443 sent_bytes=259 recv_bytes=168 domain=his-eur1-neur1.servicebus.windows.net exceptions=\"\" activityname=\"\" reason=\"\" user_agent=\"\" status_code=\"400\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=80042000 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:51 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"\" user_gp=\"\" iap=13 category=\"Information Technology\" category_type=\"Acceptable\" url=\"https://his-eur1-neur1.servicebus.windows.net/$servicebus/websocket\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=62851 dst_port=443 sent_bytes=259 recv_bytes=168 domain=his-eur1-neur1.servicebus.windows.net exceptions=\"\" activityname=\"\" reason=\"\" user_agent=\"\" status_code=\"400\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=80042000 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -3179,6 +2644,9 @@ "level": "informational" }, "network": { + "bytes": 427, + "community_id": "1:/CPcuTzO6efcTUZGJuANFDduxfY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3189,29 +2657,13 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "his-eur1-neur1.servicebus.windows.net" ], "ip": [ "175.16.199.1" ] }, - "server": { - "bytes": 168, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -3223,9 +2675,9 @@ "fw_rule_id": "2", "iap": "13", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", - "message_id": "16001", "priority": "Information", "status_code": "400" } @@ -3260,23 +2712,6 @@ }, { "@timestamp": "2020-05-18T14:38:52.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 60471 - }, "destination": { "bytes": 0, "geo": { @@ -3303,9 +2738,9 @@ "malware", "network" ], - "code": "050902616002", + "code": "16002", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:52 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" status=\"\" priority=Information fw_rule_id=51 user_name=\"\" user_gp=\"\" iap=2 category=\"IPAddress\" category_type=\"Acceptable\" url=\"https://175.16.199.1/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=60471 dst_port=443 sent_bytes=0 recv_bytes=0 domain=175.16.199.1 exceptions=\"\" activityname=\"\" reason=\"\" user_agent=\"\" status_code=\"200\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=642960832 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:52 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=050902616002 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Denied\" status=\"\" priority=Information fw_rule_id=51 user_name=\"\" user_gp=\"\" iap=2 category=\"IPAddress\" category_type=\"Acceptable\" url=\"https://175.16.199.1/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=60471 dst_port=443 sent_bytes=0 recv_bytes=0 domain=175.16.199.1 exceptions=\"\" activityname=\"\" reason=\"\" user_agent=\"\" status_code=\"200\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=642960832 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -3326,6 +2761,9 @@ "level": "informational" }, "network": { + "bytes": 0, + "community_id": "1:UmV8uoUJ74HsD4zFRsdS7E2yq/w=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3336,29 +2774,13 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "175.16.199.1" ], "ip": [ "175.16.199.1" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -3370,9 +2792,9 @@ "fw_rule_id": "51", "iap": "2", "log_component": "HTTP", + "log_id": "050902616002", "log_subtype": "Denied", "log_type": "Content Filtering", - "message_id": "16002", "priority": "Information", "status_code": "200" } @@ -3407,23 +2829,6 @@ }, { "@timestamp": "2020-05-18T14:38:53.000Z", - "client": { - "bytes": 980, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 65391 - }, "destination": { "bytes": 295, "geo": { @@ -3449,9 +2854,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:53 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"\" user_gp=\"\" iap=13 category=\"Information Technology\" category_type=\"Acceptable\" url=\"http://update.eset.com/eset_upd/ep7/dll/update.ver.signed\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=65391 dst_port=80 sent_bytes=980 recv_bytes=295 domain=update.eset.com exceptions=av,https,sandstorm activityname=\"\" reason=\"\" user_agent=\"EFSW Update (Windows; U; 64bit; BPC 7.1.12010.0; OS: 10.0.17763 SP 0.0 NT; TDB 45511; CL 1.1.1; x64s; APP efsw; PX 1; PUA 1; CD 1; RA 1; PEV 0; UNS 1; UBR 1158; HVCI 0; SHA256 1; WU 3; HWF: 01009DAA-757A-D666-EFD2-92DD0D501284; PLOC de_de; PCODE 211.0.0; \" status_code=\"304\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=248426360 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:53 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"\" user_gp=\"\" iap=13 category=\"Information Technology\" category_type=\"Acceptable\" url=\"http://update.eset.com/eset_upd/ep7/dll/update.ver.signed\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=175.16.199.1 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=65391 dst_port=80 sent_bytes=980 recv_bytes=295 domain=update.eset.com exceptions=av,https,sandstorm activityname=\"\" reason=\"\" user_agent=\"EFSW Update (Windows; U; 64bit; BPC 7.1.12010.0; OS: 10.0.17763 SP 0.0 NT; TDB 45511; CL 1.1.1; x64s; APP efsw; PX 1; PUA 1; CD 1; RA 1; PEV 0; UNS 1; UBR 1158; HVCI 0; SHA256 1; WU 3; HWF: 01009DAA-757A-D666-EFD2-92DD0D501284; PLOC de_de; PCODE 211.0.0; \" status_code=\"304\" transactionid=\"\" referer=\"\" download_file_name=\"\" download_file_type=\"\" upload_file_name=\"\" upload_file_type=\"\" con_id=248426360 application=\"\" app_is_cloud=0 override_name=\"\" override_authorizer=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -3471,6 +2876,9 @@ "level": "informational" }, "network": { + "bytes": 1275, + "community_id": "1:Ryp54doRa7oC9nCPf20XUfuS+tg=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -3481,29 +2889,13 @@ }, "related": { "hosts": [ - "testhost.local" + "testhost.local", + "update.eset.com" ], "ip": [ "175.16.199.1" ] }, - "server": { - "bytes": 295, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -3516,9 +2908,9 @@ "fw_rule_id": "2", "iap": "13", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", - "message_id": "16001", "priority": "Information", "status_code": "304" } @@ -3564,9 +2956,6 @@ }, { "@timestamp": "2016-12-02T18:50:20.000Z", - "client": { - "ip": "10.108.108.49" - }, "ecs": { "version": "8.0.0" }, @@ -3575,9 +2964,9 @@ "category": [ "network" ], - "code": "058420116010", + "code": "16010", "kind": "event", - "original": "device=\"SFW\" date=2016-12-02 time=18:50:20 timezone=\"GMT\" device_name=\"SF01V\" device_id=1234567890123456 log_id=058420116010 log_type=\"Content Filtering\" log_component=\"Web Content Policy\" log_subtype=\"Alert\" user=\"gi123456\" src_ip=10.108.108.49 transaction_id=\"e4a127f7-a850-477c-920e-a471b38727c1\" dictionary_name=\"complicated_Custom\" site_category=Information Technology website=\"ta-web-static-testing.qa. astaro.de\" direction=\"in\" action=\"Deny\" file_name=\"cgi_echo.pl\" context_match=\"Not\" context_prefix=\"blah blah hello \" context_suffix=\" hello blah \"", + "original": "\u003c30\u003edevice=\"SFW\" date=2016-12-02 time=18:50:20 timezone=\"GMT\" device_name=\"SF01V\" device_id=1234567890123456 log_id=058420116010 log_type=\"Content Filtering\" log_component=\"Web Content Policy\" log_subtype=\"Alert\" user=\"gi123456\" src_ip=10.108.108.49 transaction_id=\"e4a127f7-a850-477c-920e-a471b38727c1\" dictionary_name=\"complicated_Custom\" site_category=Information Technology website=\"ta-web-static-testing.qa. astaro.de\" direction=\"in\" action=\"Deny\" file_name=\"cgi_echo.pl\" context_match=\"Not\" context_prefix=\"blah blah hello \" context_suffix=\" hello blah \"", "outcome": "success", "severity": 1 }, @@ -3613,9 +3002,9 @@ "direction": "in", "file_name": "cgi_echo.pl", "log_component": "Web Content Policy", + "log_id": "058420116010", "log_subtype": "Alert", "log_type": "Content Filtering", - "message_id": "16010", "site_category": "Information Technology", "transaction_id": "e4a127f7-a850-477c-920e-a471b38727c1", "user": "gi123456", @@ -3631,17 +3020,6 @@ }, { "@timestamp": "2016-12-02T18:50:20.000Z", - "client": { - "bytes": 0, - "ip": "192.168.73.220", - "port": 37832, - "user": { - "group": { - "name": "Clientless Open Group" - }, - "name": "rich" - } - }, "destination": { "bytes": 0, "geo": { @@ -3667,9 +3045,9 @@ "category": [ "network" ], - "code": "050927616005", + "code": "16005", "kind": "event", - "original": "device=\"SFW\" date=2016-12-02 time=18:50:20 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050927616005 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Warned\" status=\"\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=192.168.73.220 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=37832 dst_port=80 sent_bytes=0 recv_bytes=0 domain=www.google.com exceptions= activityname=\" Search\" reason=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2016-12-02 time=18:50:20 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050927616005 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Warned\" status=\"\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.com/\" contenttype=\"\" override_token=\"\" httpresponsecode=\"\" src_ip=192.168.73.220 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=37832 dst_port=80 sent_bytes=0 recv_bytes=0 domain=www.google.com exceptions= activityname=\" Search\" reason=\"\"", "outcome": "success", "severity": 6, "type": [ @@ -3684,6 +3062,9 @@ "level": "informational" }, "network": { + "bytes": 0, + "community_id": "1:HvKh3vR/3/66c5khPTyK//csnEc=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -3694,7 +3075,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "www.google.com" ], "ip": [ "192.168.73.220", @@ -3704,23 +3086,6 @@ "rich" ] }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "activityname": " Search", @@ -3731,9 +3096,9 @@ "fw_rule_id": "2", "iap": "13", "log_component": "HTTP", + "log_id": "050927616005", "log_subtype": "Warned", "log_type": "Content Filtering", - "message_id": "16005", "priority": "Information" } }, @@ -3761,17 +3126,6 @@ }, { "@timestamp": "2016-12-02T18:50:22.000Z", - "client": { - "bytes": 0, - "ip": "192.168.73.220", - "port": 46322, - "user": { - "group": { - "name": "Clientless Open Group" - }, - "name": "rich" - } - }, "destination": { "bytes": 619, "geo": { @@ -3797,10 +3151,11 @@ "category": [ "network" ], - "code": "050901616006", + "code": "16006", "kind": "event", - "original": "device=\"SFW\" date=2016-12-02 time=18:50:22 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616006 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.ca/?gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw\" contenttype=\"text/html\" override_token=\"\" httpresponsecode=\"\" src_ip=192.168.73.220 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=46322 dst_port=80 sent_bytes=0 recv_bytes=619 domain=www.google.ca exceptions= activityname=\"Search\" reason=\"not eligible\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2016-12-02 time=18:50:22 timezone=\"GMT\" device_name=\"SFVUNL\" device_id=C01001K234RXPA1 log_id=050901616006 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" status=\"\" priority=Information fw_rule_id=2 user_name=\"rich\" user_gp=\"Clientless Open Group\" iap=13 category=\"Search Engines\" category_type=\"Acceptable\" url=\"http://www.google.ca/?gfe_rd=cr\u0026ei=ojxHWP3WC4WN8QeRioDABw\" contenttype=\"text/html\" override_token=\"\" httpresponsecode=\"\" src_ip=192.168.73.220 dst_ip=175.16.199.1 protocol=\"TCP\" src_port=46322 dst_port=80 sent_bytes=0 recv_bytes=619 domain=www.google.ca exceptions= activityname=\"Search\" reason=\"not eligible\"", "outcome": "success", + "reason": "not eligible", "severity": 6, "type": [ "allowed", @@ -3814,6 +3169,9 @@ "level": "informational" }, "network": { + "bytes": 619, + "community_id": "1:ugKAtyXD+NkO22HaYEqDnd54d38=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -3824,7 +3182,8 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "www.google.ca" ], "ip": [ "192.168.73.220", @@ -3834,23 +3193,6 @@ "rich" ] }, - "server": { - "bytes": 619, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "activityname": "Search", @@ -3862,11 +3204,10 @@ "fw_rule_id": "2", "iap": "13", "log_component": "HTTP", + "log_id": "050901616006", "log_subtype": "Allowed", "log_type": "Content Filtering", - "message_id": "16006", - "priority": "Information", - "reason": "not eligible" + "priority": "Information" } }, "source": { @@ -3894,27 +3235,6 @@ }, { "@timestamp": "2020-05-18T14:38:57.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { - "group": { - "name": "Open Group" - }, - "name": "elastic.user@elastic.test.com" - } - }, "ecs": { "version": "8.0.0" }, @@ -3922,9 +3242,9 @@ "category": [ "authentication" ], - "code": "062910617701", + "code": "17701", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:57 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062910617701 log_type=\"Event\" log_component=\"Firewall Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"Open Group\" auth_client=\"CTA\" auth_mechanism=\"AD\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com of group Open Group logged in successfully to Firewall through AD authentication mechanism from 175.16.199.1\" name=\"elastic.user@elastic.test.com\" src_mac=", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:57 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062910617701 log_type=\"Event\" log_component=\"Firewall Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"Open Group\" auth_client=\"CTA\" auth_mechanism=\"AD\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com of group Open Group logged in successfully to Firewall through AD authentication mechanism from 175.16.199.1\" name=\"elastic.user@elastic.test.com\" src_mac=", "outcome": "success", "severity": 6, "type": [ @@ -3963,9 +3283,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "Firewall Authentication", + "log_id": "062910617701", "log_subtype": "Authentication", "log_type": "Event", - "message_id": "17701", "priority": "Information", "status": "Successful" } @@ -3987,37 +3307,19 @@ "user": { "group": { "name": "Open Group" - }, - "name": "elastic.user@elastic.test.com" - } - }, - "tags": [ - "preserve_original_event" - ], - "user": { - "name": "elastic.user@elastic.test.com" - } - }, - { - "@timestamp": "2020-05-18T14:38:58.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { + }, "name": "elastic.user@elastic.test.com" } }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "elastic.user@elastic.test.com" + } + }, + { + "@timestamp": "2020-05-18T14:38:58.000Z", "destination": { "geo": { "city_name": "Changchun", @@ -4037,9 +3339,9 @@ "version": "8.0.0" }, "event": { - "code": "062511418055", + "code": "18055", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:58 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062511418055 log_type=\"Event\" log_component=\"IPSec\" log_subtype=\"System\" status=\"Failed\" priority=Warning user_name=\"elastic.user@elastic.test.com\" connectionname=\"Location-1\" connectiontype=\"0\" localinterfaceip=175.16.199.1 localgateway=\"\" localnetwork=\"175.16.199.1/19\" remoteinterfaceip=175.16.199.1 remotenetwork=\"10.84.234.5/32\" message=\"location-1 - IKE message retransmission timed out (Remote: 175.16.199.1)\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:58 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062511418055 log_type=\"Event\" log_component=\"IPSec\" log_subtype=\"System\" status=\"Failed\" priority=Warning user_name=\"elastic.user@elastic.test.com\" connectionname=\"Location-1\" connectiontype=\"0\" localinterfaceip=175.16.199.1 localgateway=\"\" localnetwork=\"175.16.199.1/19\" remoteinterfaceip=175.16.199.1 remotenetwork=\"10.84.234.5/32\" message=\"location-1 - IKE message retransmission timed out (Remote: 175.16.199.1)\"", "severity": 4 }, "host": { @@ -4060,28 +3362,12 @@ "testhost.local" ], "ip": [ - "175.16.199.1", "175.16.199.1" ], "user": [ "elastic.user@elastic.test.com" ] }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "sophos": { "xg": { "connectionname": "Location-1", @@ -4090,9 +3376,9 @@ "device_name": "XG230", "localnetwork": "175.16.199.1/19", "log_component": "IPSec", + "log_id": "062511418055", "log_subtype": "System", "log_type": "Event", - "message_id": "18055", "priority": "Warning", "remotenetwork": "10.84.234.5/32", "status": "Failed" @@ -4126,9 +3412,9 @@ "version": "8.0.0" }, "event": { - "code": "062511318057", + "code": "18057", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:59 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062511318057 log_type=\"Event\" log_component=\"IPSec\" log_subtype=\"System\" status=\"Expire\" priority=Error user_name=\"\" connectionname=\"\" connectiontype=\"0\" localinterfaceip=\"\" localgateway=\"\" localnetwork=\"\" remoteinterfaceip=\"\" remotenetwork=\"\" message=\"IKE_SA timed out before it could be established\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:59 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062511318057 log_type=\"Event\" log_component=\"IPSec\" log_subtype=\"System\" status=\"Expire\" priority=Error user_name=\"\" connectionname=\"\" connectiontype=\"0\" localinterfaceip=\"\" localgateway=\"\" localnetwork=\"\" remoteinterfaceip=\"\" remotenetwork=\"\" message=\"IKE_SA timed out before it could be established\"", "severity": 3 }, "host": { @@ -4155,9 +3441,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "IPSec", + "log_id": "062511318057", "log_subtype": "System", "log_type": "Event", - "message_id": "18057", "priority": "Error", "status": "Expire" } @@ -4168,24 +3454,6 @@ }, { "@timestamp": "2020-05-18T14:39:00.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { - "name": "elastic.user@elastic.test.com" - } - }, "ecs": { "version": "8.0.0" }, @@ -4193,9 +3461,9 @@ "category": [ "authentication" ], - "code": "063210617704", + "code": "17704", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:00 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063210617704 log_type=\"Event\" log_component=\"My Account Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com logged in successfully to MyAccount through Local authentication mechanism\" name=\"\" src_mac=", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:00 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063210617704 log_type=\"Event\" log_component=\"My Account Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com logged in successfully to MyAccount through Local authentication mechanism\" name=\"\" src_mac=", "outcome": "success", "severity": 6, "type": [ @@ -4233,9 +3501,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "My Account Authentication", + "log_id": "063210617704", "log_subtype": "Authentication", "log_type": "Event", - "message_id": "17704", "priority": "Information", "status": "Successful" } @@ -4275,9 +3543,9 @@ "host", "malware" ], - "code": "064011517819", + "code": "17819", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:01 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.407794 newversion=1.0.407795 message=\"Avira AV definitions upgraded from 1.0.407794 to 1.0.407795.\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:01 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.407794 newversion=1.0.407795 message=\"Avira AV definitions upgraded from 1.0.407794 to 1.0.407795.\"", "severity": 5, "type": [ "info" @@ -4306,9 +3574,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "Anti-Virus", + "log_id": "064011517819", "log_subtype": "System", "log_type": "Event", - "message_id": "17819", "newversion": "1.0.407795 ", "oldversion": "1.0.407794", "priority": "Notice", @@ -4325,9 +3593,9 @@ "version": "8.0.0" }, "event": { - "code": "063411660022", + "code": "60022", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:02 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=063411660022 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" status=\"Expire\" priority=Information ipaddress=\"192.168.110.10\" client_physical_address=\"-\" client_host_name=\"\" message=\"Lease 192.168.110.10 expired\" raw_data=\"192.168.110.10\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:02 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=063411660022 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" status=\"Expire\" priority=Information ipaddress=\"192.168.110.10\" client_physical_address=\"-\" client_host_name=\"\" message=\"Lease 192.168.110.10 expired\" raw_data=\"192.168.110.10\"", "severity": 6 }, "host": { @@ -4354,9 +3622,9 @@ "device_name": "XG230", "ipaddress": "192.168.110.10", "log_component": "DHCP Server", + "log_id": "063411660022", "log_subtype": "System", "log_type": "Event", - "message_id": "60022", "priority": "Information", "raw_data": "192.168.110.10", "status": "Expire" @@ -4368,24 +3636,6 @@ }, { "@timestamp": "2020-05-18T14:39:03.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { - "name": "elastic.user@elastic.test.com" - } - }, "ecs": { "version": "8.0.0" }, @@ -4393,9 +3643,9 @@ "category": [ "authentication" ], - "code": "063110617710", + "code": "17710", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:03 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063110617710 log_type=\"Event\" log_component=\"SSL VPN Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"AD\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com authenticated successfully to login to SSLVPN through AD authentication mechanism\" name=\"\" src_mac=", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:03 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063110617710 log_type=\"Event\" log_component=\"SSL VPN Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"AD\" reason=\"\" src_ip=175.16.199.1 message=\"User elastic.user@elastic.test.com authenticated successfully to login to SSLVPN through AD authentication mechanism\" name=\"\" src_mac=", "outcome": "success", "severity": 6, "type": [ @@ -4433,9 +3683,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "SSL VPN Authentication", + "log_id": "063110617710", "log_subtype": "Authentication", "log_type": "Event", - "message_id": "17710", "priority": "Information", "status": "Successful" } @@ -4467,12 +3717,6 @@ }, { "@timestamp": "2020-05-18T14:39:04.000Z", - "client": { - "bytes": 0, - "user": { - "name": "elastic.user@elastic.test.com" - } - }, "destination": { "bytes": 0 }, @@ -4480,9 +3724,9 @@ "version": "8.0.0" }, "event": { - "code": "062811617824", + "code": "17824", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:04 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062811617824 log_type=\"Event\" log_component=\"SSL VPN\" log_subtype=\"System\" priority=Information Mode=\"Remote Access\" sessionid=\"\" starttime=0 user_name=\"elastic.user@elastic.test.com\" ipaddress=10.82.234.5 sent_bytes=0 recv_bytes=0 status=\"Established\" message=\"SSL VPN User 'elastic.user@elastic.test.com' connected \" timestamp=1589960866 connectionname=\"\" remote_ip=10.82.234.12", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:04 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062811617824 log_type=\"Event\" log_component=\"SSL VPN\" log_subtype=\"System\" priority=Information Mode=\"Remote Access\" sessionid=\"\" starttime=0 user_name=\"elastic.user@elastic.test.com\" ipaddress=10.82.234.5 sent_bytes=0 recv_bytes=0 status=\"Established\" message=\"SSL VPN User 'elastic.user@elastic.test.com' connected \" timestamp=1589960866 connectionname=\"\" remote_ip=10.82.234.12", "severity": 6 }, "host": { @@ -4506,19 +3750,16 @@ "elastic.user@elastic.test.com" ] }, - "server": { - "bytes": 0 - }, "sophos": { "xg": { - "Mode": "Remote Access", "device": "SFW", "device_name": "XG230", "ipaddress": "10.82.234.5", "log_component": "SSL VPN", + "log_id": "062811617824", "log_subtype": "System", "log_type": "Event", - "message_id": "17824", + "mode": "Remote Access", "priority": "Information", "remote_ip": "10.82.234.12", "starttime": "0", @@ -4537,24 +3778,6 @@ }, { "@timestamp": "2020-05-18T14:39:05.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { - "name": "hendrikl" - } - }, "ecs": { "version": "8.0.0" }, @@ -4562,10 +3785,11 @@ "category": [ "authentication" ], - "code": "063010517708", + "code": "17708", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:05 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063010517708 log_type=\"Event\" log_component=\"VPN Authentication\" log_subtype=\"Authentication\" status=\"Failed\" priority=Notice user_name=\"hendrikl\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"AD,AD,Local\" reason=\"wrong credentials\" src_ip=175.16.199.1 message=\"User elastic01 failed to login to VPN through AD,AD,Local authentication mechanism because of wrong credentials\" name=\"\" src_mac=", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:05 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063010517708 log_type=\"Event\" log_component=\"VPN Authentication\" log_subtype=\"Authentication\" status=\"Failed\" priority=Notice user_name=\"hendrikl\" usergroupname=\"\" auth_client=\"N/A\" auth_mechanism=\"AD,AD,Local\" reason=\"wrong credentials\" src_ip=175.16.199.1 message=\"User elastic01 failed to login to VPN through AD,AD,Local authentication mechanism because of wrong credentials\" name=\"\" src_mac=", "outcome": "failure", + "reason": "wrong credentials", "severity": 5 }, "host": { @@ -4598,11 +3822,10 @@ "device": "SFW", "device_name": "XG230", "log_component": "VPN Authentication", + "log_id": "063010517708", "log_subtype": "Authentication", "log_type": "Event", - "message_id": "17708", "priority": "Notice", - "reason": "wrong credentials", "status": "Failed" } }, @@ -4637,9 +3860,9 @@ "version": "8.0.0" }, "event": { - "code": "066911518017", + "code": "18017", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:06 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=066911518017 log_type=\"Event\" log_component=\"ATP\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.0297 newversion=1.0.0298 message=\"ATP definitions upgraded from 1.0.0297 to 1.0.0298.\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:06 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=066911518017 log_type=\"Event\" log_component=\"ATP\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.0297 newversion=1.0.0298 message=\"ATP definitions upgraded from 1.0.0297 to 1.0.0298.\"", "severity": 5 }, "host": { @@ -4665,9 +3888,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "ATP", + "log_id": "066911518017", "log_subtype": "System", "log_type": "Event", - "message_id": "18017", "newversion": "1.0.0298 ", "oldversion": "1.0.0297", "priority": "Notice", @@ -4680,19 +3903,13 @@ }, { "@timestamp": "2020-05-18T14:39:07.000Z", - "client": { - "ip": "10.83.234.5", - "user": { - "name": "admin" - } - }, "ecs": { "version": "8.0.0" }, "event": { - "code": "062009617502", + "code": "17502", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:07 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=062009617502 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=10.83.234.5 syslog_server_name='Logstash' message=\"SysLog Server 'Logstash' settings were changed by 'admin' from '10.83.234.5' using 'GUI'\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:07 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=062009617502 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=10.83.234.5 SysLog_SERVER_NAME='Logstash' message=\"SysLog Server 'Logstash' settings were changed by 'admin' from '10.83.234.5' using 'GUI'\"", "severity": 6 }, "host": { @@ -4724,9 +3941,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "GUI", + "log_id": "062009617502", "log_subtype": "Admin", "log_type": "Event", - "message_id": "17502", "priority": "Information", "status": "Successful", "syslog_server_name": "'Logstash'" @@ -4744,31 +3961,13 @@ }, { "@timestamp": "2020-05-18T14:39:08.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "user": { - "name": "root" - } - }, "ecs": { "version": "8.0.0" }, "event": { - "code": "062109517507", + "code": "17507", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:08 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"root\" src_ip=175.16.199.1 message=\"User 'root' failed to login from '175.16.199.1' using ssh because of wrong credentials\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:08 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"root\" src_ip=175.16.199.1 message=\"User 'root' failed to login from '175.16.199.1' using ssh because of wrong credentials\"", "outcome": "failure", "severity": 5 }, @@ -4801,9 +4000,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "CLI", + "log_id": "062109517507", "log_subtype": "Admin", "log_type": "Event", - "message_id": "17507", "priority": "Notice", "status": "Failed" } @@ -4836,9 +4035,9 @@ "version": "8.0.0" }, "event": { - "code": "063911517818", + "code": "17818", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:09 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063911517818 log_type=\"Event\" log_component=\"IPS\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=9.17.09 newversion=9.17.10 message=\"IPS definitions upgraded from 9.17.09 to 9.17.10.\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:09 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063911517818 log_type=\"Event\" log_component=\"IPS\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=9.17.09 newversion=9.17.10 message=\"IPS definitions upgraded from 9.17.09 to 9.17.10.\"", "severity": 5 }, "host": { @@ -4864,9 +4063,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "IPS", + "log_id": "063911517818", "log_subtype": "System", "log_type": "Event", - "message_id": "17818", "newversion": "9.17.10 ", "oldversion": "9.17.09", "priority": "Notice", @@ -4883,9 +4082,9 @@ "version": "8.0.0" }, "event": { - "code": "063311617923", + "code": "17923", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:10 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063311617923 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Information backup_mode='appliance' message=\"Scheduled backup to appliance is successful.\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:10 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=063311617923 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Information backup_mode='appliance' message=\"Scheduled backup to appliance is successful.\"", "severity": 6 }, "host": { @@ -4912,9 +4111,9 @@ "device": "SFW", "device_name": "XG230", "log_component": "Appliance", + "log_id": "063311617923", "log_subtype": "System", "log_type": "Event", - "message_id": "17923", "priority": "Information" } }, @@ -4924,16 +4123,6 @@ }, { "@timestamp": "2020-05-18T14:39:20.000Z", - "client": { - "bytes": 0, - "ip": "10.84.234.38", - "user": { - "group": { - "name": "VPN.SSL.Users.elastic" - }, - "name": "elastic.user@elastic.test.com" - } - }, "destination": { "bytes": 0 }, @@ -4945,9 +4134,9 @@ "network", "authentication" ], - "code": "062910617703", + "code": "17703", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:39:20 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=062910617703 log_type=\"Event\" log_component=\"Firewall Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"VPN.SSL.Users.elastic\" auth_client=\"IPSec\" auth_mechanism=\"N/A\" reason=\"\" src_ip=10.84.234.38 src_mac=\"\" start_time=1591086575 sent_bytes=0 recv_bytes=0 message=\"User elastic.user@elastic.test.com was logged out of firewall\" name=\"elastic.user@elastic.test.com\" timestamp=1591086576", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:39:20 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=062910617703 log_type=\"Event\" log_component=\"Firewall Authentication\" log_subtype=\"Authentication\" status=\"Successful\" priority=Information user_name=\"elastic.user@elastic.test.com\" usergroupname=\"VPN.SSL.Users.elastic\" auth_client=\"IPSec\" auth_mechanism=\"N/A\" reason=\"\" src_ip=10.84.234.38 src_mac=\"\" start_time=1591086575 sent_bytes=0 recv_bytes=0 message=\"User elastic.user@elastic.test.com was logged out of firewall\" name=\"elastic.user@elastic.test.com\" timestamp=1591086576", "outcome": "success", "severity": 6, "type": [ @@ -4980,18 +4169,15 @@ "elastic.user@elastic.test.com" ] }, - "server": { - "bytes": 0 - }, "sophos": { "xg": { "auth_client": "IPSec", "device": "SFW", "device_name": "XG230", "log_component": "Firewall Authentication", + "log_id": "062910617703", "log_subtype": "Authentication", "log_type": "Event", - "message_id": "17703", "priority": "Information", "start_time": "1591086575", "status": "Successful" @@ -5016,9 +4202,6 @@ }, { "@timestamp": "2017-03-16T12:56:01.000Z", - "client": { - "bytes": 0 - }, "destination": { "bytes": 0 }, @@ -5026,11 +4209,11 @@ "version": "8.0.0" }, "event": { - "code": "066811618014", + "code": "18014", "duration": 164000000000000, "end": "2017-03-18T10:29:21.000Z", "kind": "event", - "original": "device=\"SFW\" date=2017-03-16 time=12:56:01 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618014 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Connected\" eventtime=\"2017-03-16 12:56:01 IST\" duration=164000 branch_name=Gaurav Patel recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/Gaurav Patel is now re-connected after 164000 ms\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-03-16 time=12:56:01 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618014 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Connected\" eventtime=\"2017-03-16 12:56:01 IST\" duration=164000 branch_name=Gaurav Patel recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/Gaurav Patel is now re-connected after 164000 ms\"", "severity": 6, "start": "2017-03-16T12:56:01.000Z" }, @@ -5052,9 +4235,6 @@ "defaulttest.local" ] }, - "server": { - "bytes": 0 - }, "sophos": { "xg": { "branch_name": "Gaurav Patel", @@ -5062,9 +4242,9 @@ "device_name": "XG125w", "eventtime": "2017-03-16 12:56:01 IST", "log_component": "RED", + "log_id": "066811618014", "log_subtype": "System", "log_type": "Event", - "message_id": "18014", "priority": "Information", "red_id": "A350196C47072B0", "status": "Connected" @@ -5079,9 +4259,6 @@ }, { "@timestamp": "2017-03-16T12:53:27.000Z", - "client": { - "bytes": 22368 - }, "destination": { "bytes": 31488 }, @@ -5089,11 +4266,11 @@ "version": "8.0.0" }, "event": { - "code": "066811618015", + "code": "18015", "duration": 0, "end": "2017-03-16T12:53:27.000Z", "kind": "event", - "original": "device=\"SFW\" date=2017-03-16 time=12:53:27 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618015 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Disconnected\" eventtime=\"2017-03-16 12:53:27 IST\" duration=0 branch_name=Gaurav Patel recv_bytes=31488 sent_bytes=22368 message=\"A350196C47072B0/Gaurav Patel is now disconnected\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-03-16 time=12:53:27 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618015 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Disconnected\" eventtime=\"2017-03-16 12:53:27 IST\" duration=0 branch_name=Gaurav Patel recv_bytes=31488 sent_bytes=22368 message=\"A350196C47072B0/Gaurav Patel is now disconnected\"", "severity": 6, "start": "2017-03-16T12:53:27.000Z" }, @@ -5115,9 +4292,6 @@ "defaulttest.local" ] }, - "server": { - "bytes": 31488 - }, "sophos": { "xg": { "branch_name": "Gaurav Patel", @@ -5125,9 +4299,9 @@ "device_name": "XG125w", "eventtime": "2017-03-16 12:53:27 IST", "log_component": "RED", + "log_id": "066811618015", "log_subtype": "System", "log_type": "Event", - "message_id": "18015", "priority": "Information", "red_id": "A350196C47072B0", "status": "Disconnected" @@ -5142,9 +4316,6 @@ }, { "@timestamp": "2017-03-16T12:46:26.000Z", - "client": { - "bytes": 0 - }, "destination": { "bytes": 0 }, @@ -5152,11 +4323,11 @@ "version": "8.0.0" }, "event": { - "code": "066811618016", + "code": "18016", "duration": 0, "end": "2017-03-16T12:46:26.000Z", "kind": "event", - "original": "device=\"SFW\" date=2017-03-16 time=12:46:26 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618016 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Interim\" eventtime=\"2017-03-16 12:46:26 IST\" duration=0 branch_name=NY recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/NY transfered bytes TX: 0 RX: 0\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-03-16 time=12:46:26 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618016 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Interim\" eventtime=\"2017-03-16 12:46:26 IST\" duration=0 branch_name=NY recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/NY transfered bytes TX: 0 RX: 0\"", "severity": 6, "start": "2017-03-16T12:46:26.000Z" }, @@ -5178,9 +4349,6 @@ "defaulttest.local" ] }, - "server": { - "bytes": 0 - }, "sophos": { "xg": { "branch_name": "NY", @@ -5188,9 +4356,9 @@ "device_name": "XG125w", "eventtime": "2017-03-16 12:46:26 IST", "log_component": "RED", + "log_id": "066811618016", "log_subtype": "System", "log_type": "Event", - "message_id": "18016", "priority": "Information", "red_id": "A350196C47072B0", "status": "Interim" @@ -5209,9 +4377,9 @@ "version": "8.0.0" }, "event": { - "code": "063711517815", + "code": "17815", "kind": "event", - "original": "device=\"SFW\" date=2018-06-06 time=11:12:10 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=063711517815 log_type=\"Event\" log_component=\"DDNS\" log_subtype=\"System\" status=\"Success\" priority=Notice host=test1.customtest.dyndns.org updatedip=10.198.232.86 reason=\"\" message=\"DDNS update for host test1.customtest.dyndns.org was Successful. Updated with IP 10.198.232.86.\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-06 time=11:12:10 timezone=\"IST\" device_name=\"SG430\" device_id=S4000806149EE49 log_id=063711517815 log_type=\"Event\" log_component=\"DDNS\" log_subtype=\"System\" status=\"Success\" priority=Notice host=test1.customtest.dyndns.org updatedip=10.198.232.86 reason=\"\" message=\"DDNS update for host test1.customtest.dyndns.org was Successful. Updated with IP 10.198.232.86.\"", "severity": 5 }, "host": { @@ -5238,9 +4406,9 @@ "device_name": "SG430", "host": "test1.customtest.dyndns.org", "log_component": "DDNS", + "log_id": "063711517815", "log_subtype": "System", "log_type": "Event", - "message_id": "17815", "priority": "Notice", "status": "Success", "updatedip": "10.198.232.86" @@ -5252,29 +4420,6 @@ }, { "@timestamp": "2020-05-18T14:38:37.000Z", - "client": { - "bytes": 459, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", - "nat": { - "ip": "175.16.199.1", - "port": 0 - }, - "packets": 6, - "port": 62841 - }, "destination": { "bytes": 606, "geo": { @@ -5304,11 +4449,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 11000000000, "end": "2020-05-18T14:38:48.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:37 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=11 fw_rule_id=21 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"HTTP\" application_risk=1 application_technology=\"Browser Based\" application_category=\"General Internet\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=SVK protocol=\"TCP\" src_port=62841 dst_port=80 sent_pkts=6 recv_pkts=5 sent_bytes=459 recv_bytes=606 tran_src_ip=175.16.199.1 tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Stop\" connid=\"1617925280\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:37 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=11 fw_rule_id=21 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"HTTP\" application_risk=1 application_technology=\"Browser Based\" application_category=\"General Internet\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=SVK protocol=\"TCP\" src_port=62841 dst_port=80 sent_pkts=6 recv_pkts=5 sent_bytes=459 recv_bytes=606 tran_src_ip=175.16.199.1 tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Stop\" connid=\"1617925280\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:37.000Z", @@ -5326,6 +4471,7 @@ }, "network": { "bytes": 1065, + "community_id": "1:5ytwHpTddp5P0kGMwuNJJLCIN1I=", "direction": "outbound", "packets": 11, "protocol": "http", @@ -5361,27 +4507,6 @@ "id": "21", "ruleset": "1" }, - "server": { - "bytes": 606, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 5, - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -5400,9 +4525,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_country_code": "R1", "src_zone_type": "LAN", @@ -5424,7 +4549,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", + "mac": "00-00-00-00-00-00", "nat": { "ip": "175.16.199.1", "port": 0 @@ -5438,29 +4563,6 @@ }, { "@timestamp": "2020-05-18T14:38:38.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", - "nat": { - "ip": "175.16.199.1", - "port": 0 - }, - "packets": 0, - "port": 49144 - }, "destination": { "bytes": 0, "geo": { @@ -5490,11 +4592,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 0, "end": "2020-05-18T14:38:38.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:38 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=67 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=15 appfilter_policy_id=0 application=\"DNS\" application_risk=1 application_technology=\"Network Protocol\" application_category=\"Infrastructure\" in_interface=\"Port3.400\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=SVK protocol=\"UDP\" src_port=49144 dst_port=53 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=175.16.199.1 tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"DMZ\" srczone=\"DMZ\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Start\" connid=\"3360392048\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:38 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=67 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=15 appfilter_policy_id=0 application=\"DNS\" application_risk=1 application_technology=\"Network Protocol\" application_category=\"Infrastructure\" in_interface=\"Port3.400\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=SVK protocol=\"UDP\" src_port=49144 dst_port=53 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=175.16.199.1 tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"DMZ\" srczone=\"DMZ\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Start\" connid=\"3360392048\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:38.000Z", @@ -5512,6 +4614,7 @@ }, "network": { "bytes": 0, + "community_id": "1:BkHV0Q5JMM3ieP7v+c9GGT3T39s=", "direction": "outbound", "packets": 0, "protocol": "dns", @@ -5547,27 +4650,6 @@ "id": "67", "ruleset": "1" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 53 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -5586,9 +4668,9 @@ "iap": "0", "ips_policy_id": "15", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_country_code": "R1", "src_zone_type": "DMZ", @@ -5610,7 +4692,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", + "mac": "00-00-00-00-00-00", "nat": { "ip": "175.16.199.1", "port": 0 @@ -5624,28 +4706,6 @@ }, { "@timestamp": "2020-05-18T14:38:39.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "24:01:c7:07:2b:a2", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 53287 - }, "destination": { "bytes": 0, "geo": { @@ -5675,11 +4735,11 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "duration": 0, "end": "2020-05-18T14:38:39.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:39 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=24:01:c7:07:2b:a2 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"TCP\" src_port=53287 dst_port=4980 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:39 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=24:01:c7:07:2b:a2 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"TCP\" src_port=53287 dst_port=4980 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:39.000Z", @@ -5696,6 +4756,7 @@ }, "network": { "bytes": 0, + "community_id": "1:/Ufdtqvq+ATpO2Ud6TVqfheypk8=", "packets": 0, "transport": "tcp" }, @@ -5720,33 +4781,12 @@ "testhost.local" ], "ip": [ - "175.16.199.1" - ] - }, - "rule": { - "id": "29", - "ruleset": "1" - }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 4980 + "175.16.199.1" + ] + }, + "rule": { + "id": "29", + "ruleset": "1" }, "sophos": { "xg": { @@ -5760,9 +4800,9 @@ "iap": "2", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "00002", "priority": "Information", "status": "Deny" } @@ -5782,7 +4822,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "24:01:c7:07:2b:a2", + "mac": "24-01-C7-07-2B-A2", "nat": { "port": 0 }, @@ -5795,21 +4835,6 @@ }, { "@timestamp": "2020-05-18T14:38:40.000Z", - "client": { - "bytes": 0, - "ip": "10.82.234.6", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 60102, - "user": { - "group": { - "name": "elastic.group.local" - }, - "name": "elastic@user.local" - } - }, "destination": { "bytes": 0, "ip": "192.168.0.1", @@ -5827,11 +4852,11 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "duration": 0, "end": "2020-05-18T14:38:40.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:40 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"tun0\" out_interface=\"Port1\" src_mac=\"\" src_ip=10.82.234.6 src_country_code=\"\" dst_ip=192.168.0.1 dst_country_code=\"\" protocol=\"TCP\" src_port=60102 dst_port=53 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:40 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"tun0\" out_interface=\"Port1\" src_mac=\"\" src_ip=10.82.234.6 src_country_code=\"\" dst_ip=192.168.0.1 dst_country_code=\"\" protocol=\"TCP\" src_port=60102 dst_port=53 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:40.000Z", @@ -5848,6 +4873,7 @@ }, "network": { "bytes": 0, + "community_id": "1:8b2gxqcJF3RCFwlHBnywSZxJCzM=", "packets": 0, "transport": "tcp" }, @@ -5883,15 +4909,6 @@ "id": "29", "ruleset": "1" }, - "server": { - "bytes": 0, - "ip": "192.168.0.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 53 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -5904,9 +4921,9 @@ "iap": "2", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "00002", "priority": "Information", "status": "Deny" } @@ -5932,28 +4949,6 @@ }, { "@timestamp": "2020-05-18T14:38:41.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "c4:f7:d5:b5:47:f4", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 55039 - }, "destination": { "bytes": 0, "geo": { @@ -5983,11 +4978,11 @@ "category": [ "network" ], - "code": "010302602002", + "code": "02002", "duration": 0, "end": "2020-05-18T14:38:41.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:41 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010302602002 log_type=\"Firewall\" log_component=\"Appliance Access\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2\" out_interface=\"\" src_mac=c4:f7:d5:b5:47:f4 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"TCP\" src_port=55039 dst_port=18 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:41 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010302602002 log_type=\"Firewall\" log_component=\"Appliance Access\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2\" out_interface=\"\" src_mac=c4:f7:d5:b5:47:f4 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"TCP\" src_port=55039 dst_port=18 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:41.000Z", @@ -6004,6 +4999,7 @@ }, "network": { "bytes": 0, + "community_id": "1:l6GmtQazh2DdX7u3B+0U5FoK/VM=", "packets": 0, "transport": "tcp" }, @@ -6030,27 +5026,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 18 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6063,9 +5038,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Appliance Access", + "log_id": "010302602002", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "02002", "priority": "Information", "status": "Deny" } @@ -6085,7 +5060,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "c4:f7:d5:b5:47:f4", + "mac": "C4-F7-D5-B5-47-F4", "nat": { "port": 0 }, @@ -6098,34 +5073,6 @@ }, { "@timestamp": "2020-05-18T14:38:42.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "24:01:c7:07:2b:a2", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 51826, - "user": { - "group": { - "name": "elastic.group.local" - }, - "name": "elastic@user.local" - } - }, "destination": { "bytes": 0, "ip": "192.168.5.11", @@ -6143,11 +5090,11 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "duration": 0, "end": "2020-05-18T14:38:42.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:42 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=24:01:c7:07:2b:a2 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=192.168.5.11 dst_country_code=\"\" protocol=\"TCP\" src_port=51826 dst_port=1109 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:42 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010102600002 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=29 policy_type=1 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=24:01:c7:07:2b:a2 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=192.168.5.11 dst_country_code=\"\" protocol=\"TCP\" src_port=51826 dst_port=1109 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:42.000Z", @@ -6164,6 +5111,7 @@ }, "network": { "bytes": 0, + "community_id": "1:1AaIixBqgjE6URkWLKgsl7sK2bY=", "packets": 0, "transport": "tcp" }, @@ -6199,15 +5147,6 @@ "id": "29", "ruleset": "1" }, - "server": { - "bytes": 0, - "ip": "192.168.5.11", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 1109 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6220,9 +5159,9 @@ "iap": "2", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "00002", "priority": "Information", "status": "Deny" } @@ -6242,7 +5181,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "24:01:c7:07:2b:a2", + "mac": "24-01-C7-07-2B-A2", "nat": { "port": 0 }, @@ -6261,28 +5200,6 @@ }, { "@timestamp": "2020-05-18T14:38:43.000Z", - "client": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "34:db:fd:83:d8:09", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 3389 - }, "destination": { "bytes": 0, "ip": "10.84.234.14", @@ -6301,11 +5218,11 @@ "intrusion_detection", "network" ], - "code": "010402403001", + "code": "03001", "duration": 0, "end": "2020-05-18T14:38:43.000Z", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:43 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010402403001 log_type=\"Firewall\" log_component=\"DoS Attack\" log_subtype=\"Denied\" status=\"Deny\" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=34:db:fd:83:d8:09 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=10.84.234.14 dst_country_code=\"\" protocol=\"UDP\" src_port=3389 dst_port=64465 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:43 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010402403001 log_type=\"Firewall\" log_component=\"DoS Attack\" log_subtype=\"Denied\" status=\"Deny\" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=34:db:fd:83:d8:09 src_ip=175.16.199.1 src_country_code=\"\" dst_ip=10.84.234.14 dst_country_code=\"\" protocol=\"UDP\" src_port=3389 dst_port=64465 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 4, "start": "2020-05-18T14:38:43.000Z", @@ -6322,6 +5239,7 @@ }, "network": { "bytes": 0, + "community_id": "1:2OUzCZQUfZ5IHj9MhIrZoyLi1FQ=", "packets": 0, "transport": "udp" }, @@ -6349,15 +5267,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "10.84.234.14", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 64465 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6370,9 +5279,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "DoS Attack", + "log_id": "010402403001", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "03001", "priority": "Warning", "status": "Deny" } @@ -6392,7 +5301,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "34:db:fd:83:d8:09", + "mac": "34-DB-FD-83-D8-09", "nat": { "port": 0 }, @@ -6405,15 +5314,6 @@ }, { "@timestamp": "2020-05-18T14:38:44.000Z", - "client": { - "bytes": 0, - "ip": "10.82.234.9", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 58331 - }, "destination": { "bytes": 0, "ip": "10.82.234.11", @@ -6431,11 +5331,11 @@ "category": [ "network" ], - "code": "012802605201", + "code": "05201", "duration": 0, "end": "2020-05-18T14:38:44.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:44 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=012802605201 log_type=\"Firewall\" log_component=\"SSL VPN\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"tun0\" out_interface=\"\" src_mac=\"\" src_ip=10.82.234.9 src_country_code=\"\" dst_ip=10.82.234.11 dst_country_code=\"\" protocol=\"TCP\" src_port=58331 dst_port=56267 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:44 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=012802605201 log_type=\"Firewall\" log_component=\"SSL VPN\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"tun0\" out_interface=\"\" src_mac=\"\" src_ip=10.82.234.9 src_country_code=\"\" dst_ip=10.82.234.11 dst_country_code=\"\" protocol=\"TCP\" src_port=58331 dst_port=56267 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:44.000Z", @@ -6452,6 +5352,7 @@ }, "network": { "bytes": 0, + "community_id": "1:UYQJE2dcbFtkondgzOxhp2BryzI=", "packets": 0, "transport": "tcp" }, @@ -6479,15 +5380,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "10.82.234.11", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 56267 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6500,9 +5392,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "SSL VPN", + "log_id": "012802605201", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "05201", "priority": "Information", "status": "Deny" } @@ -6522,22 +5414,6 @@ }, { "@timestamp": "2020-05-18T14:38:45.000Z", - "client": { - "bytes": 0, - "ip": "10.84.234.7", - "mac": "00:00:00:00:00:00", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 58543, - "user": { - "group": { - "name": "elastic.group.local" - }, - "name": "elastic@user.local" - } - }, "destination": { "bytes": 0, "geo": { @@ -6567,11 +5443,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 0, "end": "2020-05-18T14:38:45.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:45 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=61 policy_type=2 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=0 ips_policy_id=11 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"ipsec0\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=10.84.234.7 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=58543 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"VPN\" srczone=\"VPN\" dstzonetype=\"VPN\" dstzone=\"VPN\" dir_disp=\"\" connevent=\"Start\" connid=\"1615935064\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:45 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=61 policy_type=2 user_name=\"elastic@user.local\" user_gp=\"elastic.group.local\" iap=0 ips_policy_id=11 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"ipsec0\" out_interface=\"Port2\" src_mac=00:00:00:00:00:00 src_ip=10.84.234.7 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=58543 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"VPN\" srczone=\"VPN\" dstzonetype=\"VPN\" dstzone=\"VPN\" dir_disp=\"\" connevent=\"Start\" connid=\"1615935064\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2020-05-18T14:38:45.000Z", @@ -6589,6 +5465,7 @@ }, "network": { "bytes": 0, + "community_id": "1:NvQwE56E0Ailx7nirNMhYbqx6Kw=", "direction": "internal", "packets": 0, "transport": "tcp" @@ -6627,27 +5504,6 @@ "id": "61", "ruleset": "2" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6664,9 +5520,9 @@ "iap": "0", "ips_policy_id": "11", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_country_code": "R1", "src_zone_type": "VPN", @@ -6676,7 +5532,7 @@ "source": { "bytes": 0, "ip": "10.84.234.7", - "mac": "00:00:00:00:00:00", + "mac": "00-00-00-00-00-00", "nat": { "port": 0 }, @@ -6695,15 +5551,6 @@ }, { "@timestamp": "2020-05-18T14:38:45.000Z", - "client": { - "bytes": 0, - "ip": "192.168.1.254", - "mac": "34:db:fd:83:d8:09", - "nat": { - "port": 0 - }, - "packets": 0 - }, "destination": { "bytes": 0, "geo": { @@ -6732,11 +5579,11 @@ "category": [ "network" ], - "code": "018201500005", + "code": "00005", "duration": 0, "end": "2020-05-18T14:38:45.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:45 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=018201500005 log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" status=\"Allow\" priority=Notice duration=0 fw_rule_id=60 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=17 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=34:db:fd:83:d8:09 src_ip=192.168.1.254 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"ICMP\" icmp_type=3 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\" connid=\"2685668438\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:45 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=018201500005 log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" status=\"Allow\" priority=Notice duration=0 fw_rule_id=60 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=17 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=34:db:fd:83:d8:09 src_ip=192.168.1.254 src_country_code=\"\" dst_ip=175.16.199.1 dst_country_code=\"\" protocol=\"ICMP\" icmp_type=3 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=\"\" tran_src_port=0 tran_dst_ip=\"\" tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\" connid=\"2685668438\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 5, "start": "2020-05-18T14:38:45.000Z", @@ -6754,6 +5601,7 @@ }, "network": { "bytes": 0, + "community_id": "1:lRNB/KJvdNAICw3aV4RFRxqCKXc=", "packets": 0, "transport": "icmp" }, @@ -6781,26 +5629,6 @@ "id": "60", "ruleset": "1" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6817,9 +5645,9 @@ "icmp_type": "3", "ips_policy_id": "17", "log_component": "ICMP ERROR MESSAGE", + "log_id": "018201500005", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00005", "priority": "Notice", "status": "Allow" } @@ -6827,7 +5655,7 @@ "source": { "bytes": 0, "ip": "192.168.1.254", - "mac": "34:db:fd:83:d8:09", + "mac": "34-DB-FD-83-D8-09", "nat": { "port": 0 }, @@ -6839,28 +5667,6 @@ }, { "@timestamp": "2020-06-05T12:38:53.000Z", - "client": { - "bytes": 1802, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", - "nat": { - "port": 0 - }, - "packets": 6, - "port": 61925 - }, "destination": { "bytes": 1732, "geo": { @@ -6887,11 +5693,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 10000000000, "end": "2020-06-05T12:39:03.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-06-05 time=12:38:53 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=10 fw_rule_id=60 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=17 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"ipsec0\" out_interface=\"Port1\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=61925 dst_port=88 sent_pkts=6 recv_pkts=6 sent_bytes=1802 recv_bytes=1732 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0srczonetype=\"VPN\" srczone=\"VPN\" dstzonetype=\"LAN\" dstzone=\"LAN\" dir_disp=\"\" connevent=\"Stop\" connid=\"1617126256\" vconnid=\"\" hb_health=\"NoHeartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-06-05 time=12:38:53 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=10 fw_rule_id=60 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=17 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"ipsec0\" out_interface=\"Port1\" src_mac=00:00:00:00:00:00 src_ip=175.16.199.1 src_country_code=R1 dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=61925 dst_port=88 sent_pkts=6 recv_pkts=6 sent_bytes=1802 recv_bytes=1732 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0srczonetype=\"VPN\" srczone=\"VPN\" dstzonetype=\"LAN\" dstzone=\"LAN\" dir_disp=\"\" connevent=\"Stop\" connid=\"1617126256\" vconnid=\"\" hb_health=\"NoHeartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0\"", "outcome": "success", "severity": 6, "start": "2020-06-05T12:38:53.000Z", @@ -6909,6 +5715,7 @@ }, "network": { "bytes": 3534, + "community_id": "1:wQwshYyt6z1Z+M4EnWNhl08b820=", "direction": "internal", "packets": 12, "transport": "tcp" @@ -6943,24 +5750,6 @@ "id": "60", "ruleset": "1" }, - "server": { - "bytes": 1732, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "packets": 6, - "port": 88 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -6977,9 +5766,9 @@ "iap": "0", "ips_policy_id": "17", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_country_code": "R1", "status": "Allow" @@ -7000,7 +5789,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "00:00:00:00:00:00", + "mac": "00-00-00-00-00-00", "nat": { "port": 0 }, @@ -7008,20 +5797,11 @@ "port": 61925 }, "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2018-05-30T13:26:37.000Z", - "client": { - "bytes": 0, - "ip": "10.198.32.19", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 1353 - }, + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-05-30T13:26:37.000Z", "destination": { "bytes": 0, "geo": { @@ -7051,11 +5831,11 @@ "category": [ "network" ], - "code": "010202601001", + "code": "01001", "duration": 0, "end": "2018-05-30T13:26:37.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-05-30 time=13:26:37 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.32.19 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"UDP\" src_port=1353 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Invalid UDP destination.\" appresolvedby=\" Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-30 time=13:26:37 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.32.19 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"UDP\" src_port=1353 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Invalid UDP destination.\" appresolvedby=\" Signature\"", "outcome": "success", "severity": 6, "start": "2018-05-30T13:26:37.000Z", @@ -7094,27 +5874,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 0 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7126,10 +5885,10 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Invalid Traffic", + "log_id": "010202601001", "log_subtype": "Denied", "log_type": "Firewall", "message": "Invalid UDP destination.", - "message_id": "01001", "priority": "Information", "status": "Deny" } @@ -7149,15 +5908,6 @@ }, { "@timestamp": "2018-06-04T17:20:24.000Z", - "client": { - "bytes": 0, - "ip": "0.0.0.0", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 0 - }, "destination": { "bytes": 0, "ip": "0.0.0.0", @@ -7175,11 +5925,11 @@ "category": [ "network" ], - "code": "011402601301", + "code": "01301", "duration": 0, "end": "2018-06-04T17:20:24.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-06-04 time=17:20:24 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011402601301 log_type=\"Firewall\" log_component=\"Fragmented Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=0.0.0.0 src_country_code= dst_ip=0.0.0.0 dst_country_code= protocol=\"0\" src_port=0 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-04 time=17:20:24 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011402601301 log_type=\"Firewall\" log_component=\"Fragmented Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=0.0.0.0 src_country_code= dst_ip=0.0.0.0 dst_country_code= protocol=\"0\" src_port=0 dst_port=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", "outcome": "success", "severity": 6, "start": "2018-06-04T17:20:24.000Z", @@ -7217,15 +5967,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "0.0.0.0", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 0 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7237,9 +5978,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Fragmented Traffic", + "log_id": "011402601301", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "01301", "priority": "Information", "status": "Deny" } @@ -7259,16 +6000,6 @@ }, { "@timestamp": "2018-05-30T14:01:32.000Z", - "client": { - "bytes": 0, - "ip": "10.198.38.184", - "mac": "c8:5b:76:ab:72:d3", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 137 - }, "destination": { "bytes": 0, "ip": "10.198.39.255", @@ -7286,11 +6017,11 @@ "category": [ "network" ], - "code": "010302602002", + "code": "02002", "duration": 0, "end": "2018-05-30T14:01:32.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-05-30 time=14:01:32 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010302602002 log_type=\"Firewall\" log_component=\"Appliance Access\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=2 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.611\" out_interface=\"\" src_mac=c8:5b:76:ab:72:d3 src_ip=10.198.38.184 src_country_code= dst_ip=10.198.39.255 dst_country_code= protocol=\"UDP\" src_port=137 dst_port=137 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-30 time=14:01:32 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010302602002 log_type=\"Firewall\" log_component=\"Appliance Access\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=2 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.611\" out_interface=\"\" src_mac=c8:5b:76:ab:72:d3 src_ip=10.198.38.184 src_country_code= dst_ip=10.198.39.255 dst_country_code= protocol=\"UDP\" src_port=137 dst_port=137 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", "outcome": "success", "severity": 6, "start": "2018-05-30T14:01:32.000Z", @@ -7307,6 +6038,7 @@ }, "network": { "bytes": 0, + "community_id": "1:rWQJGdqTu4ERAOCXL2JYQ16npW4=", "packets": 0, "transport": "udp" }, @@ -7334,15 +6066,6 @@ "id": "2", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "10.198.39.255", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 137 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7354,9 +6077,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Appliance Access", + "log_id": "010302602002", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "02002", "priority": "Information", "status": "Deny" } @@ -7364,7 +6087,7 @@ "source": { "bytes": 0, "ip": "10.198.38.184", - "mac": "c8:5b:76:ab:72:d3", + "mac": "C8-5B-76-AB-72-D3", "nat": { "port": 0 }, @@ -7377,16 +6100,6 @@ }, { "@timestamp": "2018-05-30T14:17:17.000Z", - "client": { - "bytes": 0, - "ip": "10.198.32.19", - "mac": "b8:97:5a:5b:0f:fd", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 41960 - }, "destination": { "bytes": 0, "ip": "10.198.32.48", @@ -7405,11 +6118,11 @@ "intrusion_detection", "network" ], - "code": "010402403001", + "code": "03001", "duration": 0, "end": "2018-05-30T14:17:17.000Z", "kind": "alert", - "original": "device=\"SFW\" date=2018-05-30 time=14:17:17 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010402403001 log_type=\"Firewall\" log_component=\"DoS Attack\" log_subtype=\"Denied\" status=\"Deny\" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=10.198.32.48 dst_country_code= protocol=\"TCP\" src_port=41960 dst_port=22 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-30 time=14:17:17 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010402403001 log_type=\"Firewall\" log_component=\"DoS Attack\" log_subtype=\"Denied\" status=\"Deny\" priority=Warning duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"\" src_mac=b8:97:5a:5b:0f:fd src_ip=10.198.32.19 src_country_code= dst_ip=10.198.32.48 dst_country_code= protocol=\"TCP\" src_port=41960 dst_port=22 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", "outcome": "success", "severity": 4, "start": "2018-05-30T14:17:17.000Z", @@ -7426,6 +6139,7 @@ }, "network": { "bytes": 0, + "community_id": "1:ebW+n2XvlKyynA6t/MupXckUzG4=", "packets": 0, "transport": "tcp" }, @@ -7453,15 +6167,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "10.198.32.48", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 22 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7473,9 +6178,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "DoS Attack", + "log_id": "010402403001", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "03001", "priority": "Warning", "status": "Deny" } @@ -7483,7 +6188,7 @@ "source": { "bytes": 0, "ip": "10.198.32.19", - "mac": "b8:97:5a:5b:0f:fd", + "mac": "B8-97-5A-5B-0F-FD", "nat": { "port": 0 }, @@ -7496,14 +6201,6 @@ }, { "@timestamp": "2018-06-05T14:30:31.000Z", - "client": { - "bytes": 0, - "ip": "10.198.37.23", - "nat": { - "port": 0 - }, - "packets": 0 - }, "destination": { "bytes": 0, "ip": "10.198.36.48", @@ -7520,11 +6217,11 @@ "category": [ "network" ], - "code": "010502604001", + "code": "04001", "duration": 0, "end": "2018-06-05T14:30:31.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-06-05 time=14:30:31 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010502604001 log_type=\"Firewall\" log_component=\"ICMP Redirection\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.37.23 src_country_code= dst_ip=10.198.36.48 dst_country_code= protocol=\"ICMP\" icmp_type=5 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-05 time=14:30:31 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010502604001 log_type=\"Firewall\" log_component=\"ICMP Redirection\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.37.23 src_country_code= dst_ip=10.198.36.48 dst_country_code= protocol=\"ICMP\" icmp_type=5 icmp_code=1 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\" Signature\"", "outcome": "success", "severity": 6, "start": "2018-06-05T14:30:31.000Z", @@ -7541,6 +6238,7 @@ }, "network": { "bytes": 0, + "community_id": "1:REw7Fd5sFF/Vbt+C9BommT9XGDQ=", "packets": 0, "transport": "icmp" }, @@ -7563,14 +6261,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "10.198.36.48", - "nat": { - "port": 0 - }, - "packets": 0 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7584,9 +6274,9 @@ "icmp_type": "5", "ips_policy_id": "0", "log_component": "ICMP Redirection", + "log_id": "010502604001", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "04001", "priority": "Information", "status": "Deny" } @@ -7605,15 +6295,6 @@ }, { "@timestamp": "2018-05-31T17:05:14.000Z", - "client": { - "bytes": 0, - "ip": "10.198.12.19", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 1571 - }, "destination": { "bytes": 0, "geo": { @@ -7644,11 +6325,11 @@ "intrusion_detection", "network" ], - "code": "010602605001", + "code": "05001", "duration": 0, "end": "2018-05-31T17:05:14.000Z", "kind": "alert", - "original": "device=\"SFW\" date=2018-05-31 time=17:05:14 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010602605001 log_type=\"Firewall\" log_component=\"Source Routed\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.12.19 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"TCP\" src_port=1571 dst_port=80 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-31 time=17:05:14 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=010602605001 log_type=\"Firewall\" log_component=\"Source Routed\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=1 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"\" out_interface=\"\" src_mac= src_ip=10.198.12.19 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"TCP\" src_port=1571 dst_port=80 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", "outcome": "success", "severity": 6, "start": "2018-05-31T17:05:14.000Z", @@ -7665,6 +6346,7 @@ }, "network": { "bytes": 0, + "community_id": "1:Kz9+srO3WRUzL5hBayiFZG2Vuo4=", "packets": 0, "transport": "tcp" }, @@ -7687,27 +6369,6 @@ "id": "1", "ruleset": "1" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 80 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7719,9 +6380,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Source Routed", + "log_id": "010602605001", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "05001", "priority": "Information", "status": "Deny" } @@ -7741,16 +6402,6 @@ }, { "@timestamp": "2018-05-30T15:09:51.000Z", - "client": { - "bytes": 0, - "ip": "fe80::59f5:3ce8:c98e:5062", - "mac": "1e:3a:5a:5b:23:ab", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 546 - }, "destination": { "bytes": 0, "ip": "ff02::1:2", @@ -7768,11 +6419,11 @@ "category": [ "network" ], - "code": "011702605051", + "code": "05051", "duration": 0, "end": "2018-05-30T15:09:51.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-05-30 time=15:09:51 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011702605051 log_type=\"Firewall\" log_component=\"MAC Filter\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.531\" out_interface=\"\" src_mac=1e:3a:5a:5b:23:ab src_ip=fe80::59f5:3ce8:c98e:5062 src_country_code= dst_ip=ff02::1:2 dst_country_code= protocol=\"UDP\" src_port=546 dst_port=547 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-30 time=15:09:51 timezone=\"IST\" device_name=\"XG125w\" device_id=SFDemo-763180a log_id=011702605051 log_type=\"Firewall\" log_component=\"MAC Filter\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port2.531\" out_interface=\"\" src_mac=1e:3a:5a:5b:23:ab src_ip=fe80::59f5:3ce8:c98e:5062 src_country_code= dst_ip=ff02::1:2 dst_country_code= protocol=\"UDP\" src_port=546 dst_port=547 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"", "outcome": "success", "severity": 6, "start": "2018-05-30T15:09:51.000Z", @@ -7789,6 +6440,7 @@ }, "network": { "bytes": 0, + "community_id": "1:fzZxl6nY1aZerLCg1u8MwroiREk=", "packets": 0, "transport": "udp" }, @@ -7816,15 +6468,6 @@ "id": "0", "ruleset": "0" }, - "server": { - "bytes": 0, - "ip": "ff02::1:2", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 547 - }, "sophos": { "xg": { "appfilter_policy_id": "0", @@ -7836,9 +6479,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "MAC Filter", + "log_id": "011702605051", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "05051", "priority": "Information", "status": "Deny" } @@ -7846,7 +6489,7 @@ "source": { "bytes": 0, "ip": "fe80::59f5:3ce8:c98e:5062", - "mac": "1e:3a:5a:5b:23:ab", + "mac": "1E-3A-5A-5B-23-AB", "nat": { "port": 0 }, @@ -7859,15 +6502,6 @@ }, { "@timestamp": "2018-06-01T10:57:55.000Z", - "client": { - "bytes": 0, - "ip": "10.198.37.57", - "mac": "08:00:27:4c:49:e3", - "nat": { - "port": 0 - }, - "packets": 0 - }, "destination": { "bytes": 0, "ip": "10.198.32.19", @@ -7884,11 +6518,11 @@ "category": [ "network" ], - "code": "016602600006", + "code": "00006", "duration": 0, "end": "2018-06-01T10:57:55.000Z", "kind": "event", - "original": "device=\"SFW\" date=2018-06-01 time=10:57:55 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600006 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=10.198.32.19 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-01 time=10:57:55 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600006 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=10.198.32.19 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2018-06-01T10:57:55.000Z", @@ -7905,6 +6539,7 @@ }, "network": { "bytes": 0, + "community_id": "1:GxdOoNc153FG9L1WhGZ4edd++14=", "packets": 0, "transport": "icmp" }, @@ -7932,14 +6567,6 @@ "id": "16", "ruleset": "1" }, - "server": { - "bytes": 0, - "ip": "10.198.32.19", - "nat": { - "port": 0 - }, - "packets": 0 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -7954,9 +6581,9 @@ "icmp_type": "8", "ips_policy_id": "0", "log_component": "Heartbeat", + "log_id": "016602600006", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "00006", "priority": "Information", "status": "Deny" } @@ -7964,7 +6591,7 @@ "source": { "bytes": 0, "ip": "10.198.37.57", - "mac": "08:00:27:4c:49:e3", + "mac": "08-00-27-4C-49-E3", "nat": { "port": 0 }, @@ -7976,15 +6603,6 @@ }, { "@timestamp": "2018-06-01T10:55:41.000Z", - "client": { - "bytes": 0, - "ip": "10.198.37.57", - "mac": "08:00:27:4c:49:e3", - "nat": { - "port": 0 - }, - "packets": 0 - }, "destination": { "bytes": 0, "geo": { @@ -8014,11 +6632,11 @@ "intrusion_detection", "network" ], - "code": "016602600003", + "code": "00003", "duration": 0, "end": "2018-06-01T10:55:41.000Z", "kind": "alert", - "original": "device=\"SFW\" date=2018-06-01 time=10:55:41 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600003 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-06-01 time=10:55:41 timezone=\"BST\" device_name=\"XG310\" device_id=SFDemo-9a04c43 log_id=016602600003 log_type=\"Firewall\" log_component=\"Heartbeat\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=2 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port3.611\" out_interface=\"\" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=175.16.199.1 dst_country_code= protocol=\"ICMP\" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"Red\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2018-06-01T10:55:41.000Z", @@ -8035,6 +6653,7 @@ }, "network": { "bytes": 0, + "community_id": "1:Sor11fKmsq4B9ppdtSRcf8VuJ2A=", "packets": 0, "transport": "icmp" }, @@ -8062,26 +6681,6 @@ "id": "16", "ruleset": "1" }, - "server": { - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "nat": { - "port": 0 - }, - "packets": 0 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -8096,9 +6695,9 @@ "icmp_type": "8", "ips_policy_id": "0", "log_component": "Heartbeat", + "log_id": "016602600003", "log_subtype": "Denied", "log_type": "Firewall", - "message_id": "00003", "priority": "Information", "status": "Deny" } @@ -8106,7 +6705,7 @@ "source": { "bytes": 0, "ip": "10.198.37.57", - "mac": "08:00:27:4c:49:e3", + "mac": "08-00-27-4C-49-E3", "nat": { "port": 0 }, @@ -8118,22 +6717,6 @@ }, { "@timestamp": "2020-05-18T14:38:54.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 41528 - }, "destination": { "geo": { "city_name": "Changchun", @@ -8159,9 +6742,9 @@ "intrusion_detection", "network" ], - "code": "020804407002", + "code": "07002", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:54 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name=\"\" signature_id=1881 signature_msg=\"SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack\" classification=\"access to a potentially vulnerable web application\" rule_priority=2 src_ip=175.16.199.1 src_country_code=ROU dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=41528 dst_port=80 platform=\"BSD,Linux,Mac,Other,Solaris,Unix,Windows\" category=\"server-webapp\" target=\"Server\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:54 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name=\"\" signature_id=1881 signature_msg=\"SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack\" classification=\"access to a potentially vulnerable web application\" rule_priority=2 src_ip=175.16.199.1 src_country_code=ROU dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=41528 dst_port=80 platform=\"BSD,Linux,Mac,Other,Solaris,Unix,Windows\" category=\"server-webapp\" target=\"Server\"", "outcome": "success", "severity": 4, "type": [ @@ -8176,7 +6759,8 @@ "level": "warning" }, "network": { - "transport": "TCP" + "community_id": "1:EDJ4gi03E1uhPJtd+UqqqK9q3CY=", + "transport": "tcp" }, "observer": { "product": "XG", @@ -8197,22 +6781,6 @@ "id": "1881", "name": "SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack" }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "category": "server-webapp", @@ -8222,9 +6790,9 @@ "fw_rule_id": "25", "idp_policy_id": "7", "log_component": "Signatures", + "log_id": "020804407002", "log_subtype": "Drop", "log_type": "IDP", - "message_id": "07002", "platform": "BSD,Linux,Mac,Other,Solaris,Unix,Windows", "priority": "Warning", "rule_priority": "2", @@ -8254,22 +6822,6 @@ }, { "@timestamp": "2020-05-18T14:38:55.000Z", - "client": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 58914 - }, "destination": { "geo": { "city_name": "Changchun", @@ -8295,9 +6847,9 @@ "intrusion_detection", "network" ], - "code": "020804407002", + "code": "07002", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:55 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=23 user_name=\"\" signature_id=1616 signature_msg=\"PROTOCOL-DNS named version attempt\" classification=\"Attempted Information Leak\" rule_priority=1 src_ip=175.16.199.1 src_country_code=CHN dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"UDP\" src_port=58914 dst_port=53 platform=\"BSD,Linux,Mac,Other,Solaris,Unix,Windows\" category=\"protocol-dns\" target=\"Server\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:55 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=23 user_name=\"\" signature_id=1616 signature_msg=\"PROTOCOL-DNS named version attempt\" classification=\"Attempted Information Leak\" rule_priority=1 src_ip=175.16.199.1 src_country_code=CHN dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"UDP\" src_port=58914 dst_port=53 platform=\"BSD,Linux,Mac,Other,Solaris,Unix,Windows\" category=\"protocol-dns\" target=\"Server\"", "outcome": "success", "severity": 4, "type": [ @@ -8312,7 +6864,8 @@ "level": "warning" }, "network": { - "transport": "UDP" + "community_id": "1:8vmG13S+Pch17rUwYDWmUvtyF9g=", + "transport": "udp" }, "observer": { "product": "XG", @@ -8333,22 +6886,6 @@ "id": "1616", "name": "PROTOCOL-DNS named version attempt" }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 53 - }, "sophos": { "xg": { "category": "protocol-dns", @@ -8358,39 +6895,17 @@ "fw_rule_id": "23", "idp_policy_id": "7", "log_component": "Signatures", + "log_id": "020804407002", "log_subtype": "Drop", "log_type": "IDP", - "message_id": "07002", "platform": "BSD,Linux,Mac,Other,Solaris,Unix,Windows", "priority": "Warning", "rule_priority": "1", "src_country_code": "CHN", "target": "Server" } - }, - "source": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 58914 - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2020-05-18T14:38:56.000Z", - "client": { + }, + "source": { "geo": { "city_name": "Changchun", "continent_name": "Asia", @@ -8404,8 +6919,14 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "port": 59476 + "port": 58914 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2020-05-18T14:38:56.000Z", "destination": { "geo": { "city_name": "Changchun", @@ -8431,9 +6952,9 @@ "intrusion_detection", "network" ], - "code": "020804407002", + "code": "07002", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:56 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name=\"\" signature_id=53589 signature_msg=\"SERVER-WEBAPP DrayTek multiple products command injection attempt\" classification=\"Web Application Attack\" rule_priority=2 src_ip=175.16.199.1 src_country_code=NLD dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=59476 dst_port=80 platform=\"Linux,Mac,Other,Unix,Windows\" category=\"server-webapp\" target=\"Server\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:56 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=020804407002 log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name=\"\" signature_id=53589 signature_msg=\"SERVER-WEBAPP DrayTek multiple products command injection attempt\" classification=\"Web Application Attack\" rule_priority=2 src_ip=175.16.199.1 src_country_code=NLD dst_ip=175.16.199.1 dst_country_code=R1 protocol=\"TCP\" src_port=59476 dst_port=80 platform=\"Linux,Mac,Other,Unix,Windows\" category=\"server-webapp\" target=\"Server\"", "outcome": "success", "severity": 4, "type": [ @@ -8448,7 +6969,8 @@ "level": "warning" }, "network": { - "transport": "TCP" + "community_id": "1:cPgLTsEdLZsqgK3HaTsKG6p+oLM=", + "transport": "tcp" }, "observer": { "product": "XG", @@ -8469,22 +6991,6 @@ "id": "53589", "name": "SERVER-WEBAPP DrayTek multiple products command injection attempt" }, - "server": { - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "port": 80 - }, "sophos": { "xg": { "category": "server-webapp", @@ -8494,9 +7000,9 @@ "fw_rule_id": "25", "idp_policy_id": "7", "log_component": "Signatures", + "log_id": "020804407002", "log_subtype": "Drop", "log_type": "IDP", - "message_id": "07002", "platform": "Linux,Mac,Other,Unix,Windows", "priority": "Warning", "rule_priority": "2", @@ -8526,10 +7032,6 @@ }, { "@timestamp": "2018-05-23T16:20:34.000Z", - "client": { - "ip": "10.0.0.168", - "port": 28938 - }, "destination": { "ip": "10.1.1.234", "port": 25 @@ -8543,9 +7045,9 @@ "intrusion_detection", "network" ], - "code": "020703406001", + "code": "06001", "kind": "alert", - "original": "device=\"SFW\" date=2018-05-23 time=16:20:34 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020703406001 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Detect\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.0.168 src_country_code=R1 dst_ip=10.1.1.234 dst_country_code=R1 protocol=\"TCP\" src_port=28938 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-23 time=16:20:34 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020703406001 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Detect\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.0.168 src_country_code=R1 dst_ip=10.1.1.234 dst_country_code=R1 protocol=\"TCP\" src_port=28938 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", "outcome": "success", "severity": 4, "type": [ @@ -8560,7 +7062,8 @@ "level": "warning" }, "network": { - "transport": "TCP" + "community_id": "1:U2yQKH6TWkggtH81oE8Yw/5bA30=", + "transport": "tcp" }, "observer": { "product": "XG", @@ -8582,10 +7085,6 @@ "id": "26022", "name": "FILE-PDF EmbeddedFile contained within a PDF" }, - "server": { - "ip": "10.1.1.234", - "port": 25 - }, "sophos": { "xg": { "category": "Malware Communication", @@ -8595,9 +7094,9 @@ "fw_rule_id": "2", "idp_policy_id": "1", "log_component": "Anomaly", + "log_id": "020703406001", "log_subtype": "Detect", "log_type": "IDP", - "message_id": "06001", "platform": "Windows", "priority": "Warning", "rule_priority": "1", @@ -8615,10 +7114,6 @@ }, { "@timestamp": "2018-05-23T16:16:43.000Z", - "client": { - "ip": "10.0.1.31", - "port": 40140 - }, "destination": { "ip": "10.1.0.115", "port": 25 @@ -8632,9 +7127,9 @@ "intrusion_detection", "network" ], - "code": "020704406002", + "code": "06002", "kind": "alert", - "original": "device=\"SFW\" date=2018-05-23 time=16:16:43 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020704406002 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Drop\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.1.31 src_country_code=R1 dst_ip=10.1.0.115 dst_country_code=R1 protocol=\"TCP\" src_port=40140 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2018-05-23 time=16:16:43 timezone=\"BST\" device_name=\"XG750\" device_id=SFDemo-f64dd6be log_id=020704406002 log_type=\"IDP\" log_component=\"Anomaly\" log_subtype=\"Drop\" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name=\"\" signature_id=26022 signature_msg=\"FILE-PDF EmbeddedFile contained within a PDF\" classification=\"A Network Trojan was detected\" rule_priority=1 src_ip=10.0.1.31 src_country_code=R1 dst_ip=10.1.0.115 dst_country_code=R1 protocol=\"TCP\" src_port=40140 dst_port=25 platform=\"Windows\" category=\"Malware Communication\" target=\"Server\"", "outcome": "success", "severity": 4, "type": [ @@ -8649,7 +7144,8 @@ "level": "warning" }, "network": { - "transport": "TCP" + "community_id": "1:ZiG8ga1b+BkNsFyuxbnjyDn2xjQ=", + "transport": "tcp" }, "observer": { "product": "XG", @@ -8671,10 +7167,6 @@ "id": "26022", "name": "FILE-PDF EmbeddedFile contained within a PDF" }, - "server": { - "ip": "10.1.0.115", - "port": 25 - }, "sophos": { "xg": { "category": "Malware Communication", @@ -8684,9 +7176,9 @@ "fw_rule_id": "2", "idp_policy_id": "1", "log_component": "Anomaly", + "log_id": "020704406002", "log_subtype": "Drop", "log_type": "IDP", - "message_id": "06002", "platform": "Windows", "priority": "Warning", "rule_priority": "1", @@ -8712,10 +7204,11 @@ "category": [ "network" ], - "code": "138301618041", + "code": "18041", "kind": "event", - "original": "device=\"SFW\" date=2017-01-31 time=14:52:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=138301618041 log_type=\"Sandbox\" log_component=\"Mail\" log_subtype=\"Allowed\" priority=Information user_name=\"\" src_ip= filename=\"\" filetype=\"\" filesize=0 sha1sum=\"\" source=\"\" reason=\"eligible\" destination=\"\" subject=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=14:52:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=138301618041 log_type=\"Sandbox\" log_component=\"Mail\" log_subtype=\"Allowed\" priority=Information user_name=\"\" src_ip= filename=\"\" filetype=\"\" filesize=0 sha1sum=\"\" source=\"\" reason=\"eligible\" destination=\"\" subject=\"\"", "outcome": "success", + "reason": "eligible", "severity": 6, "type": [ "allowed", @@ -8748,11 +7241,10 @@ "device": "SFW", "device_name": "CR750iNG-XP", "log_component": "Mail", + "log_id": "138301618041", "log_subtype": "Allowed", "log_type": "Sandbox", - "message_id": "18041", - "priority": "Information", - "reason": "eligible" + "priority": "Information" } }, "tags": [ @@ -8761,12 +7253,6 @@ }, { "@timestamp": "2017-01-31T14:52:11.000Z", - "client": { - "ip": "10.198.47.112", - "user": { - "name": "jsmith@iview.com" - } - }, "ecs": { "version": "8.0.0" }, @@ -8776,10 +7262,11 @@ "malware", "network" ], - "code": "138302218042", + "code": "18042", "kind": "alert", - "original": "device=\"SFW\" date=2017-01-31 time=14:52:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=138302218042 log_type=\"Sandbox\" log_component=\"Mail\" log_subtype=\"Denied\" priority=Critical user_name=\"jsmith@iview.com\" src_ip=10.198.47.112 filename=\"1.exe\" filetype=\"application/octet-stream\" filesize=153006 sha1sum=\"83cd339302bf5e8ed5240ca6383418089c337a81\" source=\"jsmith@iview.com\" reason=\"cached malicious\" destination=\"\" subject=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=14:52:11 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=138302218042 log_type=\"Sandbox\" log_component=\"Mail\" log_subtype=\"Denied\" priority=Critical user_name=\"jsmith@iview.com\" src_ip=10.198.47.112 filename=\"1.exe\" filetype=\"application/octet-stream\" filesize=153006 sha1sum=\"83cd339302bf5e8ed5240ca6383418089c337a81\" source=\"jsmith@iview.com\" reason=\"cached malicious\" destination=\"\" subject=\"\"", "outcome": "success", + "reason": "cached malicious", "severity": 2, "type": [ "denied", @@ -8791,6 +7278,7 @@ "sha1": "83cd339302bf5e8ed5240ca6383418089c337a81" }, "mime_type": "application/octet-stream", + "name": "1.exe", "size": 153006 }, "host": { @@ -8823,13 +7311,11 @@ "xg": { "device": "SFW", "device_name": "CR750iNG-XP", - "filename": "1.exe", "log_component": "Mail", + "log_id": "138302218042", "log_subtype": "Denied", "log_type": "Sandbox", - "message_id": "18042", "priority": "Critical", - "reason": "cached malicious", "source": "jsmith@iview.com" } }, @@ -8853,10 +7339,11 @@ "category": [ "network" ], - "code": "136501618041", + "code": "18041", "kind": "event", - "original": "device=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=136501618041 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Allowed\" priority=Information user_name=\"\" src_ip= filename=\"\" filetype=\"\" filesize=0 sha1sum=\"\" source=\"\" reason=\"eligible\" destination=\"\" subject=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44313350024-P29PUA log_id=136501618041 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Allowed\" priority=Information user_name=\"\" src_ip= filename=\"\" filetype=\"\" filesize=0 sha1sum=\"\" source=\"\" reason=\"eligible\" destination=\"\" subject=\"\"", "outcome": "success", + "reason": "eligible", "severity": 6, "type": [ "allowed", @@ -8889,11 +7376,10 @@ "device": "SFW", "device_name": "CR750iNG-XP", "log_component": "Web", + "log_id": "136501618041", "log_subtype": "Allowed", "log_type": "Sandbox", - "message_id": "18041", - "priority": "Information", - "reason": "eligible" + "priority": "Information" } }, "tags": [ @@ -8902,11 +7388,8 @@ }, { "@timestamp": "2017-01-31T15:28:25.000Z", - "client": { - "ip": "10.198.47.112", - "user": { - "name": "jsmith" - } + "destination": { + "ip": "10.198.241.50" }, "ecs": { "version": "8.0.0" @@ -8916,10 +7399,11 @@ "category": [ "network" ], - "code": "136528618043", + "code": "18043", "kind": "event", - "original": "device=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136528618043 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Pending\" priority=Information user_name=\"jsmith\" src_ip=10.198.47.112 filename=\"19.exe\" filetype=\"application/octet-stream\" filesize=153010 sha1sum=\"3ce799580908df9ca0dc649aa8c2d06ab267e8c8\" source=\"10.198.241.50\" reason=\"pending\" destination=\"\" subject=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136528618043 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Pending\" priority=Information user_name=\"jsmith\" src_ip=10.198.47.112 filename=\"19.exe\" filetype=\"application/octet-stream\" filesize=153010 sha1sum=\"3ce799580908df9ca0dc649aa8c2d06ab267e8c8\" source=\"10.198.241.50\" reason=\"pending\" destination=\"\" subject=\"\"", "outcome": "success", + "reason": "pending", "severity": 6, "type": [ "start", @@ -8931,6 +7415,7 @@ "sha1": "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" }, "mime_type": "application/octet-stream", + "name": "19.exe", "size": 153010 }, "host": { @@ -8950,10 +7435,12 @@ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], "hosts": [ - "defaulttest.local" + "defaulttest.local", + "10.198.241.50" ], "ip": [ - "10.198.47.112" + "10.198.47.112", + "10.198.241.50" ], "user": [ "jsmith" @@ -8963,14 +7450,11 @@ "xg": { "device": "SFW", "device_name": "CR750iNG-XP", - "filename": "19.exe", "log_component": "Web", + "log_id": "136528618043", "log_subtype": "Pending", "log_type": "Sandbox", - "message_id": "18043", - "priority": "Information", - "reason": "pending", - "source": "10.198.241.50" + "priority": "Information" } }, "source": { @@ -8981,15 +7465,15 @@ }, "tags": [ "preserve_original_event" - ] + ], + "url": { + "domain": "10.198.241.50" + } }, { "@timestamp": "2017-01-31T15:28:25.000Z", - "client": { - "ip": "10.198.47.112", - "user": { - "name": "jsmith" - } + "destination": { + "ip": "10.198.241.50" }, "ecs": { "version": "8.0.0" @@ -9000,10 +7484,11 @@ "malware", "network" ], - "code": "136502218042", + "code": "18042", "kind": "alert", - "original": "device=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136502218042 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Denied\" priority=Critical user_name=\"jsmith\" src_ip=10.198.47.112 filename=\"19.exe\" filetype=\"application/octet-stream\" filesize=153010 sha1sum=\"3ce799580908df9ca0dc649aa8c2d06ab267e8c8\" source=\"10.198.241.50\" reason=\"cloud malicious\" destination=\"\" subject=\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-01-31 time=15:28:25 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136502218042 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Denied\" priority=Critical user_name=\"jsmith\" src_ip=10.198.47.112 filename=\"19.exe\" filetype=\"application/octet-stream\" filesize=153010 sha1sum=\"3ce799580908df9ca0dc649aa8c2d06ab267e8c8\" source=\"10.198.241.50\" reason=\"cloud malicious\" destination=\"\" subject=\"", "outcome": "success", + "reason": "cloud malicious", "severity": 2, "type": [ "denied", @@ -9015,6 +7500,7 @@ "sha1": "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" }, "mime_type": "application/octet-stream", + "name": "19.exe", "size": 153010 }, "host": { @@ -9034,10 +7520,12 @@ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], "hosts": [ - "defaulttest.local" + "defaulttest.local", + "10.198.241.50" ], "ip": [ - "10.198.47.112" + "10.198.47.112", + "10.198.241.50" ], "user": [ "jsmith" @@ -9047,14 +7535,11 @@ "xg": { "device": "SFW", "device_name": "CR750iNG-XP", - "filename": "19.exe", "log_component": "Web", + "log_id": "136502218042", "log_subtype": "Denied", "log_type": "Sandbox", - "message_id": "18042", - "priority": "Critical", - "reason": "cloud malicious", - "source": "10.198.241.50" + "priority": "Critical" } }, "source": { @@ -9065,12 +7550,15 @@ }, "tags": [ "preserve_original_event" - ] + ], + "url": { + "domain": "10.198.241.50" + } }, { "@timestamp": "2020-05-18T14:38:36.000Z", - "client": { - "ip": "175.16.199.1" + "destination": { + "domain": "sophostest.com" }, "ecs": { "version": "8.0.0" @@ -9081,10 +7569,11 @@ "malware", "network" ], - "code": "136502218042", + "code": "18042", "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:36 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136502218042 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Denied\" priority=Critical user_name=\"\" src_ip=175.16.199.1 filename=\"SBTestFile1.pdf\" filetype=\"application/pdf\" filesize=1124 sha1sum=\"d910c4a81122c360fe57f67a04999425a65249db\" source=\"sophostest.com\" reason=\"cached malicious\" destination=\"\" subject=\"\"", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:36 timezone=\"IST\" device_name=\"CR750iNG-XP\" device_id=C44310050024-P29PUA log_id=136502218042 log_type=\"Sandbox\" log_component=\"Web\" log_subtype=\"Denied\" priority=Critical user_name=\"\" src_ip=175.16.199.1 filename=\"SBTestFile1.pdf\" filetype=\"application/pdf\" filesize=1124 sha1sum=\"d910c4a81122c360fe57f67a04999425a65249db\" source=\"sophostest.com\" reason=\"cached malicious\" destination=\"\" subject=\"\"", "outcome": "success", + "reason": "cached malicious", "severity": 2, "type": [ "denied", @@ -9096,6 +7585,7 @@ "sha1": "d910c4a81122c360fe57f67a04999425a65249db" }, "mime_type": "application/pdf", + "name": "SBTestFile1.pdf", "size": 1124 }, "host": { @@ -9115,7 +7605,8 @@ "d910c4a81122c360fe57f67a04999425a65249db" ], "hosts": [ - "defaulttest.local" + "defaulttest.local", + "sophostest.com" ], "ip": [ "175.16.199.1" @@ -9125,27 +7616,14 @@ "xg": { "device": "SFW", "device_name": "CR750iNG-XP", - "filename": "SBTestFile1.pdf", "log_component": "Web", + "log_id": "136502218042", "log_subtype": "Denied", "log_type": "Sandbox", - "message_id": "18042", - "priority": "Critical", - "reason": "cached malicious", - "source": "sophostest.com" + "priority": "Critical" } }, "source": { - "ip": "175.16.199.1" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "@timestamp": "2020-05-18T14:38:46.000Z", - "client": { - "bytes": 1419, "geo": { "city_name": "Changchun", "continent_name": "Asia", @@ -9160,6 +7638,15 @@ }, "ip": "175.16.199.1" }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "sophostest.com" + } + }, + { + "@timestamp": "2020-05-18T14:38:46.000Z", "destination": { "bytes": 401, "geo": { @@ -9185,9 +7672,10 @@ "intrusion_detection", "network" ], - "code": "075000617071", + "code": "17071", + "duration": 11199000, "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:46 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=webmail.elasticuser.com sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.1\" url=/mapi/nspi/ querystring=?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com cookie=\"MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsxYNAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDoAitM4bv3XCA==;MapiSequence=10-GtgsIA==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7PxcrL\" referer=- method=POST httpstatus=401 reason=\"-\" extra=\"-\" contenttype=\"-\" useragent=\"Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.4954; Pro)\" host=175.16.199.1 responsetime=11199 bytessent=5669 bytesrcv=1419 fw_rule_id=79", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:46 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123456 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=webmail.elasticuser.com sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.1\" url=/mapi/nspi/ querystring=?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com cookie=\"MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsxYNAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDoAitM4bv3XCA==;MapiSequence=10-GtgsIA==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7PxcrL\" referer=- method=POST httpstatus=401 reason=\"-\" extra=\"-\" contenttype=\"-\" useragent=\"Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.4954; Pro)\" host=175.16.199.1 responsetime=11199 bytessent=5669 bytesrcv=1419 fw_rule_id=79", "severity": 6, "type": [ "denied", @@ -9220,22 +7708,6 @@ "175.16.199.1" ] }, - "server": { - "bytes": 401, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "sophos": { "xg": { "cookie": "MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsxYNAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDoAitM4bv3XCA==;MapiSequence=10-GtgsIA==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7PxcrL", @@ -9244,11 +7716,10 @@ "fw_rule_id": "79", "host": "175.16.199.1", "log_component": "Web Application Firewall", + "log_id": "075000617071", "log_type": "WAF", - "message_id": "17071", "priority": "Information", "querystring": "?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com", - "responsetime": 11199, "server": "webmail.elasticuser.com" } }, @@ -9280,22 +7751,6 @@ }, { "@timestamp": "2020-05-18T14:38:47.000Z", - "client": { - "bytes": 1774, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "destination": { "bytes": 200, "geo": { @@ -9321,9 +7776,10 @@ "intrusion_detection", "network" ], - "code": "075000617071", + "code": "17071", + "duration": 14086000, "kind": "alert", - "original": "device=\"SFW\" date=2020-05-18 time=14:38:47 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=webmail.elasticuser.com sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.1\" url=/mapi/nspi/ querystring=?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com cookie=\"MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsw0NAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDpeyft5bv3XCA==;MapiSequence=9-Km2JMg==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7Oxc3M\" referer=- method=POST httpstatus=200 reason=\"-\" extra=\"-\" contenttype=\"application/mapi-http\" useragent=\"Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.4954; Pro)\" host=175.16.199.1 responsetime=14086 bytessent=1357 bytesrcv=1774 fw_rule_id=79", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-18 time=14:38:47 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=webmail.elasticuser.com sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.1\" url=/mapi/nspi/ querystring=?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com cookie=\"MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsw0NAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDpeyft5bv3XCA==;MapiSequence=9-Km2JMg==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7Oxc3M\" referer=- method=POST httpstatus=200 reason=\"-\" extra=\"-\" contenttype=\"application/mapi-http\" useragent=\"Microsoft Office/16.0 (Windows NT 6.2; Microsoft Outlook 16.0.4954; Pro)\" host=175.16.199.1 responsetime=14086 bytessent=1357 bytesrcv=1774 fw_rule_id=79", "severity": 6, "type": [ "denied", @@ -9356,22 +7812,6 @@ "175.16.199.1" ] }, - "server": { - "bytes": 200, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "sophos": { "xg": { "contenttype": "application/mapi-http", @@ -9381,11 +7821,10 @@ "fw_rule_id": "79", "host": "175.16.199.1", "log_component": "Web Application Firewall", + "log_id": "075000617071", "log_type": "WAF", - "message_id": "17071", "priority": "Information", "querystring": "?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com", - "responsetime": 14086, "server": "webmail.elasticuser.com" } }, @@ -9417,13 +7856,6 @@ }, { "@timestamp": "2020-05-19T17:20:29.000Z", - "client": { - "bytes": 510, - "ip": "10.198.235.254", - "user": { - "name": "jsmith" - } - }, "destination": { "bytes": 403, "ip": "10.198.233.48" @@ -9437,10 +7869,12 @@ "intrusion_detection", "network" ], - "code": "075000617071", + "code": "17071", + "duration": 19310000, "kind": "alert", - "original": "device=\"SFW\" date=2020-05-19 time=17:20:29 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"jsmith\" server=www.iviewtest.com:8989 sourceip=10.198.235.254 localip=10.198.233.48 ws_protocol=\"HTTP/1.1\" url=/ querystring= cookie=\"-\" referer=- method=GET httpstatus=403 reason=\"Static URL Hardening\" extra=\"No signature found\" contenttype=\"text/html\" useragent=\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0\" host=10.198.235.254 responsetime=19310 bytessent=726 bytesrcv=510 fw_rule_id=3", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-19 time=17:20:29 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"jsmith\" server=www.iviewtest.com:8989 sourceip=10.198.235.254 localip=10.198.233.48 ws_protocol=\"HTTP/1.1\" url=/ querystring= cookie=\"-\" referer=- method=GET httpstatus=403 reason=\"Static URL Hardening\" extra=\"No signature found\" contenttype=\"text/html\" useragent=\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0\" host=10.198.235.254 responsetime=19310 bytessent=726 bytesrcv=510 fw_rule_id=3", "outcome": "success", + "reason": "Static URL Hardening", "severity": 6, "type": [ "denied", @@ -9477,10 +7911,6 @@ "jsmith" ] }, - "server": { - "bytes": 403, - "ip": "10.198.233.48" - }, "sophos": { "xg": { "contenttype": "text/html", @@ -9490,11 +7920,9 @@ "fw_rule_id": "3", "host": "10.198.235.254", "log_component": "Web Application Firewall", + "log_id": "075000617071", "log_type": "WAF", - "message_id": "17071", "priority": "Information", - "reason": "Static URL Hardening", - "responsetime": 19310, "server": "www.iviewtest.com:8989" } }, @@ -9517,13 +7945,6 @@ }, { "@timestamp": "2020-05-19T18:03:30.000Z", - "client": { - "bytes": 715, - "ip": "10.198.235.254", - "user": { - "name": "jsmith" - } - }, "destination": { "bytes": 403, "ip": "10.198.233.48" @@ -9537,10 +7958,12 @@ "malware", "network" ], - "code": "075000617071", + "code": "17071", + "duration": 403214000, "kind": "alert", - "original": "device=\"SFW\" date=2020-05-19 time=18:03:30 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123456 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"jsmith\" server=www.iviewtest.com:8990 sourceip=10.198.235.254 localip=10.198.233.48 ws_protocol=\"HTTP/1.1\" url=/download/eicarcom2.zip querystring= cookie=\"; PHPSESSID=jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*\" referer=http://www.iviewtest.com:8990/85-0-Download.html method=GET httpstatus=403 reason=\"Antivirus\" extra=\"EICAR-AV-Test\" contenttype=\"text/html\" useragent=\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0\" host=10.198.235.254 responsetime=403214 bytessent=739 bytesrcv=715 fw_rule_id=6", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-19 time=18:03:30 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123456 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"jsmith\" server=www.iviewtest.com:8990 sourceip=10.198.235.254 localip=10.198.233.48 ws_protocol=\"HTTP/1.1\" url=/download/eicarcom2.zip querystring= cookie=\"; PHPSESSID=jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*\" referer=http://www.iviewtest.com:8990/85-0-Download.html method=GET httpstatus=403 reason=\"Antivirus\" extra=\"EICAR-AV-Test\" contenttype=\"text/html\" useragent=\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0\" host=10.198.235.254 responsetime=403214 bytessent=739 bytesrcv=715 fw_rule_id=6", "outcome": "success", + "reason": "Antivirus", "severity": 6, "type": [ "denied", @@ -9578,13 +8001,8 @@ "jsmith" ] }, - "server": { - "bytes": 403, - "ip": "10.198.233.48" - }, "sophos": { "xg": { - "PHPSESSID": "jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*", "contenttype": "text/html", "cookie": ";", "device": "SFW", @@ -9593,11 +8011,10 @@ "fw_rule_id": "6", "host": "10.198.235.254", "log_component": "Web Application Firewall", + "log_id": "075000617071", "log_type": "WAF", - "message_id": "17071", + "phpsessid": "jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*", "priority": "Information", - "reason": "Antivirus", - "responsetime": 403214, "server": "www.iviewtest.com:8990" } }, @@ -9620,22 +8037,6 @@ }, { "@timestamp": "2020-05-20T18:03:31.000Z", - "client": { - "bytes": 295, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "destination": { "bytes": 403, "geo": { @@ -9661,10 +8062,12 @@ "intrusion_detection", "network" ], - "code": "075000617071", + "code": "17071", + "duration": 608000, "kind": "alert", - "original": "device=\"SFW\" date=2020-05-20 time=18:03:31 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=- sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.0\" url=/ querystring=\"\" cookie=\"-\" referer=\"-\" method=GET httpstatus=403 reason=\"WAF Anomaly\" extra=\"Inbound Anomaly Score Exceeded (Total Score: 7, SQLi=, XSS=): Last Matched Message: Request Missing a User Agent Header\" contenttype=\"text/html\" useragent=\"-\" host=175.16.199.1 responsetime=608 bytessent=5353 bytesrcv=295 fw_rule_id=3", + "original": "\u003c30\u003edevice=\"SFW\" date=2020-05-20 time=18:03:31 timezone=\"IST\" device_name=\"XG230\" device_id=1234567890123457 log_id=075000617071 log_type=\"WAF\" log_component=\"Web Application Firewall\" priority=Information user_name=\"-\" server=- sourceip=175.16.199.1 localip=175.16.199.1 ws_protocol=\"HTTP/1.0\" url=/ querystring=\"\" cookie=\"-\" referer=\"-\" method=GET httpstatus=403 reason=\"WAF Anomaly\" extra=\"Inbound Anomaly Score Exceeded (Total Score: 7, SQLi=, XSS=): Last Matched Message: Request Missing a User Agent Header\" contenttype=\"text/html\" useragent=\"-\" host=175.16.199.1 responsetime=608 bytessent=5353 bytesrcv=295 fw_rule_id=3", "outcome": "success", + "reason": "WAF Anomaly", "severity": 6, "type": [ "denied", @@ -9697,22 +8100,6 @@ "175.16.199.1" ] }, - "server": { - "bytes": 403, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1" - }, "sophos": { "xg": { "contenttype": "text/html", @@ -9722,11 +8109,9 @@ "fw_rule_id": "3", "host": "175.16.199.1", "log_component": "Web Application Firewall", + "log_id": "075000617071", "log_type": "WAF", - "message_id": "17071", "priority": "Information", - "reason": "WAF Anomaly", - "responsetime": 608, "sqli": ",", "xss": "): Last Matched Message: Request Missing a User Agent Header" } @@ -9760,9 +8145,9 @@ "version": "8.0.0" }, "event": { - "code": "106025618011", + "code": "18011", "kind": "event", - "original": "device=\"SFW\" date=2017-02-01 time=14:17:35 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_ssid=2", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-02-01 time=14:17:35 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=2", "outcome": "success", "severity": 6 }, @@ -9786,13 +8171,13 @@ "sophos": { "xg": { "ap": "A40024A636F7862", - "clients_conn_ssid": "2", + "clients_conn_ssid": 2, "device": "SFW", "device_name": "SG115", "log_component": "Wireless Protection", + "log_id": "106025618011", "log_subtype": "Information", "log_type": "Wireless Protection", - "message_id": "18011", "priority": "Information", "ssid": "SPIDIGO2015" } @@ -9807,9 +8192,9 @@ "version": "8.0.0" }, "event": { - "code": "106025618011", + "code": "18011", "kind": "event", - "original": "device=\"SFW\" date=2017-02-01 time=14:19:47 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_ssid=3", + "original": "\u003c30\u003edevice=\"SFW\" date=2017-02-01 time=14:19:47 timezone=\"IST\" device_name=\"SG115\" device_id=S110016E28BA631 log_id=106025618011 log_type=\"Wireless Protection\" log_component=\"Wireless Protection\" log_subtype=\"Information\" priority=Information ap=A40024A636F7862 ssid=SPIDIGO2015 clients_conn_SSID=3", "outcome": "success", "severity": 6 }, @@ -9833,13 +8218,13 @@ "sophos": { "xg": { "ap": "A40024A636F7862", - "clients_conn_ssid": "3", + "clients_conn_ssid": 3, "device": "SFW", "device_name": "SG115", "log_component": "Wireless Protection", + "log_id": "106025618011", "log_subtype": "Information", "log_type": "Wireless Protection", - "message_id": "18011", "priority": "Information", "ssid": "SPIDIGO2015" } @@ -9850,35 +8235,6 @@ }, { "@timestamp": "2021-02-11T13:12:45.000Z", - "client": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 0, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "11:22:33:44:55:66", - "nat": { - "ip": "216.160.83.57", - "port": 0 - }, - "packets": 0, - "port": 33370 - }, "destination": { "as": { "number": 209 @@ -9897,7 +8253,7 @@ "region_name": "Jilin Sheng" }, "ip": "175.16.199.1", - "mac": "66:55:44:33:22:11", + "mac": "66-55-44-33-22-11", "nat": { "ip": "216.160.83.61", "port": 0 @@ -9913,11 +8269,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 0, "end": "2021-02-11T13:12:45.000Z", "kind": "event", - "original": "device=\"SFW\" date=2021-02-11 time=13:12:45 timezone=\"CET\" device_name=\"XG210\" device_id=dem-dev log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=9 nat_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"\" ether_type=Unknown (0x0000) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port2.109\" in_display_interface=\"CD21-IPs_WAN\" out_interface=\"Port5.200\" out_display_interface=\"Port5\" src_mac=11:22:33:44:55:66 dst_mac=66:55:44:33:22:11 src_ip=89.160.20.156 src_country_code=ESP dst_ip=175.16.199.1 dst_country_code=GB protocol=\"TCP\" src_port=33370 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=216.160.83.57 tran_src_port=0 tran_dst_ip=216.160.83.61 tran_dst_port=0 srczonetype=\"WAN\" srczone=\"WAN\" dstzonetype=\"DMZ\" dstzone=\"Zone 9\" dir_disp=\"\" connevent=\"Start\" connid=\"3933925696\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", + "original": "\u003c01\u003eFeb 11 13:12:45 _gateway device=\"SFW\" date=2021-02-11 time=13:12:45 timezone=\"CET\" device_name=\"XG210\" device_id=dem-dev log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=9 nat_rule_id=16 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"\" ether_type=Unknown (0x0000) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port2.109\" in_display_interface=\"CD21-IPs_WAN\" out_interface=\"Port5.200\" out_display_interface=\"Port5\" src_mac=11:22:33:44:55:66 dst_mac=66:55:44:33:22:11 src_ip=89.160.20.156 src_country_code=ESP dst_ip=175.16.199.1 dst_country_code=GB protocol=\"TCP\" src_port=33370 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=216.160.83.57 tran_src_port=0 tran_dst_ip=216.160.83.61 tran_dst_port=0 srczonetype=\"WAN\" srczone=\"WAN\" dstzonetype=\"DMZ\" dstzone=\"Zone 9\" dir_disp=\"\" connevent=\"Start\" connid=\"3933925696\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\" app_is_cloud=0", "outcome": "success", "severity": 6, "start": "2021-02-11T13:12:45.000Z", @@ -9935,6 +8291,7 @@ }, "network": { "bytes": 0, + "community_id": "1:fLmYp8cKuLtcwaCufNN0d0wZDLY=", "packets": 0, "transport": "tcp" }, @@ -9971,32 +8328,6 @@ "id": "9", "ruleset": "1" }, - "server": { - "as": { - "number": 209 - }, - "bytes": 0, - "geo": { - "city_name": "Changchun", - "continent_name": "Asia", - "country_iso_code": "CN", - "country_name": "China", - "location": { - "lat": 43.88, - "lon": 125.3228 - }, - "region_iso_code": "CN-22", - "region_name": "Jilin Sheng" - }, - "ip": "175.16.199.1", - "mac": "66:55:44:33:22:11", - "nat": { - "ip": "216.160.83.61", - "port": 0 - }, - "packets": 0, - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -10014,9 +8345,9 @@ "iap": "0", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_country_code": "ESP", "src_zone_type": "WAN", @@ -10044,7 +8375,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "11:22:33:44:55:66", + "mac": "11-22-33-44-55-66", "nat": { "ip": "216.160.83.57", "port": 0 @@ -10058,21 +8389,10 @@ }, { "@timestamp": "2020-06-05T03:45:23.000Z", - "client": { - "bytes": 0, - "ip": "10.146.13.30", - "mac": "00:50:56:99:51:94", - "nat": { - "ip": "10.8.13.110", - "port": 0 - }, - "packets": 0, - "port": 45294 - }, "destination": { "bytes": 0, "ip": "10.8.142.181", - "mac": "00:50:56:99:3D:AC", + "mac": "00-50-56-99-3D-AC", "nat": { "port": 0 }, @@ -10087,11 +8407,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 0, "end": "2020-06-05T03:45:23.000Z", "kind": "event", - "original": "device=\"SFW\" date=2020-06-05 time=03:45:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-ta-vm-55 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=5 nat_rule_id=2 policy_type=1 user_name=\"\" user_gp=\"\" iap=13 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"\" ether_type=Unknown (0x0000) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port2\" in_display_interface=\"Port2\" out_interface=\"Port1\" out_display_interface=\"Port1\" src_mac=00:50:56:99:51:94 dst_mac=00:50:56:99:3D:AC src_ip=10.146.13.30 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=45294 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=10.8.13.110 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Start\" connid=\"2674291981\" vconnid=\"\" hb_health=\"No Heartbeat\"message=\"\" appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1", + "original": "\u003c01\u003edevice=\"SFW\" date=2020-06-05 time=03:45:23 timezone=\"CEST\" device_name=\"SF01V\" device_id=SFDemo-ta-vm-55 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=5 nat_rule_id=2 policy_type=1 user_name=\"\" user_gp=\"\" iap=13 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"\" ether_type=Unknown (0x0000) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port2\" in_display_interface=\"Port2\" out_interface=\"Port1\" out_display_interface=\"Port1\" src_mac=00:50:56:99:51:94 dst_mac=00:50:56:99:3D:AC src_ip=10.146.13.30 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol=\"TCP\" src_port=45294 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=10.8.13.110 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"WAN\" dstzone=\"WAN\" dir_disp=\"\" connevent=\"Start\" connid=\"2674291981\" vconnid=\"\" hb_health=\"No Heartbeat\"message=\"\" appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1", "outcome": "success", "severity": 6, "start": "2020-06-05T03:45:23.000Z", @@ -10109,6 +8429,7 @@ }, "network": { "bytes": 0, + "community_id": "1:2Z/T6XpjT4zBcdXNDaLCpNp/2uo=", "direction": "outbound", "packets": 0, "transport": "tcp" @@ -10145,16 +8466,6 @@ "id": "5", "ruleset": "1" }, - "server": { - "bytes": 0, - "ip": "10.8.142.181", - "mac": "00:50:56:99:3D:AC", - "nat": { - "port": 0 - }, - "packets": 0, - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "0", @@ -10171,9 +8482,9 @@ "iap": "13", "ips_policy_id": "0", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", - "message_id": "00001", "priority": "Information", "src_zone_type": "LAN", "status": "Allow" @@ -10182,7 +8493,7 @@ "source": { "bytes": 0, "ip": "10.146.13.30", - "mac": "00:50:56:99:51:94", + "mac": "00-50-56-99-51-94", "nat": { "ip": "10.8.13.110", "port": 0 diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json index 21cb12e5a51..3c7bf225121 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-cfilter-new.log-expected.json @@ -2,10 +2,6 @@ "expected": [ { "@timestamp": "2021-11-16T00:28:48.000Z", - "client": { - "ip": "192.168.2.32", - "port": 44740 - }, "destination": { "ip": "192.168.1.15", "port": 22083 @@ -19,9 +15,9 @@ "malware", "network" ], - "code": "054402617051", + "code": "17051", "kind": "alert", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:28:48-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" app_filter_policy_id=6 app_name=\"Torrent Clients P2P\" app_risk=5 app_technology=\"P2P\" app_category=\"P2P\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"UDP\" src_port=44740 dst_port=22083 app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "original": "Nov 16 00:28:48 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:28:48-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" app_filter_policy_id=6 app_name=\"Torrent Clients P2P\" app_risk=5 app_technology=\"P2P\" app_category=\"P2P\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"UDP\" src_port=44740 dst_port=22083 app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", "outcome": "success", "severity": 6, "type": [ @@ -37,6 +33,7 @@ "level": "Information" }, "network": { + "community_id": "1:kdzp9Tsl6hwRu0vniAYiYJbMFVM=", "transport": "udp" }, "observer": { @@ -55,10 +52,6 @@ "192.168.1.15" ] }, - "server": { - "ip": "192.168.1.15", - "port": 22083 - }, "sophos": { "xg": { "app_category": "P2P", @@ -72,10 +65,10 @@ "device_name": "SFW", "fw_rule_id": "12", "log_component": "Application", + "log_id": "054402617051", "log_subtype": "Denied", "log_type": "Content Filtering", "log_version": "1", - "message_id": "17051", "qualifier": "New" } }, @@ -89,11 +82,6 @@ }, { "@timestamp": "2021-11-16T00:28:51.000Z", - "client": { - "bytes": 19591, - "ip": "192.168.2.111", - "port": 50931 - }, "destination": { "as": { "number": 29518, @@ -125,9 +113,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:28:51-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50931 dst_port=443 bytes_sent=19591 bytes_received=2856085 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173026752 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:28:51 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:28:51-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50931 dst_port=443 bytes_sent=19591 bytes_received=2856085 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173026752 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -142,6 +130,9 @@ "level": "Information" }, "network": { + "bytes": 2875676, + "community_id": "1:Csn8PpYg1ZmzntVBK+msiz/odY0=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -159,36 +150,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2856085, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -200,10 +169,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -227,11 +196,6 @@ }, { "@timestamp": "2021-11-16T00:28:57.000Z", - "client": { - "bytes": 12138, - "ip": "192.168.2.111", - "port": 50932 - }, "destination": { "as": { "number": 29518, @@ -263,9 +227,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:28:57-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50932 dst_port=443 bytes_sent=12138 bytes_received=1708430 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2694936768 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:28:57 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:28:57-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50932 dst_port=443 bytes_sent=12138 bytes_received=1708430 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2694936768 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -280,6 +244,9 @@ "level": "Information" }, "network": { + "bytes": 1720568, + "community_id": "1:SaRGAGzTVUTVBIyokttfH+yRSwI=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -297,36 +264,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 1708430, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -338,10 +283,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -365,11 +310,6 @@ }, { "@timestamp": "2021-11-16T00:29:03.000Z", - "client": { - "bytes": 15419, - "ip": "192.168.2.111", - "port": 50933 - }, "destination": { "as": { "number": 29518, @@ -401,9 +341,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50933 dst_port=443 bytes_sent=15419 bytes_received=2608205 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2564230592 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50933 dst_port=443 bytes_sent=15419 bytes_received=2608205 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2564230592 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -418,6 +358,9 @@ "level": "Information" }, "network": { + "bytes": 2623624, + "community_id": "1:r8wYU05a+4c2n2poaAKA259mN6Y=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -435,36 +378,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2608205, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -476,10 +397,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -503,11 +424,6 @@ }, { "@timestamp": "2021-11-16T00:29:06.000Z", - "client": { - "bytes": 77, - "ip": "192.168.2.112", - "port": 54640 - }, "destination": { "as": { "number": 29518, @@ -539,9 +455,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=54640 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=2617088192 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", + "original": "Nov 16 00:29:06 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=54640 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=2617088192 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", "outcome": "success", "severity": 6, "type": [ @@ -561,6 +477,9 @@ "level": "Information" }, "network": { + "bytes": 326, + "community_id": "1:NFfaZD5IoXwz7eyppT22qmM82dY=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -578,36 +497,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "info.cspserver.net" ], "ip": [ "192.168.2.112", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 249, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -620,10 +517,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -647,11 +544,6 @@ }, { "@timestamp": "2021-11-16T00:29:07.000Z", - "client": { - "bytes": 2128, - "ip": "192.168.2.110", - "port": 53392 - }, "destination": { "as": { "number": 29518, @@ -683,9 +575,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:07-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://array611.prod.do.dsp.mp.microsoft.com\" src_ip=\"192.168.2.110\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53392 dst_port=443 bytes_sent=2128 bytes_received=3511 domain=\"array611.prod.do.dsp.mp.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2916030976 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"IRL\"", + "original": "Nov 16 00:29:07 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:07-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://array611.prod.do.dsp.mp.microsoft.com\" src_ip=\"192.168.2.110\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53392 dst_port=443 bytes_sent=2128 bytes_received=3511 domain=\"array611.prod.do.dsp.mp.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2916030976 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"IRL\"", "outcome": "success", "severity": 6, "type": [ @@ -700,6 +592,9 @@ "level": "Information" }, "network": { + "bytes": 5639, + "community_id": "1:Em3NreZhueZHrTeyBji2blGwOz8=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -717,36 +612,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "array611.prod.do.dsp.mp.microsoft.com" ], "ip": [ "192.168.2.110", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 3511, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -759,10 +632,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -786,11 +659,6 @@ }, { "@timestamp": "2021-11-16T00:29:11.000Z", - "client": { - "bytes": 16674, - "ip": "192.168.2.111", - "port": 50934 - }, "destination": { "as": { "number": 29518, @@ -822,9 +690,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50934 dst_port=443 bytes_sent=16674 bytes_received=2569044 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2564227072 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:11 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50934 dst_port=443 bytes_sent=16674 bytes_received=2569044 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2564227072 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -839,6 +707,9 @@ "level": "Information" }, "network": { + "bytes": 2585718, + "community_id": "1:DfAz+UzPu5vz4RAwuBfPTAoAVls=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -856,36 +727,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2569044, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -897,10 +746,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -924,11 +773,6 @@ }, { "@timestamp": "2021-11-16T00:29:16.000Z", - "client": { - "bytes": 260, - "ip": "192.168.2.131", - "port": 40230 - }, "destination": { "as": { "number": 29518, @@ -960,9 +804,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:16-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156:8089/mind/mind42?type=myWanIpAddressGet\u0026bodyId=tsn%3A846001190AE52F2\" content_type=\"application/json\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=40230 dst_port=8089 bytes_sent=260 bytes_received=307 domain=\"89.160.20.156\" http_user_agent=\"TvHttpClient\" http_status=\"200\" con_id=3159010752 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:16 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:16-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156:8089/mind/mind42?type=myWanIpAddressGet\u0026bodyId=tsn%3A846001190AE52F2\" content_type=\"application/json\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=40230 dst_port=8089 bytes_sent=260 bytes_received=307 domain=\"89.160.20.156\" http_user_agent=\"TvHttpClient\" http_status=\"200\" con_id=3159010752 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -982,6 +826,9 @@ "level": "Information" }, "network": { + "bytes": 567, + "community_id": "1:Hal1gzFwp7aokU2Q+9oFs90SEGg=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -999,36 +846,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "89.160.20.156" ], "ip": [ "192.168.2.131", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 307, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 8089 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1041,10 +866,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -1070,11 +895,6 @@ }, { "@timestamp": "2021-11-16T00:29:20.000Z", - "client": { - "bytes": 13804, - "ip": "192.168.2.162", - "port": 53421 - }, "destination": { "as": { "number": 29518, @@ -1106,9 +926,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:20-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Chat\" http_category_type=\"Unproductive\" url=\"https://mtalk.google.com\" src_ip=\"192.168.2.162\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53421 dst_port=443 bytes_sent=13804 bytes_received=33728 domain=\"mtalk.google.com\" http_status=\"0\" con_id=172826048 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:20 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:20-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Chat\" http_category_type=\"Unproductive\" url=\"https://mtalk.google.com\" src_ip=\"192.168.2.162\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53421 dst_port=443 bytes_sent=13804 bytes_received=33728 domain=\"mtalk.google.com\" http_status=\"0\" con_id=172826048 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -1123,6 +943,9 @@ "level": "Information" }, "network": { + "bytes": 47532, + "community_id": "1:o5qH8WRtJT5uGoA1BB1EiDupDNs=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -1140,36 +963,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "mtalk.google.com" ], "ip": [ "192.168.2.162", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 33728, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1181,10 +982,10 @@ "http_category": "Online Chat", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -1208,11 +1009,6 @@ }, { "@timestamp": "2021-11-16T00:29:21.000Z", - "client": { - "bytes": 240, - "ip": "192.168.2.131", - "port": 33541 - }, "destination": { "as": { "number": 29518, @@ -1244,9 +1040,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:21-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156/tivo-service/mercury.cgi\" content_type=\"text/plain\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=33541 dst_port=80 bytes_sent=240 bytes_received=136 domain=\"89.160.20.156\" http_status=\"200\" con_id=175812032 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:21 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:21-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156/tivo-service/mercury.cgi\" content_type=\"text/plain\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=33541 dst_port=80 bytes_sent=240 bytes_received=136 domain=\"89.160.20.156\" http_status=\"200\" con_id=175812032 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -1266,6 +1062,9 @@ "level": "Information" }, "network": { + "bytes": 376, + "community_id": "1:wdOIzLMF/28+ndJhxFRgEGCZmKk=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -1283,36 +1082,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "89.160.20.156" ], "ip": [ "192.168.2.131", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 136, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1325,10 +1102,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -1353,11 +1130,6 @@ }, { "@timestamp": "2021-11-16T00:29:22.000Z", - "client": { - "bytes": 253, - "ip": "192.168.2.131", - "port": 46564 - }, "destination": { "as": { "number": 29518, @@ -1389,9 +1161,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:22-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156/tivo-service/mlog.cgi?gzip\" content_type=\"text/plain\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=46564 dst_port=80 bytes_sent=253 bytes_received=123 domain=\"89.160.20.156\" http_status=\"200\" con_id=175808832 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:22 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:22-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156/tivo-service/mlog.cgi?gzip\" content_type=\"text/plain\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=46564 dst_port=80 bytes_sent=253 bytes_received=123 domain=\"89.160.20.156\" http_status=\"200\" con_id=175808832 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -1411,6 +1183,9 @@ "level": "Information" }, "network": { + "bytes": 376, + "community_id": "1:IMfuJjuuYcw4Pk9oPUtwFwRZx0g=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -1428,36 +1203,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "89.160.20.156" ], "ip": [ "192.168.2.131", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 123, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1470,10 +1223,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -1499,11 +1252,6 @@ }, { "@timestamp": "2021-11-16T00:29:22.000Z", - "client": { - "bytes": 10131, - "ip": "192.168.2.111", - "port": 50935 - }, "destination": { "as": { "number": 29518, @@ -1535,9 +1283,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:22-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50935 dst_port=443 bytes_sent=10131 bytes_received=1834077 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2719000448 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:22 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:22-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50935 dst_port=443 bytes_sent=10131 bytes_received=1834077 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=2719000448 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -1552,6 +1300,9 @@ "level": "Information" }, "network": { + "bytes": 1844208, + "community_id": "1:Ym0Dtp3bBAiwkKiZT1KKaPNn9ok=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -1569,36 +1320,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 1834077, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1610,10 +1339,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -1637,11 +1366,6 @@ }, { "@timestamp": "2021-11-16T00:29:23.000Z", - "client": { - "bytes": 18152, - "ip": "192.168.2.41", - "port": 20492 - }, "destination": { "as": { "number": 29518, @@ -1673,9 +1397,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:23-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://alive.github.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=20492 dst_port=443 bytes_sent=18152 bytes_received=11890 domain=\"alive.github.com\" http_status=\"0\" con_id=2721561088 app_name=\"GitHub\" app_is_cloud=\"TRUE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\" app_risk=1 app_category=\"Storage and Backup\"", + "original": "Nov 16 00:29:23 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:23-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://alive.github.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=20492 dst_port=443 bytes_sent=18152 bytes_received=11890 domain=\"alive.github.com\" http_status=\"0\" con_id=2721561088 app_name=\"GitHub\" app_is_cloud=\"TRUE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\" app_risk=1 app_category=\"Storage and Backup\"", "outcome": "success", "severity": 6, "type": [ @@ -1690,6 +1414,9 @@ "level": "Information" }, "network": { + "bytes": 30042, + "community_id": "1:ZUzwaMPM3XZrfde1TPFMJBJ9mfU=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -1707,36 +1434,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "alive.github.com" ], "ip": [ "192.168.2.41", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 11890, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_category": "Storage and Backup", @@ -1751,10 +1456,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "1" @@ -1778,11 +1483,6 @@ }, { "@timestamp": "2021-11-16T00:29:26.000Z", - "client": { - "bytes": 1361, - "ip": "192.168.3.36", - "port": 37906 - }, "destination": { "bytes": 3059, "ip": "192.168.2.90", @@ -1796,9 +1496,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:26-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" web_policy_id=4 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"https://192.168.2.90\" src_ip=\"192.168.3.36\" dst_ip=\"192.168.2.90\" protocol=\"TCP\" src_port=37906 dst_port=8089 bytes_sent=1361 bytes_received=3059 domain=\"192.168.2.90\" http_status=\"0\" con_id=175809792 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" src_country=\"R1\" dst_country=\"R1\"", + "original": "Nov 16 00:29:26 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:26-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" web_policy_id=4 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"https://192.168.2.90\" src_ip=\"192.168.3.36\" dst_ip=\"192.168.2.90\" protocol=\"TCP\" src_port=37906 dst_port=8089 bytes_sent=1361 bytes_received=3059 domain=\"192.168.2.90\" http_status=\"0\" con_id=175809792 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" src_country=\"R1\" dst_country=\"R1\"", "outcome": "success", "severity": 6, "type": [ @@ -1813,6 +1513,9 @@ "level": "Information" }, "network": { + "bytes": 4420, + "community_id": "1:b4+4yl7OfeA6320XWxbvay6xZpM=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -1830,18 +1533,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "192.168.2.90" ], "ip": [ "192.168.3.36", "192.168.2.90" ] }, - "server": { - "bytes": 3059, - "ip": "192.168.2.90", - "port": 8089 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1853,10 +1552,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "DMZ", "used_quota": "0", "web_policy_id": "4" @@ -1880,11 +1579,6 @@ }, { "@timestamp": "2021-11-16T00:29:28.000Z", - "client": { - "bytes": 1752, - "ip": "192.168.2.41", - "port": 22569 - }, "destination": { "as": { "number": 29518, @@ -1916,9 +1610,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://tpcf.feedify.net\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22569 dst_port=443 bytes_sent=1752 bytes_received=1556 domain=\"tpcf.feedify.net\" http_status=\"0\" con_id=2685143552 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:28 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://tpcf.feedify.net\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22569 dst_port=443 bytes_sent=1752 bytes_received=1556 domain=\"tpcf.feedify.net\" http_status=\"0\" con_id=2685143552 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -1933,6 +1627,9 @@ "level": "Information" }, "network": { + "bytes": 3308, + "community_id": "1:ifHEt+ajoYqJwU0rCxIJhwMTh8g=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -1950,36 +1647,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "tpcf.feedify.net" ], "ip": [ "192.168.2.41", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 1556, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -1991,10 +1666,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "1" @@ -2018,11 +1693,6 @@ }, { "@timestamp": "2021-11-16T00:29:28.000Z", - "client": { - "bytes": 12938, - "ip": "192.168.2.111", - "port": 50936 - }, "destination": { "as": { "number": 29518, @@ -2054,9 +1724,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50936 dst_port=443 bytes_sent=12938 bytes_received=2516804 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173140160 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:28 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50936 dst_port=443 bytes_sent=12938 bytes_received=2516804 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173140160 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -2071,6 +1741,9 @@ "level": "Information" }, "network": { + "bytes": 2529742, + "community_id": "1:tC5hSTsnnzxqPFTnZztZbr+/oEg=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -2088,36 +1761,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2516804, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2129,10 +1780,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2156,11 +1807,6 @@ }, { "@timestamp": "2021-11-16T00:29:32.000Z", - "client": { - "bytes": 8057, - "ip": "192.168.2.109", - "port": 49505 - }, "destination": { "as": { "number": 29518, @@ -2192,9 +1838,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:32-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"https://logsink.devices.nest.com\" src_ip=\"192.168.2.109\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49505 dst_port=443 bytes_sent=8057 bytes_received=1259 domain=\"logsink.devices.nest.com\" http_status=\"0\" con_id=3159009472 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:32 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:32-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"https://logsink.devices.nest.com\" src_ip=\"192.168.2.109\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49505 dst_port=443 bytes_sent=8057 bytes_received=1259 domain=\"logsink.devices.nest.com\" http_status=\"0\" con_id=3159009472 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -2209,6 +1855,9 @@ "level": "Information" }, "network": { + "bytes": 9316, + "community_id": "1:TZxGmibZT/JSgzth4BPsQZ/LAIs=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -2226,36 +1875,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "logsink.devices.nest.com" ], "ip": [ "192.168.2.109", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 1259, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2267,10 +1894,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2294,10 +1921,6 @@ }, { "@timestamp": "2021-11-16T00:29:33.000Z", - "client": { - "ip": "192.168.2.32", - "port": 44740 - }, "destination": { "as": { "number": 29518, @@ -2329,9 +1952,9 @@ "malware", "network" ], - "code": "054402617051", + "code": "17051", "kind": "alert", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:33-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" app_filter_policy_id=6 app_name=\"Torrent Clients P2P\" app_risk=5 app_technology=\"P2P\" app_category=\"P2P\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=44740 dst_port=4000 app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "original": "Nov 16 00:29:33 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:33-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=054402617051 log_type=\"Content Filtering\" log_component=\"Application\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" app_filter_policy_id=6 app_name=\"Torrent Clients P2P\" app_risk=5 app_technology=\"P2P\" app_category=\"P2P\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=44740 dst_port=4000 app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", "outcome": "success", "severity": 6, "type": [ @@ -2347,6 +1970,7 @@ "level": "Information" }, "network": { + "community_id": "1:3wmNcX69U8cF3UDQABQrl1EGreY=", "transport": "udp" }, "observer": { @@ -2365,28 +1989,6 @@ "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 4000 - }, "sophos": { "xg": { "app_category": "P2P", @@ -2400,10 +2002,10 @@ "device_name": "SFW", "fw_rule_id": "12", "log_component": "Application", + "log_id": "054402617051", "log_subtype": "Denied", "log_type": "Content Filtering", "log_version": "1", - "message_id": "17051", "qualifier": "New" } }, @@ -2417,11 +2019,6 @@ }, { "@timestamp": "2021-11-16T00:29:36.000Z", - "client": { - "bytes": 77, - "ip": "192.168.2.112", - "port": 39118 - }, "destination": { "as": { "number": 29518, @@ -2453,9 +2050,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=39118 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=3729897664 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", + "original": "Nov 16 00:29:36 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=39118 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=3729897664 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", "outcome": "success", "severity": 6, "type": [ @@ -2475,6 +2072,9 @@ "level": "Information" }, "network": { + "bytes": 326, + "community_id": "1:nvxXlOv92Mclh81dZCy/k8fkekM=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -2492,36 +2092,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "info.cspserver.net" ], "ip": [ "192.168.2.112", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 249, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2534,10 +2112,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2561,11 +2139,6 @@ }, { "@timestamp": "2021-11-16T00:29:39.000Z", - "client": { - "bytes": 1157, - "ip": "192.168.2.102", - "port": 49030 - }, "destination": { "as": { "number": 29518, @@ -2597,9 +2170,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:39-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://api.smartthings.com\" src_ip=\"192.168.2.102\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49030 dst_port=443 bytes_sent=1157 bytes_received=4092 domain=\"api.smartthings.com\" http_status=\"0\" con_id=3729897984 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:39 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:39-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://api.smartthings.com\" src_ip=\"192.168.2.102\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49030 dst_port=443 bytes_sent=1157 bytes_received=4092 domain=\"api.smartthings.com\" http_status=\"0\" con_id=3729897984 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -2614,6 +2187,9 @@ "level": "Information" }, "network": { + "bytes": 5249, + "community_id": "1:bO6b1A3RXqnj2zV2VX1bqxAcsts=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -2631,36 +2207,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "api.smartthings.com" ], "ip": [ "192.168.2.102", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 4092, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2672,10 +2226,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2699,11 +2253,6 @@ }, { "@timestamp": "2021-11-16T00:29:40.000Z", - "client": { - "bytes": 474, - "ip": "192.168.2.105", - "port": 52457 - }, "destination": { "as": { "number": 29518, @@ -2735,9 +2284,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"http://connectivitycheck.gstatic.com/generate_204\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=52457 dst_port=80 bytes_sent=474 bytes_received=83 domain=\"connectivitycheck.gstatic.com\" http_user_agent=\"Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.81 Safari/537.36 CrKey/1.42.172094\" http_status=\"204\" con_id=407760320 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:40 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"http://connectivitycheck.gstatic.com/generate_204\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=52457 dst_port=80 bytes_sent=474 bytes_received=83 domain=\"connectivitycheck.gstatic.com\" http_user_agent=\"Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.81 Safari/537.36 CrKey/1.42.172094\" http_status=\"204\" con_id=407760320 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -2757,6 +2306,9 @@ "level": "Information" }, "network": { + "bytes": 557, + "community_id": "1:oCU3Sbp5u2nmx7vYo7nl7F2Tmxs=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -2774,36 +2326,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "connectivitycheck.gstatic.com" ], "ip": [ "192.168.2.105", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 83, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2815,10 +2345,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2842,11 +2372,6 @@ }, { "@timestamp": "2021-11-16T00:29:40.000Z", - "client": { - "bytes": 310, - "ip": "192.168.2.123", - "port": 35596 - }, "destination": { "as": { "number": 29518, @@ -2878,9 +2403,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"http://connectivitycheck.gstatic.com/generate_204\" src_ip=\"192.168.2.123\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=35596 dst_port=80 bytes_sent=310 bytes_received=83 domain=\"connectivitycheck.gstatic.com\" http_user_agent=\"Mozilla/5.0 (Linux; Android 10.0; Build/QTS1.210311.008) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.225 Safari/537.36 CrKey/1.56.500000\" http_status=\"204\" con_id=3019156928 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:40 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"http://connectivitycheck.gstatic.com/generate_204\" src_ip=\"192.168.2.123\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=35596 dst_port=80 bytes_sent=310 bytes_received=83 domain=\"connectivitycheck.gstatic.com\" http_user_agent=\"Mozilla/5.0 (Linux; Android 10.0; Build/QTS1.210311.008) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.225 Safari/537.36 CrKey/1.56.500000\" http_status=\"204\" con_id=3019156928 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -2900,6 +2425,9 @@ "level": "Information" }, "network": { + "bytes": 393, + "community_id": "1:7i5wjJVQDAYCaAxdNaVm9UWuJok=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -2917,36 +2445,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "connectivitycheck.gstatic.com" ], "ip": [ "192.168.2.123", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 83, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -2958,10 +2464,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -2985,11 +2491,6 @@ }, { "@timestamp": "2021-11-16T00:29:40.000Z", - "client": { - "bytes": 2182, - "ip": "192.168.2.41", - "port": 22465 - }, "destination": { "as": { "number": 29518, @@ -3021,9 +2522,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Business Networking\" http_category_type=\"Acceptable\" url=\"https://realtime.www.linkedin.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22465 dst_port=443 bytes_sent=2182 bytes_received=6231 domain=\"realtime.www.linkedin.com\" http_status=\"0\" con_id=172822528 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:40 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:40-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Business Networking\" http_category_type=\"Acceptable\" url=\"https://realtime.www.linkedin.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22465 dst_port=443 bytes_sent=2182 bytes_received=6231 domain=\"realtime.www.linkedin.com\" http_status=\"0\" con_id=172822528 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -3038,6 +2539,9 @@ "level": "Information" }, "network": { + "bytes": 8413, + "community_id": "1:njcJcH1c8px88X8KTvOM3xA44Yc=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3055,36 +2559,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "realtime.www.linkedin.com" ], "ip": [ "192.168.2.41", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 6231, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3096,10 +2578,10 @@ "http_category": "Business Networking", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "1" @@ -3123,11 +2605,6 @@ }, { "@timestamp": "2021-11-16T00:29:42.000Z", - "client": { - "bytes": 91, - "ip": "192.168.3.36", - "port": 56126 - }, "destination": { "as": { "number": 29518, @@ -3159,9 +2636,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:42-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"8\" web_policy_id=4 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"http://checkip.dyndns.org/\" content_type=\"text/html\" src_ip=\"192.168.3.36\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=56126 dst_port=80 bytes_sent=91 bytes_received=270 domain=\"checkip.dyndns.org\" http_user_agent=\"ddclient/3.9.1\" http_status=\"200\" con_id=154693632 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"BRA\"", + "original": "Nov 16 00:29:42 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:42-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"8\" web_policy_id=4 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"http://checkip.dyndns.org/\" content_type=\"text/html\" src_ip=\"192.168.3.36\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=56126 dst_port=80 bytes_sent=91 bytes_received=270 domain=\"checkip.dyndns.org\" http_user_agent=\"ddclient/3.9.1\" http_status=\"200\" con_id=154693632 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"BRA\"", "outcome": "success", "severity": 6, "type": [ @@ -3181,6 +2658,9 @@ "level": "Information" }, "network": { + "bytes": 361, + "community_id": "1:G6+JjmOD5juGo3cckqBxcyawF3U=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -3198,36 +2678,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "checkip.dyndns.org" ], "ip": [ "192.168.3.36", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 270, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3240,10 +2698,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "DMZ", "used_quota": "0", "web_policy_id": "4" @@ -3267,11 +2725,6 @@ }, { "@timestamp": "2021-11-16T00:29:43.000Z", - "client": { - "bytes": 17223, - "ip": "192.168.2.111", - "port": 50937 - }, "destination": { "as": { "number": 29518, @@ -3303,9 +2756,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:43-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50937 dst_port=443 bytes_sent=17223 bytes_received=2569893 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=407384704 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:43 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:43-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50937 dst_port=443 bytes_sent=17223 bytes_received=2569893 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=407384704 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -3320,6 +2773,9 @@ "level": "Information" }, "network": { + "bytes": 2587116, + "community_id": "1:ouwjBAQoT5GbKVqXBJzLuynAOBo=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3337,36 +2793,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2569893, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3378,10 +2812,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -3405,11 +2839,6 @@ }, { "@timestamp": "2021-11-16T00:29:43.000Z", - "client": { - "bytes": 3319, - "ip": "192.168.2.106", - "port": 63937 - }, "destination": { "as": { "number": 29518, @@ -3441,9 +2870,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:43-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Shopping\" http_category_type=\"Unproductive\" url=\"https://device-metrics-us-2.amazon.com\" src_ip=\"192.168.2.106\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=63937 dst_port=443 bytes_sent=3319 bytes_received=5643 domain=\"device-metrics-us-2.amazon.com\" http_status=\"0\" con_id=3019356672 app_name=\"Amazon Shopping\" app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\" app_risk=2 app_category=\"General Internet\"", + "original": "Nov 16 00:29:43 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:43-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Shopping\" http_category_type=\"Unproductive\" url=\"https://device-metrics-us-2.amazon.com\" src_ip=\"192.168.2.106\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=63937 dst_port=443 bytes_sent=3319 bytes_received=5643 domain=\"device-metrics-us-2.amazon.com\" http_status=\"0\" con_id=3019356672 app_name=\"Amazon Shopping\" app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\" app_risk=2 app_category=\"General Internet\"", "outcome": "success", "severity": 6, "type": [ @@ -3458,6 +2887,9 @@ "level": "Information" }, "network": { + "bytes": 8962, + "community_id": "1:Oij/CG07YgFeCicPMgmgSjK/C5k=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3475,36 +2907,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "device-metrics-us-2.amazon.com" ], "ip": [ "192.168.2.106", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 5643, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_category": "General Internet", @@ -3519,10 +2929,10 @@ "http_category": "Online Shopping", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -3546,11 +2956,6 @@ }, { "@timestamp": "2021-11-16T00:29:44.000Z", - "client": { - "bytes": 2144, - "ip": "192.168.2.32", - "port": 59357 - }, "destination": { "as": { "number": 29518, @@ -3582,9 +2987,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:44-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://settings-win.data.microsoft.com\" src_ip=\"192.168.2.32\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=59357 dst_port=443 bytes_sent=2144 bytes_received=4386 domain=\"settings-win.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=3159007232 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:44 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:44-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://settings-win.data.microsoft.com\" src_ip=\"192.168.2.32\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=59357 dst_port=443 bytes_sent=2144 bytes_received=4386 domain=\"settings-win.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=3159007232 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -3599,6 +3004,9 @@ "level": "Information" }, "network": { + "bytes": 6530, + "community_id": "1:OmT3TnrmUQhfTkabdSWeuBAAwrs=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3616,36 +3024,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "settings-win.data.microsoft.com" ], "ip": [ "192.168.2.32", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 4386, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3658,10 +3044,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -3685,11 +3071,6 @@ }, { "@timestamp": "2021-11-16T00:29:47.000Z", - "client": { - "bytes": 1839, - "ip": "192.168.2.156", - "port": 62996 - }, "destination": { "as": { "number": 29518, @@ -3721,9 +3102,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:47-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://clientservices.googleapis.com\" src_ip=\"192.168.2.156\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=62996 dst_port=443 bytes_sent=1839 bytes_received=2046 domain=\"clientservices.googleapis.com\" http_status=\"0\" con_id=2432150656 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:47 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:47-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://clientservices.googleapis.com\" src_ip=\"192.168.2.156\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=62996 dst_port=443 bytes_sent=1839 bytes_received=2046 domain=\"clientservices.googleapis.com\" http_status=\"0\" con_id=2432150656 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -3738,6 +3119,9 @@ "level": "Information" }, "network": { + "bytes": 3885, + "community_id": "1:jg/7mplGAu9Q4EVpwH0DkGcByjI=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3755,36 +3139,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "clientservices.googleapis.com" ], "ip": [ "192.168.2.156", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2046, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3796,10 +3158,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -3823,11 +3185,6 @@ }, { "@timestamp": "2021-11-16T00:29:47.000Z", - "client": { - "bytes": 542, - "ip": "192.168.3.36", - "port": 37912 - }, "destination": { "bytes": 2376, "ip": "192.168.2.90", @@ -3841,9 +3198,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:47-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" web_policy_id=4 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"https://192.168.2.90\" src_ip=\"192.168.3.36\" dst_ip=\"192.168.2.90\" protocol=\"TCP\" src_port=37912 dst_port=8089 bytes_sent=542 bytes_received=2376 domain=\"192.168.2.90\" http_status=\"0\" con_id=2721559808 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" src_country=\"R1\" dst_country=\"R1\"", + "original": "Nov 16 00:29:47 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:47-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" web_policy_id=4 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"https://192.168.2.90\" src_ip=\"192.168.3.36\" dst_ip=\"192.168.2.90\" protocol=\"TCP\" src_port=37912 dst_port=8089 bytes_sent=542 bytes_received=2376 domain=\"192.168.2.90\" http_status=\"0\" con_id=2721559808 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" src_country=\"R1\" dst_country=\"R1\"", "outcome": "success", "severity": 6, "type": [ @@ -3858,6 +3215,9 @@ "level": "Information" }, "network": { + "bytes": 2918, + "community_id": "1:0WYJly6XHDqS0yWPCrzcHe1jBqM=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3875,18 +3235,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "192.168.2.90" ], "ip": [ "192.168.3.36", "192.168.2.90" ] }, - "server": { - "bytes": 2376, - "ip": "192.168.2.90", - "port": 8089 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -3898,10 +3254,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "DMZ", "used_quota": "0", "web_policy_id": "4" @@ -3925,11 +3281,6 @@ }, { "@timestamp": "2021-11-16T00:29:56.000Z", - "client": { - "bytes": 2680, - "ip": "192.168.2.143", - "port": 49274 - }, "destination": { "as": { "number": 29518, @@ -3961,9 +3312,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:56-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Entertainment\" http_category_type=\"Unproductive\" url=\"https://api.thetake.com\" src_ip=\"192.168.2.143\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49274 dst_port=443 bytes_sent=2680 bytes_received=6023 domain=\"api.thetake.com\" http_status=\"0\" con_id=2685144512 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\"", + "original": "Nov 16 00:29:56 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:56-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Entertainment\" http_category_type=\"Unproductive\" url=\"https://api.thetake.com\" src_ip=\"192.168.2.143\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49274 dst_port=443 bytes_sent=2680 bytes_received=6023 domain=\"api.thetake.com\" http_status=\"0\" con_id=2685144512 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\"", "outcome": "success", "severity": 6, "type": [ @@ -3978,6 +3329,9 @@ "level": "Information" }, "network": { + "bytes": 8703, + "community_id": "1:nJI8LF1a2jhGY76f/L27k3G3SBQ=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -3995,36 +3349,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "api.thetake.com" ], "ip": [ "192.168.2.143", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 6023, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4036,10 +3368,10 @@ "http_category": "Entertainment", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4063,11 +3395,6 @@ }, { "@timestamp": "2021-11-16T00:29:57.000Z", - "client": { - "bytes": 1719, - "ip": "192.168.2.105", - "port": 35672 - }, "destination": { "as": { "number": 29518, @@ -4099,9 +3426,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:29:57-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://tools.google.com\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=35672 dst_port=443 bytes_sent=1719 bytes_received=8533 domain=\"tools.google.com\" http_status=\"0\" con_id=151870592 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:29:57 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:29:57-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://tools.google.com\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=35672 dst_port=443 bytes_sent=1719 bytes_received=8533 domain=\"tools.google.com\" http_status=\"0\" con_id=151870592 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4116,6 +3443,9 @@ "level": "Information" }, "network": { + "bytes": 10252, + "community_id": "1:uSSPHND/Vp9W7pKl2m1uZU8LmLs=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4133,36 +3463,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "tools.google.com" ], "ip": [ "192.168.2.105", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 8533, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4174,10 +3482,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4201,11 +3509,6 @@ }, { "@timestamp": "2021-11-16T00:30:00.000Z", - "client": { - "bytes": 25597, - "ip": "192.168.2.111", - "port": 50938 - }, "destination": { "as": { "number": 29518, @@ -4237,9 +3540,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:00-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50938 dst_port=443 bytes_sent=25597 bytes_received=4923601 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=3019355392 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:00 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:00-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50938 dst_port=443 bytes_sent=25597 bytes_received=4923601 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=3019355392 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4254,6 +3557,9 @@ "level": "Information" }, "network": { + "bytes": 4949198, + "community_id": "1:tTZ0XxfcF7iKHiWXhEnoSUJZWb0=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4271,36 +3577,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 4923601, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4312,10 +3596,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4339,11 +3623,6 @@ }, { "@timestamp": "2021-11-16T00:30:01.000Z", - "client": { - "bytes": 10198, - "ip": "192.168.2.107", - "port": 53571 - }, "destination": { "as": { "number": 29518, @@ -4375,9 +3654,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://edge.microsoft.com\" src_ip=\"192.168.2.107\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53571 dst_port=443 bytes_sent=10198 bytes_received=7256 domain=\"edge.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2689611008 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://edge.microsoft.com\" src_ip=\"192.168.2.107\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53571 dst_port=443 bytes_sent=10198 bytes_received=7256 domain=\"edge.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2689611008 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4392,6 +3671,9 @@ "level": "Information" }, "network": { + "bytes": 17454, + "community_id": "1:6yNy9ed6l5ELi1bDp+zYjq2ozpI=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4409,36 +3691,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "edge.microsoft.com" ], "ip": [ "192.168.2.107", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 7256, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4451,10 +3711,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4478,11 +3738,6 @@ }, { "@timestamp": "2021-11-16T00:30:02.000Z", - "client": { - "bytes": 4395, - "ip": "192.168.2.139", - "port": 49726 - }, "destination": { "as": { "number": 29518, @@ -4514,9 +3769,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Search Engines\" http_category_type=\"Acceptable\" url=\"https://clients4.google.com\" src_ip=\"192.168.2.139\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49726 dst_port=443 bytes_sent=4395 bytes_received=2128 domain=\"clients4.google.com\" http_status=\"0\" con_id=2432148096 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:02 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Search Engines\" http_category_type=\"Acceptable\" url=\"https://clients4.google.com\" src_ip=\"192.168.2.139\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=49726 dst_port=443 bytes_sent=4395 bytes_received=2128 domain=\"clients4.google.com\" http_status=\"0\" con_id=2432148096 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4531,6 +3786,9 @@ "level": "Information" }, "network": { + "bytes": 6523, + "community_id": "1:wQdiwpAkRmUlkLnveMgS6kVyLNM=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4548,36 +3806,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "clients4.google.com" ], "ip": [ "192.168.2.139", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2128, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4589,10 +3825,10 @@ "http_category": "Search Engines", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4616,11 +3852,6 @@ }, { "@timestamp": "2021-11-16T00:30:03.000Z", - "client": { - "bytes": 1697, - "ip": "192.168.2.107", - "port": 53600 - }, "destination": { "as": { "number": 29518, @@ -4652,9 +3883,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://settings-win.data.microsoft.com\" src_ip=\"192.168.2.107\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53600 dst_port=443 bytes_sent=1697 bytes_received=4408 domain=\"settings-win.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=173138560 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://settings-win.data.microsoft.com\" src_ip=\"192.168.2.107\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53600 dst_port=443 bytes_sent=1697 bytes_received=4408 domain=\"settings-win.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=173138560 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4669,6 +3900,9 @@ "level": "Information" }, "network": { + "bytes": 6105, + "community_id": "1:V5Bs1Im2lTXbCskif/bQcBVYVZ8=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4686,36 +3920,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "settings-win.data.microsoft.com" ], "ip": [ "192.168.2.107", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 4408, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4728,10 +3940,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4755,11 +3967,6 @@ }, { "@timestamp": "2021-11-16T00:30:06.000Z", - "client": { - "bytes": 77, - "ip": "192.168.2.112", - "port": 39119 - }, "destination": { "as": { "number": 29518, @@ -4791,9 +3998,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=39119 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=2841967104 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", + "original": "Nov 16 00:30:06 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=39119 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=2841967104 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", "outcome": "success", "severity": 6, "type": [ @@ -4813,6 +4020,9 @@ "level": "Information" }, "network": { + "bytes": 326, + "community_id": "1:38iVHUKEXPkoRvRdtsbD6EFj5eM=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -4830,36 +4040,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "info.cspserver.net" ], "ip": [ "192.168.2.112", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 249, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -4872,10 +4060,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -4899,11 +4087,6 @@ }, { "@timestamp": "2021-11-16T00:30:11.000Z", - "client": { - "bytes": 1030, - "ip": "192.168.2.110", - "port": 53588 - }, "destination": { "as": { "number": 29518, @@ -4935,9 +4118,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Games\" http_category_type=\"Unproductive\" url=\"https://catalog.gamepass.com\" src_ip=\"192.168.2.110\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53588 dst_port=443 bytes_sent=1030 bytes_received=6770 domain=\"catalog.gamepass.com\" http_status=\"0\" con_id=2685088704 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:11 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Games\" http_category_type=\"Unproductive\" url=\"https://catalog.gamepass.com\" src_ip=\"192.168.2.110\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53588 dst_port=443 bytes_sent=1030 bytes_received=6770 domain=\"catalog.gamepass.com\" http_status=\"0\" con_id=2685088704 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -4952,6 +4135,9 @@ "level": "Information" }, "network": { + "bytes": 7800, + "community_id": "1:tKVVyY9MtZ9/QiLuhEJEIqyQMjE=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -4969,36 +4155,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "catalog.gamepass.com" ], "ip": [ "192.168.2.110", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 6770, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5010,10 +4174,10 @@ "http_category": "Games", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5037,11 +4201,6 @@ }, { "@timestamp": "2021-11-16T00:30:16.000Z", - "client": { - "bytes": 7011, - "ip": "192.168.2.105", - "port": 52580 - }, "destination": { "as": { "number": 29518, @@ -5073,9 +4232,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:16-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Search Engines\" http_category_type=\"Acceptable\" url=\"https://clients4.google.com\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=52580 dst_port=443 bytes_sent=7011 bytes_received=2848 domain=\"clients4.google.com\" http_status=\"0\" con_id=3017219520 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:16 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:16-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Search Engines\" http_category_type=\"Acceptable\" url=\"https://clients4.google.com\" src_ip=\"192.168.2.105\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=52580 dst_port=443 bytes_sent=7011 bytes_received=2848 domain=\"clients4.google.com\" http_status=\"0\" con_id=3017219520 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5090,6 +4249,9 @@ "level": "Information" }, "network": { + "bytes": 9859, + "community_id": "1:hpJMbtagI+XfLBMR60ZOsKVog4I=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5107,36 +4269,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "clients4.google.com" ], "ip": [ "192.168.2.105", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2848, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5148,10 +4288,10 @@ "http_category": "Search Engines", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5175,11 +4315,6 @@ }, { "@timestamp": "2021-11-16T00:30:25.000Z", - "client": { - "bytes": 3093, - "ip": "192.168.2.126", - "port": 53942 - }, "destination": { "as": { "number": 29518, @@ -5211,9 +4346,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://www.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53942 dst_port=443 bytes_sent=3093 bytes_received=63488 domain=\"www.googleapis.com\" http_status=\"0\" con_id=154695872 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:25 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://www.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53942 dst_port=443 bytes_sent=3093 bytes_received=63488 domain=\"www.googleapis.com\" http_status=\"0\" con_id=154695872 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5228,6 +4363,9 @@ "level": "Information" }, "network": { + "bytes": 66581, + "community_id": "1:xyM0JAnAhEOoDTcUtoFskKQlZbY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5245,36 +4383,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "www.googleapis.com" ], "ip": [ "192.168.2.126", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 63488, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5286,10 +4402,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5313,11 +4429,6 @@ }, { "@timestamp": "2021-11-16T00:30:25.000Z", - "client": { - "bytes": 22415, - "ip": "192.168.2.126", - "port": 48938 - }, "destination": { "as": { "number": 29518, @@ -5349,9 +4460,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://play.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=48938 dst_port=443 bytes_sent=22415 bytes_received=7520 domain=\"play.googleapis.com\" http_status=\"0\" con_id=2169324160 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:25 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://play.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=48938 dst_port=443 bytes_sent=22415 bytes_received=7520 domain=\"play.googleapis.com\" http_status=\"0\" con_id=2169324160 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5366,6 +4477,9 @@ "level": "Information" }, "network": { + "bytes": 29935, + "community_id": "1:l06PvpxXevriVsr4Wwq+3YnETGw=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5383,36 +4497,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "play.googleapis.com" ], "ip": [ "192.168.2.126", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 7520, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5424,10 +4516,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5451,11 +4543,6 @@ }, { "@timestamp": "2021-11-16T00:30:25.000Z", - "client": { - "bytes": 9159, - "ip": "192.168.2.126", - "port": 53450 - }, "destination": { "as": { "number": 29518, @@ -5487,9 +4574,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://android.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53450 dst_port=443 bytes_sent=9159 bytes_received=9567 domain=\"android.googleapis.com\" http_status=\"0\" con_id=173141120 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:25 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:25-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://android.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53450 dst_port=443 bytes_sent=9159 bytes_received=9567 domain=\"android.googleapis.com\" http_status=\"0\" con_id=173141120 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5504,6 +4591,9 @@ "level": "Information" }, "network": { + "bytes": 18726, + "community_id": "1:u/bDzWXQgw3RNw0yiOMoLWMIp+s=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5514,42 +4604,20 @@ "ingress": { "zone": "LAN" }, - "product": "XG", - "serial_number": "C01001BQC8TFFFF", - "type": "firewall", - "vendor": "Sophos" - }, - "related": { - "hosts": [ - "defaulttest.local" - ], - "ip": [ - "192.168.2.126", - "89.160.20.156" - ] - }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 9567, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 + "product": "XG", + "serial_number": "C01001BQC8TFFFF", + "type": "firewall", + "vendor": "Sophos" + }, + "related": { + "hosts": [ + "defaulttest.local", + "android.googleapis.com" + ], + "ip": [ + "192.168.2.126", + "89.160.20.156" + ] }, "sophos": { "xg": { @@ -5562,10 +4630,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5589,11 +4657,6 @@ }, { "@timestamp": "2021-11-16T00:30:27.000Z", - "client": { - "bytes": 925, - "ip": "192.168.2.156", - "port": 62998 - }, "destination": { "as": { "number": 29518, @@ -5625,9 +4688,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:27-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Chat\" http_category_type=\"Unproductive\" url=\"https://discord.com\" src_ip=\"192.168.2.156\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=62998 dst_port=443 bytes_sent=925 bytes_received=6253 domain=\"discord.com\" http_status=\"0\" con_id=3732575808 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\"", + "original": "Nov 16 00:30:27 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:27-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Online Chat\" http_category_type=\"Unproductive\" url=\"https://discord.com\" src_ip=\"192.168.2.156\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=62998 dst_port=443 bytes_sent=925 bytes_received=6253 domain=\"discord.com\" http_status=\"0\" con_id=3732575808 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\"", "outcome": "success", "severity": 6, "type": [ @@ -5642,6 +4705,9 @@ "level": "Information" }, "network": { + "bytes": 7178, + "community_id": "1:5KURlVPtYgqsl8ACKLRT0wBRd14=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5659,36 +4725,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "discord.com" ], "ip": [ "192.168.2.156", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 6253, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5700,10 +4744,10 @@ "http_category": "Online Chat", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5727,11 +4771,6 @@ }, { "@timestamp": "2021-11-16T00:30:28.000Z", - "client": { - "bytes": 260, - "ip": "192.168.2.131", - "port": 40233 - }, "destination": { "as": { "number": 29518, @@ -5763,9 +4802,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156:8089/mind/mind42?type=myWanIpAddressGet\u0026bodyId=tsn%3A846001190AE52F2\" content_type=\"application/json\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=40233 dst_port=8089 bytes_sent=260 bytes_received=307 domain=\"89.160.20.156\" http_user_agent=\"TvHttpClient\" http_status=\"200\" con_id=999028608 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:28 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"IPAddress\" http_category_type=\"Acceptable\" url=\"http://89.160.20.156:8089/mind/mind42?type=myWanIpAddressGet\u0026bodyId=tsn%3A846001190AE52F2\" content_type=\"application/json\" src_ip=\"192.168.2.131\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=40233 dst_port=8089 bytes_sent=260 bytes_received=307 domain=\"89.160.20.156\" http_user_agent=\"TvHttpClient\" http_status=\"200\" con_id=999028608 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5785,6 +4824,9 @@ "level": "Information" }, "network": { + "bytes": 567, + "community_id": "1:wQwriCL7OE4F2h+gqrfXTuUknN4=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -5802,36 +4844,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "89.160.20.156" ], "ip": [ "192.168.2.131", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 307, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 8089 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5844,10 +4864,10 @@ "http_category": "IPAddress", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -5873,11 +4893,6 @@ }, { "@timestamp": "2021-11-16T00:30:28.000Z", - "client": { - "bytes": 1004, - "ip": "192.168.2.41", - "port": 22567 - }, "destination": { "as": { "number": 29518, @@ -5909,9 +4924,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"https://backend-ssp.adstudio.cloud\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22567 dst_port=443 bytes_sent=1004 bytes_received=584 domain=\"backend-ssp.adstudio.cloud\" http_status=\"0\" con_id=175214016 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:28 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:28-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"https://backend-ssp.adstudio.cloud\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22567 dst_port=443 bytes_sent=1004 bytes_received=584 domain=\"backend-ssp.adstudio.cloud\" http_status=\"0\" con_id=175214016 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -5926,6 +4941,9 @@ "level": "Information" }, "network": { + "bytes": 1588, + "community_id": "1:CkxvzcytIwajs1RyWu8D+qV5PHY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -5943,36 +4961,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "backend-ssp.adstudio.cloud" ], "ip": [ "192.168.2.41", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 584, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -5984,10 +4980,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "1" @@ -6011,11 +5007,6 @@ }, { "@timestamp": "2021-11-16T00:30:30.000Z", - "client": { - "bytes": 2417, - "ip": "192.168.2.126", - "port": 53458 - }, "destination": { "as": { "number": 29518, @@ -6047,9 +5038,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:30-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://android.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53458 dst_port=443 bytes_sent=2417 bytes_received=2607 domain=\"android.googleapis.com\" http_status=\"0\" con_id=3732577728 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:30 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:30-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://android.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=53458 dst_port=443 bytes_sent=2417 bytes_received=2607 domain=\"android.googleapis.com\" http_status=\"0\" con_id=3732577728 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -6064,6 +5055,9 @@ "level": "Information" }, "network": { + "bytes": 5024, + "community_id": "1:ebMtCKRgvcoXWYZPPXD9yyT2WKY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -6081,36 +5075,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "android.googleapis.com" ], "ip": [ "192.168.2.126", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2607, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6122,10 +5094,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -6149,11 +5121,6 @@ }, { "@timestamp": "2021-11-16T00:30:30.000Z", - "client": { - "bytes": 36759, - "ip": "192.168.2.111", - "port": 50939 - }, "destination": { "as": { "number": 29518, @@ -6185,9 +5152,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:30-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50939 dst_port=443 bytes_sent=36759 bytes_received=5080099 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173138880 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:30 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:30-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Content Delivery\" http_category_type=\"Acceptable\" url=\"https://hls14.asiancdn.net\" src_ip=\"192.168.2.111\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50939 dst_port=443 bytes_sent=36759 bytes_received=5080099 domain=\"hls14.asiancdn.net\" http_status=\"0\" con_id=173138880 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -6202,6 +5169,9 @@ "level": "Information" }, "network": { + "bytes": 5116858, + "community_id": "1:57P2htiQff6QFSiKHEkd7U/xk88=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -6219,36 +5189,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "hls14.asiancdn.net" ], "ip": [ "192.168.2.111", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 5080099, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6260,10 +5208,10 @@ "http_category": "Content Delivery", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -6287,11 +5235,6 @@ }, { "@timestamp": "2021-11-16T00:30:33.000Z", - "client": { - "bytes": 37822, - "ip": "192.168.2.119", - "port": 59478 - }, "destination": { "as": { "number": 29518, @@ -6323,9 +5266,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:33-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://vortex.data.microsoft.com\" src_ip=\"192.168.2.119\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=59478 dst_port=443 bytes_sent=37822 bytes_received=10552 domain=\"vortex.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2564229952 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:33 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:33-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://vortex.data.microsoft.com\" src_ip=\"192.168.2.119\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=59478 dst_port=443 bytes_sent=37822 bytes_received=10552 domain=\"vortex.data.microsoft.com\" exceptions=\"av,https,validation,policy,zero-day protection\" http_status=\"0\" con_id=2564229952 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -6340,6 +5283,9 @@ "level": "Information" }, "network": { + "bytes": 48374, + "community_id": "1:K65zgDsaOPy5gcKEczvNQTFLBKo=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -6357,36 +5303,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "vortex.data.microsoft.com" ], "ip": [ "192.168.2.119", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 10552, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6399,10 +5323,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -6426,11 +5350,6 @@ }, { "@timestamp": "2021-11-16T00:30:36.000Z", - "client": { - "bytes": 77, - "ip": "192.168.2.112", - "port": 55510 - }, "destination": { "as": { "number": 29518, @@ -6462,9 +5381,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=55510 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=3159008512 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", + "original": "Nov 16 00:30:36 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"General Business\" http_category_type=\"Acceptable\" url=\"http://info.cspserver.net/api/v1/connect-test\" content_type=\"application/octet-stream\" src_ip=\"192.168.2.112\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=55510 dst_port=80 bytes_sent=77 bytes_received=249 domain=\"info.cspserver.net\" http_status=\"200\" con_id=3159008512 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"JPN\"", "outcome": "success", "severity": 6, "type": [ @@ -6484,6 +5403,9 @@ "level": "Information" }, "network": { + "bytes": 326, + "community_id": "1:cKu0fO92LPrHo3C5HNNeSOgH9FQ=", + "protocol": "http", "transport": "tcp" }, "observer": { @@ -6501,36 +5423,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "info.cspserver.net" ], "ip": [ "192.168.2.112", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 249, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 80 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6543,10 +5443,10 @@ "http_category": "General Business", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" @@ -6570,11 +5470,6 @@ }, { "@timestamp": "2021-11-16T00:30:36.000Z", - "client": { - "bytes": 7587, - "ip": "192.168.2.41", - "port": 22570 - }, "destination": { "as": { "number": 29518, @@ -6606,9 +5501,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Advertisements\" http_category_type=\"Unproductive\" url=\"https://us-trc-events.taboola.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22570 dst_port=443 bytes_sent=7587 bytes_received=1633 domain=\"us-trc-events.taboola.com\" http_status=\"0\" con_id=999027328 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:36 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:36-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" web_policy_id=1 http_category=\"Advertisements\" http_category_type=\"Unproductive\" url=\"https://us-trc-events.taboola.com\" src_ip=\"192.168.2.41\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=22570 dst_port=443 bytes_sent=7587 bytes_received=1633 domain=\"us-trc-events.taboola.com\" http_status=\"0\" con_id=999027328 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -6623,6 +5518,9 @@ "level": "Information" }, "network": { + "bytes": 9220, + "community_id": "1:LeC8tH7WeQ1OjZD9lcdxz/yeOTY=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -6640,36 +5538,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "us-trc-events.taboola.com" ], "ip": [ "192.168.2.41", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 1633, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6681,10 +5557,10 @@ "http_category": "Advertisements", "http_category_type": "Unproductive", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "1" @@ -6708,11 +5584,6 @@ }, { "@timestamp": "2021-11-16T00:30:38.000Z", - "client": { - "bytes": 45093, - "ip": "192.168.2.126", - "port": 50210 - }, "destination": { "as": { "number": 29518, @@ -6744,9 +5615,9 @@ "category": [ "network" ], - "code": "050901616001", + "code": "16001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:30:38-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://deviceintegritytokens-pa.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50210 dst_port=443 bytes_sent=45093 bytes_received=2901 domain=\"deviceintegritytokens-pa.googleapis.com\" http_status=\"0\" con_id=408293376 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", + "original": "Nov 16 00:30:38 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:30:38-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=050901616001 log_type=\"Content Filtering\" log_component=\"HTTP\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" web_policy_id=12 http_category=\"Information Technology\" http_category_type=\"Acceptable\" url=\"https://deviceintegritytokens-pa.googleapis.com\" src_ip=\"192.168.2.126\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=50210 dst_port=443 bytes_sent=45093 bytes_received=2901 domain=\"deviceintegritytokens-pa.googleapis.com\" http_status=\"0\" con_id=408293376 app_is_cloud=\"FALSE\" used_quota=\"0\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" src_country=\"R1\" dst_country=\"USA\"", "outcome": "success", "severity": 6, "type": [ @@ -6761,6 +5632,9 @@ "level": "Information" }, "network": { + "bytes": 47994, + "community_id": "1:BBzQYyuzGgeNKM/0H3MJeMFis4I=", + "protocol": "https", "transport": "tcp" }, "observer": { @@ -6778,36 +5652,14 @@ }, "related": { "hosts": [ - "defaulttest.local" + "defaulttest.local", + "deviceintegritytokens-pa.googleapis.com" ], "ip": [ "192.168.2.126", "89.160.20.156" ] }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2901, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_is_cloud": "FALSE", @@ -6819,10 +5671,10 @@ "http_category": "Information Technology", "http_category_type": "Acceptable", "log_component": "HTTP", + "log_id": "050901616001", "log_subtype": "Allowed", "log_type": "Content Filtering", "log_version": "1", - "message_id": "16001", "src_zone_type": "LAN", "used_quota": "0", "web_policy_id": "12" diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json index 544918ba4c8..ad2634d938d 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-event-new.log-expected.json @@ -2,16 +2,13 @@ "expected": [ { "@timestamp": "2021-11-16T02:52:23.000Z", - "client": { - "mac": "00:11:d9:a0:19:11" - }, "ecs": { "version": "8.0.0" }, "event": { - "code": "063411660020", + "code": "60020", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T20:52:23-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.131\" src_mac=\"00:11:d9:a0:19:11\" reported_host=\"TIVO-846001190AE52F2\" message=\"Lease IP 192.168.2.250 renewed for MAC 00:11:d9:a0:19:11\" lease_time=\"345600\"", + "original": "Nov 16 02:52:23 sophos device_name=\"SFW\" timestamp=\"2021-11-15T20:52:23-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.131\" src_mac=\"00:11:d9:a0:19:11\" reported_host=\"TIVO-846001190AE52F2\" message=\"Lease IP 192.168.2.250 renewed for MAC 00:11:d9:a0:19:11\" lease_time=\"345600\"", "severity": 6 }, "host": { @@ -39,17 +36,17 @@ "device_name": "SFW", "lease_time": "345600", "log_component": "DHCP Server", + "log_id": "063411660020", "log_subtype": "System", "log_type": "Event", "log_version": "1", - "message_id": "60020", "reported_host": "TIVO-846001190AE52F2", "reported_ip": "192.168.2.131", "status": "Renew" } }, "source": { - "mac": "00:11:d9:a0:19:11" + "mac": "00-11-D9-A0-19-11" }, "tags": [ "preserve_original_event" @@ -57,16 +54,13 @@ }, { "@timestamp": "2021-11-16T02:57:56.000Z", - "client": { - "mac": "88:57:1d:2d:FF:db" - }, "ecs": { "version": "8.0.0" }, "event": { - "code": "063411660020", + "code": "60020", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T20:57:56-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.112\" src_mac=\"88:57:1d:2d:FF:db\" reported_host=\"TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK\" message=\"Lease IP 192.168.2.250 renewed for MAC 88:57:1d:2d:19:db\" lease_time=\"345600\"", + "original": "Nov 16 02:57:56 sophos device_name=\"SFW\" timestamp=\"2021-11-15T20:57:56-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.112\" src_mac=\"88:57:1d:2d:FF:db\" reported_host=\"TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK\" message=\"Lease IP 192.168.2.250 renewed for MAC 88:57:1d:2d:19:db\" lease_time=\"345600\"", "severity": 6 }, "host": { @@ -94,17 +88,17 @@ "device_name": "SFW", "lease_time": "345600", "log_component": "DHCP Server", + "log_id": "063411660020", "log_subtype": "System", "log_type": "Event", "log_version": "1", - "message_id": "60020", "reported_host": "TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK", "reported_ip": "192.168.2.112", "status": "Renew" } }, "source": { - "mac": "88:57:1d:2d:FF:db" + "mac": "88-57-1D-2D-FF-DB" }, "tags": [ "preserve_original_event" @@ -112,16 +106,13 @@ }, { "@timestamp": "2021-11-16T03:04:08.000Z", - "client": { - "mac": "88:57:1d:2d:FF:db" - }, "ecs": { "version": "8.0.0" }, "event": { - "code": "063411660020", + "code": "60020", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T21:04:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.112\" src_mac=\"88:57:1d:2d:FF:db\" reported_host=\"TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK\" message=\"Lease IP 192.168.2.250 renewed for MAC 88:57:1d:2d:19:db\" lease_time=\"345600\"", + "original": "Nov 16 03:04:08 sophos device_name=\"SFW\" timestamp=\"2021-11-15T21:04:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=063411660020 log_type=\"Event\" log_component=\"DHCP Server\" log_subtype=\"System\" log_version=1 status=\"Renew\" severity=\"Information\" reported_ip=\"192.168.2.112\" src_mac=\"88:57:1d:2d:FF:db\" reported_host=\"TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK\" message=\"Lease IP 192.168.2.250 renewed for MAC 88:57:1d:2d:19:db\" lease_time=\"345600\"", "severity": 6 }, "host": { @@ -149,17 +140,17 @@ "device_name": "SFW", "lease_time": "345600", "log_component": "DHCP Server", + "log_id": "063411660020", "log_subtype": "System", "log_type": "Event", "log_version": "1", - "message_id": "60020", "reported_host": "TIZEN-ODg6NTc6MUQ6MkQ6MTk6REIKK", "reported_ip": "192.168.2.112", "status": "Renew" } }, "source": { - "mac": "88:57:1d:2d:FF:db" + "mac": "88-57-1D-2D-FF-DB" }, "tags": [ "preserve_original_event" diff --git a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json index f07f12ec861..bfd1455c531 100644 --- a/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json +++ b/packages/sophos/data_stream/xg/_dev/test/pipeline/test-xg-firewall-new.log-expected.json @@ -2,14 +2,6 @@ "expected": [ { "@timestamp": "2021-11-16T00:25:00.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", - "nat": { - "ip": "192.168.1.2" - }, - "port": 50875 - }, "destination": { "as": { "number": 29518, @@ -30,7 +22,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -41,9 +33,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:00-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50875 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"3153941760\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:00 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:00-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50875 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"3153941760\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -54,6 +46,7 @@ "level": "Information" }, "network": { + "community_id": "1:+LLtOJSFMre1dW9EhupSeKW7YAo=", "direction": "outbound", "transport": "tcp" }, @@ -89,29 +82,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -127,10 +97,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -138,7 +108,7 @@ }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", + "mac": "00-26-37-EE-47-20", "nat": { "ip": "192.168.1.2" }, @@ -150,14 +120,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "ip": "192.168.2.162", - "mac": "A4:FC:77:2E:BD:6F", - "nat": { - "ip": "192.168.1.2" - }, - "port": 56257 - }, "destination": { "as": { "number": 29518, @@ -178,7 +140,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -189,9 +151,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"A4:FC:77:2E:BD:6F\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.162\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=56257 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151869632\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"A4:FC:77:2E:BD:6F\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.162\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=56257 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151869632\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -202,6 +164,7 @@ "level": "Information" }, "network": { + "community_id": "1:HtDb/A7Cawt4bTv/+4DzHoiT21Q=", "direction": "outbound", "transport": "tcp" }, @@ -237,29 +200,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -275,10 +215,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -286,7 +226,7 @@ }, "source": { "ip": "192.168.2.162", - "mac": "A4:FC:77:2E:BD:6F", + "mac": "A4-FC-77-2E-BD-6F", "nat": { "ip": "192.168.1.2" }, @@ -298,14 +238,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", - "nat": { - "ip": "192.168.1.2" - }, - "port": 50876 - }, "destination": { "as": { "number": 29518, @@ -326,7 +258,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -337,9 +269,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50876 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2719000128\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50876 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2719000128\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -350,6 +282,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZDWJNXIpvgXVte2hLgQgmTbXHlM=", "direction": "outbound", "transport": "tcp" }, @@ -385,29 +318,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -423,10 +333,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -434,7 +344,7 @@ }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", + "mac": "00-26-37-EE-47-20", "nat": { "ip": "192.168.1.2" }, @@ -446,15 +356,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -476,7 +377,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -487,11 +388,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 31000000000, "end": "2021-11-16T00:25:32.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=31 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2718999808\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=31 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2718999808\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:01.000Z" @@ -504,6 +405,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -540,30 +442,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -580,10 +458,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -592,7 +470,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -604,11 +482,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", - "port": 61709 - }, "destination": { "as": { "number": 29518, @@ -639,9 +512,9 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -652,6 +525,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZnwausNTwoW4P/8eFfBQhRAT3HA=", "transport": "udp" }, "observer": { @@ -678,28 +552,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -712,17 +564,17 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", "log_version": "1", - "message_id": "00002", "qualifier": "New", "web_policy_id": "12" } }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", + "mac": "00-26-37-EE-47-20", "port": 61709 }, "tags": [ @@ -731,11 +583,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", - "port": 61709 - }, "destination": { "as": { "number": 29518, @@ -766,9 +613,9 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -779,6 +626,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZnwausNTwoW4P/8eFfBQhRAT3HA=", "transport": "udp" }, "observer": { @@ -805,28 +653,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -839,17 +665,17 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", "log_version": "1", - "message_id": "00002", "qualifier": "New", "web_policy_id": "12" } }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", + "mac": "00-26-37-EE-47-20", "port": 61709 }, "tags": [ @@ -858,13 +684,6 @@ }, { "@timestamp": "2021-11-16T00:25:01.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -885,7 +704,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -895,9 +714,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916030336\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:01 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:01-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916030336\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -908,6 +727,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -943,28 +763,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -981,10 +779,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -992,7 +790,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -1003,15 +801,6 @@ }, { "@timestamp": "2021-11-16T00:25:02.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -1033,7 +822,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -1044,11 +833,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 39000000000, "end": "2021-11-16T00:25:41.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=39 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"3153944000\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:02 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=39 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"3153944000\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:02.000Z" @@ -1061,6 +850,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -1097,30 +887,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1137,10 +903,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -1149,7 +915,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -1161,11 +927,6 @@ }, { "@timestamp": "2021-11-16T00:25:02.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", - "port": 61709 - }, "destination": { "as": { "number": 29518, @@ -1196,9 +957,9 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", + "original": "Nov 16 00:25:02 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -1209,6 +970,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZnwausNTwoW4P/8eFfBQhRAT3HA=", "transport": "udp" }, "observer": { @@ -1235,28 +997,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1269,17 +1009,17 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", "log_version": "1", - "message_id": "00002", "qualifier": "New", "web_policy_id": "12" } }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", + "mac": "00-26-37-EE-47-20", "port": 61709 }, "tags": [ @@ -1288,13 +1028,6 @@ }, { "@timestamp": "2021-11-16T00:25:02.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -1315,7 +1048,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -1325,9 +1058,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916028416\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:02 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:02-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916028416\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -1338,6 +1071,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -1373,28 +1107,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1411,10 +1123,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -1422,7 +1134,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -1433,17 +1145,9 @@ }, { "@timestamp": "2021-11-16T00:25:03.000Z", - "client": { - "ip": "192.168.2.32", - "mac": "00:50:56:9F:CD:68", - "nat": { - "ip": "192.168.1.2" - }, - "port": 59346 - }, "destination": { "ip": "192.168.1.15", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 22083 }, "ecs": { @@ -1454,9 +1158,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:CD:68\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"TCP\" src_port=59346 dst_port=22083 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916031936\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:CD:68\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"TCP\" src_port=59346 dst_port=22083 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916031936\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -1467,6 +1171,7 @@ "level": "Information" }, "network": { + "community_id": "1:/DV0QfCbNT+zQ6Uw/uFj2gAwauc=", "direction": "outbound", "transport": "tcp" }, @@ -1502,11 +1207,6 @@ "rule": { "id": "12" }, - "server": { - "ip": "192.168.1.15", - "mac": "00:50:56:9F:39:33", - "port": 22083 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1522,10 +1222,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -1533,7 +1233,7 @@ }, "source": { "ip": "192.168.2.32", - "mac": "00:50:56:9F:CD:68", + "mac": "00-50-56-9F-CD-68", "nat": { "ip": "192.168.1.2" }, @@ -1545,17 +1245,9 @@ }, { "@timestamp": "2021-11-16T00:25:03.000Z", - "client": { - "ip": "192.168.2.32", - "mac": "00:50:56:9F:CD:68", - "nat": { - "ip": "192.168.1.2" - }, - "port": 59347 - }, "destination": { "ip": "192.168.1.15", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 22083 }, "ecs": { @@ -1566,9 +1258,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:CD:68\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"TCP\" src_port=59347 dst_port=22083 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"172022272\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:CD:68\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.32\" src_country=\"R1\" dst_ip=\"192.168.1.15\" dst_country=\"R1\" protocol=\"TCP\" src_port=59347 dst_port=22083 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"172022272\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -1579,6 +1271,7 @@ "level": "Information" }, "network": { + "community_id": "1:Rwm1xOLBlSEM2BW8ZhsUHQI5aKg=", "direction": "outbound", "transport": "tcp" }, @@ -1614,11 +1307,6 @@ "rule": { "id": "12" }, - "server": { - "ip": "192.168.1.15", - "mac": "00:50:56:9F:39:33", - "port": 22083 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1634,10 +1322,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -1645,7 +1333,7 @@ }, "source": { "ip": "192.168.2.32", - "mac": "00:50:56:9F:CD:68", + "mac": "00-50-56-9F-CD-68", "nat": { "ip": "192.168.1.2" }, @@ -1657,11 +1345,6 @@ }, { "@timestamp": "2021-11-16T00:25:03.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", - "port": 61709 - }, "destination": { "as": { "number": 29518, @@ -1692,9 +1375,9 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", + "original": "Nov 16 00:25:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -1705,6 +1388,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZnwausNTwoW4P/8eFfBQhRAT3HA=", "transport": "udp" }, "observer": { @@ -1731,28 +1415,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1765,17 +1427,17 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", "log_version": "1", - "message_id": "00002", "qualifier": "New", "web_policy_id": "12" } }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", + "mac": "00-26-37-EE-47-20", "port": 61709 }, "tags": [ @@ -1784,15 +1446,6 @@ }, { "@timestamp": "2021-11-16T00:25:03.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -1814,7 +1467,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -1825,11 +1478,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 36000000000, "end": "2021-11-16T00:25:39.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=36 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"408294336\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=36 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"408294336\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:03.000Z" @@ -1842,6 +1495,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -1878,30 +1532,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -1918,10 +1548,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -1930,7 +1560,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -1942,13 +1572,6 @@ }, { "@timestamp": "2021-11-16T00:25:03.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -1969,7 +1592,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -1979,9 +1602,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916030976\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:03 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:03-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916030976\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -1992,6 +1615,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -2027,28 +1651,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -2065,10 +1667,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2076,7 +1678,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -2087,15 +1689,6 @@ }, { "@timestamp": "2021-11-16T00:25:04.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -2117,7 +1710,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -2128,11 +1721,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 35000000000, "end": "2021-11-16T00:25:39.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:04-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=35 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"1000195968\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:04 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:04-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=35 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"1000195968\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:04.000Z" @@ -2145,6 +1738,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -2181,30 +1775,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -2221,10 +1791,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2233,7 +1803,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -2245,13 +1815,6 @@ }, { "@timestamp": "2021-11-16T00:25:04.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -2272,7 +1835,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -2282,9 +1845,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:04-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916029696\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:04 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:04-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2916029696\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -2295,6 +1858,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -2330,28 +1894,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -2368,10 +1910,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2379,7 +1921,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -2390,16 +1932,6 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "bytes": 216, - "ip": "192.168.2.122", - "mac": "2C:AA:8E:2A:5C:23", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 4, - "port": 41242 - }, "destination": { "as": { "number": 29518, @@ -2421,7 +1953,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2, "port": 80 }, @@ -2433,11 +1965,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 18000000000, "end": "2021-11-16T00:25:23.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=18 fw_rule_id=\"19\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=5 app_filter_policy_id=8 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"2C:AA:8E:2A:5C:23\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.122\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=41242 dst_port=80 packets_sent=4 packets_received=2 bytes_sent=216 bytes_received=112 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154390528\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:05 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=18 fw_rule_id=\"19\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=5 app_filter_policy_id=8 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"2C:AA:8E:2A:5C:23\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.122\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=41242 dst_port=80 packets_sent=4 packets_received=2 bytes_sent=216 bytes_received=112 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154390528\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:05.000Z" @@ -2450,6 +1982,7 @@ }, "network": { "bytes": 328, + "community_id": "1:yE0jysLuIr/yu8+Y6xOfy6hOQ9o=", "direction": "outbound", "packets": 6, "transport": "tcp" @@ -2486,31 +2019,6 @@ "rule": { "id": "19" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 112, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2, - "port": 80 - }, "sophos": { "xg": { "app_filter_policy_id": "8", @@ -2526,10 +2034,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "5", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2538,7 +2046,7 @@ "source": { "bytes": 216, "ip": "192.168.2.122", - "mac": "2C:AA:8E:2A:5C:23", + "mac": "2C-AA-8E-2A-5C-23", "nat": { "ip": "192.168.1.2" }, @@ -2551,11 +2059,6 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", - "port": 61709 - }, "destination": { "as": { "number": 29518, @@ -2586,9 +2089,9 @@ "category": [ "network" ], - "code": "010102600002", + "code": "00002", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", + "original": "Nov 16 00:25:05 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010102600002\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"IPv4 (0x0800)\" in_interface=\"Port1\" src_mac=\"00:26:37:ee:47:20\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=61709 dst_port=443 hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -2599,6 +2102,7 @@ "level": "Information" }, "network": { + "community_id": "1:ZnwausNTwoW4P/8eFfBQhRAT3HA=", "transport": "udp" }, "observer": { @@ -2625,28 +2129,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -2659,17 +2141,17 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010102600002", "log_subtype": "Denied", "log_type": "Firewall", "log_version": "1", - "message_id": "00002", "qualifier": "New", "web_policy_id": "12" } }, "source": { "ip": "192.168.2.111", - "mac": "00:26:37:ee:47:20", + "mac": "00-26-37-EE-47-20", "port": 61709 }, "tags": [ @@ -2678,15 +2160,6 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -2708,7 +2181,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -2719,11 +2192,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 37000000000, "end": "2021-11-16T00:25:42.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=37 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"999027328\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:05 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=37 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"999027328\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:05.000Z" @@ -2736,6 +2209,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -2772,30 +2246,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -2812,10 +2262,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2824,7 +2274,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -2836,17 +2286,9 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "ip": "192.168.2.112", - "mac": "88:57:1D:2D:19:DB", - "nat": { - "ip": "192.168.1.2" - }, - "port": 47944 - }, "destination": { "ip": "192.168.10.1", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 53 }, "ecs": { @@ -2857,9 +2299,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"DNS\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"88:57:1D:2D:19:DB\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.112\" src_country=\"R1\" dst_ip=\"192.168.10.1\" dst_country=\"R1\" protocol=\"UDP\" src_port=47944 dst_port=53 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685088064\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:05 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"DNS\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"88:57:1D:2D:19:DB\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.112\" src_country=\"R1\" dst_ip=\"192.168.10.1\" dst_country=\"R1\" protocol=\"UDP\" src_port=47944 dst_port=53 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685088064\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -2870,6 +2312,7 @@ "level": "Information" }, "network": { + "community_id": "1:SzLgL7P9G3J1F+EaxSxNnK8jT7Y=", "direction": "outbound", "transport": "udp" }, @@ -2905,11 +2348,6 @@ "rule": { "id": "12" }, - "server": { - "ip": "192.168.10.1", - "mac": "00:50:56:9F:39:33", - "port": 53 - }, "sophos": { "xg": { "app_category": "Infrastructure", @@ -2929,10 +2367,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -2940,7 +2378,7 @@ }, "source": { "ip": "192.168.2.112", - "mac": "88:57:1D:2D:19:DB", + "mac": "88-57-1D-2D-19-DB", "nat": { "ip": "192.168.1.2" }, @@ -2952,14 +2390,6 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "ip": "192.168.2.112", - "mac": "88:57:1D:2D:19:DB", - "nat": { - "ip": "192.168.1.2" - }, - "port": 55499 - }, "destination": { "as": { "number": 29518, @@ -2980,7 +2410,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 80 }, "ecs": { @@ -2991,9 +2421,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"88:57:1D:2D:19:DB\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.112\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"JPN\" protocol=\"TCP\" src_port=55499 dst_port=80 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151867392\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:05 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"88:57:1D:2D:19:DB\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.112\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"JPN\" protocol=\"TCP\" src_port=55499 dst_port=80 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151867392\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -3004,6 +2434,7 @@ "level": "Information" }, "network": { + "community_id": "1:A9nGLtydX88jyXav0D5T0E86NGc=", "direction": "outbound", "transport": "tcp" }, @@ -3039,29 +2470,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 80 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -3077,10 +2485,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3088,7 +2496,7 @@ }, "source": { "ip": "192.168.2.112", - "mac": "88:57:1D:2D:19:DB", + "mac": "88-57-1D-2D-19-DB", "nat": { "ip": "192.168.1.2" }, @@ -3100,13 +2508,6 @@ }, { "@timestamp": "2021-11-16T00:25:05.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -3127,7 +2528,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -3137,9 +2538,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151870592\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:06 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:05-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151870592\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -3150,6 +2551,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -3185,28 +2587,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -3223,10 +2603,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3234,7 +2614,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -3245,16 +2625,6 @@ }, { "@timestamp": "2021-11-16T00:25:06.000Z", - "client": { - "bytes": 216, - "ip": "192.168.2.118", - "mac": "2C:AA:8E:1D:B6:D9", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 4, - "port": 44720 - }, "destination": { "as": { "number": 29518, @@ -3276,7 +2646,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2, "port": 80 }, @@ -3288,11 +2658,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 16000000000, "end": "2021-11-16T00:25:22.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=16 fw_rule_id=\"19\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=5 app_filter_policy_id=8 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"2C:AA:8E:1D:B6:D9\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.118\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=44720 dst_port=80 packets_sent=4 packets_received=2 bytes_sent=216 bytes_received=112 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"172108928\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:06 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=16 fw_rule_id=\"19\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=5 app_filter_policy_id=8 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"2C:AA:8E:1D:B6:D9\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.118\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=44720 dst_port=80 packets_sent=4 packets_received=2 bytes_sent=216 bytes_received=112 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"172108928\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:06.000Z" @@ -3305,6 +2675,7 @@ }, "network": { "bytes": 328, + "community_id": "1:L9WhSq7YQlTvbUl3xZX4AGLRKTA=", "direction": "outbound", "packets": 6, "transport": "tcp" @@ -3341,31 +2712,6 @@ "rule": { "id": "19" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 112, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2, - "port": 80 - }, "sophos": { "xg": { "app_filter_policy_id": "8", @@ -3381,10 +2727,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "5", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3393,7 +2739,7 @@ "source": { "bytes": 216, "ip": "192.168.2.118", - "mac": "2C:AA:8E:1D:B6:D9", + "mac": "2C-AA-8E-1D-B6-D9", "nat": { "ip": "192.168.1.2" }, @@ -3406,14 +2752,9 @@ }, { "@timestamp": "2021-11-16T00:25:06.000Z", - "client": { - "ip": "192.168.3.36", - "mac": "00:50:56:9F:49:13", - "port": 48524 - }, "destination": { "ip": "192.168.2.90", - "mac": "00:50:56:9F:EF:8A", + "mac": "00-50-56-9F-EF-8A", "port": 9988 }, "ecs": { @@ -3424,9 +2765,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=4 ips_policy_id=6 app_filter_policy_id=7 ether_type=\"Unknown (0x0000)\" in_interface=\"Port3\" out_interface=\"Port1\" src_mac=\"00:50:56:9F:49:13\" dst_mac=\"00:50:56:9F:EF:8A\" src_ip=\"192.168.3.36\" src_country=\"R1\" dst_ip=\"192.168.2.90\" dst_country=\"R1\" protocol=\"TCP\" src_port=48524 dst_port=9988 src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" con_event=\"Start\" con_id=\"2685088384\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port3\" out_display_interface=\"Port1\"", + "original": "Nov 16 00:25:06 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:06-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"16\" nat_rule_id=\"0\" fw_rule_type=\"USER\" web_policy_id=4 ips_policy_id=6 app_filter_policy_id=7 ether_type=\"Unknown (0x0000)\" in_interface=\"Port3\" out_interface=\"Port1\" src_mac=\"00:50:56:9F:49:13\" dst_mac=\"00:50:56:9F:EF:8A\" src_ip=\"192.168.3.36\" src_country=\"R1\" dst_ip=\"192.168.2.90\" dst_country=\"R1\" protocol=\"TCP\" src_port=48524 dst_port=9988 src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" con_event=\"Start\" con_id=\"2685088384\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port3\" out_display_interface=\"Port1\"", "outcome": "success", "severity": 6 }, @@ -3437,6 +2778,7 @@ "level": "Information" }, "network": { + "community_id": "1:gUo0Arcewuv8odd5nUkvef58RUY=", "direction": "internal", "transport": "tcp" }, @@ -3471,11 +2813,6 @@ "rule": { "id": "16" }, - "server": { - "ip": "192.168.2.90", - "mac": "00:50:56:9F:EF:8A", - "port": 9988 - }, "sophos": { "xg": { "app_filter_policy_id": "7", @@ -3491,10 +2828,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "6", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "DMZ", "web_policy_id": "4" @@ -3502,7 +2839,7 @@ }, "source": { "ip": "192.168.3.36", - "mac": "00:50:56:9F:49:13", + "mac": "00-50-56-9F-49-13", "port": 48524 }, "tags": [ @@ -3511,13 +2848,6 @@ }, { "@timestamp": "2021-11-16T00:25:07.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -3538,7 +2868,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -3548,9 +2878,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:07-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"172105728\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:07 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:07-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"172105728\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -3561,6 +2891,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -3596,28 +2927,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -3634,10 +2943,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3645,7 +2954,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -3656,13 +2965,6 @@ }, { "@timestamp": "2021-11-16T00:25:08.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -3683,7 +2985,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -3693,9 +2995,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407386944\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:08 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407386944\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -3706,6 +3008,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -3741,28 +3044,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -3779,10 +3060,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3790,7 +3071,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -3801,15 +3082,6 @@ }, { "@timestamp": "2021-11-16T00:25:08.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -3831,7 +3103,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -3842,11 +3114,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 33000000000, "end": "2021-11-16T00:25:41.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=33 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407384064\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:08 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=33 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407384064\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:08.000Z" @@ -3859,6 +3131,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -3895,30 +3168,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -3935,10 +3184,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -3947,7 +3196,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -3959,16 +3208,6 @@ }, { "@timestamp": "2021-11-16T00:25:08.000Z", - "client": { - "bytes": 9718, - "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 31, - "port": 50872 - }, "destination": { "as": { "number": 29518, @@ -3990,7 +3229,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 31, "port": 443 }, @@ -4002,11 +3241,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 19000000000, "end": "2021-11-16T00:25:27.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=19 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Youtube Website\" app_risk=3 app_technology=\"Browser Based\" app_category=\"Streaming Media\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50872 dst_port=443 packets_sent=31 packets_received=31 bytes_sent=9718 bytes_received=4992 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154391168\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:08 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=19 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Youtube Website\" app_risk=3 app_technology=\"Browser Based\" app_category=\"Streaming Media\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:26:37:EE:47:20\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.111\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=50872 dst_port=443 packets_sent=31 packets_received=31 bytes_sent=9718 bytes_received=4992 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154391168\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:08.000Z" @@ -4019,6 +3258,7 @@ }, "network": { "bytes": 14710, + "community_id": "1:KAm8/ZZndcBcau4rHnFdb2+8OPM=", "direction": "outbound", "packets": 62, "transport": "tcp" @@ -4055,31 +3295,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 4992, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 31, - "port": 443 - }, "sophos": { "xg": { "app_category": "Streaming Media", @@ -4099,10 +3314,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4111,7 +3326,7 @@ "source": { "bytes": 9718, "ip": "192.168.2.111", - "mac": "00:26:37:EE:47:20", + "mac": "00-26-37-EE-47-20", "nat": { "ip": "192.168.1.2" }, @@ -4124,15 +3339,6 @@ }, { "@timestamp": "2021-11-16T00:25:08.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -4154,7 +3360,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -4165,11 +3371,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 35000000000, "end": "2021-11-16T00:25:43.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=35 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2719001728\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:08 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:08-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=35 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2719001728\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:08.000Z" @@ -4182,6 +3388,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -4218,30 +3425,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -4258,10 +3441,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4270,7 +3453,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -4282,13 +3465,6 @@ }, { "@timestamp": "2021-11-16T00:25:09.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -4309,7 +3485,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -4319,9 +3495,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000196608\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:09 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000196608\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -4332,6 +3508,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -4367,28 +3544,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -4405,10 +3560,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4416,7 +3571,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -4427,15 +3582,6 @@ }, { "@timestamp": "2021-11-16T00:25:09.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -4457,7 +3603,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -4468,11 +3614,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 38000000000, "end": "2021-11-16T00:25:47.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=38 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2719001088\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:09 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=38 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2719001088\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:09.000Z" @@ -4485,6 +3631,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -4521,30 +3668,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -4561,10 +3684,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4573,7 +3696,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -4585,17 +3708,9 @@ }, { "@timestamp": "2021-11-16T00:25:09.000Z", - "client": { - "ip": "192.168.2.16", - "mac": "00:50:56:9F:B1:FE", - "nat": { - "ip": "192.168.1.2" - }, - "port": 63043 - }, "destination": { "ip": "192.168.1.167", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 8089 }, "ecs": { @@ -4606,9 +3721,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:B1:FE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.16\" src_country=\"R1\" dst_ip=\"192.168.1.167\" dst_country=\"R1\" protocol=\"TCP\" src_port=63043 dst_port=8089 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685089984\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:09 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"00:50:56:9F:B1:FE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.16\" src_country=\"R1\" dst_ip=\"192.168.1.167\" dst_country=\"R1\" protocol=\"TCP\" src_port=63043 dst_port=8089 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685089984\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -4619,6 +3734,7 @@ "level": "Information" }, "network": { + "community_id": "1:hfa1jnJgUmQh1436zNSd1MlKD0s=", "direction": "outbound", "transport": "tcp" }, @@ -4654,11 +3770,6 @@ "rule": { "id": "12" }, - "server": { - "ip": "192.168.1.167", - "mac": "00:50:56:9F:39:33", - "port": 8089 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -4674,10 +3785,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4685,7 +3796,7 @@ }, "source": { "ip": "192.168.2.16", - "mac": "00:50:56:9F:B1:FE", + "mac": "00-50-56-9F-B1-FE", "nat": { "ip": "192.168.1.2" }, @@ -4697,16 +3808,6 @@ }, { "@timestamp": "2021-11-16T00:25:09.000Z", - "client": { - "bytes": 2297, - "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 20, - "port": 21957 - }, "destination": { "as": { "number": 29518, @@ -4728,7 +3829,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 22, "port": 443 }, @@ -4740,11 +3841,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 411000000000, "end": "2021-11-16T00:32:00.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=411 fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Secure Socket Layer Protocol\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=21957 dst_port=443 packets_sent=20 packets_received=22 bytes_sent=2297 bytes_received=2229 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407759360\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:09 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:09-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=411 fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Secure Socket Layer Protocol\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" protocol=\"TCP\" src_port=21957 dst_port=443 packets_sent=20 packets_received=22 bytes_sent=2297 bytes_received=2229 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407759360\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:09.000Z" @@ -4757,6 +3858,7 @@ }, "network": { "bytes": 4526, + "community_id": "1:xZOGkb0HEBsD48VnnxecaWb1xBA=", "direction": "outbound", "packets": 42, "transport": "tcp" @@ -4793,31 +3895,6 @@ "rule": { "id": "11" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 2229, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 22, - "port": 443 - }, "sophos": { "xg": { "app_category": "Infrastructure", @@ -4837,10 +3914,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "1" @@ -4849,7 +3926,7 @@ "source": { "bytes": 2297, "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", + "mac": "24-4B-FE-DD-C6-CE", "nat": { "ip": "192.168.1.2" }, @@ -4862,13 +3939,6 @@ }, { "@timestamp": "2021-11-16T00:25:10.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -4889,7 +3959,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -4899,9 +3969,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000197248\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:10 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000197248\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -4912,6 +3982,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -4947,28 +4018,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -4985,10 +4034,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -4996,7 +4045,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -5007,15 +4056,6 @@ }, { "@timestamp": "2021-11-16T00:25:10.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -5037,7 +4077,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -5048,11 +4088,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 32000000000, "end": "2021-11-16T00:25:42.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=32 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385024\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:10 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=32 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385024\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:10.000Z" @@ -5065,6 +4105,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -5101,30 +4142,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5141,10 +4158,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -5153,7 +4170,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -5165,15 +4182,6 @@ }, { "@timestamp": "2021-11-16T00:25:10.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -5195,7 +4203,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -5206,11 +4214,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 30000000000, "end": "2021-11-16T00:25:40.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=30 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154696512\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:10 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:10-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=30 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"154696512\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:10.000Z" @@ -5223,6 +4231,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -5259,30 +4268,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5299,10 +4284,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -5311,7 +4296,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -5323,13 +4308,6 @@ }, { "@timestamp": "2021-11-16T00:25:11.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -5350,7 +4328,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -5360,9 +4338,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"154391168\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:11 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"154391168\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -5373,6 +4351,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -5408,28 +4387,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5446,10 +4403,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -5457,7 +4414,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -5468,15 +4425,6 @@ }, { "@timestamp": "2021-11-16T00:25:11.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -5498,7 +4446,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -5509,11 +4457,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 32000000000, "end": "2021-11-16T00:25:43.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=32 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385984\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:11 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=32 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385984\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:11.000Z" @@ -5526,6 +4474,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -5562,30 +4511,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5602,10 +4527,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -5614,7 +4539,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -5626,14 +4551,6 @@ }, { "@timestamp": "2021-11-16T00:25:11.000Z", - "client": { - "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", - "nat": { - "ip": "192.168.1.2" - }, - "port": 59335 - }, "destination": { "as": { "number": 29518, @@ -5654,7 +4571,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -5665,9 +4582,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=59335 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685088704\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:11 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:11-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=59335 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2685088704\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -5678,6 +4595,7 @@ "level": "Information" }, "network": { + "community_id": "1:Jdy+51i0g2ubEnGv7jt3wjeQlpM=", "direction": "outbound", "transport": "udp" }, @@ -5713,29 +4631,6 @@ "rule": { "id": "11" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5751,10 +4646,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "1" @@ -5762,7 +4657,7 @@ }, "source": { "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", + "mac": "24-4B-FE-DD-C6-CE", "nat": { "ip": "192.168.1.2" }, @@ -5774,15 +4669,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -5804,7 +4690,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -5815,11 +4701,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 38000000000, "end": "2021-11-16T00:25:50.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=38 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"1000194368\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=38 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"1000194368\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:12.000Z" @@ -5832,6 +4718,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -5868,30 +4755,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -5908,10 +4771,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -5920,7 +4783,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -5932,13 +4795,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -5959,7 +4815,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -5969,9 +4825,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2694935808\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2694935808\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -5982,6 +4838,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -6017,28 +4874,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6055,10 +4890,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -6066,7 +4901,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -6077,13 +4912,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "ip": "192.168.2.105", - "mac": "54:60:09:FD:33:EC", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -6104,7 +4932,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -6114,9 +4942,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"54:60:09:FD:33:EC\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.105\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000194368\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"54:60:09:FD:33:EC\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.105\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"1000194368\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -6127,6 +4955,7 @@ "level": "Information" }, "network": { + "community_id": "1:SNjkSX+hbh9N9cWDA8/QTiAkR6A=", "direction": "outbound", "transport": "icmp" }, @@ -6162,28 +4991,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6200,10 +5007,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -6211,7 +5018,7 @@ }, "source": { "ip": "192.168.2.105", - "mac": "54:60:09:FD:33:EC", + "mac": "54-60-09-FD-33-EC", "nat": { "ip": "192.168.1.2" } @@ -6222,14 +5029,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", - "nat": { - "ip": "192.168.1.2" - }, - "port": 62171 - }, "destination": { "as": { "number": 29518, @@ -6250,7 +5049,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -6261,9 +5060,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=62171 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151868992\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=62171 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"151868992\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -6274,6 +5073,7 @@ "level": "Information" }, "network": { + "community_id": "1:gR1AsNgZns9n/Yw1U6j4HYB0R9k=", "direction": "outbound", "transport": "udp" }, @@ -6309,29 +5109,6 @@ "rule": { "id": "11" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6347,10 +5124,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "1" @@ -6358,7 +5135,7 @@ }, "source": { "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", + "mac": "24-4B-FE-DD-C6-CE", "nat": { "ip": "192.168.1.2" }, @@ -6370,16 +5147,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "bytes": 1030, - "ip": "192.168.2.110", - "mac": "34:C9:3D:23:51:C2", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 11, - "port": 53271 - }, "destination": { "as": { "number": 29518, @@ -6401,7 +5168,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 13, "port": 443 }, @@ -6413,11 +5180,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 17000000000, "end": "2021-11-16T00:25:29.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=17 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Secure Socket Layer Protocol\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"34:C9:3D:23:51:C2\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.110\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=53271 dst_port=443 packets_sent=11 packets_received=13 bytes_sent=1030 bytes_received=6770 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"172106048\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=17 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"Secure Socket Layer Protocol\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"34:C9:3D:23:51:C2\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.110\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"TCP\" src_port=53271 dst_port=443 packets_sent=11 packets_received=13 bytes_sent=1030 bytes_received=6770 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"172106048\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:12.000Z" @@ -6430,6 +5197,7 @@ }, "network": { "bytes": 7800, + "community_id": "1:crPYLupMv69l6bjRDZCcrWpHWrs=", "direction": "outbound", "packets": 24, "transport": "tcp" @@ -6466,31 +5234,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 6770, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 13, - "port": 443 - }, "sophos": { "xg": { "app_category": "Infrastructure", @@ -6510,10 +5253,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -6522,7 +5265,7 @@ "source": { "bytes": 1030, "ip": "192.168.2.110", - "mac": "34:C9:3D:23:51:C2", + "mac": "34-C9-3D-23-51-C2", "nat": { "ip": "192.168.1.2" }, @@ -6535,14 +5278,6 @@ }, { "@timestamp": "2021-11-16T00:25:12.000Z", - "client": { - "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", - "nat": { - "ip": "192.168.1.2" - }, - "port": 52915 - }, "destination": { "as": { "number": 29518, @@ -6563,7 +5298,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -6574,9 +5309,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=52915 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407385024\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:12 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:12-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=52915 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407385024\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -6587,6 +5322,7 @@ "level": "Information" }, "network": { + "community_id": "1:EHmkZS4ByA4QLRL4a20ddi/HHHk=", "direction": "outbound", "transport": "udp" }, @@ -6622,29 +5358,6 @@ "rule": { "id": "11" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6660,10 +5373,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "1" @@ -6671,7 +5384,7 @@ }, "source": { "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", + "mac": "24-4B-FE-DD-C6-CE", "nat": { "ip": "192.168.1.2" }, @@ -6683,13 +5396,6 @@ }, { "@timestamp": "2021-11-16T00:25:13.000Z", - "client": { - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - } - }, "destination": { "as": { "number": 29518, @@ -6710,7 +5416,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" + "mac": "00-50-56-9F-39-33" }, "ecs": { "version": "8.0.0" @@ -6720,9 +5426,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407386624\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:13 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407386624\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -6733,6 +5439,7 @@ "level": "Information" }, "network": { + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "transport": "icmp" }, @@ -6768,28 +5475,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33" - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6806,10 +5491,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -6817,7 +5502,7 @@ }, "source": { "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" } @@ -6828,15 +5513,6 @@ }, { "@timestamp": "2021-11-16T00:25:13.000Z", - "client": { - "bytes": 168, - "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", - "nat": { - "ip": "192.168.1.2" - }, - "packets": 2 - }, "destination": { "as": { "number": 29518, @@ -6858,7 +5534,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "packets": 2 }, "ecs": { @@ -6869,11 +5545,11 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "duration": 37000000000, "end": "2021-11-16T00:25:50.000Z", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=37 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385344\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:13 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=37 fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"10:BF:48:7D:ED:22\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.121\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"AUS\" protocol=\"ICMP\" icmp_type=8 packets_sent=2 packets_received=2 bytes_sent=168 bytes_received=168 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"407385344\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6, "start": "2021-11-16T00:25:13.000Z" @@ -6886,6 +5562,7 @@ }, "network": { "bytes": 336, + "community_id": "1:k8knu+ZpQWfBknRiJ4i22/T9XTQ=", "direction": "outbound", "packets": 4, "transport": "icmp" @@ -6922,30 +5599,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "bytes": 168, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "packets": 2 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -6962,10 +5615,10 @@ "icmp_type": "8", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -6974,7 +5627,7 @@ "source": { "bytes": 168, "ip": "192.168.2.121", - "mac": "10:BF:48:7D:ED:22", + "mac": "10-BF-48-7D-ED-22", "nat": { "ip": "192.168.1.2" }, @@ -6986,14 +5639,6 @@ }, { "@timestamp": "2021-11-16T00:25:13.000Z", - "client": { - "ip": "192.168.2.105", - "mac": "54:60:09:FD:33:EC", - "nat": { - "ip": "192.168.1.2" - }, - "port": 34141 - }, "destination": { "as": { "number": 29518, @@ -7014,7 +5659,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 53 }, "ecs": { @@ -7025,9 +5670,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"DNS\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"54:60:09:FD:33:EC\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.105\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=34141 dst_port=53 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407385344\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:13 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"12\" nat_rule_id=\"12\" fw_rule_type=\"USER\" web_policy_id=12 ips_policy_id=8 app_filter_policy_id=6 app_name=\"DNS\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"54:60:09:FD:33:EC\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.105\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=34141 dst_port=53 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"407385344\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -7038,6 +5683,7 @@ "level": "Information" }, "network": { + "community_id": "1:N+DzmHb2/WnL1heTDhNw0OiuqoE=", "direction": "outbound", "transport": "udp" }, @@ -7073,29 +5719,6 @@ "rule": { "id": "12" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 53 - }, "sophos": { "xg": { "app_category": "Infrastructure", @@ -7115,10 +5738,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "12" @@ -7126,7 +5749,7 @@ }, "source": { "ip": "192.168.2.105", - "mac": "54:60:09:FD:33:EC", + "mac": "54-60-09-FD-33-EC", "nat": { "ip": "192.168.1.2" }, @@ -7138,14 +5761,6 @@ }, { "@timestamp": "2021-11-16T00:25:13.000Z", - "client": { - "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", - "nat": { - "ip": "192.168.1.2" - }, - "port": 51751 - }, "destination": { "as": { "number": 29518, @@ -7166,7 +5781,7 @@ "region_name": "Östergötland County" }, "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", + "mac": "00-50-56-9F-39-33", "port": 443 }, "ecs": { @@ -7177,9 +5792,9 @@ "category": [ "network" ], - "code": "010101600001", + "code": "00001", "kind": "event", - "original": "device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=51751 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2719001088\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", + "original": "Nov 16 00:25:13 sophos device_name=\"SFW\" timestamp=\"2021-11-15T18:25:13-0600\" device_model=\"SFVH\" device_serial_id=\"C01001BQC8TFFFF\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"11\" nat_rule_id=\"9\" fw_rule_type=\"USER\" web_policy_id=1 ips_policy_id=8 app_filter_policy_id=6 ether_type=\"Unknown (0x0000)\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=\"24:4B:FE:DD:C6:CE\" dst_mac=\"00:50:56:9F:39:33\" src_ip=\"192.168.2.41\" src_country=\"R1\" dst_ip=\"89.160.20.156\" dst_country=\"USA\" protocol=\"UDP\" src_port=51751 dst_port=443 src_trans_ip=\"192.168.1.2\" src_zone_type=\"LAN\" src_zone=\"LAN\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"2719001088\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port1\" out_display_interface=\"Port2\"", "outcome": "success", "severity": 6 }, @@ -7190,6 +5805,7 @@ "level": "Information" }, "network": { + "community_id": "1:PIPOxz7MFoD83qug+wZ2svTtuoQ=", "direction": "outbound", "transport": "udp" }, @@ -7225,29 +5841,6 @@ "rule": { "id": "11" }, - "server": { - "as": { - "number": 29518, - "organization": { - "name": "Bredband2 AB" - } - }, - "geo": { - "city_name": "Linköping", - "continent_name": "Europe", - "country_iso_code": "SE", - "country_name": "Sweden", - "location": { - "lat": 58.4167, - "lon": 15.6167 - }, - "region_iso_code": "SE-E", - "region_name": "Östergötland County" - }, - "ip": "89.160.20.156", - "mac": "00:50:56:9F:39:33", - "port": 443 - }, "sophos": { "xg": { "app_filter_policy_id": "6", @@ -7263,10 +5856,10 @@ "hb_status": "No Heartbeat", "ips_policy_id": "8", "log_component": "Firewall Rule", + "log_id": "010101600001", "log_subtype": "Allowed", "log_type": "Firewall", "log_version": "1", - "message_id": "00001", "qualifier": "New", "src_zone_type": "LAN", "web_policy_id": "1" @@ -7274,7 +5867,7 @@ }, "source": { "ip": "192.168.2.41", - "mac": "24:4B:FE:DD:C6:CE", + "mac": "24-4B-FE-DD-C6-CE", "nat": { "ip": "192.168.1.2" }, diff --git a/packages/sophos/data_stream/xg/_dev/test/system/test-logfile-config.yml b/packages/sophos/data_stream/xg/_dev/test/system/test-logfile-config.yml deleted file mode 100644 index 4483fa5ddfe..00000000000 --- a/packages/sophos/data_stream/xg/_dev/test/system/test-logfile-config.yml +++ /dev/null @@ -1,11 +0,0 @@ -service: sophos-logfile -input: logfile -data_stream: - vars: - paths: - - "{{SERVICE_LOGS_DIR}}/sophos-xg*.log" - known_devices: | - - hostname: XG230 - serial_number: "1234567890123456" - - hostname: SG430 - serial_number: "S4000806149EE49" diff --git a/packages/sophos/data_stream/xg/_dev/test/system/test-tcp-config.yml b/packages/sophos/data_stream/xg/_dev/test/system/test-tcp-config.yml deleted file mode 100644 index 5ac7ed1771b..00000000000 --- a/packages/sophos/data_stream/xg/_dev/test/system/test-tcp-config.yml +++ /dev/null @@ -1,12 +0,0 @@ -service: sophos-xg-tcp -service_notify_signal: SIGHUP -input: tcp -data_stream: - vars: - syslog_host: 0.0.0.0 - syslog_port: 9549 - known_devices: | - - hostname: XG230 - serial_number: "1234567890123456" - - hostname: SG430 - serial_number: "S4000806149EE49" diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml index 3d10bd560a3..f26954b62ef 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for parsing sophos firewall logs (cfilter pipeline) +description: Pipeline for parsing Sophos XG firewall logs (anti-spam pipeline). processors: ####################### ## ECS Event Mapping ## @@ -18,15 +18,15 @@ processors: - set: field: event.kind value: alert - if: '["13001", "13002", "13004", "13005", "13006", "13009", "13012", "13014", "14001", "14002", "15001", "15002"].contains(ctx.sophos?.xg?.message_id)' + if: '["13001", "13002", "13004", "13005", "13006", "13009", "13012", "13014", "14001", "14002", "15001", "15002"].contains(ctx.event?.code)' - append: field: event.category value: malware - if: '["13001", "13002", "13004", "13005", "13006", "13009", "13014", "14001", "14002", "15001", "15002"].contains(ctx.sophos?.xg?.message_id)' + if: '["13001", "13002", "13004", "13005", "13006", "13009", "13014", "14001", "14002", "15001", "15002"].contains(ctx.event?.code)' - append: field: event.category value: intrusion_detection - if: "ctx.sophos?.xg?.message_id == '13012'" + if: "ctx.event?.code == '13012'" - append: field: event.category value: network @@ -35,17 +35,18 @@ processors: value: - allowed - connection - if: '["13003", "13007", "13008", "13010", "13013", "14003", "15003", "18035"].contains(ctx.sophos?.xg?.message_id)' + if: '["13003", "13007", "13008", "13010", "13013", "14003", "15003", "18035"].contains(ctx.event?.code)' - append: field: event.type value: - info - denied - connection - if: '["13001", "13002", "13004", "13005", "13006", "13009", "13012", "13014", "14001", "14002", "15001", "15002"].contains(ctx.sophos?.xg?.message_id)' + if: '["13001", "13002", "13004", "13005", "13006", "13009", "13012", "13014", "14001", "14002", "15001", "15002"].contains(ctx.event?.code)' + #################################### -## ECS Server/Destination Mapping ## +## ECS Destination Mapping #################################### - rename: field: sophos.xg.dst_ip @@ -65,7 +66,7 @@ processors: ignore_missing: true ############################### -## ECS Client/Source Mapping ## +## ECS Source Mapping ############################### - rename: field: sophos.xg.src_ip @@ -87,82 +88,16 @@ processors: target_field: source.domain ignore_missing: true -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name +- lowercase: + field: sophos.xg.log_component + target_field: network.protocol ignore_missing: true ############# diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml index 1169b490940..e897921113b 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml @@ -31,26 +31,21 @@ processors: - set: field: event.kind value: event - if: '["09002"].contains(ctx.sophos?.xg?.message_id)' + if: '["09002"].contains(ctx.event?.code)' - append: field: event.type value: - allowed - connection - if: '["09002"].contains(ctx.sophos?.xg?.message_id)' + if: '["09002"].contains(ctx.event?.code)' - append: field: event.category value: network - if: '["09002"].contains(ctx.sophos?.xg?.message_id)' -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.event?.code == null" + if: '["09002"].contains(ctx.event?.code)' -#################################### -## ECS Server/Destination Mapping ## -#################################### +############################# +## ECS Destination Mapping ## +############################# - rename: field: sophos.xg.dst_ip target_field: destination.ip @@ -68,10 +63,18 @@ processors: target_field: destination.user.email ignore_missing: true if: "ctx.sophos?.xg?.to_email_address != null" +- rename: + field: sophos.xg.dstdomain + target_field: destination.domain + ignore_failure: true +- rename: + field: sophos.xg.dst_domainname + target_field: destination.domain + ignore_failure: true -############################### -## ECS Client/Source Mapping ## -############################### +######################## +## ECS Source Mapping ## +######################## - rename: field: sophos.xg.src_ip target_field: source.ip @@ -94,6 +97,10 @@ processors: target_field: source.user.email ignore_missing: true if: "ctx.sophos?.xg?.from_email_address != null" +- rename: + field: sophos.xg.src_domainname + target_field: source.domain + ignore_failure: true ###################### ## ECS Rule Mapping ## @@ -112,21 +119,19 @@ processors: target_field: url.original ignore_missing: true if: "ctx.sophos?.xg?.url != null" +- uri_parts: + if: ctx.url?.original != null && ctx.url.original.contains("://") + field: url.original + target_field: url +- set: + if: ctx.url?.original != null && ctx.url.original.contains("://") + field: url.full + copy_from: url.original + ignore_empty_value: true - rename: field: sophos.xg.domainname target_field: url.domain - ignore_missing: true - if: "ctx.sophos?.xg?.domainname != null" -- rename: - field: sophos.xg.dst_domainname - target_field: url.domain - ignore_missing: true - if: "ctx.sophos?.xg?.dst_domainname != null && ctx?.url?.domain == null" -- rename: - field: sophos.xg.src_domainname - target_field: url.domain - ignore_missing: true - if: "ctx.sophos?.xg?.src_domainname != null" + ignore_failure: true ############################ ## ECS User Agent Mapping ## @@ -165,103 +170,18 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.file_path != null" -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true - if: "ctx.sophos?.xg?.protocol != null" -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name +- lowercase: + field: sophos.xg.log_component + target_field: network.protocol ignore_missing: true -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" ############# ## Cleanup ## ############# @@ -270,6 +190,7 @@ processors: ignore_failure: true - remove: field: + - sophos.xg.domainname - sophos.xg.dst_port - sophos.xg.src_port - sophos.xg.status_code diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml index 23eb4f07460..47bcb458a6f 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml @@ -20,18 +20,13 @@ processors: value: - intrusion_detection - network - if: '["18009", "18010"].contains(ctx.sophos?.xg?.message_id)' + if: '["18009", "18010"].contains(ctx.event?.code)' - append: field: event.type value: - denied - connection - if: '["18009", "18010"].contains(ctx.sophos?.xg?.message_id)' -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.event?.code == null" + if: '["18009", "18010"].contains(ctx.event?.code)' - rename: field: sophos.xg.eventid target_field: event.id @@ -87,114 +82,27 @@ processors: target_field: url.original ignore_missing: true if: "ctx.sophos?.xg?.url != null" +- uri_parts: + if: ctx.url?.original != null && ctx.url.original.contains("://") + field: url.original + target_field: url +- set: + if: ctx.url?.original != null && ctx.url.original.contains("://") + field: url.full + copy_from: url.original + ignore_empty_value: true -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true - if: "ctx.sophos?.xg?.protocol != null" -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" ############# ## Cleanup ## ############# -- lowercase: - field: network.protocol - ignore_failure: true -- lowercase: - field: network.transport - ignore_failure: true - lowercase: field: event.action ignore_failure: true diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml index 06dd579e10f..d8030558aa1 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for parsing sophos firewall logs (cfilter pipeline) +description: Pipeline for parsing sophos firewall logs (Content Filtering pipeline) processors: ####################### ## ECS Event Mapping ## @@ -42,15 +42,10 @@ processors: - denied - connection if: "ctx.sophos?.xg?.log_subtype == 'Denied'" -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.event?.code == null" -#################################### -## ECS Server/Destination Mapping ## -#################################### +########################## +## ECS Destination Mapping +########################## - rename: field: sophos.xg.dst_ip target_field: destination.ip @@ -64,9 +59,9 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.dst_port != null" -############################### -## ECS Client/Source Mapping ## -############################### +##################### +## ECS Source Mapping +##################### - rename: field: sophos.xg.src_ip target_field: source.ip @@ -140,113 +135,22 @@ processors: target_field: user_agent ignore_missing: true -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true - if: "ctx.sophos?.xg?.protocol != null" -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" +- set: + field: network.protocol + copy_from: url.scheme + override: false + ignore_empty_value: true ############# ## Cleanup ## ############# -- lowercase: - field: network.protocol - ignore_failure: true -- lowercase: - field: network.transport - ignore_failure: true - lowercase: field: event.action ignore_failure: true diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml index 484ec067050..884a7144a66 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml @@ -1,29 +1,25 @@ --- -description: Pipeline for parsing sophosxg firewall logs +description: Pipeline for parsing Sophos XG firewall logs. processors: - set: field: ecs.version value: '8.0.0' -- grok: - field: message - patterns: - - '%{SYSLOG5424PRI}(%{SYSLOGTIMESTAMP} %{NOTSPACE} )?%{GREEDYDATA:event.original}$' - - '%{SYSLOG5424PRI}%{GREEDYDATA:event.original}$' - - '%{SYSLOGTIMESTAMP} %{HOSTNAME:observer.hostname} %{GREEDYDATA:event.original}$' -# optimize fields / strings in event.original for KV processor -- gsub: +- set: field: event.original - pattern: "clients_conn_SSID" - replacement: 'clients_conn_ssid' -- gsub: + copy_from: message + override: false +- grok: field: event.original - pattern: "SysLog_SERVER_NAME" - replacement: 'syslog_server_name' + patterns: + - '^%{SYSLOG5424PRI}(%{SYSLOGTIMESTAMP} %{NOTSPACE} )?%{GREEDYDATA:message}$' + - '^%{SYSLOG5424PRI}%{GREEDYDATA:message}$' + - '^%{SYSLOGTIMESTAMP} %{HOSTNAME:observer.hostname} %{GREEDYDATA:message}$' + - '%{GREEDYDATA:message}$' # split Sophos-XG fields - kv: - field: event.original + field: message field_split: " (?=[a-zA-Z0-9_]+=)" value_split: "=" prefix: "sophos.xg." @@ -31,18 +27,29 @@ processors: ignore_failure: false trim_value: "\"" +- script: + description: Lowercase sophos.xg key name names. + tag: lowercase-sophos-keys + if: ctx.sophos?.xg != null + source: | + def lowercaseMap = [:]; + for(def entry : ctx.sophos.xg.entrySet()){ + lowercaseMap.put(entry.getKey().toLowerCase(), entry.getValue()); + } + ctx.sophos.xg = lowercaseMap; + # Parse the date - set: field: _temp_.time value: "{{sophos.xg.date}} {{sophos.xg.time}}" - if: ctx?.sophos?.xg?.date != null && ctx?.sophos?.xg?.time != null + if: ctx.sophos?.xg?.date != null && ctx.sophos?.xg?.time != null - set: field: _temp_.time copy_from: sophos.xg.timestamp ignore_empty_value: true if: ctx._temp_?.time == null - date: - if: "ctx.event.timezone == null" + if: ctx._temp_?.time != null && ctx.event?.timezone == null field: _temp_.time target_field: "@timestamp" formats: @@ -51,7 +58,7 @@ processors: - yyyy-MM-dd HH:mm:ss z - ISO8601 - date: - if: "ctx.event.timezone != null" + if: ctx._temp_?.time != null && ctx.event?.timezone != null timezone: "{{ event.timezone }}" field: _temp_.time target_field: "@timestamp" @@ -64,7 +71,7 @@ processors: # Sets starts, end and duration when start and duration is known - script: lang: painless - if: ctx?.sophos?.xg?.duration != null + if: ctx.sophos?.xg?.duration != null source: >- ctx.event.duration = Integer.parseInt(ctx.sophos.xg.duration) * 1000000000L; ctx.event.start = ctx['@timestamp']; @@ -73,6 +80,8 @@ processors: # Removes all empty fields - script: + description: Remove empty fields. + tag: remove-empty-fields lang: painless params: values: @@ -80,64 +89,73 @@ processors: - "-" - "N/A" source: >- - ctx?.sophos?.xg.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); + ctx.sophos?.xg.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); ####################### ## ECS Event Mapping ## ####################### -- set: - field: event.severity - value: "{{sophos.xg.log_id}}" -# extract from event_severity from log_id, example: 010101600001" +# log_id consists of (example: 010101600001): +# log type: 2 digits +# log component: 2 digits +# log subtype: 2 digits +# severity: 1 digit +# message ID: 5 digits - gsub: + description: Set event.severity from log_id. + field: sophos.xg.log_id + target_field: event.severity + pattern: '^.{6}(.).*$' + replacement: '$1' + ignore_failure: true +- convert: field: event.severity - pattern: "(^.{1,6})" - replacement: "" + type: long + ignore_missing: true - gsub: - field: event.severity - pattern: "(.{1,5}$)" - replacement: "" + description: Set event.code from log_id. + field: sophos.xg.log_id + target_field: event.code + pattern: '^.{7}(.{5})$' + replacement: '$1' + ignore_failure: true ##################### ## ECS Log Mapping ## ##################### - set: - field: "log.level" - if: "ctx.event.severity == '0' " + if: ctx.event?.severity == 0 + field: log.level value: unknown - set: - field: "log.level" - if: "ctx.event.severity == '1' " + if: ctx.event?.severity == 1 + field: log.level value: alert - set: - field: "log.level" - if: "ctx.event.severity == '2' " + if: ctx.event?.severity == 2 + field: log.level value: critical - set: - field: "log.level" - if: "ctx.event.severity == '3' " + if: ctx.event?.severity == 3 + field: log.level value: error - set: - field: "log.level" - if: "ctx.event.severity == '4' " + if: ctx.event?.severity == 4 + field: log.level value: warning - set: - field: "log.level" - if: "ctx.event.severity == '5' " + if: ctx.event?.severity == 5 + field: log.level value: notification - set: - field: "log.level" - if: "ctx.event.severity == '6' " + if: ctx.event?.severity == 6 + field: log.level value: informational - set: - field: "log.level" - if: "ctx.event.severity == '7' " + if: ctx.event?.severity == 7 + field: log.level value: debug -- convert: - field: event.severity - type: long - ignore_missing: true + - set: field: log.level copy_from: sophos.xg.severity @@ -196,28 +214,12 @@ processors: target_field: sophos.xg.dst_zone_type ignore_missing: true -# extract from log_id the new field "sophos.xg.message_id" -- set: - field: sophos.xg.message_id - value: "{{sophos.xg.log_id}}" - ignore_empty_value: true - ignore_failure: true -- gsub: - field: sophos.xg.message_id - pattern: "(^.{1,7})" - replacement: "" - ignore_failure: true -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - ################### ## Set host.name ## ################### - script: lang: painless - if: ctx?.observer?.serial_number != null + if: ctx.observer?.serial_number != null source: >- def conf = ctx['_conf']; if (conf == null) return; @@ -231,15 +233,10 @@ processors: break; } } - if (ctx?.host == null) { + if (ctx.host == null) { ctx.host = new HashMap(); } ctx.host.name = name; -- append: - field: related.hosts - value: '{{host.name}}' - allow_duplicates: false - if: 'ctx.host?.name != null' ############# ## Cleanup ## @@ -262,12 +259,6 @@ processors: - syslog5424_pri ignore_missing: true -- convert: - field: sophos.xg.responsetime - type: long - ignore_missing: true - ignore_failure: true - - convert: field: sophos.xg.sent_bytes target_field: source.bytes @@ -297,24 +288,57 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.bytes_received != null" +############################# +## ECS Source/Destination MAC +############################# +- rename: + field: sophos.xg.src_mac + target_field: source.mac + ignore_failure: true +- uppercase: + field: source.mac + ignore_missing: true +- gsub: + field: source.mac + pattern: '[-:. ]' + replacement: '' + ignore_missing: true +- gsub: + field: source.mac + pattern: '(..)(?!$)' + replacement: '$1-' + ignore_missing: true + +- rename: + field: sophos.xg.dst_mac + target_field: destination.mac + ignore_failure: true +- uppercase: + field: destination.mac + ignore_missing: true +- gsub: + field: destination.mac + pattern: '[-:.]' + replacement: '' + ignore_missing: true +- gsub: + field: destination.mac + pattern: '(..)(?!$)' + replacement: '$1-' + ignore_missing: true + ############################### ## Product Specific Pipelines ## ############################### - pipeline: - name: '{{ IngestPipeline "firewall" }}' - if: "ctx.sophos?.xg?.log_type == 'Firewall'" -- pipeline: - name: '{{ IngestPipeline "idp" }}' - if: "ctx.sophos?.xg?.log_type == 'IDP'" -- pipeline: - name: '{{ IngestPipeline "atp" }}' - if: "ctx.sophos?.xg?.log_type == 'ATP'" + name: '{{ IngestPipeline "antispam" }}' + if: "ctx.sophos?.xg?.log_type == 'Anti-Spam'" - pipeline: name: '{{ IngestPipeline "antivirus" }}' if: "ctx.sophos?.xg?.log_type == 'Anti-Virus'" - pipeline: - name: '{{ IngestPipeline "sandstorm" }}' - if: "ctx.sophos?.xg?.log_type == 'Sandbox'" + name: '{{ IngestPipeline "atp" }}' + if: "ctx.sophos?.xg?.log_type == 'ATP'" - pipeline: name: '{{ IngestPipeline "cfilter" }}' if: "ctx.sophos?.xg?.log_type == 'Content Filtering'" @@ -322,47 +346,223 @@ processors: name: '{{ IngestPipeline "event" }}' if: "ctx.sophos?.xg?.log_type == 'Event'" - pipeline: - name: '{{ IngestPipeline "waf" }}' - if: "ctx.sophos?.xg?.log_type == 'WAF'" + name: '{{ IngestPipeline "firewall" }}' + if: "ctx.sophos?.xg?.log_type == 'Firewall'" - pipeline: - name: '{{ IngestPipeline "antispam" }}' - if: "ctx.sophos?.xg?.log_type == 'Anti-Spam'" + name: '{{ IngestPipeline "idp" }}' + if: "ctx.sophos?.xg?.log_type == 'IDP'" +- pipeline: + name: '{{ IngestPipeline "sandstorm" }}' + if: "ctx.sophos?.xg?.log_type == 'Sandbox'" - pipeline: name: '{{ IngestPipeline "systemhealth" }}' if: "ctx.sophos?.xg?.log_type == 'System Health'" +- pipeline: + name: '{{ IngestPipeline "waf" }}' + if: "ctx.sophos?.xg?.log_type == 'WAF'" - pipeline: name: '{{ IngestPipeline "wifi" }}' if: "ctx.sophos?.xg?.log_type == 'Wireless Protection'" +################## +# GeoIP Enrichment +################## +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + field: source.nat.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.nat.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.nat.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.source?.as == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.nat.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.destination?.as == null" +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +############## +## ECS Network +############## +- lowercase: + field: network.protocol + ignore_failure: true - set: - field: server - copy_from: destination - ignore_empty_value: true -- set: - field: client - copy_from: source - ignore_empty_value: true + description: Rename pops network.protocol to pop3s. + if: ctx.network?.protocol == "pops" + field: network.protocol + value: pop3s +- lowercase: + field: network.transport + ignore_failure: true +- script: + lang: painless + source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" + if: "ctx.source?.bytes != null && ctx.destination?.bytes != null" + ignore_failure: true +- script: + lang: painless + source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" + if: "ctx.source?.packets != null && ctx.destination?.packets != null" + ignore_failure: true +- community_id: + ignore_failure: true + +#################### +## ECS Related Hosts +#################### +- append: + if: ctx.host?.name != null + field: related.hosts + value: '{{{host.name}}}' + allow_duplicates: false +- append: + if: ctx.url?.domain != null + field: related.hosts + value: '{{{url.domain}}}' + allow_duplicates: false +- append: + if: ctx.source?.domain != null + field: related.hosts + value: '{{{source.domain}}}' + allow_duplicates: false +- append: + if: ctx.destination?.domain != null + field: related.hosts + value: '{{{destination.domain}}}' + allow_duplicates: false + +################# +## ECS Related IP +################# +- append: + if: ctx.source?.ip != null + field: related.ip + value: '{{{source.ip}}}' + allow_duplicates: false +- append: + if: ctx.destination?.ip != null + field: related.ip + value: '{{{destination.ip}}}' + allow_duplicates: false +- append: + if: ctx.source?.nat?.ip != null + field: related.ip + value: '{{{source.nat.ip}}}' + allow_duplicates: false +- append: + if: ctx.destination?.nat?.ip != null + field: related.ip + value: '{{{destination.nat.ip}}}' + allow_duplicates: false + +################### +## ECS Related User +################### +- append: + if: ctx.source?.user?.name != null + field: related.user + value: "{{{source.user.name}}}" + allow_duplicates: false + +################### +## ECS Related Hash +################### +- append: + if: ctx.file?.hash?.sha1 != null + field: related.hash + value: "{{{file.hash.sha1}}}" + allow_duplicates: false +- append: + if: ctx.file?.hash?.sha256 != null + field: related.hash + value: "{{{file.hash.sha256}}}" + allow_duplicates: false + ############# ## Cleanup ## ############# +- rename: + field: sophos.xg.reason + target_field: event.reason + ignore_failure: true + - remove: field: - - sophos.xg.recv_bytes - - sophos.xg.sent_bytes - - sophos.xg.bytes_sent - - sophos.xg.bytes_received - - sophos.xg.severity - - sophos.xg.dst_country - - sophos.xg.src_country - - sophos.xg.out_display_interface - - sophos.xg.in_display_interface + - sophos.xg.bytes_received + - sophos.xg.bytes_sent + - sophos.xg.dst_country + - sophos.xg.in_display_interface + - sophos.xg.out_display_interface + - sophos.xg.recv_bytes + - sophos.xg.sent_bytes + - sophos.xg.severity + - sophos.xg.src_country ignore_missing: true - remove: field: event.original - if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))" + if: "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))" ignore_failure: true ignore_missing: true on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' + value: |- + Processor "{{ _ingest.on_failure_processor_type }}" with tag "{{ _ingest.on_failure_processor_tag }}" failed with message "{{ _ingest.on_failure_message }}" diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/event.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/event.yml index 8f479f84a00..7442b607b28 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/event.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/event.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for parsing sophos firewall logs (event pipeline) +description: Pipeline for parsing Sophos XG firewall logs (authentication events pipeline). processors: ####################### ## ECS Event Mapping ## @@ -10,31 +10,31 @@ processors: - set: field: event.outcome value: success - if: 'ctx?.sophos?.xg?.log_subtype == "Authentication" && ctx?.sophos?.xg?.status == "Successful"' + if: 'ctx.sophos?.xg?.log_subtype == "Authentication" && ctx.sophos?.xg?.status == "Successful"' - set: field: event.outcome value: failure - if: 'ctx?.sophos?.xg?.log_subtype == "Authentication" && ctx?.sophos?.xg?.status == "Failed"' + if: 'ctx.sophos?.xg?.log_subtype == "Authentication" && ctx.sophos?.xg?.status == "Failed"' - set: field: event.outcome value: success - if: 'ctx?.sophos?.xg?.log_subtype == "Admin" && ctx?.sophos?.xg?.status == "Successful" && ctx?.sophos?.xg?.message_id == "17507"' + if: 'ctx.sophos?.xg?.log_subtype == "Admin" && ctx.sophos?.xg?.status == "Successful" && ctx.event?.code == "17507"' - set: field: event.outcome value: failure - if: 'ctx?.sophos?.xg?.log_subtype == "Admin" && ctx?.sophos?.xg?.status == "Failed" && ctx?.sophos?.xg?.message_id == "17507"' + if: 'ctx.sophos?.xg?.log_subtype == "Admin" && ctx.sophos?.xg?.status == "Failed" && ctx.event?.code == "17507"' - append: field: event.type value: - user - start - if: "['17701', '17704', '17707', '17710', '17713'].contains(ctx.sophos?.xg?.message_id)" + if: "['17701', '17704', '17707', '17710', '17713'].contains(ctx.event?.code)" - append: field: event.type value: - user - end - if: "['17703', '17706', '17709', '17712', '17715'].contains(ctx.sophos?.xg?.message_id)" + if: "['17703', '17706', '17709', '17712', '17715'].contains(ctx.event?.code)" - append: field: event.type value: connection @@ -46,22 +46,17 @@ processors: - append: field: event.category value: authentication - if: 'ctx?.sophos?.xg?.log_subtype == "Authentication"' + if: 'ctx.sophos?.xg?.log_subtype == "Authentication"' - append: field: event.type value: info - if: 'ctx?.sophos?.xg?.message_id == "17819"' + if: 'ctx.event?.code == "17819"' - append: field: event.category value: - host - malware - if: 'ctx?.sophos?.xg?.message_id == "17819"' -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.event?.code == null" + if: 'ctx.event?.code == "17819"' #################################### ## ECS Server/Destination Mapping ## @@ -90,11 +85,6 @@ processors: target_field: source.ip ignore_missing: true if: "ctx.sophos?.xg?.remoteinterfaceip != null" -- rename: - field: sophos.xg.src_mac - target_field: source.mac - ignore_missing: true - if: "ctx.sophos?.xg?.src_mac != null" - rename: field: sophos.xg.user_name target_field: source.user.name @@ -123,96 +113,6 @@ processors: target_field: message ignore_missing: true -############################# -## ECS Network/Geo Mapping ## -############################# -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - if: 'ctx?.destination?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" - ############# ## Cleanup ## ############# diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/firewall.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/firewall.yml index 6f5a6d0b7cd..7e48fade03a 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/firewall.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/firewall.yml @@ -18,11 +18,11 @@ processors: - set: field: event.kind value: alert - if: '["03001", "05001", "05151", "00003", "00004"].contains(ctx.sophos?.xg?.message_id)' + if: '["03001", "05001", "05151", "00003", "00004"].contains(ctx.event?.code)' - append: field: event.category value: intrusion_detection - if: '["03001", "05001", "05151", "00003", "00004"].contains(ctx.sophos?.xg?.message_id)' + if: '["03001", "05001", "05151", "00003", "00004"].contains(ctx.event?.code)' - append: field: event.category value: network @@ -46,11 +46,6 @@ processors: - denied - connection if: "ctx.sophos?.xg?.status == 'Deny'" -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.event?.code == null" #################################### ## ECS Server/Destination Mapping ## @@ -84,11 +79,6 @@ processors: ignore_failure: true ignore_missing: true if: "ctx.sophos?.xg?.tran_dst_port != null" -- rename: - field: sophos.xg.dst_mac - target_field: destination.mac - ignore_missing: true - if: "ctx.sophos?.xg?.dst_mac != null" - convert: field: sophos.xg.recv_pkts target_field: destination.packets @@ -166,10 +156,6 @@ processors: ignore_failure: true ignore_missing: true if: "ctx.sophos?.xg?.packets_sent != null" -- set: - field: client.packets - copy_from: source.packets - ignore_empty_value: true - rename: field: sophos.xg.user_name target_field: source.user.name @@ -195,154 +181,37 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.policy_type != null" -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.application target_field: network.protocol ignore_missing: true - if: "ctx.sophos?.xg?.application != null" - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true - if: "ctx.sophos?.xg?.protocol != null" -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- script: - lang: painless - source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" - if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" - ignore_failure: true - set: field: network.direction value: inbound - if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx?.observer?.egress?.zone) && ctx?.observer?.ingress?.zone == 'WAN'" + if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx.observer?.egress?.zone) && ctx.observer?.ingress?.zone == 'WAN'" - set: field: network.direction value: outbound - if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx?.observer?.ingress?.zone) && ctx?.observer?.egress?.zone == 'WAN'" + if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx.observer?.ingress?.zone) && ctx.observer?.egress?.zone == 'WAN'" - set: field: network.direction value: internal - if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx?.observer?.ingress?.zone) && ['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx?.observer?.egress?.zone)" + if: "['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx.observer?.ingress?.zone) && ['LAN', 'DMZ', 'VPN', 'WiFi'].contains(ctx.observer?.egress?.zone)" - set: field: network.direction value: external - if: "ctx?.observer?.ingress?.zone == 'WAN' && ctx?.observer?.egress?.zone == 'WAN'" - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.ip != null' -- append: - field: related.ip - value: '{{source.nat.ip}}' - allow_duplicates: false - if: 'ctx?.source?.nat?.ip != null' -- append: - field: related.ip - value: '{{destination.nat.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.nat?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" + if: "ctx.observer?.ingress?.zone == 'WAN' && ctx.observer?.egress?.zone == 'WAN'" ############# ## Cleanup ## ############# -- lowercase: - field: network.protocol - ignore_failure: true -- lowercase: - field: network.transport - ignore_failure: true - lowercase: field: event.action ignore_failure: true diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/idp.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/idp.yml index dcdc0be4fa9..c38552b4c63 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/idp.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/idp.yml @@ -20,18 +20,13 @@ processors: value: - intrusion_detection - network - if: '["06001", "06002", "07001", "07002"].contains(ctx.sophos?.xg?.message_id)' + if: '["06001", "06002", "07001", "07002"].contains(ctx.event?.code)' - append: field: event.type value: - denied - connection - if: '["06001", "06002", "07001", "07002"].contains(ctx.sophos?.xg?.message_id)' -- rename: - field: sophos.xg.log_id - target_field: event.code - ignore_missing: true - if: "ctx.sophos?.xg?.log_id != null" + if: '["06001", "06002", "07001", "07002"].contains(ctx.event?.code)' #################################### ## ECS Server/Destination Mapping ## @@ -89,103 +84,13 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.classification != null" -############################# -## ECS Network/Geo Mapping ## -############################# +###################### +## ECS Network Mapping +###################### - rename: field: sophos.xg.protocol target_field: network.transport ignore_missing: true - if: "ctx.sophos?.xg?.protocol != null" -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true - -######################### -## ECS Related Mapping ## -######################### -- append: - if: 'ctx?.source?.ip != null' - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false -- append: - if: 'ctx?.destination?.ip != null' - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" ############# ## Cleanup ## diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/sandstorm.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/sandstorm.yml index 392b4c768d9..df874a52541 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/sandstorm.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/sandstorm.yml @@ -51,15 +51,16 @@ processors: - denied - connection if: "ctx.sophos?.xg?.log_subtype == 'Denied'" + - rename: - field: sophos.xg.log_id - target_field: event.code + if: ctx.sophos?.xg?.log_component == "Web" + field: sophos.xg.source + target_field: url.domain ignore_missing: true - if: "ctx.event?.code == null" -############################### -## ECS Client/Source Mapping ## -############################### +######################## +## ECS Source Mapping ## +######################## - rename: field: sophos.xg.src_ip target_field: source.ip @@ -71,6 +72,20 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.user_name != null" +############################# +## ECS Destination Mapping ## +############################# +- convert: + field: url.domain + target_field: destination.ip + type: ip + ignore_missing: true + on_failure: + - set: + field: destination.domain + copy_from: url.domain + ignore_empty_value: true + ###################### ## ECS File Mapping ## ###################### @@ -78,7 +93,7 @@ processors: field: sophos.xg.filename target_field: file.name ignore_missing: true - if: "ctx.sopho?.xg?.filename != null" + if: ctx.sophos?.xg?.filename != null - convert: field: sophos.xg.filesize target_field: file.size @@ -91,37 +106,27 @@ processors: target_field: file.mime_type ignore_missing: true if: "ctx.sophos?.xg?.filetype != null" + +# In 18.0 and later the sha1sum contains the sha256 checksum of the file. - rename: field: sophos.xg.sha1sum target_field: file.hash.sha1 ignore_missing: true - if: "ctx.sophos?.xg?.sha1sum != null" - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: "{{source.ip}}" - allow_duplicates: false - if: "ctx.source?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" -- append: - field: related.hash - value: "{{file.hash.sha1}}" - allow_duplicates: false - if: "ctx.file?.hash?.sha1 != null" -- remove: - field: - - sophos.xg.filesize + if: "ctx.sophos?.xg?.sha1sum != null && ctx.sophos.xg.sha1sum.length() == 40" +- rename: + field: sophos.xg.sha1sum + target_field: file.hash.sha256 ignore_missing: true + if: "ctx.sophos?.xg?.sha1sum != null && ctx.sophos.xg.sha1sum.length() == 64" + ############# ## Cleanup ## ############# +- remove: + field: + - sophos.xg.filesize + - sophos.xg.sha1sum + ignore_missing: true on_failure: - set: field: error.message diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/systemhealth.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/systemhealth.yml index 213cc55403a..7a55e8b6a29 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/systemhealth.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/systemhealth.yml @@ -80,59 +80,59 @@ processors: - remove: field: sophos.xg.free - gsub: - field: sophos.xg.Configuration + field: sophos.xg.configuration pattern: "%$" replacement: "" ignore_missing: true ignore_failure: true - convert: - field: sophos.xg.Configuration + field: sophos.xg.configuration type: float ignore_missing: true on_failure: - remove: field: - - sophos.xg.Configuration + - sophos.xg.configuration - gsub: - field: sophos.xg.Reports + field: sophos.xg.reports pattern: "%$" replacement: "" ignore_missing: true ignore_failure: true - convert: - field: sophos.xg.Reports + field: sophos.xg.reports type: float ignore_missing: true on_failure: - remove: - field: sophos.xg.Reports + field: sophos.xg.reports - gsub: - field: sophos.xg.Temp + field: sophos.xg.temp pattern: "%$" replacement: "" ignore_missing: true ignore_failure: true - convert: - field: sophos.xg.Temp + field: sophos.xg.temp type: float ignore_missing: true on_failure: - remove: - field: sophos.xg.Temp + field: sophos.xg.temp - gsub: - field: sophos.xg.Signature + field: sophos.xg.signature pattern: "%$" replacement: "" ignore_missing: true ignore_failure: true - convert: - field: sophos.xg.Signature + field: sophos.xg.signature type: float ignore_missing: true on_failure: - remove: - field: sophos.xg.Signature + field: sophos.xg.signature - convert: field: sophos.xg.users type: integer @@ -154,6 +154,27 @@ processors: on_failure: - remove: field: sophos.xg.receivedkbits +- convert: + field: sophos.xg.collisions + type: float + ignore_missing: true + on_failure: + - remove: + field: sophos.xg.collisions +- convert: + field: sophos.xg.receiveddrops + type: float + ignore_missing: true + on_failure: + - remove: + field: sophos.xg.receiveddrops +- convert: + field: sophos.xg.transmitteddrops + type: float + ignore_missing: true + on_failure: + - remove: + field: sophos.xg.transmitteddrops on_failure: - set: diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/waf.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/waf.yml index c1a904f35ce..a59c4334cdc 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/waf.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/waf.yml @@ -48,6 +48,21 @@ processors: - connection if: 'ctx.sophos?.xg?.reason != "-"' +- convert: + field: sophos.xg.responsetime + type: long + ignore_missing: true + on_failure: + - remove: + field: sophos.xg.responsetime +- script: + description: Convert microseconds to nanoseconds. + lang: painless + source: | + if (ctx.sophos?.xg?.responsetime != null && ctx.sophos.xg.responsetime > 0) { + ctx.event.duration = ctx.sophos.xg.responsetime * 1000; + } + #################################### ## ECS Server/Destination Mapping ## #################################### @@ -135,109 +150,6 @@ processors: ignore_missing: true if: "ctx.sophos?.xg?.useragent != null" -############################# -## ECS Network/Geo Mapping ## -############################# -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- script: - lang: painless - source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" - if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" - ignore_failure: true - -######################### -## ECS Related Mapping ## -######################### -- append: - field: related.ip - value: '{{source.ip}}' - allow_duplicates: false - if: 'ctx?.source?.ip != null' -- append: - field: related.ip - value: '{{destination.ip}}' - allow_duplicates: false - if: 'ctx?.destination?.ip != null' -- append: - field: related.user - value: "{{source.user.name}}" - allow_duplicates: false - if: "ctx.source?.user?.name != null" - ############# ## Cleanup ## ############# @@ -254,6 +166,7 @@ processors: - sophos.xg.bytesrcv - sophos.xg.bytessent - sophos.xg.httpstatus + - sophos.xg.responsetime ignore_missing: true on_failure: - set: diff --git a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/wifi.yml b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/wifi.yml index ccc3a156449..9dbbeb06c09 100644 --- a/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/wifi.yml +++ b/packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/wifi.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for parsing sophos firewall logs (wifi pipeline) +description: Pipeline for parsing Sophos XG firewall logs (wireless protection pipeline). processors: ####################### ## ECS Event Mapping ## @@ -10,7 +10,13 @@ processors: - set: field: event.outcome value: success - if: 'ctx?.sophos?.xg?.log_type == "Wireless Protection"' +- convert: + field: sophos.xg.clients_conn_ssid + type: long + ignore_missing: true + on_failure: + - remove: + field: sophos.xg.clients_conn_ssid ############# ## Cleanup ## diff --git a/packages/sophos/data_stream/xg/fields/agent.yml b/packages/sophos/data_stream/xg/fields/agent.yml index e313ec82874..98998ae5498 100644 --- a/packages/sophos/data_stream/xg/fields/agent.yml +++ b/packages/sophos/data_stream/xg/fields/agent.yml @@ -202,3 +202,6 @@ - name: log.offset type: long description: Log offset +- name: log.source.address + type: keyword + ignore_above: 1024 diff --git a/packages/sophos/data_stream/xg/fields/ecs.yml b/packages/sophos/data_stream/xg/fields/ecs.yml index f950a9f86bd..f9c51c79c9e 100644 --- a/packages/sophos/data_stream/xg/fields/ecs.yml +++ b/packages/sophos/data_stream/xg/fields/ecs.yml @@ -1,52 +1,11 @@ -- external: ecs - name: client.as.number -- external: ecs - name: client.as.organization.name -- external: ecs - name: client.bytes -- external: ecs - name: client.domain -- external: ecs - name: client.geo.city_name -- external: ecs - name: client.geo.continent_name -- external: ecs - name: client.geo.country_iso_code -- external: ecs - name: client.geo.country_name -- description: Longitude and latitude. - name: client.geo.location - type: geo_point -- external: ecs - name: client.geo.name -- external: ecs - name: client.geo.region_iso_code -- external: ecs - name: client.geo.region_name -- external: ecs - name: client.ip -- external: ecs - name: client.mac -- external: ecs - name: client.nat.ip -- external: ecs - name: client.nat.port -- external: ecs - name: client.packets -- external: ecs - name: client.port -- external: ecs - name: client.user.email -- external: ecs - name: client.user.group.name -- external: ecs - name: client.user.name - external: ecs name: destination.as.number - external: ecs name: destination.as.organization.name - external: ecs name: destination.bytes +- external: ecs + name: destination.domain - external: ecs name: destination.geo.city_name - external: ecs @@ -106,6 +65,8 @@ name: event.outcome - external: ecs name: event.provider +- external: ecs + name: event.reason - external: ecs name: event.sequence - external: ecs @@ -152,6 +113,8 @@ name: message - external: ecs name: network.bytes +- external: ecs + name: network.community_id - external: ecs name: network.direction - external: ecs @@ -164,6 +127,8 @@ name: observer.egress.interface.name - external: ecs name: observer.egress.zone +- external: ecs + name: observer.hostname - external: ecs name: observer.ingress.interface.name - external: ecs @@ -176,8 +141,6 @@ name: observer.type - external: ecs name: observer.vendor -- external: ecs - name: observer.hostname - external: ecs name: related.hash - external: ecs @@ -194,43 +157,6 @@ name: rule.name - external: ecs name: rule.ruleset -- external: ecs - name: server.as.number -- external: ecs - name: server.as.organization.name -- external: ecs - name: server.bytes -- external: ecs - name: server.geo.city_name -- external: ecs - name: server.geo.continent_name -- external: ecs - name: server.geo.country_iso_code -- external: ecs - name: server.geo.country_name -- description: Longitude and latitude. - name: server.geo.location - type: geo_point -- external: ecs - name: server.geo.name -- external: ecs - name: server.geo.region_iso_code -- external: ecs - name: server.geo.region_name -- external: ecs - name: server.ip -- external: ecs - name: server.mac -- external: ecs - name: server.nat.ip -- external: ecs - name: server.nat.port -- external: ecs - name: server.packets -- external: ecs - name: server.port -- external: ecs - name: server.user.email - external: ecs name: source.as.number - external: ecs diff --git a/packages/sophos/data_stream/xg/fields/fields.yml b/packages/sophos/data_stream/xg/fields/fields.yml index 72f84fd9dbb..6dd56deeab8 100644 --- a/packages/sophos/data_stream/xg/fields/fields.yml +++ b/packages/sophos/data_stream/xg/fields/fields.yml @@ -4,102 +4,62 @@ - name: xg type: group fields: - - name: device - type: keyword - description: | - device - - name: date - type: date - description: | - Date (yyyy-mm-dd) when the event occurred - - name: timezone - type: keyword - description: | - Time (hh:mm:ss) when the event occurred - - name: device_name + - name: action type: keyword description: | - Model number of the device - - name: device_model + Event Action + - name: activityname type: keyword description: | - Model number of the device - - name: device_id + Web policy activity that matched and caused the policy result. + - name: ap type: keyword description: | - Serial number of the device - - name: log_id + Access Point Serial ID or LocalWifi0 or LocalWifi1. + - name: app_category type: keyword description: | - Unique 12 characters code (0101011) - - name: log_type + Name of the category under which application falls + - name: app_filter_policy_id type: keyword description: | - Type of event e.g. firewall event - - name: log_component + Application filter policy ID applied on the traffic + - name: app_is_cloud type: keyword description: | - Component responsible for logging e.g. Firewall rule - - name: log_subtype + Application is Cloud + - name: app_name type: keyword description: | - Sub type of event - - name: hb_health + Application name + - name: app_resolved_by type: keyword description: | - Heartbeat status - - name: priority + Application is resolved by signature or synchronized application + - name: app_risk type: keyword description: | - Severity level of traffic - - name: status + Risk level assigned to the application + - name: app_technology type: keyword description: | - Ultimate status of traffic – Allowed or Denied - - name: duration - type: long - description: | - Durability of traffic (seconds) - - name: fw_rule_id + Technology of the application + - name: appfilter_policy_id type: integer description: | - Firewall Rule ID which is applied on the traffic - - name: user_name - type: keyword - description: | - user_name - - name: syslog_server_name - type: keyword - description: | - Syslog server name - - name: user_group - type: keyword - description: | - Group name to which the user belongs - - name: iap + Application Filter policy applied on the traffic + - name: application type: keyword description: | - Internet Access policy ID applied on the traffic - - name: ips_policy_id - type: integer - description: | - IPS policy ID applied on the traffic - - name: policy_type + Application name + - name: application_category type: keyword description: | - Policy type applied to the traffic - - name: appfilter_policy_id - type: integer - description: | - Application Filter policy applied on the traffic + Application is resolved by signature or synchronized application - name: application_filter_policy type: integer description: | Application Filter policy applied on the traffic - - name: application - type: keyword - description: | - Application name - name: application_name type: keyword description: | @@ -112,734 +72,759 @@ type: keyword description: | Technology of the application - - name: application_category - type: keyword - description: | - Application is resolved by signature or synchronized application - name: appresolvedby type: keyword description: | Technology of the application - - name: app_is_cloud + - name: auth_client type: keyword description: | - Application is Cloud - - name: in_interface + Auth Client + - name: auth_mechanism type: keyword description: | - Interface for incoming traffic, e.g., Port A - - name: out_interface + Auth mechanism + - name: av_policy_name type: keyword description: | - Interface for outgoing traffic, e.g., Port B - - name: src_ip - type: ip - description: | - Original source IP address of traffic - - name: src_mac + Malware scanning policy name which is applied on the traffic + - name: backup_mode type: keyword description: | - Original source MAC address of traffic - - name: src_country_code + Backup mode + - name: branch_name type: keyword description: | - Code of the country to which the source IP belongs - - name: dst_ip - type: ip - description: | - Original destination IP address of traffic - - name: dst_country_code + Branch Name + - name: category type: keyword description: | - Code of the country to which the destination IP belongs - - name: protocol + IPS signature category. + - name: category_type type: keyword description: | - Protocol number of traffic - - name: src_port - type: integer - description: | - Original source port of TCP and UDP traffic - - name: dst_port - type: integer - description: | - Original destination port of TCP and UDP traffic - - name: icmp_type + Type of category under which website falls + - name: classification type: keyword description: | - ICMP type of ICMP traffic - - name: icmp_code + Signature classification + - name: client_host_name type: keyword description: | - ICMP code of ICMP traffic - - name: sent_pkts - type: long - description: | - Total number of packets sent - - name: received_pkts - type: long + Client host name + - name: client_physical_address + type: keyword description: | - Total number of packets received - - name: sent_bytes + Client physical address + - name: clients_conn_ssid type: long description: | - Total number of bytes sent - - name: recv_bytes + Number of client connected to the SSID. + - name: collisions type: long description: | - Total number of bytes received - - name: trans_src_ ip - type: ip - description: | - Translated source IP address for outgoing traffic - - name: trans_src_port - type: integer - description: | - Translated source port for outgoing traffic - - name: trans_dst_ip - type: ip - description: | - Translated destination IP address for outgoing traffic - - name: trans_dst_port - type: integer - description: | - Translated destination port for outgoing traffic - - name: dir_disp - type: keyword - description: | - TPacket direction. Possible values:“org”, “reply”, “” - - name: connevent + collisions + - name: con_event type: keyword description: | - Event on which this log is generated - - name: conn_id + Event Start/Stop + - name: con_id type: integer description: | Unique identifier of connection - - name: vconn_id - type: integer + - name: configuration + type: float description: | - Connection ID of the master connection - - name: idp_policy_id + Configuration + - name: conn_id type: integer description: | - IPS policy ID which is applied on the traffic - - name: idp_policy_name - type: keyword - description: | - IPS policy name i.e. IPS policy name which is applied on the traffic - - name: signature_id + Unique identifier of connection + - name: connectionname type: keyword description: | - Signature ID - - name: signature_msg + Connectionname + - name: connectiontype type: keyword description: | - Signature messsage - - name: classification + Connectiontype + - name: connevent type: keyword description: | - Signature classification - - name: rule_priority + Event on which this log is generated + - name: connid type: keyword description: | - Priority of IPS policy - - name: platform + Connection ID + - name: content_type type: keyword description: | - Platform of the traffic. - - name: category + Type of the content + - name: contenttype type: keyword description: | - IPS signature category. - - name: target + Type of the content + - name: context_match type: keyword description: | - Platform of the traffic. - - name: eventid + Context Match + - name: context_prefix type: keyword description: | - ATP Evenet ID - - name: ep_uuid + Content Prefix + - name: context_suffix type: keyword description: | - Endpoint UUID - - name: threatname + Context Suffix + - name: cookie type: keyword description: | - ATP threatname - - name: sourceip - type: ip + cookie + - name: date + type: date description: | - Original source IP address of traffic + Date (yyyy-mm-dd) when the event occurred - name: destinationip type: ip description: | Original destination IP address of traffic - - name: login_user + - name: device type: keyword description: | - ATP login user - - name: eventtype + device + - name: device_id type: keyword description: | - ATP event type - - name: execution_path + Serial number of the device + - name: device_model type: keyword description: | - ATP execution path - - name: av_policy_name + Model number of the device + - name: device_name type: keyword description: | - Malware scanning policy name which is applied on the traffic - - name: from_email_address + Model number of the device + - name: dictionary_name type: keyword description: | - Sender email address - - name: to_email_address + Dictionary Name + - name: dir_disp type: keyword description: | - Receipeint email address - - name: subject + TPacket direction. Possible values:“org”, “reply”, “” + - name: direction type: keyword description: | - Email subject - - name: mailsize - type: integer + Direction + - name: domainname + type: keyword description: | - mailsize - - name: virus + Domain from which virus was downloaded + - name: download_file_name type: keyword description: | - virus name - - name: FTP_url + Download file name + - name: download_file_type type: keyword description: | - FTP URL from which virus was downloaded - - name: FTP_direction + Download file type + - name: dst_country_code type: keyword description: | - Direction of FTP transfer: Upload or Download - - name: filesize + Code of the country to which the destination IP belongs + - name: dst_domainname + type: keyword + description: | + Receiver domain name + - name: dst_ip + type: ip + description: | + Original destination IP address of traffic + - name: dst_port type: integer description: | - Size of the file that contained virus - - name: filepath + Original destination port of TCP and UDP traffic + - name: dst_zone_type type: keyword description: | - Path of the file containing virus - - name: filename + Type of destination zone + - name: dstdomain type: keyword description: | - File name associated with the event - - name: ftpcommand - type: keyword + Destination Domain + - name: duration + type: long description: | - FTP command used when virus was found - - name: url + Durability of traffic (seconds) + - name: email_subject type: keyword description: | - URL from which virus was downloaded - - name: domainname + Email Subject + - name: ep_uuid type: keyword description: | - Domain from which virus was downloaded - - name: quarantine + Endpoint UUID + - name: ether_type type: keyword description: | - Path and filename of the file quarantined - - name: src_domainname + ethernet frame type + - name: eventid type: keyword description: | - Sender domain name - - name: dst_domainname + ATP Evenet ID + - name: eventtime + type: date + description: | + Event time + - name: eventtype type: keyword description: | - Receiver domain name - - name: reason + ATP event type + - name: exceptions type: keyword description: | - Reason why the record was detected as spam/malicious - - name: referer + List of the checks excluded by web exceptions. + - name: execution_path type: keyword description: | - Referer - - name: spamaction + ATP execution path + - name: extra type: keyword description: | - Spam Action - - name: mailid + extra + - name: file_name type: keyword description: | - mailid - - name: quarantine_reason + Filename + - name: file_path type: keyword description: | - Quarantine reason - - name: status_code + File path + - name: file_size + type: integer + description: | + File Size + - name: filename type: keyword description: | - Status code - - name: override_token + File name associated with the event + - name: filepath type: keyword description: | - Override token - - name: con_id + Path of the file containing virus + - name: filesize type: integer description: | - Unique identifier of connection - - name: override_authorizer + Size of the file that contained virus + - name: free + type: integer + description: | + free + - name: from_email_address type: keyword description: | - Override authorizer - - name: transactionid + Sender email address + - name: ftp_direction type: keyword description: | - Transaction ID of the AV scan. - - name: upload_file_type + Direction of FTP transfer: Upload or Download + - name: ftp_url type: keyword description: | - Upload file type - - name: upload_file_name + FTP URL from which virus was downloaded + - name: ftpcommand type: keyword description: | - Upload file name - - name: httpresponsecode - type: long + FTP command used when virus was found + - name: fw_rule_id + type: integer description: | - code of HTTP response - - name: user_gp + Firewall Rule ID which is applied on the traffic + - name: fw_rule_type type: keyword description: | - Group name to which the user belongs. - - name: category_type + Firewall rule type which is applied on the traffic + - name: hb_health type: keyword description: | - Type of category under which website falls - - name: download_file_type + Heartbeat status + - name: hb_status type: keyword description: | - Download file type - - name: exceptions + Heartbeat status + - name: host type: keyword description: | - List of the checks excluded by web exceptions. - - name: contenttype + Host + - name: http_category type: keyword description: | - Type of the content - - name: override_name + HTTP Category + - name: http_category_type type: keyword description: | - Override name - - name: activityname - type: keyword + HTTP Category Type + - name: httpresponsecode + type: long description: | - Web policy activity that matched and caused the policy result. - - name: download_file_name + code of HTTP response + - name: iap type: keyword description: | - Download file name - - name: sha1sum + Internet Access policy ID applied on the traffic + - name: icmp_code type: keyword description: | - SHA1 checksum of the item being analyzed - - name: message_id + ICMP code of ICMP traffic + - name: icmp_type type: keyword description: | - Message ID - - name: connid - type: keyword + ICMP type of ICMP traffic + - name: idle_cpu + type: float description: | - Connection ID - - name: message + idle ## + - name: idp_policy_id + type: integer + description: | + IPS policy ID which is applied on the traffic + - name: idp_policy_name type: keyword description: | - Message - - name: email_subject + IPS policy name i.e. IPS policy name which is applied on the traffic + - name: in_interface type: keyword description: | - Email Subject - - name: file_path + Interface for incoming traffic, e.g., Port A + - name: interface type: keyword description: | - File path - - name: dstdomain + interface + - name: ipaddress type: keyword description: | - Destination Domain - - name: file_size + Ipaddress + - name: ips_policy_id type: integer description: | - File Size - - name: transaction_id - type: keyword - description: | - Transaction ID - - name: website + IPS policy ID applied on the traffic + - name: lease_time type: keyword description: | - Website - - name: file_name + Lease Time + - name: localgateway type: keyword description: | - Filename - - name: context_prefix + Localgateway + - name: localnetwork type: keyword description: | - Content Prefix - - name: site_category + Localnetwork + - name: log_component type: keyword description: | - Site Category - - name: context_suffix + Component responsible for logging e.g. Firewall rule + - name: log_id type: keyword description: | - Context Suffix - - name: dictionary_name + Unique 12 characters code (0101011) + - name: log_subtype type: keyword description: | - Dictionary Name - - name: action + Sub type of event + - name: log_type type: keyword description: | - Event Action - - name: user + Type of event e.g. firewall event + - name: log_version type: keyword description: | - User - - name: context_match + Log Version + - name: login_user type: keyword description: | - Context Match - - name: direction + ATP login user + - name: mailid type: keyword description: | - Direction - - name: auth_client - type: keyword - description: | - Auth Client - - name: auth_mechanism - type: keyword - description: | - Auth mechanism - - name: connectionname - type: keyword + mailid + - name: mailsize + type: integer description: | - Connectionname - - name: remotenetwork + mailsize + - name: message type: keyword description: | - remotenetwork - - name: localgateway + Message + - name: mode type: keyword description: | - Localgateway - - name: localnetwork + Mode + - name: nat_rule_id type: keyword description: | - Localnetwork - - name: connectiontype + NAT Rule ID + - name: newversion type: keyword description: | - Connectiontype + Newversion - name: oldversion type: keyword description: | Oldversion - - name: newversion - type: keyword - description: | - Newversion - - name: ipaddress + - name: out_interface type: keyword description: | - Ipaddress - - name: client_physical_address + Interface for outgoing traffic, e.g., Port B + - name: override_authorizer type: keyword description: | - Client physical address - - name: client_host_name + Override authorizer + - name: override_name type: keyword description: | - Client host name - - name: raw_data + Override name + - name: override_token type: keyword description: | - Raw data - - name: Mode + Override token + - name: phpsessid type: keyword description: | - Mode - - name: sessionid + PHP session ID + - name: platform type: keyword description: | - Sessionid - - name: starttime - type: date - description: | - Starttime - - name: remote_ip - type: ip - description: | - Remote IP - - name: timestamp - type: date - description: | - timestamp - - name: SysLog_SERVER_NAME + Platform of the traffic. + - name: policy_type type: keyword description: | - SysLog SERVER NAME - - name: backup_mode + Policy type applied to the traffic + - name: priority type: keyword description: | - Backup mode - - name: source + Severity level of traffic + - name: protocol type: keyword description: | - Source - - name: server + Protocol number of traffic + - name: qualifier type: keyword description: | - Server - - name: host + Qualifier + - name: quarantine type: keyword description: | - Host - - name: responsetime - type: long - description: | - Responsetime - - name: cookie + Path and filename of the file quarantined + - name: quarantine_reason type: keyword description: | - cookie + Quarantine reason - name: querystring type: keyword description: | querystring - - name: extra + - name: raw_data type: keyword description: | - extra - - name: PHPSESSID + Raw data + - name: received_pkts + type: long + description: | + Total number of packets received + - name: receiveddrops + type: long + description: | + received drops + - name: receivederrors type: keyword description: | - PHPSESSID - - name: start_time - type: date + received errors + - name: receivedkbits + type: long description: | - Start time - - name: eventtime - type: date + received kbits + - name: recv_bytes + type: long description: | - Event time + Total number of bytes received - name: red_id type: keyword description: | RED ID - - name: branch_name + - name: referer type: keyword description: | - Branch Name - - name: updatedip + Referer + - name: remote_ip type: ip description: | - updatedip - - name: idle_cpu - type: float - description: | - idle ## - - name: system_cpu - type: float - description: | - system - - name: user_cpu - type: float - description: | - system - - name: used - type: integer - description: | - used - - name: unit + Remote IP + - name: remotenetwork type: keyword description: | - unit - - name: total_memory - type: integer - description: | - Total Memory - - name: free - type: integer - description: | - free - - name: transmittederrors + remotenetwork + - name: reported_host type: keyword description: | - transmitted errors - - name: receivederrors + Reported Host + - name: reported_ip type: keyword description: | - received errors - - name: receivedkbits - type: long - description: | - received kbits - - name: transmittedkbits - type: long + Reported IP + - name: reports + type: float description: | - transmitted kbits - - name: transmitteddrops - type: long + Reports + - name: rule_priority + type: keyword description: | - transmitted drops - - name: receiveddrops + Priority of IPS policy + - name: sent_bytes type: long description: | - received drops - - name: collisions + Total number of bytes sent + - name: sent_pkts type: long description: | - collisions - - name: interface + Total number of packets sent + - name: server type: keyword description: | - interface - - name: Configuration - type: float + Server + - name: sessionid + type: keyword description: | - Configuration - - name: Reports - type: float + Sessionid + - name: sha1sum + type: keyword description: | - Reports - - name: Signature + SHA1 checksum of the item being analyzed + - name: signature type: float description: | Signature - - name: Temp - type: float + - name: signature_id + type: keyword description: | - Temp - - name: users + Signature ID + - name: signature_msg type: keyword description: | - users - - name: ssid + Signature messsage + - name: site_category type: keyword description: | - ssid - - name: ap + Site Category + - name: source type: keyword description: | - ap - - name: clients_conn_ssid + Source + - name: sourceip + type: ip + description: | + Original source IP address of traffic + - name: spamaction type: keyword description: | - clients connection ssid + Spam Action - name: sqli type: keyword description: | related SQLI caught by the WAF - - name: xss + - name: src_country_code type: keyword description: | - related XSS caught by the WAF - - name: ether_type + Code of the country to which the source IP belongs + - name: src_domainname type: keyword description: | - ethernet frame type - - name: app_category + Sender domain name + - name: src_ip + type: ip + description: | + Original source IP address of traffic + - name: src_mac type: keyword description: | - Name of the category under which application falls - - name: app_name + Original source MAC address of traffic + - name: src_port + type: integer + description: | + Original source port of TCP and UDP traffic + - name: src_zone_type + type: keyword + description: |- + Type of source zone + - name: ssid type: keyword description: | - Application name - - name: app_filter_policy_id + Configured SSID name. + - name: start_time + type: date + description: | + Start time + - name: starttime + type: date + description: | + Starttime + - name: status type: keyword description: | - Application filter policy ID applied on the traffic - - name: app_resolved_by + Ultimate status of traffic – Allowed or Denied + - name: status_code type: keyword description: | - Application is resolved by signature or synchronized application - - name: app_risk + Status code + - name: subject type: keyword description: | - Risk level assigned to the application - - name: app_technology + Email subject + - name: syslog_server_name type: keyword description: | - Technology of the application - - name: con_event + Syslog server name + - name: syslog_server_name type: keyword description: | - Event Start/Stop - - name: fw_rule_type + Syslog server name. + - name: system_cpu + type: float + description: | + system + - name: target type: keyword description: | - Firewall rule type which is applied on the traffic - - name: hb_status + Platform of the traffic. + - name: temp + type: float + description: | + Temp + - name: threatname type: keyword description: | - Heartbeat status - - name: log_version + ATP threatname + - name: timestamp + type: date + description: | + timestamp + - name: timezone type: keyword description: | - Log Version - - name: nat_rule_id + Time (hh:mm:ss) when the event occurred + - name: to_email_address type: keyword description: | - NAT Rule ID - - name: qualifier + Receipeint email address + - name: total_memory + type: integer + description: | + Total Memory + - name: trans_dst_ip + type: ip + description: | + Translated destination IP address for outgoing traffic + - name: trans_dst_port + type: integer + description: | + Translated destination port for outgoing traffic + - name: trans_src_ip + type: ip + description: | + Translated source IP address for outgoing traffic + - name: trans_src_port + type: integer + description: | + Translated source port for outgoing traffic + - name: transaction_id type: keyword description: | - Qualifier - - name: web_policy_id + Transaction ID + - name: transactionid type: keyword description: | - Web policy ID - - name: content_type + Transaction ID of the AV scan. + - name: transmitteddrops + type: long + description: | + transmitted drops + - name: transmittederrors type: keyword description: | - Type of the content - - name: http_category + transmitted errors + - name: transmittedkbits + type: long + description: | + transmitted kbits + - name: unit type: keyword description: | - HTTP Category - - name: http_category_type + unit + - name: updatedip + type: ip + description: | + updatedip + - name: upload_file_name type: keyword description: | - HTTP Category Type + Upload file name + - name: upload_file_type + type: keyword + description: | + Upload file type + - name: url + type: keyword + description: | + URL from which virus was downloaded + - name: used + type: integer + description: | + used - name: used_quota type: keyword description: | Used Quota - - name: lease_time + - name: user type: keyword description: | - Lease Time - - name: reported_host + User + - name: user_cpu + type: float + description: | + system + - name: user_gp type: keyword description: | - Reported Host - - name: reported_ip + Group name to which the user belongs. + - name: user_group type: keyword description: | - Reported IP - - name: dst_zone_type + Group name to which the user belongs + - name: user_name type: keyword description: | - Type of destination zone - - name: src_zone_type + user_name + - name: users + type: long + description: | + Number of users from System Health / Live User events. + - name: vconn_id + type: integer + description: | + Connection ID of the master connection + - name: virus type: keyword description: | - Type of source zone -- name: log.source.address - type: keyword - ignore_above: 1024 + virus name + - name: web_policy_id + type: keyword + description: | + Web policy ID + - name: website + type: keyword + description: | + Website + - name: xss + type: keyword + description: | + related XSS caught by the WAF diff --git a/packages/sophos/data_stream/xg/sample_event.json b/packages/sophos/data_stream/xg/sample_event.json index e81cd07991f..8d4524e509b 100644 --- a/packages/sophos/data_stream/xg/sample_event.json +++ b/packages/sophos/data_stream/xg/sample_event.json @@ -1,14 +1,11 @@ { "@timestamp": "2016-12-02T18:50:20.000Z", "agent": { - "ephemeral_id": "f43c7a66-9b0a-475c-89c5-16218fb4d7b5", - "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", + "ephemeral_id": "b1eb8b45-bca7-40b1-b2f4-9d5c87e449bc", + "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" - }, - "client": { - "ip": "10.108.108.49" + "version": "8.1.2" }, "data_stream": { "dataset": "sophos.xg", @@ -19,9 +16,9 @@ "version": "8.0.0" }, "elastic_agent": { - "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", - "snapshot": true, - "version": "8.0.0" + "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", + "snapshot": false, + "version": "8.1.2" }, "event": { "action": "alert", @@ -29,9 +26,9 @@ "category": [ "network" ], - "code": "058420116010", + "code": "16010", "dataset": "sophos.xg", - "ingested": "2022-01-25T18:07:40Z", + "ingested": "2022-04-20T20:13:02Z", "kind": "event", "outcome": "success", "severity": 1, @@ -46,7 +43,7 @@ "log": { "level": "alert", "source": { - "address": "172.25.0.7:50257" + "address": "172.31.0.8:48162" } }, "observer": { @@ -75,9 +72,9 @@ "direction": "in", "file_name": "cgi_echo.pl", "log_component": "Web Content Policy", + "log_id": "058420116010", "log_subtype": "Alert", "log_type": "Content Filtering", - "message_id": "16010", "site_category": "Information Technology", "transaction_id": "e4a127f7-a850-477c-920e-a471b38727c1", "user": "gi123456", diff --git a/packages/sophos/docs/README.md b/packages/sophos/docs/README.md index 88e9b8e8b44..f3b0b7798f0 100644 --- a/packages/sophos/docs/README.md +++ b/packages/sophos/docs/README.md @@ -9,7 +9,7 @@ Currently it accepts logs in syslog format or from a file for the following devi To configure a remote syslog destination, please reference the [SophosXG/SFOS Documentation](https://community.sophos.com/kb/en-us/123184). -The syslog format choosen should be `Default`. +The syslog format chosen should be `Default`. ## Compatibility @@ -840,7 +840,9 @@ The `utm` dataset collects Astaro Security Gateway logs. ### XG log -This is the Sophos `xg` dataset. +This is the Sophos `xg` dataset. Reference information about the log formats +can be found in the [Sophos syslog guide]( +https://docs.sophos.com/nsg/sophos-firewall/18.5/PDF/SF%20syslog%20guide%2018.5.pdf). An example event for `xg` looks as following: @@ -848,14 +850,11 @@ An example event for `xg` looks as following: { "@timestamp": "2016-12-02T18:50:20.000Z", "agent": { - "ephemeral_id": "f43c7a66-9b0a-475c-89c5-16218fb4d7b5", - "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", + "ephemeral_id": "b1eb8b45-bca7-40b1-b2f4-9d5c87e449bc", + "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" - }, - "client": { - "ip": "10.108.108.49" + "version": "8.1.2" }, "data_stream": { "dataset": "sophos.xg", @@ -866,9 +865,9 @@ An example event for `xg` looks as following: "version": "8.0.0" }, "elastic_agent": { - "id": "9a015053-a5c0-4959-99ab-2b6556a2a396", - "snapshot": true, - "version": "8.0.0" + "id": "dee3c982-4bd2-4c06-b207-fe0ce9ef19c5", + "snapshot": false, + "version": "8.1.2" }, "event": { "action": "alert", @@ -876,9 +875,9 @@ An example event for `xg` looks as following: "category": [ "network" ], - "code": "058420116010", + "code": "16010", "dataset": "sophos.xg", - "ingested": "2022-01-25T18:07:40Z", + "ingested": "2022-04-20T20:13:02Z", "kind": "event", "outcome": "success", "severity": 1, @@ -893,7 +892,7 @@ An example event for `xg` looks as following: "log": { "level": "alert", "source": { - "address": "172.25.0.7:50257" + "address": "172.31.0.8:48162" } }, "observer": { @@ -922,9 +921,9 @@ An example event for `xg` looks as following: "direction": "in", "file_name": "cgi_echo.pl", "log_component": "Web Content Policy", + "log_id": "058420116010", "log_subtype": "Alert", "log_type": "Content Filtering", - "message_id": "16010", "site_category": "Information Technology", "transaction_id": "e4a127f7-a850-477c-920e-a471b38727c1", "user": "gi123456", @@ -946,29 +945,6 @@ An example event for `xg` looks as following: | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| client.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | -| client.as.organization.name | Organization name. | keyword | -| client.as.organization.name.text | Multi-field of `client.as.organization.name`. | match_only_text | -| client.bytes | Bytes sent from the client to the server. | long | -| client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | -| client.geo.city_name | City name. | keyword | -| client.geo.continent_name | Name of the continent. | keyword | -| client.geo.country_iso_code | Country ISO code. | keyword | -| client.geo.country_name | Country name. | keyword | -| client.geo.location | Longitude and latitude. | geo_point | -| client.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | -| client.geo.region_iso_code | Region ISO code. | keyword | -| client.geo.region_name | Region name. | keyword | -| client.ip | IP address of the client (IPv4 or IPv6). | ip | -| client.mac | MAC address of the client. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| client.nat.ip | Translated IP of source based NAT sessions (e.g. internal client to internet). Typically connections traversing load balancers, firewalls, or routers. | ip | -| client.nat.port | Translated port of source based NAT sessions (e.g. internal client to internet). Typically connections traversing load balancers, firewalls, or routers. | long | -| client.packets | Packets sent from the client to the server. | long | -| client.port | Port of the client. | long | -| client.user.email | User email address. | keyword | -| client.user.group.name | Name of the group. | keyword | -| client.user.name | Short name or login of the user. | keyword | -| client.user.name.text | Multi-field of `client.user.name`. | match_only_text | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | @@ -989,6 +965,7 @@ An example event for `xg` looks as following: | destination.as.organization.name | Organization name. | keyword | | destination.as.organization.name.text | Multi-field of `destination.as.organization.name`. | match_only_text | | destination.bytes | Bytes sent from the destination to the source. | long | +| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | destination.geo.city_name | City name. | keyword | | destination.geo.continent_name | Name of the continent. | keyword | | destination.geo.country_iso_code | Country ISO code. | keyword | @@ -1020,6 +997,7 @@ An example event for `xg` looks as following: | event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | | event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | event.provider | Source of the event. Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). | keyword | +| event.reason | Reason why this event happened, according to the source. This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). | keyword | | event.sequence | Sequence number of the event. The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. | long | | event.severity | The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. | long | | event.start | event.start contains the date when the event started or when the activity was first observed. | date | @@ -1063,6 +1041,7 @@ An example event for `xg` looks as following: | log.source.address | | keyword | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | +| network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | | network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | | network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | @@ -1084,37 +1063,9 @@ An example event for `xg` looks as following: | rule.id | A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. | keyword | | rule.name | The name of the rule or signature generating the event. | keyword | | rule.ruleset | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | keyword | -| server.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | -| server.as.organization.name | Organization name. | keyword | -| server.as.organization.name.text | Multi-field of `server.as.organization.name`. | match_only_text | -| server.bytes | Bytes sent from the server to the client. | long | -| server.geo.city_name | City name. | keyword | -| server.geo.continent_name | Name of the continent. | keyword | -| server.geo.country_iso_code | Country ISO code. | keyword | -| server.geo.country_name | Country name. | keyword | -| server.geo.location | Longitude and latitude. | geo_point | -| server.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword | -| server.geo.region_iso_code | Region ISO code. | keyword | -| server.geo.region_name | Region name. | keyword | -| server.ip | IP address of the server (IPv4 or IPv6). | ip | -| server.mac | MAC address of the server. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| server.nat.ip | Translated ip of destination based NAT sessions (e.g. internet to private DMZ) Typically used with load balancers, firewalls, or routers. | ip | -| server.nat.port | Translated port of destination based NAT sessions (e.g. internet to private DMZ) Typically used with load balancers, firewalls, or routers. | long | -| server.packets | Packets sent from the server to the client. | long | -| server.port | Port of the server. | long | -| server.user.email | User email address. | keyword | -| sophos.xg.Configuration | Configuration | float | -| sophos.xg.FTP_direction | Direction of FTP transfer: Upload or Download | keyword | -| sophos.xg.FTP_url | FTP URL from which virus was downloaded | keyword | -| sophos.xg.Mode | Mode | keyword | -| sophos.xg.PHPSESSID | PHPSESSID | keyword | -| sophos.xg.Reports | Reports | float | -| sophos.xg.Signature | Signature | float | -| sophos.xg.SysLog_SERVER_NAME | SysLog SERVER NAME | keyword | -| sophos.xg.Temp | Temp | float | | sophos.xg.action | Event Action | keyword | | sophos.xg.activityname | Web policy activity that matched and caused the policy result. | keyword | -| sophos.xg.ap | ap | keyword | +| sophos.xg.ap | Access Point Serial ID or LocalWifi0 or LocalWifi1. | keyword | | sophos.xg.app_category | Name of the category under which application falls | keyword | | sophos.xg.app_filter_policy_id | Application filter policy ID applied on the traffic | keyword | | sophos.xg.app_is_cloud | Application is Cloud | keyword | @@ -1140,10 +1091,11 @@ An example event for `xg` looks as following: | sophos.xg.classification | Signature classification | keyword | | sophos.xg.client_host_name | Client host name | keyword | | sophos.xg.client_physical_address | Client physical address | keyword | -| sophos.xg.clients_conn_ssid | clients connection ssid | keyword | +| sophos.xg.clients_conn_ssid | Number of client connected to the SSID. | long | | sophos.xg.collisions | collisions | long | | sophos.xg.con_event | Event Start/Stop | keyword | | sophos.xg.con_id | Unique identifier of connection | integer | +| sophos.xg.configuration | Configuration | float | | sophos.xg.conn_id | Unique identifier of connection | integer | | sophos.xg.connectionname | Connectionname | keyword | | sophos.xg.connectiontype | Connectiontype | keyword | @@ -1191,6 +1143,8 @@ An example event for `xg` looks as following: | sophos.xg.filesize | Size of the file that contained virus | integer | | sophos.xg.free | free | integer | | sophos.xg.from_email_address | Sender email address | keyword | +| sophos.xg.ftp_direction | Direction of FTP transfer: Upload or Download | keyword | +| sophos.xg.ftp_url | FTP URL from which virus was downloaded | keyword | | sophos.xg.ftpcommand | FTP command used when virus was found | keyword | | sophos.xg.fw_rule_id | Firewall Rule ID which is applied on the traffic | integer | | sophos.xg.fw_rule_type | Firewall rule type which is applied on the traffic | keyword | @@ -1222,7 +1176,7 @@ An example event for `xg` looks as following: | sophos.xg.mailid | mailid | keyword | | sophos.xg.mailsize | mailsize | integer | | sophos.xg.message | Message | keyword | -| sophos.xg.message_id | Message ID | keyword | +| sophos.xg.mode | Mode | keyword | | sophos.xg.nat_rule_id | NAT Rule ID | keyword | | sophos.xg.newversion | Newversion | keyword | | sophos.xg.oldversion | Oldversion | keyword | @@ -1230,6 +1184,7 @@ An example event for `xg` looks as following: | sophos.xg.override_authorizer | Override authorizer | keyword | | sophos.xg.override_name | Override name | keyword | | sophos.xg.override_token | Override token | keyword | +| sophos.xg.phpsessid | PHP session ID | keyword | | sophos.xg.platform | Platform of the traffic. | keyword | | sophos.xg.policy_type | Policy type applied to the traffic | keyword | | sophos.xg.priority | Severity level of traffic | keyword | @@ -1239,7 +1194,6 @@ An example event for `xg` looks as following: | sophos.xg.quarantine_reason | Quarantine reason | keyword | | sophos.xg.querystring | querystring | keyword | | sophos.xg.raw_data | Raw data | keyword | -| sophos.xg.reason | Reason why the record was detected as spam/malicious | keyword | | sophos.xg.received_pkts | Total number of packets received | long | | sophos.xg.receiveddrops | received drops | long | | sophos.xg.receivederrors | received errors | keyword | @@ -1251,13 +1205,14 @@ An example event for `xg` looks as following: | sophos.xg.remotenetwork | remotenetwork | keyword | | sophos.xg.reported_host | Reported Host | keyword | | sophos.xg.reported_ip | Reported IP | keyword | -| sophos.xg.responsetime | Responsetime | long | +| sophos.xg.reports | Reports | float | | sophos.xg.rule_priority | Priority of IPS policy | keyword | | sophos.xg.sent_bytes | Total number of bytes sent | long | | sophos.xg.sent_pkts | Total number of packets sent | long | | sophos.xg.server | Server | keyword | | sophos.xg.sessionid | Sessionid | keyword | | sophos.xg.sha1sum | SHA1 checksum of the item being analyzed | keyword | +| sophos.xg.signature | Signature | float | | sophos.xg.signature_id | Signature ID | keyword | | sophos.xg.signature_msg | Signature messsage | keyword | | sophos.xg.site_category | Site Category | keyword | @@ -1271,15 +1226,16 @@ An example event for `xg` looks as following: | sophos.xg.src_mac | Original source MAC address of traffic | keyword | | sophos.xg.src_port | Original source port of TCP and UDP traffic | integer | | sophos.xg.src_zone_type | Type of source zone | keyword | -| sophos.xg.ssid | ssid | keyword | +| sophos.xg.ssid | Configured SSID name. | keyword | | sophos.xg.start_time | Start time | date | | sophos.xg.starttime | Starttime | date | | sophos.xg.status | Ultimate status of traffic – Allowed or Denied | keyword | | sophos.xg.status_code | Status code | keyword | | sophos.xg.subject | Email subject | keyword | -| sophos.xg.syslog_server_name | Syslog server name | keyword | +| sophos.xg.syslog_server_name | Syslog server name. | keyword | | sophos.xg.system_cpu | system | float | | sophos.xg.target | Platform of the traffic. | keyword | +| sophos.xg.temp | Temp | float | | sophos.xg.threatname | ATP threatname | keyword | | sophos.xg.timestamp | timestamp | date | | sophos.xg.timezone | Time (hh:mm:ss) when the event occurred | keyword | @@ -1287,7 +1243,7 @@ An example event for `xg` looks as following: | sophos.xg.total_memory | Total Memory | integer | | sophos.xg.trans_dst_ip | Translated destination IP address for outgoing traffic | ip | | sophos.xg.trans_dst_port | Translated destination port for outgoing traffic | integer | -| sophos.xg.trans_src_ ip | Translated source IP address for outgoing traffic | ip | +| sophos.xg.trans_src_ip | Translated source IP address for outgoing traffic | ip | | sophos.xg.trans_src_port | Translated source port for outgoing traffic | integer | | sophos.xg.transaction_id | Transaction ID | keyword | | sophos.xg.transactionid | Transaction ID of the AV scan. | keyword | @@ -1306,7 +1262,7 @@ An example event for `xg` looks as following: | sophos.xg.user_gp | Group name to which the user belongs. | keyword | | sophos.xg.user_group | Group name to which the user belongs | keyword | | sophos.xg.user_name | user_name | keyword | -| sophos.xg.users | users | keyword | +| sophos.xg.users | Number of users from System Health / Live User events. | long | | sophos.xg.vconn_id | Connection ID of the master connection | integer | | sophos.xg.virus | virus name | keyword | | sophos.xg.web_policy_id | Web policy ID | keyword | diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index d6c7c8cb12d..c324445400b 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,14 +1,14 @@ format_version: 1.0.0 name: sophos title: Sophos Logs -version: 1.2.3 +version: 2.0.0 description: Collect and parse logs from Sophos Products with Elastic Agent. categories: ["security"] release: ga license: basic type: integration conditions: - kibana.version: "^7.14.1 || ^8.0.0" + kibana.version: "^7.17.0 || ^8.0.0" policy_templates: - name: sophos title: Sophos logs From edf13fbf859c7081988da0a5e80d7d50f37aafd3 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Fri, 22 Apr 2022 07:53:11 +0930 Subject: [PATCH 13/23] cisco_duo: fix handling of IP addresses with port numbers (#3117) --- packages/cisco_duo/changelog.yml | 5 + .../auth/_dev/test/pipeline/test-auth.log | 10 +- .../test/pipeline/test-auth.log-expected.json | 822 ++++++++++++++++++ .../_dev/test/pipeline/test-common-config.yml | 2 - .../elasticsearch/ingest_pipeline/default.yml | 57 +- .../cisco_duo/data_stream/auth/fields/ecs.yml | 2 + .../data_stream/auth/fields/fields.yml | 8 + packages/cisco_duo/docs/README.md | 3 + packages/cisco_duo/manifest.yml | 2 +- 9 files changed, 905 insertions(+), 6 deletions(-) diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 8d9ee38cb63..fc9b9e8d782 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.5" + changes: + - description: Fix handling of IP addresses with port numbers. + type: bugfix + link: https://github.com/elastic/integrations/pull/3117 - version: "1.1.4" changes: - description: Fix dashboard issues. diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log index 0e446a74184..3e6e8a71ee6 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log @@ -2,4 +2,12 @@ {"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.156","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"89.160.20.156","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"narroway@example.com","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:21:51.271776+00:00","ood_software":null,"reason":"user_approved","result":"success","timestamp":1627024911,"txid":"fa59a691-9139-43e9-9854-f9e1dbf72af5","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} {"access_device":{"browser":"Chrome","browser_version":"92.0.4515.131","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.156","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"89.160.20.156","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"narroway@example.com","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-08-12T09:14:23.060168+00:00","ood_software":null,"reason":"user_approved","result":"success","timestamp":1628759663,"txid":"861a81e7-1f60-4865-95eb-57d9c43ce073","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} {"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.156","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"89.160.20.156","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:20:54.700050+00:00","ood_software":null,"reason":"user_marked_fraud","result":"fraud","timestamp":1627024854,"txid":"78e1a910-350b-4226-828b-edb0ac2f2e3c","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} -{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.156","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"89.160.20.156","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} \ No newline at end of file +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.156","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"89.160.20.156","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"89.160.20.112:1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"192.168.225.254:4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"[2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6]:1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"[2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6]:4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6#1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6#4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6p1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6p4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6:1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6:4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 port 1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 port 4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} +{"access_device":{"browser":"Chrome","browser_version":"92.0.4515.107","flash_version":"uninstalled","hostname":null,"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6.1234","is_encryption_enabled":"unknown","is_firewall_enabled":"unknown","is_password_set":"unknown","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Windows","os_version":"10"},"alias":"","application":{"key":"DIY231J8BR23QK4UKBY8","name":"Duo Access Gateway Launcher"},"auth_device":{"ip":"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6.4321","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"+91 12345 12345"},"email":"","event_type":"authentication","factor":"duo_push","isotimestamp":"2021-07-23T07:19:34.702203+00:00","ood_software":null,"reason":"user_mistake","result":"denied","timestamp":1627024774,"txid":"e22120cd-7388-424f-aa0a-b60cad42d8f3","user":{"groups":["AD Sync"],"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway"}} diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index dc350dbbf4e..e1d61a4cc33 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -583,6 +583,828 @@ }, "version": "92.0.4515.107" } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "89.160.20.112", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "ip": "192.168.225.254", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"89.160.20.112:1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"192.168.225.254:4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "89.160.20.112", + "192.168.225.254" + ] + }, + "source": { + "address": "89.160.20.112:1234", + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + } + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345" + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"[2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6]:1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"[2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6]:4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "[2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6]:1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6#1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6#4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6#1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6p1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6p4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6p1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6:1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6:4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6:1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 port 1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 port 4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 port 1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } + }, + { + "@timestamp": "2021-07-23T07:19:34.000Z", + "cisco_duo": { + "auth": { + "access_device": { + "flash_version": "uninstalled", + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "is_encryption_enabled": "unknown", + "is_firewall_enabled": "unknown", + "is_password_set": "unknown", + "java_version": "uninstalled", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "port": 1234 + }, + "application": { + "key": "DIY231J8BR23QK4UKBY8", + "name": "Duo Access Gateway Launcher" + }, + "auth_device": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "location": { + "city": "Ann Arbor", + "country": "United States", + "state": "Michigan" + }, + "name": "+91 12345 12345", + "port": 4321 + }, + "event_type": "authentication", + "factor": "duo_push", + "reason": "user_mistake", + "result": "denied", + "txid": "e22120cd-7388-424f-aa0a-b60cad42d8f3" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": "authentication", + "kind": "event", + "original": "{\"access_device\":{\"browser\":\"Chrome\",\"browser_version\":\"92.0.4515.107\",\"flash_version\":\"uninstalled\",\"hostname\":null,\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6.1234\",\"is_encryption_enabled\":\"unknown\",\"is_firewall_enabled\":\"unknown\",\"is_password_set\":\"unknown\",\"java_version\":\"uninstalled\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"os\":\"Windows\",\"os_version\":\"10\"},\"alias\":\"\",\"application\":{\"key\":\"DIY231J8BR23QK4UKBY8\",\"name\":\"Duo Access Gateway Launcher\"},\"auth_device\":{\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6.4321\",\"location\":{\"city\":\"Ann Arbor\",\"country\":\"United States\",\"state\":\"Michigan\"},\"name\":\"+91 12345 12345\"},\"email\":\"\",\"event_type\":\"authentication\",\"factor\":\"duo_push\",\"isotimestamp\":\"2021-07-23T07:19:34.702203+00:00\",\"ood_software\":null,\"reason\":\"user_mistake\",\"result\":\"denied\",\"timestamp\":1627024774,\"txid\":\"e22120cd-7388-424f-aa0a-b60cad42d8f3\",\"user\":{\"groups\":[\"AD Sync\"],\"key\":\"DU3KC77WJ06Y5HIV7XKQ\",\"name\":\"narroway\"}}", + "outcome": "failed", + "reason": "user_mistake", + "type": "info" + }, + "related": { + "ip": [ + "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + ] + }, + "source": { + "address": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6.1234", + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 1234, + "user": { + "group": { + "name": [ + "AD Sync" + ] + }, + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "DU3KC77WJ06Y5HIV7XKQ", + "name": "narroway" + }, + "user_agent": { + "name": "Chrome", + "os": { + "name": "Windows", + "version": "10" + }, + "version": "92.0.4515.107" + } } ] } \ No newline at end of file diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-common-config.yml b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-common-config.yml +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 7aa4a99edee..e854f9b5024 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -45,13 +45,58 @@ processors: copy_from: json.reason ignore_failure: true - set: - field: source.ip + field: source.address copy_from: json.access_device.ip + - grok: + field: json.access_device.ip + patterns: + - "^%{IPV4:json.access_device.ip}:%{NUMBER:json.access_device.port}$" + - "^\\[%{IPV6:json.access_device.ip}\\]:%{NUMBER:json.access_device.port}$" + - "^%{IPV6NOCOMPRESS:json.access_device.ip}:%{NUMBER:json.access_device.port}$" + - "^%{IPV6:json.access_device.ip}%{IPV6PORTSEP}%{NUMBER:json.access_device.port}$" + - "^%{IPV6:json.access_device.ip}%{IPV6PORTSEP}%{POSINT:json.access_device.port}$" + pattern_definitions: + IPV6NOCOMPRESS: '([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}' + IPV6PORTSEP: '(?: port |[p#.])' + ignore_missing: true ignore_failure: true + - convert: + field: json.access_device.ip + type: ip + ignore_missing: true + - convert: + field: json.access_device.port + type: long + ignore_missing: true - set: - field: source.address + field: source.ip copy_from: json.access_device.ip ignore_failure: true + - set: + field: source.port + copy_from: json.access_device.port + ignore_failure: true + - grok: + field: json.auth_device.ip + patterns: + - "^%{IPV4:json.auth_device.ip}:%{NUMBER:json.auth_device.port}$" + - "^\\[%{IPV6:json.auth_device.ip}\\]:%{NUMBER:json.auth_device.port}$" + - "^%{IPV6NOCOMPRESS:json.auth_device.ip}:%{NUMBER:json.auth_device.port}$" + - "^%{IPV6:json.auth_device.ip}%{IPV6PORTSEP}%{NUMBER:json.auth_device.port}$" + - "^%{IPV6:json.auth_device.ip}%{IPV6PORTSEP}%{POSINT:json.auth_device.port}$" + pattern_definitions: + IPV6NOCOMPRESS: '([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}' + IPV6PORTSEP: '(?: port |[p#.])' + ignore_missing: true + ignore_failure: true + - convert: + field: json.auth_device.ip + type: ip + ignore_missing: true + - convert: + field: json.auth_device.port + type: long + ignore_missing: true - set: field: source.address copy_from: json.access_device.hostname @@ -184,6 +229,10 @@ processors: field: json.access_device.ip target_field: cisco_duo.auth.access_device.ip ignore_missing: true + - rename: + field: json.access_device.port + target_field: cisco_duo.auth.access_device.port + ignore_missing: true - rename: field: json.access_device.is_encryption_enabled target_field: cisco_duo.auth.access_device.is_encryption_enabled @@ -240,6 +289,10 @@ processors: field: json.auth_device.ip target_field: cisco_duo.auth.auth_device.ip ignore_missing: true + - rename: + field: json.auth_device.port + target_field: cisco_duo.auth.auth_device.port + ignore_missing: true - rename: field: json.auth_device.location.city target_field: cisco_duo.auth.auth_device.location.city diff --git a/packages/cisco_duo/data_stream/auth/fields/ecs.yml b/packages/cisco_duo/data_stream/auth/fields/ecs.yml index 0472838691a..c5b4991d883 100644 --- a/packages/cisco_duo/data_stream/auth/fields/ecs.yml +++ b/packages/cisco_duo/data_stream/auth/fields/ecs.yml @@ -20,6 +20,8 @@ name: related.ip - external: ecs name: source.ip +- external: ecs + name: source.port - external: ecs name: source.address - external: ecs diff --git a/packages/cisco_duo/data_stream/auth/fields/fields.yml b/packages/cisco_duo/data_stream/auth/fields/fields.yml index d2da8453833..7b0d5b6786d 100644 --- a/packages/cisco_duo/data_stream/auth/fields/fields.yml +++ b/packages/cisco_duo/data_stream/auth/fields/fields.yml @@ -52,6 +52,10 @@ type: ip description: | The access device's IP address. + - name: port + type: long + description: | + The access device's port number. - name: is_encryption_enabled type: keyword description: | @@ -105,6 +109,10 @@ type: ip description: | The IP address of the authentication device. + - name: port + type: long + description: | + The network port of the authentication device. - name: location type: group fields: diff --git a/packages/cisco_duo/docs/README.md b/packages/cisco_duo/docs/README.md index b057d707233..52cc99d0354 100644 --- a/packages/cisco_duo/docs/README.md +++ b/packages/cisco_duo/docs/README.md @@ -314,6 +314,7 @@ An example event for `auth` looks as following: | cisco_duo.auth.access_device.location.city | The city name of the access device using geoip location. | keyword | | cisco_duo.auth.access_device.location.country | The country of the access device using geoip location. | keyword | | cisco_duo.auth.access_device.location.state | The state name of the access device using geoip location. | keyword | +| cisco_duo.auth.access_device.port | The access device's port number. | long | | cisco_duo.auth.access_device.security_agents | Reports the security agents present on the endpoint as detected by the Duo Device Health app. | keyword | | cisco_duo.auth.alias | The username alias used to log in. | keyword | | cisco_duo.auth.application.key | The application's integration_key. | keyword | @@ -332,6 +333,7 @@ An example event for `auth` looks as following: | cisco_duo.auth.auth_device.location.country | The country of the authentication device using geoip location. | keyword | | cisco_duo.auth.auth_device.location.state | The state name of the authentication device using geoip location. | keyword | | cisco_duo.auth.auth_device.name | The name of the authentication device. | keyword | +| cisco_duo.auth.auth_device.port | The network port of the authentication device. | long | | cisco_duo.auth.email | The email address of the user, if known to Duo, otherwise none. | keyword | | cisco_duo.auth.event_type | The type of activity logged. | keyword | | cisco_duo.auth.factor | The authentication factor. | keyword | @@ -399,6 +401,7 @@ An example event for `auth` looks as following: | source.geo.region_iso_code | Region ISO code. | keyword | | source.geo.region_name | Region name. | keyword | | source.ip | IP address of the source (IPv4 or IPv6). | ip | +| source.port | Port of the source. | long | | source.user.email | User email address. | keyword | | source.user.group.name | Name of the group. | keyword | | source.user.id | Unique identifier of the user. | keyword | diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index c85cbcab2aa..897945822e3 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: 1.1.4 +version: 1.1.5 license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration From e01918f4a9ca3e45635629b923f1832ddf48eebf Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Fri, 22 Apr 2022 11:10:45 +0930 Subject: [PATCH 14/23] cisco_duo: simplify grok expression for handling ports (#3170) --- packages/cisco_duo/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 20 +++++++++---------- packages/cisco_duo/manifest.yml | 2 +- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index fc9b9e8d782..446b0652ded 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.6" + changes: + - description: Simplify IP grok patterns. + type: enhancement + link: https://github.com/elastic/integrations/pull/3170 - version: "1.1.5" changes: - description: Fix handling of IP addresses with port numbers. diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index e854f9b5024..130c2954e85 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -50,14 +50,14 @@ processors: - grok: field: json.access_device.ip patterns: - - "^%{IPV4:json.access_device.ip}:%{NUMBER:json.access_device.port}$" - - "^\\[%{IPV6:json.access_device.ip}\\]:%{NUMBER:json.access_device.port}$" - - "^%{IPV6NOCOMPRESS:json.access_device.ip}:%{NUMBER:json.access_device.port}$" - - "^%{IPV6:json.access_device.ip}%{IPV6PORTSEP}%{NUMBER:json.access_device.port}$" - - "^%{IPV6:json.access_device.ip}%{IPV6PORTSEP}%{POSINT:json.access_device.port}$" + - "^%{IPV4:json.access_device.ip}:%{PORT:json.access_device.port}$" + - "^\\[%{IPV6:json.access_device.ip}\\]:%{PORT:json.access_device.port}$" + - "^%{IPV6NOCOMPRESS:json.access_device.ip}:%{PORT:json.access_device.port}$" + - "^%{IPV6:json.access_device.ip}%{IPV6PORTSEP}%{PORT:json.access_device.port}$" pattern_definitions: IPV6NOCOMPRESS: '([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}' IPV6PORTSEP: '(?: port |[p#.])' + PORT: '[0-9]+' ignore_missing: true ignore_failure: true - convert: @@ -79,14 +79,14 @@ processors: - grok: field: json.auth_device.ip patterns: - - "^%{IPV4:json.auth_device.ip}:%{NUMBER:json.auth_device.port}$" - - "^\\[%{IPV6:json.auth_device.ip}\\]:%{NUMBER:json.auth_device.port}$" - - "^%{IPV6NOCOMPRESS:json.auth_device.ip}:%{NUMBER:json.auth_device.port}$" - - "^%{IPV6:json.auth_device.ip}%{IPV6PORTSEP}%{NUMBER:json.auth_device.port}$" - - "^%{IPV6:json.auth_device.ip}%{IPV6PORTSEP}%{POSINT:json.auth_device.port}$" + - "^%{IPV4:json.auth_device.ip}:%{PORT:json.auth_device.port}$" + - "^\\[%{IPV6:json.auth_device.ip}\\]:%{PORT:json.auth_device.port}$" + - "^%{IPV6NOCOMPRESS:json.auth_device.ip}:%{PORT:json.auth_device.port}$" + - "^%{IPV6:json.auth_device.ip}%{IPV6PORTSEP}%{PORT:json.auth_device.port}$" pattern_definitions: IPV6NOCOMPRESS: '([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}' IPV6PORTSEP: '(?: port |[p#.])' + PORT: '[0-9]+' ignore_missing: true ignore_failure: true - convert: diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 897945822e3..6dfe08a634f 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: 1.1.5 +version: 1.1.6 license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration From a2e1a3a3fc1c9e05aefea4f568e0297c79969eb4 Mon Sep 17 00:00:00 2001 From: yug-elastic <96041884+yug-elastic@users.noreply.github.com> Date: Fri, 22 Apr 2022 14:31:10 +0530 Subject: [PATCH 15/23] [apache_spark][driver] Add Apache Spark package with Driver data stream (#2945) * Add driver data stream for Apache Spark * Add entry to CODEOWNERS * Drop/group required fields as per review comments * Resolve review comments and add system tests * Modify system tests as per review comments * Update docker compose version * Update the Docker image reference to a specific SHA --- .../apache_spark/_dev/build/docs/README.md | 8 + .../deploy/docker/application/wordcount.py | 20 +- packages/apache_spark/changelog.yml | 3 + .../_dev/test/system/test-metric-config.yml | 7 + .../driver/agent/stream/stream.yml.hbs | 289 +++++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 44 +++ .../data_stream/driver/fields/base-fields.yml | 12 + .../data_stream/driver/fields/ecs.yml | 12 + .../data_stream/driver/fields/fields.yml | 294 ++++++++++++++++++ .../data_stream/driver/manifest.yml | 30 ++ .../data_stream/driver/sample_event.json | 73 +++++ packages/apache_spark/docs/README.md | 169 ++++++++++ 12 files changed, 948 insertions(+), 13 deletions(-) create mode 100644 packages/apache_spark/data_stream/driver/_dev/test/system/test-metric-config.yml create mode 100644 packages/apache_spark/data_stream/driver/agent/stream/stream.yml.hbs create mode 100644 packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/apache_spark/data_stream/driver/fields/base-fields.yml create mode 100644 packages/apache_spark/data_stream/driver/fields/ecs.yml create mode 100644 packages/apache_spark/data_stream/driver/fields/fields.yml create mode 100644 packages/apache_spark/data_stream/driver/manifest.yml create mode 100644 packages/apache_spark/data_stream/driver/sample_event.json diff --git a/packages/apache_spark/_dev/build/docs/README.md b/packages/apache_spark/_dev/build/docs/README.md index e2cfa137065..aac25d6949d 100644 --- a/packages/apache_spark/_dev/build/docs/README.md +++ b/packages/apache_spark/_dev/build/docs/README.md @@ -77,3 +77,11 @@ This is the `nodes` data stream. {{event "nodes"}} {{fields "nodes"}} + +### Driver + +This is the `driver` data stream. + +{{event "driver"}} + +{{fields "driver"}} diff --git a/packages/apache_spark/_dev/deploy/docker/application/wordcount.py b/packages/apache_spark/_dev/deploy/docker/application/wordcount.py index 7c299ef1b59..b3fee0f48c1 100644 --- a/packages/apache_spark/_dev/deploy/docker/application/wordcount.py +++ b/packages/apache_spark/_dev/deploy/docker/application/wordcount.py @@ -29,22 +29,16 @@ print("Usage: wordcount ", file=sys.stderr) sys.exit(-1) - spark = SparkSession\ - .builder\ - .master(sys.argv[2])\ - .appName("PythonWordCount")\ - .getOrCreate() - + spark = SparkSession.builder.master(sys.argv[2]).appName("PythonWordCount").getOrCreate() + t_end = time.time() + 60 * 15 # Run loop for 15 mins while time.time() < t_end: - lines = spark.read.text(sys.argv[1]).rdd.map(lambda r: r[0]) - counts = lines.flatMap(lambda x: x.split(' ')) \ - .map(lambda x: (x, 1)) \ - .reduceByKey(add) - output = counts.collect() - for (word, count) in output: - print("%s: %i" % (word, count)) + lines = spark.read.text(sys.argv[1]).rdd.map(lambda r: r[0]) + counts = lines.flatMap(lambda x: x.split(" ")).map(lambda x: (x, 1)).reduceByKey(add) + output = counts.collect() + for (word, count) in output: + print("%s: %i" % (word, count)) spark.stop() diff --git a/packages/apache_spark/changelog.yml b/packages/apache_spark/changelog.yml index 041b6bcffe0..de065af8ee6 100644 --- a/packages/apache_spark/changelog.yml +++ b/packages/apache_spark/changelog.yml @@ -2,6 +2,9 @@ - version: "0.1.0" changes: + - description: Implement "driver" data stream + type: enhancement + link: https://github.com/elastic/integrations/pull/2945 - description: Implement "application" data stream type: enhancement link: https://github.com/elastic/integrations/pull/2941 diff --git a/packages/apache_spark/data_stream/driver/_dev/test/system/test-metric-config.yml b/packages/apache_spark/data_stream/driver/_dev/test/system/test-metric-config.yml new file mode 100644 index 00000000000..116c8e5e704 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/_dev/test/system/test-metric-config.yml @@ -0,0 +1,7 @@ +vars: ~ +data_stream: + vars: + hosts: + - http://apache-spark-main:{{Ports.[1]}} + path: + - /jolokia/?ignoreErrors=true&canonicalNaming=false diff --git a/packages/apache_spark/data_stream/driver/agent/stream/stream.yml.hbs b/packages/apache_spark/data_stream/driver/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9d8a2fe3a75 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/agent/stream/stream.yml.hbs @@ -0,0 +1,289 @@ +metricsets: ["jmx"] +namespace: "metrics" +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +path: {{path}} +period: {{period}} +jmx.mappings: + - mbean: 'metrics:name=*.driver.appStatus.jobDuration,type=gauges' + attributes: + - attr: Value + field: driver.job_duration + - mbean: 'metrics:name=*.driver.appStatus.jobs.failedJobs,type=counters' + attributes: + - attr: Count + field: driver.jobs.failed + - mbean: 'metrics:name=*.driver.appStatus.jobs.succeededJobs,type=counters' + attributes: + - attr: Count + field: driver.jobs.succeeded + - mbean: 'metrics:name=*.driver.appStatus.stages.completedStages,type=counters' + attributes: + - attr: Count + field: driver.stages.completed_count + - mbean: 'metrics:name=*.driver.appStatus.stages.failedStages,type=counters' + attributes: + - attr: Count + field: driver.stages.failed_count + - mbean: 'metrics:name=*.driver.appStatus.stages.skippedStages,type=counters' + attributes: + - attr: Count + field: driver.stages.skipped_count + - mbean: 'metrics:name=*.driver.appStatus.tasks.blackListedExecutors,type=counters' + attributes: + - attr: Count + field: driver.tasks.executors.black_listed + - mbean: 'metrics:name=*.driver.appStatus.tasks.completedTasks,type=counters' + attributes: + - attr: Count + field: driver.tasks.completed + - mbean: 'metrics:name=*.driver.appStatus.tasks.excludedExecutors,type=counters' + attributes: + - attr: Count + field: driver.tasks.executors.excluded + - mbean: 'metrics:name=*.driver.appStatus.tasks.failedTasks,type=counters' + attributes: + - attr: Count + field: driver.tasks.failed + - mbean: 'metrics:name=*.driver.appStatus.tasks.killedTasks,type=counters' + attributes: + - attr: Count + field: driver.tasks.killed + - mbean: 'metrics:name=*.driver.appStatus.tasks.skippedTasks,type=counters' + attributes: + - attr: Count + field: driver.tasks.skipped + - mbean: 'metrics:name=*.driver.appStatus.tasks.unblackListedExecutors,type=counters' + attributes: + - attr: Count + field: driver.tasks.executors.unblack_listed + - mbean: 'metrics:name=*.driver.appStatus.tasks.unexcludedExecutors,type=counters' + attributes: + - attr: Count + field: driver.tasks.executors.unexcluded + - mbean: 'metrics:name=*.driver.BlockManager.disk.diskSpaceUsed_MB,type=gauges' + attributes: + - attr: Value + field: driver.disk.space_used + - mbean: 'metrics:name=*.driver.BlockManager.memory.maxMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.max_mem + - mbean: 'metrics:name=*.driver.BlockManager.memory.maxOffHeapMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.off_heap.max + - mbean: 'metrics:name=*.driver.BlockManager.memory.maxOnHeapMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.on_heap.max + - mbean: 'metrics:name=*.driver.BlockManager.memory.memUsed_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.used + - mbean: 'metrics:name=*.driver.BlockManager.memory.offHeapMemUsed_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.off_heap.used + - mbean: 'metrics:name=*.driver.BlockManager.memory.onHeapMemUsed_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.on_heap.used + - mbean: 'metrics:name=*.driver.BlockManager.memory.remainingMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.remaining + - mbean: 'metrics:name=*.driver.BlockManager.memory.remainingOffHeapMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.off_heap.remaining + - mbean: 'metrics:name=*.driver.BlockManager.memory.remainingOnHeapMem_MB,type=gauges' + attributes: + - attr: Value + field: driver.memory.on_heap.remaining + - mbean: 'metrics:name=*.driver.DAGScheduler.job.activeJobs,type=gauges' + attributes: + - attr: Value + field: driver.dag_scheduler.job.active + - mbean: 'metrics:name=*.driver.DAGScheduler.job.allJobs,type=gauges' + attributes: + - attr: Value + field: driver.dag_scheduler.job.all + - mbean: 'metrics:name=*.driver.DAGScheduler.stage.failedStages,type=gauges' + attributes: + - attr: Value + field: driver.dag_scheduler.stages.failed + - mbean: 'metrics:name=*.driver.DAGScheduler.stage.runningStages,type=gauges' + attributes: + - attr: Value + field: driver.dag_scheduler.stages.running + - mbean: 'metrics:name=*.driver.DAGScheduler.stage.waitingStages,type=gauges' + attributes: + - attr: Value + field: driver.dag_scheduler.stages.waiting + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberAllExecutors,type=gauges' + attributes: + - attr: Value + field: driver.executors.all + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsDecommissionUnfinished,type=counters' + attributes: + - attr: Count + field: driver.executors.decommission_unfinished + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsExitedUnexpectedly,type=counters' + attributes: + - attr: Count + field: driver.executors.exited_unexpectedly + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsGracefullyDecommissioned,type=counters' + attributes: + - attr: Count + field: driver.executors.gracefully_decommissioned + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsKilledByDriver,type=counters' + attributes: + - attr: Count + field: driver.executors.killed_by_driver + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsPendingToRemove,type=gauges' + attributes: + - attr: Value + field: driver.executors.pending_to_remove + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberExecutorsToAdd,type=gauges' + attributes: + - attr: Value + field: driver.executors.to_add + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberMaxNeededExecutors,type=gauges' + attributes: + - attr: Value + field: driver.executors.max_needed + - mbean: 'metrics:name=*.driver.ExecutorAllocationManager.executors.numberTargetExecutors,type=gauges' + attributes: + - attr: Value + field: driver.executors.target + - mbean: 'metrics:name=*.driver.ExecutorMetrics.DirectPoolMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.memory.direct_pool + - mbean: 'metrics:name=*.driver.ExecutorMetrics.JVMHeapMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.memory.jvm.heap + - mbean: 'metrics:name=*.driver.ExecutorMetrics.JVMOffHeapMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.memory.jvm.off_heap + - mbean: 'metrics:name=*.driver.ExecutorMetrics.MappedPoolMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.memory.mapped_pool + - mbean: 'metrics:name=*.driver.ExecutorMetrics.MajorGCCount,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.gc.major.count + - mbean: 'metrics:name=*.driver.ExecutorMetrics.MajorGCTime,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.gc.major.time + - mbean: 'metrics:name=*.driver.ExecutorMetrics.MinorGCCount,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.gc.minor.count + - mbean: 'metrics:name=*.driver.ExecutorMetrics.MinorGCTime,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.gc.minor.time + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OffHeapExecutionMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.off.execution + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OffHeapStorageMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.off.storage + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OffHeapUnifiedMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.off.unified + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OnHeapExecutionMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.on.execution + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OnHeapStorageMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.on.storage + - mbean: 'metrics:name=*.driver.ExecutorMetrics.OnHeapUnifiedMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.heap_memory.on.unified + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreeJVMRSSMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.jvm.rss_memory + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreeJVMVMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.jvm.v_memory + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreeOtherRSSMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.other.rss_memory + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreeOtherVMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.other.v_memory + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreePythonRSSMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.python.rss_memory + - mbean: 'metrics:name=*.driver.ExecutorMetrics.ProcessTreePythonVMemory,type=gauges' + attributes: + - attr: Value + field: driver.executor_metrics.process_tree.python.v_memory + - mbean: 'metrics:name=*.driver.HiveExternalCatalog.fileCacheHits,type=counters' + attributes: + - attr: Count + field: driver.hive_external_catalog.file_cache_hits + - mbean: 'metrics:name=*.driver.HiveExternalCatalog.filesDiscovered,type=counters' + attributes: + - attr: Count + field: driver.hive_external_catalog.files_discovered + - mbean: 'metrics:name=*.driver.HiveExternalCatalog.hiveClientCalls,type=counters' + attributes: + - attr: Count + field: driver.hive_external_catalog.hive_client_calls + - mbean: 'metrics:name=*.driver.HiveExternalCatalog.parallelListingJobCount,type=counters' + attributes: + - attr: Count + field: driver.hive_external_catalog.parallel_listing_job.count + - mbean: 'metrics:name=*.driver.HiveExternalCatalog.partitionsFetched,type=counters' + attributes: + - attr: Count + field: driver.hive_external_catalog.partitions_fetched + - mbean: 'metrics:name=*.driver.JVMCPU.jvmCpuTime,type=gauges' + attributes: + - attr: Value + field: driver.jvm.cpu.time + - mbean: 'metrics:name=*.driver.spark.streaming.*.states-rowsTotal,type=gauges' + attributes: + - attr: Value + field: driver.spark.streaming.states.rows.total + - mbean: 'metrics:name=*.driver.spark.streaming.*.processingRate-total,type=gauges' + attributes: + - attr: Value + field: driver.spark.streaming.processing_rate.total + - mbean: 'metrics:name=*.driver.spark.streaming.*.latency,type=gauges' + attributes: + - attr: Value + field: driver.spark.streaming.latency + - mbean: 'metrics:name=*.driver.spark.streaming.*.states-usedBytes,type=gauges' + attributes: + - attr: Value + field: driver.spark.streaming.states.used_bytes + - mbean: 'metrics:name=*.driver.spark.streaming.*.eventTime-watermark,type=gauges' + attributes: + - attr: Value + field: driver.spark.streaming.event_time.watermark + - mbean: 'metrics:name=*.driver.spark.streaming.*.inputRate-total,type=gauge' + attributes: + - attr: Value + field: driver.spark.streaming.input_rate.total diff --git a/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..d01ba2d1a43 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,44 @@ +--- +description: Pipeline for parsing Apache Spark driver metrics. +processors: + - set: + field: ecs.version + value: '8.1.0' + - rename: + field: jolokia.metrics + target_field: apache_spark + ignore_missing: true + - set: + field: event.type + value: info + - set: + field: event.kind + value: metric + - set: + field: event.module + value: apache_spark + - script: + lang: painless + description: This script will add the name of application under key 'driver/executor.application_name' and executor id under 'apache_spark.executor.id' + if: ctx?.apache_spark?.mbean?.contains("name=worker.") == false && + ctx?.apache_spark?.mbean?.contains("name=worker.") == false && + ctx?.apache_spark?.mbean?.contains("name=application.") == false + source: >- + def bean_name = ctx.apache_spark.mbean.toString().splitOnToken("=")[1]; + def app_name = bean_name.splitOnToken(".")[0]; + def executor_id = bean_name.splitOnToken(".")[1]; + if (executor_id == "driver") { + ctx.apache_spark.driver.application_name = app_name; + } else { + ctx.apache_spark.executors.application_name = app_name; + ctx.apache_spark.executors.id = executor_id; + } + - remove: + field: + - apache_spark.mbean + - jolokia + ignore_failure: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/apache_spark/data_stream/driver/fields/base-fields.yml b/packages/apache_spark/data_stream/driver/fields/base-fields.yml new file mode 100644 index 00000000000..e36d466bdd1 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/apache_spark/data_stream/driver/fields/ecs.yml b/packages/apache_spark/data_stream/driver/fields/ecs.yml new file mode 100644 index 00000000000..ded177ab1a7 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: event.kind +- external: ecs + name: event.type +- external: ecs + name: ecs.version +- external: ecs + name: tags +- external: ecs + name: service.address +- external: ecs + name: service.type diff --git a/packages/apache_spark/data_stream/driver/fields/fields.yml b/packages/apache_spark/data_stream/driver/fields/fields.yml new file mode 100644 index 00000000000..68c6737c7c6 --- /dev/null +++ b/packages/apache_spark/data_stream/driver/fields/fields.yml @@ -0,0 +1,294 @@ +- name: apache_spark + type: group + fields: + - name: driver + type: group + fields: + - name: application_name + type: keyword + description: Name of the application. + - name: job_duration + type: long + description: Duration of the job. + - name: jobs + type: group + fields: + - name: failed + type: long + description: Number of failed jobs. + - name: succeeded + type: long + description: Number of successful jobs. + - name: stages + type: group + fields: + - name: completed_count + type: long + description: Total number of completed stages. + - name: failed_count + type: long + description: Total number of failed stages. + - name: skipped_count + type: long + description: Total number of skipped stages. + - name: tasks + type: group + fields: + - name: completed + type: long + description: Number of completed tasks. + - name: executors + type: group + fields: + - name: black_listed + type: long + description: Number of blacklisted executors for the tasks. + - name: excluded + type: long + description: Number of excluded executors for the tasks. + - name: unblack_listed + type: long + description: Number of unblacklisted executors for the tasks. + - name: unexcluded + type: long + description: Number of unexcluded executors for the tasks. + - name: failed + type: long + description: Number of failed tasks. + - name: killed + type: long + description: Number of killed tasks. + - name: skipped + type: long + description: Number of skipped tasks. + - name: disk.space_used + type: long + description: Amount of the disk space utilized in MB. + - name: memory + type: group + fields: + - name: max_mem + type: long + description: Maximum amount of memory available for storage, in MB. + - name: off_heap + type: group + fields: + - name: max + type: long + description: Maximum amount of off heap memory available, in MB. + - name: used + type: long + description: Total amount of off heap memory used, in MB. + - name: remaining + type: long + description: Remaining amount of off heap memory, in MB. + - name: on_heap + type: group + fields: + - name: max + type: long + description: Maximum amount of on heap memory available, in MB. + - name: used + type: long + description: Total amount of on heap memory used, in MB. + - name: remaining + type: long + description: Remaining amount of on heap memory, in MB. + - name: used + type: long + description: Total amount of memory used for storage, in MB. + - name: remaining + type: long + description: Remaining amount of storage memory, in MB. + - name: dag_scheduler + type: group + fields: + - name: job + type: group + fields: + - name: active + type: long + description: Number of active jobs. + - name: all + type: long + description: Total number of jobs. + - name: stages + type: group + fields: + - name: failed + type: long + description: Number of failed stages. + - name: running + type: long + description: Number of running stages. + - name: waiting + type: long + description: Number of waiting stages + - name: executors + type: group + fields: + - name: all + type: long + description: Total number of executors. + - name: decommission_unfinished + type: long + description: Total number of decommissioned unfinished executors. + - name: exited_unexpectedly + type: long + description: Total number of executors exited unexpectedly. + - name: gracefully_decommissioned + type: long + description: Total number of executors gracefully decommissioned. + - name: killed_by_driver + type: long + description: Total number of executors killed by driver. + - name: pending_to_remove + type: long + description: Total number of executors pending to be removed. + - name: to_add + type: long + description: Total number of executors to be added. + - name: max_needed + type: long + description: Maximum number of executors needed. + - name: target + type: long + description: Total number of target executors. + - name: executor_metrics + type: group + fields: + - name: memory + type: group + fields: + - name: direct_pool + type: long + description: Peak memory that the JVM is using for direct buffer pool. + - name: jvm + type: group + fields: + - name: heap + type: long + description: Peak memory usage of the heap that is used for object allocation. + - name: off_heap + type: long + description: Peak memory usage of non-heap memory that is used by the Java virtual machine. + - name: mapped_pool + type: long + description: Peak memory that the JVM is using for mapped buffer pool + - name: gc + type: group + fields: + - name: major + type: group + fields: + - name: count + type: long + description: Total major GC count. For example, the garbage collector is one of MarkSweepCompact, PS MarkSweep, ConcurrentMarkSweep, G1 Old Generation and so on. + - name: time + type: long + description: Elapsed total major GC time. The value is expressed in milliseconds. + - name: minor + type: group + fields: + - name: count + type: long + description: Total minor GC count. For example, the garbage collector is one of Copy, PS Scavenge, ParNew, G1 Young Generation and so on. + - name: time + type: long + description: Elapsed total minor GC time. The value is expressed in milliseconds. + - name: heap_memory + type: group + fields: + - name: 'off' + type: group + fields: + - name: execution + type: long + description: Peak off heap execution memory in use, in bytes. + - name: storage + type: long + description: Peak off heap storage memory in use, in bytes. + - name: unified + type: long + description: Peak off heap memory (execution and storage). + - name: 'on' + type: group + fields: + - name: execution + type: long + description: Peak on heap execution memory in use, in bytes. + - name: storage + type: long + description: Peak on heap storage memory in use, in bytes. + - name: unified + type: long + description: Peak on heap memory (execution and storage). + - name: process_tree + type: group + fields: + - name: jvm + type: group + fields: + - name: rss_memory + type: long + description: 'Resident Set Size: number of pages the process has in real memory. This is just the pages which count toward text, data, or stack space. This does not include pages which have not been demand-loaded in, or which are swapped out.' + - name: v_memory + type: long + description: Virtual memory size in bytes. + - name: other + type: group + fields: + - name: rss_memory + type: long + - name: v_memory + type: long + - name: python + type: group + fields: + - name: rss_memory + type: long + - name: v_memory + type: long + - name: hive_external_catalog + type: group + fields: + - name: file_cache_hits + type: long + description: Total number of file cache hits. + - name: files_discovered + type: long + description: Total number of files discovered. + - name: hive_client_calls + type: long + description: Total number of Hive Client calls. + - name: parallel_listing_job.count + type: long + description: Number of jobs running parallely. + - name: partitions_fetched + type: long + description: Number of partitions fetched. + - name: jvm.cpu.time + type: long + description: Elapsed CPU time the JVM spent. + - name: spark.streaming + type: group + fields: + - name: states + type: group + fields: + - name: rows.total + type: long + description: Total number of rows. + - name: used_bytes + type: long + description: Total number of bytes utilized. + - name: processing_rate.total + type: double + description: Total rate of processing. + - name: latency + type: long + - name: event_time.watermark + type: long + - name: input_rate.total + type: double + description: Total rate of the input. diff --git a/packages/apache_spark/data_stream/driver/manifest.yml b/packages/apache_spark/data_stream/driver/manifest.yml new file mode 100644 index 00000000000..fbf713d0fcd --- /dev/null +++ b/packages/apache_spark/data_stream/driver/manifest.yml @@ -0,0 +1,30 @@ +title: Apache Spark driver metrics +type: metrics +streams: + - input: jolokia/metrics + title: Apache Spark driver metrics + description: Collect Apache Spark driver metrics using Jolokia agent. + vars: + - name: hosts + type: text + title: Hosts + multi: true + description: | + Full hosts for the Jolokia for Apache Spark (https://spark_main:jolokia_port). + required: true + show_user: true + - name: path + type: text + title: Path + multi: false + required: true + show_user: false + default: /jolokia/?ignoreErrors=true&canonicalNaming=false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + template_path: "stream.yml.hbs" diff --git a/packages/apache_spark/data_stream/driver/sample_event.json b/packages/apache_spark/data_stream/driver/sample_event.json new file mode 100644 index 00000000000..4cc75a71b6f --- /dev/null +++ b/packages/apache_spark/data_stream/driver/sample_event.json @@ -0,0 +1,73 @@ +{ + "@timestamp": "2022-04-06T09:28:29.830Z", + "agent": { + "ephemeral_id": "0136f072-d8da-429f-92f9-310435dbeb07", + "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "driver": { + "application_name": "app-20220406092805-0000", + "executor_metrics": { + "memory": { + "jvm": { + "heap": 288770488 + } + } + } + } + }, + "data_stream": { + "dataset": "apache_spark.driver", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.driver", + "duration": 51414715, + "ingested": "2022-04-06T09:28:33Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.80.7" + ], + "mac": [ + "02:42:c0:a8:50:07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-100-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7779/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} \ No newline at end of file diff --git a/packages/apache_spark/docs/README.md b/packages/apache_spark/docs/README.md index 9fc930f6d87..aafe7e50dbe 100644 --- a/packages/apache_spark/docs/README.md +++ b/packages/apache_spark/docs/README.md @@ -269,3 +269,172 @@ An example event for `nodes` looks as following: | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | tags | List of keywords used to tag each event. | keyword | + +### Driver + +This is the `driver` data stream. + +An example event for `driver` looks as following: + +```json +{ + "@timestamp": "2022-04-06T09:28:29.830Z", + "agent": { + "ephemeral_id": "0136f072-d8da-429f-92f9-310435dbeb07", + "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "driver": { + "application_name": "app-20220406092805-0000", + "executor_metrics": { + "memory": { + "jvm": { + "heap": 288770488 + } + } + } + } + }, + "data_stream": { + "dataset": "apache_spark.driver", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "b92a6ed6-a92c-4064-9b78-b3b21cab191c", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.driver", + "duration": 51414715, + "ingested": "2022-04-06T09:28:33Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.80.7" + ], + "mac": [ + "02:42:c0:a8:50:07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-100-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7779/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| apache_spark.driver.application_name | Name of the application. | keyword | +| apache_spark.driver.dag_scheduler.job.active | Number of active jobs. | long | +| apache_spark.driver.dag_scheduler.job.all | Total number of jobs. | long | +| apache_spark.driver.dag_scheduler.stages.failed | Number of failed stages. | long | +| apache_spark.driver.dag_scheduler.stages.running | Number of running stages. | long | +| apache_spark.driver.dag_scheduler.stages.waiting | Number of waiting stages | long | +| apache_spark.driver.disk.space_used | Amount of the disk space utilized in MB. | long | +| apache_spark.driver.executor_metrics.gc.major.count | Total major GC count. For example, the garbage collector is one of MarkSweepCompact, PS MarkSweep, ConcurrentMarkSweep, G1 Old Generation and so on. | long | +| apache_spark.driver.executor_metrics.gc.major.time | Elapsed total major GC time. The value is expressed in milliseconds. | long | +| apache_spark.driver.executor_metrics.gc.minor.count | Total minor GC count. For example, the garbage collector is one of Copy, PS Scavenge, ParNew, G1 Young Generation and so on. | long | +| apache_spark.driver.executor_metrics.gc.minor.time | Elapsed total minor GC time. The value is expressed in milliseconds. | long | +| apache_spark.driver.executor_metrics.heap_memory.off.execution | Peak off heap execution memory in use, in bytes. | long | +| apache_spark.driver.executor_metrics.heap_memory.off.storage | Peak off heap storage memory in use, in bytes. | long | +| apache_spark.driver.executor_metrics.heap_memory.off.unified | Peak off heap memory (execution and storage). | long | +| apache_spark.driver.executor_metrics.heap_memory.on.execution | Peak on heap execution memory in use, in bytes. | long | +| apache_spark.driver.executor_metrics.heap_memory.on.storage | Peak on heap storage memory in use, in bytes. | long | +| apache_spark.driver.executor_metrics.heap_memory.on.unified | Peak on heap memory (execution and storage). | long | +| apache_spark.driver.executor_metrics.memory.direct_pool | Peak memory that the JVM is using for direct buffer pool. | long | +| apache_spark.driver.executor_metrics.memory.jvm.heap | Peak memory usage of the heap that is used for object allocation. | long | +| apache_spark.driver.executor_metrics.memory.jvm.off_heap | Peak memory usage of non-heap memory that is used by the Java virtual machine. | long | +| apache_spark.driver.executor_metrics.memory.mapped_pool | Peak memory that the JVM is using for mapped buffer pool | long | +| apache_spark.driver.executor_metrics.process_tree.jvm.rss_memory | Resident Set Size: number of pages the process has in real memory. This is just the pages which count toward text, data, or stack space. This does not include pages which have not been demand-loaded in, or which are swapped out. | long | +| apache_spark.driver.executor_metrics.process_tree.jvm.v_memory | Virtual memory size in bytes. | long | +| apache_spark.driver.executor_metrics.process_tree.other.rss_memory | | long | +| apache_spark.driver.executor_metrics.process_tree.other.v_memory | | long | +| apache_spark.driver.executor_metrics.process_tree.python.rss_memory | | long | +| apache_spark.driver.executor_metrics.process_tree.python.v_memory | | long | +| apache_spark.driver.executors.all | Total number of executors. | long | +| apache_spark.driver.executors.decommission_unfinished | Total number of decommissioned unfinished executors. | long | +| apache_spark.driver.executors.exited_unexpectedly | Total number of executors exited unexpectedly. | long | +| apache_spark.driver.executors.gracefully_decommissioned | Total number of executors gracefully decommissioned. | long | +| apache_spark.driver.executors.killed_by_driver | Total number of executors killed by driver. | long | +| apache_spark.driver.executors.max_needed | Maximum number of executors needed. | long | +| apache_spark.driver.executors.pending_to_remove | Total number of executors pending to be removed. | long | +| apache_spark.driver.executors.target | Total number of target executors. | long | +| apache_spark.driver.executors.to_add | Total number of executors to be added. | long | +| apache_spark.driver.hive_external_catalog.file_cache_hits | Total number of file cache hits. | long | +| apache_spark.driver.hive_external_catalog.files_discovered | Total number of files discovered. | long | +| apache_spark.driver.hive_external_catalog.hive_client_calls | Total number of Hive Client calls. | long | +| apache_spark.driver.hive_external_catalog.parallel_listing_job.count | Number of jobs running parallely. | long | +| apache_spark.driver.hive_external_catalog.partitions_fetched | Number of partitions fetched. | long | +| apache_spark.driver.job_duration | Duration of the job. | long | +| apache_spark.driver.jobs.failed | Number of failed jobs. | long | +| apache_spark.driver.jobs.succeeded | Number of successful jobs. | long | +| apache_spark.driver.jvm.cpu.time | Elapsed CPU time the JVM spent. | long | +| apache_spark.driver.memory.max_mem | Maximum amount of memory available for storage, in MB. | long | +| apache_spark.driver.memory.off_heap.max | Maximum amount of off heap memory available, in MB. | long | +| apache_spark.driver.memory.off_heap.remaining | Remaining amount of off heap memory, in MB. | long | +| apache_spark.driver.memory.off_heap.used | Total amount of off heap memory used, in MB. | long | +| apache_spark.driver.memory.on_heap.max | Maximum amount of on heap memory available, in MB. | long | +| apache_spark.driver.memory.on_heap.remaining | Remaining amount of on heap memory, in MB. | long | +| apache_spark.driver.memory.on_heap.used | Total amount of on heap memory used, in MB. | long | +| apache_spark.driver.memory.remaining | Remaining amount of storage memory, in MB. | long | +| apache_spark.driver.memory.used | Total amount of memory used for storage, in MB. | long | +| apache_spark.driver.spark.streaming.event_time.watermark | | long | +| apache_spark.driver.spark.streaming.input_rate.total | Total rate of the input. | double | +| apache_spark.driver.spark.streaming.latency | | long | +| apache_spark.driver.spark.streaming.processing_rate.total | Total rate of processing. | double | +| apache_spark.driver.spark.streaming.states.rows.total | Total number of rows. | long | +| apache_spark.driver.spark.streaming.states.used_bytes | Total number of bytes utilized. | long | +| apache_spark.driver.stages.completed_count | Total number of completed stages. | long | +| apache_spark.driver.stages.failed_count | Total number of failed stages. | long | +| apache_spark.driver.stages.skipped_count | Total number of skipped stages. | long | +| apache_spark.driver.tasks.completed | Number of completed tasks. | long | +| apache_spark.driver.tasks.executors.black_listed | Number of blacklisted executors for the tasks. | long | +| apache_spark.driver.tasks.executors.excluded | Number of excluded executors for the tasks. | long | +| apache_spark.driver.tasks.executors.unblack_listed | Number of unblacklisted executors for the tasks. | long | +| apache_spark.driver.tasks.executors.unexcluded | Number of unexcluded executors for the tasks. | long | +| apache_spark.driver.tasks.failed | Number of failed tasks. | long | +| apache_spark.driver.tasks.killed | Number of killed tasks. | long | +| apache_spark.driver.tasks.skipped | Number of skipped tasks. | long | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| tags | List of keywords used to tag each event. | keyword | + From 47f7cf79cca4351faa59a219f26b791a306dde14 Mon Sep 17 00:00:00 2001 From: yug-elastic <96041884+yug-elastic@users.noreply.github.com> Date: Fri, 22 Apr 2022 15:56:29 +0530 Subject: [PATCH 16/23] [apache_spark][executor] Add Apache Spark package with Executor data stream (#2943) * Add executors data stream for Apache Spark * Update as per review comments * Add system test case and address review comments * Update README.md * Update the Docker image reference to a specific SHA * Change naming convention of datastream --- .../apache_spark/_dev/build/docs/README.md | 23 +- packages/apache_spark/changelog.yml | 3 + .../_dev/test/system/test-metric-config.yml | 7 + .../executor/agent/stream/stream.yml.hbs | 269 ++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 44 ++ .../executor/fields/base-fields.yml | 12 + .../data_stream/executor/fields/ecs.yml | 12 + .../data_stream/executor/fields/fields.yml | 301 ++++++++++++++ .../data_stream/executor/manifest.yml | 30 ++ .../data_stream/executor/sample_event.json | 72 ++++ packages/apache_spark/docs/README.md | 388 +++++++++++++----- 11 files changed, 1045 insertions(+), 116 deletions(-) create mode 100644 packages/apache_spark/data_stream/executor/_dev/test/system/test-metric-config.yml create mode 100644 packages/apache_spark/data_stream/executor/agent/stream/stream.yml.hbs create mode 100644 packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/apache_spark/data_stream/executor/fields/base-fields.yml create mode 100644 packages/apache_spark/data_stream/executor/fields/ecs.yml create mode 100644 packages/apache_spark/data_stream/executor/fields/fields.yml create mode 100644 packages/apache_spark/data_stream/executor/manifest.yml create mode 100644 packages/apache_spark/data_stream/executor/sample_event.json diff --git a/packages/apache_spark/_dev/build/docs/README.md b/packages/apache_spark/_dev/build/docs/README.md index aac25d6949d..80ae3d767a4 100644 --- a/packages/apache_spark/_dev/build/docs/README.md +++ b/packages/apache_spark/_dev/build/docs/README.md @@ -70,13 +70,6 @@ This is the `application` data stream. {{event "application"}} {{fields "application"}} -### Nodes - -This is the `nodes` data stream. - -{{event "nodes"}} - -{{fields "nodes"}} ### Driver @@ -85,3 +78,19 @@ This is the `driver` data stream. {{event "driver"}} {{fields "driver"}} + +### Executor + +This is the `executor` data stream. + +{{event "executor"}} + +{{fields "executor"}} + +### Nodes + +This is the `nodes` data stream. + +{{event "nodes"}} + +{{fields "nodes"}} diff --git a/packages/apache_spark/changelog.yml b/packages/apache_spark/changelog.yml index de065af8ee6..15bbfa0a8a6 100644 --- a/packages/apache_spark/changelog.yml +++ b/packages/apache_spark/changelog.yml @@ -2,6 +2,9 @@ - version: "0.1.0" changes: + - description: Implement "executor" data stream + type: enhancement + link: https://github.com/elastic/integrations/pull/2943 - description: Implement "driver" data stream type: enhancement link: https://github.com/elastic/integrations/pull/2945 diff --git a/packages/apache_spark/data_stream/executor/_dev/test/system/test-metric-config.yml b/packages/apache_spark/data_stream/executor/_dev/test/system/test-metric-config.yml new file mode 100644 index 00000000000..ff9506a7f16 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/_dev/test/system/test-metric-config.yml @@ -0,0 +1,7 @@ +vars: ~ +data_stream: + vars: + hosts: + - http://apache-spark-main:{{Ports.[2]}} + path: + - /jolokia/?ignoreErrors=true&canonicalNaming=false diff --git a/packages/apache_spark/data_stream/executor/agent/stream/stream.yml.hbs b/packages/apache_spark/data_stream/executor/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..79e64f63848 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/agent/stream/stream.yml.hbs @@ -0,0 +1,269 @@ +metricsets: ["jmx"] +namespace: "metrics" +hosts: +{{#each hosts}} + - {{this}} +{{/each}} +path: {{path}} +period: {{period}} +jmx.mappings: + - mbean: 'metrics:name=*.*.executor.bytesRead,type=counters' + attributes: + - attr: Count + field: executor.bytes.read + - mbean: 'metrics:name=*.*.executor.bytesWritten,type=counters' + attributes: + - attr: Count + field: executor.bytes.written + - mbean: 'metrics:name=*.*.ExecutorMetrics.DirectPoolMemory,type=gauges' + attributes: + - attr: Value + field: executor.memory.direct_pool + - mbean: 'metrics:name=*.*.executor.diskBytesSpilled,type=counters' + attributes: + - attr: Count + field: executor.disk_bytes_spilled + - mbean: 'metrics:name=*.*.HiveExternalCatalog.fileCacheHits,type=counters' + attributes: + - attr: Count + field: executor.file_cache_hits + - mbean: 'metrics:name=*.*.HiveExternalCatalog.filesDiscovered,type=counters' + attributes: + - attr: Count + field: executor.files_discovered + - mbean: 'metrics:name=*.*.executor.filesystem.file.largeRead_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.file.large_read_ops + - mbean: 'metrics:name=*.*.executor.filesystem.file.read_bytes,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.file.read_bytes + - mbean: 'metrics:name=*.*.executor.filesystem.file.read_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.file.read_ops + - mbean: 'metrics:name=*.*.executor.filesystem.file.write_bytes,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.file.write_bytes + - mbean: 'metrics:name=*.*.executor.filesystem.file.write_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.file.write_ops + - mbean: 'metrics:name=*.*.executor.filesystem.hdfs.largeRead_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.hdfs.large_read_ops + - mbean: 'metrics:name=*.*.executor.filesystem.hdfs.read_bytes,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.hdfs.read_bytes + - mbean: 'metrics:name=*.*.executor.filesystem.hdfs.read_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.hdfs.read_ops + - mbean: 'metrics:name=*.*.executor.filesystem.hdfs.write_bytes,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.hdfs.write_bytes + - mbean: 'metrics:name=*.*.executor.filesystem.hdfs.write_ops,type=gauges' + attributes: + - attr: Value + field: executor.filesystem.hdfs.write_ops + - mbean: 'metrics:name=*.*.HiveExternalCatalog.hiveClientCalls,type=counters' + attributes: + - attr: Count + field: executor.hive_client_calls + - mbean: 'metrics:name=*.*.JVMCPU.jvmCpuTime,type=gauges' + attributes: + - attr: Value + field: executor.jvm.cpu_time + - mbean: 'metrics:name=*.*.executor.jvmGCTime,type=counters' + attributes: + - attr: Count + field: executor.jvm.gc_time + - mbean: 'metrics:name=*.*.ExecutorMetrics.JVMHeapMemory,type=gauges' + attributes: + - attr: Value + field: executor.memory.jvm.heap + - mbean: 'metrics:name=*.*.ExecutorMetrics.JVMOffHeapMemory,type=gauges' + attributes: + - attr: Value + field: executor.memory.jvm.off_heap + - mbean: 'metrics:name=*.*.ExecutorMetrics.MajorGCCount,type=gauges' + attributes: + - attr: Value + field: executor.gc.major.count + - mbean: 'metrics:name=*.*.ExecutorMetrics.MajorGCTime,type=gauges' + attributes: + - attr: Value + field: executor.gc.major.time + - mbean: 'metrics:name=*.*.ExecutorMetrics.MappedPoolMemory,type=gauges' + attributes: + - attr: Value + field: executor.memory.mapped_pool + - mbean: 'metrics:name=*.*.executor.memoryBytesSpilled,type=counters' + attributes: + - attr: Count + field: executor.memory_bytes_spilled + - mbean: 'metrics:name=*.*.ExecutorMetrics.MinorGCCount,type=gauges' + attributes: + - attr: Value + field: executor.gc.minor.count + - mbean: 'metrics:name=*.*.ExecutorMetrics.MinorGCTime,type=gauges' + attributes: + - attr: Value + field: executor.gc.minor.time + - mbean: 'metrics:name=*.*.ExecutorMetrics.OffHeapExecutionMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.off.execution + - mbean: 'metrics:name=*.*.ExecutorMetrics.OffHeapStorageMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.off.storage + - mbean: 'metrics:name=*.*.ExecutorMetrics.OffHeapUnifiedMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.off.unified + - mbean: 'metrics:name=*.*.ExecutorMetrics.OnHeapExecutionMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.on.execution + - mbean: 'metrics:name=*.*.ExecutorMetrics.OnHeapStorageMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.on.storage + - mbean: 'metrics:name=*.*.ExecutorMetrics.OnHeapUnifiedMemory,type=gauges' + attributes: + - attr: Value + field: executor.heap_memory.on.unified + - mbean: 'metrics:name=*.*.HiveExternalCatalog.parallelListingJobCount,type=counters' + attributes: + - attr: Count + field: executor.parallel_listing_job_count + - mbean: 'metrics:name=*.*.HiveExternalCatalog.partitionsFetched,type=counters' + attributes: + - attr: Count + field: executor.partitions_fetched + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreeJVMRSSMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.jvm.rss_memory + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreeJVMVMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.jvm.v_memory + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreeOtherRSSMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.other.rss_memory + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreeOtherVMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.other.v_memory + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreePythonRSSMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.python.rss_memory + - mbean: 'metrics:name=*.*.ExecutorMetrics.ProcessTreePythonVMemory,type=gauges' + attributes: + - attr: Value + field: executor.process_tree.python.v_memory + - mbean: 'metrics:name=*.*.executor.recordsRead,type=counters' + attributes: + - attr: Count + field: executor.records.read + - mbean: 'metrics:name=*.*.executor.recordsWritten,type=counters' + attributes: + - attr: Count + field: executor.records.written + - mbean: 'metrics:name=*.*.executor.resultSerializationTime,type=counters' + attributes: + - attr: Count + field: executor.result.serialization_time + - mbean: 'metrics:name=*.*.executor.resultSize,type=counters' + attributes: + - attr: Count + field: executor.result.size + - mbean: 'metrics:name=*.*.executor.runTime,type=counters' + attributes: + - attr: Count + field: executor.run_time + - mbean: 'metrics:name=*.*.ExternalShuffle.shuffle-client.usedDirectMemory,type=gauges' + attributes: + - attr: Value + field: executor.shuffle.client.used.direct_memory + - mbean: 'metrics:name=*.*.ExternalShuffle.shuffle-client.usedHeapMemory,type=gauges' + attributes: + - attr: Value + field: executor.shuffle.client.used.heap_memory + - mbean: 'metrics:name=*.*.executor.shuffleBytesWritten,type=counters' + attributes: + - attr: Count + field: executor.shuffle.bytes_written + - mbean: 'metrics:name=*.*.executor.shuffleFetchWaitTime,type=counters' + attributes: + - attr: Count + field: executor.shuffle.fetch_wait_time + - mbean: 'metrics:name=*.*.executor.shuffleLocalBlocksFetched,type=counters' + attributes: + - attr: Count + field: executor.shuffle.local.blocks_fetched + - mbean: 'metrics:name=*.*.executor.shuffleLocalBytesRead,type=counters' + attributes: + - attr: Count + field: executor.shuffle.local.bytes_read + - mbean: 'metrics:name=*.*.executor.shuffleRecordsRead,type=counters' + attributes: + - attr: Count + field: executor.shuffle.records.read + - mbean: 'metrics:name=*.*.executor.shuffleRecordsWritten,type=counters' + attributes: + - attr: Count + field: executor.shuffle.records.written + - mbean: 'metrics:name=*.*.executor.shuffleRemoteBlocksFetched,type=counters' + attributes: + - attr: Count + field: executor.shuffle.remote.blocks_fetched + - mbean: 'metrics:name=*.*.executor.shuffleRemoteBytesRead,type=counters' + attributes: + - attr: Count + field: executor.shuffle.remote.bytes_read + - mbean: 'metrics:name=*.*.executor.shuffleRemoteBytesReadToDisk,type=counters' + attributes: + - attr: Count + field: executor.shuffle.remote.bytes_read_to_disk + - mbean: 'metrics:name=*.*.executor.shuffleTotalBytesRead,type=counters' + attributes: + - attr: Count + field: executor.shuffle.total.bytes_read + - mbean: 'metrics:name=*.*.executor.shuffleWriteTime,type=counters' + attributes: + - attr: Count + field: executor.shuffle.write.time + - mbean: 'metrics:name=*.*.executor.succeededTasks,type=counters' + attributes: + - attr: Count + field: executor.succeeded_tasks + - mbean: 'metrics:name=*.*.executor.threadpool.activeTasks,type=gauges' + attributes: + - attr: Value + field: executor.threadpool.active_tasks + - mbean: 'metrics:name=*.*.executor.threadpool.completeTasks,type=gauges' + attributes: + - attr: Value + field: executor.threadpool.complete_tasks + - mbean: 'metrics:name=*.*.executor.threadpool.currentPool_size,type=gauges' + attributes: + - attr: Value + field: executor.threadpool.current_pool_size + - mbean: 'metrics:name=*.*.executor.threadpool.maxPool_size,type=gauges' + attributes: + - attr: Value + field: executor.threadpool.max_pool_size + - mbean: 'metrics:name=*.*.executor.threadpool.startedTasks,type=gauges' + attributes: + - attr: Value + field: executor.threadpool.started_tasks \ No newline at end of file diff --git a/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..364a4dbf446 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,44 @@ +--- +description: Pipeline for parsing Apache Spark executor metrics. +processors: + - set: + field: ecs.version + value: '8.1.0' + - rename: + field: jolokia.metrics + target_field: apache_spark + ignore_missing: true + - set: + field: event.type + value: info + - set: + field: event.kind + value: metric + - set: + field: event.module + value: apache_spark + - script: + lang: painless + description: This script will add the name of application under key 'driver/executor.application_name' and executor id under 'apache_spark.executor.id' + if: ctx?.apache_spark?.mbean?.contains("name=worker.") == false && + ctx?.apache_spark?.mbean?.contains("name=worker.") == false && + ctx?.apache_spark?.mbean?.contains("name=application.") == false + source: >- + def bean_name = ctx.apache_spark.mbean.toString().splitOnToken("=")[1]; + def app_name = bean_name.splitOnToken(".")[0]; + def executor_id = bean_name.splitOnToken(".")[1]; + if (executor_id == "driver") { + ctx.apache_spark.driver.application_name = app_name; + } else { + ctx.apache_spark.executor.application_name = app_name; + ctx.apache_spark.executor.id = executor_id; + } + - remove: + field: + - apache_spark.mbean + - jolokia + ignore_failure: true +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/apache_spark/data_stream/executor/fields/base-fields.yml b/packages/apache_spark/data_stream/executor/fields/base-fields.yml new file mode 100644 index 00000000000..e36d466bdd1 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/apache_spark/data_stream/executor/fields/ecs.yml b/packages/apache_spark/data_stream/executor/fields/ecs.yml new file mode 100644 index 00000000000..ded177ab1a7 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: event.kind +- external: ecs + name: event.type +- external: ecs + name: ecs.version +- external: ecs + name: tags +- external: ecs + name: service.address +- external: ecs + name: service.type diff --git a/packages/apache_spark/data_stream/executor/fields/fields.yml b/packages/apache_spark/data_stream/executor/fields/fields.yml new file mode 100644 index 00000000000..d8071ed598e --- /dev/null +++ b/packages/apache_spark/data_stream/executor/fields/fields.yml @@ -0,0 +1,301 @@ +- name: apache_spark + type: group + fields: + - name: executor + type: group + fields: + - name: application_name + type: keyword + description: Name of application. + - name: id + type: keyword + description: ID of executor. + - name: bytes + type: group + fields: + - name: read + type: long + description: Total number of bytes read. + - name: written + type: long + description: Total number of bytes written. + - name: memory + type: group + fields: + - name: direct_pool + type: long + description: Peak memory that the JVM is using for direct buffer pool. + - name: jvm + type: group + fields: + - name: heap + type: long + description: Peak memory usage of the heap that is used for object allocation. + - name: off_heap + type: long + description: Peak memory usage of non-heap memory that is used by the Java virtual machine. + - name: mapped_pool + type: long + description: Peak memory that the JVM is using for mapped buffer pool + - name: gc + type: group + fields: + - name: major + type: group + fields: + - name: count + type: long + description: Total major GC count. For example, the garbage collector is one of MarkSweepCompact, PS MarkSweep, ConcurrentMarkSweep, G1 Old Generation and so on. + - name: time + type: long + description: Elapsed total major GC time. The value is expressed in milliseconds. + - name: minor + type: group + fields: + - name: count + type: long + description: Total minor GC count. For example, the garbage collector is one of Copy, PS Scavenge, ParNew, G1 Young Generation and so on. + - name: time + type: long + description: Elapsed total minor GC time. The value is expressed in milliseconds. + - name: heap_memory + type: group + fields: + - name: off + type: group + fields: + - name: execution + type: long + description: Peak off heap execution memory in use, in bytes. + - name: storage + type: long + description: Peak off heap storage memory in use, in bytes. + - name: unified + type: long + description: Peak off heap memory (execution and storage). + - name: on + type: group + fields: + - name: execution + type: long + description: Peak on heap execution memory in use, in bytes. + - name: storage + type: long + description: Peak on heap storage memory in use, in bytes. + - name: unified + type: long + description: Peak on heap memory (execution and storage). + - name: disk_bytes_spilled + type: long + description: Total number of disk bytes spilled. + - name: file_cache_hits + type: long + description: Total number of file cache hits. + - name: files_discovered + type: long + description: Total number of files discovered. + - name: filesystem + type: group + fields: + - name: file + type: group + fields: + - name: large_read_ops + type: long + description: Total number of large read operations from the files. + - name: read_bytes + type: long + description: Total number of bytes read from the files. + - name: read_ops + type: long + description: Total number of read operations from the files. + - name: write_bytes + type: long + description: Total number of bytes written from the files. + - name: write_ops + type: long + description: Total number of write operations from the files. + - name: hdfs + type: group + fields: + - name: large_read_ops + type: long + description: Total number of large read operations from HDFS. + - name: read_bytes + type: long + description: Total number of read bytes from HDFS. + - name: read_ops + type: long + description: Total number of read operations from HDFS. + - name: write_bytes + type: long + description: Total number of write bytes from HDFS. + - name: write_ops + type: long + description: Total number of write operations from HDFS. + - name: generated_class_size + type: long + description: Size of the class generated. + - name: generated_method_size + type: long + description: Size of the method generated. + - name: hive_client_calls + type: long + description: Total number of Hive Client calls. + - name: jvm + type: group + fields: + - name: cpu_time + type: long + description: Elapsed CPU time the JVM spent. + - name: gc_time + type: long + description: Elapsed time the JVM spent in garbage collection while executing this task. + - name: memory_bytes_spilled + type: long + description: The number of in-memory bytes spilled by this task. + - name: parallel_listing_job_count + type: long + description: Number of jobs running parallely. + - name: partitions_fetched + type: long + description: Number of partitions fetched. + - name: process_tree + type: group + fields: + - name: jvm + type: group + fields: + - name: rss_memory + type: long + description: >- + Resident Set Size: number of pages the process has in real memory. This is just the pages which count toward text, data, or stack space. This does not include pages which have not been demand-loaded in, or which are swapped out. + - name: v_memory + type: long + description: Virtual memory size in bytes. + - name: other + type: group + fields: + - name: rss_memory + type: long + description: Resident Set Size for other kind of process. + - name: v_memory + type: long + description: Virtual memory size for other kind of process in bytes. + - name: python + type: group + fields: + - name: rss_memory + type: long + description: Resident Set Size for Python. + - name: v_memory + type: long + description: Virtual memory size for Python in bytes. + - name: records + type: group + fields: + - name: read + type: long + description: Total number of records read. + - name: written + type: long + description: Total number of records written. + - name: result + type: group + fields: + - name: size + type: long + description: The number of bytes this task transmitted back to the driver as the TaskResult. + - name: serialization_time + type: long + description: Elapsed time spent serializing the task result. The value is expressed in milliseconds. + - name: run_time + type: long + description: Elapsed time in the running this task + - name: shuffle + type: group + fields: + - name: client.used + type: group + fields: + - name: direct_memory + type: long + description: Amount of direct memory used by the shuffle client. + - name: heap_memory + type: long + description: Amount of heap memory used by the shuffle client. + - name: server.used + type: group + fields: + - name: direct_memory + type: long + description: Amount of direct memory used by the shuffle server. + - name: heap_memory + type: long + description: Amount of heap memory used by the shuffle server. + - name: bytes_written + type: long + description: Number of bytes written in shuffle operations. + - name: fetch_wait_time + type: long + description: Time the task spent waiting for remote shuffle blocks. + - name: local + type: group + fields: + - name: blocks_fetched + type: long + description: Number of local (as opposed to read from a remote executor) blocks fetched in shuffle operations. + - name: bytes_read + type: long + description: Number of bytes read in shuffle operations from local disk (as opposed to read from a remote executor). + - name: records + type: group + fields: + - name: read + type: long + description: Number of records read in shuffle operations. + - name: written + type: long + description: Number of records written in shuffle operations. + - name: remote + type: group + fields: + - name: blocks_fetched + type: long + description: Number of remote blocks fetched in shuffle operations. + - name: bytes_read + type: long + description: Number of remote bytes read in shuffle operations. + - name: bytes_read_to_disk + type: long + description: Number of remote bytes read to disk in shuffle operations. Large blocks are fetched to disk in shuffle read operations, as opposed to being read into memory, which is the default behavior. + - name: total.bytes_read + type: long + description: Number of bytes read in shuffle operations (both local and remote) + - name: write.time + type: long + description: Time spent blocking on writes to disk or buffer cache. The value is expressed in nanoseconds. + - name: source_code_size + type: long + description: The total size of the source code. + - name: succeeded_tasks + type: long + description: The number of tasks succeeded. + - name: threadpool + type: group + fields: + - name: active_tasks + type: long + description: Number of tasks currently executing. + - name: complete_tasks + type: long + description: Number of tasks that have completed in this executor. + - name: current_pool_size + type: long + description: The size of the current thread pool of the executor. + - name: max_pool_size + type: long + description: The maximum size of the thread pool of the executor. + - name: started_tasks + type: long + description: The number of tasks started in the thread pool of the executor. diff --git a/packages/apache_spark/data_stream/executor/manifest.yml b/packages/apache_spark/data_stream/executor/manifest.yml new file mode 100644 index 00000000000..df27e364b70 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/manifest.yml @@ -0,0 +1,30 @@ +title: Apache Spark executor metrics +type: metrics +streams: + - input: jolokia/metrics + title: Apache Spark executor metrics + description: Collect Apache Spark executor metrics using Jolokia agent. + vars: + - name: hosts + type: text + title: Hosts + multi: true + description: | + Full hosts for the Jolokia for Apache Spark (https://spark_main:jolokia_port). + required: true + show_user: true + - name: path + type: text + title: Path + multi: false + required: true + show_user: false + default: /jolokia/?ignoreErrors=true&canonicalNaming=false + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + template_path: "stream.yml.hbs" diff --git a/packages/apache_spark/data_stream/executor/sample_event.json b/packages/apache_spark/data_stream/executor/sample_event.json new file mode 100644 index 00000000000..3340376f325 --- /dev/null +++ b/packages/apache_spark/data_stream/executor/sample_event.json @@ -0,0 +1,72 @@ +{ + "@timestamp": "2022-04-11T08:29:56.056Z", + "agent": { + "ephemeral_id": "c7d892ac-3b23-471c-80e4-041490eaab8d", + "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "executor": { + "application_name": "app-20220411082945-0000", + "gc": { + "major": { + "count": 0 + } + }, + "id": "0" + } + }, + "data_stream": { + "dataset": "apache_spark.executor", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.executor", + "duration": 32964497, + "ingested": "2022-04-11T08:29:59Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "172.23.0.7" + ], + "mac": [ + "02:42:ac:17:00:07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-107-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7780/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} \ No newline at end of file diff --git a/packages/apache_spark/docs/README.md b/packages/apache_spark/docs/README.md index aafe7e50dbe..42910979066 100644 --- a/packages/apache_spark/docs/README.md +++ b/packages/apache_spark/docs/README.md @@ -160,115 +160,6 @@ An example event for `application` looks as following: | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | tags | List of keywords used to tag each event. | keyword | -### Nodes - -This is the `nodes` data stream. - -An example event for `nodes` looks as following: - -```json -{ - "@timestamp": "2022-04-04T10:53:20.597Z", - "agent": { - "ephemeral_id": "1a8a01d7-f619-4c9c-8528-af2b6792d9c0", - "id": "4e4e07c4-a787-4988-a436-5c373d54738a", - "name": "docker-fleet-agent", - "type": "metricbeat", - "version": "8.1.0" - }, - "apache_spark": { - "nodes": { - "main": { - "applications": { - "count": 0, - "waiting": 0 - }, - "workers": { - "alive": 0, - "count": 0 - } - } - } - }, - "data_stream": { - "dataset": "apache_spark.nodes", - "namespace": "ep", - "type": "metrics" - }, - "ecs": { - "version": "8.1.0" - }, - "elastic_agent": { - "id": "4e4e07c4-a787-4988-a436-5c373d54738a", - "snapshot": false, - "version": "8.1.0" - }, - "event": { - "agent_id_status": "verified", - "dataset": "apache_spark.nodes", - "duration": 6157145, - "ingested": "2022-04-04T10:53:24Z", - "kind": "metric", - "module": "apache_spark", - "type": "info" - }, - "host": { - "architecture": "x86_64", - "containerized": true, - "hostname": "docker-fleet-agent", - "ip": [ - "192.168.64.7" - ], - "mac": [ - "02:42:c0:a8:40:07" - ], - "name": "docker-fleet-agent", - "os": { - "codename": "focal", - "family": "debian", - "kernel": "5.4.0-100-generic", - "name": "Ubuntu", - "platform": "ubuntu", - "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" - } - }, - "jolokia": {}, - "metricset": { - "name": "jmx", - "period": 60000 - }, - "service": { - "address": "http://apache-spark-main:7777/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", - "type": "jolokia" - } -} -``` - -**Exported fields** - -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| apache_spark.nodes.main.applications.count | Total number of apps. | long | -| apache_spark.nodes.main.applications.waiting | Number of apps waiting. | long | -| apache_spark.nodes.main.workers.alive | Number of alive workers. | long | -| apache_spark.nodes.main.workers.count | Total number of workers. | long | -| apache_spark.nodes.worker.cores.free | Number of cores free. | long | -| apache_spark.nodes.worker.cores.used | Number of cores used. | long | -| apache_spark.nodes.worker.executors | Number of executors. | long | -| apache_spark.nodes.worker.memory.free | Number of cores free. | long | -| apache_spark.nodes.worker.memory.used | Amount of memory utilized in MB. | long | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | -| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | -| tags | List of keywords used to tag each event. | keyword | - ### Driver @@ -438,3 +329,282 @@ An example event for `driver` looks as following: | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | tags | List of keywords used to tag each event. | keyword | + +### Executor + +This is the `executor` data stream. + +An example event for `executor` looks as following: + +```json +{ + "@timestamp": "2022-04-11T08:29:56.056Z", + "agent": { + "ephemeral_id": "c7d892ac-3b23-471c-80e4-041490eaab8d", + "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "executor": { + "application_name": "app-20220411082945-0000", + "gc": { + "major": { + "count": 0 + } + }, + "id": "0" + } + }, + "data_stream": { + "dataset": "apache_spark.executor", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "c5e2a51e-e10a-4561-9861-75b38aa09f4b", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.executor", + "duration": 32964497, + "ingested": "2022-04-11T08:29:59Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "172.23.0.7" + ], + "mac": [ + "02:42:ac:17:00:07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-107-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7780/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| apache_spark.executor.application_name | Name of application. | keyword | +| apache_spark.executor.bytes.read | Total number of bytes read. | long | +| apache_spark.executor.bytes.written | Total number of bytes written. | long | +| apache_spark.executor.disk_bytes_spilled | Total number of disk bytes spilled. | long | +| apache_spark.executor.file_cache_hits | Total number of file cache hits. | long | +| apache_spark.executor.files_discovered | Total number of files discovered. | long | +| apache_spark.executor.filesystem.file.large_read_ops | Total number of large read operations from the files. | long | +| apache_spark.executor.filesystem.file.read_bytes | Total number of bytes read from the files. | long | +| apache_spark.executor.filesystem.file.read_ops | Total number of read operations from the files. | long | +| apache_spark.executor.filesystem.file.write_bytes | Total number of bytes written from the files. | long | +| apache_spark.executor.filesystem.file.write_ops | Total number of write operations from the files. | long | +| apache_spark.executor.filesystem.hdfs.large_read_ops | Total number of large read operations from HDFS. | long | +| apache_spark.executor.filesystem.hdfs.read_bytes | Total number of read bytes from HDFS. | long | +| apache_spark.executor.filesystem.hdfs.read_ops | Total number of read operations from HDFS. | long | +| apache_spark.executor.filesystem.hdfs.write_bytes | Total number of write bytes from HDFS. | long | +| apache_spark.executor.filesystem.hdfs.write_ops | Total number of write operations from HDFS. | long | +| apache_spark.executor.gc.major.count | Total major GC count. For example, the garbage collector is one of MarkSweepCompact, PS MarkSweep, ConcurrentMarkSweep, G1 Old Generation and so on. | long | +| apache_spark.executor.gc.major.time | Elapsed total major GC time. The value is expressed in milliseconds. | long | +| apache_spark.executor.gc.minor.count | Total minor GC count. For example, the garbage collector is one of Copy, PS Scavenge, ParNew, G1 Young Generation and so on. | long | +| apache_spark.executor.gc.minor.time | Elapsed total minor GC time. The value is expressed in milliseconds. | long | +| apache_spark.executor.generated_class_size | Size of the class generated. | long | +| apache_spark.executor.generated_method_size | Size of the method generated. | long | +| apache_spark.executor.heap_memory.off.execution | Peak off heap execution memory in use, in bytes. | long | +| apache_spark.executor.heap_memory.off.storage | Peak off heap storage memory in use, in bytes. | long | +| apache_spark.executor.heap_memory.off.unified | Peak off heap memory (execution and storage). | long | +| apache_spark.executor.heap_memory.on.execution | Peak on heap execution memory in use, in bytes. | long | +| apache_spark.executor.heap_memory.on.storage | Peak on heap storage memory in use, in bytes. | long | +| apache_spark.executor.heap_memory.on.unified | Peak on heap memory (execution and storage). | long | +| apache_spark.executor.hive_client_calls | Total number of Hive Client calls. | long | +| apache_spark.executor.id | ID of executor. | keyword | +| apache_spark.executor.jvm.cpu_time | Elapsed CPU time the JVM spent. | long | +| apache_spark.executor.jvm.gc_time | Elapsed time the JVM spent in garbage collection while executing this task. | long | +| apache_spark.executor.memory.direct_pool | Peak memory that the JVM is using for direct buffer pool. | long | +| apache_spark.executor.memory.jvm.heap | Peak memory usage of the heap that is used for object allocation. | long | +| apache_spark.executor.memory.jvm.off_heap | Peak memory usage of non-heap memory that is used by the Java virtual machine. | long | +| apache_spark.executor.memory.mapped_pool | Peak memory that the JVM is using for mapped buffer pool | long | +| apache_spark.executor.memory_bytes_spilled | The number of in-memory bytes spilled by this task. | long | +| apache_spark.executor.parallel_listing_job_count | Number of jobs running parallely. | long | +| apache_spark.executor.partitions_fetched | Number of partitions fetched. | long | +| apache_spark.executor.process_tree.jvm.rss_memory | Resident Set Size: number of pages the process has in real memory. This is just the pages which count toward text, data, or stack space. This does not include pages which have not been demand-loaded in, or which are swapped out. | long | +| apache_spark.executor.process_tree.jvm.v_memory | Virtual memory size in bytes. | long | +| apache_spark.executor.process_tree.other.rss_memory | Resident Set Size for other kind of process. | long | +| apache_spark.executor.process_tree.other.v_memory | Virtual memory size for other kind of process in bytes. | long | +| apache_spark.executor.process_tree.python.rss_memory | Resident Set Size for Python. | long | +| apache_spark.executor.process_tree.python.v_memory | Virtual memory size for Python in bytes. | long | +| apache_spark.executor.records.read | Total number of records read. | long | +| apache_spark.executor.records.written | Total number of records written. | long | +| apache_spark.executor.result.serialization_time | Elapsed time spent serializing the task result. The value is expressed in milliseconds. | long | +| apache_spark.executor.result.size | The number of bytes this task transmitted back to the driver as the TaskResult. | long | +| apache_spark.executor.run_time | Elapsed time in the running this task | long | +| apache_spark.executor.shuffle.bytes_written | Number of bytes written in shuffle operations. | long | +| apache_spark.executor.shuffle.client.used.direct_memory | Amount of direct memory used by the shuffle client. | long | +| apache_spark.executor.shuffle.client.used.heap_memory | Amount of heap memory used by the shuffle client. | long | +| apache_spark.executor.shuffle.fetch_wait_time | Time the task spent waiting for remote shuffle blocks. | long | +| apache_spark.executor.shuffle.local.blocks_fetched | Number of local (as opposed to read from a remote executor) blocks fetched in shuffle operations. | long | +| apache_spark.executor.shuffle.local.bytes_read | Number of bytes read in shuffle operations from local disk (as opposed to read from a remote executor). | long | +| apache_spark.executor.shuffle.records.read | Number of records read in shuffle operations. | long | +| apache_spark.executor.shuffle.records.written | Number of records written in shuffle operations. | long | +| apache_spark.executor.shuffle.remote.blocks_fetched | Number of remote blocks fetched in shuffle operations. | long | +| apache_spark.executor.shuffle.remote.bytes_read | Number of remote bytes read in shuffle operations. | long | +| apache_spark.executor.shuffle.remote.bytes_read_to_disk | Number of remote bytes read to disk in shuffle operations. Large blocks are fetched to disk in shuffle read operations, as opposed to being read into memory, which is the default behavior. | long | +| apache_spark.executor.shuffle.server.used.direct_memory | Amount of direct memory used by the shuffle server. | long | +| apache_spark.executor.shuffle.server.used.heap_memory | Amount of heap memory used by the shuffle server. | long | +| apache_spark.executor.shuffle.total.bytes_read | Number of bytes read in shuffle operations (both local and remote) | long | +| apache_spark.executor.shuffle.write.time | Time spent blocking on writes to disk or buffer cache. The value is expressed in nanoseconds. | long | +| apache_spark.executor.source_code_size | The total size of the source code. | long | +| apache_spark.executor.succeeded_tasks | The number of tasks succeeded. | long | +| apache_spark.executor.threadpool.active_tasks | Number of tasks currently executing. | long | +| apache_spark.executor.threadpool.complete_tasks | Number of tasks that have completed in this executor. | long | +| apache_spark.executor.threadpool.current_pool_size | The size of the current thread pool of the executor. | long | +| apache_spark.executor.threadpool.max_pool_size | The maximum size of the thread pool of the executor. | long | +| apache_spark.executor.threadpool.started_tasks | The number of tasks started in the thread pool of the executor. | long | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| tags | List of keywords used to tag each event. | keyword | + + +### Nodes + +This is the `nodes` data stream. + +An example event for `nodes` looks as following: + +```json +{ + "@timestamp": "2022-04-04T10:53:20.597Z", + "agent": { + "ephemeral_id": "1a8a01d7-f619-4c9c-8528-af2b6792d9c0", + "id": "4e4e07c4-a787-4988-a436-5c373d54738a", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "apache_spark": { + "nodes": { + "main": { + "applications": { + "count": 0, + "waiting": 0 + }, + "workers": { + "alive": 0, + "count": 0 + } + } + } + }, + "data_stream": { + "dataset": "apache_spark.nodes", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "4e4e07c4-a787-4988-a436-5c373d54738a", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "apache_spark.nodes", + "duration": 6157145, + "ingested": "2022-04-04T10:53:24Z", + "kind": "metric", + "module": "apache_spark", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.64.7" + ], + "mac": [ + "02:42:c0:a8:40:07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.4.0-100-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "jolokia": {}, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://apache-spark-main:7777/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "type": "jolokia" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| apache_spark.nodes.main.applications.count | Total number of apps. | long | +| apache_spark.nodes.main.applications.waiting | Number of apps waiting. | long | +| apache_spark.nodes.main.workers.alive | Number of alive workers. | long | +| apache_spark.nodes.main.workers.count | Total number of workers. | long | +| apache_spark.nodes.worker.cores.free | Number of cores free. | long | +| apache_spark.nodes.worker.cores.used | Number of cores used. | long | +| apache_spark.nodes.worker.executors | Number of executors. | long | +| apache_spark.nodes.worker.memory.free | Number of cores free. | long | +| apache_spark.nodes.worker.memory.used | Amount of memory utilized in MB. | long | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| tags | List of keywords used to tag each event. | keyword | + From 2c4a768c37181a4d9c51a5c5254ddf8780db62b3 Mon Sep 17 00:00:00 2001 From: Vinit Chauhan <89848047+vinit-elastic@users.noreply.github.com> Date: Sat, 23 Apr 2022 09:26:06 +0530 Subject: [PATCH 17/23] [cisco_ise] Add Cisco ISE package (#2855) Generated the skeleton of the Cisco ISE integration package. Added a data stream. Added data collection logic to the data stream. Added the ingest pipeline for the data stream. Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files Added dashboards and visualizations. Added test for pipeline for the data stream. Added system test cases for the data stream. Co-authored-by: Darshan Lukhi Co-authored-by: Andrew Kroh --- .github/CODEOWNERS | 1 + packages/cisco_ise/_dev/build/build.yml | 3 + packages/cisco_ise/_dev/build/docs/README.md | 36 + .../_dev/deploy/docker/docker-compose.yml | 14 + .../_dev/deploy/docker/sample_logs/log.log | 124 + packages/cisco_ise/changelog.yml | 6 + .../_dev/test/pipeline/test-common-config.yml | 3 + .../pipeline/test-pipeline-ad-connector.log | 13 + ...st-pipeline-ad-connector.log-expected.json | 859 +++++ ...e-administrative-and-operational-audit.log | 33 + ...ve-and-operational-audit.log-expected.json | 2675 +++++++++++++++ ...peline-authentication-flow-diagnostics.log | 10 + ...ication-flow-diagnostics.log-expected.json | 1028 ++++++ .../test-pipeline-failed-attempts.log | 7 + ...pipeline-failed-attempts.log-expected.json | 1235 +++++++ .../test/pipeline/test-pipeline-guest.log | 5 + .../test-pipeline-guest.log-expected.json | 352 ++ ...t-pipeline-identity-stores-diagnostics.log | 17 + ...ntity-stores-diagnostics.log-expected.json | 1371 ++++++++ ...peline-internal-operations-diagnostics.log | 6 + ...l-operations-diagnostics.log-expected.json | 370 ++ .../pipeline/test-pipeline-my-devices.log | 4 + ...test-pipeline-my-devices.log-expected.json | 338 ++ .../test-pipeline-passed-authentications.log | 5 + ...e-passed-authentications.log-expected.json | 639 ++++ .../test-pipeline-policy-diagnostics.log | 8 + ...eline-policy-diagnostics.log-expected.json | 778 +++++ ...line-posture-client-provisioning-audit.log | 2 + ...lient-provisioning-audit.log-expected.json | 139 + .../test-pipeline-radius-accounting.log | 3 + ...peline-radius-accounting.log-expected.json | 391 +++ .../test-pipeline-radius-diagnostics.log | 27 + ...eline-radius-diagnostics.log-expected.json | 3032 +++++++++++++++++ .../test-pipeline-system-statistics.log | 6 + ...peline-system-statistics.log-expected.json | 602 ++++ .../test-pipeline-tacacs-accounting.log | 4 + ...peline-tacacs-accounting.log-expected.json | 621 ++++ .../test-pipeline-threat-centric-nac.log | 4 + ...eline-threat-centric-nac.log-expected.json | 241 ++ .../log/_dev/test/system/test-tcp-config.yml | 8 + .../log/_dev/test/system/test-udp-config.yml | 8 + .../data_stream/log/agent/stream/tcp.yml.hbs | 18 + .../data_stream/log/agent/stream/udp.yml.hbs | 15 + .../elasticsearch/ingest_pipeline/default.yml | 139 + .../ingest_pipeline/pipeline_ad_connector.yml | 139 + ...e_administrative_and_operational_audit.yml | 340 ++ ...peline_authentication_flow_diagnostics.yml | 166 + .../pipeline_failed_attempts.yml | 424 +++ .../ingest_pipeline/pipeline_guest.yml | 112 + .../pipeline_identity_stores_diagnostics.yml | 154 + ...peline_internal_operations_diagnostics.yml | 81 + .../ingest_pipeline/pipeline_mydevices.yml | 136 + .../pipeline_passed_authentications.yml | 394 +++ .../pipeline_policy_diagnostics.yml | 143 + ..._posture_and_client_provisioning_audit.yml | 72 + .../pipeline_radius_accounting.yml | 249 ++ .../pipeline_radius_diagnostics.yml | 235 ++ .../pipeline_system_statistics.yml | 189 + .../pipeline_tacacs_accounting.yml | 245 ++ .../pipeline_threat_centric_nac.yml | 78 + .../data_stream/log/fields/agent.yml | 186 + .../data_stream/log/fields/base-fields.yml | 20 + .../cisco_ise/data_stream/log/fields/ecs.yml | 46 + .../data_stream/log/fields/fields.yml | 831 +++++ .../cisco_ise/data_stream/log/manifest.yml | 63 + .../data_stream/log/sample_event.json | 184 + packages/cisco_ise/docs/README.md | 498 +++ packages/cisco_ise/img/cisco-ise-logo.svg | 41 + .../cisco_ise/img/cisco-ise-screenshot.png | Bin 0 -> 19634 bytes packages/cisco_ise/img/cisco-ise-setup.png | Bin 0 -> 23433 bytes ...-04d54380-a100-11ec-a0a2-1598702abf83.json | 213 ++ ...-1eaf5e30-a114-11ec-a0a2-1598702abf83.json | 155 + ...-2506b030-a100-11ec-a0a2-1598702abf83.json | 148 + ...-92227880-a0ff-11ec-a0a2-1598702abf83.json | 350 ++ ...-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json | 474 +++ ...-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json | 303 ++ ...-d320a780-a0ff-11ec-a0a2-1598702abf83.json | 196 ++ ...-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json | 98 + ...-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json | 81 + ...-39e47010-a09b-11ec-a0a2-1598702abf83.json | 111 + ...-47c77dc0-a065-11ec-a0a2-1598702abf83.json | 69 + ...-5f739b70-a0a6-11ec-a0a2-1598702abf83.json | 44 + ...-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json | 63 + ...-d1ba7b80-a075-11ec-a0a2-1598702abf83.json | 83 + ...-eecf4510-a058-11ec-a0a2-1598702abf83.json | 69 + ...-f681d1f0-a09f-11ec-a0a2-1598702abf83.json | 81 + ...-012b7990-a0f9-11ec-a0a2-1598702abf83.json | 149 + ...-027d6310-a0fb-11ec-a0a2-1598702abf83.json | 71 + ...-050c3630-a0f9-11ec-a0a2-1598702abf83.json | 89 + ...-06ba9790-a0fb-11ec-a0a2-1598702abf83.json | 71 + ...-0750e560-a2c2-11ec-a0a2-1598702abf83.json | 77 + ...-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json | 149 + ...-0b577980-a2c2-11ec-a0a2-1598702abf83.json | 34 + ...-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json | 71 + ...-2228ff30-a2c2-11ec-a0a2-1598702abf83.json | 85 + ...-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json | 85 + ...-3153bf90-a2c2-11ec-a0a2-1598702abf83.json | 85 + ...-34024e70-a0f9-11ec-a0a2-1598702abf83.json | 71 + ...-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json | 71 + ...-581310d0-a0fc-11ec-a0a2-1598702abf83.json | 71 + ...-59f3a390-a0ef-11ec-a0a2-1598702abf83.json | 82 + ...-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json | 78 + ...-61fad860-a0ef-11ec-a0a2-1598702abf83.json | 78 + ...-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json | 85 + ...-65d46910-a0ef-11ec-a0a2-1598702abf83.json | 79 + ...-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json | 71 + ...-6d984060-a0fc-11ec-a0a2-1598702abf83.json | 85 + ...-6e302580-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-73fafee0-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-78c07630-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-80d71450-a0fa-11ec-a0a2-1598702abf83.json | 149 + ...-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json | 149 + ...-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json | 71 + ...-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json | 149 + ...-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json | 85 + ...-8dad8470-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-941348d0-a0fb-11ec-a0a2-1598702abf83.json | 90 + ...-944f35d0-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-984ddab0-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-9fe20260-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-a3da4930-a0fb-11ec-a0a2-1598702abf83.json | 89 + ...-af96b550-a502-11ec-ab9d-4b8e737a22d9.json | 89 + ...-b4f66430-a0f9-11ec-a0a2-1598702abf83.json | 71 + ...-b963a960-a0f9-11ec-a0a2-1598702abf83.json | 71 + ...-bee544c0-a0f9-11ec-a0a2-1598702abf83.json | 85 + ...-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-d6278da0-a0f9-11ec-a0a2-1598702abf83.json | 85 + ...-e419b180-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-e959b000-a0fa-11ec-a0a2-1598702abf83.json | 85 + ...-f03a5110-a0f8-11ec-a0a2-1598702abf83.json | 71 + ...-f0977a50-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json | 89 + ...-f5a39790-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-f8c64640-a0f8-11ec-a0a2-1598702abf83.json | 71 + ...-fb519a20-a0fa-11ec-a0a2-1598702abf83.json | 71 + ...-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json | 71 + ...-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json | 85 + packages/cisco_ise/manifest.yml | 98 + 140 files changed, 27318 insertions(+) create mode 100644 packages/cisco_ise/_dev/build/build.yml create mode 100644 packages/cisco_ise/_dev/build/docs/README.md create mode 100644 packages/cisco_ise/_dev/deploy/docker/docker-compose.yml create mode 100644 packages/cisco_ise/_dev/deploy/docker/sample_logs/log.log create mode 100644 packages/cisco_ise/changelog.yml create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/system/test-tcp-config.yml create mode 100644 packages/cisco_ise/data_stream/log/_dev/test/system/test-udp-config.yml create mode 100644 packages/cisco_ise/data_stream/log/agent/stream/tcp.yml.hbs create mode 100644 packages/cisco_ise/data_stream/log/agent/stream/udp.yml.hbs create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml create mode 100644 packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml create mode 100644 packages/cisco_ise/data_stream/log/fields/agent.yml create mode 100644 packages/cisco_ise/data_stream/log/fields/base-fields.yml create mode 100644 packages/cisco_ise/data_stream/log/fields/ecs.yml create mode 100644 packages/cisco_ise/data_stream/log/fields/fields.yml create mode 100644 packages/cisco_ise/data_stream/log/manifest.yml create mode 100644 packages/cisco_ise/data_stream/log/sample_event.json create mode 100644 packages/cisco_ise/docs/README.md create mode 100644 packages/cisco_ise/img/cisco-ise-logo.svg create mode 100644 packages/cisco_ise/img/cisco-ise-screenshot.png create mode 100644 packages/cisco_ise/img/cisco-ise-setup.png create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/search/cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json create mode 100644 packages/cisco_ise/manifest.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 20ec01ed9d0..9599facd4e1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -35,6 +35,7 @@ /packages/cisco_duo @elastic/security-external-integrations /packages/cisco_ftd @elastic/security-external-integrations /packages/cisco_ios @elastic/security-external-integrations +/packages/cisco_ise @elastic/security-external-integrations /packages/cisco @elastic/security-external-integrations /packages/cisco_meraki @elastic/security-external-integrations /packages/cisco_nexus @elastic/security-external-integrations diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml new file mode 100644 index 00000000000..809e76063e9 --- /dev/null +++ b/packages/cisco_ise/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: git@8.0 diff --git a/packages/cisco_ise/_dev/build/docs/README.md b/packages/cisco_ise/_dev/build/docs/README.md new file mode 100644 index 00000000000..a2c19747c5d --- /dev/null +++ b/packages/cisco_ise/_dev/build/docs/README.md @@ -0,0 +1,36 @@ +# Cisco ISE + +The Cisco ISE integration collects and parses data from [Cisco Identity Services Engine](https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html) (ISE) using TCP/UDP. + +## Compatibility + +This module has been tested against `Cisco ISE server version 3.1.0.518`. + +## Requirements + +- Enable the integration with the TCP/UDP input. +- Sign in to Cisco ISE Portal. +- Configure Remote Syslog Collection Locations. + - **Procedure** + 1. In Cisco ISE Administrator Portal, go to **Administration** > **System** > **Logging** > **Remote Logging Targets**. + 2. Click **Add**. + ![Cisco ISE server setup image](../img/cisco-ise-setup.png) + 3. Enter all the **Required Details**. + 4. Set the maximum length to **8192**. + 5. Click **Submit**. + 6. Go to the **Remote Logging Targets** page and verify the creation of the new target. + +## Note +- It is recommended to have **8192** as Maximum Message Length. Segmentation for certain logs coming from Cisco ISE might cause issues with field mappings. + +## Logs + +Reference link for Cisco ISE Syslog: [Here](https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html) + +### log + +This is the `log` dataset. + +{{event "log"}} + +{{fields "log"}} \ No newline at end of file diff --git a/packages/cisco_ise/_dev/deploy/docker/docker-compose.yml b/packages/cisco_ise/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 00000000000..05b786cd0f7 --- /dev/null +++ b/packages/cisco_ise/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,14 @@ +version: '2.3' +services: + cisco_ise-log-tcp: + image: docker.elastic.co/observability/stream:v0.6.2 + volumes: + - ./sample_logs:/sample_logs:ro + entrypoint: /bin/bash + command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9025 -p=tcp /sample_logs/log.log" + cisco_ise-log-udp: + image: docker.elastic.co/observability/stream:v0.6.2 + volumes: + - ./sample_logs:/sample_logs:ro + entrypoint: /bin/bash + command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9026 -p=udp /sample_logs/log.log" diff --git a/packages/cisco_ise/_dev/deploy/docker/sample_logs/log.log b/packages/cisco_ise/_dev/deploy/docker/sample_logs/log.log new file mode 100644 index 00000000000..f262a548d7f --- /dev/null +++ b/packages/cisco_ise/_dev/deploy/docker/sample_logs/log.log @@ -0,0 +1,124 @@ +<180>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083094 1 0 2022-03-03 10:42:25.842 +00:00 0000083161 25012 WARN AD-Connector: Domain join failed, AD-Admin=ise.host.local, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Error-Details=The user account is invalid, AD-Forest=host.local, AD-Hostname=cisco-ise-host@host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/47, AD-Organization-Unit=, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:43:05 isenode CISE_AD_Connector 0000041246 1 0 2022-03-03 10:43:05.020 +00:00 0000041292 25013 INFO AD-Connector: Domain leave succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Hostname=isenode1, AD-IP-Address=89.160.20.156, AD-Log-Id=1645707128/8, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:43:05 isenode CISE_AD_Connector 0000041242 1 0 2022-03-03 10:43:05.018 +00:00 0000041288 25015 INFO AD-Connector: DNS SRV query succeeded, AD-Domain=host.local, AD-Log-Id=1645707128/4, AD-Srv-Query=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local, AD-Srv-Record=host.local\, 81.2.69.1431.98, AD-Srv-Record=host.local\, 89.160.20.156, AD-Srv-Record=host.local\, 81.2.69.1431.94, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083074 1 0 2022-03-03 10:40:58.891 +00:00 0000083141 25016 ERROR AD-Connector: DNS SRV query failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/37, AD-Srv-Query=_ldap._tcp.dc._msdcs.89.160.20.112, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083091 1 0 2022-03-03 10:42:25.835 +00:00 0000083158 25017 INFO AD-Connector: DC discovery succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/44, AD-Site=Default-First-Site-Name, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083075 1 0 2022-03-03 10:40:58.892 +00:00 0000083142 25018 ERROR AD-Connector: DC discovery failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/38, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083093 1 0 2022-03-03 10:42:25.837 +00:00 0000083160 25033 INFO AD-Connector: DNS A/AAAA query succeeded, AD-Domain-Controller=host.local., AD-Hostname=host.local., AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/46, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083092 1 0 2022-03-03 10:42:25.835 +00:00 0000083159 25037 INFO AD-Connector: DC record cached, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/45, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083089 1 0 2022-03-03 10:42:25.835 +00:00 0000083156 25041 INFO AD-Connector: ISE Server site discovered, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645524126/42, AD-Site=Default-First-Site-Name, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083076 1 0 2022-03-03 10:40:58.892 +00:00 0000083143 25046 ERROR AD-Connector: Joined domain is unavailable, AD-Domain=89.160.20.112, AD-Log-Id=1645524126/39, +<181>Mar 3 06:43:59 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000081797 1 0 2022-03-03 06:43:59.935 +00:00 0000081864 51001 NOTICE Administrator-Login: Administrator authentication succeeded, ConfigVersionId=1598, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=Administrator authentication successful, +<181>Mar 3 08:25:58 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000082275 1 0 2022-03-03 08:25:58.063 +00:00 0000082342 51002 NOTICE Administrator-Login: Administrator logged off, ConfigVersionId=1615, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=User logged out, +<181>Mar 3 08:06:28 isehost CISE_Administrative_and_Operational_Audit 0000082182 1 0 2022-03-03 08:06:28.020 +00:00 0000082249 51020 NOTICE Administrator-Login: Administrator authentication failed. Login username does not exist., ConfigVersionId=1610, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=INVALID, OperationMessageText=User not found, +<181>Mar 3 08:46:56 isehost CISE_Administrative_and_Operational_Audit 0000082385 1 0 2022-03-03 08:46:56.310 +00:00 0000082452 51021 NOTICE Administrator-Login: Administrator authentication failed. Wrong password., ConfigVersionId=1624, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=someadmin, +<181>Mar 3 08:30:08 isehost CISE_Administrative_and_Operational_Audit 0000040579 1 0 2022-03-03 08:30:08.728 +00:00 0000040625 52000 NOTICE Configuration-Changes: Added configuration, ConfigVersionId=786, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Object created:\,Port = 9005\,IP Address = 10.0.14.137\,Facility Code = LOCAL6\,Length = 1024\,Description = QA TCP Collector\,Include Alarms = FALSE\,status = ENABLED\,Buffer Message = FALSE\,Buffer Size = 100\,Reconnect Timeout = 30\,, ObjectType=UPSLogTarget, ObjectName=TCP Collector QA, +<181>Mar 3 09:05:16 isehost CISE_Administrative_and_Operational_Audit 0000082478 1 0 2022-03-03 09:05:16.475 +00:00 0000082545 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1626, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminSession=ProfilerSession, AdminName=someadmin, ConfigChangeData=NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser, +<181>Mar 3 11:58:35 ise204 CISE_Administrative_and_Operational_Audit 0000083550 1 0 2022-03-03 11:58:35.811 +00:00 0000083617 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1698, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=admin, ConfigChangeData=object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d, +<181>Mar 3 01:04:02 isehost CISE_Administrative_and_Operational_Audit 0000080239 1 0 2022-03-03 01:04:02.331 +00:00 0000080306 60067 NOTICE FeedService: Profiler Feed Service - automatic download intitiated, ConfigVersionId=1553, OperationMessageText={FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler}, +<181>Mar 3 01:04:06 isehost CISE_Administrative_and_Operational_Audit 0000080240 1 0 2022-03-03 01:04:06.254 +00:00 0000080307 60070 NOTICE FeedService: Profiler Feed Service - No Profiles Downloaded, ConfigVersionId=1553, +<181>Mar 3 09:24:13 isehost CISE_Administrative_and_Operational_Audit 0000082652 1 0 2022-03-03 09:24:13.263 +00:00 0000082719 60078 NOTICE MyDevices: MyDevices user has successfully authenticated, ConfigVersionId=1628, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35, +<181>Mar 3 00:00:00 isehost CISE_Administrative_and_Operational_Audit 0000079938 1 0 2022-03-03 00:00:00.478 +00:00 0000080005 60456 NOTICE System-Management: Started CRL/OCSP periodic certificate check, ConfigVersionId=1543, AdminIPAddress=10.0.9.204, AdminName=system, +<181>Mar 3 00:01:01 isehost CISE_Administrative_and_Operational_Audit 0000079946 1 0 2022-03-03 00:01:01.464 +00:00 0000080013 60461 NOTICE System-Management: Account disabled due to user level date expiry, ConfigVersionId=1545, AdminInterface=Internal, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, OperationMessageText=Account employee10 is disabled, AcsInstance=isehost.local, +<181>Mar 3 09:06:23 isehost CISE_Administrative_and_Operational_Audit 0000040765 1 0 2022-03-03 09:06:23.123 +00:00 0000040810 61025 NOTICE EAP-TLS: Open secure connection with TLS peer, ConfigVersionId=794, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection created from 10.0.9.204:42863 to 169.254.2.3:5671, AcsInstance=isehost, +<181>Mar 3 09:08:33 isehost CISE_Administrative_and_Operational_Audit 0000082499 1 0 2022-03-03 09:08:33.981 +00:00 0000082565 61026 NOTICE EAP-TLS: Shutdown secure connection with TLS peer, ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost, +<181>Mar 3 09:25:05 isehost CISE_Administrative_and_Operational_Audit 0000082666 1 0 2022-03-03 09:25:05.100 +00:00 0000082733 61077 NOTICE MyDevices: MyDevices has been successfully logged out, ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35, +<181>Mar 3 08:31:21 isehost CISE_Administrative_and_Operational_Audit 0000082306 1 0 2022-03-03 08:31:21.075 +00:00 0000082373 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\, Log Severity Level = DEBUG\,Local Logging = enable\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories "Passed Authentications" has been edited successfully., +<181>Mar 10 11:04:19 isehost CISE_Administrative_and_Operational_Audit 0000130002 1 0 2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90, +<181>Mar 11 07:20:28 isehost CISE_Administrative_and_Operational_Audit 0000093200 1 0 2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost, +<181>Mar 10 05:25:13 isehost CISE_Administrative_and_Operational_Audit 0000128314 1 0 2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost, +<181>Mar 10 05:24:16 isehost CISE_Administrative_and_Operational_Audit 0000128311 1 0 2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost, +<181>Mar 9 19:00:42 isehost CISE_Administrative_and_Operational_Audit 0000083172 1 0 2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost, +<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116964 1 0 2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost, +<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116963 1 0 2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, +<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116901 1 0 2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost, +<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116902 1 0 2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, +<181>Mar 8 12:14:39 isehost CISE_Administrative_and_Operational_Audit 0000116896 1 0 2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost, +<183>Mar 3 09:22:59 ise204 CISE_Authentication_Flow_Diagnostics 0000082628 1 0 2022-03-03 09:22:59.360 +00:00 0000082695 22016 DEBUG Workflow: Identity sequence completed iterating the IDStores, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:24:13 ise204 CISE_Authentication_Flow_Diagnostics 0000082651 1 0 2022-03-03 09:24:13.238 +00:00 0000082718 22037 DEBUG Workflow: Authentication Passed, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth20, Response={AuthenticationResult=Passed; }, +<182>Mar 3 09:22:51 ise204 CISE_Authentication_Flow_Diagnostics 0000082605 1 0 2022-03-03 09:22:51.639 +00:00 0000082672 22040 INFO Authentication: Wrong password or invalid shared secret, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth18, Response={AuthenticationResult=Failed; }, +<183>Mar 3 09:22:59 ise204 CISE_Authentication_Flow_Diagnostics 0000082629 1 0 2022-03-03 09:22:59.360 +00:00 0000082696 22056 DEBUG Workflow: Subject not found in the applicable identity store(s), ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth19, Response={AuthenticationResult=UnknownUser; }, +<182>Mar 3 09:22:51 ise204 CISE_Authentication_Flow_Diagnostics 0000082606 1 0 2022-03-03 09:22:51.639 +00:00 0000082673 22057 INFO Workflow: The advanced option that is configured for a failed authentication request is used, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/110, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth18, Response={AuthenticationResult=Failed; }, +<182>Mar 3 09:22:59 ise204 CISE_Authentication_Flow_Diagnostics 0000082630 1 0 2022-03-03 09:22:59.361 +00:00 0000082697 22058 INFO Workflow: The advanced option that is configured for an unknown user is used, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth19, Response={AuthenticationResult=UnknownUser; }, +<182>Mar 3 11:37:34 ise204 CISE_Authentication_Flow_Diagnostics 0000083415 1 0 2022-03-03 11:37:34.928 +00:00 0000083482 22060 INFO Workflow: The 'Continue' advanced option is configured in case of a failed authentication request, ConfigVersionId=1696, DestinationIPAddress=10.0.9.204, UserName=92-09-00-00-00-01, NAS-IP-Address=10.0.14.108, Calling-Station-ID=92:09:00:00:00:01, OriginalUserName=92-09-00-00-00-01, AcsSessionID=ise204/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Endpoints, WorkflowIfUserNotFound=Continue, WorkflowIfProcessError=Drop, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; AuthenticationAction=Continue; }, +<182>Mar 3 09:22:59 ise204 CISE_Authentication_Flow_Diagnostics 0000082631 1 0 2022-03-03 09:22:59.361 +00:00 0000082698 22061 INFO Workflow: The 'Reject' advanced option is configured in case of a failed authentication request, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth19, Response={AuthenticationResult=UnknownUser; AuthenticationAction=Reject; }, +<182>Mar 3 09:24:13 ise204 CISE_Authentication_Flow_Diagnostics 0000082647 1 0 2022-03-03 09:24:13.235 +00:00 0000082714 22072 INFO Authentication: Selected identity source sequence, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/115, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, CPMSessionID=ise204:userauth20, +<181>Mar 2 09:09:13 cisco-ise-host CISE_Failed_Attempts 0000075134 1 0 2022-03-02 09:09:13.790 +00:00 0000075201 5405 NOTICE Failed-Attempt: RADIUS Request dropped, ConfigVersionId=1364, Device IP Address=81.2.69.193, Device Port=42946, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/47, FailureReason=11036 The Message-Authenticator RADIUS attribute is invalid, Step=11001, Step=11017, Step=11036, Step=5405, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 10:36:16 cisco-ise-host CISE_Failed_Attempts 0000075876 1 0 2022-03-02 10:36:16.136 +00:00 0000075943 5411 NOTICE Failed-Attempt: Supplicant stopped responding to ISE, ConfigVersionId=1381, RadiusPacketType=Drop, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testnac1, AcsSessionID=cisco-ise-host/435083133/80, SelectedAccessService=Default Network Access, RequestLatency=13, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5411, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message="protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testnac1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc, EndPointMACAddress=00-00-00-00-00-01, ISEPolicySetName=Default, StepLatency=25=120001, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 11:10:16 cisco-ise-host CISE_Failed_Attempts 0000076158 1 0 2022-03-02 11:10:16.634 +00:00 0000076224 5418 NOTICE Guest: Guest Authentication Failed, ConfigVersionId=1397, FailureReason=22056 Subject not found in the applicable identity store(s), UserType=NON_GUEST, UserName=INVALID, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=18, Step=5418, +<181>Mar 2 09:56:00 cisco-ise-host CISE_Failed_Attempts 0000075523 1 0 2022-03-02 09:56:00.597 +00:00 0000075590 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario, ConfigVersionId=1373, Device IP Address=81.2.69.193, Device Port=47053, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/64, FailureReason=11007 Could not locate Network Device or AAA Client, Step=11001, Step=11017, Step=11007, Step=5435, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, TotalFailedAttempts=11, TotalFailedTime=2806, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 09:04:59 cisco-ise-host CISE_Failed_Attempts 0000000581 1 0 2022-03-02 09:04:59.136 +00:00 0000075131 5440 NOTICE RADIUS: Endpoint abandoned EAP session and started new, ConfigVersionId=1364, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testDevice1, AcsSessionID=cisco-ise-host/435083133/41, SelectedAccessService=Default Network Access, RequestLatency=16, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5440, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message="protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]", OpenSSLErrorStack= 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o, EndPointMACAddress=00-23-DF-00-00-01, ISEPolicySetName=Default, StepLatency=25=9051, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={RadiusPacketType=Drop; }, +<182>Mar 3 11:20:37 cisco-ise-host CISE_Guest 0000083315 1 0 2022-03-03 11:20:37.938 +00:00 0000083382 86005 INFO Guest: Guest user has accepted the Use Policy, ConfigVersionId=1694, UserType=NON_GUEST, UserName=test123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, GuestUserName=test123, ResponseTime=31, +<182>Mar 3 12:01:09 cisco-ise-host CISE_Guest 0000083571 1 0 2022-03-03 12:01:09.743 +00:00 0000083638 86022 INFO Guest: Device Registration Web Authentication AUP Accepted, ConfigVersionId=1698, UserType=NON_GUEST, UserName=test1123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, ResponseTime=15, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083418 1 0 2022-03-03 11:37:34.933 +00:00 0000083485 24209 DEBUG Local-user-DB: Looking up Endpoint in Internal Endpoints IDStore, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082649 1 0 2022-03-03 09:24:13.235 +00:00 0000082716 24210 DEBUG Local-user-DB: Looking up User in Internal Users IDStore, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/115, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth20, +<183>Mar 3 09:22:51 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082604 1 0 2022-03-03 09:22:51.639 +00:00 0000082671 24212 DEBUG Local-user-DB: Found User in Internal Users IDStore, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/110, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth18, Firstname=Employee1, Lastname=Cisco1, EnableFlag=Enabled, Response={AuthenticationResult=NotPerformed; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082616 1 0 2022-03-03 09:22:59.336 +00:00 0000082683 24216 DEBUG Local-user-DB: The user is not found in the internal users identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083419 1 0 2022-03-03 11:37:34.936 +00:00 0000083486 24217 DEBUG Local-user-DB: The host is not found in the internal endpoints identity store, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082623 1 0 2022-03-03 09:22:59.359 +00:00 0000082690 24313 DEBUG External-Active-Directory: Search for matching accounts at join point, AD-Log-Id=1645524126/33, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082625 1 0 2022-03-03 09:22:59.359 +00:00 0000082692 24322 DEBUG External-Active-Directory: Identity resolution detected no matching account, AD-Log-Id=1645524126/35, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082622 1 0 2022-03-03 09:22:59.359 +00:00 0000082689 24325 DEBUG External-Active-Directory: Resolving identity, AD-Log-Id=1645524126/32, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082626 1 0 2022-03-03 09:22:59.359 +00:00 0000082693 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/36, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082624 1 0 2022-03-03 09:22:59.359 +00:00 0000082691 24366 DEBUG External-Active-Directory: Skipping unjoined domain, AD-Log-Id=1645524126/34, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082627 1 0 2022-03-03 09:22:59.360 +00:00 0000082694 24412 DEBUG External-Active-Directory: User not found in Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082621 1 0 2022-03-03 09:22:59.357 +00:00 0000082688 24430 DEBUG External-Active-Directory: Authenticating user against Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=Failed; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082618 1 0 2022-03-03 09:22:59.337 +00:00 0000082685 24631 DEBUG Local-user-DB: Looking up User in Internal Guests IDStore, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082619 1 0 2022-03-03 09:22:59.356 +00:00 0000082686 24633 DEBUG Local-user-DB: The user is not found in the internal guests identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083416 1 0 2022-03-03 11:37:34.931 +00:00 0000083483 24715 DEBUG External-Active-Directory: ISE has not confirmed locally previous successful machine authentication for user in Active Directory, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<180>Feb 23 06:11:12 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000000890 1 0 2022-02-23 06:11:12.793 +00:00 0000000945 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=240, DestinationPort=9025, LoggerName=Test_TCP, +<179>Mar 3 09:19:04 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000082575 1 0 2022-03-03 09:19:04.559 +00:00 0000082642 34120 ERROR Profiler: Profiler failed to get the connection to NAC Manager, ConfigVersionId=1628, +<180>Mar 3 09:24:09 isenode CISE_Internal_Operations_Diagnostics 0000040852 1 0 2022-03-03 09:24:09.011 +00:00 0000040898 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA, +<180>Mar 3 09:24:39 isenode CISE_Internal_Operations_Diagnostics 0000040857 1 0 2022-03-03 09:24:39.014 +00:00 0000040903 34127 WARN System-Management: Remote syslog target connection resume, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA, +<183>Mar 3 00:00:00 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000079939 1 0 2022-03-03 00:00:00.480 +00:00 0000080006 32025 DEBUG Logging: Rolled over local storage file, ConfigVersionId=1543, LogFileName=/opt/CSCOcpm/logs/localStore//iseLocalStore.log.2022-03-02-00-00-00-478, LogErrorMessage=LOG_OK_NO_ERROR, +<182>Mar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082658 1 0 2022-03-03 09:24:53.393 +00:00 0000082725 88004 INFO MyDevices: Successfully deleted the device (endpoint), ConfigVersionId=1629, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:00, EPIdentityGroup=Unknown, Staticassignment=false, EndPointProfiler=ise.host.local, EndPointPolicy=Xerox-Device, DeviceName=test, DeviceRegistrationStatus=NotRegistered, ResponseTime=35, +<182>Mar 3 09:24:40 cisco-ise-host CISE_MyDevices 0000082656 1 0 2022-03-03 09:24:40.424 +00:00 0000082723 88010 INFO MyDevices: Successfully registered/provisioned the device (endpoint), ConfigVersionId=1628, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:01, EPIdentityGroup=RegisteredDevices, Staticassignment=true, EndPointProfiler=ise.host.local, EndPointPolicy=Unknown, DeviceName=test2, DeviceRegistrationStatus=Pending, ResponseTime=35 +<179>Mar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082659 1 0 2022-03-03 09:24:53.482 +00:00 0000082726 88013 ERROR MyDevices: Failed to perform a CoA termination, ConfigVersionId=1629, EPMacAddress=00:00:00:00:00:00, EndpointCoA=Terminate, +<181>Mar 3 11:37:34 cisco-ise-host CISE_Passed_Authentications 0000083423 1 0 2022-03-03 11:37:34.978 +00:00 0000083490 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=1696, Device IP Address=81.2.69.143, DestinationIPAddress=81.2.69.193, DestinationPort=1812, UserName=92-09-00-00-00-01, Protocol=Radius, NetworkDeviceName=Simulator, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=gigabitEthernet1/0/1, Airespace-Wlan-Id=3, OriginalUserName=92-09-00-00-00-01, MisconfiguredClientFixReason=Passed, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, RadiusFlowType=WirelessMAB, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, UseCase=Host Lookup, RequestLatency=90, Step=11001, Step=11017, Step=11117, Step=11027, Step=15049, Step=15008, Step=15041, Step=15048, Step=15013, Step=24209, Step=24217, Step=22056, Step=22058, Step=22060, Step=24715, Step=15036, Step=24209, Step=24217, Step=15016, Step=11002, Step=5239, SelectedAuthenticationIdentityStores=Internal Endpoints, AuthenticationStatus=UnknownUser, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, EndPointMACAddress=92-09-00-00-00-01, PostureAssessmentStatus=Pending, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, StepData=7= Normalised Radius.RadiusFlowType, StepData=8=Internal Endpoints, TotalAuthenLatency=90, ClientLatency=0, allowEasyWiredSession=false, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M&portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7&action=cwa&type=drw&token=65402552fb76ff96c08edaab722f880e; LicenseTypes=1; }, +<181>Mar 2 13:27:48 cisco-ise-host CISE_Passed_Authentications 0000077038 1 0 2022-03-02 13:27:48.625 +00:00 0000077104 5231 NOTICE Guest: Guest Authentication Passed, ConfigVersionId=1459, AuthenticationMethod=PAP_ASCII, UserType=NON_GUEST, UserName=test, IpAddress=81.2.69.145, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=cisco-ise-host.local, GuestUserName=test, ResponseTime=21, Step=5231, +<181>Feb 23 21:44:54 cisco-ise-host CISE_Passed_Authentications 0000000028 1 0 2021-02-23 21:44:54.276 +00:00 0000001707 5233 NOTICE Passed-Authentication: TrustSec Data Download Succeeded, ConfigVersionId=9, Device IP Address=81.2.69.144, DestinationIPAddress=81.2.69.144, DestinationPort=1645, UserName=#CTSREQUEST#, Protocol=Radius, RequestLatency=281, NetworkDeviceName=ASAv-vpn, User-Name=#CTSREQUEST#, NAS-IP-Address=81.2.69.144, NAS-Port=2, NAS-Port-Type=Virtual, cisco-av-pair=cts-environment-version=1, cisco-av-pair=cts-environment-data=ASAv-vpn, cisco-av-pair=cts-device-capability=env-data-fragment, cisco-av-pair=cts-pac-opaque=****, cisco-av-pair=coa-push=true, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=8ade1f15-aef1-4a9a-8158-d02e835179db, IsThirdPartyDeviceFlow=false, AcsSessionID=ise/403491114/1, SelectedAccessService=NDAC_SGT_Service, Step=11001, Step=11017, Step=11117, Step=15012, Step=15036, Step=15006, Step=11002, NetworkDeviceGroups=Location#All Locations#dCloud, NetworkDeviceGroups=Device Type#All Device Types#Security Devices#VPN, AuthorizationPolicyMatchedRule=Default, CPMSessionID=c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg, ISEPolicySetName=NetworkDeviceAuthorization, DTLSSupport=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#dCloud, Device Type=Device Type#All Device Types#Security Devices#VPN, Response={Class=CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1; cisco-av-pair=cts:server-list=CTSServerList1-0001; cisco-av-pair=cts:security-group-tag=0002-11; cisco-av-pair=cts:environment-data-expiry=86400; cisco-av-pair=cts:security-group-table=0001-46; }, +<181>Mar 3 09:11:58 cisco-ise-host CISE_Passed_Authentications 0000082517 1 0 2022-03-03 09:11:58.729 +00:00 0000082584 5239 NOTICE RADIUS: NAS problem was fixed, ConfigVersionId=1626, NAS-IP-Address=81.2.69.145, MisconfiguredClientFixReason=Silent, Step=5239, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083407 1 0 2022-03-03 11:37:34.891 +00:00 0000083474 15008 DEBUG Policy: Evaluating Service Selection Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082648 1 0 2022-03-03 09:24:13.235 +00:00 0000082715 15013 DEBUG Policy: Selected Identity Source, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CurrentIDStoreName=Internal Users, CPMSessionID=isehost:userauth20, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083420 1 0 2022-03-03 11:37:34.958 +00:00 0000083487 15016 DEBUG Policy: Selected Authorization Profile, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083417 1 0 2022-03-03 11:37:34.932 +00:00 0000083484 15036 DEBUG Policy: Evaluating Authorization Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, IdentityPolicyMatchedRule=MAB, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082646 1 0 2022-03-03 09:24:13.233 +00:00 0000082713 15041 DEBUG Policy: Evaluating Identity Policy, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CPMSessionID=isehost:userauth20, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083409 1 0 2022-03-03 11:37:34.900 +00:00 0000083476 15048 DEBUG Policy: Queried PIP, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=IdentityPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083406 1 0 2022-03-03 11:37:34.890 +00:00 0000083473 15049 DEBUG Policy: Evaluating Policy Group, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<181>Feb 26 22:15:22 cisco-ise-host CISE_Posture_and_Client_Provisioning_Audit 0000000959 1 0 2021-02-26 22:15:22.379 +00:00 0000004348 87751 NOTICE EPS: Endpoint Protection Service has obtained the result of an operation, ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:1.1.1.1, OperationStatus=RUNNING, AdminName=abc@abc.com.com, +<182>Apr 27 11:11:47 hijk.xyz.com CISE_RADIUS_Accounting 0000070618 1 0 2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=81.2.69.145, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC +<182>Apr 27 11:18:08 tuv.w.xyz.com CISE_RADIUS_Accounting 0000142722 1 0 2020-04-27 11:18:08.144167 -08:00 0096217580 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=4, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=81.2.69.145, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52= +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076010 1 0 2022-03-02 10:54:40.275 +00:00 0000076076 11001 DEBUG RADIUS: Received RADIUS Access-Request, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<183>Mar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083421 1 0 2022-03-03 11:37:34.978 +00:00 0000083488 11002 DEBUG RADIUS: Returned RADIUS Access-Accept, ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, SelectedAccessService=Default Network Access, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={RadiusPacketType=AccessAccept; AuthenticationResult=UnknownUser; Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M&portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7&action=cwa&type=drw&token=65402552fb76ff96c08edaab722f880e; }, +<183>Mar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075815 1 0 2022-03-02 10:30:25.393 +00:00 0000075881 11004 DEBUG RADIUS: Received RADIUS Accounting-Request, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, AcsSessionID=cisco-ise-host/435083133/79, +<183>Mar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075821 1 0 2022-03-02 10:30:25.398 +00:00 0000075887 11005 DEBUG RADIUS: Returned RADIUS Accounting-Response, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusPacketType=AccountingRequest, RadiusIdentifier=6, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/79, SelectedAccessService=Default Network Access, CPMSessionID=0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076021 1 0 2022-03-02 10:54:40.278 +00:00 0000076087 11006 DEBUG RADIUS: Returned RADIUS Access-Challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, Response={RadiusPacketType=AccessChallenge; }, +<180>Feb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004585 1 0 2021-03-16 09:29:43.770 +00:00 0000004680 11015 WARN RADIUS: An Access-Request MUST contain at least a NAS-IP-Address, NAS-IPv6-Address, or a NAS-Identifier; Continue processing, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=53985, DestinationIPAddress=81.2.69.144, DestinationPort=0073, RadiusIdentifier=13, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=89:aa:11:00:00:01, Acct-Status-Type=Stop, Acct-Session-Id=11000001, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/405244497/3, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075998 1 0 2022-03-02 10:54:40.194 +00:00 0000076064 11017 DEBUG RADIUS: RADIUS created a new session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076011 1 0 2022-03-02 10:54:40.275 +00:00 0000076077 11018 DEBUG RADIUS: RADIUS is re-using an existing session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<183>Mar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083405 1 0 2022-03-03 11:37:34.890 +00:00 0000083472 11027 DEBUG RADIUS: Detected Host Lookup UseCase (Service-Type = Call Check (10)), ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<180>Mar 3 09:40:42 cisco-ise-host CISE_RADIUS_Diagnostics 0000082784 1 0 2022-03-03 09:40:42.552 +00:00 0000082851 11036 WARN RADIUS: The Message-Authenticator RADIUS attribute is invalid, ConfigVersionId=1655, Device IP Address=81.2.69.143, Device Port=35893, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusIdentifier=2, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/120, +<180>Mar 3 09:14:59 cisco-ise-host CISE_RADIUS_Diagnostics 0000082552 1 0 2022-03-03 09:14:59.500 +00:00 0000082619 11038 WARN RADIUS: RADIUS Accounting-Request header contains invalid Authenticator field, ConfigVersionId=1626, Device IP Address=81.2.69.143, Device Port=51906, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusIdentifier=4, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/107, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075999 1 0 2022-03-02 10:54:40.195 +00:00 0000076065 11117 DEBUG RADIUS: Generated a new session ID, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076002 1 0 2022-03-02 10:54:40.197 +00:00 0000076068 11507 INFO EAP: Extracted EAP-Response/Identity, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Feb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004570 1 0 2021-03-16 09:29:43.648 +00:00 0000004648 11823 INFO EAP: EAP-MSCHAP authentication attempt failed, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=56430, DestinationIPAddress=81.2.69.144, DestinationPort=0072, RadiusPacketType=AccessRequest, RadiusIdentifier=9, User-Name=employee1, NAS-IP-Address=81.2.69.144, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\;36SessionID=cisco-ise-host/405244497/1\;, Session-Timeout=30, Calling-Station-ID=89-AA-11-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/405244497/1, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified\, Retry is allowed, EapTunnel=PEAP, EapAuthentication=EAP-MSCHAPv2, CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4, Response={AuthenticationResult=Failed; }, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076008 1 0 2022-03-02 10:54:40.265 +00:00 0000076074 12300 INFO EAP: Prepared EAP-Request proposing PEAP with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076007 1 0 2022-03-02 10:54:40.264 +00:00 0000076073 12301 INFO EAP: Extracted EAP-Response/NAK requesting to use PEAP instead, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076012 1 0 2022-03-02 10:54:40.275 +00:00 0000076078 12302 INFO EAP: Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076020 1 0 2022-03-02 10:54:40.277 +00:00 0000076086 12305 INFO EAP: Prepared EAP-Request with another PEAP challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076019 1 0 2022-03-02 10:54:40.277 +00:00 0000076085 12307 INFO EAP: PEAP authentication failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<180>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076018 1 0 2022-03-02 10:54:40.277 +00:00 0000076084 12309 WARN EAP: PEAP handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076013 1 0 2022-03-02 10:54:40.276 +00:00 0000076079 12318 INFO EAP: Successfully negotiated PEAP version 0, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076003 1 0 2022-03-02 10:54:40.198 +00:00 0000076069 12500 INFO EAP: Prepared EAP-Request proposing EAP-TLS with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076014 1 0 2022-03-02 10:54:40.276 +00:00 0000076080 12800 INFO EAP: Extracted first TLS record; TLS handshake started, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:53:10 cisco-ise-host CISE_RADIUS_Diagnostics 0000075982 1 0 2022-03-02 10:53:10.702 +00:00 0000076048 12805 INFO EAP: Extracted TLS ClientHello message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=48443, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/82, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076016 1 0 2022-03-02 10:54:40.276 +00:00 0000076082 12814 INFO EAP: Prepared TLS Alert message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076017 1 0 2022-03-02 10:54:40.276 +00:00 0000076083 12817 INFO EAP: TLS handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<181>Mar 3 10:10:23 isehost CISE_System_Statistics 0000082933 1 0 2022-03-03 10:10:23.294 +00:00 0000082999 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1659, SysStatsUtilizationCpu=7.32%, SysStatsUtilizationNetwork=eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0, SysStatsUtilizationNetwork=vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=42.82%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=19% /opt, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=19% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.65, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11987, ActiveSessionCount=-10, +<181>Mar 3 10:11:58 81.2.69.143 CISE_System_Statistics 0000041100 1 0 2022-03-03 10:11:58.749 +00:00 0000041146 70001 NOTICE System-Stats: ISE Process Health, ConfigVersionId=823, SysStatsAcsProcessHealth= Database Listener=running, PID: 10823; Database Server=running, number of processes: 77; Application Server=running, PID: 2290499; Profiler Database=running, PID: 2286839; ISE Indexing Engine=running, PID: 2301459; AD Connector=running, PID: 27766; M&T Session Database=running, PID: 2288787; M&T Log Processor=running, PID: 2311300; Certificate Authority Service=running, PID: 2312538; EST Service=running, PID: 2326338; SXP Engine Service=running, PID: 1753095; PassiveID WMI Service=running, PID: 2989686; PassiveID Syslog Service=running, PID: 2990191; PassiveID API Service=running, PID: 2990809; PassiveID Agent Service=running, PID: 2991433; PassiveID Endpoint Service=running, PID: 2991940; PassiveID SPAN Service=running, PID: 2992442; DHCP Server (dhcpd)=disabled; DNS Server (named)=disabled; ISE Messaging Service=running, PID: 2322856; ISE API Gateway Database Service=running, PID: 2291381; ISE API Gateway Service=running, PID: 2299091; Segmentation Policy Service=disabled; REST Auth Service=disabled; SSE Connector=disabled; Hermes (pxGrid Cloud Agent)=disabled, +<181>Mar 3 10:08:59 isehost CISE_System_Statistics 0000082925 1 0 2022-03-03 10:08:59.797 +00:00 0000082992 70011 NOTICE System-Stats: ISE Counters, ConfigVersionId=1659, OperationCounters=Counter=16_MnTLogProcessorN:149,16_CAServiceN:41,16_CAServiceT:114946,16_MnTLogProcessorU:14,16_MnTLogProcessorT:720447,16_CAServiceU:2,17_vaEventsReceived:0,16_SyslogU:0,16_SyslogT:0,16_RMIT:0,16_RMIU:0,16_GuestN:0,17_threatEventsReceived:0,16_GuestU:0,16_GuestT:0,16_SyslogN:0,16_MisservicesU:0,4_HostName_Event_Fetch_FromAD:0,16_MisservicesT:0,16_MisservicesN:0,16_DBServerN:83,13_Protocol_Runtime_Context:-10,16_AdminWebappT:0,16_AdminWebappU:0,16_DBServerU:18,16_DBServerT:911373,16_JVMN:0,16_DBListenerU:0,16_AdminWebappN:0,16_DBListenerT:0,16_JVMT:0,16_BYODN:0,16_JVMU:0,16_BYODT:0,16_DBListenerN:0,16_BYODU:0,16_MessageQueueT:0,17_eventsReceived:0,16_MessageQueueU:0,4_Probe_Requests_Dropped:0,4_Probe_Requests_Received:0,4_ArpCache_InsertUpdate_Received:0,17_coaIssued:0,16_MessageQueueN:0,16_iowait:4,16_MnTSessionDBT:13624,16_MnTSessionDBU:0,16_TCNACMongoDBT:0,16_TCNACMongoDBU:0,16_MnTSessionDBN:18,16_TCNACMongoDBN:0,16_NSFN:0,16_ProfilerDatabaseN:4,16_ProfilerDatabaseT:83251,16_ProfilerDatabaseU:2,16_NSFU:0,16_NSFT:0,16_QuartzN:0,4_EndpointCache_InsertUpdate_Received:4,16_QuartzT:0,16_VADT:0,16_VADU:0,16_ProfilerN:0,16_ProfilerT:0,16_VADN:0,16_ProfilerU:0,16_VAServiceN:39,16_VAServiceU:10,16_RMIN:0,16_VAServiceT:531482,4_RadiusPacketsReceived:27,16_TCNACCoreU:0,16_TCNACCoreT:0,16_QuartzU:0,4_NMAP_ScanEvent_Query:0,16_TCNACCoreN:0, +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=2962, AVPair=timezone=GMT, AVPair=start_time=1585185432, AVPair=priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; } +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415636 3301 NOTICE Tacacs-Accounting: TACACS+ Accounting START, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AcctRequest-Flags=Start, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954422, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22083, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting647817909, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; } +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415932 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AVPair=disc-cause=1, AVPair=disc-cause-ext=9, AVPair=pre-session-time=0, AVPair=elapsed_time=127, AVPair=stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting2791676098, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;} +<182>Mar 16 06:41:58 cisco-ise-host CISE_Threat_Centric_NAC 0000001923 1 0 2021-03-16 06:41:58.957 +00:00 0000001966 91004 INFO IRF: Started adapter instance, ConfigVersionId=86, Details=Adapter Karnataka status/connectivity changed, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, +<179>Mar 16 06:42:55 cisco-ise-host CISE_Threat_Centric_NAC 0000001938 1 0 2021-03-16 06:42:55.540 +00:00 0000001981 91018 ERROR IRF: Adapter connection failed, ConfigVersionId=86, Details=Adapter cannot connect to the server. Ensure that the server is reachable, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, Connectivity=Disconnected, +<180>Mar 3 00:02:46 isenode CISE_Threat_Centric_NAC 0000038251 1 0 2022-03-03 00:02:46.341 +00:00 0000038297 91110 WARN RADIUS: One or more Active Directory diagnostic tests failed during a scheduled run., ConfigVersionId=749, diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml new file mode 100644 index 00000000000..f5b286a4da3 --- /dev/null +++ b/packages/cisco_ise/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.1.0" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/2855 diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..4da22641654 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,3 @@ +fields: + tags: + - preserve_original_event diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log new file mode 100644 index 00000000000..94f92a379a3 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log @@ -0,0 +1,13 @@ +<180>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083094 1 0 2022-03-03 10:42:25.842 +00:00 0000083161 25012 WARN AD-Connector: Domain join failed, AD-Admin=ise.host.local, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Error-Details=The user account is invalid, AD-Forest=host.local, AD-Hostname=cisco-ise-host@host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/47, AD-Organization-Unit=, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:43:05 isehost CISE_AD_Connector 0000041246 1 0 2022-03-03 10:43:05.020 +00:00 0000041292 25013 INFO AD-Connector: Domain leave succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Hostname=isehost, AD-IP-Address=89.160.20.156, AD-Log-Id=1645707128/8, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:43:05 isehost CISE_AD_Connector 0000041242 1 0 2022-03-03 10:43:05.018 +00:00 0000041288 25015 INFO AD-Connector: DNS SRV query succeeded, AD-Domain=host.local, AD-Log-Id=1645707128/4, AD-Srv-Query=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local, AD-Srv-Record=host.local\, 81.2.69.1431.98, AD-Srv-Record=host.local\, 89.160.20.156, AD-Srv-Record=host.local\, 81.2.69.1431.94, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083074 1 0 2022-03-03 10:40:58.891 +00:00 0000083141 25016 ERROR AD-Connector: DNS SRV query failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/37, AD-Srv-Query=_ldap._tcp.dc._msdcs.89.160.20.112, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083091 1 0 2022-03-03 10:42:25.835 +00:00 0000083158 25017 INFO AD-Connector: DC discovery succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/44, AD-Site=Default-First-Site-Name, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083075 1 0 2022-03-03 10:40:58.892 +00:00 0000083142 25018 ERROR AD-Connector: DC discovery failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/38, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083093 1 0 2022-03-03 10:42:25.837 +00:00 0000083160 25033 INFO AD-Connector: DNS A/AAAA query succeeded, AD-Domain-Controller=host.local., AD-Hostname=host.local., AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/46, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083092 1 0 2022-03-03 10:42:25.835 +00:00 0000083159 25037 INFO AD-Connector: DC record cached, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/45, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083089 1 0 2022-03-03 10:42:25.835 +00:00 0000083156 25041 INFO AD-Connector: ISE Server site discovered, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645524126/42, AD-Site=Default-First-Site-Name, +<179>Mar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083076 1 0 2022-03-03 10:40:58.892 +00:00 0000083143 25046 ERROR AD-Connector: Joined domain is unavailable, AD-Domain=89.160.20.112, AD-Log-Id=1645524126/39, +<179>Mar 14 05:59:30 cisco-ise-host CISE_AD_Connector 0000000032 1 0 2022-03-14 05:59:30.442 +00:00 0000000122 25058 ERROR AD-Connector: ISE is not joined to an Active Directory Domain Controller, ConfigVersionId=10, AD-Domain=10.0.14.108, +<182>Mar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083089 2 1 AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name, +<182>Mar 3 10:42:25 +02:00 cisco-ise-host CISE_AD_Connector 0000083089 2 1 AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json new file mode 100644 index 00000000000..dda9c53ca8d --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -0,0 +1,859 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T10:42:25.842Z", + "cisco_ise": { + "log": { + "ad": { + "admin": "ise.host.local", + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "error": { + "details": "The user account is invalid" + }, + "forest": "host.local", + "hostname": "cisco-ise-host@host.local", + "ip": "89.160.20.156", + "log_id": "1645524126/47", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Admin=ise.host.local, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Error-Details=The user account is invalid, AD-Forest=host.local, AD-Hostname=cisco-ise-host@host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/47, AD-Organization-Unit=, AD-Site=Default-First-Site-Name", + "message": { + "code": "25012", + "description": "AD-Connector: Domain join failed", + "id": "0000083094" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083094 1 0 2022-03-03 10:42:25.842 +00:00 0000083161 25012 WARN AD-Connector: Domain join failed, AD-Admin=ise.host.local, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Error-Details=The user account is invalid, AD-Forest=host.local, AD-Hostname=cisco-ise-host@host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/47, AD-Organization-Unit=, AD-Site=Default-First-Site-Name,", + "sequence": 83161, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 10:42:25.842 +00:00 0000083161 25012 WARN AD-Connector: Domain join failed, AD-Admin=ise.host.local, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Error-Details=The user account is invalid, AD-Forest=host.local, AD-Hostname=cisco-ise-host@host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/47, AD-Organization-Unit=, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host", + "cisco-ise-host@host.local" + ], + "ip": [ + "89.160.20.156" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:43:05.020Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "hostname": "isehost", + "ip": "89.160.20.156", + "log_id": "1645707128/8", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Hostname=isehost, AD-IP-Address=89.160.20.156, AD-Log-Id=1645707128/8, AD-Site=Default-First-Site-Name", + "message": { + "code": "25013", + "description": "AD-Connector: Domain leave succeeded", + "id": "0000041246" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:43:05 isehost CISE_AD_Connector 0000041246 1 0 2022-03-03 10:43:05.020 +00:00 0000041292 25013 INFO AD-Connector: Domain leave succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Hostname=isehost, AD-IP-Address=89.160.20.156, AD-Log-Id=1645707128/8, AD-Site=Default-First-Site-Name,", + "sequence": 41292, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:43:05.020 +00:00 0000041292 25013 INFO AD-Connector: Domain leave succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Hostname=isehost, AD-IP-Address=89.160.20.156, AD-Log-Id=1645707128/8, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "89.160.20.156" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:43:05.018Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "name": "host.local" + }, + "log_id": "1645707128/4", + "srv": { + "query": "_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local", + "record": [ + "host.local 81.2.69.1431.98", + "host.local 89.160.20.156", + "host.local 81.2.69.1431.94" + ] + } + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Log-Id=1645707128/4, AD-Srv-Query=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local, AD-Srv-Record=host.local 81.2.69.1431.98, AD-Srv-Record=host.local 89.160.20.156, AD-Srv-Record=host.local 81.2.69.1431.94", + "message": { + "code": "25015", + "description": "AD-Connector: DNS SRV query succeeded", + "id": "0000041242" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:43:05 isehost CISE_AD_Connector 0000041242 1 0 2022-03-03 10:43:05.018 +00:00 0000041288 25015 INFO AD-Connector: DNS SRV query succeeded, AD-Domain=host.local, AD-Log-Id=1645707128/4, AD-Srv-Query=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local, AD-Srv-Record=host.local\\, 81.2.69.1431.98, AD-Srv-Record=host.local\\, 89.160.20.156, AD-Srv-Record=host.local\\, 81.2.69.1431.94,", + "sequence": 41288, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:43:05.018 +00:00 0000041288 25015 INFO AD-Connector: DNS SRV query succeeded, AD-Domain=host.local, AD-Log-Id=1645707128/4, AD-Srv-Query=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.host.local, AD-Srv-Record=host.local\\, 81.2.69.1431.98, AD-Srv-Record=host.local\\, 89.160.20.156, AD-Srv-Record=host.local\\, 81.2.69.1431.94,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:40:58.891Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "name": "89.160.20.112" + }, + "error": { + "details": "The domain name specified in the query was not found" + }, + "log_id": "1645524126/37", + "srv": { + "query": "_ldap._tcp.dc._msdcs.89.160.20.112" + } + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/37, AD-Srv-Query=_ldap._tcp.dc._msdcs.89.160.20.112", + "message": { + "code": "25016", + "description": "AD-Connector: DNS SRV query failed", + "id": "0000083074" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c179\u003eMar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083074 1 0 2022-03-03 10:40:58.891 +00:00 0000083141 25016 ERROR AD-Connector: DNS SRV query failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/37, AD-Srv-Query=_ldap._tcp.dc._msdcs.89.160.20.112,", + "sequence": 83141, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-03 10:40:58.891 +00:00 0000083141 25016 ERROR AD-Connector: DNS SRV query failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/37, AD-Srv-Query=_ldap._tcp.dc._msdcs.89.160.20.112,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.835Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "ip": "89.160.20.156", + "log_id": "1645524126/44", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/44, AD-Site=Default-First-Site-Name", + "message": { + "code": "25017", + "description": "AD-Connector: DC discovery succeeded", + "id": "0000083091" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083091 1 0 2022-03-03 10:42:25.835 +00:00 0000083158 25017 INFO AD-Connector: DC discovery succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/44, AD-Site=Default-First-Site-Name,", + "sequence": 83158, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:42:25.835 +00:00 0000083158 25017 INFO AD-Connector: DC discovery succeeded, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/44, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.156" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:40:58.892Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "name": "89.160.20.112" + }, + "error": { + "details": "The domain name specified in the query was not found" + }, + "log_id": "1645524126/38" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/38", + "message": { + "code": "25018", + "description": "AD-Connector: DC discovery failed", + "id": "0000083075" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c179\u003eMar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083075 1 0 2022-03-03 10:40:58.892 +00:00 0000083142 25018 ERROR AD-Connector: DC discovery failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/38,", + "sequence": 83142, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-03 10:40:58.892 +00:00 0000083142 25018 ERROR AD-Connector: DC discovery failed, AD-Domain=89.160.20.112, AD-Error-Details=The domain name specified in the query was not found, AD-Log-Id=1645524126/38,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.837Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local." + }, + "hostname": "host.local.", + "ip": "89.160.20.156", + "log_id": "1645524126/46" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain-Controller=host.local., AD-Hostname=host.local., AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/46", + "message": { + "code": "25033", + "description": "AD-Connector: DNS A/AAAA query succeeded", + "id": "0000083093" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083093 1 0 2022-03-03 10:42:25.837 +00:00 0000083160 25033 INFO AD-Connector: DNS A/AAAA query succeeded, AD-Domain-Controller=host.local., AD-Hostname=host.local., AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/46,", + "sequence": 83160, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:42:25.837 +00:00 0000083160 25033 INFO AD-Connector: DNS A/AAAA query succeeded, AD-Domain-Controller=host.local., AD-Hostname=host.local., AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/46,", + "related": { + "hosts": [ + "cisco-ise-host", + "host.local." + ], + "ip": [ + "89.160.20.156" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.835Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "ip": "89.160.20.156", + "log_id": "1645524126/45", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/45, AD-Site=Default-First-Site-Name", + "message": { + "code": "25037", + "description": "AD-Connector: DC record cached", + "id": "0000083092" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083092 1 0 2022-03-03 10:42:25.835 +00:00 0000083159 25037 INFO AD-Connector: DC record cached, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/45, AD-Site=Default-First-Site-Name,", + "sequence": 83159, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:42:25.835 +00:00 0000083159 25037 INFO AD-Connector: DC record cached, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-IP-Address=89.160.20.156, AD-Log-Id=1645524126/45, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.156" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.835Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "log_id": "1645524126/42", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645524126/42, AD-Site=Default-First-Site-Name", + "message": { + "code": "25041", + "description": "AD-Connector: ISE Server site discovered", + "id": "0000083089" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083089 1 0 2022-03-03 10:42:25.835 +00:00 0000083156 25041 INFO AD-Connector: ISE Server site discovered, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645524126/42, AD-Site=Default-First-Site-Name,", + "sequence": 83156, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 10:42:25.835 +00:00 0000083156 25041 INFO AD-Connector: ISE Server site discovered, AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645524126/42, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:40:58.892Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "name": "89.160.20.112" + }, + "log_id": "1645524126/39" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=89.160.20.112, AD-Log-Id=1645524126/39", + "message": { + "code": "25046", + "description": "AD-Connector: Joined domain is unavailable", + "id": "0000083076" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c179\u003eMar 3 10:40:58 cisco-ise-host CISE_AD_Connector 0000083076 1 0 2022-03-03 10:40:58.892 +00:00 0000083143 25046 ERROR AD-Connector: Joined domain is unavailable, AD-Domain=89.160.20.112, AD-Log-Id=1645524126/39,", + "sequence": 83143, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-03 10:40:58.892 +00:00 0000083143 25046 ERROR AD-Connector: Joined domain is unavailable, AD-Domain=89.160.20.112, AD-Log-Id=1645524126/39,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-14T05:59:30.442Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "name": "10.0.14.108" + } + }, + "category": { + "name": "CISE_AD_Connector" + }, + "config_version": { + "id": 10 + }, + "log_details": "ConfigVersionId=10, AD-Domain=10.0.14.108", + "message": { + "code": "25058", + "description": "AD-Connector: ISE is not joined to an Active Directory Domain Controller", + "id": "0000000032" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "ad-connector", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c179\u003eMar 14 05:59:30 cisco-ise-host CISE_AD_Connector 0000000032 1 0 2022-03-14 05:59:30.442 +00:00 0000000122 25058 ERROR AD-Connector: ISE is not joined to an Active Directory Domain Controller, ConfigVersionId=10, AD-Domain=10.0.14.108,", + "sequence": 122, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-14 05:59:30.442 +00:00 0000000122 25058 ERROR AD-Connector: ISE is not joined to an Active Directory Domain Controller, ConfigVersionId=10, AD-Domain=10.0.14.108,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.000Z", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "log_id": "1645676126/42", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name", + "message": { + "id": "0000083089" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 cisco-ise-host CISE_AD_Connector 0000083089 2 1 AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name," + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:42:25.000+02:00", + "cisco_ise": { + "log": { + "ad": { + "domain": { + "controller": "host.local", + "name": "host.local" + }, + "log_id": "1645676126/42", + "site": "Default-First-Site-Name" + }, + "category": { + "name": "CISE_AD_Connector" + }, + "log_details": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name", + "message": { + "id": "0000083089" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c182\u003eMar 3 10:42:25 +02:00 cisco-ise-host CISE_AD_Connector 0000083089 2 1 AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name,", + "timezone": "+02:00" + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "AD-Domain=host.local, AD-Domain-Controller=host.local, AD-Log-Id=1645676126/42, AD-Site=Default-First-Site-Name,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log new file mode 100644 index 00000000000..b37aff3d6b2 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log @@ -0,0 +1,33 @@ +<181>Mar 3 06:43:59 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000081797 1 0 2022-03-03 06:43:59.935 +00:00 0000081864 51001 NOTICE Administrator-Login: Administrator authentication succeeded, ConfigVersionId=1598, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=Administrator authentication successful, +<181>Mar 3 08:25:58 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000082275 1 0 2022-03-03 08:25:58.063 +00:00 0000082342 51002 NOTICE Administrator-Login: Administrator logged off, ConfigVersionId=1615, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=User logged out, +<181>Mar 3 08:06:28 isehost CISE_Administrative_and_Operational_Audit 0000082182 1 0 2022-03-03 08:06:28.020 +00:00 0000082249 51020 NOTICE Administrator-Login: Administrator authentication failed. Login username does not exist., ConfigVersionId=1610, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=INVALID, OperationMessageText=User not found, +<181>Mar 3 08:46:56 isehost CISE_Administrative_and_Operational_Audit 0000082385 1 0 2022-03-03 08:46:56.310 +00:00 0000082452 51021 NOTICE Administrator-Login: Administrator authentication failed. Wrong password., ConfigVersionId=1624, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=someadmin, +<181>Mar 3 08:30:08 isehost CISE_Administrative_and_Operational_Audit 0000040579 1 0 2022-03-03 08:30:08.728 +00:00 0000040625 52000 NOTICE Configuration-Changes: Added configuration, ConfigVersionId=786, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Object created:\,Port = 9005\,IP Address = 10.0.14.137\,Facility Code = LOCAL6\,Length = 1024\,Description = QA TCP Collector\,Include Alarms = FALSE\,status = ENABLED\,Buffer Message = FALSE\,Buffer Size = 100\,Reconnect Timeout = 30\,, ObjectType=UPSLogTarget, ObjectName=TCP Collector QA, +<181>Mar 3 09:05:16 isehost CISE_Administrative_and_Operational_Audit 0000082478 1 0 2022-03-03 09:05:16.475 +00:00 0000082545 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1626, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminSession=ProfilerSession, AdminName=someadmin, ConfigChangeData=NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser, +<181>Mar 3 11:58:35 isehost CISE_Administrative_and_Operational_Audit 0000083550 1 0 2022-03-03 11:58:35.811 +00:00 0000083617 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1698, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=admin, ConfigChangeData=object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d, +<181>Mar 3 01:04:02 isehost CISE_Administrative_and_Operational_Audit 0000080239 1 0 2022-03-03 01:04:02.331 +00:00 0000080306 60067 NOTICE FeedService: Profiler Feed Service - automatic download intitiated, ConfigVersionId=1553, OperationMessageText={FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler}, +<181>Mar 3 01:04:06 isehost CISE_Administrative_and_Operational_Audit 0000080240 1 0 2022-03-03 01:04:06.254 +00:00 0000080307 60070 NOTICE FeedService: Profiler Feed Service - No Profiles Downloaded, ConfigVersionId=1553, +<181>Mar 3 09:24:13 isehost CISE_Administrative_and_Operational_Audit 0000082652 1 0 2022-03-03 09:24:13.263 +00:00 0000082719 60078 NOTICE MyDevices: MyDevices user has successfully authenticated, ConfigVersionId=1628, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35, +<181>Mar 3 00:00:00 isehost CISE_Administrative_and_Operational_Audit 0000079938 1 0 2022-03-03 00:00:00.478 +00:00 0000080005 60456 NOTICE System-Management: Started CRL/OCSP periodic certificate check, ConfigVersionId=1543, AdminIPAddress=10.0.9.204, AdminName=system, +<181>Mar 3 00:01:01 isehost CISE_Administrative_and_Operational_Audit 0000079946 1 0 2022-03-03 00:01:01.464 +00:00 0000080013 60461 NOTICE System-Management: Account disabled due to user level date expiry, ConfigVersionId=1545, AdminInterface=Internal, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, OperationMessageText=Account employee10 is disabled, AcsInstance=isehost.local, +<181>Mar 3 09:06:23 isehost CISE_Administrative_and_Operational_Audit 0000040765 1 0 2022-03-03 09:06:23.123 +00:00 0000040810 61025 NOTICE EAP-TLS: Open secure connection with TLS peer, ConfigVersionId=794, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection created from 10.0.9.204:42863 to 169.254.2.3:5671, AcsInstance=isehost, +<181>Mar 3 09:08:33 isehost CISE_Administrative_and_Operational_Audit 0000082499 1 0 2022-03-03 09:08:33.981 +00:00 0000082565 61026 NOTICE EAP-TLS: Shutdown secure connection with TLS peer, ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost, +<181>Mar 3 09:25:05 isehost CISE_Administrative_and_Operational_Audit 0000082666 1 0 2022-03-03 09:25:05.100 +00:00 0000082733 61077 NOTICE MyDevices: MyDevices has been successfully logged out, ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35, +<181>Mar 3 08:31:21 isehost CISE_Administrative_and_Operational_Audit 0000082306 1 0 2022-03-03 08:31:21.075 +00:00 0000082373 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\, Log Severity Level = DEBUG\,Local Logging = enable\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories "Passed Authentications" has been edited successfully., +<181>Mar 10 11:04:19 isehost CISE_Administrative_and_Operational_Audit 0000130002 1 0 2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90, +<181>Mar 11 07:20:28 isehost CISE_Administrative_and_Operational_Audit 0000093200 1 0 2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost, +<181>Mar 10 05:25:13 isehost CISE_Administrative_and_Operational_Audit 0000128314 1 0 2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost, +<181>Mar 10 05:24:16 isehost CISE_Administrative_and_Operational_Audit 0000128311 1 0 2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost, +<181>Mar 9 19:00:42 isehost CISE_Administrative_and_Operational_Audit 0000083172 1 0 2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost, +<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116964 1 0 2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost, +<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116963 1 0 2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, +<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116901 1 0 2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost, +<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116902 1 0 2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, +<181>Mar 8 12:14:39 isehost CISE_Administrative_and_Operational_Audit 0000116896 1 0 2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost, +<181>Mar 15 08:30:16 isehost CISE_Administrative_and_Operational_Audit 0000001486 2 1 AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=User logged out, +<181>Mar 15 09:34:39 isehost CISE_Administrative_and_Operational_Audit 0000001602 2 1 AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=Administrator authentication successful, +<181>Mar 11 22:52:25 isehost CISE_Administrative_and_Operational_Audit 0000049530 1 0 2022-03-11 22:52:25.650 +00:00 0000139953 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=3426, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ObjectType=Machine Authentication Settings, ObjectName=Machine Authentication Settings, Component=Administration, ObjectInternalID=unknown, +<181>Mar 14 07:12:06 isehost CISE_Administrative_and_Operational_Audit 0000000155 1 0 2022-03-14 07:12:06.324 +00:00 0000000245 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=97, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=Object modified:\, Log Severity Level = INFO\,Local Logging = enable\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe,TCP Collector KS1,TCP Collector QA,test_sec_log,Test_TCP,test_tcp,test_tcp2,test_udp,UDP Collector KS1,UDP Collector QA}, ObjectType=UPSCategory, ObjectName=System Statistics, OperationMessageText=LoggingCategories "Administrative and Operational Audit" has been edited successfully., +<181>Mar 14 09:43:33 isehost CISE_Administrative_and_Operational_Audit 0000000312 1 0 2022-03-14 09:43:33.233 +00:00 0000000402 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=55, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=object updated: Name=testad1, ObjectType=Active Directory Instance, ObjectName=testad1, Component=UNKNOWN, ObjectInternalID=unknown, +<149>Mar 20 12:13:30 isehost CISE_Administrative_and_Operational_Audit 0000002725 1 0 2022-03-20 12:13:30.185 +00:00 0000003033 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=546, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Local Storage Period = 1 days, ObjectType=UPSLogSettings, ObjectName=LocalStore, +<181>Mar 29 05:53:36 isehost CISE_Administrative_and_Operational_Audit 0000000931 1 0 2022-03-29 05:53:36.769 +00:00 0000001104 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=258, AdminInterface=GUI, AdminIPAddress=81.2.69.144, AdminName=admin, ObjectType=Active Directory Instance, ObjectName=test123test123test123test123test, Component=Network Access, ObjectInternalID=unknown, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json new file mode 100644 index 00000000000..1013eaa7b0a --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -0,0 +1,2675 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T06:43:59.935Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI", + "session": "AdminGUI_Session" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1598 + }, + "log_details": "ConfigVersionId=1598, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=Administrator authentication successful", + "message": { + "code": "51001", + "description": "Administrator-Login: Administrator authentication succeeded", + "id": "0000081797" + }, + "operation_message": { + "text": "Administrator authentication successful" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "someadmin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 06:43:59 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000081797 1 0 2022-03-03 06:43:59.935 +00:00 0000081864 51001 NOTICE Administrator-Login: Administrator authentication succeeded, ConfigVersionId=1598, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=Administrator authentication successful,", + "sequence": 81864, + "timezone": "+00:00", + "type": [ + "admin", + "info" + ] + }, + "host": { + "ip": "81.2.69.143" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 06:43:59.935 +00:00 0000081864 51001 NOTICE Administrator-Login: Administrator authentication succeeded, ConfigVersionId=1598, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=Administrator authentication successful,", + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "someadmin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T08:25:58.063Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI", + "session": "AdminGUI_Session" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1615 + }, + "log_details": "ConfigVersionId=1615, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=User logged out", + "message": { + "code": "51002", + "description": "Administrator-Login: Administrator logged off", + "id": "0000082275" + }, + "operation_message": { + "text": "User logged out" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "someadmin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 08:25:58 81.2.69.143 CISE_Administrative_and_Operational_Audit 0000082275 1 0 2022-03-03 08:25:58.063 +00:00 0000082342 51002 NOTICE Administrator-Login: Administrator logged off, ConfigVersionId=1615, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=User logged out,", + "sequence": 82342, + "timezone": "+00:00", + "type": [ + "admin", + "info" + ] + }, + "host": { + "ip": "81.2.69.143" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 08:25:58.063 +00:00 0000082342 51002 NOTICE Administrator-Login: Administrator logged off, ConfigVersionId=1615, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminSession=AdminGUI_Session, AdminName=someadmin, OperationMessageText=User logged out,", + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "someadmin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T08:06:28.020Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1610 + }, + "log_details": "ConfigVersionId=1610, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=INVALID, OperationMessageText=User not found", + "message": { + "code": "51020", + "description": "Administrator-Login: Administrator authentication failed. Login username does not exist.", + "id": "0000082182" + }, + "operation_message": { + "text": "User not found" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "INVALID" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 08:06:28 isehost CISE_Administrative_and_Operational_Audit 0000082182 1 0 2022-03-03 08:06:28.020 +00:00 0000082249 51020 NOTICE Administrator-Login: Administrator authentication failed. Login username does not exist., ConfigVersionId=1610, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=INVALID, OperationMessageText=User not found,", + "sequence": 82249, + "timezone": "+00:00", + "type": [ + "admin", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 08:06:28.020 +00:00 0000082249 51020 NOTICE Administrator-Login: Administrator authentication failed. Login username does not exist., ConfigVersionId=1610, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=INVALID, OperationMessageText=User not found,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "INVALID" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T08:46:56.310Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1624 + }, + "log_details": "ConfigVersionId=1624, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=someadmin", + "message": { + "code": "51021", + "description": "Administrator-Login: Administrator authentication failed. Wrong password.", + "id": "0000082385" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "172.16.22.156", + "user": { + "name": "someadmin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 08:46:56 isehost CISE_Administrative_and_Operational_Audit 0000082385 1 0 2022-03-03 08:46:56.310 +00:00 0000082452 51021 NOTICE Administrator-Login: Administrator authentication failed. Wrong password., ConfigVersionId=1624, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=someadmin,", + "sequence": 82452, + "timezone": "+00:00", + "type": [ + "admin", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 08:46:56.310 +00:00 0000082452 51021 NOTICE Administrator-Login: Administrator authentication failed. Wrong password., ConfigVersionId=1624, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=someadmin,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "172.16.22.156" + ], + "user": [ + "someadmin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T08:30:08.728Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_change": { + "data": "Object created:\\,Port = 9005\\,IP Address = 10.0.14.137\\,Facility Code = LOCAL6\\,Length = 1024\\,Description = QA TCP Collector\\,Include Alarms = FALSE\\,status = ENABLED\\,Buffer Message = FALSE\\,Buffer Size = 100\\,Reconnect Timeout = 30\\," + }, + "config_version": { + "id": 786 + }, + "log_details": "ConfigVersionId=786, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Object created:\\,Port = 9005\\,IP Address = 10.0.14.137\\,Facility Code = LOCAL6\\,Length = 1024\\,Description = QA TCP Collector\\,Include Alarms = FALSE\\,status = ENABLED\\,Buffer Message = FALSE\\,Buffer Size = 100\\,Reconnect Timeout = 30\\,, ObjectType=UPSLogTarget, ObjectName=TCP Collector QA", + "message": { + "code": "52000", + "description": "Configuration-Changes: Added configuration", + "id": "0000040579" + }, + "object": { + "name": "TCP Collector QA", + "type": "UPSLogTarget" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "internal-sys-user" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 08:30:08 isehost CISE_Administrative_and_Operational_Audit 0000040579 1 0 2022-03-03 08:30:08.728 +00:00 0000040625 52000 NOTICE Configuration-Changes: Added configuration, ConfigVersionId=786, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Object created:\\,Port = 9005\\,IP Address = 10.0.14.137\\,Facility Code = LOCAL6\\,Length = 1024\\,Description = QA TCP Collector\\,Include Alarms = FALSE\\,status = ENABLED\\,Buffer Message = FALSE\\,Buffer Size = 100\\,Reconnect Timeout = 30\\,, ObjectType=UPSLogTarget, ObjectName=TCP Collector QA,", + "sequence": 40625, + "timezone": "+00:00", + "type": [ + "creation", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 08:30:08.728 +00:00 0000040625 52000 NOTICE Configuration-Changes: Added configuration, ConfigVersionId=786, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Object created:\\,Port = 9005\\,IP Address = 10.0.14.137\\,Facility Code = LOCAL6\\,Length = 1024\\,Description = QA TCP Collector\\,Include Alarms = FALSE\\,status = ENABLED\\,Buffer Message = FALSE\\,Buffer Size = 100\\,Reconnect Timeout = 30\\,, ObjectType=UPSLogTarget, ObjectName=TCP Collector QA,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "internal-sys-user" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:05:16.475Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI", + "session": "ProfilerSession" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_change": { + "data": "NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser" + }, + "config_version": { + "id": 1626 + }, + "log_details": "ConfigVersionId=1626, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminSession=ProfilerSession, AdminName=someadmin, ConfigChangeData=NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser", + "message": { + "code": "52002", + "description": "Configuration-Changes: Deleted configuration", + "id": "0000082478" + }, + "object": { + "name": "someuser", + "type": "NACServer" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "someadmin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:05:16 isehost CISE_Administrative_and_Operational_Audit 0000082478 1 0 2022-03-03 09:05:16.475 +00:00 0000082545 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1626, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminSession=ProfilerSession, AdminName=someadmin, ConfigChangeData=NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser,", + "sequence": 82545, + "timezone": "+00:00", + "type": [ + "deletion", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:05:16.475 +00:00 0000082545 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1626, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminSession=ProfilerSession, AdminName=someadmin, ConfigChangeData=NACServer{ipAddress=10.0.14.121,name=someuser,username=someuserusername,password=*******,enable=false,description=}, ObjectType=NACServer, ObjectName=someuser,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "someadmin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T11:58:35.811Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "component": "Administration", + "config_change": { + "data": "object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d" + }, + "config_version": { + "id": 1698 + }, + "log_details": "ConfigVersionId=1698, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=admin, ConfigChangeData=object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d", + "message": { + "code": "52002", + "description": "Configuration-Changes: Deleted configuration", + "id": "0000083550" + }, + "object": { + "internal": { + "id": "38bcf4bf-f61a-4028-8b69-ef94eceb2a8d" + }, + "name": "test123", + "type": "Network Access Users" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "172.16.22.156", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 11:58:35 isehost CISE_Administrative_and_Operational_Audit 0000083550 1 0 2022-03-03 11:58:35.811 +00:00 0000083617 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1698, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=admin, ConfigChangeData=object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d,", + "sequence": 83617, + "timezone": "+00:00", + "type": [ + "deletion", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 11:58:35.811 +00:00 0000083617 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=1698, AdminInterface=GUI, AdminIPAddress=172.16.22.156, AdminName=admin, ConfigChangeData=object deleted: Name=test123, ObjectType=Network Access Users, ObjectName=test123, Component=Administration, ObjectInternalID=38bcf4bf-f61a-4028-8b69-ef94eceb2a8d,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "172.16.22.156" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T01:04:02.331Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1553 + }, + "feed_service": { + "feed": { + "name": "Profiler", + "version": "1,2,3,4" + }, + "host": "ise.cisco.com", + "port": "8443", + "query": { + "from_time": "2022-02-22T00:22:00.653Z" + } + }, + "log_details": "ConfigVersionId=1553, OperationMessageText={FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler}", + "message": { + "code": "60067", + "description": "FeedService: Profiler Feed Service - automatic download intitiated", + "id": "0000080239" + }, + "operation_message": { + "text": "FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "feedservice", + "category": [ + "process" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 01:04:02 isehost CISE_Administrative_and_Operational_Audit 0000080239 1 0 2022-03-03 01:04:02.331 +00:00 0000080306 60067 NOTICE FeedService: Profiler Feed Service - automatic download intitiated, ConfigVersionId=1553, OperationMessageText={FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler},", + "sequence": 80306, + "timezone": "+00:00", + "type": [ + "info", + "start" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 01:04:02.331 +00:00 0000080306 60067 NOTICE FeedService: Profiler Feed Service - automatic download intitiated, ConfigVersionId=1553, OperationMessageText={FeedServiceQueryFromTime=2022-02-22T00:22:00.653+00:00, FeedServicePort=8443, FeedServiceHost=ise.cisco.com, FeedServiceFeedVersion=1,2,3,4, FeedServiceQueryToTime=, FeedServiceFeed=Profiler},", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T01:04:06.254Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1553 + }, + "log_details": "ConfigVersionId=1553", + "message": { + "code": "60070", + "description": "FeedService: Profiler Feed Service - No Profiles Downloaded", + "id": "0000080240" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "feedservice", + "category": [ + "process" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 01:04:06 isehost CISE_Administrative_and_Operational_Audit 0000080240 1 0 2022-03-03 01:04:06.254 +00:00 0000080307 60070 NOTICE FeedService: Profiler Feed Service - No Profiles Downloaded, ConfigVersionId=1553,", + "sequence": 80307, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 01:04:06.254 +00:00 0000080307 60070 NOTICE FeedService: Profiler Feed Service - No Profiles Downloaded, ConfigVersionId=1553,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:24:13.263Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1628 + }, + "identity": { + "group": "ALL_ACCOUNTS (default)" + }, + "log_details": "ConfigVersionId=1628, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35", + "message": { + "code": "60078", + "description": "MyDevices: MyDevices user has successfully authenticated", + "id": "0000082652" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "isehost.local" + }, + "response": { + "time": 35 + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:24:13 isehost CISE_Administrative_and_Operational_Audit 0000082652 1 0 2022-03-03 09:24:13.263 +00:00 0000082719 60078 NOTICE MyDevices: MyDevices user has successfully authenticated, ConfigVersionId=1628, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35,", + "sequence": 82719, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost", + "ip": "81.2.69.143" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:24:13.263 +00:00 0000082719 60078 NOTICE MyDevices: MyDevices user has successfully authenticated, ConfigVersionId=1628, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35,", + "related": { + "hosts": [ + "isehost", + "isehost.local" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "someuser" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "someuser" + } + }, + { + "@timestamp": "2022-03-03T00:00:00.478Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1543 + }, + "log_details": "ConfigVersionId=1543, AdminIPAddress=10.0.9.204, AdminName=system", + "message": { + "code": "60456", + "description": "System-Management: Started CRL/OCSP periodic certificate check", + "id": "0000079938" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "system" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "process" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 00:00:00 isehost CISE_Administrative_and_Operational_Audit 0000079938 1 0 2022-03-03 00:00:00.478 +00:00 0000080005 60456 NOTICE System-Management: Started CRL/OCSP periodic certificate check, ConfigVersionId=1543, AdminIPAddress=10.0.9.204, AdminName=system,", + "sequence": 80005, + "timezone": "+00:00", + "type": [ + "info", + "start" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 00:00:00.478 +00:00 0000080005 60456 NOTICE System-Management: Started CRL/OCSP periodic certificate check, ConfigVersionId=1543, AdminIPAddress=10.0.9.204, AdminName=system,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "system" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T00:01:01.464Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost.local" + }, + "admin": { + "interface": "Internal" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1545 + }, + "log_details": "ConfigVersionId=1545, AdminInterface=Internal, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, OperationMessageText=Account employee10 is disabled, AcsInstance=isehost.local", + "message": { + "code": "60461", + "description": "System-Management: Account disabled due to user level date expiry", + "id": "0000079946" + }, + "operation_message": { + "text": "Account employee10 is disabled" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "internal-sys-user" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 00:01:01 isehost CISE_Administrative_and_Operational_Audit 0000079946 1 0 2022-03-03 00:01:01.464 +00:00 0000080013 60461 NOTICE System-Management: Account disabled due to user level date expiry, ConfigVersionId=1545, AdminInterface=Internal, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, OperationMessageText=Account employee10 is disabled, AcsInstance=isehost.local,", + "sequence": 80013, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 00:01:01.464 +00:00 0000080013 60461 NOTICE System-Management: Account disabled due to user level date expiry, ConfigVersionId=1545, AdminInterface=Internal, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, OperationMessageText=Account employee10 is disabled, AcsInstance=isehost.local,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "internal-sys-user" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:06:23.123Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "UNKNOWN" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 794 + }, + "log_details": "ConfigVersionId=794, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection created from 10.0.9.204:42863 to 169.254.2.3:5671, AcsInstance=isehost", + "message": { + "code": "61025", + "description": "EAP-TLS: Open secure connection with TLS peer", + "id": "0000040765" + }, + "operation_message": { + "text": "Connection created from 10.0.9.204:42863 to 169.254.2.3:5671" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap-tls", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:06:23 isehost CISE_Administrative_and_Operational_Audit 0000040765 1 0 2022-03-03 09:06:23.123 +00:00 0000040810 61025 NOTICE EAP-TLS: Open secure connection with TLS peer, ConfigVersionId=794, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection created from 10.0.9.204:42863 to 169.254.2.3:5671, AcsInstance=isehost,", + "sequence": 40810, + "timezone": "+00:00", + "type": [ + "connection", + "info", + "start" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:06:23.123 +00:00 0000040810 61025 NOTICE EAP-TLS: Open secure connection with TLS peer, ConfigVersionId=794, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection created from 10.0.9.204:42863 to 169.254.2.3:5671, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:08:33.981Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "UNKNOWN" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1626 + }, + "log_details": "ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost", + "message": { + "code": "61026", + "description": "EAP-TLS: Shutdown secure connection with TLS peer", + "id": "0000082499" + }, + "operation_message": { + "text": "Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap-tls", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:08:33 isehost CISE_Administrative_and_Operational_Audit 0000082499 1 0 2022-03-03 09:08:33.981 +00:00 0000082565 61026 NOTICE EAP-TLS: Shutdown secure connection with TLS peer, ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost,", + "sequence": 82565, + "timezone": "+00:00", + "type": [ + "connection", + "end", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:08:33.981 +00:00 0000082565 61026 NOTICE EAP-TLS: Shutdown secure connection with TLS peer, ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:25:05.100Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1630 + }, + "identity": { + "group": "ALL_ACCOUNTS (default)" + }, + "log_details": "ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35", + "message": { + "code": "61077", + "description": "MyDevices: MyDevices has been successfully logged out", + "id": "0000082666" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "isehost.local" + }, + "response": { + "time": 35 + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:25:05 isehost CISE_Administrative_and_Operational_Audit 0000082666 1 0 2022-03-03 09:25:05.100 +00:00 0000082733 61077 NOTICE MyDevices: MyDevices has been successfully logged out, ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35,", + "sequence": 82733, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost", + "ip": "81.2.69.143" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:25:05.100 +00:00 0000082733 61077 NOTICE MyDevices: MyDevices has been successfully logged out, ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35,", + "related": { + "hosts": [ + "isehost", + "isehost.local" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "someuser" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "someuser" + } + }, + { + "@timestamp": "2022-03-03T08:31:21.075Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "assigned_targets": [ + "LogCollector", + "LogCollector2", + "ProfilerRadiusProbe" + ], + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_change": { + "data": "Object modified:\\, Log Severity Level = DEBUG\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}" + }, + "config_version": { + "id": 1621 + }, + "failure": { + "flag": false + }, + "local_logging": "enable", + "log_details": "ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\\, Log Severity Level = DEBUG\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories \"Passed Authentications\" has been edited successfully.", + "message": { + "code": "52001", + "description": "Configuration-Changes: Changed configuration", + "id": "0000082306" + }, + "object": { + "name": "AAA Diagnostics", + "type": "UPSCategory" + }, + "operation_message": { + "text": "LoggingCategories \"Passed Authentications\" has been edited successfully." + }, + "request_response": { + "type": "initial" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "someadmin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 08:31:21 isehost CISE_Administrative_and_Operational_Audit 0000082306 1 0 2022-03-03 08:31:21.075 +00:00 0000082373 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\\, Log Severity Level = DEBUG\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories \"Passed Authentications\" has been edited successfully.,", + "sequence": 82373, + "timezone": "+00:00", + "type": [ + "change", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 08:31:21.075 +00:00 0000082373 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\\, Log Severity Level = DEBUG\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories \"Passed Authentications\" has been edited successfully.,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "someadmin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-10T11:04:19.271Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 3117 + }, + "failure": { + "reason": "22040 Wrong password or invalid shared secret" + }, + "log_details": "ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90", + "message": { + "code": "60077", + "description": "MyDevices: MyDevices user authentication has failed", + "id": "0000130002" + }, + "portal": { + "name": "test-mydevices" + }, + "psn": { + "hostname": "isehost.local" + }, + "response": { + "time": 90 + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 10 11:04:19 isehost CISE_Administrative_and_Operational_Audit 0000130002 1 0 2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90, ", + "sequence": 130069, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost", + "ip": "172.16.17.255" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90,", + "related": { + "hosts": [ + "isehost", + "isehost.local" + ], + "ip": [ + "172.16.17.255" + ], + "user": [ + "test1123" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test1123" + } + }, + { + "@timestamp": "2022-03-11T07:20:28.019Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1703 + }, + "failure": { + "flag": true + }, + "log_details": "ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost", + "message": { + "code": "58005", + "description": "Process-Management: ISE process was restarted by watchdog service", + "id": "0000093200" + }, + "operation_message": { + "text": "Process: 'ISE Stunnel Service' started by ISE watchdog process" + }, + "request_response": { + "type": "final" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "system" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "process-management", + "category": [ + "iam", + "process" + ], + "kind": "event", + "original": "\u003c181\u003eMar 11 07:20:28 isehost CISE_Administrative_and_Operational_Audit 0000093200 1 0 2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost, ", + "sequence": 93246, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "system" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-10T05:25:13.944Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 3068 + }, + "log_details": "ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost", + "message": { + "code": "60094", + "description": "System-Management: ISE Backup has completed successfully", + "id": "0000128314" + }, + "operation_message": { + "text": "Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c181\u003eMar 10 05:25:13 isehost CISE_Administrative_and_Operational_Audit 0000128314 1 0 2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost, ", + "sequence": 128381, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-10T05:24:16.414Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 3068 + }, + "log_details": "ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost", + "message": { + "code": "60093", + "description": "System-Management: ISE Backup has started", + "id": "0000128311" + }, + "operation_message": { + "text": "Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c181\u003eMar 10 05:24:16 isehost CISE_Administrative_and_Operational_Audit 0000128311 1 0 2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost, ", + "sequence": 128378, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-09T19:00:42.763Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 1537 + }, + "log_details": "ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost", + "message": { + "code": "60134", + "description": "System-Management: DNS Resolution failure", + "id": "0000083172" + }, + "operation_message": { + "text": "DNS resolution failed for the hostname isehost.local against the currently configured name servers." + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "system" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "iam", + "network" + ], + "kind": "event", + "original": "\u003c181\u003eMar 9 19:00:42 isehost CISE_Administrative_and_Operational_Audit 0000083172 1 0 2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost, ", + "sequence": 83218, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "system" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-08T12:26:58.391Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 2726 + }, + "log_details": "ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost", + "message": { + "code": "60188", + "description": "Administrator-Login: An attempted SSH connection has failed", + "id": "0000116964" + }, + "operation_message": { + "text": "Received disconnect from 81.2.69.143 port 36953:11: disconnected by user" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116964 1 0 2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost, ", + "sequence": 117031, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-08T12:26:58.390Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 2726 + }, + "log_details": "ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost", + "message": { + "code": "60116", + "description": "Administrator-Login: A CLI user has logged out from SSH", + "id": "0000116963" + }, + "operation_message": { + "text": "User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116963 1 0 2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, ", + "sequence": 117030, + "timezone": "+00:00", + "type": [ + "user", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-08T12:15:32.654Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 2718 + }, + "log_details": "ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost", + "message": { + "code": "60080", + "description": "Administrator-Login: A SSH CLI user has successfully logged in", + "id": "0000116901" + }, + "operation_message": { + "text": "Accepted password for admin from 81.2.69.143 port 36953 ssh2" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116901 1 0 2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost, ", + "sequence": 116968, + "timezone": "+00:00", + "type": [ + "user", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-08T12:15:32.654Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 2718 + }, + "log_details": "ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost", + "message": { + "code": "60115", + "description": "Administrator-Login: A CLI user has logged in from SSH", + "id": "0000116902" + }, + "operation_message": { + "text": "User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116902 1 0 2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost, ", + "sequence": 116969, + "timezone": "+00:00", + "type": [ + "user", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-08T12:14:39.376Z", + "cisco_ise": { + "log": { + "acs": { + "instance": "isehost" + }, + "admin": { + "interface": "CLI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_version": { + "id": 2718 + }, + "log_details": "ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost", + "message": { + "code": "60081", + "description": "Administrator-Login: A SSH CLI user has attempted unsuccessfully to login", + "id": "0000116896" + }, + "operation_message": { + "text": "Failed password for root from 81.2.69.143 port 36661 ssh2" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "administrator-login", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 8 12:14:39 isehost CISE_Administrative_and_Operational_Audit 0000116896 1 0 2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost, ", + "sequence": 116963, + "timezone": "+00:00", + "type": [ + "user", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-15T08:30:16.000Z", + "cisco_ise": { + "log": { + "admin": { + "session": "AdminGUI_Session" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "log_details": "AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=User logged out", + "message": { + "id": "0000001486" + }, + "operation_message": { + "text": "User logged out" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "client": { + "ip": "10.0.1.1", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c181\u003eMar 15 08:30:16 isehost CISE_Administrative_and_Operational_Audit 0000001486 2 1 AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=User logged out," + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=User logged out,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.1.1" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-15T09:34:39.000Z", + "cisco_ise": { + "log": { + "admin": { + "session": "AdminGUI_Session" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "log_details": "AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=Administrator authentication successful", + "message": { + "id": "0000001602" + }, + "operation_message": { + "text": "Administrator authentication successful" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "client": { + "ip": "10.0.1.1", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c181\u003eMar 15 09:34:39 isehost CISE_Administrative_and_Operational_Audit 0000001602 2 1 AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=Administrator authentication successful, " + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "AdminIPAddress=10.0.1.1, AdminSession=AdminGUI_Session, AdminName=admin, OperationMessageText=Administrator authentication successful,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.1.1" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-11T22:52:25.650Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "component": "Administration", + "config_version": { + "id": 3426 + }, + "failure": { + "flag": false + }, + "log_details": "ConfigVersionId=3426, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ObjectType=Machine Authentication Settings, ObjectName=Machine Authentication Settings, Component=Administration, ObjectInternalID=unknown", + "message": { + "code": "52001", + "description": "Configuration-Changes: Changed configuration", + "id": "0000049530" + }, + "object": { + "internal": { + "id": "unknown" + }, + "name": "Machine Authentication Settings", + "type": "Machine Authentication Settings" + }, + "request_response": { + "type": "initial" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "internal-sys-user" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 11 22:52:25 isehost CISE_Administrative_and_Operational_Audit 0000049530 1 0 2022-03-11 22:52:25.650 +00:00 0000139953 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=3426, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ObjectType=Machine Authentication Settings, ObjectName=Machine Authentication Settings, Component=Administration, ObjectInternalID=unknown, ", + "sequence": 139953, + "timezone": "+00:00", + "type": [ + "change", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-11 22:52:25.650 +00:00 0000139953 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=3426, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ObjectType=Machine Authentication Settings, ObjectName=Machine Authentication Settings, Component=Administration, ObjectInternalID=unknown,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "internal-sys-user" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-14T07:12:06.324Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "assigned_targets": [ + "LogCollector", + "LogCollector2", + "ProfilerRadiusProbe", + "TCP Collector KS1", + "TCP Collector QA", + "test_sec_log", + "Test_TCP", + "test_tcp", + "test_tcp2", + "test_udp", + "UDP Collector KS1", + "UDP Collector QA" + ], + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_change": { + "data": "Object modified:\\, Log Severity Level = INFO\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe,TCP Collector KS1,TCP Collector QA,test_sec_log,Test_TCP,test_tcp,test_tcp2,test_udp,UDP Collector KS1,UDP Collector QA}" + }, + "config_version": { + "id": 97 + }, + "failure": { + "flag": false + }, + "local_logging": "enable", + "log_details": "ConfigVersionId=97, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=Object modified:\\, Log Severity Level = INFO\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe,TCP Collector KS1,TCP Collector QA,test_sec_log,Test_TCP,test_tcp,test_tcp2,test_udp,UDP Collector KS1,UDP Collector QA}, ObjectType=UPSCategory, ObjectName=System Statistics, OperationMessageText=LoggingCategories \"Administrative and Operational Audit\" has been edited successfully.", + "message": { + "code": "52001", + "description": "Configuration-Changes: Changed configuration", + "id": "0000000155" + }, + "object": { + "name": "System Statistics", + "type": "UPSCategory" + }, + "operation_message": { + "text": "LoggingCategories \"Administrative and Operational Audit\" has been edited successfully." + }, + "request_response": { + "type": "initial" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 14 07:12:06 isehost CISE_Administrative_and_Operational_Audit 0000000155 1 0 2022-03-14 07:12:06.324 +00:00 0000000245 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=97, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=Object modified:\\, Log Severity Level = INFO\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe,TCP Collector KS1,TCP Collector QA,test_sec_log,Test_TCP,test_tcp,test_tcp2,test_udp,UDP Collector KS1,UDP Collector QA}, ObjectType=UPSCategory, ObjectName=System Statistics, OperationMessageText=LoggingCategories \"Administrative and Operational Audit\" has been edited successfully., ", + "sequence": 245, + "timezone": "+00:00", + "type": [ + "change", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-14 07:12:06.324 +00:00 0000000245 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=97, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=Object modified:\\, Log Severity Level = INFO\\,Local Logging = enable\\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe,TCP Collector KS1,TCP Collector QA,test_sec_log,Test_TCP,test_tcp,test_tcp2,test_udp,UDP Collector KS1,UDP Collector QA}, ObjectType=UPSCategory, ObjectName=System Statistics, OperationMessageText=LoggingCategories \"Administrative and Operational Audit\" has been edited successfully.,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-14T09:43:33.233Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "component": "UNKNOWN", + "config_change": { + "data": "object updated: Name=testad1" + }, + "config_version": { + "id": 55 + }, + "failure": { + "flag": false + }, + "log_details": "ConfigVersionId=55, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=object updated: Name=testad1, ObjectType=Active Directory Instance, ObjectName=testad1, Component=UNKNOWN, ObjectInternalID=unknown", + "message": { + "code": "52001", + "description": "Configuration-Changes: Changed configuration", + "id": "0000000312" + }, + "object": { + "internal": { + "id": "unknown" + }, + "name": "testad1", + "type": "Active Directory Instance" + }, + "request_response": { + "type": "initial" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 14 09:43:33 isehost CISE_Administrative_and_Operational_Audit 0000000312 1 0 2022-03-14 09:43:33.233 +00:00 0000000402 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=55, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=object updated: Name=testad1, ObjectType=Active Directory Instance, ObjectName=testad1, Component=UNKNOWN, ObjectInternalID=unknown,", + "sequence": 402, + "timezone": "+00:00", + "type": [ + "change", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-14 09:43:33.233 +00:00 0000000402 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=55, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=admin, ConfigChangeData=object updated: Name=testad1, ObjectType=Active Directory Instance, ObjectName=testad1, Component=UNKNOWN, ObjectInternalID=unknown,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-20T12:13:30.185Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "config_change": { + "data": "Local Storage Period = 1 days" + }, + "config_version": { + "id": 546 + }, + "failure": { + "flag": false + }, + "log_details": "ConfigVersionId=546, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Local Storage Period = 1 days, ObjectType=UPSLogSettings, ObjectName=LocalStore", + "message": { + "code": "52001", + "description": "Configuration-Changes: Changed configuration", + "id": "0000002725" + }, + "object": { + "name": "LocalStore", + "type": "UPSLogSettings" + }, + "request_response": { + "type": "initial" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "10.0.9.204", + "user": { + "name": "internal-sys-user" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c149\u003eMar 20 12:13:30 isehost CISE_Administrative_and_Operational_Audit 0000002725 1 0 2022-03-20 12:13:30.185 +00:00 0000003033 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=546, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Local Storage Period = 1 days, ObjectType=UPSLogSettings, ObjectName=LocalStore,", + "sequence": 3033, + "timezone": "+00:00", + "type": [ + "change", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 149, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-20 12:13:30.185 +00:00 0000003033 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=546, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=internal-sys-user, ConfigChangeData=Local Storage Period = 1 days, ObjectType=UPSLogSettings, ObjectName=LocalStore,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204" + ], + "user": [ + "internal-sys-user" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-29T05:53:36.769Z", + "cisco_ise": { + "log": { + "admin": { + "interface": "GUI" + }, + "category": { + "name": "CISE_Administrative_and_Operational_Audit" + }, + "component": "Network Access", + "config_version": { + "id": 258 + }, + "log_details": "ConfigVersionId=258, AdminInterface=GUI, AdminIPAddress=81.2.69.144, AdminName=admin, ObjectType=Active Directory Instance, ObjectName=test123test123test123test123test, Component=Network Access, ObjectInternalID=unknown", + "message": { + "code": "52002", + "description": "Configuration-Changes: Deleted configuration", + "id": "0000000931" + }, + "object": { + "internal": { + "id": "unknown" + }, + "name": "test123test123test123test123test", + "type": "Active Directory Instance" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.144", + "user": { + "name": "admin" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "configuration-changes", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "\u003c181\u003eMar 29 05:53:36 isehost CISE_Administrative_and_Operational_Audit 0000000931 1 0 2022-03-29 05:53:36.769 +00:00 0000001104 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=258, AdminInterface=GUI, AdminIPAddress=81.2.69.144, AdminName=admin, ObjectType=Active Directory Instance, ObjectName=test123test123test123test123test, Component=Network Access, ObjectInternalID=unknown,", + "sequence": 1104, + "timezone": "+00:00", + "type": [ + "deletion", + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-29 05:53:36.769 +00:00 0000001104 52002 NOTICE Configuration-Changes: Deleted configuration, ConfigVersionId=258, AdminInterface=GUI, AdminIPAddress=81.2.69.144, AdminName=admin, ObjectType=Active Directory Instance, ObjectName=test123test123test123test123test, Component=Network Access, ObjectInternalID=unknown,", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log new file mode 100644 index 00000000000..c8a4418faae --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log @@ -0,0 +1,10 @@ +<183>Mar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082628 1 0 2022-03-03 09:22:59.360 +00:00 0000082695 22016 DEBUG Workflow: Identity sequence completed iterating the IDStores, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:24:13 isehost CISE_Authentication_Flow_Diagnostics 0000082651 1 0 2022-03-03 09:24:13.238 +00:00 0000082718 22037 DEBUG Workflow: Authentication Passed, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth20, Response={AuthenticationResult=Passed; }, +<182>Mar 3 09:22:51 isehost CISE_Authentication_Flow_Diagnostics 0000082605 1 0 2022-03-03 09:22:51.639 +00:00 0000082672 22040 INFO Authentication: Wrong password or invalid shared secret, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; }, +<183>Mar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082629 1 0 2022-03-03 09:22:59.360 +00:00 0000082696 22056 DEBUG Workflow: Subject not found in the applicable identity store(s), ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }, +<182>Mar 3 09:22:51 isehost CISE_Authentication_Flow_Diagnostics 0000082606 1 0 2022-03-03 09:22:51.639 +00:00 0000082673 22057 INFO Workflow: The advanced option that is configured for a failed authentication request is used, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; }, +<182>Mar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082630 1 0 2022-03-03 09:22:59.361 +00:00 0000082697 22058 INFO Workflow: The advanced option that is configured for an unknown user is used, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }, +<182>Mar 3 11:37:34 isehost CISE_Authentication_Flow_Diagnostics 0000083415 1 0 2022-03-03 11:37:34.928 +00:00 0000083482 22060 INFO Workflow: The 'Continue' advanced option is configured in case of a failed authentication request, ConfigVersionId=1696, DestinationIPAddress=10.0.9.204, UserName=92-09-00-00-00-01, NAS-IP-Address=10.0.14.108, Calling-Station-ID=92:09:00:00:00:01, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Endpoints, WorkflowIfUserNotFound=Continue, WorkflowIfProcessError=Drop, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; AuthenticationAction=Continue; }, +<182>Mar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082631 1 0 2022-03-03 09:22:59.361 +00:00 0000082698 22061 INFO Workflow: The 'Reject' advanced option is configured in case of a failed authentication request, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; AuthenticationAction=Reject; }, +<182>Mar 3 09:24:13 isehost CISE_Authentication_Flow_Diagnostics 0000082647 1 0 2022-03-03 09:24:13.235 +00:00 0000082714 22072 INFO Authentication: Selected identity source sequence, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, CPMSessionID=isehost:userauth20, +<182>Mar 28 11:23:25 isehost CISE_Authentication_Flow_Diagnostics 0000000130 3 1 SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json new file mode 100644 index 00000000000..2cf9879d7be --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -0,0 +1,1028 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T09:22:59.360Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }", + "message": { + "code": "22016", + "description": "Workflow: Identity sequence completed iterating the IDStores", + "id": "0000082628" + }, + "response": { + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + }, + "authentication": { + "identity_stores": "All_AD_Join_Points" + } + }, + "workflow": { + "current_id": { + "store_index": 2 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082628 1 0 2022-03-03 09:22:59.360 +00:00 0000082695 22016 DEBUG Workflow: Identity sequence completed iterating the IDStores, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "sequence": 82695, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.360 +00:00 0000082695 22016 DEBUG Workflow: Identity sequence completed iterating the IDStores, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "admin" + ] + } + }, + { + "@timestamp": "2022-03-03T09:24:13.238Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/115" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth20" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth20, Response={AuthenticationResult=Passed; }", + "message": { + "code": "22037", + "description": "Workflow: Authentication Passed", + "id": "0000082651" + }, + "response": { + "AuthenticationResult": "Passed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + }, + "authentication": { + "identity_stores": "Internal Users" + } + }, + "workflow": { + "current_id": { + "store_index": 0 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:24:13 isehost CISE_Authentication_Flow_Diagnostics 0000082651 1 0 2022-03-03 09:24:13.238 +00:00 0000082718 22037 DEBUG Workflow: Authentication Passed, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth20, Response={AuthenticationResult=Passed; },", + "sequence": 82718, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:24:13.238 +00:00 0000082718 22037 DEBUG Workflow: Authentication Passed, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth20, Response={AuthenticationResult=Passed; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "test" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "test" + ] + } + }, + { + "@timestamp": "2022-03-03T09:22:51.639Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/110" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth18" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; }", + "message": { + "code": "22040", + "description": "Authentication: Wrong password or invalid shared secret", + "id": "0000082605" + }, + "response": { + "AuthenticationResult": "Failed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "current_id": { + "store_index": 0 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "authentication", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:22:51 isehost CISE_Authentication_Flow_Diagnostics 0000082605 1 0 2022-03-03 09:22:51.639 +00:00 0000082672 22040 INFO Authentication: Wrong password or invalid shared secret, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; },", + "sequence": 82672, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:22:51.639 +00:00 0000082672 22040 INFO Authentication: Wrong password or invalid shared secret, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "employee1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "employee1" + ] + } + }, + { + "@timestamp": "2022-03-03T09:22:59.360Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }", + "message": { + "code": "22056", + "description": "Workflow: Subject not found in the applicable identity store(s)", + "id": "0000082629" + }, + "response": { + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "current_id": { + "store_index": 2 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082629 1 0 2022-03-03 09:22:59.360 +00:00 0000082696 22056 DEBUG Workflow: Subject not found in the applicable identity store(s), ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "sequence": 82696, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.360 +00:00 0000082696 22056 DEBUG Workflow: Subject not found in the applicable identity store(s), ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "admin" + ] + } + }, + { + "@timestamp": "2022-03-03T09:22:51.639Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/110" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth18" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; }", + "message": { + "code": "22057", + "description": "Workflow: The advanced option that is configured for a failed authentication request is used", + "id": "0000082606" + }, + "response": { + "AuthenticationResult": "Failed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + }, + "authentication": { + "identity_stores": "Internal Users" + } + }, + "workflow": { + "current_id": { + "store_index": 0 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:22:51 isehost CISE_Authentication_Flow_Diagnostics 0000082606 1 0 2022-03-03 09:22:51.639 +00:00 0000082673 22057 INFO Workflow: The advanced option that is configured for a failed authentication request is used, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; },", + "sequence": 82673, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:22:51.639 +00:00 0000082673 22057 INFO Workflow: The advanced option that is configured for a failed authentication request is used, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/110, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth18, Response={AuthenticationResult=Failed; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "employee1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "employee1" + ] + } + }, + { + "@timestamp": "2022-03-03T09:22:59.361Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; }", + "message": { + "code": "22058", + "description": "Workflow: The advanced option that is configured for an unknown user is used", + "id": "0000082630" + }, + "response": { + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "current_id": { + "store_index": 2 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082630 1 0 2022-03-03 09:22:59.361 +00:00 0000082697 22058 INFO Workflow: The advanced option that is configured for an unknown user is used, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "sequence": 82697, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:22:59.361 +00:00 0000082697 22058 INFO Workflow: The advanced option that is configured for an unknown user is used, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "admin" + ] + } + }, + { + "@timestamp": "2022-03-03T11:37:34.928Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "authentication": { + "method": "Lookup" + }, + "calling_station": { + "id": "92:09:00:00:00:01" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "currentid": { + "store_name": "Internal Endpoints" + }, + "log_details": "ConfigVersionId=1696, DestinationIPAddress=10.0.9.204, UserName=92-09-00-00-00-01, NAS-IP-Address=10.0.14.108, Calling-Station-ID=92:09:00:00:00:01, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Endpoints, WorkflowIfUserNotFound=Continue, WorkflowIfProcessError=Drop, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; AuthenticationAction=Continue; }", + "message": { + "code": "22060", + "description": "Workflow: The 'Continue' advanced option is configured in case of a failed authentication request", + "id": "0000083415" + }, + "nas": { + "ip": "10.0.14.108" + }, + "response": { + "AuthenticationAction": "Continue", + "AuthenticationResult": "UnknownUser", + "QueryResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "workflow": { + "current_id": { + "store_index": 0 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Drop", + "user_not_found": "Continue" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "destination": { + "ip": "10.0.9.204" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 11:37:34 isehost CISE_Authentication_Flow_Diagnostics 0000083415 1 0 2022-03-03 11:37:34.928 +00:00 0000083482 22060 INFO Workflow: The 'Continue' advanced option is configured in case of a failed authentication request, ConfigVersionId=1696, DestinationIPAddress=10.0.9.204, UserName=92-09-00-00-00-01, NAS-IP-Address=10.0.14.108, Calling-Station-ID=92:09:00:00:00:01, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Endpoints, WorkflowIfUserNotFound=Continue, WorkflowIfProcessError=Drop, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; AuthenticationAction=Continue; },", + "sequence": 83482, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 11:37:34.928 +00:00 0000083482 22060 INFO Workflow: The 'Continue' advanced option is configured in case of a failed authentication request, ConfigVersionId=1696, DestinationIPAddress=10.0.9.204, UserName=92-09-00-00-00-01, NAS-IP-Address=10.0.14.108, Calling-Station-ID=92:09:00:00:00:01, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Endpoints, WorkflowIfUserNotFound=Continue, WorkflowIfProcessError=Drop, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; AuthenticationAction=Continue; },", + "related": { + "hosts": [ + "isehost" + ], + "ip": [ + "10.0.9.204", + "10.0.14.108" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-03T09:22:59.361Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; AuthenticationAction=Reject; }", + "message": { + "code": "22061", + "description": "Workflow: The 'Reject' advanced option is configured in case of a failed authentication request", + "id": "0000082631" + }, + "response": { + "AuthenticationAction": "Reject", + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "current_id": { + "store_index": 2 + }, + "if": { + "authentication_failed": "Reject", + "process_error": "Reject", + "user_not_found": "Reject" + }, + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "workflow", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:22:59 isehost CISE_Authentication_Flow_Diagnostics 0000082631 1 0 2022-03-03 09:22:59.361 +00:00 0000082698 22061 INFO Workflow: The 'Reject' advanced option is configured in case of a failed authentication request, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; AuthenticationAction=Reject; },", + "sequence": 82698, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:22:59.361 +00:00 0000082698 22061 INFO Workflow: The 'Reject' advanced option is configured in case of a failed authentication request, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/112, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=isehost:userauth19, Response={AuthenticationResult=UnknownUser; AuthenticationAction=Reject; },", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "admin" + ] + } + }, + { + "@timestamp": "2022-03-03T09:24:13.235Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/115" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth20" + } + }, + "log_details": "ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, CPMSessionID=isehost:userauth20", + "message": { + "code": "22072", + "description": "Authentication: Selected identity source sequence", + "id": "0000082647" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "authentication", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:24:13 isehost CISE_Authentication_Flow_Diagnostics 0000082647 1 0 2022-03-03 09:24:13.235 +00:00 0000082714 22072 INFO Authentication: Selected identity source sequence, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, CPMSessionID=isehost:userauth20,", + "sequence": 82714, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:24:13.235 +00:00 0000082714 22072 INFO Authentication: Selected identity source sequence, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=isehost/435083133/115, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence, CPMSessionID=isehost:userauth20,", + "related": { + "hosts": [ + "isehost" + ], + "user": [ + "test" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "test" + ] + } + }, + { + "@timestamp": "2022-03-28T11:23:25.000Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/437837646/2" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Authentication_Flow_Diagnostics" + }, + "log_details": "SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence", + "message": { + "id": "0000000130" + }, + "segment": { + "number": 1, + "total": 3 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + }, + "workflow": { + "sequence": { + "type": "AuthenticationSequence" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c182\u003eMar 28 11:23:25 isehost CISE_Authentication_Flow_Diagnostics 0000000130 3 1 SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, WorkflowSequenceType=AuthenticationSequence,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log new file mode 100644 index 00000000000..56eefeaa53f --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log @@ -0,0 +1,7 @@ +<181>Mar 2 09:09:13 cisco-ise-host CISE_Failed_Attempts 0000075134 1 0 2022-03-02 09:09:13.790 +00:00 0000075201 5405 NOTICE Failed-Attempt: RADIUS Request dropped, ConfigVersionId=1364, Device IP Address=81.2.69.193, Device Port=42946, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/47, FailureReason=11036 The Message-Authenticator RADIUS attribute is invalid, Step=11001, Step=11017, Step=11036, Step=5405, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 10:36:16 cisco-ise-host CISE_Failed_Attempts 0000075876 1 0 2022-03-02 10:36:16.136 +00:00 0000075943 5411 NOTICE Failed-Attempt: Supplicant stopped responding to ISE, ConfigVersionId=1381, RadiusPacketType=Drop, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testnac1, AcsSessionID=cisco-ise-host/435083133/80, SelectedAccessService=Default Network Access, RequestLatency=13, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5411, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message="protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testnac1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc, EndPointMACAddress=00-00-00-00-00-01, ISEPolicySetName=Default, StepLatency=25=120001, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 11:10:16 cisco-ise-host CISE_Failed_Attempts 0000076158 1 0 2022-03-02 11:10:16.634 +00:00 0000076224 5418 NOTICE Guest: Guest Authentication Failed, ConfigVersionId=1397, FailureReason=22056 Subject not found in the applicable identity store(s), UserType=NON_GUEST, UserName=INVALID, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=18, Step=5418, +<181>Mar 2 09:56:00 cisco-ise-host CISE_Failed_Attempts 0000075523 1 0 2022-03-02 09:56:00.597 +00:00 0000075590 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario, ConfigVersionId=1373, Device IP Address=81.2.69.193, Device Port=47053, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/64, FailureReason=11007 Could not locate Network Device or AAA Client, Step=11001, Step=11017, Step=11007, Step=5435, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, TotalFailedAttempts=11, TotalFailedTime=2806, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, +<181>Mar 2 09:04:59 cisco-ise-host CISE_Failed_Attempts 0000000581 1 0 2022-03-02 09:04:59.136 +00:00 0000075131 5440 NOTICE RADIUS: Endpoint abandoned EAP session and started new, ConfigVersionId=1364, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testDevice1, AcsSessionID=cisco-ise-host/435083133/41, SelectedAccessService=Default Network Access, RequestLatency=16, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5440, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message="protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]", OpenSSLErrorStack= 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o, EndPointMACAddress=00-23-DF-00-00-01, ISEPolicySetName=Default, StepLatency=25=9051, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={RadiusPacketType=Drop; }, +<182>Apr 27 11:11:09 gg.hhh.iii.com CISE_Failed_Attempts 0000000169 1 0 2020-04-27 11:11:09.260369 +00:00 0000003928 5400 NOTICE Failed-Attempt: Authentication failed, ConfigVersionId=93, Device IP Address=81.2.69.193, Device Port=16345, DestinationIPAddress=81.2.69.193, DestinationPort=1645, RadiusPacketType=AccessRequest, Protocol=Radius, RequestLatency=1, NetworkDeviceName=sw, User-Name=fernandGiancarl, NAS-IP-Address=81.2.69.193, NAS-Port=50115, Service-Type=Framed, Framed-IP-Address=81.2.69.193, Framed-MTU=1500, State=37CPMSessionID=0a222bc0000000d123e111f7\;28SessionID=abc12/178657019/44\;, Called-Station-ID=50-3D-E5-C4-05-8F, Calling-Station-ID=F0-DE-F1-94-65-9C, NAS-Port-Type=Ethernet, NAS-Port-Id=GigabitEthernet1/0/15, EAP-Key-Name=, acme-av-pair=service-type=Framed, acme-av-pair=audit-session-id=0a222bc0000000d123e111f7, UserName=fernandGiancarl, AcsSessionID=abc12/178657019/44, AuthenticationIdentityStore=, AuthenticationIdentityStore=AD1, AuthenticationMethod=x509_PKI, SelectedAccessService=EapChainining, UseCase=Eap Chaining, FailureReason=24492 Machine authentication against Active Directory has failed, Step=11001, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15004, Step=11507, Step=12500, Step=12625, Step=11006, Step=11001, Step=11018, Step=12101, Step=12100, Step=12625, Step=11006, Step=11001, Step=11018, Step=12102, Step=12800, Step=12805, Step=12806, Step=12807, Step=12810, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12812, Step=12804, Step=12801, Step=12802, Step=12816, Step=12149, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12209, Step=12218, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24432, Step=24412, Step=22056, Step=22058, Step=22061, Step=12529, Step=11520, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12219, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24433, Step=24492, Step=22059, Step=22062, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12109, Step=11504, Step=11003, SelectedAuthenticationIdentityStores=SCRAVEN, NetworkDeviceGroups=Location#All Locations#Wired_Lab, NetworkDeviceGroups=Device Type#All Device Types, ADDomain=lab4.com, EapTunnel=EAP-FAST, EapAuthentication=EAP-TLS, CPMSessionID=0a222bc0000000d123e111f7, EndPointMACAddress=XX:XX:45:XX:XX:XX, EapChainingResult=User and machine both failed, GroupsOrAttributesProcessFailure=true, ISEPolicySetName=Default, AllowedProtocolMatchedRule=Dot1X, IdentitySelectionMatchedRule=Default, Location=Location#All Locations#Wired_Lab, Device Type=Device Type#All Device Types, Response={RadiusPacketType=AccessReject; } +<181>Mar 2 11:10:16 cisco-ise-host CISE_Failed_Attempts 0000076157 2 1 ConfigVersionId=1567, FailureReason=20977 Subject not found in the applicable identity store(s), UserType=NON_TEST, UserName=TEST_USER, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=19, Step=5418, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json new file mode 100644 index 00000000000..34cf58927a0 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -0,0 +1,1235 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-02T09:09:13.790Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/47" + } + }, + "calling_station": { + "id": "00-23-DF-00-00-01" + }, + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1364 + }, + "device": { + "type": "Device Type#All Device Types" + }, + "dtls_support": "Unknown", + "failure": { + "reason": "11036 The Message-Authenticator RADIUS attribute is invalid" + }, + "ipsec": "IPSEC#Is IPSEC Device#No", + "location": "Location#All Locations", + "log_details": "ConfigVersionId=1364, Device IP Address=81.2.69.193, Device Port=42946, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/47, FailureReason=11036 The Message-Authenticator RADIUS attribute is invalid, Step=11001, Step=11017, Step=11036, Step=5405, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No", + "message": { + "code": "5405", + "description": "Failed-Attempt: RADIUS Request dropped", + "id": "0000075134" + }, + "model": { + "name": "Unknown" + }, + "nas": { + "ip": "81.2.69.193", + "port": { + "id": "G0/25", + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "IPSEC#Is IPSEC Device#No", + "Location#All Locations", + "Device Type#All Device Types" + ], + "name": "testDevice", + "profile": "Cisco", + "profile_id": "b0699505-3150-4215-a80e-6753d45bf56c", + "profile_name": "Cisco" + } + }, + "segment": { + "number": 0, + "total": 1 + }, + "service": { + "type": "Framed" + }, + "session": { + "timeout": 30 + }, + "step": [ + "11001", + "11017", + "11036", + "5405" + ] + } + }, + "client": { + "ip": "81.2.69.193", + "port": 42946 + }, + "destination": { + "ip": "81.2.69.145", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "failed-attempt", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 09:09:13 cisco-ise-host CISE_Failed_Attempts 0000075134 1 0 2022-03-02 09:09:13.790 +00:00 0000075201 5405 NOTICE Failed-Attempt: RADIUS Request dropped, ConfigVersionId=1364, Device IP Address=81.2.69.193, Device Port=42946, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/47, FailureReason=11036 The Message-Authenticator RADIUS attribute is invalid, Step=11001, Step=11017, Step=11036, Step=5405, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "sequence": 75201, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 09:09:13.790 +00:00 0000075201 5405 NOTICE Failed-Attempt: RADIUS Request dropped, ConfigVersionId=1364, Device IP Address=81.2.69.193, Device Port=42946, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/47, FailureReason=11036 The Message-Authenticator RADIUS attribute is invalid, Step=11001, Step=11017, Step=11036, Step=5405, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.193", + "81.2.69.145" + ], + "user": [ + "testDevice1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "testDevice1" + ] + } + }, + { + "@timestamp": "2022-03-02T10:36:16.136Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/80" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1381 + }, + "cpm": { + "session": { + "id": "0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc" + } + }, + "device": { + "type": "Device Type#All Device Types" + }, + "dtls_support": "Unknown", + "eap": { + "tunnel": "PEAP" + }, + "endpoint": { + "mac": { + "address": "00-00-00-00-00-01" + } + }, + "failure": { + "reason": "12309 PEAP handshake failed" + }, + "ipsec": "IPSEC#Is IPSEC Device#No", + "ise": { + "policy": { + "set_name": "Default" + } + }, + "location": "Location#All Locations", + "log_details": "ConfigVersionId=1381, RadiusPacketType=Drop, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testnac1, AcsSessionID=cisco-ise-host/435083133/80, SelectedAccessService=Default Network Access, RequestLatency=13, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5411, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testnac1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc, EndPointMACAddress=00-00-00-00-00-01, ISEPolicySetName=Default, StepLatency=25=120001, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No", + "message": { + "code": "5411", + "description": "Failed-Attempt: Supplicant stopped responding to ISE", + "id": "0000075876" + }, + "model": { + "name": "Unknown" + }, + "nas": { + "ip": "81.2.69.193", + "port": { + "id": "G0/25", + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "IPSEC#Is IPSEC Device#No", + "Location#All Locations", + "Device Type#All Device Types" + ], + "name": "testDevice", + "profile": "Cisco" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\"", + "stack": " 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "radius_packet": { + "type": "Drop" + }, + "request": { + "latency": 13 + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "step": [ + "11001", + "11017", + "11117", + "15049", + "15008", + "11507", + "12500", + "11006", + "11001", + "11018", + "12301", + "12300", + "11006", + "11001", + "11018", + "12302", + "12318", + "12800", + "12805", + "12814", + "12817", + "12309", + "12307", + "12305", + "11006", + "5411" + ], + "step_latency": "25=120001" + } + }, + "client": { + "ip": "81.2.69.193" + }, + "destination": { + "ip": "81.2.69.145" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "failed-attempt", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 10:36:16 cisco-ise-host CISE_Failed_Attempts 0000075876 1 0 2022-03-02 10:36:16.136 +00:00 0000075943 5411 NOTICE Failed-Attempt: Supplicant stopped responding to ISE, ConfigVersionId=1381, RadiusPacketType=Drop, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testnac1, AcsSessionID=cisco-ise-host/435083133/80, SelectedAccessService=Default Network Access, RequestLatency=13, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5411, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testnac1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc, EndPointMACAddress=00-00-00-00-00-01, ISEPolicySetName=Default, StepLatency=25=120001, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "sequence": 75943, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 10:36:16.136 +00:00 0000075943 5411 NOTICE Failed-Attempt: Supplicant stopped responding to ISE, ConfigVersionId=1381, RadiusPacketType=Drop, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testnac1, AcsSessionID=cisco-ise-host/435083133/80, SelectedAccessService=Default Network Access, RequestLatency=13, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5411, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testnac1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccO4H8LguCt/kv_SLnrKRbOFQs9/f7Zi_nxHt1lhFP1qc, EndPointMACAddress=00-00-00-00-00-01, ISEPolicySetName=Default, StepLatency=25=120001, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.193", + "81.2.69.145" + ], + "user": [ + "testnac1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "testnac1" + ] + } + }, + { + "@timestamp": "2022-03-02T11:10:16.634Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1397 + }, + "failure": { + "reason": "22056 Subject not found in the applicable identity store(s)" + }, + "log_details": "ConfigVersionId=1397, FailureReason=22056 Subject not found in the applicable identity store(s), UserType=NON_GUEST, UserName=INVALID, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=18, Step=5418", + "message": { + "code": "5418", + "description": "Guest: Guest Authentication Failed", + "id": "0000076158" + }, + "portal": { + "name": "test-portal" + }, + "response": { + "time": 18 + }, + "segment": { + "number": 0, + "total": 1 + }, + "step": "5418", + "user": { + "type": "NON_GUEST" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "guest", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 11:10:16 cisco-ise-host CISE_Failed_Attempts 0000076158 1 0 2022-03-02 11:10:16.634 +00:00 0000076224 5418 NOTICE Guest: Guest Authentication Failed, ConfigVersionId=1397, FailureReason=22056 Subject not found in the applicable identity store(s), UserType=NON_GUEST, UserName=INVALID, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=18, Step=5418,", + "sequence": 76224, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 11:10:16.634 +00:00 0000076224 5418 NOTICE Guest: Guest Authentication Failed, ConfigVersionId=1397, FailureReason=22056 Subject not found in the applicable identity store(s), UserType=NON_GUEST, UserName=INVALID, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=18, Step=5418,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.112" + ], + "user": [ + "INVALID" + ] + }, + "source": { + "ip": "89.160.20.112" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "INVALID" + ] + } + }, + { + "@timestamp": "2022-03-02T09:56:00.597Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/64" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1373 + }, + "device": { + "type": "Device Type#All Device Types" + }, + "dtls_support": "Unknown", + "failure": { + "reason": "11007 Could not locate Network Device or AAA Client" + }, + "ipsec": "IPSEC#Is IPSEC Device#No", + "location": "Location#All Locations", + "log_details": "ConfigVersionId=1373, Device IP Address=81.2.69.193, Device Port=47053, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/64, FailureReason=11007 Could not locate Network Device or AAA Client, Step=11001, Step=11017, Step=11007, Step=5435, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, TotalFailedAttempts=11, TotalFailedTime=2806, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No", + "message": { + "code": "5435", + "description": "RADIUS: NAS conducted several failed authentications of the same scenario", + "id": "0000075523" + }, + "model": { + "name": "Unknown" + }, + "nas": { + "ip": "81.2.69.193", + "port": { + "id": "G0/25", + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "IPSEC#Is IPSEC Device#No", + "Location#All Locations", + "Device Type#All Device Types" + ], + "name": "testDevice", + "profile": "Cisco", + "profile_id": "b0699505-3150-4215-a80e-6753d45bf56c", + "profile_name": "Cisco" + } + }, + "segment": { + "number": 0, + "total": 1 + }, + "service": { + "type": "Framed" + }, + "session": { + "timeout": 30 + }, + "step": [ + "11001", + "11017", + "11007", + "5435" + ], + "total": { + "failed_attempts": 11, + "failed_time": 2806 + } + } + }, + "client": { + "ip": "81.2.69.193", + "port": 47053 + }, + "destination": { + "ip": "81.2.69.145", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 09:56:00 cisco-ise-host CISE_Failed_Attempts 0000075523 1 0 2022-03-02 09:56:00.597 +00:00 0000075590 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario, ConfigVersionId=1373, Device IP Address=81.2.69.193, Device Port=47053, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/64, FailureReason=11007 Could not locate Network Device or AAA Client, Step=11001, Step=11017, Step=11007, Step=5435, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, TotalFailedAttempts=11, TotalFailedTime=2806, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "sequence": 75590, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 09:56:00.597 +00:00 0000075590 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario, ConfigVersionId=1373, Device IP Address=81.2.69.193, Device Port=47053, DestinationIPAddress=81.2.69.145, DestinationPort=1812, Protocol=Radius, NetworkDeviceName=testDevice, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, AcsSessionID=cisco-ise-host/435083133/64, FailureReason=11007 Could not locate Network Device or AAA Client, Step=11001, Step=11017, Step=11007, Step=5435, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, TotalFailedAttempts=11, TotalFailedTime=2806, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.193", + "81.2.69.145" + ], + "user": [ + "testDevice1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "testDevice1" + ] + } + }, + { + "@timestamp": "2022-03-02T09:04:59.136Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/41" + } + }, + "calling_station": { + "id": "00-23-DF-00-00-01" + }, + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1364 + }, + "cpm": { + "session": { + "id": "0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o" + } + }, + "device": { + "type": "Device Type#All Device Types" + }, + "dtls_support": "Unknown", + "eap": { + "tunnel": "PEAP" + }, + "endpoint": { + "mac": { + "address": "00-23-DF-00-00-01" + } + }, + "failure": { + "reason": "12309 PEAP handshake failed" + }, + "ipsec": "IPSEC#Is IPSEC Device#No", + "ise": { + "policy": { + "set_name": "Default" + } + }, + "location": "Location#All Locations", + "log_details": "ConfigVersionId=1364, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testDevice1, AcsSessionID=cisco-ise-host/435083133/41, SelectedAccessService=Default Network Access, RequestLatency=16, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5440, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o, EndPointMACAddress=00-23-DF-00-00-01, ISEPolicySetName=Default, StepLatency=25=9051, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={RadiusPacketType=Drop; }", + "message": { + "code": "5440", + "description": "RADIUS: Endpoint abandoned EAP session and started new", + "id": "0000000581" + }, + "model": { + "name": "Unknown" + }, + "nas": { + "ip": "81.2.69.193", + "port": { + "id": "G0/25", + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "IPSEC#Is IPSEC Device#No", + "Location#All Locations", + "Device Type#All Device Types" + ], + "name": "testDevice", + "profile": "Cisco" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\"", + "stack": " 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "request": { + "latency": 16 + }, + "response": { + "RadiusPacketType": "Drop" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "step": [ + "11001", + "11017", + "11117", + "15049", + "15008", + "11507", + "12500", + "11006", + "11001", + "11018", + "12301", + "12300", + "11006", + "11001", + "11018", + "12302", + "12318", + "12800", + "12805", + "12814", + "12817", + "12309", + "12307", + "12305", + "11006", + "5440" + ], + "step_latency": "25=9051" + } + }, + "client": { + "ip": "81.2.69.193" + }, + "destination": { + "ip": "81.2.69.145" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication", + "session" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 09:04:59 cisco-ise-host CISE_Failed_Attempts 0000000581 1 0 2022-03-02 09:04:59.136 +00:00 0000075131 5440 NOTICE RADIUS: Endpoint abandoned EAP session and started new, ConfigVersionId=1364, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testDevice1, AcsSessionID=cisco-ise-host/435083133/41, SelectedAccessService=Default Network Access, RequestLatency=16, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5440, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o, EndPointMACAddress=00-23-DF-00-00-01, ISEPolicySetName=Default, StepLatency=25=9051, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={RadiusPacketType=Drop; },", + "sequence": 75131, + "timezone": "+00:00", + "type": [ + "info", + "start" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 09:04:59.136 +00:00 0000075131 5440 NOTICE RADIUS: Endpoint abandoned EAP session and started new, ConfigVersionId=1364, Device IP Address=81.2.69.193, DestinationIPAddress=81.2.69.145, UserName=testDevice1, AcsSessionID=cisco-ise-host/435083133/41, SelectedAccessService=Default Network Access, RequestLatency=16, FailureReason=12309 PEAP handshake failed, Step=11001, Step=11017, Step=11117, Step=15049, Step=15008, Step=11507, Step=12500, Step=11006, Step=11001, Step=11018, Step=12301, Step=12300, Step=11006, Step=11001, Step=11018, Step=12302, Step=12318, Step=12800, Step=12805, Step=12814, Step=12817, Step=12309, Step=12307, Step=12305, Step=11006, Step=5440, NetworkDeviceName=testDevice, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449742526208:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, User-Name=testDevice1, NAS-IP-Address=81.2.69.193, NAS-Port=1, Calling-Station-ID=00-23-DF-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=G0/25, CPMSessionID=0a0009ccoostm1inlLcfqsSLF7kj1Hc9FdzP6sk8dQsKOpPav_o, EndPointMACAddress=00-23-DF-00-00-01, ISEPolicySetName=Default, StepLatency=25=9051, TLSCipher=, TLSVersion=, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={RadiusPacketType=Drop; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.193", + "81.2.69.145" + ], + "user": [ + "testDevice1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "testDevice1" + ] + } + }, + { + "@timestamp": "2020-04-27T11:11:09.260Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "abc12/178657019/44" + } + }, + "ad": { + "domain": { + "name": "lab4.com" + } + }, + "allowed_protocol": { + "matched": { + "rule": "Dot1X" + } + }, + "authentication": { + "identity_store": [ + "AD1" + ], + "method": "x509_PKI" + }, + "called_station": { + "id": "50-3D-E5-C4-05-8F" + }, + "calling_station": { + "id": "F0-DE-F1-94-65-9C" + }, + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 93 + }, + "cpm": { + "session": { + "id": "0a222bc0000000d123e111f7" + } + }, + "device": { + "type": "Device Type#All Device Types" + }, + "eap": { + "authentication": "EAP-TLS", + "chaining_result": "User and machine both failed", + "tunnel": "EAP-FAST" + }, + "endpoint": { + "mac": { + "address": "XX-XX-45-XX-XX-XX" + } + }, + "failure": { + "reason": "24492 Machine authentication against Active Directory has failed" + }, + "framed": { + "ip": "81.2.69.193", + "mtu": 1500 + }, + "groups": { + "process_failure": true + }, + "identity": { + "selection": { + "matched": { + "rule": "Default" + } + } + }, + "ise": { + "policy": { + "set_name": "Default" + } + }, + "location": "Location#All Locations#Wired_Lab", + "log_details": "ConfigVersionId=93, Device IP Address=81.2.69.193, Device Port=16345, DestinationIPAddress=81.2.69.193, DestinationPort=1645, RadiusPacketType=AccessRequest, Protocol=Radius, RequestLatency=1, NetworkDeviceName=sw, User-Name=fernandGiancarl, NAS-IP-Address=81.2.69.193, NAS-Port=50115, Service-Type=Framed, Framed-IP-Address=81.2.69.193, Framed-MTU=1500, State=37CPMSessionID=0a222bc0000000d123e111f7\\;28SessionID=abc12/178657019/44\\;, Called-Station-ID=50-3D-E5-C4-05-8F, Calling-Station-ID=F0-DE-F1-94-65-9C, NAS-Port-Type=Ethernet, NAS-Port-Id=GigabitEthernet1/0/15, EAP-Key-Name=, acme-av-pair=service-type=Framed, acme-av-pair=audit-session-id=0a222bc0000000d123e111f7, UserName=fernandGiancarl, AcsSessionID=abc12/178657019/44, AuthenticationIdentityStore=, AuthenticationIdentityStore=AD1, AuthenticationMethod=x509_PKI, SelectedAccessService=EapChainining, UseCase=Eap Chaining, FailureReason=24492 Machine authentication against Active Directory has failed, Step=11001, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15004, Step=11507, Step=12500, Step=12625, Step=11006, Step=11001, Step=11018, Step=12101, Step=12100, Step=12625, Step=11006, Step=11001, Step=11018, Step=12102, Step=12800, Step=12805, Step=12806, Step=12807, Step=12810, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12812, Step=12804, Step=12801, Step=12802, Step=12816, Step=12149, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12209, Step=12218, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24432, Step=24412, Step=22056, Step=22058, Step=22061, Step=12529, Step=11520, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12219, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24433, Step=24492, Step=22059, Step=22062, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12109, Step=11504, Step=11003, SelectedAuthenticationIdentityStores=SCRAVEN, NetworkDeviceGroups=Location#All Locations#Wired_Lab, NetworkDeviceGroups=Device Type#All Device Types, ADDomain=lab4.com, EapTunnel=EAP-FAST, EapAuthentication=EAP-TLS, CPMSessionID=0a222bc0000000d123e111f7, EndPointMACAddress=XX:XX:45:XX:XX:XX, EapChainingResult=User and machine both failed, GroupsOrAttributesProcessFailure=true, ISEPolicySetName=Default, AllowedProtocolMatchedRule=Dot1X, IdentitySelectionMatchedRule=Default, Location=Location#All Locations#Wired_Lab, Device Type=Device Type#All Device Types", + "message": { + "code": "5400", + "description": "Failed-Attempt: Authentication failed", + "id": "0000000169" + }, + "nas": { + "ip": "81.2.69.193", + "port": { + "id": "GigabitEthernet1/0/15", + "number": 50115, + "type": "Ethernet" + } + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#Wired_Lab", + "Device Type#All Device Types" + ], + "name": "sw" + } + }, + "radius_packet": { + "type": "AccessRequest" + }, + "request": { + "latency": 1 + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "EapChainining" + }, + "authentication": { + "identity_stores": "SCRAVEN" + } + }, + "service": { + "type": "Framed" + }, + "state": "37CPMSessionID=0a222bc0000000d123e111f7\\;28SessionID=abc12/178657019/44\\;", + "step": [ + "11001", + "11017", + "15049", + "15008", + "15048", + "15048", + "15004", + "11507", + "12500", + "12625", + "11006", + "11001", + "11018", + "12101", + "12100", + "12625", + "11006", + "11001", + "11018", + "12102", + "12800", + "12805", + "12806", + "12807", + "12810", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12812", + "12804", + "12801", + "12802", + "12816", + "12149", + "12105", + "11006", + "11001", + "11018", + "12104", + "12209", + "12218", + "12125", + "11521", + "12105", + "11006", + "11001", + "11018", + "12104", + "12212", + "11522", + "11806", + "12105", + "11006", + "11001", + "11018", + "12104", + "12523", + "12522", + "12625", + "12105", + "11006", + "11001", + "11018", + "12104", + "12524", + "12800", + "12805", + "12806", + "12807", + "12809", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12571", + "12571", + "12811", + "12812", + "12813", + "12804", + "12801", + "12802", + "12816", + "12509", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "15041", + "15006", + "24432", + "24412", + "22056", + "22058", + "22061", + "12529", + "11520", + "12117", + "22028", + "12105", + "11006", + "11001", + "11018", + "12104", + "12219", + "12125", + "11521", + "12105", + "11006", + "11001", + "11018", + "12104", + "12212", + "11522", + "11806", + "12105", + "11006", + "11001", + "11018", + "12104", + "12523", + "12522", + "12625", + "12105", + "11006", + "11001", + "11018", + "12104", + "12524", + "12800", + "12805", + "12806", + "12807", + "12809", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "12571", + "12571", + "12811", + "12812", + "12813", + "12804", + "12801", + "12802", + "12816", + "12509", + "12527", + "12105", + "11006", + "11001", + "11018", + "12104", + "12526", + "15041", + "15006", + "24433", + "24492", + "22059", + "22062", + "12117", + "22028", + "12105", + "11006", + "11001", + "11018", + "12104", + "12109", + "11504", + "11003" + ], + "usecase": "Eap Chaining" + } + }, + "client": { + "ip": "81.2.69.193", + "port": 16345 + }, + "destination": { + "ip": "81.2.69.193", + "port": 1645 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "failed-attempt", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eApr 27 11:11:09 gg.hhh.iii.com CISE_Failed_Attempts 0000000169 1 0 2020-04-27 11:11:09.260369 +00:00 0000003928 5400 NOTICE Failed-Attempt: Authentication failed, ConfigVersionId=93, Device IP Address=81.2.69.193, Device Port=16345, DestinationIPAddress=81.2.69.193, DestinationPort=1645, RadiusPacketType=AccessRequest, Protocol=Radius, RequestLatency=1, NetworkDeviceName=sw, User-Name=fernandGiancarl, NAS-IP-Address=81.2.69.193, NAS-Port=50115, Service-Type=Framed, Framed-IP-Address=81.2.69.193, Framed-MTU=1500, State=37CPMSessionID=0a222bc0000000d123e111f7\\;28SessionID=abc12/178657019/44\\;, Called-Station-ID=50-3D-E5-C4-05-8F, Calling-Station-ID=F0-DE-F1-94-65-9C, NAS-Port-Type=Ethernet, NAS-Port-Id=GigabitEthernet1/0/15, EAP-Key-Name=, acme-av-pair=service-type=Framed, acme-av-pair=audit-session-id=0a222bc0000000d123e111f7, UserName=fernandGiancarl, AcsSessionID=abc12/178657019/44, AuthenticationIdentityStore=, AuthenticationIdentityStore=AD1, AuthenticationMethod=x509_PKI, SelectedAccessService=EapChainining, UseCase=Eap Chaining, FailureReason=24492 Machine authentication against Active Directory has failed, Step=11001, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15004, Step=11507, Step=12500, Step=12625, Step=11006, Step=11001, Step=11018, Step=12101, Step=12100, Step=12625, Step=11006, Step=11001, Step=11018, Step=12102, Step=12800, Step=12805, Step=12806, Step=12807, Step=12810, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12812, Step=12804, Step=12801, Step=12802, Step=12816, Step=12149, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12209, Step=12218, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24432, Step=24412, Step=22056, Step=22058, Step=22061, Step=12529, Step=11520, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12219, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24433, Step=24492, Step=22059, Step=22062, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12109, Step=11504, Step=11003, SelectedAuthenticationIdentityStores=SCRAVEN, NetworkDeviceGroups=Location#All Locations#Wired_Lab, NetworkDeviceGroups=Device Type#All Device Types, ADDomain=lab4.com, EapTunnel=EAP-FAST, EapAuthentication=EAP-TLS, CPMSessionID=0a222bc0000000d123e111f7, EndPointMACAddress=XX:XX:45:XX:XX:XX, EapChainingResult=User and machine both failed, GroupsOrAttributesProcessFailure=true, ISEPolicySetName=Default, AllowedProtocolMatchedRule=Dot1X, IdentitySelectionMatchedRule=Default, Location=Location#All Locations#Wired_Lab, Device Type=Device Type#All Device Types, Response={RadiusPacketType=AccessReject; }", + "sequence": 3928, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "gg.hhh.iii.com" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-04-27 11:11:09.260369 +00:00 0000003928 5400 NOTICE Failed-Attempt: Authentication failed, ConfigVersionId=93, Device IP Address=81.2.69.193, Device Port=16345, DestinationIPAddress=81.2.69.193, DestinationPort=1645, RadiusPacketType=AccessRequest, Protocol=Radius, RequestLatency=1, NetworkDeviceName=sw, User-Name=fernandGiancarl, NAS-IP-Address=81.2.69.193, NAS-Port=50115, Service-Type=Framed, Framed-IP-Address=81.2.69.193, Framed-MTU=1500, State=37CPMSessionID=0a222bc0000000d123e111f7\\;28SessionID=abc12/178657019/44\\;, Called-Station-ID=50-3D-E5-C4-05-8F, Calling-Station-ID=F0-DE-F1-94-65-9C, NAS-Port-Type=Ethernet, NAS-Port-Id=GigabitEthernet1/0/15, EAP-Key-Name=, acme-av-pair=service-type=Framed, acme-av-pair=audit-session-id=0a222bc0000000d123e111f7, UserName=fernandGiancarl, AcsSessionID=abc12/178657019/44, AuthenticationIdentityStore=, AuthenticationIdentityStore=AD1, AuthenticationMethod=x509_PKI, SelectedAccessService=EapChainining, UseCase=Eap Chaining, FailureReason=24492 Machine authentication against Active Directory has failed, Step=11001, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15004, Step=11507, Step=12500, Step=12625, Step=11006, Step=11001, Step=11018, Step=12101, Step=12100, Step=12625, Step=11006, Step=11001, Step=11018, Step=12102, Step=12800, Step=12805, Step=12806, Step=12807, Step=12810, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12812, Step=12804, Step=12801, Step=12802, Step=12816, Step=12149, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12209, Step=12218, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24432, Step=24412, Step=22056, Step=22058, Step=22061, Step=12529, Step=11520, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12219, Step=12125, Step=11521, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12212, Step=11522, Step=11806, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12523, Step=12522, Step=12625, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12524, Step=12800, Step=12805, Step=12806, Step=12807, Step=12809, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=12571, Step=12571, Step=12811, Step=12812, Step=12813, Step=12804, Step=12801, Step=12802, Step=12816, Step=12509, Step=12527, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12526, Step=15041, Step=15006, Step=24433, Step=24492, Step=22059, Step=22062, Step=12117, Step=22028, Step=12105, Step=11006, Step=11001, Step=11018, Step=12104, Step=12109, Step=11504, Step=11003, SelectedAuthenticationIdentityStores=SCRAVEN, NetworkDeviceGroups=Location#All Locations#Wired_Lab, NetworkDeviceGroups=Device Type#All Device Types, ADDomain=lab4.com, EapTunnel=EAP-FAST, EapAuthentication=EAP-TLS, CPMSessionID=0a222bc0000000d123e111f7, EndPointMACAddress=XX:XX:45:XX:XX:XX, EapChainingResult=User and machine both failed, GroupsOrAttributesProcessFailure=true, ISEPolicySetName=Default, AllowedProtocolMatchedRule=Dot1X, IdentitySelectionMatchedRule=Default, Location=Location#All Locations#Wired_Lab, Device Type=Device Type#All Device Types, Response={RadiusPacketType=AccessReject; }", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "gg.hhh.iii.com" + ], + "ip": [ + "81.2.69.193" + ], + "user": [ + "fernandGiancarl" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "fernandGiancarl" + ] + } + }, + { + "@timestamp": "2022-03-02T11:10:16.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Failed_Attempts" + }, + "config_version": { + "id": 1567 + }, + "failure": { + "reason": "20977 Subject not found in the applicable identity store(s)" + }, + "log_details": "ConfigVersionId=1567, FailureReason=20977 Subject not found in the applicable identity store(s), UserType=NON_TEST, UserName=TEST_USER, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=19, Step=5418", + "message": { + "id": "0000076157" + }, + "portal": { + "name": "test-portal" + }, + "response": { + "time": 19 + }, + "segment": { + "number": 1, + "total": 2 + }, + "step": "5418", + "user": { + "type": "NON_TEST" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c181\u003eMar 2 11:10:16 cisco-ise-host CISE_Failed_Attempts 0000076157 2 1 ConfigVersionId=1567, FailureReason=20977 Subject not found in the applicable identity store(s), UserType=NON_TEST, UserName=TEST_USER, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=19, Step=5418," + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "ConfigVersionId=1567, FailureReason=20977 Subject not found in the applicable identity store(s), UserType=NON_TEST, UserName=TEST_USER, IpAddress=89.160.20.112, PortalName=test-portal, ResponseTime=19, Step=5418,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.112" + ], + "user": [ + "TEST_USER" + ] + }, + "source": { + "ip": "89.160.20.112" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "TEST_USER" + ] + } + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log new file mode 100644 index 00000000000..6e62c021fb8 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log @@ -0,0 +1,5 @@ +<182>Mar 3 11:20:37 cisco-ise-host CISE_Guest 0000083315 1 0 2022-03-03 11:20:37.938 +00:00 0000083382 86005 INFO Guest: Guest user has accepted the Use Policy, ConfigVersionId=1694, UserType=NON_GUEST, UserName=test123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, GuestUserName=test123, ResponseTime=31, +<182>Mar 3 12:01:09 cisco-ise-host CISE_Guest 0000083571 1 0 2022-03-03 12:01:09.743 +00:00 0000083638 86022 INFO Guest: Device Registration Web Authentication AUP Accepted, ConfigVersionId=1698, UserType=NON_GUEST, UserName=test1123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, ResponseTime=15, +<182>Mar 28 11:46:05 cisco-ise-host CISE_Guest 0000000230 2 1 AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.local, ResponseTime=41, +<182>Mar 28 15:59:33 cisco-ise-host CISE_Guest 0000000384 2 1 PortalName=Hotspot Guest Portal (default), +<182>Mar 28 16:00:31 cisco-ise-host CISE_Guest 0000000386 2 1 PortalName=Hotspot Guest Portal (default), FailureReason=86023 Device Registration Web Authentication AUP Declined, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json new file mode 100644 index 00000000000..18bfbba6cef --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -0,0 +1,352 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T11:20:37.938Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Guest" + }, + "config_version": { + "id": 1694 + }, + "guest": { + "user": { + "name": "test123" + } + }, + "identity": { + "group": "Any" + }, + "message": { + "code": "86005", + "description": "Guest: Guest user has accepted the Use Policy", + "id": "0000083315" + }, + "portal": { + "name": "Self-Registered Guest Portal (default)" + }, + "psn": { + "hostname": "ise.host.local" + }, + "response": { + "time": 31 + }, + "segment": { + "number": 0, + "total": 1 + }, + "user": { + "type": "NON_GUEST" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "guest", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 11:20:37 cisco-ise-host CISE_Guest 0000083315 1 0 2022-03-03 11:20:37.938 +00:00 0000083382 86005 INFO Guest: Guest user has accepted the Use Policy, ConfigVersionId=1694, UserType=NON_GUEST, UserName=test123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, GuestUserName=test123, ResponseTime=31,", + "sequence": 83382, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 11:20:37.938 +00:00 0000083382 86005 INFO Guest: Guest user has accepted the Use Policy, ConfigVersionId=1694, UserType=NON_GUEST, UserName=test123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, GuestUserName=test123, ResponseTime=31,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.112" + ], + "user": [ + "test123" + ] + }, + "source": { + "ip": "89.160.20.112" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test123" + } + }, + { + "@timestamp": "2022-03-03T12:01:09.743Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Guest" + }, + "config_version": { + "id": 1698 + }, + "identity": { + "group": "Any" + }, + "message": { + "code": "86022", + "description": "Guest: Device Registration Web Authentication AUP Accepted", + "id": "0000083571" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "ise.host.local" + }, + "response": { + "time": 15 + }, + "segment": { + "number": 0, + "total": 1 + }, + "user": { + "type": "NON_GUEST" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "guest", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 12:01:09 cisco-ise-host CISE_Guest 0000083571 1 0 2022-03-03 12:01:09.743 +00:00 0000083638 86022 INFO Guest: Device Registration Web Authentication AUP Accepted, ConfigVersionId=1698, UserType=NON_GUEST, UserName=test1123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, ResponseTime=15,", + "sequence": 83638, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 12:01:09.743 +00:00 0000083638 86022 INFO Guest: Device Registration Web Authentication AUP Accepted, ConfigVersionId=1698, UserType=NON_GUEST, UserName=test1123, IpAddress=89.160.20.112, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=ise.host.local, ResponseTime=15,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "89.160.20.112" + ], + "user": [ + "test1123" + ] + }, + "source": { + "ip": "89.160.20.112" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test1123" + } + }, + { + "@timestamp": "2022-03-28T11:46:05.000Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_Guest" + }, + "identity": { + "group": "Any" + }, + "message": { + "id": "0000000230" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "cisco-ise-host.local" + }, + "response": { + "time": 41 + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 28 11:46:05 cisco-ise-host CISE_Guest 0000000230 2 1 AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.local, ResponseTime=41,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.local, ResponseTime=41,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-28T15:59:33.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Guest" + }, + "message": { + "id": "0000000384" + }, + "portal": { + "name": "Hotspot Guest Portal (default)" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 28 15:59:33 cisco-ise-host CISE_Guest 0000000384 2 1 PortalName=Hotspot Guest Portal (default),", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "PortalName=Hotspot Guest Portal (default),", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-28T16:00:31.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Guest" + }, + "failure": { + "reason": "86023 Device Registration Web Authentication AUP Declined" + }, + "message": { + "id": "0000000386" + }, + "portal": { + "name": "Hotspot Guest Portal (default)" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 28 16:00:31 cisco-ise-host CISE_Guest 0000000386 2 1 PortalName=Hotspot Guest Portal (default), FailureReason=86023 Device Registration Web Authentication AUP Declined,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "PortalName=Hotspot Guest Portal (default), FailureReason=86023 Device Registration Web Authentication AUP Declined,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log new file mode 100644 index 00000000000..b52ed05fcac --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log @@ -0,0 +1,17 @@ +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083418 1 0 2022-03-03 11:37:34.933 +00:00 0000083485 24209 DEBUG Local-user-DB: Looking up Endpoint in Internal Endpoints IDStore, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082649 1 0 2022-03-03 09:24:13.235 +00:00 0000082716 24210 DEBUG Local-user-DB: Looking up User in Internal Users IDStore, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/115, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth20, +<183>Mar 3 09:22:51 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082604 1 0 2022-03-03 09:22:51.639 +00:00 0000082671 24212 DEBUG Local-user-DB: Found User in Internal Users IDStore, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/110, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth18, Firstname=Employee1, Lastname=Cisco1, EnableFlag=Enabled, Response={AuthenticationResult=NotPerformed; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082616 1 0 2022-03-03 09:22:59.336 +00:00 0000082683 24216 DEBUG Local-user-DB: The user is not found in the internal users identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083419 1 0 2022-03-03 11:37:34.936 +00:00 0000083486 24217 DEBUG Local-user-DB: The host is not found in the internal endpoints identity store, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082623 1 0 2022-03-03 09:22:59.359 +00:00 0000082690 24313 DEBUG External-Active-Directory: Search for matching accounts at join point, AD-Log-Id=1645524126/33, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082625 1 0 2022-03-03 09:22:59.359 +00:00 0000082692 24322 DEBUG External-Active-Directory: Identity resolution detected no matching account, AD-Log-Id=1645524126/35, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082622 1 0 2022-03-03 09:22:59.359 +00:00 0000082689 24325 DEBUG External-Active-Directory: Resolving identity, AD-Log-Id=1645524126/32, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082626 1 0 2022-03-03 09:22:59.359 +00:00 0000082693 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/36, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082624 1 0 2022-03-03 09:22:59.359 +00:00 0000082691 24366 DEBUG External-Active-Directory: Skipping unjoined domain, AD-Log-Id=1645524126/34, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082627 1 0 2022-03-03 09:22:59.360 +00:00 0000082694 24412 DEBUG External-Active-Directory: User not found in Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082621 1 0 2022-03-03 09:22:59.357 +00:00 0000082688 24430 DEBUG External-Active-Directory: Authenticating user against Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=Failed; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082618 1 0 2022-03-03 09:22:59.337 +00:00 0000082685 24631 DEBUG Local-user-DB: Looking up User in Internal Guests IDStore, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }, +<183>Mar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082619 1 0 2022-03-03 09:22:59.356 +00:00 0000082686 24633 DEBUG Local-user-DB: The user is not found in the internal guests identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083416 1 0 2022-03-03 11:37:34.931 +00:00 0000083483 24715 DEBUG External-Active-Directory: ISE has not confirmed locally previous successful machine authentication for user in Active Directory, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }, +<183>Mar 10 09:05:25 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000129360 1 0 2022-03-10 09:05:25.669 +00:00 0000129427 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/103, +<183>Mar 28 11:23:25 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000000132 3 1 SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth2, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json new file mode 100644 index 00000000000..c49605ace33 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -0,0 +1,1371 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T11:37:34.933Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "authentication": { + "method": "Lookup" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "log_details": "ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }", + "message": { + "code": "24209", + "description": "Local-user-DB: Looking up Endpoint in Internal Endpoints IDStore", + "id": "0000083418" + }, + "original": { + "user": { + "name": "92-09-00-00-00-01" + } + }, + "response": { + "AuthenticationResult": "UnknownUser", + "QueryResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam", + "malware" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083418 1 0 2022-03-03 11:37:34.933 +00:00 0000083485 24209 DEBUG Local-user-DB: Looking up Endpoint in Internal Endpoints IDStore, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "sequence": 83485, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.933 +00:00 0000083485 24209 DEBUG Local-user-DB: Looking up Endpoint in Internal Endpoints IDStore, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "92-09-00-00-00-01" + } + }, + { + "@timestamp": "2022-03-03T09:24:13.235Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/115" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth20" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/115, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth20", + "message": { + "code": "24210", + "description": "Local-user-DB: Looking up User in Internal Users IDStore", + "id": "0000082649" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:24:13 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082649 1 0 2022-03-03 09:24:13.235 +00:00 0000082716 24210 DEBUG Local-user-DB: Looking up User in Internal Users IDStore, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/115, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth20,", + "sequence": 82716, + "timezone": "+00:00", + "type": [ + "info", + "user" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:24:13.235 +00:00 0000082716 24210 DEBUG Local-user-DB: Looking up User in Internal Users IDStore, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/115, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth20,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "test" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test" + } + }, + { + "@timestamp": "2022-03-03T09:22:51.639Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/110" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth18" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "enable": { + "flag": "Enabled" + }, + "log_details": "ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/110, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth18, Firstname=Employee1, Lastname=Cisco1, EnableFlag=Enabled, Response={AuthenticationResult=NotPerformed; }", + "message": { + "code": "24212", + "description": "Local-user-DB: Found User in Internal Users IDStore", + "id": "0000082604" + }, + "response": { + "AuthenticationResult": "NotPerformed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:51 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082604 1 0 2022-03-03 09:22:51.639 +00:00 0000082671 24212 DEBUG Local-user-DB: Found User in Internal Users IDStore, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/110, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth18, Firstname=Employee1, Lastname=Cisco1, EnableFlag=Enabled, Response={AuthenticationResult=NotPerformed; },", + "sequence": 82671, + "timezone": "+00:00", + "type": [ + "info", + "user" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:51.639 +00:00 0000082671 24212 DEBUG Local-user-DB: Found User in Internal Users IDStore, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/110, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth18, Firstname=Employee1, Lastname=Cisco1, EnableFlag=Enabled, Response={AuthenticationResult=NotPerformed; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "employee1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": [ + "Employee1", + "Cisco1" + ], + "name": "employee1" + } + }, + { + "@timestamp": "2022-03-03T09:22:59.336Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth19" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }", + "message": { + "code": "24216", + "description": "Local-user-DB: The user is not found in the internal users identity store", + "id": "0000082616" + }, + "response": { + "AuthenticationResult": "UnknownUser", + "LdapOperationStatus": "SubjectNotFound" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082616 1 0 2022-03-03 09:22:59.336 +00:00 0000082683 24216 DEBUG Local-user-DB: The user is not found in the internal users identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; },", + "sequence": 82683, + "timezone": "+00:00", + "type": [ + "info", + "user" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.336 +00:00 0000082683 24216 DEBUG Local-user-DB: The user is not found in the internal users identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin" + } + }, + { + "@timestamp": "2022-03-03T11:37:34.936Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "authentication": { + "method": "Lookup" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "log_details": "ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }", + "message": { + "code": "24217", + "description": "Local-user-DB: The host is not found in the internal endpoints identity store", + "id": "0000083419" + }, + "original": { + "user": { + "name": "92-09-00-00-00-01" + } + }, + "response": { + "AuthenticationResult": "UnknownUser", + "QueryResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam", + "host" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083419 1 0 2022-03-03 11:37:34.936 +00:00 0000083486 24217 DEBUG Local-user-DB: The host is not found in the internal endpoints identity store, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "sequence": 83486, + "timezone": "+00:00", + "type": [ + "info", + "host" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.936 +00:00 0000083486 24217 DEBUG Local-user-DB: The host is not found in the internal endpoints identity store, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "92-09-00-00-00-01" + } + }, + { + "@timestamp": "2022-03-03T09:22:59.359Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/33" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/33", + "message": { + "code": "24313", + "description": "External-Active-Directory: Search for matching accounts at join point", + "id": "0000082623" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082623 1 0 2022-03-03 09:22:59.359 +00:00 0000082690 24313 DEBUG External-Active-Directory: Search for matching accounts at join point, AD-Log-Id=1645524126/33,", + "sequence": 82690, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.359 +00:00 0000082690 24313 DEBUG External-Active-Directory: Search for matching accounts at join point, AD-Log-Id=1645524126/33,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:22:59.359Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/35" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/35", + "message": { + "code": "24322", + "description": "External-Active-Directory: Identity resolution detected no matching account", + "id": "0000082625" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082625 1 0 2022-03-03 09:22:59.359 +00:00 0000082692 24322 DEBUG External-Active-Directory: Identity resolution detected no matching account, AD-Log-Id=1645524126/35,", + "sequence": 82692, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.359 +00:00 0000082692 24322 DEBUG External-Active-Directory: Identity resolution detected no matching account, AD-Log-Id=1645524126/35,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:22:59.359Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/32" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/32", + "message": { + "code": "24325", + "description": "External-Active-Directory: Resolving identity", + "id": "0000082622" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082622 1 0 2022-03-03 09:22:59.359 +00:00 0000082689 24325 DEBUG External-Active-Directory: Resolving identity, AD-Log-Id=1645524126/32,", + "sequence": 82689, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.359 +00:00 0000082689 24325 DEBUG External-Active-Directory: Resolving identity, AD-Log-Id=1645524126/32,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:22:59.359Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/36" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/36", + "message": { + "code": "24352", + "description": "External-Active-Directory: Identity resolution failed", + "id": "0000082626" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082626 1 0 2022-03-03 09:22:59.359 +00:00 0000082693 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/36,", + "sequence": 82693, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.359 +00:00 0000082693 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/36,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:22:59.359Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/34" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/34", + "message": { + "code": "24366", + "description": "External-Active-Directory: Skipping unjoined domain", + "id": "0000082624" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082624 1 0 2022-03-03 09:22:59.359 +00:00 0000082691 24366 DEBUG External-Active-Directory: Skipping unjoined domain, AD-Log-Id=1645524126/34,", + "sequence": 82691, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.359 +00:00 0000082691 24366 DEBUG External-Active-Directory: Skipping unjoined domain, AD-Log-Id=1645524126/34,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:22:59.360Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }", + "message": { + "code": "24412", + "description": "External-Active-Directory: User not found in Active Directory", + "id": "0000082627" + }, + "response": { + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082627 1 0 2022-03-03 09:22:59.360 +00:00 0000082694 24412 DEBUG External-Active-Directory: User not found in Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; },", + "sequence": 82694, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.360 +00:00 0000082694 24412 DEBUG External-Active-Directory: User not found in Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin" + } + }, + { + "@timestamp": "2022-03-03T09:22:59.357Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth19" + } + }, + "currentid": { + "store_name": "All_AD_Join_Points" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=Failed; }", + "message": { + "code": "24430", + "description": "External-Active-Directory: Authenticating user against Active Directory", + "id": "0000082621" + }, + "response": { + "AuthenticationResult": "Failed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082621 1 0 2022-03-03 09:22:59.357 +00:00 0000082688 24430 DEBUG External-Active-Directory: Authenticating user against Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=Failed; },", + "sequence": 82688, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.357 +00:00 0000082688 24430 DEBUG External-Active-Directory: Authenticating user against Active Directory, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=All_AD_Join_Points, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=Failed; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin" + } + }, + { + "@timestamp": "2022-03-03T09:22:59.337Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth19" + } + }, + "currentid": { + "store_name": "Guest Users" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; }", + "message": { + "code": "24631", + "description": "Local-user-DB: Looking up User in Internal Guests IDStore", + "id": "0000082618" + }, + "response": { + "AuthenticationResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082618 1 0 2022-03-03 09:22:59.337 +00:00 0000082685 24631 DEBUG Local-user-DB: Looking up User in Internal Guests IDStore, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; },", + "sequence": 82685, + "timezone": "+00:00", + "type": [ + "info", + "user" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.337 +00:00 0000082685 24631 DEBUG Local-user-DB: Looking up User in Internal Guests IDStore, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin" + } + }, + { + "@timestamp": "2022-03-03T09:22:59.356Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/112" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth19" + } + }, + "currentid": { + "store_name": "Guest Users" + }, + "log_details": "ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; }", + "message": { + "code": "24633", + "description": "Local-user-DB: The user is not found in the internal guests identity store", + "id": "0000082619" + }, + "response": { + "AuthenticationResult": "UnknownUser", + "LdapOperationStatus": "SubjectNotFound" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "local-user-db", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:22:59 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000082619 1 0 2022-03-03 09:22:59.356 +00:00 0000082686 24633 DEBUG Local-user-DB: The user is not found in the internal guests identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; },", + "sequence": 82686, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:22:59.356 +00:00 0000082686 24633 DEBUG Local-user-DB: The user is not found in the internal guests identity store, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/435083133/112, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Guest Users, CPMSessionID=cisco-ise-host:userauth19, Response={AuthenticationResult=UnknownUser; LdapOperationStatus=SubjectNotFound; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "admin" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "admin" + } + }, + { + "@timestamp": "2022-03-03T11:37:34.931Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "authentication": { + "method": "Lookup" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "log_details": "ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; }", + "message": { + "code": "24715", + "description": "External-Active-Directory: ISE has not confirmed locally previous successful machine authentication for user in Active Directory", + "id": "0000083416" + }, + "original": { + "user": { + "name": "92-09-00-00-00-01" + } + }, + "response": { + "AuthenticationResult": "UnknownUser", + "QueryResult": "UnknownUser" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000083416 1 0 2022-03-03 11:37:34.931 +00:00 0000083483 24715 DEBUG External-Active-Directory: ISE has not confirmed locally previous successful machine authentication for user in Active Directory, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "sequence": 83483, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.931 +00:00 0000083483 24715 DEBUG External-Active-Directory: ISE has not confirmed locally previous successful machine authentication for user in Active Directory, ConfigVersionId=1696, UserName=92-09-00-00-00-01, Protocol=Radius, OriginalUserName=92-09-00-00-00-01, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={AuthenticationResult=UnknownUser; QueryResult=UnknownUser; },", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "92-09-00-00-00-01" + } + }, + { + "@timestamp": "2022-03-10T09:05:25.669Z", + "cisco_ise": { + "log": { + "ad": { + "log_id": "1645524126/103" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "log_details": "AD-Log-Id=1645524126/103", + "message": { + "code": "24352", + "description": "External-Active-Directory: Identity resolution failed", + "id": "0000129360" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "external-active-directory", + "category": [ + "iam", + "authentication" + ], + "kind": "event", + "original": "\u003c183\u003eMar 10 09:05:25 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000129360 1 0 2022-03-10 09:05:25.669 +00:00 0000129427 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/103, ", + "sequence": 129427, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-10 09:05:25.669 +00:00 0000129427 24352 DEBUG External-Active-Directory: Identity resolution failed, AD-Log-Id=1645524126/103,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-28T11:23:25.000Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/437837646/2" + } + }, + "authentication": { + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Identity_Stores_Diagnostics" + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth2" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "log_details": "SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth2", + "message": { + "id": "0000000132" + }, + "segment": { + "number": 1, + "total": 3 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c183\u003eMar 28 11:23:25 cisco-ise-host CISE_Identity_Stores_Diagnostics 0000000132 3 1 SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth2," + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 183 + } + }, + "message": "SelectedAccessService=AuthenticateUserAPI, AcsSessionID=cisco-ise-host/437837646/2, AuthenticationMethod=PAP_ASCII, CurrentIDStoreName=Internal Users, CPMSessionID=cisco-ise-host:userauth2,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log new file mode 100644 index 00000000000..fb62948ea1f --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log @@ -0,0 +1,6 @@ +<180>Feb 23 06:11:12 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000000890 1 0 2022-02-23 06:11:12.793 +00:00 0000000945 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=240, DestinationPort=9025, LoggerName=Test_TCP, +<179>Mar 3 09:19:04 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000082575 1 0 2022-03-03 09:19:04.559 +00:00 0000082642 34120 ERROR Profiler: Profiler failed to get the connection to NAC Manager, ConfigVersionId=1628, +<180>Mar 3 09:24:09 isehost CISE_Internal_Operations_Diagnostics 0000040852 1 0 2022-03-03 09:24:09.011 +00:00 0000040898 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA, +<180>Mar 3 09:24:39 isehost CISE_Internal_Operations_Diagnostics 0000040857 1 0 2022-03-03 09:24:39.014 +00:00 0000040903 34127 WARN System-Management: Remote syslog target connection resume, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA, +<183>Mar 3 00:00:00 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000079939 1 0 2022-03-03 00:00:00.480 +00:00 0000080006 32025 DEBUG Logging: Rolled over local storage file, ConfigVersionId=1543, LogFileName=/opt/CSCOcpm/logs/localStore//iseLocalStore.log.2022-03-02-00-00-00-478, LogErrorMessage=LOG_OK_NO_ERROR, +<180>Mar 28 10:51:49 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000000083 2 1 LoggerName=Test_TCP, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json new file mode 100644 index 00000000000..b2c56effc8b --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -0,0 +1,370 @@ +{ + "expected": [ + { + "@timestamp": "2022-02-23T06:11:12.793Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "config_version": { + "id": 240 + }, + "logger": { + "name": "Test_TCP" + }, + "message": { + "code": "34126", + "description": "System-Management: Remote syslog target is unavailable", + "id": "0000000890" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "destination": { + "port": 9025 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c180\u003eFeb 23 06:11:12 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000000890 1 0 2022-02-23 06:11:12.793 +00:00 0000000945 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=240, DestinationPort=9025, LoggerName=Test_TCP,", + "sequence": 945, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-02-23 06:11:12.793 +00:00 0000000945 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=240, DestinationPort=9025, LoggerName=Test_TCP,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:19:04.559Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "message": { + "code": "34120", + "description": "Profiler: Profiler failed to get the connection to NAC Manager", + "id": "0000082575" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "profiler", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c179\u003eMar 3 09:19:04 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000082575 1 0 2022-03-03 09:19:04.559 +00:00 0000082642 34120 ERROR Profiler: Profiler failed to get the connection to NAC Manager, ConfigVersionId=1628,", + "sequence": 82642, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-03 09:19:04.559 +00:00 0000082642 34120 ERROR Profiler: Profiler failed to get the connection to NAC Manager, ConfigVersionId=1628,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:24:09.011Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "config_version": { + "id": 795 + }, + "logger": { + "name": "TCP Collector QA" + }, + "message": { + "code": "34126", + "description": "System-Management: Remote syslog target is unavailable", + "id": "0000040852" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "destination": { + "port": 9005 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 09:24:09 isehost CISE_Internal_Operations_Diagnostics 0000040852 1 0 2022-03-03 09:24:09.011 +00:00 0000040898 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA,", + "sequence": 40898, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 09:24:09.011 +00:00 0000040898 34126 WARN System-Management: Remote syslog target is unavailable, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:24:39.014Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "config_version": { + "id": 795 + }, + "logger": { + "name": "TCP Collector QA" + }, + "message": { + "code": "34127", + "description": "System-Management: Remote syslog target connection resume", + "id": "0000040857" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "destination": { + "port": 9005 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "system-management", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 09:24:39 isehost CISE_Internal_Operations_Diagnostics 0000040857 1 0 2022-03-03 09:24:39.014 +00:00 0000040903 34127 WARN System-Management: Remote syslog target connection resume, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA,", + "sequence": 40903, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 09:24:39.014 +00:00 0000040903 34127 WARN System-Management: Remote syslog target connection resume, ConfigVersionId=795, DestinationPort=9005, LoggerName=TCP Collector QA,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T00:00:00.480Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "config_version": { + "id": 1543 + }, + "error": { + "message": "LOG_OK_NO_ERROR" + }, + "file": { + "name": "/opt/CSCOcpm/logs/localStore//iseLocalStore.log.2022-03-02-00-00-00-478" + }, + "message": { + "code": "32025", + "description": "Logging: Rolled over local storage file", + "id": "0000079939" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "logging", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 00:00:00 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000079939 1 0 2022-03-03 00:00:00.480 +00:00 0000080006 32025 DEBUG Logging: Rolled over local storage file, ConfigVersionId=1543, LogFileName=/opt/CSCOcpm/logs/localStore//iseLocalStore.log.2022-03-02-00-00-00-478, LogErrorMessage=LOG_OK_NO_ERROR,", + "sequence": 80006, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 00:00:00.480 +00:00 0000080006 32025 DEBUG Logging: Rolled over local storage file, ConfigVersionId=1543, LogFileName=/opt/CSCOcpm/logs/localStore//iseLocalStore.log.2022-03-02-00-00-00-478, LogErrorMessage=LOG_OK_NO_ERROR,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-28T10:51:49.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Internal_Operations_Diagnostics" + }, + "logger": { + "name": "Test_TCP" + }, + "message": { + "id": "0000000083" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c180\u003eMar 28 10:51:49 cisco-ise-host CISE_Internal_Operations_Diagnostics 0000000083 2 1 LoggerName=Test_TCP,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 180 + } + }, + "message": "LoggerName=Test_TCP,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log new file mode 100644 index 00000000000..1faf1b85579 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log @@ -0,0 +1,4 @@ +<182>Mar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082658 1 0 2022-03-03 09:24:53.393 +00:00 0000082725 88004 INFO MyDevices: Successfully deleted the device (endpoint), ConfigVersionId=1629, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:00, EPIdentityGroup=Unknown, Staticassignment=false, EndPointProfiler=ise.host.local, EndPointPolicy=Xerox-Device, DeviceName=test, DeviceRegistrationStatus=NotRegistered, ResponseTime=35, +<182>Mar 3 09:24:40 cisco-ise-host CISE_MyDevices 0000082656 1 0 2022-03-03 09:24:40.424 +00:00 0000082723 88010 INFO MyDevices: Successfully registered/provisioned the device (endpoint), ConfigVersionId=1628, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:01, EPIdentityGroup=RegisteredDevices, Staticassignment=true, EndPointProfiler=ise.host.local, EndPointPolicy=Unknown, DeviceName=test2, DeviceRegistrationStatus=Pending, ResponseTime=35 +<179>Mar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082659 1 0 2022-03-03 09:24:53.482 +00:00 0000082726 88013 ERROR MyDevices: Failed to perform a CoA termination, ConfigVersionId=1629, EPMacAddress=00:00:00:00:00:00, EndpointCoA=Terminate, +<182>Mar 28 11:46:57 cisco-ise-host CISE_MyDevices 0000000231 4 1 AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.host.local, EPMacAddress=12:34:52:24:24:32, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json new file mode 100644 index 00000000000..b2bac19eec9 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -0,0 +1,338 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T09:24:53.393Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_MyDevices" + }, + "config_version": { + "id": 1629 + }, + "device": { + "name": "test", + "registration_status": "NotRegistered" + }, + "endpoint": { + "policy": "Xerox-Device", + "profiler": "ise.host.local" + }, + "ep": { + "identity_group": "Unknown", + "mac": { + "address": "00:00:00:00:00:00" + } + }, + "identity": { + "group": "ALL_ACCOUNTS (default)" + }, + "message": { + "code": "88004", + "description": "MyDevices: Successfully deleted the device (endpoint)", + "id": "0000082658" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "ise.host.local" + }, + "response": { + "time": 35 + }, + "segment": { + "number": 0, + "total": 1 + }, + "static": { + "assignment": false + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082658 1 0 2022-03-03 09:24:53.393 +00:00 0000082725 88004 INFO MyDevices: Successfully deleted the device (endpoint), ConfigVersionId=1629, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:00, EPIdentityGroup=Unknown, Staticassignment=false, EndPointProfiler=ise.host.local, EndPointPolicy=Xerox-Device, DeviceName=test, DeviceRegistrationStatus=NotRegistered, ResponseTime=35,", + "sequence": 82725, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:24:53.393 +00:00 0000082725 88004 INFO MyDevices: Successfully deleted the device (endpoint), ConfigVersionId=1629, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:00, EPIdentityGroup=Unknown, Staticassignment=false, EndPointProfiler=ise.host.local, EndPointPolicy=Xerox-Device, DeviceName=test, DeviceRegistrationStatus=NotRegistered, ResponseTime=35,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "test" + ] + }, + "source": { + "ip": "81.2.69.144" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test" + } + }, + { + "@timestamp": "2022-03-03T09:24:40.424Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_MyDevices" + }, + "config_version": { + "id": 1628 + }, + "device": { + "name": "test2", + "registration_status": "Pending" + }, + "endpoint": { + "policy": "Unknown", + "profiler": "ise.host.local" + }, + "ep": { + "identity_group": "RegisteredDevices", + "mac": { + "address": "00:00:00:00:00:01" + } + }, + "identity": { + "group": "ALL_ACCOUNTS (default)" + }, + "message": { + "code": "88010", + "description": "MyDevices: Successfully registered/provisioned the device (endpoint)", + "id": "0000082656" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "ise.host.local" + }, + "segment": { + "number": 0, + "total": 1 + }, + "static": { + "assignment": true + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 3 09:24:40 cisco-ise-host CISE_MyDevices 0000082656 1 0 2022-03-03 09:24:40.424 +00:00 0000082723 88010 INFO MyDevices: Successfully registered/provisioned the device (endpoint), ConfigVersionId=1628, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:01, EPIdentityGroup=RegisteredDevices, Staticassignment=true, EndPointProfiler=ise.host.local, EndPointPolicy=Unknown, DeviceName=test2, DeviceRegistrationStatus=Pending, ResponseTime=35", + "sequence": 82723, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-03 09:24:40.424 +00:00 0000082723 88010 INFO MyDevices: Successfully registered/provisioned the device (endpoint), ConfigVersionId=1628, UserName=test, IpAddress=81.2.69.144, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=ise.host.local, EPMacAddress=00:00:00:00:00:01, EPIdentityGroup=RegisteredDevices, Staticassignment=true, EndPointProfiler=ise.host.local, EndPointPolicy=Unknown, DeviceName=test2, DeviceRegistrationStatus=Pending, ResponseTime=35", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "test" + ] + }, + "source": { + "ip": "81.2.69.144" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "test" + } + }, + { + "@timestamp": "2022-03-03T09:24:53.482Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_MyDevices" + }, + "config_version": { + "id": 1629 + }, + "endpoint": { + "coa": "Terminate" + }, + "ep": { + "mac": { + "address": "00:00:00:00:00:00" + } + }, + "message": { + "code": "88013", + "description": "MyDevices: Failed to perform a CoA termination", + "id": "0000082659" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "mydevices", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c179\u003eMar 3 09:24:53 cisco-ise-host CISE_MyDevices 0000082659 1 0 2022-03-03 09:24:53.482 +00:00 0000082726 88013 ERROR MyDevices: Failed to perform a CoA termination, ConfigVersionId=1629, EPMacAddress=00:00:00:00:00:00, EndpointCoA=Terminate,", + "sequence": 82726, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2022-03-03 09:24:53.482 +00:00 0000082726 88013 ERROR MyDevices: Failed to perform a CoA termination, ConfigVersionId=1629, EPMacAddress=00:00:00:00:00:00, EndpointCoA=Terminate,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-28T11:46:57.000Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users" + }, + "category": { + "name": "CISE_MyDevices" + }, + "ep": { + "mac": { + "address": "12:34:52:24:24:32" + } + }, + "identity": { + "group": "Any" + }, + "message": { + "id": "0000000231" + }, + "portal": { + "name": "My Devices Portal (default)" + }, + "psn": { + "hostname": "cisco-ise-host.host.local" + }, + "segment": { + "number": 1, + "total": 4 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 28 11:46:57 cisco-ise-host CISE_MyDevices 0000000231 4 1 AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.host.local, EPMacAddress=12:34:52:24:24:32,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=Any, PsnHostName=cisco-ise-host.host.local, EPMacAddress=12:34:52:24:24:32,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log new file mode 100644 index 00000000000..5e9d7123e7a --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log @@ -0,0 +1,5 @@ +<181>Mar 3 11:37:34 cisco-ise-host CISE_Passed_Authentications 0000083423 1 0 2022-03-03 11:37:34.978 +00:00 0000083490 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=1696, Device IP Address=81.2.69.143, DestinationIPAddress=81.2.69.193, DestinationPort=1812, UserName=92-09-00-00-00-01, Protocol=Radius, NetworkDeviceName=Simulator, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=gigabitEthernet1/0/1, Airespace-Wlan-Id=3, OriginalUserName=92-09-00-00-00-01, MisconfiguredClientFixReason=Passed, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, RadiusFlowType=WirelessMAB, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, UseCase=Host Lookup, RequestLatency=90, Step=11001, Step=11017, Step=11117, Step=11027, Step=15049, Step=15008, Step=15041, Step=15048, Step=15013, Step=24209, Step=24217, Step=22056, Step=22058, Step=22060, Step=24715, Step=15036, Step=24209, Step=24217, Step=15016, Step=11002, Step=5239, SelectedAuthenticationIdentityStores=Internal Endpoints, AuthenticationStatus=UnknownUser, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, EndPointMACAddress=92-09-00-00-00-01, PostureAssessmentStatus=Pending, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, StepData=7= Normalised Radius.RadiusFlowType, StepData=8=Internal Endpoints, TotalAuthenLatency=90, ClientLatency=0, allowEasyWiredSession=false, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M&portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7&action=cwa&type=drw&token=65402552fb76ff96c08edaab722f880e; LicenseTypes=1; }, +<181>Mar 2 13:27:48 cisco-ise-host CISE_Passed_Authentications 0000077038 1 0 2022-03-02 13:27:48.625 +00:00 0000077104 5231 NOTICE Guest: Guest Authentication Passed, ConfigVersionId=1459, AuthenticationMethod=PAP_ASCII, UserType=NON_GUEST, UserName=test, IpAddress=81.2.69.145, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=cisco-ise-host.local, GuestUserName=test, ResponseTime=21, Step=5231, +<181>Feb 23 21:44:54 cisco-ise-host CISE_Passed_Authentications 0000000028 1 0 2021-02-23 21:44:54.276 +00:00 0000001707 5233 NOTICE Passed-Authentication: TrustSec Data Download Succeeded, ConfigVersionId=9, Device IP Address=81.2.69.144, DestinationIPAddress=81.2.69.144, DestinationPort=1645, UserName=#CTSREQUEST#, Protocol=Radius, RequestLatency=281, NetworkDeviceName=ASAv-vpn, User-Name=#CTSREQUEST#, NAS-IP-Address=81.2.69.144, NAS-Port=2, NAS-Port-Type=Virtual, cisco-av-pair=cts-environment-version=1, cisco-av-pair=cts-environment-data=ASAv-vpn, cisco-av-pair=cts-device-capability=env-data-fragment, cisco-av-pair=cts-pac-opaque=****, cisco-av-pair=coa-push=true, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=8ade1f15-aef1-4a9a-8158-d02e835179db, IsThirdPartyDeviceFlow=false, AcsSessionID=ise/403491114/1, SelectedAccessService=NDAC_SGT_Service, Step=11001, Step=11017, Step=11117, Step=15012, Step=15036, Step=15006, Step=11002, NetworkDeviceGroups=Location#All Locations#dCloud, NetworkDeviceGroups=Device Type#All Device Types#Security Devices#VPN, AuthorizationPolicyMatchedRule=Default, CPMSessionID=c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg, ISEPolicySetName=NetworkDeviceAuthorization, DTLSSupport=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#dCloud, Device Type=Device Type#All Device Types#Security Devices#VPN, Response={Class=CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1; cisco-av-pair=cts:server-list=CTSServerList1-0001; cisco-av-pair=cts:security-group-tag=0002-11; cisco-av-pair=cts:environment-data-expiry=86400; cisco-av-pair=cts:security-group-table=0001-46; }, +<181>Mar 3 09:11:58 cisco-ise-host CISE_Passed_Authentications 0000082517 1 0 2022-03-03 09:11:58.729 +00:00 0000082584 5239 NOTICE RADIUS: NAS problem was fixed, ConfigVersionId=1626, NAS-IP-Address=81.2.69.145, MisconfiguredClientFixReason=Silent, Step=5239, +<181>Mar 3 09:11:58 cisco-ise-host CISE_Passed_Authentications 0000082547 3 1 ConfigVersionId=1626, NAS-IP-Address=81.2.69.144, MisconfiguredClientFixReason=Silent, Step=5234, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json new file mode 100644 index 00000000000..74f833bf024 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -0,0 +1,639 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T11:37:34.978Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "airespace": { + "wlan": { + "id": 3 + } + }, + "allow": { + "easy": { + "wired": { + "session": "false" + } + } + }, + "auth": { + "policy": { + "matched": { + "rule": "Hotspot" + } + } + }, + "authentication": { + "method": "Lookup", + "status": "UnknownUser" + }, + "calling_station": { + "id": "92:09:00:00:00:01" + }, + "category": { + "name": "CISE_Passed_Authentications" + }, + "client": { + "latency": 0 + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "device": { + "type": "Device Type#All Device Types" + }, + "dtls_support": "Unknown", + "endpoint": { + "mac": { + "address": "92-09-00-00-00-01" + } + }, + "identity": { + "policy": { + "matched": { + "rule": "MAB" + } + }, + "selection": { + "matched": { + "rule": "MAB" + } + } + }, + "ipsec": "IPSEC#Is IPSEC Device#No", + "is_third_party_device_flow": false, + "ise": { + "policy": { + "set_name": "Default" + } + }, + "location": "Location#All Locations", + "log_details": "ConfigVersionId=1696, Device IP Address=81.2.69.143, DestinationIPAddress=81.2.69.193, DestinationPort=1812, UserName=92-09-00-00-00-01, Protocol=Radius, NetworkDeviceName=Simulator, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=gigabitEthernet1/0/1, Airespace-Wlan-Id=3, OriginalUserName=92-09-00-00-00-01, MisconfiguredClientFixReason=Passed, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, RadiusFlowType=WirelessMAB, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, UseCase=Host Lookup, RequestLatency=90, Step=11001, Step=11017, Step=11117, Step=11027, Step=15049, Step=15008, Step=15041, Step=15048, Step=15013, Step=24209, Step=24217, Step=22056, Step=22058, Step=22060, Step=24715, Step=15036, Step=24209, Step=24217, Step=15016, Step=11002, Step=5239, SelectedAuthenticationIdentityStores=Internal Endpoints, AuthenticationStatus=UnknownUser, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, EndPointMACAddress=92-09-00-00-00-01, PostureAssessmentStatus=Pending, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, StepData=7= Normalised Radius.RadiusFlowType, StepData=8=Internal Endpoints, TotalAuthenLatency=90, ClientLatency=0, allowEasyWiredSession=false, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; LicenseTypes=1; }", + "message": { + "code": "5200", + "description": "Passed-Authentication: Authentication succeeded", + "id": "0000083423" + }, + "misconfigured": { + "client": { + "fix": { + "reason": "Passed" + } + } + }, + "model": { + "name": "Unknown" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "id": "gigabitEthernet1/0/1", + "number": 86, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "IPSEC#Is IPSEC Device#No", + "Location#All Locations", + "Device Type#All Device Types" + ], + "name": "Simulator", + "profile": "Cisco", + "profile_id": "b0699505-3150-4215-a80e-6753d45bf56c", + "profile_name": "Cisco" + } + }, + "posture": { + "assessment": { + "status": "Pending" + } + }, + "radius": { + "flow": { + "type": "WirelessMAB" + } + }, + "request": { + "latency": 90 + }, + "response": { + "Class": "CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126", + "LicenseTypes": "1", + "cisco-av-pair": [ + "url-redirect-acl=REDIRECT", + "url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e" + ] + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + }, + "authentication": { + "identity_stores": "Internal Endpoints" + }, + "authorization": { + "profiles": "hotspot" + } + }, + "service": { + "type": "Call Check" + }, + "step": [ + "11001", + "11017", + "11117", + "11027", + "15049", + "15008", + "15041", + "15048", + "15013", + "24209", + "24217", + "22056", + "22058", + "22060", + "24715", + "15036", + "24209", + "24217", + "15016", + "11002", + "5239" + ], + "step_data": [ + "7= Normalised Radius.RadiusFlowType", + "8=Internal Endpoints" + ], + "total": { + "authen": { + "latency": 90 + } + }, + "usecase": "Host Lookup" + } + }, + "client": { + "ip": "81.2.69.143" + }, + "destination": { + "ip": "81.2.69.193", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "passed-authentication", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 11:37:34 cisco-ise-host CISE_Passed_Authentications 0000083423 1 0 2022-03-03 11:37:34.978 +00:00 0000083490 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=1696, Device IP Address=81.2.69.143, DestinationIPAddress=81.2.69.193, DestinationPort=1812, UserName=92-09-00-00-00-01, Protocol=Radius, NetworkDeviceName=Simulator, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=gigabitEthernet1/0/1, Airespace-Wlan-Id=3, OriginalUserName=92-09-00-00-00-01, MisconfiguredClientFixReason=Passed, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, RadiusFlowType=WirelessMAB, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, UseCase=Host Lookup, RequestLatency=90, Step=11001, Step=11017, Step=11117, Step=11027, Step=15049, Step=15008, Step=15041, Step=15048, Step=15013, Step=24209, Step=24217, Step=22056, Step=22058, Step=22060, Step=24715, Step=15036, Step=24209, Step=24217, Step=15016, Step=11002, Step=5239, SelectedAuthenticationIdentityStores=Internal Endpoints, AuthenticationStatus=UnknownUser, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, EndPointMACAddress=92-09-00-00-00-01, PostureAssessmentStatus=Pending, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, StepData=7= Normalised Radius.RadiusFlowType, StepData=8=Internal Endpoints, TotalAuthenLatency=90, ClientLatency=0, allowEasyWiredSession=false, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; LicenseTypes=1; },", + "sequence": 83490, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 11:37:34.978 +00:00 0000083490 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=1696, Device IP Address=81.2.69.143, DestinationIPAddress=81.2.69.193, DestinationPort=1812, UserName=92-09-00-00-00-01, Protocol=Radius, NetworkDeviceName=Simulator, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, NAS-Port-Id=gigabitEthernet1/0/1, Airespace-Wlan-Id=3, OriginalUserName=92-09-00-00-00-01, MisconfiguredClientFixReason=Passed, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, RadiusFlowType=WirelessMAB, AcsSessionID=cisco-ise-host/435083133/126, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, UseCase=Host Lookup, RequestLatency=90, Step=11001, Step=11017, Step=11117, Step=11027, Step=15049, Step=15008, Step=15041, Step=15048, Step=15013, Step=24209, Step=24217, Step=22056, Step=22058, Step=22060, Step=24715, Step=15036, Step=24209, Step=24217, Step=15016, Step=11002, Step=5239, SelectedAuthenticationIdentityStores=Internal Endpoints, AuthenticationStatus=UnknownUser, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=Location#All Locations, NetworkDeviceGroups=Device Type#All Device Types, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, EndPointMACAddress=92-09-00-00-00-01, PostureAssessmentStatus=Pending, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, StepData=7= Normalised Radius.RadiusFlowType, StepData=8=Internal Endpoints, TotalAuthenLatency=90, ClientLatency=0, allowEasyWiredSession=false, DTLSSupport=Unknown, Model Name=Unknown, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; LicenseTypes=1; },", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.193" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-02T13:27:48.625Z", + "cisco_ise": { + "log": { + "authentication": { + "identity_store": "Internal Users", + "method": "PAP_ASCII" + }, + "category": { + "name": "CISE_Passed_Authentications" + }, + "config_version": { + "id": 1459 + }, + "guest": { + "user": { + "name": "test" + } + }, + "identity": { + "group": "ALL_ACCOUNTS (default)" + }, + "log_details": "ConfigVersionId=1459, AuthenticationMethod=PAP_ASCII, UserType=NON_GUEST, UserName=test, IpAddress=81.2.69.145, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=cisco-ise-host.local, GuestUserName=test, ResponseTime=21, Step=5231", + "message": { + "code": "5231", + "description": "Guest: Guest Authentication Passed", + "id": "0000077038" + }, + "portal": { + "name": "Self-Registered Guest Portal (default)" + }, + "psn": { + "hostname": "cisco-ise-host.local" + }, + "response": { + "time": 21 + }, + "segment": { + "number": 0, + "total": 1 + }, + "step": "5231", + "user": { + "type": "NON_GUEST" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "guest", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 2 13:27:48 cisco-ise-host CISE_Passed_Authentications 0000077038 1 0 2022-03-02 13:27:48.625 +00:00 0000077104 5231 NOTICE Guest: Guest Authentication Passed, ConfigVersionId=1459, AuthenticationMethod=PAP_ASCII, UserType=NON_GUEST, UserName=test, IpAddress=81.2.69.145, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=cisco-ise-host.local, GuestUserName=test, ResponseTime=21, Step=5231,", + "sequence": 77104, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-02 13:27:48.625 +00:00 0000077104 5231 NOTICE Guest: Guest Authentication Passed, ConfigVersionId=1459, AuthenticationMethod=PAP_ASCII, UserType=NON_GUEST, UserName=test, IpAddress=81.2.69.145, AuthenticationIdentityStore=Internal Users, PortalName=Self-Registered Guest Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=cisco-ise-host.local, GuestUserName=test, ResponseTime=21, Step=5231,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.145" + ], + "user": [ + "test" + ] + }, + "source": { + "ip": "81.2.69.145" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "test" + ] + } + }, + { + "@timestamp": "2021-02-23T21:44:54.276Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "ise/403491114/1" + } + }, + "auth": { + "policy": { + "matched": { + "rule": "Default" + } + } + }, + "category": { + "name": "CISE_Passed_Authentications" + }, + "config_version": { + "id": 9 + }, + "cpm": { + "session": { + "id": "c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg" + } + }, + "device": { + "type": "Device Type#All Device Types#Security Devices#VPN" + }, + "dtls_support": "Unknown", + "is_third_party_device_flow": false, + "ise": { + "policy": { + "set_name": "NetworkDeviceAuthorization" + } + }, + "location": "Location#All Locations#dCloud", + "log_details": "ConfigVersionId=9, Device IP Address=81.2.69.144, DestinationIPAddress=81.2.69.144, DestinationPort=1645, UserName=#CTSREQUEST#, Protocol=Radius, RequestLatency=281, NetworkDeviceName=ASAv-vpn, User-Name=#CTSREQUEST#, NAS-IP-Address=81.2.69.144, NAS-Port=2, NAS-Port-Type=Virtual, cisco-av-pair=cts-environment-version=1, cisco-av-pair=cts-environment-data=ASAv-vpn, cisco-av-pair=cts-device-capability=env-data-fragment, cisco-av-pair=cts-pac-opaque=****, cisco-av-pair=coa-push=true, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=8ade1f15-aef1-4a9a-8158-d02e835179db, IsThirdPartyDeviceFlow=false, AcsSessionID=ise/403491114/1, SelectedAccessService=NDAC_SGT_Service, Step=11001, Step=11017, Step=11117, Step=15012, Step=15036, Step=15006, Step=11002, NetworkDeviceGroups=Location#All Locations#dCloud, NetworkDeviceGroups=Device Type#All Device Types#Security Devices#VPN, AuthorizationPolicyMatchedRule=Default, CPMSessionID=c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg, ISEPolicySetName=NetworkDeviceAuthorization, DTLSSupport=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#dCloud, Device Type=Device Type#All Device Types#Security Devices#VPN, Response={Class=CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1; cisco-av-pair=cts:server-list=CTSServerList1-0001; cisco-av-pair=cts:security-group-tag=0002-11; cisco-av-pair=cts:environment-data-expiry=86400; cisco-av-pair=cts:security-group-table=0001-46; }", + "message": { + "code": "5233", + "description": "Passed-Authentication: TrustSec Data Download Succeeded", + "id": "0000000028" + }, + "nas": { + "ip": "81.2.69.144", + "port": { + "number": 2, + "type": "Virtual" + } + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#dCloud", + "Device Type#All Device Types#Security Devices#VPN" + ], + "name": "ASAv-vpn", + "profile": "Cisco", + "profile_id": "8ade1f15-aef1-4a9a-8158-d02e835179db", + "profile_name": "Cisco" + } + }, + "request": { + "latency": 281 + }, + "response": { + "Class": "CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1", + "cisco-av-pair": [ + "cts:server-list=CTSServerList1-0001", + "cts:security-group-tag=0002-11", + "cts:environment-data-expiry=86400", + "cts:security-group-table=0001-46" + ] + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "NDAC_SGT_Service" + } + }, + "step": [ + "11001", + "11017", + "11117", + "15012", + "15036", + "15006", + "11002" + ] + } + }, + "client": { + "ip": "81.2.69.144" + }, + "destination": { + "ip": "81.2.69.144", + "port": 1645 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "passed-authentication", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eFeb 23 21:44:54 cisco-ise-host CISE_Passed_Authentications 0000000028 1 0 2021-02-23 21:44:54.276 +00:00 0000001707 5233 NOTICE Passed-Authentication: TrustSec Data Download Succeeded, ConfigVersionId=9, Device IP Address=81.2.69.144, DestinationIPAddress=81.2.69.144, DestinationPort=1645, UserName=#CTSREQUEST#, Protocol=Radius, RequestLatency=281, NetworkDeviceName=ASAv-vpn, User-Name=#CTSREQUEST#, NAS-IP-Address=81.2.69.144, NAS-Port=2, NAS-Port-Type=Virtual, cisco-av-pair=cts-environment-version=1, cisco-av-pair=cts-environment-data=ASAv-vpn, cisco-av-pair=cts-device-capability=env-data-fragment, cisco-av-pair=cts-pac-opaque=****, cisco-av-pair=coa-push=true, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=8ade1f15-aef1-4a9a-8158-d02e835179db, IsThirdPartyDeviceFlow=false, AcsSessionID=ise/403491114/1, SelectedAccessService=NDAC_SGT_Service, Step=11001, Step=11017, Step=11117, Step=15012, Step=15036, Step=15006, Step=11002, NetworkDeviceGroups=Location#All Locations#dCloud, NetworkDeviceGroups=Device Type#All Device Types#Security Devices#VPN, AuthorizationPolicyMatchedRule=Default, CPMSessionID=c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg, ISEPolicySetName=NetworkDeviceAuthorization, DTLSSupport=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#dCloud, Device Type=Device Type#All Device Types#Security Devices#VPN, Response={Class=CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1; cisco-av-pair=cts:server-list=CTSServerList1-0001; cisco-av-pair=cts:security-group-tag=0002-11; cisco-av-pair=cts:environment-data-expiry=86400; cisco-av-pair=cts:security-group-table=0001-46; },", + "sequence": 1707, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2021-02-23 21:44:54.276 +00:00 0000001707 5233 NOTICE Passed-Authentication: TrustSec Data Download Succeeded, ConfigVersionId=9, Device IP Address=81.2.69.144, DestinationIPAddress=81.2.69.144, DestinationPort=1645, UserName=#CTSREQUEST#, Protocol=Radius, RequestLatency=281, NetworkDeviceName=ASAv-vpn, User-Name=#CTSREQUEST#, NAS-IP-Address=81.2.69.144, NAS-Port=2, NAS-Port-Type=Virtual, cisco-av-pair=cts-environment-version=1, cisco-av-pair=cts-environment-data=ASAv-vpn, cisco-av-pair=cts-device-capability=env-data-fragment, cisco-av-pair=cts-pac-opaque=****, cisco-av-pair=coa-push=true, NetworkDeviceProfileName=Cisco, NetworkDeviceProfileId=8ade1f15-aef1-4a9a-8158-d02e835179db, IsThirdPartyDeviceFlow=false, AcsSessionID=ise/403491114/1, SelectedAccessService=NDAC_SGT_Service, Step=11001, Step=11017, Step=11117, Step=15012, Step=15036, Step=15006, Step=11002, NetworkDeviceGroups=Location#All Locations#dCloud, NetworkDeviceGroups=Device Type#All Device Types#Security Devices#VPN, AuthorizationPolicyMatchedRule=Default, CPMSessionID=c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg, ISEPolicySetName=NetworkDeviceAuthorization, DTLSSupport=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#dCloud, Device Type=Device Type#All Device Types#Security Devices#VPN, Response={Class=CACS:c612851bJ4_5zUNfXSy7PCu6hSY3K1tPzLJOLXwVfJMIFdTrUjg:ise/403491114/1; cisco-av-pair=cts:server-list=CTSServerList1-0001; cisco-av-pair=cts:security-group-tag=0002-11; cisco-av-pair=cts:environment-data-expiry=86400; cisco-av-pair=cts:security-group-table=0001-46; },", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "#CTSREQUEST#" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "#CTSREQUEST#" + ] + } + }, + { + "@timestamp": "2022-03-03T09:11:58.729Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Passed_Authentications" + }, + "config_version": { + "id": 1626 + }, + "log_details": "ConfigVersionId=1626, NAS-IP-Address=81.2.69.145, MisconfiguredClientFixReason=Silent, Step=5239", + "message": { + "code": "5239", + "description": "RADIUS: NAS problem was fixed", + "id": "0000082517" + }, + "misconfigured": { + "client": { + "fix": { + "reason": "Silent" + } + } + }, + "nas": { + "ip": "81.2.69.145" + }, + "segment": { + "number": 0, + "total": 1 + }, + "step": "5239" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 09:11:58 cisco-ise-host CISE_Passed_Authentications 0000082517 1 0 2022-03-03 09:11:58.729 +00:00 0000082584 5239 NOTICE RADIUS: NAS problem was fixed, ConfigVersionId=1626, NAS-IP-Address=81.2.69.145, MisconfiguredClientFixReason=Silent, Step=5239,", + "sequence": 82584, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 09:11:58.729 +00:00 0000082584 5239 NOTICE RADIUS: NAS problem was fixed, ConfigVersionId=1626, NAS-IP-Address=81.2.69.145, MisconfiguredClientFixReason=Silent, Step=5239,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.145" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T09:11:58.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Passed_Authentications" + }, + "config_version": { + "id": 1626 + }, + "log_details": "ConfigVersionId=1626, NAS-IP-Address=81.2.69.144, MisconfiguredClientFixReason=Silent, Step=5234", + "message": { + "id": "0000082547" + }, + "misconfigured": { + "client": { + "fix": { + "reason": "Silent" + } + } + }, + "nas": { + "ip": "81.2.69.144" + }, + "segment": { + "number": 1, + "total": 3 + }, + "step": "5234" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c181\u003eMar 3 09:11:58 cisco-ise-host CISE_Passed_Authentications 0000082547 3 1 ConfigVersionId=1626, NAS-IP-Address=81.2.69.144, MisconfiguredClientFixReason=Silent, Step=5234," + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "ConfigVersionId=1626, NAS-IP-Address=81.2.69.144, MisconfiguredClientFixReason=Silent, Step=5234,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log new file mode 100644 index 00000000000..09467144283 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log @@ -0,0 +1,8 @@ +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083407 1 0 2022-03-03 11:37:34.891 +00:00 0000083474 15008 DEBUG Policy: Evaluating Service Selection Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082648 1 0 2022-03-03 09:24:13.235 +00:00 0000082715 15013 DEBUG Policy: Selected Identity Source, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CurrentIDStoreName=Internal Users, CPMSessionID=isehost:userauth20, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083420 1 0 2022-03-03 11:37:34.958 +00:00 0000083487 15016 DEBUG Policy: Selected Authorization Profile, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083417 1 0 2022-03-03 11:37:34.932 +00:00 0000083484 15036 DEBUG Policy: Evaluating Authorization Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, IdentityPolicyMatchedRule=MAB, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB, +<183>Mar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082646 1 0 2022-03-03 09:24:13.233 +00:00 0000082713 15041 DEBUG Policy: Evaluating Identity Policy, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CPMSessionID=isehost:userauth20, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083409 1 0 2022-03-03 11:37:34.900 +00:00 0000083476 15048 DEBUG Policy: Queried PIP, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=IdentityPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, +<183>Mar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083406 1 0 2022-03-03 11:37:34.890 +00:00 0000083473 15049 DEBUG Policy: Evaluating Policy Group, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<183>Mar 28 11:23:25 cisco-ise-host CISE_Policy_Diagnostics 0000000129 2 1 SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=cisco-ise-host/437837646/2, CPMSessionID=cisco-ise-host:userauth2, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json new file mode 100644 index 00000000000..5dc2a922e35 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -0,0 +1,778 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T11:37:34.891Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "message": { + "code": "15008", + "description": "Policy: Evaluating Service Selection Policy", + "id": "0000083407" + }, + "policy": { + "type": "ServiceSelectionPolicy" + }, + "request": { + "received_time": "2022-03-03T11:37:34.000Z" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083407 1 0 2022-03-03 11:37:34.891 +00:00 0000083474 15008 DEBUG Policy: Evaluating Service Selection Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "sequence": 83474, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.891 +00:00 0000083474 15008 DEBUG Policy: Evaluating Service Selection Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-03T09:24:13.235Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/115" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth20" + } + }, + "currentid": { + "store_name": "Internal Users" + }, + "message": { + "code": "15013", + "description": "Policy: Selected Identity Source", + "id": "0000082648" + }, + "policy": { + "type": "IdentityPolicy" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082648 1 0 2022-03-03 09:24:13.235 +00:00 0000082715 15013 DEBUG Policy: Selected Identity Source, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CurrentIDStoreName=Internal Users, CPMSessionID=isehost:userauth20,", + "sequence": 82715, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:24:13.235 +00:00 0000082715 15013 DEBUG Policy: Selected Identity Source, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CurrentIDStoreName=Internal Users, CPMSessionID=isehost:userauth20,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "test" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "test" + ] + } + }, + { + "@timestamp": "2022-03-03T11:37:34.958Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "auth": { + "policy": { + "matched": { + "rule": "Hotspot" + } + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "identity": { + "policy": { + "matched": { + "rule": "MAB" + } + }, + "selection": { + "matched": { + "rule": "MAB" + } + } + }, + "ise": { + "policy": { + "set_name": "Default" + } + }, + "message": { + "code": "15016", + "description": "Policy: Selected Authorization Profile", + "id": "0000083420" + }, + "policy": { + "type": "RadiusAuthorizationPolicy" + }, + "request": { + "received_time": "2022-03-03T11:37:34.000Z" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + }, + "authorization": { + "profiles": "hotspot" + } + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083420 1 0 2022-03-03 11:37:34.958 +00:00 0000083487 15016 DEBUG Policy: Selected Authorization Profile, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB,", + "sequence": 83487, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.958 +00:00 0000083487 15016 DEBUG Policy: Selected Authorization Profile, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=hotspot, IdentityPolicyMatchedRule=MAB, AuthorizationPolicyMatchedRule=Hotspot, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-03T11:37:34.932Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "identity": { + "policy": { + "matched": { + "rule": "MAB" + } + }, + "selection": { + "matched": { + "rule": "MAB" + } + } + }, + "ise": { + "policy": { + "set_name": "Default" + } + }, + "message": { + "code": "15036", + "description": "Policy: Evaluating Authorization Policy", + "id": "0000083417" + }, + "policy": { + "type": "RadiusAuthorizationPolicy" + }, + "request": { + "received_time": "2022-03-03T11:37:34.000Z" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083417 1 0 2022-03-03 11:37:34.932 +00:00 0000083484 15036 DEBUG Policy: Evaluating Authorization Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, IdentityPolicyMatchedRule=MAB, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB,", + "sequence": 83484, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.932 +00:00 0000083484 15036 DEBUG Policy: Evaluating Authorization Policy, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=RadiusAuthorizationPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, IdentityPolicyMatchedRule=MAB, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default, IdentitySelectionMatchedRule=MAB,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-03T09:24:13.233Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/115" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1628 + }, + "cpm": { + "session": { + "id": "isehost:userauth20" + } + }, + "message": { + "code": "15041", + "description": "Policy: Evaluating Identity Policy", + "id": "0000082646" + }, + "policy": { + "type": "IdentityPolicy" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 09:24:13 cisco-ise-host CISE_Policy_Diagnostics 0000082646 1 0 2022-03-03 09:24:13.233 +00:00 0000082713 15041 DEBUG Policy: Evaluating Identity Policy, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CPMSessionID=isehost:userauth20,", + "sequence": 82713, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 09:24:13.233 +00:00 0000082713 15041 DEBUG Policy: Evaluating Identity Policy, ConfigVersionId=1628, Device IP Address=81.2.69.143, UserName=test, SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=isehost/435083133/115, CPMSessionID=isehost:userauth20,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "test" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "test" + ] + } + }, + { + "@timestamp": "2022-03-03T11:37:34.900Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "ise": { + "policy": { + "set_name": "Default" + } + }, + "message": { + "code": "15048", + "description": "Policy: Queried PIP", + "id": "0000083409" + }, + "policy": { + "type": "IdentityPolicy" + }, + "request": { + "received_time": "2022-03-03T11:37:34.000Z" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083409 1 0 2022-03-03 11:37:34.900 +00:00 0000083476 15048 DEBUG Policy: Queried PIP, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=IdentityPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default,", + "sequence": 83476, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.900 +00:00 0000083476 15048 DEBUG Policy: Queried PIP, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=IdentityPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, ISEPolicySetName=Default,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-03T11:37:34.890Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "isehost/435083133/126" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "message": { + "code": "15049", + "description": "Policy: Evaluating Policy Group", + "id": "0000083406" + }, + "policy": { + "type": "ServiceSelectionPolicy" + }, + "request": { + "received_time": "2022-03-03T11:37:34.000Z" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "policy", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_Policy_Diagnostics 0000083406 1 0 2022-03-03 11:37:34.890 +00:00 0000083473 15049 DEBUG Policy: Evaluating Policy Group, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "sequence": 83473, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.890 +00:00 0000083473 15049 DEBUG Policy: Evaluating Policy Group, ConfigVersionId=1696, Device IP Address=81.2.69.143, UserName=92-09-00-00-00-01, Protocol=Radius, RequestReceivedTime=1646307454, PolicyType=ServiceSelectionPolicy, OriginalUserName=92-09-00-00-00-01, AcsSessionID=isehost/435083133/126, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "network": { + "protocol": "radius" + }, + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": [ + "92-09-00-00-00-01" + ] + } + }, + { + "@timestamp": "2022-03-28T11:23:25.000Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/437837646/2" + } + }, + "category": { + "name": "CISE_Policy_Diagnostics" + }, + "cpm": { + "session": { + "id": "cisco-ise-host:userauth2" + } + }, + "message": { + "id": "0000000129" + }, + "policy": { + "type": "IdentityPolicy" + }, + "segment": { + "number": 1, + "total": 2 + }, + "selected": { + "access": { + "service": "AuthenticateUserAPI" + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 28 11:23:25 cisco-ise-host CISE_Policy_Diagnostics 0000000129 2 1 SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=cisco-ise-host/437837646/2, CPMSessionID=cisco-ise-host:userauth2,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 183 + } + }, + "message": "SelectedAccessService=AuthenticateUserAPI, PolicyType=IdentityPolicy, AcsSessionID=cisco-ise-host/437837646/2, CPMSessionID=cisco-ise-host:userauth2,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log new file mode 100644 index 00000000000..85d429c1be7 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log @@ -0,0 +1,2 @@ +<181>Feb 26 22:15:22 cisco-ise-host CISE_Posture_and_Client_Provisioning_Audit 0000000959 1 0 2021-02-26 22:15:22.379 +00:00 0000004348 87751 NOTICE EPS: Endpoint Protection Service has obtained the result of an operation, ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.145, OperationStatus=RUNNING, AdminName=abc@abc.com.com, +<181>Feb 26 22:15:22 cisco-ise-host CISE_Posture_and_Client_Provisioning_Audit 0000000789 2 1 ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.144, OperationStatus=RUNNING, AdminName=xyz@xyz.com.com, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json new file mode 100644 index 00000000000..9c067dc0e43 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -0,0 +1,139 @@ +{ + "expected": [ + { + "@timestamp": "2021-02-26T22:15:22.379Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Posture_and_Client_Provisioning_Audit" + }, + "config_version": { + "id": 88 + }, + "message": { + "code": "87751", + "description": "EPS: Endpoint Protection Service has obtained the result of an operation", + "id": "0000000959" + }, + "operation": { + "id": "ise.securitydemo.net:1", + "status": "RUNNING", + "type": "CLEAR_POLICY_BY_IP:81.2.69.145" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "user": { + "name": "abc@abc.com.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eps", + "category": [ + "malware" + ], + "kind": "event", + "original": "\u003c181\u003eFeb 26 22:15:22 cisco-ise-host CISE_Posture_and_Client_Provisioning_Audit 0000000959 1 0 2021-02-26 22:15:22.379 +00:00 0000004348 87751 NOTICE EPS: Endpoint Protection Service has obtained the result of an operation, ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.145, OperationStatus=RUNNING, AdminName=abc@abc.com.com,", + "sequence": 4348, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2021-02-26 22:15:22.379 +00:00 0000004348 87751 NOTICE EPS: Endpoint Protection Service has obtained the result of an operation, ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.145, OperationStatus=RUNNING, AdminName=abc@abc.com.com,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "abc@abc.com.com" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-02-26T22:15:22.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Posture_and_Client_Provisioning_Audit" + }, + "config_version": { + "id": 88 + }, + "message": { + "id": "0000000789" + }, + "operation": { + "id": "ise.securitydemo.net:1", + "status": "RUNNING", + "type": "CLEAR_POLICY_BY_IP:81.2.69.144" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "client": { + "user": { + "name": "xyz@xyz.com.com" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "malware" + ], + "kind": "event", + "original": "\u003c181\u003eFeb 26 22:15:22 cisco-ise-host CISE_Posture_and_Client_Provisioning_Audit 0000000789 2 1 ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.144, OperationStatus=RUNNING, AdminName=xyz@xyz.com.com,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "ConfigVersionId=88, OperationID=ise.securitydemo.net:1, OperationType=CLEAR_POLICY_BY_IP:81.2.69.144, OperationStatus=RUNNING, AdminName=xyz@xyz.com.com,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "user": [ + "xyz@xyz.com.com" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log new file mode 100644 index 00000000000..228b82d7bcd --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log @@ -0,0 +1,3 @@ +<182>Apr 27 11:11:47 hijk.xyz.com CISE_RADIUS_Accounting 0000070618 1 0 2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC +<182>Apr 27 11:18:08 tuv.w.xyz.com CISE_RADIUS_Accounting 0000142722 1 0 2020-04-27 11:18:08.144167 -08:00 0096217580 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=4, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52= +<182>Apr 27 11:18:08 tuv.w.xyz.com CISE_RADIUS_Accounting 0000142672 2 1 ConfigVersionId=35, Device IP Address=81.2.69.144, RequestLatency=8, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=17, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52= diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json new file mode 100644 index 00000000000..8de554567bd --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -0,0 +1,391 @@ +{ + "expected": [ + { + "@timestamp": "2020-04-27T11:11:47.028-08:00", + "cisco_ise": { + "log": { + "acct": { + "authentic": "RADIUS", + "session": { + "id": "00000000/d4:ca:6d:14:87:3b/20879" + }, + "status": { + "type": "Start" + } + }, + "acs": { + "session": { + "id": "hijk.xyz.com/176956368/1092777" + } + }, + "airespace": { + "wlan": { + "id": 1 + } + }, + "allowed_protocol": { + "matched": { + "rule": "Default" + } + }, + "called_station": { + "id": "00-24-97-69-7a-c0" + }, + "calling_station": { + "id": "d4-ca-6d-14-87-3b" + }, + "category": { + "name": "CISE_RADIUS_Accounting" + }, + "class": "CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772", + "config_version": { + "id": 33 + }, + "cpm": { + "session": { + "id": "0a222bc0000000d123e111f0" + } + }, + "event": { + "timestamp": "2014-01-10T07:59:55.000Z" + }, + "framed": { + "ip": "89.160.20.112" + }, + "location": "Location#All Locations#SJC#WNBU", + "message": { + "code": "3000", + "description": "Radius-Accounting: RADIUS Accounting start request", + "id": "0000070618" + }, + "nas": { + "identifier": "Acme_fe:56:00", + "ip": "81.2.69.145", + "port": { + "number": 13, + "type": "Wireless - IEEE 802.11" + } + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#SJC#WNBU", + "Device Type#All Device Types#Wireless#WLC" + ], + "name": "WNBU-WLC1" + } + }, + "request": { + "latency": 6 + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "step": [ + "11004", + "11017", + "15049", + "15008", + "15048", + "15048", + "15048", + "15004", + "15006", + "11005" + ], + "tunnel": { + "medium": { + "type": "(tag=0) 802" + }, + "private": { + "group_id": "(tag=0) 70" + }, + "type": "(tag=0) VLAN" + } + } + }, + "client": { + "ip": "81.2.69.145" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius-accounting", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eApr 27 11:11:47 hijk.xyz.com CISE_RADIUS_Accounting 0000070618 1 0 2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC", + "sequence": 91827141, + "timezone": "-08:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "hijk.xyz.com" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC", + "related": { + "hosts": [ + "hijk.xyz.com" + ], + "ip": [ + "81.2.69.145", + "89.160.20.112" + ], + "user": [ + "nisehorrrrn" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "nisehorrrrn" + } + }, + { + "@timestamp": "2020-04-27T11:18:08.144-08:00", + "cisco_ise": { + "log": { + "acct": { + "authentic": "RADIUS", + "delay_time": 0, + "input": { + "octets": 43000, + "packets": 471 + }, + "output": { + "octets": 140998, + "packets": 262 + }, + "session": { + "id": "0000AAAA/5c:0a:5b:43:3f:79/24927", + "time": 209 + }, + "status": { + "type": "Stop" + }, + "terminate_cause": "User Request" + }, + "called_station": { + "id": "00-24-97-69-7a-c0" + }, + "calling_station": { + "id": "5c-0a-5b-43-3f-79" + }, + "category": { + "name": "CISE_RADIUS_Accounting" + }, + "class": "CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568", + "config_version": { + "id": 33 + }, + "framed": { + "ip": "89.160.20.112" + }, + "message": { + "code": "3001", + "description": "Radius-Accounting: RADIUS Accounting stop request", + "id": "0000142722" + }, + "nas": { + "identifier": "Cisco_fe:56:00", + "ip": "81.2.69.145", + "port": { + "number": 13 + } + }, + "network": { + "device": { + "name": "WNBU-WLC1" + } + }, + "request": { + "latency": 4 + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.145" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius-accounting", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eApr 27 11:18:08 tuv.w.xyz.com CISE_RADIUS_Accounting 0000142722 1 0 2020-04-27 11:18:08.144167 -08:00 0096217580 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=4, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52=", + "sequence": 96217580, + "timezone": "-08:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "tuv.w.xyz.com" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-04-27 11:18:08.144167 -08:00 0096217580 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=4, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52=", + "related": { + "hosts": [ + "tuv.w.xyz.com" + ], + "ip": [ + "81.2.69.145", + "89.160.20.112" + ], + "user": [ + "businesskent" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "businesskent" + } + }, + { + "@timestamp": "2022-04-27T11:18:08.000Z", + "cisco_ise": { + "log": { + "acct": { + "authentic": "RADIUS", + "delay_time": 0, + "input": { + "octets": 43000, + "packets": 471 + }, + "output": { + "octets": 140998, + "packets": 262 + }, + "session": { + "id": "0000AAAA/5c:0a:5b:43:3f:79/24927", + "time": 209 + }, + "status": { + "type": "Stop" + }, + "terminate_cause": "User Request" + }, + "called_station": { + "id": "00-24-97-69-7a-c0" + }, + "calling_station": { + "id": "5c-0a-5b-43-3f-79" + }, + "category": { + "name": "CISE_RADIUS_Accounting" + }, + "class": "CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568", + "config_version": { + "id": 35 + }, + "framed": { + "ip": "89.160.20.112" + }, + "message": { + "id": "0000142672" + }, + "nas": { + "identifier": "Cisco_fe:56:00", + "ip": "81.2.69.145", + "port": { + "number": 17 + } + }, + "network": { + "device": { + "name": "WNBU-WLC1" + } + }, + "request": { + "latency": 8 + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "client": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eApr 27 11:18:08 tuv.w.xyz.com CISE_RADIUS_Accounting 0000142672 2 1 ConfigVersionId=35, Device IP Address=81.2.69.144, RequestLatency=8, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=17, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52=", + "type": [ + "info" + ] + }, + "host": { + "hostname": "tuv.w.xyz.com" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "ConfigVersionId=35, Device IP Address=81.2.69.144, RequestLatency=8, NetworkDeviceName=WNBU-WLC1, User-Name=businesskent, NAS-IP-Address=81.2.69.145, NAS-Port=17, Framed-IP-Address=89.160.20.112, Class=CACS:0a202506000193a252d04b55:tuv.w.xyz.com/176956368/1154568, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=5c-0a-5b-43-3f-79, NAS-Identifier=Cisco_fe:56:00, Acct-Status-Type=Stop, Acct-Delay-Time=0, Acct-Input-Octets=43000, Acct-Output-Octets=140998, Acct-Session-Id=0000AAAA/5c:0a:5b:43:3f:79/24927, Acct-Authentic=RADIUS, Acct-Session-Time=209, Acct-Input-Packets=471, Acct-Output-Packets=262, Acct-Terminate-Cause=User Request, undefined-52=", + "related": { + "hosts": [ + "tuv.w.xyz.com" + ], + "ip": [ + "81.2.69.144", + "81.2.69.145", + "89.160.20.112" + ], + "user": [ + "businesskent" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "businesskent" + } + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log new file mode 100644 index 00000000000..23c3728d01d --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log @@ -0,0 +1,27 @@ +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076010 1 0 2022-03-02 10:54:40.275 +00:00 0000076076 11001 DEBUG RADIUS: Received RADIUS Access-Request, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<183>Mar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083421 1 0 2022-03-03 11:37:34.978 +00:00 0000083488 11002 DEBUG RADIUS: Returned RADIUS Access-Accept, ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, SelectedAccessService=Default Network Access, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={RadiusPacketType=AccessAccept; AuthenticationResult=UnknownUser; Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M&portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7&action=cwa&type=drw&token=65402552fb76ff96c08edaab722f880e; }, +<183>Mar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075815 1 0 2022-03-02 10:30:25.393 +00:00 0000075881 11004 DEBUG RADIUS: Received RADIUS Accounting-Request, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, AcsSessionID=cisco-ise-host/435083133/79, +<183>Mar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075821 1 0 2022-03-02 10:30:25.398 +00:00 0000075887 11005 DEBUG RADIUS: Returned RADIUS Accounting-Response, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusPacketType=AccountingRequest, RadiusIdentifier=6, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/79, SelectedAccessService=Default Network Access, CPMSessionID=0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076021 1 0 2022-03-02 10:54:40.278 +00:00 0000076087 11006 DEBUG RADIUS: Returned RADIUS Access-Challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, Response={RadiusPacketType=AccessChallenge; }, +<180>Feb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004585 1 0 2021-03-16 09:29:43.770 +00:00 0000004680 11015 WARN RADIUS: An Access-Request MUST contain at least a NAS-IP-Address, NAS-IPv6-Address, or a NAS-Identifier; Continue processing, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=53985, DestinationIPAddress=81.2.69.144, DestinationPort=0073, RadiusIdentifier=13, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=89:aa:11:00:00:01, Acct-Status-Type=Stop, Acct-Session-Id=11000001, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/405244497/3, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075998 1 0 2022-03-02 10:54:40.194 +00:00 0000076064 11017 DEBUG RADIUS: RADIUS created a new session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076011 1 0 2022-03-02 10:54:40.275 +00:00 0000076077 11018 DEBUG RADIUS: RADIUS is re-using an existing session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<183>Mar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083405 1 0 2022-03-03 11:37:34.890 +00:00 0000083472 11027 DEBUG RADIUS: Detected Host Lookup UseCase (Service-Type = Call Check (10)), ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, +<180>Mar 3 09:40:42 cisco-ise-host CISE_RADIUS_Diagnostics 0000082784 1 0 2022-03-03 09:40:42.552 +00:00 0000082851 11036 WARN RADIUS: The Message-Authenticator RADIUS attribute is invalid, ConfigVersionId=1655, Device IP Address=81.2.69.143, Device Port=35893, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusIdentifier=2, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/120, +<180>Mar 3 09:14:59 cisco-ise-host CISE_RADIUS_Diagnostics 0000082552 1 0 2022-03-03 09:14:59.500 +00:00 0000082619 11038 WARN RADIUS: RADIUS Accounting-Request header contains invalid Authenticator field, ConfigVersionId=1626, Device IP Address=81.2.69.143, Device Port=51906, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusIdentifier=4, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/107, +<183>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075999 1 0 2022-03-02 10:54:40.195 +00:00 0000076065 11117 DEBUG RADIUS: Generated a new session ID, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076002 1 0 2022-03-02 10:54:40.197 +00:00 0000076068 11507 INFO EAP: Extracted EAP-Response/Identity, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Feb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004570 1 0 2021-03-16 09:29:43.648 +00:00 0000004648 11823 INFO EAP: EAP-MSCHAP authentication attempt failed, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=56430, DestinationIPAddress=81.2.69.144, DestinationPort=0072, RadiusPacketType=AccessRequest, RadiusIdentifier=9, User-Name=employee1, NAS-IP-Address=81.2.69.144, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\;36SessionID=cisco-ise-host/405244497/1\;, Session-Timeout=30, Calling-Station-ID=89-AA-11-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/405244497/1, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified\, Retry is allowed, EapTunnel=PEAP, EapAuthentication=EAP-MSCHAPv2, CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4, Response={AuthenticationResult=Failed; }, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076008 1 0 2022-03-02 10:54:40.265 +00:00 0000076074 12300 INFO EAP: Prepared EAP-Request proposing PEAP with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076007 1 0 2022-03-02 10:54:40.264 +00:00 0000076073 12301 INFO EAP: Extracted EAP-Response/NAK requesting to use PEAP instead, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076012 1 0 2022-03-02 10:54:40.275 +00:00 0000076078 12302 INFO EAP: Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076020 1 0 2022-03-02 10:54:40.277 +00:00 0000076086 12305 INFO EAP: Prepared EAP-Request with another PEAP challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076019 1 0 2022-03-02 10:54:40.277 +00:00 0000076085 12307 INFO EAP: PEAP authentication failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<180>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076018 1 0 2022-03-02 10:54:40.277 +00:00 0000076084 12309 WARN EAP: PEAP handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076013 1 0 2022-03-02 10:54:40.276 +00:00 0000076079 12318 INFO EAP: Successfully negotiated PEAP version 0, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076003 1 0 2022-03-02 10:54:40.198 +00:00 0000076069 12500 INFO EAP: Prepared EAP-Request proposing EAP-TLS with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076014 1 0 2022-03-02 10:54:40.276 +00:00 0000076080 12800 INFO EAP: Extracted first TLS record; TLS handshake started, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:53:10 cisco-ise-host CISE_RADIUS_Diagnostics 0000075982 1 0 2022-03-02 10:53:10.702 +00:00 0000076048 12805 INFO EAP: Extracted TLS ClientHello message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=48443, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/82, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076016 1 0 2022-03-02 10:54:40.276 +00:00 0000076082 12814 INFO EAP: Prepared TLS Alert message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076017 1 0 2022-03-02 10:54:40.276 +00:00 0000076083 12817 INFO EAP: TLS handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, +<182>Mar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076017 3 1 ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39817, DestinationIPAddress=81.2.69.144, DestinationPort=1892, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=20, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json new file mode 100644 index 00000000000..0bed2cd3834 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -0,0 +1,3032 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-02T10:54:40.275Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "11001", + "description": "RADIUS: Received RADIUS Access-Request", + "id": "0000076010" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076010 1 0 2022-03-02 10:54:40.275 +00:00 0000076076 11001 DEBUG RADIUS: Received RADIUS Access-Request, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76076, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:54:40.275 +00:00 0000076076 11001 DEBUG RADIUS: Received RADIUS Access-Request, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "testDevice1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "testDevice1" + } + }, + { + "@timestamp": "2022-03-03T11:37:34.978Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "airespace": { + "wlan": { + "id": 3 + } + }, + "calling_station": { + "id": "92:09:00:00:00:01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "log_details": "ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, SelectedAccessService=Default Network Access, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={RadiusPacketType=AccessAccept; AuthenticationResult=UnknownUser; Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; }", + "message": { + "code": "11002", + "description": "RADIUS: Returned RADIUS Access-Accept", + "id": "0000083421" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 86, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 2, + "response": { + "AuthenticationResult": "UnknownUser", + "Class": "CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126", + "RadiusPacketType": "AccessAccept", + "cisco-av-pair": [ + "url-redirect-acl=REDIRECT", + "url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e" + ] + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "usecase": "Host Lookup" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 35123 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083421 1 0 2022-03-03 11:37:34.978 +00:00 0000083488 11002 DEBUG RADIUS: Returned RADIUS Access-Accept, ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, SelectedAccessService=Default Network Access, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={RadiusPacketType=AccessAccept; AuthenticationResult=UnknownUser; Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; },", + "sequence": 83488, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.978 +00:00 0000083488 11002 DEBUG RADIUS: Returned RADIUS Access-Accept, ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, SelectedAccessService=Default Network Access, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M, Response={RadiusPacketType=AccessAccept; AuthenticationResult=UnknownUser; Class=CACS:0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M:cisco-ise-host/435083133/126; cisco-av-pair=url-redirect-acl=REDIRECT; cisco-av-pair=url-redirect=https://cisco-ise-host.cdsys.local:8443/portal/gateway?sessionId=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M\u0026portal=77b653c9-924d-41a5-a5c3-1c40c4e7a5a7\u0026action=cwa\u0026type=drw\u0026token=65402552fb76ff96c08edaab722f880e; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "service": { + "type": "Call Check" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "92-09-00-00-00-01" + } + }, + { + "@timestamp": "2022-03-02T10:30:25.393Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/79" + } + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1381 + }, + "log_details": "ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, AcsSessionID=cisco-ise-host/435083133/79", + "message": { + "code": "11004", + "description": "RADIUS: Received RADIUS Accounting-Request", + "id": "0000075815" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 47730 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1813 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075815 1 0 2022-03-02 10:30:25.393 +00:00 0000075881 11004 DEBUG RADIUS: Received RADIUS Accounting-Request, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, AcsSessionID=cisco-ise-host/435083133/79,", + "sequence": 75881, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:30:25.393 +00:00 0000075881 11004 DEBUG RADIUS: Received RADIUS Accounting-Request, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, AcsSessionID=cisco-ise-host/435083133/79,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144", + "81.2.69.143" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-02T10:30:25.398Z", + "cisco_ise": { + "log": { + "acct": { + "session": { + "id": "00-00-01" + }, + "status": { + "type": "Stop" + } + }, + "acs": { + "session": { + "id": "cisco-ise-host/435083133/79" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1381 + }, + "cpm": { + "session": { + "id": "0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo" + } + }, + "log_details": "ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusPacketType=AccountingRequest, RadiusIdentifier=6, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/79, SelectedAccessService=Default Network Access, CPMSessionID=0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo", + "message": { + "code": "11005", + "description": "RADIUS: Returned RADIUS Accounting-Response", + "id": "0000075821" + }, + "nas": { + "port": { + "number": 86, + "type": "Ethernet" + } + }, + "radius": { + "packet": { + "type": "AccountingRequest" + } + }, + "radius_identifier": 6, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 47730 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1813 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:30:25 cisco-ise-host CISE_RADIUS_Diagnostics 0000075821 1 0 2022-03-02 10:30:25.398 +00:00 0000075887 11005 DEBUG RADIUS: Returned RADIUS Accounting-Response, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusPacketType=AccountingRequest, RadiusIdentifier=6, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/79, SelectedAccessService=Default Network Access, CPMSessionID=0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo,", + "sequence": 75887, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:30:25.398 +00:00 0000075887 11005 DEBUG RADIUS: Returned RADIUS Accounting-Response, ConfigVersionId=1381, Device IP Address=81.2.69.143, Device Port=47730, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusPacketType=AccountingRequest, RadiusIdentifier=6, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/79, SelectedAccessService=Default Network Access, CPMSessionID=0a0009cc/2Fl2YA6dnR0d0WayxawhKg5MlkqPkPBGJbhvXrvHlo,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144", + "81.2.69.143" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-02T10:54:40.278Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, Response={RadiusPacketType=AccessChallenge; }", + "message": { + "code": "11006", + "description": "RADIUS: Returned RADIUS Access-Challenge", + "id": "0000076021" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\"", + "stack": " 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "response": { + "RadiusPacketType": "AccessChallenge" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076021 1 0 2022-03-02 10:54:40.278 +00:00 0000076087 11006 DEBUG RADIUS: Returned RADIUS Access-Challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, Response={RadiusPacketType=AccessChallenge; },", + "sequence": 76087, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:54:40.278 +00:00 0000076087 11006 DEBUG RADIUS: Returned RADIUS Access-Challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc, Response={RadiusPacketType=AccessChallenge; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2021-03-16T09:29:43.770Z", + "cisco_ise": { + "log": { + "acct": { + "session": { + "id": "11000001" + }, + "status": { + "type": "Stop" + } + }, + "acs": { + "session": { + "id": "cisco-ise-host/405244497/3" + } + }, + "calling_station": { + "id": "89:aa:11:00:00:01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 104 + }, + "log_details": "ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=53985, DestinationIPAddress=81.2.69.144, DestinationPort=0073, RadiusIdentifier=13, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=89:aa:11:00:00:01, Acct-Status-Type=Stop, Acct-Session-Id=11000001, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/405244497/3", + "message": { + "code": "11015", + "description": "RADIUS: An Access-Request MUST contain at least a NAS-IP-Address NAS-IPv6-Address, or a NAS-Identifier; Continue processing", + "id": "0000004585" + }, + "nas": { + "port": { + "number": 86, + "type": "Ethernet" + } + }, + "radius_identifier": 13, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.144", + "port": 53985 + }, + "destination": { + "ip": "81.2.69.144", + "port": 73 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "iam" + ], + "kind": "event", + "original": "\u003c180\u003eFeb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004585 1 0 2021-03-16 09:29:43.770 +00:00 0000004680 11015 WARN RADIUS: An Access-Request MUST contain at least a NAS-IP-Address, NAS-IPv6-Address, or a NAS-Identifier; Continue processing, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=53985, DestinationIPAddress=81.2.69.144, DestinationPort=0073, RadiusIdentifier=13, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=89:aa:11:00:00:01, Acct-Status-Type=Stop, Acct-Session-Id=11000001, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/405244497/3,", + "sequence": 4680, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2021-03-16 09:29:43.770 +00:00 0000004680 11015 WARN RADIUS: An Access-Request MUST contain at least a NAS-IP-Address, NAS-IPv6-Address, or a NAS-Identifier; Continue processing, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=53985, DestinationIPAddress=81.2.69.144, DestinationPort=0073, RadiusIdentifier=13, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=89:aa:11:00:00:01, Acct-Status-Type=Stop, Acct-Session-Id=11000001, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/405244497/3,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-02T10:54:40.194Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83", + "message": { + "code": "11017", + "description": "RADIUS: RADIUS created a new session", + "id": "0000075998" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075998 1 0 2022-03-02 10:54:40.194 +00:00 0000076064 11017 DEBUG RADIUS: RADIUS created a new session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83,", + "sequence": 76064, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:54:40.194 +00:00 0000076064 11017 DEBUG RADIUS: RADIUS created a new session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144", + "81.2.69.143" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-02T10:54:40.275Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "11018", + "description": "RADIUS: RADIUS is re-using an existing session", + "id": "0000076011" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076011 1 0 2022-03-02 10:54:40.275 +00:00 0000076077 11018 DEBUG RADIUS: RADIUS is re-using an existing session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76077, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:54:40.275 +00:00 0000076077 11018 DEBUG RADIUS: RADIUS is re-using an existing session, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "testDevice1" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "testDevice1" + } + }, + { + "@timestamp": "2022-03-03T11:37:34.890Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/126" + } + }, + "airespace": { + "wlan": { + "id": 3 + } + }, + "calling_station": { + "id": "92:09:00:00:00:01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1696 + }, + "cpm": { + "session": { + "id": "0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M" + } + }, + "log_details": "ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M", + "message": { + "code": "11027", + "description": "RADIUS: Detected Host Lookup UseCase (Service-Type = Call Check (10))", + "id": "0000083405" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 86, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 2, + "segment": { + "number": 0, + "total": 1 + }, + "usecase": "Host Lookup" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 35123 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c183\u003eMar 3 11:37:34 cisco-ise-host CISE_RADIUS_Diagnostics 0000083405 1 0 2022-03-03 11:37:34.890 +00:00 0000083472 11027 DEBUG RADIUS: Detected Host Lookup UseCase (Service-Type = Call Check (10)), ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "sequence": 83472, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-03 11:37:34.890 +00:00 0000083472 11027 DEBUG RADIUS: Detected Host Lookup UseCase (Service-Type = Call Check (10)), ConfigVersionId=1696, Device IP Address=81.2.69.143, Device Port=35123, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=92-09-00-00-00-01, NAS-IP-Address=81.2.69.143, NAS-Port=86, Service-Type=Call Check, Calling-Station-ID=92:09:00:00:00:01, NAS-Port-Type=Wireless - IEEE 802.11, Airespace-Wlan-Id=3, AcsSessionID=cisco-ise-host/435083133/126, UseCase=Host Lookup, CPMSessionID=0a0009ccdD2BsLZMkW8ZRUAE/sDVf78pplxJC0wv2VwZR6N070M,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "92-09-00-00-00-01" + ] + }, + "service": { + "type": "Call Check" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "92-09-00-00-00-01" + } + }, + { + "@timestamp": "2022-03-03T09:40:42.552Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/120" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1655 + }, + "log_details": "ConfigVersionId=1655, Device IP Address=81.2.69.143, Device Port=35893, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusIdentifier=2, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/120", + "message": { + "code": "11036", + "description": "RADIUS: The Message-Authenticator RADIUS attribute is invalid", + "id": "0000082784" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius_identifier": 2, + "segment": { + "number": 0, + "total": 1 + }, + "session": { + "timeout": 30 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 35893 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 09:40:42 cisco-ise-host CISE_RADIUS_Diagnostics 0000082784 1 0 2022-03-03 09:40:42.552 +00:00 0000082851 11036 WARN RADIUS: The Message-Authenticator RADIUS attribute is invalid, ConfigVersionId=1655, Device IP Address=81.2.69.143, Device Port=35893, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusIdentifier=2, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/120,", + "sequence": 82851, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 09:40:42.552 +00:00 0000082851 11036 WARN RADIUS: The Message-Authenticator RADIUS attribute is invalid, ConfigVersionId=1655, Device IP Address=81.2.69.143, Device Port=35893, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusIdentifier=2, User-Name=testDevice1, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/120,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "testDevice1" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "testDevice1" + } + }, + { + "@timestamp": "2022-03-03T09:14:59.500Z", + "cisco_ise": { + "log": { + "acct": { + "session": { + "id": "00-00-01" + }, + "status": { + "type": "Stop" + } + }, + "acs": { + "session": { + "id": "cisco-ise-host/435083133/107" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1626 + }, + "log_details": "ConfigVersionId=1626, Device IP Address=81.2.69.143, Device Port=51906, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusIdentifier=4, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/107", + "message": { + "code": "11038", + "description": "RADIUS: RADIUS Accounting-Request header contains invalid Authenticator field", + "id": "0000082552" + }, + "nas": { + "port": { + "number": 86, + "type": "Ethernet" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 51906 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1813 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 09:14:59 cisco-ise-host CISE_RADIUS_Diagnostics 0000082552 1 0 2022-03-03 09:14:59.500 +00:00 0000082619 11038 WARN RADIUS: RADIUS Accounting-Request header contains invalid Authenticator field, ConfigVersionId=1626, Device IP Address=81.2.69.143, Device Port=51906, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusIdentifier=4, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/107,", + "sequence": 82619, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 09:14:59.500 +00:00 0000082619 11038 WARN RADIUS: RADIUS Accounting-Request header contains invalid Authenticator field, ConfigVersionId=1626, Device IP Address=81.2.69.143, Device Port=51906, DestinationIPAddress=81.2.69.144, DestinationPort=1813, RadiusIdentifier=4, NAS-Port=86, Service-Type=Framed, Calling-Station-ID=00-00-00-00-00-01, Acct-Status-Type=Stop, Acct-Session-Id=00-00-01, NAS-Port-Type=Ethernet, AcsSessionID=cisco-ise-host/435083133/107,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144", + "81.2.69.143" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-02T10:54:40.195Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83", + "message": { + "code": "11117", + "description": "RADIUS: Generated a new session ID", + "id": "0000075999" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 2, + "segment": { + "number": 0, + "total": 1 + }, + "session": { + "timeout": 30 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "session" + ], + "kind": "event", + "original": "\u003c183\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000075999 1 0 2022-03-02 10:54:40.195 +00:00 0000076065 11117 DEBUG RADIUS: Generated a new session ID, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83,", + "sequence": 76065, + "timezone": "+00:00", + "type": [ + "info", + "start" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "debug", + "syslog": { + "priority": 183, + "severity": { + "name": "debug" + } + } + }, + "message": "2022-03-02 10:54:40.195 +00:00 0000076065 11117 DEBUG RADIUS: Generated a new session ID, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.197Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "11507", + "description": "EAP: Extracted EAP-Response/Identity", + "id": "0000076002" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 2, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076002 1 0 2022-03-02 10:54:40.197 +00:00 0000076068 11507 INFO EAP: Extracted EAP-Response/Identity, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76068, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.197 +00:00 0000076068 11507 INFO EAP: Extracted EAP-Response/Identity, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2021-03-16T09:29:43.648Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/405244497/1" + } + }, + "calling_station": { + "id": "89-AA-11-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 104 + }, + "cpm": { + "session": { + "id": "0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4" + } + }, + "detailed_info": "Invalid username or password specified Retry is allowed", + "eap": { + "authentication": "EAP-MSCHAPv2", + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=56430, DestinationIPAddress=81.2.69.144, DestinationPort=0072, RadiusPacketType=AccessRequest, RadiusIdentifier=9, User-Name=employee1, NAS-IP-Address=81.2.69.144, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\\;36SessionID=cisco-ise-host/405244497/1\\;, Session-Timeout=30, Calling-Station-ID=89-AA-11-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/405244497/1, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified Retry is allowed, EapTunnel=PEAP, EapAuthentication=EAP-MSCHAPv2, CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4, Response={AuthenticationResult=Failed; }", + "message": { + "code": "11823", + "description": "EAP: EAP-MSCHAP authentication attempt failed", + "id": "0000004570" + }, + "nas": { + "ip": "81.2.69.144", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 9, + "response": { + "AuthenticationResult": "Failed" + }, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\\;36SessionID=cisco-ise-host/405244497/1\\;" + } + }, + "client": { + "ip": "81.2.69.144", + "port": 56430 + }, + "destination": { + "ip": "81.2.69.144", + "port": 72 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eFeb 16 09:29:43 cisco-ise-host CISE_RADIUS_Diagnostics 0000004570 1 0 2021-03-16 09:29:43.648 +00:00 0000004648 11823 INFO EAP: EAP-MSCHAP authentication attempt failed, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=56430, DestinationIPAddress=81.2.69.144, DestinationPort=0072, RadiusPacketType=AccessRequest, RadiusIdentifier=9, User-Name=employee1, NAS-IP-Address=81.2.69.144, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\\;36SessionID=cisco-ise-host/405244497/1\\;, Session-Timeout=30, Calling-Station-ID=89-AA-11-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/405244497/1, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified\\, Retry is allowed, EapTunnel=PEAP, EapAuthentication=EAP-MSCHAPv2, CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4, Response={AuthenticationResult=Failed; },", + "sequence": 4648, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2021-03-16 09:29:43.648 +00:00 0000004648 11823 INFO EAP: EAP-MSCHAP authentication attempt failed, ConfigVersionId=104, Device IP Address=81.2.69.144, Device Port=56430, DestinationIPAddress=81.2.69.144, DestinationPort=0072, RadiusPacketType=AccessRequest, RadiusIdentifier=9, User-Name=employee1, NAS-IP-Address=81.2.69.144, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4\\;36SessionID=cisco-ise-host/405244497/1\\;, Session-Timeout=30, Calling-Station-ID=89-AA-11-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/405244497/1, SelectedAccessService=Default Network Access, DetailedInfo=Invalid username or password specified\\, Retry is allowed, EapTunnel=PEAP, EapAuthentication=EAP-MSCHAPv2, CPMSessionID=0aa00002g0yr2CdbeWUPvhv9zXKDBoLPTFN7EhaI0iE1zKVe_p4, Response={AuthenticationResult=Failed; },", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "employee1" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "employee1" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.265Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12300", + "description": "EAP: Prepared EAP-Request proposing PEAP with challenge", + "id": "0000076008" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 3, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076008 1 0 2022-03-02 10:54:40.265 +00:00 0000076074 12300 INFO EAP: Prepared EAP-Request proposing PEAP with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76074, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.265 +00:00 0000076074 12300 INFO EAP: Prepared EAP-Request proposing PEAP with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.264Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12301", + "description": "EAP: Extracted EAP-Response/NAK requesting to use PEAP instead", + "id": "0000076007" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 3, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076007 1 0 2022-03-02 10:54:40.264 +00:00 0000076073 12301 INFO EAP: Extracted EAP-Response/NAK requesting to use PEAP instead, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76073, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.264 +00:00 0000076073 12301 INFO EAP: Extracted EAP-Response/NAK requesting to use PEAP instead, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=3, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.275Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12302", + "description": "EAP: Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated", + "id": "0000076012" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076012 1 0 2022-03-02 10:54:40.275 +00:00 0000076078 12302 INFO EAP: Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76078, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.275 +00:00 0000076078 12302 INFO EAP: Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.277Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12305", + "description": "EAP: Prepared EAP-Request with another PEAP challenge", + "id": "0000076020" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\"", + "stack": " 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076020 1 0 2022-03-02 10:54:40.277 +00:00 0000076086 12305 INFO EAP: Prepared EAP-Request with another PEAP challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76086, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.277 +00:00 0000076086 12305 INFO EAP: Prepared EAP-Request with another PEAP challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.277Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12307", + "description": "EAP: PEAP authentication failed", + "id": "0000076019" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\"", + "stack": " 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076019 1 0 2022-03-02 10:54:40.277 +00:00 0000076085 12307 INFO EAP: PEAP authentication failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76085, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.277 +00:00 0000076085 12307 INFO EAP: PEAP authentication failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.277Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12309", + "description": "EAP: PEAP handshake failed", + "id": "0000076018" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "openssl": { + "error": { + "message": "SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\"", + "stack": " 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c180\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076018 1 0 2022-03-02 10:54:40.277 +00:00 0000076084 12309 WARN EAP: PEAP handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76084, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-02 10:54:40.277 +00:00 0000076084 12309 WARN EAP: PEAP handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, OpenSSLErrorMessage=SSL alert: code=0x246=582 ; source=local ; type=fatal ; message=\\\"protocol version.ssl/statem/statem_srvr.c:1686 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol [error=337678594 lib=20 func=521 reason=258]\\\", OpenSSLErrorStack= 140449745684224:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.276Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12318", + "description": "EAP: Successfully negotiated PEAP version 0", + "id": "0000076013" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076013 1 0 2022-03-02 10:54:40.276 +00:00 0000076079 12318 INFO EAP: Successfully negotiated PEAP version 0, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76079, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.276 +00:00 0000076079 12318 INFO EAP: Successfully negotiated PEAP version 0, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.198Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12500", + "description": "EAP: Prepared EAP-Request proposing EAP-TLS with challenge", + "id": "0000076003" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 2, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + } + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication", + "network" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076003 1 0 2022-03-02 10:54:40.198 +00:00 0000076069 12500 INFO EAP: Prepared EAP-Request proposing EAP-TLS with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76069, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.198 +00:00 0000076069 12500 INFO EAP: Prepared EAP-Request proposing EAP-TLS with challenge, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=2, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.276Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12800", + "description": "EAP: Extracted first TLS record; TLS handshake started", + "id": "0000076014" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076014 1 0 2022-03-02 10:54:40.276 +00:00 0000076080 12800 INFO EAP: Extracted first TLS record; TLS handshake started, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76080, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.276 +00:00 0000076080 12800 INFO EAP: Extracted first TLS record; TLS handshake started, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:53:10.702Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/82" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=48443, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/82, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4", + "message": { + "code": "12805", + "description": "EAP: Extracted TLS ClientHello message", + "id": "0000075982" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 48443 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:53:10 cisco-ise-host CISE_RADIUS_Diagnostics 0000075982 1 0 2022-03-02 10:53:10.702 +00:00 0000076048 12805 INFO EAP: Extracted TLS ClientHello message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=48443, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/82, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4,", + "sequence": 76048, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:53:10.702 +00:00 0000076048 12805 INFO EAP: Extracted TLS ClientHello message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=48443, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4;29SessionID=cisco-ise-host/435083133/82;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/82, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccr8GsTnHMwaDTe8yR1gvRpH4qkGQ/x0TjxyMKOuFQB/4,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.276Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12814", + "description": "EAP: Prepared TLS Alert message", + "id": "0000076016" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication", + "network" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076016 1 0 2022-03-02 10:54:40.276 +00:00 0000076082 12814 INFO EAP: Prepared TLS Alert message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76082, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.276 +00:00 0000076082 12814 INFO EAP: Prepared TLS Alert message, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.276Z", + "cisco_ise": { + "log": { + "acs": { + "session": { + "id": "cisco-ise-host/435083133/83" + } + }, + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "code": "12817", + "description": "EAP: TLS handshake failed", + "id": "0000076017" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 0, + "total": 1 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 30 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39818 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1812 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "eap", + "category": [ + "authentication", + "network" + ], + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076017 1 0 2022-03-02 10:54:40.276 +00:00 0000076083 12817 INFO EAP: TLS handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "sequence": 76083, + "timezone": "+00:00", + "type": [ + "info", + "end" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2022-03-02 10:54:40.276 +00:00 0000076083 12817 INFO EAP: TLS handshake failed, ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39818, DestinationIPAddress=81.2.69.144, DestinationPort=1812, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=30, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, AcsSessionID=cisco-ise-host/435083133/83, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + }, + { + "@timestamp": "2022-03-02T10:54:40.000Z", + "cisco_ise": { + "log": { + "calling_station": { + "id": "00-00-00-00-00-01" + }, + "category": { + "name": "CISE_RADIUS_Diagnostics" + }, + "config_version": { + "id": 1383 + }, + "cpm": { + "session": { + "id": "0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc" + } + }, + "eap": { + "tunnel": "PEAP" + }, + "log_details": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39817, DestinationIPAddress=81.2.69.144, DestinationPort=1892, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=20, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc", + "message": { + "id": "0000076017" + }, + "nas": { + "ip": "81.2.69.143", + "port": { + "number": 1, + "type": "Wireless - IEEE 802.11" + } + }, + "radius": { + "packet": { + "type": "AccessRequest" + } + }, + "radius_identifier": 4, + "segment": { + "number": 1, + "total": 3 + }, + "selected": { + "access": { + "service": "Default Network Access" + } + }, + "session": { + "timeout": 20 + }, + "state": "64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;" + } + }, + "client": { + "ip": "81.2.69.143", + "port": 39817 + }, + "destination": { + "ip": "81.2.69.144", + "port": 1892 + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c182\u003eMar 2 10:54:40 cisco-ise-host CISE_RADIUS_Diagnostics 0000076017 3 1 ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39817, DestinationIPAddress=81.2.69.144, DestinationPort=1892, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=20, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc," + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "ConfigVersionId=1383, Device IP Address=81.2.69.143, Device Port=39817, DestinationIPAddress=81.2.69.144, DestinationPort=1892, RadiusPacketType=AccessRequest, RadiusIdentifier=4, User-Name=USERNAME, NAS-IP-Address=81.2.69.143, NAS-Port=1, Service-Type=Framed, State=64CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc;29SessionID=cisco-ise-host/435083133/83;, Session-Timeout=20, Calling-Station-ID=00-00-00-00-00-01, NAS-Port-Type=Wireless - IEEE 802.11, SelectedAccessService=Default Network Access, EapTunnel=PEAP, CPMSessionID=0a0009ccqDyAnAWJUIb_A9r1F7EclNP/asP/HfDHLoNi2qUcIMc,", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.143", + "81.2.69.144" + ], + "user": [ + "USERNAME" + ] + }, + "service": { + "type": "Framed" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "USERNAME" + } + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log new file mode 100644 index 00000000000..298f59d119c --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log @@ -0,0 +1,6 @@ +<181>Mar 3 10:10:23 isehost CISE_System_Statistics 0000082933 1 0 2022-03-03 10:10:23.294 +00:00 0000082999 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1659, SysStatsUtilizationCpu=7.32%, SysStatsUtilizationNetwork=eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0, SysStatsUtilizationNetwork=vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=42.82%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=19% /opt, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=19% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.65, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11987, ActiveSessionCount=-10, +<181>Mar 3 10:11:58 81.2.69.143 CISE_System_Statistics 0000041100 1 0 2022-03-03 10:11:58.749 +00:00 0000041146 70001 NOTICE System-Stats: ISE Process Health, ConfigVersionId=823, SysStatsAcsProcessHealth= Database Listener=running, PID: 10823; Database Server=running, number of processes: 77; Application Server=running, PID: 2290499; Profiler Database=running, PID: 2286839; ISE Indexing Engine=running, PID: 2301459; AD Connector=running, PID: 27766; M&T Session Database=running, PID: 2288787; M&T Log Processor=running, PID: 2311300; Certificate Authority Service=running, PID: 2312538; EST Service=running, PID: 2326338; SXP Engine Service=running, PID: 1753095; PassiveID WMI Service=running, PID: 2989686; PassiveID Syslog Service=running, PID: 2990191; PassiveID API Service=running, PID: 2990809; PassiveID Agent Service=running, PID: 2991433; PassiveID Endpoint Service=running, PID: 2991940; PassiveID SPAN Service=running, PID: 2992442; DHCP Server (dhcpd)=disabled; DNS Server (named)=disabled; ISE Messaging Service=running, PID: 2322856; ISE API Gateway Database Service=running, PID: 2291381; ISE API Gateway Service=running, PID: 2299091; Segmentation Policy Service=disabled; REST Auth Service=disabled; SSE Connector=disabled; Hermes (pxGrid Cloud Agent)=disabled, +<181>Mar 3 10:08:59 isehost CISE_System_Statistics 0000082925 1 0 2022-03-03 10:08:59.797 +00:00 0000082992 70011 NOTICE System-Stats: ISE Counters, ConfigVersionId=1659, OperationCounters=Counter=16_MnTLogProcessorN:149,16_CAServiceN:41,16_CAServiceT:114946,16_MnTLogProcessorU:14,16_MnTLogProcessorT:720447,16_CAServiceU:2,17_vaEventsReceived:0,16_SyslogU:0,16_SyslogT:0,16_RMIT:0,16_RMIU:0,16_GuestN:0,17_threatEventsReceived:0,16_GuestU:0,16_GuestT:0,16_SyslogN:0,16_MisservicesU:0,4_HostName_Event_Fetch_FromAD:0,16_MisservicesT:0,16_MisservicesN:0,16_DBServerN:83,13_Protocol_Runtime_Context:-10,16_AdminWebappT:0,16_AdminWebappU:0,16_DBServerU:18,16_DBServerT:911373,16_JVMN:0,16_DBListenerU:0,16_AdminWebappN:0,16_DBListenerT:0,16_JVMT:0,16_BYODN:0,16_JVMU:0,16_BYODT:0,16_DBListenerN:0,16_BYODU:0,16_MessageQueueT:0,17_eventsReceived:0,16_MessageQueueU:0,4_Probe_Requests_Dropped:0,4_Probe_Requests_Received:0,4_ArpCache_InsertUpdate_Received:0,17_coaIssued:0,16_MessageQueueN:0,16_iowait:4,16_MnTSessionDBT:13624,16_MnTSessionDBU:0,16_TCNACMongoDBT:0,16_TCNACMongoDBU:0,16_MnTSessionDBN:18,16_TCNACMongoDBN:0,16_NSFN:0,16_ProfilerDatabaseN:4,16_ProfilerDatabaseT:83251,16_ProfilerDatabaseU:2,16_NSFU:0,16_NSFT:0,16_QuartzN:0,4_EndpointCache_InsertUpdate_Received:4,16_QuartzT:0,16_VADT:0,16_VADU:0,16_ProfilerN:0,16_ProfilerT:0,16_VADN:0,16_ProfilerU:0,16_VAServiceN:39,16_VAServiceU:10,16_RMIN:0,16_VAServiceT:531482,4_RadiusPacketsReceived:27,16_TCNACCoreU:0,16_TCNACCoreT:0,16_QuartzU:0,4_NMAP_ScanEvent_Query:0,16_TCNACCoreN:0, +<181>Mar 10 09:11:50 isehost CISE_System_Statistics 0000038759 2 0 2022-03-10 09:11:50.030 +00:00 0000087130 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1596, SysStatsUtilizationCpu=6.59%, SysStatsUtilizationNetwork=vethdd5866ef: rcvd = 515119; sent = 343427 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=eth0: rcvd = 2098280; sent = 3063878 ;rcvd_dropped = 137; sent_dropped = 0, SysStatsUtilizationNetwork=veth0879da2f: rcvd = 99385; sent = 67337 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=cni-podman2: rcvd = 47440; sent = 50301 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=55.09%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=3% /tmp, SysStatsUtilizationDiskSpace=18% /opt, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=18% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, +<181>Mar 10 09:11:50 isehost CISE_System_Statistics 0000038759 2 1 AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.72, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11314, ActiveSessionCount=0, +<181>Mar 16 02:34:02 isehost CISE_System_Statistics 0000001282 2 1 DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.62, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11079, ActiveSessionCount=0, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json new file mode 100644 index 00000000000..d01a70cc346 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -0,0 +1,602 @@ +{ + "expected": [ + { + "@timestamp": "2022-03-03T10:10:23.294Z", + "cisco_ise": { + "log": { + "active_session": { + "count": -10 + }, + "average": { + "radius": { + "request": { + "latency": 0 + } + }, + "tacacs": { + "request": { + "latency": 0 + } + } + }, + "category": { + "name": "CISE_System_Statistics" + }, + "config_version": { + "id": 1659 + }, + "delta": { + "radius": { + "request": { + "count": 0 + } + }, + "tacacs": { + "request": { + "count": 0 + } + } + }, + "log_details": "ConfigVersionId=1659, SysStatsUtilizationCpu=7.32%, SysStatsUtilizationNetwork=eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0, SysStatsUtilizationNetwork=vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=42.82%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=19% /opt, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=19% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.65, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11987, ActiveSessionCount=-10", + "message": { + "code": "70000", + "description": "System-Stats: ISE Utilization", + "id": "0000082933" + }, + "segment": { + "number": 0, + "total": 1 + }, + "sysstats": { + "cpu": { + "count": 4 + }, + "process_memory_mb": 11987, + "utilization": { + "cpu": 7.32, + "disk": { + "io": 0.03, + "space": [ + "12% /", + "1% /tmp", + "17% /boot", + "19% /opt", + "2% /storedconfig", + "19% /opt/podman/containers/storage/overlay" + ] + }, + "load_avg": 0.65, + "memory": 42.82, + "network": [ + "eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0", + "vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0", + "veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0", + "veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0" + ] + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "category": [ + "host" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 10:10:23 isehost CISE_System_Statistics 0000082933 1 0 2022-03-03 10:10:23.294 +00:00 0000082999 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1659, SysStatsUtilizationCpu=7.32%, SysStatsUtilizationNetwork=eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0, SysStatsUtilizationNetwork=vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=42.82%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=19% /opt, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=19% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.65, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11987, ActiveSessionCount=-10,", + "sequence": 82999, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 10:10:23.294 +00:00 0000082999 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1659, SysStatsUtilizationCpu=7.32%, SysStatsUtilizationNetwork=eth3: rcvd = 955455; sent = 0 ;rcvd_dropped = 124; sent_dropped = 0, SysStatsUtilizationNetwork=vethbbd4eb0a: rcvd = 0; sent = 70 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth09eb1105: rcvd = 70; sent = 140 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=veth2f7196e5: rcvd = 1506; sent = 1616 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=42.82%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=1% /tmp, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=19% /opt, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=19% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0, AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.65, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11987, ActiveSessionCount=-10,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:11:58.749Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_System_Statistics" + }, + "config_version": { + "id": 823 + }, + "log_details": "ConfigVersionId=823, SysStatsAcsProcessHealth= Database Listener=running, PID: 10823; Database Server=running, number of processes: 77; Application Server=running, PID: 2290499; Profiler Database=running, PID: 2286839; ISE Indexing Engine=running, PID: 2301459; AD Connector=running, PID: 27766; M\u0026T Session Database=running, PID: 2288787; M\u0026T Log Processor=running, PID: 2311300; Certificate Authority Service=running, PID: 2312538; EST Service=running, PID: 2326338; SXP Engine Service=running, PID: 1753095; PassiveID WMI Service=running, PID: 2989686; PassiveID Syslog Service=running, PID: 2990191; PassiveID API Service=running, PID: 2990809; PassiveID Agent Service=running, PID: 2991433; PassiveID Endpoint Service=running, PID: 2991940; PassiveID SPAN Service=running, PID: 2992442; DHCP Server (dhcpd)=disabled; DNS Server (named)=disabled; ISE Messaging Service=running, PID: 2322856; ISE API Gateway Database Service=running, PID: 2291381; ISE API Gateway Service=running, PID: 2299091; Segmentation Policy Service=disabled; REST Auth Service=disabled; SSE Connector=disabled; Hermes (pxGrid Cloud Agent)=disabled", + "message": { + "code": "70001", + "description": "System-Stats: ISE Process Health", + "id": "0000041100" + }, + "segment": { + "number": 0, + "total": 1 + }, + "sysstats": { + "acs": { + "process": { + "health": { + "AD Connector": "running, PID: 27766", + "Application Server": "running, PID: 2290499", + "Certificate Authority Service": "running, PID: 2312538", + "DHCP Server (dhcpd)": "disabled", + "DNS Server (named)": "disabled", + "Database Listener": "running, PID: 10823", + "Database Server": "running, number of processes: 77", + "EST Service": "running, PID: 2326338", + "Hermes (pxGrid Cloud Agent)": "disabled", + "ISE API Gateway Database Service": "running, PID: 2291381", + "ISE API Gateway Service": "running, PID: 2299091", + "ISE Indexing Engine": "running, PID: 2301459", + "ISE Messaging Service": "running, PID: 2322856", + "M\u0026T Log Processor": "running, PID: 2311300", + "M\u0026T Session Database": "running, PID: 2288787", + "PassiveID API Service": "running, PID: 2990809", + "PassiveID Agent Service": "running, PID: 2991433", + "PassiveID Endpoint Service": "running, PID: 2991940", + "PassiveID SPAN Service": "running, PID: 2992442", + "PassiveID Syslog Service": "running, PID: 2990191", + "PassiveID WMI Service": "running, PID: 2989686", + "Profiler Database": "running, PID: 2286839", + "REST Auth Service": "disabled", + "SSE Connector": "disabled", + "SXP Engine Service": "running, PID: 1753095", + "Segmentation Policy Service": "disabled" + } + } + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "category": [ + "process" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 10:11:58 81.2.69.143 CISE_System_Statistics 0000041100 1 0 2022-03-03 10:11:58.749 +00:00 0000041146 70001 NOTICE System-Stats: ISE Process Health, ConfigVersionId=823, SysStatsAcsProcessHealth= Database Listener=running, PID: 10823; Database Server=running, number of processes: 77; Application Server=running, PID: 2290499; Profiler Database=running, PID: 2286839; ISE Indexing Engine=running, PID: 2301459; AD Connector=running, PID: 27766; M\u0026T Session Database=running, PID: 2288787; M\u0026T Log Processor=running, PID: 2311300; Certificate Authority Service=running, PID: 2312538; EST Service=running, PID: 2326338; SXP Engine Service=running, PID: 1753095; PassiveID WMI Service=running, PID: 2989686; PassiveID Syslog Service=running, PID: 2990191; PassiveID API Service=running, PID: 2990809; PassiveID Agent Service=running, PID: 2991433; PassiveID Endpoint Service=running, PID: 2991940; PassiveID SPAN Service=running, PID: 2992442; DHCP Server (dhcpd)=disabled; DNS Server (named)=disabled; ISE Messaging Service=running, PID: 2322856; ISE API Gateway Database Service=running, PID: 2291381; ISE API Gateway Service=running, PID: 2299091; Segmentation Policy Service=disabled; REST Auth Service=disabled; SSE Connector=disabled; Hermes (pxGrid Cloud Agent)=disabled,", + "sequence": 41146, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "ip": "81.2.69.143" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 10:11:58.749 +00:00 0000041146 70001 NOTICE System-Stats: ISE Process Health, ConfigVersionId=823, SysStatsAcsProcessHealth= Database Listener=running, PID: 10823; Database Server=running, number of processes: 77; Application Server=running, PID: 2290499; Profiler Database=running, PID: 2286839; ISE Indexing Engine=running, PID: 2301459; AD Connector=running, PID: 27766; M\u0026T Session Database=running, PID: 2288787; M\u0026T Log Processor=running, PID: 2311300; Certificate Authority Service=running, PID: 2312538; EST Service=running, PID: 2326338; SXP Engine Service=running, PID: 1753095; PassiveID WMI Service=running, PID: 2989686; PassiveID Syslog Service=running, PID: 2990191; PassiveID API Service=running, PID: 2990809; PassiveID Agent Service=running, PID: 2991433; PassiveID Endpoint Service=running, PID: 2991940; PassiveID SPAN Service=running, PID: 2992442; DHCP Server (dhcpd)=disabled; DNS Server (named)=disabled; ISE Messaging Service=running, PID: 2322856; ISE API Gateway Database Service=running, PID: 2291381; ISE API Gateway Service=running, PID: 2299091; Segmentation Policy Service=disabled; REST Auth Service=disabled; SSE Connector=disabled; Hermes (pxGrid Cloud Agent)=disabled,", + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T10:08:59.797Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_System_Statistics" + }, + "config_version": { + "id": 1659 + }, + "log_details": "ConfigVersionId=1659, OperationCounters=Counter=16_MnTLogProcessorN:149,16_CAServiceN:41,16_CAServiceT:114946,16_MnTLogProcessorU:14,16_MnTLogProcessorT:720447,16_CAServiceU:2,17_vaEventsReceived:0,16_SyslogU:0,16_SyslogT:0,16_RMIT:0,16_RMIU:0,16_GuestN:0,17_threatEventsReceived:0,16_GuestU:0,16_GuestT:0,16_SyslogN:0,16_MisservicesU:0,4_HostName_Event_Fetch_FromAD:0,16_MisservicesT:0,16_MisservicesN:0,16_DBServerN:83,13_Protocol_Runtime_Context:-10,16_AdminWebappT:0,16_AdminWebappU:0,16_DBServerU:18,16_DBServerT:911373,16_JVMN:0,16_DBListenerU:0,16_AdminWebappN:0,16_DBListenerT:0,16_JVMT:0,16_BYODN:0,16_JVMU:0,16_BYODT:0,16_DBListenerN:0,16_BYODU:0,16_MessageQueueT:0,17_eventsReceived:0,16_MessageQueueU:0,4_Probe_Requests_Dropped:0,4_Probe_Requests_Received:0,4_ArpCache_InsertUpdate_Received:0,17_coaIssued:0,16_MessageQueueN:0,16_iowait:4,16_MnTSessionDBT:13624,16_MnTSessionDBU:0,16_TCNACMongoDBT:0,16_TCNACMongoDBU:0,16_MnTSessionDBN:18,16_TCNACMongoDBN:0,16_NSFN:0,16_ProfilerDatabaseN:4,16_ProfilerDatabaseT:83251,16_ProfilerDatabaseU:2,16_NSFU:0,16_NSFT:0,16_QuartzN:0,4_EndpointCache_InsertUpdate_Received:4,16_QuartzT:0,16_VADT:0,16_VADU:0,16_ProfilerN:0,16_ProfilerT:0,16_VADN:0,16_ProfilerU:0,16_VAServiceN:39,16_VAServiceU:10,16_RMIN:0,16_VAServiceT:531482,4_RadiusPacketsReceived:27,16_TCNACCoreU:0,16_TCNACCoreT:0,16_QuartzU:0,4_NMAP_ScanEvent_Query:0,16_TCNACCoreN:0", + "message": { + "code": "70011", + "description": "System-Stats: ISE Counters", + "id": "0000082925" + }, + "operation_counters": { + "counters": { + "13_Protocol_Runtime_Context": "-10", + "16_AdminWebappN": "0", + "16_AdminWebappT": "0", + "16_AdminWebappU": "0", + "16_BYODN": "0", + "16_BYODT": "0", + "16_BYODU": "0", + "16_CAServiceN": "41", + "16_CAServiceT": "114946", + "16_CAServiceU": "2", + "16_DBListenerN": "0", + "16_DBListenerT": "0", + "16_DBListenerU": "0", + "16_DBServerN": "83", + "16_DBServerT": "911373", + "16_DBServerU": "18", + "16_GuestN": "0", + "16_GuestT": "0", + "16_GuestU": "0", + "16_JVMN": "0", + "16_JVMT": "0", + "16_JVMU": "0", + "16_MessageQueueN": "0", + "16_MessageQueueT": "0", + "16_MessageQueueU": "0", + "16_MisservicesN": "0", + "16_MisservicesT": "0", + "16_MisservicesU": "0", + "16_MnTLogProcessorN": "149", + "16_MnTLogProcessorT": "720447", + "16_MnTLogProcessorU": "14", + "16_MnTSessionDBN": "18", + "16_MnTSessionDBT": "13624", + "16_MnTSessionDBU": "0", + "16_NSFN": "0", + "16_NSFT": "0", + "16_NSFU": "0", + "16_ProfilerDatabaseN": "4", + "16_ProfilerDatabaseT": "83251", + "16_ProfilerDatabaseU": "2", + "16_ProfilerN": "0", + "16_ProfilerT": "0", + "16_ProfilerU": "0", + "16_QuartzN": "0", + "16_QuartzT": "0", + "16_QuartzU": "0", + "16_RMIN": "0", + "16_RMIT": "0", + "16_RMIU": "0", + "16_SyslogN": "0", + "16_SyslogT": "0", + "16_SyslogU": "0", + "16_TCNACCoreN": "0", + "16_TCNACCoreT": "0", + "16_TCNACCoreU": "0", + "16_TCNACMongoDBN": "0", + "16_TCNACMongoDBT": "0", + "16_TCNACMongoDBU": "0", + "16_VADN": "0", + "16_VADT": "0", + "16_VADU": "0", + "16_VAServiceN": "39", + "16_VAServiceT": "531482", + "16_VAServiceU": "10", + "16_iowait": "4", + "17_coaIssued": "0", + "17_eventsReceived": "0", + "17_threatEventsReceived": "0", + "17_vaEventsReceived": "0", + "4_ArpCache_InsertUpdate_Received": "0", + "4_EndpointCache_InsertUpdate_Received": "4", + "4_HostName_Event_Fetch_FromAD": "0", + "4_NMAP_ScanEvent_Query": "0", + "4_Probe_Requests_Dropped": "0", + "4_Probe_Requests_Received": "0", + "4_RadiusPacketsReceived": "27" + } + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "category": [ + "host" + ], + "kind": "event", + "original": "\u003c181\u003eMar 3 10:08:59 isehost CISE_System_Statistics 0000082925 1 0 2022-03-03 10:08:59.797 +00:00 0000082992 70011 NOTICE System-Stats: ISE Counters, ConfigVersionId=1659, OperationCounters=Counter=16_MnTLogProcessorN:149,16_CAServiceN:41,16_CAServiceT:114946,16_MnTLogProcessorU:14,16_MnTLogProcessorT:720447,16_CAServiceU:2,17_vaEventsReceived:0,16_SyslogU:0,16_SyslogT:0,16_RMIT:0,16_RMIU:0,16_GuestN:0,17_threatEventsReceived:0,16_GuestU:0,16_GuestT:0,16_SyslogN:0,16_MisservicesU:0,4_HostName_Event_Fetch_FromAD:0,16_MisservicesT:0,16_MisservicesN:0,16_DBServerN:83,13_Protocol_Runtime_Context:-10,16_AdminWebappT:0,16_AdminWebappU:0,16_DBServerU:18,16_DBServerT:911373,16_JVMN:0,16_DBListenerU:0,16_AdminWebappN:0,16_DBListenerT:0,16_JVMT:0,16_BYODN:0,16_JVMU:0,16_BYODT:0,16_DBListenerN:0,16_BYODU:0,16_MessageQueueT:0,17_eventsReceived:0,16_MessageQueueU:0,4_Probe_Requests_Dropped:0,4_Probe_Requests_Received:0,4_ArpCache_InsertUpdate_Received:0,17_coaIssued:0,16_MessageQueueN:0,16_iowait:4,16_MnTSessionDBT:13624,16_MnTSessionDBU:0,16_TCNACMongoDBT:0,16_TCNACMongoDBU:0,16_MnTSessionDBN:18,16_TCNACMongoDBN:0,16_NSFN:0,16_ProfilerDatabaseN:4,16_ProfilerDatabaseT:83251,16_ProfilerDatabaseU:2,16_NSFU:0,16_NSFT:0,16_QuartzN:0,4_EndpointCache_InsertUpdate_Received:4,16_QuartzT:0,16_VADT:0,16_VADU:0,16_ProfilerN:0,16_ProfilerT:0,16_VADN:0,16_ProfilerU:0,16_VAServiceN:39,16_VAServiceU:10,16_RMIN:0,16_VAServiceT:531482,4_RadiusPacketsReceived:27,16_TCNACCoreU:0,16_TCNACCoreT:0,16_QuartzU:0,4_NMAP_ScanEvent_Query:0,16_TCNACCoreN:0,", + "sequence": 82992, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-03 10:08:59.797 +00:00 0000082992 70011 NOTICE System-Stats: ISE Counters, ConfigVersionId=1659, OperationCounters=Counter=16_MnTLogProcessorN:149,16_CAServiceN:41,16_CAServiceT:114946,16_MnTLogProcessorU:14,16_MnTLogProcessorT:720447,16_CAServiceU:2,17_vaEventsReceived:0,16_SyslogU:0,16_SyslogT:0,16_RMIT:0,16_RMIU:0,16_GuestN:0,17_threatEventsReceived:0,16_GuestU:0,16_GuestT:0,16_SyslogN:0,16_MisservicesU:0,4_HostName_Event_Fetch_FromAD:0,16_MisservicesT:0,16_MisservicesN:0,16_DBServerN:83,13_Protocol_Runtime_Context:-10,16_AdminWebappT:0,16_AdminWebappU:0,16_DBServerU:18,16_DBServerT:911373,16_JVMN:0,16_DBListenerU:0,16_AdminWebappN:0,16_DBListenerT:0,16_JVMT:0,16_BYODN:0,16_JVMU:0,16_BYODT:0,16_DBListenerN:0,16_BYODU:0,16_MessageQueueT:0,17_eventsReceived:0,16_MessageQueueU:0,4_Probe_Requests_Dropped:0,4_Probe_Requests_Received:0,4_ArpCache_InsertUpdate_Received:0,17_coaIssued:0,16_MessageQueueN:0,16_iowait:4,16_MnTSessionDBT:13624,16_MnTSessionDBU:0,16_TCNACMongoDBT:0,16_TCNACMongoDBU:0,16_MnTSessionDBN:18,16_TCNACMongoDBN:0,16_NSFN:0,16_ProfilerDatabaseN:4,16_ProfilerDatabaseT:83251,16_ProfilerDatabaseU:2,16_NSFU:0,16_NSFT:0,16_QuartzN:0,4_EndpointCache_InsertUpdate_Received:4,16_QuartzT:0,16_VADT:0,16_VADU:0,16_ProfilerN:0,16_ProfilerT:0,16_VADN:0,16_ProfilerU:0,16_VAServiceN:39,16_VAServiceU:10,16_RMIN:0,16_VAServiceT:531482,4_RadiusPacketsReceived:27,16_TCNACCoreU:0,16_TCNACCoreT:0,16_QuartzU:0,4_NMAP_ScanEvent_Query:0,16_TCNACCoreN:0,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-10T09:11:50.030Z", + "cisco_ise": { + "log": { + "average": { + "radius": { + "request": { + "latency": 0 + } + } + }, + "category": { + "name": "CISE_System_Statistics" + }, + "config_version": { + "id": 1596 + }, + "log_details": "ConfigVersionId=1596, SysStatsUtilizationCpu=6.59%, SysStatsUtilizationNetwork=vethdd5866ef: rcvd = 515119; sent = 343427 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=eth0: rcvd = 2098280; sent = 3063878 ;rcvd_dropped = 137; sent_dropped = 0, SysStatsUtilizationNetwork=veth0879da2f: rcvd = 99385; sent = 67337 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=cni-podman2: rcvd = 47440; sent = 50301 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=55.09%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=3% /tmp, SysStatsUtilizationDiskSpace=18% /opt, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=18% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0", + "message": { + "code": "70000", + "description": "System-Stats: ISE Utilization", + "id": "0000038759" + }, + "segment": { + "number": 0, + "total": 2 + }, + "sysstats": { + "utilization": { + "cpu": 6.59, + "disk": { + "io": 0.03, + "space": [ + "12% /", + "3% /tmp", + "18% /opt", + "17% /boot", + "2% /storedconfig", + "18% /opt/podman/containers/storage/overlay" + ] + }, + "memory": 55.09, + "network": [ + "vethdd5866ef: rcvd = 515119; sent = 343427 ;rcvd_dropped = 0; sent_dropped = 0", + "eth0: rcvd = 2098280; sent = 3063878 ;rcvd_dropped = 137; sent_dropped = 0", + "veth0879da2f: rcvd = 99385; sent = 67337 ;rcvd_dropped = 0; sent_dropped = 0", + "cni-podman2: rcvd = 47440; sent = 50301 ;rcvd_dropped = 0; sent_dropped = 0" + ] + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "category": [ + "host" + ], + "kind": "event", + "original": "\u003c181\u003eMar 10 09:11:50 isehost CISE_System_Statistics 0000038759 2 0 2022-03-10 09:11:50.030 +00:00 0000087130 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1596, SysStatsUtilizationCpu=6.59%, SysStatsUtilizationNetwork=vethdd5866ef: rcvd = 515119; sent = 343427 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=eth0: rcvd = 2098280; sent = 3063878 ;rcvd_dropped = 137; sent_dropped = 0, SysStatsUtilizationNetwork=veth0879da2f: rcvd = 99385; sent = 67337 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=cni-podman2: rcvd = 47440; sent = 50301 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=55.09%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=3% /tmp, SysStatsUtilizationDiskSpace=18% /opt, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=18% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0,", + "sequence": 87130, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 181, + "severity": { + "name": "notice" + } + } + }, + "message": "2022-03-10 09:11:50.030 +00:00 0000087130 70000 NOTICE System-Stats: ISE Utilization, ConfigVersionId=1596, SysStatsUtilizationCpu=6.59%, SysStatsUtilizationNetwork=vethdd5866ef: rcvd = 515119; sent = 343427 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=eth0: rcvd = 2098280; sent = 3063878 ;rcvd_dropped = 137; sent_dropped = 0, SysStatsUtilizationNetwork=veth0879da2f: rcvd = 99385; sent = 67337 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationNetwork=cni-podman2: rcvd = 47440; sent = 50301 ;rcvd_dropped = 0; sent_dropped = 0, SysStatsUtilizationMemory=55.09%, SysStatsUtilizationDiskIO=0.03%, SysStatsUtilizationDiskSpace=12% /, SysStatsUtilizationDiskSpace=3% /tmp, SysStatsUtilizationDiskSpace=18% /opt, SysStatsUtilizationDiskSpace=17% /boot, SysStatsUtilizationDiskSpace=2% /storedconfig, SysStatsUtilizationDiskSpace=18% /opt/podman/containers/storage/overlay, AverageRadiusRequestLatency=0,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-10T09:11:50.000Z", + "cisco_ise": { + "log": { + "active_session": { + "count": 0 + }, + "average": { + "tacacs": { + "request": { + "latency": 0 + } + } + }, + "category": { + "name": "CISE_System_Statistics" + }, + "delta": { + "radius": { + "request": { + "count": 0 + } + }, + "tacacs": { + "request": { + "count": 0 + } + } + }, + "log_details": "AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.72, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11314, ActiveSessionCount=0", + "message": { + "id": "0000038759" + }, + "segment": { + "number": 1, + "total": 2 + }, + "sysstats": { + "cpu": { + "count": 4 + }, + "process_memory_mb": 11314, + "utilization": { + "load_avg": 0.72 + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "kind": "event", + "original": "\u003c181\u003eMar 10 09:11:50 isehost CISE_System_Statistics 0000038759 2 1 AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.72, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11314, ActiveSessionCount=0,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "AverageTacacsRequestLatency=0, DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.72, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11314, ActiveSessionCount=0,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-16T02:34:02.000Z", + "cisco_ise": { + "log": { + "active_session": { + "count": 0 + }, + "category": { + "name": "CISE_System_Statistics" + }, + "delta": { + "radius": { + "request": { + "count": 0 + } + }, + "tacacs": { + "request": { + "count": 0 + } + } + }, + "log_details": "DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.62, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11079, ActiveSessionCount=0", + "message": { + "id": "0000001282" + }, + "segment": { + "number": 1, + "total": 2 + }, + "sysstats": { + "cpu": { + "count": 4 + }, + "process_memory_mb": 11079, + "utilization": { + "load_avg": 0.62 + } + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": [ + "system-stats" + ], + "kind": "event", + "original": "\u003c181\u003eMar 16 02:34:02 isehost CISE_System_Statistics 0000001282 2 1 DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.62, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11079, ActiveSessionCount=0,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 181 + } + }, + "message": "DeltaRadiusRequestCount=0, DeltaTacacsRequestCount=0, SysStatsUtilizationLoadAvg=0.62, SysStatsCpuCount=4, SysStatsProcessMemoryMB=11079, ActiveSessionCount=0,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log new file mode 100644 index 00000000000..7fc9c49a99f --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log @@ -0,0 +1,4 @@ +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=2962, AVPair=timezone=GMT, AVPair=start_time=1585185432, AVPair=priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; } +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415636 3301 NOTICE Tacacs-Accounting: TACACS+ Accounting START, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AcctRequest-Flags=Start, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954422, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22083, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting647817909, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; } +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415932 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AVPair=disc-cause=1, AVPair=disc-cause-ext=9, AVPair=pre-session-time=0, AVPair=elapsed_time=127, AVPair=stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting2791676098, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;} +<182>Feb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 1 ConfigVersionId=1856, Device IP Address=81.2.69.144, RequestLatency=6, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AVPair=disc-cause=1, AVPair=disc-cause-ext=9, AVPair=pre-session-time=0, AVPair=elapsed_time=127, AVPair=stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;} diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json new file mode 100644 index 00000000000..9e524208296 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -0,0 +1,621 @@ +{ + "expected": [ + { + "@timestamp": "2020-02-21T19:13:08.328Z", + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Stop" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/952729" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "priv_lvl": 15, + "start_time": "2020-03-26T01:17:12.000Z", + "task_id": 2962, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "cmdset": "[ CmdAV=show mac-address-table \u003ccr\u003e ]", + "config_version": { + "id": 1829 + }, + "cpm": { + "session": { + "id": "81.2.69.144Accounting306034364" + } + }, + "device": { + "type": [ + "Device Type#All Device Types#Routers", + "Device Type#All Device Types#Routers" + ] + }, + "ipsec": [ + "IPSEC#Is IPSEC Device", + "IPSEC#Is IPSEC Device" + ], + "location": [ + "Location#All Locations#EMEA", + "Location#All Locations#EMEA" + ], + "message": { + "code": "3300", + "description": "Tacacs-Accounting: TACACS+ Accounting with Command", + "id": "0000000001" + }, + "model": { + "name": "Unknown" + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Routers", + "IPSEC#Is IPSEC Device" + ], + "name": "wlnwan1", + "profile": [ + "Cisco", + "Cisco" + ] + } + }, + "port": "tty10", + "privilege": { + "level": 15 + }, + "request": { + "latency": 1 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 0, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": "Unknown" + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "tacacs-accounting", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eFeb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table \u003ccr\u003e ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=2962, AVPair=timezone=GMT, AVPair=start_time=1585185432, AVPair=priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "sequence": 18415781, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table \u003ccr\u003e ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=2962, AVPair.timezone=GMT, AVPair.start_time=1585185432, AVPair.priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxvne" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "psxvne" + } + }, + { + "@timestamp": "2020-02-21T19:13:08.328Z", + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Start" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/954422" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "start_time": "2020-03-26T11:30:45.000Z", + "task_id": 35585, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "config_version": { + "id": 1829 + }, + "cpm": { + "session": { + "id": "81.2.69.144Accounting647817909" + } + }, + "device": { + "type": [ + "Device Type#All Device Types#Switches", + "Device Type#All Device Types#Switches" + ] + }, + "ipsec": [ + "IPSEC#Is IPSEC Device", + "IPSEC#Is IPSEC Device" + ], + "location": "Location#All Locations#EMEA", + "message": { + "code": "3301", + "description": "Tacacs-Accounting: TACACS+ Accounting START", + "id": "0000000001" + }, + "model": { + "name": "Unknown" + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Switches", + "IPSEC#Is IPSEC Device" + ], + "name": "LDNBuildSW1", + "profile": "Cisco" + } + }, + "port": "tty2", + "privilege": { + "level": 15 + }, + "request": { + "latency": 1 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 0, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": "Unknown" + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "22083", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "tacacs-accounting", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eFeb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415636 3301 NOTICE Tacacs-Accounting: TACACS+ Accounting START, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AcctRequest-Flags=Start, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954422, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22083, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting647817909, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "sequence": 18415636, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-02-21 19:13:08.328 +00:00 0018415636 3301 NOTICE Tacacs-Accounting: TACACS+ Accounting START, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=35585, AVPair.timezone=GMT, AVPair.start_time=1585222245, AcctRequest-Flags=Start, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954422, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22083, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting647817909, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxlms" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "psxlms" + } + }, + { + "@timestamp": "2020-02-21T19:13:08.328Z", + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Stop" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/954446" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "disc": { + "cause": 1, + "cause_ext": 9 + }, + "elapsed_time": 127, + "pre_session_time": 0, + "start_time": "2020-03-26T11:30:45.000Z", + "stop_time": "2020-03-26T11:32:52.000Z", + "task_id": 35585, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "config_version": { + "id": 1829 + }, + "cpm": { + "session": { + "id": "81.2.69.144Accounting2791676098" + } + }, + "device": { + "type": [ + "Device Type#All Device Types#Switches", + "Device Type#All Device Types#Switches" + ] + }, + "ipsec": [ + "IPSEC#Is IPSEC Device", + "IPSEC#Is IPSEC Device" + ], + "location": [ + "Location#All Locations#EMEA", + "Location#All Locations#EMEA" + ], + "message": { + "code": "3302", + "description": "Tacacs-Accounting: TACACS+ Accounting STOP", + "id": "0000000001" + }, + "model": { + "name": [ + "Unknown", + "Unknown" + ] + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Switches", + "IPSEC#Is IPSEC Device" + ], + "name": "LDNBuildSW1", + "profile": [ + "Cisco", + "Cisco" + ] + } + }, + "port": "tty2", + "privilege": { + "level": 1 + }, + "request": { + "latency": 1 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 0, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": [ + "Unknown", + "Unknown" + ] + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "22084", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "tacacs-accounting", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eFeb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 0 2020-02-21 19:13:08.328 +00:00 0018415932 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AVPair=disc-cause=1, AVPair=disc-cause-ext=9, AVPair=pre-session-time=0, AVPair=elapsed_time=127, AVPair=stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting2791676098, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;}", + "sequence": 18415932, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "notice", + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-02-21 19:13:08.328 +00:00 0018415932 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ConfigVersionId=1829, Device IP Address=81.2.69.144, RequestLatency=1, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=35585, AVPair.timezone=GMT, AVPair.start_time=1585222245, AVPair.disc-cause=1, AVPair.disc-cause-ext=9, AVPair.pre-session-time=0, AVPair.elapsed_time=127, AVPair.stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting2791676098, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;}", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxlms" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "psxlms" + } + }, + { + "@timestamp": "2022-02-21T19:13:08.000Z", + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Stop" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/954446" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "disc": { + "cause": 1, + "cause_ext": 9 + }, + "elapsed_time": 127, + "pre_session_time": 0, + "start_time": "2020-03-26T11:30:45.000Z", + "stop_time": "2020-03-26T11:32:52.000Z", + "task_id": 35585, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "config_version": { + "id": 1856 + }, + "device": { + "type": "Device Type#All Device Types#Switches" + }, + "ipsec": "IPSEC#Is IPSEC Device", + "location": "Location#All Locations#EMEA", + "message": { + "id": "0000000001" + }, + "model": { + "name": "Unknown" + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Switches", + "IPSEC#Is IPSEC Device" + ], + "name": "LDNBuildSW1", + "profile": "Cisco" + } + }, + "port": "tty2", + "privilege": { + "level": 1 + }, + "request": { + "latency": 6 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 1, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": "Unknown" + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "22084", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eFeb 21 19:13:08 cisco-ise-host CISE_TACACS_Accounting 0000000001 4 1 ConfigVersionId=1856, Device IP Address=81.2.69.144, RequestLatency=6, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=35585, AVPair=timezone=GMT, AVPair=start_time=1585222245, AVPair=disc-cause=1, AVPair=disc-cause-ext=9, AVPair=pre-session-time=0, AVPair=elapsed_time=127, AVPair=stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;}", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "syslog": { + "priority": 182 + } + }, + "message": "ConfigVersionId=1856, Device IP Address=81.2.69.144, RequestLatency=6, NetworkDeviceName=LDNBuildSW1, Type=Accounting, Privilege-Level=1, Service=Login, User=psxlms, Port=tty2, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=35585, AVPair.timezone=GMT, AVPair.start_time=1585222245, AVPair.disc-cause=1, AVPair.disc-cause-ext=9, AVPair.pre-session-time=0, AVPair.elapsed_time=127, AVPair.stop_time=1585222372, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/954446, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=22084, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Switches, NetworkDeviceGroups=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Switches, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success;}", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxlms" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "name": "psxlms" + } + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log new file mode 100644 index 00000000000..b39726f7a14 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log @@ -0,0 +1,4 @@ +<182>Mar 16 06:41:58 cisco-ise-host CISE_Threat_Centric_NAC 0000001923 1 0 2021-03-16 06:41:58.957 +00:00 0000001966 91004 INFO IRF: Started adapter instance, ConfigVersionId=86, Details=Adapter Karnataka status/connectivity changed, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, +<179>Mar 16 06:42:55 cisco-ise-host CISE_Threat_Centric_NAC 0000001938 1 0 2021-03-16 06:42:55.540 +00:00 0000001981 91018 ERROR IRF: Adapter connection failed, ConfigVersionId=86, Details=Adapter cannot connect to the server. Ensure that the server is reachable, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, Connectivity=Disconnected, +<180>Mar 3 00:02:46 isehost CISE_Threat_Centric_NAC 0000038251 1 0 2022-03-03 00:02:46.341 +00:00 0000038297 91110 WARN RADIUS: One or more Active Directory diagnostic tests failed during a scheduled run., ConfigVersionId=749, +<180>Mar 3 00:02:46 isehost CISE_Threat_Centric_NAC 0000038251 2 1 ConfigVersionId=749, diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json new file mode 100644 index 00000000000..6fac46667c1 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -0,0 +1,241 @@ +{ + "expected": [ + { + "@timestamp": "2021-03-16T06:41:58.957Z", + "cisco_ise": { + "log": { + "adapter_instance": { + "name": "Karnataka", + "uuid": "1cb1a7e3-324a-4258-ab0e-5ce429589987" + }, + "category": { + "name": "CISE_Threat_Centric_NAC" + }, + "config_version": { + "id": 86 + }, + "details": "Adapter Karnataka status/connectivity changed", + "message": { + "code": "91004", + "description": "IRF: Started adapter instance", + "id": "0000001923" + }, + "segment": { + "number": 0, + "total": 1 + }, + "status": "Active" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "irf", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c182\u003eMar 16 06:41:58 cisco-ise-host CISE_Threat_Centric_NAC 0000001923 1 0 2021-03-16 06:41:58.957 +00:00 0000001966 91004 INFO IRF: Started adapter instance, ConfigVersionId=86, Details=Adapter Karnataka status/connectivity changed, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active,", + "sequence": 1966, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "info", + "syslog": { + "priority": 182, + "severity": { + "name": "info" + } + } + }, + "message": "2021-03-16 06:41:58.957 +00:00 0000001966 91004 INFO IRF: Started adapter instance, ConfigVersionId=86, Details=Adapter Karnataka status/connectivity changed, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-03-16T06:42:55.540Z", + "cisco_ise": { + "log": { + "adapter_instance": { + "name": "Karnataka", + "uuid": "1cb1a7e3-324a-4258-ab0e-5ce429589987" + }, + "category": { + "name": "CISE_Threat_Centric_NAC" + }, + "config_version": { + "id": 86 + }, + "connectivity": "Disconnected", + "details": "Adapter cannot connect to the server. Ensure that the server is reachable", + "message": { + "code": "91018", + "description": "IRF: Adapter connection failed", + "id": "0000001938" + }, + "segment": { + "number": 0, + "total": 1 + }, + "status": "Active" + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "irf", + "category": [ + "configuration" + ], + "kind": "event", + "original": "\u003c179\u003eMar 16 06:42:55 cisco-ise-host CISE_Threat_Centric_NAC 0000001938 1 0 2021-03-16 06:42:55.540 +00:00 0000001981 91018 ERROR IRF: Adapter connection failed, ConfigVersionId=86, Details=Adapter cannot connect to the server. Ensure that the server is reachable, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, Connectivity=Disconnected,", + "sequence": 1981, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "log": { + "level": "error", + "syslog": { + "priority": 179, + "severity": { + "name": "error" + } + } + }, + "message": "2021-03-16 06:42:55.540 +00:00 0000001981 91018 ERROR IRF: Adapter connection failed, ConfigVersionId=86, Details=Adapter cannot connect to the server. Ensure that the server is reachable, AdapterInstanceName=Karnataka, AdapterInstanceUuid=1cb1a7e3-324a-4258-ab0e-5ce429589987, Status=Active, Connectivity=Disconnected,", + "related": { + "hosts": [ + "cisco-ise-host" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T00:02:46.341Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Threat_Centric_NAC" + }, + "config_version": { + "id": 749 + }, + "message": { + "code": "91110", + "description": "RADIUS: One or more Active Directory diagnostic tests failed during a scheduled run.", + "id": "0000038251" + }, + "segment": { + "number": 0, + "total": 1 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "radius", + "category": [ + "authentication" + ], + "kind": "event", + "original": "\u003c180\u003eMar 3 00:02:46 isehost CISE_Threat_Centric_NAC 0000038251 1 0 2022-03-03 00:02:46.341 +00:00 0000038297 91110 WARN RADIUS: One or more Active Directory diagnostic tests failed during a scheduled run., ConfigVersionId=749,", + "sequence": 38297, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "level": "warn", + "syslog": { + "priority": 180, + "severity": { + "name": "warn" + } + } + }, + "message": "2022-03-03 00:02:46.341 +00:00 0000038297 91110 WARN RADIUS: One or more Active Directory diagnostic tests failed during a scheduled run., ConfigVersionId=749,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-03-03T00:02:46.000Z", + "cisco_ise": { + "log": { + "category": { + "name": "CISE_Threat_Centric_NAC" + }, + "config_version": { + "id": 749 + }, + "message": { + "id": "0000038251" + }, + "segment": { + "number": 1, + "total": 2 + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "kind": "event", + "original": "\u003c180\u003eMar 3 00:02:46 isehost CISE_Threat_Centric_NAC 0000038251 2 1 ConfigVersionId=749,", + "type": [ + "info" + ] + }, + "host": { + "hostname": "isehost" + }, + "log": { + "syslog": { + "priority": 180 + } + }, + "message": "ConfigVersionId=749,", + "related": { + "hosts": [ + "isehost" + ] + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/cisco_ise/data_stream/log/_dev/test/system/test-tcp-config.yml b/packages/cisco_ise/data_stream/log/_dev/test/system/test-tcp-config.yml new file mode 100644 index 00000000000..9e4b8df5c6a --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/system/test-tcp-config.yml @@ -0,0 +1,8 @@ +service: cisco_ise-log-tcp +service_notify_signal: SIGHUP +input: tcp +vars: + listen_address: 0.0.0.0 +data_stream: + vars: + listen_port: 9025 diff --git a/packages/cisco_ise/data_stream/log/_dev/test/system/test-udp-config.yml b/packages/cisco_ise/data_stream/log/_dev/test/system/test-udp-config.yml new file mode 100644 index 00000000000..90d93efebd4 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/_dev/test/system/test-udp-config.yml @@ -0,0 +1,8 @@ +service: cisco_ise-log-udp +service_notify_signal: SIGHUP +input: udp +vars: + listen_address: 0.0.0.0 +data_stream: + vars: + listen_port: 9026 diff --git a/packages/cisco_ise/data_stream/log/agent/stream/tcp.yml.hbs b/packages/cisco_ise/data_stream/log/agent/stream/tcp.yml.hbs new file mode 100644 index 00000000000..bc587e50a3a --- /dev/null +++ b/packages/cisco_ise/data_stream/log/agent/stream/tcp.yml.hbs @@ -0,0 +1,18 @@ +host: "{{listen_address}}:{{listen_port}}" +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if ssl}} +ssl: {{ssl}} +{{/if}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/packages/cisco_ise/data_stream/log/agent/stream/udp.yml.hbs b/packages/cisco_ise/data_stream/log/agent/stream/udp.yml.hbs new file mode 100644 index 00000000000..deaa10ff900 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/agent/stream/udp.yml.hbs @@ -0,0 +1,15 @@ +host: "{{listen_address}}:{{listen_port}}" +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..f4011d31a01 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,139 @@ +--- +description: Pipeline for Cisco ISE logs +processors: + - set: + field: ecs.version + value: '8.0.0' + - rename: + field: message + target_field: event.original + ignore_missing: true + - grok: + field: event.original + patterns: + - "^<%{NUMBER:log.syslog.priority:long}>%{SYSLOGTIMESTAMP:_tmp.timestamp} %{ISO8601_TIMEZONE:_tmp.timezone} %{DATA:host.hostname} %{DATA:cisco_ise.log.category.name} %{DATA:cisco_ise.log.message.id} %{DATA:cisco_ise.log.segment.total:long} %{DATA:cisco_ise.log.segment.number:long} %{GREEDYDATA:message}$" + - "^<%{NUMBER:log.syslog.priority:long}>%{SYSLOGTIMESTAMP:_tmp.timestamp} %{DATA:host.hostname} %{DATA:cisco_ise.log.category.name} %{DATA:cisco_ise.log.message.id} %{DATA:cisco_ise.log.segment.total:long} %{DATA:cisco_ise.log.segment.number:long} %{GREEDYDATA:message}$" + - trim: + field: message + ignore_failure: true + - convert: + field: host.hostname + target_field: host.ip + type: ip + ignore_failure: true + - remove: + field: host.hostname + if: ctx?.host?.ip != null + - append: + field: related.ip + value: '{{{host.ip}}}' + if: ctx?.host?.ip != null + ignore_failure: true + - append: + field: related.hosts + value: '{{{host.hostname}}}' + if: ctx?.host?.hostname != null + ignore_failure: true + - rename: + field: _tmp.timezone + target_field: event.timezone + ignore_missing: true + - date: + field: _tmp.timestamp + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + ignore_failure: true + - date: + if: ctx?.event?.timezone != null + field: _tmp.timestamp + timezone: '{{{event.timezone}}}' + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + - pipeline: + name: '{{ IngestPipeline "pipeline_policy_diagnostics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Policy_Diagnostics" + - pipeline: + name: '{{ IngestPipeline "pipeline_guest" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Guest" + - pipeline: + name: '{{ IngestPipeline "pipeline_mydevices" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_MyDevices" + - pipeline: + name: '{{ IngestPipeline "pipeline_internal_operations_diagnostics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Internal_Operations_Diagnostics" + - pipeline: + name: '{{ IngestPipeline "pipeline_threat_centric_nac" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Threat_Centric_NAC" + - pipeline: + name: '{{ IngestPipeline "pipeline_posture_and_client_provisioning_audit" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Posture_and_Client_Provisioning_Audit" + - pipeline: + name: '{{ IngestPipeline "pipeline_radius_accounting" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_RADIUS_Accounting" + - pipeline: + name: '{{ IngestPipeline "pipeline_failed_attempts" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Failed_Attempts" + - pipeline: + name: '{{ IngestPipeline "pipeline_passed_authentications" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Passed_Authentications" + - pipeline: + name: '{{ IngestPipeline "pipeline_radius_diagnostics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_RADIUS_Diagnostics" + - pipeline: + name: '{{ IngestPipeline "pipeline_ad_connector" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_AD_Connector" + - pipeline: + name: '{{ IngestPipeline "pipeline_authentication_flow_diagnostics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Authentication_Flow_Diagnostics" + - pipeline: + name: '{{ IngestPipeline "pipeline_administrative_and_operational_audit" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Administrative_and_Operational_Audit" + - pipeline: + name: '{{ IngestPipeline "pipeline_system_statistics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_System_Statistics" + - pipeline: + name: '{{ IngestPipeline "pipeline_tacacs_accounting" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_TACACS_Accounting" + - pipeline: + name: '{{ IngestPipeline "pipeline_identity_stores_diagnostics" }}' + if: ctx?.cisco_ise?.log?.category?.name == "CISE_Identity_Stores_Diagnostics" + - lowercase: + field: log.syslog.severity.name + ignore_failure: true + - set: + field: log.level + copy_from: log.syslog.severity.name + ignore_empty_value: true + - remove: + field: + - _tmp + ignore_missing: true + - remove: + field: event.original + if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))" + ignore_failure: true + ignore_missing: true + - script: + lang: painless + source: + boolean dropEmptyFields(Object object) { + if (object == null || object == "") { + return true; + } else if (object instanceof Map) { + ((Map) object).values().removeIf(value -> dropEmptyFields(value)); + return (((Map) object).size() == 0); + } else if (object instanceof List) { + ((List) object).removeIf(value -> dropEmptyFields(value)); + return (((List) object).length == 0); + } + return false; + } + dropEmptyFields(ctx); +on_failure: +- set: + field: error.message + value: '{{{_ingest.on_failure_message}}}' diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml new file mode 100644 index 00000000000..ed7649cf502 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml @@ -0,0 +1,139 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - trim: + field: cisco_ise.log.log_details + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["25012","25013","25015","25016","25017","25018","25033"], "name": "authentication"], + ["messageCodeArray": ["25037","25041","25046","25058"], "name": "configuration"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["25012","25013","25015","25016","25017","25018","25033","25037","25041","25046","25058"], "name": "info"], + ["messageCodeArray": ["25012","25018","51020","51021"], "name": "end"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.category = eventCategory; + ctx.event.type = eventType; + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - gsub: + field: cisco_ise.log.log_details + pattern: \\, + replacement: "" + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: AD-Admin + target_field: cisco_ise.log.ad.admin + ignore_missing: true + - rename: + field: AD-Domain + target_field: cisco_ise.log.ad.domain.name + ignore_missing: true + - rename: + field: AD-Domain-Controller + target_field: cisco_ise.log.ad.domain.controller + ignore_missing: true + - rename: + field: AD-Error-Details + target_field: cisco_ise.log.ad.error.details + ignore_missing: true + - rename: + field: AD-Forest + target_field: cisco_ise.log.ad.forest + ignore_missing: true + - rename: + field: AD-Hostname + target_field: cisco_ise.log.ad.hostname + ignore_missing: true + - append: + field: related.hosts + value: '{{{cisco_ise.log.ad.hostname}}}' + if: ctx?.cisco_ise?.log?.ad?.hostname != null + allow_duplicates: false + ignore_failure: true + - convert: + field: AD-IP-Address + target_field: cisco_ise.log.ad.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{cisco_ise.log.ad.ip}}}' + if: ctx?.cisco_ise?.log?.ad?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: AD-Log-Id + target_field: cisco_ise.log.ad.log_id + ignore_missing: true + - rename: + field: AD-Organization-Unit + target_field: cisco_ise.log.ad.organization_unit + ignore_missing: true + - rename: + field: AD-Site + target_field: cisco_ise.log.ad.site + ignore_missing: true + - rename: + field: AD-Log + target_field: cisco_ise.log.ad.log + ignore_failure: true + - rename: + field: AD-Srv-Query + target_field: cisco_ise.log.ad.srv.query + ignore_failure: true + - rename: + field: AD-Srv-Record + target_field: cisco_ise.log.ad.srv.record + ignore_failure: true + - remove: + field: + - AD-IP-Address + - ConfigVersionId + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml new file mode 100644 index 00000000000..8c8e8086149 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml @@ -0,0 +1,340 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: cisco_ise.log.log_details + if: ctx?.cisco_ise?.log?.message?.code == "60067" + ignore_failure: true + patterns: + - "ConfigVersionId=%{DATA:ConfigVersionId}, OperationMessageText={%{DATA:OperationMessageText}}" + - grok: + field: cisco_ise.log.log_details + if: '["61025", "61026"].contains(ctx?.cisco_ise?.log?.message?.code)' + patterns: + - "ConfigVersionId=%{DATA:ConfigVersionId}, AdminInterface=%{DATA:AdminInterface}, AdminIPAddress=%{DATA:AdminIPAddress}, , OperationMessageText=%{DATA:OperationMessageText}, AcsInstance=%{GREEDYDATA:AcsInstance}" + on_failure: + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + - grok: + field: cisco_ise.log.log_details + if: ctx?.cisco_ise?.log?.message?.code == "52001" + ignore_failure: true + patterns: + - "ConfigVersionId=%{DATA:ConfigVersionId}, FailureFlag=%{DATA:FailureFlag}, RequestResponseType=%{DATA:RequestResponseType}, AdminInterface=%{DATA:AdminInterface}, AdminIPAddress=%{DATA:AdminIPAddress}, AdminName=%{DATA:AdminName}, %{GREEDYDATA:log_detail}" + - grok: + field: log_detail + if: ctx?.cisco_ise?.log?.message?.code == "52001" + ignore_failure: true + patterns: + - "ConfigChangeData=%{DATA:ConfigChangeData}, ObjectType=%{DATA:ObjectType}, ObjectName=%{DATA:ObjectName}, Component=%{DATA:Component}, ObjectInternalID=%{GREEDYDATA:ObjectInternalID}" + - "ConfigChangeData=%{DATA:ConfigChangeData}, ObjectType=%{DATA:ObjectType}, ObjectName=%{DATA:ObjectName}, OperationMessageText=%{GREEDYDATA:OperationMessageText}" + - "ObjectType=%{DATA:ObjectType}, ObjectName=%{DATA:ObjectName}, Component=%{DATA:Component}, ObjectInternalID=%{GREEDYDATA:ObjectInternalID}" + - "ConfigChangeData=%{DATA:ConfigChangeData}, ObjectType=%{DATA:ObjectType}, ObjectName=%{GREEDYDATA:ObjectName}" + - grok: + field: ConfigChangeData + if: ctx?.cisco_ise?.log?.message?.code == "52001" + ignore_failure: true + patterns: + - "^%{DATA:_tmp.temp}, Log Severity Level = %{DATA:LogSeverityLevel}\\\\,Local Logging = %{DATA:LocalLogging}\\\\,Assigned Targets = {%{DATA:AssignedTargets}}" + - grok: + field: cisco_ise.log.log_details + if: ctx?.cisco_ise?.log?.message?.code == "52002" + ignore_failure: true + patterns: + - "ConfigVersionId=%{DATA:ConfigVersionId}, AdminInterface=%{DATA:AdminInterface}, AdminIPAddress=%{DATA:AdminIPAddress}, %{GREEDYDATA:log_detail}" + - grok: + field: log_detail + if: ctx?.cisco_ise?.log?.message?.code == "52002" + ignore_failure: true + patterns: + - "AdminSession=%{DATA:AdminSession}, AdminName=%{DATA:AdminName}, ConfigChangeData=%{GREEDYDATA:ConfigChangeData}" + - "AdminName=%{DATA:AdminName}, ConfigChangeData=%{GREEDYDATA:ConfigChangeData}" + - "AdminName=%{DATA:AdminName}, %{GREEDYDATA:log_description}" + on_failure: + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + - kv: + field: log_description + field_split: ', ' + value_split: = + ignore_failure: true + - grok: + field: ConfigChangeData + if: ctx?.cisco_ise?.log?.message?.code == "52002" + ignore_failure: true + patterns: + - "^%{DATA:_tmp.temp}, %{GREEDYDATA:_tmp.ConfigChangeData}" + - kv: + field: _tmp.ConfigChangeData + if: ctx?.cisco_ise?.log?.message?.code == "52002" + field_split: ', ' + value_split: = + ignore_failure: true + - kv: + if: '!["60067", "61025", "61026", "52001", "52002"].contains(ctx.cisco_ise.log.message.code)' + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - kv: + if: ctx?.cisco_ise?.log?.message?.code == "60067" + field: OperationMessageText + field_split: ', ' + value_split: = + ignore_failure: true + - split: + field: AssignedTargets + target_field: cisco_ise.log.assigned_targets + separator: ',' + if: ctx?.cisco_ise?.log?.message?.code == "52001" + ignore_failure: true + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["51001","51002","51020","51021","52000","52001","52002","60077","60078","60461","61077","60077","58005","60094","60093","60134","60188","60116","60080","60115","60081"], "name": "iam"], + ["messageCodeArray": ["51001","51002","51020","51021","60077","60078","61077", "60077","60188","60116","60080","60115","60081"], "name": "authentication"], + ["messageCodeArray": ["61025","61026","60134"], "name": "network"], + ["messageCodeArray": ["60067","60070","60456","58005"], "name": "process"], + ["messageCodeArray": ["52000","52001","52002"], "name": "configuration"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["51001","51002","51020","51021"], "name": "admin"], + ["messageCodeArray": ["52001"], "name": "change"], + ["messageCodeArray": ["61025", "61026"], "name": "connection"], + ["messageCodeArray": ["52000"], "name": "creation"], + ["messageCodeArray": ["52002"], "name": "deletion"], + ["messageCodeArray": ["61026"], "name": "end"], + ["messageCodeArray": ["60116","60080","60115","60081"], "name": "user"], + ["messageCodeArray": ["51001","51002","51020","51021","52000","52001","52002","60067","60070","60077","60078","60456","60461","61025","61026","61077","60077","58005","60094","60093","60134","60188","60116","60080","60115","60081"], "name": "info"], + ["messageCodeArray": ["60067","60456","61025"], "name": "start"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + ctx.event.type = eventType; + - rename: + field: AcsInstance + target_field: cisco_ise.log.acs.instance + ignore_missing: true + - rename: + field: AdminInterface + target_field: cisco_ise.log.admin.interface + ignore_missing: true + - rename: + field: AdminIPAddress + target_field: client.ip + ignore_missing: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: AdminName + target_field: client.user.name + ignore_missing: true + - append: + field: related.user + value: '{{{client.user.name}}}' + if: ctx?.client?.user?.name != null + allow_duplicates: false + ignore_failure: true + - rename: + field: AdminSession + target_field: cisco_ise.log.admin.session + ignore_missing: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.authentication.identity_store + ignore_missing: true + - rename: + field: ConfigChangeData + target_field: cisco_ise.log.config_change.data + ignore_missing: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: Component + target_field: cisco_ise.log.component + ignore_missing: true + - convert: + field: DestinationPort + target_field: destination.port + type: long + ignore_missing: true + - rename: + field: FailureReason + target_field: cisco_ise.log.failure.reason + ignore_missing: true + - convert: + field: FailureFlag + target_field: cisco_ise.log.failure.flag + type: boolean + ignore_failure: true + - rename: + field: LocalLogging + target_field: cisco_ise.log.local_logging + ignore_missing: true + - rename: + field: LogSeverityLevel + target_field: log.syslog.severity.name + if: ctx?.log?.syslog?.severity?.name == null + ignore_missing: true + - rename: + field: LogErrorMessage + target_field: cisco_ise.log.log_error.message + ignore_missing: true + - rename: + field: LoggerName + target_field: log.logger + ignore_missing: true + - rename: + field: MessageCode + target_field: cisco_ise.log.message.code + ignore_missing: true + - rename: + field: FeedServiceFeed + target_field: cisco_ise.log.feed_service.feed.name + ignore_missing: true + - rename: + field: FeedServiceFeedVersion + target_field: cisco_ise.log.feed_service.feed.version + ignore_missing: true + - rename: + field: FeedServiceHost + target_field: cisco_ise.log.feed_service.host + ignore_missing: true + - rename: + field: FeedServicePort + target_field: cisco_ise.log.feed_service.port + ignore_missing: true + - date: + field: FeedServiceQueryToTime + target_field: cisco_ise.log.feed_service.query.to_time + formats: + - ISO8601 + ignore_failure: true + - date: + field: FeedServiceQueryFromTime + target_field: cisco_ise.log.feed_service.query.from_time + formats: + - ISO8601 + ignore_failure: true + - rename: + field: IdentityGroup + target_field: cisco_ise.log.identity.group + ignore_missing: true + - rename: + field: IpAddress + target_field: host.ip + ignore_missing: true + - append: + field: related.ip + value: '{{{host.ip}}}' + if: ctx?.host?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: ObjectName + target_field: cisco_ise.log.object.name + ignore_missing: true + - rename: + field: ObjectInternalID + target_field: cisco_ise.log.object.internal.id + ignore_missing: true + - rename: + field: ObjectType + target_field: cisco_ise.log.object.type + ignore_missing: true + - rename: + field: OperationMessageText + target_field: cisco_ise.log.operation_message.text + ignore_missing: true + - rename: + field: PortalName + target_field: cisco_ise.log.portal.name + ignore_missing: true + - append: + field: related.hosts + value: '{{{PsnHostName}}}' + if: ctx?.PsnHostName != null && ctx?.PsnHostName != '' + allow_duplicates: false + ignore_failure: true + - rename: + field: PsnHostName + target_field: cisco_ise.log.psn.hostname + ignore_missing: true + - rename: + field: RequestResponseType + target_field: cisco_ise.log.request_response.type + ignore_missing: true + - convert: + field: ResponseTime + target_field: cisco_ise.log.response.time + type: long + ignore_missing: true + - rename: + field: UserName + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - remove: + field: + - AssignedTargets + - ConfigVersionId + - FailureFlag + - FeedServiceQueryFromTime + - FeedServiceQueryToTime + - LogSeverityLevel + - ResponseTime + - log_detail + - log_description + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml new file mode 100644 index 00000000000..9e5648b26f3 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml @@ -0,0 +1,166 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - '%{GREEDYDATA:cisco_ise.log.log_details},' + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(["iam"]); + def categoryReferenceTable = [ + ["messageCodeArray": ["22040","22057","22061","22060","22037"], "name": "authentication"] + ]; + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.selected.authentication.identity_stores + ignore_missing: true + - rename: + field: AuthenticationMethod + target_field: cisco_ise.log.authentication.method + ignore_missing: true + - rename: + field: Calling-Station-ID + target_field: cisco_ise.log.calling_station.id + ignore_missing: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: CurrentIDStoreName + target_field: cisco_ise.log.currentid.store_name + ignore_missing: true + - convert: + field: DestinationIPAddress + target_field: destination.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: "{{{DestinationIPAddress}}}" + if: ctx?.DestinationIPAddress != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-IP-Address + target_field: cisco_ise.log.nas.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{cisco_ise.log.nas.ip}}}' + if: ctx?.cisco_ise?.log?.nas?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: user.name + value: '{{{OriginalUserName}}}' + if: ctx?.OriginalUserName != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{OriginalUserName}}}' + if: ctx?.OriginalUserName != null + allow_duplicates: false + ignore_failure: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - append: + field: user.name + value: '{{{UserName}}}' + if: ctx?.UserName != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{UserName}}}' + if: ctx?.UserName != null + allow_duplicates: false + ignore_failure: true + - convert: + field: WorkflowCurrentIDStoreIndex + target_field: cisco_ise.log.workflow.current_id.store_index + type: long + ignore_failure: true + - rename: + field: WorkflowIfAuthenticationFailed + target_field: cisco_ise.log.workflow.if.authentication_failed + ignore_missing: true + - rename: + field: WorkflowIfProcessError + target_field: cisco_ise.log.workflow.if.process_error + ignore_missing: true + - rename: + field: WorkflowIfUserNotFound + target_field: cisco_ise.log.workflow.if.user_not_found + ignore_missing: true + - rename: + field: WorkflowSequenceType + target_field: cisco_ise.log.workflow.sequence.type + ignore_missing: true + - remove: + field: + - ConfigVersionId + - DestinationIPAddress + - NAS-IP-Address + - OriginalUserName + - Response + - UserName + - WorkflowCurrentIDStoreIndex + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml new file mode 100644 index 00000000000..5700ac03fdd --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml @@ -0,0 +1,424 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["5405","5411","5418","5435","5400","5440"], "name": "authentication"], + ["messageCodeArray": ["5440"], "name": "session"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["5405","5411","5418","5435","5400","5440"], "name": "info"], + ["messageCodeArray": ["5405","5411","5418","5435"], "name": "end"], + ["messageCodeArray": ["5440"], "name": "start"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + ctx.event.type = eventType; + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - rename: + field: acme-av-pair.audit-session-id + target_field: cisco_ise.log.acme-av-pair.audit-session-id + ignore_missing: true + - rename: + field: acme-av-pair.service-type + target_field: cisco_ise.log.acme-av-pair.service-type + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: ADDomain + target_field: cisco_ise.log.ad.domain.name + ignore_missing: true + - rename: + field: AllowedProtocolMatchedRule + target_field: cisco_ise.log.allowed_protocol.matched.rule + ignore_missing: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.authentication.identity_store + ignore_missing: true + - rename: + field: AuthenticationMethod + target_field: cisco_ise.log.authentication.method + ignore_missing: true + - rename: + field: Called-Station-ID + target_field: cisco_ise.log.called_station.id + ignore_missing: true + - rename: + field: Calling-Station-ID + target_field: cisco_ise.log.calling_station.id + ignore_missing: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: DetailedInfo + target_field: cisco_ise.log.detailed_info + ignore_missing: true + - rename: + field: Device Type + target_field: cisco_ise.log.device.type + ignore_missing: true + - rename: + field: EAP-Key-Name + target_field: cisco_ise.log.eap_key.name + ignore_missing: true + - rename: + field: EapAuthentication + target_field: cisco_ise.log.eap.authentication + ignore_missing: true + - rename: + field: EapChainingResult + target_field: cisco_ise.log.eap.chaining_result + ignore_missing: true + - rename: + field: EapTunnel + target_field: cisco_ise.log.eap.tunnel + ignore_missing: true + - rename: + field: EndPointMACAddress + target_field: cisco_ise.log.endpoint.mac.address + ignore_missing: true + - gsub: + field: cisco_ise.log.endpoint.mac.address + pattern: '[-:.]' + replacement: '-' + ignore_missing: true + - uppercase: + field: cisco_ise.log.endpoint.mac.address + ignore_missing: true + - rename: + field: FailureReason + target_field: cisco_ise.log.failure.reason + ignore_missing: true + - convert: + field: Framed-IP-Address + target_field: cisco_ise.log.framed.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{cisco_ise.log.framed.ip}}}' + if: ctx?.cisco_ise?.log?.framed?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: Framed-MTU + target_field: cisco_ise.log.framed.mtu + type: long + ignore_missing: true + - convert: + field: GroupsOrAttributesProcessFailure + target_field: cisco_ise.log.groups.process_failure + type: boolean + ignore_missing: true + - rename: + field: IdentitySelectionMatchedRule + target_field: cisco_ise.log.identity.selection.matched.rule + ignore_missing: true + - rename: + field: ISEPolicySetName + target_field: cisco_ise.log.ise.policy.set_name + ignore_missing: true + - rename: + field: Location + target_field: cisco_ise.log.location + ignore_missing: true + - convert: + field: NAS-IP-Address + target_field: cisco_ise.log.nas.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{cisco_ise.log.nas.ip}}}' + if: ctx?.cisco_ise?.log?.nas?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-Port + target_field: cisco_ise.log.nas.port.number + type: long + ignore_missing: true + - rename: + field: NAS-Port-Id + target_field: cisco_ise.log.nas.port.id + ignore_missing: true + - rename: + field: NAS-Port-Type + target_field: cisco_ise.log.nas.port.type + ignore_missing: true + - rename: + field: NetworkDeviceGroups + target_field: cisco_ise.log.network.device.groups + ignore_missing: true + - rename: + field: NetworkDeviceName + target_field: cisco_ise.log.network.device.name + ignore_missing: true + - rename: + field: RadiusPacketType + target_field: cisco_ise.log.radius_packet.type + ignore_missing: true + - convert: + field: RequestLatency + target_field: cisco_ise.log.request.latency + type: long + ignore_missing: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: SelectedAuthenticationIdentityStores + target_field: cisco_ise.log.selected.authentication.identity_stores + ignore_missing: true + - rename: + field: Service-Type + target_field: cisco_ise.log.service.type + ignore_missing: true + - rename: + field: State + target_field: cisco_ise.log.state + ignore_missing: true + - rename: + field: UseCase + target_field: cisco_ise.log.usecase + ignore_missing: true + - convert: + field: DestinationIPAddress + target_field: destination.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{destination.ip}}}' + if: ctx?.destination?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: DestinationPort + target_field: destination.port + type: long + ignore_missing: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: Device Port + target_field: client.port + type: long + ignore_missing: true + - rename: + field: Acct-Session-Id + target_field: cisco_ise.log.acct.session.id + ignore_missing: true + - rename: + field: Acct-Status-Type + target_field: cisco_ise.log.acct.status.type + ignore_missing: true + - rename: + field: DTLSSupport + target_field: cisco_ise.log.dtls_support + ignore_missing: true + - convert: + field: IpAddress + target_field: source.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{source.ip}}}' + if: ctx?.source?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: IPSEC + target_field: cisco_ise.log.ipsec + ignore_missing: true + - rename: + field: Model Name + target_field: cisco_ise.log.model.name + ignore_missing: true + - rename: + field: Network Device Profile + target_field: cisco_ise.log.network.device.profile + ignore_missing: true + - rename: + field: NetworkDeviceProfileId + target_field: cisco_ise.log.network.device.profile_id + ignore_missing: true + - rename: + field: NetworkDeviceProfileName + target_field: cisco_ise.log.network.device.profile_name + ignore_missing: true + - rename: + field: OpenSSLErrorMessage + target_field: cisco_ise.log.openssl.error.message + ignore_missing: true + - rename: + field: OpenSSLErrorStack + target_field: cisco_ise.log.openssl.error.stack + ignore_missing: true + - rename: + field: PortalName + target_field: cisco_ise.log.portal.name + ignore_missing: true + - convert: + field: ResponseTime + target_field: cisco_ise.log.response.time + type: long + ignore_missing: true + - convert: + field: Session-Timeout + target_field: cisco_ise.log.session.timeout + type: long + ignore_missing: true + - rename: + field: Step + target_field: cisco_ise.log.step + ignore_missing: true + - rename: + field: StepLatency + target_field: cisco_ise.log.step_latency + ignore_missing: true + - rename: + field: TLSCipher + target_field: cisco_ise.log.tls.cipher + ignore_missing: true + - rename: + field: TLSVersion + target_field: cisco_ise.log.tls.version + ignore_missing: true + - convert: + field: TotalFailedAttempts + target_field: cisco_ise.log.total.failed_attempts + type: long + ignore_missing: true + - convert: + field: TotalFailedTime + target_field: cisco_ise.log.total.failed_time + type: long + ignore_missing: true + - rename: + field: UserType + target_field: cisco_ise.log.user.type + ignore_missing: true + - rename: + field: Protocol + target_field: network.protocol + ignore_missing: true + - lowercase: + field: network.protocol + ignore_missing: true + - append: + field: user.name + value: '{{{UserName}}}' + ignore_failure: true + allow_duplicates: false + - append: + field: user.name + value: '{{{User-Name}}}' + ignore_failure: true + allow_duplicates: false + - append: + field: related.user + value: '{{{UserName}}}' + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{User-Name}}}' + allow_duplicates: false + ignore_failure: true + - remove: + field: + - UserName + - User-Name + - ConfigVersionId + - DestinationIPAddress + - DestinationPort + - Device IP Address + - Device Port + - NAS-IP-Address + - NAS-Port + - RequestLatency + - IpAddress + - TotalFailedAttempts + - Session-Timeout + - Response + - ResponseTime + - TotalFailedTime + - Framed-IP-Address + - Framed-MTU + - GroupsOrAttributesProcessFailure + - acme-av-pair + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml new file mode 100644 index 00000000000..c49664a6b77 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml @@ -0,0 +1,112 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [configuration] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: UserType + target_field: cisco_ise.log.user.type + ignore_missing: true + - rename: + field: UserName + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - convert: + field: IpAddress + target_field: source.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{source.ip}}}' + if: ctx?.source?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.authentication.identity_store + ignore_missing: true + - rename: + field: PortalName + target_field: cisco_ise.log.portal.name + ignore_missing: true + - rename: + field: IdentityGroup + target_field: cisco_ise.log.identity.group + ignore_missing: true + - rename: + field: PsnHostName + target_field: cisco_ise.log.psn.hostname + ignore_missing: true + - convert: + field: ResponseTime + target_field: cisco_ise.log.response.time + type: long + ignore_failure: true + - rename: + field: GuestUserName + target_field: cisco_ise.log.guest.user.name + ignore_missing: true + - rename: + field: FailureReason + target_field: cisco_ise.log.failure.reason + ignore_missing: true + - append: + field: related.user.name + value: '{{{cisco_ise.log.guest.user.name}}}' + if: ctx?.cisco_ise?.log?.guest?.user?.name != null + allow_duplicates: false + ignore_failure: true + - remove: + field: + - _tmp + - ConfigVersionId + - IpAddress + - cisco_ise.log.log_details + - ResponseTime + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml new file mode 100644 index 00000000000..e70181f8e2b --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml @@ -0,0 +1,154 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["24209","24210","24212","24216","24217","24313","24322","24325","24352","24366","24412","24430","24631","24633","24715"], "name": "iam"], + ["messageCodeArray": ["24313","24322","24325","24352","24412","24430","24633","24715"], "name": "authentication"], + ["messageCodeArray": ["24217"], "name": "host"], + ["messageCodeArray": ["24209"], "name": "malware"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["24209","24210","24212","24216","24217","24313","24322","24325","24352","24366","24412","24430","24631","24633","24715"], "name": "info"], + ["messageCodeArray": ["24352","24412","24633"], "name": "end"], + ["messageCodeArray": ["24217"], "name": "host"], + ["messageCodeArray": ["24210","24212","24216","24631"], "name": "user"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.category = eventCategory; + ctx.event.type = eventType; + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - trim: + field: cisco_ise.log.log_details + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_missing: true + - rename: + field: UserName + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: AuthenticationMethod + target_field: cisco_ise.log.authentication.method + ignore_missing: true + - rename: + field: CurrentIDStoreName + target_field: cisco_ise.log.currentid.store_name + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: EnableFlag + target_field: cisco_ise.log.enable.flag + ignore_missing: true + - rename: + field: AD-Log-Id + target_field: cisco_ise.log.ad.log_id + ignore_missing: true + - append: + field: user.full_name + value: '{{{Firstname}}}' + if: ctx?.Firstname != null + allow_duplicates: false + ignore_failure: true + - append: + field: user.full_name + value: '{{{Lastname}}}' + if: ctx?.Lastname != null + allow_duplicates: false + ignore_failure: true + - rename: + field: OriginalUserName + target_field: cisco_ise.log.original.user.name + ignore_missing: true + - append: + field: user.name + value: '{{{cisco_ise.log.original.user.name}}}' + if: ctx?.cisco_ise?.log?.original?.user?.name != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Protocol + target_field: network.protocol + ignore_missing: true + - lowercase: + field: network.protocol + ignore_missing: true + - remove: + field: + - ConfigVersionId + - OriginalUserName + - Firstname + - Lastname + - Response + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml new file mode 100644 index 00000000000..8f14c3ed789 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml @@ -0,0 +1,81 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["34120"], "name": "authentication"], + ["messageCodeArray": ["32025","34126","34127"], "name": "configuration"] + ]; + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - convert: + field: DestinationPort + target_field: destination.port + type: long + ignore_failure: true + - rename: + field: LoggerName + target_field: cisco_ise.log.logger.name + ignore_missing: true + - rename: + field: LogFileName + target_field: cisco_ise.log.file.name + ignore_missing: true + - rename: + field: LogErrorMessage + target_field: cisco_ise.log.error.message + ignore_missing: true + - remove: + field: + - _tmp + - ConfigVersionId + - DestinationPort + - cisco_ise.log.log_details + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml new file mode 100644 index 00000000000..cbbcafd8f90 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml @@ -0,0 +1,136 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [configuration] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: UserName + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - convert: + field: IpAddress + target_field: source.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{source.ip}}}' + if: ctx?.source?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.authentication.identity_store + ignore_missing: true + - rename: + field: PortalName + target_field: cisco_ise.log.portal.name + ignore_missing: true + - rename: + field: IdentityGroup + target_field: cisco_ise.log.identity.group + ignore_missing: true + - rename: + field: PsnHostName + target_field: cisco_ise.log.psn.hostname + ignore_missing: true + - rename: + field: EPMacAddress + target_field: cisco_ise.log.ep.mac.address + ignore_missing: true + - gsub: + field: cisco_ise.log.ep.mac_address + pattern: '[-:.]' + replacement: '-' + ignore_missing: true + - uppercase: + field: cisco_ise.log.ep.mac_address + ignore_missing: true + - rename: + field: EPIdentityGroup + target_field: cisco_ise.log.ep.identity_group + ignore_missing: true + - convert: + field: Staticassignment + target_field: cisco_ise.log.static.assignment + type: boolean + ignore_failure: true + - rename: + field: EndPointProfiler + target_field: cisco_ise.log.endpoint.profiler + ignore_missing: true + - rename: + field: EndPointPolicy + target_field: cisco_ise.log.endpoint.policy + ignore_missing: true + - rename: + field: DeviceName + target_field: cisco_ise.log.device.name + ignore_missing: true + - rename: + field: DeviceRegistrationStatus + target_field: cisco_ise.log.device.registration_status + ignore_missing: true + - convert: + field: ResponseTime + target_field: cisco_ise.log.response.time + type: long + ignore_failure: true + - rename: + field: EndpointCoA + target_field: cisco_ise.log.endpoint.coa + ignore_missing: true + - remove: + field: + - _tmp + - ConfigVersionId + - IpAddress + - cisco_ise.log.log_details + - ResponseTime + - Staticassignment + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml new file mode 100644 index 00000000000..bbfb3b66eb8 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml @@ -0,0 +1,394 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["5200","5231","5233","5239"], "name": "authentication"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["5200","5231","5233","5239"], "name": "info"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + ctx.event.type = eventType; + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - convert: + field: Airespace-Wlan-Id + target_field: cisco_ise.log.airespace.wlan.id + type: long + ignore_missing: true + - rename: + field: allowEasyWiredSession + target_field: cisco_ise.log.allow.easy.wired.session + ignore_missing: true + - rename: + field: AuthorizationPolicyMatchedRule + target_field: cisco_ise.log.auth.policy.matched.rule + ignore_missing: true + - rename: + field: AuthenticationIdentityStore + target_field: cisco_ise.log.authentication.identity_store + ignore_missing: true + - rename: + field: AuthenticationMethod + target_field: cisco_ise.log.authentication.method + ignore_missing: true + - rename: + field: AuthenticationStatus + target_field: cisco_ise.log.authentication.status + ignore_missing: true + - rename: + field: Calling-Station-ID + target_field: cisco_ise.log.calling_station.id + ignore_missing: true + - convert: + field: cisco-av-pair.coa-push + target_field: cisco_ise.log.cisco_av_pair.coa-push + type: boolean + ignore_missing: true + - rename: + field: cisco-av-pair.cts-device-capability + target_field: cisco_ise.log.cisco-av-pair.cts-device-capability + ignore_missing: true + - rename: + field: cisco-av-pair.cts-environment-data + target_field: cisco_ise.log.cisco-av-pair.cts-environment-data + ignore_missing: true + - convert: + field: cisco-av-pair.cts-environment-version + target_field: cisco_ise.log.cisco-av-pair.cts-environment-version + type: long + ignore_missing: true + - rename: + field: cisco-av-pair.cts-pac-opaque + target_field: cisco_ise.log.cisco-av-pair.cts-pac-opaque + ignore_missing: true + - convert: + field: ClientLatency + target_field: cisco_ise.log.client.latency + type: long + ignore_missing: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: Device Type + target_field: cisco_ise.log.device.type + ignore_missing: true + - rename: + field: DTLSSupport + target_field: cisco_ise.log.dtls_support + ignore_missing: true + - rename: + field: EndPointMACAddress + target_field: cisco_ise.log.endpoint.mac.address + ignore_missing: true + - gsub: + field: cisco_ise.log.endpoind.mac.address + pattern: '[-:.]' + replacement: '-' + ignore_missing: true + - uppercase: + field: cisco_ise.log.endpoind.mac.address + ignore_missing: true + - rename: + field: GuestUserName + target_field: cisco_ise.log.guest.user.name + ignore_missing: true + - rename: + field: IdentityGroup + target_field: cisco_ise.log.identity.group + ignore_missing: true + - rename: + field: IdentityPolicyMatchedRule + target_field: cisco_ise.log.identity.policy.matched.rule + ignore_missing: true + - convert: + field: IpAddress + target_field: source.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{source.ip}}}' + if: ctx?.source?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: IPSEC + target_field: cisco_ise.log.ipsec + ignore_missing: true + - convert: + field: IsThirdPartyDeviceFlow + target_field: cisco_ise.log.is_third_party_device_flow + type: boolean + ignore_missing: true + - rename: + field: ISEPolicySetName + target_field: cisco_ise.log.ise.policy.set_name + ignore_missing: true + - rename: + field: Location + target_field: cisco_ise.log.location + ignore_missing: true + - rename: + field: MisconfiguredClientFixReason + target_field: cisco_ise.log.misconfigured.client.fix.reason + ignore_missing: true + - rename: + field: Model Name + target_field: cisco_ise.log.model.name + ignore_missing: true + - convert: + field: NAS-IP-Address + target_field: cisco_ise.log.nas.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{cisco_ise.log.nas.ip}}}' + if: ctx?.cisco_ise?.log?.nas?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-Port + target_field: cisco_ise.log.nas.port.number + type: long + ignore_missing: true + - rename: + field: NAS-Port-Id + target_field: cisco_ise.log.nas.port.id + ignore_missing: true + - rename: + field: NAS-Port-Type + target_field: cisco_ise.log.nas.port.type + ignore_missing: true + - rename: + field: NetworkDeviceGroups + target_field: cisco_ise.log.network.device.groups + ignore_missing: true + - rename: + field: Network Device Profile + target_field: cisco_ise.log.network.device.profile + ignore_missing: true + - rename: + field: NetworkDeviceProfileName + target_field: cisco_ise.log.network.device.profile_name + ignore_missing: true + - rename: + field: NetworkDeviceProfileId + target_field: cisco_ise.log.network.device.profile_id + ignore_missing: true + - rename: + field: NetworkDeviceName + target_field: cisco_ise.log.network.device.name + ignore_missing: true + - rename: + field: PortalName + target_field: cisco_ise.log.portal.name + ignore_missing: true + - rename: + field: PostureAssessmentStatus + target_field: cisco_ise.log.posture.assessment.status + ignore_missing: true + - rename: + field: PsnHostName + target_field: cisco_ise.log.psn.hostname + ignore_missing: true + - rename: + field: RadiusFlowType + target_field: cisco_ise.log.radius.flow.type + ignore_missing: true + - convert: + field: RequestLatency + target_field: cisco_ise.log.request.latency + type: long + ignore_missing: true + - convert: + field: ResponseTime + target_field: cisco_ise.log.response.time + type: long + ignore_missing: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: SelectedAuthenticationIdentityStores + target_field: cisco_ise.log.selected.authentication.identity_stores + ignore_missing: true + - rename: + field: SelectedAuthorizationProfiles + target_field: cisco_ise.log.selected.authorization.profiles + ignore_missing: true + - rename: + field: IdentitySelectionMatchedRule + target_field: cisco_ise.log.identity.selection.matched.rule + ignore_missing: true + - rename: + field: Service-Type + target_field: cisco_ise.log.service.type + ignore_missing: true + - rename: + field: Step + target_field: cisco_ise.log.step + ignore_missing: true + - rename: + field: StepData + target_field: cisco_ise.log.step_data + ignore_missing: true + - convert: + field: TotalAuthenLatency + target_field: cisco_ise.log.total.authen.latency + type: long + ignore_missing: true + - rename: + field: UseCase + target_field: cisco_ise.log.usecase + ignore_missing: true + - rename: + field: UserType + target_field: cisco_ise.log.user.type + ignore_missing: true + - append: + field: user.name + value: '{{{OriginalUserName}}}' + if: ctx?.OriginalUserName != null + allow_duplicates: false + ignore_failure: true + - convert: + field: DestinationIPAddress + target_field: destination.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{destination.ip}}}' + if: ctx?.destination?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: DestinationPort + target_field: destination.port + type: long + ignore_missing: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Protocol + target_field: network.protocol + ignore_missing: true + - lowercase: + field: network.protocol + ignore_missing: true + - append: + field: user.name + value: '{{{UserName}}}' + ignore_failure: true + allow_duplicates: false + - append: + field: user.name + value: '{{{User-Name}}}' + ignore_failure: true + allow_duplicates: false + - append: + field: related.user + value: '{{{UserName}}}' + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{User-Name}}}' + allow_duplicates: false + ignore_failure: true + - remove: + field: + - UserName + - User-Name + - ConfigVersionId + - DestinationIPAddress + - DestinationPort + - Device IP Address + - NAS-IP-Address + - NAS-Port + - RequestLatency + - IpAddress + - Airespace-Wlan-Id + - OriginalUserName + - ClientLatency + - Response + - ResponseTime + - TotalAuthenLatency + - IsThirdPartyDeviceFlow + - cisco-av-pair + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml new file mode 100644 index 00000000000..3c16394e986 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml @@ -0,0 +1,143 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [configuration] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Protocol + target_field: network.protocol + ignore_missing: true + - lowercase: + field: network.protocol + ignore_missing: true + - date: + field: RequestReceivedTime + target_field: cisco_ise.log.request.received_time + if: ctx?.RequestReceivedTime != "0" + ignore_failure: true + formats: + - UNIX + - rename: + field: PolicyType + target_field: cisco_ise.log.policy.type + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: AuthorizationPolicyMatchedRule + target_field: cisco_ise.log.auth.policy.matched.rule + ignore_missing: true + - rename: + field: CurrentIDStoreName + target_field: cisco_ise.log.currentid.store_name + ignore_missing: true + - rename: + field: ISEPolicySetName + target_field: cisco_ise.log.ise.policy.set_name + ignore_missing: true + - rename: + field: IdentityPolicyMatchedRule + target_field: cisco_ise.log.identity.selection.matched.rule + ignore_missing: true + - rename: + field: IdentitySelectionMatchedRule + target_field: cisco_ise.log.identity.policy.matched.rule + ignore_missing: true + - append: + field: user.name + value: '{{{OriginalUserName}}}' + if: ctx?.OriginalUserName != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{OriginalUserName}}}' + if: ctx?.OriginalUserName != null + allow_duplicates: false + ignore_failure: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: SelectedAuthorizationProfiles + target_field: cisco_ise.log.selected.authorization.profiles + ignore_missing: true + - append: + field: user.name + value: '{{{UserName}}}' + if: ctx?.UserName != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.user + value: '{{{UserName}}}' + if: ctx?.UserName != null + allow_duplicates: false + ignore_failure: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - remove: + field: + - _tmp + - ConfigVersionId + - Device IP Address + - OriginalUserName + - UserName + - RequestReceivedTime + - cisco_ise.log.log_details + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml new file mode 100644 index 00000000000..8e3f28ef059 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml @@ -0,0 +1,72 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [malware] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: OperationID + target_field: cisco_ise.log.operation.id + ignore_missing: true + - rename: + field: OperationType + target_field: cisco_ise.log.operation.type + ignore_missing: true + - rename: + field: OperationStatus + target_field: cisco_ise.log.operation.status + ignore_missing: true + - rename: + field: AdminName + target_field: client.user.name + ignore_missing: true + - append: + field: related.user + value: '{{{client.user.name}}}' + if: ctx?.client?.user?.name != null + allow_duplicates: false + ignore_failure: true + - remove: + field: + - _tmp + - ConfigVersionId + - cisco_ise.log.log_details + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml new file mode 100644 index 00000000000..fbbf1874ecd --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml @@ -0,0 +1,249 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [configuration] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: RequestLatency + target_field: cisco_ise.log.request.latency + type: long + ignore_failure: true + - rename: + field: NetworkDeviceName + target_field: cisco_ise.log.network.device.name + ignore_missing: true + - rename: + field: User-Name + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-IP-Address + target_field: cisco_ise.log.nas.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{cisco_ise.log.nas.ip}}}' + if: ctx?.cisco_ise?.log?.nas?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-Port + target_field: cisco_ise.log.nas.port.number + type: long + ignore_failure: true + - convert: + field: Framed-IP-Address + target_field: cisco_ise.log.framed.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{cisco_ise.log.framed.ip}}}' + if: ctx?.cisco_ise?.log?.framed?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Class + target_field: cisco_ise.log.class + ignore_missing: true + - rename: + field: Called-Station-ID + target_field: cisco_ise.log.called_station.id + ignore_missing: true + - rename: + field: Calling-Station-ID + target_field: cisco_ise.log.calling_station.id + ignore_missing: true + - rename: + field: NAS-Identifier + target_field: cisco_ise.log.nas.identifier + ignore_missing: true + - rename: + field: Acct-Status-Type + target_field: cisco_ise.log.acct.status.type + ignore_missing: true + - rename: + field: Acct-Session-Id + target_field: cisco_ise.log.acct.session.id + ignore_missing: true + - rename: + field: Acct-Authentic + target_field: cisco_ise.log.acct.authentic + ignore_missing: true + - convert: + field: Acct-Session-Time + target_field: cisco_ise.log.acct.session.time + type: long + ignore_failure: true + - rename: + field: Step + target_field: cisco_ise.log.step + ignore_missing: true + - rename: + field: Event-Timestamp + target_field: cisco_ise.log.event.timestamp + ignore_missing: true + - date: + field: cisco_ise.log.event.timestamp + target_field: cisco_ise.log.event.timestamp + if: ctx?.cisco_ise?.log?.event?.timestamp != "0" + ignore_failure: true + formats: + - UNIX + - rename: + field: NAS-Port-Type + target_field: cisco_ise.log.nas.port.type + ignore_missing: true + - rename: + field: Tunnel-Type + target_field: cisco_ise.log.tunnel.type + ignore_missing: true + - rename: + field: Tunnel-Medium-Type + target_field: cisco_ise.log.tunnel.medium.type + ignore_missing: true + - rename: + field: Tunnel-Private-Group-ID + target_field: cisco_ise.log.tunnel.private.group_id + ignore_missing: true + - convert: + field: Airespace-Wlan-Id + target_field: cisco_ise.log.airespace.wlan.id + type: long + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: NetworkDeviceGroups + target_field: cisco_ise.log.network.device.groups + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: AllowedProtocolMatchedRule + target_field: cisco_ise.log.allowed_protocol.matched.rule + ignore_missing: true + - rename: + field: Location + target_field: cisco_ise.log.location + ignore_missing: true + - rename: + field: Device Type + target_field: cisco_ise.log.device.type + ignore_missing: true + - convert: + field: Acct-Delay-Time + target_field: cisco_ise.log.acct.delay_time + type: long + ignore_failure: true + - convert: + field: Acct-Input-Octets + target_field: cisco_ise.log.acct.input.octets + type: long + ignore_failure: true + - convert: + field: Acct-Output-Octets + target_field: cisco_ise.log.acct.output.octets + type: long + ignore_failure: true + - convert: + field: Acct-Input-Packets + target_field: cisco_ise.log.acct.input.packets + type: long + ignore_failure: true + - convert: + field: Acct-Output-Packets + target_field: cisco_ise.log.acct.output.packets + type: long + ignore_failure: true + - rename: + field: Acct-Terminate-Cause + target_field: cisco_ise.log.acct.terminate_cause + ignore_missing: true + - rename: + field: undefined-52 + target_field: cisco_ise.log.undefined_52 + ignore_missing: true + - remove: + field: + - _tmp + - ConfigVersionId + - Device IP Address + - NAS-IP-Address + - NAS-Port + - cisco_ise.log.log_details + - Acct-Input-Octets + - Acct-Output-Octets + - Acct-Input-Packets + - Acct-Output-Packets + - Acct-Session-Time + - Acct-Delay-Time + - RequestLatency + - Airespace-Wlan-Id + - Framed-IP-Address + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml new file mode 100644 index 00000000000..d89787b48a7 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml @@ -0,0 +1,235 @@ +--- +processors: + - set: + field: event.kind + value: event + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} RADIUS: An Access-Request MUST contain at least a NAS-IP-Address, NAS-IPv6-Address, or a NAS-Identifier; Continue processing, %{GREEDYDATA:cisco_ise.log.log_details}," + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - set: + field: cisco_ise.log.message.description + value: "RADIUS: An Access-Request MUST contain at least a NAS-IP-Address NAS-IPv6-Address, or a NAS-Identifier; Continue processing" + if: ctx?.cisco_ise?.log?.message?.code == "11015" + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def eventType = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["11001","11002","11004","11005","11006","11015"], "name": "iam"], + ["messageCodeArray": ["11036","11038","11507","11823","12300","12301","12302","12305","12307","12309","12318","12500","12814","12817"], "name": "authentication"], + ["messageCodeArray": ["11027","12500","12800","12805","12814","12817"], "name": "network"], + ["messageCodeArray": ["11117"], "name": "session"], + ["messageCodeArray": ["11017","11018"], "name": "configuration"] + ]; + def typeReferenceTable = [ + ["messageCodeArray": ["11001","11002","11004","11005","11006","11015","11017","11018","11027","11036","11038","11117","11507","11823","12300","12301","12302","12305","12307","12309","12318","12500","12800","12805","12814","12817"], "name": "info"], + ["messageCodeArray": ["11823","12307","12309","12817"], "name": "end"], + ["messageCodeArray": ["11117"], "name": "start"] + ]; + + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + for (entry in typeReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventType.add(entry.name); + } + } + + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + ctx.event.type = eventType; + - gsub: + field: cisco_ise.log.log_details + pattern: \\, + replacement: '' + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - rename: + field: Acct-Session-Id + target_field: cisco_ise.log.acct.session.id + ignore_missing: true + - rename: + field: Acct-Status-Type + target_field: cisco_ise.log.acct.status.type + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - convert: + field: Airespace-Wlan-Id + target_field: cisco_ise.log.airespace.wlan.id + type: long + ignore_missing: true + - rename: + field: Calling-Station-ID + target_field: cisco_ise.log.calling_station.id + ignore_missing: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: DetailedInfo + target_field: cisco_ise.log.detailed_info + ignore_missing: true + - rename: + field: EapAuthentication + target_field: cisco_ise.log.eap.authentication + ignore_missing: true + - rename: + field: EapTunnel + target_field: cisco_ise.log.eap.tunnel + ignore_missing: true + - convert: + field: NAS-IP-Address + target_field: cisco_ise.log.nas.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{cisco_ise.log.nas.ip}}}' + if: ctx?.cisco_ise?.log?.nas?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: NAS-Port + target_field: cisco_ise.log.nas.port.number + type: long + ignore_missing: true + - rename: + field: OpenSSLErrorMessage + target_field: cisco_ise.log.openssl.error.message + ignore_missing: true + - rename: + field: OpenSSLErrorStack + target_field: cisco_ise.log.openssl.error.stack + ignore_missing: true + - rename: + field: NAS-Port-Type + target_field: cisco_ise.log.nas.port.type + ignore_missing: true + - convert: + field: RadiusIdentifier + target_field: cisco_ise.log.radius_identifier + type: long + ignore_missing: true + - rename: + field: RadiusPacketType + target_field: cisco_ise.log.radius.packet.type + ignore_missing: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - convert: + field: Session-Timeout + target_field: cisco_ise.log.session.timeout + type: long + ignore_missing: true + - rename: + field: State + target_field: cisco_ise.log.state + ignore_missing: true + - rename: + field: UseCase + target_field: cisco_ise.log.usecase + ignore_missing: true + - convert: + field: DestinationIPAddress + target_field: destination.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{destination.ip}}}' + if: ctx?.destination?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: DestinationPort + target_field: destination.port + type: long + ignore_missing: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_missing: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: Device Port + target_field: client.port + type: long + ignore_missing: true + - rename: + field: Service-Type + target_field: service.type + ignore_missing: true + - rename: + field: User-Name + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + allow_duplicates: false + ignore_failure: true + - remove: + field: + - ConfigVersionId + - DestinationIPAddress + - DestinationPort + - Device IP Address + - Device Port + - NAS-IP-Address + - NAS-Port + - Airespace-Wlan-Id + - RadiusIdentifier + - Response + - Session-Timeout + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml new file mode 100644 index 00000000000..3832191710e --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml @@ -0,0 +1,189 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.action + value: [system-stats] + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: cisco_ise.log.log_details + if: ctx?.cisco_ise?.log?.message?.code == "70001" + patterns: + - "^ConfigVersionId=%{DATA:ConfigVersionId}, SysStatsAcsProcessHealth= %{GREEDYDATA:_tmp.SysStatsAcsProcessHealth}" + - kv: + if: ctx?.cisco_ise?.log?.message?.code == "70001" + field: _tmp.SysStatsAcsProcessHealth + target_field: SysStatsAcsProcessHealth + field_split: '; ' + value_split: = + ignore_failure: true + - kv: + if: ctx?.cisco_ise?.log?.message?.code != "70001" + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - kv: + field: OperationCounters + target_field: _tmp + field_split: ', ' + value_split: = + if: ctx?.cisco_ise?.log?.message?.code == "70011" + ignore_failure: true + - kv: + if: ctx?.cisco_ise?.log?.message?.code == "70011" + field: _tmp.Counter + target_field: Counters + field_split: "," + value_split: ":" + ignore_failure: true + - remove: + field: OperationCounters + if: ctx?.Counters != null + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["70000","70011"], "name": "host"], + ["messageCodeArray": ["70001"], "name": "process"] + ]; + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + ctx.event.category = eventCategory.length > 0 ? eventCategory : null; + - convert: + field: ActiveSessionCount + target_field: cisco_ise.log.active_session.count + type: long + ignore_failure: true + - convert: + field: AverageRadiusRequestLatency + target_field: cisco_ise.log.average.radius.request.latency + type: long + ignore_failure: true + - convert: + field: AverageTacacsRequestLatency + target_field: cisco_ise.log.average.tacacs.request.latency + type: long + ignore_failure: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: Counters + target_field: cisco_ise.log.operation_counters.counters + ignore_missing: true + - convert: + field: DeltaRadiusRequestCount + target_field: cisco_ise.log.delta.radius.request.count + type: long + ignore_failure: true + - convert: + field: DeltaTacacsRequestCount + target_field: cisco_ise.log.delta.tacacs.request.count + type: long + ignore_failure: true + - rename: + field: OperationCounters + target_field: cisco_ise.log.operation_counters.original + ignore_missing: true + - rename: + field: SysStatsAcsProcessHealth + target_field: cisco_ise.log.sysstats.acs.process.health + ignore_missing: true + - convert: + field: SysStatsCpuCount + target_field: cisco_ise.log.sysstats.cpu.count + type: long + ignore_failure: true + - convert: + field: SysStatsProcessMemoryMB + target_field: cisco_ise.log.sysstats.process_memory_mb + type: long + ignore_failure: true + - gsub: + field: SysStatsUtilizationCpu + pattern: '%' + replacement: '' + ignore_missing: true + - convert: + field: SysStatsUtilizationCpu + target_field: cisco_ise.log.sysstats.utilization.cpu + type: double + ignore_failure: true + - gsub: + field: SysStatsUtilizationDiskIO + pattern: '%' + replacement: '' + ignore_missing: true + - convert: + field: SysStatsUtilizationDiskIO + target_field: cisco_ise.log.sysstats.utilization.disk.io + type: double + ignore_failure: true + - rename: + field: SysStatsUtilizationDiskSpace + target_field: cisco_ise.log.sysstats.utilization.disk.space + ignore_missing: true + - convert: + field: SysStatsUtilizationLoadAvg + target_field: cisco_ise.log.sysstats.utilization.load_avg + type: double + ignore_failure: true + - gsub: + field: SysStatsUtilizationMemory + pattern: '%' + replacement: '' + ignore_missing: true + - convert: + field: SysStatsUtilizationMemory + target_field: cisco_ise.log.sysstats.utilization.memory + type: double + ignore_failure: true + - rename: + field: SysStatsUtilizationNetwork + target_field: cisco_ise.log.sysstats.utilization.network + ignore_missing: true + - remove: + field: + - ActiveSessionCount + - AverageRadiusRequestLatency + - AverageTacacsRequestLatency + - ConfigVersionId + - DeltaRadiusRequestCount + - DeltaTacacsRequestCount + - SysStatsCpuCount + - SysStatsProcessMemoryMB + - SysStatsUtilizationCpu + - SysStatsUtilizationDiskIO + - SysStatsUtilizationMemory + - SysStatsUtilizationLoadAvg + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml new file mode 100644 index 00000000000..839a9c4bb92 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml @@ -0,0 +1,245 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [configuration] + - append: + field: event.type + value: [info] + - gsub: + field: message + pattern: 'AVPair=' + replacement: 'AVPair.' + ignore_missing: true + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.description != null + source: + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - convert: + field: Device IP Address + target_field: client.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx?.client?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: CmdSet + target_field: cisco_ise.log.cmdset + ignore_missing: true + - convert: + field: RequestLatency + target_field: cisco_ise.log.request.latency + type: long + ignore_failure: true + - rename: + field: NetworkDeviceName + target_field: cisco_ise.log.network.device.name + ignore_missing: true + - rename: + field: Type + target_field: cisco_ise.log.type + ignore_missing: true + - convert: + field: Privilege-Level + target_field: cisco_ise.log.privilege.level + type: long + ignore_failure: true + - rename: + field: Service + target_field: cisco_ise.log.service.name + ignore_missing: true + - rename: + field: User + target_field: user.name + ignore_missing: true + - append: + field: related.user + value: '{{{user.name}}}' + if: ctx?.user?.name != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Port + target_field: cisco_ise.log.port + ignore_missing: true + - convert: + field: Remote-Address + target_field: destination.ip + type: ip + ignore_failure: true + - append: + field: related.ip + value: '{{{destination.ip}}}' + if: ctx?.destination?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: Authen-Method + target_field: cisco_ise.log.authen_method + ignore_missing: true + - convert: + field: AVPair.task_id + target_field: cisco_ise.log.avpair.task_id + type: long + ignore_missing: true + - rename: + field: AVPair.timezone + target_field: cisco_ise.log.avpair.timezone + ignore_missing: true + - date: + field: AVPair.start_time + target_field: cisco_ise.log.avpair.start_time + if: ctx?.AVPair?.start_time != "0" + ignore_failure: true + formats: + - UNIX + - convert: + field: AVPair.priv-lvl + target_field: cisco_ise.log.avpair.priv_lvl + type: long + ignore_failure: true + - convert: + field: AVPair.disc-cause + target_field: cisco_ise.log.avpair.disc.cause + type: long + ignore_failure: true + - convert: + field: AVPair.disc-cause-ext + target_field: cisco_ise.log.avpair.disc.cause_ext + type: long + ignore_failure: true + - convert: + field: AVPair.pre-session-time + target_field: cisco_ise.log.avpair.pre_session_time + type: long + ignore_failure: true + - convert: + field: AVPair.elapsed_time + target_field: cisco_ise.log.avpair.elapsed_time + type: long + ignore_failure: true + - date: + field: AVPair.stop_time + target_field: cisco_ise.log.avpair.stop_time + if: ctx?.cisco_ise?.log?.avPair?.stop_time != "0" + ignore_failure: true + formats: + - UNIX + - rename: + field: AcctRequest-Flags + target_field: cisco_ise.log.acct.request.flags + ignore_missing: true + - rename: + field: Service-Argument + target_field: cisco_ise.log.service.argument + ignore_missing: true + - rename: + field: AcsSessionID + target_field: cisco_ise.log.acs.session.id + ignore_missing: true + - rename: + field: SelectedAccessService + target_field: cisco_ise.log.selected.access.service + ignore_missing: true + - rename: + field: NetworkDeviceGroups + target_field: cisco_ise.log.network.device.groups + ignore_missing: true + - rename: + field: CPMSessionID + target_field: cisco_ise.log.cpm.session.id + ignore_missing: true + - rename: + field: Model Name + target_field: cisco_ise.log.model.name + ignore_missing: true + - rename: + field: Software Version + target_field: cisco_ise.log.software.version + ignore_missing: true + - rename: + field: Network Device Profile + target_field: cisco_ise.log.network.device.profile + ignore_missing: true + - rename: + field: Location + target_field: cisco_ise.log.location + ignore_missing: true + - rename: + field: Device Type + target_field: cisco_ise.log.device.type + ignore_missing: true + - rename: + field: IPSEC + target_field: cisco_ise.log.ipsec + ignore_missing: true + - rename: + field: Step + target_field: cisco_ise.log.step + ignore_missing: true + - dissect: + field: Response + pattern: "{%{_tmp.response}}" + ignore_failure: true + - kv: + field: _tmp.response + target_field: cisco_ise.log.response + field_split: '; ' + value_split: = + ignore_failure: true + - remove: + field: + - _tmp + - ConfigVersionId + - Device IP Address + - Remote-Address + - Response + - RequestLatency + - Privilege-Level + - cisco_ise.log.log_details + - AVPair.start_time + - AVPair.priv-lvl + - AVPair.disc-cause + - AVPair.disc-cause-ext + - AVPair.pre-session-time + - AVPair.elapsed_time + - AVPair.stop_time + - AVPair.task_id + - AVPair + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml new file mode 100644 index 00000000000..54768dfc50e --- /dev/null +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml @@ -0,0 +1,78 @@ +--- +processors: + - set: + field: event.kind + value: event + - append: + field: event.type + value: [info] + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number == 0 + patterns: + - "^%{TIMESTAMP_ISO8601:_tmp.timestamp} %{ISO8601_TIMEZONE:event.timezone} %{DATA:event.sequence:long} %{DATA:cisco_ise.log.message.code} %{DATA:log.syslog.severity.name} %{DATA:cisco_ise.log.message.description}, %{GREEDYDATA:cisco_ise.log.log_details}," + - grok: + field: message + if: ctx?.cisco_ise?.log?.segment?.number > 0 + patterns: + - "^%{GREEDYDATA:cisco_ise.log.log_details}," + - date: + field: _tmp.timestamp + target_field: '@timestamp' + formats: + - yyyy-MM-dd HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSSSSS + timezone: '{{{event.timezone}}}' + ignore_failure: true + - script: + lang: painless + if: ctx?.cisco_ise?.log?.message?.code != null + source: | + def eventCategory = new ArrayList(); + def categoryReferenceTable = [ + ["messageCodeArray": ["91110"], "name": "authentication"], + ["messageCodeArray": ["91004","91018"], "name": "configuration"] + ]; + for (entry in categoryReferenceTable) { + if (entry.messageCodeArray.contains(ctx.cisco_ise.log.message.code)) { + eventCategory.add(entry.name); + } + } + ctx.event.action = ctx?.cisco_ise?.log?.message?.description?.splitOnToken(":")[0]?.toLowerCase(); + ctx.event.category = eventCategory; + - kv: + field: cisco_ise.log.log_details + field_split: ', ' + value_split: = + ignore_failure: true + - convert: + field: ConfigVersionId + target_field: cisco_ise.log.config_version.id + type: long + ignore_failure: true + - rename: + field: Details + target_field: cisco_ise.log.details + ignore_missing: true + - rename: + field: AdapterInstanceName + target_field: cisco_ise.log.adapter_instance.name + ignore_missing: true + - rename: + field: AdapterInstanceUuid + target_field: cisco_ise.log.adapter_instance.uuid + ignore_missing: true + - rename: + field: Status + target_field: cisco_ise.log.status + ignore_missing: true + - rename: + field: Connectivity + target_field: cisco_ise.log.connectivity + ignore_missing: true + - remove: + field: + - _tmp + - ConfigVersionId + - cisco_ise.log.log_details + ignore_missing: true diff --git a/packages/cisco_ise/data_stream/log/fields/agent.yml b/packages/cisco_ise/data_stream/log/fields/agent.yml new file mode 100644 index 00000000000..6e1bac042bc --- /dev/null +++ b/packages/cisco_ise/data_stream/log/fields/agent.yml @@ -0,0 +1,186 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: labels + level: extended + type: object + object_type: keyword + description: Image labels. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: architecture + level: core + type: keyword + ignore_above: 1024 + description: Operating system architecture. + example: x86_64 + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' + - name: id + level: core + type: keyword + ignore_above: 1024 + description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: name + level: core + type: keyword + ignore_above: 1024 + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: os.family + level: extended + type: keyword + ignore_above: 1024 + description: OS family (such as redhat, debian, freebsd, windows). + example: debian + - name: os.kernel + level: extended + type: keyword + ignore_above: 1024 + description: Operating system kernel version as a raw string. + example: 4.4.0-112-generic + - name: os.name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + default_field: false + description: Operating system name, without the version. + example: Mac OS X + - name: os.platform + level: extended + type: keyword + ignore_above: 1024 + description: Operating system platform (such centos, ubuntu, windows). + example: darwin + - name: os.version + level: extended + type: keyword + ignore_above: 1024 + description: Operating system version as a raw string. + example: 10.14.1 + - name: type + level: core + type: keyword + ignore_above: 1024 + description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + - name: containerized + type: boolean + description: > + If the host is a container. + + - name: os.build + type: keyword + example: "18D109" + description: > + OS build information. + + - name: os.codename + type: keyword + example: "stretch" + description: > + OS codename, if any. + +- name: input.type + type: keyword + description: Input type +- name: log.offset + type: long + description: Log offset diff --git a/packages/cisco_ise/data_stream/log/fields/base-fields.yml b/packages/cisco_ise/data_stream/log/fields/base-fields.yml new file mode 100644 index 00000000000..45e558e2c9b --- /dev/null +++ b/packages/cisco_ise/data_stream/log/fields/base-fields.yml @@ -0,0 +1,20 @@ +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: event.dataset + type: constant_keyword + description: Event dataset + value: cisco_ise.log +- name: event.module + type: constant_keyword + description: Event module + value: cisco_ise +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/cisco_ise/data_stream/log/fields/ecs.yml b/packages/cisco_ise/data_stream/log/fields/ecs.yml new file mode 100644 index 00000000000..078f39d3eae --- /dev/null +++ b/packages/cisco_ise/data_stream/log/fields/ecs.yml @@ -0,0 +1,46 @@ +- external: ecs + name: client.ip +- external: ecs + name: client.port +- external: ecs + name: client.user.name +- external: ecs + name: destination.ip +- external: ecs + name: destination.port +- external: ecs + name: ecs.version +- external: ecs + name: event.sequence +- external: ecs + name: host.hostname +- external: ecs + name: host.ip +- external: ecs + name: log.level +- external: ecs + name: log.logger +- external: ecs + name: log.syslog.priority +- external: ecs + name: log.syslog.severity.name +- external: ecs + name: message +- external: ecs + name: network.protocol +- external: ecs + name: related.hosts +- external: ecs + name: related.ip +- external: ecs + name: related.user +- external: ecs + name: service.type +- external: ecs + name: source.ip +- external: ecs + name: tags +- external: ecs + name: user.full_name +- external: ecs + name: user.name diff --git a/packages/cisco_ise/data_stream/log/fields/fields.yml b/packages/cisco_ise/data_stream/log/fields/fields.yml new file mode 100644 index 00000000000..2426988f9f0 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/fields/fields.yml @@ -0,0 +1,831 @@ +- name: cisco_ise.log + type: group + fields: + - name: acct + type: group + fields: + - name: authentic + type: keyword + - name: delay_time + type: long + - name: input + type: group + fields: + - name: octets + type: long + - name: packets + type: long + - name: output + type: group + fields: + - name: octets + type: long + - name: packets + type: long + - name: request + type: group + fields: + - name: flags + type: keyword + - name: session + type: group + fields: + - name: id + type: keyword + - name: time + type: long + - name: status + type: group + fields: + - name: type + type: keyword + - name: terminate_cause + type: keyword + - name: acme-av-pair + type: group + fields: + - name: audit-session-id + type: keyword + - name: service-type + type: keyword + - name: acs + type: group + fields: + - name: instance + type: keyword + - name: session + type: group + fields: + - name: id + type: keyword + - name: active_session + type: group + fields: + - name: count + type: long + - name: ad + type: group + fields: + - name: admin + type: keyword + - name: domain + type: group + fields: + - name: controller + type: keyword + - name: name + type: keyword + - name: error + type: group + fields: + - name: details + type: keyword + - name: forest + type: keyword + - name: hostname + type: keyword + - name: ip + type: ip + - name: log + type: keyword + - name: log_id + type: keyword + - name: organization_unit + type: text + - name: site + type: keyword + - name: srv + type: group + fields: + - name: query + type: keyword + - name: record + type: keyword + - name: adapter_instance + type: group + fields: + - name: name + type: keyword + - name: uuid + type: keyword + - name: admin + type: group + fields: + - name: interface + type: keyword + - name: session + type: keyword + - name: airespace + type: group + fields: + - name: wlan + type: group + fields: + - name: id + type: long + - name: allow + type: group + fields: + - name: easy + type: group + fields: + - name: wired + type: group + fields: + - name: session + type: keyword + - name: allowed_protocol + type: group + fields: + - name: matched + type: group + fields: + - name: rule + type: keyword + - name: assigned_targets + type: keyword + - name: auth + type: group + fields: + - name: policy + type: group + fields: + - name: matched + type: group + fields: + - name: rule + type: keyword + - name: authen_method + type: keyword + - name: authentication + type: group + fields: + - name: identity_store + type: keyword + - name: method + type: keyword + - name: status + type: keyword + - name: average + type: group + fields: + - name: radius + type: group + fields: + - name: request + type: group + fields: + - name: latency + type: long + - name: tacacs + type: group + fields: + - name: request + type: group + fields: + - name: latency + type: long + - name: avpair + type: group + fields: + - name: disc + type: group + fields: + - name: cause + type: long + - name: cause_ext + type: long + - name: elapsed_time + type: long + - name: pre_session_time + type: long + - name: priv_lvl + type: long + - name: start_time + type: date + - name: stop_time + type: date + - name: task_id + type: long + - name: timezone + type: keyword + - name: called_station + type: group + fields: + - name: id + type: keyword + - name: calling_station + type: group + fields: + - name: id + type: keyword + - name: category + type: group + fields: + - name: name + type: keyword + - name: cisco_av_pair + type: group + fields: + - name: coa-push + type: boolean + - name: cts-device-capability + type: keyword + - name: cts-environment-data + type: keyword + - name: cts-environment-version + type: keyword + - name: cts-pac-opaque + type: keyword + - name: class + type: keyword + - name: client + type: group + fields: + - name: latency + type: long + - name: cmdset + type: keyword + - name: component + type: keyword + - name: config_change + type: group + fields: + - name: data + type: keyword + - name: config_version + type: group + fields: + - name: id + type: long + - name: connectivity + type: keyword + - name: cpm + type: group + fields: + - name: session + type: group + fields: + - name: id + type: keyword + - name: currentid + type: group + fields: + - name: store_name + type: keyword + - name: delta + type: group + fields: + - name: radius + type: group + fields: + - name: request + type: group + fields: + - name: count + type: long + - name: tacacs + type: group + fields: + - name: request + type: group + fields: + - name: count + type: long + - name: detailed_info + type: text + - name: details + type: keyword + - name: device + type: group + fields: + - name: name + type: keyword + - name: registration_status + type: keyword + - name: type + type: keyword + - name: dtls_support + type: keyword + - name: eap_key + type: group + fields: + - name: name + type: keyword + - name: eap + type: group + fields: + - name: authentication + type: keyword + - name: chaining_result + type: keyword + - name: tunnel + type: keyword + - name: enable + type: group + fields: + - name: flag + type: keyword + - name: endpoint + type: group + fields: + - name: coa + type: keyword + - name: mac + type: group + fields: + - name: address + type: keyword + - name: policy + type: keyword + - name: profiler + type: keyword + - name: purge + type: group + fields: + - name: id + type: keyword + - name: rule + type: keyword + - name: scheduletype + type: keyword + - name: ep + type: group + fields: + - name: identity_group + type: keyword + - name: mac + type: group + fields: + - name: address + type: keyword + - name: error + type: group + fields: + - name: message + type: keyword + - name: event + type: group + fields: + - name: timestamp + type: date + - name: failure + type: group + fields: + - name: flag + type: boolean + - name: reason + type: keyword + - name: feed_service + type: group + fields: + - name: feed + type: group + fields: + - name: name + type: keyword + - name: version + type: keyword + - name: host + type: keyword + - name: port + type: keyword + - name: query + type: group + fields: + - name: from_time + type: date + - name: to_time + type: date + - name: file + type: group + fields: + - name: name + type: keyword + - name: first_name + type: keyword + - name: framed + type: group + fields: + - name: ip + type: ip + - name: mtu + type: long + - name: groups + type: group + fields: + - name: process_failure + type: boolean + - name: guest + type: group + fields: + - name: user + type: group + fields: + - name: name + type: keyword + - name: identity + type: group + fields: + - name: group + type: keyword + - name: identity + type: group + fields: + - name: policy + type: group + fields: + - name: matched + type: group + fields: + - name: rule + type: keyword + - name: selection + type: group + fields: + - name: matched + type: group + fields: + - name: rule + type: keyword + - name: ipsec + type: keyword + - name: is_third_party_device_flow + type: boolean + - name: ise + type: group + fields: + - name: policy + type: group + fields: + - name: set_name + type: keyword + - name: last_name + type: keyword + - name: local_logging + type: keyword + - name: location + type: keyword + - name: log_details + type: text + - name: log_error + type: group + fields: + - name: message + type: keyword + - name: log_severity_level + type: keyword + - name: logger + type: group + fields: + - name: name + type: keyword + - name: message + type: group + fields: + - name: code + type: keyword + - name: description + type: text + - name: id + type: keyword + - name: text + type: keyword + - name: misconfigured + type: group + fields: + - name: client + type: group + fields: + - name: fix + type: group + fields: + - name: reason + type: keyword + - name: model + type: group + fields: + - name: name + type: keyword + - name: nas + type: group + fields: + - name: identifier + type: keyword + - name: ip + type: ip + - name: port + type: group + fields: + - name: id + type: keyword + - name: number + type: long + - name: type + type: keyword + - name: network + type: group + fields: + - name: device + type: group + fields: + - name: groups + type: keyword + - name: name + type: keyword + - name: profile + type: keyword + - name: profile_id + type: keyword + - name: profile_name + type: keyword + - name: object + type: group + fields: + - name: internal.id + type: keyword + - name: name + type: keyword + - name: type + type: keyword + - name: objects + type: group + fields: + - name: purged + type: keyword + - name: openssl + type: group + fields: + - name: error + type: group + fields: + - name: message + type: keyword + - name: stack + type: keyword + - name: operation_counters + type: group + fields: + - name: counters + type: flattened + - name: original + type: text + - name: operation_message + type: group + fields: + - name: text + type: keyword + - name: operation + type: group + fields: + - name: id + type: keyword + - name: status + type: keyword + - name: type + type: keyword + - name: original + type: group + fields: + - name: user + type: group + fields: + - name: name + type: keyword + - name: policy + type: group + fields: + - name: type + type: keyword + - name: port + type: keyword + - name: portal + type: group + fields: + - name: name + type: keyword + - name: posture + type: group + fields: + - name: assessment + type: group + fields: + - name: status + type: keyword + - name: privilege + type: group + fields: + - name: level + type: long + - name: probe + type: keyword + - name: profiler + type: group + fields: + - name: server + type: keyword + - name: protocol + type: keyword + - name: psn + type: group + fields: + - name: hostname + type: keyword + - name: radius_identifier + type: long + - name: radius_packet + type: group + fields: + - name: type + type: keyword + - name: radius + type: group + fields: + - name: flow + type: group + fields: + - name: type + type: keyword + - name: packet + type: group + fields: + - name: type + type: keyword + - name: request_response + type: group + fields: + - name: type + type: keyword + - name: request + type: group + fields: + - name: latency + type: long + - name: received_time + type: date + - name: response + type: flattened + - name: segment + type: group + fields: + - name: number + type: long + - name: total + type: long + - name: selected + type: group + fields: + - name: access + type: group + fields: + - name: service + type: keyword + - name: authentication + type: group + fields: + - name: identity_stores + type: keyword + - name: authorization + type: group + fields: + - name: profiles + type: keyword + - name: sequence + type: group + fields: + - name: number + type: long + - name: server + type: group + fields: + - name: name + type: keyword + - name: type + type: keyword + - name: service + type: group + fields: + - name: argument + type: keyword + - name: name + type: keyword + - name: type + type: keyword + - name: session + type: group + fields: + - name: timeout + type: long + - name: severity + type: group + fields: + - name: level + type: long + - name: software + type: group + fields: + - name: version + type: keyword + - name: state + type: text + - name: static + type: group + fields: + - name: assignment + type: boolean + - name: step + type: keyword + - name: step_data + type: keyword + - name: step_latency + type: keyword + - name: state + type: keyword + - name: status + type: keyword + - name: sysstats + type: group + fields: + - name: acs + type: group + fields: + - name: process + type: group + fields: + - name: health + type: flattened + - name: cpu + type: group + fields: + - name: count + type: long + - name: process_memory_mb + type: long + - name: utilization + type: group + fields: + - name: cpu + type: double + - name: disk + type: group + fields: + - name: io + type: double + - name: space + type: keyword + - name: load_avg + type: double + - name: memory + type: double + - name: network + type: keyword + - name: tls + type: group + fields: + - name: cipher + type: keyword + - name: version + type: keyword + - name: total + type: group + fields: + - name: authen + type: group + fields: + - name: latency + type: long + - name: failed_attempts + type: long + - name: failed_time + type: long + - name: tunnel + type: group + fields: + - name: medium + type: group + fields: + - name: type + type: keyword + - name: private + type: group + fields: + - name: group_id + type: keyword + - name: type + type: keyword + - name: type + type: keyword + - name: undefined_52 + type: keyword + - name: usecase + type: keyword + - name: user + type: group + fields: + - name: type + type: keyword + - name: workflow + type: flattened +- name: log.source.address + type: keyword + description: Source address from which the log event was read / sent from. diff --git a/packages/cisco_ise/data_stream/log/manifest.yml b/packages/cisco_ise/data_stream/log/manifest.yml new file mode 100644 index 00000000000..e0bae293cd6 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/manifest.yml @@ -0,0 +1,63 @@ +title: Cisco ISE logs +type: logs +streams: + - input: tcp + template_path: tcp.yml.hbs + title: Cisco_ISE logs + description: Collect Cisco ISE logs via TCP input + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - cisco_ise-log + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - input: udp + template_path: udp.yml.hbs + title: Cisco_ISE logs + description: Collect Cisco ISE logs via UDP input + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - cisco_ise-log + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/cisco_ise/data_stream/log/sample_event.json b/packages/cisco_ise/data_stream/log/sample_event.json new file mode 100644 index 00000000000..f4524cb7412 --- /dev/null +++ b/packages/cisco_ise/data_stream/log/sample_event.json @@ -0,0 +1,184 @@ +{ + "@timestamp": "2020-02-21T19:13:08.328Z", + "agent": { + "ephemeral_id": "868c4a5a-ab3d-44f9-b28c-dd0da1bd08f8", + "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.3.0" + }, + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Stop" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/952729" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "priv_lvl": 15, + "start_time": "2020-03-26T01:17:12.000Z", + "task_id": 2962, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "cmdset": "[ CmdAV=show mac-address-table \u003ccr\u003e ]", + "config_version": { + "id": 1829 + }, + "cpm": { + "session": { + "id": "81.2.69.144Accounting306034364" + } + }, + "device": { + "type": [ + "Device Type#All Device Types#Routers", + "Device Type#All Device Types#Routers" + ] + }, + "ipsec": [ + "IPSEC#Is IPSEC Device", + "IPSEC#Is IPSEC Device" + ], + "location": [ + "Location#All Locations#EMEA", + "Location#All Locations#EMEA" + ], + "message": { + "code": "3300", + "description": "Tacacs-Accounting: TACACS+ Accounting with Command", + "id": "0000000001" + }, + "model": { + "name": "Unknown" + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Routers", + "IPSEC#Is IPSEC Device" + ], + "name": "wlnwan1", + "profile": [ + "Cisco", + "Cisco" + ] + } + }, + "port": "tty10", + "privilege": { + "level": 15 + }, + "request": { + "latency": 1 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 0, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": "Unknown" + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "data_stream": { + "dataset": "cisco_ise.log", + "namespace": "ep", + "type": "logs" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "elastic_agent": { + "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", + "snapshot": true, + "version": "8.3.0" + }, + "event": { + "action": "tacacs-accounting", + "agent_id_status": "verified", + "category": [ + "configuration" + ], + "dataset": "cisco_ise.log", + "ingested": "2022-04-15T15:33:23Z", + "kind": "event", + "sequence": 18415781, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "input": { + "type": "tcp" + }, + "log": { + "level": "notice", + "source": { + "address": "172.25.0.1:51632" + }, + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table \u003ccr\u003e ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=2962, AVPair.timezone=GMT, AVPair.start_time=1585185432, AVPair.priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxvne" + ] + }, + "tags": [ + "forwarded", + "cisco_ise-log" + ], + "user": { + "name": "psxvne" + } +} \ No newline at end of file diff --git a/packages/cisco_ise/docs/README.md b/packages/cisco_ise/docs/README.md new file mode 100644 index 00000000000..9e7295a4111 --- /dev/null +++ b/packages/cisco_ise/docs/README.md @@ -0,0 +1,498 @@ +# Cisco ISE + +The Cisco ISE integration collects and parses data from [Cisco Identity Services Engine](https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html) (ISE) using TCP/UDP. + +## Compatibility + +This module has been tested against `Cisco ISE server version 3.1.0.518`. + +## Requirements + +- Enable the integration with the TCP/UDP input. +- Sign in to Cisco ISE Portal. +- Configure Remote Syslog Collection Locations. + - **Procedure** + 1. In Cisco ISE Administrator Portal, go to **Administration** > **System** > **Logging** > **Remote Logging Targets**. + 2. Click **Add**. + ![Cisco ISE server setup image](../img/cisco-ise-setup.png) + 3. Enter all the **Required Details**. + 4. Set the maximum length to **8192**. + 5. Click **Submit**. + 6. Go to the **Remote Logging Targets** page and verify the creation of the new target. + +## Note +- It is recommended to have **8192** as Maximum Message Length. Segmentation for certain logs coming from Cisco ISE might cause issues with field mappings. + +## Logs + +Reference link for Cisco ISE Syslog: [Here](https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html) + +### log + +This is the `log` dataset. + +An example event for `log` looks as following: + +```json +{ + "@timestamp": "2020-02-21T19:13:08.328Z", + "agent": { + "ephemeral_id": "868c4a5a-ab3d-44f9-b28c-dd0da1bd08f8", + "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.3.0" + }, + "cisco_ise": { + "log": { + "acct": { + "request": { + "flags": "Stop" + } + }, + "acs": { + "session": { + "id": "ldnnacpsn1/359344348/952729" + } + }, + "authen_method": "TacacsPlus", + "avpair": { + "priv_lvl": 15, + "start_time": "2020-03-26T01:17:12.000Z", + "task_id": 2962, + "timezone": "GMT" + }, + "category": { + "name": "CISE_TACACS_Accounting" + }, + "cmdset": "[ CmdAV=show mac-address-table \u003ccr\u003e ]", + "config_version": { + "id": 1829 + }, + "cpm": { + "session": { + "id": "81.2.69.144Accounting306034364" + } + }, + "device": { + "type": [ + "Device Type#All Device Types#Routers", + "Device Type#All Device Types#Routers" + ] + }, + "ipsec": [ + "IPSEC#Is IPSEC Device", + "IPSEC#Is IPSEC Device" + ], + "location": [ + "Location#All Locations#EMEA", + "Location#All Locations#EMEA" + ], + "message": { + "code": "3300", + "description": "Tacacs-Accounting: TACACS+ Accounting with Command", + "id": "0000000001" + }, + "model": { + "name": "Unknown" + }, + "network": { + "device": { + "groups": [ + "Location#All Locations#EMEA", + "Device Type#All Device Types#Routers", + "IPSEC#Is IPSEC Device" + ], + "name": "wlnwan1", + "profile": [ + "Cisco", + "Cisco" + ] + } + }, + "port": "tty10", + "privilege": { + "level": 15 + }, + "request": { + "latency": 1 + }, + "response": { + "AcctReply-Status": "Success" + }, + "segment": { + "number": 0, + "total": 4 + }, + "selected": { + "access": { + "service": "Device Admin - TACACS" + } + }, + "service": { + "argument": "shell", + "name": "Login" + }, + "software": { + "version": "Unknown" + }, + "step": [ + "13006", + "15049", + "15008", + "15048", + "13035" + ], + "type": "Accounting" + } + }, + "client": { + "ip": "81.2.69.144" + }, + "data_stream": { + "dataset": "cisco_ise.log", + "namespace": "ep", + "type": "logs" + }, + "destination": { + "ip": "81.2.69.144" + }, + "ecs": { + "version": "8.0.0" + }, + "elastic_agent": { + "id": "882c1c63-68d0-49f9-8411-0e89960d3b00", + "snapshot": true, + "version": "8.3.0" + }, + "event": { + "action": "tacacs-accounting", + "agent_id_status": "verified", + "category": [ + "configuration" + ], + "dataset": "cisco_ise.log", + "ingested": "2022-04-15T15:33:23Z", + "kind": "event", + "sequence": 18415781, + "timezone": "+00:00", + "type": [ + "info" + ] + }, + "host": { + "hostname": "cisco-ise-host" + }, + "input": { + "type": "tcp" + }, + "log": { + "level": "notice", + "source": { + "address": "172.25.0.1:51632" + }, + "syslog": { + "priority": 182, + "severity": { + "name": "notice" + } + } + }, + "message": "2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table \u003ccr\u003e ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair.task_id=2962, AVPair.timezone=GMT, AVPair.start_time=1585185432, AVPair.priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }", + "related": { + "hosts": [ + "cisco-ise-host" + ], + "ip": [ + "81.2.69.144" + ], + "user": [ + "psxvne" + ] + }, + "tags": [ + "forwarded", + "cisco_ise-log" + ], + "user": { + "name": "psxvne" + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| cisco_ise.log.acct.authentic | | keyword | +| cisco_ise.log.acct.delay_time | | long | +| cisco_ise.log.acct.input.octets | | long | +| cisco_ise.log.acct.input.packets | | long | +| cisco_ise.log.acct.output.octets | | long | +| cisco_ise.log.acct.output.packets | | long | +| cisco_ise.log.acct.request.flags | | keyword | +| cisco_ise.log.acct.session.id | | keyword | +| cisco_ise.log.acct.session.time | | long | +| cisco_ise.log.acct.status.type | | keyword | +| cisco_ise.log.acct.terminate_cause | | keyword | +| cisco_ise.log.acme-av-pair.audit-session-id | | keyword | +| cisco_ise.log.acme-av-pair.service-type | | keyword | +| cisco_ise.log.acs.instance | | keyword | +| cisco_ise.log.acs.session.id | | keyword | +| cisco_ise.log.active_session.count | | long | +| cisco_ise.log.ad.admin | | keyword | +| cisco_ise.log.ad.domain.controller | | keyword | +| cisco_ise.log.ad.domain.name | | keyword | +| cisco_ise.log.ad.error.details | | keyword | +| cisco_ise.log.ad.forest | | keyword | +| cisco_ise.log.ad.hostname | | keyword | +| cisco_ise.log.ad.ip | | ip | +| cisco_ise.log.ad.log | | keyword | +| cisco_ise.log.ad.log_id | | keyword | +| cisco_ise.log.ad.organization_unit | | text | +| cisco_ise.log.ad.site | | keyword | +| cisco_ise.log.ad.srv.query | | keyword | +| cisco_ise.log.ad.srv.record | | keyword | +| cisco_ise.log.adapter_instance.name | | keyword | +| cisco_ise.log.adapter_instance.uuid | | keyword | +| cisco_ise.log.admin.interface | | keyword | +| cisco_ise.log.admin.session | | keyword | +| cisco_ise.log.airespace.wlan.id | | long | +| cisco_ise.log.allow.easy.wired.session | | keyword | +| cisco_ise.log.allowed_protocol.matched.rule | | keyword | +| cisco_ise.log.assigned_targets | | keyword | +| cisco_ise.log.auth.policy.matched.rule | | keyword | +| cisco_ise.log.authen_method | | keyword | +| cisco_ise.log.authentication.identity_store | | keyword | +| cisco_ise.log.authentication.method | | keyword | +| cisco_ise.log.authentication.status | | keyword | +| cisco_ise.log.average.radius.request.latency | | long | +| cisco_ise.log.average.tacacs.request.latency | | long | +| cisco_ise.log.avpair.disc.cause | | long | +| cisco_ise.log.avpair.disc.cause_ext | | long | +| cisco_ise.log.avpair.elapsed_time | | long | +| cisco_ise.log.avpair.pre_session_time | | long | +| cisco_ise.log.avpair.priv_lvl | | long | +| cisco_ise.log.avpair.start_time | | date | +| cisco_ise.log.avpair.stop_time | | date | +| cisco_ise.log.avpair.task_id | | long | +| cisco_ise.log.avpair.timezone | | keyword | +| cisco_ise.log.called_station.id | | keyword | +| cisco_ise.log.calling_station.id | | keyword | +| cisco_ise.log.category.name | | keyword | +| cisco_ise.log.cisco_av_pair.coa-push | | boolean | +| cisco_ise.log.cisco_av_pair.cts-device-capability | | keyword | +| cisco_ise.log.cisco_av_pair.cts-environment-data | | keyword | +| cisco_ise.log.cisco_av_pair.cts-environment-version | | keyword | +| cisco_ise.log.cisco_av_pair.cts-pac-opaque | | keyword | +| cisco_ise.log.class | | keyword | +| cisco_ise.log.client.latency | | long | +| cisco_ise.log.cmdset | | keyword | +| cisco_ise.log.component | | keyword | +| cisco_ise.log.config_change.data | | keyword | +| cisco_ise.log.config_version.id | | long | +| cisco_ise.log.connectivity | | keyword | +| cisco_ise.log.cpm.session.id | | keyword | +| cisco_ise.log.currentid.store_name | | keyword | +| cisco_ise.log.delta.radius.request.count | | long | +| cisco_ise.log.delta.tacacs.request.count | | long | +| cisco_ise.log.detailed_info | | text | +| cisco_ise.log.details | | keyword | +| cisco_ise.log.device.name | | keyword | +| cisco_ise.log.device.registration_status | | keyword | +| cisco_ise.log.device.type | | keyword | +| cisco_ise.log.dtls_support | | keyword | +| cisco_ise.log.eap.authentication | | keyword | +| cisco_ise.log.eap.chaining_result | | keyword | +| cisco_ise.log.eap.tunnel | | keyword | +| cisco_ise.log.eap_key.name | | keyword | +| cisco_ise.log.enable.flag | | keyword | +| cisco_ise.log.endpoint.coa | | keyword | +| cisco_ise.log.endpoint.mac.address | | keyword | +| cisco_ise.log.endpoint.policy | | keyword | +| cisco_ise.log.endpoint.profiler | | keyword | +| cisco_ise.log.endpoint.purge.id | | keyword | +| cisco_ise.log.endpoint.purge.rule | | keyword | +| cisco_ise.log.endpoint.purge.scheduletype | | keyword | +| cisco_ise.log.ep.identity_group | | keyword | +| cisco_ise.log.ep.mac.address | | keyword | +| cisco_ise.log.error.message | | keyword | +| cisco_ise.log.event.timestamp | | date | +| cisco_ise.log.failure.flag | | boolean | +| cisco_ise.log.failure.reason | | keyword | +| cisco_ise.log.feed_service.feed.name | | keyword | +| cisco_ise.log.feed_service.feed.version | | keyword | +| cisco_ise.log.feed_service.host | | keyword | +| cisco_ise.log.feed_service.port | | keyword | +| cisco_ise.log.feed_service.query.from_time | | date | +| cisco_ise.log.feed_service.query.to_time | | date | +| cisco_ise.log.file.name | | keyword | +| cisco_ise.log.first_name | | keyword | +| cisco_ise.log.framed.ip | | ip | +| cisco_ise.log.framed.mtu | | long | +| cisco_ise.log.groups.process_failure | | boolean | +| cisco_ise.log.guest.user.name | | keyword | +| cisco_ise.log.identity.group | | keyword | +| cisco_ise.log.identity.policy.matched.rule | | keyword | +| cisco_ise.log.identity.selection.matched.rule | | keyword | +| cisco_ise.log.ipsec | | keyword | +| cisco_ise.log.is_third_party_device_flow | | boolean | +| cisco_ise.log.ise.policy.set_name | | keyword | +| cisco_ise.log.last_name | | keyword | +| cisco_ise.log.local_logging | | keyword | +| cisco_ise.log.location | | keyword | +| cisco_ise.log.log_details | | text | +| cisco_ise.log.log_error.message | | keyword | +| cisco_ise.log.log_severity_level | | keyword | +| cisco_ise.log.logger.name | | keyword | +| cisco_ise.log.message.code | | keyword | +| cisco_ise.log.message.description | | text | +| cisco_ise.log.message.id | | keyword | +| cisco_ise.log.message.text | | keyword | +| cisco_ise.log.misconfigured.client.fix.reason | | keyword | +| cisco_ise.log.model.name | | keyword | +| cisco_ise.log.nas.identifier | | keyword | +| cisco_ise.log.nas.ip | | ip | +| cisco_ise.log.nas.port.id | | keyword | +| cisco_ise.log.nas.port.number | | long | +| cisco_ise.log.nas.port.type | | keyword | +| cisco_ise.log.network.device.groups | | keyword | +| cisco_ise.log.network.device.name | | keyword | +| cisco_ise.log.network.device.profile | | keyword | +| cisco_ise.log.network.device.profile_id | | keyword | +| cisco_ise.log.network.device.profile_name | | keyword | +| cisco_ise.log.object.internal.id | | keyword | +| cisco_ise.log.object.name | | keyword | +| cisco_ise.log.object.type | | keyword | +| cisco_ise.log.objects.purged | | keyword | +| cisco_ise.log.openssl.error.message | | keyword | +| cisco_ise.log.openssl.error.stack | | keyword | +| cisco_ise.log.operation.id | | keyword | +| cisco_ise.log.operation.status | | keyword | +| cisco_ise.log.operation.type | | keyword | +| cisco_ise.log.operation_counters.counters | | flattened | +| cisco_ise.log.operation_counters.original | | text | +| cisco_ise.log.operation_message.text | | keyword | +| cisco_ise.log.original.user.name | | keyword | +| cisco_ise.log.policy.type | | keyword | +| cisco_ise.log.port | | keyword | +| cisco_ise.log.portal.name | | keyword | +| cisco_ise.log.posture.assessment.status | | keyword | +| cisco_ise.log.privilege.level | | long | +| cisco_ise.log.probe | | keyword | +| cisco_ise.log.profiler.server | | keyword | +| cisco_ise.log.protocol | | keyword | +| cisco_ise.log.psn.hostname | | keyword | +| cisco_ise.log.radius.flow.type | | keyword | +| cisco_ise.log.radius.packet.type | | keyword | +| cisco_ise.log.radius_identifier | | long | +| cisco_ise.log.radius_packet.type | | keyword | +| cisco_ise.log.request.latency | | long | +| cisco_ise.log.request.received_time | | date | +| cisco_ise.log.request_response.type | | keyword | +| cisco_ise.log.response | | flattened | +| cisco_ise.log.segment.number | | long | +| cisco_ise.log.segment.total | | long | +| cisco_ise.log.selected.access.service | | keyword | +| cisco_ise.log.selected.authentication.identity_stores | | keyword | +| cisco_ise.log.selected.authorization.profiles | | keyword | +| cisco_ise.log.sequence.number | | long | +| cisco_ise.log.server.name | | keyword | +| cisco_ise.log.server.type | | keyword | +| cisco_ise.log.service.argument | | keyword | +| cisco_ise.log.service.name | | keyword | +| cisco_ise.log.service.type | | keyword | +| cisco_ise.log.session.timeout | | long | +| cisco_ise.log.severity.level | | long | +| cisco_ise.log.software.version | | keyword | +| cisco_ise.log.state | | text | +| cisco_ise.log.static.assignment | | boolean | +| cisco_ise.log.status | | keyword | +| cisco_ise.log.step | | keyword | +| cisco_ise.log.step_data | | keyword | +| cisco_ise.log.step_latency | | keyword | +| cisco_ise.log.sysstats.acs.process.health | | flattened | +| cisco_ise.log.sysstats.cpu.count | | long | +| cisco_ise.log.sysstats.process_memory_mb | | long | +| cisco_ise.log.sysstats.utilization.cpu | | double | +| cisco_ise.log.sysstats.utilization.disk.io | | double | +| cisco_ise.log.sysstats.utilization.disk.space | | keyword | +| cisco_ise.log.sysstats.utilization.load_avg | | double | +| cisco_ise.log.sysstats.utilization.memory | | double | +| cisco_ise.log.sysstats.utilization.network | | keyword | +| cisco_ise.log.tls.cipher | | keyword | +| cisco_ise.log.tls.version | | keyword | +| cisco_ise.log.total.authen.latency | | long | +| cisco_ise.log.total.failed_attempts | | long | +| cisco_ise.log.total.failed_time | | long | +| cisco_ise.log.tunnel.medium.type | | keyword | +| cisco_ise.log.tunnel.private.group_id | | keyword | +| cisco_ise.log.tunnel.type | | keyword | +| cisco_ise.log.type | | keyword | +| cisco_ise.log.undefined_52 | | keyword | +| cisco_ise.log.usecase | | keyword | +| cisco_ise.log.user.type | | keyword | +| cisco_ise.log.workflow | | flattened | +| client.ip | IP address of the client (IPv4 or IPv6). | ip | +| client.port | Port of the client. | long | +| client.user.name | Short name or login of the user. | keyword | +| client.user.name.text | Multi-field of `client.user.name`. | match_only_text | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | +| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.image.id | Image ID for the cloud instance. | keyword | +| cloud.instance.id | Instance ID of the host machine. | keyword | +| cloud.instance.name | Instance name of the host machine. | keyword | +| cloud.machine.type | Machine type of the host machine. | keyword | +| cloud.project.id | Name of the project in Google Cloud. | keyword | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | +| cloud.region | Region in which this host is running. | keyword | +| container.id | Unique container id. | keyword | +| container.image.name | Name of the image the container was built on. | keyword | +| container.labels | Image labels. | object | +| container.name | Container name. | keyword | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | +| destination.port | Port of the destination. | long | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| event.dataset | Event dataset | constant_keyword | +| event.module | Event module | constant_keyword | +| event.sequence | Sequence number of the event. The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. | long | +| host.architecture | Operating system architecture. | keyword | +| host.containerized | If the host is a container. | boolean | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | +| host.ip | Host ip addresses. | ip | +| host.mac | Host mac addresses. | keyword | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | +| host.os.build | OS build information. | keyword | +| host.os.codename | OS codename, if any. | keyword | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | +| host.os.name | Operating system name, without the version. | keyword | +| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| host.os.version | Operating system version as a raw string. | keyword | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | +| input.type | Input type | keyword | +| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | +| log.logger | The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. | keyword | +| log.offset | Log offset | long | +| log.source.address | Source address from which the log event was read / sent from. | keyword | +| log.syslog.priority | Syslog numeric priority of the event, if available. According to RFCs 5424 and 3164, the priority is 8 \* facility + severity. This number is therefore expected to contain a value between 0 and 191. | long | +| log.syslog.severity.name | The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. | keyword | +| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | +| network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | +| related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword | +| related.ip | All of the IPs seen on your event. | ip | +| related.user | All the user names or other user identifiers seen on the event. | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| source.ip | IP address of the source (IPv4 or IPv6). | ip | +| tags | List of keywords used to tag each event. | keyword | +| user.full_name | User's full name, if available. | keyword | +| user.full_name.text | Multi-field of `user.full_name`. | match_only_text | +| user.name | Short name or login of the user. | keyword | +| user.name.text | Multi-field of `user.name`. | match_only_text | diff --git a/packages/cisco_ise/img/cisco-ise-logo.svg b/packages/cisco_ise/img/cisco-ise-logo.svg new file mode 100644 index 00000000000..43f57cb7fee --- /dev/null +++ b/packages/cisco_ise/img/cisco-ise-logo.svg @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + diff --git a/packages/cisco_ise/img/cisco-ise-screenshot.png b/packages/cisco_ise/img/cisco-ise-screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..bda562ccabe5c72bf59f88fae07e5333de238a4d GIT binary patch literal 19634 zcmXtA2T&8=*WFM<57GiimyQqw5$Qw)3AiRO=QrPcGnv_xo!$4|efQpT?me4uO?71oQYKOW04ScTJVgQk9_}sB2>$QT_l!Ld zcffanKi2|-!7~dQ^8mmOJb$XF<(aK_-%ua9*5Ek@mD*})hL zN`W8H1OU`H)2R&?;MsQ)^ytiRdKca|KssXp0_W_AP?O#UkLw}|4K@}Gwi`|-&34s+ zR;U=luFE9yym8LHCWu{Uv)P}SnG~?Q=FA=lCf5t;8rZH|?fQG#>dg*t^zl{M&N$tT zgeZZXIGFDb!qlE7ud2cs#e~p>Y$^x}3mw!KHkD2_3mwuhHWdqIsym3h2Y zcXo^>pY5f-0C*;!O+^9CNN?wzthj{3a{I`A zfOwy6$DmUNK)<;f?;jE9jGB;L%|HX-OokQ4u9CIExZ+gAnFyQjCy7}gExa3JNncsq zvG#0SvmZU|n3gD9B}4O@^RO?TbIR}$w&T7EG#+HYq$~uU1(MI`f7w%L9lb|KI%CM5 z*NSF>RyY=*nZPdx8BpMy5WGb~JPyQ{9N;qWX)?97N^q+ocRS<`ZYH8&6a6o!UdJWS zn}tGhpA~;RT4Ojxr8>aALC8!vUkZSde`Fec{cRmZ4|JjlZIl_@FLl!{0?A`2IW`D4 zB^upbO&-Bl*LGM6wHD%#aB1aG7+3o|9$qQTBpD`5%RovKB1-mS@ea7Q44700#7e#~ zQ|Ch~6!=6S$(n62vvM6F`gqcZGoYCrTO$47ZIr68l$|^Tj%Ute-pNJD`_o=B&aExH z)PUiXSv`hRp@aqqWA7UuklQ&K92aB#_*Qx;!-+MMR%ER*_`|?nE>RL>PhDC^njg&s zN?Le61-sg#B#GT52y??bBLbN=098>aid@s{WFy|@zMZEOTF3J)#_f?I2(XCUm->lH zTHY_P3ML<^D`)IFCof*qq`t6#CR{leGPZNNpYZSTS;!n;bY;#;2rZBfGJo87xo;#YsAEvZJVtNwZ(mQ2;2 zYu9I}@t`q>hlla;qgZFGVOiIb(*Plyk10y?ghB4ycS~}!ySIBI^9qUfH?l(ge<&dCepYFl8lSBt(!^ekhFBE~l^Hg8 zxm*q97;I4VYd0R&%nAM@tJ0OtP$!nrG3eJ&Q%gi}Pq@Vw-s65s${3*pQyQi5&;zx9 z&ggwbWM8|GlvwcgUiYt%qN43;Msvd=#gy`G^|bzcJ;R0yonLvc^n~BKEnQG36`IU! z-g5fZOxfNSTIR51__*9%i(LrZqC5$*5NyN^GSs2CxKx6v-&UgSaaNj9a%M{RDjD)) z7|lxrV~8RaqYuW#A^39&1J6wg+6p0d`SX3M+wD33_h&<2(o=gsb$XPkvC8`k@1^!@ zFSQ&08;AEle@7%%sNEp$u}qwG-gVoxtygpRgM=le;G`$=<^At3{g-pHQ}XCW0UCJY+%2o(3W zYTqyJpCuGc^eiJ}SdDZIO)#$oAF`4tDJj)1BKZ050nVF;hO#%E%&YPI8%`&MF%4G@ zWqu}W|00|Vw=^Au;x0~(1$jea{xo{|xxR~J+BvpSRUSweq803Nc6I(P?(S>roPQ>N zeNYg*X^@s4)q4Ri?AeUc;W;12t_NJi_^+%W4zEQoE@}oJnXb2$qjUy-|K4~ncUm~n zbi17&BQp2X_nfOxis%4U)hWxLUE4s0X7i)#T=M42-g^;}>zFP$W)epr$j`QKGM8JU;ZGOq z=X{RWhTFio@N!ESPl7;_;JT|4KNiFJpIdXFBcIyx2QRe$aj)0mC#PbO5|={2KL3nk zeVn4g6Ma|CmdQdWg^`)5Ir&*dEmsi#)BY#9x$9bg!YE-)e>nGZw8S5J_nl66DG{S- zhjqwbt*$K$=XR+p7M1GUlZA=PNMuH(C=@TmQO_}iI+usn{@nB9z4MS!@9obhuBE~+ zUK@QWdPxH_`*|$S5#3AlVq7H6TYHl#^MY^=>DZ`e#f60(uL`11>uNlL*}*(J>hz=? zx7UwuUkh!>9QIA6q&&8Ob(I&5O`k1@a^xXV{N?vwflX%O5(~a2B($_V$!&XrPWk?t zS>2@{wQPTmrXC~u6zubV@s!U>WB$@)x0*j zwgxp;)lTXfOxH{P8P^x7BxE{O-u8arnR&^2{8sbO&|Wr%Z+(7hY-KnHLu?_C5H2mA z*n<^H7O9bW(?R}DXS}_nD3|xI21MTH;`e#Y9KwR=bND@QFsML`vH57oSR26S_&yc+ zdKeM; zYo;aZP?I<`tj?aI*f=JFJMNDxCmH%Gs!Z9}_x1`R zdxnRp2M-y=IHRNJleA6CEyWjQe0@?4+a4=}LF|NIhb`$MxI5RH6$T#EJeshkqy?=) zIdCYh-=g<4hjk95;k;<7RBGx=6%GN0hs zhF5u0PrkXe1tB*s17nc_&lThWapsUvt8W%$`~WH74*?V!);WhnE`3-CQNU;Fct|AV z6OvF7FkT-m00D$3(T|fMyTm|qZ7eddvF;%-6i)i8JS>=`6AA)eBZ7O;X4IQ4M&n!e zwN_nI^FbF!RuZkjng~&)Czmm-tf~EIQ4pfg?J<$KUl1F?2eQdnPI&J6{A41Mlw*h{ zpkMm~Dl{?Rps49WgwH(D9IsihtT8_?J^6yXEgsomA`ix zQ8dPh{%!3xQ|;rYvrET8&?$LE0w4e}S?yqdirdzQaBp!m&t4o!#s4!%CFu6epe|6TZCx%bWIVM{DBBQ34Td0C*< z)7e@|oHLlA*h)7T&cPHVW4r2;iyzmCW7D%3lxO4pjCrWCqMN-DJ%9Tok_g4aFZK2HMMg&dJYUh1zaGtM z2m2lB&8cHQIW)Pn9A543KSB1?)&>U#Zi!r98%@%x{;c4`{`J4~<%xgneFOu<(@OLu z4i_Ute9r}q+-zs4K0M_#`tBPs;B z(b+#E@4a*%fZqMpFCui~&~%_dk`r*#(In%t@*4*gDyD3O=wBnotdG^Cj>($#TpDEZ zGP0*^|NeAaJuA;mQDXuS*n|D0E{zPC{e-3qCXV*+YMqg$9O@FyVm#Ii2?7@Cfj zago5wP&g?g%cxRl)UDy#`;-{f-Cd|uaeg#a0FP(yl>Es#^ykX-L0p&;3y_?V(Yx%d zs;Vj|Skx86W>c+eUrzx91qD5_|9h8_@i{lmIo!$8(b(IfTDL^*bgNeIO{uKgiCT&7 z6EGcVhZ;}DAVV~Z^oVVh^VC*`G)?K|RCPvo9u}hrDPB2b^IY%X_1)Y3=>me}y|S9H zGlOqbT{J6D0!;lY>#ul8rqWNcMfR?Y?d=1R55&cx!ua=TKRPs?k4K0!!X7?+C?lgU zkdQn4E1af_m$%?S%F$6@@v2w%Q_ef#DmWV+dtXnv3?5xbx@WRoul1{l-*LJ-M6g(@lA98WI`PJ|EsNQ)o<7!X@c*~B5FFg0CGb`tftZL0 zD0H8Zb-J3o2zI|rW}nA8KctWNTzlT}?m^BHa1pIk(eUkuC6m%AD0|q|N@6C;BA!fC zJa*IxNPST`ZC|UeioF8`KA=u@V^+#@2+SfAK9rKE8kw8xUKEyure-#_mQ!4Vc%&&?-0aCc(E~FoP&|_ zIw0ue(^rLqw345%RH`qHz2Pgwart+8M4e~93*#HK^QK&&L|8Nm7nhk|ex*^S9bg;_ zk}sJGBG3nOfY##+rigmQ$9oj4#nTqj$%H|utBtZ7rq1^2`@k1%n`P&>{8p(JRk~?e zMmqZXx^E4t)Oy_v(6CNR6O%Z|2hl=po9bD%g$_`5WTb7kTX8zAL7i(y^)~w+ z4j`pDG{pCsQ^VzbuPGuSsP95W`lT2IcbjqM>WdfslGMZ;T169&S0l@jh5CH7LcMjq z%ewX3ou)52-ZdCj2o-4;X{f8OI!}=?h};(`g&p6Bal6Z zzN6y&K-j}aahUJAB?k5WZBBO){M@u=SB<9`mj_0E_cIWjXwEorZl$3ElqfATQ`Tig z>qnh?jF^P`moaPJJK@$k_F!6t`W0|3g^TTK}gBigybKtGT!mz^I|y{V`} z?!PUI5~YvnY9suE(d_*`UE+?_FC1gSMJaO(DZfURl+*e_)qeTQHkjn<-1Sb;lr0Z^ z)WAT0N{H9i*~s;N1F}fLgAZ+w@XWA z6Apih$2MTGGYt(}PD9hPL3n&K8*2Z|$}KCV?y@nvaH^MRM|3U8%ukfgowaub*qZq7 zuMKml_V$K*{?rmk$$$LdLAn~Zj~65+a(gloX8>Hn(kU53cHhKa8|RUi+5I-aPwlsW zz=0>_I+fZ*T{NPDhh+x!H*?oltMm+s(RUx~3(?>2)$LyuTNiJcbmGLn+-Le`7lGWU z+nH}xD62Xmk1WT0D37KB0Lj(HT?z^c-F!xkcEv({VP=A>U0+FL$(UZhHcxz`*XF>l zUz!35wD8Gjzl)>iGv62YCC$aDV^+z6TLJ@ZC0v$!ssaP`Ymtw=4t~tIa}BFBXvZjV zAqvfuVn4Hg+*v6(dhbb(A$Hi`(Is70r5vov1&YScNOM_Evp&m=_y8`j7;KgcTpBx zyPT8?{8c|HWu(4G&{eZZ)z59OH}Smly9*r1G);Jm$57;=A>;_J#?tnpDLgzhWECE! zTyhc!nI5Z`2V{;`N_THGLWY{DOztXJa@khOU{7AJG{Z^~FxIy$TI~`LrEkJ+&vVy< zv3Qg`qyUEk;2aRO(Df|vGkTKVrs~h$9LMGEhQI#F^6b3RO91+$U83H~lpjSJ_3LH9 zdpFd>T|9owCsG(`67Y-*2O@VA`AP7eGm^YASTEA6VC8=e<$yLi=C}n+h6XNO9%TQ3 zAbVcK*X^mWIsV+e#`no;q;Gl!ja-*R*{!?xDzfsz!8jhS3H+-w6gS0JsM4($b9xm2 z{1yDVxd5F%%Foe$aPZM8rNqL<81|;*H?r^^`>#9?kJ=r|2cn`RK(AoY(o$&jUDn;I z^o*QWThI9?4xjMujf@=hSj(lTXnjqGXd*>hGFO}St}X=p_oa#83%92NAD-pn!h@(1=DSLJN?MwS?F>vuh)FP^_mC_C_tKDc^R}=!DHJPM zSz%aNWw7mia6kSfeU#FF9~tPgq+F~m+;?z4ui`$htZ+q}!4mr|ptBu!D5b-Yu?QZ) zF{&4V;%@S z7_$^lKt`LDm97vIIU{>~8)JKyKXv<)vZtn}vi>sPJPz5O?7qHp@!P%O{G1Rm^~>=+ z;}?jjwY9gc?bgn0eOEL~m5^XD8mmC9HnL6&{Q2p1d9)s1<1qKwZQ~yNi;mE9etvA@ zE)^vu&|IQdqmfZ}8VJw%g6UcQKBjx0I_C5wmMt#4K0cSL4M$$$yPr~ST&y6fb}s#! z&o9iggW=_~_R40%&V}jf1zfm9cNE0dxPL%why#AitgIiOa(0*&j#*Ddv&3|?!2>TN zXKHryM)~Kc?sl!0T~1Oip5tQG^Y*0$e0I82l(-){8h=OzFrZR61nQgsTA*siUfi^1 zR$;ro-4x1EyQ^;k<>-A!go_25U$@Wmtt$TnvG!4?wpFgi8{0BzeT}955faFFU8@eS*(fkNW^oPiLFsqW7jhed;mZ*%93pV zzUkcj*+R@TOM+{xOdvX}mW-P?^R$@T4E^MF8~|L+m-W{)K5pgfr>tLS3~m)XGm0TI z)8e-~9=6qZ1c}7U)}9&bp1+`MGe+Oh>~U*=CHh!cbW(jtNvU;}qH{_=Kkv{8xQK5^ zoWjRJ)PJ*uzB!H;M}=Bh_ljqoeB~9u=QeUE!`|Vo`*m^vIj{v3JllRRRZ(xRJ)($L+MX>DQ(Uf7)nrwcH{u{^#H~$y?+UQu*eqt2m zUvVe->^dGpzYB4_HMJ|cwf&qaM2*&6LR9r;=jUnSq4(cllmKSaE75$-bx4XuyjYc( z1q=fGanv2XHJC@4>haGP3@L8E&2!@`P!H;Hd> zjx2Xm&X$&%8m*N3rqobcMlP|}+@;pmfqPc~QAoxhj1^mdH0QfInsxC`h<>~3^IynH z*lQ_zg+m1x;CZ8{!8IBKQ-ZYsU-d@bg6_q4<3PB+u*>B*+FZ{c@~6=+^ub36taBh! zw&Hv0Zpqdx5eG(vhse1$CSZ#T2Ti>17rb{I0I`G75aODx@D+c}X?{9o5XzbvE%M_Mf_p5VOf@> ze6VPS)=u7%}e{oO&<|LAEUNnSevOO;3dN3?s*p8 zy9HVuki`e~(jBpu-Ve z=la>5s>Docp0Exb-k?$2C%92fECQ8O*=!t8u1J7(^=>nO3JVxXSgg-=sKeDi4S!R%`fIFKmA7n`h?<(3|J4%PIxbRE6NRd{0W_`FtdyO6 z>5OP60JkdxTq9)NvgXQl`cAJ*%PYTsudA%|wY04qvp+}VxGxjTabZCaT=iu$>J_g>rS5&idbyeM$^Mc2JJ)xTxL&R2POVGB_=p*pTWUCB z1@uRdv}|4E3Px$XR2%U$U8NlajQ(7uQ7?D}7|)E;Xio|%DTRR8?}Q)es)&fb7`Jwc zj6DHaR)23HWx?!H}&B#}*M>M?;QsGayS9ern!8N;VLJM5|A1&k{ z$aRwg8pyROGGQ$Y3^=1!P#CZQM8N3KF>pbJZM}^%fi{ePo^nAavgNygtg6lJw6ixs zM}msY6L(}c_%kiU7DiC^?M+G*nJ5om;MAGK@`7yIEBsYp^*nB437^m*SMf${@i{V{ zK7itEDc^FBoFK@rq1fn9c>gCZivBljvnTAy=GI)!w>f#Fen5Vqfn;hwG?SFHu1qf-0@D?W=%D`KNL)T+&mxR2j?0=9;PYUcu;NQuf2K4JIeLI6&h+m zhS3DFi^YaVEyr`m58AES6q;IVW2cF;YpEis0fh_#My7tEA8VeFCp57VoTqG&A@R~! zL2v8ok$n(&8-K_aAB!1!$c7q{L&*`C5aiHllpT)Rwz&BLu?XBmW>DkSa8m$QMU_nz z2j?#YVuja>rx20?d}FwYNbnWroq&!W>WA%Z8{*E^%hCF8^1%_&#G-11IZ?l^iOs~1 zKx-c}Q%lf{>_3LMIUde5^HCIlp{;p%ss8vmdjZ)OEJhWCgNGcx(!WK*QcH>(=r_E9 z>yHrRa}rc5-5f5+x2{1D{NsoC{q%X5w_<(&uLaODN!1}AN>Q=Ch_L^xjNQap1ajd| zjrz|toc~35lDpb5qel$?rCxxJ=Vr`uoF?SlQP{PLs$Uzbw~9Y>#QnwW7nw$$QUxmu z>lZItoS}`VWylYnV%CUJ7GgP6C|6{swK#LE4aefb{E&9*%@Y+y;kl6<+5Gb5a2j@<~bq=KGWn76Y#Wy)z4P;T@DvR@*G?5{q%~Et|3qg}O zDs-&jQo$6$!wX6TJegCxfD}p{1K@Goidw+CSUCtb|MN|x{T|5jf{H`R0g#$2vk<&! zEb{`GeSuO#mA|1dC6e)nfe&YBQc;qt$p4l;d(#hi%8S{3Qb!~6pIy0y4g#r1YW*M1 zI1dtM@3LQmcYj|hNiEdlMsOGS?_Ta;{$~@!*)%<;TsB20O!V=DEmmy*&BfxlZ4h$v zW9z2A!ZmpN3}6Qz;VV=y4m@7-22w8-x~14q1KdL~*#lJXpwqbRsRq3b7VX4sxv6L$ zIRJ6Yl6N}~SK+3{i>#zls7U!X^r%JWzY(rq0DNn~|NOwKcWKeVzz>|ABskGOR`G^# zgOQRNzpX+#K{@iox=t7>T*w?6{DxtS96J2hz>w|y#<5<_&YxuyS>V69{p+t05f;Ax zY8;o3sNo^%#ItYOP2(7hJk|MwA+6AL+rO#DqbwyF=f$%HR{`!k z@`>=A<%FM`=TCwj6U?83uxQ9<%)vE#gsuwpX~_d~|4mNdy% z(;;fGIE1q>H22*1Ibr}xgQWQP;6sE0IOruh76K0&P$y)7BZ6Kkgt_Eka5w*;sZcXZ zo!v}@7b%K;%1=j-4!Ij0%09m^`xMdfxBz1uiN%0+ceD6uY0|>Rpr>}twJcU2T)mtg5@h`(sdSqbPz!pFB@O<*qyrB_MYuko z_D3SDplbZw*o~8!x<;g8bHc{SScCte44YXWbp42#go;>S-WUz}m_Q&hIq48-`e*%7 z{L9MPIRb`*96Sh6--H_I_RdBPsPFO`_ga#Cn9sq}A1uJ>aFPOllmXSt(+m14*vM^> z$>`njQ?}g?bnpj=-UI=&J||l(fj4RW7DZ!=>7lA!0Q+6eoJ$pc&95`sh?encEmB(J zNYHOxW)KQP3PEo|^0dHiiM*0vhF!pz~U6&ICzU@A9D8s)zz54P;?%p12 zt)IifnXZdV{hj|_lt?)K-Cp$vtP}tI zYbhNa1Y6P9O|(j-=RuRLPga{Sfz5=q+MUQp0W?}GF3b!Xf~QIPn7Ru_o`Wm@IN7$r zerQ2yX38l>!9VgaQ`P3lA#C7I^4{v?7GGiVwo0M+2lS3sDfw0@=n<6a%y%_hm5*Ro z9cAUnFPc9?1|#p?0K;C4>eCp{RGYxiVOqv-6HS;<-;l;r)h)?z6;QQZ#DjbQ)LL!# zsxuESGTeLyBg#RS)AwDd6Uy+h{M!qBVTv}`3tWLR7{{5#U%C( z)>8sNdx#o9fnx1uFyHq;@1aBtpNDN-IG|==GkFM<#sUhZ5t)b5bV57Zj~`<(4?-X( zeu{k9NDzA#8G;e3#ZT+l4duchNYYh1$>CpO5nyvDQ71-~JCAgX2#z2Lu`-VI6NZaI zY2+c`g?_vtcRW6P1%F2kQ~(>u_XSFa7d1ztz-j~(U_{%(lsKd9n2Bt}4MxRfV#I>n zygOGztTcNtc=C{Zb0h+*rN}PS%ZVZ7z~^XlZw`*_`7VSgWCIf#r}AKbA3lap!d@T> zH;IxVZ7?uLDFXzNVqzRA8}mwuQ4G?WIhfKi=?$`N0C?b_>Suh*%!De1YQ3hI3!H9m z^gEzgGE80&3SCOvq=BoAwkQ8ERN#N8M#J&v1g{gp zMfQ3;UnBP4wWKmxp?EN!%&sROu*o19Uv3`^h_#!_x8ek}3djBAf0@6^9^SG!2bS)b+FOp+pr8iTT4@!U@)|5#bOdDS)fl?DBt4)-dag86qP+<; z2LV88)z?k;AoS}7-M@8z-Z?pe-hKNdg0Fzp0(-vi4xF(MjbaCXFiv}|)S^qNI(S^y zq;H_RKT$nj#dK`3>EE?fHT#Xj695#yJx-n~DKo5pNEc>D-*SJTU!3WohYRJ4Df_Aw zhD6;cB`5Rs64ggLH8wAr9B*1Xb{h_^ag^g64#E{#C(7o2I4&&Wx}8DnmOiW~QW_Jl z?G;3$e$f~JD3Fq{H~1F*oz343z~0HSO};hb@Y$7q zi?fPUCZ)bZ?Q6+T%;h5~tyR6|=9JM<0t(-y(jFghjAWKc{OL~E(2$kC7{JU~OK7y~ zdI+?Bj??ed6{wNFj9YEGnyq<0gh578-TPvt(I=EV{8V@WJSOmuWbs_%wl&~(?Djyp zHtzj5>hmFGql?9WD~qA;NAG$>8Y{G9sgukHExlRA zBi5fN)APJ<(B6F2bavWwf|d8VjTlVQ))p9RR#$>VH986{zGn6~m@+=$uxeAzV!0jId}GrQY;?68aMWLR_0~8hnnLNY zH)7cGU3qgty_BRJhRJu@NU~}ESxj^%P!M12<>Te{yW8;RmD16WrQ4XaoAsCN9(TL) zbdlxGzanpKTpi!tbV`4`hmTk2`f1PD$!iCn?XtEbt!(iAzX~p{U^rR##|6pZNfb4$ zB;s#M-Norm%dLRc;dV`#jE~fH!=r*wVhRz3q6(U<^A4k%zo!9vxNh}qqv!U(*UO{f zyA{Rj(jG=c6m#=U>)}rv;FAY_-sC=_VqoQ5S^R4w)98J%1E*FomWWGt_%KMOLS#z!4KA0B! zcizmn#!&v;=;H&I-2KXU-BcT&kPJtq!d;Tlch;_+c}RWkki*~mPe`>Ykl*iL{@c&} z75%5q_qeZiG#p%7Dq+)a?7Q{O_H4+*sQzd;#(ym+>kN&~#^bSY^?XN8;^FM=zV*9Y zsYEHwtLi4`C|2+q;{!|R!|N9f>yMvud=qA8gh<_ltKgPV$ zHw$**YcVWZ{7BtqBbidMy;6f841`oRb{WjfB+2_!Mz6c}F zpZrxm{3%AL4Q^QUxwxW0qpIBGM?92WiRkjBZ3+swnKIV!Ih1@Jav+ zoT>BWr!oTA5kYqGOICjF)w^co0IBgqqmN2=xzz445`dbyWC1ir+EC8+Yo)W7dE&;` zcf`bmq%Cu@*R3>vw;S?8(XO}a4mEJa+^P4*krZufH)7=VK`=&r9l4{In#gTW#`AOQ zeIvsFyJRM++b zvy7q5+4!8dF`7e`gbDd`M^D)?&%(pT^#>@_a(}C&s`q^hS2w(VYK#ftK+^(uXX@rw zC0A>B^VLRwnUCyy+CIuNMiYTmAsIs}+3X3(`nMn8eCJn!MrV(dvu?+z{HI-HXR5W| zkY)cKIY89vKlb%3e(3;*R+MVB*Y3_w{8Yxvv3Qe4X6_*{*I4<-89y9=!J&b%dyP4k zOG6nR*3U>)05F#J3)n=YgGjyeK`3V-S2=l`x6?@J(2F~&Z2Drlh~-*VGog9!&w1-q z;MU%(%YhiVgi`{bPUAzp5wr3e&ZPnZiWB z_xX6ZaL{r6YQGo4Xy8GH1Q<4o9LBZrxcOTPGX5z)SXzCME1I7*DjmLhZnBf>$em7g z>V(HkGgR;JoU8CSbW$nEuX|By80pf4U~%(^h1i_V!+9-^kkM9%j}h80)u_G zOdj75RRG9MLI4yWYTbQ%{111)$>L>hN*0sUv6}Zg4>X%(-3^QskTUzR0>Bwx+F)rO z?h4qb`xo+e z{VvS73M!k<3}{wJgZDst&4b<29tB*{EKccK0{in+Hn>K~>Umw_fX~8;@AaX)uKjtd z#hKF!*&>eC34T zi_>z3x0s>1;O2(g`H4SNS-pczQn$o&X-UY(ThHHQC<8CywRdhWPN;6$w%N{+1>b#a z$*Tv5v*#P#a;f2iHoV^~BMLSU-Cv5?pvR^Ocy?hUzy*U(~_Txo;TSy z9y}tG3b-_5$CCR2QlOv})Z!*#c1$;0fWwJkQUt$^L+~c2!ei^3)!@zBopCCk60F1C zIFURNFmb$d`nd3Sk9DI~sUr(Gf653-^aR+xr1F2kK)4q=m)`jO_jH4s+-}@G6NmA{ z+y1IutN6dULllASL-&ar?<1;o?JK5m3QfNUJ>sdn_#8U2o_jX9IvHfc<91_5ZK`68 zwc#>UGWoA{Lcr$8quP;j7OFtwyWUMO*9UEOF_@9+`!m(fQ++fv1;a8Rf+WCrHUM`4 z1%b2cGK~aX-x%mMTV!ze*SU+?qPgK+5S3Dx@*zkQ@t?9yZTfp?m!$OJJv$!7!~U!y)b3 z<&>&iv{pyN*MG6!kZh_x*`^AFgX6P({YArDFJMZf>}u3sr+V~gmf6%M?8cL>X}FK{ zI;I}IDe$@fF6M)1-73DPBl1sL4bOnlPhCDtX5@pYmG0(R0LY*))l2N%VY{{D9v;;! zJ5~9})Fgj=;#@Rt!{I|M+@9MBdM9SpW{gx;vp!*HEG2XgxVaWQ6wMtJl220r_*-xG zqA4jSL+m+Z$bk~#3*h_Ik=T0;s((iU?EQ_c5)=eOwpPTG7LEQU*xxHYf`2v*6d}3? zdPZpt)3`fC?<_td2h@1INAJo&l&sBipcFu{c0-w=;FOO~_iZjs#}S$8qc=0hxLND5 zR}K(2Crbq3mPnD^*g*H`i(d?LIv-C8mQMZKNv`7y4;!@0Yv$AE4nbdtr%&In(p#+3 zr|S1}8k6uFA<6V$2-%xC9_!X^oPeJ|K)e5jI`_W0@?kzD z_?9Dw2V8N(|K2KzE2#bGO8RRUzCC6uzZ*;|dh>3@wCwd32d*(kO65bw%F1;2mwEj& z^uyF^5L`vpmf|STRAMf*(9^Hs=+Ga6wy*kHaXjKFG;4F;2M;~e;0;hU)^eebW{oOt z!EajE=^zG;epQeuqw(A0cJOs4&ca2Lf&?wNG9pfomATT~5{#-E*-Nz+lx&)uevdl~ z3Jz$h(>k7Mp#RPbF5*xuU~R_l{Vb7oUlU-sP@AIB0T?3K4u`NLe-f^@38u7=bhS#DV^7lV! z%{#w7HRp;A)NH&%N3HdA=+h#}Kc;VxbETUd`(3QaS|>{M&Nv6KB-6Y^V7- zRH`u+G1sFp;2lL^QO^*l21#{eCaj68`dnWb;oou^1S9x_hr+NNs!JrX-0ic!uoP$V zYF)%RvV!IHF4GgL2Ofz`^{M+!jK79|><`L`if6h=+z`IBerlT1R^Hd8to~w*^w#O( zs(2}xb)#c zCnB!6=tEQ`?IbG(p|T{MY)6#~^4~KgX&(eH#=ri8Bh#6y_&^KsEU~8j1^nyIHk-+R&%J@* zU=FlsG2=2dd_e=fKg}y`Tfh93_oh3PD2p{lzBKRDyvu+2*CE!xlZYJOVo@!(yG>r9P&asz2@oYcUD$+ z*egvIp{Wf1C)kBk&aI?qIT48tQufKKys4dQd=4~;qU2S0+ihI{7JR>&vMy&ve;5DT zeSF|kczcGl$E(73B5qdV8sr3|&DDK|n`@$29wUd_Hwad_%RmdPrcUx=;2^opRUrfI z7wsy(V4alOl)I97d9KWKIKf1H?Y4vgN5F}GNMlXHGxGQVm~;O93C?(kF zm=pSH@sXZ=NgzLo!^Hwi(@VbopH4Y(A}@STk4Jv%ds#G!%g*@`LC~Z(ijP1o(@#?I z6wZ#6z}H)YzST9UxJ@3ic_D<@zj@)m7gqfH%AU;_9V2t7sP=0;Nj@BAKOq>t6*lqp z(om1!W{N5xfA$Nan?$TL)4TkKB;6oo*MldB=Y*!*6#v0iawN;7OU4R+;AOA^&{*Am#9Yi8}nB^Hmm^S!~2|J zIk*QCM?EdpE^m)xKB|s71YBz%dd14F&eyK zPAgkab>3o9mMpZ2?e21DWxoA#zf^MlU4>@#E0VIm?HB-#tryE~?#}B#AI?@V0Q-7Bc9sbZsv3NFjY39 z1qz%I&k(cIox$xqNsy-pM_|@>%F%QyywP%}3nL?2^Kqjc9sF(K`9xiSf?ejZ$NZgv zsIBDQz4P|@32j~y&TI^Id1#hwo2{y&+|dz#&0nab%U#ST_(#+uZ8CQOlY+&M5h@aP zPg!=C>Dk4Pj=F!x4Xa2M=HUSZU$}z_+;+=7_Fzyl7YAd&k=2rjg@sYd`)nv@`1If4 zu;mF8sRBrn*vBgk`BC*4C2a!vG5k-#%gVy|>fg|CL7~a4*QRuueq&lJq9cQaZ21LD zuk?^$rdv{!f@@KQBQgvhKtb}+kF_t>k~6~iaS{t_y-#EodfBv9C6*Eto4y@8G|y!# zlU~~NqWFO3woeYO@q||5mqdey6iOcV_tgT}=^RO@`0!4S=FWxi^5)F}Y@W>Vhz1`w z)-$$Wf&W_+OTF3CFXcDd4LSbXohK3jx|g;7WMG94pAfD1Y-X3t4*kRmIEe%vP(Ser zx0y*fpde4G%77go2;PU?e&U+X67*`CG2dWp9F9ROz2AP*w+zVT(g8&1h55hNCI(kr zA4z!?jWJ)V>Wqo$BZs0H0$adUe^@rhEata=l>cpBAVmd{nTh+Bnt2k4 zt!0Gc6fsvjMI)A(cXLeG7w=l)cw;kcda6f=wk4rsdkOz9;jUKFRP?kpEgx|_{tck{ zb?H1HFO!9h`9=Hjo&TWAu^X!w=H<5#xMu;BIH{g5e;qzzz-Z>ZQUu7`BQp%{1OY!ZlL|c8XIsx(i-D>N7dMdg zUh@QgcI6Tl*En%~>Dk{B^zyT-A{3>D>B%s>WA*YXK{fcaG2_-@AvMUuljO6OzGhqj;A1Hv4zyM{nOlZn{l4-@$!d} zzOAWK}1tNW7#cx)9_9Tj^qm}&uELDrUTa!QOBrx|rO_%FTYV7^4Pn@;3kX@Ze%60N3LKbNT;H@;W(_xW z&^;W*Aa3M=0Wv;(buKye%nINU`tzDHp_}g0Rc5LP%A)g~rl#wQ-P!A5_JE(dTgnGW?mJcxk4SL4T*`3xIi?((@quSD0@jG+Zj$ zZzz{n{F0>27@WQA-9SI$qa;?{_6L0C;QNNh0Ph|EPd>`Mpb*hmVLKsO2nk4hC@o0CMDi{|i9X z>^m8;*DKQKz@FrX_Z{bnN^AH-+S#$I(f9t$1^}*#02oA6sakzwXC=7r>%JAfZ7;%w z_KlPTqAYH6;uVVDvzui0?D#&N{2M5Eu75AS!t6izxfe7r-vtcW%b&mvqVng;)$l=; z(>MvvLcyT9p6{F-u<WX{i7{qSf_{Q z@_kG~w%b`k@&-^_z-;~HI@r5c?oRX}Hue1@}1}-vW4nFkY=gcnn zeeag7Yv5S7gY^U1K2#2+UBu#a#H5LHUirzY=IZ5IuI?5C70PKnG}6rC-{b8Y1Lb)S z9HB&wxA_9flre9m%)VFzn4}TmSyor#+v4B05r^8`G=4u#48E0T^C_PYIH4cc1!RZ- zB@fA^YTOtUp@nX5%f&gAiMiPR7Y+;Y^f?mqp5T(uUB#8+Q<=j@V|o?)1`zuH+dH@4 zxQaWD|9*2hb9UGE`j$AxNq{&chMJIYzXb^aB@GfFR8_519xC;red$}JiU*KNrS_rX zA80G}r4KESt!Pn2E42?Tq+ALJNN56qB!C^q@nv_?=6oQ>C)^Ld(m z+4-I`-J%n%VDhtfFPd$mhjDcuag2d!7+IRtcCo}o;%ttWZmJM zn?DPPS8D1L|2x%FE^ph`cP%X8$p0;=-cI>~>{h`u;7WmKYk+eOz-)qHuH^(ueE-40 zmtH&58@9ihu7>k2`RT|*y481zZ33+GY4E24fLauHb}V;Cnm~~r8Lgyf`4xKi?Akv) zw0Fy&&$^Xh005%a-b4#l8#JVo3J@l**Su+raE><1jMrZ@X_7nP`Zs4 z7HXOLgTjwS4!2v#`o&r|p9es+2~$7TKS^RQUYw5d3kiWd`NSDsDR#%`Q4`9W^;Bu}7Q&Tf>{@<&8B#8w8m7Bi_It%Lgr-sX+iq`9K zp*8Y-I{d|LM>_M-zX=j+7w!RUs?6_=LU(spS66;IdD}==|63l`yjd|?JonV_p`E4a zc-_6RNuS);J^12nM@+u*(;Qs?Gp7I`ifuj+tv!9cJ?)mTr7kNck2e)ZD<|(p2*nRNuj=k;HvXPjJepZm*ikGt`N%sKePQ}V;k_Sfm_U+Md{@xs1`2MS&7lCeRV%L7mVAjC#Z_RGmxHF2D1rDSgYD`%iP zeD2BNzrR2J@;ehng=?QF7L%W4|GlBnM~6n%xa!S8oFswPkWK(|F`+rFf|-eEZg<^# zzi_ABT6eiaD2d297X{53yY9UG_kVb~x3_P{j)9(@Zfos_A09t+@IWn!KKS6H$G`r_uYUd8qemZ? zLX3@#@7}%Z+_^9Ayz};UKhP#5jegFrhQAs*LiOzjh8`J>UwwD{_0MLtKqIfo$icuh zqJ-(;o}njperhj(jv3zm?|b9p=e3gF z)4%?GEQ)F;Po3Vs|0W^it)sX6?B_4tch4P%4j%Z+tFK+SFj+2l6~eGsERO8o7sv7G z)1RL?bM~Eg-=CeWQ?-QBw$Na zWnU2bTZ1F_5A5m4fAzPBG!FnTOil%XRyz3N%dt34#>dZ(jNDZ2>d^UR+3n-x$y5FP z{ZSMR3~X<=mQBkir_XkF6q$Kje{ZEyot~LJbM}kD9ou&f4Ypg_#^%$p%3GgI9s7KC zI`V-;B~T)Y#>v1F-?F`f z0~0gJ@v}3hC!&wXYv-$u7zBV6fPlp8i5*i!ULvN0J^>5B!Ju$+seeyL@6A0s`ola` zzQxR$KmC|Z01R9z6+>gRR$A-4FXU`ire|hff8(vk9(gFxn(O(%I?!F69XK>tDlK<0 zM$Q${*BRVD(sw@q090dNiQRO?PR=G%k&hBzE(A%}j$NjwpmetmdrhfqiY0AIDvyA; zR#@x)_{v|OdFmU1*6A6bcwur%YaNEh6C(fs5>ue1$Txv=HX{=g7nIiJuFi8`j+;Px zqV4^??G}}jvli59(Z!2XgM$N8)3eNMj8Rfb=PZIj$RZb&Kx-W{ODPc06EU-t60^K{ z7E%I$_Z|VI6r7e3r4Y>Qi3FlZ%btW30+E@WCn<$MBxdhPNr8*XL_{p5K%A@eY6Z+y z+ByLq09Fv-NrR+Cf(=T6G5wLgj6)k$z3!cs^B@vK_Jh4&| z0kS7m5&_bus|)a4KOScp0om)ljDRJt*DIycO4oyc?(S{?ND?a$rIc}!)S@`8DDwcb z6bn6&8IOU}SYGlTmbN>v_p}NRq$0^vgYni_0HuAuSpk=J{*?FezV041fY zR;!a2r;;Q|4FUBbFYA-!fm1c?JpqCgl7Yz+AWB(RfGDJ3Vo&vkCr;zvQD9b95)qlm zXAO_Ul+HTo2t~~6M*uL(tn2|m3JJiT2q3dNdBU{PWdx9yLLwqFd-7>T=`1Cs5Lll8 zRMxMc-tgY}^yz@XrFNGBn4NDJ@}xjqSW)_i#HJC7~v{AqU=Myz0puu>eSpf?wrTR~w#y2o8pxzBH(+lPW zENB{^`C(x%s6Tb;0S^p|J+Rbx&3Hi0_wmbkAgi>|gsT;>=t&nlztsX34*IJSz|2y} z?(TBB4}jHLJX@(uOk6A$L+4x+C1DsyA)NDZVhaT$5Uq1b;)(@>h>5k<`cg3jfH<+< zQ?XzGAc_-aPJ`;IQ7jPC6DBIPNJ(h|%>dPEq_qmPBIa5x4g#%}B%)fB7^9Vx-cuA` zN`Q5Vb;V+c0F43??>QAvixXIt08bP}aUl!=!8z}oGbTVpYn}HLng9?I>xd}*!X&ZG z9GZXu;y6J>6KH0L;zUXjXvGY*IMzyOC5btT60PUUL7oQZObA zO{r8=N?B{iCnmL$l}ar$p7(KV)3S9wshcpd&elyBC)RmiDuj!iUyEX_8?Rc6q?Bp4 zL8TgLEz@0xYBdT1rB!A^6KIv0FbPc{WhS5y211C&uIH?E3%Z^!u0jBFwH7ZDpaT`h z);bpk0cK6$jnS8EfEeJ;<)Ys=P9w)1Uh}y z3j{dl=<)(m=U-YtEsoU+0w|7c5NIW(^M0`a6CgG#01?uGC5jr1R~Nvw#a(X&0rSpx y&O0(DK!imCcxm6i0s&fU#mwcd&O)I80RIOZI+5wiT_v#q00008nx5(Ix!qm2?x|C!CPG0@5*3L62><|8sc&LR000en3)~_8XPD)R{UHX%NkmEo z5fO1^OMVjo$N(v^uPW}DCu?r0M1vk=FHO9%u^DWf=Y};y_+*$cVoDSxj9}gza_J(qu+T+nG)@{8_1YZwq_=s2X)gdgg%7BrI`Jr!2#i%eLBdW|7{}(tIr{cHYS4No`8Cb2sAjVPa(FQXA ziIVC9gP8bR9^AI>^}LZPhZ>Es^LsNB6Wxq$*GXzxT3xT;&Ged@%a<3I#kc6eoh^HA z4vt$IE-}Qk^z@1G@s`I{7Z(?cbTviAp6i!!X7M%n?61`Yf$P3)$Cn9ni(LP1Tfb4Y z`n~G`Hvu8zrpi>9pP87XrKPnhHP{J=iHS|X{k?d-EI@aywS&WD%;Lt)PLB&$8eJwsy#JTp)HG}TTdZnc{mABKH%plGe=Zsgf8&6j-F-oH7lWA5^1yiE0{ zi>#}w`^Bt}E6$3IG(IsQk*^pxxO3|X<-emL@{J5VH9cKPHTg$s-!E%ROL}xfgXs5t zySIhoTM3E;ux1mLRDiI7r6mCX4-cQ?v9Bqv$Q=s@@_S0?rB_ItB0-E;+FDU#mW&gnGEBMOP#VbS?$xG6Aeru{Xh!z|Jb9hwsT`fb4T1N%D> zko#^EuE)j2kGvjm%!wUZiM4qM1N`$s4M&oOUDgj+cO%PBAnLZe51X?uTXTvG?TxCNnwlORADd|McwEU=Ek2L2O_r3pUhQUd zX*Qt}E-cQ^k577a-uz*Xjg7s%z3n%=TwZR~e?3YCTbEQ+D65Wd*@I#Rn$|rfXD=SF z@hB38*e3bI&^?bUnu>~aeSCaoXJ^Ygl^3&1yTXX8{ILUvm)&UT9j3giZ3!RXe{>@A z`ayNj=DuxoFG3Lu1x;b!yc0a>g*}n>^znfBkey{JgnNcKG;V~DMJBR0OMhJ{YFs!1>qD~PT<*#FthjT&!F^Lf;f4*Tfezk0B>c9X5Fyu8D@}I4s4NT(uY}%q@VcJc z^u10S7I!WmCbIa9H6flND=S;GV#ApMi8pt5chS-8p+6vTg$T_{OUqJ1!c$MLlI)_# zfX)kChj+BYvH{oej`S^biArY~p(~$}#2y`*6_)(tlH>0;ZH1RXbWK1N$^uvALpW06 z#|IPzoa)q`R4BG8kvCHR=Pz`x3Qx4?SqRGTyMDyWZ>UP0uxF-pe$Y=jLB(i|-o#p+ zaD|frpKt)-SdnSpe-GqzjJZhRpMgu>V_4E>* z)C?-x6v#*#>7g8`43VXD zrNhQbs(S-D-3VHm0QcQIF_->QxIu<)ae9Ob&GCDlr>h=$&KT=(Ft*m?k^KIR$99gF zQ|DuZj&Qedo{Oc!S9o%FyYQIOhi&KGOYdVhWfXax^vBQNM^0LULK<;Yv$YahTc7NF zjtLQer=@91VPeq|3kY<46nyY!WcY7gF8rZ74+yK`hzKiU1K;?~qghFaiM@6c!kBei zPaIp=W#ItXSs=HpjDe4jftmTdVNnjq)nF{NNYA4KgTWBL$H6&PRo&xes%h+_0IDHz zbz}rJVv)K1VtXe}NKHw}`)t)Cb_WICM^*JUmUsj5s9)!b1Rwt*Gvngn4emGqLqkJL z?H*2ATCHogRyH;;fVd)u>?}K~|DAtJayWDm7c@+6urP5LoPXiFKk)`UVBoQNvg!8K zlvRT?bZmUe7sXkE#UzLc4t`SDksMYhmo1QoG!MD@?0EAG-iasGF@OyigeH%_6~90c zKC|6qWO2rwK?~^lATap*-()uzoFxF{-qcM!!(;p4%rN|Z#%G}kz=TQ*n^?@u( zfE6gP3rL^{w)QahkZ{`3`oyl4HGYm}fjOPQ-_mnhPK9CnX456O|?=_w6` z8NkNz2yIuh)1&9MpD3w#`xUOSPaOW16;phA&k+X~7utXFAjw2r@n=W~T=s#Cj7(@~ z=*Z}(q=dvmg*F!#msx{WQBe^xGICL2Au`g{^V1XL^MmV0A~Z8e$*_LI_39tJOG}^u zjahpsDb|7Jj*eb)_KS7}4Gjf#^(Nofr$-NY2M0xUbvJGz>C8<@iiGIs=(o4G+S=NC zRe9CC8e2v|1{Lq7a^Y1SY6G+&7GQW5zeJ2C>E#s$wyrE+ zomyN}*V7Z^;ekLif*6Sp0lT{07V8n<~pR=gTG6E83V)YPkl`j zWfTp0iub20Z8}i0vjl`0&b(PvQXU>HX=$UCEoEh8&CSjE`9`yavY;KYS)s{mnxsQ` z?O!G>H8rdZ|Gi|Y7B`F=uyBr#kJ}dde!7Pma(F`T{ITWG5po!Y#&%&-QLU(~1b28X zM*5;)yQ~b?LVzW2mRudU9VtWm3s5d0w>YE6VHFZX?c6@oS@y#QOpcFt zbhzXW>Op`sN96y&)BkJJw#<+Sfz7R4zfB}sHcidUdbcj<7eoI;(i|wg1qB5!rl8GA z($lQ}cB1_eZDwk^&Xu5jHUk0Ck*!VB8Ql;tZiW3nkoNy!=426oyz%d`^5g4tN%YeN z3SuuH`UcE5IKS->>??%+jLA4r{a6*Njqkq3dXDW_j$bzVPbxD}mo2jUgwyqH3w1RGJf#B=pTCvbYAx8cmvZ+^ zNvdOsj~sDMyYLe5$Eg=n7D>FI@7R3mJ!2!frKSht7XqNdN|0=O)92cE{%-!!*@_Jd zYbS|qv@+O0|6)HIr1B@#@zs~+tRzC}m)E?~Me$`gSADA9()nd^S;Jb}#5g=4d(&|< z(xNf+yxaBWELaF7%nh0X07NK61Q>u!vWS@@21b~XNCgp?#sp8XtM&(fn`VIz4-<{3 z!c*MtNksu*jZ`C}=mA`PA>9UV=mzSo#cY9uhrHng0}T}@GLXg?UtF^Lwt@_c;-A!F zOn@vB6fFe|@g2YcWZc-XG$Vr|Ut_wF7yuYNy$<%HMVV~Umu(jSkVOmKiHM;$)QS1r z?ofkTeS#YP`>=6GwO5NBgv$XSKH;$$G8j@(lmJtXcbV!c02$^5?K*bK&hMpK{JdY+ zSImA6r-Na88f2~R-Vv}cNCOct22%&Kh(J#rn=L@5aT|i?#}c8*@JivHLCgoU>pL_$5)%n&6%!nQ{^2u;?N4_q z-&=o2o36F?X15dTQ5K-N&GN~c0vMXEZf_POLK#FP2ZGT*V`4#d`<*gS_2ZoQ?Nq1% z@f73^{Ro&Z+cI_lP`u4>P>Q+IaVG)oD+GK?C^?Ef91dl`Vl~;k%9vFYpIKkKHPiEU zq?(YaoOtJ7Bgi_pAia~Q%H9ipc`GAS48*_ymi2`&pcKS0fP!x-SxKUrZW6xH6v2myL)#x(!jkkQ>ladK*jvfbG9r zT{q*K+v!0O96^N=J6CNht@I>bT+}}NPwO`~_jGq&8_(1fX@X=XqA`92g359Qc_RuvLC>-a&{QkgNV?duPu$JO z!sWYe@Of`4sT2(NEx3R2G9%8hGO*Ho5J@g0Wjod2|0HfBTQ()F8}T~}{0 zqJ$2QzV#aaBxq-&Y_iGoiBxs`da;O_U8~hecDU7`Rw(L z1=Vz`*B)iNf1*1(bZ~JCT+t6tl|*qoT*k|GozUBL2ccbeeLp0n2Vx_k)sVX$mOa!Q z<0NFSrv4Z8{_eoyh8I7_9M<%ql*%_&o+NHkHdZmF7D*Reh=;hYLByW8D zU`X^}@_zh2%TrEvg;&+3e62{&`-nEhrj2iT8F_Y-)b}!$Td%6Xj)?EwFigMgBIn(7 zsZ&VT@0zebe;Rv3$Jt5T_aJ$++E%%d8~o+0tg3|R(`TFWLpORS=J^|WE`9bYZT;sX zgx^wlIH?8KdC#h9seWRMGQgDkuqMu55k7iWN7+(50P}|JGqyYRT=$ybI>zA5CO2gX_2Yl;wv3 zA&;#S7(V2;NBuXpKe_JpmpXJzYPW5p)>lrnR+QH}dYl~k2c1i7eDmw(6U-df4CdUY zcBSwg>l}jnN-le?7iklRX%kvTZ=pR=w691d79{k{(ypJ2*HfJ82EK>!uk1xOF6w+L zUM&_CHtdYrxuiw2mKmnk$jK;`5Gb;G4idffJ}bOrsG1BfZft35C)?}ClNZ|`d<{jh z?ZNpvZHqV2$JSMfeH4{rk{I|;9{+>oMkNsuK)d0 z-+Mp-A9TCs_wLhElTwgq^GlDXkhR&xxd%UkdzOojgFR&nJ6p)t_j=*#x=RpuP}=2J z8Mo?l&!jvqwyA2@Yh&o#{?_A6dvt~$#DRa!AILClFvhvUf_^-&>*DFV(*$1rNvVls zToZcV)zDMa+d1SiAwzwgHF=DR`)g%rJV*SkR{QUnMb2OF*u6?5xkxyKV(K@HpcVQ+ zUQ$xR(1HLV+t3G4qFMa;>Pi2Qnvd6mT?{obGshC1(P2 zeOU$Tb(#bX9DQ7CDl+hy?g0~nO zfUfmDH-bY}kuo1@r$;ob>!CaLazet|8R?FS1C)~RHWl#7r*xw@(OkmlHGt;?f>lg} zvVvP_JoT{Oc(JxG@H^Q;xFZ&9W=q(;+pkf-#zSb&wovaHOXcywB>XtQ@iv_=c{PH} z&}c2gd7SUSW2F0|KUA7B!GU`UnrM9=XC_L_a&D8gZD=Aa^YD5v-eStB*`;uaX{&hhm(X? zd479^0gazj(R*w6#6B-Q2nYL;mXc|cB;fZxm@s1-aan3HoEa{v;SSyLl9f3B!t_KX zj!*E&PEd+U*y74RPZ7{a*L5*}-r^8)+6+0ns;Cp*Jbgzvjx(1sA#_{27dCbt$jmI1 zVr^%^3zxaeyX8Y8iA3mq<#74vd-u<*^I^}JTuqnDY}3WHz1EdT1kq3fFu)*B6)UH{ zKL`6d%k&ti_lj)wthKq>O}O|M?w@wriP~B^D%DaX^?bOumOsy?B@ue)7M1wks!cFP zQ%2d3i&k+Gh*B3i79D+a!wwVW$=h0Ps;eX|K?jnX{2nK>#34|MF6Pe+uC^H67okWJ zy+2>ew2SFO1agm`>{<^xV6ECd5_#C)H}bqY`$Ub>+e>-At|~}g-Q`P?yxuGj@hQFv z@vOaXHhPO%+Eyw?8e}<`3@b$przK`(+0~Kj4d3=jEl8HRn;gz$mmDX*TFs< zorJyeQ-apjIrX1e^+w8P8(r)=TgLtFI&krQ-0*XyEVuMDP+1H|T{i>xDPQxbjLIWwONSB*v|?@L#(2jot%Zc?h`_B**KU5!mNNaV z&5>SKlNw*HcNK!s<8hMBOUp|m8Gnex;}YEtB6Hb^wCgEpv<380;S0|Lw{zJIrj<#e z7|>#gQ~(DPy@xjELbhF(`}QIm>kp@vG%oyVy{^2Gw8Yv2Ps=b#2|11yBx0IW8!J)} z-{OLL^$+W3UOf%)Ft?hC zp|s4M4w9)I>k#>PO7<5p?-yR~5}8Ia1st5<-On`h2CTJzy#y5&48YAMMuoG@dE;vx zwt}=Q7)A~_M)}||0Eo|J?$)-Jn7_Y{>gejQtLw2e!BA7(EYeCYOjQ{tbPogi6DE8|0^FvC0;?g$KzB{_{(Z=pE5fAk66tQV zXTV}jE_{CExFO<$H*eiMnLPxVTSl)n)|OF-j-CQY?(=F(TVd{uBx_b~g=qEU3!tFUd(FduPJ?r9ZN z2S!E2Q7rKv?j#nG%;+^d#Eb^2FtJ9$Nj?F^^M{)Y68cNpN!TQ1Jk2hoWaU^Fc2SDRr@{B;hU&mLZ2duE49O!dyr6+uw7JVBv|`{OZ57-5c^fRqMa5 z(qxB8mH$8(k?|Cw$DAlJ!53~?tEnu%$xQTzGQ)wJX%ZV{mZZOHi0Dz2gf$sm` z6cfS%eJou6z6XO+Ou+X)h0QPh_VZ&zA=e~c5x55p7&Z)D%t7~({r5dSJh|y59AFqe zv$C){HS-CB6Y7WR&l;M64+*rU9YljQjBU*bMj4PxRNbRPWZZqEUrS zJ%7by?sLO$KA}ZzXO!S0*)oq(WZJfud2|!YD(%a$M}JaAWugIh=S_{dn@##tGFau+ zdDuJaR8yh4)WaInfGtA!eAz?xFtX0}l^HGM@8L+tW;$4iMh$3p zo-~0!4EAZ;ZN7|(Z@)rO&(e_j%TzdpfN?+3cv10l;-MO{v+kxzc&9|b0DXrLOL+WdTl%M^q{VJTJw6K_@i2HQAYN4F|Ih-| zTw|>);IHsL!%B{*xH%zyU#~gK-ir8nGZwHQAp{c9HM85a9)uhG>PTm>NML#UBaxPUd2GBRq*-%D!G$&7Q{2sshN)g+U?m5v_~17;>c<0Zt%pG+^{9WO~y;VSIOwXFa||3e^Z%fb~kLZL#t| zhUjlKAB82iL&`)A3P9&z!bpeu)YlxDMf1Dw&bCrz;p8W->0Fr~O|qb|14oOhk>B|6 z4=KN=T|%t<3fc_5$u0*^Myr8D)`U} z%L8A$!*cCu%7)R?b1;ac>MC2PGN^fm;mZX-fqVMR2s4&BR3puUHzB#xs*`(?tyLoW zOzs$yabY?q)iDdyU$Rj26uf$ab}zjNc1J8h*6~Vt4&<;!O~^IkUk$8cP-pZ6)g_#; z2T_gsTsssgl78ree?=0>#Q;*Epn23@s~NuF=&w?c`+qphL@Ziy{zA@+i^5C38;AOY z6QwxB;Sl!=3<`~g-yOqtnj(xCf(1krJyx0FOv<5t7U46?ilb9t{n$HtCZp`|5hrA* ziXkG58Myb^p7wiwlV`N>z(+go36gBAk~xa_qpfppjEx5oy^s*%r(ME-cCBnHTHIum z?m_l}F%q$qGdDGMcTWGBYnk5dKrl^|W)b8AlYe$GKX0T;38O1pIA&c?`fVzJnul9} zpZ$xC^vIBG?U~Q!7JK&h3C8jfvu}#`U$Bvw7ndTrW2r$#0BkqQSfG`)`*N0Y>!-E6 zUVt$Oku1<5&xF)yj4T+6JP<>~A22e&|1!OCj8vA5v3(szYG+}9&EZ_q^M5b#_)*$-F#}|+XGxE})FP^|x+IF*n zrb*~zjtH+?#2#K6*@?+v{h<`ZF8hQvrW|tg&S3$vT+F`|;X@jOY$!n3MTzZsCanH? zc3}j)eR)7o@ppGIM~qYQ`b}BK77}k@!89*dklS^OhD>yc}Dxwy%AZlfSD{#Yg(w@B9vwRyfBSB_YRl8f%E3fd#UVl0B>^@oroQC^!GEWNskwL{ zeUXbTA@evC=Jj0`3v2?%=@xpM*9C73x8n)*BR|c%)S&_N8`GfaA(;f8gf{2>F){tH zO7F0u{qe-!k1?(;sA^g1;hUuc6F1TAx8gisyUePqXwlntoF5m5k%ewwB68i=; zjajzLTAF{de-8U>M<&7b$20wGbVg>TzBC&Oy3YTGoLAymX$hhH*CQn-UT=h+NO)R{ zu1B<=W_q8S%=mAw*szj1g?vt?)#C)%ScxAxo|T*vD^q)Es5i3pJ@+cq^=)h(*1|eb z0pPo)R0>5@DTN6hj&@>sA-48F>>8v-eiNd(e=m5gF!{&UNTQXE?T?o?BfhhV=BLt7 zs3q;rUbR3jt;($2rYyk)l7;bTRKMf6H{;)jyI|I_k2!d8-q%(h%W)g#%$TMdrVL$8 zvkPJBSeV7F<^nIUMfd^+b3;_5E)m@|nl?ws{-$N#;rG0l8 z;(+d=IvLzw&c^SLIWPBpqb?refG|a8ZQe`PJ+UksNG9^C>6DrN(-?w(WFK$CgSFHT ziN}fd{zkg%13@1|p!20A&?-41sbD)W@bvyy-NebH4-GTxCYe1*p zWn7coFOs)~SDeAF_pbi1xBUwrgn!dHdBw*S26W+Zh-q0L`7aE%ZyWH=4N<+&h*~ZQ zQ10q`CH;(g_&^KnoDQ;q+@DC`{mt2}ISU3HzC*=tW5j@*;VH@hOa5|b^k}H+P!|6} z3ltG8erQ0EHL&tL^gG$K)%n53`{Mi4{d@S673)B0E&`CBtsPEpaKKOT6;{${T7gC7 zX=+Czo_a6ViXxxx=uWExsD}T8{gXYj%^I%7;QGzZ$M>DBOR&=LtxSIml~?fgih-6# zzN_^zK~(?k)lARxQ`({m=dgiH(;+$&(>?&}l|F9#a0=+pdnXpv?7y1>Em2vb7ipZFko;@R*;Fh6g ztO>YmRs)_KFhECfVPE864>S2oLje`vOvf6*p~Eni+lL*DK6MftOG6qeY@$W8rV{*%gByd4IeV3}uIez%v4LY@Un^-<^Lq z)DeP}g0R+fUn%=G?X^$>rYm`L?8*PuLgd|L?M?A8Jb^fkV#rQ54 zXB}>Wm}nGnP%2AUIzCAJd3N{#upcrwXtV!WJ%d()BMxm(kF*3 z0^|XlY&zsl5VR)-B-eG3VZ;Iu$;;8a1~QggM>&%-h5V*;j)e{TGkccFESKh)H7mF6==ZHoBb@Y!=G7WA zNzT8@j>RQ@9h0e|W`&4*NXfBnIh*Q^3|wKS*+=8z@zl{o-8{%ch7gsjz}>pa7;E%l z00cm>pww*=5N5j`q}WVLt_3OA@%+j7ata^)fjrm*44!^-kT0mun=v)`@Re~C9U1_U z!=wLAA0Yc_KKcX1F2uvWkA!Qx6mLCkgd)r$f`}z7jNXe54T}f^AlCC8J*wnQ`$ELd zYcVNjh>hNWyHFnsiU_Pxpu#p>XQhWAE1uD*Y5GYO?!c~`<>tEqJD`B=;-=L~xiro! z&!R^p7ahMrq<*s2!k~pC4jFpJRObJSuH%1KdCbM|1+vD2F#q)mMt5;jOx-ecoPFe- zfgr6poB9(CVWL=07nEB5E|&G32#m81(HkA&IRsrH-l+!shTX@rhNJ{;Ja8?YEm>{_a06{^@Dkmd)fvui_KW@>g>cc;l7}NK z>c%I?5WmNGCQOqtJ+LQ9HA@<1+nKhXtsdIy_nAU!VjIuytP3oyznJgs*{7Dl90F`r zZUvx6ld961Lh?{3|B$rHvredcZ@SNvCgL&GTQ#jV(A6_#eUDtbCt6|J^kz4MhFyts$d-|#s7`_rQE`);OCyycJMbY46P zEs4n2or>4bCe=$Zj!PPyHd#!*Thcq_%-K5zOp9(4o}yRAy=kmEY4>lzzwS|}{+*&D zYK>TTzD;a7pazE?$+(7f)K%0~R(4d=HTqD?y0eUZ_{B@J2q?@DJl7sG2UpIp_ifd1w=#+YHp8|6&X^l^~fjx)WF_L zASuy7kie~`oNT~iYz&b{PqRo%*V;15^7zzP>KStV!V}+tobhjZN|VQm!uX!dL6tw5 zSYPu*=GgH~q}@7UEM-cQ#+Yec2_4(*Nb+)f;0$(@lJZKi1LJB9!h4)VPU5@z#lLM*8M}m(CjuP0wLR=;5XS`L|10blQ4*Lv^;%p3hz=Y>wjDuE4+pzeUV)+e;0wM-?2*7adMUMK1Lg2C6yr7Oa}!7PBIJH5x61VFb` zBQ$Gx(Wc9WmETw(W@`5~DoG#P^|laQ&edPIY?fES@j2)-Uj0v$F6O>VZ$kk)Vn4Id zI~$kt_BB;6Y4z6r6%R0;?!2826{ZJ7X8wVkR=$&mkFPB~qp(u5l9ol$Xf@(iiAXJ&~0b1z>TgW9J?r;W1c%DTubwPR2qmT>#mL4AuyRcQgUvoEGrE4CoER zq=Y73Z9+w-fHk=M7B_<&@WVh&8re`;-1iHO+svj=6MXNN#*;jXYp}Wf*F^R@sX=6D zgTGEFz4rZk$&^WgUY7evo)#PU;e{5k+KI}he;v%!N&-~5te59J-vT}Ce90hmM!|}1 zk2YdWCK~Ikk#afMKn)ZtKFrgf71J;)kQDcNCrTVtH++aMaS=P_&fu5?<&WhY+}&FH zH|KqOyXQ1yvO}w^yzYG2PhaM~xhMOFjxVIKBgWus&bHHi@4#Hdz9k)m#7`qG;fdSF z2Y~96NaP%km+2?vs;%CftM(VFy35~JGxfp-g{^LaSik$Ea>mlp{lUV44xd#&-tE?_ zlDOB@*9W6tHTgYvk$UW6@wr;-&)X=gR~Rtn5>~)Ll>cwj0cwq*$tcv$D^oT8w%;Pe zIkLV^esP*rj;8+9ZA4FlQIp%fn(I8hL`7>HFNg?2wBxUP z@8k;s|1vcZ?#(LXT#ETneMqAJ%lq^GYZLlEP3yD(5c*@v>)MqSMHHfmJNHsSAQuDB zyAyqyK`G)kMP7Hj~G667Cm&uB}P zsJ+dWGzMv4G6g|UKY=O8v^k$V_g`dWT|VYVL+;P>5pY4VUl*k@MW)tL$sNb*v?|of zZe16*Ns1N^k*=;G`p{yp*)K&n;aho?13deky4pcde#X96S9_zC!rrdl-al-=Fby1) zmbDF-HB7yPME#;!yYBM56W148U?DlSXw#Xc8gXdE<2agOBo|Mo(M7C|IOfpC9V!co`g@TRmSZ^kP;RkYTUWVW(edUliwIF5>UZ%W z&@PCEySkuoLj&oqYf3l!%#a_pY&*#LoDV_ZDH8w5;O7X$A(NoEZFqAomr6Q9?iV~{ zCAlVrqH>y5Iv~!#9}+n3PZctt~R4FoGc>64{bI4`ITmzRn_rh zXitXKom8(CYWI!&lA*o#(&wwZW$_bXVa+eb)YxhGS#c4u?b|*35?KaIk5i(Yy!Ow; zA$?CY-uFVylOvJxZ!dd;f^P4-^%+g3u@F6?-_1oqqVe6W5%KYd?Z34nnFSwn-eJjq z29pt~t8Twak1#XcyuTR|F!$l6{QP;KjSEjeP(&TxJN*iGE5H=fP;ivY@auTTp<>8z zKCsSAI~2W2sJ?0UrbTUmYjf%T3{K3>ZsY0J1o);pKRrDSk?+T~>lgD8cR*`!AOg-3 zM&|AYa+sN>a`S%3LEiUj%Zo9Y+ zLus=Xx|(Oxe+T|oD{rRQgs>oVH}rc`%^= zZXmGSw?4WE5f^t;{yOKSxBXY`XMBTJUi{w*-RIYE)SnuCCj)de5Yr*WhqJ?fv)n5^ zqHSD-A+7wY3Qkx%_Ly#dHZC&5J_u+eV1(ti+aI9)mIJ+blgE;xY)HQzX-W2+ZXmqB zYF^zEZJU-A!V3Zkf2Pqi1p)0hy{cl&6qyDq)nAt08fI7;S^b4Ozt0>`?W2d8#?l;G z%B6U;mB3HwrIEVY#1b%Nb*bFTKhDs4EoD(--kMX=ED!KKmhrYdw!b+pRlJm&?g@x? za+5mCmLb;1EzO1iR6W&28%XP2BiarKK2vY^+r&qyZ+bp?)b68O5J`--0xg zD2)b=^AiulVgZ}6>e+I8jeWV9L2lXe6X);R+8F__yO&#izw>EHQb_CN>$ls2GfZ~s zUFmXZNfyl8ajQc1va_HlC9CgLxHUvgDq3U(B8{+#M6v*nlm#0F!km!QU1HqcgYzUg)wPJluq7 z%$83pVO-2+K0G0Z;QeV%{pUA{hm0}`0EQY#kFCmB*$@I|IQ3!FK$;zg70BiKydHpl z6H3kXHSWy{38JZYS={6~yT}%8YQvrD2wI1M)T*`qTigCG=AQs?)SJ%}px$#j{^2{K zl$>1cjN;U}A|%BlB^m$Fj$|%paJ2ASR``F`>HptV`~P2CWmHEQLeCRvA*s+nWk6>& z(zU4Wbyvdj=s`<5lm?31ojlO}V&5fn!sBzKfuA{U0x5ljF%CM(0HoGtCF1Awp zmC05NX?}rIMRhR(c3*NOTR_vxM$XL1#!FfG{3q>Yk)LO7VPUC*xgN4drOG^K{XKJv z@}DMsU)M1_nU~v%Dm_)G)?=&X46C+6=(1;1I!oDHfdKW0;qu;GE&_J|JqUT-LEYPY z?gyvaO^fl^PwIpopt8J}`~Hd{=k@O0Yzwq;LTAMQ0G}{tP9&6Fhf{ujTd5anq0>Zd z{-z`$dH*llS%;5bh`ZBZf4kD38;h!^{l7dnobx#`U3zN%tn`ITj`Q=>s$+Z@{ z14!4M-}k<5evO&WJ<|%&1-RDrE_$7uRy%hc=sEAIJ2y|6*g&&)i`OE|bJDER%H+G} z>}$@s(7mYwecd6zz1BI7lkb4v{SV)|d1}A&JxZb7#LW9g!4JpEFN3}eW%7zv7?4=< zIq>vfF9Hf8;7?}Uv~tRM{c`ht@60E}6I@@(xH#}AURd7V_m>r55!e}(ZGb3F13{+c z`6ldi*38oI{+%iChK_d)T(Xl-u4gN49medoee z-}rH&Gb0HJN(7~Nt7)ZO{$xCYE$4}J zuCC0;qfZ-}m+F-6GW=;jq!~$gKw#-FG?1D&ixTKC+2gZEeT-YRm^ebR)Nwj0$(inm zOzX)P(bMYD`*ap7rz~x%B|(F*0Hf`MZCvf(PEJKr#O*^8*OOq_+)v8!BXu)ykW^iR z3?P&G0=O5_ipR9S)}1HaWb(ubar2QZJiHRlLUIV%!?a*?#NXSI(pXio@)OX&w2Er4 zzw<}ZWkDe}2C2(yyUuw&_Azanrp7z$2Ab*2ZiX6qo`6pfI?q*RAGS~(Lbm)r+g|=3 z6X+CC!pEJRmPLGR9x`JE`O~pd^Uf^mKZO5ZVCDZEWd5(V4BxkzyS&L0z`+42t5G^L}BfPY=IEishg~Jjg0AJCmzC~!}iG@rTmShnNE%CV~3p9?Z z9ycsD?9Hoy_Y{0DN6%7DQFn;XwMb6KzNJsoBfy8lic_EqXTHrh0RZ8r|Na+%@?eVR z;0)4#c?Hvqos5sMv~gZC?K16iW|RAVzv?ydsAH4G8+s$Rdf{#qWd-G?Y$N!~j9U#; zT1j(h^+Nk}p@X*~Mc$X2yS=6cyi{v<`LtQPsJ(q+=VORH!<01DJ_Lz9zjcTDd4qL1_)UwByw$4Av#SvWi5H+$rM*+t7L&=i3*b2P!| zpT=*NVwQcz=kk|4>hX$83E~E$`nMP6AWeo@a{h7Z?1ODWo7QWh5gt; zKmQm~&>AbZv^_7ZIAQCDmhC*$-1a@q^@X~fC6%e~2VqQRa)F|$I%I-=3Hsg+U;{&c zL_(c2t($y#`MI1uE@m!_?R~FKqk?*!I=f$%{={u~+5K(f=5@ZzkK2LNwucNIXVp_w z0CW+j_uJ(A#P$A3(G$-|E1GemWR zYl`bXv!K4hTM7mjR|gFuo{E5gl@K;!0apc4=>M&bua1f;?A|>%bVxS}2-2ZQNI6J{ zba!`1BPET}-JJtNw={xu3JfKPFfg=q3@H4@Z{2m*ckf;I@AIB>_Pf@*_q(5GJ;%RmUsp{}OpXD6#&i?}Txo{%gn!p_|>kl5=$8or-XCw@Nb zTT^ya5ODp@R9w6@du`eK4Nc`EOTPIdLhe-~6>M<=0RwJq(cU*L|#>U{g3#2zK z7Qn24L<~Rd$KiE%yQC=ezIa6$wH^P)mtw&NvO}T@_V1||KA&n{x3;7NnFE00+%CT} zxgH{R!7}hp&V>scgxK3U(FTalBFYzdlz-Wb&0eo*e){zBvqg(#ZjP~|52B%^UFLA{Wybk%eU%O zHMK1|-R_qbvYP&5HKSW(KDw|4B~31@!be1Xdn7p?kWMK0#wu}d9|TOnM&6ki07owc z&PTmemtpU=Nu=OU7uJ3k(67Iv!0Bcr#rsgM!Oi_!&29}g+nj=hbM!`!^v1+Y+3Z4~ zE9TW>pSCNsTGv6r3|*!MgX<#M&MQX2!&a2OEi41XJ@oz3D-LSKD< zLLK=PknoRyLeYVMNiaJm&=K?xj|MVZQV>fLs;JLPtA9aED@Auqk5G;94gr{eB(``y zx&qBrS)jJD{Y5xR`Vc zJ_~@mVua5~eL}?~A6?hA5>!o!fl2e zu~g`G#g|OW{3uw)FR^a@2zxw#zpm^*TwUpXm;`yag_KieGXsTG#w%o8f3ZY-%-est zxBnUA1h4r8oNks$Fw{34z1`jD2bNeG*}N{UV7mH$IS;s`tljl%mZ3XT+Uiy^I$AQ% z?Q0?(*VmCgL4Rd^5@>;H!5naEM)LhA4EXB6&0_o}@4KNhMai2K1x)F@9eKtO`DMDYoCr3|`|Jq-KwkIV+;ik^4`L}9qPF&PHc*Y3 zJ<`&eG-VOt!BOM5=jH|g-q#zmV~0-ai|eqo$Id*~^C`9kxYgWSRfh3jXcx;_+lLm6 zuaK3D1wv*?HBYd_79%gaxk-Cw@pe?ZAF6!*WDlgkHP;9t2f#NOfdrAe)22#Md2f$x zf}66dR-SAG7gyAC>gqY#+p}O}e_~R7gZ!q_hEenhUrF+3jGQTnM%oz3*BA4@J89g7 zw953j#-gDDRQ56x$2J3)}_}f{09EtUxnRA=;&m@1m7xL~Pmc(`jiJeMf7eyCVM01U!27~l1fbdb~ zOTRy((HffY#w9vKFcdoGM)xm$#in)56y&R5igPy!VOLb-TItpb*?$kI577#-zP^b4 zT3FXye4$T0h^)XBCN zKnkha08nXkzbTl^yl$LCsn8MQmpEqJvoyd+b}nOHRS{#*aS7nIuj(xGh45}6d4C^U zN_FQXSo#nR8f&8%Kj!@ell$)~ZRUjP!ttHG>s;khL4VeRRzF^3<})s01^F`C?^ash zuZ=&PUub@^flyR?8;a#=Mk6f*wG+4c%7t{fA_s6fl?z7Fwk6Be5Z#VBVy2%d#{^5B zN+8Wn+zmbOfSU~4S*Q+#Y=@GP-IAQCR1B|*Oxcv0ZZ;K8X#*FG`Ce$<+Y&)oL1sXA znlTqsQraZ2lXG(}G^F}uPmd1C%#$Pp(KRrRj7XDrcjkKU`J*{uV`8I661w@S&4JfAlgSY0B+Z$Q^a5YwpbD9-b$NL4+`!DXYfp^0BN)eFD*?5P_vrxdHxk%u2Bm>e^PZ5Np$C?HqEV5I(!qOh_!*~wp{fEOz01n-)`({N91{LI&LhW8U?}KD z^&u(hIa)B(;oS#{eipfF(zR3hZ^i6EV(_CeUX!And^fgJy%*LlnzoTwK5g8Sb>TQ3 z%HHe@(7;cRO|PqAiYBAmr8uGHRKTxpO}M&Zr>pQ@y`G=#g&hK`(@_U}}nsSF6 z1?QUm+>SR!=bKq_-C;B-;@*My^RpkH?5_S@du0!NX5N&G&!_JEgX?>>8}jsga8WKN z9-N*xrIBkVwq5HN^l>dsf7<~sEF&zmr7RUL_euQdawSfB!vGr4dYt$y&8s%v!^O|l z+&3?QOBQb!s;?Tt=bkPrkf>J1UUV9~ubb9*a8u{CEbRZIXeS3=XMB0fw|sn$cm)o6 zAWbv7|9Z}Pe>+ea^k=o<*91g2T(GU4nFRfZ>+YzxE_(*sBV~lI89vCkwh=!?({U#V zjs*Mv4GX&bv0h0q6*nA%b@Wavu}athLP)dXo3I@OcagTkZ)s79e+Ed9MR}~1_tGg} zFW4Ha{Z%jx^7uOYpJ_x-bW~u2&cTVX(zvq7*1N0+f=JU(W-bkTG#7++Lpi1 z`W#K7ST9{$8i?Aa0$%87UmsTKYkJyFiFY@*;sB#|<-Ki&3etc?vbBB)YXUu0_es8`vFErJ(a*u`uw*THjO z@qq6e)$vw0m(3q^!X9q00mnz{IdZ0?R7dI&A5vSj+%Eq5R3f!J{RY?lznGreb#6Pb z<$A)F==b~!*M8v%ggjJhqddP9>O(LIV!x#e?J2APj2f7)=dZV>TRcQJM+q(i{{Ph= z{;&4SAK1OOZd(5EOdr({9vtlJT_vejOYJh=v~KiJp`K;EV@Vlpo~x0-4#Ws$kPj_n z$F%|;ZPjHz4o5>>2?;2Uz%RE0yv&=yTsEn~VY*NBODxzw;y5&R3=wa;7~C_ZF_ka#j7^`&8nCi(QJRTDzV)ix-W^uS@%Ph?ryJ+V>Sj z)O^EA;fX&oyBb(TxfEISHSkwzgh=iOzz=PK>%QhkDGAHBkm-@ zadD5$Z*GfE92^`1-V{vQ+;zZ%iB^cCi$52C&ItC#RA{nbdGVCEeKvAH+TmdJyS$?9 zjH+p;_ik2*qvbhGv^|W}g5z~_{&({J31o&7zw{2vNBH&q;A%jjK^3PpX_gqc)pLMB z_6m&bKY@+XbXz#tn`E!B)v7LfHERoV(GhVC5S0oZ6etqG+LMSu-0sew(1JC#o!-ue z_7nfPnRjSURpFVY%30yoehiXoIRr1Ia0vYn7{6Z{nXNA(+ZRV}UMA%@!(ODTv_36~LDM%Gr4Ryc3jg)eK;Cg&UF75$#7 z%arvPP*|_+b=SE{HhrK>LBJRlJ7xb81iV%E%agT^6VRzL;2CXPUH!p3+|^*@TNRkh z3<32tDyEN#IljojH_|VgU?F9bEMhi1ROwEKISPpS5}`m2`D0KwCE*MF=2WFLc}y*e z@UCTt%+m=$uj{C+)Jgei7xXH}9R7f3iR=qUj+_xX7SZNGO?X-_NjP;xCy`pO4Q-Be zraFJmEkOxVom!VQN2?>X?7M5#61R*Pp4s^u9H6Dji)k8LV+6y52@jkaUXeK0HO4~|MsM_|bY-2#-xbh>Q;#7LfX12N-=_v@wPp)Z&4sMJyarTr<-^VLO zIU#;Y7|w0>YslH&9p%x`(;pun_j(BV<`ZIuxwPH&B)pW|RVR{ZxG7VYpaQOo`w?g( z)^8KvLjJD&cxq`Wlt3pOu=6UE;U=JGVPQdTT_k)){ALX3L)8FBbuP%=5COC*FN4Rp z)qor7=SYUqLkPQV-dyn$GF}ANW4ZEjRHO3O&ndu~5P1KH>A%1mDy#o@Z-~N(+H7=~ z9f5oeYC5H~4o}wW<2cfMvu54q7vDeo1S;bD%DrZJ9Z3FIsxZHgXAP*s`coly0+ahLfx z1kW-s;@y@MVx^E=)(|_~u?}`e1ofV^>LJ7}OK3Ovf#A%JR+={Az3;F=+PVAe?EQYk z>O0(6cMB_ae1Q6)qp%^)qzj)R;Lok7Sl`49hDkb8)+69g0ev@J&<9cS_;U%;LWqQ1 zNIJj19?_O(Pk?_|gZ#^>@#(hA0_T?*)?RF%E#rw-WL^NRqX>g~NYj+j;+vUrS_5AE z!?qw1{$vZTuJa+yzrmOZ?I!o%?moocyF?yeLG48r4~4 zeK>Rxy>mO+Qk|c`%j>d~tAi`SXqT-P!XTM5u9U;xnV)DMW}K)da^!kBp9CobTh6+(L-Sh4!o%=+<@#}BEkgRO&b8qZI8XJj zNyeplx2WXq?+puALi~)-o33%CN(eX#P!4`1K`a5Bj1669XCJQA5J>u-PEM{KdmFGn zGSQbWs9O{gZx)@wF7gkK`C9a;8uI-DiyI@%&ygw-HB~jew&A1T{IIpzy?&eXdv0 zX^x%b^tyUIofwjAo?@n){r+yWVo{b7^I`o1;&UgW_s>Scl$bvc#l?7Rytd-K*}R$H zbE%IZTU1$u-)31#7z<*DG<@^EC&r=U_U*9^?hrb}+GGbOtl##nnLM2J-cLhJU;o{x z`{C%&dv*6$Fz1LdPz1ZE4&^6hi#FB6eFXZIzZwLb?5UN0!_LZ88pfL6-~LVv z8g72FQoyD$lq)n%^M0y&NC&Ym+R=SG3vstB8D8ylFySZUdP1G#U$;qt!vpT49{sR*PI5Z z)1I?zSMyeKO-zxDezs_xR;@d9bWg(1!MU~186VuLofw|`iSaTe)@|xyRyjHKJ${1B zSGs&^UPJ(fQq_20sF8f|c_V`&NDw3>#>nl>liW66v_SO1OdlrPNe#&B6ogw`>8Eo6hpO0th397)64W* zGsjc#HBFt12n3trF#vs%glqnLWEG`}7%WN2mOR@Vwv>0bQdM!NB`xON*Uc~9M!Zx? z4b@`f%w4dW&o~oKDy0*EEo37oV#HcddU~3+yN7#NCkUd_bCyxpPRmWvH0ZRcv0SY< zciAGqF)8fy*nkHuI8#aBsqnH3o6&Xk2-%S<>?PTD{qj{C>|xMRw`0Y@iow{cCHmWI zM|=Q)a&Q6>ROa>3xYhy(Ut#TM_tU1gQ+>QP?p`8sbLQGO_Hu;6lDme#915>D(R4uE zlp5zsw6X1eK{1Zj<{>YZ95487TbN0yA#1N+3Bw(Zo`r|PT$ljG_R_H|lFHaD##q6F zvBT8bp(Cq^y%ty1Y0HX!9N6d`+@grQhBfP+4l?I89Ln~?aQH~Lu}PwbCn>@+Je9dj|v1w^S!^OnRWW& z>m07?zHI#1E`(|`zt;N+W%essO4hLD+UG!_*iKf4Kso5if<0R2cCf180}f@v`R zQgkix{Yydb^O2+hpEsHuX^%pJe;oa+WMR}2My-TLZ8wXqg?DaxilBx~I<**RT`sT{ zy1sTl+ltC_p_EL+^9QaibpO?;T|;xif7B9<0!oI2hLWfU{{t7~q09=s>klaff4*(F z{yF&sX2wPt;ZVy$i`h`)M0chOj`#K$6*RQ9yHMT9$x}em?tMofAxaP?qux4XVfLR- ge&!l)qkjlG3vRN}xvM=y88-n185QYTNwd)Z0Tdzux&QzG literal 0 HcmV?d00001 diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..93747f39dc9 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83.json @@ -0,0 +1,213 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Internal_Operations_Diagnostics", + "CISE_Threat_Centric_NAC" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Internal_Operations_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Threat_Centric_NAC" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9bd4d444-de17-43de-beb0-89d4d4ecc187", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "9bd4d444-de17-43de-beb0-89d4d4ecc187", + "panelRefName": "panel_0", + "title": "System Diagnostics Log Stream for Threat Centric NAC [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3d8fa06f-bd70-438d-bbcb-778dc278d228", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3d8fa06f-bd70-438d-bbcb-778dc278d228", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "7dd60577-882f-4428-adf4-9ec7048032dc", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "7dd60577-882f-4428-adf4-9ec7048032dc", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "db158b71-11fd-4950-b0e4-e9e4893aaebb", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "db158b71-11fd-4950-b0e4-e9e4893aaebb", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "c6007a66-0f97-4948-a6f9-313a47c00f42", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "c6007a66-0f97-4948-a6f9-313a47c00f42", + "panelRefName": "panel_4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "1a99a183-dc6e-4412-8d81-46f53eb295f5", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "1a99a183-dc6e-4412-8d81-46f53eb295f5", + "panelRefName": "panel_5", + "title": "System Diagnostics Log Stream for Internal Operations Diagnostics [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] System Diagnostics", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "id": "cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9", + "name": "panel_5", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..5bb7ac4b744 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83.json @@ -0,0 +1,155 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Posture_and_Client_Provisioning_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Posture_and_Client_Provisioning_Audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "22a9db51-a883-4947-b41b-2c06ce7e492e", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "22a9db51-a883-4947-b41b-2c06ce7e492e", + "panelRefName": "panel_0", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "03ebbffc-5648-4560-9510-5f27f7c59da9", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "03ebbffc-5648-4560-9510-5f27f7c59da9", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "ca7116cf-93be-4a75-99e2-3ee133c367aa", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "ca7116cf-93be-4a75-99e2-3ee133c367aa", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", + "w": 48, + "x": 0, + "y": 14 + }, + "panelIndex": "b847c86c-1ef1-4ef4-afed-baac77ee2ce0", + "panelRefName": "panel_3", + "title": "Posture and Client Provisioning Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] Posture and Client Provisioning Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..92f43cd4f17 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83.json @@ -0,0 +1,148 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_System_Statistics" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_System_Statistics" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "d7a85d7c-eb7a-4f92-8f90-205c60ed892b", + "panelRefName": "panel_0", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0674168e-3642-43ed-8251-3a03f5880371", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "0674168e-3642-43ed-8251-3a03f5880371", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "57265bb8-6c32-4d2f-a3e3-376d5ab35a8d", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b3238d64-db19-4274-ae79-e2870bf314e4", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "b3238d64-db19-4274-ae79-e2870bf314e4", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] System Statistics", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..e4cdfc28870 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83.json @@ -0,0 +1,350 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Failed_Attempts", + "CISE_Passed_Authentications" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Failed_Attempts" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Passed_Authentications" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "6ec5efbd-54ba-4c2c-8213-3cfa11fa25dd", + "panelRefName": "panel_0", + "title": "Top 10 Device IP Address [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4232cb43-a1cb-45e2-8f8b-e523232e41bc", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a41df091-467a-48a5-a4c4-bfdda2c964ae", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "a41df091-467a-48a5-a4c4-bfdda2c964ae", + "panelRefName": "panel_2", + "title": "Top 10 Network Device Names [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "2ed21712-e74e-4d26-a3e8-6888e2d3ee46", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "85db9e7a-7390-4797-bef4-98b487427c43", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "85db9e7a-7390-4797-bef4-98b487427c43", + "panelRefName": "panel_4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "7b136990-2ba1-4f99-9e0b-55b00b76bbd4", + "panelRefName": "panel_5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "1f6e0bdd-f67b-431e-8634-1299c4e5a605", + "panelRefName": "panel_6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "64f258c3-4824-4d67-b083-e8e02ba926cc", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "64f258c3-4824-4d67-b083-e8e02ba926cc", + "panelRefName": "panel_7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "1ff51a84-32bb-4147-bc8a-cc5e13abfd6d", + "panelRefName": "panel_8", + "title": " Distribution of Events by User Type [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "cc4bf643-08b2-4500-841d-ad8216532309", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "cc4bf643-08b2-4500-841d-ad8216532309", + "panelRefName": "panel_9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5b616616-c8a5-44ed-ac39-cf94acf2d625", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "5b616616-c8a5-44ed-ac39-cf94acf2d625", + "panelRefName": "panel_10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "c823be14-f41c-434a-98ed-434b7da90ac9", + "w": 48, + "x": 0, + "y": 75 + }, + "panelIndex": "c823be14-f41c-434a-98ed-434b7da90ac9", + "panelRefName": "panel_11", + "title": "AAA Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] AAA Audit ", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83", + "name": "panel_11", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..5f01184b0bb --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83.json @@ -0,0 +1,474 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Authentication_Flow_Diagnostics", + "CISE_Guest", + "CISE_MyDevices", + "CISE_Identity_Stores_Diagnostics", + "CISE_Policy_Diagnostics", + "CISE_RADIUS_Diagnostics", + "CISE_AD_Connector" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Authentication_Flow_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Guest" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_MyDevices" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Identity_Stores_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Policy_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_AD_Connector" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9bad5a17-973e-428d-a97e-35e870506076", + "w": 24, + "x": 24, + "y": 105 + }, + "panelIndex": "9bad5a17-973e-428d-a97e-35e870506076", + "panelRefName": "panel_0", + "title": "AAA Diagnostics Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "a711fab4-5b3c-4772-be34-ba329076bbc3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "a711fab4-5b3c-4772-be34-ba329076bbc3", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "bbff4d11-a1cc-41ea-9834-d0a3781dbd86", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "a1145565-ccd8-4dd5-8ba2-fa9b46906a2b", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "d10d59ee-c92b-4e28-81c4-1017be59bdfb", + "panelRefName": "panel_4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0e3b4705-dd8a-42d7-9992-eefe9239160b", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "0e3b4705-dd8a-42d7-9992-eefe9239160b", + "panelRefName": "panel_5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "251e4695-f4fb-4f6d-98e0-4a822942b58d", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "251e4695-f4fb-4f6d-98e0-4a822942b58d", + "panelRefName": "panel_6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "94954f66-f728-4b2e-b7d3-024a4d21559a", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "94954f66-f728-4b2e-b7d3-024a4d21559a", + "panelRefName": "panel_7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "1156a6e4-bf5a-4628-97c1-1d48296960e2", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "1156a6e4-bf5a-4628-97c1-1d48296960e2", + "panelRefName": "panel_8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "3db21693-851e-4584-8e01-92706e033703", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "3db21693-851e-4584-8e01-92706e033703", + "panelRefName": "panel_9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "17cdfe86-a58c-4490-b253-7276fac9a458", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "17cdfe86-a58c-4490-b253-7276fac9a458", + "panelRefName": "panel_10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "457e1c7e-32ae-4969-af38-81a02e0b0341", + "w": 24, + "x": 0, + "y": 75 + }, + "panelIndex": "457e1c7e-32ae-4969-af38-81a02e0b0341", + "panelRefName": "panel_11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "efaff3d9-6694-4adc-9b22-edd21d590852", + "w": 24, + "x": 24, + "y": 75 + }, + "panelIndex": "efaff3d9-6694-4adc-9b22-edd21d590852", + "panelRefName": "panel_12", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "68e83de8-a2b3-4531-9e7a-80812495ef75", + "w": 24, + "x": 0, + "y": 90 + }, + "panelIndex": "68e83de8-a2b3-4531-9e7a-80812495ef75", + "panelRefName": "panel_13", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", + "w": 24, + "x": 24, + "y": 90 + }, + "panelIndex": "9246074a-85cc-4cc3-a2df-6ebfe2db993e", + "panelRefName": "panel_14", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", + "w": 24, + "x": 0, + "y": 105 + }, + "panelIndex": "49bb018b-cab3-41c8-91b7-cdc8e30453dc", + "panelRefName": "panel_15", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] AAA Diagnostics", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "id": "cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_15", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..0a2c516e467 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83.json @@ -0,0 +1,303 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_RADIUS_Accounting", + "CISE_TACACS_Accounting" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Accounting" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_TACACS_Accounting" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "c9b722c7-e508-4447-8112-230e3858b5b8", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "c9b722c7-e508-4447-8112-230e3858b5b8", + "panelRefName": "panel_0", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "216c30b3-1a72-498f-939b-11462bb0adb7", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "216c30b3-1a72-498f-939b-11462bb0adb7", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "8edd6fd7-b66b-4ee6-b542-b1e7ccd26fa4", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "b6b0bc79-1ddb-461b-97c4-f814c1267e58", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", + "w": 16, + "x": 0, + "y": 30 + }, + "panelIndex": "77492870-ccbf-400a-ae2e-97fe9f39cd0d", + "panelRefName": "panel_4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "9abde76e-d49b-409c-924b-dd9c81c1dcea", + "w": 16, + "x": 16, + "y": 30 + }, + "panelIndex": "9abde76e-d49b-409c-924b-dd9c81c1dcea", + "panelRefName": "panel_5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "ec663b72-467e-4ec0-ae7f-f023109ea50f", + "w": 16, + "x": 32, + "y": 30 + }, + "panelIndex": "ec663b72-467e-4ec0-ae7f-f023109ea50f", + "panelRefName": "panel_6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "044c8085-11e7-40e3-a09b-bd994ce198aa", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "044c8085-11e7-40e3-a09b-bd994ce198aa", + "panelRefName": "panel_7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "6e5ca98d-df46-45a1-8014-cf16a3028dc2", + "panelRefName": "panel_8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "371949ed-d67c-438f-a91a-3875e86edaf8", + "w": 48, + "x": 0, + "y": 60 + }, + "panelIndex": "371949ed-d67c-438f-a91a-3875e86edaf8", + "panelRefName": "panel_9", + "title": "Accounting Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] Accounting", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83", + "name": "panel_9", + "type": "search" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..82a68304912 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83.json @@ -0,0 +1,196 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Administrative_and_Operational_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Administrative_and_Operational_Audit" + } + } + } + ], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "70611ce1-8cc4-4e59-bca1-2f60acd5603f", + "panelRefName": "panel_0", + "title": "Administrative and Operational Audit Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "973be120-1985-476b-939a-b0b82e570d33", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "973be120-1985-476b-939a-b0b82e570d33", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "755e7622-d79b-4ffc-a60f-df3b3dddeb86", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "e63be268-5af1-469b-aba7-89d3d43e2d00", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "e63be268-5af1-469b-aba7-89d3d43e2d00", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "09a67f64-cb54-4976-a2a4-3fe6d891a44b", + "panelRefName": "panel_4", + "title": " Distribution of Events by Failure Flag [Logs Cisco ISE]", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "d18cccfc-3613-4ca0-9a7a-9ff58bf40e7f", + "panelRefName": "panel_5", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] Administrative and Operational Audit", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "id": "cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..d964b2a8d08 --- /dev/null +++ b/packages/cisco_ise/kibana/dashboard/cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "5034ffff-f024-4fac-94c2-8aa800dfe04d", + "w": 48, + "x": 0, + "y": 13 + }, + "panelIndex": "5034ffff-f024-4fac-94c2-8aa800dfe04d", + "panelRefName": "panel_0", + "title": "Log Stream [Logs Cisco ISE]", + "type": "search", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "5864db90-ff57-40e6-b605-b6d86b7fea43", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "5864db90-ff57-40e6-b605-b6d86b7fea43", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 13, + "i": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "06cec002-64bd-4f18-a966-1b6fc2bfd4cf", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.17.0" + } + ], + "timeRestore": false, + "title": "[Cisco ISE] Cisco ISE Overview", + "version": 1 + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-ed406dd0-a0ff-11ec-a0a2-1598702abf83", + "migrationVersion": { + "dashboard": "7.17.0" + }, + "references": [ + { + "id": "cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83", + "name": "panel_0", + "type": "search" + }, + { + "id": "cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json b/packages/cisco_ise/kibana/search/cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json new file mode 100644 index 00000000000..c38c4b07585 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.logger.name", + "cisco_ise.log.message.description" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Internal_Operations_Diagnostics", + "CISE_Threat_Centric_NAC" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Internal_Operations_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Threat_Centric_NAC" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "System Diagnostics Search 1" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..a15103fcc05 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.category.name", + "cisco_ise.log.message.description" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_AD_Connector", + "CISE_Authentication_Flow_Diagnostics", + "CISE_Guest", + "CISE_Identity_Stores_Diagnostics", + "CISE_MyDevices", + "CISE_RADIUS_Diagnostics", + "CISE_Policy_Diagnostics" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_AD_Connector" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Authentication_Flow_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Guest" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Identity_Stores_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_MyDevices" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Diagnostics" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Policy_Diagnostics" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "AAA Diagnostics search" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..b34ae89ceb4 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.operation.id", + "cisco_ise.log.operation.status", + "cisco_ise.log.operation.type" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Posture_and_Client_Provisioning_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Posture_and_Client_Provisioning_Audit" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Posture and Client Provisioning Audit search" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..ca5a8645180 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83.json @@ -0,0 +1,44 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.message.description", + "log.syslog.priority", + "event.original", + "cisco_ise.log.category.name", + "log.level" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Cisco ISE Search" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..34011c297ee --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json @@ -0,0 +1,63 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.message.description", + "cisco_ise.log.operation_message.text" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Administrative_and_Operational_Audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Administrative_and_Operational_Audit" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [], + "title": "Administrative and Operational Audit" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..44004def1e4 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "columns": [ + "client.ip", + "cisco_ise.log.operation_message.text", + "cisco_ise.log.message.description", + "cisco_ise.log.category.name" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_Failed_Attempts", + "CISE_Passed_Authentications" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Failed_Attempts" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Passed_Authentications" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "AAA Audit search" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..54ebfc78fc0 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83.json @@ -0,0 +1,69 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.adapter_instance.name", + "cisco_ise.log.status", + "cisco_ise.log.connectivity" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": { + "query": "CISE_Threat_Centric_NAC" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_Threat_Centric_NAC" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "System Diagnostics search 2" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/search/cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/search/cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..dc5d1449c90 --- /dev/null +++ b/packages/cisco_ise/kibana/search/cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83.json @@ -0,0 +1,81 @@ +{ + "attributes": { + "columns": [ + "cisco_ise.log.message.description", + "cisco_ise.log.category.name" + ], + "description": "", + "grid": {}, + "hideChart": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cisco_ise.log.category.name", + "negate": false, + "params": [ + "CISE_RADIUS_Accounting", + "CISE_TACACS_Accounting" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_RADIUS_Accounting" + } + }, + { + "match_phrase": { + "cisco_ise.log.category.name": "CISE_TACACS_Accounting" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Accounting search" + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..3725291c8a5 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Failed Attempts by Radius Packet Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Radius Packet Type", + "field": "cisco_ise.log.radius_packet.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Distribution of Failed Attempts by Radius Packet Type [Logs Cisco ISE]", + "type": "histogram" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-012b7990-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..1510a47a1e6 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Network Device Profile for TACACS Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Profile ", + "field": "cisco_ise.log.network.device.profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Network Device Profile for TACACS Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-027d6310-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..1e1f32c7be9 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Authentication Method [Logs Cisco ISE]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Method", + "field": "cisco_ise.log.authentication.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Authentication Method [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-050c3630-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..a180b3f6ca5 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Service for TACACS Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Service Name", + "field": "cisco_ise.log.service.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Service for TACACS Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-06ba9790-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..39b654ccbd4 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Controls [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "cisco_ise.log.category.name", + "id": "1646939756945", + "indexPatternRefName": "control_0_index_pattern", + "label": "Log Category", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "log.level", + "id": "1646939807026", + "indexPatternRefName": "control_1_index_pattern", + "label": "Log Severity", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "title": "Controls [Logs Cisco ISE]", + "type": "input_control_vis" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-0750e560-a2c2-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..28376e6828a --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by NAS Port Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS Port Type", + "field": "cisco_ise.log.nas.port.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Distribution of Events by NAS Port Type [Logs Cisco ISE]", + "type": "histogram" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-0aeabea0-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..c19955d0a7d --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83.json @@ -0,0 +1,34 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Dashboards", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "**[AAA Audit](\u003c#/dashboard/cisco_ise-92227880-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[AAA Diagnostics](\u003c#/dashboard/cisco_ise-a09f1e90-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Accounting](\u003c#/dashboard/cisco_ise-aea97ad0-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Administrative and Operational Audit](\u003c#/dashboard/cisco_ise-d320a780-a0ff-11ec-a0a2-1598702abf83\u003e)**\n\n**[Posture and Client Provisioning Audit](\u003c#/dashboard/cisco_ise-1eaf5e30-a114-11ec-a0a2-1598702abf83\u003e)**\n\n**[System Diagnostics](\u003c#/dashboard/cisco_ise-04d54380-a100-11ec-a0a2-1598702abf83\u003e)**\n\n**[System Statistics](\u003c#/dashboard/cisco_ise-2506b030-a100-11ec-a0a2-1598702abf83\u003e)**\n\n", + "openLinksInNewTab": true + }, + "title": "Dashboards", + "type": "markdown" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-0b577980-a2c2-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..2405fb61a29 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Admin Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Name", + "field": "client.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Admin Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-1b9e7f50-a2c2-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..9448a27b9f1 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Operation Status [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation Status", + "field": "cisco_ise.log.operation.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Operation Status [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-2228ff30-a2c2-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..8c34cbe9d1d --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Model Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Model Name", + "field": "cisco_ise.log.model.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Model Name [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-2bba8e30-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..faaf2cd7b10 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Operation Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation Type", + "field": "cisco_ise.log.operation.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Operation Type [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-3153bf90-a2c2-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..d8385f1b6d9 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Network Device Profile Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Profile Name", + "field": "cisco_ise.log.network.device.profile_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Network Device Profile Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-34024e70-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..dfecdba0916 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Portals Used [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Portal Name", + "field": "cisco_ise.log.portal.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Portals Used [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-3b4f8210-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..91b26557de8 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Adapter Instance Name for Threat Centric NAC [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Adapter Instance Name", + "field": "cisco_ise.log.adapter_instance.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Adapter Instance Name for Threat Centric NAC [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-581310d0-a0fc-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..1845b25e14a --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "CPU Utilization Over Time [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "da582c56-5800-465a-a7e7-b2f0ab6df619", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "e6d7aa64-0073-4cf0-a69a-8eb06867f465", + "label": "CPU Utilization ", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.cpu", + "id": "cf165805-c812-4988-9c1a-ea442e767edc", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "CPU Utilization Over Time [Logs Cisco ISE]", + "type": "metrics" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-59f3a390-a0ef-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..525b268b6aa --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Memory Utilization Over Time [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "eb6e177b-8e7e-4d71-ac31-db9346ccb88b", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "b1c76318-e21a-4547-979f-45ab45e40dd6", + "label": "Memory Utilization", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.memory", + "id": "3ee7cec2-d8fd-4601-8b57-40922cddfc56", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Memory Utilization Over Time [Logs Cisco ISE]", + "type": "metrics" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-5ebcc460-a0ef-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..672b753011c --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83.json @@ -0,0 +1,78 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Disk IO Utilization Over Time [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "ea254bb6-fa55-42c5-b3d6-39127b9d0901", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "18a38b8f-685b-4dce-b54a-d18a9b013d1d", + "label": "Disk IO Utilization", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.disk.io", + "id": "8d17df3d-e242-4871-b5f0-60a358e23361", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Disk IO Utilization Over Time [Logs Cisco ISE]", + "type": "metrics" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-61fad860-a0ef-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..3c61a3483df --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Threat Centric NAC by Connectivity [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Connectivity", + "field": "cisco_ise.log.connectivity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Threat Centric NAC by Connectivity [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-63dca4d0-a0fc-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..94daf2ccf6a --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Utilization Load Average Over Time [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "3ec57505-d66e-4bb7-b331-42eb113c6268", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "fb9524f8-52cd-4bb1-9a96-90a0a600d3f6", + "label": "Utilization load average ", + "line_width": 1, + "metrics": [ + { + "field": "cisco_ise.log.sysstats.utilization.load_avg", + "id": "3ce8aa40-c99c-4760-9449-9a4e14cfe06d", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "terms_field": null, + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": false + }, + "title": "Utilization Load Average Over Time [Logs Cisco ISE]", + "type": "metrics" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-65d46910-a0ef-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..c1517a10177 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 User Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 User Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-66fd57b0-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..d4b499147bf --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Logger Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Logger Name", + "field": "cisco_ise.log.logger.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Logger Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-68a0bc90-a0fc-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..7d3a959f903 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Threat Centric NAC by Status [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Status", + "field": "cisco_ise.log.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Threat Centric NAC by Status [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-6d984060-a0fc-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..dd645a73d77 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 AD IP Address for AD Connector [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AD IP Address", + "field": "cisco_ise.log.ad.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 AD IP Address for AD Connector [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-6e302580-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..2ab128e935b --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Device IP [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Device IP [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-73fafee0-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..1a88e77b5bc --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 IP Address For AAA Diagnostics [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP Address", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 IP Address For AAA Diagnostics [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-78c07630-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..9a1fbbabfe1 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Authentication Method for AAA Diagnostics [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Method", + "field": "cisco_ise.log.authentication.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Distribution of Events by Authentication Method for AAA Diagnostics [Logs Cisco ISE]", + "type": "histogram" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-80d71450-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..bd6d2b40c41 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Admin Interface [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Interface", + "field": "cisco_ise.log.admin.interface", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Distribution of Events by Admin Interface [Logs Cisco ISE]", + "type": "histogram" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-84d3a0e0-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..93993647c4f --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Client IP for Administrative and Operational Audit [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client IP", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Client IP for Administrative and Operational Audit [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-8794e3c0-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..40d87999d27 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Current ID Store Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Current ID Store Name", + "field": "cisco_ise.log.currentid.store_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Distribution of Events by Current ID Store Name [Logs Cisco ISE]", + "type": "histogram" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-88ae5f80-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..b33b95d3b2c --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by User Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Type", + "field": "cisco_ise.log.user.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by User Type [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-8a8cb1e0-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..bdfc776b633 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Selected Access Service [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Selected Access Service", + "field": "cisco_ise.log.selected.access.service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Selected Access Service [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-8dad8470-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..e99a4350366 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Object Type [Logs Cisco ISE]", + "uiStateJSON": { + "table": null, + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Object Type", + "field": "cisco_ise.log.object.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Object Type [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-941348d0-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..cc0dc8740a8 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Authentication Identity Store [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Authentication Identity Store", + "field": "cisco_ise.log.authentication.identity_store", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Authentication Identity Store [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-944f35d0-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..e490bc47282 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Radius Diagnostics by EAP Authentication [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "EAP Authentication", + "field": "cisco_ise.log.eap.authentication", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Radius Diagnostics by EAP Authentication [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-984ddab0-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..b0a45277f32 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Radius Diagnostics by EAP Tunnel [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "EAP Tunnel", + "field": "cisco_ise.log.eap.tunnel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Radius Diagnostics by EAP Tunnel [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-9bc06c30-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..cd2b7ee74b4 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Portal Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Portal Name", + "field": "cisco_ise.log.portal.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Portal Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-9fe20260-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..bebf9363400 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Failure Flag [Logs Cisco ISE]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Failure Flag", + "field": "cisco_ise.log.failure.flag", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Failure Flag [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-a3da4930-a0fb-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json b/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json new file mode 100644 index 00000000000..336ca593bab --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Admin Name [Logs Cisco ISE]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Admin Name", + "field": "client.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Admin Name [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-af96b550-a502-11ec-ab9d-4b8e737a22d9", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..31c5b04a296 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Guest User Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Guest User Name", + "field": "cisco_ise.log.guest.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Guest User Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-b4f66430-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..14acc536067 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Device Name for My Devices [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Name", + "field": "cisco_ise.log.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Device Name for My Devices [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-b963a960-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..b36d0f7726f --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Policy Diagnostics by Policy Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Policy Type", + "field": "cisco_ise.log.policy.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Policy Diagnostics by Policy Type [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-bee544c0-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..c6f8a5a2dd8 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 NAS IP Address for Radius Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS IP Address", + "field": "cisco_ise.log.nas.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 NAS IP Address for Radius Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-c9dd8990-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..717352e568b --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of AD Connector Events by AD Hostname [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "AD Hostname", + "field": "cisco_ise.log.ad.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of AD Connector Events by AD Hostname [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-d6278da0-a0f9-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..7568d223738 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Radius Accounting by NAS Port Type [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "NAS Port Type", + "field": "cisco_ise.log.nas.port.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Radius Accounting by NAS Port Type [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-e419b180-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..13dad2d27c3 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Radius Accounting by Accounting Terminate Cause [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Accounting Terminate Cause", + "field": "cisco_ise.log.acct.terminate_cause", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Radius Accounting by Accounting Terminate Cause [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-e959b000-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..231252df1cf --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Device IP Address [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Device IP Address [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f03a5110-a0f8-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..cb3adacde0f --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Device IP Address for Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device IP Address", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Device IP Address for Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f0977a50-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..78301070676 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Protocol [Logs Cisco ISE]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocol", + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Protocol [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f484a4f0-a0f8-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..2cc417aa02c --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Network Device Name for Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Name", + "field": "cisco_ise.log.network.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Network Device Name for Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f5a39790-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..0863e10dee1 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 Network Device Names [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Network Device Name", + "field": "cisco_ise.log.network.device.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 Network Device Names [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-f8c64640-a0f8-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..610872dfbe3 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 User Name for Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 User Name for Accounting [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-fb519a20-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..f94ea82be40 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Top 10 User Name [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "title": "Top 10 User Name [Logs Cisco ISE]", + "type": "table" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-fd5bace0-a0f8-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json b/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json new file mode 100644 index 00000000000..dd80bd9bec2 --- /dev/null +++ b/packages/cisco_ise/kibana/visualization/cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset : \"cisco_ise.log\" " + } + } + }, + "title": "Distribution of Events by Selected Access Service for Accounting [Logs Cisco ISE]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Selected Access Service", + "field": "cisco_ise.log.selected.access.service", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": true, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Distribution of Events by Selected Access Service for Accounting [Logs Cisco ISE]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.17.0", + "id": "cisco_ise-ff685ae0-a0fa-11ec-a0a2-1598702abf83", + "migrationVersion": { + "visualization": "7.17.0" + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization" +} \ No newline at end of file diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml new file mode 100644 index 00000000000..17b83743aae --- /dev/null +++ b/packages/cisco_ise/manifest.yml @@ -0,0 +1,98 @@ +format_version: 1.0.0 +name: cisco_ise +title: Cisco ISE +version: 0.1.0 +license: basic +description: Collect logs from Cisco ISE with Elastic Agent. +type: integration +categories: + - security +release: beta +conditions: + kibana.version: ^7.17.0 || ^8.0.0 +screenshots: + - src: /img/cisco-ise-screenshot.png + title: Cisco ISE dashboard screenshot + size: 600x600 + type: image/png +icons: + - src: /img/cisco-ise-logo.svg + title: Cisco ISE logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: Cisco ISE + title: Cisco_ISE logs + description: Collect cisco_ise logs + inputs: + - type: tcp + title: Collect Cisco ISE logs via TCP input + description: Collecting Cisco ISE logs via TCP input + vars: + - name: listen_address + type: text + title: Listen Address + description: The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces. + multi: false + required: true + show_user: true + default: localhost + - name: listen_port + type: integer + title: Listen Port + description: The TCP port number to listen on. + multi: false + required: true + show_user: true + default: 9025 + - name: ssl + type: yaml + title: SSL Configuration + description: i.e. certificate_authorities, supported_protocols, verification_mode etc. + multi: false + required: false + show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- + - type: udp + title: Collect Cisco ISE logs via UDP input + description: Collecting Cisco ISE logs via UDP input + vars: + - name: listen_address + type: text + title: Listen Address + description: The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces. + multi: false + required: true + show_user: true + default: localhost + - name: listen_port + type: integer + title: Listen Port + description: The UDP port number to listen on. + multi: false + required: true + show_user: true + default: 9026 +owner: + github: elastic/security-external-integrations From df17ee1ab425aa089f06f3df25ee914a81178f9b Mon Sep 17 00:00:00 2001 From: sunny-elastic <95292585+sunny-elastic@users.noreply.github.com> Date: Mon, 25 Apr 2022 15:00:33 +0530 Subject: [PATCH 18/23] Spring boot package [Memory - data stream] (#2979) * Spring boot package [Memory - data stream] * addressed review comments * add descriptions and update CODEOWNERS * update manifest * update manifest * resolved CI/CD issue * update the nesting structure * update manifest * update stream.yml.hbs file * resolve CI/CD issue * removed extra ecs fields * update README.md * update ecs field * update description Co-authored-by: yug-elastic <96041884+yug-elastic@users.noreply.github.com> --- .../spring_boot/_dev/build/docs/README.md | 12 ++ packages/spring_boot/changelog.yml | 5 + .../_dev/test/system/test-default-config.yml | 6 + .../memory/agent/stream/stream.yml.hbs | 47 +++++++ .../elasticsearch/ingest_pipeline/default.yml | 38 ++++++ .../data_stream/memory/fields/base-fields.yml | 12 ++ .../data_stream/memory/fields/ecs.yml | 16 +++ .../data_stream/memory/fields/fields.yml | 84 ++++++++++++ .../data_stream/memory/manifest.yml | 21 +++ .../data_stream/memory/sample_event.json | 78 +++++++++++ packages/spring_boot/docs/README.md | 126 ++++++++++++++++++ packages/spring_boot/manifest.yml | 42 +++++- 12 files changed, 486 insertions(+), 1 deletion(-) create mode 100644 packages/spring_boot/data_stream/memory/_dev/test/system/test-default-config.yml create mode 100644 packages/spring_boot/data_stream/memory/agent/stream/stream.yml.hbs create mode 100644 packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/spring_boot/data_stream/memory/fields/base-fields.yml create mode 100644 packages/spring_boot/data_stream/memory/fields/ecs.yml create mode 100644 packages/spring_boot/data_stream/memory/fields/fields.yml create mode 100644 packages/spring_boot/data_stream/memory/manifest.yml create mode 100644 packages/spring_boot/data_stream/memory/sample_event.json diff --git a/packages/spring_boot/_dev/build/docs/README.md b/packages/spring_boot/_dev/build/docs/README.md index e423759a5e0..b269b95eeb0 100644 --- a/packages/spring_boot/_dev/build/docs/README.md +++ b/packages/spring_boot/_dev/build/docs/README.md @@ -47,3 +47,15 @@ This is the `http_trace` data stream. {{event "http_trace"}} {{fields "http_trace"}} + +## Metrics + +### Memory Metrics + +This is the `memory` data stream. + +- This data stream gives metrics related to heap and non-heap memory, buffer pool and manager. + +{{event "memory"}} + +{{fields "memory"}} \ No newline at end of file diff --git a/packages/spring_boot/changelog.yml b/packages/spring_boot/changelog.yml index 79f201be8a6..b51f1e84b46 100644 --- a/packages/spring_boot/changelog.yml +++ b/packages/spring_boot/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: memory data stream of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/2979 - version: "0.2.0" changes: - description: http_trace data stream of the package diff --git a/packages/spring_boot/data_stream/memory/_dev/test/system/test-default-config.yml b/packages/spring_boot/data_stream/memory/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..3fc097c4279 --- /dev/null +++ b/packages/spring_boot/data_stream/memory/_dev/test/system/test-default-config.yml @@ -0,0 +1,6 @@ +vars: + hosts: http://springboot:8090/actuator/jolokia + path: /jolokia/?ignoreErrors=true&canonicalNaming=false +input: jolokia/metrics +data_stream: + vars: ~ diff --git a/packages/spring_boot/data_stream/memory/agent/stream/stream.yml.hbs b/packages/spring_boot/data_stream/memory/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..68a8353beec --- /dev/null +++ b/packages/spring_boot/data_stream/memory/agent/stream/stream.yml.hbs @@ -0,0 +1,47 @@ +metricsets: ["jmx"] +namespace: "metrics" +hosts: {{hosts}} +http_method: "GET" +path: {{path}} +username: {{username}} +password: {{password}} +period: {{period}} +{{#if ssl}} +ssl: {{ssl}} +{{/if}} +jmx.mappings: + - mbean: 'java.lang:type=Memory' + attributes: + - attr: HeapMemoryUsage + field: heap + - attr: NonHeapMemoryUsage + field: non_heap + - mbean: 'java.nio:name=direct,type=BufferPool' + attributes: + - attr: TotalCapacity + field: buffer_pool.direct.total_capacity + - attr: MemoryUsed + field: buffer_pool.direct.used + - attr: Count + field: buffer_pool.direct.count + - mbean: 'java.nio:name=mapped,type=BufferPool' + attributes: + - attr: TotalCapacity + field: buffer_pool.mapped.total_capacity + - attr: MemoryUsed + field: buffer_pool.mapped.used + - attr: Count + field: buffer_pool.mapped.count + - mbean: 'java.lang:name=CodeCacheManager,type=MemoryManager' + attributes: + - attr: Valid + field: manager.code_cache.valid + - attr: Name + field: manager.code_cache.name + - mbean: 'java.lang:name=Metaspace Manager,type=MemoryManager' + attributes: + - attr: Valid + field: manager.metaspace.valid + - attr: Name + field: manager.metaspace.name + \ No newline at end of file diff --git a/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..6989bb1873a --- /dev/null +++ b/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,38 @@ +--- +description: Pipeline for parsing Spring Boot Memory metrics. +processors: + - set: + field: ecs.version + value: "8.1.0" + - rename: + field: message + target_field: event.original + ignore_missing: true + - rename: + field: jolokia.metrics + target_field: spring_boot.memory + ignore_missing: true + ignore_failure: true + - set: + field: event.type + value: info + - set: + field: event.kind + value: metric + - set: + field: event.category + value: database + - set: + field: event.module + value: spring_boot + - set: + field: event.dataset + value: spring_boot.memory + - remove: + field: jolokia + ignore_missing: true + ignore_failure: true +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/packages/spring_boot/data_stream/memory/fields/base-fields.yml b/packages/spring_boot/data_stream/memory/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/spring_boot/data_stream/memory/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/spring_boot/data_stream/memory/fields/ecs.yml b/packages/spring_boot/data_stream/memory/fields/ecs.yml new file mode 100644 index 00000000000..666902b9439 --- /dev/null +++ b/packages/spring_boot/data_stream/memory/fields/ecs.yml @@ -0,0 +1,16 @@ +- external: ecs + name: ecs.version +- external: ecs + name: error.message +- external: ecs + name: event.category +- external: ecs + name: event.dataset +- external: ecs + name: event.kind +- external: ecs + name: event.module +- external: ecs + name: service.address +- external: ecs + name: service.type diff --git a/packages/spring_boot/data_stream/memory/fields/fields.yml b/packages/spring_boot/data_stream/memory/fields/fields.yml new file mode 100644 index 00000000000..4136734f342 --- /dev/null +++ b/packages/spring_boot/data_stream/memory/fields/fields.yml @@ -0,0 +1,84 @@ +- name: spring_boot + type: group + fields: + - name: memory + type: group + fields: + - name: buffer_pool + type: group + fields: + - name: direct + type: group + fields: + - name: count + type: long + description: Count of direct buffer pool memory + - name: used + type: long + description: Used memory of direct buffer pool + - name: total_capacity + type: long + description: Total capacity of direct buffer pool memory + - name: mapped + type: group + fields: + - name: count + type: long + description: Count of mapped buffer pool memory + - name: used + type: long + description: Used memory of mapped buffer pool + - name: total_capacity + type: long + description: Total capacity of mapped buffer pool memory + - name: heap + type: group + fields: + - name: committed + type: long + description: Committed heap memory usage of JVM + - name: init + type: long + description: Init heap memory usage of JVM + - name: max + type: long + description: Max heap memory usage of JVM + - name: used + type: long + description: Used heap memory usage of JVM + - name: non_heap + type: group + fields: + - name: committed + type: long + description: Committed non-heap memory usage of JVM + - name: init + type: long + description: Init non-heap memory usage of JVM + - name: max + type: long + description: Max non-heap memory usage of JVM + - name: used + type: long + description: Used non-heap memory usage of JVM + - name: manager + type: group + fields: + - name: code_cache + type: group + fields: + - name: name + type: keyword + description: Name of the cacheManager to qualify the cache + - name: valid + type: boolean + description: Validation of code cache + - name: metaspace + type: group + fields: + - name: name + type: keyword + description: Name of the Metaspace Manager to qualify the cache + - name: valid + type: boolean + description: Validation of metaspace manager diff --git a/packages/spring_boot/data_stream/memory/manifest.yml b/packages/spring_boot/data_stream/memory/manifest.yml new file mode 100644 index 00000000000..c24c1b9de44 --- /dev/null +++ b/packages/spring_boot/data_stream/memory/manifest.yml @@ -0,0 +1,21 @@ +title: Memory Metrics +type: metrics +streams: + - input: jolokia/metrics + template_path: stream.yml.hbs + title: Memory metrics + description: Collect Spring Boot Memory metrics. + vars: + - name: period + type: text + title: Period + default: 60s + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + diff --git a/packages/spring_boot/data_stream/memory/sample_event.json b/packages/spring_boot/data_stream/memory/sample_event.json new file mode 100644 index 00000000000..cf75025be64 --- /dev/null +++ b/packages/spring_boot/data_stream/memory/sample_event.json @@ -0,0 +1,78 @@ +{ + "@timestamp": "2022-04-20T13:03:45.533Z", + "agent": { + "ephemeral_id": "c9cba3ad-ab82-4f17-95b1-a92257a086b0", + "id": "f7cd0ea7-4d35-4573-956a-021aa2718bbe", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "data_stream": { + "dataset": "spring_boot.memory", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "f7cd0ea7-4d35-4573-956a-021aa2718bbe", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "category": "database", + "dataset": "spring_boot.memory", + "duration": 498219023, + "ingested": "2022-04-20T13:03:48Z", + "kind": "metric", + "module": "spring_boot", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.144.4" + ], + "mac": [ + "02:42:c0:a8:90:04" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.59.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://springboot:8090/actuator/jolokia", + "type": "jolokia" + }, + "spring_boot": { + "memory": { + "heap": { + "committed": 303038464, + "init": 96468992, + "max": 1350041600, + "used": 135078232 + }, + "non_heap": { + "committed": 60882944, + "init": 2555904, + "max": -1, + "used": 55917256 + } + } + } +} \ No newline at end of file diff --git a/packages/spring_boot/docs/README.md b/packages/spring_boot/docs/README.md index 9a4b277d286..7b4d8d7ebb0 100644 --- a/packages/spring_boot/docs/README.md +++ b/packages/spring_boot/docs/README.md @@ -225,3 +225,129 @@ An example event for `http_trace` looks as following: | spring_boot.http_trace.session | Session associated with the exchange | keyword | | tags | List of keywords used to tag each event. | keyword | + +## Metrics + +### Memory Metrics + +This is the `memory` data stream. + +- This data stream gives metrics related to heap and non-heap memory, buffer pool and manager. + +An example event for `memory` looks as following: + +```json +{ + "@timestamp": "2022-04-20T13:03:45.533Z", + "agent": { + "ephemeral_id": "c9cba3ad-ab82-4f17-95b1-a92257a086b0", + "id": "f7cd0ea7-4d35-4573-956a-021aa2718bbe", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.1.0" + }, + "data_stream": { + "dataset": "spring_boot.memory", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.1.0" + }, + "elastic_agent": { + "id": "f7cd0ea7-4d35-4573-956a-021aa2718bbe", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "category": "database", + "dataset": "spring_boot.memory", + "duration": 498219023, + "ingested": "2022-04-20T13:03:48Z", + "kind": "metric", + "module": "spring_boot", + "type": "info" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "192.168.144.4" + ], + "mac": [ + "02:42:c0:a8:90:04" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.59.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.3 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "jmx", + "period": 60000 + }, + "service": { + "address": "http://springboot:8090/actuator/jolokia", + "type": "jolokia" + }, + "spring_boot": { + "memory": { + "heap": { + "committed": 303038464, + "init": 96468992, + "max": 1350041600, + "used": 135078232 + }, + "non_heap": { + "committed": 60882944, + "init": 2555904, + "max": -1, + "used": 55917256 + } + } + } +} +``` + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Event timestamp. | date | +| data_stream.dataset | Data stream dataset. | constant_keyword | +| data_stream.namespace | Data stream namespace. | constant_keyword | +| data_stream.type | Data stream type. | constant_keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| error.message | Error message. | match_only_text | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| spring_boot.memory.buffer_pool.direct.count | Count of direct buffer pool memory | long | +| spring_boot.memory.buffer_pool.direct.total_capacity | Total capacity of direct buffer pool memory | long | +| spring_boot.memory.buffer_pool.direct.used | Used memory of direct buffer pool | long | +| spring_boot.memory.buffer_pool.mapped.count | Count of mapped buffer pool memory | long | +| spring_boot.memory.buffer_pool.mapped.total_capacity | Total capacity of mapped buffer pool memory | long | +| spring_boot.memory.buffer_pool.mapped.used | Used memory of mapped buffer pool | long | +| spring_boot.memory.heap.committed | Committed heap memory usage of JVM | long | +| spring_boot.memory.heap.init | Init heap memory usage of JVM | long | +| spring_boot.memory.heap.max | Max heap memory usage of JVM | long | +| spring_boot.memory.heap.used | Used heap memory usage of JVM | long | +| spring_boot.memory.manager.code_cache.name | Name of the cacheManager to qualify the cache | keyword | +| spring_boot.memory.manager.code_cache.valid | Validation of code cache | boolean | +| spring_boot.memory.manager.metaspace.name | Name of the Metaspace Manager to qualify the cache | keyword | +| spring_boot.memory.manager.metaspace.valid | Validation of metaspace manager | boolean | +| spring_boot.memory.non_heap.committed | Committed non-heap memory usage of JVM | long | +| spring_boot.memory.non_heap.init | Init non-heap memory usage of JVM | long | +| spring_boot.memory.non_heap.max | Max non-heap memory usage of JVM | long | +| spring_boot.memory.non_heap.used | Used non-heap memory usage of JVM | long | diff --git a/packages/spring_boot/manifest.yml b/packages/spring_boot/manifest.yml index 737ed2dfda6..f2073cba0e0 100644 --- a/packages/spring_boot/manifest.yml +++ b/packages/spring_boot/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: spring_boot title: Spring Boot -version: 0.2.0 +version: 0.3.0 license: basic description: This Elastic integration collects logs and metrics from Spring Boot integration. type: integration @@ -40,5 +40,45 @@ policy_templates: required: false show_user: false default: "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE----- \n" + - type: jolokia/metrics + title: Collect Spring Boot metrics of Memory. + description: Collecting metrics from Spring Boot of Memory. + vars: + - name: path + type: text + title: Path + multi: false + required: true + show_user: false + default: /jolokia/?ignoreErrors=true&canonicalNaming=false + - name: username + type: text + title: Username + multi: false + required: false + show_user: false + default: actuator + - name: password + type: password + title: Password + multi: false + required: false + show_user: false + default: actuator + - name: hosts + type: text + title: Hosts + multi: false + required: true + show_user: true + description: "Host for Spring Boot metrics. (example: http://localhost:8090/actuator/jolokia)." + - name: ssl + type: yaml + title: SSL Configuration + description: i.e. certificate_authorities, supported_protocols, verification_mode etc. + multi: false + required: false + show_user: false + default: "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE----- \n" owner: github: elastic/obs-service-integrations From 063c16a83acea5ff9373d588759d67b8abc4e5ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Apr 2022 13:42:33 +0200 Subject: [PATCH 19/23] Bump github.com/elastic/elastic-package from 0.46.0 to 0.47.0 (#3182) Bumps [github.com/elastic/elastic-package](https://github.com/elastic/elastic-package) from 0.46.0 to 0.47.0. - [Release notes](https://github.com/elastic/elastic-package/releases) - [Changelog](https://github.com/elastic/elastic-package/blob/main/.goreleaser.yml) - [Commits](https://github.com/elastic/elastic-package/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: github.com/elastic/elastic-package dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- go.mod | 18 ++++---- go.sum | 144 ++++++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 120 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index c368fa0c756..c8e19e7138a 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/blang/semver v3.5.1+incompatible - github.com/elastic/elastic-package v0.46.0 + github.com/elastic/elastic-package v0.47.0 github.com/elastic/package-registry v1.8.0 github.com/magefile/mage v1.13.0 github.com/pkg/errors v0.9.1 @@ -146,17 +146,17 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - helm.sh/helm/v3 v3.8.1 // indirect + helm.sh/helm/v3 v3.8.2 // indirect howett.net/plist v0.0.0-20201203080718-1454fab16a06 // indirect - k8s.io/api v0.23.5 // indirect - k8s.io/apiextensions-apiserver v0.23.4 // indirect - k8s.io/apimachinery v0.23.5 // indirect - k8s.io/cli-runtime v0.23.5 // indirect - k8s.io/client-go v0.23.5 // indirect - k8s.io/component-base v0.23.4 // indirect + k8s.io/api v0.23.6 // indirect + k8s.io/apiextensions-apiserver v0.23.5 // indirect + k8s.io/apimachinery v0.23.6 // indirect + k8s.io/cli-runtime v0.23.6 // indirect + k8s.io/client-go v0.23.6 // indirect + k8s.io/component-base v0.23.5 // indirect k8s.io/klog/v2 v2.30.0 // indirect k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect - k8s.io/kubectl v0.23.4 // indirect + k8s.io/kubectl v0.23.5 // indirect k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect sigs.k8s.io/kustomize/api v0.10.1 // indirect diff --git a/go.sum b/go.sum index 89176c36a47..804bfb8ab06 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,5 @@ bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= +bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -48,6 +49,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AlecAivazis/survey/v2 v2.3.4 h1:pchTU9rsLUSvWEl2Aq9Pv3k0IE2fkqtGxazskAMd9Ng= github.com/AlecAivazis/survey/v2 v2.3.4/go.mod h1:hrV6Y/kQCLhIZXGcriDCUBtB3wnN7156gMXJ3+b23xM= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -90,7 +92,7 @@ github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Masterminds/squirrel v1.5.2/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= -github.com/Masterminds/vcs v1.13.1/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= +github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -109,9 +111,10 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= +github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= -github.com/Microsoft/hcsshim v0.9.1/go.mod h1:Y/0uV2jUab5kBI7SQgl62at0AVX7uaruzADAVmxm3eM= +github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -147,6 +150,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= +github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= @@ -193,10 +197,12 @@ github.com/boumenot/gocover-cobertura v1.2.0/go.mod h1:fz7ly8dslE42VRR5ZWLt2OHGD github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -210,6 +216,7 @@ github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= +github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -218,6 +225,7 @@ github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLI github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= +github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -249,12 +257,13 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/cgroups v1.0.2/go.mod h1:qpbpJ1jmlqsR9f2IyaLPsdkCdnt0rbDVqIDlhuu5tRY= +github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= +github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -270,7 +279,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= -github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= +github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -278,6 +288,7 @@ github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cE github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= +github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -286,6 +297,8 @@ github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1S github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk= +github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= +github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= @@ -295,6 +308,7 @@ github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow= github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms= +github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= @@ -317,16 +331,20 @@ github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNR github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= +github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= +github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= +github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -391,8 +409,8 @@ github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj6 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elastic/elastic-package v0.46.0 h1:mTuCbgtyct0GMomQUUyv7bGITkxW4vv0nZcWcnn2Nus= -github.com/elastic/elastic-package v0.46.0/go.mod h1:WXi1J8v6NRM1kZR3ErLeCoDYW1lfEaCQV3C9Lt9dMVw= +github.com/elastic/elastic-package v0.47.0 h1:b6l41apd7GvkH0wLYys5D+Vp2ljtLWKEmpButiN7Ags= +github.com/elastic/elastic-package v0.47.0/go.mod h1:8VkXZRhP6xS+yQYDPEOgrY7WsczjR8KoImxo46Gcf10= github.com/elastic/go-elasticsearch/v7 v7.17.1 h1:49mHcHx7lpCL8cW1aioEwSEVKQF3s+Igi4Ye/QTWwmk= github.com/elastic/go-elasticsearch/v7 v7.17.1/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= @@ -486,9 +504,13 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= +github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= @@ -519,6 +541,7 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= @@ -552,6 +575,7 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -702,6 +726,7 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= @@ -713,6 +738,7 @@ github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iP github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -751,7 +777,9 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= +github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcchavezs/porto v0.1.0/go.mod h1:fESH0gzDHiutHRdX2hv27ojnOVFco37hg1W6E9EZF4A= @@ -920,7 +948,9 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= +github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= @@ -949,8 +979,9 @@ github.com/nsf/jsondiff v0.0.0-20210926074059-1e845ec5d249/go.mod h1:mpRZBD8SJ55 github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/nwaples/rardecode v1.1.2 h1:Cj0yZY6T1Zx1R7AhTbyGSALm44/Mmq+BAPc4B/p/d3M= github.com/nwaples/rardecode v1.1.2/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= -github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= @@ -966,8 +997,10 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= +github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -975,8 +1008,9 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= +github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -984,6 +1018,7 @@ github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go. github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -991,6 +1026,7 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= +github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -1001,6 +1037,7 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -1048,6 +1085,7 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190425082905-87a4384529e0/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1079,13 +1117,16 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= +github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -1162,6 +1203,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= @@ -1174,9 +1216,11 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= +github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= @@ -1251,16 +1295,25 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= +go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= +go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= +go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.starlark.net v0.0.0-20211203141949-70c0e40ae128 h1:bxH+EXOo87zEOwKDdZ8Tevgi6irRbqheRm/fr293c58= go.starlark.net v0.0.0-20211203141949-70c0e40ae128/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= @@ -1269,8 +1322,9 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= @@ -1302,6 +1356,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -1408,7 +1463,9 @@ golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5o golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -1416,6 +1473,7 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d h1:62NvYBuaanGXR2ZOfwDFkhhl6X1DUgf8qg3GuQvxZsE= golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1532,6 +1590,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1544,6 +1603,7 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1558,6 +1618,8 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1565,12 +1627,14 @@ golang.org/x/sys v0.0.0-20211015200801-69063c4bb744/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211102192858-4dd72447c267/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= @@ -1661,6 +1725,7 @@ golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4X golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -1885,12 +1950,12 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/gotestsum v1.7.0/go.mod h1:V1m4Jw3eBerhI/A6qCxUE07RnCg7ACkKj9BYcAm09V8= +gotest.tools/gotestsum v1.8.0/go.mod h1:ctqdxBSCPv80kAFjYvFNpPntBrE5HAQnLiOKBGLmOBs= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -helm.sh/helm/v3 v3.8.1 h1:J1EzhvtvKJRdx9skjUVe5xPN7KK2VA1mVxiQ9Ic5+oU= -helm.sh/helm/v3 v3.8.1/go.mod h1:Nm0Z2ciZFFvR9cRKpiRE2SMhJTgqY0b+ezT2cDcyqNw= +helm.sh/helm/v3 v3.8.2 h1:HDhe2nKek976VLMPZlIgJbNqwcqvHYBp1qy+sXQ4jiY= +helm.sh/helm/v3 v3.8.2/go.mod h1:NxtE2KObf2PrzDl6SIamPFPKyAqWi10iWuvKlQn/Yao= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1905,42 +1970,49 @@ howett.net/plist v0.0.0-20201203080718-1454fab16a06/go.mod h1:vMygbs4qMhSZSc4lCU k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= -k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI= -k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA= +k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/apiextensions-apiserver v0.23.4 h1:AFDUEu/yEf0YnuZhqhIFhPLPhhcQQVuR1u3WCh0rveU= -k8s.io/apiextensions-apiserver v0.23.4/go.mod h1:TWYAKymJx7nLMxWCgWm2RYGXHrGlVZnxIlGnvtfYu+g= +k8s.io/api v0.23.6 h1:yOK34wbYECH4RsJbQ9sfkFK3O7f/DUHRlzFehkqZyVw= +k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= +k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= +k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= -k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0= +k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= +k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apimachinery v0.23.6 h1:RH1UweWJkWNTlFx0D8uxOpaU1tjIOvVVWV/bu5b3/NQ= +k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= -k8s.io/apiserver v0.23.4/go.mod h1:A6l/ZcNtxGfPSqbFDoxxOjEjSKBaQmE+UTveOmMkpNc= -k8s.io/cli-runtime v0.23.4/go.mod h1:7KywUNTUibmHPqmpDFuRO1kc9RhsufHv2lkjCm2YZyM= -k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY= +k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ= +k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4= +k8s.io/cli-runtime v0.23.6 h1:zvsGa4An+udUnznKSfD1Q17sETWHNOaMqYKHwHCvg+4= +k8s.io/cli-runtime v0.23.6/go.mod h1:0Z3VR/HRIFKiLzKIAkm1mPtcH98GT/fXu2IU0E4vFmw= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= -k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0= -k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8= +k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= +k8s.io/client-go v0.23.6 h1:7h4SctDVQAQbkHQnR4Kzi7EyUyvla5G1pFWf4+Od7hQ= +k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0= -k8s.io/code-generator v0.23.4/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= +k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= -k8s.io/component-base v0.23.4 h1:SziYh48+QKxK+ykJ3Ejqd98XdZIseVBG7sBaNLPqy6M= -k8s.io/component-base v0.23.4/go.mod h1:8o3Gg8i2vnUXGPOwciiYlkSaZT+p+7gA9Scoz8y4W4E= -k8s.io/component-helpers v0.23.4/go.mod h1:1Pl7L4zukZ054ElzRbvmZ1FJIU8roBXFOeRFu8zipa4= +k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI= +k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE= +k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= +k8s.io/component-helpers v0.23.5/go.mod h1:5riXJgjTIs+ZB8xnf5M2anZ8iQuq37a0B/0BgoPQuSM= k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= +k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1948,29 +2020,34 @@ k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0 h1:bUO6drIvCIsvZ/XFgfxoGFQU/a4Qkh0iAlvUR7vlHJw= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= +k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kubectl v0.23.4 h1:mAa+zEOlyZieecEy+xSrhjkpMcukYyHWzcNdX28dzMY= -k8s.io/kubectl v0.23.4/go.mod h1:Dgb0Rvx/8JKS/C2EuvsNiQc6RZnX0SbHJVG3XUzH6ok= +k8s.io/kubectl v0.23.5 h1:DmDULqCaF4qstj0Im143XmncvqWtJxHzK8IrW2BzlU0= +k8s.io/kubectl v0.23.5/go.mod h1:lLgw7cVY8xbd7o637vOXPca/w6HC205KsPCRDYRCxwE= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= -k8s.io/metrics v0.23.4/go.mod h1:cl6sY9BdVT3DubbpqnkPIKi6mn/F2ltkU4yH1tEJ3Bo= +k8s.io/metrics v0.23.5/go.mod h1:WNAtV2a5BYbmDS8+7jSqYYV6E3efuGTpIwJ8PTD1wgs= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 h1:ZKMMxTvduyf5WUtREOqg5LiXaN1KO/+0oOQPRFrClpo= k8s.io/utils v0.0.0-20211208161948-7d6a63dca704/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -oras.land/oras-go v1.1.0/go.mod h1:1A7vR/0KknT2UkJVWh+xMi95I/AhK8ZrxrnUSmXN0bQ= +oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= @@ -1983,6 +2060,7 @@ sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLC sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= From e5a60951ddab21d5df7fc21b2f44fe03ebb948c3 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Tue, 19 Apr 2022 18:07:37 +0100 Subject: [PATCH 20/23] [ci][terraform][aws] tags with metadata --- .ci/Jenkinsfile | 6 +++++- .../data_stream/ec2_metrics/_dev/deploy/tf/main.tf | 14 ++++++++++++-- .../ec2_metrics/_dev/deploy/tf/variables.tf | 14 ++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile index 87dd8060cf6..e5da9527922 100644 --- a/.ci/Jenkinsfile +++ b/.ci/Jenkinsfile @@ -258,7 +258,11 @@ def withCloudTestEnv(Closure body) { [var: "AWS_SECRET_ACCESS_KEY", password: aws.secret_key], ]) withEnvMask(vars: maskedVars) { - body() + withEnv(["TF_VAR_BUILD_ID=${BUILD_ID}", + "TF_VAR_BRANCH_NAME=${BRANCH_NAME}", + "TF_VAR_CREATED_DATE=${current.getRawBuild().getTimestampString2()}"]) { + body() + } } } diff --git a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf index c502622c027..57e896e4716 100644 --- a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf +++ b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf @@ -2,7 +2,17 @@ variable "TEST_RUN_ID" { default = "detached" } -provider "aws" {} +provider "aws" { + default_tags { + tags = { + Environment = "CI" + Owner = "integrations" + Branch = var.BRANCH_NAME + Build = var.BUILD_ID + CreatedDate = var.CREATED_DATE + } + } +} resource "aws_instance" "i" { ami = data.aws_ami.latest-amzn.id @@ -20,4 +30,4 @@ data "aws_ami" "latest-amzn" { name = "name" values = ["amzn2-ami-minimal-hvm-*-ebs"] } -} \ No newline at end of file +} diff --git a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf new file mode 100644 index 00000000000..b6815133af8 --- /dev/null +++ b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf @@ -0,0 +1,14 @@ +variable "BRANCH_NAME" { + description = "Branch name for tagging purposes" + default = "beats" +} + +variable "BUILD_ID" { + description = "Build ID in the CI for tagging purposes" + default = "unknown-build" +} + +variable "CREATED_DATE" { + description = "Creation date for tagging purposes" + default = "unknown-build" +} From 738b239ae606f13691059d7c8edf3259b3377903 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 20 Apr 2022 09:12:11 +0100 Subject: [PATCH 21/23] Update .ci/Jenkinsfile --- .ci/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile index e5da9527922..aff70b224e4 100644 --- a/.ci/Jenkinsfile +++ b/.ci/Jenkinsfile @@ -260,7 +260,7 @@ def withCloudTestEnv(Closure body) { withEnvMask(vars: maskedVars) { withEnv(["TF_VAR_BUILD_ID=${BUILD_ID}", "TF_VAR_BRANCH_NAME=${BRANCH_NAME}", - "TF_VAR_CREATED_DATE=${current.getRawBuild().getTimestampString2()}"]) { + "TF_VAR_CREATED_DATE=${currentBuild.getRawBuild().getTimestampString2()}"]) { body() } } From 8201787b49249437e3e832cf8c9853943c78339e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 21 Apr 2022 14:28:01 +0100 Subject: [PATCH 22/23] standardise labels/tags --- .ci/Jenkinsfile | 11 +++++++---- .../ec2_metrics/_dev/deploy/tf/main.tf | 10 +++++----- .../ec2_metrics/_dev/deploy/tf/variables.tf | 18 +++++++++++++----- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile index aff70b224e4..bd901a05672 100644 --- a/.ci/Jenkinsfile +++ b/.ci/Jenkinsfile @@ -5,7 +5,8 @@ pipeline { agent { label 'ubuntu-20 && immutable' } environment { - BASE_DIR="src/github.com/elastic/integrations" + REPO = 'integrations' + BASE_DIR="src/github.com/elastic/${REPO}" GITHUB_TOKEN_CREDENTIALS = "2a9602aa-ab9f-4e52-baf3-b71ca88469c7" JOB_GIT_CREDENTIALS = "f6c7695a-671e-4f4f-a331-acdce44ff9ba" PACKAGE_STORAGE_BASE_DIR = "src/github.com/elastic/package-storage" @@ -258,9 +259,11 @@ def withCloudTestEnv(Closure body) { [var: "AWS_SECRET_ACCESS_KEY", password: aws.secret_key], ]) withEnvMask(vars: maskedVars) { - withEnv(["TF_VAR_BUILD_ID=${BUILD_ID}", - "TF_VAR_BRANCH_NAME=${BRANCH_NAME}", - "TF_VAR_CREATED_DATE=${currentBuild.getRawBuild().getTimestampString2()}"]) { + withEnv(["TF_VAR_BRANCH_NAME_LOWER_CASE=${env.BRANCH_NAME.toLowerCase()}", + "TF_VAR_BUILD_ID=${BUILD_ID}", + "TF_VAR_CREATED_DATE=${new Date().getTime()}", + "TF_VAR_ENVIRONMENT=ci", + "TF_VAR_REPO=${env.REPO}"]) { body() } } diff --git a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf index 57e896e4716..00f3ba0c252 100644 --- a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf +++ b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/main.tf @@ -5,11 +5,11 @@ variable "TEST_RUN_ID" { provider "aws" { default_tags { tags = { - Environment = "CI" - Owner = "integrations" - Branch = var.BRANCH_NAME - Build = var.BUILD_ID - CreatedDate = var.CREATED_DATE + environment = var.ENVIRONMENT + repo = var.REPO + branch = var.BRANCH + build = var.BUILD_ID + created_date = var.CREATED_DATE } } } diff --git a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf index b6815133af8..e4b95d471b2 100644 --- a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf +++ b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/variables.tf @@ -1,6 +1,6 @@ -variable "BRANCH_NAME" { - description = "Branch name for tagging purposes" - default = "beats" +variable "BRANCH" { + description = "Branch name or pull request for tagging purposes" + default = "unknown-branch" } variable "BUILD_ID" { @@ -9,6 +9,14 @@ variable "BUILD_ID" { } variable "CREATED_DATE" { - description = "Creation date for tagging purposes" - default = "unknown-build" + description = "Creation date in epoch time for tagging purposes" + default = "unknown-date" +} + +variable "ENVIRONMENT" { + default = "unknown-environment" +} + +variable "REPO" { + default = "unknown-repo-name" } From 811a0119908eeaacc71e2dd2272859d1e589fc82 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 21 Apr 2022 14:33:38 +0100 Subject: [PATCH 23/23] use branch --- .ci/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile index bd901a05672..ac23c14fe2a 100644 --- a/.ci/Jenkinsfile +++ b/.ci/Jenkinsfile @@ -259,7 +259,7 @@ def withCloudTestEnv(Closure body) { [var: "AWS_SECRET_ACCESS_KEY", password: aws.secret_key], ]) withEnvMask(vars: maskedVars) { - withEnv(["TF_VAR_BRANCH_NAME_LOWER_CASE=${env.BRANCH_NAME.toLowerCase()}", + withEnv(["TF_VAR_BRANCH=${env.BRANCH_NAME.toLowerCase()}", "TF_VAR_BUILD_ID=${BUILD_ID}", "TF_VAR_CREATED_DATE=${new Date().getTime()}", "TF_VAR_ENVIRONMENT=ci",

0%_5oW)(M_`mMS|JbZV<*>{ITe>Fy_T=Uf?(QPYoo`Cxjn z{hH~PFgL*d8o^c28`=BZVsYCHzV;q0wW%E(R-!Z ztJscrbIk)Hvjp?f&Bm~?h&cu5sKXf2PG9uZw|djnL1tP3nNIH z0wpXQ?TW*OZqIIEGu}6eoi;31k!;*thYH7;JFJIn2bgZ8KGfH^uK$i>1FuCoWiYve z80kD7blAR<*{el)kM&nvhuA?A7=OpL6v#i7p#NtJ@qg71f4dd^H~Pk8RZCAKVPqdN zX~t6*1af3(H0^3>MTu4@8Wo8=1@f}AfDNIN(*)YW4*LfG0JmYPh#j08pMEHdTfxXX z@|(rn9ogGkgy{<#K}`YibrV;Iqpatw`za2l`JT_W57{47Hx&UM;4wBJ_JtfC>`pO( zkbNUUGgR9lUf2;kcEIW&-t1J@&y{(qT>L z-Nz7f_DN_eL!6XsaqRl~C4E8SxfFMy7Mx8Pwaw6n#>A6}Qv;htE_Dr;g$4E5YvriS1t%Z%MG+42dx86Gxq)3S~;@mx|!CGvu|M| zs3UgGqSjlCNbUu6sf$ROirJ$n1$`-N$qs!iJq5*CN!)+*VHE|bc06vPOD?HUxS3Ao zr|2mT!ya}o36D`>hs|5GIykmmI?kYn)kDh6HPK)fQ?h4q@S4jygRN_*PIYeYZu+Wl z;3$-ph?y2;n^>ssl(rN_e|8Y2qXSIgQORn^WGd5pvObqQW*Mp#4~$tq{qDqfs}^Kq zlA&W^>umXZ^Js+>AHW@V^qg*lXnvBExJ+bcTStg`V2MhxZ zHO{Ym3%g|;wpI5h>{Ro#*|fn!#7Of(iXRZQtXR#4q6mAPo(T&|q*=7ZnELx7Ge;>l z(TF)}$SZTh!y6e69mqaX%dldO)=ycgDiJ2Av1A0CESShF^iaMY0L zVw)7#Is0srhBpV5ExS)(a#6cDdw|ES$_m${7eQ)6sgp-3wKYK?E_8hZF&wve+3ZH;xQ;)PvbOS9m^_d!RZ(MdlwI5gZdbir0fGOK5Loq{mXWmJ?bij)~_m?U^MwlgL3? zHd;l#wX0@NjV&^R7L1luDWyF0mh%_x_(^y=gh6m|)f#J@WHN3VeCGC)CBe_26TxGE z(qpp)snoq6UH!MO1hwPLkof$vgUL$?F3{s<%>DCy4(;LnI8_6beR^uqEWAsc9+FjZ zA27hQD0zLvpd6hbNR)j+H$Rrz=^Jg`=qpnTAt$q==`e(Z>vur|j_aN%1w5+>J59km zIT^#oLiouSm6=OZfff^`681gKxWh&T(;TXHIRm2k=hD{DBSZyfcks(Y>8lvD>O#ip z=CO!oM{G;=*+X9(m;>|b7%{7N$v7h63`keum%7R#*}h^zz{pD>*@{r)PTLX`G^53n zz8ED8h?WeYaD@`sH$!3A{ZJngACNWdF*7$Go(mF;=4XW3lNkpI5llzxS4qyOar0My z=;sn9q29HETn5cceAN)2wuO5IkMv{qSrJtMArJQ#_KQO`4xxM*5DhP7ro~FcSYzX0 zuZ#bVKR7u^8)wG__{hV7qX=>fp1dP^Myzf*_yQcZs509!v)EImWpMDR93Zpf+m#<#c<8UP~SS=5aeNTSy z<`uGU17SsU>axcfj_EXa0ZaYMj}2cqA^V{N%Cm0WxH&yduB=nxgfIwG1BC;N_``!+ zgcF6aiEtg{!hT#P<_XaiAhiRW@&vK7rrSayvJ?7`a#w^^Q4=DW1fWuaGmxQ#rX!Ku zX5HQ!_>TRv`w!XHYqI}v>DyuUTTcD1=0;%u>E;vqpZ2Mg6{P<2>(2k$fN`Obqr!^_ zLqX8&MumqbC!8^xD=bAI-nBOyuCKjdUZ;5y_I}zvfs!Vkb@ffUowDHv9w_{K1;%tL z%k#+OTV(kP^PAZLlrx?o?x)Cbm_NOUbJQvNGK2n4QBp|7!BO(!Z)?1MA|Ol?r-@Uy zO2Zs}&3f!{O%w1ECQa!0ENY05ser>Uw5C9uU7I_cOvcdwY6s8AjuZ{HLjwJ zPTI~r8|7B$+s=J(Hq(0x<(VZ3{&r(W*)@mlJrjA(&~I>w%wRM^d%N9-Brzfgl?tnC7~eeriQShy0L93?R1jKV~9%BcNMm zx4GXT5b}u<41-!kvBJD`_(Gb!p}jl&%@|#P4U@VLSTKiT;Q0jJ)PQidz5B=wgfO3K z&gGadcnmIppr2-YScN%&;OxMFh$SdsfJ;}k*Nj`yz$eeqrTi=~Eygr{p<65s(AJcZ z{m4>io)zx@tPADkjn+hd6B8gau}=)zP^}e8qRtu&FnRx*?lc(q0b2ZB5q|z-MacO- z%!_~VoYbJc#iQw8zW42kqaX?Kz+gfmLeTE;;pi*?%n%SF0%1}=fGD*RGU@5lF^>Iv zEt({%7T4C6EPBDtTvDs8T@5XOk|JF2+Rt5DG+VS?D>j{%uUsxI-&U*_2kXBauO}yn zF$Q%hr#_}$rZ~1=aKG-e?+=T%y+4TkK;60hB;M8fWdZ+C_@Msw{?oSi-eU0~&`$?s z_PYjf=EidH1&{BO%@6W@D0chxHYMYwIpa1aCAevjU2ko}kow2aZ0@+P4sT5{nwYUNxg$s&oA zGTA1~(p$-@eCG^mxL?uL@g9pkVu>gKm5HE5mxDg)Wuqh+%%C$QFg|TciQ~*|+i_){7=2|17RxCFep$w{Sv`ecqlF0bDU4pOg$=Bp&@4@c)#8Ch z&qMO>Bx|2lod6f%8Y+IN*>g#Fg289WTAfE*@?H^P*Cf4;d@jja5N7Mv2PR+|&&Nf{E(3@nHaXp_@tY{)FjE%N-_&}9>8cBf zflyLT5+%YG+5~aod%^CFfSeTR_$O&D*2V|$Bd1G-Cyd8$UlNs`UNKfhA!1HsHpbN? ziWLrbr{vA(Z#NMSO*cnXLKdYSG6czsXw1it@ISmv$qb5*5aX^>ggEj1*txN z(xwc3M`8&yj=$@r%|a z`h&EE3=~L@350-e0&iq%28sDWggoNG$|sV<$6egI)lNXhSy@03|5-`->w__PbE1+ zy&tcge^Qig1A^Bu_ga~{+vbxbGd?-C1X){$H&tw+f)1KKV#GBxqeWJ589O8hy__%H zK<1r-Uquw(_tCl2U8t+`OVi*o+A2gde92@_dTJwCoaip%Io<`48J==m%5oyu;*AzU zb4}4OIcj{m=+&}XGK#s0Ag(I)tRg7a@g4J^(yB(B{UO38I4W7$NTvs!NFo(%zep*K zso80z^)#x9vE6kKA?EA)Ho90MA$=bp$=k+@(zLj{@Pz&`znshnY*O3j=jg%l-dLqqb^)1UQv|Zww$MG z)y(Q=cJkQYE*O0=pu3GM*h`0gUP<_Hril8%skM6IZmFxbM)M}@IpD|0CRA8hJ92LH z@zHSf`3|YHc!?e6KHp!do^ECxZ9hR+v(U5Rj+~2q0c3BQGXQ_|f+#NJW3K+$a@#9* zTagnr7MKVSpwl3*mVL$&cVx<3*x~-PaBfrO%^UTm)XQBsR0K}gpvzr4WP(J@HMTkc zc)^Yhr-hSHNew-?Z^u>=D|2p?6T#9CF0XYS>z6NQ$QuokZpTjOVrGr4u84ZD*`iH^ zugKwU=dLu-VITrN*p?bwjy<_6wZ*0*5V+VO~lREYNRROSy_{nFlomS&wa;#gkkT4OlrZcWm5K;J74B9 zi_EZuz++|XIKPLpm^B;%kX%5V#jE*R59B8gTHj;*Zo9-bvyPDIabws z(=FQWwZ$jrAI)(ME7JD*n2h*vD&XBqQ!isWuWbk~*`w@v@v@M~4V}WM48F^$Mv)6D z#THr%6+G576*LN>;?c%!%S4@GB+nP7@Nlq&jq-dDS#{>k1euDv%oin|^Ti4CgcR%j zx|XZ0=)miHDW94(kuIdg{;f_1%Yi?grKOY#bM{bQaq0Ft_@>Gz4Wb3jtRZSPj=k7T z_;{eznp#a46TQ^O^|;Ct8PLh)1am3A5yBPBHd_m$O(LDSx2?4nZ(!6SKw1f7g)JgX z9VIJVyLjc-k?FStEdEPQcU*-LNkxNMidImQjpLzAsV!|JyhQ2D`#=Hha7yr8(+fw> zwR%vxrKcCwje)ge2hGh@Z!7ioY~s3!#(FA`a#_*TZ8r{s$9dZd!6E2nE>iaB5|`v8 z8IyD_iW10bDt@Nv<_=a4DZZaQ0eeB{lA@^8`R-AFVs0D&p)GcU*F-I~<_4dmZ*0yT zlz9RaEjl-e?wa2Panl*7I7?r$ckbUrhj15Y?KeNEMLB*|(YwSbwHHGG{N} zU9nvQwr1M5j?X}){xlU9$9_+aY&xJINQy!$=rN_PZ@aVoU%wMHeK*e9#Fu- zDq6t<7<o8I=LQNR^Qo z+Xr@f9Ww&50dTMxJ1eZnrra?_U~W{Trejuhx8jC3d|WUGQdck$b#92^x$xMYx>@5Y zL@&7LU7cX^o|^J)qbc5g0?Yai?`AZ9o-RzG5(R6v|F=7&-XG{5-2#h!HIZ!EylD-L zd|VG(B=_aLOb&F~{T|!B>0cB)jv}`Gxm-KzCWF6)-Iv+zKA@;vXiX1w9g29K0`}ur zZnA~|%`kNqZd8}PfX{WIin5PVKFz&g==^hg+`;ZpSr8w|NQMKU%#vdnMJ-|p7PL)s zCwJcMsoBHu1$|o#z=|=TJfh$KHB&_D$u;}s0~{SGfZ5LiS9Gz$tN@H19qx+ zoO@}zAM%|D^A@uD_j4U=O+Hi&1L>E=i(7P+?^FX3$8-#P&Ld%TkMX!P$2s}OdZRne zy02`lJ58+0Z%4?Yhm}r6wO_kjCG^7~YvV{U4wpMhMLSq5xF*GGSM7S)&PPkjZpoS4 zKt?HxsWf=Q4u>FMu`U9d3MbJXYq)ombXrNzeF&B4{SlnQ9WYPzj!>!E7wog@a#)?j zD{j!K4s^03o_FZ9mUnGfO>r%wcz3y0)b?zklz=ECvU_`RJ%lqeN|<-bW?;+^$)J)n zT`U{{tBVBF?6II6-G*kI@c0KkD0hdkc3@*K9|#D4NXKrFsC#AIq28nL-#A$J(FR`V z(!+cQ58f;{g12{k-cdtuP;m#>*&|%ht6FY3Wz_8@81p4h9)0zQJCo|6w@KD`vRu1S zvK0!}W~Z_d-+pzD#oZ@$TI3cC&TN~4a@dt^nQz6LW}Gy84$JiOo!X&J zG||p4-vAveWi*b+Zs`kDv~^TJv8zBRMe$sT(0NvXNO#9wvoC?)zxgb-2T+@|pv{UU zX}N72) zjyvVQL(i|b4IO$*$9+XhHM8B6V8p>|4zkg2d8tFS^CVv#a?N}nl8t@3wS1YG#rcjE zHlWdrHsuSJ3=E|GevK51<(hKtuHBBy>Cft6eyO^6>!`tHKw2{Z{`s}3g0Q^M0w8c$jQk6Yc zRomJhfi>-jgvwUd%68O75t*s7A(fNa)cS_}Oq%HlNL1e9+x0|^`MS}YN#vcQ=UzCC z^)6R9jn+vrr|js^O6;wXB_ucgP645%h^QiH#P zRf~zngj8*0(it>8DdGj0diUsqp*VEdd7T0NVPbNmjHq`6&ScJdW}Bo2`t=F4np7 zMK>MqO|57{mTJB*mlTKK1KK>{p`q}j5H9YD_ygOV?liE_Qw)z#TlCd^?pzEmK}XUf z%qi|ce-3v}RIEb`j|7L*JBnG#V+HNc-;gZe*~<&uZ<7vd;(zMSG5`N{A!Pr1>_)PR zr{cN@{1?tj3d8rfG{ICcm|2Jwu1I_y3{+zn0z%J9p@X^bbibBGL`V!%ob;jKL9>vF zW+Ew_)%TdmnRAn?P0y+%n9r-D+=Kdhik85YtRdT){}q&v5q zoEU+>JAoH@t0*KY3b)D)F$l`NI5k8&bxJaEL;#`W?^XGuC_H~%oL=xD0=RQ07;I>BkS%HA{kEoG%8sLpO25*@TF)S5pwTWAh}=HY`0 zlv%av2$j4@DVmFhAg~&(<%M>e$)&X)>nP^iqd_tSnbI}J>ws~ZB76x!xrJI*PmLqH z4j6;g6;s40ecUM$9h6d~e^-CLWP_0t#8aX}=!8~vj09Bh+L#~`xitnsjVs3*6EM?v z&^u8I1IM`oYS*6c7iTrZomq{EN8TZ4&=uP=cgVSQD6$nUFbHnYWo=N))MfF7eXN-x zjODUZAwmC(j4m*Gc~Iw*L$YW6BqXK76Gc~E2u3s9kT#Fwll#=9vZ?H1V{lHd>PE3H z6B-SJuc7wmw@@LXqO`mjD?X4VgE@`59rNG?bR$ z1cFA68vo3m(8!x7K_d^7BHkfUig+kbx_}wsMrnD=KtL+S6l`9u6wjFDPhg3PyGS;G z<0Z5@v^$p@>gjZ3U({EsZ~%tR|D}trY?u29=p_(4QGz^f`loa8+lWLTVfr(ods!4l zLTncbL+XHWi_`5r=%AR|d%;irfH?aN?5}yZi?fpC(>GON?weo#f0kVS-(!9L3uA-f zKl+>5(fp8oKcR(v8`m^IJb$3kYH^Y8fkXsA*~`<>FXc7EBBd?iP6dPA$n7oc%|%0q zgLigv>pp||k%aJi;Qq#KzT{WQGT@=sHr&T?g;P^1s7Rp$5%Pp&J|0j4LDumA()(GN+sA_nqN6GlS#> zvbNLivcmDO@jPh5X$8mRfrbVAy)#fNo6cDEeV8KsqZ0LhJPi2;68@)Qh~lixziAV| zDxg&Kpjd`cPRXc0!TmX<#ggMFm7&cQw>Kw}lHg@+G%g!<%#q-{e*C3Foo9%?Mbz=S zZo1~+vj zaI6*-FHxdkst{^HpCFHlYs4uN8fw8u$8~==>Dc#|>N_1(UStK*gNOk|pKwkez?zLt zYElh-5Bph|aa8#W#I8=<4D8T}#}+HGGSM_>*%$+S%l~^Jx;rvDwBqYzgJH~jp>}64 zJeG$0@h|ycX6>_YG2&UOw4tPg{S-vD`(1e!RZylcah)6ovr&^_{}_q>OL@oj-FaF@ z=GK>(8SrLgY#zRThi*!Ikn<-StQ*j$2#VSf;lBlhZ^%n*GSpi8v&?}R-^dA5nAR9h zQC{p6$QxSGNW&`UkTHyMUAkROj&6o?iW}07;PqeaqnIG`nE|6CzbcF;%q|=;v0Uxg zLN~|XRBK1E?y*qI2++K$H zr=MA7TeuHy-iT0{G&%PvlyTzyLrQpb2Y+*XUa!5&rEi6F<&IpDZ~`1l$CaG4FIJe5 z+;Y82Q4$0uRSnOB5cjzKi@df@#>{guXw%j*GpfKdXjmCzrS8M2Qs9Mgj+XWd$X%7n zb@q2uGz?nija8$TmHzq=?Czj1rleU8ON@1y5GP4vaiZvA){C@)zrkD_iL09C=DIaV z&>hf5GhZbkRK^A#Q!#xTBP(MEVnrt-TW6>L{op^&=VV1|*?Bo+pDR`~ z)yN&U%wJaIW9Wet-B2<*Lz>tE*aY#mn;tm9)!OYc`?9yDX2^)r?0MpR_(-~Hsc zyLAC%Zj`&}LC1)w7{r@X_X-7lzhN;vQlZD~9HHYEb|(O&Et{t>UZFw;b=k^Et}ZM| z5~=F~w3jA;CK(2{*hDsn3a04goSZv$Q7^_)OioE%(HE@8_ogz+7SFS|kD!_rM{(DS zy$#G(LoCx)Q=S(N?Gz}M?~WNgAC9=QD6uWCn<~rHldWc*p)2aii6xbFYAjJ?4MTwh zb!QjH$hb5vwHoxh8X%InVx$G;wdK~S-$Y|R_<=o?CP*-}Wik4Sr3sVsH|@r}`suqU zK`AC9@lgWR6zpLbLT1M+D`5H;girfkv=j!R4wO0v>Lbjh;_SIn3+;JQlWOw~P$UtT zln&}>^#uouZ${r`qsuI5Kst&Hb&5BJzWje)P{;@BRH^KzOwlh_;o*?-(ab6=+hm}J zC}hVRFsu~SD-B}ebm*Wx<5W%1k<15BXH{VCx zmFWXd`#~^^>tW5)h&uou-QT#5?-^!7;tiUD`xP={x)w|?u&?al@f(qFp@G~1y=YTx z9?L!oXzL6#Zw{nSTIx?4=O9Fl&?}WdE`7?U|IIp+kO5E0Np{f}@*IW{Ke7#xhQH8d z?ysemFhl_PfNo+0DGzxmyG=;+XRjf*pD35VERG7@d@_aV7DbTY%=UO;`mLp2PMihM z022Y)9RPUlp%jjgRW%?6OHF=L8IZ$Y!RlXmSdEg({7!jT9XNx%N5(fZs2ZW8FM^UHKJiAQXQ{(p5J+=+AgPcw|#$&|*m1hB)pBw{R}TG}DYI;{3K8&L_pna49=A?E_rGqf z^6c~)f8J7yW<`PilCQPTD$bbj9(E1@gLW)h>%k8HwJHtjzUV1l>9J{lY1$>z|HSsn z8Qi|yxR#l6edCyx6i8Dt9_Moa`l$(e8GgR@X|aChVl5%N$kStN<7s`JY?$8l+dLEQ zQlzE{*R7j}hTe#|r2&C0chlWtgX3_YR`h!z%x4}@dQqi8eB{)jZK75I^QSwjdHtLX z$5FXmb-I761w;9myzAF8|2rh44Ffe9@0xfL3InWpOP^qJo|^=Vp!E)%A^xr~W^eoQ zedd#4C|^46GPRuo4CftplsS7O0Su)B=G4#qHWZK+3{u%_3_)Jj)}@u^Oo0AB;ZNua zBv*D9L6k|SsS|T}nE?advod>20}>|Y%4VW4e!JM&oJ#4%&MWK!L*%#utVeM1tRjbk zg|NVtKkbE(yF#Pjgx=!Acy|GL_qmN>#t;Fr=>QE}!-LXSq7$4XE@+WNQ0ENu9vs_u z#Xf9L)f(}upUHg)W^06M>43?Ai*O;%S`i`7ynDS+_ggW?(i*?5H*aB1Kf<_)60U*s zmgs)QBO$s0CL*Xs{Jz`zxnr3oAtwWqKY`VX8?anz&FeTwK8456DHilBS|gMw7gov# z0m8IjNW>gp6IYcFSMD&oT*65XF_hYh;jMQzL3`u4uKnb}QcUv|XGjy1=o^Yo zRd;i?b;$2deT*x>ezUXkV`XA(y|}w4R^b?GjFfJLb-J@DNgd`cEtl|2kSlZpZvY9K z)l$YNy49(eX3NZ{oZhAk%d|DnaIFsbgyUlMgQ70ejWt&1P-f7voY6RGYj;lA#&Vr< zju6k%+YHSm2{h!Y-p2tDEPCYy(rAK(AL3@~tLU7|+KegggH+1=0=>wBZnwV*Rkiw? z%OS7kJvOU3NIuF4BE*}?J+uy#XQRO=s|oV+p%6lxBw47OMx*H|i*MufD@k@8Y(Qd_ zCiGMWv5zoJG!obb0lmJAqvGTCx=N& zn(qR##hW(2ak8P+0U1!dLc(}6vhXNXKO16iY&7Iq8rKS&a*xE0kf{@S{OJ<8{J*k~ zSN3O#F>Pm7B=LmsKq84m#O~mtT|5A$5zW&~!-WW?@m^j#nYTx{emW9#WN~TU$VxI$ z+@jJsFqk{2#Ek3W;}Bq`@(GT0hStEopceqbViS<={OJAUOyUd}K6wwDG11}`{xgpi zj`LLx)#M|42_L{rI&w8^4L$RfGJp(P7sjPV;srz`{m8RW#bysxKeJd_@Us)x{F4_r_;l71X3kkT4F4n)DsUhUQA-@IokNPO7d?*wu9$6MhWHt@sN z!IaLz*2>n>T%YdmGU~6T1m*8~>R;KQVyTLxio6NrkI_etDeRRwXQnf7V@3nW%O8X} zfLa((ijzP9D`PS@DwMZmv3)(YfS3iWE)-foLa`cq)NGTHO`n~uWq zcHwxH{&Ih<>kBj!i`T{OAI^$BT!?177l8&Llxb{FO%u`q2@OKk_lF0h zI3UW-X0+DW$hea%kEp0Eqa$T;xT(;R%MuYV9ObgR8B=#M?RLz>%c@|hHfRZEpDfXV8 z*>hi}4<`EHM0=R&zF0{gO+W2b?D7smq1=ne%t(%zZjI3|3hgJE9S`I_AUMchrWr%* zG_c)pVa%Y~wG;1ORNed&6+fEsx-zbPCc*4bD{`1|bnqZqA9b*a&PVQn#CR9FPQ03$XE zM=RqU<<-7_lroB?o9>Vx3f@k9(A3PN*@X)GLPr`T9c(bFBHSBZFi>UtPu*X9^uP85 zxl?8uf67ZXrt+Co*z=NHXztUovY<#71vK=Ahv!L|kf&q%pqNV*bRVJcToxqNNttJFo#<15`W^b*($6!fWk|5jSt zfn-e^d*$s(dKDRn#lM-Y(_3g}JQJq(BV`ssQ` zjBVzIpdP*WyEs+lp|FErsSN;k3IkQG)CR`o%TtyhFy(V+NNKOWpv1Zv%2J8RnW`wh zmkEaMi!}2wX5RaTubfe}T3ghET4~+l%$>b)lJ!1mN!xyNB~8FNBjxNwT@k5eXtZsy zLkG*c|EMMYc*;X)GJJ~ABKBEy+$3CFpwgaeQ=_jx^Fh+MwyJw?EqN@=3UBH{d)NoR z-2|c3*3#ENk-*#VwLXPyPbn>?`_bKF}b)3^|yOs^)7ULzFl!`l7r0v{T zTSoH1DN#*7bW-F<)(}VWHmy||&tXMKm+2lqTOS-xFHfkGLVuZUUf7K*NX?QJLSG_pk%PK~x`49h z9_flGrjj~#M0Z&iVjJ_pfeVw|VT0xF&&*3xOE1?J!cVLceoL?p?_(j>`Z-z|{`B)i zJ&r7~0r=4B+&VkTv-HFk0O z&@$GW1YmlnU#}l}xpEIz^!z#{BUdG!nvUpG*@I1@pyh~_LoHyI=;v7(#Vj2-Bk@y2 zuRvs@*iQ(>+82IL{rY=#`%=D^5c2y-)q(t{KH`5>N&bDTDjGYum>U}Z2Pt1f-|)Na zcK$5G8?gggZLPB&ky1P;H+sbyEkViIr_ehEH_@P>aLNXT-|NXHD6Wfwm^nF*PBGZ#HpzaOf-&CT zMiE>;`?4 z2*sE{0S5CC`02?`s)q}u#KYDY?&eBZz4*qK_TnJ<;Vz+#RdIeTzS%neibdHncvzJR zxx}av(H;Q?f;s1ts}fiXFKZur(M5QEVf$At8lY$WT>0Ix(EmqjFTsCz)e7i48nZJ0 z@5?q@)!XiyuF6OEw$+_FDM0HF6GU9=MV1+a4>4{!Lkz424!lCr8jvt~M54ZOLEB*q z#2=xnRIx;<(NhJlx8$&XUt3j~KgcJERT2NsrJxXM6Gu}yR>Rw({&Z9z)C&IqtPIg0rbNdh6| z7fLwp7J_(P*^W{PN$r4?ltz6|l}ou}j1}tmloVrTjKQyC*ard^4zfEF&O>+ews=UX z44nxs!mi??I8-(y>B(BUA2_3xiz%1ap)v1fs*H(0db?J3F07{}lh9pEJPa>SjUe0U z*OFp0fJ%@Z4zFyR6QtFK9s%BKU`DD=%~XATMRcHum{h0{;%9e>Ff1L)oK~cUUqv-^NaCQ}!SUPLa&nSP-K^)^H1M_{nVp zE3}u0i!ujz0g6~wc{oX5wp9=x#TFkuoGOW;+Z*i}2vgPj^z*kg+?+))s&9%`q9>k$ z+0(FMF%4GabGmtO0EZ{m9R!p6iyW(=I~Y-aF`I$=z6o%HkK1W9tjJt^sc|vWc~bYi7!rR?T}- zzLR3yjC{sAq4!qS0@i*U%ETS5=3EQ3fGu%$Oq84AsFYMlZ%5&EMn{JST)Mnu3E9R2 zF;CI_{M}1bX1B=n*+W)lP6?Audwkyxv8auXu0PUB+o{BqkAw4c)38C9Jg<`EYv-&O zVf;iW+o*d?s8$#;F+iQ$My3Q=feC3Mlt;}35BX)z-q>^%hat&)@iL}Vrio5nrU%7Y z@gU=CPMHP{ldB*P&8Y~q?G6gf0$)qkD z)-y*7Dwfr)n=Bt=Wz6Uldg^UP?b7vhmStwSHt1xgYRc&#W7v@~@}8xsPOWaV*TmC2 zaF4My3hwRgms{#gLiF<*nxOb7W7xbphN4*`3n2pCNwP=aV)#6$Il#`qE9F$wT9bzJ;n=6Wi zT(nrn=R*$-%(^ySff4M|t1gstoa>tXN^@g z>#0brJ^0CB@exaxoJWJ$J%CzFa(TFJ%~IytS|te`V=)tHegC`s`g<-nuW%EI24^qv zWRwZoeu{jT2{yydWRpI2^9;0ero0{+TRD^`F;Zvr&N4kY3<@MaLbbrJ!r!b8qqLa~ z-!NTh*m296xk{PsG)KAE7A0*~7tZ%`pH;OIj(3?*UDrP_p*`q8u~#?Ik69$+$FrFO z)?~78(VVff2Xs%!k+)0>7ZkLdf*n-MvG+-ex99}1^Dl%=9t)6@vpe#lWu3z{0!72{ zG}DTg9Ob6nrk1vIS+#;^*hLX~YL6!c%xvru$qAE+?G843I3F$2;0^O&%5+^7~zi}FQkszR94FJsVfM4m5mw*20f*0}R1AGTC^MoJ0lejPA zf!r`m@0qYwaD1|i|LXedeEI=!z7wTHHDKXVY8yQHSoAvY#*rw9P1oI_5sfiebTba+ z)(p=Gws=}xm}Vb;iKGYpPFo+FO^jw$;4PD^q1(rSRdX*AL)aOmKlX9A}~6=OJ(Ld zDDWZIIL(@Uq8-BW1LuWNvpmT@e*yIRV0t4c{Sh4$(7>$ulH>`x^w{@rCJ3)4(1z&aV6$DH_XS0ZUYwH=SIYs36wttcX*nR%Q9jG@F(=u{E(@>h61{-YX6B`!x|b z-*3-*Yv8?5yC-Yr4?O*CF7gFec?&+_{XZChca9N6WC;&Yup_wabCG_ye)sK8W$+n9 zW+aTv#%6*ocA4a&KOC&{0oCo}9LpgAE_%iKCp*adtOY=AC^$N1ro-PjKD!m@5yBFz z0NQx{maW}M?x42KUur*bHL~0=m8TUb#$+ZqLKu_ms}yt#F|<4sNYz|ClZOOo$g&cV zUYp8Oiyp7{RCmn~cw)AJ?jB=?J}GJL%%W+z2{jo4-`sQ$IyyXSQdbzW9$%fL>`o5`6^z zKgQlM%F<<96HYrTS!vt0ZQHi(O53(=+qP}nnUzLm=h^%AcfZ@c&l&yWjj`6BcdUq5 z5iw&vm|yw2@zOo{J`1+;4Y;!*FRwBA^P=HM`nKPNR_(J7F$%oU^%h68CgfQisYTyY zFHlZd(k@VF1XEi1*9M3zL3M~1zDxGtDl{?3R9&dx?Yxop3@?VXVTog-uxhdN|Cqyo zs>r8CUKa8syF|_q(ARbf>Ciohls==XD|2jHG><5hu#HpzO+-COAS-cSYRFn*Ko%rD#=n~bsb03f zztByCtV;P#{XaL6|MiCde%F70!b}6mfUNyj)0z!wW&)%_59m#z$Ba}P45>B&QfUaZ z%m|2?>Wf0sYXW3N!e=0fFtT&}BH8Izw*+XW2zZ5|mw+^z2h4)$OD!tXHsuzDbQ1xMK1X<;QNr*uJ0`n_z;ku6cq># zVuWwVkb#~S72uDsqTWC?FsX11J&8r27zkXtDfA44M?Og=fCdA0J2ZAI6wx-6XnX2N zJ8G;Gjn*V;uD%!0;e_55vt>|k(a}HW`_ZcTn|Vt7481-mKmPoMNVPtLy!68W0Ob6~ zN|%)XbRqhuOY+}&$SPGxuf(CBU$Rdx$y4Bgf$;u76^O7Iuwi<0Hb6l5ac1>(L}r9d zFUG(Bbv3H)z_ckF2cSk(%vp!w$|)b!g~4+kDD1tsYly*f9jNWCb{qCx z*VFU&ow%0-%kx;+`%%0s=N&p%Y>fA2#U6j#bpr-Z$=+{_?%hGD&8uEi<1b?HZmRbX zqlTF<0x#hKRc0^gft9S(5WqDU4!XlZEf`LF7M$d%(8iZgt0zvoUcZ1JT<5*4OkRou zh8Q?2w}D8YY=wKZ4<>vpvKBANNRoE0-}UGh6z;9deq)~AWYSsOO=GXY}^w!8vJ`F^5oCSWAA%>aU7E=ldZ8RdtsQV68Qa9POfN z4Ff)q0VJZV%LQL4alJNQH}^1t3FE_swWUHxw}8tW)tbgE32c0Hk->tI5mlaxa9(W@ zB?_E(ogM@k$FPDNI@GqgW{ycP<9Y-}}$ z!YmC{W)zlg@3$Y>mNZvdM|~#9Z{)llMj7P>w?#X?*VS8THP|eyP^!MZ&bGy5f3v)-e4XV+ z=rB1)##f<6fv1|K!^j)7AAi3wm&-6{kRwF;IJbxv0~y|g1I*7(*--LRr3XDO z_|To;QQbb1XS&)qK>j>_4?!(~o83Kj3t(Mk8!O{TF1d^m{e}1 z%eD=F4ee~=pIo+x7Csau$E7#grbq!AVA6u1b@rT5r&c`QdAG5IUguWq&z!$m4>m>s z#KMS?1ge=?N2Rzy17|9-z&>dgGdH8bEP9E%cS#oj{_`@WrXU!2{N}%AbtMwxW+<~gi&5Oe4~~z zIX-~lowt`#IKos;)$HX%hsC%;l9#3FZDD2XZyuLe+`znv`j`O=D6U-8rlmGT0*89D?)vM?89gJ}3eX8z8St7eat!#iRp&d;gScjw{-SZDE0^h10^QmtTbhU1Ta z&%GYe=H1V{gE#tvwM{%aAAvvd@B1dfB4ciz6>mWN&JPXek#b~MuAl=VC6vDuTiex4 zXs~?-c0lhtEgtHleRgvY1AHJSd4ARp(q0*o&7+>U6whU(FDz+|Mygh6ZV*X-YL58a zLQR-xYYq@A+?HEKpRG0>a%wX`U>8?N8k9zO znb2{kmPeS^lR*vZB6`I~vTviY76f|?BS)PzJqitIBH9M#V=0Y!(ng4j$sRwTSTecr$x?wr6oJu7i$GPgfU-3yLQroZ* zA}|SkSIyS=ML@V1xgh)c&hggCiI{)KR+tlXjfKN>Gzus@@x6SDHqnpm5uF4CB&`#t z7|}hWGDfW%%%s>44D3cH*zM!i0!&IZyGzlohwEaglkq!Ry%<)~BfUgqDq1qLR9hsj z(T|W0Qr8{BHXWx9pC*4Iceww`L5M7C5!*lJ{elI`nZ7We9HFuyp9=RJPW<@XOUZ%V zE1fw#BAIXqbp0epk)@Mxe8qQ^^etxaYxSZVAvJ-qoWP`Iup(1J|&nN zr>lGk>Y3pQZ-5K#-l|0|t`AzRS3!zA8)))$;|E8*xNk5wty56x3E@sy+X&acerWTA zrDmgULESvv1viv!aA8nWmA}XWvLUT9$NM%9ak;pVP6@V)HjE6YdqgKT=qW$R-|f3{ zPTur`uczJTK{&=1LXi^petj)z9nOJs7sE=g12Fi!YFwMPxUMP)bRst9C^be>ez+Tm z^0mVAr*`!KNA_1$>B-xK9rZixC1+Rw*S;{oQ_dpNT)wEjkYDO9tk!rI?tmpH5m~ zi#+~mAf2st%K#D(9^!jeEZKmGKlGwa;Z3nOOZGK`9gs=(GE4H;Bip#v+ag`iV^n4A zP!Mr&{o-QV$~aT>9_38-q|kv@OLxutNI;a!n{rbc1OSsp3D{8$X!*%~AK5a)25RQv zX(Vwt`UQ1!I2w;2e&w+mC^13j+-iv0vBWT?e4R9@!WjGk&PJZTyqRG+>4 z{*g8_@Z*R%pWn_!8XN60MXfHetC?{wZ;r!mt{+mq;=^O5-|I5D+hj5l|P{EhH2wrjZ7y_CyMl4$D=b4LdfK*yCoV!AQ zb_I@UPB7_=5!IOb+YULe%CM{puSF$p39Qj^(DhUB@U0mpVi#YcExfZ)dLU=Kq{2dh zdz?9^s15IMQ<7DbRL0e3og#D~zRI2``#!M zP){?n?g^!W$~|u;;ncg|14Ovvg_e&y~bB6u|PaCG}QfU#@&^7K`dY>nEVNXDY2^YDAhVX>s&yLCJ zEOns=>41EOm1^Wp+z!nMo#|NJ4$rWMOSs_i=I+ycF_*|5u%>`r?(b`AD05~+*z_YG zoAavwO}*G+cQoY2s;b^PJ(hIuK$)BMtRU;~6vt$W+xI@7NzKlqf6&|*^;}|IshTnu z7a2$va6rU`!IQh^a_@0Oe~2A2{9Tq~AWn4vJjQ_II=4K)ghFi~2|cVAw|`7EtdqY; zQ*kRKR+gmn;$%W#TTz8(lGFnw=zuD1vNda-lkAJm^x7zWJL%3MP2w!N&=uppT90IW zizol76B_n1OR3U?W@X?`_g@eL(Dk1A>o?@&i}s&jr+=ioNc;`$3!2-Ree)tEjorm; zt&EHv#I5cAH^Bc*cfk}z<~9snv64Oz0D_e+#iUaQZbrgu91f&41P`DGgo#>^sBK1V zsNHs6w(KsK_{2@pXi9p^?A|34yVAscD_GxF$GkHZcy};8-ez>2&P?Q3tbME>G_$q1E)* z0T1Wk4YPGKvp>x3M8BySSyTcXru2b~K^9m49-M|+dny7Y34>jNnq6jPO9(+`! z_! zGo!4aVAAYd`9uFBEiDOnuT>c>GlMlCM6oVZYm; zhPR@MrjwrHTApMKFt@J8oFI#@>8JLWm|f}Ma&4Lom(Htk@wi&}bwg@b$Gsa|H;%)KND<{|r1arC4eUecfNQJOX_atm?)C=cG8bM}8 zOxx!*`Dd)@Y<4-73ohO<;6_`_0PT0^QHyr7iaT1wwn$M8)>F3jlp!LqxPnS7%# zN_*w`M`-&QLrAS-E9qtX1I-&Fw=g&d1%{2VDsz8CH?U(4(>RB>SQ8Zs8*q1l$H&;6 z5TJL#>vq;4&41j*Q3B3|&G!5Lr^Vg+AF35<6EIbcr3{qCw2m-(I_? z{nw7sIo>fe{|!irfd8i*gXo{`;QwRC`1|r5rE2b}IP%lGrfD*%6-}RDSD+W3MZH-b zPp>o!(MZ2GvPErp(GQGfeh4L*_)&r(m1t_6sZo7nzF2yNiQ2lI*t|B2Z;RS`z43GX zWbEs-#GCAwDN$h5)V)}{>+z)ej^pv+oNsY?Qy#aZ-a3)Z?(n0wh@^Q z-hp`GU-G~Rv!~W&s0@EXx$qCn4?G!}(j?Spy}0oZ-V(xgQ-mD|HG19(5&RJg0i%|A zQlrr%(^%V&O(I{T>Cdyg9pQ+1z){hPN1UxKuc+y`vE%X}VAE*n6( zNLSd0JyB!@JJG(N-qFJ3J?;WlrHHPnF-2T88GBTC)G6SED!MS}Fn|p+AK7!DH9w8I zASAy#f{`xhdQ9~X*HiViPTb+7c|O3MPz<^2!7>=d`rsMeAFn5VvN3s zWoe2AN;v>(tDwFNue5(cFfKr&0Gr=zuqdNksEy7k+18nKo(vq-{$NmTX1wUsmNe$H zNrbQ9GIX=<`{f>sv+c@#>DY#Zynggm_vOn4MoXs9X7sd8s0eX8c!xrbt7QKAM1 zN|1imbd^|%)gc$}v2{Sv_UB_wsZq{e%ydtvq3k6Pr1+4{rFk_cAumn_ZoZIK8oBCF zEhb4-{p9KA>Ccz2URh8Y`!sJxcIBw+ScmPL(WK16UvyRFraCq)l0D2!Th^eX*cN)Y z-XypohX?rmNvDx4H=A1ow~oNJ2dH3A`;0;+e`q8|{j|49z%=GecKN+jc2mH-gLI)k zhI={PRCl?7dxqY@XbdF=-ZnT*b`h`^Y7Gz`V7bDPz>4V&cY(dg?1p-kKc;)Byle37 z9F@oA{^;$-yd?PX9^eDBAHsSOmEi8tGURs#d*)+@iB)o=obh5wUS78-kQ2YM{3*}# z&V~!>%t}Pyq`-%qP8F4qWW=>xZH;B;nX_eIZq;tY9-~1wf46<<@RPlbamRVi;xHst z7s9-bZNkP7aLrJIHIW_BYh>T{yyft5%!Ylln%3X4$;ufQWO;8%5?4B23aXdnN58lX=q( z^oe{)Z8MMN%nrTAiUUTU?~YIxn)6qgFUmP?L){Ktli zitaWA42?^pyZSO!HWcv?r>gAy7RXSZmwGM`iayUm{CO^`&1SAtiC5$d-hgCl-L_4; zi9uQ}I2GlnnS#M^VRuC6%=v%>8<8R~j+u_da z=SE^0OEGLd+H6`+f|}59pWwq7JAzlp$&Z1+Z%oP0!5Lc%YIEl-ThfZHB};}LCYqgo ze0*>ovhA{9K(C9I)B;of{(&gmScwi*-6kn#j-U_dAkw%iL%C=8#JkWQKh41?cglk6 z6Xg8VXVZd=CwnOfv}a(fNaQ*~|9m6j45ffzjFWa&{$zq&+AeJv`)KXTD$Yc60Xi1C z!3U=YqrzDMry~O}UD;Z|h3=(a@Q9Vrv{jdTZwSYpycqOC=`s-+c8Oly?q%3$?)&aUCa+AHQi(@X%Bnj_U0}LNd*pS{z1&-X- zDkvxf593PRN)Ji}gijQQPxGr~f?_h(pC~}M7S~E|?-VX1g3@xYi=gCx{Xk*95ATl~ zG>Bzb*RgA%lLE zPW>Rde@osJL0);}-PXcd%TI7^aR=5_?D-^}cxdn&d3ns0uz@b<(fE%?a9@~zALzt62w__TgD__*i zoNfC_Y%)*!d2wuF)jzklQXkdJR0E`&HKg5K>FoT?^;-|~bG-Z33y*#K5&V12@IUgp z{!iiAub4gwV1Ah3uf~mP?TW1k(i$A4LBJXu&^o!>+M?$*8!S_75<1R`o8vz4+q^+@ z1Pvh=B3_~|)cBd2XE*>>GDoZ|?ma#{ zJpfv{%KkyXn9`UbEYWD;stk#9%mGX6m<)%uOKNmVTIk^+ZpV<^yE=SH=@lYeXb#i~ zT-3(}VVR7X?Go?PN}%V$4y4gWyIeyGLe=*-?rc8-uj!G8`y+k@e@1g2)oen#opOGP zP0Zd9k3UIGo@}xzqyfgq?==vh;FMj*VU}8768=Awsk}yLHOseqSiKTs(M z8dlhIZc>hD4(B{DHv`@1;4f6}&@dMsk^f+S)A=T=hm&a(#PM}Cm17$m{)yR${ z-NwF<&B`t5y+Q)~r(Sv4j^xNA=q22;LzaqB=Z>0_M^VdX&|7K%U$l~2O$&jY*AS)6 zw2-#RpgP@t!wKrH@qNoS+9-rt(B+ ztVJuN!@sC}*sMSxJ?U|3GoevkLFx1t?3M{nPB*EPsS0vs{Y{#JOgP~lglxdZ${-Nr z43w?18&dVbEJRs5LW=z_%dzpR_*D=UQ4KJ|T7)>K@$R!j5Kx)6pQO4o&u&R2N5ctl z=O>Q}O9HUqCb@ZCjRPO|fRN^=6jySojwMtZDep5~gq_xs%)3(}xujM_h1;_pN6OfS zTsY^*T+6cuVfh^tPhp3bA<;%(T(W30{QNJ@4kSU;P{p+6>Z=RS)l_g$GmhpuuG-xu zn^wdvT*i=`Ik6Q)66$-Ens*NVo399ESxx$Fl>QN|g?pDg=|o1t1G8ToG8i=1Xi1I4 z^q!lPN{7Q7vtuo?>s{f-Cq*+c#97J<&G*3-ftWvvFcG-?u=x?9nZ}pwKDiHY`5{vX zULdig^%O+efpCAq)&=C?1(*5}L!Z5l4rDyWP zvYvNGHW?33-6~l?oe>R`5gM&FRWhK#oU09ZFk;v`)c6HQmmqvZ$`>DOn-}K!kYrIM zTMfgyiTut9FI2ak2|p6*cNx$HWDpgczjNpD^%-LF7bp@k#^&9 z8(^Zu!|>kHo$%Ztla??(zcM5L(XoGL;+^A`S*EgfY*ow)foZ-h`rh^=9emG{BUOmF zaNrm=l6L0=MCi4r<@*7BZ#@(aA+fKT*+pV%m@%tkH|rm>)?7ALaB7TM24si+>vF^R zdWEHifRAgoBPbaZ%IsJ6x`3TNv^8|bY(XAuo-)%1mhYlq>z63)5oq6Zn{3u(U~Cff&0 zUS1!p)3DC|Xm9KjlxTok@T8d@wDtxGPJz4DPVe1mSb5Wk`PEr3iA?u)6jxW&CRk@~ zS&7-8v5@jttaZ{V9mndhn2YZ<=HZ58swLr|7U3I|_6zx(YTS_Nt(`VPkD$k=(;dJH zkk;AWDTQdE$RhL44u(3`M9uNmF!^)1y8Y-qlt&40VT2EGZ4Mjo7n^RwvsTMl^&G=a zl-i!83qR1KL{+v03hj9B;IxO1E(S98lIMppy(MA=FSHOe zCi#O&Kl6N&&lCU*ErK&wg5DgMXOhvZ zn%9n#vOrbcsP_SlV%Lx0>yzh#6W#oiwsfO8BeL(#Y2a*!&=JtwozTd9Iv- zRcB8x+W_5xHG{DTnwQK5u@&rE8dKj)QNiiUF8Hk=d$x3ef%sg=Wp?Jrv#U+UcaXt$NFlsmIifJoHanb;nM5dl z1zrRX*sPz;Lv(G_0tmduWGpN{&>OYa4qz6lA>29H&u&k9FF+2x?v7A8I~O zEv<~7FW9dLKu3c@8$&XVjRIV&rrS&+?*lP<`04&MGwm_eu3^9HOX^`j#5@_Wi=169vk%>PIa4;CiyMJvNt zvCDF4|50jEh^;_TrSB8C%r!7bRv3(!tRUu0Hi;{3VjiSXghfud?2#;o)&c`meO0oxxBj;&%X` z1@fQ%WB(Yg{g1TZ|JJJfiu`uGp@SFxGGlInLV?56Ze=$K?~)7>ebE?ijv%Sd#zfza4Ys|%<$Wer3V&x$MMFs&_$v*e~$=zb?dDC;hU zBYu{oE;^#X$@cga-Sn2I`HvIlIsz$|VX+j;y{?DAM#}?@)Og&PCMt~n4ksPfnEDmBDzID^N+t&I|jt~nEBs<&DQtx?^o78M)G1#PIl79PG+`7e`i92 z{>wsw=4!dRVxyAI9hKCg1@b4zPAZ6CajFzON(wx$b3ycUHL>Q%&A#xE8I#wODEiD5 z35-@Q?seNq_6gUCyUoUqPxluPU5qJxXlsccSOelbA`Gbb=E($B&E$mGm|O0wi{D8E z0~0#j>r-6d2+aP5vtxjM{voTS$d>D;Y_xGB@Cfs=zurj`w$;0)BuxJVL0*0oo$0KE zv*ikd)Z9f>l!3(TE*Q${H%%77`a`#;43`1} zR@TaJNm2!|`af~{GGDr~Ply^-hpN;qR?OJb%SFiC75w-bc3h-tCbRGGJ?D%SQdND; zg29E?Ai=3;i(HgutYLPgIeZr3OP9O2-f}Zf9m;KT&K(vYSHuDtOyW|6_phgtKwT1g&P!!erv0OJVRlc}VWnz02MG}w&z{0-_v2W<_Ql_X2a^!0 zVRK9GLIG)T#G)Kd5=G$$oM8g=1M6Xg|B!*}>C)T5=*KVw%WD+qTc_R{qTTGHhQ{Pj zq^G_IkJ1lz*@@74`>Qks^b_SsJGV1wun%B>%u9r7d4E96ZBC+!y^~@=mIJwlUeN5% z3RW{Mu^mj!!tEG`D)&~^TBeh16-P(&1Q6t4jr|IC($VM^)hLuCUBK(w_=uKyW&8r( zFD8N3xP%zT-`6h>Ur(Zw7V=i0!NRk#2?rNT4bgiiOqdWfk z%bq{{`G=>|_rjh0j|&&?pQ3khJ3%vJLrY_a|H|d7XeuhIBLDfpJ_boYF0FKEu-F_3 zPm`|zY8jzqVbMxfDqQIipBV_eN0gn3*L4P+WnNOXfSThqD{q=x7k2^eAozM zA+GFMJB5K#xTAh6smqc6cr`;Vw2xCM1mMS2^l$PS3kLElucWKHWU?V4&z` zL|~}3TijyoJY89@<7lJQ$+t~>?NK986K?_?vXYSW1lst_AdII}Oi@``w8_55Tcb_J zep{(hmN;WcE`EBQBDP|hlgaub=Y4eAb*RxhY1B)j{xij_i4!T0`D`saTGqVjV|1fU z5r+u&Mx#R41v9njnIZagWOjy%91DVcZt8~}Eo*}zI=cEeVfz7EvoO1-6OH8{HX%NP zHmbaz>(orvl6A<~qEsToCfoVx-5EbOrQ~9*s-RdO%E)q+7K7o;Lk6TL72^X}2Q@K; zMI5?pSVACkUer+nRC84WSG+6j46omsYHDtZnKCH`_-rGFMJ+s_v?J;ZiLCmI_g zY(~R5&j7As_;~BwKB66{@_ls6<=U(|sX>R~dv*R)){PXgRgvhUcM(Q+P8*n1fgbau z8W;O)T);~sSnSB75#-`ev|d2o`P91sf#Dced%nKvrcHvg#<=-~UoI59hH92)FEwNA$!ki+EUzMXf*22l+~&6`3en`T>gpLLxE$BFvKn<2*>orz>ciE%VZ-}S zj1QjrH4K&fxQ23dHA5JeMINus_$I|?+@h%Z^a0o&U|%1ZiPY{^PST}{Y(2_3r+ETa z_ua;OKr`ow%FQ%}6EC&{JO|vyzoQHX8IWC`?=KewFI9uOZMxQm%@dk&Uwf|N2{(;g zoj)yltS8$Tx@KuynAbQuw#_$FYz1yS>TMTnYQAd!x<%W*8zIBh4Xp7P0Q$i9Mya(& z$jGLnPoXjaP}UOsaIqL7X)Fj`R05HnI*+-@@K+*MutH`#jBg3s^Tn&@R|ogwBv zu&|RQvd2ESqC_$N4T5C4B0=?^=;O=}l(OjfuC97=&CQ%l3 zSjO4F6;?Qh?)j45FvLo zF}rT`Rb$@LpPkEhC0Kg1ZUv89Qp8d#GMyWk_)Kqx$cEg1q79OXSBUTH$M=!*s3*>+ z4#U*RAof%qn&4VyiWCeg5bvW#Y}VSi`0*(Zv^bEs9TDK8lS_$arAFsw{%8Sc)PF}1 zSRHK3J)?KG6#ny<&sHNMf*|m>d&=+ssAMMmrvv5xXB+filI34g-xay(kTXk`mMK=d zAZWBOAE3N@gIZ4^=P?W{#PGzqGoj&j^9GSouf1Ye2QW>JAHBH%t>|RpiqR16=bNih zz>7fj+mVzhC-kz^m_Mcq>RFqbbdbw2(+d4FfkU zuDfmn^D7L}F~_Er3D5abKh4Qd@E&fnytM{t`|uq6^#`eRaJU!I!!Q5xi~)`(6wdqZ z&*Jy<@1sD1f9mnSXz9idj^Z{ZwtpX@St{y|NTTq6hLgJ@r~(jHckROX_?oRU(faWX zX$%ASAPkWpM5CJ;QK0Xu)v7{a4|hj@?f7jT(v@`va-l&eBbSX!-pA*}?Zhe(PqTJ( z2L|DzF$MU&AfVJX{7VVEjCDCZ&;LrFfVo4aZSRS}RHkHm-^Drd^wCE|Xf#a=LRl5MGHJEQ z_O6%|Ir*X64=f_RcH?YqS3DZAAw_D6Q#Z&qz>>#Ey=4-L$mr>B)-OnlRz*5b&Zgf- z$C;lmUm>+;MWl79KtC$Hc31Ys+kKR}7)TA6m;FABG%3z#$KIe@P(mSZ)2st^rEHts zSu9D@(70KUE-_z0(Pr%WEL2dy<0?|fFi!WFr>9CdmzaiDD%L{7{H_rys&`!|*L>*d zxz%L>MUOrjy*fBiyRk*n_%5R@OZjvP#zWM)rIS!Q$5%%~($S<9-|=Ew$fqhrf#^6{d!p z1<1#i%C^iob}&(!g+NqI><=Kb{(#ExeY3k#XEk@mpHREZoiZZ8Zosw@d(?hsd61(= zAAp@vuA`m+H~U=x+ausW6W38{ey@t;h{^E0D6T~PVmyPQKn?kMiQ5%Nj51_LK*$zH z^Pp`?^SyJzUQ`1gLVSC4~>hkvw~7yLW?LP(L&9^s_0aUF>4Fl zzG=mQo9{YVN4ihEBIi$Jl76a1`o+k{Z z`7vF^mc4QXcykIh7|s=Q;H-V9utQk2@!mk~oRBRh-Z!Y&UaF>ml=*wRL^#7lqqwic zv4m&VTvL6^1#Dkr`c7b2@S~yu=$`T@2Wz_wJ`-59Q*AY6NjIpqpC9te1MukD2!e7A zj0?1~f8er2pLtm>Vt5}VOZs55hE>jCmqOwoF4s1+y1GD14?;q&s4-`siKiTPr4RZN zXxdH=-wxVO=zv;DH4&Sri-Sis zUt?wSgI2Glfl zJ&|PHqR`%h9$E#D)K{)jwLcn_0U zk-%yWpT=5RU$)%0{OInfQ{wONkJc~DqgXu_hiaw_C11riV~lhs!`1})LlD8KJ$!IG zK{`wcSr?W^p2@39S3mYi*XfVBvtJQA;Az8BzXpcQ15ohL97X3y< zPO}!}a9H1^#lRGJ3xA$}^w{SyX7-wT(YLn)PR}Wio7lk|ZSOENwM0Y`hoEzgPBAL* zlhJIL#mRuPEgYc-dr?x(k<^OB5v4;rvxPA!AXVHPJEA=S-pK$C$%0?sWpyTgRa9Gv^UvToHPjC!`Lo=Ji#(sdQV?4? z%Y4+|$L-XAOzzSA)8X?!6EFWCgY)l$=vP!1R6ielpeZv62}P)yrn=dIUsVy_A3x#j z-9=&@E(Zs35Z$T%f1!#(&`tIcYkse(ZM@&epJ5}{A~zF+&EQ%%ZQ!+DYxI#i6m^1F zV4AWx6Fx}Z*j2Qt1Y=$U(>hjCX8D5ORp}r%6C|)9AwmyhoT)?vZmllNWYl&8@r!PE zn;2rVBK1O|qQE<2&)RV31Vq=@5RIQ4zxyG4xgC@$|5Xu<|2{YwI$ZY!?_Z+6ko3LxN!#k|gt)J1{SJid5Z zVZShJqftDQ13Ba4q?(wk(76;BxkPYWMSqE_1;ap;A^zxt5Da&jQcZ1#?J?e<;bpD=7litu+1$Llyc} z;I&&!Bw`C~i>ko=wKLFm&aEtjB`kVkvolk5)F3Lta!YH3Qmb=*s^aihMTY7`$MzKL zy^Ygv40qNx_o~j7HutX1jIB;TRkO}G^YLTqsj4aLsf~0OXRGz5GJQcs!;$Lcw<#$k zjVG`lAms@nYzkW#rxnHyEg>BRfQ0C9^wj8YP1BhoKy%mUE`&JIE-NNgOd>#GLRS>E zcFREp`i4Ifsw%xO6T0Y^f5sQ|&&g@lySkEXBdlWgN$5*bp@mvO4-PQ2pj?T_vh^vg zBSyHY-b4u-y!R)AocmUx?LlypB{bE!Y38D4s3b=rTaVbSX&Crb%XKz;1y0^p@h~%_ z{fs^wVydQ%06)y&!0;^QJm;{e=doGuVnt@MQ2oRwSaxnE(tP)E>+s={X8ueJ2Nvb1kV}XGLbdMOG3fbFd!8XNS8fX}#1c ze4tVYM+93ueGz>BCNHMXZZFHW&b(Oqr{2;|{;e?(DZhgnEsX9bNCTVGAjf`4A3L}` zml2&gcz;+ezTA%!Rt`Q4VrCmdi%y%hVIWTh*U?o(iNW|gy;2^)O94L}u>@eb2un7V zEvzd^3=(p-LvbgRsQbCO7IwXd-r~M&IXm2b#VoitE%4rk`+~fHskuOeP_R8F%4!6H z5QN4OBd-==_$=HT8m7W4O8Axazsfh`ZO!uzv zHGi=F$Kp!ayV-1rZe`YCUo9?lCIiG~7ywga`LtSs=qNj?btf{k^924Yx_mLBMeNW; z@PIraf($bg6nV``ZuCoYSaj~XYOC~eECyy#I6OiKeo?$1x)a5&PwLxrrdGxZvnM6c zEDPzD8+a2|1?%{{vn#0VR^|PTbyh@MoX>owHABrrAs)wZx$|$6u!0j(>0!$$h|~B# zU~5TY*w?%5CiQ9 z`q-Un$+i-lXp)Gr-zH-XdzE0642&$Gh8Bo3%2_dYOCL~6eQWu#!qPCgE$WM8%d6GU zW@smd$WU)t(7@c;BYRAux}*P)6M9+pLOg|vMsKD@e7Y=5s{CQ%uO$I3Q|MsFxfb4W z0odbkEwqeMljFMZN2pMKZmf{g#Z11o_G(|!!TW}?7j&}TPVu5ATHoLJ^1*3p7QoL0 z&E%bIzI|$JIBbusId-O9bFWV>g=P=VHpe!cxBFZfUV{;uh9aBljF=QHoxD@vZw|G| zuF`&A9NhKlo4YY}OP&DS1ZQF`wn~apZx%SV%%((oN6of{xSl;gz7?J}VaPN&D99ANy+ zDcc7-@0zxkIelRG1qtckbi|clLnAUGrO?C;xZH zYwYmN+^da!spnwc!{tN8Z%@!|+qo9!?v$O9-|w%$9Jogi76sGKVKZK_yoC!rv(E@o z*7R7%57;o6+)z31dz0OK<>n7p2r0lrf%@B}ze8RDv%L9u7hm~D`SI5a?nIruLwPv} zuI-tx11gzyYsZe1U@U_ujNDuSd9@Y zyMn|Mz)5Nv0E56CIOU_-EV`q&5`P%nUv>B6ky`7T_M8%z!P^Q*a%I>!OCy zH}Y_z7%%MFNi_a4=NukSQ51a-=0cLm(a}oQrdL!Dmz+luYs5b)*M*JExRhs3(@Jhw za{x7zCj>~rb!i!uNL|ma^TuBF22L^2%!QU{-P_Ipwr7J*Xt4s(e*42^uNLedI?dM~ z=wUOxPk-NjI%UI)VTi!5$V{;joLW%;{#;GdW4Dxea&Fv)W~Fre2+nZy61T$# zz@skUej*TYA;}+#o?#yR5CvXDWRvxS!7|Lgi((b&yag3RfU*9XIekA*y923PgEq-f z301%hSs>zR0FrPq!`YE+d<+p1!EX&CA|#yv|H31SHqTsok6Wbj41S*tBQzKKtZ9>c z!-e(a)S-H7#iMsv3XjdfL;W>%Ocb~d{c?Ktj}adYC8$YfI&8{Pr!>vPT3J#ubIcJw z(m>dokbpNz5awu=0NRmN>HR=hB?}cLc1BR1X8e7p<%{V$G*rE155jr!Xrrr>jSWyq zcOm_yYEazsN}XHGOl8v`kyb%hC;pRygj zm$+k_l7BsjJ1nv-y|r?+Z(X3}-Z4ifsOqx2KbrGIEuhX?XaFx=O6c&q-)hOwXz(8? zh168gwI`k5*-|sll2{bVSmblkBV{E6L_27Rg`Cof#Ijax$#4kVsI1>8c^vzluz0|2 z!A@P*^)jh$Mp8Iftpt1-&n7M-7yldp)Mmhv(*>K&mq3Tg zU`i#e;n5{8X35j!dv&w%HNYH`q-IK4FNN~m638gavMIo`2Gr)vU4?3GF50s!QFrPA z-9Z3N@;JPkFw!wJ?HT;wu-j~#@ydWw2zxaB`E=!|s%QiA> zn;Euk+qP{RnV}t4hHcxnZQHheX;ssNjr^e1MhkHE z3C9Pgaz^Ue({qap=d0Y1cEOQvYPQ5?G0wUrJK1=EAMt??8-koJa8>y%{Jnt4{8z`NBjf?#?2kxx z?`f$AqdH#%8q&{{BY2F(tB>h`fZCGZJb36lsR82yV^o{bBSRt#Y7i!261S4h}j20*nm!5~+YYJVT~5dC#Xj;@Tf* zyKM2jKgjL!M#C5haLdHn@&M^fAX)s9li4F>*#Pm8hBAAU1_e zfw(C!sO}{Uvhuo%x)qB!z`mdok>qBvFi8=Lc}s;DmD?r~>(#OzC9`OW+Qp7pytMM~ zkrQF}FG3t|o>2?BfKF}37_d2{qBpIMki=o2XD5~Z*fmlqmusf3l~uH{G*js&T~Mvl zl{%_Od3GP-(y9iZa3>ZkekB=_#@ox3=m7!I6J7ej`F*>hW+W>t>I1s{K)POK6Qb1T zf=l4T;efdy%;Hrg>x`$7QIpyeG3Xv-*rpa$lTlJ15rsa*u6zY(jOxWwo{do^3?MlC^iiN40t|9rPBJusz zLKQeiS0Pa~DehEho%o`aTIz>C_$&@|Jgj-jr~isl8i(})|1z*_kSEi|UP^MKETF12 z+znbq-yc-OFFU}Fu>>cwT-H?9Tj;i~Bp#PP;unCfipGh)%+WdZs}0Ss{*8lEUa3~* z+?u5tkTBx_E4uFaRstgWUU;vP3coB?o>J;i8S9`+yz1%jHw}8ZD14*Md_HAbiKzn| zlO^&eop?L2$!&0fm#R=ooPAHY)cirQO9fSOT& znxYp=3|JZ1C3I%CibXAn{IiMd|^lVjY_c;-nKA+V|wOM_F(}3HFFmEgq4!u* z-2%TyfL$qt?ng$78$S5I%g@3x?sDv$qkR>H!^Z4FxZxlm@0`Waa{4vq%o!yU$voWDGrk<%`riT&+=12>>w-_bMY+&Q-hCm~5g+!eSA&=4CQk>T&9VEIeV z3uLQA=F%Y!BSCGHn5DDjV}%D6EbgS`gP{CU`rln;dC1Le_YF{2-LKLM0rk-K=f$+g zC7WW+;}!YYO=f26Z>LWa7twxa6BA9(^U)I*Q+{6RW=-|kZl-4LkIKK9*Ei(_oypV{ zrgUgLkUd*citbQTjHzf1=~*41Y>zA(;-xA3=1(D~bKYOcF5YUL-u}Gv{ulVe@>gJ- z1nEay`%?t*e-A(YBLXApY;5T8e;C0l)ge4^4zc{?xn8I4NXf!&^9BmA;796615w0q z$pwQzLokhr$O&OM#zQK9OA8T$2}z5$v6lzwa&3TdNIKfgDQK+~2(aTN2x(K)({6%L z4ETPx$J4AjG04C3Jbj+OcYk(nSBpn)eFOb98{Hj}+R*Y}cW4jb-f+;0;HJL8+92i2 zR=wdw%XZ)A@DapCD0#`l>@L_Fw<~!G52!9{(azW==6epG&Uv{|t(lI(j@b2Md`}B_ z-$;ql9{1!?@dv?FtC60G4jufoW7*5W(H|zf^%SW22Bh$o?4=uhB(;3R8a&&Av4`zn zQ*c!5g@#|3d1wq02lVGtb&-Sm===EP?1fPIk^6|&9kvGcw zaPHZQLb%tL-E?K>bjz3BgGg1hXzEfeDo%NLN8b;3E$nrsO_V#@J6;-G^ExWQP$~15 zTk=Ykr%fVNd{&|F((FbjN8@)g6Eea>)`fSQ7}x5SEO^p1342e=wFU|`es{Z z<1Vk+lytq^ClK`{L>^Yec+t?Ty_KgPMCXy^EaVHk(%ndm!p8HORu)e~vsl<1s7%C= zKQ~QQ5_9l6DgusbY}n_FN+d2Kl4`0w&a_dB z%utSMNf#s-RGu3ismNC0wrxzQ_2cRR>R~mI$IDU1+)%3x4q`DnLnmp-8ivsL>NnC$ z2|>(5?fE1z|LCZSBj&_v)nO>l$gwY_v<}Q={C$v(quHxQ3LYfPTqjQ0_fj9yRPwfs z+D>Fs()50Z6e{PYi+G8StymsZ>Tzh&p^e7pedt@iQO}!`2XV4PkxWoHn$IRY5H?9_ zJgX7C6oI$Rji!v8G$G5Sjmd@Os59x!Vj@(w6+BKQ2qG^b7$MLA`LQI-QJbq1u9CNZS)tcQxe=XcQOb|u_MX82?WkVD=gH+^PjFoj*S z&Ohfilum0HY}YkZ7M7{9UIY-*U^R(PeQsY+qBAi6V|s{0LT6i1%&TB7CdvEK@J|xm zz~qxYmqSUG&*%U|G&+%1!qh8?F%^kN$_`wHW}Qjehnu}|)iE;ZIZRMB#oui->zEEh zHmqTX9dZ#=?lp^RoDk)lO`N5Y0+;Nly9jc`$%;m@D$bHq4X^1a#9C{Fxb?LG$Zt^{ zo&F^i?k>N;;rs<`?^(i4@3`B@?^|l>`oR$lle6$d9Jg4_-SFte0>RPmkwQ5~&$>wR z=?kNCv-&_UTb=ml?lL)aJK=&`zVLqK?8bPciY1qb!pNzWo1Ky+qTa=7SaY zX~|g0=8u@S`D^Tobu$yI)=h}pYyZ+lM{U~daitFElJm0F9w5n{P1u;P5{>5N;&SJ* zVJ7#4$jaXyR8oqtZbKD8(NWTt3l(=YFtT5PJ5AO`5t9ZZJ*quCTD+9QY@7lbo3QdsR^lx9Al4|k>^iJK^Q2o_++qo@)Rck=w8&RU@fqb+YZ&Nf?_ps%5 z5h@cuI8OsG%!vk^cp|7F%p5w)3_4-!K`R_Ohjg<0^-XEarpzP806iQbJxWR$!>TAE zmhsi!Kn0ygiST~o6O)A;+Z_hTIVczoG{as&l7r()vH267m0$fWGyK3ILFbM!FoId4b7cDPS)B7EJP@tKg?AVddVqAY?hIQ(6ly8O5A1F%jCdK|Ecy|P;G_ag z=+mjd6nn2VQ^dT>Esbd_bwsGsEsR6ipwH=YOm!Pu#?D${^xvK z)t}+k4Zt2QR~dws4B|6cuJH+#E=jqu$Me;=e3l^)I-H#O=z~l2KIswcHV25~0L(F& zgPAjmn2Vf27pro^>r3`DGR_<*RU1{3c1uP{h3E^P2(6@ToBFHXLKIme&w3r>u4#8l z)^KV0xJN=Rr;eQ29}&|);qw53{9T!9G&M|uSDJd>Fl9I&jl?O3J%}CYZroxJV)}NN z5vMlcAWEol0E;rc3lo`oi=M;FLBYwPGOBcfjjhAfjJ7!p38T?vew?_K33 z)%{gZO1GsW>m{nYO~M15(W00#ZSF~lWub&P%pv+z#P$jpdS(pu0aYEIabf%N>Ux04 z4MlO_Wt+Wi%b0Hnk#7TZX=c40AfEQ*E{1iB($`P^>S{zbN01y}{?h3M;uzfzYzZf4 zvbXP9^nlP672nM?;|pD7C3^^6ZRc=K*+tYezV%@D4E_BOI(MpcgAeAcFWwsP9F1Ip zswQ?NpW&eWW1`ZzY&y3@CgPMgNm5^=_U!Q{2z>YR=>arbm--8o1jAlI`5`gNi~lw_ zIwmY3F2VTqh``l~>0CJ6;Y8mZIFQkqA}xM6Qvl3-nm}tdM?b-BWVnR{GtAkSw{6EA zP{^13<_k&C^cWFWXn^*>j!L2^Ot%3Sg`ynMzF+>>>r)GvGC_$pL545&5YPYOL6cD&v4xz`pb^cMp# zkBE;N3C$z7U8s=xA-3OgD1U@?#IxsQ31AvAG}W+fjih>vfI@|{ud;H&Mdx#f_u@-> zfmJ>XOct5jz5cfq<3-DLrTGVV>cRM*ZowS?DR=x&X3GCheZ&6?25CE>m}2s-lWel+ zt|6`ofze3B{X=Dnh@0Zujt3()UsD+!b6XQpE*# zUBG$}G+*eQeQ&g&1^@ zfDIwG_=`Q{07_ZVKQrJ{5Wr4s#7d>+1Jf%8i86Al=KYKvt-=Gztr)Bk@TZ@~6s)nUsbq_F`&nE!0ejC21+T zq&0GrKFAFVOWeiL|7546wDc68xX_G3k1;34M3vk8U&pF`*`~OB2t%3f^qE^o&{~nS ztsXZC;fiH}r1oaMd1KecN{tzOSwGfsRDin#t848uJjmKXOHd-13SH4S!?23?v56E; zvn#RmprE%(@iN;Z=8?o*NgQMJsTGs?d1}G&;n!}y*4UMja+6_}1&s^uY_6kWOp5AH zPemSxAHF_=L3ych=UIy}9th1oA(nP3GIE}#?cA2)j@fQNW7n+0oT!oFZmp3?j${kf z5qQgs6xQs;RO>_uk$9^cPqA6Wzm^t0OBCRLiWz2GiTfIhWcwvn zQEj!v#?2%0#*tfd;7}WLECkIk==#nc_=?JulXckIT3SbJIMD2sM$GbqKK837zm~;% z8?F6xx~}ZyO*^$YgKPxK)dB?3s(QW7{0s! zRiBz|@n6)yrdvwU?+7Q^?5X$F*vHBYW%Zk!ZY~s|(RRt`Y~%Gx%^KCIta0j3D$Z*v zUFScvNG_bMP0lrx9YwJsD}E%1Q&5-r(E(cdrt?Z?=@vJvPPm2EWHp9>vL4b@F8qxU zodlqFt+cNgM3iI*GgW@+GxkG&rLhU@;fkb=$ba=Ehef)Ykx?9nO7M-5WYn9fICsLI zbCUg%6#J{O!{4aVlSfMO86EEr-rV+bsKiCxMn zbR{rmo{`^3D?RL8;bKcEjMWPv)j0B6J;e?T(`1+N=Sw5cGPk?KUrruNEB-0>9 z;Bepq^&(DCLy{H)!6#|Cn`Xju3oq0=A4ac$Hf;>`*>YeT1YC@Athh}*VRghFQ?7>* zBA7cg8Ot>X%r7`Jtr4LA5_79=c4Z&EhDP^j(-Gg2s7a(qHWayXG1!hQ*edmg!V1el zzly@UuGJY5ydQm5SZM#=xnsM#+FYCI^@5jx{uPa^KiMJCqTH5n924LYI)#l>Ses5L z+8lQaALE!mtbv4KH)^a&xrhTsrrM%1%iuO`HpJADy#pKIY`JSl$+<(0brX+kGMO;+ z2ix@9OaW3jOVHb~7(s(-l81l+ue191^yXO!PsHJSk>lfgXkywMnR1V<)w^R)>UAG$ zhOy4#K7Iwsu2Trf2f}|1O?>fnK1P2w@;?7ZXy-o?qjIJ$KLvx<{~J_E)P(TSUR>lq zmb{BU#28lFBZ+24HQyO=%MeA*;KeoKVamW0ioG<~4x@pRoccS*n*-8DXxLEL-!QWz zaL!RcGJ_=62IDdVOq(#*DV+=T^>y4;jKz8Lc{lFsp5=Y?ok7ii`xaOnYSG0uF3j$z zN;qxS9b$KAg|O^U88UQ_i;(D;`EYc`BfoUi?&%+iF}9;*iGJF#GAYfYGLby` ze#@jsHwm4oK6XHrsXl(hI#)rv=enT~y5)tXca>Y%Aqa@#(%;Q3)gi@6GpW?PvYKsO zoWyb6I>^=3A)Pd1w~u>dL->h^nd)_q@$k#g@U1+HD=z<;HN!qjI2W>b7q&{J`Py}@ z_5ZS4Ztd^Sv^m=-bZ)+x%Xe0ox=KF!J4J|4nPjc*Ts>uoP`Mupn>VLJEIZNfD2M7u zK!Ex$q=2*H9tok*Au+ugjcd8}m6oY%Ytr8Je%<8k(#|hL#uj6B`*hd+ww?C_->;hG z+Ijw-=pD|kYj*NF`I6wKM}WZPKIFhV{s*~z?YH|14dEhWvHK{=cu!#=aK9%PAp{Geq2vo@I>H-7a`INSC9*yP5O{ZH@Yr(M_jq&_N+ z-{|D?$g>{%AI&cPxTA7A{Mc*XzTHndKLH6J*|hb7*S2&BSH7!VLO#M~zLTPSuIz^! z_7_6-&7yls_H6V~f~8j^GING5+A)?|&p$f`IdrIy?#qJ{Rk5paCDx26ym3>7GKIHY z7A(lp1KMvwVFu#Avkb7;YnKt^3wwi>l>?^HzRG~8bW?HLZe+kh1Nl8b0RM# z&GX1H&C}*^!(5jyV}ghv0-jha&Gr;X+zfEuS_W2eAOWdEs+Xg&CA3H|fcE4vZID{K z8LW8o)X{l|mi|bxfH;Px$SXFK@c6~dOh)GDR4CQ@N@YW4#pTc;yHMU_YlaqMZ-m5WCN}(~RbKI1sT-(TA{xZG;Oh0}7?Ap|B)_BzYlK z^9ZGh2!`en53+2Ui{TeevaSd)TW6&BAj>pRlbHj{18fP5ku_OPLTS}erRfq$!M^5 zxl<7x(Ot7ZEA0v%Jjt7pLgRNpxj0V*1<-eS`=mo2(phUk8KeB~Ll}JCSe7pK?Ye#* z*bK`0q=2}#p{P{4gXo59h@+9H4T@QKc0u^L*Yz0@9-s|KJ!>lQHFOxp$uh5a8O}Eo zZ%3^aTkSMbSZ^X^S~*AHqP!FI`!qi0tRA9+zc1+vK9;Iat*bi~E%bI~6tH?ejMG@F zno>@}h&C<{DUcq)Z8GW|jGI0dnWe$3aS|i2pozxb$mE=U$!OjOx1&&3ft(YWVW&p$3C`0MmMbC+44@R3w5kqyCK&C8e zDR~F%y0WDgA z>W6mXEdZCV=qdBx%}T}u80jN&BTNil>2u}7+~%L?s^4E5ZF23Q&x64Fo6;SPTZ`OuHi^_ zDrC8y339?GYb_zwotIc*rE3%0`r`4TLly+0F5=tFpr1y#rkn@oUkF(4r;v2`4V{Fu0$Vs%Wi#rDE-`_vg0*M z$rIigl-t7#7qFpz`zZ*h`&*8OzCF{pkbJDLhTp&JfaVyLiX23S7fYdgS* zuU16t^y%`S5U0~*CjSBRuA;Yl#~hYRY8cil)zAKhUhpUFHZEbDkE`WEhrvaHWqMKn zs1Vdg9^@O=a#D8V6S<+B-7O>b2<)A{uilkw1h2=uUi*~79~u8=*SOu0>%J#ekou()TVIirFU4meMf~Z2(_7<>)NLK7bR1N zjxCUpyH~4PcOH2K-|Xp}^;39VXH1<6PXB1Y5wNt@FIWhafLQcMsZ3Np3kOPXxJlV= zRQT@$~GZ=3#&y&Jno#-wcx291$das3*Waaa>5#+ScF@OUs#kLy4a|M3fMj?K!*v zt*@Wt#Nue=vbYUHm-Qy@p_2^0KN%;{fJc9US|}vCQC9vz%+EkqfiZkUNwKG7 zWX9K4x4n?>4Sbsol0w_E@~@E z+yVNg*>KsV0w_5VUR*4z{UY6?eVO0HvtBSc8aWYM$YFAcfCaA=+X=FLmjK1q3LXG& z34HGeQm=(uQ~toyPS9M?qzZ(?TN9u5cr?dzvaDRo+c;Szrv1KqM{Ia<039V!eoRZw zX49|s84BH1z!B3ONR_F{v|DLmD9^yBvQgC!#nCm0C@)6SQqBuxSD@KRE=QoQ9Y4{R z#BJbioYr?&q-NP>wN(raq`r=aW8Y(`t58$Ywm>%tMI)}X93$pr3@STd8e`~vZC~!rf}OQPJ)Y@OPF#g{&VJWbrnHr=F03s+9IgBlpioP79u{%1%<{ zFVa81vFm&@8b=X7kT9^_qCzzVyIMU9bS@Shim1uAP^BZ&apT!7?AQUOKO%V;iYm5z zHm#6K2mOnYsVaAhgfNhn(YQ>;Y7Sm|VFEO{em6l=LS`-6Tw4YmaHOJ72#xV|`4q`e z8J1#|alT?R4!R8RwCj{T@p4EUMCjwbO`PRsCH=6JeL zZ;FV(-;Jb0@y75Z-DFZMGIkvnj7B7+@I}o6`(WuOe{)9!xk?Cg2WGIuUkOdu zu+5sEI=`UL9iPIi5P~M{P+MocOX3g>|K@Zqofz`_1CEC9IKTPghx83olb_PD;*XIo ztEl0;qs=Z-MfQz|#_|p!$uBneB|hRC`EVv)Y7+{rZ8a6EH!p8jZ5|q)_5mVwHccT3 zGeZY@pB!*QR0b5UY)QE|=QIdFcrV&p^FAGKnUh?6Kzk6W(0owE?s+8Y19i$OhR(cN zKJ|B237X>i_;U$7)SYDXfqDYHU+#=a--!9Ff)M8zIkeKzZUt^L6=JcVh-t7xf_8lu z%_m1%tep3fOPeRg;0ab`l}EWCl-K|jX;(yLmCxA#CuCPV*uYGxMf#9|YU?T0K#G-@ z7-pgTFAt5XR_6-0wF|yAA?AifH2ma_kjnNfM1yCCU(gs6-i?yWI2B(^SBqC-U(4#^ zHH`J?<7Me=jW7-9)e7P*ME``qFA^dFgF|wdRgUzK2s`-6Dw2x<=Qn$!uwDF+0)}jn z9cBrH5;)2SfFbEEbj?N3LZAySF}ns{9!krul7a_fT?C(x3vxNO#biU{ z&M(^Y0d|{8O&0vVksq?>y;7ISJ^N5C`P}6V*OH6ZCu>O9^F+ogkp=F|E2zt|y;q2o zK=BkYF*_$L4}No1UT(Ovw1+}L8=kt3ZceP)sL+SJs55-2`Qm27RD2os8!PRoJDUn% zG51@RPs*4v&Ck(Wg|43(<4jk9i>S{jsqBtNuJ1gj?N-oHSV$K5dB}UdF&wHl9gtktW9d7Lt8R@Fn#4*NEg&JbT~-oxz*>u8J1$TQ z*h?Kwg_}SDU5+NAhFfx78jN)zm0re*u4qg@KPUyAIv+9NjI2CGHlqbWX5qEaOTn|o zyF4ZTKV5`EH{a>#Rwt)SauE3Z`RD0*o^ekziepLZI|!+3{vfeGBK%FdJ3)B9;~^zZ zu|>@f@mpt^t4{yS1e=ouv{koOEdV3g7jn3HXD0ewfhxv>8SpV#hVLUBrbXTi&u9}{ z(xS2LnE%LJbB(v8)H4zJ=011G;$6el?``(8&a4vA!V zmUr5(V`5#>*KA;TC@(tDLnAJ@3J*-AH%K=hl#f5$!Epb)vkH$_ zNJvL38B%6nkgJatxkz{=!V!c(X91PgD=a*tMeNfEg^NN>N`^Czn?jE|M#IwS(t12< zdyRH|hWfr|$nca*3YEE_$*DiB`%s?U&Fo?39lD(-h z9@oBE*F51=bp73UC+c}K9ZVu9*JEH1`2&;*RrV}CXhr%tYS#GgE0UpEBe>me>69Lh z>vItd@GbVIS@25Q?f2xb5wynN4iEV(c!G;s4sz8IJf>z>#&olsyw3z6xP4gmfQJ5(|S* zjpnB2SrX&oB6u}RSBUwi)=FEp0L#9AmyfJ)NVLo5Yto>y?(2J$p*Sf~ti+SK$*JOC z#xfjMbrDBSzZ&c0(pzJj>O$OZ zDAp!L8$#gL#s^CsGGJVJOMvZ=rT)c38x4cV{6kzXnq!*JQXvYdkup^)Lnm*P(=u2u zLT)g99WBTvHaBz9gY@x@YG9RE|2L`cA56mw4PuA8Iu10q2sFp~gR{=8#W&a`ckgkq zHY_b9%^3$a;A40C#GyQ<`EP-XxOSFLc-oim_qDzSOkj0(?67pSW8ZKPUpk^-YDBiFbfqhfTn_l4Kz9@+jO&7JBE}F#jgR#2Td>3wJ7o#Xw`9=mj;c&5 zmqt@t^1WLS9--fhX!W5rpjuPcHlbUe*EaofmQ7iYY_&~U4{P1zAqIOo3>{EEW!-24 z-Qh3^{M6&PPfnb_YRps%)Sa63T(|Td;f3ARxzW`4a?J!NiULvpyv=Z*D$=k3#Kp~@ zMBi*hh69ON83Jtqw~JyUQx&T%DB$*cnaUw0x1hSc3kUR?tP-;0RCeT>+w#GF;)B0g zi}#x}f(-f5oLCbbWTDTYEpc%*^6EgtU5gCd69)D`59sX_BxSx#%mpEb1*Q5B3cX-5 ziW;F3{pz>n2DhUA*@sxfA8bvkZQ&KrawC?}`q`(u#2-3xXyPX~7RlKULM4o?JIR4$ z3`xGMksnJ=L!UhiuHWld2)&sd6ylvCm*SuO)|0W*3s`W%S_D!$x>NF)V$vEM&z(kV z$W~WMP@iq=NZabSKC#mie|8Wa)2{lfFV(>n3z=NPBpGmOM`xg$2$ZcXib}k+T?I`> zi`KgIrMzNa$!p@R1jeafJjm6K22A9ata1BJMY~j&P5Kw3J#QvWKn&k&`jvnb17Sm+ zoA9j4Y@LNx!ms@nxJpdp+OqOduawETmMZUQiI^1Jx>MbBLN>Y8wo&i*`Ql@h(=rye z>J@h0UzzHX$0l=m_mKxu@=|B@Iq;$sdDxlYA$zP{4%h6eDoXdPT%z7>`~yS$g5R*l zYW+g*?ho^o$XOlJtu&<*Z3v5d@Nf1Sw#5)Xutv`X-du*f{8S|{ zg6asZa)s-(#o`Lwljoknm2P#ZTpN@vgHKZmO^eQ-k{Nu(?>xeDlr?%mr(}vG9>-#3 zsTjTz(;dx9wGE%r_zd6uEG~l`TQ*FQ-h?PfjhQpzFRF6X zZCl38KTS=FTyJbg#RzuZOdobE9noTHn`9P8S4|`)oW-_Su?I)1QiZ`Ilrptsx=TTFROZN?e7XG#> zHuXrxA3<{+9$^mYx>4<$>$H3D?0l|!i))KUemH5O-(FPN_*Ytmdaf_ ztbGo{wgmg#yRuWD?Ry+2LgBC`sV(N|CKa-X9f$O!7NhCg$}a28aL zZMN8?ugktwZknfU%8TytvuDSdpYrYfh%dL)+;-B+#KIDm{CZjwFwm`ShhDtJEd)-2ymU9tvA>e+&2Y0Jy+_gR+^v6Jycabu%Jvd(S&p=O zt`w;bjZ1zaWwj0XrRxH*NcOv8WwI1W=9U2RQk&*P@_SStX+?P%(L;mQEt&+a{uJj^ z9@%551_~HOyaeKEb%~cznx|Gzue0SL91$cVHT%?OVh=_imsq|hAXS5h+XV|Lek|EY z&5!K8&jZBGJD|%BdA#%>uXhwp`4H%!FOrXYLsO|He&p*6gW}M(iv41m6ta)s!4Lh zip>PcF$L(Ch)O^x@azE8ZE0%m(ZQA9N??=Ufptv@{ixD|1^rm?&1kP zNR#*lrEfQuGe=`18RZr`4xfCFHy&NT-=1Umf2{zjT?b;Ld*+Y?ys+#B9I=>~BF}0Z zi9jFAUuBCeWB?T>M|mUS3Nwlk4HpqeJVp8V(GpUMEle>H2PUW}O#Jx0lz6s%Zd&3H zSu?jJS;(XFdG9|xcf>E#V>cPNo_Z$qBWI$TnPEGHkb2QOXmDcseD<8)^=73ei7Y`+ z$GXR;gO=7NJj6KK1GHf%N0Rm48;$jwP~7}xg(z;Lm$NlAmgaXw+*cadUS(95Qm7d+ z&tXDM3}){L&roi2v>Z!ZqRaK^60V&0x4!CeR=(IoZjw-~++~Cv<5TNbc4=7W+-{B@<^6XP2=e)sRy9 z^k}Xv1yxy(gbyp}|8(T!Qa0tLA?-p9yU`YBsI>3!<0v^<1<_PPR_P0!rC_ETI?|{M zp98nG55*9WlfdW*R~jeMxNm3pvNEF8YZBh0C`(46#-lW)W2<6McnJ?VVVDHPXyC&Y zQpE(+@*xbBL!PCbvTQ~@s!wZ`a9A8;DpzKQIMqX4lofSpIE5-YP3kC~P1HIkkizWC zjh!`;8oD~it<(GlZ`wz6R;e_FwHY7-(XLtCS#(kcHHXXS_XH8Y&4C?;?STFlAg3DB z;=g>;24MY8!Pv%r!>hUX5|)!^h<`EYz^1#&EVd zR~7$PELAmVvrs&Q7ZObCiCt5#xlT=V#G_FsA74a9%(^kLCpkfGl6Y=LH8`iy>^hDP zcWx|w0_zW-KA4wie(O5$hQXG${XhYcx(PU01j!$^cU@YvA^!pE9Oh z%&68S^&u_dl~)_igp*5gm`B$qI4q+$$K~FZm(T&TNb7M_C#|eGZnC@x}7PK`tAE1BExt^mK@tc3nv zJsX)7iDqNkkUF(O0BbfZeq*x~N6=(#Toc^_T5dLOo_>Rj1I|d_-zMhy`8T~Fgt8E( zou>i(BwGoC;0l1%k(5NBHbiE$6A8~8QY*0B4G?m#RmdAl_S(jexkTt{E1M>29kG`u zJPWC7J~g7ZpyjQ`cN+OxDxQq8?@ahz(b|^eP)MoF2jXLDGL#*lhe-P1#=Fx6Y5O&k zZ-RRtE;BJ0XxgVJD_*c3A==nJ{{kpk*jQw9e|m)F;Fg^*_lh1dDzXJ}2-n=fP5A?( zcbj%tJiJWRaR{qXCNV(N>GWQUtf9-hsKxDY=3#Mn)Yk;XF8N&c81^LQ4g|pu{9tz> z@eefyKsYANr}qR8Kis(PDU{vVuX2sKPwWWZ!dkPc!@W}#pcb+CSu#IRWes{_ym^Hl z{ks(idVgKYlYIYXAG0@ zfwnG?=)WH~jWkX=zMrtj&C{V`PBRhJQ>9zS#E2)qos-zmL=W&N0cj)S)?Yu~eHe7VFKHR)A<{PMy zQqUr~U@jrhYm`hMdQ{d>hx>*zyOnjD*G7w)Q5v!*T)6v9NIx=+8ND78TVnqE-Jhp{O8{Y?Q5SY?PGzPgDO4soH z-y);qB?oVj2w`mTR zl;qd?j!e9j-Hlh*)xT%E)9Ztz4AOhL7!$?Nq1q-iWH&IF8m|G;#nGABL8xW9!=I%1(w%nx zSdEk@0OCc4s&?&Mf~~j>TdLFch&n<$zR&@Jh7tzc5*Sxu5=Bgsy?*rm#@jRW?qS_* z2-oH!Bdi7LZ-~?vY@?GfyU=#oxDxq~V7KEo_5s_ihiBYz(ff_(&hl^BZhc&{ODuAd)epC$qaHUBz-fU=YEF_GrK- zn3_Xs+kyQd{@1*HxQ)LWou?R|w$HC8b}&lZ-|L1wz9*#T7x)4MZ==Tye*-H`MEPX> zJnrDQ$lYVT0-}Yy+F!uk93fIK|FJb>vt@h^{Q8inFn${rf+gK^l8qv8^JEAmBzD3K zp)exDE}{rVBIaE*oxcVEN(*-w4bvJke1k8X+GZ5Br%)@j8Xw-2yzER~C;?K$^%zWn zse8^V1$GSepA?f>o!`v{zLXU*4d#x(#}Zmt%q+s4X7r*h!oVRV34E>#5(`dkv3?fh&aFTYY(aQ{Q@G=V#9BY3k6Rxx1G%NK~V((1TYYvk{(-m%Z zcbVQhXQKoQNt$NRap?rP9BJG%mR?TtH?>Z`l6KPk0iSPVJ`0TA;FfPEGwQROb+e7w z=LU&CqpCEkp2q5d=f|7sUaIn6mn8ey8Y`_@RnT@@l{cB|D}l7#;aT!%kAII#C*f3j z0JgfBnMAO)6JiZN)(&79t!ApuhZwJ)#uQg6`!{M@6gFvjk37}Dph!%46mAg5neZt+BGJH;iozyL&?ruJ7f`^;C8$P- zMj0Lm{7Zj28OI-q=OHoQ=u6jfkF%Q07Pn{3>Oa~o0JGL6x#bRHjW+Wnpr&n1oP2<<%V1W3@ku*7E@V0~6nMC)XWDnZKE zh@F2c^nQ!kFJmDW!cY0|VicRy5J?@dRw$+BfRo4|rWM>5GelZO&SrDKB|e$egnH5_ zqfiHBBTpes84E7(ig}i>!S0g%o?!^<0mbgME&Gf<5toAPjCEv>R@9PeFob2~YRaD} zf&6uF^Hbv@G98?fjQ#j86R~ac{lC3{&@BC{i9e!Q#s5(>`yZJnB~wRNQ)id|I$!?R zGbl<;TN_0kRhPUOtM9L4hpIrN0V61qs3K?s0FjgxkS55`*i0B{=peCY0&GG5WOV(! zuDty=ryhmg;M3Uk>g#)l@lbkce&eX zgz<@LbB7{|q)S9|l_Y|T$~d`+g%lz(;q?43)D9`R^}Q^#pGa^2>YT_+q@#C}n#fDE zV|23_wBu5o8&>Wc{#)lzYYXiLKad=R~d9j=& ztdo&arW!XaYx1Q6jqFScSW(s&LcYWH_F zWj@a2`~mU{+%S@<0aU={@zU4^dnGm~mRpe4GVGJc{XX`zz_jJ)+(L>Oe7P}rB_!MU zj3;1f#%i$A`gSbLM~qcWMfunTzPMU``gBPVpa3@J5v(mHk;9s+Ot&R8XE#zLWkew} zVzp#6Fr;8zShT1BwA{49HYNQx2~B!ZC#Puz`P6g<^}!TYyqJ5SHFdDY9m||XJ?%`p z-Q15Jv+jHE}kt6-_|!&jEEB@fBNXfX5Ui=8`sO>5BI9H7d+F?ZaN8ZJ+&V zNQMtr`^x?8o-3m6rrvV*Cyb*h#!udTPCxz3SljdbSDkJ&@5zdA^rhQ{;qVhjQ?ho; zOKkk(y(L&bqc<&b$-X?mhoHZ>EYWQ84hJz-lIU~zU?FlqY&Zae6vrJ>4nt^-~dO-XvxSG?~< z6=c`DMDuS-Qu)#DcVXn&4Q|1DiK9QVT*Ia?^R}*ltr!0JK@aYda*vm0(KIgG4YTcs zU9+z{-lp6q;T2>dhA44jcNq4Je0$6sPE9=UWs?A*DQtfem-^-Q3jGf3r#oZ7tZ1%H z(7`?SS1pjd*49Z9`=s$boK5YnGQMXy+_{a$bs~;U%OoI*&$AsakZpr-M3&8_X;)6s zZw)}pwt;ptN{G|E#(|4?z=m@TAId);-X2LSwWchV`R^&IR#x(T43f$+H`0uhHfc7m z0Hk3-3b5ox&EA7PBWJqq46@ifRsX|z`K;|f7TH7HELP#YhA7%ZQ$Nwh{SD=32sL=$N|E(C1&#_>f(B(e&O|f zz%l9Uyy;vUWEo@wWykD-p2(GxIgyOZZu%4EzvfoREs-2XKerLk|Iy@1`~SO<7~9*K zS(?);IN2MUIy+n1nJXAN8QPk<{Af=9*T?(+;q0BlD-D-z;f`&)W81cE+fF)W$986H z+nPbgwr!(hr_;%wwe~uDKmUHtS{LVH-psrDzW1xQ#;8#>O4RLDzmm7VL(){38HBJ{ z(Xvi7ZjzCXZ;h6Y7z%nq&`{cPn!Hy3*J9Zz$d*f@Goo_CGdVx$oU;eCoHNFA*Y)+2 zZG^ytm?fT!E&k_Cml?llmt3FwKZ1gvphn+z#2cVA*O3R*Uo#_&QB`?r#hGInT_?o~ z4x(JACAj_cN7C+iDfu}~fRVb)o5PxSk1cV$%&z;jdftjU&*l!QVHR$O;Qiza?3&}C z1Zc9yl^GSD?!>ItsgMxs7MES7-WV&W*bdqJg37M<86_qKK)b9Ay*cgr`wW!Fb{l@e zhhVtUiV5>fZ5;10aY zYUbp&?JHAueMxK4+)YfD9j*8)*~E@>78!mu35uOV+3F0ex6Nh)cXVxXLf&JHk!pa_ zi&Y=oCP4=K-%M$qmPtBTxRbiMy+ZqsuWvfexHQf(ySo=@uvS$T1^u}0lin5%8N2H8 zi`fAUChcCf{vD;sE*n|*95Joj%LB1uWvxw1;5{udSDbV25^y_^7BL}?99_I~N$U*9 zS}l6l-gA^mO5lj>O-+Bb?3X@TekY~eo8|qeRLnf`tbI4Q>lp?fXkAJ5(WTL=w01IU z*F~v_Y<*|XuA=5xqiKdvA1e?hxaV2D;N`(w%(*%JWO={x5OZzSa&}oRr$>8oi7AlLR`AX4|QtcPk5hY7nJlLEDSo zjiU7_r?xK)R!wfO_Tb7IdZ%2{#&eENQ9GV5^e=~END*XgcpV~_TyN#9KAS}~6h_r= zd+MLx=k_W7*6}j+tF@ey8q67rvyqAH+QCumMCkhV_8jxS>muDq{t_|D!@WEaJ)2*C zQBuPvDr}i_OxTG#bcrxKrv@E+PzC>4Ogm~OgeBrj`KnNWVBK6q6n@5i$T$#w3IT8v zv!|>n+N26FZH~=6fd;V?lAb*`l_>beR}K2ILVN zadv?p<`!2QgiIGAxk9;hsUs!UU)XVHZ&Ku+1-g=9tVDYUI)4S3%Jg!i|3cEYKcT+W zoJ7c#l4sJagG!Yde6Ordi`Yu~*mc21Rg(%_4`9tG)# z9gRI_Vr3sDQ{>OSFM3)jjN1i2iL2Td2TE*7cPJ!+Rub>*HS35%47_#@99HNnbyaxOoFk{dgmBM+ z8xpwd1Lz!4mda(%bLy(kB;Fq2ImpJZQupV(%>X4#Mm z`CoPo%lyBwzjzo88hjP z!x>l+KSmTP_k4ku|8!iBQ6FV}`znE5;ry_y0Mnr#c<9{dWQiXF|?C*SZf)e4UiqQKp$EI-`-!HiIt~wytf-qVi zC;JHBJy{=EFfJJje`U5hSf3I9Mg1__8JFKH(*}3qOdkwyya03h_~B1noI!$pa2O8v zNg%^<7>@T*A)lG`#)l9gpIP;WhmPP0jetSXv^adDH>hD%FIMcq;n=mtz|?pi9KOl= z=;$qYLSs*AEWzGg<**ANFt^VX-UqlkvFjX$2LvYep}{jA>{CEWVjD~k(PHzB-N-OF zSnM)&MeQy5Hiz~phv~L^A_SLVI~?po;ozGBbD|v}M{u5;=LUAcMH#UWASrR4Sn+p@ zgdxkY->|QCi-;i=Ssz@S)BCK$Ko}r#_y(8;hjQR^&9RRQ$9CZdpa-akVwpVS_81th zESyq}W1@Yq`DSi(82lsp;NYKs+z!ASm|>snyTKcnSUEcb`X=Df^zcn@U`4Z{4_dgC zk=hQ(h{#?)E)VklzQY#-*@gtqbSA$yBfd>aG2ureb$X1%3Vrd3av_L6DLChv7?a0; zE9&q^%6ao~&mEvJna$Vg zI5~OHT|NB??u2*b+ebvgM#)@$?+X<6=)Dju3sxG5^^R3CODH^Sq&$7b%Z*^fj>zif zhZF&`4EE!VIHc$glSc8R%5tH|6cz57L5uzqOvt$+s`Z_3X?FLC3 zkYDX?A4kH24Z25VGoU>2>D5dX6Hp_Rx3>KJ2V|AAPd34t@oueFYuai;ou2L(nn z@CMB)_#ZU2h7@Ao-p-!2KXQ%)=gF5W)2(xq}H z@^Ko#=#*A>nBF?3eI#ndlDxtF8=eZ z4ONp1NXb2AhHE$b;=TMxw*r0pWUwTv)#fbH#mm4uubS!}sjwi)2BI`-6T zj2gI5=NH@yu;a|oRk|-lY!Dr_xvjNaFMYE?ypy|!rse6}c4^oji-}}Qw&qpJ#%*yy zv1J?Lho$Xv4vEddDqDIqaCiGjVO%0nt(TOQ%#qS8Rcc|&l0#=FdRl9==E2-zskj17 zjYW|RP?OhiFmqW>BT8>d!)4xU*X8aB3QuaUxnA)IJ(SKd|5aidI;%c6;;2MxCPUgm zoui*J-5_9$Wl_dHIOF7&8o<$$LUCe7Wq}t#zNe>eb(rIFn3aTuURl``9p~qA*KgBM z6A9SF)e+h2K>c&(oen|UkQdjsD*k31Jj+Y_gH%6z{cU@sYkLyi1*TJQ3`s=Q%YmP> zxWDa%v6NGdFM!)S!9R-`qdV9OqZ>)E5D8Q5Mb=Y2wC-+ZWw%c4h3C^3%%EzhFbe86 z0d^;3rF?F7kJ{`9>%ekzVyVvkpS|_js{XXSneuMaC#ytQC4PsJyH;3_AC1}xO&FCN z4@txNzK!N|88bSegT*=b#nrysn9P5LLOWl7_xru#^H&t;S$GfU$e1IpnWE52;)zyW zp|q-IL<-aLrzV}#Y))8nn9KWI+8L{a4)nvt@@J@xE1)N3G-q_>nsml1E-r{Uxf0zL zd-v3*7sXDJqXCMWU%r)PHD;)>Fb_DAat7A3^;uFsj8)AndFG@@t-ij$omBu}k$%*0 zL_=N5FMx1co!qqwCa)Pz-tnf>sz4*%veUHm$xU}DYJG)uJ`h6y%$YD-S4Jiqf zi9@m+2EL_B<0#Eaa@WieQnIK8;E+zmf26}I=4|{yz0R#)2(^kEcaKq|8sbCR1v;gd zun>(ON}YvpnV`GbM7>qgb-+>%u~ccL<74szy%)zR(P*+!t$!Fe94=&+AB8x%b*ORR zhLu~AC27-|TiC1kN*wl6`kL7CxyKR3TMjvB^Qm=+^LhQ)P(?g|&&!oe44;4+ZFYf5 z?t-6*Y)988;N8j_L%@VxyW7-889wxis&x-6`|RrCgUH%|jhZTDGC)2NveTea&z35k zU}a3bI{;`n|I@au^p7RP?53Gds>oT+GKzknwgZs8NKg6*G;C9(d=hDz_2A? zW0yAL@M$vAs^-mj@<#gWNd^hou_M;SUsY+PpgXX>^xotI$kbXg?U0DCwnsP?Ai5=9W1!Ue;G+ zA0<*z#+8gPZ!BOikg?=DY5T@IwRw2un&i72zW^vOe62^ zN5SmR8>kAn!6NJ2rG3cTrX&8TPV!3+w1=TSH&0*Zvt#!oYt3fl_ORI_3q~*;;yq(PG}`5o5+jL+j2zvQS%4y4bqRl6pce`-uh<(FiV!g+$6te z3_kVu#H)j@$5zjliWu9FgLQOZW>@{rlHBZNblGzQGASn{&S604m7LYE&r5?PqW8iJ zrS#q;S+vQEIV+G$)_#&y=#;+A^l!x%cV=1H(;Gvz^MbT&UBrQ07-+e`pLc8kOqF)F zH2mOkr~eoZ1`jZo3*+HB;p;eo9v_g=4HZXNqP-H^9(nSN-?{=0&Ju2&&J3+uB_y6q zX~ui{70sx9puG|+JM%!@g)x}~E+g=ipyLLxLbJjVi{pL0I8xvp4c2E%JyZo!D*(W$-2qrW~D`ZSo9G)B&YG|eO}n-8YJblwlWORL)+*W0 zSE!=&TI8LG7Be3%2UG6c;A$0Zm-)?Y4f=30OP|x+pujoHTTZ+0ItYUB=3TcK4+t>j zglw0BS>h6m+->e3nATWA4aA(3YvhR%tK4BM+Lmiaic9!|+BLH3eoC?UK-?SK2NI@D zx&<{fhrX4Yp$6eBV4iV^b2D_wLp!MGR#Qf9Py+u3$y&=kP*-GN%1P)}T9Ug6F>%+3 z&d8R2PcLkh6Vwu53?c>M5&P{Mn<|g9q`fe2MxO zsW?0f{GQo9<->VwlP+D+s_Ib?Fi9WuTHGq}NjkPkldfoO`zV+?X&>~8R-^jaY$j0T z#xJXv0@i_}if_efx`ar_V#RDy{A{nRO6sD3g~6nui<1-cIw%Hg}#S#Kz}lMVmy%N)MFwz0Q$b8>QaOK@l2J*VP{g!K#3GLf=Ji>P?9Llg)=B5&n^_MYg= z+u1ts>I6$KA}Yipp%7C6($@`UFe%K-_c3NKDWuqyT*zo$0p{TP^NoER@J>U><&xv+ z+EeLVG_2dDKGBG$XHO^&3hw$Jb`7^*zklEJ{NJvj|35J7_QTlK z+R@>^0CA4yUtRPS4F79?gx`oXR0$>EeaL!R006En2nHK8)pwL&^^Mc|IAHx`ZD$j@ zeC8sDeR8Rx^#amDslA=fo3ZW!1?>9j!-Rn1Ppi+64?I5=yg%E#O>l5kT0d7ac%O59 zrhT^Ww^^Hhe(t`>f4h9KMV3#WPk`>M7i-!tK@ws+)+d1HVP^RW&e3!Q7d@u@7`3ja2~WFjX1W@fD#aU29SRM$)wK z@$=YB-7W9a0~{Ui0MrG8^e$Yy{0^l^cn2`56o43FNk9?bhIsl zM|sX_#3rCRG?Y=5BHJ@1KQ;xs^^j<34CKIYyJ_o5?}U8FrLIG);hJ}X?WA>Gm>>VB z=X+>Kc#v&G&k{zS!O;&17sm=SZX?>!4I@VvD#%3%k6Dgs!cq!^-)uney zi8h4?o1%uy_fT9bxC}O)^1Fv%sgIxEg)~z(lI1Am20G%;2~5{mZ|?zBoFuY1g^~7y zHIpD-FF{3Pc03kW(N&PDPWf#z`8=)rKA=a@+K+e{tdnw*aD|{P&#=?2U3}W8B?o^z z^#_n#-;o9PwHI$88O~mqw-;~G-ql9%{Ywu{UP9vx$3rJxQsRu?bw(Vs=Y$b7UAsbe zVD0q8qj>zo+uXW>t8i=2(nmliiVr#-e83zVpD`+W;&x=|u4Rf?ffWZx^FQwWQl;|! zTQDaflamI!%l6`VK0*X9UZUaManT?E+`rNb8P-SA|K2X?SZWJ&zdutz3mOT{w?jJL4TNi((5Uo$|1r^?l7@W)U50Udv)C^V(&FB}>6? zoYdaPL0?6thAj?aPVLSIpl*=TA{oq?wgCjZmhVz9tZ2@Qr1B6ZfpyDaQumeYI%qQw z7``DP*eSACSTe>*ugLP^u1Zr1Nr1%Z^m9KYZ8}+w zI9QWB=7p!dVlXwBN`G@k!w(4cLY}8`-#`EsAX_yQRh@(Uwu`9>cG4v%Wh?s*yA*YG zoz4x83&6bLd7R*ty1Bv4K^u+YHmO`FD|K*37KO~D(W~42*QRnFO0lXg&nIeNi$tCM z3SQln?PdTNnYZ~RpTR+aW~(ZL{8%;lYVqZ^<)dS*vaNI7V_R%fK_Av6Y0aM=9=s}5W>m;->dH+qw~J54Y&}EbgvWqt#0au zd0l6?%A$*7o5-@-y>@Y-7C-g{x)lZDz}cKPUxH`|vG5gppF@dU(Bf74WtAVt05&g|JxpdV}@k;0M^r%ND4U7lXx4Q&~tAezsE^l zbUtT+7|1NNF@f+RvKT+l4HeI8bMnd->^sMBwJ?Euq81}P;l3|tBC@1FEW?8llCn+q zS~O*Pu^bijwY?RtH_?4L-;=Y!@h#HZoac3(YW*x6IB!+U%UpneFvW_+QP2 zW0K6mANB4a7kn%&aY9^9a7Q$>Ke;ra^U^zAWRDM3xtF;8l|w<|o|8Yo$ovvc-{!(m zQWW9r+me0@9HZr%18ldVRz7?M{%$gwH|3e;cvv0>=$5nJ_y^>N2@|(|X7Lg@BRHop zYP4xsa+8)|XyA^MGcUez0>tVHeajzZx{)!WCJ$Wyz{CkkKW2|sg(2SM_sivHU9EgC z?&T#*6WWw$38QTP0bS(qq6wt=rP0QuGsL%iogFMdM>^qrX`Z4=?Xs~ORIUOq_roEx zNtH?zG^PFyma1gSn0$vN%oo-aR?m%4uLZ6)2{SII=-W(w7-?IH9)v(#Q5>ikIsZ7R zsrZR9HyO2#P)fc`)fh3xp9Fv#CzLVu1#ZPDgs)WG-#7sq#==_m--f*dgk52e_%hKv ziCAx)ob|U>w#|jal7HFlIvV9Do9^N{BKZ`%W)kKtoxx}Jus@AX8n=hhfVvf={a}7E zLy5&YuhsN?HLm-T+2YYGoqrwn@c$&&{#}saja$M@!^?g6Gzo?j9eDX!f8wXWD-t#L zfG*dTw3VI6FX}=2I;zfQpyAGv7(jD40qc}vng&(YNse+?H2T;o&)>v^coGjw_xxCS zcN8IT`iA-*HnF#MxewFcZvm3p>FEcPtwg9W8hStsH}9YHBaIlmQx-6bR%(-iA)9Shk$h(LJ(?6ol^}A5;e`A^>a#){M1RclVyU>v+X) z{LN9LCOf^tgyCNJI94p!+m}|p*NE7a)7d>vyt@UC@or?IpGgIantLMmNW>k;tq8(ee*ergJLV=B>qRd(XisEd03qpg>l{iRzgkxHDQ!)MkxUjGy zlAYWtA%1BG9}*oY3>Et|thZq-wa!ND^ULYhXLV|>7=Q*V#=AwdX-ka7zQVBl@p|jN zHJbQurp4A~7PHRfb~lO7_IhvllpYQb9xT>a29;((WRApOkadZ|`C>Rc9#I7v29go7 z5ekdJwFQs*HZm2GN%CW6cbF;lZ{}(daI2zj{F^cg0j}(SWd=DU6sfc}P$%D!T464v z9S@-XQOzFHoTTbNJvOhNCkIDcXvoc3CNF!Mbwdp#V*ve#iYT>Y!eAcb_Dsn_d?gd)$iHw zzbD210w(tl-y0VTW&F(CmSf=c`d&-K$0{5$xGQ4d_eYZmU%9C(#J#m6%_C#raYGP- z%Pq~2zn#s_NKeYHJS&dN$TJw5ni-iHnS2A0z?6WrfW$XI83hO(&icSL%QUDpb{U2C= zlw(d-4Kf{CB-Y{bo)4EUPP}?@%055-A_Zu_=aa^V;!hhZ6XaDKq{flcRq4uaIaF;# zg{kM9&643mgkOaIflAm}z&+Sc*Gp$qAqL zQ>#JHriU(mm-MSBpmr*y=8wnbRYR_E*qGNp%gCjSY{d>=zVltN`%^W;jxu_PjIBNF zyKpJfvwQ|zghR*cJQi)Tk?qlGgYw2bFW5^xcmpkD$cIo~;sp)8$;q|$sM_eZUDIE; z#H8Q2bA+KwQ8?IJ)VDAhI%B$VL6}Iz^Fh*?-(uF~uZYNLUF)>%NPQ!qR{fa41eCPceMY_8MBGKA z5%>6;*WGdiWi=Mg_M3Lw#&odg=)z0FIp?q1-pO)++;ppB>ow<;zuKOwY#{7ps)U;* zG4@z#7y=^ApR!Atg)~XkpX`{Ap&;@dNk#dNygm-Pwc6uNvd)7Gm6?#+!=-`uo?E@P zRM@}>S=?55-&kHqikq-N``_4}XpS&)@t7Hb+`fg-T#T9qm)(u;%e@|}=;^%L(hzsy z^c`#KDfWf~{DH5@ik-bL&Kuzs3>Ex0m4L2UZr21jTDqBU)PE?AFooALUC`I_Q_%1kDu6wVc^?~0 z#JgFZ{!qbMI{h&ANyh0!(csK{NLK;dF?M#DTJ?C|&<=%^oX$?aaoom7JsV>jW@G$q z*#GVx!?>AKVi|8LCpj*`k0#@|)GXYEJd|?s!)m}FSM~DBu8m2UKHNP}O9~9t_Ny_NR z(JNX7!{18PE+H19G-m^9Q0UexMOi`uxzH%l#C;fBS~NE*Yn}?~_&PO&E2`3#1YB!A zl0QN^^jdbflfgkx8wFe+iBEoKH_dGCd_0*?5&itUK?|^S;tzP_!WSalR|mvJlqk~u zHR1jmKm4Y4?eIOql#8&p%2R$Q@|(iG8u`O_$V6n$vG4Hkk>n*NTA?^X1p6u2D1WTJ z;m(Wj5D3xJHLUKdOAKYmaP3p*!f0ln48Ce(oT$Z6YXR8ww&W~3f4j~*p^KTcCP&4s zTKg<6etENH)z9Egzgk(2*KhJSx$&ZdLk^&>vvQCLM??pseT^ zRDGnoOOjD{W;H)^m}W-*o#*oF5=8jdQg4@QKx40%cizdwD0Vu z2<;hKj31C5`xo}T^OB6TA}%9!E{m66O6|=klaig8x1j8g+X(vSeYn5JDj9tiQGm0e zFb$*}70$+8V;5IbS+hh?#z4~@;pCu230u7fow1qTLTe+?GSc-K_ry3oKV5B9Eb zXLqAIg7ITHO(UeE3>btpZrZUW7%v2Sor(nePz9{suqbL6?%@pld&TH$TVMnd+t;da zGob;=7p(!x7r@d7_L^F~9;o7l1`V#IpLT^l_X6#o7AQVlaZK5~R+|_2JX>H4BbzUE zDu-{$p1ANah8}&rrVbG-uE$2Z>-_p|n3?i))EuqsSU8iPd|+M9{7U~W=W0d%rJ)Ba z<$;`MIHY6@c&CvYv%24Mxp`ibSly%u5ZFw?ZDN7gp+7KpgneT<1s7&l;Q&!}%x+e< zm)n#xCopc80@%asbNjMvkoP=z@B3w@FsEE6GUF|k**{|H0(P#|J3Jl^4=uu3L!4FK z-_YKkHc&KA2dQlcT93>}P(I+@x`KUgG0vRXe3;h}^kL@<`jf&`i>`G!RBxJhTr(eg zh^*EuDTQZL_q*B3lNrPcrqk_D>@oA-Z`|2fcOG_#%q3p>3F+g%ou=g*-MKf>tVKQQ za2hd9;~D z(zYATrdUWf&jRza*bVh45%QCahQuQuaZ}`otkNQ&dXJOrbW)MCzt1GIuH+07*I^J5 z#v$4g2wfX_LXWDK9CDVN6rfE};*K-T!`#D10l0V|v3tjSB~)L4rh36#08IExF4==q z)-QgNHV3jeqxZy$Hyn4Vuq)EoU@8`^hiCEW73PO#zh*{)t=V%f%CT>|UUvTwg!jRNqP= zCR|=uLJVWP|1p#W|4vo=Bc|3OAxK0Rw>~^?&PTdW;MhzM<~KvKA^)3 zHFSNpXup@AF4;CTD){+qr;cP8>_atDN_ox)3-80k9d@WW^Oa}N*K5c%v~$$lhuLt) zIGB!RhG!eDrvR(<_i_FK5)(Ul>Xbd9M_vqKTu?x+y^9EJ;)5?Cp9GNlUM; zwdTNjXfuul51|>hPln?zwz!`YkWg5~N7(E|rus=Rd6pZ4vz#@K2fc-v*aaX|96Q&8 z?EgHp80G9&5^D(_E*t|9WU6B~!kaIvbD~58xTtaI~UtYTu4gSpe z^HSB=sJQCk(ih%cl{}I1oCTxj*0k;yfH)ps26G(#muGrv4(EydYKdmi*;b zK|7sm$<6z6jhEnE7-`vP_NNqgIic@fPd($82Cm~8O%uDyMZRKtL(o;1; zOJm&En4v+sjzYu2Re?*x79&`ztxcswQ@;`OO zzd)Cgv6r2rvDyC!lkwEi{TZ|yvs|eIyJ6^SL;}ca#B6kRBcUmDJ$9`rVefGZA_Rm`D(%C9O;0DBuV@X?A>+>(u63!fj zg^iZKzaGvd$}V)L9IhCrI=0TV=y?gjbx@&~Xdt5OaMyH(Mqy&oB}yE=3@~C%YSmD< z2yT9q0IJNZuF)S@?@LI$s%vqE&UtGQJadC$5k8LLS#`(Ks(xt4u4uxs51<3@PY=z* zJ!;(Jbq!_6J|(fqFYMPriy%f?qJLc?Y}D!C+0U1=_@8A65i74Yy4SdF{Lr;-y5M!N zrS`guIe@6MZn;Rkb}IaywXd_mQTLY~%`MYeudI{K=_6g_Zj8svqsPUHlB9IuM~%Zw znN$HdBfM_TpQqg3HL*M3=sD}oMk?fZ960@g9n{zrffLi_w)=500i$YR`Pt)pso%<; zLD|Qcc_8aKaNKc~odChNWA!3BbVGoUfGeP+_HqJ3|?lxqIr1k?r1$6aIF+OIw?&$_!Hc6g+$JBF!K(!$!SgNw zLon)494<`uxi`c$6c15#9KE)^rDd-M=9yf(T)2*_dC(syXiLx-C@#ERy?}cV3Q#%7 zbdwnQyFn@wY!u%J2OVQt^rwAf~C}=NII(O^1YYW(*fAFxA)=z;+-l2P( zN~`{-34ce(9s@Dfb^sS_hDrFwD8wBg>~4?qvLSh&(VbBndOTNBS&GsO#AxXK5Dl@Z z>){cD?738$?0)hhMAWSaidx6y!Tt*Q z03}Vz)*!=4A>*JMOD8)pmY$aSp^+{C;&lD-E0>^y8&{$;R(r$dA_DG{TF2437LB{WWb4>5S(7OXIrAHXMZ zy1*6b=A9tJ287ZIjU=&YPD5%CXMBri%TZ#A#n3T-2PGO6Uf2ui^!#bQulSGeA0$2H zKJ^Px#eMO9|DIvu{(sBu|N8i~VLbKJF+Q#*$sAd{wn}X~6tLFK8i_+yvQ$oGRFhiC zO42oE(=t}ZY$@-P~Tcj46udLe-P0l~l`_$;R~HVlY)w}m*HY6Dru7L0x96`cm zr@{E#Zx)4`8iFLe_!yCr?D%lsV@5zd@kb_Z!3AjR@)mBq5DcM>m~#Qg(S@fWVT@yk zUv5g`+j(~fRV=T~L^Ch9?1H%%TZYdEc>cbs18tyMVUD&h3OL>2*HHENf(ggrM=vP; zbiYnYUL%PF9}g@GpHED-7!TEY;CH#-WikzA@A1}-+8U3p-(P-(30l1r^}lQIHjcQq zW>MRwVKC!QDA+Mo199|w7)>aS)P)`8$R-!pfr$!P)}i?*tZ36b3k7=KMFjDg)S*tv zIZ;d3tp`tp6Xo$bXA!?vl=TTc9+bikUR6X&PjyMNcDJ}M zs-@4Gkxx!#OuMtTOj*Udkgb|Y#=N+bnveN7%$~Svg`8HSOmmHXP|#kc7x%Ts0j$L$ z!x)WSJ1WD4gonvE*U$K%VUv?Z5j3b2ThZt8`PS49_nd3uP}UZ{Oval!%=k<96mdVQ z_aG2{5);FMA3+*;C)<|<>|V+(RF%aWEp_oFVd}#UHmC zm^#R>p*&5M_s@?v5bC-9Nt!Zwcmd!r*Zi_@klBkFuWUGAVvi0qU*U8(Ys<1|wsfcV zbgwlgBa5}`QhQkN&)LIn0DSFh&mmFJWPN5HV}@ABqjte+pPkE$X02;yl+N=2esnVp zxO7o0M0!;uN_oJTE1ccZ<4{^4)i0)TpcVD|-l(i;$<|I^R=Zh*v%kl7S+%fMM6~xM zA?rHLf3HOQ?fSbn8uz32fXGvNghQ{`l(qGAH44tHIbVH1(Cr2PWWX5ig>Kn;sqg_p+)T#oN z`MNYK%6REcW%5SBj!0d8OKjyIwV|JR*}b6K2QV0r@eEeoAC0 z<0(!4xLe6VfXEhf1u%zuG=dAl5G%;?4SJDc-X^2~|+`BfDPY!TK zLnW!-C6H1$)4?NEn1DwLDkIFQT*SK&S4(j~E+J&4IerB{7vF_*ArjjVLa!A<_UlCa zLZqdoDqc-@|e zw(B^Lm{Hbw*lJ^g_(h>!2$PZvzr6gy61+MwjpeybYUWh5xTedZp8k|-h;_G4K9j7G z4kz{l->OY$EoP-SJe6B!T$XcmEoK#YN2M8h6-~x!L4P)~CgT{h09m@sG|ujXYm!Gg z&JQ~q{WsivJY=ZX0_uSjQrMKD8c9!#+{W+3Vw4q9cknYr6IbJ@1Z7dF!rKRaY;rB+ zFrH5dQ=C}}X*ugID1Wl!P^hSVeheGhaT7q`dqLgX;1_V{dBRefJwl;btbFgGva7%s zC*Ue}<+Yx(CQH7eSJ#CfNPXI}7#yp^_r_y`PnsEUNA>D4wG5Za9WMw1P(@~5;#Amc zy;ZYLDo7u*O7QRuZEcDSxen@(l5U-Wp<_uAcgRb7y~klUG!r(9VJlgXHLZ=4`qjci*w$HmnyJz5f?chpX|2JdnGMjm(pxyal0L|q z6q`ItXq+LK|6z{Bt;ub|f4Cg3;a!vEs7)~#RXA@+?!G26W=zYd-ELx+wo+w!p1PP!ytq;nmVG37sJ-|YXqI?=gL?^^HngsZ#eTNM*M}aT$1(T*8<~ zSaH2cIiW8A_I}x`(A|>=F%9oo0cHiK`79D@s~}W$CUHi3gCEGL=L6pD6nYIU(~m(e zsf3FtI5`(?ZomuL^AJ~1U4sRZaVqSkblnFej1i22Aq?^3Pxnk8{{;-WGyyd5qmgsL zsn)||aN*t8SXx>Jg?5oJsj1$5-_Gf{#S?1>)r9Y6cO&mNGvTa^G$z@)- z_;i++fipkN1ePHkC|4GU2A3GOh4JI=;!NVOOx1ohd&$Asn_ot;bY_@ZePMP4wFMeDw_A*9XKAhu^0s9qnv{KfYRI8bzX*Y5tA zc0F_d7o+<*aX};*`I!gp0LUSpW`-=0$+OwdFG)Zw0x>Rw%Xa{eka1-9)GeZMbIX#( zm~h=(Z9B#tKT$P*Q%#!gvx<-*yBRRnSQBDQnx!xyg8|fz`U}sr>~YtgwxB*!R^JkG zI>oQ1q<)TQuwOaX1j@~Rf4j^#5|KQTlZF0d!Og*VlJda{q2G$9w>@1Rg}iB%I4{jz zLijp7Nxdbj&F$g#2&1NA7-+{Ll8 zX)={;0MrYN7RmLasCz42>hel3aM$yE@}xAr(BE z&?c3WEAHMv#l72q3GF0-oqp#)Kx?!-7EMh>lG)lScWRQpskY%X#2;wnuqbK5S&gD# zkQ4>Uhq!6_mF?^VVOe{)*^>P$O4yfu;1xIQ*bRcEdQhz^oTa}%wGer6ms`lEROJwI zGo5u`i6hPA4>O&k4|Lu25bS(i;K&`pkW46H_Cm1w)Bv`-1IO7^+K1QL$2nm&HJNUb zrTx$P$)l(5o=2O!qg$5y6mh@Oo{y#`$=lFbU=&r1?w;_IPv$qXsAww!cZ%DSdxYZC zBG5SvR_OR@E4ZgWygxV|_TT-t8IlQcfDL#{w7vuB^XcYRekjsI5OAX{>%#cIQhc_D z?L2rbnAEU#6~;G3D>~C1u1d+D+fzp&bZ0R3A$PuKZA;2(eVa4CF1zPjY#KMO;!LCT zGG0E$_OwMYPE&f|z?w$N&zQ;3tB;}Xg1PHSI!Vtw%A+o;I6IkoA^Ha%s3%Y`tN0qA zQ^EaDc;Mgj0sqbQ{IkO%VeMe{&mOdksIi@$v5DQkwoKG$zIxzkVtnMb;>1%%77aQB z2FK7jV@Y(C=R;IbP0vfD(ak7pa?mN2u%%7SQN1K4W9*=y0VP7Kuz;4|RkCZpTT`=u z@+#ghp#+E%fdkxth5nviN5CHowmS+uG%g#5G?t)tF~tk<)iT74)dN`r)iAaY~D z-;g@ozEtdlu_MoPiulnH1OGO>rOIUy->kA-g$VHIXZmJSYPEPY#r88bt!$O z=woqx`4oa*>Enx|u59xacpVEvPBaEPQ5Z|5nkik+@S^1_leX}9EFA?10Li9I_F{|Z zX0)kv?iNpp7S|8GEqLw|H&9Ymk3=rgr$PmduZNc@E7d#2cGZH+}0x*480w+V|lnLUC=$n>3jHfmo4ihW+`8d6g-15n!uoWFkm} zc(bP-Bj;LU77uElZ~Q!8Dxl`Dg#)dMOHW@>h~@w0AKnK5&92|5?Gf@-en(exqo@DrRc zzsIRB*T1-unwCZa&%rdQaMc z+RxeGDwJ}4Nc+PAW1grZ7>&l%ieqj-H{^m65MyQx7&oHnYG2}dC~0Z7*(-lu%#u42 z|M!&PiUpo`VK`l9@jl8RWmiOw#5aaCs-M1WbGxh|SKBxPj<}af4 z^f-9I5+Q zOp=Zb&ipRL7R*hd%O)^3St>DeYM@)+zG}_wPi$P^6RbOB8DjV=KHSdt>`a&i(+6RW zxU7fHsT{-o89P#2Vt8Gxn3)i!_$_F07*EKHQ%LJ!7poG&ZRsf>k{~fPCpGAd=m;Fy zktHxD?*P_6Q1V7r?S^*$gWdT(jLSb7>lSMMj<+jjrwQSObR$Br!6H-F%3&yPiw{Ud zGA2tLi-x{30fcfC3e(V}5`Cja5+Sq3Qiig+HgDE^r8-}l)E?p3BU4beU~7`tl)MAQ zF7|70WfkKsv$o_UsY`ej2C)R^`@S1%1RAFLIp_>x+0<+&NU@8*eb_G~59jEf{3`sm zfFVuF7}%3=hdf1j>@?yuLiYrZ{B}DsyPDe-^$UcLDH06s0H*|-&CN40-rciLhe)0w z;;K38|D)`kgCk$Jx9?0avF(W`wr$(CZ6}jV>`ZLiw$ZU|+jgGpvwwJ>Q?*aM&tF~D zUDZ{6*ZSUlt+lT8S$CSpARO|6zGU7^Aif2)?ugP)*wY^}b4k^|fy8$48*a?IzZVbv z5$22`mYASUKyLWMvEAFVrrf2ez(a>;9ioDRf!I^Q4SX|P3eZqw-DXm_XA{f`Um?Bo$(?IO7jwFEW@k57s5=}zkq5( zcDxsDUj;+q|7aBa_aTe_b!z>8ZE1hk2pd$NeNpx?KV@9vmaRzrsKnVw%7h`ptHXw< zfyJlzXdKn66J%V1jfad(lT*NQg{{LE@ETVH!DK!7;LG)-foH-xvKt;J-xXJ6&mS{V z#%y}O7iT>Lx8HJ2zP4{Zwrq}ze)@cZ09jr?vR(9Dvt{-x&Z`9%4cvfX>PBo!+AHk@ zY-N=U);&4kOm0)!d!g!vE4l~_b<((GRSg1l%Kx_A0mGz)8g2^MTlIg5%I>5rP6EBJ z&DKGj6VLIL7%UUGNsVczNo4K6DeU%@96ZM8LjhW_9cMHfG1qcLu0L&Y_?Qyp}OFDuZ4ONVh;Ec(YgAZ z1IJ^Z#f94zY9tHq44u_6GzOa?c=N`*G`orbV`rW~mov$pv68AL&VtrG`NzGmr&DS&L^Xg3dUR@@`HX zV++gv3}?-asrIXd#M-I5bk?K5Yt$s6$Cy0%#%t88jYDp-0?u8Tqh&PEg1v^+pMX^% zFSTTwF4Z*LXOO}GX=A7Z6=I*xLJvZdzy$od-j^>-*YDhmyu`;)Pgii zj`@_|8YcN!ffH~Rh-uEPvpo`*vvBB6vVjH*UAdg?Ig+k8D}yf689+oR!np7xnX_xv z8rT{tiKoT`%&w1*POtiL)$tlSNH~mHE_d>yQ!@kJC!*HlHN;dcv1nw7+>X+pNU0Sj z=D#)^@)$qc=E8@RHM}!Zp4 z($Lvzpje8+Wgtb>>L7R9eOJ8hqn{%32x5c`er{{WfwtB*62GDq3wQv=c_ zo`v$Q`>ZrtITb4~Yn{*0pFRx{YBmjpqC*)4W-ICOD3XDxMP)%>tx?i>FP39oNGK;9 zB|8Xk5~|dWPL$@KV#&OWP@K@MvGYrF4F$uV0zINndH!5dV7|RSH#2sjaANy-!}n>Q zC>`By9}P5?yakQkqfkm!7euniLHc0;<7@+op7ntK-$a z+I8n6_*>)FE8o@r)2=HVF+FTcW2`3};sp?;LR^djx;%Z9n8iF>ZpkA;N6^Y>@mgAO zYJe9BDyHZeuriU^VJiy5B2#WNHghw$<8zxY&qYDcrqvY?-GxI)>6@IB}bx;!JKuwBF6puB6(tr&)as5Tv%b3~uO zV7A+J?$wU)kqCUv0B*R#aW)p-`qHq$4F;>?t4?;jNu;^T*R5;U@9Zv#`&% z<-nxsVqh|Q+I_~2jU9U`#5Zf<^^mP3v}cYUR`h3v*y!)E(H?NNg=N`9@}xC>l~j37 zxa&4~Z5>WejuBOX+-|A*-hKq$DHB--6PR3DNa=O@b`uI4fT_DUm8W}>Xi#^F>>Wda z7xx#YE7`D|lQVGu zI`~)aHieJpsmkvcwpVB7*$dw%Prjen=nCP303Gk{brJ6%1Sf>3Xll{-Rxww2N3f(7c43B zH1=#@?fWJd2A>}iBkEl~I2Cw6IWlzz`z$fyt5Idk=Fl_y85fzofnIPyvU{LS54BuH zQOMqlK|bstolyv35v_uyIGhF|z*SQsPrdYl*wVc58r~kcqVwGa4gTy= zKtRXsjM(=itI3^BgCkUlGee}&8Njjq384|vUrmq!apazl4cr>*q{z1^!htk3-dp`k zN1`?AuJl%aXu<9~2ra>&jcqsO*pax*sw#W5?(UOs#_SfX%UxReWs}*%@t;&~95xig zPHG3AMZk}DXiB4{y$m`DT>kVlT0;_CX%ZFbEgH1t6UcIc1Tn{y?sdjp*Fs{S@g8T? z9am!@P60BZQ!*9Zfi-2JW>a9xQ1?qBM(kaj`wbJrc0~p{B>h6>s-JBGFK!0wM8DH@b*L+1oKNW~3CGoxl5B`W{*6zVK;VtCf`-Z@x@z zPG#+!obbebBP38>2~HpF^fL8*J*#8%{diwB1Oi-Zqu@4cM5B$}Y-@1qbUX93Q|vVS z?A1aCoXTU_2#LRmpimq%6JiU)MO4|`5a5$MY7#Ob-V)k~)}X2qO+9OE{YLb|^czSD zKR<$8!I$x4C^W~A5H~PF9|GA2|l01aNf>fdvahc zt?ZB*$9zfW$uB;^URhzXzKt4+&nGJUqv)7P1M7m$QCZp*)M-wjteUXOF3ZHsrt6np zyJL_5CW9l2grWrFl3EQN;Edc^hD@Bw*hJY|q=C8fF_7RfQA8AX-Du0H{D`h8y}R!E zQ!ovnWttG13c>iS1P8a+UnvC)FssgdKw&;~h^6Xi*CO&BRIY29E!}5~wwNGxq-vE~ z32{GwE31@%40YAPC-yr(E(Tp0`Nme5!=}+Qlj1tEYWy{ zW;7B*ol(?;=&^Rpfq8c8*TNoDq#83GH!_3$_>Br5<$$`eQ0PdqFz4umIhUoU<+?fi zWBk!`R?HNLaIZX0+!dNGcL1TD>p7Lgm%CKV4Sg1=kdAtX8}jmY9Q;YHUlfUFkPL}u zz!Zt+aEECS^v)oJUlhiu<;i+Ps~|rZC^xs zIeTs8io40EJ*4iIB#)OciHPx6YdH*s-Y;Ctl>iL2Yr9Ea0H%C;b~4;8*!tXPLXVCgTH(MsLJ(i~MTQ>~-3 zL~(UWrg20mq1QDq&eKzKXQ0v@Y3EoxqzOhDCt3#3vNc-dJJgja43`SLs?Tk38o~w} zn$O8^Nt)Eh-n=a!G7HHMB`yGoXnEGK9C8u{k-@C&q3n}MP+eHrYDiEN` z5(l23d1~b)i;ubsV9a(7G;7A?}4sUru+zPQ-PqMPO~(> zi0<-Owkt{$r?f7;xzc}xqnj5@QB7$rHh^xMPM(oq^<`E=l9|Vke0Rg_U~1YyO~1)_ z9p>n+XhZ5EtUkcK&-WZE8W&vBX}m#vI;nTHqkOS5Au8YUD1Q$iS?oR`(@5`Ehj~&X zGU_w5xp)Ed6NPvOqQ4^&=*emat+=+V+FCp#BIU018~g^xt_EFOiMF?G$`7Z%6#NEF z-~bk39AKLCqYx1)eQX&BodM*X-ZDOP&GH85Gi$bJz8_6;4+7b zh@~x}B48S8Ri*dg0zh&Wa-NTR{Oo{EExFVYz}@9aTlw7!0TBzC$;FTsRU%mRrzrWJ zq0lRvQ`n!l*ircxBf@6!VKz}54{=XC^q=(UdPKmo*&!I-{yd22;=Yh2rG!LC;iqBc zuD=PPuRrlN*<}~Fegz4YR|Ir~o9A}; zmn2=FX#E#1-G}CMp@PyD#Q8_@&l46qkbYV?dr%Vr25^NR>Tgb}7UxGAvo4ZPstic< zSg={|@`H|}OqxQ->(&l36Wp|ujxv+)5AU<8K$L3Ie7zuG@UgM<1VlxA1O5o%_Ar!t zS}2IoI~eF3w0YeK-p+CxW%R_lSe=v7hM#*GJ=r##QQOulYmcy5`V~7KCOO+H7c~RW zqKQ>))_t7hR&(#&yB^i|w}qNUokeP~1f8l2F0Q2-Dg2qdYsEP6%t5AA;FMUFj%_4E z+>=J&R3z4|qH}j<0}c@uW$LW$-a1XkB5?FB8+2zT6tEiyU}>Bt{LoyZ^x?}ra*C*` zhYtjgRNoea<8d~a0xnsZPTa;F%Jnj~Ur>!2>w@EP+Z)UXA;%eT@#?usQHCKzy`-Dk zhUYWaYG*Cr?raxB6LVXrWm$F9{6EjKW^RC$g(avC0>VhBM%DD)UOu-dX57jR(3+HB z45bFx1~Eil+Va2_trrPQ;!><+4>|9Ha=`m}K5aoUGVkDcy$A-%RPwS!YU+h(WeQBO z$fY40fsXBS0EGi`Lqr6A;#wf@y0sU7&_s`ad3R5N5nc`(H1ji{y-0=08kS;rh2>nS zh>N#Ghv@JjT?=|&&l1m%{#@&qIx4!3ML|tO%z=+_gl0Sp$@n1A9<=7ib?r@N?+?Au zN)k)JLL~ddRG=mioj~LjBxFJ%XZkZuYb4B3U&LJUJO69`@TIIJHYPw=kb_hxu3R$S zGa3HgJ0b{ns*xx>R^jDegOCjFPpRTx7FD4Ci17bs8S+1}Ox(uM*7|>E1OJvG6<@SR zWB}^NVq$x3dsGijk6s8HHFgAqoCFo{(jW@r>XZLm4l&gOA?;AxiN*PnbX=pktv;scq8Z++4wMJIpuTQ^LFENBO=r7 zWLp%de4rUWlI;X=dL3lIv=wP^M@ru+84(qFFz(~iS%C3s*AD8sTfwkFx_i#Bu`Nm- z^>QUMy-Aen8hW6^i_*Rtjnoc^R%uri>yjOW#NW8=1MlAfADHuIxOmJ%!bif#f7m9< zm&>{l0H zQ}h?T4n^`p%0e11GWIG2#lBMK#Y28L?>p>2+}&Z59eQeq*F^~H{F!Q)+amkrmb^B` z)Qy!(r2{X=tLSW6oI!$wbWDRU`E4;YbtV@eZNWp;a|ygEHJbQCm>9)+26laeDu*FC zak+5CVou?8buP0n6}NJOsAtyf!2)R{)mhLI_lP%JUHilj!*nEV9FMtCw87~*BlT{n z&t7^^l_b7it_Ewqm5qQu6eGxld2mihATK2?Rhklu!)S1uXvtN&FVQ@blyBCvJC_6^5vMhU)mn8 k1pl`O7U>3i3 z#@w`HqatQ3P_%mUecJWLymKihtAYrf7fRuVV zwcOJI8+&rBWBjW^|3TV@mkhgRECr2i-Ar6gvEZ~Wz&rrS!MDc>*>)dE?Yw4~jBvERP~)}L%V6|v!U2n?N8-@G#;z`~R@ybT4yfW~2baa^vi zx?)~4QG#L++^SVb@wJa3NKIc&E1ly;IuTk0?4?988mp9BZ~E+={q2qlxgcV@JbLDO zl}U5nkjWElH%V0ZyNnT{u(qkY|9r2u5BGEq$qsSC!PO3j!JW|SFH-+wSMfS+^m!xw z&OI&a2&HO}O+tNCFKln9#vJh;S39vD7cSYJvMUR)P1LM+IutMXO|lx)Hy~c(gd!x_ z-ty2NLN3yS>b?7ley|`O<*J}=#$}jCu91)-RPaLg{NoTuB6>53ai>t3{n0|VhG4;n z$S$8kJ+cEwrcW*Yx?4#|iCWFc^ksyD*;uol+6hQ#>7o^Kx0GO2J-BOcy|GAFx|C0_ zK9o5gMbP7iA8Bi&#CFWlXkhNN^W;;3RayO)Vy7Ibr0Z1r*I;qKmfd+Cp!0ktZ#Xg2 z?-YUyIsC3JE>?8f<)t~KB9E-KrBpKEmm)(dopkXW=dDpH23ju$CXGWXqea*i)UD%4A@HDs>0pa<|X z+TGSHb~o4taHQvqWmR1@;{qa+G*Hx+sVlN1b1$T;V&-Rye&!7BruGOfd@s^+HHV(q0x|WlZP5qdU4&8flc8qMgv&BDn4B zkRiKJAEVjjpa?i@x8o4T8-p>?Im?*%YOh)P+j%p5?ON_3V-UvJC?eHpAjstonlP~e#ea(FIwiq0leOszD^JrMH?m*Av2kgXT_@S@tn z*9Dyjx%~Dp5aT8;^wfdub>0I)YZ^Tt!B?uDBGf~U61L$8rQ;&}mL%J^SbM^c65XrY zt!qtE(GaaajS+uAAMX;qReMuQY*H>^V1l$yl)(vZ?Df5(Ut5To(-Q?zF#xUJG3!14gpW-0 z4!E@$*t8yeQNa`Fw;NCEafQal*`ocXK>M%Lk-ZgIt<}pFripWI1|>{zqr0IauoYu7 z$x-_lAb8;b3|%OzW3LaWgV$djO$P)hnN9}86KZ=>mG)N3T6`lk;_WmJ5T2J=gzY>< zbokoj+rNc4n?qx?dc^2}zJ0Ips^Qf6(?4@#Y{2EePpCn;W>x^(5itQ&DL{Tw9p$ZY z_!2*1aD757A$N|ap)l4$WLTU#p*MJddH`vY5ztwl{Dhiii}TE;yIq ztkaXzkf#P1Z7I$*LpdeE0dUZJLbF{$`tT z+5fbQx)DbMIa=j%Jjhr-+sanL49#i)k*0v6Im!s}1yT&8yeC!!$ygV2LcZqwS%Zs) zZ1$@NE4M$~&Bp!)PNF_8h*Sq6MFCfcq}en?Ee+)csYK3VDrW^zlq`Lk4moZ)S~H|M z)MY$(E!^Jm`}`WW%@&@&h36KoC`N6BCNU;$?6m?Wts{mjC7sOSt3&ya8#`N3#&0J$ zuwA8H@x1;KN(QwT39>;^leuufB2#aq-mOyOM6wJU)Ga_1ZkrmNYz*BKZo5LUBvbQg zBE9z>onY*Kk>mVyYS4!#Z))V|a)kr_bxF6Y0T|nkbw_yM^IwXH)Y;X)`m0cti~OGo zGvxm$)R!bOY@_y{>X+FqY)IRX{t`wrL>;r7+~rFu zKDH*bGTWpR_^FQvxLucS;W}RTaarG|2+=`~0Jm5^f_;Z?PvbxmSDIKl5ZO4i zr2t!Sxv&#(9%#S4QFfMZZ@xV}0%2VX4+KlRi2{vVyiG#Ap?AuMdOz91e&%iaf;7W^ zqIXL+>xA0w7~em&2B|W&WAS0zm;rZ*0f86v(-wTY-WDl{7jMyJl790kf%rk;CsBf; z&0Wf*E)1EUY7#r|QzD;bS<U=3-}hNRMNxKy9+R1_UE)9Sl?x1jTT76}8Qm%L2b3DA zBK8qcQLape+2clbE=HrNHEVc$)^fKQsfKyQv^mB0a*2{HZ~)`8YhZGw+JC_ySon z5ou0AWyq)mvKI6@hha!$$ETldm>U?%qA4j zg?j|Lap-Xj*^DDR+!c(YbA)epE5bDyM6pF>ikOR;GBX1}!#nN%vq}a+maU9Yt=C$fq%Zuy#o3LAzxGWi7oo7GU zDp=aZgjlH5v}O#bis)%WCpc5uFX2QFZ+*sF2y8e+2*piSlcv^$FA<}|uqBY}`PF+h z)L$}esTVL^%b@UXPcX(+<`C2I#FuxMArJ<|-yMFK)(orS4lIn?mr~K}TC={p?$_#@ zOU!fXt}s#0bE7=Kx;0Elpx*QO_ictM8MI&M8J)7ICOia6Cqea7pYeBmD8y+l3qW;N z1IcVgPPxC&J}yW~;c?d(l5;X9Ues~?8P=J_Y*I|hOEfGDibw|TTh2|i@!71?I;?Mh zn&#?7c5$q)!l)6Lnnz`uL?54u~*YI%FI(SnUlg)zbHd?Uzd^d zjC-=yPH*X_vl&|(Jd2kblE@SD8=cq}-sb(a< zk#2^4OSkcgUa8!bcKfA$FhipcRG!^n>eY1CKbsB@D^!u1-MbrZ20C4?)qJrG^rmLkMd&3HwltvGWKfJ)ApUgOWv51fjj;WSS2 z2q-ZbY7_`!My%yp41ltkFVMk?SBmtX0!GLjA(kroC4@^Zb>x=j@y6yO0Epg3)OL}K zBlUDLPwZf)UK__PiKox$l}_@W>E);x^)a8{XJP-LR+nt)+@gJdhgGXcFuyv@nbV$}qXY+F28+XCogo6DKsiku z4oSsXC{T<#a!_i;XmE5)(wnrD)M>?u+f5a6W+#A^T54S*az*3;(`(UB9*JN#X&*vq zQ&D4aK2F5zsYzh76z=*Skd_J;SQ}rd9Uj4Pa*To{v78s+R&`gC6cVtuQYW7j2Q`>B z|H0KI$CcL`gjY{%I!H*cv5c-v<(WbGCyzHAOcj(Uo-`?69mSN~v9idKUnQH4IuPJS zu;#>0@-7wB3R5h`RzXP6Y_v1CACW%4uj8KgLNI`AGOc#l(=koszztAKygjkcVmfi? zY8Oue-vdT=?^*T!owW3Q28PmpsWYw5T1Qj*i%B@T^rLcbq$gebM>t36VDYO2L50V1 z{gAq{V`_pHUg|1BZ5WNl7jg@h_RJ>tB3eM-wb*3(gcb8Fa0Zj7ibv`Cx4?vX8>f9B zcs#bDp-tLiJp|wdOmf+1gC%;yak}=-2k?-XEYSxIIj?L$4;e3U+@B`>C|YGk15LFb zS^wClth!T*S%fN0$=&>{+N)isT|H=kncHO7DYMlKA+S~ z>xepv6_}*H5ep}Khm}{@3QTQ&5ZL8a5h@P`NcZeOtEZYa6$;0oZvGR!S(0T*mYTg5+#CM-;}g0YiDyLDKtg@%V4FCYizA1D`;Yw&RcyyYv)(N5 zaozIBsXq&CisGc2gh~h5$~rDC+sg8yr;*<9CXK_LM5F$G>cUlMnjB47jD-zNryZ0F zk_2UIvP}m&YTGEz=g;%QA~h{lUX7QQ4Rbo_YTLBm>pPq!ZR|-RECESEmg;LbW5rjb z?}V(8Tj_eKtBtCRnI32H?o8%Ur4u0&N{9*GB%?yDQ%NR+gJ1KV_5Luxc@OC$4m7v|Huu7joy^_Ss;C+?>j1JG*qGbx8(?iGOTl*nxy`swBfs=yJSLJV#_+WcZMhgIOgLW zg_gavt{&ILMcWA;T`c#HVR`Y6(j1#dCYHMeW_t)Ur$?`8ut*LRC#?itW96?VlHy8Y zj6z@9HQL2zX8C1%LX(4WC)K9phwbPv;qQECJ8uIlY|k_kIkM!z!Vp`uv`P1>#cC3T z!Q%>lG52b(?`N|3g2AcRSkE|(BK1KUn@o+|M3LQ5w6uJ&1G4d$F1n)WnG zO|d)}^#d%1ep|fF$CxV7Pr5~}(xyKW{3j~$Yd;v6VR?UGZIo?;Grz^WzUgmqct2%_ zry{*UVAb(F$(N3Vo1?+Ah?1z;VZlB!HH-M-DA$>BskXghrDj_HTq<4&>=ovL^|wYi z#Y}FoyVtKMgTMK4rGj^mw*S4RJ>nk43ej&v)Xz=(0hHny%T)yt2O9;dQeXCxDwX{r z@<{?do_Qj;SM^4234PjsWf1FmaKM%4cOvH5qkRqY4*W|8H!9Tki_EsUv2{mHVgwke zZN7X4HTJ+&B95Ni$*m})6+LZ5x-I@e&GuQa$s$sEq-$BiLJZj)?V5KOIG&()_=MpL zEg$y&dZcnUIPfC7Bnd{>woApME$G>C7`UV#vTG$gFX5e1xe=mkOSLK`lD=Fi_W=2Q z_`(te(j3te(SF=4zBJCx2qJY}ZT((g`2(_Ai;y*Dm=`pUZHx@={xL=ge6}$*+rwM^ zofGf7zP$b|Ln+kD!za+|dtz^Paa|vOG0!0VSFXMXNt`Z;_%5N;q|h7HYa7INQ6~di zT<)^!D+F&=2|k{%ETdM(kjX5AyCbfq&^P>|qUfCHqV~WUX@-R_Of%BDEJJH%x2$6Y zSk~d{Wbsohtj%0^hIa^Oe}?<@ZqocyH8wAE|GVgw{7I*X*OU6i)lN}Dp6h~9=H;aE zvrmYIcp|_k6EGPU+- zsPmtId{VBp0TK_CPs%TR%Z_2mzc|}OxWYI`_j|yTZ%wtlFZ;-zCspJ5=bDzSuGhde zDJdr3Q`ht$X-pxVp^rW1!-8bVPkmlEuq4AQWcc2LlFxC1*b^PfZITCvGuN|zcg5m% zmlWLwPLA5(7xv>55b}=PupFPD-Zbuqdo`57zRK2q!Z1^j?=>k)MD4t(`0KiMysE1p z>k+ZT{zNN#XB&FPEdHEU7@?@U*8HoBmBiqZSqS$<`Tp9N{m-rh`hQG*CH`ht{!dpx zTEJNUzd+a4F_SXD^cekzf=02tVKHWRkaVOh*TvUB&7@!3Ul6!cTUjiVR%~3_gmlJ# z!*2;g475rj@(D-7WZA4z?Afi`BjLGQvy15#tuqH0(4a(wf5A zNxJwkVuEV%!LLj!-d>DNWl-ui9~siRPSjkN>_$3y4N2qtW0``uNuefZtUSE<=`u&G z+=(AAHDHDGahD9ffQxC-uB(I$vK;{u zOhq(S)FLJMRi(93+V|Ig0o6-je;L4hnLncbqX9(vACLO~sxuG^+B#bq**Ga0+Zg@N z;mhg&MTPk{+)IUmrtBOa%10rMQ;D(?%?>J(n;OMbziLEmd6HFa_AsGrJIr}L%v{R2 z6WW!oxj+5&U&I%A;BO%SiKS*igS_5F%)u;il5@u(^onU3)KtfW0dC9u5euP{=G%vPal#iB zi-ykjzA3X)B|0gW0wm4f@SeR^w;ky*oZ1;zUcuPv8EO+ z0R)3|7lxVJ+QvGA#{QEQdca17R#ZnVn7{!OIDX@Bf1w}#PSQ^IfPnbpmp>^}J9xGpv-E!`NYbh6OoW4HZgq3{iIVi@<6n5D=8W+R`_b z)R-Y)Fv@antxqhWkR0k{ofa>++l%Djug~OybQ;MMXUQkV~+J_FaE^56Hu%?B^xke)%RH=4?;+a*Aal!mU(=esh z;Qp&9scrI=Me!ZE$2-^E-P!ui`#F!N_*DU`q`Z0hBIbq_Shw z)MI400J(4N3R%I20~R!-(c6)_bCZw)UG>C~Yc7L7J+gHIeZFv~rRK1@aUhZ|!^79= zIdBm;vX>!**?H)jM@J&jQ9mnBLiA(!FfMedv|LFgd&kN~rYsn_jn&su7+@FomA*Nt zz_~mBPzCoX%lq=(3INa=F>_)2#PE*kY6N+XtMyKQ?r;XhhJ#53gBTDv$5)r_Vm@Ge zpKwL|`5LV1NYFOm82^}ayKF+*!f(8`{|$mOR-<@5tWKK^%_wN$B{wJB^{1Hl1;$Ka z_p9L-r9I?f>G)~5oD!Fa3|<_M_^Fy zYH-?}NysmMFnkVW%lstaqLZk*`?z-WMYFTKc@FcZ<5jdx@NoE!U$i`Lz#m!SdwtH6 zRD6c4k=$maAu7PfWW$kRnBKO)8)s`7lpkwx|U*u)0e$>!qlub_zQi3k}@|)pnys18om{H`hGpje2oO3Fu4Z;X-||F zZwqgOK-K^yMZR6~u)}rB*Z9(VrA_vaF$z|mO^&1h?no9>CUp&}%RcioT<>`}%-X0CuaO;Zqh7xcW z3Pq(VEw>By1+r$MMWe2B7Wt*S`FS@ympUvt26P*gTti~Fy7_4doN(mwkgkw?28o{ZkqT5 z`l*OiZSOQ4Fp;#jB6K<=&Rl-eR5EOop+|=AemICuS5fF;;$`FYd3pKA0 zdn8VYuWZagk|;~FKb-s>nB$w}_N;==dF6a&oxM<5UP274K7GQgfoVTzw;#y6-UNQ$ z&rRN1p)FC>esS1CUFLZ4rA+|V?#j-i2cGl^C>#Lk)Z}jBG;ZX}?eb7Z4AyJvPR475 zXeq4$Q{Y3Sz3yi3I2}h-DXMKne!q&w@F z=z8EUJfiNg`LE8+rl^=&6CDC;=?;GrX?%n3)G0XnCkCVE7(+U-2N)&;9MTDS1Fs}D zvZGtX_gWPCZ7!bgy|Z9m0`5=oMNdj@tzscgZmj{M{UmaH^p%A|n>f6B?@@QQ=l#EP z92ukxM84T0eS@CW?p_IpyLztN!WGI&!&Th&HB_z@Xbj@g1dKN#cXf{-W^P9299;hPvk^P)FbmrLZVM_t5Z!)Y zrk@l@*?!nLK+jIdmhnV^_c5-&(T0GfcX11cVPnVYh~M;Y_OE)zuYJFy3^)Y5RLn=g zm#o3~f4T+?{?fTNMzjKdze?-de8I^bh{bKpoy_&E%su`a&R(H3YBS4+!p%x=zuO!t z?swyZqKH%!meC7^08L0B9N_Y8#AgRiU%`-wlRu* z8AnXOvfQAh>5VSoSd%`IZ3d4lCxnzxd4<+Ls8Gr*A~^&p_JvTRrzZ5)YL*@B=elKleL=~+1;nLIjE@NOKgbg$A=S*;6|!u5C!kV?Wh|L zVi3dV8b891tzerQGP&)({BMA1L%aMD#7w9FQqQWTvRWJW4nw7OWTlP_Lk!*91+>vZ z8AW{Oo9TQYI6$Rcl%^eG(yz7FF;%6TF_Uj^0p14Io}v++pu5;K>A4!Msdzd3(T+l% z%54Hp_0ARD%ZIP93x$iT?B6m3=A5A2-P@Wdo&|^coih_0PDS{~`=!@Lin=lk*LuF6 zvS>1Y;MYHE%~wpU*!~qz^|Vw?mtR_$`|H2upS7~!ziH+F4yb=+uZqSFU&wzkeH$aI zub>k7!Y%yu@!#)$Z2&O---T8MirTWs{3zV6tLHl!*(#vqVPX;H^vyHqhG7U_I3W}r zIt;v`He_v%vk@oBm%6J^A!HvQ-VwK=^%&q+xn7>J7DtDP6i&xF)z1$t;9|q+z{s$0 zU$<{`{<*Q+o&HP}2lb)vn}20;NIN;qQuT1*j#F3*`iFKK4vCL`lZ=qGYVQ)h|{ zS#L0$0mryGN|I0KASILe8;PNJacan6x_M$J)Fd3Z!>#uw<-Tr!ny}TJs|bD(zosT~ zVJ5qau%B`YUBeTWc1`?Uq+V4fCc~L`ZB)2$?|&R3S70S$3O)KnZxI!{7}^6~-X|Ta z`P3$Cn099EAfAO$ zQ4c#}V~Aj=3s@Q(yR)8reNmU9Q+e`XIiQ>PApg;Ejib~1{;zaOpf|6u_A5k4|6_>I z{X>XI*&6CwDHz*38#_9ECEj-WPKIXxecu$QJsV?J3x5T!dg=tYs9 zM?dy63(H>#4*%MZiAFeAMp)KkVONq(`59hGuEFlPmY5jH&YGvMoZvm(>HN3zgjuVSS47| z#w5hjW}c&e47ZB-dmxm4J5tS%odEf=uzZbXv~J(?XT+0wTXs&KO=$vuayhjNf$eii zIh3cp4+|A+Su|cNQwpqNUn7F4aV_fFy4 zvYkLy@hG+Zvlr+9RL{9EQj?5B^QdD#oz2XjEJB~MsJACHC?TB?W-Q)0bGfopf}N)I zwrqBC@fxPbEVTa1*S;Iaqt0l_v>Zf5$C_sTy|Z!``>dgK+(!}6pyo!nZv0R<+fQ%3xdzan zW9Hh>k3#i!9HCAPEY}<>DCu0Jfgryg1J+dAsK=eXAF_O@BsUvGTun1i*%yqxEwqCY zmUT+@S-6p29F~^P;j6{@$|G!Rqo7eIk|9+E&f|=>Cl~?YG7^I_YQ7`s)r{(!PFftN z9-bP`Z{yvY*YL2~Y1E=&13KIBh~xH@Npa!Er6*9pPHK%2H+wXWY#|dlk)|dUUOH^r z2Qk^>N=bgcJGxj=tK9U<8R$Bd4(7|>1RELT371wX2;|kA57^=m?${MYh)TJdg%1cx zj1DAE3FkaqQ-~sTD$(oo3#m-{@K~uuNyx^u7ATSp{c94X)LFT>XT$u;h^V3e6!|Xx z>POD0>Uk!sf%dc#Nxvvvj^6GuoGIOE8z&4xuWj+^FS;uBo$t)ftVWjcznD!)HFO>V@sr-X0) zP-!~Kr*yG@#o5=%YD;OW%zQ9+tPk#YlPT7g&v6;SVNRHYiex+)AS4wo{V5B@U~95& zB1F>UUf&l3>zmmpD|o0?RgTj%5Fj>*CvaORB22F&k8*4A<=GGQnrOu7V);mLtbYZk zC}bUPN$3iNz8@hH(E6!%FA2_ae-EeQJv_02yV_)PiEV(-!9Y&!VUd`fso0KD9c`h; z8~uq?dclr&+L3K*w|8=`X`!WB0}G|wxSWAwsdn)7{Sx*yH|_rDDAyUbOva+0b0xlx z>fPwS#y*B`H-EXO7!-;ug(fegV#h(T&BbAjjWbZFZelZ8Nsighw_Z`cwFa7(dgAl4 zRcc)=_N2YQVYrtiy>Ot5Ru279Fom1^O&!{@r;2ktq28csx*FK-Q##8r{!yC^ZRsYN zyG?H)@!aWHRQ}QoC~raTk#r=ir>4A{lMA4k6h*vU=j%Te%)KZ~TV4VQFo|Et`sFZbmRQh=J1% zsAzAoEfjI(i>96n#IoMcDim2YTg(=DueVal!-XO2eg3usN{~LTTQZN}o;$XYkKjTc zgxX`3lH+%V?x>RoP7XV+^AefnnBkGon4{Lukxa zrM`4OK`d7dNGrx%BCrv>h^+S{&=f_j)0$G!*tWCn@!Jwh^`X%Ca(xX&Q;oh{;AFQE zN2;RuJLbq;$JgIvW?NAez?;FtY0z0Mm6y$jduFwU*ND+LHdn`)eNZ?g@!e#|?nrhx zHs`q6V&g?IyO&XM!W%O{eA$Ck0LBuB(;-Sa!z4h(i+R}CEH+>1Ev}rE zK<_Ma5~*x>Ar+xTSTJpsl&-&}u2!%HMsFi4ZwLTqb}=(|dX5APGtO5L3={4L3DNe6 zN;g}JRBtG#b;Y%`Cce-cr4NSm1(q`?gAAjilAQ~I4W6J|S)P>GXwWFS9Y9yl%O2gDk z`V0qI<3>#uto7*{k+@|w0*}XuN-@YDEy*H~UFzyX$J!}X(8c#gMr;NY(SM$aFLBjn zxJBJN#WPtG>dM*Bd@v3~9H-9g9NW9>=bf}3GM1%N7bPYgenvEfoTxQ=aHVRo429%T zbBg^$0DHaH1 zLnAS%w6tU_A5sm%N66;yqC+t?k2G&Ljbc2%NYhkYn%AG2Q|hClvkHo#XLJ*bYSlN- znsa8#BKbJ%#Fj-G<~R8}Kksj8d3(;xtExmY0K$!hKOUhz#Vn%*!MQV@iIg0Q6k>Zt z{}hndHNPxoI=-!tW?lH#aa{%5xzct8GA4Gcn3FEALUoFiF7I~6N`(Ze{Ho3&o|3td zRE0MixnWmR&iJHrUO9jC#S)yNA^37E(@A{?nG^7Wo+)#rQ+KU6JeXKc;mFO5G?Yn^?|fs;G2N z)>UHlg{2vGQlQqUOx{CC(isPW6=L58@`;cce57OK9L#O$+sw!yT0etN6DiGNA{uR6<#a>tw<2{2gHuI9?YUs%4l z>q03>`&;x=P|~U8-fbPt(S~jZE0ZV08fj<5qzGyf6X6Gm%D|$A0n>s0hB##WDES;M zHfwoN*i>p{O%@3fW|eSIKZ5k;vM*6IZ-#t;0wj|1c zfY+${c6I$tt8yOMN&M9SAhug!I5zQ+bAD6cN`)@4E;}?k^x-Y^%O0~(|C=VCKGcr; z_!B#ev&%QcqOjt}ZrITr7HT}+csb4 zLH2Y37)D));ripc-u1fPPFqj^-49Sn6b+LWC@_W_j1^WG_YqA1$a85a4i`3lZrTn7 zthAKDGYVba&}Q^d_uH}y`(JLi5hn<|_|)zIUZPLLPtmVU`0g<8m`k3IiZ46Xd;ZgF z9%A7Q)I%W63vbAdiw{z;?YaOiSzJQNY75XlYH!(u#%MufdtAE8p@@;Uf$F_$@2^6Ct-!Sfyb}fcB`6<-VSfP-;3f$wnCI04G z#yRK^;MEmox=u~aJ{XmRWDBUSHmattDL4x10OO7N`4vKaa2j{js8wz9q(|HHWt8+L zCvz2t@3B?>Hmg{DbVTieX(B4s^~Lay=9sIE;M(Cg?-TcX;N#yn$2k7)yU2ex$Nsso z{OjUhdr8$dRT)JP@z0^A$32I|Achx+B8_fMlv?=~t5@t_b0wlWP+^6H3m4_;#^3wZ zh<}pFk&*eILEaUIRxZLYA+s6Uj9p#LvX9czHr`$@?l6F4=Oa>kbxbZbtf|qVTkUrJ zphEOTv%2raD-0>2oT|E)F(5V-0`nDY`w#MVA*Hl3rLL z17?{GRyg?|v10NfB<6f>MH}R;A%M%z5^%%Yxf-eUtS@Dvug)agNuJnnUG=tjYB~oS zl^Ck8IAv8Nv;LAU(4f(rBVmHa9;2lKkhZSOdTsSTnZ*A}hdVUq_F)M>wbLC%2oskw z{P2-{f9MmA-G3 z%S~uXk-a4q&KLZv1nkot?z7eF!hxalaAi+dptZL{cJsiEu1$QTqe(bci$Cy25u|u! ziV>(Wh^I?5Zqp!rv*7O$j1lHoE2#MuGa%uyx;9r4e0-vq*(!6AhjBym1F|jW9tE)QDYOeE}BR=1V$%nnOiL(+MF(Rmt8`UZHKLK#(fVD6#h36QYupfL4{!u zD>d!uadM*m?epdpd>i=fM|tVn^35!1rJhAagOyN|3m3852CHJAM`0EAevHw<<-sx| zAaYJUJ$&Wt zDc>-QaZc_pqtmJ!R|SiEan$j6iQLURMTHJ(Na=M5n%Fu1B1bigWeQrYgP1i#t{FJm zGcL#!VHCEkq7m*NsFeYw29+Tj>txN{_CC&M(0|;H$8!l4((fK9$@eY!_nCnF|9(51 z{_D9{vrxlX!ukUaO7a&-%=KC+G|0gaQ6HDx#*(o5hcF0u9PzNUVG6uCqW^3pu^48H zMS^V^pinEm+2Ltp!;0dk^g8*;Ve`o?!E4)BE=9?SlNmUZCN0g;eSqnu_f-eqm7}=b z=hMOx5bhAa3FZ&yfy6lITx3(Y_Ul%+LJ%+7up~0oG)>w)Av#riMIJuly@ICF0hAwJ zumm-O32xNB^4kf94^%|=CqR4wB_Ge$Kq=QUKsf^qe|RXO`3ZV4u0;i3;`QGh>4e-i zV=(@{iGH)OZ&a}K5^j`$Y#2XUX*cySV(dbP*+G^=>|Snc@^-kHyJ_}3nY$Sb#AO;9 zHKZeCVJ*v%7Usq^JtTz&p8eY^AB`&mH>U`JmWlMb;InWHb}(NuL_GHmmPRRfMCg zBqwV79e}9@h(GNy^g`=?j?e5#bN_B(EIuc`j{Fil@`%5pTRX&sk2-^G*MD_R_|&$F8Cl{%w9QRYxqV zqFtDBLs?BcyBM4=9!A)=IAIvKQDh5&CY3%|Krf5XgtZouT^YKF|N0@VJA^=1`l3O- zl<+%tV!PAwuk)lQ{mv&b*vWxC?EP^$(r=iF#Ue~j&BskaC@W!1j4-q&7NRUo(>VG>UTpDRnIOF=rqWHTz2fkF1G83wdG zWj(sP!}*YGU36E)9P2qVP^ z-a`6GmLh16Z|e1jTZ}&@E7;W_2sAq5q^;7mk+uOp)icze^6hW-bYL^{t3)5ewKP_b z(zTU#l7npDxSQyZ3mAJ~kV++$8$0}{x>~K@U1eNd7z;##;SjFO+K9OY-H?#VHT9zL z`mbx8_hcut2s$HcCTcg?*0*+lCpY1~t7}iNs{y2M9V~(s;GkogXB1mWb9yj?IwSc% zD+OAjyya(_+6$a9w37pMEIsECEKt1UzX-6{j@$B1yYh$@^shqH0Ypo)vBMEF%ukVA z`-xU|5`8&07&p%q{_GCAq)&F0rtCyr`DX+ZVfR|yObsYApf~vID3xE(WuNH&fiF?A5OMjSkz$k#5?u{<+#a~08xt(E z7|oI>;{0S=_QaKB&=Y z3TmIy;%c2U98VK-Jqf=e((%l}GXBXybGJzM5=DNi$yQ-iZoUDWv*Cfsb|_QalS>}H zq2LM7oYP*E0_Ax4f}iTwNMrUFFrMcUTmboUmU`ahl zMU?mU$fn1!`g;4!E?ooKv&GDQB-k2Cg>bO%wc1J8{a~GW3VYG7s*ZfwQI*po?Eh8S z{!Ag?FZhdy@=~z+YLB27`V$N`9EaL$nr2S-&VS!Crq%GddZz}%yYLAleu_UrrBEBb zCXd()CCO}QyTh;CehKbZh-9K&@3fli5jZe1@di$5l0DX>HYM_=fKH8F3xgM)3QlQF zZ&J$_SychioHxvazeKeS8V6nSnfbbaf_1%WbHZg$kXZM5k>}-kIqs~L^Hd1L3$7qZ zj=?3@tN@`aqOWN%uHm*ftZU#-H1i1LK&D~nkwan**l=tgPdL}>7bAgHEbx3^Hy>Hl)8)sY}~R(PVxrp%@fesY!D5s_{q zN#}RmL1PDW;QsVccXVsE(`P@ct<< z8kyRGeh1IPctCf7D^0Ek!EhLVI|Xs{MilO&~bMB+?LVqsDk+8;44?) zRP}AL#@}_pJJV4L;gt}&+$@w(^ORo#eS_{Dl6N+>9w8`$2V&JYc7;RKOI@nUn&rUY z3Yu{+m!9Aq8+VjeDKz-T&xH4XS{*pH06o2as~DsHM+P;^zo{ndtzFD4Y#IJ}mQeWT zXJI>AXA?K)f0Y(Cih^6lFbP}A7t6b9i^K~S{RsC^x z4%nmNp2-F=vl14=%86s6$OVF22p4!4QFDkB#YD*f8joI!gAt*{;YGNI8n7Q zw4W#CJ9RIf7{Qir;{W<-VsENL?pSdllb4#G87C>a0x9Yl+IM|51WW(fkej~0uJvRT zAFCA`k)kbO!-ie(r@1=!zGbx>JphpW$M9nWy-3yE3#G0Yo$ev4j0am%Z564Q!2xed zp^DrC7Sp+Z4U)oWL+!ZVRG`bZ8F+Z02hW~=8~)tupZd{1Lufg$zU#QP@Atp25~Exgbn_hw^6G=L%{b;e%$q4;w_`3)Io*rl5a6cy=2D2WI71m|6skNRbYAbzG&IBxR7j8fW3r8 zQ{HJnH?8+jmD1}?iQe>Qp&VwhOo@HaOB8eK0gb)S!+n&A2o^3R1a8Oc=T~tSdO>nt zlVNx$gZGlEmmMC;)MsX^4CBtOPw?*f)oqE(q>7hWx@Om^#cc3zT0!1q{!1~?ejqAv ztQ{bY`GHa;{6V?sfl^5Eu-<2sf0Vv_>cIXh-=WC%AD4{q-vsM-XqsA>{a4YO{HFZv z#W~y~jhsvhQ`K2mRAf=X7C2|Fr&+ozZtkv(Bhq(7PHR9kIy6}v^jc|W)ns}0{0#9v zNN^q*gvGr_uuX8_Hnnk4A4oRA_(AmhYSR-x$McfY?C#3P=L=+;<4<@liU+1=-N*nk z!V4rE7}g-*5ET9+PgDo1or0#Ui{6Y9T0rJ{iqmYFI+)x z+p%X-e|RtIJr=B-@n@l-6y!v(E^DkqsdRAJ{ye6E2{MeR&bq=1Nizn{{kW49#54eN zQf5J&Pk`9q+}&tm$7H{lsp7aMiltv*#xVMVl_hfxy3=T*$>|`jxM*feS4o;F zG6w8H_pCG=XNKI4%B$|}kakDoA4k-;;59@ANXTNya#Gz~ z-+rHpi{uW@|I7;TM?C7PrEJ;R?Ig-$+q_T{k`>}Th#PNP>{OElKdILm@6PCJO%U02 zPGs=VP)D_FK*q*z)1TEqPx{7z+mnjco<)T#; zQYJT=>H;P{Cp!{sw@$CB+oXwTU`UYLExGf0(Js1cqXdhL6RTXFUF~dj7$bSoP^)ZO zsEp5XWw1ny9;YNJcVc3bp4^(!D|Ra68XYTvyRJ_*cROdgdAj1n4wsQUGA^W5bNipU1vp}Hz3-OFh37AqcBHDZAjn{eJ-)UCw)0O z5#Q+bdk(4$KEd(~eZ}gl18=J#y1_VoWF=h{x_GcMR~L25s*qeJ$UTyFo^bNNpvDWb zZnb7gp*yS})NW24M|WCwTMYSQXd%QhwJTbGbbv>w_p=6CV?>N7JDWZv#0)nRaiulxOdl=Er~T*Y;A>*dr->f;oL#wTDp9b89*!_-)g-KQw2sd&rp|*3 zej&x?hv@{?H|T~xN7Sxr!p4#|a+nq^U>h`0Mv?wgmnRvA1o0H*4(MJE$4UinQ^m4t4X2 z`E@-4q#n^Ia{Xs+15^h{b0#(iL|mq!>6)9_r>s2(H~Fo)sGX9d6k#iCZXv9lL8Zid znJ0<0Vg@~WCXdk+mGM@p`GJ`z2J`D&r$}dfP1pYGSDP=FFH^s>znr>jIHxAt^fT&C z%6u3jkrlBpD;I~viw9Nx(~eG9dg^~0+O)}!Mi|xp zOwsJVbP5CqVS9#~|74)fZ|hXwBfB*!8yaWTy(|XP-rhyKy&tQs52a~UDlDB_J}NfR zCLExSs@T{^Gq7USz1U@=*QL3~Xe*0fvUsOwU$`Eue{t8|=zH zd6Y%JNhYLCHn6}9AgcTwfw?qdUo~_!>lPDH<8YwP-u=Lah#1-CixQ@XhtcS<@6_E3&G2Xy-YbnTqL1!)_8o#?!=HIZRMzN1g1uzp zdTL3F12HwOz+&Mx+JQ{iM1)R@qZ1^-W-Gwn>Sf&^Kmez!r-@Whn=z)g+_c8d`&%>j zJ#(SRibGT|44R`NyCWh0&~4Ay`JJD~YfHBocJU zki`;3b!~xfOG8I%sNaI^@x=lo_rq_G>2a<`HT9j$oAe~ev0IOYB#St{<(s%B zA&r_nWQc&>vZA1;x8Z%GbpEpETDyL>*fLt3P2mryG=}W?>%GhjNL7;)Vy63O{Z0zR ze(;w=0e%4RpiOSOJeW}qR=5iLPdl7r);AkC=+_1Rut;O?CTo+rq4f8uWgumjXc+y5 zR8GPhmGzudU!;QFK_-=qs6Qs3fzM5xgL>#Ue~|}mm=Jx7>dVF+aM=Fj3|%cfllztq zv4g1jJgXk0$ zNP#v4Y>HR1kN}}+X{IKc7dq~n*{Sq-@$kk~c4}ugZp0_2ms?!uw;`K5c#e~>NQH$o zh!^aJSzT3!4-PEQ4LTY0vNcWOE+p?p0MZuOq6qb^a-27C>-xYBG?A9`jSw4y9gRg} zLhX&2_|vucPv^@$6gy;2Qr=3NG#+KBAP=}Zir-?i8~Ha7te?3<1Va8I6ZqbVSb1YT+5N$XXX zI5duPjFZ$c8nX;w4`{C|;FObx1G|4zYKkX~|a1mUJ!nUkR_C@WA4h;dJVbAo_u`W(Li04X{9h1h| zxeTEpL+^vX65>n}RAXgpdk@SnXJUwte-uw@aOI{$5n9IMmx5N#{jgl&AV+!N4Dz>W z)~aX#^+h^|7k{0ou7k`ZUfeFAGXQe!h1BpGKCVJXo1_AT4<2~iD|1sj)k#}1(n)7Z z^Yml*o_-K?KCd@`4pvT*vJ$pxDWwM4GtSPRKiEYUC!EKVGt7q`{gu(t9?$z!pBd>V zMPH8upeB~<#P}ck~516wn{%t}oAd!H{q;&ynw0e<+n@AosRtD7it;zk{O5YA4oL2VKeUZ)n>>Bq^s{0-O@Xx|mrBRup|znc$M6 z%T(5r`=0P7&~wLH|BXb61_7d1D`Ub1wW44N2j0wysRx);RFJd|sUdEB>gJAAG=O&BGJF7bnz;J?=#V6L%+r2jctUS54dgcZ9 z>A}sSn0GbzV&ui%{ws@rDre@zz(b^jVK&9(lhg;Ax8mC(V*2=9;}aKfyY8rcG!3xI zpT*ejXsrHqG~k6Gb!B`EUm&L-GUI0*A<~aD-KUGWMG}kCoAv;%;6_Wu!{rlqweZ5{ z0aw*B^>hcq_5B~y&}C;J*qfW4RTyw*Uj#pq0hu>}LIy$XvBV{|=@vVw;BbApD@LFW z9HB)@Zq0#vef08_xObHJP+;fu>ka-EL(nlu4sUJb} zv%5hPtjRN45q_jc9@X4EJx2~rpT1{e=4rP^n8C`M`G*YK#vhW#QM&W*oH2JqxglDp zroY5l7)2{4ewfO7UGo@nj<(q`sJ_OFf01#{+h^%*Us2SPcID}(XF$u|l=yiP`0pmKbwG0lReW{omcX_Ic--pphDb#{pUGukSRn}=cM@;QM`F>%xR1?`-!s=tU6uM+E0 z>>`--$V45|3{`_P7cClXz74LNm4aiB4@nA=OMBs*014X$eZrRi2aQ9$L8}^nKIR^s z$36acKP?>4!hyymXFa{Wg!sU(l(Q=HT}zww$sF}s0Tm{ESobXg4{X&W8@bPk>@H-p`^-co%*SKiMIqi-VdoHMt%hCF>9;O4fApo58MMKF0}ksmU>uMQrk6OQgApWfATq}Q5yMPl@3SFC>1U+|4j7nxU1UDsMw{$yLnz?BnY$=Myla=TUsq?_4R za>W~Dau&yb@vV$wntxlyuzDs(>d3EFB~wHMDPKwGr}c-fVDJ&H_${(GRog&8Tm%cO zm?yUoStYg~5Tk_q@dELf2YVPwy!M-W+0BdXGusIZFEVq{;8Y5cVyKt{zZHls)7=}yuEk?8~!s^n>{)}j_K{vc&i{U!H9KKKoPBg<#TwHbqD7G0~ z%R;cmEb7uQRb`ec68@?Z^jE}E>Pqhu)mO$ikB%rl;IjP-*H=no9bf+60*_wpC=FcQ z8Z5sJ$mMOlY4M&_?c=@eoOmS3@Lq}lYjSh2J$8XoX_qCCpk29(c_LXFXMgW$i&y<` z{gJ4RxMZqsU5Nky)(%ygr7^sNDMy>Yu{1GrIsD?I=$TG0?81Yl>T*R*AP_p*2iRHS z3}`#y#@2Ni=E4Ns=geqqP z%q(usmMP>fXU|JLe%yv>{}Gv05{cXT9c&ss$GmLYW*4f;BfBZ+7!!|yLKCyVC015X z@;&*DiOL!wWkUHIc9xo{#wfL1-me43gF*OQ{YJIiaHQ9o!nDI2EN#pK!{7<+*(tF* zpYmPu?K$D`X6@0T4;X>Sh}KG`- z751i}t(zSYmO+n+hO75$okHg%x%CXwKRhDo3r8>4 zXjNT{u(6=A3}i&1ci{dKshu{anwsG{i%<1ThOOW9SeHs{nK}Q1w%p*&pa;+~K8Rffo)~ci>ST(7%}A2a@{NkgEKGNXxs7 zv~j)3V2$x|M5kG~*)Xwh@U#Hm$hM5^K5db%tf7qcYM+$u65w5lIVkaCSl)_E`@rmi zBO8k6kr(pGg=4U&?wEP3^^)0$F6=Jn=+1owM1KYbBh=+*KgT2(%SM0-&=8iRk$D?c z4ZszEGbSrLy=+pp^5@lL)!#w9Z6Nr@!(ExN8;VfxvaxHQM{>=$lpt^X4ruqz5~dvV z`e2VxR{F!mR^mCIk9AuusT@C=1TyL!$ug0P@hg$nJyFv}p4g3+GqXM~-l(pViu15w zgwQzHydzfw1^oO5pqL&bF@~XUoJ;6wCaFM-V^BB%dA#f zk|(tN`=0vzmij}GmoD_U*fDZ?_sog1eHswNcujUsEObOx`G&;N8R>rqf|^X=H;(Wl zsYW68Ph{~<%`D+NUgj$bYFduaW6qC$ANbKP{9iplgZwjgCn@*huV^0(A6!^m+S8mU@T&v9bTO``Km zA{{}O>8R~{V_+;m-8QG3I2M%CQ4&Lmy3uK-_DqxeJb~^^lZU{KJVA|d2R_^jqx%+8 zGzg1{1H|TK&n1=x@ zcdKpA>=V1ix!Nww`JSAC+-n+;n|9TaKYqFFE2R%%5VDxf64Og-wxO;{JV}hcnoX_; z>8Y-~sl9*bDEUU%{0P6GzwN4j;-I+AM5RDqE7zF#g!A!i`uOr|X&c%4 z5>e+;TBo#&Dc=k1)QB2V_nfU-g;AZ#mYrfREc4oiyS2R6%V2xGYSbIsOdM zZ3ys*%HpJl`Dh-sr(S#5my5vJRcwFK!YEpS#a4McAkcEmPBQKWDGY@X`!NQN*jcYM{9R6mg)3RJF!e|6bhre~#q6%oO= zeI~R4k%)HC1OiArGbXd5;rVgyb+c8GXN~6`TolpbeQJ045XX6cZJ_Hs@;P5n=8Y(6O^ zX}~uWM)@DXGWvf5mi?bAM*3goZB43HYB-{pe}Wa7!!i<;iZH5v4W|0>6_JWz?ol zZ&tUPAMan=HHq*L3ybJ)U|m&rl4_eypf;#Fk(5OA~1 zG+@$L-;sA4+I3}XP~1ckV|=PDs6cfq*2$7Ct2Qm3ve89zF@VUs;i`dY^J2eepF4{d z*nnea#LLi{%iNJ701Z~pvw$=?vU=7YC=N!h(y%Wm-hl}oht3z6KptD@DH|u)3a=qcbuuNW%UxxOx)-s z0yBC(X@i`-{bMW~C@A|7(Qt{slgLd#eF51r1IxpArSefN3kb&L^^kj94`_(z$8dAC za-tV+=byQb1=eJ)_=$jx|MJ1v;a-v=amhKhwL8ZE&MH96YYS;7-ybUhptyr9ScH_J zQASqkX=0Hb$u`d<@maE3S6lxeE=u!?Iu4f_ZG=nfj;|<#U@q4pkArjDFww7=S9HYA zCQ6pUYN_Z7v(ofeilrCyn*Xp$RnvH@w;-4+%1p3>SIfES?|Z; zB4@1HBUzt~8yrrYlh2^R3hn?iOFd;@Yr<9m*mAa&oVpLgizu%?jWi8aiASqpBnfY< zTEy_-^FE%*#r{66HgV)OCkqxnlZkl!zX`&fXJ7z`HqjpE4D=- zQHyJ-w)&?4sU&P-{z)wJ9V)Cb5jl?Q{sWScx-P!IM6c&^aHcw5KCr~5t+vOs-aF2^ zhgPmfT9M&~X2dFlMgDggl4%!tPaak(6(%InDE!cf_{c?Ia81D>a!(cvZP=!B;YX4P zw1p=80h6U*mcT_ETaH;9d}N>z>eQz4)SyfaR6l**HQSWLyz4eFRhZJ5NS?KM&{G zko}FfGfIp1*MtpM23L#p@2(7Pp7qfm?0WIyr#XAF2zE!gQ#$zR)Idb;!9`)MFG}uW zVD1x>4(^g8L(iaP(uq*oDd4!d;AG1g$f=FGe#_}?qfX)} z#`9`mZIQUsm|Z+_-b|QoxwXNEzPdgtPb13<8%sBjA_TDf!ly(2Sh$h89f(yG;TSVmtgEYl+#y`cMOtuIu^Rgbyt#CXcpZJlL#W|1mVzsNV^Em-pgBu zthjpUulVEAa>5sV$lE{KrtDf@Fo>@hTt1UBe5&s3*58Y#zJFIM%V*fwO_+#9li+^X z&@{5F7YF(;$fv%33zi8s5^T$BKm~AJDF5av70EYzV=n$cwxjRn*{jzzxz)Y_+oZw{ zwG4hY7l;+{B)r7zt~rp0XUb|T=I5!oy1Fmp;*AVW6MlZ<66Z#U8(t*?>Te^YF8?@% z2{cJoXJ6WmB{hHec zwSDXD7ahx=jR=lzCc`jl(PzC!2a@eCP|iLv+U8jFpnZn$!aZ?(kNSo5U_gtiXEOBR zN2s2a9h^spXazT*)KPw>lv_L2Byvn|q^Xf?arP(>@(hC?R;qWd#a%i!#?HcdHefR| z5c-W7S<5-wuoU2YtodV7{j%*?A%Gj{;608UC{N2gOh(H*MT$tnoywY|y2rARs%w7f zNwS5+r-h~rwU)Sfd;9`kpcDGZFt@+e6%p3L2zNJ_*WUCQI#&TabtH7$8EET6UO_h=#qMpyq_v28_h4~zeQr#VzlFyGkd2gQb znR$uf`U8*!O+c_fJ=#bd+{1VP*QNG!i(=N3on$Qms+`eHca`g6K<~kwl;HTh;X}GUWLv8Oo2$X0hR!|>D1CCL?MOgpq%AYTneHq8`#BZ5;oF-4} znl*nQa;Zr4G|l8dIAVb$V0j<;zUyMLc*QiI{zB0oRKRQq(J;#1?C%6+tQHbE3tLN? zgEH8+0Z**4T;43|F?486R50jdnEuSsmVt-x;x$nCeg6wd#z!A0Wt3f1`e$oe(ueQO zqjFRNCrmn#1al%~cGhkdQBPn3k9+95mQ#nNx6}t4?XI+P1BqogL*wJZA0xosPIah- z_*qY$n>gph{lu41R;H8=%N(<(rNNs_^~Sv(vI%5{acF{NhE5^W{AEV z{Ywy__j%ON!&-*f)wadR-@$->Z+vazC);90s@l`P3N$YAU#aYvtlaN{G|$DvsaXMV zcIFW4vPJAZs2%KRd~j5)4ShaI#JTCQs$w;O&*)GM4nJEp#XN)!ZK z#f-VkN}Fb=NLP4WkF`7I?qQ;ENAJ=_B~Dz0VgG{TnR;AtjB~8nCJN|aEr@%cRjG5>^(-; zC-?q>o+p0-z6OTl80#SRppHLu0=D*0g2k}+1l-D-SO9^3R*r?lYdwl!*y+Wb_OVI% zSdAUT?T4TibTJm%rkQe^u#wgZje@1W78eq+)1?7L4kT+yu7j|2dUu%j(1N50iTHid zwSCaAx)W^R8?t&#tim|KHWuasO-M3HB?>q=_hhg2f;|`oDX^+F%xFt*!g=pjO0x)Ngi2*w?7X#C z&Nd+nXB5i*Y^2gG>l<)u&67=9vM}!*w*dD}x@2lR;lX{Y?LjP!5c}vT#Aa;70_IcB z0BhmmS5*wk$xE_00GB_cf^5Y~tE4)I&=9Vep@yrH%BZp`!O?6A_U5PK?h)liHk?K^ zlB-0Z@VCj+xS7-E=;TGBx|n7xLI&BkBVnc_e#mZg8}S|0;5A<3rU}Jb)wa=17hYKr z&#*IxX$+#A4@m@3l+P?w7bsNdPcke?aeXx^@|%GV%xIoVEH4zZ0EO4}s2}?wB~7I& zHE8VKkhuEh9Lg5_Jd^JX@0g5LYmMC{fGlN>y^6J(Cb1LToQfB$ zTCjkyl8B0)nqEHRZ_*?=wvKxji{gV zlXJkzal<$~`lry3fOS3WRdT_04Q@5xX<^bCO-HZ^zcZ-oy!zi3dWfh$=m_M3g>~sR znsFZ72-NE29Z7>9t8i#Rx=k(~~Bt z^W%fzv`lmec9U|Nxv5~CeXD{eQd#k9pj3#el<@Ehc-?*D3XCrBzA>ot?Wf zdf>(2#QgEmeaoyF8}C2+7jeq^SDcQ)=N zQH4c?uax|FXXiA)rQ0&LA+~ZdoO*^JW5`4rCQMvb{kyH;N^VI<<|efEfOTuPm64M` z#JwJ6)-Dxu$;(jkL2F?AnW#7;tgJWd+3hju6V=sI{eGcd;C?$x*F<`p`vzxkR>1%R zcO_+t1CiPP!`V9q*V=7syEB=wZQHhOJDIU<+qP}nGqy8h+qRvYylbt!>+E&TdUt(a zRUcziJ^!BSt@qJ-Yj?kHo@?vi?y`Qe*Rz71=0GemMMc36k*l`D z2+vJwXenTZHftk75U=G3BkdYhS7*`pnN-c$zB5%fud_3j#Tv6^TX`?Vtf?hDUw+1U z{1nnqYqqzeK{?g|hpnBIqmBnhLAdq-oUCTfx68`lCjd2N-bwux-9;s12ag6trKYsq#wcHX(8%3+NJ%zm|+bDKQG8PA|9(G(tO|AF{)8$g9m_+BAFszEbdc811 z;{buU_=)HG#emYsH+q(`;Fmj=z-;tulXs}YYIcy_(w2H(%pZ)_qN6M7jHOYND6Trs zZ4aadh%St``9-wKT&?w_^4`oO4I;qJeC)QeZF%flI-%eW2J_Qpit?_U_8i>@C+==a z9^~UL;dX*4=`#0Xz>(BVEMbk3fa|Kbru0bl1m~e6 zn0*5YbS6WXS|by;Hf5Z_s~~pEYqwIFcW;I3Zr*pQS8^5vUX;?=GrO;Q}qo z9cc|2((N%VD-Epdhnc;$#!&H7uh#7Vi+~y2m4YJ*52zbA#kwd)Xv-WshDeuIon>fC zKRv=>Tb5t~G0ioA7vEtZ)&xu?#`Hqr0MhMSoU zVSae^bmNip$?W~J#24n3d@hc4yFf(ygV~Te1m0yDAwl^@!4Btb$e~V=xqFm$NzRWs*%Omy1DrsjT|`BSa`&=&bdb{1 zyp<%b_7EAL_;8EN!AUP>85H3bq=JQJ0unM3T){UW=TUgFWAQ&c!U@|v1j`J6LT9~U z4l~gfj-g+JR=E}9{iXACW@{4Pq~!_B)fA<=i??()=q=uIekhdKm#{jyOO|YfPkq2x zc+1+X5op4g+O41Hddt90TolI_7m6SC7bYbO->B8<$j|lOaQ%v|lX$l=IOjz30x0*2 zlL>&wQFX{az1e<;HQ#W|xHEtVSuCByB^LMy`?PGZr;Z(+OaoB4A1hEwePW}wv{QQ3 z$W-pKrm!tvqS(^YC@k|ez1db+){zF+VvOfV=l99$E`LG4XT4_Y=haOkL?j3P1$__R`FImSM4rpke_?5J`@ zt&;tr?Q)>Up-6a-f?EXW#<#@$fnP4S@-a1irDKX@ixRNJ^AS$^AfL&1MG-zcFF_;n zlmr02n4P%Yj`xfMmYu7An1|pAyN%LYTh)pnTzg7KZMTdBEewxoWCkKmlMBdF8XGbr zgcFy)5KlCUKsG;X4xaj&WF-riBSxh&Yq=}!3Ng(Vu}kK5Kg|#*X~N2mjo#J2heX}4 z5x-mHR)}2ngT&cBJF0bch^n_)SEr5idLD_(jRi-#>vko=2B>jFF?z5+Mt{7CiQC9Y zbfh38x#C>u#gVmjNrgwt$*_A>plDeka7*f;5iN&m)E6~jl37lJIHv&SUv3N6(!8d95IyJ z!)$>+-9R`pxCt4VL9M9R!|Z{d1Csk?f?djji91|+z)b;Re_Lvo|=qjz#@e( z`%eJgL@5}|bQ_MwmgJF`i=fYviIa!f9{=jRbU(5yt<})lC)A(~KB-O7jwer|H-PjJ zq#4hf8T#*H%fth5l$159aPZu_m(qy+HI48FhH^k7|bT%~6_ z#Ym}S17^ee6Q|(Qds1epqWd!G&G*@~d`&2IiU-(njctU6r~~1E>9##_CJdC4=CYCM zxYZ4t9N@-kD2ZAQLR<*-tFn7ahTw>StBBP|I zU+G?6kW9f52aS9H7y|u~_!)gK4B>5p!gb%|OH)J^lshFUzZo=rr6TL*18#Fm^ZgTo zaH^H|5aSyY_Kl~!&e1i%{++E7`=#C-7lipVp`oOVCQksnk8Van& z3Tz9H+Fkopvq5>O6|cC3(tMeSGJfDKl329-Mt~ zalEn#!#2KFMB3hWdknnKAp_}1)2(?Fj#%oa^^Ar?MHxhiYvWDD6BbJc4=FRMWc!n zPvH#15do39>Qk6WMCR}C8lAZNRLZyUQSG+V(ET6@C(F31m{_Gg8Q(xTk1K`u=l-#0nk}1K*oFPbnBmdQKH+TwTtrZ)@R+-!%^_7n(@r-+4 z=t3r4f~!bMIwy>!JIq;A1LNT0FzAXf77#b$S(?ECYG0#9T!{^65B^Ecmramg#M56S zl%(D*A=OO^1n#(X4BuZtUA&8exTt$rO_HTJZPg(>Gd13n`@GWDpWl!i6S-{cpxNvq z2p$oWTh=lZhYxg1afL8ROJW?wq7;;+R+atw$sU`q(x&*i4WObrS5lc4}6jE@Wr61~GY?)x&Y&%mW;-x$HI zpf>Gd^G_a%(513yAHIioLBp!06a7zkt3BK~(3x(3ouZ0o=C&xGc&_(F!mUof`YG`> zB^z{i)v`@{<$pf*cyojsrQnyj?X^4UFLxvO zFJC|ZYJJdh@?RBw!{S6Z{;u`G@*f(vM*pJ3{qs`pKQSx+MUMN|trCTAw7MJ|H=@)! z6M)88!GSW4IuqVPC~-7FlRO1*QB@)yN^P56@IaXZ^rI7U@-=`b93+o#j6ftdB!#AO zdAYmZRvNp>;riao!`razj~cn(c3VR~F=4?MKD1QahZ(&~!JDcVv6_A&4`Z#l3aL$; zVjoDaQh)`IaT2Ie;p;UnWRx2)yBJGU&`+sh9@(-PO<|Ryw|CNEaL&dv2L8l3iB zq#|+IezNp!@}lOsk+cwhu#iwpHV$+1vRs6X9L)4AWviK3b((dc_6E>}ac$oH9IeW+ zf4Oi3+c|KPCaiqFg3ohXyvE{*a^&stf;v>rox-Iq2>c6mDu-gFtTubVY z_NcPQvaTJ)dCh*)qBy9v0Jdk1{1lqyQ85$zHei|){-%7cdh-HyXdsKG19wFmd_#Qm zX^#dQ`V^qYg*2o}kQx$Fk+%nrObAcai_^PX0q+T|qk2;c_nwOP73}KC=LRzLw$?kX{ek1R{cMqY80mHiNGZOt&7)?siaGsLh4 z>cnV8Cf9}(xM=(*vO&hLJMV@8*w2}AFw1QNeeReV3L4G1n~*u$vKD$vBFJc?;Wd!J?ZOJt9K9=sa~K<1etEM3 z$B=UrCMM^rX_u25|Af(RP;!WpvR7JT87FXt0;1y6(%6Zurx@!)BfVj&Oh=$WyHUD` z!g7|Hs7wS|&A4(?pcsF`uoH@*Lhq(D~#J3K94+ZFh zNLrj_e&f#9*tk@j4v5?;GQ>2v>WI|+!&_zB+eU(u#|{%`;Eiab#x}}?DK-&_z+t7Y z=ct`b|73gPEaT0YiNYBRcFaouv{N)04E7j3Cu;%HHa1qj?Vu|VGKf;l|yl0#*#nq6SzEu#UsxXSRW z8S^r;3?b!S=__&DmUTqc7GvYIOPo0&gBOIKEUe-sPQ#>0aQhs=X}4C+={q{V_#uHI ztNgHy=<{+vT7+sYu1bD~)`vHSUr{c%H+MH_zP3HVIj9Cn^f&~JXll`&ZwNresdIPY z94OP7wt;$VF7~Dsyczy-2JPR}U71C3Cu!hLNZjzhMJoPti;%$4piWq2l7<*9pFVBw z-4R@of8!XMUR%1aNp3Y#Yb6;gA_?}2#c5Eygvzjzh@al?cGWUn@eHt5>i_Dm&NSH^ zOrfsY@0>b@QB(mjS^dL~TsYr9L_P3mpQJ&ZjDaoe04W|B! zjj}E%3yKN}LDfB#IGYc2kl+GX`0LgnO^IjWp0xy7%41VDl0IawIajEdvR0TWqd1-l zUD7CMba~0Ml9Q_nU{Yw49ZTmia8>L1y8y?MV3le4Dbr_sZA1QrYr=Q6e%b4If8~a| zMi4~a18$Rau%&AT?U`%Fcg=p_iyd@PBS7e)LAVhN0OCc?h(S9hUa3Cm{Pz^9ZH}1ddrZmnvm^v_}LU2yRBz0Jg`vZ zanwrOqx3|*C2GllrP$S%RJ2V=k>|=bs8z&Q%#Qn`nQ`nBE+gIL{3WEf+r`#t2K-<1s7=yFgRH{*POwW zCC8Vnt6}TtNg!EaTIdAccU1yT#R^X22ygm0-= zneD;_sO*2iX+VidlVzt1np+{x^rRt;rtJyJyeYh8cnN8JJlA_}#tQ8IZHDA02u5KF zEyNB+z8pfWUr6B!u(PPkv|NcLkc3O4Oonk=DuYTWj%=oEApZbY?$v_pL_L$6YU({Q z$j)PlgYMyGc>Y~zdc+y(pbnwW$w!@^kIZj=5vIbrW@c zrMI@Fc7`M6`D$UJjnPV#RGUol>70GGEHVRULa2-YUrZBQDTpBDu!UyX zMb{+qTLnvMlx%JDD-iMY<;5fx;+zq8=PlzDTbqFAzx#n)fRin^Uz&pD`J4;d?s1DS zYqL9+RLT*qf$T-`8lztnF3HYzM*aNUu03dE5E2#YjjrZ!1Q{){NN$n$>Tmz&p|T!yBrh1?n!IB>p((u19x37l zz%Wy>QUxJec_CVUSac!T$Yw(6NpA({Tg%+gQpqIzBt9mPFZn;j7(n)sVFl5Ije>(R zE@@~uJg9#qtu@6IBJ;}r2uD}}k ze)=+0Njo1R5n@89MI57J`PWz~JLc6ZjhwVIW&{%ye^OF`DD)AGCr0RRB?u)dHFsBd zQM(FC?Fdi7+^iDpkui=joS97?T^HnO@NWA|R3QS|l5l7j+%rmw-^)kIw+gv}j0jWb zFwDb+1wrdNObpK#l2PlP=}vzSyh{x!0+z{VuG+&<8gdL79+c%IMlT_Ro{@dJ|LKP= zd`2^~CRvDLdLbb>98OF84Hqgq9r}xy>#X$Bjfo95qyP=Y{e%o*6qq7(Tpo|>d`Bu& zOG*~E^+_MC{bby3M6*1`wozOF6RTez$fywRw}lbl!%qXX;ORtVTGwh$|8l}>YLbYv z2-EDVyjCj`CRG{!JMzj*z(b3<05=r9OsGR`3@6N@Eg6R^yuqx(){r+B_|$gwlS`wd z_88lXe&l5xAO~si)FxrN-^jh|nm~861gYFcy4Km)sgfoDhtSWZOZ{zz^$p(eS<14z zjbYhnalktO6c4#fg_}i`#S*D;js;XudPCoT$SP=(zg<09;aT`~*6x91euW0-8M$19 zV4(5$e5F3i2E-e`gc|CQ4lbaqEHU6s-B&{Q{oV$gnSB8`x#k|wEY|dtGkf()P?mzj& zS9C{i^9+^!UWr<}kwV~H;n&lI00p6sNz7cXr^MMG&BbG)in`*u>enp;Fb1++qyS@?s_ z3M*E`Yse|z5mv@s6xFmy{IR*hu<&S_)CCI88Jr(V=x5F$k6u3q9mHo4auu}o2lqW$ zYTKH0@wdE`%3aSOcgnIjiKb2rc;+cAlx{9jKCzk#Ef&A*(6n-rvF z`@X54kRxLu;k%%xy^x^u0~j#^Qqz0_`LVvNdwS#sie&A@)PWT~uPr!nTBWv*VR{Tb{_g&?O&kH3#|!VfnLASl?HOs^81zTAff z;UHjdI2~_H6sRItiSFDd_pFD^*(Ull1fMO6BY5(gDcHR7frp!2$KfTLv0prLF)o|7 zP+aTa_kvV3!M?rPkcvnNDt}BoE@2;A6n%Qv)vDmfC_;JWmy?`2NHCKBAOo!!VL=tL z74kzi@Gyn_NI`B~;?V5)8pdM3!%rixLwG}SJ<5!?f8at7MmvkNz9$p$Zyjj=*J^@{ zjiaEcp0$aQ;lFtlC&~Xcfk>IuK>}5|z9YQ>xTrk?7}XfGLNLL$eEnYJm}+ENR8>1B zX8H6t+pyQ7=sJ?b>8WrHqiboS9V<`uxH&dgKhjInr{%}+gX;abe{%-zjV!)x2Unre;Qh3W~lLV$FmO^ce=FAs>vk zZ&^F)igYD7?Ny^eOYe>cT~C9sF^wp)?c;lKRt2u2e-hDm?Q|UAiXAKHt-srR!Z;KI zvar{zu-P2zP|mvwZH_E1{k-W}3FNhf1bL(`jMHQLx(bCVBI|b+Z}urI)98#Le1*;W z4B?O11vd+XHY_^~Z3?q+%!pF09Xf$*ELk>Cm{6pZ%l~9>d#V+#thev)V}UE+Dq`RO zJ|{|Z{^RGkhrYVUL4z0pY8Ux!TucwuURUu9{MX8>Yz*cX|DG)Azg>C6|6%3*6L9s9 zo$sH!U6rD=%^V+GmX#p30)_+zj|4gO7K|JfzDyNcp&3Nk?jf8~n09#-V;xJ=Qd}oL zId9ZYUSHgx)D4i~A|ByP zkatWMKpL--3Vr+!ZV<{SF_Lger@jDsl)PfM3E79Cr3NVncx}dIDLF5cu<+f8;zDmJ zn1Yt-<9SR3j!t~{@UE>! zJyos9>pkL(WQ^bhSV!SrWmnNB+00nUOM_4ab{bd^c`W@eg{#z%R33Bc>Z7m`GbaVd zFn|Ey*9cTyY?M5{73c(Nd26Fvf<#Ei5V`z22K+XANEJTZlk9Dl19F)WiuF+=72OM5 zW8};9G45}Yc7RzI3@qaxXaOAfe9DaLZ@~{)1IoP|U=)IXqI3EI?T_qs*t6CDtFJYDa4OYWif(>$*fya~3lWVt#sT zn`Wlnl&`CEKUE>VJZP$e_rMi4tnLpYkg}DuW-OmZ>6L@u2bc5W?3y6h#<0e*D8Dyp zLT!_q*2rjfv|wiInK*y@uFiMa*|7mj=E^41xhq|t;saj08Z z0tcuyyRc?QkU|au0LH{mW4+}F5d-=}31>60vCuY%NF|sJQ^mQw(|1FoW!WCmp=WDO zrn%!PppAUesq)n|wC1>;YFY82u-g+m# zS@d8ghUT0)Edcd)cH=lf9EV4197x})pi+%;(+X9-d{*BOeR$_Q%IFmu3*K+z2s@0i# zpC;SgU!Pn$Kblh+=z_uVTUXmD_v>ckYnQ|F%Sn|%#khBF8MrBRF6_}@)!6jt zEx*?}0D)v?wW_hEVX>gG<{jq!BZsHy%EQ=MPfvaN9(L00J9xdh$H%|CK7oH!J*)nh zVAJxWo4mGXrOi1waDd>!NNue2-((zn$)dL1%aSt(#`H*;V{ztm7D>C6|U>-aAFVq%}uVw@4ttQf}fr9r$ z>jCKu-{`_PM-JfVKo-IFO>vpdVtN3b6!azayTUwJ!{Q+)4<$_56U%1wIR%6CtbLoS z=_4tUIY8C>G-m?$KB+X)1P!KYPWM0b7ssL23BRIEMYxI*HaYLu|EQ_c41EcINWaEJ zRf-)?rXCGo=M@V8K*Np6vFrncT>+~V#bh6#xdh!t;x6fvhB+wZEE=FY3w-HmF>1=* zyP8}`TioW4*~`B&3rZdrs+_eSQN(t*YO!PmB_&t6kj^C^4v+v_yTQiaky(C3M`k{p)<(s6LmHZ+p@^z>SACfX4NDFlyr8cmDAr|Hdb~MUK zvqjuWb|y=f#G9_AXLY8Tk!`yNOhGoHl`}XCGhEF(*E@h^uYLtg|D`%NL!PFr*tS#I zXk(-cIxHLO0TI|{Mh%JT!k4j|Ps50=iyg5?uA)-0F_@I!d^p6_J?9P)&o_?TVl7OIt$#FOn*9(y1*E8)=4lf?h5@pK4Zd7!C%pj@~ zW?5@udS&O*v_$9FPFYkm$Kf=b{tnTupnpT98(g0NHjkPjXMP4VZWp%(NxyEmGv>x3 zd8gd#20W!uZg%s`N0NjwLvnv$t)do}Pr!x6E>x+vxMZ?XIc3W=+^7^R3g$FvZNmoD zmWR;7?O1o9yzay^XD=3s_Y!46M?E2P=Ij{yTl3TK>`JWp6NxcHmA8cTXVGeCTAjhG zwD@GZ6=lh~w{u8%fUAr!5H-c)9m1e81x&7RZnan(-Abmv8#3f`kiRhUl!3VJ((7Vb zt!+rSAe&UL(v9T1L@y+TcN8R&I&ycfjq*DTErca)EG>n1461U+z&P%;D6o&h4Z~;U zHZrnLZv~*oq8-Y33QU9YJ914~3qY3CZClT#^o#2D?1GykTY}W!$^x{OF$pp(MloVy zWAC{E!SNv8a_KJgdsKWGeQ8lZrPOrdrYYp@LP%#+H<{6yhG(%!`p7IL+2SoOT^3D3X7W6g=$MAzM!gCq zHM8ETqPr)%kIJ^rgEc2s(_9A<{u7PQ)2!hP(d^=aUBM*Mu73^rwg2ATtA15>;2|`P z-_A4#p;>2Z{iWmBYmWKLEwr2%^r_^yR2V_y%>3PWG;g1@^)J%{$nfaZyG(Ms_t8v9 zm%}_0t?{4s3X-sL0Vy<{QLoAPytg?et<@?r6yt}dM7B@Yx50VxdO11)DPFq|3rp!b3kAD4xY=6SxI*b@J{h z4R^W#C&|xsChAK~OYd29vzEG7Rd-NhYcaO2QdbnpDH#r2pVwGO}R`u-OUn&61D$Q@L{mGi2d^p$S=rDZ{cs30p z7D@~OUS~~=pnoAjJn;H5EmM1{CoC?TQ(_02r6sEnIL|1-xtAD}Be+s2q?69pV5sfy^+f=3@^G1a*=qZ%f9{!5w*Kg^{KjJ+l)4|1cm z4BaBBD>|~Qb0%R?iGFYUXEB?_i7q7nDso7ge zIb4bRQ^CTI|5k_m0=KW$Xjxm=F1(JpCFLJUd&8 z_JYE;y2e$>y!#I)SGp7x^}JYRD(w9zwLv`;lc=a2fdx~#cU;Xdv1S1{ z;u$qY@M}OQ^3>BRD!-aTF92cna0NMmXmX3IIu=!bb%kaDc4$$ITt02MUuOL#SZHeE z2_|e{Kv^33$}el=f#SvKb><4+U<)DP5;1#bOPWJeLXnM!m&K1Nv4fb}ruid5>!ffU zt;ilNNLm`;&+Hd?zm%5QJ?V;nZvc|uI8LpPCQi|>pdOqVP7{MT(BEnC;ModVbR{>I zNXb@)SEMW9hp&q0iW&Di%nY1YrE`BaEHbEKznssZFsMrNl1Q0BzKn=Y^utt7xT}oa zNLk`E5UN^YsBJ?qNKkJQ_;JOoW%cD^I}=$03NAB#>E zEmzF=5qx2dI{n&V1XZ3NU3F=fJ&p&smCXZ>1{+n>9hluDOI)Ek!j)*K#syBeh}vZ} zIkY2;yUN=Q#B-Epj4JpZbDwKgqIZDjvoQ_NL*k&zSZSj!Z8157<*n)DzP!4cfIv=e zpMILxvms56a^gFvGz5>6SZ~S6BV)bom4Ie3Tjxyav;G0{Kl}Z!;^DXTU_XAuBL7_) z^zT>O|2qx(uP*IB)1m+Aa^0l%=7MB`?%mZnVcdXkBo2m&C;hXz)h44^mzCVgm(O23 z*HSE~+_9cB5ZVL0p@Hc>Ia&W#MOBK%FS!a8q^i>1?4JbGr?d}PG2PFk&pP+6<Sza;gE2dk5jnbsssMcy!(44Q&Id6l2MHujw-@apVBF7JPSTXi1SXiYs|m2hQ#GXQW7fC^C*p!;P`n z5i!`Uj}8=TUEunia>-qin4N~&1xn>Q&^)J>V(QFIH}?o-{j9zE1wfjOH-So4r_Pt z4nS_o82MadcSHYMuQnreV;K@X`DG;uwMLeF*^0ta5I2#YSD)C`-&6_pndJ?$mpxK# zy7Ue0ytr^7Xl}$6gq~)xbEhZuE`AFM!3#Ea<3ckGLl07M^<`7QJlHdUEQu(h8o}d`F>dl*PdXRc*(1y+o!ax);O0OK}sIHq-A_7 z!Ez@zb~>^d6aYJ`##xT-`Pf8-;sf#pw9=A~EEQYN$ND7R8KNo6$wGG%6aU`KM6u&R-YMc}Kdq zVbvUy5#k=Sq0K{zs$*J)5ySkZyBzd7Powkp&k3&k+1|e#*uHXp&|?Lv_YQS6k+2qq zuk_vxkMr8mY6LqL(>b)A!80iE3&ZBm016ZpqbAVxrq)+>mg-u)H^7 zX788GP@g9?lseD&aac%^1Oc}J8Q!cuRg}KLVK#{Zsp3Fm!z_z7(W+0(kAf?3L3Q&m!nq^6=MXE~}!6uRWjk=otCyr9-uJW3~*DGHqqpzR3H$15YcM^_uK zovC@*j%quf5ZSu*)Wpl?c#iPUO@21{^W|<$0|waoV7CZ6n`?JS_Z^q1F!K_YLx-~* z!k*UkrA;@KoqU<&ErwhlisKDNGxD^wQ4c98V$=R1?Dhd;?Fj`JC?{<{=jx0TFc0jZ zNDYDQHACaA|1V$8+VtT4PI!Ln(25fR0njMNy6kR=qBko~9pMX{^(k!l zYMh<`%_`LjYE5|GpEA|WyAcrABwT@PosaetxJ@x;$C&fiwf+4pfIdJm98{i3Dur2X zkI|EorEUJPJ?+z;M>}`gx$D39#|R;m8>+5es|36Ee#5M3b$h!K#MB$I^|)|UZ|)}) z=H`8$9G5oXADpxV9yHfU4-=!n7Uf1CG31e88H3>^MCD^TX=w2o2;FYvPvtwrHb797 z1I9&uf*?_}t_~)t?idJxe{%sZoqv4(Ob1+^op}Kb^uo7Mi2VCL#3~7!$G@G-V zi(`=n?q*}Ceb5=^)>y|ngJPSCA$yzBEfWQ9$rpc%gwCXd6)>+}GHrt&4Q+_K#-(BwlQjwW- zmB~bnYdTXW&sow|s`&9+GIhyBe9J-V?v5%8wHBV10lx%oRx;2B1N54qD^fLfuwrD7 zS$M_!aydu?MJTg^M@Si7tlUH^-}rl|GdZ7{VCVb0h6^{wkg+h}$JiZ|NYhE<9BK7= zu@1R(mRkbm5Xeh%y%;1w6w&LKAJWdsH*S zntn0!p3AGQEF2{^G(Ac#rEME74_k}|QNN^fO2axl5S^_?fA&i3B{|%GV4~&dQi=g8 zS^}>PkWz43hEK-iIlV(OtJYoW61k&C`H=XW0gJR7u4u3AK3Rj$gPwj|<&mFOz}^oq zFCGwEwgg6*Y(HtSVZ$BOd`UvnW^ADtJ;ih|z_yH~zr-rv!4HoxNB6?2qx&e6;p%pI zEQ^TJl~I^a4|0YURN~~RAhd?C=!+SIr%EmuTyYI$J+?>AB~M&~R#Y?Ar3Y6AX9jl! zn|&fS{{BRKh1zZLAhS}C0$5O;87S_!`x!_}(KnVTBR{Cbgo>6<*q*soP z%BhGJrlh19ET-iGUf=m=h{sQyu@TwcN{(d2;7)6}wnegQf5g$MJh?u3e$!4Qz3uV2 zZ8wO&|IPE zNVeF(!SNX&xY6kXSe=*=!!_wyG7N$RG8?3I>|!Ehy0FT@V>+sQlGZV;4pPCN2?Y6- z^yiudf_5gB^Rwn3)}2Vp>FlnReZGg1X#Z0`pfIwIzGFphGa z5+^yaW%1d${;Dr1Xf z!7I#eB5xTAB_F&TdjELxH7`B;C&`X<(%%&?>K;u`Eu$M5?pBl36OA*81-(-v)nPLx zCeV<7D}eQ~*q~-v?IMg<@svQ{g7bsdkXjLC+g|=5txYh8DFXhkv{L^c)x-Zgy8dch zIvYvL|9f;v{?%pqY<632As6338LMETE)vHWREPnJRlqsL=P!@+XRFRqZVR&rnIQ4^ zQKnG>45LKo2FD+AhRcU8-R|e=a`W6ne>;1M$pJVoFz)TMLUfU`RBQ2X2Vs#;l(tkK z(Oc``{>cgT62g%9N-tQfaKT`hBgEY+XE`p{k(%i$(7CV87rGJciR0KBU&s5i;Z-df z-FYqUlrw-VG&r7-VuZ;j2fDuqx@ZE&(4ReFPm@^!Uti=83qVe z>$@b!ouM~z>Y2`T78}yZ2RC?XDns4>*?mWkwjXVTG*rX8t#}E!f>wWI=V1l z(l0v70kv*YyKb8Ad80XWrq0>zC$e7XD~yCT#v~gM)8a#g!8OY1cE{I^872x!fdQdh z1J7^nJVy?(EKE%O{)S>YRaHnI@Y3M)N5g2jb-oDg@$ksapsLhB;*ql5(VHFW%qvf; z9x#r8T6!$QG~MhP_jh;8XM~v3W)uu%3i$^j!wiG%anFP~s?lp0)xZ>>nx|mAZnlC5$%#3kWW88G;)o7OYdoE0v6eAZT~j#oZmpP3zf-zdmK@?arUZz!+`cix zN!33#FQ4U~L?GYcMfbPi_3xHG{~cbUmU<2j#%2zt|1-XtRNXw07O=l$oD-7t%EjK;7pS+(QHo4xehI4?XqkVvDfm}j&vKrXd$%ESg z)nWqlufA2ar7f&KqXnmyO1 z@)EFlGx;C9YaW>rwN_;8jv!AOQbc7j_qR+?wvCzxGAD3<{Mc$d^yLsHk0-nD9hym z5yvJR4o5P*0Ezth6MF!lY>|*w*r4rKlV_I#_(ft7+J5&MkItAZ3!DB3WAKgCUN#ww zny2ZPfmmL<=j<16tI3@G2=1w!64%HE? z(wLBE%tjrUi7Jk>3s^k3aAHYLQN+*)SBs?^32pV`^Act7= z?CC{GuRTH#Q{j|EOWDqtVrsMW?BvX1V`3T$ql`sOWn&9^L#8!l4*DrZREBy;@$CI8 zLd`?5f^nai@VSuobW;98Vs6r*63cYSG7kEmz?b?~JNdNrRJ~>;leY^)f;9T@b>pbYXqm$4%*wj0+9*IQ zx?MZQlnNUQ3&mRJp{V@IjGs?nY6+r`MUoi+e^l_9T zYiYkM_Q-2|KtU=yuvyy^^66dSP``!+bJY3}{Nt0tnU$1V5=yYzuI)VMxaM)ILp`}HWPz={F+*#c5 zXZD8MQ)d`&muhXnvX#Tz7k8G8kb89p>=d8UiimN7=V#caZ@j%j~OFz4NK&LRk&ycra0vLhU}1l`pgG6w}e|N~IBJ^=W<( zlY=VI?h-_LNt|fZy!N;#I;ZKMxI(T4X?H`$G5_l5^SR5h=R?* z{Ke)EsiI&Xd4#@7mW$y0Xj|DDr77pB<2!&4Qh$!)JGzgag6Vsm!6i( z2A!nXSnhh8*nNC7N7vriy)*EUbdkNJ#2^o*^g(MJG&FS{ zbkqYPimZ>-=`-hN-uC%uA|}y^5p@cz7QD43cwAR7n01%bVSAyW4~KG#r6*wk`%9xO zVqI$Yf?`2_?!^L2Gea^8O$2etu^Ysz@uro|p?w0?N)pGQqznAjFhF*Z6e{ViEyf>C zssgW)yKA-$$fmIl7MsFnwo>xW#EsLqsIK|5H;3r7Lr(uTn}(`NGtM{gq97ivg3(Mt zmS3NwW01WSlE|w}mdiht77Tl3&=el?j=4!4ZX^6PDG-~JrXcRz$5(X}FSEv;15G~F z;I^pW*~H79NjveOBL_AhI$L)VVM|mm%3l#Kvr>}4m+z^AQ=h=m8$KqFr7s`aCdr?T zh@=LWuq^WFP?-`RoQurX^1%d4ya6uJnybzRLZTh3$2{mMw~(ogM%+tG1aBnWE`0WM zGsk1z9)19-QC(_PqeNI!98GMlA53g40|Ikvs%}&DbrN4I^!<|D=IE=T_M1Au-4e9N zPHLEB?22HsCY&Er-_bLqLVy_x-3z%Hm5=ociSPdZo?WS_u$cqFs33FmdtM}9Bes}AtbepL7VpYc*D;oqbO_M^ehmWDw zC4$^OA)w?d3@%VWxd^UOv$`JUcpo}UJ$v9NbGY4Eod}^1Pkxb&x>RX z)jq?S3-mVN1koaCzLLF5f6`}q?W0YmMaq%FPg3J00ySo}0vrb9py$oCF`DX7Q*(qo zQklf2qZi+ugu$%7VQ5O%3_=1dwQ>R_w8=O4$GF$3lGI!eTPk(<9#9}mCFBZlU2q31 z#%so!5mZL5?2wyf#0sFau>mh)Jc>WjBI-bBKN_M_#c_isE`w98A#&MZJxB$Q!T7Yi z0I8ho$yeTU`vnhA9}io9?ZEIVa{igOhG1yWFh7Z1q;Fh!#qFoS^(;E7D9Mq{@6KIk z=T_&R`cv?9XaIahOLRni-uEf?m(GP}P+nyjX-Nqj&-+3>{I>jg@7fN-+;vzENf|H~$* zA7|V6%3i5Ui1{5cj6HvsgN#BXDU0G!r)byxbAyk-JI2+{GdlL#yYU2FDLBo|BGs{} z&Y(r^5BBHb3HvIQqTF*7DWqgV!y;`=-{84s06UgV3APIz{pEn>`e3kq?BYh0`?}!P zW(3Q6$p1swJ4Q#^ty{xMy3=vTR;Odz>e#kfv2CY1w%M_5+qP}n`ts~^&i>wa@AK?; zjH*$i>PP)pV_nxh*IaX6Gt`Fn?Fq#E1wrG$Kae6{AN(Z8rEOHAYMIj9na2D9?zSY7 zYhiMRWDk;e)VJbTh>5}SNkg-Y9)wlqq%N}4dpEA_evF?c*qU78G!^rz47Ofkm7qt+ zVycibfBtjAqg#<((cZBSB-_&}u))ov*`(Zr*oMyBq|l|!-lmjPDe?~-9MmdbYc_)->1};=hImD_gag8&H4N%H2vQ%8U9Cb z(x#{(gUpBW4z%KIBYT)OF0oAof$%0rTZ5OL*>Y;MAo(xVF10 z%ht+3g665(-Dr{A@vEdAr~!otW1NwX5~bt69DeLKV>j@B%?2;nQn#DA4`7?u(6rYkDsmN2Q!0>-=9I^0BaX1Z zK@`ON_5s`_&m^3PdP&5hBWg~$7jG}C=Wxr11}Y}5 zBov!xQ8k?$N)=>@~Pu=zZ` zp1ET9+qZB}{m{=x*w*Zu(BDiw4xnOMTQ?u*2ER+@8#DU$Ss%WH{Q?>3FTBF7lG{P) zhrl@Pl{wB5CjVZj2Qn<8Z6?$Z-L^z0{Av;VnW@?SKxDN^(g#1u7@`qpJ9;qtfV_jV zQ-XuMyQAip)NQ%irL~GZiaa8iy7#jWg9)f0c!SavYcGvyWq-s^6!7A;`i1Dt_8U1C zT<#I)uL_meDDMzDZi%GtLSFwM5w5k3UlO>O8AB_& z7v74YA}_W_4*x`=62sWi4M{W*P@JA|#4|JFneX1K7%zOrzt?;2L<<#lhpeK z4xTV6M3*C^MD&v=PKGohObXSN?a3iap~vq7!xO0r3Imp^Q<f{_@ctG!5PjkneTc{--S9l8hq_Bp7Yg`A7yfEKG!+w0+d`%H=C$YpP-ghCdF~GqRTOqR| z_C!S-V~;Ga?r)cYpym6~Ox(tNlt5KLHi=%bJgbv6AKqJj0AN22goP`l=+TTtnW@IYg3*IynFbBv)ReG8u;5>*Y-_}czC#!wUecd*i zBKU}Ar*vX59c!5^%{z!jL?9$v!+)j1m6opBR~usY@r7{oT8d z>1o5wQD0fsHC^Se1++8Mv9p8NclvdD3ZroD{+KrL6^0n3O5Bc-0l5D3h~8Gz7*i+o)3{=Vsx;gR*A;gt z?=;Xwh5Y8%CGx6L9B-#t_(1M_s3hxvhn_U-WZglBfnR%VYW{YI?k6h)HGr*2Ob!ls z>!k0UNSn=yHSn)!^`(h$1Njq*C+;gVsj>cwY)deltg1zJi_KqwI8O2|_)<~mjb|QY z`X$&vu$LYyQh&LZ_xmZg(_l(GMy&ztE_mktb zF2<}ajPhN5$S1(I*5)-03N8niur`9hpA+X|`UC^HUB-GRsX$W@8gm#Rxe4_lCiivC z2XOP!Hv0#hk$$yeAW!~oZ zhL+cZB5v5z9K$>9Uo`sQ%)PYqCksUd^`Cmw-_qzR0DTKAay`2vqW0+Q*C}c*JR6>!2!qfdUNIG_(Ii zSuJs}lawkyeuSA_w=27fqqf)@J$OT=c)CHkR&|q^x-^-1r0Tkw2)BcsXXjgum(-@P zz*v>I&G*0&P-NmEi z<=r%>+Pt$?gD0g(9#VsfQ^mQyO3D&@tGsNH+i0IZBfk0bx4vW^}tM5t(-lp;G|iD)U!ns-!t z+)N>Ek;?2 zjBOmJka$~+z9+`0Nz@^m_8zu{^FcAwyOlm*4avgUQF=$ndFuR*v{SpnQV25)mw>N2 zTjsv02X%tFmwERAor6VgHOV0p*-v+mA7(mSUSqB>k+5l+MbG(; zOX$?Y-OrdbOdiV@ssZi(+YUAk{PKk7X0qmU={hQ#1C-3ME>;F`H1RUHbAolhMX}^& zWvzkbfzXG=yV-Qzjd7?fxR}Pi2^sj=3UGccN}iWTqZsIEm@DoeW3I206UHS*-#4)` zqnp9XcfOH3|IoI^@Rn&qo6dR^WkP`C5gBbh5q~42Y(YTiNkRE8I zet&W+;IU538cZWOeStzKqhK7N&e+>#6Vw<9z}hDl9pee3OY}*=(Ty~Kg%YNNhbd;W zzRtBf6p%f*oZn!A!N6d>WC`$f_HlNUS>MTADUf@>DYDzZ4Sx@ic%f5I`gJ*^ei?kf z+I6gDrP!>nU=!#NKX`85%FT4X{eeeP>*f34F0NtnH>nBNZy`}t*Y_0H4u7G zes(-*Cu3vdeV&QY)uxfm4=&Gde~@+JbG{q!wSFoD!yx1$p~_Qtr#1Lu)@gdee;_rg z0X0^QKD~yLDx0{iBXGuz=Paxq6|l~JF8KJ6k5Mb4U@>6wup)VR@x84Xa>fw5pjr)k zYTsCT5ESojgL21;tA}hD%2SUP{mPF+Lr_K*L$E@v+s^gK>JCs#iu|+K2W*t<_u|S@ zt4@jy)$BuWfTFWp+TY62meEQ3P~lGvhHM zdQqh^2C0YvH~DdjV#pyU(xHlJ8K1 zYm0Q*eo{~R=N)2+#EJm3G_|XwOchgS*nKsvVDFl~o@1&ZCE7{3JCDprOX2I#WaTms zjVGZPl)84DqG2X1{E{5GzhsH;T7@Rfo6RmA>)%CXkKcO2#*ZQ%8=I{xI0@dJs$kHJ zwH1q#;CNKmqBP8A81$#upyPuiSebiWAM_J7SYjv(>N(x_kAg1y&6EO4-t7904MuF)T7 zv5d;?9)T$>N~Z|{WPB0XQ6u?yIz@pw1WKho2Ar54sgKGhz$!(A6O)jV#KH)MJ?4Xt z!pH_$^G_s^Kc#dxsCusBSsyr}P6Z)@p$Ss)qgM6Ol4b?70TTsl2}$^W^C8zsbZQ}z zn7rAgG@j?8>Jbv^W8%ww1gmy&Bf_!KZ1eD-T|w~>cZ*e@>ZlV4{^aR7V5)3*3C=Ez zGeXqalmM>xjFJFnz}M_8DeP0yvv&S)ciNa;0CN&nE6QQR-D{zGuGU6IY|0yn98Jf$N#Bk<^p}xUFCCq)**s1$hQ7YU#-!NTOE+nwPOS*uEvbicwB>*J z5aD-+r`N~Mt_JMLV72CzwW4%%x~!U)%DtP&nSFpgQ6^E-AB`uFi;Ye8Kd_1zA>>~S zx;-=8^$Z+fi}CQ3`y89`d^=(Xc~MNwdvYC_FQFjIfCij6Q zj>q2B?EuFP+=%XZxV3$T1OEUm5JS#?Kmjqngx(ZAu*vAQFTzB0!zNbC1!zgZn5yII zTIS|Fo$$H-x^m5pFd0FPi)gUe_BbIK7hWI;7@n7F4>2gq(!Hg}AShk*c|@joOS1Aj zj9M0cM96ayjPuT2jCB5Sy2!uC=Z$W1CeJ@F2I;8*`PW}JizfR!6pid@wcMa}hx5i?31nG+USWO$Ux^J4_!!(hOnR#PN)N zOy%+M4-4>385%JoI0#4r+<$7(PpF9SBW$`(o)+1n=I1ovaLE5~%BP(|*W*}=O*b`- zBQN8wac_88iCkIHc)K4M(E<6?VIV6EVv}Js8g>IYrFV;i#XNLl-1ws5r91*6;XJY* z3pjWfD^0q)V|)R)3#cwa18}&RjFNLBsVjS9BJp=~Es-oC8X9|Jjz9;;NZu_gnP*E@ zB?A+>wZxjsdYKglo{hYSMjwp_+hI9#S_m>=_Zi}H@ zRmUY9GHu$!e%Iz()M>;bOF~bcBAWO_fUE!ww0ztCZa~~nQJ|8Co*o=3wEh;$`6Tz? zVtOEj8Enmmx=J;f6C0phU!Hf2d-cdDy#l`(-VRf}>B_30Nx>z`{yH@;-H67XP+^cE zjXVE>YPIiMPamrZHc<0t@#5idkh@*ffzIKO_qrQDT3rt|$0s{1om7vZ8ycgULweNf z{*faT>9i^*Mp8tLp4K5I(ZW?6YVH2>vX_9X>NhZbK78X`1y-FB+8r0jC{0X1427xO zb0Mg>t;Mlf8w<(MN*A>XKX~%AQ}uCF*)+iK7$J?=@QrWx-vXtt=RRK2F zqR*JQqVB%qJOZW)ZauSe$DaI?r@s&rMLGHL&`rLN%8gRyW_AuzN*>#27hQ;c`_{)* zs+cf&Y`k1hn`!ebVluH~mut`>m(3_>OfQ|bZm2o@#QP7xrLGa#;QZ~UMHC)jym!)`jAN1|G%G)8iog}eO>!}xQ7h~=< z8{VGpV4L*&BaO(}0WE-47<%87NOt@OOz{$Vv6lYI>Pft7PrN=&xaL&9WfPrK{0gWS%L*qal%eNv)p&`X6YN z4dS|A9+g1r!Uv8rZf|N}vd0Sj6O?yVSIN+p!JM}ZQ73HOzaT118a10gzA08tk&3OK^+Tcd) z)r}ADlM=?lE0CC1ySac|Agh4~6iwK6AYEY7AeiAW z$aUq8plmbbcj6QyUE`$mqlR>dH^!t(834H!((WA#ya*M%MKED%A;R;_^qxTay!*Um zvv|{8&Z1n1@Nj}5q^Dmb7;Iv+NnB&+sefDT#EeM#_fygQe1-c9wO5cH7p;9dRfGSd zxaBjR?|JNcir2mm|r9q8= zWFhb~48+$^;d87=RvBju&2>_=Fm8C*+Jirdr**S_DjYUi7B_^wceM>XL?pMEQ}X*JFK#)M;?-=5#ey zmaqVT;t155sUzv6xm2L#;Y}lys{@iEU}(H03mgF&x|xj`nO! z*2+>3F+ScF9zs7VbrTO2y!%Us`-Jm;q^HSM<|5UH0_*hI@|PQeK%K`*VI%<-1!<}c z)Gy_xMB>x&LJLkvm^H2Y^I9TUs7IQna`8hXzdKh9aQ(n@TvU`Lpqj`-;qrdCt6?c= zabQo2)tT7utXVQQm1EDv5S!{(&I>7TjwUt?c+7DRhd3PPYwc+}lP58o;X#&Sbl0`Z zi6sE$_M&%K%)oXGEOk>y8)gbGxuVyfm^95&6_OrO(*=EJXh}*1Pwy^*R#?wzshJ{54Z-4@P*^tR$1mnhR9!Jym@Q7*sBcEuPSCAI zl)4AWYl|v%w?yQXlslvehu15l3aOa~&ddZX$7UmF!J?fB&jDay0uDlzOOy$l*K9(r zi;F^Ra?R7n$PDB>z;yt>QO}0M=Ej*%tmbz6jEceU0k_IdIgj7lDQ!++%);{V*L93nb+##71eJ9l>DiWo^Z!Pr+&?mD+TL*HlU>#xGDvxz`hpf1g zW6{Jm`m{9p&<$p)B?)S(WtivcD!1n`BK0>o8zTlwdkkf@^p5l@44OH*vjFS`!-Y{2 zm^k_nD@Nm%BJQW3)Wh$m^A4vq)eepvrb8q|Vu`!~nL#(8gaEjCtPYCZCdEbv3Ak<@#BZALSMzdjD{!miGSW z(do^@hJpj_;S+t7wVAv$IcswWl?{&o%himJ0-yOY_F*#MkC^?Hgue4@1Vdm!Qm0Cz zG^6csDpW>THiQa>>7c}r_p5mAD>Pjhxu)gTCBy545+1YWjE$CndJkL|3hpaJ?5@Is z=8U~%j_K`*Ey7!kuQA3jJVd?iX6%4J zo9MA;=3|Bb?}?9F*q*0F(M`hEvLDEDb0Q%DkjOA6a1&{S!xFrKtmpTuy zZ_*xF2P{pnG7i-e>pB=RB((8Z?%OF#>vrWkuC=wTthhA{tTZpP)DNt*Jl8)sI6qik zSY9kmuM;91uj-vM7??6LqMSIMDjJ#8{n~rBAUR0FG!9K3k2Ui&e&`R!)xvJjnO|RM zZ?|^W5ov8}>5%#506CggyEru`vTT{YCtm@kKqCf_AI}5Z3zyRP3U*Q>CSQ6k2`DXp z9rOV_B!5A2Eo4lko6(TuBpz5d?8KCo3j>aqa-*z7OBp-okE%}Fl?KGt8Hm4+v?A)s z*s6T3XOU*3(v;z z-i(Jh0xATWZS570gnKfBN$4$zova3zH586^b=|BltY+{KRcBqCx=nC)<(FV{_s_T33KN}vUgV`&v@3CB2Fl5%-os6c%=QePXyhTGCFlB@cpejC8Cf_i< zfpK!0ElG=i!^BMuW&W~Mx+9M(P}RL^nUAA#gbV8zmn^MSMwB%q{hNQ1yqo6-F6Kb> z*=wNz@yY{Hsho@@VNij%pn| z@s_t^)SI-C2pAcYZ~H(T(XMaPoaIfM^KvXqa+ARh3&auj8;0_u=o$6ddzOgc_B3kC zx|nde&{WK)tLzOtib<=Yn=JSQ%xN+j?~s^Rk+I2#FW?QZCLSB=p`uCstS({^&S zw%+83Y7*=Cat~T zM#MePMvG%OdMf>*Ei-3?Jra(HuJVEuolBD8LH?+kahAUT_0_@I|LKeaBLS{ixNmjx1B)uRvdWD#z zKEW+KXSjx8y|3lAGT8d{NdoS!OFak&K~1Hg6D3fETsfcLtWXJp z`Ubh-=Pw-WS9vP7$6p%Ct?yi zZf+k|*&Sc&)pIdNgzfb{yK@Bd;Umj#ra>{!R+>Jj(~fB*2jm%+O78W$Uj5YZbh|8| z~+@L%biOTs&yS-;2ssoZy=&@ zAjWA3$BT2 zsQ7YZsrqu|vUEK}Tz5e}Ik!&anCuts6{?LH4Q;GXh)!`?&TbJ<0n5!#MjAVsZuueC z?mO}7BNbiZyco6P^uEn#$@KNQxic5(>;!|je?4;w3$k)5RRt|aNffmhY3Fx)c`bt> zB|_t57TPbtY0oF#R=3Xbs9NlLet+zWN~rHB1f3@_ew?p09m0}ZQ1Qv+*=}nCI__cR z_A;&%*o)pX9gCU2S%*BVNSn)Fx<$JIH}CSvNH&Zs5$vbn{@~P1`D-iZd*a0F!414E z%HvGzxRh9Xuv07-L@?3=e?-RxT&Ck^FGTHkWE zZ+Oijo?o?t1Y8XsRI1(&1FVZr!3||dk3zO*<6L$@12w8mg`>`JsyQL97mBd9%X&P< z1D0rdU0-$lzSUO8%XZUn!iSu~{otchm<%AI>c-r)K-e3g7wL)OiD&d6xY}HoAsBwt zoLbfNQTEa9ob@!}2-7uD2kqw>g;&B8RyvSVv^Hn|RtDgu;AhTKw}s4t=w&;08`L>h zmkorhTL}RV+U8HIK$ws10UPc74nV%Xt`ygli_6@sVu0gh&XvnI0OciZw6-W-P1k=Q z2lycxa-E*-Qdg<4G@x|J;5VqqQkUnIEr-xGHWe0%8`2kpT-6N_y2cx~74HYh2hfZu zI9HMx#jCf$awMzh=S+Yo2{r%qs*JvYmHjRk?Bj8EQx)TLd<4ySpOsInsM9G~%vOo- zd;KL=)he4UeRhi^lk83?;VvXvHq2zAxlS?DBk)F*9k0YSORaW~Uh(Vq03(T#>FlnA z$uzKW_RSqKPk0xCz*B++FSkuJw@u~e9TxltSG)%-3jN6H(p~8bXgrbd>O7CwTLdmB zDRxosr`*oQ>(jy&X z!oWb1NorB&*QXTzfmA}y6Qap3R#t!}Ukm(-mA9(01E^IAa@UbQ%7uFleLjDX)a;K} zk>xB8K9RM>0c^AF%e{_aX+NRli}mR!NPd5a()XFjBj~mUq%kX;n{e5|!u(|30@F_% zZ$a)7eQE_u=m!i6VHh90?3`+faM-LtUSk^xW>b6yY#`>LX1Z@d}o zXs*La+*NU|L)Kj^^{!E}yJ^d4h76l>z9)$5)OBT?Nega}g;IURWtO#UBKdC(ZlAIudm9sg9pGR1KUJtt{txxNKZc7R zuLcqpGUg{3xL7?g1QJ>*aetEFCOFjq@RyD7^pD7BqqHeV$z>7;iRs)I>E(R)qnO&L zuYCMs)8Y5G__vw2wFhxt7h){c)DW@uT-Hq&>o4bCnXeNcZ4W#?mX8BSf^?X_ATsWH zp#DIr{1W#{L%wn4&40y!wQ=o=JOFz{;i2Blg!&P2@Wllbz3);DH4{cRaP!KQ-kYxv zz3){YgxX~&GV$#(CPW2nF-Yahq7Q9oX#4hnijs%aX-D}sHmC>k#`Vq$Mf*&^#kM;| zd&PE4$inL*ABe`404lHiRWm-X@)fe}n~c({B;QD3G>vowc0@EonmzC)zzT2!1fw=p z1J1-QgbL*p>N*xXo8&s1gy~SQv(Y)#y1O(woBZM{wC3k6AQdl9mSGbfPZGzO(^{}8 zr2+5S_4##tj(viQg@uE4BEv1M8~CF_qe*bsQIb+*bRTbpqPcl5;_wN{+L|Gh(T-d; zBb$pkD!rzG6NTxVo_c1jpc6Sbg6#5sQEi&~gpu0dkD@5{cx48fI{3?JSO)$SuEJ@_ zuL@2p`99Iivt1-)r*$6lo|+yH$NGT+fWPuQxomv6F+Mm&B@1FoYl*%XmcJH7~wS6E55 ztekCvMsg#(ZDVGmOUKQp>{tJ%1=CD!Lhmh}P`@mtlrY`T@}UCJQZX(nI%Jf>t9%=s z!fQyhz~I)R9vIROFKpH;j%k%>vs0Y5HUH-h`@At-sj{5J4`)X*1B-;hxV0XTvL8ib z;i8u!YJf5dVl1*17Oi}^>^4In4swC(kMq0dkS8j$52H{Dy>%*|SIm>kvoPs>t1tV)HvQ5T_ib(}gj%UXcFML$zI?glzZfq}<^ z#VofSXFS z`#DF+9_vdD^`z|rA{nDl;Kmjl+{#rDkkBP|C}->8(H}_JI83F=wlPGi^*M{hzZ3~; zy?e!BVH>u!$%=LI@_RYdNxWL9P~944eflL0$x7PlVa;9XmPum-Hr9HdJC@aUWY`Ql zyVxKOKU~9QyWgIDtb88?7Ef;`3RSumjOry1#k%6FT93}9O8>m4A$hEWR|H2>%%-+~ zEx@*3(T2-3Si10lv*-6|Og!8IRJl#_E|9SqwcdjM;AYEj^ihAYzB?Z~BF))?5*_bM zIa74ihz>fG zErmx)Q3kbC?a!5YV|d5RrDNG_I!!eIuo{wjo>IKy#W`B4ThvN;95lXayzD{!+E`V` zVJ5rq#9ZhMb0IzM%3`RJ0f^%A(p`Xm1$~)8UsmcN9vw(~u$U*N7i*}c#uZCEpQ;u8 z^ya`rq+W647P@Z_Y^5&xV?C9wORysr{>Tuk)i3i~$+MXOscdE_QJPSZ0$oSsW{N^Y zaGpVbgbs5OCeFn=os7K+#I~&^F(^dYGo7m*L%XJN)cvtk>oDwY*|3k3QXAB9)xj>> z%PeE={D`i7Yd?3GiM@wJStJW<@Uqb$6P*_Mh$J4@QNI4d1-E+lRWHQtUf92F?KK7(;EajtGUvI4A(VBauCaAC{oe35 zX%whJL50|}`Ayeky4iUjqK#7wnfDsXU(DsjK96+^kr;<~Xx$R7VA++=P%9zY7P$ZE z==)xqSapi@z1Dq1b^XZlA$Z6cnNnI)q_T#7w+bZ2SL@x)$Qi1b zCnGLD9KXOr|9+?i=iO=wgaZUXETfjQBwWcBuR!epB@)L7y>o&&5o)wrRQ8eQ5$EX`v=L{^!ka7|ME(=B6=Hvp=P| z>kR^=F^H{FW=U!bAJ+^qExa1VwBc<9qU$zxMg zf5A(W%>_Z}f+noQ68dt@CO06Zx&;Xt%{7pzEG2n}9dyWUj<9CtK?jHTPd8ikHf)C` zGJA-+F3p1hm~n~H4^W}$XTjSJ0>psjaHPgOk}S``kNV3mv=`-`*7y zv^&0Nss!;B;X*Bx?M%MU?B}laewJ}i{W^qax=ZiB*j`)Yd_vDpF`^pMe}XlCD@gn| zSVQ#BU;h1`JWt8|uX}QCgRa18$m~C4&_Cy#!mm} zhJEySX9ZutlX%^UU|v|j)F$vF&*U=NAFSF>tTs8{KV;(bf@=2dDEHFOgB5`9*w$`| zr-dz0XZviA6hC zORBcXWT}479}ae1_~T|atUuaYsh5*ZP|sE)_~hN@Uu6pmPbImM)J4^^`QDu=tfsWu zTYov(kF!tBRbAyHg#Cu0oAjEA1Zb?RaAzj*Y;0VErDtP46v8y4vDaT#@H=QYs2`** zy)4|*xxXvbf#ph+!0jvk6**tLwJxE9D&$o`MR5t^c+!d}F{fc)RHdn)cd02Ia4Q%w zLzry!*oE!YHR&u1rC_PdjMXz^n2uJwK@deVV$POi?x%B0;Kuzn z?6rI9;ZQWP@}g4z(JukMs1|YIc?;img~?l>)|#@H*r|`$2Gl>==PQjq8B*e(4b$s3 z6#6RrM#)$i9UIB#7si$BHktFN-Ax1=ToL*LE|QCb;Pg!3;#p$%tDAfU=VYR)SrlKl@CB zBW#v=qM57rzHJ=fwhW^v6C?T%%OqnCudK4+?O(iIoMJ8~1Y)CE zsW$?)So~jf|tIHcV?oAAWe-)!Z(kVi4dli|-bGGo$om#yWwtM>0JXA{J z8(cm7q)L`lbXc+PRWNNfHTxs59}eTVQ*EcY7E|0#@rtWeW5XKkPDX?%z!m&8WL89} z>}~p(66PURwcDSF#5V4j(~OcK*L$NP@HcFq_Y$Lk(I08-?Yb4}Z9eqLLD;0S!i0%< z!ui?{#RjFa2^R)PMKgCm8+bvf@r@jf(1bUj9Y&Aw&|rX|hcYOI;gg*@vJLCq{Hq34=v7E$4IWziB|Ef#|) zER1)HWm*B@I+(yGU}dqC`~cs%mG~icNT5!w7uNoZEAay);U%Ez;g$)AqD5%<f5` zAud{J#EzhDdbe0wc9IOlJ3(5PT3U}ovtaXqd-DP$tK^iX*ZHwXzy{nJAA_ohyIH{( zqSsh>^q?*M&BU&~O&)(r2Y7-|HJq%uuX>0MymHg6D8X-^B6|qP`wVlN>lWt=LCi6@F@ zROZ%%I#E59KOGYe1$I!K5Ji?3an75PBNFT~t=Z8+4)}|8NhrsUNXWF9JPIE6x#lk^ zDMRM)b{3kdn2o0}CWkt$yl7&Vz3r|Z9%ctahwi;H+$f$dHXjGlt$s}?WsE-wtWk=! z`_Qu6saShkRAh->X}wKND-{W2ZAhOZ518>jf9Ho1;U&Z`2t@w^mKFG1#~HxF;q&2) z;L>(7hvwwDA+WI!&?da}@sG5XU(qr$@Sh^7y3hCDTN~K_rE!@!IM~qg83U{w{#s@W zfCJHgfBts@gQ%XBp#{M1zb=vkW%;Cg=n&GViG3&e5w{1!zi3u|9mt^gY9=Q{bPa~A zZ0c9#f0oc5{sn$h4wAGC0S5%XHRH;}*lB}TdjllR0D&-giuBf4o|mkB=YXB_bE4>s zIL)p+TRlvl_GoKGADiYW0}%`+7Jf0UpxgFsuF~ByHeJ1(r3ndnRv2Kp}q+kVRvbAz9 z^3%=|*#uag3J#I}wU5t;Cb?cd*DvcouJFG`r2P8|GyT_UhAXNmAoC%-0|Th2u%RGB zAOZ+QzXN)*3S|}L;&7DNLdbZY=mO}~G>vx7zrCud@A>jPe(|Uq&NNtxl>+rMRM1$N zS({nYah92QeZ6^u@G+%w$o|s9!9kyG0GXqOAs`-YOT0cq?^_G}G}i)g1V$@VwJ9c| zsMxHQxNIyA%KFAaE>yCKO=?x@b?N5wP|mBzxMiZ)rg2D_CDi&THP2V{MOsUsCX6d* z0>60mZlr4KqBNEvnz}Gk9SDrI787#QXF|nX;+VS4>&>C<-)ztCPt!YtcZrmsMCxS= z$pY_-Lq-uYjJ{;@(Q+_15Ghm56=mGuCMnVv4ow&iIdMrOum|W^aOh zQ#pi46*j<#+ICTTEEYl6I+#w5l6#^hnZp$;(VKHEBI2TDjxR{9MB-Rae4r&2sv6Kp zfx_ClF1oZcPS1)gW;b`5az4@}*F;aYwC|{<*Nlr$C&q38%mO zo;1P>*jW#_&xWJVR_7hckKj}c*_Yn6Zp-VSP3g58ns27z(=%zkj@xcx3!qHXSlw?) z@Be^1KQrHleLs8i%BSM~@4LqTdrvd`*Pd=uvXq&TMe#acAO6$nq9ps(VVI0o2w@|M z2&T&?xra?4XhYn&MvLmqq6La~fYxh1!1VUNa83i|*McQT`ud}$v!(;C1NH_PYwy?B zd)!Wj45BG;sT6k8{XDfpVWd!Q*(~RoofyB*sYa-!bhis|lvF13*4KZ;KQN?i7QPQ3g?#fPF!X;(51TDQ}Jt?I?O*h&*N6&A` z-;19k0=uMXmzPgz1T1>UZQXvm>fP|4*<`j4 zZ+SNjL}A8ji9<_y_$Nj1PS6|sGv+SQGU_2C}BkO%UL-N;oHzc z{~u}Z6dY;5t&PUEZQHhui9NAxyJOq7?POw2>||ow*2(^MotwXQ?f+DrtM00PZ@Ox& zT2J>QgOV-~lJEtt+9~!w&94w7>ms1awsgxva_>Pel$kNVqiuqm{yZ@e5Q&*!)b8>i z{gZZ)pp;HIB6CZ%QigzNK^5UAo<$w%B|#n@#rV4dT)G~O!2Cl-CYaNtkp4YIQbDu= za=c_sR!{G7X1c{l&oZ$GzqR~_Fv6P-eZ-P3ZlJ^^(t-UzaUe*;<@XZ*c96b*sLb6vWHcVtaO+ zVGc_XZB)7KFxTR!Nd^Sb!+t_jRCyJ`58yAV{T$O^G`JxfvnRi7@1rf&u0Fr-7wG(G zCm3j(lHYsEiPe{E1jdr~igIXjX!6NeEcnEX`~@_Dbz+Ll)oNKEiO&~Qb}M#=h}bAI zdfRG@SRD6B1)a@wy#>ilG?&TTaqKi{$3mVeuK5tr*AQX10Laqr8VP^L&nmm zirD&!362x#?*-Em_KNoJF0?AQa249KDY0B`EhkNbr+S-_p=@+L{7vy<6GOG&xKS8S z^(H~nRNsAfa2FFa?|um9j^`&ujy;h!;``d?-6|0j5kqHDZg?Hu*bjMB}YPMe_tkiQOGGY~!PQbA}hh z2mSitoX>7GFF`te>s@OtG%99Vk_z=vRg2S2M_nk`oF)HZ^h!HcvrINv0;=uGxU@-^Lu?d???yLWnq z5#v#paA)5q_@R4fh7tYBfP#1Hb`c@JQtF)mjVpBnmm_QyPpSwp#Wdsm8Tq7S~HS z%uh{75@R3B_RLIVHN15`kq24&;}~0}A|ot}$Cy%ze*=1thWg1C(3vUGjQzp2vAU=A&Z8xO;6l#Awv8Y6v52xLvsyJ-BwT#dQ^@wZy@Qz@KI2sLOH zLRs>K1b`cM8udVvvi=TyNI1?P9l!GTbJcjr%s`;UW?!(Bo2f{ysI9DDyPMPhZK>^Z zP>&qOv#SrTX+*<k$z6Z} zTO+DJ_rjK>{Ma4MM17dD=C_<67sr*!%^+knF6B(Z9xq&G`55MuJi2FP)Q8v4e8Cm{Gh|CbE z*=fRYG!ie4R>HBxj${UtlvI8*OfD1!G!)`aVSlbXBT)!}+5Xc%W9NInoz*s(jjYBc z%#40^l4 z+M3Mbpfn5-A;*dOd6WqTf+8tzvC}3|cJj`2$-oct{VBD3Cl92%)cNTAE}*0wE2MZY zG!kW5FsJPInyd;Hk26bM-n1`y6&A4)$Q!q3pV7gAv8hqXc?u2Qq zi1M}6zidD3KmXO~{iuTdrUi~C*`V?9qWSL_(D+6q`L>8w@_En-)%l5Z{!8iwhLnHK zdc^sgn|-t5Mcf3O-Z36MOT0u`U1d{_pkP*QMj6Iex0N7PxKbuYpGR2KEy=dXiyv+s z*Od=-s>1>{+)Hl5R|2%2Lk#E)uJ1Cn{v=5dzZg&s!KsO~Nenr))#npSH%3n$Y(M6n=q2gR7)44F*sCCgI0t!U=Va7*=9*=#{cn-YjmlZN%?!YEF zz+_rgTHHeKIK=Xcx@nZXW3p#59F$KHEd`SdMn^Ixuo+LS@Tq^K;aD>KTN-1Dm8QZCJ@g)*!|GbX_aKpKV1D(kL}0yvp(o!`fBdoPm&b`^9e;< z_fwt5oLHL=Whqf?^8&i8K*5*#>AUQj?C#lDDh{3)uP*l7-eV4a44 zmG3wNn?42fq$4X%a&O`QCDTYu*|5g~&WCS5)ASqf=G7+C7{jJV>6yd;d6WB?W9z8u z+&tfj{=>}{zsRR8Hnp@i4ciRPKhgticTLU^b8<_~(<>CvKD?4axkG zZ`t%l@viQ1K%9Tgn1zslI_5Gv!G%VM8V%@NJDltSt(g9BbfO@8h5ovh?M$vx$hG;(uS z@n|{9DDa**^fpWt$6RkT*Gvl_e<#6pyN9<4Ag>}@=7@ES5-7JdZ^VDl?bg0FN z$ezLm_L{Hh>JDy${Zq^HFyP2y$`KunyOI?@m*mvNN)Pjv(d|9h6MFY9hcR`_gaGSA4cia%Ln5*eOo=d8HRiO~s>9+hS<_jrvRXY=hHEaZ{!ZzrSyA_F zFBSjCS!cB@L*GQ@KS&#wnkm^>t60HQRu}QD2Rfhw-39aF4J9{eJC!=05oh#lLiSU) zTjX-csTzulQ*bkh6bs`j^RhCcxmmH5BO$$AYw6;t{1}RrODvwY&bq@z{KY1rh4c+t zMg_Q{>I8I1CTiS4poQAGw32T{rZ8A$Cju^o81Ax?Hyf-vDxhjTn7dUmbke1yUQ1vC zMjE~~fnjO*z*$a~;SOl(@Q}0nmDk#R1PjH6xHZxhzdurKh8>FXKneu0n_;m)6h{hb zrnT$L3Cx!s`H8~s!gCr;S&^)Rj*zbMF%}tZ31?`Vac3ZEbe61SlT*`WJnJ^Y8O6TE zc{=QK4K%4&Z0||f3k>+qX8J50DySC(^?z0IGLU8aSK6=2|M`0P%F4dSe#YeFT;{xU zvb(Ktwz&k3-+n)Zs!j8Y`+6C(U`s{>?>+GO(ixC(x6TK5wBbKm3@evBL=>R> zFTcK)OJ)#d%Cy)B_`zrs_zcH<1wNmFv~xw$S$UM35+{DarOehN#|pP++=BN>kIdHo zgFrK1<)hyl(82wJAy1$HVL5&w;(S>CD59~h`%zz>K#-Pufu76<8~)r$5sq)PKrNa- zN?+G$a#1Z%_}It@lYE#QtF|>k!BZxy>a+`hCVhRt94h6LXsN&vc_CPpnucGLwS>Q_ zw!HBKIa5u`<(s#>Tm8*^f6?GT&k=CsVL2M%oEO^b(;~{|-Yns^+kuOBU7)=#TV+Ye zKI^wG0ih?ZT#_(Jv}BbjnwRfATUk=#!nj$cWO&eQLKX9e-jed=6DS0QKZK}<|2t{g zXHLp(naM1|t~BxaCtajS(emNcRk3hkdFC_y1<2$+(vPo%NGbBGiTmU)FQbc9V2fvA zN*EQJ)QTDgztnvdtuIUf>{(k?g>>7m{lk8mpiJ12W#_(6VN3(n^@Z{ z>4VH0O^@~(3pjZ%?3;hM0H_yqzJZbsh_>&8mKPS1P1vJg7<=a1c=?|@o9TIT=P!p; z0Yw9)pO@ZnfjTQ_1fLzp^jLnlVu=Z73HAz^g1cjKn)%P6@oxqy#8%pSM246s$09YmXkY}31zp8*<*dD?nt#Bt; zWC1HAp#dm}HKr~kpm*d?tbZZM`hFsUYLV-SDvKE4OzJg^G~%8Xte??-SLLQSo_U4& z5`FC;eF!mrryu}HhNerhF+>q<;A2DZAmU2FHEq2S`%3X9LzjEUu|-vne5LzG(y0xA z<+(z&9k+aqf;qkFnjgxQIFki5N@chCEX8B4WXu_UDea;+yGfEeXgei%fYsv`^yy)a zP+ZLh2bpS~ZQ{(Jg9&YTs*CC^PyTgf1vQ|Lvc{5){^Sy&uP5A z;0V5hfZjFQZ?+Sv2{hKr>)pq0yCc7%kWB8QQL1ey))g065hTBzK29?YwLzZSe`Qmw za-R#F;S^rsTi90tylveD+<-_m;O7)x#U$dzT4>YEj$~-hO}lnYn*bJw-Eh`VfZZz1 zKE&9z?NW9UIrc@xixQNl0u!o2a9z2ydI@W+fIXD;uyT(8SD72|j%);gGl;(E@s9bP z)e4iSYTOyBXduO71LW&K>VTKHv<<)Jw7=dC*r{X zrjzAh$ctjn%tAz=!tlR{MfExyR(^5#Mi2SiEZ;Fp(>!>UUp?zV{oDK-ISX2k>>FB3OA7bBNebu)61#DDZJ?UPIcA>%a1js z-)!cG>FNJW)Qfj8=m#O7QkpFy3JF8OKre16-a$@9=Nmx?~qVmLBLQ6kAiyU;ma2a306SnW}*wOSDtej zX#7A`^7fCOpRXtpxLVbO2aiv0)G{*p-Ijp)J@Lw=f(zWz&H`>Q-YpR~w%es+k%u;Y z8v3U|T>TUtr-6L0B$= zsst$#h`t3)Bf8cjtwUdcp}dDOz3Tzz)B&o3DIC!UNvI2dC_7J?@I45LF;2O6`DhZM zFo>FmINn{{wR7|=>HF8j=>)MAj8o#3(}kKZs~a}L&cRzb7oLU zEGA&IA%CXiK9nX)by>`Ob;@Rm{{Zx-3GE@<4CS?;t>la;Rvgb+5%wGNkCF{Vw{P>H zw?EA7AgHt|vN(%Td5*BWr(0KoPYp^7nrwMAtD@zd{94@lUPYZ)>4IK$6&TK9Qa%1y zI+&Z-d1pO=6*2oha#&?Xa}}*d^#ac zggKZtV2he;6VvR}2FgdAnP#H4NAifC!qV_j?z%5pQaZ1 zwsYEue0>W`)+UY&#`39N`-f4@AMr134`ps++M9nY;2Y>D&Zl8vx4T3`{l38x4K!u5 zcf{g8${@{MpW06)I0~B9A4(*6Vo`U{%3BaLINss>uThO0OXt)48CC25m4uV{pSWTf zXD4P3CM73(4^IVq7jZj7BO6l_k)J?*GecJ!7hyY3Tl*h>nx(UYp^Nd4RqelLxkOD* zWkUju-x>}Ef|A#hc@l!cxD+Q1Ak4olg)YH{c$MZjLb@#`W?Y=LB9foD+`g#k)Q;<~Wu^j~j z(^U+0x@ztANha6rN4=iu8{YpLikA7#3RfV0tco|t!`<~W;GiWhctJ4#qHTVjs z8?hI9#oQ1oY^%eO{I{{{+#|~_d{GhE;t)5`K5d@gV|L*5;|>)^Z%&M7Kh6q@Oajj% zt3c9j&;s2iLY}71a{ycxrIUNh)dp{Yww}(KM*ofl<7}Kyu)Qq-|IfeWo?e53XW%jd zE`zPrhtLh#`Jix5ZgX{Cb|#E9J#*@KUSv^*wNpQs0Aa*uIl0_Kjxz< zhQ25&M9~tDNXn-T-kyG>U-U}|!?1?l1J|pHSz)SPf3t|NUOaE%IwV0QpX8wnLKW#$ z>Hamn#hC=~gHNqKD7 zJ8&Mb6zoosZpnmuoV>*z@Jf&RwD{C@|2lflMJqUvX)W2~+3Do{Ck1*1Er_zkf_Tal z9)-Eb@WKEuWthrJXNyyNuG_R5k8gmgx6?d-rF$5n~ z2|vE)ymWRwT{{ak{Y!YuP+K8lkH8bFlp!rB>hpq$t@$kwua}oap+%ud;oo>CpX($W=IWJ= zk8H$?T&QWif(wa4?um=6Pgg+9{(ENa3qD!^n(5FO6h^)zDNuZ%jVt@||5yx@xW zAOCLP;`wTZs(IsR{R^gI46m-UrerQXKtDwc2?e?RftX&@UQVXK?fQsYQ zlOR{QTa!*qSN9ysS-Lyhl2ri~htYG2%cW@DHZrir{4-TQ$to@Zl2Sx~A*I!tTgOTx zE=@eaBlne2`l*%E=CS7N5Gf#dd|lqM7A4Xe?&(3*a5X#9e2neGZznu+QD!C%;Ozbhqurdho^e-MNMlYqW|}5>cCtPmYhE`Un3o=`XIz zx}g+WGl(@Rn~7#&6K`P^4`1I)xAV%U%Q2;$6i)HU?QBUwL;hibc}hqDIq8hN_L7C^ zte{F~h%$}8=w6UIgqdZoc+lTxDICIh4gsTBpGjmKZaRc0`v@cC;{}Hr?miO7 zP_n@^VsjbE=!N*nNF`>>LEGvfIL7_T#>@hrP;BF9k=W!U{M4jjnyY}rW>-!MZ}Iey zY1$OVeuml~5bt@1Y&4cM;I*3CdSysTM@eXAml&UKs8k%_xo%7U_s@T_qkPs#p9Fr6 zQ|teFoJjv~Bl_Q$XUYrOM|J7(yW?5@4lr(vD@7zkbU_Sjs5~S#XCp)eOF;)Ajz_^b zK4xN;ol#%zYFQ(zr=7MOWQ)$(tPP$FR?JXCuU%8)wxZtE-rVZu*cN&Bp8LMlodFFR z@#X(Lb3E#_tvB8C{I4m``}kCm&@Vas$dX?4M6F>X*a#65(d&f$7U}u&urMvlm#^L) zN_^N4ag&i?c^EkErPo6YGtTMQnBcbk1sGG%m$+IuO!OA+amJ?e()nT;RWBl@6Qxw z$CG#N9i(0F0S2RYx$cKDroU5^;7_T|5Ut%UjlaSE*9!JrpBK<8XPd_${nr)pH^I^-1D@O zhhuXrX;FN7vEv1B+z;h=qbeiL%z>EHI~k}Q91&3>3>41H;%O?IPMKjKPCSEu zccwEs>E;jV5JOEH!bBRy(n{>KMyjTkO*7JM`h`cj3OA)yiT-7 zuC=vh7SbGTxiR5&*_`HzC(Q_Sb`#3RF&MO6I}(rU_MB_nCfV&gJ9S!b_pDt#0by=q ztgao?qHU9`9rtv4wJV2f1nblUd##L;cJY1;>m8OXo4hV-<9z3LO0jV5hul83F-UOO zi>7U11c}6UA+FelCex2fdC_+vSeTA+7YSJ&znd7^n6g@(_W5daW?EofUctZg$A-n> zd>a@T9VZ#RPNcc@(hQ8oWH;|73B0uRj}p=*X`L*py65Tp_EI%E4wrnktoiP=U)30T zk5X4U4j=72LCJKsPErkyU$-45vl_#{>0VZb?Ox@tHb#cs^tLWix91PrTwn2pi*%+= zO7pSnpu_f#QeTYnwpV^C?9N1qS+!9ghK|`-_Nx7VC`t+w#-%kt0{)Z9x7S z1J!%65EYUEnG|hii*|e!#ot2qZek>sEU!+^^tlwcv6ryVcyvNC2-~g&^lKQQI|_Uq zgn-59LSdzt=b4D+;#n_?GHiRP-J9Y zsF~PPr?7mj-lr$ihLeBb&VR1M8LzHciXQP@b@t5Iz%cCPZN}uX_1TzYe2%Ka8PCo! ziX~CPrY+quAR{}DA2yTLskaF8ICi2OH*F2P9l18I>e>D=f#W(57dV=iU zy_to{r58Vn1>c-9h2jS)btQJF&E@BV2aC`Kizq-r7&)>wbK%Js?zLSC+r+y7a!(s- z8qnvMniW_@v+yQLBJajWQ)gR1p}pLSm;cRzBAi{yjohd^wDH58)0LNe&&Qg|a*m~d z1~sTfWXQO%VJQl;LUypAAxDqALP`v8fl^u_HYp;p74!eIp$3@-OO<%Faa~?X1rtXs zpJ!W|I>Tte)V3P9Y@kC_3^PHNz^AuWJIU*C z#xVR#I1SU6!T#+#aEZZL)+ATdD)ech*204oH7W&RFttEnCBY1{ZMCnZpk250Fjx)Ve~JIiY2g%Y zTwnWa!!`Oas)7%7gE-Wd`tG%-_hWT)D1lkI4k8Uzw2p<~0WCPPh*~q0$nZ-ER$Gf! zr{%3)MrEs|oJZg-l2WxE@eTaRk}4W!+gOuEL-dMUny4&4{UmKLK}+m}MrcE|q(BI} zVLQ90d}$iMybdxSjHvQuR>?RD6%U?^iyp-@a|HyvRi;9;GV4v~w;Nd<4jecXF|H!V zx@BDk$o{Cb!-LpJs9%V60vmuL9~0gXu<|v9)g)F4u;6U5R?UnQ)7s*Dr^Erxn^%2SHS9v)RHRa2rsOYWO_I}brfAI<~;+kRkY z#PHp%cJ0n-gXRz$;Hk^czRh?x_g_K#?kmwC@2J5eK_gP6vKvWtq8uqHJ?H1V{f57t zyR1TQVNkgmg1^Q;P({++Jb;B*U0hn#d&HLo$&v#)WT}l+AWIN9Zz9gI%VXI!zf2f% zk}4h%w!aHtB`V0;B~`__0&BBYMI3Q@K~n1{nn7`S`{p>4E_M|(pstT`l*Iov&RSU@ zv76g&JRhLrtjITy+7=7c(JMJCwOUx}5QFF$gzAz4hogqBGJy6IxqXopqx4TEB@QY^ zaM06Ji!`w{+Ys=v>jt+B5S8k(0|dQ%_-P(lIv@Q-ZZ-?RGOic#DJD32(<$}lW1c@I|jw$TbVOn*0=lYsV>`$`ONl9mIXQ8ie(Bh|M4I8jrXJIMOW9zG@ zqUI{9S3{hKag1|^?I8K3Dqua9Cmmu_sETxYcMR}R5U?LJ7&Cz3d4xitleJq%i`{rv zx36L6^^sbt64B`zRA%)=)BBo;?@NVrdBtVY{aQvMFI+@2HEJdHr!)|1w;01bBn>+9 zJECQv_`HUH3lU&HAPk|fPz7`W&-RR9!i4UJHncP1FuJHSTqw|KT9D(;!9dN)-kECt z0SknGl|1_Q0!D9ru4A34vC`69Q>XoFrP+x;NJj5#Jl@~T>MK-Ok^nd||9aJMURPk0 z7QlrdLv0{VoElzo1EX#gus9Z9$1F*yP7P0GoP+@nIcZZt-6UU2Y>?(J&R{v#H_qwu z>Mr^v+8Z%6AOCH_@h$tsE1dsuu^j)M@Xc|cquWit{gVz+&3|2hbUvg7@Gktw@Vi`KWwsbX%$4$bVTOy<#mq&op`b%7t-v(U zT$=;4^Juw+7;qFA9f9B==E5R`5QqJ@60)TLz#)fgXF*EDw=VTysm~x`Sp-k7F&T_4 zBcBFm3&+YC^w``0mxjni+~Nq}$esE#WK5|DSf%T9u?;Ffw?KurMNy>YGE+CU2wgW3 z%^DEl>&-*bxJ7r>YRYNBFvF{fAh87>_010H+?yj%vZrC>0HQs*uPB9wa>L^*f{8O&_t5dMFE7SqT@Mv1N>o#0)HM+P{ZBQ8c z01ipxh5V^=bKJO0ixPq7o1xeG-F3&HBX~ErJL&P+*cFT$97?Qp5s6DN57(N3S(=t4 zILEN|1?9;=5>`=OEgh3^{5=j)-cak~C|DFaZZB1vaNMC7z$!&6?s~vQejLc@XpvT8_ z(kBQd=e;y~?cuL#^TK1O{_Fp8_DK|x-(4o~*C@iihG|=AK$kGm(>l4n6G#4?S8XO@ z9!HJdip|C24?gvcx8@(|I29jE&``mjIk2aU&7z0II#maKN3rqfxNJbt{~#=W4b8iw z`HepJhoZe+p{ZwLdj>%c`$Zty;1|m#4-`(0bT=2IjecWuWkqX2t*NiPsG2oxxYNU5 zysKzN9-a)s``BBueh2L9>Jfb8$*QniwQ}NDxQwjxCD?jGBTplMcfG2erlrU_ha2Wl zOKYvyQew!Vs`1jU1JW0+NKb@8S{AR+E3n=A1+@=iLw{xEj~K$J1H)@SN(^ZXmIin6 zNBCu~`V>6l5dC#?<-vs<7soImrLIA=hzxPfN<6>`7V{Y6dalu0Q;uqaut$EH&L|Y@ zqj>pJ{f>87@tNL!BVk;HgOj;ZU1w{hxBV*&s=dX|SJe6bPOaVm0<4AR$ieSU2&F5P z@vnO8q8j@$r?6KyRHcS$O|@3$Y)q$mFKiI>Blt^%g%3@K_3tZftuo^7!0h{JU(j0>DC0EJz$?*Cq7o_R2nU-Z9q1Dt8w3s^RL9N$IOuFC& zEzL{^DeQ`UR;f+pL#9I(;_c3L0~9#>8}Nk}NEq}-P;&sBB5~v+5I@KZ2`x-m{5M!u zavLp~KA7_Qw*k4E!}T8@%xpUu^M@`cfeBPFE@;8BtLLsL2xdb|&C^GscpRmt zCe_68xRlfldVwcg$vfs4%D9Pm{ijLO#awwaA7`%4xyCutqUCoW5>P+m`n`n%5w`(G zi!&j2dF!QM1G;JZB~hWbp}_$zTHd2J0J?G$Db~q_%-h7i;3Td>BwW{$u^nw!O@esE zV9l8%iRc0k5P?Ithdz$SK-c}bY#QTo2oOdXRE1)vrJJsDYe|(R8oG{g*iho})IkV~ zj^mfSOw<~FY?kcOxk}>{qCh=N_|XS$O)^E(JKlxDAU#1b+3>2y-*Km{fKnhFlg0eI3!>Zbv+rhX(rcEW z7G!3b;yRC&|9}IJ{+CO+d1!P-1oNU%Wsz+E_amV--hIouF)qTvY7hY2=&>MRojBi5 z(gf^@zHe`o~Z89om&0L;r+v6-&IuB=!p+>@#8o6T^!O}Q*j4MoM+*!ME@ z1BwQ)g0lIkwflCH3HOLrn?fyt9MXTSz-kW7`%OE|1? z$csx_aBZm2N6K$G$lnuA%gV~Xp?(|qx{#p{<<~!GJ~XpXy2G=?oKB<@g%u1zsmkI&08Ti-$NKhx=FYt=q;wJG`Eo?+h)bJxo6=+(wTZz7{@e1a9*eb zDkY3bw`8oFMmElIomRg^(LhCn=T);#TpQab)X(<33q%@+G5Y@e9#Ur2sx@bXRQCA+lU+IKzM zb@oosQ`bv48+P_?@FwLeSSot<4((gn8wUREpnn%d^d(2y&sa~TXMz6{0y@or;ahyE z?(m`FjrbO^{0k$8xKWvvj;a8bv$uNy$vbp7z(iBgk+36D_UV_pQ;K16!9!Bix+PSG zRS6&Lx_*Q;!47-{I`=^R3Y}!u^CXR5c%wV_q-oXk60pFo}?0%Ts zw-__+A+f8$1rh#~Tv5ewO&CY3lwXAVeas^pa8>+o4+Rcka7O@VOP18j@<3k+H0<`O zMEL{12U7@9c{z!#yS=?R?apB+hb>f@SIBt%&7zvKFKvWbiZSN81p2)~=ohnkPPp3h zeDU7A01cghP|}8sCkp7(TyhT^y6=MOw(8Y&(W$reO*eKAn=>Q2qibp<#ytwToQ6Dd zVT44%Kai_z$cR@EZOmW5dSWFm%xd##iSpy}fa<+Y(XLu9&MA1M{yDG+4*{z~HN`NsZmG%JfZ{?W7EBZq^YqFGU!3d(-;nGgD3JsuOT{$DO_-qkZ#ThP`DFynX?hB_6dOS&2 zMOCNzZ!~8s3!pBbBdv1;ZycJ9!Ct_dlF#{HK>XF|PIy!*qO?O|@p|Sk+!t%)6oJ(B zW-e`1L*+xg?vdjN-W-YVs77b|+hwZxQPd)Mh13@K5bAcr$ljVU%z4dXD~p5OP7+vY zpuu;fIJd;6ha&D}5vQ$Jxi%ZY#N>2~?3Z9r=Q5nccDM zp30=@@q;ZYt;(dd@{Bn@W%9yNl^ZtX6OCvUW{gXP>Kn4Iyp~QXm6Z$)Tz|c^Tk}$_ znsKu*gsd_86Se+k1M7%Cka74&c0Zs-3xG;|pfL$TE;hNqe8NThY|Uk=lnebu6Q5YF zaYksKHdErLL2gPHj-(fr<`vVAw<}_Zgq_tQk-1#h0*kysp(InPfvohlz&2qZPH@hE z=-4_`0uqlwVZX4X+mwXw!ZXB^j9#<10QpRXId$inf&FtYo+-&loef)Kizla8&zvK) zufpVtdSIIS%iyagB<3J4u((m^REndN#53MyMZw9E(mN}_qHtISsy+i&7qvA>xjyG# zN3HGCsxQKo{_u^)PKiEvZ(ZO~9dBfS9)5O~O?H`b0~O}Q;n5rzGbB5_vxIQ^Z;M54 zi3EW|RlH%OvPeZLMW{PnGzs#yKX^XO?uakh{Xks;y|Ssj~uB@|j4(>>g_PUk>SG1-c%Cjt*9+4f6B5 z@{O$;l!NN~4vG82Ad~mXMZSsIMmDUKU;@Ubf^iH^fj0URj!xP82jQqgA}x}!T*|7y zm$}4&ppAR5HdM{FC^+{yQ0wLUkJpdL%(D>d;p_f%(#v#LJuO&ClW(z~ZOE2!3j1$> zU6!>-x$eS0k*WqV(;u#9fPC5NiK|=sE&K6A;U4Ph)LFfs+QhgK_{Ao;Q5Tohzaz5> zziYASqAgfh+-oX}q$o|R6-FyyHsMoOgJ~#Wlu>!wIL9s>;Z;rXV8oQrNa>=t>)2-T zTARWD)U36%R!HpJLCdd*=P+RSi`~ydk-Q#rVF({!Y{>W0(df#delV^}NSylJK?mVL zFLDsULW+L$EKVCFMInT6nffk9XnkD%>~sYQj$;6b?UwVKg)t*IvnIs+qw=#tXL-o;uCWg~@XjPY^tIQu9+xX34Z5mXNbrn0!B*U|#S^hRWvGOG z@^BN8%1>LuD za&@+Os|FAj$Deodeh$P8XD1*&jKC#~=uxLE4I#B4AFcu45Iffp9}Is4!+SwbyzzYd zgtntjyrr9|#x-G{eXs}Sy#APgUXwK7wa^XMghY2oci2;7dup+PNLE_OiPrE3&UrFNOc!}Kqsw~QPIZB zA4{?~-=q_{ewynC`C>EvzW`W_7J;V8Eo$h0o7_^#?&0*X&L6HLxkN4{DBnS5ZX3q&g9Z? zj)rB5Y$t727e|R7MN|V9>PaoC`I_77FL9f~4CttV*hQ+_TzgK0`TAei;CN7efohe4 zjecM>mqM!{l&5mc4y^bl<}_#t34=~`iqG%iVWSAVOHLK$uzC2Osq1cbMfeMBB;_3r zxH)R;%MYSeonU!Ut;AteYl@h#tG%*MbC}#HZ@&ojw0DEfh~Pke3ay9>!T*{Dq3F94 z>TStt{JxlIq|~%-n#diS35s=O^XE87Zfa6^Y*EkxwiY81vqJ`uNB>F6g{?v_87G0@ zk6iHa!Hgu(CgV`aSq0hfCU7|g;gQrm84`s}pmf6PKiE2%H7%0ITC7nX|#v(yk%TOkdu;aiW%*X=K7N|AP6+`KmR#)7_L^dAQ%* zOH3|zZVq0wz@;7+v~JSyg=WQSy#vzQfFSWlKZ>CKXc6eFC5htgaP{@W@V5)_?P*Bs z-D*yP`_sVMT~T3^hO*3(DY{*M%9AkY?g;L3D&z4~r?bQ}<=r74Mu%Uv%ST{Kt=hHgrmBdQu{7Y(BZTcNrmhG$Wf1cOCJ+6hIt z7oIE52$HKUdHMek_Ks1abxXG3N!zw<+qP}ncAm6t+jizj+qP}n=jE;Y`t_^ouCM;= zv46){J9f-i6MfVv+xa9PrZ5P~lp71ee?`+;YY%?y_@8u-8MvZ)7Q#bL z^AY#&wiVpUgSF?wqvDss1CZ%!umadN3SD_EVdASowDfo={O$}UU8^?Mq+J{pqW0BIMhnu(E6)dE8nM;fUr|2zZD!y7D!tVbppF+96KU;4S8aClE#p# zOd%^RK5vTv8pn{qcs(1e$B@96M*mGK2{Y$$zBOYUR#CV7Wy6GWlKjbc#4EDm>N@m+ zhgr}Y4bYvgA@rke=!-(bJwDJPo+eM*O3`5me00b&v~_%Us>z-U&(nMlwNWYjj^rHF zpwG8sslmq97;EGqINc+-%Ly*X4g0?c6bxdgrC4wmx3MmdC#`%BO>BhHM#KEG{L zRG$~Dlv)JLTnuY}bK|}8pf4$nH6B>aGV80MN2md`R2%44 zPx^$NH5FyW&imMCz|GHMwSnWAT|cJ0F4o!J`Y@NX!sA(0_w>iLq(bm%YEAW=JGB~k zXCs4DO542tdBz(=$=(JgET;T zxjNxcPj5roD|QOvgV@>~pP+TTs$zn<66P#B>1JJQ=cZ6hQgmMF7XbyCj1zj(GlpFBk4UP^r)sW0R)?B6tc zp!7I?i;e?Y^DzXAzD+N`!A9Tj$-z=!9tDcpCo?0iJ14%9nkPvn+8F-vY4w80dviS2 zF5;)J;|nD;Bk*-PF}o`2U*zgKk+*MPoc`#%;*P6z_nVXIshX9#e-cZMQ#ac)x((i| zWp~6Gk^NfX8q?Z4F41Cn*rGI?Hz#3)pBDT)&!pr{lt@&f5R)x@bL7k>Hj~fJl89~y zQyn+7Of)$hXocFb)sRKt7`c1pP^QaBwn&R5zc5{FI3q?+wCk%pJ1>Li&%S`a){Zo* zFoj4JCAhT%>UGgonQ3v04H^8VE>2n%!eV;SpPFyOu9 zG^mbgNL35!9%+5kq7sik>9JX;LVUY!kkU%w>H3{mOis;$?M~yJ5Aq+q(kaH5g}`R;!O?m3+e5YXATZ1 z(-p|Wxh;Am)nE{UtpnUX=tUaJvyK&OCg0lMbxQ%s(M+1_X15vCm-=I)?3?fprq0%| z$qC|Zt?Ooss;FRzwRTe6E8*pEMB->e%uE{;L! zNj!&s|KWEsN+_B>6M_1jrV z_x17f2JHRS0e}rMi!e*#HPqQ5>N^{$kZ_8o4bFZQ+Z=wRNcJ9|G?|X5VKDHJ?vJ{* z(Tb9i(g>3RpX=D9ZNI%h#AV3JJcA*myyO-5?OvX4o~yl-S(FC8Yf{Pr#*-uOQ7y6**!oB;7nv0A5XV(e?dx{3(=bNM2$M^CdS8 z*~GEb9)6pE=-fR!Wle5qLkqe2HT6D|cCV_M=kJ>Q$>kyB?~jR0RR*;h!0EqWW9|;4 zKXP%M%i7gFfP4Aj1O=P5;BxSc+4S$i2bF}26aSdpz5k=p9nF7VczHW(3nP#JTK;M^ z3oWb_6kjliX!KYaLLk-{qyy@hNyD{4S48_Q!zd_-NT5O17%j6nP;{axX;V?q*0cR( znZ_oGj*^cAT4#w3Vwkw$=q(nD1)n#tFNCWFIF}tSk|6kg{vYwB*G!kwv{#DPH3yU3 z*GV(gFU>nQ7%+Q@A+Z8?X(15a3Ije|wY#7Y@SLjseF_x31^HwxZ|$K4%*V}r43rtm zvS}LL{QX2s!}g(4WpB+PGi7hpAty@S(tO<1g4fQp9{doxh&?I6y;PQ;h)$KeX7X;_ zp$7$TA!~0X=$-jnn@RAk9fW0XHS+JA*}E^wPJcXbDL?Wuyzo5{6uR(iHRj8qDtar~ zq0R_3l~3WmkZ^o^F0#qPqBDxsl?(TSa3|UI^rj!h!TWDB5}*;OHraJaU2*5c_8Dl> zEM?sy9f3(Eys-qQ*8nS2e@!(2Ol?x3BAFHpX^w4U0FxO?@-L~^@H&DscVB@Yi|e~- z5z{>}(?#aX7~}cJFP4uvw<6^b@pz#W8<0>G>*$vprfDpQ35my5TUK;P?uF5&8{T~U z&9fqDkfp8^n`g7~bu3oVh0X9MP6;BP{#)w$X}b_bSw(?tX4CT;W5Oe2M6qmRR-<(Q z6iVYYQao9+d5E1fS!kE6^9aaA zcN&IHa)0PBjw{rh5*ROTg(`;wd3|EC4`{UzInxg-N?NoX9#gFZ_22FAq98O>S<8|N zY9r*iPlxF=>jD%LxT&!)ds84F(Iy3*{!YYJ#Y!b^)FV>$=D5iS8=td|+9-S~4C57f z{8Vk!?lgXPj;=)u(@E)yv+#O|kJkFdk=OPg*9*`tqVtfp-LzDJmT&tVsC8~BeY73R zh@JB&MFCnhGvkR(p8`w=z^2!4`)18i9DNi2wUJ)JS(9fu^7DBSBQki2l z3fPxYba#0K)y2Sc)$ElJ;?gJQQ=x*JROA;laxs8l>s{25tt zc$|Gua!l-Xp0e9DGbrB@hEogE(-~a%_sUhGjBe@V5jjt9uby9vsDgV5&< z?T23t)EX(8U-s$+C-hLX zIYs-pk8vEv>1WinXI4oU(f4S<99DFi|_3350$q_tDt>6-QD|Waz~=qSgn^2 zq4o&7uc_)fctQBl0iVOcv>j64Gk$Tm!~ zo*=Be66U{|+FS3z6noPZMWCxB@sqb1(PWevo>WK|{0%3AY|*R5xFd0>t2`iYmxFzV zc5_&Bsi;)y1G-!IyF)4(dlOyzk*&K)!^(eoXtoGI&K@S|n^&)KD^)M}h{@52Fq-b7 zIZb_=#d7bq3qB&t?*VJ@?Qe#8l27gL z$Tnr*^?+@gGe9%-uHB%rvP1-W*fvAPhuYk!r%5o~3b}igim>E?+G3 zN)}VWzE-@C{8#MNufq_m{jIxC0b4O>TScMeMTPlMM0aF5UjA}9Ki>YbB|m+~(+ERTr-&x~Zjn>dDd^)@?GcfyR@fU{d=7tgy4v0@kfteBznG zU>##lo7k>+B(K!Ka$Az`g@N~FcEXi7T@Y>|0RkiaOS;A9v)2!88%9N4<+hFO#vyHv zorLi|on!QYCRsKZ+C=*}MfjV;Mf;R2nZU~s*^s;n@_ zL6dkP?OEj(Oqr!S0LGc_J7Cg%Pc?{|Uo=BE)rb;Z8wBd)RU3h(99lU^{*P3CCrTdU zBmoH8UM~$$bGUqTvAhx$KTm%gL?!pDN11I0&Ab$mvdqFW2XnF^4`n^3qc#XN3_z?z zyfW$uMZWxnGXP7Lm=DI3Os5A;aT%H#f0zHup~8-o_wRRejYS?41w1XL^N;ZY((wY` zX3Fyq63bxs*0I7I6UfN-)?kOOJI3c2=KHK?7M4ce=IOl}MU)vylxU9lfC!qmMzkb( zRf6(JWmLj1g77!tm>*I;eDK1NihrE*3~PvMEdfyOR-0PtJKL$7_^2*Ubma-H|0$B=KTdZ4)!qL88mWa% zY(4(}su(9AHAoL1ykl)t+1ybHHgjG52P|@bN<>|i8wHM%$6d;5wu<35Gu3M&Hw5m# ztS#5dBftsMdM7j4^tK7?Zs=-%>X=N}FB&if>?6oMry6P`m=sGHkk)P`a+2-_5S@>|iia}!?zRmX{l@whWl5{Ev&W|awV-) z=sDbrJ0?d!uF6xqtz`4J&T)vkNwSZk`hiSp{kMRr)V~VJs751o^{>$(tT z;03F|EwOKb$R&Xe?KDrNk>W|W4t*I#aHqJgh{rg1Zx&3-VzPt^Eu~@+ndnx(y`&W#kf7kg{e|0~OaiE|KnXHjJ%X-s4(rr>H#V zQ4KxasHM=8juN&+4|FT(%36$Eju_<3aXf#5!Ap-+vVn)OojrguFB1KM#hiCO#>5;@ z)Nk74?l8OGxMmTA6q5?XGKEADVr4RDJ%K1}-30f+q6pfBe+f;1K<3dTdZIlrO+YQF zXQ>0W5f#ojj4)P0C%^Pr@O3{UMo-{V^XT=X4E6~~V^FF<)3DStK^_bNNdupLIU%)% zq%k(nNu+)KO2h#lrf;oBm>h8c%S;lOv1i@go9wM#^FQ(fYy`MPa%^Lp7*iq5+VtTD zm%S#yo!Y-}52zhEG~K0=3*NJ9f;UF}`yaSl(B7xW?MFp|{f}zge`pf_?^*tlH~j!{ zkN+)YR14QbKEdz}(aCbbQNY)|%Mf1#K@E>!_)UxgLCOq;UK2DZ8fv008j^l>Sw+=# z^C#M7y{Wv5ZezHG*ao0DqbQX1Z0oW6JMR1P&YKAe`m$zL@9pb#`sJ(p#b^7(=VU|e z+vknaALvyK`A>Z0KK%4}S{PxFHn1K17uL{pX2EJOTjZJ6@@}>JhGi$tO;`cwP1L@Q zd+V&19Pmx_t`Fljo(PE}BQJa(7}0B-{Cl1Jdsq}%;c8TtJTKWnp@KKG+}Nu-aBkS{ z8F|Y=;(ngon7in3=}`2Ei8pD)%)S#NFWmtYf;U3|-Po%mupYv`Uh*9a1{&e3C-P1& zo5(|zIc-E@56QvCKJ@cW_8dY4htjVIbutqCAUrHb6P$Nr{}OsRFM@|G|$6; zQHD90CUKPt}vM)qK88Ycz{`axkmZ0E~Gj|Mb(u{^Pzfa%5%WJ!r>p{n5dh0Z$#F2_g0jw zk6uW5J&d{~C@h;$(Iz(QHOWy^=EZfoTjU}WO~Ch11e*I`6Cc6 zp!FDD!*dBWY`J!8-5N`Eyt#%FEcN0BUsjsE7JtXotxTC1*YoQ#9&F;V8h`0fi*t%8 zYZ=lf>5?M&+Bxc#+bk$Z7G#Fz0nS7+k=)}VXE%YIr{Bqawcya*a92NhF$qWl{x{Jm zisi(+ASlMU>@s~kZEAhLaO3MN%JIY+LpZ1%s~h+R$~$($D)b>2 zAWiKh`b;J%Uja{;FfKEP0Pt012O`VQa8MPrPFEc_<^16I?n8J-*K>9|c zk_<|s)7h#U{|QjLMOb+2pO4+0o(5dMqezoUARj;#cWO>*Y{&t7)__`3f z+1&$zAHN9FkQ6pMYqqLWVn!@qA(F%mu?qU%2i3+bp?Wh~vc5G;VaCZD5z9j!@E)982DjHn4 z>Xp$25v(a&+ko7?p5My4ih6RIj14L*m7ytb&6VLQu!O|C(m)uckt*0z3(XWQ)J8MO zpwK%E=#|_lGddB5^fa%zvADUqI5WSvxaL?(F~7P>wzv8%r_1gWi%bU*vlfFlWvKT) zl8V?z*H1G9u1Elm=naGug;GYRNd29)?yCdJOS*&yPEEWp|`m{b~ZV2aBy z=u|{bfM@ic){%?|_!+;@hbB(Sl{BX0AyidpZeDrD+PLNw*<^ZrU)RFS1ewF9kV(N+ z+D4%&Y3)>XDth(n`9W>hHmt`nDI5)scymO9$V;MXSw_e+CXlf+TzP7w=x%S`=i1lT%)l=|%&~sz%PrA$0xq&{vI#>gYF2;BE159F!uds+03tr=y`vmw8RYMP| zdg(;;$mG7y?K9Re&+>(5wq6MsBBd3|SWq>AZ@&bSC@M)1=%G?=` z&K%R(!M$mhLu>U{^vfzr+#p-shB-EP&?^p%XCha*)+o5whO%owVO?jcL3Jvgbk@~X zT6gCOf4l4Yd)-+uf8u2xg4Sh&4|R5jf5A2sQt;i7c@1hm8eZ$?vY~aQ@r^+vIn8~j z?}Rs7;E>(^9%%1VqcZeWq}YBt%OAw<3d7{=ZG8#tfF;u zaooEW{$f#{EbyrF#iT)lPeB!L8wp%D%`{Eu#?6H2W5v`9q<)!(@5L6#xb-(DOs;?k zl7LK6XaGEr76@lN;wHG_Se<6-;8`30wB7E*DvRIy{9)}Jx67C~o7))+nVT3{{Xfs{xq{gy7SK zC5Rq_XJjWdpaiEQ1ze3%3p!ka7aWZsAloYovfzsWk$B61p8_U0XhWBMbx@ov{dCvq z$3m0^nn&)y~I3^#;VNE(z(q^H6^Ax^VW0_`%PrkHbpL8JRPTQ99{53-LoP{dmM4?85 z#8wn8`nVtjBbzf}>PhUug{lHeReAX1m4Da-VFHC=@HRgv)>wNeEh;wn5D8&9WCWh} z;FltFI9Ziyh>e`{88i-+$|K_4mntEtQNamU*vuRwT1qp}14r>GvlVwsrK^7bxpD@_^DZiw%=deZdQ@xmB=%})_(}Rj_q1jomvL%b{x*^%R zx^;Uh5*0E3TMLqIOm3@Uh%Luu+zkpYDI5)XV4O)&w9}?E1%U4&k-GO|pq0n*Q1#p%ZI zE@HL#gHw}}0o7(xOn&Mxd--2~IDq+2lpcs>G*^~ASA&Kg2)F?>^VppLw_{T89U(_J z7q0!^ydwXRxFFbKxqk)xNjl%PNUpLh~n(rl}*40)pr-{v%uG-vlU9T=WxLhlo6FW;du9-w{oQ zCziVUa5L?s^uu=8*pFdAIbKds>D4zE4lp#s%VB}21mD>fr&=et#wDUd%c>(ww+R*e z?H8&780!uLwGE)vYSt?2S|A#AwMtSrgUuYczhM8`-w?)Q3b6lV9>qcY(>{^)e{9V% zf+hyG0!BtAPEP-+H&?4exoeqV`2HoHl9*p`HNI%M#MB?4wV|+zGk0-@VQxpD8wC#3ABo_zU`%P`ep zYvJLQbDH*h`@Zqpxq1FuD%W#2YV_;4@(ds=6bIDyVGj_GS0!qrz7gGRSC(&jh!!Xp zwl@?9!1ek*Uj>v8sh81PRn#?d_awpr@S4>=wv&%;z{|T$ZCfvH#0T^mP9M_s)jk*w z?)6qA{zLH>Ew}kD0p2@MS}*{Hw>l`8$sEzpY9t+&JF|a#!##rs-}L~}z3+TzDYQ3< zKP5DHTkZII?VG(1Lr9$*r{2pRR>6gZz{c$rf#jMo4t?w z*WYk_Ny&Wodmebc)Kj^m2c@9Cr2Bkqw@^Sm%Jyu1s( zL(~aVY?Q%Oesq6m!d9FKJS|y~l zV`V6MCdEecGcc$m*>-?sW>`zr6x8Jc_X%&C;9U8In4zZTGdIza3L(WlfC6 zgok_W#EB>~P*7E{nbJ6%Rlho=KoVTFuI?=IlrCk~noy=%YKr|2I<}ig&{3vq(RaE> zu%XrmAg=ay2`C{1hhDY%k zhW2rU5wYuM%2xR)&7fH`%x_o3u}@Z&#_8 zO@?1>TT|;U*h<|d+enWzxaLdar#Il}akeX_iDxPijXB@o4LM<*puty`3AOGmpX$;2ktaoSMOv7pslwG^(gh5%(>ZRrnrf#{8i z4qGfrx-~%>26G(zDU54sT&TzbtX*KdkR)P?^bN7C<@RB(Ok)$~^|UDo*iqbf+uh;YAsJyOql zfxRGw)+{rVj#Et2K$eW4Z|{=KS2kUSJG{*T`Y!)soGTMgo9SGB$URUBn&`dhRZuR3 zY1=4~tGZ+eD@ucOM6E8%eU`aaJzOmZm`eZfzY+HoMlx+hsqyBe5Pro=7`F5bQ7hq9 z4A@fi>P9%E+r3o4ODWv$CoW^oZ30ZTlLEZbtC{S*AK{AQCgiQ<+!dqBx(a9U`{tBF zZ_-C<07@uS3(6!Fi^?XJ0p+sz?kIyaq`V=S(ku!xhE16jS-uL1OUNlZ;3rGUAS)&a zys{>2MJ00<8B5!B4nYNG2=H1EgU$_U)t5vgn z&+55Er}W@CNx)Pfa1#o@P&6P0iGR0K6(z`?H#JV|Yg(9&nTm>L^3D*V93;gLY#o0t z&KZ(%HtJ|n(Ls{bM`h{DIC3;|J(g_-yZb(hQ)oJrQC3itU|Nhzb`@nuu$RQXZw?t* z4jCvUjVH5Lv#?`R!gk><#TvQP_m3`5_e*RVW1qNRO?Xwin@ZEr%qmLKPm zTK97-5@A$O=t|2>D#w?(1>uOzOmn>7p0ou$hxKVu##Ft9RUG3u;$?Nvrr6tp81G@r z6SYQ$5dC?c;{OokZ^SU6)?{ece>Z$v%+*!^H!C6zv*@Uj#v)R`Zhm*Mr#!rd;Rc2L zn%y)h-WY-nFRSiC5Z@?oLrH$b>uN;qxHRAI!6m!Dc;WWn>8Is5bg5M7`I6`Upf&zW z$WP-B1}gSL&g4hofn2e4o89VONBXe_Q{`Dct$9lFGQIBSP&vwZa}i0-FAzX(mp_5= z0NYb(!)YXf>t79>AJu(Th3owbA0<9Y6$k`w{ZzIEmQw|ddZALS($1nJ8aySAVj?rn z%a3f^nLMMJblaXZnqokkQW&C*Y5;`S>&oA%dZ4J857gL{6}j&3LC)z99|5gxx{Cw4U5={3kM zltzveB5jS8KB|?MWCu@Dk3R_$yk;!skuyZNsyBRpL@W*+#m>s_@&VO z=NM+JlDrIK=MuatzfzOtR$%9@S2(-{5fa3Xgr7)UeUZm1hj0U>Ri(p3Gjc)j@-i8x zki6?MZt$CC(&J@X>_JcWp@3W-<7XSWv7TVNMm}7kTFFYbHoUcA4%B#4b8Y{|ajlVU zpfZ(BQM2G{D(9Thl{UzcuBO7Ya2LZ2`LnEcT{(@hSAOo8YXssqs;3|PhmfFWrCw0H z!Bg|&ykOV4J~V7fz6>e|uuq=P)OH}8UL%M_Yxoo4=o%C<=sIMXW&6`TxP)$ zi7>w)j_nYyckIvHm!DGy3wAeM`_S z)sAD#lx`~x${HhE-I=%#eAa!?&eR=>m3`68s8~ZXy9qCQqew&ppB*tCFjw#w%Ch58th(eg-MCOC~uhqiD~-=DqU%Rt&W5I(#mY_2N6o%=Ya-c z1FT5PZ;HSsr9`W@Hb9@;eHr;!O%QxSbg?5Sr79TlFo(Ab~WrJTH^FNuhzh4n*@ME~YTD-r^7n-+3aAcsDX@seZWTrWY ze6TeN#niPZ&n_@*b>7|}(rQ0(ry72n^!#oP`sUCwz^Yi=Ej>lDhnU#q_)_nLIimjR zE7?u(WqvU_V@39OuKPr@cg%W)cUU0i#-9d+`7Oqr3vN=vByP9ZH-+=yjhUt$!-aJV zG2L-boz>pGd1lhj13l0?#qvRM@Oqhul;PgAo$#;*=o6c7MU*V3ufdmcGbac*Rk=j7 zD387Ljs43_cB#6E=H{xCcT}O=-G@DO1>*0&@5Y>MRCpGle*IFx_$S=(Kd*HD12_De zCi!n8z<*znRjb-4A*mtzveH>2sv>|W14n4u;PX>jTEWO8)GGp!tIsy6q#DCOO0T9gP)|Mg>cXaOBcQDw!pG>Bxl;~ShbP48!!;JBuSRH%Lorkcp$(uNQ%^Av2VbkWu#9P^ z%%^BC+EzH=P-EL~%*c#`&sl0LIX}jh>F0mjAh2sk)l-mRsjN0H!OGQDpP#=@>L?%) zZSyECEKgThad`~Rs#F=wRkrESrfpq})u8g*l%KNpPT`oOPK;=hal_eKYB`BkZ#gcj zv4u#05$Y)aLxlJ_m%{<^n}Mnj!n~tg=13Kl`6Qx4f3|_kqFBX9*2TG=79HriU>bcS zAtf=IP9vnbs?tGB%cQ2sio;=p@$u2q`@X6qBbD1{lF{x=qd%f7eX`iQoWxn|f)S+` z^D03=&`igVHDc~WnTYIEb{S50?(kjecTr!?bf9^I86{`OL{2R=tAkyotCk1K%2l-_ z?l<06Qk~JV%ECleRDX?KZm{N5+RTVZ5=qw5W_1Etp$XF7RrZ|iLpBvV*}2=F^HmU= zdMQD*ud;rIo%GBZhQEGIhC4J{lhPHop7AN4{&q4Cvq~jz6pd79w)hxS+@y`F(-KxE zE_2r{6@kq7f)ru-a)M3}&mb-?@v|t{{d*N?*mxjfcL@Qw1fIe424i_|tk@uxyVC;L zsqsqoU`CMFhS39Rs;D3r`%_-%iS}j6`49uM4HXRM#!dliubP^TLzhykS{lQR99yI2 zut0KYZpuP4&VMdtS_5A0e#7HYzJlXHIp&hTBInlQLh_=mcK4O z%Q1k6lguVz9Yd=e)8-WtZWkXRyjMUN+(U61!p+t%Obn9iqg(Gt2jr|?3A$%0_v9Pl!5wiCd<{D*?`!v66xBl;F`y%hVL5%gkWr(wVoZZ&CfpdL zH|UMmEXrNwwpTiAyUIKm+dX#sI2uaZW~6IBws$U^?pEC zJ?>{B2p#xJ-4Y%M)#3#}iCOs+iaDee6S@TV&Wb~VMfRvhx&(^WR}uxN&H=ZrEltSa z(MmZZSi#?ZVp9GyymNoa*n4A13ohgA;jWZ9N&2rc&dIvbt_fEC{)YN}$6ccl9GhKp zaykU^bc_M$;SV|^Xp)hg0vdqF`G~~%;4+T|mh}EbBV;7y{3b>WcLo`b{0sQ6l}`Ku z6xF|0I#kgA)S4Op$CZw(iL;xXqt$;}=On9IIU%W_`?9u9nP}n5ezs zSXiKko;@CBy>#9<{is_~d3v_mJz;t!vtSGn5`2pUS0ii)tVf^#xFc{FT|xJR6vbVG z;rneFF5~OfhI#og1C%`#!WQw7A0q^iLeB7=FX0FStJER7iY_c|!}PyxrT2pbwsXwwf(60i{#Y z7yHkm0&>vDUM^I{&&T8tZW$RF8zq_{>Z!rs)L$~}sCy7;g2PWS<>t9;sHE8_@2`a5Igq~fomk!E0%YPVcB6h=XfX&)G0E{N+5*yh23OaE!Jc` z6`Tc!fR>!s6X;#|jfGp6#*=laBZx}W=#%dff-+9qqOZ4kbsBM`{TfrK#HMjj7&QO# zZMQxv7FfEjeH}xBMO;FXP61BP?YBswPfhRyS$5)86Fp0z4ghOxe_Q9z z0@d>(jp{8-w@FCq%3XuH;Mc%mQqU0`3NQo{W%0Jp{+zYh*k)mKAV@W0dI!dq?aWz! zUE8&|w8WLSGUdzU0fDU1#nVLBXuI#D6C@a?* zZ8dB2sFNvA9*bn$L&cOJX+F$By46I5sv;kK85(n!#ahwyx(cIZh5sf?gqkQV=X9fU zC8@KA4QG~m+bu)4jO=twRHrZX;?*^*%Zb(reer?heYCI#^%Ms6HQ-0%8J zElmP3%2s*}rUxL|AFVJ$E$-t`pP(-m+MU+bZ>c6warY=Hw3K^3P6Hk>W$F_r;on@S zRlL+EZGds#$0ywUXSwwgap(Ot2yHs26?nhJ`YnJB=VxwpqrL!lVkY7^+*%h?SZDUM zeXhViX_-9N+YUN$q22{oj zlq07o5JMPT&=)YjQsHA>Lm7O~nPd$dF3A=*g`c{(7QrP3`2x~ut@&apv^~XAg?P_C zw+@7CW4P$%Y1sC$Ukp)4Ogp+!Rm}UOxg*=nhq$ZA1g^~WS1gA`r&$StVJ`=qyyLA! zadq4wAf88US=({FLr?C2657Vq=3vghWh43OfMSt+*eo_jz^0MBdB>W}3C}5C%UOb! z)P*uK9T4RlSA;5&+#%%#CT6{3MXx(Vz|9w+*&CZXNtiN9xrKPpZlEkduJ6ZfF{&At z$IO9jh2pREyQ7}8C0py$8aLFb3cKD>1%Hx|=w{-Cq^bGpV<6{k`!Cw%S5*9} zhq{K94$65#oqeLsObS;Fk`%Iz3N{uIf_C^XNG4<4#SZ52gNVZDFT24Dxy1^uy%{p8 z_BfFd?!#Unk2%0kZoXL#4dkcW=%PeSNc2MeMO)?%ZTT$6ba5J_r+BM`_}m<$_;ct4 z6XE*5*e4a}afkvjZP?=V(p9xE>Qx>Sb)y;FlMptgb3yDL2*9rSODcpTjuWyr)bR_Q z_GsF~=N47(7gY8`8JzCmq(3_@%5a81p=43QFW$=lDZ{DAr@7^Mr)QAQXo0BRT>UNf zK-6wWW7BYSPd`IMSS4ZQXE_88hb^ZiP1Xk{5qq@0f&TT+A_mryQ~sgZ1^z&a|2{c} z>3{rZ{U0{zf4U!5mQg|yfcFt{Z6pY)73UWwAU_9fpazYS#18{kQ8i%qSNGLs&19e@ zUUOL^-{iPO>vX)E1d%N7|MRym@Na*EWRn>HNPud5MS6}e(^tvIlX1_b-#SoSzcjiG zy0w2yKD{kLu|7LAM4%xi#9m8)Gq_uj8(WZu@ zD#?WQ0@*_ldI{T8M&`uk6n#^!v6fQ|y4bWBOG{nc7@}TceM7$vo!Hn(6ysf4h1{d< z>LQe@1{zj6TBFpkmJl6AasjVgXR@Ja683&2EE|t5yvTBvzCLQS7<5D8Lv#2tBhw<+ zf}c8VmIDGrc5S!kkWR>S#uk`LrSh$dMb-|KtR$hkKZPRA*sRMXI9p}SQMF8M#^xRMpZ;0TBF(H+_jI*RcVIXM0g|By z6*}D}kl82;&@1hmfczupY~bu`EFqzIJTGP&%l)e9=B#0HlkXDCq|-Ann2|jc%Z`$q zyN>ULvp6%n_@QY?og~jW@xPXLQ2r2K7PcgI3DiVXFE{=+ZyO33fxPY@Xy!54*!)Rty|0nAopjoSuz+Ho)6L>zb)+ zp?W*61UwtRv!IHK(~>qf232S<5*0VVc~QERSB2FhDf{(O$#*Yk1!rIb3!Z?jHoz0Z zS!bQ?foQ-t1P+;w2;WeO$*p!tk7^6xAhb)LekGuXgg8JOhIG3*q4yKM(LvA{4c78X zX*MP5r_PF0GTZJlo)Ly)!l58k+CIK!SmVd&E-HK?X%Dd|KGf=Bg?c{CoeJCIJwetm zEkEJh%LSoq>htj7OGP0nQQ!-VoX^S~=#wO%sD8lw>jRWJ#r4PkG4(J1865xn50LYJ z`~d&I_khF#j%NP`_1Q`?c0X}6KCYMS5Z7SE^7D$CdHja!9fBxm@QPtU$`nljq8yJc z4r*s5F*eqvvsip#K;pvU*slQCZ=DWDqv=qFoiY3}1^8`~Rc70nFWgo=A8*Gr{+X-f zy}ixc4Q)9=iiqP9bPqwk1@8{MR5cfTdmoTVJRq9VC?IH7zN-xz-4}R}rfx=i z>#?r~w6Xg^4w?427x1?A%cf$N$FiL=HUVd1lUIngqWjjV9yDHT zu)!+@rq40A!rp3q1M}PNUGQ65c?iHlm-CI}89_nT?YMOUA$E@n)2`9b^ zk#Ii&21*cGkdrhs2L?+f3WMeD7eTFY+`;|fU$d~@YV0G=fnHf2C?k6c$~?Q%1aNBR z&|N#mbuNy5p7N<1OMy1+UDmVWD~S}z7B8ZaBNY1W%HJCx#JkQvMp+{}f-!YI#cRCo zyOfZBeA%2|ed4K&Y+s|7kz&Fvsxn6j>)4QpNq zG)8E`y-SVpBf6}H}HyoGXzu_iVRn#6>8_{qO#e;zUlqzz-siJXGr{zv-|(i;{P9nF#nrVBxL9K zpKq*x*hJ3COBmnJo73s(iNIjsus;F~Xr%ro(0bB%M9|q&VgRy1Qtd}$M@|j{Ml*IN z(XeVs6uN57^Q|%(8r^*m8w&&H@%f`fxSAtP+MTDdRNkj@9Z8-2)){F)Vx(d!s=wba z+kd~mKln}(Z@%9M{4eY&gIv&|3qXV@T|?`^yarZ7xllGy1oJ!#CldGQnT?4t6!gho zizBKc=HPE+JUCGWfu5yk$=V$x?g^@X7Z>F1`)_VQMi5XBEArAvz z$Gi6=Y}S&rvqgQ__YjAoe2Pl)!1o8T6Bgqt-qr<(0b@qS*qCM=mc_5x9XA3Riu2Q) z#u%->74!xyrunw!kaL*Q#xq9BhVs+fm_BqUHNgB%(OAhwyR;#)!j}ABjJ;!!rO~z} zny$3XO53(=+qP}nwr$(CZQHKQ%IrM25$|>PJ+~uP#E$*{o3Ylw9OJ4?z}f0xlCLzK zHCq~JUTvbGF+9*ZeJG4MXU)P`;!tGgT#fVho}>n$kc~vTdtoaRkJZ}WKXx&s@kz<^ zj=&w(6W-Ty$Vb7IOr@ud;Y{1(rsb2VuKEOM`q z%(cPdQl?8(5~amcX~~T*nH<|yA#)8sEoG)AB#7b#9e~VM=3@Rg(_lIGY5Q3$0b?-c zqO(`G^H4ReHZi!$cbY5E)Kg+&{=@a{H#Im39vxOEwe2&{ab2nw;>J&>(g{fyjnh@) zllWe$*ib$4C5+AYn%JzrlldghqOSFCX^cr432~$((B%sF^4D&l}ud}_&S4^kR?oA`1^`yi+3b37H&|s zjChzbdpIz+2epfNj*1ogwru5lx0qk}#)@YMYM$fAlyiT4iBA28mUdkPKT+H{(7{i;+du#JXiSkj8Xq;zltoU&yr##{(_FTB z-VpMb?FAl@HOgO(P8vQMgpyOV{zU>E6qao?elnP^+diylu3yul?!089v%{_ZV~2pU zieUkG$R|EKUne5*iWQnwl+T)+EYLp|TNgt!9;88fmw%zQs9k1MbsxZqmiDAk*=rDG&Jw1G04kI8DdkGr~47hm$ zv#aIlSrN-|!DK(nqyy6)hVpr@Ga3sA_ss^W9Rmyt#OwTixktDg0#mdKe1PQ>3gZ5_ z`{s!)yt8=MB-DlS#&xEy>aS}j=8eD`*th2?CnNZ5qoKmh6BD~iUHSWrzmxW&@;A}k z&8rPG73_~A)8A13`+!ebD4YT%2qVW3Tx#ErtKyB9Z!nK_Ar1FQIAg(>Dh@HV{t#<2 zOsYWB1`RT)zAS3^+Cs@2Z#tehesVIbrSe`;ZdQ-nx`V*M7-O=4Li~s#fgz#Z=~|kSLl4B+8gtyDFn??Q*8?1vIhh(**&T)2BmCU zGr=KZ9>Cn`pE)g*^m;*l+HM3IIbE1D#)-G~lG?1G5iWO~pj}r1k}E@|@!|kW5EEER zHR8EVjs9k!L^TUC{!LqEKpz_yHY&2f0! z5uJ>NSd;DG>^beiL+CRTCWBwHUJG>?kBe>F%(@QdEfUO8(%?)&=rwr(Unr*g>T|+l z+RV2bTRlJl_bIV+aw1+Xc`2P7%&BlIOzsxdtbUwZ&uF{-$Hs6M?B(E!iOmb%&D zKHb{A&D!ODz0sBRdB^Evi-Pxvht(sAdQ5{cgvE$?hxZcuH6I8y;6NWmM-#r!FbXu9 z46p+m&qyg1i9a?LJQrL{S95?vPvv+d%;$fo9b*Z-wWGHBkTGpX)>*M7p8%s-OEOM3 z3_o>gELe|~G7`6So;{PH!rpG7GR@p=ti8fxW9Hn+=cZ_`ah!EP$= z^sA~4!IEz&QPCo1SG>If{n%)y#i>xrr}mB!8aImWG@7Y$ zHCRmwZ4V{eV8qo=6U5@Y!dhe8xv`=WYnIWNBBP^3ouJ+s(S-G@MFpBC9^7B_p{1aP zn&L8sWQIlO)Gf9p*FXtyln$AiY;x(h4Fvu~uB2t-EICfQ_J82>26Xhsx;0)vGZ{S%&2epI7d z;{HTpK zNz!#hAjM3GjV1FuKh$-k8GjI}(NO((d$uQ253Ng@z;NYeLQszBncRi*w8NB5%e@=t zEwE&5dphJrJ4~v%m##K!8$AIhjaY>Md2*Hri&0|n2*jM+wi!D(m`cz1{*`? zLQ$T+fm%rg@t>$1L67i*s2qy^YI~;GGN4Gj0iyxZLfmaWv$HI@KEARA_m6mFk`T0u zZlLm*qB_bOb%?J1Pe|-A(F-j7E2$C-=nfy(MqA zb`Z7j3)TvGVlDVxkTUY3cF>~;d1@H7`yc^LEn%w&q}3$(`e_GUL7q?$QFCYy=sd$@ z?!@_o#`cJICgNEH$%I3$83$ZX$)M|RiUbL4By2Nw6S%ScYe>)zQVW!xQHM;PLG``+ zocw_ia5nQ$e1W`= zX0w$`a?Em=hLbKIq?_G?AQAfJSwd~YW$n0wW!mW(o8nsaduZUW2unnqw*M|ei%KYxsg82$|xm92lY24o+b9h;8zl%`+{ z_z6vaCTgoAX(>tT>VA@<>VyT2=Sgb^=~gS3L6gE4wD)ujY6`}&K4?5UFr|?1KHI%O zj~f%w=pmN0?5$MBQ=U_H+Sjeo-fuU!K6bAe`*Jw(u0nnIRA#!a$@oS1VI`o&wgGyi zQBTZ+v}L-`S7vBE9c$jbF-xaAiqTMPC~VM>v{rML(FW*I$rw$>7VOD(bI8D;oI@Kd zsOxsAz$}7m^F@|!jF80h?&VQc41z})Wri!t^cF3PW!9oj0v4(S=;W-3I+b9{3h&=h zWDL+A{Vm0uw&5m<3ocf&iiW3Qn!c6tC^^ta(C>Z*i}leZ>b7bNWGShsDXc9Ip5S zX}1{>T?_IzDcthy?PQofSD#U+q3gzL z6xQLi!TJ!LCQiWD8Rar@=Q#q*g#pSg8aBc@%*xr&Uq}yC2K>Y+t&}N?OxGI)Pb}FL zF^H%bF*n0vqjWEqY<|Kxl4>UC+s8x9?bS-W2XAVl&PlGLv#pEc!1XaGTX|IHYQq^Z zvUN3wie4jj1);ys*rMbqqPuH>1Rr+Y_33mN>7jppcevV{Ac4*|7V<;Uf0i8R^E*DfiyJiu?GK*Kq7VB28-Kz>; zu)SOR)OS-fcLUfd| zNoae=;RfK>87ZJJaU<*h!RrGT-_2Ww7I*^GFgf51VsM4;k?w@wDWVtQ=$jRrXIoeq z;Kv5~Ocp5oD!QQU^Y91nCgH<>q!!pEbU>Sb9_I}E3xGS|J>)pA^n@@|RB+k878su2 zqvZ5!0~XP;{Okz!$&m9*b{N+uP$*_G>wtHgq|mS}KpiMscqey|r&-<(GZ((OwCO9j z$wwHq7eCZgt0{o6z116p-{3UiF)Qakh^dIm$JesF9{f95Q_>U!!B>#EbrOd6(o&GiK(MsC3 zNUHGMt9bV#Z-n*{{LD>I$aT_s7!q6(Q zimCnADmtk_8<;2KT|KWuo_y%ASh(9WHjT6sm(Ag_=)Zf0yGSi-RvBEhHof)I!L)lW z|5|OqI!{|@ei1;qvW#kolUpu{cHCr6|H?EW6_e_5YA)i92}6~%;zjZh73&!P4kPWv zS%0!!w;602)h~@)UKnj+-Ao^{=+Qh~Fo*C`pjvjB3N6vkl$iwY79zg1nYEnAOyP)L zzfVF_a)KPSPdsH5P_fo*k@6h2eBM~NU&UiKCM9Z6a>mVQX|CRcyBd{eN`yhuT#}>>n^@{tB&M~%? zl-)aHyVn){DdKC3u0X_=KdGkZU%?@^AV=4e{1X~7G|79h*Es?^I^7OJGs%3>|2^=B zxGSv-rE4lQGLcd7i@b3$ex{}G-4#@-4UCKZ#_)on+t%~&?`Gw9Z#0q@{0W~(*w4L2 zIQxw76;8-Dfj0_Y#SU@7_8N1@I5BJfHxRwIPr@Cppe~Z#`_DMd!Yo32YUB<6OTpb{ zUj$`j=f_J@!(_0jSkklU+?PQDnbWhwZ*lh+^V9f#_ZGdnC*iF9N|snqt$t%F1)Wi4 z7FdIV3c#$P^1WmAel#mJkjh0Xb^#)~z%$E|2ogJ$x_ze<1mPqwCTNS`u+(pngIK?6 z3u6j99jJ+-0Y83>ewJC7{&;+~k4J#E2bnuA_u#!;be#N|%8B6JcqI=s4L1ha(9#45 zwH;sohOM2G_FKq>2?$j#P+M z4ZQXAQSYfI`j01o#6ReX2XW)6{7c3EY-_%+i4oBJ8CSO-pz+_|&P4ysxT@$|IU5Vx zIQ>_Efw!XNKMPtHPg`hEDFOM10^l}i>bQhKk%gs+qJ01)-`awuwW&I%T_giW-Xf)# z;uFjc;O;~*W~W%H^Z62YJWr>%Uvt_SKTdCFcL7fBsiL7v6xt%p%}o;Me!@8<2CJSN zF;9wh=jzD*CNRMjsmmPbBgQ7UQO)hvd5=~kTlem}-E^+ff((`L?S`DP08PS7s8pMe zB78*v-4jB98%h3Ji8o%MYPIO8#$NO6kKm)QgSB3Oy#xwZ9(4{N1qyuMS(+A5|J|~G z-KbD<)b^5jqCfo7S}h^H{PIFJUO-o~sYm5@%LL*;JX@RbOK19HPmLtM?=e=o_@Nl< zZS=>$oGKW7{>Mc%R;4+Rg(r?St5nBy#5c&Sr;p#vzZK;zMw43-N`8SLI-<{RcIL4} zakJH%q^Py4q}R09;fS6=yPPqhz!0611B|}t5Uc@65DnQNn?`w*Vg)22cgebHoS3v) z_Lu`LudZ~V>as0X+`oSE*J!Do3kg?40QT&bLhaBy`VOe*;D@BzbI0`!l+>x`=>liP zk6<_Jj*xmBd%{Y)yVK@|#qNWNapx3f0J0iq?3HcH9su~o?uz30^hEy^noew&I8TFt zIF9_&dNKk*FuVm(u#2Lf#8TNZYEBwAfWy)esVU?@ln_F{rIIThG6o+xVU|?|eh6_A zYAxl_jz;^%ccfYBCg7h~k%vpt1O?gBzKSo(adfuIXmqH>fG3#w8O%ZWG}#Nk$t~Pv zWQ0UbS6BvWJ`R3NN@fH1$~ z0)iD5M5bjOA->8yB|1K4@Ph8PK1|dEt1YXtyp^3>R!z%F>+9*2mRzTjkd`SYj=yU@ z*Rp3)zJi>Fo2T2_0!aW3>==W1u2cqL9MEjHN4d3DWCmIx<6G|wA91Ef-7^EYo zlm@Mm19A|jnBN~X#m$5rSE=QoPO@XnzRmrXaaZBWeLQf#_v(*C8-66N@1i5W)q3jmjS&_d>N*8tZ+ut zhb-`rY9(Sia@x7&5*!Gf3AXmoYIPA`JJa3qUi1Tz4W*xWQ=ucPW<|kTneuUFlaO>D zL&wLV5YNBC^ zwn~DAaAxQJ6EfP2z&S1cfei6HNl(U)o6FheGHxh2kix+*Ur2JLwcf*^le#Buv7&{G z?75@}q>5&T>zk@q#};p$)IoGqSy*`W6Oi{6{Rci5pjh^n;wEW zGBsy?)39_;J4^Krm&R_2YC%}W00Q*(upkN!*(*#E684}W01&!CG6f416mP#k?9~ty zzX|+2E$&Ncr&>$ z^?u8oM^~yZ z%;(P>7XPwOofSQ(fTY{QRcbiR_d_#9-?;jcMpE>?NF!JUnfW^CLV&2}3>1b<5K?!*)dQ%0A4{f|bC@NKT3RI-=6ZSDit z8^ql0J1R&Bs!+^cQGU#woDw{FqJ2aS@;9Q-fP)=%GADBLdnL~aN!HSOg6IbR2}<(R zZ$D)L7$whzGW4#O-CF<4py^g%E5B4rtkvwbKD!KbImSTuApa+Zq`hSk>8G1M z9SN+lT^=XI!2Nb{H+#R%7sfXli{i1)UVtsFQqj!dXoaed8e&~BV(tYKA1|^u~go-XEmD#--ri#;f@0Qu$D*Ixn4#HsV z0i-+@gm^>vXz%Fp+%Co9-&7HyK+lY2;)N`#dlVCNQfUZSJv%MNs_aod1CZx*nKE;I zmK)q>aIHIrGTE0|*ehDX<%VjL3xAJERGju9H*g+1Ce2)`J8>krIRlJsb#Kcqag;Sj zxz*)-ciIXeoT`S{F5pdTF{xAnhPlE=^#}r#NODnOrx85$UJP+U$ilHlx3GoJQBLGN zp#Wn~ZL5m$Ze3Uh9c}hoXAAtVJMfXodO4$`1N|R7-|PfBQ!{qwAFQgctS~ddfX$hH zRvWYjGXNB!JuxZmFfHvuaNJY;d9#&QuhVCs8KOt8J9zXBx!!sIfm<5P)eO#lH16U5 zXf*ln9zy@7DI|^mo#d3Q8tIF?jPgaYZbULkloMCr|XFkJ>A24D~Yf*ccY48;Huf* zM8W=yLI12l|ICTFh1zeE`{o;j3%(12_dy;>WTWxPk-JwycOJ08kuh`AXqq*1V~I+1 zqlv;hB*l~oe{n*myzdIhh1@sQ@AAuqQtXB2?Nz#`r2lN=d$ok24aq-@n(HFs%T>N_ zfS&<>rYv}k2vKGJ6tQxV8MGDt;DqU2wbK~{Me&up&j`2(NNf%@*o(ZrZ+*W~x^ zBFwy%#hKbz7fgwt$b>_g4oKX{z}+&&^zPKM*A_&RwwicBP$(LlNZX7&$7SptJ*y`k zv!X4>AQD?w49Nnl%=^vJ&!H^C!kg5wYTcSH7{pFW%9@BpuEvhV=Coxqdd9tEestu* zg@jVeD1G7!+ zh(%<=tKF}Ck0of%f>|%`Ub7h8W@jThGlc~!sMcm1izc<-(yzlv+60PH2-y_CFR+3T z(tknTVx2}&HtEO!ifr|f#a9}FJJZaTfOnE+2bI+ZA4-lfkAQ4CY+ z+Gn&>6XvV37V(~s?I|RKhsB~g4MpHO%QvIgfP}P;mB4N==e^-4k8YP3$+uxnZ;Kki zB8m)|k?8zRRu(CH-jN^>8xYJI)r3mjIXmSj;O5$rcFWwVM(`tpQrRF#IyLRX;B2qW zA}`n@q$+8x+>6G^TWy(iT4(+Z*-p5njgUCZZ3`GlIm34(+psiZP$!*;I7C+=$(T8r zCVMw7SdYSB9)ab*dLd0I@jI}wTDm8p!m-_lq&zml<@kykf|5Q4KhJu znMl&2gK@<19o~dI5oMeTGV4&YD*)1u#h6C6)*KyVlOkHL4>S46X2622Y^ylTK-Z)y zH0n6M-P6Xo?KgL z8x4IE>z`&EEs5!3>%40V$@f;;BE`B0mgF&!Viq~ZY2Y8rt;=8$`P*qA*o}?$8hjRl zRd|z)A9OL!Kb4k5L7BNhP0Mx}ruk)7nttKq$Ao%Lp( zZ;oMJ4aZ_^vKGz&?5_%EijnYWgCb5!RgN+ev($C~mF;5*g)NiTDC8h?i`QYcjmM+| zJMGR6oick_PE^RLNU~<*M6}k-)YG`80V;|!*Sm8DxYG5T)h+Y^GNre(q<$5&vdkQ% z+KIbWNNSk!ouze9<#uGCZ7wkCHM8Acr81Y3#z4XT@}?#W6{K^Tm)8?(73e?HCSXE` zj0VWg8c3Jcg?+!%IP(`Ih*@a-KL{vj z3#&R?ypS(6!!@kYQ6OSMWc6#(hSVJ;>_GphmnBh#$|t+wD6g_rvJik!REEks`gbNB z=-jIatM!}-w!xsZ0ZZDGUW}K7dvT1JvaUNNM)P-FXR+@JhgGkU>~?TxEsK9{uGfm5 zarjCoUCGrWwdH1C1|*i+ZPJPooonNstF|}Ot)C>~mMUNJ=SYsx#2yFyHC}R#HNa&? zAxzWl^y4LL6L&MpQiaC!ZJm4LK3a|eN1*+EVm#ED5yomL>L;5yTN)kp>gGitSL0X! zbfK|nQfZZj#T5zJP@64CwL0sKxgq6dHW zK-&v%X6{{-&3LInlya?jGAdK@J z#SsPw;qx=u0vi?_$0@~JBC0WuRiaCS6C9?Mm%>9XFmuk#g=QY!iJotQC?J&`hLR0$ z0??Q1_X5_|0wP4xuWth8+Qo%mxnj?OYz8c;ItHoQ2%$seMRu{GmLsDUCEXHc-S{~# z5FgBQ`B2#xv>|`N$*U3oo6|ToOT5!wr2T=KNDg~DCF&vJ=Iy5$gR=pKEzYD}5~71A5H^P5Vf|x6B^& ztD6ziis3I|S~SE1Fm=jEG`QqoXq{dm`3{l@t$sLw*!51_#sXDi&V*)i)HUz%4b62o z=GG1$5ZyeB=t_diO|tD931xo>*S3lbzY7^v6f9L`yhIqwH+Nno)kcfJU2sg@4+Jm1 z3%mmruOZ2ALzQRQG`ie}tuGuq!Fg9f%)l!3fE5Ju+p}-Le>|$jf_uV%e*#3T|6{(> z|C9DZ|6kgVrQ@OqGPk9sj;KnX{e~ZTkSH*lON2lkwR8YJ$YWi0(J(&Kb!l|BGqTZm zvay7ZJTD_~ek_JWzH!=D(pQiV*;X>MHI5XbMQl?g=WCAVO-^U0@8{n|Bml*?jKf7h z=>32gCZ5H9x@r1C!9goTH2J-@q&{ODh^h0ofOn9Ziuyb%;TTJfVV%>qe*472A^6wT z>X$X5!SIMn<|&v}ms^biqQYB`%#-LFwc^w){9Eq1x-{-7WD;`R+1}}ef0}YrV(Teu)~r=G20!~>z1O~dTqt%Y+{?hY!&S{h9*WW z81feFQ7g^q6zXXOXLEaVYr&PzbX+M}pUrsdT`J~VwA;yz>YGz3apk;biJ(3^H&P}r zTm!4p4^%U-?q(}ybBYXVFcAr}g?p4+oM18vJY}n8wB}Bz0+cGPJk#_g;%8ueO6b&Y z)pzb?z@^*}B;wsfL zk>Iy5SD~1kFG_aCbqjTA{qMidtu}gqkUDZH|7n!%lFiqMJ%Nx zY}wnAon=OW-1$QJ_~B3GSD84RUnSzfit8(^nUoR)6?CScLW)cHMd$`18=tnq zumP2ZVeQQEMU{&?W~MpU8rPLL|6pzi6*$^jM~me9#htL2H3I#83|NdaNZb+3H~Xv? z1$HFTfBu(pI(Pn)-TiNf_-BlI7as&I@WSc21tG_G9L-_?He3Y7AqWq&1cl^! z{(HuMBp*b6WNt+s)D&yU@?90sA_>6G>Jd`Rf^tmBI%$dO*+GVdVPiB`v_js=q1rb+ zuNSnmGh6x{brot5sE)+!c1MTTEyvrfby{8?A0RuVOz|OkxqLlkVcb<@Ema6|3N=MJ z1v!(j5783UHN7!b?AAh8oJn^RhitxGd);%mP|HLTdE#5@MV7yqgFic$9~=0BPMhXX zA;Tf&k=y(~sn5VW4dCNU*nyg%Tg=BiAcYFhfh~rc1KTZarw|*cB_R}B1lEs%KA9f` zLl`%~h}@$q+>NWPK{~cK*Eh`_19z2#Sv77v@Hw@sp0ux^wzqJt%N zpe4rWXy zoMq&FMm38` zgu6qDWXi?xz>kK8S4)WYP{S1*dj_G$9MbUsRv|y-`TY|MDlFd$qqh?dOd0a46sl=qMPAw;NgXQ}F zQJCZ%*aih2=Bromt9xxI@E3i^(9l_kSVQFwC5z>1!*Gk`(<;|LvhnNZxZz>&rDbJG6_(qZ;Jk=YWvYi!cp#cAK5H@Ze#r@Wuar(d}=h{;9eI{^RZ5^j650r^D2-ZGdNdW9AL z$`%t5FbE7)M0x-<1J~Ab>4&HrGiXYwkIsq3nY|+|z-s>b(TaY7zY|RGz5ggfZT~Ui z{ePg_|LN@b*W6cYK)7ixC-aD=JQ=;SyS$J^8jjjujk#oj3LI3)*dcPdU|WrnTt!rm zNf?QXIn=33s7c@xTLm{H5z9qD6*KAE)6o=DTc7cjE~k6FU~N5EPQXh zK2fblTsH;DzHYnjw!h{)=058@o{-jhMTVt3`ej0{r9_iVN^e`OuI-a>ZW<4fN0UTL zmNhth*s@1Z@yQkzQ<&( zK7I@uZ^o>3Tm)-5z4O@l9er~Wt#x=J-L)=k3m(|W%%eM0lbq^+1_LpS`r|`vlq;Kw-NkaNaZ)R@yt?h5hl0q&{D5u#ICK8vi;pRj=d z8|V>=^|BWK?r6bBgi^YW3?ldl?4fYXr$~&w{_0^i^hTrkvr;t*TT@007&CY;>lzrM z=Sr8)GPbVM`SD=wOkFKK-I-p3?iu8@&!-F(2mXsMp_3gkhSY0cD3f*xSiI3#LQ{IM zM#C%7$5PwSTGCSbP)2VlIfQAg$AGG3*{tz<0@s&oego|}cDzYpaKK5K0wc>Za9_`W zJF&aU#vThdlQ3ICx4+I;RQ46uw`#eS^a$;q0H;STlNL3})p0JTk4Fk>WE+$7SX7fR z+(|GU^NzG7h9S4AVVEwj{9bAo+eiMEjT4ikkBObb!+$F!sMe6TPYKbi3ytGEEa(*s zcmmOK^2=)x9=-A9qu+SnEfTQ*%q4#+x`c*4#%qKHfRG61xa{36@*OZe01o<$TVkAf zesIB1ivim(!uoHr@Qb&4rA^o|s_T0=J8jScwTF8PTN3lPZs~+vOd6!+vnz zqizS(mqE|=<%457R_ZiXU#({*99^}$p{C|2USH_-jBd3H5lM4Nwu&IWFsKnc#GaklL7E_*uSODvhpe$3M`&kv8I5k0#vR^ zSnf~K^^@n2y(Xjl=0FiKOI&*Qj@#g69enZ z)nj+QP%K3`vNb~XfELSfyzY?-TiYnLvd-!6%#)lju+k}&alB9kfJ7aiqZW#1k8{Gs z?%YW{&?FQ16d^+&arx6K50aoS-|~K-4KG@Hd1RSXvvltF6f-Z#;hiXm>3WHM0xpBZ zA^I+nZ5ZXI!G=4;L3)-aGrI`I@p=cCU7OI}9R;WQ$c(8Qso-X{eBp)TD{^}Io;SmK z7p<3VyYxnqZF@2sGwqk4b*Sm|g}qyGZ_R;sFiTjFWz1gvc-7x~$M`rUWwc-4k*|7c7Sfzj&UBkCY z*>h8a%Grxg=k-tSKgm}gSlPLUwq{;Rr-on`vy93)$_Bt;g;a$ksAuuv!0rHi3Yn%TO0XrS|{BQJQ5SvkB6O$C^EU?s3%C&0`zQHI%O z^6y2f6JsNW*m@#qQYUX|N^u6&&6KF^6Ko&T6p}CtnS=n9gHuI! z2x)2dj5jpL(=Oq5d5b&rbh-9Lp>wwMmzW&1Y@kB~_zx?pdCa{d+VBx!`EZ@;0}Xy)larXhlVO>WEy1mPb z)Jly6g1~G$4e(2@e*n-rHs>Z$RsV5-=SKn>(BlL{u9(t2K3WvU72u7iuoB<4P*J>e zh4GV>f*O*dz_aHaXWWAi%5;g&#o)*CMK|v4YEjqf!QYLf*Y`K=REBRxCY-;Q=f5|w z=p0~-^^?jbJhK|Q1dVpRv#@F77dcOf7eaQe2er}28e_|cZGD`}vQ^}8tBcK> zU^8n-X|3~!o8oN-Rxw6Uofy4U{!%wY*!Y)~F`hd*RgR0H*;Vtx}_u2uK}_{vT?4t8{E@zf_?Ru3-5ZKNTBb7q{Jo^I{F7DGzj zjT;1O+lRdr;V--H&mA%JY(SzgsVJN zT{3zGE@U^);E|Qnmw}6ZnR+fx*OvC+|D~AbxdwlNq+z^TrdwDmkXA~)>It|Od50BJ z2GT}lfnKn%O}Ee>La(q1Kpi5c^Er__TspBW*aTvvte65j#}Gw>mxq$abILp{hd`Yd z!8DHx=otG0qJb?%_t0Yl4Y`Y)FHnFX6vz*b?fdh}rw zlh}JA^xjF>J|WoLIEM*XGCtRicm|yAVY|dX-G=T?Et7cR7Cf+;;pV~in(OJet6h~c zWVE%+-XpMYlGR1bAtKb=rHj*Gj&hIR7f8o!mvEkeVg16A%&P zX+yN(_Gg@>%FT7czi^Z7se*6a4jz7IXPohtr+;Dj{IxVn*!`XB-R0Vc5J&3 z(%V|)fMXJgx5;0f*}WcyPK$^Q!}yS7yP1SRRQ-yu*!oL~59ZHdgpT{mXp>rD>i!xr zDRBYE{0A^~-8AU%?`{JiT!34eIXs}f%t{oKFuC!O_)^5yA(9{tWk5# z<`e$5YER@jnetQ{c~9Q!p{;AUc&ylv(6Rwdo9PiT!+HA+{7Pt9N6ba8oe2C4e3}KO z;+-_0jqJg*8$VJcZxAmT{JJa>xW-RgKBW=$rljkp4CabcY>NXei$ifIgg>c{JfLn2 z!tNBq82DkP^VDuTBaX-$({U}(H}oK+3rVTINbxJ;shNg|_^|5ect8`i6o%YJBH-uV zlEUDmWjcZGY*aAlmENOK$n8g5!j;T_YN%U>Sa1||OK#bq(I@OiDYPO&!u8M;m)K$j&**wkT-UjQX>$ zOW2m$KCs1Ta8!gIBcjQ%%$9P|6uoPK{6$s-rVY}OI5W@@%GQ#ApeYQzD%NbzvN<{#W_LS1F z!7r&8m{J0k>|<5&DtNXM;~Yb=&9NssJEuEPnk8YX5QAR%cTDR#bS`JR=nti0Z0FcJ zeX{wJA=@JPL@-*m2+!2~SuOJ)ETVv3W*&X5!d}I{y{l(p1|0uQ8b zf0KMnMD~8w71I%@7l2aq4wX2a2YFoKl7i84%cLq>>cpP#s|01x@Mh$=yTc^aq5c$# zQlJvC67fH1{C1~~>w0nouu|>z1?dA?!2UxT#UAe-rAK7^Oq;L*WdlQ_3YDskni^9? zk9Eb7ghD(hTtjCy1QqMJ=3x@qdrv~woo;gf-V}FP7I0}!%vuBXNcI9QB(S2ZW+Nj^}g$xF>Y#HvTZ9D3s2K0;xq#1-1U9ktPs9=GnO za_lThQ!$%<7^yKahwT17;sV>&y_i(<^R~fa8%oWotKGD3+Vv&Zha4qKm`>{eYENSt zpg35?o^tt)W@Ey7Y2fPA~)UpqRnKemMORRaw z07|e|A;fj(TX!gt`P#>AT@0BUR@{AlUE(Of^*Jf0Dkm|kl2XJzUTKVlDDMP+)O&S@ zIqgLW^nh8Wz(|S5x4uCW41_LM`HF_HU7FO(IF`OXHRj({a*8=Q zgta5sji5bxfZy;*eN;o>9aB_$%+)Z>HJEUaWTMp$s>&+Z{r6N7k8cueGEBuo)b(sM z^{@cM5we*V;kl;eIr+-0Tsv%X=)^P?!3J4CED@66jd*EOJQk=>pgPDZjMxLzSKlDV zgNMx$hGc0Dcl2#n!|(O65APOs9@Y_>Xlh!hc~l$)ZB%lf8%ng{mi`B;H68=Cz$;wJ z_m$*6+C!ygxNpN>r0btghG3 zs#^T*AAc=Sh%Uq7}(Og@c0FaiV^eyj&Nw zjN?3=n085}M&iiW!6TU*v3p4YpMAohIf5Y1D9a2-L_c=;L$){0AXqXF;y@E{(t7O< zK961M@(p%lz;&V63$0*r+lhEL@W_`|d-%0Dsq-}59n?T=?^(TNqtvgVJV)N@c%G-& z9=O5Wh*y{qaG88U(Cs}8Gfw_d`|0~B6#DhYY)xdo6-Xt~`HP)=)9^vGj3IiQlb#|J z9*sg>smP1!(5rT#XfmzV1240ETsSwaxd2MJvd%V9zex&#dC^}^k?&{2VFfWgefq6+ z!K;PPsrP*9i|`*5C4O_tPxll60MJj~!+&pY|391h{<$$rD`D*>YhYn)=p>_WZT#;w z+J8}%#j2XBKfAMEU_eL%e#Ai3#b_G!Fc3^B8yZk6B~JuQAR2KJ%`5oO=X2vzP7LPx zI~JGK%{$NizVh0TlIoJ)3(cRh9iKBs;P~R|N_c6FvpqhZx!x}jzJDJlYXSb;|41xt z=mUyw!g7oJS{6fXF!=}?;GT4(Wl?fnm_alwj{)A* zfM5*+6VUwu)Q2A6n)~4DGIBQX?)B~XERPH}VD<0=G-eE_pt+aS7`77NKS5s_8`94C9bwG|ZRN6mYb!yiNMLD^7`oR)g&z&khLJgPW7Q#-^%f zP}_*FHrQw(qF>a+`v;Q48;V}qE_93`Y2>ZQWwit%wNuEJJy^8iAg(VHNoaWQZyMAB zlh0zHyh_m)GOjOD(i87ffnviiC zcalNYb*SB6J=9V5>totabz zVxp6eqE28l9aDl-{!}i+ZBnF>J~}#P2+G@uOq+uqmO!XV>l%jWu-e1g3&cyF7UT48 z!rh}_EDH|{BB|_%TberA zOLJ6A`vDKg^!s#G>j5POU>g0N!CX$dj|p(K&-`DUePfp(T9R$0ZQHhO+qP}H(zb2e zwkpj^+qP9N@134CGrd;d5AQ#mh}b7$qqTjbGawON@rL<{0)5m2x^u(PY^x72h% z4a`OjT8A(;s283YiuX@Al&pRY2$pVSZ(?`6{hX+GNZx)RklZ~cj9jW0z-MCXYUn(y zs+yaZ;(%I6+};#?9HpD+n+~@r!xj3bC`;ljXhHOidhorvV+TzAr?2Oz(2SA@zIzp?Xo<;3z zYJF+Ka02h!(|l_7@v}LKUgkqjuzra00;3BrWN=`anvE8d8OeicCoC2;(6VNC6^v(0 zEIL)++LEXztpm79`AS@C)&eSo5qUhO6bu|mf|_FZ-0tG)U2D@u(Ct8wF75E<2j=-XIJHp36K&yOq{BBwJ*2Ws=_>gW6mgp zA`ALW9L(D<>6(Ea9!#R5HFIk07YrAc7o0~G_#A#7MDzVwB=Ani6p^4ycYx9El}q<{ zb4$rt@Kp%KLvzF;4#8Ixb6R=T{d|p(EaDXN2QlE(*}9G!$OB{6$rC#MxVnO6SshI^&U_XNTF6TCBwFFySkCIXCwRK z&yl*BzKXDP|Iy?}EwPb;%#EMLHn&K+ePl{o$8@CFS6yw45pu|R?z*O(R72vu?K&T+ zeOCn@^pIFjxq_UEw#V3nU1&Jl1s`V^t1>k)tB{lMyd|Is8lxzE0E2N=G=>jB&LQ#R zZ8CRqh&?4C0>3o7WI5F0xZUjx*wY}mP9;4#k>Md#i!zI& zhVfXe@|NpzMNO8EgXBi-Pa&A(jT4Fv4S%$quo={O&jqR{~bkoiCN{f`|S{{hN5fFb6c@xDPO$! z>}#PI4&?>Adm0?ul0?dU&)IoO5Br#(U4;qpiIOS*=h?UX7i63?T6$huWB*-0*IfRa z=kl08Cj=!ybp2DcDbcjT6&`}kkGL27w5GPqgQF?*m)jz$a+dR^*&^Jv&^k$~IQTk3 z!#gohz!bs`E2l+`dB?px2qsI%&qx9nG}>K85Z7Y#D9ujELM!GPl1&Lz6i+vFT{(g- z6iuZxPjp<7dHD!pzdpFov`50m7~O~9^EU?5<|RFUk35fvG%$;zv{7&c1Iyd|T^{DE zFVb2~{}ym`K%H9fqCY6`W8T&ZLxMP?@@=Yt22H_c2FfUB%QsMeVYD?<3Z1_k=5YQo zX^QGU*PWW9h4X*Iv;QePExAR0EBUtor@PRCu(fE10N~cxHJxwYl%NU6iT7YhvIBbPZe!GSIx8`UB%sgL$w~XJ z3p^NlzTEQ!IUNsxsY%6w!Q3}Ue6IA2)O1BFCkgGVcIZJxF$xU@*3GFX4mc?X|A&v| zZ$w{nFWWr->Gk8wtck$@;wV8CS<3)xj~rZ^qwL+UC8m@5@IIBwv6f4UOPx(Vy z>81VF!+yS%w+HK=d>?pDbpU>qB~sQiWf~6$?m8Y}8E#ut;!@J<75iM2+_Gg}@-C&? z6SvAmOoZNhG#KckB0yaAk@=;tgfK{;-w#j7%EX058nZ1R%D*yAF>b-K-Bcegrrd-s z+CYbnFyxA_GZX1Ehw>#`umwHEc8+Da^3Z+7ZnPe=|>XGg3xUtB8Zbe z0YjhpEX>|QMz2rdKP9X&bwi*0xv>ZzfP&z<2q%|=zCb%~QN?axeTtN#bVL@@6eQkf zF+}EKKOdX{!K550)(H||6F0=)5wN3e=TJmEsbd}hR*_3^MI`5#?Sz%O&fjGwJ;OD` z*gOe4b%(30yIIoSHOa!;bBTw!CBq<g1XM$v>T zH^CW_H;~Xvud2BjEaIOne<1x;oIhb4BZR+;Gxi^g^WWKB|2-7{H4TLvO$@#bJpRS< zP|=aY5<})Oib9JLg3y24l*f;@!M9ytrKvwpLL~D?Ckr5#P|yQqa!9S}UccoG_)0v2 zJ4o&!wxm+=ITP{|@|8eg;o&;xtb&1zx3oB(-tao!a=O~U`13eZ+Y8k8(-M)wJ7-A5 z+hBKs7<6D*kzTt&9$k8rA%ymc1dtZu2wXb<)O71rJVT9_un~Q)x zC8pu_JDv0s@Oxw{8zc#+#9{yon@?)_#ds*=_LB`+@9D%^pdhjIl+9M_`K#7ib-C(< z?UJ1Y4c53?hYCCAuBK6KVxmXFVRy!z_qt6BwKoxcm&J1Cyq#6a)`gS~G)j#1Qu*wp zXdPLokS(BAXkm@iwO?`L9MT7PU;DBs_mRb+MD@5=Ps&8cv})QVU-AWk%rL7t^*kraCMygpSO1a&uRf_YTraI{pdWzKwlG+V2i%9M7jOl!5( zSq09^gyzI&9x8?Q;3KkX{m9@22pPU3#Rh+{iJSor zihsIVFJe4Dfx7=Ne{-tcuac_FmOT*rtIm#mSHV=u^$xF15Ya-hk>$G59`6^;r`YkX z^vVm|+TrccvGt*eWnQig$6?iZLlBN74REE=T< z{!A~(TP89f^!+sYagMB`G)Nr!7>Mz)FjANye~PYf^ew?Ucz3L8d(^?sk-IH~l;`%h zA7<=Czz83;vna){eDPU+0V_n%5rNzEH2IxkagKE9QmyTs^XSVoFRg&o&X8|%^AYzR&daI2xB;zyzKtf`a# zA-$^OjTCmpeXZkl|Aoyk&V0^P`OJ z1|VeH0t(71IpC+801oVnr0MJ!`Z z`jQ~s+;9HG=`0?zCm+*qpUuzP`w6xmk-tu78LACLN2!mP(K!jzQl|o9e5uEeazfrQ zap@mSX+|L(q34V%e!*)wvVjcpZ#fQGRx2WIY3VkMF(tXl*rK(YjU9(Dp;~M43Vjss zgWHWA_0XL#q`P%D)bFod)eOVPd6z-((d()_K?QgnJ!N(n8Gchf7m&E|ixnAr2cO#% zps3f$fj2g$n#$5@8cmX;S!P&*ueD@7qP@BZ0e4^1mC198RFWA7^}(V9Dk&v0{3w~z z4VqYJaw~e3m{wzcE#a`bjUU{IlP3}Z_;_q1|L$}AM!Z5HU*G0A?(+BIMzur~IwG=s z3Rq_byUMA!jPHn$wRBUZe1)(}kV zBtgt`j3pz8cvIH*tLnXH9Zn|LABB zar=lk|I&l|EKks9mrD`gN!)rsSTSQHY~#17b*$0hG zCEjfzG|X4b`Uso{>>x5{Rzr!i^~?y1a~`w5EP~7)A~oE*SR%2$(pZOxOZ3xaL*A*g z{KW|7%QLW+iZ|YCeQX%XxLaar%t>qb5w;;J+Kpgaf}89PSRoh3W&^$Q;JmV2ST< z@U1qkv(%p&f~E#)@n;mWUB3^iaPxo<`$^DE!GmGTpiHx@hI9Pu`t6#;ZLQ~7)io>R zZk-UkXxYMk*ozREvTT(mM0wMX2>nR=G<;LwTD}bJqfRQP>%7&YbvSwPd?g)nTLQ9$ z6;&`C4hSJ=`hM#ebxd-59naGedi9I77-g6^hsVJZnq`7#53ijG++=xm_j66z#N^!p zc4+Z;v=jsSXJS^wzKic^?qUbG>>4(0=f*kvl)S<(O^?VV)69nbTl>7Q`8v{FX%%tO zhfwK|0F&I`M)W+ljUvE)YIoICWbKO_-ag?r{p88~-}PX67}t0hB{mA>C<$Uick zY5sFd|G#hbe?CV;f@nN}1`9U=Euj z8g^7vbk9`oQ;`Yiu}SH00u^vq;6eVmM8j&;Rn#+{?I#LGZD{SQ)V8|^Cv0gEFWp~p zzBI-1Ai1IWd86rudE?W*J78eAZb>idNCpR8<=Ck~klp+}m13l*_rlkd{X_wdOv66D zzp^zCUZ+KeHUqtpqOgAH)Lv9o_MsS@jNNgnbrBK>h_8I&uNw?N9pIVEfzdf&)w2ai)x@2w%`6BX8Ze{jCimI>e*-^9z(rJ zgIbmgkxY_qfm@EF)N*&GNQoJDyri?v zET9jRu?|8n;OMeL@B7(i8pzH(t(4o3O%xCs3s;_BgH{l_ZrNT#v1t+&W0j_4r0$j7 z-YJ)Ke@qb*YtSyd2Fy=o{dwM09RSpM^_lI(eM{WZZxhTBB3hWcpja_;L=;cFWa$U2 zNsw8FvWE#|W~5E zVTesEO-I{L`PT7YL3zs3DojRLVEqI=anQ=!>IEd!%3TL0onjBRNR+}41XzIbnUo&& z>HV9L4lLd0nE(CuVg9jCQ~c+*|G!rW|N5?|ZvSOA_{GZCVbQ@KKC389U96u0OjxFF zLzC2E&OnoFNJKb5+6}W#+BsngB!Xb(eY4ps>|BInGIBcx_J`Ev<7z4)fw{Whfphgc zYwkMdKHF)AW0UXe>rm~7*{us3>Wu=nn0+%Aosj}>&De6R5&K#o$$`;}@Tdz;?ub26 z3_EY+ZizNuERrWx$hsp-aS490A@l?T_-ha0Wzyca%KqU8eu zM%VHEsV1XOPDkm!+L6^v<@L(F_@Y9|b%~lu%lQJOGD+tqtDsEPLcjmv*D#u{i?y+Y zkny+%X`>Iv1nPaWq=5VKq@ad_ON6P%*aP(|E;-Q`PNYDtx#MnlCyT;kV=C3T$IRXE z?>8=?bBA-}^SRM)U++`>#VbV~2M4$QhwHdxxxw!0dU32q=~zRVKJn3hixaDu9shUg zh+R~={q;uf{`=eX#{zqwiTX-TYnaVQ)iKu33^AnbFFv>5OZQNl+v;~5iB2W&hNWH` zI}PrNr~-`?FdgsIw}Vq&Hesd4)2IpAJGx;;Rm2~8s<6ajYt0&T2#HhKOHtMjnv-s4 z4Iy=8-Y}sp`Ls)_szGG+AdQr!mnfk=T_>5tEFp!EVL-t~!6X-4sc5y6R_qzj;|*sk zs}(8^6NFT5n82|YE!Bazdo68zhY$;H+%RN`L^fE|ZIwU7I-PI;M!C*ZRc<3?r>G*N zQZ5pJXu=j4l{mG5+;%b01%LP9$6&BWs2!ej;Pm)oUezm2R*PQS$k1ao`b>x0ICu!H zb<63(cwJ+tj{*T9vCm+QLsy(i9kMS@qk;A$aph0ufnJvQL$TZK_;~jbW4VXbvUhTd zkKACKzQl*@>gAg7)FjVz6l>rW|-$B|bzMtqeP)aW=X#XYX>_t*gp; zuH>Y>Au_}H!*WkcuXzWHD1_Sjl{NO>TZDe?yXyLKOa+@f3%8PKN^*1A}!f>zq=ZGOU;$Kv+M>y=Dd>^#mv zJ>G2gvJ{vH9$RBua0Xtx@mek4>aBv(^)9_cH+B7zlv5q<)Unf_YFX(SLn4e=1{kvC zlxZbBU~78lzZnYe0hu}Yf$p|%+NhJ9Es;JsFnab-6X!u;4^3E;OQa+f6Swx<)m3&V z8yiMGk~G9vrMB{~J0rC8Hl6!uBsYmoPt_UEL{H=%&fB_j{e8o*^9L!j;wZybl%Tb@ zhjvFPSG7`a>DxXyzK)WeL2AqTSV|Xb`tRRH zm2+97Z$Ml^LtWLpfqY%IaRH*<*J&dz9tcr{k040MFk*l)KH%CqZHuxE`G>zC9BxMl zV@BF4U%ok`Lt-Y2!|dpN+Qjtj^8L8>hw1I4FxxyRBWVY{0bzgyNy*}(qTyO!l)pyE zbk;t{F18SJ`kH>&;ipaitdc!Cs@V6<~3;p`bU+PIR3jaN(#D=m(rgEFkBv7`r)S zIwvP=$mp$b2UJI^;-d_j=H`iyn<}*9tW9(}jkc}*9Ax|S{={*cOKSHPC$*9B zF0#dvWiEHe2aW&MN-3Bm0SHc*nIP^}q z#lUB?i(bT0D?}&EZUN@gEOh0~T`9XQ&L+7+q_PMB2DS-)sGVnxyG1vh7mb>C`Dbzt zXmLj5Ya(YhlS`wBgb<#vhv#LCzEPMqPFwG>uBI(bGg57Dl1>hG-w$yMW*FuW2nSmf zF(HYaaDT|WMq%3E$OA>Qf-rtTh8eT8Fhrf-;wG%22|#vpqKQta=`F+kRVPhIkukI1 zh(z%p5y^l0Im$cQxqB!ZIGUL_|L+joY?XJpbyegqTf{whY+PFjHc<;vF$fR+lSCNF z{HPie0_UJ(&6afg%nZzRCu_~GN*PT7n)#O8w8h@?GuIj%NQsr867lxqoMX2hC+E+r z!S!tb?NK?02Sdt`37fPL9|)%E7ic}HwCG&{Yz1#5A=!aJ_PsR360re0+7LSuvU0}`fhy-i*8tha$pvgNj$4|UZsT$6QVWn<%Vl7Ou&-jM^Cif5v z9jL}^v{vrUwc%{0m)!nMQIQCw)uhPSsL?&5Sld+=**-KqOFt|+l8k(vTPLDerlYg; zm6Ohqf0D1{C0jGr7LXi4;x6X3uGaLi;Aj%#`Lo3|SS&j9%(Jvg;IAB~Q~lc}jfu)!d!Am73^ zi6yT#e?SSVw&2n>7#uyrI6_9``ViWp^4_|>7=ro!)CS*LqL&EACxuv#`SBtM>rY~s z#Et0L?EpZC3gKyYI$pv;mWZ0f1sKW+U;+743Y>1>afV#Y{7Z=YE()zw4tNB;R271VnKcwhFH$AG z!>WSNQ^K}Q_S}LIYhFzf1;#Zs-Utzm_E}sF^{*N54Fay*_z>&G5dbaU;L*TGM2fxe z#(sz?wj=)v+Ce&0N_d`ISh*T0cU{11&v@v*`uy9>QW@tJ`b;3}+oc=+K#y;Y-(!L#VosK-Cp;8VsO9hbLpaKIn z67e8o&s85HcEf&Kn%EG%6T?{g)U$0uO z-s}F{-ladbho6V+E8w4Z-woUJpy7VK_($P!+LyyW6EX0akH!v56Qu5tG5S*O6F{)~ z&{s*e<%vW-cs-j7*x2a~;-+tQthSg(>U648QXncK7Eqw(^7 zr!Gk0S4JDv@&AgGixmk|*I2vdyyrTBdi3gi0KY8T!WXWE3Icosh2YXw63U{rSwmNO zn2mJNq;tvmjR;Z!BADIhTF<}x4M zwsmkgu{I(AX$f{2xT`6-4?3kyfRmkdh5qvGjQWHHQ=~%Zerw+%+pZ` zr~4^u@n}FqQ-y7sg1j=R=hx?iKK|ifJg8}*B+hLmgZiSR7kp@YO2vIv5rV6Ggu5eu z3Snz`h>bhOqxKcmhB=^c!uOv^l-nD^8L3uLUFtdrmAK+*9ReQaGx~qNCQ;Xuu3;N$ z({QD(n5q`?i?dber2e{xW?5Np%N_4jT?jy=&GDDn3ps;Qka?$dlCWq5&ZGFuBZOHg z=M+TXL%d3KcBI3z4X`7m}P0*xdlQq0pc7m9+&{^15AeGj6?CdZHmHv9rq_a z73f|-p;V;Ehouq!LzG51ZjRP_OVSnFL*Z#>hDb4~E zhs^NW`dH2MYx1H;S&hl7oNJvOjTYPRkM9F#sInyLaWzj+erqrgqFR}$GW<@Mn5Un=F4!I|bIA`y73AWLT*y->gk(RM zDywj$8Tau-yzuU4n~A(CC!T``qgV=!b70~ox8g)|hTkm?UIkbd>Fmi|f%|K$NC7sl zmqA@`X|}72IZ4aMO|5hbQqyh|uwoFdCK^tdre3Hmw-%SSR_hw`8ymY5Y4mV!PQNxQ z%!!yR+MTQW%i3)grgJh8o35!W9 zn4wXu&fA7zi6#vOi%SA)`Emo|rnfWNDSw>_y4>+Mx?{{O6B-US4l!UbJNe$DcDszC za{&~+>Lzz`)NfVDF$Ps0Wg@ioHq|{d8g3>Occ5p@`c1??c_cj}mkvicKWV_o;@M(8 z41VF3^3*HHOAK?%hBhm$w45QEwv**qmyU=Kk)ukkLl@KioOFOXQkZ0%Hrdb-dR$h# zj8NtPhZ^DfnAe9>ri>Gtq4$si947Jdg2*V^s2uY)w7lRy_%Zim5x<@_bjU*XPQV zg85aj@$5l+Y~ewfz^uVg&dLSTP^R=9^=*Q?y?W|$q9!=q&Y?$+!lay89tQMLrm({& zR2`at(A5t?)JlAdpeH9Xjb_!HfNn?ZW1KM_M6pQ=_D4-ecc=*Zq3c!*M9Ha62M8w` z2#_dg7=t@h*k&P4pwcKScSM231a5r^-IJ0P5Wy;KkFLvG)=?%Q&ApTRe@;?WF_lt3eFH8jXpZr(W{iIo$FD5>Qu8*y&j(PLjl254-bd8 zL#{^c7KB@Z^E-iw%Vs3?2A`-u9An1Q6iMz`Qep~}yrT8inRR0;+P1c+kun7xd-&K{ z;pn zIPRs%>0=?&5^N8~s6tc39%#=skyzR$4E0c?`)%~uGoKRP7Y2U)q^->o(%IDU9}i(TfJKV7LW4q2cpH z!dJ}P?n%nA@mCOvyweR&#)uIv4#<_^dtNlik#Sz2xER;xDYw1`cz+z#-?pub!_<(Q zJP3tC>&M6EUX!PP7v5||5I)l{Md{xfu(x%DRSFj~b-yDE_-0I5f) zMjXSEBc`)8hS?Xwl)CkICqxMorYsE=F+0#BnizItU>|<;oS|6sl+BYIuxZ;E{5@>F z+D%r+3ijN8n7^+{W=RK=5#+eaz^y$Z;*K>BfgIW`Qry8 z`aj+O$^Y}hT+zh9`2PY;^?y0vc76j*A#f{qiP>Z|wod@ABg^-b*>50 z3BgkroJ^7ZhL?k8&2Sc#hFVtTHbo-PsECHh-k?QKpAE6SL%G$T(-+2gV*&ZSUoV%F z-DcAq&s@je&l^~@U&p^2zs(NylHGskLF|!wHzQizHsj;zrJe=?a4QFg-iC$Yq1+l# z_T=x~;#b@V|JY7?ZauiY{Lw>nO%@2gXOGeod0qa}qs~ndlY=_OB!J!DNcb-BgD>eh zR+$^EFE+4j&>)?UE;bj~UYVE=W(UNBuYAu;fI9in7q?IU2VDg_Y9C!d*j_4SjG6&Q zPW-5p3cG)*3N%PPBAH4TVqa|ld+@iN99TVOs7h2Bdm+CSgUsMs+M>;R9g6aKj1dVZ zQ%t?cHJX6TIq&CB+!^+8<1Q8hu4qWgb)@c+D`RS*{sf8KWs_rx&5P*Pg~ZkMHh zX$M=%dt_SCgN)Q&jXq^TzM`)hn6!{e>PZ&1E!5r4vLz%1tIKJ5+Lc-n8J~lEOX&=x zeg;dakMLj&y6$DZgSB9JK0jR~0jL(Yx?VALV2@?6X9Z{r&}T>Lk*+(J#{R(3iqc90 zMx!x%T!5AA&oVp!TR=JqoC4AjU6Ux1)*3DYJob~Y8#B~Z7{?+4pbIY0XQA8WafNQUsZ5J8 zc0R*zD>xQ zsoG6J{%+5ND7PqWGDUhfOID;Y+d;%wPv%-^gx7TUT3{ULmjvwG3Qq)#3Kd!hT`N!Rz6&s{Y_lu!dvWmKwQ| zlZ51p;P##6>wE(tg4m_R@?c$UMdo!K&$X3)0=11!wL!dFGQ@6VE9MUjKZRR07{5WV z0}Keak@$?(joE$LnZP7oE_X%jwc$+y8zjHRXpa4d+@nYsZ__RPu< zdt59Qusi(zMG3)F#R+8 z_^XKxZ_!s>t^(3(dL8d52M_Q_siKu=jy3fu^h_s|Kj*?tqE6Iu0f-uX@)74KKf36mPAo066Knm9v6YKV7 zx6yg=HblP9V^q}8_#0%*SxKw*7t21Dtj1@#Lt>VsBV1Qeec>hU69{DCah-QQC|A)Bu zr7nC1{=>Vb*oDWkZNSEwyqbH>QJ-J#)!C)D8fQb>fYgB%P z5wNED2z|xjJH2U$B|Gj&)i=8&{1;n9<@gP#WvJuMaogAiWU`bh;|nIBh79=>hq;XI zk4_zPljO&wtA5=8Byopn;Y#ffxc0PRn_#N0&OVv;V^XYToo^z-?y$|`QuAW;cB*tBQ0ZK7C&sYi3z6Km|)`${+^M$NA;ke zQaz5w;t@dV5ndXxfgi46#%;MLxb{YAiNi<3^3&GN4kc}Kz`O6@l`7~gP!y+QbH^01 z^S2C(EWh8bHR|T|@0cSA+-+9kNCpORUhbs029S6p zzeelOV~HZjAl31ne~$feajp-t=2rj7>*jXl$`x>DN39w!UmuHbEjGWev=R*k9%Vpr z+GYK#+O;P@&I|bLIF^l(t^uy=S4ZRfZjAbgQovSg53O2Jp*lvQ#O4q#eDH^v-?IX+ zQGS>>9<>rEU(b$-zPzQ@O#F=`@M|=liF=;|=^=^oJ}~N@2`KN-kz+zRdq1mF1eQ-4 z1bd>C42+gB<} zyg;tNpapP2aM0vkE{_#_Xj#t(ct%-wSG55$RoTtAr#*R%KJqdZdu&D-A#MX`^BhCf zh5oV@31cr+Cj+ZQIFFf2&2g1ME`bU!4bO2%c#hM4d!p?`oU#qR-p}Qw@!c)Tup28^l1; z^TK>nmN*Y>Ex`V~D9=9BUAtPtsT-{W%zCwZv!P`al^VjE?>dG)>7`LOssv6tgkOJC z$hvI2jFG=d)SBOF)c>qR{RgD=ztlzl%}jWAQ&K_wlFfK3IW6Xoi}$?c_yeOcZSFd2 zgH#4we%aCGF{^uKb;j#CXgwKGf|*Dmj~|@`me9^P0oOjwd7DqfSqw;Yr{X6X}D}gVO=4xC3MSt>Juyc ztIm&^MmGYyHd+`tmeU*V(}8+26Nd?h;naIrXn;=9-o0QUg~2u?DC)SaxE$MGHH?>UD#WL9#9i)!}3^ptXLS@lale6)R^y(_8j^0(yH7ka9yhljFpc2A1FHeD!rKMf=2Fi6Rs|lT_-IPZXiJ^vP_}1 zy^D&4fUpt|S|aO^DK(XL2TYb_I?7P29!&7-e-;O)M1!hcu_rFtW4NaWI~@!H^)vx4 zqn*e;Fh2ku>+9k(&wMD+D|s=*YWZ?YjHhJo0o8@Zy1Z)jv>BtVX?1gRtm zO(#u+k9v$bs&o8S((&=}0gT6>y;W#EI6lDDdVH?Xys1$Nk%2ZE>Z3ra-D5$r_!t&O z+=4f+g~`6J;blY$Trt{{=^DPGzh&Jb2urOsTz(v1umDwmtXqGs zP8^R8XL3&k&vb{o&V2cShxsBd@>w4)cSDiuWaRyFXVtw?o8>JkPD%91ij=z#h1BUl zhNs-o$T;r7@UwIAa$EXCXH#@O8*mQ*X+L7!`85kT0S%!7c0S@nHF-eVbj`7w0cEPGxDjF*y^`VmhTPPKQ7g6(ne^SFfr}J|v=#{f{|hG5BZI zuhRPD50@f9=6kpkai3`M+BQng&=Tc0Eny|CUXgn>O}arAfAVFm*^opo_&RkMEIs@~rUemoJ?@P_3t z!ELBix0L#dHnMxcQk7@^Dmki`)c5nmRRi};UW!+zQBDu_YV{3`@zBQTe@X5A5Hmyi zt;^cC^M>7ie0nR=v`^CVI$_M zuBk>>u{6Fl6w=Vg(s+V>+~eT)My4_(!!1iyyftLnJylStIcWRozKvgE*AQaI5Zbz0 zUb@$Jg^jsUZE0xxPnffs%Z=0a^x52J4RzXj|cX(hU?EmLn`(H$m|C(#X zD(kij{O~-PLF^7dFo&A9-Eo4p`j8-+h=5J<;ONNl72xpV>va$%cqeL__J zLqu>NNMRbI!tDx*2xI4~t4vPQ(=lv(zCN#@JKR?y7HxTka7PFB3jM|4w3Xlny2G~A z;^&gU9Iw+KjkuL-cqfl1k^ZE4*S4F!0%Ep4BB`1J~ml!mOGJF`mejK3~xTTI?}kpJ`}VD^(1T z@Eb;O6qqYhE@}WETvK&)HOShx{O6bRcR*d@DYj@=13FWt>?zYRSG;_Gdt)EYhXNjj zS{Q4{f1Al)MyRtI7hax&W+iJW)S(X|+K#}F(r`%2m%`QnXIr@ilp^+G586x)*@KCI zK2e7No1S$2sitF~8oXwd{)07PzektHioZpbv8!$twXDdi>Fe!GaWZ@dX|mKBr~s2o z+$#35%;So`x~(u@yBM@?*-mfA9P}DMzy<#HTmwU@RGC)r?g4i|CoG5Uh0uqtF=K&S z)SB@Hoib)ia1(ASaFNJ6@Pk4)e#EzdR7)JYPk=5lLWmvuNMoN}@TAaq)O&^io9LW< z6(H+|oy>c>G)c@8y7DGPfKs8gP0eLGd$45a zhxWojLXM>CsL`KHbo8Xr?xh5`_N8z=I2-*3yFqAmSZKL23(0JM>2E&y5HR7w2?-45 zTjM)DN$!AD(zbr9Wswbxx5sLyAbPmfFkz#L!`9;i#Deb0b98oR+H|6{XL4fO8Z#;e z>;eDOXEvId?1a%fe{N8xa?=qK3@R4@unw!twn5{tC_{@103|#L4|YNG{HE|wP?ww7 zQH^jO+jZa*gO%VfhXAB6UBXrf+vtOX(Kay8baUd3jYyy`$VgfQSv_Uu*^u^1MRU#S zqZR|#O4eY(802p*oz6+5bTa6Q_u#7bx%DG9!};j{(++fg<8~%XG0Jp?3(B}Dj_JHR z4JL9Lrd3n%RC5Mlwn%$oUg|vxl{DQ+=!r!MQZ?i#b5tshjAnCHM(G%(4>mO`6gSe2M2< zP)1Yg(L+MX02&^(d$6}e*|zK@6Yg^Pdt*I{nOPL7N?M7!xU{<+CDrBSFLLvSe%n3L zH@A&SBlWrf?#ZCb#6ezBz9C-maOed|`0u{L>tWkPiuIJnotLM=H1Yqf^7yGdFOkRYClF^t%~vo+0eh zJAfDEFDQhCkJ^Aht$0g>1>x&C8Wsk2I>67nHy|<2hzDWjtJ*hm<3!*dzRpjyp9pPk z@)e6eL}KCw6Fy?bh#>amrnU79is*GAaI+#0RKo8B#iXb8Fl`6#c~?rvOWIdHDZyEJ zmNXQf-!y-1Dn~2PV(Z1O(XID9)61qBEJr*R0RwvD|_H+BH^J8mpgGdBF*9mc-UoaXV0| z_VGJ<+0mH7iI)AA(}U}94RQ|OkI{XOjP!sY6esO4n!1Qtd?C|YyF+?kO87gg6DdAPJ6E3E*?0tj@0)H9W>$VuJ-AH;l7*r+>KWfYNpokVz ze7rU+8QvrhNm3J~)o}=up9*>{B6v?VQ}64+P45s|A=fDS1h+0hY+IG2m7MuxZ5=xx zNb(xTU$3ZHXbgg_)(Py8bnAyE(2JnuulfNwQ})8--_J?im@Xzgq;SiECNLt8<}hqW z?H^zuUD{T3MsH+)brh;Oc`|E4GZh=nnbu+@o&TbiZb@s5m@ozx(dDWwDzlbq1GUwy zsB%m5p*`eqql4Cik_-3J6`YP?OGx_w;&ECHZbg?dD>@RzjLmAEDlXFK$Si+O+#Dw$ z3AEmgVoMF+U^p%3CG-OKcCP6u4z@y?w5~#CXED4QZV$W+VnH0uGEekNvj0v{&yL1 zXlvxx-EHd6pyQQI`^u_v#oI5R6?OBtjU2aU}GjA?co z&*<(5Y)UqRgiQ;a2ITsN2qt`5o5RfRB7L(Fi0PcGV>4x{n?$$9>pX`2fO=n|b$StI z4boFant53ycv#C9(j=$ZRjyM+uQO7MOn)by&=Rbzjl<3!Wm>mh7<>*Qve=$=9f{1B z%#7@-v>06;-hnn$btsoK`lc2xb(L*Hmd&-`+A5z^*yxrq=C`M%LE(=CJ3l1$BHZrD zE!v>(7_XwGQReiH#&)But^Q))k+fXHkP$OnF_jH4b#MU3`-9gyAwbAT?IEz zEmX~sW+Zx}GX{bTgd`pLC4L!|=2BR}Q3k(fiq{WspWVwoP$u+TVJU)xAWE(;1}bg@ z(m%W_yz_Cb`QhExouXIWQB8jBdoy*HV4!e5^c%RKqA0-cDUg$l{ytks;})dBIM+I#Gp?!q7X6vULc+Y~iYoaH!U(OGHN|kISNF3x08$t2k9rt$gP~&aio7(hx>qcVzyK zmUa8aTC)9Jusa@2eo*dq=2#T8KD?n&)3M&WJk^qEt>!`^4^jsqM?l#xTp72+g2}S? zM>|4`(11?(*yZ9OeCS|y<1PLAC*iZTro8IYn!P0jyl9bs2IfFzYS$d;x;l-Ekuwv zlF1Vm#W7s%F}zB&&4mrGGjSjDXY%^3I<)&@{Iqd=bc>U_MDz61N(s=gldjm9hCr;C z#Nal~du=6w8@_E*>Z6}#PK)kbn8qPp&FR2+XK@We#a&9pd+o3meltuDqal4V&|A2y z0LvBTe*E1nsm_4P;5BGe^yntf|ZgVg|qP!vQ!M7#RO8qVivsc>ku!@RyUB ztf~jlAw%U8v1zfbAcPKtF8J~U^YgmqC$%bSEnz;mNjQQ?dP>Njr8U0;1SI^vi6RsD z-3VB9Ht6LGvK32Nm|M(r9dEFB93NjhYy)o$M#*pV%HjQRl!0qu+ko1yjwQT0<&1c@ zek6b&K6uB==%ZD~$#Zv4B2KQ_1m@E?XdCD2>!IDD8C1>6 zD{Rr24y5c?3|Zjgx3& zHD>$>uOD7VpUzWoKogr{vzwT^2`0LHSM->QWSX%VVIfk!CsQf9+cTsN?GDoSt^D<9 zazM!H(%37Svd05szPe|xr#xz0nVn`bhS1?olCWz_yET6B4V7Nxcf5wmqq3Cbmtc)H z67#BrDaZPqyFGHMd+Q?lB}S=GojnnG=&QAaX#sSHRp9O@{@8i?MzG1oW%+TbF2iLr zC0>@~_pUG^lyZJJ6{Uk4)<}EV3ZppqTDM);9|%7*m5^o%JY(l5%^4?px5SwOmCD=k zl1VsJ1G%hY+-G6yzV<%#Wb&P~QX5Z{I!C37scF(TDHNMdlxwa_T>D|bZiYpfx2{Yc zx#i{RJ+kW2gq)5QZ@>;Hets3?4wJt49gf~I@4tL3$311@=IIb+BY$aQw#(kmK4`;c zRK--JE%bZyB|y^`EA{k~59|?Uz6a;WTmZiI)IR7JRtaQ-z69E)pjd{7l>ipjGgc6( z3>8k9id}Hju9JIZF-Q1chFjJ^$54KKBzY<~lHgD^lIoV~@!G^vpul2?mc*@5h*xY# zmOh}^p^jrDv%Y~w+7iFAiOM6{l=N?d4T{;=SYjgI5*7H`qjoZLP?k7D`tyE?_w*t&$&eNo(gWb zg#7CN78)#09y&JYwEbvQV^7!_HJXVhipF#wE~0OD?@x#Fz|pznCS4VNLhc~?`Dd6@ zsXEV}53uxe`>$~qTmVr@PE1vZPD);!!NtnX(bme`3LyPJXKH3{6Kq1i-uhnNm9=cQbp2KhmfF`^7l_ z&x;+LE$FQsY#nT@jQ-1wf8<^N_LP6U@gEJ)nK(F`{n-jC5F{id&{M&`_Z1*A{QtTY zM+ZB4PdnQ#^>zDwc0|8t4cQp}MnO{U)dEWuF&K`_A?zt`p{xsc0xT=qg?!26BHupa z_e;F9z0ufx@bxHz=yWa?mm^{2xpOsoqkv)Ps_D0p-8_U+md0SJnqeGSJ#G7YLunySY%Xb&o6Rdf|fwMg&{SR>7w;7{xc zB;V4+eksmx*SvY#X>Z%Vm4`IXk)6B2i}8}s0YcM^Xvn}CQ0VZ%fuhGDsJdj3GP~w# z1>~}tV6TgybI-9TIf)WN^NmrUSL}o5+mmg3Np*+LSa*@`rER4GPhLE+ka~P%?y{qzL+6FFvkfcOK>`D%wLRdz;x=>c z^2AzpUI#N)pwFT3Hj_lq8jq}B&Bzx{RQ09VSo_&AuvN^s+(x;%S5#I^c&V)N086;U zDj5|G3@k%eQ@~ILb%8n-wasxutsStnj;aviv$vAb11<_gWBPc`W2V-DZ$LRu%z4H0 zMVR9bN3$@XgkUA_*Fj1RH7?y5)BCSqhrzfm_>gAV+ZcECdyDGhGTEwt`U2P-kxE-_ znjmP5gpD88Kn1!#C^PN8)0hl4yP{FEw9|@P$=3C^rMwBf)QAw&v1)I3 z!|PB%&~r2@aU+kXH-kM^ujqYSh~PQAL|qx;D~obN`J@ZsGPqG&iGDHs3663j%sVBm zD3i)C?Anb%Jj80;^ud;uLva5o#M4MmnH}fj)fDvW$;IV4IOb?#dX|Ij#q)Pk&-eWL zpa-4NhOQ3|Pr{aST?zz2#@yVeb)7U?Us;dS*))do+s{|ZL zK3YOAjd`Chlean!I@0XXp8{Dw>5r5PqJQXWSK4=K`&R~C(go*bZ#5@Wg*9S9={1M2 zS9_Izwg9u)(<|bx#B}aESc;Gu&y4G>!s7RLkdt122 z$p_fh`KUV?7+w|I`>6TH`a74q1{Rby{7TZ~clyn+G2Ss`P(arUY88H48vT z?EuF=k^4T-RSXyr}0l6H9lrv_fAG!0`>Sh<^;LiadD@&k>6Kd3O|PO3eI%)%-+VrhQ5toi-t z_kp-qWgiF_Q7Yj0ClTpqz`uVVeE+}33@~g%>PimlgoyszH8=0(mhILV)Dy~TP0AJJ zi9hY<@yq0Nkzvt?<=YK<239b6NOhX!?eMMn`D5Q>JA#UooyAzPyQ6j(sLbSFJ<6@g z#k@o1XQcuu(u&cf*_Y&U%(MGnS zdd)bsq*61LrC2#$TZ-8`ZTPvwHJq(YgDV8<7{aH-*%xY!;gq7Jw6F&6XDKSK_I-x6 z9jNQ(T8REJloESW>n*HQAn;@ncbsxn>*izKmOb3nJx&!2KdaY+BUR%WL4zqx(7S?9 zf(OQPF9YW%y)WHi{TGf-Hux;Bfx8EYiDF9R$-6jp9vnRs5vWn6gmQfXNPwx`pWxiQN#ac3NJ@uRXE#*0 zY1(rU@u2d6NKXk^&kiL=>Nra}DrXwH|L z)y9FofDQ7ztHQ&fmPvXBv|7e7gwB94Zj*A7mULI>>xOMRF*Q1KD90#vpk-VwRp)X_ zS$@}E=h!y-$~RaI?5FlPn-iHMyX5W71bf9rFub&-!1C!c$ch# zHCi<0%PsT?+01pbq(<$cIOqKU+4dnm`J_rnlGdH`c@^nMig z{tJWeokFe0(Yc!C_$uS`h6 z5c?k{%#ypjVbAAIz!<+?dcVsEEs_ivMGm+k+NJFp1znqSO**9=8{YMP37f#J_ouyM z8%gsLNC`X{{a%5sJ46O2CjygRkuJ)fm?;yT0&Q-8l?Ps<#f%<> zja}8}JT^%lI%ymc>Kithr6q0cDB(TA<{5iv0SgBwVm{5Or=P_PZIWJA+1L7dD(lXx z!uZGN zFPbt;e!aFy@W6VD6}pooy_k%IqtIykcY!havvQ7QV-omp<-S($(63%m;#Lo^F=pnF z9c&5Zb#&x*H0vQK>FHb7%w?lrO1!f{A5hEqjaZ~Bs*_s4SsO)h ze>`)p4qFvea2Ds=ZH@|hxvP(!W=~_Mf6;>xkH3eBJ(>uyGMP06anLL?!KhiTLqSR) ztTw@Ewz1StR&NcWI9mz8$9s258_4w6U2wuP%`%r*Z(QE6B44lCC+A%NgDv- zpL2p~aogzo!F^>Mel367%ZC^AA}ax%yC7A4G=B>}gEtImSKWZg4Zq7D#^8w`pM7Y( zZf$pooe*CJW|Dy)^0Pe#R(+f&7uN<%s@8~K1$P=Fn(5Tv83=DoaJp4LL1IxvieB9f zx-IL++tfz1lb>mdUWfiZ>N}MptpZwc{^;5?{DWD{hOSlj+6RrS>A_R@B`e;9MFXqh zkqdDYwL!(*p1js_v&l!XFWnE7!ux2v~99dM!C4Fl%i$J;!K$;q46G*Ten8M z8>Nf-xo+thc9aivp{}7XYKuIiY}%n>-MpcPAcBv5_ZYC?K$n>uz-wj}eH zfxOlMRCo4bTXbWuS8f+bI&ByZqpZlnIK30D0yNaQo~;YbKKf07vPB9Eg19IguUi#R z){jWSUp2!KtB%-c@Q)l3_t6O!c8PV{yWf8U&kWQa0~^mM2_QuY1o-!^UsV|nfCRt4 zkgEy}sIa!j>HFW#Fb9&VZ)aqm2?-{tOX%Pe4vDCG@+5D`gqDQbQ$5_me)h;MdJa5tT?RI%)pAZK))wI&*yX+4!|p`(qm?DvS@UbN(92 zM^~V?CHm5@t~NE7t<1SU#}jNSwUUeBa}Nrwv2=Io%X?kGo)I;p6c|2{)wVDQ+pRh7 z0C}ezK9_t6PEicE5DCR8eTY+*GMGwa`D7zCOVzmS1asRZ1=P042?f+Cq*T#vDR;Nj z95*4r?D-4bx~7@uHfKxc?ma+}v(EsT*&6AQ@}oD4L5{?pMMupK*sHdrc~Iq$Jt&oX zPP)Hnql&A@#R5=desy4UIqs|~LgF4BrmDjo8r7poHY@rW8 zjm;AF4&7Snf!IsA26TGOfv@EWYTfWdwI@8~U8Lk=$ISIl#&MO{rV)i;DNi{nvJDum z!k%Yq=YUzxy8SG1?)p-xu~nu)XRp}Q>QX;+8oN2!&u(=XSQT^%t)sEhepg)0tr@vt zTL&vyEYi=cP&X&0S6bB$rdLK3eux|+;6S>izq%Nxu41!%qk^Ws`g1z4JbRAgyXXpu zE6^9Etzu~I^29bH5XcoEanfE9>i8i{|5$l%B3o>CiVjtF0b_^dXGopMNN1W8X@){N zd3=91y~mFn9UcE$9K52b3Mt#-Zs0e<%0h*{m{vK5X`ZBhz43SaGOws;4}(j|xM@zC z19Ww*IXlgqZEojJEbbWHYput&+OJiCI;^VKZyKsk%dyn4)Jec)#)ZCI)g#ammEA;2 zJ;nQX+50l)vXlPTf5w)4EFsP_0IWn4K=|mNPVV2W9Kru$<)l><vEPqH^h+^iran?DQll;P%rjQXE3|A+ zQ5sFNpL4#D7_$OqqL^hrToIe8?TS{SOrIhlc>0Nf;Qxyd5x>QDA`{gz65bp%iOOOV zl{2y4mPK!EEd8oJo8?_k*bJ?!ZpW4@qH?g^ggN;LgIUe1!2!VL zGB+k_u{+`eSA%vnX`%qBga4t*vPjIl6?!O5aGQ3eOfl;>$tM-F%Y|Gv)j6Kof&WTV z?nya|W|x$E#WfPuuBx%PQ#S~LY7!R76|luUu{l2+nrr6Kn6DFctV%zhl9iCjajjJk za;a7lR-76O^AdQtS}ZIyln`siJ0CBkexdta%aeYHEFfnXpoj+` zU~}PZ6V>d4iyvJ1P>F-S$zSqXRow2{DEm*W37DNWA~L|G9_rben)sL0sffF(aVP4Q zx>q?%H5u4;3j}{TE_l2cH*eNFd`gUvhLDd9L6(!YwCGY2++>clx=%j-D&gE~`}@X< zqhevb_CS{L3S`dvyZAl^ySs;+Pqu-9Yq`H^`8}$G>dooR1f0DCW86!|cLj`$m%wZh z1W^7Fi<85(5fA!7zy_tU#D}Siq^*FGKM@C_t(Ul{BqM{>kQ&NIpx)kX$C%N4Qfcnr zBTeb&08GCk ztr_I6M~_g|7U?R;)LP+$Aq{EAh;*}`-+1W~Qo}00rrVmoY^RaU(1=zc*NMN1b{miG zYbBqrzGxOcwVv4V)Dr>x@~PwyZ|o?cN@Ejc!$So7xcv)VZ)ZieK*R!2cFJx z-LgFKU6AHqcL#TO2Zt92 z&q?sDG5p%IlTa|(=_(G61SgkUIan|HD{HXR)i1o1jRZu)(cenRxm?Fwo|*)NKr+b0 z%UG!#Uy_O>$kbn{-Cy0wKgZw6++Ik&oL?81BnYUV^>`Nj(GqOdd>3s-eceoQ41kZz7iPa{K6TnpbERM%-6i<%qJd~u&!|K z1Xk$WTE3&rr>d*r1j307l##&++&W9^W!m>Bi+HF8Bb&3ecHfpQE!7RltZ|`wFt4;BVt2 zYIf3Ul|Bs>An5uWE?CRKV+6_il$pY$IU0@iD)Xk9k#O{R!D-|c=yDAeG~H+gV|z7o z^aGj2{ipPbIe98OvfqG6kcbJ(aO=WU;oK+Iuh<+)PIGRiyyNymv4H5D#Aj7&0G4OQ z63rm+cr9cgpOo_JZ)B{BN@pDDwF0t?@3B%~jttnnZtnEM#4rrMXw;7qu#! z|5Poo6g|QAkVQ6C-5Btrde!X%fiu{Vfip15d3`J+g)=bG?-POhexo@6_F(fOF5SIU zi=l8(t6&%;u#eq6paMs*7adCKeRx)st zqn5Xcu(Md1Lm{&M;rg&J%aS7|Q&ycQa+raksiAdA3)vF1>f%3UOcT7Rj>ld!Q~bqU zuc)-6-(s2E*1Jpm3(cg)qakBP(&&^;@|W>OdjxC`yyuX_P20B2@hvJ0Tg!1r`cdug zs_*ioE%RaI6=yec$vEU2l63;UZO^XPuRE_@#6*0lER|3Ja&ucv&&k^%FFH+9tDWal z*;=pM(K~wnzRiTa*Bk7%5ETgt@Y6gmQk8x3{)@r3^s!3P@Q&zNHarHxosM$uE~;E0 zc8~>l*}7I@B!h^@w7~7W-%uKpn)9buWENFPTyG}fF^oj!#zo>P_#_bv<=F|`29c|> zY|1*8UojRnT?~=>F#2+)%@(0)Nk|znqc#kJ=bNHyds$%Z{X-q|EP&nWBs(cI`Y;g@h{kTBE%K$Sh?n39~3-arY_R&Owc3EOk8}U1;yV)ua7}nCo|9z*-s6d@95z z$O8@=9YI3&N&3V$A>CYj+F{hulxFYirG=8;Mn54xN-65yVNDMpZ9L+S8(W?a>)KsMA37%P{{U*+*0Kwj8i?x zW5-zT5eLx{&LngS@&5catw-^b24VPP!u-4VP!Y}wv_=DwE<_q>Pp1%S{&<}O3RZY= z_Jd|+O+}KXBDyJeJY`_PJo_@1G}fkY%|&|$g?iNcXri`eFNVKvEJ$b=zCSvyjDkIF z(r#wD_^s%7hCRAXPhAN44)%t0Bn13)%zl8fM#8BG^4>vF#Y1@Z3X||k?yOv@2n(3j z)IF-3KXt2~;_d&~VBg!NrqG#?Z}yfC_0pLe<9_9PGV)hxN)%AzV<+@a+oc!72i-4-DBd%d zW{Ha0*s?_K14IJ@CMJtC>kTKf5@$MK&XzOP58_GbL}I<$%Xpub`|P=O1@r}$_ks5% z*r=))X`OOILVSXlDB7YU$$&F45-&4de-Z)ot6PkiRS`8cg5N|u_qk@J898L)OxMn9 z{gF246iC17X>f5ewIO&jPixa7#9yWa>nP{yg|x7VDh5vdc-UDIqN>lj|-GQ<0aqe z=$B3VX&q1?sS@_Bg>2OXQgv`LcrFF&gjt#6OwXx0*m%sIZ!7-pXSwpSmBy(My|G3a7dpgMLx3zo|E)Pi1T4I%ApNe9ODtWtzynDe3^V zwz#aEdU#q(sdNP9&TW3sxY(&t+e?5|@DQ+|`$&g9FEJ%wva4he)y;7!>r?H>%ftTnswu}|EKyPy-R-|@SVcyO*M}t#o#IcfD zYE-iRzz*D#oJBi)7H&hNCblvDwL5b=QJ?)FR+jl>O>m=uFnQji;TZjkWVs%a@7qpZ z{0WlgXMBcm_XCba#_`#6f);zLM@eh^NyFP^Ydzmf`}^Y}_5_sQL?g46oThlL>5oNe zd&W@m0eulMjvcW06oi`q%*<22axn!Q&B>PQ;<&G5i1qu5`qNrT3Vjw%_b`YQTsMYj z#WVVqeP~I*62Kb9O@3K=lpd{_Yxw*$3Ih#?V5mclM@*g#Oz}%kv+Mf74T6cQUu(eu3+TW#y4E#*y$G9HdXL?=jga$FItE$+xNUUp%E3mbmjrP!k^xe54xt9KL<><;Iir)3FYM`NYf-vmS`LZ_t zU;$1^E(2O|>u3X(d)`BsfniEV(bQo`jzHpN(l{bqmDCb#*04*l%o1$JDmf$^&_^y7 zlQv;W^5NQ-s7GFe8b=6)%Gg}LQPCj}7SZo8m(dfpYO|KP?zyMW6^?H2n0TYjl3Ez~ zx%XE?lrbk;_5G`!@{xW`@+5j;jDTShIzSCOBI30s$87bpo5uCaZ-f$Uglw*SUw8Uu zP=&Ay&l}Cd6zIn}o^8^KGvb8c^VZdP2c+LGl-1|=LWSR3b3?eb6Ly~I3Hr5{s53<3 zmc8l?LqWlbJ3wI{yaSw~7K#Jiu{}P^zC_GDC5mk^1?`5J>oH`pa=>E1iq`m(7CwG( zn71tE$rV_H~OUHBX?-XGuG;pH_9v;$}iHjGaQdoE>K?>yT%Yfe@Oo$ zF5ov3$fpVT3mb22Zd@!&(Vm6q3zx!2L7q%k7K~HGN8A`&OjR3lnHgu47(2$WCX36d zNk+8p)-;zbVsDMrv4f_&!|XK2>-CHS3}xk1vKiNcEsXshod0W69LW{!dgAw)vjQ3n z<}dLi#Iv1_uyPdxBX(;N7lH2nxeZmIDALV9vj(RiX{Gf}fl!dFHy+uWMSY-&IY60B zi1|1?61R=$^I3C=+LmoB+(jYkoP|N!mc=Yfq>}tzQ#|kEW|H8sQ8`qkvBZML))TE zIaxN#&FST1sT&cH|m~h1(|h*IntpJ=3xq;__XMhkW(UQNBar((DPDWcvl& zBdxex(J<_or!vpK|MU-ZTCUC)08~HUf5Z>}cd`M1p!?6%+dpz@jz-QdX3qaY68pPX zMfaa?0%&}@8d=$!IsaRMnBMfC-WAvm2X@TxFadASS}Q~?GLhO~KT5O_6pk^wtU8fK z!wnF=v@CHr_f*gbgaiJ}I$kd}34sU!un~TgIeP z|9$TMm>BA7CnrC^h!`?bJSYcUtT;Xc95-IV4@46j2}Bf#8UePc6lQ}w4CGPSyjFEfjQ~5hh{qIGZyj!`Z;Q7drq| zS;`^tF5J5}!VNnOp%46=y%uj})36JCTOZ_{qt=g8)2s-*NZaw{PZd8Ko3<=00E?0j zATrIzbmzmdGmusHmPREmN26o_9++3fy?<2aJm;KlXsQ3zl9Chj$ zxzhJ62+TLZtmnEfZ4mgCsi(iuep2vltP^&{&@YbfP+{ae5rWN(?r34Kx7}nxoUYLB zAM33U2jV9R=@Hl8!o;_z9W{?RcF-=$ED*XdNPZ`~Mtm!PiIKt#&!)eS7Dmqyy|l-8 z^7P!-$9VFJ3mQp?i~dF5dC-UUb0@X_*~|)_beGVdY>LPVUdBZHW&{#yr~!roU7kphD1YH(Jo2ozhnRQDKp$oHLKIOs#NoGBz=8rPu{VJalA_5+jieL^;US~1ttA=j39rEqxAz|~zuMS# z4ZW^j42M1hPhSk(JV{|_5NM%;A-je(LdTtt)il%()FCiblOdcdKJw25DLsabj}V6) z4?hIKh#LIF2l^_Zmc-dS#KC9+cWt1!ZEjctOFN zMfCV)2%sj_@ts1>z|}|lU!Hd4d(IDzl}u3csRi_Y80*-HtNYqO+(VJ8Npz4c8Ph&% zBpsrw2ZNZ2r?H@x!UuaTrJz(!(m}t-c*#{N3OxxsUqH*y!vs@ks6!0&jYFF-*|=a= z1_x*|(9!BJH^Ka*_bTXX`?UBy@v90|MGVrr+>MW2&;E7P_3 zae}%_unE?{}*br`yz4Rwnc4kMc}7WHq#tUPqMrf^B*< z>*`DXtj)54P7l1YN%*9>E4TZWF!U*bq4!kTJ%jN!($Q~ zyE0qqdt>YppIf@g8)I^DA1B=VF3tcBEV0aQr$Y{AZqOy(w>+ypH0EAR2p{yY?W5}_ zVqD!5E!_H9h=LAKASQA#D7laz^y3S}$3@?0Y}8Q`@jG7vfCR{%wxV0QUijpFZXr7N zhxA(4qX>-CF)Ril#_BMZqPQq`&+?Wk&W1W(Od7tDTmwG2&B6HEpUZXZo+Sk~Yyin; z+;)&w6-PY!IsQtI9~J?p-}xP3&qWBiLsQT<&_(}4F5{m0ndI3lWsxr%ko}Vb>AkSt&gIF3iOdEH^u5`BA#PmXk;ek7cSp= zdxm^es_rY_MUI;0ih4MeXn)ipo|`FJ#^^2sUDHxCGFnq#+pKa1GJ>iyWo@3bQ7?La zg>@?)l7u4eoYMlzfE5JP2-~sodDCU)l0CFN)!=-?nv>viWwRIA(m~QnQbGb6K#u8o zI3_mYGeXxkq~G~vqXrrb!_ldc(Gblj-;p%JJi-W{#o~vaMqa_8p)Mc zL$K)9B5i|9k%NQteK1li|A$cA%uqwB0890NCH>Bbq*?42{O>W?1~dCkO8dh2+lXx4 z@gw_%!ziA-OxC;+BZ-B>9Jj5M*1D4j5ONF0jy9AMx*}XB%yQ=X@VguSnGz~HJNUB` z%RqN*!c%#Cvv7{KVG9!L@jDCayX7qJJp*>o_aK{Xmr<$@17s)PSBLFMz*>48Jh@y~ zvF(khbJ0#$A02A~RP6TT_wYT*Vap`uOEAZRcJ>_VL}A4>UZM|VZCdEGyo+rKw%IvX z3xKZ4rQn;J>&z$Bo4=*zaQqCU@p@MKsNzJ`yLqI9NwDK1ZkSBb8s$M-kngs0WPXwF z_I9;LT3H490N?Nh>-2>($B8o+0d=LA6pI^*FJjcWNH&LU6|?1QZ)_#*n=~K*o4^ZD ziv^n`d#^F;Dj3?IIAW2hmRP1^Lbi|Y--|H3&HIwvsZX{YB)br^c)g~4Z8XApNQo2A zOws{dhT_NNtGL;Gz=a*pFT%xw3wP3;`Ak}Wo)G_YyeiT2i9Cny=+?E+k5Wd)h(@@S z9k+{^(|eV(2tyohLdw+2r7rH$I_9$ZiS`QJ=C;zEwz<>5>;=`P?ts4jfc$`YSoG7H ze|LYOs|X2;1$)+{K<*y*!&-OT;=o(HyRwI3djK3S^+OioZlQO^0c%v5KabIc+;+gM z-xs4YcjJ4`hwnnp{rk(K^C4?Li^u_co&}$`8E0j7SDQhFitltQtq67;73>*`fv^v( zAM8K{{}61`Sst8Zm56a@A--SBDAyg@l?Cd!(Hiay^iK%8&O02#P8k1P!zUJ1H|NIqJBU=3y8oo@8BV=aG7A zl_SG$(R$(Ml%2baY@)Q7Uo^?v5`WN4HpF)f`^TFN!B}E52kpx17evQYH%QHS;(;&pwJ5Yym%Z|gwf6ua<87>&^cXy^>1K@0 zJv}9i?VVPbpO@W^EY}z|9xc1OGFh<#XI&qAxl3}P8F@nIT#Vla0uu)eDBzV&aeciV zTd{(MI_r}}E}vhvFIzD@c7Qh`!df%F1{&=CaN=Nhy3`LdTL}V0OmQWg1oV%Wk1^Hv zSY2|426UhKh0`^~e${4F_hMs*j99V$oag*VD%rPSMLD-*|G9w6D|KHNP+l94UXXIt z&(esSdE#$dlI)p-Kg{k8_2>%3FpG4Nx9=G*Ul`BdC;x`qabmDih5AIv@Ko-4p~6>Z z05>di=KP_o7nHh$iL1E0uVKv#UuMNwY2SyW7Ft-2T~jLd(xe@$u>{>&;vdbiSjbtT zzAxv7*rO8Wq>MK}^+>;^e!biHhWS-7cMtCoY}yjzJwbrW72`w9VyA{1<=TdTf41#K z(ID!(D=`1heMfnWT?cRQ>2qY?^5ebhH}(&a?SPpFgqt?~P?$IV51pD_WFx-#Eop6z zc$sUmA6p7gZ)Vc0zy0#khxj&U#vApoQ zXI$im-7C^%3`x1rbGK%U?*cm*L<@ z6~MhjF36BTu6#Eo5L6~{<}}djCi8)ChC&Gym4mYyOXMTXgwvN6p>~t-Xb(oS z5KY$cBW`Q>?gWByr+d6HK%b->E}*>+(i+(0CkLd91#BqS1U#Dv{9p{!g(XM;KAQ^s z@LmIyaz93u*nZu_=MVC(@Uq!`LDY_~(d4QAnT4?DolswJ&`#pK8Gknr^Zv4_#w0cZ z(j404Taw`T#(^QKi)hLj>bQZe9aZfm-$CsxomaM>eb<9#6<lt4#qnq7b4*d={KG3>cPcfpB z$=z6Ba0V>2GqBFy5c{ZUPQ-oZ9JB+|W-Qc00!^#ym8$kwS`K}}u~D8)gt*NytsmR1 za+v+PrkEes#|(vqjrItsUmOIGR4l zWxq{#_QCs7`Nc{9dHG5IgsQF`p*g1q;di;rrEB~Z5#|d`8=Secn`Oz7H3$vGEZB zM_{YSz?uDEhF4i~tT_DA{M~)eL0SB+PuA|Y((}1O;)Db(hS2q z$7*Te>^HW!#xf7(s?rj{pc9dXpEwJSt0e^aI+pZoCGhoHHu*lM8lDn1g?*N|_zE)4 z%J|u8^Mal__&MzJX3o++f|SlE9VH$2iL!ZduZmm+b;tFSId1oiTzS9dG#Chh|=2yWu-mkoMM7r?wBL3jh*>bp(sd5K5CsT;v)~`$! zm8#ux`ZvS_=n#gv?JIKSNAjQI0skQa^N(17h`W)Az4KSs@_!a{DC^kailFiCO-1bG zSKznF?EQ#~HMJ>n%{eHex6m|O<8U$BTegUf9$j52Olxghyu=v=trBm)4epon_~JnL zLX<<3`2xL@=pwldYOUR@qSW#@9c{84WqO&J{&{_R;s@Tp;rPK>E)w0HL0!A}VxNTg z)Jr9b)Qb;|>#h21uh$F8XD3M|u^f9X|6QY(6nbr42RaXDa0t%KW@2{XvC?#<)q+(L z7tT7&pwJwrF%M_5a`n=($IeeZ^nD}!C7w8E-ZEh|Zm_XdO(oRDWKY83&Nkv(!h1dn zoCIRFu1B%;9hFh@aR`l+Z zQ`Hhr&9+JZJLx8D)zLy1d5(ISJpD5UE}M#J1$s;6oKeaH6RERn>v&G;r1l@~n|F>D z-^o0)IY+ZayV9v+=J*cMDWn_p=IVLdLzT*RPR7#Hv6oVsc@fg1hos{0oQ7(g_w?hd zj>!44HjJCML)Opud`dOYqRx|b$_h4?JlOY&))J1|a+`nf5LznGk)jWv5CZn-PY>Kx zVc=-Qn=(rhB@+`8^OglO5aEMYq%~b;tEvQ3y-ElY%{bWWSD3P_L{n{_s2Tfqkwm@d z-N5$RB>KGj+--dg@(1woN1lQCjMYE&Fn?*X6uS&dxdkZynwJ%0dBj#Vxk7fAE7*El za46!!?i4^YRzwTC*O8bGgxe#D<&e921@X&FF4_W7{CFVO>|(0-jaxj)c_8^X`57eh zi|){*CKBloM%6stq9GDU1c>@fOP^A|3&vPGOmA>bB7WKidP~1)}G=1NCWr3Kej^Kne!Q84ER= zOtMcdt>9)_LhCTve`n(L_V#ip%${8BZkqM=;`e}UJ~RdVh6&JrWC!!TEP{bPG7-eT z0M@n)ZhD*0A!VgRa2N@gF)g1a@F;G`>1>woYPbqV-z7wMv?-51+Y5RY3tG?Sy^=+$ zJ%?!#gsO_(W+45(I0WN?c;)qTUlw0SZW!W1fdXnrtPge0%B|(op+)y2V49K=D(MCJ zgKYb`ls&{HMO)VG}|o7Y&3k2ytf$Pu+FZsLa&@IJFWmnn_ib6odKAUJhvRk5&MROAH8x; zCno$4MQUhOug7fk9vfnI#Xc+|*NIs)$2Kw@dCvvAYPz0FavSNpdbFE&vv%+Cf>%~; zTbljCn(y2LkiM_HAA(ARG<>&ngeOJ=l&K%eN`ABRW}*CECk&@!dTe*>3?Ca(S#K7M zJ~{Y*gl^<~?h1Bk2fEPysJ@Fih?n6l&LhjXFR8H(C=QA$B_`?k;!N4{do7od z^YIr|Z;h4cBA7R@^2_Yl`lgO=3=lVdq)%e&UhW)arl0K5Rm@4vXvJLY@$pUGI8+|K zdbVUG$r(5<&Bv=w8t*a}*2kLXf8k8}F@kWk`W6*ln=5Qc74m^2ZKEs2a%o~%W_LNL~Pt4)ipHl`@8SL`$?JxTF4x7bL8SBl6!CN9ek zKl8mvxM*up6&-e8eU**}(+mT^q{+W}$+%GK@{QfK=_1al=+kqFy)nR2M+1T3=ZO&#v~%61T7Q zLLp^7SKcY`a4#tH&|b>QNE&5ErR)p-cAW9&K?IH-5FC8OqQ>iKmPTR{2BI@TuH-IKKKZ`S@oN#*^l_KZG^ky|$5$SD!s z1d&utBjyZybKXre*B6Mi(`F5jqq?^~qo-@&0 zqulE^QU;;L*d)8~JVZP@4S!DWh8;*BJoSnjERSaoCM`3vO24jv6_HF!%R6my#*scP zX>Q@HZ=q8p+*Dq{Dbr@t0mLBzLU zp;fWl2zJs{niz(lLR%RUxN8azE>}elk9iFtYzE)?*;qMWPHl;G*w_ckNncI?2qo4i z6DE9_qqFJ;UT8fBdU~EB0skjc#c7)M5*DJppGtj03xKCi5V4%_hF`J6DAk7RiyqJ* zOb4S*OC`*wR6TtZSk}p{G3;b;V?{M%mmpVBF&?@ZOk-WDb$b)|6<`Bx@7K!Q4SEb* zc#(1ON?BCbQC#QaYvyHS_SO>?!|C3}6Xnv#?*Up%`SEA}a`LgLQsB14i+e3=lVr-~ zmS=Y5bKFIT&HmHR)XeOyPV1m$%_EarFH>uOWohN}ePPIw_m6b%?%p^z%cO*mv`MSjP3UVP3p7=ZP+VOeOG*BLC zot0vAO^KiLd@Hag@qxgaLXJI$fBfX~v_B;TD~1%?sG+9ioYym)<@_h-LzZS{fr8Mi z(Ah$NzdEvPpk$+`ejsmPZtw7rbd$C)3gFMG*5(#|e7?0T0E>BfNc#`nHUnizK6$i= zv+Sin_zBH^+l7-d~o6ok(uUA(|hdq7{L=lgQoP?gPo~lu*`--|rpFxvX1A zTPcwtwVyAzUz-wD#O$EDb7&#Ngnjsiy}5IJ^{Gj0E^0p^A1Y}g4}p_S0FpZL&nzKW zWtItR8wrV>JK%FIt^K@xe&SjKy$5X-oSJXJDLG<((81Ec+`t;K`aMiWk~7$j(PBxu zbJ$+(v~g&dMsXO@{cZ6`B)6vhAxC`!rz9%PPXGO(ri~R5B)y4gJ{B`f^bSX8qO1>R zhgtE`FKz;rq`cPErWxRBy}(*Y8>hPEB#p^KgEvrv8mPodO(#Y|o*$r&X%mZzCao%2 zbR}V;gC^M8no+!*D>;EAZueOmTl?G;Od5WJqHau)OeEup^4veqP+F+7 zAnWI9i!sKo3PXz3(r00P{bFN3KIMe?s>CPQxZ5zYE)ME0;nT4TiW9#2 z@I=Z{DRKsO;!(B!ttx5HsaV8;F{`-Ijo7NNq@^rITS6Gh12qZX2MOO{l}J~sy^AIC zhqDB+dy7<3bhcW1u0rd!;aUou%Z<(GI;d&nT|W*IQ4lBN z*1c=@;T2kWcNPBNSvf)+fjz~g;H`&HT=c>@LJy6hNF%w)cwCB7*c8}IfZKXbQq(zyqUJz75&iPqQ|%*SBs&HxkZ?AwsCMMY;p`c zGA}fHo9S}H^C6vc@#~EvjweZ{X_+(Gw}_Vl?(XK_bcQ~8{ zJ3txLE>jdncA%nnY`6mSee_0Mi3^t0k7AZw(NyBk-ie|_i*fvnb4va?b6v$&yS=Rr z$J7$0Z3t_5OhD3TFa29$&|0c`^M|5P20fR@4g{eVU~N-*Kcq_C5Ppr8JMxppV+2C~ zMNQnc;2tY>WPVg}UV%SkR{^EPh}>|YXoXpm|K{0|E-5@sJwLaf1f3kiLfbG#loF$a zs78FP(<7$6RlKu`VHS4w+HAKstX7=CXN<(=ElYHXHr7i;)K{kPzLjnP7e&ZU^1YpW z&QB}%EaQ)cGqR4L+Mt;#m8w>2Afm#k117KL@W%G{?h*mDnJ1=n@6bWqq201f!gaCF z?1o>8fhTjv3Qq(uU^-q@^zQzx3+H*4Uc(3&=Q;O~s2@*r)b@?d4*_(8V(~q;rvoLd z{%_OrlM>e9_Ze91S(OQIVLLr84v3NkkQD_&Ci7_Lc?568M>huVud$E{{*aU|DT!bC zlGb(tFZwOz8vtRfgoVEB@UZv1j;%~h;o+*3U6DScTUgI$D+;w+z@6Pk2JAr{Zov$f1 zEyeQiR^nEDsBRjiK4Lt?vXXj&I(0vju`u}h?fMy!T5j%=t(NP!ru%!#qgpj2X~B@# zc@So5@s<>4oRe+AB^I+;LAcpQmJ=%c%&Hf)n`GsRpzYF!d9g}jYrX8{0&K-woa`jY zX#C4W^a5Q04_~0@HD2oQ0c+TiBIi^QxwZ&#Wg&&Gc!jo*+O1=2@KpYVH^#;waciK} z314MihPGUrJ38+`*$K97KLVJ^hR}Rmqfx|F9E%(6qWU5e0fX9TNjp5H&98lJLqDpc z8`su84Y!*~A|5BU=QjwKmq&g0*{qnofRIOSf;5fRHoUlF^8(gQab6G9gX_b5(j;6$ zc8_{))L&O97FC-v-7}7pX+aJZ1zzbfF{gQJCuDLllqONbEtO$!WIBG&1GsVn3*-%f zoRl2LczbL8J@^ul?kJJ&$GX;1t)GSAPb$0N5-X6!eloMr_PL&f@XH>tPWTd&CY0%M zSwC+OiUt_kx@#sKRU^4Qe!Ru5!;-DTPDkxsevsA3?(Np>$~8MX>dBG4>_t79++(`7 z|C-p1qS1T=;3Tt{+Csk2l9@!Lc=+!tCuY8l@# zpzd5Hts>3>vD6Z?}2+#-i}r@2Qkov%;@r{74$7^3#t zpnwmfhKKy({r?DGzRATUmbn?WZ`Nb(Fx+?Va$Lp|qlO!tHnq%{k&jq<8c##cALqo9Wc+%~UWa6xgkh1cLUFO6@-`K7Y zbc_tiTxK(S%sh$SVoT_uotOQhoGVD$=A)sLTu8IC^oD!hevV7Qu~YCV&$HHZ4Ql5H7F;fMC!by(I97~(*Uc-az z0f;+-yj`cB3WU<%#XRs3%S0^L(!GU?HLK^TJJ6t#t9YeTY9ea0m;$>~OXmit(ne_3_bs@~?j4I@vad@_@ zIEg@XB<7NG;#&JDofD@~v|ugQzM10A*6qP2r`NJ;CwWb=-A=9OW_&x)*pXF8`g}e< zUv?AgSsE9qW$U7x;gIJ7LxcA!`4$o7eyn6>$|9S-lCw0^eZ}gos`s)BPjJFf&mczf zjm6i-^eVbc(j>wSLdUV28)4)r_GSE5)3?Raq1z+yeVd$*Y-!BkWtZ#wiDP9QoKhrH zyxBTyzkA7W{xn#eWC2CQVH!dG@_oK$oCG{Y*rLR5VQGYhWbIY!*IAE4v{l2~W9GT6 zN@mbwPnKxgM5I+)h&hBfxu;|h&t82PGBPc9e zbZleej!ud17T;)P%1YSOl0ENy>PFYC7n8LnG@YU>Sf5gUuNb9{`<6W9hoqQ|L)_J_ z80)gw94;N=-F0#q&R4O`c=AEJ!e0ct@G4QYq8O&?g2v|bKj%DS~pGAt__ zDUz)!9GyB;ENrVS$7L2Box&PM*DcwS*D6Gvid-UF#<;fDZFKZ62gqMDwex8AX?(HN zj#`B+y+~XL;Pb?U*%ZnBXz-(Jm0#dzlL!)&yYJ)HjqW)LQWwN|iA#iHPv<>V1$^mw z#rYGInKlW~MosX#YOk0G`-hVCRc7LzEomA|XO*6r@ePAcEW8&y%VAHj-$9_&k7nv_ zGY)c`%VavMCS&bZ>BD1@HMq@-gM??UETs`R(bPcv=lnnM4>hZS6 z!UBWs-r0t-CsT)t1Q81~>aN-5xK^$nh8m=$ppsRRR+d(jR+UzeR!Of+E~HYGR*R=H zrIJKvL9aurLpKR!L32Vo2yF?45h*atH0(4C$dy#6(5jJF3PTG+mqKF;EeJIUJqTq% zH>3V~TA}$Kswt9@tBb5!u2`;GuE0vQNV73PopoUF2uJFt^^giJ(V#CD){5M3x;FkQGWYIGP~2wQLl$ff|b z=Xf;|AM|IRYs+h#Yt3t}YtL)QZTRhoZJF(fZTfB3Yt`#-_K?p)*RIzH*Rt1uYujqj zcF1?lcZ9aScXU1nJcOY*xZ#Zu}Z;*2^ zKNteAEU+w)EQl=NEbuJQEJ!^dKZs7KPGhr@7f$9bAUy~@U_Ed>P(8>kpe?X1kS&NU zU_a-=QzB}aui=g+ z@Qg=$TJ*uyp(jC)0%5yps&TZT03euwQr$TA)Xi|(2$|5C;FUmXKZvU_%0bV17@J|V z;VXf0yBoH-s*$x3MZ2k%!7|~$tp(246QP1?^}uh7+M_mOTZ49iW`g=+@?ic{WQ_lj zg9cZiPX#VSjV0M54-@>qsoc|e)hE!01!%Aod!k{2l^OGY5TnDD=!=63{l8S+NxZ`F z^*?gZ;VSga!G&nCG<&9Df>jy+R&7IGY7i`Fg7MOztH=s`iA@rAuA%Nda_8VHD-eS~G z=U`(-vOr>NxDkDE2q9*y*q&&(f2!Uq=a5+gbFkqi^vxlJSg=xirs0B38Ce7Q!Tz$} zj>^b`|JR|vthc9n7`pxZ|A2LYb%Fc=|HS?I*9jm7igo8n3K0cD)C*u9L-1x}-Um=; z6H0@F>f=CJFh)aw{!fweTO}??nxUFK8U7L2saw06VHxo!8J75ufPXKBqcq6TdIXTA zb26$RV)coj|Nn(41qW=p4WbgL2&0)l5*Vl;n}#^&q8{W5_Ee(H2HFN?N;*+y&FZ#u!RH?A_xX1SUPpO zwL+ctLC6S(!G1_oy?0OwK8xIB^IgR2uf8+m7}_E>PK8HrhvVs-M`Ku z-|%dIM1Iwwto}A)61G?Gb9nLkjsS`yYspctQy$se zC`zX_oj}D~U0;Xjb4l3v1udm_Ak1Qf_1&<%x7s)tB-OAsNc$O*9|ZZzcL3SEnRJRe zTkGx-pIfDNqea=kax>*o7D^a0)OLoOeA?iPWZ_B1K1tdmxJ;`&_Y95!AkDep;8mLc zNGrEi0Nth;-z+QIt~HP<&`YCsqd|l$zRpm0-sWV6oEm7%#)v z;0$ohV~Ace!$vNZfwtCWV`=8#K2zo-#HD3WEy~bVpom;@+a&GVJML@Y@T}pB)L~TL z*kU*MkW?p)JtEM%e%&T>_Wve%- z;Zu#H@fNt@CUjsr#I^j$<|?`g3->oWggs@K4)D56JGDPM>J!*C#;!1s9r-3k_gaV> z*tM)@ymAM7X(@+bK^&e;?ppsXwKE03AXy(FvSer!6lGh%lH65?=Im4rtU@I2^W@r0 zKYf~pcp6O+Y#V3XHTy21gk-0kXU8egY+Q+nq2&=J2A9Kcr>ZU@<`-yq)mzZ-b_?Hm z;_MVU4w7jmnF{*YU&icVcm2=|NbY&jA zv7r~;Z6ylwyw@o6o%(T)6JZ-1VFx|3RMzD=VTrq7hujFEngIk-Wm1U$A9xt&{(uph zuS8(n7ijn|gu&l<7~_B8BSrtOd+(oo%a*P-24-JKj(?zG{_igM|IWqyZ}i81aQ$zN zx_@2G$;8OT(Zbo|KluJd)cp_AynppIvbOlo2Tc6`@N{vuu>KDV|M&LvZx;R{E4BGL z^MB0nH#OhCe#wA;cL0)qPpM?$=xXBlg`qLEF#9K(!}BjR$HSi%_PF+>oe}181N_CG zbYRHw9l=OM0^f-QjZrD%l8p74Stg~`>sKc>ENvM9La|qX@5CYL%;6VXm!C zSPuAXq0hW`9d)v^*ikTaPyP92zt!=y;dIq5SeRW$yAFWN?OjA|o{<5< zmSbt7QS7-T@L_) z)h_s@M~!?tneJjgt!^r{?ZQCWyLUv`QpYa*4Mmhs7-VM!^hjK1UYOfgir(Rd50mit z9^~ptsOnkVyL?V+{RJ9Rtob=UEKl2eaNvk8!B$)WMVKUrf}H=3^<>7R69C&@uW5-z z?IMG5Iy-j3m&)osFQL1l_Bdzk=gTh;$ESlZzfYutu(*%JkU{_J)G;|J^+n@n(7ruD z)Sf9eOo0xX&x$iOj4AcriyAPLs}(tS;I1P(eIP6&dpql@Q9gzuBl|e(p*Uw!LNVqZ z>Ik4|PVP-BzMlnmECt9d9)!^pWh zCfZ6CPLy;22dB&g_1c*IQ(QWWXO2Mt+;+zT?E#TIwQnN}+UYqXY`U#sL5@j0aWCp+ zBQCAlQ7mRL*8ViZ5$nm7b5>j(rDJu@EfPs)XUy4SraIasW7z<$_SyJ~RO>mDHh@s; z`uI;RR_w=F)Lm5>SN9VM-2(~i8Dr%nCY{W@k!Ap@?kg=U$B5U-{DG>i-JW3^z^yuY zQbee|^6Sr5Mm;A^q%AafX+~ zJnSv~7Tz*WF&rd`O+v(oJJoFPQ>Hp=CK{O~xWz=kcA`BRi&a2kVsnZ(6prDH@VK!F zeJD*?))8A%TF<00Youi@uPub;X-n(CdW=9(2xqta?0RI&FE@(uLE&aDJZ937(n(`( zf}CtaB-kp{d47=vByqAvkv;k!`>&SP9MRb0uriti;jYRQT%@5{kH*Z2jC)!W?j{LN zc*(f&Kz0swOgQU?6u7e>SifCPL1F~bu&ZF2MD}uwy?$l)jJTVTtki9FAB!HAT8P2D zQA0tL%3vfcY0g`sX-1eFA`G+ZxQ);97dLJIIY0{42w*W^*p1Y)V8f^Z5Xocpo2!}T zF`&t~HSAFxb*C;otnUPwk!smU=}p7Pmrh+-n!%+hQFi8oYv#KjY|S(pvjMn5XmDK&OmB7RIers&4%vcYmflL_0vC-hb{hWg8 z7g}%R<{f!NDx{m3ot)6(CfXFQbu3w!F&~kqrsbG5q%OEjs{85!w@AVP=aqxKBBZmw z4`@jt*ZVCm@nZmt%?@4!Wam`%+NxXmoOj{79jsBUG|AgJ2Z!9g-)?f94 zaU~nCUccLh9?4;ysu%D>dtr<+B(9AixUQMs!JBTu$%nYrQ!jo}#7pxbv(FbzSo{u@ zq-Z-SKoG0>S)nPfJ7UZMVW+iv0ELrCa(WWZnyK@`G`*ndt!nZXi6Wns{j{xunXhf2 z$687+w}>R(sKs3(@y2J%R1YONnXL=0FXC zI}KrJHtG#GiF@3K@z52udry!P)nh7|^V{Mz+@U>n56is2bmuI8(H^@T{ zTCYic@fO2&sb49ZEd#^qLG=IYbaAhs71narvY*ls>A2&uC& z5_&VRUSbS@^7odG_y)Lb1;SEG13_Yz!mh)_nUt zY&GADA`{TeJTdNGq-LJWI|-b-Fe42hU}p+_J@srnc&RA*Er(RgRbS#kxXKZyV%h60tVjMd`i3s|laB zHWpuzT_S=BNnCA0sXI?~pD63y`s-2VvaP=QE_Sn^DaU~n>kB$ooQ-i}58_^8C}!C> zV|WGm!9X>pDe7v2P7g`MCNgX8K)triDEd<4Vw(440EhQ^bZq8h#k(_(^P25w7W&2f zV-=n2@kfb$rZ{xMycWOs6_2+-9aQY-t7Us(9t{ZpZTCO0pfZ!}S7VL%X zMD5khz#gm6#Dp{jm5k@j_#QxwORgy`8%RTNmPcBL2seo&3ZrUt_Rd8j!X zU^7k_CI`=W0QcZDm}V!#U`OVi2!e__S5?i&3!RBQG4Ngt^cFO;Dw~x_ACd<*T(7Mq z#*jWu@rO6EKFCaas58eq!49lAB`8U(>KEyvd^kQASqm<9-;Fi#z|G6J$!?+Qul7xr zl4J=wV)-dHkCWRq%-*lh1V%6(t#>r|p#3b&*FJKS%>twn+<-ojMr?!-Gf~=+fE5P?0YWutwJ}r*JP_KdxxK4atcty`NX$B=l7rBTa+$AE}8cq z3{xrm^oI#YaqZs$Gr{04q}M6LcCq{*;w<}716V?z!kg*jDrepBFG?OQ6n>_|8@Cw6 zR&qKBL0Zd@NvlJ=Yh8@-P!PNH?k88_`7>qwE<4O?cEef+Q}7;XSOp_%@Gr0)zli;y z6QaHLGlJJ?3!zgT+gHky59Amh2f}ypR7?!4@9nZoVuh4823AFiBOtQp$CH7B6@W znP+dRhC*>aa(?oo$h?9s%hfFq+B}$5{T6ELLy|FMo4<6=#)$0TLfXNOiEgVLo8txY zi(!c)CX7e4xK#`GR{zAQ!-EXQ&eZ?|Pxv6*F3K+WW+nK%mw$pN{7xJs7)W8qRh->f zR@~S#^b)wD+f5APMn-#F&(N&zU(_=oF4O3XL()zsapI&kCfEjv@832{tKGWpJAz2Q>c`njYnr;SoTMTi+s1J~P7W~|!rhY37 z*U`ei=tWvwIcdNC4nu5yjz+M$)ez#NM2^lHqUcwxfd^0??Jgndq3f|6Q~8)eS9 zA2A>bymcx?=jj$Iz^5t(ve1(0OUW4LDoL^;ix~&I_Vt`dlfa{-UIVi?jQQv{dtK zw=C}@t|0?=V^?*R8qTHGdBiE>Jh_tG42sP#7aPc?>l-$m2Y{zr!>ru-&tF&gG7{%O8=5gVe;uTk(W@mX)*}w_a)=CdWG(m`z zsA=5^&y&7ciN7}A$FG{0(Q>0mphCuAn%E4lQ`o1E{O%+|3L~~bSDtzEc#yVrpD~_4 zbzCksviwvWs<6*bs{08Cvui5mOzQ_ME1D4fvKN+SuJc+x&i4i?po^==Bjd=z-2@H6 z5#xwrJJdQCPASdmwbPmyVdOFwE3+_GhJ%Y-C>eP{tbL(m6)||0<54a#gyA{b|N09> zB?Qdx#RehGdt~2t1>ud#C1qx2Zk`~@c28m+csZ+_d8xa|IAkmHp;_%NFOn0;mdVhz ztigcmt!A@=^35M+f!tOA_|GlMlTPzvuf8h#VtKE_x9#}Fa&>Su-Qvg!+kx-R_3tWd zDr0BylUdhAW{GOL+2D!HXUim)4Pq%ByM_;?2h}(#HtH%`dOBD8 zQ=4aBNMA8-!GBAOz<+Rgo&xh59dV>S*_&;=twygXe;I0YP5T+BP^Z$Mb_^Va10wM= z=aFCw}lL((Yr??GBuqj{ocs-RmPlV88)H{PL9m;_|%= zRL!|>)VR1fcJcQu>KE8m7OxcR8>vmX&Ijfq>w+?Sg?fX9h>+4n=&LA>)KsjjaG&@s z8-rzRmFmJBxTgZIUTqe`9PQ~#>BlEq+aH&8SS78>yMzkQ!;&L3lwQ)?8Gyit3OYyWp)m)tQdoeZh0m zyGQroAIs~hJhS+Vg1FY=E8tT~3rzHtiCMtu6|Ozv3&M0ak7nSe;PC@|b!t0s)T%$? z91?jkA-M&KO~Fb11o1kyMX=fL0M6b6f@*4r8b)zxXK{~eEJLT2P_=d^!e{Jr+*uK! zGs!WZzSd%MIn7|*hWQrv%%kW8hK~BFMD#z_?!{Q9W21(>NiMx2`ew~o0kKP!!u(Mq zM|Ep?5Z8|2rFXcN)K;`TxZMDavO7ALKhnlkC zp~K2|T(w;kwOxmn{-`z-Iad=eZ@`*d3-Vn-4eZTN?Oii%HGqqWmmy${p%o=5#1V5> zqNV?;8AYwRQafGhy@d7#O>H+8&oJgnQv2)3IFp*QXm6C&c4xJB4J!L7!z=*(CN2HG zYP(9>A!AM=~7p52@&?7mO=#J+#81j+#Cmm}mh#ZB1-_zIp z?xe(+ixQ^aph=tsu1P1raH;;S|3 zVW5gLIwC>c1Qq!g&nmD;$Gt5Kqvj(F+VLro0No~i<5j*%B4ptU0{J3!7pC6REYKocg!X29cdR)aQ}8P z4v8&Wxgqm$>Yi=KtBFg{jvDrq2d*r1R@=V_jFG2*gNH-*)$*6jJaZW)Vhh;8CXlFc zPSPMJU-9}I6qEyYz4k20^n&1&MtqsI!eh?B^lRTYVO$B1tQj5|R&zrWcJG+^ewuoy z!s%tmHd~ak3Z1@NnE6WfM32j&2&+49O(V<<@b%!r&TmmB0g*C@3VVDwb!nmt35kgY zO27-XZrI9gU!@-9g(azzuNg3Ive|}QTD)fRESW0x(VFvh0Xcan(_8eU7j}!pqSJx3;_zO z(g3q*dqs5}^h#5KKx{&eEvwpQ?TuZ|e1$QWS;HX@d4x&)c?zw;o2C+_>5Bxfnu`sF z%*I^@?*Ko3+QzD`9VX)wB^r806niB^#+?J-HlMiCgx2fUs6XbxSPi^9uQ@NNY?HyY zp>c9CQQKH#DamS?CvZ?!Gn24f%&3wc$C0YqZX>huOB>2p-N=&eZMpZ+K&7vEQDXr? z`K-bcY+;2UlJ1R~i<^*B(3%pyZ!bNAHJj=W(ZEu#E2>Vs_TE`JkoBg7-j9wC6k?jO z(Z<4ZYpuc2Wbe0C62!7ygiHf=o4X7v8RlfY%wI`wCu56c@SS%RYDL#&u-Buz*R%<$gS?EkkL5g7VQapmTY=Q!L`Xl6hq;mXLJ`vovMhrpTRRelQ1kJ=l zfgQM-r3nm_Zb4we-9)JbJyYv7BN*I?0+)em;JId&wicZLjeHHECkeNYzg<+7`-Pu9 zsARxikqa`m#PLZYtOSXW#aXz;_}Dz-EbrMnX}Lst?5$K#KMkkSusdZt`lQnm6{A%$#hpr+SY>JU$%v2}yW!qluZAo{ab;L=s$a#|Oh(3gk?neLc`VGy7FybKp2$`!y*~NS4@>*w3 zWNSkt@0>oNQi#y*2*-*WDl^u<4=eJ-l}YM=xo(n0V)o02v=ehGH_L>Mxo(!lC(s0;X)1fR zhf$%2Qp%NB2?od{F%HoC%O2o$M0S>^Z6vNKiX#5SRu;a5p@IWUDsb-o#Fl2bjlqvl zruQfRn6!H6^8Q*!mhFmIQ{sznrYFLXai@koaQqwoni^Nx)}{|Q^?fw6t$S1-+jsKPBxd;?;G$uJYNYtpLQF4;C< zH5{{*EjEzGxY2aXdGie)`6`s>CUbh=tviM=^k$cIABV7yCn`S>HUR@8V8wx)iBm0fcoM_`c`+`)md&OFJ2C_?mofV z(As8RxR^kuW>G;$IbmKS=(I<)W4HhZ zA7(=it4ewi0(5%e$E2f+z4uLnfVW1v9poW0SsV68f%hqRV|=G07?#}aR0y4sC_(HH zAOO$^YU`unF`B1pk6vi+k07qO$GKp1)tH_!*6~#>!vR@yu<~M(UQbtr zP0DQC)<#&tA@Bs<8c+|DoVXm<7$(t8LG~5{c#D%m@Xv;rb?5wjIMP!ujF7|TNM#cz zl2R>&Q&_QjJ=}@e5u%^YGn+`zu1@#v2V? zipUXo8u(_OekIt+14_3la_56sa5m@NCAm}wa^9!vk3R%+ZPf%+_B|F)&S)QuOGCCF zS}xa8L%O1N9@%_t_SXFD>kTi!)wn9)QK{6$`aN`h5ZRHQih%a+gTlwSb1RXyT>lxt zVIbHt&vni|-DFDl~4iQ6&9cToJKH?=Uk zwcQEOxN^M+$P;MsL&OJ@D0$z3%)omxO+Vu#7`vAum`=`Hdm@^wjH~!PJ@rVs&Z6f; zs;yYUyd8K%Rds+X33DPp_ni?Zrmhh|K1bH;=-iGe<}{Ut4C(<1jo>#$8Y}Yx?es^y zg5mJfem7+xb7`q+1#Qw`Y7aJ&s9Nt~W(VT@)L(2zp;j>}9`SHP3Y!Y2uqDn)G5G$K zN+3UyJEy)i*Y#tJ1LU={zBO;H>hWfO^V2zdTl0PO(n-0pSi2Q1wmjuJAmrZR_x^L9 z>sJv#_j%EhA{zhp**8(!aW9SeAadpB#J?JTSj>K$TLa=+m7%pxM_)7lJL5$xzCKMFJa3wM9AatDQT-Q zZSt#a$Os|KGG;>KaAEMQ)z_m{^6T?4|KBu3>u@Z6U_Z9rB_jX3hUmXi>`eb1#s2T2 zgnv=(qK=NXqW`-~Ws^FTuHsP=_sNXpwV}PAp)ap1Iy|E!0zN*sKcpBq{OAOsFCa3> z7!kUp@o*Z1Ow*FNj=DyZ`dqn}fyTzWzW-2*|8n3fk_0J?uo?ZZuZA%XrX%%R?u zc{{`UYV6CoyTjwr8ijj5lXzeDE9V}-?&ztE|F#C2vc&VAG(N|>hg`XsvzV8bX-Re= zkT;A|{OI>>*;#P}OiYEi0M%2OZd|$ilDBvnMvnTiO4B)Ik9zfV@(83rmO*Kfq_G2` z{t#vee^_9WZu&ardB=G8V@oi89w5bZV=EB`Zs`^>cDOb&>=Jud6AW8{vYz&4yZfLx zAxj|srvSZ;*mP%~A-!@3V9a!;UaIM%5P_J5O+49bJw+pjA_r19^rAD-!QLo9J5W1E z{N*-k13Uj%A#x0D(guM@{9fLAE0gY3l~X&d9whN4G+gAMz?dzP0qW7Mp35?`aZDfK zx2$9Dk*D`GbeCwvMpU1}$3R&3sWnA+jguiM`ZW|$e3mjkO4Q@TB{EyXR$h~Z3>O3= z6b-aU|5yZ|#?jzk>aG4mv&d%+$p!WP-xXGdtt;U!A?_iRe01xm80!e(AxA9>r(&?d zd7DRUjV@O>!T0!M>wFrG>ru`jrDPI3bRKra!D6+{)Q=VV%9Xz~`M#czwm zZa>%VV;Q2s`?U};1qO}D&muJP3YXHDyu^;?#o%?*S&*cA`B#Jv(2-x*jI&b<`TN}S zkn5b3Xc2JvV~x|5+O7;^W^G;dGY$kKyH!(`SP)v?^NPGF&>`W7hTkoQzs`l0EUx5s z*AqmA4OA=TPm$MAdKJ~y=25Y$r6L8*36$kMtop+Zx}UXjqy2!Al?&t0&bEx6h=z0m zC%T#-^oTPzRWLEcV3(cOwp7b|*D)nx><#UNjVtWLDLo*O88tQ}n~HZZOD1xDRVWyyf77uKaEAdY4V z{TAx!WuUNkk29m5b~aK(1u2h7&E`ei6siX9;W^D_!dg_`chk-}YWD`=wx?5tU z757zcdt;D1ZAbc)jr16+2Sr31i@gqa-8j+$c#8PW8pSgh8*R7Hp}+zl|DRH?*I>DJ>-!qK$OcF^7WzhmwV8%iIZaY*?(YX(6)Dy;pg zBpDVlQaf$cco+#A7Mh%a=lHB_e6IvW;)Bau3e+uJSL?kVGQ|Q5IOC?s^6Do#hR4TL zpXVXYt!#RhIDQRE)QgLB=>P)MHA&|HN5meWSoDEH=8aR9#1{Xx^mu%XNT0$RBWz{ zS+}VghaucA(A%q+p%_u7u9Q)>zQnHJwA;tkIaOFQzasgL{E6XF5Z2mmBXCGMEgaitvi0PErq&}ASGI7c5%^+Dq3*pZh25plmwkA>p zF91_ydP!*o`OaCDPnk#LHS;?=m6f>zCtCfwbXL$Rre;|}HV>hEWl+#6;}1S(Qp!0` z;hs?BSn?J77OP1!hlhKf&5>)#s;}NL#G{(xf1xkIM1dD)B_bgwQ3zV1PVHk2Ducjo z7}HiWy=J{zJzVNEh8|B?U8T~dCe<-2#|!dxJtmaUAWUZjLRM~<+l?wMofQyery8($ zfHw^ct{sw4S0glLqf`vNe^!hBRppHb&}wjQUJP;o_NVniwIOAV_C4^IeZ;F{Vqr0c zTn9|kh@!_HFlWq3hI!7qO*zoL19J)iK(&p(nq~oWx+mV}+Tl=SRY^%fSH;F5!>c6l zG*a|zfu$z{9EOr&Ym$t(x%k8X$^tTHe z4;Bb8NgtNkh2tq~)!@)BjVyY|k)@pBm3sh(2f*+D6 zR9_&G@@*u*!9aseJCA_$@QxuwQQ)e?p?ibe27F*^t7TX!IHv>HZe&4;o=DRgV>78L zEp@!;Eb><1s*b%z#|=>$S1dRWEz6eGVP2AZBBbvw%a)hPI7bgNnITWzH$zm!ByO>- z7|V*ps!yU3D(fuA&*~D6=dhSINl&QR+&Et(*`C_EFrP-n^_rHQ$v6jj!k;gmF09Lo zMOy?ZW-oTD7PPBZyr(bDq=Cj|S(4Bfqp7GleD&%;l#0XcDenf=ic%1wRf<{YXr)+- zktg+V9a|+H+vJguC_}%Q7d3(eEPj)cl3GIk{6wy*szUy_EzutcZr|H$7tGiH{`w4l zZ!hc4>n0=hl+c&4XvyogD!(bc!8rFQe(!$wEAu90ukp(0!}2rBj9y!nN%A(EpH#buwdD zYrJYMI>E}+k}14BVX}30esSnvs$~v0;>f3(Py(*az76R7`Ci<7jU9DmwI!9}4CJSf zgPT7cdw`{QBWV)jFim=JkJ7W6_CnGeoDi@&b7-J2O(alt5yeRp717w7~`*k|8UOX+i49om8fJrF;kt1)3yR?l;k#i zy71`@$OPGyhA)N?=pka5<2el6+E^m<=^4q*c^pdaWgtkuPbYv5VKm;^_H+1C~-@+8t@xQXFU9YCTjEq zTMv(QUf^{@?VB#UPdu2lTWbys<9f@r>c(N_sb--8FwM{|zrEJ3_+hW+v)+8F~|o;Kz#*NGhEQp6^I7{)zDj zI}wUO@pl%$RNcySo4;L}>YFnql|&05)kmrYN>2COSv)=S3eIdJd5PhQfu~-JEX@RZ zHudfkj1K8s@wZwSNxn`SQz<40q}57`7I{`bV!e1b~+{ zYDsUz7anvU%%Ldr3y`b}yhC z`^j%&FQ^%tgB5dfUbwj5mHTr0B9FZ{yJss?S&E`sk6NBdYXheqk6!qnPe8FIQkNmH zbv&`ChoSBP1%>{8{sf0?lH0mVdgRc`T;jsvo*`wVudK)*f62(ZLymEY8cY(4fm`yZ zgcOS0%)^VvO3x1r6>;;^=o^3;?#PEM5`Tr5wco1czG(__bG9UeoSQ*vf!fiOyg7nU z6=5%m;{9Ezc&n*pb9lRPdQGXp1^gq#Gwi~IoY~v>E5KWSmIv)oAs^gP>?gXmL@eHy{fN(u>s5o>h^Rx}qO3 zI1$2?zkGE*8>8Ta85%+UA|G9(gzn)I0JXG-nVlF%_NuPHQ|8T z{KQYSsv~oc#Ffud{oqPJVZRD!?U_F@yCEARbMJ_$=ucl>dvswelD_-)F0;_ChCKLe zt;3VU*X5Ba9}+#v6%>`O(|iJNR29GXc z(rMn_T^f;ftsy?czJTIuHTT#y2eB$sLi?~v%$m0-q3W#!cB_=TO~wqQhka0bt-}Ct zwt)Iy<{jJNhV6N>gyClO-&K?ClUXM}RcDUQO#jlnGbkr5;R+?>YGGH3W-H7GRh ztFf0LL(&H$UATB;iBf2a&}aH&>GD$wJVLnda2f3P_; zqdl$SXZKU?tMyORlxAo3{#6kXRawa{j`|4PXS(%Uz3B-)YtA`w`a$3Gv zx3Jk0L$j#DZ)$2s!TO{x!gX!IiwE6T5YmrS3Vwj!mnW5st`u6sD&}>nK4IX^19+!8 z`nG-e_oG2o0e{7T5|Js5rzIGVNUP2u z7GvZG7&ak~n11;;aWQ3=l$Mq7?z^s#R#iOYns{ZY6a!Cm6*T5;X5=3uSwZvPWXLc2 ze=WE7>$aIBuK&6^3L-ma6$L!&5@d01#>tQ7OS!6uoJ1bPKO$71Z9d7qKul6w8YH zlC$Pbz$xd;_X1%P+O7etQGriB{KU9*pL)v0)a3>Cg!!Wxu1SyGo-W1HSE*tKaz9`W zy!ZrOhIzLI*>cSfaK#sUDUgZr<)nO`_8$;F%{+tJO8)>({_%#j+y_V~fA_9{->ojWW7E?k^F%HqlFX=i^nt ziJnJPj#O!%Lw)AF@3lvb?0y7Bi_;Izs6E>C^J*fWGl=$h=rMOqbKBnCGte1YS7LvB z$ng1H+d@90Q7Fy};NogVPW7jiFYL`yO97G!wd`!)> zeA#e!qUA|m`qK`POJ@t2Tpdb0#Is-PRXe%*?ugoVC`!Fz^htgED*`{h+@sO^k>jq_ zuwDNCF|RP?@P0{}T^yF1L2b_V;&Dsr*sE#zfMSwg=e@aKoYADe!NHu1PRR*LyjPEe zM?k0vX&R0A6^LeMDXFJ(3bC}@&K$LSOZ*5Dj_ran3dIS<0EdHgZO$<=Mua@u2M&}Y zQ_y6I#a`tw#OH4L?gREjsYTe$dG93`Ngdco7nFz2NErvz4C!d>P}YExjlvh19C$g> z^U<_b4s1Au!hS*$$EPakC$x-`o7op{?qiTMZ=XFxsnE;QHh>MpYWxUus{+1pO5RkZ zIqpTZ@__xeVkzH1dSCK zg47te`)~IVf^+fR7!tmazx^l~)!G4B-NvDEa$Ux1h~L`fe2Pws1xUI-L!FshTn`y^ zb4>cVDaZi&O!l>4=cEHjVKk*S@P?6fl>pk&ELn12D7iI&8V5j3LoB*BT!Wgo?bSz4 zZp8r{F{<_)gjl&}>cBFF-*WY0+I#EnK;$izP4q|k11=sNknyf)z*JF-`}hqXPb)3h zhE2^%^j3+=kiGAcdVyOV zWh3;6&s{P3anxrp03KVm65ZLa&aKrJATx%{_)%2_Qfcu{v_(_zE;-WGOw8{9T;jW9{@YC=^b$UZi`{UwAEnrv zVM^XIOK)AkZXLqTu?v}EwWrwo~(ZexR~);iCz>FMdt3t0PO+Q z*o5qNB9G<-N3}nZTScK6kR8-oo6Ta1?q3bfrxN^!#Udu9CQ39Pq}CUN_YgH2`p3uJ z*VMXft-q=nTy-+q3Jhz9OIk(TQNku%F3eN2@c}}EqqeDB-W~npup?%k#6ytBPbO-< z~$dxh( z%CZl)TX!{2L#^6SzeIy^_@AG^%Rn{QGLJ_cC~8@o#-eg4Ou(eQxV8N88ZG|QWUQA} zvx)l3AKtC1LU@{j%9V9xcr<(7m5+BLhC%*aMGPyzXSggBkufMiafqPN-$kIn^1{ z8t3rh49b%Ld-y}FGv~l%A>uDi)m@e-6b1ZzL{qkkLdtS0p9;ae)82&0hZ!@AEsMRy zZ?4=XifxCG zYh%|9DsXaK0O%Hcw9QPVGfI0t)k2{Z@sf}hHVf^O#dxTST8|oX*Kiy*{upkF7_Lh! zTTRbIoSQT_A`@~nt@- zVD7LqU4Q-{o?sU#%IH4IvD1so;|hZKX<$C ze|QxKMlB`-zwZL4Ax(hS`{R?9F-R9>rG65A)yXPaBB_{O!&qTO95Sja+ zpCe~1p8tvGWch#3a}v`1+f8xOf7mBzX`qt1+~lLELDKui5D^CI_9D^s#lEsyl3Xob zQLae@d_yAk4x)L!h@j6%LgBy88Z(#}cRNh8?4(V6y?=iG>Lpi(8a)W2qlvJUrPc>+ z5K8a1r#6+kK7s*b)zcNq`{Z?4E ze@{OkP8EsKi43}DLgZSpfC5uSrf}-cYj)EPo6xltBzd1cPp)S2dI*!bmD2qN6ufDy zTH-HkEG>gfyr5fRsq6?WIW*!o@D+A*VU8j;B`wmkl0XDul<4O5RVp=t z1W%OWeUMM6q6kPm-h~R30BDYsZI8lOtMoZD>pU5QZ%ke_= zWo*iJ*C--Xm%Vn<+*5tD%^`YaO-cQ5>w(^nA=!2{tO3oOCA!EBQRMrqE{Yu@bF!K| zPhPu5xu;r=?c9mlqqQ#1uL_Amv4oqFF2u7JePb?z8%=ozSM8j($IyqzbTafb`7ta2 zUal-qu6N2Ny-k7}@F?cEx=~T1J?P4M*I>yb%z7P&@mxV>8NXh*$oMS$NPfCth~8*u zq5_-wcWAvN_XIjkHll6?!|6B!5*0@w2|K1WXORdIwJoI008MQnFIP5JB=5juq0xu*ffCCQe0&2=#x|S||)-LXJoe zr&(HOCWx$Uy|hmbO7}MVlHwsD$uD6m;mP$W-Ens}@jYPfPK4ud*tv1I*-ZPq$l>_{ zjukF~BY4%M))_UT4wRb=xh1={c%=^nz!5#p)9jAFBoO1e9{AP0T#Lq!CgcAqd@UiL z6}M;)zJp((CzM_VT1Olt!{k|_rzH@b*V8v;>eSZ^8;L*ARe6P!V6@Q)2a`?7Lf%PA z$VVS+x{zzY$ez8bFcv7vW0gbpuZ*yBXR;7P0nKt=%C3^Eiah~$~i4ADO z2z--;a=@#%*B~37ZH2CK-%};FeWH`2ZD?1g7RrB5eYtkfysMrj6Q0pi!D&jd06q69_p# z{t>`%c5za3TF1n?DOz{83rDQ+MHiIIcC}DdXAVme6+tEX68;RvMO4PL%YP>gv zj^TIxX;MY#$sKpuIhVtum}!t%p-yK@71BqO98_IgB^e&t4njfKm0B)cDfeVdt3}LE z+Igga+EtJd!MgAH3aljNIzVTtNY}*z0j>nj+mVlaE7o(_a!-ZEv*qy&M;rK9CsY6y zA4YL5H2}UypN_(3GKZLGu`z(W99>}MB_w`~T#r!))M(s)%+p@A*Fz4%3~FB=>D>1P zz6@UX6-aJ-6rbhPfehg;_p%$6=z{6|&~i(~2E}G*g9It4p$2LywFh++R##5hgl;f_ zo!2XGfY-_VH%d+|@EyayRAzVnbUOIEfYvb4>Vj%`m(_D%^(gMIBF-z zMECmRhXDp2uB3@M@nb?F@SoBM{;PP0u^xaKx(FCBeyO|&u>crNOL{Jnpu`OuTWW#s zOUoTiOX@U(6-mV|eUNm+|AQc!D1q_s3HnJ0IIGpF7`P zJ1m^v(DBSjxAh{v&@`5qi&9F?uDT$y_zVp($MZW8wgg_s0N^_Yxqp z?+?!Ou?85tJ;nP8Y~JsvKxkg?t^ktvVl^KN{cnJ6QMxO3J-j`4VsJ%Iyi0dQ02vQ_{c$Iz zyz_TUy#G$dKIw2MTcm9L?m)y223tq{^y zFGA)>kX?%K~$}PIR#m-Ay#DqL7E4LoA6x zWFDJJYqbA9TU0=KLU}s%DmE`lSXAS%cCY&EX3;MPV#L=UTof!!kZNJiWnyx;leDTS zN~5DXPMuq?5pscgT|O_iW`bHwbQw!Duw zNGEp&cU3>2OQ-8nU}?I3?3Jc!liD&fMTm1%WO6PQ)9UUBz^TwFk+C4&CMXhG5ZhWu zwUb(iZzCN_Xw(*C^?*{8-jepqWiJ*{xRqe7;uIgmKzzr>& zHy&K96zwr0l5egS<>R96@pE4+u+KDNX!(~U4phN8@|OsT{|MG*<}_fE5F z?WI3yY~URm8wGKqz*HY8Y#kj~C~4f?@z>OEpD5Lq5M35Ce0SJHU^NimUdX|bh`PR( zM||#EkK2XVRtM?Xud1W@I6yjIsH`hMI?Y7dP=sw&xUVP8yW3?QG|=#z6STNLqF_)7 z@FQ_Pa(zy<=|?eGp)>Ibd*oe!P9*y zVW=SO6Mu84XXR+1oBC6&@h${{9SmL%@a3fEJ@$7eZ+YuG>*>T(eMhkXut5cg;m#WLSU zp-uJIl7cv_Rk`&lo2H$|d^itCTyKVdE0#yV&utOJpHQ9y8ptn56riv1Gz)6-i^ga&PPIxe}!`~9j-zcd(V$%@&L|CY*_UEo+q9P^z^A)y? z+06RKkQAK?P$pQ38J{Gf-}^>>?JJ71w53($Tn)|L&PrC;J{GGwQpTWnkisA+P9p